aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Don't build with NIS support. This is only used for password changes on NIS ↵Steve Langasek2022-04-251-0/+8
| | | | systems, and is pulling a large dependency chain into the Essential package set which is not justifiable.
* releasing package pam version 1.4.0-11Steve Langasek2021-12-061-2/+2
|
* cherry-pick: Allow /etc/environment files without EOL at EOF.Sergio Durigan Junior2021-12-063-0/+37
| | | | In other words, allow files without a newline at the end. (LP: #1953201)
* More whitespaceSteve Langasek2021-10-261-2/+2
|
* Whitespace fixes in debconf templates.Steve Langasek2021-10-2626-25/+31
|
* Release 1.4.0-10 to unstableSam Hartman2021-09-151-1/+2
|
* pam-auth-update: support DPKG_ROOTSam Hartman2021-09-153-1/+8
| | | | | | | | Patch from Johannes 'josch' Schauer to implement a --root argument to pam-auth-update and to use it in the call in libpam-runtime. * debian/local/pam-auth-update: support --root * debian/libpam-runtime.postinst: call with --root $DPKG_ROOT
* debian/patches-applied/pam_unix_avoid_checksalt: upstream patch toSam Hartman2021-09-153-1/+48
| | | | | avoid crypt_checksalt because pre-bullseye password hashes were ignored.
* libpam0g.postinst: fix syntax error in systemd unit restartSam Hartman2021-09-152-1/+8
|
* Revert "Prefer _PAM_ISA to DEFAULT_MODULE_PATH"Sam Hartman2021-09-152-4/+21
| | | | | It turns out Debian uses DEFAULT_MODULE_PATH and _PAM_ISA in the opposite meaning of upstream. DEFAULT_MODULE_PATH is based on libdir, which is the multiarch path, while _PAM_ISA is /lib/security. So my patch had the opposite effect as intended.
* Prefer _PAM_ISA to DEFAULT_MODULE_PATHSam Hartman2021-09-152-4/+8
| | | | | debian/patches-applied/lib_security_multiarch_compat: Prefer _PAM_ISA to DEFAULT_MODULE_PATH.
* Fix pam-modules not in multiarch pathsSam Hartman2021-09-152-6/+27
| | | | | | * debian/patches-applied/lib_security_multiarch_compat - Fix regression introduced in 1.4.0-1: search both /lib/security and /lib/[multiarch]/security/], Closes: #990790
* Run debconf-updatepoSam Hartman2021-09-154-20/+5
|
* Release 1.4.0-7 to unstableSam Hartman2021-09-151-2/+3
|
* Document changes for 1.4.0-7Sam Hartman2021-09-151-2/+11
|
* Updated German debconf translationsSam Hartman2021-09-152-24/+28
|
* debian/libpam-modules.templates: fix capitalizationSam Hartman2021-09-1524-30/+30
| | | | Also affects all the translations.
* debian/libpam-modules.preinst: match common-*Sam Hartman2021-09-151-1/+1
| | | | Include - in file matching regexp to include /etc/pam.d/common-*
* debian/libpam0g.postinst: code review fixesMark Hindley2021-09-151-2/+2
| | | | | | | | * Fix indentation * set service so argument to function is used * remove dead code
* Dutch translationSam Hartman2021-09-152-19/+29
|
* Russian TranslationsSam Hartman2021-09-152-41/+51
|
* French translationsSam Hartman2021-09-152-28/+40
|
* New Brazilian Portuguese translation, Thanks Adriano Rafael Gomes, Closes: ↵Sam Hartman2021-09-152-11/+22
| | | | #984656
* More translation updatesSam Hartman2021-09-153-41/+47
|
* Updated Bulgarian Translation, Thanks Damyan IvanovSam Hartman2021-09-152-10/+17
|
* Updated Simplified Chinese Translations, thanks Boyuan YangSam Hartman2021-09-152-32/+41
|
* Updated portuguese debconf translation, thanks Pedro Ribeiro, Closes: #983594Sam Hartman2021-09-152-14/+24
|
* Document changes for 1.4.0-6Sam Hartman2021-09-151-0/+8
|
* Run debconf-updatepoSam Hartman2021-09-1524-94/+1138
|
* debian/libpam-modules.preinst: update version to 1.4.0-5Sam Hartman2021-09-151-1/+1
| | | | | Since we added new upgrade tests, update the version against which our tests run.
* Document changes for 1.4.0-5Sam Hartman2021-09-151-3/+14
|
* Document that common-session is only for interactive sessionsSam Hartman2021-09-152-2/+2
|
* libpam-modules.preinst,templates: detect pam_tallySam Hartman2021-09-152-2/+23
| | | | | Detect any uses of pam_tally that are left after disabling profiles, and halt upgrade on them.
* Commit common-password md5sum introduced in 1.4.0-4Sam Hartman2021-09-151-0/+1
|
* Confirm that md5sums of templates are registeredSam Hartman2021-09-152-0/+64
|
* debian/local/pam-auth-update: detect pam_tallySam Hartman2021-09-151-0/+7
| | | | | | Create a mechanism for tracking modules that have been removed. Disable profiles containing those modules so they do not appear in the list of available modules. Use this mechanism for pam_tally.
* debian/libpam-modules.preinst|templates: pam_tally deprecationSam Hartman2021-09-153-1/+48
| | | | | | | | | * Add a facility to detect enabled profiles that contain a particular module * If a profile contains an enabled module that is being removed, remove that profile and warn the user. * Use this to pam_tally and because of how the string search works pam_tally2
* debian/libpam0g.postinst: Handle systemd unitsSam Hartman2021-09-153-14/+45
| | | | | | | | | | | | | | | | | | Debian policy now considers init scripts optional. When booted with systemd, use systemd facilities for determining whether a service is enabled and restarting. We might want to try restarting services that are running even if disabled. I don't think we did that in the init script case, and I don't know a good way to determine which units should be restarted. * Update template description because the services are no longer considered init scripts on most systems. It wouldn't be worth the translation churn alone, but we have another template change in the same version. * Override lintian warning regarding calling systemctl. oops lintian
* debian/README.source: document how to avoid multi-arch issuesSam Hartman2021-09-151-0/+9
|
* Document changes for 1.4.0-4Sam Hartman2021-09-151-0/+8
|
* debian/libpam-runtime.prerm: Update block about removalSam Hartman2021-09-151-6/+15
|
* debian/local/common-password: Document switch to yescryptSam Hartman2021-09-151-8/+8
|
* Release 1.4.0-3 to unstableSam Hartman2021-09-151-2/+2
|
* patches-applied/pam_mkhomedir_stat_before_opendir: Stat the skeleton ↵Sam Hartman2021-09-153-0/+28
| | | | | | | | | | | directory before opendir According to https://bugs.debian.org/834589 there are cases where the kernel will not permit opendir before stat of the enclosing directory. In the described case it was autofs, but I can see various filesystems that mount a network namespace doing the same thing trying to prevent excessive network traffic from a tree traversal. Statting the autofs entry before opendir causes it to work.
* libpam-runtime.postrm: /var/lib/pam may not exist on purgeSam Hartman2021-09-151-1/+1
| | | | | | | In practice, I get a directory does not exist when I run dpkg --force-remove-essential --force-depends --purge libpam-runtime I'm guessing that somehow /var/lib/pam is getting removed both in the remove and purge stage. That's okay, so ignore it.
* patches-applied/pam_faillock_create_directory: backport upstream patchSam Hartman2021-09-153-0/+48
| | | | | | to Create /run/faillock when needed. Fedora used to do this with tmpfiles, but we don't want to do that because it is systemd dependent.
* No infinite loop on purge of libpam-runtime, Closes: #977648Sam Hartman2021-09-151-2/+4
|
* pam-configs/unix: Default to yescript rather than sha512. From aSam Hartman2021-09-151-2/+2
| | | | | | | | | theoretical security standpoint, it looks like yescript has similar security properties, assuming (as we typically do in the crypto protocol community) that sha256 is still reasonable. However, in terms of practical resistant to password cracking, particularly in terms of valuing space complexity as well as time complexity, yescript is superior, Closes: #978553
* debian/patches-applied/pam_unix_initialize_daysleft : Initialize daysSam Hartman2021-09-152-0/+31
| | | | before password expire, Closes: #980285
* libpam-modules.install: Install pam_faillock binariesSam Hartman2021-09-151-0/+2
|
generated by cgit v1.2.3 (git 2.39.1) at 2025-05-20 16:38:15 +0000