PAM

~roguescholar/pam/+git/upstream:ldv/ci

  1. Git
  2. lp:~roguescholar/pam/+git/upstream
  3. ldv/ci
Last commit made on 2023-04-04
Get this branch:
git clone -b ldv/ci https://git.launchpad.net/~roguescholar/pam/+git/upstream

Branch merges

Branch information

Name:
ldv/ci
Repository:
lp:~roguescholar/pam/+git/upstream

Recent commits

261b21c... by "Dmitry V. Levin" <email address hidden>

ci: add --disable-nis jobs to the ci matrix

b6011a2... by "Dmitry V. Levin" <email address hidden>

treewide: fix unnecessary $ on arithmetic variables

This should fix shellcheck warning SC2004.

b7ba550... by "Dmitry V. Levin" <email address hidden>

pgp.keys.asc: update

* pgp.keys.asc: Replace with the key used to sign v1.5.2.

Resolves: https://github.com/linux-pam/linux-pam/issues/544

8db48b0... by Iker Pedrosa <email address hidden>

pam_timestamp: fix build failure

bcba17939e1b1a568cd4a764534cde74d37078cc started using pam_overwrite_n()
without providing the definition to this function, which causes a build
failure.

modules/pam_timestamp/hmac_openssl_wrapper.c: include pam_inline.h

Signed-off-by: Iker Pedrosa <email address hidden>

fce804e... by A S Alam <email address hidden>

po: update translations using Weblate (Punjabi)

Currently translated at 100.0% (101 of 101 strings).

Translate-URL: https://translate.fedoraproject.org/projects/linux-pam/master/pa/

34b062d... by Thorsten Kukuk <email address hidden>

manual pages: document usage of $DISPLAY and PAM_TTY

man/pam_item_types_std.inc.xml: In the past, PAM_TTY was used for tty
devices and $DISPLAY variables for X-based applications. With the
introduction of PAM_DISPLAY PAM_TTY should only be used for devices.

f26d873... by =?utf-8?q?Christian_G=C3=B6ttsche?= <email address hidden>

libpam: simplify string copying using strdup

bcba179... by =?utf-8?q?Christian_G=C3=B6ttsche?= <email address hidden>

modules: make use of secure memory erasure

Use empty initialization of structs to minimize the memset() usage, to
reduce the amount of calls which are not sensitive.

Non trivial changes:

- pam_env:
  * erase environment variables where possible

- pam_exec:
  * erase responce on error
  * erase auth token

- pam_pwhistory:
  * erase buffers containing old passwords

- pam_selinux: skip overwriting data structure consisting of only
  pointers to insensitive data, which also gets free'd afterwards (so
  it currently does not protect against double-free or use-after-free on
  the member pointers)

- pam_unix: erase cipher data in more places

- pam_userdb: erase password hashes

87ff7a1... by =?utf-8?q?Christian_G=C3=B6ttsche?= <email address hidden>

libpamc: make use of secure memory erasure

dd733a5... by =?utf-8?q?Christian_G=C3=B6ttsche?= <email address hidden>

libpam_misc: make use of secure memory erasure