lp:ubuntu/precise/pam

Created by Ubuntu Package Importer on 2011-10-13 and last modified on 2012-02-09
Get this branch:
bzr branch lp:ubuntu/precise/pam
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Status:
Mature

Recent revisions

88. By Steve Langasek on 2012-02-08

No-change rebuild with gzip 1.4-1ubuntu2 to get multiarch-clean
compression of manpages. LP: #871083.

87. By Steve Langasek on 2012-01-28

* Merge from Debian unstable, remaining changes:
  - debian/libpam-modules.postinst: Add PATH to /etc/environment if it's
    not present there or in /etc/security/pam_env.conf. (should send to
    Debian).
  - debian/libpam0g.postinst: only ask questions during update-manager when
    there are non-default services running.
  - debian/libpam0g.postinst: check if gdm is actually running before
    trying to reload it.
  - debian/libpam0g.postinst: the init script for 'samba' is now named
    'smbd' in Ubuntu, so fix the restart handling.
  - Change Vcs-Bzr to point at the Ubuntu branch.
  - debian/patches-applied/series: Ubuntu patches are as below ...
  - debian/patches-applied/ubuntu-rlimit_nice_correction: Explicitly
    initialise RLIMIT_NICE rather than relying on the kernel limits.
  - debian/patches-applied/pam_umask_usergroups_from_login.defs.patch:
    Deprecate pam_unix' explicit "usergroups" option and instead read it
    from /etc/login.def's "USERGROUP_ENAB" option if umask is only defined
    there. This restores compatibility with the pre-PAM behaviour of login.
  - debian/patches-applied/pam_motd-legal-notice: display the contents of
    /etc/legal once, then set a flag in the user's homedir to prevent
    showing it again.
  - debian/update-motd.5, debian/libpam-modules.manpages: add a manpage
    for update-motd, with some best practices and notes of explanation.
  - debian/patches/update-motd-manpage-ref: add a reference in pam_motd(8)
    to update-motd(5)
  - debian/local/common-session{,-noninteractive}: Enable pam_umask by
    default, now that the umask setting is gone from /etc/profile.
  - debian/local/pam-auth-update: Add the new md5sums for pam_umask addition.
  - Build-depend on libfl-dev in addition to flex, for cross-building
    support.

86. By Steve Langasek on 2011-11-07

* Merge from Debian unstable. Remaining changes:
  - debian/libpam-modules.postinst: Add PATH to /etc/environment if it's
    not present there or in /etc/security/pam_env.conf. (should send to
    Debian).
  - debian/libpam0g.postinst: only ask questions during update-manager when
    there are non-default services running.
  - debian/libpam0g.postinst: check if gdm is actually running before
    trying to reload it.
  - debian/libpam0g.postinst: the init script for 'samba' is now named
    'smbd' in Ubuntu, so fix the restart handling.
  - Change Vcs-Bzr to point at the Ubuntu branch.
  - debian/patches-applied/series: Ubuntu patches are as below ...
  - debian/patches-applied/ubuntu-rlimit_nice_correction: Explicitly
    initialise RLIMIT_NICE rather than relying on the kernel limits.
  - debian/patches-applied/pam_umask_usergroups_from_login.defs.patch:
    Deprecate pam_unix' explicit "usergroups" option and instead read it
    from /etc/login.def's "USERGROUP_ENAB" option if umask is only defined
    there. This restores compatibility with the pre-PAM behaviour of login.
  - debian/patches-applied/pam_motd-legal-notice: display the contents of
    /etc/legal once, then set a flag in the user's homedir to prevent
    showing it again.
  - debian/update-motd.5, debian/libpam-modules.manpages: add a manpage
    for update-motd, with some best practices and notes of explanation.
  - debian/patches/update-motd-manpage-ref: add a reference in pam_motd(8)
    to update-motd(5)
  - debian/local/common-session{,-noninteractive}: Enable pam_umask by
    default, now that the umask setting is gone from /etc/profile.
  - debian/local/pam-auth-update: Add the new md5sums for pam_umask addition.
* Dropped changes, included in Debian:
  - debian/patches-applied/update-motd: set a sane umask before calling
    run-parts, and restore the old mask afterwards, so /run/motd gets
    consistent permissions.
  - debian/patches-applied/update-motd: new module option for pam_motd,
    'noupdate', which suppresses the call to run-parts /etc/update-motd.d.
  - debian/libpam0g.postinst: drop kdm from the list of services to
    restart.
* Build-depend on libfl-dev in addition to flex, for cross-building
  support.

85. By Colin Watson on 2011-11-01

Rebuild with dpkg 1.16.1.1ubuntu2 to restore large file support.

84. By Steve Langasek on 2011-10-30

* Merge from Debian unstable. Remaining changes:
  - debian/libpam-modules.postinst: Add PATH to /etc/environment if it's
    not present there or in /etc/security/pam_env.conf. (should send to
    Debian).
  - debian/libpam0g.postinst: only ask questions during update-manager when
    there are non-default services running.
  - Change Vcs-Bzr to point at the Ubuntu branch.
  - debian/patches-applied/series: Ubuntu patches are as below ...
  - debian/patches-applied/ubuntu-rlimit_nice_correction: Explicitly
    initialise RLIMIT_NICE rather than relying on the kernel limits.
  - debian/patches-applied/pam_motd-legal-notice: display the contents of
    /etc/legal once, then set a flag in the user's homedir to prevent
    showing it again.
  - debian/update-motd.5, debian/libpam-modules.manpages: add a manpage
    for update-motd, with some best practices and notes of explanation.
  - debian/patches/update-motd-manpage-ref: add a reference in pam_motd(8)
    to update-motd(5)
  - debian/libpam0g.postinst: drop kdm from the list of services to
    restart.
  - debian/libpam0g.postinst: check if gdm is actually running before
    trying to reload it.
  - debian/local/common-session{,-noninteractive}: Enable pam_umask by
    default, now that the umask setting is gone from /etc/profile.
  - debian/local/pam-auth-update: Add the new md5sums for pam_umask addition.
  - add debian/patches-applied/pam_umask_usergroups_from_login.defs.patch:
    Deprecate pam_unix' explicit "usergroups" option and instead read it
    from /etc/login.def's "USERGROUP_ENAB" option if umask is only defined
    there. This restores compatibility with the pre-PAM behaviour of login.
    (Closes: #583958)
* Dropped changes, included in Debian:
  - debian/patches-applied/CVE-2011-3148.patch
  - debian/patches-applied/CVE-2011-3149.patch
  - debian/patches-applied/update-motd: updated to use clean environment
    and absolute paths in modules/pam_motd/pam_motd.c.
* debian/libpam0g.postinst: the init script for 'samba' is now named 'smbd'
  in Ubuntu, so fix the restart handling.
* debian/patches-applied/update-motd: set a sane umask before calling
  run-parts, and restore the old mask afterwards, so /run/motd gets
  consistent permissions. LP: #871943.
* debian/patches-applied/update-motd: new module option for pam_motd,
  'noupdate', which suppresses the call to run-parts /etc/update-motd.d.
  LP: #805423.

83. By Marc Deslauriers on 2011-10-18

* SECURITY UPDATE: possible code execution via incorrect environment file
  parsing (LP: #874469)
  - debian/patches-applied/CVE-2011-3148.patch: correctly count leading
    whitespace when parsing environment file in modules/pam_env/pam_env.c.
  - CVE-2011-3148
* SECURITY UPDATE: denial of service via overflowed environment variable
  expansion (LP: #874565)
  - debian/patches-applied/CVE-2011-3149.patch: when overflowing, exit
    with PAM_BUF_ERR in modules/pam_env/pam_env.c.
  - CVE-2011-3149
* SECURITY UPDATE: code execution via incorrect environment cleaning
  - debian/patches-applied/update-motd: updated to use clean environment
    and absolute paths in modules/pam_motd/pam_motd.c.
  - CVE-2011-XXXX

82. By Kees Cook on 2011-08-18

* Merge with Debian to get bug fix for unknown kernel rlimits. Remaining
  changes:
  - debian/libpam-modules.postinst: Add PATH to /etc/environment if it's
    not present there or in /etc/security/pam_env.conf. (should send to
    Debian).
  - debian/libpam0g.postinst: only ask questions during update-manager when
    there are non-default services running.
  - Change Vcs-Bzr to point at the Ubuntu branch.
  - debian/patches-applied/series: Ubuntu patches are as below ...
  - debian/patches-applied/ubuntu-rlimit_nice_correction: Explicitly
    initialise RLIMIT_NICE rather than relying on the kernel limits.
  - debian/patches-applied/pam_motd-legal-notice: display the contents of
    /etc/legal once, then set a flag in the user's homedir to prevent
    showing it again.
  - debian/update-motd.5, debian/libpam-modules.manpages: add a manpage
    for update-motd, with some best practices and notes of explanation.
  - debian/patches/update-motd-manpage-ref: add a reference in pam_motd(8)
    to update-motd(5)
  - debian/libpam0g.postinst: drop kdm from the list of services to
    restart.
  - debian/libpam0g.postinst: check if gdm is actually running before
    trying to reload it.
  - debian/local/common-session{,-noninteractive}: Enable pam_umask by
    default, now that the umask setting is gone from /etc/profile.
  - debian/local/pam-auth-update: Add the new md5sums for pam_umask addition.
  - add debian/patches-applied/pam_umask_usergroups_from_login.defs.patch:
    Deprecate pam_unix' explicit "usergroups" option and instead read it
    from /etc/login.def's "USERGROUP_ENAB" option if umask is only defined
    there. This restores compatibility with the pre-PAM behaviour of login.
    (Closes: #583958)
* Dropped changes:
  - debian/patches-applied/027_pam_limits_better_init_allow_explicit_root:
    no need to bump the hard limit for number of file descriptors any more
    since we read kernel limits directly now.

81. By Martin Pitt on 2011-06-24

[ Steve Langasek ]
* debian/patches/pam_motd-legal-notice: use pam_modutil_gain/drop_priv
  common helper functions, instead of hand-rolled uid-setting code.

[ Martin Pitt ]
* debian/local/common-session{,-noninteractive}: Enable pam_umask by
  default, now that the umask setting is gone from /etc/profile.
  (LP: #253096, UbuntuSpec:umask-to-0002)
* debian/local/pam-auth-update: Add the new md5sum of above files.
* Add debian/patches-applied/pam_umask_usergroups_from_login.defs.patch:
  Deprecate pam_unix' explicit "usergroups" option and instead read it from
  /etc/login.def's "USERGROUP_ENAB" option if umask is only defined there.
  This restores compatibility with the pre-PAM behaviour of login.
  (Closes: #583958)

80. By Steve Langasek on 2011-06-04

debian/patches-applied/update-motd-manpage-ref: refresh patch to apply
cleanly against new upstream.

79. By Steve Langasek on 2011-06-04

* Merge from Debian unstable, remaining changes:
  - debian/libpam-modules.postinst: Add PATH to /etc/environment if it's
    not present there or in /etc/security/pam_env.conf. (should send to
    Debian).
  - debian/libpam0g.postinst: only ask questions during update-manager when
    there are non-default services running.
  - Change Vcs-Bzr to point at the Ubuntu branch.
  - debian/patches-applied/series: Ubuntu patches are as below ...
  - debian/patches-applied/ubuntu-rlimit_nice_correction: Explicitly
    initialise RLIMIT_NICE rather than relying on the kernel limits.
  - debian/patches-applied/027_pam_limits_better_init_allow_explicit_root:
    bump the hard limit for number of file descriptors, to keep pace with
    the changes in the kernel.
  - debian/patches-applied/pam_motd-legal-notice: display the contents of
    /etc/legal once, then set a flag in the user's homedir to prevent
    showing it again.
  - debian/update-motd.5, debian/libpam-modules.manpages: add a manpage
    for update-motd, with some best practices and notes of explanation.
  - debian/patches/update-motd-manpage-ref: add a reference in pam_motd(8)
    to update-motd(5)
  - debian/libpam0g.postinst: drop kdm from the list of services to
    restart.
  - debian/libpam0g.postinst: check if gdm is actually running before
    trying to reload it.
  - New patch, lib_security_multiarch_compat, which lets us reuse the
    upstream --enable-isadir functionality to support a true path for
    module lookups; this way we don't have to force a hard transition to
    multiarch, but can support resolving modules in both the multiarch and
    non-multiarch directories.
  - build for multiarch, splitting our executables out of libpam-modules
    into a new package, libpam-modules-bin, so that modules can be
    co-installable between architectures.
* Dropped changes:
  - bumping the service restart version in libpam0g.postinst to ensure
    servers don't fail to find the pam modules in the new paths; the min
    version requirement upstream is higher than this now.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/quantal/pam
This branch contains Public information 
Everyone can see this information.

Subscribers