Commit message (Collapse) | Author | Age | ||
---|---|---|---|---|
... | ||||
* | * debian/patches-applied/008_modules_pam_limits_chroot: | Kees Cook | 2019-01-08 | |
| | | | | | - fix off-by-one when parsing configuration file. - when using chroot, chdir() to root to lose links to old tree. | |||
* | debian/patches-applied/pam_unix_dont_trust_chkpwd_caller.patch: use | Kees Cook | 2019-01-08 | |
| | | | | setresgid() to wipe out saved-gid just in case. | |||
* | make sure we're passing ctrl to the function if we need to check PAM_DEBUG | Steve Langasek | 2019-01-08 | |
| | ||||
* | debian/patches-applied/027_pam_limits_better_init_allow_explicit_root: | Steve Langasek | 2019-01-08 | |
| | | | | | | don't reset the process niceness for root; since it's root, they can still renice to a lower nice level if they need to and changing the nice level by default is unexpected behavior. Closes: #594377. | |||
* | merge preliminary multiarch support | Steve Langasek | 2019-01-08 | |
|\ | ||||
| * | merge from squeeze | Steve Langasek | 2019-01-08 | |
| |\ | ||||
| | * | * debian/patches-applied/no_PATH_MAX_on_hurd: define PATH_MAX for | Steve Langasek | 2019-01-08 | |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | compatibility when it's not already set. Closes: #552043. * debian/local/pam-auth-update: Don't try to pass embedded newlines to debconf; backslash-escape them instead and use CAPB escape. * debian/local/pam-auth-update: sort additional module options before writing them out, so that we don't wind up with a different config file on every invocation. Thanks to Jim Paris <jim@jtan.com> for the patch. Closes: #594123. | |||
| * | | merge from trunk | Steve Langasek | 2019-01-08 | |
| |\| | ||||
| * | | merge from trunk | Steve Langasek | 2019-01-08 | |
| |\ \ | ||||
| * | | | New patch to give us proper multiarch module path lookups in conjunction with | Steve Langasek | 2019-01-08 | |
| | | | | | | | | | | | | | | | | | | | | | | | | the non-standard configure arguments in debian/rules: look in /lib/$(DEB_HOST_GNU_TYPE)/security first, then /lib/security as a fallback. | |||
* | | | | * debian/patches-applied/027_pam_limits_better_init_allow_explicit_root: | Kees Cook | 2019-01-08 | |
| | | | | | | | | | | | | | | | | | | | | - only report about unknown kernel rlimits when "debug" is set (Closes: 625226, LP: #794531). | |||
* | | | | debian/patches-applied/027_pam_limits_better_init_allow_explicit_root: | Steve Langasek | 2019-01-08 | |
| | | | | | | | | | | | | | | | | | | | | set a better default RLIMIT_MEMLOCK value for BSD kernels. Thanks to Petr Salinger for the fix. Closes: #602902. | |||
* | | | | refresh other patches for new upstream release | Steve Langasek | 2019-01-08 | |
| | | | | ||||
* | | | | Port hurd_no_setfsuid patch to new pam_modutil_{drop,restore}_priv | Steve Langasek | 2019-01-08 | |
| | | | | | | | | | | | | | | | | interface; now possibly upstreamable | |||
* | | | | update the existing 027_pam_limits_better_init_allow_explicit_root patch | Steve Langasek | 2019-01-08 | |
| | | | | | | | | | | | | | | | | | | | | | | | | instead of creating a new parse-kernel-rlimits.patch, to keep these changes logically grouped together; and add a DEP3 patch header here since we didn't have one before | |||
* | | | | parse-kernel-rlimits.patch has been forwarded upstream now | Kees Cook | 2019-01-08 | |
| | | | | ||||
* | | | | debian/patches-applied/parse-kernel-rlimits.patch: load rlimit defaults | Kees Cook | 2019-01-08 | |
| | | | | | | | | | | | | | | | | | | | | | | | | from the kernel (via /proc/1/limits), instead of continuing to hardcode the settings internally. Fall back to internal defaults when the kernel rlimits are not found. Closes: #620302. (LP: #746655, #391761) | |||
* | | | | fix up the patch to be proper C | Steve Langasek | 2019-01-08 | |
| | | | | ||||
* | | | | debian/patches-applied/hurd_no_setfsuid: handle some new calls to | Steve Langasek | 2019-01-08 | |
| | | | | | | | | | | | | | | | | | | | | setfsuid in pam_xauth that I overlooked, so that the build works again on non-Linux. Closes: #613630. | |||
* | | | | debian/patches-applied/no_PATH_MAX_on_hurd: define PATH_MAX for | Steve Langasek | 2019-01-08 | |
| | | | | | | | | | | | | | | | | compatibility when it's not already set. Closes: #552043. | |||
* | | | | one more patch tweak | Steve Langasek | 2019-01-08 | |
| | | | | ||||
* | | | | further patch fixup to match upstream | Steve Langasek | 2019-01-08 | |
| | | | | ||||
* | | | | fix a typo in the patch | Steve Langasek | 2019-01-08 | |
| | | | | ||||
* | | | | debian/patches/007_modules_pam_unix: drop compatibility handling of | Steve Langasek | 2019-01-08 | |
| | | | | | | | | | | | | | | | | | | | | 'max=' no-op; use of this option will now log an error, as warned three years ago. | |||
* | | | | refresh other patches for new upstream version | Steve Langasek | 2019-01-08 | |
| | | | | ||||
* | | | | debian/patches/hurd_no_setfsuid: pam_env and pam_mail now also use | Steve Langasek | 2019-01-08 | |
| | | | | | | | | | | | | | | | | setfsuid, so patch them to be likewise Hurd-safe. | |||
* | | | | Drop patches conditional_module,_conditional_man and | Steve Langasek | 2019-01-08 | |
| | | | | | | | | | | | | | | | | mkhomedir_linking.patch, which are included upstream. | |||
* | | | | add a missing comma | Steve Langasek | 2019-01-08 | |
| | | | | ||||
* | | | | debian/patches-applied/007_modules_pam_unix: fix up patch for new | Steve Langasek | 2019-01-08 | |
| |_|/ |/| | | | | | | | | upstream version which now implements minlen=, not min=. | |||
* | | | Don't pass --version-script options when linking executables, | Steve Langasek | 2019-01-08 | |
| | | | | | | | | | | | | | | | only when linking libraries. Thanks to Julien Cristau <jcristau@debian.org> for the fix. Closes: #582362. | |||
* | | | patch committed upstream | Steve Langasek | 2019-01-08 | |
| | | | ||||
* | | | patch forwarded upstream | Steve Langasek | 2019-01-08 | |
| | | | ||||
* | | | debian/patches/conditional_module,_conditional_man: if we don't have the | Steve Langasek | 2019-01-08 | |
| | | | | | | | | | | | | | | | libraries required for building pam_tty_audit, we shouldn't install the manpage either. LP: #588547. | |||
* | | | refresh other patches for new upstream version | Steve Langasek | 2019-01-08 | |
| | | | ||||
* | | | debian/patches/026_pam_unix_passwd_unknown_user: don't return | Steve Langasek | 2019-01-08 | |
| | | | | | | | | | | | | | | | PAM_USER_UNKNOWN on password change of a user that has no shadow entry, upstream now implements auto-creating the shadow entry in this case. | |||
* | | | Drop patches pam.d-manpage-section, namespace_with_awk_not_gawk, and | Steve Langasek | 2019-01-08 | |
| | | | | | | | | | | | | pam_securetty_tty_check_before_user_check, which are included upstream. | |||
* | | | debian/patches/007_modules_pam_unix: recognize that *all* of the password | Steve Langasek | 2019-01-08 | |
| | | | | | | | | | | | | | | | hashes other than traditional crypt handle passwords >8 chars in length. LP: #356766. | |||
* | | | debian/patches/sys-types-include.patch: fix pam_modutil.h so that it can | Steve Langasek | 2019-01-08 | |
| | | | | | | | | | | | | | | | be included directly, without having to include sys/types.h first. Closes: #556203. | |||
* | | | debian/patches/pam_securetty_tty_check_before_user_check: new patch, | Steve Langasek | 2019-01-08 | |
| |/ |/| | | | | | | | | | to make pam_securetty always return success on a secure tty regardless of what username was passed. Thanks to Nicolas François <nicolas.francois@centraliens.net> for the patch. Closes: #537848 | |||
* | | debian/patches/autoconf.patch: pull ltmain.sh in, to fix some spurious | Steve Langasek | 2019-01-08 | |
|/ | | | | library linkage in the modules. | |||
* | patch committed upstream | Steve Langasek | 2019-01-08 | |
| | ||||
* | debian/patches/namespace_with_awk_not_gawk: fix the sample | Steve Langasek | 2019-01-08 | |
| | | | | | namespace.init script's dependency on non-POSIX features of gawk, since we don't use gawk by default. Closes; #518908. | |||
* | debian/patches/pam_unix_dont_trust_chkpwd_caller.patch: fix this patch | Steve Langasek | 2019-01-08 | |
| | | | | | | | to call setregid() instead of always returning an error on username mismatch in unix_chkpwd, needed in the SELinux case and in some corner cases with the broken_shadow option. Thanks to Michael Spang for the analysis. Closes: #543589. | |||
* | final pass of manpage fixes | Steve Langasek | 2019-01-08 | |
| | ||||
* | another pass of manpage fixes | Steve Langasek | 2019-01-08 | |
| | ||||
* | oops, we don't want to remove the manpages entirely... | Steve Langasek | 2019-01-08 | |
| | ||||
* | another pass of manpage fixes | Steve Langasek | 2019-01-08 | |
| | ||||
* | debian/patches/fix-man-crud: new patch, fix "undefined macro" errors in | Steve Langasek | 2019-01-08 | |
| | | | | | manpages caused by oddities of toolchain used when generating them upstream. | |||
* | add config.h.in changes to autoconf.patch, which will show up upon running a | Steve Langasek | 2019-01-08 | |
| | | | | build in any case | |||
* | Include changes to pam_limits/README in the patch, since they end up in the | Steve Langasek | 2019-01-08 | |
| | | | | | package anyway and this gives us a cleaner ./debian/rules clean |