diff options
| -rw-r--r-- | debian/changelog | 4 | ||||
| -rwxr-xr-x | debian/rules | 3 |
2 files changed, 6 insertions, 1 deletions
diff --git a/debian/changelog b/debian/changelog index c9e8f397..7678c615 100644 --- a/debian/changelog +++ b/debian/changelog @@ -21,6 +21,10 @@ pam (0.99.10.0-1) UNRELEASED; urgency=low pam_rhosts_auth introduced upstream in 0.99.9.0: we want to cast the result of inet_addr to int32_t, not the result of a boolean *comparison* on inet_addr's result... + * The password-changing helper functionality for SELinux systems has been + split out into a separate unix_update binary, so at long last we can + change unix_chkpwd to be sgid shadow instead of suid root. + Closes: #155583. * Use a pristine upstream tarball instead of repacking; requires various changes to debian/rules and debhelper files. * Replace the Vcs-Svn field with a Vcs-Bzr field; jumping ship from svn, diff --git a/debian/rules b/debian/rules index 89bff84f..ad9ccc9b 100755 --- a/debian/rules +++ b/debian/rules @@ -137,7 +137,8 @@ binary-arch: install dh_strip -a dh_compress -a dh_fixperms -a - chmod 04755 $(d)/libpam-modules/sbin/unix_chkpwd + chmod 02755 $(d)/libpam-modules/sbin/unix_chkpwd + chgrp shadow $(d)/libpam-modules/sbin/unix_chkpwd dh_makeshlibs -plibpam0g -V "libpam0g (>= 0.99.7.1)" dh_installdeb -a dh_shlibdeps -a -L libpam0g -l$(CURDIR)/debian/libpam0g/lib |