pam (1.5.2-6+deb12u1) bookworm; urgency=medium
* Fix pam-auth-update --disable logic error, Closes: #1039873
* Set myself as maintainer; thanks Steve for past and future work.
* Updated Turkish Debconf translations, Thanks Atila KOÇ, Closes: #1029002
-- Sam Hartman <hartmans@debian.org> Thu, 21 Sep 2023 14:55:12 -0600
pam (1.5.2-6) unstable; urgency=medium
* Update debian/copyright, Thanks Bastian Germann, Closes: #460232
* When pam-auth-update is called with --root, use
/usr/share/pam-configs from the root not from the host system, Thanks
Johannes Schauer Marin Rodrigues, Closes: #1022952
* Build-depend on libcrypt-dev, Closes: #1024645
* Add pam-auth-udpate --disable, Closes: #1004000
* Add autopkgtests
-- Sam Hartman <hartmans@debian.org> Tue, 03 Jan 2023 13:15:23 -0700
pam (1.5.2-5) unstable; urgency=medium
* pam_namespace_helper manpage *wasn't* missing, it was just being
wrongly shipped in libpam-modules instead - so complete the moving
of the manpage to the libpam-modules-bin where it belongs with the
binary. Really Closes: #1021336.
-- Steve Langasek <vorlon@debian.org> Thu, 06 Oct 2022 18:56:06 +0000
pam (1.5.2-4) unstable; urgency=medium
* pam_namespace_helper manpage was missing, but namespace.conf.5 was
already shipped in libpam-modules. Leave it there. Closes: #1021336.
-- Steve Langasek <vorlon@debian.org> Thu, 06 Oct 2022 17:28:36 +0000
pam (1.5.2-3) unstable; urgency=medium
* Add missing manpages for pam_namespace which for some reason don't get
installed by the upstream rules
* Drop obsolete upgrade code from maintainer scripts which is no longer
used
* Drop manual multiarch file handling in favor of dh-exec.
* No special-case needed for pam_modutil_sanitize_helper_fds in symbols
file, it's covered by the existing globs.
* debian/local/Debian-PAM-MiniPolicy: drop references to ancient
package versions. Thanks, Marc Haber.
* Support DPKG_ROOT in the postinst scripts. Closes: #993161.
Thanks, Johannes Schauer Marin Rodrigues.
* Further proof libpam-runtime postinst for DPKG_ROOT just in case.
-- Steve Langasek <vorlon@debian.org> Thu, 06 Oct 2022 04:05:02 +0000
pam (1.5.2-2) unstable; urgency=medium
* Pass --with-systemdunitdir=/usr/lib/systemd/system for consistent
builds whether we are or aren't building in an environment with systemd
present.
* Install the pam_namespace.service unit in the libpam-modules-bin
package.
-- Steve Langasek <vorlon@debian.org> Thu, 18 Aug 2022 16:47:57 +0000
pam (1.5.2-1) unstable; urgency=medium
* New upstream release.
- fixes compatibility with libpam-systemd. Closes: #1017467.
- fixes bashisms in configure.ac. Closes: #998361.
* Refresh patches.
* Drop patches included or obsoleted upstream:
- debian/patches-applied/pam_unix_fix_sgid_shadow_auth.patch
- debian/patches-applied/pam_unix_initialize_daysleft
- debian/patches-applied/pam_faillock_create_directory
- debian/patches-applied/pam_unix_avoid_checksalt
- debian/patches-applied/pam_env-allow-environment-files-without-EOL-at-EOF.patch
* Drop libpam-cracklib which has been obsoleted upstream.
* Add pkgconfig .pc files to libpam0g-dev. Closes: #1012688.
* Update .symbols file.
* Updated Romanian debconf translation, thanks Andrei Popescu, Closes:
#986416
* Drop versioning of quilt build-dependency to quiet lintian, since the
version is satisfied by oldoldoldstable.
* Drop unused build-build-dependency on bzip2.
* Adjust lintian overrides for latest lintian syntax.
* Update Standards-Version.
* Bump debhelper compat to 13.
* debian/not-installed: document upstream files that aren't used.
* Override incorrect lintian warning about use of dpkg database.
* Override lintian warning for PAM module manpages being in section 8
* Override lintian warning for unused debconf templates
* Install additional upstream manpages: faillock(8), environment(5),
pwhistory_helper(8)
* Install additional helpers in libpam-modules-bin: pam_namespace_helper,
pwhistory_helper
* Fix wrong syntax in symbols file
-- Steve Langasek <vorlon@debian.org> Thu, 18 Aug 2022 07:27:16 +0000
pam (1.4.0-13) unstable; urgency=medium
* Don't build with NIS support. This is only used for password changes on
NIS systems, and is pulling a large dependency chain into the Essential
package set which is not justifiable.
-- Steve Langasek <vorlon@debian.org> Mon, 25 Apr 2022 16:12:04 -0700
pam (1.4.0-11) unstable; urgency=medium
* Whitespace fixes in debconf templates.
[ Sergio Durigan Junior ]
* d/p/pam_env-allow-environment-files-without-EOL-at-EOF.patch:
Allow /etc/environment files without EOL at EOF. In other words,
allow files without a newline at the end. (LP: #1953201)
-- Steve Langasek <vorlon@debian.org> Mon, 06 Dec 2021 11:11:31 -0800
pam (1.4.0-10) unstable; urgency=medium
* Fix syntax error in libpam0g.postinst when a systemd unit fails,
Closes: #992538
* Include upstream patch not to use crypt_checksalt; without this
passwords set prior to bullseye were considered expired, Closes:
#992848
* Support DPKG_ROOT for pam-auth-update, thanks Johannes 'josch' Schauer
Closes: #983427
-- Sam Hartman <hartmans@debian.org> Thu, 26 Aug 2021 13:43:23 -0600
pam (1.4.0-9) unstable; urgency=medium
* Revert prefer the multiarch path from 1.4.0-8: It turns out that
Debian uses DEFAULT_MODULE_PATH and _PAM_ISA in the opposite meaning
of upstream. If I had read the patch header of
patches-applied/lib_security_multiarch_compat more closely I would
have noticed this. The effect of 1.4.0-9 is what is stated in the
1.4.0-8 changelog: we prefer multiarch paths, but the original patch
did that.
* I did test this in 1.4.0-8, but my test design was flawed. I placed a
invalid shared object in /lib/security and confirmed it did not shadow
an object in /lib/x86_64-linux-gnu/security. However I realized
shortly after releasing 1.4.0-8 that a valid shared object in
/lib/security will shadow one in the multiarch path.
-- Sam Hartman <hartmans@debian.org> Fri, 09 Jul 2021 10:55:02 -0600
pam (1.4.0-8) unstable; urgency=high
[ Hideki Yamane ]
* debian/patches-applied/lib_security_multiarch_compat
- Fix regression introduced in 1.4.0-1: search both /lib/security and
/lib/[multiarch_tripple]/security/, Closes: #990790
[ Sam Hartman ]
* Reword changelog
* Prefer the multiarch path (_PAM_ISA) to the non-multiarch path.
That's different than buster, but guarantees everything already
working in bullseye will continue to work and also guarantees that
when multiarch modules are available we use them.
-- Hideki Yamane <henrich@debian.org> Tue, 06 Jul 2021 22:09:15 +0900
pam (1.4.0-7) unstable; urgency=medium
* Updated portuguese debconf translation, thanks Pedro Ribeiro, Closes:
#983594
* Updated Simplified Chinese Translations, thanks Boyuan Yang
* Updated Bulgarian Translation, Thanks Damyan Ivanov
* Updated translation from the Slovak team, thanks Ladislav Michnovič,
Closes: #984891
* Updated Catalan translation, thanks Alex Muntada, Closes: #984568
* Updated Brazilian Portuguese translation, Thanks Adriano Rafael Gomes,
Closes: #984656
* French Debconf translations, thanks Jean-Pierre Giraud , Closes:
#984910
* Updated russian Debconf translations, thanks Алексей Шилин, Closes:
#984878
* Updated Dutch debconf templates, Thanks Frans Spiesschaert, Closes:
#984823
* Updated German Debconf translations, Thanks Sven Joachim
* Code review fixes for the fix to #982295, thanks Mark Hindley
- Actually set service to $1 rather than happening to use a variable
of the same name in enclosing scope
- Remove dead code setting idl when not used
* Code review fixes to the fix for #982530, thanks Martin Schurz
- Include '-' in the file matching regexp so we search
/etc/pam.d/common-* for uses of pam_tally. The profile check will
catch this unless the user has overwridden the configuration
- Fix capitalization of pam_Tally in debconf description
-- Sam Hartman <hartmans@debian.org> Mon, 15 Mar 2021 15:01:55 -0400
pam (1.4.0-6) unstable; urgency=medium
* Clearly it's been too long since I've done debconf; run
debconf-updatepo so the translations will show up as needing
translating.
-- Sam Hartman <hartmans@debian.org> Fri, 26 Feb 2021 10:48:23 -0500
pam (1.4.0-5) unstable; urgency=low
* Remove profiles containing pam_tally or pam_tally2 since we no longer
build them.
* Also, fail to permit profiles to be selected that include pam_tally
once the new pam-auth-update is installed
* Check for any user-added references to pam_tally and halt the upgrade,
Closes: #982530
* Handle services with systemd units but no init scripts, Closes: #982295
* Register md5sum for new common-password template, Closes: #982898
* After reading pam-auth-update source, I agree with Lucas Nussbaum
that common-session is intended only for interactive sessions.
Otherwise pam-auth-update should not duplicate module configurations
between common-session-noninteractive and common-session, so update
the documentation, Closes: #982297
-- Sam Hartman <hartmans@debian.org> Thu, 25 Feb 2021 15:48:22 -0500
pam (1.4.0-4) unstable; urgency=medium
* Document in README.source how to avoid multi-arch problems with documentation, Closes: #851650
* Update header to common-password talking about sha512
* The fix for #977648 incorrectly assumed how prerm scripts are called; update.
-- Sam Hartman <hartmans@debian.org> Wed, 03 Feb 2021 12:35:12 -0500
pam (1.4.0-3) unstable; urgency=medium
[ Josh Triplett ]
* libpam-runtime.postrm: Remove session-noninteractive files on purge,
Closes: #978601
[ Sam Hartman ]
* patches-applied/pam_mkhomedir_stat_before_opendir: Stat the skeleton
directory before opendir, Closes: #834589
* libpam-modules.install: Install pam_faillock binaries, Closes: #981092
* debian/patches-applied/pam_unix_initialize_daysleft : Initialize days before password expire, Closes: #980285
* pam-configs/unix: Default to yescript rather than sha512. From a theoretical security standpoint, it looks like yescript has similar security properties, assuming (as we typically do in the crypto protocol community) that sha256 is still reasonable. However, in terms of practical resistant to password cracking, particularly in terms of valuing space complexity as well as time complexity, yescript is superior, Closes: #978553
* No infinite loop on purge of libpam-runtime, Closes: #977648
* patches-applied/pam_faillock_create_directory: create /run/faillock when needed.
-- Sam Hartman <hartmans@debian.org> Mon, 01 Feb 2021 15:27:08 -0500
pam (1.4.0-2) unstable; urgency=medium
* Restart services on upgrade to 1.4.0. Closes: #978555.
-- Steve Langasek <steve.langasek@ubuntu.com> Mon, 28 Dec 2020 19:20:38 -0800
pam (1.4.0-1) unstable; urgency=medium
* New upstream release. Closes: #948188.
- Stop using obsoleted selinux headers. Closes: #956355.
- Continue building pam_cracklib, which is deprecated upstream;
the replacement, pam_passwdqc, is packaged separately.
- Update symbols file for new symbols.
- Refresh lintian overrides for changes to available pam modules.
* Drop patches to implement "nullok_secure" option for pam_unix.
Closes: #674857, #936071, LP: #1860826.
* debian/patches-applied/cve-2010-4708.patch: drop, applied upstream.
* debian/patches-applied/nullok_secure-compat.patch: Support
nullok_secure as a deprecated alias for nullok.
* debian/pam-configs/unix: use nullok, not nullok_secure.
* Drop pam_tally and pam_tally2 modules, which have been deprecated
upstream in favor of pam_faillock. Closes: #569746, LP: #772121.
* Add hardening+=bindnow to build options, per lintian.
-- Steve Langasek <vorlon@debian.org> Mon, 28 Dec 2020 06:05:13 +0000
# Older entries have been removed from this changelog.
# To read the complete changelog use `apt changelog libpam-modules-bin`.
Generated by dwww version 1.15 on Sat May 18 06:53:57 CEST 2024.