Commit message (Collapse) | Author | Age | |
---|---|---|---|
* | debian/patches/conditional_module,_conditional_man: if we don't have the | Steve Langasek | 2019-01-08 |
| | | | | | libraries required for building pam_tty_audit, we shouldn't install the manpage either. LP: #588547. | ||
* | Drop patches pam.d-manpage-section, namespace_with_awk_not_gawk, and | Steve Langasek | 2019-01-08 |
| | | | | pam_securetty_tty_check_before_user_check, which are included upstream. | ||
* | debian/patches/sys-types-include.patch: fix pam_modutil.h so that it can | Steve Langasek | 2019-01-08 |
| | | | | | be included directly, without having to include sys/types.h first. Closes: #556203. | ||
* | debian/patches/pam_securetty_tty_check_before_user_check: new patch, | Steve Langasek | 2019-01-08 |
| | | | | | | to make pam_securetty always return success on a secure tty regardless of what username was passed. Thanks to Nicolas François <nicolas.francois@centraliens.net> for the patch. Closes: #537848 | ||
* | debian/patches/namespace_with_awk_not_gawk: fix the sample | Steve Langasek | 2019-01-08 |
| | | | | | namespace.init script's dependency on non-POSIX features of gawk, since we don't use gawk by default. Closes; #518908. | ||
* | debian/patches/fix-man-crud: new patch, fix "undefined macro" errors in | Steve Langasek | 2019-01-08 |
| | | | | | manpages caused by oddities of toolchain used when generating them upstream. | ||
* | pam_unix-chkpwd-wait also merged upstream | Steve Langasek | 2019-01-08 |
| | |||
* | Drop patches pam_unix_thread-safe_save_old_password.patch, | Steve Langasek | 2019-01-08 |
| | | | | | | pam_env_ignore_garbage.patch, dont_freeze_password_chain, pam_1.0.4_mindays, pam_mail-fix-quiet, and cve-2009-0887-libpam-pam_misc.patch, which are included upstream. | ||
* | cve-2009-0887-libpam-pam_misc.patch: avoid integer signedness problem | Sam Hartman | 2019-01-08 |
| | | | | (CVE-2009-0887) (Closes: #520115) | ||
* | Merge debian sid branch | Sam Hartman | 2019-01-08 |
|\ | |||
| * | pam_motd: run the update-motd scripts in pam_motd; render update-motd | Steve Langasek | 2019-01-08 |
| | | | | | | | | obsolete, LP: #399071 | ||
* | | pam_mail-fix-quiet: patch from Andreas Henriksson | Sam Hartman | 2019-01-08 |
|/ | | | | applied upstream to fix quiet option of pam_mail, Closes: #439268 | ||
* | Add debian/patches/pam_1.0.4_mindays: backport upstream 1.0.4 fixes | Kees Cook | 2019-01-08 |
| | | | | for MINDAYS-Field regression (closes: #514437). | ||
* | New patch dont_freeze_password_chain, cherry-picked from upstream: | Steve Langasek | 2019-01-03 |
| | | | | | | | | don't always follow the same path through the password stack on the PAM_UPDATE_AUTHTOK pass as was used in the PAM_PRELIM_CHECK pass; this Linux-PAM deviation from the original PAM spec causes a number of problems, in particular causing wrong return values when using the refactored pam-auth-update stack. LP: #303515, #305882. | ||
* | pam_unix-chkpwd-wait: don't assume that the unix_chkpwd process | Julien Cristau | 2019-01-03 |
| | | | | | | exits normally; if it was killed by a signal, we don't want to accept the password. | ||
* | drop the patch to restore the particular setreuid() handling, which was in fact | Steve Langasek | 2019-01-03 |
| | | | | buggy before and fixed now. | ||
* | drop the patch to do NIS+ auth in-process, the uid changing is better handled | Steve Langasek | 2019-01-03 |
| | | | | by a subprocess. | ||
* | * New patch, pam.d-manpage-section, to fix the manpage references to | Steve Langasek | 2019-01-03 |
| | | | | | | point to section 5 instead of section 8. * Update patch PAM-manpage-section to fix the references to pam(7) from other manpages. Closes: #470137. | ||
* | New patch pam_unix_dont_trust_chkpwd_caller.patch, rolling back an | Steve Langasek | 2019-01-03 |
| | | | | | | upstream change that causes unix_chkpwd to assume that setuid(getuid()) is sufficient to drop permissions and attempt any authentication on behalf of the user. | ||
* | Drop another patch that's integrated upstream | Steve Langasek | 2019-01-03 |
| | |||
* | Drop another patch that's integrated upstream | Steve Langasek | 2019-01-03 |
| | |||
* | fix patch names so it's clear these are all for pam_unix | Steve Langasek | 2019-01-03 |
| | |||
* | New patch pam_unix_fix_sgid_shadow_auth.patch, fixing an upstream | Steve Langasek | 2019-01-03 |
| | | | | | | | | regression which prevents sgid shadow apps from being able to authenticate any more because the module forces use of the helper and the helper won't allow authentication of arbitrary users. This change does mean we're going to be noisier for the time being in an SELinux environment, which should be addressed but is not a regression on Debian. | ||
* | New patch no_helper_for_nis+.patch, which restores the behavior of doing | Steve Langasek | 2019-01-03 |
| | | | | | in-process NIS+ account checking instead of unconditionally passing it off to the unix_chkpwd helper; if it wasn't broke, don't fix it. | ||
* | New patch setreuid_juggling.patch: restore the 0.99.9.0 behavior wrt uid | Steve Langasek | 2019-01-03 |
| | | | | | changes for NIS+, since I know the old behavior was right and don't believe anyone has tested the new code. | ||
* | move the getpwnam patch to the beginning of the series, since it should be | Steve Langasek | 2019-01-03 |
| | | | | committed upstream soon | ||
* | New patch thread-safe_save_old_password.patch, to make sure all our | Steve Langasek | 2019-01-03 |
| | | | | getpwnam() use in pam_unix is thread-safe (fixes an upstream regression) | ||
* | no_pthread_mutexes, limits_wrong_strncpy, misc_conv_allow_sigint.patch, | Steve Langasek | 2019-01-03 |
| | | | | and pam_tally_audit.patch, which have been merged upstream. | ||
* | refresh more patches for new upstream version | Steve Langasek | 2019-01-03 |
| | |||
* | Drop patch 049_pam_unix_sane_locking, which upon review is not needed; | Steve Langasek | 2019-01-03 |
| | | | | | it reduces the length of time we hold the lock, but at the expense of being able to enforce minimum times between password changes. | ||
* | New patch do_not_check_nis_accidentally: respect the 'nis' option | Steve Langasek | 2019-01-03 |
| | | | | | | (set or unset) when looking up the user's password entry for password changes. Thanks to Quentin Godfroy <godfroy@clipper.ens.fr> for the patch. Closes: #469635. | ||
* | revert rhosts_int32_not_bool.patch; doesn't matter now, pam_rhosts_auth has | Steve Langasek | 2019-01-03 |
| | | | | been dropped upstream | ||
* | New patch, rhosts_int32_not_bool.patch, to fix a parentheses error in | Steve Langasek | 2019-01-03 |
| | | | | | | pam_rhosts_auth introduced upstream in 0.99.9.0: we want to cast the result of inet_addr to int32_t, not the result of a boolean *comparison* on inet_addr's result... | ||
* | further patch refreshes for the new upstream version | Steve Langasek | 2019-01-03 |
| | |||
* | drop a dozen patches that have been merged upstream \o/ | Steve Langasek | 2019-01-03 |
| | |||
* | refresh patches for new upstream version | Steve Langasek | 2019-01-03 |
| | |||
* | Fix up the patchlevels in the series file, now that we're not using a | Steve Langasek | 2019-01-03 |
| | | | | | separate subdir for the upstream sources | ||
* | fix-up commit for grafting svn history onto git history | Steve Langasek | 2019-01-02 |