| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
| |
pam (1.1.8-3.2) unstable; urgency=medium
* Non-maintainer upload.
* Fix CVE-2015-3238: DoS/user enumeration due to blocking pipe in pam_unix
module (Closes: #789986)
|
|
|
|
|
|
|
|
|
|
| |
pam (1.1.8-3.1) unstable; urgency=high
* Non-maintainer upload by the Security Team.
* Fix CVE-2013-7041: case-insensitive comparison used for verifying
passwords in the pam_userdb module (closes: #731368).
* Fix CVE-2014-2583: multiple directory traversal issues in the
pam_timestamp module (closes: 757555)
|
| |
|
|
|
|
| |
upstream with a newer, fixed xsltproc.
|
| |
|
|
|
|
| |
Ignore failure in user namespaces.
|
|
|
|
|
| |
which will let us keep up-to-date with newer autotools. In the present
instance, this gets us aarch64 support.
|
|
|
|
|
| |
include causing build failure with eglibc 2.16. Thanks to Daniel
Schepler <dschepler@gmail.com>. Closes: #693450.
|
|
|
|
| |
from the previous security upload. Closes: #693995.
|
| |
|
|
|
|
|
|
| |
in environment file parsing (CVE-2011-3148).
* debian/patches-applied/pam_env-fix-dos.patch: fix DoS in environment
file parsing (CVE-2011-3149).
|
|\ |
|
| |\ |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
compatibility when it's not already set. Closes: #552043.
* debian/local/pam-auth-update: Don't try to pass embedded newlines to
debconf; backslash-escape them instead and use CAPB escape.
* debian/local/pam-auth-update: sort additional module options before
writing them out, so that we don't wind up with a different config file
on every invocation. Thanks to Jim Paris <jim@jtan.com> for the patch.
Closes: #594123.
|
| |\| |
|
| | |
| | |
| | |
| | |
| | |
| | | |
the non-standard configure arguments in debian/rules: look in
/lib/$(DEB_HOST_GNU_TYPE)/security first, then /lib/security as a fallback.
|
| | |
| | |
| | |
| | |
| | |
| | | |
instead of creating a new parse-kernel-rlimits.patch, to keep these changes
logically grouped together; and add a DEP3 patch header here since we didn't
have one before
|
| | |
| | |
| | |
| | |
| | |
| | | |
from the kernel (via /proc/1/limits), instead of continuing to hardcode
the settings internally. Fall back to internal defaults when the kernel
rlimits are not found. Closes: #620302. (LP: #746655, #391761)
|
| | |
| | |
| | |
| | | |
compatibility when it's not already set. Closes: #552043.
|
| |/
|/|
| |
| | |
mkhomedir_linking.patch, which are included upstream.
|
| |
| |
| |
| |
| | |
only when linking libraries. Thanks to Julien Cristau
<jcristau@debian.org> for the fix. Closes: #582362.
|
| |
| |
| |
| |
| | |
libraries required for building pam_tty_audit, we shouldn't install the
manpage either. LP: #588547.
|
| |
| |
| |
| | |
pam_securetty_tty_check_before_user_check, which are included upstream.
|
| |
| |
| |
| |
| | |
be included directly, without having to include sys/types.h first.
Closes: #556203.
|
|/
|
|
|
|
| |
to make pam_securetty always return success on a secure tty regardless
of what username was passed. Thanks to Nicolas François
<nicolas.francois@centraliens.net> for the patch. Closes: #537848
|
|
|
|
|
| |
namespace.init script's dependency on non-POSIX features of gawk, since
we don't use gawk by default. Closes; #518908.
|
|
|
|
|
| |
manpages caused by oddities of toolchain used when generating them
upstream.
|
| |
|
|
|
|
|
|
| |
pam_env_ignore_garbage.patch, dont_freeze_password_chain,
pam_1.0.4_mindays, pam_mail-fix-quiet, and
cve-2009-0887-libpam-pam_misc.patch, which are included upstream.
|
|
|
|
| |
(CVE-2009-0887) (Closes: #520115)
|
|\ |
|
| |
| |
| |
| | |
obsolete, LP: #399071
|
|/
|
|
| |
applied upstream to fix quiet option of pam_mail, Closes: #439268
|
|
|
|
| |
for MINDAYS-Field regression (closes: #514437).
|
|
|
|
|
|
|
|
| |
don't always follow the same path through the password stack on
the PAM_UPDATE_AUTHTOK pass as was used in the PAM_PRELIM_CHECK
pass; this Linux-PAM deviation from the original PAM spec causes a
number of problems, in particular causing wrong return values when
using the refactored pam-auth-update stack. LP: #303515, #305882.
|
|
|
|
|
|
| |
exits normally; if it was killed by a signal, we don't want to
accept the password.
|
|
|
|
| |
buggy before and fixed now.
|
|
|
|
| |
by a subprocess.
|
|
|
|
|
|
| |
point to section 5 instead of section 8.
* Update patch PAM-manpage-section to fix the references to pam(7) from
other manpages. Closes: #470137.
|
|
|
|
|
|
| |
upstream change that causes unix_chkpwd to assume that setuid(getuid())
is sufficient to drop permissions and attempt any authentication on
behalf of the user.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
regression which prevents sgid shadow apps from being able to authenticate
any more because the module forces use of the helper and the helper won't
allow authentication of arbitrary users. This change does mean we're
going to be noisier for the time being in an SELinux environment, which
should be addressed but is not a regression on Debian.
|
|
|
|
|
| |
in-process NIS+ account checking instead of unconditionally passing it
off to the unix_chkpwd helper; if it wasn't broke, don't fix it.
|
|
|
|
|
| |
changes for NIS+, since I know the old behavior was right and don't
believe anyone has tested the new code.
|
|
|
|
| |
committed upstream soon
|
|
|
|
| |
getpwnam() use in pam_unix is thread-safe (fixes an upstream regression)
|
|
|
|
| |
and pam_tally_audit.patch, which have been merged upstream.
|
| |
|