Commit message (Collapse) | Author | Age | ||
---|---|---|---|---|
... | ||||
* | | shadow the finite kernel defaults for RLIMIT_SIGPENDING and | Steve Langasek | 2019-01-08 | |
| | | | | | | | | | | RLIMIT_MSGQUEUE as well, so that the preceding changes don't suddenly expose systems to DoS or other issues. | |||
* | | 027_pam_limits_better_init_allow_explicit_root: also fix the patch so | Steve Langasek | 2019-01-08 | |
| | | | | | | | | | | that our limit resets are actually *applied*, which has apparently been broken for who knows how long! | |||
* | | 027_pam_limits_better_init_allow_explicit_root: RLIM_INFINITY may or may | Steve Langasek | 2019-01-08 | |
| | | | | | | | | | | | | | | not be invalid for RLIMIT_NOFILE, but we don't want to set a hard limit of 1024 by default; try to set this limit to the value of /proc/sys/fs/nr_open if we can, or fall back to RLIM_INFINITY. Closes: #515673, LP: #327597. | |||
* | | releasing version 1.0.1-6 | Steve Langasek | 2019-01-08 | |
| | | ||||
* | | fix-up commit to match 1.1.0-6 from the archive | Steve Langasek | 2019-01-08 | |
| | | ||||
* | | mark as untranslatable to spare translators some time, and add a | Steve Langasek | 2019-01-03 | |
| | | | | | | | | comment about this to the preceding template | |||
* | | debian/local/pam-auth-update (et al): new interface for managing | Steve Langasek | 2019-01-03 | |
|\| | | | | | | | | | /etc/pam.d/common-*, using drop-in config snippets provided by module packages. | |||
| * | also update the md5sums in response to the template version bumps... | Steve Langasek | 2019-01-03 | |
| | | ||||
| * | bump the versioned dep on libpam-runtime as well | Steve Langasek | 2019-01-03 | |
| | | ||||
| * | bump the version number for what should really be the last time: no more pam | Steve Langasek | 2019-01-03 | |
| | | | | | | | | uploads are anticipated before the lenny release (again). | |||
| * | catch up with Debian unstable | Steve Langasek | 2019-01-03 | |
| |\ | ||||
| * | | factor out the duplicate code used for returning the lines for a given module | Steve Langasek | 2019-01-03 | |
| | | | ||||
| * | | libpam-runtime depends only on debconf (>= 1.5.19), with no alternative for | Steve Langasek | 2019-01-03 | |
| | | | | | | | | | | | | | | | | | | cdebconf; discussion on debian-devel reveals that only debconf itself provides the confmodule portion these days, so we must have the correct version of debconf regardless of whether cdebconf is also installed. | |||
| * | | trim leading whitespace from multiline fields when parsing PAM profiles | Steve Langasek | 2019-01-03 | |
| | | | ||||
| * | | libpam-runtime needs a versioned dep on debconf, because it uses ↵ | Steve Langasek | 2019-01-03 | |
| | | | | | | | | | | | | x_loadtemplatefile | |||
| * | | ignore removed profiles when detecting an empty set | Greg Price | 2019-01-03 | |
| | | | ||||
| * | | If /var/lib/pam/seen is absent, handle it the same as if the file were | Greg Price | 2019-01-03 | |
| | | | | | | | | | | | | | | | present but empty. | |||
| * | | Allow passwords to change on expired accounts, by passing new_authtok_reqd ↵ | Kees Cook | 2019-01-03 | |
| | | | | | | | | | | | | return codes immediately (LP: #291091). | |||
| * | | skip over the 'deny' in our no-primary-modules case | Steve Langasek | 2019-01-03 | |
| | | | ||||
| * | | get rid of the double pam_permit in common-password, the stack will handle | Steve Langasek | 2019-01-03 | |
| | | | | | | | | | | | | this correctly now | |||
| * | | get rid of the double pam_permit in common-session, the stack will handle this | Steve Langasek | 2019-01-03 | |
| | | | | | | | | | | | | right now | |||
| * | | tune the whitespace | Steve Langasek | 2019-01-03 | |
| | | | ||||
| * | | output a generic pam_permit line if the primary block is empty | Steve Langasek | 2019-01-03 | |
| | | | ||||
| * | | Use -Initial only for the first profile, even when there's no explicit -Initial | Steve Langasek | 2019-01-03 | |
| | | | | | | | | | | | | config for that first profile | |||
| * | | output a generic pam_permit line if the primary block is empty | Steve Langasek | 2019-01-03 | |
| | | | ||||
| * | | Use -Initial only for the first profile, even when there's no explicit -Initial | Steve Langasek | 2019-01-03 | |
| | | | | | | | | | | | | config for that first profile | |||
| * | | add in the ubiquitous debhelper tokens | Steve Langasek | 2019-01-03 | |
| | | | ||||
| * | | fix a bug in the parser that caused error spewing if there were any lines after | Steve Langasek | 2019-01-03 | |
| | | | | | | | | | | | | the end of the managed block | |||
| * | | synchronize the state-saving format with the code actually used for comparisons | Steve Langasek | 2019-01-03 | |
| | | | ||||
| * | | drop '-Final' from all of the field names, but support these field names for | Steve Langasek | 2019-01-03 | |
| | | | | | | | | | | | | backwards compatibility | |||
| * | | refine the password profiles: these should be in a 'primary' block after all, | Steve Langasek | 2019-01-03 | |
| | | | | | | | | | | | | paralleling the auth structure as much as possible. | |||
| * | | bump the referenced version number again for one /really/ final pam upload to | Steve Langasek | 2019-01-03 | |
| | | | | | | | | | | | | | | | | | | lenny, and update the checksums to point at the current template versions (replacing the previous md5sums, since that version was never uploaded to Debian) | |||
| * | | drop this md5sum from the branch, it's Ubuntu-specific | Steve Langasek | 2019-01-03 | |
| | | | ||||
| * | | add old session template md5sum | Steve Langasek | 2019-01-03 | |
| | | | ||||
| * | | implement automatic upgrades of the templates if they're unmodified | Steve Langasek | 2019-01-03 | |
| | | | ||||
| * | | first cut of a manpage for pam-auth-update | Steve Langasek | 2019-01-03 | |
| | | | ||||
| * | | never unlink the .pam-old file - just only create it if --force is set. | Steve Langasek | 2019-01-03 | |
| | | | ||||
| * | | document another bug that we need to sort out | Steve Langasek | 2019-01-03 | |
| | | | ||||
| * | | priority alone doesn't guarantee a complete sort; sort by the profile name as | Steve Langasek | 2019-01-03 | |
| | | | | | | | | | | | | a second field, to be sure we get out all the duplicates | |||
| * | | filter removals out of both the available and the enabled option lists | Steve Langasek | 2019-01-03 | |
| | | | ||||
| * | | apparently we need to use shift @ARGV here, not just shift | Steve Langasek | 2019-01-03 | |
| | | | ||||
| * | | fix a typo | Steve Langasek | 2019-01-03 | |
| | | | ||||
| * | | use pam-auth-update --remove in the package prerms | Steve Langasek | 2019-01-03 | |
| | | | ||||
| * | | implement --remove, which allows deconfiguring of modules in advance of package | Steve Langasek | 2019-01-03 | |
| | | | | | | | | | | | | removal | |||
| * | | optimize the grep a bit more | Steve Langasek | 2019-01-03 | |
| | | | ||||
| * | | filter the config list to exclude configs that no longer exist | Steve Langasek | 2019-01-03 | |
| | | | | | | | | | | | | avoid unnecessary sort/grep in the case where we already have a sorted list | |||
| * | | if the target doesn't already exist, don't try to copy it | Steve Langasek | 2019-01-03 | |
| | | | ||||
| * | | fix the regex used when suppressing jump counts when reading the saved | Steve Langasek | 2019-01-03 | |
| | | | | | | | | | | | | | | | config, so that we don't clobber module options with numbers in them | |||
| * | | another inconsistency in referring to the program name | Steve Langasek | 2019-01-03 | |
| | | | ||||
| * | | session needs to be handled the same way as password, with the possibility of | Steve Langasek | 2019-01-03 | |
| | | | | | | | | | | | | | | | zero primary modules |