aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* debian/libpam-modules.preinst: match common-*Sam Hartman2021-09-151-1/+1
| | | | Include - in file matching regexp to include /etc/pam.d/common-*
* debian/libpam0g.postinst: code review fixesMark Hindley2021-09-151-2/+2
| | | | | | | | * Fix indentation * set service so argument to function is used * remove dead code
* Dutch translationSam Hartman2021-09-152-19/+29
|
* Russian TranslationsSam Hartman2021-09-152-41/+51
|
* French translationsSam Hartman2021-09-152-28/+40
|
* New Brazilian Portuguese translation, Thanks Adriano Rafael Gomes, Closes: ↵Sam Hartman2021-09-152-11/+22
| | | | #984656
* More translation updatesSam Hartman2021-09-153-41/+47
|
* Updated Bulgarian Translation, Thanks Damyan IvanovSam Hartman2021-09-152-10/+17
|
* Updated Simplified Chinese Translations, thanks Boyuan YangSam Hartman2021-09-152-32/+41
|
* Updated portuguese debconf translation, thanks Pedro Ribeiro, Closes: #983594Sam Hartman2021-09-152-14/+24
|
* Document changes for 1.4.0-6Sam Hartman2021-09-151-0/+8
|
* Run debconf-updatepoSam Hartman2021-09-1524-94/+1138
|
* debian/libpam-modules.preinst: update version to 1.4.0-5Sam Hartman2021-09-151-1/+1
| | | | | Since we added new upgrade tests, update the version against which our tests run.
* Document changes for 1.4.0-5Sam Hartman2021-09-151-3/+14
|
* Document that common-session is only for interactive sessionsSam Hartman2021-09-152-2/+2
|
* libpam-modules.preinst,templates: detect pam_tallySam Hartman2021-09-152-2/+23
| | | | | Detect any uses of pam_tally that are left after disabling profiles, and halt upgrade on them.
* Commit common-password md5sum introduced in 1.4.0-4Sam Hartman2021-09-151-0/+1
|
* Confirm that md5sums of templates are registeredSam Hartman2021-09-152-0/+64
|
* debian/local/pam-auth-update: detect pam_tallySam Hartman2021-09-151-0/+7
| | | | | | Create a mechanism for tracking modules that have been removed. Disable profiles containing those modules so they do not appear in the list of available modules. Use this mechanism for pam_tally.
* debian/libpam-modules.preinst|templates: pam_tally deprecationSam Hartman2021-09-153-1/+48
| | | | | | | | | * Add a facility to detect enabled profiles that contain a particular module * If a profile contains an enabled module that is being removed, remove that profile and warn the user. * Use this to pam_tally and because of how the string search works pam_tally2
* debian/libpam0g.postinst: Handle systemd unitsSam Hartman2021-09-153-14/+45
| | | | | | | | | | | | | | | | | | Debian policy now considers init scripts optional. When booted with systemd, use systemd facilities for determining whether a service is enabled and restarting. We might want to try restarting services that are running even if disabled. I don't think we did that in the init script case, and I don't know a good way to determine which units should be restarted. * Update template description because the services are no longer considered init scripts on most systems. It wouldn't be worth the translation churn alone, but we have another template change in the same version. * Override lintian warning regarding calling systemctl. oops lintian
* debian/README.source: document how to avoid multi-arch issuesSam Hartman2021-09-151-0/+9
|
* Document changes for 1.4.0-4Sam Hartman2021-09-151-0/+8
|
* debian/libpam-runtime.prerm: Update block about removalSam Hartman2021-09-151-6/+15
|
* debian/local/common-password: Document switch to yescryptSam Hartman2021-09-151-8/+8
|
* Release 1.4.0-3 to unstableSam Hartman2021-09-151-2/+2
|
* patches-applied/pam_mkhomedir_stat_before_opendir: Stat the skeleton ↵Sam Hartman2021-09-153-0/+28
| | | | | | | | | | | directory before opendir According to https://bugs.debian.org/834589 there are cases where the kernel will not permit opendir before stat of the enclosing directory. In the described case it was autofs, but I can see various filesystems that mount a network namespace doing the same thing trying to prevent excessive network traffic from a tree traversal. Statting the autofs entry before opendir causes it to work.
* libpam-runtime.postrm: /var/lib/pam may not exist on purgeSam Hartman2021-09-151-1/+1
| | | | | | | In practice, I get a directory does not exist when I run dpkg --force-remove-essential --force-depends --purge libpam-runtime I'm guessing that somehow /var/lib/pam is getting removed both in the remove and purge stage. That's okay, so ignore it.
* patches-applied/pam_faillock_create_directory: backport upstream patchSam Hartman2021-09-153-0/+48
| | | | | | to Create /run/faillock when needed. Fedora used to do this with tmpfiles, but we don't want to do that because it is systemd dependent.
* No infinite loop on purge of libpam-runtime, Closes: #977648Sam Hartman2021-09-151-2/+4
|
* pam-configs/unix: Default to yescript rather than sha512. From aSam Hartman2021-09-151-2/+2
| | | | | | | | | theoretical security standpoint, it looks like yescript has similar security properties, assuming (as we typically do in the crypto protocol community) that sha256 is still reasonable. However, in terms of practical resistant to password cracking, particularly in terms of valuing space complexity as well as time complexity, yescript is superior, Closes: #978553
* debian/patches-applied/pam_unix_initialize_daysleft : Initialize daysSam Hartman2021-09-152-0/+31
| | | | before password expire, Closes: #980285
* libpam-modules.install: Install pam_faillock binariesSam Hartman2021-09-151-0/+2
|
* libpam-runtime.postrm: Remove session-noninteractive files on purge, Closes: ↵Josh Triplett2021-09-151-2/+4
| | | | #978601
* whitespace fixup to match the archiveSteve Langasek2021-09-151-1/+1
|
* releasing package pam version 1.4.0-2Steve Langasek2020-12-281-2/+2
|
* Restart services on upgrade to 1.4.0. Closes: #978555.Steve Langasek2020-12-283-3/+9
|
* releasing package pam version 1.4.0-1Steve Langasek2020-12-281-2/+2
|
* Add hardening+=bindnow to build options, per lintian.Steve Langasek2020-08-122-1/+3
|
* Refresh lintian overrides for changes to available pam modules.Steve Langasek2020-08-122-3/+2
|
* Update symbols file for new symbols.Steve Langasek2020-08-122-0/+3
|
* Continue building pam_cracklib, which is deprecated upstream; the ↵Steve Langasek2020-08-122-0/+3
| | | | replacement, pam_passwdqc, is packaged separately.
* Drop pam_tally and pam_tally2 modules, which have been deprecated upstream ↵Steve Langasek2020-08-124-8/+2
| | | | in favor of pam_faillock. Closes: #569746, LP: #772121.
* debian/pam-configs/unix: use nullok, not nullok_secure.Steve Langasek2020-08-122-2/+3
|
* debian/patches-applied/nullok_secure-compat.patch: Support nullok_secure as ↵Steve Langasek2020-08-123-0/+30
| | | | a deprecated alias for nullok.
* debian/patches-applied/cve-2010-4708.patch: drop, applied upstream.Steve Langasek2020-08-123-54/+1
|
* Drop patches to implement "nullok_secure" option for pam_unix. Closes: ↵Steve Langasek2020-08-124-424/+2
| | | | #674857, #936071.
* Refresh patchesSteve Langasek2020-08-126-181/+186
|
* fix changelog maintainer fieldSteve Langasek2020-08-111-1/+1
|
* Merge upstream version 1.4.0Steve Langasek2020-08-11680-34379/+48291
|\
generated by cgit v1.2.3 (git 2.39.1) at 2025-05-20 14:30:56 +0000