-
pam (1.1.1-6.1+squeeze1) stable-security; urgency=low
* Non-maintainer upload by the Security Team
* Fix CVE-2011-3148 and CVE-2011-3149
-- Moritz Muehlenhoff <email address hidden> Mon, 17 Oct 2011 18:28:52 +0000
-
pam (1.1.1-6.1) unstable; urgency=low
* Non-maintainer upload.
* Fix pending l10n issues. Debconf translations:
- Czech (Miroslav Kure). Closes: #598329
- Slovak (Ivan Masár). Closes: #600164
- Japanese (Kenshi Muto). Closes: #600247
- Finnish (Esko Arajärvi). Closes: #600641
-- Christian Perrier <email address hidden> Tue, 19 Oct 2010 07:30:49 +0200
-
pam (1.1.1-6) unstable; urgency=low
* Updated debconf translations:
- Swedish, thanks to Martin Bagge <email address hidden> (closes: #575875)
-- Steve Langasek <email address hidden> Sun, 05 Sep 2010 23:36:35 -0700
-
pam (1.1.1-4) unstable; urgency=low
* debian/patches/conditional_module,_conditional_man: if we don't have the
libraries required for building pam_tty_audit, we shouldn't install the
manpage either. LP: #588547.
* Updated debconf translations:
- Portuguese, thanks to Eder L. Marques <email address hidden>
(closes: #581746)
- Spanish, thanks to Javier Fernandez-Sanguino Peña <email address hidden>
(closes: #592172)
- Galician, thanks to Jorge Barreiro <email address hidden>
(closes: #592808)
* Don't pass --version-script options when linking executables,
only when linking libraries. Thanks to Julien Cristau
<email address hidden> for the fix. Closes: #582362.
-- Steve Langasek <email address hidden> Sun, 15 Aug 2010 21:53:46 -0700
-
pam (1.1.1-3) unstable; urgency=low
* pam-auth-update: fix a bug in our handling of module options when the
module name contains digits, caused by a buggy regexp. :/ Partially
addresses LP #369575.
* Install /sbin/pam_tally2 in the libpam-modules package; thanks to
Olivier BONHOMME <email address hidden> for reporting. Closes: #554010.
-- Steve Langasek <email address hidden> Sun, 25 Apr 2010 05:53:44 -0700
-
pam (1.1.1-2) unstable; urgency=low
* Document the new symbols added in 1.1.1 in debian/libpam0g.symbols, and
raise the minimum version for the service restarting code.
Closes: #568480.
-- Steve Langasek <email address hidden> Wed, 17 Feb 2010 23:21:23 -0800
-
pam (1.1.1-1) unstable; urgency=low
* New upstream version.
- restore proper netgroup handling in pam_access.
Closes: #567385, LP: #513955.
* Drop patches pam.d-manpage-section, namespace_with_awk_not_gawk, and
pam_securetty_tty_check_before_user_check, which are included upstream.
* debian/patches/026_pam_unix_passwd_unknown_user: don't return
PAM_USER_UNKNOWN on password change of a user that has no shadow entry,
upstream now implements auto-creating the shadow entry in this case.
* Updated debconf translations:
- French, thanks to Jean-Baka Domelevo Entfellner <email address hidden>
(closes: #547039)
- Bulgarian, thanks to Damyan Ivanov <email address hidden> (closes: #562835)
* debian/patches/sys-types-include.patch: fix pam_modutil.h so that it can
be included directly, without having to include sys/types.h first.
Closes: #556203.
* Add postgresql-8.3 to the list of services in need of restart on upgrade.
Closes: #563674.
* And drop postgresql-{7.4,8.1} from the list, neither of which is present
in stable.
* debian/patches/007_modules_pam_unix: recognize that *all* of the password
hashes other than traditional crypt handle passwords >8 chars in length.
LP: #356766.
-- Steve Langasek <email address hidden> Mon, 01 Feb 2010 02:04:33 -0800
-
pam (1.1.0-4) unstable; urgency=low
* debian/patches/pam_securetty_tty_check_before_user_check: new patch,
to make pam_securetty always return success on a secure tty regardless
of what username was passed. Thanks to Nicolas François
<email address hidden> for the patch. Closes: #537848
* debian/local/pam-auth-update: only reset the seen flag on the template
when there's new information; this avoids reprompting users for the same
information on upgrade, regardless of the debconf priority used.
Closes: #544805.
* libpam0g no longer depends on libpam-runtime; packages that use
/etc/pam.d/common-* must depend directly on libpam-runtime, and most do
(including the Essential: yes ones), so let's break this circular
dependency. Closes: #545086, LP: #424566.
-- Steve Langasek <email address hidden> Mon, 14 Sep 2009 18:47:25 -0700
-
pam (1.0.1-10) unstable; urgency=high
[ Steve Langasek ]
* Updated debconf translations:
- Finnish, thanks to Esko Arajärvi <email address hidden> (closes: #520785)
- Russian, thanks to Yuri Kozlov <email address hidden> (closes: #521874)
- German, thanks to Sven Joachim <email address hidden> (closes: #521530)
- Basque, thanks to Piarres Beobide <email address hidden>
(closes: #524285)
* When no profiles are chosen in pam-auth-update, throw an error message
and prompt again instead of letting the user end up with an insecure
system. This introduces a new debconf template. Closes: #519927,
LP: #410171.
[ Kees Cook ]
* Add debian/patches/pam_1.0.4_mindays: backport upstream 1.0.4 fixes
for MINDAYS-Field regression (closes: #514437).
* debian/control: add missing misc:Depends for packages that need it.
[ Sam Hartman ]
* Remove conflicts information for transitions prior to woody release
* Fix lintian overrides for libpam-runtime
* Overrides for lintian finding quilt patches
* pam_mail-fix-quiet: patch from Andreas Henriksson
applied upstream to fix quiet option of pam_mail, Closes: #439268
[ Dustin Kirkland ]
* debian/patches/update-motd: run the update-motd scripts in pam_motd;
render update-motd obsolete, LP: #399071
[ Sam Hartman ]
* cve-2009-0887-libpam-pam_misc.patch: avoid integer signedness problem
(CVE-2009-0887) (Closes: #520115)
-- Steve Langasek <email address hidden> Thu, 06 Aug 2009 17:54:32 +0100
-
pam (1.0.1-9) unstable; urgency=low
* Move the pam module packages to section 'admin'.
* 027_pam_limits_better_init_allow_explicit_root: defaults need to be
declared as LIMITS_DEF_DEFAULT instead of LIMITS_DEF_ALL, otherwise
global limits will fail to be applied. LP: #314222.
-- Steve Langasek <email address hidden> Fri, 20 Mar 2009 19:48:47 -0700
-
pam (1.0.1-7) unstable; urgency=low
* 027_pam_limits_better_init_allow_explicit_root:
- fix the patch so that our limit resets are actually *applied*,
which has apparently been broken for who knows how long!
- shadow the finite kernel defaults for RLIMIT_SIGPENDING and
RLIMIT_MSGQUEUE as well, so that the preceding change doesn't
suddenly expose systems to DoS or other issues.
- include documentation in the patch, giving examples of how to set
limits for root. Thanks to Jonathan Marsden.
* pam-auth-update: swap out known md5sums from intrepid pre-release
versions with the md5sums from the released intrepid version
* pam-auth-update: set the umask, so we don't accidentally mark
/etc/pam.d/common-* unreadable. Thanks to Martin Krafft for catching.
Closes: #518042.
-- Steve Langasek <email address hidden> Tue, 03 Mar 2009 17:18:42 -0800
-
pam (1.0.1-5) unstable; urgency=low
* Build-conflict with libxcrypt-dev, which otherwise pulls libxcrypt in as
a dependency of libpam-modules if it's installed during the build.
Thanks to Larry Doolittle for catching.
* Don't refer to gnome-screensaver in the debconf template; it isn't
actually affected by the libpam symbol issue because it forks a separate
process to display the screensaver dialog.
* Have libpam-modules Pre-Depend on ${misc:Depends}, so that we can
warn users about needing to disable xscreensaver and xlockmore
before libpam-modules is unpacked. Closes: #502140, LP: #256238.
* Updated debconf translations for the new template:
- Italian, thanks to David Paleino <email address hidden>
- Simplified Chinese, thanks to Deng Xiyue
<email address hidden> (closes: #510371)
- Portuguese, thanks to Américo Monteiro <email address hidden>
- Swedish, thanks to Martin Bagge <email address hidden> (closes: #510379)
- Japanese, thanks to Kenshi Muto <email address hidden> (closes: #510380)
- Finnish, thanks to Esko Arajärvi <email address hidden> (closes: #510382)
- Spanish, thanks to Javier Fernandez-Sanguino Peña <email address hidden>
(closes: #510389)
- Galician, thanks to Marce Villarino <email address hidden>
- Slovak, thanks to helix84 <email address hidden> (closes: #510412)
- Bulgarian, thanks to Damyan Ivanov <email address hidden>
- Czech, thanks to Miroslav Kure <<email address hidden>
(closes: #510608)
- French, thanks to Steve Petruzzello <email address hidden>
- German, thanks to Sven Joachim <email address hidden> (closes: #510617)
- Basque, thanks to Piarres Beobide <email address hidden>
(closes: #510699)
- Russian, thanks to Yuri Kozlov <email address hidden> (closes: #510701)
- Turkish, thanks to Mert Dirik <email address hidden> (closes: #510707)
-- Steve Langasek <email address hidden> Tue, 06 Jan 2009 00:05:13 -0800