Created by James Westby and last modified
Get this branch:
bzr branch lp:debian/pam
Members of Ubuntu branches can upload to this branch. Log in for directions.

Related bugs

Related blueprints

Branch information

Ubuntu branches

Recent revisions

35. By Michael Gilbert <email address hidden>

* Non-maintainer upload by the Security Team.
* Fix CVE-2013-7041: case-insensitive comparison used for verifying
  passwords in the pam_userdb module (closes: #731368).
* Fix CVE-2014-2583: multiple directory traversal issues in the
  pam_timestamp module (closes: 757555)

34. By Steve Langasek

debian/rules: On hurd, link libpam explicitly with -lpthread since glibc
will not dynamically switch between the libc stubs and the libpthread
implementations on this architecture. Thanks to Samuel Thibault for the
patch. Closes: #743891.

33. By Steve Langasek

Mark the libaudit-dev build-dependency linux-any, since it's not
available on non-Linux archs. Closes: #737035.

32. By Steve Langasek

* New upstream release.
  - includes upstream changes to pam_exec. Closes: #670147.
  - adds support for newer hashing algorithms to pam_userdb.
    Closes: #671740.
  - fixes handling of 'quiet' argument to pam_listfile, to match the
    documentation. Closes: #592219.
  - fixes handling of @users@@hosts netgroup syntax in access.conf.
    Closes: #681223.
  - fixes installation of the /etc/security/namespace.d directory.
    Closes: #710998.
  - 027_pam_limits_better_init_allow_explicit_root: support for reading
    /proc/1/limits is upstream, this patch now only handles the policy
    of resetting limits by default and not applying glob limits to root.
  - debian/patches/fix-manpage-crud: drop, manpages now being generated
    upstream with a newer, fixed xsltproc.
  - debian/patches/pam_env-fix-overflow.patch, pam_env-fix-dos.patch,
    glibc-2_16-compilation-fix.patch, sys-types-include.patch: drop,
    included upstream.
* Add build-dependency on pkg-config.
* Ensure autogenerated files are after source files in all relevant patches,
  so that regenerating documentation doesn't cause build skew.
* Drop the --disable-regenerate-docu argument, restoring the HTML manuals
  to the libpam-doc package. Closes: #700485.
* No need to override dh_compress in debian/rules, it already handles .html
  files correctly.
* debian/libpam-cracklib.prerm: use $DPKG_MAINTSCRIPT_PACKAGE_COUNT to avoid
  prematurely removing the PAM config when the package is installed for
  multiple architectures. Closes: #647428.

31. By Steve Langasek

[ Wookey ]
* Disable libaudit for stage1 bootstrap.

[ Steve Langasek ]
* debian/patches-applied/pam-loginuid-in-containers: pam_loginuid:
  Ignore failure in user namespaces.
* Use [linux-any] in build-deps, instead of hard-coding a list of
  non-Linux archs. Closes: #634516.

30. By Steve Langasek

* Fix pam-auth-update handling of trailing blank lines in the fields of
  profiles. LP: #1160288.
* Reintroduce libaudit support now that libaudit has been multiarched.
  Closes: #699159.

29. By Steve Langasek

* Revert libaudit support for now, because libaudit isn't multiarched yet
  in unstable so this regresses cross-installability. Reopens bug
* Add an or'ed dependency on cdebconf, which also implements the
  xloadtemplatefile extension that prevents us from depending on just
  'debconf-2.0'. Thanks to Régis Boudin <email address hidden> for the info.
  Closes: #677278.

28. By Steve Langasek

* Confirm NMU for bug #611136; thanks to Michael Gilbert.
  - As a side effect, there will no longer be errors from reading the
    .pam_environment twice since we are now reading it 0 times.
    LP: #955032.
* Adjust the pam_env documentation to match the module behavior resulting
  from the previous security upload. Closes: #693995.
* debian/rules: never regenerate manpages at build time; this may cause
  build skew that breaks the world in a multiarch context. LP: #1095887.
* debian/patches-applied/glibc-2_16-compilation-fix.patch: fix missing
  include causing build failure with eglibc 2.16. Thanks to Daniel
  Schepler <email address hidden>. Closes: #693450.
* Ditch autoconf patch in favor of a build-dependency on dh-autoreconf,
  which will let us keep up-to-date with newer autotools. In the present
  instance, this gets us aarch64 support.
* Install pam_timestamp_check - and while we're at it, move the manpage
  to the correct binary package. Closes: #648695.
* Update lintian overrides to suppress some noise about hardening and
* Enable audit support, by popular demand. This should have no major
  impact unless you're also running auditd; but I reserve the right to
  disable this again in the event that this causes a performance hit or
  breaks upgrades (since the dependency is pulled into libpam, not just
  into pam_tty_audit). Closes: #699159, LP: #937005.

27. By Michael Gilbert <email address hidden>

* Non-maintainer upload.
* Fix cve-2011-4708: user-configurable .pam_environment allows
  administrator-level changes without root access (closes: #611136).

26. By Steve Langasek

* Updated debconf translations:
  - Danish, thanks to Joe Dalton <email address hidden> (closes: #648382)
  - French, thanks to Jean-Baka Domelevo Entfellner <email address hidden>
    (closes: #649850)
  - Dutch, thanks to Jeroen Schot <email address hidden>
    (closes: #650755)
  - Russian, thanks to Yuri Kozlov <email address hidden> (closes: #650867)
  - Portuguese, thanks to Pedro Ribeiro <email address hidden>
    (closes: #652493)
  - German, thanks to Sven Joachim <email address hidden> (closes: #653407)
  - Spanish, thanks to Javier Fernandez-Sanguino Peña <email address hidden>
    (closes: #654043)
  - Bulgarian, thanks to Damyan Ivanov <email address hidden> (closes: #656518)
  - Slovak, thanks to Ivan Masár <email address hidden> (closes: #656521)
  - Japanese, thanks to Kenshi Muto <email address hidden> (closes: #656834)
  - Polish, thanks to Michał Kułach <email address hidden>
    (closes: #657476)
  - Catalan, thanks to Innocent De Marchi <email address hidden>
    (closes: #657489)
  - Czech, thanks to Miroslav Kure <email address hidden>
    (closes: #657578)
  - Swedish, thanks to Martin Bagge <email address hidden> (closes: #651349)

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
This branch contains Public information 
Everyone can see this information.