summaryrefslogtreecommitdiff
path: root/debian/patches-applied/series
Commit message (Collapse)AuthorAge
* debian/patches-applied/nullok_secure-compat.patch: Support nullok_secure as ↵Steve Langasek2020-08-12
| | | | a deprecated alias for nullok.
* debian/patches-applied/cve-2010-4708.patch: drop, applied upstream.Steve Langasek2020-08-12
|
* Drop patches to implement "nullok_secure" option for pam_unix. Closes: ↵Steve Langasek2020-08-12
| | | | #674857, #936071.
* Add debian/patches/fix-autoreconf.patchAndreas Henriksson2019-02-11
|
* Refresh patchesSteve Langasek2019-01-24
|
* rebuild README files with current docs toolchain.Steve Langasek2019-01-08
| | | | | also, reorder patches so that all doc rebuilds get the standard locale setting.
* Import Debian changes 1.1.8-3.3Laurent Bigonville2019-01-08
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | pam (1.1.8-3.3) unstable; urgency=low * Non-maintainer upload. [ Steve Langasek ] * Updated Swedish translation to correct a typo, thanks to Anders Jonsson and Martin Bagge. Closes: #743875 * Updated Turkish translation, thanks to Mert Dirik <mertdirik@gmail.com>. (closes: #756756) * d/applied-patches/pam-limits-nofile-fd-setsize-cap: cap the default soft nofile limit read from pid 1 to FD_SETSIZE. Thanks to Robie Basak <robie.basak@ubuntu.com> for the patch. Closes: #783105. * Acknowledge security NMU. * pam-auth-update: don't mishandle trailing whitespace in profiles. LP: #1487103. [ Laurent Bigonville ] * debian/control: Fix Vcs-* and Homepage fields (Closes: #752343) * debian/watch: Update watch file and point it to http://www.linux-pam.org * debian/patches-applied/pam_namespace_fix_bashism.patch: Fix bashism in namespace.init script (Closes: #624842) * debian/control: Build-depends against debhelper (>= 9) to match the defined debhelper compatibility * Rename the cve-2011-4708.patch to cve-2010-4708.patch to match reality, thanks to Jakub Wilk <jwilk@debian.org> for noticing (Closes: #761594) * debian/control: Bump Standards-Version to 3.9.8 (no further changes) * debian/libpam-doc.doc-base.applications-guide: Fix spelling * debian/libpam0g-dev.examples: Do not use shell brace expansion * debian/patches-applied/pam-loginuid-in-containers: Updated with the version from Ubuntu, this should fix logins in containers (Closes: #726661) * debian/patches-applied/update-motd: Updated with the version from Ubuntu: use /run/motd.dynamic instead of /var/run/motd, nothing in the archive uses the later (Closes: #743286) * debian/patches-applied/make_documentation_reproducible.patch: Make the build reproducible, removes differences when building with different locale values (Closes: #792127)
| * d/applied-patches/pam-limits-nofile-fd-setsize-cap: cap the defaultSteve Langasek2019-01-08
| | | | | | | | | | soft nofile limit read from pid 1 to FD_SETSIZE. Thanks to Robie Basak <robie.basak@ubuntu.com> for the patch. Closes: #783105.
* | Import Debian changes 1.1.8-3.2Tianon Gravi2019-01-08
| | | | | | | | | | | | | | | | pam (1.1.8-3.2) unstable; urgency=medium * Non-maintainer upload. * Fix CVE-2015-3238: DoS/user enumeration due to blocking pipe in pam_unix module (Closes: #789986)
* | Import Debian changes 1.1.8-3.1Michael Gilbert2019-01-08
|/ | | | | | | | | | pam (1.1.8-3.1) unstable; urgency=high * Non-maintainer upload by the Security Team. * Fix CVE-2013-7041: case-insensitive comparison used for verifying passwords in the pam_userdb module (closes: #731368). * Fix CVE-2014-2583: multiple directory traversal issues in the pam_timestamp module (closes: 757555)
* Drop another couple of patches that are already upstreamSteve Langasek2019-01-08
|
* debian/patches/fix-manpage-crud: drop, manpages now being generatedSteve Langasek2019-01-08
| | | | upstream with a newer, fixed xsltproc.
* Refresh patchesSteve Langasek2019-01-08
|
* debian/patches-applied/pam-loginuid-in-containers: pam_loginuid:Steve Langasek2019-01-08
| | | | Ignore failure in user namespaces.
* Ditch autoconf patch in favor of a build-dependency on dh-autoreconf,Steve Langasek2019-01-08
| | | | | which will let us keep up-to-date with newer autotools. In the present instance, this gets us aarch64 support.
* debian/patches-applied/glibc-2_16-compilation-fix.patch: fix missingSteve Langasek2019-01-08
| | | | | include causing build failure with eglibc 2.16. Thanks to Daniel Schepler <dschepler@gmail.com>. Closes: #693450.
* Adjust the pam_env documentation to match the module behavior resultingSteve Langasek2019-01-08
| | | | from the previous security upload. Closes: #693995.
* Confirm NMU for bug #611136; thanks to Michael Gilbert.Steve Langasek2019-01-08
|
* * debian/patches-applied/pam_env-fix-overflow.patch: fix stack overflowKees Cook2019-01-08
| | | | | | in environment file parsing (CVE-2011-3148). * debian/patches-applied/pam_env-fix-dos.patch: fix DoS in environment file parsing (CVE-2011-3149).
* merge preliminary multiarch supportSteve Langasek2019-01-08
|\
| * merge from squeezeSteve Langasek2019-01-08
| |\
| | * * debian/patches-applied/no_PATH_MAX_on_hurd: define PATH_MAX forSteve Langasek2019-01-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | compatibility when it's not already set. Closes: #552043. * debian/local/pam-auth-update: Don't try to pass embedded newlines to debconf; backslash-escape them instead and use CAPB escape. * debian/local/pam-auth-update: sort additional module options before writing them out, so that we don't wind up with a different config file on every invocation. Thanks to Jim Paris <jim@jtan.com> for the patch. Closes: #594123.
| * | merge from trunkSteve Langasek2019-01-08
| |\ \ | | |/
| * | New patch to give us proper multiarch module path lookups in conjunction withSteve Langasek2019-01-08
| | | | | | | | | | | | | | | | | | the non-standard configure arguments in debian/rules: look in /lib/$(DEB_HOST_GNU_TYPE)/security first, then /lib/security as a fallback.
* | | update the existing 027_pam_limits_better_init_allow_explicit_root patchSteve Langasek2019-01-08
| | | | | | | | | | | | | | | | | | instead of creating a new parse-kernel-rlimits.patch, to keep these changes logically grouped together; and add a DEP3 patch header here since we didn't have one before
* | | debian/patches-applied/parse-kernel-rlimits.patch: load rlimit defaultsKees Cook2019-01-08
| | | | | | | | | | | | | | | | | | from the kernel (via /proc/1/limits), instead of continuing to hardcode the settings internally. Fall back to internal defaults when the kernel rlimits are not found. Closes: #620302. (LP: #746655, #391761)
* | | debian/patches-applied/no_PATH_MAX_on_hurd: define PATH_MAX forSteve Langasek2019-01-08
| | | | | | | | | | | | compatibility when it's not already set. Closes: #552043.
* | | Drop patches conditional_module,_conditional_man andSteve Langasek2019-01-08
| |/ |/| | | | | mkhomedir_linking.patch, which are included upstream.
* | Don't pass --version-script options when linking executables,Steve Langasek2019-01-08
| | | | | | | | | | only when linking libraries. Thanks to Julien Cristau <jcristau@debian.org> for the fix. Closes: #582362.
* | debian/patches/conditional_module,_conditional_man: if we don't have theSteve Langasek2019-01-08
| | | | | | | | | | libraries required for building pam_tty_audit, we shouldn't install the manpage either. LP: #588547.
* | Drop patches pam.d-manpage-section, namespace_with_awk_not_gawk, andSteve Langasek2019-01-08
| | | | | | | | pam_securetty_tty_check_before_user_check, which are included upstream.
* | debian/patches/sys-types-include.patch: fix pam_modutil.h so that it canSteve Langasek2019-01-08
| | | | | | | | | | be included directly, without having to include sys/types.h first. Closes: #556203.
* | debian/patches/pam_securetty_tty_check_before_user_check: new patch,Steve Langasek2019-01-08
|/ | | | | | to make pam_securetty always return success on a secure tty regardless of what username was passed. Thanks to Nicolas François <nicolas.francois@centraliens.net> for the patch. Closes: #537848
* debian/patches/namespace_with_awk_not_gawk: fix the sampleSteve Langasek2019-01-08
| | | | | namespace.init script's dependency on non-POSIX features of gawk, since we don't use gawk by default. Closes; #518908.
* debian/patches/fix-man-crud: new patch, fix "undefined macro" errors inSteve Langasek2019-01-08
| | | | | manpages caused by oddities of toolchain used when generating them upstream.
* pam_unix-chkpwd-wait also merged upstreamSteve Langasek2019-01-08
|
* Drop patches pam_unix_thread-safe_save_old_password.patch,Steve Langasek2019-01-08
| | | | | | pam_env_ignore_garbage.patch, dont_freeze_password_chain, pam_1.0.4_mindays, pam_mail-fix-quiet, and cve-2009-0887-libpam-pam_misc.patch, which are included upstream.
* cve-2009-0887-libpam-pam_misc.patch: avoid integer signedness problemSam Hartman2019-01-08
| | | | (CVE-2009-0887) (Closes: #520115)
* Merge debian sid branchSam Hartman2019-01-08
|\
| * pam_motd: run the update-motd scripts in pam_motd; render update-motdSteve Langasek2019-01-08
| | | | | | | | obsolete, LP: #399071
* | pam_mail-fix-quiet: patch from Andreas HenrikssonSam Hartman2019-01-08
|/ | | | applied upstream to fix quiet option of pam_mail, Closes: #439268
* Add debian/patches/pam_1.0.4_mindays: backport upstream 1.0.4 fixesKees Cook2019-01-08
| | | | for MINDAYS-Field regression (closes: #514437).
* New patch dont_freeze_password_chain, cherry-picked from upstream:Steve Langasek2019-01-03
| | | | | | | | don't always follow the same path through the password stack on the PAM_UPDATE_AUTHTOK pass as was used in the PAM_PRELIM_CHECK pass; this Linux-PAM deviation from the original PAM spec causes a number of problems, in particular causing wrong return values when using the refactored pam-auth-update stack. LP: #303515, #305882.
* pam_unix-chkpwd-wait: don't assume that the unix_chkpwd processJulien Cristau2019-01-03
| | | | | | exits normally; if it was killed by a signal, we don't want to accept the password.
* drop the patch to restore the particular setreuid() handling, which was in factSteve Langasek2019-01-03
| | | | buggy before and fixed now.
* drop the patch to do NIS+ auth in-process, the uid changing is better handledSteve Langasek2019-01-03
| | | | by a subprocess.
* * New patch, pam.d-manpage-section, to fix the manpage references toSteve Langasek2019-01-03
| | | | | | point to section 5 instead of section 8. * Update patch PAM-manpage-section to fix the references to pam(7) from other manpages. Closes: #470137.
* New patch pam_unix_dont_trust_chkpwd_caller.patch, rolling back anSteve Langasek2019-01-03
| | | | | | upstream change that causes unix_chkpwd to assume that setuid(getuid()) is sufficient to drop permissions and attempt any authentication on behalf of the user.
* Drop another patch that's integrated upstreamSteve Langasek2019-01-03
|
* Drop another patch that's integrated upstreamSteve Langasek2019-01-03
|