lp:ubuntu/precise/pam
- Get this branch:
- bzr branch lp:ubuntu/precise/pam
Branch merges
Related bugs
Related blueprints
Branch information
- Owner:
- Ubuntu branches
- Status:
- Mature
Recent revisions
- 88. By Steve Langasek
-
No-change rebuild with gzip 1.4-1ubuntu2 to get multiarch-clean
compression of manpages. LP: #871083. - 87. By Steve Langasek
-
* Merge from Debian unstable, remaining changes:
- debian/libpam- modules. postinst: Add PATH to /etc/environment if it's
not present there or in /etc/security/pam_env. conf. (should send to
Debian).
- debian/libpam0g. postinst: only ask questions during update-manager when
there are non-default services running.
- debian/libpam0g. postinst: check if gdm is actually running before
trying to reload it.
- debian/libpam0g. postinst: the init script for 'samba' is now named
'smbd' in Ubuntu, so fix the restart handling.
- Change Vcs-Bzr to point at the Ubuntu branch.
- debian/patches- applied/ series: Ubuntu patches are as below ...
- debian/patches- applied/ ubuntu- rlimit_ nice_correction : Explicitly
initialise RLIMIT_NICE rather than relying on the kernel limits.
- debian/patches- applied/ pam_umask_ usergroups_ from_login. defs.patch:
Deprecate pam_unix' explicit "usergroups" option and instead read it
from /etc/login.def's "USERGROUP_ENAB" option if umask is only defined
there. This restores compatibility with the pre-PAM behaviour of login.
- debian/patches- applied/ pam_motd- legal-notice: display the contents of
/etc/legal once, then set a flag in the user's homedir to prevent
showing it again.
- debian/update- motd.5, debian/ libpam- modules. manpages: add a manpage
for update-motd, with some best practices and notes of explanation.
- debian/patches/ update- motd-manpage- ref: add a reference in pam_motd(8)
to update-motd(5)
- debian/local/common- session{ ,-noninteractiv e}: Enable pam_umask by
default, now that the umask setting is gone from /etc/profile.
- debian/local/pam- auth-update: Add the new md5sums for pam_umask addition.
- Build-depend on libfl-dev in addition to flex, for cross-building
support. - 86. By Steve Langasek
-
* Merge from Debian unstable. Remaining changes:
- debian/libpam- modules. postinst: Add PATH to /etc/environment if it's
not present there or in /etc/security/pam_env. conf. (should send to
Debian).
- debian/libpam0g. postinst: only ask questions during update-manager when
there are non-default services running.
- debian/libpam0g. postinst: check if gdm is actually running before
trying to reload it.
- debian/libpam0g. postinst: the init script for 'samba' is now named
'smbd' in Ubuntu, so fix the restart handling.
- Change Vcs-Bzr to point at the Ubuntu branch.
- debian/patches- applied/ series: Ubuntu patches are as below ...
- debian/patches- applied/ ubuntu- rlimit_ nice_correction : Explicitly
initialise RLIMIT_NICE rather than relying on the kernel limits.
- debian/patches- applied/ pam_umask_ usergroups_ from_login. defs.patch:
Deprecate pam_unix' explicit "usergroups" option and instead read it
from /etc/login.def's "USERGROUP_ENAB" option if umask is only defined
there. This restores compatibility with the pre-PAM behaviour of login.
- debian/patches- applied/ pam_motd- legal-notice: display the contents of
/etc/legal once, then set a flag in the user's homedir to prevent
showing it again.
- debian/update- motd.5, debian/ libpam- modules. manpages: add a manpage
for update-motd, with some best practices and notes of explanation.
- debian/patches/ update- motd-manpage- ref: add a reference in pam_motd(8)
to update-motd(5)
- debian/local/common- session{ ,-noninteractiv e}: Enable pam_umask by
default, now that the umask setting is gone from /etc/profile.
- debian/local/pam- auth-update: Add the new md5sums for pam_umask addition.
* Dropped changes, included in Debian:
- debian/patches- applied/ update- motd: set a sane umask before calling
run-parts, and restore the old mask afterwards, so /run/motd gets
consistent permissions.
- debian/patches- applied/ update- motd: new module option for pam_motd,
'noupdate', which suppresses the call to run-parts /etc/update-motd.d.
- debian/libpam0g. postinst: drop kdm from the list of services to
restart.
* Build-depend on libfl-dev in addition to flex, for cross-building
support. - 84. By Steve Langasek
-
* Merge from Debian unstable. Remaining changes:
- debian/libpam- modules. postinst: Add PATH to /etc/environment if it's
not present there or in /etc/security/pam_env. conf. (should send to
Debian).
- debian/libpam0g. postinst: only ask questions during update-manager when
there are non-default services running.
- Change Vcs-Bzr to point at the Ubuntu branch.
- debian/patches- applied/ series: Ubuntu patches are as below ...
- debian/patches- applied/ ubuntu- rlimit_ nice_correction : Explicitly
initialise RLIMIT_NICE rather than relying on the kernel limits.
- debian/patches- applied/ pam_motd- legal-notice: display the contents of
/etc/legal once, then set a flag in the user's homedir to prevent
showing it again.
- debian/update- motd.5, debian/ libpam- modules. manpages: add a manpage
for update-motd, with some best practices and notes of explanation.
- debian/patches/ update- motd-manpage- ref: add a reference in pam_motd(8)
to update-motd(5)
- debian/libpam0g. postinst: drop kdm from the list of services to
restart.
- debian/libpam0g. postinst: check if gdm is actually running before
trying to reload it.
- debian/local/common- session{ ,-noninteractiv e}: Enable pam_umask by
default, now that the umask setting is gone from /etc/profile.
- debian/local/pam- auth-update: Add the new md5sums for pam_umask addition.
- add debian/patches- applied/ pam_umask_ usergroups_ from_login. defs.patch:
Deprecate pam_unix' explicit "usergroups" option and instead read it
from /etc/login.def's "USERGROUP_ENAB" option if umask is only defined
there. This restores compatibility with the pre-PAM behaviour of login.
(Closes: #583958)
* Dropped changes, included in Debian:
- debian/patches- applied/ CVE-2011- 3148.patch
- debian/patches- applied/ CVE-2011- 3149.patch
- debian/patches- applied/ update- motd: updated to use clean environment
and absolute paths in modules/pam_motd/ pam_motd. c.
* debian/libpam0g. postinst: the init script for 'samba' is now named 'smbd'
in Ubuntu, so fix the restart handling.
* debian/patches- applied/ update- motd: set a sane umask before calling
run-parts, and restore the old mask afterwards, so /run/motd gets
consistent permissions. LP: #871943.
* debian/patches- applied/ update- motd: new module option for pam_motd,
'noupdate', which suppresses the call to run-parts /etc/update-motd.d.
LP: #805423. - 83. By Marc Deslauriers
-
* SECURITY UPDATE: possible code execution via incorrect environment file
parsing (LP: #874469)
- debian/patches- applied/ CVE-2011- 3148.patch: correctly count leading
whitespace when parsing environment file in modules/pam_env/ pam_env. c.
- CVE-2011-3148
* SECURITY UPDATE: denial of service via overflowed environment variable
expansion (LP: #874565)
- debian/patches- applied/ CVE-2011- 3149.patch: when overflowing, exit
with PAM_BUF_ERR in modules/pam_env/ pam_env. c.
- CVE-2011-3149
* SECURITY UPDATE: code execution via incorrect environment cleaning
- debian/patches- applied/ update- motd: updated to use clean environment
and absolute paths in modules/pam_motd/ pam_motd. c.
- CVE-2011-XXXX - 82. By Kees Cook
-
* Merge with Debian to get bug fix for unknown kernel rlimits. Remaining
changes:
- debian/libpam- modules. postinst: Add PATH to /etc/environment if it's
not present there or in /etc/security/pam_env. conf. (should send to
Debian).
- debian/libpam0g. postinst: only ask questions during update-manager when
there are non-default services running.
- Change Vcs-Bzr to point at the Ubuntu branch.
- debian/patches- applied/ series: Ubuntu patches are as below ...
- debian/patches- applied/ ubuntu- rlimit_ nice_correction : Explicitly
initialise RLIMIT_NICE rather than relying on the kernel limits.
- debian/patches- applied/ pam_motd- legal-notice: display the contents of
/etc/legal once, then set a flag in the user's homedir to prevent
showing it again.
- debian/update- motd.5, debian/ libpam- modules. manpages: add a manpage
for update-motd, with some best practices and notes of explanation.
- debian/patches/ update- motd-manpage- ref: add a reference in pam_motd(8)
to update-motd(5)
- debian/libpam0g. postinst: drop kdm from the list of services to
restart.
- debian/libpam0g. postinst: check if gdm is actually running before
trying to reload it.
- debian/local/common- session{ ,-noninteractiv e}: Enable pam_umask by
default, now that the umask setting is gone from /etc/profile.
- debian/local/pam- auth-update: Add the new md5sums for pam_umask addition.
- add debian/patches- applied/ pam_umask_ usergroups_ from_login. defs.patch:
Deprecate pam_unix' explicit "usergroups" option and instead read it
from /etc/login.def's "USERGROUP_ENAB" option if umask is only defined
there. This restores compatibility with the pre-PAM behaviour of login.
(Closes: #583958)
* Dropped changes:
- debian/patches- applied/ 027_pam_ limits_ better_ init_allow_ explicit_ root:
no need to bump the hard limit for number of file descriptors any more
since we read kernel limits directly now. - 81. By Martin Pitt
-
[ Steve Langasek ]
* debian/patches/ pam_motd- legal-notice: use pam_modutil_ gain/drop_ priv
common helper functions, instead of hand-rolled uid-setting code.[ Martin Pitt ]
* debian/local/common- session{ ,-noninteractiv e}: Enable pam_umask by
default, now that the umask setting is gone from /etc/profile.
(LP: #253096, UbuntuSpec:umask-to- 0002)
* debian/local/pam- auth-update: Add the new md5sum of above files.
* Add debian/patches- applied/ pam_umask_ usergroups_ from_login. defs.patch:
Deprecate pam_unix' explicit "usergroups" option and instead read it from
/etc/login.def's "USERGROUP_ENAB" option if umask is only defined there.
This restores compatibility with the pre-PAM behaviour of login.
(Closes: #583958) - 80. By Steve Langasek
-
debian/
patches- applied/ update- motd-manpage- ref: refresh patch to apply
cleanly against new upstream. - 79. By Steve Langasek
-
* Merge from Debian unstable, remaining changes:
- debian/libpam- modules. postinst: Add PATH to /etc/environment if it's
not present there or in /etc/security/pam_env. conf. (should send to
Debian).
- debian/libpam0g. postinst: only ask questions during update-manager when
there are non-default services running.
- Change Vcs-Bzr to point at the Ubuntu branch.
- debian/patches- applied/ series: Ubuntu patches are as below ...
- debian/patches- applied/ ubuntu- rlimit_ nice_correction : Explicitly
initialise RLIMIT_NICE rather than relying on the kernel limits.
- debian/patches- applied/ 027_pam_ limits_ better_ init_allow_ explicit_ root:
bump the hard limit for number of file descriptors, to keep pace with
the changes in the kernel.
- debian/patches- applied/ pam_motd- legal-notice: display the contents of
/etc/legal once, then set a flag in the user's homedir to prevent
showing it again.
- debian/update- motd.5, debian/ libpam- modules. manpages: add a manpage
for update-motd, with some best practices and notes of explanation.
- debian/patches/ update- motd-manpage- ref: add a reference in pam_motd(8)
to update-motd(5)
- debian/libpam0g. postinst: drop kdm from the list of services to
restart.
- debian/libpam0g. postinst: check if gdm is actually running before
trying to reload it.
- New patch, lib_security_multiarch_ compat, which lets us reuse the
upstream --enable-isadir functionality to support a true path for
module lookups; this way we don't have to force a hard transition to
multiarch, but can support resolving modules in both the multiarch and
non-multiarch directories.
- build for multiarch, splitting our executables out of libpam-modules
into a new package, libpam-modules-bin, so that modules can be
co-installable between architectures.
* Dropped changes:
- bumping the service restart version in libpam0g.postinst to ensure
servers don't fail to find the pam modules in the new paths; the min
version requirement upstream is higher than this now.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/quantal/pam