-
pam (1.5.3-7) unstable; urgency=medium
* Correct Build depends for docbook5, Closes: #1065064
* Regenerate patches to capture date change in pam_getitem.3
* Depend on libdb-dev again, bringing back pam_userdb, Closes: #1065088
* Document pam_umask change, Closes: #1065806
-- Sam Hartman <email address hidden> Mon, 08 Apr 2024 16:35:07 -0600
-
pam (1.5.3-6) unstable; urgency=medium
[ Dan Bungert ]
* Fix FTBFS when built with -Werror=implicit-function-declaration
-- Steve Langasek <email address hidden> Thu, 29 Feb 2024 12:56:32 -0800
-
pam (1.5.3-5) unstable; urgency=medium
* Revert renaming libpam0g to libpam0t64 for time_t transition: apt
sometimes removes libpam0g rather than simply letting libpam0t64
replace libpam0g (and deconfiguring libpam0g), leaving a system where
essential packages are broken, Closes: #1065017
* Since libpam0t64 is going away, we do not need dpkg-diversions for it.
* As a consequence libpam_misc has an ABI break without a package name
change. We believe nothing in the archive depends on this ABI, and at
least until we come up with a better solution this is the least bad option.
* For now remove libdb-dev so that libdb-dev can undergo time_t
transition. That means this version of pam does not include
pam_userdb, which makes pam unsuitable for release.
* Replace/break libpam0t64
-- Sam Hartman <email address hidden> Thu, 29 Feb 2024 09:46:54 -0700
-
pam (1.5.3-4) unstable; urgency=medium
* Upload to unstable
* Revert 1.5.2-9.1 changes to debian/rules now that we use
debian/patches properly.
-- Sam Hartman <email address hidden> Tue, 27 Feb 2024 21:30:52 -0700
-
pam (1.5.2-9.1) unstable; urgency=medium
* Non-maintainer upload acked by Sam Hartman.
* Really fix quilt-related FTBFS: (Closes: #1054505)
pam is a 3.0 (quilt) source package and has a .pc directory after unpack
despite having no debian/patches. Even when setting QUILT_PATCH_DIR or
QUILT_PATCHES, quilt is now mislead to using the non-existent
debian/patches and this makes dh_quilt_unpatch fail, so we delete that
directory unless it corresponds to the real debian/patches-applied that we
want to be used.
-- Helmut Grohne <email address hidden> Tue, 24 Oct 2023 19:38:53 +0200
-
pam (1.5.2-8) unstable; urgency=medium
* Fix FTBFS: s/QUILT_PATCHES_DIR/QUILT_PATCHES/. (Closes: #1054228)
-- Helmut Grohne <email address hidden> Thu, 19 Oct 2023 16:24:44 +0200
-
pam (1.5.2-7) unstable; urgency=medium
[ Steve Langasek ]
* Drop reference to stale package version in libpam-modules.postinst;
thanks, Gioele Barabucci <email address hidden>.
[ Sam Hartman ]
* Fix pam-auth-update --disable logic error, Closes: #1039873
* Set myself as maintainer; thanks Steve for past and future work.
* Fix watch file, thanks Daniel Lewart, Closes: #1040310
* Install upstream NEWS file as main upstream changelog; detailed
CHANGELOG only in libpam-doc, Closes: #1040315
* Updated Turkish Debconf translations, Thanks Atila KOÇ, Closes: #1029002
-- Sam Hartman <email address hidden> Wed, 16 Aug 2023 17:22:53 -0600
-
pam (1.5.2-6) unstable; urgency=medium
* Update debian/copyright, Thanks Bastian Germann, Closes: #460232
* When pam-auth-update is called with --root, use
/usr/share/pam-configs from the root not from the host system, Thanks
Johannes Schauer Marin Rodrigues, Closes: #1022952
* Build-depend on libcrypt-dev, Closes: #1024645
* Add pam-auth-udpate --disable, Closes: #1004000
* Add autopkgtests
-- Sam Hartman <email address hidden> Tue, 03 Jan 2023 13:15:23 -0700
-
pam (1.5.2-5) unstable; urgency=medium
* pam_namespace_helper manpage *wasn't* missing, it was just being
wrongly shipped in libpam-modules instead - so complete the moving
of the manpage to the libpam-modules-bin where it belongs with the
binary. Really Closes: #1021336.
-- Steve Langasek <email address hidden> Thu, 06 Oct 2022 18:56:06 +0000
-
pam (1.5.2-3) unstable; urgency=medium
* Add missing manpages for pam_namespace which for some reason don't get
installed by the upstream rules
* Drop obsolete upgrade code from maintainer scripts which is no longer
used
* Drop manual multiarch file handling in favor of dh-exec.
* No special-case needed for pam_modutil_sanitize_helper_fds in symbols
file, it's covered by the existing globs.
* debian/local/Debian-PAM-MiniPolicy: drop references to ancient
package versions. Thanks, Marc Haber.
* Support DPKG_ROOT in the postinst scripts. Closes: #993161.
Thanks, Johannes Schauer Marin Rodrigues.
* Further proof libpam-runtime postinst for DPKG_ROOT just in case.
-- Steve Langasek <email address hidden> Thu, 06 Oct 2022 04:05:02 +0000
-
pam (1.5.2-2) unstable; urgency=medium
* Pass --with-systemdunitdir=/usr/lib/systemd/system for consistent
builds whether we are or aren't building in an environment with systemd
present.
* Install the pam_namespace.service unit in the libpam-modules-bin
package.
-- Steve Langasek <email address hidden> Thu, 18 Aug 2022 16:47:57 +0000
-
pam (1.5.2-1) unstable; urgency=medium
* New upstream release.
- fixes compatibility with libpam-systemd. Closes: #1017467.
- fixes bashisms in configure.ac. Closes: #998361.
* Refresh patches.
* Drop patches included or obsoleted upstream:
- debian/patches-applied/pam_unix_fix_sgid_shadow_auth.patch
- debian/patches-applied/pam_unix_initialize_daysleft
- debian/patches-applied/pam_faillock_create_directory
- debian/patches-applied/pam_unix_avoid_checksalt
- debian/patches-applied/pam_env-allow-environment-files-without-EOL-at-EOF.patch
* Drop libpam-cracklib which has been obsoleted upstream.
* Add pkgconfig .pc files to libpam0g-dev. Closes: #1012688.
* Update .symbols file.
* Updated Romanian debconf translation, thanks Andrei Popescu, Closes:
#986416
* Drop versioning of quilt build-dependency to quiet lintian, since the
version is satisfied by oldoldoldstable.
* Drop unused build-build-dependency on bzip2.
* Adjust lintian overrides for latest lintian syntax.
* Update Standards-Version.
* Bump debhelper compat to 13.
* debian/not-installed: document upstream files that aren't used.
* Override incorrect lintian warning about use of dpkg database.
* Override lintian warning for PAM module manpages being in section 8
* Override lintian warning for unused debconf templates
* Install additional upstream manpages: faillock(8), environment(5),
pwhistory_helper(8)
* Install additional helpers in libpam-modules-bin: pam_namespace_helper,
pwhistory_helper
* Fix wrong syntax in symbols file
-- Steve Langasek <email address hidden> Thu, 18 Aug 2022 07:27:16 +0000
-
pam (1.4.0-13) unstable; urgency=medium
* Don't build with NIS support. This is only used for password changes on
NIS systems, and is pulling a large dependency chain into the Essential
package set which is not justifiable.
-- Steve Langasek <email address hidden> Mon, 25 Apr 2022 16:12:04 -0700
-
pam (1.4.0-12) unstable; urgency=medium
* Don't build with NIS support. This is only used for password changes on
NIS systems, and is pulling a large dependency chain into the Essential
package set which is not justifiable.
-- Steve Langasek <email address hidden> Mon, 25 Apr 2022 11:33:27 -0700
-
pam (1.4.0-11) unstable; urgency=medium
* Whitespace fixes in debconf templates.
[ Sergio Durigan Junior ]
* d/p/pam_env-allow-environment-files-without-EOL-at-EOF.patch:
Allow /etc/environment files without EOL at EOF. In other words,
allow files without a newline at the end. (LP: #1953201)
-- Steve Langasek <email address hidden> Mon, 06 Dec 2021 11:11:31 -0800
-
pam (1.4.0-10) unstable; urgency=medium
* Fix syntax error in libpam0g.postinst when a systemd unit fails,
Closes: #992538
* Include upstream patch not to use crypt_checksalt; without this
passwords set prior to bullseye were considered expired, Closes:
#992848
* Support DPKG_ROOT for pam-auth-update, thanks Johannes 'josch' Schauer
Closes: #983427
-- Sam Hartman <email address hidden> Thu, 26 Aug 2021 13:43:23 -0600
-
pam (1.4.0-9) unstable; urgency=medium
* Revert prefer the multiarch path from 1.4.0-8: It turns out that
Debian uses DEFAULT_MODULE_PATH and _PAM_ISA in the opposite meaning
of upstream. If I had read the patch header of
patches-applied/lib_security_multiarch_compat more closely I would
have noticed this. The effect of 1.4.0-9 is what is stated in the
1.4.0-8 changelog: we prefer multiarch paths, but the original patch
did that.
* I did test this in 1.4.0-8, but my test design was flawed. I placed a
invalid shared object in /lib/security and confirmed it did not shadow
an object in /lib/x86_64-linux-gnu/security. However I realized
shortly after releasing 1.4.0-8 that a valid shared object in
/lib/security will shadow one in the multiarch path.
-- Sam Hartman <email address hidden> Fri, 09 Jul 2021 10:55:02 -0600
-
pam (1.4.0-7) unstable; urgency=medium
* Updated portuguese debconf translation, thanks Pedro Ribeiro, Closes:
#983594
* Updated Simplified Chinese Translations, thanks Boyuan Yang
* Updated Bulgarian Translation, Thanks Damyan Ivanov
* Updated translation from the Slovak team, thanks Ladislav Michnovič,
Closes: #984891
* Updated Catalan translation, thanks Alex Muntada, Closes: #984568
* Updated Brazilian Portuguese translation, Thanks Adriano Rafael Gomes,
Closes: #984656
* French Debconf translations, thanks Jean-Pierre Giraud , Closes:
#984910
* Updated russian Debconf translations, thanks Алексей Шилин, Closes:
#984878
* Updated Dutch debconf templates, Thanks Frans Spiesschaert, Closes:
#984823
* Updated German Debconf translations, Thanks Sven Joachim
* Code review fixes for the fix to #982295, thanks Mark Hindley
- Actually set service to $1 rather than happening to use a variable
of the same name in enclosing scope
- Remove dead code setting idl when not used
* Code review fixes to the fix for #982530, thanks Martin Schurz
- Include '-' in the file matching regexp so we search
/etc/pam.d/common-* for uses of pam_tally. The profile check will
catch this unless the user has overwridden the configuration
- Fix capitalization of pam_Tally in debconf description
-- Sam Hartman <email address hidden> Mon, 15 Mar 2021 15:01:55 -0400
-
pam (1.4.0-6) unstable; urgency=medium
* Clearly it's been too long since I've done debconf; run
debconf-updatepo so the translations will show up as needing
translating.
-- Sam Hartman <email address hidden> Fri, 26 Feb 2021 10:48:23 -0500
-
pam (1.4.0-5) unstable; urgency=low
* Remove profiles containing pam_tally or pam_tally2 since we no longer
build them.
* Also, fail to permit profiles to be selected that include pam_tally
once the new pam-auth-update is installed
* Check for any user-added references to pam_tally and halt the upgrade,
Closes: #982530
* Handle services with systemd units but no init scripts, Closes: #982295
* Register md5sum for new common-password template, Closes: #982898
* After reading pam-auth-update source, I agree with Lucas Nussbaum
that common-session is intended only for interactive sessions.
Otherwise pam-auth-update should not duplicate module configurations
between common-session-noninteractive and common-session, so update
the documentation, Closes: #982297
-- Sam Hartman <email address hidden> Thu, 25 Feb 2021 15:48:22 -0500
-
pam (1.4.0-4) unstable; urgency=medium
* Document in README.source how to avoid multi-arch problems with documentation, Closes: #851650
* Update header to common-password talking about sha512
* The fix for #977648 incorrectly assumed how prerm scripts are called; update.
-- Sam Hartman <email address hidden> Wed, 03 Feb 2021 12:35:12 -0500
-
pam (1.4.0-3) unstable; urgency=medium
[ Josh Triplett ]
* libpam-runtime.postrm: Remove session-noninteractive files on purge,
Closes: #978601
[ Sam Hartman ]
* patches-applied/pam_mkhomedir_stat_before_opendir: Stat the skeleton
directory before opendir, Closes: #834589
* libpam-modules.install: Install pam_faillock binaries, Closes: #981092
* debian/patches-applied/pam_unix_initialize_daysleft : Initialize days before password expire, Closes: #980285
* pam-configs/unix: Default to yescript rather than sha512. From a theoretical security standpoint, it looks like yescript has similar security properties, assuming (as we typically do in the crypto protocol community) that sha256 is still reasonable. However, in terms of practical resistant to password cracking, particularly in terms of valuing space complexity as well as time complexity, yescript is superior, Closes: #978553
* No infinite loop on purge of libpam-runtime, Closes: #977648
* patches-applied/pam_faillock_create_directory: create /run/faillock when needed.
-- Sam Hartman <email address hidden> Mon, 01 Feb 2021 15:27:08 -0500
-
pam (1.4.0-2) unstable; urgency=medium
* Restart services on upgrade to 1.4.0. Closes: #978555.
-- Steve Langasek <email address hidden> Mon, 28 Dec 2020 19:20:38 -0800
-
pam (1.4.0-1) unstable; urgency=medium
* New upstream release. Closes: #948188.
- Stop using obsoleted selinux headers. Closes: #956355.
- Continue building pam_cracklib, which is deprecated upstream;
the replacement, pam_passwdqc, is packaged separately.
- Update symbols file for new symbols.
- Refresh lintian overrides for changes to available pam modules.
* Drop patches to implement "nullok_secure" option for pam_unix.
Closes: #674857, #936071, LP: #1860826.
* debian/patches-applied/cve-2010-4708.patch: drop, applied upstream.
* debian/patches-applied/nullok_secure-compat.patch: Support
nullok_secure as a deprecated alias for nullok.
* debian/pam-configs/unix: use nullok, not nullok_secure.
* Drop pam_tally and pam_tally2 modules, which have been deprecated
upstream in favor of pam_faillock. Closes: #569746, LP: #772121.
* Add hardening+=bindnow to build options, per lintian.
-- Steve Langasek <email address hidden> Mon, 28 Dec 2020 06:05:13 +0000
-
pam (1.3.1-5) unstable; urgency=medium
* xdm restart check was inverted in the prior upload; turn it the right
way around
* Correctly display the notification when a manual DM restart is needed.
-- Steve Langasek <email address hidden> Thu, 14 Feb 2019 07:08:47 +0000
-
pam (1.3.1-4) unstable; urgency=medium
* Fix the name of the samba services to be restarted on upgrade.
-- Steve Langasek <email address hidden> Wed, 13 Feb 2019 23:39:03 +0000
-
pam (1.3.1-2) unstable; urgency=medium
* Bump the version check for service restarts to 1.3.1-2.
Closes: #922178.
* Drop hard-coded pre-dep on libpam0g, now superseded by shlibdeps.
-- Steve Langasek <email address hidden> Tue, 12 Feb 2019 23:52:04 +0000
-
pam (1.3.1-1) unstable; urgency=medium
* New upstream release. Closes: #821408.
- Don't try to close an excessive number of fds when we have a high
ulimit. Closes: #890524.
- Clarify pam_access docs regarding handling of daemons and X sessions.
Closes: #762110.
- Fix handling of rhost and tty fields in pam_succeed_if.
Closes: #889910.
- Fix wrong documentation of pam_umask module behavior.
Closes: #825782.
* Refresh patches.
* Drop patches included or obsoleted upstream:
- debian/patches-applied/README-rebuild
- debian/patches-applied/pam-loginuid-in-containers
- debian/patches-applied/cve-2013-7041.patch
- debian/patches-applied/cve-2014-2583.patch
- debian/patches-applied/cve-2015-3238.patch
- debian/patches-applied/pam_namespace_fix_bashism.patch
* Drop unused lintian overrides.
* Fix lintian warnings; thanks to Andreas Henriksson <email address hidden>
and Florian Vessaz <email address hidden>
* Switch source package to 3.0 (quilt) to consume upstream .tar.xz.
* Update debian/watch.
[ Andreas Henriksson ]
* Update debian/libpam0g.symbols
* debian/patches-applied/fix-autoreconf.patch: Do not override user
variables in Makefile.am
-- Steve Langasek <email address hidden> Tue, 12 Feb 2019 07:38:11 +0000
-
pam (1.1.8-4) unstable; urgency=medium
* Acknowledge various NMUs; thanks to the various folks who have helped
keep this package in good condition.
* debian/control: update VCS headers to point to git (temporarily under
my personal salsa namespace, until I get around to restoring team
setup).
* Actually remove Roger Leigh from uploaders (change not included in
previous upload). Thanks Roger for your contributions to Debian!
* Use DEB_BUILD_PROFILES instead of the obsolete DEB_BUILD_PROFILE.
Closes: #907492.
* Don't include changes to autogenerated files in patches.
* Use LC_ALL=C.UTF-8, not LC_ALL=C, when generating documentation.
* Consistently include documentation changes in patches, for clean source
package.
* debian/patches-applied/README-rebuild: rebuild README files with
current docs toolchain.
-- Steve Langasek <email address hidden> Wed, 09 Jan 2019 00:29:55 +0000
-
pam (1.1.8-3.8) unstable; urgency=medium
* Non-maintainer upload.
* Set Rules-Requires-Root to binary-targets as pam relies on
chgrp in debian/rules.
* Update pam-auth-update to detect write errors and properly
fail when that happens. (Closes: #880501)
* Remove Roger Leigh from uploaders as he has restired from
Debian. (Closes: #869348)
* Reduce priority of libpam0g to optional.
* Rebuild with a recent version of dpkg-source, which ensures
that the Build-Depends are correct in the .dsc file.
(Closes: #890602)
* Apply patch from Felix Lechner to make pam-auth-update ignore
editor backup files. (Closes: #519361)
* Apply update to Brazilian Portuguese translations of the
debconf templates. Thanks to Adriano Rafael Gomes.
(Closes: #799417)
-- Niels Thykier <email address hidden> Sat, 11 Aug 2018 15:31:24 +0000
-
pam (1.1.8-3.7) unstable; urgency=medium
* Non-maintainer upload.
* libpam-modules: Added a config for pam_mkhomedir, disabled by default.
(Closes: #568577)
* pam-auth-update: Add support for --enable option which is useful for
enabling non-default configs without prompting the admin. (LP: #1192719)
-- Timo Aaltonen <email address hidden> Fri, 02 Feb 2018 16:57:43 +0200
-
pam (1.1.8-3.6) unstable; urgency=medium
* Non-maintainer upload.
* cve-2015-3238.patch: Add the changes in the generated pam_exec.8
and pam_unix.8 in addition to (and after) the changes to the
source .xml files. This avoids unwanted rebuilds that can cause
problems due to differing files on different architectures of
the Multi-Arch: same libpam-modules. (Closes: #851545)
-- Adrian Bunk <email address hidden> Sat, 27 May 2017 18:44:02 +0300
-
pam (1.1.8-3.5) unstable; urgency=medium
* Non-maintainer upload.
* Build-Depend on libfl-dev:native as well, for cross builds.
Re-closes: #846459
* Fix "Unescaped left brace in regex" with Perl 5.22. Closes: #810873
-- Adam Borowski <email address hidden> Fri, 30 Dec 2016 14:37:29 +0100
-
pam (1.1.8-3.4) unstable; urgency=medium
* Non-maintainer upload.
* Add libfl-dev to Build-Depends, fixing FTBFS. Closes: #846459
* Move xsl stuff to Build-Depends from -Indep to fix misbuilt manpages.
Closes: #812566
-- Adam Borowski <email address hidden> Sun, 18 Dec 2016 01:03:58 +0100
-
pam (1.1.8-3.3) unstable; urgency=low
* Non-maintainer upload.
[ Steve Langasek ]
* Updated Swedish translation to correct a typo, thanks to Anders Jonsson
and Martin Bagge. Closes: #743875
* Updated Turkish translation, thanks to Mert Dirik <email address hidden>.
(closes: #756756)
* d/applied-patches/pam-limits-nofile-fd-setsize-cap: cap the default
soft nofile limit read from pid 1 to FD_SETSIZE. Thanks to Robie Basak
<email address hidden> for the patch. Closes: #783105.
* Acknowledge security NMU.
* pam-auth-update: don't mishandle trailing whitespace in profiles.
LP: #1487103.
[ Laurent Bigonville ]
* debian/control: Fix Vcs-* and Homepage fields (Closes: #752343)
* debian/watch: Update watch file and point it to http://www.linux-pam.org
* debian/patches-applied/pam_namespace_fix_bashism.patch: Fix bashism in
namespace.init script (Closes: #624842)
* debian/control: Build-depends against debhelper (>= 9) to match the
defined debhelper compatibility
* Rename the cve-2011-4708.patch to cve-2010-4708.patch to match reality,
thanks to Jakub Wilk <email address hidden> for noticing (Closes: #761594)
* debian/control: Bump Standards-Version to 3.9.8 (no further changes)
* debian/libpam-doc.doc-base.applications-guide: Fix spelling
* debian/libpam0g-dev.examples: Do not use shell brace expansion
* debian/patches-applied/pam-loginuid-in-containers: Updated with the version
from Ubuntu, this should fix logins in containers (Closes: #726661)
* debian/patches-applied/update-motd: Updated with the version from Ubuntu:
use /run/motd.dynamic instead of /var/run/motd, nothing in the archive
uses the later (Closes: #743286)
* debian/patches-applied/make_documentation_reproducible.patch: Make the
build reproducible, removes differences when building with different
locale values (Closes: #792127)
-- Laurent Bigonville <email address hidden> Wed, 18 May 2016 02:04:29 +0200
-
pam (1.1.8-3.2) unstable; urgency=medium
* Non-maintainer upload.
* Fix CVE-2015-3238: DoS/user enumeration due to blocking pipe in pam_unix
module (Closes: #789986)
-- Tianon Gravi <email address hidden> Wed, 06 Jan 2016 15:53:31 -0800
-
pam (1.1.8-3.1) unstable; urgency=high
* Non-maintainer upload by the Security Team.
* Fix CVE-2013-7041: case-insensitive comparison used for verifying
passwords in the pam_userdb module (closes: #731368).
* Fix CVE-2014-2583: multiple directory traversal issues in the
pam_timestamp module (closes: 757555)
-- Michael Gilbert <email address hidden> Sat, 09 Aug 2014 09:50:42 +0000
-
pam (1.1.8-3) unstable; urgency=low
* debian/rules: On hurd, link libpam explicitly with -lpthread since glibc
will not dynamically switch between the libc stubs and the libpthread
implementations on this architecture. Thanks to Samuel Thibault for the
patch. Closes: #743891.
-- Steve Langasek <email address hidden> Mon, 07 Apr 2014 17:49:38 -0700
-
pam (1.1.8-2) unstable; urgency=medium
* Mark the libaudit-dev build-dependency linux-any, since it's not
available on non-Linux archs. Closes: #737035.
-- Steve Langasek <email address hidden> Thu, 13 Feb 2014 15:02:00 -0800
-
pam (1.1.8-1) unstable; urgency=medium
* New upstream release.
- includes upstream changes to pam_exec. Closes: #670147.
- adds support for newer hashing algorithms to pam_userdb.
Closes: #671740.
- fixes handling of 'quiet' argument to pam_listfile, to match the
documentation. Closes: #592219.
- fixes handling of @users@@hosts netgroup syntax in access.conf.
Closes: #681223.
- fixes installation of the /etc/security/namespace.d directory.
Closes: #710998.
- 027_pam_limits_better_init_allow_explicit_root: support for reading
/proc/1/limits is upstream, this patch now only handles the policy
of resetting limits by default and not applying glob limits to root.
- debian/patches/fix-manpage-crud: drop, manpages now being generated
upstream with a newer, fixed xsltproc.
- debian/patches/pam_env-fix-overflow.patch, pam_env-fix-dos.patch,
glibc-2_16-compilation-fix.patch, sys-types-include.patch: drop,
included upstream.
* Add build-dependency on pkg-config.
* Ensure autogenerated files are after source files in all relevant patches,
so that regenerating documentation doesn't cause build skew.
* Drop the --disable-regenerate-docu argument, restoring the HTML manuals
to the libpam-doc package. Closes: #700485.
* No need to override dh_compress in debian/rules, it already handles .html
files correctly.
* debian/libpam-cracklib.prerm: use $DPKG_MAINTSCRIPT_PACKAGE_COUNT to avoid
prematurely removing the PAM config when the package is installed for
multiple architectures. Closes: #647428.
-- Steve Langasek <email address hidden> Thu, 16 Jan 2014 00:38:42 +0000
-
pam (1.1.3-11) unstable; urgency=low
[ Wookey ]
* Disable libaudit for stage1 bootstrap.
[ Steve Langasek ]
* debian/patches-applied/pam-loginuid-in-containers: pam_loginuid:
Ignore failure in user namespaces.
* Use [linux-any] in build-deps, instead of hard-coding a list of
non-Linux archs. Closes: #634516.
-- Steve Langasek <email address hidden> Tue, 14 Jan 2014 03:33:31 +0000
-
pam (1.1.3-10) unstable; urgency=low
* Fix pam-auth-update handling of trailing blank lines in the fields of
profiles. LP: #1160288.
* Reintroduce libaudit support now that libaudit has been multiarched.
Closes: #699159.
-- Steve Langasek <email address hidden> Sun, 20 Oct 2013 15:30:46 -0700
-
pam (1.1.3-9) unstable; urgency=low
* Revert libaudit support for now, because libaudit isn't multiarched yet
in unstable so this regresses cross-installability. Reopens bug
#699159.
* Add an or'ed dependency on cdebconf, which also implements the
xloadtemplatefile extension that prevents us from depending on just
'debconf-2.0'. Thanks to Régis Boudin <email address hidden> for the info.
Closes: #677278.
-- Steve Langasek <email address hidden> Tue, 12 Feb 2013 23:06:30 +0000
-
pam (1.1.3-8) unstable; urgency=low
* Confirm NMU for bug #611136; thanks to Michael Gilbert.
- As a side effect, there will no longer be errors from reading the
.pam_environment twice since we are now reading it 0 times.
LP: #955032.
* Adjust the pam_env documentation to match the module behavior resulting
from the previous security upload. Closes: #693995.
* debian/rules: never regenerate manpages at build time; this may cause
build skew that breaks the world in a multiarch context. LP: #1095887.
* debian/patches-applied/glibc-2_16-compilation-fix.patch: fix missing
include causing build failure with eglibc 2.16. Thanks to Daniel
Schepler <email address hidden>. Closes: #693450.
* Ditch autoconf patch in favor of a build-dependency on dh-autoreconf,
which will let us keep up-to-date with newer autotools. In the present
instance, this gets us aarch64 support.
* Install pam_timestamp_check - and while we're at it, move the manpage
to the correct binary package. Closes: #648695.
* Update lintian overrides to suppress some noise about hardening and
manpages.
* Enable audit support, by popular demand. This should have no major
impact unless you're also running auditd; but I reserve the right to
disable this again in the event that this causes a performance hit or
breaks upgrades (since the dependency is pulled into libpam, not just
into pam_tty_audit). Closes: #699159, LP: #937005.
-- Steve Langasek <email address hidden> Tue, 12 Feb 2013 05:36:29 +0000
-
pam (1.1.3-7.1) unstable; urgency=low
* Non-maintainer upload.
* Fix cve-2011-4708: user-configurable .pam_environment allows
administrator-level changes without root access (closes: #611136).
-- Michael Gilbert <email address hidden> Sun, 29 Apr 2012 02:23:26 -0400
-
pam (1.1.3-7) unstable; urgency=low
* Updated debconf translations:
- Danish, thanks to Joe Dalton <email address hidden> (closes: #648382)
- French, thanks to Jean-Baka Domelevo Entfellner <email address hidden>
(closes: #649850)
- Dutch, thanks to Jeroen Schot <email address hidden>
(closes: #650755)
- Russian, thanks to Yuri Kozlov <email address hidden> (closes: #650867)
- Portuguese, thanks to Pedro Ribeiro <email address hidden>
(closes: #652493)
- German, thanks to Sven Joachim <email address hidden> (closes: #653407)
- Spanish, thanks to Javier Fernandez-Sanguino Peña <email address hidden>
(closes: #654043)
- Bulgarian, thanks to Damyan Ivanov <email address hidden> (closes: #656518)
- Slovak, thanks to Ivan Masár <email address hidden> (closes: #656521)
- Japanese, thanks to Kenshi Muto <email address hidden> (closes: #656834)
- Polish, thanks to Michał Kułach <email address hidden>
(closes: #657476)
- Catalan, thanks to Innocent De Marchi <email address hidden>
(closes: #657489)
- Czech, thanks to Miroslav Kure <email address hidden>
(closes: #657578)
- Swedish, thanks to Martin Bagge <email address hidden> (closes: #651349)
-- Steve Langasek <email address hidden> Sat, 28 Jan 2012 10:57:49 -0800
-
pam (1.1.3-6) unstable; urgency=low
* debian/patches-applied/hurd_no_setfsuid: we don't want to check all
setre*id() calls; we know that there are situations where some of these
may fail but we don't care. As long as the last setre*id() call in each
set succeeds, that's the state we mean to be in.
* debian/libpam0g.postinst: according to Kubuntu developers, kdm no longer
keeps libpam loaded persistently at runtime, so it's not necessary to
force a kdm restart on ABI bump. Which is good, since restarting kdm
now seems to also log users out of running sessions, which we rather
want to avoid. Closes: #632673, LP: #744944.
* debian/patches-applied/update-motd: set a sane umask before calling
run-parts, and restore the old mask afterwards, so /run/motd gets
consistent permissions. LP: #871943.
* debian/patches-applied/update-motd: new module option for pam_motd,
'noupdate', which suppresses the call to run-parts /etc/update-motd.d.
LP: #805423.
* debian/libpam0g.templates, debian/libpam0g.postinst: add a new question,
libraries/restart-without-asking, that allows admins to accept the
service restarts once for all so that they don't have to repeatedly
say "ok". LP: #745004.
* debian/libpam-runtime.templates, debian/local/pam-auth-update: add a
new 'title' template, so pam-auth-update doesn't give a blank title
when called outside of a maintainer script. LP: #882794.
-- Steve Langasek <email address hidden> Sun, 06 Nov 2011 19:43:14 -0800
-
pam (1.1.3-5) unstable; urgency=low
[ Kees Cook ]
* debian/patches-applied/pam_unix_dont_trust_chkpwd_caller.patch: use
setresgid() to wipe out saved-gid just in case.
* debian/patches-applied/008_modules_pam_limits_chroot:
- fix off-by-one when parsing configuration file.
- when using chroot, chdir() to root to lose links to old tree.
* debian/patches-applied/022_pam_unix_group_time_miscfixes,
debian/patches-applied/026_pam_unix_passwd_unknown_user,
debian/patches-applied/054_pam_security_abstract_securetty_handling:
improve descriptions.
* debian/patches-applied/{007_modules_pam_unix,055_pam_unix_nullok_secure}:
drop unneeded no-op change to reduce delta from upstream.
* debian/patches-applied/hurd_no_setfsuid: check all set*id() calls.
* debian/patches-applied/update-motd: correctly clear environment when
building motd.
* debian/patches-applied/pam_env-fix-overflow.patch: fix stack overflow
in environment file parsing (CVE-2011-3148).
* debian/patches-applied/pam_env-fix-dos.patch: fix DoS in environment
file parsing (CVE-2011-3149).
-- Steve Langasek <email address hidden> Thu, 27 Oct 2011 21:33:57 -0700
-
pam (1.1.3-4) unstable; urgency=low
* Make sure shared library links are also installed to the multiarch
directory, not just the .a files; otherwise the static libs get found
first by the linker. Thanks to Russ Allbery for catching this.
Closes: #642952.
-- Steve Langasek <email address hidden> Sun, 25 Sep 2011 22:33:55 +0000
-
pam (1.1.3-3) unstable; urgency=low
* Look for /etc/init.d/postgresql, not /etc/init.d/postgresql-8.{2,3},
for service restarts; the latter are obsolete since squeeze.
Closes: #631511.
* Move debian/libpam0g-dev.install to debian/libpam0g-dev.install.in
and substitute the multiarch path at build time, so our .a files go to
the multiarch dir instead of to /usr/lib. Thanks to Riku Voipio for
pointing out the bug.
* debian/control: adjust the package descriptions, as the current ones
use some awkward language that's gone unnoticed for a long time. Thanks
to Martin Eberhard Schauer <email address hidden> for pointing this
out. Closes: #633863.
* Build-depend on debhelper 8.9.4 and bump debian/compat to 9 for
dpkg-buildflags integration, and drop manual setting of -g -O options in
CFLAGS now that we can let dh do it for us
* Don't set --sbindir when calling configure; upstream takes care of this
for us
-- Steve Langasek <email address hidden> Sat, 24 Sep 2011 20:08:56 +0000
-
pam (1.1.3-2) unstable; urgency=low
[ Kees Cook ] * debian/patches-applied/027_pam_limits_better_init_allow_explicit_root: - only report about unknown kernel rlimits when "debug" is set (Closes: 625226, LP: #794531). [ Steve Langasek ] * Build for multiarch. Closes: #463420. * debian/patches-applied/027_pam_limits_better_init_allow_explicit_root: don't reset the process niceness for root; since it's root, they can still renice to a lower nice level if they need to and changing the nice level by default is unexpected behavior. Closes: #594377. -- Steve Langasek <email address hidden> Tue, 21 Jun 2011 11:41:12 -0700
-
pam (1.1.3-1) unstable; urgency=low
* New upstream release. - Fixes CVE-2010-3853, executing namespace.init with an insecure environment set by the caller. Closes: #608273. - Fixes CVE-2010-3316 CVE-2010-3430 CVE-2010-3431 CVE-2010-3435. Closes: #599832. * Port hurd_no_setfsuid patch to new pam_modutil_{drop,restore}_priv interface; now possibly upstreamable * debian/patches-applied/027_pam_limits_better_init_allow_explicit_root: set a better default RLIMIT_MEMLOCK value for BSD kernels. Thanks to Petr Salinger for the fix. Closes: #602902. * bump the minimum version check in maintainer scripts for the restart handling. -- Steve Langasek <email address hidden> Sat, 04 Jun 2011 03:10:50 -0700
-
pam (1.1.2-3) unstable; urgency=low
[ Kees Cook ] * 027_pam_limits_better_init_allow_explicit_root: load rlimit defaults from the kernel (via /proc/1/limits), instead of continuing to hardcode the settings internally. Fall back to internal defaults when the kernel rlimits are not found. Closes: #620302. (LP: #746655, #391761) * Updated debconf translations: - Vietnamese, thanks to Clytie Siddall <email address hidden> (closes: #601197) - Dutch, thanks to Eric Spreen <email address hidden> (closes: #605592) - Danish, thanks to Joe Dalton <email address hidden> (closes: #606739) - Catalan, thanks to Innocent De Marchi <email address hidden> (closes: #622786) -- Steve Langasek <email address hidden> Sun, 01 May 2011 01:49:11 -0700
-
pam (1.1.2-2) unstable; urgency=low
* debian/patches-applied/hurd_no_setfsuid: handle some new calls to setfsuid in pam_xauth that I overlooked, so that the build works again on non-Linux. Closes: #613630. -- Steve Langasek <email address hidden> Wed, 16 Feb 2011 09:27:11 -0800
-
pam (1.1.2-1) unstable; urgency=low
* New upstream release. - Add support for NSS groups to pam_group. Closes: #589019, LP: #297408. - Support cross-building the package. Thanks to Neil Williams <email address hidden> for the patch. Closes: #284854. * debian/rules: pass getconf LFS_CFLAGS so that we get a 64-bit rlimit interface. Closes: #579402. * Drop patches conditional_module,_conditional_man and mkhomedir_linking.patch, which are included upstream. * debian/patches/hurd_no_setfsuid: pam_env and pam_mail now also use setfsuid, so patch them to be likewise Hurd-safe. * Update debian/source.lintian-overrides to clean up some spurious warnings. * debian/libpam-modules.postinst: if any 'min=n' options are found in /etc/pam.d/common-password, convert them on upgrade to 'minlen=n' for compatibility with upstream. * debian/NEWS: document the disappearance of 'min=n', in case users have encoded this option elsewhere outside of /etc/pam.d/common-password. * debian/patches/007_modules_pam_unix: drop compatibility handling of 'max=' no-op; use of this option will now log an error, as warned three years ago. * Bump Standards-Version to 3.9.1. * Add lintian overrides for a few more spurious warnings. * debian/patches-applied/no_PATH_MAX_on_hurd: define PATH_MAX for compatibility when it's not already set. Closes: #552043. * debian/local/pam-auth-update: Don't try to pass embedded newlines to debconf; backslash-escape them instead and use CAPB escape. * debian/local/pam-auth-update: sort additional module options before writing them out, so that we don't wind up with a different config file on every invocation. Thanks to Jim Paris <email address hidden> for the patch. Closes: #594123. * debian/libpam-runtime.{postinst,templates}: since 1.1.2-1 is targeted for post-squeeze, we don't need to support upgrades from 1.0.1-6 to 1.0.1-10 anymore. Drop the debconf error note about having configured your system with a lack of authentication, so that translators don't spend any more time on it. * Updated debconf translations: - Swedish, thanks to Martin Bagge <email address hidden> (closes: #575875) -- Steve Langasek <email address hidden> Tue, 15 Feb 2011 23:21:41 -0800
-
pam (1.1.1-6.1) unstable; urgency=low
* Non-maintainer upload.
* Fix pending l10n issues. Debconf translations:
- Czech (Miroslav Kure). Closes: #598329
- Slovak (Ivan Masár). Closes: #600164
- Japanese (Kenshi Muto). Closes: #600247
- Finnish (Esko Arajärvi). Closes: #600641
-- Christian Perrier <email address hidden> Tue, 19 Oct 2010 07:30:49 +0200
-
pam (1.1.1-6) unstable; urgency=low
* Updated debconf translations:
- Swedish, thanks to Martin Bagge <email address hidden> (closes: #575875)
-- Steve Langasek <email address hidden> Sun, 05 Sep 2010 23:36:35 -0700
-
pam (1.1.1-5) unstable; urgency=low
* debian/rules: pass getconf LFS_CFLAGS so that we get a 64-bit rlimit
interface. Closes: #579402.
* Update debian/source.lintian-overrides to clean up some spurious
warnings.
* Bump Standards-Version to 3.9.1.
* Add lintian overrides for a few more spurious warnings.
* debian/patches-applied/no_PATH_MAX_on_hurd: define PATH_MAX for
compatibility when it's not already set. Closes: #552043.
* debian/local/pam-auth-update: Don't try to pass embedded newlines to
debconf; backslash-escape them instead and use CAPB escape.
* debian/local/pam-auth-update: sort additional module options before
writing them out, so that we don't wind up with a different config file
on every invocation. Thanks to Jim Paris <email address hidden> for the patch.
Closes: #594123.
-- Steve Langasek <email address hidden> Sun, 05 Sep 2010 12:42:34 -0700
-
pam (1.1.1-4) unstable; urgency=low
* debian/patches/conditional_module,_conditional_man: if we don't have the
libraries required for building pam_tty_audit, we shouldn't install the
manpage either. LP: #588547.
* Updated debconf translations:
- Portuguese, thanks to Eder L. Marques <email address hidden>
(closes: #581746)
- Spanish, thanks to Javier Fernandez-Sanguino Peña <email address hidden>
(closes: #592172)
- Galician, thanks to Jorge Barreiro <email address hidden>
(closes: #592808)
* Don't pass --version-script options when linking executables,
only when linking libraries. Thanks to Julien Cristau
<email address hidden> for the fix. Closes: #582362.
-- Steve Langasek <email address hidden> Sun, 15 Aug 2010 21:53:46 -0700
-
pam (1.1.1-3) unstable; urgency=low
* pam-auth-update: fix a bug in our handling of module options when the
module name contains digits, caused by a buggy regexp. :/ Partially
addresses LP #369575.
* Install /sbin/pam_tally2 in the libpam-modules package; thanks to
Olivier BONHOMME <email address hidden> for reporting. Closes: #554010.
-- Steve Langasek <email address hidden> Sun, 25 Apr 2010 05:53:44 -0700
-
pam (1.1.1-2) unstable; urgency=low
* Document the new symbols added in 1.1.1 in debian/libpam0g.symbols, and
raise the minimum version for the service restarting code.
Closes: #568480.
-- Steve Langasek <email address hidden> Wed, 17 Feb 2010 23:21:23 -0800
-
pam (1.1.1-1) unstable; urgency=low
* New upstream version.
- restore proper netgroup handling in pam_access.
Closes: #567385, LP: #513955.
* Drop patches pam.d-manpage-section, namespace_with_awk_not_gawk, and
pam_securetty_tty_check_before_user_check, which are included upstream.
* debian/patches/026_pam_unix_passwd_unknown_user: don't return
PAM_USER_UNKNOWN on password change of a user that has no shadow entry,
upstream now implements auto-creating the shadow entry in this case.
* Updated debconf translations:
- French, thanks to Jean-Baka Domelevo Entfellner <email address hidden>
(closes: #547039)
- Bulgarian, thanks to Damyan Ivanov <email address hidden> (closes: #562835)
* debian/patches/sys-types-include.patch: fix pam_modutil.h so that it can
be included directly, without having to include sys/types.h first.
Closes: #556203.
* Add postgresql-8.3 to the list of services in need of restart on upgrade.
Closes: #563674.
* And drop postgresql-{7.4,8.1} from the list, neither of which is present
in stable.
* debian/patches/007_modules_pam_unix: recognize that *all* of the password
hashes other than traditional crypt handle passwords >8 chars in length.
LP: #356766.
-- Steve Langasek <email address hidden> Mon, 01 Feb 2010 02:04:33 -0800
-
pam (1.1.0-4) unstable; urgency=low
* debian/patches/pam_securetty_tty_check_before_user_check: new patch,
to make pam_securetty always return success on a secure tty regardless
of what username was passed. Thanks to Nicolas François
<email address hidden> for the patch. Closes: #537848
* debian/local/pam-auth-update: only reset the seen flag on the template
when there's new information; this avoids reprompting users for the same
information on upgrade, regardless of the debconf priority used.
Closes: #544805.
* libpam0g no longer depends on libpam-runtime; packages that use
/etc/pam.d/common-* must depend directly on libpam-runtime, and most do
(including the Essential: yes ones), so let's break this circular
dependency. Closes: #545086, LP: #424566.
-- Steve Langasek <email address hidden> Mon, 14 Sep 2009 18:47:25 -0700
-
pam (1.1.0-3) unstable; urgency=low
* Bump debian/compat to 7, so we can use sane contents in debian/*.install
* Switch all packages over to dh_install
* Rename debian/*.lintian to debian/*.lintian-overrides and use dh_lintian
* Move installation logic out of debian/rules into individual .install
files
* Drop superfluous options to dh_installchangelogs, dh_shlibdeps
* Use debian/clean instead of rm -f'ing files in debian/rules clean target
* Drop ./configure options that are no-ops
* Drop the /lib/security/pam_unix_*.so symlinks, which have been deprecated
now for 10 years and are not used at all if pam-auth-update is in play.
* Drop the pam_rhosts_auth.so symlink as well, and document in NEWS.Debian
that this is now obsolete.
* Drop stale content from README.debian: some of this should have been in
NEWS.Debian instead (but is so old it's not worth putting it there now),
some of it is obsolete by the change in package VCS.
* Convert debian/rules to debhelper 7 and add versioned build-dependencies
on debhelper and quilt to suit.
* Drop CFLAGS that we don't need anymore (-fPIC, -D_REENTRANT,
-D_GNU_SOURCE).
* Explicitly add -O0 to CFLAGS when noopt is set.
* debian/patches/autoconf.patch: pull ltmain.sh in, to fix some spurious
library linkage in the modules.
* Move pam_cracklib manpage to the libpam-cracklib package, and add the
requisite Replaces
* Drop dh_makeshlibs -V; everything from lenny on should use the .symbols
file instead, making the shlibs redundant so we don't need to care what
version gets listed there.
-- Steve Langasek <email address hidden> Mon, 07 Sep 2009 18:47:45 -0700
-
pam (1.0.1-10) unstable; urgency=high
[ Steve Langasek ]
* Updated debconf translations:
- Finnish, thanks to Esko Arajärvi <email address hidden> (closes: #520785)
- Russian, thanks to Yuri Kozlov <email address hidden> (closes: #521874)
- German, thanks to Sven Joachim <email address hidden> (closes: #521530)
- Basque, thanks to Piarres Beobide <email address hidden>
(closes: #524285)
* When no profiles are chosen in pam-auth-update, throw an error message
and prompt again instead of letting the user end up with an insecure
system. This introduces a new debconf template. Closes: #519927,
LP: #410171.
[ Kees Cook ]
* Add debian/patches/pam_1.0.4_mindays: backport upstream 1.0.4 fixes
for MINDAYS-Field regression (closes: #514437).
* debian/control: add missing misc:Depends for packages that need it.
[ Sam Hartman ]
* Remove conflicts information for transitions prior to woody release
* Fix lintian overrides for libpam-runtime
* Overrides for lintian finding quilt patches
* pam_mail-fix-quiet: patch from Andreas Henriksson
applied upstream to fix quiet option of pam_mail, Closes: #439268
[ Dustin Kirkland ]
* debian/patches/update-motd: run the update-motd scripts in pam_motd;
render update-motd obsolete, LP: #399071
[ Sam Hartman ]
* cve-2009-0887-libpam-pam_misc.patch: avoid integer signedness problem
(CVE-2009-0887) (Closes: #520115)
-- Steve Langasek <email address hidden> Thu, 06 Aug 2009 17:54:32 +0100
-
pam (1.0.1-9) unstable; urgency=low
* Move the pam module packages to section 'admin'.
* 027_pam_limits_better_init_allow_explicit_root: defaults need to be
declared as LIMITS_DEF_DEFAULT instead of LIMITS_DEF_ALL, otherwise
global limits will fail to be applied. LP: #314222.
-- Steve Langasek <email address hidden> Fri, 20 Mar 2009 19:48:47 -0700
-
pam (1.0.1-7) unstable; urgency=low
* 027_pam_limits_better_init_allow_explicit_root:
- fix the patch so that our limit resets are actually *applied*,
which has apparently been broken for who knows how long!
- shadow the finite kernel defaults for RLIMIT_SIGPENDING and
RLIMIT_MSGQUEUE as well, so that the preceding change doesn't
suddenly expose systems to DoS or other issues.
- include documentation in the patch, giving examples of how to set
limits for root. Thanks to Jonathan Marsden.
* pam-auth-update: swap out known md5sums from intrepid pre-release
versions with the md5sums from the released intrepid version
* pam-auth-update: set the umask, so we don't accidentally mark
/etc/pam.d/common-* unreadable. Thanks to Martin Krafft for catching.
Closes: #518042.
-- Steve Langasek <email address hidden> Tue, 03 Mar 2009 17:18:42 -0800
-
pam (1.0.1-6) unstable; urgency=low
* Updated debconf translations:
- Vietnamese, thanks to Clytie Siddall <email address hidden>
* New patch dont_freeze_password_chain, cherry-picked from upstream:
don't always follow the same path through the password stack on
the PAM_UPDATE_AUTHTOK pass as was used in the PAM_PRELIM_CHECK
pass; this Linux-PAM deviation from the original PAM spec causes a
number of problems, in particular causing wrong return values when
using the refactored pam-auth-update stack. LP: #303515, #305882.
* debian/local/pam-auth-update (et al): new interface for managing
/etc/pam.d/common-*, using drop-in config snippets provided by module
packages.
-- Steve Langasek <email address hidden> Sat, 28 Feb 2009 13:36:57 -0800
-
pam (1.0.1-5) unstable; urgency=low
* Build-conflict with libxcrypt-dev, which otherwise pulls libxcrypt in as
a dependency of libpam-modules if it's installed during the build.
Thanks to Larry Doolittle for catching.
* Don't refer to gnome-screensaver in the debconf template; it isn't
actually affected by the libpam symbol issue because it forks a separate
process to display the screensaver dialog.
* Have libpam-modules Pre-Depend on ${misc:Depends}, so that we can
warn users about needing to disable xscreensaver and xlockmore
before libpam-modules is unpacked. Closes: #502140, LP: #256238.
* Updated debconf translations for the new template:
- Italian, thanks to David Paleino <email address hidden>
- Simplified Chinese, thanks to Deng Xiyue
<email address hidden> (closes: #510371)
- Portuguese, thanks to Américo Monteiro <email address hidden>
- Swedish, thanks to Martin Bagge <email address hidden> (closes: #510379)
- Japanese, thanks to Kenshi Muto <email address hidden> (closes: #510380)
- Finnish, thanks to Esko Arajärvi <email address hidden> (closes: #510382)
- Spanish, thanks to Javier Fernandez-Sanguino Peña <email address hidden>
(closes: #510389)
- Galician, thanks to Marce Villarino <email address hidden>
- Slovak, thanks to helix84 <email address hidden> (closes: #510412)
- Bulgarian, thanks to Damyan Ivanov <email address hidden>
- Czech, thanks to Miroslav Kure <<email address hidden>
(closes: #510608)
- French, thanks to Steve Petruzzello <email address hidden>
- German, thanks to Sven Joachim <email address hidden> (closes: #510617)
- Basque, thanks to Piarres Beobide <email address hidden>
(closes: #510699)
- Russian, thanks to Yuri Kozlov <email address hidden> (closes: #510701)
- Turkish, thanks to Mert Dirik <email address hidden> (closes: #510707)
-- Steve Langasek <email address hidden> Tue, 06 Jan 2009 00:05:13 -0800
-
pam (1.0.1-4) unstable; urgency=high
* High-urgency upload for RC bugfix.
[ Julien Cristau ]
* pam_unix-chkpwd-wait: don't assume that the unix_chkpwd process exits
normally; if it was killed by a signal, we don't want to accept the
password. Closes: #495879.
[ Steve Langasek ]
* 007_modules_pam_unix: update the manpage at the same time as the xml
source (grr, autogenerated files in source packages). Closes: #495804.
* 055_pam_unix_nullok_secure: also don't call the helper at all from
_unix_blankpasswd when we can detect that null passwords are disallowed,
to avoid causing spammy logs on successful authentications.
Closes: #496620.
* debian/rules: call chgrp *before* calling chmod, lest the sgid bit
on unix_chkpwd be cleared during the build when using -rsudo.
Closes: #496983.
-- Steve Langasek <email address hidden> Thu, 28 Aug 2008 22:59:23 -0700