Your message dated Sun, 7 May 2017 14:04:12 -0400
with message-id <[email protected]>
and subject line Bug #824607: pam: diff for NMU version 1.1.8-3.3
has caused the Debian Bug report #824607,
regarding pam: diff for NMU version 1.1.8-3.3
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
824607: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=824607
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: pam
Version: 1.1.8-3.2
Severity: normal
Tags: patch pending

Dear maintainer,

I've prepared an NMU for pam (versioned as 1.1.8-3.3) and
uploaded it to DELAYED/15. Please feel free to tell me if I
should delay it longer.

My bzr branch is available at: 
http://anonscm.debian.org/bzr/users/bigon/pam/sid/

Regards.
diff -u pam-1.1.8/debian/changelog pam-1.1.8/debian/changelog
--- pam-1.1.8/debian/changelog
+++ pam-1.1.8/debian/changelog
@@ -1,3 +1,41 @@
+pam (1.1.8-3.3) unstable; urgency=low
+
+  * Non-maintainer upload.
+  [ Steve Langasek ]
+  * Updated Swedish translation to correct a typo, thanks to Anders Jonsson
+    and Martin Bagge.  Closes: #743875
+  * Updated Turkish translation, thanks to Mert Dirik <[email protected]>.
+    (closes: #756756)
+  * d/applied-patches/pam-limits-nofile-fd-setsize-cap: cap the default
+    soft nofile limit read from pid 1 to FD_SETSIZE.  Thanks to Robie Basak
+    <[email protected]> for the patch.  Closes: #783105.
+  * Acknowledge security NMU.
+  * pam-auth-update: don't mishandle trailing whitespace in profiles.
+    LP: #1487103.
+
+  [ Laurent Bigonville ]
+  * debian/control: Fix Vcs-* and Homepage fields (Closes: #752343)
+  * debian/watch: Update watch file and point it to http://www.linux-pam.org
+  * debian/patches-applied/pam_namespace_fix_bashism.patch: Fix bashism in
+    namespace.init script (Closes: #624842)
+  * debian/control: Build-depends against debhelper (>= 9) to match the
+    defined debhelper compatibility
+  * Rename the cve-2011-4708.patch to cve-2010-4708.patch to match reality,
+    thanks to Jakub Wilk <[email protected]> for noticing (Closes: #761594)
+  * debian/control: Bump Standards-Version to 3.9.8 (no further changes)
+  * debian/libpam-doc.doc-base.applications-guide: Fix spelling
+  * debian/libpam0g-dev.examples: Do not use shell brace expansion
+  * debian/patches-applied/pam-loginuid-in-containers: Updated with the version
+    from Ubuntu, this should fix logins in containers (Closes: #726661)
+  * debian/patches-applied/update-motd: Updated with the version from Ubuntu:
+    use /run/motd.dynamic instead of /var/run/motd, nothing in the archive
+    uses the later (Closes: #743286)
+  * debian/patches-applied/make_documentation_reproducible.patch: Make the
+    build reproducible, removes differences when building with different
+    locale values (Closes: #792127)
+
+ -- Laurent Bigonville <[email protected]>  Wed, 18 May 2016 02:04:29 +0200
+
 pam (1.1.8-3.2) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -u pam-1.1.8/debian/control pam-1.1.8/debian/control
--- pam-1.1.8/debian/control
+++ pam-1.1.8/debian/control
@@ -3,13 +3,14 @@
 Priority: optional
 Uploaders: Sam Hartman <[email protected]>, Roger Leigh <[email protected]>
 Maintainer: Steve Langasek <[email protected]>
-Standards-Version: 3.9.1
-Build-Depends: libcrack2-dev (>= 2.8), bzip2, debhelper (>= 8.9.4), quilt (>= 
0.48-1), flex, libdb-dev, libselinux1-dev [linux-any], po-debconf, 
dh-autoreconf, autopoint, libaudit-dev [linux-any], pkg-config
+Standards-Version: 3.9.8
+Build-Depends: libcrack2-dev (>= 2.8), bzip2, debhelper (>= 9), quilt (>= 
0.48-1), flex, libdb-dev, libselinux1-dev [linux-any], po-debconf, 
dh-autoreconf, autopoint, libaudit-dev [linux-any], pkg-config
 Build-Depends-Indep: xsltproc, libxml2-utils, docbook-xml, docbook-xsl, w3m
 Build-Conflicts-Indep: fop
 Build-Conflicts: libdb4.2-dev, libxcrypt-dev
-Vcs-Bzr: http://bzr.debian.org/bzr/pkg-pam/debian/sid/
-Homepage: http://pam.sourceforge.net/
+Vcs-Bzr: https://alioth.debian.org/scm/loggerhead/pkg-pam/debian/sid
+Vcs-Browser: https://alioth.debian.org/scm/loggerhead/pkg-pam/debian/sid/files
+Homepage: http://www.linux-pam.org/
 
 Package: libpam0g
 Priority: required
diff -u pam-1.1.8/debian/libpam-doc.doc-base.applications-guide 
pam-1.1.8/debian/libpam-doc.doc-base.applications-guide
--- pam-1.1.8/debian/libpam-doc.doc-base.applications-guide
+++ pam-1.1.8/debian/libpam-doc.doc-base.applications-guide
@@ -4,7 +4,7 @@
 Abstract: This manual documents what an application developer needs to know
  about the Linux-PAM library. It describes how an application might use
  the Linux-PAM library to authenticate users. In addition it contains a
- description of the funtions to be found in libpam_misc library, that can
+ description of the functions to be found in libpam_misc library, that can
  be used in general applications. Finally, it contains some comments on PAM
  related security issues for the application developer.
 Section: Programming
diff -u pam-1.1.8/debian/libpam0g-dev.examples 
pam-1.1.8/debian/libpam0g-dev.examples
--- pam-1.1.8/debian/libpam0g-dev.examples
+++ pam-1.1.8/debian/libpam0g-dev.examples
@@ -5 +5,3 @@
-libpamc/test/{agents,modules,regress}
+libpamc/test/agents
+libpamc/test/modules
+libpamc/test/regress
diff -u pam-1.1.8/debian/local/pam-auth-update 
pam-1.1.8/debian/local/pam-auth-update
--- pam-1.1.8/debian/local/pam-auth-update
+++ pam-1.1.8/debian/local/pam-auth-update
@@ -671,7 +671,7 @@
        my %profile;
        open(PROFILE, $profile) || die "could not read profile $profile: $!";
        while (<PROFILE>) {
-               if (/^(\S+):\s+(.*)$/) {
+               if (/^(\S+):\s+(.*)\s*$/) {
                        $fieldname = $1;
                        # compatibility with the first implementation round;
                        # "Auth-Final" is now just called "Auth"
@@ -686,6 +686,7 @@
                } else {
                        chomp;
                        s/^\s+//;
+                       s/\s+$//;
                        $profile{$fieldname} .= "\n$_" if ($_);
                        $profile{$fieldname} =~ s/^[\n\s]+//;
                }
reverted:
--- pam-1.1.8/debian/patches-applied/cve-2011-4708.patch
+++ pam-1.1.8.orig/debian/patches-applied/cve-2011-4708.patch
@@ -1,64 +0,0 @@
-Description: fix cve-2011-4708: .pam_environment privilege issue
-Index: pam.debian/modules/pam_env/pam_env.c
-===================================================================
---- pam.debian.orig/modules/pam_env/pam_env.c
-+++ pam.debian/modules/pam_env/pam_env.c
-@@ -10,7 +10,7 @@
- #define DEFAULT_READ_ENVFILE    1
- 
- #define DEFAULT_USER_ENVFILE    ".pam_environment"
--#define DEFAULT_USER_READ_ENVFILE 1
-+#define DEFAULT_USER_READ_ENVFILE 0
- 
- #include "config.h"
- 
-Index: pam.debian/modules/pam_env/pam_env.8.xml
-===================================================================
---- pam.debian.orig/modules/pam_env/pam_env.8.xml
-+++ pam.debian/modules/pam_env/pam_env.8.xml
-@@ -147,7 +147,7 @@
-         <listitem>
-           <para>
-             Turns on or off the reading of the user specific environment
--            file. 0 is off, 1 is on. By default this option is on.
-+            file. 0 is off, 1 is on. By default this option is off.
-           </para>
-         </listitem>
-       </varlistentry>
-Index: pam.debian/modules/pam_env/pam_env.8
-===================================================================
---- pam.debian.orig/modules/pam_env/pam_env.8
-+++ pam.debian/modules/pam_env/pam_env.8
-@@ -2,12 +2,12 @@
- .\"     Title: pam_env
- .\"    Author: [see the "AUTHOR" section]
- .\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
--.\"      Date: 09/19/2013
-+.\"      Date: 01/15/2014
- .\"    Manual: Linux-PAM Manual
- .\"    Source: Linux-PAM Manual
- .\"  Language: English
- .\"
--.TH "PAM_ENV" "8" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual"
-+.TH "PAM_ENV" "8" "01/15/2014" "Linux-PAM Manual" "Linux-PAM Manual"
- .\" -----------------------------------------------------------------
- .\" * Define some portability stuff
- .\" -----------------------------------------------------------------
-@@ -88,7 +88,7 @@
- .PP
- \fBuser_readenv=\fR\fB\fI0|1\fR\fR
- .RS 4
--Turns on or off the reading of the user specific environment file\&. 0 is 
off, 1 is on\&. By default this option is on\&.
-+Turns on or off the reading of the user specific environment file\&. 0 is 
off, 1 is on\&. By default this option is off\&.
- .RE
- .SH "MODULE TYPES PROVIDED"
- .PP
-@@ -138,7 +138,7 @@
- .PP
- \fBpam_env.conf\fR(5),
- \fBpam.d\fR(5),
--\fBpam\fR(8)\&.
-+\fBpam\fR(7)\&.
- .SH "AUTHOR"
- .PP
- pam_env was written by Dave Kinchlea <kinch@kinch\&.ark\&.com>\&.
diff -u pam-1.1.8/debian/patches-applied/pam-loginuid-in-containers 
pam-1.1.8/debian/patches-applied/pam-loginuid-in-containers
--- pam-1.1.8/debian/patches-applied/pam-loginuid-in-containers
+++ pam-1.1.8/debian/patches-applied/pam-loginuid-in-containers
@@ -29,11 +29,11 @@
     Signed-off-by: Steve Langasek <[email protected]>
     Signed-off-by: Dmitry V. Levin <[email protected]>
 
-Index: pam.deb/modules/pam_loginuid/pam_loginuid.c
+Index: ubuntu/modules/pam_loginuid/pam_loginuid.c
 ===================================================================
---- pam.deb.orig/modules/pam_loginuid/pam_loginuid.c
-+++ pam.deb/modules/pam_loginuid/pam_loginuid.c
-@@ -46,25 +46,49 @@
+--- ubuntu.orig/modules/pam_loginuid/pam_loginuid.c    2014-01-31 
21:07:08.665185675 +0000
++++ ubuntu/modules/pam_loginuid/pam_loginuid.c 2014-01-31 21:05:05.000000000 
+0000
+@@ -47,25 +47,56 @@
  
  /*
   * This function writes the loginuid to the /proc system. It returns
@@ -50,48 +50,58 @@
 +      char loginuid[24], buf[24];
 +      static const char host_uid_map[] = "         0          0 4294967295\n";
 +      char uid_map[sizeof(host_uid_map)];
++
++      /* loginuid in user namespaces currently isn't writable and in some
++         case, not even readable, so consider any failure as ignorable (but 
try
++         anyway, in case we hit a kernel which supports it). */
++      fd = open("/proc/self/uid_map", O_RDONLY);
++      if (fd >= 0) {
++              count = pam_modutil_read(fd, uid_map, sizeof(uid_map));
++              if (strncmp(uid_map, host_uid_map, count) != 0)
++                      rc = PAM_IGNORE;
++              close(fd);
++      }
  
-       count = snprintf(loginuid, sizeof(loginuid), "%lu", (unsigned long)uid);
+-      count = snprintf(loginuid, sizeof(loginuid), "%lu", (unsigned long)uid);
 -      fd = open("/proc/self/loginuid", O_NOFOLLOW|O_WRONLY|O_TRUNC);
 +      fd = open("/proc/self/loginuid", O_NOFOLLOW|O_RDWR);
        if (fd < 0) {
 -              if (errno != ENOENT) {
 -                      rc = 1;
+-                      pam_syslog(pamh, LOG_ERR,
+-                                 "Cannot open /proc/self/loginuid: %m");
 +              if (errno == ENOENT) {
 +                      rc = PAM_IGNORE;
-+              } else if (errno == EACCES) {
-+                      fd = open("/proc/self/uid_map", O_RDONLY);
-+                      if (fd >= 0) {
-+                              count = pam_modutil_read(fd, uid_map, 
sizeof(uid_map));
-+                              if (strncmp(uid_map, host_uid_map, count) != 0)
-+                                      rc = PAM_IGNORE;
-+                              close(fd);
-+                      }
-+                      if (rc != PAM_IGNORE)
-+                              errno = EACCES;
 +              }
 +              if (rc != PAM_IGNORE) {
-                       pam_syslog(pamh, LOG_ERR,
-                                  "Cannot open /proc/self/loginuid: %m");
++                      pam_syslog(pamh, LOG_ERR, "Cannot open %s: %m",
++                                 "/proc/self/loginuid");
                }
                return rc;
        }
 -      if (pam_modutil_write(fd, loginuid, count) != count)
 -              rc = 1;
 +
++      count = snprintf(loginuid, sizeof(loginuid), "%lu", (unsigned long)uid);
 +      if (pam_modutil_read(fd, buf, sizeof(buf)) == count &&
 +          memcmp(buf, loginuid, count) == 0) {
 +              rc = PAM_SUCCESS;
 +              goto done;      /* already correct */
 +      }
 +      if (lseek(fd, 0, SEEK_SET) == 0 && ftruncate(fd, 0) == 0 &&
-+          pam_modutil_write(fd, loginuid, count) == count)
++          pam_modutil_write(fd, loginuid, count) == count) {
 +              rc = PAM_SUCCESS;
++      } else {
++              if (rc != PAM_IGNORE) {
++                      pam_syslog(pamh, LOG_ERR, "Error writing %s: %m",
++                                 "/proc/self/loginuid");
++              }
++      }
 + done:
        close(fd);
        return rc;
  }
-@@ -164,6 +188,7 @@
+@@ -165,6 +196,7 @@
  {
          const char *user = NULL;
        struct passwd *pwd;
@@ -99,7 +109,7 @@
  #ifdef HAVE_LIBAUDIT
        int require_auditd = 0;
  #endif
-@@ -182,9 +207,14 @@
+@@ -183,9 +215,14 @@
                return PAM_SESSION_ERR;
        }
  
@@ -117,7 +127,7 @@
        }
  
  #ifdef HAVE_LIBAUDIT
-@@ -194,11 +224,12 @@
+@@ -195,11 +232,12 @@
                argv++;
        }
  
diff -u pam-1.1.8/debian/patches-applied/series 
pam-1.1.8/debian/patches-applied/series
--- pam-1.1.8/debian/patches-applied/series
+++ pam-1.1.8/debian/patches-applied/series
@@ -15,7 +15,7 @@
 045_pam_dispatch_jump_is_ignore
 054_pam_security_abstract_securetty_handling
 055_pam_unix_nullok_secure
-cve-2011-4708.patch
+cve-2010-4708.patch
 PAM-manpage-section 
 update-motd
 no_PATH_MAX_on_hurd
@@ -26,0 +27,3 @@
+pam-limits-nofile-fd-setsize-cap
+pam_namespace_fix_bashism.patch
+make_documentation_reproducible.patch
diff -u pam-1.1.8/debian/patches-applied/update-motd 
pam-1.1.8/debian/patches-applied/update-motd
--- pam-1.1.8/debian/patches-applied/update-motd
+++ pam-1.1.8/debian/patches-applied/update-motd
@@ -86,16 +86,16 @@
 -
 -      pam_info (pamh, "%s", mtmp);
 -      break;
-+    /* Run the update-motd dynamic motd scripts, outputting to /var/run/motd.
-+       If /etc/motd -> /var/run/motd, the displayed MOTD will be dynamic.
-+       Otherwise, the admin can force a static MOTD by breaking that symlink
-+       and publishing into an /etc/motd text file. */
++    /* Run the update-motd dynamic motd scripts, outputting to 
/run/motd.dynamic.
++       This will be displayed only when calling pam_motd with
++       motd=/run/motd.dynamic; current /etc/pam.d/login and /etc/pam.d/sshd
++       display both this file and /etc/motd. */
 +    if (do_update && (stat("/etc/update-motd.d", &st) == 0)
 +        && S_ISDIR(st.st_mode))
 +    {
 +      mode_t old_mask = umask(0022);
-+      if (!system("/usr/bin/env -i 
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin run-parts 
--lsbsysinit /etc/update-motd.d > /var/run/motd.new"))
-+          rename("/var/run/motd.new", "/var/run/motd");
++      if (!system("/usr/bin/env -i 
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin run-parts 
--lsbsysinit /etc/update-motd.d > /run/motd.dynamic.new"))
++          rename("/run/motd.dynamic.new", "/run/motd.dynamic");
 +      umask(old_mask);
      }
  
diff -u pam-1.1.8/debian/po/sv.po pam-1.1.8/debian/po/sv.po
--- pam-1.1.8/debian/po/sv.po
+++ pam-1.1.8/debian/po/sv.po
@@ -9,7 +9,7 @@
 "Project-Id-Version: pam 0.99.7.1-5\n"
 "Report-Msgid-Bugs-To: [email protected]\n"
 "POT-Creation-Date: 2011-10-30 15:05-0400\n"
-"PO-Revision-Date: 2011-12-06 21:31+0100\n"
+"PO-Revision-Date: 2014-04-08 11:37+0200\n"
 "Last-Translator: Martin Bagge / brother <[email protected]>\n"
 "Language-Team: Swedish <[email protected]>\n"
 "Language: sv\n"
@@ -134,7 +134,7 @@
 msgstr ""
 "Pluggable Authentication Modules (PAM) hanterar hur autentisering, "
 "identifiering och byte av lösenord ska utföras på systemet. Dessutom "
-"hanteras särskilda åtgärder som ska vidtas vid uppstarta av "
+"hanteras särskilda åtgärder som ska vidtas vid uppstart av "
 "användarsessioner."
 
 #. Type: multiselect
diff -u pam-1.1.8/debian/po/tr.po pam-1.1.8/debian/po/tr.po
--- pam-1.1.8/debian/po/tr.po
+++ pam-1.1.8/debian/po/tr.po
@@ -8,15 +8,15 @@
 "Project-Id-Version: pam 0.99.7.1-5\n"
 "Report-Msgid-Bugs-To: [email protected]\n"
 "POT-Creation-Date: 2011-10-30 15:05-0400\n"
-"PO-Revision-Date: 2009-01-01 19:20+0200\n"
+"PO-Revision-Date: 2014-08-01 14:42+0200\n"
 "Last-Translator: Mert Dirik <[email protected]>\n"
 "Language-Team: Debian L10n Turkish <[email protected]>\n"
-"Language: \n"
+"Language: tr\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
-"X-Poedit-Language: Turkish\n"
 "Plural-Forms: nplurals=1; plural=0;\n"
+"X-Generator: Poedit 1.5.4\n"
 
 #. Type: string
 #. Description
@@ -48,7 +48,6 @@
 #. Type: error
 #. Description
 #: ../libpam0g.templates:2001
-#, fuzzy
 #| msgid ""
 #| "The kdm, wdm, and xdm display managers require a restart for the new "
 #| "version of libpam, but there are X login sessions active on your system "
@@ -60,11 +59,11 @@
 "terminated by this restart.  You will therefore need to restart these "
 "services by hand before further X logins will be possible."
 msgstr ""
-"kdm, wdm ve xdm görüntü yöneticileri, libpam'ın yeni sürümünden "
-"yararlanabilmek için yeniden başlatılmalı; fakat sisteminizde etkin X "
-"oturumları var. Görüntü yöneticisi yeniden başlatılırsa bu oturumlar 
da "
-"kapatılır. Bu yüzden ileride yeni X oturumları açabilmek için bu 
hizmetleri "
-"elle yeniden başlatmanız gerekecek. "
+"wdm ve xdm görüntü yöneticileri, libpam'ın yeni sürümünden 
yararlanabilmek "
+"için yeniden başlatılmalı; fakat sisteminizde etkin X oturumları var.  "
+"Görüntü yöneticisi yeniden başlatılırsa bu oturumlar da kapatılır.  
Bu "
+"yüzden ileride yeni X oturumları açabilmek için bu hizmetleri elle 
yeniden "
+"başlatmanız gerekecek. "
 
 #. Type: error
 #. Description
@@ -94,7 +93,7 @@
 #. Description
 #: ../libpam0g.templates:4001
 msgid "Restart services during package upgrades without asking?"
-msgstr ""
+msgstr "Paket yükseltme esnasında hizmetler sorulmadan yeniden 
başlatılsın mı?"
 
 #. Type: boolean
 #. Description
@@ -108,18 +107,26 @@
 "necessary restarts will be done for you automatically so you can avoid being "
 "asked questions on each library upgrade."
 msgstr ""
+"Sisteminizde libpam, libc ve libssl gibi bazı kitaplıklar 
yükseltildiğinde "
+"yeniden başlatılması gereken bazı hizmetler kurulu. Yeniden başlatma "
+"işlemleri sisteminizin sunduğu hizmetlerde kesintilere neden 
olabileceğinden "
+"dolayı her yükseltme işlemi esnasında yeniden başlatmak istediğiniz "
+"hizmetler size sorulacaktır. Eğer bu sorunun sorulmasını istemiyorsanız 
bu "
+"seçeneği kullanabilirsiniz. Bu seçenek seçildiği takdirde bir kitaplık "
+"yükseltmesi yapılırken gereken tüm yeniden başlatma işlemleri size "
+"sorulmaksızın otomatik olarak yapılacaktır."
 
 #. Type: title
 #. Description
 #: ../libpam-runtime.templates:1001
 msgid "PAM configuration"
-msgstr ""
+msgstr "PAM yapılandırması"
 
 #. Type: multiselect
 #. Description
 #: ../libpam-runtime.templates:2001
 msgid "PAM profiles to enable:"
-msgstr ""
+msgstr "Etkinleştirilecek PAM profilleri:"
 
 #. Type: multiselect
 #. Description
@@ -130,6 +137,10 @@
 "allowing configuration of additional actions to take when starting user "
 "sessions."
 msgstr ""
+"Takılabilir Doğrulama Modülleri (PAM), sistemdeki kimlik doğrulama, izin "
+"verme ve parola değiştirme işlemlerinin ne şekilde idare edileceğine 
karar "
+"veren ve ayrıca kullanıcı oturumları başlatılırken atılması gereken 
adımları "
+"yapılandırmaya yarayan bir sistemdir."
 
 #. Type: multiselect
 #. Description
@@ -139,12 +150,16 @@
 "adjust the behavior of all PAM-using applications on the system.  Please "
 "indicate which of these behaviors you wish to enable."
 msgstr ""
+"Bazı PAM modül paketleri, sistemde mevcut olan ve PAM kullanan tüm "
+"uygulamaların davranışlarını otomatik olarak ayarlamaya yarayan 
profiller "
+"sağlar.  Lütfen bu davranışlardan hangisini etkinleştirmek istediğinizi 
"
+"belirtin."
 
 #. Type: error
 #. Description
 #: ../libpam-runtime.templates:3001
 msgid "Incompatible PAM profiles selected."
-msgstr ""
+msgstr "Uyumsuz PAM profilleri seçildi"
 
 #. Type: error
 #. Description
@@ -152,19 +167,20 @@
 #. PAM profile names.
 #: ../libpam-runtime.templates:3001
 msgid "The following PAM profiles cannot be used together:"
-msgstr ""
+msgstr "Şu PAM profilleri birarada kullanılamaz:"
 
 #. Type: error
 #. Description
 #: ../libpam-runtime.templates:3001
 msgid "Please select a different set of modules to enable."
-msgstr ""
+msgstr "Lütfen farklı bir modül kümesi seçin."
 
 #. Type: boolean
 #. Description
 #: ../libpam-runtime.templates:4001
 msgid "Override local changes to /etc/pam.d/common-*?"
 msgstr ""
+"/etc/pam.d/common-* konumundaki yerel değişiklikler görmezden gelinsin mi?"
 
 #. Type: boolean
 #. Description
@@ -176,12 +192,17 @@
 "decline this option, you will need to manage your system's authentication "
 "configuration by hand."
 msgstr ""
+"/etc/pam.d/common-{auth,account,password,session} dosyalarından bir ya da "
+"daha fazlası yerel olarak değiştirilmiş.  Lütfen bu yerel 
değişikliklerin "
+"sistem tarafından sağlanan yapılandırma ile değiştirilmesine izin verip 
"
+"vermediğinizi belirtin.  Bu seçeneği kabul etmediğiniz takdirde sistemin "
+"kimlik doğrulama yapılandırmasını elinizle ayarlamanız gerekecektir."
 
 #. Type: error
 #. Description
 #: ../libpam-runtime.templates:5001
 msgid "No PAM profiles have been selected."
-msgstr ""
+msgstr "Hiçbir PAM profili seçilmedi."
 
 #. Type: error
 #. Description
@@ -191,6 +212,10 @@
 "all users access without authenticating, and is not allowed.  Please select "
 "at least one PAM profile from the available list."
 msgstr ""
+"Sistemde kullanılmak üzere hiçbir PAM modülü seçilmedi.  Bu durum tüm "
+"kullanıcılara hiçbir kimlik doğrulamaya maruz kalmaksızın erişim izni "
+"verilmesi anlamına gelir ve bu duruma izin verilmemektedir.  Lütfen mevcut "
+"profiller listesinden en az bir PAM profili seçin."
 
 #. Type: error
 #. Description
diff -u pam-1.1.8/debian/watch pam-1.1.8/debian/watch
--- pam-1.1.8/debian/watch
+++ pam-1.1.8/debian/watch
@@ -2,2 +2,3 @@
-opts=pasv ftp://ftp.kernel.org/pub/linux/libs/pam/library/Linux-PAM-(.*).tar.gz
-
+opts=uversionmangle=s/^(\S+-doc)/0.0.$1/ \
+http://www.linux-pam.org/library/ \
+(?:|.*/)Linux-PAM(?:[_\-]v?|)(\d[^\s/]*)\.(?:tar\.xz|txz|tar\.bz2|tbz2|tar\.gz|tgz)
only in patch2:
unchanged:
--- pam-1.1.8.orig/debian/patches-applied/cve-2010-4708.patch
+++ pam-1.1.8/debian/patches-applied/cve-2010-4708.patch
@@ -0,0 +1,64 @@
+Description: fix cve-2010-4708: .pam_environment privilege issue
+Index: pam.debian/modules/pam_env/pam_env.c
+===================================================================
+--- pam.debian.orig/modules/pam_env/pam_env.c
++++ pam.debian/modules/pam_env/pam_env.c
+@@ -10,7 +10,7 @@
+ #define DEFAULT_READ_ENVFILE    1
+ 
+ #define DEFAULT_USER_ENVFILE    ".pam_environment"
+-#define DEFAULT_USER_READ_ENVFILE 1
++#define DEFAULT_USER_READ_ENVFILE 0
+ 
+ #include "config.h"
+ 
+Index: pam.debian/modules/pam_env/pam_env.8.xml
+===================================================================
+--- pam.debian.orig/modules/pam_env/pam_env.8.xml
++++ pam.debian/modules/pam_env/pam_env.8.xml
+@@ -147,7 +147,7 @@
+         <listitem>
+           <para>
+             Turns on or off the reading of the user specific environment
+-            file. 0 is off, 1 is on. By default this option is on.
++            file. 0 is off, 1 is on. By default this option is off.
+           </para>
+         </listitem>
+       </varlistentry>
+Index: pam.debian/modules/pam_env/pam_env.8
+===================================================================
+--- pam.debian.orig/modules/pam_env/pam_env.8
++++ pam.debian/modules/pam_env/pam_env.8
+@@ -2,12 +2,12 @@
+ .\"     Title: pam_env
+ .\"    Author: [see the "AUTHOR" section]
+ .\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+-.\"      Date: 09/19/2013
++.\"      Date: 01/15/2014
+ .\"    Manual: Linux-PAM Manual
+ .\"    Source: Linux-PAM Manual
+ .\"  Language: English
+ .\"
+-.TH "PAM_ENV" "8" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual"
++.TH "PAM_ENV" "8" "01/15/2014" "Linux-PAM Manual" "Linux-PAM Manual"
+ .\" -----------------------------------------------------------------
+ .\" * Define some portability stuff
+ .\" -----------------------------------------------------------------
+@@ -88,7 +88,7 @@
+ .PP
+ \fBuser_readenv=\fR\fB\fI0|1\fR\fR
+ .RS 4
+-Turns on or off the reading of the user specific environment file\&. 0 is 
off, 1 is on\&. By default this option is on\&.
++Turns on or off the reading of the user specific environment file\&. 0 is 
off, 1 is on\&. By default this option is off\&.
+ .RE
+ .SH "MODULE TYPES PROVIDED"
+ .PP
+@@ -138,7 +138,7 @@
+ .PP
+ \fBpam_env.conf\fR(5),
+ \fBpam.d\fR(5),
+-\fBpam\fR(8)\&.
++\fBpam\fR(7)\&.
+ .SH "AUTHOR"
+ .PP
+ pam_env was written by Dave Kinchlea <kinch@kinch\&.ark\&.com>\&.
only in patch2:
unchanged:
--- pam-1.1.8.orig/debian/patches-applied/make_documentation_reproducible.patch
+++ pam-1.1.8/debian/patches-applied/make_documentation_reproducible.patch
@@ -0,0 +1,28 @@
+Description: Make documentation reproducible
+ Add LC_ALL=C to w3m to avoid changes in the output when build the
+ documentation with different locales.
+Author: Juan Picca <[email protected]>
+Last-Update: 2015-07-11
+
+--- pam.orig/configure
++++ pam/configure
+@@ -15162,7 +15162,7 @@ fi
+ 
+ 
+ if test ! -z "$BROWSER"; then
+-     BROWSER="$BROWSER -T text/html -dump"
++     BROWSER="LC_ALL=C $BROWSER -T text/html -dump"
+ else
+      enable_docu=no
+ fi
+--- pam.orig/configure.in
++++ pam/configure.in
+@@ -554,7 +554,7 @@ JH_CHECK_XML_CATALOG([http://docbook.sou
+ 
+ AC_PATH_PROG([BROWSER], [w3m])
+ if test ! -z "$BROWSER"; then
+-     BROWSER="$BROWSER -T text/html -dump"
++     BROWSER="LC_ALL=C $BROWSER -T text/html -dump"
+ else
+      enable_docu=no
+ fi
only in patch2:
unchanged:
--- pam-1.1.8.orig/debian/patches-applied/pam-limits-nofile-fd-setsize-cap
+++ pam-1.1.8/debian/patches-applied/pam-limits-nofile-fd-setsize-cap
@@ -0,0 +1,58 @@
+From: Robie Basak <[email protected]>
+Subject: pam_limits: cap the default soft nofile limit read from pid 1 to 
FD_SETSIZE
+
+Cap the default soft nofile limit read from pid 1 to FD_SETSIZE since
+larger values can cause problems with fd_set overflow and systemd sets
+itself higher.
+
+See:
+https://lists.ubuntu.com/archives/ubuntu-devel/2010-September/031446.html
+http://www.outflux.net/blog/archives/2014/06/13/5-year-old-glibc-select-weakness-fixed/
+https://sourceware.org/bugzilla/show_bug.cgi?id=10352
+https://github.com/systemd/systemd/commit/4096d6f5879aef73e20dd7b62a01f447629945b0
+
+pam_limits reads the default limits from /proc/1/limits. Previously,
+using upstart, this resulted in a 1024 nofile soft limit on Ubuntu
+systems by default. Using systemd, this results in a limit of 65536
+instead. This is not the intention of systemd upstream. See systemd
+commit 4096d6f for an explanation of systemd's behaviour.
+
+If we want to make such a change to the default distribution soft limit
+in PAM, we should do it deliberately and carefully, not accidentally. A
+change should consider what uses select(2) and might inadvertently (and
+incorrectly) assume that file descriptors will always fit into an
+fd_set, what vulnerabilities or crashes the change could consequently
+create, and whether the protection now present with FORTIFY_SOURCE is
+suitably enabled in all relevant builds.
+
+So this keeps the soft limit at 1024 for now. The hard limit will rise
+to 65536 along with systemd. Anything that knows that it will not be
+buggy with respect to fd_set and FD_SETSIZE, such as by using poll(2) or
+epoll(7) instead of select(2), can always raise the soft limit itself
+without issue.
+
+20:54 <rbasak> slangasek: [...] I'm also not sure how to go about
+upstreaming this as pam_limits seems to be heavily patched already.
+
+Forwarded: no
+Reviewed-by: Adam Conrad <[email protected]>
+Reviewed-by: Martin Pitt <[email protected]>
+Last-Update: 2015-04-22
+
+--- a/modules/pam_limits/pam_limits.c
++++ b/modules/pam_limits/pam_limits.c
+@@ -439,6 +439,14 @@ static void parse_kernel_limits(pam_hand
+         pl->limits[i].src_hard = LIMITS_DEF_KERNEL;
+     }
+     fclose(limitsfile);
++
++    /* Cap the default soft nofile limit read from pid 1 to FD_SETSIZE
++     * since larger values can cause problems with fd_set overflow and
++     * systemd sets itself higher. */
++    if (pl->limits[RLIMIT_NOFILE].src_soft == LIMITS_DEF_KERNEL &&
++        pl->limits[RLIMIT_NOFILE].limit.rlim_cur > FD_SETSIZE) {
++      pl->limits[RLIMIT_NOFILE].limit.rlim_cur = FD_SETSIZE;
++    }
+ }
+ 
+ static int init_limits(pam_handle_t *pamh, struct pam_limit_s *pl, int ctrl)
only in patch2:
unchanged:
--- pam-1.1.8.orig/debian/patches-applied/pam_namespace_fix_bashism.patch
+++ pam-1.1.8/debian/patches-applied/pam_namespace_fix_bashism.patch
@@ -0,0 +1,61 @@
+From fbc65c39d6853af268c9a093923afc876d0b138e Mon Sep 17 00:00:00 2001
+From: Steve Langasek <[email protected]>
+Date: Tue, 14 Jan 2014 19:48:51 -0800
+Subject: pam_namespace: don't use bashisms in default namespace.init script
+
+* modules/pam_namespace/pam_namespace.c: call setuid() before execing the
+namespace init script, so that scripts run with maximum privilege regardless
+of the shell implementation.
+* modules/pam_namespace/namespace.init: drop the '-p' bashism from the
+shebang line
+
+This is not a POSIX standard option, it's a bashism.  The bash manpage says
+that it's used to prevent the effective user id from being reset to the real
+user id on startup, and to ignore certain unsafe variables from the
+environment.
+
+In the case of pam_namespace, the -p is not necessary for environment
+sanitizing because the PAM module (properly) sanitizes the environment
+before execing the script.
+
+The stated reason given in CVS history for passing -p is to "preserve euid
+when called from setuid apps (su, newrole)."  This should be done more
+portably, by calling setuid() before spawning the shell.
+
+Signed-off-by: Steve Langasek <[email protected]>
+Bug-Debian: http://bugs.debian.org/624842
+Bug-Ubuntu: https://bugs.launchpad.net/bugs/1081323
+---
+ modules/pam_namespace/namespace.init  | 2 +-
+ modules/pam_namespace/pam_namespace.c | 5 +++++
+ 2 files changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/modules/pam_namespace/namespace.init 
b/modules/pam_namespace/namespace.init
+index 9ab5806..67d4aa2 100755
+--- a/modules/pam_namespace/namespace.init
++++ b/modules/pam_namespace/namespace.init
+@@ -1,4 +1,4 @@
+-#!/bin/sh -p
++#!/bin/sh
+ # It receives polydir path as $1, the instance path as $2,
+ # a flag whether the instance dir was newly created (0 - no, 1 - yes) in $3,
+ # and user name in $4.
+diff --git a/modules/pam_namespace/pam_namespace.c 
b/modules/pam_namespace/pam_namespace.c
+index e0d5e30..92883f5 100644
+--- a/modules/pam_namespace/pam_namespace.c
++++ b/modules/pam_namespace/pam_namespace.c
+@@ -1205,6 +1205,11 @@ static int inst_init(const struct polydir_s *polyptr, 
const char *ipath,
+                                               _exit(1);
+                               }
+ #endif
++                              /* Pass maximum privs when we exec() */
++                              if (setuid(geteuid()) < 0) {
++                                      /* ignore failures, they don't matter */
++                              }
++
+                               if (execle(init_script, init_script,
+                                       polyptr->dir, ipath, newdir?"1":"0", 
idata->user, NULL, envp) < 0)
+                                       _exit(1);
+-- 
+cgit v0.12
+

--- End Message ---
--- Begin Message ---
Hi,

This NMU landed in sid on 2016-06-02, I think we can close the bug  ;)


Best,

  nicoo

--- End Message ---

Reply via email to