Commit message (Collapse) | Author | Age | |
---|---|---|---|
* | patch committed upstream | Steve Langasek | 2019-01-08 |
| | |||
* | debian/patches/namespace_with_awk_not_gawk: fix the sample | Steve Langasek | 2019-01-08 |
| | | | | | namespace.init script's dependency on non-POSIX features of gawk, since we don't use gawk by default. Closes; #518908. | ||
* | debian/patches/pam_unix_dont_trust_chkpwd_caller.patch: fix this patch | Steve Langasek | 2019-01-08 |
| | | | | | | | to call setregid() instead of always returning an error on username mismatch in unix_chkpwd, needed in the SELinux case and in some corner cases with the broken_shadow option. Thanks to Michael Spang for the analysis. Closes: #543589. | ||
* | final pass of manpage fixes | Steve Langasek | 2019-01-08 |
| | |||
* | another pass of manpage fixes | Steve Langasek | 2019-01-08 |
| | |||
* | oops, we don't want to remove the manpages entirely... | Steve Langasek | 2019-01-08 |
| | |||
* | another pass of manpage fixes | Steve Langasek | 2019-01-08 |
| | |||
* | debian/patches/fix-man-crud: new patch, fix "undefined macro" errors in | Steve Langasek | 2019-01-08 |
| | | | | | manpages caused by oddities of toolchain used when generating them upstream. | ||
* | add config.h.in changes to autoconf.patch, which will show up upon running a | Steve Langasek | 2019-01-08 |
| | | | | build in any case | ||
* | Include changes to pam_limits/README in the patch, since they end up in the | Steve Langasek | 2019-01-08 |
| | | | | | package anyway and this gives us a cleaner ./debian/rules clean | ||
* | pam_unix-chkpwd-wait also merged upstream | Steve Langasek | 2019-01-08 |
| | |||
* | debian/patches/007_modules_pam_unix: drop divergence from upstream | Steve Langasek | 2019-01-08 |
| | | | | | | | that treats "0" as a special value in various fields in /etc/shadow, and document this in debian/NEWS. Thanks to Nicolas François <nicolas.francois@centraliens.net> for the detailed analysis. Closes: #308229. | ||
* | Committed upstream | Steve Langasek | 2019-01-08 |
| | |||
* | refresh other patches for new upstream release | Steve Langasek | 2019-01-08 |
| | |||
* | Trim pam.d-manpage-section patch, which was mostly but not completely | Steve Langasek | 2019-01-08 |
| | | | | applied upstream. | ||
* | Drop patches pam_unix_thread-safe_save_old_password.patch, | Steve Langasek | 2019-01-08 |
| | | | | | | pam_env_ignore_garbage.patch, dont_freeze_password_chain, pam_1.0.4_mindays, pam_mail-fix-quiet, and cve-2009-0887-libpam-pam_misc.patch, which are included upstream. | ||
* | cve-2009-0887-libpam-pam_misc.patch: avoid integer signedness problem | Sam Hartman | 2019-01-08 |
| | | | | (CVE-2009-0887) (Closes: #520115) | ||
* | Merge debian sid branch | Sam Hartman | 2019-01-08 |
|\ | |||
| * | correct a typo in the update-motd patch, introduced by me :( | Steve Langasek | 2019-01-08 |
| | | |||
| * | pam_motd: run the update-motd scripts in pam_motd; render update-motd | Steve Langasek | 2019-01-08 |
| | | | | | | | | obsolete, LP: #399071 | ||
* | | pam_mail-fix-quiet: patch from Andreas Henriksson | Sam Hartman | 2019-01-08 |
|/ | | | | applied upstream to fix quiet option of pam_mail, Closes: #439268 | ||
* | refresh quilt patch offsets | Kees Cook | 2019-01-08 |
| | |||
* | Add debian/patches/pam_1.0.4_mindays: backport upstream 1.0.4 fixes | Kees Cook | 2019-01-08 |
| | | | | for MINDAYS-Field regression (closes: #514437). | ||
* | 027_pam_limits_better_init_allow_explicit_root: defaults need to be | Steve Langasek | 2019-01-08 |
| | | | | | declared as LIMITS_DEF_DEFAULT instead of LIMITS_DEF_ALL, otherwise global limits will fail to be applied. LP: #314222. | ||
* | 027_pam_limits_better_init_allow_explicit_root: set the RLIMIT_MEMLOCK | Steve Langasek | 2019-01-08 |
| | | | | limit correctly to match the kernel default, which is not RLIM_INFINITY. | ||
* | include documentation in the patch, giving examples of how to set | Steve Langasek | 2019-01-08 |
| | | | | limits for root. Thanks to Jonathan Marsden. | ||
* | revert the 'fix' for bug #515673, since this isn't really a bug at all. | Steve Langasek | 2019-01-08 |
| | |||
* | shadow the finite kernel defaults for RLIMIT_SIGPENDING and | Steve Langasek | 2019-01-08 |
| | | | | | RLIMIT_MSGQUEUE as well, so that the preceding changes don't suddenly expose systems to DoS or other issues. | ||
* | 027_pam_limits_better_init_allow_explicit_root: also fix the patch so | Steve Langasek | 2019-01-08 |
| | | | | | that our limit resets are actually *applied*, which has apparently been broken for who knows how long! | ||
* | 027_pam_limits_better_init_allow_explicit_root: RLIM_INFINITY may or may | Steve Langasek | 2019-01-08 |
| | | | | | | | not be invalid for RLIMIT_NOFILE, but we don't want to set a hard limit of 1024 by default; try to set this limit to the value of /proc/sys/fs/nr_open if we can, or fall back to RLIM_INFINITY. Closes: #515673, LP: #327597. | ||
* | New patch dont_freeze_password_chain, cherry-picked from upstream: | Steve Langasek | 2019-01-03 |
| | | | | | | | | don't always follow the same path through the password stack on the PAM_UPDATE_AUTHTOK pass as was used in the PAM_PRELIM_CHECK pass; this Linux-PAM deviation from the original PAM spec causes a number of problems, in particular causing wrong return values when using the refactored pam-auth-update stack. LP: #303515, #305882. | ||
* | 055_pam_unix_nullok_secure: also don't call the helper at all from | Steve Langasek | 2019-01-03 |
| | | | | | | _unix_blankpasswd when we can detect that null passwords are disallowed, to avoid causing spammy logs on successful authentications. Closes: #496620. | ||
* | 007_modules_pam_unix: update the manpage at the same time as the xml | Steve Langasek | 2019-01-03 |
| | | | | source (grr, autogenerated files in source packages). Closes: #495804. | ||
* | adjust the log error message | Steve Langasek | 2019-01-03 |
| | |||
* | pam_unix-chkpwd-wait: don't assume that the unix_chkpwd process | Julien Cristau | 2019-01-03 |
| | | | | | | exits normally; if it was killed by a signal, we don't want to accept the password. | ||
* | 055_pam_unix_nullok_secure: don't call _pammodutil_tty_secure with a NULL | Steve Langasek | 2019-01-03 |
| | | | | | | tty argument, since this will cause our helper to segfault instead of returning a useful value. Thanks to Troy Davis for the report. Closes: #495806. | ||
* | debian/patches/054_pam_security_abstract_securetty_handling: move the | Steve Langasek | 2019-01-03 |
| | | | | | | | | warning log about an insecure tty back to pam_securetty proper; we don't want to generate log messages every time pam_unix is called as non-root. Closes: #493283. As a side-effect, pam_unix no longer logs any warnings about NULL password + insecure tty, but I don't think this is critical. | ||
* | * 007_modules_pam_unix: update the documentation to correctly document | Steve Langasek | 2019-01-03 |
| | | | | the default minimum password length is 6, not 1. | ||
* | document updated patch status | Steve Langasek | 2019-01-03 |
| | |||
* | drop the patch to restore the particular setreuid() handling, which was in fact | Steve Langasek | 2019-01-03 |
| | | | | buggy before and fixed now. | ||
* | Fix a bug in the uid-restoring code in the hurd_no_setfsuid patch; thanks | Steve Langasek | 2019-01-03 |
| | | | | | to Tomas Mraz <tmraz@redhat.com> for indirectly bringing this to my attention | ||
* | drop the patch to do NIS+ auth in-process, the uid changing is better handled | Steve Langasek | 2019-01-03 |
| | | | | by a subprocess. | ||
* | drop the patch to do NIS+ auth in-process, the uid changing is better handled | Steve Langasek | 2019-01-03 |
| | | | | by a subprocess. | ||
* | * New patch, pam.d-manpage-section, to fix the manpage references to | Steve Langasek | 2019-01-03 |
| | | | | | | point to section 5 instead of section 8. * Update patch PAM-manpage-section to fix the references to pam(7) from other manpages. Closes: #470137. | ||
* | New patch pam_unix_dont_trust_chkpwd_caller.patch, rolling back an | Steve Langasek | 2019-01-03 |
| | | | | | | upstream change that causes unix_chkpwd to assume that setuid(getuid()) is sufficient to drop permissions and attempt any authentication on behalf of the user. | ||
* | refresh patches for new upstream version | Steve Langasek | 2019-01-03 |
| | |||
* | Drop another patch that's integrated upstream | Steve Langasek | 2019-01-03 |
| | |||
* | Drop another patch that's integrated upstream | Steve Langasek | 2019-01-03 |
| | |||
* | patch refresh for new upstream version | Steve Langasek | 2019-01-03 |
| | |||
* | patch refresh for new upstream version | Steve Langasek | 2019-01-03 |
| |