Accepted: pam 1.0.1-1ubuntu1 (source)
Steve Langasek
steve.langasek at ubuntu.com
Tue Jul 29 02:35:18 BST 2008
Accepted:
OK: pam_1.0.1.orig.tar.gz
OK: pam_1.0.1-1ubuntu1.diff.gz
OK: pam_1.0.1-1ubuntu1.dsc
-> Component: main Section: libs
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 28 Jul 2008 20:58:26 +0000
Source: pam
Binary: libpam0g libpam-modules libpam-runtime libpam0g-dev libpam-cracklib libpam-doc
Architecture: source
Version: 1.0.1-1ubuntu1
Distribution: intrepid
Urgency: medium
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Steve Langasek <steve.langasek at ubuntu.com>
Description:
libpam-cracklib - PAM module to enable cracklib support
libpam-doc - Documentation of PAM
libpam-modules - Pluggable Authentication Modules for PAM
libpam-runtime - Runtime support for the PAM library
libpam0g - Pluggable Authentication Modules library
libpam0g-dev - Development files for PAM
Closes: 155583 203222 367834 382987 403718 404836 421010 442049 444427 451722 454237 469635 470137 473338 473975 483913 484249 488908 490236 490880 491821
Launchpad-Bugs-Fixed: 9224 216990 245786
Changes:
pam (1.0.1-1ubuntu1) intrepid; urgency=low
.
* Merge from Debian unstable
* Dropped changes:
- Linux-PAM/modules/pam_selinux/pam_selinux.8: Ubuntu pam_selinux manpage
is 2 years newer than Debian's, contains a number of character escaping
fixes plus content updates
- debian/patches-applied/ubuntu-pam_selinux_seusers: patch pam_selinux to
correctly support seusers (backported from changes in PAM 0.99.8).
- debian/rules: install unix_chkpwd setgid shadow instead of setuid root.
The nis package handles overriding this as necessary.
- debian/patches-applied/ubuntu-rlimit_nice_correction: Bound RLIMIT_NICE
from below as well as from above. Fix off-by-one error when converting
RLIMIT_NICE to the range of values used by the kernel.
* Remaining changes:
- debian/libpam-modules.postinst: Add PATH to /etc/environment if it's not
present there or in /etc/security/pam_env.conf. (should send to Debian).
- debian/libpam-runtime.postinst,
debian/local/common-{auth,password}{,.md5sums}:
Use the new 'missingok' option by default for pam_smbpass in case
libpam-smbpass is not installed (LP: #216990); must use "requisite"
rather than "required" to prevent "pam_smbpass migrate" from firing in
the event of an auth failure; md5sums updated accordingly.
- debian/libpam0g.postinst: only ask questions during update-manager when
there are non-default services running.
- debian/patches-applied/series: Ubuntu patches are as below ...
- debian/patches-applied/ubuntu-fix_standard_types: Use standard u_int8_t
type rather than __u8.
- debian/patches-applied/ubuntu-no-error-if-missingok: add a new, magic
module option 'missingok' which will suppress logging of errors by
libpam if the module is not found.
- debian/patches-applied/ubuntu-regression_fix_securetty: prompt for
password on bad username.
- debian/patches-applied/ubuntu-rlimit_nice_correction: Explicitly
initialise RLIMIT_NICE rather than relying on the kernel limits.
- debian/patches-applied/ubuntu-user_defined_environment: Look at
~/.pam_environment too, with the same format as
/etc/security/pam_env.conf. (Originally patch 100; converted to quilt.)
* Refresh patch ubuntu-no-error-if-missingok for the new upstream version.
* Change Vcs-Bzr to point at the new Ubuntu branch.
.
pam (1.0.1-1) unstable; urgency=low
.
* New upstream version.
- pam_limits: bound RLIMIT_NICE from below. Closes: #403718.
- pam_mail: set the MAIL variable even when .hushlogin is set.
Closes: #421010.
- new minclass option introduced for pam_cracklib. Closes: #454237.
- fix a failure to check the string length when matching usernames in
pam_group. Closes: #444427.
- fix setting shell security context in pam_selinux. Closes: #451722.
- use --disable-audit, to avoid libaudit being linked in
accidentally
- pam_unix now supports SHA-256 and SHA-512 password hashes.
Closes: #484249, LP: #245786.
- pam_rhosts_auth is dropped upstream (closes: #382987); add a compat
symlink to pam_rhosts to support upgrades for a release, and give a
warning in NEWS.Debian.
- new symbol in libpam.so.0, pam_modutil_audit_write; shlibs bump, and
do another round of service restarts on upgrade.
- pam_unix helper is now called whenever an unprivileged process
tries and fails to query a user's account status. Closes: #367834.
* Drop patches 006_docs_cleanup, 015_hurd_portability,
019_pam_listfile_quiet, 024_debian_cracklib_dict_path, 038_support_hurd,
043_pam_unix_unknown_user_not_alert, 046_pam_group_example,
no_pthread_mutexes, limits_wrong_strncpy, misc_conv_allow_sigint.patch,
pam_tally_audit.patch, 057_pam_unix_passwd_OOM_check, and
065_pam_unix_cracklib_disable which have been merged upstream.
* Patch 022_pam_unix_group_time_miscfixes: partially merged upstream;
now is really just "pam_group_miscfixes".
* Patch 007_modules_pam_unix partially superseded upstream; stripping
hpux-style expiry information off of password fields is now supported.
* New patch pam_unix_thread-safe_save_old_password.patch, to make sure all
our getpwnam() use in pam_unix is thread-safe (fixes an upstream
regression)
* New patch pam_unix_fix_sgid_shadow_auth.patch, fixing an upstream
regression which prevents sgid shadow apps from being able to authenticate
any more because the module forces use of the helper and the helper won't
allow authentication of arbitrary users. This change does mean we're
going to be noisier for the time being in an SELinux environment, which
should be addressed but is not a regression on Debian.
* New patch pam_unix_dont_trust_chkpwd_caller.patch, rolling back an
upstream change that causes unix_chkpwd to assume that setuid(getuid())
is sufficient to drop permissions and attempt any authentication on
behalf of the user.
* The password-changing helper functionality for SELinux systems has been
split out into a separate unix_update binary, so at long last we can
change unix_chkpwd to be sgid shadow instead of suid root.
Closes: #155583.
- Update the lintian override to match.
* Install the new unix_update helper into libpam-modules.
* Use a pristine upstream tarball instead of repacking; requires various
changes to debian/rules and debhelper files.
* Replace the Vcs-Svn field with a Vcs-Bzr field; jumping ship from svn,
and how!
* Debconf translations:
- Romanian, thanks to Igor Stirbu <igor.stirbu at gmail.com>
(closes: #491821)
* Add libpam0g.symbols, for finer-grained package dependencies with
dpkg-gensymbols.
* Fix debian/copyright to list the known copyright holders
* Fix up the doc-base sections for the libpam-doc documentation, "Apps"
should not be part of the section name
* Also fix up whitespace issues in the doc-base abstracts
* Fix a typo in the libpam0g-dev description.
* 027_pam_limits_better_init_allow_explicit_root: RLIM_INFINITY is also
invalid for RLIMIT_NOFILE, so when resetting the limits for a new session,
use the kernel default of 1024 instead. Closes: #404836.
* Create /etc/environment on initial install of libpam-modules (or on
upgrade from an old version), to quell warnings in the logs about it
being missing. Closes: #442049.
* 026_pam_unix_passwd_unknown_user: drop a redundant, and broken, check for
the NSS source of our user; this was preventing password changes for NIS
users, which otherwise should have worked. Closes: #203222, LP: #9224.
* New patch do_not_check_nis_accidentally: respect the 'nis' option
(set or unset) when looking up the user's password entry for password
changes. Thanks to Quentin Godfroy <godfroy at clipper.ens.fr> for the
patch. Closes: #469635.
* Drop patch 049_pam_unix_sane_locking, which upon review is not needed;
it reduces the length of time we hold the lock, but at the expense of
being able to enforce minimum times between password changes.
* debian/watch: upstream has hit 1.0, so we're no longer in a "pre"
directory. Fix up the regex for uscan.
* Fix the libpam0g-dev examples directory to not include a gratuitous
.cvsignore file.
* New patch, pam.d-manpage-section, to fix the manpage references to
point to section 5 instead of section 8.
* Update patch PAM-manpage-section to fix the references to pam(7) from
other manpages. Closes: #470137.
* Add debian/README.source documenting that this package uses quilt.
* Bump Standards-Version to 3.8.0.
* Fix a bug in the uid-restoring code in the hurd_no_setfsuid patch; thanks
to Tomas Mraz <tmraz at redhat.com> for indirectly bringing this to my
attention
.
pam (0.99.7.1-7) unstable; urgency=medium
.
* Medium-urgency upload for RC bugfix
* Debconf translations:
- Italian, thanks to David Paleino <d.paleino at gmail.com> (closes: #483913)
- Slovak, thanks to Ivan Masár <helix84 at centrum.sk> (closes: #488908)
- Turkish, thanks to Mert Dirik <mertdirik at gmail.com> (closes: #490880)
- Basque, thanks to Piarres Beobide <pi+debian at beobide.net>
(closes: #473975)
* Drop the 'XS' from Vcs-Svn/Vcs-Browser, since these are now officially
recognized fields.
* Add a Homepage field. Closes: #473338.
* Drop -DCRACKLIB_DICTS from CFLAGS, since the referenced define is no
longer provided by cracklib2-dev 2.8 and above. This requires a
build-dependency on the corresponding version of libcrack2-dev.
Closes: #490236.
Checksums-Sha1:
2c3a781dcbfcea0385121d6411dd7119de0132e7 1548 pam_1.0.1-1ubuntu1.dsc
28e0a4646c5ccb76adfc266f37f3ba3a2618d121 1597124 pam_1.0.1.orig.tar.gz
e482c5872ef1d76fab8814fd416b9736fd9ab340 151613 pam_1.0.1-1ubuntu1.diff.gz
Checksums-Sha256:
5ac126410b77281fd5907baaa1a4d6ee1ae68cb8ef5cfbb3c87dc54235f9d9a6 1548 pam_1.0.1-1ubuntu1.dsc
10c503a5c42c5a570f5d2734c5f2996ca7559602701d5fe7fc44aef549c183af 1597124 pam_1.0.1.orig.tar.gz
07999f28eba00b1db1ee1cbe6c3b5093a979e170fb494d6f635d2d87ff3eb1e2 151613 pam_1.0.1-1ubuntu1.diff.gz
Files:
13b3b6b2048de27f5d6d23fe4e66d3d6 1548 libs optional pam_1.0.1-1ubuntu1.dsc
bcaa5d9bf84137e0d128b2ff9b63b1d7 1597124 libs optional pam_1.0.1.orig.tar.gz
f6fab55ca79c924cef011afe9704059f 151613 libs optional pam_1.0.1-1ubuntu1.diff.gz
Original-Maintainer: Steve Langasek <vorlon at debian.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFIjnNRKN6ufymYLloRAshhAJ4iSx0X6iNP8zYAyWO/ydtUctaPGQCg0GSh
TFHatNoDQiYyl/mX07DLljw=
=zc8M
-----END PGP SIGNATURE-----
More information about the Intrepid-changes
mailing list