SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for pam-1.5.2-2.5.x86_64.rpm :

* Fri Jun 17 2022 Thorsten Kukuk - Keep old directory in filelist for migration
* Wed Jun 01 2022 Thorsten Kukuk - Move PAM config files from /usr/etc/pam.d to /usr/lib/pam.d
* Fri Mar 11 2022 Thorsten Kukuk - pam-hostnames-in-access_conf.patch: update with upstream submission. Fixes several bugs including memory leaks.
* Wed Feb 09 2022 Thorsten Kukuk - Move group.conf and faillock.conf to /usr/etc/security
* Mon Feb 07 2022 Thorsten Kukuk - Update to current git for enhanced vendordir support (pam-git.diff) Obsoletes: - 0001-Include-pam_xauth_data.3.xml-in-source-archive-400.patch - 0002-Only-include-vendordir-in-manual-page-if-set-401.patch - 0003-Use-vendor-specific-limits.conf-as-fallback-402.patch
* Mon Dec 13 2021 Thorsten Kukuk - Drop pam_umask-usergroups-login_defs.patch, does more harm than helps. If not explizit specified as module option, we use UMASK from login.defs unmodified.
* Thu Nov 25 2021 Thorsten Kukuk - Don\'t define doc/manpages packages in main build
* Wed Nov 24 2021 Thorsten Kukuk - Add missing recommends and split provides
* Wed Nov 24 2021 Thorsten Kukuk - Use multibuild to build docu with correct paths and available features.
* Mon Nov 22 2021 Thorsten Kukuk - common-session: move pam_systemd to first position as if the file would have been generated with pam-config- Add vendordir fixes and enhancements from upstream: - pam_xauth_data.3.xml.patch - 0001-Include-pam_xauth_data.3.xml-in-source-archive-400.patch - 0002-Only-include-vendordir-in-manual-page-if-set-401.patch - 0003-Use-vendor-specific-limits.conf-as-fallback-402.patch- For buggy bot: Makefile-pam_unix-nis.diff belonged to the other spec file.
* Wed Nov 17 2021 Stanislav Brabec - Update pam-login_defs-check.sh regexp and login_defs-support-for-pam symbol to version 1.5.2 (new variable HMAC_CRYPTO_ALGO).
* Tue Nov 02 2021 Callum Farmer - Add /run/pam_timestamp to pam.tmpfiles
* Tue Oct 12 2021 Josef Möllers - Corrected macro definition of %_pam_moduledir: %_pam_moduledir %{_libdir}/security [macros.pam]
* Wed Oct 06 2021 Josef Möllers - Prepend a slash to the expansion of %{_lib} in macros.pam as this are defined without a leading slash!
* Wed Sep 15 2021 Thorsten Kukuk - Rename motd.tmpfiles to pam.tmpfiles - Add /run/faillock directory
* Fri Sep 10 2021 Thorsten Kukuk - pam-login_defs-check.sh: adjust for new login.defs variable usages
* Mon Sep 06 2021 Josef Möllers - Update to 1.5.2 Noteworthy changes in Linux-PAM 1.5.2:
* pam_exec: implemented quiet_log option.
* pam_mkhomedir: added support of HOME_MODE and UMASK from /etc/login.defs.
* pam_timestamp: changed hmac algorithm to call openssl instead of the bundled sha1 implementation if selected, added option to select the hash algorithm to use with HMAC.
* Added pkgconfig files for provided libraries.
* Added --with-systemdunitdir configure option to specify systemd unit directory.
* Added --with-misc-conv-bufsize configure option to specify the buffer size in libpam_misc\'s misc_conv() function, raised the default value for this parameter from 512 to 4096.
* Multiple minor bug fixes, portability fixes, documentation improvements, and translation updates. pam_tally2 has been removed upstream, remove pam_tally2-removal.patch pam_cracklib has been removed from the upstream sources. This obsoletes pam-pam_cracklib-add-usersubstr.patch and pam_cracklib-removal.patch. The following patches have been accepted upstream and, so, are obsolete: - pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch - pam_securetty-don-t-complain-about-missing-config.patch - bsc1184358-prevent-LOCAL-from-being-resolved.patch - revert-check_shadow_expiry.diff [Linux-PAM-1.5.2-docs.tar.xz, Linux-PAM-1.5.2-docs.tar.xz.asc, Linux-PAM-1.5.2.tar.xz, Linux-PAM-1.5.2.tar.xz.asc, pam-pam_cracklib-add-usersubstr.patch, pam_cracklib-removal.patch, pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch, pam_securetty-don-t-complain-about-missing-config.patch, bsc1184358-prevent-LOCAL-from-being-resolved.patch, revert-check_shadow_expiry.diff]
* Thu Aug 12 2021 Thorsten Kukuk - pam_umask-usergroups-login_defs.patch: Deprecate pam_umask explicit \"usergroups\" option and instead read it from login.def\'s \"USERGROUP_ENAB\" option if umask is only defined there. [bsc#1189139]
* Tue Aug 03 2021 pgajdosAATTsuse.com- package man5/motd.5 as a man-pages link to man8/pam_motd.8 [bsc#1188724]
* Tue Jul 13 2021 Thorsten Kukuk - revert-check_shadow_expiry.diff: revert wrong CRYPT_SALT_METHOD_LEGACY check.
* Fri Jun 25 2021 Callum Farmer - Create /run/motd.d
* Wed Jun 09 2021 Ludwig Nussel - Remove legacy pre-usrmerge compat code (removed pam-usrmerge.diff)- Backport patch to not install /usr/etc/securetty (boo#1033626) ie no distro defaults and don\'t complain about it missing (pam_securetty-don-t-complain-about-missing-config.patch)- add debug bcond to be able to build pam with debug output easily- add macros file to allow other packages to stop hardcoding directory names. Compatible with Fedora.
* Mon May 10 2021 Josef Möllers - In the 32-bit compatibility package for 64-bit architectures, require \"systemd-32bit\" to be also installed as it contains pam_systemd.so for 32 bit applications. [bsc#1185562, baselibs.conf]
* Wed Apr 07 2021 Josef Möllers - If \"LOCAL\" is configured in access.conf, and a login attempt from a remote host is made, pam_access tries to resolve \"LOCAL\" as a hostname and logs a failure. Checking explicitly for \"LOCAL\" and rejecting access in this case resolves this issue. [bsc#1184358, bsc1184358-prevent-LOCAL-from-being-resolved.patch]
* Wed Mar 31 2021 Josef Möllers - pam_limits: \"unlimited\" is not a legitimate value for \"nofile\" (see setrlimit(2)). So, when \"nofile\" is set to one of the \"unlimited\" values, it is set to the contents of \"/proc/sys/fs/nr_open\" instead. Also changed the manpage of pam_limits to express this. [bsc#1181443, pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch]
* Thu Feb 18 2021 Thorsten Kukuk - Add missing conflicts for pam_unix-nis
* Tue Feb 16 2021 Thorsten Kukuk - Split out pam_unix module and build without NIS support
* Fri Nov 27 2020 Thorsten Kukuk - Update to 1.5.1 - pam_unix: fixed CVE-2020-27780 - authentication bypass when a user doesn\'t exist and root password is blank [bsc#1179166] - pam_faillock: added nodelay option to not set pam_fail_delay - pam_wheel: use pam_modutil_user_in_group to check for the group membership with getgrouplist where it is available
* Thu Nov 26 2020 Ludwig Nussel - add macros.pam to abstract directory for pam modules
* Thu Nov 19 2020 Thorsten Kukuk - Update to 1.5.0 - obsoletes pam-bsc1178727-initialize-daysleft.patch - Multiple minor bug fixes, portability fixes, and documentation improvements. - Extended libpam API with pam_modutil_check_user_in_passwd function. - pam_faillock: changed /run/faillock/$USER permissions from 0600 to 0660. - pam_motd: read motd files with target user credentials skipping unreadable ones. - pam_pwhistory: added a SELinux helper executable. - pam_unix, pam_usertype: implemented avoidance of certain timing attacks. - pam_wheel: implemented PAM_RUSER fallback for the case when getlogin fails. - pam_env: Reading of the user environment is deprecated and will be removed at some point in the future. - libpam: pam_modutil_drop_priv() now correctly sets the target user\'s supplementary groups, allowing pam_motd to filter messages accordingly- Refresh pam-xauth_ownership.patch- pam_tally2-removal.patch: Re-add pam_tally2 for deprecated sub-package- pam_cracklib-removal.patch: Re-add pam_cracklib for deprecated sub-package
* Wed Nov 18 2020 Josef Möllers - pam_cracklib: added code to check whether the password contains a substring of of the user\'s name of at least characters length in some form. This is enabled by the new parameter \"usersubstr=\" See https://github.com/libpwquality/libpwquality/commit/bfef79dbe6aa525e9557bf4b0a61e6dde12749c4 [jsc#SLE-16719, jsc#SLE-16720, pam-pam_cracklib-add-usersubstr.patch]
* Wed Nov 18 2020 Josef Möllers - pam_xauth.c: do not free() a string which has been (successfully) passed to putenv(). [bsc#1177858, pam-bsc1177858-dont-free-environment-string.patch]
* Fri Nov 13 2020 Josef Möllers - Initialize pam_unix pam_sm_acct_mgmt() local variable \"daysleft\" to avoid spurious (and misleading) Warning: your password will expire in ... days. fixed upstream with commit db6b293046a [bsc#1178727, pam-bsc1178727-initialize-daysleft.patch]
* Tue Nov 10 2020 Thorsten Kukuk - Enable pam_faillock [bnc#1171562]
* Thu Oct 29 2020 Ludwig Nussel - prepare usrmerge (boo#1029961, pam-usrmerge.diff)
* Thu Oct 08 2020 Josef Möllers - /usr/bin/xauth chokes on the old user\'s $HOME being on an NFS file system. Run /usr/bin/xauth using the old user\'s uid/gid Patch courtesy of Dr. Werner Fink. [bsc#1174593, pam-xauth_ownership.patch]
* Thu Oct 08 2020 Stanislav Brabec - pam-login_defs-check.sh: Fix the regexp to get a real variable list (boo#1164274).
* Wed Jun 24 2020 Josef Möllers - Revert the previous change [SR#815713]. The group is not necessary for PAM functionality but used only during testing. The test system should therefore create this group. [bsc#1171016, pam.spec]
* Mon Jun 15 2020 Josef Möllers - Add requirement for group \"wheel\" to spec file. [bsc#1171016, pam.spec]
* Mon Jun 08 2020 Thorsten Kukuk - Update to final 1.4.0 release - includes pam-check-user-home-dir.patch - obsoletes fix-man-links.dif
* Mon Jun 08 2020 Thorsten Kukuk - common-password: remove pam_cracklib, as that is deprecated.
* Thu May 28 2020 Josef Möllers - pam_setquota.so: When setting quota, don\'t apply any quota if the user\'s $HOME is a mountpoint (ie the user has a partition of his/her own). [bsc#1171721, pam-check-user-home-dir.patch]
* Wed May 27 2020 Thorsten Kukuk - Update to current Linux-PAM snapshot - pam_tally
* and pam_cracklib got deprecated- Disable pam_faillock and pam_setquota until they are whitelisted
* Tue May 12 2020 Josef Möllers - Adapted patch pam-hostnames-in-access_conf.patch for new version New version obsoleted patch use-correct-IP-address.patch [pam-hostnames-in-access_conf.patch, use-correct-IP-address.patch]
* Tue May 12 2020 Thorsten Kukuk - Update to current Linux-PAM snapshot - Obsoletes pam_namespace-systemd.diff
* Tue May 12 2020 Thorsten Kukuk - Update to current Linux-PAM snapshot - Add pam_faillock - Multiple minor bug fixes and documentation improvements - Fixed grammar of messages printed via pam_prompt - Added support for a vendor directory and libeconf - configure: Allowed disabling documentation through --disable-doc - pam_get_authtok_verify: Avoid duplicate password verification - pam_env: Changed the default to not read the user .pam_environment file - pam_group, pam_time: Fixed logical error with multiple ! operators - pam_keyinit: In pam_sm_setcred do the same as in pam_sm_open_session - pam_lastlog: Do not log info about failed login if the session was opened with PAM_SILENT flag - pam_lastlog: Limit lastlog file use by LASTLOG_UID_MAX option in login.defs - pam_lastlog: With \'unlimited\' option prevent SIGXFSZ due to reduced \'fsize\' limit - pam_motd: Export MOTD_SHOWN=pam after showing MOTD - pam_motd: Support multiple motd paths specified, with filename overrides - pam_namespace: Added a systemd service, which creates the namespaced instance parent directories during boot - pam_namespace: Support for noexec, nosuid and nodev flags for tmpfs mounts - pam_shells: Recognize /bin/sh as the default shell - pam_succeed_if: Support lists in group membership checks - pam_tty_audit: If kernel audit is disabled return PAM_IGNORE - pam_umask: Added new \'nousergroups\' module argument and allowed specifying the default for usergroups at build-time - pam_unix: Added \'nullresetok\' option to allow resetting blank passwords - pam_unix: Report unusable hashes found by checksalt to syslog - pam_unix: Support for (gost-)yescrypt hashing methods - pam_unix: Use bcrypt b-variant when it bcrypt is chosen - pam_usertype: New module to tell if uid is in login.defs ranges - Added new API call pam_start_confdir() for special applications that cannot use the system-default PAM configuration paths and need to explicitly specify another path- pam_namespace-systemd.diff: fix path of pam_namespace.services
* Thu Apr 02 2020 Ludwig Nussel - own /usr/lib/motd.d/ so other packages can add files there
* Tue Mar 24 2020 Josef Möllers - Listed all manual pages seperately as pam_userdb.8 has been moved to pam-extra. Also %exclude %{_defaultdocdir}/pam as the docs are in a separate package. [pam.spec]
* Mon Mar 16 2020 Josef Möllers - pam_userdb moved to a new package pam-extra as pam-modules is obsolete and not part of SLE. [bsc#1166510, pam.spec]
* Thu Mar 12 2020 Josef Möllers - Removed pam_userdb from this package and moved to pam-modules. This removed the requirement for libdb. Also made \"xz\" required for all releases. Remove limits for nproc from /etc/security/limits.conf [bsc#1164562, bsc#1166510, bsc#1110700, pam.spec]
* Wed Feb 19 2020 kukukAATTsuse.de- Recommend login.defs only (no hard requirement)
* Tue Sep 24 2019 kukukAATTsuse.com- Update to version 1.3.1+git20190923.ea78d67:
* Fixed missing quotes in configure script
* Add support for a vendor directory and libeconf (#136)
* pam_lastlog: document the \'unlimited\' option
* pam_lastlog: prevent crash due to reduced \'fsize\' limit
* pam_unix_sess.c add uid for opening session
* Fix the man page for \"pam_fail_delay()\"
* Fix a typo
* Update a function comment- drop usr-etc-support.patch (accepted upstream)
* Thu Sep 05 2019 kukukAATTsuse.de- Add migration support from /etc to /usr/etc during upgrade
* Wed Sep 04 2019 kukukAATTsuse.com- Update to version 1.3.1+git20190902.9de67ee:
* pwhistory: fix read of uninitialized data and memory leak when modifying opasswd
* Tue Aug 27 2019 kukukAATTsuse.com- Update to version 1.3.1+git20190826.1b087ed:
* libpam/pam_modutil_sanitize.c: optimize the way to close fds
* Thu Aug 22 2019 Jan Engelhardt - Replace old $RPM_
* shell vars by macros.- Avoid unnecessary invocation of subshells.- Shorten recipe for constructing securetty contents on s390.
* Mon Aug 19 2019 kukukAATTsuse.de- usr-etc-support.patch: Add support for /usr/etc/pam.d
* Mon Aug 19 2019 kukukAATTsuse.de- encryption_method_nis.diff: obsolete, NIS clients shouldn\'t require DES anymore.- etc.environment: removed, the sources contain the same
* Mon Aug 19 2019 kukukAATTsuse.com- Update to version 1.3.1+git20190807.e31dd6c:
* pam_tty_audit: Manual page clarification about password logging
* pam_get_authtok_verify: Avoid duplicate password verification
* Mention that ./autogen.sh is needeed to be run if you check out the sources from git
* pam_unix: Correct MAXPASS define name in the previous two commits.
* Restrict password length when changing password
* Trim password at PAM_MAX_RESP_SIZE chars
* pam_succeed_if: Request user data only when needed
* pam_tally2: Remove unnecessary fsync()
* Fixed a grammer mistake
* Fix documentation for pam_wheel
* Fix a typo in the documentation
* pam_lastlog: Improve silent option documentation
* pam_lastlog: Respect PAM_SILENT flag
* Fix regressions from the last commits.
* Replace strndupa with strncpy
* build: ignore pam_lastlog when logwtmp is not available.
* build: ignore pam_rhosts if neither ruserok nor ruserok_af is available.
* pam_motd: Cleanup the code and avoid unnecessary logging
* pam_lastlog: Limit lastlog file use by LASTLOG_UID_MAX option in login.defs.
* Move the duplicated search_key function to pam_modutil.
* pam_unix: Use pam_syslog instead of helper_log_err.
* pam_unix: Report unusable hashes found by checksalt to syslog.
* Revert \"pam_unix: Add crypt_default method, if supported.\"
* pam_unix: Add crypt_default method, if supported.
* Revert part of the commit 4da9febc
* pam_unix: Add support for (gost-)yescrypt hashing methods.
* pam_unix: Fix closing curly brace. (#77)
* pam_unix: Add support for crypt_checksalt, if libcrypt supports it.
* pam_unix: Prefer a gensalt function, that supports auto entropy.
* pam_motd: Fix segmentation fault when no motd_dir specified (#76)
* pam_motd: Support multiple motd paths specified, with filename overrides (#69)
* pam_unix: Use bcrypt b-variant for computing new hashes.
* pam_tally, pam_tally2: fix grammar and spelling (#54)
* Fix grammar of messages printed via pam_prompt
* pam_stress: do not mark messages for translation
* pam_unix: remove obsolete _UNIX_AUTHTOK, _UNIX_OLD_AUTHTOK, and _UNIX_NEW_AUTHTOK macros
* pam_unix: remove obsolete _unix_read_password prototype
* Thu May 02 2019 sbrabecAATTsuse.com- Add virtual symbols for login.defs compatibility (bsc#1121197).- Add login.defs safety check pam-login_defs-check.sh (bsc#1121197).
* Thu Nov 15 2018 josef.moellersAATTsuse.com- When comparing an incoming IP address with an entry in access.conf that only specified a single host (ie no netmask), the incoming IP address was used rather than the IP address from access.conf, effectively comparing the incoming address with itself. (Also fixed a small typo while I was at it) {bsc#1115640, use-correct-IP-address.patch, CVE-2018-17953]
* Mon Oct 22 2018 josef.moellersAATTsuse.com- Upgrade to 1.3.1
* pam_motd: add support for a motd.d directory
* pam_umask: Fix documentation to align with order of loading umask
* pam_get_user.3: Fix missing word in documentation
* pam_tally2 --reset: avoid creating a missing tallylog file
* pam_mkhomedir: Allow creating parent of homedir under /
* access.conf.5: Add note about spaces around \':\'
* pam.8: Workaround formatting problem
* pam_unix: Check return value of malloc used for setcred data
* pam_cracklib: Drop unused prompt macros
* pam_tty_audit: Support matching users by uid range
* pam_access: support parsing files in /etc/security/access.d/
*.conf
* pam_localuser: Correct documentation
* pam_issue: Fix no prompting in parse escape codes mode
* Unification and cleanup of syslog log levels Also: removed nproc limit, referred to systemd instead. Patch5 (pam-fix-config-order-in-manpage.patch) not needed any more. [bsc#1112508, pam-fix-config-order-in-manpage.patch]
* Fri Aug 24 2018 psimonsAATTsuse.com- Add libdb as build-time dependency to enable pam_userdb module. This module is useful for implementing virtual user support for vsftpd and possibly other daemons, too. [bsc#929711, fate#322538]
* Fri Jul 13 2018 sbrabecAATTsuse.com- Install empty directory /etc/security/namespace.d for pam_namespace.so iscript.
* Thu May 03 2018 josef.moellersAATTsuse.com- pam_umask.8 needed to be patched as well. [bsc#1089884, pam-fix-config-order-in-manpage.patch]
* Wed May 02 2018 josef.moellersAATTsuse.com- Changed order of configuration files to reflect actual code. [bsc#1089884, pam-fix-config-order-in-manpage.patch]
* Thu Feb 22 2018 fvogtAATTsuse.com- Use %license (boo#1082318)
  
ICM