openSUSE Build Service

Dominique Leuenberger (dimstar_suse) accepted request 984917 from

Factory Maintainer (factory-maintainer) over 2 years ago (revision 122)

Automatic submission by obs-autosubmit

Dominique Leuenberger (dimstar_suse) accepted request 961066 from

Thorsten Kukuk (kukuk) over 2 years ago (revision 121)

Dominique Leuenberger (dimstar_suse) accepted request 940244 from

Thorsten Kukuk (kukuk) almost 3 years ago (revision 120)

- Drop pam_umask-usergroups-login_defs.patch, does more harm
  than helps. If not explizit specified as module option, we
  use UMASK from login.defs unmodified. (forwarded request 940243 from kukuk)

Dominique Leuenberger (dimstar_suse) accepted request 934494 from

Thorsten Kukuk (kukuk) almost 3 years ago (revision 119)

Dominique Leuenberger (dimstar_suse) accepted request 932273 from

Thorsten Kukuk (kukuk) about 3 years ago (revision 118)

Dominique Leuenberger (dimstar_suse) accepted request 928945 from

Josef Möllers (jmoellers) about 3 years ago (revision 117)

Dominique Leuenberger (dimstar_suse) accepted request 919240 from

Thorsten Kukuk (kukuk) about 3 years ago (revision 116)

- Rename motd.tmpfiles to pam.tmpfiles
  - Add /run/faillock directory

- pam-login_defs-check.sh: adjust for new login.defs variable usages

- Update to 1.5.2
  Noteworthy changes in Linux-PAM 1.5.2:
  * pam_exec: implemented quiet_log option.
  * pam_mkhomedir: added support of HOME_MODE and UMASK from
    /etc/login.defs.
  * pam_timestamp: changed hmac algorithm to call openssl instead
    of the bundled sha1 implementation if selected, added option
    to select the hash algorithm to use with HMAC.
  * Added pkgconfig files for provided libraries.
  * Added --with-systemdunitdir configure option to specify systemd
    unit directory.
  * Added --with-misc-conv-bufsize configure option to specify the
    buffer size in libpam_misc's misc_conv() function, raised the
    default value for this parameter from 512 to 4096.
  * Multiple minor bug fixes, portability fixes, documentation
    improvements, and translation updates.
  pam_tally2 has been removed upstream, remove pam_tally2-removal.patch
  pam_cracklib has been removed from the upstream sources. This
  obsoletes pam-pam_cracklib-add-usersubstr.patch and
  pam_cracklib-removal.patch.
  The following patches have been accepted upstream and, so,
  are obsolete:
  - pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch
  - pam_securetty-don-t-complain-about-missing-config.patch
  - bsc1184358-prevent-LOCAL-from-being-resolved.patch

Richard Brown (RBrownSUSE) accepted request 911843 from

Thorsten Kukuk (kukuk) over 3 years ago (revision 115)

- pam_umask-usergroups-login_defs.patch: Deprecate pam_umask
  explicit "usergroups" option and instead read it from login.def's
  "USERGROUP_ENAB" option if umask is only defined there.
  [bsc#1189139]

- package man5/motd.5 as a man-pages link to man8/pam_motd.8
  [bsc#1188724]

Dominique Leuenberger (dimstar_suse) accepted request 906153 from

Thorsten Kukuk (kukuk) over 3 years ago (revision 114)

Requested by dimstar

Dominique Leuenberger (dimstar_suse) accepted request 902310 from

Josef Möllers (jmoellers) over 3 years ago (revision 113)

- Create /run/motd.d (forwarded request 902295 from gmbr3)

Dominique Leuenberger (dimstar_suse) accepted request 899928 from

Josef Möllers (jmoellers) over 3 years ago (revision 112)

Dominique Leuenberger (dimstar_suse) accepted request 883611 from

Thorsten Kukuk (kukuk) over 3 years ago (revision 111)

Richard Brown (RBrownSUSE) accepted request 873577 from

Thorsten Kukuk (kukuk) almost 4 years ago (revision 110)

- Add missing conflicts for pam_unix-nis

- Split out pam_unix module and build without NIS support


- Add missing conflicts for pam_unix 

- Fix split provides and BuildRequires 
- Makefile-pam_unix-nis.diff: Link pam_unix-nis.so against outside
  pam library

- standalone pam_unix with NIS support

Dominique Leuenberger (dimstar_suse) accepted request 856633 from

Thorsten Kukuk (kukuk) almost 4 years ago (revision 109)

Dominique Leuenberger (dimstar_suse) accepted request 851278 from

Thorsten Kukuk (kukuk) almost 4 years ago (revision 108)

- Update to 1.5.1
  - pam_unix: fixed CVE-2020-27780 - authentication bypass when a user
    doesn't exist and root password is blank [bsc#1179166]
  - pam_faillock: added nodelay option to not set pam_fail_delay
  - pam_wheel: use pam_modutil_user_in_group to check for the group membership
    with getgrouplist where it is available

Dominique Leuenberger (dimstar_suse) accepted request 849468 from

Thorsten Kukuk (kukuk) about 4 years ago (revision 107)

- Update to 1.5.0
  - obsoletes pam-bsc1178727-initialize-daysleft.patch
  - Multiple minor bug fixes, portability fixes, and documentation improvements.
  - Extended libpam API with pam_modutil_check_user_in_passwd function.
  - pam_faillock: changed /run/faillock/$USER permissions from 0600 to 0660.
  - pam_motd: read motd files with target user credentials skipping unreadable ones.
  - pam_pwhistory: added a SELinux helper executable.
  - pam_unix, pam_usertype: implemented avoidance of certain timing attacks.
  - pam_wheel: implemented PAM_RUSER fallback for the case when getlogin fails.
  - pam_env: Reading of the user environment is deprecated and will be removed
             at some point in the future.
  - libpam: pam_modutil_drop_priv() now correctly sets the target user's
    supplementary groups, allowing pam_motd to filter messages accordingly
- Refresh pam-xauth_ownership.patch
- pam_tally2-removal.patch: Re-add pam_tally2 for deprecated sub-package
- pam_cracklib-removal.patch: Re-add pam_cracklib for deprecated sub-package

- pam_cracklib: added code to check whether the password contains
  a substring of of the user's name of at least <N> characters length
  in some form.
  This is enabled by the new parameter "usersubstr=<N>"
  See https://github.com/libpwquality/libpwquality/commit/bfef79dbe6aa525e9557bf4b0a61e6dde12749c4
  [jsc#SLE-16719, jsc#SLE-16720, pam-pam_cracklib-add-usersubstr.patch]

- pam_xauth.c: do not free() a string which has been (successfully)
  passed to putenv().
  [bsc#1177858, pam-bsc1177858-dont-free-environment-string.patch]

- Initialize pam_unix pam_sm_acct_mgmt() local variable "daysleft"
  to avoid spurious (and misleading)

Dominique Leuenberger (dimstar_suse) committed about 4 years ago (revision 106)

https://bugzilla.opensuse.org/show_bug.cgi?id=1177858

Dominique Leuenberger (dimstar_suse) accepted request 847481 from

Thorsten Kukuk (kukuk) about 4 years ago (revision 105)

- Enable pam_faillock [bnc#1171562]

- /usr/bin/xauth chokes on the old user's $HOME being on an NFS
  file system. Run /usr/bin/xauth using the old user's uid/gid
  Patch courtesy of Dr. Werner Fink.
  [bsc#1174593, pam-xauth_ownership.patch]

- pam-login_defs-check.sh: Fix the regexp to get a real variable
  list (boo#1164274).

- Revert the previous change [SR#815713].
  The group is not necessary for PAM functionality but used only
  during testing. The test system should therefore create this group.
  [bsc#1171016, pam.spec]

- Add requirement for group "wheel" to spec file.
  [bsc#1171016, pam.spec]

Dominique Leuenberger (dimstar_suse) committed about 4 years ago (revision 104)

Revert: https://bugzilla.opensuse.org/show_bug.cgi?id=1177858

Dominique Leuenberger (dimstar_suse) accepted request 840210 from

Josef Möllers (jmoellers) about 4 years ago (revision 103)

Places

Revisions of pam

Places