- Drop pam-xauth_ownership.patch, got fixed in sudo itself
- Drop pam-bsc1177858-dont-free-environment-string.patch, was a
fix for above patch
- Use bcond selinux to disable SELinux
- Remove old pam_unix_* compat symlinks
- Move pam_userdb to own pam-userdb sub-package
- pam-extra contains now modules having extended dependencies like
libsystemd
- Update to 1.5.3.90 git snapshot
- Drop merged patches:
- pam-git.diff
- docbook5.patch
- pam_pwhistory-docu.patch
- pam_xauth_data.3.xml.patch
- Drop Linux-PAM-1.5.2.90.tar.xz as we have to rebuild all
documentation anyways and don't use the prebuild versions
- Move all devel manual pages to pam-manpages, too. Fixes the
problem that adjusted defaults not shown correct.
docbook5
- For buggy bot: Makefile-pam_unix-nis.diff belonged to the other
- add macros.pam to abstract directory for pam modules
- pam-limit-nproc.patch: increased process limit to help
Chrome/Chromuim users with really lots of tabs. New limit gets
- Update to current git (Linux-PAM-git-20140127.diff), which
- Explicitly add pam_systemd.so to list of modules in
- Remove pam_unix-login.defs.diff, not needed anymore
- Added libtool as BuildRequire, and autoreconf -i option to fix
* manpage is left intact, as it was
OBS-URL: https://build.opensuse.org/request/show/1078360
OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=274
- pam-hostnames-in-access_conf.patch: update with upstream
submission. Fixes several bugs including memory leaks.
- Move group.conf and faillock.conf to /usr/etc/security
- Update to current git for enhanced vendordir support (pam-git.diff)
Obsoletes:
- 0001-Include-pam_xauth_data.3.xml-in-source-archive-400.patch
- 0002-Only-include-vendordir-in-manual-page-if-set-401.patch
- 0003-Use-vendor-specific-limits.conf-as-fallback-402.patch
OBS-URL: https://build.opensuse.org/request/show/961064
OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=259
- Use multibuild to build docu with correct paths and available
features.
- common-session: move pam_systemd to first position as if the
file would have been generated with pam-config
- Add vendordir fixes and enhancements from upstream:
- 0001-Include-pam_xauth_data.3.xml-in-source-archive-400.patch
- 0002-Only-include-vendordir-in-manual-page-if-set-401.patch
- 0003-Use-vendor-specific-limits.conf-as-fallback-402.patch
OBS-URL: https://build.opensuse.org/request/show/933444
OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=254
- Remove legacy pre-usrmerge compat code (removed pam-usrmerge.diff)
- Backport patch to not install /usr/etc/securetty (boo#1033626) ie
no distro defaults and don't complain about it missing
(pam_securetty-don-t-complain-about-missing-config.patch)
- add debug bcond to be able to build pam with debug output easily
- add macros file to allow other packages to stop hardcoding
directory names. Compatible with Fedora.
- Remove usrmerged conditional as it's now the default
OBS-URL: https://build.opensuse.org/request/show/903070
OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=241
- pam_unix: fixed CVE-2020-27780 - authentication bypass when a user
doesn't exist and root password is blank [bsc#1179166]
- pam_faillock: added nodelay option to not set pam_fail_delay
- pam_wheel: use pam_modutil_user_in_group to check for the group membership
with getgrouplist where it is available
OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=229
- obsoletes pam-bsc1178727-initialize-daysleft.patch
- Multiple minor bug fixes, portability fixes, and documentation improvements.
- Extended libpam API with pam_modutil_check_user_in_passwd function.
- pam_faillock: changed /run/faillock/$USER permissions from 0600 to 0660.
- pam_motd: read motd files with target user credentials skipping unreadable ones.
- pam_pwhistory: added a SELinux helper executable.
- pam_unix, pam_usertype: implemented avoidance of certain timing attacks.
- pam_wheel: implemented PAM_RUSER fallback for the case when getlogin fails.
- pam_env: Reading of the user environment is deprecated and will be removed
at some point in the future.
- libpam: pam_modutil_drop_priv() now correctly sets the target user's
supplementary groups, allowing pam_motd to filter messages accordingly
- Refresh pam-xauth_ownership.patch
- pam_tally2-removal.patch: Re-add pam_tally2 for deprecated sub-package
- pam_cracklib-removal.patch: Re-add pam_cracklib for deprecated sub-package
OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=228
- Multiple minor bug fixes and documentation improvements
- Fixed grammar of messages printed via pam_prompt
- Added support for a vendor directory and libeconf
- configure: Allowed disabling documentation through --disable-doc
- pam_get_authtok_verify: Avoid duplicate password verification
- pam_env: Changed the default to not read the user .pam_environment file
- pam_group, pam_time: Fixed logical error with multiple ! operators
- pam_keyinit: In pam_sm_setcred do the same as in pam_sm_open_session
- pam_lastlog: Do not log info about failed login if the session was opened
with PAM_SILENT flag
- pam_lastlog: Limit lastlog file use by LASTLOG_UID_MAX option in login.defs
- pam_lastlog: With 'unlimited' option prevent SIGXFSZ due to reduced 'fsize'
limit
- pam_motd: Export MOTD_SHOWN=pam after showing MOTD
- pam_motd: Support multiple motd paths specified, with filename overrides
- pam_namespace: Added a systemd service, which creates the namespaced
instance parent directories during boot
- pam_namespace: Support for noexec, nosuid and nodev flags for tmpfs mounts
- pam_shells: Recognize /bin/sh as the default shell
- pam_succeed_if: Support lists in group membership checks
- pam_tty_audit: If kernel audit is disabled return PAM_IGNORE
- pam_umask: Added new 'nousergroups' module argument and allowed specifying
the default for usergroups at build-time
- pam_unix: Added 'nullresetok' option to allow resetting blank passwords
- pam_unix: Report unusable hashes found by checksalt to syslog
- pam_unix: Support for (gost-)yescrypt hashing methods
- pam_unix: Use bcrypt b-variant when it bcrypt is chosen
- pam_usertype: New module to tell if uid is in login.defs ranges
- Added new API call pam_start_confdir() for special applications that
OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=208
