PAM

lp:~kirkland/pam/sbin-update-motd

Created by Dustin Kirkland  on 2013-02-14 and last modified on 2013-02-14
Get this branch:
bzr branch lp:~kirkland/pam/sbin-update-motd
Only Dustin Kirkland  can upload to this branch. If you are Dustin Kirkland  please log in for upload directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Dustin Kirkland 
Project:
PAM
Status:
Development

Recent revisions

92. By Dustin Kirkland  on 2013-02-14

install into /usr/sbin and manpages

91. By Dustin Kirkland  on 2013-02-14

* debian/copyright, debian/libpam-runtime.install, debian/update-motd,
  debian/update-motd.8:
  - add a wrapper script, such that an administrator can force a MOTD
    update on demand
  - this also helps an administrator track down failing scripts in
    /etc/update-motd.d as described in several bugs

90. By Matthias Klose on 2013-01-03

Add missing #include to fix compilation with glibc 2.16 (Daniel
Schepler) Closes: #693450.

89. By Steve Langasek on 2012-07-03

[ Nathan Williams ]
Add /usr/local/games to PATH. LP: #110287.

88. By Steve Langasek on 2012-02-08

No-change rebuild with gzip 1.4-1ubuntu2 to get multiarch-clean
compression of manpages. LP: #871083.

87. By Steve Langasek on 2012-01-28

* Merge from Debian unstable, remaining changes:
  - debian/libpam-modules.postinst: Add PATH to /etc/environment if it's
    not present there or in /etc/security/pam_env.conf. (should send to
    Debian).
  - debian/libpam0g.postinst: only ask questions during update-manager when
    there are non-default services running.
  - debian/libpam0g.postinst: check if gdm is actually running before
    trying to reload it.
  - debian/libpam0g.postinst: the init script for 'samba' is now named
    'smbd' in Ubuntu, so fix the restart handling.
  - Change Vcs-Bzr to point at the Ubuntu branch.
  - debian/patches-applied/series: Ubuntu patches are as below ...
  - debian/patches-applied/ubuntu-rlimit_nice_correction: Explicitly
    initialise RLIMIT_NICE rather than relying on the kernel limits.
  - debian/patches-applied/pam_umask_usergroups_from_login.defs.patch:
    Deprecate pam_unix' explicit "usergroups" option and instead read it
    from /etc/login.def's "USERGROUP_ENAB" option if umask is only defined
    there. This restores compatibility with the pre-PAM behaviour of login.
  - debian/patches-applied/pam_motd-legal-notice: display the contents of
    /etc/legal once, then set a flag in the user's homedir to prevent
    showing it again.
  - debian/update-motd.5, debian/libpam-modules.manpages: add a manpage
    for update-motd, with some best practices and notes of explanation.
  - debian/patches/update-motd-manpage-ref: add a reference in pam_motd(8)
    to update-motd(5)
  - debian/local/common-session{,-noninteractive}: Enable pam_umask by
    default, now that the umask setting is gone from /etc/profile.
  - debian/local/pam-auth-update: Add the new md5sums for pam_umask addition.
  - Build-depend on libfl-dev in addition to flex, for cross-building
    support.

86. By Steve Langasek on 2011-11-07

* Merge from Debian unstable. Remaining changes:
  - debian/libpam-modules.postinst: Add PATH to /etc/environment if it's
    not present there or in /etc/security/pam_env.conf. (should send to
    Debian).
  - debian/libpam0g.postinst: only ask questions during update-manager when
    there are non-default services running.
  - debian/libpam0g.postinst: check if gdm is actually running before
    trying to reload it.
  - debian/libpam0g.postinst: the init script for 'samba' is now named
    'smbd' in Ubuntu, so fix the restart handling.
  - Change Vcs-Bzr to point at the Ubuntu branch.
  - debian/patches-applied/series: Ubuntu patches are as below ...
  - debian/patches-applied/ubuntu-rlimit_nice_correction: Explicitly
    initialise RLIMIT_NICE rather than relying on the kernel limits.
  - debian/patches-applied/pam_umask_usergroups_from_login.defs.patch:
    Deprecate pam_unix' explicit "usergroups" option and instead read it
    from /etc/login.def's "USERGROUP_ENAB" option if umask is only defined
    there. This restores compatibility with the pre-PAM behaviour of login.
  - debian/patches-applied/pam_motd-legal-notice: display the contents of
    /etc/legal once, then set a flag in the user's homedir to prevent
    showing it again.
  - debian/update-motd.5, debian/libpam-modules.manpages: add a manpage
    for update-motd, with some best practices and notes of explanation.
  - debian/patches/update-motd-manpage-ref: add a reference in pam_motd(8)
    to update-motd(5)
  - debian/local/common-session{,-noninteractive}: Enable pam_umask by
    default, now that the umask setting is gone from /etc/profile.
  - debian/local/pam-auth-update: Add the new md5sums for pam_umask addition.
* Dropped changes, included in Debian:
  - debian/patches-applied/update-motd: set a sane umask before calling
    run-parts, and restore the old mask afterwards, so /run/motd gets
    consistent permissions.
  - debian/patches-applied/update-motd: new module option for pam_motd,
    'noupdate', which suppresses the call to run-parts /etc/update-motd.d.
  - debian/libpam0g.postinst: drop kdm from the list of services to
    restart.
* Build-depend on libfl-dev in addition to flex, for cross-building
  support.

85. By Colin Watson on 2011-11-01

Rebuild with dpkg 1.16.1.1ubuntu2 to restore large file support.

84. By Steve Langasek on 2011-10-30

* Merge from Debian unstable. Remaining changes:
  - debian/libpam-modules.postinst: Add PATH to /etc/environment if it's
    not present there or in /etc/security/pam_env.conf. (should send to
    Debian).
  - debian/libpam0g.postinst: only ask questions during update-manager when
    there are non-default services running.
  - Change Vcs-Bzr to point at the Ubuntu branch.
  - debian/patches-applied/series: Ubuntu patches are as below ...
  - debian/patches-applied/ubuntu-rlimit_nice_correction: Explicitly
    initialise RLIMIT_NICE rather than relying on the kernel limits.
  - debian/patches-applied/pam_motd-legal-notice: display the contents of
    /etc/legal once, then set a flag in the user's homedir to prevent
    showing it again.
  - debian/update-motd.5, debian/libpam-modules.manpages: add a manpage
    for update-motd, with some best practices and notes of explanation.
  - debian/patches/update-motd-manpage-ref: add a reference in pam_motd(8)
    to update-motd(5)
  - debian/libpam0g.postinst: drop kdm from the list of services to
    restart.
  - debian/libpam0g.postinst: check if gdm is actually running before
    trying to reload it.
  - debian/local/common-session{,-noninteractive}: Enable pam_umask by
    default, now that the umask setting is gone from /etc/profile.
  - debian/local/pam-auth-update: Add the new md5sums for pam_umask addition.
  - add debian/patches-applied/pam_umask_usergroups_from_login.defs.patch:
    Deprecate pam_unix' explicit "usergroups" option and instead read it
    from /etc/login.def's "USERGROUP_ENAB" option if umask is only defined
    there. This restores compatibility with the pre-PAM behaviour of login.
    (Closes: #583958)
* Dropped changes, included in Debian:
  - debian/patches-applied/CVE-2011-3148.patch
  - debian/patches-applied/CVE-2011-3149.patch
  - debian/patches-applied/update-motd: updated to use clean environment
    and absolute paths in modules/pam_motd/pam_motd.c.
* debian/libpam0g.postinst: the init script for 'samba' is now named 'smbd'
  in Ubuntu, so fix the restart handling.
* debian/patches-applied/update-motd: set a sane umask before calling
  run-parts, and restore the old mask afterwards, so /run/motd gets
  consistent permissions. LP: #871943.
* debian/patches-applied/update-motd: new module option for pam_motd,
  'noupdate', which suppresses the call to run-parts /etc/update-motd.d.
  LP: #805423.

83. By Marc Deslauriers on 2011-10-18

* SECURITY UPDATE: possible code execution via incorrect environment file
  parsing (LP: #874469)
  - debian/patches-applied/CVE-2011-3148.patch: correctly count leading
    whitespace when parsing environment file in modules/pam_env/pam_env.c.
  - CVE-2011-3148
* SECURITY UPDATE: denial of service via overflowed environment variable
  expansion (LP: #874565)
  - debian/patches-applied/CVE-2011-3149.patch: when overflowing, exit
    with PAM_BUF_ERR in modules/pam_env/pam_env.c.
  - CVE-2011-3149
* SECURITY UPDATE: code execution via incorrect environment cleaning
  - debian/patches-applied/update-motd: updated to use clean environment
    and absolute paths in modules/pam_motd/pam_motd.c.
  - CVE-2011-XXXX

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
This branch contains Public information 
Everyone can see this information.