Change log for pam package in Debian

143 of 43 results
Published in buster-release on 2017-07-17
Published in stretch-release on 2017-06-02
Published in sid-release on 2017-05-27
pam (1.1.8-3.6) unstable; urgency=medium

  * Non-maintainer upload.
  * cve-2015-3238.patch: Add the changes in the generated pam_exec.8
    and pam_unix.8 in addition to (and after) the changes to the
    source .xml files. This avoids unwanted rebuilds that can cause
    problems due to differing files on different architectures of
    the Multi-Arch: same libpam-modules. (Closes: #851545)

 -- Adrian Bunk <email address hidden>  Sat, 27 May 2017 18:44:02 +0300
Published in jessie-release on 2017-01-14
pam (1.1.8-3.1+deb8u2) jessie; urgency=medium

  * Non-maintainer upload.
  * debian/patches-applied/pam-loginuid-in-containers: Updated with the version
    from Ubuntu, this should fix logins in containers (Closes: #726661)

 -- Evgeni Golov <email address hidden>  Sat, 12 Nov 2016 08:38:19 +0100
Superseded in stretch-release on 2017-06-02
Superseded in sid-release on 2017-05-27
pam (1.1.8-3.5) unstable; urgency=medium

  * Non-maintainer upload.
  * Build-Depend on libfl-dev:native as well, for cross builds.
    Re-closes: #846459
  * Fix "Unescaped left brace in regex" with Perl 5.22. Closes: #810873

 -- Adam Borowski <email address hidden>  Fri, 30 Dec 2016 14:37:29 +0100
Superseded in stretch-release on 2017-01-15
Superseded in sid-release on 2017-01-10
pam (1.1.8-3.4) unstable; urgency=medium

  * Non-maintainer upload.
  * Add libfl-dev to Build-Depends, fixing FTBFS.  Closes: #846459
  * Move xsl stuff to Build-Depends from -Indep to fix misbuilt manpages.
    Closes: #812566

 -- Adam Borowski <email address hidden>  Sun, 18 Dec 2016 01:03:58 +0100
Superseded in stretch-release on 2016-12-31
Superseded in sid-release on 2016-12-21
pam (1.1.8-3.3) unstable; urgency=low

  * Non-maintainer upload.
  [ Steve Langasek ]
  * Updated Swedish translation to correct a typo, thanks to Anders Jonsson
    and Martin Bagge.  Closes: #743875
  * Updated Turkish translation, thanks to Mert Dirik <email address hidden>.
    (closes: #756756)
  * d/applied-patches/pam-limits-nofile-fd-setsize-cap: cap the default
    soft nofile limit read from pid 1 to FD_SETSIZE.  Thanks to Robie Basak
    <email address hidden> for the patch.  Closes: #783105.
  * Acknowledge security NMU.
  * pam-auth-update: don't mishandle trailing whitespace in profiles.
    LP: #1487103.

  [ Laurent Bigonville ]
  * debian/control: Fix Vcs-* and Homepage fields (Closes: #752343)
  * debian/watch: Update watch file and point it to http://www.linux-pam.org
  * debian/patches-applied/pam_namespace_fix_bashism.patch: Fix bashism in
    namespace.init script (Closes: #624842)
  * debian/control: Build-depends against debhelper (>= 9) to match the
    defined debhelper compatibility
  * Rename the cve-2011-4708.patch to cve-2010-4708.patch to match reality,
    thanks to Jakub Wilk <email address hidden> for noticing (Closes: #761594)
  * debian/control: Bump Standards-Version to 3.9.8 (no further changes)
  * debian/libpam-doc.doc-base.applications-guide: Fix spelling
  * debian/libpam0g-dev.examples: Do not use shell brace expansion
  * debian/patches-applied/pam-loginuid-in-containers: Updated with the version
    from Ubuntu, this should fix logins in containers (Closes: #726661)
  * debian/patches-applied/update-motd: Updated with the version from Ubuntu:
    use /run/motd.dynamic instead of /var/run/motd, nothing in the archive
    uses the later (Closes: #743286)
  * debian/patches-applied/make_documentation_reproducible.patch: Make the
    build reproducible, removes differences when building with different
    locale values (Closes: #792127)

 -- Laurent Bigonville <email address hidden>  Wed, 18 May 2016 02:04:29 +0200
Superseded in jessie-release on 2017-01-14
pam (1.1.8-3.1+deb8u1) jessie; urgency=medium

  * Non-maintainer upload.
  * Fix CVE-2015-3238: DoS/user enumeration due to blocking pipe in pam_unix
    module (Closes: #789986)

 -- Tianon Gravi <email address hidden>  Wed, 06 Jan 2016 17:25:53 -0800
Superseded in stretch-release on 2016-06-07
Superseded in sid-release on 2016-06-02
pam (1.1.8-3.2) unstable; urgency=medium

  * Non-maintainer upload.
  * Fix CVE-2015-3238: DoS/user enumeration due to blocking pipe in pam_unix
    module (Closes: #789986)

 -- Tianon Gravi <email address hidden>  Wed, 06 Jan 2016 15:53:31 -0800
Superseded in stretch-release on 2016-01-12
Superseded in jessie-release on 2016-01-23
Superseded in sid-release on 2016-01-07
pam (1.1.8-3.1) unstable; urgency=high


  * Non-maintainer upload by the Security Team.
  * Fix CVE-2013-7041: case-insensitive comparison used for verifying
    passwords in the pam_userdb module (closes: #731368).
  * Fix CVE-2014-2583: multiple directory traversal issues in the
    pam_timestamp module (closes: 757555)

 -- Michael Gilbert <email address hidden>  Sat, 09 Aug 2014 09:50:42 +0000
Superseded in jessie-release on 2014-08-28
Superseded in sid-release on 2014-08-31
pam (1.1.8-3) unstable; urgency=low


  * debian/rules: On hurd, link libpam explicitly with -lpthread since glibc
    will not dynamically switch between the libc stubs and the libpthread
    implementations on this architecture.  Thanks to Samuel Thibault for the
    patch.  Closes: #743891.

 -- Steve Langasek <email address hidden>  Mon, 07 Apr 2014 17:49:38 -0700
Superseded in jessie-release on 2014-04-18
Superseded in sid-release on 2014-04-08
pam (1.1.8-2) unstable; urgency=medium


  * Mark the libaudit-dev build-dependency linux-any, since it's not
    available on non-Linux archs.  Closes: #737035.

 -- Steve Langasek <email address hidden>  Thu, 13 Feb 2014 15:02:00 -0800
Superseded in sid-release on 2014-02-14
pam (1.1.8-1) unstable; urgency=medium


  * New upstream release.
    - includes upstream changes to pam_exec.  Closes: #670147.
    - adds support for newer hashing algorithms to pam_userdb.
      Closes: #671740.
    - fixes handling of 'quiet' argument to pam_listfile, to match the
      documentation.  Closes: #592219.
    - fixes handling of @users@@hosts netgroup syntax in access.conf.
      Closes: #681223.
    - fixes installation of the /etc/security/namespace.d directory.
      Closes: #710998.
    - 027_pam_limits_better_init_allow_explicit_root: support for reading
      /proc/1/limits is upstream, this patch now only handles the policy
      of resetting limits by default and not applying glob limits to root.
    - debian/patches/fix-manpage-crud: drop, manpages now being generated
      upstream with a newer, fixed xsltproc.
    - debian/patches/pam_env-fix-overflow.patch, pam_env-fix-dos.patch,
      glibc-2_16-compilation-fix.patch, sys-types-include.patch: drop,
      included upstream.
  * Add build-dependency on pkg-config.
  * Ensure autogenerated files are after source files in all relevant patches,
    so that regenerating documentation doesn't cause build skew.
  * Drop the --disable-regenerate-docu argument, restoring the HTML manuals
    to the libpam-doc package.  Closes: #700485.
  * No need to override dh_compress in debian/rules, it already handles .html
    files correctly.
  * debian/libpam-cracklib.prerm: use $DPKG_MAINTSCRIPT_PACKAGE_COUNT to avoid
    prematurely removing the PAM config when the package is installed for
    multiple architectures.  Closes: #647428.

 -- Steve Langasek <email address hidden>  Thu, 16 Jan 2014 00:38:42 +0000
Superseded in sid-release on 2014-01-16
pam (1.1.3-11) unstable; urgency=low


  [ Wookey ]
  * Disable libaudit for stage1 bootstrap.

  [ Steve Langasek ]
  * debian/patches-applied/pam-loginuid-in-containers: pam_loginuid:
    Ignore failure in user namespaces.
  * Use [linux-any] in build-deps, instead of hard-coding a list of
    non-Linux archs.  Closes: #634516.

 -- Steve Langasek <email address hidden>  Tue, 14 Jan 2014 03:33:31 +0000
Superseded in sid-release on 2014-01-14
pam (1.1.3-10) unstable; urgency=low


  * Fix pam-auth-update handling of trailing blank lines in the fields of
    profiles.  LP: #1160288.
  * Reintroduce libaudit support now that libaudit has been multiarched.
    Closes: #699159.

 -- Steve Langasek <email address hidden>  Sun, 20 Oct 2013 15:30:46 -0700
Superseded in jessie-release on 2014-02-19
Superseded in sid-release on 2014-02-14
pam (1.1.3-9) unstable; urgency=low


  * Revert libaudit support for now, because libaudit isn't multiarched yet
    in unstable so this regresses cross-installability.  Reopens bug
    #699159.
  * Add an or'ed dependency on cdebconf, which also implements the
    xloadtemplatefile extension that prevents us from depending on just
    'debconf-2.0'.  Thanks to Régis Boudin <email address hidden> for the info.
    Closes: #677278.

 -- Steve Langasek <email address hidden>  Tue, 12 Feb 2013 23:06:30 +0000
Superseded in sid-release on 2013-02-13
pam (1.1.3-8) unstable; urgency=low


  * Confirm NMU for bug #611136; thanks to Michael Gilbert.
    - As a side effect, there will no longer be errors from reading the
      .pam_environment twice since we are now reading it 0 times.
      LP: #955032.
  * Adjust the pam_env documentation to match the module behavior resulting
    from the previous security upload.  Closes: #693995.
  * debian/rules: never regenerate manpages at build time; this may cause
    build skew that breaks the world in a multiarch context.  LP: #1095887.
  * debian/patches-applied/glibc-2_16-compilation-fix.patch: fix missing
    include causing build failure with eglibc 2.16.  Thanks to Daniel
    Schepler <email address hidden>.  Closes: #693450.
  * Ditch autoconf patch in favor of a build-dependency on dh-autoreconf,
    which will let us keep up-to-date with newer autotools.  In the present
    instance, this gets us aarch64 support.
  * Install pam_timestamp_check - and while we're at it, move the manpage
    to the correct binary package.  Closes: #648695.
  * Update lintian overrides to suppress some noise about hardening and
    manpages.
  * Enable audit support, by popular demand.  This should have no major
    impact unless you're also running auditd; but I reserve the right to
    disable this again in the event that this causes a performance hit or
    breaks upgrades (since the dependency is pulled into libpam, not just
    into pam_tty_audit).  Closes: #699159, LP: #937005.

 -- Steve Langasek <email address hidden>  Tue, 12 Feb 2013 05:36:29 +0000
Published in wheezy-release on 2012-05-15
Superseded in sid-release on 2013-02-13
pam (1.1.3-7.1) unstable; urgency=low


  * Non-maintainer upload.
  * Fix cve-2011-4708: user-configurable .pam_environment allows
    administrator-level changes without root access (closes: #611136).

 -- Michael Gilbert <email address hidden>  Sun, 29 Apr 2012 02:23:26 -0400
Superseded in wheezy-release on 2012-05-15
Superseded in sid-release on 2012-05-05
pam (1.1.3-7) unstable; urgency=low


  * Updated debconf translations:
    - Danish, thanks to Joe Dalton <email address hidden> (closes: #648382)
    - French, thanks to Jean-Baka Domelevo Entfellner <email address hidden>
      (closes: #649850)
    - Dutch, thanks to Jeroen Schot <email address hidden>
      (closes: #650755)
    - Russian, thanks to Yuri Kozlov <email address hidden> (closes: #650867)
    - Portuguese, thanks to Pedro Ribeiro <email address hidden>
      (closes: #652493)
    - German, thanks to Sven Joachim <email address hidden> (closes: #653407)
    - Spanish, thanks to Javier Fernandez-Sanguino Peña <email address hidden>
      (closes: #654043)
    - Bulgarian, thanks to Damyan Ivanov <email address hidden> (closes: #656518)
    - Slovak, thanks to Ivan Masár <email address hidden> (closes: #656521)
    - Japanese, thanks to Kenshi Muto <email address hidden> (closes: #656834)
    - Polish, thanks to Michał Kułach <email address hidden>
      (closes: #657476)
    - Catalan, thanks to Innocent De Marchi <email address hidden>
      (closes: #657489)
    - Czech, thanks to Miroslav Kure <email address hidden>
      (closes: #657578)
    - Swedish, thanks to Martin Bagge <email address hidden> (closes: #651349)

 -- Steve Langasek <email address hidden>  Sat, 28 Jan 2012 10:57:49 -0800
Published in squeeze-release on 2012-01-28
pam (1.1.1-6.1+squeeze1) stable-security; urgency=low


  * Non-maintainer upload by the Security Team
  * Fix CVE-2011-3148 and CVE-2011-3149

 -- Moritz Muehlenhoff <email address hidden>  Mon, 17 Oct 2011 18:28:52 +0000
Superseded in wheezy-release on 2012-02-08
Superseded in sid-release on 2012-01-30
pam (1.1.3-6) unstable; urgency=low


  * debian/patches-applied/hurd_no_setfsuid: we don't want to check all
    setre*id() calls; we know that there are situations where some of these
    may fail but we don't care.  As long as the last setre*id() call in each
    set succeeds, that's the state we mean to be in.
  * debian/libpam0g.postinst: according to Kubuntu developers, kdm no longer
    keeps libpam loaded persistently at runtime, so it's not necessary to
    force a kdm restart on ABI bump.  Which is good, since restarting kdm
    now seems to also log users out of running sessions, which we rather
    want to avoid.  Closes: #632673, LP: #744944.
  * debian/patches-applied/update-motd: set a sane umask before calling
    run-parts, and restore the old mask afterwards, so /run/motd gets
    consistent permissions.  LP: #871943.
  * debian/patches-applied/update-motd: new module option for pam_motd,
    'noupdate', which suppresses the call to run-parts /etc/update-motd.d.
    LP: #805423.
  * debian/libpam0g.templates, debian/libpam0g.postinst: add a new question,
    libraries/restart-without-asking, that allows admins to accept the
    service restarts once for all so that they don't have to repeatedly
    say "ok".  LP: #745004.
  * debian/libpam-runtime.templates, debian/local/pam-auth-update: add a
    new 'title' template, so pam-auth-update doesn't give a blank title
    when called outside of a maintainer script.  LP: #882794.

 -- Steve Langasek <email address hidden>  Sun, 06 Nov 2011 19:43:14 -0800
Superseded in sid-release on 2011-11-07
pam (1.1.3-5) unstable; urgency=low


  [ Kees Cook ]
  * debian/patches-applied/pam_unix_dont_trust_chkpwd_caller.patch: use
    setresgid() to wipe out saved-gid just in case.
  * debian/patches-applied/008_modules_pam_limits_chroot:
    - fix off-by-one when parsing configuration file.
    - when using chroot, chdir() to root to lose links to old tree.
  * debian/patches-applied/022_pam_unix_group_time_miscfixes,
    debian/patches-applied/026_pam_unix_passwd_unknown_user,
    debian/patches-applied/054_pam_security_abstract_securetty_handling:
    improve descriptions.
  * debian/patches-applied/{007_modules_pam_unix,055_pam_unix_nullok_secure}:
    drop unneeded no-op change to reduce delta from upstream.
  * debian/patches-applied/hurd_no_setfsuid: check all set*id() calls.
  * debian/patches-applied/update-motd: correctly clear environment when
    building motd.
  * debian/patches-applied/pam_env-fix-overflow.patch: fix stack overflow
    in environment file parsing (CVE-2011-3148).
  * debian/patches-applied/pam_env-fix-dos.patch: fix DoS in environment
    file parsing (CVE-2011-3149).

 -- Steve Langasek <email address hidden>  Thu, 27 Oct 2011 21:33:57 -0700
Superseded in wheezy-release on 2011-11-17
Superseded in sid-release on 2011-10-29
pam (1.1.3-4) unstable; urgency=low


  * Make sure shared library links are also installed to the multiarch
    directory, not just the .a files; otherwise the static libs get found
    first by the linker.  Thanks to Russ Allbery for catching this.
    Closes: #642952.

 -- Steve Langasek <email address hidden>  Sun, 25 Sep 2011 22:33:55 +0000
Superseded in sid-release on 2011-09-26
pam (1.1.3-3) unstable; urgency=low


  * Look for /etc/init.d/postgresql, not /etc/init.d/postgresql-8.{2,3},
    for service restarts; the latter are obsolete since squeeze.
    Closes: #631511.
  * Move debian/libpam0g-dev.install to debian/libpam0g-dev.install.in
    and substitute the multiarch path at build time, so our .a files go to
    the multiarch dir instead of to /usr/lib.  Thanks to Riku Voipio for
    pointing out the bug.
  * debian/control: adjust the package descriptions, as the current ones
    use some awkward language that's gone unnoticed for a long time.  Thanks
    to Martin Eberhard Schauer <email address hidden> for pointing this
    out.  Closes: #633863.
  * Build-depend on debhelper 8.9.4 and bump debian/compat to 9 for
    dpkg-buildflags integration, and drop manual setting of -g -O options in
    CFLAGS now that we can let dh do it for us
  * Don't set --sbindir when calling configure; upstream takes care of this
    for us

 -- Steve Langasek <email address hidden>  Sat, 24 Sep 2011 20:08:56 +0000
Superseded in wheezy-release on 2011-10-06
Superseded in sid-release on 2011-09-26
pam (1.1.3-2) unstable; urgency=low
  [ Kees Cook ]  * debian/patches-applied/027_pam_limits_better_init_allow_explicit_root:    - only report about unknown kernel rlimits when "debug" is set      (Closes: 625226, LP: #794531).  [ Steve Langasek ]  * Build for multiarch.  Closes: #463420.  * debian/patches-applied/027_pam_limits_better_init_allow_explicit_root:    don't reset the process niceness for root; since it's root, they can    still renice to a lower nice level if they need to and changing the    nice level by default is unexpected behavior.  Closes: #594377. -- Steve Langasek <email address hidden>  Tue, 21 Jun 2011 11:41:12 -0700
Superseded in wheezy-release on 2011-09-21
Superseded in sid-release on 2011-09-21
pam (1.1.3-1) unstable; urgency=low
  * New upstream release.    - Fixes CVE-2010-3853, executing namespace.init with an insecure      environment set by the caller.  Closes: #608273.    - Fixes CVE-2010-3316 CVE-2010-3430 CVE-2010-3431 CVE-2010-3435.      Closes: #599832.  * Port hurd_no_setfsuid patch to new pam_modutil_{drop,restore}_priv    interface; now possibly upstreamable  * debian/patches-applied/027_pam_limits_better_init_allow_explicit_root:    set a better default RLIMIT_MEMLOCK value for BSD kernels.  Thanks to    Petr Salinger for the fix.  Closes: #602902.  * bump the minimum version check in maintainer scripts for the restart    handling. -- Steve Langasek <email address hidden>  Sat, 04 Jun 2011 03:10:50 -0700
Superseded in wheezy-release on 2011-09-21
Superseded in sid-release on 2011-09-21
pam (1.1.2-3) unstable; urgency=low
  [ Kees Cook ]  * 027_pam_limits_better_init_allow_explicit_root: load rlimit defaults    from the kernel (via /proc/1/limits), instead of continuing to hardcode    the settings internally. Fall back to internal defaults when the kernel    rlimits are not found.  Closes: #620302. (LP: #746655, #391761)  * Updated debconf translations:    - Vietnamese, thanks to Clytie Siddall <email address hidden>      (closes: #601197)    - Dutch, thanks to Eric Spreen <email address hidden> (closes: #605592)    - Danish, thanks to Joe Dalton <email address hidden> (closes: #606739)    - Catalan, thanks to Innocent De Marchi <email address hidden>      (closes: #622786) -- Steve Langasek <email address hidden>  Sun, 01 May 2011 01:49:11 -0700
Superseded in wheezy-release on 2011-09-21
Superseded in sid-release on 2011-09-21
pam (1.1.2-2) unstable; urgency=low
  * debian/patches-applied/hurd_no_setfsuid: handle some new calls to    setfsuid in pam_xauth that I overlooked, so that the build works again    on non-Linux.  Closes: #613630. -- Steve Langasek <email address hidden>  Wed, 16 Feb 2011 09:27:11 -0800
Superseded in sid-release on 2011-09-21
pam (1.1.2-1) unstable; urgency=low
  * New upstream release.    - Add support for NSS groups to pam_group.  Closes: #589019,      LP: #297408.    - Support cross-building the package.  Thanks to Neil Williams      <email address hidden> for the patch.  Closes: #284854.     * debian/rules: pass getconf LFS_CFLAGS so that we get a 64-bit rlimit    interface.  Closes: #579402.  * Drop patches conditional_module,_conditional_man and    mkhomedir_linking.patch, which are included upstream.  * debian/patches/hurd_no_setfsuid: pam_env and pam_mail now also use    setfsuid, so patch them to be likewise Hurd-safe.  * Update debian/source.lintian-overrides to clean up some spurious    warnings.  * debian/libpam-modules.postinst: if any 'min=n' options are found in    /etc/pam.d/common-password, convert them on upgrade to 'minlen=n' for    compatibility with upstream.  * debian/NEWS: document the disappearance of 'min=n', in case users have    encoded this option elsewhere outside of /etc/pam.d/common-password.  * debian/patches/007_modules_pam_unix: drop compatibility handling of    'max=' no-op; use of this option will now log an error, as warned three    years ago.  * Bump Standards-Version to 3.9.1.  * Add lintian overrides for a few more spurious warnings.  * debian/patches-applied/no_PATH_MAX_on_hurd: define PATH_MAX for    compatibility when it's not already set.  Closes: #552043.  * debian/local/pam-auth-update: Don't try to pass embedded newlines to    debconf; backslash-escape them instead and use CAPB escape.  * debian/local/pam-auth-update: sort additional module options before    writing them out, so that we don't wind up with a different config file    on every invocation.  Thanks to Jim Paris <email address hidden> for the patch.    Closes: #594123.  * debian/libpam-runtime.{postinst,templates}: since 1.1.2-1 is targeted    for post-squeeze, we don't need to support upgrades from 1.0.1-6 to    1.0.1-10 anymore.  Drop the debconf error note about having configured    your system with a lack of authentication, so that translators don't    spend any more time on it.  * Updated debconf translations:    - Swedish, thanks to Martin Bagge <email address hidden> (closes: #575875) -- Steve Langasek <email address hidden>  Tue, 15 Feb 2011 23:21:41 -0800
Superseded in wheezy-release on 2011-09-21
Superseded in squeeze-release on 2012-01-28
Superseded in sid-release on 2011-09-21
pam (1.1.1-6.1) unstable; urgency=low


  * Non-maintainer upload.
  * Fix pending l10n issues. Debconf translations:
    - Czech (Miroslav Kure).  Closes: #598329
    - Slovak (Ivan Masár).  Closes: #600164
    - Japanese (Kenshi Muto).  Closes: #600247
    - Finnish (Esko Arajärvi).  Closes: #600641

 -- Christian Perrier <email address hidden>  Tue, 19 Oct 2010 07:30:49 +0200
Superseded in squeeze-release on 2011-09-13
Superseded in sid-release on 2011-09-21
pam (1.1.1-6) unstable; urgency=low


  * Updated debconf translations:
    - Swedish, thanks to Martin Bagge <email address hidden> (closes: #575875)

 -- Steve Langasek <email address hidden>  Sun, 05 Sep 2010 23:36:35 -0700
Superseded in sid-release on 2011-09-21
pam (1.1.1-5) unstable; urgency=low


  * debian/rules: pass getconf LFS_CFLAGS so that we get a 64-bit rlimit
    interface.  Closes: #579402.
  * Update debian/source.lintian-overrides to clean up some spurious
    warnings.
  * Bump Standards-Version to 3.9.1.
  * Add lintian overrides for a few more spurious warnings.
  * debian/patches-applied/no_PATH_MAX_on_hurd: define PATH_MAX for
    compatibility when it's not already set.  Closes: #552043.
  * debian/local/pam-auth-update: Don't try to pass embedded newlines to
    debconf; backslash-escape them instead and use CAPB escape.
  * debian/local/pam-auth-update: sort additional module options before
    writing them out, so that we don't wind up with a different config file
    on every invocation.  Thanks to Jim Paris <email address hidden> for the patch.
    Closes: #594123.

 -- Steve Langasek <email address hidden>  Sun, 05 Sep 2010 12:42:34 -0700
Superseded in squeeze-release on 2011-09-13
Superseded in sid-release on 2011-09-21
pam (1.1.1-4) unstable; urgency=low


  * debian/patches/conditional_module,_conditional_man: if we don't have the
    libraries required for building pam_tty_audit, we shouldn't install the
    manpage either. LP: #588547.
  * Updated debconf translations:
    - Portuguese, thanks to Eder L. Marques <email address hidden>
      (closes: #581746)
    - Spanish, thanks to Javier Fernandez-Sanguino Peña <email address hidden>
      (closes: #592172)
    - Galician, thanks to Jorge Barreiro <email address hidden>
      (closes: #592808)
  * Don't pass --version-script options when linking executables,
    only when linking libraries.  Thanks to Julien Cristau
    <email address hidden> for the fix.  Closes: #582362.

 -- Steve Langasek <email address hidden>  Sun, 15 Aug 2010 21:53:46 -0700
Superseded in sid-release on 2011-09-21
Superseded in squeeze-release on 2011-09-13
pam (1.1.1-3) unstable; urgency=low


  * pam-auth-update: fix a bug in our handling of module options when the
    module name contains digits, caused by a buggy regexp. :/  Partially
    addresses LP #369575.
  * Install /sbin/pam_tally2 in the libpam-modules package; thanks to
    Olivier BONHOMME <email address hidden> for reporting.  Closes: #554010.

 -- Steve Langasek <email address hidden>  Sun, 25 Apr 2010 05:53:44 -0700
Superseded in squeeze-release on 2011-09-13
Superseded in sid-release on 2011-09-21
pam (1.1.1-2) unstable; urgency=low


  * Document the new symbols added in 1.1.1 in debian/libpam0g.symbols, and
    raise the minimum version for the service restarting code.
    Closes: #568480.

 -- Steve Langasek <email address hidden>  Wed, 17 Feb 2010 23:21:23 -0800
Superseded in squeeze-release on 2011-09-13
Superseded in sid-release on 2011-09-21
pam (1.1.1-1) unstable; urgency=low


  * New upstream version.
    - restore proper netgroup handling in pam_access.
      Closes: #567385, LP: #513955.
  * Drop patches pam.d-manpage-section, namespace_with_awk_not_gawk, and
    pam_securetty_tty_check_before_user_check, which are included upstream.
  * debian/patches/026_pam_unix_passwd_unknown_user: don't return
    PAM_USER_UNKNOWN on password change of a user that has no shadow entry,
    upstream now implements auto-creating the shadow entry in this case.
  * Updated debconf translations:
    - French, thanks to Jean-Baka Domelevo Entfellner <email address hidden>
      (closes: #547039)
    - Bulgarian, thanks to Damyan Ivanov <email address hidden> (closes: #562835)
  * debian/patches/sys-types-include.patch: fix pam_modutil.h so that it can
    be included directly, without having to include sys/types.h first.
    Closes: #556203.
  * Add postgresql-8.3 to the list of services in need of restart on upgrade.
    Closes: #563674.
  * And drop postgresql-{7.4,8.1} from the list, neither of which is present
    in stable.
  * debian/patches/007_modules_pam_unix: recognize that *all* of the password
    hashes other than traditional crypt handle passwords >8 chars in length.
    LP: #356766.

 -- Steve Langasek <email address hidden>  Mon, 01 Feb 2010 02:04:33 -0800
Superseded in squeeze-release on 2011-09-13
Superseded in sid-release on 2011-09-21
pam (1.1.0-4) unstable; urgency=low


  * debian/patches/pam_securetty_tty_check_before_user_check: new patch,
    to make pam_securetty always return success on a secure tty regardless
    of what username was passed.  Thanks to Nicolas François
    <email address hidden> for the patch.  Closes: #537848
  * debian/local/pam-auth-update: only reset the seen flag on the template
    when there's new information; this avoids reprompting users for the same
    information on upgrade, regardless of the debconf priority used.
    Closes: #544805.
  * libpam0g no longer depends on libpam-runtime; packages that use
    /etc/pam.d/common-* must depend directly on libpam-runtime, and most do
    (including the Essential: yes ones), so let's break this circular
    dependency.  Closes: #545086, LP: #424566.

 -- Steve Langasek <email address hidden>  Mon, 14 Sep 2009 18:47:25 -0700
Superseded in sid-release on 2011-09-21
pam (1.1.0-3) unstable; urgency=low


  * Bump debian/compat to 7, so we can use sane contents in debian/*.install
  * Switch all packages over to dh_install
  * Rename debian/*.lintian to debian/*.lintian-overrides and use dh_lintian
  * Move installation logic out of debian/rules into individual .install
    files
  * Drop superfluous options to dh_installchangelogs, dh_shlibdeps
  * Use debian/clean instead of rm -f'ing files in debian/rules clean target
  * Drop ./configure options that are no-ops
  * Drop the /lib/security/pam_unix_*.so symlinks, which have been deprecated
    now for 10 years and are not used at all if pam-auth-update is in play.
  * Drop the pam_rhosts_auth.so symlink as well, and document in NEWS.Debian
    that this is now obsolete.
  * Drop stale content from README.debian: some of this should have been in
    NEWS.Debian instead (but is so old it's not worth putting it there now),
    some of it is obsolete by the change in package VCS.
  * Convert debian/rules to debhelper 7 and add versioned build-dependencies
    on debhelper and quilt to suit.
  * Drop CFLAGS that we don't need anymore (-fPIC, -D_REENTRANT,
    -D_GNU_SOURCE).
  * Explicitly add -O0 to CFLAGS when noopt is set.
  * debian/patches/autoconf.patch: pull ltmain.sh in, to fix some spurious
    library linkage in the modules.
  * Move pam_cracklib manpage to the libpam-cracklib package, and add the
    requisite Replaces
  * Drop dh_makeshlibs -V; everything from lenny on should use the .symbols
    file instead, making the shlibs redundant so we don't need to care what
    version gets listed there.

 -- Steve Langasek <email address hidden>  Mon, 07 Sep 2009 18:47:45 -0700
Superseded in squeeze-release on 2011-09-13
Superseded in sid-release on 2011-09-21
pam (1.0.1-10) unstable; urgency=high


  [ Steve Langasek ]
  * Updated debconf translations:
    - Finnish, thanks to Esko Arajärvi <email address hidden> (closes: #520785)
    - Russian, thanks to Yuri Kozlov <email address hidden> (closes: #521874)
    - German, thanks to Sven Joachim <email address hidden> (closes: #521530)
    - Basque, thanks to Piarres Beobide <email address hidden>
      (closes: #524285)
  * When no profiles are chosen in pam-auth-update, throw an error message
    and prompt again instead of letting the user end up with an insecure
    system.  This introduces a new debconf template.  Closes: #519927,
    LP: #410171.

  [ Kees Cook ]
  * Add debian/patches/pam_1.0.4_mindays: backport upstream 1.0.4 fixes
    for MINDAYS-Field regression (closes: #514437).
  * debian/control: add missing misc:Depends for packages that need it.

  [ Sam Hartman ]
  * Remove conflicts information for transitions prior to woody release
  * Fix lintian overrides for libpam-runtime
  * Overrides for lintian finding quilt patches
  * pam_mail-fix-quiet: patch from Andreas Henriksson
    applied upstream to fix quiet option of pam_mail, Closes: #439268 

  [ Dustin Kirkland ]
  * debian/patches/update-motd: run the update-motd scripts in pam_motd;
    render update-motd obsolete, LP: #399071

  [ Sam Hartman ]
  * cve-2009-0887-libpam-pam_misc.patch: avoid integer signedness problem
    (CVE-2009-0887) (Closes: #520115) 

 -- Steve Langasek <email address hidden>  Thu, 06 Aug 2009 17:54:32 +0100
Published in lenny-release on 2009-04-21
pam (1.0.1-5+lenny1) stable; urgency=high


  * Security NMU, high urgency.
  * Fix signedness error in _pam_StrTok(), CVE-2009-0887.
    Closes: #520115.

 -- Jan Christoph Nordholz <email address hidden>  Tue, 17 Mar 2009 18:51:07 +0100
Superseded in squeeze-release on 2011-09-13
Superseded in sid-release on 2011-09-21
pam (1.0.1-9) unstable; urgency=low


  * Move the pam module packages to section 'admin'.
  * 027_pam_limits_better_init_allow_explicit_root: defaults need to be
    declared as LIMITS_DEF_DEFAULT instead of LIMITS_DEF_ALL, otherwise
    global limits will fail to be applied.  LP: #314222.

 -- Steve Langasek <email address hidden>  Fri, 20 Mar 2009 19:48:47 -0700
Superseded in squeeze-release on 2011-09-13
Superseded in sid-release on 2011-09-21
pam (1.0.1-7) unstable; urgency=low


  * 027_pam_limits_better_init_allow_explicit_root:
    - fix the patch so that our limit resets are actually *applied*, 
      which has apparently been broken for who knows how long!
    - shadow the finite kernel defaults for RLIMIT_SIGPENDING and
      RLIMIT_MSGQUEUE as well, so that the preceding change doesn't
      suddenly expose systems to DoS or other issues.
    - include documentation in the patch, giving examples of how to set 
      limits for root.  Thanks to Jonathan Marsden.
  * pam-auth-update: swap out known md5sums from intrepid pre-release 
    versions with the md5sums from the released intrepid version
  * pam-auth-update: set the umask, so we don't accidentally mark
    /etc/pam.d/common-* unreadable.  Thanks to Martin Krafft for catching.
    Closes: #518042.

 -- Steve Langasek <email address hidden>  Tue, 03 Mar 2009 17:18:42 -0800
Superseded in sid-release on 2011-09-21
pam (1.0.1-6) unstable; urgency=low


  * Updated debconf translations:
    - Vietnamese, thanks to Clytie Siddall <email address hidden>
  * New patch dont_freeze_password_chain, cherry-picked from upstream:
    don't always follow the same path through the password stack on
    the PAM_UPDATE_AUTHTOK pass as was used in the PAM_PRELIM_CHECK
    pass; this Linux-PAM deviation from the original PAM spec causes a
    number of problems, in particular causing wrong return values when
    using the refactored pam-auth-update stack.  LP: #303515, #305882.
  * debian/local/pam-auth-update (et al): new interface for managing
    /etc/pam.d/common-*, using drop-in config snippets provided by module
    packages.

 -- Steve Langasek <email address hidden>  Sat, 28 Feb 2009 13:36:57 -0800
Superseded in squeeze-release on 2011-09-13
Superseded in lenny-release on 2011-09-13
Superseded in sid-release on 2011-09-21
pam (1.0.1-5) unstable; urgency=low


  * Build-conflict with libxcrypt-dev, which otherwise pulls libxcrypt in as
    a dependency of libpam-modules if it's installed during the build.
    Thanks to Larry Doolittle for catching.
  * Don't refer to gnome-screensaver in the debconf template; it isn't
    actually affected by the libpam symbol issue because it forks a separate
    process to display the screensaver dialog.
  * Have libpam-modules Pre-Depend on ${misc:Depends}, so that we can
    warn users about needing to disable xscreensaver and xlockmore
    before libpam-modules is unpacked.  Closes: #502140, LP: #256238.
  * Updated debconf translations for the new template:
    - Italian, thanks to David Paleino <email address hidden>
    - Simplified Chinese, thanks to Deng Xiyue
      <email address hidden> (closes: #510371)
    - Portuguese, thanks to Américo Monteiro <email address hidden>
    - Swedish, thanks to Martin Bagge <email address hidden> (closes: #510379)
    - Japanese, thanks to Kenshi Muto <email address hidden> (closes: #510380)
    - Finnish, thanks to Esko Arajärvi <email address hidden> (closes: #510382)
    - Spanish, thanks to Javier Fernandez-Sanguino Peña <email address hidden>
      (closes: #510389)
    - Galician, thanks to Marce Villarino <email address hidden>
    - Slovak, thanks to helix84 <email address hidden> (closes: #510412)
    - Bulgarian, thanks to Damyan Ivanov <email address hidden>
    - Czech, thanks to Miroslav Kure <<email address hidden>
      (closes: #510608)
    - French, thanks to Steve Petruzzello <email address hidden>
    - German, thanks to Sven Joachim <email address hidden> (closes: #510617)  
    - Basque, thanks to Piarres Beobide <email address hidden>
      (closes: #510699)
    - Russian, thanks to Yuri Kozlov <email address hidden> (closes: #510701)
    - Turkish, thanks to Mert Dirik <email address hidden> (closes: #510707)

 -- Steve Langasek <email address hidden>  Tue, 06 Jan 2009 00:05:13 -0800
Superseded in sid-release on 2011-09-21
Superseded in lenny-release on 2011-09-13
pam (1.0.1-4) unstable; urgency=high


  * High-urgency upload for RC bugfix.

  [ Julien Cristau ]
  * pam_unix-chkpwd-wait: don't assume that the unix_chkpwd process exits
    normally; if it was killed by a signal, we don't want to accept the
    password.  Closes: #495879.

  [ Steve Langasek ]
  * 007_modules_pam_unix: update the manpage at the same time as the xml
    source (grr, autogenerated files in source packages).  Closes: #495804.
  * 055_pam_unix_nullok_secure: also don't call the helper at all from
    _unix_blankpasswd when we can detect that null passwords are disallowed,
    to avoid causing spammy logs on successful authentications.
    Closes: #496620.
  * debian/rules: call chgrp *before* calling chmod, lest the sgid bit
    on unix_chkpwd be cleared during the build when using -rsudo.
    Closes: #496983.

 -- Steve Langasek <email address hidden>  Thu, 28 Aug 2008 22:59:23 -0700
143 of 43 results