|
|
 |
|
|
Changelog for pam-devel-0.99.6.2-3.27.ML5.i386.rpm :
Mon May 26 00:00:00 2008 Eddy Nigg
- Rebuild for StartCom Linux 5.0.x
Thu Jan 10 23:00:00 2008 Tomas Mraz 0.99.6.2-3.27
- support sha256 and sha512 password hashes (#427389)
- fixed in operator of pam_succeed_if module (#295151)
- fixed audit option of pam_tally and pam_tally2 (#328281)
- do not free putenved pointer in pam_xauth (#402391)
Tue Jul 10 00:00:00 2007 Tomas Mraz 0.99.6.2-3.26
- removed realtime default limits (#240123) from the package as
it caused regression on machines with nonexistent realtime group
Tue Jul 10 00:00:00 2007 Tomas Mraz 0.99.6.2-3.25
- added and improved translations (#219124)
- adjusted the default limits for realtime users (#240123)
Sat Jun 23 00:00:00 2007 Tomas Mraz 0.99.6.2-3.23
- pam_unix: truncated MD5 passwords in shadow shouldn\'t match (#219258)
- pam_limits: add limits.d support (#232700)
- pam_limits, pam_time, pam_access: add auditing of failed logins (#232993)
- pam_namespace: expand $HOME even when appended with text (#237163)
original patch by Ted X. Toth
- add some default limits for users in realtime group (#240123)
- CVE-2007-3102 - prevent audit log injection through user name (#243204)
Fri Apr 27 00:00:00 2007 Tomas Mraz 0.99.6.2-3.22
- make unix_update helper executable only by root as it isn\'t
useful for regular user anyway
Tue Apr 24 00:00:00 2007 Tomas Mraz 0.99.6.2-3.21
- pam_namespace: better document behavior on failure (#237249)
- pam_unix: split out passwd change to a new helper binary (#236316)
Wed Apr 4 00:00:00 2007 Tomas Mraz 0.99.6.2-3.19
- pam_selinux: improve context change auditing (#234781)
Sat Mar 31 00:00:00 2007 Tomas Mraz 0.99.6.2-3.18
- pam_console: always decrement use count (#233581)
- pam_namespace: fix parsing config file with unknown users (#234513)
Mon Feb 26 23:00:00 2007 Tomas Mraz 0.99.6.2-3.17
- pam_namespace: unmount poly dir for override users (#229689)
- pam_namespace: use raw context for poly dir name (#227345)
- pam_namespace: truncate long poly dir name (append hash) (#230120)
Wed Feb 21 23:00:00 2007 Tomas Mraz 0.99.6.2-3.15
- correctly relabel tty in the default case (#229542)
Mon Jan 15 23:00:00 2007 Tomas Mraz 0.99.6.2-3.14
- properly include /var/log/faillog and tallylog as ghosts
and create them in post script (#209646)
Mon Jan 8 23:00:00 2007 Tomas Mraz 0.99.6.2-3.13
- Update gmo files as we patch some po files (#218271)
Fri Jan 5 23:00:00 2007 Tomas Mraz 0.99.6.2-3.12
- Add use_current_range option to pam_selinux (#220487)
Wed Jan 3 23:00:00 2007 Dan Walsh 0.99.6.2-3.11
- Add proper audit message to indicate selected context
- Resolves: #220652
Wed Jan 3 23:00:00 2007 Dan Walsh 0.99.6.2-3.10
- Try again to Fix pam_selinux to select role correctly
- Resolves: #220652
Wed Dec 27 23:00:00 2006 Dan Walsh 0.99.6.2-3.9
- Fix pam_selinux to select role correctly
- Resolves: #220652
Fri Dec 15 23:00:00 2006 Dan Walsh 0.99.6.2-3.8
- Fix pam_namespace to work with cron
- Resolves: #216184
Thu Dec 14 23:00:00 2006 Tomas Mraz 0.99.6.2-3.7
- No shortcut on Password: in ja locale (#218271)
- Revert to old euid and not ruid when setting euid in pam_keyinit (#219486)
- Fix no answer to select_context question (#213812)
- Rename selinux-namespace patch to namespace-level
Fri Dec 1 23:00:00 2006 Dan Walsh 0.99.6.2-3.6
- Add level polyinstantiation option to pam_namespace to only
change MLS component (#216184)
Thu Nov 30 23:00:00 2006 Tomas Mraz 0.99.6.2-3.5
- add select-context option to pam_selinux (#213812)
Wed Nov 15 23:00:00 2006 Tomas Mraz 0.99.6.2-3.4
- move setgid before setuid in pam_keyinit (#212329)
- make username check in pam_unix consistent with useradd (#212153)
Wed Oct 25 00:00:00 2006 Tomas Mraz 0.99.6.2-3.3
- don\'t overflow a buffer in pam_namespace (#211989)
Tue Oct 17 00:00:00 2006 Tomas Mraz 0.99.6.2-3.2
- /var/log/faillog and tallylog must be %config(noreplace)
Sat Oct 14 00:00:00 2006 Tomas Mraz 0.99.6.2-3.1
- preserve effective uid in namespace.init script (LSPP for newrole)
- include /var/log/faillog and tallylog to filelist (#209646)
- add ids to .xml docs so the generated html is always the same (#210569)
Fri Sep 29 00:00:00 2006 Tomas Mraz 0.99.6.2-3
- add pam_namespace option no_unmount_on_close, required for newrole
Tue Sep 5 00:00:00 2006 Tomas Mraz 0.99.6.2-2
- silence pam_succeed_if in default system-auth (#205067)
- round the pam_timestamp_check sleep up to wake up at the start of the
wallclock second (#205068)
Fri Sep 1 00:00:00 2006 Tomas Mraz 0.99.6.2-1
- upgrade to new upstream version, as there are mostly bugfixes except
improved documentation
- add support for session and password service for pam_access and
pam_succeed_if
- system-auth: skip session pam_unix for crond service
Fri Aug 11 00:00:00 2006 Dan Walsh 0.99.5.0-8
- Add new setkeycreatecon call to pam_selinux to make sure keyring has correct context
Fri Aug 11 00:00:00 2006 Tomas Mraz 0.99.5.0-7
- revoke keyrings properly when pam_keyinit called as root (#201048)
- pam_succeed_if should return PAM_USER_UNKNOWN when getpwnam fails (#197748)
Thu Aug 3 00:00:00 2006 Tomas Mraz 0.99.5.0-6
- revoke keyrings properly when pam_keyinit called more than once (#201048)
patch by David Howells
Sat Jul 22 00:00:00 2006 Tomas Mraz 0.99.5.0-5
- don\'t log pam_keyinit debug messages by default (#199783)
Sat Jul 22 00:00:00 2006 Tomas Mraz 0.99.5.0-4
- drop ainit from console.handlers (#199561)
Tue Jul 18 00:00:00 2006 Tomas Mraz 0.99.5.0-3
- don\'t report error in pam_selinux for nonexistent tty (#188722)
- add pam_keyinit to the default system-auth file (#198623)
Thu Jul 13 00:00:00 2006 Jesse Keating - 0.99.5.0-2.1
- rebuild
Tue Jul 4 00:00:00 2006 Tomas Mraz 0.99.5.0-2
- fixed network match in pam_access (patch by Dan Yefimov)
Sat Jul 1 00:00:00 2006 Tomas Mraz 0.99.5.0-1
- updated to a new upstream release
- added service as value to be matched and list matching to
pam_succeed_if
- namespace.init was missing from EXTRA_DIST
Fri Jun 9 00:00:00 2006 Tomas Mraz 0.99.4.0-5
- updated pam_namespace with latest patch by Janak Desai
- merged pam_namespace patches
- added buildrequires libtool
- fixed a few rpmlint warnings
Thu May 25 00:00:00 2006 Tomas Mraz 0.99.4.0-4
- actually don\'t link to libssl as it is not used (#191915)
Thu May 18 00:00:00 2006 Tomas Mraz 0.99.4.0-3
- use md5 implementation from pam_unix in pam_namespace
- pam_namespace should call setexeccon only when selinux is enabled
Wed May 17 00:00:00 2006 Tomas Mraz 0.99.4.0-2
- pam_console_apply shouldn\'t access /var when called with -r (#191401)
- actually apply the large-uid patch
- don\'t build hmactest in pam_timestamp so openssl-devel is not required
- add missing buildrequires (#191915)
Thu May 11 00:00:00 2006 Tomas Mraz 0.99.4.0-1
- upgrade to new upstream version
- make pam_console_apply not dependent on glib
- support large uids in pam_tally, pam_tally2
Fri May 5 00:00:00 2006 Tomas Mraz 0.99.3.0-5
- the namespace instance init script is now in /etc/security (#190148)
- pam_namespace: added missing braces (#190026)
- pam_tally(2): never call fclose twice on the same FILE (from upstream)
Thu Apr 27 00:00:00 2006 Tomas Mraz 0.99.3.0-4
- fixed console device class for irda (#189966)
- make pam_console_apply fail gracefully when a class is missing
Wed Apr 26 00:00:00 2006 Tomas Mraz 0.99.3.0-3
- added pam_namespace module written by Janak Desai (per-user /tmp
support)
- new pam-redhat modules version
Fri Feb 24 23:00:00 2006 Tomas Mraz 0.99.3.0-2
- added try_first_pass option to pam_cracklib
- use try_first_pass for pam_unix and pam_cracklib in
system-auth (#182350)
Fri Feb 10 23:00:00 2006 Jesse Keating - 0.99.3.0-1.2
- bump again for double-long bug on ppc(64)
Tue Feb 7 23:00:00 2006 Jesse Keating - 0.99.3.0-1.1
- rebuilt for new gcc4.1 snapshot and glibc changes
Fri Feb 3 23:00:00 2006 Tomas Mraz 0.99.3.0-1
- new upstream version
- updated db4 to 4.3.29
- added module pam_tally2 with auditing support
- added manual pages for system-auth and config-util (#179584)
Tue Jan 3 23:00:00 2006 Tomas Mraz 0.99.2.1-3
- remove \'initscripts\' dependency (#176508)
- update pam-redhat modules, merged patches
Fri Dec 16 23:00:00 2005 Tomas Mraz 0.99.2.1-2
- fix dangling symlinks in -devel (#175929)
- link libaudit only where necessary
- actually compile in audit support
Thu Dec 15 23:00:00 2005 Tomas Mraz 0.99.2.1-1
- support netgroup matching in pam_succeed_if
- upgrade to new release
- drop pam_pwdb as it was obsolete long ago
- we don\'t build static libraries anymore
Fri Dec 9 23:00:00 2005 Jesse Keating
- rebuilt
Tue Nov 15 23:00:00 2005 Tomas Mraz 0.80-14
- pam_stack is deprecated - log its usage
Thu Oct 27 00:00:00 2005 Tomas Mraz 0.80-13
- fixed CAN-2005-2977 unix_chkpwd should skip user verification only if
run as root (#168181)
- link pam_loginuid to libaudit
- support no tty in pam_access (#170467)
- updated audit patch (by Steve Grubb)
- the previous pam_selinux change was not applied properly
- pam_xauth: look for the xauth binary in multiple directories (#171164)
Thu Oct 27 00:00:00 2005 Dan Walsh 0.80-12
- Eliminate multiple in pam_selinux
Sat Oct 15 00:00:00 2005 Dan Walsh 0.80-11
- Eliminate fail over for getseuserbyname call
Fri Oct 14 00:00:00 2005 Dan Walsh 0.80-10
- Add getseuserbyname call for SELinux MCS/MLS policy
Wed Oct 5 00:00:00 2005 Tomas Mraz
- pam_console manpage fixes (#169373)
Sat Oct 1 00:00:00 2005 Tomas Mraz 0.80-9
- don\'t include ps and pdf docs (#168823)
- new common config file for configuration utilities
- remove glib2 dependency (#166979)
Wed Sep 21 00:00:00 2005 Tomas Mraz 0.80-8
- process limit values other than RLIMIT_NICE correctly (#168790)
- pam_unix: always honor nis flag on password change (by Aaron Hope)
Thu Aug 25 00:00:00 2005 Tomas Mraz 0.80-7
- don\'t fail in audit code when audit is not compiled in
on the newest kernels (#166422)
Tue Aug 2 00:00:00 2005 Tomas Mraz 0.80-6
- add option to pam_loginuid to require auditd
Sat Jul 30 00:00:00 2005 Tomas Mraz 0.80-5
- fix NULL dereference in pam_userdb (#164418)
Wed Jul 27 00:00:00 2005 Tomas Mraz 0.80-4
- fix 64bit bug in pam_pwdb
- don\'t crash in pam_unix if pam_get_data fail
Sat Jul 23 00:00:00 2005 Tomas Mraz 0.80-3
- more pam_selinux permissive fixes (Dan Walsh)
- make binaries PIE (#158938)
Tue Jul 19 00:00:00 2005 Tomas Mraz 0.80-2
- fixed module tests so the pam doesn\'t require itself to build (#163502)
- added buildprereq for building the documentation (#163503)
- relaxed permissions of binaries (u+w)
Fri Jul 15 00:00:00 2005 Tomas Mraz 0.80-1
- upgrade to new upstream sources
- removed obsolete patches
- pam_selinux module shouldn\'t fail on broken configs unless
policy is set to enforcing (Dan Walsh)
Wed Jun 22 00:00:00 2005 Tomas Mraz 0.79-11
- update pam audit patch
- add support for new limits in kernel-2.6.12 (#157050)
Fri Jun 10 00:00:00 2005 Tomas Mraz 0.79-10
- add the Requires dependency on audit-libs (#159885)
- pam_loginuid shouldn\'t report error when /proc/self/loginuid
is missing (#159974)
Sat May 21 00:00:00 2005 Tomas Mraz 0.79-9
- update the pam audit patch to support newest audit library,
audit also pam_setcred calls (Steve Grubb)
- don\'t use the audit_fd as global static variable
- don\'t unset the XAUTHORITY when target user is root
Tue May 3 00:00:00 2005 Tomas Mraz 0.79-8
- pam_console: support loading .perms files in the console.perms.d (#156069)
Wed Apr 27 00:00:00 2005 Tomas Mraz 0.79-7
- pam_xauth: unset the XAUTHORITY variable on error, fix
potential memory leaks
- modify path to IDE floppy devices in console.perms (#155560)
Sun Apr 17 00:00:00 2005 Steve Grubb 0.79-6
- Adjusted pam audit patch to make exception for ECONNREFUSED
Wed Apr 13 00:00:00 2005 Tomas Mraz 0.79-5
- added auditing patch by Steve Grubb
- added cleanup patches for bugs found by Steve Grubb
- don\'t clear the shadow option of pam_unix if nis option used
Sat Apr 9 00:00:00 2005 Tomas Mraz 0.79-4
- #150537 - flush input first then write the prompt
Fri Apr 8 00:00:00 2005 Tomas Mraz 0.79-3
- make pam_unix LSB 2.0 compliant even when SELinux enabled
- #88127 - change both local and NIS passwords to keep them in sync,
also fix a regression in passwd functionality on NIS master server
Wed Apr 6 00:00:00 2005 Tomas Mraz
- #153711 fix wrong logging in pam_selinux when restoring tty label
Mon Apr 4 00:00:00 2005 Tomas Mraz 0.79-2
- fix NULL deref in pam_tally when it\'s used in account phase
Fri Apr 1 00:00:00 2005 Tomas Mraz 0.79-1
- upgrade to the new upstream release
- moved pam_loginuid to pam-redhat repository
Wed Mar 23 23:00:00 2005 Tomas Mraz 0.78-9
- fix wrong logging in pam_console handlers
- add executing ainit handler for alsa sound dmix
- #147879, #112777 - change permissions for dri devices
Fri Mar 18 23:00:00 2005 Tomas Mraz 0.78-8
- remove ownership and permissions handling from pam_console call
pam_console_apply as a handler instead
Mon Mar 14 23:00:00 2005 Tomas Mraz 0.78-7
- add pam_loginuid module for setting the the login uid for auditing purposes
(by Steve Grubb)
Thu Mar 10 23:00:00 2005 Tomas Mraz 0.78-6
- add functionality for running handler executables from pam_console
when console lock was obtained/lost
- removed patches merged to pam-redhat
Tue Mar 1 23:00:00 2005 Tomas Mraz 0.78-5
- echo why tests failed when rebuilding
- fixed some warnings and errors in pam_console for gcc4 build
- improved parsing pam_console config file
Mon Feb 21 23:00:00 2005 Tomas Mraz
- don\'t log garbage in pam_console_apply (#147879)
Tue Jan 18 23:00:00 2005 Tomas Mraz
- don\'t require exact db4 version only conflict with incompatible one
Wed Jan 12 23:00:00 2005 Tomas Mraz 0.78-4
- updated pam-redhat from elvis CVS
- removed obsolete patches
Mon Jan 3 23:00:00 2005 Jeff Johnson 0.78-3
- depend on db-4.3.27, not db-4.3.21.
Thu Nov 25 23:00:00 2004 Tomas Mraz 0.78-2
- add argument to pam_console_apply to restrict its work to specified files
Tue Nov 23 23:00:00 2004 Tomas Mraz 0.78-1
- update to Linux-PAM-0.78
- #140451 parse passwd entries correctly and test for failure
- #137802 allow using pam_console for authentication
Fri Nov 12 23:00:00 2004 Jeff Johnson 0.77-67
- rebuild against db-4.3.21.
Thu Nov 11 23:00:00 2004 Tomas Mraz 0.77-66
- #77646 log failures when renaming the files when changing password
- Log failure on missing /etc/security/opasswd when remember option is present
Wed Nov 10 23:00:00 2004 Tomas Mraz
- #87628 pam_timestamp remembers authorization after logout
- #116956 fixed memory leaks in pam_stack
Thu Oct 21 00:00:00 2004 Tomas Mraz 0.77-65
- #74062 modify the pwd-lock patch to remove NIS passwd changing deadlock
Thu Oct 21 00:00:00 2004 Tomas Mraz 0.77-64
- #134941 pam_console should check X11 socket only on login
Wed Oct 20 00:00:00 2004 Tomas Mraz 0.77-63
- Fix checking of group Development/Debug syntax in pam_limits
- Drop fencepost patch as it was already fixed
by upstream change from 0.75 to 0.77
- Fix brokenshadow patch
Tue Oct 12 00:00:00 2004 Tomas Mraz 0.77-62
- Added bluetooth, raw1394 and flash to console.perms
- pam_console manpage fix
Tue Oct 12 00:00:00 2004 Tomas Mraz 0.77-61
- #129328 pam_env shouldn\'t abort on missing /etc/environment
- #126985 pam_stack should always copy the conversation function
- #127524 add /etc/security/opasswd to files
Wed Sep 29 00:00:00 2004 Phil Knirsch 0.77-60
- Drop last patch again, fixed now correctly elsewhere
Fri Sep 24 00:00:00 2004 Phil Knirsch 0.77-59
- Fixed bug in pam_env where wrong initializer was used
Sat Sep 18 00:00:00 2004 Dan Walsh 0.77-58
- rebuild selinux patch using checkPasswdAccess
Tue Sep 14 00:00:00 2004 Jindrich Novy
- rebuilt
Tue Sep 14 00:00:00 2004 Tomas Mraz 0.77-56
- #75454 fixed locking when changing password
- #127054
- #125653 removed unnecessary getgrouplist call
- #124979 added quiet option to pam_succeed_if
Tue Aug 31 00:00:00 2004 Warren Togami 0.77-55
- #126024 /dev/pmu console perms
Thu Aug 5 00:00:00 2004 Dan Walsh 0.77-54
- Move pam_console.lock to /var/run/console/
Fri Jul 30 00:00:00 2004 Dan Walsh 0.77-53
- Close fd[1] before pam_modutilread so that unix_verify will complete
Wed Jul 28 00:00:00 2004 Alan Cox 0.77-52
- First chunk of Steve Grubb\'s resource leak and other fixes
Wed Jul 28 00:00:00 2004 Alan Cox 0.77-51
- Fixed build testing of modules
- Fixed dependancies
Wed Jul 21 00:00:00 2004 Dan Walsh 0.77-50
- Change unix_chkpwd to return pam error codes
Sun Jul 11 00:00:00 2004 Alan Cox
- Fixed the pam glib2 dependancy issue
Tue Jun 22 00:00:00 2004 Alan Cox
- Fixed the pam_limits fencepost error (#79989) since nobody seems to
be doing it
Wed Jun 16 00:00:00 2004 Elliot Lee
- rebuilt
Thu Jun 10 00:00:00 2004 Dan Walsh 0.77-45
- Add requires libselinux > 1.8
Fri Jun 4 00:00:00 2004 Dan Walsh 0.77-44
- Add MLS Support to selinux patch
Thu Jun 3 00:00:00 2004 Dan Walsh 0.77-43
- Modify pam_selinux to use open and close param
Sat May 29 00:00:00 2004 Dan Walsh 0.77-42
- Split pam module into two parts open and close
Wed May 19 00:00:00 2004 Phil Knirsch 0.77-41
- Fixed 64bit segfault in pam_succeed_if module.
Thu Apr 15 00:00:00 2004 Dan Walsh 0.77-40
- Apply changes from audit.
Tue Apr 13 00:00:00 2004 Dan Walsh 0.77-39
- Change to only report failure on relabel if debug
Wed Mar 3 23:00:00 2004 Dan Walsh 0.77-38
- Fix error handling of pam_unix
Tue Mar 2 23:00:00 2004 Elliot Lee
- rebuilt
Thu Feb 26 23:00:00 2004 Dan Walsh 0.77-36
- fix tty handling
Thu Feb 26 23:00:00 2004 Dan Walsh 0.77-35
- remove tty closing and opening from pam_selinux, it does not work.
Fri Feb 13 23:00:00 2004 Elliot Lee
- rebuilt
Thu Feb 12 23:00:00 2004 Nalin Dahyabhai
- pam_unix: also log successful password changes when using shadowed passwords
Tue Feb 10 23:00:00 2004 Dan Walsh 0.77-33
- close and reopen terminal after changing context.
Thu Feb 5 23:00:00 2004 Dan Walsh 0.77-32
- Check for valid tty
Tue Feb 3 23:00:00 2004 Dan Walsh 0.77-31
- Check for multiple > 1
Mon Feb 2 23:00:00 2004 Dan Walsh 0.77-30
- fix is_selinux_enabled call for pam_rootok
Wed Jan 28 23:00:00 2004 Dan Walsh 0.77-29
- More fixes to pam_selinux,pam_rootok
Wed Jan 28 23:00:00 2004 Dan Walsh 0.77-28
- turn on selinux
Wed Jan 28 23:00:00 2004 Dan Walsh 0.77-27
- Fix rootok check.
Mon Jan 26 23:00:00 2004 Dan Walsh 0.77-26
- fix is_selinux_enabled call
Sun Jan 25 23:00:00 2004 Dan Walsh 0.77-25
- Check if ROOTOK for SELinux
Thu Jan 15 23:00:00 2004 Dan Walsh 0.77-24
- Fix tty handling for pts in pam_selinux
Thu Jan 15 23:00:00 2004 Dan Walsh 0.77-23
- Need to add qualifier context for sudo situation
Thu Jan 15 23:00:00 2004 Dan Walsh 0.77-22
- Fix pam_selinux to use prevcon instead of pam_user so it will work for su.
Fri Dec 12 23:00:00 2003 Bill Nottingham 0.77-21.sel
- add alsa devs to console.perms
Thu Dec 11 23:00:00 2003 Jeff Johnson 0.77-20.sel
- rebuild with db-4.2.52.
- build db4 in build_unix, not dist.
Wed Nov 26 23:00:00 2003 Dan Walsh 0.77-19.sel
- Change unix_chkpwd to handle unix_passwd and unix_acct
- This eliminates the need for pam modules to have read/write access to /etc/shadow.
Thu Nov 20 23:00:00 2003 Dan Walsh 0.77-18.sel
- Cleanup unix_chkpwd
Mon Nov 3 23:00:00 2003 Dan Walsh 0.77-17.sel
- Fix tty handling
- Add back multiple handling
Mon Oct 27 23:00:00 2003 Dan Walsh 0.77-16.sel
- Remove Multiple from man page of pam_selinux
Fri Oct 24 00:00:00 2003 Nalin Dahyabhai 0.77-15
- don\'t install _pam_aconf.h -- apps don\'t use it, other PAM headers which
are installed don\'t use it, and its contents may be different for arches
on a multilib system
- check for linkage problems in modules at %install-time (kill #107093 dead)
- add buildprereq on flex (#101563)
Thu Oct 23 00:00:00 2003 Nalin Dahyabhai
- make pam_pwdb.so link with libnsl again so that it loads (#107093)
- remove now-bogus buildprereq on db4-devel (we use a bundled copy for
pam_userdb to avoid symbol collisions with other db libraries in apps)
Tue Oct 21 00:00:00 2003 Dan Walsh 0.77-14.sel
- Add Russell Coker patch to handle /dev/pty
Sat Oct 18 00:00:00 2003 Dan Walsh 0.77-13.sel
- Turn on Selinux
Sat Oct 18 00:00:00 2003 Dan Walsh 0.77-12
- Fix pam_timestamp to work when 0 seconds have elapsed
Tue Oct 7 00:00:00 2003 Dan Walsh 0.77-11
- Turn off selinux
Fri Sep 26 00:00:00 2003 Dan Walsh 0.77-10.sel
- Turn on Selinux and remove multiple choice of context.
Thu Sep 25 00:00:00 2003 Dan Walsh 0.77-10
- Turn off selinux
Thu Sep 25 00:00:00 2003 Dan Walsh 0.77-9.sel
- Add Russell\'s patch to check password
Thu Sep 18 00:00:00 2003 Dan Walsh 0.77-8.sel
- handle ttys correctly in pam_selinux
Sat Sep 6 00:00:00 2003 Dan Walsh 0.77-7.sel
- Clean up memory problems and fix tty handling.
Tue Jul 29 00:00:00 2003 Dan Walsh 0.77-6
- Add manual context selection to pam_selinux
Tue Jul 29 00:00:00 2003 Dan Walsh 0.77-5
- Add pam_selinux
Tue Jul 29 00:00:00 2003 Dan Walsh 0.77-4
- Add SELinux support
Fri Jul 25 00:00:00 2003 Nalin Dahyabhai 0.77-3
- pam_postgresok: add
- pam_xauth: add \"targetuser\" argument
Wed Jul 23 00:00:00 2003 Nalin Dahyabhai
- pam_succeed_if: fix thinko in argument parsing which would walk past the
end of the argument list
Thu Jul 10 00:00:00 2003 Nalin Dahyabhai 0.77-2
- reapply:
- set handler for SIGCHLD to SIG_DFL around
*_chkpwd, not SIG_IGN
Tue Jul 8 00:00:00 2003 Nalin Dahyabhai 0.77-1
- pam_timestamp: fail if the key file doesn\'t contain enough data
Fri Jul 4 00:00:00 2003 Nalin Dahyabhai 0.77-0
- update to 0.77 upstream release
- pam_limits: limits now affect root as well
- pam_nologin: returns PAM_IGNORE instead of PAM_SUCCESS unless \"successok\"
is given as an argument
- pam_userdb: correctly return PAM_AUTH_ERR instead of PAM_USER_UNKNOWN when
invoked with the \"key_only\" argument and the database has an entry of the
form \"user-\"
- use a bundled libdb for pam_userdb.so because the system copy uses threads,
and demand-loading a shared library which uses threads into an application
which doesn\'t is a Very Bad Idea
Fri Jul 4 00:00:00 2003 Nalin Dahyabhai
- pam_timestamp: use a message authentication code to validate timestamp files
Tue Jul 1 00:00:00 2003 Nalin Dahyabhai 0.75-48.1
- rebuild
Tue Jun 10 00:00:00 2003 Nalin Dahyabhai 0.75-49
- modify calls to getlogin() to check the directory of the current TTY before
searching for an entry in the utmp/utmpx file (#98020, #98826, CAN-2003-0388)
Thu Jun 5 00:00:00 2003 Elliot Lee
- rebuilt
Mon Feb 10 23:00:00 2003 Bill Nottingham 0.75-48
- set handler for SIGCHLD to SIG_DFL around
*_chkpwd, not SIG_IGN
Wed Jan 22 23:00:00 2003 Tim Powers 0.75-47
- rebuilt
Tue Dec 17 23:00:00 2002 Nalin Dahyabhai 0.75-46
- pam_xauth: reintroduce ACL support, per the original white paper
- pam_xauth: default root\'s export ACL to none instead of everyone
Mon Dec 2 23:00:00 2002 Nalin Dahyabhai 0.75-45
- create /lib/security, even if it isn\'t /%{_lib}/security, because we
can\'t locate /lib/security/$ISA without it (noted by Arnd Bergmann)
- clear out the duplicate docs directory created during %install
Thu Nov 21 23:00:00 2002 Nalin Dahyabhai 0.75-44
- fix syntax errors in pam_console\'s yacc parser which newer bison chokes on
- forcibly set FAKEROOT at make install time
Wed Oct 23 00:00:00 2002 Nalin Dahyabhai 0.75-43
- patch to interpret $ISA in case the fist module load attempt fails
- use $ISA in default configs
Sat Oct 5 00:00:00 2002 Elliot Lee 0.75-42
- Since cracklib-dicts location will not be correctly detected without
that package being installed, add buildreq for cracklib-dicts.
- Add patch57: makes configure use $LIBNAME when searching for cracklib
dicts, and error out if not found.
Fri Sep 13 00:00:00 2002 Than Ngo 0.75-41.1
- Fixed pam config files
Thu Sep 12 00:00:00 2002 Than Ngo 0.75-41
- Added fix to install libs in correct directory on 64bit machine
Sat Aug 3 00:00:00 2002 Nalin Dahyabhai 0.75-40
- pam_timestamp_check: check that stdio descriptors are open before we\'re
invoked
- add missing chroot.conf
Tue Jul 30 00:00:00 2002 Nalin Dahyabhai 0.75-39
- pam_timestamp: sundry fixes, use \"unknown\" as the tty when none is found
Fri Jun 28 00:00:00 2002 Nalin Dahyabhai 0.75-38
- pam_timestamp_check: be as smart about figuring out the tty as the module is
Thu Jun 20 00:00:00 2002 Nalin Dahyabhai 0.75-37
- pam_timestamp_check: remove extra unlink() call spotted by Havoc
Tue Jun 18 00:00:00 2002 Nalin Dahyabhai 0.75-36
- pam_timestamp: chown intermediate directories when creating them
- pam_timestamp_check: add -d flag to poll
Fri May 24 00:00:00 2002 Nalin Dahyabhai 0.75-35
- pam_timestamp: add some sanity checks
- pam_timestamp_check: add
Thu May 23 00:00:00 2002 Nalin Dahyabhai 0.75-34
- pam_timestamp: add a \'verbose\' option
Fri May 17 00:00:00 2002 Nalin Dahyabhai 0.75-33
- rebuild with db4
- just bundle install-sh into the source package
Wed Apr 10 00:00:00 2002 Nalin Dahyabhai 0.75-32
- pam_unix: be more compatible with AIX-style shadowing (#19236)
Thu Mar 28 23:00:00 2002 Nalin Dahyabhai 0.75-31
- libpam_misc: fix possible infinite loop in misc_conv (#62195)
- pam_xauth: fix cases where DISPLAY is \"localhost:screen\" and the xauth
key is actually stored using the system\'s hostname (#61524)
Mon Mar 25 23:00:00 2002 Nalin Dahyabhai 0.75-30
- rebuild
Mon Mar 25 23:00:00 2002 Nalin Dahyabhai 0.75-29
- rebuild
Mon Mar 11 23:00:00 2002 Nalin Dahyabhai 0.75-28
- include the pwdb config file
Fri Mar 1 23:00:00 2002 Nalin Dahyabhai 0.75-27
- adjust the pwdb-static patch to build pam_radius correctly (#59408)
Fri Mar 1 23:00:00 2002 Nalin Dahyabhai 0.75-26
- change the db4-devel build dependency to db3-devel
Thu Feb 21 23:00:00 2002 Nalin Dahyabhai 0.75-25
- rebuild
Fri Feb 8 23:00:00 2002 Nalin Dahyabhai 0.75-24
- pam_unix: log successful password changes
- remove pam_timestamp
Thu Feb 7 23:00:00 2002 Nalin Dahyabhai 0.75-23
- fix pwdb embedding
- add pam_timestamp
Thu Jan 31 23:00:00 2002 Nalin Dahyabhai 0.75-22
- swallow up pwdb 0.61.1 for building pam_pwdb
Wed Jan 23 23:00:00 2002 Nalin Dahyabhai 0.75-21
- pam_userdb: build with db4 instead of db3
Thu Nov 22 23:00:00 2001 Nalin Dahyabhai 0.75-20
- pam_stack: fix some memory leaks (reported by Fernando Trias)
- pam_chroot: integrate Owl patch to report the more common causes of failures
Fri Nov 9 23:00:00 2001 Nalin Dahyabhai 0.75-19
- fix a bug in the getpwnam_r wrapper which sometimes resulted in false
positives for non-existent users
Wed Nov 7 23:00:00 2001 Nalin Dahyabhai 0.75-18
- include libpamc in the pam package (#55651)
Fri Nov 2 23:00:00 2001 Nalin Dahyabhai 0.75-17
- pam_xauth: don\'t free a string after passing it to putenv()
Thu Oct 25 00:00:00 2001 Nalin Dahyabhai 0.75-16
- pam_xauth: always return PAM_SUCCESS or PAM_SESSION_ERR instead of PAM_IGNORE,
matching the previous behavior (libpam treats PAM_IGNORE from a single module
in a stack as a session error, leading to false error messages if we just
return PAM_IGNORE for all cases)
Tue Oct 23 00:00:00 2001 Nalin Dahyabhai 0.75-15
- reorder patches so that the reentrancy patch is applied last -- we never
came to a consensus on how to guard against the bugs in calling applications
which this sort of change addresses, and having them last allows for dropping
in a better strategy for addressing this later on
Tue Oct 16 00:00:00 2001 Nalin Dahyabhai
- pam_rhosts: allow \"+hostname\" as a synonym for \"hostname\" to jive better
with the hosts.equiv(5) man page
- use the automake install-sh instead of the autoconf install-sh, which
disappeared somewhere between 2.50 and now
Tue Oct 9 00:00:00 2001 Nalin Dahyabhai
- add pwdb as a buildprereq
Sat Oct 6 00:00:00 2001 Nalin Dahyabhai
- pam_tally: don\'t try to read past the end of faillog -- it probably contains
garbage, which if written into the file later on will confuse /usr/bin/faillog
Fri Oct 5 00:00:00 2001 Nalin Dahyabhai
- pam_limits: don\'t just return if the user is root -- we\'ll want to set the
priority (it could be negative to elevate root\'s sessions)
- pam_issue: fix off-by-one error allocating space for the prompt string
Thu Oct 4 00:00:00 2001 Nalin Dahyabhai
- pam_mkhomedir: recurse into subdirectories properly
- pam_mkhomedir: handle symlinks
- pam_mkhomedir: skip over special items in the skeleton directory
Wed Oct 3 00:00:00 2001 Nalin Dahyabhai
- add cracklib as a buildprereq
- pam_wheel: don\'t ignore out if the user is attempting to switch to a
unprivileged user (this lets pam_wheel do its thing when users attempt
to get to system accounts or accounts of other unprivileged users)
Sat Sep 29 00:00:00 2001 Nalin Dahyabhai
- pam_xauth: close a possible DoS due to use of dotlock-style locking in
world-writable directories by relocating the temporary file to the target
user\'s home directory
- general: include headers local to this tree using relative paths so that
system headers for PAM won\'t be pulled in, in case include paths don\'t
take care of it
Fri Sep 28 00:00:00 2001 Nalin Dahyabhai
- pam_xauth: rewrite to skip refcounting and just use a temporary file
created using mkstemp() in /tmp
Wed Sep 26 00:00:00 2001 Nalin Dahyabhai
- pam_userdb: fix the key_only flag so that the null-terminator of the
user-password string isn\'t expected to be part of the key in the db file,
matching the behavior of db_load 3.2.9
Tue Sep 25 00:00:00 2001 Nalin Dahyabhai
- pam_unix: use crypt() instead of bigcrypt() when salted field is less than
the critical size which lets us know it was generated with bigcrypt()
- use a wrapper to handle ERANGE errors when calling get....._r functions:
defining PAM_GETPWNAM_R and such (for getpwnam, getpwuid, getgrnam,
getgrgid, and getspnam) before including _pam_macros.h will cause them
to be implemented as static functions, similar to how defining PAM_SM_xxx
is used to control whether or not PAM declares prototypes for certain
functions
Tue Sep 25 00:00:00 2001 Nalin Dahyabhai 0.75-14
- pam_unix: argh, compare entire pruned salt string with crypted result, always
Sun Sep 9 00:00:00 2001 Bill Nottingham 0.75-13
- ship /lib/lib{pam,pam_misc}.so for legacy package builds
Fri Sep 7 00:00:00 2001 Nalin Dahyabhai 0.75-12
- noreplace configuration files in /etc/security
- pam_console: update pam_console_apply and man pages to reflect
/var/lock -> /var/run move
Thu Sep 6 00:00:00 2001 Nalin Dahyabhai 0.75-11
- pam_unix: fix the fix for #42394
Wed Sep 5 00:00:00 2001 Nalin Dahyabhai
- modules: use getpwnam_r and friends instead of non-reentrant versions
- pam_console: clear generated .c and .h files in \"clean\" makefile target
Fri Aug 31 00:00:00 2001 Nalin Dahyabhai
- pam_stack: perform deep copy of conversation structures
- include the static libpam in the -devel subpackage (#52321)
- move development .so and .a files to %{_libdir}
- pam_unix: don\'t barf on empty passwords (#51846)
- pam_unix: redo compatibility with \"hash,age\" data wrt bigcrypt (#42394)
- console.perms: add usb camera, scanner, and rio devices (#15528)
- pam_cracklib: initialize all options properly (#49613)
Thu Aug 23 00:00:00 2001 Nalin Dahyabhai
- pam_limits: don\'t rule out negative priorities
Tue Aug 14 00:00:00 2001 Nalin Dahyabhai 0.75-10
- pam_xauth: fix errors due to uninitialized data structure (fix from Tse Huong
Choo)
- pam_xauth: random cleanups
- pam_console: use /var/run/console instead of /var/lock/console at install-time
- pam_unix: fix preserving of permissions on files which are manipulated
Sat Aug 11 00:00:00 2001 Bill Nottingham
- fix segfault in pam_securetty
Fri Aug 10 00:00:00 2001 Nalin Dahyabhai
- pam_console: use /var/run/console instead of /var/lock/console for lock files
- pam_issue: read the right number of bytes from the file
Tue Jul 10 00:00:00 2001 Nalin Dahyabhai
- pam_wheel: don\'t error out if the group has no members, but is the user\'s
primary GID (reported by David Vos)
- pam_unix: preserve permissions on files which are manipulated (#43706)
- pam_securetty: check if the user is the superuser before checking the tty,
thereby allowing regular users access to services which don\'t set the
PAM_TTY item (#39247)
- pam_access: define NIS and link with libnsl (#36864)
Fri Jul 6 00:00:00 2001 Nalin Dahyabhai
- link libpam_misc against libpam
Wed Jul 4 00:00:00 2001 Nalin Dahyabhai
- pam_chroot: chdir() before chroot()
Sat Jun 30 00:00:00 2001 Nalin Dahyabhai
- pam_console: fix logic bug when changing permissions on single
file and/or lists of files
- pam_console: return the proper error code (reported and patches
for both from Frederic Crozat)
- change deprecated Copyright: tag in .spec file to License:
Tue Jun 26 00:00:00 2001 Nalin Dahyabhai
- console.perms: change js
* to js[0-9]
*
- include pam_aconf.h in more modules (patches from Harald Welte)
Fri May 25 00:00:00 2001 Nalin Dahyabhai
- console.perms: add apm_bios to the list of devices the console owner can use
- console.perms: add beep to the list of sound devices
Tue May 8 00:00:00 2001 Nalin Dahyabhai
- link pam_console_apply statically with libglib (#38891)
Tue May 1 00:00:00 2001 Nalin Dahyabhai
- pam_access: compare IP addresses with the terminating \".\", as documented
(patch from Carlo Marcelo Arenas Belon, I think) (#16505)
Tue Apr 24 00:00:00 2001 Nalin Dahyabhai
- merge up to 0.75
- pam_unix: temporarily ignore SIGCHLD while running the helper
- pam_pwdb: temporarily ignore SIGCHLD while running the helper
- pam_dispatch: default to uncached behavior if the cached chain is empty
Sat Apr 7 00:00:00 2001 Nalin Dahyabhai
- correct speling errors in various debug messages and doc files (#33494)
Fri Apr 6 00:00:00 2001 Nalin Dahyabhai
- prereq sed, fileutils (used in %post)
Thu Apr 5 00:00:00 2001 Nalin Dahyabhai
- remove /dev/dri from console.perms -- XFree86 munges it, so it\'s outside of
our control (reminder from Daryll Strauss)
- add /dev/3dfx to console.perms
Fri Mar 23 23:00:00 2001 Nalin Dahyabhai
- pam_wheel: make \'trust\' and \'deny\' work together correctly
- pam_wheel: also check the user\'s primary gid
- pam_group: also initialize groups when called with PAM_REINITIALIZE_CRED
Tue Mar 20 23:00:00 2001 Nalin Dahyabhai
- mention pam_console_apply in the see also section of the pam_console man pages
Fri Mar 16 23:00:00 2001 Nalin Dahyabhai
- console.perms: /dev/vc/
* should be a regexp, not a glob (thanks to
Charles Lopes)
Mon Mar 12 23:00:00 2001 Nalin Dahyabhai
- console.perms: /dev/cdroms/
* should belong to the user, from Douglas
Gilbert via Tim Waugh
Thu Mar 8 23:00:00 2001 Nalin Dahyabhai
- pam_console_apply: muck with devices even if the mount point doesn\'t exist
Wed Mar 7 23:00:00 2001 Nalin Dahyabhai
- pam_console: error out on undefined classes in pam_console config file
- console.perms: actually change the permissions on the new device classes
- pam_console: add an fstab= argument, and -f and -c flags to pam_console_apply
- pam_console: use g_log instead of g_critical when bailing out
- console.perms: logins on /dev/vc/
* are also console logins, from Douglas
Gilbert via Tim Waugh
Tue Mar 6 23:00:00 2001 Nalin Dahyabhai
- add pam_console_apply
- /dev/pilot\'s usually a serial port (or a USB serial port), so revert its
group to \'uucp\' instead of \'tty\' in console.perms
- change pam_console\'s behavior wrt directories -- directories which are
mount points according to /etc/fstab are taken to be synonymous with
their device special nodes, and directories which are not mount points
are ignored
Tue Feb 27 23:00:00 2001 Nalin Dahyabhai
- handle errors fork()ing in pam_xauth
- make the \"other\" config noreplace
Mon Feb 26 23:00:00 2001 Nalin Dahyabhai | |
