- Rename motd.tmpfiles to pam.tmpfiles
- Add /run/faillock directory
- pam-login_defs-check.sh: adjust for new login.defs variable usages
- Update to 1.5.2
Noteworthy changes in Linux-PAM 1.5.2:
* pam_exec: implemented quiet_log option.
* pam_mkhomedir: added support of HOME_MODE and UMASK from
/etc/login.defs.
* pam_timestamp: changed hmac algorithm to call openssl instead
of the bundled sha1 implementation if selected, added option
to select the hash algorithm to use with HMAC.
* Added pkgconfig files for provided libraries.
* Added --with-systemdunitdir configure option to specify systemd
unit directory.
* Added --with-misc-conv-bufsize configure option to specify the
buffer size in libpam_misc's misc_conv() function, raised the
default value for this parameter from 512 to 4096.
* Multiple minor bug fixes, portability fixes, documentation
improvements, and translation updates.
pam_tally2 has been removed upstream, remove pam_tally2-removal.patch
pam_cracklib has been removed from the upstream sources. This
obsoletes pam-pam_cracklib-add-usersubstr.patch and
pam_cracklib-removal.patch.
The following patches have been accepted upstream and, so,
are obsolete:
- pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch
- pam_securetty-don-t-complain-about-missing-config.patch
- bsc1184358-prevent-LOCAL-from-being-resolved.patch
OBS-URL: https://build.opensuse.org/request/show/919240
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam?expand=0&rev=116
- Remove legacy pre-usrmerge compat code (removed pam-usrmerge.diff)
- Backport patch to not install /usr/etc/securetty (boo#1033626) ie
no distro defaults and don't complain about it missing
(pam_securetty-don-t-complain-about-missing-config.patch)
- add debug bcond to be able to build pam with debug output easily
- add macros file to allow other packages to stop hardcoding
directory names. Compatible with Fedora.
- Remove usrmerged conditional as it's now the default
OBS-URL: https://build.opensuse.org/request/show/903070
OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=241
- pam_unix: fixed CVE-2020-27780 - authentication bypass when a user
doesn't exist and root password is blank [bsc#1179166]
- pam_faillock: added nodelay option to not set pam_fail_delay
- pam_wheel: use pam_modutil_user_in_group to check for the group membership
with getgrouplist where it is available
OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=229
- Update to 1.5.0
- obsoletes pam-bsc1178727-initialize-daysleft.patch
- Multiple minor bug fixes, portability fixes, and documentation improvements.
- Extended libpam API with pam_modutil_check_user_in_passwd function.
- pam_faillock: changed /run/faillock/$USER permissions from 0600 to 0660.
- pam_motd: read motd files with target user credentials skipping unreadable ones.
- pam_pwhistory: added a SELinux helper executable.
- pam_unix, pam_usertype: implemented avoidance of certain timing attacks.
- pam_wheel: implemented PAM_RUSER fallback for the case when getlogin fails.
- pam_env: Reading of the user environment is deprecated and will be removed
at some point in the future.
- libpam: pam_modutil_drop_priv() now correctly sets the target user's
supplementary groups, allowing pam_motd to filter messages accordingly
- Refresh pam-xauth_ownership.patch
- pam_tally2-removal.patch: Re-add pam_tally2 for deprecated sub-package
- pam_cracklib-removal.patch: Re-add pam_cracklib for deprecated sub-package
- pam_cracklib: added code to check whether the password contains
a substring of of the user's name of at least <N> characters length
in some form.
This is enabled by the new parameter "usersubstr=<N>"
See bfef79dbe6
[jsc#SLE-16719, jsc#SLE-16720, pam-pam_cracklib-add-usersubstr.patch]
- pam_xauth.c: do not free() a string which has been (successfully)
passed to putenv().
[bsc#1177858, pam-bsc1177858-dont-free-environment-string.patch]
- Initialize pam_unix pam_sm_acct_mgmt() local variable "daysleft"
to avoid spurious (and misleading)
OBS-URL: https://build.opensuse.org/request/show/849468
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam?expand=0&rev=107
- obsoletes pam-bsc1178727-initialize-daysleft.patch
- Multiple minor bug fixes, portability fixes, and documentation improvements.
- Extended libpam API with pam_modutil_check_user_in_passwd function.
- pam_faillock: changed /run/faillock/$USER permissions from 0600 to 0660.
- pam_motd: read motd files with target user credentials skipping unreadable ones.
- pam_pwhistory: added a SELinux helper executable.
- pam_unix, pam_usertype: implemented avoidance of certain timing attacks.
- pam_wheel: implemented PAM_RUSER fallback for the case when getlogin fails.
- pam_env: Reading of the user environment is deprecated and will be removed
at some point in the future.
- libpam: pam_modutil_drop_priv() now correctly sets the target user's
supplementary groups, allowing pam_motd to filter messages accordingly
- Refresh pam-xauth_ownership.patch
- pam_tally2-removal.patch: Re-add pam_tally2 for deprecated sub-package
- pam_cracklib-removal.patch: Re-add pam_cracklib for deprecated sub-package
OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=228
- Enable pam_faillock [bnc#1171562]
- /usr/bin/xauth chokes on the old user's $HOME being on an NFS
file system. Run /usr/bin/xauth using the old user's uid/gid
Patch courtesy of Dr. Werner Fink.
[bsc#1174593, pam-xauth_ownership.patch]
- pam-login_defs-check.sh: Fix the regexp to get a real variable
list (boo#1164274).
- Revert the previous change [SR#815713].
The group is not necessary for PAM functionality but used only
during testing. The test system should therefore create this group.
[bsc#1171016, pam.spec]
- Add requirement for group "wheel" to spec file.
[bsc#1171016, pam.spec]
OBS-URL: https://build.opensuse.org/request/show/847481
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam?expand=0&rev=105
- Update to final 1.4.0 release
- includes pam-check-user-home-dir.patch
- obsoletes fix-man-links.dif
- common-password: remove pam_cracklib, as that is deprecated.
- pam_setquota.so:
When setting quota, don't apply any quota if the user's $HOME is
a mountpoint (ie the user has a partition of his/her own).
[bsc#1171721, pam-check-user-home-dir.patch]
- Update to current Linux-PAM snapshot
- pam_tally* and pam_cracklib got deprecated
- Disable pam_faillock and pam_setquota until they are whitelisted
- Adapted patch pam-hostnames-in-access_conf.patch for new version
New version obsoleted patch use-correct-IP-address.patch
[pam-hostnames-in-access_conf.patch,
use-correct-IP-address.patch]
- Update to current Linux-PAM snapshot
- Obsoletes pam_namespace-systemd.diff
- Update to current Linux-PAM snapshot
- Add pam_faillock
- Multiple minor bug fixes and documentation improvements
- Fixed grammar of messages printed via pam_prompt
- Added support for a vendor directory and libeconf
- configure: Allowed disabling documentation through --disable-doc
- pam_get_authtok_verify: Avoid duplicate password verification
OBS-URL: https://build.opensuse.org/request/show/812631
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam?expand=0&rev=102
