-
pam (1.5.3-5ubuntu5.1) noble; urgency=medium
[ Sam Hartman ]
* Correct Build depends for docbook5 (LP: #2064360)
* Depend on libdb-dev again, bringing back pam_userdb (LP: #2064350)
-- Dan Bungert <email address hidden> Thu, 02 May 2024 16:20:13 -0600
-
pam (1.5.3-5ubuntu5) noble; urgency=medium
* d/p/pam_env-remove-deprecation-notice-for-user_readenv.patch: drop
deprecation warning about user_readenv from pam_env (LP: #2059859)
-- Andreas Hasenack <email address hidden> Wed, 10 Apr 2024 16:19:22 -0300
-
pam (1.5.3-5ubuntu4) noble; urgency=medium
* No-change rebuild for CVE-2024-3094
-- Steve Langasek <email address hidden> Sun, 31 Mar 2024 00:03:23 +0000
-
pam (1.5.3-5ubuntu3) noble; urgency=medium
* No-change rebuild against libdb5.3t64
-- Steve Langasek <email address hidden> Sat, 02 Mar 2024 20:36:06 +0000
-
pam (1.5.3-5ubuntu2) noble; urgency=medium
* Fix FTBFS when built with -Werror=implicit-function-declaration
(LP: #2055453)
-- Dan Bungert <email address hidden> Thu, 29 Feb 2024 11:53:08 -0700
-
pam (1.5.3-5ubuntu1) noble; urgency=medium
* Merge from Debian unstable, remaining changes:
- debian/libpam-modules.postinst: Add PATH to /etc/environment if it's
not present there or in /etc/security/pam_env.conf. (should send to
Debian).
- debian/libpam0g.postinst: only ask questions during update-manager
when there are non-default services running.
- debian/libpam0g.postinst: check if gdm is actually running before
trying to reload it.
- debian/patches/ubuntu-rlimit_nice_correction: Explicitly
initialise RLIMIT_NICE rather than relying on the kernel limits.
- debian/patches/pam_umask_usergroups_from_login.defs.patch:
Deprecate pam_unix's explicit "usergroups" option and instead read it
from /etc/login.def's "USERGROUP_ENAB" option if umask is only defined
there. This restores compatibility with the pre-PAM behaviour of login.
- debian/patches/pam_motd-legal-notice: display the contents of
/etc/legal once, then set a flag in the user's homedir to prevent
showing it again.
- debian/update-motd.5, debian/libpam-modules.manpages: add a manpage
for update-motd, with some best practices and notes of explanation.
- debian/patches/update-motd-manpage-ref: add a reference in pam_motd(8)
to update-motd(5)
- debian/local/common-session{,-noninteractive}: Enable pam_umask by
default, now that the umask setting is gone from /etc/profile.
- debian/local/pam-auth-update: Add the new md5sums for pam_umask addition.
- debian/patches/extrausers.patch: Add a pam_extrausers module
that is basically just a copy of pam_unix but looks at
/var/lib/extrausers/{group,passwd,shadow} instead of /etc/
- debian/libpam-modules-bin.install: install the helper binaries for
pam_extrausers to /sbin
- debian/rules: Make pam_extrausers_chkpwd sguid shadow
- Add lintian override for pam_extrausers_chkpwd
- Disable custom daemon restart detection code if needrestart is available
pam (1.5.3-5) unstable; urgency=medium
* Revert renaming libpam0g to libpam0t64 for time_t transition: apt
sometimes removes libpam0g rather than simply letting libpam0t64
replace libpam0g (and deconfiguring libpam0g), leaving a system where
essential packages are broken, Closes: #1065017
* Since libpam0t64 is going away, we do not need dpkg-diversions for it.
* As a consequence libpam_misc has an ABI break without a package name
change. We believe nothing in the archive depends on this ABI, and at
least until we come up with a better solution this is the least bad option.
* For now remove libdb-dev so that libdb-dev can undergo time_t
transition. That means this version of pam does not include
pam_userdb, which makes pam unsuitable for release.
* Replace/break libpam0t64
-- Dan Bungert <email address hidden> Thu, 29 Feb 2024 10:25:41 -0700
-
pam (1.5.3-4ubuntu1) noble; urgency=medium
* Merge from Debian unstable, remaining changes:
- debian/libpam-modules.postinst: Add PATH to /etc/environment if it's
not present there or in /etc/security/pam_env.conf. (should send to
Debian).
- debian/libpam0t64.postinst: only ask questions during update-manager
when there are non-default services running.
- debian/libpam0t64.postinst: check if gdm is actually running before
trying to reload it.
- debian/patches/ubuntu-rlimit_nice_correction: Explicitly
initialise RLIMIT_NICE rather than relying on the kernel limits.
- debian/patches/pam_umask_usergroups_from_login.defs.patch:
Deprecate pam_unix's explicit "usergroups" option and instead read it
from /etc/login.def's "USERGROUP_ENAB" option if umask is only defined
there. This restores compatibility with the pre-PAM behaviour of login.
- debian/patches/pam_motd-legal-notice: display the contents of
/etc/legal once, then set a flag in the user's homedir to prevent
showing it again.
- debian/update-motd.5, debian/libpam-modules.manpages: add a manpage
for update-motd, with some best practices and notes of explanation.
- debian/patches/update-motd-manpage-ref: add a reference in pam_motd(8)
to update-motd(5)
- debian/local/common-session{,-noninteractive}: Enable pam_umask by
default, now that the umask setting is gone from /etc/profile.
- debian/local/pam-auth-update: Add the new md5sums for pam_umask addition.
- debian/patches/extrausers.patch: Add a pam_extrausers module
that is basically just a copy of pam_unix but looks at
/var/lib/extrausers/{group,passwd,shadow} instead of /etc/
- debian/libpam-modules-bin.install: install the helper binaries for
pam_extrausers to /sbin
- debian/rules: Make pam_extrausers_chkpwd sguid shadow
- Add lintian override for pam_extrausers_chkpwd
- Disable custom daemon restart detection code if needrestart is available
* Dropped changes, included in Debian:
- SECURITY UPDATE: pam_namespace local denial of service
- debian/patches/CVE-2024-22365.patch: use O_DIRECTORY to
prevent local DoS situations in modules/pam_namespace/pam_namespace.c.
- CVE-2024-22365
- Install into /usr/{lib,sbin} instead of /{lib,sbin}. Assumes
usrmerge aliasing symlinks are in place since bookworm to keep
compatibility with PAM modules still installing into /lib.
(DEP17 M2) (Closes: #1060160).
- Mitigate /usr-move file loss. (Closes: #1062802)
- Update lintian override for setgid binary.
-- Dan Bungert <email address hidden> Wed, 28 Feb 2024 21:07:18 -0700
-
pam (1.5.2-9.1ubuntu3) noble; urgency=medium
[ Chris Hofstaedtler ]
* Install into /usr/{lib,sbin} instead of /{lib,sbin}. Assumes
usrmerge aliasing symlinks are in place since bookworm to keep
compatibility with PAM modules still installing into /lib.
(DEP17 M2) (Closes: #1060160).
* Update lintian override for setgid binary.
[ Helmut Grohne ]
* Mitigate /usr-move file loss. (Closes: #1062802)
-- Julian Andres Klode <email address hidden> Thu, 22 Feb 2024 13:24:31 +0100
-
pam (1.5.2-9.1ubuntu2) noble; urgency=medium
* SECURITY UPDATE: pam_namespace local denial of service
- debian/patches-applied/CVE-2024-22365.patch: use O_DIRECTORY to
prevent local DoS situations in modules/pam_namespace/pam_namespace.c.
- CVE-2024-22365
-- Marc Deslauriers <email address hidden> Wed, 17 Jan 2024 12:28:44 -0500
-
pam (1.5.2-9.1ubuntu1) noble; urgency=medium
* Merge from Debian unstable, remaining changes:
- debian/libpam-modules.postinst: Add PATH to /etc/environment if it's
not present there or in /etc/security/pam_env.conf. (should send to
Debian).
- debian/libpam0g.postinst: only ask questions during update-manager when
there are non-default services running.
- debian/libpam0g.postinst: check if gdm is actually running before
trying to reload it.
- debian/patches-applied/ubuntu-rlimit_nice_correction: Explicitly
initialise RLIMIT_NICE rather than relying on the kernel limits.
- debian/patches-applied/pam_umask_usergroups_from_login.defs.patch:
Deprecate pam_unix's explicit "usergroups" option and instead read it
from /etc/login.def's "USERGROUP_ENAB" option if umask is only defined
there. This restores compatibility with the pre-PAM behaviour of login.
- debian/patches-applied/pam_motd-legal-notice: display the contents of
/etc/legal once, then set a flag in the user's homedir to prevent
showing it again.
- debian/update-motd.5, debian/libpam-modules.manpages: add a manpage
for update-motd, with some best practices and notes of explanation.
- debian/patches/update-motd-manpage-ref: add a reference in pam_motd(8)
to update-motd(5)
- debian/local/common-session{,-noninteractive}: Enable pam_umask by
default, now that the umask setting is gone from /etc/profile.
- debian/local/pam-auth-update: Add the new md5sums for pam_umask addition.
- debian/patches-applied/extrausers.patch: Add a pam_extrausers module
that is basically just a copy of pam_unix but looks at
/var/lib/extrausers/{group,passwd,shadow} instead of /etc/
- debian/libpam-modules-bin.install: install the helper binaries for
pam_extrausers to /sbin
- debian/rules: Make pam_extrausers_chkpwd sguid shadow
- Add lintian override for pam_extrausers_chkpwd
- Disable custom daemon restart detection code if needrestart is available
* debian/update-motd.5: fix a typo; thanks to David
Collantes <email address hidden>.
pam (1.5.2-9.1) unstable; urgency=medium
* Non-maintainer upload acked by Sam Hartman.
* Really fix quilt-related FTBFS: (Closes: #1054505)
pam is a 3.0 (quilt) source package and has a .pc directory after unpack
despite having no debian/patches. Even when setting QUILT_PATCH_DIR or
QUILT_PATCHES, quilt is now mislead to using the non-existent
debian/patches and this makes dh_quilt_unpatch fail, so we delete that
directory unless it corresponds to the real debian/patches-applied that we
want to be used.
pam (1.5.2-9) unstable; urgency=low
* Revert 1.5.2-8 upload; as far as I can tell the change is incorrect,
Closes: #1054493
pam (1.5.2-7) unstable; urgency=medium
[ Steve Langasek ]
* Drop reference to stale package version in libpam-modules.postinst;
thanks, Gioele Barabucci <email address hidden>.
[ Sam Hartman ]
* Fix pam-auth-update --disable logic error, Closes: #1039873
* Set myself as maintainer; thanks Steve for past and future work.
* Fix watch file, thanks Daniel Lewart, Closes: #1040310
* Install upstream NEWS file as main upstream changelog; detailed
CHANGELOG only in libpam-doc, Closes: #1040315
* Updated Turkish Debconf translations, Thanks Atila KOÇ, Closes: #1029002
-- Steve Langasek <email address hidden> Mon, 20 Nov 2023 06:39:20 -0800
-
pam (1.5.2-6ubuntu1) mantic; urgency=medium
* Merge from Debian unstable, remaining changes:
- debian/libpam-modules.postinst: Add PATH to /etc/environment if it's
not present there or in /etc/security/pam_env.conf. (should send to
Debian).
- debian/libpam0g.postinst: only ask questions during update-manager when
there are non-default services running.
- debian/libpam0g.postinst: check if gdm is actually running before
trying to reload it.
- debian/patches-applied/ubuntu-rlimit_nice_correction: Explicitly
initialise RLIMIT_NICE rather than relying on the kernel limits.
- debian/patches-applied/pam_umask_usergroups_from_login.defs.patch:
Deprecate pam_unix's explicit "usergroups" option and instead read it
from /etc/login.def's "USERGROUP_ENAB" option if umask is only defined
there. This restores compatibility with the pre-PAM behaviour of login.
- debian/patches-applied/pam_motd-legal-notice: display the contents of
/etc/legal once, then set a flag in the user's homedir to prevent
showing it again.
- debian/update-motd.5, debian/libpam-modules.manpages: add a manpage
for update-motd, with some best practices and notes of explanation.
- debian/patches/update-motd-manpage-ref: add a reference in pam_motd(8)
to update-motd(5)
- debian/local/common-session{,-noninteractive}: Enable pam_umask by
default, now that the umask setting is gone from /etc/profile.
- debian/local/pam-auth-update: Add the new md5sums for pam_umask addition.
- debian/patches-applied/extrausers.patch: Add a pam_extrausers module
that is basically just a copy of pam_unix but looks at
/var/lib/extrausers/{group,passwd,shadow} instead of /etc/
- debian/libpam-modules-bin.install: install the helper binaries for
pam_extrausers to /sbin
- debian/rules: Make pam_extrausers_chkpwd sguid shadow
- Add lintian override for pam_extrausers_chkpwd
- Disable custom daemon restart detection code if needrestart is available
pam (1.5.2-6) unstable; urgency=medium
* Update debian/copyright, Thanks Bastian Germann, Closes: #460232
* When pam-auth-update is called with --root, use
/usr/share/pam-configs from the root not from the host system, Thanks
Johannes Schauer Marin Rodrigues, Closes: #1022952
* Build-depend on libcrypt-dev, Closes: #1024645
* Add pam-auth-udpate --disable, Closes: #1004000
* Add autopkgtests
-- Steve Langasek <email address hidden> Mon, 15 May 2023 15:17:53 -0700