-
pam (1.5.2-2ubuntu1.3) kinetic-security; urgency=medium
* SECURITY REGRESSION: fix CVE-2022-28321 patch location
- debian/patches-applied/CVE-2022-28321.patch: pam_access: handle
hostnames in access.conf
- CVE-2022-28321
-- Nishit Majithia <email address hidden> Thu, 02 Feb 2023 14:48:57 +0530
-
pam (1.5.2-2ubuntu1.1) kinetic-security; urgency=medium
* SECURITY UPDATE: authentication bypass vulnerability
- debian/patches/CVE-2022-28321.patch: pam_access: handle hostnames in
access.conf
- CVE-2022-28321
-- Nishit Majithia <email address hidden> Tue, 24 Jan 2023 17:06:18 +0530
-
pam (1.5.2-2ubuntu1) kinetic; urgency=medium
* Merge from Debian unstable, remaining changes:
- debian/libpam-modules.postinst: Add PATH to /etc/environment if it's
not present there or in /etc/security/pam_env.conf. (should send to
Debian).
- debian/libpam0g.postinst: only ask questions during update-manager when
there are non-default services running.
- debian/libpam0g.postinst: check if gdm is actually running before
trying to reload it.
- debian/patches-applied/ubuntu-rlimit_nice_correction: Explicitly
initialise RLIMIT_NICE rather than relying on the kernel limits.
- debian/patches-applied/pam_umask_usergroups_from_login.defs.patch:
Deprecate pam_unix's explicit "usergroups" option and instead read it
from /etc/login.def's "USERGROUP_ENAB" option if umask is only defined
there. This restores compatibility with the pre-PAM behaviour of login.
- debian/patches-applied/pam_motd-legal-notice: display the contents of
/etc/legal once, then set a flag in the user's homedir to prevent
showing it again.
- debian/update-motd.5, debian/libpam-modules.manpages: add a manpage
for update-motd, with some best practices and notes of explanation.
- debian/patches/update-motd-manpage-ref: add a reference in pam_motd(8)
to update-motd(5)
- debian/local/common-session{,-noninteractive}: Enable pam_umask by
default, now that the umask setting is gone from /etc/profile.
- debian/local/pam-auth-update: Add the new md5sums for pam_umask addition.
- debian/patches-applied/extrausers.patch: Add a pam_extrausers module
that is basically just a copy of pam_unix but looks at
/var/lib/extrausers/{group,passwd,shadow} instead of /etc/
- debian/libpam-modules-bin.install: install the helper binaries for
pam_extrausers to /sbin
- debian/rules: Make pam_extrausers_chkpwd sguid shadow
- Add lintian override for pam_extrausers_chkpwd
- Disable custom daemon restart detection code if needrestart is available
* Dropped changes, no longer needed:
- d/libpam-modules.postinst: Add /snap/bin to $PATH in /etc/environment
* Refresh patches.
* debian/patches-applied/extrausers.patch: update for upstream changes.
pam (1.5.2-2) unstable; urgency=medium
* Pass --with-systemdunitdir=/usr/lib/systemd/system for consistent
builds whether we are or aren't building in an environment with systemd
present.
* Install the pam_namespace.service unit in the libpam-modules-bin
package.
pam (1.5.2-1) unstable; urgency=medium
* New upstream release.
- fixes compatibility with libpam-systemd. Closes: #1017467.
- fixes bashisms in configure.ac. Closes: #998361.
* Refresh patches.
* Drop patches included or obsoleted upstream:
- debian/patches-applied/pam_unix_fix_sgid_shadow_auth.patch
- debian/patches-applied/pam_unix_initialize_daysleft
- debian/patches-applied/pam_faillock_create_directory
- debian/patches-applied/pam_unix_avoid_checksalt
- debian/patches-applied/pam_env-allow-environment-files-without-EOL-at-EOF.patch
* Drop libpam-cracklib which has been obsoleted upstream.
* Add pkgconfig .pc files to libpam0g-dev. Closes: #1012688.
* Update .symbols file.
* Updated Romanian debconf translation, thanks Andrei Popescu, Closes:
#986416
* Drop versioning of quilt build-dependency to quiet lintian, since the
version is satisfied by oldoldoldstable.
* Drop unused build-build-dependency on bzip2.
* Adjust lintian overrides for latest lintian syntax.
* Update Standards-Version.
* Bump debhelper compat to 13.
* debian/not-installed: document upstream files that aren't used.
* Override incorrect lintian warning about use of dpkg database.
* Override lintian warning for PAM module manpages being in section 8
* Override lintian warning for unused debconf templates
* Install additional upstream manpages: faillock(8), environment(5),
pwhistory_helper(8)
* Install additional helpers in libpam-modules-bin: pam_namespace_helper,
pwhistory_helper
* Fix wrong syntax in symbols file
-- Steve Langasek <email address hidden> Thu, 18 Aug 2022 18:16:30 +0000
-
pam (1.4.0-13ubuntu1) kinetic; urgency=medium
* Merge from Debian unstable, remaining changes:
- debian/libpam-modules.postinst: Add PATH to /etc/environment if it's
not present there or in /etc/security/pam_env.conf. (should send to
Debian).
- debian/libpam0g.postinst: only ask questions during update-manager when
there are non-default services running.
- debian/libpam0g.postinst: check if gdm is actually running before
trying to reload it.
- debian/patches-applied/ubuntu-rlimit_nice_correction: Explicitly
initialise RLIMIT_NICE rather than relying on the kernel limits.
- debian/patches-applied/pam_umask_usergroups_from_login.defs.patch:
Deprecate pam_unix's explicit "usergroups" option and instead read it
from /etc/login.def's "USERGROUP_ENAB" option if umask is only defined
there. This restores compatibility with the pre-PAM behaviour of login.
- debian/patches-applied/pam_motd-legal-notice: display the contents of
/etc/legal once, then set a flag in the user's homedir to prevent
showing it again.
- debian/update-motd.5, debian/libpam-modules.manpages: add a manpage
for update-motd, with some best practices and notes of explanation.
- debian/patches/update-motd-manpage-ref: add a reference in pam_motd(8)
to update-motd(5)
- debian/local/common-session{,-noninteractive}: Enable pam_umask by
default, now that the umask setting is gone from /etc/profile.
- debian/local/pam-auth-update: Add the new md5sums for pam_umask addition.
- debian/patches-applied/extrausers.patch: Add a pam_extrausers module
that is basically just a copy of pam_unix but looks at
/var/lib/extrausers/{group,passwd,shadow} instead of /etc/
- debian/libpam-modules-bin.install: install the helper binaries for
pam_extrausers to /sbin
- debian/rules: Make pam_extrausers_chkpwd sguid shadow
- Add lintian override for pam_extrausers_chkpwd
- Disable custom daemon restart detection code if needrestart is available
- d/libpam-modules.postinst: Add /snap/bin to $PATH in /etc/environment
pam (1.4.0-13) unstable; urgency=medium
* Don't build with NIS support. This is only used for password changes on
NIS systems, and is pulling a large dependency chain into the Essential
package set which is not justifiable.
-- Steve Langasek <email address hidden> Tue, 26 Apr 2022 11:10:38 -0700
-
pam (1.4.0-11ubuntu2) jammy; urgency=medium
* Drop Recommends on update-motd which is no longer used and is not being
maintained.
-- Steve Langasek <email address hidden> Wed, 23 Mar 2022 18:43:24 -0700