Colin Walters
dc7f2be86b
Convert tallylog to tmpfiles.d
...
This will make it compatible with the rpm-ostree model, which
has `/var` start out empty (or supports doing so).
More information in https://bugzilla.redhat.com/show_bug.cgi?id=1352154
2018-07-27 14:30:59 -04:00
Fedora Release Engineering
48595acee5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2018-07-13 15:25:36 +00:00
Jason Tibbitts
db03b40e8b
Remove needless use of %defattr
2018-07-10 02:15:00 -05:00
Tomas Mraz
ae699035e9
use /run instead of /var/run in pamtmp.conf ( #1588612 )
2018-06-08 10:24:42 +02:00
Tomas Mraz
48538add1f
new upstream release 1.3.1 with multiple improvements
2018-05-18 15:43:48 +02:00
Fedora Release Engineering
eebe54598c
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2018-02-08 18:11:21 +00:00
Tomas Mraz
8f94d6252d
and the NIS support now also requires libnsl2
2018-01-30 16:55:42 +01:00
Björn Esser
95ff4ad1c4
Rebuilt for switch to libxcrypt
2018-01-20 23:07:26 +01:00
Tomas Mraz
13115d331d
the NIS support now requires libtirpc
2018-01-11 14:25:59 +01:00
Tomas Mraz
64bde25a45
add admin_group option to pam_faillock ( #1285550 )
2017-08-21 16:47:47 +02:00
Fedora Release Engineering
a6e4462d0d
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
2017-08-03 04:46:07 +00:00
Fedora Release Engineering
8f2c8f16a3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
2017-07-27 02:06:32 +00:00
Petr Písař
cc34b72802
perl dependency renamed to perl-interpreter < https://fedoraproject.org/wiki/Changes/perl_Package_to_Install_Core_Modules >
2017-07-12 14:35:54 +02:00
Tomas Mraz
629a67bec4
drop superfluous 'Changing password' message from pam_unix ( #658289 )
2017-04-20 16:55:25 +02:00
Fedora Release Engineering
d6023f89c8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
2017-02-11 01:11:40 +00:00
Tomas Mraz
96b935efa5
Make install of tallylog non-fatal.
2017-01-03 10:17:58 +01:00
Tomas Mraz
26153ac92d
new upstream release with multiple improvements
2016-05-06 15:28:27 +02:00
Tomas Mraz
e1caf9a021
make cracklib-dicts dependency weak ( #1323172 )
2016-04-11 13:27:13 +02:00
Tomas Mraz
492bcabc07
do not drop PAM_OLDAUTHTOK if mismatched - can be used by further modules
2016-04-06 14:37:35 +02:00
Tomas Mraz
ef5646f9ed
pam_unix: use pam_get_authtok() and improve prompting
2016-04-04 18:54:12 +02:00
Tomas Mraz
89812cadd9
fix console device name in console.handlers ( #1270224 )
2016-02-05 17:50:26 +01:00
Fedora Release Engineering
6aff3ecdef
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
2016-02-04 11:51:15 +00:00
Tomas Mraz
d55e35278c
pam_faillock: add possibility to set unlock_time to never
2015-10-16 15:31:12 +02:00
Tomas Mraz
6818550d2a
drop the nproc limit setting, it is causing more harm than it solves
2015-08-12 17:27:54 +02:00
Tomas Mraz
364259c23f
Move autoreconf call to %prep
2015-07-15 12:03:10 +02:00
Tomas Mraz
230a2ffa1f
Fix changelog date.
2015-06-26 13:57:56 +02:00
Tomas Mraz
aef85b12f8
new upstream release fixing security issue with unlimited password length
2015-06-26 13:56:40 +02:00
Dennis Gilmore
a12c25884e
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
2015-06-18 00:38:08 +00:00
Tomas Mraz
6ccbfce566
Minor security and bugfix updates
...
- fix CVE-2014-2583: potential path traversal issue in pam_timestamp
- fix CVE-2013-7041: use case sensitive comparison in pam_userdb
- be tolerant to corrupted opasswd file
2015-05-15 16:39:21 +02:00
Tomas Mraz
1634393187
use USER_MGMT type for auditing in the pam_tally2 and faillock apps
...
(#1151576 )
2014-10-17 12:10:57 +02:00
Tomas Mraz
757d3aed85
Multiple fixes.
...
- update the audit-grantor patch with the upstream changes
- pam_userdb: correct the example in man page (#1078784 )
- pam_limits: check whether the utmp login entry is valid (#1080023 )
- pam_console_apply: do not print error if console.perms.d is empty
- pam_limits: nofile refers to open file descriptors (#1111220 )
- apply PIE and full RELRO to all binaries built
2014-09-11 09:28:59 +02:00
Peter Robinson
5c62799319
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
2014-08-17 14:36:02 +00:00
Tomas Mraz
140efce0ea
More pam_faillock updates.
2014-08-13 16:03:00 +02:00
Tomas Mraz
b582f50a36
audit the module names that granted access
...
- pam_faillock: update to latest version
2014-08-13 15:35:49 +02:00
Tom Callaway
e3a692cb19
fix license handling
2014-07-30 10:54:10 -04:00
Tomas Mraz
e157a48461
be tolerant to corrupted opasswd file
2014-07-17 16:52:34 +02:00
Dennis Gilmore
c0eb6fdc51
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
2014-06-06 18:29:57 -05:00
Tomas Mraz
1368ecb1ca
pam_loginuid: make it return PAM_IGNORE in containers
2014-05-22 11:49:12 +02:00
Tomas Mraz
9b30e30268
fix CVE-2014-2583: potential path traversal issue in pam_timestamp
2014-03-31 16:22:42 +02:00
Tomas Mraz
0cfc638648
pam_pwhistory: call the helper if SELinux enabled
2014-03-26 18:28:16 +01:00
Tomas Mraz
ad164ea74b
fix CVE-2013-7041: use case sensitive comparison in pam_userdb
2014-03-11 10:09:42 +01:00
Tomas Mraz
753a37644c
Correct release number in changelog.
2014-03-11 09:22:14 +01:00
Tomas Mraz
a8776b00dc
Forgotten rename.
2014-03-10 15:56:04 +01:00
Tomas Mraz
82f97fb404
rename the 90-nproc.conf to 20-nproc.conf ( #1071618 )
...
- canonicalize user name in pam_selinux (#1071010 )
- refresh the pam-redhat tarball
2014-03-10 15:36:16 +01:00
Tomas Mraz
919ce1131e
raise the default soft nproc limit to 4096
2013-12-16 10:57:03 +01:00
Tomas Mraz
8d25417f36
updated translations
2013-12-02 15:49:00 +01:00
Tomas Mraz
a777feba72
updated translations
2013-12-02 14:52:15 +01:00
Tomas Mraz
c1fad502fd
update lastlog with pam_lastlog also for su ( #1021108 )
2013-10-21 19:20:38 +02:00
Tomas Mraz
b99d0d5268
new upstream release
...
- pam_tty_audit: allow the module to work with old kernels
2013-10-14 14:51:50 +02:00
Tomas Mraz
b5054fab06
pam_tty_audit: proper initialization of the tty_audit_status struct
...
Related: rhbz#966166
2013-10-04 14:58:12 +02:00
Tomas Mraz
6ffceb7ea0
add "local_users_only" to pam_pwquality in default configuration
2013-09-30 11:39:27 +02:00
Tomas Mraz
384fedfade
new upstream release
2013-09-13 14:26:54 +02:00
Tomas Mraz
c8a6aadf10
use links instead of w3m to create txt documentation
...
- recognize login session in pam_sepermit to prevent gdm from locking (#969174 )
- add support for disabling password logging in pam_tty_audit
2013-08-07 18:24:04 +02:00
Dennis Gilmore
aeefedee72
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
2013-08-03 11:22:22 -05:00
Tomas Mraz
58c0255c92
add new helper for pam_pwhistory
2013-07-11 14:19:26 +02:00
Tomas Mraz
db8cd4099a
add auditing of SELinux policy violation in pam_rootok ( #965723 )
...
- add SELinux helper to pam_pwhistory
2013-07-11 14:02:52 +02:00
Tomas Mraz
1916f77e5c
the default isadir is more correct
2013-05-07 15:42:29 +02:00
Tomas Mraz
443cfad289
the default isadir is more correct
2013-05-07 14:12:43 +02:00
Tomas Mraz
01ca858789
pam_unix: do not fail with bad ld.so.preload
2013-04-24 17:46:23 +02:00
Tomas Mraz
bc16a79c57
pam_unix: do not fail with bad ld.so.preload
2013-04-23 17:19:31 +02:00
Tomas Mraz
858c76dcd3
Multiple bug fixes and cleanups.
...
- do not fail if btmp file is corrupted (#906852 )
- fix strict aliasing warnings in build
- UsrMove
- use authtok_type with pam_pwquality in system-auth
- remove manual_context handling from pam_selinux (#876976 )
- other minor specfile cleanups
2013-03-22 17:44:40 +01:00
Tomas Mraz
b38262e712
check NULL return from crypt() calls ( #915316 )
2013-03-19 16:29:42 +01:00
Tomas Mraz
21cc104fe0
add workaround for low nproc limit for confined root user ( #432903 )
2013-03-14 16:59:47 +01:00
Karsten Hopp
c6b26088e2
add support for ppc64p7 arch (Power7 optimized)
2013-02-21 16:03:10 +01:00
Dennis Gilmore
1e77848ced
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
2013-02-14 03:43:30 -06:00
Tomas Mraz
ba75a13ace
fix build with current autotools
2013-01-22 17:37:56 +01:00
Tomas Mraz
d47b309a1d
add support for tmpfs mount options in pam_namespace
2012-10-15 18:45:16 +02:00
Tomas Mraz
72401d341e
Autotools hackery to make it build.
2012-09-05 19:09:56 +02:00
Tomas Mraz
725d09d8bf
Drop libtoolize call.
2012-09-04 11:20:38 +02:00
Tomas Mraz
010ed2b452
link setuid binaries with full relro ( #853158 )
...
- add rhost and tty to auditing data in modules (#677664 )
2012-09-03 15:36:31 +02:00
Tomas Mraz
8a0ba11ae1
new upstream release
2012-08-17 15:24:18 +02:00
Tomas Mraz
a0cd63d48e
make the pam_lastlog module in postlogin 'optional' ( #846843 )
2012-08-09 17:57:58 +02:00
Tomas Mraz
0e79701521
Build against libdb-5
2012-08-06 21:49:23 +02:00
Tomas Mraz
28a93ad826
fix build failure in pam_unix
...
- add display of previous bad login attempts to postlogin.pamd
- put the tmpfiles.d config to /usr/lib and rename it to pam.conf
2012-07-23 18:51:15 +02:00
Dennis Gilmore
017fb41875
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
2012-07-20 02:49:29 -05:00
Tomas Mraz
14f4737e81
install empty directories
2012-05-09 12:30:33 +02:00
Tomas Mraz
7f16b85d54
multiple backported fixes
...
- add inactive account lock out functionality to pam_lastlog
- fix pam_unix remember user name matching
- add gecoscheck and maxclassrepeat functionality to pam_cracklib
- correctly check for crypt() returning NULL in pam_unix
- pam_unix - do not fallback to MD5 on password change
if requested algorithm not supported by crypt() (#818741 )
2012-05-09 11:58:27 +02:00
Tomas Mraz
882ad81ab3
add pam_systemd to session modules
2012-05-09 11:12:48 +02:00
Tomas Mraz
92f3acf6be
fix pam_namespace leaking the protect mounts to parent namespace ( #755216 )
2012-01-31 17:19:23 +01:00
Dennis Gilmore
87d3951c7d
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
2012-01-13 05:54:44 -06:00
Tomas Mraz
d3bb594db9
add a note to limits.conf ( #754285 )
2011-12-21 09:13:05 +01:00
Tomas Mraz
0e4d0dbd64
use pam_pwquality instead of pam_cracklib
2011-11-24 15:05:57 +01:00
Tomas Mraz
0c02cd5bb7
upgrade to new upstream release
2011-11-24 14:33:55 +01:00
Tomas Mraz
1ba74b3572
Fix description - no static libpam for a long time.
2011-10-03 15:20:33 +02:00
Tomas Mraz
39bef6c743
Merge branch 'master' of ssh://pkgs.fedoraproject.org/pam
...
Conflicts:
pam.spec
2011-08-25 16:10:53 +02:00
Tomas Mraz
9f29655908
fix dereference in pam_env
...
fix wrong parse of user@host pattern in pam_access (#732081 )
2011-08-25 16:09:08 +02:00
Ville Skyttä
de3812c9a2
Rebuild to fix trailing slashes in provided dirs added by rpm 4.9.1.
...
http://lists.fedoraproject.org/pipermail/devel/2011-July/154658.html
2011-07-23 16:34:01 +03:00
Tomas Mraz
05c4e69a7b
Remove trailing /
2011-07-15 15:28:24 +02:00
Tomas Mraz
8de0245233
clear supplementary groups in pam_console handler execution
2011-07-15 14:55:38 +02:00
Tomas Mraz
412141d627
upgrade to new upstream release
2011-06-27 17:24:51 +02:00
Tomas Mraz
d31d5587d4
detect the shared / and make the polydir mounts private based on that
...
fix memory leak and other small errors in pam_namespace
2011-06-07 17:31:12 +02:00
Tomas Mraz
6a48d1491e
add support for explicit marking of the polydir mount private ( #623522 )
2011-06-02 22:23:52 +02:00
Dennis Gilmore
20d38d82f9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
2011-02-08 08:02:09 -06:00
Tomas Mraz
a050086a24
- add postlogin common PAM configuration file ( #665059 )
2010-12-22 18:22:11 +01:00
Tomas Mraz
de4fdba40b
- include patches recently submitted and applied to upstream CVS
2010-12-14 12:02:26 +01:00
Tomas Mraz
a526ddfed4
- add config for autocreation of subdirectories in /var/run ( #656655 )
...
- automatically enable kernel console in pam_securetty
2010-11-25 18:14:01 +01:00
Tomas Mraz
fdfa166654
- fix segfault in faillock utility
...
- remove some cases where the information of existence of
an user account could be leaked by the pam_faillock,
document the remaining case
2010-11-10 17:15:18 +01:00
Tomas Mraz
5310fecf62
- fix segfault in faillock utility
...
- remove some cases where the information of existence of
an user account could be leaked by the pam_faillock,
document the remaining case
2010-11-10 15:15:03 +01:00
Tomas Mraz
a4d4d78281
- fix a mistake in the abstract X-socket connect
...
- make pam_faillock work with screensaver
2010-11-05 19:03:35 +01:00
Tomas Mraz
5bcbeb6870
Merge branch 'master' of ssh://pkgs.fedoraproject.org/pam
...
Conflicts:
pam.spec
2010-11-01 23:44:04 +01:00
Tomas Mraz
4baf0f6949
- upgrade to new upstream release fixing CVE-2010-3316 CVE-2010-3435
...
CVE-2010-3853
- try to connect to an abstract X-socket first to verify we are
at real console (#647191 )
2010-11-01 23:42:26 +01:00
Jesse Keating
9a28cb58ea
- Rebuilt for gcc bug 634757
2010-09-29 14:57:32 -07:00
Tomas Mraz
acc35880d3
- do not build some auxiliary tools that are not installed that require
...
flex-static to build
2010-09-20 12:16:26 +02:00
Tomas Mraz
ca3ead6784
- add pam_faillock module implementing temporary account lock out based
...
on authentication failures during a specified interval
- upgrade to new upstream release
2010-09-17 17:37:07 +02:00
Tomáš Mráz
4b7a0b2c99
- do not overwrite tallylog with empty file on upgrade
2010-07-15 13:24:33 +00:00
Tomáš Mráz
e3430d85d2
- change the default password hash to sha512
2010-02-15 17:25:28 +00:00
Tomáš Mráz
3f424c65d3
- fix wrong prompt when pam_get_authtok is used for new password
2010-01-22 17:49:54 +00:00
Tomáš Mráz
68bf40d031
- fix build with disabled audit and SELinux ( #556211 , #556212 )
2010-01-18 09:09:31 +00:00
Tomáš Mráz
1802942b8d
- new upstream version with minor changes
2009-12-17 14:29:39 +00:00
Tomáš Mráz
430b952f8e
- pam_console: fix memory corruption when executing handlers (patch by Stas
...
Sergeev) and a few more fixes in the handler execution code (#532302 )
2009-11-02 07:56:12 +00:00
Tomáš Mráz
0e45b7f2c2
- pam_xauth: set the approprate context when creating .xauth files
...
(#531530 )
2009-10-29 15:32:22 +00:00
Tomáš Mráz
4774498127
- do not change permissions with pam_console_apply
...
- drop obsolete pam_tally module and the faillog file (#461258 )
2009-09-01 16:03:13 +00:00
Tomáš Mráz
6572482d29
- leftover comment and license tag
2009-08-26 18:43:27 +00:00
Tomáš Mráz
155e7e9f93
- rebuild with new libaudit
2009-08-19 19:06:40 +00:00
Tomáš Mráz
e307a99b74
- fix source URLs
2009-08-11 11:50:50 +00:00
Tomáš Mráz
8d3cbe5e32
- fix for pam_cracklib from upstream
2009-07-27 15:23:22 +00:00
Jesse Keating
8f8af7e93e
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
2009-07-25 23:08:11 +00:00
Tomáš Mráz
47e2c2f3d9
- update to new upstream version
2009-06-24 07:09:21 +00:00
Tomáš Mráz
da8b25143b
- update to new upstream version
2009-05-13 10:59:18 +00:00
Tomáš Mráz
4b9fc2208b
- add password-auth, fingerprint-auth, and smartcard-auth for applications
...
which can use them namely gdm (#494874 ) patch by Ray Strode
2009-04-10 16:06:24 +00:00
Tomáš Mráz
02fa35ccd2
- bump release
2009-03-26 11:26:22 +00:00
Tomáš Mráz
f3a8a94868
- replace also other std descriptors ( #491471 )
2009-03-26 11:17:16 +00:00
Tomáš Mráz
837a5499fa
- replace also other std descriptors ( #491471 )
2009-03-26 09:28:14 +00:00
Tomáš Mráz
1343a8ed17
- we must replace the stdin when execing the helper ( #490644 )
2009-03-17 14:13:16 +00:00
Tomáš Mráz
a78e55c069
- do not close stdout/err when execing the helpers ( #488147 )
2009-03-16 13:47:00 +00:00
Tomáš Mráz
2c482b26a1
- the buildrequires on glibc will make it install a conflicting version
2009-03-09 20:58:38 +00:00
Tomáš Mráz
3ecbdb09e8
- upgrade to new upstream release
2009-03-09 16:14:30 +00:00
Tomáš Mráz
5b6ef5fcbd
- fix parsing of config files containing non-ASCII characters
...
- fix CVE-2009-0579 (mininimum days for password change ignored) (#487216 )
- pam_access: improve handling of hostname resolution
2009-02-27 12:52:52 +00:00
Jesse Keating
32a45d5cc0
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
2009-02-26 09:28:43 +00:00
Tomáš Mráz
64be9b675a
- add helper to pam_mkhomedir for proper SELinux confinement ( #476784 )
2009-01-19 09:18:56 +00:00
Tomáš Mráz
d4ff57cf6f
- upgrade to new upstream release
...
- add --disable-prelude (#466242 )
2008-12-16 15:17:16 +00:00
Tomáš Mráz
e30408c5d9
- new password quality checks in pam_cracklib
...
- report failed logins from btmp in pam_lastlog
- allow larger groups in modutil functions
- fix leaked file descriptor in pam_tally
2008-09-23 14:06:48 +00:00
Tomáš Mráz
8955a466b5
- pam_loginuid: uids are unsigned ( #460241 )
...
- new minor upstream release
- use external db4
- drop tests for not pulling in libpthread (as NPTL should be safe)
2008-09-08 11:01:44 +00:00
Tomáš Mráz
7d29dd0246
- update internal db4
2008-07-09 12:27:35 +00:00
Tomáš Mráz
a37d2c7046
- pam_namespace: allow safe creation of directories owned by user ( #437116 )
...
- pam_unix: fix multiple error prompts on password change (#443872 )
2008-05-21 08:08:39 +00:00
Tomáš Mráz
3be955e71c
- fix build with new autoconf
2008-05-20 13:31:17 +00:00
Tomáš Mráz
afb096a17d
- pam_selinux: add env_params option which will be used by OpenSSH
2008-05-19 16:55:13 +00:00
Tomáš Mráz
be4deb2d92
- pam_selinux: restore execcon properly ( #443667 )
2008-04-22 19:48:10 +00:00
Tomáš Mráz
65a47ccbca
- upgrade to new upstream release (one bugfix only)
...
- fix pam_sepermit use in screensavers
2008-04-18 08:43:42 +00:00
Tomáš Mráz
2613b27a52
- fix regression in pam_set_item
2008-04-07 09:45:21 +00:00
Tomáš Mráz
1fa0a9e893
- upgrade to new upstream release (bugfix only)
2008-04-04 16:00:50 +00:00
Tomáš Mráz
6aa700f64a
- pam_namespace: fix problem with level polyinst ( #438264 )
...
- pam_namespace: improve override checking for umount
- pam_selinux: fix syslogging a context after free() (#438338 )
2008-03-20 16:50:13 +00:00
Tomáš Mráz
1ba40631bf
- update pam-redhat module tarball
...
- update internal db4
2008-02-28 22:44:06 +00:00
Tomáš Mráz
8938fa9767
- if shadow is readable for an user do not prevent him from authenticating
...
any user with unix_chkpwd (#433459 )
- call audit from unix_chkpwd when appropriate
2008-02-22 15:49:55 +00:00
Tomáš Mráz
0533865ad8
- new upstream release
...
- add default soft limit for nproc of 1024 to prevent accidental fork bombs
(#432903 )
2008-02-15 17:27:28 +00:00
Tomáš Mráz
717cfde74b
- allow the package to build without SELinux and audit support ( #431415 )
...
- macro usage cleanup
2008-02-04 13:06:18 +00:00
Tomáš Mráz
b6b1e29706
- test for setkeycreatecon correctly
...
- add exclusive login mode of operation to pam_selinux_permit (original
patch by Dan Walsh)
2008-01-28 17:59:35 +00:00
Tomáš Mráz
de90b38383
- libpam.so is in libdir
2008-01-23 07:43:33 +00:00
Tomáš Mráz
2badd4f116
- add auditing to pam_access, pam_limits, and pam_time
...
- moved sanity testing code to check script
2008-01-22 21:52:13 +00:00
Tomáš Mráz
392622e8de
- merge review fixes ( #226228 )
2008-01-14 12:49:56 +00:00