lp:ubuntu/hardy-security/pam
- Get this branch:
- bzr branch lp:ubuntu/hardy-security/pam
Branch merges
Branch information
Recent revisions
- 30. By Marc Deslauriers
-
* SECURITY UPDATE: possible code execution via incorrect environment file
parsing (LP: #874469)
- debian/patches- applied/ CVE-2011- 3148.patch: correctly count leading
whitespace when parsing environment file in
Linux-PAM/modules/ pam_env/ pam_env. c.
- CVE-2011-3148
* SECURITY UPDATE: denial of service via overflowed environment variable
expansion (LP: #874565)
- debian/patches- applied/ CVE-2011- 3149.patch: when overflowing, exit
with PAM_BUF_ERR in Linux-PAM/modules/ pam_env/ pam_env. c.
- CVE-2011-3149 - 29. By Marc Deslauriers
-
* SECURITY REGRESSION:
- debian/patches/ security- dropprivs. patch: updated patch to preserve
ABI and prevent daemons from needing to be restarted. (LP: #790538)
- debian/patches/ autoconf. patch: refreshed - 28. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service or privilege escalation via
non-ASCII usernames
- debian/patches/ CVE-2009- 0887.patch: fix signedness error in
Linux-PAM/libpam/ pam_misc. c.
- CVE-2009-0887
* SECURITY UPDATE: multiple issues with lack of adequate privilege
dropping
- debian/patches/ security- dropprivs. patch: introduce new privilege
dropping code in libpam/pam_modutil_ priv.c, libpam/Makefile.*,
libpam/include/ security/ pam_modutil. h, libpam/libpam.map,
modules/pam_env/ pam_env. c, modules/ pam_mail/ pam_mail. c,
modules/pam_xauth/ pam_xauth. c.
- CVE-2010-3316
- CVE-2010-3430
- CVE-2010-3431
- CVE-2010-3435
- CVE-2010-4706
- CVE-2010-4707
* SECURITY UPDATE: privilege escalation via incorrect environment
- debian/patches/ CVE-2010- 3853.patch: use clean environment in
modules/pam_namespace/ pam_namespace. c.
- CVE-2010-3853
* debian/patches- applied/ series: disable hurd_no_setfsuid patch, as it
isn't needed for Ubuntu, and it needs to be rewritten to work with the
massive privilege refactoring in the security patches.
* debian/control: added Pre-Depends to libpam-modules so it won't get
updated without pulling in the updated libpam0g. - 27. By Steve Langasek
-
debian/
local/common- {auth,password} , debian/ libpam- runtime. postinst:
Add pam_smbpass as an optional module in the stack, to keep NTLM
passwords (for filesharing) in sync with the main system passwords on a
best-effort basis. LP: #208419. - 26. By Martin Pitt
-
debian/
local/common- session: Drop libpam-foreground. It's gone for good,
and we do not want this in the PAM config for new installations, since it
just spams syslog with error messages. (LP: #198714) - 25. By Caleb Case <email address hidden>
-
ubuntu-
pam_selinux_ seusers: patch pam_selinux to correctly support
seusers (backported from changes in PAM 0.99.8). Without this patch
login will not get correct security context when using libselinux
>= 1.27.2 (LP: #187822). - 24. By Martin Pitt
-
Temporarily reenable libpam-foreground in common-session again, until
dbus' at_console policy works with ConsoleKit. - 23. By Martin Pitt
-
* debian/
local/common- session{ ,.md5sums} , debian/control: Drop
libpam-foreground, superseded by ConsoleKit integration into hal.
* debian/control: Build against libdb4.6 again. This drops this Debian delta
and 4.6 is our target version in Hardy. - 22. By Steve Langasek
-
* Resynchronise with Debian. Remaining changes:
- debian/control, debian/local/common- session{ ,md5sums} : use
libpam-foreground for session management.
- debian/rules: install unix_chkpwd setgid shadow instead of setuid root.
The nis package handles overriding this as necessary.
- debian/libpam- modules. postinst: Add PATH to /etc/environment if it's not
present there or in /etc/security/pam_env. conf.
- debian/patches- applied/ ubuntu- fix_standard_ types: Use standard u_int8_t
type rather than __u8.
- debian/patches- applied/ ubuntu- rlimit_ nice_correction : Explicitly
initialise RLIMIT_NICE rather than relying on the kernel limits. Bound
RLIMIT_NICE from below as well as from above. Fix off-by-one error when
converting RLIMIT_NICE to the range of values used by the kernel.
(Originally patch 101; converted to quilt.)
- debian/patches- applied/ ubuntu- user_defined_ environment: Look at
~/.pam_environment too, with the same format as
/etc/security/ pam_env. conf. (Originally patch 100; converted to quilt.)
- debian/patches- applied/ ubuntu- regression_ fix_securetty: securetty's
earlier behavior would correctly prompt for password on bad usernames
(LP: #139075).
- Build using db4.5 instead of db4.6.
- debian/libpam0g. postinst: only ask questions during update-manager when
there are non-default services running (LP: #141309).
* debian/libpam0g. postinst: don't display a debconf warning about display
managers that need restarting when update-manager is running, instead
signal to update-notifier if a reboot is required.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/oneiric/pam