01ca858789
pam_unix: do not fail with bad ld.so.preload
2013-04-24 17:46:23 +02:00
bc16a79c57
pam_unix: do not fail with bad ld.so.preload
2013-04-23 17:19:31 +02:00
858c76dcd3
Multiple bug fixes and cleanups.
...
- do not fail if btmp file is corrupted (#906852 )
- fix strict aliasing warnings in build
- UsrMove
- use authtok_type with pam_pwquality in system-auth
- remove manual_context handling from pam_selinux (#876976 )
- other minor specfile cleanups
2013-03-22 17:44:40 +01:00
b38262e712
check NULL return from crypt() calls ( #915316 )
2013-03-19 16:29:42 +01:00
21cc104fe0
add workaround for low nproc limit for confined root user ( #432903 )
2013-03-14 16:59:47 +01:00
c6b26088e2
add support for ppc64p7 arch (Power7 optimized)
2013-02-21 16:03:10 +01:00
1e77848ced
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
2013-02-14 03:43:30 -06:00
ba75a13ace
fix build with current autotools
2013-01-22 17:37:56 +01:00
d47b309a1d
add support for tmpfs mount options in pam_namespace
2012-10-15 18:45:16 +02:00
72401d341e
Autotools hackery to make it build.
2012-09-05 19:09:56 +02:00
725d09d8bf
Drop libtoolize call.
2012-09-04 11:20:38 +02:00
010ed2b452
link setuid binaries with full relro ( #853158 )
...
- add rhost and tty to auditing data in modules (#677664 )
2012-09-03 15:36:31 +02:00
8a0ba11ae1
new upstream release
2012-08-17 15:24:18 +02:00
a0cd63d48e
make the pam_lastlog module in postlogin 'optional' ( #846843 )
2012-08-09 17:57:58 +02:00
0e79701521
Build against libdb-5
2012-08-06 21:49:23 +02:00
28a93ad826
fix build failure in pam_unix
...
- add display of previous bad login attempts to postlogin.pamd
- put the tmpfiles.d config to /usr/lib and rename it to pam.conf
2012-07-23 18:51:15 +02:00
017fb41875
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
2012-07-20 02:49:29 -05:00
14f4737e81
install empty directories
2012-05-09 12:30:33 +02:00
7f16b85d54
multiple backported fixes
...
- add inactive account lock out functionality to pam_lastlog
- fix pam_unix remember user name matching
- add gecoscheck and maxclassrepeat functionality to pam_cracklib
- correctly check for crypt() returning NULL in pam_unix
- pam_unix - do not fallback to MD5 on password change
if requested algorithm not supported by crypt() (#818741 )
2012-05-09 11:58:27 +02:00
882ad81ab3
add pam_systemd to session modules
2012-05-09 11:12:48 +02:00
92f3acf6be
fix pam_namespace leaking the protect mounts to parent namespace ( #755216 )
2012-01-31 17:19:23 +01:00
87d3951c7d
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
2012-01-13 05:54:44 -06:00
d3bb594db9
add a note to limits.conf ( #754285 )
2011-12-21 09:13:05 +01:00
0e4d0dbd64
use pam_pwquality instead of pam_cracklib
2011-11-24 15:05:57 +01:00
0c02cd5bb7
upgrade to new upstream release
2011-11-24 14:33:55 +01:00
1ba74b3572
Fix description - no static libpam for a long time.
2011-10-03 15:20:33 +02:00
39bef6c743
Merge branch 'master' of ssh://pkgs.fedoraproject.org/pam
...
Conflicts:
pam.spec
2011-08-25 16:10:53 +02:00
9f29655908
fix dereference in pam_env
...
fix wrong parse of user@host pattern in pam_access (#732081 )
2011-08-25 16:09:08 +02:00
de3812c9a2
Rebuild to fix trailing slashes in provided dirs added by rpm 4.9.1.
...
http://lists.fedoraproject.org/pipermail/devel/2011-July/154658.html
2011-07-23 16:34:01 +03:00
05c4e69a7b
Remove trailing /
2011-07-15 15:28:24 +02:00
8de0245233
clear supplementary groups in pam_console handler execution
2011-07-15 14:55:38 +02:00
412141d627
upgrade to new upstream release
2011-06-27 17:24:51 +02:00
d31d5587d4
detect the shared / and make the polydir mounts private based on that
...
fix memory leak and other small errors in pam_namespace
2011-06-07 17:31:12 +02:00
6a48d1491e
add support for explicit marking of the polydir mount private ( #623522 )
2011-06-02 22:23:52 +02:00
20d38d82f9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
2011-02-08 08:02:09 -06:00
a050086a24
- add postlogin common PAM configuration file ( #665059 )
2010-12-22 18:22:11 +01:00
de4fdba40b
- include patches recently submitted and applied to upstream CVS
2010-12-14 12:02:26 +01:00
a526ddfed4
- add config for autocreation of subdirectories in /var/run ( #656655 )
...
- automatically enable kernel console in pam_securetty
2010-11-25 18:14:01 +01:00
fdfa166654
- fix segfault in faillock utility
...
- remove some cases where the information of existence of
an user account could be leaked by the pam_faillock,
document the remaining case
2010-11-10 17:15:18 +01:00
5310fecf62
- fix segfault in faillock utility
...
- remove some cases where the information of existence of
an user account could be leaked by the pam_faillock,
document the remaining case
2010-11-10 15:15:03 +01:00
a4d4d78281
- fix a mistake in the abstract X-socket connect
...
- make pam_faillock work with screensaver
2010-11-05 19:03:35 +01:00
5bcbeb6870
Merge branch 'master' of ssh://pkgs.fedoraproject.org/pam
...
Conflicts:
pam.spec
2010-11-01 23:44:04 +01:00
4baf0f6949
- upgrade to new upstream release fixing CVE-2010-3316 CVE-2010-3435
...
CVE-2010-3853
- try to connect to an abstract X-socket first to verify we are
at real console (#647191 )
2010-11-01 23:42:26 +01:00
9a28cb58ea
- Rebuilt for gcc bug 634757
2010-09-29 14:57:32 -07:00
acc35880d3
- do not build some auxiliary tools that are not installed that require
...
flex-static to build
2010-09-20 12:16:26 +02:00
ca3ead6784
- add pam_faillock module implementing temporary account lock out based
...
on authentication failures during a specified interval
- upgrade to new upstream release
2010-09-17 17:37:07 +02:00
4b7a0b2c99
- do not overwrite tallylog with empty file on upgrade
2010-07-15 13:24:33 +00:00
e3430d85d2
- change the default password hash to sha512
2010-02-15 17:25:28 +00:00
3f424c65d3
- fix wrong prompt when pam_get_authtok is used for new password
2010-01-22 17:49:54 +00:00
68bf40d031
- fix build with disabled audit and SELinux ( #556211 , #556212 )
2010-01-18 09:09:31 +00:00
1802942b8d
- new upstream version with minor changes
2009-12-17 14:29:39 +00:00
430b952f8e
- pam_console: fix memory corruption when executing handlers (patch by Stas
...
Sergeev) and a few more fixes in the handler execution code (#532302 )
2009-11-02 07:56:12 +00:00
0e45b7f2c2
- pam_xauth: set the approprate context when creating .xauth files
...
(#531530 )
2009-10-29 15:32:22 +00:00
4774498127
- do not change permissions with pam_console_apply
...
- drop obsolete pam_tally module and the faillog file (#461258 )
2009-09-01 16:03:13 +00:00
6572482d29
- leftover comment and license tag
2009-08-26 18:43:27 +00:00
155e7e9f93
- rebuild with new libaudit
2009-08-19 19:06:40 +00:00
e307a99b74
- fix source URLs
2009-08-11 11:50:50 +00:00
8d3cbe5e32
- fix for pam_cracklib from upstream
2009-07-27 15:23:22 +00:00
8f8af7e93e
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
2009-07-25 23:08:11 +00:00
47e2c2f3d9
- update to new upstream version
2009-06-24 07:09:21 +00:00
da8b25143b
- update to new upstream version
2009-05-13 10:59:18 +00:00
4b9fc2208b
- add password-auth, fingerprint-auth, and smartcard-auth for applications
...
which can use them namely gdm (#494874 ) patch by Ray Strode
2009-04-10 16:06:24 +00:00
02fa35ccd2
- bump release
2009-03-26 11:26:22 +00:00
f3a8a94868
- replace also other std descriptors ( #491471 )
2009-03-26 11:17:16 +00:00
837a5499fa
- replace also other std descriptors ( #491471 )
2009-03-26 09:28:14 +00:00
1343a8ed17
- we must replace the stdin when execing the helper ( #490644 )
2009-03-17 14:13:16 +00:00
a78e55c069
- do not close stdout/err when execing the helpers ( #488147 )
2009-03-16 13:47:00 +00:00
2c482b26a1
- the buildrequires on glibc will make it install a conflicting version
2009-03-09 20:58:38 +00:00
3ecbdb09e8
- upgrade to new upstream release
2009-03-09 16:14:30 +00:00
5b6ef5fcbd
- fix parsing of config files containing non-ASCII characters
...
- fix CVE-2009-0579 (mininimum days for password change ignored) (#487216 )
- pam_access: improve handling of hostname resolution
2009-02-27 12:52:52 +00:00
32a45d5cc0
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
2009-02-26 09:28:43 +00:00
64be9b675a
- add helper to pam_mkhomedir for proper SELinux confinement ( #476784 )
2009-01-19 09:18:56 +00:00
d4ff57cf6f
- upgrade to new upstream release
...
- add --disable-prelude (#466242 )
2008-12-16 15:17:16 +00:00
e30408c5d9
- new password quality checks in pam_cracklib
...
- report failed logins from btmp in pam_lastlog
- allow larger groups in modutil functions
- fix leaked file descriptor in pam_tally
2008-09-23 14:06:48 +00:00
8955a466b5
- pam_loginuid: uids are unsigned ( #460241 )
...
- new minor upstream release
- use external db4
- drop tests for not pulling in libpthread (as NPTL should be safe)
2008-09-08 11:01:44 +00:00
7d29dd0246
- update internal db4
2008-07-09 12:27:35 +00:00
a37d2c7046
- pam_namespace: allow safe creation of directories owned by user ( #437116 )
...
- pam_unix: fix multiple error prompts on password change (#443872 )
2008-05-21 08:08:39 +00:00
3be955e71c
- fix build with new autoconf
2008-05-20 13:31:17 +00:00
afb096a17d
- pam_selinux: add env_params option which will be used by OpenSSH
2008-05-19 16:55:13 +00:00
be4deb2d92
- pam_selinux: restore execcon properly ( #443667 )
2008-04-22 19:48:10 +00:00
65a47ccbca
- upgrade to new upstream release (one bugfix only)
...
- fix pam_sepermit use in screensavers
2008-04-18 08:43:42 +00:00
2613b27a52
- fix regression in pam_set_item
2008-04-07 09:45:21 +00:00
1fa0a9e893
- upgrade to new upstream release (bugfix only)
2008-04-04 16:00:50 +00:00
6aa700f64a
- pam_namespace: fix problem with level polyinst ( #438264 )
...
- pam_namespace: improve override checking for umount
- pam_selinux: fix syslogging a context after free() (#438338 )
2008-03-20 16:50:13 +00:00
1ba40631bf
- update pam-redhat module tarball
...
- update internal db4
2008-02-28 22:44:06 +00:00
8938fa9767
- if shadow is readable for an user do not prevent him from authenticating
...
any user with unix_chkpwd (#433459 )
- call audit from unix_chkpwd when appropriate
2008-02-22 15:49:55 +00:00
0533865ad8
- new upstream release
...
- add default soft limit for nproc of 1024 to prevent accidental fork bombs
(#432903 )
2008-02-15 17:27:28 +00:00
717cfde74b
- allow the package to build without SELinux and audit support ( #431415 )
...
- macro usage cleanup
2008-02-04 13:06:18 +00:00
b6b1e29706
- test for setkeycreatecon correctly
...
- add exclusive login mode of operation to pam_selinux_permit (original
patch by Dan Walsh)
2008-01-28 17:59:35 +00:00
de90b38383
- libpam.so is in libdir
2008-01-23 07:43:33 +00:00
2badd4f116
- add auditing to pam_access, pam_limits, and pam_time
...
- moved sanity testing code to check script
2008-01-22 21:52:13 +00:00
392622e8de
- merge review fixes ( #226228 )
2008-01-14 12:49:56 +00:00
c5d3ee3a3f
- support for sha256 and sha512 password hashes
...
- account expiry checks moved to unix_chkpwd helper
2008-01-08 18:56:11 +00:00
b99939ffb4
- wildcard match support in pam_tty_audit (by Miloslav Trmač)
2008-01-02 10:42:27 +00:00
a36aa37b04
- add pam_tty_audit module ( #244352 ) - written by Miloslav Trmač
2007-11-29 13:20:28 +00:00
9ae80944c1
- add substack support
2007-11-07 11:41:49 +00:00
991484aaf4
- apply db4 patch correctly
2007-09-25 20:26:29 +00:00
00939f1c06
- update db4 to 4.6.19 ( #274661 )
2007-09-25 20:15:45 +00:00
36d9a1c73d
- do not preserve contexts when copying skel and other namespace.init fixes
...
(#298941 )
- do not free memory sent to putenv (#231698 )
2007-09-21 14:08:14 +00:00
43c3a5a46e
- add pam_selinux_permit module
...
- pam_succeed_if: fix in operator (#295151 )
2007-09-19 18:11:42 +00:00
ac8e934c7b
- when SELinux enabled always run the helper binary instead of direct
...
shadow access (#293181 )
2007-09-18 20:23:57 +00:00
9e1a698edf
- do not ask for blank password when SELinux confined ( #254044 )
...
- initialize homedirs in namespace init script (original patch by dwalsh)
2007-08-24 13:15:01 +00:00
a47d5ca5e4
- multifunction scanner device support ( #251468 )
2007-08-22 19:30:39 +00:00
73ea19b4f7
- most devices are now handled by HAL and not pam_console (patch by davidz)
...
- license tag fix
2007-08-22 18:03:12 +00:00
81e34ba414
- fix auth regression when uid != 0 from previous build ( #251804 )
2007-08-13 09:05:04 +00:00
ecf62ebc17
- make db4 build with new glibc
2007-08-06 14:57:26 +00:00
8fa0463a67
- updated db4 to 4.6.18 ( #249740 )
...
- added user and new instance parameters to namespace init
- document the new features of pam_namespace
- do not log an audit error when uid != 0 (#249870 )
2007-08-06 12:31:50 +00:00
f6d27e9e3a
- rebuild for toolchain bug
2007-07-25 17:52:58 +00:00
3f1e71cada
- drop the merged patches
2007-07-23 19:07:42 +00:00
6c6453458a
- upgrade to latest upstream version
...
- add some firewire devices to default console perms (#240770 )
2007-07-23 18:46:31 +00:00
09b44afcb6
- pam_namespace: better document behavior on failure ( #237249 )
...
- pam_unix: split out passwd change to a new helper binary (#236316 )
- pam_namespace: add support for temporary logons (#241226 )
2007-06-04 14:22:15 +00:00
33d3c087e3
- pam_selinux: improve context change auditing ( #234781 )
...
- pam_namespace: fix parsing config file with unknown users (#234513 )
2007-04-13 16:14:38 +00:00
a28e30cbc4
- pam_console: always decrement use count ( #230823 )
...
- pam_namespace: use raw context for poly dir name (#227345 )
- pam_namespace: truncate long poly dir name (append hash) (#230120 )
- we don't patch any po files anymore
2007-03-23 11:02:35 +00:00
71ab958a92
- correctly relabel tty in the default case ( #229542 )
...
- pam_unix: cleanup of bigcrypt support
- pam_unix: allow modification of '*' passwords to root
2007-02-21 20:32:28 +00:00
504a3315ce
- more X displays as consoles ( #227462 )
2007-02-06 15:58:27 +00:00
bbd6bf031f
- upgrade to new upstream version resolving CVE-2007-0003
...
- pam_namespace: unmount poly dir for override users
2007-01-24 12:14:29 +00:00
d1daca3136
- add back min salt length requirement which was erroneously removed
...
upstream
2007-01-22 13:11:10 +00:00
0b9c1bae67
- upgrade to new upstream version
...
- drop pam_stack module as it is obsolete
- some changes to silence rpmlint
2007-01-19 17:42:21 +00:00
8a453fc0be
- properly include /var/log/faillog and tallylog as ghosts and create them
...
in post script (#209646 )
- update gmo files as we patch some po files (#218271 )
- add use_current_range option to pam_selinux (#220487 )
- improve the role selection in pam_selinux
- remove shortcut on Password: in ja locale (#218271 )
- revert to old euid and not ruid when setting euid in pam_keyinit
(#219486 )
- rename selinux-namespace patch to namespace-level
2007-01-16 20:14:28 +00:00
7ce306a7c7
- Fix selection of role
2007-01-03 19:18:27 +00:00
03d7f35c89
- autoreconf won't work with autoconf-2.61 as configure.in is not yet
...
adjusted for it
2006-11-30 13:00:48 +00:00
19a8f79ca1
- add select-context option to pam_selinux ( #213812 )
2006-11-30 09:40:03 +00:00
d589c9bdaf
- we don't need this yet
2006-11-13 21:15:30 +00:00
4f2fe36b29
- update internal db4 to 4.5.20 version
...
- move setgid before setuid in pam_keyinit (#212329 )
- make username check in pam_unix consistent with useradd (#212153 )
2006-11-13 21:05:40 +00:00
ab60a42b72
- add pam_namespace option no_unmount_on_close, required for newrole
2006-09-28 13:11:14 +00:00
355576d558
- silence pam_succeed_if in default system-auth ( #205067 )
...
- round the pam_timestamp_check sleep up to wake up at the start of the
wallclock second (#205068 )
2006-09-04 14:31:09 +00:00
10ddab4186
- upgrade to new upstream version, as there are mostly bugfixes except
...
improved documentation
- add support for session and password service for pam_access and
pam_succeed_if
- system-auth: skip session pam_unix for crond service
2006-08-31 20:51:59 +00:00
e3f2d52037
- Add new setkeycreatecon call to pam_selinux to make sure keyring has
...
correct context
2006-08-10 20:26:54 +00:00
685a1895f3
- revoke keyrings properly when pam_keyinit called as root ( #201048 )
...
- pam_succeed_if should return PAM_USER_UNKNOWN when getpwnam fails
(#197748 )
2006-08-10 13:34:26 +00:00
0b27f99e23
- revoke keyrings properly when pam_keyinit called more than once ( #201048 )
...
patch by David Howells
2006-08-02 18:08:23 +00:00
3e0c7af627
- don't log pam_keyinit debug messages by default ( #199783 )
2006-07-21 22:36:15 +00:00
f81d37360c
- drop ainit from console.handlers ( #199561 )
2006-07-21 14:26:46 +00:00
2851cbe631
- drop ainit from console.handlers ( #199561 )
2006-07-21 14:22:56 +00:00
fce253b7c0
- don't report error in pam_selinux for nonexistent tty ( #188722 )
...
- add pam_keyinit to the default system-auth file (#198623 )
2006-07-17 11:03:29 +00:00
d649923c46
bumped for rebuild
2006-07-12 07:37:04 +00:00
95ebf27f94
- the patch should be applied with -p0
2006-07-03 13:19:35 +00:00
e019bcd126
- fixed network match in pam_access (patch by Dan Yefimov)
2006-07-03 12:45:13 +00:00
4fea4c98d9
- namespace.init was missing from EXTRA_DIST
2006-06-30 10:06:09 +00:00
00eddc0974
- updated to a new upstream release
...
- added service as value to be matched and list matching to pam_succeed_if
2006-06-30 09:20:33 +00:00
85a854521e
- a typo
2006-06-08 21:18:21 +00:00
da4d7fa8c5
- added buildrequires libtool
...
- fixed a few rpmlint warnings
2006-06-08 18:44:01 +00:00
7dffd3fb2d
- updated pam_namespace with latest patch by Janak Desai
...
- merged pam_namespace patches
2006-06-08 14:27:54 +00:00
e99dd3962b
- actually don't link to libssl as it is not used ( #191915 )
2006-05-24 09:05:18 +00:00
fa8c14fa63
- use md5 implementation from pam_unix in pam_namespace
...
- pam_namespace should call setexeccon only when selinux is enabled
2006-05-18 15:50:01 +00:00
63f5c77f8b
- don't build hmactest in pam_timestamp so openssl-devel is not required
...
- add missing buildrequires (#191915 )
2006-05-16 17:06:29 +00:00
0730695ea0
- pam_console_apply shouldn't access /var when called with -r ( #191401 )
...
- actually apply the large-uid patch
2006-05-16 16:12:18 +00:00
fda1b40256
- new module pam_exec
2006-05-10 14:43:55 +00:00
fbfca3562b
- upgrade to new upstream version
...
- make pam_console_apply not dependent on glib
- support large uids in pam_tally, pam_tally2
2006-05-10 14:16:34 +00:00
5002e23046
- add namespace.init to %files
2006-05-04 11:53:08 +00:00
94d78f5a6d
- the namespace instance init script is now in /etc/security ( #190148 )
...
- pam_namespace: added missing braces (#190026 )
- pam_tally(2): never call fclose twice on the same FILE (from upstream)
2006-05-04 11:51:03 +00:00
Tomas Mraz
Karsten Hopp
Dennis Gilmore
Ville Skyttä
Jesse Keating
Jesse Keating
Jeremy Katz
Daniel J Walsh