| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: pam-userdb | Distribution: openSUSE Tumbleweed |
| Version: 1.7.0 | Vendor: openSUSE |
| Release: 1.1 | Build date: Thu Oct 24 13:57:20 2024 |
| Group: System/Libraries | Build host: reproducible |
| Size: 16022 | Source RPM: pam-full-src-1.7.0-1.1.src.rpm |
| Packager: https://bugs.opensuse.org | |
| Url: https://github.com/linux-pam/linux-pam | |
| Summary: PAM module to authenticate against a separate database | |
PAM (Pluggable Authentication Modules) is a system security tool that allows system administrators to set authentication policies without having to recompile programs that do authentication. This package contains pam_userdb which is used to verify a username/password pair against values stored in a Berkeley DB database.
GPL-2.0-or-later OR BSD-3-Clause
* Thu Oct 24 2024 Thorsten Kukuk <kukuk@suse.com>
- Update to version 1.7.0
- build: changed build system from autotools to meson.
- libpam_misc: use ECHOCTL in the terminal input
- pam_access: support UID and GID in access.conf
- pam_env: install environment file in vendordir if vendordir is enabled
- pam_issue: only count class user if logind support is enabled
- pam_limits: use systemd-logind instead of utmp if logind support is enabled
- pam_unix: compare password hashes in constant time
- Multiple minor bug fixes, build fixes, portability fixes,
documentation improvements, and translation updates.
- Drop upstream patches:
- pam-bsc1194818-cursor-escape.patch
- pam_limits-systemd.patch
- pam_issue-systemd.patch
* Thu Sep 12 2024 Thorsten Kukuk <kukuk@suse.com>
- baselibs.conf: add pam-userdb
* Tue Sep 10 2024 Thorsten Kukuk <kukuk@suse.com>
- pam_limits-systemd.patch: update to final PR
* Fri Sep 06 2024 Thorsten Kukuk <kukuk@suse.com>
- Add systemd-logind support to pam_limits (pam_limits-systemd.patch)
- Remove /usr/etc/pam.d, everything should be migrated
- Remove pam_limits from default common-sessions* files. pam_limits
is now part of pam-extra and not in our default generated config.
- pam_issue-systemd.patch: only count class user sessions
* Wed Aug 07 2024 Stanislav Brabec <sbrabec@suse.com>
- Prevent cursor escape from the login prompt [bsc#1194818]
* Added: pam-bsc1194818-cursor-escape.patch
* Wed Apr 10 2024 Thorsten Kukuk <kukuk@suse.com>
- Update to version 1.6.1
- pam_env: fixed --disable-econf --enable-vendordir support.
- pam_unix: do not warn if password aging is disabled.
- pam_unix: try to set uid to 0 before unix_chkpwd invocation.
- pam_unix: allow empty passwords with non-empty hashes.
- Multiple minor bug fixes, build fixes, portability fixes,
documentation improvements, and translation updates.
- Remove backports:
- pam_env-fix_vendordir.patch
- pam_env-fix-enable-vendordir-fallback.patch
- pam_env-remove-escaped-newlines.patch
- pam_unix-fix-password-aging-disabled.patch
* Thu Feb 22 2024 Valentin Lefebvre <valentin.lefebvre@suse.com>
- Use autosetup to prepare for RPM 4.20.
* Wed Feb 07 2024 Thorsten Kukuk <kukuk@suse.com>
- pam.tmpfiles: Make sure the content of the /run directories get
removed in case of a soft-reboot
* Tue Jan 30 2024 Thorsten Kukuk <kukuk@suse.com>
- Enable pam_canonicalize_user.so
* Fri Jan 19 2024 Thorsten Kukuk <kukuk@suse.com>
- Add post 1.6.0 release fixes for pam_env and pam_unix:
- pam_env-fix-enable-vendordir-fallback.patch
- pam_env-fix_vendordir.patch
- pam_env-remove-escaped-newlines.patch
- pam_unix-fix-password-aging-disabled.patch
- Update to version 1.6.0
- Added support of configuration files with arbitrarily long lines.
- build: fixed build outside of the source tree.
- libpam: added use of getrandom(2) as a source of randomness if available.
- libpam: fixed calculation of fail delay with very long delays.
- libpam: fixed potential infinite recursion with includes.
- libpam: implemented string to number conversions validation when parsing
controls in configuration.
- pam_access: added quiet_log option.
- pam_access: fixed truncation of very long group names.
- pam_canonicalize_user: new module to canonicalize user name.
- pam_echo: fixed file handling to prevent overflows and short reads.
- pam_env: added support of '\' character in environment variable values.
- pam_exec: allowed expose_authtok for password PAM_TYPE.
- pam_exec: fixed stack overflow with binary output of programs.
- pam_faildelay: implemented parameter ranges validation.
- pam_listfile: changed to treat \r and \n exactly the same in configuration.
- pam_mkhomedir: hardened directory creation against timing attacks.
- Please note that using *at functions leads to more open file handles
during creation.
- pam_namespace: fixed potential local DoS (CVE-2024-22365).
- pam_nologin: fixed file handling to prevent short reads.
- pam_pwhistory: helper binary is now built only if SELinux support is
enabled.
- pam_pwhistory: implemented reliable usernames handling when remembering
passwords.
- pam_shells: changed to allow shell entries with absolute paths only.
- pam_succeed_if: fixed treating empty strings as numerical value 0.
- pam_unix: added support of disabled password aging.
- pam_unix: synchronized password aging with shadow.
- pam_unix: implemented string to number conversions validation.
- pam_unix: fixed truncation of very long user names.
- pam_unix: corrected rounds retrieval for configured encryption method.
- pam_unix: implemented reliable usernames handling when remembering
passwords.
- pam_unix: changed to always run the helper to obtain shadow password
entries.
- pam_unix: unix_update helper binary is now built only if SELinux support
is enabled.
- pam_unix: added audit support to unix_update helper.
- pam_userdb: added gdbm support.
- Multiple minor bug fixes, portability fixes, documentation improvements,
and translation updates.
- The following patches are obsolete with the update:
- pam_access-doc-IPv6-link-local.patch
- pam_access-hostname-debug.patch
- pam_shells-fix-econf-memory-leak.patch
- pam_shells-fix-econf-memory-leak.patch
- disable-examples.patch
- pam-login_defs-check.sh: adjust checksum, SHA_CRYPT_MAX_ROUNDS
is no longer used.
* Wed Aug 23 2023 Thorsten Kukuk <kukuk@suse.com>
- Fix building without SELinux
* Mon Aug 07 2023 Thorsten Kukuk <kukuk@suse.com>
- pam_access backports from upstream:
- pam_access-doc-IPv6-link-local.patch:
Document only partial supported IPv6 link local addresses
- pam_access-hostname-debug.patch:
Don't print error if we cannot resolve a hostname, does not
need to be a hostname
- pam_shells-fix-econf-memory-leak.patch:
Free econf keys variable
- disable-examples.patch:
Don't build examples
* Tue May 09 2023 Thorsten Kukuk <kukuk@suse.com>
- Update to final 1.5.3 release:
- configure: added --enable-logind option to use logind instead of utmp
in pam_issue and pam_timestamp.
- pam_modutil_getlogin: changed to use getlogin() from libc instead of
parsing utmp.
- Added libeconf support to pam_env and pam_shells.
- Added vendor directory support to pam_access, pam_env, pam_group,
pam_faillock, pam_limits, pam_namespace, pam_pwhistory, pam_sepermit,
pam_shells, and pam_time.
- pam_limits: changed to not fail on missing config files.
- pam_pwhistory: added conf= option to specify config file location.
- pam_pwhistory: added file= option to specify password history file
location.
- pam_shells: added shells.d support when libeconf and vendordir are enabled.
- Deprecated pam_lastlog: this module is no longer built by default because
it uses utmp, wtmp, btmp and lastlog, but none of them are Y2038 safe,
even on 64bit architectures.
pam_lastlog will be removed in one of the next releases, consider using
pam_lastlog2 (from https://github.com/thkukuk/lastlog2) and/or
pam_wtmpdb (from https://github.com/thkukuk/wtmpdb) instead.
- Deprecated _pam_overwrite(), _pam_overwrite_n(), and _pam_drop_reply()
macros provided by _pam_macros.h; the memory override performed by these
macros can be optimized out by the compiler and therefore can no longer
be relied upon.
* Thu Apr 20 2023 Thorsten Kukuk <kukuk@suse.com>
- pam-extra: add split provide
* Wed Apr 12 2023 Thorsten Kukuk <kukuk@suse.com>
- pam-userdb: add split provide
* Tue Apr 11 2023 Thorsten Kukuk <kukuk@suse.com>
- Drop pam-xauth_ownership.patch, got fixed in sudo itself
- Drop pam-bsc1177858-dont-free-environment-string.patch, was a
fix for above patch
* Thu Apr 06 2023 Thorsten Kukuk <kukuk@suse.com>
- Use bcond selinux to disable SELinux
- Remove old pam_unix_* compat symlinks
- Move pam_userdb to own pam-userdb sub-package
- pam-extra contains now modules having extended dependencies like
libsystemd
- Update to 1.5.3.90 git snapshot
- Drop merged patches:
- pam-git.diff
- docbook5.patch
- pam_pwhistory-docu.patch
- pam_xauth_data.3.xml.patch
- Drop Linux-PAM-1.5.2.90.tar.xz as we have to rebuild all
documentation anyways and don't use the prebuild versions
- Move all devel manual pages to pam-manpages, too. Fixes the
problem that adjusted defaults not shown correct.
* Mon Mar 20 2023 Thorsten Kukuk <kukuk@suse.com>
- Add common-session-nonlogin and postlogin-* pam.d config files
for https://github.com/SUSE/pam-config/pull/16, pam_lastlog2
and upcoming pam_wtmpdb.
* Fri Mar 10 2023 Giuliano Belinassi <giuliano.belinassi@suse.com>
- Enable livepatching support on x86_64.
* Tue Jan 24 2023 Valentin Lefebvre <valentin.lefebvre@suse.com>
- Use rpm macros for pam dist conf dir (/usr/etc/security)
* Wed Jan 18 2023 Stefan Schubert <schubi@suse.com>
- Moved following files/dirs in /etc/security to vendor directory:
access.conf, limits.d, sepermit.conf, time.conf, namespace.conf,
namespace.d, namespace.init
* Sat Dec 24 2022 Dominique Leuenberger <dleuenberger@suse.com>
- Also obsolete pam_unix-32bit to have clean upgrade path.
* Fri Dec 16 2022 Thorsten Kukuk <kukuk@suse.com>
- Merge pam_unix back into pam, seperate package not needed anymore
* Thu Dec 15 2022 Thorsten Kukuk <kukuk@suse.com>
- Update pam-git.diff to current upstream
- pam_env: Use vendor specific pam_env.conf and environment as fallback
- pam_shells: Use the vendor directory
obsoletes pam_env_econf.patch
- Refresh docbook5.patch
* Tue Dec 06 2022 Thorsten Kukuk <kukuk@suse.com>
- pam_pwhistory-docu.patch, docbook5.patch: convert docu to
docbook5
* Thu Dec 01 2022 Thorsten Kukuk <kukuk@suse.com>
- pam-git.diff: update to current git
- obsoletes pam-hostnames-in-access_conf.patch
- obsoletes tst-pam_env-retval.c
- pam_env_econf.patch refresh
* Tue Nov 22 2022 Thorsten Kukuk <kukuk@suse.com>
- Move pam_env config files below /usr/etc
* Tue Oct 11 2022 Stefan Schubert <schubi@suse.com>
- pam_env: Using libeconf for reading configuration and environment
files. (Patch: pam_env_econf.patch; Testcase: tst-pam_env-retval.c)
* Fri Jun 17 2022 Thorsten Kukuk <kukuk@suse.com>
- Keep old directory in filelist for migration
* Wed Jun 01 2022 Thorsten Kukuk <kukuk@suse.com>
- Move PAM config files from /usr/etc/pam.d to /usr/lib/pam.d
* Fri Mar 11 2022 Thorsten Kukuk <kukuk@suse.com>
- pam-hostnames-in-access_conf.patch: update with upstream
submission. Fixes several bugs including memory leaks.
* Wed Feb 09 2022 Thorsten Kukuk <kukuk@suse.com>
- Move group.conf and faillock.conf to /usr/etc/security
* Mon Feb 07 2022 Thorsten Kukuk <kukuk@suse.com>
- Update to current git for enhanced vendordir support (pam-git.diff)
Obsoletes:
- 0001-Include-pam_xauth_data.3.xml-in-source-archive-400.patch
- 0002-Only-include-vendordir-in-manual-page-if-set-401.patch
- 0003-Use-vendor-specific-limits.conf-as-fallback-402.patch
* Mon Dec 13 2021 Thorsten Kukuk <kukuk@suse.com>
- Drop pam_umask-usergroups-login_defs.patch, does more harm
than helps. If not explizit specified as module option, we
use UMASK from login.defs unmodified.
* Thu Nov 25 2021 Thorsten Kukuk <kukuk@suse.com>
- Don't define doc/manpages packages in main build
* Wed Nov 24 2021 Thorsten Kukuk <kukuk@suse.com>
- Add missing recommends and split provides
* Wed Nov 24 2021 Thorsten Kukuk <kukuk@suse.com>
- Use multibuild to build docu with correct paths and available
features.
* Mon Nov 22 2021 Thorsten Kukuk <kukuk@suse.com>
- common-session: move pam_systemd to first position as if the
file would have been generated with pam-config
- Add vendordir fixes and enhancements from upstream:
- pam_xauth_data.3.xml.patch
- 0001-Include-pam_xauth_data.3.xml-in-source-archive-400.patch
- 0002-Only-include-vendordir-in-manual-page-if-set-401.patch
- 0003-Use-vendor-specific-limits.conf-as-fallback-402.patch
- For buggy bot: Makefile-pam_unix-nis.diff belonged to the other
spec file.
* Wed Nov 17 2021 Stanislav Brabec <sbrabec@suse.com>
- Update pam-login_defs-check.sh regexp and
login_defs-support-for-pam symbol to version 1.5.2
(new variable HMAC_CRYPTO_ALGO).
* Tue Nov 02 2021 Callum Farmer <gmbr3@opensuse.org>
- Add /run/pam_timestamp to pam.tmpfiles
* Tue Oct 12 2021 Josef Möllers <josef.moellers@suse.com>
- Corrected macro definition of %_pam_moduledir:
%_pam_moduledir %{_libdir}/security
[macros.pam]
* Wed Oct 06 2021 Josef Möllers <josef.moellers@suse.com>
- Prepend a slash to the expansion of %{_lib} in macros.pam as
this are defined without a leading slash!
* Wed Sep 15 2021 Thorsten Kukuk <kukuk@suse.com>
- Rename motd.tmpfiles to pam.tmpfiles
- Add /run/faillock directory
* Fri Sep 10 2021 Thorsten Kukuk <kukuk@suse.com>
- pam-login_defs-check.sh: adjust for new login.defs variable usages
* Mon Sep 06 2021 Josef Möllers <josef.moellers@suse.com>
- Update to 1.5.2
Noteworthy changes in Linux-PAM 1.5.2:
* pam_exec: implemented quiet_log option.
* pam_mkhomedir: added support of HOME_MODE and UMASK from
/etc/login.defs.
* pam_timestamp: changed hmac algorithm to call openssl instead
of the bundled sha1 implementation if selected, added option
to select the hash algorithm to use with HMAC.
* Added pkgconfig files for provided libraries.
* Added --with-systemdunitdir configure option to specify systemd
unit directory.
* Added --with-misc-conv-bufsize configure option to specify the
buffer size in libpam_misc's misc_conv() function, raised the
default value for this parameter from 512 to 4096.
* Multiple minor bug fixes, portability fixes, documentation
improvements, and translation updates.
pam_tally2 has been removed upstream, remove pam_tally2-removal.patch
pam_cracklib has been removed from the upstream sources. This
obsoletes pam-pam_cracklib-add-usersubstr.patch and
pam_cracklib-removal.patch.
The following patches have been accepted upstream and, so,
are obsolete:
- pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch
- pam_securetty-don-t-complain-about-missing-config.patch
- bsc1184358-prevent-LOCAL-from-being-resolved.patch
- revert-check_shadow_expiry.diff
[Linux-PAM-1.5.2-docs.tar.xz, Linux-PAM-1.5.2-docs.tar.xz.asc,
Linux-PAM-1.5.2.tar.xz, Linux-PAM-1.5.2.tar.xz.asc,
pam-pam_cracklib-add-usersubstr.patch, pam_cracklib-removal.patch,
pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch,
pam_securetty-don-t-complain-about-missing-config.patch,
bsc1184358-prevent-LOCAL-from-being-resolved.patch,
revert-check_shadow_expiry.diff]
* Thu Aug 12 2021 Thorsten Kukuk <kukuk@suse.com>
- pam_umask-usergroups-login_defs.patch: Deprecate pam_umask
explicit "usergroups" option and instead read it from login.def's
"USERGROUP_ENAB" option if umask is only defined there.
[bsc#1189139]
* Tue Aug 03 2021 pgajdos@suse.com
- package man5/motd.5 as a man-pages link to man8/pam_motd.8
[bsc#1188724]
* Tue Jul 13 2021 Thorsten Kukuk <kukuk@suse.com>
- revert-check_shadow_expiry.diff: revert wrong
CRYPT_SALT_METHOD_LEGACY check.
* Fri Jun 25 2021 Callum Farmer <gmbr3@opensuse.org>
- Create /run/motd.d
* Wed Jun 09 2021 Ludwig Nussel <lnussel@suse.de>
- Remove legacy pre-usrmerge compat code (removed pam-usrmerge.diff)
- Backport patch to not install /usr/etc/securetty (boo#1033626) ie
no distro defaults and don't complain about it missing
(pam_securetty-don-t-complain-about-missing-config.patch)
- add debug bcond to be able to build pam with debug output easily
- add macros file to allow other packages to stop hardcoding
directory names. Compatible with Fedora.
* Mon May 10 2021 Josef Möllers <josef.moellers@suse.com>
- In the 32-bit compatibility package for 64-bit architectures,
require "systemd-32bit" to be also installed as it contains
pam_systemd.so for 32 bit applications.
[bsc#1185562, baselibs.conf]
* Wed Apr 07 2021 Josef Möllers <josef.moellers@suse.com>
- If "LOCAL" is configured in access.conf, and a login attempt from
a remote host is made, pam_access tries to resolve "LOCAL" as
a hostname and logs a failure.
Checking explicitly for "LOCAL" and rejecting access in this case
resolves this issue.
[bsc#1184358, bsc1184358-prevent-LOCAL-from-being-resolved.patch]
* Wed Mar 31 2021 Josef Möllers <josef.moellers@suse.com>
- pam_limits: "unlimited" is not a legitimate value for "nofile"
(see setrlimit(2)). So, when "nofile" is set to one of the
"unlimited" values, it is set to the contents of
"/proc/sys/fs/nr_open" instead.
Also changed the manpage of pam_limits to express this.
[bsc#1181443, pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch]
* Thu Feb 18 2021 Thorsten Kukuk <kukuk@suse.com>
- Add missing conflicts for pam_unix-nis
* Tue Feb 16 2021 Thorsten Kukuk <kukuk@suse.com>
- Split out pam_unix module and build without NIS support
/usr/lib64/security/pam_userdb.so /usr/share/man/man8/pam_userdb.8.gz
Generated by rpm2html 1.8.1
Fabrice Bellet, Thu Nov 7 00:59:31 2024