| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
| |
pam (1.1.8-3.2) unstable; urgency=medium
* Non-maintainer upload.
* Fix CVE-2015-3238: DoS/user enumeration due to blocking pipe in pam_unix
module (Closes: #789986)
|
|
|
|
|
|
|
|
|
|
| |
pam (1.1.8-3.1) unstable; urgency=high
* Non-maintainer upload by the Security Team.
* Fix CVE-2013-7041: case-insensitive comparison used for verifying
passwords in the pam_userdb module (closes: #731368).
* Fix CVE-2014-2583: multiple directory traversal issues in the
pam_timestamp module (closes: 757555)
|
| |
|
|
|
|
|
|
| |
will not dynamically switch between the libc stubs and the libpthread
implementations on this architecture. Thanks to Samuel Thibault for the
patch. Closes: #743891.
|
| |
|
|
|
|
| |
available on non-Linux archs. Closes: #737035.
|
| |
|
|
|
|
| |
install
|
| |
|
|
|
|
|
| |
prematurely removing the PAM config when the package is installed for
multiple architectures. Closes: #647428.
|
|
|
|
| |
files correctly.
|
|
|
|
| |
to the libpam-doc package. Closes: #700485.
|
|
|
|
| |
so that regenerating documentation doesn't cause build skew.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
upstream with a newer, fixed xsltproc.
|
|\ |
|
| |\ |
|
| | |
| | |
| | |
| | |
| | | |
* modules/pam_unix/pam_unix_acct.c: Check setuid return value.
* modules/pam_unix/support.c: Likewise.
|
| | |
| | |
| | |
| | | |
modules/pam_unix/support.c(_set_ctrl): Write to *rounds only if non-NULL.
|
| | |
| | |
| | |
| | | |
modules/pam_unix/pam_unix_passwd.c: Add missing ')'..
|
| | | |
|
| | |
| | |
| | |
| | | |
po/*.po: Updated translations from Transifex.
|
| | |
| | |
| | |
| | |
| | | |
* modules/pam_exec/pam_exec.c: Add stdout and type= option
* modules/pam_exec/pam_exec.8.xml: Document new options
|
| | |
| | |
| | |
| | | |
* modules/pam_unix/pam_unix_acct.c: fix last change
|
| | |
| | |
| | |
| | |
| | |
| | | |
* modules/pam_unix/pam_unix_acct.c: run waitpid in a while loop.
* modules/pam_unix/pam_unix_passwd.c: Likewise.
* modules/pam_unix/support.c: Likewise.
|
| | |
| | |
| | |
| | | |
doc/man/misc_conv.3.xml: Fix return value of misc_conv
|
| | |
| | |
| | |
| | |
| | |
| | | |
* modules/pam_sepermit/pam_sepermit.c(get_loginuid): Read loginuid from
/proc
(sepermit_match): Apply the exclusive check only when loginuid not set.
|
| | |
| | |
| | |
| | | |
* po/*.po: Updated translations from Transifex.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
pam_rootok.c explicitly uses functions from libaudit, so the module has
to be linked with the library.
* modules/pam_rootok/Makefile.am (pam_rootok_la_LIBADD): Add @LIBAUDIT@.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* modules/pam_tty_audit/pam_tty_audit.c (pam_sm_open_session): Replace
all occurrences of HAVE_AUDIT_TTY_STATUS_LOG_PASSWD with
HAVE_STRUCT_AUDIT_TTY_STATUS_LOG_PASSWD.
* configure.in (HAVE_AUDIT_TTY_STATUS_LOG_PASSWD): Remove.
Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
Signed-off-by: Dmitry V. Levin <ldv@altlinux.org>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Most commands are entered one line at a time and processed as complete lines
in non-canonical mode. Commands that interactively require a password, enter
canonical mode with echo set to off to do this. This feature (icanon and
!echo) can be used to avoid logging passwords by audit while still logging the
rest of the command. Adding a member to the struct audit_tty_status passed in
by pam_tty_audit allows control of logging passwords per task.
* configure.in: autoconf bits to conditionally add support at compile time
depending on struct audit_tty_status kernel header version.
* modules/pam_tty_audit/pam_tty_audit.8.xml: Document new pam_tty_audit module
log_passwd option.
* modules/pam_tty_audit/pam_tty_audit.c: (pam_sm_open_session): Added
"log_passwd" option parsing.
Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
|
| | |
| | |
| | |
| | |
| | | |
modules/pam_unix/unix_update.8.xml: unix_update helper runs in the
permissive mode as well.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
other one is specified as argument.
* modules/pam_unix/support.c: Add search_key, call from __set_ctrl
* modules/pam_unix/support.h: Add define for /etc/login.defs
* modules/pam_unix/pam_unix.8.xml: Document new behavior.
* modules/pam_umask/pam_umask.c: Add missing NULL pointer check
|
| | |
| | |
| | |
| | |
| | |
| | | |
modules/pam_access/pam_access.c (netgroup_match): As we did not use
yp_get_default_domain() in the 1.1 branch due to typo in ifdef
we should use it only as fallback.
|
| | |
| | |
| | |
| | |
| | | |
modules/pam_namespace/md5.c (MD5Final): Use memcpy instead of assignment.
modules/pam_unix/md5.c (MD5Final): Use memcpy instead of assignment.
|
| | |
| | |
| | |
| | |
| | | |
modules/pam_lastlog/pam_lastlog.c (last_login_failed): Just warn, not fail
on short read or read error.
|
| | |
| | |
| | |
| | |
| | | |
modules/pam_rootok/pam_rootok.c (log_callback, selinux_check_root): New functions.
(check_for_root): Use the selinux_check_root() instead of checkPasswdAccess.
|
| | |
| | |
| | |
| | |
| | | |
modules/pam_pwhistory/opasswd.c (compare_password): Add check for crypt() NULL return.
modules/pam_unix/bigcrypt.c (bigcrypt): Likewise.
|
| | |
| | |
| | |
| | |
| | | |
modules/pam_userdb/pam_userdb.c (user_lookup): Allow password hashes
longer than 13 characters and long salt.
|
| | |
| | |
| | |
| | |
| | | |
modules/pam_access/pam_access.c (netgroup_match): Fix typo
in #ifdef HAVE_YP_GET_DEFAULT_DOMAIN.
|
| | |
| | |
| | |
| | |
| | | |
modules/pam_cracklib/pam_cracklib.8.xml: Add note about checks
when run as root.
|
| | |
| | |
| | |
| | | |
po/Linux-PAM.pot: Update to reflect current sources.
|
| | |
| | |
| | |
| | |
| | | |
po/LINGUAS: Added new languages.
po/*.po: Updated translations from Transifex including new languages.
|