- Update to 1.5.0
- obsoletes pam-bsc1178727-initialize-daysleft.patch
- Multiple minor bug fixes, portability fixes, and documentation improvements.
- Extended libpam API with pam_modutil_check_user_in_passwd function.
- pam_faillock: changed /run/faillock/$USER permissions from 0600 to 0660.
- pam_motd: read motd files with target user credentials skipping unreadable ones.
- pam_pwhistory: added a SELinux helper executable.
- pam_unix, pam_usertype: implemented avoidance of certain timing attacks.
- pam_wheel: implemented PAM_RUSER fallback for the case when getlogin fails.
- pam_env: Reading of the user environment is deprecated and will be removed
at some point in the future.
- libpam: pam_modutil_drop_priv() now correctly sets the target user's
supplementary groups, allowing pam_motd to filter messages accordingly
- Refresh pam-xauth_ownership.patch
- pam_tally2-removal.patch: Re-add pam_tally2 for deprecated sub-package
- pam_cracklib-removal.patch: Re-add pam_cracklib for deprecated sub-package
- pam_cracklib: added code to check whether the password contains
a substring of of the user's name of at least <N> characters length
in some form.
This is enabled by the new parameter "usersubstr=<N>"
See bfef79dbe6
[jsc#SLE-16719, jsc#SLE-16720, pam-pam_cracklib-add-usersubstr.patch]
- pam_xauth.c: do not free() a string which has been (successfully)
passed to putenv().
[bsc#1177858, pam-bsc1177858-dont-free-environment-string.patch]
- Initialize pam_unix pam_sm_acct_mgmt() local variable "daysleft"
to avoid spurious (and misleading)
OBS-URL: https://build.opensuse.org/request/show/849468
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam?expand=0&rev=107
- obsoletes pam-bsc1178727-initialize-daysleft.patch
- Multiple minor bug fixes, portability fixes, and documentation improvements.
- Extended libpam API with pam_modutil_check_user_in_passwd function.
- pam_faillock: changed /run/faillock/$USER permissions from 0600 to 0660.
- pam_motd: read motd files with target user credentials skipping unreadable ones.
- pam_pwhistory: added a SELinux helper executable.
- pam_unix, pam_usertype: implemented avoidance of certain timing attacks.
- pam_wheel: implemented PAM_RUSER fallback for the case when getlogin fails.
- pam_env: Reading of the user environment is deprecated and will be removed
at some point in the future.
- libpam: pam_modutil_drop_priv() now correctly sets the target user's
supplementary groups, allowing pam_motd to filter messages accordingly
- Refresh pam-xauth_ownership.patch
- pam_tally2-removal.patch: Re-add pam_tally2 for deprecated sub-package
- pam_cracklib-removal.patch: Re-add pam_cracklib for deprecated sub-package
OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=228
- Enable pam_faillock [bnc#1171562]
- /usr/bin/xauth chokes on the old user's $HOME being on an NFS
file system. Run /usr/bin/xauth using the old user's uid/gid
Patch courtesy of Dr. Werner Fink.
[bsc#1174593, pam-xauth_ownership.patch]
- pam-login_defs-check.sh: Fix the regexp to get a real variable
list (boo#1164274).
- Revert the previous change [SR#815713].
The group is not necessary for PAM functionality but used only
during testing. The test system should therefore create this group.
[bsc#1171016, pam.spec]
- Add requirement for group "wheel" to spec file.
[bsc#1171016, pam.spec]
OBS-URL: https://build.opensuse.org/request/show/847481
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam?expand=0&rev=105
- Update to final 1.4.0 release
- includes pam-check-user-home-dir.patch
- obsoletes fix-man-links.dif
- common-password: remove pam_cracklib, as that is deprecated.
- pam_setquota.so:
When setting quota, don't apply any quota if the user's $HOME is
a mountpoint (ie the user has a partition of his/her own).
[bsc#1171721, pam-check-user-home-dir.patch]
- Update to current Linux-PAM snapshot
- pam_tally* and pam_cracklib got deprecated
- Disable pam_faillock and pam_setquota until they are whitelisted
- Adapted patch pam-hostnames-in-access_conf.patch for new version
New version obsoleted patch use-correct-IP-address.patch
[pam-hostnames-in-access_conf.patch,
use-correct-IP-address.patch]
- Update to current Linux-PAM snapshot
- Obsoletes pam_namespace-systemd.diff
- Update to current Linux-PAM snapshot
- Add pam_faillock
- Multiple minor bug fixes and documentation improvements
- Fixed grammar of messages printed via pam_prompt
- Added support for a vendor directory and libeconf
- configure: Allowed disabling documentation through --disable-doc
- pam_get_authtok_verify: Avoid duplicate password verification
OBS-URL: https://build.opensuse.org/request/show/812631
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam?expand=0&rev=102
- Multiple minor bug fixes and documentation improvements
- Fixed grammar of messages printed via pam_prompt
- Added support for a vendor directory and libeconf
- configure: Allowed disabling documentation through --disable-doc
- pam_get_authtok_verify: Avoid duplicate password verification
- pam_env: Changed the default to not read the user .pam_environment file
- pam_group, pam_time: Fixed logical error with multiple ! operators
- pam_keyinit: In pam_sm_setcred do the same as in pam_sm_open_session
- pam_lastlog: Do not log info about failed login if the session was opened
with PAM_SILENT flag
- pam_lastlog: Limit lastlog file use by LASTLOG_UID_MAX option in login.defs
- pam_lastlog: With 'unlimited' option prevent SIGXFSZ due to reduced 'fsize'
limit
- pam_motd: Export MOTD_SHOWN=pam after showing MOTD
- pam_motd: Support multiple motd paths specified, with filename overrides
- pam_namespace: Added a systemd service, which creates the namespaced
instance parent directories during boot
- pam_namespace: Support for noexec, nosuid and nodev flags for tmpfs mounts
- pam_shells: Recognize /bin/sh as the default shell
- pam_succeed_if: Support lists in group membership checks
- pam_tty_audit: If kernel audit is disabled return PAM_IGNORE
- pam_umask: Added new 'nousergroups' module argument and allowed specifying
the default for usergroups at build-time
- pam_unix: Added 'nullresetok' option to allow resetting blank passwords
- pam_unix: Report unusable hashes found by checksalt to syslog
- pam_unix: Support for (gost-)yescrypt hashing methods
- pam_unix: Use bcrypt b-variant when it bcrypt is chosen
- pam_usertype: New module to tell if uid is in login.defs ranges
- Added new API call pam_start_confdir() for special applications that
OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=208
- Update to version 1.3.1+git20190923.ea78d67:
* Fixed missing quotes in configure script
* Add support for a vendor directory and libeconf (#136)
* pam_lastlog: document the 'unlimited' option
* pam_lastlog: prevent crash due to reduced 'fsize' limit
* pam_unix_sess.c add uid for opening session
* Fix the man page for "pam_fail_delay()"
* Fix a typo
* Update a function comment
- drop usr-etc-support.patch (accepted upstream)
- Add migration support from /etc to /usr/etc during upgrade
- Update to version 1.3.1+git20190902.9de67ee:
* pwhistory: fix read of uninitialized data and memory leak when modifying opasswd
- Update to version 1.3.1+git20190826.1b087ed:
* libpam/pam_modutil_sanitize.c: optimize the way to close fds
OBS-URL: https://build.opensuse.org/request/show/733118
OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=195
- encryption_method_nis.diff: obsolete, NIS clients shouldn't
require DES anymore.
- etc.environment: removed, the sources contain the same
- Update to version 1.3.1+git20190807.e31dd6c:
* pam_tty_audit: Manual page clarification about password logging
* pam_get_authtok_verify: Avoid duplicate password verification
* Mention that ./autogen.sh is needeed to be run if you check out the sources from git
* pam_unix: Correct MAXPASS define name in the previous two commits.
* Restrict password length when changing password
* Trim password at PAM_MAX_RESP_SIZE chars
* pam_succeed_if: Request user data only when needed
* pam_tally2: Remove unnecessary fsync()
* Fixed a grammer mistake
* Fix documentation for pam_wheel
* Fix a typo in the documentation
* pam_lastlog: Improve silent option documentation
* pam_lastlog: Respect PAM_SILENT flag
* Fix regressions from the last commits.
* Replace strndupa with strncpy
* build: ignore pam_lastlog when logwtmp is not available.
* build: ignore pam_rhosts if neither ruserok nor ruserok_af is available.
* pam_motd: Cleanup the code and avoid unnecessary logging
* pam_lastlog: Limit lastlog file use by LASTLOG_UID_MAX option in login.defs.
* Move the duplicated search_key function to pam_modutil.
* pam_unix: Use pam_syslog instead of helper_log_err.
* pam_unix: Report unusable hashes found by checksalt to syslog.
* Revert "pam_unix: Add crypt_default method, if supported."
* pam_unix: Add crypt_default method, if supported.
* Revert part of the commit 4da9febc
OBS-URL: https://build.opensuse.org/request/show/724569
OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=191
