lp:ubuntu/intrepid-security/pam
- Get this branch:
- bzr branch lp:ubuntu/intrepid-security/pam
Branch merges
Branch information
Recent revisions
- 44. By Steve Langasek
-
When no profiles are chosen in pam-auth-update, throw an error message
and prompt again instead of letting the user end up with an insecure
system. This introduces a new debconf template. LP: #410171. - 43. By Steve Langasek
-
* debian/
libpam0g. postinst: change 'cupsys' to 'cups' in the list of
default desktop services that are ignored in deciding whether to prompt
for service restarts on upgrade. Partially addresses LP #278117.
* debian/libpam0g. postinst: also filter out samba, which may be installed
on the desktop to enable filesharing.
* debian/libpam- cracklib. prerm, debian/ libpam- runtime. prerm: add the
ubiquitous debhelper tokens (currently a no-op)
* pam-auth-update: Use -Initial only for the first profile, even when
there's no explicit -Initial config for that first profile
* fix common-session/ common- password to use the same overall stack
structure as auth/account, so that we get the correct behavior when
all password modules fail. LP: #272232. - 42. By Steve Langasek
-
Fix a bug in the parser that caused spewing of errors when there
were more lines in the config file following the managed block.
LP: #270328. - 41. By Steve Langasek
-
Fix up the code that saves state to /var/lib/pam, so that it matches
what's expected by the code which later compares the saved and active
profiles in the case that there are both primary and additional
modules present. - 39. By Steve Langasek
-
* Merge from Debian unstable
* Remaining changes:
- debian/libpam- modules. postinst: Add PATH to /etc/environment if it's not
present there or in /etc/security/pam_env. conf. (should send to Debian).
- debian/libpam0g. postinst: only ask questions during update-manager when
there are non-default services running.
- debian/patches- applied/ series: Ubuntu patches are as below ...
- debian/patches- applied/ ubuntu- fix_standard_ types: Use standard u_int8_t
type rather than __u8.
- debian/patches- applied/ ubuntu- no-error- if-missingok: add a new, magic
module option 'missingok' which will suppress logging of errors by
libpam if the module is not found.
- debian/patches- applied/ ubuntu- regression_ fix_securetty: prompt for
password on bad username.
- debian/patches- applied/ ubuntu- rlimit_ nice_correction : Explicitly
initialise RLIMIT_NICE rather than relying on the kernel limits.
- debian/patches- applied/ ubuntu- user_defined_ environment: Look at
~/.pam_environment too, with the same format as
/etc/security/ pam_env. conf. (Originally patch 100; converted to quilt.)
- Change Vcs-Bzr to point at the Ubuntu branch.
- debian/local/pam- auth-update (et al): new interface for managing
/etc/pam.d/common- *, using drop-in config snippets provided by module
packages.
- debian/local/common- password, debian/ pam-configs/ unix: switch from
"md5" to "sha512" as password crypt default.
* Bump the version numbers referenced in the config files, again, as pam
has revved in Debian and moved the bar.
* debian/pam-config/ *: refine the password profiles to use a 'primary'
block, to better parallel the auth structure.
* Drop '-Final' from the field names in /usr/share/pam-configs, supporting
these field names for backwards compatibility only
* Bump the dependency version requirement to 1.0.1-4ubuntu1 for the above
change - 38. By Steve Langasek
-
[ Steve Langasek ]
* Never remove the .pam-old files; just avoid creating them if --force isn't
set.
* Add a manpage for pam-auth-update.
* Automatically upgrade the boilerplate for /etc/pam.d/common-* if we
detect that they have not been locally modified.[ Kees Cook ]
* debian/local/common- password, debian/ pam-configs/ unix: switch from "md5"
to "sha512" as password crypt default. - 37. By Steve Langasek
-
If two profiles have the same Priority, sort by the profile name to
ensure a complete sort so we can filter out all the duplicates from the
list and not write out broken configs. LP: #260371. - 36. By Steve Langasek
-
* s/pam-auth-
config/ pam-auth- update/ in the source, I can't seem to get
this name consistent to save my life - I'm starting to think I named it
wrong...
* Fix the regex used when suppressing jump counts when reading the saved
config, so that we don't clobber module options with numbers in them.
* If the target doesn't already exist, don't try to copy it.
* Filter the config list to exclude configs that no longer exist.
LP: #260122.
* Avoid unnecessary sort/grep in the case where we already have a sorted
list.
* Implement pam-auth-update --remove, for use in package prerms when called
with "remove". - 35. By Steve Langasek
-
* debian/
local/common- session: the session stack needs to be handled the
same way as the password stack, with the possibility of zero primary
modules; required to fix build failures on the Ubuntu buildds due to
su not being able to open sessions by default. LP: #259867.
* debian/libpam- runtime. postinst: when upgrading from the broken
1.0.1-2ubuntu1 version, manually edit /etc/pam.d/common- session to
recover.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/karmic/pam