[ubuntu/oneiric] pam 1.1.3-1ubuntu1 (Accepted)

[Steve Langasek]

pam (1.1.3-1ubuntu1) oneiric; urgency=low

  * Merge from Debian unstable, remaining changes:
    - debian/libpam-modules.postinst: Add PATH to /etc/environment if it's
      not present there or in /etc/security/pam_env.conf. (should send to
      Debian).
    - debian/libpam0g.postinst: only ask questions during update-manager when
      there are non-default services running.
    - Change Vcs-Bzr to point at the Ubuntu branch.
    - debian/patches-applied/series: Ubuntu patches are as below ...
    - debian/patches-applied/ubuntu-rlimit_nice_correction: Explicitly
      initialise RLIMIT_NICE rather than relying on the kernel limits.
    - debian/patches-applied/027_pam_limits_better_init_allow_explicit_root:
      bump the hard limit for number of file descriptors, to keep pace with
      the changes in the kernel.
    - debian/patches-applied/pam_motd-legal-notice: display the contents of
      /etc/legal once, then set a flag in the user's homedir to prevent
      showing it again.
    - debian/update-motd.5, debian/libpam-modules.manpages: add a manpage
      for update-motd, with some best practices and notes of explanation.
    - debian/patches/update-motd-manpage-ref: add a reference in pam_motd(8)
      to update-motd(5)
    - debian/libpam0g.postinst: drop kdm from the list of services to
      restart.
    - debian/libpam0g.postinst: check if gdm is actually running before
      trying to reload it.
    - New patch, lib_security_multiarch_compat, which lets us reuse the
      upstream --enable-isadir functionality to support a true path for
      module lookups; this way we don't have to force a hard transition to
      multiarch, but can support resolving modules in both the multiarch and
      non-multiarch directories.
    - build for multiarch, splitting our executables out of libpam-modules
      into a new package, libpam-modules-bin, so that modules can be
      co-installable between architectures.
  * Dropped changes:
    - bumping the service restart version in libpam0g.postinst to ensure
      servers don't fail to find the pam modules in the new paths; the min
      version requirement upstream is higher than this now.

pam (1.1.3-1) unstable; urgency=low

  * New upstream release.
    - Fixes CVE-2010-3853, executing namespace.init with an insecure
      environment set by the caller.  Closes: #608273.
    - Fixes CVE-2010-3316 CVE-2010-3430 CVE-2010-3431 CVE-2010-3435.
      Closes: #599832.
  * Port hurd_no_setfsuid patch to new pam_modutil_{drop,restore}_priv
    interface; now possibly upstreamable
  * debian/patches-applied/027_pam_limits_better_init_allow_explicit_root:
    set a better default RLIMIT_MEMLOCK value for BSD kernels.  Thanks to
    Petr Salinger for the fix.  Closes: #602902.
  * bump the minimum version check in maintainer scripts for the restart
    handling.

Date: Sat, 04 Jun 2011 14:04:19 -0700
Changed-By: Steve Langasek <steve.langasek at ubuntu.com>
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/oneiric/+source/pam/1.1.3-1ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 04 Jun 2011 14:04:19 -0700
Source: pam
Binary: libpam0g libpam-modules libpam-modules-bin libpam-runtime libpam0g-dev libpam-cracklib libpam-doc
Architecture: source
Version: 1.1.3-1ubuntu1
Distribution: oneiric
Urgency: low
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Steve Langasek <steve.langasek at ubuntu.com>
Description: 
 libpam-cracklib - PAM module to enable cracklib support
 libpam-doc - Documentation of PAM
 libpam-modules - Pluggable Authentication Modules for PAM
 libpam-modules-bin - Pluggable Authentication Modules for PAM - helper binaries
 libpam-runtime - Runtime support for the PAM library
 libpam0g   - Pluggable Authentication Modules library
 libpam0g-dev - Development files for PAM
Closes: 599832 602902 608273
Changes: 
 pam (1.1.3-1ubuntu1) oneiric; urgency=low
 .
   * Merge from Debian unstable, remaining changes:
     - debian/libpam-modules.postinst: Add PATH to /etc/environment if it's
       not present there or in /etc/security/pam_env.conf. (should send to
       Debian).
     - debian/libpam0g.postinst: only ask questions during update-manager when
       there are non-default services running.
     - Change Vcs-Bzr to point at the Ubuntu branch.
     - debian/patches-applied/series: Ubuntu patches are as below ...
     - debian/patches-applied/ubuntu-rlimit_nice_correction: Explicitly
       initialise RLIMIT_NICE rather than relying on the kernel limits.
     - debian/patches-applied/027_pam_limits_better_init_allow_explicit_root:
       bump the hard limit for number of file descriptors, to keep pace with
       the changes in the kernel.
     - debian/patches-applied/pam_motd-legal-notice: display the contents of
       /etc/legal once, then set a flag in the user's homedir to prevent
       showing it again.
     - debian/update-motd.5, debian/libpam-modules.manpages: add a manpage
       for update-motd, with some best practices and notes of explanation.
     - debian/patches/update-motd-manpage-ref: add a reference in pam_motd(8)
       to update-motd(5)
     - debian/libpam0g.postinst: drop kdm from the list of services to
       restart.
     - debian/libpam0g.postinst: check if gdm is actually running before
       trying to reload it.
     - New patch, lib_security_multiarch_compat, which lets us reuse the
       upstream --enable-isadir functionality to support a true path for
       module lookups; this way we don't have to force a hard transition to
       multiarch, but can support resolving modules in both the multiarch and
       non-multiarch directories.
     - build for multiarch, splitting our executables out of libpam-modules
       into a new package, libpam-modules-bin, so that modules can be
       co-installable between architectures.
   * Dropped changes:
     - bumping the service restart version in libpam0g.postinst to ensure
       servers don't fail to find the pam modules in the new paths; the min
       version requirement upstream is higher than this now.
 .
 pam (1.1.3-1) unstable; urgency=low
 .
   * New upstream release.
     - Fixes CVE-2010-3853, executing namespace.init with an insecure
       environment set by the caller.  Closes: #608273.
     - Fixes CVE-2010-3316 CVE-2010-3430 CVE-2010-3431 CVE-2010-3435.
       Closes: #599832.
   * Port hurd_no_setfsuid patch to new pam_modutil_{drop,restore}_priv
     interface; now possibly upstreamable
   * debian/patches-applied/027_pam_limits_better_init_allow_explicit_root:
     set a better default RLIMIT_MEMLOCK value for BSD kernels.  Thanks to
     Petr Salinger for the fix.  Closes: #602902.
   * bump the minimum version check in maintainer scripts for the restart
     handling.
Checksums-Sha1: 
 e74117e54bd65ed31d747dc299d906d8a0a766f8 2249 pam_1.1.3-1ubuntu1.dsc
 897acdce243c6c6afeee7d3a4f351e3e891eff44 1768872 pam_1.1.3.orig.tar.gz
 e0f11dcb136b844bf9d9fbd8f7215e2f324f2420 281758 pam_1.1.3-1ubuntu1.diff.gz
Checksums-Sha256: 
 7ea4735b9f5be63d852cbde8d0a73717acde2e675511184544d51adea6c491a2 2249 pam_1.1.3-1ubuntu1.dsc
 a5bff0a161aeb6c0857fd441ff984749a8b208ad50b8d1f117058a6301741a0f 1768872 pam_1.1.3.orig.tar.gz
 0e8c3906e2ea89dd884479dd31f29583256cad13247f381cb69088f9b250dece 281758 pam_1.1.3-1ubuntu1.diff.gz
Files: 
 0495c817731e5d58ba43036dad9050ed 2249 libs optional pam_1.1.3-1ubuntu1.dsc
 9a977619848cfed372d9b361e328ec99 1768872 libs optional pam_1.1.3.orig.tar.gz
 e42260f016c6fbedd87aaaad0d0d4da0 281758 libs optional pam_1.1.3-1ubuntu1.diff.gz
Original-Maintainer: Steve Langasek <vorlon at debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIVAwUBTeqeX1aNMPMhshM9AQhjNBAAxpYO/GvJqObCv/KJHc0HgzO92zkOQSyE
b+HfraNdh2jENoNu3zuqUylpp6htXowbtLosT3Rrc58AhSTrSqHj8tbLyQOTlV/t
058oqNYGzpxQMpS5OYh/YIJMt5RnszO1MwEmJwOb15AMK6xyBtVfY6e5aKPDT2Wu
aaPGb3DUg1A+drSRTw2Ouyp5lXMuEZdjC26wAfEH5onfQYmfn9kJB0D7C918xqQq
j35gGJHtZrJoR6WQl3YavYWvAnjsB/RVpXYMpneWX0CGJhNmd0ytlCYxavINjHa+
ACYQMRQT397vRryJpXhJYwFDWgm4tb4Z8ILbbSJ1cwxDBS0kQzy+fxNWxokhj6lE
1ahnqP6pNlM7jD7JQmBNa6NuE4I8iR4fP1IhBvvTB79bsvu+33L8mfbOiSBqjsvA
IlwYnkCRBhn0qBZKu6KX3ol10IvkERZFxOTXFI7uiCa1+t5j6Ukn7MqBkcxjzv6l
381kljWLKPubYF1e+OC5lq3bmjljQySpKoZLPfg7U1ai+h5FxYTzvkXrslEPdA9I
fCz6k70m05gsf6zkUskhCi7kw4h6IBRlgExMXkaHTQUgdX9ndNc1u1gU+yTRrq9f
HbRCnrtrCkvAUyeCHmJejoX32ulaGV+2miO9klbu2hnly1hZowZZGmp6obzp6XqP
54ChX/4BEFs=
=6Seh
-----END PGP SIGNATURE-----