* build: enabled vendordir by default.
* pam_access: fixed stack overflow with huge configuration files.
* pam_env: enhanced error diagnostics when ignoring backslash at end of string.
* pam_faillock: skip clearing user's failed attempt when auth stack is not run.
* pam_mkhomedir: added support for vendordir skeleton directory.
* pam_unix: added support for pwaccessd.
* pam_unix: added support for PAM_CHANGE_EXPIRED_AUTHTOK.
* pam_unix: fixed password expiration warnings for large day values.
* pam_unix: hardened temporary file handling.
* Multiple minor bug fixes, build fixes, portability fixes,
documentation improvements, and translation updates.
OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=315
- hardcode disabling elogind, meson detection is unreliable in OBS
- Update to version 1.7.1
- pam_access: do not resolve ttys or display variables as hostnames.
- pam_access: added "nodns" option to disallow resolving of tokens
as hostnames (CVE-2024-10963).
- pam_limits: added support for rttime (RLIMIT_RTTIME).
- pam_namespace: fixed potential privilege escalation (CVE-2025-6020).
- meson: added support of elogind as a logind provider.
- Multiple minor bug fixes, build fixes, portability fixes,
documentation improvements, and translation updates.
- pam_access-rework-resolving-of-tokens-as-hostname.patch got obsoleted
OBS-URL: https://build.opensuse.org/request/show/1286682
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam?expand=0&rev=145
- pam_access: do not resolve ttys or display variables as hostnames.
- pam_access: added "nodns" option to disallow resolving of tokens
as hostnames (CVE-2024-10963).
- pam_limits: added support for rttime (RLIMIT_RTTIME).
- pam_namespace: fixed potential privilege escalation (CVE-2025-6020).
- meson: added support of elogind as a logind provider.
- Multiple minor bug fixes, build fixes, portability fixes,
documentation improvements, and translation updates.
- pam_access-rework-resolving-of-tokens-as-hostname.patch got obsoleted
OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=307
- Update to version 1.7.0
- build: changed build system from autotools to meson.
- libpam_misc: use ECHOCTL in the terminal input
- pam_access: support UID and GID in access.conf
- pam_env: install environment file in vendordir if vendordir is enabled
- pam_issue: only count class user if logind support is enabled
- pam_limits: use systemd-logind instead of utmp if logind support is enabled
- pam_unix: compare password hashes in constant time
- Multiple minor bug fixes, build fixes, portability fixes,
documentation improvements, and translation updates.
- Drop upstream patches:
- pam-bsc1194818-cursor-escape.patch
- pam_limits-systemd.patch
- pam_issue-systemd.patch
OBS-URL: https://build.opensuse.org/request/show/1218049
OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=302
- baselibs.conf: add pam-userdb
- pam_limits-systemd.patch: update to final PR
- Add systemd-logind support to pam_limits (pam_limits-systemd.patch)
- Remove /usr/etc/pam.d, everything should be migrated
- Remove pam_limits from default common-sessions* files. pam_limits
is now part of pam-extra and not in our default generated config.
- pam_issue-systemd.patch: only count class user sessions
OBS-URL: https://build.opensuse.org/request/show/1200265
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam?expand=0&rev=141
- Add post 1.6.0 release fixes for pam_env and pam_unix:
- pam_env-fix-enable-vendordir-fallback.patch
- pam_env-fix_vendordir.patch
- pam_env-remove-escaped-newlines.patch
- pam_unix-fix-password-aging-disabled.patch
- Update to version 1.6.0
- Added support of configuration files with arbitrarily long lines.
- build: fixed build outside of the source tree.
- libpam: added use of getrandom(2) as a source of randomness if available.
- libpam: fixed calculation of fail delay with very long delays.
- libpam: fixed potential infinite recursion with includes.
- libpam: implemented string to number conversions validation when parsing
controls in configuration.
- pam_access: added quiet_log option.
- pam_access: fixed truncation of very long group names.
- pam_canonicalize_user: new module to canonicalize user name.
- pam_echo: fixed file handling to prevent overflows and short reads.
- pam_env: added support of '\' character in environment variable values.
- pam_exec: allowed expose_authtok for password PAM_TYPE.
- pam_exec: fixed stack overflow with binary output of programs.
- pam_faildelay: implemented parameter ranges validation.
- pam_listfile: changed to treat \r and \n exactly the same in configuration.
- pam_mkhomedir: hardened directory creation against timing attacks.
- Please note that using *at functions leads to more open file handles
during creation.
- pam_namespace: fixed potential local DoS (CVE-2024-22365).
- pam_nologin: fixed file handling to prevent short reads.
- pam_pwhistory: helper binary is now built only if SELinux support is
enabled.
- pam_pwhistory: implemented reliable usernames handling when remembering
OBS-URL: https://build.opensuse.org/request/show/1139944
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam?expand=0&rev=134
