Commit message (Collapse) | Author | Age | |
---|---|---|---|
* | Build-conflict with libxcrypt-dev, which otherwise pulls libxcrypt in as | Steve Langasek | 2019-01-03 |
| | | | | | a dependency of libpam-modules if it's installed during the build. Thanks to Larry Doolittle for catching. | ||
* | mark for upload | Steve Langasek | 2019-01-03 |
| | |||
* | debian/rules: call chgrp *before* calling chmod, lest the sgid bit | Steve Langasek | 2019-01-03 |
| | | | | | on unix_chkpwd be cleared during the build when using -rsudo. Closes: #496983. | ||
* | 055_pam_unix_nullok_secure: also don't call the helper at all from | Steve Langasek | 2019-01-03 |
| | | | | | | _unix_blankpasswd when we can detect that null passwords are disallowed, to avoid causing spammy logs on successful authentications. Closes: #496620. | ||
* | 007_modules_pam_unix: update the manpage at the same time as the xml | Steve Langasek | 2019-01-03 |
| | | | | source (grr, autogenerated files in source packages). Closes: #495804. | ||
* | adjust the log error message | Steve Langasek | 2019-01-03 |
| | |||
* | document bug closure | Steve Langasek | 2019-01-03 |
| | |||
* | pam_unix-chkpwd-wait: don't assume that the unix_chkpwd process | Julien Cristau | 2019-01-03 |
| | | | | | | exits normally; if it was killed by a signal, we don't want to accept the password. | ||
* | mark for upload | Steve Langasek | 2019-01-03 |
| | |||
* | 055_pam_unix_nullok_secure: don't call _pammodutil_tty_secure with a NULL | Steve Langasek | 2019-01-03 |
| | | | | | | tty argument, since this will cause our helper to segfault instead of returning a useful value. Thanks to Troy Davis for the report. Closes: #495806. | ||
* | deleting a file under debian/libpam-modules in the install target isn't going | Steve Langasek | 2019-01-03 |
| | | | | to do us any good... | ||
* | mark for upload | Steve Langasek | 2019-01-03 |
| | |||
* | debian/patches/054_pam_security_abstract_securetty_handling: move the | Steve Langasek | 2019-01-03 |
| | | | | | | | | warning log about an insecure tty back to pam_securetty proper; we don't want to generate log messages every time pam_unix is called as non-root. Closes: #493283. As a side-effect, pam_unix no longer logs any warnings about NULL password + insecure tty, but I don't think this is critical. | ||
* | Build-Conflict with libdb4.2-dev, which satisfies the libdb-dev | Steve Langasek | 2019-01-03 |
| | | | | | build-dependency but causes pam_userdb to be silently omitted. Closes: #493574. | ||
* | remove other code related to the woody->sarge upgrade | Steve Langasek | 2019-01-03 |
| | |||
* | removing more cruft | Steve Langasek | 2019-01-03 |
| | |||
* | Drop libpam-runtime.preinst, only used for upgrades from woody to sarge | Steve Langasek | 2019-01-03 |
| | | | | to deal with modified conffiles. | ||
* | Drop various bits of unused cruft from the debian/ directory. | Steve Langasek | 2019-01-03 |
| | |||
* | remove another patch which is no longer relevant (because we no longer do | Steve Langasek | 2019-01-03 |
| | | | | capabilities in pam_limits) | ||
* | drop obsolete patch that's not been applied for years and is superseded | Steve Langasek | 2019-01-03 |
| | | | | upstream | ||
* | Update the Debian PAM mini-policy to remove references to the | Steve Langasek | 2019-01-03 |
| | | | | | long-obsolete pam_pwdb, and clarify the relationship between pam_stack and @include. | ||
* | Look for cups instead of cupsys as an init script name when restarting | Steve Langasek | 2019-01-03 |
| | | | | | services; thanks to Stephen Olander-Waters for pointing this out. Closes: #492977. | ||
* | * 007_modules_pam_unix: update the documentation to correctly document | Steve Langasek | 2019-01-03 |
| | | | | the default minimum password length is 6, not 1. | ||
* | mark for upload | Steve Langasek | 2019-01-03 |
| | |||
* | document updated patch status | Steve Langasek | 2019-01-03 |
| | |||
* | drop the patch to restore the particular setreuid() handling, which was in fact | Steve Langasek | 2019-01-03 |
| | | | | buggy before and fixed now. | ||
* | Fix a bug in the uid-restoring code in the hurd_no_setfsuid patch; thanks | Steve Langasek | 2019-01-03 |
| | | | | | to Tomas Mraz <tmraz@redhat.com> for indirectly bringing this to my attention | ||
* | drop the patch to do NIS+ auth in-process, the uid changing is better handled | Steve Langasek | 2019-01-03 |
| | | | | by a subprocess. | ||
* | drop the patch to do NIS+ auth in-process, the uid changing is better handled | Steve Langasek | 2019-01-03 |
| | | | | by a subprocess. | ||
* | document another upstream bug closure | Steve Langasek | 2019-01-03 |
| | |||
* | Bump Standards-Version to 3.8.0. | Steve Langasek | 2019-01-03 |
| | |||
* | Add debian/README.source documenting that this package uses quilt. | Steve Langasek | 2019-01-03 |
| | |||
* | * New patch, pam.d-manpage-section, to fix the manpage references to | Steve Langasek | 2019-01-03 |
| | | | | | | point to section 5 instead of section 8. * Update patch PAM-manpage-section to fix the references to pam(7) from other manpages. Closes: #470137. | ||
* | New patch pam_unix_dont_trust_chkpwd_caller.patch, rolling back an | Steve Langasek | 2019-01-03 |
| | | | | | | upstream change that causes unix_chkpwd to assume that setuid(getuid()) is sufficient to drop permissions and attempt any authentication on behalf of the user. | ||
* | refresh patches for new upstream version | Steve Langasek | 2019-01-03 |
| | |||
* | Drop another patch that's integrated upstream | Steve Langasek | 2019-01-03 |
| | |||
* | Drop another patch that's integrated upstream | Steve Langasek | 2019-01-03 |
| | |||
* | patch refresh for new upstream version | Steve Langasek | 2019-01-03 |
| | |||
* | patch refresh for new upstream version | Steve Langasek | 2019-01-03 |
| | |||
* | bump the upstream version number, again | Steve Langasek | 2019-01-03 |
| | |||
* | don't use _unix_blankpasswd() when trying to decide whether to pass the | Steve Langasek | 2019-01-03 |
| | | | | | 'nullok' option to the helper, because _unix_blankpasswd() will itself call in to the helper... instead, check directly for a secure tty. | ||
* | document a bug closure (bug #382987) | Steve Langasek | 2019-01-03 |
| | |||
* | language tweak | Steve Langasek | 2019-01-03 |
| | |||
* | pam_rhosts_auth is dropped upstream; add a compat symlink to pam_rhosts | Steve Langasek | 2019-01-03 |
| | | | | to support upgrades for a release, and give a warning in NEWS.Debian. | ||
* | Fix the libpam0g-dev examples directory to not include a gratuitous | Steve Langasek | 2019-01-03 |
| | | | | .cvsignore file. | ||
* | committed to CVS | Steve Langasek | 2019-01-03 |
| | |||
* | update the unix_chkpwd override to match the current perms | Steve Langasek | 2019-01-03 |
| | |||
* | fix up the patch so that pamh isn't undefined... | Steve Langasek | 2019-01-03 |
| | |||
* | fix patch names so it's clear these are all for pam_unix | Steve Langasek | 2019-01-03 |
| | |||
* | New patch pam_unix_fix_sgid_shadow_auth.patch, fixing an upstream | Steve Langasek | 2019-01-03 |
| | | | | | | | | regression which prevents sgid shadow apps from being able to authenticate any more because the module forces use of the helper and the helper won't allow authentication of arbitrary users. This change does mean we're going to be noisier for the time being in an SELinux environment, which should be addressed but is not a regression on Debian. |