diff options
125 files changed, 14933 insertions, 0 deletions
diff --git a/debian/NEWS b/debian/NEWS new file mode 100644 index 00000000..c6c4f7f0 --- /dev/null +++ b/debian/NEWS @@ -0,0 +1,85 @@ +pam (1.1.2-1) unstable; urgency=low + + * Name of option for minimum Unix password length has changed + + The Debian-specific 'min=n' option to pam_unix for specifying minimum + lengths for new passwords has been replaced by a new upstream option + called 'minlen=n'. If you are using 'min=n' in + /etc/pam.d/common-password, this will be migrated to the new option name + for you on upgrade. If you have configured pam_unix password changing + elsewhere on your system, such as in a PAM profile under + /usr/share/pam-configs or in other files in /etc/pam.d, you will need to + update them by hand for this change. + + -- Steve Langasek <vorlon@debian.org> Tue, 31 Aug 2010 23:09:30 -0700 + +pam (1.1.0-3) unstable; urgency=low + + * pam_rhosts_auth module obsolete, symlink removed + + The pam_rhosts_auth module was dropped upstream prior to the lenny + release and a compatibility symlink provided in the libpam-modules + package, pointing at the new (and not 100% compatible) pam_rhosts + module. This symlink has now been dropped. If you still have + references to pam_rhosts_auth in your /etc/pam.d/* config files, you + will need to fix these, since they no longer work. + + For information on using pam_rhosts, see the pam_rhosts(8) manpage. + + -- Steve Langasek <vorlon@debian.org> Wed, 02 Sep 2009 16:17:16 -0700 + +pam (1.1.0-1) unstable; urgency=low + + * pam_cracklib no longer checks for reuse of old passwords + + The pam_cracklib module no longer checks /etc/security/opasswd to see + if the proposed password is one that was previously used. This + functionality has been split out into a new module, pam_pwhistory. + + The pam_unix module still does its own check of /etc/security/opasswd, + so if you are using this module you should not need to change anything. + + * Change in handling of /etc/shadow fields + + The Debian PAM package included a patch to treat a value of 0 in certain + fields in /etc/shadow as the same as an empty field. This patch has + been dropped, since it caused the behavior of pam_unix to differ from + both that of PAM upstream and that of the shadow package. + + The main consequences of this change are that: + + - a "0" in the sp_expire field will be treated as a date of Jan 1, 1970 + instead of a "never expires" value, so users with this set will be + unable to log in + + - a "0" in the sp_inact field will indicate that the user should not be + allowed to change an expired password at all, instead of being allowed + to change an expired at any time after the expiry. + + See Debian bug #308229 for more information about this change. + + -- Steve Langasek <vorlon@debian.org> Tue, 25 Aug 2009 00:13:57 -0700 + +pam (0.99.7.1-5) unstable; urgency=low + + * Default Unix minimum password length has changed + + Previous versions of pam_unix on Debian had a built-in minimum password + length of 1 character, and a minimum password length configured in + /etc/pam.d/common-password of 4 characters. This differed from the + upstream default of 6 characters. This has been changed, so the + default /etc/pam.d/common-password no longer overrides the compile-time + default and the compile-time default has been raised to 6 characters. + If you are using pam_unix but are not using the default + /etc/pam.d/common-password file, it is recommended that you drop any + min= options to pam_unix from your config unless you have stronger + local password requirements that the upstream default. + + The password length 'max' option has also been deprecated in this + version because it was never written to work as suggested in the + documentation. If you are using pam_unix but are not using the default + /etc/pam.d/common-password file, you should remove any old max= options + to pam_unix from your config as this option will be considered an error + in future versions of pam. + + -- Steve Langasek <vorlon@debian.org> Sat, 01 Sep 2007 21:27:11 -0700 diff --git a/debian/README.debian b/debian/README.debian new file mode 100644 index 00000000..b5360492 --- /dev/null +++ b/debian/README.debian @@ -0,0 +1,13 @@ +PAM for Debian +-------------- + +PAM (Pluggable Authentication Modules) provides system administrators with a +powerful method of controlling system access and methods of authentication. + +The documentation for PAM is packaged in the "libpam-doc" package. The +"Linux-PAM System Administrator's Guide" covers configuring PAM, what +modules are available etc. The documentation also includes "The Linux-PAM +Application Developers' Guide" and "The Linux-PAM Module Writers' Guide". + +The Debian default configuration is to emulate the old UNIX authentication. + diff --git a/debian/README.source b/debian/README.source new file mode 100644 index 00000000..de10a628 --- /dev/null +++ b/debian/README.source @@ -0,0 +1,8 @@ +This package uses quilt to manage all modifications to the upstream +source. Changes are stored in the source package as diffs in +debian/patches-applied and applied during the build. Please see: + + /usr/share/doc/quilt/README.source + +for more information on how to apply the patches, modify patches, or +remove a patch. diff --git a/debian/TODO b/debian/TODO new file mode 100644 index 00000000..056d95a9 --- /dev/null +++ b/debian/TODO @@ -0,0 +1,7 @@ +- make pam_unix.so modules have some means of allowing other than root + to auth users via unix_chkpwd (maybe unix_chkpwd needs a secure conf + file?) +- Put in some of the Hurd related fixes +- Build-Depend-Indep on fop and install PDF docs, and add them to + doc-base. This depends on fop being patched to build using Java in + main so it can move out of contrib. diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 00000000..f48ceb3d --- /dev/null +++ b/debian/changelog @@ -0,0 +1,2691 @@ +pam (1.1.8-3.8) unstable; urgency=medium + + * Non-maintainer upload. + * Set Rules-Requires-Root to binary-targets as pam relies on + chgrp in debian/rules. + * Update pam-auth-update to detect write errors and properly + fail when that happens. (Closes: #880501) + * Remove Roger Leigh from uploaders as he has restired from + Debian. (Closes: #869348) + * Reduce priority of libpam0g to optional. + * Rebuild with a recent version of dpkg-source, which ensures + that the Build-Depends are correct in the .dsc file. + (Closes: #890602) + * Apply patch from Felix Lechner to make pam-auth-update ignore + editor backup files. (Closes: #519361) + * Apply update to Brazilian Portuguese translations of the + debconf templates. Thanks to Adriano Rafael Gomes. + (Closes: #799417) + + -- Niels Thykier <niels@thykier.net> Sat, 11 Aug 2018 15:31:24 +0000 + +pam (1.1.8-3.7) unstable; urgency=medium + + * Non-maintainer upload. + * libpam-modules: Added a config for pam_mkhomedir, disabled by default. + (Closes: #568577) + * pam-auth-update: Add support for --enable option which is useful for + enabling non-default configs without prompting the admin. (LP: #1192719) + + -- Timo Aaltonen <tjaalton@debian.org> Fri, 02 Feb 2018 16:57:43 +0200 + +pam (1.1.8-3.6) unstable; urgency=medium + + * Non-maintainer upload. + * cve-2015-3238.patch: Add the changes in the generated pam_exec.8 + and pam_unix.8 in addition to (and after) the changes to the + source .xml files. This avoids unwanted rebuilds that can cause + problems due to differing files on different architectures of + the Multi-Arch: same libpam-modules. (Closes: #851545) + + -- Adrian Bunk <bunk@debian.org> Sat, 27 May 2017 18:44:02 +0300 + +pam (1.1.8-3.5) unstable; urgency=medium + + * Non-maintainer upload. + * Build-Depend on libfl-dev:native as well, for cross builds. + Re-closes: #846459 + * Fix "Unescaped left brace in regex" with Perl 5.22. Closes: #810873 + + -- Adam Borowski <kilobyte@angband.pl> Fri, 30 Dec 2016 14:37:29 +0100 + +pam (1.1.8-3.4) unstable; urgency=medium + + * Non-maintainer upload. + * Add libfl-dev to Build-Depends, fixing FTBFS. Closes: #846459 + * Move xsl stuff to Build-Depends from -Indep to fix misbuilt manpages. + Closes: #812566 + + -- Adam Borowski <kilobyte@angband.pl> Sun, 18 Dec 2016 01:03:58 +0100 + +pam (1.1.8-3.3) unstable; urgency=low + + * Non-maintainer upload. + [ Steve Langasek ] + * Updated Swedish translation to correct a typo, thanks to Anders Jonsson + and Martin Bagge. Closes: #743875 + * Updated Turkish translation, thanks to Mert Dirik <mertdirik@gmail.com>. + (closes: #756756) + * d/applied-patches/pam-limits-nofile-fd-setsize-cap: cap the default + soft nofile limit read from pid 1 to FD_SETSIZE. Thanks to Robie Basak + <robie.basak@ubuntu.com> for the patch. Closes: #783105. + * Acknowledge security NMU. + * pam-auth-update: don't mishandle trailing whitespace in profiles. + LP: #1487103. + + [ Laurent Bigonville ] + * debian/control: Fix Vcs-* and Homepage fields (Closes: #752343) + * debian/watch: Update watch file and point it to http://www.linux-pam.org + * debian/patches-applied/pam_namespace_fix_bashism.patch: Fix bashism in + namespace.init script (Closes: #624842) + * debian/control: Build-depends against debhelper (>= 9) to match the + defined debhelper compatibility + * Rename the cve-2011-4708.patch to cve-2010-4708.patch to match reality, + thanks to Jakub Wilk <jwilk@debian.org> for noticing (Closes: #761594) + * debian/control: Bump Standards-Version to 3.9.8 (no further changes) + * debian/libpam-doc.doc-base.applications-guide: Fix spelling + * debian/libpam0g-dev.examples: Do not use shell brace expansion + * debian/patches-applied/pam-loginuid-in-containers: Updated with the version + from Ubuntu, this should fix logins in containers (Closes: #726661) + * debian/patches-applied/update-motd: Updated with the version from Ubuntu: + use /run/motd.dynamic instead of /var/run/motd, nothing in the archive + uses the later (Closes: #743286) + * debian/patches-applied/make_documentation_reproducible.patch: Make the + build reproducible, removes differences when building with different + locale values (Closes: #792127) + + -- Laurent Bigonville <bigon@debian.org> Wed, 18 May 2016 02:04:29 +0200 + +pam (1.1.8-3.2) unstable; urgency=medium + + * Non-maintainer upload. + * Fix CVE-2015-3238: DoS/user enumeration due to blocking pipe in pam_unix + module (Closes: #789986) + + -- Tianon Gravi <tianon@debian.org> Wed, 06 Jan 2016 15:53:31 -0800 + +pam (1.1.8-3.1) unstable; urgency=high + + * Non-maintainer upload by the Security Team. + * Fix CVE-2013-7041: case-insensitive comparison used for verifying + passwords in the pam_userdb module (closes: #731368). + * Fix CVE-2014-2583: multiple directory traversal issues in the + pam_timestamp module (closes: 757555) + + -- Michael Gilbert <mgilbert@debian.org> Sat, 09 Aug 2014 09:50:42 +0000 + +pam (1.1.8-3) unstable; urgency=low + + * debian/rules: On hurd, link libpam explicitly with -lpthread since glibc + will not dynamically switch between the libc stubs and the libpthread + implementations on this architecture. Thanks to Samuel Thibault for the + patch. Closes: #743891. + + -- Steve Langasek <vorlon@debian.org> Mon, 07 Apr 2014 17:49:38 -0700 + +pam (1.1.8-2) unstable; urgency=medium + + * Mark the libaudit-dev build-dependency linux-any, since it's not + available on non-Linux archs. Closes: #737035. + + -- Steve Langasek <vorlon@debian.org> Thu, 13 Feb 2014 15:02:00 -0800 + +pam (1.1.8-1) unstable; urgency=medium + + * New upstream release. + - includes upstream changes to pam_exec. Closes: #670147. + - adds support for newer hashing algorithms to pam_userdb. + Closes: #671740. + - fixes handling of 'quiet' argument to pam_listfile, to match the + documentation. Closes: #592219. + - fixes handling of @users@@hosts netgroup syntax in access.conf. + Closes: #681223. + - fixes installation of the /etc/security/namespace.d directory. + Closes: #710998. + - 027_pam_limits_better_init_allow_explicit_root: support for reading + /proc/1/limits is upstream, this patch now only handles the policy + of resetting limits by default and not applying glob limits to root. + - debian/patches/fix-manpage-crud: drop, manpages now being generated + upstream with a newer, fixed xsltproc. + - debian/patches/pam_env-fix-overflow.patch, pam_env-fix-dos.patch, + glibc-2_16-compilation-fix.patch, sys-types-include.patch: drop, + included upstream. + * Add build-dependency on pkg-config. + * Ensure autogenerated files are after source files in all relevant patches, + so that regenerating documentation doesn't cause build skew. + * Drop the --disable-regenerate-docu argument, restoring the HTML manuals + to the libpam-doc package. Closes: #700485. + * No need to override dh_compress in debian/rules, it already handles .html + files correctly. + * debian/libpam-cracklib.prerm: use $DPKG_MAINTSCRIPT_PACKAGE_COUNT to avoid + prematurely removing the PAM config when the package is installed for + multiple architectures. Closes: #647428. + + -- Steve Langasek <vorlon@debian.org> Thu, 16 Jan 2014 00:38:42 +0000 + +pam (1.1.3-11) unstable; urgency=low + + [ Wookey ] + * Disable libaudit for stage1 bootstrap. + + [ Steve Langasek ] + * debian/patches-applied/pam-loginuid-in-containers: pam_loginuid: + Ignore failure in user namespaces. + * Use [linux-any] in build-deps, instead of hard-coding a list of + non-Linux archs. Closes: #634516. + + -- Steve Langasek <vorlon@debian.org> Tue, 14 Jan 2014 03:33:31 +0000 + +pam (1.1.3-10) unstable; urgency=low + + * Fix pam-auth-update handling of trailing blank lines in the fields of + profiles. LP: #1160288. + * Reintroduce libaudit support now that libaudit has been multiarched. + Closes: #699159. + + -- Steve Langasek <vorlon@debian.org> Sun, 20 Oct 2013 15:30:46 -0700 + +pam (1.1.3-9) unstable; urgency=low + + * Revert libaudit support for now, because libaudit isn't multiarched yet + in unstable so this regresses cross-installability. Reopens bug + #699159. + * Add an or'ed dependency on cdebconf, which also implements the + xloadtemplatefile extension that prevents us from depending on just + 'debconf-2.0'. Thanks to Régis Boudin <regis@boudin.name> for the info. + Closes: #677278. + + -- Steve Langasek <vorlon@debian.org> Tue, 12 Feb 2013 23:06:30 +0000 + +pam (1.1.3-8) unstable; urgency=low + + * Confirm NMU for bug #611136; thanks to Michael Gilbert. + - As a side effect, there will no longer be errors from reading the + .pam_environment twice since we are now reading it 0 times. + LP: #955032. + * Adjust the pam_env documentation to match the module behavior resulting + from the previous security upload. Closes: #693995. + * debian/rules: never regenerate manpages at build time; this may cause + build skew that breaks the world in a multiarch context. LP: #1095887. + * debian/patches-applied/glibc-2_16-compilation-fix.patch: fix missing + include causing build failure with eglibc 2.16. Thanks to Daniel + Schepler <dschepler@gmail.com>. Closes: #693450. + * Ditch autoconf patch in favor of a build-dependency on dh-autoreconf, + which will let us keep up-to-date with newer autotools. In the present + instance, this gets us aarch64 support. + * Install pam_timestamp_check - and while we're at it, move the manpage + to the correct binary package. Closes: #648695. + * Update lintian overrides to suppress some noise about hardening and + manpages. + * Enable audit support, by popular demand. This should have no major + impact unless you're also running auditd; but I reserve the right to + disable this again in the event that this causes a performance hit or + breaks upgrades (since the dependency is pulled into libpam, not just + into pam_tty_audit). Closes: #699159, LP: #937005. + + -- Steve Langasek <vorlon@debian.org> Tue, 12 Feb 2013 05:36:29 +0000 + +pam (1.1.3-7.1) unstable; urgency=low + + * Non-maintainer upload. + * Fix cve-2010-4708: user-configurable .pam_environment allows + administrator-level changes without root access (closes: #611136). + + -- Michael Gilbert <mgilbert@debian.org> Sun, 29 Apr 2012 02:23:26 -0400 + +pam (1.1.3-7) unstable; urgency=low + + * Updated debconf translations: + - Danish, thanks to Joe Dalton <joedalton2@yahoo.dk> (closes: #648382) + - French, thanks to Jean-Baka Domelevo Entfellner <domelevo@gmail.com> + (closes: #649850) + - Dutch, thanks to Jeroen Schot <schot@A-Eskwadraat.nl> + (closes: #650755) + - Russian, thanks to Yuri Kozlov <yuray@komyakino.ru> (closes: #650867) + - Portuguese, thanks to Pedro Ribeiro <p.m42.ribeiro@gmail.com> + (closes: #652493) + - German, thanks to Sven Joachim <svenjoac@gmx.de> (closes: #653407) + - Spanish, thanks to Javier Fernandez-Sanguino Peña <jfs@debian.org> + (closes: #654043) + - Bulgarian, thanks to Damyan Ivanov <dmn@debian.org> (closes: #656518) + - Slovak, thanks to Ivan Masár <helix84@centrum.sk> (closes: #656521) + - Japanese, thanks to Kenshi Muto <kmuto@debian.org> (closes: #656834) + - Polish, thanks to Michał Kułach <michalkulach@gmail.com> + (closes: #657476) + - Catalan, thanks to Innocent De Marchi <tangram.peces@gmail.com> + (closes: #657489) + - Czech, thanks to Miroslav Kure <kurem@upcase.inf.upol.cz> + (closes: #657578) + - Swedish, thanks to Martin Bagge <brother@bsnet.se> (closes: #651349) + + -- Steve Langasek <vorlon@debian.org> Sat, 28 Jan 2012 10:57:49 -0800 + +pam (1.1.3-6) unstable; urgency=low + + * debian/patches-applied/hurd_no_setfsuid: we don't want to check all + setre*id() calls; we know that there are situations where some of these + may fail but we don't care. As long as the last setre*id() call in each + set succeeds, that's the state we mean to be in. + * debian/libpam0g.postinst: according to Kubuntu developers, kdm no longer + keeps libpam loaded persistently at runtime, so it's not necessary to + force a kdm restart on ABI bump. Which is good, since restarting kdm + now seems to also log users out of running sessions, which we rather + want to avoid. Closes: #632673, LP: #744944. + * debian/patches-applied/update-motd: set a sane umask before calling + run-parts, and restore the old mask afterwards, so /run/motd gets + consistent permissions. LP: #871943. + * debian/patches-applied/update-motd: new module option for pam_motd, + 'noupdate', which suppresses the call to run-parts /etc/update-motd.d. + LP: #805423. + * debian/libpam0g.templates, debian/libpam0g.postinst: add a new question, + libraries/restart-without-asking, that allows admins to accept the + service restarts once for all so that they don't have to repeatedly + say "ok". LP: #745004. + * debian/libpam-runtime.templates, debian/local/pam-auth-update: add a + new 'title' template, so pam-auth-update doesn't give a blank title + when called outside of a maintainer script. LP: #882794. + + -- Steve Langasek <vorlon@debian.org> Sun, 06 Nov 2011 19:43:14 -0800 + +pam (1.1.3-5) unstable; urgency=low + + [ Kees Cook ] + * debian/patches-applied/pam_unix_dont_trust_chkpwd_caller.patch: use + setresgid() to wipe out saved-gid just in case. + * debian/patches-applied/008_modules_pam_limits_chroot: + - fix off-by-one when parsing configuration file. + - when using chroot, chdir() to root to lose links to old tree. + * debian/patches-applied/022_pam_unix_group_time_miscfixes, + debian/patches-applied/026_pam_unix_passwd_unknown_user, + debian/patches-applied/054_pam_security_abstract_securetty_handling: + improve descriptions. + * debian/patches-applied/{007_modules_pam_unix,055_pam_unix_nullok_secure}: + drop unneeded no-op change to reduce delta from upstream. + * debian/patches-applied/hurd_no_setfsuid: check all set*id() calls. + * debian/patches-applied/update-motd: correctly clear environment when + building motd. + * debian/patches-applied/pam_env-fix-overflow.patch: fix stack overflow + in environment file parsing (CVE-2011-3148). + * debian/patches-applied/pam_env-fix-dos.patch: fix DoS in environment + file parsing (CVE-2011-3149). + + -- Steve Langasek <vorlon@debian.org> Thu, 27 Oct 2011 21:33:57 -0700 + +pam (1.1.3-4) unstable; urgency=low + + * Make sure shared library links are also installed to the multiarch + directory, not just the .a files; otherwise the static libs get found + first by the linker. Thanks to Russ Allbery for catching this. + Closes: #642952. + + -- Steve Langasek <vorlon@debian.org> Sun, 25 Sep 2011 22:33:55 +0000 + +pam (1.1.3-3) unstable; urgency=low + + * Look for /etc/init.d/postgresql, not /etc/init.d/postgresql-8.{2,3}, + for service restarts; the latter are obsolete since squeeze. + Closes: #631511. + * Move debian/libpam0g-dev.install to debian/libpam0g-dev.install.in + and substitute the multiarch path at build time, so our .a files go to + the multiarch dir instead of to /usr/lib. Thanks to Riku Voipio for + pointing out the bug. + * debian/control: adjust the package descriptions, as the current ones + use some awkward language that's gone unnoticed for a long time. Thanks + to Martin Eberhard Schauer <Martin.E.Schauer@gmx.de> for pointing this + out. Closes: #633863. + * Build-depend on debhelper 8.9.4 and bump debian/compat to 9 for + dpkg-buildflags integration, and drop manual setting of -g -O options in + CFLAGS now that we can let dh do it for us + * Don't set --sbindir when calling configure; upstream takes care of this + for us + + -- Steve Langasek <vorlon@debian.org> Sat, 24 Sep 2011 20:08:56 +0000 + +pam (1.1.3-2) unstable; urgency=low + + [ Kees Cook ] + * debian/patches-applied/027_pam_limits_better_init_allow_explicit_root: + - only report about unknown kernel rlimits when "debug" is set + (Closes: 625226, LP: #794531). + + [ Steve Langasek ] + * Build for multiarch. Closes: #463420. + * debian/patches-applied/027_pam_limits_better_init_allow_explicit_root: + don't reset the process niceness for root; since it's root, they can + still renice to a lower nice level if they need to and changing the + nice level by default is unexpected behavior. Closes: #594377. + + -- Steve Langasek <vorlon@debian.org> Tue, 21 Jun 2011 11:41:12 -0700 + +pam (1.1.3-1) unstable; urgency=low + + * New upstream release. + - Fixes CVE-2010-3853, executing namespace.init with an insecure + environment set by the caller. Closes: #608273. + - Fixes CVE-2010-3316 CVE-2010-3430 CVE-2010-3431 CVE-2010-3435. + Closes: #599832. + * Port hurd_no_setfsuid patch to new pam_modutil_{drop,restore}_priv + interface; now possibly upstreamable + * debian/patches-applied/027_pam_limits_better_init_allow_explicit_root: + set a better default RLIMIT_MEMLOCK value for BSD kernels. Thanks to + Petr Salinger for the fix. Closes: #602902. + * bump the minimum version check in maintainer scripts for the restart + handling. + + -- Steve Langasek <vorlon@debian.org> Sat, 04 Jun 2011 03:10:50 -0700 + +pam (1.1.2-3) unstable; urgency=low + + [ Kees Cook ] + * 027_pam_limits_better_init_allow_explicit_root: load rlimit defaults + from the kernel (via /proc/1/limits), instead of continuing to hardcode + the settings internally. Fall back to internal defaults when the kernel + rlimits are not found. Closes: #620302. (LP: #746655, #391761) + + * Updated debconf translations: + - Vietnamese, thanks to Clytie Siddall <clytie@riverland.net.au> + (closes: #601197) + - Dutch, thanks to Eric Spreen <erispre@gmail.com> (closes: #605592) + - Danish, thanks to Joe Dalton <joedalton2@yahoo.dk> (closes: #606739) + - Catalan, thanks to Innocent De Marchi <tangram.peces@gmail.com> + (closes: #622786) + + -- Steve Langasek <vorlon@debian.org> Sun, 01 May 2011 01:49:11 -0700 + +pam (1.1.2-2) unstable; urgency=low + + * debian/patches-applied/hurd_no_setfsuid: handle some new calls to + setfsuid in pam_xauth that I overlooked, so that the build works again + on non-Linux. Closes: #613630. + + -- Steve Langasek <vorlon@debian.org> Wed, 16 Feb 2011 09:27:11 -0800 + +pam (1.1.2-1) unstable; urgency=low + + * New upstream release. + - Add support for NSS groups to pam_group. Closes: #589019, + LP: #297408. + - Support cross-building the package. Thanks to Neil Williams + <codehelp@debian.org> for the patch. Closes: #284854. + * debian/rules: pass getconf LFS_CFLAGS so that we get a 64-bit rlimit + interface. Closes: #579402. + * Drop patches conditional_module,_conditional_man and + mkhomedir_linking.patch, which are included upstream. + * debian/patches/hurd_no_setfsuid: pam_env and pam_mail now also use + setfsuid, so patch them to be likewise Hurd-safe. + * Update debian/source.lintian-overrides to clean up some spurious + warnings. + * debian/libpam-modules.postinst: if any 'min=n' options are found in + /etc/pam.d/common-password, convert them on upgrade to 'minlen=n' for + compatibility with upstream. + * debian/NEWS: document the disappearance of 'min=n', in case users have + encoded this option elsewhere outside of /etc/pam.d/common-password. + * debian/patches/007_modules_pam_unix: drop compatibility handling of + 'max=' no-op; use of this option will now log an error, as warned three + years ago. + * Bump Standards-Version to 3.9.1. + * Add lintian overrides for a few more spurious warnings. + * debian/patches-applied/no_PATH_MAX_on_hurd: define PATH_MAX for + compatibility when it's not already set. Closes: #552043. + * debian/local/pam-auth-update: Don't try to pass embedded newlines to + debconf; backslash-escape them instead and use CAPB escape. + * debian/local/pam-auth-update: sort additional module options before + writing them out, so that we don't wind up with a different config file + on every invocation. Thanks to Jim Paris <jim@jtan.com> for the patch. + Closes: #594123. + * debian/libpam-runtime.{postinst,templates}: since 1.1.2-1 is targeted + for post-squeeze, we don't need to support upgrades from 1.0.1-6 to + 1.0.1-10 anymore. Drop the debconf error note about having configured + your system with a lack of authentication, so that translators don't + spend any more time on it. + * Updated debconf translations: + - Swedish, thanks to Martin Bagge <brother@bsnet.se> (closes: #575875) + + -- Steve Langasek <vorlon@debian.org> Tue, 15 Feb 2011 23:21:41 -0800 + +pam (1.1.1-7) UNRELEASED; urgency=low + + * Updated debconf translations: + - Italian, thanks to Nicole B. <damn3dg1rl@gmail.com> (closes: #602112) + + -- Steve Langasek <vorlon@debian.org> Wed, 17 Nov 2010 16:53:46 -0800 + +pam (1.1.1-6.1) unstable; urgency=low + + * Non-maintainer upload. + * Fix pending l10n issues. Debconf translations: + - Czech (Miroslav Kure). Closes: #598329 + - Slovak (Ivan Masár). Closes: #600164 + - Japanese (Kenshi Muto). Closes: #600247 + - Finnish (Esko Arajärvi). Closes: #600641 + + -- Christian Perrier <bubulle@debian.org> Tue, 19 Oct 2010 07:30:49 +0200 + +pam (1.1.1-6) unstable; urgency=low + + * Updated debconf translations: + - Swedish, thanks to Martin Bagge <brother@bsnet.se> (closes: #575875) + + -- Steve Langasek <vorlon@debian.org> Sun, 05 Sep 2010 23:36:35 -0700 + +pam (1.1.1-5) unstable; urgency=low + + * debian/rules: pass getconf LFS_CFLAGS so that we get a 64-bit rlimit + interface. Closes: #579402. + * Update debian/source.lintian-overrides to clean up some spurious + warnings. + * Bump Standards-Version to 3.9.1. + * Add lintian overrides for a few more spurious warnings. + * debian/patches-applied/no_PATH_MAX_on_hurd: define PATH_MAX for + compatibility when it's not already set. Closes: #552043. + * debian/local/pam-auth-update: Don't try to pass embedded newlines to + debconf; backslash-escape them instead and use CAPB escape. + * debian/local/pam-auth-update: sort additional module options before + writing them out, so that we don't wind up with a different config file + on every invocation. Thanks to Jim Paris <jim@jtan.com> for the patch. + Closes: #594123. + + -- Steve Langasek <vorlon@debian.org> Sun, 05 Sep 2010 12:42:34 -0700 + +pam (1.1.1-4) unstable; urgency=low + + * debian/patches/conditional_module,_conditional_man: if we don't have the + libraries required for building pam_tty_audit, we shouldn't install the + manpage either. LP: #588547. + * Updated debconf translations: + - Portuguese, thanks to Eder L. Marques <eder@edermarques.net> + (closes: #581746) + - Spanish, thanks to Javier Fernandez-Sanguino Peña <jfs@debian.org> + (closes: #592172) + - Galician, thanks to Jorge Barreiro <yortx.barry@gmail.com> + (closes: #592808) + * Don't pass --version-script options when linking executables, + only when linking libraries. Thanks to Julien Cristau + <jcristau@debian.org> for the fix. Closes: #582362. + + -- Steve Langasek <vorlon@debian.org> Sun, 15 Aug 2010 21:53:46 -0700 + +pam (1.1.1-3) unstable; urgency=low + + * pam-auth-update: fix a bug in our handling of module options when the + module name contains digits, caused by a buggy regexp. :/ Partially + addresses LP #369575. + * Install /sbin/pam_tally2 in the libpam-modules package; thanks to + Olivier BONHOMME <obonhomme@nerim.net> for reporting. Closes: #554010. + + -- Steve Langasek <vorlon@debian.org> Sun, 25 Apr 2010 05:53:44 -0700 + +pam (1.1.1-2) unstable; urgency=low + + * Document the new symbols added in 1.1.1 in debian/libpam0g.symbols, and + raise the minimum version for the service restarting code. + Closes: #568480. + + -- Steve Langasek <vorlon@debian.org> Wed, 17 Feb 2010 23:21:23 -0800 + +pam (1.1.1-1) unstable; urgency=low + + * New upstream version. + - restore proper netgroup handling in pam_access. + Closes: #567385, LP: #513955. + * Drop patches pam.d-manpage-section, namespace_with_awk_not_gawk, and + pam_securetty_tty_check_before_user_check, which are included upstream. + * debian/patches/026_pam_unix_passwd_unknown_user: don't return + PAM_USER_UNKNOWN on password change of a user that has no shadow entry, + upstream now implements auto-creating the shadow entry in this case. + * Updated debconf translations: + - French, thanks to Jean-Baka Domelevo Entfellner <domelevo@gmail.com> + (closes: #547039) + - Bulgarian, thanks to Damyan Ivanov <dmn@debian.org> (closes: #562835) + * debian/patches/sys-types-include.patch: fix pam_modutil.h so that it can + be included directly, without having to include sys/types.h first. + Closes: #556203. + * Add postgresql-8.3 to the list of services in need of restart on upgrade. + Closes: #563674. + * And drop postgresql-{7.4,8.1} from the list, neither of which is present + in stable. + * debian/patches/007_modules_pam_unix: recognize that *all* of the password + hashes other than traditional crypt handle passwords >8 chars in length. + LP: #356766. + + -- Steve Langasek <vorlon@debian.org> Mon, 01 Feb 2010 02:04:33 -0800 + +pam (1.1.0-4) unstable; urgency=low + + * debian/patches/pam_securetty_tty_check_before_user_check: new patch, + to make pam_securetty always return success on a secure tty regardless + of what username was passed. Thanks to Nicolas François + <nicolas.francois@centraliens.net> for the patch. Closes: #537848 + * debian/local/pam-auth-update: only reset the seen flag on the template + when there's new information; this avoids reprompting users for the same + information on upgrade, regardless of the debconf priority used. + Closes: #544805. + * libpam0g no longer depends on libpam-runtime; packages that use + /etc/pam.d/common-* must depend directly on libpam-runtime, and most do + (including the Essential: yes ones), so let's break this circular + dependency. Closes: #545086, LP: #424566. + + -- Steve Langasek <vorlon@debian.org> Mon, 14 Sep 2009 18:47:25 -0700 + +pam (1.1.0-3) unstable; urgency=low + + * Bump debian/compat to 7, so we can use sane contents in debian/*.install + * Switch all packages over to dh_install + * Rename debian/*.lintian to debian/*.lintian-overrides and use dh_lintian + * Move installation logic out of debian/rules into individual .install + files + * Drop superfluous options to dh_installchangelogs, dh_shlibdeps + * Use debian/clean instead of rm -f'ing files in debian/rules clean target + * Drop ./configure options that are no-ops + * Drop the /lib/security/pam_unix_*.so symlinks, which have been deprecated + now for 10 years and are not used at all if pam-auth-update is in play. + * Drop the pam_rhosts_auth.so symlink as well, and document in NEWS.Debian + that this is now obsolete. + * Drop stale content from README.debian: some of this should have been in + NEWS.Debian instead (but is so old it's not worth putting it there now), + some of it is obsolete by the change in package VCS. + * Convert debian/rules to debhelper 7 and add versioned build-dependencies + on debhelper and quilt to suit. + * Drop CFLAGS that we don't need anymore (-fPIC, -D_REENTRANT, + -D_GNU_SOURCE). + * Explicitly add -O0 to CFLAGS when noopt is set. + * debian/patches/autoconf.patch: pull ltmain.sh in, to fix some spurious + library linkage in the modules. + * Move pam_cracklib manpage to the libpam-cracklib package, and add the + requisite Replaces + * Drop dh_makeshlibs -V; everything from lenny on should use the .symbols + file instead, making the shlibs redundant so we don't need to care what + version gets listed there. + + -- Steve Langasek <vorlon@debian.org> Mon, 07 Sep 2009 18:47:45 -0700 + +pam (1.1.0-2) unstable; urgency=low + + [ Steve Langasek ] + * debian/patches/pam_unix_dont_trust_chkpwd_caller.patch: fix this patch + to call setregid() instead of always returning an error on username + mismatch in unix_chkpwd, needed in the SELinux case and in some corner + cases with the broken_shadow option. Thanks to Michael Spang for the + analysis. Closes: #543589. + * fix the PAM mini-policy to not tell app maintainers that they don't need + to depend on libpam-modules if they reference modules from there. + * make libpam-runtime depend on libpam-modules (>= 1.0.1-6) - nothing else + guarantees that we have pam_unix available for use by pam-auth-update. + * Use /bin/sh instead of /bin/bash for libpam0g.postinst, since we've + confirmed there are no longer any bashisms there. Closes: #519973. + * Clean up the libpam0g postinst a bit; invoke-rc.d has been a guaranteed + interface for two stable release cycles now + * debian/patches/namespace_with_awk_not_gawk: fix the sample + namespace.init script's dependency on non-POSIX features of gawk, since + we don't use gawk by default. Closes: #518908. + * Updated debconf translations: + - German, thanks to Sven Joachim <svenjoac@gmx.de> (closes: #544464) + + [ Kees Cook ] + * debian/local/common-password, debian/pam-configs/unix: switch from "md5" + to "sha512" as password crypt default. + + -- Steve Langasek <vorlon@debian.org> Mon, 31 Aug 2009 14:21:27 -0700 + +pam (1.1.0-1) unstable; urgency=low + + * New upstream version. + - pam_access no longer does DNS lookups when we know we're comparing + with a tty name or a service name. Closes: #376209. + - fixes for manpage spelling. Closes: #488690. + - fix evaluation of or'ed list of users in time.conf and group.conf. + Closes: #326407, #514423. + * Drop patches pam_unix_thread-safe_save_old_password.patch, + pam_env_ignore_garbage.patch, dont_freeze_password_chain, + pam_1.0.4_mindays, pam_mail-fix-quiet, pam_unix-chkpwd-wait, and + cve-2009-0887-libpam-pam_misc.patch, which are included upstream. + * Trim pam.d-manpage-section patch, which was mostly but not completely + applied upstream. + * Update debian/libpam0g.symbols for new extension. + * Bump the shlibs version as well, for our dpkg-shlibdeps fallback. + * And bump the version checks in the libpam-modules {pre,post}inst, so that + the necessary services get restarted for any modules that need the new + symbols. + * Add /sbin/mkhomedir_helper to libpam-modules. + * Document that pam_cracklib no longer checks /etc/security/opasswd. + Closes: #263767. + * debian/patches/007_modules_pam_unix: drop divergence from upstream + that treats "0" as a special value in various fields in /etc/shadow, + and document this in debian/NEWS. Thanks to Nicolas François + <nicolas.francois@centraliens.net> for the detailed analysis. + Closes: #308229. + * Updated debconf translations: + - French, thanks to Jean-Baka Domelevo Entfellner <domelevo@gmail.com> + (closes: #521266) + * Build with LDFLAGS=-Wl,-z,defs to guard against the possibility of + any undefined symbols (due to typos or otherwise) at build time. + Closes: #102311. + * On upgrade from versions before 1.1.0-1, if + /etc/pam.d/common-session-noninteractive has not been created (because + the user declined use of pam-auth-update), create it by copying + /etc/pam.d/common-session. Closes: #543401. + * debian/patches/fix-man-crud: new patch, fix "undefined macro" errors in + manpages caused by oddities of toolchain used when generating them + upstream. + + -- Steve Langasek <vorlon@debian.org> Tue, 25 Aug 2009 20:35:26 -0700 + +pam (1.0.1-11) unstable; urgency=low + + * debian/libpam-runtime.postinst: bump the --force version check to + 1.0.1-11, to allow for a new common-session-noninteractive config file; + and include md5sum checking logic that will work the same with old + unmanaged and new managed /etc/pam.d/common-* files. + * debian/local/common-{auth,account,session,password}.md5sums: document + the known md5sums for the new managed files. + * debian/local/common-session-noninteractive{,.md5sums}, + debian/local/pam-auth-update: split out a session-noninteractive include + file, so that we can at last distinguish between interactive and + non-interactive PAM sessions at a policy level. Closes: #169930, + LP: #287715. + * debian/local/pam-auth-update: prune md5sums for unsupported upgrade + paths (intrepid pre-release -> karmic/squeeze) + * Clean up the PAM mini-policy, which hasn't been touched in a number of + years and was looking a bit crufty + * debian/libpam-runtime.templates: correctly tag the URL as a + non-translatable string. + * Updated debconf translations: + - Swedish, thanks to Martin Bagge <brother@bsnet.se> (closes: #541399) + - Portuguese, thanks to Américo Monteiro <a_monteiro@netcabo.pt> + (closes: #541108) + - Russian, thanks to Yuri Kozlov <yuray@komyakino.ru> (closes: #541094) + + -- Steve Langasek <vorlon@debian.org> Sun, 23 Aug 2009 18:07:11 -0700 + +pam (1.0.1-10) unstable; urgency=high + + [ Steve Langasek ] + * Updated debconf translations: + - Finnish, thanks to Esko Arajärvi <edu@iki.fi> (closes: #520785) + - Russian, thanks to Yuri Kozlov <yuray@komyakino.ru> (closes: #521874) + - German, thanks to Sven Joachim <svenjoac@gmx.de> (closes: #521530) + - Basque, thanks to Piarres Beobide <pi+debian@beobide.net> + (closes: #524285) + * When no profiles are chosen in pam-auth-update, throw an error message + and prompt again instead of letting the user end up with an insecure + system. This introduces a new debconf template. Closes: #519927, + LP: #410171. + + [ Kees Cook ] + * Add debian/patches/pam_1.0.4_mindays: backport upstream 1.0.4 fixes + for MINDAYS-Field regression (closes: #514437). + * debian/control: add missing misc:Depends for packages that need it. + + [ Sam Hartman ] + * Remove conflicts information for transitions prior to woody release + * Fix lintian overrides for libpam-runtime + * Overrides for lintian finding quilt patches + * pam_mail-fix-quiet: patch from Andreas Henriksson + applied upstream to fix quiet option of pam_mail, Closes: #439268 + + [ Dustin Kirkland ] + * debian/patches/update-motd: run the update-motd scripts in pam_motd; + render update-motd obsolete, LP: #399071 + + [ Sam Hartman ] + * cve-2009-0887-libpam-pam_misc.patch: avoid integer signedness problem + (CVE-2009-0887) (Closes: #520115) + + -- Steve Langasek <vorlon@debian.org> Thu, 06 Aug 2009 17:54:32 +0100 + +pam (1.0.1-9) unstable; urgency=low + + * Move the pam module packages to section 'admin'. + * 027_pam_limits_better_init_allow_explicit_root: defaults need to be + declared as LIMITS_DEF_DEFAULT instead of LIMITS_DEF_ALL, otherwise + global limits will fail to be applied. LP: #314222. + + -- Steve Langasek <vorlon@debian.org> Fri, 20 Mar 2009 19:48:47 -0700 + +pam (1.0.1-8) unstable; urgency=low + + * Updated debconf translations: + - Bulgarian, thanks to Damyan Ivanov <dmn@debian.org> (closes: #518121) + - Spanish, thanks to Javier Fernandez-Sanguino Peña <jfs@debian.org> + (closes: #518214) + - Swedish, thanks to Martin Bagge <brother@bsnet.se> (closes: #518324) + - Vietnamese, thanks to Clytie Siddall <clytie@riverland.net.au> + (closes: #518329) + - Japanese, thanks to Kenshi Muto <kmuto@debian.org> (closes: #518335) + - Slovak, thanks to Ivan Masár <helix84@centrum.sk> (closes: #518341) + - Czech, thanks to Miroslav Kure <kurem@debian.cz> (closes: #518992) + - Portuguese, thanks to Américo Monteiro <a_monteiro@netcabo.pt> + (closes: #519204) + - Galician, thanks to Marce Villarino <mvillarino@users.sourceforge.net> + (closes: #519447) + - Romanian, thanks to Eddy Petrișor <eddy.petrisor@gmail.com> + (closes: #520552) + * 027_pam_limits_better_init_allow_explicit_root: set the RLIMIT_MEMLOCK + limit correctly to match the kernel default, which is not RLIM_INFINITY. + Closes: #472629. + + -- Steve Langasek <vorlon@debian.org> Fri, 20 Mar 2009 18:15:07 -0700 + +pam (1.0.1-7) unstable; urgency=low + + * 027_pam_limits_better_init_allow_explicit_root: + - fix the patch so that our limit resets are actually *applied*, + which has apparently been broken for who knows how long! + - shadow the finite kernel defaults for RLIMIT_SIGPENDING and + RLIMIT_MSGQUEUE as well, so that the preceding change doesn't + suddenly expose systems to DoS or other issues. + - include documentation in the patch, giving examples of how to set + limits for root. Thanks to Jonathan Marsden. + * pam-auth-update: swap out known md5sums from intrepid pre-release + versions with the md5sums from the released intrepid version + * pam-auth-update: set the umask, so we don't accidentally mark + /etc/pam.d/common-* unreadable. Thanks to Martin Krafft for catching. + Closes: #518042. + + -- Steve Langasek <vorlon@debian.org> Tue, 03 Mar 2009 17:18:42 -0800 + +pam (1.0.1-6) unstable; urgency=low + + * Updated debconf translations: + - Vietnamese, thanks to Clytie Siddall <clytie@riverland.net.au> + * New patch dont_freeze_password_chain, cherry-picked from upstream: + don't always follow the same path through the password stack on + the PAM_UPDATE_AUTHTOK pass as was used in the PAM_PRELIM_CHECK + pass; this Linux-PAM deviation from the original PAM spec causes a + number of problems, in particular causing wrong return values when + using the refactored pam-auth-update stack. LP: #303515, #305882. + * debian/local/pam-auth-update (et al): new interface for managing + /etc/pam.d/common-*, using drop-in config snippets provided by module + packages. + + -- Steve Langasek <vorlon@debian.org> Sat, 28 Feb 2009 13:36:57 -0800 + +pam (1.0.1-5) unstable; urgency=low + + * Build-conflict with libxcrypt-dev, which otherwise pulls libxcrypt in as + a dependency of libpam-modules if it's installed during the build. + Thanks to Larry Doolittle for catching. + * Don't refer to gnome-screensaver in the debconf template; it isn't + actually affected by the libpam symbol issue because it forks a separate + process to display the screensaver dialog. + * Have libpam-modules Pre-Depend on ${misc:Depends}, so that we can + warn users about needing to disable xscreensaver and xlockmore + before libpam-modules is unpacked. Closes: #502140, LP: #256238. + * Updated debconf translations for the new template: + - Italian, thanks to David Paleino <d.paleino@gmail.com> + - Simplified Chinese, thanks to Deng Xiyue + <manphiz-guest@users.alioth.debian.org> (closes: #510371) + - Portuguese, thanks to Américo Monteiro <a_monteiro@netcabo.pt> + - Swedish, thanks to Martin Bagge <brother@bsnet.se> (closes: #510379) + - Japanese, thanks to Kenshi Muto <kmuto@debian.org> (closes: #510380) + - Finnish, thanks to Esko Arajärvi <edu@iki.fi> (closes: #510382) + - Spanish, thanks to Javier Fernandez-Sanguino Peña <jfs@debian.org> + (closes: #510389) + - Galician, thanks to Marce Villarino <mvillarino@gmail.com> + - Slovak, thanks to helix84 <helix84@centrum.sk> (closes: #510412) + - Bulgarian, thanks to Damyan Ivanov <dmn@debian.org> + - Czech, thanks to Miroslav Kure <<kurem@upcase.inf.upol.cz> + (closes: #510608) + - French, thanks to Steve Petruzzello <dlist@bluewin.ch> + - German, thanks to Sven Joachim <svenjoac@gmx.de> (closes: #510617) + - Basque, thanks to Piarres Beobide <pi+debian@beobide.net> + (closes: #510699) + - Russian, thanks to Yuri Kozlov <yuray@komyakino.ru> (closes: #510701) + - Turkish, thanks to Mert Dirik <mertdirik@gmail.com> (closes: #510707) + + -- Steve Langasek <vorlon@debian.org> Tue, 06 Jan 2009 00:05:13 -0800 + +pam (1.0.1-4) unstable; urgency=high + + * High-urgency upload for RC bugfix. + + [ Julien Cristau ] + * pam_unix-chkpwd-wait: don't assume that the unix_chkpwd process exits + normally; if it was killed by a signal, we don't want to accept the + password. Closes: #495879. + + [ Steve Langasek ] + * 007_modules_pam_unix: update the manpage at the same time as the xml + source (grr, autogenerated files in source packages). Closes: #495804. + * 055_pam_unix_nullok_secure: also don't call the helper at all from + _unix_blankpasswd when we can detect that null passwords are disallowed, + to avoid causing spammy logs on successful authentications. + Closes: #496620. + * debian/rules: call chgrp *before* calling chmod, lest the sgid bit + on unix_chkpwd be cleared during the build when using -rsudo. + Closes: #496983. + + -- Steve Langasek <vorlon@debian.org> Thu, 28 Aug 2008 22:59:23 -0700 + +pam (1.0.1-3) unstable; urgency=high + + * 055_pam_unix_nullok_secure: don't call _pammodutil_tty_secure with a NULL + tty argument, since this will cause our helper to segfault instead of + returning a useful value. Thanks to Troy Davis for the report. + Closes: #495806. + + -- Steve Langasek <vorlon@debian.org> Wed, 20 Aug 2008 11:55:47 -0700 + +pam (1.0.1-2) unstable; urgency=low + + * 007_modules_pam_unix: update the documentation to correctly document + the default minimum password length is 6, not 1. + * Look for cups instead of cupsys as an init script name when restarting + services; thanks to Stephen Olander-Waters for pointing this out. + Closes: #492977. + * Update the Debian PAM mini-policy to remove references to the + long-obsolete pam_pwdb, and clarify the relationship between pam_stack + and @include. + * Drop various bits of unused cruft from the debian/ directory. + * Drop libpam-runtime.preinst, only used for upgrades from woody to sarge + to deal with modified conffiles. + * Build-Conflict with libdb4.2-dev, which satisfies the libdb-dev + build-dependency but causes pam_userdb to be silently omitted. + Closes: #493574. + * 054_pam_security_abstract_securetty_handling: move the warning log about + an insecure tty back to pam_securetty proper; we don't want to generate + log messages every time pam_unix is called as non-root. + Closes: #493283. As a side-effect, pam_unix no longer logs any warnings + about NULL password + insecure tty, but I don't think this is critical. + + -- Steve Langasek <vorlon@debian.org> Fri, 08 Aug 2008 10:47:26 -0700 + +pam (1.0.1-1) unstable; urgency=low + + * New upstream version. + - pam_limits: bound RLIMIT_NICE from below. Closes: #403718. + - pam_mail: set the MAIL variable even when .hushlogin is set. + Closes: #421010. + - new minclass option introduced for pam_cracklib. Closes: #454237. + - fix a failure to check the string length when matching usernames in + pam_group. Closes: #444427. + - fix setting shell security context in pam_selinux. Closes: #451722. + - use --disable-audit, to avoid libaudit being linked in + accidentally + - pam_unix now supports SHA-256 and SHA-512 password hashes. + Closes: #484249, LP: #245786. + - pam_rhosts_auth is dropped upstream (closes: #382987); add a compat + symlink to pam_rhosts to support upgrades for a release, and give a + warning in NEWS.Debian. + - new symbol in libpam.so.0, pam_modutil_audit_write; shlibs bump, and + do another round of service restarts on upgrade. + - pam_unix helper is now called whenever an unprivileged process + tries and fails to query a user's account status. Closes: #367834. + * Drop patches 006_docs_cleanup, 015_hurd_portability, + 019_pam_listfile_quiet, 024_debian_cracklib_dict_path, 038_support_hurd, + 043_pam_unix_unknown_user_not_alert, 046_pam_group_example, + no_pthread_mutexes, limits_wrong_strncpy, misc_conv_allow_sigint.patch, + pam_tally_audit.patch, 057_pam_unix_passwd_OOM_check, and + 065_pam_unix_cracklib_disable which have been merged upstream. + * Patch 022_pam_unix_group_time_miscfixes: partially merged upstream; + now is really just "pam_group_miscfixes". + * Patch 007_modules_pam_unix partially superseded upstream; stripping + hpux-style expiry information off of password fields is now supported. + * New patch pam_unix_thread-safe_save_old_password.patch, to make sure all + our getpwnam() use in pam_unix is thread-safe (fixes an upstream + regression) + * New patch pam_unix_fix_sgid_shadow_auth.patch, fixing an upstream + regression which prevents sgid shadow apps from being able to authenticate + any more because the module forces use of the helper and the helper won't + allow authentication of arbitrary users. This change does mean we're + going to be noisier for the time being in an SELinux environment, which + should be addressed but is not a regression on Debian. + * New patch pam_unix_dont_trust_chkpwd_caller.patch, rolling back an + upstream change that causes unix_chkpwd to assume that setuid(getuid()) + is sufficient to drop permissions and attempt any authentication on + behalf of the user. + * The password-changing helper functionality for SELinux systems has been + split out into a separate unix_update binary, so at long last we can + change unix_chkpwd to be sgid shadow instead of suid root. + Closes: #155583. + - Update the lintian override to match. + * Install the new unix_update helper into libpam-modules. + * Use a pristine upstream tarball instead of repacking; requires various + changes to debian/rules and debhelper files. + * Replace the Vcs-Svn field with a Vcs-Bzr field; jumping ship from svn, + and how! + * Debconf translations: + - Romanian, thanks to Igor Stirbu <igor.stirbu@gmail.com> + (closes: #491821) + * Add libpam0g.symbols, for finer-grained package dependencies with + dpkg-gensymbols. + * Fix debian/copyright to list the known copyright holders + * Fix up the doc-base sections for the libpam-doc documentation, "Apps" + should not be part of the section name + * Also fix up whitespace issues in the doc-base abstracts + * Fix a typo in the libpam0g-dev description. + * 027_pam_limits_better_init_allow_explicit_root: RLIM_INFINITY is also + invalid for RLIMIT_NOFILE, so when resetting the limits for a new session, + use the kernel default of 1024 instead. Closes: #404836. + * Create /etc/environment on initial install of libpam-modules (or on + upgrade from an old version), to quell warnings in the logs about it + being missing. Closes: #442049. + * 026_pam_unix_passwd_unknown_user: drop a redundant, and broken, check for + the NSS source of our user; this was preventing password changes for NIS + users, which otherwise should have worked. Closes: #203222, LP: #9224. + * New patch do_not_check_nis_accidentally: respect the 'nis' option + (set or unset) when looking up the user's password entry for password + changes. Thanks to Quentin Godfroy <godfroy@clipper.ens.fr> for the + patch. Closes: #469635. + * Drop patch 049_pam_unix_sane_locking, which upon review is not needed; + it reduces the length of time we hold the lock, but at the expense of + being able to enforce minimum times between password changes. + * debian/watch: upstream has hit 1.0, so we're no longer in a "pre" + directory. Fix up the regex for uscan. + * Fix the libpam0g-dev examples directory to not include a gratuitous + .cvsignore file. + * New patch, pam.d-manpage-section, to fix the manpage references to + point to section 5 instead of section 8. + * Update patch PAM-manpage-section to fix the references to pam(7) from + other manpages. Closes: #470137. + * Add debian/README.source documenting that this package uses quilt. + * Bump Standards-Version to 3.8.0. + * Fix a bug in the uid-restoring code in the hurd_no_setfsuid patch; thanks + to Tomas Mraz <tmraz@redhat.com> for indirectly bringing this to my + attention + + -- Steve Langasek <vorlon@debian.org> Mon, 28 Jul 2008 13:56:26 -0700 + +pam (0.99.7.1-7) unstable; urgency=medium + + * Medium-urgency upload for RC bugfix + * Debconf translations: + - Italian, thanks to David Paleino <d.paleino@gmail.com> (closes: #483913) + - Slovak, thanks to Ivan Masár <helix84@centrum.sk> (closes: #488908) + - Turkish, thanks to Mert Dirik <mertdirik@gmail.com> (closes: #490880) + - Basque, thanks to Piarres Beobide <pi+debian@beobide.net> + (closes: #473975) + * Drop the 'XS' from Vcs-Svn/Vcs-Browser, since these are now officially + recognized fields. + * Add a Homepage field. Closes: #473338. + * Drop -DCRACKLIB_DICTS from CFLAGS, since the referenced define is no + longer provided by cracklib2-dev 2.8 and above. This requires a + build-dependency on the corresponding version of libcrack2-dev. + Closes: #490236. + + -- Steve Langasek <vorlon@debian.org> Mon, 21 Jul 2008 11:49:59 -0700 + +pam (0.99.7.1-6) unstable; urgency=low + + * Debconf translations: + - Updated Vietnamese, thanks to Clytie Siddall <clytie@riverland.net.au> + (closes: #444437) + - Updated Spanish, thanks to Javier Fernández-Sanguino Peña + <jfs@debian.org> (closes: #444479) + - Updated German, thanks to Sven Joachim <svenjoac@gmx.de> + (closes: #444566) + - Galician, thanks to Jacobo Tarrio <jtarrio@trasno.net> (closes: #444758) + - Updated Czech, thanks to Miroslav Kure <kurem@upcase.inf.upol.cz> + (closes: #445022) + - French, thanks to Cyril Brulebois <cyril.brulebois@enst-bretagne.fr> + (closes: #445869) + - Japanese, thanks to Kenshi Muto <kmuto@debian.org> (closes: #446584) + - Dutch, thanks to Bart Cornelis <cobaco@skolelinux.no> (closes: #448930) + - Basque, thanks to Piarres Beobide <pi@beobide.net> (closes: #457042) + - Updated Finnish, thanks to Esko Arajärvi <edu@iki.fi> (closes: #458264) + - Swedish, thanks to Christer Andersson <klamm@comhem.se> + (closes: #457674) + * Make sure the "audit" option is specified in octal instead of in decimal, + so that it doesn't randomly set other options. Thanks to Corey Wright + <undefined@pobox.com> for the catch. Closes: #446327. + + -- Steve Langasek <vorlon@debian.org> Sun, 16 Mar 2008 02:06:28 -0700 + +pam (0.99.7.1-5) unstable; urgency=low + + * More lintian overrides, related to debconf prompting in the postinst + * Debconf translations: + - Brazilian Portuguese, thanks to Eder L. Marques <frolic@debian-ce.org> + (closes: #440385) + - Russian, thanks to Yuri Kozlov <kozlov.y@gmail.com> + (closes: #440390, #440953, #444039) + - Bulgarian, thanks to Damyan Ivanov <dam@modsoftsys.com> + (closes: #441863) + - Finnish, thanks to Esko Arajärvi <edu@iki.fi> (closes: #443720) + - Simplified Chinese, thanks to Ming Hua + <minghua-guest@users.alioth.debian.org> (closes: #443924) + - Updated Portuguese, thanks to Américo Monteiro <a_monteiro@netcabo.pt> + - Updated Vietnamese, thanks to Clytie Siddall <clytie@riverland.net.au> + (closes: #440800) + - Updated German, thanks to Sven Joachim <svenjoac@gmx.de> + - Updated Spanish, thanks to Javier Fernández-Sanguino Peña + <jfs@debian.org> + - Updated Czech, thanks to Miroslav Kure <kurem@debian.cz> + (closes: #441325) + * Further cleanups of 007_modules_pam_unix -- don't use a global variable + for pass_min_len, don't gratuitously move the length checking into the + "obscure" checks, and internationalize the error strings. + * Stop overriding the built-in default minimum password length in + /etc/pam.d/common-password, and also drop the "max" option which has now + been obsoleted. + * Fix up the comments in /etc/pam.d/common-password to make it clear that + the options are specific to pam_unix. Closes: #414559. + * Patch 038: fix another thinko in the getline handling. Closes: #442276. + * If there are active X logins, don't restart kdm, wdm, and xdm by default; + instead, display a debconf error if they haven't been restarted. + Closes: #441843. + * Drop the local patch for Linux capabilities in pam_limits; Linux + capabilities are not generally useful in a PAM context, and the PAM + capabilities patch has been broken through much of its life. + Closes: #440130. + * -Wl,-z,defs was never enabled correctly, drop it since upstream is + already using -no-undefined + * Pass --build and --host args to ./configure as necessary, for + cross-building support. + + -- Steve Langasek <vorlon@debian.org> Fri, 28 Sep 2007 00:17:00 -0700 + +pam (0.99.7.1-4) unstable; urgency=low + + * libpam0g.postinst, libpam0g.templates: gdm doesn't need to be restarted + to fix the library skew, only reloaded; special-case this daemon in the + postinst and remove the mention of it from the debconf template, also + tightening the language of the debconf template in the process. + Closes: #440074. + * Add courier-authdaemon to the list of services that need to be + restarted; thanks to Micah Anderson for reporting. + * New patch pam_env_ignore_garbage.patch: fix pam_env to really skip over + garbage lines in /etc/environment and log an error, instead of failing + with an obscure error; and ignore any PAM_BAD_ITEM values returned + by pam_putenv(), since this is the expected error return when trying + to delete a non-existent var. Closes: #439984. + * Yet another thinko in hurd_no_setfsuid and in + 029_pam_limits_capabilities; this code should really be Hurd-safe at + last... + * getline() returns -1 on EOF, not 0; check this appropriately, to fix + an infinite loop in pam_rhosts_auth. Thanks to Stephan Springl + <springl-rhosts@bfw-online.de> for the fix. Closes: #440019. + * Use ${misc:Depends} for libpam0g, so we get a proper dependency on + debconf. + * 019_pam_listfile_quiet: per discussion with upstream, don't suppress + errors about missing files or files with wrong permissions; these are + real errors that should not be buried. + * Drop the remainder of 061_pam_issue_double_free, not required for the + original bugfix. + * Drop patch 064_pam_unix_cracklib_dictpath, which is not needed now that + we define CRACKLIB_DICTS in debian/rules. + * Drop patch 063_paswd_segv, superseded by a different upstream fix + * Split 047_pam_limits_chroot_string_value up between + 008_modules_pam_limits_chroot and 029_pam_limits_capabilites + * Updates to patch 007_modules_pam_unix: restore the same built-in min + password len of 6 that upstream uses; fix a typo panlindrome -> + palindrome. + * The 'max=' option was never intended to be used to limit maximum password + length for users, only to declare what the number of significant + characters /is/ for a password. But we don't need a config option to + tell us that, we know the answer based on which crypt type we're using, + so drop this as a config file option. Closes: #389197. + * Debconf translations: + - Spanish, thanks to Javier Fernández-Sanguino Peña <jfs@debian.org> + - Vietnamese, thanks to Clytie Siddall <clytie@riverland.net.au> + - German, thanks to Sven Joachim <svenjoac@gmx.de> (closes: #440355) + - Czech, thanks to Miroslav Kure <kurem@upcase.inf.upol.cz> + (closes: #440362) + - Portuguese, thanks to Américo Monteiro <a_monteiro@netcabo.pt> + (closes: #440368) + + -- Steve Langasek <vorlon@debian.org> Fri, 31 Aug 2007 17:11:05 -0700 + +pam (0.99.7.1-3) unstable; urgency=low + + * New patch limits_wrong_strncpy: fix unnecessary manipulations of string + buffers, including an illegal use of strncpy(). Thanks to Paul Hampson + for reporting. Closes: #331278. + * New patch misc_conv_allow_sigint.patch: allow SIGINT to be handled by the + application, instead of blocking it when misc_conv is in use and + preventing users from being able to ^C at any PAM prompt. Closes: #1708. + * 024_debian_cracklib_dict_path: default to NULL instead of a specific + dictionary path when none is defined for consistency with the new upstream + version of cracklib, and define our path in debian/rules. + * 055_pam_unix_nullok_secure: document the pam_unix "nullok_secure" option, + a prereq for forwarding this patch upstream. Closes: #325974. + * Create /etc/security/opasswd on new installs or on upgrades from + 0.99.7.1-2 or below, so that users that enable the remember=<n> option to + pam_unix aren't left unable to change passwords. Closes: #95324. + * Fix a couple of thinkos in hurd_no_setfsuid, that were preventing the code + from compiling on the Hurd still. Thanks to Michael Banck for the catch. + * Fix a memory leak in the pam_limits capabilities patch: always + cap_free() the cap_t before returning from pam_sm_open_session(). + Closes: #153157. + * libpam0g.postinst, libpam0g.templates: on upgrades from versions + prior to 0.99.7.1-3, restart known PAM-using services so that they + get the new libpam symbols, since otherwise the newer PAM modules + will fail to load. Postinst taken from libssl0.9.8; thanks to + Christoph Martin for the fine example! Closes: #439835. + * Build-depend on po-debconf to support l10n of the debconf questions + from the above. + + -- Steve Langasek <vorlon@debian.org> Tue, 28 Aug 2007 06:33:33 -0700 + +pam (0.99.7.1-2) unstable; urgency=low + + * New upstream release; thanks to Roger Leigh and Jan Christoph Nordholz + for their extensive work in helping to prepare for this update in Debian. + Closes: #360460. + - now uses autoconf for library detection, so SELinux should not be + unconditionally enabled on non-Linux archs. Closes: #333141. + - pam_mail notice handling has been completely reworked, so there should + no longer be missing spaces in the messages. Closes: #119689. + - with libtool and autoconf, now behaves "sensibly" on unknown + platforms. Closes: #165067. + - the source now builds without warnings. Closes: #212165. + - uses automake instead of hand-rolled makefiles with indentation + bugs. Closes: #241661, #328084. + - pam_mkhomedir now creates directories recursively as needed. + Closes: #178225. + - pam_listfile now supports being used as a session module too. + Closes: #416665. + - misspelled pam_userdb log message has been corrected. Closes: #305058. + - the current pam_strerror manpage no longer mentions "Unknown + Linux-PAM error". Closes: #220157. + - the text documentation no longer uses ANSI bold sequences. + Closes: #181451. + - pam_localuser now supports being used as a session module. + Closes: #412484. + - package no longer fails to build with dash as /bin/sh. + Closes: #331208. + - All modules should now be documented in the system administrator + guide. Closes: #350620. + - pam_userdb now logs an error instead of segfaulting when no db= + option is provided. Closes: #436005. + - pam_time now warns on a missing tty instead of erroring out, + making it possible to use the module with non-console services. + Closes: #127931. + - upstream changelog is now 'ChangeLog' instead of 'CHANGELOG'; install + accordingly + - bump the shlibs + - the 'test.c' example no longer exists + - add /usr/share/locale to libpam-runtime. + - CVE-2005-2977: only uid=0 is allowed to invoke unix_chkpwd with an + arbitrary username, and then only when SELinux is active. + Closes: #336344. + * Mark myself as primary maintainer as previously discussed with Sam, and + add Roger as an uploader. + * Refactor to use quilt. + * Update to Standards-Version 3.7.2. + * Drop unnecessary build-dependency on patch, which is + build-essential (and no longer invoked directly). + * Drop patches 002_debian_no_ldconfig_call, 010_pam_cplusplus, + 018_man_fixes, 030_makefile_link_against_libpam, + 037_pam_issue_ttyname_can_be_null, 044_configure_supports_bsd, + 050_configure_in_gnu and 052_pam_unix_no_openlog, which have been + superseded upstream. + * Drop patches 005_pam_limits_099_6, + 012_pam_group_less_restrictive_charset, 023_pam_env_limits_miscfixes, + 048_pam_group_colon_valid_char, 058_pam_env_enable, 059_pam_userdb_segv, + 060_pam_tally_segv and 062_c++_safe_headers, which have been integrated + upstream. + * Patch 057: SELinux support is merged upstream, leaving only an + unrelated OOM check for pam_unix_passwd. Rename as + 057_pam_unix_passwd_OOM_check. + * Patches 006, 008, 036: update for the switch from SGML to XML. + * Patch 007: update for the switch from SGML to XML; drop some log + messages that were already added upstream; update for the pam_modutil + changes; tighten the flag handling of the 'obscure' option; drop bogus + check in unix_chkpwd for null passwords. Also fix a grammar error + along the way. Closes: #362855. + * Patch 024: CRACKLIB_DICTPATH is no longer set in configure.in, so patch + pam_cracklib.c instead to use the default dictpath already available + from crack.h; and patch configure.in to use AC_CHECK_HEADERS instead + of AC_CHECK_HEADER, so crack.h is actually included. Also remove + unnecessary string copies, which break on the Hurd due to PATH_MAX. + * Patch 038: partially merged/superseded upstream; also add new Hurd + fix for pam_xauth. + * Patch 061: partially merged upstream + * Use ${binary:Version} instead of ${Source-Version} in + debian/control. + * Remove empty maintainer scripts debian/libpam0g-dev.{postinst,prerm}, + debian/libpam0g.{postinst,prerm}, and + debian/libpam-modules.{postinst,prerm}; debhelper can autogenerate these + just fine without our help. + * Build-Depend on xsltproc, libxml2-utils, docbook-xml, docbook-xsl + and w3m instead of on linuxdoc-tools, linuxdoc-tools-latex, tetex-extra, + groff, and opensp. + * Also build-depend on flex for libfl.a. + * Updates for documentation handling: + - move debian/local/pam-*-guide to debian/libpam-doc.doc-base.foo-guide, + and invoke dh_installdocs instead of installing these by hand. + - drop libpam-doc.{postinst,prerm}, which are no longer needed. + - add an install target to debian/rules, and have binary-indep depend on + it instead of trying to install doc files individually from the source + tree + - consequently, drop libpam-doc.dirs as well which is no longer needed + and no longer accurate + - add debian/libpam-doc.install for moving the docs to the right place, + and also replace libpam-runtime.files with libpam-runtime.install; + for the moment this means we're using both dh_movefiles and + dh_install... + - libpam0g.docs: install the Debian-PAM-MiniPolicy from here, further + cleaning up debian/rules + * Drop debian/libpam0g.links, no longer needed because upstream now has a + working install target which creates the library symlinks + * Add libpam-modules.links: create pam_unix_{acct,auth,passwd,session}.so + symlinks by hand, no longer provided upstream. + * debian/patches-applied/PAM-manpage-section: "PAM" is not a daemon, manpage + belongs in section 7, not in section 8. + * Actually ship the pam, pam.conf, and pam.d manpages in libpam-runtime. + * debian/patches-applied/autoconf.patch: move all changes to autotools + generated files into a single patch at the end of the stack. + - don't touch configure in debian/rules, the quilt patch takes care + of this for us. + * New patch 064_pam_unix_cracklib_dictpath: correctly define + CRACKLIB_DICTS, since this is not defined by configure. Thanks to Jan + Christoph Nordholz. + * New patch 065_pam_unix_cracklib_disable: Debian-specific patch to disable + cracklib support in pam_unix. Thanks to Christoph Nordholz. + * debian/rules: + - Rename OS_CFLAGS to CFLAGS. + - kill off references to unused variables + - make binary-arch also depend on the install target, and streamline the + rules + - fix up the clean target to not ignore errors; thanks to Roger Leigh + - drop the local module_check target in favor of using -Wl,-z,defs + in LDFLAGS to enforce correct linkage of all objects at build time + * Drop debian/local/unix_chkpwd.8 in favor of the upstream manpage. + * libpam-modules.files: /usr/sbin/pam_tally has moved to /sbin/pam_tally + for consistency. + * Update to debhelper V5. + * Don't ship Makefiles as part of the libpam0g-dev examples. + * libpam-modules.manpages, libpam-runtime.manpages, libpam0g-dev.manpages: + put all the manpages in the correct packages. Closes: #411812, + #62193, #313486, #300773, #330545, #184270. + * Drop libpam{0g,0g-dev,-modules,-runtime}.dirs, not needed for anything + because we aren't trying to ship empty directories in the packages + * Build-Conflict with fop, to avoid unreproducible builds of pdf + documentation from a tool in contrib. + * libpam-cracklib should depend on a real wordlist package, per policy; + use wamerican as the default. + * Drop local/pam-undocumented.7 from the package, since we no longer have + a reason to ship it + * Add lintian overrides for known false-positives + * Conflicts/Replaces/Provides libpam-umask, now included upstream. + Closes: #436222. + * Upstream no longer marks unix_chkpwd suid-root for us, so set the perms + by hand in debian/rules. In the process, unix_chkpwd is now writable + by the owner, as expected by policy. Closes: #368100. + * Migrate from db4.3 to db4.6; once again, no administrator action should + be needed for upgrading on-disk database formats. Closes: #354309. + * Add XS-Vcs-Svn and XS-Vcs-Browser fields to debian/control; thanks to + Laurent Bigonville for the hint. Closes: #439038. + * Add a watch file for use with uscan; thanks to Laurent Bigonville for + this patch as well. Closes: #439040. + * Rewrite of 031_pam_include, fixing a memory leak and letting us drop + patch 056_no_label_at_end; thanks to Jan Christoph Nordholz + <hesso@pool.math.tu-berlin.de> for this much-improved version! + * New patch no_pthread_mutexes: don't use pthread mutexes in + pam_modutil functions, they're not needed because pam handles + themselves should not be used concurrently by multiple threads and + using pthreads causes problems for portable linking. + * New patch hurd_no_setfsuid: if we don't have sys/fsuid.h, work around + using setreuid instead. + + -- Steve Langasek <vorlon@debian.org> Sun, 26 Aug 2007 19:15:09 -0700 + +pam (0.79-4) unstable; urgency=medium + + * Medium-urgency upload; at least one RC bugfix, but also a + significant number of changes, hence not urgency=high. + * Move libpam-modules and libpam0g to Section: libs and libpam-runtime + to section: admin, to match the overrides in the archive. + * Move old changelog entries (well, entry) that don't follow the current + format to debian/changelog.old, since there's no way to figure out a + timestamp for an 8-year-old upload, and this is the most effective + way to clear a glut of lintian warnings. + * Fix the formatting of the libpam-cracklib package description. + * Patch 010: remove parts of the patch that aren't necessary for C++ + compatibility. + * Patch 060: fix a segfault in pam_tally caused by misuse of + pam_get_data(); already fixed upstream. Closes: #335273. + * Patch 061: fix a double free in pam_issue, caused by overuse (and misuse) + of strdup (similar to patch 059). Already fixed upstream. + Closes: #327272. + * Don't build-depend on libselinux1-dev and libcap-dev on kfreebsd archs. + Closes: #352329. + * Patch 005: sync pam_limits with upstream: + - support "-" (unlimited) for all limit types except process priority. + - support the additional aliases "-1", "unlimited", and "infinity" for + clearing the limits; closes: #122400, #149027. + - restrict the range of process priority, login count, and system login + count settings to (INT_MIN,INT_MAX) (heh). + - special-case RLIM_INFINITY when applying multipliers to values from + the config. + - document maxsyslogins in the default limits.conf; closes: #149883. + - use the current process priority as a default instead of resetting to + 0; closes: #241663. + - add support for (and document) new RLIMIT_NICE and RLIMIT_RTPRIO + settings in Linux 2.6.12 and above; closes: #313542, #313588. + - allow imposing limits on uid=0. + * Patch 027: only set RLIM_INFINITY as the default for the limits where + we know this is sensible, so that recompiling in an environment with new + limits doesn't create a security hole -- as happened with RLIMIT_NICE and + RLIMIT_RTPRIO! Thanks to Ville Hallik for the initial patch. + Closes: #388431. + * Patch 029, 047: Fix up the broken pam_limits capabilities patch so it + actually works -- which may well be a first... Closes: #318452. + + -- Steve Langasek <vorlon@debian.org> Mon, 23 Oct 2006 05:36:08 -0700 + +pam (0.79-3.2) unstable; urgency=low + + * Non-maintainer upload to fix important bug, that makes passwd segfault + when CTRL-D is pressed at the password prompt. Applied the patch + provided by Dann Frazier. (Closes: #360657) + + -- Margarita Manterola <marga@debian.org> Sat, 5 Aug 2006 02:11:22 -0300 + +pam (0.79-3.1) unstable; urgency=low + + * Non-maintainer upload. + * Linux-PAM/libpamc/include/security/pam_client.h, + Linux-PAM/libpamc/pamc_converse.c: Apply patch from + latest upstream version to remove redefinition of internal + glibc/libstdc++ types. Closes: #344447. + + -- Roger Leigh <rleigh@debian.org> Sun, 5 Feb 2006 21:46:59 +0000 + +pam (0.79-3) unstable; urgency=low + + * Patch 059 + - Fix a segfault in pam_userdb when the new "crypt=" option + is unset, as will be the case for all existing users; already fixed + upstream. Closes: #330829. + - Fix a memory leak in the same code due to gratuitous strdup()s. + * Further regression in pam_env: don't treat a missing /etc/environment + as a fatal error, either. Amend patch 058 accordingly. Closes: #330852. + + -- Steve Langasek <vorlon@debian.org> Fri, 30 Sep 2005 01:17:53 -0700 + +pam (0.79-2) unstable; urgency=low + + The ".c.o: rm -rf $@" release + * Fix debian/rules so that make clean doesn't remove ./configure when the + timestamp on configure.in is newer (!). + * Switch pam_userdb from db3 to db4.3, which according to the libdb + maintainers should require no manual intervention for upgrading on-disk + database formats. Closes: #165068. + * Patch 058: yes, of course we want to read /etc/environment by + default. Grr! Revert upstream change which disables this for no + apparent reason (closes: #330458). + * Tweak selinux rootok code to use the version of the function call that + doesn't pollute namespace + + -- Steve Langasek <vorlon@debian.org> Tue, 27 Sep 2005 02:44:36 -0700 + +pam (0.79-1) unstable; urgency=low + + * New upstream version (closes: #284954, #300775). + - includes some fixes for typos (closes: #319026). + - pam_unix should now be LSB 3.0-compliant (closes: #323982). + - fixes segfaults in libpam on config file syntax errors + (closes: #330097). + * Drop patches 000_bootstrap, 004_libpam_makefile_static_works, + 011_pam_access, 013_pam_filter_termio_to_termios, 017_misc_fixes, + 025_pam_group_conffile_name, 028_pam_mail_delete_only_when_set, + 033_use_gcc_not_ld, 034_pam_dispatch_ignore_PAM_IGNORE, + 035_pam_unix_security, 039_pam_mkhomedir_no_maxpathlen_required, + 041_call_bootstrap, 042_pam_mkhomedir_dest_not_source_for_errors, + 051_32_bit_pam_lastlog_ll_time, and + 053_pam_unix_user_known_returns_user_unknown which have been + integrated upstream. + * Merge one last bit of patch 053 into patch 043, where it should have + been in the first place + * Patch 057: SELinux support: + - add support to pam_unix for copying SELinux security contexts when + writing out new passwd/shadow files and creating lockfiles + - support calling unix_chkpwd if opening /etc/shadow fails due to + SELinux permissions + - allow unix_chkpwd to authenticate for any user when in an SELinux + context (hurray!); we depend on SELinux policies to prevent the + helper's use as a brute force tool + - also support querying user expiration info via unix_chkpwd + - misc cleanup: clean up file descriptors when invoking unix_chkpwd + (closes: #248310) + - make pam_rootok check the SELinux passwd class permissions, not just + the uid + - add new pam_selinux module (closes: #249499) + * Build-depend on libselinux1-dev. + * Fix pam_getenv, so that it can read the actual format of /etc/environment + instead of trying to read it using the syntax of + /etc/security/pam_env.conf; thanks to Colin Watson for the patch. + Closes: #327876. + * Set LC_COLLATE=C when using alphabetic range expressions in + debian/rules; bah, so *that's* what kept happening to my README file + when trying to build out of svn! Closes: #295296. + * Add a reference to the text of the GPL to debian/copyright. + + -- Steve Langasek <vorlon@debian.org> Sun, 25 Sep 2005 22:08:20 -0700 + +pam (0.76-23) unstable; urgency=low + + * Fix Gcc 3.4 compilation, Closes: #259634 + * Note that pam.conf is not read if /etc/pam.d exists, Closes: #248928 + * Fix typo in pam_env.conf, Closes: #277633 + + -- Sam Hartman <hartmans@debian.org> Sun, 10 Jul 2005 16:42:25 -0400 + +pam (0.76-22) unstable; urgency=medium + + * Add uploaders + * Document location of repository + * Fix options containing arguments in pam_unix, Closes: #254904 + + -- Sam Hartman <hartmans@debian.org> Mon, 28 Jun 2004 14:28:08 -0400 + +pam (0.76-21) unstable; urgency=medium + + * Fix patch 055 again because -20 was broken and didn't actually fix the + problem. + + -- Sam Hartman <hartmans@debian.org> Tue, 4 May 2004 21:37:38 -0400 + +pam (0.76-20) unstable; urgency=medium + + * Update to patch 55 to only check securetty when we are sure the + password is null, Closes: #243698 + * Medium urgency because the version now in testing has confusing and + verbose log messages. + * Include pam_getenv script which hopefully will be used by some people + somewhere for some purpose + + -- Sam Hartman <hartmans@debian.org> Wed, 28 Apr 2004 22:51:18 -0400 + +pam (0.76-19) unstable; urgency=low + + * Oops, too busy testing the upgrade from woody to make sure the upgrade + from -16 to -18 worked. Thanks to all those who reported, + Closes: #243413 + + -- Sam Hartman <hartmans@debian.org> Tue, 13 Apr 2004 16:08:54 -0400 + +pam (0.76-18) unstable; urgency=low + + * Manipulate conffiles to avoid unnecessary prompt in woody to sarge + upgrade, Closes: #218318 + + -- Sam Hartman <hartmans@debian.org> Sat, 10 Apr 2004 18:10:35 -0400 + +pam (0.76-17) unstable; urgency=low + + * common-password now includes length restrictions and cracklib + examples, Closes: #227681, #237537 + * Patch 054: abstract out the logic from pam_securetty to determine if a + tty is in /etc/securetty into a library function + * Patch 55: Add nullok_secure option to pam_unix. If set, then null + passwords are accepted from terminals in /etc/securetty. + * common-auth now includes nullok_secure, Closes: #228114 + + + -- Sam Hartman <hartmans@debian.org> Sun, 4 Apr 2004 23:10:11 -0400 + +pam (0.76-16) unstable; urgency=low + + * Patch 51 from the x86-64 folks to support 32-bit ll_time in + pam_lastlog even if time_t is 64-bits + * Don't call openlog in pam_unix (patch 52), Closes: #213566 + * Return PAM_USER_UNKNOWN for unknown users in pam_unix (patch 53), Closes: #204506 + + -- Sam Hartman <hartmans@debian.org> Tue, 23 Mar 2004 22:26:04 -0500 + +pam (0.76-15) unstable; urgency=low + + * Fix description of libpam-runtime, Closes: #209755 + * Fix description of libpam-cracklib, Closes: #210014 + * Depend on libc6-dev|libc-dev not libc6-dev, Closes: #212354 + * Clean up binaries, Thanks Russell, Closes: #212158 + * Depend on sufficiently new cracklib2-dev, Closes: #214092 + * Treate GNU/* as GNU for OS variable to make pam_limits compile, + (patch 050) Closes: #220980 + * No longer build-depend on latex2html, Closes: #221318 + * Allow : in tty specification for pam_group, (patch 048) Closes: #220439 + * Pull in locking patch from Linux-PAM CVS; this ended up causing + 021_pam_nis_locking to be reworked and that patch now no longer + contains locking fixes, but just NIS cleanup in general. See + 049_pam_unix_sane_locking for the locking changes, Closes: #220158 + + -- Sam Hartman <hartmans@debian.org> Mon, 12 Jan 2004 02:23:59 -0500 + +pam (0.76-14) unstable; urgency=low + + * Pull in NMU diff from 13.1, Closes: #186011 + * Split out common-password into its own file, Closes: #207497 + * Make other a conffile again and update to @include stuff + * Add missing symlink, Closes: #196605 + * Remove undocumented manpages + * Update PAM mini-policy + + -- Sam Hartman <hartmans@debian.org> Mon, 1 Sep 2003 18:08:54 -0400 + +pam (0.76-13.1) unstable; urgency=low + + * NMU with maintainer's permission. + * Add three new config files (/etc/pam.d/common-{auth,account,session}) + to libpam-runtime. Other packages which depend on libpam-runtime + can now @include these files from their own PAM configs. + * Convert /etc/pam.d/other from a conffile to a non-conffile config + file. Closes: #186011. + * Remove empty libpam-runtime.prerm script (debhelper will autocreate if needed) + + -- Steve Langasek <vorlon@debian.org> Tue, 19 Aug 2003 19:41:03 -0500 + +pam (0.76-13) unstable; urgency=low + + * Nope, that dependency didn't work, so let's remove it. If we run into other module versioning issues, I now have an arm build environment to debug with. Closes: #198618 + + -- Sam Hartman <hartmans@debian.org> Mon, 7 Jul 2003 00:22:34 -0400 + +pam (0.76-12) unstable; urgency=low + + * Fix group.conf example, (patch 046) Closes: #197080 + * Ignore module return value in jumps, (patch 045) Closes: #176693 + * Accept string value for chroot limit, thanks Andrei Pelinescu-Onciul, + Patch (047), Closes: #196903 + * Depend on libpam-modules instead of conflicting with older versions. + This creates a circular dependency between libpam0g and + libpam-modules. James says this works fine; we hope he's right. + Closes: #196949 + -- Sam Hartman <hartmans@debian.org> Sat, 21 Jun 2003 17:19:29 -0400 + +pam (0.76-11) unstable; urgency=low + + * Don't allow db4 to satisfy build-depends because it doesn't actually + work, and sometimes building with it would be wrong. + * Don't depend on libpcap-dev on Debian BSD + * Conflict with old libpam-modules, Closes: #191906 + * Incorrect username should not be logged at alert (patch 43), + Closes: #175900 + * Patch to support FreeBSD (patch 44, thanks Robert), Closes: #191906 + + -- Sam Hartman <hartmans@debian.org> Sat, 31 May 2003 19:55:26 -0400 + +pam (0.76-10) unstable; urgency=low + + * Don't double list conffiles, Closes: #190954 + * Only install example sources not executables, Closes: #185286 + * Display correct directory in error message for pam_mkhomedir, patch + 042 thanks to Akira TAGOH, Closes: #165240 + * Don't log EPERM when setting NOFILE limit as Linux doesn't let you + set that to -1, Closes: #180310 + * Add newline to end of distributed time.conf, Closes: #172229 + * Up our standards version and support noopt in DEB_BUILD_OPTIONS + + -- Sam Hartman <hartmans@debian.org> Sat, 3 May 2003 22:28:37 -0400 + +pam (0.76-9) unstable; urgency=low + + * Fix pam_rhosts hurd patch so it actually works, Closes: #172914 + * Fix patch 040 not to clobber errno when logging the error fails, + Closes: #172186 + * Fix dependency for linuxdoc-tools, Closes: #173097 + + -- Sam Hartman <hartmans@debian.org> Sun, 15 Dec 2002 17:10:58 -0500 + +pam (0.76-8) unstable; urgency=low + + * Have makefile appropriately depend on bootstrap-libpam + * Install pam minipolicy, Closes: #167798 + * Don't segfault if ttyname is null; this avoids the segfault but does + not actually make pam_issue useful for ssh. I believe the way + pam_issue works is fundamentally incompatible with what sshd expects + from PAM (patch 037), Closes: #153152 + * We actually fixed passwords containing , in 0.76-6, but failed to + document it. They do work, Closes: #164713 + * Note that /etc/pam.d/other is a fall back for each service + * Patches from Michal 'hramrach' Suchanek" <hramrach_l@centrum.cz> to + make HURD work, Closes: #165066 (patch 038 and 039) + * Don't depend on gs and other doc prep tools for build-depends, just + build-depends-indep, Closes: #165065 + * Patch from Eric Anderson <anderse@hpl.hp.com> to log failures of + setrlimit (patch 040), Closes: #169836 + * Build pam_limits on hurd, Closes: #165190 + + -- Sam Hartman <hartmans@debian.org> Sun, 24 Nov 2002 22:04:28 -0500 + +pam (0.76-7) unstable; urgency=low + + * Fix handling of pam_ignore in case where we're skipping modules; + update to patch 034 + + -- Sam Hartman <hartmans@debian.org> Sun, 20 Oct 2002 21:49:22 -0400 + +pam (0.76-6) unstable; urgency=low + + * The "No, I don't think I actually want any of what upstream is + smoking" release + * If this were already in testing, this would be an severity emergency + upload + * pam_unix currently treats * in shadow file as no password not + disabled; major security issue; fixed in upstream CVS, (patch 035) Closes: #164659 + * OK, I think this actually fixes the rest of the manpage symlinks, + Closes: #163839, #164298 + * You don't want to use getlogin for pam_wheel because utmp may be wrong or for xterm have no entry, pull forward patch from the 0.72 packages (patch 036), Closes: #163787 + + -- Sam Hartman <hartmans@debian.org> Tue, 15 Oct 2002 10:44:56 -0400 + +pam (0.76-5) unstable; urgency=low + + * Fix library links from 0.75 to 0.76 + * Ignore PAM_IGNORE in _pam_dispatch_aux (patch 34), Closes: #163841 + * Fix man page symlinks, Closes: #163839 + + -- Sam Hartman <hartmans@debian.org> Fri, 11 Oct 2002 01:08:06 -0400 + +pam (0.76-4) unstable; urgency=low + + * Upstream correctly states that one should use gcc not ld when + linking and then hapilly proceeds to actually use ld, fixed, Closes: #163711 + + * Remove experimental warning from readme, Closes: 163742 + + -- Sam Hartman <hartmans@debian.org> Mon, 7 Oct 2002 23:45:53 -0400 + +pam (0.76-3) unstable; urgency=low + + * Oops, let's try building -fpic. This currently builds everything + -fpic which is somewhat wrong, but doing more than that requires + significant build system hacking (touch every makefile for dynamic + objects), so it will wait, Closes: #163600 + + -- Sam Hartman <hartmans@debian.org> Sun, 6 Oct 2002 23:33:12 -0400 + +pam (0.76-2) unstable; urgency=low + + * Link against appropriate libraries so we find the symbols we need, + Closes: #162175 + * The if everyone's going to complain when I upload broken software to + experimental release, I might as well upload to unstable and give them + something worth actually complaining about release. + * Also the remove the scourge of dbs release + * Include patch 034 from the 0.72 packages, meaning that we've included + all the patches we need before release + * Reject the patch to pam_wheel as I cannot find out what reasonable + thing it was trying to do and it seemed broken + * libpam-cracklib should depend on wordlist so it actually works; + thanks Olaf Meeuwissen, + Closes: #112965 + * Merge build-depends and build-depends-indep because I'm a bad person + and was too lazy to make docs build in a separate pass. I'll deal in + a few versions. + + -- Sam Hartman <hartmans@debian.org> Sun, 6 Oct 2002 18:52:13 -0400 + +pam (0.76-1) experimental; urgency=low + + * New upstream version + * Upstream includes fix to not break cron, Closes: 160566 + * New Upstream correctly handles priority < 0 for pam_limits, Closes: #126251 + * .cvsignores removed, Closes: #159961 + + -- Sam Hartman <hartmans@debian.org> Sun, 22 Sep 2002 16:11:35 -0400 + +pam (0.75-3) experimental; urgency=low + + * Apply patch 027 pam_limits so that we initialize to wide open not + current limits. + * In pam_mail, don't complain about deleting environment variable if + we never set it, Closes: #58429 + * Don't set default max procs limit in pam_limits, Closes: #116874 + * libpam-runtime now arch all since it has no arch-specific files, + Closes: #132545 + * Update mini policy to reflect confusion on debian-devel + + -- Sam Hartman <hartmans@debian.org> Tue, 16 Jul 2002 09:30:50 -0400 + +pam (0.75-2) experimental; urgency=low + + * Fix pam_userdb to build and to build against db3, fixes patch 020 + * Fix upstream makefile so pam_group has valid configuration, closes: #148657 + * time.conf reference to logoutd removed, closes: #143801 + * The static library contains all the appropriate symbols in this + version. You may find the complete lack of PAM modules somewhat + frustrating; currently the static pam library is only useful if you + register your own modules. Fixing this would require annoying hacking + on the upstream build system, closes: #103495 + * unix_chkpwd.8 typo fixes thanks to dancer@anthill.echidna.id.au, + Closes: #139949 + * Since we're working on the new upstream version, we also have the new docs, closes: #147763 + * Patch from Martin Schwenke <martin@meltin.net> to only change + passwords in pam_unix when they exist in the password file; hopefully + does not break NIS, closes: #135990 + * Another patch from Martin to return PAM_USER_UNKNOWN if we ever + actually do get into the password changing routine only to find that + we have no password to change, closes: #135604 + * .cvsignore no longer installed, closes: #120795 + * We're using debhelper 3, just in time to be obselete, Closes: #93414 + + -- Sam Hartman <hartmans@debian.org> Sat, 8 Jun 2002 18:04:40 -0400 + +pam (0.75-1) experimental; urgency=low + + * Preliminary test packages + * New upstream version + * Hopefully works mostly the same as 0.72 except for upstream bug + fixes and for the fact that pam_limits is fairly broken right now. + * If it breaks you are lucky if you get to keep both pieces release. + + -- Sam Hartman <hartmans@debian.org> Sat, 25 May 2002 22:57:57 -0400 + +pam (0.72-35) unstable; urgency=medium + + * Fix like_auth to make libpam-krb5 and libpam-heimdal actually useful, + patch from RISKO Gergely , closes: #126251 + + -- Sam Hartman <hartmans@debian.org> Mon, 21 Jan 2002 15:20:22 -0500 + +pam (0.72-34) unstable; urgency=medium + + * Note that HOME may not be useful in pam_environment, closes: #109281 + * Don't smash case domains (groups/users) in pam_limits, closes: #119893 + * Remove double the from description, closes: #107705 + * Fix typo on mail message, closes: #119689 + * Medium since these are small fixes that should go into woody + + -- Sam Hartman <hartmans@debian.org> Fri, 23 Nov 2001 21:24:20 -0500 + +pam (0.72-33) unstable; urgency=low + + * Fix pam_mail to look in /var/mail not /var/spool/mail, thanks mjb. + + -- Sam Hartman <hartmans@debian.org> Thu, 11 Oct 2001 15:44:32 -0400 + +pam (0.72-32) unstable; urgency=medium + + * This should probably get into testing before freeze; medium. + * Patch from Volker Stolz to fix bug in previous pam_group patch, + closes: #111854 + + -- Sam Hartman <hartmans@debian.org> Sat, 22 Sep 2001 06:32:29 -0400 + +pam (0.72-31) unstable; urgency=low + + * Add support for credential reinitialization in pam_group, closes: #108697 + + -- Sam Hartman <hartmans@debian.org> Fri, 31 Aug 2001 13:16:39 -0400 + +pam (0.72-30) unstable; urgency=low + + * Include patch from robbe@orcus.priv.at to build pam_limits on hurd, + closes: #103556 + * Start installing limits.conf for hurd (may not work quite right) + + -- Sam Hartman <hartmans@debian.org> Mon, 16 Jul 2001 09:35:51 -0400 + +pam (0.72-29) unstable; urgency=low + + * Correctly declare uint32 type for ia64, closes: #104584 + + -- Sam Hartman <hartmans@debian.org> Sat, 14 Jul 2001 01:30:39 -0400 + +pam (0.72-28) unstable; urgency=low + + * Fix scanf string so pam_limits chroot works, closes: #100812 + * Only log unknown user at warning, not alert, closes: #95220 + * By default do complete matches not substring matches for pam_time. + You can include explicit wildcard for substring, closes: #66152 + + -- Sam Hartman <hartmans@debian.org> Tue, 3 Jul 2001 17:31:45 -0400 + +pam (0.72-27) unstable; urgency=low + + * Fix typo in last patch + + -- Sam Hartman <hartmans@debian.org> Mon, 25 Jun 2001 18:27:42 -0400 + +pam (0.72-26) unstable; urgency=low + + * Block SIGCHLD when calling unix password verification program, patch from mdz@debian.org, fixes pam part of #97977 + + -- Sam Hartman <hartmans@debian.org> Mon, 25 Jun 2001 08:47:12 -0400 + +pam (0.72-25) unstable; urgency=medium + + * Depend on opensp, working around #89063, closes: #100125 + * This is urgency medium to get docs back into testing. + + -- Sam Hartman <hartmans@debian.org> Fri, 8 Jun 2001 11:44:12 -0400 + +pam (0.72-24) unstable; urgency=low + + * New NIS double locking and root password patch from Philippe Troin + <phil@fifi.org>, fixes bug in unreleased patch submitted for + 0.72-23. Also improves changing root password so it does something; + ongoing discussion on whether this is right. + + -- Sam Hartman <hartmans@debian.org> Mon, 21 May 2001 08:06:05 -0400 + +pam (0.72-23) unstable; urgency=low + + * Patch from Benoit Gaussen <ben@trez42.net> , Don't trim from , to end + of string in user input, only trim from salt + grabbed from passwd file, closes: #96779 + * Fix NIS double locking, closes: #96736 + + -- Sam Hartman <hartmans@debian.org> Wed, 16 May 2001 15:46:34 -0400 + +pam (0.72-22) unstable; urgency=low + + * Fix pam.8 to be pam.7, closes: #92874 + + -- Sam Hartman <hartmans@debian.org> Tue, 17 Apr 2001 23:04:04 -0400 + +pam (0.72-21) unstable; urgency=low + + * Don't depend on libcap for hurd, closes: #91998 + * Don't list scurity/limits.conf as a conffile for hurd + + -- Sam Hartman <hartmans@debian.org> Mon, 9 Apr 2001 12:30:18 -0400 + +pam (0.72-20) unstable; urgency=low + + * Install pam-undocumented in -runtime not -dev, closes: #93063 + * Mark pam-runtime as replacing files from -dev in case you installed + -19 and have pam-undocumented in the wrong place + + -- Sam Hartman <hartmans@debian.org> Fri, 6 Apr 2001 06:38:15 -0400 + + + +pam (0.72-19) unstable; urgency=low + + * New maintainer, closes: #92353 + * Install pam-undocumented; somehow it was not installed in -18 + + -- Sam Hartman <hartmans@debian.org> Wed, 4 Apr 2001 21:32:17 -0400 + +pam (0.72-18) unstable; urgency=low + + * pam_securetty: log failed tty checks. Normally this was only done if + the "debug" option was on...do it regardless now, closes: #89390 + * Get rid of log message for when "root" is not applied to group checks. + closes: #88825 + * Add quiet option to pam_listfile, closes: #84428 + * pam(8) should be pam(7), pam.conf(8) should be pam.conf(5), closes: + #89322 + * Added groff to Build-Depends-Indep, closes: #88794 + + -- Ben Collins <bcollins@debian.org> Sun, 25 Mar 2001 21:40:32 -0500 + +pam (0.72-17) unstable; urgency=low + + * Fixed login in pam_limits where the max logins could be ignored. + + -- Ben Collins <bcollins@debian.org> Fri, 9 Mar 2001 09:14:48 -0500 + +pam (0.72-16) unstable; urgency=low + + * New pam limits cap patch from Topi Miettinen + <Topi.Miettinen@koti.tpo.fi>, closes: #88401, #88406, #88525, #88399, + #86197 + * pwdb no longer used, closes: #59917 + * fix patch 023 for gethostbyname build failure, closes: #86156 + * Make sure unix_chkpwd gets installed as suid root, closes: #88519 + * Fix whatis parse of manpages, closes: #86203 + * pam_listfile, fix arg parsing when arg does not contain '=', closes: + #86070 + + -- Ben Collins <bcollins@debian.org> Sun, 4 Mar 2001 22:45:58 -0500 + +pam (0.72-15) unstable; urgency=low + + * Doh, added build-depends for libcap, closes: #85352 + * Change section of libpam-cracklib from admin to libs to match + overrides. + + -- Ben Collins <bcollins@debian.org> Fri, 9 Feb 2001 09:06:40 -0500 + +pam (0.72-14) unstable; urgency=low + + * Added fix to pam_access for gethostname decleration. closes: #82100 + * Just name the lib/security directory instead of all the modules + seperately for dh_movefiles. closes: #76119 + * Fix pam_env corruption, closes: #66849, #77229 + * Add patch to allow recursive /etc/skel copy in pam_mkhomedir, closes: + #67211 + * remove dh_suidregister call, added conflict for old suidregister + package + * Applied patch for Linux capabilities in pam_limits, closes: #74176 + * pam_issue.so works for me, without segv, and even with escapes. This + is with login. Note, things like pam_issue do not work with ssh simply + because ssh is not able to work in that way (does not support + arbiitrary conversations). So if you want it to work there, file a bug + on ssh, not on libpam-modules. closes: #77228 + * unix_chkpwd: check for NULL password, closes: #69960 + + -- Ben Collins <bcollins@debian.org> Thu, 8 Feb 2001 11:06:03 -0500 + +pam (0.72-13) unstable; urgency=low + + * Fix grammar in pam_source.sgml, closes: #78959 + * pam_undocumented.7: Fix escaped 's, closes: #75987 + * Fix build ordering, closes: #71442, #80397, #77017 + * Applied Hurd patch, closes: #76119 + * Use gcc for linking, not ld. closes: #71941 + * Pretty sure this was fixed, closes: #67172 + * Applied spealang fixes to Debian-mini-policy. closes: #80249 + * Applied patch to allow devfs style terminal devices with pam_group, + closes: #77661 + * Could not reproduce, even using md5 passwords. User, if you still have + * this problem, you need to tell me with what service (login, which I + tested, sshd, telnet, etc...) and also send me the entire pam.d file + for that service. closes: #76087 + * Fixed awhile back, closes: #72858 + * Closing this since I am not going to include any modules in this + package that aren't in upstream. If someone else wants to package + these modules seperately, they can do so. closes: #69550 + * For correct usage, pam_wheel.so should be used with "sufficient" and + not "required". This is documented. If you use "required", then you + must also use the "trust" option, but that doesn't give you the + results you want. closes: #76236 + + -- Ben Collins <bcollins@debian.org> Sun, 31 Dec 2000 05:38:23 -0500 + +pam (0.72-12) frozen unstable; urgency=low + + * Recompile against db2 for glibc change + * Add db2 to build-deps + + -- Ben Collins <bcollins@debian.org> Wed, 27 Sep 2000 12:08:11 -0400 + +pam (0.72-11) frozen unstable; urgency=low + + * Removed all traces of pwdb in packages. libpwdb has been removed from + the archive. This means that the pam_pwdb and pam_radius modules are + no longer available (from the libpam-pwdb package). + * doc/modules/pam_wheel.sgml: Really spell out that being a member of a + group meands the user is listed in /etc/group, closes: #69242 + * doc/*: s/PAM_AUTHOK_RECOVERY_ERR/PAM_AUTHOK_RECOVER_ERR/g, + closes: #64473 + * pam_wheel: PAM does not distinguish it, the libc calls make the + distinction. The users gid is returned in their passwd info, while + getgrent() returns only the members of the group listed in /etc/group. + This is ok, because if it's really that important, you can actually + have it in both places. The fact that it's documented should suffice + in making this clear, closes: #69236 + * Sorry, but seperate modules generally need to be packaged seperately. + I don't want to overload this package with everyone's pet module, so I + have to put my foot down, closes: #61759 + * Actually, I'm going to move in Woody to make packages depend more on + the defaults in /etc/pam.d/other, so that admins have less to + maintain. For one, all packages should not have a password service + listed, closes: #70000 (YAY! I got the 70k rollover bug number!) + * Sorry, I can't include this. "," is a legitimate char in a password + salt/hash. If you can code up something that is super intelligent + about lenghts of the field, I can go for it, maybe, closes: #59459 + * modules/pam_limits: Added chroot feature patch, closes: #61090 + * modules/pam_access: Allow last field to contain ':', closes: #67291 + * modules/pam_limits: Allow explicit limits for root, closes: #62448 + * modules/pam_unix: Do not zero old/new password fields, libpam does + this itself, and doing so in the module breaks stacking, + closes: #66270 + * modules/pam_group: Allow alpha *and* numeric in tty field (duh), + closes: #63752 + * modules/pam_access: Enable NIS, closes: #64854 + * libpam0g-dbg: removed, useless anyway + + -- Ben Collins <bcollins@debian.org> Wed, 30 Aug 2000 18:39:32 -0400 + +pam (0.72-10) frozen unstable; urgency=low + + * Update build depends + * Fixed logic for showing non-existent user names when auth failed in + pam_unix.so, closes: #67786 (thanks to Jim Breton for being patient in + helping track this down). It would sometimes show them, even if we + didn't want to. + + -- Ben Collins <bcollins@debian.org> Thu, 27 Jul 2000 09:17:08 -0400 + +pam (0.72-9) frozen unstable; urgency=low + + * pam_unix: do not call obscure_msg() of pass_old is NULL, + closes: #65321 + * pam_access: check for from[0] == '\0' so that tty logic is actually + used, closes: #65401 + + -- Ben Collins <bcollins@debian.org> Wed, 14 Jun 2000 11:38:35 -0400 + +pam (0.72-8) frozen unstable; urgency=low + + * Build depends added in previous version, closes: #60817, #61439 + * Allow use of ":0" in group.conf, closes: #61966 + * Added syslog entry to notify that a user succesfully changed their + password, closes: #61724 + * Make pam_unix compatible with HP-UX style NIS+ password information, + patch from ldaffner@rsn.hp.com, closes: #61942 + * If "audit" is not enabled, don't let pam_unix print the names of + unknown users for auth attempts, closes: #61942 + * Fixed ttyname() parsing in pam_access to match that of the old shadow + access.conf s,/dev/,, closes: #61644 + * Set some sane defaults for pam_limits.so instead of carrying over + potentially bad defaults, patch from Peter Paluch + <peterp@frcatel.fri.utc.sk> closes: #63230 + * Allow explicit (e.g. specified specifically for) limits for root, + patch from Topi Miettinen <Topi.Miettinen@nic.fi>, closes: #62448 + * Added information to time.conf about logoutd, which is now enabled via + this file. + * cracklib maintainer claims this isn't a bug, closes: #54180 + * fixed control syntax handling which was causing segfaults, closes: #62237 + + -- Ben Collins <bcollins@debian.org> Sat, 29 Apr 2000 11:39:59 -0400 + +pam (0.72-7) frozen unstable; urgency=low + + * pam_limits: fix parsing of users which explicitly removes limits, + closes: #59911, #60287 + * Added build-depends + + -- Ben Collins <bcollins@debian.org> Mon, 20 Mar 2000 16:06:28 -0500 + +pam (0.72-6) frozen unstable; urgency=low + + * Remove conflict for libpam0g-util from libpam0g and put it in + libpam-runtime. This should fix a problem with upgrades that apt + experiences, closes: #58677 + + -- Ben Collins <bcollins@debian.org> Mon, 28 Feb 2000 14:05:28 -0500 + +pam (0.72-5) frozen unstable; urgency=low + + * Added obscure password checks to pam_unix. Required for shadow to be + able to emulate the pre-PAM setup (referenced in a bug on passwd). + * Applied patch from #57800 to fix NIS/NIS+ shadow accounting checks, + closes: #57800, #58164 + * Fixed two typos in the PAM System Administrators Guide, + closes: #56578, #56587 + + -- Ben Collins <bcollins@debian.org> Mon, 28 Feb 2000 10:58:09 -0500 + +pam (0.72-4) frozen unstable; urgency=low + + * unix_chkpwd: check for NULL on stdin aswell as 0 reads, closes: #56375 + * pam_unix/Makefile: removed bashism, closes: #56370 + * fixed in shadow upload, closes: #49832 + + -- Ben Collins <bcollins@debian.org> Sat, 29 Jan 2000 00:27:28 -0500 + +pam (0.72-3) unstable; urgency=low + + * Added cpluplus wraps in all the headers, closes: #53653 + + -- Ben Collins <bcollins@debian.org> Sun, 2 Jan 2000 15:15:40 -0500 + +pam (0.72-2) unstable; urgency=low + + * Well, this is an odd one. A recompile fixes it. So it must have been a + problem from linking with 0.71 when this is version 0.72. All of this + build daemons seem to have compiled the latest 0.72, so this should be + resolved after this gets recompiled on all of them, closes: #51619, #49584 + * This is from a very old version (0.56) of libpam0. It is not relevant + to the latest version, closes: #47162 + + -- Ben Collins <bcollins@debian.org> Sun, 26 Dec 1999 09:10:13 -0500 + +pam (0.72-1) unstable; urgency=low + + * New upstream source release, lots of patches merged upstream (thanks + Andrew). + * libpam-doc: now provides pam-doc, closes: #45631 + * cleanups to the build system + * shlibs.local: bumped shlib deps + + -- Ben Collins <bcollins@debian.org> Tue, 14 Dec 1999 11:17:36 -0500 + +pam (0.71-3) unstable; urgency=low + + * Debian-PAM-MiniPolicy: new document describing how PAM is implemented + in Debian + + -- Ben Collins <bcollins@debian.org> Fri, 26 Nov 1999 17:26:40 -0500 + +pam (0.71-2) unstable; urgency=low + + * pam_listfile: lstat -> stat, closes: #49833 + * pam_tally: install the pam_tally program, closes: #50314 + * debian/control: libpam-modules, replaces libpam0g-util, closes: #50716 + + -- Ben Collins <bcollins@debian.org> Thu, 25 Nov 1999 21:02:23 -0500 + +pam (0.71-1) unstable; urgency=low + + * New upstream release, merges lots of patches from the Debian source, + also merges the pam_{motd,mkhomedir,issue} modules into the main + source. Lots of minor bugs fixed, and compiler warnings + * pam_mail: Reimplemented the authentication handlers, so now this works + as both (changes nothing in Debian, but was required to get the patch + accepted upstream) + * general: Lots of small edits to fix compiler warnings + * pam_userdb: fixed potential usage of an unitialized value as + PAM_AUTHTOK, doesn't look particularly exploitable, but better safe + than sorry + + -- Ben Collins <bcollins@debian.org> Mon, 8 Nov 1999 19:21:52 -0500 + +pam (0.70-4) unstable; urgency=low + + * pam_wheel/pam_wheel.c: change to use getpwuid(getuid()) by default, so + avoid the problems associated with getlogin() + + -- Ben Collins <bcollins@debian.org> Mon, 1 Nov 1999 13:33:10 -0500 + +pam (0.70-3) unstable; urgency=low + + * Applied patch from Herbert Xu to enable PAM_CONV_AGAIN support in + pam_ftp, closes: #47288 + + -- Ben Collins <bcollins@debian.org> Wed, 13 Oct 1999 13:25:21 -0400 + +pam (0.70-2) unstable; urgency=low + + * 100_pam_pwdb_security_fix: new patch fixes security problem with + regard to NIS accounts + + -- Ben Collins <bcollins@debian.org> Wed, 13 Oct 1999 11:42:41 -0400 + +pam (0.70-1) unstable; urgency=low + + * New upstream release + * Seems there were a lot of fixes merged/matches upstream, looks good, + (maybe it's time I start sending my patches in, since the maintainer + is active again). + * libpamc: new library (libpam client library), this actually used to be + in the Debian packages for a few versions, but it was removed upstream. + Guess what, it's back :) + + -- Ben Collins <bcollins@debian.org> Sun, 10 Oct 1999 01:07:43 -0400 + +pam (0.69-11) unstable; urgency=low + + * {pwdb,unix}_chkpwd.8: fixed format to get rid of "no whatis" warnings + from mandb, closes: #47004 + * pam_unix.sgml: new file, documents the pam_unix.so module, + closes: #46511 + + -- Ben Collins <bcollins@debian.org> Sat, 9 Oct 1999 12:41:58 -0400 + +pam (0.69-10) unstable; urgency=low + + * libpam/pam_item.c: fixed debug message being in wrong place + * 013_pam_issue: new patch, provides issue file parsing for PAM + applications (helps to replace lost functionality in login). + + -- Ben Collins <bcollins@debian.org> Wed, 6 Oct 1999 20:30:17 -0400 + +pam (0.69-9) unstable; urgency=low + + * Fix typo in pam_mail.so module's "no" return + + -- Ben Collins <bcollins@debian.org> Sun, 3 Oct 1999 15:08:56 -0400 + +pam (0.69-8) unstable; urgency=low + + * docs/modules/pam_mkhomedir.sgml: Fixed module name + * changed build system structure + * libpam/Makefile: add -lcrypt to the linked libs, closes: #46104 + * increase shlib deps to 0.69-7, closes: #45801 + * pam_motd.c: close motd file after reading, closes: #46122 + * pam_motd.c: fix setting \0 in the wrong place when motd file is + zero length, closes: #45686, #45632 + * pam_unix_acct.c: allow '0' to denote disabled for some expiry fields + since chage(1) documents it this way, closes: #45446 + * pam_mail.c|modules/pam_mail.sgml: added 2 options, one "standard" to + give the old style "You have ..." response and "quiet" which only + reports new mail for both formats, documented both options, + closes: #45670 + * with the new pam_unix module, this bug is fixed, closes: #42230 + * pam_limits.c: make sure that we not only ignore limits on root, we + also remove them just in case we are su'ing from a limited user to + the root account (since as root they can remove the limits anyway), + closes: #35302 + + -- Ben Collins <bcollins@debian.org> Sun, 3 Oct 1999 12:07:28 -0400 + +pam (0.69-7) unstable; urgency=low + + * debian/rules: fixed module_check + * pam_env/pam_env.c: fixed env parsing to include values wrapped in '' + and also allow continued lines with a trailing '\'. + * pam_motd,pam_mail: converted to session modules, so that they could + be ordered with the lastlog module + * updated default pam.d/login to reflect above change (now login looks + the same as the non-PAM version, lastlog, then motd, and then mail + check) + * pam_motd: removed extraneous \n from output + * modules/pam_limits/pam_limits.c: Fixed parsing of lines with only + "domain -", which was documented as being able to get rid of limits + for that user or group. + * debian/control: (libpam-cracklib) Added depends for cracklib-runtime, + closes: #45488 + * modules/pam_env.c: Fixed /etc/environment parsing causing segfaults on + long lines, closes: #45408 + + -- Ben Collins <bcollins@debian.org> Sun, 19 Sep 1999 13:50:40 -0400 + +pam (0.69-6) unstable; urgency=low + + * Install unix_chkpwd suid root, it's needed for NIS to work without + modification to the binary. + * modules/pam_limits/pam_limits.c: hmm, some how I got a strange broken + patch left over from the source upgrade...removed all but the pwdb + purging, closes: #45088 + * modules/pam_env/pam_env.c: Changed to a debug message, instead of a + syslog message when /etc/environment does not exist. + + -- Ben Collins <bcollins@debian.org> Wed, 15 Sep 1999 04:25:21 -0400 + +pam (0.69-5) unstable; urgency=low + + * Removed libpam0g's preinst check for full paths in the pam.d files, + this should really be a lintian check at build (i think the old libpam + could not work like this, but hey...things change for the better some + times. This PAM works fine like that). closes: #45001 + +NOTE: Debian packages should not reference modules by the full path + so they don't break if I ever decide to move the modules to a different + default directory. Only the admin should reference full paths and only + for locally installed modules. I have submitted a request to check for + this in lintian along with a few other devious things. + * debian/patches/008_pam_mkhomedir: Fix title of sgml doc + * modules/pam_userdb/Makefile: added patch for building against glibc 2.0 + (request from Roman Hodek), closes: #45064 + + -- Ben Collins <bcollins@debian.org> Tue, 14 Sep 1999 06:12:34 -0400 + +pam (0.69-4) unstable; urgency=low + + * Link all dynamic modules with libpam. For some reason, alpha doesn't + like it when we don't + + -- Ben Collins <bcollins@debian.org> Mon, 13 Sep 1999 06:01:40 -0400 + +pam (0.69-3) unstable; urgency=low + + * doc/modules/pam_cracklib.sgml: changed to correct path for + cracklib_dict reference. + * modules/pam_env/pam_env.c: now groks bash style env's from + /etc/environment to be compatible with other programs that use it. + * modules/pam_securetty/pam_securetty.c: don't just plain fail when + root isn't allowed to login, fake a password request just like any + good auth module would. Keeps us from letting them know that they + are doing something bad :) + * modules/pam_{motd,mkhomedir}: merged these two modules into this + source, also wrote corresponding sgml files for libpam-doc, + closes: #40754 + * debian/control: Moved libpam0g, libpam-modules and libpam-runtime + to base with required priority since login depends on them and + policy will require this + + -- Ben Collins <bcollins@debian.org> Sat, 11 Sep 1999 08:06:02 -0400 + +pam (0.69-2) unstable; urgency=low + + * Modified build so that it uses libs and headers in the build tree + rather than on the local system. This involved changint the build + order slightly and should make it easier to compile on new archs. + * Modified pam_limits so that it was invoked during pam_sm_setcred() + instead of during pam_sm_session_open() so that it will work with + shadow's su. + * Fixed missing symbols in libpam.so, they were caused by it thinking + it was supposed to have static modules built in. + * Fixed problem where libpam was getting built with -DDEBUG + * pam_unix_passwd.c: Changed the perms on shadow to be 0.42 and 0640 + instead of 0.0 and 0600 + * unix_chkpwd: fix it not being sgid shadow + + -- Ben Collins <bcollins@debian.org> Thu, 9 Sep 1999 13:52:01 -0400 + +pam (0.69-1) unstable; urgency=low + + * New upstream source + - Now with a new and improved pam_unix module, closes: #38631 + - Lot's of documentation cleanups + * Converted build system to dbs (doogie's build system, aka Adam Heath) + * Fixed libpam.so compilation so that it did not link with any of the + modules (this was causing lot's of problems, closes; #43913, #40739 + * modules/pam_ftp/pam_ftp.c: Fixed sizeof, to use strlen, + closes: #44054, #41845, #44142, #39129, #39871, #44412 + * Postscript pages are now generated correctly, closes: #41608 + * Moved to FHS compliance (including use of debhelper 2.0.40), + this also raises the policy version to 3.0.1.1 + * Don't check the paths in /etc/pam.d files anymore. This is old + and causes nothing but complaints, closes: #39747 + * Build libpam0g-dbg with debuggable static and shared libraries, also + enabled the internal DEBUG_REL compile flag for these so that the + debugging messages will also be output + + -- Ben Collins <bcollins@debian.org> Tue, 7 Sep 1999 17:45:20 -0400 + +pam (0.66-10) unstable; urgency=low + + * Added ability for pam_env to parse /etc/environment and updated + docs to reflect it + * Applied patch for pwdb_chkpwd man page, closes: #38976 + * Merged pam_unix_*.so modules into one pam_unix.so with symlinks + for backward compatibility. This helps centralize this module the + same way the pam_pwdb.so is and the way pam_unix.so is on other + operating systems (commercial ones specifically). + * Closed by pam-apps upload, closes: #38632 + * Fixed `sgml2latex' syntax, closes: #39119 + * Added doc-base support, closes: #37627 + + -- Ben Collins <bcollins@debian.org> Wed, 16 Jun 1999 01:20:23 -0400 + +pam (0.66-9.1) unstable; urgency=low + + * SPARC NMU to fix chown symbols when compiling with glibc 2.1.1 + + -- Ben Collins <bcollins@debian.org> Tue, 11 May 1999 13:33:33 +0000 + +pam (0.66-9) unstable; urgency=low + + * Changed the debian/rules to not mess with the library symlinks (ie + running ldconfig in the lib dir) and all is well, closes: #36169 + + -- Ben Collins <bcollins@debian.org> Sun, 18 Apr 1999 09:09:51 -0400 + +pam (0.66-8) unstable; urgency=low + + * Compiled with libpam_client.so now (seperate lib in libpam0g) + * Made regex for libpam0g postinst a little more specific so it + didn't flag false problems. closes: #34626 + * Applied patch to fix pam_ftp, closes: #35388 + * Modified pam_mail and pam_lastlog to honor PAM_SILENT in order to + enable apps to use hushlogin/PAM_SILENT + * Fixed problem with libpam_client.so being static + + -- Ben Collins <bcollins@debian.org> Mon, 15 Mar 1999 20:54:23 -0500 + +pam (0.66-7) unstable; urgency=low + + * Fixed XCASE in pam_filter.c (not really in glibc 2.1 by default) + + -- Ben Collins <bcollins@debian.org> Sat, 6 Mar 1999 18:46:56 -0500 + +pam (0.66-6) unstable; urgency=low + + * Removed empty /lib/security/ from libpam0g (is created in + libpam-runtime) + * Added a depends for libpam-runtime to libpam0g (was supposed to be + there, must have deleted it) + * Removed empty /usr/bin from libpam-runtime (old directory where + upperLOWER was) + + -- Ben Collins <bcollins@debian.org> Wed, 24 Feb 1999 13:14:25 -0500 + +pam (0.66-5) unstable; urgency=low + + * Removed harcoded libc6 dependency from libpam0g-dev and changed it to + libc6-dev. closes: #33615 + * Added md5 flag for pam_unix_passwd.so + * Removed upperLOWER program since it is just an example. Moved it's + source to the examples directory in libpam-modules + * Fixed documentation of pam_strerror() and examples. closes #31142 + * Made pam_unix_passwd.so leave /etc/shadow mode 640 and root.shadow + after changes + * Fixed problem in pam_unix_auth that didn't let you su from a normal + user to another normal user (ie. neither one was root) + * Closing misc fixed bugs. closes #32809, #32274 (have been fixed, + just need closing) + * Tested lockvc with pam support, works for normal users (pam_pwdb) + closes: #31150 + * Changed /var/log/wtmp in pam_lastlog docs to reflect correct + /var/log/lastlog file. closes: #26544 + * Added -ldl to libpam.so, so apps don't have to + + -- Ben Collins <bcollins@debian.org> Fri, 19 Feb 1999 18:47:30 -0500 + +pam (0.66-4) unstable; urgency=low + + * Changed pwdb_chkpwd to sgid shadow instead of suid root since it only + needs read permissions to /etc/shadow and not write. + * Moved a lot of files arouns to get rid of libpam-runtime dependencies + * Put libpam-pwdb into it's own package + * Removed -lpwdb links for modules since libpwdb is somewhat buggy (or + alteast it's interaction with libpam is) + * Fixed bug in pam_unix_passwd.so that caused it to never authenticate + the correct passwd, making it so you couldn't change the passwd + + -- Ben Collins <bcollins@debian.org> Tue, 16 Feb 1999 15:50:28 -0500 + +pam (0.66-3) unstable; urgency=low + + * Fixed defaults in /etc/pam.d/other to be pam_unix_*.so modules instead + of the accidental pam_pwdb.so module + * Fixed suid of pwdb_chkpwd (had to move dh_fixperms after + dh_suidregister) + * Added Replaces: libpam0g-util in order to help dpkg upgrade from + older packages + * Applied glibc 2.1 patch from Christian Meder. closes: #32809 + * Moved libpam-doc to Section doc. closes: #32274 + + -- Ben Collins <bcollins@debian.org> Fri, 12 Feb 1999 02:01:43 -0500 + +pam (0.66-2) unstable; urgency=low + + * Removed all of the versioned module stuff. Modules are now in + /lib/security and stay there. Seems after discussion, that modules may + not change as often as thought + * Fixed suidregister for pwdb_chkpwd + * Fixed incomplete descriptions in control file + * This is a kludge to close some bugs since the last upload was yanked + before being installed in the archive, closes: #16882, #30862, #7725, + #10234, #10406, #12210, #14291, #15528, #15529, #20660, #25330, + #29868, #31088, #31128, #9131, #9919, #19383, #5132, #14533, #25915, + #28075, #31548, #31191 + + -- Ben Collins <bcollins@debian.org> Tue, 2 Feb 1999 12:47:25 -0500 + +pam (0.66-1) unstable; urgency=low + + * New maintainer + * New upstream release. closes: #16882, #30862, #7725 + * Created a better split of the main lib and the runtime to kill the + circular dependencies and make it possible to have two .so version of + the library installed for upgrades. closes: #10234, #10406, #12210, + bug #14291, #15528, #15529, #20660, #25330, #29868, #31088, #31128, + bug #9131, #9919. + * Harcoded modules directory prefixed with the .so version, and + used alternatives to create the symlink to the 'default' modules + directory. libpam will use the full path when specified, but use the + versioned modules directory for relative names. + * Put libpam0g-cracklib modules back in (own package). This means that + cracklib support is _not_ in the static libpam.a, also cracklib + support is _not_ in pam_unix_passwd.o, but only in pam_cracklib.so + by itself. + * Fixed a few typos in the source causing compile errors + * Fixed source #include's so that pam _didn't_ have to be installed + in order to compile the source ( changed from <> to "" ) + * Removed empty directories from built packages + * Opted not to build examples, only going to put *.c files in examples + directory for libpam0g-dev + * Moved *.sgml files for modules into their own directory (looks like + that is what the original maintainer wanted to do, but it didn't go) + * Moved doc build to arch-indep build in rules so that it doesn't get + built when specifying -B with debuild/dpkg-buildpackage. + * Moved `touch .quiet...' to build-stamp in order to have -B builds not + ask about pam.conf + * Split out non-standard modules to their own package, so as to make the + base install smaller (planning for base inclusion here) + * Created small manpage for pwdb_chkpwd. closes: #10941 + * The Copright file in /usr/doc/*/ was already named copright and not + compressed. closes: #14533 + * Package is now lintian clean. closes #19383, #5132 + * There is a maintainer now and the patch for #25915 is still included + so.... closes: #25915 + * Added check for editor backup files in /etc/pam.d (*~). closes: #28075 + * Applied patch for md5.h in pam_pwdb module. closes: #31548 + * Added support for dhelp in libpam-doc. closes: #31191 + + -- Ben Collins <bcollins@debian.org> Wed, 20 Jan 1999 07:09:15 -0500 + +pam (0.65-0.8) frozen unstable; urgency=high + + * Marked PAM as orphaned, given that there has been no maintainer upload + in almost two years. + * [defs/debian.defs] Removed superflous cracklib2 dependency. + (Urgent as cracklib still has release-critical bugs). + (Fixes #30862). + + -- J.H.M. Dassen (Ray) <jdassen@wi.LeidenUniv.nl> Wed, 20 Jan 1999 09:34:35 +0100 + +pam (0.65-0.7) frozen unstable; urgency=high + + * Fixed security vulnerability in the pam_unix and pam_tally modules + (reported by Michal Zalewski on bugtraq; patch + A000-SECURITY-PATCH-0.65-and-below.gz by Andrey V. Savochkin). + + -- J.H.M. Dassen (Ray) <jdassen@wi.LeidenUniv.nl> Tue, 29 Dec 1998 16:20:18 +0100 + +pam (0.65-0.6) unstable; urgency=high + + * Fixed distribution of files over the various packages, which was + severely messed up. + * Added appropriate Replaces: to ensure upgrading from both the hamm + version and previous slink versions. + * Fixed debug libraries, PAM module loading. + * Added examples. + * Added a "pam-undocumented" manpage pointing to libpam-doc, and + made links for functions without a manpage to that. + + -- J.H.M. Dassen (Ray) <jdassen@wi.LeidenUniv.nl> Sun, 11 Oct 1998 19:29:40 +0200 + +pam (0.65-0.5) unstable; urgency=low + + * Rewritten the preinst warning text (it still mentioned the search path). + + -- J.H.M. Dassen (Ray) <jdassen@wi.LeidenUniv.nl> Fri, 9 Oct 1998 14:23:18 +0200 + +pam (0.65-0.4) unstable; urgency=high + + * It looks like I misunderstood DEFAULT_MODULE_PATH: Linux-PAM does not + currently seem to be easily configured to look for modules in more than + one directory. With this version, it's configured to look only in + /lib/security . + + -- J.H.M. Dassen (Ray) <jdassen@wi.LeidenUniv.nl> Fri, 9 Oct 1998 11:43:34 +0200 + +pam (0.65-0.3) unstable; urgency=medium + + * Moving the PAM modules to /lib/security broke netatalk. + Added a preinst script to detect /etc/pam.d files with explicit paths to + PAM modules, give a warning about them, and offer to abort the install + (Fixes #27514). + + -- J.H.M. Dassen (Ray) <jdassen@wi.LeidenUniv.nl> Tue, 6 Oct 1998 20:10:43 +0200 + +pam (0.65-0.2) unstable; urgency=low + + * Argh. The tools didn't recognise -0.1 as a new upstream release, so + my previous upload was rejected due to a missing .orig.tar.gz . + + -- J.H.M. Dassen (Ray) <jdassen@wi.LeidenUniv.nl> Sun, 4 Oct 1998 17:15:09 +0200 + +pam (0.65-0.1) experimental; urgency=low + + * New upstream version. + * Non-maintainer upload. + * Major package overhaul; now uses debhelper. + * In experimental for now. *Please* provide feedback; if the feedback is + positive, we can put this in slink. + * Dropped libc5 support. + * [libpam/pam_static.c] Fixed compilation: "pamh" was undefined; use "NULL". + is this the correct fix? + * [defs/debian.defs] New. + * [Makefile] + * Exit when a make in a subdirectory fails. + * Compile statically too. + * New variables: LC, LP, LPLIBS, DEFAULT_MODULE_PATH . + * [libpam/Makefile] + * Use DEFAULT_MODULE_PATH if nonempty. + * Link libpam against LPLIBS. + * [modules/*/Makefile] + * Link the dynamic security objects against libpam and libc + (LP and LC). + * [modules/pam_pwdb/Makefile] + * Link dynamic security objects against libcrypt and libnsl. + * [conf/install_conf] Allow for non-interactive install (as the other + install_conf scripts already did). + * Automatically determine the list of /etc/security/* conffiles. + * Moved libpam to /lib, and PAM modules to /lib/security as they will + become part of the base system in the future. + * Built without cracklib support, to keep the base system smaller. + * /sbin/pwdb_chkpwd is undocumented, as is upperLOWER. + + -- J.H.M. Dassen (Ray) <jdassen@wi.LeidenUniv.nl> Fri, 2 Oct 1998 20:23:27 +0200 + +pam (0.57b-0.4) unstable; urgency=high + + * Non maintainer upload + My previous upload had removed the libc5 stuff from the controlfile + messing up things. Change 'Architecture: any' to 'i386 m68k' for those + .deb's instead. + + -- Turbo Fredriksson <turbo@debian.org> Thu, 20 Aug 1998 20:06:50 -0400 + +pam (0.57b-0.3) unstable; urgency=high + + * Non maintainer upload + On a glibc2.1 system, XCASE is only defined in the <bits/termios.h> + _IF_ '__USE_MISC' or '__USE_UNIX98' is defined. + + -- Turbo Fredriksson <turbo@debian.org> Sun, 16 Aug 1998 22:13:45 -0400 + +pam (0.57b-0.2) unstable; urgency=high + + * Yet another non-maintainer release. + * Zero changes; simply a re-upload due to a rm-trigger happy release + ``manager''. + + -- James Troup <jjtroup@comp.brad.ac.uk> Tue, 17 Mar 1998 19:55:16 +0100 + +pam (0.57b-0.1) unstable; urgency=medium + + * Non-maintainer release. + * debian/control (Standards-Version): Updated to 2.4.0.0. + * debian/control (libpam0g-dev): Also conflict with libpam-dbg. + * debian/postinst: use case statement instead of if. + * debian/rules (COMPAT_ARCHES): removed sparc. + * debian/rules (binary-libc6-dev, binary-libc5-altdev): strip static libraries with + --strip-debug, not --strip-unneeded. + * debian/rules: each package now has it's own doc directory under + /usr/doc/, containing at least the copyright file (Policy 5.6). + * debian/rules: install files with `install -m 644' not `cp -p' to avoid + read-only files. + * debian/rules (binary-libc6-util): strip /usr/lib/*/security/*.so with + --strip-unneeded. + * debian/rules (binary-libc5-util): ditto. + * debian/rules (binary-libc5): don't depend on binary-libc5. + + -- James Troup <jjtroup@comp.brad.ac.uk> Sat, 7 Mar 1998 18:04:19 +0100 + +pam (0.57b-0) unstable; urgency=medium + + * Non-maintainer release. + * New upstream version. + * Doesn't use pristine upstream source as the upstream tar ball is broken. + * Added libc6 libraries libpam0g, libpam0g-dev, libpam0g-dbg and + libpam0g-util. [#11697] + * libpam-dev becomes libpam0-altdev, libpam-util -> libpam0-altutil and + libpam-dbg is removed. + * libpam0 depends on libpam0g because libpam0g contains the pam conffile. + * libpam0-util depends on libpam0g-util because libpam0g contains the binary. + * Compiled with -D_REENTRANT and link with -lc. + * Fixed permissions on shared libraries. + * Corrected syntax of /etc/pam.d/other. [#10497, #10758, #12030] + * Fixed typos in postinst. [#10474, #11365] + * Made /etc/pam.conf a conffile. + * Updated URL in copyright file. + * Removed over-zelaously installed README* files from libpam-doc. + + -- James Troup <jjtroup@comp.brad.ac.uk> Sat, 22 Nov 1997 17:54:30 +0100 + +pam (0.56-2) unstable; urgency=low + + * Added /etc/pam.d/other with policy 'deny'. + * Add manual pages for PAM security modules. + + -- Klee Dienes <klee@debian.org> Sat, 15 Mar 1997 22:33:22 -0500 + +pam (0.56-1) unstable; urgency=low + + * New upstream release. + * Converted to new packaging format. + * Reorganization of package structure (-dev, -dbg, etc). + + -- Klee Dienes <klee@debian.org> Sat, 8 Mar 1997 01:21:17 -0500 diff --git a/debian/changelog.old b/debian/changelog.old new file mode 100644 index 00000000..98135ced --- /dev/null +++ b/debian/changelog.old @@ -0,0 +1,13 @@ +pam (0.50-1) unstable; urgency=low + + * added Debian GNU/Linux package maintenance system files. + * changes to the installation procedure to fit the Debian packaging + system ($PREFIX handling, unconditionally install configuration files, + don't run ldconfig after installing the shared libraries). + * added documentation in the extradoc directory + * commented out all unused entries in etc/pam.conf, etc/secure/group.conf + and etc/secure/time.conf + + -- Patrick Weemeeuw <patrick.weemeeuw@kulnet.kuleuven.ac.be> + + diff --git a/debian/clean b/debian/clean new file mode 100644 index 00000000..18af497a --- /dev/null +++ b/debian/clean @@ -0,0 +1,3 @@ +debian/local/pam_getenv.8 +debian/libpam0g-dev.links +debian/libpam0g-dev.install diff --git a/debian/compat b/debian/compat new file mode 100644 index 00000000..ec635144 --- /dev/null +++ b/debian/compat @@ -0,0 +1 @@ +9 diff --git a/debian/control b/debian/control new file mode 100644 index 00000000..3531dde7 --- /dev/null +++ b/debian/control @@ -0,0 +1,104 @@ +Source: pam +Section: libs +Priority: optional +Uploaders: Sam Hartman <hartmans@debian.org>, Roger Leigh <rleigh@debian.org> +Maintainer: Steve Langasek <vorlon@debian.org> +Standards-Version: 3.9.8 +Build-Depends: libcrack2-dev (>= 2.8), bzip2, debhelper (>= 9), quilt (>= 0.48-1), flex, libdb-dev, libselinux1-dev [linux-any], po-debconf, dh-autoreconf, autopoint, libaudit-dev [linux-any], pkg-config, libfl-dev, libfl-dev:native, docbook-xsl, docbook-xml, xsltproc, libxml2-utils, w3m +Build-Conflicts-Indep: fop +Build-Conflicts: libdb4.2-dev, libxcrypt-dev +Vcs-Bzr: https://alioth.debian.org/scm/loggerhead/pkg-pam/debian/sid +Vcs-Browser: https://alioth.debian.org/scm/loggerhead/pkg-pam/debian/sid/files +Homepage: http://www.linux-pam.org/ +Rules-Requires-Root: binary-targets + +Package: libpam0g +Architecture: any +Multi-Arch: same +Replaces: libpam0g-util +Depends: ${shlibs:Depends}, ${misc:Depends} +Pre-Depends: ${misc:Pre-Depends} +Suggests: libpam-doc +Description: Pluggable Authentication Modules library + Contains the shared library for Linux-PAM, a library that enables the + local system administrator to choose how applications authenticate users. + In other words, without rewriting or recompiling a PAM-aware application, + it is possible to switch between the authentication mechanism(s) it uses. + One may entirely upgrade the local authentication system without touching + the applications themselves. + +Package: libpam-modules +Section: admin +Priority: required +Architecture: any +Multi-Arch: same +Pre-Depends: ${shlibs:Depends}, ${misc:Depends}, libpam0g (>= 1.1.3-2), + libpam-modules-bin (= ${binary:Version}) +Conflicts: libpam-motd, libpam-mkhomedir, libpam-umask +Replaces: libpam0g-util, libpam-umask +Provides: libpam-motd, libpam-mkhomedir, libpam-umask +Description: Pluggable Authentication Modules for PAM + This package completes the set of modules for PAM. It includes the + pam_unix.so module as well as some specialty modules. + +Package: libpam-modules-bin +Section: admin +Priority: required +Architecture: any +Multi-Arch: foreign +Depends: ${shlibs:Depends}, ${misc:Depends} +Replaces: libpam-modules (<< 1.1.3-8) +Description: Pluggable Authentication Modules for PAM - helper binaries + This package contains helper binaries used by the standard set of PAM + modules in the libpam-modules package. + +Package: libpam-runtime +Section: admin +Priority: required +Architecture: all +Multi-Arch: foreign +Depends: ${misc:Depends}, debconf (>= 1.5.19) | cdebconf, libpam-modules (>= 1.0.1-6) +Replaces: libpam0g-util, libpam0g-dev +Conflicts: libpam0g-util +Description: Runtime support for the PAM library + Contains configuration files and directories required for + authentication to work on Debian systems. This package is required + on almost all installations. + +Package: libpam0g-dev +Section: libdevel +Priority: optional +Architecture: any +Multi-Arch: same +Depends: ${misc:Depends}, libpam0g (= ${binary:Version}), libc6-dev|libc-dev +Provides: libpam-dev +Description: Development files for PAM + Contains C header files and development libraries for libpam, the Pluggable + Authentication Modules, a library that enables the local system + administrator to choose how applications authenticate users. + . + PAM decouples applications from the authentication mechanism, making it + possible to upgrade the authentication system without recompiling or + rewriting the applications. + +Package: libpam-cracklib +Section: admin +Priority: optional +Architecture: any +Multi-Arch: same +Replaces: libpam0g-cracklib, libpam-modules (<< 1.1.0-3) +Depends: ${misc:Depends}, ${shlibs:Depends}, libpam-runtime (>= 1.0.1-6), cracklib-runtime, wamerican | wordlist +Description: PAM module to enable cracklib support + This package includes libpam_cracklib, a PAM module that tests + passwords to make sure they are not too weak during password change. + +Package: libpam-doc +Provides: pam-doc +Section: doc +Priority: optional +Architecture: all +Depends: ${misc:Depends} +Description: Documentation of PAM + Contains documentation (in HTML, ASCII, and PostScript format) for libpam, + the Pluggable Authentication Modules library, a library that enables the + local system administrator to choose how applications authenticate users. diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 00000000..45201f1d --- /dev/null +++ b/debian/copyright @@ -0,0 +1,67 @@ +This package was debianized by J.H.M. Dassen (Ray) jdassen@debian.org on +Wed, 23 Sep 1998 20:29:32 +0200. + +It was downloaded from ftp://ftp.kernel.org/pub/linux/libs/pam/pre/ + +Copyright (C) 1994, 1995, 1996 Olaf Kirch, <okir@monad.swb.de> +Copyright (C) 1995 Wietse Venema +Copyright (C) 1995, 2001-2008 Red Hat, Inc. +Copyright (C) 1996-1999, 2000-2003, 2005 Andrew G. Morgan <morgan@kernel.org> +Copyright (C) 1996, 1997, 1999 Cristian Gafton <gafton@redhat.com> +Copyright (C) 1996, 1999 Theodore Ts'o +Copyright (C) 1996 Alexander O. Yuriev +Copyright (C) 1996 Elliot Lee +Copyright (C) 1997 Philip W. Dalrymple <pwd@mdtsoft.com> +Copyright (C) 1999 Jan Rękorajski +Copyright (C) 1999 Ben Collins <bcollins@debian.org> +Copyright (C) 2000-2001, 2003, 2005, 2007 Steve Langasek +Copyright (C) 2003, 2005 IBM Corporation +Copyright (C) 2003, 2006 SuSE Linux AG. +Copyright (C) 2003 Nalin Dahyabhai <nalin@redhat.com> +Copyright (C) 2005-2008 Thorsten Kukuk <kukuk@thkukuk.de> +Copyright (C) 2005 Darren Tucker + + +Unless otherwise *explicitly* stated the following text describes the +licensed conditions under which the contents of this Linux-PAM release +may be distributed: + +------------------------------------------------------------------------- +Redistribution and use in source and binary forms of Linux-PAM, with +or without modification, are permitted provided that the following +conditions are met: + +1. Redistributions of source code must retain any existing copyright + notice, and this entire permission notice in its entirety, + including the disclaimer of warranties. + +2. Redistributions in binary form must reproduce all prior and current + copyright notices, this list of conditions, and the following + disclaimer in the documentation and/or other materials provided + with the distribution. + +3. The name of any author may not be used to endorse or promote + products derived from this software without their specific prior + written permission. + +ALTERNATIVELY, this product may be distributed under the terms of the +GNU General Public License, in which case the provisions of the GNU +GPL are required INSTEAD OF the above restrictions. (This clause is +necessary due to a potential conflict between the GNU GPL and the +restrictions contained in a BSD-style copyright.) + +THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED +WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, +INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS +OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR +TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE +USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH +DAMAGE. +------------------------------------------------------------------------- + +On Debian GNU/Linux systems, the complete text of the GNU General +Public License can be found in `/usr/share/common-licenses/GPL'. diff --git a/debian/libpam-cracklib.install b/debian/libpam-cracklib.install new file mode 100644 index 00000000..55265e5e --- /dev/null +++ b/debian/libpam-cracklib.install @@ -0,0 +1,2 @@ +lib/*/security/pam_cracklib.so +debian/pam-configs/cracklib usr/share/pam-configs diff --git a/debian/libpam-cracklib.lintian-overrides b/debian/libpam-cracklib.lintian-overrides new file mode 100644 index 00000000..c3d6b240 --- /dev/null +++ b/debian/libpam-cracklib.lintian-overrides @@ -0,0 +1,5 @@ +# This is afalse positive because it doesn't use any functions that need +# fortifying. Since we know we have hardening turned on globally, suppress +# this. If we ever see this warning again for *other* modules, then we know +# there's a real problem. +libpam-cracklib: hardening-no-fortify-functions lib/*/security/pam_cracklib.so diff --git a/debian/libpam-cracklib.manpages b/debian/libpam-cracklib.manpages new file mode 100644 index 00000000..0660c415 --- /dev/null +++ b/debian/libpam-cracklib.manpages @@ -0,0 +1 @@ +debian/tmp/usr/share/man/man8/pam_cracklib.8 diff --git a/debian/libpam-cracklib.postinst b/debian/libpam-cracklib.postinst new file mode 100644 index 00000000..cf52f262 --- /dev/null +++ b/debian/libpam-cracklib.postinst @@ -0,0 +1,9 @@ +#!/bin/sh + +set -e + +if dpkg --compare-versions "$2" lt 1.0.1-6; then + pam-auth-update --package +fi + +#DEBHELPER# diff --git a/debian/libpam-cracklib.prerm b/debian/libpam-cracklib.prerm new file mode 100644 index 00000000..fe234ac2 --- /dev/null +++ b/debian/libpam-cracklib.prerm @@ -0,0 +1,9 @@ +#!/bin/sh + +set -e + +if [ "$1" = remove ] && [ "${DPKG_MAINTSCRIPT_PACKAGE_REFCOUNT:-1}" = 1 ]; then + pam-auth-update --package --remove cracklib +fi + +#DEBHELPER# diff --git a/debian/libpam-doc.doc-base.admin-guide b/debian/libpam-doc.doc-base.admin-guide new file mode 100644 index 00000000..f06d1688 --- /dev/null +++ b/debian/libpam-doc.doc-base.admin-guide @@ -0,0 +1,14 @@ +Document: pam-admin-guide +Title: The Linux-PAM System Administrators' Guide +Author: Andrew G. Morgan <morgan@linux.kernel.org> +Abstract: This manual documents what a system administrator needs to know + about the Linux-PAM library. It covers the correct syntax of the PAM + configuration file and discusses strategies for maintaining a secure system. +Section: System/Administration + +Format: HTML +Index: /usr/share/doc/libpam-doc/html/Linux-PAM_SAG.html +Files: /usr/share/doc/libpam-doc/html/Linux-PAM_SAG.html /usr/share/doc/libpam-doc/html/sag-*.html + +Format: text +Files: /usr/share/doc/libpam-doc/txt/Linux-PAM_SAG.txt.gz diff --git a/debian/libpam-doc.doc-base.applications-guide b/debian/libpam-doc.doc-base.applications-guide new file mode 100644 index 00000000..89768d7e --- /dev/null +++ b/debian/libpam-doc.doc-base.applications-guide @@ -0,0 +1,17 @@ +Document: pam-applications-guide +Title: The Linux-PAM Application Developers' Guide +Author: Andrew G. Morgan <morgan@linux.kernel.org> +Abstract: This manual documents what an application developer needs to know + about the Linux-PAM library. It describes how an application might use + the Linux-PAM library to authenticate users. In addition it contains a + description of the functions to be found in libpam_misc library, that can + be used in general applications. Finally, it contains some comments on PAM + related security issues for the application developer. +Section: Programming + +Format: HTML +Index: /usr/share/doc/libpam-doc/html/Linux-PAM_ADG.html +Files: /usr/share/doc/libpam-doc/html/Linux-PAM_ADG.html /usr/share/doc/libpam-doc/html/adg*.html + +Format: text +Files: /usr/share/doc/libpam-doc/txt/Linux-PAM_ADG.txt.gz diff --git a/debian/libpam-doc.doc-base.modules-guide b/debian/libpam-doc.doc-base.modules-guide new file mode 100644 index 00000000..4708f381 --- /dev/null +++ b/debian/libpam-doc.doc-base.modules-guide @@ -0,0 +1,14 @@ +Document: pam-modules-guide +Title: The Linux-PAM Module Writers' Guide +Author: ndrew G. Morgan <morgan@linux.kernel.org> +Abstract: This manual documents what a programmer needs to know in order to + write a module that conforms to the Linux-PAM standard. It also discusses + some security issues from the point of view of the module programmer. +Section: Programming + +Format: HTML +Index: /usr/share/doc/libpam-doc/html/Linux-PAM_MWG.html +Files: /usr/share/doc/libpam-doc/html/Linux-PAM_MWG.html /usr/share/doc/libpam-doc/html/mwg*.html + +Format: text +Files: /usr/share/doc/libpam-doc/txt/Linux-PAM_MWG.txt.gz diff --git a/debian/libpam-doc.install b/debian/libpam-doc.install new file mode 100644 index 00000000..3129ebf1 --- /dev/null +++ b/debian/libpam-doc.install @@ -0,0 +1,3 @@ +debian/tmp/usr/share/doc/Linux-PAM/*.html usr/share/doc/libpam-doc/html +debian/tmp/usr/share/doc/Linux-PAM/*.txt usr/share/doc/libpam-doc/txt + diff --git a/debian/libpam-modules-bin.install b/debian/libpam-modules-bin.install new file mode 100644 index 00000000..fee3bced --- /dev/null +++ b/debian/libpam-modules-bin.install @@ -0,0 +1,6 @@ +sbin/unix_chkpwd sbin +sbin/unix_update sbin +sbin/pam_tally sbin +sbin/pam_tally2 sbin +sbin/mkhomedir_helper sbin +sbin/pam_timestamp_check usr/sbin diff --git a/debian/libpam-modules-bin.lintian-overrides b/debian/libpam-modules-bin.lintian-overrides new file mode 100644 index 00000000..56345417 --- /dev/null +++ b/debian/libpam-modules-bin.lintian-overrides @@ -0,0 +1,6 @@ +# yes, we know it's sgid, that's the whole point... +libpam-modules-bin: setgid-binary sbin/unix_chkpwd 2755 root/shadow +# these manpages are in libpam-modules as they document both the module and +# the helper binary +libpam-modules-bin: binary-without-manpage sbin/pam_tally +libpam-modules-bin: binary-without-manpage sbin/pam_tally2 diff --git a/debian/libpam-modules-bin.manpages b/debian/libpam-modules-bin.manpages new file mode 100644 index 00000000..8ab40612 --- /dev/null +++ b/debian/libpam-modules-bin.manpages @@ -0,0 +1,3 @@ +debian/tmp/usr/share/man/man8/mkhomedir_helper.8 +debian/tmp/usr/share/man/man8/unix_*.8 +debian/tmp/usr/share/man/man8/pam_timestamp_check.8 diff --git a/debian/libpam-modules.examples b/debian/libpam-modules.examples new file mode 100644 index 00000000..f9de4282 --- /dev/null +++ b/debian/libpam-modules.examples @@ -0,0 +1,2 @@ +modules/pam_filter/upperLOWER/*.c + diff --git a/debian/libpam-modules.install b/debian/libpam-modules.install new file mode 100644 index 00000000..5fd57b44 --- /dev/null +++ b/debian/libpam-modules.install @@ -0,0 +1,3 @@ +etc/security/* etc/security +lib/*/security/*.so +debian/pam-configs/mkhomedir usr/share/pam-configs/ diff --git a/debian/libpam-modules.lintian-overrides b/debian/libpam-modules.lintian-overrides new file mode 100644 index 00000000..c6f25ec7 --- /dev/null +++ b/debian/libpam-modules.lintian-overrides @@ -0,0 +1,13 @@ +# These are false positives because they don't use any functions that need +# fortifying. Since we know we have hardening turned on globally, suppress +# them. If we ever see this warning again for *other* modules, then we know +# there's a real problem. +libpam-modules: hardening-no-fortify-functions lib/*/security/pam_echo.so +libpam-modules: hardening-no-fortify-functions lib/*/security/pam_filter.so +libpam-modules: hardening-no-fortify-functions lib/*/security/pam_group.so +libpam-modules: hardening-no-fortify-functions lib/*/security/pam_limits.so +libpam-modules: hardening-no-fortify-functions lib/*/security/pam_shells.so +libpam-modules: hardening-no-fortify-functions lib/*/security/pam_tally.so +libpam-modules: hardening-no-fortify-functions lib/*/security/pam_tally2.so +libpam-modules: hardening-no-fortify-functions lib/*/security/pam_time.so +libpam-modules: hardening-no-fortify-functions lib/*/security/pam_wheel.so diff --git a/debian/libpam-modules.manpages b/debian/libpam-modules.manpages new file mode 100644 index 00000000..a9f488d0 --- /dev/null +++ b/debian/libpam-modules.manpages @@ -0,0 +1,2 @@ +debian/tmp/usr/share/man/man8/pam_*.8 +debian/tmp/usr/share/man/man5/*conf.5 diff --git a/debian/libpam-modules.postinst b/debian/libpam-modules.postinst new file mode 100644 index 00000000..ce03090b --- /dev/null +++ b/debian/libpam-modules.postinst @@ -0,0 +1,28 @@ +#!/bin/sh -e + +# If the user has removed the config file, respect this sign of dementia +# -- only create on package install. + +if [ -z "$2" ] || dpkg --compare-versions "$2" lt 0.99.7.1-3 +then + if ! [ -f /etc/security/opasswd ]; then + umask 066 + touch /etc/security/opasswd + umask 022 + fi +fi + +if dpkg --compare-versions "$2" lt 0.99.9.0-1 && ! [ -f /etc/environment ] +then + touch /etc/environment +fi + +if dpkg --compare-versions "$2" lt-nl 1.1.2-1 \ + && grep -q 'pam_unix.*\bmin=[0-9]\+' /etc/pam.d/common-password +then + echo "'min=' option to pam_unix is obsolete." + echo "replacing with 'minlen=' in /etc/pam.d/common-password." + sed -i -e'/pam_unix/ s/\bmin=/minlen=/' /etc/pam.d/common-password +fi + +#DEBHELPER# diff --git a/debian/libpam-modules.preinst b/debian/libpam-modules.preinst new file mode 100644 index 00000000..6ee3e91d --- /dev/null +++ b/debian/libpam-modules.preinst @@ -0,0 +1,16 @@ +#!/bin/sh + +set -e + +. /usr/share/debconf/confmodule + +if dpkg --compare-versions "$2" lt-nl 1.1.3-2; then + db_version 2.0 + + if pidof xscreensaver xlockmore >/dev/null; then + db_input critical libpam-modules/disable-screensaver || true + db_go || true + fi +fi + +#DEBHELPER# diff --git a/debian/libpam-modules.templates b/debian/libpam-modules.templates new file mode 100644 index 00000000..b928751e --- /dev/null +++ b/debian/libpam-modules.templates @@ -0,0 +1,9 @@ +Template: libpam-modules/disable-screensaver +Type: error +_Description: xscreensaver and xlockmore must be restarted before upgrading + One or more running instances of xscreensaver or xlockmore have been + detected on this system. Because of incompatible library changes, the + upgrade of the libpam-modules package will leave you unable to + authenticate to these programs. You should arrange for these programs + to be restarted or stopped before continuing this upgrade, to avoid + locking your users out of their current sessions. diff --git a/debian/libpam-runtime.dirs b/debian/libpam-runtime.dirs new file mode 100644 index 00000000..fd23e8bf --- /dev/null +++ b/debian/libpam-runtime.dirs @@ -0,0 +1 @@ +/var/lib/pam diff --git a/debian/libpam-runtime.install b/debian/libpam-runtime.install new file mode 100644 index 00000000..5619c83c --- /dev/null +++ b/debian/libpam-runtime.install @@ -0,0 +1,7 @@ +debian/local/pam.conf etc +debian/local/other etc/pam.d +debian/local/common-* usr/share/pam +debian/local/pam_getenv usr/sbin +debian/tmp/usr/share/locale usr/share +debian/local/pam-auth-update usr/sbin +debian/pam-configs/unix usr/share/pam-configs/ diff --git a/debian/libpam-runtime.links b/debian/libpam-runtime.links new file mode 100644 index 00000000..9afa90fd --- /dev/null +++ b/debian/libpam-runtime.links @@ -0,0 +1 @@ +usr/share/man/man7/PAM.7.gz usr/share/man/man7/pam.7.gz diff --git a/debian/libpam-runtime.lintian-overrides b/debian/libpam-runtime.lintian-overrides new file mode 100644 index 00000000..ad868c24 --- /dev/null +++ b/debian/libpam-runtime.lintian-overrides @@ -0,0 +1,9 @@ +# deliberate. +libpam-runtime: no-debconf-config +# this warning is just plain crack, there's no reason that using debconf +# outside of a maintainer script implies an error. +libpam-runtime: debconf-is-not-a-registry usr/sbin/pam-auth-update +# this warning is wrong for debconf error templates +libpam-runtime: postinst-uses-db-input +# meh. +libpam-runtime: using-first-person-in-templates libpam-runtime/you-had-no-auth diff --git a/debian/libpam-runtime.manpages b/debian/libpam-runtime.manpages new file mode 100644 index 00000000..1e7d9aed --- /dev/null +++ b/debian/libpam-runtime.manpages @@ -0,0 +1,5 @@ +debian/tmp/usr/share/man/man5/pam.conf.5 +debian/tmp/usr/share/man/man5/pam.d.5 +debian/tmp/usr/share/man/man8/PAM.8 +debian/local/pam_getenv.8 +debian/local/pam-auth-update.8 diff --git a/debian/libpam-runtime.postinst b/debian/libpam-runtime.postinst new file mode 100644 index 00000000..518e8d24 --- /dev/null +++ b/debian/libpam-runtime.postinst @@ -0,0 +1,45 @@ +#!/bin/sh -e + +. /usr/share/debconf/confmodule + +calculate_md5sum() +{ + configfile="$1" + sed -n -e'1,/# here are the per-package modules (the "Primary" block)/p; + /# here.s the fallback if no module succeeds/,/# and here are more per-package modules (the "Additional" block)/p; + /# end of pam-auth-update config/,$p' \ + /etc/pam.d/"$configfile" | md5sum | awk '{ print $1 }' +} + +# If the user has removed the config file, respect this sign of dementia +# -- only create on package install. +force= +if [ -z "$2" ] || dpkg --compare-versions "$2" lt 1.0.1-11 +then + force=--force + for configfile in common-auth common-account common-session \ + common-password + do + if [ -f /etc/pam.d/$configfile ] && \ + ! fgrep -q $(calculate_md5sum $configfile) \ + /usr/share/pam/$configfile.md5sums 2>/dev/null + then + force= + fi + done +fi + +pam-auth-update --package $force + +if [ -n "$force" ]; then + rm -f /etc/pam.d/common-auth.pam-old \ + /etc/pam.d/common-account.pam-old \ + /etc/pam.d/common-password.pam-old \ + /etc/pam.d/common-session.pam-old +elif dpkg --compare-versions "$2" lt-nl 1.1.0-1 \ + && [ ! -e /etc/pam.d/common-session-noninteractive ] +then + cp -a /etc/pam.d/common-session /etc/pam.d/common-session-noninteractive +fi + +#DEBHELPER# diff --git a/debian/libpam-runtime.postrm b/debian/libpam-runtime.postrm new file mode 100644 index 00000000..9a11040d --- /dev/null +++ b/debian/libpam-runtime.postrm @@ -0,0 +1,11 @@ +#!/bin/sh -e + +if [ "$1" = "purge" ]; then + rm -f /etc/pam.d/common-auth /etc/pam.d/common-account \ + /etc/pam.d/common-session /etc/pam.d/common-password + rm -f /var/lib/pam/auth /var/lib/pam/account /var/lib/pam/session \ + /var/lib/pam/password /var/lib/pam/seen + rmdir --ignore-fail-on-non-empty /var/lib/pam +fi + +#DEBHELPER# diff --git a/debian/libpam-runtime.prerm b/debian/libpam-runtime.prerm new file mode 100644 index 00000000..ec239237 --- /dev/null +++ b/debian/libpam-runtime.prerm @@ -0,0 +1,9 @@ +#!/bin/sh + +set -e + +if [ "$1" = remove ]; then + pam-auth-update --package --remove unix +fi + +#DEBHELPER# diff --git a/debian/libpam-runtime.templates b/debian/libpam-runtime.templates new file mode 100644 index 00000000..52cbed96 --- /dev/null +++ b/debian/libpam-runtime.templates @@ -0,0 +1,47 @@ +Template: libpam-runtime/title +Type: title +_Description: PAM configuration + +Template: libpam-runtime/profiles +Type: multiselect +Choices: ${profiles} +Choices-C: ${profile_names} +_Description: PAM profiles to enable: + Pluggable Authentication Modules (PAM) determine how authentication, + authorization, and password changing are handled on the system, as well + as allowing configuration of additional actions to take when starting + user sessions. + . + Some PAM module packages provide profiles that can be used to + automatically adjust the behavior of all PAM-using applications on the + system. Please indicate which of these behaviors you wish to enable. + +Template: libpam-runtime/conflicts +Type: error +#flag:translate!:3 +#flag:comment:2 +# This paragraph is followed by a (currently) non-translatable list of +# PAM profile names. +_Description: Incompatible PAM profiles selected. + The following PAM profiles cannot be used together: + . + ${conflicts} + . + Please select a different set of modules to enable. + +Template: libpam-runtime/override +Type: boolean +Default: false +_Description: Override local changes to /etc/pam.d/common-*? + One or more of the files /etc/pam.d/common-{auth,account,password,session} + have been locally modified. Please indicate whether these local changes + should be overridden using the system-provided configuration. If you + decline this option, you will need to manage your system's + authentication configuration by hand. + +Template: libpam-runtime/no_profiles_chosen +Type: error +_Description: No PAM profiles have been selected. + No PAM profiles have been selected for use on this system. This would grant + all users access without authenticating, and is not allowed. Please select + at least one PAM profile from the available list. diff --git a/debian/libpam0g-dev.examples b/debian/libpam0g-dev.examples new file mode 100644 index 00000000..351b20ee --- /dev/null +++ b/debian/libpam0g-dev.examples @@ -0,0 +1,7 @@ +examples/blank.c +examples/check_user.c +examples/vpass.c +examples/xsh.c +libpamc/test/agents +libpamc/test/modules +libpamc/test/regress diff --git a/debian/libpam0g-dev.install.in b/debian/libpam0g-dev.install.in new file mode 100644 index 00000000..827690aa --- /dev/null +++ b/debian/libpam0g-dev.install.in @@ -0,0 +1,2 @@ +usr/include/security/* +lib/@DEB_HOST_MULTIARCH@/*.a usr/lib/@DEB_HOST_MULTIARCH@ diff --git a/debian/libpam0g-dev.links.in b/debian/libpam0g-dev.links.in new file mode 100644 index 00000000..ee062368 --- /dev/null +++ b/debian/libpam0g-dev.links.in @@ -0,0 +1,3 @@ +/lib/@DEB_HOST_MULTIARCH@/libpam.so.0 usr/lib/@DEB_HOST_MULTIARCH@/libpam.so +/lib/@DEB_HOST_MULTIARCH@/libpamc.so.0 usr/lib/@DEB_HOST_MULTIARCH@/libpamc.so +/lib/@DEB_HOST_MULTIARCH@/libpam_misc.so.0 usr/lib/@DEB_HOST_MULTIARCH@/libpam_misc.so diff --git a/debian/libpam0g-dev.manpages b/debian/libpam0g-dev.manpages new file mode 100644 index 00000000..7c726776 --- /dev/null +++ b/debian/libpam0g-dev.manpages @@ -0,0 +1 @@ +debian/tmp/usr/share/man/man3/* diff --git a/debian/libpam0g.docs b/debian/libpam0g.docs new file mode 100644 index 00000000..8ef4b45a --- /dev/null +++ b/debian/libpam0g.docs @@ -0,0 +1,2 @@ +debian/local/Debian-PAM-MiniPolicy +README diff --git a/debian/libpam0g.install b/debian/libpam0g.install new file mode 100644 index 00000000..622f9ef2 --- /dev/null +++ b/debian/libpam0g.install @@ -0,0 +1 @@ +lib/*/lib*.so.* diff --git a/debian/libpam0g.lintian-overrides b/debian/libpam0g.lintian-overrides new file mode 100644 index 00000000..f66356af --- /dev/null +++ b/debian/libpam0g.lintian-overrides @@ -0,0 +1,8 @@ +# obvious multilib package false-positive; also the package name hasn't +# changed since the glibc transition, go us! +libpam0g: package-name-doesnt-match-sonames libpam0 libpam-misc0 libpamc0 +# yes, these are deliberately asked in the postinst because the checking +# for daemons to be restarted needs to be done in the postinst and not +# before +libpam0g: no-debconf-config +libpam0g: postinst-uses-db-input diff --git a/debian/libpam0g.postinst b/debian/libpam0g.postinst new file mode 100644 index 00000000..bc8a52f2 --- /dev/null +++ b/debian/libpam0g.postinst @@ -0,0 +1,200 @@ +#!/bin/sh + +# postinst based heavily on the postinst of libssl0.9.8, courtesy of +# Christoph Martin. + +. /usr/share/debconf/confmodule + +set -e + +# element() is a helper function for file-rc: +element() { + local element list IFS + + element="$1" + + [ "$2" = "in" ] && shift + list="$2" + [ "$list" = "-" ] && return 1 + [ "$list" = "*" ] && return 0 + + IFS="," + set -- $list + case $element in + "$1"|"$2"|"$3"|"$4"|"$5"|"$6"|"$7"|"$8"|"$9") + return 0 + esac + return 1 +} + +# filerc (runlevel, service) returns /etc/init.d/service, if service is +# running in $runlevel: +filerc() { + local runlevel basename + runlevel=$1 + basename=$2 + while read LINE + do + case $LINE in + \#*|"") continue + esac + + set -- $LINE + SORT_NO="$1"; STOP="$2"; START="$3"; CMD="$4" + [ "$CMD" = "/etc/init.d/$basename" ] || continue + + if element "$runlevel" in "$START" || element "S" in "$START" + then + echo "/etc/init.d/$basename" + return 0 + fi + done < /etc/runlevel.conf + echo "" +} + +installed_services() { + check="$@" + + # Only get the ones that are installed, and configured + check=$(dpkg -s $check 2> /dev/null | egrep '^Package:|^Status:' | awk '{if ($1 ~ /^Package:/) { package=$2 } else if ($0 ~ /^Status: .* installed$/) { print package }}') + + # some init scripts don't match the package names + check=$(echo $check | \ + sed -e's/\bapache2-common\b/apache2/g' \ + -e's/\bat\b/atd/g' \ + -e's/\bdovecot-common\b/dovecot/g' \ + -e's/\bdante-server\b/danted/g' \ + -e's/\bexim4-base\b/exim4/g' \ + -e's/\bheartbeat-2\b/heartbeat/g' \ + -e's/\bhylafax-server\b/hylafax/g' \ + -e's/\bpartimage-server\b/partimaged/g' \ + -e's/\bpostgresql-common\b/postgresql/g' \ + -e's/\bsasl2-bin\b/saslauthd/g' \ + ) + + for service in $check; do + idl="/etc/init.d/${service}" + if [ -n "$idl" ] && [ -x $idl ]; then + services="$service $services" + else + echo "WARNING: init script for $service not found." >&2 + fi + done + echo "$services" +} + +if [ "$1" = "configure" ] +then + if [ ! -z "$2" ]; then + if dpkg --compare-versions "$2" lt 1.1.3-2; then + db_version 2.0 + + echo -n "Checking for services that may need to be restarted..." + + check="apache2-common at bayonne cherokee courier-authdaemon" + check="$check cron cups" + check="$check dante-server diald dovecot-common exim exim4-base" + check="$check fcron fireflier-server freeradius gdm heartbeat" + check="$check heartbeat-2 hylafax-server iiimf-server inn2" + check="$check kannel linesrv linesrv-mysql lsh-server" + check="$check muddleftpd netatalk nuauth partimage-server" + check="$check perdition pgpool popa3d" + check="$check postgresql-common proftpd pure-ftpd" + check="$check pure-ftpd-ldap pure-ftpd-mysql" + check="$check pure-ftpd-postgresql racoon samba sasl2-bin" + check="$check sfs-server solid-pop3d squid squid3 tac-plus" + check="$check vsftpd wu-ftpd wzdftpd xrdp yardradius yaws" + + if ! who | awk '{print $2}'|grep -q ':[0-9]'; then + check="$check wdm xdm" + fi + + echo "Checking init scripts..." + services=$(installed_services "$check") + if [ -n "$services" ]; then + db_input critical libraries/restart-without-asking || true + db_go || true + db_get libraries/restart-without-asking + if [ "$RET" != true ]; then + db_reset libpam0g/restart-services + db_set libpam0g/restart-services "$services" + db_input critical libpam0g/restart-services || true + db_go || true + db_get libpam0g/restart-services + + if [ "x$RET" != "x" ] + then + services=$RET + else + services="" + fi + fi + echo + if [ "$services" != "" ]; then + echo "Restarting services possibly affected by the upgrade:" + failed="" + rl=$(runlevel | sed 's/.*\ //') + for service in $services; do + idl="invoke-rc.d ${service}" + + case "$service" in + gdm) + echo -n " $service: reloading..." + if $idl reload > /dev/null 2>&1; then + echo "done." + else + echo "FAILED! ($?)" + failed="$service $failed" + fi + continue + ;; + esac + echo -n " $service: stopping..." + $idl stop > /dev/null 2>&1 || true + sleep 1 + echo -n "starting..." + if $idl start > /dev/null 2>&1; then + echo "done." + else + echo "FAILED! ($?)" + failed="$service $failed" + fi + done + echo + if [ -n "$failed" ]; then + db_subst libpam0g/restart-failed services "$failed" + db_input critical libpam0g/restart-failed || true + db_go || true + else + echo "Services restarted successfully." + fi + echo + fi + else + echo "Nothing to restart." + fi + + if who | awk '{print $2}' | grep -q ':[0-9]'; then + dms="" + for service in wdm xdm; do + case "$services" in + *$service*) ;; + *) dms="$dms $service" + esac + done + services=$(installed_services "$dms") + if [ -n "$services" ]; then + db_input critical libpam0g/xdm-needs-restart || true + db_go || true + fi + fi + + # Shut down the frontend, to make sure none of the + # restarted services keep a connection open to it + db_stop + fi # end upgrading and $2 lt 1.1.3-2 + fi # Upgrading +fi + +#DEBHELPER# + diff --git a/debian/libpam0g.symbols b/debian/libpam0g.symbols new file mode 100644 index 00000000..0ba30efa --- /dev/null +++ b/debian/libpam0g.symbols @@ -0,0 +1,12 @@ +libpam.so.0 libpam0g #MINVER# + *@LIBPAM_1.0 0.99.7.1 + *@LIBPAM_EXTENSION_1.0 0.99.7.1 + *@LIBPAM_EXTENSION_1.1 1.1.0 + *@LIBPAM_EXTENSION_1.1.1 1.1.1 + *@LIBPAM_MODUTIL_1.0 0.99.7.1 + *@LIBPAM_MODUTIL_1.1 0.99.10.0 + *@LIBPAM_MODUTIL_1.1.3 1.1.3 +libpam_misc.so.0 libpam0g #MINVER# + *@LIBPAM_MISC_1.0 0.99.7.1 +libpamc.so.0 libpam0g #MINVER# + *@LIBPAMC_1.0 0.99.7.1 diff --git a/debian/libpam0g.templates b/debian/libpam0g.templates new file mode 100644 index 00000000..64a616ac --- /dev/null +++ b/debian/libpam0g.templates @@ -0,0 +1,38 @@ +Template: libpam0g/restart-services +Type: string +_Description: Services to restart for PAM library upgrade: + Most services that use PAM need to be restarted to use modules built for + this new version of libpam. Please review the following space-separated + list of init.d scripts for services to be restarted now, and correct it + if needed. + +Template: libpam0g/xdm-needs-restart +Type: error +_Description: Display manager must be restarted manually + The wdm and xdm display managers require a restart for the new version of + libpam, but there are X login sessions active on your system that would be + terminated by this restart. You will therefore need to restart these + services by hand before further X logins will be possible. + +Template: libpam0g/restart-failed +Type: error +#flag:translate!:3 +_Description: Failure restarting some services for PAM upgrade + The following services could not be restarted for the PAM library upgrade: + . + ${services} + . + You will need to start these manually by running + '/etc/init.d/<service> start'. + +Template: libraries/restart-without-asking +Type: boolean +Default: false +_Description: Restart services during package upgrades without asking? + There are services installed on your system which need to be restarted + when certain libraries, such as libpam, libc, and libssl, are upgraded. + Since these restarts may cause interruptions of service for the system, + you will normally be prompted on each upgrade for the list of services + you wish to restart. You can choose this option to avoid being prompted; + instead, all necessary restarts will be done for you automatically so you + can avoid being asked questions on each library upgrade. diff --git a/debian/local/Debian-PAM-MiniPolicy b/debian/local/Debian-PAM-MiniPolicy new file mode 100644 index 00000000..e51a0246 --- /dev/null +++ b/debian/local/Debian-PAM-MiniPolicy @@ -0,0 +1,145 @@ +Author: Ben Collins <bcollins@debian.org> +Modified by: Sam Hartman <hartmans@debian.org>, + Steve Langasek <vorlon@debian.org> + +Objective: To document a base set of policies regarding PAM (Pluggable +Authentication Modules) usage in Debian packages. + +=========================================================================== + +In order to have a consistent and stable implementation across packages +that use PAM, these guidelines will help to avoid some common mistakes and +be usable as a cross reference for FAQ's. + +This document will not go into the details of how to add PAM usage to +existing code; please read the documentation in the libpam-doc package for +info on that. However, it does specify behavior needed to make sure PAM +modules in Debian will work with your application. + +================== + PAM Applications +================== + +Each application that uses PAM also must contain a file in /etc/pam.d/. +This file specifies which PAM modules will be used for the common PAM +functions in that application. There are several notes concerning what +modules to use in this file. Most commonly, this file should use the +@include directive to include common-auth, common-account, and +common-password, and one of either common-session or +common-session-noninteractive. + +The selection of common-session or common-session-noninteractive is based +on whether the service provides "shell-like" interactive capabilities to +the user (e.g.: login, ssh, gdm) or is a non-interactive session or a +session mediated by a structured protocol (e.g.: cron, cups, samba, ppp). +This allows a service to avoid calling some modules, such as +pam_ck_connector, that only make sense in an interactive context and should +be avoided otherwise. It is expected that the modules used for +noninteractive sessions will always be a subset of those used for +interactive sessions. + +Under some circumstances (such as ftp auth, or auth based on tty) other +service-specific modules will need to be listed in the service's /etc/pam.d +file. + +Here is an example of a PAM configuration file that just includes the +common module fragments: + + # + # /etc/pam.d/other - specify the PAM fallback behaviour + # + # Note that this file is used for any unspecified service; for example + #if /etc/pam.d/cron specifies no session modules but cron calls + #pam_open_session, the session module out of /etc/pam.d/other is + #used. If you really want nothing to happen then use pam_permit.so or + #pam_deny.so as appropriate. + + # We fall back to the system default in /etc/pam.d/common-* + # + + @include common-auth + @include common-account + @include common-password + @include common-session + +The name of this file is determined by the call to pam_start() in the +application source code. The first parameter will be a string containing +the "service" name (eg. "login", "httpd", etc..). Please make sure that +the filename coincides with the value of this parameter used in your +application. + +The file should _not_ reference the full path of the modules. It only needs +to reference the basename (eg. "pam_unix.so"). This will ensure that the +program continues to work even if the module location changes, since +libpam itself will resolve the location. + + +Packages which configure their services by default to use modules other than +those provided by /etc/pam.d/common-* must depend on the package providing +those modules. E.g., /etc/pam.d/login includes the line: + + session required pam_limits.so + +therefore it must depend on libpam-modules, which provides +/lib/security/pam_limits.so. + +Applications need to depend on libpam-runtime (>= 0.76-14) to +guarantee that /etc/pam.d/common-* exist. + +Applications that use common-session-noninteractive must depend +on libpam-runtime (>= 1.0.1-11) for this file. + + +The pam_unix.so module allows programs to authenticate the uid of the +calling process without being setuid or setgid. NOTE: this means the user +executing the program; you cannot authenticate other users without suid +root (root makes sure the NIS and NIS+ works too) or at least sgid shadow +(won't work in the above cases). Most notably this affects programs like +apache being able to use PAM since it runs as www-data which has no +privileges and cannot use pam_unix.so to authenticate other users. On the +other hand it does allow programs like vlock to authenticate. + +The application needs to follow the following rules to make sure PAM +modules work: + +1) Use the same PAM handle for all operations. This means it is not OK to +call pam_start once for authentication and then later for session +management. Modules need to be able to store pam_data between entry +points. + +2) The pam_open_session and pam_setcred calls must be made in a parent +process of the eventual session. They need to be able to influence the +environment of the session. + +3) If you are started as root or have root privs for some other reason, +pam_open_session and pam_setcred should be called while still root. + +4) Implied by 1, make sure that pam_close_session and pam_end are called in +the same process or a process descended from the execution context as +pam_open_session and pam_setcred. The pam_close_session call may need +state stored in the handle by the open session entry point to clean up +properly. The pam_end call may need to free data (thus influencing system +state in some cases) allocated in the earlier calls. + + + +============= + PAM Modules +============= + +Separately packaged PAM modules should adhere to a few basic setup rules: + + 1) Packages should use the naming scheme of `libpam-<name>' (eg. + libpam-ldap). + + 2) The modules should be located in the directory of the most recent + libpam-modules (currently /lib/security). + + 3) The module should be named as pam_<name>.so. The module should not + contain a version suffix. + + 4) The module should be linked to libpam (-lpam) when compiled so that + proper version dependencies will work. + + 5) Any config files should be located in /etc/security. The filename + will be in the form of <name>.conf. diff --git a/debian/local/common-account b/debian/local/common-account new file mode 100644 index 00000000..84aa98d4 --- /dev/null +++ b/debian/local/common-account @@ -0,0 +1,26 @@ +# +# /etc/pam.d/common-account - authorization settings common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of the authorization modules that define +# the central access policy for use on the system. The default is to +# only deny service to users whose accounts are expired in /etc/shadow. +# +# As of pam 1.0.1-6, this file is managed by pam-auth-update by default. +# To take advantage of this, it is recommended that you configure any +# local modules either before or after the default block, and use +# pam-auth-update to manage selection of other modules. See +# pam-auth-update(8) for details. +# + +# here are the per-package modules (the "Primary" block) +$account_primary +# here's the fallback if no module succeeds +account requisite pam_deny.so +# prime the stack with a positive return value if there isn't one already; +# this avoids us returning an error just because nothing sets a success code +# since the modules above will each just jump around +account required pam_permit.so +# and here are more per-package modules (the "Additional" block) +$account_additional +# end of pam-auth-update config diff --git a/debian/local/common-account.md5sums b/debian/local/common-account.md5sums new file mode 100644 index 00000000..047c30ee --- /dev/null +++ b/debian/local/common-account.md5sums @@ -0,0 +1,2 @@ +9f04221fe44762047894adeb96ffd069 debian/local/common-account +3c0c362eaf3421848b679d63fd48c3fa # 1.0.1-6 - diff --git a/debian/local/common-auth b/debian/local/common-auth new file mode 100644 index 00000000..ac9d2dd3 --- /dev/null +++ b/debian/local/common-auth @@ -0,0 +1,26 @@ +# +# /etc/pam.d/common-auth - authentication settings common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of the authentication modules that define +# the central authentication scheme for use on the system +# (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the +# traditional Unix authentication mechanisms. +# +# As of pam 1.0.1-6, this file is managed by pam-auth-update by default. +# To take advantage of this, it is recommended that you configure any +# local modules either before or after the default block, and use +# pam-auth-update to manage selection of other modules. See +# pam-auth-update(8) for details. + +# here are the per-package modules (the "Primary" block) +$auth_primary +# here's the fallback if no module succeeds +auth requisite pam_deny.so +# prime the stack with a positive return value if there isn't one already; +# this avoids us returning an error just because nothing sets a success code +# since the modules above will each just jump around +auth required pam_permit.so +# and here are more per-package modules (the "Additional" block) +$auth_additional +# end of pam-auth-update config diff --git a/debian/local/common-auth.md5sums b/debian/local/common-auth.md5sums new file mode 100644 index 00000000..48bd3590 --- /dev/null +++ b/debian/local/common-auth.md5sums @@ -0,0 +1,3 @@ +933d757dcd5974b00619f68955743be7 /etc/pam.d/common-auth +b58d8e0a6cadbf879df94869cca6be98 /etc/pam.d/common-auth +8d4fe17e66ba25de16a117035d1396aa # 1.0.1-6 - diff --git a/debian/local/common-password b/debian/local/common-password new file mode 100644 index 00000000..963f1eb4 --- /dev/null +++ b/debian/local/common-password @@ -0,0 +1,34 @@ +# +# /etc/pam.d/common-password - password-related modules common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of modules that define the services to be +# used to change user passwords. The default is pam_unix. + +# Explanation of pam_unix options: +# +# The "sha512" option enables salted SHA512 passwords. Without this option, +# the default is Unix crypt. Prior releases used the option "md5". +# +# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in +# login.defs. +# +# See the pam_unix manpage for other options. + +# As of pam 1.0.1-6, this file is managed by pam-auth-update by default. +# To take advantage of this, it is recommended that you configure any +# local modules either before or after the default block, and use +# pam-auth-update to manage selection of other modules. See +# pam-auth-update(8) for details. + +# here are the per-package modules (the "Primary" block) +$password_primary +# here's the fallback if no module succeeds +password requisite pam_deny.so +# prime the stack with a positive return value if there isn't one already; +# this avoids us returning an error just because nothing sets a success code +# since the modules above will each just jump around +password required pam_permit.so +# and here are more per-package modules (the "Additional" block) +$password_additional +# end of pam-auth-update config diff --git a/debian/local/common-password.md5sums b/debian/local/common-password.md5sums new file mode 100644 index 00000000..3c33255d --- /dev/null +++ b/debian/local/common-password.md5sums @@ -0,0 +1,6 @@ +601ecfbc99fd359877552cb5298087ad /etc/pam.d/common-password +e5ae8ba8d00083c922d9d82a0432ef78 /etc/pam.d/common-password +5d518818f1c6c369040b782f7852f53e /etc/pam.d/common-password +9ba753d0824276b44bcadfee1f87b6bc # 1.0.1-4ubuntu5 - 1.0.1-4ubuntu5.5 +4bd7610f2e85f8ddaef79c7db7cb49eb # 1.0.1-6 - 1.1.0-1 +50fce2113dfda83ac8bdd5a6e706caec # 1.0.1-6ubuntu1 - diff --git a/debian/local/common-session b/debian/local/common-session new file mode 100644 index 00000000..2e94d6c7 --- /dev/null +++ b/debian/local/common-session @@ -0,0 +1,25 @@ +# +# /etc/pam.d/common-session - session-related modules common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of modules that define tasks to be performed +# at the start and end of sessions of *any* kind (both interactive and +# non-interactive). +# +# As of pam 1.0.1-6, this file is managed by pam-auth-update by default. +# To take advantage of this, it is recommended that you configure any +# local modules either before or after the default block, and use +# pam-auth-update to manage selection of other modules. See +# pam-auth-update(8) for details. + +# here are the per-package modules (the "Primary" block) +$session_primary +# here's the fallback if no module succeeds +session requisite pam_deny.so +# prime the stack with a positive return value if there isn't one already; +# this avoids us returning an error just because nothing sets a success code +# since the modules above will each just jump around +session required pam_permit.so +# and here are more per-package modules (the "Additional" block) +$session_additional +# end of pam-auth-update config diff --git a/debian/local/common-session-noninteractive b/debian/local/common-session-noninteractive new file mode 100644 index 00000000..1dd1a172 --- /dev/null +++ b/debian/local/common-session-noninteractive @@ -0,0 +1,25 @@ +# +# /etc/pam.d/common-session-noninteractive - session-related modules +# common to all non-interactive services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of modules that define tasks to be performed +# at the start and end of all non-interactive sessions. +# +# As of pam 1.0.1-6, this file is managed by pam-auth-update by default. +# To take advantage of this, it is recommended that you configure any +# local modules either before or after the default block, and use +# pam-auth-update to manage selection of other modules. See +# pam-auth-update(8) for details. + +# here are the per-package modules (the "Primary" block) +$session_nonint_primary +# here's the fallback if no module succeeds +session requisite pam_deny.so +# prime the stack with a positive return value if there isn't one already; +# this avoids us returning an error just because nothing sets a success code +# since the modules above will each just jump around +session required pam_permit.so +# and here are more per-package modules (the "Additional" block) +$session_nonint_additional +# end of pam-auth-update config diff --git a/debian/local/common-session-noninteractive.md5sums b/debian/local/common-session-noninteractive.md5sums new file mode 100644 index 00000000..020c2e45 --- /dev/null +++ b/debian/local/common-session-noninteractive.md5sums @@ -0,0 +1 @@ +ad2b78ce1498dd637ef36469430b6ac6 # 1.0.1-11 - diff --git a/debian/local/common-session.md5sums b/debian/local/common-session.md5sums new file mode 100644 index 00000000..9f06fa1a --- /dev/null +++ b/debian/local/common-session.md5sums @@ -0,0 +1,3 @@ +4845c1632b3561a9debe8d59be1b238e /etc/pam.d/common-session +4a25673e8b36f1805219027d3be02cd2 # 1.0.1-4ubuntu5 - 1.0.1-4ubuntu5.5 +240fb92986c885b327cdb21dd641da8c # 1.0.1-6 - diff --git a/debian/local/other b/debian/local/other new file mode 100644 index 00000000..59d776c9 --- /dev/null +++ b/debian/local/other @@ -0,0 +1,16 @@ +# +# /etc/pam.d/other - specify the PAM fallback behaviour +# +# Note that this file is used for any unspecified service; for example +#if /etc/pam.d/cron specifies no session modules but cron calls +#pam_open_session, the session module out of /etc/pam.d/other is +#used. If you really want nothing to happen then use pam_permit.so or +#pam_deny.so as appropriate. + +# We fall back to the system default in /etc/pam.d/common-* +# + +@include common-auth +@include common-account +@include common-password +@include common-session diff --git a/debian/local/pam-auth-update b/debian/local/pam-auth-update new file mode 100644 index 00000000..6d17ab72 --- /dev/null +++ b/debian/local/pam-auth-update @@ -0,0 +1,715 @@ +#!/usr/bin/perl -w + +# pam-auth-update: update /etc/pam.d/common-* from /usr/share/pam-configs +# +# Update the /etc/pam.d/common-* files based on the per-package profiles +# provided in /usr/share/pam-configs/ taking into consideration user's +# preferences (as determined via debconf prompting). +# +# Written by Steve Langasek <steve.langasek@canonical.com> +# +# Copyright (C) 2008 Canonical Ltd. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of version 3 of the GNU General Public License as +# published by the Free Software Foundation. +# +# # This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, +# USA. + +use strict; +use Debconf::Client::ConfModule ':all'; +use IPC::Open2 'open2'; + +version('2.0'); +my $capb=capb('backup escape'); + +my $inputdir = '/usr/share/pam-configs'; +my $template = 'libpam-runtime/profiles'; +my $errtemplate = 'libpam-runtime/conflicts'; +my $overridetemplate = 'libpam-runtime/override'; +my $blanktemplate = 'libpam-runtime/no_profiles_chosen'; +my $titletemplate = 'libpam-runtime/title'; +my $confdir = '/etc/pam.d'; +my $savedir = '/var/lib/pam'; +my (%profiles, @sorted, @enabled, @conflicts, @new, %removals, %to_enable); +my $force = 0; +my $package = 0; +my $priority = 'high'; +my %md5sums = ( + 'auth' => ['8d4fe17e66ba25de16a117035d1396aa'], + 'account' => ['3c0c362eaf3421848b679d63fd48c3fa'], + 'password' => [ + '50fce2113dfda83ac8bdd5a6e706caec', + '4bd7610f2e85f8ddaef79c7db7cb49eb', + '9ba753d0824276b44bcadfee1f87b6bc', + ], + 'session' => [ + '240fb92986c885b327cdb21dd641da8c', + '4a25673e8b36f1805219027d3be02cd2', + ], + 'session-noninteractive' => [ + 'ad2b78ce1498dd637ef36469430b6ac6', + ], +); + +opendir(DIR, $inputdir) || die "could not open config directory: $!"; +while (my $profile = readdir(DIR)) { + next if ($profile eq '.' || $profile eq '..' || $profile =~ m/~$/ || $profile =~ m/^#.+#$/); + %{$profiles{$profile}} = parse_pam_profile($inputdir . '/' . $profile); +} +closedir DIR; + +# use a '--force' arg to specify that /etc/pam.d should be overwritten; +# used only on upgrades where the postinst has already determined that the +# checksums match. Module packages other than libpam-runtime itself must +# NEVER use this option! Document with big skullses and crossboneses! It +# needs to be exposed for libpam-runtime because that's the package that +# decides whether we have a pristine config to be converted, and knows +# whether the version being upgraded from is one for which the conversion +# should be done. + +while ($#ARGV >= 0) { + my $opt = shift; + if ($opt eq '--force') { + $force = 1; + } elsif ($opt eq '--package') { + $package = 1; + } elsif ($opt eq '--remove') { + while ($#ARGV >= 0) { + last if ($ARGV[0] =~ /^--/); + $removals{shift @ARGV} = 1; + } + # --remove implies --package + $package = 1 if (keys(%removals)); + } elsif ($opt eq '--enable') { + while ($#ARGV >= 0) { + last if ($ARGV[0] =~ /^--/); + $to_enable{shift @ARGV} = 1; + } + # --enable implies --package + $package = 1 if (keys(%to_enable)); + } +} + +$priority = 'medium' if ($package); + +x_loadtemplatefile('/var/lib/dpkg/info/libpam-runtime.templates','libpam-runtime'); + +# always sort by priority, so we have consistency and don't have to +# shuffle later +@sorted = sort { $profiles{$b}->{'Priority'} <=> $profiles{$a}->{'Priority'} + || $b cmp $a } + keys(%profiles); +# If we're being called for package removal, filter out those options here +@sorted = grep { !$removals{$_} } @sorted; + +subst($template, 'profile_names', join(', ',@sorted)); +subst($template, 'profiles', + join(', ', map { $profiles{$_}->{'Name'} } @sorted)); + +my $diff = diff_profiles($confdir,$savedir); + +if ($diff) { + @enabled = grep { !$removals{$_} } @{$diff->{'mods'}}; +} else { + @enabled = split(/, /,get($template)); +} + +# find out what we've seen, so we can ignore those defaults +my %seen; +if (-e $savedir . '/seen') { + open(SEEN,$savedir . '/seen') or die("open(${savedir}/seen) failed: $!"); + while (<SEEN>) { + chomp; + $seen{$_} = 1; + } + close(SEEN); +} + +# filter out any options that are no longer available for any reason +@enabled = grep { $profiles{$_} } @enabled; + +# an empty module set is an error, so in that case grab all the defaults +if (!@enabled) { + %seen = (); + $priority = 'high' unless ($force); +} + +# add configs to enable +push(@enabled, + grep { $to_enable{$_} } @sorted); + +# add any previously-unseen configs +push(@enabled, + grep { $profiles{$_}->{'Default'} eq 'yes' && !$seen{$_} } @sorted); +@enabled = sort { $profiles{$b}->{'Priority'} <=> $profiles{$a}->{'Priority'} + || $b cmp $a } + @enabled; +my $prev = ''; +@enabled = grep { $_ ne $prev && (($prev) = $_) } @enabled; + +# Do we have any new options to show? If not, we shouldn't reprompt the +# user, at any priority level, unless explicitly called. +@new = grep { !$seen{$_} } @sorted; + +settitle($titletemplate); + +# if diff_profiles() fails, and we weren't passed a 'force' argument +# (because this isn't an upgrade from an old version, or the checksum +# didn't match, or we're being called by some other module package), prompt +# the user whether to override. If the user declines (the default), we +# never again manage this config unless manually called with '--force'. +if (!$diff && !$force) { + input('high',$overridetemplate); + go(); + $force = 1 if (get($overridetemplate) eq 'true'); +} + +if (!$diff && !$force) { + print STDERR <<EOF; + +pam-auth-update: Local modifications to /etc/pam.d/common-*, not updating. +pam-auth-update: Run pam-auth-update --force to override. + +EOF + exit; +} + +umask(0022); + +do { + @conflicts = (); + + if (@new || !$package) { + fset($template,'seen','false'); + } + set($template,join(', ', @enabled)); + + input($priority,$template); + go(); + + @enabled = split(/, /, get($template)); + + # in case of conflicts, automatically unset the lower priority + # item of each pair + foreach my $elem (@enabled) + { + for (my $i=$#enabled; $i >= 0; $i--) + { + my $conflict = $enabled[$i]; + if ($profiles{$elem}->{'Conflicts'}->{$conflict}) { + splice(@enabled,$i,1); + my $desc = $profiles{$elem}->{'Name'} + . ', ' . $profiles{$conflict}->{'Name'}; + push(@conflicts,$desc); + } + } + } + if (@conflicts) { + subst($errtemplate, 'conflicts', join("\\n", @conflicts)); + input('high',$errtemplate); + } + set($template, join(', ', @enabled)); + if (!@enabled) { + input('high',$blanktemplate); + # we can only end up here by user error, but give them another + # shot at selecting a correct config anyway. + fset($template,'seen','false'); + } +} while (@conflicts || !@enabled); + +# the decision has been made about what configs to use, so even if +# something fails after this, we shouldn't go munging the default +# options again. Save the list of known configs to /var/lib/pam. +open(SEEN,"> $savedir/seen") or die("open(${savedir}/seen) failed: $!"); +for my $i (@sorted) { + print SEEN "$i\n"; +} +close(SEEN) or die("close(${savedir}/seen) failed: $!"); + +# @enabled now contains our list of profiles to use for piecing together +# a config +# we have: +# - templates into which we insert the specialness +# - magic comments denoting the beginning and end of our managed block; +# looking at only the functional config lines would potentially let us +# handle more cases, at the expense of much greater complexity, so +# pass on this at least for the first round +# - a representation of the autogenerated config stored in /var/lib/pam, +# that we can diff against in order to account for changed options or +# manually dropped modules +# - a hash describing the local modifications the user has made to the +# config; these are always preserved unless manually overridden with +# the --force option + +write_profiles(\%profiles, \@enabled, $confdir, $savedir, $diff, $force); + + +# take a single line from a stock config, and merge it with the +# information about local admin edits +sub merge_one_line +{ + my ($line,$diff,$count) = @_; + my (@opts,$modline); + + my ($adds,$removes); + + $line =~ /^((\[[^]]+\]|\w+)\s+\S+)\s*(.*)/; + + @opts = split(/\s+/,$3); + $modline = $1; + $modline =~ s/end/$count/g; + if ($diff) { + my $mod = $modline; + $mod =~ s/(\[[^0-9]*)[0-9]+(.*\])/$1$2/g; + $adds = \%{$diff->{'add'}{$mod}}; + $removes = \%{$diff->{'remove'}{$mod}}; + } else { + $adds = $removes = undef; + } + + for (my $i = 0; $i <= $#opts; $i++) { + if ($adds->{$opts[$i]}) { + delete $adds->{$opts[$i]}; + } + if ($removes->{$opts[$i]}) { + splice(@opts,$i,1); + $i--; + } + } + return $modline . " " . join(' ',@opts,sort keys(%{$adds})) . "\n"; +} + +# return the lines for a given config name, type, and position in the stack +sub lines_for_module_and_type +{ + my ($profiles, $mod, $type, $modpos) = @_; + if ($modpos == 0 && $profiles->{$mod}{$type . '-Initial'}) { + return $profiles->{$mod}{$type . '-Initial'}; + } + return $profiles->{$mod}{$type}; +} + +# create a single PAM config from the indicated template and selections, +# writing to a new file +sub create_from_template +{ + my($template,$dest,$profiles,$enabled,$diff,$type) = @_; + my $state = 0; + my $uctype = ucfirst($type); + $type =~ s/-noninteractive//; + + open(INPUT,$template) || return 0; + open(OUTPUT,">$dest") || return 0; + + while (<INPUT>) { + if ($state == 1) { + if (/^# here's the fallback if no module succeeds/) { + print OUTPUT; + $state++; + } + next; + } + if ($state == 3) { + if (/^# end of pam-auth-update config/) { + print OUTPUT; + $state++; + } + next; + } + + print OUTPUT; + + my ($pattern,$val); + if ($state == 0) { + $pattern = '^# here are the per-package modules \(the "Primary" block\)'; + $val = 'Primary'; + } elsif ($state == 2) { + $pattern = '^# and here are more per-package modules \(the "Additional" block\)'; + $val = 'Additional'; + } else { + next; + } + + if (/$pattern/) { + my $i = 0; + my $count = 0; + # first we need to get a count of lines that we're + # going to output, so we can fix up the jumps correctly + for my $mod (@{$enabled}) { + my $output; + next if (!$profiles->{$mod}{$uctype . '-Type'}); + next if $profiles->{$mod}{$uctype . '-Type'} ne $val; + $output = lines_for_module_and_type($profiles, $mod, $uctype, $i++); + # bypasses a perl warning about @_, sigh + my @tmparr = split("\n+",$output); + $count += @tmparr; + } + + # in case anything tries to jump in the 'additional' + # block, let's try not to jump off the stack... + $count-- if ($val eq 'Additional'); + + # no primary block, so output a stock pam_permit line + # to keep the stack intact + if ($val eq 'Primary' && $count == 0) + { + print OUTPUT "$type\t[default=1]\t\t\tpam_permit.so\n"; + } + + $i = 0; + for my $mod (@{$enabled}) { + my $output; + my @output; + next if (!$profiles->{$mod}{$uctype . '-Type'}); + next if $profiles->{$mod}{$uctype . '-Type'} ne $val; + $output = lines_for_module_and_type($profiles, $mod, $uctype, $i++); + for my $line (split("\n",$output)) { + $line = merge_one_line($line,$diff, + $count); + print OUTPUT "$type\t$line"; + $count--; + } + } + $state++; + } + } + close(INPUT); + close(OUTPUT) or die("close($dest) failed: $!"); + + if ($state < 4) { + unlink($dest); + return 0; + } + return 1; +} + +# take a template file, strip out everything between the markers, and +# return the md5sum of the remaining contents. Used for testing for +# local modifications of the boilerplate. +sub get_template_md5sum +{ + my($template) = @_; + my $state = 0; + + open(INPUT,$template) || return ''; + my($md5sum_fd,$output_fd); + my $pid = open2($md5sum_fd, $output_fd, 'md5sum'); + return '' if (!$pid); + + while (<INPUT>) { + if ($state == 1) { + if (/^# here's the fallback if no module succeeds/) { + print $output_fd $_; + $state++; + } + next; + } + if ($state == 3) { + if (/^# end of pam-auth-update config/) { + print $output_fd $_; + $state++; + } + next; + } + + print $output_fd $_; + + my ($pattern,$val); + if ($state == 0) { + $pattern = '^# here are the per-package modules \(the "Primary" block\)'; + } elsif ($state == 2) { + $pattern = '^# and here are more per-package modules \(the "Additional" block\)'; + } else { + next; + } + + if (/$pattern/) { + $state++; + } + } + close(INPUT); + close($output_fd); + my $md5sum = <$md5sum_fd>; + close($md5sum_fd); + waitpid $pid, 0; + + $md5sum = (split(/\s+/,$md5sum))[0]; + return $md5sum; +} + +# merge a set of module declarations into a set of new config files, +# using the information returned from diff_profiles(). +sub write_profiles +{ + my($profiles,$enabled,$confdir,$savedir,$diff,$force) = @_; + + if (! -d $savedir) { + mkdir($savedir); + } + + # because we can't atomically replace both /var/lib/pam/$foo and + # /etc/pam.d/common-$foo at the same time, take steps to make this + # somewhat robust + for my $type ('auth','account','password','session', + 'session-noninteractive') + { + my $target = $confdir . '/common-' . $type; + my $template = $target; + my $dest = $template . '.pam-new'; + + my $diff = $diff; + if ($diff) { + $diff = \%{$diff->{$type}}; + } + + # Detect if the template is unmodified, and if so, use + # the version from /usr/share. Depends on knowing the + # md5sums of the originals. + my $md5sum = get_template_md5sum($template); + for my $i (@{$md5sums{$type}}) { + if ($md5sum eq $i) { + $template = '/usr/share/pam/common-' . $type; + last; + } + } + + # first, write out the new config + if (!create_from_template($template,$dest,$profiles,$enabled, + $diff,$type)) + { + if (!$force) { + return 0; + } + $template = '/usr/share/pam/common-' . $type; + if (!create_from_template($template,$dest,$profiles, + $enabled,$diff,$type)) + { + return 0; + } + } + + # then write out the saved config + if (!open(OUTPUT, "> $savedir/$type.new")) { + unlink($dest); + return 0; + } + my $i = 0; + my $uctype = ucfirst($type); + for my $mod (@{$enabled}) { + my $output; + next if (!$profiles->{$mod}{$uctype . '-Type'}); + next if ($profiles->{$mod}{$uctype . '-Type'} eq 'Additional'); + + $output = lines_for_module_and_type($profiles, $mod, $uctype, $i++); + if ($output) { + print OUTPUT "Module: $mod\n"; + print OUTPUT $output . "\n"; + } + } + + # no primary block, so output a stock pam_permit line + if ($i == 0) + { + print OUTPUT "Module: null\n"; + print OUTPUT "[default=1]\t\t\tpam_permit.so\n"; + } + + $i = 0; + for my $mod (@{$enabled}) { + my $output; + next if (!$profiles->{$mod}{$uctype . '-Type'}); + next if ($profiles->{$mod}{$uctype . '-Type'} eq 'Primary'); + + $output = lines_for_module_and_type($profiles, $mod, $uctype, $i++); + if ($output) { + print OUTPUT "Module: $mod\n"; + print OUTPUT $output . "\n"; + } + } + + close(OUTPUT) or die("close($dest) failed: $!"); + + # then do the renames, back-to-back + # we have to use system because File::Copy is in + # perl-modules, not perl-base + if (-e $target && $force) { + system('cp','-f',$target,$target . '.pam-old') == 0 + or die("cp -f ${target} ${target}.pam.old failed"); + } + rename($dest,$target) + or die("rename($dest, $target) failed: $!"); + rename("$savedir/${type}.new","$savedir/$type") + or die("rename(${savedir}/${type}.new, ${savedir}/${type}) failed: $!"); + } + + # at the end of a successful write, reset the 'seen' flag and the + # value of the debconf override question. + fset($overridetemplate,'seen','false'); + set($overridetemplate,'false'); +} + +# reconcile the current config in /etc/pam.d with the saved ones in +# /var/lib/pam; returns a hash of profile names and the corresponding +# options that should be added/removed relative to the stock config. +# returns false if any of the markers are missing that permit a merge, +# or on any other failure. +sub diff_profiles +{ + my ($sourcedir,$savedir) = @_; + my (%diff); + + @{$diff{'mods'}} = (); + # Load the saved config from /var/lib/pam, then iterate through all + # lines in the current config that are in the managed block. + # If anything fails here, just return immediately since we then + # have nothing to merge; instead, the caller will decide later + # whether to force an overwrite. + for my $type ('auth','account','password','session', + 'session-noninteractive') + { + my (@saved,$modname); + + open(SAVED,$savedir . '/' . $type) || return 0; + while (<SAVED>) { + if (/^Module: (.*)/) { + $modname = $1; + next; + } + chomp; + # trim out the destination of any jumps; this saves + # us from having to re-parse everything just to fix + # up the jump lengths, when changes to these will + # already show up as inconsistencies elsewhere + s/(\[[^0-9]*)[0-9]+(.*\])/$1$2/g; + s/(\[.*)end(.*\])/$1$2/g; + my (@temp) = ($modname,$_); + push(@saved,\@temp); + } + close(SAVED); + + my $state = 0; + my (@prev_opts,$curmod); + my $realtype = $type; + $realtype =~ s/-noninteractive//; + + open(CURRENT,$sourcedir . '/common-' . $type) || return 0; + while (<CURRENT>) { + if ($state == 0) { + $state = 1 + if (/^# here are the per-package modules \(the "Primary" block\)/); + next; + } + if ($state == 1) { + s/^$realtype\s+//; + if (/^# here's the fallback if no module succeeds/) { + $state = 2; + next; + } + } + if ($state == 2) { + $state = 3 + if (/^# and here are more per-package modules \(the "Additional" block\)/); + next; + } + if ($state == 3) { + last if (/^# end of pam-auth-update config/); + s/^$realtype\s+//; + } + + my $found = 0; + my $curopts; + while (!$found && $#saved >= 0) { + my $line; + ($modname,$line) = @{$saved[0]}; + shift(@saved); + $line =~ /^((\[[^]]+\]|\w+)\s+\S+)\s*(.*)/; + @prev_opts = split(/\s+/,$3); + $curmod = $1; + # FIXME: the key isn't derived from the config + # name, so collisions are possible if more + # than one config references the same module + + $_ =~ s/(\[[^0-9]*)[0-9]+(.*\])/$1$2/g; + # check if this is a match for the current line + if ($_ =~ /^\Q$curmod\E\s*(.*)$/) { + $found = 1; + $curopts = $1; + push(@{$diff{'mods'}},$modname); + } + } + + # there's a line in the live config that doesn't + # correspond to anything from the saved config. + # treat this as a failure; it's very error-prone + # to decide what to do with an added line that + # didn't come from a package. + return 0 if (!$found); + + for my $opt (split(/\s+/,$curopts)) { + my $found = 0; + for (my $i = 0; $i <= $#prev_opts; $i++) { + if ($prev_opts[$i] eq $opt) { + $found = 1; + splice(@prev_opts,$i,1); + } + } + $diff{$type}{'add'}{$curmod}{$opt} = 1 if (!$found); + } + for my $opt (@prev_opts) { + $diff{$type}{'remove'}{$curmod}{$opt} = 1; + } + } + close(CURRENT); + + # we couldn't parse the config, so the merge fails + return 0 if ($state < 3); + } + return \%diff; +} + +# simple function to parse a provided config file, in pseudo-RFC822 +# format, +sub parse_pam_profile +{ + my ($profile) = $_[0]; + my $fieldname; + my %profile; + open(PROFILE, $profile) || die "could not read profile $profile: $!"; + while (<PROFILE>) { + if (/^(\S+):\s+(.*)\s*$/) { + $fieldname = $1; + # compatibility with the first implementation round; + # "Auth-Final" is now just called "Auth" + $fieldname =~ s/-Final$//; + if ($fieldname eq 'Conflicts') { + foreach my $elem (split(/, /, $2)) { + $profile{'Conflicts'}->{$elem} = 1; + } + } else { + $profile{$fieldname} = $2; + } + } else { + chomp; + s/^\s+//; + s/\s+$//; + $profile{$fieldname} .= "\n$_" if ($_); + $profile{$fieldname} =~ s/^[\n\s]+//; + } + } + close(PROFILE); + if (!defined($profile{'Session-Interactive-Only'})) { + $profile{'Session-noninteractive-Type'} = $profile{'Session-Type'}; + $profile{'Session-noninteractive'} = $profile{'Session'}; + $profile{'Session-noninteractive-Initial'} = $profile{'Session-Initial'}; + } + return %profile; +} diff --git a/debian/local/pam-auth-update.8 b/debian/local/pam-auth-update.8 new file mode 100644 index 00000000..a5ebdbad --- /dev/null +++ b/debian/local/pam-auth-update.8 @@ -0,0 +1,105 @@ +.\" Copyright (C) 2008 Canonical Ltd. +.\" +.\" Author: Steve Langasek <steve.langasek@canonical.com> +.\" +.\" This program is free software; you can redistribute it and/or modify +.\" it under the terms of version 3 of the GNU General Public License as +.\" published by the Free Software Foundation. +.\" +.\" .\" This program is distributed in the hope that it will be useful, +.\" but WITHOUT ANY WARRANTY; without even the implied warranty of +.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +.\" GNU General Public License for more details. +.\" +.\" You should have received a copy of the GNU General Public License +.\" along with this program; if not, write to the Free Software +.\" Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, +.\" USA. +.TH "PAM\-AUTH\-UPDATE" "8" "08/23/2008" "Debian" +.SH NAME +pam\-auth\-update - manage PAM configuration using packaged profiles +.SH SYNOPSIS +.B pam\-auth\-update +.RB [ \-\-package " [" \-\-remove +.IR profile " [" profile\fR... "]]]" +.RB [ \-\-force ] +.SH DESCRIPTION +.I pam\-auth\-update +is a utility that permits configuring the central authentication policy +for the system using pre-defined profiles as supplied by PAM module +packages. +Profiles shipped in the +.I /usr/share/pam\-configs/ +directory specify the modules, with options, to enable; the preferred +ordering with respect to other profiles; and whether a profile should be +enabled by default. +Packages providing PAM modules register their profiles at install time +by calling +.BR "pam\-auth\-update \-\-package" . +Selection of profiles is done using the standard debconf interface. +The profile selection question will be asked at `medium' priority when +packages are added or removed, so no user interaction is required by +default. +Users may invoke +.B pam\-auth\-update +directly to change their authentication configuration. +.PP +The script makes every effort to respect local changes to +.IR "/etc/pam.d/common-*". +Local modifications to the list of module options will be preserved, and +additions of modules within the managed portion of the stack will cause +.B pam\-auth\-update +to treat the config files as locally modified and not make further +changes to the config files unless given the +.B \-\-force +option. +.PP +If the user specifies that +.B pam\-auth\-update +should override local configuration changes, the locally-modified files +will be saved in +.I /etc/pam.d/ +with a suffix of +.IR "\.pam\-old" . +.SH OPTIONS +.TP +.B \-\-package +Indicate that the caller is a package maintainer script; lowers the +priority of debconf questions to `medium' so that the user is not +prompted by default. +.TP +.B \-\-enable \fIprofile \fR[\fIprofile\fR...] +Enable the specified profiles in system configuration. This is used to +enable profiles that are not on by default. +.TP +.B \-\-remove \fIprofile \fR[\fIprofile\fR...] +Remove the specified profiles from the system configuration. +.B pam\-auth\-update \-\-remove +should be used to remove profiles from the configuration before the +modules they reference are removed from disk, to ensure that PAM is in a +consistent and usable state at all times during package upgrades or +removals. +.TP +.B \-\-force +Overwrite the current PAM configuration, without prompting. +This option +.B must not +be used by package maintainer scripts; it is intended for use by +administrators only. +.SH FILES +.PP +.I /etc/pam.d/common\-* +.RS 4 +Global configuration of PAM, affecting all installed services. +.RE +.PP +.I /usr/share/pam\-configs/ +.RS 4 +Package-supplied authentication profiles. +.RE +.SH AUTHOR +Steve Langasek <steve.langasek@canonical.com> +.SH COPYRIGHT +Copyright (C) 2008 Canonical Ltd. +.SH "SEE ALSO" +PAM(7), pam.d(5), debconf(7) diff --git a/debian/local/pam.conf b/debian/local/pam.conf new file mode 100644 index 00000000..3eeb72d3 --- /dev/null +++ b/debian/local/pam.conf @@ -0,0 +1,15 @@ +# ---------------------------------------------------------------------------# +# /etc/pam.conf # +# ---------------------------------------------------------------------------# +# +# NOTE +# ---- +# +# NOTE: Most program use a file under the /etc/pam.d/ directory to setup their +# PAM service modules. This file is used only if that directory does not exist. +# ---------------------------------------------------------------------------# + +# Format: +# serv. module ctrl module [path] ...[args..] # +# name type flag # + diff --git a/debian/local/pam_getenv b/debian/local/pam_getenv new file mode 100644 index 00000000..e409c3e5 --- /dev/null +++ b/debian/local/pam_getenv @@ -0,0 +1,123 @@ +#!/usr/bin/perl -w + +=head1 NAME + +pam_getenv - get environment variables from /etc/environment + +=head1 SYNOPSIS + +pam_getenv B<[-l] [-s]> I<env_var> + +=head1 DESCRIPTION + +This tool will print out the value of I<env_var> from F</etc/environment>. It will attempt to expand environment variable references in the definition of I<env_var> but will fail if PAM items are expanded. + +The B<-l> option indicates the script should return an environment variable related to default locale information. + +The B<-s> option indicates that the script should return an +system default environment variable. + +Currently neither the B<-l> or B<-s> options do anything. They are +included because future versions of Debian may have a separate +repository for the initial environment used by init scripts and for +system locale information. These options will allow this script to be +a stable interface even in that environment. + +=cut + +# Copyright 2004 by Sam Hartman +# This script may be copied under the terms of the GNU GPL +# version 2, or at your option any later version. + +use strict; +use vars qw(*CONFIGFILE *ENVFILE); + +sub read_line($) { + my $fh = shift; + my $line; + local $_; + line: while (<$fh>) { + chomp; + s/^\s+//; +s/\#.*$//; + next if $_ eq ""; + if (s/\\\s*$//) { + $line .= $_; + next line; + } + + $line .= $_; + last; + } + $line; + +} + + +sub parse_line($) { + my $var; + my (%x, @x); + local $_ = shift; + return undef unless defined $_ and s/(\S+)\s//; + $var->{Name} = $1; + s/^\s*//; + @x = split(/=([^"\s]\S*|"[^"]*")\s*/, $_); + unless (scalar(@x)%2 == 0) { + push @x, undef; + } + %x = @x; + @{$var}{"Default", "Override"} = + @x{"DEFAULT", "OVERRIDE"}; + $var; +} + +sub expand_val($) { + my ($val) = @_; +return undef unless $val; + die "Cannot handle PAM items\n" if /(?<!\\)\@/; + $val =~ s/(?<!\\)\$\{([^}]+)\}/$ENV{$1}||""/eg; + return $val; +} + +my $lookup; + +while ($_ = shift) { + next if $_ eq "-s"; + next if $_ eq "-l"; + $lookup = $_; + last; +} +unless (defined $lookup) { + die "Usage: pam_getenv [-l] [-s] env_var\n"; +} + +my %allvars; + +open (CONFIGFILE, "/etc/security/pam_env.conf") + or die "Cannot open environment file: $!\n"; + +while (my $var = parse_line(read_line(\*CONFIGFILE))) { + my $val; + unless ($val = expand_val($var->{Override})) { + $val = expand_val($var->{Default}); + } + $allvars{$var->{Name}} = $val; +} + +if (open (ENVFILE, "/etc/environment")) { + while (my $line = read_line(\*ENVFILE)) { + $line =~ s/^export //; + $line =~ /(.*?)=(.+)/ or next; + my ($var, $val) = ($1, $2); + # This is bizarre logic (" and ' match each other, quotes are only + # significant at the start and end of the string, and the trailing quote + # may be omitted), but it's what pam_env does. + $val =~ s/^["'](.*?)["']?$/$1/; + $allvars{$var} = $val; + } +} + +if (exists $allvars{$lookup}) { + print $allvars{$lookup}, "\n"; + exit(0); +} diff --git a/debian/pam-configs/cracklib b/debian/pam-configs/cracklib new file mode 100644 index 00000000..1c48274f --- /dev/null +++ b/debian/pam-configs/cracklib @@ -0,0 +1,9 @@ +Name: Cracklib password strength checking +Default: yes +Priority: 1024 +Conflicts: unix-zany +Password-Type: Primary +Password: + requisite pam_cracklib.so retry=3 minlen=8 difok=3 +Password-Initial: + requisite pam_cracklib.so retry=3 minlen=8 difok=3 diff --git a/debian/pam-configs/mkhomedir b/debian/pam-configs/mkhomedir new file mode 100644 index 00000000..9c27980a --- /dev/null +++ b/debian/pam-configs/mkhomedir @@ -0,0 +1,7 @@ +Name: Create home directory on login +Default: no +Priority: 0 +Session-Type: Additional +Session-Interactive-Only: yes +Session: + optional pam_mkhomedir.so diff --git a/debian/pam-configs/unix b/debian/pam-configs/unix new file mode 100644 index 00000000..23a04f14 --- /dev/null +++ b/debian/pam-configs/unix @@ -0,0 +1,23 @@ +Name: Unix authentication +Default: yes +Priority: 256 +Auth-Type: Primary +Auth: + [success=end default=ignore] pam_unix.so nullok_secure try_first_pass +Auth-Initial: + [success=end default=ignore] pam_unix.so nullok_secure +Account-Type: Primary +Account: + [success=end new_authtok_reqd=done default=ignore] pam_unix.so +Account-Initial: + [success=end new_authtok_reqd=done default=ignore] pam_unix.so +Session-Type: Additional +Session: + required pam_unix.so +Session-Initial: + required pam_unix.so +Password-Type: Primary +Password: + [success=end default=ignore] pam_unix.so obscure use_authtok try_first_pass sha512 +Password-Initial: + [success=end default=ignore] pam_unix.so obscure sha512 diff --git a/debian/patches-applied/007_modules_pam_unix b/debian/patches-applied/007_modules_pam_unix new file mode 100644 index 00000000..5dae4064 --- /dev/null +++ b/debian/patches-applied/007_modules_pam_unix @@ -0,0 +1,462 @@ +Index: pam.debian/modules/pam_unix/pam_unix_passwd.c +=================================================================== +--- pam.debian.orig/modules/pam_unix/pam_unix_passwd.c ++++ pam.debian/modules/pam_unix/pam_unix_passwd.c +@@ -102,6 +102,9 @@ + # endif /* GNU libc 2.1 */ + #endif + ++extern const char *obscure_msg(const char *, const char *, const struct passwd *, ++ unsigned int); ++ + /* + How it works: + Gets in username (has to be done) from the calling program +@@ -521,6 +524,11 @@ + return retval; + } + } ++ if (!remark && pass_old != NULL) { /* only check if we don't already have a failure */ ++ struct passwd *pwd; ++ pwd = pam_modutil_getpwnam(pamh, user); ++ remark = (char *)obscure_msg(pass_old,pass_new,pwd,ctrl); /* do obscure checks */ ++ } + } + if (remark) { + _make_remark(pamh, ctrl, PAM_ERROR_MSG, remark); +@@ -536,7 +544,7 @@ + int retval; + int remember = -1; + int rounds = -1; +- int pass_min_len = 0; ++ int pass_min_len = 6; + + /* <DO NOT free() THESE> */ + const char *user; +Index: pam.debian/modules/pam_unix/support.h +=================================================================== +--- pam.debian.orig/modules/pam_unix/support.h ++++ pam.debian/modules/pam_unix/support.h +@@ -97,8 +97,9 @@ + password hash algorithms */ + #define UNIX_BLOWFISH_PASS 26 /* new password hashes will use blowfish */ + #define UNIX_MIN_PASS_LEN 27 /* min length for password */ ++#define UNIX_OBSCURE_CHECKS 28 /* enable obscure checks on passwords */ + /* -------------- */ +-#define UNIX_CTRLS_ 28 /* number of ctrl arguments defined */ ++#define UNIX_CTRLS_ 29 /* number of ctrl arguments defined */ + + #define UNIX_DES_CRYPT(ctrl) (off(UNIX_MD5_PASS,ctrl)&&off(UNIX_BIGCRYPT,ctrl)&&off(UNIX_SHA256_PASS,ctrl)&&off(UNIX_SHA512_PASS,ctrl)&&off(UNIX_BLOWFISH_PASS,ctrl)) + +@@ -107,34 +108,35 @@ + /* symbol token name ctrl mask ctrl * + * ----------------------- ------------------- --------------------- -------- */ + +-/* UNIX__OLD_PASSWD */ {NULL, _ALL_ON_, 01, 0}, +-/* UNIX__VERIFY_PASSWD */ {NULL, _ALL_ON_, 02, 0}, +-/* UNIX__IAMROOT */ {NULL, _ALL_ON_, 04, 0}, +-/* UNIX_AUDIT */ {"audit", _ALL_ON_, 010, 0}, +-/* UNIX_USE_FIRST_PASS */ {"use_first_pass", _ALL_ON_^(060), 020, 0}, +-/* UNIX_TRY_FIRST_PASS */ {"try_first_pass", _ALL_ON_^(060), 040, 0}, +-/* UNIX_NOT_SET_PASS */ {"not_set_pass", _ALL_ON_, 0100, 0}, +-/* UNIX__PRELIM */ {NULL, _ALL_ON_^(0600), 0200, 0}, +-/* UNIX__UPDATE */ {NULL, _ALL_ON_^(0600), 0400, 0}, +-/* UNIX__NONULL */ {NULL, _ALL_ON_, 01000, 0}, +-/* UNIX__QUIET */ {NULL, _ALL_ON_, 02000, 0}, +-/* UNIX_USE_AUTHTOK */ {"use_authtok", _ALL_ON_, 04000, 0}, +-/* UNIX_SHADOW */ {"shadow", _ALL_ON_, 010000, 0}, +-/* UNIX_MD5_PASS */ {"md5", _ALL_ON_^(0260420000), 020000, 1}, +-/* UNIX__NULLOK */ {"nullok", _ALL_ON_^(01000), 0, 0}, +-/* UNIX_DEBUG */ {"debug", _ALL_ON_, 040000, 0}, +-/* UNIX_NODELAY */ {"nodelay", _ALL_ON_, 0100000, 0}, +-/* UNIX_NIS */ {"nis", _ALL_ON_, 0200000, 0}, +-/* UNIX_BIGCRYPT */ {"bigcrypt", _ALL_ON_^(0260420000), 0400000, 1}, +-/* UNIX_LIKE_AUTH */ {"likeauth", _ALL_ON_, 01000000, 0}, +-/* UNIX_REMEMBER_PASSWD */ {"remember=", _ALL_ON_, 02000000, 0}, +-/* UNIX_NOREAP */ {"noreap", _ALL_ON_, 04000000, 0}, +-/* UNIX_BROKEN_SHADOW */ {"broken_shadow", _ALL_ON_, 010000000, 0}, +-/* UNIX_SHA256_PASS */ {"sha256", _ALL_ON_^(0260420000), 020000000, 1}, +-/* UNIX_SHA512_PASS */ {"sha512", _ALL_ON_^(0260420000), 040000000, 1}, +-/* UNIX_ALGO_ROUNDS */ {"rounds=", _ALL_ON_, 0100000000, 0}, +-/* UNIX_BLOWFISH_PASS */ {"blowfish", _ALL_ON_^(0260420000), 0200000000, 1}, +-/* UNIX_MIN_PASS_LEN */ {"minlen=", _ALL_ON_, 0400000000, 0}, ++/* UNIX__OLD_PASSWD */ {NULL, _ALL_ON_, 0x1, 0}, ++/* UNIX__VERIFY_PASSWD */ {NULL, _ALL_ON_, 0x2, 0}, ++/* UNIX__IAMROOT */ {NULL, _ALL_ON_, 0x4, 0}, ++/* UNIX_AUDIT */ {"audit", _ALL_ON_, 0x8, 0}, ++/* UNIX_USE_FIRST_PASS */ {"use_first_pass", _ALL_ON_^(0x30), 0x10, 0}, ++/* UNIX_TRY_FIRST_PASS */ {"try_first_pass", _ALL_ON_^(0x30), 0x20, 0}, ++/* UNIX_NOT_SET_PASS */ {"not_set_pass", _ALL_ON_, 0x40, 0}, ++/* UNIX__PRELIM */ {NULL, _ALL_ON_^(0x180), 0x80, 0}, ++/* UNIX__UPDATE */ {NULL, _ALL_ON_^(0x180), 0x100, 0}, ++/* UNIX__NONULL */ {NULL, _ALL_ON_, 0x200, 0}, ++/* UNIX__QUIET */ {NULL, _ALL_ON_, 0x400, 0}, ++/* UNIX_USE_AUTHTOK */ {"use_authtok", _ALL_ON_, 0x800, 0}, ++/* UNIX_SHADOW */ {"shadow", _ALL_ON_, 0x1000, 0}, ++/* UNIX_MD5_PASS */ {"md5", _ALL_ON_^(0x2C22000), 0x2000, 1}, ++/* UNIX__NULLOK */ {"nullok", _ALL_ON_^(0x200), 0, 0}, ++/* UNIX_DEBUG */ {"debug", _ALL_ON_, 0x4000, 0}, ++/* UNIX_NODELAY */ {"nodelay", _ALL_ON_, 0x8000, 0}, ++/* UNIX_NIS */ {"nis", _ALL_ON_, 0x10000, 0}, ++/* UNIX_BIGCRYPT */ {"bigcrypt", _ALL_ON_^(0x2C22000), 0x20000, 1}, ++/* UNIX_LIKE_AUTH */ {"likeauth", _ALL_ON_, 0x40000, 0}, ++/* UNIX_REMEMBER_PASSWD */ {"remember=", _ALL_ON_, 0x80000, 0}, ++/* UNIX_NOREAP */ {"noreap", _ALL_ON_, 0x100000, 0}, ++/* UNIX_BROKEN_SHADOW */ {"broken_shadow", _ALL_ON_, 0x200000, 0}, ++/* UNIX_SHA256_PASS */ {"sha256", _ALL_ON_^(0x2C22000), 0x400000, 1}, ++/* UNIX_SHA512_PASS */ {"sha512", _ALL_ON_^(0x2C22000), 0x800000, 1}, ++/* UNIX_ALGO_ROUNDS */ {"rounds=", _ALL_ON_, 0x1000000, 0}, ++/* UNIX_BLOWFISH_PASS */ {"blowfish", _ALL_ON_^(0x2C22000),0x2000000, 1}, ++/* UNIX_MIN_PASS_LEN */ {"minlen=", _ALL_ON_, 0x4000000, 0}, ++/* UNIX_OBSCURE_CHECKS */ {"obscure", _ALL_ON_, 0x8000000, 0}, + }; + + #define UNIX_DEFAULTS (unix_args[UNIX__NONULL].flag) +Index: pam.debian/modules/pam_unix/pam_unix.8.xml +=================================================================== +--- pam.debian.orig/modules/pam_unix/pam_unix.8.xml ++++ pam.debian/modules/pam_unix/pam_unix.8.xml +@@ -337,8 +337,81 @@ + <listitem> + <para> + Set a minimum password length of <replaceable>n</replaceable> +- characters. The max. for DES crypt based passwords are 8 +- characters. ++ characters. The default value is 6. The maximum for DES ++ crypt-based passwords is 8 characters. ++ </para> ++ </listitem> ++ </varlistentry> ++ <varlistentry> ++ <term> ++ <option>obscure</option> ++ </term> ++ <listitem> ++ <para> ++ Enable some extra checks on password strength. These checks ++ are based on the "obscure" checks in the original shadow ++ package. The behavior is similar to the pam_cracklib ++ module, but for non-dictionary-based checks. The following ++ checks are implemented: ++ <variablelist> ++ <varlistentry> ++ <term> ++ <option>Palindrome</option> ++ </term> ++ <listitem> ++ <para> ++ Verifies that the new password is not a palindrome ++ of (i.e., the reverse of) the previous one. ++ </para> ++ </listitem> ++ </varlistentry> ++ <varlistentry> ++ <term> ++ <option>Case Change Only</option> ++ </term> ++ <listitem> ++ <para> ++ Verifies that the new password isn't the same as the ++ old one with a change of case. ++ </para> ++ </listitem> ++ </varlistentry> ++ <varlistentry> ++ <term> ++ <option>Similar</option> ++ </term> ++ <listitem> ++ <para> ++ Verifies that the new password isn't too much like ++ the previous one. ++ </para> ++ </listitem> ++ </varlistentry> ++ <varlistentry> ++ <term> ++ <option>Simple</option> ++ </term> ++ <listitem> ++ <para> ++ Is the new password too simple? This is based on ++ the length of the password and the number of ++ different types of characters (alpha, numeric, etc.) ++ used. ++ </para> ++ </listitem> ++ </varlistentry> ++ <varlistentry> ++ <term> ++ <option>Rotated</option> ++ </term> ++ <listitem> ++ <para> ++ Is the new password a rotated version of the old ++ password? (E.g., "billy" and "illyb") ++ </para> ++ </listitem> ++ </varlistentry> ++ </variablelist> + </para> + </listitem> + </varlistentry> +Index: pam.debian/modules/pam_unix/obscure.c +=================================================================== +--- /dev/null ++++ pam.debian/modules/pam_unix/obscure.c +@@ -0,0 +1,198 @@ ++/* ++ * Copyright 1989 - 1994, Julianne Frances Haugh ++ * All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. Neither the name of Julianne F. Haugh nor the names of its contributors ++ * may be used to endorse or promote products derived from this software ++ * without specific prior written permission. ++ * ++ * THIS SOFTWARE IS PROVIDED BY JULIE HAUGH AND CONTRIBUTORS ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL JULIE HAUGH OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ */ ++ ++#include "config.h" ++ ++#include <ctype.h> ++#include <stdio.h> ++#include <unistd.h> ++#include <string.h> ++#include <stdlib.h> ++#include <pwd.h> ++#include <security/pam_modules.h> ++#include <security/_pam_macros.h> ++ ++ ++#include "support.h" ++ ++/* can't be a palindrome - like `R A D A R' or `M A D A M' */ ++static int palindrome(const char *old, const char *new) { ++ int i, j; ++ ++ i = strlen (new); ++ ++ for (j = 0;j < i;j++) ++ if (new[i - j - 1] != new[j]) ++ return 0; ++ ++ return 1; ++} ++ ++/* more than half of the characters are different ones. */ ++static int similar(const char *old, const char *new) { ++ int i, j; ++ ++ /* ++ * XXX - sometimes this fails when changing from a simple password ++ * to a really long one (MD5). For now, I just return success if ++ * the new password is long enough. Please feel free to suggest ++ * something better... --marekm ++ */ ++ if (strlen(new) >= 8) ++ return 0; ++ ++ for (i = j = 0; new[i] && old[i]; i++) ++ if (strchr(new, old[i])) ++ j++; ++ ++ if (i >= j * 2) ++ return 0; ++ ++ return 1; ++} ++ ++/* a nice mix of characters. */ ++static int simple(const char *old, const char *new) { ++ int digits = 0; ++ int uppers = 0; ++ int lowers = 0; ++ int others = 0; ++ int size; ++ int i; ++ ++ for (i = 0;new[i];i++) { ++ if (isdigit (new[i])) ++ digits++; ++ else if (isupper (new[i])) ++ uppers++; ++ else if (islower (new[i])) ++ lowers++; ++ else ++ others++; ++ } ++ ++ /* ++ * The scam is this - a password of only one character type ++ * must be 8 letters long. Two types, 7, and so on. ++ */ ++ ++ size = 9; ++ if (digits) size--; ++ if (uppers) size--; ++ if (lowers) size--; ++ if (others) size--; ++ ++ if (size <= i) ++ return 0; ++ ++ return 1; ++} ++ ++static char *str_lower(char *string) { ++ char *cp; ++ ++ for (cp = string; *cp; cp++) ++ *cp = tolower(*cp); ++ return string; ++} ++ ++static const char * password_check(const char *old, const char *new, ++ const struct passwd *pwdp) { ++ const char *msg = NULL; ++ char *oldmono, *newmono, *wrapped; ++ ++ if (strcmp(new, old) == 0) ++ return _("Bad: new password must be different than the old one"); ++ ++ newmono = str_lower(strdup(new)); ++ oldmono = str_lower(strdup(old)); ++ wrapped = (char *)malloc(strlen(oldmono) * 2 + 1); ++ strcpy (wrapped, oldmono); ++ strcat (wrapped, oldmono); ++ ++ if (palindrome(oldmono, newmono)) { ++ msg = _("Bad: new password cannot be a palindrome"); ++ } else if (strcmp(oldmono, newmono) == 0) { ++ msg = _("Bad: new and old password must differ by more than just case"); ++ } else if (similar(oldmono, newmono)) { ++ msg = _("Bad: new and old password are too similar"); ++ } else if (simple(old, new)) { ++ msg = _("Bad: new password is too simple"); ++ } else if (strstr(wrapped, newmono)) { ++ msg = _("Bad: new password is just a wrapped version of the old one"); ++ } ++ ++ _pam_delete(newmono); ++ _pam_delete(oldmono); ++ _pam_delete(wrapped); ++ ++ return msg; ++} ++ ++const char *obscure_msg(const char *old, const char *new, ++ const struct passwd *pwdp, unsigned int ctrl) { ++ int oldlen, newlen; ++ char *new1, *old1; ++ const char *msg; ++ ++ if (old == NULL) ++ return NULL; /* no check if old is NULL */ ++ ++ oldlen = strlen(old); ++ newlen = strlen(new); ++ ++ /* Remaining checks are optional. */ ++ if (off(UNIX_OBSCURE_CHECKS,ctrl)) ++ return NULL; ++ ++ if ((msg = password_check(old, new, pwdp)) != NULL) ++ return msg; ++ ++ /* The traditional crypt() truncates passwords to 8 chars. It is ++ possible to circumvent the above checks by choosing an easy ++ 8-char password and adding some random characters to it... ++ Example: "password$%^&*123". So check it again, this time ++ truncated to the maximum length. Idea from npasswd. --marekm */ ++ ++ if (!UNIX_DES_CRYPT(ctrl)) ++ return NULL; /* unlimited password length */ ++ ++ if (oldlen <= 8 && newlen <= 8) ++ return NULL; ++ ++ new1 = strndup(new,8); ++ old1 = strndup(old,8); ++ ++ msg = password_check(old1, new1, pwdp); ++ ++ _pam_delete(new1); ++ _pam_delete(old1); ++ ++ return msg; ++} +Index: pam.debian/modules/pam_unix/Makefile.am +=================================================================== +--- pam.debian.orig/modules/pam_unix/Makefile.am ++++ pam.debian/modules/pam_unix/Makefile.am +@@ -43,7 +43,7 @@ + + pam_unix_la_SOURCES = bigcrypt.c pam_unix_acct.c \ + pam_unix_auth.c pam_unix_passwd.c pam_unix_sess.c support.c \ +- passverify.c yppasswd_xdr.c md5_good.c md5_broken.c ++ passverify.c yppasswd_xdr.c md5_good.c md5_broken.c obscure.c + if STATIC_MODULES + pam_unix_la_SOURCES += pam_unix_static.c + endif +Index: pam.debian/modules/pam_unix/pam_unix.8 +=================================================================== +--- pam.debian.orig/modules/pam_unix/pam_unix.8 ++++ pam.debian/modules/pam_unix/pam_unix.8 +@@ -183,7 +183,38 @@ + .RS 4 + Set a minimum password length of + \fIn\fR +-characters\&. The max\&. for DES crypt based passwords are 8 characters\&. ++characters\&. The default value is 6\&. The maximum for DES crypt\-based passwords is 8 characters\&. ++.RE ++.PP ++\fBobscure\fR ++.RS 4 ++Enable some extra checks on password strength\&. These checks are based on the "obscure" checks in the original shadow package\&. The behavior is similar to the pam_cracklib module, but for non\-dictionary\-based checks\&. The following checks are implemented: ++.PP ++\fBPalindrome\fR ++.RS 4 ++Verifies that the new password is not a palindrome of (i\&.e\&., the reverse of) the previous one\&. ++.RE ++.PP ++\fBCase Change Only\fR ++.RS 4 ++Verifies that the new password isn\*(Aqt the same as the old one with a change of case\&. ++.RE ++.PP ++\fBSimilar\fR ++.RS 4 ++Verifies that the new password isn\*(Aqt too much like the previous one\&. ++.RE ++.PP ++\fBSimple\fR ++.RS 4 ++Is the new password too simple? This is based on the length of the password and the number of different types of characters (alpha, numeric, etc\&.) used\&. ++.RE ++.PP ++\fBRotated\fR ++.RS 4 ++Is the new password a rotated version of the old password? (E\&.g\&., "billy" and "illyb") ++.RE ++.sp + .RE + .PP + Invalid arguments are logged with diff --git a/debian/patches-applied/008_modules_pam_limits_chroot b/debian/patches-applied/008_modules_pam_limits_chroot new file mode 100644 index 00000000..fd4fc3a8 --- /dev/null +++ b/debian/patches-applied/008_modules_pam_limits_chroot @@ -0,0 +1,132 @@ +Index: pam.debian/modules/pam_limits/pam_limits.c +=================================================================== +--- pam.debian.orig/modules/pam_limits/pam_limits.c ++++ pam.debian/modules/pam_limits/pam_limits.c +@@ -87,6 +87,7 @@ + int flag_numsyslogins; /* whether to limit logins only for a + specific user or to count all logins */ + int priority; /* the priority to run user process with */ ++ char chroot_dir[8092]; /* directory to chroot into */ + struct user_limits_struct limits[RLIM_NLIMITS]; + const char *conf_file; + int utmp_after_pam_call; +@@ -97,6 +98,7 @@ + #define LIMIT_NUMSYSLOGINS RLIM_NLIMITS+2 + + #define LIMIT_PRI RLIM_NLIMITS+3 ++#define LIMIT_CHROOT RLIM_NLIMITS+4 + + #define LIMIT_SOFT 1 + #define LIMIT_HARD 2 +@@ -472,6 +474,8 @@ + pl->login_limit = -2; + pl->login_limit_def = LIMITS_DEF_NONE; + ++ pl->chroot_dir[0] = '\0'; ++ + return retval; + } + +@@ -542,6 +546,8 @@ + pl->flag_numsyslogins = 1; + } else if (strcmp(lim_item, "priority") == 0) { + limit_item = LIMIT_PRI; ++ } else if (strcmp(lim_item, "chroot") == 0) { ++ limit_item = LIMIT_CHROOT; + } else { + pam_syslog(pamh, LOG_DEBUG, "unknown limit item '%s'", lim_item); + return; +@@ -579,9 +585,9 @@ + pam_syslog(pamh, LOG_DEBUG, + "wrong limit value '%s' for limit type '%s'", + lim_value, lim_type); +- return; ++ return; + } +- } else { ++ } else if (limit_item != LIMIT_CHROOT) { + #ifdef __USE_FILE_OFFSET64 + rlimit_value = strtoull (lim_value, &endptr, 10); + #else +@@ -642,7 +648,11 @@ + #endif + } + +- if ( (limit_item != LIMIT_LOGIN) ++ if (limit_item == LIMIT_CHROOT) { ++ strncpy(pl->chroot_dir, value_orig, sizeof(pl->chroot_dir)-1); ++ pl->chroot_dir[sizeof(pl->chroot_dir)-1]='\0'; ++ } ++ else if ( (limit_item != LIMIT_LOGIN) + && (limit_item != LIMIT_NUMSYSLOGINS) + && (limit_item != LIMIT_PRI) ) { + if (limit_type & LIMIT_SOFT) { +@@ -986,6 +996,15 @@ + retval |= LOGIN_ERR; + } + ++ if (!retval && pl->chroot_dir[0]) { ++ i = chdir(pl->chroot_dir); ++ if (i == 0) ++ i = chroot(pl->chroot_dir); ++ if (i == 0) ++ i = chdir("/"); ++ if (i != 0) ++ retval = LIMIT_ERR; ++ } + return retval; + } + +Index: pam.debian/modules/pam_limits/limits.conf.5.xml +=================================================================== +--- pam.debian.orig/modules/pam_limits/limits.conf.5.xml ++++ pam.debian/modules/pam_limits/limits.conf.5.xml +@@ -255,6 +255,12 @@ + (Linux 2.6.12 and higher)</para> + </listitem> + </varlistentry> ++ <varlistentry> ++ <term><option>chroot</option></term> ++ <listitem> ++ <para>the directory to chroot the user to</para> ++ </listitem> ++ </varlistentry> + </variablelist> + </listitem> + </varlistentry> +Index: pam.debian/modules/pam_limits/limits.conf.5 +=================================================================== +--- pam.debian.orig/modules/pam_limits/limits.conf.5 ++++ pam.debian/modules/pam_limits/limits.conf.5 +@@ -260,6 +260,11 @@ + .RS 4 + maximum realtime priority allowed for non\-privileged processes (Linux 2\&.6\&.12 and higher) + .RE ++.PP ++\fBchroot\fR ++.RS 4 ++the directory to chroot the user to ++.RE + .RE + .PP + All items support the values +Index: pam.debian/modules/pam_limits/limits.conf +=================================================================== +--- pam.debian.orig/modules/pam_limits/limits.conf ++++ pam.debian/modules/pam_limits/limits.conf +@@ -35,6 +35,7 @@ + # - msgqueue - max memory used by POSIX message queues (bytes) + # - nice - max nice priority allowed to raise to values: [-20, 19] + # - rtprio - max realtime priority ++# - chroot - change root to directory (Debian-specific) + # + #<domain> <type> <item> <value> + # +@@ -45,6 +46,7 @@ + #@faculty soft nproc 20 + #@faculty hard nproc 50 + #ftp hard nproc 0 ++#ftp - chroot /ftp + #@student - maxlogins 4 + + # End of file diff --git a/debian/patches-applied/021_nis_cleanup b/debian/patches-applied/021_nis_cleanup new file mode 100644 index 00000000..6b62bb7a --- /dev/null +++ b/debian/patches-applied/021_nis_cleanup @@ -0,0 +1,44 @@ +Patch from Philippe Troin <phil@fifi.org> + +Originally this included a bunch of changes to locking, but the more +recent code pulled from Linux_pam CVS seems to fix that issue. + +Index: pam.deb/modules/pam_unix/pam_unix_passwd.c +=================================================================== +--- pam.deb.orig/modules/pam_unix/pam_unix_passwd.c ++++ pam.deb/modules/pam_unix/pam_unix_passwd.c +@@ -577,7 +577,7 @@ + + if (_unix_blankpasswd(pamh, ctrl, user)) { + return PAM_SUCCESS; +- } else if (off(UNIX__IAMROOT, ctrl)) { ++ } else if (off(UNIX__IAMROOT, ctrl) || on(UNIX_NIS, ctrl)) { + /* instruct user what is happening */ + if (asprintf(&Announce, _("Changing password for %s."), + user) < 0) { +@@ -590,7 +590,9 @@ + set(UNIX__OLD_PASSWD, lctrl); + retval = _unix_read_password(pamh, lctrl + ,Announce +- ,_("(current) UNIX password: ") ++ ,(on(UNIX__IAMROOT, ctrl) ++ ? _("NIS server root password: ") ++ : _("(current) UNIX password: ")) + ,NULL + ,_UNIX_OLD_AUTHTOK + ,&pass_old); +@@ -601,9 +603,12 @@ + "password - (old) token not obtained"); + return retval; + } +- /* verify that this is the password for this user */ ++ /* verify that this is the password for this user ++ * if we're not using NIS */ + +- retval = _unix_verify_password(pamh, user, pass_old, ctrl); ++ if (off(UNIX_NIS, ctrl)) { ++ retval = _unix_verify_password(pamh, user, pass_old, ctrl); ++ } + } else { + D(("process run by root so do nothing this time around")); + pass_old = NULL; diff --git a/debian/patches-applied/022_pam_unix_group_time_miscfixes b/debian/patches-applied/022_pam_unix_group_time_miscfixes new file mode 100644 index 00000000..73cba7a2 --- /dev/null +++ b/debian/patches-applied/022_pam_unix_group_time_miscfixes @@ -0,0 +1,22 @@ +Description: handle the case of flags being empty or only PAM_SILENT, which is + documented in other PAM implementations as meaning PAM_ESTABLISH_CRED: + http://publib.boulder.ibm.com/infocenter/aix/v6r1/index.jsp?topic=%2Fcom.ibm.aix.basetechref%2Fdoc%2Fbasetrf1%2Fpam_setcred.htm + +Index: pam.deb/modules/pam_group/pam_group.c +=================================================================== +--- pam.deb.orig/modules/pam_group/pam_group.c ++++ pam.deb/modules/pam_group/pam_group.c +@@ -765,9 +765,12 @@ + unsigned setting; + + /* only interested in establishing credentials */ ++ /* PAM docs say that an empty flag is to be treated as PAM_ESTABLISH_CRED. ++ Some people just pass PAM_SILENT, so cope with it, too. */ + + setting = flags; +- if (!(setting & (PAM_ESTABLISH_CRED | PAM_REINITIALIZE_CRED))) { ++ if (!(setting & (PAM_ESTABLISH_CRED | PAM_REINITIALIZE_CRED)) ++ && (setting != 0) && (setting != PAM_SILENT)) { + D(("ignoring call - not for establishing credentials")); + return PAM_SUCCESS; /* don't fail because of this */ + } diff --git a/debian/patches-applied/026_pam_unix_passwd_unknown_user b/debian/patches-applied/026_pam_unix_passwd_unknown_user new file mode 100644 index 00000000..1b1aade2 --- /dev/null +++ b/debian/patches-applied/026_pam_unix_passwd_unknown_user @@ -0,0 +1,33 @@ +Description: distinguish between password manipulation failure and missing user. +Author: Martin Schwenke <martin@meltin.net> + +Index: pam.deb/modules/pam_unix/passverify.c +=================================================================== +--- pam.deb.orig/modules/pam_unix/passverify.c ++++ pam.deb/modules/pam_unix/passverify.c +@@ -719,7 +719,7 @@ + struct passwd *tmpent = NULL; + struct stat st; + FILE *pwfile, *opwfile; +- int err = 1; ++ int err = 1, found = 0; + int oldmask; + #ifdef WITH_SELINUX + security_context_t prev_context=NULL; +@@ -790,6 +790,7 @@ + + tmpent->pw_passwd = assigned_passwd.charp; + err = 0; ++ found = 1; + } + if (putpwent(tmpent, pwfile)) { + D(("error writing entry to password file: %m")); +@@ -832,7 +833,7 @@ + return PAM_SUCCESS; + } else { + unlink(PW_TMPFILE); +- return PAM_AUTHTOK_ERR; ++ return found ? PAM_AUTHTOK_ERR : PAM_USER_UNKNOWN; + } + } + diff --git a/debian/patches-applied/027_pam_limits_better_init_allow_explicit_root b/debian/patches-applied/027_pam_limits_better_init_allow_explicit_root new file mode 100644 index 00000000..717fdd5c --- /dev/null +++ b/debian/patches-applied/027_pam_limits_better_init_allow_explicit_root @@ -0,0 +1,253 @@ +Description: Allow explicit limits for root and reset limits on each session + When crossing session boundaries (such as when su'ing from one user to + another), if the target account has no limit specified in limits.conf we + want to use the default, not the current value configured for the + source account. + . + If /proc/1/limits is unavailable, fall back to a set of hard-coded values + that shadow the currently known defaults on Linux. + . + Also, don't apply wildcard limits to the root account; only apply limits to + root that reference root by name. +Author: Peter Paluch <peterp@frcatel.fri.utc.sk>, + Ben Collins <bcollins@debian.org>, + Steve Langasek <vorlon@debian.org>, +Bug-Debian: http://bugs.debian.org/63230 +Index: pam.debian/modules/pam_limits/pam_limits.c +=================================================================== +--- pam.debian.orig/modules/pam_limits/pam_limits.c ++++ pam.debian/modules/pam_limits/pam_limits.c +@@ -45,6 +45,14 @@ + #include <libaudit.h> + #endif + ++#ifndef MLOCK_LIMIT ++#ifdef __FreeBSD_kernel__ ++#define MLOCK_LIMIT RLIM_INFINITY ++#else ++#define MLOCK_LIMIT (64*1024) ++#endif ++#endif ++ + /* Module defines */ + #define LINE_LENGTH 1024 + +@@ -82,6 +90,7 @@ + + /* internal data */ + struct pam_limit_s { ++ int root; /* running as root? */ + int login_limit; /* the max logins limit */ + int login_limit_def; /* which entry set the login limit */ + int flag_numsyslogins; /* whether to limit logins only for a +@@ -436,9 +445,18 @@ + { + int i; + int retval = PAM_SUCCESS; ++ static int mlock_limit = 0; + + D(("called.")); + ++ pl->root = 0; ++ ++ if (mlock_limit == 0) { ++ mlock_limit = sysconf(_SC_PAGESIZE); ++ if (mlock_limit < MLOCK_LIMIT) ++ mlock_limit = MLOCK_LIMIT; ++ } ++ + for(i = 0; i < RLIM_NLIMITS; i++) { + int r = getrlimit(i, &pl->limits[i].limit); + if (r == -1) { +@@ -454,18 +472,68 @@ + } + + #ifdef __linux__ +- if (ctrl & PAM_SET_ALL) { +- parse_kernel_limits(pamh, pl, ctrl); ++ parse_kernel_limits(pamh, pl, ctrl); ++#endif + +- for(i = 0; i < RLIM_NLIMITS; i++) { ++ for(i = 0; i < RLIM_NLIMITS; i++) { + if (pl->limits[i].supported && + (pl->limits[i].src_soft == LIMITS_DEF_NONE || + pl->limits[i].src_hard == LIMITS_DEF_NONE)) { +- pam_syslog(pamh, LOG_WARNING, "Did not find kernel RLIMIT for %s, using PAM default", rlimit2str(i)); ++#ifdef __linux__ ++ pam_syslog(pamh, LOG_WARNING, "Did not find kernel RLIMIT for %s, using PAM default", rlimit2str(i)); ++#endif ++ pl->limits[i].src_soft = LIMITS_DEF_DEFAULT; ++ pl->limits[i].src_hard = LIMITS_DEF_DEFAULT; ++ switch(i) { ++ case RLIMIT_CPU: ++ case RLIMIT_FSIZE: ++ case RLIMIT_DATA: ++ case RLIMIT_RSS: ++ case RLIMIT_NPROC: ++#ifdef RLIMIT_AS ++ case RLIMIT_AS: ++#endif ++#ifdef RLIMIT_LOCKS ++ case RLIMIT_LOCKS: ++#endif ++ pl->limits[i].limit.rlim_cur = RLIM_INFINITY; ++ pl->limits[i].limit.rlim_max = RLIM_INFINITY; ++ break; ++ case RLIMIT_MEMLOCK: ++ pl->limits[i].limit.rlim_cur = mlock_limit; ++ pl->limits[i].limit.rlim_max = mlock_limit; ++ break; ++#ifdef RLIMIT_SIGPENDING ++ case RLIMIT_SIGPENDING: ++ pl->limits[i].limit.rlim_cur = 16382; ++ pl->limits[i].limit.rlim_max = 16382; ++ break; ++#endif ++#ifdef RLIMIT_MSGQUEUE ++ case RLIMIT_MSGQUEUE: ++ pl->limits[i].limit.rlim_cur = 819200; ++ pl->limits[i].limit.rlim_max = 819200; ++ break; ++#endif ++ case RLIMIT_CORE: ++ pl->limits[i].limit.rlim_cur = 0; ++ pl->limits[i].limit.rlim_max = RLIM_INFINITY; ++ break; ++ case RLIMIT_STACK: ++ pl->limits[i].limit.rlim_cur = 8192*1024; ++ pl->limits[i].limit.rlim_max = RLIM_INFINITY; ++ break; ++ case RLIMIT_NOFILE: ++ pl->limits[i].limit.rlim_cur = 1024; ++ pl->limits[i].limit.rlim_max = 1024; ++ break; ++ default: ++ pl->limits[i].src_soft = LIMITS_DEF_NONE; ++ pl->limits[i].src_hard = LIMITS_DEF_NONE; ++ break; ++ } + } +- } + } +-#endif + + errno = 0; + pl->priority = getpriority (PRIO_PROCESS, 0); +@@ -804,7 +872,7 @@ + + if (strcmp(uname, domain) == 0) /* this user have a limit */ + process_limit(pamh, LIMITS_DEF_USER, ltype, item, value, ctrl, pl); +- else if (domain[0]=='@') { ++ else if (domain[0]=='@' && !pl->root) { + if (ctrl & PAM_DEBUG_ARG) { + pam_syslog(pamh, LOG_DEBUG, + "checking if %s is in group %s", +@@ -830,7 +898,7 @@ + process_limit(pamh, LIMITS_DEF_GROUP, ltype, item, value, ctrl, + pl); + } +- } else if (domain[0]=='%') { ++ } else if (domain[0]=='%' && !pl->root) { + if (ctrl & PAM_DEBUG_ARG) { + pam_syslog(pamh, LOG_DEBUG, + "checking if %s is in group %s", +@@ -864,7 +932,7 @@ + } else { + switch(rngtype) { + case LIMIT_RANGE_NONE: +- if (strcmp(domain, "*") == 0) ++ if (strcmp(domain, "*") == 0 && !pl->root) + process_limit(pamh, LIMITS_DEF_DEFAULT, ltype, item, value, ctrl, + pl); + break; +@@ -1050,6 +1118,8 @@ + return PAM_ABORT; + } + ++ if (pwd->pw_uid == 0) ++ pl->root = 1; + retval = parse_config_file(pamh, pwd->pw_name, pwd->pw_uid, pwd->pw_gid, ctrl, pl); + if (retval == PAM_IGNORE) { + D(("the configuration file ('%s') has an applicable '<domain> -' entry", CONF_FILE)); +Index: pam.debian/modules/pam_limits/limits.conf +=================================================================== +--- pam.debian.orig/modules/pam_limits/limits.conf ++++ pam.debian/modules/pam_limits/limits.conf +@@ -11,6 +11,9 @@ + # - the wildcard *, for default entry + # - the wildcard %, can be also used with %group syntax, + # for maxlogin limit ++# - NOTE: group and wildcard limits are not applied to root. ++# To apply a limit to the root user, <domain> must be ++# the literal username root. + # + #<type> can have the two values: + # - "soft" for enforcing the soft limits +@@ -41,6 +44,7 @@ + # + + #* soft core 0 ++#root hard core 100000 + #* hard rss 10000 + #@student hard nproc 20 + #@faculty soft nproc 20 +Index: pam.debian/modules/pam_limits/limits.conf.5.xml +=================================================================== +--- pam.debian.orig/modules/pam_limits/limits.conf.5.xml ++++ pam.debian/modules/pam_limits/limits.conf.5.xml +@@ -88,6 +88,11 @@ + </para> + </listitem> + </itemizedlist> ++ <para> ++ <emphasis remap='B'>NOTE:</emphasis> group and wildcard limits are not ++ applied to the root user. To set a limit for the root user, this field ++ must contain the literal username <emphasis remap='B'>root</emphasis>. ++ </para> + </listitem> + </varlistentry> + +@@ -309,6 +314,7 @@ + </para> + <programlisting> + * soft core 0 ++root hard core 100000 + * hard nofile 512 + @student hard nproc 20 + @faculty soft nproc 20 +Index: pam.debian/modules/pam_limits/limits.conf.5 +=================================================================== +--- pam.debian.orig/modules/pam_limits/limits.conf.5 ++++ pam.debian/modules/pam_limits/limits.conf.5 +@@ -132,6 +132,10 @@ + \fB%:\fR\fI<gid>\fR + applicable to maxlogins limit only\&. It limits the total number of logins of all users that are member of the group with the specified gid\&. + .RE ++.sp ++\fBNOTE:\fR ++group and wildcard limits are not applied to the root user\&. To set a limit for the root user, this field must contain the literal username ++\fBroot\fR\&. + .RE + .PP + \fB<type>\fR +@@ -304,6 +308,7 @@ + .\} + .nf + * soft core 0 ++root hard core 100000 + * hard nofile 512 + @student hard nproc 20 + @faculty soft nproc 20 +Index: pam.debian/modules/pam_limits/README +=================================================================== +--- pam.debian.orig/modules/pam_limits/README ++++ pam.debian/modules/pam_limits/README +@@ -54,6 +54,7 @@ + limits.conf. + + * soft core 0 ++root hard core 100000 + * hard nofile 512 + @student hard nproc 20 + @faculty soft nproc 20 diff --git a/debian/patches-applied/031_pam_include b/debian/patches-applied/031_pam_include new file mode 100644 index 00000000..da689047 --- /dev/null +++ b/debian/patches-applied/031_pam_include @@ -0,0 +1,72 @@ +Patch to implement an @include directive for use in pam.d config files. + +Authors: Jan Christoph Nordholz <hesso@pool.math.tu-berlin.de> + +Upstream status: not yet submitted + +Index: pam.debian/libpam/pam_handlers.c +=================================================================== +--- pam.debian.orig/libpam/pam_handlers.c ++++ pam.debian/libpam/pam_handlers.c +@@ -122,6 +122,10 @@ + module_type = PAM_T_ACCT; + } else if (!strcasecmp("password", tok)) { + module_type = PAM_T_PASS; ++ } else if (!strcasecmp("@include", tok)) { ++ pam_include = 1; ++ module_type = requested_module_type; ++ goto parsing_done; + } else { + /* Illegal module type */ + D(("_pam_init_handlers: bad module type: %s", tok)); +@@ -192,8 +196,10 @@ + _pam_set_default_control(actions, _PAM_ACTION_BAD); + } + ++parsing_done: + tok = _pam_StrTok(NULL, " \n\t", &nexttok); + if (pam_include) { ++ struct stat include_dir; + if (substack) { + res = _pam_add_handler(pamh, PAM_HT_SUBSTACK, other, + stack_level, module_type, actions, tok, +@@ -204,13 +210,35 @@ + return PAM_ABORT; + } + } +- if (_pam_load_conf_file(pamh, tok, this_service, module_type, +- stack_level + substack ++ if (tok[0] == '/') { ++ if (_pam_load_conf_file(pamh, tok, this_service, ++ module_type, stack_level + substack ++#ifdef PAM_READ_BOTH_CONFS ++ , !other ++#endif /* PAM_READ_BOTH_CONFS */ ++ ) == PAM_SUCCESS) ++ continue; ++ } ++ else if (!stat(PAM_CONFIG_D, &include_dir) ++ && S_ISDIR(include_dir.st_mode)) ++ { ++ char *include_file; ++ if (asprintf (&include_file, PAM_CONFIG_DF, tok) < 0) { ++ pam_syslog(pamh, LOG_CRIT, "asprintf failed"); ++ return PAM_ABORT; ++ } ++ if (_pam_load_conf_file(pamh, include_file, this_service, ++ module_type, stack_level + substack + #ifdef PAM_READ_BOTH_CONFS + , !other + #endif /* PAM_READ_BOTH_CONFS */ +- ) == PAM_SUCCESS) +- continue; ++ ) == PAM_SUCCESS) ++ { ++ free(include_file); ++ continue; ++ } ++ free(include_file); ++ } + _pam_set_default_control(actions, _PAM_ACTION_BAD); + mod_path = NULL; + handler_type = PAM_HT_MUST_FAIL; diff --git a/debian/patches-applied/032_pam_limits_EPERM_NOT_FATAL b/debian/patches-applied/032_pam_limits_EPERM_NOT_FATAL new file mode 100644 index 00000000..58fab0ee --- /dev/null +++ b/debian/patches-applied/032_pam_limits_EPERM_NOT_FATAL @@ -0,0 +1,22 @@ +setrlimit will sometimes return EPERM for example if you try to increase the +number of open files too much. This is not something we want to consider +fatal. This also happens if you use non-root and try to decrease a limit. +Running PAM as non-root is not so great. + +Authors: ? + +Upstream status: submitted in <20070830171918.GB30563@dario.dodds.net> + +Index: pam.deb/modules/pam_limits/pam_limits.c +=================================================================== +--- pam.deb.orig/modules/pam_limits/pam_limits.c ++++ pam.deb/modules/pam_limits/pam_limits.c +@@ -735,6 +735,8 @@ + if (res != 0) + pam_syslog(pamh, LOG_ERR, "Could not set limit for '%s': %m", + rlimit2str(i)); ++ if (res == -1 && errno == EPERM) ++ continue; + status |= res; + } + diff --git a/debian/patches-applied/036_pam_wheel_getlogin_considered_harmful b/debian/patches-applied/036_pam_wheel_getlogin_considered_harmful new file mode 100644 index 00000000..146d3e0a --- /dev/null +++ b/debian/patches-applied/036_pam_wheel_getlogin_considered_harmful @@ -0,0 +1,145 @@ +Patch for Debian bug #163787 et al + +Always use the process uid, not getlogin(), to identify an applicant in +pam_wheel; utmp may be wrong or may have no entry at all in the case of +an xterm + +Authors: Ben Collins <bcollins@debian.org> + +Upstream status: submitted in <20070901175405.GA26092@dario.dodds.net> + +Index: pam.debian/modules/pam_wheel/pam_wheel.c +=================================================================== +--- pam.debian.orig/modules/pam_wheel/pam_wheel.c ++++ pam.debian/modules/pam_wheel/pam_wheel.c +@@ -60,9 +60,8 @@ + /* argument parsing */ + + #define PAM_DEBUG_ARG 0x0001 +-#define PAM_USE_UID_ARG 0x0002 +-#define PAM_TRUST_ARG 0x0004 +-#define PAM_DENY_ARG 0x0010 ++#define PAM_TRUST_ARG 0x0002 ++#define PAM_DENY_ARG 0x0004 + #define PAM_ROOT_ONLY_ARG 0x0020 + + static int +@@ -80,8 +79,7 @@ + + if (!strcmp(*argv,"debug")) + ctrl |= PAM_DEBUG_ARG; +- else if (!strcmp(*argv,"use_uid")) +- ctrl |= PAM_USE_UID_ARG; ++ else if (!strcmp(*argv,"use_uid")); /* ignored for compat. */ + else if (!strcmp(*argv,"trust")) + ctrl |= PAM_TRUST_ARG; + else if (!strcmp(*argv,"deny")) +@@ -129,27 +127,14 @@ + } + } + +- if (ctrl & PAM_USE_UID_ARG) { +- tpwd = pam_modutil_getpwuid (pamh, getuid()); +- if (!tpwd) { +- if (ctrl & PAM_DEBUG_ARG) { +- pam_syslog(pamh, LOG_NOTICE, "who is running me ?!"); +- } +- return PAM_SERVICE_ERR; +- } +- fromsu = tpwd->pw_name; +- } else { +- fromsu = pam_modutil_getlogin(pamh); +- if (fromsu) { +- tpwd = pam_modutil_getpwnam (pamh, fromsu); +- } +- if (!fromsu || !tpwd) { +- if (ctrl & PAM_DEBUG_ARG) { +- pam_syslog(pamh, LOG_NOTICE, "who is running me ?!"); +- } +- return PAM_SERVICE_ERR; ++ tpwd = pam_modutil_getpwuid (pamh, getuid()); ++ if (!tpwd) { ++ if (ctrl & PAM_DEBUG_ARG) { ++ pam_syslog(pamh, LOG_NOTICE, "who is running me ?!"); + } ++ return PAM_SERVICE_ERR; + } ++ fromsu = tpwd->pw_name; + + /* + * At this point fromsu = username-of-invoker; tpwd = pwd ptr for fromsu +Index: pam.debian/modules/pam_wheel/pam_wheel.8.xml +=================================================================== +--- pam.debian.orig/modules/pam_wheel/pam_wheel.8.xml ++++ pam.debian/modules/pam_wheel/pam_wheel.8.xml +@@ -33,9 +33,6 @@ + <arg choice="opt"> + trust + </arg> +- <arg choice="opt"> +- use_uid +- </arg> + </cmdsynopsis> + </refsynopsisdiv> + +@@ -115,18 +112,6 @@ + </para> + </listitem> + </varlistentry> +- <varlistentry> +- <term> +- <option>use_uid</option> +- </term> +- <listitem> +- <para> +- The check for wheel membership will be done against +- the current uid instead of the original one (useful when +- jumping with su from one account to another for example). +- </para> +- </listitem> +- </varlistentry> + </variablelist> + </refsect1> + +Index: pam.debian/modules/pam_wheel/pam_wheel.8 +=================================================================== +--- pam.debian.orig/modules/pam_wheel/pam_wheel.8 ++++ pam.debian/modules/pam_wheel/pam_wheel.8 +@@ -31,7 +31,7 @@ + pam_wheel \- Only permit root access to members of group wheel + .SH "SYNOPSIS" + .HP \w'\fBpam_wheel\&.so\fR\ 'u +-\fBpam_wheel\&.so\fR [debug] [deny] [group=\fIname\fR] [root_only] [trust] [use_uid] ++\fBpam_wheel\&.so\fR [debug] [deny] [group=\fIname\fR] [root_only] [trust] + .SH "DESCRIPTION" + .PP + The pam_wheel PAM module is used to enforce the so\-called +@@ -72,11 +72,6 @@ + .RS 4 + The pam_wheel module will return PAM_SUCCESS instead of PAM_IGNORE if the user is a member of the wheel group (thus with a little play stacking the modules the wheel members may be able to su to root without being prompted for a passwd)\&. + .RE +-.PP +-\fBuse_uid\fR +-.RS 4 +-The check for wheel membership will be done against the current uid instead of the original one (useful when jumping with su from one account to another for example)\&. +-.RE + .SH "MODULE TYPES PROVIDED" + .PP + The +Index: pam.debian/modules/pam_wheel/README +=================================================================== +--- pam.debian.orig/modules/pam_wheel/README ++++ pam.debian/modules/pam_wheel/README +@@ -39,12 +39,6 @@ + modules the wheel members may be able to su to root without being prompted + for a passwd). + +-use_uid +- +- The check for wheel membership will be done against the current uid instead +- of the original one (useful when jumping with su from one account to +- another for example). +- + EXAMPLES + + The root account gains access by default (rootok), only wheel members can diff --git a/debian/patches-applied/040_pam_limits_log_failure b/debian/patches-applied/040_pam_limits_log_failure new file mode 100644 index 00000000..f80273e7 --- /dev/null +++ b/debian/patches-applied/040_pam_limits_log_failure @@ -0,0 +1,36 @@ +Patch for Debian bug #180310 + +Generate some (low-severity) log information whenever setrlimit() fails, +for debugging purposes. + +Authors: Sam Hartman <hartmans@debian.org> + +Upstream status: submitted in <20070830171918.GB30563@dario.dodds.net> + +Index: pam.deb/modules/pam_limits/pam_limits.c +=================================================================== +--- pam.deb.orig/modules/pam_limits/pam_limits.c ++++ pam.deb/modules/pam_limits/pam_limits.c +@@ -732,9 +732,19 @@ + if (pl->limits[i].limit.rlim_cur > pl->limits[i].limit.rlim_max) + pl->limits[i].limit.rlim_cur = pl->limits[i].limit.rlim_max; + res = setrlimit(i, &pl->limits[i].limit); +- if (res != 0) +- pam_syslog(pamh, LOG_ERR, "Could not set limit for '%s': %m", +- rlimit2str(i)); ++ if (res != 0 && (i != RLIMIT_NOFILE ++ || pl->limits[i].limit.rlim_cur != RLIM_INFINITY)) ++ { ++ int save_errno = errno; ++ pam_syslog(pamh, LOG_DEBUG, ++ "Could not set limit for '%s' to soft=%d, hard=%d:" ++ " %m; uid=%lu,euid=%lu", rlimit2str(i), ++ pl->limits[i].limit.rlim_cur, ++ pl->limits[i].limit.rlim_max, ++ (unsigned long) getuid(), ++ (unsigned long) geteuid()); ++ errno = save_errno; ++ } + if (res == -1 && errno == EPERM) + continue; + status |= res; diff --git a/debian/patches-applied/045_pam_dispatch_jump_is_ignore b/debian/patches-applied/045_pam_dispatch_jump_is_ignore new file mode 100644 index 00000000..0e3491d3 --- /dev/null +++ b/debian/patches-applied/045_pam_dispatch_jump_is_ignore @@ -0,0 +1,31 @@ + +Previously jumps were treated as PAM_IGNORE in the freezing part of +the chain and PAM_OK (aka required) in the frozen part of the chain. +No one on pam-list was able to explain this behavior, so I changed it +to be consistent. + +Index: pam.debian/libpam/pam_dispatch.c +=================================================================== +--- pam.debian.orig/libpam/pam_dispatch.c ++++ pam.debian/libpam/pam_dispatch.c +@@ -254,19 +254,7 @@ + if ( _PAM_ACTION_IS_JUMP(action) ) { + + /* If we are evaluating a cached chain, we treat this +- module as required (aka _PAM_ACTION_OK) as well as +- executing the jump. */ +- +- if (use_cached_chain) { +- if (impression == _PAM_UNDEF +- || (impression == _PAM_POSITIVE +- && status == PAM_SUCCESS) ) { +- if ( retval != PAM_IGNORE || cached_retval == retval ) { +- impression = _PAM_POSITIVE; +- status = retval; +- } +- } +- } ++ module as ignored as well as executing the jump. */ + + /* this means that we need to skip #action stacked modules */ + while (h->next != NULL && h->next->stack_level >= stack_level && action > 0) { diff --git a/debian/patches-applied/054_pam_security_abstract_securetty_handling b/debian/patches-applied/054_pam_security_abstract_securetty_handling new file mode 100644 index 00000000..91d6809f --- /dev/null +++ b/debian/patches-applied/054_pam_security_abstract_securetty_handling @@ -0,0 +1,199 @@ +Description: extract the securetty logic for use with the "nullok_secure" option + introduced in the "055_pam_unix_nullok_secure" patch. + +Index: pam.debian/modules/pam_securetty/pam_securetty.c +=================================================================== +--- pam.debian.orig/modules/pam_securetty/pam_securetty.c ++++ pam.debian/modules/pam_securetty/pam_securetty.c +@@ -1,7 +1,5 @@ + /* pam_securetty module */ + +-#define SECURETTY_FILE "/etc/securetty" +-#define TTY_PREFIX "/dev/" + #define CMDLINE_FILE "/proc/cmdline" + #define CONSOLEACTIVE_FILE "/sys/class/tty/console/active" + +@@ -40,6 +38,9 @@ + #include <security/pam_modutil.h> + #include <security/pam_ext.h> + ++extern int _pammodutil_tty_secure(const pam_handle_t *pamh, ++ const char *uttyname); ++ + #define PAM_DEBUG_ARG 0x0001 + #define PAM_NOCONSOLE_ARG 0x0002 + +@@ -73,11 +74,7 @@ + const char *username; + const char *uttyname; + const void *void_uttyname; +- char ttyfileline[256]; +- char ptname[256]; +- struct stat ttyfileinfo; + struct passwd *user_pwd; +- FILE *ttyfile; + + /* log a trail for debugging */ + if (ctrl & PAM_DEBUG_ARG) { +@@ -105,50 +102,7 @@ + return PAM_SERVICE_ERR; + } + +- /* The PAM_TTY item may be prefixed with "/dev/" - skip that */ +- if (strncmp(TTY_PREFIX, uttyname, sizeof(TTY_PREFIX)-1) == 0) { +- uttyname += sizeof(TTY_PREFIX)-1; +- } +- +- if (stat(SECURETTY_FILE, &ttyfileinfo)) { +- pam_syslog(pamh, LOG_NOTICE, "Couldn't open %s: %m", SECURETTY_FILE); +- return PAM_SUCCESS; /* for compatibility with old securetty handling, +- this needs to succeed. But we still log the +- error. */ +- } +- +- if ((ttyfileinfo.st_mode & S_IWOTH) || !S_ISREG(ttyfileinfo.st_mode)) { +- /* If the file is world writable or is not a +- normal file, return error */ +- pam_syslog(pamh, LOG_ERR, +- "%s is either world writable or not a normal file", +- SECURETTY_FILE); +- return PAM_AUTH_ERR; +- } +- +- ttyfile = fopen(SECURETTY_FILE,"r"); +- if (ttyfile == NULL) { /* Check that we opened it successfully */ +- pam_syslog(pamh, LOG_ERR, "Error opening %s: %m", SECURETTY_FILE); +- return PAM_SERVICE_ERR; +- } +- +- if (isdigit(uttyname[0])) { +- snprintf(ptname, sizeof(ptname), "pts/%s", uttyname); +- } else { +- ptname[0] = '\0'; +- } +- +- retval = 1; +- +- while ((fgets(ttyfileline, sizeof(ttyfileline)-1, ttyfile) != NULL) +- && retval) { +- if (ttyfileline[strlen(ttyfileline) - 1] == '\n') +- ttyfileline[strlen(ttyfileline) - 1] = '\0'; +- +- retval = ( strcmp(ttyfileline, uttyname) +- && (!ptname[0] || strcmp(ptname, uttyname)) ); +- } +- fclose(ttyfile); ++ retval = _pammodutil_tty_secure(pamh, uttyname); + + if (retval && !(ctrl & PAM_NOCONSOLE_ARG)) { + FILE *cmdlinefile; +Index: pam.debian/modules/pam_securetty/tty_secure.c +=================================================================== +--- /dev/null ++++ pam.debian/modules/pam_securetty/tty_secure.c +@@ -0,0 +1,90 @@ ++/* ++ * A function to determine if a particular line is in /etc/securetty ++ */ ++ ++ ++#define SECURETTY_FILE "/etc/securetty" ++#define TTY_PREFIX "/dev/" ++ ++/* This function taken out of pam_securetty by Sam Hartman ++ * <hartmans@debian.org>*/ ++/* ++ * by Elliot Lee <sopwith@redhat.com>, Red Hat Software. ++ * July 25, 1996. ++ * Slight modifications AGM. 1996/12/3 ++ */ ++ ++#include <unistd.h> ++#include <sys/types.h> ++#include <sys/stat.h> ++#include <security/pam_modules.h> ++#include <stdarg.h> ++#include <syslog.h> ++#include <sys/syslog.h> ++#include <stdio.h> ++#include <string.h> ++#include <stdlib.h> ++#include <ctype.h> ++#include <security/pam_modutil.h> ++#include <security/pam_ext.h> ++ ++extern int _pammodutil_tty_secure(const pam_handle_t *pamh, ++ const char *uttyname); ++ ++int _pammodutil_tty_secure(const pam_handle_t *pamh, const char *uttyname) ++{ ++ int retval = PAM_AUTH_ERR; ++ char ttyfileline[256]; ++ char ptname[256]; ++ struct stat ttyfileinfo; ++ FILE *ttyfile; ++ /* The PAM_TTY item may be prefixed with "/dev/" - skip that */ ++ if (strncmp(TTY_PREFIX, uttyname, sizeof(TTY_PREFIX)-1) == 0) ++ uttyname += sizeof(TTY_PREFIX)-1; ++ ++ if (stat(SECURETTY_FILE, &ttyfileinfo)) { ++ pam_syslog(pamh, LOG_NOTICE, "Couldn't open %s: %m", ++ SECURETTY_FILE); ++ return PAM_SUCCESS; /* for compatibility with old securetty handling, ++ this needs to succeed. But we still log the ++ error. */ ++ } ++ ++ if ((ttyfileinfo.st_mode & S_IWOTH) || !S_ISREG(ttyfileinfo.st_mode)) { ++ /* If the file is world writable or is not a ++ normal file, return error */ ++ pam_syslog(pamh, LOG_ERR, ++ "%s is either world writable or not a normal file", ++ SECURETTY_FILE); ++ return PAM_AUTH_ERR; ++ } ++ ++ ttyfile = fopen(SECURETTY_FILE,"r"); ++ if(ttyfile == NULL) { /* Check that we opened it successfully */ ++ pam_syslog(pamh, LOG_ERR, "Error opening %s: %m", SECURETTY_FILE); ++ return PAM_SERVICE_ERR; ++ } ++ ++ if (isdigit(uttyname[0])) { ++ snprintf(ptname, sizeof(ptname), "pts/%s", uttyname); ++ } else { ++ ptname[0] = '\0'; ++ } ++ ++ retval = 1; ++ ++ while ((fgets(ttyfileline,sizeof(ttyfileline)-1, ttyfile) != NULL) ++ && retval) { ++ if(ttyfileline[strlen(ttyfileline) - 1] == '\n') ++ ttyfileline[strlen(ttyfileline) - 1] = '\0'; ++ retval = ( strcmp(ttyfileline,uttyname) ++ && (!ptname[0] || strcmp(ptname, uttyname)) ); ++ } ++ fclose(ttyfile); ++ ++ if(retval) { ++ retval = PAM_AUTH_ERR; ++ } ++ ++ return retval; ++} +Index: pam.debian/modules/pam_securetty/Makefile.am +=================================================================== +--- pam.debian.orig/modules/pam_securetty/Makefile.am ++++ pam.debian/modules/pam_securetty/Makefile.am +@@ -24,6 +24,10 @@ + securelib_LTLIBRARIES = pam_securetty.la + pam_securetty_la_LIBADD = -L$(top_builddir)/libpam -lpam + ++pam_securetty_la_SOURCES = \ ++ pam_securetty.c \ ++ tty_secure.c ++ + if ENABLE_REGENERATE_MAN + noinst_DATA = README + README: pam_securetty.8.xml diff --git a/debian/patches-applied/055_pam_unix_nullok_secure b/debian/patches-applied/055_pam_unix_nullok_secure new file mode 100644 index 00000000..8c1b84c7 --- /dev/null +++ b/debian/patches-applied/055_pam_unix_nullok_secure @@ -0,0 +1,223 @@ +Debian patch to add a new 'nullok_secure' option to pam_unix, which +accepts users with null passwords only when the applicant is connected +from a tty listed in /etc/securetty. + +Authors: Sam Hartman <hartmans@debian.org>, + Steve Langasek <vorlon@debian.org> + +Upstream status: not yet submitted + +Index: pam.debian/modules/pam_unix/support.c +=================================================================== +--- pam.debian.orig/modules/pam_unix/support.c ++++ pam.debian/modules/pam_unix/support.c +@@ -189,13 +189,22 @@ + /* now parse the arguments to this module */ + + for (; argc-- > 0; ++argv) { ++ int sl; + + D(("pam_unix arg: %s", *argv)); + + for (j = 0; j < UNIX_CTRLS_; ++j) { +- if (unix_args[j].token +- && !strncmp(*argv, unix_args[j].token, strlen(unix_args[j].token))) { +- break; ++ if (unix_args[j].token) { ++ sl = strlen(unix_args[j].token); ++ if (unix_args[j].token[sl-1] == '=') { ++ /* exclude argument from comparison */ ++ if (!strncmp(*argv, unix_args[j].token, sl)) ++ break; ++ } else { ++ /* compare full strings */ ++ if (!strcmp(*argv, unix_args[j].token)) ++ break; ++ } + } + } + +@@ -565,6 +574,7 @@ + child = fork(); + if (child == 0) { + int i=0; ++ int nullok = off(UNIX__NONULL, ctrl); + struct rlimit rlim; + static char *envp[] = { NULL }; + char *args[] = { NULL, NULL, NULL, NULL }; +@@ -595,7 +605,18 @@ + /* exec binary helper */ + args[0] = strdup(CHKPWD_HELPER); + args[1] = x_strdup(user); +- if (off(UNIX__NONULL, ctrl)) { /* this means we've succeeded */ ++ ++ if (on(UNIX_NULLOK_SECURE, ctrl)) { ++ const void *uttyname; ++ retval = pam_get_item(pamh, PAM_TTY, &uttyname); ++ if (retval != PAM_SUCCESS || uttyname == NULL ++ || _pammodutil_tty_secure(pamh, (const char *)uttyname) != PAM_SUCCESS) ++ { ++ nullok = 0; ++ } ++ } ++ ++ if (nullok) { + args[2]=strdup("nullok"); + } else { + args[2]=strdup("nonull"); +@@ -675,6 +696,17 @@ + if (on(UNIX__NONULL, ctrl)) + return 0; /* will fail but don't let on yet */ + ++ if (on(UNIX_NULLOK_SECURE, ctrl)) { ++ int retval2; ++ const void *uttyname; ++ retval2 = pam_get_item(pamh, PAM_TTY, &uttyname); ++ if (retval2 != PAM_SUCCESS || uttyname == NULL) ++ return 0; ++ ++ if (_pammodutil_tty_secure(pamh, (const char *)uttyname) != PAM_SUCCESS) ++ return 0; ++ } ++ + /* UNIX passwords area */ + + retval = get_pwd_hash(pamh, name, &pwd, &salt); +@@ -761,7 +793,8 @@ + } + } + } else { +- retval = verify_pwd_hash(p, salt, off(UNIX__NONULL, ctrl)); ++ retval = verify_pwd_hash(p, salt, ++ _unix_blankpasswd(pamh, ctrl, name)); + } + + if (retval == PAM_SUCCESS) { +Index: pam.debian/modules/pam_unix/support.h +=================================================================== +--- pam.debian.orig/modules/pam_unix/support.h ++++ pam.debian/modules/pam_unix/support.h +@@ -98,8 +98,9 @@ + #define UNIX_BLOWFISH_PASS 26 /* new password hashes will use blowfish */ + #define UNIX_MIN_PASS_LEN 27 /* min length for password */ + #define UNIX_OBSCURE_CHECKS 28 /* enable obscure checks on passwords */ ++#define UNIX_NULLOK_SECURE 29 /* NULL passwords allowed only on secure ttys */ + /* -------------- */ +-#define UNIX_CTRLS_ 29 /* number of ctrl arguments defined */ ++#define UNIX_CTRLS_ 30 /* number of ctrl arguments defined */ + + #define UNIX_DES_CRYPT(ctrl) (off(UNIX_MD5_PASS,ctrl)&&off(UNIX_BIGCRYPT,ctrl)&&off(UNIX_SHA256_PASS,ctrl)&&off(UNIX_SHA512_PASS,ctrl)&&off(UNIX_BLOWFISH_PASS,ctrl)) + +@@ -117,7 +118,7 @@ + /* UNIX_NOT_SET_PASS */ {"not_set_pass", _ALL_ON_, 0x40, 0}, + /* UNIX__PRELIM */ {NULL, _ALL_ON_^(0x180), 0x80, 0}, + /* UNIX__UPDATE */ {NULL, _ALL_ON_^(0x180), 0x100, 0}, +-/* UNIX__NONULL */ {NULL, _ALL_ON_, 0x200, 0}, ++/* UNIX__NONULL */ {NULL, _ALL_ON_^(0x10000000), 0x200, 0}, + /* UNIX__QUIET */ {NULL, _ALL_ON_, 0x400, 0}, + /* UNIX_USE_AUTHTOK */ {"use_authtok", _ALL_ON_, 0x800, 0}, + /* UNIX_SHADOW */ {"shadow", _ALL_ON_, 0x1000, 0}, +@@ -137,6 +138,7 @@ + /* UNIX_BLOWFISH_PASS */ {"blowfish", _ALL_ON_^(0x2C22000),0x2000000, 1}, + /* UNIX_MIN_PASS_LEN */ {"minlen=", _ALL_ON_, 0x4000000, 0}, + /* UNIX_OBSCURE_CHECKS */ {"obscure", _ALL_ON_, 0x8000000, 0}, ++/* UNIX_NULLOK_SECURE */ {"nullok_secure", _ALL_ON_^(0x200), 0x10000000, 0}, + }; + + #define UNIX_DEFAULTS (unix_args[UNIX__NONULL].flag) +@@ -172,6 +174,9 @@ + ,const char *data_name + ,const void **pass); + ++extern int _pammodutil_tty_secure(const pam_handle_t *pamh, ++ const char *uttyname); ++ + extern int _unix_run_verify_binary(pam_handle_t *pamh, + unsigned int ctrl, const char *user, int *daysleft); + #endif /* _PAM_UNIX_SUPPORT_H */ +Index: pam.debian/modules/pam_unix/Makefile.am +=================================================================== +--- pam.debian.orig/modules/pam_unix/Makefile.am ++++ pam.debian/modules/pam_unix/Makefile.am +@@ -30,7 +30,8 @@ + pam_unix_la_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map + endif + pam_unix_la_LIBADD = $(top_builddir)/libpam/libpam.la \ +- @LIBCRYPT@ @LIBSELINUX@ $(NIS_LIBS) ++ @LIBCRYPT@ @LIBSELINUX@ $(NIS_LIBS) \ ++ ../pam_securetty/tty_secure.lo + + securelib_LTLIBRARIES = pam_unix.la + +Index: pam.debian/modules/pam_unix/README +=================================================================== +--- pam.debian.orig/modules/pam_unix/README ++++ pam.debian/modules/pam_unix/README +@@ -58,7 +58,16 @@ + + The default action of this module is to not permit the user access to a + service if their official password is blank. The nullok argument overrides +- this default. ++ this default and allows any user with a blank password to access the ++ service. ++ ++nullok_secure ++ ++ The default action of this module is to not permit the user access to a ++ service if their official password is blank. The nullok_secure argument ++ overrides this default and allows any user with a blank password to access ++ the service as long as the value of PAM_TTY is set to one of the values ++ found in /etc/securetty. + + try_first_pass + +Index: pam.debian/modules/pam_unix/pam_unix.8 +=================================================================== +--- pam.debian.orig/modules/pam_unix/pam_unix.8 ++++ pam.debian/modules/pam_unix/pam_unix.8 +@@ -82,7 +82,14 @@ + .RS 4 + The default action of this module is to not permit the user access to a service if their official password is blank\&. The + \fBnullok\fR +-argument overrides this default\&. ++argument overrides this default and allows any user with a blank password to access the service\&. ++.RE ++.PP ++\fBnullok_secure\fR ++.RS 4 ++The default action of this module is to not permit the user access to a service if their official password is blank\&. The ++\fBnullok_secure\fR ++argument overrides this default and allows any user with a blank password to access the service as long as the value of PAM_TTY is set to one of the values found in /etc/securetty\&. + .RE + .PP + \fBtry_first_pass\fR +Index: pam.debian/modules/pam_unix/pam_unix.8.xml +=================================================================== +--- pam.debian.orig/modules/pam_unix/pam_unix.8.xml ++++ pam.debian/modules/pam_unix/pam_unix.8.xml +@@ -137,7 +137,24 @@ + <para> + The default action of this module is to not permit the + user access to a service if their official password is blank. +- The <option>nullok</option> argument overrides this default. ++ The <option>nullok</option> argument overrides this default ++ and allows any user with a blank password to access the ++ service. ++ </para> ++ </listitem> ++ </varlistentry> ++ <varlistentry> ++ <term> ++ <option>nullok_secure</option> ++ </term> ++ <listitem> ++ <para> ++ The default action of this module is to not permit the ++ user access to a service if their official password is blank. ++ The <option>nullok_secure</option> argument overrides this ++ default and allows any user with a blank password to access ++ the service as long as the value of PAM_TTY is set to one of ++ the values found in /etc/securetty. + </para> + </listitem> + </varlistentry> diff --git a/debian/patches-applied/PAM-manpage-section b/debian/patches-applied/PAM-manpage-section new file mode 100644 index 00000000..fc0dcab4 --- /dev/null +++ b/debian/patches-applied/PAM-manpage-section @@ -0,0 +1,1637 @@ +Patch to put the PAM manpage in section 7 (general topics) instead of 8 +(system administration commands) + +Authors: Steve Langasek <vorlon@debian.org> + +Upstream status: maybe provide a backwards-compatibility link first? + +Index: pam.debian/doc/man/pam.8.xml +=================================================================== +--- pam.debian.orig/doc/man/pam.8.xml ++++ pam.debian/doc/man/pam.8.xml +@@ -6,7 +6,7 @@ + + <refmeta> + <refentrytitle>pam</refentrytitle> +- <manvolnum>8</manvolnum> ++ <manvolnum>7</manvolnum> + <refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo> + </refmeta> + +@@ -179,7 +179,7 @@ + <refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum> + </citerefentry>, + <citerefentry> +- <refentrytitle>PAM</refentrytitle><manvolnum>8</manvolnum> ++ <refentrytitle>PAM</refentrytitle><manvolnum>7</manvolnum> + </citerefentry> + </para> + </refsect1> +Index: pam.debian/doc/man/PAM.8 +=================================================================== +--- pam.debian.orig/doc/man/PAM.8 ++++ pam.debian/doc/man/PAM.8 +@@ -2,12 +2,12 @@ + .\" Title: pam + .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] + .\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/> +-.\" Date: 09/19/2013 ++.\" Date: 01/16/2014 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "PAM" "8" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" ++.TH "PAM" "7" "01/16/2014" "Linux-PAM Manual" "Linux-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +@@ -118,4 +118,4 @@ + \fBpam_authenticate\fR(3), + \fBpam_sm_setcred\fR(3), + \fBpam_strerror\fR(3), +-\fBPAM\fR(8) ++\fBPAM\fR(7) +Index: pam.debian/modules/pam_access/access.conf.5.xml +=================================================================== +--- pam.debian.orig/modules/pam_access/access.conf.5.xml ++++ pam.debian/modules/pam_access/access.conf.5.xml +@@ -191,7 +191,7 @@ + <para> + <citerefentry><refentrytitle>pam_access</refentrytitle><manvolnum>8</manvolnum></citerefentry>, + <citerefentry><refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>, +- <citerefentry><refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum></citerefentry> ++ <citerefentry><refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum></citerefentry> + </para> + </refsect1> + +Index: pam.debian/modules/pam_access/access.conf.5 +=================================================================== +--- pam.debian.orig/modules/pam_access/access.conf.5 ++++ pam.debian/modules/pam_access/access.conf.5 +@@ -181,7 +181,7 @@ + .PP + \fBpam_access\fR(8), + \fBpam.d\fR(5), +-\fBpam\fR(8) ++\fBpam\fR(7) + .SH "AUTHORS" + .PP + Original +Index: pam.debian/modules/pam_env/pam_env.conf.5.xml +=================================================================== +--- pam.debian.orig/modules/pam_env/pam_env.conf.5.xml ++++ pam.debian/modules/pam_env/pam_env.conf.5.xml +@@ -110,7 +110,7 @@ + <para> + <citerefentry><refentrytitle>pam_env</refentrytitle><manvolnum>8</manvolnum></citerefentry>, + <citerefentry><refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>, +- <citerefentry><refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum></citerefentry> ++ <citerefentry><refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum></citerefentry> + </para> + </refsect1> + +Index: pam.debian/modules/pam_env/pam_env.conf.5 +=================================================================== +--- pam.debian.orig/modules/pam_env/pam_env.conf.5 ++++ pam.debian/modules/pam_env/pam_env.conf.5 +@@ -112,7 +112,7 @@ + .PP + \fBpam_env\fR(8), + \fBpam.d\fR(5), +-\fBpam\fR(8) ++\fBpam\fR(7) + .SH "AUTHOR" + .PP + pam_env was written by Dave Kinchlea <kinch@kinch\&.ark\&.com>\&. +Index: pam.debian/modules/pam_group/group.conf.5.xml +=================================================================== +--- pam.debian.orig/modules/pam_group/group.conf.5.xml ++++ pam.debian/modules/pam_group/group.conf.5.xml +@@ -128,7 +128,7 @@ + <para> + <citerefentry><refentrytitle>pam_group</refentrytitle><manvolnum>8</manvolnum></citerefentry>, + <citerefentry><refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>, +- <citerefentry><refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum></citerefentry> ++ <citerefentry><refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum></citerefentry> + </para> + </refsect1> + +Index: pam.debian/modules/pam_group/group.conf.5 +=================================================================== +--- pam.debian.orig/modules/pam_group/group.conf.5 ++++ pam.debian/modules/pam_group/group.conf.5 +@@ -113,7 +113,7 @@ + .PP + \fBpam_group\fR(8), + \fBpam.d\fR(5), +-\fBpam\fR(8) ++\fBpam\fR(7) + .SH "AUTHOR" + .PP + pam_group was written by Andrew G\&. Morgan <morgan@kernel\&.org>\&. +Index: pam.debian/modules/pam_limits/limits.conf.5.xml +=================================================================== +--- pam.debian.orig/modules/pam_limits/limits.conf.5.xml ++++ pam.debian/modules/pam_limits/limits.conf.5.xml +@@ -343,7 +343,7 @@ + <para> + <citerefentry><refentrytitle>pam_limits</refentrytitle><manvolnum>8</manvolnum></citerefentry>, + <citerefentry><refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>, +- <citerefentry><refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum></citerefentry>, ++ <citerefentry><refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum></citerefentry>, + <citerefentry><refentrytitle>getrlimit</refentrytitle><manvolnum>2</manvolnum></citerefentry> + <citerefentry><refentrytitle>getrlimit</refentrytitle><manvolnum>3p</manvolnum></citerefentry> + </para> +Index: pam.debian/modules/pam_limits/limits.conf.5 +=================================================================== +--- pam.debian.orig/modules/pam_limits/limits.conf.5 ++++ pam.debian/modules/pam_limits/limits.conf.5 +@@ -339,7 +339,7 @@ + .PP + \fBpam_limits\fR(8), + \fBpam.d\fR(5), +-\fBpam\fR(8), ++\fBpam\fR(7), + \fBgetrlimit\fR(2)\fBgetrlimit\fR(3p) + .SH "AUTHOR" + .PP +Index: pam.debian/modules/pam_namespace/namespace.conf.5.xml +=================================================================== +--- pam.debian.orig/modules/pam_namespace/namespace.conf.5.xml ++++ pam.debian/modules/pam_namespace/namespace.conf.5.xml +@@ -204,7 +204,7 @@ + <para> + <citerefentry><refentrytitle>pam_namespace</refentrytitle><manvolnum>8</manvolnum></citerefentry>, + <citerefentry><refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>, +- <citerefentry><refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum></citerefentry> ++ <citerefentry><refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum></citerefentry> + </para> + </refsect1> + +Index: pam.debian/modules/pam_namespace/namespace.conf.5 +=================================================================== +--- pam.debian.orig/modules/pam_namespace/namespace.conf.5 ++++ pam.debian/modules/pam_namespace/namespace.conf.5 +@@ -155,7 +155,7 @@ + .PP + \fBpam_namespace\fR(8), + \fBpam.d\fR(5), +-\fBpam\fR(8) ++\fBpam\fR(7) + .SH "AUTHORS" + .PP + The namespace\&.conf manual page was written by Janak Desai <janak@us\&.ibm\&.com>\&. More features added by Tomas Mraz <tmraz@redhat\&.com>\&. +Index: pam.debian/modules/pam_time/time.conf.5.xml +=================================================================== +--- pam.debian.orig/modules/pam_time/time.conf.5.xml ++++ pam.debian/modules/pam_time/time.conf.5.xml +@@ -130,7 +130,7 @@ + <para> + <citerefentry><refentrytitle>pam_time</refentrytitle><manvolnum>8</manvolnum></citerefentry>, + <citerefentry><refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>, +- <citerefentry><refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum></citerefentry> ++ <citerefentry><refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum></citerefentry> + </para> + </refsect1> + +Index: pam.debian/modules/pam_time/time.conf.5 +=================================================================== +--- pam.debian.orig/modules/pam_time/time.conf.5 ++++ pam.debian/modules/pam_time/time.conf.5 +@@ -107,7 +107,7 @@ + .PP + \fBpam_time\fR(8), + \fBpam.d\fR(5), +-\fBpam\fR(8) ++\fBpam\fR(7) + .SH "AUTHOR" + .PP + pam_time was written by Andrew G\&. Morgan <morgan@kernel\&.org>\&. +Index: pam.debian/modules/pam_access/pam_access.8.xml +=================================================================== +--- pam.debian.orig/modules/pam_access/pam_access.8.xml ++++ pam.debian/modules/pam_access/pam_access.8.xml +@@ -237,7 +237,7 @@ + <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> + </citerefentry>, + <citerefentry> +- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> ++ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> + </citerefentry>. + </para> + </refsect1> +Index: pam.debian/modules/pam_access/pam_access.8 +=================================================================== +--- pam.debian.orig/modules/pam_access/pam_access.8 ++++ pam.debian/modules/pam_access/pam_access.8 +@@ -125,7 +125,7 @@ + .PP + \fBaccess.conf\fR(5), + \fBpam.d\fR(5), +-\fBpam\fR(8)\&. ++\fBpam\fR(7)\&. + .SH "AUTHORS" + .PP + The logdaemon style login access control scheme was designed and implemented by Wietse Venema\&. The pam_access PAM module was developed by Alexei Nogin <alexei@nogin\&.dnttm\&.ru>\&. The IPv6 support and the network(address) / netmask feature was developed and provided by Mike Becher <mike\&.becher@lrz\-muenchen\&.de>\&. +Index: pam.debian/modules/pam_cracklib/pam_cracklib.8.xml +=================================================================== +--- pam.debian.orig/modules/pam_cracklib/pam_cracklib.8.xml ++++ pam.debian/modules/pam_cracklib/pam_cracklib.8.xml +@@ -577,7 +577,7 @@ + <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> + </citerefentry>, + <citerefentry> +- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> ++ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> + </citerefentry> + </para> + </refsect1> +Index: pam.debian/modules/pam_cracklib/pam_cracklib.8 +=================================================================== +--- pam.debian.orig/modules/pam_cracklib/pam_cracklib.8 ++++ pam.debian/modules/pam_cracklib/pam_cracklib.8 +@@ -357,7 +357,7 @@ + .PP + \fBpam.conf\fR(5), + \fBpam.d\fR(5), +-\fBpam\fR(8) ++\fBpam\fR(7) + .SH "AUTHOR" + .PP + pam_cracklib was written by Cristian Gafton <gafton@redhat\&.com> +Index: pam.debian/modules/pam_debug/pam_debug.8.xml +=================================================================== +--- pam.debian.orig/modules/pam_debug/pam_debug.8.xml ++++ pam.debian/modules/pam_debug/pam_debug.8.xml +@@ -216,7 +216,7 @@ + <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> + </citerefentry>, + <citerefentry> +- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> ++ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> + </citerefentry> + </para> + </refsect1> +Index: pam.debian/modules/pam_debug/pam_debug.8 +=================================================================== +--- pam.debian.orig/modules/pam_debug/pam_debug.8 ++++ pam.debian/modules/pam_debug/pam_debug.8 +@@ -138,7 +138,7 @@ + .PP + \fBpam.conf\fR(5), + \fBpam.d\fR(5), +-\fBpam\fR(8) ++\fBpam\fR(7) + .SH "AUTHOR" + .PP + pam_debug was written by Andrew G\&. Morgan <morgan@kernel\&.org>\&. +Index: pam.debian/modules/pam_deny/pam_deny.8.xml +=================================================================== +--- pam.debian.orig/modules/pam_deny/pam_deny.8.xml ++++ pam.debian/modules/pam_deny/pam_deny.8.xml +@@ -120,7 +120,7 @@ + <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> + </citerefentry>, + <citerefentry> +- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> ++ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> + </citerefentry> + </para> + </refsect1> +Index: pam.debian/modules/pam_deny/pam_deny.8 +=================================================================== +--- pam.debian.orig/modules/pam_deny/pam_deny.8 ++++ pam.debian/modules/pam_deny/pam_deny.8 +@@ -96,7 +96,7 @@ + .PP + \fBpam.conf\fR(5), + \fBpam.d\fR(5), +-\fBpam\fR(8) ++\fBpam\fR(7) + .SH "AUTHOR" + .PP + pam_deny was written by Andrew G\&. Morgan <morgan@kernel\&.org> +Index: pam.debian/modules/pam_echo/pam_echo.8.xml +=================================================================== +--- pam.debian.orig/modules/pam_echo/pam_echo.8.xml ++++ pam.debian/modules/pam_echo/pam_echo.8.xml +@@ -159,7 +159,7 @@ + <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> + </citerefentry>, + <citerefentry> +- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> ++ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> + </citerefentry></para> + </refsect1> + +Index: pam.debian/modules/pam_echo/pam_echo.8 +=================================================================== +--- pam.debian.orig/modules/pam_echo/pam_echo.8 ++++ pam.debian/modules/pam_echo/pam_echo.8 +@@ -126,7 +126,7 @@ + .PP + \fBpam.conf\fR(8), + \fBpam.d\fR(5), +-\fBpam\fR(8) ++\fBpam\fR(7) + .SH "AUTHOR" + .PP + Thorsten Kukuk <kukuk@thkukuk\&.de> +Index: pam.debian/modules/pam_env/pam_env.8.xml +=================================================================== +--- pam.debian.orig/modules/pam_env/pam_env.8.xml ++++ pam.debian/modules/pam_env/pam_env.8.xml +@@ -235,7 +235,7 @@ + <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> + </citerefentry>, + <citerefentry> +- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> ++ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> + </citerefentry>. + </para> + </refsect1> +Index: pam.debian/modules/pam_exec/pam_exec.8.xml +=================================================================== +--- pam.debian.orig/modules/pam_exec/pam_exec.8.xml ++++ pam.debian/modules/pam_exec/pam_exec.8.xml +@@ -257,7 +257,7 @@ + <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> + </citerefentry>, + <citerefentry> +- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> ++ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> + </citerefentry> + </para> + </refsect1> +Index: pam.debian/modules/pam_exec/pam_exec.8 +=================================================================== +--- pam.debian.orig/modules/pam_exec/pam_exec.8 ++++ pam.debian/modules/pam_exec/pam_exec.8 +@@ -160,7 +160,7 @@ + .PP + \fBpam.conf\fR(5), + \fBpam.d\fR(5), +-\fBpam\fR(8) ++\fBpam\fR(7) + .SH "AUTHOR" + .PP + pam_exec was written by Thorsten Kukuk <kukuk@thkukuk\&.de> and Josh Triplett <josh@joshtriplett\&.org>\&. +Index: pam.debian/modules/pam_faildelay/pam_faildelay.8.xml +=================================================================== +--- pam.debian.orig/modules/pam_faildelay/pam_faildelay.8.xml ++++ pam.debian/modules/pam_faildelay/pam_faildelay.8.xml +@@ -121,7 +121,7 @@ + <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> + </citerefentry>, + <citerefentry> +- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> ++ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> + </citerefentry> + </para> + </refsect1> +Index: pam.debian/modules/pam_faildelay/pam_faildelay.8 +=================================================================== +--- pam.debian.orig/modules/pam_faildelay/pam_faildelay.8 ++++ pam.debian/modules/pam_faildelay/pam_faildelay.8 +@@ -87,7 +87,7 @@ + \fBpam_fail_delay\fR(3), + \fBpam.conf\fR(5), + \fBpam.d\fR(5), +-\fBpam\fR(8) ++\fBpam\fR(7) + .SH "AUTHOR" + .PP + pam_faildelay was written by Darren Tucker <dtucker@zip\&.com\&.au>\&. +Index: pam.debian/modules/pam_filter/pam_filter.8.xml +=================================================================== +--- pam.debian.orig/modules/pam_filter/pam_filter.8.xml ++++ pam.debian/modules/pam_filter/pam_filter.8.xml +@@ -246,7 +246,7 @@ + <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> + </citerefentry>, + <citerefentry> +- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> ++ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> + </citerefentry> + </para> + </refsect1> +Index: pam.debian/modules/pam_filter/pam_filter.8 +=================================================================== +--- pam.debian.orig/modules/pam_filter/pam_filter.8 ++++ pam.debian/modules/pam_filter/pam_filter.8 +@@ -166,7 +166,7 @@ + .PP + \fBpam.conf\fR(5), + \fBpam.d\fR(5), +-\fBpam\fR(8) ++\fBpam\fR(7) + .SH "AUTHOR" + .PP + pam_filter was written by Andrew G\&. Morgan <morgan@kernel\&.org>\&. +Index: pam.debian/modules/pam_ftp/pam_ftp.8.xml +=================================================================== +--- pam.debian.orig/modules/pam_ftp/pam_ftp.8.xml ++++ pam.debian/modules/pam_ftp/pam_ftp.8.xml +@@ -168,7 +168,7 @@ + <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> + </citerefentry>, + <citerefentry> +- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> ++ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> + </citerefentry> + </para> + </refsect1> +Index: pam.debian/modules/pam_ftp/pam_ftp.8 +=================================================================== +--- pam.debian.orig/modules/pam_ftp/pam_ftp.8 ++++ pam.debian/modules/pam_ftp/pam_ftp.8 +@@ -119,7 +119,7 @@ + .PP + \fBpam.conf\fR(5), + \fBpam.d\fR(5), +-\fBpam\fR(8) ++\fBpam\fR(7) + .SH "AUTHOR" + .PP + pam_ftp was written by Andrew G\&. Morgan <morgan@kernel\&.org>\&. +Index: pam.debian/modules/pam_group/pam_group.8.xml +=================================================================== +--- pam.debian.orig/modules/pam_group/pam_group.8.xml ++++ pam.debian/modules/pam_group/pam_group.8.xml +@@ -148,7 +148,7 @@ + <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> + </citerefentry>, + <citerefentry> +- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> ++ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> + </citerefentry>. + </para> + </refsect1> +Index: pam.debian/modules/pam_group/pam_group.8 +=================================================================== +--- pam.debian.orig/modules/pam_group/pam_group.8 ++++ pam.debian/modules/pam_group/pam_group.8 +@@ -103,7 +103,7 @@ + .PP + \fBgroup.conf\fR(5), + \fBpam.d\fR(5), +-\fBpam\fR(8)\&. ++\fBpam\fR(7)\&. + .SH "AUTHORS" + .PP + pam_group was written by Andrew G\&. Morgan <morgan@kernel\&.org>\&. +Index: pam.debian/modules/pam_issue/pam_issue.8.xml +=================================================================== +--- pam.debian.orig/modules/pam_issue/pam_issue.8.xml ++++ pam.debian/modules/pam_issue/pam_issue.8.xml +@@ -219,7 +219,7 @@ + <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> + </citerefentry>, + <citerefentry> +- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> ++ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> + </citerefentry> + </para> + </refsect1> +Index: pam.debian/modules/pam_issue/pam_issue.8 +=================================================================== +--- pam.debian.orig/modules/pam_issue/pam_issue.8 ++++ pam.debian/modules/pam_issue/pam_issue.8 +@@ -152,7 +152,7 @@ + .PP + \fBpam.conf\fR(5), + \fBpam.d\fR(5), +-\fBpam\fR(8) ++\fBpam\fR(7) + .SH "AUTHOR" + .PP + pam_issue was written by Ben Collins <bcollins@debian\&.org>\&. +Index: pam.debian/modules/pam_keyinit/pam_keyinit.8.xml +=================================================================== +--- pam.debian.orig/modules/pam_keyinit/pam_keyinit.8.xml ++++ pam.debian/modules/pam_keyinit/pam_keyinit.8.xml +@@ -223,7 +223,7 @@ + <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> + </citerefentry>, + <citerefentry> +- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> ++ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> + </citerefentry> + <citerefentry> + <refentrytitle>keyctl</refentrytitle><manvolnum>1</manvolnum> +Index: pam.debian/modules/pam_keyinit/pam_keyinit.8 +=================================================================== +--- pam.debian.orig/modules/pam_keyinit/pam_keyinit.8 ++++ pam.debian/modules/pam_keyinit/pam_keyinit.8 +@@ -130,7 +130,7 @@ + .PP + \fBpam.conf\fR(5), + \fBpam.d\fR(5), +-\fBpam\fR(8)\fBkeyctl\fR(1) ++\fBpam\fR(7)\fBkeyctl\fR(1) + .SH "AUTHOR" + .PP + pam_keyinit was written by David Howells, <dhowells@redhat\&.com>\&. +Index: pam.debian/modules/pam_lastlog/pam_lastlog.8.xml +=================================================================== +--- pam.debian.orig/modules/pam_lastlog/pam_lastlog.8.xml ++++ pam.debian/modules/pam_lastlog/pam_lastlog.8.xml +@@ -298,7 +298,7 @@ + <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> + </citerefentry>, + <citerefentry> +- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> ++ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> + </citerefentry> + </para> + </refsect1> +Index: pam.debian/modules/pam_lastlog/pam_lastlog.8 +=================================================================== +--- pam.debian.orig/modules/pam_lastlog/pam_lastlog.8 ++++ pam.debian/modules/pam_lastlog/pam_lastlog.8 +@@ -173,7 +173,7 @@ + .PP + \fBpam.conf\fR(5), + \fBpam.d\fR(5), +-\fBpam\fR(8) ++\fBpam\fR(7) + .SH "AUTHOR" + .PP + pam_lastlog was written by Andrew G\&. Morgan <morgan@kernel\&.org>\&. +Index: pam.debian/modules/pam_limits/pam_limits.8.xml +=================================================================== +--- pam.debian.orig/modules/pam_limits/pam_limits.8.xml ++++ pam.debian/modules/pam_limits/pam_limits.8.xml +@@ -241,7 +241,7 @@ + <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> + </citerefentry>, + <citerefentry> +- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> ++ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> + </citerefentry>. + </para> + </refsect1> +Index: pam.debian/modules/pam_limits/pam_limits.8 +=================================================================== +--- pam.debian.orig/modules/pam_limits/pam_limits.8 ++++ pam.debian/modules/pam_limits/pam_limits.8 +@@ -146,7 +146,7 @@ + .PP + \fBlimits.conf\fR(5), + \fBpam.d\fR(5), +-\fBpam\fR(8)\&. ++\fBpam\fR(7)\&. + .SH "AUTHORS" + .PP + pam_limits was initially written by Cristian Gafton <gafton@redhat\&.com> +Index: pam.debian/modules/pam_listfile/pam_listfile.8.xml +=================================================================== +--- pam.debian.orig/modules/pam_listfile/pam_listfile.8.xml ++++ pam.debian/modules/pam_listfile/pam_listfile.8.xml +@@ -281,7 +281,7 @@ + <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> + </citerefentry>, + <citerefentry> +- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> ++ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> + </citerefentry> + </para> + </refsect1> +Index: pam.debian/modules/pam_listfile/pam_listfile.8 +=================================================================== +--- pam.debian.orig/modules/pam_listfile/pam_listfile.8 ++++ pam.debian/modules/pam_listfile/pam_listfile.8 +@@ -205,7 +205,7 @@ + .PP + \fBpam.conf\fR(5), + \fBpam.d\fR(5), +-\fBpam\fR(8) ++\fBpam\fR(7) + .SH "AUTHOR" + .PP + pam_listfile was written by Michael K\&. Johnson <johnsonm@redhat\&.com> and Elliot Lee <sopwith@cuc\&.edu>\&. +Index: pam.debian/modules/pam_localuser/pam_localuser.8.xml +=================================================================== +--- pam.debian.orig/modules/pam_localuser/pam_localuser.8.xml ++++ pam.debian/modules/pam_localuser/pam_localuser.8.xml +@@ -158,7 +158,7 @@ + <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> + </citerefentry>, + <citerefentry> +- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> ++ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> + </citerefentry> + </para> + </refsect1> +Index: pam.debian/modules/pam_localuser/pam_localuser.8 +=================================================================== +--- pam.debian.orig/modules/pam_localuser/pam_localuser.8 ++++ pam.debian/modules/pam_localuser/pam_localuser.8 +@@ -102,7 +102,7 @@ + .PP + \fBpam.conf\fR(5), + \fBpam.d\fR(5), +-\fBpam\fR(8) ++\fBpam\fR(7) + .SH "AUTHOR" + .PP + pam_localuser was written by Nalin Dahyabhai <nalin@redhat\&.com>\&. +Index: pam.debian/modules/pam_loginuid/pam_loginuid.8.xml +=================================================================== +--- pam.debian.orig/modules/pam_loginuid/pam_loginuid.8.xml ++++ pam.debian/modules/pam_loginuid/pam_loginuid.8.xml +@@ -104,7 +104,7 @@ + <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> + </citerefentry>, + <citerefentry> +- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> ++ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>auditctl</refentrytitle><manvolnum>8</manvolnum> +Index: pam.debian/modules/pam_loginuid/pam_loginuid.8 +=================================================================== +--- pam.debian.orig/modules/pam_loginuid/pam_loginuid.8 ++++ pam.debian/modules/pam_loginuid/pam_loginuid.8 +@@ -75,7 +75,7 @@ + .PP + \fBpam.conf\fR(5), + \fBpam.d\fR(5), +-\fBpam\fR(8), ++\fBpam\fR(7), + \fBauditctl\fR(8), + \fBauditd\fR(8) + .SH "AUTHOR" +Index: pam.debian/modules/pam_mail/pam_mail.8.xml +=================================================================== +--- pam.debian.orig/modules/pam_mail/pam_mail.8.xml ++++ pam.debian/modules/pam_mail/pam_mail.8.xml +@@ -265,7 +265,7 @@ + <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> + </citerefentry>, + <citerefentry> +- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> ++ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> + </citerefentry> + </para> + </refsect1> +Index: pam.debian/modules/pam_mail/pam_mail.8 +=================================================================== +--- pam.debian.orig/modules/pam_mail/pam_mail.8 ++++ pam.debian/modules/pam_mail/pam_mail.8 +@@ -153,7 +153,7 @@ + .PP + \fBpam.conf\fR(5), + \fBpam.d\fR(5), +-\fBpam\fR(8) ++\fBpam\fR(7) + .SH "AUTHOR" + .PP + pam_mail was written by Andrew G\&. Morgan <morgan@kernel\&.org>\&. +Index: pam.debian/modules/pam_mkhomedir/pam_mkhomedir.8.xml +=================================================================== +--- pam.debian.orig/modules/pam_mkhomedir/pam_mkhomedir.8.xml ++++ pam.debian/modules/pam_mkhomedir/pam_mkhomedir.8.xml +@@ -189,7 +189,7 @@ + <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> + </citerefentry>, + <citerefentry> +- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> ++ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> + </citerefentry>. + </para> + </refsect1> +Index: pam.debian/modules/pam_mkhomedir/pam_mkhomedir.8 +=================================================================== +--- pam.debian.orig/modules/pam_mkhomedir/pam_mkhomedir.8 ++++ pam.debian/modules/pam_mkhomedir/pam_mkhomedir.8 +@@ -123,7 +123,7 @@ + .SH "SEE ALSO" + .PP + \fBpam.d\fR(5), +-\fBpam\fR(8)\&. ++\fBpam\fR(7)\&. + .SH "AUTHOR" + .PP + pam_mkhomedir was written by Jason Gunthorpe <jgg@debian\&.org>\&. +Index: pam.debian/modules/pam_motd/pam_motd.8.xml +=================================================================== +--- pam.debian.orig/modules/pam_motd/pam_motd.8.xml ++++ pam.debian/modules/pam_motd/pam_motd.8.xml +@@ -99,7 +99,7 @@ + <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> + </citerefentry>, + <citerefentry> +- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> ++ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> + </citerefentry> + </para> + </refsect1> +Index: pam.debian/modules/pam_motd/pam_motd.8 +=================================================================== +--- pam.debian.orig/modules/pam_motd/pam_motd.8 ++++ pam.debian/modules/pam_motd/pam_motd.8 +@@ -78,7 +78,7 @@ + \fBmotd\fR(5), + \fBpam.conf\fR(5), + \fBpam.d\fR(5), +-\fBpam\fR(8) ++\fBpam\fR(7) + .SH "AUTHOR" + .PP + pam_motd was written by Ben Collins <bcollins@debian\&.org>\&. +Index: pam.debian/modules/pam_namespace/pam_namespace.8.xml +=================================================================== +--- pam.debian.orig/modules/pam_namespace/pam_namespace.8.xml ++++ pam.debian/modules/pam_namespace/pam_namespace.8.xml +@@ -399,7 +399,7 @@ + <refentrytitle>mount</refentrytitle><manvolnum>8</manvolnum> + </citerefentry>, + <citerefentry> +- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> ++ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> + </citerefentry>. + </para> + </refsect1> +Index: pam.debian/modules/pam_namespace/pam_namespace.8 +=================================================================== +--- pam.debian.orig/modules/pam_namespace/pam_namespace.8 ++++ pam.debian/modules/pam_namespace/pam_namespace.8 +@@ -178,7 +178,7 @@ + \fBnamespace.conf\fR(5), + \fBpam.d\fR(5), + \fBmount\fR(8), +-\fBpam\fR(8)\&. ++\fBpam\fR(7)\&. + .SH "AUTHORS" + .PP + The namespace setup scheme was designed by Stephen Smalley, Janak Desai and Chad Sellers\&. The pam_namespace PAM module was developed by Janak Desai <janak@us\&.ibm\&.com>, Chad Sellers <csellers@tresys\&.com> and Steve Grubb <sgrubb@redhat\&.com>\&. Additional improvements by Xavier Toth <txtoth@gmail\&.com> and Tomas Mraz <tmraz@redhat\&.com>\&. +Index: pam.debian/modules/pam_nologin/pam_nologin.8.xml +=================================================================== +--- pam.debian.orig/modules/pam_nologin/pam_nologin.8.xml ++++ pam.debian/modules/pam_nologin/pam_nologin.8.xml +@@ -160,7 +160,7 @@ + <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> + </citerefentry>, + <citerefentry> +- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> ++ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> + </citerefentry> + </para> + </refsect1> +Index: pam.debian/modules/pam_nologin/pam_nologin.8 +=================================================================== +--- pam.debian.orig/modules/pam_nologin/pam_nologin.8 ++++ pam.debian/modules/pam_nologin/pam_nologin.8 +@@ -124,7 +124,7 @@ + \fBnologin\fR(5), + \fBpam.conf\fR(5), + \fBpam.d\fR(5), +-\fBpam\fR(8) ++\fBpam\fR(7) + .SH "AUTHOR" + .PP + pam_nologin was written by Michael K\&. Johnson <johnsonm@redhat\&.com>\&. +Index: pam.debian/modules/pam_permit/pam_permit.8.xml +=================================================================== +--- pam.debian.orig/modules/pam_permit/pam_permit.8.xml ++++ pam.debian/modules/pam_permit/pam_permit.8.xml +@@ -91,7 +91,7 @@ + <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> + </citerefentry>, + <citerefentry> +- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> ++ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> + </citerefentry> + </para> + </refsect1> +Index: pam.debian/modules/pam_permit/pam_permit.8 +=================================================================== +--- pam.debian.orig/modules/pam_permit/pam_permit.8 ++++ pam.debian/modules/pam_permit/pam_permit.8 +@@ -78,7 +78,7 @@ + .PP + \fBpam.conf\fR(5), + \fBpam.d\fR(5), +-\fBpam\fR(8) ++\fBpam\fR(7) + .SH "AUTHOR" + .PP + pam_permit was written by Andrew G\&. Morgan, <morgan@kernel\&.org>\&. +Index: pam.debian/modules/pam_rhosts/pam_rhosts.8.xml +=================================================================== +--- pam.debian.orig/modules/pam_rhosts/pam_rhosts.8.xml ++++ pam.debian/modules/pam_rhosts/pam_rhosts.8.xml +@@ -156,7 +156,7 @@ + <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> + </citerefentry>, + <citerefentry> +- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> ++ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> + </citerefentry> + </para> + </refsect1> +Index: pam.debian/modules/pam_rhosts/pam_rhosts.8 +=================================================================== +--- pam.debian.orig/modules/pam_rhosts/pam_rhosts.8 ++++ pam.debian/modules/pam_rhosts/pam_rhosts.8 +@@ -122,7 +122,7 @@ + \fBrhosts\fR(5), + \fBpam.conf\fR(5), + \fBpam.d\fR(5), +-\fBpam\fR(8) ++\fBpam\fR(7) + .SH "AUTHOR" + .PP + pam_rhosts was written by Thorsten Kukuk <kukuk@thkukuk\&.de> +Index: pam.debian/modules/pam_rootok/pam_rootok.8.xml +=================================================================== +--- pam.debian.orig/modules/pam_rootok/pam_rootok.8.xml ++++ pam.debian/modules/pam_rootok/pam_rootok.8.xml +@@ -116,7 +116,7 @@ + <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> + </citerefentry>, + <citerefentry> +- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> ++ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> + </citerefentry> + </para> + </refsect1> +Index: pam.debian/modules/pam_rootok/pam_rootok.8 +=================================================================== +--- pam.debian.orig/modules/pam_rootok/pam_rootok.8 ++++ pam.debian/modules/pam_rootok/pam_rootok.8 +@@ -99,7 +99,7 @@ + \fBsu\fR(1), + \fBpam.conf\fR(5), + \fBpam.d\fR(5), +-\fBpam\fR(8) ++\fBpam\fR(7) + .SH "AUTHOR" + .PP + pam_rootok was written by Andrew G\&. Morgan, <morgan@kernel\&.org>\&. +Index: pam.debian/modules/pam_securetty/pam_securetty.8.xml +=================================================================== +--- pam.debian.orig/modules/pam_securetty/pam_securetty.8.xml ++++ pam.debian/modules/pam_securetty/pam_securetty.8.xml +@@ -168,7 +168,7 @@ + <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> + </citerefentry>, + <citerefentry> +- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> ++ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> + </citerefentry> + </para> + </refsect1> +Index: pam.debian/modules/pam_securetty/pam_securetty.8 +=================================================================== +--- pam.debian.orig/modules/pam_securetty/pam_securetty.8 ++++ pam.debian/modules/pam_securetty/pam_securetty.8 +@@ -119,7 +119,7 @@ + \fBsecuretty\fR(5), + \fBpam.conf\fR(5), + \fBpam.d\fR(5), +-\fBpam\fR(8) ++\fBpam\fR(7) + .SH "AUTHOR" + .PP + pam_securetty was written by Elliot Lee <sopwith@cuc\&.edu>\&. +Index: pam.debian/modules/pam_selinux/pam_selinux.8.xml +=================================================================== +--- pam.debian.orig/modules/pam_selinux/pam_selinux.8.xml ++++ pam.debian/modules/pam_selinux/pam_selinux.8.xml +@@ -258,7 +258,7 @@ + <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> + </citerefentry>, + <citerefentry> +- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> ++ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>selinux</refentrytitle><manvolnum>8</manvolnum> +Index: pam.debian/modules/pam_selinux/pam_selinux.8 +=================================================================== +--- pam.debian.orig/modules/pam_selinux/pam_selinux.8 ++++ pam.debian/modules/pam_selinux/pam_selinux.8 +@@ -2,12 +2,12 @@ + .\" Title: pam_selinux + .\" Author: [see the "AUTHOR" section] + .\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/> +-.\" Date: 06/18/2013 ++.\" Date: 01/14/2014 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "PAM_SELINUX" "8" "06/18/2013" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_SELINUX" "8" "01/14/2014" "Linux-PAM Manual" "Linux\-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +@@ -144,7 +144,7 @@ + \fBexecve\fR(2), + \fBtty\fR(4), + \fBpam.d\fR(5), +-\fBpam\fR(8), ++\fBpam\fR(7), + \fBselinux\fR(8) + .SH "AUTHOR" + .PP +Index: pam.debian/modules/pam_sepermit/pam_sepermit.8.xml +=================================================================== +--- pam.debian.orig/modules/pam_sepermit/pam_sepermit.8.xml ++++ pam.debian/modules/pam_sepermit/pam_sepermit.8.xml +@@ -176,7 +176,7 @@ + <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> + </citerefentry>, + <citerefentry> +- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> ++ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> + </citerefentry> + <citerefentry> + <refentrytitle>selinux</refentrytitle><manvolnum>8</manvolnum> +Index: pam.debian/modules/pam_sepermit/pam_sepermit.8 +=================================================================== +--- pam.debian.orig/modules/pam_sepermit/pam_sepermit.8 ++++ pam.debian/modules/pam_sepermit/pam_sepermit.8 +@@ -124,7 +124,7 @@ + \fBsepermit.conf\fR(5), + \fBpam.conf\fR(5), + \fBpam.d\fR(5), +-\fBpam\fR(8)\fBselinux\fR(8) ++\fBpam\fR(7)\fBselinux\fR(8) + .SH "AUTHOR" + .PP + pam_sepermit and this manual page were written by Tomas Mraz <tmraz@redhat\&.com>\&. +Index: pam.debian/modules/pam_shells/pam_shells.8.xml +=================================================================== +--- pam.debian.orig/modules/pam_shells/pam_shells.8.xml ++++ pam.debian/modules/pam_shells/pam_shells.8.xml +@@ -102,7 +102,7 @@ + <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> + </citerefentry>, + <citerefentry> +- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> ++ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> + </citerefentry> + </para> + </refsect1> +Index: pam.debian/modules/pam_shells/pam_shells.8 +=================================================================== +--- pam.debian.orig/modules/pam_shells/pam_shells.8 ++++ pam.debian/modules/pam_shells/pam_shells.8 +@@ -85,7 +85,7 @@ + \fBshells\fR(5), + \fBpam.conf\fR(5), + \fBpam.d\fR(5), +-\fBpam\fR(8) ++\fBpam\fR(7) + .SH "AUTHOR" + .PP + pam_shells was written by Erik Troan <ewt@redhat\&.com>\&. +Index: pam.debian/modules/pam_succeed_if/pam_succeed_if.8.xml +=================================================================== +--- pam.debian.orig/modules/pam_succeed_if/pam_succeed_if.8.xml ++++ pam.debian/modules/pam_succeed_if/pam_succeed_if.8.xml +@@ -295,7 +295,7 @@ + <refentrytitle>glob</refentrytitle><manvolnum>7</manvolnum> + </citerefentry>, + <citerefentry> +- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> ++ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> + </citerefentry> + </para> + </refsect1> +Index: pam.debian/modules/pam_succeed_if/pam_succeed_if.8 +=================================================================== +--- pam.debian.orig/modules/pam_succeed_if/pam_succeed_if.8 ++++ pam.debian/modules/pam_succeed_if/pam_succeed_if.8 +@@ -220,7 +220,7 @@ + .SH "SEE ALSO" + .PP + \fBglob\fR(7), +-\fBpam\fR(8) ++\fBpam\fR(7) + .SH "AUTHOR" + .PP + Nalin Dahyabhai <nalin@redhat\&.com> +Index: pam.debian/modules/pam_tally/pam_tally.8.xml +=================================================================== +--- pam.debian.orig/modules/pam_tally/pam_tally.8.xml ++++ pam.debian/modules/pam_tally/pam_tally.8.xml +@@ -444,7 +444,7 @@ + <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> + </citerefentry>, + <citerefentry> +- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> ++ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> + </citerefentry> + </para> + </refsect1> +Index: pam.debian/modules/pam_tally/pam_tally.8 +=================================================================== +--- pam.debian.orig/modules/pam_tally/pam_tally.8 ++++ pam.debian/modules/pam_tally/pam_tally.8 +@@ -248,7 +248,7 @@ + \fBfaillog\fR(8), + \fBpam.conf\fR(5), + \fBpam.d\fR(5), +-\fBpam\fR(8) ++\fBpam\fR(7) + .SH "AUTHOR" + .PP + pam_tally was written by Tim Baverstock and Tomas Mraz\&. +Index: pam.debian/modules/pam_time/pam_time.8.xml +=================================================================== +--- pam.debian.orig/modules/pam_time/pam_time.8.xml ++++ pam.debian/modules/pam_time/pam_time.8.xml +@@ -169,7 +169,7 @@ + <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> + </citerefentry>, + <citerefentry> +- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> ++ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> + </citerefentry>. + </para> + </refsect1> +Index: pam.debian/modules/pam_time/pam_time.8 +=================================================================== +--- pam.debian.orig/modules/pam_time/pam_time.8 ++++ pam.debian/modules/pam_time/pam_time.8 +@@ -109,7 +109,7 @@ + .PP + \fBtime.conf\fR(5), + \fBpam.d\fR(5), +-\fBpam\fR(8)\&. ++\fBpam\fR(7)\&. + .SH "AUTHOR" + .PP + pam_time was written by Andrew G\&. Morgan <morgan@kernel\&.org>\&. +Index: pam.debian/modules/pam_umask/pam_umask.8.xml +=================================================================== +--- pam.debian.orig/modules/pam_umask/pam_umask.8.xml ++++ pam.debian/modules/pam_umask/pam_umask.8.xml +@@ -201,7 +201,7 @@ + <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> + </citerefentry>, + <citerefentry> +- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> ++ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> + </citerefentry> + </para> + </refsect1> +Index: pam.debian/modules/pam_umask/pam_umask.8 +=================================================================== +--- pam.debian.orig/modules/pam_umask/pam_umask.8 ++++ pam.debian/modules/pam_umask/pam_umask.8 +@@ -150,7 +150,7 @@ + .PP + \fBpam.conf\fR(5), + \fBpam.d\fR(5), +-\fBpam\fR(8) ++\fBpam\fR(7) + .SH "AUTHOR" + .PP + pam_umask was written by Thorsten Kukuk <kukuk@thkukuk\&.de>\&. +Index: pam.debian/modules/pam_unix/pam_unix.8.xml +=================================================================== +--- pam.debian.orig/modules/pam_unix/pam_unix.8.xml ++++ pam.debian/modules/pam_unix/pam_unix.8.xml +@@ -494,7 +494,7 @@ + <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> + </citerefentry>, + <citerefentry> +- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> ++ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> + </citerefentry> + </para> + </refsect1> +Index: pam.debian/modules/pam_unix/pam_unix.8 +=================================================================== +--- pam.debian.orig/modules/pam_unix/pam_unix.8 ++++ pam.debian/modules/pam_unix/pam_unix.8 +@@ -269,7 +269,7 @@ + \fBlogin.defs\fR(5), + \fBpam.conf\fR(5), + \fBpam.d\fR(5), +-\fBpam\fR(8) ++\fBpam\fR(7) + .SH "AUTHOR" + .PP + pam_unix was written by various people\&. +Index: pam.debian/doc/man/misc_conv.3.xml +=================================================================== +--- pam.debian.orig/doc/man/misc_conv.3.xml ++++ pam.debian/doc/man/misc_conv.3.xml +@@ -171,7 +171,7 @@ + <refentrytitle>pam_conv</refentrytitle><manvolnum>3</manvolnum> + </citerefentry>, + <citerefentry> +- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> ++ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> + </citerefentry> + </para> + </refsect1> +Index: pam.debian/doc/man/misc_conv.3 +=================================================================== +--- pam.debian.orig/doc/man/misc_conv.3 ++++ pam.debian/doc/man/misc_conv.3 +@@ -117,7 +117,7 @@ + .SH "SEE ALSO" + .PP + \fBpam_conv\fR(3), +-\fBpam\fR(8) ++\fBpam\fR(7) + .SH "STANDARDS" + .PP + The +Index: pam.debian/doc/man/pam_acct_mgmt.3.xml +=================================================================== +--- pam.debian.orig/doc/man/pam_acct_mgmt.3.xml ++++ pam.debian/doc/man/pam_acct_mgmt.3.xml +@@ -138,7 +138,7 @@ + <refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum> + </citerefentry>, + <citerefentry> +- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> ++ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> + </citerefentry> + </para> + </refsect1> +Index: pam.debian/doc/man/pam_acct_mgmt.3 +=================================================================== +--- pam.debian.orig/doc/man/pam_acct_mgmt.3 ++++ pam.debian/doc/man/pam_acct_mgmt.3 +@@ -97,4 +97,4 @@ + \fBpam_authenticate\fR(3), + \fBpam_chauthtok\fR(3), + \fBpam_strerror\fR(3), +-\fBpam\fR(8) ++\fBpam\fR(7) +Index: pam.debian/doc/man/pam_authenticate.3.xml +=================================================================== +--- pam.debian.orig/doc/man/pam_authenticate.3.xml ++++ pam.debian/doc/man/pam_authenticate.3.xml +@@ -162,7 +162,7 @@ + <refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum> + </citerefentry>, + <citerefentry> +- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> ++ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> + </citerefentry> + </para> + </refsect1> +Index: pam.debian/doc/man/pam_authenticate.3 +=================================================================== +--- pam.debian.orig/doc/man/pam_authenticate.3 ++++ pam.debian/doc/man/pam_authenticate.3 +@@ -107,4 +107,4 @@ + \fBpam_setcred\fR(3), + \fBpam_chauthtok\fR(3), + \fBpam_strerror\fR(3), +-\fBpam\fR(8) ++\fBpam\fR(7) +Index: pam.debian/doc/man/pam_chauthtok.3.xml +=================================================================== +--- pam.debian.orig/doc/man/pam_chauthtok.3.xml ++++ pam.debian/doc/man/pam_chauthtok.3.xml +@@ -157,7 +157,7 @@ + <refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum> + </citerefentry>, + <citerefentry> +- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> ++ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> + </citerefentry> + </para> + </refsect1> +Index: pam.debian/doc/man/pam_chauthtok.3 +=================================================================== +--- pam.debian.orig/doc/man/pam_chauthtok.3 ++++ pam.debian/doc/man/pam_chauthtok.3 +@@ -106,4 +106,4 @@ + \fBpam_setcred\fR(3), + \fBpam_get_item\fR(3), + \fBpam_strerror\fR(3), +-\fBpam\fR(8) ++\fBpam\fR(7) +Index: pam.debian/doc/man/pam_conv.3.xml +=================================================================== +--- pam.debian.orig/doc/man/pam_conv.3.xml ++++ pam.debian/doc/man/pam_conv.3.xml +@@ -221,7 +221,7 @@ + <refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum> + </citerefentry>, + <citerefentry> +- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> ++ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> + </citerefentry> + </para> + </refsect1> +Index: pam.debian/doc/man/pam_conv.3 +=================================================================== +--- pam.debian.orig/doc/man/pam_conv.3 ++++ pam.debian/doc/man/pam_conv.3 +@@ -174,4 +174,4 @@ + \fBpam_set_item\fR(3), + \fBpam_get_item\fR(3), + \fBpam_strerror\fR(3), +-\fBpam\fR(8) ++\fBpam\fR(7) +Index: pam.debian/doc/man/pam_error.3.xml +=================================================================== +--- pam.debian.orig/doc/man/pam_error.3.xml ++++ pam.debian/doc/man/pam_error.3.xml +@@ -105,7 +105,7 @@ + <refentrytitle>pam_vprompt</refentrytitle><manvolnum>3</manvolnum> + </citerefentry>, + <citerefentry> +- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> ++ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> + </citerefentry> + </para> + </refsect1> +Index: pam.debian/doc/man/pam_error.3 +=================================================================== +--- pam.debian.orig/doc/man/pam_error.3 ++++ pam.debian/doc/man/pam_error.3 +@@ -80,7 +80,7 @@ + \fBpam_vinfo\fR(3), + \fBpam_prompt\fR(3), + \fBpam_vprompt\fR(3), +-\fBpam\fR(8) ++\fBpam\fR(7) + .SH "STANDARDS" + .PP + The +Index: pam.debian/doc/man/pam_getenv.3.xml +=================================================================== +--- pam.debian.orig/doc/man/pam_getenv.3.xml ++++ pam.debian/doc/man/pam_getenv.3.xml +@@ -60,7 +60,7 @@ + <refentrytitle>pam_putenv</refentrytitle><manvolnum>3</manvolnum> + </citerefentry>, + <citerefentry> +- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> ++ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> + </citerefentry> + </para> + </refsect1> +Index: pam.debian/doc/man/pam_getenv.3 +=================================================================== +--- pam.debian.orig/doc/man/pam_getenv.3 ++++ pam.debian/doc/man/pam_getenv.3 +@@ -57,4 +57,4 @@ + \fBpam_start\fR(3), + \fBpam_getenvlist\fR(3), + \fBpam_putenv\fR(3), +-\fBpam\fR(8) ++\fBpam\fR(7) +Index: pam.debian/doc/man/pam_getenvlist.3.xml +=================================================================== +--- pam.debian.orig/doc/man/pam_getenvlist.3.xml ++++ pam.debian/doc/man/pam_getenvlist.3.xml +@@ -78,7 +78,7 @@ + <refentrytitle>pam_putenv</refentrytitle><manvolnum>3</manvolnum> + </citerefentry>, + <citerefentry> +- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> ++ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> + </citerefentry> + </para> + </refsect1> +Index: pam.debian/doc/man/pam_getenvlist.3 +=================================================================== +--- pam.debian.orig/doc/man/pam_getenvlist.3 ++++ pam.debian/doc/man/pam_getenvlist.3 +@@ -63,4 +63,4 @@ + \fBpam_start\fR(3), + \fBpam_getenv\fR(3), + \fBpam_putenv\fR(3), +-\fBpam\fR(8) ++\fBpam\fR(7) +Index: pam.debian/doc/man/pam_info.3.xml +=================================================================== +--- pam.debian.orig/doc/man/pam_info.3.xml ++++ pam.debian/doc/man/pam_info.3.xml +@@ -93,7 +93,7 @@ + <title>SEE ALSO</title> + <para> + <citerefentry> +- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> ++ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> + </citerefentry> + </para> + </refsect1> +Index: pam.debian/doc/man/pam_info.3 +=================================================================== +--- pam.debian.orig/doc/man/pam_info.3 ++++ pam.debian/doc/man/pam_info.3 +@@ -76,7 +76,7 @@ + .RE + .SH "SEE ALSO" + .PP +-\fBpam\fR(8) ++\fBpam\fR(7) + .SH "STANDARDS" + .PP + The +Index: pam.debian/doc/man/pam_misc_drop_env.3.xml +=================================================================== +--- pam.debian.orig/doc/man/pam_misc_drop_env.3.xml ++++ pam.debian/doc/man/pam_misc_drop_env.3.xml +@@ -46,7 +46,7 @@ + <refentrytitle>pam_getenvlist</refentrytitle><manvolnum>3</manvolnum> + </citerefentry>, + <citerefentry> +- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> ++ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> + </citerefentry> + </para> + </refsect1> +Index: pam.debian/doc/man/pam_misc_drop_env.3 +=================================================================== +--- pam.debian.orig/doc/man/pam_misc_drop_env.3 ++++ pam.debian/doc/man/pam_misc_drop_env.3 +@@ -52,7 +52,7 @@ + .SH "SEE ALSO" + .PP + \fBpam_getenvlist\fR(3), +-\fBpam\fR(8) ++\fBpam\fR(7) + .SH "STANDARDS" + .PP + The +Index: pam.debian/doc/man/pam_misc_paste_env.3.xml +=================================================================== +--- pam.debian.orig/doc/man/pam_misc_paste_env.3.xml ++++ pam.debian/doc/man/pam_misc_paste_env.3.xml +@@ -44,7 +44,7 @@ + <refentrytitle>pam_putenv</refentrytitle><manvolnum>3</manvolnum> + </citerefentry>, + <citerefentry> +- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> ++ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> + </citerefentry> + </para> + </refsect1> +Index: pam.debian/doc/man/pam_misc_paste_env.3 +=================================================================== +--- pam.debian.orig/doc/man/pam_misc_paste_env.3 ++++ pam.debian/doc/man/pam_misc_paste_env.3 +@@ -47,7 +47,7 @@ + .SH "SEE ALSO" + .PP + \fBpam_putenv\fR(3), +-\fBpam\fR(8) ++\fBpam\fR(7) + .SH "STANDARDS" + .PP + The +Index: pam.debian/doc/man/pam_misc_setenv.3.xml +=================================================================== +--- pam.debian.orig/doc/man/pam_misc_setenv.3.xml ++++ pam.debian/doc/man/pam_misc_setenv.3.xml +@@ -51,7 +51,7 @@ + <refentrytitle>pam_putenv</refentrytitle><manvolnum>3</manvolnum> + </citerefentry>, + <citerefentry> +- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> ++ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> + </citerefentry> + </para> + </refsect1> +Index: pam.debian/doc/man/pam_misc_setenv.3 +=================================================================== +--- pam.debian.orig/doc/man/pam_misc_setenv.3 ++++ pam.debian/doc/man/pam_misc_setenv.3 +@@ -52,7 +52,7 @@ + .SH "SEE ALSO" + .PP + \fBpam_putenv\fR(3), +-\fBpam\fR(8) ++\fBpam\fR(7) + .SH "STANDARDS" + .PP + The +Index: pam.debian/doc/man/pam_prompt.3.xml +=================================================================== +--- pam.debian.orig/doc/man/pam_prompt.3.xml ++++ pam.debian/doc/man/pam_prompt.3.xml +@@ -95,7 +95,7 @@ + <title>SEE ALSO</title> + <para> + <citerefentry> +- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> ++ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>pam_conv</refentrytitle><manvolnum>3</manvolnum> +Index: pam.debian/doc/man/pam_prompt.3 +=================================================================== +--- pam.debian.orig/doc/man/pam_prompt.3 ++++ pam.debian/doc/man/pam_prompt.3 +@@ -70,7 +70,7 @@ + .RE + .SH "SEE ALSO" + .PP +-\fBpam\fR(8), ++\fBpam\fR(7), + \fBpam_conv\fR(3) + .SH "STANDARDS" + .PP +Index: pam.debian/doc/man/pam_putenv.3.xml +=================================================================== +--- pam.debian.orig/doc/man/pam_putenv.3.xml ++++ pam.debian/doc/man/pam_putenv.3.xml +@@ -145,7 +145,7 @@ + <refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum> + </citerefentry>, + <citerefentry> +- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> ++ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> + </citerefentry> + </para> + </refsect1> +Index: pam.debian/doc/man/pam_putenv.3 +=================================================================== +--- pam.debian.orig/doc/man/pam_putenv.3 ++++ pam.debian/doc/man/pam_putenv.3 +@@ -108,4 +108,4 @@ + \fBpam_getenv\fR(3), + \fBpam_getenvlist\fR(3), + \fBpam_strerror\fR(3), +-\fBpam\fR(8) ++\fBpam\fR(7) +Index: pam.debian/doc/man/pam_strerror.3.xml +=================================================================== +--- pam.debian.orig/doc/man/pam_strerror.3.xml ++++ pam.debian/doc/man/pam_strerror.3.xml +@@ -51,7 +51,7 @@ + <title>SEE ALSO</title> + <para> + <citerefentry> +- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> ++ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> + </citerefentry> + </para> + </refsect1> +Index: pam.debian/doc/man/pam_strerror.3 +=================================================================== +--- pam.debian.orig/doc/man/pam_strerror.3 ++++ pam.debian/doc/man/pam_strerror.3 +@@ -49,4 +49,4 @@ + This function returns always a pointer to a string\&. + .SH "SEE ALSO" + .PP +-\fBpam\fR(8) ++\fBpam\fR(7) +Index: pam.debian/doc/man/pam_syslog.3.xml +=================================================================== +--- pam.debian.orig/doc/man/pam_syslog.3.xml ++++ pam.debian/doc/man/pam_syslog.3.xml +@@ -66,7 +66,7 @@ + <title>SEE ALSO</title> + <para> + <citerefentry> +- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> ++ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> + </citerefentry> + </para> + </refsect1> +Index: pam.debian/doc/man/pam_syslog.3 +=================================================================== +--- pam.debian.orig/doc/man/pam_syslog.3 ++++ pam.debian/doc/man/pam_syslog.3 +@@ -67,7 +67,7 @@ + variable argument list macros\&. + .SH "SEE ALSO" + .PP +-\fBpam\fR(8) ++\fBpam\fR(7) + .SH "STANDARDS" + .PP + The +Index: pam.debian/modules/pam_userdb/pam_userdb.8.xml +=================================================================== +--- pam.debian.orig/modules/pam_userdb/pam_userdb.8.xml ++++ pam.debian/modules/pam_userdb/pam_userdb.8.xml +@@ -277,7 +277,7 @@ + <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> + </citerefentry>, + <citerefentry> +- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> ++ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> + </citerefentry> + </para> + </refsect1> +Index: pam.debian/modules/pam_userdb/pam_userdb.8 +=================================================================== +--- pam.debian.orig/modules/pam_userdb/pam_userdb.8 ++++ pam.debian/modules/pam_userdb/pam_userdb.8 +@@ -150,7 +150,7 @@ + \fBcrypt\fR(3), + \fBpam.conf\fR(5), + \fBpam.d\fR(5), +-\fBpam\fR(8) ++\fBpam\fR(7) + .SH "AUTHOR" + .PP + pam_userdb was written by Cristian Gafton >gafton@redhat\&.com<\&. +Index: pam.debian/modules/pam_warn/pam_warn.8.xml +=================================================================== +--- pam.debian.orig/modules/pam_warn/pam_warn.8.xml ++++ pam.debian/modules/pam_warn/pam_warn.8.xml +@@ -90,7 +90,7 @@ + <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> + </citerefentry>, + <citerefentry> +- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> ++ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> + </citerefentry> + </para> + </refsect1> +Index: pam.debian/modules/pam_warn/pam_warn.8 +=================================================================== +--- pam.debian.orig/modules/pam_warn/pam_warn.8 ++++ pam.debian/modules/pam_warn/pam_warn.8 +@@ -83,7 +83,7 @@ + .PP + \fBpam.conf\fR(5), + \fBpam.d\fR(5), +-\fBpam\fR(8) ++\fBpam\fR(7) + .SH "AUTHOR" + .PP + pam_warn was written by Andrew G\&. Morgan <morgan@kernel\&.org>\&. +Index: pam.debian/modules/pam_wheel/pam_wheel.8.xml +=================================================================== +--- pam.debian.orig/modules/pam_wheel/pam_wheel.8.xml ++++ pam.debian/modules/pam_wheel/pam_wheel.8.xml +@@ -212,7 +212,7 @@ + <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> + </citerefentry>, + <citerefentry> +- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> ++ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> + </citerefentry> + </para> + </refsect1> +Index: pam.debian/modules/pam_wheel/pam_wheel.8 +=================================================================== +--- pam.debian.orig/modules/pam_wheel/pam_wheel.8 ++++ pam.debian/modules/pam_wheel/pam_wheel.8 +@@ -136,7 +136,7 @@ + .PP + \fBpam.conf\fR(5), + \fBpam.d\fR(5), +-\fBpam\fR(8) ++\fBpam\fR(7) + .SH "AUTHOR" + .PP + pam_wheel was written by Cristian Gafton <gafton@redhat\&.com>\&. +Index: pam.debian/modules/pam_xauth/pam_xauth.8.xml +=================================================================== +--- pam.debian.orig/modules/pam_xauth/pam_xauth.8.xml ++++ pam.debian/modules/pam_xauth/pam_xauth.8.xml +@@ -276,7 +276,7 @@ + <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> + </citerefentry>, + <citerefentry> +- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> ++ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> + </citerefentry> + </para> + </refsect1> +Index: pam.debian/modules/pam_xauth/pam_xauth.8 +=================================================================== +--- pam.debian.orig/modules/pam_xauth/pam_xauth.8 ++++ pam.debian/modules/pam_xauth/pam_xauth.8 +@@ -177,7 +177,7 @@ + .PP + \fBpam.conf\fR(5), + \fBpam.d\fR(5), +-\fBpam\fR(8) ++\fBpam\fR(7) + .SH "AUTHOR" + .PP + pam_xauth was written by Nalin Dahyabhai <nalin@redhat\&.com>, based on original version by Michael K\&. Johnson <johnsonm@redhat\&.com>\&. +Index: pam.debian/modules/pam_env/pam_env.8 +=================================================================== +--- pam.debian.orig/modules/pam_env/pam_env.8 ++++ pam.debian/modules/pam_env/pam_env.8 +@@ -2,12 +2,12 @@ + .\" Title: pam_env + .\" Author: [see the "AUTHOR" section] + .\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/> +-.\" Date: 01/15/2014 ++.\" Date: 01/16/2014 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "PAM_ENV" "8" "01/15/2014" "Linux-PAM Manual" "Linux-PAM Manual" ++.TH "PAM_ENV" "8" "01/16/2014" "Linux-PAM Manual" "Linux-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- diff --git a/debian/patches-applied/cve-2010-4708.patch b/debian/patches-applied/cve-2010-4708.patch new file mode 100644 index 00000000..cf23e318 --- /dev/null +++ b/debian/patches-applied/cve-2010-4708.patch @@ -0,0 +1,64 @@ +Description: fix cve-2010-4708: .pam_environment privilege issue +Index: pam.debian/modules/pam_env/pam_env.c +=================================================================== +--- pam.debian.orig/modules/pam_env/pam_env.c ++++ pam.debian/modules/pam_env/pam_env.c +@@ -10,7 +10,7 @@ + #define DEFAULT_READ_ENVFILE 1 + + #define DEFAULT_USER_ENVFILE ".pam_environment" +-#define DEFAULT_USER_READ_ENVFILE 1 ++#define DEFAULT_USER_READ_ENVFILE 0 + + #include "config.h" + +Index: pam.debian/modules/pam_env/pam_env.8.xml +=================================================================== +--- pam.debian.orig/modules/pam_env/pam_env.8.xml ++++ pam.debian/modules/pam_env/pam_env.8.xml +@@ -147,7 +147,7 @@ + <listitem> + <para> + Turns on or off the reading of the user specific environment +- file. 0 is off, 1 is on. By default this option is on. ++ file. 0 is off, 1 is on. By default this option is off. + </para> + </listitem> + </varlistentry> +Index: pam.debian/modules/pam_env/pam_env.8 +=================================================================== +--- pam.debian.orig/modules/pam_env/pam_env.8 ++++ pam.debian/modules/pam_env/pam_env.8 +@@ -2,12 +2,12 @@ + .\" Title: pam_env + .\" Author: [see the "AUTHOR" section] + .\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/> +-.\" Date: 09/19/2013 ++.\" Date: 01/15/2014 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "PAM_ENV" "8" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" ++.TH "PAM_ENV" "8" "01/15/2014" "Linux-PAM Manual" "Linux-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +@@ -88,7 +88,7 @@ + .PP + \fBuser_readenv=\fR\fB\fI0|1\fR\fR + .RS 4 +-Turns on or off the reading of the user specific environment file\&. 0 is off, 1 is on\&. By default this option is on\&. ++Turns on or off the reading of the user specific environment file\&. 0 is off, 1 is on\&. By default this option is off\&. + .RE + .SH "MODULE TYPES PROVIDED" + .PP +@@ -138,7 +138,7 @@ + .PP + \fBpam_env.conf\fR(5), + \fBpam.d\fR(5), +-\fBpam\fR(8)\&. ++\fBpam\fR(7)\&. + .SH "AUTHOR" + .PP + pam_env was written by Dave Kinchlea <kinch@kinch\&.ark\&.com>\&. diff --git a/debian/patches-applied/cve-2013-7041.patch b/debian/patches-applied/cve-2013-7041.patch new file mode 100644 index 00000000..dac35b25 --- /dev/null +++ b/debian/patches-applied/cve-2013-7041.patch @@ -0,0 +1,44 @@ +From 57a1e2b274d0a6376d92ada9926e5c5741e7da20 Mon Sep 17 00:00:00 2001 +From: "Dmitry V. Levin" <ldv@altlinux.org> +Date: Fri, 24 Jan 2014 22:18:32 +0000 +Subject: pam_userdb: fix password hash comparison + +Starting with commit Linux-PAM-0-77-28-g0b3e583 that introduced hashed +passwords support in pam_userdb, hashes are compared case-insensitively. +This bug leads to accepting hashes for completely different passwords in +addition to those that should be accepted. + +Additionally, commit Linux-PAM-1_1_6-13-ge2a8187 that added support for +modern password hashes with different lengths and settings, did not +update the hash comparison accordingly, which leads to accepting +computed hashes longer than stored hashes when the latter is a prefix +of the former. + +* modules/pam_userdb/pam_userdb.c (user_lookup): Reject the computed +hash whose length differs from the stored hash length. +Compare computed and stored hashes case-sensitively. +Fixes CVE-2013-7041. + +Bug-Debian: http://bugs.debian.org/731368 + +--- a/modules/pam_userdb/pam_userdb.c ++++ b/modules/pam_userdb/pam_userdb.c +@@ -222,12 +222,15 @@ user_lookup (pam_handle_t *pamh, const char *database, const char *cryptmode, + } else { + cryptpw = crypt (pass, data.dptr); + +- if (cryptpw) { +- compare = strncasecmp (data.dptr, cryptpw, data.dsize); ++ if (cryptpw && strlen(cryptpw) == (size_t)data.dsize) { ++ compare = memcmp(data.dptr, cryptpw, data.dsize); + } else { + compare = -2; + if (ctrl & PAM_DEBUG_ARG) { +- pam_syslog(pamh, LOG_INFO, "crypt() returned NULL"); ++ if (cryptpw) ++ pam_syslog(pamh, LOG_INFO, "lengths of computed and stored hashes differ"); ++ else ++ pam_syslog(pamh, LOG_INFO, "crypt() returned NULL"); + } + }; + diff --git a/debian/patches-applied/cve-2014-2583.patch b/debian/patches-applied/cve-2014-2583.patch new file mode 100644 index 00000000..3eb91702 --- /dev/null +++ b/debian/patches-applied/cve-2014-2583.patch @@ -0,0 +1,47 @@ +From 9dcead87e6d7f66d34e7a56d11a30daca367dffb Mon Sep 17 00:00:00 2001 +From: "Dmitry V. Levin" <ldv@altlinux.org> +Date: Wed, 26 Mar 2014 22:17:23 +0000 +Subject: pam_timestamp: fix potential directory traversal issue (ticket #27) + +pam_timestamp uses values of PAM_RUSER and PAM_TTY as components of +the timestamp pathname it creates, so extra care should be taken to +avoid potential directory traversal issues. + +* modules/pam_timestamp/pam_timestamp.c (check_tty): Treat +"." and ".." tty values as invalid. +(get_ruser): Treat "." and ".." ruser values, as well as any ruser +value containing '/', as invalid. + +Fixes CVE-2014-2583. + +Reported-by: Sebastian Krahmer <krahmer@suse.de> + +--- a/modules/pam_timestamp/pam_timestamp.c ++++ b/modules/pam_timestamp/pam_timestamp.c +@@ -158,7 +158,7 @@ check_tty(const char *tty) + tty = strrchr(tty, '/') + 1; + } + /* Make sure the tty wasn't actually a directory (no basename). */ +- if (strlen(tty) == 0) { ++ if (!strlen(tty) || !strcmp(tty, ".") || !strcmp(tty, "..")) { + return NULL; + } + return tty; +@@ -243,6 +243,17 @@ get_ruser(pam_handle_t *pamh, char *ruserbuf, size_t ruserbuflen) + if (pwd != NULL) { + ruser = pwd->pw_name; + } ++ } else { ++ /* ++ * This ruser is used by format_timestamp_name as a component ++ * of constructed timestamp pathname, so ".", "..", and '/' ++ * are disallowed to avoid potential path traversal issues. ++ */ ++ if (!strcmp(ruser, ".") || ++ !strcmp(ruser, "..") || ++ strchr(ruser, '/')) { ++ ruser = NULL; ++ } + } + if (ruser == NULL || strlen(ruser) >= ruserbuflen) { + *ruserbuf = '\0'; diff --git a/debian/patches-applied/cve-2015-3238.patch b/debian/patches-applied/cve-2015-3238.patch new file mode 100644 index 00000000..cb5e8c06 --- /dev/null +++ b/debian/patches-applied/cve-2015-3238.patch @@ -0,0 +1,180 @@ +From e89d4c97385ff8180e6e81e84c5aa745daf28a79 Mon Sep 17 00:00:00 2001 +From: Thorsten Kukuk <kukuk@thkukuk.de> +Date: Mon, 22 Jun 2015 14:53:01 +0200 +Subject: Release version 1.2.1 + +Security fix: CVE-2015-3238 + +If the process executing pam_sm_authenticate or pam_sm_chauthtok method +of pam_unix is not privileged enough to check the password, e.g. +if selinux is enabled, the _unix_run_helper_binary function is called. +When a long enough password is supplied (16 pages or more, i.e. 65536+ +bytes on a system with 4K pages), this helper function hangs +indefinitely, blocked in the write(2) call while writing to a blocking +pipe that has a limited capacity. +With this fix, the verifiable password length will be limited to +PAM_MAX_RESP_SIZE bytes (i.e. 512 bytes) for pam_exec and pam_unix. + +diff --git a/modules/pam_exec/pam_exec.8.xml b/modules/pam_exec/pam_exec.8.xml +index 2379366..d1b00a2 100644 +--- a/modules/pam_exec/pam_exec.8.xml ++++ b/modules/pam_exec/pam_exec.8.xml +@@ -106,7 +106,8 @@ + During authentication the calling command can read + the password from <citerefentry> + <refentrytitle>stdin</refentrytitle><manvolnum>3</manvolnum> +- </citerefentry>. ++ </citerefentry>. Only first <emphasis>PAM_MAX_RESP_SIZE</emphasis> ++ bytes of a password are provided to the command. + </para> + </listitem> + </varlistentry> +diff --git a/modules/pam_exec/pam_exec.c b/modules/pam_exec/pam_exec.c +index 5ab9630..17ba6ca 100644 +--- a/modules/pam_exec/pam_exec.c ++++ b/modules/pam_exec/pam_exec.c +@@ -178,11 +178,11 @@ call_exec (const char *pam_type, pam_handle_t *pamh, + } + + pam_set_item (pamh, PAM_AUTHTOK, resp); +- authtok = strdupa (resp); ++ authtok = strndupa (resp, PAM_MAX_RESP_SIZE); + _pam_drop (resp); + } + else +- authtok = void_pass; ++ authtok = strndupa (void_pass, PAM_MAX_RESP_SIZE); + + if (pipe(fds) != 0) + { +diff --git a/modules/pam_unix/pam_unix.8.xml b/modules/pam_unix/pam_unix.8.xml +index 4008402..a8b64bb 100644 +--- a/modules/pam_unix/pam_unix.8.xml ++++ b/modules/pam_unix/pam_unix.8.xml +@@ -80,6 +80,13 @@ + </para> + + <para> ++ The maximum length of a password supported by the pam_unix module ++ via the helper binary is <emphasis>PAM_MAX_RESP_SIZE</emphasis> ++ - currently 512 bytes. The rest of the password provided by the ++ conversation function to the module will be ignored. ++ </para> ++ ++ <para> + The password component of this module performs the task of updating + the user's password. The default encryption hash is taken from the + <emphasis remap='B'>ENCRYPT_METHOD</emphasis> variable from +diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c +index 2d330e5..c2e5de5 100644 +--- a/modules/pam_unix/pam_unix_passwd.c ++++ b/modules/pam_unix/pam_unix_passwd.c +@@ -240,15 +240,22 @@ static int _unix_run_update_binary(pam_handle_t *pamh, unsigned int ctrl, const + /* wait for child */ + /* if the stored password is NULL */ + int rc=0; +- if (fromwhat) +- pam_modutil_write(fds[1], fromwhat, strlen(fromwhat)+1); +- else +- pam_modutil_write(fds[1], "", 1); +- if (towhat) { +- pam_modutil_write(fds[1], towhat, strlen(towhat)+1); ++ if (fromwhat) { ++ int len = strlen(fromwhat); ++ ++ if (len > PAM_MAX_RESP_SIZE) ++ len = PAM_MAX_RESP_SIZE; ++ pam_modutil_write(fds[1], fromwhat, len); + } +- else +- pam_modutil_write(fds[1], "", 1); ++ pam_modutil_write(fds[1], "", 1); ++ if (towhat) { ++ int len = strlen(towhat); ++ ++ if (len > PAM_MAX_RESP_SIZE) ++ len = PAM_MAX_RESP_SIZE; ++ pam_modutil_write(fds[1], towhat, len); ++ } ++ pam_modutil_write(fds[1], "", 1); + + close(fds[0]); /* close here to avoid possible SIGPIPE above */ + close(fds[1]); +diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c +index b325602..e79b55e 100644 +--- a/modules/pam_unix/passverify.c ++++ b/modules/pam_unix/passverify.c +@@ -1115,12 +1115,15 @@ getuidname(uid_t uid) + int + read_passwords(int fd, int npass, char **passwords) + { ++ /* The passwords array must contain npass preallocated ++ * buffers of length MAXPASS + 1 ++ */ + int rbytes = 0; + int offset = 0; + int i = 0; + char *pptr; + while (npass > 0) { +- rbytes = read(fd, passwords[i]+offset, MAXPASS-offset); ++ rbytes = read(fd, passwords[i]+offset, MAXPASS+1-offset); + + if (rbytes < 0) { + if (errno == EINTR) continue; +diff --git a/modules/pam_unix/passverify.h b/modules/pam_unix/passverify.h +index 3de6759..caf7ae8 100644 +--- a/modules/pam_unix/passverify.h ++++ b/modules/pam_unix/passverify.h +@@ -8,7 +8,7 @@ + + #define PAM_UNIX_RUN_HELPER PAM_CRED_INSUFFICIENT + +-#define MAXPASS 200 /* the maximum length of a password */ ++#define MAXPASS PAM_MAX_RESP_SIZE /* the maximum length of a password */ + + #define OLD_PASSWORDS_FILE "/etc/security/opasswd" + +diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c +index fdb45c2..abccd82 100644 +--- a/modules/pam_unix/support.c ++++ b/modules/pam_unix/support.c +@@ -609,7 +609,12 @@ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd, + /* if the stored password is NULL */ + int rc=0; + if (passwd != NULL) { /* send the password to the child */ +- if (write(fds[1], passwd, strlen(passwd)+1) == -1) { ++ int len = strlen(passwd); ++ ++ if (len > PAM_MAX_RESP_SIZE) ++ len = PAM_MAX_RESP_SIZE; ++ if (write(fds[1], passwd, len) == -1 || ++ write(fds[1], "", 1) == -1) { + pam_syslog (pamh, LOG_ERR, "Cannot send password to helper: %m"); + retval = PAM_AUTH_ERR; + } +--- a/modules/pam_unix/pam_unix.8 2017-05-27 15:38:27.000000000 +0000 ++++ b/modules/pam_unix/pam_unix.8 2017-05-27 15:34:49.000000000 +0000 +@@ -56,6 +56,10 @@ + \fBnoreap\fR + module argument can be used to suppress this temporary shielding and may be needed for use with certain applications\&. + .PP ++The maximum length of a password supported by the pam_unix module via the helper binary is ++\fIPAM_MAX_RESP_SIZE\fR ++\- currently 512 bytes\&. The rest of the password provided by the conversation function to the module will be ignored\&. ++.PP + The password component of this module performs the task of updating the user\*(Aqs password\&. The default encryption hash is taken from the + \fBENCRYPT_METHOD\fR + variable from +--- a/modules/pam_exec/pam_exec.8 2017-05-27 15:38:27.000000000 +0000 ++++ b/modules/pam_exec/pam_exec.8 2017-05-27 15:56:25.000000000 +0000 +@@ -65,7 +65,9 @@ + \fBexpose_authtok\fR + .RS 4 + During authentication the calling command can read the password from +-\fBstdin\fR(3)\&. ++\fBstdin\fR(3)\&. Only first ++\fIPAM_MAX_RESP_SIZE\fR ++bytes of a password are provided to the command\&. + .RE + .PP + \fBlog=\fR\fB\fIfile\fR\fR diff --git a/debian/patches-applied/do_not_check_nis_accidentally b/debian/patches-applied/do_not_check_nis_accidentally new file mode 100644 index 00000000..8d85bfc3 --- /dev/null +++ b/debian/patches-applied/do_not_check_nis_accidentally @@ -0,0 +1,22 @@ +Patch for Debian bug #469635 + +Always call _unix_getpwnam() consistent with the value of the 'nis' +option, so that we only grab from the backends we're expecting. + +Authors: Quentin Godfroy <godfroy@clipper.ens.fr> + +Upstream status: should be submitted + +Index: pam.deb/modules/pam_unix/pam_unix_passwd.c +=================================================================== +--- pam.deb.orig/modules/pam_unix/pam_unix_passwd.c ++++ pam.deb/modules/pam_unix/pam_unix_passwd.c +@@ -551,7 +551,7 @@ + return PAM_USER_UNKNOWN; + } else { + struct passwd *pwd; +- _unix_getpwnam(pamh, user, 1, 1, &pwd); ++ _unix_getpwnam(pamh, user, 1, on(UNIX_NIS, ctrl), &pwd); + if (pwd == NULL) { + pam_syslog(pamh, LOG_DEBUG, + "user \"%s\" has corrupted passwd entry", diff --git a/debian/patches-applied/hurd_no_setfsuid b/debian/patches-applied/hurd_no_setfsuid new file mode 100644 index 00000000..a2bf783c --- /dev/null +++ b/debian/patches-applied/hurd_no_setfsuid @@ -0,0 +1,77 @@ +On systems without setfsuid(), use setreuid() instead. + +Authors: Steve Langasek <vorlon@debian.org> + +Upstream status: to be forwarded, now that pam_modutil_{drop,regain}_priv + are implemented + +Index: pam.debian/libpam/pam_modutil_priv.c +=================================================================== +--- pam.debian.orig/libpam/pam_modutil_priv.c ++++ pam.debian/libpam/pam_modutil_priv.c +@@ -14,7 +14,9 @@ + #include <syslog.h> + #include <pwd.h> + #include <grp.h> ++#ifdef HAVE_SYS_FSUID_H + #include <sys/fsuid.h> ++#endif /* HAVE_SYS_FSUID_H */ + + /* + * Two setfsuid() calls in a row are necessary to check +@@ -22,17 +24,55 @@ + */ + static int change_uid(uid_t uid, uid_t *save) + { ++#ifdef HAVE_SYS_FSUID_H + uid_t tmp = setfsuid(uid); + if (save) + *save = tmp; + return (uid_t) setfsuid(uid) == uid ? 0 : -1; ++#else ++ uid_t euid = geteuid(); ++ uid_t ruid = getuid(); ++ if (save) ++ *save = ruid; ++ if (ruid == uid && uid != 0) ++ if (setreuid(euid, uid)) ++ return -1; ++ else { ++ setreuid(0, -1); ++ if (setreuid(-1, uid)) { ++ setreuid(-1, 0); ++ setreuid(0, -1); ++ if (setreuid(-1, uid)) ++ return -1; ++ } ++ } ++#endif + } + static int change_gid(gid_t gid, gid_t *save) + { ++#ifdef HAVE_SYS_FSUID_H + gid_t tmp = setfsgid(gid); + if (save) + *save = tmp; + return (gid_t) setfsgid(gid) == gid ? 0 : -1; ++#else ++ gid_t egid = getegid(); ++ gid_t rgid = getgid(); ++ if (save) ++ *save = rgid; ++ if (rgid == gid) ++ if (setregid(egid, gid)) ++ return -1; ++ else { ++ setregid(0, -1); ++ if (setregid(-1, gid)) { ++ setregid(-1, 0); ++ setregid(0, -1); ++ if (setregid(-1, gid)) ++ return -1; ++ } ++ } ++#endif + } + + static int cleanup(struct pam_modutil_privs *p) diff --git a/debian/patches-applied/lib_security_multiarch_compat b/debian/patches-applied/lib_security_multiarch_compat new file mode 100644 index 00000000..9d6d40a9 --- /dev/null +++ b/debian/patches-applied/lib_security_multiarch_compat @@ -0,0 +1,71 @@ +Unqualified module paths should always be looked up in *both* the default +module dir, *and* the ISA dir. That's what paths are for. + +This lets us have a soft transition to multiarch for modules without having +to rewrite /etc/pam.d/ files or add ugly symlinks. + +Authors: Steve Langasek <vorlon@debian.org> + +Upstream status: not ready to be committed - this needs tweaked, we're +currently abusing the existing variables and inverting their meaning in +order to get everything installed where we want it and get absolute paths +the way we want them. + +Index: multiarch/libpam/pam_handlers.c +=================================================================== +--- multiarch.orig/libpam/pam_handlers.c ++++ multiarch/libpam/pam_handlers.c +@@ -705,7 +705,26 @@ + } + #else + D(("_pam_load_module: _pam_dlopen(%s)", mod_path)); +- mod->dl_handle = _pam_dlopen(mod_path); ++ if (mod_path[0] == '/') { ++ mod->dl_handle = _pam_dlopen(mod_path); ++ } else { ++ if (asprintf(&mod_full_isa_path, "%s%s", ++ DEFAULT_MODULE_PATH, mod_path) >= 0) { ++ mod->dl_handle = _pam_dlopen(mod_full_isa_path); ++ _pam_drop(mod_full_isa_path); ++ } else { ++ pam_syslog(pamh, LOG_CRIT, "cannot malloc full mod path"); ++ } ++ if (!mod->dl_handle) { ++ if (asprintf(&mod_full_isa_path, "%s/%s", ++ _PAM_ISA, mod_path) >= 0) { ++ mod->dl_handle = _pam_dlopen(mod_full_isa_path); ++ _pam_drop(mod_full_isa_path); ++ } else { ++ pam_syslog(pamh, LOG_CRIT, "cannot malloc full mod path"); ++ } ++ } ++ } + D(("_pam_load_module: _pam_dlopen'ed")); + D(("_pam_load_module: dlopen'ed")); + if (mod->dl_handle == NULL) { +@@ -775,7 +794,6 @@ + struct handler **handler_p2; + struct handlers *the_handlers; + const char *sym, *sym2; +- char *mod_full_path; + servicefn func, func2; + int mod_type = PAM_MT_FAULTY_MOD; + +@@ -787,16 +805,7 @@ + + if ((handler_type == PAM_HT_MODULE || handler_type == PAM_HT_SILENT_MODULE) && + mod_path != NULL) { +- if (mod_path[0] == '/') { +- mod = _pam_load_module(pamh, mod_path, handler_type); +- } else if (asprintf(&mod_full_path, "%s%s", +- DEFAULT_MODULE_PATH, mod_path) >= 0) { +- mod = _pam_load_module(pamh, mod_full_path, handler_type); +- _pam_drop(mod_full_path); +- } else { +- pam_syslog(pamh, LOG_CRIT, "cannot malloc full mod path"); +- return PAM_ABORT; +- } ++ mod = _pam_load_module(pamh, mod_path, handler_type); + + if (mod == NULL) { + /* if we get here with NULL it means allocation error */ diff --git a/debian/patches-applied/make_documentation_reproducible.patch b/debian/patches-applied/make_documentation_reproducible.patch new file mode 100644 index 00000000..26f16503 --- /dev/null +++ b/debian/patches-applied/make_documentation_reproducible.patch @@ -0,0 +1,28 @@ +Description: Make documentation reproducible + Add LC_ALL=C to w3m to avoid changes in the output when build the + documentation with different locales. +Author: Juan Picca <jumapico@gmail.com> +Last-Update: 2015-07-11 + +--- pam.orig/configure ++++ pam/configure +@@ -15162,7 +15162,7 @@ fi + + + if test ! -z "$BROWSER"; then +- BROWSER="$BROWSER -T text/html -dump" ++ BROWSER="LC_ALL=C $BROWSER -T text/html -dump" + else + enable_docu=no + fi +--- pam.orig/configure.in ++++ pam/configure.in +@@ -554,7 +554,7 @@ JH_CHECK_XML_CATALOG([http://docbook.sou + + AC_PATH_PROG([BROWSER], [w3m]) + if test ! -z "$BROWSER"; then +- BROWSER="$BROWSER -T text/html -dump" ++ BROWSER="LC_ALL=C $BROWSER -T text/html -dump" + else + enable_docu=no + fi diff --git a/debian/patches-applied/no_PATH_MAX_on_hurd b/debian/patches-applied/no_PATH_MAX_on_hurd new file mode 100644 index 00000000..ab7d506c --- /dev/null +++ b/debian/patches-applied/no_PATH_MAX_on_hurd @@ -0,0 +1,22 @@ +Description: define PATH_MAX for compatibility when it's not already set + Some platforms, such as the Hurd, don't set PATH_MAX. Set a reasonable + default value in this case. +Author: Steve Langasek <vorlon@debian.org> +Bug-Debian: http://bugs.debian.org/552043 + +Index: pam.deb/tests/tst-dlopen.c +=================================================================== +--- pam.deb.orig/tests/tst-dlopen.c ++++ pam.deb/tests/tst-dlopen.c +@@ -16,6 +16,11 @@ + #include <limits.h> + #include <sys/stat.h> + ++/* Hurd compatibility */ ++#ifndef PATH_MAX ++#define PATH_MAX 4096 ++#endif ++ + /* Simple program to see if dlopen() would succeed. */ + int main(int argc, char **argv) + { diff --git a/debian/patches-applied/pam-limits-nofile-fd-setsize-cap b/debian/patches-applied/pam-limits-nofile-fd-setsize-cap new file mode 100644 index 00000000..176d7845 --- /dev/null +++ b/debian/patches-applied/pam-limits-nofile-fd-setsize-cap @@ -0,0 +1,58 @@ +From: Robie Basak <robie.basak@ubuntu.com> +Subject: pam_limits: cap the default soft nofile limit read from pid 1 to FD_SETSIZE + +Cap the default soft nofile limit read from pid 1 to FD_SETSIZE since +larger values can cause problems with fd_set overflow and systemd sets +itself higher. + +See: +https://lists.ubuntu.com/archives/ubuntu-devel/2010-September/031446.html +http://www.outflux.net/blog/archives/2014/06/13/5-year-old-glibc-select-weakness-fixed/ +https://sourceware.org/bugzilla/show_bug.cgi?id=10352 +https://github.com/systemd/systemd/commit/4096d6f5879aef73e20dd7b62a01f447629945b0 + +pam_limits reads the default limits from /proc/1/limits. Previously, +using upstart, this resulted in a 1024 nofile soft limit on Ubuntu +systems by default. Using systemd, this results in a limit of 65536 +instead. This is not the intention of systemd upstream. See systemd +commit 4096d6f for an explanation of systemd's behaviour. + +If we want to make such a change to the default distribution soft limit +in PAM, we should do it deliberately and carefully, not accidentally. A +change should consider what uses select(2) and might inadvertently (and +incorrectly) assume that file descriptors will always fit into an +fd_set, what vulnerabilities or crashes the change could consequently +create, and whether the protection now present with FORTIFY_SOURCE is +suitably enabled in all relevant builds. + +So this keeps the soft limit at 1024 for now. The hard limit will rise +to 65536 along with systemd. Anything that knows that it will not be +buggy with respect to fd_set and FD_SETSIZE, such as by using poll(2) or +epoll(7) instead of select(2), can always raise the soft limit itself +without issue. + +20:54 <rbasak> slangasek: [...] I'm also not sure how to go about +upstreaming this as pam_limits seems to be heavily patched already. + +Forwarded: no +Reviewed-by: Adam Conrad <adconrad@ubuntu.com> +Reviewed-by: Martin Pitt <martin.pitt@ubuntu.com> +Last-Update: 2015-04-22 + +--- a/modules/pam_limits/pam_limits.c ++++ b/modules/pam_limits/pam_limits.c +@@ -439,6 +439,14 @@ static void parse_kernel_limits(pam_hand + pl->limits[i].src_hard = LIMITS_DEF_KERNEL; + } + fclose(limitsfile); ++ ++ /* Cap the default soft nofile limit read from pid 1 to FD_SETSIZE ++ * since larger values can cause problems with fd_set overflow and ++ * systemd sets itself higher. */ ++ if (pl->limits[RLIMIT_NOFILE].src_soft == LIMITS_DEF_KERNEL && ++ pl->limits[RLIMIT_NOFILE].limit.rlim_cur > FD_SETSIZE) { ++ pl->limits[RLIMIT_NOFILE].limit.rlim_cur = FD_SETSIZE; ++ } + } + + static int init_limits(pam_handle_t *pamh, struct pam_limit_s *pl, int ctrl) diff --git a/debian/patches-applied/pam-loginuid-in-containers b/debian/patches-applied/pam-loginuid-in-containers new file mode 100644 index 00000000..1e965b2d --- /dev/null +++ b/debian/patches-applied/pam-loginuid-in-containers @@ -0,0 +1,146 @@ +Author: Stéphane Graber <stgraber@ubuntu.com> +Description: pam_loginuid: Ignore failure in user namespaces + When running pam_loginuid in a container using the user namespaces, even + uid 0 isn't allowed to set the loginuid property. + . + This change catches the EACCES from opening loginuid, checks if the user + is in the host namespace (by comparing the uid_map with the host's one) + and only if that's the case, sets rc to 1. + . + Should uid_map not exist or be unreadable for some reason, it'll be + assumed that the process is running on the host's namespace. + . + The initial reason behind this change was failure to ssh into an + unprivileged container (using a 3.13 kernel and current LXC) when using + a standard pam profile for sshd (which requires success from + pam_loginuid). + . + I believe this solution doesn't have any drawback and will allow people + to use unprivileged containers normally. An alternative would be to have + all distros set pam_loginuid as optional but that'd be bad for any of + the other potential failure case which people may care about. + . + There has also been some discussions to get some of the audit features + tied with the user namespaces but currently none of that has been merged + upstream and the currently proposed implementation doesn't cover + loginuid (nor is it clear how this should even work when loginuid is set + as immutable after initial write). + . + Signed-off-by: Steve Langasek <vorlon@debian.org> + Signed-off-by: Dmitry V. Levin <ldv@altlinux.org> + +Index: ubuntu/modules/pam_loginuid/pam_loginuid.c +=================================================================== +--- ubuntu.orig/modules/pam_loginuid/pam_loginuid.c 2014-01-31 21:07:08.665185675 +0000 ++++ ubuntu/modules/pam_loginuid/pam_loginuid.c 2014-01-31 21:05:05.000000000 +0000 +@@ -47,25 +47,56 @@ + + /* + * This function writes the loginuid to the /proc system. It returns +- * 0 on success and 1 on failure. ++ * PAM_SUCCESS on success, ++ * PAM_IGNORE when /proc/self/loginuid does not exist, ++ * PAM_SESSION_ERR in case of any other error. + */ + static int set_loginuid(pam_handle_t *pamh, uid_t uid) + { +- int fd, count, rc = 0; +- char loginuid[24]; ++ int fd, count, rc = PAM_SESSION_ERR; ++ char loginuid[24], buf[24]; ++ static const char host_uid_map[] = " 0 0 4294967295\n"; ++ char uid_map[sizeof(host_uid_map)]; ++ ++ /* loginuid in user namespaces currently isn't writable and in some ++ case, not even readable, so consider any failure as ignorable (but try ++ anyway, in case we hit a kernel which supports it). */ ++ fd = open("/proc/self/uid_map", O_RDONLY); ++ if (fd >= 0) { ++ count = pam_modutil_read(fd, uid_map, sizeof(uid_map)); ++ if (strncmp(uid_map, host_uid_map, count) != 0) ++ rc = PAM_IGNORE; ++ close(fd); ++ } + +- count = snprintf(loginuid, sizeof(loginuid), "%lu", (unsigned long)uid); +- fd = open("/proc/self/loginuid", O_NOFOLLOW|O_WRONLY|O_TRUNC); ++ fd = open("/proc/self/loginuid", O_NOFOLLOW|O_RDWR); + if (fd < 0) { +- if (errno != ENOENT) { +- rc = 1; +- pam_syslog(pamh, LOG_ERR, +- "Cannot open /proc/self/loginuid: %m"); ++ if (errno == ENOENT) { ++ rc = PAM_IGNORE; ++ } ++ if (rc != PAM_IGNORE) { ++ pam_syslog(pamh, LOG_ERR, "Cannot open %s: %m", ++ "/proc/self/loginuid"); + } + return rc; + } +- if (pam_modutil_write(fd, loginuid, count) != count) +- rc = 1; ++ ++ count = snprintf(loginuid, sizeof(loginuid), "%lu", (unsigned long)uid); ++ if (pam_modutil_read(fd, buf, sizeof(buf)) == count && ++ memcmp(buf, loginuid, count) == 0) { ++ rc = PAM_SUCCESS; ++ goto done; /* already correct */ ++ } ++ if (lseek(fd, 0, SEEK_SET) == 0 && ftruncate(fd, 0) == 0 && ++ pam_modutil_write(fd, loginuid, count) == count) { ++ rc = PAM_SUCCESS; ++ } else { ++ if (rc != PAM_IGNORE) { ++ pam_syslog(pamh, LOG_ERR, "Error writing %s: %m", ++ "/proc/self/loginuid"); ++ } ++ } ++ done: + close(fd); + return rc; + } +@@ -165,6 +196,7 @@ + { + const char *user = NULL; + struct passwd *pwd; ++ int ret; + #ifdef HAVE_LIBAUDIT + int require_auditd = 0; + #endif +@@ -183,9 +215,14 @@ + return PAM_SESSION_ERR; + } + +- if (set_loginuid(pamh, pwd->pw_uid)) { +- pam_syslog(pamh, LOG_ERR, "set_loginuid failed\n"); +- return PAM_SESSION_ERR; ++ ret = set_loginuid(pamh, pwd->pw_uid); ++ switch (ret) { ++ case PAM_SUCCESS: ++ case PAM_IGNORE: ++ break; ++ default: ++ pam_syslog(pamh, LOG_ERR, "set_loginuid failed"); ++ return ret; + } + + #ifdef HAVE_LIBAUDIT +@@ -195,11 +232,12 @@ + argv++; + } + +- if (require_auditd) +- return check_auditd(); +- else ++ if (require_auditd) { ++ int rc = check_auditd(); ++ return rc != PAM_SUCCESS ? rc : ret; ++ } else + #endif +- return PAM_SUCCESS; ++ return ret; + } + + /* diff --git a/debian/patches-applied/pam_namespace_fix_bashism.patch b/debian/patches-applied/pam_namespace_fix_bashism.patch new file mode 100644 index 00000000..6c6f1861 --- /dev/null +++ b/debian/patches-applied/pam_namespace_fix_bashism.patch @@ -0,0 +1,61 @@ +From fbc65c39d6853af268c9a093923afc876d0b138e Mon Sep 17 00:00:00 2001 +From: Steve Langasek <vorlon@debian.org> +Date: Tue, 14 Jan 2014 19:48:51 -0800 +Subject: pam_namespace: don't use bashisms in default namespace.init script + +* modules/pam_namespace/pam_namespace.c: call setuid() before execing the +namespace init script, so that scripts run with maximum privilege regardless +of the shell implementation. +* modules/pam_namespace/namespace.init: drop the '-p' bashism from the +shebang line + +This is not a POSIX standard option, it's a bashism. The bash manpage says +that it's used to prevent the effective user id from being reset to the real +user id on startup, and to ignore certain unsafe variables from the +environment. + +In the case of pam_namespace, the -p is not necessary for environment +sanitizing because the PAM module (properly) sanitizes the environment +before execing the script. + +The stated reason given in CVS history for passing -p is to "preserve euid +when called from setuid apps (su, newrole)." This should be done more +portably, by calling setuid() before spawning the shell. + +Signed-off-by: Steve Langasek <vorlon@debian.org> +Bug-Debian: http://bugs.debian.org/624842 +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1081323 +--- + modules/pam_namespace/namespace.init | 2 +- + modules/pam_namespace/pam_namespace.c | 5 +++++ + 2 files changed, 6 insertions(+), 1 deletion(-) + +diff --git a/modules/pam_namespace/namespace.init b/modules/pam_namespace/namespace.init +index 9ab5806..67d4aa2 100755 +--- a/modules/pam_namespace/namespace.init ++++ b/modules/pam_namespace/namespace.init +@@ -1,4 +1,4 @@ +-#!/bin/sh -p ++#!/bin/sh + # It receives polydir path as $1, the instance path as $2, + # a flag whether the instance dir was newly created (0 - no, 1 - yes) in $3, + # and user name in $4. +diff --git a/modules/pam_namespace/pam_namespace.c b/modules/pam_namespace/pam_namespace.c +index e0d5e30..92883f5 100644 +--- a/modules/pam_namespace/pam_namespace.c ++++ b/modules/pam_namespace/pam_namespace.c +@@ -1205,6 +1205,11 @@ static int inst_init(const struct polydir_s *polyptr, const char *ipath, + _exit(1); + } + #endif ++ /* Pass maximum privs when we exec() */ ++ if (setuid(geteuid()) < 0) { ++ /* ignore failures, they don't matter */ ++ } ++ + if (execle(init_script, init_script, + polyptr->dir, ipath, newdir?"1":"0", idata->user, NULL, envp) < 0) + _exit(1); +-- +cgit v0.12 + diff --git a/debian/patches-applied/pam_unix_dont_trust_chkpwd_caller.patch b/debian/patches-applied/pam_unix_dont_trust_chkpwd_caller.patch new file mode 100644 index 00000000..87336651 --- /dev/null +++ b/debian/patches-applied/pam_unix_dont_trust_chkpwd_caller.patch @@ -0,0 +1,25 @@ +Dropping suid bits is not enough to let us trust the caller; the unix_chkpwd +helper could be sgid shadow instead of suid root, as it is in Debian and +Ubuntu by default. Drop any sgid bits as well. + +Authors: Steve Langasek <vorlon@debian.org>, + Michael Spang <mspang@csclub.uwaterloo.ca> + +Upstream status: to be submitted + +Index: pam-debian/modules/pam_unix/unix_chkpwd.c +=================================================================== +--- pam-debian.orig/modules/pam_unix/unix_chkpwd.c 2011-10-10 16:22:06.270705822 -0700 ++++ pam-debian/modules/pam_unix/unix_chkpwd.c 2011-10-10 16:24:06.080224301 -0700 +@@ -137,9 +137,10 @@ + /* if the caller specifies the username, verify that user + matches it */ + if (strcmp(user, argv[1])) { ++ gid_t gid = getgid(); + user = argv[1]; + /* no match -> permanently change to the real user and proceed */ +- if (setuid(getuid()) != 0) ++ if (setresgid(gid, gid, gid) != 0 || setuid(getuid()) != 0) + return PAM_AUTH_ERR; + } + } diff --git a/debian/patches-applied/pam_unix_fix_sgid_shadow_auth.patch b/debian/patches-applied/pam_unix_fix_sgid_shadow_auth.patch new file mode 100644 index 00000000..df3dc65a --- /dev/null +++ b/debian/patches-applied/pam_unix_fix_sgid_shadow_auth.patch @@ -0,0 +1,25 @@ +Revert upstream change that prevents pam_unix from working with sgid +shadow applications. + +Authors: Steve Langasek <vorlon@debian.org> + +Upstream status: to be submitted (and debated...) + +Index: debian-pkg-pam/modules/pam_unix/passverify.c +=================================================================== +--- debian-pkg-pam.orig/modules/pam_unix/passverify.c 2009-04-17 12:46:39.000000000 -0700 ++++ debian-pkg-pam/modules/pam_unix/passverify.c 2009-04-17 12:46:40.000000000 -0700 +@@ -203,11 +203,11 @@ + * ...and shadow password file entry for this user, + * if shadowing is enabled + */ ++ *spwdent = pam_modutil_getspnam(pamh, name); + #ifndef HELPER_COMPILE +- if (geteuid() || SELINUX_ENABLED) ++ if (*spwdent == NULL && (geteuid() || SELINUX_ENABLED)) + return PAM_UNIX_RUN_HELPER; + #endif +- *spwdent = pam_modutil_getspnam(pamh, name); + if (*spwdent == NULL || (*spwdent)->sp_pwdp == NULL) + return PAM_AUTHINFO_UNAVAIL; + } diff --git a/debian/patches-applied/series b/debian/patches-applied/series new file mode 100644 index 00000000..51598ca8 --- /dev/null +++ b/debian/patches-applied/series @@ -0,0 +1,29 @@ +pam_unix_fix_sgid_shadow_auth.patch +pam_unix_dont_trust_chkpwd_caller.patch +007_modules_pam_unix +008_modules_pam_limits_chroot +021_nis_cleanup +022_pam_unix_group_time_miscfixes +026_pam_unix_passwd_unknown_user +do_not_check_nis_accidentally +027_pam_limits_better_init_allow_explicit_root +031_pam_include +032_pam_limits_EPERM_NOT_FATAL +036_pam_wheel_getlogin_considered_harmful +hurd_no_setfsuid +040_pam_limits_log_failure +045_pam_dispatch_jump_is_ignore +054_pam_security_abstract_securetty_handling +055_pam_unix_nullok_secure +cve-2010-4708.patch +PAM-manpage-section +update-motd +no_PATH_MAX_on_hurd +lib_security_multiarch_compat +pam-loginuid-in-containers +cve-2013-7041.patch +cve-2014-2583.patch +cve-2015-3238.patch +pam-limits-nofile-fd-setsize-cap +pam_namespace_fix_bashism.patch +make_documentation_reproducible.patch diff --git a/debian/patches-applied/update-motd b/debian/patches-applied/update-motd new file mode 100644 index 00000000..6c2af5bb --- /dev/null +++ b/debian/patches-applied/update-motd @@ -0,0 +1,168 @@ +Patch for Ubuntu bug #399071 + +Provide a more dynamic MOTD, based on the short-lived update-motd project. + +Authors: Dustin Kirkland <kirkland@canonical.com> + +Upstream status: not yet submitted + +Index: pam.debian/modules/pam_motd/pam_motd.c +=================================================================== +--- pam.debian.orig/modules/pam_motd/pam_motd.c ++++ pam.debian/modules/pam_motd/pam_motd.c +@@ -48,14 +48,39 @@ + + static char default_motd[] = DEFAULT_MOTD; + ++static void display_file(pam_handle_t *pamh, const char *motd_path) ++{ ++ int fd; ++ char *mtmp = NULL; ++ while ((fd = open(motd_path, O_RDONLY, 0)) >= 0) { ++ struct stat st; ++ /* fill in message buffer with contents of motd */ ++ if ((fstat(fd, &st) < 0) || !st.st_size || st.st_size > 0x10000) ++ break; ++ if (!(mtmp = malloc(st.st_size+1))) ++ break; ++ if (pam_modutil_read(fd, mtmp, st.st_size) != st.st_size) ++ break; ++ if (mtmp[st.st_size-1] == '\n') ++ mtmp[st.st_size-1] = '\0'; ++ else ++ mtmp[st.st_size] = '\0'; ++ pam_info (pamh, "%s", mtmp); ++ break; ++ } ++ _pam_drop (mtmp); ++ if (fd >= 0) ++ close(fd); ++} ++ + PAM_EXTERN + int pam_sm_open_session(pam_handle_t *pamh, int flags, + int argc, const char **argv) + { + int retval = PAM_IGNORE; +- int fd; ++ int do_update = 1; + const char *motd_path = NULL; +- char *mtmp = NULL; ++ struct stat st; + + if (flags & PAM_SILENT) { + return retval; +@@ -73,6 +98,9 @@ + "motd= specification missing argument - ignored"); + } + } ++ else if (!strcmp(*argv,"noupdate")) { ++ do_update = 0; ++ } + else + pam_syslog(pamh, LOG_ERR, "unknown option: %s", *argv); + } +@@ -80,34 +108,23 @@ + if (motd_path == NULL) + motd_path = default_motd; + +- while ((fd = open(motd_path, O_RDONLY, 0)) >= 0) { +- struct stat st; +- +- /* fill in message buffer with contents of motd */ +- if ((fstat(fd, &st) < 0) || !st.st_size || st.st_size > 0x10000) +- break; +- +- if (!(mtmp = malloc(st.st_size+1))) +- break; +- +- if (pam_modutil_read(fd, mtmp, st.st_size) != st.st_size) +- break; +- +- if (mtmp[st.st_size-1] == '\n') +- mtmp[st.st_size-1] = '\0'; +- else +- mtmp[st.st_size] = '\0'; +- +- pam_info (pamh, "%s", mtmp); +- break; ++ /* Run the update-motd dynamic motd scripts, outputting to /run/motd.dynamic. ++ This will be displayed only when calling pam_motd with ++ motd=/run/motd.dynamic; current /etc/pam.d/login and /etc/pam.d/sshd ++ display both this file and /etc/motd. */ ++ if (do_update && (stat("/etc/update-motd.d", &st) == 0) ++ && S_ISDIR(st.st_mode)) ++ { ++ mode_t old_mask = umask(0022); ++ if (!system("/usr/bin/env -i PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin run-parts --lsbsysinit /etc/update-motd.d > /run/motd.dynamic.new")) ++ rename("/run/motd.dynamic.new", "/run/motd.dynamic"); ++ umask(old_mask); + } + +- _pam_drop (mtmp); +- +- if (fd >= 0) +- close(fd); ++ /* Display the updated motd */ ++ display_file(pamh, motd_path); + +- return retval; ++ return retval; + } + + +Index: pam.debian/modules/pam_motd/pam_motd.8.xml +=================================================================== +--- pam.debian.orig/modules/pam_motd/pam_motd.8.xml ++++ pam.debian/modules/pam_motd/pam_motd.8.xml +@@ -52,6 +52,17 @@ + </para> + </listitem> + </varlistentry> ++ <varlistentry> ++ <term> ++ <option>noupdate</option> ++ </term> ++ <listitem> ++ <para> ++ Don't run the scripts in <filename>/etc/update-motd.d</filename> ++ to refresh the motd file. ++ </para> ++ </listitem> ++ </varlistentry> + </variablelist> + </refsect1> + +Index: pam.debian/modules/pam_motd/pam_motd.8 +=================================================================== +--- pam.debian.orig/modules/pam_motd/pam_motd.8 ++++ pam.debian/modules/pam_motd/pam_motd.8 +@@ -45,6 +45,13 @@ + /path/filename + file is displayed as message of the day\&. + .RE ++.PP ++\fBnoupdate\fR ++.RS 4 ++Don\*(Aqt run the scripts in ++/etc/update\-motd\&.d ++to refresh the motd file\&. ++.RE + .SH "MODULE TYPES PROVIDED" + .PP + Only the +Index: pam.debian/modules/pam_motd/README +=================================================================== +--- pam.debian.orig/modules/pam_motd/README ++++ pam.debian/modules/pam_motd/README +@@ -14,6 +14,10 @@ + + The /path/filename file is displayed as message of the day. + ++noupdate ++ ++ Don't run the scripts in /etc/update-motd.d to refresh the motd file. ++ + EXAMPLES + + The suggested usage for /etc/pam.d/login is: diff --git a/debian/po/POTFILES.in b/debian/po/POTFILES.in new file mode 100644 index 00000000..2d55bb09 --- /dev/null +++ b/debian/po/POTFILES.in @@ -0,0 +1,3 @@ +[type: gettext/rfc822deb] libpam0g.templates +[type: gettext/rfc822deb] libpam-runtime.templates +[type: gettext/rfc822deb] libpam-modules.templates diff --git a/debian/po/bg.po b/debian/po/bg.po new file mode 100644 index 00000000..b763fbde --- /dev/null +++ b/debian/po/bg.po @@ -0,0 +1,226 @@ +# translation of bg.po to Bulgarian +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# Damyan Ivanov <dmn@debian.org>, 2007, 2009, 2012. +# +msgid "" +msgstr "" +"Project-Id-Version: bg\n" +"Report-Msgid-Bugs-To: pam@packages.debian.org\n" +"POT-Creation-Date: 2011-10-30 15:05-0400\n" +"PO-Revision-Date: 2012-01-19 22:36+0200\n" +"Last-Translator: Damyan Ivanov <dmn@debian.org>\n" +"Language-Team: Български <dict@fsa-bg.org>\n" +"Language: bg\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: KBabel 1.11.4\n" +"Plural-Forms: nplurals=2; plural=(n != 1)\n" + +#. Type: string +#. Description +#: ../libpam0g.templates:1001 +msgid "Services to restart for PAM library upgrade:" +msgstr "Рестартиране на услуги при обновяване на PAM:" + +#. Type: string +#. Description +#: ../libpam0g.templates:1001 +msgid "" +"Most services that use PAM need to be restarted to use modules built for " +"this new version of libpam. Please review the following space-separated " +"list of init.d scripts for services to be restarted now, and correct it if " +"needed." +msgstr "" +"Повечето услуги, които използват PAM трябва да бъдат рестартирани за да " +"могат да използват модулите за новата версия на libpam. Прегледайте списъка " +"от init.d скриптове по-долу и го коригирайте ако е необходимо. Имената на " +"отделните скриптове трябва да са отделени с интервал." + +#. Type: error +#. Description +#: ../libpam0g.templates:2001 +msgid "Display manager must be restarted manually" +msgstr "Мениджъра на дисплеи трябва да бъде рестартиран ръчно" + +#. Type: error +#. Description +#: ../libpam0g.templates:2001 +msgid "" +"The wdm and xdm display managers require a restart for the new version of " +"libpam, but there are X login sessions active on your system that would be " +"terminated by this restart. You will therefore need to restart these " +"services by hand before further X logins will be possible." +msgstr "" +"Мениджърите на дисплеи wdm и xdm трябва да бъдат рестартирани, но това би прекъснало активните влизания и затова тази операция няма да бъде извършена автоматично. Преди " +"да може отново да се влезе в системата " +"чрез тези услуги, те трябва да бъдат рестартирани ръчно." + +#. Type: error +#. Description +#: ../libpam0g.templates:3001 +msgid "Failure restarting some services for PAM upgrade" +msgstr "Грешка при рестартиране на някои услуги за обновяване на PAM" + +#. Type: error +#. Description +#: ../libpam0g.templates:3001 +msgid "" +"The following services could not be restarted for the PAM library upgrade:" +msgstr "Следните услуги не бяха рестартирани за обновяването на PAM:" + +#. Type: error +#. Description +#: ../libpam0g.templates:3001 +msgid "" +"You will need to start these manually by running '/etc/init.d/<service> " +"start'." +msgstr "Ще трябва сами да ги стартирате чрез „/etc/init.d/<услуга> start“." + +#. Type: boolean +#. Description +#: ../libpam0g.templates:4001 +msgid "Restart services during package upgrades without asking?" +msgstr "Автоматично рестартиране на услугите при обновяване на пакета?" + +#. Type: boolean +#. Description +#: ../libpam0g.templates:4001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr "" +"Системата има инсталирани услуги, които трябва да се рестартират при " +"обновяване на някои библиотеки като libpam, libc и libssl. Тъй като " +"рестартирането може да предизвика прекъсване на съответната услуга, " +"обикновено администраторите предпочитат да бъдат попитани кои услуги могат " +"да бъдат рестартиране при всяко обновяване на библиотеките. Ако потвърдите, " +"че не желаете да потвърждавате рестартирането, услугите ще бъдат " +"рестартирани автоматично без излишни въпроси при обновяване на някоя от " +"критичните библиотеки." + +#. Type: title +#. Description +#: ../libpam-runtime.templates:1001 +msgid "PAM configuration" +msgstr "Настройване на PAM" + +#. Type: multiselect +#. Description +#: ../libpam-runtime.templates:2001 +msgid "PAM profiles to enable:" +msgstr "Разрешаване на PAM профили:" + +#. Type: multiselect +#. Description +#: ../libpam-runtime.templates:2001 +msgid "" +"Pluggable Authentication Modules (PAM) determine how authentication, " +"authorization, and password changing are handled on the system, as well as " +"allowing configuration of additional actions to take when starting user " +"sessions." +msgstr "" +"Модулите за идентификация (PAM, Pluggable Authentication Modules) управляват " +"идентификацията, оторизацията и промяната на паролите. Те дават и възможност " +"за изпълняване на допълнителни действия при стартиране на нови потребителски " +"сесии." + +#. Type: multiselect +#. Description +#: ../libpam-runtime.templates:2001 +msgid "" +"Some PAM module packages provide profiles that can be used to automatically " +"adjust the behavior of all PAM-using applications on the system. Please " +"indicate which of these behaviors you wish to enable." +msgstr "" +"Някои пакети с PAM модули предлагат „профили“, чрез които може да се промени " +"поведението на всички приложения, използващи PAM. Изберете кои от профилите " +"желаете да разрешите." + +#. Type: error +#. Description +#: ../libpam-runtime.templates:3001 +msgid "Incompatible PAM profiles selected." +msgstr "Избрани са несъвместими PAM профили." + +#. Type: error +#. Description +#. This paragraph is followed by a (currently) non-translatable list of +#. PAM profile names. +#: ../libpam-runtime.templates:3001 +msgid "The following PAM profiles cannot be used together:" +msgstr "Следните PAM профили не могат да се използват едновременно:" + +#. Type: error +#. Description +#: ../libpam-runtime.templates:3001 +msgid "Please select a different set of modules to enable." +msgstr "Изберете друга група профили." + +#. Type: boolean +#. Description +#: ../libpam-runtime.templates:4001 +msgid "Override local changes to /etc/pam.d/common-*?" +msgstr "Отмяна на локалните промени в /etc/pam.d/common-*?" + +#. Type: boolean +#. Description +#: ../libpam-runtime.templates:4001 +msgid "" +"One or more of the files /etc/pam.d/common-{auth,account,password,session} " +"have been locally modified. Please indicate whether these local changes " +"should be overridden using the system-provided configuration. If you " +"decline this option, you will need to manage your system's authentication " +"configuration by hand." +msgstr "" +"Някои от файловете /etc/pam.d/common-{auth,account,password,session} са " +"променени. Укажете дали желаете променените файлове да бъдат презаписани и " +"да се използват настройките доставени със системата. Ако откажете ще трябва " +"ръчно да настроите PAM." + +#. Type: error +#. Description +#: ../libpam-runtime.templates:5001 +msgid "No PAM profiles have been selected." +msgstr "Не са избрани PAM профили." + +#. Type: error +#. Description +#: ../libpam-runtime.templates:5001 +msgid "" +"No PAM profiles have been selected for use on this system. This would grant " +"all users access without authenticating, and is not allowed. Please select " +"at least one PAM profile from the available list." +msgstr "" +"Няма избрани PAM профили. Това ще разреши достъпа на всички потребители без " +"удостоверяване на самоличността и не е позволено. Изберете поне един профил " +"от списъка." + +#. Type: error +#. Description +#: ../libpam-modules.templates:1001 +msgid "xscreensaver and xlockmore must be restarted before upgrading" +msgstr "xscreensaver и xlockmore трябва да бъдат рестартирани" + +#. Type: error +#. Description +#: ../libpam-modules.templates:1001 +msgid "" +"One or more running instances of xscreensaver or xlockmore have been " +"detected on this system. Because of incompatible library changes, the " +"upgrade of the libpam-modules package will leave you unable to authenticate " +"to these programs. You should arrange for these programs to be restarted or " +"stopped before continuing this upgrade, to avoid locking your users out of " +"their current sessions." +msgstr "" +"Открити са работещи процеси xscreensaver или xlockmore. Поради несъвместими " +"промени в библиотеката, обновяването на пакета libpam-modules ще направи " +"невъзможно идентифицирането с тези програми. Трябва да осигурите " +"рестартирането или спирането на xscreensaver и xlockmore за да избегнете " +"проблеми с идентификацията при потребителите, които ги използват." diff --git a/debian/po/ca.po b/debian/po/ca.po new file mode 100644 index 00000000..18d42f4c --- /dev/null +++ b/debian/po/ca.po @@ -0,0 +1,241 @@ +# pam po-debconf translation to Catalan +# Copyright (C) 2007 Software in the Public Interest, SPI Inc. +# This file is distributed under the same license as the pam package. +# +# Innocent De Marchi <tangram.peces@gmail.com>, 2011-2012 +msgid "" +msgstr "" +"Project-Id-Version: pam 1.1.3-6.1\n" +"Report-Msgid-Bugs-To: pam@packages.debian.org\n" +"POT-Creation-Date: 2011-10-30 15:05-0400\n" +"PO-Revision-Date: 2012-01-21 08:33+0100\n" +"Last-Translator: Innocent De Marchi <tangram.peces@gmail.com>\n" +"Language-Team: Catalan <debian-l10n-catalan@lists.debian.org>\n" +"Language: ca\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Poedit-Language: Catalan\n" +"X-Poedit-Country: SPAIN\n" + +#. Type: string +#. Description +#: ../libpam0g.templates:1001 +msgid "Services to restart for PAM library upgrade:" +msgstr "" +"Serveis que cal reiniciar per a l'actualització de la biblioteca de PAM:" + +#. Type: string +#. Description +#: ../libpam0g.templates:1001 +msgid "" +"Most services that use PAM need to be restarted to use modules built for " +"this new version of libpam. Please review the following space-separated " +"list of init.d scripts for services to be restarted now, and correct it if " +"needed." +msgstr "" +"És necessari reiniciar la majoria dels serveis que fan servir PAM per a que " +"facin servir els mòduls d'aquesta versió de «libpam». Reviseu la següent " +"llista separada per espais dels scripts «init.d» que indica els serveis que " +"es reiniciaran ara i modificau-la si és necessari." + +#. Type: error +#. Description +#: ../libpam0g.templates:2001 +msgid "Display manager must be restarted manually" +msgstr "Cal reiniciar manualment el gestor de pantalla" + +#. Type: error +#. Description +#: ../libpam0g.templates:2001 +msgid "" +"The wdm and xdm display managers require a restart for the new version of " +"libpam, but there are X login sessions active on your system that would be " +"terminated by this restart. You will therefore need to restart these " +"services by hand before further X logins will be possible." +msgstr "" +"Entre els serveis que cal reiniciar degut a la nova versió de «libpam» hi ha " +"els gestors de pantalla «wdm» i «xdm». Malgrat tot, hi ha sessions d'«X» en " +"execució en el sistema que s'aturaran si es reinicien aquests serveis. Cal " +"reiniciar-los manualment si desitjau que sigui possible iniciar una sessió " +"«X» més endavant." + +#. Type: error +#. Description +#: ../libpam0g.templates:3001 +msgid "Failure restarting some services for PAM upgrade" +msgstr "" +"S'ha produït un error en reiniciar algun dels serveis en l'actualització de " +"PAM" + +#. Type: error +#. Description +#: ../libpam0g.templates:3001 +msgid "" +"The following services could not be restarted for the PAM library upgrade:" +msgstr "" +"No ha estat possible reiniciar els serveis indicats a continuació en el " +"procés d'actualització de la biblioteca de PAM:" + +#. Type: error +#. Description +#: ../libpam0g.templates:3001 +msgid "" +"You will need to start these manually by running '/etc/init.d/<service> " +"start'." +msgstr "" +"Caldrà engegar manualment aquests serveis executant «/etc/init.d/<servei> " +"start»." + +#. Type: boolean +#. Description +#: ../libpam0g.templates:4001 +msgid "Restart services during package upgrades without asking?" +msgstr "" +"Voleu que es reiniciïn els serveis sense demanar confirmació durant les " +"actualitzacions del paquet?" + +#. Type: boolean +#. Description +#: ../libpam0g.templates:4001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr "" +"Hi ha serveis instal·lats en el seu sistema que necessiten ser reiniciats en " +"actualitzar certes biblioteques, com libpam, libc i libssl. Ja que el procés " +"de reinicii pot causar interrupcions en el sistema, normalment se vos " +"demanarà, a cada actualització, per a la llista de serveis que voleu " +"reiniciar. Podeu triar aquesta opció per evitar que se vos demani; en canvi, " +"es faran automàticament tots els reinicis necessaris sense demanar-vos " +"confirmació en cada actualització de biblioteques." + +#. Type: title +#. Description +#: ../libpam-runtime.templates:1001 +msgid "PAM configuration" +msgstr "Configuració de PAM" + +#. Type: multiselect +#. Description +#: ../libpam-runtime.templates:2001 +msgid "PAM profiles to enable:" +msgstr "Perfils PAM que cal habilitar:" + +#. Type: multiselect +#. Description +#: ../libpam-runtime.templates:2001 +msgid "" +"Pluggable Authentication Modules (PAM) determine how authentication, " +"authorization, and password changing are handled on the system, as well as " +"allowing configuration of additional actions to take when starting user " +"sessions." +msgstr "" +"Els «Pluggable Authentication Modules» (PAM, o Mòduls d'autenticació " +"inseribles) determinen com es gestionen en el sistema l'autenticació, " +"autorització i modificació de contrasenyes. També permet la definició " +"d'accions addicionals a realitzar quan s'inicia la sessió d'un usuari." + +#. Type: multiselect +#. Description +#: ../libpam-runtime.templates:2001 +msgid "" +"Some PAM module packages provide profiles that can be used to automatically " +"adjust the behavior of all PAM-using applications on the system. Please " +"indicate which of these behaviors you wish to enable." +msgstr "" +"Alguns dels paquets de mòduls de PAM ofereixen perfils que poden utilitzar-" +"se per ajustar automàticament el comportament de totes les aplicacions que " +"fan servir PAM en el sistema. Indiqueu quin d'aquests comportaments desitjau " +"activar." + +#. Type: error +#. Description +#: ../libpam-runtime.templates:3001 +msgid "Incompatible PAM profiles selected." +msgstr "Heu seleccionat perfils PAM incompatibles." + +#. Type: error +#. Description +#. This paragraph is followed by a (currently) non-translatable list of +#. PAM profile names. +#: ../libpam-runtime.templates:3001 +msgid "The following PAM profiles cannot be used together:" +msgstr "" +"No és possible fer servir conjuntament els perfils de PAM indicats a " +"continuació:" + +#. Type: error +#. Description +#: ../libpam-runtime.templates:3001 +msgid "Please select a different set of modules to enable." +msgstr "Seleccioneu un conjunt distint de mòduls a activar." + +#. Type: boolean +#. Description +#: ../libpam-runtime.templates:4001 +msgid "Override local changes to /etc/pam.d/common-*?" +msgstr "" +"Desitjau descartar els canvis locals realitzats a «/etc/pam.d/common-*»?" + +#. Type: boolean +#. Description +#: ../libpam-runtime.templates:4001 +msgid "" +"One or more of the files /etc/pam.d/common-{auth,account,password,session} " +"have been locally modified. Please indicate whether these local changes " +"should be overridden using the system-provided configuration. If you " +"decline this option, you will need to manage your system's authentication " +"configuration by hand." +msgstr "" +"S'ha modificat localment algun dels fitxers «/etc/pam.d/common-{auth,account," +"password,session}». Indicau si desitjau que aquests canvis locals siguin " +"substituïts amb la configuració definida pel sistema. Caldrà gestionar la " +"configuració d'autenticació del sistema manualment si rebutjau aquesta opció." + +#. Type: error +#. Description +#: ../libpam-runtime.templates:5001 +msgid "No PAM profiles have been selected." +msgstr "No heu seleccionat cap perfil PAM." + +#. Type: error +#. Description +#: ../libpam-runtime.templates:5001 +msgid "" +"No PAM profiles have been selected for use on this system. This would grant " +"all users access without authenticating, and is not allowed. Please select " +"at least one PAM profile from the available list." +msgstr "" +"No heu seleccionat cap perfil de PAM per a aquest sistema. Així és possible " +"que qualsevol usuari accedeixi sense autenticació, la qual cosa no és " +"permesa. Heu de seleccionar almenys un perfil de PAM de la llista." + +#. Type: error +#. Description +#: ../libpam-modules.templates:1001 +msgid "xscreensaver and xlockmore must be restarted before upgrading" +msgstr "Cal reiniciar «xscreensaver» i «xlockmore» abans de l'actualització" + +#. Type: error +#. Description +#: ../libpam-modules.templates:1001 +msgid "" +"One or more running instances of xscreensaver or xlockmore have been " +"detected on this system. Because of incompatible library changes, the " +"upgrade of the libpam-modules package will leave you unable to authenticate " +"to these programs. You should arrange for these programs to be restarted or " +"stopped before continuing this upgrade, to avoid locking your users out of " +"their current sessions." +msgstr "" +"S'han detectat una o més instàncies dels programes «xscreensaver» o " +"«xlockmore». L'actualització del paquet «libpam-modules» podria impedir " +"l'autenticació en aquests programes degut a canvis incompatibles en la " +"biblioteca. Heu de procurar que aquests programes es reinicien o s'aturin " +"abans de continuar amb l'actualització. Així evitareu que els usuaris quedin " +"bloquejats i no puguin continuar les seves sessions actuals." diff --git a/debian/po/cs.po b/debian/po/cs.po new file mode 100644 index 00000000..47570645 --- /dev/null +++ b/debian/po/cs.po @@ -0,0 +1,226 @@ +# Czech translation of pam debconf mesages. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the pam package. +# Miroslav Kure <kurem@debian.cz>, 2007-2012. +# +msgid "" +msgstr "" +"Project-Id-Version: pam\n" +"Report-Msgid-Bugs-To: pam@packages.debian.org\n" +"POT-Creation-Date: 2011-10-30 15:05-0400\n" +"PO-Revision-Date: 2012-01-27 07:56+0100\n" +"Last-Translator: Miroslav Kure <kurem@debian.cz>\n" +"Language-Team: Czech <debian-l10n-czech@lists.debian.org>\n" +"Language: cs\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: string +#. Description +#: ../libpam0g.templates:1001 +msgid "Services to restart for PAM library upgrade:" +msgstr "Služby, které se mají restartovat po aktualizaci knihovny PAM:" + +#. Type: string +#. Description +#: ../libpam0g.templates:1001 +msgid "" +"Most services that use PAM need to be restarted to use modules built for " +"this new version of libpam. Please review the following space-separated " +"list of init.d scripts for services to be restarted now, and correct it if " +"needed." +msgstr "" +"Aby se začaly používat moduly z nové verze knihovny libpam, musí se většina " +"služeb používajících PAM restartovat. Zkontrolujte prosím následující seznam " +"služeb (init.d skriptů), které se mají nyní restartovat a v případě potřeby " +"seznam opravte." + +#. Type: error +#. Description +#: ../libpam0g.templates:2001 +msgid "Display manager must be restarted manually" +msgstr "Správce displeje se musí restartovat ručně" + +#. Type: error +#. Description +#: ../libpam0g.templates:2001 +msgid "" +"The wdm and xdm display managers require a restart for the new version of " +"libpam, but there are X login sessions active on your system that would be " +"terminated by this restart. You will therefore need to restart these " +"services by hand before further X logins will be possible." +msgstr "" +"Správcové displejů wdm a xdm musí být s novou verzí knihovny libpam " +"restartováni. Restart těchto služeb by však ukončil probíhající X sezení a " +"proto je ponechán restart zmíněných správců displejů na vás, až určíte, že " +"nastal vhodný okamžik. S restartem byste neměli otálet, protože do té doby " +"se pomocí nich nebudou moci uživatelé přihlásit." + +#. Type: error +#. Description +#: ../libpam0g.templates:3001 +msgid "Failure restarting some services for PAM upgrade" +msgstr "Restartování některých služeb při aktualizaci PAMu selhalo" + +#. Type: error +#. Description +#: ../libpam0g.templates:3001 +msgid "" +"The following services could not be restarted for the PAM library upgrade:" +msgstr "" +"Následující služby nemohly být při aktualizaci knihovny PAM restartovány:" + +#. Type: error +#. Description +#: ../libpam0g.templates:3001 +msgid "" +"You will need to start these manually by running '/etc/init.d/<service> " +"start'." +msgstr "" +"Tyto služby budete muset spustit ručně příkazem '/etc/init.d/<služba> start'." + +#. Type: boolean +#. Description +#: ../libpam0g.templates:4001 +msgid "Restart services during package upgrades without asking?" +msgstr "Restartovat služby při aktualizaci balíku bez ptaní?" + +#. Type: boolean +#. Description +#: ../libpam0g.templates:4001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr "" +"V systému jsou nainstalovány služby, které je nutno při aktualizaci " +"určitých knihoven (libpam, libc nebo libssl) restartovat. Během restartu " +"služeb jsou tyto po nějakou dobu nedostupné. Abychom předešli nechtěné " +"nedostupnosti, je při každé aktualizaci nabídnut seznam služeb, které se " +"mají restartovat. Povolíte-li tuto možnost, budou se všechny potřebné " +"služby restartovat při aktualizaci knihoven automaticky bez ptaní." + +#. Type: title +#. Description +#: ../libpam-runtime.templates:1001 +msgid "PAM configuration" +msgstr "Nastavení PAM" + +#. Type: multiselect +#. Description +#: ../libpam-runtime.templates:2001 +msgid "PAM profiles to enable:" +msgstr "PAM profily, které se mají povolit:" + +#. Type: multiselect +#. Description +#: ../libpam-runtime.templates:2001 +msgid "" +"Pluggable Authentication Modules (PAM) determine how authentication, " +"authorization, and password changing are handled on the system, as well as " +"allowing configuration of additional actions to take when starting user " +"sessions." +msgstr "" +"Moduly PAM (Pluggable Authentication Modules) určují, jakým způsobem je na " +"systému řešena autentizace, autorizace, změna hesel a také umožňují nastavit " +"dodatečné akce při spouštění uživatelských sezení." + +#. Type: multiselect +#. Description +#: ../libpam-runtime.templates:2001 +msgid "" +"Some PAM module packages provide profiles that can be used to automatically " +"adjust the behavior of all PAM-using applications on the system. Please " +"indicate which of these behaviors you wish to enable." +msgstr "" +"Některé balíky s PAM moduly poskytují profily, které mohou automaticky " +"upravit chování všech aplikací používajících PAM. Vyberte si, která chování " +"chcete povolit." + +#. Type: error +#. Description +#: ../libpam-runtime.templates:3001 +msgid "Incompatible PAM profiles selected." +msgstr "Vybrány nekompatibilní PAM profily." + +#. Type: error +#. Description +#. This paragraph is followed by a (currently) non-translatable list of +#. PAM profile names. +#: ../libpam-runtime.templates:3001 +msgid "The following PAM profiles cannot be used together:" +msgstr "Následující PAM profily nelze používat současně:" + +#. Type: error +#. Description +#: ../libpam-runtime.templates:3001 +msgid "Please select a different set of modules to enable." +msgstr "Povolte prosím jinou sadu modulů." + +#. Type: boolean +#. Description +#: ../libpam-runtime.templates:4001 +msgid "Override local changes to /etc/pam.d/common-*?" +msgstr "Přepsat místní změny v /etc/pam.d/common-*?" + +#. Type: boolean +#. Description +#: ../libpam-runtime.templates:4001 +msgid "" +"One or more of the files /etc/pam.d/common-{auth,account,password,session} " +"have been locally modified. Please indicate whether these local changes " +"should be overridden using the system-provided configuration. If you " +"decline this option, you will need to manage your system's authentication " +"configuration by hand." +msgstr "" +"Některé ze souborů /etc/pam.d/common-{auth,account,password,session} " +"obsahují místní úpravy. Vyberte si, zda se mají tyto změny přepsat verzí z " +"balíku. Zamítnete-li tuto možnost, budete muset spravovat tyto soubory ručně." + +#. Type: error +#. Description +#: ../libpam-runtime.templates:5001 +msgid "No PAM profiles have been selected." +msgstr "Nebyly vybrány žádné PAM profily." + +#. Type: error +#. Description +#: ../libpam-runtime.templates:5001 +msgid "" +"No PAM profiles have been selected for use on this system. This would grant " +"all users access without authenticating, and is not allowed. Please select " +"at least one PAM profile from the available list." +msgstr "" +"Pro tento systém nebyly vybrány žádné PAM profily, což znamená, že všem " +"uživatelům umožňujete přístup bez autentizace. To není dovoleno. Vyberte " +"prosím ze seznamu alespoň jeden PAM profil." + +#. Type: error +#. Description +#: ../libpam-modules.templates:1001 +msgid "xscreensaver and xlockmore must be restarted before upgrading" +msgstr "" +"Programy xscreensaver a xlockmore musí být před aktualizací restartovány" + +#. Type: error +#. Description +#: ../libpam-modules.templates:1001 +msgid "" +"One or more running instances of xscreensaver or xlockmore have been " +"detected on this system. Because of incompatible library changes, the " +"upgrade of the libpam-modules package will leave you unable to authenticate " +"to these programs. You should arrange for these programs to be restarted or " +"stopped before continuing this upgrade, to avoid locking your users out of " +"their current sessions." +msgstr "" +"Zdá se, že v systému běží jedna nebo více instancí programu xscreensaver " +"resp. xlockmore. Z důvodu nekompatibilních změn v knihovnách se po " +"aktualizaci balíku libpam-modules nebudete moci pomocí těchto programů " +"autentizovat. To jinými slovy znamená, že se uživatelé nedostanou ke svým " +"uzamčeným sezením. Abyste tomu předešli, měli byste před aktualizací zmíněné " +"programy zastavit, nebo je ve vhodný čas restartovat." diff --git a/debian/po/da.po b/debian/po/da.po new file mode 100644 index 00000000..c332eac5 --- /dev/null +++ b/debian/po/da.po @@ -0,0 +1,229 @@ +# Danish translation pam. +# Copyright (C) 2011 pam & nedenstående oversættere. +# This file is distributed under the same license as the pam package. +# Joe Hansen <joedalton2@yahoo.dk>, 2010, 2011. +# +msgid "" +msgstr "" +"Project-Id-Version: pam\n" +"Report-Msgid-Bugs-To: pam@packages.debian.org\n" +"POT-Creation-Date: 2011-10-30 15:05-0400\n" +"PO-Revision-Date: 2011-11-10 19:21+0100\n" +"Last-Translator: Joe Hansen <joedalton2@yahoo.dk>\n" +"Language-Team: Danish <debian-l10n-danish@lists.debian.org>\n" +"Language: da\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: string +#. Description +#: ../libpam0g.templates:1001 +msgid "Services to restart for PAM library upgrade:" +msgstr "Tjenester at genstarte for PAM-biblioteksopgradering:" + +#. Type: string +#. Description +#: ../libpam0g.templates:1001 +msgid "" +"Most services that use PAM need to be restarted to use modules built for " +"this new version of libpam. Please review the following space-separated " +"list of init.d scripts for services to be restarted now, and correct it if " +"needed." +msgstr "" +"De fleste tjenester, som bruger PAM, har brug for at blive genstartet for at " +"kunne bruge moduler bygget til denne nye version af libpam. Gennemgå " +"venligst den følgende mellemrumsadskilte liste af init.d-skripter for " +"tjenester som genstartes nu, og ret den hvis behovet er der." + +#. Type: error +#. Description +#: ../libpam0g.templates:2001 +msgid "Display manager must be restarted manually" +msgstr "Visningshåndtering skal genstartes manuelt" + +#. Type: error +#. Description +#: ../libpam0g.templates:2001 +msgid "" +"The wdm and xdm display managers require a restart for the new version of " +"libpam, but there are X login sessions active on your system that would be " +"terminated by this restart. You will therefore need to restart these " +"services by hand before further X logins will be possible." +msgstr "" +"wdm- og xdm-visningshåndteringerne kræver en genstart for den nye version af " +"libpam, men der er X-logindsessioner, som er aktive på dit system og som vil " +"blive afsluttet af denne genstart. Du skal derfor manuelt genstarte disse " +"tjenester, før yderligere X-logind'er vil være mulige." + +#. Type: error +#. Description +#: ../libpam0g.templates:3001 +msgid "Failure restarting some services for PAM upgrade" +msgstr "" +"Der opstod en fejl under genstart af nogle tjenester til PAM-opgradering" + +#. Type: error +#. Description +#: ../libpam0g.templates:3001 +msgid "" +"The following services could not be restarted for the PAM library upgrade:" +msgstr "" +"De følgende tjenester kunne ikke genstartes for PAM-biblioteksopgraderingen:" + +#. Type: error +#. Description +#: ../libpam0g.templates:3001 +msgid "" +"You will need to start these manually by running '/etc/init.d/<service> " +"start'." +msgstr "" +"Du skal starte disse manuelt ved at køre '/etc/init.d/<tjeneste> start'" + +#. Type: boolean +#. Description +#: ../libpam0g.templates:4001 +msgid "Restart services during package upgrades without asking?" +msgstr "Genstart tjenester under pakkeopgradering uden at spørge?" + +#. Type: boolean +#. Description +#: ../libpam0g.templates:4001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr "" +"Der er tjenester installeret på dit system som skal genstartes, når bestemte " +"biblioteker - såsom libpam, libc og libssl - opgraderes. Da disse genstarter " +"kan medføre afbrydelser af tjeneste for systemet, vil du normalt blive " +"spurgt ved hver opgradering for listen af tjenester, du ønsker at genstarte. " +"Du kan vælge denne indstilling for at undgå at blive spurgt; i stedet for " +"vil alle nødvendige genstarter automatisk blive udført, så du kan undgå at " +"få stillet spørgsmålene ved hver biblioteksopgradering." + +#. Type: title +#. Description +#: ../libpam-runtime.templates:1001 +msgid "PAM configuration" +msgstr "PAM-konfiguration" + +#. Type: multiselect +#. Description +#: ../libpam-runtime.templates:2001 +msgid "PAM profiles to enable:" +msgstr "PAM-profiler at aktivere:" + +#. Type: multiselect +#. Description +#: ../libpam-runtime.templates:2001 +msgid "" +"Pluggable Authentication Modules (PAM) determine how authentication, " +"authorization, and password changing are handled on the system, as well as " +"allowing configuration of additional actions to take when starting user " +"sessions." +msgstr "" +"Pluggable Authentication Modules (PAM) afgør hvordan ændring af godkendelse, " +"autorisation og adgangskode håndteres på systemet, samt tillader " +"konfiguration af yderligere handlinger, der skal igangsættes ved opstart af " +"brugersessioner." + +#. Type: multiselect +#. Description +#: ../libpam-runtime.templates:2001 +msgid "" +"Some PAM module packages provide profiles that can be used to automatically " +"adjust the behavior of all PAM-using applications on the system. Please " +"indicate which of these behaviors you wish to enable." +msgstr "" +"Nogle PAM-modulpakker tilbyder profiler som automatisk kan justere " +"opførelsen af alle PAM-brugende programmer på systemet. Indiker venligst " +"hvilke af disse profiler du ønsker at aktivere." + +#. Type: error +#. Description +#: ../libpam-runtime.templates:3001 +msgid "Incompatible PAM profiles selected." +msgstr "Inkompatible PAM-profiler valgt." + +#. Type: error +#. Description +#. This paragraph is followed by a (currently) non-translatable list of +#. PAM profile names. +#: ../libpam-runtime.templates:3001 +msgid "The following PAM profiles cannot be used together:" +msgstr "De følgende PAM-profiler kan ikke bruges sammen:" + +#. Type: error +#. Description +#: ../libpam-runtime.templates:3001 +msgid "Please select a different set of modules to enable." +msgstr "Vælg venligst et andet sæt af moduler at aktivere." + +#. Type: boolean +#. Description +#: ../libpam-runtime.templates:4001 +msgid "Override local changes to /etc/pam.d/common-*?" +msgstr "Overskriv lokale ændringer til /etc/pam.d/common-*?" + +#. Type: boolean +#. Description +#: ../libpam-runtime.templates:4001 +msgid "" +"One or more of the files /etc/pam.d/common-{auth,account,password,session} " +"have been locally modified. Please indicate whether these local changes " +"should be overridden using the system-provided configuration. If you " +"decline this option, you will need to manage your system's authentication " +"configuration by hand." +msgstr "" +"En eller flere af filerne /etc/pam.d/common-{auth,account,password,session} " +"er blevet overskrevet lokalt. Indiker venligst hvorvidt disse lokale " +"ændringer skal overskrives med den systemtilbudte konfiguration. Hvis du " +"afslår denne indstilling, skal du på egen hånd håndtere systemets " +"godkendelseskonfiguration." + +#. Type: error +#. Description +#: ../libpam-runtime.templates:5001 +msgid "No PAM profiles have been selected." +msgstr "Ingen PAM-profiler er blevet valgt." + +#. Type: error +#. Description +#: ../libpam-runtime.templates:5001 +msgid "" +"No PAM profiles have been selected for use on this system. This would grant " +"all users access without authenticating, and is not allowed. Please select " +"at least one PAM profile from the available list." +msgstr "" +"Ingen PAM-profiler er blevet valgt til brug på dette system. Dette vil " +"tildele alle brugere adgang uden godkendelse, og er ikke tilladt. Vælg " +"venligst mindst en PAM-profil fra den tilgængelige liste." + +#. Type: error +#. Description +#: ../libpam-modules.templates:1001 +msgid "xscreensaver and xlockmore must be restarted before upgrading" +msgstr "xscreensaver og xlockmore skal genstartes før opgradering" + +#. Type: error +#. Description +#: ../libpam-modules.templates:1001 +msgid "" +"One or more running instances of xscreensaver or xlockmore have been " +"detected on this system. Because of incompatible library changes, the " +"upgrade of the libpam-modules package will leave you unable to authenticate " +"to these programs. You should arrange for these programs to be restarted or " +"stopped before continuing this upgrade, to avoid locking your users out of " +"their current sessions." +msgstr "" +"En eller flere kørende instanser af xscreensaver eller xlockmore er blevet " +"fundet på dette system. På grund af inkompatible biblioteksændringer vil " +"opgradering af pakken libpam-modules gøre, at du ikke kan bekræfte ægtheden " +"af disse programmer. Du skal sørge for at disse programmer bliver genstartet " +"eller stoppet, før du fortsætter med opgraderingen, for at undgå låsning af " +"dine brugere i deres aktuelle sessioner." diff --git a/debian/po/de.po b/debian/po/de.po new file mode 100644 index 00000000..981bc2da --- /dev/null +++ b/debian/po/de.po @@ -0,0 +1,235 @@ +# German translation of pam debconf templates +# Copyright (C) 2007, 2009, 2011 Sven Joachim <svenjoac@gmx.de>. +# Copyright (C) Helge Kreutzmann <debian@helgefjell.de>, 2011. +# This file is distributed under the same license as the pam package. +# +msgid "" +msgstr "" +"Project-Id-Version: pam 1.1.3-6\n" +"Report-Msgid-Bugs-To: pam@packages.debian.org\n" +"POT-Creation-Date: 2011-10-30 15:05-0400\n" +"PO-Revision-Date: 2011-12-26 19:53+0100\n" +"Last-Translator: Sven Joachim <svenjoac@gmx.de>\n" +"Language-Team: German <debian-l10n-german@lists.debian.org>\n" +"Language: de\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: string +#. Description +#: ../libpam0g.templates:1001 +msgid "Services to restart for PAM library upgrade:" +msgstr "Neu zu startende Dienste für das Upgrade der PAM-Bibliothek:" + +#. Type: string +#. Description +#: ../libpam0g.templates:1001 +msgid "" +"Most services that use PAM need to be restarted to use modules built for " +"this new version of libpam. Please review the following space-separated " +"list of init.d scripts for services to be restarted now, and correct it if " +"needed." +msgstr "" +"Die meisten Dienste, die PAM verwenden, müssen neu gestartet werden, um " +"Module dieser neuen Version von libpam verwenden zu können. Bitte überprüfen " +"Sie die folgende, Leerzeichen-getrennte Liste von init.d-Skripten für " +"Dienste, die jetzt neu zu starten sind, und korrigieren Sie diese Liste " +"falls notwendig." + +#. Type: error +#. Description +#: ../libpam0g.templates:2001 +msgid "Display manager must be restarted manually" +msgstr "Display-Manager müssen manuell neu gestartet werden" + +#. Type: error +#. Description +#: ../libpam0g.templates:2001 +msgid "" +"The wdm and xdm display managers require a restart for the new version of " +"libpam, but there are X login sessions active on your system that would be " +"terminated by this restart. You will therefore need to restart these " +"services by hand before further X logins will be possible." +msgstr "" +"Die Display-Manager wdm und xdm erfordern einen Neustart für die neue " +"Version von libpam, aber auf Ihrem System sind X-Login-Sitzungen aktiv, die " +"durch diesen Neustart beendet würden. Sie müssen diese Dienste daher von " +"Hand neu starten, bevor Logins unter X wieder möglich sind." + +#. Type: error +#. Description +#: ../libpam0g.templates:3001 +msgid "Failure restarting some services for PAM upgrade" +msgstr "Fehler beim Neustart einiger Dienste für das PAM-Upgrade" + +#. Type: error +#. Description +#: ../libpam0g.templates:3001 +msgid "" +"The following services could not be restarted for the PAM library upgrade:" +msgstr "" +"Die folgenden Dienste konnten für das Upgrade der PAM-Bibliothek nicht neu " +"gestartet werden:" + +#. Type: error +#. Description +#: ../libpam0g.templates:3001 +msgid "" +"You will need to start these manually by running '/etc/init.d/<service> " +"start'." +msgstr "" +"Sie müssen diese manuell neu starten, indem Sie »/etc/init.d/<Dienst> start« " +"ausführen." + +#. Type: boolean +#. Description +#: ../libpam0g.templates:4001 +msgid "Restart services during package upgrades without asking?" +msgstr "Dienste bei Paket-Upgrades ohne Rückfrage neu starten?" + +#. Type: boolean +#. Description +#: ../libpam0g.templates:4001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr "" +"Auf Ihrem System sind Dienste installiert, die beim Upgrade bestimmter " +"Bibliotheken, wie Libpam, Libc und Libssl, neu gestartet werden müssen. Da " +"diese Neustarts zu Unterbrechungen der Dienste für dieses System führen " +"können, werden Sie normalerweise bei jedem Upgrade über die Liste der neu zu " +"startenden Dienste befragt. Sie können diese Option wählen, um diese Abfrage " +"zu vermeiden; stattdessen werden alle notwendigen Dienste-Neustarts für Sie " +"automatisch vorgenommen und die Beantwortung von Fragen bei jedem Upgrade " +"von Bibliotheken vermieden." + +#. Type: title +#. Description +#: ../libpam-runtime.templates:1001 +msgid "PAM configuration" +msgstr "PAM-Konfiguration" + +#. Type: multiselect +#. Description +#: ../libpam-runtime.templates:2001 +msgid "PAM profiles to enable:" +msgstr "Zu aktivierende PAM-Profile:" + +#. Type: multiselect +#. Description +#: ../libpam-runtime.templates:2001 +msgid "" +"Pluggable Authentication Modules (PAM) determine how authentication, " +"authorization, and password changing are handled on the system, as well as " +"allowing configuration of additional actions to take when starting user " +"sessions." +msgstr "" +"Pluggable Authentication Modules (PAM) bestimmen, wie Authentifizierung, " +"Berechtigung und Passwort-Änderung auf dem System gehandhabt werden. Ebenso " +"erlauben sie die Konfiguration zusätzlicher Maßnahmen, die beim Start von " +"Benutzersitzungen vorgenommen werden." + +#. Type: multiselect +#. Description +#: ../libpam-runtime.templates:2001 +msgid "" +"Some PAM module packages provide profiles that can be used to automatically " +"adjust the behavior of all PAM-using applications on the system. Please " +"indicate which of these behaviors you wish to enable." +msgstr "" +"Einige Pakete mit PAM-Modulen stellen Profile bereit, die das Verhalten " +"aller Anwendungen, die PAM verwenden, automatisch anpassen können. Bitte " +"geben Sie an, welche dieser Verhaltensweisen Sie aktivieren möchten." + +#. Type: error +#. Description +#: ../libpam-runtime.templates:3001 +msgid "Incompatible PAM profiles selected." +msgstr "Inkompatible PAM-Profile ausgewählt." + +#. Type: error +#. Description +#. This paragraph is followed by a (currently) non-translatable list of +#. PAM profile names. +#: ../libpam-runtime.templates:3001 +msgid "The following PAM profiles cannot be used together:" +msgstr "Die folgenden PAM-Profile können nicht gemeinsam verwendet werden:" + +#. Type: error +#. Description +#: ../libpam-runtime.templates:3001 +msgid "Please select a different set of modules to enable." +msgstr "" +"Bitte wählen Sie eine andere Zusammenstellung zu aktivierender Module aus." + +#. Type: boolean +#. Description +#: ../libpam-runtime.templates:4001 +msgid "Override local changes to /etc/pam.d/common-*?" +msgstr "Lokale Änderungen an /etc/pam.d/common-* außer Kraft setzen?" + +#. Type: boolean +#. Description +#: ../libpam-runtime.templates:4001 +msgid "" +"One or more of the files /etc/pam.d/common-{auth,account,password,session} " +"have been locally modified. Please indicate whether these local changes " +"should be overridden using the system-provided configuration. If you " +"decline this option, you will need to manage your system's authentication " +"configuration by hand." +msgstr "" +"Eine oder mehrere der Dateien /etc/pam.d/common-{auth,account,password," +"session} sind lokal verändert worden. Bitte geben Sie an, ob diese " +"Änderungen durch die mitgelieferte Konfiguration außer Kraft gesetzt werden " +"sollen. Falls Sie diese Option ablehnen, müssen Sie die Authentifizierungs-" +"Konfiguration Ihres Systems von Hand verwalten." + +#. Type: error +#. Description +#: ../libpam-runtime.templates:5001 +msgid "No PAM profiles have been selected." +msgstr "Es wurden keine PAM-Profile ausgewählt." + +#. Type: error +#. Description +#: ../libpam-runtime.templates:5001 +msgid "" +"No PAM profiles have been selected for use on this system. This would grant " +"all users access without authenticating, and is not allowed. Please select " +"at least one PAM profile from the available list." +msgstr "" +"Es wurden keine PAM-Profile für die Verwendung auf diesem System ausgewählt. " +"Dies würde allen Benutzern Zugang ohne Authentifizierung gestatten und ist " +"nicht erlaubt. Bitte wählen Sie mindestens ein PAM-Profil aus der " +"verfügbaren Liste aus." + +#. Type: error +#. Description +#: ../libpam-modules.templates:1001 +msgid "xscreensaver and xlockmore must be restarted before upgrading" +msgstr "Xscreensaver und xlockmore müssen vor dem Upgrade neu gestartet werden" + +#. Type: error +#. Description +#: ../libpam-modules.templates:1001 +msgid "" +"One or more running instances of xscreensaver or xlockmore have been " +"detected on this system. Because of incompatible library changes, the " +"upgrade of the libpam-modules package will leave you unable to authenticate " +"to these programs. You should arrange for these programs to be restarted or " +"stopped before continuing this upgrade, to avoid locking your users out of " +"their current sessions." +msgstr "" +"Eine oder mehrere laufende Instanzen von xscreensaver oder xlockmore sind " +"auf diesem System entdeckt worden. Aufgrund inkompatibler Änderungen in " +"Bibliotheken wird das Upgrade des libpam-modules-Paketes Sie außerstande " +"setzen, sich gegenüber diesen Programmen zu authentifizieren. Sie sollten " +"dafür sorgen, dass diese Programme neu gestartet oder beendet werden, bevor " +"Sie dieses Upgrade fortsetzen, damit Ihre Benutzer nicht aus ihren laufenden " +"Sitzungen ausgesperrt werden." diff --git a/debian/po/es.po b/debian/po/es.po new file mode 100644 index 00000000..4afcb985 --- /dev/null +++ b/debian/po/es.po @@ -0,0 +1,270 @@ +# pam po-debconf translation to Spanish +# Copyright (C) 2007 Software in the Public Interest, SPI Inc. +# This file is distributed under the same license as the pam package. +# +# Changes: +# - Initial translation +# Javier Fernández-Sanguino , 2007 +# - Updates: +# Steve Langasek, 2008 +# Javier Fernández-Sanguino, 2009, 2012 +# +# Traductores, si no conoce el formato PO, merece la pena leer la +# documentación de gettext, especialmente las secciones dedicadas a este +# formato, por ejemplo ejecutando: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Equipo de traducción al español, por favor lean antes de traducir +# los siguientes documentos: +# +# - El proyecto de traducción de Debian al español +# http://www.debian.org/intl/spanish/ +# especialmente las notas y normas de traducción en +# http://www.debian.org/intl/spanish/notas +# +# - La guía de traducción de po's de debconf: +# /usr/share/doc/po-debconf/README-trans +# o http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Si tiene dudas o consultas sobre esta traducción consulte con el último +# traductor (campo Last-Translator) y ponga en copia a la lista de +# traducción de Debian al español (<debian-l10n-spanish@lists.debian.org>) +# +msgid "" +msgstr "" +"Project-Id-Version: pam 0.79-4\n" +"Report-Msgid-Bugs-To: pam@packages.debian.org\n" +"POT-Creation-Date: 2011-10-30 15:05-0400\n" +"PO-Revision-Date: 2012-01-02 01:41+0100\n" +"Last-Translator: Javier Fernandez-Sanguino <jfs@debian.org>\n" +"Language-Team: Debian Spanish <debian-l10n-spanish@lists.debian.org>\n" +"Language: Spanish\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-POFile-SpellExtra: kdm gnome xscreensaver xdm xlockmore wdm start init\n" +"X-POFile-SpellExtra: screensaver PAM libpam corríjala account vd runtime\n" +"X-POFile-SpellExtra: Authentication auth Pluggable session insertables\n" +"X-POFile-SpellExtra: password pam common libc sobreescribir sobreescriban\n" +"X-POFile-SpellExtra: reinicios libssl\n" + +#. Type: string +#. Description +#: ../libpam0g.templates:1001 +msgid "Services to restart for PAM library upgrade:" +msgstr "Servicios a reiniciar para la actualización de la biblioteca de PAM:" + +#. Type: string +#. Description +#: ../libpam0g.templates:1001 +msgid "" +"Most services that use PAM need to be restarted to use modules built for " +"this new version of libpam. Please review the following space-separated " +"list of init.d scripts for services to be restarted now, and correct it if " +"needed." +msgstr "" +"Es necesario reiniciar la mayoría de los servicios que utilizan PAM para que " +"usen los módulos de esta versión de libpam. Por favor, revise la lista " +"separada por espacios mostrada a continuación que indica los servicios a " +"reiniciar ahora y corríjala si es necesario." + +#. Type: error +#. Description +#: ../libpam0g.templates:2001 +msgid "Display manager must be restarted manually" +msgstr "Debe reiniciar manualmente los gestores de pantalla" + +#. Type: error +#. Description +#: ../libpam0g.templates:2001 +msgid "" +"The wdm and xdm display managers require a restart for the new version of " +"libpam, but there are X login sessions active on your system that would be " +"terminated by this restart. You will therefore need to restart these " +"services by hand before further X logins will be possible." +msgstr "" +"Entre los servicios que deben reiniciarse debido a la nueva versión de " +"libpam están los gestores de pantalla wdm y xdm. Sin embargo, hay sesiones " +"de X ejecutándose en el sistema que se terminarían si se reiniciaran estos " +"servicios. Debe reiniciarlos manualmente si desea que funcionen los accesos " +"a través de una sesión X más adelante." + +#. Type: error +#. Description +#: ../libpam0g.templates:3001 +msgid "Failure restarting some services for PAM upgrade" +msgstr "Fallo al reiniciar alguno de los servicios en la actualización de PAM" + +#. Type: error +#. Description +#: ../libpam0g.templates:3001 +msgid "" +"The following services could not be restarted for the PAM library upgrade:" +msgstr "" +"No fue posible reiniciar los servicios indicados a continuación dentro la " +"actualización de la biblioteca de PAM:" + +#. Type: error +#. Description +#: ../libpam0g.templates:3001 +msgid "" +"You will need to start these manually by running '/etc/init.d/<service> " +"start'." +msgstr "" +"Deberá arrancar manualmente estos servicios ejecutando «/etc/init.d/" +"<servicio> start»." + +#. Type: boolean +#. Description +#: ../libpam0g.templates:4001 +msgid "Restart services during package upgrades without asking?" +msgstr "" +"¿Reiniciar servicios durante la actualización de paquetes sin preguntar?" + +#. Type: boolean +#. Description +#: ../libpam0g.templates:4001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr "" +"Su sistema tiene servicios instalados que deben reiniciarse cuando se " +"actualicen ciertas librerías, como «libpam», «libc» o «libssl». Generalmente " +"se le preguntará en cada actualización la lista de servicios que desea " +"reiniciar dado que estos reinicios generalmente provocarán una interrupción " +"del servicio. Puede seleccionar esta opción para que no se le pregunte. En " +"lugar de hacerse estas preguntas, se reiniciarán de forma automática los " +"servicios en cada actualización de librerías." + +#. Type: title +#. Description +#: ../libpam-runtime.templates:1001 +msgid "PAM configuration" +msgstr "Configuración de PAM" + +#. Type: multiselect +#. Description +#: ../libpam-runtime.templates:2001 +msgid "PAM profiles to enable:" +msgstr "Perfiles PAM a habilitar:" + +#. Type: multiselect +#. Description +#: ../libpam-runtime.templates:2001 +msgid "" +"Pluggable Authentication Modules (PAM) determine how authentication, " +"authorization, and password changing are handled on the system, as well as " +"allowing configuration of additional actions to take when starting user " +"sessions." +msgstr "" +"Los «Pluggable Authentication Modules» (PAM, o Módulos de autenticación " +"insertables, N. del T.) determinan cómo se gestiona dentro del sistema la " +"autenticación, autorización y modificación de contraseñas. También permiten " +"la definición de acciones adicionales a realizar cuando se inicia la sesión " +"de un usuario." + +#. Type: multiselect +#. Description +#: ../libpam-runtime.templates:2001 +msgid "" +"Some PAM module packages provide profiles that can be used to automatically " +"adjust the behavior of all PAM-using applications on the system. Please " +"indicate which of these behaviors you wish to enable." +msgstr "" +"Algunos de los paquetes de módulos de PAM ofrecen perfiles que pueden " +"utilizarse para ajustar automáticamente el comportamiento de todas las " +"aplicaciones que utilicen PAM en el sistema. Indique qué comportamiento " +"desea activar." + +#. Type: error +#. Description +#: ../libpam-runtime.templates:3001 +msgid "Incompatible PAM profiles selected." +msgstr "Se han seleccionado perfiles PAM incompatibles." + +#. Type: error +#. Description +#. This paragraph is followed by a (currently) non-translatable list of +#. PAM profile names. +#: ../libpam-runtime.templates:3001 +msgid "The following PAM profiles cannot be used together:" +msgstr "" +"No pueden utilizarse conjuntamente los perfiles de PAM indicados a " +"continuación:" + +#. Type: error +#. Description +#: ../libpam-runtime.templates:3001 +msgid "Please select a different set of modules to enable." +msgstr "Seleccione un conjunto distinto de módulos a activar." + +#. Type: boolean +#. Description +#: ../libpam-runtime.templates:4001 +msgid "Override local changes to /etc/pam.d/common-*?" +msgstr "" +"¿Desea sobreescribir los cambios locales realizados a «/etc/pam.d/common-*»?" + +#. Type: boolean +#. Description +#: ../libpam-runtime.templates:4001 +msgid "" +"One or more of the files /etc/pam.d/common-{auth,account,password,session} " +"have been locally modified. Please indicate whether these local changes " +"should be overridden using the system-provided configuration. If you " +"decline this option, you will need to manage your system's authentication " +"configuration by hand." +msgstr "" +"Se ha modificado localmente alguno de los ficheros «/etc/pam.d/common-{auth," +"account,password,session}». Indique si desea que estos cambios locales se " +"sobreescriban con la configuración definida para el sistema. Deberá " +"gestionar la configuración de autenticación de su sistema manualmente si " +"rechaza esta opción." + +#. Type: error +#. Description +#: ../libpam-runtime.templates:5001 +msgid "No PAM profiles have been selected." +msgstr "No ha seleccionado ningún perfil PAM." + +#. Type: error +#. Description +#: ../libpam-runtime.templates:5001 +msgid "" +"No PAM profiles have been selected for use on this system. This would grant " +"all users access without authenticating, and is not allowed. Please select " +"at least one PAM profile from the available list." +msgstr "" +"No ha seleccionado ningún perfil de PAM para este sistema. Esto podría " +"permitir que cualquier usuario accediera sin autenticación, lo que no está " +"permitido. Debe seleccionar al menos un perfil de PAM de la lista." + +#. Type: error +#. Description +#: ../libpam-modules.templates:1001 +msgid "xscreensaver and xlockmore must be restarted before upgrading" +msgstr "Debe reiniciar xscreensaver y xlockmore antes de la actualización" + +#. Type: error +#. Description +#: ../libpam-modules.templates:1001 +msgid "" +"One or more running instances of xscreensaver or xlockmore have been " +"detected on this system. Because of incompatible library changes, the " +"upgrade of the libpam-modules package will leave you unable to authenticate " +"to these programs. You should arrange for these programs to be restarted or " +"stopped before continuing this upgrade, to avoid locking your users out of " +"their current sessions." +msgstr "" +"Se han detectado una o más instancias de los programas xscreensaver o " +"xlockmore. La actualización del paquete libpam-modules podría impedir que " +"pueda autenticarse en estos programas debido a cambios incompatibles en las " +"librerías. Debería procurar que estos programas se reinicien o se paren " +"antes de continuar con la actualización. Así evitará que los usuarios queden " +"bloqueados y no puedan reanudar sus sesiones actuales." diff --git a/debian/po/eu.po b/debian/po/eu.po new file mode 100644 index 00000000..8573dd57 --- /dev/null +++ b/debian/po/eu.po @@ -0,0 +1,236 @@ +# translation of pam_1.0.1-5_eu.po to Basque +# Debconf questions for the Linux-PAM package. +# Copyright (C) 2007 Steve Langasek <vorlon@debian.org> +# This file is distributed under the same license as the pam package. +# +# Piarres Beobide <pi@beobide.net>, 2007, 2008. +# Iñaki Larrañaga Murgoitio <dooteo@euskalgnu.org>, 2009. +msgid "" +msgstr "" +"Project-Id-Version: pam_1.0.1-5_eu\n" +"Report-Msgid-Bugs-To: pam@packages.debian.org\n" +"POT-Creation-Date: 2011-10-30 15:05-0400\n" +"PO-Revision-Date: 2009-01-02 12:30+0100\n" +"Last-Translator: Piarres Beobide <pi@beobide.net>\n" +"Language-Team: debian-eu <debian-l10n-eu@lists.debian.org>\n" +"Language: \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: KBabel 1.11.4\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#. Type: string +#. Description +#: ../libpam0g.templates:1001 +msgid "Services to restart for PAM library upgrade:" +msgstr "" +"PAM liburutegia bertsio-berritzean berrabiarazi behar diren zerbitzuak:" + +#. Type: string +#. Description +#: ../libpam0g.templates:1001 +msgid "" +"Most services that use PAM need to be restarted to use modules built for " +"this new version of libpam. Please review the following space-separated " +"list of init.d scripts for services to be restarted now, and correct it if " +"needed." +msgstr "" +"PAM erabiltzen duten zerbitzu gehienak berrabiarazi egin behar dira libpam " +"bertsio honetako moduluak erabiltzeko. Mesedez gainbegiratu berrabiaraziko " +"diren hurrengo zuriunez bereiziriko init.d script zerrenda hau eta zuzendu " +"behar izanez gero." + +#. Type: error +#. Description +#: ../libpam0g.templates:2001 +msgid "Display manager must be restarted manually" +msgstr "Pantaila kudeatzailea eskuz berrabiarazi behar da" + +#. Type: error +#. Description +#: ../libpam0g.templates:2001 +#, fuzzy +#| msgid "" +#| "The kdm, wdm, and xdm display managers require a restart for the new " +#| "version of libpam, but there are X login sessions active on your system " +#| "that would be terminated by this restart. You will therefore need to " +#| "restart these services by hand before further X logins will be possible." +msgid "" +"The wdm and xdm display managers require a restart for the new version of " +"libpam, but there are X login sessions active on your system that would be " +"terminated by this restart. You will therefore need to restart these " +"services by hand before further X logins will be possible." +msgstr "" +"Kdm, wdm, eta xdm pantaila kudeatzaileek berrabiaraztea behar dute libpam " +"bertsio berria erabiltzeko. Baina berrabiarazteak eragin izan dezaken " +"abiarazitako X saioak daude sistema honetan. Zerbitzu hori beranduago eskuz " +"berrabiarazi beharko duzu X saioak hastea posible izateko." + +#. Type: error +#. Description +#: ../libpam0g.templates:3001 +msgid "Failure restarting some services for PAM upgrade" +msgstr "Huts PAM bertsio-berritzeko zenbait zerbitzu berrabiaraztean" + +#. Type: error +#. Description +#: ../libpam0g.templates:3001 +msgid "" +"The following services could not be restarted for the PAM library upgrade:" +msgstr "" +"Hurrengo zerbitzuak ezin izan dira berrabiarazi PAM liburutegia bertsio-" +"berritzean:" + +#. Type: error +#. Description +#: ../libpam0g.templates:3001 +msgid "" +"You will need to start these manually by running '/etc/init.d/<service> " +"start'." +msgstr "" +"Hauek eskuz berrabiarazi beharko dituzu '/etc/init.d/<zerbitzua> start' " +"exekutatuz." + +#. Type: boolean +#. Description +#: ../libpam0g.templates:4001 +msgid "Restart services during package upgrades without asking?" +msgstr "" + +#. Type: boolean +#. Description +#: ../libpam0g.templates:4001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr "" + +#. Type: title +#. Description +#: ../libpam-runtime.templates:1001 +msgid "PAM configuration" +msgstr "" + +#. Type: multiselect +#. Description +#: ../libpam-runtime.templates:2001 +msgid "PAM profiles to enable:" +msgstr "Gaitu behar diren PAM profilak:" + +#. Type: multiselect +#. Description +#: ../libpam-runtime.templates:2001 +msgid "" +"Pluggable Authentication Modules (PAM) determine how authentication, " +"authorization, and password changing are handled on the system, as well as " +"allowing configuration of additional actions to take when starting user " +"sessions." +msgstr "" +"Autentifikazio modulu txertagarriak (PAM) ezartzen du zein autentifikazio, " +"autorizazio eta psahitz aldaketa kudeatzen diren sisteman, baita " +"erabiltzaile saioak hastekoan ekintza gehigarrien konfigurazioaren onarpena " +"du." + +#. Type: multiselect +#. Description +#: ../libpam-runtime.templates:2001 +msgid "" +"Some PAM module packages provide profiles that can be used to automatically " +"adjust the behavior of all PAM-using applications on the system. Please " +"indicate which of these behaviors you wish to enable." +msgstr "" +"Zenbait PAM modulu paketek sisteman PAM erbailtzen duten aplikazioak " +"automatikoki doitzeko erabili daitezkeen profilak ekartzen dituzte. Mesedez " +"profil hauetako zein gaitu nahi duzun." + +#. Type: error +#. Description +#: ../libpam-runtime.templates:3001 +msgid "Incompatible PAM profiles selected." +msgstr "PAM profil bateraezinak hautatuak." + +#. Type: error +#. Description +#. This paragraph is followed by a (currently) non-translatable list of +#. PAM profile names. +#: ../libpam-runtime.templates:3001 +msgid "The following PAM profiles cannot be used together:" +msgstr "Hurrengo PAM profilak ezin dira elkarrekin erabili:" + +#. Type: error +#. Description +#: ../libpam-runtime.templates:3001 +msgid "Please select a different set of modules to enable." +msgstr "Mesedez hautatu gaitzeko beste modulu bilduma bat." + +#. Type: boolean +#. Description +#: ../libpam-runtime.templates:4001 +msgid "Override local changes to /etc/pam.d/common-*?" +msgstr "Gainidatzi aldaketa lokalak /etc/pam.d/common-* -era?" + +#. Type: boolean +#. Description +#: ../libpam-runtime.templates:4001 +msgid "" +"One or more of the files /etc/pam.d/common-{auth,account,password,session} " +"have been locally modified. Please indicate whether these local changes " +"should be overridden using the system-provided configuration. If you " +"decline this option, you will need to manage your system's authentication " +"configuration by hand." +msgstr "" +"/etc/pam.d/common-{auth,account,password,session} fitxategietako bat edo " +"gehiago lokalki eraldatua izan da. Mesedez zehaztu aldaketa horiek sistemak-" +"hornitutako konfigurazioaz gainidatzi behar diren ala ez. Aukera hau " +"baztertzea hautatzen baduzu sistemaren autentifikazio konfigurazioa eskuz " +"kudeatu behar duzu." + +#. Type: error +#. Description +#: ../libpam-runtime.templates:5001 +#, fuzzy +#| msgid "Incompatible PAM profiles selected." +msgid "No PAM profiles have been selected." +msgstr "PAM profil bateraezinak hautatuak." + +#. Type: error +#. Description +#: ../libpam-runtime.templates:5001 +msgid "" +"No PAM profiles have been selected for use on this system. This would grant " +"all users access without authenticating, and is not allowed. Please select " +"at least one PAM profile from the available list." +msgstr "" + +#. Type: error +#. Description +#: ../libpam-modules.templates:1001 +msgid "xscreensaver and xlockmore must be restarted before upgrading" +msgstr "" +"xscreensaver eta xlockmore berrabiarazi egin behar dira bertsio-berritu " +"aurretik" + +#. Type: error +#. Description +#: ../libpam-modules.templates:1001 +msgid "" +"One or more running instances of xscreensaver or xlockmore have been " +"detected on this system. Because of incompatible library changes, the " +"upgrade of the libpam-modules package will leave you unable to authenticate " +"to these programs. You should arrange for these programs to be restarted or " +"stopped before continuing this upgrade, to avoid locking your users out of " +"their current sessions." +msgstr "" +"xscreensaver edo xlockmore-ren instantzia bat edo gehiago exekutatzen " +"dagoela detektatu da sisteman. Liburutegiaren aldaketaren " +"bateraezintasunagatik libpam-modules paketearen bertsio-berritzeak programa " +"horiekin ezin autentifikatzea eragingo dizu. Programa horiek berrabiarazi " +"edop gelditu egin beharko zenituzke bertsio-berritzearekin jarraitu " +"aurretik, sistemako erabiltzaileak beraien uneko saioan blokeatzea " +"saihesteko." diff --git a/debian/po/fi.po b/debian/po/fi.po new file mode 100644 index 00000000..af797d73 --- /dev/null +++ b/debian/po/fi.po @@ -0,0 +1,231 @@ +# Esko Arajärvi <edu@iki.fi>, 2010. +msgid "" +msgstr "" +"Project-Id-Version: pam 0.99.7.1-4\n" +"Report-Msgid-Bugs-To: pam@packages.debian.org\n" +"POT-Creation-Date: 2011-10-30 15:05-0400\n" +"PO-Revision-Date: 2010-10-18 22:46+0300\n" +"Last-Translator: Esko Arajärvi <edu@iki.fi>\n" +"Language-Team: Finnish <debian-l10n-finnish@lists.debian.org>\n" +"Language: fi\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Poedit-Language: Finnish\n" +"X-Poedit-Country: FINLAND\n" +"X-Generator: Lokalize 1.0\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#. Type: string +#. Description +#: ../libpam0g.templates:1001 +msgid "Services to restart for PAM library upgrade:" +msgstr "Palvelut, jotka käynnistetään uudelleen PAM-kirjastoa päivitettäessä:" + +#. Type: string +#. Description +#: ../libpam0g.templates:1001 +msgid "" +"Most services that use PAM need to be restarted to use modules built for " +"this new version of libpam. Please review the following space-separated " +"list of init.d scripts for services to be restarted now, and correct it if " +"needed." +msgstr "" +"Useimmat PAMia käyttävät palvelut pitää käynnistää uudelleen libpamin uuden " +"version käyttöön ottamiseksi. Tarkista seuraava välilyönnein eroteltu lista " +"niiden palveluiden init.d-komentotiedostoista, jotka käynnistetään " +"uudelleen, ja muokkaa listaa tarvittaessa." + +#. Type: error +#. Description +#: ../libpam0g.templates:2001 +msgid "Display manager must be restarted manually" +msgstr "Näytönhallintaohjelma tulee käynnistää uudelleen käsin" + +#. Type: error +#. Description +#: ../libpam0g.templates:2001 +#, fuzzy +#| msgid "" +#| "The kdm, wdm, and xdm display managers require a restart for the new " +#| "version of libpam, but there are X login sessions active on your system " +#| "that would be terminated by this restart. You will therefore need to " +#| "restart these services by hand before further X logins will be possible." +msgid "" +"The wdm and xdm display managers require a restart for the new version of " +"libpam, but there are X login sessions active on your system that would be " +"terminated by this restart. You will therefore need to restart these " +"services by hand before further X logins will be possible." +msgstr "" +"Näytönhallintaohjelma kdm, wdm tai xdm tulee käynnistää uudelleen, jotta " +"libpamin uusi versio tulee käyttöön. Järjestelmässä on kuitenkin aktiivisia " +"X-istuntoja, jotka lopetettaisiin uudelleenkäynnistyksen yhteydessä. Tästä " +"syystä palvelu tulee käynnistää uudelleen käsin ennen kuin uusia X-istuntoja " +"voidaan avata." + +#. Type: error +#. Description +#: ../libpam0g.templates:3001 +msgid "Failure restarting some services for PAM upgrade" +msgstr "Virhe käynnistettäessä uudelleen palveluita PAMin päivitystä varten" + +#. Type: error +#. Description +#: ../libpam0g.templates:3001 +msgid "" +"The following services could not be restarted for the PAM library upgrade:" +msgstr "" +"Seuraavia palveluita ei voitu käynnistää uudelleen PAM-kirjastoa " +"päivitettäessä:" + +#. Type: error +#. Description +#: ../libpam0g.templates:3001 +msgid "" +"You will need to start these manually by running '/etc/init.d/<service> " +"start'." +msgstr "" +"Nämä palvelut tulee käynnistää uudelleen ajamalla ”/etc/init.d/<palvelu> " +"start”." + +#. Type: boolean +#. Description +#: ../libpam0g.templates:4001 +msgid "Restart services during package upgrades without asking?" +msgstr "" + +#. Type: boolean +#. Description +#: ../libpam0g.templates:4001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr "" + +#. Type: title +#. Description +#: ../libpam-runtime.templates:1001 +msgid "PAM configuration" +msgstr "" + +#. Type: multiselect +#. Description +#: ../libpam-runtime.templates:2001 +msgid "PAM profiles to enable:" +msgstr "Käyttöön otettavat PAM-profiilit:" + +#. Type: multiselect +#. Description +#: ../libpam-runtime.templates:2001 +msgid "" +"Pluggable Authentication Modules (PAM) determine how authentication, " +"authorization, and password changing are handled on the system, as well as " +"allowing configuration of additional actions to take when starting user " +"sessions." +msgstr "" +"Pluggable Authentication Modules (PAM) määrittää kuinka tunnistautuminen, " +"oikeuksien hallinta ja salasanan vaihto tehdään järjestelmässä. Se " +"mahdollistaa myös käyttäjäistuntojen käynnistyksen yhdessä suoritettavien " +"lisätoimintojen asetusten muokkaamisen." + +#. Type: multiselect +#. Description +#: ../libpam-runtime.templates:2001 +msgid "" +"Some PAM module packages provide profiles that can be used to automatically " +"adjust the behavior of all PAM-using applications on the system. Please " +"indicate which of these behaviors you wish to enable." +msgstr "" +"Eräiden PAMin moduulipakettien tarjoamien profiilien avulla voidaan " +"automaattisesti muokata järjestelmän kaikkien PAMia käyttävien ohjelmien " +"toimintaa. Valitse mitkä näistä toiminnoista otetaan käyttöön." + +#. Type: error +#. Description +#: ../libpam-runtime.templates:3001 +msgid "Incompatible PAM profiles selected." +msgstr "Epäyhteensopivia PAM-profiileita valittu" + +#. Type: error +#. Description +#. This paragraph is followed by a (currently) non-translatable list of +#. PAM profile names. +#: ../libpam-runtime.templates:3001 +msgid "The following PAM profiles cannot be used together:" +msgstr "Seuraavia PAM-profiileita ei voida käyttää yhdessä:" + +#. Type: error +#. Description +#: ../libpam-runtime.templates:3001 +msgid "Please select a different set of modules to enable." +msgstr "Valitse uusi käyttöön otettavien moduulien joukko." + +#. Type: boolean +#. Description +#: ../libpam-runtime.templates:4001 +msgid "Override local changes to /etc/pam.d/common-*?" +msgstr "" +"Kirjoitetaanko paikallisten muutosten päälle tiedostoissa /etc/pam.d/common-" +"*?" + +#. Type: boolean +#. Description +#: ../libpam-runtime.templates:4001 +msgid "" +"One or more of the files /etc/pam.d/common-{auth,account,password,session} " +"have been locally modified. Please indicate whether these local changes " +"should be overridden using the system-provided configuration. If you " +"decline this option, you will need to manage your system's authentication " +"configuration by hand." +msgstr "" +"Joitain tiedostoista /etc/pam.d/common-{auth,account,password,session} on " +"muokattu paikallisesti. Valitse tulisiko paikalliset muutokset korvata " +"järjestelmän tarjoamilla asetuksilla. Jos et valitse tätä vaihtoehtoa, " +"järjestelmän tunnistautumisasetuksia täytyy hallinnoida käsin." + +#. Type: error +#. Description +#: ../libpam-runtime.templates:5001 +msgid "No PAM profiles have been selected." +msgstr "Yhtään PAM-profiilia ei ole valittu." + +#. Type: error +#. Description +#: ../libpam-runtime.templates:5001 +msgid "" +"No PAM profiles have been selected for use on this system. This would grant " +"all users access without authenticating, and is not allowed. Please select " +"at least one PAM profile from the available list." +msgstr "" +"Yhtään PAM-profiilia ei ole valittu käytettäväksi tässä järjestelmässä. Tämä " +"sallisi kaikille käyttäjille pääsyn ilman tunnistautumista, eikä siksi ole " +"sallittua. Valitse ainakin yksi PAM-profiili annetulta listalta." + +#. Type: error +#. Description +#: ../libpam-modules.templates:1001 +msgid "xscreensaver and xlockmore must be restarted before upgrading" +msgstr "xscreensaver ja xlockmore täytyy käynnistää uudelleen ennen päivitystä" + +#. Type: error +#. Description +#: ../libpam-modules.templates:1001 +msgid "" +"One or more running instances of xscreensaver or xlockmore have been " +"detected on this system. Because of incompatible library changes, the " +"upgrade of the libpam-modules package will leave you unable to authenticate " +"to these programs. You should arrange for these programs to be restarted or " +"stopped before continuing this upgrade, to avoid locking your users out of " +"their current sessions." +msgstr "" +"Järjestelmässä ajetaan parhaillaan yhtä tai useampaa xscreensaverin tai " +"xlockmoren instanssia. Paketin libpam-modules kirjastot ovat muuttuneet " +"niin, että päivityksen jälkeen näihin ohjelmiin ei voitaisi " +"yhteensopivuussyistä enää tunnistautua. Nämä ohjelmat tulisi pysäyttää tai " +"käynnistää uudelleen ennen päivityksen jatkamista, jotta käyttäjät eivät " +"lukitse itseään ulos nykyisistä istunnoistaan." diff --git a/debian/po/fr.po b/debian/po/fr.po new file mode 100644 index 00000000..dc9a92a7 --- /dev/null +++ b/debian/po/fr.po @@ -0,0 +1,240 @@ +# Translation of pam to French +# Copyright (C) 2007 Cyril Brulebois <cyril.brulebois@enst-bretagne.fr> +# Copyright (C) 2009, 2001 Jean-Baka Domelevo Entfellner <domelevo@gmail.com> +# This file is distributed under the same license as the pam package. +# Translators: +# Cyril Brulebois <cyril.brulebois@enst-bretagne.fr>, 2007 +# Jean-Baka Domelevo Entfellner <domelevo@gmail.com>, 2009, 2011 +# +msgid "" +msgstr "" +"Project-Id-Version: pam 1.1.3-6\n" +"Report-Msgid-Bugs-To: pam@packages.debian.org\n" +"POT-Creation-Date: 2011-10-30 15:05-0400\n" +"PO-Revision-Date: 2011-11-11 20:19+0100\n" +"Last-Translator: Jean-Baka Domelevo Entfellner <domelevo@gmail.com>\n" +"Language-Team: French <debian-l10n-french@lists.debian.org>\n" +"Language: fr\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Poedit-Country: FRANCE\n" + +#. Type: string +#. Description +#: ../libpam0g.templates:1001 +msgid "Services to restart for PAM library upgrade:" +msgstr "" +"Services à redémarrer lors de la mise à niveau de la bibliothèque PAM :" + +#. Type: string +#. Description +#: ../libpam0g.templates:1001 +msgid "" +"Most services that use PAM need to be restarted to use modules built for " +"this new version of libpam. Please review the following space-separated " +"list of init.d scripts for services to be restarted now, and correct it if " +"needed." +msgstr "" +"La plupart des services utilisant PAM doivent être redémarrés pour utiliser " +"les modules compilés pour cette nouvelle version de libpam. Veuillez " +"vérifier la liste suivante de scripts de démarrage à relancer maintenant, et " +"la corriger si nécessaire." + +#. Type: error +#. Description +#: ../libpam0g.templates:2001 +msgid "Display manager must be restarted manually" +msgstr "Pas de redémarrage automatique du gestionnaire graphique de sessions" + +#. Type: error +#. Description +#: ../libpam0g.templates:2001 +msgid "" +"The wdm and xdm display managers require a restart for the new version of " +"libpam, but there are X login sessions active on your system that would be " +"terminated by this restart. You will therefore need to restart these " +"services by hand before further X logins will be possible." +msgstr "" +"Les gestionnaires graphiques de session wdm et xdm nécessitent un " +"redémarrage lors de la mise à niveau de libpam, mais il existe des sessions " +"X actives sur ce système, qui seraient fermées par ce redémarrage. Vous " +"devez donc redémarrer ces services vous-même avant de pouvoir effectuer à " +"nouveau une connexion au serveur graphique." + +#. Type: error +#. Description +#: ../libpam0g.templates:3001 +msgid "Failure restarting some services for PAM upgrade" +msgstr "" +"Erreur du redémarrage de certains services pour la mise à niveau de PAM" + +#. Type: error +#. Description +#: ../libpam0g.templates:3001 +msgid "" +"The following services could not be restarted for the PAM library upgrade:" +msgstr "" +"Les services suivants n'ont pas pu être redémarrés lors de la mise à niveau " +"de la bibliothèque PAM :" + +#. Type: error +#. Description +#: ../libpam0g.templates:3001 +msgid "" +"You will need to start these manually by running '/etc/init.d/<service> " +"start'." +msgstr "" +"Vous devez les démarrer vous-même avec la commande « /etc/init.d/<service> " +"start »." + +#. Type: boolean +#. Description +#: ../libpam0g.templates:4001 +msgid "Restart services during package upgrades without asking?" +msgstr "Redémarrer les services automatiquement lors des mises à jour ?" + +#. Type: boolean +#. Description +#: ../libpam0g.templates:4001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr "" +"Certains services installés sur le système demandent à être redémarrés " +"lors de la mise à jour de certaines bibliothèques (par exemple libpam, libc " +"ou encore libssl). Puisque de tels redémarrages peuvent causer des " +"interruptions de service, une confirmation est habituellement demandée lors " +"de chaque mise à jour, en présentant la liste des services à redémarrer. " +"Vous pouvez sélectionner cette option pour éviter ces demandes interactives " +"de confirmation. Tous les redémarrages nécessaires seront alors effectués " +"automatiquement lors de chaque mise à jour de bibliothèque." + +#. Type: title +#. Description +#: ../libpam-runtime.templates:1001 +msgid "PAM configuration" +msgstr "Configuration de PAM" + +#. Type: multiselect +#. Description +#: ../libpam-runtime.templates:2001 +msgid "PAM profiles to enable:" +msgstr "Profils PAM à activer :" + +#. Type: multiselect +#. Description +#: ../libpam-runtime.templates:2001 +msgid "" +"Pluggable Authentication Modules (PAM) determine how authentication, " +"authorization, and password changing are handled on the system, as well as " +"allowing configuration of additional actions to take when starting user " +"sessions." +msgstr "" +"Les modules d'authentification PAM déterminent la façon dont le système gère " +"l'authentification, les autorisations et les changements de mots de passe. " +"PAM permet aussi de configurer des actions supplémentaires à effectuer au " +"démarrage des sessions utilisateur." + +#. Type: multiselect +#. Description +#: ../libpam-runtime.templates:2001 +msgid "" +"Some PAM module packages provide profiles that can be used to automatically " +"adjust the behavior of all PAM-using applications on the system. Please " +"indicate which of these behaviors you wish to enable." +msgstr "" +"Certains paquets de modules PAM fournissent des profils qui peuvent " +"être utilisés pour ajuster automatiquement le comportement de toutes les " +"applications utilisant PAM qui sont présentes sur le système." + +#. Type: error +#. Description +#: ../libpam-runtime.templates:3001 +msgid "Incompatible PAM profiles selected." +msgstr "Profils PAM incompatibles" + +#. Type: error +#. Description +#. This paragraph is followed by a (currently) non-translatable list of +#. PAM profile names. +#: ../libpam-runtime.templates:3001 +msgid "The following PAM profiles cannot be used together:" +msgstr "Les profils PAM suivants sont en conflit :" + +#. Type: error +#. Description +#: ../libpam-runtime.templates:3001 +msgid "Please select a different set of modules to enable." +msgstr "Veuillez choisir un autre jeu de modules à activer." + +#. Type: boolean +#. Description +#: ../libpam-runtime.templates:4001 +msgid "Override local changes to /etc/pam.d/common-*?" +msgstr "Écraser les modifications locales sur /etc/pam.d/common-* ?" + +#. Type: boolean +#. Description +#: ../libpam-runtime.templates:4001 +msgid "" +"One or more of the files /etc/pam.d/common-{auth,account,password,session} " +"have been locally modified. Please indicate whether these local changes " +"should be overridden using the system-provided configuration. If you " +"decline this option, you will need to manage your system's authentication " +"configuration by hand." +msgstr "" +"Au moins un des fichiers /etc/pam.d/common-{auth,account,password,session} " +"a été modifié localement. Veuillez indiquer s'il faut abandonner ces " +"changements locaux et revenir à la configuration standard du système. Dans " +"le cas contraire, vous devrez configurer vous-même le système " +"d'authentification." + +#. Type: error +#. Description +#: ../libpam-runtime.templates:5001 +msgid "No PAM profiles have been selected." +msgstr "Aucun profil PAM n'a été choisi." + +#. Type: error +#. Description +#: ../libpam-runtime.templates:5001 +msgid "" +"No PAM profiles have been selected for use on this system. This would grant " +"all users access without authenticating, and is not allowed. Please select " +"at least one PAM profile from the available list." +msgstr "" +"Aucun profil PAM n'a été mis en place pour ce système. N'en utiliser aucun " +"donnerait à tous les utilisateurs un accès sans authentification, ce qui " +"n'est pas autorisé. Merci de bien vouloir choisir au moins un profil PAM " +"dans la liste proposée." + +#. Type: error +#. Description +#: ../libpam-modules.templates:1001 +msgid "xscreensaver and xlockmore must be restarted before upgrading" +msgstr "" +"Redémarrage indispensable de xscreensaver et xlockmore avant la mise à niveau" + +#. Type: error +#. Description +#: ../libpam-modules.templates:1001 +msgid "" +"One or more running instances of xscreensaver or xlockmore have been " +"detected on this system. Because of incompatible library changes, the " +"upgrade of the libpam-modules package will leave you unable to authenticate " +"to these programs. You should arrange for these programs to be restarted or " +"stopped before continuing this upgrade, to avoid locking your users out of " +"their current sessions." +msgstr "" +"Une ou plusieurs instances de xscreensaver et/ou de xlockmore ont été " +"détectées sur le système. À cause de la modification de certaines " +"bibliothèques, la mise à niveau du paquet libpam-modules entrainera " +"l'impossibilité de s'authentifier. Avant de poursuivre la mise à niveau, ces " +"programmes doivent être redémarrés ou arrêtés pour éviter que des " +"utilisateurs ne puissent plus accéder à leur session." diff --git a/debian/po/gl.po b/debian/po/gl.po new file mode 100644 index 00000000..c397ce2b --- /dev/null +++ b/debian/po/gl.po @@ -0,0 +1,225 @@ +# translation of pam_1.1.1-3_gl.po to Galician +# Galician translation of pam's debconf templates +# This file is distributed under the same license as the pam package. +# +# Jacobo Tarrio <jtarrio@debian.org>, 2007. +# Marce Villarino <mvillarino@users.sourceforge.net>, 2009. +# Jorge Barreiro <yortx.barry@gmail.com>, 2010. +msgid "" +msgstr "" +"Project-Id-Version: pam_1.1.1-3_gl\n" +"Report-Msgid-Bugs-To: pam@packages.debian.org\n" +"POT-Creation-Date: 2011-10-30 15:05-0400\n" +"PO-Revision-Date: 2011-03-29 13:01-0700\n" +"Last-Translator: Jorge Barreiro <yortx.barry@gmail.com>\n" +"Language-Team: Galician <proxecto@trasno.net>\n" +"Language: gl\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: KBabel 1.11.4\n" +"Plural-Forms: nplurals=2; plural=n != 1;\n" + +#. Type: string +#. Description +#: ../libpam0g.templates:1001 +msgid "Services to restart for PAM library upgrade:" +msgstr "Servizos a reiniciar para a actualización da biblioteca PAM:" + +#. Type: string +#. Description +#: ../libpam0g.templates:1001 +msgid "" +"Most services that use PAM need to be restarted to use modules built for " +"this new version of libpam. Please review the following space-separated " +"list of init.d scripts for services to be restarted now, and correct it if " +"needed." +msgstr "" +"A maioría dos servizos que empregan PAM deben reiniciarse para empregar os " +"módulos compilados para esta versión de libpam. Revise a seguinte lista de " +"scripts de init.d que se han reiniciar agora, e corríxaa se é preciso." + +#. Type: error +#. Description +#: ../libpam0g.templates:2001 +msgid "Display manager must be restarted manually" +msgstr "Débese reiniciar manualmente o xestor de pantallas" + +#. Type: error +#. Description +#: ../libpam0g.templates:2001 +msgid "" +"The wdm and xdm display managers require a restart for the new version of " +"libpam, but there are X login sessions active on your system that would be " +"terminated by this restart. You will therefore need to restart these " +"services by hand before further X logins will be possible." +msgstr "" +"É necesario reiniciar os xestores de pantallas wdm e xdm para a nova versión " +"de libpam, pero hai sesións de X activas no sistema que se pecharían co " +"reinicio. Polo tanto, ha ter que reiniciar eses servizos manualmente para " +"poder iniciar novas sesións mediante X." + +#. Type: error +#. Description +#: ../libpam0g.templates:3001 +msgid "Failure restarting some services for PAM upgrade" +msgstr "Fallou o reinicio de algúns servizos para a actualización de PAM" + +#. Type: error +#. Description +#: ../libpam0g.templates:3001 +msgid "" +"The following services could not be restarted for the PAM library upgrade:" +msgstr "" +"Non foi posíbel reiniciar os seguintes servizos para a actualización da " +"biblioteca PAM:" + +#. Type: error +#. Description +#: ../libpam0g.templates:3001 +msgid "" +"You will need to start these manually by running '/etc/init.d/<service> " +"start'." +msgstr "" +"Ha ter que reinicialos manualmente executando «/etc/init.d/<servizo> start»." + +#. Type: boolean +#. Description +#: ../libpam0g.templates:4001 +msgid "Restart services during package upgrades without asking?" +msgstr "" + +#. Type: boolean +#. Description +#: ../libpam0g.templates:4001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr "" + +#. Type: title +#. Description +#: ../libpam-runtime.templates:1001 +msgid "PAM configuration" +msgstr "" + +#. Type: multiselect +#. Description +#: ../libpam-runtime.templates:2001 +msgid "PAM profiles to enable:" +msgstr "Perfís de PAM a activar:" + +#. Type: multiselect +#. Description +#: ../libpam-runtime.templates:2001 +msgid "" +"Pluggable Authentication Modules (PAM) determine how authentication, " +"authorization, and password changing are handled on the system, as well as " +"allowing configuration of additional actions to take when starting user " +"sessions." +msgstr "" +"Os Pluggable Authentication Modules (PAM) determinan como se xestiona a " +"autenticación, autorización e mudanza do contrasinal no sistema, e tamén " +"permiten configurar accións adicionais a realizar cando se inician sesións " +"de usuario." + +#. Type: multiselect +#. Description +#: ../libpam-runtime.templates:2001 +msgid "" +"Some PAM module packages provide profiles that can be used to automatically " +"adjust the behavior of all PAM-using applications on the system. Please " +"indicate which of these behaviors you wish to enable." +msgstr "" +"Algúns paquetes de módulos de PAM fornecen perfís que poden empregarse para " +"axustar automaticamente o comportamento de todos os programas do sistema que " +"empregan PAM. Indique cais destes comportamentos desexa activar." + +#. Type: error +#. Description +#: ../libpam-runtime.templates:3001 +msgid "Incompatible PAM profiles selected." +msgstr "Escolléronse perfís de PAM incompatíbeis." + +#. Type: error +#. Description +#. This paragraph is followed by a (currently) non-translatable list of +#. PAM profile names. +#: ../libpam-runtime.templates:3001 +msgid "The following PAM profiles cannot be used together:" +msgstr "Non se poden empregar xuntos os seguintes perfís de PAM:" + +#. Type: error +#. Description +#: ../libpam-runtime.templates:3001 +msgid "Please select a different set of modules to enable." +msgstr "Escolla un conxunto diferente de módulos para activalos." + +#. Type: boolean +#. Description +#: ../libpam-runtime.templates:4001 +msgid "Override local changes to /etc/pam.d/common-*?" +msgstr "Desexa sobrepor as mudanzas locais a /etc/pam.d/common-*?" + +#. Type: boolean +#. Description +#: ../libpam-runtime.templates:4001 +msgid "" +"One or more of the files /etc/pam.d/common-{auth,account,password,session} " +"have been locally modified. Please indicate whether these local changes " +"should be overridden using the system-provided configuration. If you " +"decline this option, you will need to manage your system's authentication " +"configuration by hand." +msgstr "" +"Modificouse localmente un ou varios dos ficheiros /etc/pam.d/common-{auth," +"account,password,session}. Indique se estas modificacións locais deben " +"sobrescribirse empregando a configuración fornecida polo sistema. Se rexeita " +"esta opción deberá xestionar manualmente a configuración da autenticación do " +"sistema." + +#. Type: error +#. Description +#: ../libpam-runtime.templates:5001 +msgid "No PAM profiles have been selected." +msgstr "Non se escolleu ningún perfil PAM." + +#. Type: error +#. Description +#: ../libpam-runtime.templates:5001 +msgid "" +"No PAM profiles have been selected for use on this system. This would grant " +"all users access without authenticating, and is not allowed. Please select " +"at least one PAM profile from the available list." +msgstr "" +"Non se escolleu ningún perfil PAM para este sistema. Esto daría acceso a " +"todos os usuarios sen necesidade de autenticarse, e isto non está permitido. " +"Escolla polo menos un perfil PAM desde a lista de perfís dispoñibeis." + +#. Type: error +#. Description +#: ../libpam-modules.templates:1001 +msgid "xscreensaver and xlockmore must be restarted before upgrading" +msgstr "xscreensaver e xlockmore deben ser reiniciados antes da actualización" + +#. Type: error +#. Description +#: ../libpam-modules.templates:1001 +msgid "" +"One or more running instances of xscreensaver or xlockmore have been " +"detected on this system. Because of incompatible library changes, the " +"upgrade of the libpam-modules package will leave you unable to authenticate " +"to these programs. You should arrange for these programs to be restarted or " +"stopped before continuing this upgrade, to avoid locking your users out of " +"their current sessions." +msgstr "" +"Detectouse que se están a executar unha ou máis instancias de xscreensaver " +"ou xlockmore no sistema. Por mor de modificacións incompatíbeis en " +"bibliotecas, a actualización do paquete libpam-modules ha facer que non sexa " +"quen de autenticarse nestes programas. Deber reiniciar ou deter estes " +"programas antes de continuar coa actualización, para evitar deixar trancados " +"os usuarios fora das súas sesións de traballo actuais." diff --git a/debian/po/it.po b/debian/po/it.po new file mode 100644 index 00000000..f13a59a1 --- /dev/null +++ b/debian/po/it.po @@ -0,0 +1,229 @@ +# Debconf questions for the Linux-PAM package. +# Copyright (C) 2007 Steve Langasek <vorlon@debian.org> +# This file is distributed under the same license as the pam package. +# +# David Paleino <d.paleino@gmail.com>, 2008, 2010. +# Nicole B. <damn3dg1rl@gmail.com>, 2010. +msgid "" +msgstr "" +"Project-Id-Version: pam 0.99.7.1-5\n" +"Report-Msgid-Bugs-To: pam@packages.debian.org\n" +"POT-Creation-Date: 2011-10-30 15:05-0400\n" +"PO-Revision-Date: 2010-10-23 21:21+0200\n" +"Last-Translator: Nicole B. <damn3dg1rl@gmail.com>\n" +"Language-Team: Italiano <tp@lists.linux.it>\n" +"Language: \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: Lokalize 1.0\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#. Type: string +#. Description +#: ../libpam0g.templates:1001 +msgid "Services to restart for PAM library upgrade:" +msgstr "Servizi da riavviare per l'aggiornamento della libreria PAM:" + +#. Type: string +#. Description +#: ../libpam0g.templates:1001 +msgid "" +"Most services that use PAM need to be restarted to use modules built for " +"this new version of libpam. Please review the following space-separated " +"list of init.d scripts for services to be restarted now, and correct it if " +"needed." +msgstr "" +"La maggior parte dei servizi che usano PAM hanno bisogno di essere riavviati " +"per utilizzare i moduli compilati per questa nuova versione di libpam. " +"Controllare e correggere, se necessario, il seguente elenco di script di " +"init.d, separati da spazi, inerente i servizi da riavviare." + +#. Type: error +#. Description +#: ../libpam0g.templates:2001 +msgid "Display manager must be restarted manually" +msgstr "Il display manager deve essere riavviato manualmente" + +#. Type: error +#. Description +#: ../libpam0g.templates:2001 +msgid "" +"The wdm and xdm display managers require a restart for the new version of " +"libpam, but there are X login sessions active on your system that would be " +"terminated by this restart. You will therefore need to restart these " +"services by hand before further X logins will be possible." +msgstr "" +"I display manager wdm e xdm richiedono di essere riavviati per la nuova " +"versione di libpam, ma ci sono sessioni di login X attive sul sistema che " +"verrebbero terminate da questo riavvio. Bisognerà riavviare questi servizi " +"manualmente prima che sia possibile ogni altro login al server X." + +#. Type: error +#. Description +#: ../libpam0g.templates:3001 +msgid "Failure restarting some services for PAM upgrade" +msgstr "Fallito il riavvio di alcuni servizi per l'aggiornamento di PAM" + +#. Type: error +#. Description +#: ../libpam0g.templates:3001 +msgid "" +"The following services could not be restarted for the PAM library upgrade:" +msgstr "" +"Non è stato possibile il riavvio dei seguenti servizi per l'aggiornamento " +"della libreria PAM:" + +#. Type: error +#. Description +#: ../libpam0g.templates:3001 +msgid "" +"You will need to start these manually by running '/etc/init.d/<service> " +"start'." +msgstr "" +"Bisognerà avviarli manualmente eseguendo '/etc/init.d/<servizio> start'." + +#. Type: boolean +#. Description +#: ../libpam0g.templates:4001 +msgid "Restart services during package upgrades without asking?" +msgstr "" + +#. Type: boolean +#. Description +#: ../libpam0g.templates:4001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr "" + +#. Type: title +#. Description +#: ../libpam-runtime.templates:1001 +msgid "PAM configuration" +msgstr "" + +#. Type: multiselect +#. Description +#: ../libpam-runtime.templates:2001 +msgid "PAM profiles to enable:" +msgstr "Profili PAM abilitabili:" + +#. Type: multiselect +#. Description +#: ../libpam-runtime.templates:2001 +msgid "" +"Pluggable Authentication Modules (PAM) determine how authentication, " +"authorization, and password changing are handled on the system, as well as " +"allowing configuration of additional actions to take when starting user " +"sessions." +msgstr "" +"PAM (Pluggable Authentication Modules) determina come le autenticazioni, le " +"autorizzazioni e i cambiamenti di password siano gestite dal sistema. Allo " +"stesso modo permette la configurazione di azioni addizionali da effettuarsi " +"all'inizio di una sessione utente." + +#. Type: multiselect +#. Description +#: ../libpam-runtime.templates:2001 +msgid "" +"Some PAM module packages provide profiles that can be used to automatically " +"adjust the behavior of all PAM-using applications on the system. Please " +"indicate which of these behaviors you wish to enable." +msgstr "" +"Alcuni pacchetti di moduli PAM forniscono profili che possono essere usati " +"per modificare il comportamento di tutte le applicazioni presenti sul " +"sistema che sfruttano PAM. Indicare quali di questi comportamenti devono " +"essere abilitati." + +#. Type: error +#. Description +#: ../libpam-runtime.templates:3001 +msgid "Incompatible PAM profiles selected." +msgstr "Sono stati scelti dei profili PAM incompatibili." + +#. Type: error +#. Description +#. This paragraph is followed by a (currently) non-translatable list of +#. PAM profile names. +#: ../libpam-runtime.templates:3001 +msgid "The following PAM profiles cannot be used together:" +msgstr "I seguenti profili PAM non possono essere usati contemporaneamente:" + +#. Type: error +#. Description +#: ../libpam-runtime.templates:3001 +msgid "Please select a different set of modules to enable." +msgstr "Selezionare una serie differente di moduli da abilitare." + +#. Type: boolean +#. Description +#: ../libpam-runtime.templates:4001 +msgid "Override local changes to /etc/pam.d/common-*?" +msgstr "Ignorare i cambiamenti in /etc/pam.d/common-*?" + +#. Type: boolean +#. Description +#: ../libpam-runtime.templates:4001 +msgid "" +"One or more of the files /etc/pam.d/common-{auth,account,password,session} " +"have been locally modified. Please indicate whether these local changes " +"should be overridden using the system-provided configuration. If you " +"decline this option, you will need to manage your system's authentication " +"configuration by hand." +msgstr "" +"Uno o più dei file /etc/pam.d/common-{auth,account,password,session} sono " +"stati modificati. Indicare se questi cambiamenti locali debbono essere " +"annullati usando le configurazioni fornite dal sistema. Se questa opzione " +"verrà annullata, sarà necessario gestire manualmente la configurazione di " +"autenticazione del sistema." + +#. Type: error +#. Description +#: ../libpam-runtime.templates:5001 +msgid "No PAM profiles have been selected." +msgstr "Non è stato selezionato alcun profilo PAM." + +#. Type: error +#. Description +#: ../libpam-runtime.templates:5001 +msgid "" +"No PAM profiles have been selected for use on this system. This would grant " +"all users access without authenticating, and is not allowed. Please select " +"at least one PAM profile from the available list." +msgstr "" +"Non è stato selezonato alcun profilo PAM da usare su questo sistema. Questo " +"non è permesso, in quanto si consentirebbe l'acceso a qualunque utente senza " +"effettuare l'autenticazione. Selezionare come minimo un profilo PAM tra " +"quelli disponibili nell'elenco." + +#. Type: error +#. Description +#: ../libpam-modules.templates:1001 +msgid "xscreensaver and xlockmore must be restarted before upgrading" +msgstr "" +"xscreensaver e xlockmore devono essere riavviati prima dell'aggiornamento" + +#. Type: error +#. Description +#: ../libpam-modules.templates:1001 +msgid "" +"One or more running instances of xscreensaver or xlockmore have been " +"detected on this system. Because of incompatible library changes, the " +"upgrade of the libpam-modules package will leave you unable to authenticate " +"to these programs. You should arrange for these programs to be restarted or " +"stopped before continuing this upgrade, to avoid locking your users out of " +"their current sessions." +msgstr "" +"Su questo sistema una o più istanze in esecuzione di xscreensaver o " +"xlockmore sono state rilevate. A causa di cambiamenti incompatibili nelle " +"librerie, l'aggiornamento del pacchetto libpam-modules renderà impossibile " +"l'autenticazione a questi programmi. Si dovrebbe procedere con il riavvio o " +"l'arresto di questi programmi prima di continuare con l'aggiornamento, al " +"fine di evitare che gli utenti siano bloccati al di fuori delle proprie " +"sessioni." diff --git a/debian/po/ja.po b/debian/po/ja.po new file mode 100644 index 00000000..de3439b9 --- /dev/null +++ b/debian/po/ja.po @@ -0,0 +1,224 @@ +# Debconf questions for the Linux-PAM package. +# Copyright (C) 2007 Steve Langasek <vorlon@debian.org> +# This file is distributed under the same license as the pam package. +# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR. +# +msgid "" +msgstr "" +"Project-Id-Version: pam 1.3.6-1\n" +"Report-Msgid-Bugs-To: pam@packages.debian.org\n" +"POT-Creation-Date: 2011-10-30 15:05-0400\n" +"PO-Revision-Date: 2012-01-22 10:47+0900\n" +"Last-Translator: Kenshi Muto <kmuto@debian.org>\n" +"Language-Team: Japanese <debian-japanese@lists.debian.org>\n" +"Language: ja\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: string +#. Description +#: ../libpam0g.templates:1001 +msgid "Services to restart for PAM library upgrade:" +msgstr "PAM ライブラリの更新のために再起動するサービス:" + +#. Type: string +#. Description +#: ../libpam0g.templates:1001 +msgid "" +"Most services that use PAM need to be restarted to use modules built for " +"this new version of libpam. Please review the following space-separated " +"list of init.d scripts for services to be restarted now, and correct it if " +"needed." +msgstr "" +"PAM を利用するほとんどのサービスは、この libpam の新しいバージョンでビルドさ" +"れたモジュールを使うために再起動を必要とします。以下の、スペースで区切られた" +"今再起動するサービスの init.d スクリプトのリストを見て、必要なら修正してくだ" +"さい。" + +#. Type: error +#. Description +#: ../libpam0g.templates:2001 +msgid "Display manager must be restarted manually" +msgstr "ディスプレイマネージャは手動で再起動されなければなりません" + +#. Type: error +#. Description +#: ../libpam0g.templates:2001 +msgid "" +"The wdm and xdm display managers require a restart for the new version of " +"libpam, but there are X login sessions active on your system that would be " +"terminated by this restart. You will therefore need to restart these " +"services by hand before further X logins will be possible." +msgstr "" +"wdm および xdm ディスプレイマネージャは libpam の新しいバージョンのために再起" +"動が必要ですが、あなたのシステムには、この再起動で強制終了してしまう実行中の " +"X ログインセッションが存在します。そのため、以降の X のログインが可能な状態の" +"うちに、これらのサービスを手動で再起動する必要があります。" + +#. Type: error +#. Description +#: ../libpam0g.templates:3001 +msgid "Failure restarting some services for PAM upgrade" +msgstr "PAM 更新のためのいくつかのサービスの再起動で失敗" + +#. Type: error +#. Description +#: ../libpam0g.templates:3001 +msgid "" +"The following services could not be restarted for the PAM library upgrade:" +msgstr "PAM ライブラリ更新のための、以下のサービスの再起動ができませんでした:" + +#. Type: error +#. Description +#: ../libpam0g.templates:3001 +msgid "" +"You will need to start these manually by running '/etc/init.d/<service> " +"start'." +msgstr "" +"/etc/init.d/<サービス> start' を実行することで、これらを手動で起動する必要が" +"あります。" + +#. Type: boolean +#. Description +#: ../libpam0g.templates:4001 +msgid "Restart services during package upgrades without asking?" +msgstr "パッケージの更新中、質問なしにサービスを再起動しますか?" + +#. Type: boolean +#. Description +#: ../libpam0g.templates:4001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr "" +"あなたのシステムには、libpam、libc、libssl のようなごく一部のライブラリが更新" +"される際に、再起動を必要とするサービスがインストールされています。これらの再" +"起動はシステムのサービスの停止を引き起こす可能性があるので、通常、更新のたび" +"に再起動したいサービスの一覧が提示されます。この選択肢に「はい」を選ぶと、そ" +"の質問をしません。すべての必要な再起動が自動で行われるので、ライブラリ更新の" +"たびに質問されることから解放されます。" + +#. Type: title +#. Description +#: ../libpam-runtime.templates:1001 +msgid "PAM configuration" +msgstr "PAM の設定" + +#. Type: multiselect +#. Description +#: ../libpam-runtime.templates:2001 +msgid "PAM profiles to enable:" +msgstr "有効化する PAM プロファイル:" + +#. Type: multiselect +#. Description +#: ../libpam-runtime.templates:2001 +msgid "" +"Pluggable Authentication Modules (PAM) determine how authentication, " +"authorization, and password changing are handled on the system, as well as " +"allowing configuration of additional actions to take when starting user " +"sessions." +msgstr "" +"PAM (Pluggable Authentication Modules) は、ユーザのセッションが開始したときに" +"起こす追加のアクション設定の許可と共に、どのように認証、認可、パスワード変更" +"がシステムで扱われるかを決定します。" + +#. Type: multiselect +#. Description +#: ../libpam-runtime.templates:2001 +msgid "" +"Some PAM module packages provide profiles that can be used to automatically " +"adjust the behavior of all PAM-using applications on the system. Please " +"indicate which of these behaviors you wish to enable." +msgstr "" +"いくつかの PAM モジュールパッケージは、システム上のすべての PAM 利用アプリ" +"ケーションの挙動を自動で調整するのに利用できるプロファイルを提供しています。" +"これらの挙動の中から有効化したいものを指定してください。" + +#. Type: error +#. Description +#: ../libpam-runtime.templates:3001 +msgid "Incompatible PAM profiles selected." +msgstr "矛盾する PAM プロファイルが選択されました。" + +#. Type: error +#. Description +#. This paragraph is followed by a (currently) non-translatable list of +#. PAM profile names. +#: ../libpam-runtime.templates:3001 +msgid "The following PAM profiles cannot be used together:" +msgstr "次の PAM プロファイルは一緒に利用することはできません:" + +#. Type: error +#. Description +#: ../libpam-runtime.templates:3001 +msgid "Please select a different set of modules to enable." +msgstr "有効化するために違うモジュールセットを選択してください。" + +#. Type: boolean +#. Description +#: ../libpam-runtime.templates:4001 +msgid "Override local changes to /etc/pam.d/common-*?" +msgstr "/etc/pam.d/common-* にローカルの変更を上書きしますか?" + +#. Type: boolean +#. Description +#: ../libpam-runtime.templates:4001 +msgid "" +"One or more of the files /etc/pam.d/common-{auth,account,password,session} " +"have been locally modified. Please indicate whether these local changes " +"should be overridden using the system-provided configuration. If you " +"decline this option, you will need to manage your system's authentication " +"configuration by hand." +msgstr "" +"/etc/pam.d/common-{auth,account,password,session} のファイルのうちの 1 つ以上" +"がローカルで変更されています。これらのローカルの変更をシステムで提供される設" +"定を使って上書きすべきかどうかを指示してください。この選択肢で「いいえ」と答" +"える場合、あなたのシステムの認証設定を手動で管理する必要があります。" + +#. Type: error +#. Description +#: ../libpam-runtime.templates:5001 +msgid "No PAM profiles have been selected." +msgstr "PAM プロファイルが何も選択されていません。" + +#. Type: error +#. Description +#: ../libpam-runtime.templates:5001 +msgid "" +"No PAM profiles have been selected for use on this system. This would grant " +"all users access without authenticating, and is not allowed. Please select " +"at least one PAM profile from the available list." +msgstr "" +"このシステムで利用する PAM プロファイルが何も選択されていません。これは、すべ" +"てのユーザが認証なしにアクセスできてしまうことになるので、認められません。利" +"用可能な一覧から少なくとも 1 つの PAM プロファイルを選んでください。" + +#. Type: error +#. Description +#: ../libpam-modules.templates:1001 +msgid "xscreensaver and xlockmore must be restarted before upgrading" +msgstr "xscreensaver と xlockmore を更新前に再起動する必要があります" + +#. Type: error +#. Description +#: ../libpam-modules.templates:1001 +msgid "" +"One or more running instances of xscreensaver or xlockmore have been " +"detected on this system. Because of incompatible library changes, the " +"upgrade of the libpam-modules package will leave you unable to authenticate " +"to these programs. You should arrange for these programs to be restarted or " +"stopped before continuing this upgrade, to avoid locking your users out of " +"their current sessions." +msgstr "" +"このシステムで 1 つ以上の xscreensaver あるいは xlockmore の動作が検出されま" +"した。非互換のライブラリ変更のため、libpam-modules パッケージの更新はこれらの" +"プログラムでの認証ができなくなるという事態にあなたを追いやります。ユーザが現" +"在のセッションの外に締め出されるのを避けるため、このパッケージの更新を継続す" +"る前に、これらのプログラムを再起動するか停止するように手配すべきです。" diff --git a/debian/po/nl.po b/debian/po/nl.po new file mode 100644 index 00000000..fd96e244 --- /dev/null +++ b/debian/po/nl.po @@ -0,0 +1,235 @@ +# Dutch translation of pam debconf templates. +# Copyright (C) 2007 Steve Langasek <vorlon@debian.org> +# This file is distributed under the same license as the pam package. +# Bart Cornelis <cobaco@skolelinux.no>, 2007. +# Eric Spreen <erispre@gmail.com>, 2010. +# Jeroen Schot <schot@a-eskwadraat.nl>, 2011. +# +msgid "" +msgstr "" +"Project-Id-Version: pam 1.1.3-6\n" +"Report-Msgid-Bugs-To: pam@packages.debian.org\n" +"POT-Creation-Date: 2011-10-30 15:05-0400\n" +"PO-Revision-Date: 2011-11-25 16:33+0100\n" +"Last-Translator: Jeroen Schot <schot@a-eskwadraat.nl>\n" +"Language-Team: Debian l10n Dutch <debian-l10n-dutch@lists.debian.org>\n" +"Language: nl\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: string +#. Description +#: ../libpam0g.templates:1001 +msgid "Services to restart for PAM library upgrade:" +msgstr "Bij de opwaardering van de PAM-bibliotheek te herstarten diensten:" + +#. Type: string +#. Description +#: ../libpam0g.templates:1001 +msgid "" +"Most services that use PAM need to be restarted to use modules built for " +"this new version of libpam. Please review the following space-separated " +"list of init.d scripts for services to be restarted now, and correct it if " +"needed." +msgstr "" +"De meeste PAM-gebruikende diensten moeten herstart worden voor ze gebruik " +"kunnen maken van modules die gebouwd zijn voor de nieuwe libpam-versie. De " +"volgende, met spaties gescheiden, lijst van init.d scripts wordt herstart. " +"Gelieve deze lijst te controleren en indien nodig aan te passen." + +#. Type: error +#. Description +#: ../libpam0g.templates:2001 +msgid "Display manager must be restarted manually" +msgstr "De beeldschermbeheerder dient handmatig herstart te worden" + +#. Type: error +#. Description +#: ../libpam0g.templates:2001 +msgid "" +"The wdm and xdm display managers require a restart for the new version of " +"libpam, but there are X login sessions active on your system that would be " +"terminated by this restart. You will therefore need to restart these " +"services by hand before further X logins will be possible." +msgstr "" +"De beelschermbeheerders wdm en xdm vereisen een herstart vanwege de nieuwe " +"libpam-versie. Er zijn echter X-login-sessies actief op uw systeem die " +"hierdoor afgesloten zouden worden. Nieuwe X-sessies starten via deze " +"diensten is pas mogelijk eens u ze handmatig herstart heeft." + +#. Type: error +#. Description +#: ../libpam0g.templates:3001 +msgid "Failure restarting some services for PAM upgrade" +msgstr "Herstarten van sommige diensten bij de PAM-opwaardering is mislukt" + +#. Type: error +#. Description +#: ../libpam0g.templates:3001 +msgid "" +"The following services could not be restarted for the PAM library upgrade:" +msgstr "" +"De volgende diensten konden niet herstart worden bij de opwaardering van de " +"PAM-bibliotheek:." + +#. Type: error +#. Description +#: ../libpam0g.templates:3001 +msgid "" +"You will need to start these manually by running '/etc/init.d/<service> " +"start'." +msgstr "" +"U dient deze diensten handmatig op te starten via het commando '/etc/init.d/" +"<dienst> start'." + +#. Type: boolean +#. Description +#: ../libpam0g.templates:4001 +msgid "Restart services during package upgrades without asking?" +msgstr "Diensten zonder vragen herstarten bij het opwaarderen van pakketten?" + +#. Type: boolean +#. Description +#: ../libpam0g.templates:4001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr "" +"Er zijn diensten op uw systeem geïnstalleerd die moeten worden herstart " +"wanneer bepaalde bibliotheken, zoals libpam, libc en libssl, worden " +"opgewaardeerd. Omdat deze herstarts dienstonderbrekingen op uw systeem " +"kunnen veroorzaken wordt u normaal gesproken bij elke opwaardering gevraagd " +"welke diensten u wilt herstarten. Als u voor deze optie kiest wordt dit niet " +"meer aan u gevraagd. In plaats daarvan worden alle noodzakelijke herstarts " +"automatisch gedaan zodat u geen vragen krijgt bij elke opwaardering van een " +"bibliotheek." + +#. Type: title +#. Description +#: ../libpam-runtime.templates:1001 +msgid "PAM configuration" +msgstr "PAM-configuratie" + +#. Type: multiselect +#. Description +#: ../libpam-runtime.templates:2001 +msgid "PAM profiles to enable:" +msgstr "PAM-profielen die ingeschakeld moeten worden:" + +#. Type: multiselect +#. Description +#: ../libpam-runtime.templates:2001 +msgid "" +"Pluggable Authentication Modules (PAM) determine how authentication, " +"authorization, and password changing are handled on the system, as well as " +"allowing configuration of additional actions to take when starting user " +"sessions." +msgstr "" +"Pluggable Authentication Modules (PAM) bepalen hoe authenticatie, " +"autorisatie en wachtwoordverandering worden behandeld op het systeem. Ook " +"staat het het instellen van overige acties die moeten worden ondernomen bij " +"het starten van gebruikerssessies toe." + +#. Type: multiselect +#. Description +#: ../libpam-runtime.templates:2001 +msgid "" +"Some PAM module packages provide profiles that can be used to automatically " +"adjust the behavior of all PAM-using applications on the system. Please " +"indicate which of these behaviors you wish to enable." +msgstr "" +"Sommige PAM-modulepakketten leveren profielen die kunnen worden gebruikt om " +"automatisch het gedrag van alle programma's die PAM gebruiken aan te passen. " +"Geeft u alstublieft aan welk van deze instellingen u wilt gebruiken." + +#. Type: error +#. Description +#: ../libpam-runtime.templates:3001 +msgid "Incompatible PAM profiles selected." +msgstr "Strijdige PAM-profielen geselecteerd." + +#. Type: error +#. Description +#. This paragraph is followed by a (currently) non-translatable list of +#. PAM profile names. +#: ../libpam-runtime.templates:3001 +msgid "The following PAM profiles cannot be used together:" +msgstr "De volgende PAM-profielen kunnen niet samen worden gebruikt:" + +#. Type: error +#. Description +#: ../libpam-runtime.templates:3001 +msgid "Please select a different set of modules to enable." +msgstr "Selecteer een andere set modules om in te schakelen." + +#. Type: boolean +#. Description +#: ../libpam-runtime.templates:4001 +msgid "Override local changes to /etc/pam.d/common-*?" +msgstr "Wilt u de locale veranderingen aan /etc/pam.d/common-* overschrijven?" + +#. Type: boolean +#. Description +#: ../libpam-runtime.templates:4001 +msgid "" +"One or more of the files /etc/pam.d/common-{auth,account,password,session} " +"have been locally modified. Please indicate whether these local changes " +"should be overridden using the system-provided configuration. If you " +"decline this option, you will need to manage your system's authentication " +"configuration by hand." +msgstr "" +"Een of meer van de bestanden /etc/pam.d/common-{auth,account,password," +"session} zijn lokaal aangepast. Geef aan of deze lokale veranderingen moeten " +"worden overschreven, door de door het systeem geleverde configuratie te " +"gebruiken. Als u dit weigert, zult u de configuratie van de authenticatie " +"van uw systeem met de hand moeten onderhouden." + +#. Type: error +#. Description +#: ../libpam-runtime.templates:5001 +msgid "No PAM profiles have been selected." +msgstr "Er zijn geen PAM-profielen geselecteerd." + +#. Type: error +#. Description +#: ../libpam-runtime.templates:5001 +msgid "" +"No PAM profiles have been selected for use on this system. This would grant " +"all users access without authenticating, and is not allowed. Please select " +"at least one PAM profile from the available list." +msgstr "" +"Er zijn geen PAM-profielen geselecteerd om gebruikt te worden op dit " +"systeem. Dit zou alle gebruikers toegang geven zonder authenticatie, hetgeen " +"niet is toegestaan. Selecteer minstens een PAM-profiel van de beschikbare " +"lijst." + +#. Type: error +#. Description +#: ../libpam-modules.templates:1001 +msgid "xscreensaver and xlockmore must be restarted before upgrading" +msgstr "xscreensaver en xlockmore moeten worden herstart voor u kunt upgraden" + +#. Type: error +#. Description +#: ../libpam-modules.templates:1001 +msgid "" +"One or more running instances of xscreensaver or xlockmore have been " +"detected on this system. Because of incompatible library changes, the " +"upgrade of the libpam-modules package will leave you unable to authenticate " +"to these programs. You should arrange for these programs to be restarted or " +"stopped before continuing this upgrade, to avoid locking your users out of " +"their current sessions." +msgstr "" +"Er zijn een of meer draaiende instanties van xscreensaver of xlockmore " +"gedetecteerd op dit systeem. Wegens strijdige veranderingen in bibliotheken " +"zal de upgrade van het pakket libpam-modules een systeem veroorzaken waarin " +"u zich niet zult kunnen authenticeren tegenover deze programma's. U dient " +"ervoor te zorgen dat deze programma's worden herstart of gestopt voordat u " +"verder gaat met deze upgrade, om te voorkomen dat gebruikers worden " +"uitgesloten van hun huidige sessies." diff --git a/debian/po/pl.po b/debian/po/pl.po new file mode 100644 index 00000000..00cbdae5 --- /dev/null +++ b/debian/po/pl.po @@ -0,0 +1,231 @@ +# Copyright (C) 2011 +# This file is distributed under the same license as the pam package. +# +# Michał Kułach <michal.kulach@gmail.com>, 2012. +msgid "" +msgstr "" +"Project-Id-Version: \n" +"Report-Msgid-Bugs-To: pam@packages.debian.org\n" +"POT-Creation-Date: 2011-10-30 15:05-0400\n" +"PO-Revision-Date: 2012-01-26 12:07+0100\n" +"Last-Translator: Michał Kułach <michal.kulach@gmail.com>\n" +"Language-Team: Polish <debian-l10n-polish@lists.debian.org>\n" +"Language: \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: Lokalize 1.2\n" +"Plural-Forms: nplurals=3; plural=(n==1 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 " +"|| n%100>=20) ? 1 : 2);\n" + +#. Type: string +#. Description +#: ../libpam0g.templates:1001 +msgid "Services to restart for PAM library upgrade:" +msgstr "" +"Usługi które mają być zrestartowane, w związku z aktualizacją biblioteki PAM:" + +#. Type: string +#. Description +#: ../libpam0g.templates:1001 +msgid "" +"Most services that use PAM need to be restarted to use modules built for " +"this new version of libpam. Please review the following space-separated " +"list of init.d scripts for services to be restarted now, and correct it if " +"needed." +msgstr "" +"Większość usług używających PAM musi być zrestartowana, aby używać modułów " +"zbudowanych do tej nowej wersji libpam. Proszę przeglądnąć poniższą listę " +"skryptów init.d (oddzieloną spacjami), pod kątem usług które mają być teraz " +"zrestartowane, i poprawić ją jeśli zachodzi taka potrzeba." + +#. Type: error +#. Description +#: ../libpam0g.templates:2001 +msgid "Display manager must be restarted manually" +msgstr "Menedżer logowania musi być zrestartowany ręcznie" + +#. Type: error +#. Description +#: ../libpam0g.templates:2001 +msgid "" +"The wdm and xdm display managers require a restart for the new version of " +"libpam, but there are X login sessions active on your system that would be " +"terminated by this restart. You will therefore need to restart these " +"services by hand before further X logins will be possible." +msgstr "" +"Menedżery logowania wdm i xdm wymagają restartu z powodu nowej wersji " +"libpam, ale występują aktywne sesje logowania X, które mogą być przerwane " +"przez ten restart. Będzie istniała potrzeba ręcznego restartu tych usług, " +"aby kolejne logowania X stały się możliwe." + +#. Type: error +#. Description +#: ../libpam0g.templates:3001 +msgid "Failure restarting some services for PAM upgrade" +msgstr "Nie udało się zrestartować niektórych usług w celu aktualizacji PAM" + +#. Type: error +#. Description +#: ../libpam0g.templates:3001 +msgid "" +"The following services could not be restarted for the PAM library upgrade:" +msgstr "" +"Następujące usługi nie mogły zostać zrestartowane z celu aktualizacji PAM:" + +#. Type: error +#. Description +#: ../libpam0g.templates:3001 +msgid "" +"You will need to start these manually by running '/etc/init.d/<service> " +"start'." +msgstr "" +"Należy zrestartować te usługi ręcznie, przez wykonanie \"/etc/init.d/" +"<usługa> start\"" + +#. Type: boolean +#. Description +#: ../libpam0g.templates:4001 +msgid "Restart services during package upgrades without asking?" +msgstr "Zrestartować usługi podczas aktualizacji pakietu bez pytania?" + +#. Type: boolean +#. Description +#: ../libpam0g.templates:4001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr "" +"Niektóre z zainstalowanych usług wymagają restartu, gdy są aktualizowane " +"określone biblioteki (np. libpam, libc i libss1). Ponieważ restarty mogą " +"spowodować przerwanie tych usług, użytkownik jest zwykle pytany podczas " +"każdej aktualizacji o listę usług, które chce zrestartować. Można wybrać tę " +"opcję, aby zapobiec takim pytaniom; wtedy wszystkie potrzebne restarty " +"odbędą się automatycznie, a użytkownik uniknie pytania przy każdej " +"aktualizacji biblioteki." + +#. Type: title +#. Description +#: ../libpam-runtime.templates:1001 +msgid "PAM configuration" +msgstr "Konfiguracja PAM" + +#. Type: multiselect +#. Description +#: ../libpam-runtime.templates:2001 +msgid "PAM profiles to enable:" +msgstr "Profile PAM do włączenia:" + +#. Type: multiselect +#. Description +#: ../libpam-runtime.templates:2001 +msgid "" +"Pluggable Authentication Modules (PAM) determine how authentication, " +"authorization, and password changing are handled on the system, as well as " +"allowing configuration of additional actions to take when starting user " +"sessions." +msgstr "" +"Pluggable Authentication Modules (PAM) określa, jak obsługiwane jest przez " +"system uwierzytelnienie, autoryzacja i zmiana hasła, jak również pozwala na " +"konfigurację dodatkowych akcji do podjęcia podczas uruchamiania sesji " +"użytkownika." + +#. Type: multiselect +#. Description +#: ../libpam-runtime.templates:2001 +msgid "" +"Some PAM module packages provide profiles that can be used to automatically " +"adjust the behavior of all PAM-using applications on the system. Please " +"indicate which of these behaviors you wish to enable." +msgstr "" +"Niektóre moduły PAM dostarczają profile, które mogą być użyte do " +"automatycznego dostosowania zachowania wszystkich aplikacji używających PAM " +"w systemie. Proszę określić, które z tych zachowań mają być włączone." + +#. Type: error +#. Description +#: ../libpam-runtime.templates:3001 +msgid "Incompatible PAM profiles selected." +msgstr "Wybrano niezgodne profile PAM." + +#. Type: error +#. Description +#. This paragraph is followed by a (currently) non-translatable list of +#. PAM profile names. +#: ../libpam-runtime.templates:3001 +msgid "The following PAM profiles cannot be used together:" +msgstr "Następujące profile PAM nie mogą być używane razem:" + +#. Type: error +#. Description +#: ../libpam-runtime.templates:3001 +msgid "Please select a different set of modules to enable." +msgstr "Proszę wybrać inny zestaw modułów do włączenia." + +#. Type: boolean +#. Description +#: ../libpam-runtime.templates:4001 +msgid "Override local changes to /etc/pam.d/common-*?" +msgstr "Nadpisać lokalne zmiany w /etc/pam.d/common-*?" + +#. Type: boolean +#. Description +#: ../libpam-runtime.templates:4001 +msgid "" +"One or more of the files /etc/pam.d/common-{auth,account,password,session} " +"have been locally modified. Please indicate whether these local changes " +"should be overridden using the system-provided configuration. If you " +"decline this option, you will need to manage your system's authentication " +"configuration by hand." +msgstr "" +"Jeden lub więcej plików /etc/pam.d/common-{auth,account,password,session}, " +"zostało lokalnie zmodyfikowanych. Proszę określić, czy zmiany te powinny " +"zostać nadpisane przez konfigurację dostarczaną z systemem. W przypadku " +"braku zgody użytkownika, konieczne będzie ręczne zarządzanie systemową " +"konfiguracją uwierzytelniania." + +#. Type: error +#. Description +#: ../libpam-runtime.templates:5001 +msgid "No PAM profiles have been selected." +msgstr "Nie wybrano żadnych profili PAM." + +#. Type: error +#. Description +#: ../libpam-runtime.templates:5001 +msgid "" +"No PAM profiles have been selected for use on this system. This would grant " +"all users access without authenticating, and is not allowed. Please select " +"at least one PAM profile from the available list." +msgstr "" +"Nie wybrano żadnych profili PAM, które mają być używane przez system. Dałoby " +"to dostęp wszystkim użytkownikom bez uwierzytelniania, co nie jest " +"dozwolone. Proszę wybrać przynajmniej jeden profil PAM z dostępnej listy." + +#. Type: error +#. Description +#: ../libpam-modules.templates:1001 +msgid "xscreensaver and xlockmore must be restarted before upgrading" +msgstr "xscreensaver i xlockmore muszą zostać zrestartowane przed aktualizacją" + +#. Type: error +#. Description +#: ../libpam-modules.templates:1001 +msgid "" +"One or more running instances of xscreensaver or xlockmore have been " +"detected on this system. Because of incompatible library changes, the " +"upgrade of the libpam-modules package will leave you unable to authenticate " +"to these programs. You should arrange for these programs to be restarted or " +"stopped before continuing this upgrade, to avoid locking your users out of " +"their current sessions." +msgstr "" +"Wykryto jedną lub więcej działających kopii programu xscreensaver lub " +"xlockmore. Z powodu niekompatybilnych zmian biblioteki, aktualizacja pakietu " +"libpam-modules uniemożliwiła by autoryzację użytkownika do tych programów. " +"Należy zrestartować lub zatrzymać te programy przed aktualizacją, aby " +"zapobiec utknięciu użytkowników poza ich aktualnymi sesjami." diff --git a/debian/po/pt.po b/debian/po/pt.po new file mode 100644 index 00000000..52211a5a --- /dev/null +++ b/debian/po/pt.po @@ -0,0 +1,235 @@ +# translation of pam debconf to Portuguese +# Copyright (C) 2007 Américo Monteiro +# This file is distributed under the same license as the pam package. +# +# Américo Monteiro <a_monteiro@netcabo.pt>, 2007, 2009. +# Pedro Ribeiro <p.m42.ribeiro@gmail.com>, 2011. +# +msgid "" +msgstr "" +"Project-Id-Version: pam 1.1.3-6\n" +"Report-Msgid-Bugs-To: pam@packages.debian.org\n" +"POT-Creation-Date: 2011-10-30 15:05-0400\n" +"PO-Revision-Date: 2011-12-17 18:46+0000\n" +"Last-Translator: Pedro Ribeiro <p.m42.ribeiro@gmail.com>\n" +"Language-Team: Portuguese <traduz@debianpt.org>\n" +"Language: pt\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: Lokalize 1.0\n" + +#. Type: string +#. Description +#: ../libpam0g.templates:1001 +msgid "Services to restart for PAM library upgrade:" +msgstr "Serviços a reiniciar para a actualização da biblioteca PAM:" + +#. Type: string +#. Description +#: ../libpam0g.templates:1001 +msgid "" +"Most services that use PAM need to be restarted to use modules built for " +"this new version of libpam. Please review the following space-separated " +"list of init.d scripts for services to be restarted now, and correct it if " +"needed." +msgstr "" +"A maioria dos serviços que usam PAM necessitam ser reiniciados para usarem " +"os módulos construídos para esta nova versão do libpam. Por favor, reveja a " +"seguinte lista de scripts init.d de serviços, separados por espaços, para " +"serem reiniciados agora e corrija-a se for necessário." + +#. Type: error +#. Description +#: ../libpam0g.templates:2001 +msgid "Display manager must be restarted manually" +msgstr "O gestor de sessão gráfica deverá ser reiniciado manualmente" + +#. Type: error +#. Description +#: ../libpam0g.templates:2001 +msgid "" +"The wdm and xdm display managers require a restart for the new version of " +"libpam, but there are X login sessions active on your system that would be " +"terminated by this restart. You will therefore need to restart these " +"services by hand before further X logins will be possible." +msgstr "" +"Os gestores de sessão gráfica wdm e xdm necessitam de reiniciar para a nova " +"versão de libpam, mas existem sessões de login X activas no seu sistema que " +"seriam terminadas por esta operação. Deverá reiniciar estes serviços " +"manualmente para permitir novos logins X." + +#. Type: error +#. Description +#: ../libpam0g.templates:3001 +msgid "Failure restarting some services for PAM upgrade" +msgstr "Falha ao reiniciar alguns serviços para a actualização PAM" + +#. Type: error +#. Description +#: ../libpam0g.templates:3001 +msgid "" +"The following services could not be restarted for the PAM library upgrade:" +msgstr "" +"Os seguintes serviços não puderam ser reiniciados para a actualização da " +"biblioteca PAM:" + +#. Type: error +#. Description +#: ../libpam0g.templates:3001 +msgid "" +"You will need to start these manually by running '/etc/init.d/<service> " +"start'." +msgstr "" +"Você precisa iniciar manualmente estes serviços fazendo '/etc/init.d/" +"<serviço> start'." + +#. Type: boolean +#. Description +#: ../libpam0g.templates:4001 +msgid "Restart services during package upgrades without asking?" +msgstr "Reiniciar os serviços durante actualizações do pacote sem perguntar?" + +#. Type: boolean +#. Description +#: ../libpam0g.templates:4001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr "" +"Há serviços instalados no seu sistema que necessitam de ser reiniciados " +"quando certas bibliotecas, tais como libpam, libc e libssl, são " +"actualizadas. Uma vez que estes reinícios podem causar interrupções de " +"serviço do sistema, será normalmente questionado em cada actualização sobre " +"a lista de serviços que deseja reiniciar. Pode escolher esta opção para " +"evitar as questões; neste caso, todos os reinicios serão efectuados " +"automaticamente e não será questionado em cada actualização das bibliotecas." + +#. Type: title +#. Description +#: ../libpam-runtime.templates:1001 +msgid "PAM configuration" +msgstr "Configuração PAM" + +#. Type: multiselect +#. Description +#: ../libpam-runtime.templates:2001 +msgid "PAM profiles to enable:" +msgstr "Perfis PAM para activar:" + +#. Type: multiselect +#. Description +#: ../libpam-runtime.templates:2001 +msgid "" +"Pluggable Authentication Modules (PAM) determine how authentication, " +"authorization, and password changing are handled on the system, as well as " +"allowing configuration of additional actions to take when starting user " +"sessions." +msgstr "" +"O PAM (Pluggable Authentication Modules) determina como a autenticação, a " +"autorização, e a mudança de palavras-chave são manuseadas no sistema, assim " +"como permitir a configuração de acções adicionais a tomar quando arrancam " +"sessões de utilizador." + +#. Type: multiselect +#. Description +#: ../libpam-runtime.templates:2001 +msgid "" +"Some PAM module packages provide profiles that can be used to automatically " +"adjust the behavior of all PAM-using applications on the system. Please " +"indicate which of these behaviors you wish to enable." +msgstr "" +"Alguns pacotes de módulos do PAM disponibilizam perfis que podem ser usados " +"para ajustar automaticamente o comportamento de todas as aplicações no " +"sistema que usam o PAM. Por favor indique quais destes comportamentos deseja " +"activar." + +#. Type: error +#. Description +#: ../libpam-runtime.templates:3001 +msgid "Incompatible PAM profiles selected." +msgstr "Seleccionados perfis PAM incompatíveis." + +#. Type: error +#. Description +#. This paragraph is followed by a (currently) non-translatable list of +#. PAM profile names. +#: ../libpam-runtime.templates:3001 +msgid "The following PAM profiles cannot be used together:" +msgstr "Os seguintes perfis do PAM não podem ser usados juntamente:" + +#. Type: error +#. Description +#: ../libpam-runtime.templates:3001 +msgid "Please select a different set of modules to enable." +msgstr "Por favor seleccione um conjunto diferente de módulos para activar." + +#. Type: boolean +#. Description +#: ../libpam-runtime.templates:4001 +msgid "Override local changes to /etc/pam.d/common-*?" +msgstr "Sobre-escrever as alterações locais em /etc/pam.d/common-*?" + +#. Type: boolean +#. Description +#: ../libpam-runtime.templates:4001 +msgid "" +"One or more of the files /etc/pam.d/common-{auth,account,password,session} " +"have been locally modified. Please indicate whether these local changes " +"should be overridden using the system-provided configuration. If you " +"decline this option, you will need to manage your system's authentication " +"configuration by hand." +msgstr "" +"Um ou mais dos ficheiros /etc/pam.d/common-{auth,account,password,session} " +"foi modificado localmente. Por favor indique se estas alterações locais " +"deverão ser sobre-escritas usando a configuração disponibilizada pelo " +"sistema. Se você recusar esta opção, terá que gerir a configuração de " +"autenticação do sistema manualmente." + +#. Type: error +#. Description +#: ../libpam-runtime.templates:5001 +msgid "No PAM profiles have been selected." +msgstr "Nenhum perfil do PAM foi seleccionado." + +#. Type: error +#. Description +#: ../libpam-runtime.templates:5001 +msgid "" +"No PAM profiles have been selected for use on this system. This would grant " +"all users access without authenticating, and is not allowed. Please select " +"at least one PAM profile from the available list." +msgstr "" +"Não foram seleccionados perfis do PAM para utilização neste sistema. Isto " +"irá permitir acesso sem autenticação ao todos os utilizadores, e não é " +"permitido. Por favor seleccione pelo menos um perfil PAM a partir da lista " +"disponível." + +#. Type: error +#. Description +#: ../libpam-modules.templates:1001 +msgid "xscreensaver and xlockmore must be restarted before upgrading" +msgstr "xscreensaver e xlockmore têm que ser reiniciados antes da actualização" + +#. Type: error +#. Description +#: ../libpam-modules.templates:1001 +msgid "" +"One or more running instances of xscreensaver or xlockmore have been " +"detected on this system. Because of incompatible library changes, the " +"upgrade of the libpam-modules package will leave you unable to authenticate " +"to these programs. You should arrange for these programs to be restarted or " +"stopped before continuing this upgrade, to avoid locking your users out of " +"their current sessions." +msgstr "" +"Uma ou mais instâncias do xscreensaver ou xlockmore foram detectadas a " +"funcionar neste sistema. Devido a alterações incompatíveis em bibliotecas, a " +"actualização do pacote libpam-modules irá deixá-lo incapaz de se autenticar " +"nestes programas. Você deve fazer com que estes programas sejam reiniciados " +"ou parados antes de continuar com esta actualização, para evitar trancar os " +"seus utilizadores fora das suas sessões actuais." diff --git a/debian/po/pt_BR.po b/debian/po/pt_BR.po new file mode 100644 index 00000000..d36ff2e5 --- /dev/null +++ b/debian/po/pt_BR.po @@ -0,0 +1,236 @@ +# pam Brazilian Portuguese translation +# Copyright (c) 2007 Steve Langasek <vorlon@debian.org> +# This file is distributed under the same license as the pam package. +# Eder L. Marques <eder@edermarques.net>, 2007-2009. +# Fernando Ike de Oliveira <fike@midstorm.org>, 2013. +# Adriano Rafael Gomes <adrianorg@arg.eti.br>, 2009-2015. +# +msgid "" +msgstr "" +"Project-Id-Version: pam\n" +"Report-Msgid-Bugs-To: pam@packages.debian.org\n" +"POT-Creation-Date: 2011-10-30 15:05-0400\n" +"PO-Revision-Date: 2015-09-18 20:27-0300\n" +"Last-Translator: Adriano Rafael Gomes <adrianorg@arg.eti.br>\n" +"Language-Team: Brazilian Portuguese <debian-l10n-portuguese@lists.debian." +"org>\n" +"Language: pt_BR\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: string +#. Description +#: ../libpam0g.templates:1001 +msgid "Services to restart for PAM library upgrade:" +msgstr "Serviços a serem reiniciados para atualização da biblioteca PAM:" + +#. Type: string +#. Description +#: ../libpam0g.templates:1001 +msgid "" +"Most services that use PAM need to be restarted to use modules built for " +"this new version of libpam. Please review the following space-separated " +"list of init.d scripts for services to be restarted now, and correct it if " +"needed." +msgstr "" +"A maioria dos serviços que utilizam PAM precisam ser reiniciados para usar " +"os módulos construídos para esta nova versão da libpam. Por favor, revise a " +"seguinte lista separada por espaços de scripts init.d de serviços que serão " +"reiniciados agora, e a corrija, se necessário." + +#. Type: error +#. Description +#: ../libpam0g.templates:2001 +msgid "Display manager must be restarted manually" +msgstr "Gerenciador de display deve ser reiniciado manualmente" + +#. Type: error +#. Description +#: ../libpam0g.templates:2001 +msgid "" +"The wdm and xdm display managers require a restart for the new version of " +"libpam, but there are X login sessions active on your system that would be " +"terminated by this restart. You will therefore need to restart these " +"services by hand before further X logins will be possible." +msgstr "" +"Os gerenciadores de display wdm e xdm precisam ser reiniciados para a nova " +"versão da libpam, mas existem sessões de login X ativas em seu sistema que " +"serão terminadas por este reinício. Você consequentemente necessitará " +"reiniciar estes serviços manualmente antes que logins X adicionais sejam " +"possíveis." + +#. Type: error +#. Description +#: ../libpam0g.templates:3001 +msgid "Failure restarting some services for PAM upgrade" +msgstr "Falha ao reiniciar alguns serviços para atualização do PAM" + +#. Type: error +#. Description +#: ../libpam0g.templates:3001 +msgid "" +"The following services could not be restarted for the PAM library upgrade:" +msgstr "" +"Os seguintes serviços não puderam ser reiniciados para a atualização da " +"biblioteca PAM:" + +#. Type: error +#. Description +#: ../libpam0g.templates:3001 +msgid "" +"You will need to start these manually by running '/etc/init.d/<service> " +"start'." +msgstr "" +"Você deverá iniciá-los manualmente executando \"/etc/init.d/<serviço> start" +"\"." + +#. Type: boolean +#. Description +#: ../libpam0g.templates:4001 +msgid "Restart services during package upgrades without asking?" +msgstr "Reiniciar serviços durante a atualização de pacotes sem perguntar?" + +#. Type: boolean +#. Description +#: ../libpam0g.templates:4001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr "" +"Existem serviços instalados no seu sistema que precisam ser reiniciados " +"quando determinadas bibliotecas, tais como libpam, libc e libssl são " +"atualizadas. Uma vez que essas reinicializações podem causar interrupções de " +"serviços para o sistema, normalmente você terá que responder a cada " +"atualização qual será a lista de serviços que quiser reiniciar. Você pode " +"escolher esta opção para evitar novas solicitações; ao invés disso, todas as " +"reinicializações necessárias serão realizadas automaticamente para evitar " +"que você responda a cada atualização de biblioteca." + +#. Type: title +#. Description +#: ../libpam-runtime.templates:1001 +msgid "PAM configuration" +msgstr "Configuração do PAM" + +#. Type: multiselect +#. Description +#: ../libpam-runtime.templates:2001 +msgid "PAM profiles to enable:" +msgstr "Perfis PAM para habilitar:" + +#. Type: multiselect +#. Description +#: ../libpam-runtime.templates:2001 +msgid "" +"Pluggable Authentication Modules (PAM) determine how authentication, " +"authorization, and password changing are handled on the system, as well as " +"allowing configuration of additional actions to take when starting user " +"sessions." +msgstr "" +"O PAM (\"Pluggable Authentication Modules\") determina como a autenticação, " +"a autorização e a alteração de senha são tratadas no sistema, assim como " +"permite a configuração de ações adicionais a serem tomadas quando sessões de " +"usuário são iniciadas." + +#. Type: multiselect +#. Description +#: ../libpam-runtime.templates:2001 +msgid "" +"Some PAM module packages provide profiles that can be used to automatically " +"adjust the behavior of all PAM-using applications on the system. Please " +"indicate which of these behaviors you wish to enable." +msgstr "" +"Alguns pacotes de módulos PAM fornecem perfis que podem ser usados para " +"ajustar automaticamente o comportamento de todas as aplicações que usam PAM " +"no sistema. Por favor, indique quais desses comportamentos você deseja " +"habilitar." + +#. Type: error +#. Description +#: ../libpam-runtime.templates:3001 +msgid "Incompatible PAM profiles selected." +msgstr "Perfis PAM incompatíveis foram selecionados." + +#. Type: error +#. Description +#. This paragraph is followed by a (currently) non-translatable list of +#. PAM profile names. +#: ../libpam-runtime.templates:3001 +msgid "The following PAM profiles cannot be used together:" +msgstr "Os seguintes perfis PAM não podem ser usados em conjunto:" + +#. Type: error +#. Description +#: ../libpam-runtime.templates:3001 +msgid "Please select a different set of modules to enable." +msgstr "Por favor, selecione um conjunto diferente de módulos para habilitar." + +#. Type: boolean +#. Description +#: ../libpam-runtime.templates:4001 +msgid "Override local changes to /etc/pam.d/common-*?" +msgstr "Sobrescrever as modificações locais de /etc/pam.d/common-*?" + +#. Type: boolean +#. Description +#: ../libpam-runtime.templates:4001 +msgid "" +"One or more of the files /etc/pam.d/common-{auth,account,password,session} " +"have been locally modified. Please indicate whether these local changes " +"should be overridden using the system-provided configuration. If you " +"decline this option, you will need to manage your system's authentication " +"configuration by hand." +msgstr "" +"Um ou mais dos arquivos /etc/pam.d/common-{auth,account,password,session} " +"foram modificados localmente. Por favor, indique se essas modificações " +"locais devem ser sobrescritas usando a configuração fornecida pelo sistema. " +"Se você recusar esta opção, você precisará gerenciar a configuração de " +"autenticação do seu sistema manualmente." + +#. Type: error +#. Description +#: ../libpam-runtime.templates:5001 +msgid "No PAM profiles have been selected." +msgstr "Nenhum perfil PAM foi selecionado." + +#. Type: error +#. Description +#: ../libpam-runtime.templates:5001 +msgid "" +"No PAM profiles have been selected for use on this system. This would grant " +"all users access without authenticating, and is not allowed. Please select " +"at least one PAM profile from the available list." +msgstr "" +"Nenhum perfil PAM foi selecionado para uso neste sistema. Isto garantiria a " +"todos os usuários acesso sem autenticação, e isto não é permitido. Por " +"favor, selecione no mínimo um perfil PAM da lista disponível." + +#. Type: error +#. Description +#: ../libpam-modules.templates:1001 +msgid "xscreensaver and xlockmore must be restarted before upgrading" +msgstr "xscreensaver e xlockmore devem ser reiniciados antes da atualização" + +#. Type: error +#. Description +#: ../libpam-modules.templates:1001 +msgid "" +"One or more running instances of xscreensaver or xlockmore have been " +"detected on this system. Because of incompatible library changes, the " +"upgrade of the libpam-modules package will leave you unable to authenticate " +"to these programs. You should arrange for these programs to be restarted or " +"stopped before continuing this upgrade, to avoid locking your users out of " +"their current sessions." +msgstr "" +"Uma ou mais instâncias do xscreensaver ou do xlockmore foram detectadas em " +"execução neste sistema. Por causa de modificações incompatíveis de " +"biblioteca, a atualização do pacote libpam-modules impossibilitará você de " +"se autenticar nestes programas. Você deve providenciar que estes programas " +"sejam reiniciados ou parados antes de continuar com esta atualização, para " +"evitar bloquear seus usuários fora de suas sessões atuais." diff --git a/debian/po/ro.po b/debian/po/ro.po new file mode 100644 index 00000000..edbede44 --- /dev/null +++ b/debian/po/ro.po @@ -0,0 +1,227 @@ +# Romanian translation of pam debconf templates +# Debconf questions for the Linux-PAM package. +# Copyright (C) 2007 Steve Langasek <vorlon@debian.org> +# This file is distributed under the same license as the pam package. +# +# Igor Stirbu <igor.stirbu@gmail.com>, 2008. +# Eddy Petrișor <eddy.petrisor@gmail.com>, 2009. +msgid "" +msgstr "" +"Project-Id-Version: pam 1.0.1-7\n" +"Report-Msgid-Bugs-To: pam@packages.debian.org\n" +"POT-Creation-Date: 2011-10-30 15:05-0400\n" +"PO-Revision-Date: 2011-03-29 13:01-0700\n" +"Last-Translator: Eddy Petrișor <eddy.petrisor@gmail.com>\n" +"Language-Team: Romanian <debian-l10n-romanian@lists.debian.org>\n" +"Language: ro\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: KBabel 1.11.4\n" +"Plural-Forms: nplurals=3; plural=n==1 ? 0 : (n==0 || (n%100 > 0 && n%100 < " +"20)) ? 1 : 2;\n" + +#. Type: string +#. Description +#: ../libpam0g.templates:1001 +msgid "Services to restart for PAM library upgrade:" +msgstr "Serviciile repornite la actualizarea bibliotecii PAM:" + +#. Type: string +#. Description +#: ../libpam0g.templates:1001 +msgid "" +"Most services that use PAM need to be restarted to use modules built for " +"this new version of libpam. Please review the following space-separated " +"list of init.d scripts for services to be restarted now, and correct it if " +"needed." +msgstr "" +"Majoritatea serviciilor ce folosesc PAM trebuie repornite pentru a folosi " +"modulele pentru noua versiune de libpam. Următoarea listă folosește ca " +"separator spațiul și conține script-uri init.d care urmează să fie repornite " +"acum; verificați-o și corectați-o, dacă este necesar." + +#. Type: error +#. Description +#: ../libpam0g.templates:2001 +msgid "Display manager must be restarted manually" +msgstr "Administratorul de ecran trebuie repornit manual" + +#. Type: error +#. Description +#: ../libpam0g.templates:2001 +msgid "" +"The wdm and xdm display managers require a restart for the new version of " +"libpam, but there are X login sessions active on your system that would be " +"terminated by this restart. You will therefore need to restart these " +"services by hand before further X logins will be possible." +msgstr "" +"Administratorii de ecran wdm și xdm trebuie reporniți pentru ca să " +"folosească noua versiune de libpam, dar sunt sesiuni active de X pe sistemul " +"dumneavoastră care ar fi oprite odată cu această repornire. Drept urmare, " +"trebuie să reporniți manual aceste servicii înainte ca autentificările X " +"ulterioare să fie posibile." + +#. Type: error +#. Description +#: ../libpam0g.templates:3001 +msgid "Failure restarting some services for PAM upgrade" +msgstr "Eșec la repornirea unor servicii la actualizarea PAM" + +#. Type: error +#. Description +#: ../libpam0g.templates:3001 +msgid "" +"The following services could not be restarted for the PAM library upgrade:" +msgstr "" +"Următoarele servicii nu au putut fi repornite la actualizarea bibliotecii " +"PAM:" + +#. Type: error +#. Description +#: ../libpam0g.templates:3001 +msgid "" +"You will need to start these manually by running '/etc/init.d/<service> " +"start'." +msgstr "" +"Trebuie să reporniți manual aceste servicii rulând „/etc/init.d/<serviciu> " +"start”" + +#. Type: boolean +#. Description +#: ../libpam0g.templates:4001 +msgid "Restart services during package upgrades without asking?" +msgstr "" + +#. Type: boolean +#. Description +#: ../libpam0g.templates:4001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr "" + +#. Type: title +#. Description +#: ../libpam-runtime.templates:1001 +msgid "PAM configuration" +msgstr "" + +#. Type: multiselect +#. Description +#: ../libpam-runtime.templates:2001 +msgid "PAM profiles to enable:" +msgstr "Profile PAM de activat:" + +#. Type: multiselect +#. Description +#: ../libpam-runtime.templates:2001 +msgid "" +"Pluggable Authentication Modules (PAM) determine how authentication, " +"authorization, and password changing are handled on the system, as well as " +"allowing configuration of additional actions to take when starting user " +"sessions." +msgstr "" +"Modulele de autentificare conectabile (PAM) definesc cum se manevrează în " +"sistem autentificările, autorizațiile și schimbările de parole, dar permite " +"și adăugarea de diverse acțiuni ce se vor efectua la pornirea sesiunilor " +"utilizatorilor." + +#. Type: multiselect +#. Description +#: ../libpam-runtime.templates:2001 +msgid "" +"Some PAM module packages provide profiles that can be used to automatically " +"adjust the behavior of all PAM-using applications on the system. Please " +"indicate which of these behaviors you wish to enable." +msgstr "" +"Unele pachete de module PAM furnizează profile care pot fi folosite pentru " +"ajustarea automată a comportamentului aplicațiilor din sistem care folosesc " +"PAM. Indicați pe care dintre aceste comportamente le doriți activate." + +#. Type: error +#. Description +#: ../libpam-runtime.templates:3001 +msgid "Incompatible PAM profiles selected." +msgstr "Selecție de profile PAM incompatibile." + +#. Type: error +#. Description +#. This paragraph is followed by a (currently) non-translatable list of +#. PAM profile names. +#: ../libpam-runtime.templates:3001 +msgid "The following PAM profiles cannot be used together:" +msgstr "Următoarele profile PAM nu pot fi folosite împreună:" + +#. Type: error +#. Description +#: ../libpam-runtime.templates:3001 +msgid "Please select a different set of modules to enable." +msgstr "Selectați un alt set de module de activat." + +#. Type: boolean +#. Description +#: ../libpam-runtime.templates:4001 +msgid "Override local changes to /etc/pam.d/common-*?" +msgstr "Se ignoră schimbările locale făcute în /etc/pam.d/common-*?" + +#. Type: boolean +#. Description +#: ../libpam-runtime.templates:4001 +msgid "" +"One or more of the files /etc/pam.d/common-{auth,account,password,session} " +"have been locally modified. Please indicate whether these local changes " +"should be overridden using the system-provided configuration. If you " +"decline this option, you will need to manage your system's authentication " +"configuration by hand." +msgstr "" +"Există modificari locale într-unul sau mai multe dintre fișierele /etc/pam.d/" +"common-{auth,account,password,session}. Precizați dacă aceste schimbări " +"locale trebuie suprascrise cu configurația oferită de sistem. Dacă refuzați, " +"va trebui să administrați manual configurația de autentificare a sistemului." + +#. Type: error +#. Description +#: ../libpam-runtime.templates:5001 +#, fuzzy +#| msgid "Incompatible PAM profiles selected." +msgid "No PAM profiles have been selected." +msgstr "Selecție de profile PAM incompatibile." + +#. Type: error +#. Description +#: ../libpam-runtime.templates:5001 +msgid "" +"No PAM profiles have been selected for use on this system. This would grant " +"all users access without authenticating, and is not allowed. Please select " +"at least one PAM profile from the available list." +msgstr "" + +#. Type: error +#. Description +#: ../libpam-modules.templates:1001 +msgid "xscreensaver and xlockmore must be restarted before upgrading" +msgstr "xscreensaver și xlockmore trebuie repornite înainte de înnoire" + +#. Type: error +#. Description +#: ../libpam-modules.templates:1001 +msgid "" +"One or more running instances of xscreensaver or xlockmore have been " +"detected on this system. Because of incompatible library changes, the " +"upgrade of the libpam-modules package will leave you unable to authenticate " +"to these programs. You should arrange for these programs to be restarted or " +"stopped before continuing this upgrade, to avoid locking your users out of " +"their current sessions." +msgstr "" +"în sistem s-a detectat cel puțin o instanță activa de xscreensaver sau " +"xlockmore. Datorită unor schimbări de compatibilitate în biblioteci, " +"înnoirea pachetului libpam-modules nu vă va mai permite să vă autentificați " +"în aceste programe. Va trebui să aranjați lucrurile în așa fel încât aceste " +"programe să fie repornite sau oprite înainte de a continua înnoirea pentru a " +"evita blocarea utilizatorilor în afara sesiunilor lor curente." diff --git a/debian/po/ru.po b/debian/po/ru.po new file mode 100644 index 00000000..b9b755e4 --- /dev/null +++ b/debian/po/ru.po @@ -0,0 +1,230 @@ +# translation of ru.po to Russian +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the pam package. +# +# Yuri Kozlov <kozlov.y@gmail.com>, 2007. +# Max Kosmach <max@tcen.ru>, 2009. +# Yuri Kozlov <yuray@komyakino.ru>, 2009, 2011. +msgid "" +msgstr "" +"Project-Id-Version: pam 1.1.3-6\n" +"Report-Msgid-Bugs-To: pam@packages.debian.org\n" +"POT-Creation-Date: 2011-10-30 15:05-0400\n" +"PO-Revision-Date: 2011-12-04 09:00+0400\n" +"Last-Translator: Yuri Kozlov <yuray@komyakino.ru>\n" +"Language-Team: Russian <debian-l10n-russian@lists.debian.org>\n" +"Language: ru\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: Lokalize 1.0\n" +"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n" +"%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" + +#. Type: string +#. Description +#: ../libpam0g.templates:1001 +msgid "Services to restart for PAM library upgrade:" +msgstr "Службы, которые будут перезапущены после обновления библиотеки PAM:" + +#. Type: string +#. Description +#: ../libpam0g.templates:1001 +msgid "" +"Most services that use PAM need to be restarted to use modules built for " +"this new version of libpam. Please review the following space-separated " +"list of init.d scripts for services to be restarted now, and correct it if " +"needed." +msgstr "" +"Чтобы задействовать новые версии модулей из libpam нужно перезапустить " +"большинство служб, использующих PAM. Внимательно просмотрите и, при " +"необходимости, отредактируйте список сценариев из init.d для служб, которые " +"будут перезапущены. Элементы списка разделяются пробелом." + +#. Type: error +#. Description +#: ../libpam0g.templates:2001 +msgid "Display manager must be restarted manually" +msgstr "Программу входа в систему нужно перезапустить вручную" + +#. Type: error +#. Description +#: ../libpam0g.templates:2001 +msgid "" +"The wdm and xdm display managers require a restart for the new version of " +"libpam, but there are X login sessions active on your system that would be " +"terminated by this restart. You will therefore need to restart these " +"services by hand before further X logins will be possible." +msgstr "" +"Для работы с новой версией libpam программам для входа в систему wdm и xdm " +"требуется перезапуск, но это прервёт все запущенные X-сеансы. Поэтому вам " +"нужно перезапустить эти службы вручную для того, чтобы можно было снова " +"входить в систему через X." + +#. Type: error +#. Description +#: ../libpam0g.templates:3001 +msgid "Failure restarting some services for PAM upgrade" +msgstr "При обновлении PAM перезапуск некоторых служб завершился неудачно" + +#. Type: error +#. Description +#: ../libpam0g.templates:3001 +msgid "" +"The following services could not be restarted for the PAM library upgrade:" +msgstr "" +"При обновлении библиотеки PAM не удалось перезапустить следующие службы:" + +#. Type: error +#. Description +#: ../libpam0g.templates:3001 +msgid "" +"You will need to start these manually by running '/etc/init.d/<service> " +"start'." +msgstr "Вам нужно запустить их вручную, выполнив '/etc/init.d/<служба> start'." + +#. Type: boolean +#. Description +#: ../libpam0g.templates:4001 +msgid "Restart services during package upgrades without asking?" +msgstr "Перезапускать службы при обновлении пакета не задавая вопрос?" + +#. Type: boolean +#. Description +#: ../libpam0g.templates:4001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr "" +"В системе установлены службы, которые требуют перезапуска после обновления " +"определённых библиотек (например, libpam, libc и libssl). Так как это может " +"вызвать перерыв в работе службы, обычно, при каждом обновлении выдаётся " +"список служб, которые нужно перезапустить. Чтобы этот вопрос не задавался, " +"вы можете ответить утвердительно; в этом случае все необходимые службы будут " +"перезапущены автоматически." + +#. Type: title +#. Description +#: ../libpam-runtime.templates:1001 +msgid "PAM configuration" +msgstr "Настройка PAM" + +#. Type: multiselect +#. Description +#: ../libpam-runtime.templates:2001 +msgid "PAM profiles to enable:" +msgstr "Активируемые профили PAM:" + +#. Type: multiselect +#. Description +#: ../libpam-runtime.templates:2001 +msgid "" +"Pluggable Authentication Modules (PAM) determine how authentication, " +"authorization, and password changing are handled on the system, as well as " +"allowing configuration of additional actions to take when starting user " +"sessions." +msgstr "" +"Через подключаемые модули аутентификации (PAM) указывается как нужно " +"проводить аутентификацию, авторизацию и смену пароля в системе, а также " +"можно назначать запуск дополнительных действий при старте пользовательского " +"сеанса." + +#. Type: multiselect +#. Description +#: ../libpam-runtime.templates:2001 +msgid "" +"Some PAM module packages provide profiles that can be used to automatically " +"adjust the behavior of all PAM-using applications on the system. Please " +"indicate which of these behaviors you wish to enable." +msgstr "" +"Некоторые пакеты модулей PAM предоставляют профили, которые можно " +"использовать для автоматического регулирования поведения всех использующих " +"PAM программ в системе. Выберите профили, которые нужно применить." + +#. Type: error +#. Description +#: ../libpam-runtime.templates:3001 +msgid "Incompatible PAM profiles selected." +msgstr "Выбраны несовместимые профили PAM." + +#. Type: error +#. Description +#. This paragraph is followed by a (currently) non-translatable list of +#. PAM profile names. +#: ../libpam-runtime.templates:3001 +msgid "The following PAM profiles cannot be used together:" +msgstr "Следующие профили PAM нельзя использовать одновременно:" + +#. Type: error +#. Description +#: ../libpam-runtime.templates:3001 +msgid "Please select a different set of modules to enable." +msgstr "Выберите другой набор активируемых модулей." + +#. Type: boolean +#. Description +#: ../libpam-runtime.templates:4001 +msgid "Override local changes to /etc/pam.d/common-*?" +msgstr "Переопределить локальные изменения в /etc/pam.d/common-*?" + +#. Type: boolean +#. Description +#: ../libpam-runtime.templates:4001 +msgid "" +"One or more of the files /etc/pam.d/common-{auth,account,password,session} " +"have been locally modified. Please indicate whether these local changes " +"should be overridden using the system-provided configuration. If you " +"decline this option, you will need to manage your system's authentication " +"configuration by hand." +msgstr "" +"Один или более файлов в /etc/pam.d/common-{auth,account,password,session} " +"был изменён вручную. Заметьте, что данные локальные изменения должны быть " +"переопределены через системные настройки. Если вы ответите отрицательно, то " +"вам придётся управлять настройками аутентификации системы вручную." + +#. Type: error +#. Description +#: ../libpam-runtime.templates:5001 +msgid "No PAM profiles have been selected." +msgstr "Профили PAM не выбраны." + +#. Type: error +#. Description +#: ../libpam-runtime.templates:5001 +msgid "" +"No PAM profiles have been selected for use on this system. This would grant " +"all users access without authenticating, and is not allowed. Please select " +"at least one PAM profile from the available list." +msgstr "" +"В системе для работы не выбрано ни одного профиля PAM. Это предоставит " +"полный доступ всем пользователям без аутентификации, что нежелательно. " +"Выберите, по крайней мере, один профиль PAM из доступных." + +#. Type: error +#. Description +#: ../libpam-modules.templates:1001 +msgid "xscreensaver and xlockmore must be restarted before upgrading" +msgstr "Перед обновлением требуется перезапустить xscreensaver и xlockmore" + +#. Type: error +#. Description +#: ../libpam-modules.templates:1001 +msgid "" +"One or more running instances of xscreensaver or xlockmore have been " +"detected on this system. Because of incompatible library changes, the " +"upgrade of the libpam-modules package will leave you unable to authenticate " +"to these programs. You should arrange for these programs to be restarted or " +"stopped before continuing this upgrade, to avoid locking your users out of " +"their current sessions." +msgstr "" +"Обнаружено, что в системе запущен один или несколько процессов xscreensaver " +"или xlockmore. Из-за изменений в библиотеке, обновление пакета libpam-" +"modules приведёт к невозможности выполнения аутентификации из этих программ. " +"Перед тем как продолжить обновление вам нужно перезапустить или остановить " +"работу этих программ, чтобы избежать блокировки пользователей в их активных " +"сеансах." diff --git a/debian/po/sk.po b/debian/po/sk.po new file mode 100644 index 00000000..662ac9ad --- /dev/null +++ b/debian/po/sk.po @@ -0,0 +1,227 @@ +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the pam package. +# Ivan Masár <helix84@centrum.sk>, 2008, 2009, 2010, 2012. +# +msgid "" +msgstr "" +"Project-Id-Version: pam\n" +"Report-Msgid-Bugs-To: pam@packages.debian.org\n" +"POT-Creation-Date: 2011-10-30 15:05-0400\n" +"PO-Revision-Date: 2012-01-19 22:37+0100\n" +"Last-Translator: Ivan Masár <helix84@centrum.sk>\n" +"Language-Team: Slovak <sk-i18n@lists.linux.sk>\n" +"Language: sk\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: string +#. Description +#: ../libpam0g.templates:1001 +msgid "Services to restart for PAM library upgrade:" +msgstr "Pri aktualizácii knižnice PAM reštartovať nasledovné služby:" + +#. Type: string +#. Description +#: ../libpam0g.templates:1001 +msgid "" +"Most services that use PAM need to be restarted to use modules built for " +"this new version of libpam. Please review the following space-separated " +"list of init.d scripts for services to be restarted now, and correct it if " +"needed." +msgstr "" +"Väčšinu služieb využívajúcich PAM je potrebné reštartovať, aby začali " +"používať moduly zostavené pre túto novú verziu libpam. Prosím, skontrolujte " +"nasledovný zoznam init.d skriptov (oddelené čiarkami), ktoré sa majú teraz " +"reštartovať a ak je to potrebné, opravte ho." + +#. Type: error +#. Description +#: ../libpam0g.templates:2001 +msgid "Display manager must be restarted manually" +msgstr "Správcu obrazovky je potrebné reštartovať ručne" + +#. Type: error +#. Description +#: ../libpam0g.templates:2001 +msgid "" +"The wdm and xdm display managers require a restart for the new version of " +"libpam, but there are X login sessions active on your system that would be " +"terminated by this restart. You will therefore need to restart these " +"services by hand before further X logins will be possible." +msgstr "" +"Správcovia obrazovky wdm a xdm vyžadujú reštart kvôli novej verzii libpam, " +"ale na vašom systéme sú aktívne prihlasovacie relácie X, ktoré by tento " +"reštart ukončil. Preto tieto služby budete musieť reštartovať ručne predtým, " +"než bude možné uskutočniť ďalšie prihlásenie k X." + +#. Type: error +#. Description +#: ../libpam0g.templates:3001 +msgid "Failure restarting some services for PAM upgrade" +msgstr "Zlyhal reštart niektorých služieb pri aktualizácii PAM" + +#. Type: error +#. Description +#: ../libpam0g.templates:3001 +msgid "" +"The following services could not be restarted for the PAM library upgrade:" +msgstr "" +"Nasledovné služby nebolo možné reštartovať pri aktualizácii knižnice PAM:" + +#. Type: error +#. Description +#: ../libpam0g.templates:3001 +msgid "" +"You will need to start these manually by running '/etc/init.d/<service> " +"start'." +msgstr "" +"Budete ich musieť reštartovať ručne spustením „/etc/init.d/<service> start”." + +#. Type: boolean +#. Description +#: ../libpam0g.templates:4001 +msgid "Restart services during package upgrades without asking?" +msgstr "Reštartovať služby počas aktualizácií balíka bez pýtania?" + +#. Type: boolean +#. Description +#: ../libpam0g.templates:4001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr "" +"Na vašom systéme bežia služby, ktoré ne potrebné reštartovať pri " +"aktualizácii určitých knižníc ako libpam, libc a libssl. Pretože tieto " +"reštarty môžu spôsobiť prerušenia služby systému, za bežných okolností " +"budete vyzvaní pri každej aktualizácie so zoznamom služieb, ktoré chcete " +"reštartovať. Túto voľbu môžete vybrať, ak nechcete byť vyzývaný, ale " +"namiesto toho chcete, aby sa všetky potrebné reštarty vykonali automaticky " +"za vás a tak sa vyhnúť kladeniu otázok pri každej aktualizácii knižnice." + +#. Type: title +#. Description +#: ../libpam-runtime.templates:1001 +msgid "PAM configuration" +msgstr "Konfigurácia PAM" + +#. Type: multiselect +#. Description +#: ../libpam-runtime.templates:2001 +msgid "PAM profiles to enable:" +msgstr "Zapnúř nasledovné profily PAM:" + +#. Type: multiselect +#. Description +#: ../libpam-runtime.templates:2001 +msgid "" +"Pluggable Authentication Modules (PAM) determine how authentication, " +"authorization, and password changing are handled on the system, as well as " +"allowing configuration of additional actions to take when starting user " +"sessions." +msgstr "" +"Zásuvné autentifikačné moduly (PAM) určujú ako systém pracuje s " +"autentifikáciou, autorizáciou, zmenou hesiel a umožňuje tiež nastavenie " +"ďalších operácií, ktoré sa majú vykonať pri prihlásení používateľa." + +#. Type: multiselect +#. Description +#: ../libpam-runtime.templates:2001 +msgid "" +"Some PAM module packages provide profiles that can be used to automatically " +"adjust the behavior of all PAM-using applications on the system. Please " +"indicate which of these behaviors you wish to enable." +msgstr "" +"Niektoré balíky modulov PAM poskytujú profily, ktorými možno automaticky " +"prisôpsobiť správanie všetkých aplikácií v systéme, ktoré používajú PAM. " +"Prosím označte tie z nich, ktoré chcete zapnúť." + +#. Type: error +#. Description +#: ../libpam-runtime.templates:3001 +msgid "Incompatible PAM profiles selected." +msgstr "Boli vybrané nekompatibilné profily PAM." + +#. Type: error +#. Description +#. This paragraph is followed by a (currently) non-translatable list of +#. PAM profile names. +#: ../libpam-runtime.templates:3001 +msgid "The following PAM profiles cannot be used together:" +msgstr "Nasledovné profily PAM nemožno použiť súčasne:" + +#. Type: error +#. Description +#: ../libpam-runtime.templates:3001 +msgid "Please select a different set of modules to enable." +msgstr "Prosím, zmeňte množinu modulov, ktoré sa majú zapnúť." + +#. Type: boolean +#. Description +#: ../libpam-runtime.templates:4001 +msgid "Override local changes to /etc/pam.d/common-*?" +msgstr "Prepísať lokálne zmeny v /etc/pam.d/common-*?" + +#. Type: boolean +#. Description +#: ../libpam-runtime.templates:4001 +msgid "" +"One or more of the files /etc/pam.d/common-{auth,account,password,session} " +"have been locally modified. Please indicate whether these local changes " +"should be overridden using the system-provided configuration. If you " +"decline this option, you will need to manage your system's authentication " +"configuration by hand." +msgstr "" +"Jeden alebo viac zo súborov /etc/pam.d/common-{auth,account,password," +"session} bolo na lokálnom systéme zmenených. Uveďte prosím, či sa majú tieto " +"lokálne zmeny prepísať štandardnými konfiguračnými voľbami. Ak túto možnosť " +"zamietnete, budete musieť spravovať nastavenia autentifikácie tohto systému " +"ručne." + +#. Type: error +#. Description +#: ../libpam-runtime.templates:5001 +msgid "No PAM profiles have been selected." +msgstr "Neboli vybrané žiadne profily PAM." + +#. Type: error +#. Description +#: ../libpam-runtime.templates:5001 +msgid "" +"No PAM profiles have been selected for use on this system. This would grant " +"all users access without authenticating, and is not allowed. Please select " +"at least one PAM profile from the available list." +msgstr "" +"Pre tento systém neboli vybrané žiadne profily PAM. To by udelilo všetkým " +"používateľom prístup bez overovania a to nie je povolené. Prosím, vyberte " +"aspoň jeden profil PAM zo zoznamu dostupných profilov." + +#. Type: error +#. Description +#: ../libpam-modules.templates:1001 +msgid "xscreensaver and xlockmore must be restarted before upgrading" +msgstr "Pred aktualizáciou je potrebné reštartovať xscreensaver a xlockmore" + +#. Type: error +#. Description +#: ../libpam-modules.templates:1001 +msgid "" +"One or more running instances of xscreensaver or xlockmore have been " +"detected on this system. Because of incompatible library changes, the " +"upgrade of the libpam-modules package will leave you unable to authenticate " +"to these programs. You should arrange for these programs to be restarted or " +"stopped before continuing this upgrade, to avoid locking your users out of " +"their current sessions." +msgstr "" +"Na tomto systéme bola zistená jedna alebo viacero bežiacich inštancií " +"programov xscreensaver alebo xlockmore. Z dôvodu nekomaptibilných zmien v " +"knižniciach balíka libpam-modules by ste po aktualizácii neboli schopní " +"overiť sa týmto programom. Mali by ste zariadiť, aby sa tieto programy " +"reštartovali alebo zastavili predtým, než budete v tejto aktualizácii " +"pokračovať, aby ste predišli tomu, že používatelia sa nebudú môcť prihlásiť " +"zo svojich súčasných relácií." diff --git a/debian/po/sv.po b/debian/po/sv.po new file mode 100644 index 00000000..f56344ee --- /dev/null +++ b/debian/po/sv.po @@ -0,0 +1,269 @@ +# Debconf questions for the pam package translated to Swedish. +# Copyright (C) 2007 Steve Langasek <vorlon@debian.org> +# This file is distributed under the same license as the pam package. +# +# Martin Bagge <brother@bsnet.se>, 2009, 2010, 2011 +# Christer Andersson <klamm@comhem.se>, 2007. +msgid "" +msgstr "" +"Project-Id-Version: pam 0.99.7.1-5\n" +"Report-Msgid-Bugs-To: pam@packages.debian.org\n" +"POT-Creation-Date: 2011-10-30 15:05-0400\n" +"PO-Revision-Date: 2014-04-08 11:37+0200\n" +"Last-Translator: Martin Bagge / brother <brother@bsnet.se>\n" +"Language-Team: Swedish <debian-l10n-swedish@lists.debian.org>\n" +"Language: sv\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=utf-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Poedit-Language: Swedish\n" +"X-Poedit-Country: Sweden\n" + +#. Type: string +#. Description +#: ../libpam0g.templates:1001 +msgid "Services to restart for PAM library upgrade:" +msgstr "Tjänster att starta om efter uppgradering av PAM-biblioteket:" + +#. Type: string +#. Description +#: ../libpam0g.templates:1001 +msgid "" +"Most services that use PAM need to be restarted to use modules built for " +"this new version of libpam. Please review the following space-separated " +"list of init.d scripts for services to be restarted now, and correct it if " +"needed." +msgstr "" +"De flesta tjänster som använder PAM behöver startas om för att använda " +"moduler som byggts för denna nya libpam-version. Gå igenom följande lista av " +"init.d-skript (separerade med mellanslag) för tjänster som nu kommer att " +"startas om och korrigera den om nödvändigt." + +#. Type: error +#. Description +#: ../libpam0g.templates:2001 +msgid "Display manager must be restarted manually" +msgstr "Skärmhanterare måste startas om manuellt" + +#. Type: error +#. Description +#: ../libpam0g.templates:2001 +msgid "" +"The wdm and xdm display managers require a restart for the new version of " +"libpam, but there are X login sessions active on your system that would be " +"terminated by this restart. You will therefore need to restart these " +"services by hand before further X logins will be possible." +msgstr "" +"Skärmhanterarna wdm och xdm måste startas om för den nya versionen av libpam " +"men det finns X-inloggningssessioner som skulle avslutas av en sådan " +"omstart. Du behöver därför starta om dessa tjänster manuellt innan " +"ytterligare X-inloggningar är möjliga." + +#. Type: error +#. Description +#: ../libpam0g.templates:3001 +msgid "Failure restarting some services for PAM upgrade" +msgstr "Misslyckades med att starta om vissa tjänster för PAM-uppgradering" + +#. Type: error +#. Description +#: ../libpam0g.templates:3001 +msgid "" +"The following services could not be restarted for the PAM library upgrade:" +msgstr "" +"Följande tjänster kunde inte startas om efter uppgraderingen av PAM-" +"biblioteket:" + +#. Type: error +#. Description +#: ../libpam0g.templates:3001 +msgid "" +"You will need to start these manually by running '/etc/init.d/<service> " +"start'." +msgstr "" +"Du behöver starta om dessa manuellt genom att köra \"/etc/init.d/<tjänst> " +"start\"." + +#. Type: boolean +#. Description +#: ../libpam0g.templates:4001 +msgid "Restart services during package upgrades without asking?" +msgstr "" +"Ska tjänster startas om vid paketuppgraderingar utan att först fråga om det?" + +#. Type: boolean +#. Description +#: ../libpam0g.templates:4001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr "" +"Det finns tjänster installerade på systemet som behöver startas om när vissa " +"bibliotek (ex. libpam, libc och libssl) uppdateras. Eftersom dessa omstarter " +"kan innebära avbrott i tjänsterna på systemet kommer du vanligen att få en " +"fråga för varje uppgradering med en lista över tjänster som ska startas om. " +"Du kan välja detta alternativ för att undvika att frågan ställs. Istället " +"kommer alla nödvändiga omstarter att skötas automatiskt och du undviker " +"frågor vid varje biblioteksuppgradering." + +#. Type: title +#. Description +#: ../libpam-runtime.templates:1001 +msgid "PAM configuration" +msgstr "PAM-inställningar" + +#. Type: multiselect +#. Description +#: ../libpam-runtime.templates:2001 +msgid "PAM profiles to enable:" +msgstr "Aktivera följande PAM-profiler:" + +#. Type: multiselect +#. Description +#: ../libpam-runtime.templates:2001 +msgid "" +"Pluggable Authentication Modules (PAM) determine how authentication, " +"authorization, and password changing are handled on the system, as well as " +"allowing configuration of additional actions to take when starting user " +"sessions." +msgstr "" +"Pluggable Authentication Modules (PAM) hanterar hur autentisering, " +"identifiering och byte av lösenord ska utföras på systemet. Dessutom " +"hanteras särskilda åtgärder som ska vidtas vid uppstart av " +"användarsessioner." + +#. Type: multiselect +#. Description +#: ../libpam-runtime.templates:2001 +msgid "" +"Some PAM module packages provide profiles that can be used to automatically " +"adjust the behavior of all PAM-using applications on the system. Please " +"indicate which of these behaviors you wish to enable." +msgstr "" +"Vissa paket med PAM-moduler tillhandahåller profiler som kan användas för " +"att automatiskt justera hur applikationer som använder PAM fungerar på " +"systemet. Ange vilka av dessa funktioner du önskar aktivera." + +#. Type: error +#. Description +#: ../libpam-runtime.templates:3001 +msgid "Incompatible PAM profiles selected." +msgstr "Inkompatibla PAM-profiler valdes." + +#. Type: error +#. Description +#. This paragraph is followed by a (currently) non-translatable list of +#. PAM profile names. +#: ../libpam-runtime.templates:3001 +msgid "The following PAM profiles cannot be used together:" +msgstr "Följande PAM-profiler kan inte användas tillsammans:" + +#. Type: error +#. Description +#: ../libpam-runtime.templates:3001 +msgid "Please select a different set of modules to enable." +msgstr "Ange en annan uppsättning med moduler som ska aktiveras." + +#. Type: boolean +#. Description +#: ../libpam-runtime.templates:4001 +msgid "Override local changes to /etc/pam.d/common-*?" +msgstr "Skriv över lokala förändringar i /etc/pam.d/common-*?" + +#. Type: boolean +#. Description +#: ../libpam-runtime.templates:4001 +msgid "" +"One or more of the files /etc/pam.d/common-{auth,account,password,session} " +"have been locally modified. Please indicate whether these local changes " +"should be overridden using the system-provided configuration. If you " +"decline this option, you will need to manage your system's authentication " +"configuration by hand." +msgstr "" +"En eller flera av filerna /etc/pam.d/common-{auth,account.password,session} " +"har förändrats. Ange om dessa lokala förändringar ska skrivas över med " +"standardinställningarna. Om du avböjer detta alternativ kommer du behöva " +"hantera inställningarna för systemets autentisering manuellt." + +#. Type: error +#. Description +#: ../libpam-runtime.templates:5001 +msgid "No PAM profiles have been selected." +msgstr "Inga PAM-profiler valdes." + +#. Type: error +#. Description +#: ../libpam-runtime.templates:5001 +msgid "" +"No PAM profiles have been selected for use on this system. This would grant " +"all users access without authenticating, and is not allowed. Please select " +"at least one PAM profile from the available list." +msgstr "" +"Inga PAM-profiler används på detta system. Detta skulle ge alla användare " +"tillgång till systemet utan att behöva ange lösenord och det kan inte " +"tillåtas. välj åtminstone en PAM-profil från listan med tillgängliga " +"profiler." + +#. Type: error +#. Description +#: ../libpam-modules.templates:1001 +msgid "xscreensaver and xlockmore must be restarted before upgrading" +msgstr "" +"xscreensaver och xlockmore måste startas om innan uppgraderingen kan " +"genomföras" + +#. Type: error +#. Description +#: ../libpam-modules.templates:1001 +msgid "" +"One or more running instances of xscreensaver or xlockmore have been " +"detected on this system. Because of incompatible library changes, the " +"upgrade of the libpam-modules package will leave you unable to authenticate " +"to these programs. You should arrange for these programs to be restarted or " +"stopped before continuing this upgrade, to avoid locking your users out of " +"their current sessions." +msgstr "" +"En eller flera instanser av xscreensaver eller xlockmore körs på det här " +"systemet. På grund av förändringar i biblioteket kan uppgraderingen av " +"paketet libpam-modules innebära att du inte kan identifiera dig i dessa " +"program. Programmen behöver startas om eller allra helst stängas av helt " +"före uppgraderingen, resultatet kan annars innebära att du inte kan komma åt " +"dina aktiva sessioner på systemet." + +#~ msgid "Your system allowed access without a password!" +#~ msgstr "Ditt system tillät anslutningar utan lösenord!" + +#~ msgid "" +#~ "A bug in a previous version of libpam-runtime resulted in no PAM profiles " +#~ "being selected for use on this system. As a result, access was allowed " +#~ "for a time to all accounts on your system, with or without a correct " +#~ "password. Especially if this system can be accessed from the Internet, it " +#~ "is likely that it has been compromised. Unless you are familiar with " +#~ "recovering from security failures, viruses, and malicious software, you " +#~ "should re-install this system from scratch or obtain the services of a " +#~ "skilled system administrator. For more information, see:" +#~ msgstr "" +#~ "Ett fel i en tidigare version av libpam-runtime innebar att inga PAM-" +#~ "profiler användes på systemet. Detta betydde i sin tur att alla konton på " +#~ "systemet kunde använda skal, med eller utan ett korrekt lösenord. Om " +#~ "detta system är åtkomligt via nätet är det mycket troligt att det kan ha " +#~ "infiltrerats. Om du inte är säker på hur du ska återställa eventuella fel " +#~ "på grund av intrång, virus eller skadlig programvara bör du installera om " +#~ "systemet från grunden eller inhämta hjälp av en erfaren " +#~ "systemadministratör. Läs mer om detta på:" + +#~ msgid "" +#~ "The bug that allowed this wrong configuration is fixed in the current " +#~ "version of libpam-runtime, and your configuration has now been corrected. " +#~ "We apologize that previous versions of libpam-runtime did not detect and " +#~ "prevent this situation." +#~ msgstr "" +#~ "Felet som orsakade dessa problem är åtgärdat i och med den aktuella " +#~ "versionen av libpam-runtime och dina inställningar ha korrigerats. Vi ber " +#~ "om ursäkt för att tidigare versioner av libpam-runtime inte upptäckte och " +#~ "förhindrade att dessa fel uppstod." diff --git a/debian/po/templates.pot b/debian/po/templates.pot new file mode 100644 index 00000000..84a5fc37 --- /dev/null +++ b/debian/po/templates.pot @@ -0,0 +1,191 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"Report-Msgid-Bugs-To: pam@packages.debian.org\n" +"POT-Creation-Date: 2011-10-30 15:05-0400\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" +"Language-Team: LANGUAGE <LL@li.org>\n" +"Language: \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=CHARSET\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: string +#. Description +#: ../libpam0g.templates:1001 +msgid "Services to restart for PAM library upgrade:" +msgstr "" + +#. Type: string +#. Description +#: ../libpam0g.templates:1001 +msgid "" +"Most services that use PAM need to be restarted to use modules built for " +"this new version of libpam. Please review the following space-separated " +"list of init.d scripts for services to be restarted now, and correct it if " +"needed." +msgstr "" + +#. Type: error +#. Description +#: ../libpam0g.templates:2001 +msgid "Display manager must be restarted manually" +msgstr "" + +#. Type: error +#. Description +#: ../libpam0g.templates:2001 +msgid "" +"The wdm and xdm display managers require a restart for the new version of " +"libpam, but there are X login sessions active on your system that would be " +"terminated by this restart. You will therefore need to restart these " +"services by hand before further X logins will be possible." +msgstr "" + +#. Type: error +#. Description +#: ../libpam0g.templates:3001 +msgid "Failure restarting some services for PAM upgrade" +msgstr "" + +#. Type: error +#. Description +#: ../libpam0g.templates:3001 +msgid "" +"The following services could not be restarted for the PAM library upgrade:" +msgstr "" + +#. Type: error +#. Description +#: ../libpam0g.templates:3001 +msgid "" +"You will need to start these manually by running '/etc/init.d/<service> " +"start'." +msgstr "" + +#. Type: boolean +#. Description +#: ../libpam0g.templates:4001 +msgid "Restart services during package upgrades without asking?" +msgstr "" + +#. Type: boolean +#. Description +#: ../libpam0g.templates:4001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr "" + +#. Type: title +#. Description +#: ../libpam-runtime.templates:1001 +msgid "PAM configuration" +msgstr "" + +#. Type: multiselect +#. Description +#: ../libpam-runtime.templates:2001 +msgid "PAM profiles to enable:" +msgstr "" + +#. Type: multiselect +#. Description +#: ../libpam-runtime.templates:2001 +msgid "" +"Pluggable Authentication Modules (PAM) determine how authentication, " +"authorization, and password changing are handled on the system, as well as " +"allowing configuration of additional actions to take when starting user " +"sessions." +msgstr "" + +#. Type: multiselect +#. Description +#: ../libpam-runtime.templates:2001 +msgid "" +"Some PAM module packages provide profiles that can be used to automatically " +"adjust the behavior of all PAM-using applications on the system. Please " +"indicate which of these behaviors you wish to enable." +msgstr "" + +#. Type: error +#. Description +#: ../libpam-runtime.templates:3001 +msgid "Incompatible PAM profiles selected." +msgstr "" + +#. Type: error +#. Description +#. This paragraph is followed by a (currently) non-translatable list of +#. PAM profile names. +#: ../libpam-runtime.templates:3001 +msgid "The following PAM profiles cannot be used together:" +msgstr "" + +#. Type: error +#. Description +#: ../libpam-runtime.templates:3001 +msgid "Please select a different set of modules to enable." +msgstr "" + +#. Type: boolean +#. Description +#: ../libpam-runtime.templates:4001 +msgid "Override local changes to /etc/pam.d/common-*?" +msgstr "" + +#. Type: boolean +#. Description +#: ../libpam-runtime.templates:4001 +msgid "" +"One or more of the files /etc/pam.d/common-{auth,account,password,session} " +"have been locally modified. Please indicate whether these local changes " +"should be overridden using the system-provided configuration. If you " +"decline this option, you will need to manage your system's authentication " +"configuration by hand." +msgstr "" + +#. Type: error +#. Description +#: ../libpam-runtime.templates:5001 +msgid "No PAM profiles have been selected." +msgstr "" + +#. Type: error +#. Description +#: ../libpam-runtime.templates:5001 +msgid "" +"No PAM profiles have been selected for use on this system. This would grant " +"all users access without authenticating, and is not allowed. Please select " +"at least one PAM profile from the available list." +msgstr "" + +#. Type: error +#. Description +#: ../libpam-modules.templates:1001 +msgid "xscreensaver and xlockmore must be restarted before upgrading" +msgstr "" + +#. Type: error +#. Description +#: ../libpam-modules.templates:1001 +msgid "" +"One or more running instances of xscreensaver or xlockmore have been " +"detected on this system. Because of incompatible library changes, the " +"upgrade of the libpam-modules package will leave you unable to authenticate " +"to these programs. You should arrange for these programs to be restarted or " +"stopped before continuing this upgrade, to avoid locking your users out of " +"their current sessions." +msgstr "" diff --git a/debian/po/tr.po b/debian/po/tr.po new file mode 100644 index 00000000..960ce5e8 --- /dev/null +++ b/debian/po/tr.po @@ -0,0 +1,242 @@ +# Debconf questions for the Linux-PAM package. +# Copyright (C) 2007 Steve Langasek <vorlon@debian.org> +# This file is distributed under the same license as the pam package. +# Mert Dirik <mertdirik@gmail.com>, 2008. +# +msgid "" +msgstr "" +"Project-Id-Version: pam 0.99.7.1-5\n" +"Report-Msgid-Bugs-To: pam@packages.debian.org\n" +"POT-Creation-Date: 2011-10-30 15:05-0400\n" +"PO-Revision-Date: 2014-08-01 14:42+0200\n" +"Last-Translator: Mert Dirik <mertdirik@gmail.com>\n" +"Language-Team: Debian L10n Turkish <debian-l10n-turkish@lists.debian.org>\n" +"Language: tr\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=1; plural=0;\n" +"X-Generator: Poedit 1.5.4\n" + +#. Type: string +#. Description +#: ../libpam0g.templates:1001 +msgid "Services to restart for PAM library upgrade:" +msgstr "" +"PAM kitaplığının yükseltilmesi için yeniden başlatılacak olan hizmetler:" + +#. Type: string +#. Description +#: ../libpam0g.templates:1001 +msgid "" +"Most services that use PAM need to be restarted to use modules built for " +"this new version of libpam. Please review the following space-separated " +"list of init.d scripts for services to be restarted now, and correct it if " +"needed." +msgstr "" +"PAM kullanan çoğu hizmet, libpam'ın bu yeni sürümü için derlenmiş " +"modüllerden yararlanabilmek için yeniden başlatılmak zorunda. Lütfen " +"yeniden başlatılacak hizmetlere ilişkin init.d betiklerinin boşluklarla " +"ayrılmış aşağıdaki listesini inceleyin ve gerekliyse listeyi düzeltin." + +#. Type: error +#. Description +#: ../libpam0g.templates:2001 +msgid "Display manager must be restarted manually" +msgstr "Görüntü yöneticisinin elle yeniden başlatılması gerekli" + +#. Type: error +#. Description +#: ../libpam0g.templates:2001 +#| msgid "" +#| "The kdm, wdm, and xdm display managers require a restart for the new " +#| "version of libpam, but there are X login sessions active on your system " +#| "that would be terminated by this restart. You will therefore need to " +#| "restart these services by hand before further X logins will be possible." +msgid "" +"The wdm and xdm display managers require a restart for the new version of " +"libpam, but there are X login sessions active on your system that would be " +"terminated by this restart. You will therefore need to restart these " +"services by hand before further X logins will be possible." +msgstr "" +"wdm ve xdm görüntü yöneticileri, libpam'ın yeni sürümünden yararlanabilmek " +"için yeniden başlatılmalı; fakat sisteminizde etkin X oturumları var. " +"Görüntü yöneticisi yeniden başlatılırsa bu oturumlar da kapatılır. Bu " +"yüzden ileride yeni X oturumları açabilmek için bu hizmetleri elle yeniden " +"başlatmanız gerekecek. " + +#. Type: error +#. Description +#: ../libpam0g.templates:3001 +msgid "Failure restarting some services for PAM upgrade" +msgstr "Bazı hizmetler PAM yükseltmesi için yeniden başlatılamadı" + +#. Type: error +#. Description +#: ../libpam0g.templates:3001 +msgid "" +"The following services could not be restarted for the PAM library upgrade:" +msgstr "" +"Aşağıdaki hizmetler PAM kitaplığının yükseltmesi için yeniden başlatılamadı:" + +#. Type: error +#. Description +#: ../libpam0g.templates:3001 +msgid "" +"You will need to start these manually by running '/etc/init.d/<service> " +"start'." +msgstr "" +"Bu hizmetleri '/etc/init.d/<hizmet> start' komutunu kullanarak elinizle " +"başlatmanız gerekecek." + +#. Type: boolean +#. Description +#: ../libpam0g.templates:4001 +msgid "Restart services during package upgrades without asking?" +msgstr "Paket yükseltme esnasında hizmetler sorulmadan yeniden başlatılsın mı?" + +#. Type: boolean +#. Description +#: ../libpam0g.templates:4001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr "" +"Sisteminizde libpam, libc ve libssl gibi bazı kitaplıklar yükseltildiğinde " +"yeniden başlatılması gereken bazı hizmetler kurulu. Yeniden başlatma " +"işlemleri sisteminizin sunduğu hizmetlerde kesintilere neden olabileceğinden " +"dolayı her yükseltme işlemi esnasında yeniden başlatmak istediğiniz " +"hizmetler size sorulacaktır. Eğer bu sorunun sorulmasını istemiyorsanız bu " +"seçeneği kullanabilirsiniz. Bu seçenek seçildiği takdirde bir kitaplık " +"yükseltmesi yapılırken gereken tüm yeniden başlatma işlemleri size " +"sorulmaksızın otomatik olarak yapılacaktır." + +#. Type: title +#. Description +#: ../libpam-runtime.templates:1001 +msgid "PAM configuration" +msgstr "PAM yapılandırması" + +#. Type: multiselect +#. Description +#: ../libpam-runtime.templates:2001 +msgid "PAM profiles to enable:" +msgstr "Etkinleştirilecek PAM profilleri:" + +#. Type: multiselect +#. Description +#: ../libpam-runtime.templates:2001 +msgid "" +"Pluggable Authentication Modules (PAM) determine how authentication, " +"authorization, and password changing are handled on the system, as well as " +"allowing configuration of additional actions to take when starting user " +"sessions." +msgstr "" +"Takılabilir Doğrulama Modülleri (PAM), sistemdeki kimlik doğrulama, izin " +"verme ve parola değiştirme işlemlerinin ne şekilde idare edileceğine karar " +"veren ve ayrıca kullanıcı oturumları başlatılırken atılması gereken adımları " +"yapılandırmaya yarayan bir sistemdir." + +#. Type: multiselect +#. Description +#: ../libpam-runtime.templates:2001 +msgid "" +"Some PAM module packages provide profiles that can be used to automatically " +"adjust the behavior of all PAM-using applications on the system. Please " +"indicate which of these behaviors you wish to enable." +msgstr "" +"Bazı PAM modül paketleri, sistemde mevcut olan ve PAM kullanan tüm " +"uygulamaların davranışlarını otomatik olarak ayarlamaya yarayan profiller " +"sağlar. Lütfen bu davranışlardan hangisini etkinleştirmek istediğinizi " +"belirtin." + +#. Type: error +#. Description +#: ../libpam-runtime.templates:3001 +msgid "Incompatible PAM profiles selected." +msgstr "Uyumsuz PAM profilleri seçildi" + +#. Type: error +#. Description +#. This paragraph is followed by a (currently) non-translatable list of +#. PAM profile names. +#: ../libpam-runtime.templates:3001 +msgid "The following PAM profiles cannot be used together:" +msgstr "Şu PAM profilleri birarada kullanılamaz:" + +#. Type: error +#. Description +#: ../libpam-runtime.templates:3001 +msgid "Please select a different set of modules to enable." +msgstr "Lütfen farklı bir modül kümesi seçin." + +#. Type: boolean +#. Description +#: ../libpam-runtime.templates:4001 +msgid "Override local changes to /etc/pam.d/common-*?" +msgstr "" +"/etc/pam.d/common-* konumundaki yerel değişiklikler görmezden gelinsin mi?" + +#. Type: boolean +#. Description +#: ../libpam-runtime.templates:4001 +msgid "" +"One or more of the files /etc/pam.d/common-{auth,account,password,session} " +"have been locally modified. Please indicate whether these local changes " +"should be overridden using the system-provided configuration. If you " +"decline this option, you will need to manage your system's authentication " +"configuration by hand." +msgstr "" +"/etc/pam.d/common-{auth,account,password,session} dosyalarından bir ya da " +"daha fazlası yerel olarak değiştirilmiş. Lütfen bu yerel değişikliklerin " +"sistem tarafından sağlanan yapılandırma ile değiştirilmesine izin verip " +"vermediğinizi belirtin. Bu seçeneği kabul etmediğiniz takdirde sistemin " +"kimlik doğrulama yapılandırmasını elinizle ayarlamanız gerekecektir." + +#. Type: error +#. Description +#: ../libpam-runtime.templates:5001 +msgid "No PAM profiles have been selected." +msgstr "Hiçbir PAM profili seçilmedi." + +#. Type: error +#. Description +#: ../libpam-runtime.templates:5001 +msgid "" +"No PAM profiles have been selected for use on this system. This would grant " +"all users access without authenticating, and is not allowed. Please select " +"at least one PAM profile from the available list." +msgstr "" +"Sistemde kullanılmak üzere hiçbir PAM modülü seçilmedi. Bu durum tüm " +"kullanıcılara hiçbir kimlik doğrulamaya maruz kalmaksızın erişim izni " +"verilmesi anlamına gelir ve bu duruma izin verilmemektedir. Lütfen mevcut " +"profiller listesinden en az bir PAM profili seçin." + +#. Type: error +#. Description +#: ../libpam-modules.templates:1001 +msgid "xscreensaver and xlockmore must be restarted before upgrading" +msgstr "" +"Yükseltme işleminden önce xscreensaver ve xlockmore yeniden başlatılmalı" + +#. Type: error +#. Description +#: ../libpam-modules.templates:1001 +msgid "" +"One or more running instances of xscreensaver or xlockmore have been " +"detected on this system. Because of incompatible library changes, the " +"upgrade of the libpam-modules package will leave you unable to authenticate " +"to these programs. You should arrange for these programs to be restarted or " +"stopped before continuing this upgrade, to avoid locking your users out of " +"their current sessions." +msgstr "" +"Sisteminizde çalışmakta olan birden fazla xscreensaver ya da xlockmore " +"örneğine rastlandı. Uyumsuz kitaplık değişiklikleri yüzünden, libpam-modules " +"paketinin yükseltilmesi bu programlarda kimlik doğrulamasını olanaksız hale " +"getirecek. Mevcut oturumların kilitlenmesi önlemek için, yükseltme işlemine " +"devam etmeden önce bu programları durdurmalı ya da yeniden başlatmalısınız." diff --git a/debian/po/vi.po b/debian/po/vi.po new file mode 100644 index 00000000..868a8359 --- /dev/null +++ b/debian/po/vi.po @@ -0,0 +1,262 @@ +# Vietnamese translation for PAM. +# Copyright © 2010 Free Software Foundation, Inc. +# Clytie Siddall <clytie@riverland.net.au>, 2007-2010. +# +msgid "" +msgstr "" +"Project-Id-Version: pam 1.1.1-6.1\n" +"Report-Msgid-Bugs-To: pam@packages.debian.org\n" +"POT-Creation-Date: 2011-10-30 15:05-0400\n" +"PO-Revision-Date: 2010-10-24 20:46+1030\n" +"Last-Translator: Clytie Siddall <clytie@riverland.net.au>\n" +"Language-Team: Vietnamese <vi-VN@googlegroups.com>\n" +"Language: vi\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=1; plural=0;\n" +"X-Generator: LocFactoryEditor 1.8\n" + +#. Type: string +#. Description +#: ../libpam0g.templates:1001 +msgid "Services to restart for PAM library upgrade:" +msgstr "Dịch vụ cần khởi chạy lại để nâng cấp thư viện PAM:" + +#. Type: string +#. Description +#: ../libpam0g.templates:1001 +msgid "" +"Most services that use PAM need to be restarted to use modules built for " +"this new version of libpam. Please review the following space-separated " +"list of init.d scripts for services to be restarted now, and correct it if " +"needed." +msgstr "" +"Phần lớn dịch vụ sử dụng PAM thì cũng cần phải được khởi chạy lại để sử dụng " +"những mô-đun được xây dựng cho phiên bản libpam mới này. Hãy xem lại danh " +"sách định giới bằng dấu cách theo đây hiển thị những văn lệnh khởi động " +"(init.d) cho dịch vụ cần khởi chạy lại ngay bây giờ, và sửa chữa nếu cần " +"thiết." + +#. Type: error +#. Description +#: ../libpam0g.templates:2001 +msgid "Display manager must be restarted manually" +msgstr "Trình quản lý trình bày phải được khởi chạy bằng tay" + +#. Type: error +#. Description +#: ../libpam0g.templates:2001 +#, fuzzy +#| msgid "" +#| "The kdm, wdm, and xdm display managers require a restart for the new " +#| "version of libpam, but there are X login sessions active on your system " +#| "that would be terminated by this restart. You will therefore need to " +#| "restart these services by hand before further X logins will be possible." +msgid "" +"The wdm and xdm display managers require a restart for the new version of " +"libpam, but there are X login sessions active on your system that would be " +"terminated by this restart. You will therefore need to restart these " +"services by hand before further X logins will be possible." +msgstr "" +"Trình quản lý trình bày kdm, wdm, hay xdm cần thiết được khởi chạy lại để sử " +"dụng phiên bản mới của thư viện libpam, nhưng việc khởi chạy lại sẽ cũng " +"chấm dứt một số buổi hợp đang nhập X đang chạy. Sau đó thì bạn cần phải tự " +"khởi chạy lại những dịch vụ này để đăng nhập lại vào X." + +#. Type: error +#. Description +#: ../libpam0g.templates:3001 +msgid "Failure restarting some services for PAM upgrade" +msgstr "Lỗi khởi chạy lại một số dịch vụ để nâng cấp PAM" + +#. Type: error +#. Description +#: ../libpam0g.templates:3001 +msgid "" +"The following services could not be restarted for the PAM library upgrade:" +msgstr "" +"Những dịch vụ theo đây không thể được khởi chạy lại để nâng cấp thư viện PAM:" + +#. Type: error +#. Description +#: ../libpam0g.templates:3001 +msgid "" +"You will need to start these manually by running '/etc/init.d/<service> " +"start'." +msgstr "" +"Bạn cần phải tự khởi chạy lại chúng bằng cách chạy câu lệnh « /etc/init.d/" +"<tên_dịch_vụ> start »." + +#. Type: boolean +#. Description +#: ../libpam0g.templates:4001 +msgid "Restart services during package upgrades without asking?" +msgstr "" + +#. Type: boolean +#. Description +#: ../libpam0g.templates:4001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr "" + +#. Type: title +#. Description +#: ../libpam-runtime.templates:1001 +msgid "PAM configuration" +msgstr "" + +#. Type: multiselect +#. Description +#: ../libpam-runtime.templates:2001 +msgid "PAM profiles to enable:" +msgstr "Các hồ sơ PAM cần bật:" + +#. Type: multiselect +#. Description +#: ../libpam-runtime.templates:2001 +msgid "" +"Pluggable Authentication Modules (PAM) determine how authentication, " +"authorization, and password changing are handled on the system, as well as " +"allowing configuration of additional actions to take when starting user " +"sessions." +msgstr "" +"Mô-đun Xác thực Dễ kết hợp (PAM) quyết định quá trình xác thực, cho phép và " +"thay đổi mật khẩu được quản lý như thế nào trên hệ thống, cũng như cho phép " +"cấu hình các hành vi bổ sung cần làm khi khởi chạy buổi hợp người dùng." + +#. Type: multiselect +#. Description +#: ../libpam-runtime.templates:2001 +msgid "" +"Some PAM module packages provide profiles that can be used to automatically " +"adjust the behavior of all PAM-using applications on the system. Please " +"indicate which of these behaviors you wish to enable." +msgstr "" +"Một số mô-đun PAM nào đó cũng cung cấp các hồ sơ có thể được dùng để tự động " +"điều chỉnh ứng xử của tất cả các ứng dụng dùng PAM trên hệ thống. Hãy ngụ ý " +"những ứng xử nào bạn muốn hiệu lực." + +#. Type: error +#. Description +#: ../libpam-runtime.templates:3001 +msgid "Incompatible PAM profiles selected." +msgstr "Bạn đã chọn một số hồ sơ PAM không tương thích với nhau." + +#. Type: error +#. Description +#. This paragraph is followed by a (currently) non-translatable list of +#. PAM profile names. +#: ../libpam-runtime.templates:3001 +msgid "The following PAM profiles cannot be used together:" +msgstr "Không thể sử dụng với nhau những hồ sơ PAM theo đây:" + +#. Type: error +#. Description +#: ../libpam-runtime.templates:3001 +msgid "Please select a different set of modules to enable." +msgstr "Hãy chọn một tập hợp mô-đun khác để hiệu lực." + +#. Type: boolean +#. Description +#: ../libpam-runtime.templates:4001 +msgid "Override local changes to /etc/pam.d/common-*?" +msgstr "Có quyền cao hơn thay đổi cục bộ trong « /etc/pam.d/common-* » không?" + +#. Type: boolean +#. Description +#: ../libpam-runtime.templates:4001 +msgid "" +"One or more of the files /etc/pam.d/common-{auth,account,password,session} " +"have been locally modified. Please indicate whether these local changes " +"should be overridden using the system-provided configuration. If you " +"decline this option, you will need to manage your system's authentication " +"configuration by hand." +msgstr "" +"Một hay nhiều tập tin « /etc/pam.d/common-{auth,account,password,session} » " +"đã bị sửa đổi cục bộ. Hãy ngụ ý có nên ghi đè lên các thay đổi cục bộ này " +"dùng cấu hình được hệ thống cung cấp, hay không. Không bật tuỳ chọn này thì " +"bạn cần phải tự quản lý cấu hình xác thực của hệ thống này." + +#. Type: error +#. Description +#: ../libpam-runtime.templates:5001 +msgid "No PAM profiles have been selected." +msgstr "Chưa chọn hồ sơ PAM." + +#. Type: error +#. Description +#: ../libpam-runtime.templates:5001 +msgid "" +"No PAM profiles have been selected for use on this system. This would grant " +"all users access without authenticating, and is not allowed. Please select " +"at least one PAM profile from the available list." +msgstr "" +"Chưa chọn hồ sơ PAM nào để sử dụng trên hệ thống này. Trường hợp này cho " +"phép mọi người dùng truy cập đến hệ thống mà không xác thực: không tốt ! Xin " +"hãy chọn ít nhất một hồ sơ PAM trong danh sách sẵn sàng." + +#. Type: error +#. Description +#: ../libpam-modules.templates:1001 +msgid "xscreensaver and xlockmore must be restarted before upgrading" +msgstr "xscreensaver và xlockmore phải được khởi chạy lại trước khi nâng cấp" + +#. Type: error +#. Description +#: ../libpam-modules.templates:1001 +msgid "" +"One or more running instances of xscreensaver or xlockmore have been " +"detected on this system. Because of incompatible library changes, the " +"upgrade of the libpam-modules package will leave you unable to authenticate " +"to these programs. You should arrange for these programs to be restarted or " +"stopped before continuing this upgrade, to avoid locking your users out of " +"their current sessions." +msgstr "" +"Một hai nhiều tiến trình xscreensaver hay xlockmore được phát hiện trên hệ " +"thống này. Do thay đổi thư viện không tương thích, việc nâng cấp gói libpam-" +"modules sẽ để lại trường hợp người dùng không thể xác thực với những chương " +"trình này. Vì thế bạn nên khởi chạy lại hoặc ngừng chạy những chương trình " +"này trước khi tiếp tục tiến trình nâng cấp, để tránh chặn người dùng đăng " +"nhập vào buổi hợp đang chạy." + +#~ msgid "Your system allowed access without a password!" +#~ msgstr "Hệ thống này cho phép truy cập mà không nhập mật khẩu !" + +#~ msgid "" +#~ "A bug in a previous version of libpam-runtime resulted in no PAM profiles " +#~ "being selected for use on this system. As a result, access was allowed " +#~ "for a time to all accounts on your system, with or without a correct " +#~ "password. Especially if this system can be accessed from the Internet, it " +#~ "is likely that it has been compromised. Unless you are familiar with " +#~ "recovering from security failures, viruses, and malicious software, you " +#~ "should re-install this system from scratch or obtain the services of a " +#~ "skilled system administrator. For more information, see:" +#~ msgstr "" +#~ "Một phiên bản libpam-runtime trước chứa một lỗi dẫn đến không có hồ sơ " +#~ "PAM nào được lựa chọn để sử dụng trên hệ thống này. Kết quả là trong một " +#~ "thời gian nào đó truy cập được phép đến mọi tài khoản trên hệ thống này, " +#~ "bất chấp nhập mật khẩu đúng hay không. Đặc biệt nếu hệ thống này cho phép " +#~ "truy cập từ Internet, rất có thể là hệ thống này bị hại thậm. Nếu bạn " +#~ "không quen với tiến trình phục hồi sau sự thất bại bảo mật, vi-rút và " +#~ "phần mềm hiểm độc, bạn nên cài đặt lại hệ thống này từ số không, hoặc yêu " +#~ "cầu dịch vụ của một quản trị hệ thống thành thạo. Để tìm thêm thông tin, " +#~ "xem:" + +#~ msgid "" +#~ "The bug that allowed this wrong configuration is fixed in the current " +#~ "version of libpam-runtime, and your configuration has now been corrected. " +#~ "We apologize that previous versions of libpam-runtime did not detect and " +#~ "prevent this situation." +#~ msgstr "" +#~ "Lỗi cho phép cấu hình sai này đã được sửa chữa trong phiên bản libpam-" +#~ "runtime hiện thời, và cấu hình của bạn giờ được sửa chữa. Chúng tôi xin " +#~ "lỗi vì phiên bản libpam-runtime trước không phát hiện và ngăn cản trường " +#~ "hợp này." diff --git a/debian/po/zh_CN.po b/debian/po/zh_CN.po new file mode 100644 index 00000000..23291f5e --- /dev/null +++ b/debian/po/zh_CN.po @@ -0,0 +1,211 @@ +# Simplified Chinese translation for debconf templates of the pam package +# +# The original English strings (msgid) are: +# Copyright (C) 2007 Steve Langasek <vorlon@debian.org> +# The translations (msgstr) are: +# Copyright (C) 2007 Ming Hua <minghua-guest@users.alioth.debian.org> +# Copyright (C) 2009 Deng Xiyue <manphiz-guest@users.alioth.debian.org> +# +# This file is distributed under the same license as the pam package. +# +msgid "" +msgstr "" +"Project-Id-Version: pam\n" +"Report-Msgid-Bugs-To: pam@packages.debian.org\n" +"POT-Creation-Date: 2011-10-30 15:05-0400\n" +"PO-Revision-Date: 2009-01-01 12:30+0800\n" +"Last-Translator: Deng Xiyue <manphiz-guest@users.alioth.debian.org>\n" +"Language-Team: Debian Chinese [GB] <debian-chinese-gb@lists.debian.org>\n" +"Language: \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: string +#. Description +#: ../libpam0g.templates:1001 +msgid "Services to restart for PAM library upgrade:" +msgstr "因 PAM 库升级而需要重新启动的服务:" + +#. Type: string +#. Description +#: ../libpam0g.templates:1001 +msgid "" +"Most services that use PAM need to be restarted to use modules built for " +"this new version of libpam. Please review the following space-separated " +"list of init.d scripts for services to be restarted now, and correct it if " +"needed." +msgstr "" +"为了使用基于这个新版本 libpam 编译的模块,绝大部分使用 PAM 的服务都需要被重新" +"启动。请复查下面这个需要重新启动的服务所对应的 init.d script 列表,script 名" +"称之间以半角空格分隔。如列表有误,请直接更正。" + +#. Type: error +#. Description +#: ../libpam0g.templates:2001 +msgid "Display manager must be restarted manually" +msgstr "必须手动重新启动显示管理器" + +#. Type: error +#. Description +#: ../libpam0g.templates:2001 +#, fuzzy +#| msgid "" +#| "The kdm, wdm, and xdm display managers require a restart for the new " +#| "version of libpam, but there are X login sessions active on your system " +#| "that would be terminated by this restart. You will therefore need to " +#| "restart these services by hand before further X logins will be possible." +msgid "" +"The wdm and xdm display managers require a restart for the new version of " +"libpam, but there are X login sessions active on your system that would be " +"terminated by this restart. You will therefore need to restart these " +"services by hand before further X logins will be possible." +msgstr "" +"由于 lipam 更新到新版本,显示管理器 kdm、wdm 和 xdm 需要被重新启动。但是您的" +"系统上有正在运行的 X 登录会话,而如果重新启动显示管理器服务,这些 X 会话就会" +"被强行结束。因此,您需要手动重新启动这些服务,否则您将无法再登录进 X 窗口系" +"统。" + +#. Type: error +#. Description +#: ../libpam0g.templates:3001 +msgid "Failure restarting some services for PAM upgrade" +msgstr "为 PAM 升级重新启动某些服务失败" + +#. Type: error +#. Description +#: ../libpam0g.templates:3001 +msgid "" +"The following services could not be restarted for the PAM library upgrade:" +msgstr "升级 PAM 库时,下列服务无法被重新启动:" + +#. Type: error +#. Description +#: ../libpam0g.templates:3001 +msgid "" +"You will need to start these manually by running '/etc/init.d/<service> " +"start'." +msgstr "您需要运行“/etc/init.d/<服务> start”来手动启动这些服务。" + +#. Type: boolean +#. Description +#: ../libpam0g.templates:4001 +msgid "Restart services during package upgrades without asking?" +msgstr "" + +#. Type: boolean +#. Description +#: ../libpam0g.templates:4001 +msgid "" +"There are services installed on your system which need to be restarted when " +"certain libraries, such as libpam, libc, and libssl, are upgraded. Since " +"these restarts may cause interruptions of service for the system, you will " +"normally be prompted on each upgrade for the list of services you wish to " +"restart. You can choose this option to avoid being prompted; instead, all " +"necessary restarts will be done for you automatically so you can avoid being " +"asked questions on each library upgrade." +msgstr "" + +#. Type: title +#. Description +#: ../libpam-runtime.templates:1001 +msgid "PAM configuration" +msgstr "" + +#. Type: multiselect +#. Description +#: ../libpam-runtime.templates:2001 +msgid "PAM profiles to enable:" +msgstr "" + +#. Type: multiselect +#. Description +#: ../libpam-runtime.templates:2001 +msgid "" +"Pluggable Authentication Modules (PAM) determine how authentication, " +"authorization, and password changing are handled on the system, as well as " +"allowing configuration of additional actions to take when starting user " +"sessions." +msgstr "" + +#. Type: multiselect +#. Description +#: ../libpam-runtime.templates:2001 +msgid "" +"Some PAM module packages provide profiles that can be used to automatically " +"adjust the behavior of all PAM-using applications on the system. Please " +"indicate which of these behaviors you wish to enable." +msgstr "" + +#. Type: error +#. Description +#: ../libpam-runtime.templates:3001 +msgid "Incompatible PAM profiles selected." +msgstr "" + +#. Type: error +#. Description +#. This paragraph is followed by a (currently) non-translatable list of +#. PAM profile names. +#: ../libpam-runtime.templates:3001 +msgid "The following PAM profiles cannot be used together:" +msgstr "" + +#. Type: error +#. Description +#: ../libpam-runtime.templates:3001 +msgid "Please select a different set of modules to enable." +msgstr "" + +#. Type: boolean +#. Description +#: ../libpam-runtime.templates:4001 +msgid "Override local changes to /etc/pam.d/common-*?" +msgstr "" + +#. Type: boolean +#. Description +#: ../libpam-runtime.templates:4001 +msgid "" +"One or more of the files /etc/pam.d/common-{auth,account,password,session} " +"have been locally modified. Please indicate whether these local changes " +"should be overridden using the system-provided configuration. If you " +"decline this option, you will need to manage your system's authentication " +"configuration by hand." +msgstr "" + +#. Type: error +#. Description +#: ../libpam-runtime.templates:5001 +msgid "No PAM profiles have been selected." +msgstr "" + +#. Type: error +#. Description +#: ../libpam-runtime.templates:5001 +msgid "" +"No PAM profiles have been selected for use on this system. This would grant " +"all users access without authenticating, and is not allowed. Please select " +"at least one PAM profile from the available list." +msgstr "" + +#. Type: error +#. Description +#: ../libpam-modules.templates:1001 +msgid "xscreensaver and xlockmore must be restarted before upgrading" +msgstr "在升级前必须重新启动 xscreensaver 和 xlockmore" + +#. Type: error +#. Description +#: ../libpam-modules.templates:1001 +msgid "" +"One or more running instances of xscreensaver or xlockmore have been " +"detected on this system. Because of incompatible library changes, the " +"upgrade of the libpam-modules package will leave you unable to authenticate " +"to these programs. You should arrange for these programs to be restarted or " +"stopped before continuing this upgrade, to avoid locking your users out of " +"their current sessions." +msgstr "" +"检测到一个或多个 xscreensaver 或 xlockmore 运行实例。因为不兼容的库的变化," +"libpam-module 软件包的升级将使您无法向这些程序认证。您需要在继续此升级前安排" +"这些程序重新启动或者停止运行,以避免将您的用户锁在他们的当前会话之外。" diff --git a/debian/rules b/debian/rules new file mode 100755 index 00000000..1bb42123 --- /dev/null +++ b/debian/rules @@ -0,0 +1,65 @@ +#!/usr/bin/make -f + +DEB_LDFLAGS_MAINT_APPEND := -Wl,-z,defs +DEB_CFLAGS_MAINT_APPEND := $(shell getconf LFS_CFLAGS) +export DEB_LDFLAGS_MAINT_APPEND DEB_CFLAGS_MAINT_APPEND +ifeq ($(shell dpkg-architecture -qDEB_BUILD_ARCH_OS),hurd) +DEB_LDFLAGS_MAINT_APPEND += -lpthread +endif + +DEB_HOST_MULTIARCH := $(shell dpkg-architecture -qDEB_HOST_MULTIARCH) + +LC_COLLATE=C +export LC_COLLATE + +export QUILT_PATCH_DIR = debian/patches-applied + +d = $(CURDIR)/debian +dl = $(d)/local + +%: + dh $@ --with quilt,autoreconf + +# avoid libaudit-dev when bootstrapping +ifneq (,$(filter $(DEB_BUILD_PROFILE),stage1)) + CONFIGURE_OPTS += --disable-audit +endif + +override_dh_auto_configure: + dh_auto_configure -- --enable-static --enable-shared \ + --libdir=/lib/$(DEB_HOST_MULTIARCH) \ + --enable-isadir=/lib/security \ + $(CONFIGURE_OPTS) + +# .install files don't have "except for" handling, so we need to exclude +# our module that doesn't match right here +override_dh_install: + sed -e"s/@DEB_HOST_MULTIARCH@/$(DEB_HOST_MULTIARCH)/g" $(d)/libpam0g-dev.install.in > $(d)/libpam0g-dev.install +ifneq (,$(findstring libpam-modules, $(shell dh_listpackages))) + dh_install -plibpam-modules -Xpam_cracklib +endif + dh_install -Nlibpam-modules + +# again, excluding files by hand; also, build our local manpage for pam_getenv +# from the XML +override_dh_installman: + pod2man --section 8 --release="Debian GNU/Linux" $(dl)/pam_getenv >$(dl)/pam_getenv.8 + dh_installman + rm -f $(d)/libpam-modules/usr/share/man/man5/pam.conf.5 + rm -f $(d)/libpam-modules/usr/share/man/man8/pam_cracklib.8 + rm -f $(d)/libpam-modules/usr/share/man/man8/pam_timestamp_check.8 + +# dh_link doesn't do wildcards, so we can't auto-link to the right per-arch +# directory +override_dh_link: + sed -e"s/@DEB_HOST_MULTIARCH@/$(DEB_HOST_MULTIARCH)/g" $(d)/libpam0g-dev.links.in > $(d)/libpam0g-dev.links + dh_link + +# using perms that differ from upstream (sgid instead of suid) /and/ that +# dh_fixperms doesn't want +override_dh_fixperms: + dh_fixperms +ifneq (,$(findstring libpam-modules, $(shell dh_listpackages))) + chgrp shadow $(d)/libpam-modules-bin/sbin/unix_chkpwd + chmod 02755 $(d)/libpam-modules-bin/sbin/unix_chkpwd +endif diff --git a/debian/source.lintian-overrides b/debian/source.lintian-overrides new file mode 100644 index 00000000..932c1674 --- /dev/null +++ b/debian/source.lintian-overrides @@ -0,0 +1,3 @@ +pam source: quilt-build-dep-but-no-series-file +pam source: build-depends-on-1-revision build-depends: quilt (>= 0.48-1) + diff --git a/debian/watch b/debian/watch new file mode 100644 index 00000000..e137cd73 --- /dev/null +++ b/debian/watch @@ -0,0 +1,4 @@ +version=3 +opts=uversionmangle=s/^(\S+-doc)/0.0.$1/ \ +http://www.linux-pam.org/library/ \ +(?:|.*/)Linux-PAM(?:[_\-]v?|)(\d[^\s/]*)\.(?:tar\.xz|txz|tar\.bz2|tbz2|tar\.gz|tgz) |