Commit message (Collapse) | Author | Age | |
---|---|---|---|
* | New patch dont_freeze_password_chain, cherry-picked from upstream: | Steve Langasek | 2019-01-03 |
| | | | | | | | | don't always follow the same path through the password stack on the PAM_UPDATE_AUTHTOK pass as was used in the PAM_PRELIM_CHECK pass; this Linux-PAM deviation from the original PAM spec causes a number of problems, in particular causing wrong return values when using the refactored pam-auth-update stack. LP: #303515, #305882. | ||
* | * Updated debconf translations: | Steve Langasek | 2019-01-03 |
| | | | | - Vietnamese, thanks to Clytie Siddall <clytie@riverland.net.au> | ||
* | mark for upload | Steve Langasek | 2019-01-03 |
| | |||
* | Updated Portuguese debconf translation | Américo Monteiro | 2019-01-03 |
| | |||
* | Updated Basque debconf translation | Piarres Beobide | 2019-01-03 |
| | |||
* | Updated Russian debconf translation | Yuri Kozlov | 2019-01-03 |
| | |||
* | Updated Turkish debconf translation | Mert Dirik | 2019-01-03 |
| | |||
* | Updated German debconf translation | Sven Joachim | 2019-01-03 |
| | |||
* | Updated French debconf translation | Steve Petruzzello | 2019-01-03 |
| | |||
* | Updated Czech debconf translation | unknown | 2019-01-03 |
| | |||
* | Updated Bulgarian debconf translation | Damyan Ivanov | 2019-01-03 |
| | |||
* | Updated Slovak debconf translation | helix84 | 2019-01-03 |
| | |||
* | Updated Galician debconf translation | Marce Villarino | 2019-01-03 |
| | |||
* | Updated Spanish debconf translation | Javier Fernandez-Sanguino Peña | 2019-01-03 |
| | |||
* | Updated Finnish debconf translation | Esko Arajärvi | 2019-01-03 |
| | |||
* | Updated Japanese debconf translation | Kenshi Muto | 2019-01-03 |
| | |||
* | Updated Swedish debconf translation | Martin Bagge | 2019-01-03 |
| | |||
* | Updated simplified Chinese debconf translation | Deng Xiyue | 2019-01-03 |
| | |||
* | Updated Italian debconf translation | David Paleino | 2019-01-03 |
| | |||
* | have libpam-modules Pre-Depend on ${misc:Depends} and add a debconf question to | Steve Langasek | 2019-01-03 |
| | | | | | | the libpam-modules preinst, so we can reliably warn users about xscreensaver and xlockmore before libpam-modules is unpacked; at the same time, clean up the text of the libpam0g debconf template to not refer to the screensavers. | ||
* | Have libpam-modules Pre-Depend on its shlibs, to force libpam0g to be | Steve Langasek | 2019-01-03 |
| | | | | | | | configured before libpam-modules is unpacked and allowing us to warn users about needing to disable xscreensaver and xlockmore at the right time without having to add a pre-dependency on debconf to these transitively essential packages. Closes: #502140, LP: #256238. | ||
* | Don't refer to gnome-screensaver in the debconf template; it isn't | Steve Langasek | 2019-01-03 |
| | | | | | actually affected by the libpam symbol issue because it forks a separate process to display the screensaver dialog. | ||
* | Build-conflict with libxcrypt-dev, which otherwise pulls libxcrypt in as | Steve Langasek | 2019-01-03 |
| | | | | | a dependency of libpam-modules if it's installed during the build. Thanks to Larry Doolittle for catching. | ||
* | mark for upload | Steve Langasek | 2019-01-03 |
| | |||
* | debian/rules: call chgrp *before* calling chmod, lest the sgid bit | Steve Langasek | 2019-01-03 |
| | | | | | on unix_chkpwd be cleared during the build when using -rsudo. Closes: #496983. | ||
* | 055_pam_unix_nullok_secure: also don't call the helper at all from | Steve Langasek | 2019-01-03 |
| | | | | | | _unix_blankpasswd when we can detect that null passwords are disallowed, to avoid causing spammy logs on successful authentications. Closes: #496620. | ||
* | 007_modules_pam_unix: update the manpage at the same time as the xml | Steve Langasek | 2019-01-03 |
| | | | | source (grr, autogenerated files in source packages). Closes: #495804. | ||
* | document bug closure | Steve Langasek | 2019-01-03 |
| | |||
* | pam_unix-chkpwd-wait: don't assume that the unix_chkpwd process | Julien Cristau | 2019-01-03 |
| | | | | | | exits normally; if it was killed by a signal, we don't want to accept the password. | ||
* | mark for upload | Steve Langasek | 2019-01-03 |
| | |||
* | 055_pam_unix_nullok_secure: don't call _pammodutil_tty_secure with a NULL | Steve Langasek | 2019-01-03 |
| | | | | | | tty argument, since this will cause our helper to segfault instead of returning a useful value. Thanks to Troy Davis for the report. Closes: #495806. | ||
* | mark for upload | Steve Langasek | 2019-01-03 |
| | |||
* | debian/patches/054_pam_security_abstract_securetty_handling: move the | Steve Langasek | 2019-01-03 |
| | | | | | | | | warning log about an insecure tty back to pam_securetty proper; we don't want to generate log messages every time pam_unix is called as non-root. Closes: #493283. As a side-effect, pam_unix no longer logs any warnings about NULL password + insecure tty, but I don't think this is critical. | ||
* | Build-Conflict with libdb4.2-dev, which satisfies the libdb-dev | Steve Langasek | 2019-01-03 |
| | | | | | build-dependency but causes pam_userdb to be silently omitted. Closes: #493574. | ||
* | Drop libpam-runtime.preinst, only used for upgrades from woody to sarge | Steve Langasek | 2019-01-03 |
| | | | | to deal with modified conffiles. | ||
* | Drop various bits of unused cruft from the debian/ directory. | Steve Langasek | 2019-01-03 |
| | |||
* | Update the Debian PAM mini-policy to remove references to the | Steve Langasek | 2019-01-03 |
| | | | | | long-obsolete pam_pwdb, and clarify the relationship between pam_stack and @include. | ||
* | Look for cups instead of cupsys as an init script name when restarting | Steve Langasek | 2019-01-03 |
| | | | | | services; thanks to Stephen Olander-Waters for pointing this out. Closes: #492977. | ||
* | * 007_modules_pam_unix: update the documentation to correctly document | Steve Langasek | 2019-01-03 |
| | | | | the default minimum password length is 6, not 1. | ||
* | mark for upload | Steve Langasek | 2019-01-03 |
| | |||
* | drop the patch to restore the particular setreuid() handling, which was in fact | Steve Langasek | 2019-01-03 |
| | | | | buggy before and fixed now. | ||
* | Fix a bug in the uid-restoring code in the hurd_no_setfsuid patch; thanks | Steve Langasek | 2019-01-03 |
| | | | | | to Tomas Mraz <tmraz@redhat.com> for indirectly bringing this to my attention | ||
* | drop the patch to do NIS+ auth in-process, the uid changing is better handled | Steve Langasek | 2019-01-03 |
| | | | | by a subprocess. | ||
* | document another upstream bug closure | Steve Langasek | 2019-01-03 |
| | |||
* | Bump Standards-Version to 3.8.0. | Steve Langasek | 2019-01-03 |
| | |||
* | Add debian/README.source documenting that this package uses quilt. | Steve Langasek | 2019-01-03 |
| | |||
* | * New patch, pam.d-manpage-section, to fix the manpage references to | Steve Langasek | 2019-01-03 |
| | | | | | | point to section 5 instead of section 8. * Update patch PAM-manpage-section to fix the references to pam(7) from other manpages. Closes: #470137. | ||
* | New patch pam_unix_dont_trust_chkpwd_caller.patch, rolling back an | Steve Langasek | 2019-01-03 |
| | | | | | | upstream change that causes unix_chkpwd to assume that setuid(getuid()) is sufficient to drop permissions and attempt any authentication on behalf of the user. | ||
* | Drop another patch that's integrated upstream | Steve Langasek | 2019-01-03 |
| | |||
* | Drop another patch that's integrated upstream | Steve Langasek | 2019-01-03 |
| |