| Commit message (Collapse) | Author | Age |
|
|
|
|
| |
which will let us keep up-to-date with newer autotools. In the present
instance, this gets us aarch64 support.
|
| |
|
|
|
|
|
| |
include causing build failure with eglibc 2.16. Thanks to Daniel
Schepler <dschepler@gmail.com>. Closes: #693450.
|
|
|
|
| |
from the previous security upload. Closes: #693995.
|
| |
|
|
|
|
|
| |
'noupdate', which suppresses the call to run-parts /etc/update-motd.d.
LP: #805423.
|
|
|
|
|
| |
run-parts, and restore the old mask afterwards, so /run/motd gets
consistent permissions. LP: #871943.
|
|
|
|
|
|
| |
setre*id() calls; we know that there are situations where some of these
may fail but we don't care. As long as the last setre*id() call in each
set succeeds, that's the state we mean to be in.
|
|
|
|
|
|
| |
in environment file parsing (CVE-2011-3148).
* debian/patches-applied/pam_env-fix-dos.patch: fix DoS in environment
file parsing (CVE-2011-3149).
|
|
|
|
| |
building motd.
|
| |
|
|
|
|
| |
drop unneeded no-op change to reduce delta from upstream.
|
|
|
|
|
|
| |
debian/patches-applied/026_pam_unix_passwd_unknown_user,
debian/patches-applied/054_pam_security_abstract_securetty_handling:
improve descriptions.
|
|
|
|
|
| |
- fix off-by-one when parsing configuration file.
- when using chroot, chdir() to root to lose links to old tree.
|
|
|
|
| |
setresgid() to wipe out saved-gid just in case.
|
| |
|
|
|
|
|
|
| |
don't reset the process niceness for root; since it's root, they can
still renice to a lower nice level if they need to and changing the
nice level by default is unexpected behavior. Closes: #594377.
|
|\ |
|
| |\ |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
compatibility when it's not already set. Closes: #552043.
* debian/local/pam-auth-update: Don't try to pass embedded newlines to
debconf; backslash-escape them instead and use CAPB escape.
* debian/local/pam-auth-update: sort additional module options before
writing them out, so that we don't wind up with a different config file
on every invocation. Thanks to Jim Paris <jim@jtan.com> for the patch.
Closes: #594123.
|
| |\| |
|
| |\ \ |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
the non-standard configure arguments in debian/rules: look in
/lib/$(DEB_HOST_GNU_TYPE)/security first, then /lib/security as a fallback.
|
| | | |
| | | |
| | | |
| | | |
| | | | |
- only report about unknown kernel rlimits when "debug" is set
(Closes: 625226, LP: #794531).
|
| | | |
| | | |
| | | |
| | | |
| | | | |
set a better default RLIMIT_MEMLOCK value for BSD kernels. Thanks to
Petr Salinger for the fix. Closes: #602902.
|
| | | | |
|
| | | |
| | | |
| | | |
| | | | |
interface; now possibly upstreamable
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
instead of creating a new parse-kernel-rlimits.patch, to keep these changes
logically grouped together; and add a DEP3 patch header here since we didn't
have one before
|
| | | | |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
from the kernel (via /proc/1/limits), instead of continuing to hardcode
the settings internally. Fall back to internal defaults when the kernel
rlimits are not found. Closes: #620302. (LP: #746655, #391761)
|
| | | | |
|
| | | |
| | | |
| | | |
| | | |
| | | | |
setfsuid in pam_xauth that I overlooked, so that the build works again
on non-Linux. Closes: #613630.
|
| | | |
| | | |
| | | |
| | | | |
compatibility when it's not already set. Closes: #552043.
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | |
| | | |
| | | |
| | | |
| | | | |
'max=' no-op; use of this option will now log an error, as warned three
years ago.
|
| | | | |
|
| | | |
| | | |
| | | |
| | | | |
setfsuid, so patch them to be likewise Hurd-safe.
|
| | | |
| | | |
| | | |
| | | | |
mkhomedir_linking.patch, which are included upstream.
|
| | | | |
|
| |_|/
|/| |
| | |
| | | |
upstream version which now implements minlen=, not min=.
|
| | |
| | |
| | |
| | |
| | | |
only when linking libraries. Thanks to Julien Cristau
<jcristau@debian.org> for the fix. Closes: #582362.
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | |
| | | |
libraries required for building pam_tty_audit, we shouldn't install the
manpage either. LP: #588547.
|
| | | |
|
| | |
| | |
| | |
| | |
| | | |
PAM_USER_UNKNOWN on password change of a user that has no shadow entry,
upstream now implements auto-creating the shadow entry in this case.
|
| | |
| | |
| | |
| | | |
pam_securetty_tty_check_before_user_check, which are included upstream.
|
| | |
| | |
| | |
| | |
| | | |
hashes other than traditional crypt handle passwords >8 chars in length.
LP: #356766.
|