1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 711 712 713 714 715 716 717 718 719 720 721 722 723 724 725 726 727 728 729 730 731 732 733 734 735 736 737 738 739 740 741 742 743 744 745 746 747 748 749 750 751 752 753 754 755 756 757 758 759 760 761 762 763 764 765 766 767 768 769 770 771 772 773 774 775 776 777 778 779 780 781 782 783 784 785 786 787 788 789 790 791 792 793 794 795 796 797 798 799 800 801 802 803 804 805 806 807 808 809 810 811 812 813 814 815 816 817 818 819 820 821 822 823 824 825 826 827 828 829 830 831 832 833 834 835 836 837 838 839 840 841 842 843 844 845 846 847 848 849 850 851 852 853 854 855 856 857 858 859 860 861 862 863 864 865 866 867 868 869 870 871 872 873 874 875 876 877 878 879 880 881 882 883 884 885 886 887 888 889 890 891 892 893 894 895 896 897 898 899 900 901 902 903 904 905 906 907 908 909 910 911 912 913 914 915 916 917 918 919 920 921 922 923 924 925 926 927 928 929 930 931 932 933 934 935 936 937 938 939 940 941 942 943 944 945 946 947 948 949 950 951 952 953 954 955 956 957 958 959 960 961 962 963 964 965 966 967 968 969 970 971 972 973 974 975 976 977 978 979 980 981 982 983 984 985 986 987 988 989 990 991 992 993 994 995 996 997 998 999 1000 1001 1002 1003 1004 1005 1006 1007 1008 1009 1010 1011 1012 1013 1014 1015 1016 1017 1018 1019 1020 1021 1022 1023 1024 1025 1026 1027 1028 1029 1030 1031 1032 1033 1034 1035 1036 1037 1038 1039 1040 1041 1042 1043 1044 1045 1046 1047 1048 1049 1050 1051 1052 1053 1054 1055 1056 1057 1058 1059 1060 1061 1062 1063 1064 1065 1066 1067 1068 1069 1070 1071 1072 1073 1074 1075 1076 1077 1078 1079 1080 1081 1082 1083 1084 1085 1086 1087 1088 1089 1090 1091 1092 1093 1094 1095 1096 1097 1098 1099 1100 1101 1102 1103 1104 1105 1106 1107 1108 1109 1110 1111 1112 1113 1114 1115 1116 1117 1118 1119 1120 1121 1122 1123 1124 1125 1126 1127 1128 1129 1130 1131 1132 1133 1134 1135 1136 1137 1138 1139 1140 1141 1142 1143 1144 1145 1146 1147 1148 1149 1150 1151 1152 1153 1154 1155 1156 1157 1158 1159 1160 1161 1162 1163 1164 1165 1166 1167 1168 1169 1170 1171 1172 1173 1174 1175 1176 1177 1178 1179 1180 1181 1182 1183 1184 1185 1186 1187 1188 1189 1190 1191 1192 1193 1194 1195 1196 1197 1198 1199 1200 1201 1202 1203 1204 1205 1206 1207 1208 1209 1210 1211 1212 1213 1214 1215 1216 1217 1218 1219 1220 1221 1222 1223 1224 1225 1226 1227 1228 1229 1230 1231 1232 1233 1234 1235 1236 1237 1238 1239 1240 1241 1242 1243 1244 1245 1246 1247 1248 1249 1250 1251 1252 1253 1254 1255 1256 1257 1258 1259 1260 1261 1262 1263 1264 1265 1266 1267 1268 1269 1270 1271 1272 1273 1274 1275 1276 1277 1278 1279 1280 1281 1282 1283 1284 1285 1286 1287 1288 1289 1290 1291 1292 1293 1294 1295 1296 1297 1298 1299 1300 1301 1302 1303 1304 1305 1306 1307 1308 1309 1310 1311 1312 1313 1314 1315 1316 1317 1318 1319 1320 1321 1322 1323 1324 1325 1326 1327 1328 1329 1330 1331 1332 1333 1334 1335 1336 1337 1338 1339 1340 1341 1342 1343 1344 1345 1346 1347 1348 1349 1350 1351 1352 1353 1354 1355 1356 1357 1358 1359 1360 1361 1362 1363 1364 1365 1366 1367 1368 1369 1370 1371 1372 1373 1374 1375 1376 1377 1378 1379 1380 1381 1382 1383 1384 1385 1386 1387 1388 1389 1390 1391 1392 1393 1394 1395 1396 1397 1398 1399 1400 1401 1402 1403 1404 1405 1406 1407 1408 1409 1410 1411 1412 1413 1414 1415 1416 1417 1418 1419 1420 1421 1422 1423 1424 1425 1426 1427 1428 1429 1430 1431 1432 1433 1434 1435 1436 1437 1438 1439 1440 1441 1442 1443 1444 1445 1446 1447 1448 1449 1450 1451 1452 1453 1454 1455 1456 1457 1458 1459 1460 1461 1462 1463 1464 1465 1466 1467 1468 1469 1470 1471 1472 1473 1474 1475 1476 1477 1478 1479 1480 1481 1482 1483 1484 1485 1486 1487 1488 1489 1490 1491 1492 1493 1494 1495 1496 1497 1498 1499 1500 1501 1502 1503 1504 1505 1506 1507 1508 1509 1510 1511 1512 1513 1514 1515 1516 1517 1518 1519 1520 1521 1522 1523 1524 1525 1526 1527 1528 1529 1530 1531 1532 1533 1534 1535 1536 1537 1538 1539 1540 1541 1542 1543 1544 1545 1546 1547 1548 1549 1550 1551 1552 1553 1554 1555 1556 1557 1558 1559 1560 1561 1562 1563 1564 1565 1566 1567 1568 1569 1570 1571 1572 1573 1574 1575 1576 1577 1578 1579 1580 1581 1582 1583 1584 1585 1586 1587 1588 1589 1590 1591 1592 1593 1594 1595 1596 1597 1598 1599 1600 1601 1602 1603 1604 1605 1606 1607 1608 1609 1610 1611 1612 1613 1614 1615 1616 1617 1618 1619 1620 1621 1622 1623 1624 1625 1626 1627 1628 1629 1630 1631 1632 1633 1634 1635 1636 1637 1638 1639 1640 1641 1642 1643 1644 1645 1646 1647 1648 1649 1650 1651 1652 1653 1654 1655 1656 1657 1658 1659 1660 1661 1662 1663 1664 1665 1666 1667 1668 1669 1670 1671 1672 1673 1674 1675 1676 1677 1678 1679 1680 1681 1682 1683 1684 1685 1686 1687 1688 1689 1690 1691 1692 1693 1694 1695 1696 1697 1698 1699 1700 1701 1702 1703 1704 1705 1706 1707 1708 1709 1710 1711 1712 1713 1714 1715 1716 1717 1718 1719 1720 1721 1722 1723 1724 1725 1726 1727 1728 1729 1730 1731 1732 1733 1734 1735 1736 1737 1738 1739 1740 1741 1742 1743 1744 1745 1746 1747 1748 1749 1750 1751 1752 1753 1754 1755 1756 1757 1758 1759 1760 1761 1762 1763 1764 1765 1766 1767 1768 1769 1770 1771 1772 1773 1774 1775 1776 1777 1778 1779 1780 1781 1782 1783 1784 1785 1786 1787 1788 1789 1790 1791 1792 1793 1794 1795 1796 1797 1798 1799 1800 1801 1802 1803 1804 1805 1806 1807 1808 1809 1810 1811 1812 1813 1814 1815 1816 1817 1818 1819 1820 1821 1822 1823 1824 1825 1826 1827 1828 1829 1830 1831 1832 1833 1834 1835 1836 1837 1838 1839 1840 1841 1842 1843 1844 1845 1846 1847 1848 1849 1850 1851 1852 1853 1854 1855 1856 1857 1858 1859 1860 1861 1862 1863 1864 1865 1866 1867 1868 1869 1870 1871 1872 1873 1874 1875 1876 1877 1878 1879 1880 1881 1882 1883 1884 1885 1886 1887 1888 1889 1890 1891 1892 1893 1894 1895 1896 1897 1898 1899 1900 1901 1902 1903 1904 1905 1906 1907 1908 1909 1910 1911 1912 1913 1914 1915 1916 1917 1918 1919 1920 1921 1922 1923 1924 1925 1926 1927 1928 1929 1930 1931 1932 1933 1934 1935 1936 1937 1938 1939 1940 1941 1942 1943 1944 1945 1946 1947 1948 1949 1950 1951 1952 1953 1954 1955 1956 1957 1958 1959 1960 1961 1962 1963 1964 1965 1966 1967 1968 1969 1970 1971 1972 1973 1974 1975 1976 1977 1978 1979 1980 1981 1982 1983 1984 1985 1986 1987 1988 1989 1990 1991 1992 1993 1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2021 2022 2023 2024 2025 2026 2027 2028 2029 2030 2031 2032 2033 2034 2035 2036 2037 2038 2039 2040 2041 2042 2043 2044 2045 2046 2047 2048 2049 2050 2051 2052 2053 2054 2055 2056 2057 2058 2059 2060 2061 2062 2063 2064 2065 2066 2067 2068 2069 2070 2071 2072 2073 2074 2075 2076 2077 2078 2079 2080 2081 2082 2083 2084 2085 2086 2087 2088 2089 2090 2091 2092 2093 2094 2095 2096 2097 2098 2099 2100 2101 2102 2103 2104 2105 2106 2107 2108 2109 2110 2111 2112 2113 2114 2115 2116 2117 2118 2119 2120 2121 2122 2123 2124 2125 2126 2127 2128 2129 2130 2131 2132 2133 2134 2135 2136 2137 2138 2139 2140 2141 2142 2143 2144 2145 2146 2147 2148 2149 2150 2151 2152 2153 2154 2155 2156 2157 2158 2159 2160 2161 2162 2163 2164 2165 2166 2167 2168 2169 2170 2171 2172 2173 2174 2175 2176 2177 2178 2179 2180 2181 2182 2183 2184 2185 2186 2187 2188 2189 2190 2191 2192 2193 2194 2195 2196 2197 2198 2199 2200 2201 2202 2203 2204 2205 2206 2207 2208 2209 2210 2211 2212 2213 2214 2215 2216 2217 2218 2219 2220 2221 2222 2223 2224 2225 2226 2227 2228 2229 2230 2231 2232 2233 2234 2235 2236 2237 2238 2239 2240 2241 2242 2243 2244 2245 2246 2247 2248 2249 2250 2251 2252 2253 2254 2255 2256 2257 2258 2259 2260 2261 2262 2263 2264 2265 2266 2267 2268 2269 2270 2271 2272 2273 2274 2275 2276 2277 2278 2279 2280 2281 2282 2283 2284 2285 2286 2287 2288 2289 2290 2291 2292 2293 2294 2295 2296 2297 2298 2299 2300 2301 2302 2303 2304 2305 2306 2307 2308 2309 2310 2311 2312 2313 2314 2315 2316 2317 2318 2319 2320 2321 2322 2323 2324 2325 2326 2327 2328 2329 2330 2331 2332 2333 2334 2335 2336 2337 2338 2339 2340 2341 2342 2343 2344 2345 2346 2347 2348 2349 2350 2351 2352 2353 2354 2355 2356 2357 2358 2359 2360 2361 2362 2363 2364 2365 2366 2367 2368 2369 2370 2371 2372 2373 2374 2375 2376 2377 2378 2379 2380 2381 2382 2383 2384 2385 2386 2387 2388 2389 2390 2391 2392 2393 2394 2395 2396 2397 2398 2399 2400 2401 2402 2403 2404 2405 2406 2407 2408 2409 2410 2411 2412 2413 2414 2415 2416 2417 2418 2419 2420 2421 2422 2423 2424 2425 2426 2427 2428 2429 2430 2431 2432 2433 2434 2435 2436 2437 2438 2439 2440 2441 2442 2443 2444 2445 2446 2447 2448 2449 2450 2451 2452 2453 2454 2455 2456 2457 2458 2459 2460 2461 2462 2463 2464 2465 2466 2467 2468 2469 2470 2471 2472 2473 2474 2475 2476 2477 2478 2479 2480 2481 2482 2483 2484 2485 2486 2487 2488 2489 2490 2491 2492 2493 2494 2495 2496 2497 2498 2499 2500 2501 2502 2503 2504 2505 2506 2507 2508 2509 2510 2511 2512 2513 2514 2515 2516 2517 2518 2519 2520 2521 2522 2523 2524 2525 2526 2527 2528 2529 2530 2531 2532 2533 2534 2535 2536 2537 2538 2539 2540 2541 2542 2543 2544 2545 2546 2547 2548 2549 2550 2551 2552 2553 2554 2555 2556 2557 2558 2559 2560 2561 2562 2563 2564 2565 2566 2567 2568 2569 2570 2571 2572 2573 2574 2575 2576 2577 2578 2579 2580 2581 2582 2583 2584 2585 2586 2587 2588 2589 2590 2591 2592 2593 2594 2595 2596 2597 2598 2599 2600 2601 2602 2603 2604 2605 2606 2607 2608 2609 2610 2611 2612 2613 2614 2615 2616 2617 2618 2619 2620 2621 2622 2623 2624 2625 2626 2627 2628 2629 2630 2631 2632 2633 2634 2635 2636 2637 2638 2639 2640 2641 2642 2643 2644 2645 2646 2647 2648 2649 2650 2651 2652 2653 2654 2655 2656 2657 2658 2659 2660
|
pam (1.1.8-3.6) unstable; urgency=medium
* Non-maintainer upload.
* cve-2015-3238.patch: Add the changes in the generated pam_exec.8
and pam_unix.8 in addition to (and after) the changes to the
source .xml files. This avoids unwanted rebuilds that can cause
problems due to differing files on different architectures of
the Multi-Arch: same libpam-modules. (Closes: #851545)
-- Adrian Bunk <bunk@debian.org> Sat, 27 May 2017 18:44:02 +0300
pam (1.1.8-3.5) unstable; urgency=medium
* Non-maintainer upload.
* Build-Depend on libfl-dev:native as well, for cross builds.
Re-closes: #846459
* Fix "Unescaped left brace in regex" with Perl 5.22. Closes: #810873
-- Adam Borowski <kilobyte@angband.pl> Fri, 30 Dec 2016 14:37:29 +0100
pam (1.1.8-3.4) unstable; urgency=medium
* Non-maintainer upload.
* Add libfl-dev to Build-Depends, fixing FTBFS. Closes: #846459
* Move xsl stuff to Build-Depends from -Indep to fix misbuilt manpages.
Closes: #812566
-- Adam Borowski <kilobyte@angband.pl> Sun, 18 Dec 2016 01:03:58 +0100
pam (1.1.8-3.3) unstable; urgency=low
* Non-maintainer upload.
[ Steve Langasek ]
* Updated Swedish translation to correct a typo, thanks to Anders Jonsson
and Martin Bagge. Closes: #743875
* Updated Turkish translation, thanks to Mert Dirik <mertdirik@gmail.com>.
(closes: #756756)
* d/applied-patches/pam-limits-nofile-fd-setsize-cap: cap the default
soft nofile limit read from pid 1 to FD_SETSIZE. Thanks to Robie Basak
<robie.basak@ubuntu.com> for the patch. Closes: #783105.
* Acknowledge security NMU.
* pam-auth-update: don't mishandle trailing whitespace in profiles.
LP: #1487103.
[ Laurent Bigonville ]
* debian/control: Fix Vcs-* and Homepage fields (Closes: #752343)
* debian/watch: Update watch file and point it to http://www.linux-pam.org
* debian/patches-applied/pam_namespace_fix_bashism.patch: Fix bashism in
namespace.init script (Closes: #624842)
* debian/control: Build-depends against debhelper (>= 9) to match the
defined debhelper compatibility
* Rename the cve-2011-4708.patch to cve-2010-4708.patch to match reality,
thanks to Jakub Wilk <jwilk@debian.org> for noticing (Closes: #761594)
* debian/control: Bump Standards-Version to 3.9.8 (no further changes)
* debian/libpam-doc.doc-base.applications-guide: Fix spelling
* debian/libpam0g-dev.examples: Do not use shell brace expansion
* debian/patches-applied/pam-loginuid-in-containers: Updated with the version
from Ubuntu, this should fix logins in containers (Closes: #726661)
* debian/patches-applied/update-motd: Updated with the version from Ubuntu:
use /run/motd.dynamic instead of /var/run/motd, nothing in the archive
uses the later (Closes: #743286)
* debian/patches-applied/make_documentation_reproducible.patch: Make the
build reproducible, removes differences when building with different
locale values (Closes: #792127)
-- Laurent Bigonville <bigon@debian.org> Wed, 18 May 2016 02:04:29 +0200
pam (1.1.8-3.2) unstable; urgency=medium
* Non-maintainer upload.
* Fix CVE-2015-3238: DoS/user enumeration due to blocking pipe in pam_unix
module (Closes: #789986)
-- Tianon Gravi <tianon@debian.org> Wed, 06 Jan 2016 15:53:31 -0800
pam (1.1.8-3.1) unstable; urgency=high
* Non-maintainer upload by the Security Team.
* Fix CVE-2013-7041: case-insensitive comparison used for verifying
passwords in the pam_userdb module (closes: #731368).
* Fix CVE-2014-2583: multiple directory traversal issues in the
pam_timestamp module (closes: 757555)
-- Michael Gilbert <mgilbert@debian.org> Sat, 09 Aug 2014 09:50:42 +0000
pam (1.1.8-3) unstable; urgency=low
* debian/rules: On hurd, link libpam explicitly with -lpthread since glibc
will not dynamically switch between the libc stubs and the libpthread
implementations on this architecture. Thanks to Samuel Thibault for the
patch. Closes: #743891.
-- Steve Langasek <vorlon@debian.org> Mon, 07 Apr 2014 17:49:38 -0700
pam (1.1.8-2) unstable; urgency=medium
* Mark the libaudit-dev build-dependency linux-any, since it's not
available on non-Linux archs. Closes: #737035.
-- Steve Langasek <vorlon@debian.org> Thu, 13 Feb 2014 15:02:00 -0800
pam (1.1.8-1) unstable; urgency=medium
* New upstream release.
- includes upstream changes to pam_exec. Closes: #670147.
- adds support for newer hashing algorithms to pam_userdb.
Closes: #671740.
- fixes handling of 'quiet' argument to pam_listfile, to match the
documentation. Closes: #592219.
- fixes handling of @users@@hosts netgroup syntax in access.conf.
Closes: #681223.
- fixes installation of the /etc/security/namespace.d directory.
Closes: #710998.
- 027_pam_limits_better_init_allow_explicit_root: support for reading
/proc/1/limits is upstream, this patch now only handles the policy
of resetting limits by default and not applying glob limits to root.
- debian/patches/fix-manpage-crud: drop, manpages now being generated
upstream with a newer, fixed xsltproc.
- debian/patches/pam_env-fix-overflow.patch, pam_env-fix-dos.patch,
glibc-2_16-compilation-fix.patch, sys-types-include.patch: drop,
included upstream.
* Add build-dependency on pkg-config.
* Ensure autogenerated files are after source files in all relevant patches,
so that regenerating documentation doesn't cause build skew.
* Drop the --disable-regenerate-docu argument, restoring the HTML manuals
to the libpam-doc package. Closes: #700485.
* No need to override dh_compress in debian/rules, it already handles .html
files correctly.
* debian/libpam-cracklib.prerm: use $DPKG_MAINTSCRIPT_PACKAGE_COUNT to avoid
prematurely removing the PAM config when the package is installed for
multiple architectures. Closes: #647428.
-- Steve Langasek <vorlon@debian.org> Thu, 16 Jan 2014 00:38:42 +0000
pam (1.1.3-11) unstable; urgency=low
[ Wookey ]
* Disable libaudit for stage1 bootstrap.
[ Steve Langasek ]
* debian/patches-applied/pam-loginuid-in-containers: pam_loginuid:
Ignore failure in user namespaces.
* Use [linux-any] in build-deps, instead of hard-coding a list of
non-Linux archs. Closes: #634516.
-- Steve Langasek <vorlon@debian.org> Tue, 14 Jan 2014 03:33:31 +0000
pam (1.1.3-10) unstable; urgency=low
* Fix pam-auth-update handling of trailing blank lines in the fields of
profiles. LP: #1160288.
* Reintroduce libaudit support now that libaudit has been multiarched.
Closes: #699159.
-- Steve Langasek <vorlon@debian.org> Sun, 20 Oct 2013 15:30:46 -0700
pam (1.1.3-9) unstable; urgency=low
* Revert libaudit support for now, because libaudit isn't multiarched yet
in unstable so this regresses cross-installability. Reopens bug
#699159.
* Add an or'ed dependency on cdebconf, which also implements the
xloadtemplatefile extension that prevents us from depending on just
'debconf-2.0'. Thanks to Régis Boudin <regis@boudin.name> for the info.
Closes: #677278.
-- Steve Langasek <vorlon@debian.org> Tue, 12 Feb 2013 23:06:30 +0000
pam (1.1.3-8) unstable; urgency=low
* Confirm NMU for bug #611136; thanks to Michael Gilbert.
- As a side effect, there will no longer be errors from reading the
.pam_environment twice since we are now reading it 0 times.
LP: #955032.
* Adjust the pam_env documentation to match the module behavior resulting
from the previous security upload. Closes: #693995.
* debian/rules: never regenerate manpages at build time; this may cause
build skew that breaks the world in a multiarch context. LP: #1095887.
* debian/patches-applied/glibc-2_16-compilation-fix.patch: fix missing
include causing build failure with eglibc 2.16. Thanks to Daniel
Schepler <dschepler@gmail.com>. Closes: #693450.
* Ditch autoconf patch in favor of a build-dependency on dh-autoreconf,
which will let us keep up-to-date with newer autotools. In the present
instance, this gets us aarch64 support.
* Install pam_timestamp_check - and while we're at it, move the manpage
to the correct binary package. Closes: #648695.
* Update lintian overrides to suppress some noise about hardening and
manpages.
* Enable audit support, by popular demand. This should have no major
impact unless you're also running auditd; but I reserve the right to
disable this again in the event that this causes a performance hit or
breaks upgrades (since the dependency is pulled into libpam, not just
into pam_tty_audit). Closes: #699159, LP: #937005.
-- Steve Langasek <vorlon@debian.org> Tue, 12 Feb 2013 05:36:29 +0000
pam (1.1.3-7.1) unstable; urgency=low
* Non-maintainer upload.
* Fix cve-2010-4708: user-configurable .pam_environment allows
administrator-level changes without root access (closes: #611136).
-- Michael Gilbert <mgilbert@debian.org> Sun, 29 Apr 2012 02:23:26 -0400
pam (1.1.3-7) unstable; urgency=low
* Updated debconf translations:
- Danish, thanks to Joe Dalton <joedalton2@yahoo.dk> (closes: #648382)
- French, thanks to Jean-Baka Domelevo Entfellner <domelevo@gmail.com>
(closes: #649850)
- Dutch, thanks to Jeroen Schot <schot@A-Eskwadraat.nl>
(closes: #650755)
- Russian, thanks to Yuri Kozlov <yuray@komyakino.ru> (closes: #650867)
- Portuguese, thanks to Pedro Ribeiro <p.m42.ribeiro@gmail.com>
(closes: #652493)
- German, thanks to Sven Joachim <svenjoac@gmx.de> (closes: #653407)
- Spanish, thanks to Javier Fernandez-Sanguino Peña <jfs@debian.org>
(closes: #654043)
- Bulgarian, thanks to Damyan Ivanov <dmn@debian.org> (closes: #656518)
- Slovak, thanks to Ivan Masár <helix84@centrum.sk> (closes: #656521)
- Japanese, thanks to Kenshi Muto <kmuto@debian.org> (closes: #656834)
- Polish, thanks to Michał Kułach <michalkulach@gmail.com>
(closes: #657476)
- Catalan, thanks to Innocent De Marchi <tangram.peces@gmail.com>
(closes: #657489)
- Czech, thanks to Miroslav Kure <kurem@upcase.inf.upol.cz>
(closes: #657578)
- Swedish, thanks to Martin Bagge <brother@bsnet.se> (closes: #651349)
-- Steve Langasek <vorlon@debian.org> Sat, 28 Jan 2012 10:57:49 -0800
pam (1.1.3-6) unstable; urgency=low
* debian/patches-applied/hurd_no_setfsuid: we don't want to check all
setre*id() calls; we know that there are situations where some of these
may fail but we don't care. As long as the last setre*id() call in each
set succeeds, that's the state we mean to be in.
* debian/libpam0g.postinst: according to Kubuntu developers, kdm no longer
keeps libpam loaded persistently at runtime, so it's not necessary to
force a kdm restart on ABI bump. Which is good, since restarting kdm
now seems to also log users out of running sessions, which we rather
want to avoid. Closes: #632673, LP: #744944.
* debian/patches-applied/update-motd: set a sane umask before calling
run-parts, and restore the old mask afterwards, so /run/motd gets
consistent permissions. LP: #871943.
* debian/patches-applied/update-motd: new module option for pam_motd,
'noupdate', which suppresses the call to run-parts /etc/update-motd.d.
LP: #805423.
* debian/libpam0g.templates, debian/libpam0g.postinst: add a new question,
libraries/restart-without-asking, that allows admins to accept the
service restarts once for all so that they don't have to repeatedly
say "ok". LP: #745004.
* debian/libpam-runtime.templates, debian/local/pam-auth-update: add a
new 'title' template, so pam-auth-update doesn't give a blank title
when called outside of a maintainer script. LP: #882794.
-- Steve Langasek <vorlon@debian.org> Sun, 06 Nov 2011 19:43:14 -0800
pam (1.1.3-5) unstable; urgency=low
[ Kees Cook ]
* debian/patches-applied/pam_unix_dont_trust_chkpwd_caller.patch: use
setresgid() to wipe out saved-gid just in case.
* debian/patches-applied/008_modules_pam_limits_chroot:
- fix off-by-one when parsing configuration file.
- when using chroot, chdir() to root to lose links to old tree.
* debian/patches-applied/022_pam_unix_group_time_miscfixes,
debian/patches-applied/026_pam_unix_passwd_unknown_user,
debian/patches-applied/054_pam_security_abstract_securetty_handling:
improve descriptions.
* debian/patches-applied/{007_modules_pam_unix,055_pam_unix_nullok_secure}:
drop unneeded no-op change to reduce delta from upstream.
* debian/patches-applied/hurd_no_setfsuid: check all set*id() calls.
* debian/patches-applied/update-motd: correctly clear environment when
building motd.
* debian/patches-applied/pam_env-fix-overflow.patch: fix stack overflow
in environment file parsing (CVE-2011-3148).
* debian/patches-applied/pam_env-fix-dos.patch: fix DoS in environment
file parsing (CVE-2011-3149).
-- Steve Langasek <vorlon@debian.org> Thu, 27 Oct 2011 21:33:57 -0700
pam (1.1.3-4) unstable; urgency=low
* Make sure shared library links are also installed to the multiarch
directory, not just the .a files; otherwise the static libs get found
first by the linker. Thanks to Russ Allbery for catching this.
Closes: #642952.
-- Steve Langasek <vorlon@debian.org> Sun, 25 Sep 2011 22:33:55 +0000
pam (1.1.3-3) unstable; urgency=low
* Look for /etc/init.d/postgresql, not /etc/init.d/postgresql-8.{2,3},
for service restarts; the latter are obsolete since squeeze.
Closes: #631511.
* Move debian/libpam0g-dev.install to debian/libpam0g-dev.install.in
and substitute the multiarch path at build time, so our .a files go to
the multiarch dir instead of to /usr/lib. Thanks to Riku Voipio for
pointing out the bug.
* debian/control: adjust the package descriptions, as the current ones
use some awkward language that's gone unnoticed for a long time. Thanks
to Martin Eberhard Schauer <Martin.E.Schauer@gmx.de> for pointing this
out. Closes: #633863.
* Build-depend on debhelper 8.9.4 and bump debian/compat to 9 for
dpkg-buildflags integration, and drop manual setting of -g -O options in
CFLAGS now that we can let dh do it for us
* Don't set --sbindir when calling configure; upstream takes care of this
for us
-- Steve Langasek <vorlon@debian.org> Sat, 24 Sep 2011 20:08:56 +0000
pam (1.1.3-2) unstable; urgency=low
[ Kees Cook ]
* debian/patches-applied/027_pam_limits_better_init_allow_explicit_root:
- only report about unknown kernel rlimits when "debug" is set
(Closes: 625226, LP: #794531).
[ Steve Langasek ]
* Build for multiarch. Closes: #463420.
* debian/patches-applied/027_pam_limits_better_init_allow_explicit_root:
don't reset the process niceness for root; since it's root, they can
still renice to a lower nice level if they need to and changing the
nice level by default is unexpected behavior. Closes: #594377.
-- Steve Langasek <vorlon@debian.org> Tue, 21 Jun 2011 11:41:12 -0700
pam (1.1.3-1) unstable; urgency=low
* New upstream release.
- Fixes CVE-2010-3853, executing namespace.init with an insecure
environment set by the caller. Closes: #608273.
- Fixes CVE-2010-3316 CVE-2010-3430 CVE-2010-3431 CVE-2010-3435.
Closes: #599832.
* Port hurd_no_setfsuid patch to new pam_modutil_{drop,restore}_priv
interface; now possibly upstreamable
* debian/patches-applied/027_pam_limits_better_init_allow_explicit_root:
set a better default RLIMIT_MEMLOCK value for BSD kernels. Thanks to
Petr Salinger for the fix. Closes: #602902.
* bump the minimum version check in maintainer scripts for the restart
handling.
-- Steve Langasek <vorlon@debian.org> Sat, 04 Jun 2011 03:10:50 -0700
pam (1.1.2-3) unstable; urgency=low
[ Kees Cook ]
* 027_pam_limits_better_init_allow_explicit_root: load rlimit defaults
from the kernel (via /proc/1/limits), instead of continuing to hardcode
the settings internally. Fall back to internal defaults when the kernel
rlimits are not found. Closes: #620302. (LP: #746655, #391761)
* Updated debconf translations:
- Vietnamese, thanks to Clytie Siddall <clytie@riverland.net.au>
(closes: #601197)
- Dutch, thanks to Eric Spreen <erispre@gmail.com> (closes: #605592)
- Danish, thanks to Joe Dalton <joedalton2@yahoo.dk> (closes: #606739)
- Catalan, thanks to Innocent De Marchi <tangram.peces@gmail.com>
(closes: #622786)
-- Steve Langasek <vorlon@debian.org> Sun, 01 May 2011 01:49:11 -0700
pam (1.1.2-2) unstable; urgency=low
* debian/patches-applied/hurd_no_setfsuid: handle some new calls to
setfsuid in pam_xauth that I overlooked, so that the build works again
on non-Linux. Closes: #613630.
-- Steve Langasek <vorlon@debian.org> Wed, 16 Feb 2011 09:27:11 -0800
pam (1.1.2-1) unstable; urgency=low
* New upstream release.
- Add support for NSS groups to pam_group. Closes: #589019,
LP: #297408.
- Support cross-building the package. Thanks to Neil Williams
<codehelp@debian.org> for the patch. Closes: #284854.
* debian/rules: pass getconf LFS_CFLAGS so that we get a 64-bit rlimit
interface. Closes: #579402.
* Drop patches conditional_module,_conditional_man and
mkhomedir_linking.patch, which are included upstream.
* debian/patches/hurd_no_setfsuid: pam_env and pam_mail now also use
setfsuid, so patch them to be likewise Hurd-safe.
* Update debian/source.lintian-overrides to clean up some spurious
warnings.
* debian/libpam-modules.postinst: if any 'min=n' options are found in
/etc/pam.d/common-password, convert them on upgrade to 'minlen=n' for
compatibility with upstream.
* debian/NEWS: document the disappearance of 'min=n', in case users have
encoded this option elsewhere outside of /etc/pam.d/common-password.
* debian/patches/007_modules_pam_unix: drop compatibility handling of
'max=' no-op; use of this option will now log an error, as warned three
years ago.
* Bump Standards-Version to 3.9.1.
* Add lintian overrides for a few more spurious warnings.
* debian/patches-applied/no_PATH_MAX_on_hurd: define PATH_MAX for
compatibility when it's not already set. Closes: #552043.
* debian/local/pam-auth-update: Don't try to pass embedded newlines to
debconf; backslash-escape them instead and use CAPB escape.
* debian/local/pam-auth-update: sort additional module options before
writing them out, so that we don't wind up with a different config file
on every invocation. Thanks to Jim Paris <jim@jtan.com> for the patch.
Closes: #594123.
* debian/libpam-runtime.{postinst,templates}: since 1.1.2-1 is targeted
for post-squeeze, we don't need to support upgrades from 1.0.1-6 to
1.0.1-10 anymore. Drop the debconf error note about having configured
your system with a lack of authentication, so that translators don't
spend any more time on it.
* Updated debconf translations:
- Swedish, thanks to Martin Bagge <brother@bsnet.se> (closes: #575875)
-- Steve Langasek <vorlon@debian.org> Tue, 15 Feb 2011 23:21:41 -0800
pam (1.1.1-7) UNRELEASED; urgency=low
* Updated debconf translations:
- Italian, thanks to Nicole B. <damn3dg1rl@gmail.com> (closes: #602112)
-- Steve Langasek <vorlon@debian.org> Wed, 17 Nov 2010 16:53:46 -0800
pam (1.1.1-6.1) unstable; urgency=low
* Non-maintainer upload.
* Fix pending l10n issues. Debconf translations:
- Czech (Miroslav Kure). Closes: #598329
- Slovak (Ivan Masár). Closes: #600164
- Japanese (Kenshi Muto). Closes: #600247
- Finnish (Esko Arajärvi). Closes: #600641
-- Christian Perrier <bubulle@debian.org> Tue, 19 Oct 2010 07:30:49 +0200
pam (1.1.1-6) unstable; urgency=low
* Updated debconf translations:
- Swedish, thanks to Martin Bagge <brother@bsnet.se> (closes: #575875)
-- Steve Langasek <vorlon@debian.org> Sun, 05 Sep 2010 23:36:35 -0700
pam (1.1.1-5) unstable; urgency=low
* debian/rules: pass getconf LFS_CFLAGS so that we get a 64-bit rlimit
interface. Closes: #579402.
* Update debian/source.lintian-overrides to clean up some spurious
warnings.
* Bump Standards-Version to 3.9.1.
* Add lintian overrides for a few more spurious warnings.
* debian/patches-applied/no_PATH_MAX_on_hurd: define PATH_MAX for
compatibility when it's not already set. Closes: #552043.
* debian/local/pam-auth-update: Don't try to pass embedded newlines to
debconf; backslash-escape them instead and use CAPB escape.
* debian/local/pam-auth-update: sort additional module options before
writing them out, so that we don't wind up with a different config file
on every invocation. Thanks to Jim Paris <jim@jtan.com> for the patch.
Closes: #594123.
-- Steve Langasek <vorlon@debian.org> Sun, 05 Sep 2010 12:42:34 -0700
pam (1.1.1-4) unstable; urgency=low
* debian/patches/conditional_module,_conditional_man: if we don't have the
libraries required for building pam_tty_audit, we shouldn't install the
manpage either. LP: #588547.
* Updated debconf translations:
- Portuguese, thanks to Eder L. Marques <eder@edermarques.net>
(closes: #581746)
- Spanish, thanks to Javier Fernandez-Sanguino Peña <jfs@debian.org>
(closes: #592172)
- Galician, thanks to Jorge Barreiro <yortx.barry@gmail.com>
(closes: #592808)
* Don't pass --version-script options when linking executables,
only when linking libraries. Thanks to Julien Cristau
<jcristau@debian.org> for the fix. Closes: #582362.
-- Steve Langasek <vorlon@debian.org> Sun, 15 Aug 2010 21:53:46 -0700
pam (1.1.1-3) unstable; urgency=low
* pam-auth-update: fix a bug in our handling of module options when the
module name contains digits, caused by a buggy regexp. :/ Partially
addresses LP #369575.
* Install /sbin/pam_tally2 in the libpam-modules package; thanks to
Olivier BONHOMME <obonhomme@nerim.net> for reporting. Closes: #554010.
-- Steve Langasek <vorlon@debian.org> Sun, 25 Apr 2010 05:53:44 -0700
pam (1.1.1-2) unstable; urgency=low
* Document the new symbols added in 1.1.1 in debian/libpam0g.symbols, and
raise the minimum version for the service restarting code.
Closes: #568480.
-- Steve Langasek <vorlon@debian.org> Wed, 17 Feb 2010 23:21:23 -0800
pam (1.1.1-1) unstable; urgency=low
* New upstream version.
- restore proper netgroup handling in pam_access.
Closes: #567385, LP: #513955.
* Drop patches pam.d-manpage-section, namespace_with_awk_not_gawk, and
pam_securetty_tty_check_before_user_check, which are included upstream.
* debian/patches/026_pam_unix_passwd_unknown_user: don't return
PAM_USER_UNKNOWN on password change of a user that has no shadow entry,
upstream now implements auto-creating the shadow entry in this case.
* Updated debconf translations:
- French, thanks to Jean-Baka Domelevo Entfellner <domelevo@gmail.com>
(closes: #547039)
- Bulgarian, thanks to Damyan Ivanov <dmn@debian.org> (closes: #562835)
* debian/patches/sys-types-include.patch: fix pam_modutil.h so that it can
be included directly, without having to include sys/types.h first.
Closes: #556203.
* Add postgresql-8.3 to the list of services in need of restart on upgrade.
Closes: #563674.
* And drop postgresql-{7.4,8.1} from the list, neither of which is present
in stable.
* debian/patches/007_modules_pam_unix: recognize that *all* of the password
hashes other than traditional crypt handle passwords >8 chars in length.
LP: #356766.
-- Steve Langasek <vorlon@debian.org> Mon, 01 Feb 2010 02:04:33 -0800
pam (1.1.0-4) unstable; urgency=low
* debian/patches/pam_securetty_tty_check_before_user_check: new patch,
to make pam_securetty always return success on a secure tty regardless
of what username was passed. Thanks to Nicolas François
<nicolas.francois@centraliens.net> for the patch. Closes: #537848
* debian/local/pam-auth-update: only reset the seen flag on the template
when there's new information; this avoids reprompting users for the same
information on upgrade, regardless of the debconf priority used.
Closes: #544805.
* libpam0g no longer depends on libpam-runtime; packages that use
/etc/pam.d/common-* must depend directly on libpam-runtime, and most do
(including the Essential: yes ones), so let's break this circular
dependency. Closes: #545086, LP: #424566.
-- Steve Langasek <vorlon@debian.org> Mon, 14 Sep 2009 18:47:25 -0700
pam (1.1.0-3) unstable; urgency=low
* Bump debian/compat to 7, so we can use sane contents in debian/*.install
* Switch all packages over to dh_install
* Rename debian/*.lintian to debian/*.lintian-overrides and use dh_lintian
* Move installation logic out of debian/rules into individual .install
files
* Drop superfluous options to dh_installchangelogs, dh_shlibdeps
* Use debian/clean instead of rm -f'ing files in debian/rules clean target
* Drop ./configure options that are no-ops
* Drop the /lib/security/pam_unix_*.so symlinks, which have been deprecated
now for 10 years and are not used at all if pam-auth-update is in play.
* Drop the pam_rhosts_auth.so symlink as well, and document in NEWS.Debian
that this is now obsolete.
* Drop stale content from README.debian: some of this should have been in
NEWS.Debian instead (but is so old it's not worth putting it there now),
some of it is obsolete by the change in package VCS.
* Convert debian/rules to debhelper 7 and add versioned build-dependencies
on debhelper and quilt to suit.
* Drop CFLAGS that we don't need anymore (-fPIC, -D_REENTRANT,
-D_GNU_SOURCE).
* Explicitly add -O0 to CFLAGS when noopt is set.
* debian/patches/autoconf.patch: pull ltmain.sh in, to fix some spurious
library linkage in the modules.
* Move pam_cracklib manpage to the libpam-cracklib package, and add the
requisite Replaces
* Drop dh_makeshlibs -V; everything from lenny on should use the .symbols
file instead, making the shlibs redundant so we don't need to care what
version gets listed there.
-- Steve Langasek <vorlon@debian.org> Mon, 07 Sep 2009 18:47:45 -0700
pam (1.1.0-2) unstable; urgency=low
[ Steve Langasek ]
* debian/patches/pam_unix_dont_trust_chkpwd_caller.patch: fix this patch
to call setregid() instead of always returning an error on username
mismatch in unix_chkpwd, needed in the SELinux case and in some corner
cases with the broken_shadow option. Thanks to Michael Spang for the
analysis. Closes: #543589.
* fix the PAM mini-policy to not tell app maintainers that they don't need
to depend on libpam-modules if they reference modules from there.
* make libpam-runtime depend on libpam-modules (>= 1.0.1-6) - nothing else
guarantees that we have pam_unix available for use by pam-auth-update.
* Use /bin/sh instead of /bin/bash for libpam0g.postinst, since we've
confirmed there are no longer any bashisms there. Closes: #519973.
* Clean up the libpam0g postinst a bit; invoke-rc.d has been a guaranteed
interface for two stable release cycles now
* debian/patches/namespace_with_awk_not_gawk: fix the sample
namespace.init script's dependency on non-POSIX features of gawk, since
we don't use gawk by default. Closes: #518908.
* Updated debconf translations:
- German, thanks to Sven Joachim <svenjoac@gmx.de> (closes: #544464)
[ Kees Cook ]
* debian/local/common-password, debian/pam-configs/unix: switch from "md5"
to "sha512" as password crypt default.
-- Steve Langasek <vorlon@debian.org> Mon, 31 Aug 2009 14:21:27 -0700
pam (1.1.0-1) unstable; urgency=low
* New upstream version.
- pam_access no longer does DNS lookups when we know we're comparing
with a tty name or a service name. Closes: #376209.
- fixes for manpage spelling. Closes: #488690.
- fix evaluation of or'ed list of users in time.conf and group.conf.
Closes: #326407, #514423.
* Drop patches pam_unix_thread-safe_save_old_password.patch,
pam_env_ignore_garbage.patch, dont_freeze_password_chain,
pam_1.0.4_mindays, pam_mail-fix-quiet, pam_unix-chkpwd-wait, and
cve-2009-0887-libpam-pam_misc.patch, which are included upstream.
* Trim pam.d-manpage-section patch, which was mostly but not completely
applied upstream.
* Update debian/libpam0g.symbols for new extension.
* Bump the shlibs version as well, for our dpkg-shlibdeps fallback.
* And bump the version checks in the libpam-modules {pre,post}inst, so that
the necessary services get restarted for any modules that need the new
symbols.
* Add /sbin/mkhomedir_helper to libpam-modules.
* Document that pam_cracklib no longer checks /etc/security/opasswd.
Closes: #263767.
* debian/patches/007_modules_pam_unix: drop divergence from upstream
that treats "0" as a special value in various fields in /etc/shadow,
and document this in debian/NEWS. Thanks to Nicolas François
<nicolas.francois@centraliens.net> for the detailed analysis.
Closes: #308229.
* Updated debconf translations:
- French, thanks to Jean-Baka Domelevo Entfellner <domelevo@gmail.com>
(closes: #521266)
* Build with LDFLAGS=-Wl,-z,defs to guard against the possibility of
any undefined symbols (due to typos or otherwise) at build time.
Closes: #102311.
* On upgrade from versions before 1.1.0-1, if
/etc/pam.d/common-session-noninteractive has not been created (because
the user declined use of pam-auth-update), create it by copying
/etc/pam.d/common-session. Closes: #543401.
* debian/patches/fix-man-crud: new patch, fix "undefined macro" errors in
manpages caused by oddities of toolchain used when generating them
upstream.
-- Steve Langasek <vorlon@debian.org> Tue, 25 Aug 2009 20:35:26 -0700
pam (1.0.1-11) unstable; urgency=low
* debian/libpam-runtime.postinst: bump the --force version check to
1.0.1-11, to allow for a new common-session-noninteractive config file;
and include md5sum checking logic that will work the same with old
unmanaged and new managed /etc/pam.d/common-* files.
* debian/local/common-{auth,account,session,password}.md5sums: document
the known md5sums for the new managed files.
* debian/local/common-session-noninteractive{,.md5sums},
debian/local/pam-auth-update: split out a session-noninteractive include
file, so that we can at last distinguish between interactive and
non-interactive PAM sessions at a policy level. Closes: #169930,
LP: #287715.
* debian/local/pam-auth-update: prune md5sums for unsupported upgrade
paths (intrepid pre-release -> karmic/squeeze)
* Clean up the PAM mini-policy, which hasn't been touched in a number of
years and was looking a bit crufty
* debian/libpam-runtime.templates: correctly tag the URL as a
non-translatable string.
* Updated debconf translations:
- Swedish, thanks to Martin Bagge <brother@bsnet.se> (closes: #541399)
- Portuguese, thanks to Américo Monteiro <a_monteiro@netcabo.pt>
(closes: #541108)
- Russian, thanks to Yuri Kozlov <yuray@komyakino.ru> (closes: #541094)
-- Steve Langasek <vorlon@debian.org> Sun, 23 Aug 2009 18:07:11 -0700
pam (1.0.1-10) unstable; urgency=high
[ Steve Langasek ]
* Updated debconf translations:
- Finnish, thanks to Esko Arajärvi <edu@iki.fi> (closes: #520785)
- Russian, thanks to Yuri Kozlov <yuray@komyakino.ru> (closes: #521874)
- German, thanks to Sven Joachim <svenjoac@gmx.de> (closes: #521530)
- Basque, thanks to Piarres Beobide <pi+debian@beobide.net>
(closes: #524285)
* When no profiles are chosen in pam-auth-update, throw an error message
and prompt again instead of letting the user end up with an insecure
system. This introduces a new debconf template. Closes: #519927,
LP: #410171.
[ Kees Cook ]
* Add debian/patches/pam_1.0.4_mindays: backport upstream 1.0.4 fixes
for MINDAYS-Field regression (closes: #514437).
* debian/control: add missing misc:Depends for packages that need it.
[ Sam Hartman ]
* Remove conflicts information for transitions prior to woody release
* Fix lintian overrides for libpam-runtime
* Overrides for lintian finding quilt patches
* pam_mail-fix-quiet: patch from Andreas Henriksson
applied upstream to fix quiet option of pam_mail, Closes: #439268
[ Dustin Kirkland ]
* debian/patches/update-motd: run the update-motd scripts in pam_motd;
render update-motd obsolete, LP: #399071
[ Sam Hartman ]
* cve-2009-0887-libpam-pam_misc.patch: avoid integer signedness problem
(CVE-2009-0887) (Closes: #520115)
-- Steve Langasek <vorlon@debian.org> Thu, 06 Aug 2009 17:54:32 +0100
pam (1.0.1-9) unstable; urgency=low
* Move the pam module packages to section 'admin'.
* 027_pam_limits_better_init_allow_explicit_root: defaults need to be
declared as LIMITS_DEF_DEFAULT instead of LIMITS_DEF_ALL, otherwise
global limits will fail to be applied. LP: #314222.
-- Steve Langasek <vorlon@debian.org> Fri, 20 Mar 2009 19:48:47 -0700
pam (1.0.1-8) unstable; urgency=low
* Updated debconf translations:
- Bulgarian, thanks to Damyan Ivanov <dmn@debian.org> (closes: #518121)
- Spanish, thanks to Javier Fernandez-Sanguino Peña <jfs@debian.org>
(closes: #518214)
- Swedish, thanks to Martin Bagge <brother@bsnet.se> (closes: #518324)
- Vietnamese, thanks to Clytie Siddall <clytie@riverland.net.au>
(closes: #518329)
- Japanese, thanks to Kenshi Muto <kmuto@debian.org> (closes: #518335)
- Slovak, thanks to Ivan Masár <helix84@centrum.sk> (closes: #518341)
- Czech, thanks to Miroslav Kure <kurem@debian.cz> (closes: #518992)
- Portuguese, thanks to Américo Monteiro <a_monteiro@netcabo.pt>
(closes: #519204)
- Galician, thanks to Marce Villarino <mvillarino@users.sourceforge.net>
(closes: #519447)
- Romanian, thanks to Eddy Petrișor <eddy.petrisor@gmail.com>
(closes: #520552)
* 027_pam_limits_better_init_allow_explicit_root: set the RLIMIT_MEMLOCK
limit correctly to match the kernel default, which is not RLIM_INFINITY.
Closes: #472629.
-- Steve Langasek <vorlon@debian.org> Fri, 20 Mar 2009 18:15:07 -0700
pam (1.0.1-7) unstable; urgency=low
* 027_pam_limits_better_init_allow_explicit_root:
- fix the patch so that our limit resets are actually *applied*,
which has apparently been broken for who knows how long!
- shadow the finite kernel defaults for RLIMIT_SIGPENDING and
RLIMIT_MSGQUEUE as well, so that the preceding change doesn't
suddenly expose systems to DoS or other issues.
- include documentation in the patch, giving examples of how to set
limits for root. Thanks to Jonathan Marsden.
* pam-auth-update: swap out known md5sums from intrepid pre-release
versions with the md5sums from the released intrepid version
* pam-auth-update: set the umask, so we don't accidentally mark
/etc/pam.d/common-* unreadable. Thanks to Martin Krafft for catching.
Closes: #518042.
-- Steve Langasek <vorlon@debian.org> Tue, 03 Mar 2009 17:18:42 -0800
pam (1.0.1-6) unstable; urgency=low
* Updated debconf translations:
- Vietnamese, thanks to Clytie Siddall <clytie@riverland.net.au>
* New patch dont_freeze_password_chain, cherry-picked from upstream:
don't always follow the same path through the password stack on
the PAM_UPDATE_AUTHTOK pass as was used in the PAM_PRELIM_CHECK
pass; this Linux-PAM deviation from the original PAM spec causes a
number of problems, in particular causing wrong return values when
using the refactored pam-auth-update stack. LP: #303515, #305882.
* debian/local/pam-auth-update (et al): new interface for managing
/etc/pam.d/common-*, using drop-in config snippets provided by module
packages.
-- Steve Langasek <vorlon@debian.org> Sat, 28 Feb 2009 13:36:57 -0800
pam (1.0.1-5) unstable; urgency=low
* Build-conflict with libxcrypt-dev, which otherwise pulls libxcrypt in as
a dependency of libpam-modules if it's installed during the build.
Thanks to Larry Doolittle for catching.
* Don't refer to gnome-screensaver in the debconf template; it isn't
actually affected by the libpam symbol issue because it forks a separate
process to display the screensaver dialog.
* Have libpam-modules Pre-Depend on ${misc:Depends}, so that we can
warn users about needing to disable xscreensaver and xlockmore
before libpam-modules is unpacked. Closes: #502140, LP: #256238.
* Updated debconf translations for the new template:
- Italian, thanks to David Paleino <d.paleino@gmail.com>
- Simplified Chinese, thanks to Deng Xiyue
<manphiz-guest@users.alioth.debian.org> (closes: #510371)
- Portuguese, thanks to Américo Monteiro <a_monteiro@netcabo.pt>
- Swedish, thanks to Martin Bagge <brother@bsnet.se> (closes: #510379)
- Japanese, thanks to Kenshi Muto <kmuto@debian.org> (closes: #510380)
- Finnish, thanks to Esko Arajärvi <edu@iki.fi> (closes: #510382)
- Spanish, thanks to Javier Fernandez-Sanguino Peña <jfs@debian.org>
(closes: #510389)
- Galician, thanks to Marce Villarino <mvillarino@gmail.com>
- Slovak, thanks to helix84 <helix84@centrum.sk> (closes: #510412)
- Bulgarian, thanks to Damyan Ivanov <dmn@debian.org>
- Czech, thanks to Miroslav Kure <<kurem@upcase.inf.upol.cz>
(closes: #510608)
- French, thanks to Steve Petruzzello <dlist@bluewin.ch>
- German, thanks to Sven Joachim <svenjoac@gmx.de> (closes: #510617)
- Basque, thanks to Piarres Beobide <pi+debian@beobide.net>
(closes: #510699)
- Russian, thanks to Yuri Kozlov <yuray@komyakino.ru> (closes: #510701)
- Turkish, thanks to Mert Dirik <mertdirik@gmail.com> (closes: #510707)
-- Steve Langasek <vorlon@debian.org> Tue, 06 Jan 2009 00:05:13 -0800
pam (1.0.1-4) unstable; urgency=high
* High-urgency upload for RC bugfix.
[ Julien Cristau ]
* pam_unix-chkpwd-wait: don't assume that the unix_chkpwd process exits
normally; if it was killed by a signal, we don't want to accept the
password. Closes: #495879.
[ Steve Langasek ]
* 007_modules_pam_unix: update the manpage at the same time as the xml
source (grr, autogenerated files in source packages). Closes: #495804.
* 055_pam_unix_nullok_secure: also don't call the helper at all from
_unix_blankpasswd when we can detect that null passwords are disallowed,
to avoid causing spammy logs on successful authentications.
Closes: #496620.
* debian/rules: call chgrp *before* calling chmod, lest the sgid bit
on unix_chkpwd be cleared during the build when using -rsudo.
Closes: #496983.
-- Steve Langasek <vorlon@debian.org> Thu, 28 Aug 2008 22:59:23 -0700
pam (1.0.1-3) unstable; urgency=high
* 055_pam_unix_nullok_secure: don't call _pammodutil_tty_secure with a NULL
tty argument, since this will cause our helper to segfault instead of
returning a useful value. Thanks to Troy Davis for the report.
Closes: #495806.
-- Steve Langasek <vorlon@debian.org> Wed, 20 Aug 2008 11:55:47 -0700
pam (1.0.1-2) unstable; urgency=low
* 007_modules_pam_unix: update the documentation to correctly document
the default minimum password length is 6, not 1.
* Look for cups instead of cupsys as an init script name when restarting
services; thanks to Stephen Olander-Waters for pointing this out.
Closes: #492977.
* Update the Debian PAM mini-policy to remove references to the
long-obsolete pam_pwdb, and clarify the relationship between pam_stack
and @include.
* Drop various bits of unused cruft from the debian/ directory.
* Drop libpam-runtime.preinst, only used for upgrades from woody to sarge
to deal with modified conffiles.
* Build-Conflict with libdb4.2-dev, which satisfies the libdb-dev
build-dependency but causes pam_userdb to be silently omitted.
Closes: #493574.
* 054_pam_security_abstract_securetty_handling: move the warning log about
an insecure tty back to pam_securetty proper; we don't want to generate
log messages every time pam_unix is called as non-root.
Closes: #493283. As a side-effect, pam_unix no longer logs any warnings
about NULL password + insecure tty, but I don't think this is critical.
-- Steve Langasek <vorlon@debian.org> Fri, 08 Aug 2008 10:47:26 -0700
pam (1.0.1-1) unstable; urgency=low
* New upstream version.
- pam_limits: bound RLIMIT_NICE from below. Closes: #403718.
- pam_mail: set the MAIL variable even when .hushlogin is set.
Closes: #421010.
- new minclass option introduced for pam_cracklib. Closes: #454237.
- fix a failure to check the string length when matching usernames in
pam_group. Closes: #444427.
- fix setting shell security context in pam_selinux. Closes: #451722.
- use --disable-audit, to avoid libaudit being linked in
accidentally
- pam_unix now supports SHA-256 and SHA-512 password hashes.
Closes: #484249, LP: #245786.
- pam_rhosts_auth is dropped upstream (closes: #382987); add a compat
symlink to pam_rhosts to support upgrades for a release, and give a
warning in NEWS.Debian.
- new symbol in libpam.so.0, pam_modutil_audit_write; shlibs bump, and
do another round of service restarts on upgrade.
- pam_unix helper is now called whenever an unprivileged process
tries and fails to query a user's account status. Closes: #367834.
* Drop patches 006_docs_cleanup, 015_hurd_portability,
019_pam_listfile_quiet, 024_debian_cracklib_dict_path, 038_support_hurd,
043_pam_unix_unknown_user_not_alert, 046_pam_group_example,
no_pthread_mutexes, limits_wrong_strncpy, misc_conv_allow_sigint.patch,
pam_tally_audit.patch, 057_pam_unix_passwd_OOM_check, and
065_pam_unix_cracklib_disable which have been merged upstream.
* Patch 022_pam_unix_group_time_miscfixes: partially merged upstream;
now is really just "pam_group_miscfixes".
* Patch 007_modules_pam_unix partially superseded upstream; stripping
hpux-style expiry information off of password fields is now supported.
* New patch pam_unix_thread-safe_save_old_password.patch, to make sure all
our getpwnam() use in pam_unix is thread-safe (fixes an upstream
regression)
* New patch pam_unix_fix_sgid_shadow_auth.patch, fixing an upstream
regression which prevents sgid shadow apps from being able to authenticate
any more because the module forces use of the helper and the helper won't
allow authentication of arbitrary users. This change does mean we're
going to be noisier for the time being in an SELinux environment, which
should be addressed but is not a regression on Debian.
* New patch pam_unix_dont_trust_chkpwd_caller.patch, rolling back an
upstream change that causes unix_chkpwd to assume that setuid(getuid())
is sufficient to drop permissions and attempt any authentication on
behalf of the user.
* The password-changing helper functionality for SELinux systems has been
split out into a separate unix_update binary, so at long last we can
change unix_chkpwd to be sgid shadow instead of suid root.
Closes: #155583.
- Update the lintian override to match.
* Install the new unix_update helper into libpam-modules.
* Use a pristine upstream tarball instead of repacking; requires various
changes to debian/rules and debhelper files.
* Replace the Vcs-Svn field with a Vcs-Bzr field; jumping ship from svn,
and how!
* Debconf translations:
- Romanian, thanks to Igor Stirbu <igor.stirbu@gmail.com>
(closes: #491821)
* Add libpam0g.symbols, for finer-grained package dependencies with
dpkg-gensymbols.
* Fix debian/copyright to list the known copyright holders
* Fix up the doc-base sections for the libpam-doc documentation, "Apps"
should not be part of the section name
* Also fix up whitespace issues in the doc-base abstracts
* Fix a typo in the libpam0g-dev description.
* 027_pam_limits_better_init_allow_explicit_root: RLIM_INFINITY is also
invalid for RLIMIT_NOFILE, so when resetting the limits for a new session,
use the kernel default of 1024 instead. Closes: #404836.
* Create /etc/environment on initial install of libpam-modules (or on
upgrade from an old version), to quell warnings in the logs about it
being missing. Closes: #442049.
* 026_pam_unix_passwd_unknown_user: drop a redundant, and broken, check for
the NSS source of our user; this was preventing password changes for NIS
users, which otherwise should have worked. Closes: #203222, LP: #9224.
* New patch do_not_check_nis_accidentally: respect the 'nis' option
(set or unset) when looking up the user's password entry for password
changes. Thanks to Quentin Godfroy <godfroy@clipper.ens.fr> for the
patch. Closes: #469635.
* Drop patch 049_pam_unix_sane_locking, which upon review is not needed;
it reduces the length of time we hold the lock, but at the expense of
being able to enforce minimum times between password changes.
* debian/watch: upstream has hit 1.0, so we're no longer in a "pre"
directory. Fix up the regex for uscan.
* Fix the libpam0g-dev examples directory to not include a gratuitous
.cvsignore file.
* New patch, pam.d-manpage-section, to fix the manpage references to
point to section 5 instead of section 8.
* Update patch PAM-manpage-section to fix the references to pam(7) from
other manpages. Closes: #470137.
* Add debian/README.source documenting that this package uses quilt.
* Bump Standards-Version to 3.8.0.
* Fix a bug in the uid-restoring code in the hurd_no_setfsuid patch; thanks
to Tomas Mraz <tmraz@redhat.com> for indirectly bringing this to my
attention
-- Steve Langasek <vorlon@debian.org> Mon, 28 Jul 2008 13:56:26 -0700
pam (0.99.7.1-7) unstable; urgency=medium
* Medium-urgency upload for RC bugfix
* Debconf translations:
- Italian, thanks to David Paleino <d.paleino@gmail.com> (closes: #483913)
- Slovak, thanks to Ivan Masár <helix84@centrum.sk> (closes: #488908)
- Turkish, thanks to Mert Dirik <mertdirik@gmail.com> (closes: #490880)
- Basque, thanks to Piarres Beobide <pi+debian@beobide.net>
(closes: #473975)
* Drop the 'XS' from Vcs-Svn/Vcs-Browser, since these are now officially
recognized fields.
* Add a Homepage field. Closes: #473338.
* Drop -DCRACKLIB_DICTS from CFLAGS, since the referenced define is no
longer provided by cracklib2-dev 2.8 and above. This requires a
build-dependency on the corresponding version of libcrack2-dev.
Closes: #490236.
-- Steve Langasek <vorlon@debian.org> Mon, 21 Jul 2008 11:49:59 -0700
pam (0.99.7.1-6) unstable; urgency=low
* Debconf translations:
- Updated Vietnamese, thanks to Clytie Siddall <clytie@riverland.net.au>
(closes: #444437)
- Updated Spanish, thanks to Javier Fernández-Sanguino Peña
<jfs@debian.org> (closes: #444479)
- Updated German, thanks to Sven Joachim <svenjoac@gmx.de>
(closes: #444566)
- Galician, thanks to Jacobo Tarrio <jtarrio@trasno.net> (closes: #444758)
- Updated Czech, thanks to Miroslav Kure <kurem@upcase.inf.upol.cz>
(closes: #445022)
- French, thanks to Cyril Brulebois <cyril.brulebois@enst-bretagne.fr>
(closes: #445869)
- Japanese, thanks to Kenshi Muto <kmuto@debian.org> (closes: #446584)
- Dutch, thanks to Bart Cornelis <cobaco@skolelinux.no> (closes: #448930)
- Basque, thanks to Piarres Beobide <pi@beobide.net> (closes: #457042)
- Updated Finnish, thanks to Esko Arajärvi <edu@iki.fi> (closes: #458264)
- Swedish, thanks to Christer Andersson <klamm@comhem.se>
(closes: #457674)
* Make sure the "audit" option is specified in octal instead of in decimal,
so that it doesn't randomly set other options. Thanks to Corey Wright
<undefined@pobox.com> for the catch. Closes: #446327.
-- Steve Langasek <vorlon@debian.org> Sun, 16 Mar 2008 02:06:28 -0700
pam (0.99.7.1-5) unstable; urgency=low
* More lintian overrides, related to debconf prompting in the postinst
* Debconf translations:
- Brazilian Portuguese, thanks to Eder L. Marques <frolic@debian-ce.org>
(closes: #440385)
- Russian, thanks to Yuri Kozlov <kozlov.y@gmail.com>
(closes: #440390, #440953, #444039)
- Bulgarian, thanks to Damyan Ivanov <dam@modsoftsys.com>
(closes: #441863)
- Finnish, thanks to Esko Arajärvi <edu@iki.fi> (closes: #443720)
- Simplified Chinese, thanks to Ming Hua
<minghua-guest@users.alioth.debian.org> (closes: #443924)
- Updated Portuguese, thanks to Américo Monteiro <a_monteiro@netcabo.pt>
- Updated Vietnamese, thanks to Clytie Siddall <clytie@riverland.net.au>
(closes: #440800)
- Updated German, thanks to Sven Joachim <svenjoac@gmx.de>
- Updated Spanish, thanks to Javier Fernández-Sanguino Peña
<jfs@debian.org>
- Updated Czech, thanks to Miroslav Kure <kurem@debian.cz>
(closes: #441325)
* Further cleanups of 007_modules_pam_unix -- don't use a global variable
for pass_min_len, don't gratuitously move the length checking into the
"obscure" checks, and internationalize the error strings.
* Stop overriding the built-in default minimum password length in
/etc/pam.d/common-password, and also drop the "max" option which has now
been obsoleted.
* Fix up the comments in /etc/pam.d/common-password to make it clear that
the options are specific to pam_unix. Closes: #414559.
* Patch 038: fix another thinko in the getline handling. Closes: #442276.
* If there are active X logins, don't restart kdm, wdm, and xdm by default;
instead, display a debconf error if they haven't been restarted.
Closes: #441843.
* Drop the local patch for Linux capabilities in pam_limits; Linux
capabilities are not generally useful in a PAM context, and the PAM
capabilities patch has been broken through much of its life.
Closes: #440130.
* -Wl,-z,defs was never enabled correctly, drop it since upstream is
already using -no-undefined
* Pass --build and --host args to ./configure as necessary, for
cross-building support.
-- Steve Langasek <vorlon@debian.org> Fri, 28 Sep 2007 00:17:00 -0700
pam (0.99.7.1-4) unstable; urgency=low
* libpam0g.postinst, libpam0g.templates: gdm doesn't need to be restarted
to fix the library skew, only reloaded; special-case this daemon in the
postinst and remove the mention of it from the debconf template, also
tightening the language of the debconf template in the process.
Closes: #440074.
* Add courier-authdaemon to the list of services that need to be
restarted; thanks to Micah Anderson for reporting.
* New patch pam_env_ignore_garbage.patch: fix pam_env to really skip over
garbage lines in /etc/environment and log an error, instead of failing
with an obscure error; and ignore any PAM_BAD_ITEM values returned
by pam_putenv(), since this is the expected error return when trying
to delete a non-existent var. Closes: #439984.
* Yet another thinko in hurd_no_setfsuid and in
029_pam_limits_capabilities; this code should really be Hurd-safe at
last...
* getline() returns -1 on EOF, not 0; check this appropriately, to fix
an infinite loop in pam_rhosts_auth. Thanks to Stephan Springl
<springl-rhosts@bfw-online.de> for the fix. Closes: #440019.
* Use ${misc:Depends} for libpam0g, so we get a proper dependency on
debconf.
* 019_pam_listfile_quiet: per discussion with upstream, don't suppress
errors about missing files or files with wrong permissions; these are
real errors that should not be buried.
* Drop the remainder of 061_pam_issue_double_free, not required for the
original bugfix.
* Drop patch 064_pam_unix_cracklib_dictpath, which is not needed now that
we define CRACKLIB_DICTS in debian/rules.
* Drop patch 063_paswd_segv, superseded by a different upstream fix
* Split 047_pam_limits_chroot_string_value up between
008_modules_pam_limits_chroot and 029_pam_limits_capabilites
* Updates to patch 007_modules_pam_unix: restore the same built-in min
password len of 6 that upstream uses; fix a typo panlindrome ->
palindrome.
* The 'max=' option was never intended to be used to limit maximum password
length for users, only to declare what the number of significant
characters /is/ for a password. But we don't need a config option to
tell us that, we know the answer based on which crypt type we're using,
so drop this as a config file option. Closes: #389197.
* Debconf translations:
- Spanish, thanks to Javier Fernández-Sanguino Peña <jfs@debian.org>
- Vietnamese, thanks to Clytie Siddall <clytie@riverland.net.au>
- German, thanks to Sven Joachim <svenjoac@gmx.de> (closes: #440355)
- Czech, thanks to Miroslav Kure <kurem@upcase.inf.upol.cz>
(closes: #440362)
- Portuguese, thanks to Américo Monteiro <a_monteiro@netcabo.pt>
(closes: #440368)
-- Steve Langasek <vorlon@debian.org> Fri, 31 Aug 2007 17:11:05 -0700
pam (0.99.7.1-3) unstable; urgency=low
* New patch limits_wrong_strncpy: fix unnecessary manipulations of string
buffers, including an illegal use of strncpy(). Thanks to Paul Hampson
for reporting. Closes: #331278.
* New patch misc_conv_allow_sigint.patch: allow SIGINT to be handled by the
application, instead of blocking it when misc_conv is in use and
preventing users from being able to ^C at any PAM prompt. Closes: #1708.
* 024_debian_cracklib_dict_path: default to NULL instead of a specific
dictionary path when none is defined for consistency with the new upstream
version of cracklib, and define our path in debian/rules.
* 055_pam_unix_nullok_secure: document the pam_unix "nullok_secure" option,
a prereq for forwarding this patch upstream. Closes: #325974.
* Create /etc/security/opasswd on new installs or on upgrades from
0.99.7.1-2 or below, so that users that enable the remember=<n> option to
pam_unix aren't left unable to change passwords. Closes: #95324.
* Fix a couple of thinkos in hurd_no_setfsuid, that were preventing the code
from compiling on the Hurd still. Thanks to Michael Banck for the catch.
* Fix a memory leak in the pam_limits capabilities patch: always
cap_free() the cap_t before returning from pam_sm_open_session().
Closes: #153157.
* libpam0g.postinst, libpam0g.templates: on upgrades from versions
prior to 0.99.7.1-3, restart known PAM-using services so that they
get the new libpam symbols, since otherwise the newer PAM modules
will fail to load. Postinst taken from libssl0.9.8; thanks to
Christoph Martin for the fine example! Closes: #439835.
* Build-depend on po-debconf to support l10n of the debconf questions
from the above.
-- Steve Langasek <vorlon@debian.org> Tue, 28 Aug 2007 06:33:33 -0700
pam (0.99.7.1-2) unstable; urgency=low
* New upstream release; thanks to Roger Leigh and Jan Christoph Nordholz
for their extensive work in helping to prepare for this update in Debian.
Closes: #360460.
- now uses autoconf for library detection, so SELinux should not be
unconditionally enabled on non-Linux archs. Closes: #333141.
- pam_mail notice handling has been completely reworked, so there should
no longer be missing spaces in the messages. Closes: #119689.
- with libtool and autoconf, now behaves "sensibly" on unknown
platforms. Closes: #165067.
- the source now builds without warnings. Closes: #212165.
- uses automake instead of hand-rolled makefiles with indentation
bugs. Closes: #241661, #328084.
- pam_mkhomedir now creates directories recursively as needed.
Closes: #178225.
- pam_listfile now supports being used as a session module too.
Closes: #416665.
- misspelled pam_userdb log message has been corrected. Closes: #305058.
- the current pam_strerror manpage no longer mentions "Unknown
Linux-PAM error". Closes: #220157.
- the text documentation no longer uses ANSI bold sequences.
Closes: #181451.
- pam_localuser now supports being used as a session module.
Closes: #412484.
- package no longer fails to build with dash as /bin/sh.
Closes: #331208.
- All modules should now be documented in the system administrator
guide. Closes: #350620.
- pam_userdb now logs an error instead of segfaulting when no db=
option is provided. Closes: #436005.
- pam_time now warns on a missing tty instead of erroring out,
making it possible to use the module with non-console services.
Closes: #127931.
- upstream changelog is now 'ChangeLog' instead of 'CHANGELOG'; install
accordingly
- bump the shlibs
- the 'test.c' example no longer exists
- add /usr/share/locale to libpam-runtime.
- CVE-2005-2977: only uid=0 is allowed to invoke unix_chkpwd with an
arbitrary username, and then only when SELinux is active.
Closes: #336344.
* Mark myself as primary maintainer as previously discussed with Sam, and
add Roger as an uploader.
* Refactor to use quilt.
* Update to Standards-Version 3.7.2.
* Drop unnecessary build-dependency on patch, which is
build-essential (and no longer invoked directly).
* Drop patches 002_debian_no_ldconfig_call, 010_pam_cplusplus,
018_man_fixes, 030_makefile_link_against_libpam,
037_pam_issue_ttyname_can_be_null, 044_configure_supports_bsd,
050_configure_in_gnu and 052_pam_unix_no_openlog, which have been
superseded upstream.
* Drop patches 005_pam_limits_099_6,
012_pam_group_less_restrictive_charset, 023_pam_env_limits_miscfixes,
048_pam_group_colon_valid_char, 058_pam_env_enable, 059_pam_userdb_segv,
060_pam_tally_segv and 062_c++_safe_headers, which have been integrated
upstream.
* Patch 057: SELinux support is merged upstream, leaving only an
unrelated OOM check for pam_unix_passwd. Rename as
057_pam_unix_passwd_OOM_check.
* Patches 006, 008, 036: update for the switch from SGML to XML.
* Patch 007: update for the switch from SGML to XML; drop some log
messages that were already added upstream; update for the pam_modutil
changes; tighten the flag handling of the 'obscure' option; drop bogus
check in unix_chkpwd for null passwords. Also fix a grammar error
along the way. Closes: #362855.
* Patch 024: CRACKLIB_DICTPATH is no longer set in configure.in, so patch
pam_cracklib.c instead to use the default dictpath already available
from crack.h; and patch configure.in to use AC_CHECK_HEADERS instead
of AC_CHECK_HEADER, so crack.h is actually included. Also remove
unnecessary string copies, which break on the Hurd due to PATH_MAX.
* Patch 038: partially merged/superseded upstream; also add new Hurd
fix for pam_xauth.
* Patch 061: partially merged upstream
* Use ${binary:Version} instead of ${Source-Version} in
debian/control.
* Remove empty maintainer scripts debian/libpam0g-dev.{postinst,prerm},
debian/libpam0g.{postinst,prerm}, and
debian/libpam-modules.{postinst,prerm}; debhelper can autogenerate these
just fine without our help.
* Build-Depend on xsltproc, libxml2-utils, docbook-xml, docbook-xsl
and w3m instead of on linuxdoc-tools, linuxdoc-tools-latex, tetex-extra,
groff, and opensp.
* Also build-depend on flex for libfl.a.
* Updates for documentation handling:
- move debian/local/pam-*-guide to debian/libpam-doc.doc-base.foo-guide,
and invoke dh_installdocs instead of installing these by hand.
- drop libpam-doc.{postinst,prerm}, which are no longer needed.
- add an install target to debian/rules, and have binary-indep depend on
it instead of trying to install doc files individually from the source
tree
- consequently, drop libpam-doc.dirs as well which is no longer needed
and no longer accurate
- add debian/libpam-doc.install for moving the docs to the right place,
and also replace libpam-runtime.files with libpam-runtime.install;
for the moment this means we're using both dh_movefiles and
dh_install...
- libpam0g.docs: install the Debian-PAM-MiniPolicy from here, further
cleaning up debian/rules
* Drop debian/libpam0g.links, no longer needed because upstream now has a
working install target which creates the library symlinks
* Add libpam-modules.links: create pam_unix_{acct,auth,passwd,session}.so
symlinks by hand, no longer provided upstream.
* debian/patches-applied/PAM-manpage-section: "PAM" is not a daemon, manpage
belongs in section 7, not in section 8.
* Actually ship the pam, pam.conf, and pam.d manpages in libpam-runtime.
* debian/patches-applied/autoconf.patch: move all changes to autotools
generated files into a single patch at the end of the stack.
- don't touch configure in debian/rules, the quilt patch takes care
of this for us.
* New patch 064_pam_unix_cracklib_dictpath: correctly define
CRACKLIB_DICTS, since this is not defined by configure. Thanks to Jan
Christoph Nordholz.
* New patch 065_pam_unix_cracklib_disable: Debian-specific patch to disable
cracklib support in pam_unix. Thanks to Christoph Nordholz.
* debian/rules:
- Rename OS_CFLAGS to CFLAGS.
- kill off references to unused variables
- make binary-arch also depend on the install target, and streamline the
rules
- fix up the clean target to not ignore errors; thanks to Roger Leigh
- drop the local module_check target in favor of using -Wl,-z,defs
in LDFLAGS to enforce correct linkage of all objects at build time
* Drop debian/local/unix_chkpwd.8 in favor of the upstream manpage.
* libpam-modules.files: /usr/sbin/pam_tally has moved to /sbin/pam_tally
for consistency.
* Update to debhelper V5.
* Don't ship Makefiles as part of the libpam0g-dev examples.
* libpam-modules.manpages, libpam-runtime.manpages, libpam0g-dev.manpages:
put all the manpages in the correct packages. Closes: #411812,
#62193, #313486, #300773, #330545, #184270.
* Drop libpam{0g,0g-dev,-modules,-runtime}.dirs, not needed for anything
because we aren't trying to ship empty directories in the packages
* Build-Conflict with fop, to avoid unreproducible builds of pdf
documentation from a tool in contrib.
* libpam-cracklib should depend on a real wordlist package, per policy;
use wamerican as the default.
* Drop local/pam-undocumented.7 from the package, since we no longer have
a reason to ship it
* Add lintian overrides for known false-positives
* Conflicts/Replaces/Provides libpam-umask, now included upstream.
Closes: #436222.
* Upstream no longer marks unix_chkpwd suid-root for us, so set the perms
by hand in debian/rules. In the process, unix_chkpwd is now writable
by the owner, as expected by policy. Closes: #368100.
* Migrate from db4.3 to db4.6; once again, no administrator action should
be needed for upgrading on-disk database formats. Closes: #354309.
* Add XS-Vcs-Svn and XS-Vcs-Browser fields to debian/control; thanks to
Laurent Bigonville for the hint. Closes: #439038.
* Add a watch file for use with uscan; thanks to Laurent Bigonville for
this patch as well. Closes: #439040.
* Rewrite of 031_pam_include, fixing a memory leak and letting us drop
patch 056_no_label_at_end; thanks to Jan Christoph Nordholz
<hesso@pool.math.tu-berlin.de> for this much-improved version!
* New patch no_pthread_mutexes: don't use pthread mutexes in
pam_modutil functions, they're not needed because pam handles
themselves should not be used concurrently by multiple threads and
using pthreads causes problems for portable linking.
* New patch hurd_no_setfsuid: if we don't have sys/fsuid.h, work around
using setreuid instead.
-- Steve Langasek <vorlon@debian.org> Sun, 26 Aug 2007 19:15:09 -0700
pam (0.79-4) unstable; urgency=medium
* Medium-urgency upload; at least one RC bugfix, but also a
significant number of changes, hence not urgency=high.
* Move libpam-modules and libpam0g to Section: libs and libpam-runtime
to section: admin, to match the overrides in the archive.
* Move old changelog entries (well, entry) that don't follow the current
format to debian/changelog.old, since there's no way to figure out a
timestamp for an 8-year-old upload, and this is the most effective
way to clear a glut of lintian warnings.
* Fix the formatting of the libpam-cracklib package description.
* Patch 010: remove parts of the patch that aren't necessary for C++
compatibility.
* Patch 060: fix a segfault in pam_tally caused by misuse of
pam_get_data(); already fixed upstream. Closes: #335273.
* Patch 061: fix a double free in pam_issue, caused by overuse (and misuse)
of strdup (similar to patch 059). Already fixed upstream.
Closes: #327272.
* Don't build-depend on libselinux1-dev and libcap-dev on kfreebsd archs.
Closes: #352329.
* Patch 005: sync pam_limits with upstream:
- support "-" (unlimited) for all limit types except process priority.
- support the additional aliases "-1", "unlimited", and "infinity" for
clearing the limits; closes: #122400, #149027.
- restrict the range of process priority, login count, and system login
count settings to (INT_MIN,INT_MAX) (heh).
- special-case RLIM_INFINITY when applying multipliers to values from
the config.
- document maxsyslogins in the default limits.conf; closes: #149883.
- use the current process priority as a default instead of resetting to
0; closes: #241663.
- add support for (and document) new RLIMIT_NICE and RLIMIT_RTPRIO
settings in Linux 2.6.12 and above; closes: #313542, #313588.
- allow imposing limits on uid=0.
* Patch 027: only set RLIM_INFINITY as the default for the limits where
we know this is sensible, so that recompiling in an environment with new
limits doesn't create a security hole -- as happened with RLIMIT_NICE and
RLIMIT_RTPRIO! Thanks to Ville Hallik for the initial patch.
Closes: #388431.
* Patch 029, 047: Fix up the broken pam_limits capabilities patch so it
actually works -- which may well be a first... Closes: #318452.
-- Steve Langasek <vorlon@debian.org> Mon, 23 Oct 2006 05:36:08 -0700
pam (0.79-3.2) unstable; urgency=low
* Non-maintainer upload to fix important bug, that makes passwd segfault
when CTRL-D is pressed at the password prompt. Applied the patch
provided by Dann Frazier. (Closes: #360657)
-- Margarita Manterola <marga@debian.org> Sat, 5 Aug 2006 02:11:22 -0300
pam (0.79-3.1) unstable; urgency=low
* Non-maintainer upload.
* Linux-PAM/libpamc/include/security/pam_client.h,
Linux-PAM/libpamc/pamc_converse.c: Apply patch from
latest upstream version to remove redefinition of internal
glibc/libstdc++ types. Closes: #344447.
-- Roger Leigh <rleigh@debian.org> Sun, 5 Feb 2006 21:46:59 +0000
pam (0.79-3) unstable; urgency=low
* Patch 059
- Fix a segfault in pam_userdb when the new "crypt=" option
is unset, as will be the case for all existing users; already fixed
upstream. Closes: #330829.
- Fix a memory leak in the same code due to gratuitous strdup()s.
* Further regression in pam_env: don't treat a missing /etc/environment
as a fatal error, either. Amend patch 058 accordingly. Closes: #330852.
-- Steve Langasek <vorlon@debian.org> Fri, 30 Sep 2005 01:17:53 -0700
pam (0.79-2) unstable; urgency=low
The ".c.o: rm -rf $@" release
* Fix debian/rules so that make clean doesn't remove ./configure when the
timestamp on configure.in is newer (!).
* Switch pam_userdb from db3 to db4.3, which according to the libdb
maintainers should require no manual intervention for upgrading on-disk
database formats. Closes: #165068.
* Patch 058: yes, of course we want to read /etc/environment by
default. Grr! Revert upstream change which disables this for no
apparent reason (closes: #330458).
* Tweak selinux rootok code to use the version of the function call that
doesn't pollute namespace
-- Steve Langasek <vorlon@debian.org> Tue, 27 Sep 2005 02:44:36 -0700
pam (0.79-1) unstable; urgency=low
* New upstream version (closes: #284954, #300775).
- includes some fixes for typos (closes: #319026).
- pam_unix should now be LSB 3.0-compliant (closes: #323982).
- fixes segfaults in libpam on config file syntax errors
(closes: #330097).
* Drop patches 000_bootstrap, 004_libpam_makefile_static_works,
011_pam_access, 013_pam_filter_termio_to_termios, 017_misc_fixes,
025_pam_group_conffile_name, 028_pam_mail_delete_only_when_set,
033_use_gcc_not_ld, 034_pam_dispatch_ignore_PAM_IGNORE,
035_pam_unix_security, 039_pam_mkhomedir_no_maxpathlen_required,
041_call_bootstrap, 042_pam_mkhomedir_dest_not_source_for_errors,
051_32_bit_pam_lastlog_ll_time, and
053_pam_unix_user_known_returns_user_unknown which have been
integrated upstream.
* Merge one last bit of patch 053 into patch 043, where it should have
been in the first place
* Patch 057: SELinux support:
- add support to pam_unix for copying SELinux security contexts when
writing out new passwd/shadow files and creating lockfiles
- support calling unix_chkpwd if opening /etc/shadow fails due to
SELinux permissions
- allow unix_chkpwd to authenticate for any user when in an SELinux
context (hurray!); we depend on SELinux policies to prevent the
helper's use as a brute force tool
- also support querying user expiration info via unix_chkpwd
- misc cleanup: clean up file descriptors when invoking unix_chkpwd
(closes: #248310)
- make pam_rootok check the SELinux passwd class permissions, not just
the uid
- add new pam_selinux module (closes: #249499)
* Build-depend on libselinux1-dev.
* Fix pam_getenv, so that it can read the actual format of /etc/environment
instead of trying to read it using the syntax of
/etc/security/pam_env.conf; thanks to Colin Watson for the patch.
Closes: #327876.
* Set LC_COLLATE=C when using alphabetic range expressions in
debian/rules; bah, so *that's* what kept happening to my README file
when trying to build out of svn! Closes: #295296.
* Add a reference to the text of the GPL to debian/copyright.
-- Steve Langasek <vorlon@debian.org> Sun, 25 Sep 2005 22:08:20 -0700
pam (0.76-23) unstable; urgency=low
* Fix Gcc 3.4 compilation, Closes: #259634
* Note that pam.conf is not read if /etc/pam.d exists, Closes: #248928
* Fix typo in pam_env.conf, Closes: #277633
-- Sam Hartman <hartmans@debian.org> Sun, 10 Jul 2005 16:42:25 -0400
pam (0.76-22) unstable; urgency=medium
* Add uploaders
* Document location of repository
* Fix options containing arguments in pam_unix, Closes: #254904
-- Sam Hartman <hartmans@debian.org> Mon, 28 Jun 2004 14:28:08 -0400
pam (0.76-21) unstable; urgency=medium
* Fix patch 055 again because -20 was broken and didn't actually fix the
problem.
-- Sam Hartman <hartmans@debian.org> Tue, 4 May 2004 21:37:38 -0400
pam (0.76-20) unstable; urgency=medium
* Update to patch 55 to only check securetty when we are sure the
password is null, Closes: #243698
* Medium urgency because the version now in testing has confusing and
verbose log messages.
* Include pam_getenv script which hopefully will be used by some people
somewhere for some purpose
-- Sam Hartman <hartmans@debian.org> Wed, 28 Apr 2004 22:51:18 -0400
pam (0.76-19) unstable; urgency=low
* Oops, too busy testing the upgrade from woody to make sure the upgrade
from -16 to -18 worked. Thanks to all those who reported,
Closes: #243413
-- Sam Hartman <hartmans@debian.org> Tue, 13 Apr 2004 16:08:54 -0400
pam (0.76-18) unstable; urgency=low
* Manipulate conffiles to avoid unnecessary prompt in woody to sarge
upgrade, Closes: #218318
-- Sam Hartman <hartmans@debian.org> Sat, 10 Apr 2004 18:10:35 -0400
pam (0.76-17) unstable; urgency=low
* common-password now includes length restrictions and cracklib
examples, Closes: #227681, #237537
* Patch 054: abstract out the logic from pam_securetty to determine if a
tty is in /etc/securetty into a library function
* Patch 55: Add nullok_secure option to pam_unix. If set, then null
passwords are accepted from terminals in /etc/securetty.
* common-auth now includes nullok_secure, Closes: #228114
-- Sam Hartman <hartmans@debian.org> Sun, 4 Apr 2004 23:10:11 -0400
pam (0.76-16) unstable; urgency=low
* Patch 51 from the x86-64 folks to support 32-bit ll_time in
pam_lastlog even if time_t is 64-bits
* Don't call openlog in pam_unix (patch 52), Closes: #213566
* Return PAM_USER_UNKNOWN for unknown users in pam_unix (patch 53), Closes: #204506
-- Sam Hartman <hartmans@debian.org> Tue, 23 Mar 2004 22:26:04 -0500
pam (0.76-15) unstable; urgency=low
* Fix description of libpam-runtime, Closes: #209755
* Fix description of libpam-cracklib, Closes: #210014
* Depend on libc6-dev|libc-dev not libc6-dev, Closes: #212354
* Clean up binaries, Thanks Russell, Closes: #212158
* Depend on sufficiently new cracklib2-dev, Closes: #214092
* Treate GNU/* as GNU for OS variable to make pam_limits compile,
(patch 050) Closes: #220980
* No longer build-depend on latex2html, Closes: #221318
* Allow : in tty specification for pam_group, (patch 048) Closes: #220439
* Pull in locking patch from Linux-PAM CVS; this ended up causing
021_pam_nis_locking to be reworked and that patch now no longer
contains locking fixes, but just NIS cleanup in general. See
049_pam_unix_sane_locking for the locking changes, Closes: #220158
-- Sam Hartman <hartmans@debian.org> Mon, 12 Jan 2004 02:23:59 -0500
pam (0.76-14) unstable; urgency=low
* Pull in NMU diff from 13.1, Closes: #186011
* Split out common-password into its own file, Closes: #207497
* Make other a conffile again and update to @include stuff
* Add missing symlink, Closes: #196605
* Remove undocumented manpages
* Update PAM mini-policy
-- Sam Hartman <hartmans@debian.org> Mon, 1 Sep 2003 18:08:54 -0400
pam (0.76-13.1) unstable; urgency=low
* NMU with maintainer's permission.
* Add three new config files (/etc/pam.d/common-{auth,account,session})
to libpam-runtime. Other packages which depend on libpam-runtime
can now @include these files from their own PAM configs.
* Convert /etc/pam.d/other from a conffile to a non-conffile config
file. Closes: #186011.
* Remove empty libpam-runtime.prerm script (debhelper will autocreate if needed)
-- Steve Langasek <vorlon@debian.org> Tue, 19 Aug 2003 19:41:03 -0500
pam (0.76-13) unstable; urgency=low
* Nope, that dependency didn't work, so let's remove it. If we run into other module versioning issues, I now have an arm build environment to debug with. Closes: #198618
-- Sam Hartman <hartmans@debian.org> Mon, 7 Jul 2003 00:22:34 -0400
pam (0.76-12) unstable; urgency=low
* Fix group.conf example, (patch 046) Closes: #197080
* Ignore module return value in jumps, (patch 045) Closes: #176693
* Accept string value for chroot limit, thanks Andrei Pelinescu-Onciul,
Patch (047), Closes: #196903
* Depend on libpam-modules instead of conflicting with older versions.
This creates a circular dependency between libpam0g and
libpam-modules. James says this works fine; we hope he's right.
Closes: #196949
-- Sam Hartman <hartmans@debian.org> Sat, 21 Jun 2003 17:19:29 -0400
pam (0.76-11) unstable; urgency=low
* Don't allow db4 to satisfy build-depends because it doesn't actually
work, and sometimes building with it would be wrong.
* Don't depend on libpcap-dev on Debian BSD
* Conflict with old libpam-modules, Closes: #191906
* Incorrect username should not be logged at alert (patch 43),
Closes: #175900
* Patch to support FreeBSD (patch 44, thanks Robert), Closes: #191906
-- Sam Hartman <hartmans@debian.org> Sat, 31 May 2003 19:55:26 -0400
pam (0.76-10) unstable; urgency=low
* Don't double list conffiles, Closes: #190954
* Only install example sources not executables, Closes: #185286
* Display correct directory in error message for pam_mkhomedir, patch
042 thanks to Akira TAGOH, Closes: #165240
* Don't log EPERM when setting NOFILE limit as Linux doesn't let you
set that to -1, Closes: #180310
* Add newline to end of distributed time.conf, Closes: #172229
* Up our standards version and support noopt in DEB_BUILD_OPTIONS
-- Sam Hartman <hartmans@debian.org> Sat, 3 May 2003 22:28:37 -0400
pam (0.76-9) unstable; urgency=low
* Fix pam_rhosts hurd patch so it actually works, Closes: #172914
* Fix patch 040 not to clobber errno when logging the error fails,
Closes: #172186
* Fix dependency for linuxdoc-tools, Closes: #173097
-- Sam Hartman <hartmans@debian.org> Sun, 15 Dec 2002 17:10:58 -0500
pam (0.76-8) unstable; urgency=low
* Have makefile appropriately depend on bootstrap-libpam
* Install pam minipolicy, Closes: #167798
* Don't segfault if ttyname is null; this avoids the segfault but does
not actually make pam_issue useful for ssh. I believe the way
pam_issue works is fundamentally incompatible with what sshd expects
from PAM (patch 037), Closes: #153152
* We actually fixed passwords containing , in 0.76-6, but failed to
document it. They do work, Closes: #164713
* Note that /etc/pam.d/other is a fall back for each service
* Patches from Michal 'hramrach' Suchanek" <hramrach_l@centrum.cz> to
make HURD work, Closes: #165066 (patch 038 and 039)
* Don't depend on gs and other doc prep tools for build-depends, just
build-depends-indep, Closes: #165065
* Patch from Eric Anderson <anderse@hpl.hp.com> to log failures of
setrlimit (patch 040), Closes: #169836
* Build pam_limits on hurd, Closes: #165190
-- Sam Hartman <hartmans@debian.org> Sun, 24 Nov 2002 22:04:28 -0500
pam (0.76-7) unstable; urgency=low
* Fix handling of pam_ignore in case where we're skipping modules;
update to patch 034
-- Sam Hartman <hartmans@debian.org> Sun, 20 Oct 2002 21:49:22 -0400
pam (0.76-6) unstable; urgency=low
* The "No, I don't think I actually want any of what upstream is
smoking" release
* If this were already in testing, this would be an severity emergency
upload
* pam_unix currently treats * in shadow file as no password not
disabled; major security issue; fixed in upstream CVS, (patch 035) Closes: #164659
* OK, I think this actually fixes the rest of the manpage symlinks,
Closes: #163839, #164298
* You don't want to use getlogin for pam_wheel because utmp may be wrong or for xterm have no entry, pull forward patch from the 0.72 packages (patch 036), Closes: #163787
-- Sam Hartman <hartmans@debian.org> Tue, 15 Oct 2002 10:44:56 -0400
pam (0.76-5) unstable; urgency=low
* Fix library links from 0.75 to 0.76
* Ignore PAM_IGNORE in _pam_dispatch_aux (patch 34), Closes: #163841
* Fix man page symlinks, Closes: #163839
-- Sam Hartman <hartmans@debian.org> Fri, 11 Oct 2002 01:08:06 -0400
pam (0.76-4) unstable; urgency=low
* Upstream correctly states that one should use gcc not ld when
linking and then hapilly proceeds to actually use ld, fixed, Closes: #163711
* Remove experimental warning from readme, Closes: 163742
-- Sam Hartman <hartmans@debian.org> Mon, 7 Oct 2002 23:45:53 -0400
pam (0.76-3) unstable; urgency=low
* Oops, let's try building -fpic. This currently builds everything
-fpic which is somewhat wrong, but doing more than that requires
significant build system hacking (touch every makefile for dynamic
objects), so it will wait, Closes: #163600
-- Sam Hartman <hartmans@debian.org> Sun, 6 Oct 2002 23:33:12 -0400
pam (0.76-2) unstable; urgency=low
* Link against appropriate libraries so we find the symbols we need,
Closes: #162175
* The if everyone's going to complain when I upload broken software to
experimental release, I might as well upload to unstable and give them
something worth actually complaining about release.
* Also the remove the scourge of dbs release
* Include patch 034 from the 0.72 packages, meaning that we've included
all the patches we need before release
* Reject the patch to pam_wheel as I cannot find out what reasonable
thing it was trying to do and it seemed broken
* libpam-cracklib should depend on wordlist so it actually works;
thanks Olaf Meeuwissen,
Closes: #112965
* Merge build-depends and build-depends-indep because I'm a bad person
and was too lazy to make docs build in a separate pass. I'll deal in
a few versions.
-- Sam Hartman <hartmans@debian.org> Sun, 6 Oct 2002 18:52:13 -0400
pam (0.76-1) experimental; urgency=low
* New upstream version
* Upstream includes fix to not break cron, Closes: 160566
* New Upstream correctly handles priority < 0 for pam_limits, Closes: #126251
* .cvsignores removed, Closes: #159961
-- Sam Hartman <hartmans@debian.org> Sun, 22 Sep 2002 16:11:35 -0400
pam (0.75-3) experimental; urgency=low
* Apply patch 027 pam_limits so that we initialize to wide open not
current limits.
* In pam_mail, don't complain about deleting environment variable if
we never set it, Closes: #58429
* Don't set default max procs limit in pam_limits, Closes: #116874
* libpam-runtime now arch all since it has no arch-specific files,
Closes: #132545
* Update mini policy to reflect confusion on debian-devel
-- Sam Hartman <hartmans@debian.org> Tue, 16 Jul 2002 09:30:50 -0400
pam (0.75-2) experimental; urgency=low
* Fix pam_userdb to build and to build against db3, fixes patch 020
* Fix upstream makefile so pam_group has valid configuration, closes: #148657
* time.conf reference to logoutd removed, closes: #143801
* The static library contains all the appropriate symbols in this
version. You may find the complete lack of PAM modules somewhat
frustrating; currently the static pam library is only useful if you
register your own modules. Fixing this would require annoying hacking
on the upstream build system, closes: #103495
* unix_chkpwd.8 typo fixes thanks to dancer@anthill.echidna.id.au,
Closes: #139949
* Since we're working on the new upstream version, we also have the new docs, closes: #147763
* Patch from Martin Schwenke <martin@meltin.net> to only change
passwords in pam_unix when they exist in the password file; hopefully
does not break NIS, closes: #135990
* Another patch from Martin to return PAM_USER_UNKNOWN if we ever
actually do get into the password changing routine only to find that
we have no password to change, closes: #135604
* .cvsignore no longer installed, closes: #120795
* We're using debhelper 3, just in time to be obselete, Closes: #93414
-- Sam Hartman <hartmans@debian.org> Sat, 8 Jun 2002 18:04:40 -0400
pam (0.75-1) experimental; urgency=low
* Preliminary test packages
* New upstream version
* Hopefully works mostly the same as 0.72 except for upstream bug
fixes and for the fact that pam_limits is fairly broken right now.
* If it breaks you are lucky if you get to keep both pieces release.
-- Sam Hartman <hartmans@debian.org> Sat, 25 May 2002 22:57:57 -0400
pam (0.72-35) unstable; urgency=medium
* Fix like_auth to make libpam-krb5 and libpam-heimdal actually useful,
patch from RISKO Gergely , closes: #126251
-- Sam Hartman <hartmans@debian.org> Mon, 21 Jan 2002 15:20:22 -0500
pam (0.72-34) unstable; urgency=medium
* Note that HOME may not be useful in pam_environment, closes: #109281
* Don't smash case domains (groups/users) in pam_limits, closes: #119893
* Remove double the from description, closes: #107705
* Fix typo on mail message, closes: #119689
* Medium since these are small fixes that should go into woody
-- Sam Hartman <hartmans@debian.org> Fri, 23 Nov 2001 21:24:20 -0500
pam (0.72-33) unstable; urgency=low
* Fix pam_mail to look in /var/mail not /var/spool/mail, thanks mjb.
-- Sam Hartman <hartmans@debian.org> Thu, 11 Oct 2001 15:44:32 -0400
pam (0.72-32) unstable; urgency=medium
* This should probably get into testing before freeze; medium.
* Patch from Volker Stolz to fix bug in previous pam_group patch,
closes: #111854
-- Sam Hartman <hartmans@debian.org> Sat, 22 Sep 2001 06:32:29 -0400
pam (0.72-31) unstable; urgency=low
* Add support for credential reinitialization in pam_group, closes: #108697
-- Sam Hartman <hartmans@debian.org> Fri, 31 Aug 2001 13:16:39 -0400
pam (0.72-30) unstable; urgency=low
* Include patch from robbe@orcus.priv.at to build pam_limits on hurd,
closes: #103556
* Start installing limits.conf for hurd (may not work quite right)
-- Sam Hartman <hartmans@debian.org> Mon, 16 Jul 2001 09:35:51 -0400
pam (0.72-29) unstable; urgency=low
* Correctly declare uint32 type for ia64, closes: #104584
-- Sam Hartman <hartmans@debian.org> Sat, 14 Jul 2001 01:30:39 -0400
pam (0.72-28) unstable; urgency=low
* Fix scanf string so pam_limits chroot works, closes: #100812
* Only log unknown user at warning, not alert, closes: #95220
* By default do complete matches not substring matches for pam_time.
You can include explicit wildcard for substring, closes: #66152
-- Sam Hartman <hartmans@debian.org> Tue, 3 Jul 2001 17:31:45 -0400
pam (0.72-27) unstable; urgency=low
* Fix typo in last patch
-- Sam Hartman <hartmans@debian.org> Mon, 25 Jun 2001 18:27:42 -0400
pam (0.72-26) unstable; urgency=low
* Block SIGCHLD when calling unix password verification program, patch from mdz@debian.org, fixes pam part of #97977
-- Sam Hartman <hartmans@debian.org> Mon, 25 Jun 2001 08:47:12 -0400
pam (0.72-25) unstable; urgency=medium
* Depend on opensp, working around #89063, closes: #100125
* This is urgency medium to get docs back into testing.
-- Sam Hartman <hartmans@debian.org> Fri, 8 Jun 2001 11:44:12 -0400
pam (0.72-24) unstable; urgency=low
* New NIS double locking and root password patch from Philippe Troin
<phil@fifi.org>, fixes bug in unreleased patch submitted for
0.72-23. Also improves changing root password so it does something;
ongoing discussion on whether this is right.
-- Sam Hartman <hartmans@debian.org> Mon, 21 May 2001 08:06:05 -0400
pam (0.72-23) unstable; urgency=low
* Patch from Benoit Gaussen <ben@trez42.net> , Don't trim from , to end
of string in user input, only trim from salt
grabbed from passwd file, closes: #96779
* Fix NIS double locking, closes: #96736
-- Sam Hartman <hartmans@debian.org> Wed, 16 May 2001 15:46:34 -0400
pam (0.72-22) unstable; urgency=low
* Fix pam.8 to be pam.7, closes: #92874
-- Sam Hartman <hartmans@debian.org> Tue, 17 Apr 2001 23:04:04 -0400
pam (0.72-21) unstable; urgency=low
* Don't depend on libcap for hurd, closes: #91998
* Don't list scurity/limits.conf as a conffile for hurd
-- Sam Hartman <hartmans@debian.org> Mon, 9 Apr 2001 12:30:18 -0400
pam (0.72-20) unstable; urgency=low
* Install pam-undocumented in -runtime not -dev, closes: #93063
* Mark pam-runtime as replacing files from -dev in case you installed
-19 and have pam-undocumented in the wrong place
-- Sam Hartman <hartmans@debian.org> Fri, 6 Apr 2001 06:38:15 -0400
pam (0.72-19) unstable; urgency=low
* New maintainer, closes: #92353
* Install pam-undocumented; somehow it was not installed in -18
-- Sam Hartman <hartmans@debian.org> Wed, 4 Apr 2001 21:32:17 -0400
pam (0.72-18) unstable; urgency=low
* pam_securetty: log failed tty checks. Normally this was only done if
the "debug" option was on...do it regardless now, closes: #89390
* Get rid of log message for when "root" is not applied to group checks.
closes: #88825
* Add quiet option to pam_listfile, closes: #84428
* pam(8) should be pam(7), pam.conf(8) should be pam.conf(5), closes:
#89322
* Added groff to Build-Depends-Indep, closes: #88794
-- Ben Collins <bcollins@debian.org> Sun, 25 Mar 2001 21:40:32 -0500
pam (0.72-17) unstable; urgency=low
* Fixed login in pam_limits where the max logins could be ignored.
-- Ben Collins <bcollins@debian.org> Fri, 9 Mar 2001 09:14:48 -0500
pam (0.72-16) unstable; urgency=low
* New pam limits cap patch from Topi Miettinen
<Topi.Miettinen@koti.tpo.fi>, closes: #88401, #88406, #88525, #88399,
#86197
* pwdb no longer used, closes: #59917
* fix patch 023 for gethostbyname build failure, closes: #86156
* Make sure unix_chkpwd gets installed as suid root, closes: #88519
* Fix whatis parse of manpages, closes: #86203
* pam_listfile, fix arg parsing when arg does not contain '=', closes:
#86070
-- Ben Collins <bcollins@debian.org> Sun, 4 Mar 2001 22:45:58 -0500
pam (0.72-15) unstable; urgency=low
* Doh, added build-depends for libcap, closes: #85352
* Change section of libpam-cracklib from admin to libs to match
overrides.
-- Ben Collins <bcollins@debian.org> Fri, 9 Feb 2001 09:06:40 -0500
pam (0.72-14) unstable; urgency=low
* Added fix to pam_access for gethostname decleration. closes: #82100
* Just name the lib/security directory instead of all the modules
seperately for dh_movefiles. closes: #76119
* Fix pam_env corruption, closes: #66849, #77229
* Add patch to allow recursive /etc/skel copy in pam_mkhomedir, closes:
#67211
* remove dh_suidregister call, added conflict for old suidregister
package
* Applied patch for Linux capabilities in pam_limits, closes: #74176
* pam_issue.so works for me, without segv, and even with escapes. This
is with login. Note, things like pam_issue do not work with ssh simply
because ssh is not able to work in that way (does not support
arbiitrary conversations). So if you want it to work there, file a bug
on ssh, not on libpam-modules. closes: #77228
* unix_chkpwd: check for NULL password, closes: #69960
-- Ben Collins <bcollins@debian.org> Thu, 8 Feb 2001 11:06:03 -0500
pam (0.72-13) unstable; urgency=low
* Fix grammar in pam_source.sgml, closes: #78959
* pam_undocumented.7: Fix escaped 's, closes: #75987
* Fix build ordering, closes: #71442, #80397, #77017
* Applied Hurd patch, closes: #76119
* Use gcc for linking, not ld. closes: #71941
* Pretty sure this was fixed, closes: #67172
* Applied spealang fixes to Debian-mini-policy. closes: #80249
* Applied patch to allow devfs style terminal devices with pam_group,
closes: #77661
* Could not reproduce, even using md5 passwords. User, if you still have
* this problem, you need to tell me with what service (login, which I
tested, sshd, telnet, etc...) and also send me the entire pam.d file
for that service. closes: #76087
* Fixed awhile back, closes: #72858
* Closing this since I am not going to include any modules in this
package that aren't in upstream. If someone else wants to package
these modules seperately, they can do so. closes: #69550
* For correct usage, pam_wheel.so should be used with "sufficient" and
not "required". This is documented. If you use "required", then you
must also use the "trust" option, but that doesn't give you the
results you want. closes: #76236
-- Ben Collins <bcollins@debian.org> Sun, 31 Dec 2000 05:38:23 -0500
pam (0.72-12) frozen unstable; urgency=low
* Recompile against db2 for glibc change
* Add db2 to build-deps
-- Ben Collins <bcollins@debian.org> Wed, 27 Sep 2000 12:08:11 -0400
pam (0.72-11) frozen unstable; urgency=low
* Removed all traces of pwdb in packages. libpwdb has been removed from
the archive. This means that the pam_pwdb and pam_radius modules are
no longer available (from the libpam-pwdb package).
* doc/modules/pam_wheel.sgml: Really spell out that being a member of a
group meands the user is listed in /etc/group, closes: #69242
* doc/*: s/PAM_AUTHOK_RECOVERY_ERR/PAM_AUTHOK_RECOVER_ERR/g,
closes: #64473
* pam_wheel: PAM does not distinguish it, the libc calls make the
distinction. The users gid is returned in their passwd info, while
getgrent() returns only the members of the group listed in /etc/group.
This is ok, because if it's really that important, you can actually
have it in both places. The fact that it's documented should suffice
in making this clear, closes: #69236
* Sorry, but seperate modules generally need to be packaged seperately.
I don't want to overload this package with everyone's pet module, so I
have to put my foot down, closes: #61759
* Actually, I'm going to move in Woody to make packages depend more on
the defaults in /etc/pam.d/other, so that admins have less to
maintain. For one, all packages should not have a password service
listed, closes: #70000 (YAY! I got the 70k rollover bug number!)
* Sorry, I can't include this. "," is a legitimate char in a password
salt/hash. If you can code up something that is super intelligent
about lenghts of the field, I can go for it, maybe, closes: #59459
* modules/pam_limits: Added chroot feature patch, closes: #61090
* modules/pam_access: Allow last field to contain ':', closes: #67291
* modules/pam_limits: Allow explicit limits for root, closes: #62448
* modules/pam_unix: Do not zero old/new password fields, libpam does
this itself, and doing so in the module breaks stacking,
closes: #66270
* modules/pam_group: Allow alpha *and* numeric in tty field (duh),
closes: #63752
* modules/pam_access: Enable NIS, closes: #64854
* libpam0g-dbg: removed, useless anyway
-- Ben Collins <bcollins@debian.org> Wed, 30 Aug 2000 18:39:32 -0400
pam (0.72-10) frozen unstable; urgency=low
* Update build depends
* Fixed logic for showing non-existent user names when auth failed in
pam_unix.so, closes: #67786 (thanks to Jim Breton for being patient in
helping track this down). It would sometimes show them, even if we
didn't want to.
-- Ben Collins <bcollins@debian.org> Thu, 27 Jul 2000 09:17:08 -0400
pam (0.72-9) frozen unstable; urgency=low
* pam_unix: do not call obscure_msg() of pass_old is NULL,
closes: #65321
* pam_access: check for from[0] == '\0' so that tty logic is actually
used, closes: #65401
-- Ben Collins <bcollins@debian.org> Wed, 14 Jun 2000 11:38:35 -0400
pam (0.72-8) frozen unstable; urgency=low
* Build depends added in previous version, closes: #60817, #61439
* Allow use of ":0" in group.conf, closes: #61966
* Added syslog entry to notify that a user succesfully changed their
password, closes: #61724
* Make pam_unix compatible with HP-UX style NIS+ password information,
patch from ldaffner@rsn.hp.com, closes: #61942
* If "audit" is not enabled, don't let pam_unix print the names of
unknown users for auth attempts, closes: #61942
* Fixed ttyname() parsing in pam_access to match that of the old shadow
access.conf s,/dev/,, closes: #61644
* Set some sane defaults for pam_limits.so instead of carrying over
potentially bad defaults, patch from Peter Paluch
<peterp@frcatel.fri.utc.sk> closes: #63230
* Allow explicit (e.g. specified specifically for) limits for root,
patch from Topi Miettinen <Topi.Miettinen@nic.fi>, closes: #62448
* Added information to time.conf about logoutd, which is now enabled via
this file.
* cracklib maintainer claims this isn't a bug, closes: #54180
* fixed control syntax handling which was causing segfaults, closes: #62237
-- Ben Collins <bcollins@debian.org> Sat, 29 Apr 2000 11:39:59 -0400
pam (0.72-7) frozen unstable; urgency=low
* pam_limits: fix parsing of users which explicitly removes limits,
closes: #59911, #60287
* Added build-depends
-- Ben Collins <bcollins@debian.org> Mon, 20 Mar 2000 16:06:28 -0500
pam (0.72-6) frozen unstable; urgency=low
* Remove conflict for libpam0g-util from libpam0g and put it in
libpam-runtime. This should fix a problem with upgrades that apt
experiences, closes: #58677
-- Ben Collins <bcollins@debian.org> Mon, 28 Feb 2000 14:05:28 -0500
pam (0.72-5) frozen unstable; urgency=low
* Added obscure password checks to pam_unix. Required for shadow to be
able to emulate the pre-PAM setup (referenced in a bug on passwd).
* Applied patch from #57800 to fix NIS/NIS+ shadow accounting checks,
closes: #57800, #58164
* Fixed two typos in the PAM System Administrators Guide,
closes: #56578, #56587
-- Ben Collins <bcollins@debian.org> Mon, 28 Feb 2000 10:58:09 -0500
pam (0.72-4) frozen unstable; urgency=low
* unix_chkpwd: check for NULL on stdin aswell as 0 reads, closes: #56375
* pam_unix/Makefile: removed bashism, closes: #56370
* fixed in shadow upload, closes: #49832
-- Ben Collins <bcollins@debian.org> Sat, 29 Jan 2000 00:27:28 -0500
pam (0.72-3) unstable; urgency=low
* Added cpluplus wraps in all the headers, closes: #53653
-- Ben Collins <bcollins@debian.org> Sun, 2 Jan 2000 15:15:40 -0500
pam (0.72-2) unstable; urgency=low
* Well, this is an odd one. A recompile fixes it. So it must have been a
problem from linking with 0.71 when this is version 0.72. All of this
build daemons seem to have compiled the latest 0.72, so this should be
resolved after this gets recompiled on all of them, closes: #51619, #49584
* This is from a very old version (0.56) of libpam0. It is not relevant
to the latest version, closes: #47162
-- Ben Collins <bcollins@debian.org> Sun, 26 Dec 1999 09:10:13 -0500
pam (0.72-1) unstable; urgency=low
* New upstream source release, lots of patches merged upstream (thanks
Andrew).
* libpam-doc: now provides pam-doc, closes: #45631
* cleanups to the build system
* shlibs.local: bumped shlib deps
-- Ben Collins <bcollins@debian.org> Tue, 14 Dec 1999 11:17:36 -0500
pam (0.71-3) unstable; urgency=low
* Debian-PAM-MiniPolicy: new document describing how PAM is implemented
in Debian
-- Ben Collins <bcollins@debian.org> Fri, 26 Nov 1999 17:26:40 -0500
pam (0.71-2) unstable; urgency=low
* pam_listfile: lstat -> stat, closes: #49833
* pam_tally: install the pam_tally program, closes: #50314
* debian/control: libpam-modules, replaces libpam0g-util, closes: #50716
-- Ben Collins <bcollins@debian.org> Thu, 25 Nov 1999 21:02:23 -0500
pam (0.71-1) unstable; urgency=low
* New upstream release, merges lots of patches from the Debian source,
also merges the pam_{motd,mkhomedir,issue} modules into the main
source. Lots of minor bugs fixed, and compiler warnings
* pam_mail: Reimplemented the authentication handlers, so now this works
as both (changes nothing in Debian, but was required to get the patch
accepted upstream)
* general: Lots of small edits to fix compiler warnings
* pam_userdb: fixed potential usage of an unitialized value as
PAM_AUTHTOK, doesn't look particularly exploitable, but better safe
than sorry
-- Ben Collins <bcollins@debian.org> Mon, 8 Nov 1999 19:21:52 -0500
pam (0.70-4) unstable; urgency=low
* pam_wheel/pam_wheel.c: change to use getpwuid(getuid()) by default, so
avoid the problems associated with getlogin()
-- Ben Collins <bcollins@debian.org> Mon, 1 Nov 1999 13:33:10 -0500
pam (0.70-3) unstable; urgency=low
* Applied patch from Herbert Xu to enable PAM_CONV_AGAIN support in
pam_ftp, closes: #47288
-- Ben Collins <bcollins@debian.org> Wed, 13 Oct 1999 13:25:21 -0400
pam (0.70-2) unstable; urgency=low
* 100_pam_pwdb_security_fix: new patch fixes security problem with
regard to NIS accounts
-- Ben Collins <bcollins@debian.org> Wed, 13 Oct 1999 11:42:41 -0400
pam (0.70-1) unstable; urgency=low
* New upstream release
* Seems there were a lot of fixes merged/matches upstream, looks good,
(maybe it's time I start sending my patches in, since the maintainer
is active again).
* libpamc: new library (libpam client library), this actually used to be
in the Debian packages for a few versions, but it was removed upstream.
Guess what, it's back :)
-- Ben Collins <bcollins@debian.org> Sun, 10 Oct 1999 01:07:43 -0400
pam (0.69-11) unstable; urgency=low
* {pwdb,unix}_chkpwd.8: fixed format to get rid of "no whatis" warnings
from mandb, closes: #47004
* pam_unix.sgml: new file, documents the pam_unix.so module,
closes: #46511
-- Ben Collins <bcollins@debian.org> Sat, 9 Oct 1999 12:41:58 -0400
pam (0.69-10) unstable; urgency=low
* libpam/pam_item.c: fixed debug message being in wrong place
* 013_pam_issue: new patch, provides issue file parsing for PAM
applications (helps to replace lost functionality in login).
-- Ben Collins <bcollins@debian.org> Wed, 6 Oct 1999 20:30:17 -0400
pam (0.69-9) unstable; urgency=low
* Fix typo in pam_mail.so module's "no" return
-- Ben Collins <bcollins@debian.org> Sun, 3 Oct 1999 15:08:56 -0400
pam (0.69-8) unstable; urgency=low
* docs/modules/pam_mkhomedir.sgml: Fixed module name
* changed build system structure
* libpam/Makefile: add -lcrypt to the linked libs, closes: #46104
* increase shlib deps to 0.69-7, closes: #45801
* pam_motd.c: close motd file after reading, closes: #46122
* pam_motd.c: fix setting \0 in the wrong place when motd file is
zero length, closes: #45686, #45632
* pam_unix_acct.c: allow '0' to denote disabled for some expiry fields
since chage(1) documents it this way, closes: #45446
* pam_mail.c|modules/pam_mail.sgml: added 2 options, one "standard" to
give the old style "You have ..." response and "quiet" which only
reports new mail for both formats, documented both options,
closes: #45670
* with the new pam_unix module, this bug is fixed, closes: #42230
* pam_limits.c: make sure that we not only ignore limits on root, we
also remove them just in case we are su'ing from a limited user to
the root account (since as root they can remove the limits anyway),
closes: #35302
-- Ben Collins <bcollins@debian.org> Sun, 3 Oct 1999 12:07:28 -0400
pam (0.69-7) unstable; urgency=low
* debian/rules: fixed module_check
* pam_env/pam_env.c: fixed env parsing to include values wrapped in ''
and also allow continued lines with a trailing '\'.
* pam_motd,pam_mail: converted to session modules, so that they could
be ordered with the lastlog module
* updated default pam.d/login to reflect above change (now login looks
the same as the non-PAM version, lastlog, then motd, and then mail
check)
* pam_motd: removed extraneous \n from output
* modules/pam_limits/pam_limits.c: Fixed parsing of lines with only
"domain -", which was documented as being able to get rid of limits
for that user or group.
* debian/control: (libpam-cracklib) Added depends for cracklib-runtime,
closes: #45488
* modules/pam_env.c: Fixed /etc/environment parsing causing segfaults on
long lines, closes: #45408
-- Ben Collins <bcollins@debian.org> Sun, 19 Sep 1999 13:50:40 -0400
pam (0.69-6) unstable; urgency=low
* Install unix_chkpwd suid root, it's needed for NIS to work without
modification to the binary.
* modules/pam_limits/pam_limits.c: hmm, some how I got a strange broken
patch left over from the source upgrade...removed all but the pwdb
purging, closes: #45088
* modules/pam_env/pam_env.c: Changed to a debug message, instead of a
syslog message when /etc/environment does not exist.
-- Ben Collins <bcollins@debian.org> Wed, 15 Sep 1999 04:25:21 -0400
pam (0.69-5) unstable; urgency=low
* Removed libpam0g's preinst check for full paths in the pam.d files,
this should really be a lintian check at build (i think the old libpam
could not work like this, but hey...things change for the better some
times. This PAM works fine like that). closes: #45001
+NOTE: Debian packages should not reference modules by the full path
so they don't break if I ever decide to move the modules to a different
default directory. Only the admin should reference full paths and only
for locally installed modules. I have submitted a request to check for
this in lintian along with a few other devious things.
* debian/patches/008_pam_mkhomedir: Fix title of sgml doc
* modules/pam_userdb/Makefile: added patch for building against glibc 2.0
(request from Roman Hodek), closes: #45064
-- Ben Collins <bcollins@debian.org> Tue, 14 Sep 1999 06:12:34 -0400
pam (0.69-4) unstable; urgency=low
* Link all dynamic modules with libpam. For some reason, alpha doesn't
like it when we don't
-- Ben Collins <bcollins@debian.org> Mon, 13 Sep 1999 06:01:40 -0400
pam (0.69-3) unstable; urgency=low
* doc/modules/pam_cracklib.sgml: changed to correct path for
cracklib_dict reference.
* modules/pam_env/pam_env.c: now groks bash style env's from
/etc/environment to be compatible with other programs that use it.
* modules/pam_securetty/pam_securetty.c: don't just plain fail when
root isn't allowed to login, fake a password request just like any
good auth module would. Keeps us from letting them know that they
are doing something bad :)
* modules/pam_{motd,mkhomedir}: merged these two modules into this
source, also wrote corresponding sgml files for libpam-doc,
closes: #40754
* debian/control: Moved libpam0g, libpam-modules and libpam-runtime
to base with required priority since login depends on them and
policy will require this
-- Ben Collins <bcollins@debian.org> Sat, 11 Sep 1999 08:06:02 -0400
pam (0.69-2) unstable; urgency=low
* Modified build so that it uses libs and headers in the build tree
rather than on the local system. This involved changint the build
order slightly and should make it easier to compile on new archs.
* Modified pam_limits so that it was invoked during pam_sm_setcred()
instead of during pam_sm_session_open() so that it will work with
shadow's su.
* Fixed missing symbols in libpam.so, they were caused by it thinking
it was supposed to have static modules built in.
* Fixed problem where libpam was getting built with -DDEBUG
* pam_unix_passwd.c: Changed the perms on shadow to be 0.42 and 0640
instead of 0.0 and 0600
* unix_chkpwd: fix it not being sgid shadow
-- Ben Collins <bcollins@debian.org> Thu, 9 Sep 1999 13:52:01 -0400
pam (0.69-1) unstable; urgency=low
* New upstream source
- Now with a new and improved pam_unix module, closes: #38631
- Lot's of documentation cleanups
* Converted build system to dbs (doogie's build system, aka Adam Heath)
* Fixed libpam.so compilation so that it did not link with any of the
modules (this was causing lot's of problems, closes; #43913, #40739
* modules/pam_ftp/pam_ftp.c: Fixed sizeof, to use strlen,
closes: #44054, #41845, #44142, #39129, #39871, #44412
* Postscript pages are now generated correctly, closes: #41608
* Moved to FHS compliance (including use of debhelper 2.0.40),
this also raises the policy version to 3.0.1.1
* Don't check the paths in /etc/pam.d files anymore. This is old
and causes nothing but complaints, closes: #39747
* Build libpam0g-dbg with debuggable static and shared libraries, also
enabled the internal DEBUG_REL compile flag for these so that the
debugging messages will also be output
-- Ben Collins <bcollins@debian.org> Tue, 7 Sep 1999 17:45:20 -0400
pam (0.66-10) unstable; urgency=low
* Added ability for pam_env to parse /etc/environment and updated
docs to reflect it
* Applied patch for pwdb_chkpwd man page, closes: #38976
* Merged pam_unix_*.so modules into one pam_unix.so with symlinks
for backward compatibility. This helps centralize this module the
same way the pam_pwdb.so is and the way pam_unix.so is on other
operating systems (commercial ones specifically).
* Closed by pam-apps upload, closes: #38632
* Fixed `sgml2latex' syntax, closes: #39119
* Added doc-base support, closes: #37627
-- Ben Collins <bcollins@debian.org> Wed, 16 Jun 1999 01:20:23 -0400
pam (0.66-9.1) unstable; urgency=low
* SPARC NMU to fix chown symbols when compiling with glibc 2.1.1
-- Ben Collins <bcollins@debian.org> Tue, 11 May 1999 13:33:33 +0000
pam (0.66-9) unstable; urgency=low
* Changed the debian/rules to not mess with the library symlinks (ie
running ldconfig in the lib dir) and all is well, closes: #36169
-- Ben Collins <bcollins@debian.org> Sun, 18 Apr 1999 09:09:51 -0400
pam (0.66-8) unstable; urgency=low
* Compiled with libpam_client.so now (seperate lib in libpam0g)
* Made regex for libpam0g postinst a little more specific so it
didn't flag false problems. closes: #34626
* Applied patch to fix pam_ftp, closes: #35388
* Modified pam_mail and pam_lastlog to honor PAM_SILENT in order to
enable apps to use hushlogin/PAM_SILENT
* Fixed problem with libpam_client.so being static
-- Ben Collins <bcollins@debian.org> Mon, 15 Mar 1999 20:54:23 -0500
pam (0.66-7) unstable; urgency=low
* Fixed XCASE in pam_filter.c (not really in glibc 2.1 by default)
-- Ben Collins <bcollins@debian.org> Sat, 6 Mar 1999 18:46:56 -0500
pam (0.66-6) unstable; urgency=low
* Removed empty /lib/security/ from libpam0g (is created in
libpam-runtime)
* Added a depends for libpam-runtime to libpam0g (was supposed to be
there, must have deleted it)
* Removed empty /usr/bin from libpam-runtime (old directory where
upperLOWER was)
-- Ben Collins <bcollins@debian.org> Wed, 24 Feb 1999 13:14:25 -0500
pam (0.66-5) unstable; urgency=low
* Removed harcoded libc6 dependency from libpam0g-dev and changed it to
libc6-dev. closes: #33615
* Added md5 flag for pam_unix_passwd.so
* Removed upperLOWER program since it is just an example. Moved it's
source to the examples directory in libpam-modules
* Fixed documentation of pam_strerror() and examples. closes #31142
* Made pam_unix_passwd.so leave /etc/shadow mode 640 and root.shadow
after changes
* Fixed problem in pam_unix_auth that didn't let you su from a normal
user to another normal user (ie. neither one was root)
* Closing misc fixed bugs. closes #32809, #32274 (have been fixed,
just need closing)
* Tested lockvc with pam support, works for normal users (pam_pwdb)
closes: #31150
* Changed /var/log/wtmp in pam_lastlog docs to reflect correct
/var/log/lastlog file. closes: #26544
* Added -ldl to libpam.so, so apps don't have to
-- Ben Collins <bcollins@debian.org> Fri, 19 Feb 1999 18:47:30 -0500
pam (0.66-4) unstable; urgency=low
* Changed pwdb_chkpwd to sgid shadow instead of suid root since it only
needs read permissions to /etc/shadow and not write.
* Moved a lot of files arouns to get rid of libpam-runtime dependencies
* Put libpam-pwdb into it's own package
* Removed -lpwdb links for modules since libpwdb is somewhat buggy (or
alteast it's interaction with libpam is)
* Fixed bug in pam_unix_passwd.so that caused it to never authenticate
the correct passwd, making it so you couldn't change the passwd
-- Ben Collins <bcollins@debian.org> Tue, 16 Feb 1999 15:50:28 -0500
pam (0.66-3) unstable; urgency=low
* Fixed defaults in /etc/pam.d/other to be pam_unix_*.so modules instead
of the accidental pam_pwdb.so module
* Fixed suid of pwdb_chkpwd (had to move dh_fixperms after
dh_suidregister)
* Added Replaces: libpam0g-util in order to help dpkg upgrade from
older packages
* Applied glibc 2.1 patch from Christian Meder. closes: #32809
* Moved libpam-doc to Section doc. closes: #32274
-- Ben Collins <bcollins@debian.org> Fri, 12 Feb 1999 02:01:43 -0500
pam (0.66-2) unstable; urgency=low
* Removed all of the versioned module stuff. Modules are now in
/lib/security and stay there. Seems after discussion, that modules may
not change as often as thought
* Fixed suidregister for pwdb_chkpwd
* Fixed incomplete descriptions in control file
* This is a kludge to close some bugs since the last upload was yanked
before being installed in the archive, closes: #16882, #30862, #7725,
#10234, #10406, #12210, #14291, #15528, #15529, #20660, #25330,
#29868, #31088, #31128, #9131, #9919, #19383, #5132, #14533, #25915,
#28075, #31548, #31191
-- Ben Collins <bcollins@debian.org> Tue, 2 Feb 1999 12:47:25 -0500
pam (0.66-1) unstable; urgency=low
* New maintainer
* New upstream release. closes: #16882, #30862, #7725
* Created a better split of the main lib and the runtime to kill the
circular dependencies and make it possible to have two .so version of
the library installed for upgrades. closes: #10234, #10406, #12210,
bug #14291, #15528, #15529, #20660, #25330, #29868, #31088, #31128,
bug #9131, #9919.
* Harcoded modules directory prefixed with the .so version, and
used alternatives to create the symlink to the 'default' modules
directory. libpam will use the full path when specified, but use the
versioned modules directory for relative names.
* Put libpam0g-cracklib modules back in (own package). This means that
cracklib support is _not_ in the static libpam.a, also cracklib
support is _not_ in pam_unix_passwd.o, but only in pam_cracklib.so
by itself.
* Fixed a few typos in the source causing compile errors
* Fixed source #include's so that pam _didn't_ have to be installed
in order to compile the source ( changed from <> to "" )
* Removed empty directories from built packages
* Opted not to build examples, only going to put *.c files in examples
directory for libpam0g-dev
* Moved *.sgml files for modules into their own directory (looks like
that is what the original maintainer wanted to do, but it didn't go)
* Moved doc build to arch-indep build in rules so that it doesn't get
built when specifying -B with debuild/dpkg-buildpackage.
* Moved `touch .quiet...' to build-stamp in order to have -B builds not
ask about pam.conf
* Split out non-standard modules to their own package, so as to make the
base install smaller (planning for base inclusion here)
* Created small manpage for pwdb_chkpwd. closes: #10941
* The Copright file in /usr/doc/*/ was already named copright and not
compressed. closes: #14533
* Package is now lintian clean. closes #19383, #5132
* There is a maintainer now and the patch for #25915 is still included
so.... closes: #25915
* Added check for editor backup files in /etc/pam.d (*~). closes: #28075
* Applied patch for md5.h in pam_pwdb module. closes: #31548
* Added support for dhelp in libpam-doc. closes: #31191
-- Ben Collins <bcollins@debian.org> Wed, 20 Jan 1999 07:09:15 -0500
pam (0.65-0.8) frozen unstable; urgency=high
* Marked PAM as orphaned, given that there has been no maintainer upload
in almost two years.
* [defs/debian.defs] Removed superflous cracklib2 dependency.
(Urgent as cracklib still has release-critical bugs).
(Fixes #30862).
-- J.H.M. Dassen (Ray) <jdassen@wi.LeidenUniv.nl> Wed, 20 Jan 1999 09:34:35 +0100
pam (0.65-0.7) frozen unstable; urgency=high
* Fixed security vulnerability in the pam_unix and pam_tally modules
(reported by Michal Zalewski on bugtraq; patch
A000-SECURITY-PATCH-0.65-and-below.gz by Andrey V. Savochkin).
-- J.H.M. Dassen (Ray) <jdassen@wi.LeidenUniv.nl> Tue, 29 Dec 1998 16:20:18 +0100
pam (0.65-0.6) unstable; urgency=high
* Fixed distribution of files over the various packages, which was
severely messed up.
* Added appropriate Replaces: to ensure upgrading from both the hamm
version and previous slink versions.
* Fixed debug libraries, PAM module loading.
* Added examples.
* Added a "pam-undocumented" manpage pointing to libpam-doc, and
made links for functions without a manpage to that.
-- J.H.M. Dassen (Ray) <jdassen@wi.LeidenUniv.nl> Sun, 11 Oct 1998 19:29:40 +0200
pam (0.65-0.5) unstable; urgency=low
* Rewritten the preinst warning text (it still mentioned the search path).
-- J.H.M. Dassen (Ray) <jdassen@wi.LeidenUniv.nl> Fri, 9 Oct 1998 14:23:18 +0200
pam (0.65-0.4) unstable; urgency=high
* It looks like I misunderstood DEFAULT_MODULE_PATH: Linux-PAM does not
currently seem to be easily configured to look for modules in more than
one directory. With this version, it's configured to look only in
/lib/security .
-- J.H.M. Dassen (Ray) <jdassen@wi.LeidenUniv.nl> Fri, 9 Oct 1998 11:43:34 +0200
pam (0.65-0.3) unstable; urgency=medium
* Moving the PAM modules to /lib/security broke netatalk.
Added a preinst script to detect /etc/pam.d files with explicit paths to
PAM modules, give a warning about them, and offer to abort the install
(Fixes #27514).
-- J.H.M. Dassen (Ray) <jdassen@wi.LeidenUniv.nl> Tue, 6 Oct 1998 20:10:43 +0200
pam (0.65-0.2) unstable; urgency=low
* Argh. The tools didn't recognise -0.1 as a new upstream release, so
my previous upload was rejected due to a missing .orig.tar.gz .
-- J.H.M. Dassen (Ray) <jdassen@wi.LeidenUniv.nl> Sun, 4 Oct 1998 17:15:09 +0200
pam (0.65-0.1) experimental; urgency=low
* New upstream version.
* Non-maintainer upload.
* Major package overhaul; now uses debhelper.
* In experimental for now. *Please* provide feedback; if the feedback is
positive, we can put this in slink.
* Dropped libc5 support.
* [libpam/pam_static.c] Fixed compilation: "pamh" was undefined; use "NULL".
is this the correct fix?
* [defs/debian.defs] New.
* [Makefile]
* Exit when a make in a subdirectory fails.
* Compile statically too.
* New variables: LC, LP, LPLIBS, DEFAULT_MODULE_PATH .
* [libpam/Makefile]
* Use DEFAULT_MODULE_PATH if nonempty.
* Link libpam against LPLIBS.
* [modules/*/Makefile]
* Link the dynamic security objects against libpam and libc
(LP and LC).
* [modules/pam_pwdb/Makefile]
* Link dynamic security objects against libcrypt and libnsl.
* [conf/install_conf] Allow for non-interactive install (as the other
install_conf scripts already did).
* Automatically determine the list of /etc/security/* conffiles.
* Moved libpam to /lib, and PAM modules to /lib/security as they will
become part of the base system in the future.
* Built without cracklib support, to keep the base system smaller.
* /sbin/pwdb_chkpwd is undocumented, as is upperLOWER.
-- J.H.M. Dassen (Ray) <jdassen@wi.LeidenUniv.nl> Fri, 2 Oct 1998 20:23:27 +0200
pam (0.57b-0.4) unstable; urgency=high
* Non maintainer upload
My previous upload had removed the libc5 stuff from the controlfile
messing up things. Change 'Architecture: any' to 'i386 m68k' for those
.deb's instead.
-- Turbo Fredriksson <turbo@debian.org> Thu, 20 Aug 1998 20:06:50 -0400
pam (0.57b-0.3) unstable; urgency=high
* Non maintainer upload
On a glibc2.1 system, XCASE is only defined in the <bits/termios.h>
_IF_ '__USE_MISC' or '__USE_UNIX98' is defined.
-- Turbo Fredriksson <turbo@debian.org> Sun, 16 Aug 1998 22:13:45 -0400
pam (0.57b-0.2) unstable; urgency=high
* Yet another non-maintainer release.
* Zero changes; simply a re-upload due to a rm-trigger happy release
``manager''.
-- James Troup <jjtroup@comp.brad.ac.uk> Tue, 17 Mar 1998 19:55:16 +0100
pam (0.57b-0.1) unstable; urgency=medium
* Non-maintainer release.
* debian/control (Standards-Version): Updated to 2.4.0.0.
* debian/control (libpam0g-dev): Also conflict with libpam-dbg.
* debian/postinst: use case statement instead of if.
* debian/rules (COMPAT_ARCHES): removed sparc.
* debian/rules (binary-libc6-dev, binary-libc5-altdev): strip static libraries with
--strip-debug, not --strip-unneeded.
* debian/rules: each package now has it's own doc directory under
/usr/doc/, containing at least the copyright file (Policy 5.6).
* debian/rules: install files with `install -m 644' not `cp -p' to avoid
read-only files.
* debian/rules (binary-libc6-util): strip /usr/lib/*/security/*.so with
--strip-unneeded.
* debian/rules (binary-libc5-util): ditto.
* debian/rules (binary-libc5): don't depend on binary-libc5.
-- James Troup <jjtroup@comp.brad.ac.uk> Sat, 7 Mar 1998 18:04:19 +0100
pam (0.57b-0) unstable; urgency=medium
* Non-maintainer release.
* New upstream version.
* Doesn't use pristine upstream source as the upstream tar ball is broken.
* Added libc6 libraries libpam0g, libpam0g-dev, libpam0g-dbg and
libpam0g-util. [#11697]
* libpam-dev becomes libpam0-altdev, libpam-util -> libpam0-altutil and
libpam-dbg is removed.
* libpam0 depends on libpam0g because libpam0g contains the pam conffile.
* libpam0-util depends on libpam0g-util because libpam0g contains the binary.
* Compiled with -D_REENTRANT and link with -lc.
* Fixed permissions on shared libraries.
* Corrected syntax of /etc/pam.d/other. [#10497, #10758, #12030]
* Fixed typos in postinst. [#10474, #11365]
* Made /etc/pam.conf a conffile.
* Updated URL in copyright file.
* Removed over-zelaously installed README* files from libpam-doc.
-- James Troup <jjtroup@comp.brad.ac.uk> Sat, 22 Nov 1997 17:54:30 +0100
pam (0.56-2) unstable; urgency=low
* Added /etc/pam.d/other with policy 'deny'.
* Add manual pages for PAM security modules.
-- Klee Dienes <klee@debian.org> Sat, 15 Mar 1997 22:33:22 -0500
pam (0.56-1) unstable; urgency=low
* New upstream release.
* Converted to new packaging format.
* Reorganization of package structure (-dev, -dbg, etc).
-- Klee Dienes <klee@debian.org> Sat, 8 Mar 1997 01:21:17 -0500
|