Overview Repositories Revisions Requests Users Attributes Meta

Revisions of pam

Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 919240 from Thorsten Kukuk's avatar Thorsten Kukuk (kukuk) (revision 116) 
- Rename motd.tmpfiles to pam.tmpfiles
  - Add /run/faillock directory

- pam-login_defs-check.sh: adjust for new login.defs variable usages

- Update to 1.5.2
  Noteworthy changes in Linux-PAM 1.5.2:
  * pam_exec: implemented quiet_log option.
  * pam_mkhomedir: added support of HOME_MODE and UMASK from
    /etc/login.defs.
  * pam_timestamp: changed hmac algorithm to call openssl instead
    of the bundled sha1 implementation if selected, added option
    to select the hash algorithm to use with HMAC.
  * Added pkgconfig files for provided libraries.
  * Added --with-systemdunitdir configure option to specify systemd
    unit directory.
  * Added --with-misc-conv-bufsize configure option to specify the
    buffer size in libpam_misc's misc_conv() function, raised the
    default value for this parameter from 512 to 4096.
  * Multiple minor bug fixes, portability fixes, documentation
    improvements, and translation updates.
  pam_tally2 has been removed upstream, remove pam_tally2-removal.patch
  pam_cracklib has been removed from the upstream sources. This
  obsoletes pam-pam_cracklib-add-usersubstr.patch and
  pam_cracklib-removal.patch.
  The following patches have been accepted upstream and, so,
  are obsolete:
  - pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch
  - pam_securetty-don-t-complain-about-missing-config.patch
  - bsc1184358-prevent-LOCAL-from-being-resolved.patch
Richard Brown's avatar Richard Brown (RBrownSUSE) accepted request 911843 from Thorsten Kukuk's avatar Thorsten Kukuk (kukuk) (revision 115) 
- pam_umask-usergroups-login_defs.patch: Deprecate pam_umask
  explicit "usergroups" option and instead read it from login.def's
  "USERGROUP_ENAB" option if umask is only defined there.
  [bsc#1189139]

- package man5/motd.5 as a man-pages link to man8/pam_motd.8
  [bsc#1188724]
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 906153 from Thorsten Kukuk's avatar Thorsten Kukuk (kukuk) (revision 114) 
Requested by dimstar
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 902310 from Josef Möllers's avatar Josef Möllers (jmoellers) (revision 113) 
- Create /run/motd.d (forwarded request 902295 from gmbr3)
Richard Brown's avatar Richard Brown (RBrownSUSE) accepted request 873577 from Thorsten Kukuk's avatar Thorsten Kukuk (kukuk) (revision 110) 
- Add missing conflicts for pam_unix-nis

- Split out pam_unix module and build without NIS support


- Add missing conflicts for pam_unix 

- Fix split provides and BuildRequires 
- Makefile-pam_unix-nis.diff: Link pam_unix-nis.so against outside
  pam library

- standalone pam_unix with NIS support
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 851278 from Thorsten Kukuk's avatar Thorsten Kukuk (kukuk) (revision 108) 
- Update to 1.5.1
  - pam_unix: fixed CVE-2020-27780 - authentication bypass when a user
    doesn't exist and root password is blank [bsc#1179166]
  - pam_faillock: added nodelay option to not set pam_fail_delay
  - pam_wheel: use pam_modutil_user_in_group to check for the group membership
    with getgrouplist where it is available
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 849468 from Thorsten Kukuk's avatar Thorsten Kukuk (kukuk) (revision 107) 
- Update to 1.5.0
  - obsoletes pam-bsc1178727-initialize-daysleft.patch
  - Multiple minor bug fixes, portability fixes, and documentation improvements.
  - Extended libpam API with pam_modutil_check_user_in_passwd function.
  - pam_faillock: changed /run/faillock/$USER permissions from 0600 to 0660.
  - pam_motd: read motd files with target user credentials skipping unreadable ones.
  - pam_pwhistory: added a SELinux helper executable.
  - pam_unix, pam_usertype: implemented avoidance of certain timing attacks.
  - pam_wheel: implemented PAM_RUSER fallback for the case when getlogin fails.
  - pam_env: Reading of the user environment is deprecated and will be removed
             at some point in the future.
  - libpam: pam_modutil_drop_priv() now correctly sets the target user's
    supplementary groups, allowing pam_motd to filter messages accordingly
- Refresh pam-xauth_ownership.patch
- pam_tally2-removal.patch: Re-add pam_tally2 for deprecated sub-package
- pam_cracklib-removal.patch: Re-add pam_cracklib for deprecated sub-package

- pam_cracklib: added code to check whether the password contains
  a substring of of the user's name of at least <N> characters length
  in some form.
  This is enabled by the new parameter "usersubstr=<N>"
  See https://github.com/libpwquality/libpwquality/commit/bfef79dbe6aa525e9557bf4b0a61e6dde12749c4
  [jsc#SLE-16719, jsc#SLE-16720, pam-pam_cracklib-add-usersubstr.patch]

- pam_xauth.c: do not free() a string which has been (successfully)
  passed to putenv().
  [bsc#1177858, pam-bsc1177858-dont-free-environment-string.patch]

- Initialize pam_unix pam_sm_acct_mgmt() local variable "daysleft"
  to avoid spurious (and misleading)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) committed (revision 106) 
https://bugzilla.opensuse.org/show_bug.cgi?id=1177858
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 847481 from Thorsten Kukuk's avatar Thorsten Kukuk (kukuk) (revision 105) 
- Enable pam_faillock [bnc#1171562]

- /usr/bin/xauth chokes on the old user's $HOME being on an NFS
  file system. Run /usr/bin/xauth using the old user's uid/gid
  Patch courtesy of Dr. Werner Fink.
  [bsc#1174593, pam-xauth_ownership.patch]

- pam-login_defs-check.sh: Fix the regexp to get a real variable
  list (boo#1164274).

- Revert the previous change [SR#815713].
  The group is not necessary for PAM functionality but used only
  during testing. The test system should therefore create this group.
  [bsc#1171016, pam.spec]

- Add requirement for group "wheel" to spec file.
  [bsc#1171016, pam.spec]
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) committed (revision 104) 
Revert: https://bugzilla.opensuse.org/show_bug.cgi?id=1177858
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 812631 from Thorsten Kukuk's avatar Thorsten Kukuk (kukuk) (revision 102) 
- Update to final 1.4.0 release
  - includes pam-check-user-home-dir.patch
  - obsoletes fix-man-links.dif

- common-password: remove pam_cracklib, as that is deprecated.

- pam_setquota.so:
  When setting quota, don't apply any quota if the user's $HOME is
  a mountpoint (ie the user has a partition of his/her own).
  [bsc#1171721, pam-check-user-home-dir.patch]

- Update to current Linux-PAM snapshot
  - pam_tally* and pam_cracklib got deprecated
- Disable pam_faillock and pam_setquota until they are whitelisted

- Adapted patch pam-hostnames-in-access_conf.patch for new version
  New version obsoleted patch use-correct-IP-address.patch
  [pam-hostnames-in-access_conf.patch,
   use-correct-IP-address.patch]

- Update to current Linux-PAM snapshot
  - Obsoletes pam_namespace-systemd.diff

- Update to current Linux-PAM snapshot
  - Add pam_faillock
  - Multiple minor bug fixes and documentation improvements
  - Fixed grammar of messages printed via pam_prompt
  - Added support for a vendor directory and libeconf
  - configure: Allowed disabling documentation through --disable-doc
  - pam_get_authtok_verify: Avoid duplicate password verification
Displaying revisions 21 - 40 of 138
openSUSE Build Service is sponsored by
Places