Your message dated Mon, 27 Aug 2007 02:47:28 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#300773: fixed in pam 0.99.7.1-2
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: libpam-runtime
Version: 0.76-22
Priority: wishlist
Tags: patch
Checking the documentation in the pam binary RPMs of SuSE I've found that
they have some manpages that are neither included upstream nor available in
the Debian packages. Some of the documentation applies to PAM modules that
are not (yet) available in Debian but some of it applies to modules in
Debian (pam_securetty, and pam_nologin) also, one of the manpages (of
unix_chkpwd.8) is slightly better than the Debian-provided manpage.
Attached is a patch adding (and installing) these manpages to the Debian
package, although the manpages for modules not available (pam_localuser,
pam_succeed_if and pam_xauth) are not installed. I'm going to ask for these
modules in a separate bug, however.
Regards
Javier
diff -Nru pam-0.76.old/debian/local/pam_localuser.8.unavailable
pam-0.76/debian/local/pam_localuser.8.unavailable
--- pam-0.76.old/debian/local/pam_localuser.8.unavailable 1970-01-01
01:00:00.000000000 +0100
+++ pam-0.76/debian/local/pam_localuser.8.unavailable 2005-03-21
16:16:27.000000000 +0100
@@ -0,0 +1,36 @@
+.\" Copyright 2000 Red Hat, Inc.
+.TH pam_localuser 8 2000/7/21 "Red Hat" "System Administrator's Manual"
+
+.SH NAME
+pam_localuser \- require users to be listed in /etc/passwd
+
+.SH SYNOPSIS
+.B account sufficient /lib/security/pam_localuser.so \fIargs\fP
+.br
+.B account required /lib/security/pam_wheel.so group=devel
+
+.SH DESCRIPTION
+pam_localuser.so exists to help implement site-wide login policies, where
+they typically include a subset of the network's users and a few accounts
+that are local to a particular workstation. Using pam_localuser.so and
+pam_wheel.so or pam_listfile.so is an effective way to restrict access to
+either local users and/or a subset of the network's users.
+
+This could also be implemented using pam_listfile.so and a very short awk
+script invoked by cron, but it's common enough to have been separated out.
+
+.SH ARGUMENTS
+.IP debug
+turns on debugging
+.IP file=\fBFILE\fP
+uses a file other than \fB/etc/passwd\fP.
+
+.SH FILES
+/etc/passwd
+
+.SH BUGS
+Let's hope not, but if you find any, please report them via the "Bug Track"
+link at http://bugzilla.redhat.com/bugzilla/
+
+.SH AUTHOR
+Nalin Dahyabhai <[EMAIL PROTECTED]>
diff -Nru pam-0.76.old/debian/local/pam_nologin.8
pam-0.76/debian/local/pam_nologin.8
--- pam-0.76.old/debian/local/pam_nologin.8 1970-01-01 01:00:00.000000000
+0100
+++ pam-0.76/debian/local/pam_nologin.8 2005-03-21 16:16:27.000000000 +0100
@@ -0,0 +1,86 @@
+.\" Copyright (C) 2003 International Business Machines Corp.
+.\" This file is distributed according to the GNU General Public License.
+.\" See the file COPYING in the top level source directory for details.
+.\"
+.de Sh \" Subsection
+.br
+.if t .Sp
+.ne 5
+.PP
+\fB\\$1\fR
+.PP
+..
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Ip \" List item
+.br
+.ie \\n(.$>=3 .ne \\$3
+.el .ne 3
+.IP "\\$1" \\$2
+..
+.TH "PAM_NOLOGIN" 8 "2003-03-21" "Linux 2.4" "System Administrator's Manual"
+.SH NAME
+pam_nologin \- Disables login for all except root when
+\fI/etc/nologin\fR exists
+.SH "SYNOPSIS"
+.ad l
+.hy 0
+
+/lib/security/pam_nologin
+.sp
+.ad
+.hy
+
+.SH "DESCRIPTION"
+
+.PP
+\fBpam_nologin\fR is a PAM module that prevents users from logging
+into the system when \fI/etc/nologin\fR exists.
+The contents of the \fI/etc/nologin\fR file are displayed to the user.
+The \fBpam_nologin\fR module has no effect on the root user's ability to log
in.
+
+.SH "OPTIONS"
+
+.PP
+\fBpam_login\fR has no options.
+
+.SH "MODULE SERVICES PROVIDED"
+
+.TP
+auth
+_authentication and _setcred (blank)
+
+.SH "RETURN CODES"
+.PP
+\fBpam_nologin\fR has the following return codes:
+.TP
+PAM_SUCCESS
+Success: either the user is root or the \fI/etc/nologin\fR file does not exist.
+
+.TP
+PAM_SERVICE_ERR
+The module was unable to get the user name.
+
+.TP
+PAM_USER_UNKNOWN
+The module cannot get the UID associated with this user.
+
+.TP
+PAM_AUTH_ERR
+The user is not root and \fI/etc/nologin\fR exists, so the user is
+not permitted to log in.
+
+.SH "HISTORY"
+
+.PP
+\fBpam_nologin\fR was written by Michael K. Johnson.
+
+.SH "SEE ALSO"
+
+.PP
+\fBpam.conf\fR(8), \fBpam.d\fR(8), \fBpam\fR(8), \fBnologin\fR(8).
+
+.SH AUTHOR
+Emily Ratliff.
diff -Nru pam-0.76.old/debian/local/pam_securetty.8
pam-0.76/debian/local/pam_securetty.8
--- pam-0.76.old/debian/local/pam_securetty.8 1970-01-01 01:00:00.000000000
+0100
+++ pam-0.76/debian/local/pam_securetty.8 2005-03-21 16:16:27.000000000
+0100
@@ -0,0 +1,98 @@
+.\" Copyright (C) 2003 International Business Machines Corp.
+.\" This file is distributed according to the GNU General Public License.
+.\" See the file COPYING in the top level source directory for details.
+.\"
+.de Sh \" Subsection
+.br
+.if t .Sp
+.ne 5
+.PP
+\fB\\$1\fR
+.PP
+..
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Ip \" List item
+.br
+.ie \\n(.$>=3 .ne \\$3
+.el .ne 3
+.IP "\\$1" \\$2
+..
+.TH "PAM_SECURETTY" 8 "2003-02-21" "Linux 2.4" "System Administrator's Manual"
+.SH NAME
+pam_securetty \- Limits root to logging in on devices listed in /etc/securetty
+.SH "SYNOPSIS"
+.ad l
+.hy 0
+
+/usr/security/pam_securetty
+.sp
+.ad
+.hy
+
+.SH "DESCRIPTION"
+
+.PP
+\fBpam_securetty\fR is a PAM module that allows root logins only if the
+user is logging in on a "secure" tty, as defined by the listing in
+\fI/etc/securetty\fR.
+\fBpam_securetty\fR also checks to make sure that \fI/etc/securetty\fR
+is a plain file and not world writable.
+
+.PP
+This module has no effect on non-root users.
+
+.SH "OPTIONS"
+.PP
+\fBpam_securetty\fR has no options.
+
+.SH "RETURN CODES"
+.PP
+\fBpam_securetty\fR has the following return codes:
+.TP
+PAM_SUCCESS
+The user is allowed to continue authentication.
+Either the user is not root, or the root user is trying to log in on
+an acceptable device.
+
+.TP
+PAM_AUTH_ERR
+Authentication is rejected.
+Either root is attempting to log in via an unacceptable device,
+or the \fI/etc/securetty\fR file is world writable or not a normal file.
+
+.TP
+PAM_INCOMPLETE
+An application error occurred. \fBpam_securetty\fR was not able to get
+information it required from the application that called it.
+
+.TP
+PAM_SERVICE_ERR
+An error occurred while the module was determining the user's name or tty,
+or the module could not open \fI/etc/securetty\fR.
+
+.TP
+PAM_IGNORE
+The module could not find the user name in the
+\fI/etc/passwd\fR file to verify whether the user had a UID of 0.
+Therefore, the results of running this module are ignored.
+
+.SH "HISTORY"
+
+.PP
+\fBpam_securetty\fR was written by Elliot Lee.
+
+.SH "FILES"
+
+.PP
+ \fI/etc/securetty\fR
+
+.SH "SEE ALSO"
+
+.PP
+\fBpam.conf\fR(8), \fBpam.d\fR(8), \fBpam\fR(8), \fBsecuretty\fR(8).
+
+.SH AUTHOR
+Emily Ratliff.
diff -Nru pam-0.76.old/debian/local/pam_succeed_if.8.unavailable
pam-0.76/debian/local/pam_succeed_if.8.unavailable
--- pam-0.76.old/debian/local/pam_succeed_if.8.unavailable 1970-01-01
01:00:00.000000000 +0100
+++ pam-0.76/debian/local/pam_succeed_if.8.unavailable 2005-03-21
16:16:27.000000000 +0100
@@ -0,0 +1,30 @@
+.\" Copyright 2003 Red Hat, Inc.
+.\" Written by Nalin Dahyabhai <[EMAIL PROTECTED]>
+.TH pam_succeed_if 8 2003/6/30 "Red Hat Linux" "System Administrator's Manual"
+
+.SH NAME
+pam_succeed_if \- succeed or fail based on account characteristics
+
+.SH SYNOPSIS
+.B account sufficient pam_succeed_if.so uid < 500
+
+.SH DESCRIPTION
+pam_succeed_if.so is designed to succeed or fail authentication based on
+characteristics of the account belonging to the user being authenticated.
+
+The module can be given one or more conditions as module arguments, and
+authentication will succeed only if all of the conditions are met.
+
+.SH ARGUMENTS
+.IP debug
+Turns on debugging messages sent to syslog.
+.IP use_uid
+Evaluate conditions using the account of the user whose UID the application
+is running under instead of the user being authenticated.
+
+.SH BUGS
+Let's hope not, but if you find any, please report them via the "Bug Track"
+link at http://bugzilla.redhat.com/bugzilla/
+
+.SH AUTHOR
+Nalin Dahyabhai <[EMAIL PROTECTED]>
diff -Nru pam-0.76.old/debian/local/pam_xauth.8.unavailable
pam-0.76/debian/local/pam_xauth.8.unavailable
--- pam-0.76.old/debian/local/pam_xauth.8.unavailable 1970-01-01
01:00:00.000000000 +0100
+++ pam-0.76/debian/local/pam_xauth.8.unavailable 2005-03-21
16:16:27.000000000 +0100
@@ -0,0 +1,82 @@
+.\" Copyright 2001,2003 Red Hat, Inc.
+.\" Written by Nalin Dahyabhai <[EMAIL PROTECTED]>, based on the original
+.\" version by Michael K. Johnson
+.TH pam_xauth 8 2003/7/24 "Red Hat Linux" "System Administrator's Manual"
+.SH NAME
+pam_xauth \- forward xauth keys between users
+.SH SYNOPSIS
+.B session optional /lib/security/pam_xauth.so \fIarguments\fP
+.SH DESCRIPTION
+pam_xauth.so is designed to forward xauth keys (sometimes referred
+to as "cookies") between users.
+
+Without pam_xauth, when xauth is enabled and a user uses the \fBsu\fP command
+to assume another user's priviledges, that user is no longer able to access
+the original user's X display because the new user does not have the key
+needed to access the display. pam_xauth solves the problem by forwarding the
+key from the user running su (the source user) to the user whose
+identity the source user is assuming (the target user) when the session
+is created, and destroying the key when the session is torn down.
+
+This means, for example, that when you run \fBsu\fP from an xterm sesssion,
+you will be able to run X programs without explicitly dealing with the
+xauth command or ~/.Xauthority files.
+
+pam_xauth will only forward keys if xauth can list a key connected
+to the $DISPLAY environment variable.
+
+Primitive access control is provided by \fB~/.xauth/export\fP in the invoking
+user's home directory and \fB~/.xauth/import\fP in the target user's home
+directory.
+
+If a user has a \fB~/.xauth/import\fP file, the user will only receive cookies
+from users listed in the file. If there is no \fB~/.xauth/import\fP file,
+the user will accept cookies from any other user.
+
+If a user has a \fB.xauth/export\fP file, the user will only forward cookies
+to users listed in the file. If there is no \fB~/.xauth/export\fP file, and
+the invoking user is not \fBroot\fP, the user will forward cookies to
+any other user. If there is no \fB~/.xauth/export\fP file, and the invoking
+user is \fBroot\fP, the user will \fInot\fP forward cookies to other users.
+
+Both the import and export files support wildcards (such as \fI*\fP). Both
+the import and export files can be empty, signifying that no users are allowed.
+
+.SH ARGUMENTS
+.IP debug
+Turns on debugging messages sent to syslog.
+.IP xauthpath=\fI/usr/X11R6/bin/xauth\fP
+Specify the path the xauth program (the default is /usr/X11R6/bin/xauth).
+.IP systemuser=\fInumber\fP
+Specify the highest UID which will be assumed to belong to a "system" user.
+pam_xauth will refuse to forward credentials to users with UID less than or
+equal to this number, except for root and the "targetuser", if specified.
+.IP targetuser=\fInumber\fP
+Specify a single target UID which is exempt from the systemuser check.
+.SH "IMPLEMENTATION DETAILS"
+pam_xauth will work \fIonly\fP if it is used from a setuid application
+in which the getuid() call returns the id of the user running the
+application, and for which PAM can supply the name of the account that
+the user is attempting to assume. The typical application of this
+type is \fBsu\fP. The application must call both pam_open_session() and
+pam_close_session() with the ruid set to the uid of the calling user
+and the euid set to root, and must have provided as the PAM_USER item
+the name of the target user.
+
+pam_xauth calls \fBxauth\fP as the source user to extract the key for
+$DISPLAY, then calls xauth as the target user to merge the key
+into the a temporary database and later remove the database.
+
+pam_xauth cannot be told not to remove the keys when the session
+is closed.
+.SH "SEE ALSO"
+\fI/usr/share/doc/pam*/html/index.html\fP
+.SH FILES
+\fI~/.xauth/import\fP
+\fI~/.xauth/export\fP
+.SH BUGS
+Let's hope not, but if you find any, please report them via the "Bug Track"
+link at http://bugzilla.redhat.com/bugzilla/
+.SH AUTHOR
+Nalin Dahyabhai <[EMAIL PROTECTED]>, based on original version by
+Michael K. Johnson <[EMAIL PROTECTED]>
diff -Nru pam-0.76.old/debian/local/unix_chkpwd.8
pam-0.76/debian/local/unix_chkpwd.8
--- pam-0.76.old/debian/local/unix_chkpwd.8 2005-03-21 16:23:30.000000000
+0100
+++ pam-0.76/debian/local/unix_chkpwd.8 2005-03-21 16:18:34.000000000 +0100
@@ -1,17 +1,88 @@
-.TH UNIX_CHKPWD 8 "4 Jun 1999" "Linux-PAM 0.69" "Linux-PAM Manual"
+.\" Copyright (C) 2003 International Business Machines Corporation
+.\" This file is distributed according to the GNU General Public License.
+.\" See the file COPYING in the top level source directory for details.
+.\"
+.de Sh \" Subsection
+.br
+.if t .Sp
+.ne 5
+.PP
+\fB\\$1\fR
+.PP
+..
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Ip \" List item
+.br
+.ie \\n(.$>=3 .ne \\$3
+.el .ne 3
+.IP "\\$1" \\$2
+..
+.TH "UNIX_CHKPWD" 8 "2003-03-21" "Linux-PAM 0.76" "Linux-PAM Manual"
.SH NAME
-\fBunix_chkpwd\fR \- check the password of the invoking user
-.SH SYNOPSIS
-<not invoked manually>
-.SH DESCRIPTION
-A helper binary for the pam_unix module, unix_chkpwd, is provided to check
-the user's password when it is stored in a read protected database, such as
-shadow'd passwords. This binary is very simple and will only check the password
+unix_chkpwd \- helper binary that verifies the password of the current user
+.SH "SYNOPSIS"
+.ad l
+.hy 0
+
+/sbin/unix_chkpwd [\fIusername\fR]
+.sp
+.ad
+.hy
+.SH "DESCRIPTION"
+.PP
+\fBunix_chkpwd\fR is a helper program for the pam_unix module that verifies
+the password of the current user when it is stored in a read protected
database,
+such as shadow'd passwords. It is not intended to be run directly from
+the command line and logs a security violation if done so.
+
+This binary is very simple and will only check the password
of the user invoking it. It is called transparently on behalf of the user by
the authenticating component of the pam_unix module. In this way it is possible
for applications like
.B xlock
-to work work without being setuid root.
-.SH USAGE
-This program is not intended to be called directly by users and will log to
syslog
-if it is called improperly (i.e., by someone trying to exploit it).
+to work work without being setuid root.
+
+It is typically installed setuid root or setgid shadow.
+
+.SH "OPTIONS"
+.PP
+unix_pwdchk optionally takes the following argument:
+.TP
+\fIusername\fR
+The username of the user whose password you want to check: this must match the
current user id.
+
+.SH "INPUTS"
+.PP
+unix_pwdchk expects the following inputs via stdin:
+.TP
+\fIoption\fR
+Either nullok or nonull, depending on whether the user can have an empty
password.
+.TP
+\fIpassword\fR
+The password to verify.
+
+.SH "RETURN CODES"
+.PP
+\fBunix_chkpwd\fR has the following return codes:
+.TP
+1
+unix_chkpwd was inappropriately called from the command line or the password
is incorrect.
+
+.TP
+0
+The password is correct.
+
+.SH "HISTORY"
+Written by Andrew Morgan
+
+.SH "SEE ALSO"
+
+.PP
+\fBpam\fR(8)
+
+.SH AUTHOR
+Emily Ratliff.
+
diff -Nru pam-0.76.old/debian/rules pam-0.76/debian/rules
--- pam-0.76.old/debian/rules 2005-03-21 16:23:30.000000000 +0100
+++ pam-0.76/debian/rules 2005-03-21 16:21:15.000000000 +0100
@@ -84,6 +84,8 @@
dh_movefiles -i
dh_installman -plibpam-runtime $(BUILD_TREE)/doc/man/*.[578]
+ # Additional documentation
+ dh_installman -plibpam-runtime $(dl)/pam_*[578]
rm debian/libpam-runtime/usr/share/man/man8/{pam.8,pam.d.8,pam.conf.8}
dh_installdocs -i
dh_installchangelogs -i $(BUILD_TREE)/CHANGELOG
signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
Source: pam
Source-Version: 0.99.7.1-2
We believe that the bug you reported is fixed in the latest version of
pam, which is due to be installed in the Debian FTP archive:
libpam-cracklib_0.99.7.1-2_amd64.deb
to pool/main/p/pam/libpam-cracklib_0.99.7.1-2_amd64.deb
libpam-cracklib_0.99.7.1-2_i386.deb
to pool/main/p/pam/libpam-cracklib_0.99.7.1-2_i386.deb
libpam-doc_0.99.7.1-2_all.deb
to pool/main/p/pam/libpam-doc_0.99.7.1-2_all.deb
libpam-modules_0.99.7.1-2_amd64.deb
to pool/main/p/pam/libpam-modules_0.99.7.1-2_amd64.deb
libpam-modules_0.99.7.1-2_i386.deb
to pool/main/p/pam/libpam-modules_0.99.7.1-2_i386.deb
libpam-runtime_0.99.7.1-2_all.deb
to pool/main/p/pam/libpam-runtime_0.99.7.1-2_all.deb
libpam0g-dev_0.99.7.1-2_amd64.deb
to pool/main/p/pam/libpam0g-dev_0.99.7.1-2_amd64.deb
libpam0g-dev_0.99.7.1-2_i386.deb
to pool/main/p/pam/libpam0g-dev_0.99.7.1-2_i386.deb
libpam0g_0.99.7.1-2_amd64.deb
to pool/main/p/pam/libpam0g_0.99.7.1-2_amd64.deb
libpam0g_0.99.7.1-2_i386.deb
to pool/main/p/pam/libpam0g_0.99.7.1-2_i386.deb
pam_0.99.7.1-2.diff.gz
to pool/main/p/pam/pam_0.99.7.1-2.diff.gz
pam_0.99.7.1-2.dsc
to pool/main/p/pam/pam_0.99.7.1-2.dsc
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Steve Langasek <[EMAIL PROTECTED]> (supplier of updated pam package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sun, 26 Aug 2007 19:15:09 -0700
Source: pam
Binary: libpam0g-dev libpam0g libpam-modules libpam-doc libpam-runtime
libpam-cracklib
Architecture: source amd64 all i386
Version: 0.99.7.1-2
Distribution: unstable
Urgency: low
Maintainer: Steve Langasek <[EMAIL PROTECTED]>
Changed-By: Steve Langasek <[EMAIL PROTECTED]>
Description:
libpam-doc - Documentation of PAM
libpam-runtime - Runtime support for the PAM library
libpam-cracklib - PAM module to enable cracklib support
libpam-modules - Pluggable Authentication Modules for PAM
libpam0g - Pluggable Authentication Modules library
libpam0g-dev - Development files for PAM
Closes: 62193 119689 127931 165067 178225 181451 184270 212165 220157 241661
300773 305058 313486 328084 330545 331208 333141 336344 350620 354309 360460
362855 368100 411812 412484 416665 436005 436222 439038 439040
Changes:
pam (0.99.7.1-2) unstable; urgency=low
.
* New upstream release; thanks to Roger Leigh and Jan Christoph Nordholz
for their extensive work in helping to prepare for this update in Debian.
Closes: #360460.
- now uses autoconf for library detection, so SELinux should not be
unconditionally enabled on non-Linux archs. Closes: #333141.
- pam_mail notice handling has been completely reworked, so there should
no longer be missing spaces in the messages. Closes: #119689.
- with libtool and autoconf, now behaves "sensibly" on unknown
platforms. Closes: #165067.
- the source now builds without warnings. Closes: #212165.
- uses automake instead of hand-rolled makefiles with indentation
bugs. Closes: #241661, #328084.
- pam_mkhomedir now creates directories recursively as needed.
Closes: #178225.
- pam_listfile now supports being used as a session module too.
Closes: #416665.
- misspelled pam_userdb log message has been corrected. Closes: #305058.
- the current pam_strerror manpage no longer mentions "Unknown
Linux-PAM error". Closes: #220157.
- the text documentation no longer uses ANSI bold sequences.
Closes: #181451.
- pam_localuser now supports being used as a session module.
Closes: #412484.
- package no longer fails to build with dash as /bin/sh.
Closes: #331208.
- All modules should now be documented in the system administrator
guide. Closes: #350620.
- pam_userdb now logs an error instead of segfaulting when no db=
option is provided. Closes: #436005.
- pam_time now warns on a missing tty instead of erroring out,
making it possible to use the module with non-console services.
Closes: #127931.
- upstream changelog is now 'ChangeLog' instead of 'CHANGELOG'; install
accordingly
- bump the shlibs
- the 'test.c' example no longer exists
- add /usr/share/locale to libpam-runtime.
- CVE-2005-2977: only uid=0 is allowed to invoke unix_chkpwd with an
arbitrary username, and then only when SELinux is active.
Closes: #336344.
* Mark myself as primary maintainer as previously discussed with Sam, and
add Roger as an uploader.
* Refactor to use quilt.
* Update to Standards-Version 3.7.2.
* Drop unnecessary build-dependency on patch, which is
build-essential (and no longer invoked directly).
* Drop patches 002_debian_no_ldconfig_call, 010_pam_cplusplus,
018_man_fixes, 030_makefile_link_against_libpam,
037_pam_issue_ttyname_can_be_null, 044_configure_supports_bsd,
050_configure_in_gnu and 052_pam_unix_no_openlog, which have been
superseded upstream.
* Drop patches 005_pam_limits_099_6,
012_pam_group_less_restrictive_charset, 023_pam_env_limits_miscfixes,
048_pam_group_colon_valid_char, 058_pam_env_enable, 059_pam_userdb_segv,
060_pam_tally_segv and 062_c++_safe_headers, which have been integrated
upstream.
* Patch 057: SELinux support is merged upstream, leaving only an
unrelated OOM check for pam_unix_passwd. Rename as
057_pam_unix_passwd_OOM_check.
* Patches 006, 008, 036: update for the switch from SGML to XML.
* Patch 007: update for the switch from SGML to XML; drop some log
messages that were already added upstream; update for the pam_modutil
changes; tighten the flag handling of the 'obscure' option; drop bogus
check in unix_chkpwd for null passwords. Also fix a grammar error
along the way. Closes: #362855.
* Patch 024: CRACKLIB_DICTPATH is no longer set in configure.in, so patch
pam_cracklib.c instead to use the default dictpath already available
from crack.h; and patch configure.in to use AC_CHECK_HEADERS instead
of AC_CHECK_HEADER, so crack.h is actually included. Also remove
unnecessary string copies, which break on the Hurd due to PATH_MAX.
* Patch 038: partially merged/superseded upstream; also add new Hurd
fix for pam_xauth.
* Patch 061: partially merged upstream
* Use ${binary:Version} instead of ${Source-Version} in
debian/control.
* Remove empty maintainer scripts debian/libpam0g-dev.{postinst,prerm},
debian/libpam0g.{postinst,prerm}, and
debian/libpam-modules.{postinst,prerm}; debhelper can autogenerate these
just fine without our help.
* Build-Depend on xsltproc, libxml2-utils, docbook-xml, docbook-xsl
and w3m instead of on linuxdoc-tools, linuxdoc-tools-latex, tetex-extra,
groff, and opensp.
* Also build-depend on flex for libfl.a.
* Updates for documentation handling:
- move debian/local/pam-*-guide to debian/libpam-doc.doc-base.foo-guide,
and invoke dh_installdocs instead of installing these by hand.
- drop libpam-doc.{postinst,prerm}, which are no longer needed.
- add an install target to debian/rules, and have binary-indep depend on
it instead of trying to install doc files individually from the source
tree
- consequently, drop libpam-doc.dirs as well which is no longer needed
and no longer accurate
- add debian/libpam-doc.install for moving the docs to the right place,
and also replace libpam-runtime.files with libpam-runtime.install;
for the moment this means we're using both dh_movefiles and
dh_install...
- libpam0g.docs: install the Debian-PAM-MiniPolicy from here, further
cleaning up debian/rules
* Drop debian/libpam0g.links, no longer needed because upstream now has a
working install target which creates the library symlinks
* Add libpam-modules.links: create pam_unix_{acct,auth,passwd,session}.so
symlinks by hand, no longer provided upstream.
* debian/patches-applied/PAM-manpage-section: "PAM" is not a daemon, manpage
belongs in section 7, not in section 8.
* Actually ship the pam, pam.conf, and pam.d manpages in libpam-runtime.
* debian/patches-applied/autoconf.patch: move all changes to autotools
generated files into a single patch at the end of the stack.
- don't touch configure in debian/rules, the quilt patch takes care
of this for us.
* New patch 064_pam_unix_cracklib_dictpath: correctly define
CRACKLIB_DICTS, since this is not defined by configure. Thanks to Jan
Christoph Nordholz.
* New patch 065_pam_unix_cracklib_disable: Debian-specific patch to disable
cracklib support in pam_unix. Thanks to Christoph Nordholz.
* debian/rules:
- Rename OS_CFLAGS to CFLAGS.
- kill off references to unused variables
- make binary-arch also depend on the install target, and streamline the
rules
- fix up the clean target to not ignore errors; thanks to Roger Leigh
- drop the local module_check target in favor of using -Wl,-z,defs
in LDFLAGS to enforce correct linkage of all objects at build time
* Drop debian/local/unix_chkpwd.8 in favor of the upstream manpage.
* libpam-modules.files: /usr/sbin/pam_tally has moved to /sbin/pam_tally
for consistency.
* Update to debhelper V5.
* Don't ship Makefiles as part of the libpam0g-dev examples.
* libpam-modules.manpages, libpam-runtime.manpages, libpam0g-dev.manpages:
put all the manpages in the correct packages. Closes: #411812,
#62193, #313486, #300773, #330545, #184270.
* Drop libpam{0g,0g-dev,-modules,-runtime}.dirs, not needed for anything
because we aren't trying to ship empty directories in the packages
* Build-Conflict with fop, to avoid unreproducible builds of pdf
documentation from a tool in contrib.
* libpam-cracklib should depend on a real wordlist package, per policy;
use wamerican as the default.
* Drop local/pam-undocumented.7 from the package, since we no longer have
a reason to ship it
* Add lintian overrides for known false-positives
* Conflicts/Replaces/Provides libpam-umask, now included upstream.
Closes: #436222.
* Upstream no longer marks unix_chkpwd suid-root for us, so set the perms
by hand in debian/rules. In the process, unix_chkpwd is now writable
by the owner, as expected by policy. Closes: #368100.
* Migrate from db4.3 to db4.6; once again, no administrator action should
be needed for upgrading on-disk database formats. Closes: #354309.
* Add XS-Vcs-Svn and XS-Vcs-Browser fields to debian/control; thanks to
Laurent Bigonville for the hint. Closes: #439038.
* Add a watch file for use with uscan; thanks to Laurent Bigonville for
this patch as well. Closes: #439040.
* Rewrite of 031_pam_include, fixing a memory leak and letting us drop
patch 056_no_label_at_end; thanks to Jan Christoph Nordholz
<[EMAIL PROTECTED]> for this much-improved version!
* New patch no_pthread_mutexes: don't use pthread mutexes in
pam_modutil functions, they're not needed because pam handles
themselves should not be used concurrently by multiple threads and
using pthreads causes problems for portable linking.
* New patch hurd_no_setfsuid: if we don't have sys/fsuid.h, work around
using setreuid instead.
Files:
47ce3121dd65d428b69f895288a68b97 1148 libs optional pam_0.99.7.1-2.dsc
87f644d9a98d0ffb23b41d2bf82703cc 100236 libs optional pam_0.99.7.1-2.diff.gz
3ffaefa3f219bcb07a4ad5a68412be98 96010 admin required
libpam-runtime_0.99.7.1-2_all.deb
df109d3dc0bbce4af2d2c98918e4bbb0 264066 doc optional
libpam-doc_0.99.7.1-2_all.deb
d6ee4c373131d601aee67fdfc06bd115 75352 libs required
libpam0g_0.99.7.1-2_amd64.deb
4deb5eb055e9c2945aeae60374a4726c 262632 libs required
libpam-modules_0.99.7.1-2_amd64.deb
20a57b7bb7ce78ed68db2c509f9c5902 142020 libdevel optional
libpam0g-dev_0.99.7.1-2_amd64.deb
3c8bd6dcc2bb2fee1578ab7409cd8b22 47390 libs optional
libpam-cracklib_0.99.7.1-2_amd64.deb
d5a89de07bdf46e628504666a37b5c5d 72510 libs required
libpam0g_0.99.7.1-2_i386.deb
ed484ee0d43530fcd188d40d9fa37f7b 251012 libs required
libpam-modules_0.99.7.1-2_i386.deb
8beaca23c6fee9be550f1fdf8698136e 140032 libdevel optional
libpam0g-dev_0.99.7.1-2_i386.deb
b16208a38136b639e6bc105ae97931b3 47448 libs optional
libpam-cracklib_0.99.7.1-2_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFG0jmtKN6ufymYLloRAkf3AJ9jlCq6UYS+Mg2yNVie2o8rTvMjVgCgq6f9
H6I5UQYDzYPYYf1UM0yNi8E=
=RoLY
-----END PGP SIGNATURE-----
--- End Message ---
