|
|
|
|
Changelog for pam-1.6.1-3.3.x86_64.rpm :
* Wed Apr 10 2024 Thorsten Kukuk - Update to version 1.6.1 - pam_env: fixed --disable-econf --enable-vendordir support. - pam_unix: do not warn if password aging is disabled. - pam_unix: try to set uid to 0 before unix_chkpwd invocation. - pam_unix: allow empty passwords with non-empty hashes. - Multiple minor bug fixes, build fixes, portability fixes, documentation improvements, and translation updates.- Remove backports: - pam_env-fix_vendordir.patch - pam_env-fix-enable-vendordir-fallback.patch - pam_env-remove-escaped-newlines.patch - pam_unix-fix-password-aging-disabled.patch * Thu Feb 22 2024 Valentin Lefebvre - Use autosetup to prepare for RPM 4.20. * Wed Feb 07 2024 Thorsten Kukuk - pam.tmpfiles: Make sure the content of the /run directories get removed in case of a soft-reboot * Tue Jan 30 2024 Thorsten Kukuk - Enable pam_canonicalize_user.so * Fri Jan 19 2024 Thorsten Kukuk - Add post 1.6.0 release fixes for pam_env and pam_unix: - pam_env-fix-enable-vendordir-fallback.patch - pam_env-fix_vendordir.patch - pam_env-remove-escaped-newlines.patch - pam_unix-fix-password-aging-disabled.patch- Update to version 1.6.0 - Added support of configuration files with arbitrarily long lines. - build: fixed build outside of the source tree. - libpam: added use of getrandom(2) as a source of randomness if available. - libpam: fixed calculation of fail delay with very long delays. - libpam: fixed potential infinite recursion with includes. - libpam: implemented string to number conversions validation when parsing controls in configuration. - pam_access: added quiet_log option. - pam_access: fixed truncation of very long group names. - pam_canonicalize_user: new module to canonicalize user name. - pam_echo: fixed file handling to prevent overflows and short reads. - pam_env: added support of \'\\\' character in environment variable values. - pam_exec: allowed expose_authtok for password PAM_TYPE. - pam_exec: fixed stack overflow with binary output of programs. - pam_faildelay: implemented parameter ranges validation. - pam_listfile: changed to treat \\r and \ exactly the same in configuration. - pam_mkhomedir: hardened directory creation against timing attacks. - Please note that using *at functions leads to more open file handles during creation. - pam_namespace: fixed potential local DoS (CVE-2024-22365). - pam_nologin: fixed file handling to prevent short reads. - pam_pwhistory: helper binary is now built only if SELinux support is enabled. - pam_pwhistory: implemented reliable usernames handling when remembering passwords. - pam_shells: changed to allow shell entries with absolute paths only. - pam_succeed_if: fixed treating empty strings as numerical value 0. - pam_unix: added support of disabled password aging. - pam_unix: synchronized password aging with shadow. - pam_unix: implemented string to number conversions validation. - pam_unix: fixed truncation of very long user names. - pam_unix: corrected rounds retrieval for configured encryption method. - pam_unix: implemented reliable usernames handling when remembering passwords. - pam_unix: changed to always run the helper to obtain shadow password entries. - pam_unix: unix_update helper binary is now built only if SELinux support is enabled. - pam_unix: added audit support to unix_update helper. - pam_userdb: added gdbm support. - Multiple minor bug fixes, portability fixes, documentation improvements, and translation updates.- The following patches are obsolete with the update: - pam_access-doc-IPv6-link-local.patch - pam_access-hostname-debug.patch - pam_shells-fix-econf-memory-leak.patch - pam_shells-fix-econf-memory-leak.patch - disable-examples.patch- pam-login_defs-check.sh: adjust checksum, SHA_CRYPT_MAX_ROUNDS is no longer used. * Wed Aug 23 2023 Thorsten Kukuk - Fix building without SELinux * Mon Aug 07 2023 Thorsten Kukuk - pam_access backports from upstream: - pam_access-doc-IPv6-link-local.patch: Document only partial supported IPv6 link local addresses - pam_access-hostname-debug.patch: Don\'t print error if we cannot resolve a hostname, does not need to be a hostname - pam_shells-fix-econf-memory-leak.patch: Free econf keys variable - disable-examples.patch: Don\'t build examples * Tue May 09 2023 Thorsten Kukuk - Update to final 1.5.3 release: - configure: added --enable-logind option to use logind instead of utmp in pam_issue and pam_timestamp. - pam_modutil_getlogin: changed to use getlogin() from libc instead of parsing utmp. - Added libeconf support to pam_env and pam_shells. - Added vendor directory support to pam_access, pam_env, pam_group, pam_faillock, pam_limits, pam_namespace, pam_pwhistory, pam_sepermit, pam_shells, and pam_time. - pam_limits: changed to not fail on missing config files. - pam_pwhistory: added conf= option to specify config file location. - pam_pwhistory: added file= option to specify password history file location. - pam_shells: added shells.d support when libeconf and vendordir are enabled. - Deprecated pam_lastlog: this module is no longer built by default because it uses utmp, wtmp, btmp and lastlog, but none of them are Y2038 safe, even on 64bit architectures. pam_lastlog will be removed in one of the next releases, consider using pam_lastlog2 (from https://github.com/thkukuk/lastlog2) and/or pam_wtmpdb (from https://github.com/thkukuk/wtmpdb) instead. - Deprecated _pam_overwrite(), _pam_overwrite_n(), and _pam_drop_reply() macros provided by _pam_macros.h; the memory override performed by these macros can be optimized out by the compiler and therefore can no longer be relied upon. * Thu Apr 20 2023 Thorsten Kukuk - pam-extra: add split provide * Wed Apr 12 2023 Thorsten Kukuk - pam-userdb: add split provide * Tue Apr 11 2023 Thorsten Kukuk - Drop pam-xauth_ownership.patch, got fixed in sudo itself- Drop pam-bsc1177858-dont-free-environment-string.patch, was a fix for above patch * Thu Apr 06 2023 Thorsten Kukuk - Use bcond selinux to disable SELinux- Remove old pam_unix_ * compat symlinks- Move pam_userdb to own pam-userdb sub-package- pam-extra contains now modules having extended dependencies like libsystemd- Update to 1.5.3.90 git snapshot- Drop merged patches: - pam-git.diff - docbook5.patch - pam_pwhistory-docu.patch - pam_xauth_data.3.xml.patch- Drop Linux-PAM-1.5.2.90.tar.xz as we have to rebuild all documentation anyways and don\'t use the prebuild versions- Move all devel manual pages to pam-manpages, too. Fixes the problem that adjusted defaults not shown correct. * Mon Mar 20 2023 Thorsten Kukuk - Add common-session-nonlogin and postlogin- * pam.d config files for https://github.com/SUSE/pam-config/pull/16, pam_lastlog2 and upcoming pam_wtmpdb. * Fri Mar 10 2023 Giuliano Belinassi - Enable livepatching support on x86_64. * Tue Jan 24 2023 Valentin Lefebvre - Use rpm macros for pam dist conf dir (/usr/etc/security) * Wed Jan 18 2023 Stefan Schubert - Moved following files/dirs in /etc/security to vendor directory: access.conf, limits.d, sepermit.conf, time.conf, namespace.conf, namespace.d, namespace.init * Sat Dec 24 2022 Dominique Leuenberger - Also obsolete pam_unix-32bit to have clean upgrade path. * Fri Dec 16 2022 Thorsten Kukuk - Merge pam_unix back into pam, seperate package not needed anymore * Thu Dec 15 2022 Thorsten Kukuk - Update pam-git.diff to current upstream - pam_env: Use vendor specific pam_env.conf and environment as fallback - pam_shells: Use the vendor directory obsoletes pam_env_econf.patch- Refresh docbook5.patch * Tue Dec 06 2022 Thorsten Kukuk - pam_pwhistory-docu.patch, docbook5.patch: convert docu to docbook5 * Thu Dec 01 2022 Thorsten Kukuk - pam-git.diff: update to current git - obsoletes pam-hostnames-in-access_conf.patch - obsoletes tst-pam_env-retval.c- pam_env_econf.patch refresh * Tue Nov 22 2022 Thorsten Kukuk - Move pam_env config files below /usr/etc * Tue Oct 11 2022 Stefan Schubert - pam_env: Using libeconf for reading configuration and environment files. (Patch: pam_env_econf.patch; Testcase: tst-pam_env-retval.c) * Fri Jun 17 2022 Thorsten Kukuk - Keep old directory in filelist for migration * Wed Jun 01 2022 Thorsten Kukuk - Move PAM config files from /usr/etc/pam.d to /usr/lib/pam.d * Fri Mar 11 2022 Thorsten Kukuk - pam-hostnames-in-access_conf.patch: update with upstream submission. Fixes several bugs including memory leaks. * Wed Feb 09 2022 Thorsten Kukuk - Move group.conf and faillock.conf to /usr/etc/security * Mon Feb 07 2022 Thorsten Kukuk - Update to current git for enhanced vendordir support (pam-git.diff) Obsoletes: - 0001-Include-pam_xauth_data.3.xml-in-source-archive-400.patch - 0002-Only-include-vendordir-in-manual-page-if-set-401.patch - 0003-Use-vendor-specific-limits.conf-as-fallback-402.patch * Mon Dec 13 2021 Thorsten Kukuk - Drop pam_umask-usergroups-login_defs.patch, does more harm than helps. If not explizit specified as module option, we use UMASK from login.defs unmodified. * Thu Nov 25 2021 Thorsten Kukuk - Don\'t define doc/manpages packages in main build * Wed Nov 24 2021 Thorsten Kukuk - Add missing recommends and split provides * Wed Nov 24 2021 Thorsten Kukuk - Use multibuild to build docu with correct paths and available features. * Mon Nov 22 2021 Thorsten Kukuk - common-session: move pam_systemd to first position as if the file would have been generated with pam-config- Add vendordir fixes and enhancements from upstream: - pam_xauth_data.3.xml.patch - 0001-Include-pam_xauth_data.3.xml-in-source-archive-400.patch - 0002-Only-include-vendordir-in-manual-page-if-set-401.patch - 0003-Use-vendor-specific-limits.conf-as-fallback-402.patch- For buggy bot: Makefile-pam_unix-nis.diff belonged to the other spec file. * Wed Nov 17 2021 Stanislav Brabec - Update pam-login_defs-check.sh regexp and login_defs-support-for-pam symbol to version 1.5.2 (new variable HMAC_CRYPTO_ALGO). * Tue Nov 02 2021 Callum Farmer - Add /run/pam_timestamp to pam.tmpfiles * Tue Oct 12 2021 Josef Möllers - Corrected macro definition of %_pam_moduledir: %_pam_moduledir %{_libdir}/security [macros.pam] * Wed Oct 06 2021 Josef Möllers - Prepend a slash to the expansion of %{_lib} in macros.pam as this are defined without a leading slash! * Wed Sep 15 2021 Thorsten Kukuk - Rename motd.tmpfiles to pam.tmpfiles - Add /run/faillock directory * Fri Sep 10 2021 Thorsten Kukuk - pam-login_defs-check.sh: adjust for new login.defs variable usages * Mon Sep 06 2021 Josef Möllers - Update to 1.5.2 Noteworthy changes in Linux-PAM 1.5.2: * pam_exec: implemented quiet_log option. * pam_mkhomedir: added support of HOME_MODE and UMASK from /etc/login.defs. * pam_timestamp: changed hmac algorithm to call openssl instead of the bundled sha1 implementation if selected, added option to select the hash algorithm to use with HMAC. * Added pkgconfig files for provided libraries. * Added --with-systemdunitdir configure option to specify systemd unit directory. * Added --with-misc-conv-bufsize configure option to specify the buffer size in libpam_misc\'s misc_conv() function, raised the default value for this parameter from 512 to 4096. * Multiple minor bug fixes, portability fixes, documentation improvements, and translation updates. pam_tally2 has been removed upstream, remove pam_tally2-removal.patch pam_cracklib has been removed from the upstream sources. This obsoletes pam-pam_cracklib-add-usersubstr.patch and pam_cracklib-removal.patch. The following patches have been accepted upstream and, so, are obsolete: - pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch - pam_securetty-don-t-complain-about-missing-config.patch - bsc1184358-prevent-LOCAL-from-being-resolved.patch - revert-check_shadow_expiry.diff [Linux-PAM-1.5.2-docs.tar.xz, Linux-PAM-1.5.2-docs.tar.xz.asc, Linux-PAM-1.5.2.tar.xz, Linux-PAM-1.5.2.tar.xz.asc, pam-pam_cracklib-add-usersubstr.patch, pam_cracklib-removal.patch, pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch, pam_securetty-don-t-complain-about-missing-config.patch, bsc1184358-prevent-LOCAL-from-being-resolved.patch, revert-check_shadow_expiry.diff] * Thu Aug 12 2021 Thorsten Kukuk - pam_umask-usergroups-login_defs.patch: Deprecate pam_umask explicit \"usergroups\" option and instead read it from login.def\'s \"USERGROUP_ENAB\" option if umask is only defined there. [bsc#1189139] * Tue Aug 03 2021 pgajdosAATTsuse.com- package man5/motd.5 as a man-pages link to man8/pam_motd.8 [bsc#1188724] * Tue Jul 13 2021 Thorsten Kukuk - revert-check_shadow_expiry.diff: revert wrong CRYPT_SALT_METHOD_LEGACY check. * Fri Jun 25 2021 Callum Farmer - Create /run/motd.d * Wed Jun 09 2021 Ludwig Nussel - Remove legacy pre-usrmerge compat code (removed pam-usrmerge.diff)- Backport patch to not install /usr/etc/securetty (boo#1033626) ie no distro defaults and don\'t complain about it missing (pam_securetty-don-t-complain-about-missing-config.patch)- add debug bcond to be able to build pam with debug output easily- add macros file to allow other packages to stop hardcoding directory names. Compatible with Fedora. * Mon May 10 2021 Josef Möllers - In the 32-bit compatibility package for 64-bit architectures, require \"systemd-32bit\" to be also installed as it contains pam_systemd.so for 32 bit applications. [bsc#1185562, baselibs.conf] * Wed Apr 07 2021 Josef Möllers - If \"LOCAL\" is configured in access.conf, and a login attempt from a remote host is made, pam_access tries to resolve \"LOCAL\" as a hostname and logs a failure. Checking explicitly for \"LOCAL\" and rejecting access in this case resolves this issue. [bsc#1184358, bsc1184358-prevent-LOCAL-from-being-resolved.patch] * Wed Mar 31 2021 Josef Möllers - pam_limits: \"unlimited\" is not a legitimate value for \"nofile\" (see setrlimit(2)). So, when \"nofile\" is set to one of the \"unlimited\" values, it is set to the contents of \"/proc/sys/fs/nr_open\" instead. Also changed the manpage of pam_limits to express this. [bsc#1181443, pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch] * Thu Feb 18 2021 Thorsten Kukuk - Add missing conflicts for pam_unix-nis * Tue Feb 16 2021 Thorsten Kukuk - Split out pam_unix module and build without NIS support
|
|
|