summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
...
* | shadow the finite kernel defaults for RLIMIT_SIGPENDING andSteve Langasek2019-01-08
| | | | | | | | | | RLIMIT_MSGQUEUE as well, so that the preceding changes don't suddenly expose systems to DoS or other issues.
* | 027_pam_limits_better_init_allow_explicit_root: also fix the patch soSteve Langasek2019-01-08
| | | | | | | | | | that our limit resets are actually *applied*, which has apparently been broken for who knows how long!
* | 027_pam_limits_better_init_allow_explicit_root: RLIM_INFINITY may or maySteve Langasek2019-01-08
| | | | | | | | | | | | | | not be invalid for RLIMIT_NOFILE, but we don't want to set a hard limit of 1024 by default; try to set this limit to the value of /proc/sys/fs/nr_open if we can, or fall back to RLIM_INFINITY. Closes: #515673, LP: #327597.
* | releasing version 1.0.1-6Steve Langasek2019-01-08
| |
* | fix-up commit to match 1.1.0-6 from the archiveSteve Langasek2019-01-08
| |
* | mark as untranslatable to spare translators some time, and add aSteve Langasek2019-01-03
| | | | | | | | comment about this to the preceding template
* | debian/local/pam-auth-update (et al): new interface for managingSteve Langasek2019-01-03
|\| | | | | | | | | /etc/pam.d/common-*, using drop-in config snippets provided by module packages.
| * also update the md5sums in response to the template version bumps...Steve Langasek2019-01-03
| |
| * bump the versioned dep on libpam-runtime as wellSteve Langasek2019-01-03
| |
| * bump the version number for what should really be the last time: no more pamSteve Langasek2019-01-03
| | | | | | | | uploads are anticipated before the lenny release (again).
| * catch up with Debian unstableSteve Langasek2019-01-03
| |\
| * | factor out the duplicate code used for returning the lines for a given moduleSteve Langasek2019-01-03
| | |
| * | libpam-runtime depends only on debconf (>= 1.5.19), with no alternative forSteve Langasek2019-01-03
| | | | | | | | | | | | | | | | | | cdebconf; discussion on debian-devel reveals that only debconf itself provides the confmodule portion these days, so we must have the correct version of debconf regardless of whether cdebconf is also installed.
| * | trim leading whitespace from multiline fields when parsing PAM profilesSteve Langasek2019-01-03
| | |
| * | libpam-runtime needs a versioned dep on debconf, because it uses ↵Steve Langasek2019-01-03
| | | | | | | | | | | | x_loadtemplatefile
| * | ignore removed profiles when detecting an empty setGreg Price2019-01-03
| | |
| * | If /var/lib/pam/seen is absent, handle it the same as if the file wereGreg Price2019-01-03
| | | | | | | | | | | | | | | present but empty.
| * | Allow passwords to change on expired accounts, by passing new_authtok_reqd ↵Kees Cook2019-01-03
| | | | | | | | | | | | return codes immediately (LP: #291091).
| * | skip over the 'deny' in our no-primary-modules caseSteve Langasek2019-01-03
| | |
| * | get rid of the double pam_permit in common-password, the stack will handleSteve Langasek2019-01-03
| | | | | | | | | | | | this correctly now
| * | get rid of the double pam_permit in common-session, the stack will handle thisSteve Langasek2019-01-03
| | | | | | | | | | | | right now
| * | tune the whitespaceSteve Langasek2019-01-03
| | |
| * | output a generic pam_permit line if the primary block is emptySteve Langasek2019-01-03
| | |
| * | Use -Initial only for the first profile, even when there's no explicit -InitialSteve Langasek2019-01-03
| | | | | | | | | | | | config for that first profile
| * | output a generic pam_permit line if the primary block is emptySteve Langasek2019-01-03
| | |
| * | Use -Initial only for the first profile, even when there's no explicit -InitialSteve Langasek2019-01-03
| | | | | | | | | | | | config for that first profile
| * | add in the ubiquitous debhelper tokensSteve Langasek2019-01-03
| | |
| * | fix a bug in the parser that caused error spewing if there were any lines afterSteve Langasek2019-01-03
| | | | | | | | | | | | the end of the managed block
| * | synchronize the state-saving format with the code actually used for comparisonsSteve Langasek2019-01-03
| | |
| * | drop '-Final' from all of the field names, but support these field names forSteve Langasek2019-01-03
| | | | | | | | | | | | backwards compatibility
| * | refine the password profiles: these should be in a 'primary' block after all,Steve Langasek2019-01-03
| | | | | | | | | | | | paralleling the auth structure as much as possible.
| * | bump the referenced version number again for one /really/ final pam upload toSteve Langasek2019-01-03
| | | | | | | | | | | | | | | | | | lenny, and update the checksums to point at the current template versions (replacing the previous md5sums, since that version was never uploaded to Debian)
| * | drop this md5sum from the branch, it's Ubuntu-specificSteve Langasek2019-01-03
| | |
| * | add old session template md5sumSteve Langasek2019-01-03
| | |
| * | implement automatic upgrades of the templates if they're unmodifiedSteve Langasek2019-01-03
| | |
| * | first cut of a manpage for pam-auth-updateSteve Langasek2019-01-03
| | |
| * | never unlink the .pam-old file - just only create it if --force is set.Steve Langasek2019-01-03
| | |
| * | document another bug that we need to sort outSteve Langasek2019-01-03
| | |
| * | priority alone doesn't guarantee a complete sort; sort by the profile name asSteve Langasek2019-01-03
| | | | | | | | | | | | a second field, to be sure we get out all the duplicates
| * | filter removals out of both the available and the enabled option listsSteve Langasek2019-01-03
| | |
| * | apparently we need to use shift @ARGV here, not just shiftSteve Langasek2019-01-03
| | |
| * | fix a typoSteve Langasek2019-01-03
| | |
| * | use pam-auth-update --remove in the package prermsSteve Langasek2019-01-03
| | |
| * | implement --remove, which allows deconfiguring of modules in advance of packageSteve Langasek2019-01-03
| | | | | | | | | | | | removal
| * | optimize the grep a bit moreSteve Langasek2019-01-03
| | |
| * | filter the config list to exclude configs that no longer existSteve Langasek2019-01-03
| | | | | | | | | | | | avoid unnecessary sort/grep in the case where we already have a sorted list
| * | if the target doesn't already exist, don't try to copy itSteve Langasek2019-01-03
| | |
| * | fix the regex used when suppressing jump counts when reading the savedSteve Langasek2019-01-03
| | | | | | | | | | | | | | | config, so that we don't clobber module options with numbers in them
| * | another inconsistency in referring to the program nameSteve Langasek2019-01-03
| | |
| * | session needs to be handled the same way as password, with the possibility ofSteve Langasek2019-01-03
| | | | | | | | | | | | | | | zero primary modules
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-23 17:40:16 +0000