-
pam (1.3.1-5ubuntu4.7) focal-security; urgency=medium
* SECURITY UPDATE: pam_namespace local denial of service
- debian/patches-applied/CVE-2024-22365.patch: use O_DIRECTORY to
prevent local DoS situations in modules/pam_namespace/pam_namespace.c.
- CVE-2024-22365
-- Marc Deslauriers <email address hidden> Wed, 10 Jan 2024 08:55:08 -0500
-
pam (1.3.1-5ubuntu4.6) focal-security; urgency=medium
* SECURITY REGRESSION: fix CVE-2022-28321 patch location
- debian/patches-applied/CVE-2022-28321.patch: pam_access: handle
hostnames in access.conf
- CVE-2022-28321
-- Nishit Majithia <email address hidden> Thu, 02 Feb 2023 14:52:59 +0530
-
pam (1.3.1-5ubuntu4.4) focal-security; urgency=medium
* SECURITY UPDATE: authentication bypass vulnerability
- debian/patches/CVE-2022-28321.patch: pam_access: handle hostnames in
access.conf
- CVE-2022-28321
-- Nishit Majithia <email address hidden> Tue, 24 Jan 2023 17:15:43 +0530
-
pam (1.3.1-5ubuntu4.3) focal; urgency=medium
* Correctly document current VCS in debian/control.
* Drop patches to implement "nullok_secure" option for pam_unix.
Closes: #674857, #936071, LP: #1860826.
* debian/patches-applied/nullok_secure-compat.patch: Support
nullok_secure as a deprecated alias for nullok.
* debian/pam-configs/unix: use nullok, not nullok_secure.
* extrausers.patch: update for compatibility with the removal of
nullok_secure.
-- Steve Langasek <email address hidden> Thu, 16 Sep 2021 23:14:49 -0700
-
pam (1.3.1-5ubuntu4.2) focal; urgency=medium
* Backport pam_faillock module from pam 1.4.0 (LP: #1927796)
- debian/patches-applied/add_pam_faillock.patch: add module.
- debian/patches-applied/pam_faillock_create_directory: create dir
before creating file in modules/pam_faillock/faillock.c.
- debian/rules: set execute permissions on pam_faillock test.
- debian/libpam-modules-bin.install: install faillock binary and man
page.
-- Marc Deslauriers <email address hidden> Thu, 08 Apr 2021 07:06:27 -0400
-
pam (1.3.1-5ubuntu4.1) focal; urgency=medium
* debian/libpam-modules.postinst: Add /snap/bin to $PATH in
/etc/environment. (LP: #1659719)
-- Michael Hudson-Doyle <email address hidden> Wed, 22 Jul 2020 11:30:44 +1200
-
pam (1.3.1-5ubuntu4) focal; urgency=medium
* Return only PAM_IGNORE or error from pam_motd (LP: #1856703)
-- Balint Reczey <email address hidden> Tue, 17 Dec 2019 17:41:40 +0100
-
pam (1.3.1-5ubuntu3) focal; urgency=medium
* Fix patches to fix FTBFS
-- Balint Reczey <email address hidden> Thu, 05 Dec 2019 13:18:35 +0100
-
pam (1.3.1-5ubuntu2) focal; urgency=medium
* pam_motd: Export MOTD_SHOWN=pam after showing MOTD (LP: #1855092)
-- Balint Reczey <email address hidden> Wed, 04 Dec 2019 12:23:57 +0100
-
pam (1.3.1-5ubuntu1) disco; urgency=medium
* Merge from Debian unstable, remaining changes:
- debian/control: have libpam-modules recommend update-motd package
- debian/libpam-modules.postinst: Add PATH to /etc/environment if it's
not present there or in /etc/security/pam_env.conf. (should send to
Debian).
- debian/libpam0g.postinst: only ask questions during update-manager when
there are non-default services running.
- debian/libpam0g.postinst: check if gdm is actually running before
trying to reload it.
- debian/libpam0g.postinst: the init script for 'samba' is now named
'smbd' in Ubuntu, so fix the restart handling.
- don't notify about xdm restarts during a release-upgrade
- debian/patches-applied/ubuntu-rlimit_nice_correction: Explicitly
initialise RLIMIT_NICE rather than relying on the kernel limits.
- debian/patches-applied/pam_umask_usergroups_from_login.defs.patch:
Deprecate pam_unix's explicit "usergroups" option and instead read it
from /etc/login.def's "USERGROUP_ENAB" option if umask is only defined
there. This restores compatibility with the pre-PAM behaviour of login.
- debian/patches-applied/pam_motd-legal-notice: display the contents of
/etc/legal once, then set a flag in the user's homedir to prevent
showing it again.
- debian/update-motd.5, debian/libpam-modules.manpages: add a manpage
for update-motd, with some best practices and notes of explanation.
- debian/patches/update-motd-manpage-ref: add a reference in pam_motd(8)
to update-motd(5)
- debian/local/common-session{,-noninteractive}: Enable pam_umask by
default, now that the umask setting is gone from /etc/profile.
- debian/local/pam-auth-update: Add the new md5sums for pam_umask addition.
- debian/patches-applied/extrausers.patch: Add a pam_extrausers module
that is basically just a copy of pam_unix but looks at
/var/lib/extrausers/{group,passwd,shadow} instead of /etc/
- debian/libpam-modules-bin.install: install the helper binaries for
pam_extrausers to /sbin
- debian/rules: Make pam_extrausers_chkpwd sguid shadow
- Add lintian override for pam_extrausers_chkpwd
pam (1.3.1-5) unstable; urgency=medium
* xdm restart check was inverted in the prior upload; turn it the right
way around
* Correctly display the notification when a manual DM restart is needed.
-- Steve Langasek <email address hidden> Wed, 13 Feb 2019 23:16:59 -0800
