Accepted pam 0.99.7.1-4ubuntu1 (source)

Kees Cook kees at ubuntu.com
Tue Sep 11 17:10:28 BST 2007


Accepted:
 OK: pam_0.99.7.1.orig.tar.gz
 OK: pam_0.99.7.1-4ubuntu1.diff.gz
 OK: pam_0.99.7.1-4ubuntu1.dsc
     -> Component: main Section: libs

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Wed, 05 Sep 2007 15:18:36 -0700
Source: pam
Binary: libpam0g-dev libpam0g libpam-modules libpam-doc libpam-runtime libpam-cracklib
Architecture: source
Version: 0.99.7.1-4ubuntu1
Distribution: gutsy
Urgency: low
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Kees Cook <kees at ubuntu.com>
Description: 
 libpam-cracklib - PAM module to enable cracklib support
 libpam-doc - Documentation of PAM
 libpam-modules - Pluggable Authentication Modules for PAM
 libpam-runtime - Runtime support for the PAM library
 libpam0g   - Pluggable Authentication Modules library
 libpam0g-dev - Development files for PAM
Closes: 1708 62193 95324 119689 127931 153157 165067 178225 181451 184270 212165 220157 241661 300773 305058 313486 325974 328084 330545 331208 331278 333141 336344 350620 354309 360460 362855 368100 389197 411812 412484 416665 436005 436222 439038 439040 439835 439984 440019 440074 440355 440362 440368
Launchpad-Bugs-Fixed: 14505 43169 80431
Changes: 
 pam (0.99.7.1-4ubuntu1) gutsy; urgency=low
 .
   * Resynchronise with Debian (LP: #43169, #14505, #80431). Remaining changes:
     - debian/control, debian/local/common-session{,md5sums}: use
       libpam-foreground for session management.
     - debian/rules: install unix_chkpwd setgid shadow instead of setuid root.
       The nis package handles overriding this as necessary.
     - debian/libpam-modules.postinst: Add PATH to /etc/environment if it's not
       present there or in /etc/security/pam_env.conf.
     - debian/patches-applied/ubuntu-fix_standard_types: Use standard u_int8_t
       type rather than __u8.
     - debian/patches-applied/ubuntu-rlimit_nice_correction: Explicitly
       initialise RLIMIT_NICE rather than relying on the kernel limits. Bound
       RLIMIT_NICE from below as well as from above. Fix off-by-one error when
       converting RLIMIT_NICE to the range of values used by the kernel.
       (Originally patch 101; converted to quilt.)
     - debian/patches-applied/ubuntu-user_defined_environment: Look at
       ~/.pam_environment too, with the same format as
       /etc/security/pam_env.conf.  (Originally patch 100; converted to quilt.)
   * Dropped:
     - debian/rules: bashism fixes (merged upstream).
     - debian/control: Conflict on ancient nis (expired with Breezy).
     - debian/libpam-runtime.postinst: check for ancient pam (expired with
       Breezy).
 .
 pam (0.99.7.1-4) unstable; urgency=low
 .
   * libpam0g.postinst, libpam0g.templates: gdm doesn't need to be restarted
     to fix the library skew, only reloaded; special-case this daemon in the
     postinst and remove the mention of it from the debconf template, also
     tightening the language of the debconf template in the process.
     Closes: #440074.
   * Add courier-authdaemon to the list of services that need to be
     restarted; thanks to Micah Anderson for reporting.
   * New patch pam_env_ignore_garbage.patch: fix pam_env to really skip over
     garbage lines in /etc/environment and log an error, instead of failing
     with an obscure error; and ignore any PAM_BAD_ITEM values returned
     by pam_putenv(), since this is the expected error return when trying
     to delete a non-existent var.  Closes: #439984.
   * Yet another thinko in hurd_no_setfsuid and in
     029_pam_limits_capabilities; this code should really be Hurd-safe at
     last...
   * getline() returns -1 on EOF, not 0; check this appropriately, to fix
     an infinite loop in pam_rhosts_auth.  Thanks to Stephan Springl
     <springl-rhosts at bfw-online.de> for the fix.  Closes: #440019.
   * Use ${misc:Depends} for libpam0g, so we get a proper dependency on
     debconf.
   * 019_pam_listfile_quiet: per discussion with upstream, don't suppress
     errors about missing files or files with wrong permissions; these are
     real errors that should not be buried.
   * Drop the remainder of 061_pam_issue_double_free, not required for the
     original bugfix.
   * Drop patch 064_pam_unix_cracklib_dictpath, which is not needed now that
     we define CRACKLIB_DICTS in debian/rules.
   * Drop patch 063_paswd_segv, superseded by a different upstream fix
   * Split 047_pam_limits_chroot_string_value up between
     008_modules_pam_limits_chroot and 029_pam_limits_capabilites
   * Updates to patch 007_modules_pam_unix: restore the same built-in min
     password len of 6 that upstream uses; fix a typo panlindrome ->
     palindrome.
   * The 'max=' option was never intended to be used to limit maximum password
     length for users, only to declare what the number of significant
     characters /is/ for a password.  But we don't need a config option to
     tell us that, we know the answer based on which crypt type we're using,
     so drop this as a config file option.  Closes: #389197.
   * Debconf translations:
     - Spanish, thanks to Javier Fernández-Sanguino Peña <jfs at debian.org>
     - Vietnamese, thanks to Clytie Siddall <clytie at riverland.net.au>
     - German, thanks to Sven Joachim <svenjoac at gmx.de> (closes: #440355)
     - Czech, thanks to Miroslav Kure <kurem at upcase.inf.upol.cz>
       (closes: #440362)
     - Portuguese, thanks to Américo Monteiro <a_monteiro at netcabo.pt>
       (closes: #440368)
 .
 pam (0.99.7.1-3) unstable; urgency=low
 .
   * New patch limits_wrong_strncpy: fix unnecessary manipulations of string
     buffers, including an illegal use of strncpy().  Thanks to Paul Hampson
     for reporting.  Closes: #331278.
   * New patch misc_conv_allow_sigint.patch: allow SIGINT to be handled by the
     application, instead of blocking it when misc_conv is in use and
     preventing users from being able to ^C at any PAM prompt.  Closes: #1708.
   * 024_debian_cracklib_dict_path: default to NULL instead of a specific
     dictionary path when none is defined for consistency with the new upstream
     version of cracklib, and define our path in debian/rules.
   * 055_pam_unix_nullok_secure: document the pam_unix "nullok_secure" option,
     a prereq for forwarding this patch upstream.  Closes: #325974.
   * Create /etc/security/opasswd on new installs or on upgrades from
     0.99.7.1-2 or below, so that users that enable the remember=<n> option to
     pam_unix aren't left unable to change passwords.  Closes: #95324.
   * Fix a couple of thinkos in hurd_no_setfsuid, that were preventing the code
     from compiling on the Hurd still.  Thanks to Michael Banck for the catch.
   * Fix a memory leak in the pam_limits capabilities patch: always
     cap_free() the cap_t before returning from pam_sm_open_session().
     Closes: #153157.
   * libpam0g.postinst, libpam0g.templates: on upgrades from versions
     prior to 0.99.7.1-3, restart known PAM-using services so that they
     get the new libpam symbols, since otherwise the newer PAM modules
     will fail to load.  Postinst taken from libssl0.9.8; thanks to
     Christoph Martin for the fine example!  Closes: #439835.
   * Build-depend on po-debconf to support l10n of the debconf questions
     from the above.
 .
 pam (0.99.7.1-2) unstable; urgency=low
 .
   * New upstream release; thanks to Roger Leigh and Jan Christoph Nordholz
     for their extensive work in helping to prepare for this update in Debian.
     Closes: #360460.
     - now uses autoconf for library detection, so SELinux should not be
       unconditionally enabled on non-Linux archs.  Closes: #333141.
     - pam_mail notice handling has been completely reworked, so there should
       no longer be missing spaces in the messages.  Closes: #119689.
     - with libtool and autoconf, now behaves "sensibly" on unknown
       platforms.  Closes: #165067.
     - the source now builds without warnings.  Closes: #212165.
     - uses automake instead of hand-rolled makefiles with indentation
       bugs.  Closes: #241661, #328084.
     - pam_mkhomedir now creates directories recursively as needed.
       Closes: #178225.
     - pam_listfile now supports being used as a session module too.
       Closes: #416665.
     - misspelled pam_userdb log message has been corrected.  Closes: #305058.
     - the current pam_strerror manpage no longer mentions "Unknown
       Linux-PAM error".  Closes: #220157.
     - the text documentation no longer uses ANSI bold sequences.
       Closes: #181451.
     - pam_localuser now supports being used as a session module.
       Closes: #412484.
     - package no longer fails to build with dash as /bin/sh.
       Closes: #331208.
     - All modules should now be documented in the system administrator
       guide.  Closes: #350620.
     - pam_userdb now logs an error instead of segfaulting when no db=
       option is provided.  Closes: #436005.
     - pam_time now warns on a missing tty instead of erroring out,
       making it possible to use the module with non-console services.
       Closes: #127931.
     - upstream changelog is now 'ChangeLog' instead of 'CHANGELOG'; install
       accordingly
     - bump the shlibs
     - the 'test.c' example no longer exists
     - add /usr/share/locale to libpam-runtime.
     - CVE-2005-2977: only uid=0 is allowed to invoke unix_chkpwd with an
       arbitrary username, and then only when SELinux is active.
       Closes: #336344.
   * Mark myself as primary maintainer as previously discussed with Sam, and
     add Roger as an uploader.
   * Refactor to use quilt.
   * Update to Standards-Version 3.7.2.
   * Drop unnecessary build-dependency on patch, which is
     build-essential (and no longer invoked directly).
   * Drop patches 002_debian_no_ldconfig_call, 010_pam_cplusplus,
     018_man_fixes, 030_makefile_link_against_libpam,
     037_pam_issue_ttyname_can_be_null, 044_configure_supports_bsd,
     050_configure_in_gnu and 052_pam_unix_no_openlog, which have been
     superseded upstream.
   * Drop patches 005_pam_limits_099_6,
     012_pam_group_less_restrictive_charset, 023_pam_env_limits_miscfixes,
     048_pam_group_colon_valid_char, 058_pam_env_enable, 059_pam_userdb_segv,
     060_pam_tally_segv and 062_c++_safe_headers, which have been integrated
     upstream.
   * Patch 057: SELinux support is merged upstream, leaving only an
     unrelated OOM check for pam_unix_passwd.  Rename as
     057_pam_unix_passwd_OOM_check.
   * Patches 006, 008, 036: update for the switch from SGML to XML.
   * Patch 007: update for the switch from SGML to XML; drop some log
     messages that were already added upstream; update for the pam_modutil
     changes; tighten the flag handling of the 'obscure' option; drop bogus
     check in unix_chkpwd for null passwords.  Also fix a grammar error
     along the way.  Closes: #362855.
   * Patch 024: CRACKLIB_DICTPATH is no longer set in configure.in, so patch
     pam_cracklib.c instead to use the default dictpath already available
     from crack.h; and patch configure.in to use AC_CHECK_HEADERS instead
     of AC_CHECK_HEADER, so crack.h is actually included.  Also remove
     unnecessary string copies, which break on the Hurd due to PATH_MAX.
   * Patch 038: partially merged/superseded upstream; also add new Hurd
     fix for pam_xauth.
   * Patch 061: partially merged upstream
   * Use ${binary:Version} instead of ${Source-Version} in
     debian/control.
   * Remove empty maintainer scripts debian/libpam0g-dev.{postinst,prerm},
     debian/libpam0g.{postinst,prerm}, and
     debian/libpam-modules.{postinst,prerm}; debhelper can autogenerate these
     just fine without our help.
   * Build-Depend on xsltproc, libxml2-utils, docbook-xml, docbook-xsl
     and w3m instead of on linuxdoc-tools, linuxdoc-tools-latex, tetex-extra,
     groff, and opensp.
   * Also build-depend on flex for libfl.a.
   * Updates for documentation handling:
     - move debian/local/pam-*-guide to debian/libpam-doc.doc-base.foo-guide,
       and invoke dh_installdocs instead of installing these by hand.
     - drop libpam-doc.{postinst,prerm}, which are no longer needed.
     - add an install target to debian/rules, and have binary-indep depend on
       it instead of trying to install doc files individually from the source
       tree
     - consequently, drop libpam-doc.dirs as well which is no longer needed
       and no longer accurate
     - add debian/libpam-doc.install for moving the docs to the right place,
       and also replace libpam-runtime.files with libpam-runtime.install;
       for the moment this means we're using both dh_movefiles and
       dh_install...
     - libpam0g.docs: install the Debian-PAM-MiniPolicy from here, further
       cleaning up debian/rules
   * Drop debian/libpam0g.links, no longer needed because upstream now has a
     working install target which creates the library symlinks
   * Add libpam-modules.links: create pam_unix_{acct,auth,passwd,session}.so
     symlinks by hand, no longer provided upstream.
   * debian/patches-applied/PAM-manpage-section: "PAM" is not a daemon, manpage
     belongs in section 7, not in section 8.
   * Actually ship the pam, pam.conf, and pam.d manpages in libpam-runtime.
   * debian/patches-applied/autoconf.patch: move all changes to autotools
     generated files into a single patch at the end of the stack.
     - don't touch configure in debian/rules, the quilt patch takes care
       of this for us.
   * New patch 064_pam_unix_cracklib_dictpath: correctly define
     CRACKLIB_DICTS, since this is not defined by configure.  Thanks to Jan
     Christoph Nordholz.
   * New patch 065_pam_unix_cracklib_disable: Debian-specific patch to disable
     cracklib support in pam_unix.  Thanks to Christoph Nordholz.
   * debian/rules:
     - Rename OS_CFLAGS to CFLAGS.
     - kill off references to unused variables
     - make binary-arch also depend on the install target, and streamline the
       rules
     - fix up the clean target to not ignore errors; thanks to Roger Leigh
     - drop the local module_check target in favor of using -Wl,-z,defs
       in LDFLAGS to enforce correct linkage of all objects at build time
   * Drop debian/local/unix_chkpwd.8 in favor of the upstream manpage.
   * libpam-modules.files: /usr/sbin/pam_tally has moved to /sbin/pam_tally
     for consistency.
   * Update to debhelper V5.
   * Don't ship Makefiles as part of the libpam0g-dev examples.
   * libpam-modules.manpages, libpam-runtime.manpages, libpam0g-dev.manpages:
     put all the manpages in the correct packages.  Closes: #411812,
     #62193, #313486, #300773, #330545, #184270.
   * Drop libpam{0g,0g-dev,-modules,-runtime}.dirs, not needed for anything
     because we aren't trying to ship empty directories in the packages
   * Build-Conflict with fop, to avoid unreproducible builds of pdf
     documentation from a tool in contrib.
   * libpam-cracklib should depend on a real wordlist package, per policy;
     use wamerican as the default.
   * Drop local/pam-undocumented.7 from the package, since we no longer have
     a reason to ship it
   * Add lintian overrides for known false-positives
   * Conflicts/Replaces/Provides libpam-umask, now included upstream.
     Closes: #436222.
   * Upstream no longer marks unix_chkpwd suid-root for us, so set the perms
     by hand in debian/rules.  In the process, unix_chkpwd is now writable
     by the owner, as expected by policy.  Closes: #368100.
   * Migrate from db4.3 to db4.6; once again, no administrator action should
     be needed for upgrading on-disk database formats.  Closes: #354309.
   * Add XS-Vcs-Svn and XS-Vcs-Browser fields to debian/control; thanks to
     Laurent Bigonville for the hint.  Closes: #439038.
   * Add a watch file for use with uscan; thanks to Laurent Bigonville for
     this patch as well.  Closes: #439040.
   * Rewrite of 031_pam_include, fixing a memory leak and letting us drop
     patch 056_no_label_at_end; thanks to Jan Christoph Nordholz
     <hesso at pool.math.tu-berlin.de> for this much-improved version!
   * New patch no_pthread_mutexes: don't use pthread mutexes in
     pam_modutil functions, they're not needed because pam handles
     themselves should not be used concurrently by multiple threads and
     using pthreads causes problems for portable linking.
   * New patch hurd_no_setfsuid: if we don't have sys/fsuid.h, work around
     using setreuid instead.
Files: 
 4dc81b0793aa71027471c2e62ff342db 1258 libs optional pam_0.99.7.1-4ubuntu1.dsc
 36e7ac3e5adc8de0052cf3206887584c 1408769 libs optional pam_0.99.7.1.orig.tar.gz
 cdd260534f6c4e582d05eab8b8e0023e 117081 libs optional pam_0.99.7.1-4ubuntu1.diff.gz
Original-Maintainer: Steve Langasek <vorlon at debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFG5rzbH/9LqRcGPm0RAkNYAJ4mLfeUMoLNHsR9FaBNIw0vBxkzAQCgpXg0
JrypkMfBxNFXRIbhlMOl9j4=
=0HMz
-----END PGP SIGNATURE-----





More information about the gutsy-changes mailing list