[ubuntu/precise] pam 1.1.3-5ubuntu1 (Accepted)

Steve Langasek steve.langasek at ubuntu.com
Sun Oct 30 16:00:34 UTC 2011


pam (1.1.3-5ubuntu1) precise; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - debian/libpam-modules.postinst: Add PATH to /etc/environment if it's
      not present there or in /etc/security/pam_env.conf. (should send to
      Debian).
    - debian/libpam0g.postinst: only ask questions during update-manager when
      there are non-default services running.
    - Change Vcs-Bzr to point at the Ubuntu branch.
    - debian/patches-applied/series: Ubuntu patches are as below ...
    - debian/patches-applied/ubuntu-rlimit_nice_correction: Explicitly
      initialise RLIMIT_NICE rather than relying on the kernel limits.
    - debian/patches-applied/pam_motd-legal-notice: display the contents of
      /etc/legal once, then set a flag in the user's homedir to prevent
      showing it again.
    - debian/update-motd.5, debian/libpam-modules.manpages: add a manpage
      for update-motd, with some best practices and notes of explanation.
    - debian/patches/update-motd-manpage-ref: add a reference in pam_motd(8)
      to update-motd(5)
    - debian/libpam0g.postinst: drop kdm from the list of services to
      restart.
    - debian/libpam0g.postinst: check if gdm is actually running before
      trying to reload it.
    - debian/local/common-session{,-noninteractive}: Enable pam_umask by
      default, now that the umask setting is gone from /etc/profile.
    - debian/local/pam-auth-update: Add the new md5sums for pam_umask addition.
    - add debian/patches-applied/pam_umask_usergroups_from_login.defs.patch:
      Deprecate pam_unix' explicit "usergroups" option and instead read it
      from /etc/login.def's "USERGROUP_ENAB" option if umask is only defined
      there. This restores compatibility with the pre-PAM behaviour of login.
      (Closes: #583958)
  * Dropped changes, included in Debian:
    - debian/patches-applied/CVE-2011-3148.patch
    - debian/patches-applied/CVE-2011-3149.patch
    - debian/patches-applied/update-motd: updated to use clean environment
      and absolute paths in modules/pam_motd/pam_motd.c.
  * debian/libpam0g.postinst: the init script for 'samba' is now named 'smbd'
    in Ubuntu, so fix the restart handling.
  * debian/patches-applied/update-motd: set a sane umask before calling
    run-parts, and restore the old mask afterwards, so /run/motd gets
    consistent permissions.  LP: #871943.
  * debian/patches-applied/update-motd: new module option for pam_motd,
    'noupdate', which suppresses the call to run-parts /etc/update-motd.d.
    LP: #805423.

pam (1.1.3-5) unstable; urgency=low

  [ Kees Cook ]
  * debian/patches-applied/pam_unix_dont_trust_chkpwd_caller.patch: use
    setresgid() to wipe out saved-gid just in case.
  * debian/patches-applied/008_modules_pam_limits_chroot:
    - fix off-by-one when parsing configuration file.
    - when using chroot, chdir() to root to lose links to old tree.
  * debian/patches-applied/022_pam_unix_group_time_miscfixes,
    debian/patches-applied/026_pam_unix_passwd_unknown_user,
    debian/patches-applied/054_pam_security_abstract_securetty_handling:
    improve descriptions.
  * debian/patches-applied/{007_modules_pam_unix,055_pam_unix_nullok_secure}:
    drop unneeded no-op change to reduce delta from upstream.
  * debian/patches-applied/hurd_no_setfsuid: check all set*id() calls.
  * debian/patches-applied/update-motd: correctly clear environment when
    building motd.
  * debian/patches-applied/pam_env-fix-overflow.patch: fix stack overflow
    in environment file parsing (CVE-2011-3148).
  * debian/patches-applied/pam_env-fix-dos.patch: fix DoS in environment
    file parsing (CVE-2011-3149).

pam (1.1.3-4) unstable; urgency=low

  * Make sure shared library links are also installed to the multiarch
    directory, not just the .a files; otherwise the static libs get found
    first by the linker.  Thanks to Russ Allbery for catching this.
    Closes: #642952.

pam (1.1.3-3) unstable; urgency=low

  * Look for /etc/init.d/postgresql, not /etc/init.d/postgresql-8.{2,3},
    for service restarts; the latter are obsolete since squeeze.
    Closes: #631511.
  * Move debian/libpam0g-dev.install to debian/libpam0g-dev.install.in
    and substitute the multiarch path at build time, so our .a files go to
    the multiarch dir instead of to /usr/lib.  Thanks to Riku Voipio for
    pointing out the bug.
  * debian/control: adjust the package descriptions, as the current ones
    use some awkward language that's gone unnoticed for a long time.  Thanks
    to Martin Eberhard Schauer <Martin.E.Schauer at gmx.de> for pointing this
    out.  Closes: #633863.
  * Build-depend on debhelper 8.9.4 and bump debian/compat to 9 for
    dpkg-buildflags integration, and drop manual setting of -g -O options in
    CFLAGS now that we can let dh do it for us
  * Don't set --sbindir when calling configure; upstream takes care of this
    for us

Date: Sun, 30 Oct 2011 09:45:00 -0600
Changed-By: Steve Langasek <steve.langasek at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/precise/+source/pam/1.1.3-5ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 30 Oct 2011 09:45:00 -0600
Source: pam
Binary: libpam0g libpam-modules libpam-modules-bin libpam-runtime libpam0g-dev libpam-cracklib libpam-doc
Architecture: source
Version: 1.1.3-5ubuntu1
Distribution: precise
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Steve Langasek <steve.langasek at ubuntu.com>
Description: 
 libpam-cracklib - PAM module to enable cracklib support
 libpam-doc - Documentation of PAM
 libpam-modules - Pluggable Authentication Modules for PAM
 libpam-modules-bin - Pluggable Authentication Modules for PAM - helper binaries
 libpam-runtime - Runtime support for the PAM library
 libpam0g   - Pluggable Authentication Modules library
 libpam0g-dev - Development files for PAM
Closes: 583958 631511 633863 642952
Launchpad-Bugs-Fixed: 805423 871943
Changes: 
 pam (1.1.3-5ubuntu1) precise; urgency=low
 .
   * Merge from Debian unstable.  Remaining changes:
     - debian/libpam-modules.postinst: Add PATH to /etc/environment if it's
       not present there or in /etc/security/pam_env.conf. (should send to
       Debian).
     - debian/libpam0g.postinst: only ask questions during update-manager when
       there are non-default services running.
     - Change Vcs-Bzr to point at the Ubuntu branch.
     - debian/patches-applied/series: Ubuntu patches are as below ...
     - debian/patches-applied/ubuntu-rlimit_nice_correction: Explicitly
       initialise RLIMIT_NICE rather than relying on the kernel limits.
     - debian/patches-applied/pam_motd-legal-notice: display the contents of
       /etc/legal once, then set a flag in the user's homedir to prevent
       showing it again.
     - debian/update-motd.5, debian/libpam-modules.manpages: add a manpage
       for update-motd, with some best practices and notes of explanation.
     - debian/patches/update-motd-manpage-ref: add a reference in pam_motd(8)
       to update-motd(5)
     - debian/libpam0g.postinst: drop kdm from the list of services to
       restart.
     - debian/libpam0g.postinst: check if gdm is actually running before
       trying to reload it.
     - debian/local/common-session{,-noninteractive}: Enable pam_umask by
       default, now that the umask setting is gone from /etc/profile.
     - debian/local/pam-auth-update: Add the new md5sums for pam_umask addition.
     - add debian/patches-applied/pam_umask_usergroups_from_login.defs.patch:
       Deprecate pam_unix' explicit "usergroups" option and instead read it
       from /etc/login.def's "USERGROUP_ENAB" option if umask is only defined
       there. This restores compatibility with the pre-PAM behaviour of login.
       (Closes: #583958)
   * Dropped changes, included in Debian:
     - debian/patches-applied/CVE-2011-3148.patch
     - debian/patches-applied/CVE-2011-3149.patch
     - debian/patches-applied/update-motd: updated to use clean environment
       and absolute paths in modules/pam_motd/pam_motd.c.
   * debian/libpam0g.postinst: the init script for 'samba' is now named 'smbd'
     in Ubuntu, so fix the restart handling.
   * debian/patches-applied/update-motd: set a sane umask before calling
     run-parts, and restore the old mask afterwards, so /run/motd gets
     consistent permissions.  LP: #871943.
   * debian/patches-applied/update-motd: new module option for pam_motd,
     'noupdate', which suppresses the call to run-parts /etc/update-motd.d.
     LP: #805423.
 .
 pam (1.1.3-5) unstable; urgency=low
 .
   [ Kees Cook ]
   * debian/patches-applied/pam_unix_dont_trust_chkpwd_caller.patch: use
     setresgid() to wipe out saved-gid just in case.
   * debian/patches-applied/008_modules_pam_limits_chroot:
     - fix off-by-one when parsing configuration file.
     - when using chroot, chdir() to root to lose links to old tree.
   * debian/patches-applied/022_pam_unix_group_time_miscfixes,
     debian/patches-applied/026_pam_unix_passwd_unknown_user,
     debian/patches-applied/054_pam_security_abstract_securetty_handling:
     improve descriptions.
   * debian/patches-applied/{007_modules_pam_unix,055_pam_unix_nullok_secure}:
     drop unneeded no-op change to reduce delta from upstream.
   * debian/patches-applied/hurd_no_setfsuid: check all set*id() calls.
   * debian/patches-applied/update-motd: correctly clear environment when
     building motd.
   * debian/patches-applied/pam_env-fix-overflow.patch: fix stack overflow
     in environment file parsing (CVE-2011-3148).
   * debian/patches-applied/pam_env-fix-dos.patch: fix DoS in environment
     file parsing (CVE-2011-3149).
 .
 pam (1.1.3-4) unstable; urgency=low
 .
   * Make sure shared library links are also installed to the multiarch
     directory, not just the .a files; otherwise the static libs get found
     first by the linker.  Thanks to Russ Allbery for catching this.
     Closes: #642952.
 .
 pam (1.1.3-3) unstable; urgency=low
 .
   * Look for /etc/init.d/postgresql, not /etc/init.d/postgresql-8.{2,3},
     for service restarts; the latter are obsolete since squeeze.
     Closes: #631511.
   * Move debian/libpam0g-dev.install to debian/libpam0g-dev.install.in
     and substitute the multiarch path at build time, so our .a files go to
     the multiarch dir instead of to /usr/lib.  Thanks to Riku Voipio for
     pointing out the bug.
   * debian/control: adjust the package descriptions, as the current ones
     use some awkward language that's gone unnoticed for a long time.  Thanks
     to Martin Eberhard Schauer <Martin.E.Schauer at gmx.de> for pointing this
     out.  Closes: #633863.
   * Build-depend on debhelper 8.9.4 and bump debian/compat to 9 for
     dpkg-buildflags integration, and drop manual setting of -g -O options in
     CFLAGS now that we can let dh do it for us
   * Don't set --sbindir when calling configure; upstream takes care of this
     for us
Checksums-Sha1: 
 2e0217d94d84f595bdaad05ad694e10c4a9dd215 2244 pam_1.1.3-5ubuntu1.dsc
 57dd61e94fd2ed7dac1bc3f4a5a2f190b57fe323 287370 pam_1.1.3-5ubuntu1.diff.gz
Checksums-Sha256: 
 d8d2cfc397d227a8abeb6b01d8a45f101072473ab5fa525827eeadec05ac945c 2244 pam_1.1.3-5ubuntu1.dsc
 0826af735f3c91ef453b9ab3117f45a1972f6c593c98e318958a347def2d3a78 287370 pam_1.1.3-5ubuntu1.diff.gz
Files: 
 a8333d96ec98ce8d8c3b85d2c6c21e1f 2244 libs optional pam_1.1.3-5ubuntu1.dsc
 49d4498be247c37de0ad101e17509e42 287370 libs optional pam_1.1.3-5ubuntu1.diff.gz
Original-Maintainer: Steve Langasek <vorlon at debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIVAwUBTq1zf1aNMPMhshM9AQig4g/7BfGo6H7LxHssTN3dMpV2qm877UQyABv9
oATY8M+aetjDmMbft0orqTajgpphVWoPgr1IiM1oz6+2j0Qtx6AZ204mwg8M6loZ
hSdzT00nZUqeZl3PGbex8ZKMfxagjj7438Me83yOOXmKF4pO7Y9UCnaJwXmoxUxo
F7p75iQ1eY2okjUea9AkicQ/E934GIdVegdcAbT371KBpB6JWrc3nUDs7DRBM64D
8py/zKeGB9Yyh9OlIQR+VhX7r/KRXGxViVh1tmCGFPcvu+/EAUcmGadPVG23oynU
ErWKl/xc5XHQ3yT5Jm0x7nh3EwISHIafa6v9yx5W+2Ym/+Qa0Dd0O14lPnJ5prfy
EmqBVDZVehBzE31m01wKdYMIXNoLCxCWwp2GmzBLVH9n4ZZQfxKDuhhLr8v0cw5R
YGSUvS+tQ0xJ3RhcpnJHaqaUKJs3seKYwYwuir0KHfGrEo5xZBJ1zgbBPYrbOYzZ
KOYtIjRmM93VOQQHIlWPNuchbPvSWxeUXhTDyBYSwLcK8d+PGc9HEyr6A/V5+COy
BaYOpkvwJIYP3a1FuQJ3KOgTbSwc1PaQi4LucjP4m3EAqX3rY2Us49rjvvs8Q+TR
zE4BpBaJdmiWJCVkdUMjVREnc4D9/L1nI4epBeRhMkvk8ARZLJOu456oTLuxLd2V
5Gm1YNVwKBM=
=w4x4
-----END PGP SIGNATURE-----


More information about the Precise-changes mailing list