summaryrefslogtreecommitdiff
path: root/debian/patches-applied/series
Commit message (Collapse)AuthorAge
* rebuild README files with current docs toolchain.Steve Langasek2019-01-08
| | | | | also, reorder patches so that all doc rebuilds get the standard locale setting.
* Import Debian changes 1.1.8-3.3Laurent Bigonville2019-01-08
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | pam (1.1.8-3.3) unstable; urgency=low * Non-maintainer upload. [ Steve Langasek ] * Updated Swedish translation to correct a typo, thanks to Anders Jonsson and Martin Bagge. Closes: #743875 * Updated Turkish translation, thanks to Mert Dirik <mertdirik@gmail.com>. (closes: #756756) * d/applied-patches/pam-limits-nofile-fd-setsize-cap: cap the default soft nofile limit read from pid 1 to FD_SETSIZE. Thanks to Robie Basak <robie.basak@ubuntu.com> for the patch. Closes: #783105. * Acknowledge security NMU. * pam-auth-update: don't mishandle trailing whitespace in profiles. LP: #1487103. [ Laurent Bigonville ] * debian/control: Fix Vcs-* and Homepage fields (Closes: #752343) * debian/watch: Update watch file and point it to http://www.linux-pam.org * debian/patches-applied/pam_namespace_fix_bashism.patch: Fix bashism in namespace.init script (Closes: #624842) * debian/control: Build-depends against debhelper (>= 9) to match the defined debhelper compatibility * Rename the cve-2011-4708.patch to cve-2010-4708.patch to match reality, thanks to Jakub Wilk <jwilk@debian.org> for noticing (Closes: #761594) * debian/control: Bump Standards-Version to 3.9.8 (no further changes) * debian/libpam-doc.doc-base.applications-guide: Fix spelling * debian/libpam0g-dev.examples: Do not use shell brace expansion * debian/patches-applied/pam-loginuid-in-containers: Updated with the version from Ubuntu, this should fix logins in containers (Closes: #726661) * debian/patches-applied/update-motd: Updated with the version from Ubuntu: use /run/motd.dynamic instead of /var/run/motd, nothing in the archive uses the later (Closes: #743286) * debian/patches-applied/make_documentation_reproducible.patch: Make the build reproducible, removes differences when building with different locale values (Closes: #792127)
| * d/applied-patches/pam-limits-nofile-fd-setsize-cap: cap the defaultSteve Langasek2019-01-08
| | | | | | | | | | soft nofile limit read from pid 1 to FD_SETSIZE. Thanks to Robie Basak <robie.basak@ubuntu.com> for the patch. Closes: #783105.
* | Import Debian changes 1.1.8-3.2Tianon Gravi2019-01-08
| | | | | | | | | | | | | | | | pam (1.1.8-3.2) unstable; urgency=medium * Non-maintainer upload. * Fix CVE-2015-3238: DoS/user enumeration due to blocking pipe in pam_unix module (Closes: #789986)
* | Import Debian changes 1.1.8-3.1Michael Gilbert2019-01-08
|/ | | | | | | | | | pam (1.1.8-3.1) unstable; urgency=high * Non-maintainer upload by the Security Team. * Fix CVE-2013-7041: case-insensitive comparison used for verifying passwords in the pam_userdb module (closes: #731368). * Fix CVE-2014-2583: multiple directory traversal issues in the pam_timestamp module (closes: 757555)
* Drop another couple of patches that are already upstreamSteve Langasek2019-01-08
|
* debian/patches/fix-manpage-crud: drop, manpages now being generatedSteve Langasek2019-01-08
| | | | upstream with a newer, fixed xsltproc.
* Refresh patchesSteve Langasek2019-01-08
|
* debian/patches-applied/pam-loginuid-in-containers: pam_loginuid:Steve Langasek2019-01-08
| | | | Ignore failure in user namespaces.
* Ditch autoconf patch in favor of a build-dependency on dh-autoreconf,Steve Langasek2019-01-08
| | | | | which will let us keep up-to-date with newer autotools. In the present instance, this gets us aarch64 support.
* debian/patches-applied/glibc-2_16-compilation-fix.patch: fix missingSteve Langasek2019-01-08
| | | | | include causing build failure with eglibc 2.16. Thanks to Daniel Schepler <dschepler@gmail.com>. Closes: #693450.
* Adjust the pam_env documentation to match the module behavior resultingSteve Langasek2019-01-08
| | | | from the previous security upload. Closes: #693995.
* Confirm NMU for bug #611136; thanks to Michael Gilbert.Steve Langasek2019-01-08
|
* * debian/patches-applied/pam_env-fix-overflow.patch: fix stack overflowKees Cook2019-01-08
| | | | | | in environment file parsing (CVE-2011-3148). * debian/patches-applied/pam_env-fix-dos.patch: fix DoS in environment file parsing (CVE-2011-3149).
* merge preliminary multiarch supportSteve Langasek2019-01-08
|\
| * merge from squeezeSteve Langasek2019-01-08
| |\
| | * * debian/patches-applied/no_PATH_MAX_on_hurd: define PATH_MAX forSteve Langasek2019-01-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | compatibility when it's not already set. Closes: #552043. * debian/local/pam-auth-update: Don't try to pass embedded newlines to debconf; backslash-escape them instead and use CAPB escape. * debian/local/pam-auth-update: sort additional module options before writing them out, so that we don't wind up with a different config file on every invocation. Thanks to Jim Paris <jim@jtan.com> for the patch. Closes: #594123.
| * | merge from trunkSteve Langasek2019-01-08
| |\ \ | | |/
| * | New patch to give us proper multiarch module path lookups in conjunction withSteve Langasek2019-01-08
| | | | | | | | | | | | | | | | | | the non-standard configure arguments in debian/rules: look in /lib/$(DEB_HOST_GNU_TYPE)/security first, then /lib/security as a fallback.
* | | update the existing 027_pam_limits_better_init_allow_explicit_root patchSteve Langasek2019-01-08
| | | | | | | | | | | | | | | | | | instead of creating a new parse-kernel-rlimits.patch, to keep these changes logically grouped together; and add a DEP3 patch header here since we didn't have one before
* | | debian/patches-applied/parse-kernel-rlimits.patch: load rlimit defaultsKees Cook2019-01-08
| | | | | | | | | | | | | | | | | | from the kernel (via /proc/1/limits), instead of continuing to hardcode the settings internally. Fall back to internal defaults when the kernel rlimits are not found. Closes: #620302. (LP: #746655, #391761)
* | | debian/patches-applied/no_PATH_MAX_on_hurd: define PATH_MAX forSteve Langasek2019-01-08
| | | | | | | | | | | | compatibility when it's not already set. Closes: #552043.
* | | Drop patches conditional_module,_conditional_man andSteve Langasek2019-01-08
| |/ |/| | | | | mkhomedir_linking.patch, which are included upstream.
* | Don't pass --version-script options when linking executables,Steve Langasek2019-01-08
| | | | | | | | | | only when linking libraries. Thanks to Julien Cristau <jcristau@debian.org> for the fix. Closes: #582362.
* | debian/patches/conditional_module,_conditional_man: if we don't have theSteve Langasek2019-01-08
| | | | | | | | | | libraries required for building pam_tty_audit, we shouldn't install the manpage either. LP: #588547.
* | Drop patches pam.d-manpage-section, namespace_with_awk_not_gawk, andSteve Langasek2019-01-08
| | | | | | | | pam_securetty_tty_check_before_user_check, which are included upstream.
* | debian/patches/sys-types-include.patch: fix pam_modutil.h so that it canSteve Langasek2019-01-08
| | | | | | | | | | be included directly, without having to include sys/types.h first. Closes: #556203.
* | debian/patches/pam_securetty_tty_check_before_user_check: new patch,Steve Langasek2019-01-08
|/ | | | | | to make pam_securetty always return success on a secure tty regardless of what username was passed. Thanks to Nicolas Fran├žois <nicolas.francois@centraliens.net> for the patch. Closes: #537848
* debian/patches/namespace_with_awk_not_gawk: fix the sampleSteve Langasek2019-01-08
| | | | | namespace.init script's dependency on non-POSIX features of gawk, since we don't use gawk by default. Closes; #518908.
* debian/patches/fix-man-crud: new patch, fix "undefined macro" errors inSteve Langasek2019-01-08
| | | | | manpages caused by oddities of toolchain used when generating them upstream.
* pam_unix-chkpwd-wait also merged upstreamSteve Langasek2019-01-08
|
* Drop patches pam_unix_thread-safe_save_old_password.patch,Steve Langasek2019-01-08
| | | | | | pam_env_ignore_garbage.patch, dont_freeze_password_chain, pam_1.0.4_mindays, pam_mail-fix-quiet, and cve-2009-0887-libpam-pam_misc.patch, which are included upstream.
* cve-2009-0887-libpam-pam_misc.patch: avoid integer signedness problemSam Hartman2019-01-08
| | | | (CVE-2009-0887) (Closes: #520115)
* Merge debian sid branchSam Hartman2019-01-08
|\
| * pam_motd: run the update-motd scripts in pam_motd; render update-motdSteve Langasek2019-01-08
| | | | | | | | obsolete, LP: #399071
* | pam_mail-fix-quiet: patch from Andreas HenrikssonSam Hartman2019-01-08
|/ | | | applied upstream to fix quiet option of pam_mail, Closes: #439268
* Add debian/patches/pam_1.0.4_mindays: backport upstream 1.0.4 fixesKees Cook2019-01-08
| | | | for MINDAYS-Field regression (closes: #514437).
* New patch dont_freeze_password_chain, cherry-picked from upstream:Steve Langasek2019-01-03
| | | | | | | | don't always follow the same path through the password stack on the PAM_UPDATE_AUTHTOK pass as was used in the PAM_PRELIM_CHECK pass; this Linux-PAM deviation from the original PAM spec causes a number of problems, in particular causing wrong return values when using the refactored pam-auth-update stack. LP: #303515, #305882.
* pam_unix-chkpwd-wait: don't assume that the unix_chkpwd processJulien Cristau2019-01-03
| | | | | | exits normally; if it was killed by a signal, we don't want to accept the password.
* drop the patch to restore the particular setreuid() handling, which was in factSteve Langasek2019-01-03
| | | | buggy before and fixed now.
* drop the patch to do NIS+ auth in-process, the uid changing is better handledSteve Langasek2019-01-03
| | | | by a subprocess.
* * New patch, pam.d-manpage-section, to fix the manpage references toSteve Langasek2019-01-03
| | | | | | point to section 5 instead of section 8. * Update patch PAM-manpage-section to fix the references to pam(7) from other manpages. Closes: #470137.
* New patch pam_unix_dont_trust_chkpwd_caller.patch, rolling back anSteve Langasek2019-01-03
| | | | | | upstream change that causes unix_chkpwd to assume that setuid(getuid()) is sufficient to drop permissions and attempt any authentication on behalf of the user.
* Drop another patch that's integrated upstreamSteve Langasek2019-01-03
|
* Drop another patch that's integrated upstreamSteve Langasek2019-01-03
|
* fix patch names so it's clear these are all for pam_unixSteve Langasek2019-01-03
|
* New patch pam_unix_fix_sgid_shadow_auth.patch, fixing an upstreamSteve Langasek2019-01-03
| | | | | | | | regression which prevents sgid shadow apps from being able to authenticate any more because the module forces use of the helper and the helper won't allow authentication of arbitrary users. This change does mean we're going to be noisier for the time being in an SELinux environment, which should be addressed but is not a regression on Debian.
* New patch no_helper_for_nis+.patch, which restores the behavior of doingSteve Langasek2019-01-03
| | | | | in-process NIS+ account checking instead of unconditionally passing it off to the unix_chkpwd helper; if it wasn't broke, don't fix it.
* New patch setreuid_juggling.patch: restore the 0.99.9.0 behavior wrt uidSteve Langasek2019-01-03
| | | | | changes for NIS+, since I know the old behavior was right and don't believe anyone has tested the new code.
* move the getpwnam patch to the beginning of the series, since it should beSteve Langasek2019-01-03
| | | | committed upstream soon