ipedrosa
403090086b
docs: splitted documentation in subpackage -docs
2020-04-23 11:50:24 +02:00
ikerexxe
055b81078c
pam_selinux: check unknown object classes or permissions in current policy
2020-03-11 16:42:15 +01:00
Pavel Březina
a346ac13e2
add pam_usertype
2020-02-06 13:13:13 +01:00
Fedora Release Engineering
966d010ebd
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2020-01-29 20:46:33 +00:00
Tomas Mraz
a41ddb867b
Fix date in changelog
2019-12-18 14:09:17 +01:00
Tomas Mraz
4957e6ce68
pam_faillock: Fix regression in admin_group support
2019-12-18 13:36:44 +01:00
Tomas Mraz
a9ef7f8676
Multiple fixes and enhancements
...
pam_namespace: Support noexec, nosuid and nodev flags for tmpfs mounts
Drop tallylog and pam_tally documentation
pam_faillock: Support local_users_only option
pam_lastlog: Do not display failed attempts with PAM_SILENT flag
pam_lastlog: Support unlimited option to override fsize limit
pam_unix: Log if user authenticated without password
pam_tty_audit: Improve manual page
Optimize closing fds when spawning helpers
Fix duplicate password verification in pam_authtok_verify()
2019-10-16 16:35:57 +02:00
Tomas Mraz
b0eec480a1
pam_faillock: Support configuration file /etc/security/faillock.conf
2019-09-09 12:39:07 +02:00
Fedora Release Engineering
daf508b4d6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2019-07-25 23:56:12 +00:00
Fedora Release Engineering
0232ca3078
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2019-02-01 17:51:32 +00:00
Igor Gnatenko
a24e70398f
Remove obsolete Group tag
...
References: https://fedoraproject.org/wiki/Changes/Remove_Group_Tag
2019-01-28 20:24:24 +01:00
Björn Esser
1a0a3edc23
Rebuilt for libcrypt.so.2 ( #1666033 )
2019-01-14 18:51:46 +01:00
Tomas Mraz
0686daa3fa
Add the motd.d directories (empty)
...
- to silence warnings and to provide
proper ownership for them (#1660935 )
2018-12-20 14:21:49 +01:00
Tomas Mraz
40b927d103
Update Red Hat PAM modules to version 1.0.0 which includes pam_faillock
...
Drop also pam_tally2 which was obsoleted and deprecated long time ago
2018-12-04 09:15:56 +01:00
Björn Esser
94c0a4fee4
Backport upstream commit fixing syslog for disabled or invalid hashes
2018-12-02 20:17:59 +01:00
Björn Esser
f3b728d2c9
Backport upstream commit reporting disabled or invalid hashes to syslog
2018-12-02 20:17:06 +01:00
rfairley
8bab4e7fac
Backport upstream commit for pam_motd multiple motd paths
2018-11-28 12:35:18 -05:00
Tomas Mraz
eb01a2d4d8
Completely drop the check of invalid or disabled salt via crypt_checksalt
2018-11-26 12:58:54 +01:00
Björn Esser
d82342266e
Fix passphraseless sudo with crypt_checksalt ( #1653023 )
...
Upstream commit 4da9feb introduced a regression that made
passphraseless sudo fail when it was invoked from a user with
a locked passphrase. Thus we should check for such a scenario
when evaluating the return value of crypt_checksalt(3).
2018-11-25 07:36:29 +01:00
Björn Esser
ae8e396328
Update the no-MD5-fallback patch for alignment
2018-11-23 17:49:20 +01:00
Björn Esser
2842b2a1ee
Backport upstream commit adding support for (gost-)yescrypt
2018-11-23 17:49:20 +01:00
Björn Esser
65c004f604
Backport upstream commit using crypt_checksalt for password aging
2018-11-23 10:17:17 +01:00
Björn Esser
a0fce7ff9b
Backport upstream commit preferring gensalt with autoentropy
2018-11-23 10:14:03 +01:00
Björn Esser
6eff6819b8
Backport upstream commit preferring bcrypt_b ($2b$) for blowfish
2018-11-23 10:11:51 +01:00
Björn Esser
da68a05bc8
Backport upstream commit removing an obsolete prototype
2018-11-23 10:07:51 +01:00
Björn Esser
239b1317eb
Prefer %%global over %%define
2018-11-16 11:28:35 +01:00
Björn Esser
80eff59d99
Drop Requires(post), not needed anymore
2018-11-16 11:27:00 +01:00
Björn Esser
19dc42903b
Use %%ldconfig_scriptlets
2018-11-16 11:26:11 +01:00
Björn Esser
11e9d6fdf2
Add BuildRequires: libxcrypt >= 4.3.3-2
...
When building against libxcrypt >= 4.3.3-2, we can
avoid the explicit dependency on libxcrypt >= 4.3.3-1.
2018-11-13 14:34:17 +01:00
Björn Esser
da5343b789
Add explicit (Build)Requires for libxcrypt >= 4.3.3-1
...
This is needed to ensure working updates from previous builds.
It should have been in my previous commit, but I overlooked to
add it then.
2018-11-12 11:38:23 +01:00
Björn Esser
47165fb66c
Rebuilt against libxcrypt-4.3.3 to enable the use of crypt_gensalt_r
...
PAM preferes the crypt_gensalt_r function over its internal
crypt_make_salt function, when this function is provided by
the system's crypt library.
libxcrypt now ships (and used to ship it until v3.1.1) such an
alias for its crypt_gensalt_rn function, which features the
same semantics and the same prototype as the crypt_gensalt_r
function existing on some systems.
2018-11-12 11:07:09 +01:00
Tomas Mraz
fd5858157e
Make it build
2018-09-10 16:24:16 +02:00
Tomas Mraz
786ce63f9d
Coverity fixes, pam_umask added to postlogin
...
add pam_umask to postlogin PAM configuration file
fix some issues found by Coverity scan
2018-09-10 14:25:15 +02:00
Colin Walters
dc7f2be86b
Convert tallylog to tmpfiles.d
...
This will make it compatible with the rpm-ostree model, which
has `/var` start out empty (or supports doing so).
More information in https://bugzilla.redhat.com/show_bug.cgi?id=1352154
2018-07-27 14:30:59 -04:00
Fedora Release Engineering
48595acee5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2018-07-13 15:25:36 +00:00
Jason Tibbitts
db03b40e8b
Remove needless use of %defattr
2018-07-10 02:15:00 -05:00
Tomas Mraz
ae699035e9
use /run instead of /var/run in pamtmp.conf ( #1588612 )
2018-06-08 10:24:42 +02:00
Tomas Mraz
48538add1f
new upstream release 1.3.1 with multiple improvements
2018-05-18 15:43:48 +02:00
Fedora Release Engineering
eebe54598c
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2018-02-08 18:11:21 +00:00
Tomas Mraz
8f94d6252d
and the NIS support now also requires libnsl2
2018-01-30 16:55:42 +01:00
Björn Esser
95ff4ad1c4
Rebuilt for switch to libxcrypt
2018-01-20 23:07:26 +01:00
Tomas Mraz
13115d331d
the NIS support now requires libtirpc
2018-01-11 14:25:59 +01:00
Tomas Mraz
64bde25a45
add admin_group option to pam_faillock ( #1285550 )
2017-08-21 16:47:47 +02:00
Fedora Release Engineering
a6e4462d0d
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
2017-08-03 04:46:07 +00:00
Fedora Release Engineering
8f2c8f16a3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
2017-07-27 02:06:32 +00:00
Petr Písař
cc34b72802
perl dependency renamed to perl-interpreter < https://fedoraproject.org/wiki/Changes/perl_Package_to_Install_Core_Modules >
2017-07-12 14:35:54 +02:00
Tomas Mraz
629a67bec4
drop superfluous 'Changing password' message from pam_unix ( #658289 )
2017-04-20 16:55:25 +02:00
Fedora Release Engineering
d6023f89c8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
2017-02-11 01:11:40 +00:00
Tomas Mraz
96b935efa5
Make install of tallylog non-fatal.
2017-01-03 10:17:58 +01:00
Tomas Mraz
26153ac92d
new upstream release with multiple improvements
2016-05-06 15:28:27 +02:00
Tomas Mraz
e1caf9a021
make cracklib-dicts dependency weak ( #1323172 )
2016-04-11 13:27:13 +02:00
Tomas Mraz
492bcabc07
do not drop PAM_OLDAUTHTOK if mismatched - can be used by further modules
2016-04-06 14:37:35 +02:00
Tomas Mraz
ef5646f9ed
pam_unix: use pam_get_authtok() and improve prompting
2016-04-04 18:54:12 +02:00
Tomas Mraz
89812cadd9
fix console device name in console.handlers ( #1270224 )
2016-02-05 17:50:26 +01:00
Fedora Release Engineering
6aff3ecdef
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
2016-02-04 11:51:15 +00:00
Tomas Mraz
d55e35278c
pam_faillock: add possibility to set unlock_time to never
2015-10-16 15:31:12 +02:00
Tomas Mraz
6818550d2a
drop the nproc limit setting, it is causing more harm than it solves
2015-08-12 17:27:54 +02:00
Tomas Mraz
364259c23f
Move autoreconf call to %prep
2015-07-15 12:03:10 +02:00
Tomas Mraz
230a2ffa1f
Fix changelog date.
2015-06-26 13:57:56 +02:00
Tomas Mraz
aef85b12f8
new upstream release fixing security issue with unlimited password length
2015-06-26 13:56:40 +02:00
Dennis Gilmore
a12c25884e
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
2015-06-18 00:38:08 +00:00
Tomas Mraz
6ccbfce566
Minor security and bugfix updates
...
- fix CVE-2014-2583: potential path traversal issue in pam_timestamp
- fix CVE-2013-7041: use case sensitive comparison in pam_userdb
- be tolerant to corrupted opasswd file
2015-05-15 16:39:21 +02:00
Tomas Mraz
1634393187
use USER_MGMT type for auditing in the pam_tally2 and faillock apps
...
(#1151576 )
2014-10-17 12:10:57 +02:00
Tomas Mraz
757d3aed85
Multiple fixes.
...
- update the audit-grantor patch with the upstream changes
- pam_userdb: correct the example in man page (#1078784 )
- pam_limits: check whether the utmp login entry is valid (#1080023 )
- pam_console_apply: do not print error if console.perms.d is empty
- pam_limits: nofile refers to open file descriptors (#1111220 )
- apply PIE and full RELRO to all binaries built
2014-09-11 09:28:59 +02:00
Peter Robinson
5c62799319
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
2014-08-17 14:36:02 +00:00
Tomas Mraz
140efce0ea
More pam_faillock updates.
2014-08-13 16:03:00 +02:00
Tomas Mraz
b582f50a36
audit the module names that granted access
...
- pam_faillock: update to latest version
2014-08-13 15:35:49 +02:00
Tom Callaway
e3a692cb19
fix license handling
2014-07-30 10:54:10 -04:00
Tomas Mraz
e157a48461
be tolerant to corrupted opasswd file
2014-07-17 16:52:34 +02:00
Dennis Gilmore
c0eb6fdc51
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
2014-06-06 18:29:57 -05:00
Tomas Mraz
1368ecb1ca
pam_loginuid: make it return PAM_IGNORE in containers
2014-05-22 11:49:12 +02:00
Tomas Mraz
9b30e30268
fix CVE-2014-2583: potential path traversal issue in pam_timestamp
2014-03-31 16:22:42 +02:00
Tomas Mraz
0cfc638648
pam_pwhistory: call the helper if SELinux enabled
2014-03-26 18:28:16 +01:00
Tomas Mraz
ad164ea74b
fix CVE-2013-7041: use case sensitive comparison in pam_userdb
2014-03-11 10:09:42 +01:00
Tomas Mraz
753a37644c
Correct release number in changelog.
2014-03-11 09:22:14 +01:00
Tomas Mraz
a8776b00dc
Forgotten rename.
2014-03-10 15:56:04 +01:00
Tomas Mraz
82f97fb404
rename the 90-nproc.conf to 20-nproc.conf ( #1071618 )
...
- canonicalize user name in pam_selinux (#1071010 )
- refresh the pam-redhat tarball
2014-03-10 15:36:16 +01:00
Tomas Mraz
919ce1131e
raise the default soft nproc limit to 4096
2013-12-16 10:57:03 +01:00
Tomas Mraz
8d25417f36
updated translations
2013-12-02 15:49:00 +01:00
Tomas Mraz
a777feba72
updated translations
2013-12-02 14:52:15 +01:00
Tomas Mraz
c1fad502fd
update lastlog with pam_lastlog also for su ( #1021108 )
2013-10-21 19:20:38 +02:00
Tomas Mraz
b99d0d5268
new upstream release
...
- pam_tty_audit: allow the module to work with old kernels
2013-10-14 14:51:50 +02:00
Tomas Mraz
b5054fab06
pam_tty_audit: proper initialization of the tty_audit_status struct
...
Related: rhbz#966166
2013-10-04 14:58:12 +02:00
Tomas Mraz
6ffceb7ea0
add "local_users_only" to pam_pwquality in default configuration
2013-09-30 11:39:27 +02:00
Tomas Mraz
384fedfade
new upstream release
2013-09-13 14:26:54 +02:00
Tomas Mraz
c8a6aadf10
use links instead of w3m to create txt documentation
...
- recognize login session in pam_sepermit to prevent gdm from locking (#969174 )
- add support for disabling password logging in pam_tty_audit
2013-08-07 18:24:04 +02:00
Dennis Gilmore
aeefedee72
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
2013-08-03 11:22:22 -05:00
Tomas Mraz
58c0255c92
add new helper for pam_pwhistory
2013-07-11 14:19:26 +02:00
Tomas Mraz
db8cd4099a
add auditing of SELinux policy violation in pam_rootok ( #965723 )
...
- add SELinux helper to pam_pwhistory
2013-07-11 14:02:52 +02:00
Tomas Mraz
1916f77e5c
the default isadir is more correct
2013-05-07 15:42:29 +02:00
Tomas Mraz
443cfad289
the default isadir is more correct
2013-05-07 14:12:43 +02:00
Tomas Mraz
01ca858789
pam_unix: do not fail with bad ld.so.preload
2013-04-24 17:46:23 +02:00
Tomas Mraz
bc16a79c57
pam_unix: do not fail with bad ld.so.preload
2013-04-23 17:19:31 +02:00
Tomas Mraz
858c76dcd3
Multiple bug fixes and cleanups.
...
- do not fail if btmp file is corrupted (#906852 )
- fix strict aliasing warnings in build
- UsrMove
- use authtok_type with pam_pwquality in system-auth
- remove manual_context handling from pam_selinux (#876976 )
- other minor specfile cleanups
2013-03-22 17:44:40 +01:00
Tomas Mraz
b38262e712
check NULL return from crypt() calls ( #915316 )
2013-03-19 16:29:42 +01:00
Tomas Mraz
21cc104fe0
add workaround for low nproc limit for confined root user ( #432903 )
2013-03-14 16:59:47 +01:00
Karsten Hopp
c6b26088e2
add support for ppc64p7 arch (Power7 optimized)
2013-02-21 16:03:10 +01:00
Dennis Gilmore
1e77848ced
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
2013-02-14 03:43:30 -06:00
Tomas Mraz
ba75a13ace
fix build with current autotools
2013-01-22 17:37:56 +01:00
Tomas Mraz
d47b309a1d
add support for tmpfs mount options in pam_namespace
2012-10-15 18:45:16 +02:00