pam (1.1.8-3.2ubuntu2) xenial; urgency=medium * debian/patches-applied/cve-2015-3238.patch: removed manpage changes so they don't get regenerated during build and cause a multiarch installation issue. (LP: #1558114) -- Marc Deslauriers Wed, 16 Mar 2016 13:34:02 -0400 pam (1.1.8-3.2ubuntu1) xenial; urgency=medium * Merge from Debian unstable. Remaining changes: - debian/libpam-modules.postinst: Add PATH to /etc/environment if it's not present there or in /etc/security/pam_env.conf. (should send to Debian). - debian/libpam0g.postinst: only ask questions during update-manager when there are non-default services running. - debian/libpam0g.postinst: check if gdm is actually running before trying to reload it. - debian/libpam0g.postinst: the init script for 'samba' is now named 'smbd' in Ubuntu, so fix the restart handling. - Change Vcs-Bzr to point at the Ubuntu branch. - debian/patches-applied/series: Ubuntu patches are as below ... - debian/patches-applied/ubuntu-rlimit_nice_correction: Explicitly initialise RLIMIT_NICE rather than relying on the kernel limits. - debian/patches-applied/pam_umask_usergroups_from_login.defs.patch: Deprecate pam_unix's explicit "usergroups" option and instead read it from /etc/login.def's "USERGROUP_ENAB" option if umask is only defined there. This restores compatibility with the pre-PAM behaviour of login. - debian/patches-applied/pam_motd-legal-notice: display the contents of /etc/legal once, then set a flag in the user's homedir to prevent showing it again. - debian/update-motd.5, debian/libpam-modules.manpages: add a manpage for update-motd, with some best practices and notes of explanation. - debian/patches/update-motd-manpage-ref: add a reference in pam_motd(8) to update-motd(5) - debian/local/common-session{,-noninteractive}: Enable pam_umask by default, now that the umask setting is gone from /etc/profile. - debian/local/pam-auth-update: Add the new md5sums for pam_umask addition. - Build-depend on libfl-dev in addition to flex, for cross-building support. - Add /usr/local/games to PATH. - Adjust debian/patches-applied/update-motd to write to /run/motd.dynamic, as sysvinit/ssh/login in Debian have been changed to use this file and no longer links /etc/motd to /var/run/motd. - debian/patches-applied/pam_umask_usergroups_from_login.defs.patch: include patch to autogenerated manpage file - debian/patches-applied/pam-loginuid-in-containers: pam_loginuid: Update patch with follow-up changes to loginuid.c - debian/patches-applied/extrausers.patch: Add a pam_extrausers module that is basically just a copy of pam_unix but looks at /var/lib/extrausers/{group,passwd,shadow} instead of /etc/ - debian/libpam-modules-bin.install: install the helper binaries for pam_extrausers to /sbin - debian/rules: Make pam_extrausers_chkpwd sguid shadow - debian/patches-applied/extrausers.patch: Ship pre-generated man page - debian/patches-applied/pam-limits-nofile-fd-setsize-cap: cap the default soft nofile limit read from pid 1 to FD_SETSIZE. - debian/control: have libpam-modules recommend update-motd package -- Marc Deslauriers Wed, 16 Mar 2016 09:50:51 -0400 pam (1.1.8-3.2) unstable; urgency=medium * Non-maintainer upload. * Fix CVE-2015-3238: DoS/user enumeration due to blocking pipe in pam_unix module (Closes: #789986) -- Tianon Gravi Wed, 06 Jan 2016 15:53:31 -0800 pam (1.1.8-3.1ubuntu3) vivid; urgency=medium * d/applied-patches/pam-limits-nofile-fd-setsize-cap: cap the default soft nofile limit read from pid 1 to FD_SETSIZE. -- Robie Basak Wed, 22 Apr 2015 08:55:24 +0000 pam (1.1.8-3.1ubuntu2) vivid; urgency=medium * debian/control: - have libpam-modules recommend update-motd package + while libpam-modules provides pam_motd, which does dynamically generate the motd from /etc/update-motd.d on login, hundreds of users have asked in the past few years how they might "force" a MOTD update; this is provided by /usr/sbin/update-motd in the tiny update-motd package (already in main); recommend this package -- Dustin Kirkland Tue, 11 Nov 2014 12:49:14 -0600 pam (1.1.8-3.1ubuntu1) vivid; urgency=low * Merge from Debian unstable. Remaining changes: - debian/libpam-modules.postinst: Add PATH to /etc/environment if it's not present there or in /etc/security/pam_env.conf. (should send to Debian). - debian/libpam0g.postinst: only ask questions during update-manager when there are non-default services running. - debian/libpam0g.postinst: check if gdm is actually running before trying to reload it. - debian/libpam0g.postinst: the init script for 'samba' is now named 'smbd' in Ubuntu, so fix the restart handling. - Change Vcs-Bzr to point at the Ubuntu branch. - debian/patches-applied/series: Ubuntu patches are as below ... - debian/patches-applied/ubuntu-rlimit_nice_correction: Explicitly initialise RLIMIT_NICE rather than relying on the kernel limits. - debian/patches-applied/pam_umask_usergroups_from_login.defs.patch: Deprecate pam_unix's explicit "usergroups" option and instead read it from /etc/login.def's "USERGROUP_ENAB" option if umask is only defined there. This restores compatibility with the pre-PAM behaviour of login. - debian/patches-applied/pam_motd-legal-notice: display the contents of /etc/legal once, then set a flag in the user's homedir to prevent showing it again. - debian/update-motd.5, debian/libpam-modules.manpages: add a manpage for update-motd, with some best practices and notes of explanation. - debian/patches/update-motd-manpage-ref: add a reference in pam_motd(8) to update-motd(5) - debian/local/common-session{,-noninteractive}: Enable pam_umask by default, now that the umask setting is gone from /etc/profile. - debian/local/pam-auth-update: Add the new md5sums for pam_umask addition. - Build-depend on libfl-dev in addition to flex, for cross-building support. - Add /usr/local/games to PATH. - Adjust debian/patches-applied/update-motd to write to /run/motd.dynamic, as sysvinit/ssh/login in Debian have been changed to use this file and no longer links /etc/motd to /var/run/motd. - debian/patches-applied/pam_umask_usergroups_from_login.defs.patch: include patch to autogenerated manpage file - debian/patches-applied/pam-loginuid-in-containers: pam_loginuid: Update patch with follow-up changes to loginuid.c - debian/patches-applied/extrausers.patch: Add a pam_extrausers module that is basically just a copy of pam_unix but looks at /var/lib/extrausers/{group,passwd,shadow} instead of /etc/ - debian/libpam-modules-bin.install: install the helper binaries for pam_extrausers to /sbin - debian/rules: Make pam_extrausers_chkpwd sguid shadow - debian/patches-applied/extrausers.patch: Ship pre-generated man page -- Michael Vogt Mon, 27 Oct 2014 09:57:52 +0100 pam (1.1.8-3.1) unstable; urgency=high * Non-maintainer upload by the Security Team. * Fix CVE-2013-7041: case-insensitive comparison used for verifying passwords in the pam_userdb module (closes: #731368). * Fix CVE-2014-2583: multiple directory traversal issues in the pam_timestamp module (closes: 757555) -- Michael Gilbert Sat, 09 Aug 2014 09:50:42 +0000 pam (1.1.8-3ubuntu4) utopic; urgency=medium * No-change rebuild to get debug symbols on all architectures. -- Brian Murray Tue, 21 Oct 2014 12:32:23 -0700 pam (1.1.8-3ubuntu3) utopic; urgency=medium * debian/patches-applied/extrausers.patch: - Ship pre-generated man page -- Michael Terry Tue, 22 Jul 2014 14:13:31 -0400 pam (1.1.8-3ubuntu2) utopic; urgency=medium * debian/patches-applied/extrausers.patch: Add a pam_extrausers module that is basically just a copy of pam_unix but looks at /var/lib/extrausers/{group,passwd,shadow} instead of /etc/ * debian/libpam-modules-bin.install: install the helper binaries for pam_extrausers to /sbin * debian/rules: Make pam_extrausers_chkpwd sguid shadow -- Michael Terry Fri, 18 Jul 2014 14:52:08 -0400 # For older changelog entries, run 'apt-get changelog libpam0g'