| Commit message (Collapse) | Author | Age |
|---|
| | |
|
| | |
|
| |
|
|
|
| |
also, reorder patches so that all doc rebuilds get the standard locale
setting.
|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
pam (1.1.8-3.3) unstable; urgency=low
* Non-maintainer upload.
[ Steve Langasek ]
* Updated Swedish translation to correct a typo, thanks to Anders Jonsson
and Martin Bagge. Closes: #743875
* Updated Turkish translation, thanks to Mert Dirik <mertdirik@gmail.com>.
(closes: #756756)
* d/applied-patches/pam-limits-nofile-fd-setsize-cap: cap the default
soft nofile limit read from pid 1 to FD_SETSIZE. Thanks to Robie Basak
<robie.basak@ubuntu.com> for the patch. Closes: #783105.
* Acknowledge security NMU.
* pam-auth-update: don't mishandle trailing whitespace in profiles.
LP: #1487103.
[ Laurent Bigonville ]
* debian/control: Fix Vcs-* and Homepage fields (Closes: #752343)
* debian/watch: Update watch file and point it to http://www.linux-pam.org
* debian/patches-applied/pam_namespace_fix_bashism.patch: Fix bashism in
namespace.init script (Closes: #624842)
* debian/control: Build-depends against debhelper (>= 9) to match the
defined debhelper compatibility
* Rename the cve-2011-4708.patch to cve-2010-4708.patch to match reality,
thanks to Jakub Wilk <jwilk@debian.org> for noticing (Closes: #761594)
* debian/control: Bump Standards-Version to 3.9.8 (no further changes)
* debian/libpam-doc.doc-base.applications-guide: Fix spelling
* debian/libpam0g-dev.examples: Do not use shell brace expansion
* debian/patches-applied/pam-loginuid-in-containers: Updated with the version
from Ubuntu, this should fix logins in containers (Closes: #726661)
* debian/patches-applied/update-motd: Updated with the version from Ubuntu:
use /run/motd.dynamic instead of /var/run/motd, nothing in the archive
uses the later (Closes: #743286)
* debian/patches-applied/make_documentation_reproducible.patch: Make the
build reproducible, removes differences when building with different
locale values (Closes: #792127)
|
| | |
| |
| |
| |
| | |
soft nofile limit read from pid 1 to FD_SETSIZE. Thanks to Robie Basak
<robie.basak@ubuntu.com> for the patch. Closes: #783105.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
pam (1.1.8-3.2) unstable; urgency=medium
* Non-maintainer upload.
* Fix CVE-2015-3238: DoS/user enumeration due to blocking pipe in pam_unix
module (Closes: #789986)
|
| |/
|
|
|
|
|
|
|
|
| |
pam (1.1.8-3.1) unstable; urgency=high
* Non-maintainer upload by the Security Team.
* Fix CVE-2013-7041: case-insensitive comparison used for verifying
passwords in the pam_userdb module (closes: #731368).
* Fix CVE-2014-2583: multiple directory traversal issues in the
pam_timestamp module (closes: 757555)
|
| | |
|
| |
|
|
| |
upstream with a newer, fixed xsltproc.
|
| | |
|
| |
|
|
| |
Ignore failure in user namespaces.
|
| |
|
|
|
| |
which will let us keep up-to-date with newer autotools. In the present
instance, this gets us aarch64 support.
|
| |
|
|
|
| |
include causing build failure with eglibc 2.16. Thanks to Daniel
Schepler <dschepler@gmail.com>. Closes: #693450.
|
| |
|
|
| |
from the previous security upload. Closes: #693995.
|
| | |
|
| |
|
|
|
|
| |
in environment file parsing (CVE-2011-3148).
* debian/patches-applied/pam_env-fix-dos.patch: fix DoS in environment
file parsing (CVE-2011-3149).
|
| |\ |
|
| | |\ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
compatibility when it's not already set. Closes: #552043.
* debian/local/pam-auth-update: Don't try to pass embedded newlines to
debconf; backslash-escape them instead and use CAPB escape.
* debian/local/pam-auth-update: sort additional module options before
writing them out, so that we don't wind up with a different config file
on every invocation. Thanks to Jim Paris <jim@jtan.com> for the patch.
Closes: #594123.
|
| | |\| |
|
| | | |
| | |
| | |
| | |
| | |
| | | |
the non-standard configure arguments in debian/rules: look in
/lib/$(DEB_HOST_GNU_TYPE)/security first, then /lib/security as a fallback.
|
| | | |
| | |
| | |
| | |
| | |
| | | |
instead of creating a new parse-kernel-rlimits.patch, to keep these changes
logically grouped together; and add a DEP3 patch header here since we didn't
have one before
|
| | | |
| | |
| | |
| | |
| | |
| | | |
from the kernel (via /proc/1/limits), instead of continuing to hardcode
the settings internally. Fall back to internal defaults when the kernel
rlimits are not found. Closes: #620302. (LP: #746655, #391761)
|
| | | |
| | |
| | |
| | | |
compatibility when it's not already set. Closes: #552043.
|
| | |/
|/|
| |
| | |
mkhomedir_linking.patch, which are included upstream.
|
| | |
| |
| |
| |
| | |
only when linking libraries. Thanks to Julien Cristau
<jcristau@debian.org> for the fix. Closes: #582362.
|
| | |
| |
| |
| |
| | |
libraries required for building pam_tty_audit, we shouldn't install the
manpage either. LP: #588547.
|
| | |
| |
| |
| | |
pam_securetty_tty_check_before_user_check, which are included upstream.
|
| | |
| |
| |
| |
| | |
be included directly, without having to include sys/types.h first.
Closes: #556203.
|
| |/
|
|
|
|
| |
to make pam_securetty always return success on a secure tty regardless
of what username was passed. Thanks to Nicolas François
<nicolas.francois@centraliens.net> for the patch. Closes: #537848
|
| |
|
|
|
| |
namespace.init script's dependency on non-POSIX features of gawk, since
we don't use gawk by default. Closes; #518908.
|
| |
|
|
|
| |
manpages caused by oddities of toolchain used when generating them
upstream.
|
| | |
|
| |
|
|
|
|
| |
pam_env_ignore_garbage.patch, dont_freeze_password_chain,
pam_1.0.4_mindays, pam_mail-fix-quiet, and
cve-2009-0887-libpam-pam_misc.patch, which are included upstream.
|
| |
|
|
| |
(CVE-2009-0887) (Closes: #520115)
|
| |\ |
|
| | |
| |
| |
| | |
obsolete, LP: #399071
|
| |/
|
|
| |
applied upstream to fix quiet option of pam_mail, Closes: #439268
|
| |
|
|
| |
for MINDAYS-Field regression (closes: #514437).
|
| |
|
|
|
|
|
|
| |
don't always follow the same path through the password stack on
the PAM_UPDATE_AUTHTOK pass as was used in the PAM_PRELIM_CHECK
pass; this Linux-PAM deviation from the original PAM spec causes a
number of problems, in particular causing wrong return values when
using the refactored pam-auth-update stack. LP: #303515, #305882.
|
| |
|
|
|
|
| |
exits normally; if it was killed by a signal, we don't want to
accept the password.
|
| |
|
|
| |
buggy before and fixed now.
|
| |
|
|
| |
by a subprocess.
|
| |
|
|
|
|
| |
point to section 5 instead of section 8.
* Update patch PAM-manpage-section to fix the references to pam(7) from
other manpages. Closes: #470137.
|
| |
|
|
|
|
| |
upstream change that causes unix_chkpwd to assume that setuid(getuid())
is sufficient to drop permissions and attempt any authentication on
behalf of the user.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
regression which prevents sgid shadow apps from being able to authenticate
any more because the module forces use of the helper and the helper won't
allow authentication of arbitrary users. This change does mean we're
going to be noisier for the time being in an SELinux environment, which
should be addressed but is not a regression on Debian.
|
| |
|
|
|
| |
in-process NIS+ account checking instead of unconditionally passing it
off to the unix_chkpwd helper; if it wasn't broke, don't fix it.
|
