File: changelog

package info (click to toggle)
pam 1.1.8-3.8
  • links: PTS, VCS
  • area: main
  • in suites: buster, sid
  • size: 11,816 kB
  • sloc: ansic: 31,350; xml: 21,611; sh: 11,344; makefile: 1,563; perl: 904; yacc: 408; lex: 70; sed: 16
file content (2691 lines) | stat: -rw-r--r-- 124,027 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
1838
1839
1840
1841
1842
1843
1844
1845
1846
1847
1848
1849
1850
1851
1852
1853
1854
1855
1856
1857
1858
1859
1860
1861
1862
1863
1864
1865
1866
1867
1868
1869
1870
1871
1872
1873
1874
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932
1933
1934
1935
1936
1937
1938
1939
1940
1941
1942
1943
1944
1945
1946
1947
1948
1949
1950
1951
1952
1953
1954
1955
1956
1957
1958
1959
1960
1961
1962
1963
1964
1965
1966
1967
1968
1969
1970
1971
1972
1973
1974
1975
1976
1977
1978
1979
1980
1981
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
2031
2032
2033
2034
2035
2036
2037
2038
2039
2040
2041
2042
2043
2044
2045
2046
2047
2048
2049
2050
2051
2052
2053
2054
2055
2056
2057
2058
2059
2060
2061
2062
2063
2064
2065
2066
2067
2068
2069
2070
2071
2072
2073
2074
2075
2076
2077
2078
2079
2080
2081
2082
2083
2084
2085
2086
2087
2088
2089
2090
2091
2092
2093
2094
2095
2096
2097
2098
2099
2100
2101
2102
2103
2104
2105
2106
2107
2108
2109
2110
2111
2112
2113
2114
2115
2116
2117
2118
2119
2120
2121
2122
2123
2124
2125
2126
2127
2128
2129
2130
2131
2132
2133
2134
2135
2136
2137
2138
2139
2140
2141
2142
2143
2144
2145
2146
2147
2148
2149
2150
2151
2152
2153
2154
2155
2156
2157
2158
2159
2160
2161
2162
2163
2164
2165
2166
2167
2168
2169
2170
2171
2172
2173
2174
2175
2176
2177
2178
2179
2180
2181
2182
2183
2184
2185
2186
2187
2188
2189
2190
2191
2192
2193
2194
2195
2196
2197
2198
2199
2200
2201
2202
2203
2204
2205
2206
2207
2208
2209
2210
2211
2212
2213
2214
2215
2216
2217
2218
2219
2220
2221
2222
2223
2224
2225
2226
2227
2228
2229
2230
2231
2232
2233
2234
2235
2236
2237
2238
2239
2240
2241
2242
2243
2244
2245
2246
2247
2248
2249
2250
2251
2252
2253
2254
2255
2256
2257
2258
2259
2260
2261
2262
2263
2264
2265
2266
2267
2268
2269
2270
2271
2272
2273
2274
2275
2276
2277
2278
2279
2280
2281
2282
2283
2284
2285
2286
2287
2288
2289
2290
2291
2292
2293
2294
2295
2296
2297
2298
2299
2300
2301
2302
2303
2304
2305
2306
2307
2308
2309
2310
2311
2312
2313
2314
2315
2316
2317
2318
2319
2320
2321
2322
2323
2324
2325
2326
2327
2328
2329
2330
2331
2332
2333
2334
2335
2336
2337
2338
2339
2340
2341
2342
2343
2344
2345
2346
2347
2348
2349
2350
2351
2352
2353
2354
2355
2356
2357
2358
2359
2360
2361
2362
2363
2364
2365
2366
2367
2368
2369
2370
2371
2372
2373
2374
2375
2376
2377
2378
2379
2380
2381
2382
2383
2384
2385
2386
2387
2388
2389
2390
2391
2392
2393
2394
2395
2396
2397
2398
2399
2400
2401
2402
2403
2404
2405
2406
2407
2408
2409
2410
2411
2412
2413
2414
2415
2416
2417
2418
2419
2420
2421
2422
2423
2424
2425
2426
2427
2428
2429
2430
2431
2432
2433
2434
2435
2436
2437
2438
2439
2440
2441
2442
2443
2444
2445
2446
2447
2448
2449
2450
2451
2452
2453
2454
2455
2456
2457
2458
2459
2460
2461
2462
2463
2464
2465
2466
2467
2468
2469
2470
2471
2472
2473
2474
2475
2476
2477
2478
2479
2480
2481
2482
2483
2484
2485
2486
2487
2488
2489
2490
2491
2492
2493
2494
2495
2496
2497
2498
2499
2500
2501
2502
2503
2504
2505
2506
2507
2508
2509
2510
2511
2512
2513
2514
2515
2516
2517
2518
2519
2520
2521
2522
2523
2524
2525
2526
2527
2528
2529
2530
2531
2532
2533
2534
2535
2536
2537
2538
2539
2540
2541
2542
2543
2544
2545
2546
2547
2548
2549
2550
2551
2552
2553
2554
2555
2556
2557
2558
2559
2560
2561
2562
2563
2564
2565
2566
2567
2568
2569
2570
2571
2572
2573
2574
2575
2576
2577
2578
2579
2580
2581
2582
2583
2584
2585
2586
2587
2588
2589
2590
2591
2592
2593
2594
2595
2596
2597
2598
2599
2600
2601
2602
2603
2604
2605
2606
2607
2608
2609
2610
2611
2612
2613
2614
2615
2616
2617
2618
2619
2620
2621
2622
2623
2624
2625
2626
2627
2628
2629
2630
2631
2632
2633
2634
2635
2636
2637
2638
2639
2640
2641
2642
2643
2644
2645
2646
2647
2648
2649
2650
2651
2652
2653
2654
2655
2656
2657
2658
2659
2660
2661
2662
2663
2664
2665
2666
2667
2668
2669
2670
2671
2672
2673
2674
2675
2676
2677
2678
2679
2680
2681
2682
2683
2684
2685
2686
2687
2688
2689
2690
2691
pam (1.1.8-3.8) unstable; urgency=medium

  * Non-maintainer upload.
  * Set Rules-Requires-Root to binary-targets as pam relies on
    chgrp in debian/rules.
  * Update pam-auth-update to detect write errors and properly
    fail when that happens.  (Closes: #880501)
  * Remove Roger Leigh from uploaders as he has restired from
    Debian.  (Closes: #869348)
  * Reduce priority of libpam0g to optional.
  * Rebuild with a recent version of dpkg-source, which ensures
    that the Build-Depends are correct in the .dsc file.
    (Closes: #890602)
  * Apply patch from Felix Lechner to make pam-auth-update ignore
    editor backup files.  (Closes: #519361)
  * Apply update to Brazilian Portuguese translations of the
    debconf templates.  Thanks to Adriano Rafael Gomes.
    (Closes: #799417)

 -- Niels Thykier <niels@thykier.net>  Sat, 11 Aug 2018 15:31:24 +0000

pam (1.1.8-3.7) unstable; urgency=medium

  * Non-maintainer upload.
  * libpam-modules: Added a config for pam_mkhomedir, disabled by default.
    (Closes: #568577)
  * pam-auth-update: Add support for --enable option which is useful for
    enabling non-default configs without prompting the admin. (LP: #1192719)

 -- Timo Aaltonen <tjaalton@debian.org>  Fri, 02 Feb 2018 16:57:43 +0200

pam (1.1.8-3.6) unstable; urgency=medium

  * Non-maintainer upload.
  * cve-2015-3238.patch: Add the changes in the generated pam_exec.8
    and pam_unix.8 in addition to (and after) the changes to the
    source .xml files. This avoids unwanted rebuilds that can cause
    problems due to differing files on different architectures of
    the Multi-Arch: same libpam-modules. (Closes: #851545)

 -- Adrian Bunk <bunk@debian.org>  Sat, 27 May 2017 18:44:02 +0300

pam (1.1.8-3.5) unstable; urgency=medium

  * Non-maintainer upload.
  * Build-Depend on libfl-dev:native as well, for cross builds.
    Re-closes: #846459
  * Fix "Unescaped left brace in regex" with Perl 5.22. Closes: #810873

 -- Adam Borowski <kilobyte@angband.pl>  Fri, 30 Dec 2016 14:37:29 +0100

pam (1.1.8-3.4) unstable; urgency=medium

  * Non-maintainer upload.
  * Add libfl-dev to Build-Depends, fixing FTBFS.  Closes: #846459
  * Move xsl stuff to Build-Depends from -Indep to fix misbuilt manpages.
    Closes: #812566

 -- Adam Borowski <kilobyte@angband.pl>  Sun, 18 Dec 2016 01:03:58 +0100

pam (1.1.8-3.3) unstable; urgency=low

  * Non-maintainer upload.
  [ Steve Langasek ]
  * Updated Swedish translation to correct a typo, thanks to Anders Jonsson
    and Martin Bagge.  Closes: #743875
  * Updated Turkish translation, thanks to Mert Dirik <mertdirik@gmail.com>.
    (closes: #756756)
  * d/applied-patches/pam-limits-nofile-fd-setsize-cap: cap the default
    soft nofile limit read from pid 1 to FD_SETSIZE.  Thanks to Robie Basak
    <robie.basak@ubuntu.com> for the patch.  Closes: #783105.
  * Acknowledge security NMU.
  * pam-auth-update: don't mishandle trailing whitespace in profiles.
    LP: #1487103.

  [ Laurent Bigonville ]
  * debian/control: Fix Vcs-* and Homepage fields (Closes: #752343)
  * debian/watch: Update watch file and point it to http://www.linux-pam.org
  * debian/patches-applied/pam_namespace_fix_bashism.patch: Fix bashism in
    namespace.init script (Closes: #624842)
  * debian/control: Build-depends against debhelper (>= 9) to match the
    defined debhelper compatibility
  * Rename the cve-2011-4708.patch to cve-2010-4708.patch to match reality,
    thanks to Jakub Wilk <jwilk@debian.org> for noticing (Closes: #761594)
  * debian/control: Bump Standards-Version to 3.9.8 (no further changes)
  * debian/libpam-doc.doc-base.applications-guide: Fix spelling
  * debian/libpam0g-dev.examples: Do not use shell brace expansion
  * debian/patches-applied/pam-loginuid-in-containers: Updated with the version
    from Ubuntu, this should fix logins in containers (Closes: #726661)
  * debian/patches-applied/update-motd: Updated with the version from Ubuntu:
    use /run/motd.dynamic instead of /var/run/motd, nothing in the archive
    uses the later (Closes: #743286)
  * debian/patches-applied/make_documentation_reproducible.patch: Make the
    build reproducible, removes differences when building with different
    locale values (Closes: #792127)

 -- Laurent Bigonville <bigon@debian.org>  Wed, 18 May 2016 02:04:29 +0200

pam (1.1.8-3.2) unstable; urgency=medium

  * Non-maintainer upload.
  * Fix CVE-2015-3238: DoS/user enumeration due to blocking pipe in pam_unix
    module (Closes: #789986)

 -- Tianon Gravi <tianon@debian.org>  Wed, 06 Jan 2016 15:53:31 -0800

pam (1.1.8-3.1) unstable; urgency=high

  * Non-maintainer upload by the Security Team.
  * Fix CVE-2013-7041: case-insensitive comparison used for verifying
    passwords in the pam_userdb module (closes: #731368).
  * Fix CVE-2014-2583: multiple directory traversal issues in the
    pam_timestamp module (closes: 757555)

 -- Michael Gilbert <mgilbert@debian.org>  Sat, 09 Aug 2014 09:50:42 +0000

pam (1.1.8-3) unstable; urgency=low

  * debian/rules: On hurd, link libpam explicitly with -lpthread since glibc
    will not dynamically switch between the libc stubs and the libpthread
    implementations on this architecture.  Thanks to Samuel Thibault for the
    patch.  Closes: #743891.

 -- Steve Langasek <vorlon@debian.org>  Mon, 07 Apr 2014 17:49:38 -0700

pam (1.1.8-2) unstable; urgency=medium

  * Mark the libaudit-dev build-dependency linux-any, since it's not
    available on non-Linux archs.  Closes: #737035.

 -- Steve Langasek <vorlon@debian.org>  Thu, 13 Feb 2014 15:02:00 -0800

pam (1.1.8-1) unstable; urgency=medium

  * New upstream release.
    - includes upstream changes to pam_exec.  Closes: #670147.
    - adds support for newer hashing algorithms to pam_userdb.
      Closes: #671740.
    - fixes handling of 'quiet' argument to pam_listfile, to match the
      documentation.  Closes: #592219.
    - fixes handling of @users@@hosts netgroup syntax in access.conf.
      Closes: #681223.
    - fixes installation of the /etc/security/namespace.d directory.
      Closes: #710998.
    - 027_pam_limits_better_init_allow_explicit_root: support for reading
      /proc/1/limits is upstream, this patch now only handles the policy
      of resetting limits by default and not applying glob limits to root.
    - debian/patches/fix-manpage-crud: drop, manpages now being generated
      upstream with a newer, fixed xsltproc.
    - debian/patches/pam_env-fix-overflow.patch, pam_env-fix-dos.patch,
      glibc-2_16-compilation-fix.patch, sys-types-include.patch: drop,
      included upstream.
  * Add build-dependency on pkg-config.
  * Ensure autogenerated files are after source files in all relevant patches,
    so that regenerating documentation doesn't cause build skew.
  * Drop the --disable-regenerate-docu argument, restoring the HTML manuals
    to the libpam-doc package.  Closes: #700485.
  * No need to override dh_compress in debian/rules, it already handles .html
    files correctly.
  * debian/libpam-cracklib.prerm: use $DPKG_MAINTSCRIPT_PACKAGE_COUNT to avoid
    prematurely removing the PAM config when the package is installed for
    multiple architectures.  Closes: #647428.

 -- Steve Langasek <vorlon@debian.org>  Thu, 16 Jan 2014 00:38:42 +0000

pam (1.1.3-11) unstable; urgency=low

  [ Wookey ]
  * Disable libaudit for stage1 bootstrap.

  [ Steve Langasek ]
  * debian/patches-applied/pam-loginuid-in-containers: pam_loginuid:
    Ignore failure in user namespaces.
  * Use [linux-any] in build-deps, instead of hard-coding a list of
    non-Linux archs.  Closes: #634516.

 -- Steve Langasek <vorlon@debian.org>  Tue, 14 Jan 2014 03:33:31 +0000

pam (1.1.3-10) unstable; urgency=low

  * Fix pam-auth-update handling of trailing blank lines in the fields of
    profiles.  LP: #1160288.
  * Reintroduce libaudit support now that libaudit has been multiarched.
    Closes: #699159.

 -- Steve Langasek <vorlon@debian.org>  Sun, 20 Oct 2013 15:30:46 -0700

pam (1.1.3-9) unstable; urgency=low

  * Revert libaudit support for now, because libaudit isn't multiarched yet
    in unstable so this regresses cross-installability.  Reopens bug
    #699159.
  * Add an or'ed dependency on cdebconf, which also implements the
    xloadtemplatefile extension that prevents us from depending on just
    'debconf-2.0'.  Thanks to Régis Boudin <regis@boudin.name> for the info.
    Closes: #677278.

 -- Steve Langasek <vorlon@debian.org>  Tue, 12 Feb 2013 23:06:30 +0000

pam (1.1.3-8) unstable; urgency=low

  * Confirm NMU for bug #611136; thanks to Michael Gilbert.
    - As a side effect, there will no longer be errors from reading the
      .pam_environment twice since we are now reading it 0 times.
      LP: #955032.
  * Adjust the pam_env documentation to match the module behavior resulting
    from the previous security upload.  Closes: #693995.
  * debian/rules: never regenerate manpages at build time; this may cause
    build skew that breaks the world in a multiarch context.  LP: #1095887.
  * debian/patches-applied/glibc-2_16-compilation-fix.patch: fix missing
    include causing build failure with eglibc 2.16.  Thanks to Daniel
    Schepler <dschepler@gmail.com>.  Closes: #693450.
  * Ditch autoconf patch in favor of a build-dependency on dh-autoreconf,
    which will let us keep up-to-date with newer autotools.  In the present
    instance, this gets us aarch64 support.
  * Install pam_timestamp_check - and while we're at it, move the manpage
    to the correct binary package.  Closes: #648695.
  * Update lintian overrides to suppress some noise about hardening and
    manpages.
  * Enable audit support, by popular demand.  This should have no major
    impact unless you're also running auditd; but I reserve the right to
    disable this again in the event that this causes a performance hit or
    breaks upgrades (since the dependency is pulled into libpam, not just
    into pam_tty_audit).  Closes: #699159, LP: #937005.

 -- Steve Langasek <vorlon@debian.org>  Tue, 12 Feb 2013 05:36:29 +0000

pam (1.1.3-7.1) unstable; urgency=low

  * Non-maintainer upload.
  * Fix cve-2010-4708: user-configurable .pam_environment allows
    administrator-level changes without root access (closes: #611136).

 -- Michael Gilbert <mgilbert@debian.org>  Sun, 29 Apr 2012 02:23:26 -0400

pam (1.1.3-7) unstable; urgency=low

  * Updated debconf translations:
    - Danish, thanks to Joe Dalton <joedalton2@yahoo.dk> (closes: #648382)
    - French, thanks to Jean-Baka Domelevo Entfellner <domelevo@gmail.com>
      (closes: #649850)
    - Dutch, thanks to Jeroen Schot <schot@A-Eskwadraat.nl>
      (closes: #650755)
    - Russian, thanks to Yuri Kozlov <yuray@komyakino.ru> (closes: #650867)
    - Portuguese, thanks to Pedro Ribeiro <p.m42.ribeiro@gmail.com>
      (closes: #652493)
    - German, thanks to Sven Joachim <svenjoac@gmx.de> (closes: #653407)
    - Spanish, thanks to Javier Fernandez-Sanguino Peña <jfs@debian.org>
      (closes: #654043)
    - Bulgarian, thanks to Damyan Ivanov <dmn@debian.org> (closes: #656518)
    - Slovak, thanks to Ivan Masár <helix84@centrum.sk> (closes: #656521)
    - Japanese, thanks to Kenshi Muto <kmuto@debian.org> (closes: #656834)
    - Polish, thanks to Michał Kułach <michalkulach@gmail.com>
      (closes: #657476)
    - Catalan, thanks to Innocent De Marchi <tangram.peces@gmail.com>
      (closes: #657489)
    - Czech, thanks to Miroslav Kure <kurem@upcase.inf.upol.cz>
      (closes: #657578)
    - Swedish, thanks to Martin Bagge <brother@bsnet.se> (closes: #651349)

 -- Steve Langasek <vorlon@debian.org>  Sat, 28 Jan 2012 10:57:49 -0800

pam (1.1.3-6) unstable; urgency=low

  * debian/patches-applied/hurd_no_setfsuid: we don't want to check all
    setre*id() calls; we know that there are situations where some of these
    may fail but we don't care.  As long as the last setre*id() call in each
    set succeeds, that's the state we mean to be in.
  * debian/libpam0g.postinst: according to Kubuntu developers, kdm no longer
    keeps libpam loaded persistently at runtime, so it's not necessary to
    force a kdm restart on ABI bump.  Which is good, since restarting kdm
    now seems to also log users out of running sessions, which we rather
    want to avoid.  Closes: #632673, LP: #744944.
  * debian/patches-applied/update-motd: set a sane umask before calling
    run-parts, and restore the old mask afterwards, so /run/motd gets
    consistent permissions.  LP: #871943.
  * debian/patches-applied/update-motd: new module option for pam_motd,
    'noupdate', which suppresses the call to run-parts /etc/update-motd.d.
    LP: #805423.
  * debian/libpam0g.templates, debian/libpam0g.postinst: add a new question,
    libraries/restart-without-asking, that allows admins to accept the
    service restarts once for all so that they don't have to repeatedly
    say "ok".  LP: #745004.
  * debian/libpam-runtime.templates, debian/local/pam-auth-update: add a
    new 'title' template, so pam-auth-update doesn't give a blank title
    when called outside of a maintainer script.  LP: #882794.

 -- Steve Langasek <vorlon@debian.org>  Sun, 06 Nov 2011 19:43:14 -0800

pam (1.1.3-5) unstable; urgency=low

  [ Kees Cook ]
  * debian/patches-applied/pam_unix_dont_trust_chkpwd_caller.patch: use
    setresgid() to wipe out saved-gid just in case.
  * debian/patches-applied/008_modules_pam_limits_chroot:
    - fix off-by-one when parsing configuration file.
    - when using chroot, chdir() to root to lose links to old tree.
  * debian/patches-applied/022_pam_unix_group_time_miscfixes,
    debian/patches-applied/026_pam_unix_passwd_unknown_user,
    debian/patches-applied/054_pam_security_abstract_securetty_handling:
    improve descriptions.
  * debian/patches-applied/{007_modules_pam_unix,055_pam_unix_nullok_secure}:
    drop unneeded no-op change to reduce delta from upstream.
  * debian/patches-applied/hurd_no_setfsuid: check all set*id() calls.
  * debian/patches-applied/update-motd: correctly clear environment when
    building motd.
  * debian/patches-applied/pam_env-fix-overflow.patch: fix stack overflow
    in environment file parsing (CVE-2011-3148).
  * debian/patches-applied/pam_env-fix-dos.patch: fix DoS in environment
    file parsing (CVE-2011-3149).

 -- Steve Langasek <vorlon@debian.org>  Thu, 27 Oct 2011 21:33:57 -0700

pam (1.1.3-4) unstable; urgency=low

  * Make sure shared library links are also installed to the multiarch
    directory, not just the .a files; otherwise the static libs get found
    first by the linker.  Thanks to Russ Allbery for catching this.
    Closes: #642952.

 -- Steve Langasek <vorlon@debian.org>  Sun, 25 Sep 2011 22:33:55 +0000

pam (1.1.3-3) unstable; urgency=low

  * Look for /etc/init.d/postgresql, not /etc/init.d/postgresql-8.{2,3},
    for service restarts; the latter are obsolete since squeeze.
    Closes: #631511.
  * Move debian/libpam0g-dev.install to debian/libpam0g-dev.install.in
    and substitute the multiarch path at build time, so our .a files go to
    the multiarch dir instead of to /usr/lib.  Thanks to Riku Voipio for
    pointing out the bug.
  * debian/control: adjust the package descriptions, as the current ones
    use some awkward language that's gone unnoticed for a long time.  Thanks
    to Martin Eberhard Schauer <Martin.E.Schauer@gmx.de> for pointing this
    out.  Closes: #633863.
  * Build-depend on debhelper 8.9.4 and bump debian/compat to 9 for
    dpkg-buildflags integration, and drop manual setting of -g -O options in
    CFLAGS now that we can let dh do it for us
  * Don't set --sbindir when calling configure; upstream takes care of this
    for us

 -- Steve Langasek <vorlon@debian.org>  Sat, 24 Sep 2011 20:08:56 +0000

pam (1.1.3-2) unstable; urgency=low

  [ Kees Cook ]
  * debian/patches-applied/027_pam_limits_better_init_allow_explicit_root:
    - only report about unknown kernel rlimits when "debug" is set
      (Closes: 625226, LP: #794531).

  [ Steve Langasek ]
  * Build for multiarch.  Closes: #463420.
  * debian/patches-applied/027_pam_limits_better_init_allow_explicit_root:
    don't reset the process niceness for root; since it's root, they can
    still renice to a lower nice level if they need to and changing the
    nice level by default is unexpected behavior.  Closes: #594377.

 -- Steve Langasek <vorlon@debian.org>  Tue, 21 Jun 2011 11:41:12 -0700

pam (1.1.3-1) unstable; urgency=low

  * New upstream release.
    - Fixes CVE-2010-3853, executing namespace.init with an insecure
      environment set by the caller.  Closes: #608273.
    - Fixes CVE-2010-3316 CVE-2010-3430 CVE-2010-3431 CVE-2010-3435.
      Closes: #599832.
  * Port hurd_no_setfsuid patch to new pam_modutil_{drop,restore}_priv
    interface; now possibly upstreamable
  * debian/patches-applied/027_pam_limits_better_init_allow_explicit_root:
    set a better default RLIMIT_MEMLOCK value for BSD kernels.  Thanks to
    Petr Salinger for the fix.  Closes: #602902.
  * bump the minimum version check in maintainer scripts for the restart
    handling.

 -- Steve Langasek <vorlon@debian.org>  Sat, 04 Jun 2011 03:10:50 -0700

pam (1.1.2-3) unstable; urgency=low

  [ Kees Cook ]
  * 027_pam_limits_better_init_allow_explicit_root: load rlimit defaults
    from the kernel (via /proc/1/limits), instead of continuing to hardcode
    the settings internally. Fall back to internal defaults when the kernel
    rlimits are not found.  Closes: #620302. (LP: #746655, #391761)

  * Updated debconf translations:
    - Vietnamese, thanks to Clytie Siddall <clytie@riverland.net.au>
      (closes: #601197)
    - Dutch, thanks to Eric Spreen <erispre@gmail.com> (closes: #605592)
    - Danish, thanks to Joe Dalton <joedalton2@yahoo.dk> (closes: #606739)
    - Catalan, thanks to Innocent De Marchi <tangram.peces@gmail.com>
      (closes: #622786)

 -- Steve Langasek <vorlon@debian.org>  Sun, 01 May 2011 01:49:11 -0700

pam (1.1.2-2) unstable; urgency=low

  * debian/patches-applied/hurd_no_setfsuid: handle some new calls to
    setfsuid in pam_xauth that I overlooked, so that the build works again
    on non-Linux.  Closes: #613630.

 -- Steve Langasek <vorlon@debian.org>  Wed, 16 Feb 2011 09:27:11 -0800

pam (1.1.2-1) unstable; urgency=low

  * New upstream release.
    - Add support for NSS groups to pam_group.  Closes: #589019,
      LP: #297408.
    - Support cross-building the package.  Thanks to Neil Williams
      <codehelp@debian.org> for the patch.  Closes: #284854.
  * debian/rules: pass getconf LFS_CFLAGS so that we get a 64-bit rlimit
    interface.  Closes: #579402.
  * Drop patches conditional_module,_conditional_man and
    mkhomedir_linking.patch, which are included upstream.
  * debian/patches/hurd_no_setfsuid: pam_env and pam_mail now also use
    setfsuid, so patch them to be likewise Hurd-safe.
  * Update debian/source.lintian-overrides to clean up some spurious
    warnings.
  * debian/libpam-modules.postinst: if any 'min=n' options are found in
    /etc/pam.d/common-password, convert them on upgrade to 'minlen=n' for
    compatibility with upstream.
  * debian/NEWS: document the disappearance of 'min=n', in case users have
    encoded this option elsewhere outside of /etc/pam.d/common-password.
  * debian/patches/007_modules_pam_unix: drop compatibility handling of
    'max=' no-op; use of this option will now log an error, as warned three
    years ago.
  * Bump Standards-Version to 3.9.1.
  * Add lintian overrides for a few more spurious warnings.
  * debian/patches-applied/no_PATH_MAX_on_hurd: define PATH_MAX for
    compatibility when it's not already set.  Closes: #552043.
  * debian/local/pam-auth-update: Don't try to pass embedded newlines to
    debconf; backslash-escape them instead and use CAPB escape.
  * debian/local/pam-auth-update: sort additional module options before
    writing them out, so that we don't wind up with a different config file
    on every invocation.  Thanks to Jim Paris <jim@jtan.com> for the patch.
    Closes: #594123.
  * debian/libpam-runtime.{postinst,templates}: since 1.1.2-1 is targeted
    for post-squeeze, we don't need to support upgrades from 1.0.1-6 to
    1.0.1-10 anymore.  Drop the debconf error note about having configured
    your system with a lack of authentication, so that translators don't
    spend any more time on it.
  * Updated debconf translations:
    - Swedish, thanks to Martin Bagge <brother@bsnet.se> (closes: #575875)

 -- Steve Langasek <vorlon@debian.org>  Tue, 15 Feb 2011 23:21:41 -0800

pam (1.1.1-7) UNRELEASED; urgency=low

  * Updated debconf translations:
    - Italian, thanks to Nicole B. <damn3dg1rl@gmail.com> (closes: #602112)

 -- Steve Langasek <vorlon@debian.org>  Wed, 17 Nov 2010 16:53:46 -0800

pam (1.1.1-6.1) unstable; urgency=low

  * Non-maintainer upload.
  * Fix pending l10n issues. Debconf translations:
    - Czech (Miroslav Kure).  Closes: #598329
    - Slovak (Ivan Masár).  Closes: #600164
    - Japanese (Kenshi Muto).  Closes: #600247
    - Finnish (Esko Arajärvi).  Closes: #600641

 -- Christian Perrier <bubulle@debian.org>  Tue, 19 Oct 2010 07:30:49 +0200

pam (1.1.1-6) unstable; urgency=low

  * Updated debconf translations:
    - Swedish, thanks to Martin Bagge <brother@bsnet.se> (closes: #575875)

 -- Steve Langasek <vorlon@debian.org>  Sun, 05 Sep 2010 23:36:35 -0700

pam (1.1.1-5) unstable; urgency=low

  * debian/rules: pass getconf LFS_CFLAGS so that we get a 64-bit rlimit
    interface.  Closes: #579402.
  * Update debian/source.lintian-overrides to clean up some spurious
    warnings.
  * Bump Standards-Version to 3.9.1.
  * Add lintian overrides for a few more spurious warnings.
  * debian/patches-applied/no_PATH_MAX_on_hurd: define PATH_MAX for
    compatibility when it's not already set.  Closes: #552043.
  * debian/local/pam-auth-update: Don't try to pass embedded newlines to
    debconf; backslash-escape them instead and use CAPB escape.
  * debian/local/pam-auth-update: sort additional module options before
    writing them out, so that we don't wind up with a different config file
    on every invocation.  Thanks to Jim Paris <jim@jtan.com> for the patch.
    Closes: #594123.

 -- Steve Langasek <vorlon@debian.org>  Sun, 05 Sep 2010 12:42:34 -0700

pam (1.1.1-4) unstable; urgency=low

  * debian/patches/conditional_module,_conditional_man: if we don't have the
    libraries required for building pam_tty_audit, we shouldn't install the
    manpage either. LP: #588547.
  * Updated debconf translations:
    - Portuguese, thanks to Eder L. Marques <eder@edermarques.net>
      (closes: #581746)
    - Spanish, thanks to Javier Fernandez-Sanguino Peña <jfs@debian.org>
      (closes: #592172)
    - Galician, thanks to Jorge Barreiro <yortx.barry@gmail.com>
      (closes: #592808)
  * Don't pass --version-script options when linking executables,
    only when linking libraries.  Thanks to Julien Cristau
    <jcristau@debian.org> for the fix.  Closes: #582362.

 -- Steve Langasek <vorlon@debian.org>  Sun, 15 Aug 2010 21:53:46 -0700

pam (1.1.1-3) unstable; urgency=low

  * pam-auth-update: fix a bug in our handling of module options when the
    module name contains digits, caused by a buggy regexp. :/  Partially
    addresses LP #369575.
  * Install /sbin/pam_tally2 in the libpam-modules package; thanks to
    Olivier BONHOMME <obonhomme@nerim.net> for reporting.  Closes: #554010.

 -- Steve Langasek <vorlon@debian.org>  Sun, 25 Apr 2010 05:53:44 -0700

pam (1.1.1-2) unstable; urgency=low

  * Document the new symbols added in 1.1.1 in debian/libpam0g.symbols, and
    raise the minimum version for the service restarting code.
    Closes: #568480.

 -- Steve Langasek <vorlon@debian.org>  Wed, 17 Feb 2010 23:21:23 -0800

pam (1.1.1-1) unstable; urgency=low

  * New upstream version.
    - restore proper netgroup handling in pam_access.
      Closes: #567385, LP: #513955.
  * Drop patches pam.d-manpage-section, namespace_with_awk_not_gawk, and
    pam_securetty_tty_check_before_user_check, which are included upstream.
  * debian/patches/026_pam_unix_passwd_unknown_user: don't return
    PAM_USER_UNKNOWN on password change of a user that has no shadow entry,
    upstream now implements auto-creating the shadow entry in this case.
  * Updated debconf translations:
    - French, thanks to Jean-Baka Domelevo Entfellner <domelevo@gmail.com>
      (closes: #547039)
    - Bulgarian, thanks to Damyan Ivanov <dmn@debian.org> (closes: #562835)
  * debian/patches/sys-types-include.patch: fix pam_modutil.h so that it can
    be included directly, without having to include sys/types.h first.
    Closes: #556203.
  * Add postgresql-8.3 to the list of services in need of restart on upgrade.
    Closes: #563674.
  * And drop postgresql-{7.4,8.1} from the list, neither of which is present
    in stable.
  * debian/patches/007_modules_pam_unix: recognize that *all* of the password
    hashes other than traditional crypt handle passwords >8 chars in length.
    LP: #356766.

 -- Steve Langasek <vorlon@debian.org>  Mon, 01 Feb 2010 02:04:33 -0800

pam (1.1.0-4) unstable; urgency=low

  * debian/patches/pam_securetty_tty_check_before_user_check: new patch,
    to make pam_securetty always return success on a secure tty regardless
    of what username was passed.  Thanks to Nicolas François
    <nicolas.francois@centraliens.net> for the patch.  Closes: #537848
  * debian/local/pam-auth-update: only reset the seen flag on the template
    when there's new information; this avoids reprompting users for the same
    information on upgrade, regardless of the debconf priority used.
    Closes: #544805.
  * libpam0g no longer depends on libpam-runtime; packages that use
    /etc/pam.d/common-* must depend directly on libpam-runtime, and most do
    (including the Essential: yes ones), so let's break this circular
    dependency.  Closes: #545086, LP: #424566.

 -- Steve Langasek <vorlon@debian.org>  Mon, 14 Sep 2009 18:47:25 -0700

pam (1.1.0-3) unstable; urgency=low

  * Bump debian/compat to 7, so we can use sane contents in debian/*.install
  * Switch all packages over to dh_install
  * Rename debian/*.lintian to debian/*.lintian-overrides and use dh_lintian
  * Move installation logic out of debian/rules into individual .install
    files
  * Drop superfluous options to dh_installchangelogs, dh_shlibdeps
  * Use debian/clean instead of rm -f'ing files in debian/rules clean target
  * Drop ./configure options that are no-ops
  * Drop the /lib/security/pam_unix_*.so symlinks, which have been deprecated
    now for 10 years and are not used at all if pam-auth-update is in play.
  * Drop the pam_rhosts_auth.so symlink as well, and document in NEWS.Debian
    that this is now obsolete.
  * Drop stale content from README.debian: some of this should have been in
    NEWS.Debian instead (but is so old it's not worth putting it there now),
    some of it is obsolete by the change in package VCS.
  * Convert debian/rules to debhelper 7 and add versioned build-dependencies
    on debhelper and quilt to suit.
  * Drop CFLAGS that we don't need anymore (-fPIC, -D_REENTRANT,
    -D_GNU_SOURCE).
  * Explicitly add -O0 to CFLAGS when noopt is set.
  * debian/patches/autoconf.patch: pull ltmain.sh in, to fix some spurious
    library linkage in the modules.
  * Move pam_cracklib manpage to the libpam-cracklib package, and add the
    requisite Replaces
  * Drop dh_makeshlibs -V; everything from lenny on should use the .symbols
    file instead, making the shlibs redundant so we don't need to care what
    version gets listed there.

 -- Steve Langasek <vorlon@debian.org>  Mon, 07 Sep 2009 18:47:45 -0700

pam (1.1.0-2) unstable; urgency=low

  [ Steve Langasek ]
  * debian/patches/pam_unix_dont_trust_chkpwd_caller.patch: fix this patch
    to call setregid() instead of always returning an error on username
    mismatch in unix_chkpwd, needed in the SELinux case and in some corner
    cases with the broken_shadow option.  Thanks to Michael Spang for the
    analysis.  Closes: #543589.
  * fix the PAM mini-policy to not tell app maintainers that they don't need
    to depend on libpam-modules if they reference modules from there.
  * make libpam-runtime depend on libpam-modules (>= 1.0.1-6) - nothing else
    guarantees that we have pam_unix available for use by pam-auth-update.
  * Use /bin/sh instead of /bin/bash for libpam0g.postinst, since we've
    confirmed there are no longer any bashisms there.  Closes: #519973.
  * Clean up the libpam0g postinst a bit; invoke-rc.d has been a guaranteed
    interface for two stable release cycles now
  * debian/patches/namespace_with_awk_not_gawk: fix the sample
    namespace.init script's dependency on non-POSIX features of gawk, since
    we don't use gawk by default.  Closes: #518908.
  * Updated debconf translations:
    - German, thanks to Sven Joachim <svenjoac@gmx.de> (closes: #544464)

  [ Kees Cook ]
  * debian/local/common-password, debian/pam-configs/unix: switch from "md5"
    to "sha512" as password crypt default.

 -- Steve Langasek <vorlon@debian.org>  Mon, 31 Aug 2009 14:21:27 -0700

pam (1.1.0-1) unstable; urgency=low

  * New upstream version.
    - pam_access no longer does DNS lookups when we know we're comparing
      with a tty name or a service name.  Closes: #376209.
    - fixes for manpage spelling.  Closes: #488690.
    - fix evaluation of or'ed list of users in time.conf and group.conf.
      Closes: #326407, #514423.
  * Drop patches pam_unix_thread-safe_save_old_password.patch,
    pam_env_ignore_garbage.patch, dont_freeze_password_chain,
    pam_1.0.4_mindays, pam_mail-fix-quiet, pam_unix-chkpwd-wait, and
    cve-2009-0887-libpam-pam_misc.patch, which are included upstream.
  * Trim pam.d-manpage-section patch, which was mostly but not completely
    applied upstream.
  * Update debian/libpam0g.symbols for new extension.
  * Bump the shlibs version as well, for our dpkg-shlibdeps fallback.
  * And bump the version checks in the libpam-modules {pre,post}inst, so that
    the necessary services get restarted for any modules that need the new
    symbols.
  * Add /sbin/mkhomedir_helper to libpam-modules.
  * Document that pam_cracklib no longer checks /etc/security/opasswd.
    Closes: #263767.
  * debian/patches/007_modules_pam_unix: drop divergence from upstream
    that treats "0" as a special value in various fields in /etc/shadow,
    and document this in debian/NEWS.  Thanks to Nicolas François
    <nicolas.francois@centraliens.net> for the detailed analysis.
    Closes: #308229.
  * Updated debconf translations:
    - French, thanks to Jean-Baka Domelevo Entfellner <domelevo@gmail.com>
      (closes: #521266)
  * Build with LDFLAGS=-Wl,-z,defs to guard against the possibility of
    any undefined symbols (due to typos or otherwise) at build time.
    Closes: #102311.
  * On upgrade from versions before 1.1.0-1, if
    /etc/pam.d/common-session-noninteractive has not been created (because
    the user declined use of pam-auth-update), create it by copying
    /etc/pam.d/common-session.  Closes: #543401.
  * debian/patches/fix-man-crud: new patch, fix "undefined macro" errors in
    manpages caused by oddities of toolchain used when generating them
    upstream.

 -- Steve Langasek <vorlon@debian.org>  Tue, 25 Aug 2009 20:35:26 -0700

pam (1.0.1-11) unstable; urgency=low

  * debian/libpam-runtime.postinst: bump the --force version check to
    1.0.1-11, to allow for a new common-session-noninteractive config file;
    and include md5sum checking logic that will work the same with old
    unmanaged and new managed /etc/pam.d/common-* files.
  * debian/local/common-{auth,account,session,password}.md5sums: document
    the known md5sums for the new managed files.
  * debian/local/common-session-noninteractive{,.md5sums},
    debian/local/pam-auth-update: split out a session-noninteractive include
    file, so that we can at last distinguish between interactive and
    non-interactive PAM sessions at a policy level.  Closes: #169930,
    LP: #287715.
  * debian/local/pam-auth-update: prune md5sums for unsupported upgrade
    paths (intrepid pre-release -> karmic/squeeze)
  * Clean up the PAM mini-policy, which hasn't been touched in a number of
    years and was looking a bit crufty
  * debian/libpam-runtime.templates:  correctly tag the URL as a
    non-translatable string.
  * Updated debconf translations:
    - Swedish, thanks to Martin Bagge <brother@bsnet.se> (closes: #541399)
    - Portuguese, thanks to Américo Monteiro <a_monteiro@netcabo.pt>
      (closes: #541108)
    - Russian, thanks to Yuri Kozlov <yuray@komyakino.ru> (closes: #541094)

 -- Steve Langasek <vorlon@debian.org>  Sun, 23 Aug 2009 18:07:11 -0700

pam (1.0.1-10) unstable; urgency=high

  [ Steve Langasek ]
  * Updated debconf translations:
    - Finnish, thanks to Esko Arajärvi <edu@iki.fi> (closes: #520785)
    - Russian, thanks to Yuri Kozlov <yuray@komyakino.ru> (closes: #521874)
    - German, thanks to Sven Joachim <svenjoac@gmx.de> (closes: #521530)
    - Basque, thanks to Piarres Beobide <pi+debian@beobide.net>
      (closes: #524285)
  * When no profiles are chosen in pam-auth-update, throw an error message
    and prompt again instead of letting the user end up with an insecure
    system.  This introduces a new debconf template.  Closes: #519927,
    LP: #410171.

  [ Kees Cook ]
  * Add debian/patches/pam_1.0.4_mindays: backport upstream 1.0.4 fixes
    for MINDAYS-Field regression (closes: #514437).
  * debian/control: add missing misc:Depends for packages that need it.

  [ Sam Hartman ]
  * Remove conflicts information for transitions prior to woody release
  * Fix lintian overrides for libpam-runtime
  * Overrides for lintian finding quilt patches
  * pam_mail-fix-quiet: patch from Andreas Henriksson
    applied upstream to fix quiet option of pam_mail, Closes: #439268

  [ Dustin Kirkland ]
  * debian/patches/update-motd: run the update-motd scripts in pam_motd;
    render update-motd obsolete, LP: #399071

  [ Sam Hartman ]
  * cve-2009-0887-libpam-pam_misc.patch: avoid integer signedness problem
    (CVE-2009-0887) (Closes: #520115)

 -- Steve Langasek <vorlon@debian.org>  Thu, 06 Aug 2009 17:54:32 +0100

pam (1.0.1-9) unstable; urgency=low

  * Move the pam module packages to section 'admin'.
  * 027_pam_limits_better_init_allow_explicit_root: defaults need to be
    declared as LIMITS_DEF_DEFAULT instead of LIMITS_DEF_ALL, otherwise
    global limits will fail to be applied.  LP: #314222.

 -- Steve Langasek <vorlon@debian.org>  Fri, 20 Mar 2009 19:48:47 -0700

pam (1.0.1-8) unstable; urgency=low

  * Updated debconf translations:
    - Bulgarian, thanks to Damyan Ivanov <dmn@debian.org> (closes: #518121)
    - Spanish, thanks to Javier Fernandez-Sanguino Peña <jfs@debian.org>
      (closes: #518214)
    - Swedish, thanks to Martin Bagge <brother@bsnet.se> (closes: #518324)
    - Vietnamese, thanks to Clytie Siddall <clytie@riverland.net.au>
      (closes: #518329)
    - Japanese, thanks to Kenshi Muto <kmuto@debian.org> (closes: #518335)
    - Slovak, thanks to Ivan Masár <helix84@centrum.sk> (closes: #518341)
    - Czech, thanks to Miroslav Kure <kurem@debian.cz> (closes: #518992)
    - Portuguese, thanks to Américo Monteiro <a_monteiro@netcabo.pt>
      (closes: #519204)
    - Galician, thanks to Marce Villarino <mvillarino@users.sourceforge.net>
      (closes: #519447)
    - Romanian, thanks to Eddy Petrișor <eddy.petrisor@gmail.com>
      (closes: #520552)
  * 027_pam_limits_better_init_allow_explicit_root: set the RLIMIT_MEMLOCK
    limit correctly to match the kernel default, which is not RLIM_INFINITY.
    Closes: #472629.

 -- Steve Langasek <vorlon@debian.org>  Fri, 20 Mar 2009 18:15:07 -0700

pam (1.0.1-7) unstable; urgency=low

  * 027_pam_limits_better_init_allow_explicit_root:
    - fix the patch so that our limit resets are actually *applied*,
      which has apparently been broken for who knows how long!
    - shadow the finite kernel defaults for RLIMIT_SIGPENDING and
      RLIMIT_MSGQUEUE as well, so that the preceding change doesn't
      suddenly expose systems to DoS or other issues.
    - include documentation in the patch, giving examples of how to set
      limits for root.  Thanks to Jonathan Marsden.
  * pam-auth-update: swap out known md5sums from intrepid pre-release
    versions with the md5sums from the released intrepid version
  * pam-auth-update: set the umask, so we don't accidentally mark
    /etc/pam.d/common-* unreadable.  Thanks to Martin Krafft for catching.
    Closes: #518042.

 -- Steve Langasek <vorlon@debian.org>  Tue, 03 Mar 2009 17:18:42 -0800

pam (1.0.1-6) unstable; urgency=low

  * Updated debconf translations:
    - Vietnamese, thanks to Clytie Siddall <clytie@riverland.net.au>
  * New patch dont_freeze_password_chain, cherry-picked from upstream:
    don't always follow the same path through the password stack on
    the PAM_UPDATE_AUTHTOK pass as was used in the PAM_PRELIM_CHECK
    pass; this Linux-PAM deviation from the original PAM spec causes a
    number of problems, in particular causing wrong return values when
    using the refactored pam-auth-update stack.  LP: #303515, #305882.
  * debian/local/pam-auth-update (et al): new interface for managing
    /etc/pam.d/common-*, using drop-in config snippets provided by module
    packages.

 -- Steve Langasek <vorlon@debian.org>  Sat, 28 Feb 2009 13:36:57 -0800

pam (1.0.1-5) unstable; urgency=low

  * Build-conflict with libxcrypt-dev, which otherwise pulls libxcrypt in as
    a dependency of libpam-modules if it's installed during the build.
    Thanks to Larry Doolittle for catching.
  * Don't refer to gnome-screensaver in the debconf template; it isn't
    actually affected by the libpam symbol issue because it forks a separate
    process to display the screensaver dialog.
  * Have libpam-modules Pre-Depend on ${misc:Depends}, so that we can
    warn users about needing to disable xscreensaver and xlockmore
    before libpam-modules is unpacked.  Closes: #502140, LP: #256238.
  * Updated debconf translations for the new template:
    - Italian, thanks to David Paleino <d.paleino@gmail.com>
    - Simplified Chinese, thanks to Deng Xiyue
      <manphiz-guest@users.alioth.debian.org> (closes: #510371)
    - Portuguese, thanks to Américo Monteiro <a_monteiro@netcabo.pt>
    - Swedish, thanks to Martin Bagge <brother@bsnet.se> (closes: #510379)
    - Japanese, thanks to Kenshi Muto <kmuto@debian.org> (closes: #510380)
    - Finnish, thanks to Esko Arajärvi <edu@iki.fi> (closes: #510382)
    - Spanish, thanks to Javier Fernandez-Sanguino Peña <jfs@debian.org>
      (closes: #510389)
    - Galician, thanks to Marce Villarino <mvillarino@gmail.com>
    - Slovak, thanks to helix84 <helix84@centrum.sk> (closes: #510412)
    - Bulgarian, thanks to Damyan Ivanov <dmn@debian.org>
    - Czech, thanks to Miroslav Kure <<kurem@upcase.inf.upol.cz>
      (closes: #510608)
    - French, thanks to Steve Petruzzello <dlist@bluewin.ch>
    - German, thanks to Sven Joachim <svenjoac@gmx.de> (closes: #510617)
    - Basque, thanks to Piarres Beobide <pi+debian@beobide.net>
      (closes: #510699)
    - Russian, thanks to Yuri Kozlov <yuray@komyakino.ru> (closes: #510701)
    - Turkish, thanks to Mert Dirik <mertdirik@gmail.com> (closes: #510707)

 -- Steve Langasek <vorlon@debian.org>  Tue, 06 Jan 2009 00:05:13 -0800

pam (1.0.1-4) unstable; urgency=high

  * High-urgency upload for RC bugfix.

  [ Julien Cristau ]
  * pam_unix-chkpwd-wait: don't assume that the unix_chkpwd process exits
    normally; if it was killed by a signal, we don't want to accept the
    password.  Closes: #495879.

  [ Steve Langasek ]
  * 007_modules_pam_unix: update the manpage at the same time as the xml
    source (grr, autogenerated files in source packages).  Closes: #495804.
  * 055_pam_unix_nullok_secure: also don't call the helper at all from
    _unix_blankpasswd when we can detect that null passwords are disallowed,
    to avoid causing spammy logs on successful authentications.
    Closes: #496620.
  * debian/rules: call chgrp *before* calling chmod, lest the sgid bit
    on unix_chkpwd be cleared during the build when using -rsudo.
    Closes: #496983.

 -- Steve Langasek <vorlon@debian.org>  Thu, 28 Aug 2008 22:59:23 -0700

pam (1.0.1-3) unstable; urgency=high

  * 055_pam_unix_nullok_secure: don't call _pammodutil_tty_secure with a NULL
    tty argument, since this will cause our helper to segfault instead of
    returning a useful value.  Thanks to Troy Davis for the report.
    Closes: #495806.

 -- Steve Langasek <vorlon@debian.org>  Wed, 20 Aug 2008 11:55:47 -0700

pam (1.0.1-2) unstable; urgency=low

  * 007_modules_pam_unix: update the documentation to correctly document
    the default minimum password length is 6, not 1.
  * Look for cups instead of cupsys as an init script name when restarting
    services; thanks to Stephen Olander-Waters for pointing this out.
    Closes: #492977.
  * Update the Debian PAM mini-policy to remove references to the
    long-obsolete pam_pwdb, and clarify the relationship between pam_stack
    and @include.
  * Drop various bits of unused cruft from the debian/ directory.
  * Drop libpam-runtime.preinst, only used for upgrades from woody to sarge
    to deal with modified conffiles.
  * Build-Conflict with libdb4.2-dev, which satisfies the libdb-dev
    build-dependency but causes pam_userdb to be silently omitted.
    Closes: #493574.
  * 054_pam_security_abstract_securetty_handling: move the warning log about
    an insecure tty back to pam_securetty proper; we don't want to generate
    log messages every time pam_unix is called as non-root.
    Closes: #493283.  As a side-effect, pam_unix no longer logs any warnings
    about NULL password + insecure tty, but I don't think this is critical.

 -- Steve Langasek <vorlon@debian.org>  Fri, 08 Aug 2008 10:47:26 -0700

pam (1.0.1-1) unstable; urgency=low

  * New upstream version.
    - pam_limits: bound RLIMIT_NICE from below. Closes: #403718.
    - pam_mail: set the MAIL variable even when .hushlogin is set.
      Closes: #421010.
    - new minclass option introduced for pam_cracklib.  Closes: #454237.
    - fix a failure to check the string length when matching usernames in
      pam_group.  Closes: #444427.
    - fix setting shell security context in pam_selinux.  Closes: #451722.
    - use --disable-audit, to avoid libaudit being linked in
      accidentally
    - pam_unix now supports SHA-256 and SHA-512 password hashes.
      Closes: #484249, LP: #245786.
    - pam_rhosts_auth is dropped upstream (closes: #382987); add a compat
      symlink to pam_rhosts to support upgrades for a release, and give a
      warning in NEWS.Debian.
    - new symbol in libpam.so.0, pam_modutil_audit_write; shlibs bump, and
      do another round of service restarts on upgrade.
    - pam_unix helper is now called whenever an unprivileged process
      tries and fails to query a user's account status.  Closes: #367834.
  * Drop patches 006_docs_cleanup, 015_hurd_portability,
    019_pam_listfile_quiet, 024_debian_cracklib_dict_path, 038_support_hurd,
    043_pam_unix_unknown_user_not_alert, 046_pam_group_example,
    no_pthread_mutexes, limits_wrong_strncpy, misc_conv_allow_sigint.patch,
    pam_tally_audit.patch, 057_pam_unix_passwd_OOM_check, and
    065_pam_unix_cracklib_disable which have been merged upstream.
  * Patch 022_pam_unix_group_time_miscfixes: partially merged upstream;
    now is really just "pam_group_miscfixes".
  * Patch 007_modules_pam_unix partially superseded upstream; stripping
    hpux-style expiry information off of password fields is now supported.
  * New patch pam_unix_thread-safe_save_old_password.patch, to make sure all
    our getpwnam() use in pam_unix is thread-safe (fixes an upstream
    regression)
  * New patch pam_unix_fix_sgid_shadow_auth.patch, fixing an upstream
    regression which prevents sgid shadow apps from being able to authenticate
    any more because the module forces use of the helper and the helper won't
    allow authentication of arbitrary users.  This change does mean we're
    going to be noisier for the time being in an SELinux environment, which
    should be addressed but is not a regression on Debian.
  * New patch pam_unix_dont_trust_chkpwd_caller.patch, rolling back an
    upstream change that causes unix_chkpwd to assume that setuid(getuid())
    is sufficient to drop permissions and attempt any authentication on
    behalf of the user.
  * The password-changing helper functionality for SELinux systems has been
    split out into a separate unix_update binary, so at long last we can
    change unix_chkpwd to be sgid shadow instead of suid root.
    Closes: #155583.
    - Update the lintian override to match.
  * Install the new unix_update helper into libpam-modules.
  * Use a pristine upstream tarball instead of repacking; requires various
    changes to debian/rules and debhelper files.
  * Replace the Vcs-Svn field with a Vcs-Bzr field; jumping ship from svn,
    and how!
  * Debconf translations:
    - Romanian, thanks to Igor Stirbu <igor.stirbu@gmail.com>
      (closes: #491821)
  * Add libpam0g.symbols, for finer-grained package dependencies with
    dpkg-gensymbols.
  * Fix debian/copyright to list the known copyright holders
  * Fix up the doc-base sections for the libpam-doc documentation, "Apps"
    should not be part of the section name
  * Also fix up whitespace issues in the doc-base abstracts
  * Fix a typo in the libpam0g-dev description.
  * 027_pam_limits_better_init_allow_explicit_root: RLIM_INFINITY is also
    invalid for RLIMIT_NOFILE, so when resetting the limits for a new session,
    use the kernel default of 1024 instead.  Closes: #404836.
  * Create /etc/environment on initial install of libpam-modules (or on
    upgrade from an old version), to quell warnings in the logs about it
    being missing.  Closes: #442049.
  * 026_pam_unix_passwd_unknown_user: drop a redundant, and broken, check for
    the NSS source of our user; this was preventing password changes for NIS
    users, which otherwise should have worked.  Closes: #203222, LP: #9224.
  * New patch do_not_check_nis_accidentally: respect the 'nis' option
    (set or unset) when looking up the user's password entry for password
    changes.  Thanks to Quentin Godfroy <godfroy@clipper.ens.fr> for the
    patch.  Closes: #469635.
  * Drop patch 049_pam_unix_sane_locking, which upon review is not needed;
    it reduces the length of time we hold the lock, but at the expense of
    being able to enforce minimum times between password changes.
  * debian/watch: upstream has hit 1.0, so we're no longer in a "pre"
    directory.  Fix up the regex for uscan.
  * Fix the libpam0g-dev examples directory to not include a gratuitous
    .cvsignore file.
  * New patch, pam.d-manpage-section, to fix the manpage references to
    point to section 5 instead of section 8.
  * Update patch PAM-manpage-section to fix the references to pam(7) from
    other manpages.  Closes: #470137.
  * Add debian/README.source documenting that this package uses quilt.
  * Bump Standards-Version to 3.8.0.
  * Fix a bug in the uid-restoring code in the hurd_no_setfsuid patch; thanks
    to Tomas Mraz <tmraz@redhat.com> for indirectly bringing this to my
    attention

 -- Steve Langasek <vorlon@debian.org>  Mon, 28 Jul 2008 13:56:26 -0700

pam (0.99.7.1-7) unstable; urgency=medium

  * Medium-urgency upload for RC bugfix
  * Debconf translations:
    - Italian, thanks to David Paleino <d.paleino@gmail.com> (closes: #483913)
    - Slovak, thanks to Ivan Masár <helix84@centrum.sk> (closes: #488908)
    - Turkish, thanks to Mert Dirik <mertdirik@gmail.com> (closes: #490880)
    - Basque, thanks to Piarres Beobide <pi+debian@beobide.net>
      (closes: #473975)
  * Drop the 'XS' from Vcs-Svn/Vcs-Browser, since these are now officially
    recognized fields.
  * Add a Homepage field.  Closes: #473338.
  * Drop -DCRACKLIB_DICTS from CFLAGS, since the referenced define is no
    longer provided by cracklib2-dev 2.8 and above.  This requires a
    build-dependency on the corresponding version of libcrack2-dev.
    Closes: #490236.

 -- Steve Langasek <vorlon@debian.org>  Mon, 21 Jul 2008 11:49:59 -0700

pam (0.99.7.1-6) unstable; urgency=low

  * Debconf translations:
    - Updated Vietnamese, thanks to Clytie Siddall <clytie@riverland.net.au>
      (closes: #444437)
    - Updated Spanish, thanks to Javier Fernández-Sanguino Peña
      <jfs@debian.org> (closes: #444479)
    - Updated German, thanks to Sven Joachim <svenjoac@gmx.de>
      (closes: #444566)
    - Galician, thanks to Jacobo Tarrio <jtarrio@trasno.net> (closes: #444758)
    - Updated Czech, thanks to Miroslav Kure <kurem@upcase.inf.upol.cz>
      (closes: #445022)
    - French, thanks to Cyril Brulebois <cyril.brulebois@enst-bretagne.fr>
      (closes: #445869)
    - Japanese, thanks to Kenshi Muto <kmuto@debian.org> (closes: #446584)
    - Dutch, thanks to Bart Cornelis <cobaco@skolelinux.no> (closes: #448930)
    - Basque, thanks to Piarres Beobide <pi@beobide.net> (closes: #457042)
    - Updated Finnish, thanks to Esko Arajärvi <edu@iki.fi> (closes: #458264)
    - Swedish, thanks to Christer Andersson <klamm@comhem.se>
      (closes: #457674)
  * Make sure the "audit" option is specified in octal instead of in decimal,
    so that it doesn't randomly set other options.  Thanks to Corey Wright
    <undefined@pobox.com> for the catch.  Closes: #446327.

 -- Steve Langasek <vorlon@debian.org>  Sun, 16 Mar 2008 02:06:28 -0700

pam (0.99.7.1-5) unstable; urgency=low

  * More lintian overrides, related to debconf prompting in the postinst
  * Debconf translations:
    - Brazilian Portuguese, thanks to Eder L. Marques <frolic@debian-ce.org>
      (closes: #440385)
    - Russian, thanks to Yuri Kozlov <kozlov.y@gmail.com>
      (closes: #440390, #440953, #444039)
    - Bulgarian, thanks to Damyan Ivanov <dam@modsoftsys.com>
      (closes: #441863)
    - Finnish, thanks to Esko Arajärvi <edu@iki.fi> (closes: #443720)
    - Simplified Chinese, thanks to Ming Hua
      <minghua-guest@users.alioth.debian.org> (closes: #443924)
    - Updated Portuguese, thanks to Américo Monteiro <a_monteiro@netcabo.pt>
    - Updated Vietnamese, thanks to Clytie Siddall <clytie@riverland.net.au>
      (closes: #440800)
    - Updated German, thanks to Sven Joachim <svenjoac@gmx.de>
    - Updated Spanish, thanks to Javier Fernández-Sanguino Peña
      <jfs@debian.org>
    - Updated Czech, thanks to Miroslav Kure <kurem@debian.cz>
      (closes: #441325)
  * Further cleanups of 007_modules_pam_unix -- don't use a global variable
    for pass_min_len, don't gratuitously move the length checking into the
    "obscure" checks, and internationalize the error strings.
  * Stop overriding the built-in default minimum password length in
    /etc/pam.d/common-password, and also drop the "max" option which has now
    been obsoleted.
  * Fix up the comments in /etc/pam.d/common-password to make it clear that
    the options are specific to pam_unix.  Closes: #414559.
  * Patch 038: fix another thinko in the getline handling.  Closes: #442276.
  * If there are active X logins, don't restart kdm, wdm, and xdm by default;
    instead, display a debconf error if they haven't been restarted.
    Closes: #441843.
  * Drop the local patch for Linux capabilities in pam_limits; Linux
    capabilities are not generally useful in a PAM context, and the PAM
    capabilities patch has been broken through much of its life.
    Closes: #440130.
  * -Wl,-z,defs was never enabled correctly, drop it since upstream is
    already using -no-undefined
  * Pass --build and --host args to ./configure as necessary, for
    cross-building support.

 -- Steve Langasek <vorlon@debian.org>  Fri, 28 Sep 2007 00:17:00 -0700

pam (0.99.7.1-4) unstable; urgency=low

  * libpam0g.postinst, libpam0g.templates: gdm doesn't need to be restarted
    to fix the library skew, only reloaded; special-case this daemon in the
    postinst and remove the mention of it from the debconf template, also
    tightening the language of the debconf template in the process.
    Closes: #440074.
  * Add courier-authdaemon to the list of services that need to be
    restarted; thanks to Micah Anderson for reporting.
  * New patch pam_env_ignore_garbage.patch: fix pam_env to really skip over
    garbage lines in /etc/environment and log an error, instead of failing
    with an obscure error; and ignore any PAM_BAD_ITEM values returned
    by pam_putenv(), since this is the expected error return when trying
    to delete a non-existent var.  Closes: #439984.
  * Yet another thinko in hurd_no_setfsuid and in
    029_pam_limits_capabilities; this code should really be Hurd-safe at
    last...
  * getline() returns -1 on EOF, not 0; check this appropriately, to fix
    an infinite loop in pam_rhosts_auth.  Thanks to Stephan Springl
    <springl-rhosts@bfw-online.de> for the fix.  Closes: #440019.
  * Use ${misc:Depends} for libpam0g, so we get a proper dependency on
    debconf.
  * 019_pam_listfile_quiet: per discussion with upstream, don't suppress
    errors about missing files or files with wrong permissions; these are
    real errors that should not be buried.
  * Drop the remainder of 061_pam_issue_double_free, not required for the
    original bugfix.
  * Drop patch 064_pam_unix_cracklib_dictpath, which is not needed now that
    we define CRACKLIB_DICTS in debian/rules.
  * Drop patch 063_paswd_segv, superseded by a different upstream fix
  * Split 047_pam_limits_chroot_string_value up between
    008_modules_pam_limits_chroot and 029_pam_limits_capabilites
  * Updates to patch 007_modules_pam_unix: restore the same built-in min
    password len of 6 that upstream uses; fix a typo panlindrome ->
    palindrome.
  * The 'max=' option was never intended to be used to limit maximum password
    length for users, only to declare what the number of significant
    characters /is/ for a password.  But we don't need a config option to
    tell us that, we know the answer based on which crypt type we're using,
    so drop this as a config file option.  Closes: #389197.
  * Debconf translations:
    - Spanish, thanks to Javier Fernández-Sanguino Peña <jfs@debian.org>
    - Vietnamese, thanks to Clytie Siddall <clytie@riverland.net.au>
    - German, thanks to Sven Joachim <svenjoac@gmx.de> (closes: #440355)
    - Czech, thanks to Miroslav Kure <kurem@upcase.inf.upol.cz>
      (closes: #440362)
    - Portuguese, thanks to Américo Monteiro <a_monteiro@netcabo.pt>
      (closes: #440368)

 -- Steve Langasek <vorlon@debian.org>  Fri, 31 Aug 2007 17:11:05 -0700

pam (0.99.7.1-3) unstable; urgency=low

  * New patch limits_wrong_strncpy: fix unnecessary manipulations of string
    buffers, including an illegal use of strncpy().  Thanks to Paul Hampson
    for reporting.  Closes: #331278.
  * New patch misc_conv_allow_sigint.patch: allow SIGINT to be handled by the
    application, instead of blocking it when misc_conv is in use and
    preventing users from being able to ^C at any PAM prompt.  Closes: #1708.
  * 024_debian_cracklib_dict_path: default to NULL instead of a specific
    dictionary path when none is defined for consistency with the new upstream
    version of cracklib, and define our path in debian/rules.
  * 055_pam_unix_nullok_secure: document the pam_unix "nullok_secure" option,
    a prereq for forwarding this patch upstream.  Closes: #325974.
  * Create /etc/security/opasswd on new installs or on upgrades from
    0.99.7.1-2 or below, so that users that enable the remember=<n> option to
    pam_unix aren't left unable to change passwords.  Closes: #95324.
  * Fix a couple of thinkos in hurd_no_setfsuid, that were preventing the code
    from compiling on the Hurd still.  Thanks to Michael Banck for the catch.
  * Fix a memory leak in the pam_limits capabilities patch: always
    cap_free() the cap_t before returning from pam_sm_open_session().
    Closes: #153157.
  * libpam0g.postinst, libpam0g.templates: on upgrades from versions
    prior to 0.99.7.1-3, restart known PAM-using services so that they
    get the new libpam symbols, since otherwise the newer PAM modules
    will fail to load.  Postinst taken from libssl0.9.8; thanks to
    Christoph Martin for the fine example!  Closes: #439835.
  * Build-depend on po-debconf to support l10n of the debconf questions
    from the above.

 -- Steve Langasek <vorlon@debian.org>  Tue, 28 Aug 2007 06:33:33 -0700

pam (0.99.7.1-2) unstable; urgency=low

  * New upstream release; thanks to Roger Leigh and Jan Christoph Nordholz
    for their extensive work in helping to prepare for this update in Debian.
    Closes: #360460.
    - now uses autoconf for library detection, so SELinux should not be
      unconditionally enabled on non-Linux archs.  Closes: #333141.
    - pam_mail notice handling has been completely reworked, so there should
      no longer be missing spaces in the messages.  Closes: #119689.
    - with libtool and autoconf, now behaves "sensibly" on unknown
      platforms.  Closes: #165067.
    - the source now builds without warnings.  Closes: #212165.
    - uses automake instead of hand-rolled makefiles with indentation
      bugs.  Closes: #241661, #328084.
    - pam_mkhomedir now creates directories recursively as needed.
      Closes: #178225.
    - pam_listfile now supports being used as a session module too.
      Closes: #416665.
    - misspelled pam_userdb log message has been corrected.  Closes: #305058.
    - the current pam_strerror manpage no longer mentions "Unknown
      Linux-PAM error".  Closes: #220157.
    - the text documentation no longer uses ANSI bold sequences.
      Closes: #181451.
    - pam_localuser now supports being used as a session module.
      Closes: #412484.
    - package no longer fails to build with dash as /bin/sh.
      Closes: #331208.
    - All modules should now be documented in the system administrator
      guide.  Closes: #350620.
    - pam_userdb now logs an error instead of segfaulting when no db=
      option is provided.  Closes: #436005.
    - pam_time now warns on a missing tty instead of erroring out,
      making it possible to use the module with non-console services.
      Closes: #127931.
    - upstream changelog is now 'ChangeLog' instead of 'CHANGELOG'; install
      accordingly
    - bump the shlibs
    - the 'test.c' example no longer exists
    - add /usr/share/locale to libpam-runtime.
    - CVE-2005-2977: only uid=0 is allowed to invoke unix_chkpwd with an
      arbitrary username, and then only when SELinux is active.
      Closes: #336344.
  * Mark myself as primary maintainer as previously discussed with Sam, and
    add Roger as an uploader.
  * Refactor to use quilt.
  * Update to Standards-Version 3.7.2.
  * Drop unnecessary build-dependency on patch, which is
    build-essential (and no longer invoked directly).
  * Drop patches 002_debian_no_ldconfig_call, 010_pam_cplusplus,
    018_man_fixes, 030_makefile_link_against_libpam,
    037_pam_issue_ttyname_can_be_null, 044_configure_supports_bsd,
    050_configure_in_gnu and 052_pam_unix_no_openlog, which have been
    superseded upstream.
  * Drop patches 005_pam_limits_099_6,
    012_pam_group_less_restrictive_charset, 023_pam_env_limits_miscfixes,
    048_pam_group_colon_valid_char, 058_pam_env_enable, 059_pam_userdb_segv,
    060_pam_tally_segv and 062_c++_safe_headers, which have been integrated
    upstream.
  * Patch 057: SELinux support is merged upstream, leaving only an
    unrelated OOM check for pam_unix_passwd.  Rename as
    057_pam_unix_passwd_OOM_check.
  * Patches 006, 008, 036: update for the switch from SGML to XML.
  * Patch 007: update for the switch from SGML to XML; drop some log
    messages that were already added upstream; update for the pam_modutil
    changes; tighten the flag handling of the 'obscure' option; drop bogus
    check in unix_chkpwd for null passwords.  Also fix a grammar error
    along the way.  Closes: #362855.
  * Patch 024: CRACKLIB_DICTPATH is no longer set in configure.in, so patch
    pam_cracklib.c instead to use the default dictpath already available
    from crack.h; and patch configure.in to use AC_CHECK_HEADERS instead
    of AC_CHECK_HEADER, so crack.h is actually included.  Also remove
    unnecessary string copies, which break on the Hurd due to PATH_MAX.
  * Patch 038: partially merged/superseded upstream; also add new Hurd
    fix for pam_xauth.
  * Patch 061: partially merged upstream
  * Use ${binary:Version} instead of ${Source-Version} in
    debian/control.
  * Remove empty maintainer scripts debian/libpam0g-dev.{postinst,prerm},
    debian/libpam0g.{postinst,prerm}, and
    debian/libpam-modules.{postinst,prerm}; debhelper can autogenerate these
    just fine without our help.
  * Build-Depend on xsltproc, libxml2-utils, docbook-xml, docbook-xsl
    and w3m instead of on linuxdoc-tools, linuxdoc-tools-latex, tetex-extra,
    groff, and opensp.
  * Also build-depend on flex for libfl.a.
  * Updates for documentation handling:
    - move debian/local/pam-*-guide to debian/libpam-doc.doc-base.foo-guide,
      and invoke dh_installdocs instead of installing these by hand.
    - drop libpam-doc.{postinst,prerm}, which are no longer needed.
    - add an install target to debian/rules, and have binary-indep depend on
      it instead of trying to install doc files individually from the source
      tree
    - consequently, drop libpam-doc.dirs as well which is no longer needed
      and no longer accurate
    - add debian/libpam-doc.install for moving the docs to the right place,
      and also replace libpam-runtime.files with libpam-runtime.install;
      for the moment this means we're using both dh_movefiles and
      dh_install...
    - libpam0g.docs: install the Debian-PAM-MiniPolicy from here, further
      cleaning up debian/rules
  * Drop debian/libpam0g.links, no longer needed because upstream now has a
    working install target which creates the library symlinks
  * Add libpam-modules.links: create pam_unix_{acct,auth,passwd,session}.so
    symlinks by hand, no longer provided upstream.
  * debian/patches-applied/PAM-manpage-section: "PAM" is not a daemon, manpage
    belongs in section 7, not in section 8.
  * Actually ship the pam, pam.conf, and pam.d manpages in libpam-runtime.
  * debian/patches-applied/autoconf.patch: move all changes to autotools
    generated files into a single patch at the end of the stack.
    - don't touch configure in debian/rules, the quilt patch takes care
      of this for us.
  * New patch 064_pam_unix_cracklib_dictpath: correctly define
    CRACKLIB_DICTS, since this is not defined by configure.  Thanks to Jan
    Christoph Nordholz.
  * New patch 065_pam_unix_cracklib_disable: Debian-specific patch to disable
    cracklib support in pam_unix.  Thanks to Christoph Nordholz.
  * debian/rules:
    - Rename OS_CFLAGS to CFLAGS.
    - kill off references to unused variables
    - make binary-arch also depend on the install target, and streamline the
      rules
    - fix up the clean target to not ignore errors; thanks to Roger Leigh
    - drop the local module_check target in favor of using -Wl,-z,defs
      in LDFLAGS to enforce correct linkage of all objects at build time
  * Drop debian/local/unix_chkpwd.8 in favor of the upstream manpage.
  * libpam-modules.files: /usr/sbin/pam_tally has moved to /sbin/pam_tally
    for consistency.
  * Update to debhelper V5.
  * Don't ship Makefiles as part of the libpam0g-dev examples.
  * libpam-modules.manpages, libpam-runtime.manpages, libpam0g-dev.manpages:
    put all the manpages in the correct packages.  Closes: #411812,
    #62193, #313486, #300773, #330545, #184270.
  * Drop libpam{0g,0g-dev,-modules,-runtime}.dirs, not needed for anything
    because we aren't trying to ship empty directories in the packages
  * Build-Conflict with fop, to avoid unreproducible builds of pdf
    documentation from a tool in contrib.
  * libpam-cracklib should depend on a real wordlist package, per policy;
    use wamerican as the default.
  * Drop local/pam-undocumented.7 from the package, since we no longer have
    a reason to ship it
  * Add lintian overrides for known false-positives
  * Conflicts/Replaces/Provides libpam-umask, now included upstream.
    Closes: #436222.
  * Upstream no longer marks unix_chkpwd suid-root for us, so set the perms
    by hand in debian/rules.  In the process, unix_chkpwd is now writable
    by the owner, as expected by policy.  Closes: #368100.
  * Migrate from db4.3 to db4.6; once again, no administrator action should
    be needed for upgrading on-disk database formats.  Closes: #354309.
  * Add XS-Vcs-Svn and XS-Vcs-Browser fields to debian/control; thanks to
    Laurent Bigonville for the hint.  Closes: #439038.
  * Add a watch file for use with uscan; thanks to Laurent Bigonville for
    this patch as well.  Closes: #439040.
  * Rewrite of 031_pam_include, fixing a memory leak and letting us drop
    patch 056_no_label_at_end; thanks to Jan Christoph Nordholz
    <hesso@pool.math.tu-berlin.de> for this much-improved version!
  * New patch no_pthread_mutexes: don't use pthread mutexes in
    pam_modutil functions, they're not needed because pam handles
    themselves should not be used concurrently by multiple threads and
    using pthreads causes problems for portable linking.
  * New patch hurd_no_setfsuid: if we don't have sys/fsuid.h, work around
    using setreuid instead.

 -- Steve Langasek <vorlon@debian.org>  Sun, 26 Aug 2007 19:15:09 -0700

pam (0.79-4) unstable; urgency=medium

  * Medium-urgency upload; at least one RC bugfix, but also a
    significant number of changes, hence not urgency=high.
  * Move libpam-modules and libpam0g to Section: libs and libpam-runtime
    to section: admin, to match the overrides in the archive.
  * Move old changelog entries (well, entry) that don't follow the current
    format to debian/changelog.old, since there's no way to figure out a
    timestamp for an 8-year-old upload, and this is the most effective
    way to clear a glut of lintian warnings.
  * Fix the formatting of the libpam-cracklib package description.
  * Patch 010: remove parts of the patch that aren't necessary for C++
    compatibility.
  * Patch 060: fix a segfault in pam_tally caused by misuse of
    pam_get_data(); already fixed upstream.  Closes: #335273.
  * Patch 061: fix a double free in pam_issue, caused by overuse (and misuse)
    of strdup (similar to patch 059).  Already fixed upstream.
    Closes: #327272.
  * Don't build-depend on libselinux1-dev and libcap-dev on kfreebsd archs.
    Closes: #352329.
  * Patch 005: sync pam_limits with upstream:
    - support "-" (unlimited) for all limit types except process priority.
    - support the additional aliases "-1", "unlimited", and "infinity" for
      clearing the limits; closes: #122400, #149027.
    - restrict the range of process priority, login count, and system login
      count settings to (INT_MIN,INT_MAX) (heh).
    - special-case RLIM_INFINITY when applying multipliers to values from
      the config.
    - document maxsyslogins in the default limits.conf; closes: #149883.
    - use the current process priority as a default instead of resetting to
      0; closes: #241663.
    - add support for (and document) new RLIMIT_NICE and RLIMIT_RTPRIO
      settings in Linux 2.6.12 and above; closes: #313542, #313588.
    - allow imposing limits on uid=0.
  * Patch 027: only set RLIM_INFINITY as the default for the limits where
    we know this is sensible, so that recompiling in an environment with new
    limits doesn't create a security hole -- as happened with RLIMIT_NICE and
    RLIMIT_RTPRIO!  Thanks to Ville Hallik for the initial patch.
    Closes: #388431.
  * Patch 029, 047: Fix up the broken pam_limits capabilities patch so it
    actually works -- which may well be a first...  Closes: #318452.

 -- Steve Langasek <vorlon@debian.org>  Mon, 23 Oct 2006 05:36:08 -0700

pam (0.79-3.2) unstable; urgency=low

  * Non-maintainer upload to fix important bug, that makes passwd segfault
    when CTRL-D is pressed at the password prompt.  Applied the patch
    provided by Dann Frazier.  (Closes: #360657)

 -- Margarita Manterola <marga@debian.org>  Sat,  5 Aug 2006 02:11:22 -0300

pam (0.79-3.1) unstable; urgency=low

  * Non-maintainer upload.
  * Linux-PAM/libpamc/include/security/pam_client.h,
    Linux-PAM/libpamc/pamc_converse.c: Apply patch from
    latest upstream version to remove redefinition of internal
    glibc/libstdc++ types.  Closes: #344447.

 -- Roger Leigh <rleigh@debian.org>  Sun,  5 Feb 2006 21:46:59 +0000

pam (0.79-3) unstable; urgency=low

  * Patch 059
    - Fix a segfault in pam_userdb when the new "crypt=" option
      is unset, as will be the case for all existing users; already fixed
      upstream.  Closes: #330829.
    - Fix a memory leak in the same code due to gratuitous strdup()s.
  * Further regression in pam_env: don't treat a missing /etc/environment
    as a fatal error, either.  Amend patch 058 accordingly.  Closes: #330852.

 -- Steve Langasek <vorlon@debian.org>  Fri, 30 Sep 2005 01:17:53 -0700

pam (0.79-2) unstable; urgency=low

  The ".c.o: rm -rf $@" release
  * Fix debian/rules so that make clean doesn't remove ./configure when the
    timestamp on configure.in is newer (!).
  * Switch pam_userdb from db3 to db4.3, which according to the libdb
    maintainers should require no manual intervention for upgrading on-disk
    database formats.  Closes: #165068.
  * Patch 058:  yes, of course we want to read /etc/environment by
    default.  Grr!  Revert upstream change which disables this for no
    apparent reason (closes: #330458).
  * Tweak selinux rootok code to use the version of the function call that
    doesn't pollute namespace

 -- Steve Langasek <vorlon@debian.org>  Tue, 27 Sep 2005 02:44:36 -0700

pam (0.79-1) unstable; urgency=low

  * New upstream version (closes: #284954, #300775).
    - includes some fixes for typos (closes: #319026).
    - pam_unix should now be LSB 3.0-compliant (closes: #323982).
    - fixes segfaults in libpam on config file syntax errors
      (closes: #330097).
  * Drop patches 000_bootstrap, 004_libpam_makefile_static_works,
    011_pam_access, 013_pam_filter_termio_to_termios, 017_misc_fixes,
    025_pam_group_conffile_name, 028_pam_mail_delete_only_when_set,
    033_use_gcc_not_ld, 034_pam_dispatch_ignore_PAM_IGNORE,
    035_pam_unix_security, 039_pam_mkhomedir_no_maxpathlen_required,
    041_call_bootstrap, 042_pam_mkhomedir_dest_not_source_for_errors,
    051_32_bit_pam_lastlog_ll_time, and
    053_pam_unix_user_known_returns_user_unknown which have been
    integrated upstream.
  * Merge one last bit of patch 053 into patch 043, where it should have
    been in the first place
  * Patch 057: SELinux support:
    - add support to pam_unix for copying SELinux security contexts when
      writing out new passwd/shadow files and creating lockfiles
    - support calling unix_chkpwd if opening /etc/shadow fails due to
      SELinux permissions
    - allow unix_chkpwd to authenticate for any user when in an SELinux
      context (hurray!); we depend on SELinux policies to prevent the
      helper's use as a brute force tool
    - also support querying user expiration info via unix_chkpwd
    - misc cleanup: clean up file descriptors when invoking unix_chkpwd
      (closes: #248310)
    - make pam_rootok check the SELinux passwd class permissions, not just
      the uid
    - add new pam_selinux module (closes: #249499)
  * Build-depend on libselinux1-dev.
  * Fix pam_getenv, so that it can read the actual format of /etc/environment
    instead of trying to read it using the syntax of
    /etc/security/pam_env.conf; thanks to Colin Watson for the patch.
    Closes: #327876.
  * Set LC_COLLATE=C when using alphabetic range expressions in
    debian/rules; bah, so *that's* what kept happening to my README file
    when trying to build out of svn!  Closes: #295296.
  * Add a reference to the text of the GPL to debian/copyright.

 -- Steve Langasek <vorlon@debian.org>  Sun, 25 Sep 2005 22:08:20 -0700

pam (0.76-23) unstable; urgency=low

  * Fix Gcc 3.4 compilation, Closes: #259634
  * Note that pam.conf is not read if /etc/pam.d exists, Closes: #248928
  * Fix typo in pam_env.conf, Closes: #277633

 -- Sam Hartman <hartmans@debian.org>  Sun, 10 Jul 2005 16:42:25 -0400

pam (0.76-22) unstable; urgency=medium

  * Add uploaders
  * Document location of repository
  * Fix options containing arguments in pam_unix, Closes: #254904

 -- Sam Hartman <hartmans@debian.org>  Mon, 28 Jun 2004 14:28:08 -0400

pam (0.76-21) unstable; urgency=medium

  * Fix patch 055 again because -20 was broken and didn't actually fix the
    problem.

 -- Sam Hartman <hartmans@debian.org>  Tue,  4 May 2004 21:37:38 -0400

pam (0.76-20) unstable; urgency=medium

  * Update to patch 55 to only check securetty when we are sure the
    password is null, Closes: #243698
  * Medium urgency because the version now in testing has confusing and
    verbose log messages.
  * Include pam_getenv script which hopefully will be used by some people
    somewhere for some purpose

 -- Sam Hartman <hartmans@debian.org>  Wed, 28 Apr 2004 22:51:18 -0400

pam (0.76-19) unstable; urgency=low

  * Oops, too busy testing the upgrade from woody to make sure the upgrade
    from -16 to -18 worked.  Thanks to all those who reported,
      Closes: #243413

 -- Sam Hartman <hartmans@debian.org>  Tue, 13 Apr 2004 16:08:54 -0400

pam (0.76-18) unstable; urgency=low

  * Manipulate conffiles to avoid unnecessary prompt in woody to sarge
    upgrade, Closes: #218318

 -- Sam Hartman <hartmans@debian.org>  Sat, 10 Apr 2004 18:10:35 -0400

pam (0.76-17) unstable; urgency=low

  * common-password now includes length restrictions and cracklib
    examples, Closes: #227681, #237537
  * Patch 054: abstract out the logic from pam_securetty to determine if a
    tty is in /etc/securetty into a library function
  * Patch 55: Add nullok_secure option to pam_unix.  If set,  then null
    passwords are accepted from terminals in /etc/securetty.
  * common-auth now includes nullok_secure, Closes: #228114


 -- Sam Hartman <hartmans@debian.org>  Sun,  4 Apr 2004 23:10:11 -0400

pam (0.76-16) unstable; urgency=low

  * Patch 51 from the x86-64 folks to support 32-bit ll_time in
    pam_lastlog even if time_t is 64-bits
  * Don't call openlog in pam_unix (patch 52), Closes: #213566
  * Return PAM_USER_UNKNOWN for unknown users in pam_unix (patch 53), Closes: #204506

 -- Sam Hartman <hartmans@debian.org>  Tue, 23 Mar 2004 22:26:04 -0500

pam (0.76-15) unstable; urgency=low

  * Fix description of libpam-runtime, Closes: #209755
  * Fix description of libpam-cracklib, Closes: #210014
  * Depend on libc6-dev|libc-dev not libc6-dev, Closes: #212354
  *  Clean up binaries, Thanks Russell, Closes: #212158
  * Depend on sufficiently new cracklib2-dev, Closes: #214092
  * Treate GNU/* as GNU for OS variable to make pam_limits compile,
    (patch 050) Closes: #220980
  * No longer build-depend on latex2html, Closes: #221318
  * Allow : in tty specification for pam_group, (patch 048) Closes: #220439
  * Pull in locking patch from Linux-PAM CVS; this ended up causing
    021_pam_nis_locking to be reworked and that patch now no longer
    contains locking fixes, but just NIS cleanup in general.  See
    049_pam_unix_sane_locking for the locking changes,  Closes: #220158

 -- Sam Hartman <hartmans@debian.org>  Mon, 12 Jan 2004 02:23:59 -0500

pam (0.76-14) unstable; urgency=low

  * Pull in NMU diff from 13.1, Closes: #186011
  * Split out common-password into its own file, Closes: #207497
  * Make other a conffile again and update to @include stuff
  * Add missing symlink, Closes: #196605
  * Remove undocumented manpages
  * Update PAM mini-policy

 -- Sam Hartman <hartmans@debian.org>  Mon,  1 Sep 2003 18:08:54 -0400

pam (0.76-13.1) unstable; urgency=low

  * NMU with maintainer's permission.
  * Add three new config files (/etc/pam.d/common-{auth,account,session})
    to libpam-runtime.  Other packages which depend on libpam-runtime
    can now @include these files from their own PAM configs.
  * Convert /etc/pam.d/other from a conffile to a non-conffile config
    file.  Closes: #186011.
  * Remove empty libpam-runtime.prerm script (debhelper will autocreate if needed)

 -- Steve Langasek <vorlon@debian.org>  Tue, 19 Aug 2003 19:41:03 -0500

pam (0.76-13) unstable; urgency=low

  * Nope, that dependency didn't work, so let's remove it.  If we run into other module versioning issues, I now have an arm build environment to debug with.  Closes: #198618

 -- Sam Hartman <hartmans@debian.org>  Mon,  7 Jul 2003 00:22:34 -0400

pam (0.76-12) unstable; urgency=low

  * Fix group.conf example, (patch 046) Closes: #197080
  * Ignore module return value in jumps, (patch 045) Closes: #176693
  * Accept string value for chroot limit, thanks Andrei Pelinescu-Onciul,
    Patch (047), Closes: #196903
  * Depend on libpam-modules instead of conflicting with older versions.
    This creates a circular dependency between libpam0g and
    libpam-modules.  James says this works fine; we hope he's right.
    Closes: #196949
 -- Sam Hartman <hartmans@debian.org>  Sat, 21 Jun 2003 17:19:29 -0400

pam (0.76-11) unstable; urgency=low

  * Don't allow db4 to satisfy build-depends because it doesn't actually
    work, and sometimes building with it would be wrong.
  * Don't depend on libpcap-dev on Debian BSD
  * Conflict with old libpam-modules, Closes: #191906
  * Incorrect username should not be logged at alert (patch 43),
  Closes: #175900
  * Patch to support FreeBSD (patch 44, thanks Robert), Closes: #191906

 -- Sam Hartman <hartmans@debian.org>  Sat, 31 May 2003 19:55:26 -0400

pam (0.76-10) unstable; urgency=low

  * Don't double list conffiles, Closes: #190954
  * Only install example sources not executables,  Closes: #185286
  * Display correct directory in error message for  pam_mkhomedir, patch
    042 thanks to Akira TAGOH, Closes: #165240
  * Don't log  EPERM when setting NOFILE limit as Linux doesn't let you
    set that to -1, Closes: #180310
  * Add newline to end of distributed time.conf, Closes: #172229
  * Up our standards version  and support noopt in DEB_BUILD_OPTIONS

 -- Sam Hartman <hartmans@debian.org>  Sat,  3 May 2003 22:28:37 -0400

pam (0.76-9) unstable; urgency=low

  * Fix pam_rhosts hurd patch so it actually works, Closes: #172914
  * Fix patch 040 not to clobber errno when logging the error fails,
    Closes: #172186
  * Fix dependency for linuxdoc-tools, Closes: #173097

 -- Sam Hartman <hartmans@debian.org>  Sun, 15 Dec 2002 17:10:58 -0500

pam (0.76-8) unstable; urgency=low

  * Have makefile appropriately depend on bootstrap-libpam
  * Install pam minipolicy, Closes: #167798
  * Don't segfault if ttyname is null; this avoids the segfault but does
    not actually make pam_issue useful for ssh.  I believe the way
    pam_issue works is fundamentally incompatible with what sshd expects
    from PAM (patch 037), Closes: #153152
  * We actually fixed passwords containing , in  0.76-6, but failed to
    document it.  They do work, Closes: #164713
  * Note that /etc/pam.d/other is a fall back  for each service
  * Patches from Michal 'hramrach' Suchanek" <hramrach_l@centrum.cz> to
    make HURD work, Closes: #165066 (patch 038 and 039)
  * Don't depend on gs and other doc prep tools for build-depends, just
    build-depends-indep, Closes: #165065
  * Patch from Eric Anderson <anderse@hpl.hp.com> to log failures of
    setrlimit (patch 040), Closes: #169836
  * Build pam_limits on hurd, Closes: #165190

 -- Sam Hartman <hartmans@debian.org>  Sun, 24 Nov 2002 22:04:28 -0500

pam (0.76-7) unstable; urgency=low

  * Fix handling of pam_ignore  in case where we're skipping modules;
    update to patch 034

 -- Sam Hartman <hartmans@debian.org>  Sun, 20 Oct 2002 21:49:22 -0400

pam (0.76-6) unstable; urgency=low

      * The "No, I don't think I actually want any of what upstream is
    smoking" release
  * If this were already in testing, this would be an severity emergency
    upload
  * pam_unix currently treats * in shadow file as no password not
    disabled; major security issue; fixed in upstream CVS, (patch 035) Closes: #164659
  * OK, I think this actually fixes the rest of the manpage symlinks,
    Closes: #163839, #164298
  * You don't want to use getlogin for pam_wheel because utmp may be wrong or for xterm have no entry, pull forward patch from the 0.72 packages (patch 036), Closes: #163787

 -- Sam Hartman <hartmans@debian.org>  Tue, 15 Oct 2002 10:44:56 -0400

pam (0.76-5) unstable; urgency=low

  * Fix library links from 0.75 to 0.76
  * Ignore PAM_IGNORE in _pam_dispatch_aux (patch 34), Closes: #163841
  * Fix man page symlinks, Closes: #163839

 -- Sam Hartman <hartmans@debian.org>  Fri, 11 Oct 2002 01:08:06 -0400

pam (0.76-4) unstable; urgency=low

  * Upstream correctly states that one should  use gcc not ld when
    linking and then hapilly proceeds to actually use ld, fixed, Closes: #163711

  * Remove experimental warning from readme, Closes: 163742

 -- Sam Hartman <hartmans@debian.org>  Mon,  7 Oct 2002 23:45:53 -0400

pam (0.76-3) unstable; urgency=low

  * Oops, let's try building -fpic.  This currently builds everything
    -fpic which is somewhat wrong, but doing more than that requires
    significant build system hacking (touch every makefile for dynamic
    objects), so it will wait, Closes: #163600

 -- Sam Hartman <hartmans@debian.org>  Sun,  6 Oct 2002 23:33:12 -0400

pam (0.76-2) unstable; urgency=low

  * Link against appropriate libraries so we find  the symbols we need,
    Closes: #162175
  * The if everyone's going to complain when I upload broken software to
    experimental release, I might as well upload to unstable and give them
    something worth actually complaining about release.
  * Also the remove the scourge of dbs release
  * Include patch 034 from the 0.72 packages, meaning that we've included
    all the patches we need before release
  * Reject the patch to pam_wheel as I cannot find out what reasonable
    thing it was trying to do and it seemed broken
  * libpam-cracklib should depend on wordlist  so it actually works;
    thanks Olaf Meeuwissen,
    Closes: #112965
  * Merge build-depends and build-depends-indep because I'm a bad person
    and was too lazy to make docs build in a separate pass.  I'll deal in
    a few versions.

 -- Sam Hartman <hartmans@debian.org>  Sun,  6 Oct 2002 18:52:13 -0400

pam (0.76-1) experimental; urgency=low

  * New upstream version
  * Upstream includes fix to not break cron, Closes: 160566
  * New Upstream correctly handles priority < 0 for pam_limits, Closes: #126251
  * .cvsignores removed, Closes: #159961

 -- Sam Hartman <hartmans@debian.org>  Sun, 22 Sep 2002 16:11:35 -0400

pam (0.75-3) experimental; urgency=low

      * Apply patch 027  pam_limits so that we initialize to wide open not
    current limits.
      * In pam_mail, don't complain about deleting environment variable if
    we never set it, Closes: #58429
      * Don't set default max procs limit in pam_limits, Closes: #116874
        * libpam-runtime now arch all since it has no arch-specific files,
    Closes: #132545
      * Update mini policy to reflect confusion on debian-devel

 -- Sam Hartman <hartmans@debian.org>  Tue, 16 Jul 2002 09:30:50 -0400

pam (0.75-2) experimental; urgency=low

  * Fix pam_userdb to build and to build against db3, fixes patch 020
  * Fix upstream makefile so pam_group has valid configuration, closes: #148657
  * time.conf reference to logoutd removed, closes: #143801
  * The static library contains all the appropriate symbols in this
    version. You may find the complete lack of PAM modules somewhat
    frustrating; currently the static pam library is only useful if you
    register your own modules.  Fixing this would require annoying hacking
    on the upstream build system, closes: #103495
  * unix_chkpwd.8 typo fixes thanks to dancer@anthill.echidna.id.au,
    Closes: #139949
  * Since we're working on the new upstream version, we also have the new docs, closes: #147763
  * Patch from Martin Schwenke <martin@meltin.net> to only change
    passwords in pam_unix when they exist in the password file; hopefully
    does not break NIS, closes: #135990
  * Another patch from Martin to return PAM_USER_UNKNOWN if we ever
    actually do get into the password changing routine only to find that
    we have no password to change, closes: #135604
  * .cvsignore no longer installed, closes: #120795
  * We're using debhelper 3, just in time to be obselete, Closes: #93414

 -- Sam Hartman <hartmans@debian.org>  Sat,  8 Jun 2002 18:04:40 -0400

pam (0.75-1) experimental; urgency=low

  * Preliminary test packages
  * New upstream version
  * Hopefully works mostly the same as  0.72 except for  upstream bug
    fixes and for the fact that pam_limits is fairly broken right now.
  * If it breaks you are lucky if you get to keep both pieces release.

 -- Sam Hartman <hartmans@debian.org>  Sat, 25 May 2002 22:57:57 -0400

pam (0.72-35) unstable; urgency=medium

  * Fix like_auth to make libpam-krb5 and libpam-heimdal actually useful,
    patch from RISKO   Gergely , closes: #126251

 -- Sam Hartman <hartmans@debian.org>  Mon, 21 Jan 2002 15:20:22 -0500

pam (0.72-34) unstable; urgency=medium

  * Note that HOME may not be useful in pam_environment, closes: #109281
  * Don't smash case domains (groups/users) in pam_limits, closes: #119893
  * Remove double the from description, closes: #107705
  * Fix typo on mail message, closes: #119689
  * Medium since these are small fixes that should go into woody

 -- Sam Hartman <hartmans@debian.org>  Fri, 23 Nov 2001 21:24:20 -0500

pam (0.72-33) unstable; urgency=low

  * Fix pam_mail to look in /var/mail not /var/spool/mail, thanks mjb.

 -- Sam Hartman <hartmans@debian.org>  Thu, 11 Oct 2001 15:44:32 -0400

pam (0.72-32) unstable; urgency=medium

  * This should probably get into testing before freeze; medium.
  * Patch from Volker Stolz to fix bug in previous pam_group patch,
    closes: #111854

 -- Sam Hartman <hartmans@debian.org>  Sat, 22 Sep 2001 06:32:29 -0400

pam (0.72-31) unstable; urgency=low

  * Add support for credential reinitialization in pam_group, closes: #108697

 -- Sam Hartman <hartmans@debian.org>  Fri, 31 Aug 2001 13:16:39 -0400

pam (0.72-30) unstable; urgency=low

  * Include patch from  robbe@orcus.priv.at to build pam_limits on hurd,
    closes: #103556
  * Start installing limits.conf for hurd (may not work quite right)

 -- Sam Hartman <hartmans@debian.org>  Mon, 16 Jul 2001 09:35:51 -0400

pam (0.72-29) unstable; urgency=low

  * Correctly declare uint32 type for ia64, closes: #104584

 -- Sam Hartman <hartmans@debian.org>  Sat, 14 Jul 2001 01:30:39 -0400

pam (0.72-28) unstable; urgency=low

  * Fix scanf string so pam_limits chroot works, closes: #100812
  * Only log unknown user at warning, not alert, closes: #95220
  * By default do complete matches not substring matches for pam_time.
    You can include explicit wildcard for substring, closes: #66152

 -- Sam Hartman <hartmans@debian.org>  Tue,  3 Jul 2001 17:31:45 -0400

pam (0.72-27) unstable; urgency=low

  * Fix  typo in last patch

 -- Sam Hartman <hartmans@debian.org>  Mon, 25 Jun 2001 18:27:42 -0400

pam (0.72-26) unstable; urgency=low

  * Block SIGCHLD when calling unix password verification program, patch from mdz@debian.org, fixes pam part of #97977

 -- Sam Hartman <hartmans@debian.org>  Mon, 25 Jun 2001 08:47:12 -0400

pam (0.72-25) unstable; urgency=medium

  * Depend on opensp, working around #89063, closes: #100125
  * This is urgency medium to get docs back into testing.

 -- Sam Hartman <hartmans@debian.org>  Fri,  8 Jun 2001 11:44:12 -0400

pam (0.72-24) unstable; urgency=low

  * New NIS double locking and root password patch from  Philippe Troin
    <phil@fifi.org>, fixes bug in unreleased patch submitted for
    0.72-23.  Also improves changing root password so it does something;
    ongoing discussion on whether this is right.

 -- Sam Hartman <hartmans@debian.org>  Mon, 21 May 2001 08:06:05 -0400

pam (0.72-23) unstable; urgency=low

  * Patch from Benoit Gaussen <ben@trez42.net> , Don't trim from , to end
  of string in user input, only trim from salt
    grabbed from passwd file, closes: #96779
  * Fix NIS double locking, closes: #96736

 -- Sam Hartman <hartmans@debian.org>  Wed, 16 May 2001 15:46:34 -0400

pam (0.72-22) unstable; urgency=low

  * Fix pam.8 to be pam.7, closes: #92874

 -- Sam Hartman <hartmans@debian.org>  Tue, 17 Apr 2001 23:04:04 -0400

pam (0.72-21) unstable; urgency=low

  * Don't depend on libcap for hurd, closes: #91998
  * Don't list scurity/limits.conf as a conffile for hurd

 -- Sam Hartman <hartmans@debian.org>  Mon,  9 Apr 2001 12:30:18 -0400

pam (0.72-20) unstable; urgency=low

  * Install pam-undocumented in -runtime not -dev, closes: #93063
  * Mark pam-runtime as replacing files from -dev in case you installed
    -19 and have pam-undocumented in the wrong place

 -- Sam Hartman <hartmans@debian.org>  Fri,  6 Apr 2001 06:38:15 -0400



pam (0.72-19) unstable; urgency=low

  * New maintainer, closes: #92353
  * Install pam-undocumented; somehow it was not installed in -18

 -- Sam Hartman <hartmans@debian.org>  Wed,  4 Apr 2001 21:32:17 -0400

pam (0.72-18) unstable; urgency=low

  * pam_securetty: log failed tty checks. Normally this was only done if
    the "debug" option was on...do it regardless now, closes: #89390
  * Get rid of log message for when "root" is not applied to group checks.
    closes: #88825
  * Add quiet option to pam_listfile, closes: #84428
  * pam(8) should be pam(7), pam.conf(8) should be pam.conf(5), closes:
    #89322
  * Added groff to Build-Depends-Indep, closes: #88794

 -- Ben Collins <bcollins@debian.org>  Sun, 25 Mar 2001 21:40:32 -0500

pam (0.72-17) unstable; urgency=low

  * Fixed login in pam_limits where the max logins could be ignored.

 -- Ben Collins <bcollins@debian.org>  Fri,  9 Mar 2001 09:14:48 -0500

pam (0.72-16) unstable; urgency=low

  * New pam limits cap patch from Topi Miettinen
    <Topi.Miettinen@koti.tpo.fi>, closes: #88401, #88406, #88525, #88399,
    #86197
  * pwdb no longer used, closes: #59917
  * fix patch 023 for gethostbyname build failure, closes: #86156
  * Make sure unix_chkpwd gets installed as suid root, closes: #88519
  * Fix whatis parse of manpages, closes: #86203
  * pam_listfile, fix arg parsing when arg does not contain '=', closes:
    #86070

 -- Ben Collins <bcollins@debian.org>  Sun,  4 Mar 2001 22:45:58 -0500

pam (0.72-15) unstable; urgency=low

  * Doh, added build-depends for libcap, closes: #85352
  * Change section of libpam-cracklib from admin to libs to match
    overrides.

 -- Ben Collins <bcollins@debian.org>  Fri,  9 Feb 2001 09:06:40 -0500

pam (0.72-14) unstable; urgency=low

  * Added fix to pam_access for gethostname decleration. closes: #82100
  * Just name the lib/security directory instead of all the modules
    seperately for dh_movefiles. closes: #76119
  * Fix pam_env corruption, closes: #66849, #77229
  * Add patch to allow recursive /etc/skel copy in pam_mkhomedir, closes:
    #67211
  * remove dh_suidregister call, added conflict for old suidregister
    package
  * Applied patch for Linux capabilities in pam_limits, closes: #74176
  * pam_issue.so works for me, without segv, and even with escapes. This
    is with login. Note, things like pam_issue do not work with ssh simply
    because ssh is not able to work in that way (does not support
    arbiitrary conversations). So if you want it to work there, file a bug
    on ssh, not on libpam-modules. closes: #77228
  * unix_chkpwd: check for NULL password, closes: #69960

 -- Ben Collins <bcollins@debian.org>  Thu,  8 Feb 2001 11:06:03 -0500

pam (0.72-13) unstable; urgency=low

  * Fix grammar in pam_source.sgml, closes: #78959
  * pam_undocumented.7: Fix escaped 's, closes: #75987
  * Fix build ordering, closes: #71442, #80397, #77017
  * Applied Hurd patch, closes: #76119
  * Use gcc for linking, not ld. closes: #71941
  * Pretty sure this was fixed, closes: #67172
  * Applied spealang fixes to Debian-mini-policy. closes: #80249
  * Applied patch to allow devfs style terminal devices with pam_group,
    closes: #77661
  * Could not reproduce, even using md5 passwords. User, if you still have
  * this problem, you need to tell me with what service (login, which I
    tested, sshd, telnet, etc...) and also send me the entire pam.d file
    for that service. closes: #76087
  * Fixed awhile back, closes: #72858
  * Closing this since I am not going to include any modules in this
    package that aren't in upstream. If someone else wants to package
    these modules seperately, they can do so. closes: #69550
  * For correct usage, pam_wheel.so should be used with "sufficient" and
    not "required". This is documented. If you use "required", then you
    must also use the "trust" option, but that doesn't give you the
    results you want. closes: #76236

 -- Ben Collins <bcollins@debian.org>  Sun, 31 Dec 2000 05:38:23 -0500

pam (0.72-12) frozen unstable; urgency=low

  * Recompile against db2 for glibc change
  * Add db2 to build-deps

 -- Ben Collins <bcollins@debian.org>  Wed, 27 Sep 2000 12:08:11 -0400

pam (0.72-11) frozen unstable; urgency=low

  * Removed all traces of pwdb in packages. libpwdb has been removed from
    the archive. This means that the pam_pwdb and pam_radius modules are
    no longer available (from the libpam-pwdb package).
  * doc/modules/pam_wheel.sgml: Really spell out that being a member of a
    group meands the user is listed in /etc/group, closes: #69242
  * doc/*: s/PAM_AUTHOK_RECOVERY_ERR/PAM_AUTHOK_RECOVER_ERR/g,
    closes: #64473
  * pam_wheel: PAM does not distinguish it, the libc calls make the
    distinction. The users gid is returned in their passwd info, while
    getgrent() returns only the members of the group listed in /etc/group.
    This is ok, because if it's really that important, you can actually
    have it in both places. The fact that it's documented should suffice
    in making this clear, closes: #69236
  * Sorry, but seperate modules generally need to be packaged seperately.
    I don't want to overload this package with everyone's pet module, so I
    have to put my foot down, closes: #61759
  * Actually, I'm going to move in Woody to make packages depend more on
    the defaults in /etc/pam.d/other, so that admins have less to
    maintain. For one, all packages should not have a password service
    listed, closes: #70000 (YAY! I got the 70k rollover bug number!)
  * Sorry, I can't include this. "," is a legitimate char in a password
    salt/hash. If you can code up something that is super intelligent
    about lenghts of the field, I can go for it, maybe, closes: #59459
  * modules/pam_limits: Added chroot feature patch, closes: #61090
  * modules/pam_access: Allow last field to contain ':', closes: #67291
  * modules/pam_limits: Allow explicit limits for root, closes: #62448
  * modules/pam_unix: Do not zero old/new password fields, libpam does
    this itself, and doing so in the module breaks stacking,
    closes: #66270
  * modules/pam_group: Allow alpha *and* numeric in tty field (duh),
    closes: #63752
  * modules/pam_access: Enable NIS, closes: #64854
  * libpam0g-dbg: removed, useless anyway

 -- Ben Collins <bcollins@debian.org>  Wed, 30 Aug 2000 18:39:32 -0400

pam (0.72-10) frozen unstable; urgency=low

  * Update build depends
  * Fixed logic for showing non-existent user names when auth failed in
    pam_unix.so, closes: #67786 (thanks to Jim Breton for being patient in
    helping track this down). It would sometimes show them, even if we
    didn't want to.

 -- Ben Collins <bcollins@debian.org>  Thu, 27 Jul 2000 09:17:08 -0400

pam (0.72-9) frozen unstable; urgency=low

  * pam_unix: do not call obscure_msg() of pass_old is NULL,
    closes: #65321
  * pam_access: check for from[0] == '\0' so that tty logic is actually
    used, closes: #65401

 -- Ben Collins <bcollins@debian.org>  Wed, 14 Jun 2000 11:38:35 -0400

pam (0.72-8) frozen unstable; urgency=low

  * Build depends added in previous version, closes: #60817, #61439
  * Allow use of ":0" in group.conf, closes: #61966
  * Added syslog entry to notify that a user succesfully changed their
    password, closes: #61724
  * Make pam_unix compatible with HP-UX style NIS+ password information,
    patch from ldaffner@rsn.hp.com, closes: #61942
  * If "audit" is not enabled, don't let pam_unix print the names of
    unknown users for auth attempts, closes: #61942
  * Fixed ttyname() parsing in pam_access to match that of the old shadow
    access.conf s,/dev/,, closes: #61644
  * Set some sane defaults for pam_limits.so instead of carrying over
    potentially bad defaults, patch from Peter Paluch
    <peterp@frcatel.fri.utc.sk> closes: #63230
  * Allow explicit (e.g. specified specifically for) limits for root,
    patch from Topi Miettinen <Topi.Miettinen@nic.fi>, closes: #62448
  * Added information to time.conf about logoutd, which is now enabled via
    this file.
  * cracklib maintainer claims this isn't a bug, closes: #54180
  * fixed control syntax handling which was causing segfaults, closes: #62237

 -- Ben Collins <bcollins@debian.org>  Sat, 29 Apr 2000 11:39:59 -0400

pam (0.72-7) frozen unstable; urgency=low

  * pam_limits: fix parsing of users which explicitly removes limits,
    closes: #59911, #60287
  * Added build-depends

 -- Ben Collins <bcollins@debian.org>  Mon, 20 Mar 2000 16:06:28 -0500

pam (0.72-6) frozen unstable; urgency=low

  * Remove conflict for libpam0g-util from libpam0g and put it in
    libpam-runtime. This should fix a problem with upgrades that apt
    experiences, closes: #58677

 -- Ben Collins <bcollins@debian.org>  Mon, 28 Feb 2000 14:05:28 -0500

pam (0.72-5) frozen unstable; urgency=low

  * Added obscure password checks to pam_unix. Required for shadow to be
    able to emulate the pre-PAM setup (referenced in a bug on passwd).
  * Applied patch from #57800 to fix NIS/NIS+ shadow accounting checks,
    closes: #57800, #58164
  * Fixed two typos in the PAM System Administrators Guide,
    closes: #56578, #56587

 -- Ben Collins <bcollins@debian.org>  Mon, 28 Feb 2000 10:58:09 -0500

pam (0.72-4) frozen unstable; urgency=low

  * unix_chkpwd: check for NULL on stdin aswell as 0 reads, closes: #56375
  * pam_unix/Makefile: removed bashism, closes: #56370
  * fixed in shadow upload, closes: #49832

 -- Ben Collins <bcollins@debian.org>  Sat, 29 Jan 2000 00:27:28 -0500

pam (0.72-3) unstable; urgency=low

  * Added cpluplus wraps in all the headers, closes: #53653

 -- Ben Collins <bcollins@debian.org>  Sun,  2 Jan 2000 15:15:40 -0500

pam (0.72-2) unstable; urgency=low

  * Well, this is an odd one. A recompile fixes it. So it must have been a
    problem from linking with 0.71 when this is version 0.72. All of this
    build daemons seem to have compiled the latest 0.72, so this should be
    resolved after this gets recompiled on all of them, closes: #51619, #49584
  * This is from a very old version (0.56) of libpam0. It is not relevant
    to the latest version, closes: #47162

 -- Ben Collins <bcollins@debian.org>  Sun, 26 Dec 1999 09:10:13 -0500

pam (0.72-1) unstable; urgency=low

  * New upstream source release, lots of patches merged upstream (thanks
    Andrew).
  * libpam-doc: now provides pam-doc, closes: #45631
  * cleanups to the build system
  * shlibs.local: bumped shlib deps

 -- Ben Collins <bcollins@debian.org>  Tue, 14 Dec 1999 11:17:36 -0500

pam (0.71-3) unstable; urgency=low

  * Debian-PAM-MiniPolicy: new document describing how PAM is implemented
    in Debian

 -- Ben Collins <bcollins@debian.org>  Fri, 26 Nov 1999 17:26:40 -0500

pam (0.71-2) unstable; urgency=low

  * pam_listfile: lstat -> stat, closes: #49833
  * pam_tally: install the pam_tally program, closes: #50314
  * debian/control: libpam-modules, replaces libpam0g-util, closes: #50716

 -- Ben Collins <bcollins@debian.org>  Thu, 25 Nov 1999 21:02:23 -0500

pam (0.71-1) unstable; urgency=low

  * New upstream release, merges lots of patches from the Debian source,
    also merges the pam_{motd,mkhomedir,issue} modules into the main
    source. Lots of minor bugs fixed, and compiler warnings
  * pam_mail: Reimplemented the authentication handlers, so now this works
    as both (changes nothing in Debian, but was required to get the patch
    accepted upstream)
  * general: Lots of small edits to fix compiler warnings
  * pam_userdb: fixed potential usage of an unitialized value as
    PAM_AUTHTOK, doesn't look particularly exploitable, but better safe
    than sorry

 -- Ben Collins <bcollins@debian.org>  Mon,  8 Nov 1999 19:21:52 -0500

pam (0.70-4) unstable; urgency=low

  * pam_wheel/pam_wheel.c: change to use getpwuid(getuid()) by default, so
    avoid the problems associated with getlogin()

 -- Ben Collins <bcollins@debian.org>  Mon,  1 Nov 1999 13:33:10 -0500

pam (0.70-3) unstable; urgency=low

  * Applied patch from Herbert Xu to enable PAM_CONV_AGAIN support in
    pam_ftp, closes: #47288

 -- Ben Collins <bcollins@debian.org>  Wed, 13 Oct 1999 13:25:21 -0400

pam (0.70-2) unstable; urgency=low

  * 100_pam_pwdb_security_fix: new patch fixes security problem with
    regard to NIS accounts

 -- Ben Collins <bcollins@debian.org>  Wed, 13 Oct 1999 11:42:41 -0400

pam (0.70-1) unstable; urgency=low

  * New upstream release
  * Seems there were a lot of fixes merged/matches upstream, looks good,
    (maybe it's time I start sending my patches in, since the maintainer
    is active again).
  * libpamc: new library (libpam client library), this actually used to be
    in the Debian packages for a few versions, but it was removed upstream.
    Guess what, it's back :)

 -- Ben Collins <bcollins@debian.org>  Sun, 10 Oct 1999 01:07:43 -0400

pam (0.69-11) unstable; urgency=low

  * {pwdb,unix}_chkpwd.8: fixed format to get rid of "no whatis" warnings
    from mandb, closes: #47004
  * pam_unix.sgml: new file, documents the pam_unix.so module,
    closes: #46511

 -- Ben Collins <bcollins@debian.org>  Sat,  9 Oct 1999 12:41:58 -0400

pam (0.69-10) unstable; urgency=low

  * libpam/pam_item.c: fixed debug message being in wrong place
  * 013_pam_issue: new patch, provides issue file parsing for PAM
    applications (helps to replace lost functionality in login).

 -- Ben Collins <bcollins@debian.org>  Wed,  6 Oct 1999 20:30:17 -0400

pam (0.69-9) unstable; urgency=low

  * Fix typo in pam_mail.so module's "no" return

 -- Ben Collins <bcollins@debian.org>  Sun,  3 Oct 1999 15:08:56 -0400

pam (0.69-8) unstable; urgency=low

  * docs/modules/pam_mkhomedir.sgml: Fixed module name
  * changed build system structure
  * libpam/Makefile: add -lcrypt to the linked libs, closes: #46104
  * increase shlib deps to 0.69-7, closes: #45801
  * pam_motd.c: close motd file after reading, closes: #46122
  * pam_motd.c: fix setting \0 in the wrong place when motd file is
    zero length, closes: #45686, #45632
  * pam_unix_acct.c: allow '0' to denote disabled for some expiry fields
    since chage(1) documents it this way, closes: #45446
  * pam_mail.c|modules/pam_mail.sgml: added 2 options, one "standard" to
    give the old style "You have ..." response and "quiet" which only
    reports new mail for both formats, documented both options,
    closes: #45670
  * with the new pam_unix module, this bug is fixed, closes: #42230
  * pam_limits.c: make sure that we not only ignore limits on root, we
    also remove them just in case we are su'ing from a limited user to
    the root account (since as root they can remove the limits anyway),
    closes: #35302

 -- Ben Collins <bcollins@debian.org>  Sun,  3 Oct 1999 12:07:28 -0400

pam (0.69-7) unstable; urgency=low

  * debian/rules: fixed module_check
  * pam_env/pam_env.c: fixed env parsing to include values wrapped in ''
    and also allow continued lines with a trailing '\'.
  * pam_motd,pam_mail: converted to session modules, so that they could
    be ordered with the lastlog module
  * updated default pam.d/login to reflect above change (now login looks
    the same as the non-PAM version, lastlog, then motd, and then mail
    check)
  * pam_motd: removed extraneous \n from output
  * modules/pam_limits/pam_limits.c: Fixed parsing of lines with only
    "domain -", which was documented as being able to get rid of limits
    for that user or group.
  * debian/control: (libpam-cracklib) Added depends for cracklib-runtime,
    closes: #45488
  * modules/pam_env.c: Fixed /etc/environment parsing causing segfaults on
    long lines, closes: #45408

 -- Ben Collins <bcollins@debian.org>  Sun, 19 Sep 1999 13:50:40 -0400

pam (0.69-6) unstable; urgency=low

  * Install unix_chkpwd suid root, it's needed for NIS to work without
    modification to the binary.
  * modules/pam_limits/pam_limits.c: hmm, some how I got a strange broken
    patch left over from the source upgrade...removed all but the pwdb
    purging, closes: #45088
  * modules/pam_env/pam_env.c: Changed to a debug message, instead of a
    syslog message when /etc/environment does not exist.

 -- Ben Collins <bcollins@debian.org>  Wed, 15 Sep 1999 04:25:21 -0400

pam (0.69-5) unstable; urgency=low

  * Removed libpam0g's preinst check for full paths in the pam.d files,
    this should really be a lintian check at build (i think the old libpam
    could not work like this, but hey...things change for the better some
    times. This PAM works fine like that). closes: #45001
   +NOTE: Debian packages should not reference modules by the full path
    so they don't break if I ever decide to move the modules to a different
    default directory. Only the admin should reference full paths and only
    for locally installed modules. I have submitted a request to check for
    this in lintian along with a few other devious things.
  * debian/patches/008_pam_mkhomedir: Fix title of sgml doc
  * modules/pam_userdb/Makefile: added patch for building against glibc 2.0
    (request from Roman Hodek), closes: #45064

 -- Ben Collins <bcollins@debian.org>  Tue, 14 Sep 1999 06:12:34 -0400

pam (0.69-4) unstable; urgency=low

  * Link all dynamic modules with libpam. For some reason, alpha doesn't
    like it when we don't

 -- Ben Collins <bcollins@debian.org>  Mon, 13 Sep 1999 06:01:40 -0400

pam (0.69-3) unstable; urgency=low

  * doc/modules/pam_cracklib.sgml: changed to correct path for
    cracklib_dict reference.
  * modules/pam_env/pam_env.c: now groks bash style env's from
    /etc/environment to be compatible with other programs that use it.
  * modules/pam_securetty/pam_securetty.c: don't just plain fail when
    root isn't allowed to login, fake a password request just like any
    good auth module would. Keeps us from letting them know that they
    are doing something bad :)
  * modules/pam_{motd,mkhomedir}: merged these two modules into this
    source, also wrote corresponding sgml files for libpam-doc,
    closes: #40754
  * debian/control: Moved libpam0g, libpam-modules and libpam-runtime
    to base with required priority since login depends on them and
    policy will require this

 -- Ben Collins <bcollins@debian.org>  Sat, 11 Sep 1999 08:06:02 -0400

pam (0.69-2) unstable; urgency=low

  * Modified build so that it uses libs and headers in the build tree
    rather than on the local system. This involved changint the build
    order slightly and should make it easier to compile on new archs.
  * Modified pam_limits so that it was invoked during pam_sm_setcred()
    instead of during pam_sm_session_open() so that it will work with
    shadow's su.
  * Fixed missing symbols in libpam.so, they were caused by it thinking
    it was supposed to have static modules built in.
  * Fixed problem where libpam was getting built with -DDEBUG
  * pam_unix_passwd.c: Changed the perms on shadow to be 0.42 and 0640
    instead of 0.0 and 0600
  * unix_chkpwd: fix it not being sgid shadow

 -- Ben Collins <bcollins@debian.org>  Thu,  9 Sep 1999 13:52:01 -0400

pam (0.69-1) unstable; urgency=low

  * New upstream source
    - Now with a new and improved pam_unix module, closes: #38631
    - Lot's of documentation cleanups
  * Converted build system to dbs (doogie's build system, aka Adam Heath)
  * Fixed libpam.so compilation so that it did not link with any of the
    modules (this was causing lot's of problems, closes; #43913, #40739
  * modules/pam_ftp/pam_ftp.c: Fixed sizeof, to use strlen,
    closes: #44054, #41845, #44142, #39129, #39871, #44412
  * Postscript pages are now generated correctly, closes: #41608
  * Moved to FHS compliance (including use of debhelper 2.0.40),
    this also raises the policy version to 3.0.1.1
  * Don't check the paths in /etc/pam.d files anymore. This is old
    and causes nothing but complaints, closes: #39747
  * Build libpam0g-dbg with debuggable static and shared libraries, also
    enabled the internal DEBUG_REL compile flag for these so that the
    debugging messages will also be output

 -- Ben Collins <bcollins@debian.org>  Tue,  7 Sep 1999 17:45:20 -0400

pam (0.66-10) unstable; urgency=low

  * Added ability for pam_env to parse /etc/environment and updated
    docs to reflect it
  * Applied patch for pwdb_chkpwd man page, closes: #38976
  * Merged pam_unix_*.so modules into one pam_unix.so with symlinks
    for backward compatibility. This helps centralize this module the
    same way the pam_pwdb.so is and the way pam_unix.so is on other
    operating systems (commercial ones specifically).
  * Closed by pam-apps upload, closes: #38632
  * Fixed `sgml2latex' syntax, closes: #39119
  * Added doc-base support, closes: #37627

 -- Ben Collins <bcollins@debian.org>  Wed, 16 Jun 1999 01:20:23 -0400

pam (0.66-9.1) unstable; urgency=low

  *  SPARC NMU to fix chown symbols when compiling with glibc 2.1.1

 -- Ben Collins <bcollins@debian.org>  Tue, 11 May 1999 13:33:33 +0000

pam (0.66-9) unstable; urgency=low

  * Changed the debian/rules to not mess with the library symlinks (ie
    running ldconfig in the lib dir) and all is well, closes: #36169

 -- Ben Collins <bcollins@debian.org>  Sun, 18 Apr 1999 09:09:51 -0400

pam (0.66-8) unstable; urgency=low

  * Compiled with libpam_client.so now (seperate lib in libpam0g)
  * Made regex for libpam0g postinst a little more specific so it
    didn't flag false problems. closes: #34626
  * Applied patch to fix pam_ftp, closes: #35388
  * Modified pam_mail and pam_lastlog to honor PAM_SILENT in order to
    enable apps to use hushlogin/PAM_SILENT
  * Fixed problem with libpam_client.so being static

 -- Ben Collins <bcollins@debian.org>  Mon, 15 Mar 1999 20:54:23 -0500

pam (0.66-7) unstable; urgency=low

  * Fixed XCASE in pam_filter.c (not really in glibc 2.1 by default)

 -- Ben Collins <bcollins@debian.org>  Sat,  6 Mar 1999 18:46:56 -0500

pam (0.66-6) unstable; urgency=low

  * Removed empty /lib/security/ from libpam0g (is created in
    libpam-runtime)
  * Added a depends for libpam-runtime to libpam0g (was supposed to be
    there, must have deleted it)
  * Removed empty /usr/bin from libpam-runtime (old directory where
    upperLOWER was)

 -- Ben Collins <bcollins@debian.org>  Wed, 24 Feb 1999 13:14:25 -0500

pam (0.66-5) unstable; urgency=low

  * Removed harcoded libc6 dependency from libpam0g-dev and changed it to
    libc6-dev. closes: #33615
  * Added md5 flag for pam_unix_passwd.so
  * Removed upperLOWER program since it is just an example. Moved it's
    source to the examples directory in libpam-modules
  * Fixed documentation of pam_strerror() and examples. closes #31142
  * Made pam_unix_passwd.so leave /etc/shadow mode 640 and root.shadow
    after changes
  * Fixed problem in pam_unix_auth that didn't let you su from a normal
    user to another normal user (ie. neither one was root)
  * Closing misc fixed bugs. closes #32809, #32274 (have been fixed,
    just need closing)
  * Tested lockvc with pam support, works for normal users (pam_pwdb)
    closes: #31150
  * Changed /var/log/wtmp in pam_lastlog docs to reflect correct
    /var/log/lastlog file. closes: #26544
  * Added -ldl to libpam.so, so apps don't have to

 -- Ben Collins <bcollins@debian.org>  Fri, 19 Feb 1999 18:47:30 -0500

pam (0.66-4) unstable; urgency=low

  * Changed pwdb_chkpwd to sgid shadow instead of suid root since it only
    needs read permissions to /etc/shadow and not write.
  * Moved a lot of files arouns to get rid of libpam-runtime dependencies
  * Put libpam-pwdb into it's own package
  * Removed -lpwdb links for modules since libpwdb is somewhat buggy (or
    alteast it's interaction with libpam is)
  * Fixed bug in pam_unix_passwd.so that caused it to never authenticate
    the correct passwd, making it so you couldn't change the passwd

 -- Ben Collins <bcollins@debian.org>  Tue, 16 Feb 1999 15:50:28 -0500

pam (0.66-3) unstable; urgency=low

  * Fixed defaults in /etc/pam.d/other to be pam_unix_*.so modules instead
    of the accidental pam_pwdb.so module
  * Fixed suid of pwdb_chkpwd (had to move dh_fixperms after
    dh_suidregister)
  * Added Replaces: libpam0g-util in order to help dpkg upgrade from
    older packages
  * Applied glibc 2.1 patch from Christian Meder. closes: #32809
  * Moved libpam-doc to Section doc. closes: #32274

 -- Ben Collins <bcollins@debian.org>  Fri, 12 Feb 1999 02:01:43 -0500

pam (0.66-2) unstable; urgency=low

  * Removed all of the versioned module stuff. Modules are now in
    /lib/security and stay there. Seems after discussion, that modules may
    not change as often as thought
  * Fixed suidregister for pwdb_chkpwd
  * Fixed incomplete descriptions in control file
  * This is a kludge to close some bugs since the last upload was yanked
    before being installed in the archive, closes: #16882, #30862, #7725,
    #10234, #10406, #12210, #14291, #15528, #15529, #20660, #25330,
    #29868, #31088, #31128, #9131, #9919, #19383, #5132, #14533, #25915,
    #28075, #31548, #31191

 -- Ben Collins <bcollins@debian.org>  Tue,  2 Feb 1999 12:47:25 -0500

pam (0.66-1) unstable; urgency=low

  * New maintainer
  * New upstream release. closes: #16882, #30862, #7725
  * Created a better split of the main lib and the runtime to kill the
    circular dependencies and make it possible to have two .so version of
    the library installed for upgrades. closes: #10234, #10406, #12210,
    bug #14291, #15528, #15529, #20660, #25330, #29868, #31088, #31128,
    bug #9131, #9919.
  * Harcoded modules directory prefixed with the .so version, and
    used alternatives to create the symlink to the 'default' modules
    directory. libpam will use the full path when specified, but use the
    versioned modules directory for relative names.
  * Put libpam0g-cracklib modules back in (own package). This means that
    cracklib support is _not_ in the static libpam.a, also cracklib
    support is _not_ in pam_unix_passwd.o, but only in pam_cracklib.so
    by itself.
  * Fixed a few typos in the source causing compile errors
  * Fixed source #include's so that pam _didn't_ have to be installed
    in order to compile the source ( changed from <> to "" )
  * Removed empty directories from built packages
  * Opted not to build examples, only going to put *.c files in examples
    directory for libpam0g-dev
  * Moved *.sgml files for modules into their own directory (looks like
    that is what the original maintainer wanted to do, but it didn't go)
  * Moved doc build to arch-indep build in rules so that it doesn't get
    built when specifying -B with debuild/dpkg-buildpackage.
  * Moved `touch .quiet...' to build-stamp in order to have -B builds not
    ask about pam.conf
  * Split out non-standard modules to their own package, so as to make the
    base install smaller (planning for base inclusion here)
  * Created small manpage for pwdb_chkpwd. closes: #10941
  * The Copright file in /usr/doc/*/ was already named copright and not
    compressed. closes: #14533
  * Package is now lintian clean. closes #19383, #5132
  * There is a maintainer now and the patch for #25915 is still included
    so.... closes: #25915
  * Added check for editor backup files in /etc/pam.d (*~). closes: #28075
  * Applied patch for md5.h in pam_pwdb module. closes: #31548
  * Added support for dhelp in libpam-doc. closes: #31191

 -- Ben Collins <bcollins@debian.org>  Wed, 20 Jan 1999 07:09:15 -0500

pam (0.65-0.8) frozen unstable; urgency=high

  * Marked PAM as orphaned, given that there has been no maintainer upload
    in almost two years.
  * [defs/debian.defs] Removed superflous cracklib2 dependency.
    (Urgent as cracklib still has release-critical bugs).
    (Fixes #30862).

 -- J.H.M. Dassen (Ray) <jdassen@wi.LeidenUniv.nl>  Wed, 20 Jan 1999 09:34:35 +0100

pam (0.65-0.7) frozen unstable; urgency=high

  * Fixed security vulnerability in the pam_unix and pam_tally modules
    (reported by Michal Zalewski on bugtraq; patch
    A000-SECURITY-PATCH-0.65-and-below.gz by Andrey V. Savochkin).

 -- J.H.M. Dassen (Ray) <jdassen@wi.LeidenUniv.nl>  Tue, 29 Dec 1998 16:20:18 +0100

pam (0.65-0.6) unstable; urgency=high

  * Fixed distribution of files over the various packages, which was
    severely messed up.
  * Added appropriate Replaces: to ensure upgrading from both the hamm
    version and previous slink versions.
  * Fixed debug libraries, PAM module loading.
  * Added examples.
  * Added a "pam-undocumented" manpage pointing to libpam-doc, and
    made links for functions without a manpage to that.

 -- J.H.M. Dassen (Ray) <jdassen@wi.LeidenUniv.nl>  Sun, 11 Oct 1998 19:29:40 +0200

pam (0.65-0.5) unstable; urgency=low

  * Rewritten the preinst warning text (it still mentioned the search path).

 -- J.H.M. Dassen (Ray) <jdassen@wi.LeidenUniv.nl>  Fri,  9 Oct 1998 14:23:18 +0200

pam (0.65-0.4) unstable; urgency=high

  * It looks like I misunderstood DEFAULT_MODULE_PATH: Linux-PAM does not
    currently seem to be easily configured to look for modules in more than
    one directory. With this version, it's configured to look only in
    /lib/security .

 -- J.H.M. Dassen (Ray) <jdassen@wi.LeidenUniv.nl>  Fri,  9 Oct 1998 11:43:34 +0200

pam (0.65-0.3) unstable; urgency=medium

  * Moving the PAM modules to /lib/security broke netatalk.
    Added a preinst script to detect /etc/pam.d files with explicit paths to
    PAM modules, give a warning about them, and offer to abort the install
    (Fixes #27514).

 -- J.H.M. Dassen (Ray) <jdassen@wi.LeidenUniv.nl>  Tue,  6 Oct 1998 20:10:43 +0200

pam (0.65-0.2) unstable; urgency=low

  * Argh. The tools didn't recognise -0.1 as a new upstream release, so
    my previous upload was rejected due to a missing .orig.tar.gz .

 -- J.H.M. Dassen (Ray) <jdassen@wi.LeidenUniv.nl>  Sun,  4 Oct 1998 17:15:09 +0200

pam (0.65-0.1) experimental; urgency=low

  * New upstream version.
  * Non-maintainer upload.
  * Major package overhaul; now uses debhelper.
  * In experimental for now. *Please* provide feedback; if the feedback is
    positive, we can put this in slink.
  * Dropped libc5 support.
  * [libpam/pam_static.c] Fixed compilation: "pamh" was undefined; use "NULL".
    is this the correct fix?
  * [defs/debian.defs] New.
  * [Makefile]
    * Exit when a make in a subdirectory fails.
    * Compile statically too.
    * New variables: LC, LP, LPLIBS, DEFAULT_MODULE_PATH .
  * [libpam/Makefile]
    * Use DEFAULT_MODULE_PATH if nonempty.
    * Link libpam against LPLIBS.
  * [modules/*/Makefile]
    * Link the dynamic security objects against libpam and libc
     (LP and LC).
  * [modules/pam_pwdb/Makefile]
    * Link dynamic security objects against libcrypt and libnsl.
  * [conf/install_conf] Allow for non-interactive install (as the other
    install_conf scripts already did).
  * Automatically determine the list of /etc/security/* conffiles.
  * Moved libpam to /lib, and PAM modules to /lib/security as they will
    become part of the base system in the future.
  * Built without cracklib support, to keep the base system smaller.
  * /sbin/pwdb_chkpwd is undocumented, as is upperLOWER.

 -- J.H.M. Dassen (Ray) <jdassen@wi.LeidenUniv.nl>  Fri,  2 Oct 1998 20:23:27 +0200

pam (0.57b-0.4) unstable; urgency=high

  * Non maintainer upload
    My previous upload had removed the libc5 stuff from the controlfile
    messing up things. Change 'Architecture: any' to 'i386 m68k' for those
    .deb's instead.

 -- Turbo Fredriksson <turbo@debian.org>  Thu, 20 Aug 1998 20:06:50 -0400

pam (0.57b-0.3) unstable; urgency=high

  * Non maintainer upload
    On a glibc2.1 system, XCASE is only defined in the <bits/termios.h>
    _IF_ '__USE_MISC' or '__USE_UNIX98' is defined.

 -- Turbo Fredriksson <turbo@debian.org>  Sun, 16 Aug 1998 22:13:45 -0400

pam (0.57b-0.2) unstable; urgency=high

  * Yet another non-maintainer release.
  * Zero changes; simply a re-upload due to a rm-trigger happy release
    ``manager''.

 -- James Troup <jjtroup@comp.brad.ac.uk>  Tue, 17 Mar 1998 19:55:16 +0100

pam (0.57b-0.1) unstable; urgency=medium

  * Non-maintainer release.
  * debian/control (Standards-Version): Updated to 2.4.0.0.
  * debian/control (libpam0g-dev): Also conflict with libpam-dbg.
  * debian/postinst: use case statement instead of if.
  * debian/rules (COMPAT_ARCHES): removed sparc.
  * debian/rules (binary-libc6-dev, binary-libc5-altdev): strip static libraries with
    --strip-debug, not --strip-unneeded.
  * debian/rules: each package now has it's own doc directory under
    /usr/doc/, containing at least the copyright file (Policy 5.6).
  * debian/rules: install files with `install -m 644' not `cp -p' to avoid
    read-only files.
  * debian/rules (binary-libc6-util): strip /usr/lib/*/security/*.so with
    --strip-unneeded.
  * debian/rules (binary-libc5-util): ditto.
  * debian/rules (binary-libc5): don't depend on binary-libc5.

 -- James Troup <jjtroup@comp.brad.ac.uk>  Sat,  7 Mar 1998 18:04:19 +0100

pam (0.57b-0) unstable; urgency=medium

  * Non-maintainer release.
  * New upstream version.
  * Doesn't use pristine upstream source as the upstream tar ball is broken.
  * Added libc6 libraries libpam0g, libpam0g-dev, libpam0g-dbg and
    libpam0g-util. [#11697]
  * libpam-dev becomes libpam0-altdev, libpam-util -> libpam0-altutil and
    libpam-dbg is removed.
  * libpam0 depends on libpam0g because libpam0g contains the pam conffile.
  * libpam0-util depends on libpam0g-util because libpam0g contains the binary.
  * Compiled with -D_REENTRANT and link with -lc.
  * Fixed permissions on shared libraries.
  * Corrected syntax of /etc/pam.d/other. [#10497, #10758, #12030]
  * Fixed typos in postinst. [#10474, #11365]
  * Made /etc/pam.conf a conffile.
  * Updated URL in copyright file.
  * Removed over-zelaously installed README* files from libpam-doc.

 -- James Troup <jjtroup@comp.brad.ac.uk>  Sat, 22 Nov 1997 17:54:30 +0100

pam (0.56-2) unstable; urgency=low

  * Added /etc/pam.d/other with policy 'deny'.
  * Add manual pages for PAM security modules.

 -- Klee Dienes <klee@debian.org>  Sat, 15 Mar 1997 22:33:22 -0500

pam (0.56-1) unstable; urgency=low

  * New upstream release.
  * Converted to new packaging format.
  * Reorganization of package structure (-dev, -dbg, etc).

 -- Klee Dienes <klee@debian.org>  Sat, 8 Mar 1997 01:21:17 -0500