lp:debian/stretch/libpam-krb5

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

29. By Russ Allbery on 2015-04-26

* Upload to unstable.
* Refresh upstream signing key.
* Add debian/gbp.conf reflecting the branch layout of the default
  packaging repository.

28. By Russ Allbery on 2014-04-13

* Drop version qualifications on Build-Depends that are satisfied by
  stable. Drop version qualifications on Depends that are satisfied by
  oldstable.
* Add the upstream release signing key and verify it in debian/watch.
* Prefer *.tar.xz in debian/watch to match packaging.
* Convert debian/copyright to copyright-format 1.0.
* Specify the Debian packaging branch in the Vcs-Git control field.
* Update standards version to 3.9.5 (no changes required).

27. By Russ Allbery on 2013-06-23

* Apply upstream patch to add AM_PROG_AR to configure.ac, now apparently
  required by Automake for the binutils in unstable. (Closes: #713296)
* Apply upstream patch to build with largefile support. This is
  probably pointless for this module, but consistency is good.
* Canonicalize the Vcs-Git and Vcs-Browser URLs.
* Update standards version to 3.9.4 (no changes required).

26. By Russ Allbery on 2012-06-02

* New upstream release.
  - New anon_fast option to attempt anonymous authentication and use
    those credentials to provide FAST armor. (Closes: #626509)
  - New user_realm option to set the realm for unqualified user
    principals without changing the default realm for all other
    operations.
  - New no_prompt option to suppress PAM prompting in favor of letting
    the Kerberos library handle it. (Closes: #626506)
  - New silent option that duplicates the behavior of PAM_SILENT.
  - New trace option for preliminary support of Kerberos trace logging.
  - Fix the doubled colon in password prompts from Heimdal.
  - Preserve the realm of the authentication identity when forming an
    alt_auth_map identity.
  - Allow the alt_auth_map format to contain a realm to force all mapped
    principals to be in that realm.
  - Avoid a NULL pointer dereference if krb5_init_context fails.
    (LP: #998525)
  - Close memory leaks in search_k5login and alt_auth_map.
  - Suppress bogus error messages about the realm option.
  - Retry authentication under try_first_pass for several other error
    conditions.
* Regenerate the Autotools build system with dh-autoreconf.
* Add krb5-config to Build-Depends so that the test programs don't abort
  with errors about not having a Kerberos configuration.
* Switch to xz compression for the upstream and Debian tarballs.
* Enable parallel builds.
* Update standards version to 3.9.3 (no changes required).

25. By Russ Allbery on 2012-02-04

* Enable bindnow hardening flags and fix the syntax of the
  DEB_BUILD_MAINT_OPTIONS setting.
* Bump debhelper dependency to 9 now that compatibility mode V9 is no
  longer experimental.
* Move single-debian-patch to local-options and patch-header to
  local-patch-header so that they only apply to the packages I build and
  NMUs get regular version-numbered patches.

24. By Russ Allbery on 2012-01-03

Fix build rule to not override CPPFLAGS, which deactivates some of the
options passed in by dpkg-buildflags. Instead, use --with-krb5-lib
and --with-krb5-include to locate the Kerberos headers and libraries.
Thanks, Moritz Muehlenhoff. (Closes: #654293)

23. By Russ Allbery on 2011-12-26

Cherry-pick upstream patch to fix initialization of krb5_deltat
defaults on systems where krb5_deltat is not a long. Should fix FTBFS
on s390x.

22. By Russ Allbery on 2011-12-24

* New upstream release.
  - The temporary root-only ticket cache is now stored relative to
    ccache_dir rather than hard-coded to be in /tmp.
  - Suppress the notice that the password is being changed because it's
    expired if force_first_pass or use_first_pass are set in the
    password stack.
  - Confirm the password can get kadmin/changepw credentials before
    returning the status code indicating it's expired, working around a
    bug in old Heimdal versions that return expired even for incorrect
    passwords.
  - Better error reporting of authorization (such as .k5login) failures.
  - Prefer the change password protocol when linked with MIT libraries
    for better compatibility with older KDCs.
  - Improve logging and authorization when defer_pwchange is set.
  - Close some memory leaks.
  - Report symbolic names of PAM flags in debug logging.
* Enable compiler hardening flags.
* Remove "v5" from the long description. Kerberos v5 has been the
  default version of Kerberos for over ten years.

21. By Russ Allbery on 2011-09-26

* Change the pam-auth-update configuration to skip remaining password
  stack by default modules if the Kerberos password change succeeds.
  This is more useful behavior for the common case of Kerberos accounts
  not having local passwords. See README.Debian.gz for information
  about how to synchronize Kerberos and local passwords. (LP: #826989)
* Update README.Debian.gz documentation with more current options for
  pam_unix and document password synchronization configuration.
* Convert to multiarch. Depend on the multiarch version of libpam0g,
  install the modules into the multiarch version of /lib/security, and
  declare the packages Multi-Arch: same.
* Update to debhelper compatibility level V9 (experimental).
  - Build-Depend on debhelper 8.9.4 or later for hardening flags.
  - Add Pre-Depends: ${misc:Pre-Depends}.
* Update standards version to 3.9.2 (no changes required).
* Fix formal name of the GPL in debian/copyright. (This will also be
  done upstream in the next release.)

20. By Russ Allbery on 2011-09-25

* Add the architecture to the library path for heimdal-multidev and
  krb5-multidev since the *.so symlinks were moved in 1.5.dfsg.1-1 and
  1.9.1+dfsg-2 respectively. (Closes: #642688)
* Tighten build dependencies on heimdal-multidev and krb5-multidev
  accordingly.