lp:ubuntu/intrepid-updates/pam

Created by James Westby and last modified
Get this branch:
bzr branch lp:ubuntu/intrepid-updates/pam
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Development

Recent revisions

44. By Steve Langasek

When no profiles are chosen in pam-auth-update, throw an error message
and prompt again instead of letting the user end up with an insecure
system. This introduces a new debconf template. LP: #410171.

43. By Steve Langasek

* debian/libpam0g.postinst: change 'cupsys' to 'cups' in the list of
  default desktop services that are ignored in deciding whether to prompt
  for service restarts on upgrade. Partially addresses LP #278117.
* debian/libpam0g.postinst: also filter out samba, which may be installed
  on the desktop to enable filesharing.
* debian/libpam-cracklib.prerm, debian/libpam-runtime.prerm: add the
  ubiquitous debhelper tokens (currently a no-op)
* pam-auth-update: Use -Initial only for the first profile, even when
  there's no explicit -Initial config for that first profile
* fix common-session/common-password to use the same overall stack
  structure as auth/account, so that we get the correct behavior when
  all password modules fail. LP: #272232.

42. By Steve Langasek

Fix a bug in the parser that caused spewing of errors when there
were more lines in the config file following the managed block.
LP: #270328.

41. By Steve Langasek

Fix up the code that saves state to /var/lib/pam, so that it matches
what's expected by the code which later compares the saved and active
profiles in the case that there are both primary and additional
modules present.

40. By Steve Langasek

Brown paper bag bug: fix a missing comma in pam-auth-update.

39. By Steve Langasek

* Merge from Debian unstable
* Remaining changes:
  - debian/libpam-modules.postinst: Add PATH to /etc/environment if it's not
    present there or in /etc/security/pam_env.conf. (should send to Debian).
  - debian/libpam0g.postinst: only ask questions during update-manager when
    there are non-default services running.
  - debian/patches-applied/series: Ubuntu patches are as below ...
  - debian/patches-applied/ubuntu-fix_standard_types: Use standard u_int8_t
    type rather than __u8.
  - debian/patches-applied/ubuntu-no-error-if-missingok: add a new, magic
    module option 'missingok' which will suppress logging of errors by
    libpam if the module is not found.
  - debian/patches-applied/ubuntu-regression_fix_securetty: prompt for
    password on bad username.
  - debian/patches-applied/ubuntu-rlimit_nice_correction: Explicitly
    initialise RLIMIT_NICE rather than relying on the kernel limits.
  - debian/patches-applied/ubuntu-user_defined_environment: Look at
    ~/.pam_environment too, with the same format as
    /etc/security/pam_env.conf. (Originally patch 100; converted to quilt.)
  - Change Vcs-Bzr to point at the Ubuntu branch.
  - debian/local/pam-auth-update (et al): new interface for managing
    /etc/pam.d/common-*, using drop-in config snippets provided by module
    packages.
  - debian/local/common-password, debian/pam-configs/unix: switch from
    "md5" to "sha512" as password crypt default.
* Bump the version numbers referenced in the config files, again, as pam
  has revved in Debian and moved the bar.
* debian/pam-config/*: refine the password profiles to use a 'primary'
  block, to better parallel the auth structure.
* Drop '-Final' from the field names in /usr/share/pam-configs, supporting
  these field names for backwards compatibility only
* Bump the dependency version requirement to 1.0.1-4ubuntu1 for the above
  change

38. By Steve Langasek

[ Steve Langasek ]
* Never remove the .pam-old files; just avoid creating them if --force isn't
  set.
* Add a manpage for pam-auth-update.
* Automatically upgrade the boilerplate for /etc/pam.d/common-* if we
  detect that they have not been locally modified.

[ Kees Cook ]
* debian/local/common-password, debian/pam-configs/unix: switch from "md5"
  to "sha512" as password crypt default.

37. By Steve Langasek

If two profiles have the same Priority, sort by the profile name to
ensure a complete sort so we can filter out all the duplicates from the
list and not write out broken configs. LP: #260371.

36. By Steve Langasek

* s/pam-auth-config/pam-auth-update/ in the source, I can't seem to get
  this name consistent to save my life - I'm starting to think I named it
  wrong...
* Fix the regex used when suppressing jump counts when reading the saved
  config, so that we don't clobber module options with numbers in them.
* If the target doesn't already exist, don't try to copy it.
* Filter the config list to exclude configs that no longer exist.
  LP: #260122.
* Avoid unnecessary sort/grep in the case where we already have a sorted
  list.
* Implement pam-auth-update --remove, for use in package prerms when called
  with "remove".

35. By Steve Langasek

* debian/local/common-session: the session stack needs to be handled the
  same way as the password stack, with the possibility of zero primary
  modules; required to fix build failures on the Ubuntu buildds due to
  su not being able to open sessions by default. LP: #259867.
* debian/libpam-runtime.postinst: when upgrading from the broken
  1.0.1-2ubuntu1 version, manually edit /etc/pam.d/common-session to
  recover.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/karmic/pam
This branch contains Public information 
Everyone can see this information.

Subscribers