5c721c
%define pam_redhat_version 0.99.11
5c721c
5c721c
Summary: An extensible library which provides authentication for applications
5c721c
Name: pam
5c721c
Version: 1.3.1
7c4d26
Release: 25%{?dist}
5c721c
# The library is BSD licensed with option to relicense as GPLv2+
5c721c
# - this option is redundant as the BSD license allows that anyway.
5c721c
# pam_timestamp, pam_loginuid, and pam_console modules are GPLv2+.
5c721c
License: BSD and GPLv2+
5c721c
Group: System Environment/Base
5c721c
Source0: https://github.com/linux-pam/linux-pam/releases/download/v%{version}/Linux-PAM-%{version}.tar.xz
5c721c
Source1: https://github.com/linux-pam/linux-pam/releases/download/v%{version}/Linux-PAM-%{version}.tar.xz.asc
5c721c
Source2: https://releases.pagure.org/pam-redhat/pam-redhat-%{pam_redhat_version}.tar.bz2
5c721c
Source5: other.pamd
5c721c
Source6: system-auth.pamd
5c721c
Source7: password-auth.pamd
5c721c
Source8: fingerprint-auth.pamd
5c721c
Source9: smartcard-auth.pamd
5c721c
Source10: config-util.pamd
5c721c
Source11: dlopen.sh
5c721c
Source12: system-auth.5
5c721c
Source13: config-util.5
5c721c
Source15: pamtmp.conf
5c721c
Source16: postlogin.pamd
5c721c
Source17: postlogin.5
5c721c
Source18: https://www.gnu.org/licenses/old-licenses/gpl-2.0.txt
5c721c
Patch1:  pam-1.2.0-redhat-modules.patch
5c721c
Patch4:  pam-1.1.0-console-nochmod.patch
5c721c
Patch5:  pam-1.1.0-notally.patch
5c721c
Patch7:  pam-1.2.1-faillock.patch
5c721c
Patch8:  pam-1.2.1-faillock-admin-group.patch
5c721c
Patch9:  pam-1.3.1-noflex.patch
5c721c
Patch10: pam-1.1.3-nouserenv.patch
5c721c
Patch13: pam-1.1.6-limits-user.patch
5c721c
Patch15: pam-1.1.8-full-relro.patch
5c721c
# FIPS related - non upstreamable
5c721c
Patch20: pam-1.2.0-unix-no-fallback.patch
5c721c
Patch28: pam-1.1.1-console-errmsg.patch
5c721c
# Upstreamed partially
5c721c
Patch29: pam-1.3.0-pwhistory-helper.patch
5c721c
Patch31: pam-1.1.8-audit-user-mgmt.patch
5c721c
Patch32: pam-1.2.1-console-devname.patch
5c721c
Patch33: pam-1.3.0-unix-nomsg.patch
5c721c
Patch34: pam-1.3.1-coverity.patch
5c721c
Patch35: pam-1.3.1-console-build.patch
43d219
Patch36: pam-1.3.1-faillock-update.patch
43d219
Patch37: pam-1.3.1-namespace-mntopts.patch
43d219
Patch38: pam-1.3.1-lastlog-no-showfailed.patch
43d219
Patch39: pam-1.3.1-lastlog-unlimited-fsize.patch
43d219
Patch40: pam-1.3.1-unix-improve-logging.patch
43d219
Patch41: pam-1.3.1-tty-audit-manfix.patch
43d219
Patch42: pam-1.3.1-fds-closing.patch
43d219
Patch43: pam-1.3.1-authtok-verify-fix.patch
43d219
Patch44: pam-1.3.1-motd-manpage.patch
3bbffd
# Upstreamed
3bbffd
Patch45: pam-1.3.1-pam-usertype.patch
3bbffd
# Upstreamed
3bbffd
Patch46: pam-1.3.1-audit-error.patch
3bbffd
# Upstreamed
3bbffd
Patch47: pam-1.3.1-pam-modutil-close-write.patch
9d3d10
# https://github.com/linux-pam/linux-pam/commit/6bf9b454eb971083f0cce49faa2aa1cde329ff5d
9d3d10
# https://github.com/linux-pam/linux-pam/commit/9091ea1d81e85f49a221b0325d27b22ce69e444a
9d3d10
# https://github.com/linux-pam/linux-pam/commit/a3a5cbf86083c43026b558e2023f597530626267
9d3d10
Patch48: pam-1.3.1-wheel-pam_ruser-fallback.patch
9d3d10
# https://github.com/linux-pam/linux-pam/commit/491e5500b6b3913f531574208274358a2df88659
9d3d10
Patch49: pam-1.3.1-namespace-gdm-doc.patch
650535
# https://github.com/linux-pam/linux-pam/commit/a7453aeeb398d6cbb7a709c4e2a1d75905220fff
650535
Patch50: pam-1.3.1-pam-userdb-prevent-garbage-characters-from-db.patch
d972f3
# https://github.com/linux-pam/linux-pam/commit/3234488f2c52a021eec87df1990d256314c21bff
d972f3
Patch51: pam-1.3.1-pam-limits-unlimited-value.patch
b51b82
# https://github.com/linux-pam/linux-pam/commit/a35e092e24ee7632346a0e1b4a203c04d4cd2c62
b51b82
Patch52: pam-1.3.1-pam-keyinit-thread-safe.patch
b51b82
# https://github.com/linux-pam/linux-pam/commit/f9c9c72121eada731e010ab3620762bcf63db08f
b51b82
Patch53: pam-1.3.1-pam-motd-support-multiple-motd-paths.patch
b51b82
# https://github.com/linux-pam/linux-pam/commit/8eaf5570cf011148a0b55c53570df5edaafebdb0
b51b82
Patch54: pam-1.3.1-pam-motd-fix-segmentation-fault.patch
b51b82
# https://github.com/linux-pam/linux-pam/commit/62cd745d730e5ba13d5d7092ac566fc0b2148e61
b51b82
Patch55: pam-1.3.1-pam-motd-fix-memory-leak.patch
b51b82
# Needed by the next patch. Already upstreamed
b51b82
Patch56: pam-1.3.1-pam-cc-compat.patch
b51b82
Patch57: pam-1.3.1-inline.patch
b51b82
# https://github.com/linux-pam/linux-pam/commit/9bcbe96d9e82a23d983c0618178a8dc25596ac2d
b51b82
# https://github.com/linux-pam/linux-pam/commit/fc867a9e22eac2c9a0ed0577776bba4df21c9aad
b51b82
Patch58: pam-1.3.1-faillock-load-conf-from-file.patch
b51b82
# https://github.com/linux-pam/linux-pam/commit/370064ef6f99581b08d473a42bb3417d5dda3e4e
b51b82
Patch59: pam-1.3.1-pam-usertype-SYS_UID_MAX.patch
7c4d26
# https://github.com/linux-pam/linux-pam/commit/ba2f6dd8b81ea2a58262c1709bec906b6852591d
7c4d26
# https://github.com/linux-pam/linux-pam/commit/1180bde923a22605fe8075cd1fe7992ed7513411
7c4d26
Patch60: pam-1.3.1-pam-pwhistory-load-conf-from-file.patch
7c4d26
# https://github.com/linux-pam/linux-pam/commit/d57ab22133654033ee1da89f128a81572d320985
7c4d26
# https://github.com/linux-pam/linux-pam/commit/c2c0434bd634a817f2b16ce7f58fc96c04e88b03
7c4d26
Patch61: pam-1.3.1-pam-motd-avoid-unnecessary-logging.patch
7c4d26
# https://github.com/linux-pam/linux-pam/commit/40c271164dbcebfc5304d0537a42fb42e6b6803c
7c4d26
Patch62: pam-1.5.1-pam-lastlog-check-localtime_r-return-value.patch
7c4d26
# https://github.com/linux-pam/linux-pam/commit/bcbf145ce925934214e48200c27c9ff736452549
7c4d26
Patch63: pam-1.5.1-pam-faillock-clarify-missing-user.patch
7c4d26
# https://github.com/linux-pam/linux-pam/commit/10086bc69663fa819277af244eeb5b629a2403b8
7c4d26
Patch64: pam-1.5.1-pam-faillock-avoid-logging-erroneous.patch
5c721c
5c721c
%define _pamlibdir %{_libdir}
5c721c
%define _moduledir %{_libdir}/security
5c721c
%define _secconfdir %{_sysconfdir}/security
5c721c
%define _pamconfdir %{_sysconfdir}/pam.d
5c721c
5c721c
%if %{?WITH_SELINUX:0}%{!?WITH_SELINUX:1}
5c721c
%define WITH_SELINUX 1
5c721c
%endif
5c721c
%if %{?WITH_AUDIT:0}%{!?WITH_AUDIT:1}
5c721c
%define WITH_AUDIT 1
5c721c
%endif
5c721c
%global _performance_build 1
5c721c
5c721c
Recommends: cracklib-dicts >= 2.8
5c721c
Requires: libpwquality >= 0.9.9
5c721c
Requires(post): coreutils, /sbin/ldconfig
5c721c
BuildRequires: autoconf >= 2.60
5c721c
BuildRequires: automake, libtool
5c721c
BuildRequires: bison, flex, sed
5c721c
BuildRequires: cracklib-devel
5c721c
BuildRequires: perl-interpreter, pkgconfig, gettext-devel
5c721c
BuildRequires: libtirpc-devel, libnsl2-devel
5c721c
%if %{WITH_AUDIT}
5c721c
BuildRequires: audit-libs-devel >= 1.0.8
5c721c
Requires: audit-libs >= 1.0.8
5c721c
%endif
5c721c
%if %{WITH_SELINUX}
5c721c
BuildRequires: libselinux-devel >= 1.33.2
5c721c
Requires: libselinux >= 1.33.2
5c721c
%endif
5c721c
Requires: glibc >= 2.3.90-37
5c721c
BuildRequires: libdb-devel
5c721c
# Following deps are necessary only to build the pam library documentation.
5c721c
BuildRequires: linuxdoc-tools, elinks, libxslt
5c721c
BuildRequires: docbook-style-xsl, docbook-dtds
5c721c
5c721c
URL: http://www.linux-pam.org/
5c721c
5c721c
%description
5c721c
PAM (Pluggable Authentication Modules) is a system security tool that
5c721c
allows system administrators to set authentication policy without
5c721c
having to recompile programs that handle authentication.
5c721c
5c721c
%package devel
5c721c
Group: Development/Libraries
5c721c
Summary: Files needed for developing PAM-aware applications and modules for PAM
5c721c
Requires: pam%{?_isa} = %{version}-%{release}
5c721c
5c721c
%description devel
5c721c
PAM (Pluggable Authentication Modules) is a system security tool that
5c721c
allows system administrators to set authentication policy without
5c721c
having to recompile programs that handle authentication. This package
5c721c
contains header files used for building both PAM-aware applications
5c721c
and modules for use with the PAM system.
5c721c
5c721c
%prep
5c721c
%setup -q -n Linux-PAM-%{version} -a 2
5c721c
perl -pi -e "s/ppc64-\*/ppc64-\* \| ppc64p7-\*/" build-aux/config.sub
5c721c
perl -pi -e "s/\/lib \/usr\/lib/\/lib \/usr\/lib \/lib64 \/usr\/lib64/" m4/libtool.m4
5c721c
5c721c
# Add custom modules.
5c721c
mv pam-redhat-%{pam_redhat_version}/* modules
5c721c
5c721c
cp %{SOURCE18} .
5c721c
5c721c
%patch1 -p1 -b .redhat-modules
5c721c
%patch4 -p1 -b .nochmod
5c721c
%patch5 -p1 -b .notally
5c721c
%patch7 -p1 -b .faillock
5c721c
%patch8 -p1 -b .admin-group
5c721c
%patch9 -p1 -b .noflex
5c721c
%patch10 -p1 -b .nouserenv
5c721c
%patch13 -p1 -b .limits
5c721c
%patch15 -p1 -b .relro
5c721c
%patch20 -p1 -b .no-fallback
5c721c
%patch28 -p1 -b .errmsg
5c721c
%patch29 -p1 -b .pwhhelper
5c721c
%patch31 -p1 -b .audit-user-mgmt
5c721c
%patch32 -p1 -b .devname
5c721c
%patch33 -p1 -b .nomsg
5c721c
%patch34 -p1 -b .coverity
5c721c
%patch35 -p1 -b .console-build
43d219
%patch36 -p1 -b .faillock-update
43d219
%patch37 -p1 -b .mntopts
43d219
%patch38 -p1 -b .no-showfailed
43d219
%patch39 -p1 -b .unlimited-fsize
43d219
%patch40 -p1 -b .improve-logging
43d219
%patch41 -p1 -b .tty-audit-manfix
43d219
%patch42 -p1 -b .fds-closing
43d219
%patch43 -p1 -b .authtok-verify-fix
43d219
%patch44 -p1 -b .motd-manpage
3bbffd
%patch45 -p1 -b .pam-usertype
3bbffd
%patch46 -p1 -b .audit-error
3bbffd
%patch47 -p1 -b .pam-modutil-close-write
9d3d10
%patch48 -p1 -b .wheel-pam_ruser-fallback
9d3d10
%patch49 -p1 -b .namespace-gdm-doc
650535
%patch50 -p1 -b .pam-userdb-prevent-garbage-characters-from-db
d972f3
%patch51 -p1 -b .pam-limits-unlimited-value
b51b82
%patch52 -p1 -b .pam-keyinit-thread-safe
b51b82
%patch53 -p1 -b .pam-motd-support-multiple-motd-paths
b51b82
%patch54 -p1 -b .pam-motd-fix-segmentation-fault
b51b82
%patch55 -p1 -b .pam-motd-fix-memory-leak
b51b82
%patch56 -p1 -b .pam-cc-compat
b51b82
%patch57 -p1 -b .inline
b51b82
%patch58 -p1 -b .faillock-load-conf-from-file
b51b82
%patch59 -p1 -b .pam-usertype-SYS_UID_MAX
7c4d26
%patch60 -p1 -b .pam-pwhistory-load-conf-from-file
7c4d26
%patch61 -p1 -b .pam-motd-avoid-unnecessary-logging
7c4d26
%patch62 -p1 -b .pam-lastlog-check-localtime_r-return-value
7c4d26
%patch63 -p1 -b .pam-faillock-clarify-missing-user
7c4d26
%patch64 -p1 -b .pam-faillock-avoid-logging-erroneous
d972f3
5c721c
autoreconf -i
5c721c
5c721c
%build
5c721c
%configure \
5c721c
	--disable-rpath \
5c721c
	--libdir=%{_pamlibdir} \
5c721c
	--includedir=%{_includedir}/security \
5c721c
%if ! %{WITH_SELINUX}
5c721c
	--disable-selinux \
5c721c
%endif
5c721c
%if ! %{WITH_AUDIT}
5c721c
	--disable-audit \
5c721c
%endif
5c721c
	--disable-static \
5c721c
	--disable-prelude
5c721c
make -C po update-gmo
5c721c
make
5c721c
# we do not use _smp_mflags because the build of sources in yacc/flex fails
5c721c
5c721c
%install
5c721c
mkdir -p doc/txts
5c721c
for readme in modules/pam_*/README ; do
5c721c
	cp -f ${readme} doc/txts/README.`dirname ${readme} | sed -e 's|^modules/||'`
5c721c
done
5c721c
43d219
rm -rf doc/txts/README.pam_tally*
43d219
rm -rf doc/sag/html/*pam_tally*
43d219
5c721c
# Install the binaries, libraries, and modules.
5c721c
make install DESTDIR=$RPM_BUILD_ROOT LDCONFIG=:
5c721c
5c721c
%if %{WITH_SELINUX}
5c721c
# Temporary compat link
5c721c
ln -sf pam_sepermit.so $RPM_BUILD_ROOT%{_moduledir}/pam_selinux_permit.so
5c721c
%endif
5c721c
5c721c
# RPM uses docs from source tree
5c721c
rm -rf $RPM_BUILD_ROOT%{_datadir}/doc/Linux-PAM
5c721c
# Included in setup package
5c721c
rm -f $RPM_BUILD_ROOT%{_sysconfdir}/environment
5c721c
5c721c
# Install default configuration files.
5c721c
install -d -m 755 $RPM_BUILD_ROOT%{_pamconfdir}
5c721c
install -m 644 %{SOURCE5} $RPM_BUILD_ROOT%{_pamconfdir}/other
5c721c
install -m 644 %{SOURCE6} $RPM_BUILD_ROOT%{_pamconfdir}/system-auth
5c721c
install -m 644 %{SOURCE7} $RPM_BUILD_ROOT%{_pamconfdir}/password-auth
5c721c
install -m 644 %{SOURCE8} $RPM_BUILD_ROOT%{_pamconfdir}/fingerprint-auth
5c721c
install -m 644 %{SOURCE9} $RPM_BUILD_ROOT%{_pamconfdir}/smartcard-auth
5c721c
install -m 644 %{SOURCE10} $RPM_BUILD_ROOT%{_pamconfdir}/config-util
5c721c
install -m 644 %{SOURCE16} $RPM_BUILD_ROOT%{_pamconfdir}/postlogin
5c721c
install -m 600 /dev/null $RPM_BUILD_ROOT%{_secconfdir}/opasswd
5c721c
install -d -m 755 $RPM_BUILD_ROOT/var/log
5c721c
install -d -m 755 $RPM_BUILD_ROOT/var/run/faillock
b51b82
install -d -m 755 $RPM_BUILD_ROOT%{_sysconfdir}/motd.d
b51b82
install -d -m 755 $RPM_BUILD_ROOT/usr/lib/motd.d
b51b82
install -d -m 755 $RPM_BUILD_ROOT/run/motd.d 
5c721c
5c721c
# Install man pages.
5c721c
install -m 644 %{SOURCE12} %{SOURCE13} %{SOURCE17} $RPM_BUILD_ROOT%{_mandir}/man5/
5c721c
ln -sf system-auth.5 $RPM_BUILD_ROOT%{_mandir}/man5/password-auth.5
5c721c
ln -sf system-auth.5 $RPM_BUILD_ROOT%{_mandir}/man5/fingerprint-auth.5
5c721c
ln -sf system-auth.5 $RPM_BUILD_ROOT%{_mandir}/man5/smartcard-auth.5
5c721c
5c721c
5c721c
for phase in auth acct passwd session ; do
5c721c
	ln -sf pam_unix.so $RPM_BUILD_ROOT%{_moduledir}/pam_unix_${phase}.so 
5c721c
done
5c721c
5c721c
# Remove .la files and make new .so links -- this depends on the value
5c721c
# of _libdir not changing, and *not* being /usr/lib.
5c721c
for lib in libpam libpamc libpam_misc ; do
5c721c
rm -f $RPM_BUILD_ROOT%{_pamlibdir}/${lib}.la
5c721c
done
5c721c
rm -f $RPM_BUILD_ROOT%{_moduledir}/*.la
5c721c
5c721c
%if "%{_pamlibdir}" != "%{_libdir}"
5c721c
install -d -m 755 $RPM_BUILD_ROOT%{_libdir}
5c721c
for lib in libpam libpamc libpam_misc ; do
5c721c
pushd $RPM_BUILD_ROOT%{_libdir}
5c721c
ln -sf %{_pamlibdir}/${lib}.so.*.* ${lib}.so
5c721c
popd
5c721c
rm -f $RPM_BUILD_ROOT%{_pamlibdir}/${lib}.so
5c721c
done
5c721c
%endif
5c721c
5c721c
# Duplicate doc file sets.
5c721c
rm -fr $RPM_BUILD_ROOT/usr/share/doc/pam
5c721c
5c721c
# Install the file for autocreation of /var/run subdirectories on boot
5c721c
install -m644 -D %{SOURCE15} $RPM_BUILD_ROOT%{_prefix}/lib/tmpfiles.d/pam.conf
5c721c
5c721c
%find_lang Linux-PAM
5c721c
5c721c
%check
5c721c
# Make sure every module subdirectory gave us a module.  Yes, this is hackish.
5c721c
for dir in modules/pam_* ; do
5c721c
if [ -d ${dir} ] ; then
5c721c
%if ! %{WITH_SELINUX}
5c721c
	[ ${dir} = "modules/pam_selinux" ] && continue
5c721c
	[ ${dir} = "modules/pam_sepermit" ] && continue
5c721c
%endif
5c721c
%if ! %{WITH_AUDIT}
5c721c
	[ ${dir} = "modules/pam_tty_audit" ] && continue
5c721c
%endif
5c721c
	[ ${dir} = "modules/pam_tally" ] && continue
5c721c
	[ ${dir} = "modules/pam_tally2" ] && continue
5c721c
	if ! ls -1 $RPM_BUILD_ROOT%{_moduledir}/`basename ${dir}`*.so ; then
5c721c
		echo ERROR `basename ${dir}` did not build a module.
5c721c
		exit 1
5c721c
	fi
5c721c
fi
5c721c
done
5c721c
5c721c
# Check for module problems.  Specifically, check that every module we just
5c721c
# installed can actually be loaded by a minimal PAM-aware application.
5c721c
/sbin/ldconfig -n $RPM_BUILD_ROOT%{_pamlibdir}
5c721c
for module in $RPM_BUILD_ROOT%{_moduledir}/pam*.so ; do
5c721c
	if ! env LD_LIBRARY_PATH=$RPM_BUILD_ROOT%{_pamlibdir} \
5c721c
		 %{SOURCE11} -ldl -lpam -L$RPM_BUILD_ROOT%{_libdir} ${module} ; then
5c721c
		echo ERROR module: ${module} cannot be loaded.
5c721c
		exit 1
5c721c
	fi
5c721c
done
5c721c
5c721c
%post -p /sbin/ldconfig
5c721c
5c721c
%postun -p /sbin/ldconfig
5c721c
5c721c
%files -f Linux-PAM.lang
5c721c
%dir %{_pamconfdir}
5c721c
%config(noreplace) %{_pamconfdir}/other
5c721c
%config(noreplace) %{_pamconfdir}/system-auth
5c721c
%config(noreplace) %{_pamconfdir}/password-auth
5c721c
%config(noreplace) %{_pamconfdir}/fingerprint-auth
5c721c
%config(noreplace) %{_pamconfdir}/smartcard-auth
5c721c
%config(noreplace) %{_pamconfdir}/config-util
5c721c
%config(noreplace) %{_pamconfdir}/postlogin
5c721c
%{!?_licensedir:%global license %%doc}
5c721c
%license Copyright
5c721c
%license gpl-2.0.txt
5c721c
%doc doc/txts
5c721c
%doc doc/sag/*.txt doc/sag/html
5c721c
%{_pamlibdir}/libpam.so.*
5c721c
%{_pamlibdir}/libpamc.so.*
5c721c
%{_pamlibdir}/libpam_misc.so.*
5c721c
%{_sbindir}/pam_console_apply
5c721c
%{_sbindir}/faillock
5c721c
%attr(4755,root,root) %{_sbindir}/pam_timestamp_check
5c721c
%attr(4755,root,root) %{_sbindir}/unix_chkpwd
5c721c
%attr(0700,root,root) %{_sbindir}/unix_update
5c721c
%attr(0755,root,root) %{_sbindir}/mkhomedir_helper
5c721c
%attr(0755,root,root) %{_sbindir}/pwhistory_helper
5c721c
%dir %{_moduledir}
5c721c
%{_moduledir}/pam_access.so
5c721c
%{_moduledir}/pam_chroot.so
5c721c
%{_moduledir}/pam_console.so
5c721c
%{_moduledir}/pam_cracklib.so
5c721c
%{_moduledir}/pam_debug.so
5c721c
%{_moduledir}/pam_deny.so
5c721c
%{_moduledir}/pam_echo.so
5c721c
%{_moduledir}/pam_env.so
5c721c
%{_moduledir}/pam_exec.so
5c721c
%{_moduledir}/pam_faildelay.so
5c721c
%{_moduledir}/pam_faillock.so
5c721c
%{_moduledir}/pam_filter.so
5c721c
%{_moduledir}/pam_ftp.so
5c721c
%{_moduledir}/pam_group.so
5c721c
%{_moduledir}/pam_issue.so
5c721c
%{_moduledir}/pam_keyinit.so
5c721c
%{_moduledir}/pam_lastlog.so
5c721c
%{_moduledir}/pam_limits.so
5c721c
%{_moduledir}/pam_listfile.so
5c721c
%{_moduledir}/pam_localuser.so
5c721c
%{_moduledir}/pam_loginuid.so
5c721c
%{_moduledir}/pam_mail.so
5c721c
%{_moduledir}/pam_mkhomedir.so
5c721c
%{_moduledir}/pam_motd.so
5c721c
%{_moduledir}/pam_namespace.so
5c721c
%{_moduledir}/pam_nologin.so
5c721c
%{_moduledir}/pam_permit.so
5c721c
%{_moduledir}/pam_postgresok.so
5c721c
%{_moduledir}/pam_pwhistory.so
5c721c
%{_moduledir}/pam_rhosts.so
5c721c
%{_moduledir}/pam_rootok.so
5c721c
%if %{WITH_SELINUX}
5c721c
%{_moduledir}/pam_selinux.so
5c721c
%{_moduledir}/pam_selinux_permit.so
5c721c
%{_moduledir}/pam_sepermit.so
5c721c
%endif
5c721c
%{_moduledir}/pam_securetty.so
5c721c
%{_moduledir}/pam_shells.so
5c721c
%{_moduledir}/pam_stress.so
5c721c
%{_moduledir}/pam_succeed_if.so
5c721c
%{_moduledir}/pam_time.so
5c721c
%{_moduledir}/pam_timestamp.so
5c721c
%if %{WITH_AUDIT}
5c721c
%{_moduledir}/pam_tty_audit.so
5c721c
%endif
5c721c
%{_moduledir}/pam_umask.so
5c721c
%{_moduledir}/pam_unix.so
5c721c
%{_moduledir}/pam_unix_acct.so
5c721c
%{_moduledir}/pam_unix_auth.so
5c721c
%{_moduledir}/pam_unix_passwd.so
5c721c
%{_moduledir}/pam_unix_session.so
5c721c
%{_moduledir}/pam_userdb.so
3bbffd
%{_moduledir}/pam_usertype.so
5c721c
%{_moduledir}/pam_warn.so
5c721c
%{_moduledir}/pam_wheel.so
5c721c
%{_moduledir}/pam_xauth.so
5c721c
%{_moduledir}/pam_filter
5c721c
%dir %{_secconfdir}
5c721c
%config(noreplace) %{_secconfdir}/access.conf
5c721c
%config(noreplace) %{_secconfdir}/chroot.conf
5c721c
%config %{_secconfdir}/console.perms
5c721c
%config(noreplace) %{_secconfdir}/console.handlers
43d219
%config(noreplace) %{_secconfdir}/faillock.conf
5c721c
%config(noreplace) %{_secconfdir}/group.conf
5c721c
%config(noreplace) %{_secconfdir}/limits.conf
5c721c
%dir %{_secconfdir}/limits.d
5c721c
%config(noreplace) %{_secconfdir}/namespace.conf
5c721c
%dir %{_secconfdir}/namespace.d
5c721c
%attr(755,root,root) %config(noreplace) %{_secconfdir}/namespace.init
5c721c
%config(noreplace) %{_secconfdir}/pam_env.conf
7c4d26
%config(noreplace) %{_secconfdir}/pwhistory.conf
5c721c
%config(noreplace) %{_secconfdir}/time.conf
5c721c
%config(noreplace) %{_secconfdir}/opasswd
5c721c
%dir %{_secconfdir}/console.apps
5c721c
%dir %{_secconfdir}/console.perms.d
5c721c
%dir /var/run/console
5c721c
%if %{WITH_SELINUX}
5c721c
%config(noreplace) %{_secconfdir}/sepermit.conf
5c721c
%dir /var/run/sepermit
5c721c
%endif
5c721c
%dir /var/run/faillock
b51b82
%dir %{_sysconfdir}/motd.d
b51b82
%dir /run/motd.d
b51b82
%dir /usr/lib/motd.d 
5c721c
%{_prefix}/lib/tmpfiles.d/pam.conf
5c721c
%{_mandir}/man5/*
5c721c
%{_mandir}/man8/*
5c721c
5c721c
%files devel
5c721c
%{_includedir}/security
5c721c
%{_mandir}/man3/*
5c721c
%{_libdir}/libpam.so
5c721c
%{_libdir}/libpamc.so
5c721c
%{_libdir}/libpam_misc.so
5c721c
%doc doc/mwg/*.txt doc/mwg/html
5c721c
%doc doc/adg/*.txt doc/adg/html
5c721c
%doc doc/specs/rfc86.0.txt
5c721c
5c721c
%changelog
7c4d26
* Tue Nov 29 2022 Iker Pedrosa <ipedrosa@redhat.com> - 1.3.1-25
7c4d26
- pam_motd: avoid unnecessary logging. Resolves: #2091062
7c4d26
- pam_lastlog: check localtime_r() return value. Resolves: #2012871
7c4d26
- pam_faillock: clarify missing user faillock files after reboot. Resolves: #2062512
7c4d26
- pam_faillock: avoid logging an erroneous consecutive login failure message. Resolves: #2082442
7c4d26
7c4d26
* Thu Sep 29 2022 Iker Pedrosa <ipedrosa@redhat.com> - 1.3.1-24
7c4d26
- pam_pwhistory: load configuration from file. Resolves: #2068461
7c4d26
b51b82
* Wed Jul 13 2022 Iker Pedrosa <ipedrosa@redhat.com> - 1.3.1-22
b51b82
- Regenerate the /run/motd.d at each boot. Resolves: #2104878
b51b82
b51b82
* Thu Jun 23 2022 Iker Pedrosa <ipedrosa@redhat.com> - 1.3.1-21
b51b82
- pam_usertype: only use SYS_UID_MAX for system users. Resolves: #1949137
b51b82
b51b82
* Thu May 26 2022 Iker Pedrosa <ipedrosa@redhat.com> - 1.3.1-20
b51b82
- faillock: load configuration from file. Resolves: #1978029
b51b82
b51b82
* Mon May 23 2022 Iker Pedrosa <ipedrosa@redhat.com> - 1.3.1-19
b51b82
- Add the motd.d directories (empty) to silence warnings and to
b51b82
  provide proper ownership for them. Resolves: #2014458
b51b82
b51b82
* Thu May 19 2022 Iker Pedrosa <ipedrosa@redhat.com> - 1.3.1-18
b51b82
- pam_motd: fix memory leak. Resolves: #2014458
b51b82
b51b82
* Tue May 17 2022 Iker Pedrosa <ipedrosa@redhat.com> - 1.3.1-17
b51b82
- pam_keyinit: thread-safe implementation. Resolves: #1997969
b51b82
- pam_motd: support multiple motd paths specified, with filename overrides. Resolves: #2014458
b51b82
d972f3
* Fri Jan 28 2022 Iker Pedrosa <ipedrosa@redhat.com> - 1.3.1-16
d972f3
- pam_limits: "Unlimited" is not a valid value for RLIMIT_NOFILE. Resolves: #2047655
d972f3
650535
* Mon May  3 2021 Iker Pedrosa <ipedrosa@redhat.com> 1.3.1-15
650535
- pam_userdb: Prevent garbage characters from db (#1791965)
650535
9d3d10
* Thu Nov  5 2020 Iker Pedrosa <ipedrosa@redhat.com> 1.3.1-14
9d3d10
- Revert 1.3.1-12
9d3d10
9d3d10
* Fri Oct 30 2020 Iker Pedrosa <ipedrosa@redhat.com> 1.3.1-13
9d3d10
- pam_wheel: if getlogin fails fallback to PAM_RUSER: fixed malformed patch (#1866866)
9d3d10
- pam_namespace: polyinstantiation refer to gdm doc (#1861841)
9d3d10
9d3d10
* Thu Jul 16 2020 Peter Robinson <pbrobinson@redhat.com> - 1.3.1-12
9d3d10
- Add the motd.d directories (empty) to silence warnings and to
9d3d10
  provide proper ownership for them (#1847501)
9d3d10
3bbffd
* Fri May 15 2020 Iker Pedrosa <ipedrosa@redhat.com> 1.3.1-11
3bbffd
- pam_usertype: fixed malformed patch
3bbffd
3bbffd
* Tue Apr 21 2020 Iker Pedrosa <ipedrosa@redhat.com> 1.3.1-10
3bbffd
- pam_modutil_sanitize_helper_fds: fix SIGPIPE effect of PAM_MODUTIL_PIPE_FD (#1791970)
3bbffd
3bbffd
* Fri Apr 17 2020 Iker Pedrosa <ipedrosa@redhat.com> 1.3.1-9
3bbffd
- pam_usertype: new module to tell if uid is in login.defs ranges (#1810474)
3bbffd
- pam_tty_audit: if kernel audit is disabled return PAM_IGNORE (#1775357)
3bbffd
43d219
* Thu Dec 19 2019 Tomáš Mráz <tmraz@redhat.com> 1.3.1-8
43d219
- pam_motd: Document how to properly silence unwanted motd messages
43d219
43d219
* Mon Dec 16 2019 Tomáš Mráz <tmraz@redhat.com> 1.3.1-6
43d219
- pam_faillock: Fix regression in admin_group support
43d219
43d219
* Wed Oct 16 2019 Tomáš Mráz <tmraz@redhat.com> 1.3.1-5
43d219
- pam_faillock: Support configuration file /etc/security/faillock.conf
43d219
- pam_faillock: Support local_users_only option
43d219
- pam_namespace: Support noexec, nosuid and nodev flags for tmpfs mounts
43d219
- Drop tallylog and pam_tally[2] documentation
43d219
- pam_lastlog: Do not display failed attempts with PAM_SILENT flag
43d219
- pam_lastlog: Support unlimited option to override fsize limit
43d219
- pam_unix: Log if user authenticated without password
43d219
- pam_tty_audit: Improve manual page
43d219
- Optimize closing fds when spawning helpers
43d219
- Fix duplicate password verification in pam_authtok_verify()
43d219
5c721c
* Fri Dec  7 2018 Tomáš Mráz <tmraz@redhat.com> 1.3.1-4
5c721c
- Drop pam_tally2 which was obsoleted and deprecated long time ago
5c721c
5c721c
* Mon Sep 10 2018 Tomáš Mráz <tmraz@redhat.com> 1.3.1-3
5c721c
- add pam_umask to postlogin PAM configuration file
5c721c
- fix some issues found by Coverity scan
5c721c
5c721c
* Fri Jun  8 2018 Tomáš Mráz <tmraz@redhat.com> 1.3.1-1
5c721c
- use /run instead of /var/run in pamtmp.conf (#1588612)
5c721c
5c721c
* Fri May 18 2018 Tomáš Mráz <tmraz@redhat.com> 1.3.1-1
5c721c
- new upstream release 1.3.1 with multiple improvements
5c721c
5c721c
* Thu Feb 08 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.0-10
5c721c
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
5c721c
5c721c
* Tue Jan 30 2018 Tomáš Mráz <tmraz@redhat.com> 1.3.0-9
5c721c
- and the NIS support now also requires libnsl2
5c721c
5c721c
* Sat Jan 20 2018 Björn Esser <besser82@fedoraproject.org> - 1.3.0-8
5c721c
- Rebuilt for switch to libxcrypt
5c721c
5c721c
* Thu Jan 11 2018 Tomáš Mráz <tmraz@redhat.com> 1.3.0-7
5c721c
- the NIS support now requires libtirpc
5c721c
5c721c
* Mon Aug 21 2017 Tomáš Mráz <tmraz@redhat.com> 1.3.0-6
5c721c
- add admin_group option to pam_faillock (#1285550)
5c721c
5c721c
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.0-5
5c721c
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
5c721c
5c721c
* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.0-4
5c721c
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
5c721c
5c721c
* Thu Apr 20 2017 Tomáš Mráz <tmraz@redhat.com> 1.3.0-3
5c721c
- drop superfluous 'Changing password' message from pam_unix (#658289)
5c721c
5c721c
* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.0-2
5c721c
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
5c721c
5c721c
* Fri May  6 2016 Tomáš Mráz <tmraz@redhat.com> 1.3.0-1
5c721c
- new upstream release with multiple improvements
5c721c
5c721c
* Mon Apr 11 2016 Tomáš Mráz <tmraz@redhat.com> 1.2.1-8
5c721c
- make cracklib-dicts dependency weak (#1323172)
5c721c
5c721c
* Wed Apr  6 2016 Tomáš Mráz <tmraz@redhat.com> 1.2.1-7
5c721c
- do not drop PAM_OLDAUTHTOK if mismatched - can be used by further modules
5c721c
5c721c
* Mon Apr  4 2016 Tomáš Mráz <tmraz@redhat.com> 1.2.1-6
5c721c
- pam_unix: use pam_get_authtok() and improve prompting
5c721c
5c721c
* Fri Feb  5 2016 Tomáš Mráz <tmraz@redhat.com> 1.2.1-5
5c721c
- fix console device name in console.handlers (#1270224)
5c721c
5c721c
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.1-4
5c721c
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
5c721c
5c721c
* Fri Oct 16 2015 Tomáš Mráz <tmraz@redhat.com> 1.2.1-3
5c721c
- pam_faillock: add possibility to set unlock_time to never
5c721c
5c721c
* Wed Aug 12 2015 Tomáš Mráz <tmraz@redhat.com> 1.2.1-2
5c721c
- drop the nproc limit setting, it is causing more harm than it solves
5c721c
5c721c
* Fri Jun 26 2015 Tomáš Mráz <tmraz@redhat.com> 1.2.1-1
5c721c
- new upstream release fixing security issue with unlimited password length
5c721c
5c721c
* Thu Jun 18 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.2.0-2
5c721c
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
5c721c
5c721c
* Fri May 15 2015 Tomáš Mráz <tmraz@redhat.com> 1.2.0-1
5c721c
- new upstream release with multiple minor improvements
5c721c
5c721c
* Fri Oct 17 2014 Tomáš Mráz <tmraz@redhat.com> 1.1.8-18
5c721c
- use USER_MGMT type for auditing in the pam_tally2 and faillock
5c721c
  apps (#1151576)
5c721c
5c721c
* Thu Sep 11 2014 Tomáš Mráz <tmraz@redhat.com> 1.1.8-17
5c721c
- update the audit-grantor patch with the upstream changes
5c721c
- pam_userdb: correct the example in man page (#1078784)
5c721c
- pam_limits: check whether the utmp login entry is valid (#1080023)
5c721c
- pam_console_apply: do not print error if console.perms.d is empty
5c721c
- pam_limits: nofile refers to open file descriptors (#1111220)
5c721c
- apply PIE and full RELRO to all binaries built
5c721c
5c721c
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.1.8-16
5c721c
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
5c721c
5c721c
* Wed Aug 13 2014 Tomáš Mráz <tmraz@redhat.com> 1.1.8-15
5c721c
- audit the module names that granted access
5c721c
- pam_faillock: update to latest version
5c721c
5c721c
* Wed Jul 30 2014 Tom Callaway <spot@fedoraproject.org> - 1.1.8-14
5c721c
- fix license handling
5c721c
5c721c
* Wed Jul 16 2014 Tomáš Mráz <tmraz@redhat.com> 1.1.8-13
5c721c
- be tolerant to corrupted opasswd file
5c721c
5c721c
* Fri Jun 06 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.1.8-12
5c721c
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
5c721c
5c721c
* Thu May 22 2014 Tomáš Mráz <tmraz@redhat.com> 1.1.8-11
5c721c
- pam_loginuid: make it return PAM_IGNORE in containers
5c721c
5c721c
* Mon Mar 31 2014 Tomáš Mráz <tmraz@redhat.com> 1.1.8-10
5c721c
- fix CVE-2014-2583: potential path traversal issue in pam_timestamp
5c721c
5c721c
* Wed Mar 26 2014 Tomáš Mráz <tmraz@redhat.com> 1.1.8-9
5c721c
- pam_pwhistory: call the helper if SELinux enabled
5c721c
5c721c
* Tue Mar 11 2014 Tomáš Mráz <tmraz@redhat.com> 1.1.8-8
5c721c
- fix CVE-2013-7041: use case sensitive comparison in pam_userdb
5c721c
5c721c
* Mon Mar 10 2014 Tomáš Mráz <tmraz@redhat.com> 1.1.8-7
5c721c
- rename the 90-nproc.conf to 20-nproc.conf (#1071618)
5c721c
- canonicalize user name in pam_selinux (#1071010)
5c721c
- refresh the pam-redhat tarball
5c721c
5c721c
* Mon Dec 16 2013 Tomáš Mráz <tmraz@redhat.com> 1.1.8-4
5c721c
- raise the default soft nproc limit to 4096
5c721c
5c721c
* Mon Dec  2 2013 Tomáš Mráz <tmraz@redhat.com> 1.1.8-3
5c721c
- updated translations
5c721c
5c721c
* Mon Oct 21 2013 Tomáš Mráz <tmraz@redhat.com> 1.1.8-2
5c721c
- update lastlog with pam_lastlog also for su (#1021108)
5c721c
5c721c
* Mon Oct 14 2013 Tomáš Mráz <tmraz@redhat.com> 1.1.8-1
5c721c
- new upstream release
5c721c
- pam_tty_audit: allow the module to work with old kernels
5c721c
5c721c
* Fri Oct  4 2013 Tomáš Mráz <tmraz@redhat.com> 1.1.7-3
5c721c
- pam_tty_audit: proper initialization of the tty_audit_status struct
5c721c
5c721c
* Mon Sep 30 2013 Tomáš Mráz <tmraz@redhat.com> 1.1.7-2
5c721c
- add "local_users_only" to pam_pwquality in default configuration
5c721c
5c721c
* Fri Sep 13 2013 Tomáš Mráz <tmraz@redhat.com> 1.1.7-1
5c721c
- new upstream release
5c721c
5c721c
* Wed Aug  7 2013 Tomáš Mráz <tmraz@redhat.com> 1.1.6-14
5c721c
- use links instead of w3m to create txt documentation
5c721c
- recognize login session in pam_sepermit to prevent gdm from locking (#969174)
5c721c
- add support for disabling password logging in pam_tty_audit
5c721c
5c721c
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.1.6-13
5c721c
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
5c721c
5c721c
* Thu Jul 11 2013 Tomáš Mráz <tmraz@redhat.com> 1.1.6-12
5c721c
- add auditing of SELinux policy violation in pam_rootok (#965723)
5c721c
- add SELinux helper to pam_pwhistory
5c721c
5c721c
* Tue May  7 2013 Tomáš Mráz <tmraz@redhat.com> 1.1.6-11
5c721c
- the default isadir is more correct
5c721c
5c721c
* Wed Apr 24 2013 Tomáš Mráz <tmraz@redhat.com> 1.1.6-10
5c721c
- pam_unix: do not fail with bad ld.so.preload
5c721c
5c721c
* Fri Mar 22 2013 Tomáš Mráz <tmraz@redhat.com> 1.1.6-9
5c721c
- do not fail if btmp file is corrupted (#906852)
5c721c
- fix strict aliasing warnings in build
5c721c
- UsrMove
5c721c
- use authtok_type with pam_pwquality in system-auth
5c721c
- remove manual_context handling from pam_selinux (#876976)
5c721c
- other minor specfile cleanups
5c721c
5c721c
* Tue Mar 19 2013 Tomáš Mráz <tmraz@redhat.com> 1.1.6-8
5c721c
- check NULL return from crypt() calls (#915316)
5c721c
5c721c
* Thu Mar 14 2013 Tomáš Mráz <tmraz@redhat.com> 1.1.6-7
5c721c
- add workaround for low nproc limit for confined root user (#432903)
5c721c
5c721c
* Thu Feb 21 2013 Karsten Hopp <karsten@redhat.com> 1.1.6-6
5c721c
- add support for ppc64p7 arch (Power7 optimized)
5c721c
5c721c
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.1.6-5
5c721c
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
5c721c
5c721c
* Tue Jan 22 2013 Tomas Mraz <tmraz@redhat.com> 1.1.6-4
5c721c
- fix build with current autotools
5c721c
5c721c
* Mon Oct 15 2012 Tomas Mraz <tmraz@redhat.com> 1.1.6-3
5c721c
- add support for tmpfs mount options in pam_namespace
5c721c
5c721c
* Mon Sep  3 2012 Tomas Mraz <tmraz@redhat.com> 1.1.6-2
5c721c
- link setuid binaries with full relro (#853158)
5c721c
- add rhost and tty to auditing data in modules (#677664)
5c721c
5c721c
* Fri Aug 17 2012 Tomas Mraz <tmraz@redhat.com> - 1.1.6-1
5c721c
- new upstream release
5c721c
5c721c
* Thu Aug  9 2012 Tomas Mraz <tmraz@redhat.com> - 1.1.5-9
5c721c
- make the pam_lastlog module in postlogin 'optional' (#846843)
5c721c
5c721c
* Mon Aug  6 2012 Tomas Mraz <tmraz@redhat.com> - 1.1.5-8
5c721c
- fix build failure in pam_unix
5c721c
- add display of previous bad login attempts to postlogin.pamd
5c721c
- put the tmpfiles.d config to /usr/lib and rename it to pam.conf
5c721c
- build against libdb-5
5c721c
5c721c
* Wed May  9 2012 Tomas Mraz <tmraz@redhat.com> 1.1.5-7
5c721c
- add inactive account lock out functionality to pam_lastlog
5c721c
- fix pam_unix remember user name matching
5c721c
- add gecoscheck and maxclassrepeat functionality to pam_cracklib
5c721c
- correctly check for crypt() returning NULL in pam_unix
5c721c
- pam_unix - do not fallback to MD5 on password change
5c721c
  if requested algorithm not supported by crypt() (#818741)
5c721c
- install empty directories
5c721c
5c721c
* Wed May  9 2012 Tomas Mraz <tmraz@redhat.com> 1.1.5-6
5c721c
- add pam_systemd to session modules
5c721c
5c721c
* Tue Jan 31 2012 Tomas Mraz <tmraz@redhat.com> 1.1.5-5
5c721c
- fix pam_namespace leaking the protect mounts to parent namespace (#755216)
5c721c
5c721c
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.1.5-4
5c721c
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
5c721c
5c721c
* Wed Dec 21 2011 Tomas Mraz <tmraz@redhat.com> 1.1.5-3
5c721c
- add a note to limits.conf (#754285)
5c721c
5c721c
* Thu Nov 24 2011 Tomas Mraz <tmraz@redhat.com> 1.1.5-2
5c721c
- use pam_pwquality instead of pam_cracklib
5c721c
5c721c
* Thu Nov 24 2011 Tomas Mraz <tmraz@redhat.com> 1.1.5-1
5c721c
- upgrade to new upstream release
5c721c
5c721c
* Thu Aug 25 2011 Tomas Mraz <tmraz@redhat.com> 1.1.4-4
5c721c
- fix dereference in pam_env
5c721c
- fix wrong parse of user@host pattern in pam_access (#732081)
5c721c
5c721c
* Sat Jul 23 2011 Ville Skyttä <ville.skytta@iki.fi> - 1.1.4-3
5c721c
- Rebuild to fix trailing slashes in provided dirs added by rpm 4.9.1.
5c721c
5c721c
* Fri Jul 15 2011 Tomas Mraz <tmraz@redhat.com> 1.1.4-2
5c721c
- clear supplementary groups in pam_console handler execution
5c721c
5c721c
* Mon Jun 27 2011 Tomas Mraz <tmraz@redhat.com> 1.1.4-1
5c721c
- upgrade to new upstream release
5c721c
5c721c
* Tue Jun  7 2011 Tomas Mraz <tmraz@redhat.com> 1.1.3-10
5c721c
- detect the shared / and make the polydir mounts private based on that
5c721c
- fix memory leak and other small errors in pam_namespace
5c721c
5c721c
* Thu Jun  2 2011 Tomas Mraz <tmraz@redhat.com> 1.1.3-9
5c721c
- add support for explicit marking of the polydir mount private (#623522)
5c721c
5c721c
* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.1.3-8
5c721c
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
5c721c
5c721c
* Wed Dec 22 2010 Tomas Mraz <tmraz@redhat.com> 1.1.3-7
5c721c
- add postlogin common PAM configuration file (#665059)
5c721c
5c721c
* Tue Dec 14 2010 Tomas Mraz <tmraz@redhat.com> 1.1.3-6
5c721c
- include patches recently submitted and applied to upstream CVS
5c721c
5c721c
* Thu Nov 25 2010 Tomas Mraz <tmraz@redhat.com> 1.1.3-5
5c721c
- add config for autocreation of subdirectories in /var/run (#656655)
5c721c
- automatically enable kernel console in pam_securetty
5c721c
5c721c
* Wed Nov 10 2010 Tomas Mraz <tmraz@redhat.com> 1.1.3-4
5c721c
- fix memory leak in pam_faillock
5c721c
5c721c
* Wed Nov 10 2010 Tomas Mraz <tmraz@redhat.com> 1.1.3-3
5c721c
- fix segfault in faillock utility
5c721c
- remove some cases where the information of existence of
5c721c
  an user account could be leaked by the pam_faillock,
5c721c
  document the remaining case
5c721c
5c721c
* Fri Nov  5 2010 Tomas Mraz <tmraz@redhat.com> 1.1.3-2
5c721c
- fix a mistake in the abstract X-socket connect
5c721c
- make pam_faillock work with screensaver
5c721c
5c721c
* Mon Nov  1 2010 Tomas Mraz <tmraz@redhat.com> 1.1.3-1
5c721c
- upgrade to new upstream release fixing CVE-2010-3316 CVE-2010-3435
5c721c
  CVE-2010-3853
5c721c
- try to connect to an abstract X-socket first to verify we are
5c721c
  at real console (#647191)
5c721c
5c721c
* Wed Sep 29 2010 jkeating - 1.1.2-2
5c721c
- Rebuilt for gcc bug 634757
5c721c
5c721c
* Mon Sep 20 2010 Tomas Mraz <tmraz@redhat.com> 1.1.2-1
5c721c
- add pam_faillock module implementing temporary account lock out based
5c721c
  on authentication failures during a specified interval
5c721c
- do not build some auxiliary tools that are not installed that require
5c721c
  flex-static to build
5c721c
- upgrade to new upstream release
5c721c
5c721c
* Thu Jul 15 2010 Tomas Mraz <tmraz@redhat.com> 1.1.1-5
5c721c
- do not overwrite tallylog with empty file on upgrade
5c721c
5c721c
* Mon Feb 15 2010 Tomas Mraz <tmraz@redhat.com> 1.1.1-4
5c721c
- change the default password hash to sha512
5c721c
5c721c
* Fri Jan 22 2010 Tomas Mraz <tmraz@redhat.com> 1.1.1-3
5c721c
- fix wrong prompt when pam_get_authtok is used for new password
5c721c
5c721c
* Mon Jan 18 2010 Tomas Mraz <tmraz@redhat.com> 1.1.1-2
5c721c
- fix build with disabled audit and SELinux (#556211, #556212)
5c721c
5c721c
* Thu Dec 17 2009 Tomas Mraz <tmraz@redhat.com> 1.1.1-1
5c721c
- new upstream version with minor changes
5c721c
5c721c
* Mon Nov  2 2009 Tomas Mraz <tmraz@redhat.com> 1.1.0-7
5c721c
- pam_console: fix memory corruption when executing handlers (patch by
5c721c
  Stas Sergeev) and a few more fixes in the handler execution code (#532302)
5c721c
5c721c
* Thu Oct 29 2009 Tomas Mraz <tmraz@redhat.com> 1.1.0-6
5c721c
- pam_xauth: set the approprate context when creating .xauth files (#531530)
5c721c
5c721c
* Tue Sep  1 2009 Tomas Mraz <tmraz@redhat.com> 1.1.0-5
5c721c
- do not change permissions with pam_console_apply
5c721c
- drop obsolete pam_tally module and the faillog file (#461258)
5c721c
5c721c
* Wed Aug 19 2009 Tomas Mraz <tmraz@redhat.com> 1.1.0-4
5c721c
- rebuild with new libaudit
5c721c
5c721c
* Mon Jul 27 2009 Tomas Mraz <tmraz@redhat.com> 1.1.0-3
5c721c
- fix for pam_cracklib from upstream
5c721c
5c721c
* Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.1.0-2
5c721c
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
5c721c
5c721c
* Tue Jun 23 2009 Tomas Mraz <tmraz@redhat.com> 1.1.0-1
5c721c
- update to new upstream version
5c721c
5c721c
* Wed May 13 2009 Tomas Mraz <tmraz@redhat.com> 1.0.92-1
5c721c
- update to new upstream version
5c721c
5c721c
* Fri Apr 10 2009 Tomas Mraz <tmraz@redhat.com> 1.0.91-6
5c721c
- add password-auth, fingerprint-auth, and smartcard-auth
5c721c
  for applications which can use them namely gdm (#494874)
5c721c
  patch by Ray Strode
5c721c
5c721c
* Thu Mar 26 2009 Tomas Mraz <tmraz@redhat.com> 1.0.91-5
5c721c
- replace also other std descriptors (#491471)
5c721c
5c721c
* Tue Mar 17 2009 Tomas Mraz <tmraz@redhat.com> 1.0.91-3
5c721c
- we must replace the stdin when execing the helper (#490644)
5c721c
5c721c
* Mon Mar 16 2009 Tomas Mraz <tmraz@redhat.com> 1.0.91-2
5c721c
- do not close stdout/err when execing the helpers (#488147)
5c721c
5c721c
* Mon Mar  9 2009 Tomas Mraz <tmraz@redhat.com> 1.0.91-1
5c721c
- upgrade to new upstream release
5c721c
5c721c
* Fri Feb 27 2009 Tomas Mraz <tmraz@redhat.com> 1.0.90-4
5c721c
- fix parsing of config files containing non-ASCII characters
5c721c
- fix CVE-2009-0579 (mininimum days for password change ignored) (#487216)
5c721c
- pam_access: improve handling of hostname resolution
5c721c
5c721c
* Thu Feb 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.90-3
5c721c
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
5c721c
5c721c
* Mon Jan 19 2009 Tomas Mraz <tmraz@redhat.com> 1.0.90-2
5c721c
- add helper to pam_mkhomedir for proper SELinux confinement (#476784)
5c721c
5c721c
* Tue Dec 16 2008 Tomas Mraz <tmraz@redhat.com> 1.0.90-1
5c721c
- upgrade to new upstream release
5c721c
- add --disable-prelude (#466242)
5c721c
5c721c
* Tue Sep 23 2008 Tomas Mraz <tmraz@redhat.com> 1.0.2-2
5c721c
- new password quality checks in pam_cracklib
5c721c
- report failed logins from btmp in pam_lastlog
5c721c
- allow larger groups in modutil functions
5c721c
- fix leaked file descriptor in pam_tally
5c721c
5c721c
* Mon Sep  8 2008 Tomas Mraz <tmraz@redhat.com> 1.0.2-1
5c721c
- pam_loginuid: uids are unsigned (#460241)
5c721c
- new minor upstream release
5c721c
- use external db4
5c721c
- drop tests for not pulling in libpthread (as NPTL should
5c721c
  be safe)
5c721c
5c721c
* Wed Jul  9 2008 Tomas Mraz <tmraz@redhat.com> 1.0.1-5
5c721c
- update internal db4
5c721c
5c721c
* Wed May 21 2008 Tomas Mraz <tmraz@redhat.com> 1.0.1-4
5c721c
- pam_namespace: allow safe creation of directories owned by user (#437116)
5c721c
- pam_unix: fix multiple error prompts on password change (#443872)
5c721c
5c721c
* Tue May 20 2008 Tomas Mraz <tmraz@redhat.com> 1.0.1-3
5c721c
- pam_selinux: add env_params option which will be used by OpenSSH
5c721c
- fix build with new autoconf
5c721c
5c721c
* Tue Apr 22 2008 Tomas Mraz <tmraz@redhat.com> 1.0.1-2
5c721c
- pam_selinux: restore execcon properly (#443667)
5c721c
5c721c
* Fri Apr 18 2008 Tomas Mraz <tmraz@redhat.com> 1.0.1-1
5c721c
- upgrade to new upstream release (one bugfix only)
5c721c
- fix pam_sepermit use in screensavers
5c721c
5c721c
* Mon Apr  7 2008 Tomas Mraz <tmraz@redhat.com> 1.0.0-2
5c721c
- fix regression in pam_set_item
5c721c
5c721c
* Fri Apr  4 2008 Tomas Mraz <tmraz@redhat.com> 1.0.0-1
5c721c
- upgrade to new upstream release (bugfix only)
5c721c
5c721c
* Thu Mar 20 2008 Tomas Mraz <tmraz@redhat.com> 0.99.10.0-4
5c721c
- pam_namespace: fix problem with level polyinst (#438264)
5c721c
- pam_namespace: improve override checking for umount
5c721c
- pam_selinux: fix syslogging a context after free() (#438338)
5c721c
5c721c
* Thu Feb 28 2008 Tomas Mraz <tmraz@redhat.com> 0.99.10.0-3
5c721c
- update pam-redhat module tarball
5c721c
- update internal db4
5c721c
5c721c
* Fri Feb 22 2008 Tomas Mraz <tmraz@redhat.com> 0.99.10.0-2
5c721c
- if shadow is readable for an user do not prevent him from
5c721c
  authenticating any user with unix_chkpwd (#433459)
5c721c
- call audit from unix_chkpwd when appropriate
5c721c
5c721c
* Fri Feb 15 2008 Tomas Mraz <tmraz@redhat.com> 0.99.10.0-1
5c721c
- new upstream release
5c721c
- add default soft limit for nproc of 1024 to prevent
5c721c
  accidental fork bombs (#432903)
5c721c
5c721c
* Mon Feb  4 2008 Tomas Mraz <tmraz@redhat.com> 0.99.8.1-18
5c721c
- allow the package to build without SELinux and audit support (#431415)
5c721c
- macro usage cleanup
5c721c
5c721c
* Mon Jan 28 2008 Tomas Mraz <tmraz@redhat.com> 0.99.8.1-17
5c721c
- test for setkeycreatecon correctly
5c721c
- add exclusive login mode of operation to pam_selinux_permit (original
5c721c
  patch by Dan Walsh)
5c721c
5c721c
* Tue Jan 22 2008 Tomas Mraz <tmraz@redhat.com> 0.99.8.1-16
5c721c
- add auditing to pam_access, pam_limits, and pam_time
5c721c
- moved sanity testing code to check script
5c721c
5c721c
* Mon Jan 14 2008 Tomas Mraz <tmraz@redhat.com> 0.99.8.1-15
5c721c
- merge review fixes (#226228)
5c721c
5c721c
* Tue Jan  8 2008 Tomas Mraz <tmraz@redhat.com> 0.99.8.1-14
5c721c
- support for sha256 and sha512 password hashes
5c721c
- account expiry checks moved to unix_chkpwd helper
5c721c
5c721c
* Wed Jan  2 2008 Tomas Mraz <tmraz@redhat.com> 0.99.8.1-13
5c721c
- wildcard match support in pam_tty_audit (by Miloslav Trmač)
5c721c
5c721c
* Thu Nov 29 2007 Tomas Mraz <tmraz@redhat.com> 0.99.8.1-12
5c721c
- add pam_tty_audit module (#244352) - written by Miloslav Trmač
5c721c
5c721c
* Wed Nov  7 2007 Tomas Mraz <tmraz@redhat.com> 0.99.8.1-11
5c721c
- add substack support
5c721c
5c721c
* Tue Sep 25 2007 Tomas Mraz <tmraz@redhat.com> 0.99.8.1-10
5c721c
- update db4 to 4.6.19 (#274661)
5c721c
5c721c
* Fri Sep 21 2007 Tomas Mraz <tmraz@redhat.com> 0.99.8.1-9
5c721c
- do not preserve contexts when copying skel and other namespace.init
5c721c
  fixes (#298941)
5c721c
- do not free memory sent to putenv (#231698)
5c721c
5c721c
* Wed Sep 19 2007 Tomas Mraz <tmraz@redhat.com> 0.99.8.1-8
5c721c
- add pam_selinux_permit module
5c721c
- pam_succeed_if: fix in operator (#295151)
5c721c
5c721c
* Tue Sep 18 2007 Tomas Mraz <tmraz@redhat.com> 0.99.8.1-7
5c721c
- when SELinux enabled always run the helper binary instead of
5c721c
  direct shadow access (#293181)
5c721c
5c721c
* Fri Aug 24 2007 Tomas Mraz <tmraz@redhat.com> 0.99.8.1-6
5c721c
- do not ask for blank password when SELinux confined (#254044)
5c721c
- initialize homedirs in namespace init script (original patch by dwalsh)
5c721c
5c721c
* Wed Aug 22 2007 Tomas Mraz <tmraz@redhat.com> 0.99.8.1-5
5c721c
- most devices are now handled by HAL and not pam_console (patch by davidz)
5c721c
- license tag fix
5c721c
- multifunction scanner device support (#251468)
5c721c
5c721c
* Mon Aug 13 2007 Tomas Mraz <tmraz@redhat.com> 0.99.8.1-4
5c721c
- fix auth regression when uid != 0 from previous build (#251804)
5c721c
5c721c
* Mon Aug  6 2007 Tomas Mraz <tmraz@redhat.com> 0.99.8.1-3
5c721c
- updated db4 to 4.6.18 (#249740)
5c721c
- added user and new instance parameters to namespace init
5c721c
- document the new features of pam_namespace
5c721c
- do not log an audit error when uid != 0 (#249870)
5c721c
5c721c
* Wed Jul 25 2007 Jeremy Katz <katzj@redhat.com> - 0.99.8.1-2
5c721c
- rebuild for toolchain bug
5c721c
5c721c
* Mon Jul 23 2007 Tomas Mraz <tmraz@redhat.com> 0.99.8.1-1
5c721c
- upgrade to latest upstream version
5c721c
- add some firewire devices to default console perms (#240770)
5c721c
5c721c
* Thu Apr 26 2007 Tomas Mraz <tmraz@redhat.com> 0.99.7.1-6
5c721c
- pam_namespace: better document behavior on failure (#237249)
5c721c
- pam_unix: split out passwd change to a new helper binary (#236316)
5c721c
- pam_namespace: add support for temporary logons (#241226)
5c721c
5c721c
* Fri Apr 13 2007 Tomas Mraz <tmraz@redhat.com> 0.99.7.1-5
5c721c
- pam_selinux: improve context change auditing (#234781)
5c721c
- pam_namespace: fix parsing config file with unknown users (#234513)
5c721c
5c721c
* Fri Mar 23 2007 Tomas Mraz <tmraz@redhat.com> 0.99.7.1-4
5c721c
- pam_console: always decrement use count (#230823)
5c721c
- pam_namespace: use raw context for poly dir name (#227345)
5c721c
- pam_namespace: truncate long poly dir name (append hash) (#230120)
5c721c
- we don't patch any po files anymore
5c721c
5c721c
* Wed Feb 21 2007 Tomas Mraz <tmraz@redhat.com> 0.99.7.1-3
5c721c
- correctly relabel tty in the default case (#229542)
5c721c
- pam_unix: cleanup of bigcrypt support
5c721c
- pam_unix: allow modification of '*' passwords to root
5c721c
5c721c
* Tue Feb  6 2007 Tomas Mraz <tmraz@redhat.com> 0.99.7.1-2
5c721c
- more X displays as consoles (#227462)
5c721c
5c721c
* Wed Jan 24 2007 Tomas Mraz <tmraz@redhat.com> 0.99.7.1-1
5c721c
- upgrade to new upstream version resolving CVE-2007-0003
5c721c
- pam_namespace: unmount poly dir for override users
5c721c
5c721c
* Mon Jan 22 2007 Tomas Mraz <tmraz@redhat.com> 0.99.7.0-2
5c721c
- add back min salt length requirement which was erroneously removed
5c721c
  upstream (CVE-2007-0003)
5c721c
5c721c
* Fri Jan 19 2007 Tomas Mraz <tmraz@redhat.com> 0.99.7.0-1
5c721c
- upgrade to new upstream version
5c721c
- drop pam_stack module as it is obsolete
5c721c
- some changes to silence rpmlint
5c721c
5c721c
* Tue Jan 16 2007 Tomas Mraz <tmraz@redhat.com> 0.99.6.2-8
5c721c
- properly include /var/log/faillog and tallylog as ghosts
5c721c
  and create them in post script (#209646)
5c721c
- update gmo files as we patch some po files (#218271)
5c721c
- add use_current_range option to pam_selinux (#220487)
5c721c
- improve the role selection in pam_selinux
5c721c
- remove shortcut on Password: in ja locale (#218271)
5c721c
- revert to old euid and not ruid when setting euid in pam_keyinit (#219486)
5c721c
- rename selinux-namespace patch to namespace-level
5c721c
5c721c
* Fri Dec 1 2006 Dan Walsh <dwalsh@redhat.com> 0.99.6.2-7
5c721c
- fix selection of role
5c721c
5c721c
* Fri Dec 1 2006 Dan Walsh <dwalsh@redhat.com> 0.99.6.2-6
5c721c
- add possibility to pam_namespace to only change MLS component
5c721c
- Resolves: Bug #216184
5c721c
5c721c
* Thu Nov 30 2006 Tomas Mraz <tmraz@redhat.com> 0.99.6.2-5
5c721c
- add select-context option to pam_selinux (#213812)
5c721c
- autoreconf won't work with autoconf-2.61 as configure.in is not yet adjusted
5c721c
  for it
5c721c
5c721c
* Mon Nov 13 2006 Tomas Mraz <tmraz@redhat.com> 0.99.6.2-4
5c721c
- update internal db4 to 4.5.20 version
5c721c
- move setgid before setuid in pam_keyinit (#212329)
5c721c
- make username check in pam_unix consistent with useradd (#212153)
5c721c
5c721c
* Tue Oct 24 2006 Tomas Mraz <tmraz@redhat.com> 0.99.6.2-3.3
5c721c
- don't overflow a buffer in pam_namespace (#211989)
5c721c
5c721c
* Mon Oct 16 2006 Tomas Mraz <tmraz@redhat.com> 0.99.6.2-3.2
5c721c
- /var/log/faillog and tallylog must be config(noreplace)
5c721c
5c721c
* Fri Oct 13 2006 Tomas Mraz <tmraz@redhat.com> 0.99.6.2-3.1
5c721c
- preserve effective uid in namespace.init script (LSPP for newrole)
5c721c
- include /var/log/faillog and tallylog to filelist (#209646)
5c721c
- add ids to .xml docs so the generated html is always the same (#210569)
5c721c
5c721c
* Thu Sep 28 2006 Tomas Mraz <tmraz@redhat.com> 0.99.6.2-3
5c721c
- add pam_namespace option no_unmount_on_close, required for newrole
5c721c
5c721c
* Mon Sep  4 2006 Tomas Mraz <tmraz@redhat.com> 0.99.6.2-2
5c721c
- silence pam_succeed_if in default system-auth (#205067)
5c721c
- round the pam_timestamp_check sleep up to wake up at the start of the
5c721c
  wallclock second (#205068)
5c721c
5c721c
* Thu Aug 31 2006 Tomas Mraz <tmraz@redhat.com> 0.99.6.2-1
5c721c
- upgrade to new upstream version, as there are mostly bugfixes except
5c721c
  improved documentation
5c721c
- add support for session and password service for pam_access and
5c721c
  pam_succeed_if
5c721c
- system-auth: skip session pam_unix for crond service
5c721c
5c721c
* Thu Aug 10 2006 Dan Walsh <dwalsh@redhat.com> 0.99.5.0-8
5c721c
- Add new setkeycreatecon call to pam_selinux to make sure keyring has correct context
5c721c
5c721c
* Thu Aug 10 2006 Tomas Mraz <tmraz@redhat.com> 0.99.5.0-7
5c721c
- revoke keyrings properly when pam_keyinit called as root (#201048)
5c721c
- pam_succeed_if should return PAM_USER_UNKNOWN when getpwnam fails (#197748)
5c721c
5c721c
* Wed Aug  2 2006 Tomas Mraz <tmraz@redhat.com> 0.99.5.0-6
5c721c
- revoke keyrings properly when pam_keyinit called more than once (#201048)
5c721c
  patch by David Howells
5c721c
5c721c
* Fri Jul 21 2006 Tomas Mraz <tmraz@redhat.com> 0.99.5.0-5
5c721c
- don't log pam_keyinit debug messages by default (#199783)
5c721c
5c721c
* Fri Jul 21 2006 Tomas Mraz <tmraz@redhat.com> 0.99.5.0-4
5c721c
- drop ainit from console.handlers (#199561)
5c721c
5c721c
* Mon Jul 17 2006 Tomas Mraz <tmraz@redhat.com> 0.99.5.0-3
5c721c
- don't report error in pam_selinux for nonexistent tty (#188722)
5c721c
- add pam_keyinit to the default system-auth file (#198623)
5c721c
5c721c
* Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 0.99.5.0-2.1
5c721c
- rebuild
5c721c
5c721c
* Mon Jul  3 2006 Tomas Mraz <tmraz@redhat.com> 0.99.5.0-2
5c721c
- fixed network match in pam_access (patch by Dan Yefimov)
5c721c
5c721c
* Fri Jun 30 2006 Tomas Mraz <tmraz@redhat.com> 0.99.5.0-1
5c721c
- updated to a new upstream release
5c721c
- added service as value to be matched and list matching to
5c721c
  pam_succeed_if
5c721c
- namespace.init was missing from EXTRA_DIST
5c721c
5c721c
* Thu Jun  8 2006 Tomas Mraz <tmraz@redhat.com> 0.99.4.0-5
5c721c
- updated pam_namespace with latest patch by Janak Desai
5c721c
- merged pam_namespace patches
5c721c
- added buildrequires libtool
5c721c
- fixed a few rpmlint warnings
5c721c
5c721c
* Wed May 24 2006 Tomas Mraz <tmraz@redhat.com> 0.99.4.0-4
5c721c
- actually don't link to libssl as it is not used (#191915)
5c721c
5c721c
* Wed May 17 2006 Tomas Mraz <tmraz@redhat.com> 0.99.4.0-3
5c721c
- use md5 implementation from pam_unix in pam_namespace
5c721c
- pam_namespace should call setexeccon only when selinux is enabled
5c721c
5c721c
* Tue May 16 2006 Tomas Mraz <tmraz@redhat.com> 0.99.4.0-2
5c721c
- pam_console_apply shouldn't access /var when called with -r (#191401)
5c721c
- actually apply the large-uid patch
5c721c
- don't build hmactest in pam_timestamp so openssl-devel is not required
5c721c
- add missing buildrequires (#191915)
5c721c
5c721c
* Wed May 10 2006 Tomas Mraz <tmraz@redhat.com> 0.99.4.0-1
5c721c
- upgrade to new upstream version
5c721c
- make pam_console_apply not dependent on glib
5c721c
- support large uids in pam_tally, pam_tally2
5c721c
5c721c
* Thu May  4 2006 Tomas Mraz <tmraz@redhat.com> 0.99.3.0-5
5c721c
- the namespace instance init script is now in /etc/security (#190148)
5c721c
- pam_namespace: added missing braces (#190026)
5c721c
- pam_tally(2): never call fclose twice on the same FILE (from upstream)
5c721c
5c721c
* Wed Apr 26 2006 Tomas Mraz <tmraz@redhat.com> 0.99.3.0-4
5c721c
- fixed console device class for irda (#189966)
5c721c
- make pam_console_apply fail gracefully when a class is missing
5c721c
5c721c
* Tue Apr 25 2006 Tomas Mraz <tmraz@redhat.com> 0.99.3.0-3
5c721c
- added pam_namespace module written by Janak Desai (per-user /tmp
5c721c
support)
5c721c
- new pam-redhat modules version
5c721c
5c721c
* Fri Feb 24 2006 Tomas Mraz <tmraz@redhat.com> 0.99.3.0-2
5c721c
- added try_first_pass option to pam_cracklib
5c721c
- use try_first_pass for pam_unix and pam_cracklib in
5c721c
  system-auth (#182350)
5c721c
5c721c
* Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 0.99.3.0-1.2
5c721c
- bump again for double-long bug on ppc(64)
5c721c
5c721c
* Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 0.99.3.0-1.1
5c721c
- rebuilt for new gcc4.1 snapshot and glibc changes
5c721c
5c721c
* Fri Feb  3 2006 Tomas Mraz <tmraz@redhat.com> 0.99.3.0-1
5c721c
- new upstream version
5c721c
- updated db4 to 4.3.29
5c721c
- added module pam_tally2 with auditing support
5c721c
- added manual pages for system-auth and config-util (#179584)
5c721c
5c721c
* Tue Jan  3 2006 Tomas Mraz <tmraz@redhat.com> 0.99.2.1-3
5c721c
- remove 'initscripts' dependency (#176508)
5c721c
- update pam-redhat modules, merged patches
5c721c
5c721c
* Fri Dec 16 2005 Tomas Mraz <tmraz@redhat.com> 0.99.2.1-2
5c721c
- fix dangling symlinks in -devel (#175929)
5c721c
- link libaudit only where necessary
5c721c
- actually compile in audit support
5c721c
5c721c
* Thu Dec 15 2005 Tomas Mraz <tmraz@redhat.com> 0.99.2.1-1
5c721c
- support netgroup matching in pam_succeed_if
5c721c
- upgrade to new release
5c721c
- drop pam_pwdb as it was obsolete long ago
5c721c
- we don't build static libraries anymore
5c721c
5c721c
* Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>
5c721c
- rebuilt
5c721c
5c721c
* Tue Nov 15 2005 Tomas Mraz <tmraz@redhat.com> 0.80-14
5c721c
- pam_stack is deprecated - log its usage
5c721c
5c721c
* Wed Oct 26 2005 Tomas Mraz <tmraz@redhat.com> 0.80-13
5c721c
- fixed CAN-2005-2977 unix_chkpwd should skip user verification only if
5c721c
  run as root (#168181)
5c721c
- link pam_loginuid to libaudit
5c721c
- support no tty in pam_access (#170467)
5c721c
- updated audit patch (by Steve Grubb)
5c721c
- the previous pam_selinux change was not applied properly
5c721c
- pam_xauth: look for the xauth binary in multiple directories (#171164)
5c721c
5c721c
* Wed Oct 26 2005 Dan Walsh <dwalsh@redhat.com> 0.80-12
5c721c
- Eliminate multiple in pam_selinux
5c721c
5c721c
* Fri Oct 14 2005 Dan Walsh <dwalsh@redhat.com> 0.80-11
5c721c
- Eliminate fail over for getseuserbyname call
5c721c
5c721c
* Thu Oct 13 2005 Dan Walsh <dwalsh@redhat.com> 0.80-10
5c721c
- Add getseuserbyname call for SELinux MCS/MLS policy
5c721c
5c721c
* Tue Oct  4 2005 Tomas Mraz <tmraz@redhat.com>
5c721c
- pam_console manpage fixes (#169373)
5c721c
5c721c
* Fri Sep 30 2005 Tomas Mraz <tmraz@redhat.com> 0.80-9
5c721c
- don't include ps and pdf docs (#168823)
5c721c
- new common config file for configuration utilities
5c721c
- remove glib2 dependency (#166979)
5c721c
5c721c
* Tue Sep 20 2005 Tomas Mraz <tmraz@redhat.com> 0.80-8
5c721c
- process limit values other than RLIMIT_NICE correctly (#168790)
5c721c
- pam_unix: always honor nis flag on password change (by Aaron Hope)
5c721c
5c721c
* Wed Aug 24 2005 Tomas Mraz <tmraz@redhat.com> 0.80-7
5c721c
- don't fail in audit code when audit is not compiled in 
5c721c
  on the newest kernels (#166422)
5c721c
5c721c
* Mon Aug 01 2005 Tomas Mraz <tmraz@redhat.com> 0.80-6
5c721c
- add option to pam_loginuid to require auditd
5c721c
 
5c721c
* Fri Jul 29 2005 Tomas Mraz <tmraz@redhat.com> 0.80-5
5c721c
- fix NULL dereference in pam_userdb (#164418)
5c721c
5c721c
* Tue Jul 26 2005 Tomas Mraz <tmraz@redhat.com> 0.80-4
5c721c
- fix 64bit bug in pam_pwdb
5c721c
- don't crash in pam_unix if pam_get_data fail
5c721c
5c721c
* Fri Jul 22 2005 Tomas Mraz <tmraz@redhat.com> 0.80-3
5c721c
- more pam_selinux permissive fixes (Dan Walsh)
5c721c
- make binaries PIE (#158938)
5c721c
5c721c
* Mon Jul 18 2005 Tomas Mraz <tmraz@redhat.com> 0.80-2
5c721c
- fixed module tests so the pam doesn't require itself to build (#163502)
5c721c
- added buildprereq for building the documentation (#163503)
5c721c
- relaxed permissions of binaries (u+w)
5c721c
5c721c
* Thu Jul 14 2005 Tomas Mraz <tmraz@redhat.com> 0.80-1
5c721c
- upgrade to new upstream sources
5c721c
- removed obsolete patches
5c721c
- pam_selinux module shouldn't fail on broken configs unless
5c721c
  policy is set to enforcing (Dan Walsh)
5c721c
5c721c
* Tue Jun 21 2005 Tomas Mraz <tmraz@redhat.com> 0.79-11
5c721c
- update pam audit patch
5c721c
- add support for new limits in kernel-2.6.12 (#157050)
5c721c
5c721c
* Thu Jun  9 2005 Tomas Mraz <tmraz@redhat.com> 0.79-10
5c721c
- add the Requires dependency on audit-libs (#159885)
5c721c
- pam_loginuid shouldn't report error when /proc/self/loginuid
5c721c
  is missing (#159974)
5c721c
5c721c
* Fri May 20 2005 Tomas Mraz <tmraz@redhat.com> 0.79-9
5c721c
- update the pam audit patch to support newest audit library,
5c721c
  audit also pam_setcred calls (Steve Grubb)
5c721c
- don't use the audit_fd as global static variable
5c721c
- don't unset the XAUTHORITY when target user is root
5c721c
5c721c
* Mon May  2 2005 Tomas Mraz <tmraz@redhat.com> 0.79-8
5c721c
- pam_console: support loading .perms files in the console.perms.d (#156069)
5c721c
5c721c
* Tue Apr 26 2005 Tomas Mraz <tmraz@redhat.com> 0.79-7
5c721c
- pam_xauth: unset the XAUTHORITY variable on error, fix
5c721c
  potential memory leaks
5c721c
- modify path to IDE floppy devices in console.perms (#155560)
5c721c
5c721c
* Sat Apr 16 2005 Steve Grubb <sgrubb@redhat.com> 0.79-6
5c721c
- Adjusted pam audit patch to make exception for ECONNREFUSED
5c721c
5c721c
* Tue Apr 12 2005 Tomas Mraz <tmraz@redhat.com> 0.79-5
5c721c
- added auditing patch by Steve Grubb
5c721c
- added cleanup patches for bugs found by Steve Grubb
5c721c
- don't clear the shadow option of pam_unix if nis option used
5c721c
5c721c
* Fri Apr  8 2005 Tomas Mraz <tmraz@redhat.com> 0.79-4
5c721c
- #150537 - flush input first then write the prompt
5c721c
5c721c
* Thu Apr  7 2005 Tomas Mraz <tmraz@redhat.com> 0.79-3
5c721c
- make pam_unix LSB 2.0 compliant even when SELinux enabled
5c721c
- #88127 - change both local and NIS passwords to keep them in sync,
5c721c
  also fix a regression in passwd functionality on NIS master server
5c721c
5c721c
* Tue Apr  5 2005 Tomas Mraz <tmraz@redhat.com>
5c721c
- #153711 fix wrong logging in pam_selinux when restoring tty label
5c721c
5c721c
* Sun Apr  3 2005 Tomas Mraz <tmraz@redhat.com> 0.79-2
5c721c
- fix NULL deref in pam_tally when it's used in account phase
5c721c
5c721c
* Thu Mar 31 2005 Tomas Mraz <tmraz@redhat.com> 0.79-1
5c721c
- upgrade to the new upstream release
5c721c
- moved pam_loginuid to pam-redhat repository
5c721c
5c721c
* Wed Mar 23 2005 Tomas Mraz <tmraz@redhat.com> 0.78-9
5c721c
- fix wrong logging in pam_console handlers
5c721c
- add executing ainit handler for alsa sound dmix
5c721c
- #147879, #112777 - change permissions for dri devices
5c721c
5c721c
* Fri Mar 18 2005 Tomas Mraz <tmraz@redhat.com> 0.78-8
5c721c
- remove ownership and permissions handling from pam_console call
5c721c
  pam_console_apply as a handler instead
5c721c
5c721c
* Mon Mar 14 2005 Tomas Mraz <tmraz@redhat.com> 0.78-7
5c721c
- add pam_loginuid module for setting the the login uid for auditing purposes
5c721c
  (by Steve Grubb)
5c721c
5c721c
* Thu Mar 10 2005 Tomas Mraz <tmraz@redhat.com> 0.78-6
5c721c
- add functionality for running handler executables from pam_console
5c721c
  when console lock was obtained/lost
5c721c
- removed patches merged to pam-redhat
5c721c
5c721c
* Tue Mar  1 2005 Tomas Mraz <tmraz@redhat.com> 0.78-5
5c721c
- echo why tests failed when rebuilding
5c721c
- fixed some warnings and errors in pam_console for gcc4 build
5c721c
- improved parsing pam_console config file
5c721c
5c721c
* Mon Feb 21 2005 Tomas Mraz <tmraz@redhat.com>
5c721c
- don't log garbage in pam_console_apply (#147879)
5c721c
5c721c
* Tue Jan 18 2005 Tomas Mraz <tmraz@redhat.com>
5c721c
- don't require exact db4 version only conflict with incompatible one
5c721c
5c721c
* Wed Jan 12 2005 Tomas Mraz <tmraz@redhat.com> 0.78-4
5c721c
- updated pam-redhat from elvis CVS
5c721c
- removed obsolete patches
5c721c
5c721c
* Mon Jan  3 2005 Jeff Johnson <jbj@redhat.com> 0.78-3
5c721c
- depend on db-4.3.27, not db-4.3.21.
5c721c
5c721c
* Thu Nov 25 2004 Tomas Mraz <tmraz@redhat.com> 0.78-2
5c721c
- add argument to pam_console_apply to restrict its work to specified files
5c721c
5c721c
* Tue Nov 23 2004 Tomas Mraz <tmraz@redhat.com> 0.78-1
5c721c
- update to Linux-PAM-0.78
5c721c
- #140451 parse passwd entries correctly and test for failure
5c721c
- #137802 allow using pam_console for authentication
5c721c
5c721c
* Fri Nov 12 2004 Jeff Johnson <jbj@jbj.org> 0.77-67
5c721c
- rebuild against db-4.3.21.
5c721c
5c721c
* Thu Nov 11 2004 Tomas Mraz <tmraz@redhat.com> 0.77-66
5c721c
- #77646 log failures when renaming the files when changing password
5c721c
- Log failure on missing /etc/security/opasswd when remember option is present
5c721c
5c721c
* Wed Nov 10 2004 Tomas Mraz <tmraz@redhat.com>
5c721c
- #87628 pam_timestamp remembers authorization after logout
5c721c
- #116956 fixed memory leaks in pam_stack
5c721c
5c721c
* Wed Oct 20 2004 Tomas Mraz <tmraz@redhat.com> 0.77-65
5c721c
- #74062 modify the pwd-lock patch to remove NIS passwd changing deadlock
5c721c
5c721c
* Wed Oct 20 2004 Tomas Mraz <tmraz@redhat.com> 0.77-64
5c721c
- #134941 pam_console should check X11 socket only on login
5c721c
5c721c
* Tue Oct 19 2004 Tomas Mraz <tmraz@redhat.com> 0.77-63
5c721c
- Fix checking of group %%group syntax in pam_limits
5c721c
- Drop fencepost patch as it was already fixed 
5c721c
  by upstream change from 0.75 to 0.77
5c721c
- Fix brokenshadow patch
5c721c
5c721c
* Mon Oct 11 2004 Tomas Mraz <tmraz@redhat.com> 0.77-62
5c721c
- Added bluetooth, raw1394 and flash to console.perms
5c721c
- pam_console manpage fix 
5c721c
5c721c
* Mon Oct 11 2004 Tomas Mraz <tmraz@redhat.com> 0.77-61
5c721c
- #129328 pam_env shouldn't abort on missing /etc/environment
5c721c
- #126985 pam_stack should always copy the conversation function 
5c721c
- #127524 add /etc/security/opasswd to files
5c721c
5c721c
* Tue Sep 28 2004 Phil Knirsch <pknirsch@redhat.com> 0.77-60
5c721c
- Drop last patch again, fixed now correctly elsewhere
5c721c
5c721c
* Thu Sep 23 2004 Phil Knirsch <pknirsch@redhat.com> 0.77-59
5c721c
- Fixed bug in pam_env where wrong initializer was used
5c721c
5c721c
* Fri Sep 17 2004 Dan Walsh <dwalsh@redhat.com> 0.77-58
5c721c
- rebuild selinux patch using checkPasswdAccess
5c721c
5c721c
* Mon Sep 13 2004 Jindrich Novy <jnovy@redhat.com>
5c721c
- rebuilt
5c721c
5c721c
* Mon Sep 13 2004 Tomas Mraz <tmraz@redhat.com> 0.77-56
5c721c
- #75454 fixed locking when changing password
5c721c
- #127054 
5c721c
- #125653 removed unnecessary getgrouplist call
5c721c
- #124979 added quiet option to pam_succeed_if
5c721c
5c721c
* Mon Aug 30 2004 Warren Togami <wtogami@redhat.com> 0.77-55
5c721c
- #126024 /dev/pmu console perms
5c721c
5c721c
* Wed Aug 4 2004 Dan Walsh <dwalsh@redhat.com> 0.77-54
5c721c
- Move pam_console.lock to /var/run/console/
5c721c
5c721c
* Thu Jul 29 2004 Dan Walsh <dwalsh@redhat.com> 0.77-53
5c721c
- Close fd[1] before pam_modutilread so that unix_verify will complete 
5c721c
5c721c
* Tue Jul 27 2004 Alan Cox <alan@redhat.com> 0.77-52
5c721c
- First chunk of Steve Grubb's resource leak and other fixes
5c721c
5c721c
* Tue Jul 27 2004 Alan Cox <alan@redhat.com> 0.77-51
5c721c
- Fixed build testing of modules
5c721c
- Fixed dependancies
5c721c
5c721c
* Tue Jul 20 2004 Dan Walsh <dwalsh@redhat.com> 0.77-50
5c721c
- Change unix_chkpwd to return pam error codes
5c721c
5c721c
* Sat Jul 10 2004 Alan Cox <alan@redhat.com>
5c721c
- Fixed the pam glib2 dependancy issue
5c721c
5c721c
* Mon Jun 21 2004 Alan Cox <alan@redhat.com>
5c721c
- Fixed the pam_limits fencepost error (#79989) since nobody seems to
5c721c
  be doing it
5c721c
5c721c
* Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>
5c721c
- rebuilt
5c721c
5c721c
* Wed Jun 9 2004 Dan Walsh <dwalsh@redhat.com> 0.77-45
5c721c
- Add requires libselinux > 1.8
5c721c
5c721c
* Thu Jun 3 2004 Dan Walsh <dwalsh@redhat.com> 0.77-44
5c721c
- Add MLS Support to selinux patch
5c721c
5c721c
* Wed Jun 2 2004 Dan Walsh <dwalsh@redhat.com> 0.77-43
5c721c
- Modify pam_selinux to use open and close param
5c721c
5c721c
* Fri May 28 2004 Dan Walsh <dwalsh@redhat.com> 0.77-42
5c721c
- Split pam module into two parts open and close
5c721c
5c721c
* Tue May 18 2004 Phil Knirsch <pknirsch@redhat.com> 0.77-41
5c721c
- Fixed 64bit segfault in pam_succeed_if module.
5c721c
5c721c
* Wed Apr 14 2004 Dan Walsh <dwalsh@redhat.com> 0.77-40
5c721c
- Apply changes from audit.
5c721c
5c721c
* Mon Apr 12 2004 Dan Walsh <dwalsh@redhat.com> 0.77-39
5c721c
- Change to only report failure on relabel if debug
5c721c
5c721c
* Wed Mar 3 2004 Dan Walsh <dwalsh@redhat.com> 0.77-38
5c721c
- Fix error handling of pam_unix
5c721c
5c721c
* Tue Mar 02 2004 Elliot Lee <sopwith@redhat.com>
5c721c
- rebuilt
5c721c
5c721c
* Thu Feb 26 2004 Dan Walsh <dwalsh@redhat.com> 0.77-36
5c721c
- fix tty handling
5c721c
5c721c
* Thu Feb 26 2004 Dan Walsh <dwalsh@redhat.com> 0.77-35
5c721c
- remove tty closing and opening from pam_selinux, it does not work.
5c721c
5c721c
* Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>
5c721c
- rebuilt
5c721c
5c721c
* Thu Feb 12 2004 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- pam_unix: also log successful password changes when using shadowed passwords
5c721c
5c721c
* Tue Feb 10 2004 Dan Walsh <dwalsh@redhat.com> 0.77-33
5c721c
- close and reopen terminal after changing context.
5c721c
5c721c
* Thu Feb 5 2004 Dan Walsh <dwalsh@redhat.com> 0.77-32
5c721c
- Check for valid tty
5c721c
5c721c
* Tue Feb 3 2004 Dan Walsh <dwalsh@redhat.com> 0.77-31
5c721c
- Check for multiple > 1
5c721c
5c721c
* Mon Feb 2 2004 Dan Walsh <dwalsh@redhat.com> 0.77-30
5c721c
- fix is_selinux_enabled call for pam_rootok
5c721c
5c721c
* Wed Jan 28 2004 Dan Walsh <dwalsh@redhat.com> 0.77-29
5c721c
- More fixes to pam_selinux,pam_rootok
5c721c
5c721c
* Wed Jan 28 2004 Dan Walsh <dwalsh@redhat.com> 0.77-28
5c721c
- turn on selinux
5c721c
5c721c
* Wed Jan 28 2004 Dan Walsh <dwalsh@redhat.com> 0.77-27
5c721c
- Fix rootok check.
5c721c
5c721c
* Mon Jan 26 2004 Dan Walsh <dwalsh@redhat.com> 0.77-26
5c721c
- fix is_selinux_enabled call
5c721c
5c721c
* Sun Jan 25 2004 Dan Walsh <dwalsh@redhat.com> 0.77-25
5c721c
- Check if ROOTOK for SELinux
5c721c
5c721c
* Thu Jan 15 2004 Dan Walsh <dwalsh@redhat.com> 0.77-24
5c721c
- Fix tty handling for pts in pam_selinux
5c721c
5c721c
* Thu Jan 15 2004 Dan Walsh <dwalsh@redhat.com> 0.77-23
5c721c
- Need to add qualifier context for sudo situation
5c721c
5c721c
* Thu Jan 15 2004 Dan Walsh <dwalsh@redhat.com> 0.77-22
5c721c
- Fix pam_selinux to use prevcon instead of pam_user so it will work for su.
5c721c
5c721c
* Fri Dec 12 2003 Bill Nottingham <notting@redhat.com> 0.77-21.sel
5c721c
- add alsa devs to console.perms
5c721c
5c721c
* Thu Dec 11 2003 Jeff Johnson <jbj@jbj.org> 0.77-20.sel
5c721c
- rebuild with db-4.2.52.
5c721c
- build db4 in build_unix, not dist.
5c721c
5c721c
* Wed Nov 26 2003 Dan Walsh <dwalsh@redhat.com> 0.77-19.sel
5c721c
- Change unix_chkpwd to handle unix_passwd and unix_acct
5c721c
- This eliminates the need for pam modules to have read/write access to /etc/shadow.
5c721c
5c721c
* Thu Nov 20 2003 Dan Walsh <dwalsh@redhat.com> 0.77-18.sel
5c721c
- Cleanup unix_chkpwd
5c721c
5c721c
* Mon Nov 03 2003 Dan Walsh <dwalsh@redhat.com> 0.77-17.sel
5c721c
- Fix tty handling 
5c721c
- Add back multiple handling
5c721c
5c721c
* Mon Oct 27 2003 Dan Walsh <dwalsh@redhat.com> 0.77-16.sel
5c721c
- Remove Multiple from man page of pam_selinux
5c721c
5c721c
* Thu Oct 23 2003 Nalin Dahyabhai <nalin@redhat.com> 0.77-15
5c721c
- don't install _pam_aconf.h -- apps don't use it, other PAM headers which
5c721c
  are installed don't use it, and its contents may be different for arches
5c721c
  on a multilib system
5c721c
- check for linkage problems in modules at %%install-time (kill #107093 dead)
5c721c
- add buildprereq on flex (#101563)
5c721c
5c721c
* Wed Oct 22 2003 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- make pam_pwdb.so link with libnsl again so that it loads (#107093)
5c721c
- remove now-bogus buildprereq on db4-devel (we use a bundled copy for
5c721c
  pam_userdb to avoid symbol collisions with other db libraries in apps)
5c721c
5c721c
* Mon Oct 20 2003 Dan Walsh <dwalsh@redhat.com> 0.77-14.sel
5c721c
- Add Russell Coker patch to handle /dev/pty
5c721c
5c721c
* Fri Oct 17 2003 Dan Walsh <dwalsh@redhat.com> 0.77-13.sel
5c721c
- Turn on Selinux 
5c721c
5c721c
* Fri Oct 17 2003 Dan Walsh <dwalsh@redhat.com> 0.77-12
5c721c
- Fix pam_timestamp to work when 0 seconds have elapsed
5c721c
5c721c
* Mon Oct 6 2003 Dan Walsh <dwalsh@redhat.com> 0.77-11
5c721c
- Turn off selinux
5c721c
5c721c
* Thu Sep 25 2003 Dan Walsh <dwalsh@redhat.com> 0.77-10.sel
5c721c
- Turn on Selinux and remove multiple choice of context.  
5c721c
5c721c
* Wed Sep 24 2003 Dan Walsh <dwalsh@redhat.com> 0.77-10
5c721c
- Turn off selinux
5c721c
5c721c
* Wed Sep 24 2003 Dan Walsh <dwalsh@redhat.com> 0.77-9.sel
5c721c
- Add Russell's patch to check password
5c721c
5c721c
* Wed Sep 17 2003 Dan Walsh <dwalsh@redhat.com> 0.77-8.sel
5c721c
- handle ttys correctly in pam_selinux
5c721c
5c721c
* Fri Sep 05 2003 Dan Walsh <dwalsh@redhat.com> 0.77-7.sel
5c721c
- Clean up memory problems and fix tty handling.
5c721c
5c721c
* Mon Jul 28 2003 Dan Walsh <dwalsh@redhat.com> 0.77-6
5c721c
- Add manual context selection to pam_selinux
5c721c
5c721c
* Mon Jul 28 2003 Dan Walsh <dwalsh@redhat.com> 0.77-5
5c721c
- Add pam_selinux
5c721c
5c721c
* Mon Jul 28 2003 Dan Walsh <dwalsh@redhat.com> 0.77-4
5c721c
- Add SELinux support
5c721c
5c721c
* Thu Jul 24 2003 Nalin Dahyabhai <nalin@redhat.com> 0.77-3
5c721c
- pam_postgresok: add
5c721c
- pam_xauth: add "targetuser" argument
5c721c
5c721c
* Tue Jul 22 2003 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- pam_succeed_if: fix thinko in argument parsing which would walk past the
5c721c
  end of the argument list
5c721c
5c721c
* Wed Jul  9 2003 Nalin Dahyabhai <nalin@redhat.com> 0.77-2
5c721c
- reapply:
5c721c
  - set handler for SIGCHLD to SIG_DFL around *_chkpwd, not SIG_IGN
5c721c
5c721c
* Mon Jul  7 2003 Nalin Dahyabhai <nalin@redhat.com> 0.77-1
5c721c
- pam_timestamp: fail if the key file doesn't contain enough data
5c721c
5c721c
* Thu Jul  3 2003 Nalin Dahyabhai <nalin@redhat.com> 0.77-0
5c721c
- update to 0.77 upstream release
5c721c
  - pam_limits: limits now affect root as well
5c721c
  - pam_nologin: returns PAM_IGNORE instead of PAM_SUCCESS unless "successok"
5c721c
    is given as an argument
5c721c
  - pam_userdb: correctly return PAM_AUTH_ERR instead of PAM_USER_UNKNOWN when
5c721c
    invoked with the "key_only" argument and the database has an entry of the
5c721c
    form "user-<wrongpassword>"
5c721c
- use a bundled libdb for pam_userdb.so because the system copy uses threads,
5c721c
  and demand-loading a shared library which uses threads into an application
5c721c
  which doesn't is a Very Bad Idea
5c721c
5c721c
* Thu Jul  3 2003 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- pam_timestamp: use a message authentication code to validate timestamp files
5c721c
5c721c
* Mon Jun 30 2003 Nalin Dahyabhai <nalin@redhat.com> 0.75-48.1
5c721c
- rebuild
5c721c
5c721c
* Mon Jun  9 2003 Nalin Dahyabhai <nalin@redhat.com> 0.75-49
5c721c
- modify calls to getlogin() to check the directory of the current TTY before
5c721c
  searching for an entry in the utmp/utmpx file (#98020, #98826, CAN-2003-0388)
5c721c
5c721c
* Wed Jun 04 2003 Elliot Lee <sopwith@redhat.com>
5c721c
- rebuilt
5c721c
5c721c
* Mon Feb 10 2003 Bill Nottingham <notting@redhat.com> 0.75-48
5c721c
- set handler for SIGCHLD to SIG_DFL around *_chkpwd, not SIG_IGN
5c721c
5c721c
* Wed Jan 22 2003 Tim Powers <timp@redhat.com> 0.75-47
5c721c
- rebuilt
5c721c
5c721c
* Tue Dec 17 2002 Nalin Dahyabhai <nalin@redhat.com> 0.75-46
5c721c
- pam_xauth: reintroduce ACL support, per the original white paper
5c721c
- pam_xauth: default root's export ACL to none instead of everyone
5c721c
5c721c
* Mon Dec  2 2002 Nalin Dahyabhai <nalin@redhat.com> 0.75-45
5c721c
- create /lib/security, even if it isn't /%%{_lib}/security, because we
5c721c
  can't locate /lib/security/$ISA without it (noted by Arnd Bergmann)
5c721c
- clear out the duplicate docs directory created during %%install
5c721c
5c721c
* Thu Nov 21 2002 Nalin Dahyabhai <nalin@redhat.com> 0.75-44
5c721c
- fix syntax errors in pam_console's yacc parser which newer bison chokes on
5c721c
- forcibly set FAKEROOT at make install time
5c721c
5c721c
* Tue Oct 22 2002 Nalin Dahyabhai <nalin@redhat.com> 0.75-43
5c721c
- patch to interpret $ISA in case the fist module load attempt fails
5c721c
- use $ISA in default configs
5c721c
5c721c
* Fri Oct 04 2002 Elliot Lee <sopwith@redhat.com> 0.75-42
5c721c
- Since cracklib-dicts location will not be correctly detected without 
5c721c
  that package being installed, add buildreq for cracklib-dicts.
5c721c
- Add patch57: makes configure use $LIBNAME when searching for cracklib 
5c721c
  dicts, and error out if not found.
5c721c
5c721c
* Thu Sep 12 2002 Than Ngo <than@redhat.com> 0.75-41.1
5c721c
- Fixed pam config files
5c721c
5c721c
* Wed Sep 11 2002 Than Ngo <than@redhat.com> 0.75-41
5c721c
- Added fix to install libs in correct directory on 64bit machine
5c721c
5c721c
* Fri Aug  2 2002 Nalin Dahyabhai <nalin@redhat.com> 0.75-40
5c721c
- pam_timestamp_check: check that stdio descriptors are open before we're
5c721c
  invoked
5c721c
- add missing chroot.conf
5c721c
5c721c
* Mon Jul 29 2002 Nalin Dahyabhai <nalin@redhat.com> 0.75-39
5c721c
- pam_timestamp: sundry fixes, use "unknown" as the tty when none is found
5c721c
5c721c
* Thu Jun 27 2002 Nalin Dahyabhai <nalin@redhat.com> 0.75-38
5c721c
- pam_timestamp_check: be as smart about figuring out the tty as the module is
5c721c
5c721c
* Wed Jun 19 2002 Nalin Dahyabhai <nalin@redhat.com> 0.75-37
5c721c
- pam_timestamp_check: remove extra unlink() call spotted by Havoc
5c721c
5c721c
* Mon Jun 17 2002 Nalin Dahyabhai <nalin@redhat.com> 0.75-36
5c721c
- pam_timestamp: chown intermediate directories when creating them
5c721c
- pam_timestamp_check: add -d flag to poll
5c721c
5c721c
* Thu May 23 2002 Nalin Dahyabhai <nalin@redhat.com> 0.75-35
5c721c
- pam_timestamp: add some sanity checks
5c721c
- pam_timestamp_check: add
5c721c
5c721c
* Wed May 22 2002 Nalin Dahyabhai <nalin@redhat.com> 0.75-34
5c721c
- pam_timestamp: add a 'verbose' option
5c721c
5c721c
* Thu May 16 2002 Nalin Dahyabhai <nalin@redhat.com> 0.75-33
5c721c
- rebuild with db4
5c721c
- just bundle install-sh into the source package
5c721c
5c721c
* Tue Apr  9 2002 Nalin Dahyabhai <nalin@redhat.com> 0.75-32
5c721c
- pam_unix: be more compatible with AIX-style shadowing (#19236)
5c721c
5c721c
* Thu Mar 28 2002 Nalin Dahyabhai <nalin@redhat.com> 0.75-31
5c721c
- libpam_misc: fix possible infinite loop in misc_conv (#62195)
5c721c
- pam_xauth: fix cases where DISPLAY is "localhost:screen" and the xauth
5c721c
  key is actually stored using the system's hostname (#61524)
5c721c
5c721c
* Mon Mar 25 2002 Nalin Dahyabhai <nalin@redhat.com> 0.75-30
5c721c
- rebuild
5c721c
5c721c
* Mon Mar 25 2002 Nalin Dahyabhai <nalin@redhat.com> 0.75-29
5c721c
- rebuild
5c721c
5c721c
* Mon Mar 11 2002 Nalin Dahyabhai <nalin@redhat.com> 0.75-28
5c721c
- include the pwdb config file
5c721c
5c721c
* Fri Mar  1 2002 Nalin Dahyabhai <nalin@redhat.com> 0.75-27
5c721c
- adjust the pwdb-static patch to build pam_radius correctly (#59408)
5c721c
5c721c
* Fri Mar  1 2002 Nalin Dahyabhai <nalin@redhat.com> 0.75-26
5c721c
- change the db4-devel build dependency to db3-devel
5c721c
5c721c
* Thu Feb 21 2002 Nalin Dahyabhai <nalin@redhat.com> 0.75-25
5c721c
- rebuild
5c721c
5c721c
* Fri Feb  8 2002 Nalin Dahyabhai <nalin@redhat.com> 0.75-24
5c721c
- pam_unix: log successful password changes
5c721c
- remove pam_timestamp
5c721c
5c721c
* Thu Feb  7 2002 Nalin Dahyabhai <nalin@redhat.com> 0.75-23
5c721c
- fix pwdb embedding
5c721c
- add pam_timestamp
5c721c
5c721c
* Thu Jan 31 2002 Nalin Dahyabhai <nalin@redhat.com> 0.75-22
5c721c
- swallow up pwdb 0.61.1 for building pam_pwdb
5c721c
5c721c
* Wed Jan 23 2002 Nalin Dahyabhai <nalin@redhat.com> 0.75-21
5c721c
- pam_userdb: build with db4 instead of db3
5c721c
5c721c
* Thu Nov 22 2001 Nalin Dahyabhai <nalin@redhat.com> 0.75-20
5c721c
- pam_stack: fix some memory leaks (reported by Fernando Trias)
5c721c
- pam_chroot: integrate Owl patch to report the more common causes of failures
5c721c
5c721c
* Fri Nov  9 2001 Nalin Dahyabhai <nalin@redhat.com> 0.75-19
5c721c
- fix a bug in the getpwnam_r wrapper which sometimes resulted in false
5c721c
  positives for non-existent users
5c721c
5c721c
* Wed Nov  7 2001 Nalin Dahyabhai <nalin@redhat.com> 0.75-18
5c721c
- include libpamc in the pam package (#55651)
5c721c
5c721c
* Fri Nov  2 2001 Nalin Dahyabhai <nalin@redhat.com> 0.75-17
5c721c
- pam_xauth: don't free a string after passing it to putenv()
5c721c
5c721c
* Wed Oct 24 2001 Nalin Dahyabhai <nalin@redhat.com> 0.75-16
5c721c
- pam_xauth: always return PAM_SUCCESS or PAM_SESSION_ERR instead of PAM_IGNORE,
5c721c
  matching the previous behavior (libpam treats PAM_IGNORE from a single module
5c721c
  in a stack as a session error, leading to false error messages if we just
5c721c
  return PAM_IGNORE for all cases)
5c721c
5c721c
* Mon Oct 22 2001 Nalin Dahyabhai <nalin@redhat.com> 0.75-15
5c721c
- reorder patches so that the reentrancy patch is applied last -- we never
5c721c
  came to a consensus on how to guard against the bugs in calling applications
5c721c
  which this sort of change addresses, and having them last allows for dropping
5c721c
  in a better strategy for addressing this later on
5c721c
5c721c
* Mon Oct 15 2001 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- pam_rhosts: allow "+hostname" as a synonym for "hostname" to jive better
5c721c
  with the hosts.equiv(5) man page
5c721c
- use the automake install-sh instead of the autoconf install-sh, which
5c721c
  disappeared somewhere between 2.50 and now
5c721c
5c721c
* Mon Oct  8 2001 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- add pwdb as a buildprereq
5c721c
5c721c
* Fri Oct  5 2001 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- pam_tally: don't try to read past the end of faillog -- it probably contains
5c721c
  garbage, which if written into the file later on will confuse /usr/bin/faillog
5c721c
5c721c
* Thu Oct  4 2001 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- pam_limits: don't just return if the user is root -- we'll want to set the
5c721c
  priority (it could be negative to elevate root's sessions)
5c721c
- pam_issue: fix off-by-one error allocating space for the prompt string
5c721c
5c721c
* Wed Oct  3 2001 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- pam_mkhomedir: recurse into subdirectories properly
5c721c
- pam_mkhomedir: handle symlinks
5c721c
- pam_mkhomedir: skip over special items in the skeleton directory
5c721c
5c721c
* Tue Oct  2 2001 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- add cracklib as a buildprereq
5c721c
- pam_wheel: don't ignore out if the user is attempting to switch to a
5c721c
  unprivileged user (this lets pam_wheel do its thing when users attempt
5c721c
  to get to system accounts or accounts of other unprivileged users)
5c721c
5c721c
* Fri Sep 28 2001 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- pam_xauth: close a possible DoS due to use of dotlock-style locking in
5c721c
  world-writable directories by relocating the temporary file to the target
5c721c
  user's home directory
5c721c
- general: include headers local to this tree using relative paths so that
5c721c
  system headers for PAM won't be pulled in, in case include paths don't
5c721c
  take care of it
5c721c
5c721c
* Thu Sep 27 2001 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- pam_xauth: rewrite to skip refcounting and just use a temporary file
5c721c
  created using mkstemp() in /tmp
5c721c
5c721c
* Tue Sep 25 2001 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- pam_userdb: fix the key_only flag so that the null-terminator of the
5c721c
  user-password string isn't expected to be part of the key in the db file,
5c721c
  matching the behavior of db_load 3.2.9
5c721c
5c721c
* Mon Sep 24 2001 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- pam_unix: use crypt() instead of bigcrypt() when salted field is less than
5c721c
  the critical size which lets us know it was generated with bigcrypt()
5c721c
- use a wrapper to handle ERANGE errors when calling get....._r functions:
5c721c
  defining PAM_GETPWNAM_R and such (for getpwnam, getpwuid, getgrnam,
5c721c
  getgrgid, and getspnam) before including _pam_macros.h will cause them
5c721c
  to be implemented as static functions, similar to how defining PAM_SM_xxx
5c721c
  is used to control whether or not PAM declares prototypes for certain
5c721c
  functions
5c721c
5c721c
* Mon Sep 24 2001 Nalin Dahyabhai <nalin@redhat.com> 0.75-14
5c721c
- pam_unix: argh, compare entire pruned salt string with crypted result, always
5c721c
5c721c
* Sat Sep  8 2001 Bill Nottingham <notting@redhat.com> 0.75-13
5c721c
- ship /lib/lib{pam,pam_misc}.so for legacy package builds
5c721c
5c721c
* Thu Sep  6 2001 Nalin Dahyabhai <nalin@redhat.com> 0.75-12
5c721c
- noreplace configuration files in /etc/security
5c721c
- pam_console: update pam_console_apply and man pages to reflect
5c721c
  /var/lock -> /var/run move
5c721c
5c721c
* Wed Sep  5 2001 Nalin Dahyabhai <nalin@redhat.com> 0.75-11
5c721c
- pam_unix: fix the fix for #42394
5c721c
5c721c
* Tue Sep  4 2001 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- modules: use getpwnam_r and friends instead of non-reentrant versions
5c721c
- pam_console: clear generated .c and .h files in "clean" makefile target
5c721c
5c721c
* Thu Aug 30 2001 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- pam_stack: perform deep copy of conversation structures
5c721c
- include the static libpam in the -devel subpackage (#52321)
5c721c
- move development .so and .a files to %%{_libdir}
5c721c
- pam_unix: don't barf on empty passwords (#51846)
5c721c
- pam_unix: redo compatibility with "hash,age" data wrt bigcrypt (#42394)
5c721c
- console.perms: add usb camera, scanner, and rio devices (#15528)
5c721c
- pam_cracklib: initialize all options properly (#49613)
5c721c
5c721c
* Wed Aug 22 2001 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- pam_limits: don't rule out negative priorities
5c721c
5c721c
* Mon Aug 13 2001 Nalin Dahyabhai <nalin@redhat.com> 0.75-10
5c721c
- pam_xauth: fix errors due to uninitialized data structure (fix from Tse Huong
5c721c
  Choo)
5c721c
- pam_xauth: random cleanups
5c721c
- pam_console: use /var/run/console instead of /var/lock/console at install-time
5c721c
- pam_unix: fix preserving of permissions on files which are manipulated
5c721c
5c721c
* Fri Aug 10 2001 Bill Nottingham <notting@redhat.com>
5c721c
- fix segfault in pam_securetty
5c721c
5c721c
* Thu Aug  9 2001 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- pam_console: use /var/run/console instead of /var/lock/console for lock files
5c721c
- pam_issue: read the right number of bytes from the file
5c721c
5c721c
* Mon Jul  9 2001 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- pam_wheel: don't error out if the group has no members, but is the user's
5c721c
  primary GID (reported by David Vos)
5c721c
- pam_unix: preserve permissions on files which are manipulated (#43706)
5c721c
- pam_securetty: check if the user is the superuser before checking the tty,
5c721c
  thereby allowing regular users access to services which don't set the
5c721c
  PAM_TTY item (#39247)
5c721c
- pam_access: define NIS and link with libnsl (#36864)
5c721c
5c721c
* Thu Jul  5 2001 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- link libpam_misc against libpam
5c721c
5c721c
* Tue Jul  3 2001 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- pam_chroot: chdir() before chroot()
5c721c
5c721c
* Fri Jun 29 2001 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- pam_console: fix logic bug when changing permissions on single
5c721c
  file and/or lists of files
5c721c
- pam_console: return the proper error code (reported and patches
5c721c
  for both from Frederic Crozat)
5c721c
- change deprecated Copyright: tag in .spec file to License:
5c721c
5c721c
* Mon Jun 25 2001 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- console.perms: change js* to js[0-9]*
5c721c
- include pam_aconf.h in more modules (patches from Harald Welte)
5c721c
5c721c
* Thu May 24 2001 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- console.perms: add apm_bios to the list of devices the console owner can use
5c721c
- console.perms: add beep to the list of sound devices
5c721c
5c721c
* Mon May  7 2001 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- link pam_console_apply statically with libglib (#38891)
5c721c
5c721c
* Mon Apr 30 2001 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- pam_access: compare IP addresses with the terminating ".", as documented
5c721c
  (patch from Carlo Marcelo Arenas Belon, I think) (#16505)
5c721c
5c721c
* Mon Apr 23 2001 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- merge up to 0.75
5c721c
- pam_unix: temporarily ignore SIGCHLD while running the helper
5c721c
- pam_pwdb: temporarily ignore SIGCHLD while running the helper
5c721c
- pam_dispatch: default to uncached behavior if the cached chain is empty
5c721c
5c721c
* Fri Apr  6 2001 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- correct speling errors in various debug messages and doc files (#33494)
5c721c
5c721c
* Thu Apr  5 2001 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- prereq sed, fileutils (used in %%post)
5c721c
5c721c
* Wed Apr  4 2001 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- remove /dev/dri from console.perms -- XFree86 munges it, so it's outside of
5c721c
  our control (reminder from Daryll Strauss)
5c721c
- add /dev/3dfx to console.perms
5c721c
5c721c
* Fri Mar 23 2001 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- pam_wheel: make 'trust' and 'deny' work together correctly
5c721c
- pam_wheel: also check the user's primary gid
5c721c
- pam_group: also initialize groups when called with PAM_REINITIALIZE_CRED
5c721c
5c721c
* Tue Mar 20 2001 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- mention pam_console_apply in the see also section of the pam_console man pages
5c721c
5c721c
* Fri Mar 16 2001 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- console.perms: /dev/vc/* should be a regexp, not a glob (thanks to
5c721c
  Charles Lopes)
5c721c
5c721c
* Mon Mar 12 2001 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- console.perms: /dev/cdroms/* should belong to the user, from Douglas
5c721c
  Gilbert via Tim Waugh
5c721c
5c721c
* Thu Mar  8 2001 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- pam_console_apply: muck with devices even if the mount point doesn't exist
5c721c
5c721c
* Wed Mar  7 2001 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- pam_console: error out on undefined classes in pam_console config file
5c721c
- console.perms: actually change the permissions on the new device classes
5c721c
- pam_console: add an fstab= argument, and -f and -c flags to pam_console_apply
5c721c
- pam_console: use g_log instead of g_critical when bailing out
5c721c
- console.perms: logins on /dev/vc/* are also console logins, from Douglas
5c721c
  Gilbert via Tim Waugh
5c721c
5c721c
* Tue Mar  6 2001 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- add pam_console_apply
5c721c
- /dev/pilot's usually a serial port (or a USB serial port), so revert its
5c721c
  group to 'uucp' instead of 'tty' in console.perms
5c721c
- change pam_console's behavior wrt directories -- directories which are
5c721c
  mount points according to /etc/fstab are taken to be synonymous with
5c721c
  their device special nodes, and directories which are not mount points
5c721c
  are ignored
5c721c
5c721c
* Tue Feb 27 2001 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- handle errors fork()ing in pam_xauth
5c721c
- make the "other" config noreplace
5c721c
5c721c
* Mon Feb 26 2001 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- user should own the /dev/video directory, not the non-existent /dev/v4l
5c721c
- tweak pam_limits doc
5c721c
5c721c
* Wed Feb 21 2001 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- own /etc/security
5c721c
- be more descriptive when logging messages from pam_limits
5c721c
- pam_listfile: remove some debugging code (#28346)
5c721c
5c721c
* Mon Feb 19 2001 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- pam_lastlog: don't pass NULL to logwtmp()
5c721c
5c721c
* Fri Feb 16 2001 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- pam_listfile: fix argument parser (#27773)
5c721c
- pam_lastlog: link to libutil
5c721c
5c721c
* Tue Feb 13 2001 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- pam_limits: change the documented default config file to reflect the defaults
5c721c
- pam_limits: you should be able to log in a total of maxlogins times, not
5c721c
  (maxlogins - 1)
5c721c
- handle group limits on maxlogins correctly (#25690)
5c721c
5c721c
* Mon Feb 12 2001 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- change the pam_xauth default maximum "system user" ID from 499 to 99 (#26343)
5c721c
5c721c
* Wed Feb  7 2001 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- refresh the default system-auth file, pam_access is out
5c721c
5c721c
* Mon Feb  5 2001 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- actually time out when attempting to lckpwdf() (#25889)
5c721c
- include time.h in pam_issue (#25923)
5c721c
- update the default system-auth to the one generated by authconfig 4.1.1
5c721c
- handle getpw??? and getgr??? failures more gracefully (#26115)
5c721c
- get rid of some extraneous {set,end}{pw,gr}ent() calls
5c721c
5c721c
* Tue Jan 30 2001 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- overhaul pam_stack to account for abstraction libpam now provides
5c721c
5c721c
* Tue Jan 23 2001 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- remove pam_radius at request of author
5c721c
5c721c
* Mon Jan 22 2001 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- merge to 0.74
5c721c
- make console.perms match perms set by MAKEDEV, and add some devfs device names
5c721c
- add 'sed' to the buildprereq list (#24666)
5c721c
5c721c
* Sun Jan 21 2001 Matt Wilson <msw@redhat.com>
5c721c
- added "exit 0" to the end of the pre script
5c721c
5c721c
* Fri Jan 19 2001 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- self-hosting fix from Guy Streeter
5c721c
5c721c
* Wed Jan 17 2001 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- use gcc for LD_L to pull in intrinsic stuff on ia64
5c721c
5c721c
* Fri Jan 12 2001 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- take another whack at compatibility with "hash,age" data in pam_unix (#21603)
5c721c
5c721c
* Wed Jan 10 2001 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- make the -devel subpackage unconditional
5c721c
5c721c
* Tue Jan  9 2001 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- merge/update to 0.73
5c721c
5c721c
* Mon Dec 18 2000 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- refresh from CVS -- some weird stuff crept into pam_unix
5c721c
5c721c
* Tue Dec 12 2000 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- fix handling of "nis" when changing passwords by adding the checks for the
5c721c
  data source to the password-updating module in pam_unix
5c721c
- add the original copyright for pam_access (fix from Michael Gerdts)
5c721c
5c721c
* Thu Nov 30 2000 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- redo similar() using a distance algorithm and drop the default dif_ok to 5
5c721c
- readd -devel
5c721c
5c721c
* Wed Nov 29 2000 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- fix similar() function in pam_cracklib (#14740)
5c721c
- fix example in access.conf (#21467)
5c721c
- add conditional compilation for building for 6.2 (for pam_userdb)
5c721c
- tweak post to not use USESHADOW any more
5c721c
5c721c
* Tue Nov 28 2000 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- make EINVAL setting lock limits in pam_limits non-fatal, because it's a 2.4ism
5c721c
5c721c
* Tue Nov 21 2000 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- revert to DB 3.1, which is what we were supposed to be using from the get-go
5c721c
5c721c
* Mon Nov 20 2000 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- add RLIMIT_LOCKS to pam_limits (patch from Jes Sorensen) (#20542)
5c721c
- link pam_userdb to Berkeley DB 2.x to match 6.2's setup correctly
5c721c
5c721c
* Mon Nov  6 2000 Matt Wilson <msw@redhat.com>
5c721c
- remove prereq on sh-utils, test ([) is built in to bash
5c721c
5c721c
* Thu Oct 19 2000 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- fix the pam_userdb module breaking
5c721c
5c721c
* Wed Oct 18 2000 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- fix pam_unix likeauth argument for authenticate(),setcred(),setcred()
5c721c
5c721c
* Tue Oct 17 2000 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- tweak pre script to be called in all upgrade cases
5c721c
- get pam_unix to only care about the significant pieces of passwords it checks
5c721c
- add /usr/include/db1/db.h as a build prereq to pull in the right include
5c721c
  files, no matter whether they're in glibc-devel or db1-devel
5c721c
- pam_userdb.c: include db1/db.h instead of db.h
5c721c
5c721c
* Wed Oct 11 2000 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- add BuildPrereq for bison (suggested by Bryan Stillwell)
5c721c
5c721c
* Fri Oct  6 2000 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- patch from Dmitry V. Levin to have pam_stack propagate the PAM fail_delay
5c721c
- roll back the README for pam_xauth to actually be the right one
5c721c
- tweak pam_stack to use the parent's service name when calling the substack
5c721c
5c721c
* Wed Oct  4 2000 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- create /etc/sysconfig/authconfig at install-time if upgrading
5c721c
5c721c
* Mon Oct  2 2000 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- modify the files list to make sure #16456 stays fixed
5c721c
- make pam_stack track PAM_AUTHTOK and PAM_OLDAUTHTOK items
5c721c
- add pam_chroot module
5c721c
- self-hosting fixes from the -devel split
5c721c
- update generated docs in the tree
5c721c
5c721c
* Tue Sep 12 2000 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- split off a -devel subpackage
5c721c
- install the developer man pages
5c721c
5c721c
* Sun Sep 10 2000 Bill Nottingham <notting@redhat.com>
5c721c
- build libraries before modules
5c721c
5c721c
* Wed Sep  6 2000 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- fix problems when looking for headers in /usr/include (#17236)
5c721c
- clean up a couple of compile warnings
5c721c
5c721c
* Tue Aug 22 2000 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- give users /dev/cdrom* instead of /dev/cdrom in console.perms (#16768)
5c721c
- add nvidia control files to console.perms
5c721c
5c721c
* Tue Aug 22 2000 Bill Nottingham <notting@redhat.com>
5c721c
- add DRI devices to console.perms (#16731)
5c721c
5c721c
* Thu Aug 17 2000 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- move pam_filter modules to /lib/security/pam_filter (#16111)
5c721c
- add pam_tally's application to allow counts to be reset (#16456)
5c721c
- move README files to the txts subdirectory
5c721c
5c721c
* Mon Aug 14 2000 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- add a postun that runs ldconfig
5c721c
- clean up logging in pam_xauth
5c721c
5c721c
* Fri Aug  4 2000 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- make the tarball include the release number in its name
5c721c
5c721c
* Mon Jul 31 2000 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- add a broken_shadow option to pam_unix
5c721c
- add all module README files to the documentation list (#16456)
5c721c
5c721c
* Tue Jul 25 2000 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- fix pam_stack debug and losing-track-of-the-result bug
5c721c
5c721c
* Mon Jul 24 2000 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- rework pam_console's usage of syslog to actually be sane (#14646)
5c721c
5c721c
* Sat Jul 22 2000 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- take the LOG_ERR flag off of some of pam_console's new messages
5c721c
5c721c
* Fri Jul 21 2000 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- add pam_localuser
5c721c
5c721c
* Wed Jul 12 2000 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- need to make pam_console's checking a little stronger
5c721c
- only pass data up from pam_stack if the parent didn't already define it
5c721c
5c721c
* Wed Jul 12 2000 Prospector <bugzilla@redhat.com>
5c721c
- automatic rebuild
5c721c
5c721c
* Tue Jul 11 2000 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- make pam_console's extra checks disableable
5c721c
- simplify extra check to just check if the device owner is root
5c721c
- add a debug log when pam_stack comes across a NULL item
5c721c
- have pam_stack hand items up to the parent from the child
5c721c
5c721c
* Mon Jul  3 2000 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- fix installation of pam_xauth man pages (#12417)
5c721c
- forcibly strip helpers (#12430)
5c721c
- try to make pam_console a little more discriminating
5c721c
5c721c
* Mon Jun 19 2000 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- symlink libpam.so to libpam.so.%%{version}, and likewise for libpam_misc
5c721c
- reverse order of checks in _unix_getpwnam for pam_unix
5c721c
5c721c
* Wed Jun 14 2000 Preston Brown <pbrown@redhat.com>
5c721c
- include gpmctl in pam_console
5c721c
5c721c
* Mon Jun 05 2000 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- add MANDIR definition and use it when installing man pages
5c721c
5c721c
* Mon Jun 05 2000 Preston Brown <pbrown@redhat.com>
5c721c
- handle scanner and cdwriter devices in pam_console
5c721c
5c721c
* Sat Jun  3 2000 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- add account management wrappers for pam_listfile, pam_nologin, pam_securetty,
5c721c
  pam_shells, and pam_wheel
5c721c
5c721c
* Thu Jun  1 2000 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- add system-auth control file
5c721c
- let gethostname() call in pam_access.c be implicitly declared to avoid
5c721c
  conflicting types if unistd.c declares it
5c721c
5c721c
* Mon May 15 2000 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- fix problems compiling on Red Hat Linux 5.x (bug #11005)
5c721c
5c721c
* Wed Apr 26 2000 Bill Nottingham <notting@redhat.com>
5c721c
- fix size assumptions in pam_(pwdb|unix) md5 code
5c721c
5c721c
* Mon Mar 20 2000 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- Add new pam_stack module.
5c721c
- Install pwdb_chkpwd and unix_chkpwd as the current user for non-root builds
5c721c
5c721c
* Sat Feb 05 2000 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- Fix pam_xauth bug #6191.
5c721c
5c721c
* Thu Feb 03 2000 Elliot Lee <sopwith@redhat.com>
5c721c
- Add a patch to accept 'pts/N' in /etc/securetty as a match for tty '5'
5c721c
  (which is what other pieces of the system think it is). Fixes bug #7641.
5c721c
5c721c
* Mon Jan 31 2000 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- argh, turn off gratuitous debugging
5c721c
5c721c
* Wed Jan 19 2000 Nalin Dahyabhai <nalin@redhat.com>
5c721c
- update to 0.72
5c721c
- fix pam_unix password-changing bug
5c721c
- fix pam_unix's cracklib support
5c721c
- change package URL
5c721c
5c721c
* Mon Jan 03 2000 Cristian Gafton <gafton@redhat.com>
5c721c
- don't allow '/' on service_name
5c721c
5c721c
* Thu Oct 21 1999 Cristian Gafton <gafton@redhat.com>
5c721c
- enhance the pam_userdb module some more
5c721c
5c721c
* Fri Sep 24 1999 Cristian Gafton <gafton@redhat.com>
5c721c
- add documenatation
5c721c
5c721c
* Tue Sep 21 1999 Michael K. Johnson <johnsonm@redhat.com>
5c721c
- a tiny change to pam_console to make it not loose track of console users
5c721c
5c721c
* Mon Sep 20 1999 Michael K. Johnson <johnsonm@redhat.com>
5c721c
- a few fixes to pam_xauth to make it more robust
5c721c
5c721c
* Wed Jul 14 1999 Michael K. Johnson <johnsonm@redhat.com>
5c721c
- pam_console: added <xconsole> to manage /dev/console
5c721c
5c721c
* Thu Jul 01 1999 Michael K. Johnson <johnsonm@redhat.com>
5c721c
- pam_xauth: New refcounting implementation based on idea from Stephen Tweedie
5c721c
5c721c
* Sat Apr 17 1999 Michael K. Johnson <johnsonm@redhat.com>
5c721c
- added video4linux devices to /etc/security/console.perms
5c721c
5c721c
* Fri Apr 16 1999 Michael K. Johnson <johnsonm@redhat.com>
5c721c
- added joystick lines to /etc/security/console.perms
5c721c
5c721c
* Thu Apr 15 1999 Michael K. Johnson <johnsonm@redhat.com>
5c721c
- fixed a couple segfaults in pam_xauth uncovered by yesterday's fix...
5c721c
5c721c
* Wed Apr 14 1999 Cristian Gafton <gafton@redhat.com>
5c721c
- use gcc -shared to link the shared libs
5c721c
5c721c
* Wed Apr 14 1999 Michael K. Johnson <johnsonm@redhat.com>
5c721c
- many bug fixes in pam_xauth
5c721c
- pam_console can now handle broken applications that do not set
5c721c
  the PAM_TTY item.
5c721c
5c721c
* Tue Apr 13 1999 Michael K. Johnson <johnsonm@redhat.com>
5c721c
- fixed glob/regexp confusion in pam_console, added kbd and fixed fb devices
5c721c
- added pam_xauth module
5c721c
5c721c
* Sat Apr 10 1999 Cristian Gafton <gafton@redhat.com>
5c721c
- pam_lastlog does wtmp handling now
5c721c
5c721c
* Thu Apr 08 1999 Michael K. Johnson <johnsonm@redhat.com>
5c721c
- added option parsing to pam_console
5c721c
- added framebuffer devices to default console.perms settings
5c721c
5c721c
* Wed Apr 07 1999 Cristian Gafton <gafton@redhat.com>
5c721c
- fixed empty passwd handling in pam_pwdb
5c721c
5c721c
* Mon Mar 29 1999 Michael K. Johnson <johnsonm@redhat.com>
5c721c
- changed /dev/cdrom default user permissions back to 0600 in console.perms
5c721c
  because some cdrom players open O_RDWR.
5c721c
5c721c
* Fri Mar 26 1999 Michael K. Johnson <johnsonm@redhat.com>
5c721c
- added /dev/jaz and /dev/zip to console.perms
5c721c
5c721c
* Thu Mar 25 1999 Michael K. Johnson <johnsonm@redhat.com>
5c721c
- changed the default user permissions for /dev/cdrom to 0400 in console.perms
5c721c
5c721c
* Fri Mar 19 1999 Michael K. Johnson <johnsonm@redhat.com>
5c721c
- fixed a few bugs in pam_console
5c721c
5c721c
* Thu Mar 18 1999 Michael K. Johnson <johnsonm@redhat.com>
5c721c
- pam_console authentication working
5c721c
- added /etc/security/console.apps directory
5c721c
5c721c
* Mon Mar 15 1999 Michael K. Johnson <johnsonm@redhat.com>
5c721c
- added pam_console files to filelist
5c721c
5c721c
* Fri Feb 12 1999 Cristian Gafton <gafton@redhat.com>
5c721c
- upgraded to 0.66, some source cleanups
5c721c
5c721c
* Mon Dec 28 1998 Cristian Gafton <gafton@redhat.com>
5c721c
- add patch from Savochkin Andrey Vladimirovich <saw@msu.ru> for umask
5c721c
  security risk
5c721c
5c721c
* Fri Dec 18 1998 Cristian Gafton <gafton@redhat.com>
5c721c
- upgrade to ver 0.65
5c721c
- build the package out of internal CVS server