summaryrefslogtreecommitdiff
path: root/debian/patches-applied
Commit message (Collapse)AuthorAge
* Ditch autoconf patch in favor of a build-dependency on dh-autoreconf,Steve Langasek2019-01-08
| | | | | which will let us keep up-to-date with newer autotools. In the present instance, this gets us aarch64 support.
* Whoops, commit a patch that I managed to not get addedSteve Langasek2019-01-08
|
* debian/patches-applied/glibc-2_16-compilation-fix.patch: fix missingSteve Langasek2019-01-08
| | | | | include causing build failure with eglibc 2.16. Thanks to Daniel Schepler <dschepler@gmail.com>. Closes: #693450.
* Adjust the pam_env documentation to match the module behavior resultingSteve Langasek2019-01-08
| | | | from the previous security upload. Closes: #693995.
* Confirm NMU for bug #611136; thanks to Michael Gilbert.Steve Langasek2019-01-08
|
* debian/patches-applied/update-motd: new module option for pam_motd,Steve Langasek2019-01-08
| | | | | 'noupdate', which suppresses the call to run-parts /etc/update-motd.d. LP: #805423.
* debian/patches-applied/update-motd: set a sane umask before callingSteve Langasek2019-01-08
| | | | | run-parts, and restore the old mask afterwards, so /run/motd gets consistent permissions. LP: #871943.
* debian/patches-applied/hurd_no_setfsuid: we don't want to check allSteve Langasek2019-01-08
| | | | | | setre*id() calls; we know that there are situations where some of these may fail but we don't care. As long as the last setre*id() call in each set succeeds, that's the state we mean to be in.
* * debian/patches-applied/pam_env-fix-overflow.patch: fix stack overflowKees Cook2019-01-08
| | | | | | in environment file parsing (CVE-2011-3148). * debian/patches-applied/pam_env-fix-dos.patch: fix DoS in environment file parsing (CVE-2011-3149).
* debian/patches-applied/update-motd: correctly clear environment whenKees Cook2019-01-08
| | | | building motd.
* debian/patches-applied/hurd_no_setfsuid: check all set*id() calls.Kees Cook2019-01-08
|
* debian/patches-applied/{007_modules_pam_unix,055_pam_unix_nullok_secure}:Kees Cook2019-01-08
| | | | drop unneeded no-op change to reduce delta from upstream.
* debian/patches-applied/022_pam_unix_group_time_miscfixes,Kees Cook2019-01-08
| | | | | | debian/patches-applied/026_pam_unix_passwd_unknown_user, debian/patches-applied/054_pam_security_abstract_securetty_handling: improve descriptions.
* * debian/patches-applied/008_modules_pam_limits_chroot:Kees Cook2019-01-08
| | | | | - fix off-by-one when parsing configuration file. - when using chroot, chdir() to root to lose links to old tree.
* debian/patches-applied/pam_unix_dont_trust_chkpwd_caller.patch: useKees Cook2019-01-08
| | | | setresgid() to wipe out saved-gid just in case.
* make sure we're passing ctrl to the function if we need to check PAM_DEBUGSteve Langasek2019-01-08
|
* debian/patches-applied/027_pam_limits_better_init_allow_explicit_root:Steve Langasek2019-01-08
| | | | | | don't reset the process niceness for root; since it's root, they can still renice to a lower nice level if they need to and changing the nice level by default is unexpected behavior. Closes: #594377.
* merge preliminary multiarch supportSteve Langasek2019-01-08
|\
| * merge from squeezeSteve Langasek2019-01-08
| |\
| | * * debian/patches-applied/no_PATH_MAX_on_hurd: define PATH_MAX forSteve Langasek2019-01-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | compatibility when it's not already set. Closes: #552043. * debian/local/pam-auth-update: Don't try to pass embedded newlines to debconf; backslash-escape them instead and use CAPB escape. * debian/local/pam-auth-update: sort additional module options before writing them out, so that we don't wind up with a different config file on every invocation. Thanks to Jim Paris <jim@jtan.com> for the patch. Closes: #594123.
| * | merge from trunkSteve Langasek2019-01-08
| |\|
| * | merge from trunkSteve Langasek2019-01-08
| |\ \
| * | | New patch to give us proper multiarch module path lookups in conjunction withSteve Langasek2019-01-08
| | | | | | | | | | | | | | | | | | | | | | | | the non-standard configure arguments in debian/rules: look in /lib/$(DEB_HOST_GNU_TYPE)/security first, then /lib/security as a fallback.
* | | | * debian/patches-applied/027_pam_limits_better_init_allow_explicit_root:Kees Cook2019-01-08
| | | | | | | | | | | | | | | | | | | | - only report about unknown kernel rlimits when "debug" is set (Closes: 625226, LP: #794531).
* | | | debian/patches-applied/027_pam_limits_better_init_allow_explicit_root:Steve Langasek2019-01-08
| | | | | | | | | | | | | | | | | | | | set a better default RLIMIT_MEMLOCK value for BSD kernels. Thanks to Petr Salinger for the fix. Closes: #602902.
* | | | refresh other patches for new upstream releaseSteve Langasek2019-01-08
| | | |
* | | | Port hurd_no_setfsuid patch to new pam_modutil_{drop,restore}_privSteve Langasek2019-01-08
| | | | | | | | | | | | | | | | interface; now possibly upstreamable
* | | | update the existing 027_pam_limits_better_init_allow_explicit_root patchSteve Langasek2019-01-08
| | | | | | | | | | | | | | | | | | | | | | | | instead of creating a new parse-kernel-rlimits.patch, to keep these changes logically grouped together; and add a DEP3 patch header here since we didn't have one before
* | | | parse-kernel-rlimits.patch has been forwarded upstream nowKees Cook2019-01-08
| | | |
* | | | debian/patches-applied/parse-kernel-rlimits.patch: load rlimit defaultsKees Cook2019-01-08
| | | | | | | | | | | | | | | | | | | | | | | | from the kernel (via /proc/1/limits), instead of continuing to hardcode the settings internally. Fall back to internal defaults when the kernel rlimits are not found. Closes: #620302. (LP: #746655, #391761)
* | | | fix up the patch to be proper CSteve Langasek2019-01-08
| | | |
* | | | debian/patches-applied/hurd_no_setfsuid: handle some new calls toSteve Langasek2019-01-08
| | | | | | | | | | | | | | | | | | | | setfsuid in pam_xauth that I overlooked, so that the build works again on non-Linux. Closes: #613630.
* | | | debian/patches-applied/no_PATH_MAX_on_hurd: define PATH_MAX forSteve Langasek2019-01-08
| | | | | | | | | | | | | | | | compatibility when it's not already set. Closes: #552043.
* | | | one more patch tweakSteve Langasek2019-01-08
| | | |
* | | | further patch fixup to match upstreamSteve Langasek2019-01-08
| | | |
* | | | fix a typo in the patchSteve Langasek2019-01-08
| | | |
* | | | debian/patches/007_modules_pam_unix: drop compatibility handling ofSteve Langasek2019-01-08
| | | | | | | | | | | | | | | | | | | | 'max=' no-op; use of this option will now log an error, as warned three years ago.
* | | | refresh other patches for new upstream versionSteve Langasek2019-01-08
| | | |
* | | | debian/patches/hurd_no_setfsuid: pam_env and pam_mail now also useSteve Langasek2019-01-08
| | | | | | | | | | | | | | | | setfsuid, so patch them to be likewise Hurd-safe.
* | | | Drop patches conditional_module,_conditional_man andSteve Langasek2019-01-08
| | | | | | | | | | | | | | | | mkhomedir_linking.patch, which are included upstream.
* | | | add a missing commaSteve Langasek2019-01-08
| | | |
* | | | debian/patches-applied/007_modules_pam_unix: fix up patch for newSteve Langasek2019-01-08
| |_|/ |/| | | | | | | | upstream version which now implements minlen=, not min=.
* | | Don't pass --version-script options when linking executables,Steve Langasek2019-01-08
| | | | | | | | | | | | | | | only when linking libraries. Thanks to Julien Cristau <jcristau@debian.org> for the fix. Closes: #582362.
* | | patch committed upstreamSteve Langasek2019-01-08
| | |
* | | patch forwarded upstreamSteve Langasek2019-01-08
| | |
* | | debian/patches/conditional_module,_conditional_man: if we don't have theSteve Langasek2019-01-08
| | | | | | | | | | | | | | | libraries required for building pam_tty_audit, we shouldn't install the manpage either. LP: #588547.
* | | refresh other patches for new upstream versionSteve Langasek2019-01-08
| | |
* | | debian/patches/026_pam_unix_passwd_unknown_user: don't returnSteve Langasek2019-01-08
| | | | | | | | | | | | | | | PAM_USER_UNKNOWN on password change of a user that has no shadow entry, upstream now implements auto-creating the shadow entry in this case.
* | | Drop patches pam.d-manpage-section, namespace_with_awk_not_gawk, andSteve Langasek2019-01-08
| | | | | | | | | | | | pam_securetty_tty_check_before_user_check, which are included upstream.
* | | debian/patches/007_modules_pam_unix: recognize that *all* of the passwordSteve Langasek2019-01-08
| | | | | | | | | | | | | | | hashes other than traditional crypt handle passwords >8 chars in length. LP: #356766.
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-30 23:36:50 +0000