aboutsummaryrefslogtreecommitdiff
path: root/debian/patches-applied
Commit message (Collapse)AuthorAgeFilesLines
* Use gbp pq for patches, Closes: #995239Sam Hartman2023-09-1124-3545/+0
|
* Refresh patchesSteve Langasek2022-08-1720-349/+119
|
* cherry-pick: Allow /etc/environment files without EOL at EOF.Sergio Durigan Junior2021-12-062-0/+32
| | | | In other words, allow files without a newline at the end. (LP: #1953201)
* debian/patches-applied/pam_unix_avoid_checksalt: upstream patch toSam Hartman2021-09-152-0/+44
| | | | | avoid crypt_checksalt because pre-bullseye password hashes were ignored.
* Revert "Prefer _PAM_ISA to DEFAULT_MODULE_PATH"Sam Hartman2021-09-151-4/+4
| | | | | It turns out Debian uses DEFAULT_MODULE_PATH and _PAM_ISA in the opposite meaning of upstream. DEFAULT_MODULE_PATH is based on libdir, which is the multiarch path, while _PAM_ISA is /lib/security. So my patch had the opposite effect as intended.
* Prefer _PAM_ISA to DEFAULT_MODULE_PATHSam Hartman2021-09-151-4/+4
| | | | | debian/patches-applied/lib_security_multiarch_compat: Prefer _PAM_ISA to DEFAULT_MODULE_PATH.
* Fix pam-modules not in multiarch pathsSam Hartman2021-09-151-6/+15
| | | | | | * debian/patches-applied/lib_security_multiarch_compat - Fix regression introduced in 1.4.0-1: search both /lib/security and /lib/[multiarch]/security/], Closes: #990790
* patches-applied/pam_mkhomedir_stat_before_opendir: Stat the skeleton ↵Sam Hartman2021-09-152-0/+26
| | | | | | | | | | | directory before opendir According to https://bugs.debian.org/834589 there are cases where the kernel will not permit opendir before stat of the enclosing directory. In the described case it was autofs, but I can see various filesystems that mount a network namespace doing the same thing trying to prevent excessive network traffic from a tree traversal. Statting the autofs entry before opendir causes it to work.
* patches-applied/pam_faillock_create_directory: backport upstream patchSam Hartman2021-09-152-0/+32
| | | | | | to Create /run/faillock when needed. Fedora used to do this with tmpfiles, but we don't want to do that because it is systemd dependent.
* debian/patches-applied/pam_unix_initialize_daysleft : Initialize daysSam Hartman2021-09-152-0/+31
| | | | before password expire, Closes: #980285
* debian/patches-applied/nullok_secure-compat.patch: Support nullok_secure as ↵Steve Langasek2020-08-122-0/+28
| | | | a deprecated alias for nullok.
* debian/patches-applied/cve-2010-4708.patch: drop, applied upstream.Steve Langasek2020-08-122-54/+0
|
* Drop patches to implement "nullok_secure" option for pam_unix. Closes: ↵Steve Langasek2020-08-123-424/+0
| | | | #674857, #936071.
* Refresh patchesSteve Langasek2020-08-126-181/+186
|
* Fix d/p/update-motd to apply the correct changes to the READMESteve Langasek2019-02-131-9/+9
|
* Further cleanup of patch to avoid accidental regeneration of docsSteve Langasek2019-02-121-53/+54
|
* Clean up patch so that we don't accidentally regenerate manpage againSteve Langasek2019-02-121-13/+13
|
* Add debian/patches/fix-autoreconf.patchAndreas Henriksson2019-02-112-0/+28
|
* Refresh patchesSteve Langasek2019-02-112-105/+46
|
* Refresh patchesSteve Langasek2019-01-2431-1416/+855
|
* rebuild README files with current docs toolchain.Steve Langasek2019-01-082-1/+148
| | | | | also, reorder patches so that all doc rebuilds get the standard locale setting.
* Consistently include documentation changes in patches, for clean source packageSteve Langasek2019-01-083-45/+168
|
* Use LC_ALL=C.UTF-8, not LC_ALL=C, when generating documentation.Steve Langasek2019-01-081-4/+4
|
* Don't include changes to autogenerated files in patches.Steve Langasek2019-01-081-11/+0
|
* Import Debian changes 1.1.8-3.6Adrian Bunk2019-01-081-0/+26
| | | | | | | | | | | pam (1.1.8-3.6) unstable; urgency=medium * Non-maintainer upload. * cve-2015-3238.patch: Add the changes in the generated pam_exec.8 and pam_unix.8 in addition to (and after) the changes to the source .xml files. This avoids unwanted rebuilds that can cause problems due to differing files on different architectures of the Multi-Arch: same libpam-modules. (Closes: #851545)
* Import Debian changes 1.1.8-3.3Laurent Bigonville2019-01-087-29/+189
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | pam (1.1.8-3.3) unstable; urgency=low * Non-maintainer upload. [ Steve Langasek ] * Updated Swedish translation to correct a typo, thanks to Anders Jonsson and Martin Bagge. Closes: #743875 * Updated Turkish translation, thanks to Mert Dirik <mertdirik@gmail.com>. (closes: #756756) * d/applied-patches/pam-limits-nofile-fd-setsize-cap: cap the default soft nofile limit read from pid 1 to FD_SETSIZE. Thanks to Robie Basak <robie.basak@ubuntu.com> for the patch. Closes: #783105. * Acknowledge security NMU. * pam-auth-update: don't mishandle trailing whitespace in profiles. LP: #1487103. [ Laurent Bigonville ] * debian/control: Fix Vcs-* and Homepage fields (Closes: #752343) * debian/watch: Update watch file and point it to http://www.linux-pam.org * debian/patches-applied/pam_namespace_fix_bashism.patch: Fix bashism in namespace.init script (Closes: #624842) * debian/control: Build-depends against debhelper (>= 9) to match the defined debhelper compatibility * Rename the cve-2011-4708.patch to cve-2010-4708.patch to match reality, thanks to Jakub Wilk <jwilk@debian.org> for noticing (Closes: #761594) * debian/control: Bump Standards-Version to 3.9.8 (no further changes) * debian/libpam-doc.doc-base.applications-guide: Fix spelling * debian/libpam0g-dev.examples: Do not use shell brace expansion * debian/patches-applied/pam-loginuid-in-containers: Updated with the version from Ubuntu, this should fix logins in containers (Closes: #726661) * debian/patches-applied/update-motd: Updated with the version from Ubuntu: use /run/motd.dynamic instead of /var/run/motd, nothing in the archive uses the later (Closes: #743286) * debian/patches-applied/make_documentation_reproducible.patch: Make the build reproducible, removes differences when building with different locale values (Closes: #792127)
| * d/applied-patches/pam-limits-nofile-fd-setsize-cap: cap the defaultSteve Langasek2019-01-082-0/+59
| | | | | | | | | | soft nofile limit read from pid 1 to FD_SETSIZE. Thanks to Robie Basak <robie.basak@ubuntu.com> for the patch. Closes: #783105.
* | Import Debian changes 1.1.8-3.2Tianon Gravi2019-01-082-0/+155
| | | | | | | | | | | | | | | | pam (1.1.8-3.2) unstable; urgency=medium * Non-maintainer upload. * Fix CVE-2015-3238: DoS/user enumeration due to blocking pipe in pam_unix module (Closes: #789986)
* | Import Debian changes 1.1.8-3.1Michael Gilbert2019-01-083-0/+93
|/ | | | | | | | | | pam (1.1.8-3.1) unstable; urgency=high * Non-maintainer upload by the Security Team. * Fix CVE-2013-7041: case-insensitive comparison used for verifying passwords in the pam_userdb module (closes: #731368). * Fix CVE-2014-2583: multiple directory traversal issues in the pam_timestamp module (closes: 757555)
* Properly regen the contents of PAM.8, so that it will be renamed to PAM.7 on ↵Steve Langasek2019-01-081-0/+15
| | | | install
* Add missing patch to autogenerated pam_env.8Steve Langasek2019-01-081-0/+19
|
* Ensure autogenerated files are after source files in all relevant patches,Steve Langasek2019-01-082-404/+419
| | | | so that regenerating documentation doesn't cause build skew.
* Drop another couple of patches that are already upstreamSteve Langasek2019-01-083-53/+0
|
* Another round of patch refreshingSteve Langasek2019-01-085-140/+154
|
* debian/patches/fix-manpage-crud: drop, manpages now being generatedSteve Langasek2019-01-082-22145/+0
| | | | upstream with a newer, fixed xsltproc.
* Refresh patchesSteve Langasek2019-01-0813-15843/+16700
|
* debian/patches-applied/pam-loginuid-in-containers: pam_loginuid:Steve Langasek2019-01-082-0/+137
| | | | Ignore failure in user namespaces.
* Ditch autoconf patch in favor of a build-dependency on dh-autoreconf,Steve Langasek2019-01-082-27925/+0
| | | | | which will let us keep up-to-date with newer autotools. In the present instance, this gets us aarch64 support.
* Whoops, commit a patch that I managed to not get addedSteve Langasek2019-01-081-0/+30
|
* debian/patches-applied/glibc-2_16-compilation-fix.patch: fix missingSteve Langasek2019-01-081-0/+1
| | | | | include causing build failure with eglibc 2.16. Thanks to Daniel Schepler <dschepler@gmail.com>. Closes: #693450.
* Adjust the pam_env documentation to match the module behavior resultingSteve Langasek2019-01-083-7/+29
| | | | from the previous security upload. Closes: #693995.
* Confirm NMU for bug #611136; thanks to Michael Gilbert.Steve Langasek2019-01-082-0/+13
|
* debian/patches-applied/update-motd: new module option for pam_motd,Steve Langasek2019-01-081-3/+86
| | | | | 'noupdate', which suppresses the call to run-parts /etc/update-motd.d. LP: #805423.
* debian/patches-applied/update-motd: set a sane umask before callingSteve Langasek2019-01-081-4/+6
| | | | | run-parts, and restore the old mask afterwards, so /run/motd gets consistent permissions. LP: #871943.
* debian/patches-applied/hurd_no_setfsuid: we don't want to check allSteve Langasek2019-01-081-16/+10
| | | | | | setre*id() calls; we know that there are situations where some of these may fail but we don't care. As long as the last setre*id() call in each set succeeds, that's the state we mean to be in.
* * debian/patches-applied/pam_env-fix-overflow.patch: fix stack overflowKees Cook2019-01-083-0/+64
| | | | | | in environment file parsing (CVE-2011-3148). * debian/patches-applied/pam_env-fix-dos.patch: fix DoS in environment file parsing (CVE-2011-3149).
* debian/patches-applied/update-motd: correctly clear environment whenKees Cook2019-01-081-4/+4
| | | | building motd.
* debian/patches-applied/hurd_no_setfsuid: check all set*id() calls.Kees Cook2019-01-081-14/+22
|
* debian/patches-applied/{007_modules_pam_unix,055_pam_unix_nullok_secure}:Kees Cook2019-01-082-65/+42
| | | | drop unneeded no-op change to reduce delta from upstream.
* debian/patches-applied/022_pam_unix_group_time_miscfixes,Kees Cook2019-01-083-2/+8
| | | | | | debian/patches-applied/026_pam_unix_passwd_unknown_user, debian/patches-applied/054_pam_security_abstract_securetty_handling: improve descriptions.
generated by cgit v1.2.3 (git 2.39.1) at 2025-05-20 12:34:15 +0000