summaryrefslogtreecommitdiff
path: root/debian
Commit message (Collapse)AuthorAge
...
* debian/libpam0g.templates, debian/libpam0g.postinst: add a new question,Steve Langasek2019-01-08
| | | | | | libraries/restart-without-asking, that allows admins to accept the service restarts once for all so that they don't have to repeatedly say "ok". LP: #745004.
* debian/patches-applied/update-motd: new module option for pam_motd,Steve Langasek2019-01-08
| | | | | 'noupdate', which suppresses the call to run-parts /etc/update-motd.d. LP: #805423.
* debian/patches-applied/update-motd: set a sane umask before callingSteve Langasek2019-01-08
| | | | | run-parts, and restore the old mask afterwards, so /run/motd gets consistent permissions. LP: #871943.
* debian/libpam0g.postinst: according to Kubuntu developers, kdm no longerSteve Langasek2019-01-08
| | | | | | | keeps libpam loaded persistently at runtime, so it's not necessary to force a kdm restart on ABI bump. Which is good, since restarting kdm now seems to also log users out of running sessions, which we rather want to avoid. Closes: #632673, LP: #744944.
* debian/patches-applied/hurd_no_setfsuid: we don't want to check allSteve Langasek2019-01-08
| | | | | | setre*id() calls; we know that there are situations where some of these may fail but we don't care. As long as the last setre*id() call in each set succeeds, that's the state we mean to be in.
* releasing version 1.1.3-5Steve Langasek2019-01-08
|
* * debian/patches-applied/pam_env-fix-overflow.patch: fix stack overflowKees Cook2019-01-08
| | | | | | in environment file parsing (CVE-2011-3148). * debian/patches-applied/pam_env-fix-dos.patch: fix DoS in environment file parsing (CVE-2011-3149).
* debian/patches-applied/update-motd: correctly clear environment whenKees Cook2019-01-08
| | | | building motd.
* debian/patches-applied/hurd_no_setfsuid: check all set*id() calls.Kees Cook2019-01-08
|
* debian/patches-applied/{007_modules_pam_unix,055_pam_unix_nullok_secure}:Kees Cook2019-01-08
| | | | drop unneeded no-op change to reduce delta from upstream.
* debian/patches-applied/022_pam_unix_group_time_miscfixes,Kees Cook2019-01-08
| | | | | | debian/patches-applied/026_pam_unix_passwd_unknown_user, debian/patches-applied/054_pam_security_abstract_securetty_handling: improve descriptions.
* * debian/patches-applied/008_modules_pam_limits_chroot:Kees Cook2019-01-08
| | | | | - fix off-by-one when parsing configuration file. - when using chroot, chdir() to root to lose links to old tree.
* debian/patches-applied/pam_unix_dont_trust_chkpwd_caller.patch: useKees Cook2019-01-08
| | | | setresgid() to wipe out saved-gid just in case.
* releasing version 1.1.3-4Steve Langasek2019-01-08
|
* Make sure shared library links are also installed to the multiarchSteve Langasek2019-01-08
| | | | | | directory, not just the .a files; otherwise the static libs get found first by the linker. Thanks to Russ Allbery for catching this. Closes: #642952.
* releasing version 1.1.3-3Steve Langasek2019-01-08
|
* Don't set --sbindir when calling configure; upstream takes care of thisSteve Langasek2019-01-08
| | | | for us
* Build-depend on debhelper 8.9.4 and bump debian/compat to 9 forSteve Langasek2019-01-08
| | | | | dpkg-buildflags integration, and drop manual setting of -g -O options in CFLAGS now that we can let dh do it for us
* debian/control: adjust the package descriptions, as the current onesSteve Langasek2019-01-08
| | | | | | use some awkward language that's gone unnoticed for a long time. Thanks to Martin Eberhard Schauer <Martin.E.Schauer@gmx.de> for pointing this out. Closes: #633863.
* mark libpam0g-dev M-A: sameSteve Langasek2019-01-08
|
* fix the sed rule for libpam0g-dev.install.inSteve Langasek2019-01-08
|
* Move debian/libpam0g-dev.install to debian/libpam0g-dev.install.inSteve Langasek2019-01-08
| | | | | | and substitute the multiarch path at build time, so our .a files go to the multiarch dir instead of to /usr/lib. Thanks to Riku Voipio for pointing out the bug.
* Look for /etc/init.d/postgresql, not /etc/init.d/postgresql-8.{2,3},Steve Langasek2019-01-08
| | | | | for service restarts; the latter are obsolete since squeeze. Closes: #631511.
* releasing version 1.1.3-2Steve Langasek2019-01-08
|
* make sure we're passing ctrl to the function if we need to check PAM_DEBUGSteve Langasek2019-01-08
|
* debian/patches-applied/027_pam_limits_better_init_allow_explicit_root:Steve Langasek2019-01-08
| | | | | | don't reset the process niceness for root; since it's root, they can still renice to a lower nice level if they need to and changing the nice level by default is unexpected behavior. Closes: #594377.
* close the ia32-libs bug in the changelog, whee!Steve Langasek2019-01-08
|
* bump the maintainer script version check to 1.1.3-2Steve Langasek2019-01-08
|
* Pull in final multiarch support from Ubuntu:Steve Langasek2019-01-08
| | | | | | | | | - bump the debhelper build-dep - add Pre-Depends: ${misc:Pre-Depends} for multiarch-support - add Pre-Depends: libpam0g (>= 1.1.3-2) to libpam-modules - bump the version in libpam-modules-bin's replaces: of libpam-modules - use DEB_HOST_MULTIARCH, not DEB_HOST_GNU_TYPE
* merge preliminary multiarch supportSteve Langasek2019-01-08
|\
| * merge from squeezeSteve Langasek2019-01-08
| |\
| * | bump replaces on libpam-modulesSteve Langasek2019-01-08
| | |
| * | merge from trunkSteve Langasek2019-01-08
| |\ \
| * | | fix a minor mis-merge (unix_chkpwd in libpam-modules-bin)Steve Langasek2019-01-08
| | | |
| * | | merge from trunkSteve Langasek2019-01-08
| |\ \ \
| * | | | Split libpam-modules into libpam-modules and libpam-modules-bin, so that weSteve Langasek2019-01-08
| | | | | | | | | | | | | | | | | | | | | | | | | only have to have one copy of the helper binaries installed.
| * | | | add the Multi-Arch fields to the packagesSteve Langasek2019-01-08
| | | | |
| * | | | New patch to give us proper multiarch module path lookups in conjunction withSteve Langasek2019-01-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | the non-standard configure arguments in debian/rules: look in /lib/$(DEB_HOST_GNU_TYPE)/security first, then /lib/security as a fallback.
| * | | | treat /lib/security as our 'extra' dir, so thatSteve Langasek2019-01-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | a) the multiarch dir is always preferred, and b) we don't have to have /lib/security on the system to resolve the other path
| * | | | install all our libs and modules in the multiarch pathsSteve Langasek2019-01-08
| | | | |
* | | | | * debian/patches-applied/027_pam_limits_better_init_allow_explicit_root:Kees Cook2019-01-08
| | | | | | | | | | | | | | | | | | | | | | | | | - only report about unknown kernel rlimits when "debug" is set (Closes: 625226, LP: #794531).
* | | | | releasing version 1.1.3-1Steve Langasek2019-01-08
| | | | |
* | | | | bump the minimum version check in maintainer scripts for the restartSteve Langasek2019-01-08
| | | | | | | | | | | | | | | | | | | | handling.
* | | | | debian/patches-applied/027_pam_limits_better_init_allow_explicit_root:Steve Langasek2019-01-08
| | | | | | | | | | | | | | | | | | | | | | | | | set a better default RLIMIT_MEMLOCK value for BSD kernels. Thanks to Petr Salinger for the fix. Closes: #602902.
* | | | | update symbols file for new symbolsSteve Langasek2019-01-08
| | | | |
* | | | | Fixes CVE-2010-3316 CVE-2010-3430 CVE-2010-3431 CVE-2010-3435.Steve Langasek2019-01-08
| | | | | | | | | | | | | | | | | | | | Closes: #599832.
* | | | | refresh other patches for new upstream releaseSteve Langasek2019-01-08
| | | | |
* | | | | Port hurd_no_setfsuid patch to new pam_modutil_{drop,restore}_privSteve Langasek2019-01-08
| | | | | | | | | | | | | | | | | | | | interface; now possibly upstreamable
* | | | | releasing version 1.1.2-3Steve Langasek2019-01-08
| | | | |
* | | | | Catalan, thanks to Innocent De Marchi <tangram.peces@gmail.com>Steve Langasek2019-01-08
| | | | | | | | | | | | | | | | | | | | (closes: #622786)
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-19 23:15:55 +0000