diff options
Diffstat (limited to 'debian')
48 files changed, 265 insertions, 468 deletions
diff --git a/debian/changelog b/debian/changelog index 8c92d7dc..f865c9f3 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,68 @@ +pam (1.5.2-3) UNRELEASED; urgency=medium + + * Add missing manpages for pam_namespace which for some reason don't get + installed by the upstream rules + * Drop obsolete upgrade code from maintainer scripts which is no longer + used + * Drop manual multiarch file handling in favor of dh-exec. + * No special-case needed for pam_modutil_sanitize_helper_fds in symbols + file, it's covered by the existing globs. + + -- Steve Langasek <vorlon@debian.org> Thu, 18 Aug 2022 18:26:29 +0000 + +pam (1.5.2-2) unstable; urgency=medium + + * Pass --with-systemdunitdir=/usr/lib/systemd/system for consistent + builds whether we are or aren't building in an environment with systemd + present. + * Install the pam_namespace.service unit in the libpam-modules-bin + package. + + -- Steve Langasek <vorlon@debian.org> Thu, 18 Aug 2022 16:47:57 +0000 + +pam (1.5.2-1) unstable; urgency=medium + + * New upstream release. + - fixes compatibility with libpam-systemd. Closes: #1017467. + - fixes bashisms in configure.ac. Closes: #998361. + * Refresh patches. + * Drop patches included or obsoleted upstream: + - debian/patches-applied/pam_unix_fix_sgid_shadow_auth.patch + - debian/patches-applied/pam_unix_initialize_daysleft + - debian/patches-applied/pam_faillock_create_directory + - debian/patches-applied/pam_unix_avoid_checksalt + - debian/patches-applied/pam_env-allow-environment-files-without-EOL-at-EOF.patch + * Drop libpam-cracklib which has been obsoleted upstream. + * Add pkgconfig .pc files to libpam0g-dev. Closes: #1012688. + * Update .symbols file. + * Updated Romanian debconf translation, thanks Andrei Popescu, Closes: + #986416 + * Drop versioning of quilt build-dependency to quiet lintian, since the + version is satisfied by oldoldoldstable. + * Drop unused build-build-dependency on bzip2. + * Adjust lintian overrides for latest lintian syntax. + * Update Standards-Version. + * Bump debhelper compat to 13. + * debian/not-installed: document upstream files that aren't used. + * Override incorrect lintian warning about use of dpkg database. + * Override lintian warning for PAM module manpages being in section 8 + * Override lintian warning for unused debconf templates + * Install additional upstream manpages: faillock(8), environment(5), + pwhistory_helper(8) + * Install additional helpers in libpam-modules-bin: pam_namespace_helper, + pwhistory_helper + * Fix wrong syntax in symbols file + + -- Steve Langasek <vorlon@debian.org> Thu, 18 Aug 2022 07:27:16 +0000 + +pam (1.4.0-13) unstable; urgency=medium + + * Don't build with NIS support. This is only used for password changes on + NIS systems, and is pulling a large dependency chain into the Essential + package set which is not justifiable. + + -- Steve Langasek <vorlon@debian.org> Mon, 25 Apr 2022 16:12:04 -0700 + pam (1.4.0-11) unstable; urgency=medium * Whitespace fixes in debconf templates. diff --git a/debian/clean b/debian/clean index 18af497a..62f09e76 100644 --- a/debian/clean +++ b/debian/clean @@ -1,3 +1 @@ debian/local/pam_getenv.8 -debian/libpam0g-dev.links -debian/libpam0g-dev.install diff --git a/debian/compat b/debian/compat deleted file mode 100644 index ec635144..00000000 --- a/debian/compat +++ /dev/null @@ -1 +0,0 @@ -9 diff --git a/debian/control b/debian/control index ba9d68e2..873dd8fc 100644 --- a/debian/control +++ b/debian/control @@ -3,8 +3,8 @@ Section: libs Priority: optional Uploaders: Sam Hartman <hartmans@debian.org> Maintainer: Steve Langasek <vorlon@debian.org> -Standards-Version: 4.3.0 -Build-Depends: libcrack2-dev (>= 2.8), bzip2, debhelper (>= 9), quilt (>= 0.48-1), flex, libdb-dev, libselinux1-dev [linux-any], po-debconf, dh-autoreconf, autopoint, libaudit-dev [linux-any] <!stage1>, pkg-config, libfl-dev, libfl-dev:native, docbook-xsl, docbook-xml, xsltproc, libxml2-utils, w3m +Standards-Version: 4.6.0 +Build-Depends: debhelper-compat (= 13), dh-exec, quilt, flex, libdb-dev, libselinux1-dev [linux-any], po-debconf, dh-autoreconf, autopoint, libaudit-dev [linux-any] <!stage1>, pkg-config, libfl-dev, libfl-dev:native, docbook-xsl, docbook-xml, xsltproc, libxml2-utils, w3m Build-Conflicts-Indep: fop Build-Conflicts: libdb4.2-dev, libxcrypt-dev Vcs-Browser: https://salsa.debian.org/vorlon/pam @@ -80,16 +80,6 @@ Description: Development files for PAM possible to upgrade the authentication system without recompiling or rewriting the applications. -Package: libpam-cracklib -Section: admin -Architecture: any -Multi-Arch: same -Replaces: libpam0g-cracklib, libpam-modules (<< 1.1.0-3) -Depends: ${misc:Depends}, ${shlibs:Depends}, libpam-runtime (>= 1.0.1-6), cracklib-runtime, wamerican | wordlist -Description: PAM module to enable cracklib support - This package includes libpam_cracklib, a PAM module that tests - passwords to make sure they are not too weak during password change. - Package: libpam-doc Provides: pam-doc Section: doc diff --git a/debian/libpam-cracklib.install b/debian/libpam-cracklib.install deleted file mode 100644 index 55265e5e..00000000 --- a/debian/libpam-cracklib.install +++ /dev/null @@ -1,2 +0,0 @@ -lib/*/security/pam_cracklib.so -debian/pam-configs/cracklib usr/share/pam-configs diff --git a/debian/libpam-cracklib.manpages b/debian/libpam-cracklib.manpages deleted file mode 100644 index 0660c415..00000000 --- a/debian/libpam-cracklib.manpages +++ /dev/null @@ -1 +0,0 @@ -debian/tmp/usr/share/man/man8/pam_cracklib.8 diff --git a/debian/libpam-cracklib.postinst b/debian/libpam-cracklib.postinst deleted file mode 100644 index cf52f262..00000000 --- a/debian/libpam-cracklib.postinst +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/sh - -set -e - -if dpkg --compare-versions "$2" lt 1.0.1-6; then - pam-auth-update --package -fi - -#DEBHELPER# diff --git a/debian/libpam-cracklib.prerm b/debian/libpam-cracklib.prerm deleted file mode 100644 index fe234ac2..00000000 --- a/debian/libpam-cracklib.prerm +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/sh - -set -e - -if [ "$1" = remove ] && [ "${DPKG_MAINTSCRIPT_PACKAGE_REFCOUNT:-1}" = 1 ]; then - pam-auth-update --package --remove cracklib -fi - -#DEBHELPER# diff --git a/debian/libpam-modules-bin.install b/debian/libpam-modules-bin.install index 1092f03c..2f1c3914 100644 --- a/debian/libpam-modules-bin.install +++ b/debian/libpam-modules-bin.install @@ -1,6 +1,9 @@ sbin/unix_chkpwd sbin sbin/unix_update sbin sbin/mkhomedir_helper sbin +sbin/pam_namespace_helper +sbin/pwhistory_helper sbin/pam_timestamp_check usr/sbin sbin/faillock usr/sbin modules/pam_faillock/faillock.8 usr/share/man/man8 +usr/lib/systemd/system/pam_namespace.service diff --git a/debian/libpam-modules-bin.lintian-overrides b/debian/libpam-modules-bin.lintian-overrides index a40efeaf..8c185917 100644 --- a/debian/libpam-modules-bin.lintian-overrides +++ b/debian/libpam-modules-bin.lintian-overrides @@ -1,2 +1,2 @@ # yes, we know it's sgid, that's the whole point... -libpam-modules-bin: setgid-binary sbin/unix_chkpwd 2755 root/shadow +libpam-modules-bin: setgid-binary *sbin/unix_chkpwd* 2755 root/shadow diff --git a/debian/libpam-modules-bin.manpages b/debian/libpam-modules-bin.manpages index 8ab40612..f87f0c31 100644 --- a/debian/libpam-modules-bin.manpages +++ b/debian/libpam-modules-bin.manpages @@ -1,3 +1,8 @@ debian/tmp/usr/share/man/man8/mkhomedir_helper.8 debian/tmp/usr/share/man/man8/unix_*.8 debian/tmp/usr/share/man/man8/pam_timestamp_check.8 +debian/tmp/usr/share/man/man8/faillock.8 +debian/tmp/usr/share/man/man5/environment.5 +debian/tmp/usr/share/man/man8/pwhistory_helper.8 +modules/pam_namespace/pam_namespace_helper.8 +modules/pam_namespace/namespace.conf.5 diff --git a/debian/libpam-modules.lintian-overrides b/debian/libpam-modules.lintian-overrides index 3eba0f93..531ff4de 100644 --- a/debian/libpam-modules.lintian-overrides +++ b/debian/libpam-modules.lintian-overrides @@ -2,12 +2,13 @@ # fortifying. Since we know we have hardening turned on globally, suppress # them. If we ever see this warning again for *other* modules, then we know # there's a real problem. -libpam-modules: hardening-no-fortify-functions lib/*/security/pam_echo.so -libpam-modules: hardening-no-fortify-functions lib/*/security/pam_filter.so -libpam-modules: hardening-no-fortify-functions lib/*/security/pam_group.so -libpam-modules: hardening-no-fortify-functions lib/*/security/pam_localuser.so -libpam-modules: hardening-no-fortify-functions lib/*/security/pam_shells.so -libpam-modules: hardening-no-fortify-functions lib/*/security/pam_wheel.so +libpam-modules: hardening-no-fortify-functions *lib/*/security/pam_echo.so* +libpam-modules: hardening-no-fortify-functions *lib/*/security/pam_filter.so* +libpam-modules: hardening-no-fortify-functions *lib/*/security/pam_group.so* +libpam-modules: hardening-no-fortify-functions *lib/*/security/pam_localuser.so* +libpam-modules: hardening-no-fortify-functions *lib/*/security/pam_shells.so* +libpam-modules: hardening-no-fortify-functions *lib/*/security/pam_wheel.so* # pam_deny.so does not use any symbol from libc. -libpam-modules: shared-lib-without-dependency-information lib/*/security/pam_deny.so - +libpam-modules: shared-lib-without-dependency-information *lib/*/security/pam_deny.so* +# lintian doesn't know what to do with manpages for pam modules +libpam-modules: spare-manual-page * diff --git a/debian/libpam-modules.manpages b/debian/libpam-modules.manpages index a9f488d0..1a52120f 100644 --- a/debian/libpam-modules.manpages +++ b/debian/libpam-modules.manpages @@ -1,2 +1,3 @@ debian/tmp/usr/share/man/man8/pam_*.8 debian/tmp/usr/share/man/man5/*conf.5 +modules/pam_namespace/pam_namespace.8 diff --git a/debian/libpam-modules.postinst b/debian/libpam-modules.postinst index ce03090b..723877cf 100644 --- a/debian/libpam-modules.postinst +++ b/debian/libpam-modules.postinst @@ -17,12 +17,4 @@ then touch /etc/environment fi -if dpkg --compare-versions "$2" lt-nl 1.1.2-1 \ - && grep -q 'pam_unix.*\bmin=[0-9]\+' /etc/pam.d/common-password -then - echo "'min=' option to pam_unix is obsolete." - echo "replacing with 'minlen=' in /etc/pam.d/common-password." - sed -i -e'/pam_unix/ s/\bmin=/minlen=/' /etc/pam.d/common-password -fi - #DEBHELPER# diff --git a/debian/libpam-modules.preinst b/debian/libpam-modules.preinst index fe0d6eb9..50505eff 100644 --- a/debian/libpam-modules.preinst +++ b/debian/libpam-modules.preinst @@ -35,19 +35,7 @@ handle_profiles_with_removed_modules() { if dpkg --compare-versions "$2" lt-nl 1.4.0-5; then - db_version 2.0 - handle_profiles_with_removed_modules pam_tally - # We have a generic template for removing pam-profiles because - # there is a sane automatic action. If we detect the modules in - # user configurations we want a specific template so we can - # recommend a replacement - # /dev/null reference is to make sure we don't grep stdin if - # somehow ls returns empty - if grep -qe '^[^#]*pam_tally' $(ls -1d /etc/pam.d/* | grep -e '^/etc/pam.d/[0-9a-zA-Z/-]*$' ) /dev/null ; then - db_input critical libpam-modules/deprecate-tally ||true - db_go ||true - exit 2 - fi + db_version 2.0 if pidof xscreensaver xlockmore >/dev/null; then db_input critical libpam-modules/disable-screensaver || true diff --git a/debian/libpam-runtime.lintian-overrides b/debian/libpam-runtime.lintian-overrides index 7a8b1a70..1385c591 100644 --- a/debian/libpam-runtime.lintian-overrides +++ b/debian/libpam-runtime.lintian-overrides @@ -2,4 +2,12 @@ libpam-runtime: no-debconf-config # this warning is just plain crack, there's no reason that using debconf # outside of a maintainer script implies an error. -libpam-runtime: debconf-is-not-a-registry usr/sbin/pam-auth-update +libpam-runtime: debconf-is-not-a-registry *usr/sbin/pam-auth-update* +# false positive, we have to load the debconf templates from here +libpam-runtime: uses-dpkg-database-directly usr/sbin/pam-auth-update +# and lintian also says these templates are unused, which is false +libpam-runtime: unused-debconf-template libpam-runtime/conflicts +libpam-runtime: unused-debconf-template libpam-runtime/no_profiles_chosen +libpam-runtime: unused-debconf-template libpam-runtime/override +libpam-runtime: unused-debconf-template libpam-runtime/profiles +libpam-runtime: unused-debconf-template libpam-runtime/title diff --git a/debian/libpam-runtime.postinst b/debian/libpam-runtime.postinst index 053fdae2..b13bf75c 100644 --- a/debian/libpam-runtime.postinst +++ b/debian/libpam-runtime.postinst @@ -36,10 +36,6 @@ if [ -n "$force" ]; then /etc/pam.d/common-account.pam-old \ /etc/pam.d/common-password.pam-old \ /etc/pam.d/common-session.pam-old -elif dpkg --compare-versions "$2" lt-nl 1.1.0-1 \ - && [ ! -e /etc/pam.d/common-session-noninteractive ] -then - cp -a /etc/pam.d/common-session /etc/pam.d/common-session-noninteractive fi #DEBHELPER# diff --git a/debian/libpam0g-dev.install b/debian/libpam0g-dev.install new file mode 100755 index 00000000..0d6f4856 --- /dev/null +++ b/debian/libpam0g-dev.install @@ -0,0 +1,4 @@ +#!/usr/bin/dh-exec +usr/include/security/* +lib/${DEB_HOST_MULTIARCH}/*.a usr/lib/${DEB_HOST_MULTIARCH} +lib/${DEB_HOST_MULTIARCH}/pkgconfig/*.pc usr/lib/${DEB_HOST_MULTIARCH}/pkgconfig diff --git a/debian/libpam0g-dev.install.in b/debian/libpam0g-dev.install.in deleted file mode 100644 index 827690aa..00000000 --- a/debian/libpam0g-dev.install.in +++ /dev/null @@ -1,2 +0,0 @@ -usr/include/security/* -lib/@DEB_HOST_MULTIARCH@/*.a usr/lib/@DEB_HOST_MULTIARCH@ diff --git a/debian/libpam0g-dev.links b/debian/libpam0g-dev.links new file mode 100755 index 00000000..5cbfd6db --- /dev/null +++ b/debian/libpam0g-dev.links @@ -0,0 +1,4 @@ +#!/usr/bin/dh-exec +/lib/${DEB_HOST_MULTIARCH}/libpam.so.0 usr/lib/${DEB_HOST_MULTIARCH}/libpam.so +/lib/${DEB_HOST_MULTIARCH}/libpamc.so.0 usr/lib/${DEB_HOST_MULTIARCH}/libpamc.so +/lib/${DEB_HOST_MULTIARCH}/libpam_misc.so.0 usr/lib/${DEB_HOST_MULTIARCH}/libpam_misc.so diff --git a/debian/libpam0g-dev.links.in b/debian/libpam0g-dev.links.in deleted file mode 100644 index ee062368..00000000 --- a/debian/libpam0g-dev.links.in +++ /dev/null @@ -1,3 +0,0 @@ -/lib/@DEB_HOST_MULTIARCH@/libpam.so.0 usr/lib/@DEB_HOST_MULTIARCH@/libpam.so -/lib/@DEB_HOST_MULTIARCH@/libpamc.so.0 usr/lib/@DEB_HOST_MULTIARCH@/libpamc.so -/lib/@DEB_HOST_MULTIARCH@/libpam_misc.so.0 usr/lib/@DEB_HOST_MULTIARCH@/libpam_misc.so diff --git a/debian/libpam0g.lintian-overrides b/debian/libpam0g.lintian-overrides index 5f36562d..ef3655f5 100644 --- a/debian/libpam0g.lintian-overrides +++ b/debian/libpam0g.lintian-overrides @@ -1,6 +1,6 @@ # obvious multilib package false-positive; also the package name hasn't # changed since the glibc transition, go us! -libpam0g: package-name-doesnt-match-sonames libpam0 libpam-misc0 libpamc0 +libpam0g: package-name-doesnt-match-sonames libpam-misc0 libpam0 libpamc0 # yes, these are deliberately asked in the postinst because the checking # for daemons to be restarted needs to be done in the postinst and not # before diff --git a/debian/libpam0g.symbols b/debian/libpam0g.symbols index 7d13d32d..c8bfbb0a 100644 --- a/debian/libpam0g.symbols +++ b/debian/libpam0g.symbols @@ -9,7 +9,7 @@ libpam.so.0 libpam0g #MINVER# *@LIBPAM_MODUTIL_1.1.3 1.1.3 *@LIBPAM_MODUTIL_1.1.9 1.3.1 *@LIBPAM_MODUTIL_1.3.2 1.3.2 -(optional)pam_modutil_sanitize_helper_fds 1.3.1 + *@LIBPAM_MODUTIL_1.4.1 1.4.1 libpam_misc.so.0 libpam0g #MINVER# *@LIBPAM_MISC_1.0 0.99.7.1 libpamc.so.0 libpam0g #MINVER# diff --git a/debian/not-installed b/debian/not-installed new file mode 100644 index 00000000..bd312af0 --- /dev/null +++ b/debian/not-installed @@ -0,0 +1,8 @@ +lib/*/security/*.a +lib/*/security/*.la +lib/*/*.la +lib/*/*.so +usr/share/man/man8/pam.8 +etc/environment +# sample filter, do not install +lib/*/security/pam_filter/upperLOWER diff --git a/debian/pam-configs/cracklib b/debian/pam-configs/cracklib deleted file mode 100644 index 1c48274f..00000000 --- a/debian/pam-configs/cracklib +++ /dev/null @@ -1,9 +0,0 @@ -Name: Cracklib password strength checking -Default: yes -Priority: 1024 -Conflicts: unix-zany -Password-Type: Primary -Password: - requisite pam_cracklib.so retry=3 minlen=8 difok=3 -Password-Initial: - requisite pam_cracklib.so retry=3 minlen=8 difok=3 diff --git a/debian/patches-applied/008_modules_pam_limits_chroot b/debian/patches-applied/008_modules_pam_limits_chroot index acbdc1a9..7a86fdd5 100644 --- a/debian/patches-applied/008_modules_pam_limits_chroot +++ b/debian/patches-applied/008_modules_pam_limits_chroot @@ -2,19 +2,19 @@ Index: pam/modules/pam_limits/pam_limits.c =================================================================== --- pam.orig/modules/pam_limits/pam_limits.c +++ pam/modules/pam_limits/pam_limits.c -@@ -88,6 +88,7 @@ - int flag_numsyslogins; /* whether to limit logins only for a +@@ -90,6 +90,7 @@ specific user or to count all logins */ int priority; /* the priority to run user process with */ + int nonewprivs; /* whether to prctl(PR_SET_NO_NEW_PRIVS) */ + char chroot_dir[8092]; /* directory to chroot into */ struct user_limits_struct limits[RLIM_NLIMITS]; const char *conf_file; int utmp_after_pam_call; -@@ -98,6 +99,7 @@ - #define LIMIT_NUMSYSLOGINS RLIM_NLIMITS+2 +@@ -101,6 +102,7 @@ #define LIMIT_PRI RLIM_NLIMITS+3 -+#define LIMIT_CHROOT RLIM_NLIMITS+4 + #define LIMIT_NONEWPRIVS RLIM_NLIMITS+4 ++#define LIMIT_CHROOT RLIM_NLIMITS+5 #define LIMIT_SOFT 1 #define LIMIT_HARD 2 @@ -27,16 +27,16 @@ Index: pam/modules/pam_limits/pam_limits.c return retval; } -@@ -554,6 +558,8 @@ - pl->flag_numsyslogins = 1; - } else if (strcmp(lim_item, "priority") == 0) { +@@ -591,6 +595,8 @@ limit_item = LIMIT_PRI; + } else if (strcmp(lim_item, "nonewprivs") == 0) { + limit_item = LIMIT_NONEWPRIVS; + } else if (strcmp(lim_item, "chroot") == 0) { -+ limit_item = LIMIT_CHROOT; ++ limit_item = LIMIT_CHROOT; } else { pam_syslog(pamh, LOG_DEBUG, "unknown limit item '%s'", lim_item); return; -@@ -591,9 +597,9 @@ +@@ -640,9 +646,9 @@ pam_syslog(pamh, LOG_DEBUG, "wrong limit value '%s' for limit type '%s'", lim_value, lim_type); @@ -48,8 +48,8 @@ Index: pam/modules/pam_limits/pam_limits.c #ifdef __USE_FILE_OFFSET64 rlimit_value = strtoull (lim_value, &endptr, 10); #else -@@ -654,7 +660,11 @@ - #endif +@@ -717,7 +723,11 @@ + break; } - if ( (limit_item != LIMIT_LOGIN) @@ -59,10 +59,10 @@ Index: pam/modules/pam_limits/pam_limits.c + } + else if ( (limit_item != LIMIT_LOGIN) && (limit_item != LIMIT_NUMSYSLOGINS) - && (limit_item != LIMIT_PRI) ) { - if (limit_type & LIMIT_SOFT) { -@@ -998,6 +1008,15 @@ - retval |= LOGIN_ERR; + && (limit_item != LIMIT_PRI) + && (limit_item != LIMIT_NONEWPRIVS) ) { +@@ -1071,6 +1081,15 @@ + } } + if (!retval && pl->chroot_dir[0]) { @@ -81,7 +81,7 @@ Index: pam/modules/pam_limits/limits.conf.5.xml =================================================================== --- pam.orig/modules/pam_limits/limits.conf.5.xml +++ pam/modules/pam_limits/limits.conf.5.xml -@@ -266,6 +266,12 @@ +@@ -273,6 +273,12 @@ (Linux 2.6.12 and higher)</para> </listitem> </varlistentry> @@ -98,7 +98,7 @@ Index: pam/modules/pam_limits/limits.conf.5 =================================================================== --- pam.orig/modules/pam_limits/limits.conf.5 +++ pam/modules/pam_limits/limits.conf.5 -@@ -271,6 +271,11 @@ +@@ -279,6 +279,11 @@ .RS 4 maximum realtime priority allowed for non\-privileged processes (Linux 2\&.6\&.12 and higher) .RE @@ -114,7 +114,7 @@ Index: pam/modules/pam_limits/limits.conf =================================================================== --- pam.orig/modules/pam_limits/limits.conf +++ pam/modules/pam_limits/limits.conf -@@ -35,6 +35,7 @@ +@@ -46,6 +46,7 @@ # - msgqueue - max memory used by POSIX message queues (bytes) # - nice - max nice priority allowed to raise to values: [-20, 19] # - rtprio - max realtime priority @@ -122,7 +122,7 @@ Index: pam/modules/pam_limits/limits.conf # #<domain> <type> <item> <value> # -@@ -45,6 +46,7 @@ +@@ -56,6 +57,7 @@ #@faculty soft nproc 20 #@faculty hard nproc 50 #ftp hard nproc 0 diff --git a/debian/patches-applied/022_pam_unix_group_time_miscfixes b/debian/patches-applied/022_pam_unix_group_time_miscfixes index b940aa27..8239fd98 100644 --- a/debian/patches-applied/022_pam_unix_group_time_miscfixes +++ b/debian/patches-applied/022_pam_unix_group_time_miscfixes @@ -6,7 +6,7 @@ Index: pam/modules/pam_group/pam_group.c =================================================================== --- pam.orig/modules/pam_group/pam_group.c +++ pam/modules/pam_group/pam_group.c -@@ -761,9 +761,12 @@ +@@ -754,9 +754,12 @@ unsigned setting; /* only interested in establishing credentials */ diff --git a/debian/patches-applied/026_pam_unix_passwd_unknown_user b/debian/patches-applied/026_pam_unix_passwd_unknown_user index 99ac3f62..d277fee9 100644 --- a/debian/patches-applied/026_pam_unix_passwd_unknown_user +++ b/debian/patches-applied/026_pam_unix_passwd_unknown_user @@ -5,7 +5,7 @@ Index: pam/modules/pam_unix/passverify.c =================================================================== --- pam.orig/modules/pam_unix/passverify.c +++ pam/modules/pam_unix/passverify.c -@@ -749,7 +749,7 @@ +@@ -801,7 +801,7 @@ struct passwd *tmpent = NULL; struct stat st; FILE *pwfile, *opwfile; @@ -13,8 +13,8 @@ Index: pam/modules/pam_unix/passverify.c + int err = 1, found = 0; int oldmask; #ifdef WITH_SELINUX - security_context_t prev_context=NULL; -@@ -820,6 +820,7 @@ + char *prev_context_raw = NULL; +@@ -872,6 +872,7 @@ tmpent->pw_passwd = assigned_passwd.charp; err = 0; @@ -22,7 +22,7 @@ Index: pam/modules/pam_unix/passverify.c } if (putpwent(tmpent, pwfile)) { D(("error writing entry to password file: %m")); -@@ -862,7 +863,7 @@ +@@ -914,7 +915,7 @@ return PAM_SUCCESS; } else { unlink(PW_TMPFILE); diff --git a/debian/patches-applied/027_pam_limits_better_init_allow_explicit_root b/debian/patches-applied/027_pam_limits_better_init_allow_explicit_root index 5ac946f5..c4603f5a 100644 --- a/debian/patches-applied/027_pam_limits_better_init_allow_explicit_root +++ b/debian/patches-applied/027_pam_limits_better_init_allow_explicit_root @@ -17,7 +17,7 @@ Index: pam/modules/pam_limits/pam_limits.c =================================================================== --- pam.orig/modules/pam_limits/pam_limits.c +++ pam/modules/pam_limits/pam_limits.c -@@ -46,6 +46,14 @@ +@@ -47,6 +47,14 @@ #include <libaudit.h> #endif @@ -32,7 +32,7 @@ Index: pam/modules/pam_limits/pam_limits.c /* Module defines */ #define LINE_LENGTH 1024 -@@ -83,6 +91,7 @@ +@@ -84,6 +92,7 @@ /* internal data */ struct pam_limit_s { @@ -40,7 +40,7 @@ Index: pam/modules/pam_limits/pam_limits.c int login_limit; /* the max logins limit */ int login_limit_def; /* which entry set the login limit */ int flag_numsyslogins; /* whether to limit logins only for a -@@ -448,9 +457,18 @@ +@@ -447,9 +456,18 @@ { int i; int retval = PAM_SUCCESS; @@ -59,7 +59,7 @@ Index: pam/modules/pam_limits/pam_limits.c for(i = 0; i < RLIM_NLIMITS; i++) { int r = getrlimit(i, &pl->limits[i].limit); if (r == -1) { -@@ -466,18 +484,68 @@ +@@ -465,18 +483,68 @@ } #ifdef __linux__ @@ -134,7 +134,7 @@ Index: pam/modules/pam_limits/pam_limits.c errno = 0; pl->priority = getpriority (PRIO_PROCESS, 0); -@@ -816,7 +884,7 @@ +@@ -881,7 +949,7 @@ if (strcmp(uname, domain) == 0) /* this user have a limit */ process_limit(pamh, LIMITS_DEF_USER, ltype, item, value, ctrl, pl); @@ -143,7 +143,7 @@ Index: pam/modules/pam_limits/pam_limits.c if (ctrl & PAM_DEBUG_ARG) { pam_syslog(pamh, LOG_DEBUG, "checking if %s is in group %s", -@@ -842,7 +910,7 @@ +@@ -907,7 +975,7 @@ process_limit(pamh, LIMITS_DEF_GROUP, ltype, item, value, ctrl, pl); } @@ -152,7 +152,7 @@ Index: pam/modules/pam_limits/pam_limits.c if (ctrl & PAM_DEBUG_ARG) { pam_syslog(pamh, LOG_DEBUG, "checking if %s is in group %s", -@@ -876,7 +944,7 @@ +@@ -941,7 +1009,7 @@ } else { switch(rngtype) { case LIMIT_RANGE_NONE: @@ -161,7 +161,7 @@ Index: pam/modules/pam_limits/pam_limits.c process_limit(pamh, LIMITS_DEF_DEFAULT, ltype, item, value, ctrl, pl); break; -@@ -1062,6 +1130,8 @@ +@@ -1134,6 +1202,8 @@ return PAM_ABORT; } @@ -174,7 +174,7 @@ Index: pam/modules/pam_limits/limits.conf =================================================================== --- pam.orig/modules/pam_limits/limits.conf +++ pam/modules/pam_limits/limits.conf -@@ -11,6 +11,9 @@ +@@ -22,6 +22,9 @@ # - the wildcard *, for default entry # - the wildcard %, can be also used with %group syntax, # for maxlogin limit @@ -184,7 +184,7 @@ Index: pam/modules/pam_limits/limits.conf # #<type> can have the two values: # - "soft" for enforcing the soft limits -@@ -41,6 +44,7 @@ +@@ -52,6 +55,7 @@ # #* soft core 0 @@ -208,7 +208,7 @@ Index: pam/modules/pam_limits/limits.conf.5.xml </listitem> </varlistentry> -@@ -323,6 +328,7 @@ +@@ -333,6 +338,7 @@ </para> <programlisting> * soft core 0 @@ -220,7 +220,7 @@ Index: pam/modules/pam_limits/limits.conf.5 =================================================================== --- pam.orig/modules/pam_limits/limits.conf.5 +++ pam/modules/pam_limits/limits.conf.5 -@@ -142,6 +142,10 @@ +@@ -145,6 +145,10 @@ \fB%:\fR\fI<gid>\fR applicable to maxlogins limit only\&. It limits the total number of logins of all users that are member of the group with the specified gid\&. .RE @@ -231,7 +231,7 @@ Index: pam/modules/pam_limits/limits.conf.5 .RE .PP \fB<type>\fR -@@ -317,6 +321,7 @@ +@@ -327,6 +331,7 @@ .\} .nf * soft core 0 @@ -243,7 +243,7 @@ Index: pam/modules/pam_limits/README =================================================================== --- pam.orig/modules/pam_limits/README +++ pam/modules/pam_limits/README -@@ -54,6 +54,7 @@ +@@ -56,6 +56,7 @@ limits.conf. * soft core 0 diff --git a/debian/patches-applied/031_pam_include b/debian/patches-applied/031_pam_include index 1948f894..16cf6d31 100644 --- a/debian/patches-applied/031_pam_include +++ b/debian/patches-applied/031_pam_include @@ -8,7 +8,7 @@ Index: pam/libpam/pam_handlers.c =================================================================== --- pam.orig/libpam/pam_handlers.c +++ pam/libpam/pam_handlers.c -@@ -122,6 +122,10 @@ +@@ -123,6 +123,10 @@ module_type = PAM_T_ACCT; } else if (!strcasecmp("password", tok)) { module_type = PAM_T_PASS; @@ -19,7 +19,7 @@ Index: pam/libpam/pam_handlers.c } else { /* Illegal module type */ D(("_pam_init_handlers: bad module type: %s", tok)); -@@ -192,8 +196,10 @@ +@@ -193,8 +197,10 @@ _pam_set_default_control(actions, _PAM_ACTION_BAD); } @@ -30,7 +30,7 @@ Index: pam/libpam/pam_handlers.c if (substack) { res = _pam_add_handler(pamh, PAM_HT_SUBSTACK, other, stack_level, module_type, actions, tok, -@@ -204,13 +210,35 @@ +@@ -205,13 +211,35 @@ return PAM_ABORT; } } diff --git a/debian/patches-applied/032_pam_limits_EPERM_NOT_FATAL b/debian/patches-applied/032_pam_limits_EPERM_NOT_FATAL index d5ce6953..ec97b441 100644 --- a/debian/patches-applied/032_pam_limits_EPERM_NOT_FATAL +++ b/debian/patches-applied/032_pam_limits_EPERM_NOT_FATAL @@ -11,7 +11,7 @@ Index: pam/modules/pam_limits/pam_limits.c =================================================================== --- pam.orig/modules/pam_limits/pam_limits.c +++ pam/modules/pam_limits/pam_limits.c -@@ -1046,6 +1046,8 @@ +@@ -1111,6 +1111,8 @@ if (res != 0) pam_syslog(pamh, LOG_ERR, "Could not set limit for '%s': %m", rlimit2str(i)); diff --git a/debian/patches-applied/036_pam_wheel_getlogin_considered_harmful b/debian/patches-applied/036_pam_wheel_getlogin_considered_harmful index ca465d99..805c62f4 100644 --- a/debian/patches-applied/036_pam_wheel_getlogin_considered_harmful +++ b/debian/patches-applied/036_pam_wheel_getlogin_considered_harmful @@ -12,7 +12,7 @@ Index: pam/modules/pam_wheel/pam_wheel.c =================================================================== --- pam.orig/modules/pam_wheel/pam_wheel.c +++ pam/modules/pam_wheel/pam_wheel.c -@@ -60,9 +60,8 @@ +@@ -47,9 +47,8 @@ /* argument parsing */ #define PAM_DEBUG_ARG 0x0001 @@ -24,7 +24,7 @@ Index: pam/modules/pam_wheel/pam_wheel.c #define PAM_ROOT_ONLY_ARG 0x0020 static int -@@ -80,8 +79,7 @@ +@@ -68,8 +67,7 @@ if (!strcmp(*argv,"debug")) ctrl |= PAM_DEBUG_ARG; @@ -34,35 +34,47 @@ Index: pam/modules/pam_wheel/pam_wheel.c else if (!strcmp(*argv,"trust")) ctrl |= PAM_TRUST_ARG; else if (!strcmp(*argv,"deny")) -@@ -129,27 +127,14 @@ +@@ -118,39 +116,14 @@ } } - if (ctrl & PAM_USE_UID_ARG) { -- tpwd = pam_modutil_getpwuid (pamh, getuid()); -- if (!tpwd) { -- if (ctrl & PAM_DEBUG_ARG) { +- tpwd = pam_modutil_getpwuid (pamh, getuid()); +- if (tpwd == NULL) { +- if (ctrl & PAM_DEBUG_ARG) { - pam_syslog(pamh, LOG_NOTICE, "who is running me ?!"); -- } -- return PAM_SERVICE_ERR; -- } -- fromsu = tpwd->pw_name; +- } +- return PAM_SERVICE_ERR; +- } +- fromsu = tpwd->pw_name; - } else { -- fromsu = pam_modutil_getlogin(pamh); -- if (fromsu) { -- tpwd = pam_modutil_getpwnam (pamh, fromsu); -- } -- if (!fromsu || !tpwd) { -- if (ctrl & PAM_DEBUG_ARG) { -- pam_syslog(pamh, LOG_NOTICE, "who is running me ?!"); -- } -- return PAM_SERVICE_ERR; +- fromsu = pam_modutil_getlogin(pamh); +- +- /* if getlogin fails try a fallback to PAM_RUSER */ +- if (fromsu == NULL) { +- const char *rhostname; +- +- retval = pam_get_item(pamh, PAM_RHOST, (const void **)&rhostname); +- if (retval != PAM_SUCCESS || rhostname == NULL) { +- retval = pam_get_item(pamh, PAM_RUSER, (const void **)&fromsu); +- } +- } +- +- if (fromsu != NULL) { +- tpwd = pam_modutil_getpwnam (pamh, fromsu); +- } +- +- if (fromsu == NULL || tpwd == NULL) { +- if (ctrl & PAM_DEBUG_ARG) { +- pam_syslog(pamh, LOG_NOTICE, "who is running me ?!"); +- } +- return PAM_SERVICE_ERR; + tpwd = pam_modutil_getpwuid (pamh, getuid()); -+ if (!tpwd) { -+ if (ctrl & PAM_DEBUG_ARG) { -+ pam_syslog(pamh, LOG_NOTICE, "who is running me ?!"); - } -+ return PAM_SERVICE_ERR; ++ if (tpwd == NULL) { ++ if (ctrl & PAM_DEBUG_ARG) { ++ pam_syslog(pamh, LOG_NOTICE, "who is running me ?!"); + } ++ return PAM_SERVICE_ERR; } + fromsu = tpwd->pw_name; @@ -92,9 +104,9 @@ Index: pam/modules/pam_wheel/pam_wheel.8.xml - </term> - <listitem> - <para> -- The check for wheel membership will be done against -- the current uid instead of the original one (useful when -- jumping with su from one account to another for example). +- The check will be done against the real uid of the calling process, +- instead of trying to obtain the user from the login session +- associated with the terminal in use. - </para> - </listitem> - </varlistentry> @@ -121,7 +133,7 @@ Index: pam/modules/pam_wheel/pam_wheel.8 -.PP -\fBuse_uid\fR -.RS 4 --The check for wheel membership will be done against the current uid instead of the original one (useful when jumping with su from one account to another for example)\&. +-The check will be done against the real uid of the calling process, instead of trying to obtain the user from the login session associated with the terminal in use\&. -.RE .SH "MODULE TYPES PROVIDED" .PP @@ -136,9 +148,9 @@ Index: pam/modules/pam_wheel/README -use_uid - -- The check for wheel membership will be done against the current uid instead -- of the original one (useful when jumping with su from one account to -- another for example). +- The check will be done against the real uid of the calling process, instead +- of trying to obtain the user from the login session associated with the +- terminal in use. - EXAMPLES diff --git a/debian/patches-applied/040_pam_limits_log_failure b/debian/patches-applied/040_pam_limits_log_failure index 616887c3..0ef703bf 100644 --- a/debian/patches-applied/040_pam_limits_log_failure +++ b/debian/patches-applied/040_pam_limits_log_failure @@ -11,7 +11,7 @@ Index: pam/modules/pam_limits/pam_limits.c =================================================================== --- pam.orig/modules/pam_limits/pam_limits.c +++ pam/modules/pam_limits/pam_limits.c -@@ -1043,9 +1043,19 @@ +@@ -1108,9 +1108,19 @@ if (pl->limits[i].limit.rlim_cur > pl->limits[i].limit.rlim_max) pl->limits[i].limit.rlim_cur = pl->limits[i].limit.rlim_max; res = setrlimit(i, &pl->limits[i].limit); diff --git a/debian/patches-applied/PAM-manpage-section b/debian/patches-applied/PAM-manpage-section index 815c2614..7cdadad3 100644 --- a/debian/patches-applied/PAM-manpage-section +++ b/debian/patches-applied/PAM-manpage-section @@ -35,8 +35,8 @@ Index: pam/doc/man/PAM.8 .\" Source: Linux-PAM Manual .\" Language: English .\" --.TH "PAM" "8" "06/08/2020" "Linux-PAM Manual" "Linux-PAM Manual" -+.TH "PAM" "7" "06/08/2020" "Linux-PAM Manual" "Linux-PAM Manual" +-.TH "PAM" "8" "09/03/2021" "Linux-PAM Manual" "Linux-PAM Manual" ++.TH "PAM" "7" "09/03/2021" "Linux-PAM Manual" "Linux-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- @@ -128,7 +128,7 @@ Index: pam/modules/pam_limits/limits.conf.5.xml =================================================================== --- pam.orig/modules/pam_limits/limits.conf.5.xml +++ pam/modules/pam_limits/limits.conf.5.xml -@@ -346,7 +346,7 @@ +@@ -357,7 +357,7 @@ <para> <citerefentry><refentrytitle>pam_limits</refentrytitle><manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>, @@ -141,7 +141,7 @@ Index: pam/modules/pam_limits/limits.conf.5 =================================================================== --- pam.orig/modules/pam_limits/limits.conf.5 +++ pam/modules/pam_limits/limits.conf.5 -@@ -343,7 +343,7 @@ +@@ -351,7 +351,7 @@ .PP \fBpam_limits\fR(8), \fBpam.d\fR(5), @@ -228,32 +228,6 @@ Index: pam/modules/pam_access/pam_access.8 .SH "AUTHORS" .PP The logdaemon style login access control scheme was designed and implemented by Wietse Venema\&. The pam_access PAM module was developed by Alexei Nogin <alexei@nogin\&.dnttm\&.ru>\&. The IPv6 support and the network(address) / netmask feature was developed and provided by Mike Becher <mike\&.becher@lrz\-muenchen\&.de>\&. -Index: pam/modules/pam_cracklib/pam_cracklib.8.xml -=================================================================== ---- pam.orig/modules/pam_cracklib/pam_cracklib.8.xml -+++ pam/modules/pam_cracklib/pam_cracklib.8.xml -@@ -577,7 +577,7 @@ - <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> - </citerefentry>, - <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry> - </para> - </refsect1> -Index: pam/modules/pam_cracklib/pam_cracklib.8 -=================================================================== ---- pam.orig/modules/pam_cracklib/pam_cracklib.8 -+++ pam/modules/pam_cracklib/pam_cracklib.8 -@@ -357,7 +357,7 @@ - .PP - \fBpam.conf\fR(5), - \fBpam.d\fR(5), --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "AUTHOR" - .PP - pam_cracklib was written by Cristian Gafton <gafton@redhat\&.com> Index: pam/modules/pam_debug/pam_debug.8.xml =================================================================== --- pam.orig/modules/pam_debug/pam_debug.8.xml @@ -336,7 +310,7 @@ Index: pam/modules/pam_env/pam_env.8.xml =================================================================== --- pam.orig/modules/pam_env/pam_env.8.xml +++ pam/modules/pam_env/pam_env.8.xml -@@ -246,7 +246,7 @@ +@@ -254,7 +254,7 @@ <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> @@ -349,7 +323,7 @@ Index: pam/modules/pam_exec/pam_exec.8.xml =================================================================== --- pam.orig/modules/pam_exec/pam_exec.8.xml +++ pam/modules/pam_exec/pam_exec.8.xml -@@ -287,7 +287,7 @@ +@@ -303,7 +303,7 @@ <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> @@ -362,7 +336,7 @@ Index: pam/modules/pam_exec/pam_exec.8 =================================================================== --- pam.orig/modules/pam_exec/pam_exec.8 +++ pam/modules/pam_exec/pam_exec.8 -@@ -177,7 +177,7 @@ +@@ -182,7 +182,7 @@ .PP \fBpam.conf\fR(5), \fBpam.d\fR(5), @@ -687,7 +661,7 @@ Index: pam/modules/pam_mkhomedir/pam_mkhomedir.8.xml =================================================================== --- pam.orig/modules/pam_mkhomedir/pam_mkhomedir.8.xml +++ pam/modules/pam_mkhomedir/pam_mkhomedir.8.xml -@@ -198,7 +198,7 @@ +@@ -205,7 +205,7 @@ <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> @@ -700,7 +674,7 @@ Index: pam/modules/pam_mkhomedir/pam_mkhomedir.8 =================================================================== --- pam.orig/modules/pam_mkhomedir/pam_mkhomedir.8 +++ pam/modules/pam_mkhomedir/pam_mkhomedir.8 -@@ -124,7 +124,7 @@ +@@ -129,7 +129,7 @@ .SH "SEE ALSO" .PP \fBpam.d\fR(5), @@ -713,7 +687,7 @@ Index: pam/modules/pam_motd/pam_motd.8.xml =================================================================== --- pam.orig/modules/pam_motd/pam_motd.8.xml +++ pam/modules/pam_motd/pam_motd.8.xml -@@ -195,7 +195,7 @@ +@@ -196,7 +196,7 @@ <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> @@ -739,7 +713,7 @@ Index: pam/modules/pam_namespace/pam_namespace.8.xml =================================================================== --- pam.orig/modules/pam_namespace/pam_namespace.8.xml +++ pam/modules/pam_namespace/pam_namespace.8.xml -@@ -399,7 +399,7 @@ +@@ -362,7 +362,7 @@ <refentrytitle>mount</refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> @@ -752,7 +726,7 @@ Index: pam/modules/pam_namespace/pam_namespace.8 =================================================================== --- pam.orig/modules/pam_namespace/pam_namespace.8 +++ pam/modules/pam_namespace/pam_namespace.8 -@@ -178,7 +178,7 @@ +@@ -148,7 +148,7 @@ \fBnamespace.conf\fR(5), \fBpam.d\fR(5), \fBmount\fR(8), @@ -912,8 +886,8 @@ Index: pam/modules/pam_selinux/pam_selinux.8 .\" Source: Linux-PAM Manual .\" Language: English .\" --.TH "PAM_SELINUX" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_SELINUX" "7" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual" +-.TH "PAM_SELINUX" "8" "09/03/2021" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_SELINUX" "7" "09/03/2021" "Linux-PAM Manual" "Linux\-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- @@ -1004,32 +978,6 @@ Index: pam/modules/pam_succeed_if/pam_succeed_if.8 .SH "AUTHOR" .PP Nalin Dahyabhai <nalin@redhat\&.com> -Index: pam/modules/pam_tally/pam_tally.8.xml -=================================================================== ---- pam.orig/modules/pam_tally/pam_tally.8.xml -+++ pam/modules/pam_tally/pam_tally.8.xml -@@ -444,7 +444,7 @@ - <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> - </citerefentry>, - <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry> - </para> - </refsect1> -Index: pam/modules/pam_tally/pam_tally.8 -=================================================================== ---- pam.orig/modules/pam_tally/pam_tally.8 -+++ pam/modules/pam_tally/pam_tally.8 -@@ -250,7 +250,7 @@ - \fBfaillog\fR(8), - \fBpam.conf\fR(5), - \fBpam.d\fR(5), --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "AUTHOR" - .PP - pam_tally was written by Tim Baverstock and Tomas Mraz\&. Index: pam/modules/pam_time/pam_time.8.xml =================================================================== --- pam.orig/modules/pam_time/pam_time.8.xml @@ -1504,7 +1452,7 @@ Index: pam/modules/pam_userdb/pam_userdb.8.xml =================================================================== --- pam.orig/modules/pam_userdb/pam_userdb.8.xml +++ pam/modules/pam_userdb/pam_userdb.8.xml -@@ -278,7 +278,7 @@ +@@ -279,7 +279,7 @@ <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> @@ -1612,8 +1560,8 @@ Index: pam/modules/pam_env/pam_env.8 .\" Source: Linux-PAM Manual .\" Language: English .\" --.TH "PAM_ENV" "8" "06/08/2020" "Linux-PAM Manual" "Linux-PAM Manual" -+.TH "PAM_ENV" "7" "06/08/2020" "Linux-PAM Manual" "Linux-PAM Manual" +-.TH "PAM_ENV" "8" "09/03/2021" "Linux-PAM Manual" "Linux-PAM Manual" ++.TH "PAM_ENV" "7" "09/03/2021" "Linux-PAM Manual" "Linux-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- @@ -1669,37 +1617,11 @@ Index: pam/modules/pam_sepermit/sepermit.conf.5 \fBselinux\fR(8), .SH "AUTHOR" .PP -Index: pam/modules/pam_tally2/pam_tally2.8.xml -=================================================================== ---- pam.orig/modules/pam_tally2/pam_tally2.8.xml -+++ pam/modules/pam_tally2/pam_tally2.8.xml -@@ -435,7 +435,7 @@ - <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> - </citerefentry>, - <citerefentry> -- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> -+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> - </citerefentry> - </para> - </refsect1> -Index: pam/modules/pam_tally2/pam_tally2.8 -=================================================================== ---- pam.orig/modules/pam_tally2/pam_tally2.8 -+++ pam/modules/pam_tally2/pam_tally2.8 -@@ -238,7 +238,7 @@ - .PP - \fBpam.conf\fR(5), - \fBpam.d\fR(5), --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "AUTHOR" - .PP - pam_tally2 was written by Tim Baverstock and Tomas Mraz\&. Index: pam/modules/pam_timestamp/pam_timestamp.8.xml =================================================================== --- pam.orig/modules/pam_timestamp/pam_timestamp.8.xml +++ pam/modules/pam_timestamp/pam_timestamp.8.xml -@@ -188,7 +188,7 @@ +@@ -193,7 +193,7 @@ <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> @@ -1712,7 +1634,7 @@ Index: pam/modules/pam_timestamp/pam_timestamp.8 =================================================================== --- pam.orig/modules/pam_timestamp/pam_timestamp.8 +++ pam/modules/pam_timestamp/pam_timestamp.8 -@@ -124,7 +124,7 @@ +@@ -129,7 +129,7 @@ \fBpam_timestamp_check\fR(8), \fBpam.conf\fR(5), \fBpam.d\fR(5), @@ -1746,7 +1668,7 @@ Index: pam/modules/pam_timestamp/pam_timestamp_check.8 +\fBpam\fR(7) .SH "AUTHOR" .PP - pam_tally was written by Nalin Dahyabhai\&. + pam_timestamp was written by Nalin Dahyabhai\&. Index: pam/modules/pam_tty_audit/pam_tty_audit.8.xml =================================================================== --- pam.orig/modules/pam_tty_audit/pam_tty_audit.8.xml diff --git a/debian/patches-applied/make_documentation_reproducible.patch b/debian/patches-applied/make_documentation_reproducible.patch index ed15df13..b6a4bfe3 100644 --- a/debian/patches-applied/make_documentation_reproducible.patch +++ b/debian/patches-applied/make_documentation_reproducible.patch @@ -8,7 +8,7 @@ Index: pam/configure.ac =================================================================== --- pam.orig/configure.ac +++ pam/configure.ac -@@ -619,7 +619,7 @@ +@@ -585,7 +585,7 @@ AC_PATH_PROG([BROWSER], [w3m]) if test -n "$BROWSER"; then diff --git a/debian/patches-applied/pam-limits-nofile-fd-setsize-cap b/debian/patches-applied/pam-limits-nofile-fd-setsize-cap index 302c911f..9c0503c7 100644 --- a/debian/patches-applied/pam-limits-nofile-fd-setsize-cap +++ b/debian/patches-applied/pam-limits-nofile-fd-setsize-cap @@ -43,7 +43,7 @@ Index: pam/modules/pam_limits/pam_limits.c =================================================================== --- pam.orig/modules/pam_limits/pam_limits.c +++ pam/modules/pam_limits/pam_limits.c -@@ -451,6 +451,14 @@ +@@ -450,6 +450,14 @@ pl->limits[i].src_hard = LIMITS_DEF_KERNEL; } fclose(limitsfile); diff --git a/debian/patches-applied/pam_env-allow-environment-files-without-EOL-at-EOF.patch b/debian/patches-applied/pam_env-allow-environment-files-without-EOL-at-EOF.patch deleted file mode 100644 index 340e4a7f..00000000 --- a/debian/patches-applied/pam_env-allow-environment-files-without-EOL-at-EOF.patch +++ /dev/null @@ -1,30 +0,0 @@ -From: Tomas Mraz <tmraz@fedoraproject.org> -Date: Wed, 4 Nov 2020 09:37:36 +0100 -Subject: pam_env: allow environment files without EOL at EOF - -Fixes #263 - -* modules/pam_env/pam_env.c (_assemble_line): Do not error out if at feof() - -Origin: upstream, https://github.com/linux-pam/linux-pam/commit/12824dd648b0668968231044ed805d1f3b212d7e -Applied-Upstream: 1.5.0 -Bug: https://github.com/linux-pam/linux-pam/issues/263 -Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1953201 -Reviewed-By: Sergio Durigan Junior <sergiodj@ubuntu.com> ---- - modules/pam_env/pam_env.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/modules/pam_env/pam_env.c b/modules/pam_env/pam_env.c -index 79d4372..4aa3777 100644 ---- a/modules/pam_env/pam_env.c -+++ b/modules/pam_env/pam_env.c -@@ -311,7 +311,7 @@ static int _assemble_line(FILE *f, char *buffer, int buf_len) - D(("_assemble_line: corrupted or binary file")); - return -1; - } -- if (p[strlen(p)-1] != '\n') { -+ if (p[strlen(p)-1] != '\n' && !feof(f)) { - D(("_assemble_line: line too long")); - return -1; - } diff --git a/debian/patches-applied/pam_faillock_create_directory b/debian/patches-applied/pam_faillock_create_directory deleted file mode 100644 index 420e2937..00000000 --- a/debian/patches-applied/pam_faillock_create_directory +++ /dev/null @@ -1,31 +0,0 @@ -commit d54870f993e97fe75e2cd0470a3701d5af22877c -Author: Changqing Li <changqing.li@windriver.com> -Date: Tue Jan 12 14:45:34 2021 +0800 - - faillock: create tallydir before creating tallyfile - - The default tallydir is "/var/run/faillock", and this default - tallydir may not exist. - - Function open may fail as tallydir does not exist when creating - the tallyfile. Therefore, faillock will not work well. - - Fix this problem by creating tallydir before creating tallyfile - when the tallydir does not exist. - - Signed-off-by: Changqing Li <changqing.li@windriver.com> - -Index: pam/modules/pam_faillock/faillock.c -=================================================================== ---- pam.orig/modules/pam_faillock/faillock.c -+++ pam/modules/pam_faillock/faillock.c -@@ -74,6 +74,9 @@ open_tally (const char *dir, const char - - if (create) { - flags |= O_CREAT; -+ if (access(dir, F_OK) != 0) { -+ mkdir(dir, 0755); -+ } - } - - fd = open(path, flags, 0600); diff --git a/debian/patches-applied/pam_mkhomedir_stat_before_opendir b/debian/patches-applied/pam_mkhomedir_stat_before_opendir index 3e5f0a12..aec49b69 100644 --- a/debian/patches-applied/pam_mkhomedir_stat_before_opendir +++ b/debian/patches-applied/pam_mkhomedir_stat_before_opendir @@ -2,7 +2,7 @@ Index: pam/modules/pam_mkhomedir/mkhomedir_helper.c =================================================================== --- pam.orig/modules/pam_mkhomedir/mkhomedir_helper.c +++ pam/modules/pam_mkhomedir/mkhomedir_helper.c -@@ -38,6 +38,7 @@ create_homedir(const struct passwd *pwd, +@@ -39,6 +39,7 @@ DIR *d; struct dirent *dent; int retval = PAM_SESSION_ERR; @@ -10,7 +10,7 @@ Index: pam/modules/pam_mkhomedir/mkhomedir_helper.c /* Create the new directory */ if (mkdir(dest, 0700) && errno != EEXIST) -@@ -53,6 +54,12 @@ create_homedir(const struct passwd *pwd, +@@ -54,6 +55,12 @@ goto go_out; } diff --git a/debian/patches-applied/pam_unix_avoid_checksalt b/debian/patches-applied/pam_unix_avoid_checksalt deleted file mode 100644 index 5a441145..00000000 --- a/debian/patches-applied/pam_unix_avoid_checksalt +++ /dev/null @@ -1,43 +0,0 @@ -debian-bug: #992848 -upstream-bug: https://github.com/linux-pam/linux-pam/issues/367 - - -From 980d90c9232fe5325d1a4deddd42c597cf9e1a54 Mon Sep 17 00:00:00 2001 -From: "Dmitry V. Levin" <ldv@altlinux.org> -Date: Thu, 10 Jun 2021 14:00:00 +0000 -Subject: [PATCH] pam_unix: do not use crypt_checksalt when checking for - password expiration - -According to Zack Weinberg, the intended meaning of -CRYPT_SALT_METHOD_LEGACY is "passwd(1) should not use this hashing -method", it is not supposed to mean "force a password change on next -login for any user with an existing stored hash using this method". - -This reverts commit 4da9febc39b955892a30686e8396785b96bb8ba5. - -* modules/pam_unix/passverify.c (check_shadow_expiry) -[CRYPT_CHECKSALT_AVAILABLE]: Remove. - -Closes: https://github.com/linux-pam/linux-pam/issues/367 ---- - modules/pam_unix/passverify.c | 6 ------ - 1 file changed, 6 deletions(-) - -diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c -index f6132f805..5a19ed856 100644 ---- a/modules/pam_unix/passverify.c -+++ b/modules/pam_unix/passverify.c -@@ -289,13 +289,7 @@ PAMH_ARG_DECL(int check_shadow_expiry, - D(("account expired")); - return PAM_ACCT_EXPIRED; - } --#if defined(CRYPT_CHECKSALT_AVAILABLE) && CRYPT_CHECKSALT_AVAILABLE -- if (spent->sp_lstchg == 0 || -- crypt_checksalt(spent->sp_pwdp) == CRYPT_SALT_METHOD_LEGACY || -- crypt_checksalt(spent->sp_pwdp) == CRYPT_SALT_TOO_CHEAP) { --#else - if (spent->sp_lstchg == 0) { --#endif - D(("need a new password")); - *daysleft = 0; - return PAM_NEW_AUTHTOK_REQD; diff --git a/debian/patches-applied/pam_unix_dont_trust_chkpwd_caller.patch b/debian/patches-applied/pam_unix_dont_trust_chkpwd_caller.patch index 11d4ee31..6a9e525e 100644 --- a/debian/patches-applied/pam_unix_dont_trust_chkpwd_caller.patch +++ b/debian/patches-applied/pam_unix_dont_trust_chkpwd_caller.patch @@ -11,10 +11,10 @@ Index: pam/modules/pam_unix/unix_chkpwd.c =================================================================== --- pam.orig/modules/pam_unix/unix_chkpwd.c +++ pam/modules/pam_unix/unix_chkpwd.c -@@ -137,9 +137,10 @@ +@@ -138,9 +138,10 @@ /* if the caller specifies the username, verify that user matches it */ - if (strcmp(user, argv[1])) { + if (user == NULL || strcmp(user, argv[1])) { + gid_t gid = getgid(); user = argv[1]; /* no match -> permanently change to the real user and proceed */ diff --git a/debian/patches-applied/pam_unix_fix_sgid_shadow_auth.patch b/debian/patches-applied/pam_unix_fix_sgid_shadow_auth.patch deleted file mode 100644 index 0ce85eb7..00000000 --- a/debian/patches-applied/pam_unix_fix_sgid_shadow_auth.patch +++ /dev/null @@ -1,25 +0,0 @@ -Revert upstream change that prevents pam_unix from working with sgid -shadow applications. - -Authors: Steve Langasek <vorlon@debian.org> - -Upstream status: to be submitted (and debated...) - -Index: pam/modules/pam_unix/passverify.c -=================================================================== ---- pam.orig/modules/pam_unix/passverify.c -+++ pam/modules/pam_unix/passverify.c -@@ -198,11 +198,11 @@ - * ...and shadow password file entry for this user, - * if shadowing is enabled - */ -+ *spwdent = pam_modutil_getspnam(pamh, name); - #ifndef HELPER_COMPILE -- if (geteuid() || SELINUX_ENABLED) -+ if (*spwdent == NULL && (geteuid() || SELINUX_ENABLED)) - return PAM_UNIX_RUN_HELPER; - #endif -- *spwdent = pam_modutil_getspnam(pamh, name); - if (*spwdent == NULL || (*spwdent)->sp_pwdp == NULL) - return PAM_AUTHINFO_UNAVAIL; - } diff --git a/debian/patches-applied/pam_unix_initialize_daysleft b/debian/patches-applied/pam_unix_initialize_daysleft deleted file mode 100644 index e304a16e..00000000 --- a/debian/patches-applied/pam_unix_initialize_daysleft +++ /dev/null @@ -1,29 +0,0 @@ -bug-debian: https://bugs.debian.org/980285 - -commit db6b293046aee4735f3aa2d1713742ed4b533219 -Author: Tomas Mraz <tmraz@fedoraproject.org> -Date: Wed Jul 22 11:47:55 2020 +0200 - - Fix missing initialization of daysleft - - The daysleft otherwise stays uninitialized if there is no shadow entry. - - Regression from commit f5adefa. - - Fixes #255 - - * modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): Initialize daysleft. - -Index: pam/modules/pam_unix/pam_unix_acct.c -=================================================================== ---- pam.orig/modules/pam_unix/pam_unix_acct.c -+++ pam/modules/pam_unix/pam_unix_acct.c -@@ -189,7 +189,7 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int - unsigned long long ctrl; - const void *void_uname; - const char *uname; -- int retval, daysleft; -+ int retval, daysleft = -1; - char buf[256]; - - D(("called.")); diff --git a/debian/patches-applied/series b/debian/patches-applied/series index d3f4a191..3ea285ae 100644 --- a/debian/patches-applied/series +++ b/debian/patches-applied/series @@ -1,4 +1,3 @@ -pam_unix_fix_sgid_shadow_auth.patch pam_unix_dont_trust_chkpwd_caller.patch make_documentation_reproducible.patch 007_modules_pam_unix @@ -22,9 +21,4 @@ pam-limits-nofile-fd-setsize-cap fix-autoreconf.patch nullok_secure-compat.patch -pam_unix_initialize_daysleft -pam_faillock_create_directory pam_mkhomedir_stat_before_opendir -pam_unix_avoid_checksalt - -pam_env-allow-environment-files-without-EOL-at-EOF.patch diff --git a/debian/patches-applied/update-motd b/debian/patches-applied/update-motd index d84ecf57..14d5fee4 100644 --- a/debian/patches-applied/update-motd +++ b/debian/patches-applied/update-motd @@ -10,7 +10,7 @@ Index: pam/modules/pam_motd/pam_motd.c =================================================================== --- pam.orig/modules/pam_motd/pam_motd.c +++ pam/modules/pam_motd/pam_motd.c -@@ -286,6 +286,7 @@ +@@ -352,6 +352,7 @@ int argc, const char **argv) { int retval = PAM_IGNORE; @@ -18,7 +18,7 @@ Index: pam/modules/pam_motd/pam_motd.c const char *motd_path = NULL; char *motd_path_copy = NULL; unsigned int num_motd_paths = 0; -@@ -295,6 +296,7 @@ +@@ -361,6 +362,7 @@ unsigned int num_motd_dir_paths = 0; char **motd_dir_path_split = NULL; int report_missing; @@ -26,7 +26,7 @@ Index: pam/modules/pam_motd/pam_motd.c if (flags & PAM_SILENT) { return retval; -@@ -324,6 +326,9 @@ +@@ -390,6 +392,9 @@ "motd_dir= specification missing argument - ignored"); } } @@ -36,7 +36,7 @@ Index: pam/modules/pam_motd/pam_motd.c else pam_syslog(pamh, LOG_ERR, "unknown option: %s", *argv); } -@@ -336,6 +341,19 @@ +@@ -402,6 +407,19 @@ report_missing = 1; } @@ -60,7 +60,7 @@ Index: pam/modules/pam_motd/pam_motd.8.xml =================================================================== --- pam.orig/modules/pam_motd/pam_motd.8.xml +++ pam/modules/pam_motd/pam_motd.8.xml -@@ -114,6 +114,17 @@ +@@ -115,6 +115,17 @@ </para> </listitem> </varlistentry> @@ -100,7 +100,7 @@ Index: pam/modules/pam_motd/README =================================================================== --- pam.orig/modules/pam_motd/README +++ pam/modules/pam_motd/README -@@ -51,6 +51,10 @@ +@@ -52,6 +52,10 @@ colon-separated list. By default this option is set to /etc/motd.d:/run/ motd.d:/usr/lib/motd.d. diff --git a/debian/po/ro.po b/debian/po/ro.po index be2b7bc7..2752ae40 100644 --- a/debian/po/ro.po +++ b/debian/po/ro.po @@ -10,8 +10,8 @@ msgstr "" "Project-Id-Version: pam 1.0.1-7\n" "Report-Msgid-Bugs-To: pam@packages.debian.org\n" "POT-Creation-Date: 2021-02-26 10:32-0500\n" -"PO-Revision-Date: 2011-03-29 13:01-0700\n" -"Last-Translator: Eddy Petrișor <eddy.petrisor@gmail.com>\n" +"PO-Revision-Date: 2021-04-05 16:44+0300\n" +"Last-Translator: Andrei POPESCU <andreimpopescu@gmail.com>\n" "Language-Team: Romanian <debian-l10n-romanian@lists.debian.org>\n" "Language: ro\n" "MIME-Version: 1.0\n" @@ -30,21 +30,14 @@ msgstr "Serviciile repornite la actualizarea bibliotecii PAM:" #. Type: string #. Description #: ../libpam0g.templates:1001 -#, fuzzy -#| msgid "" -#| "Most services that use PAM need to be restarted to use modules built for " -#| "this new version of libpam. Please review the following space-separated " -#| "list of init.d scripts for services to be restarted now, and correct it " -#| "if needed." msgid "" "Most services that use PAM need to be restarted to use modules built for " "this new version of libpam. Please review the following space-separated " "list of services to be restarted now, and correct it if needed." msgstr "" "Majoritatea serviciilor ce folosesc PAM trebuie repornite pentru a folosi " -"modulele pentru noua versiune de libpam. Următoarea listă folosește ca " -"separator spațiul și conține script-uri init.d care urmează să fie repornite " -"acum; verificați-o și corectați-o, dacă este necesar." +"modulele pentru noua versiune de libpam. Verificați și ajustați după caz " +"lista următoare (separată prin spațiu) cu servicii care trebuie repornite." #. Type: error #. Description @@ -97,6 +90,7 @@ msgstr "" #: ../libpam0g.templates:4001 msgid "Restart services during package upgrades without asking?" msgstr "" +"Să se repornească serviciile fără confirmare în timpul unei actualizări?" #. Type: boolean #. Description @@ -110,12 +104,19 @@ msgid "" "necessary restarts will be done for you automatically so you can avoid being " "asked questions on each library upgrade." msgstr "" +"Pe acest sistem sunt instalate servicii care trebuie repornite atunci când " +"anumite biblioteci, cum ar fi libpam, libc și libssl sunt actualizate. " +"Deoarece aceste reporniri pot cauza întreruperi în furnizarea serviciului în " +"mod normal se solicită confirmarea listei de servicii pe care doriți să le " +"reporniți la fiecare actualizare. Puteți alege această opțiune pentru a " +"evita confirmarea. În schimb toate repornirile necesare vor fi executate " +"automat pentru a evita întrebările la fiecare actualizare de biblioteci." #. Type: title #. Description #: ../libpam-runtime.templates:1001 msgid "PAM configuration" -msgstr "" +msgstr "Configurarea PAM" #. Type: multiselect #. Description @@ -193,10 +194,8 @@ msgstr "" #. Type: error #. Description #: ../libpam-runtime.templates:5001 -#, fuzzy -#| msgid "Incompatible PAM profiles selected." msgid "No PAM profiles have been selected." -msgstr "Selecție de profile PAM incompatibile." +msgstr "Nu au fost selectate profile PAM." #. Type: error #. Description @@ -206,6 +205,9 @@ msgid "" "all users access without authenticating, and is not allowed. Please select " "at least one PAM profile from the available list." msgstr "" +"Nu a fost ales nici un profil PAM pentru a fi folosit pe acest sistem. Acest " +"lucru ar permite tuturor utilizatorilor accesul fără autentificare, ceea ce " +"nu este permis. Selectați cel puțin un profil PAM din lista disponibilă." #. Type: error #. Description @@ -235,7 +237,7 @@ msgstr "" #. Description #: ../libpam-modules.templates:2001 msgid "PAM Profiles with Deprecated Modules Disabled" -msgstr "" +msgstr "Profilele PAM cu module învechite au fost dezactivate" #. Type: error #. Description @@ -246,12 +248,16 @@ msgid "" "prevent users from accessing your system. As a result, these profiles have " "been disabled." msgstr "" +"Acest sistem are profile PAM activate cu modulele PAM ${modules}. Aceste " +"module au fost scoase din PAM. Păstrarea acestor profile PAM activate ar " +"împiedica accesul utilizatorilor la sistem. În consecință aceste profile au " +"fost dezactivate." #. Type: error #. Description #: ../libpam-modules.templates:3001 msgid "you are using pam_tally or pam_tally2 in your configuration" -msgstr "" +msgstr "folosiți pam_tally sau pam_tally2" #. Type: error #. Description @@ -263,9 +269,14 @@ msgid "" "modules in your PAM configuration after the upgrade will stop users from " "being able to log into the system." msgstr "" +"Modulele pam_tally și pam_tally2 au fost scoase din PAM. Acum utilizați unul " +"din aceste module în configurația PAM din /etc/pam.d. Înainde de a putea " +"actualiza PAM utilizarea acestor module trebuie oprită. Includerea acestor " +"module după actualizare în configurația PAM va împiedica accesul " +"utilizatorilor la sistem." #. Type: error #. Description #: ../libpam-modules.templates:3001 msgid "Consider the pam_faillock module as a replacement for pam_tally." -msgstr "" +msgstr "Modulul pam_faillock are putea fi un înlocuitor pentru pam_tally." diff --git a/debian/rules b/debian/rules index eae93f04..5470c25a 100755 --- a/debian/rules +++ b/debian/rules @@ -30,17 +30,14 @@ override_dh_auto_configure: dh_auto_configure -- --enable-static --enable-shared \ --libdir=/lib/$(DEB_HOST_MULTIARCH) \ --enable-isadir=/lib/security \ - --enable-cracklib \ + --with-systemdunitdir=/usr/lib/systemd/system \ + --disable-nis \ $(CONFIGURE_OPTS) # .install files don't have "except for" handling, so we need to exclude # our module that doesn't match right here override_dh_install: - sed -e"s/@DEB_HOST_MULTIARCH@/$(DEB_HOST_MULTIARCH)/g" $(d)/libpam0g-dev.install.in > $(d)/libpam0g-dev.install -ifneq (,$(findstring libpam-modules, $(shell dh_listpackages))) - dh_install -plibpam-modules -Xpam_cracklib -endif - dh_install -Nlibpam-modules + dh_install # Make sure the md5sums for the templates we ship are # recognized by pam-auth-update. for f in common-auth common-session common-session-noninteractive common-account common-password; do \ @@ -61,15 +58,8 @@ override_dh_installman: pod2man --section 8 --release="Debian GNU/Linux" $(dl)/pam_getenv >$(dl)/pam_getenv.8 dh_installman rm -f $(d)/libpam-modules/usr/share/man/man5/pam.conf.5 - rm -f $(d)/libpam-modules/usr/share/man/man8/pam_cracklib.8 rm -f $(d)/libpam-modules/usr/share/man/man8/pam_timestamp_check.8 -# dh_link doesn't do wildcards, so we can't auto-link to the right per-arch -# directory -override_dh_link: - sed -e"s/@DEB_HOST_MULTIARCH@/$(DEB_HOST_MULTIARCH)/g" $(d)/libpam0g-dev.links.in > $(d)/libpam0g-dev.links - dh_link - # using perms that differ from upstream (sgid instead of suid) /and/ that # dh_fixperms doesn't want override_dh_fixperms: diff --git a/debian/source.lintian-overrides b/debian/source.lintian-overrides index 037bfc61..85133c70 100644 --- a/debian/source.lintian-overrides +++ b/debian/source.lintian-overrides @@ -1,3 +1,2 @@ pam source: dh-quilt-addon-but-quilt-source-format -pam source: build-depends-on-1-revision build-depends: quilt (>= 0.48-1) |