[ubuntu/jaunty] pam 1.0.1-7ubuntu1 (Accepted)
Steve Langasek
steve.langasek at ubuntu.com
Wed Mar 4 02:00:14 GMT 2009
pam (1.0.1-7ubuntu1) jaunty; urgency=low
* Merge from Debian unstable
* Remaining changes:
- debian/libpam-modules.postinst: Add PATH to /etc/environment if it's not
present there or in /etc/security/pam_env.conf. (should send to Debian).
- debian/libpam0g.postinst: only ask questions during update-manager when
there are non-default services running.
- debian/patches-applied/series: Ubuntu patches are as below ...
- debian/patches-applied/ubuntu-fix_standard_types: Use standard u_int8_t
type rather than __u8.
- debian/patches-applied/ubuntu-no-error-if-missingok: add a new, magic
module option 'missingok' which will suppress logging of errors by
libpam if the module is not found.
- debian/patches-applied/ubuntu-regression_fix_securetty: prompt for
password on bad username.
- debian/patches-applied/ubuntu-rlimit_nice_correction: Explicitly
initialise RLIMIT_NICE rather than relying on the kernel limits.
- debian/patches-applied/ubuntu-user_defined_environment: Look at
~/.pam_environment too, with the same format as
/etc/security/pam_env.conf. (Originally patch 100; converted to quilt.)
- Change Vcs-Bzr to point at the Ubuntu branch.
- debian/local/common-password, debian/pam-configs/unix: switch from
"md5" to "sha512" as password crypt default.
* Dropped changes, merged in Debian:
- debian/local/pam-auth-update (et al): new interface for managing
/etc/pam.d/common-*, using drop-in config snippets provided by module
packages.
- New patch dont_freeze_password_chain, cherry-picked from upstream:
don't always follow the same path through the password stack on
the PAM_UPDATE_AUTHTOK pass as was used in the PAM_PRELIM_CHECK
pass; this Linux-PAM deviation from the original PAM spec causes a
number of problems, in particular causing wrong return values when
using the refactored pam-auth-update stack. LP: #303515, #305882.
- debian/patches/027_pam_limits_better_init_allow_explicit_root:
Add documentation to the patch showing how to set limits for root.
* Bump the libpam-cracklib dependency on libpam-runtime to 1.0.1-6,
reducing the delta with Debian.
* Drop upgrade handling code from libpam-runtime.postinst that's only
needed when upgrading from 1.0.1-2ubuntu1, a superseded intrepid
pre-release version of the package.
* pam-auth-update: swap out known md5sums from intrepid pre-release versions
with the md5sums from the released intrepid version
* pam-auth-update: drop some md5sums that will only be seen on upgrade from
pre-intrepid versions; skipping over the 8.10 final release is not
supported, and upgrading via 8.10 means those config files will be
replaced so the old md5sums will never be seen again.
pam (1.0.1-7) unstable; urgency=low
* 027_pam_limits_better_init_allow_explicit_root:
- fix the patch so that our limit resets are actually *applied*,
which has apparently been broken for who knows how long!
- shadow the finite kernel defaults for RLIMIT_SIGPENDING and
RLIMIT_MSGQUEUE as well, so that the preceding change doesn't
suddenly expose systems to DoS or other issues.
- include documentation in the patch, giving examples of how to set
limits for root. Thanks to Jonathan Marsden.
* pam-auth-update: swap out known md5sums from intrepid pre-release
versions with the md5sums from the released intrepid version
* pam-auth-update: set the umask, so we don't accidentally mark
/etc/pam.d/common-* unreadable. Thanks to Martin Krafft for catching.
Closes: #518042.
pam (1.0.1-6) unstable; urgency=low
* Updated debconf translations:
- Vietnamese, thanks to Clytie Siddall <clytie at riverland.net.au>
* New patch dont_freeze_password_chain, cherry-picked from upstream:
don't always follow the same path through the password stack on
the PAM_UPDATE_AUTHTOK pass as was used in the PAM_PRELIM_CHECK
pass; this Linux-PAM deviation from the original PAM spec causes a
number of problems, in particular causing wrong return values when
using the refactored pam-auth-update stack. LP: #303515, #305882.
* debian/local/pam-auth-update (et al): new interface for managing
/etc/pam.d/common-*, using drop-in config snippets provided by module
packages.
Date: Tue, 03 Mar 2009 17:34:19 -0800
Changed-By: Steve Langasek <steve.langasek at ubuntu.com>
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/jaunty/+source/pam/1.0.1-7ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Tue, 03 Mar 2009 17:34:19 -0800
Source: pam
Binary: libpam0g libpam-modules libpam-runtime libpam0g-dev libpam-cracklib libpam-doc
Architecture: source
Version: 1.0.1-7ubuntu1
Distribution: jaunty
Urgency: low
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Steve Langasek <steve.langasek at ubuntu.com>
Description:
libpam-cracklib - PAM module to enable cracklib support
libpam-doc - Documentation of PAM
libpam-modules - Pluggable Authentication Modules for PAM
libpam-runtime - Runtime support for the PAM library
libpam0g - Pluggable Authentication Modules library
libpam0g-dev - Development files for PAM
Closes: 518042
Launchpad-Bugs-Fixed: 303515 303515 305882 305882
Changes:
pam (1.0.1-7ubuntu1) jaunty; urgency=low
.
* Merge from Debian unstable
* Remaining changes:
- debian/libpam-modules.postinst: Add PATH to /etc/environment if it's not
present there or in /etc/security/pam_env.conf. (should send to Debian).
- debian/libpam0g.postinst: only ask questions during update-manager when
there are non-default services running.
- debian/patches-applied/series: Ubuntu patches are as below ...
- debian/patches-applied/ubuntu-fix_standard_types: Use standard u_int8_t
type rather than __u8.
- debian/patches-applied/ubuntu-no-error-if-missingok: add a new, magic
module option 'missingok' which will suppress logging of errors by
libpam if the module is not found.
- debian/patches-applied/ubuntu-regression_fix_securetty: prompt for
password on bad username.
- debian/patches-applied/ubuntu-rlimit_nice_correction: Explicitly
initialise RLIMIT_NICE rather than relying on the kernel limits.
- debian/patches-applied/ubuntu-user_defined_environment: Look at
~/.pam_environment too, with the same format as
/etc/security/pam_env.conf. (Originally patch 100; converted to quilt.)
- Change Vcs-Bzr to point at the Ubuntu branch.
- debian/local/common-password, debian/pam-configs/unix: switch from
"md5" to "sha512" as password crypt default.
* Dropped changes, merged in Debian:
- debian/local/pam-auth-update (et al): new interface for managing
/etc/pam.d/common-*, using drop-in config snippets provided by module
packages.
- New patch dont_freeze_password_chain, cherry-picked from upstream:
don't always follow the same path through the password stack on
the PAM_UPDATE_AUTHTOK pass as was used in the PAM_PRELIM_CHECK
pass; this Linux-PAM deviation from the original PAM spec causes a
number of problems, in particular causing wrong return values when
using the refactored pam-auth-update stack. LP: #303515, #305882.
- debian/patches/027_pam_limits_better_init_allow_explicit_root:
Add documentation to the patch showing how to set limits for root.
* Bump the libpam-cracklib dependency on libpam-runtime to 1.0.1-6,
reducing the delta with Debian.
* Drop upgrade handling code from libpam-runtime.postinst that's only
needed when upgrading from 1.0.1-2ubuntu1, a superseded intrepid
pre-release version of the package.
* pam-auth-update: swap out known md5sums from intrepid pre-release versions
with the md5sums from the released intrepid version
* pam-auth-update: drop some md5sums that will only be seen on upgrade from
pre-intrepid versions; skipping over the 8.10 final release is not
supported, and upgrading via 8.10 means those config files will be
replaced so the old md5sums will never be seen again.
.
pam (1.0.1-7) unstable; urgency=low
.
* 027_pam_limits_better_init_allow_explicit_root:
- fix the patch so that our limit resets are actually *applied*,
which has apparently been broken for who knows how long!
- shadow the finite kernel defaults for RLIMIT_SIGPENDING and
RLIMIT_MSGQUEUE as well, so that the preceding change doesn't
suddenly expose systems to DoS or other issues.
- include documentation in the patch, giving examples of how to set
limits for root. Thanks to Jonathan Marsden.
* pam-auth-update: swap out known md5sums from intrepid pre-release
versions with the md5sums from the released intrepid version
* pam-auth-update: set the umask, so we don't accidentally mark
/etc/pam.d/common-* unreadable. Thanks to Martin Krafft for catching.
Closes: #518042.
.
pam (1.0.1-6) unstable; urgency=low
.
* Updated debconf translations:
- Vietnamese, thanks to Clytie Siddall <clytie at riverland.net.au>
* New patch dont_freeze_password_chain, cherry-picked from upstream:
don't always follow the same path through the password stack on
the PAM_UPDATE_AUTHTOK pass as was used in the PAM_PRELIM_CHECK
pass; this Linux-PAM deviation from the original PAM spec causes a
number of problems, in particular causing wrong return values when
using the refactored pam-auth-update stack. LP: #303515, #305882.
* debian/local/pam-auth-update (et al): new interface for managing
/etc/pam.d/common-*, using drop-in config snippets provided by module
packages.
Checksums-Sha1:
a62333d00cdba852c3f6369fbf888015f6d1a4a8 1593 pam_1.0.1-7ubuntu1.dsc
3d24e4af46be9a67182bf3e3130e4f7eca1264bb 167244 pam_1.0.1-7ubuntu1.diff.gz
Checksums-Sha256:
7e5bb2f722f29f255c0f18ea38440923c9f88f0c69dbdab2b2350dadf5149443 1593 pam_1.0.1-7ubuntu1.dsc
267f7e2d5705445d65d62bb4202006285555c3cecd1782d3074e77b27a9b812d 167244 pam_1.0.1-7ubuntu1.diff.gz
Files:
488f5f8fe19e752a03b6bda819f7713e 1593 libs optional pam_1.0.1-7ubuntu1.dsc
939ed310b2c5e2c8f9cd4c9fa55dcbea 167244 libs optional pam_1.0.1-7ubuntu1.diff.gz
Original-Maintainer: Steve Langasek <vorlon at debian.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFJrd/eKN6ufymYLloRAnroAJ9ZBKwJSo0NG+WllWJsOjz1S5DX0ACfYEsS
zVdjmJamxtl8V2gYlY/5ESw=
=DBvI
-----END PGP SIGNATURE-----
More information about the Jaunty-changes
mailing list