Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

pam-32bit-1.7.0-slfo.1.1.1 RPM for x86_64

From OpenSuSE Leap 16.0 for x86_64

Name: pam-32bit Distribution: SUSE Linux Framework One
Version: 1.7.0 Vendor: SUSE LLC <https://www.suse.com/>
Release: slfo.1.1.1 Build date: Thu Oct 24 13:57:20 2024
Group: System/Libraries Build host: reproducible
Size: 840850 Source RPM: pam-1.7.0-slfo.1.1.1.src.rpm
Packager: https://www.suse.com/
Url: https://github.com/linux-pam/linux-pam
Summary: A Security Tool that Provides Authentication for Applications
PAM (Pluggable Authentication Modules) is a system security tool that
allows system administrators to set authentication policies without
having to recompile programs that do authentication.

Provides

Requires

License

GPL-2.0-or-later OR BSD-3-Clause

Changelog

* Thu Oct 24 2024 kukuk@suse.com
  - Update to version 1.7.0
    - build: changed build system from autotools to meson.
    - libpam_misc: use ECHOCTL in the terminal input
    - pam_access: support UID and GID in access.conf
    - pam_env: install environment file in vendordir if vendordir is enabled
    - pam_issue: only count class user if logind support is enabled
    - pam_limits: use systemd-logind instead of utmp if logind support is enabled
    - pam_unix: compare password hashes in constant time
    - Multiple minor bug fixes, build fixes, portability fixes,
      documentation improvements, and translation updates.
  - Drop upstream patches:
    - pam-bsc1194818-cursor-escape.patch
    - pam_limits-systemd.patch
    - pam_issue-systemd.patch
* Thu Sep 12 2024 kukuk@suse.com
  - baselibs.conf: add pam-userdb
* Tue Sep 10 2024 kukuk@suse.com
  - pam_limits-systemd.patch: update to final PR
* Fri Sep 06 2024 kukuk@suse.com
  - Add systemd-logind support to pam_limits (pam_limits-systemd.patch)
  - Remove /usr/etc/pam.d, everything should be migrated
  - Remove pam_limits from default common-sessions* files. pam_limits
    is now part of pam-extra and not in our default generated config.
  - pam_issue-systemd.patch: only count class user sessions
* Wed Aug 07 2024 sbrabec@suse.com
  - Prevent cursor escape from the login prompt [bsc#1194818]
    * Added: pam-bsc1194818-cursor-escape.patch
* Wed Apr 10 2024 kukuk@suse.com
  - Update to version 1.6.1
    - pam_env: fixed --disable-econf --enable-vendordir support.
    - pam_unix: do not warn if password aging is disabled.
    - pam_unix: try to set uid to 0 before unix_chkpwd invocation.
    - pam_unix: allow empty passwords with non-empty hashes.
    - Multiple minor bug fixes, build fixes, portability fixes,
      documentation improvements, and translation updates.
  - Remove backports:
    - pam_env-fix_vendordir.patch
    - pam_env-fix-enable-vendordir-fallback.patch
    - pam_env-remove-escaped-newlines.patch
    - pam_unix-fix-password-aging-disabled.patch
* Thu Feb 22 2024 valentin.lefebvre@suse.com
  - Use autosetup to prepare for RPM 4.20.
* Wed Feb 07 2024 kukuk@suse.com
  - pam.tmpfiles: Make sure the content of the /run directories get
    removed in case of a soft-reboot
* Tue Jan 30 2024 kukuk@suse.com
  - Enable pam_canonicalize_user.so
* Fri Jan 19 2024 kukuk@suse.com
  - Add post 1.6.0 release fixes for pam_env and pam_unix:
    - pam_env-fix-enable-vendordir-fallback.patch
    - pam_env-fix_vendordir.patch
    - pam_env-remove-escaped-newlines.patch
    - pam_unix-fix-password-aging-disabled.patch
  - Update to version 1.6.0
    - Added support of configuration files with arbitrarily long lines.
    - build: fixed build outside of the source tree.
    - libpam: added use of getrandom(2) as a source of randomness if available.
    - libpam: fixed calculation of fail delay with very long delays.
    - libpam: fixed potential infinite recursion with includes.
    - libpam: implemented string to number conversions validation when parsing
      controls in configuration.
    - pam_access: added quiet_log option.
    - pam_access: fixed truncation of very long group names.
    - pam_canonicalize_user: new module to canonicalize user name.
    - pam_echo: fixed file handling to prevent overflows and short reads.
    - pam_env: added support of '\' character in environment variable values.
    - pam_exec: allowed expose_authtok for password PAM_TYPE.
    - pam_exec: fixed stack overflow with binary output of programs.
    - pam_faildelay: implemented parameter ranges validation.
    - pam_listfile: changed to treat \r and \n exactly the same in configuration.
    - pam_mkhomedir: hardened directory creation against timing attacks.
    - Please note that using *at functions leads to more open file handles
      during creation.
    - pam_namespace: fixed potential local DoS (CVE-2024-22365).
    - pam_nologin: fixed file handling to prevent short reads.
    - pam_pwhistory: helper binary is now built only if SELinux support is
      enabled.
    - pam_pwhistory: implemented reliable usernames handling when remembering
      passwords.
    - pam_shells: changed to allow shell entries with absolute paths only.
    - pam_succeed_if: fixed treating empty strings as numerical value 0.
    - pam_unix: added support of disabled password aging.
    - pam_unix: synchronized password aging with shadow.
    - pam_unix: implemented string to number conversions validation.
    - pam_unix: fixed truncation of very long user names.
    - pam_unix: corrected rounds retrieval for configured encryption method.
    - pam_unix: implemented reliable usernames handling when remembering
      passwords.
    - pam_unix: changed to always run the helper to obtain shadow password
      entries.
    - pam_unix: unix_update helper binary is now built only if SELinux support
      is enabled.
    - pam_unix: added audit support to unix_update helper.
    - pam_userdb: added gdbm support.
    - Multiple minor bug fixes, portability fixes, documentation improvements,
      and translation updates.
  - The following patches are obsolete with the update:
    - pam_access-doc-IPv6-link-local.patch
    - pam_access-hostname-debug.patch
    - pam_shells-fix-econf-memory-leak.patch
    - pam_shells-fix-econf-memory-leak.patch
    - disable-examples.patch
  - pam-login_defs-check.sh: adjust checksum, SHA_CRYPT_MAX_ROUNDS
    is no longer used.
* Wed Aug 23 2023 kukuk@suse.com
  - Fix building without SELinux
* Mon Aug 07 2023 kukuk@suse.com
  - pam_access backports from upstream:
    - pam_access-doc-IPv6-link-local.patch:
      Document only partial supported IPv6 link local addresses
    - pam_access-hostname-debug.patch:
      Don't print error if we cannot resolve a hostname, does not
      need to be a hostname
    - pam_shells-fix-econf-memory-leak.patch:
      Free econf keys variable
    - disable-examples.patch:
      Don't build examples
* Tue May 09 2023 kukuk@suse.com
  - Update to final 1.5.3 release:
    - configure: added --enable-logind option to use logind instead of utmp
      in pam_issue and pam_timestamp.
    - pam_modutil_getlogin: changed to use getlogin() from libc instead of
      parsing utmp.
    - Added libeconf support to pam_env and pam_shells.
    - Added vendor directory support to pam_access, pam_env, pam_group,
      pam_faillock, pam_limits, pam_namespace, pam_pwhistory, pam_sepermit,
      pam_shells, and pam_time.
    - pam_limits: changed to not fail on missing config files.
    - pam_pwhistory: added conf= option to specify config file location.
    - pam_pwhistory: added file= option to specify password history file
      location.
    - pam_shells: added shells.d support when libeconf and vendordir are enabled.
    - Deprecated pam_lastlog: this module is no longer built by default because
      it uses utmp, wtmp, btmp and lastlog, but none of them are Y2038 safe,
      even on 64bit architectures.
      pam_lastlog will be removed in one of the next releases, consider using
      pam_lastlog2 (from https://github.com/thkukuk/lastlog2) and/or
      pam_wtmpdb (from https://github.com/thkukuk/wtmpdb) instead.
    - Deprecated _pam_overwrite(), _pam_overwrite_n(), and _pam_drop_reply()
      macros provided by _pam_macros.h; the memory override performed by these
      macros can be optimized out by the compiler and therefore can no longer
      be relied upon.
* Thu Apr 20 2023 kukuk@suse.com
  - pam-extra: add split provide
* Wed Apr 12 2023 kukuk@suse.com
  - pam-userdb: add split provide
* Tue Apr 11 2023 kukuk@suse.com
  - Drop pam-xauth_ownership.patch, got fixed in sudo itself
  - Drop pam-bsc1177858-dont-free-environment-string.patch, was a
    fix for above patch
* Thu Apr 06 2023 kukuk@suse.com
  - Use bcond selinux to disable SELinux
  - Remove old pam_unix_* compat symlinks
  - Move pam_userdb to own pam-userdb sub-package
  - pam-extra contains now modules having extended dependencies like
    libsystemd
  - Update to 1.5.3.90 git snapshot
  - Drop merged patches:
    - pam-git.diff
    - docbook5.patch
    - pam_pwhistory-docu.patch
    - pam_xauth_data.3.xml.patch
  - Drop Linux-PAM-1.5.2.90.tar.xz as we have to rebuild all
    documentation anyways and don't use the prebuild versions
  - Move all devel manual pages to pam-manpages, too. Fixes the
    problem that adjusted defaults not shown correct.
* Mon Mar 20 2023 kukuk@suse.com
  - Add common-session-nonlogin and postlogin-* pam.d config files
    for https://github.com/SUSE/pam-config/pull/16, pam_lastlog2
    and upcoming pam_wtmpdb.
* Fri Mar 10 2023 giuliano.belinassi@suse.com
  - Enable livepatching support on x86_64.
* Tue Jan 24 2023 valentin.lefebvre@suse.com
  - Use rpm macros for pam dist conf dir (/usr/etc/security)
* Wed Jan 18 2023 schubi@suse.com
  - Moved following files/dirs in /etc/security to vendor directory:
    access.conf, limits.d, sepermit.conf, time.conf, namespace.conf,
    namespace.d, namespace.init
* Sat Dec 24 2022 dleuenberger@suse.com
  - Also obsolete pam_unix-32bit to have clean upgrade path.
* Fri Dec 16 2022 kukuk@suse.com
  - Merge pam_unix back into pam, seperate package not needed anymore
* Thu Dec 15 2022 kukuk@suse.com
  - Update pam-git.diff to current upstream
    - pam_env: Use vendor specific pam_env.conf and environment as fallback
    - pam_shells: Use the vendor directory
    obsoletes pam_env_econf.patch
  - Refresh docbook5.patch
* Tue Dec 06 2022 kukuk@suse.com
  - pam_pwhistory-docu.patch, docbook5.patch: convert docu to
    docbook5
* Thu Dec 01 2022 kukuk@suse.com
  - pam-git.diff: update to current git
    - obsoletes pam-hostnames-in-access_conf.patch
    - obsoletes tst-pam_env-retval.c
  - pam_env_econf.patch refresh
* Tue Nov 22 2022 kukuk@suse.com
  - Move pam_env config files below /usr/etc
* Tue Oct 11 2022 schubi@suse.com
  - pam_env: Using libeconf for reading configuration and environment
    files. (Patch: pam_env_econf.patch; Testcase: tst-pam_env-retval.c)
* Fri Jun 17 2022 kukuk@suse.com
  - Keep old directory in filelist for migration
* Wed Jun 01 2022 kukuk@suse.com
  - Move PAM config files from /usr/etc/pam.d to /usr/lib/pam.d
* Fri Mar 11 2022 kukuk@suse.com
  - pam-hostnames-in-access_conf.patch: update with upstream
    submission. Fixes several bugs including memory leaks.
* Wed Feb 09 2022 kukuk@suse.com
  - Move group.conf and faillock.conf to /usr/etc/security
* Mon Feb 07 2022 kukuk@suse.com
  - Update to current git for enhanced vendordir support (pam-git.diff)
    Obsoletes:
    - 0001-Include-pam_xauth_data.3.xml-in-source-archive-400.patch
    - 0002-Only-include-vendordir-in-manual-page-if-set-401.patch
    - 0003-Use-vendor-specific-limits.conf-as-fallback-402.patch
* Mon Dec 13 2021 kukuk@suse.com
  - Drop pam_umask-usergroups-login_defs.patch, does more harm
    than helps. If not explizit specified as module option, we
    use UMASK from login.defs unmodified.
* Thu Nov 25 2021 kukuk@suse.com
  - Don't define doc/manpages packages in main build
* Wed Nov 24 2021 kukuk@suse.com
  - Add missing recommends and split provides
* Wed Nov 24 2021 kukuk@suse.com
  - Use multibuild to build docu with correct paths and available
    features.
* Mon Nov 22 2021 kukuk@suse.com
  - common-session: move pam_systemd to first position as if the
    file would have been generated with pam-config
  - Add vendordir fixes and enhancements from upstream:
    - pam_xauth_data.3.xml.patch
    - 0001-Include-pam_xauth_data.3.xml-in-source-archive-400.patch
    - 0002-Only-include-vendordir-in-manual-page-if-set-401.patch
    - 0003-Use-vendor-specific-limits.conf-as-fallback-402.patch
  - For buggy bot: Makefile-pam_unix-nis.diff belonged to the other
    spec file.
* Wed Nov 17 2021 sbrabec@suse.com
  - Update pam-login_defs-check.sh regexp and
    login_defs-support-for-pam symbol to version 1.5.2
    (new variable HMAC_CRYPTO_ALGO).
* Tue Nov 02 2021 gmbr3@opensuse.org
  - Add /run/pam_timestamp to pam.tmpfiles
* Tue Oct 12 2021 josef.moellers@suse.com
  - Corrected macro definition of %_pam_moduledir:
    %_pam_moduledir %{_libdir}/security
    [macros.pam]
* Wed Oct 06 2021 josef.moellers@suse.com
  - Prepend a slash to the expansion of %{_lib} in macros.pam as
    this are defined without a leading slash!
* Wed Sep 15 2021 kukuk@suse.com
  - Rename motd.tmpfiles to pam.tmpfiles
    - Add /run/faillock directory
* Fri Sep 10 2021 kukuk@suse.com
  - pam-login_defs-check.sh: adjust for new login.defs variable usages
* Mon Sep 06 2021 josef.moellers@suse.com
  - Update to 1.5.2
    Noteworthy changes in Linux-PAM 1.5.2:
    * pam_exec: implemented quiet_log option.
    * pam_mkhomedir: added support of HOME_MODE and UMASK from
      /etc/login.defs.
    * pam_timestamp: changed hmac algorithm to call openssl instead
      of the bundled sha1 implementation if selected, added option
      to select the hash algorithm to use with HMAC.
    * Added pkgconfig files for provided libraries.
    * Added --with-systemdunitdir configure option to specify systemd
      unit directory.
    * Added --with-misc-conv-bufsize configure option to specify the
      buffer size in libpam_misc's misc_conv() function, raised the
      default value for this parameter from 512 to 4096.
    * Multiple minor bug fixes, portability fixes, documentation
      improvements, and translation updates.
    pam_tally2 has been removed upstream, remove pam_tally2-removal.patch
    pam_cracklib has been removed from the upstream sources. This
    obsoletes pam-pam_cracklib-add-usersubstr.patch and
    pam_cracklib-removal.patch.
    The following patches have been accepted upstream and, so,
    are obsolete:
    - pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch
    - pam_securetty-don-t-complain-about-missing-config.patch
    - bsc1184358-prevent-LOCAL-from-being-resolved.patch
    - revert-check_shadow_expiry.diff
    [Linux-PAM-1.5.2-docs.tar.xz, Linux-PAM-1.5.2-docs.tar.xz.asc,
    Linux-PAM-1.5.2.tar.xz, Linux-PAM-1.5.2.tar.xz.asc,
    pam-pam_cracklib-add-usersubstr.patch, pam_cracklib-removal.patch,
    pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch,
    pam_securetty-don-t-complain-about-missing-config.patch,
    bsc1184358-prevent-LOCAL-from-being-resolved.patch,
    revert-check_shadow_expiry.diff]
* Thu Aug 12 2021 kukuk@suse.com
  - pam_umask-usergroups-login_defs.patch: Deprecate pam_umask
    explicit "usergroups" option and instead read it from login.def's
    "USERGROUP_ENAB" option if umask is only defined there.
    [bsc#1189139]
* Tue Aug 03 2021 pgajdos@suse.com
  - package man5/motd.5 as a man-pages link to man8/pam_motd.8
    [bsc#1188724]
* Tue Jul 13 2021 kukuk@suse.com
  - revert-check_shadow_expiry.diff: revert wrong
    CRYPT_SALT_METHOD_LEGACY check.
* Fri Jun 25 2021 gmbr3@opensuse.org
  - Create /run/motd.d
* Wed Jun 09 2021 lnussel@suse.de
  - Remove legacy pre-usrmerge compat code (removed pam-usrmerge.diff)
  - Backport patch to not install /usr/etc/securetty (boo#1033626) ie
    no distro defaults and don't complain about it missing
    (pam_securetty-don-t-complain-about-missing-config.patch)
  - add debug bcond to be able to build pam with debug output easily
  - add macros file to allow other packages to stop hardcoding
    directory names. Compatible with Fedora.
* Mon May 10 2021 josef.moellers@suse.com
  - In the 32-bit compatibility package for 64-bit architectures,
    require "systemd-32bit" to be also installed as it contains
    pam_systemd.so for 32 bit applications.
    [bsc#1185562, baselibs.conf]
* Wed Apr 07 2021 josef.moellers@suse.com
  - If "LOCAL" is configured in access.conf, and a login attempt from
    a remote host is made, pam_access tries to resolve "LOCAL" as
    a hostname and logs a failure.
    Checking explicitly for "LOCAL" and rejecting access in this case
    resolves this issue.
    [bsc#1184358, bsc1184358-prevent-LOCAL-from-being-resolved.patch]
* Wed Mar 31 2021 josef.moellers@suse.com
  - pam_limits: "unlimited" is not a legitimate value for "nofile"
    (see setrlimit(2)). So, when "nofile" is set to one of the
    "unlimited" values, it is set to the contents of
    "/proc/sys/fs/nr_open" instead.
    Also changed the manpage of pam_limits to express this.
    [bsc#1181443, pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch]
* Thu Feb 18 2021 kukuk@suse.com
  - Add missing conflicts for pam_unix-nis
* Tue Feb 16 2021 kukuk@suse.com
  - Split out pam_unix module and build without NIS support
* Fri Nov 27 2020 kukuk@suse.com
  - Update to 1.5.1
    - pam_unix: fixed CVE-2020-27780 - authentication bypass when a user
      doesn't exist and root password is blank [bsc#1179166]
    - pam_faillock: added nodelay option to not set pam_fail_delay
    - pam_wheel: use pam_modutil_user_in_group to check for the group membership
      with getgrouplist where it is available
* Thu Nov 26 2020 lnussel@suse.de
  - add macros.pam to abstract directory for pam modules
* Thu Nov 19 2020 kukuk@suse.com
  - Update to 1.5.0
    - obsoletes pam-bsc1178727-initialize-daysleft.patch
    - Multiple minor bug fixes, portability fixes, and documentation improvements.
    - Extended libpam API with pam_modutil_check_user_in_passwd function.
    - pam_faillock: changed /run/faillock/$USER permissions from 0600 to 0660.
    - pam_motd: read motd files with target user credentials skipping unreadable ones.
    - pam_pwhistory: added a SELinux helper executable.
    - pam_unix, pam_usertype: implemented avoidance of certain timing attacks.
    - pam_wheel: implemented PAM_RUSER fallback for the case when getlogin fails.
    - pam_env: Reading of the user environment is deprecated and will be removed
      at some point in the future.
    - libpam: pam_modutil_drop_priv() now correctly sets the target user's
      supplementary groups, allowing pam_motd to filter messages accordingly
  - Refresh pam-xauth_ownership.patch
  - pam_tally2-removal.patch: Re-add pam_tally2 for deprecated sub-package
  - pam_cracklib-removal.patch: Re-add pam_cracklib for deprecated sub-package
* Wed Nov 18 2020 josef.moellers@suse.com
  - pam_cracklib: added code to check whether the password contains
    a substring of of the user's name of at least <N> characters length
    in some form.
    This is enabled by the new parameter "usersubstr=<N>"
    See https://github.com/libpwquality/libpwquality/commit/bfef79dbe6aa525e9557bf4b0a61e6dde12749c4
    [jsc#SLE-16719, jsc#SLE-16720, pam-pam_cracklib-add-usersubstr.patch]
* Wed Nov 18 2020 josef.moellers@suse.com
  - pam_xauth.c: do not free() a string which has been (successfully)
    passed to putenv().
    [bsc#1177858, pam-bsc1177858-dont-free-environment-string.patch]
* Fri Nov 13 2020 josef.moellers@suse.com
  - Initialize pam_unix pam_sm_acct_mgmt() local variable "daysleft"
    to avoid spurious (and misleading)
      Warning: your password will expire in ... days.
    fixed upstream with commit db6b293046a
    [bsc#1178727, pam-bsc1178727-initialize-daysleft.patch]
* Tue Nov 10 2020 kukuk@suse.com
  - Enable pam_faillock [bnc#1171562]
* Thu Oct 29 2020 lnussel@suse.de
  - prepare usrmerge (boo#1029961, pam-usrmerge.diff)
* Thu Oct 08 2020 josef.moellers@suse.com
  - /usr/bin/xauth chokes on the old user's $HOME being on an NFS
    file system. Run /usr/bin/xauth using the old user's uid/gid
    Patch courtesy of Dr. Werner Fink.
    [bsc#1174593, pam-xauth_ownership.patch]
* Thu Oct 08 2020 sbrabec@suse.com
  - pam-login_defs-check.sh: Fix the regexp to get a real variable
    list (boo#1164274).
* Wed Jun 24 2020 josef.moellers@suse.com
  - Revert the previous change [SR#815713].
    The group is not necessary for PAM functionality but used only
    during testing. The test system should therefore create this group.
    [bsc#1171016, pam.spec]
* Mon Jun 15 2020 josef.moellers@suse.com
  - Add requirement for group "wheel" to spec file.
    [bsc#1171016, pam.spec]
* Mon Jun 08 2020 kukuk@suse.com
  - Update to final 1.4.0 release
    - includes pam-check-user-home-dir.patch
    - obsoletes fix-man-links.dif
* Mon Jun 08 2020 kukuk@suse.com
  - common-password: remove pam_cracklib, as that is deprecated.
* Thu May 28 2020 josef.moellers@suse.com
  - pam_setquota.so:
    When setting quota, don't apply any quota if the user's $HOME is
    a mountpoint (ie the user has a partition of his/her own).
    [bsc#1171721, pam-check-user-home-dir.patch]
* Wed May 27 2020 kukuk@suse.com
  - Update to current Linux-PAM snapshot
    - pam_tally* and pam_cracklib got deprecated
  - Disable pam_faillock and pam_setquota until they are whitelisted
* Tue May 12 2020 josef.moellers@suse.com
  - Adapted patch pam-hostnames-in-access_conf.patch for new version
    New version obsoleted patch use-correct-IP-address.patch
    [pam-hostnames-in-access_conf.patch,
    use-correct-IP-address.patch]
* Tue May 12 2020 kukuk@suse.com
  - Update to current Linux-PAM snapshot
    - Obsoletes pam_namespace-systemd.diff
* Tue May 12 2020 kukuk@suse.com
  - Update to current Linux-PAM snapshot
    - Add pam_faillock
    - Multiple minor bug fixes and documentation improvements
    - Fixed grammar of messages printed via pam_prompt
    - Added support for a vendor directory and libeconf
    - configure: Allowed disabling documentation through --disable-doc
    - pam_get_authtok_verify: Avoid duplicate password verification
    - pam_env: Changed the default to not read the user .pam_environment file
    - pam_group, pam_time: Fixed logical error with multiple ! operators
    - pam_keyinit: In pam_sm_setcred do the same as in pam_sm_open_session
    - pam_lastlog: Do not log info about failed login if the session was opened
      with PAM_SILENT flag
    - pam_lastlog: Limit lastlog file use by LASTLOG_UID_MAX option in login.defs
    - pam_lastlog: With 'unlimited' option prevent SIGXFSZ due to reduced 'fsize'
      limit
    - pam_motd: Export MOTD_SHOWN=pam after showing MOTD
    - pam_motd: Support multiple motd paths specified, with filename overrides
    - pam_namespace: Added a systemd service, which creates the namespaced
      instance parent directories during boot
    - pam_namespace: Support for noexec, nosuid and nodev flags for tmpfs mounts
    - pam_shells: Recognize /bin/sh as the default shell
    - pam_succeed_if: Support lists in group membership checks
    - pam_tty_audit: If kernel audit is disabled return PAM_IGNORE
    - pam_umask: Added new 'nousergroups' module argument and allowed specifying
      the default for usergroups at build-time
    - pam_unix: Added 'nullresetok' option to allow resetting blank passwords
    - pam_unix: Report unusable hashes found by checksalt to syslog
    - pam_unix: Support for (gost-)yescrypt hashing methods
    - pam_unix: Use bcrypt b-variant when it bcrypt is chosen
    - pam_usertype: New module to tell if uid is in login.defs ranges
    - Added new API call pam_start_confdir() for special applications that
      cannot use the system-default PAM configuration paths and need to
      explicitly specify another path
  - pam_namespace-systemd.diff: fix path of pam_namespace.services
* Thu Apr 02 2020 lnussel@suse.de
  - own /usr/lib/motd.d/ so other packages can add files there
* Tue Mar 24 2020 josef.moellers@suse.com
  - Listed all manual pages seperately as pam_userdb.8 has been moved
    to pam-extra.
    Also %exclude %{_defaultdocdir}/pam as the docs are in a separate
    package.
    [pam.spec]
* Mon Mar 16 2020 josef.moellers@suse.com
  - pam_userdb moved to a new package pam-extra as pam-modules
    is obsolete and not part of SLE.
    [bsc#1166510, pam.spec]
* Thu Mar 12 2020 josef.moellers@suse.com
  - Removed pam_userdb from this package and moved to pam-modules.
    This removed the requirement for libdb.
    Also made "xz" required for all releases.
    Remove limits for nproc from /etc/security/limits.conf
    [bsc#1164562, bsc#1166510, bsc#1110700, pam.spec]
* Wed Feb 19 2020 kukuk@suse.de
  - Recommend login.defs only (no hard requirement)
* Tue Sep 24 2019 kukuk@suse.com
  - Update to version 1.3.1+git20190923.ea78d67:
    * Fixed missing quotes in configure script
    * Add support for a vendor directory and libeconf (#136)
    * pam_lastlog: document the 'unlimited' option
    * pam_lastlog: prevent crash due to reduced 'fsize' limit
    * pam_unix_sess.c add uid for opening session
    * Fix the man page for "pam_fail_delay()"
    * Fix a typo
    * Update a function comment
  - drop usr-etc-support.patch (accepted upstream)
* Thu Sep 05 2019 kukuk@suse.de
  - Add migration support from /etc to /usr/etc during upgrade
* Wed Sep 04 2019 kukuk@suse.com
  - Update to version 1.3.1+git20190902.9de67ee:
    * pwhistory: fix read of uninitialized data and memory leak when modifying opasswd
* Tue Aug 27 2019 kukuk@suse.com
  - Update to version 1.3.1+git20190826.1b087ed:
    * libpam/pam_modutil_sanitize.c: optimize the way to close fds
* Thu Aug 22 2019 jengelh@inai.de
  - Replace old $RPM_* shell vars by macros.
  - Avoid unnecessary invocation of subshells.
  - Shorten recipe for constructing securetty contents on s390.
* Mon Aug 19 2019 kukuk@suse.de
  - usr-etc-support.patch: Add support for /usr/etc/pam.d
* Mon Aug 19 2019 kukuk@suse.de
  - encryption_method_nis.diff: obsolete, NIS clients shouldn't
    require DES anymore.
  - etc.environment: removed, the sources contain the same
* Mon Aug 19 2019 kukuk@suse.com
  - Update to version 1.3.1+git20190807.e31dd6c:
    * pam_tty_audit: Manual page clarification about password logging
    * pam_get_authtok_verify: Avoid duplicate password verification
    * Mention that ./autogen.sh is needeed to be run if you check out the sources from git
    * pam_unix: Correct MAXPASS define name in the previous two commits.
    * Restrict password length when changing password
    * Trim password at PAM_MAX_RESP_SIZE chars
    * pam_succeed_if: Request user data only when needed
    * pam_tally2: Remove unnecessary fsync()
    * Fixed a grammer mistake
    * Fix documentation for pam_wheel
    * Fix a typo in the documentation
    * pam_lastlog: Improve silent option documentation
    * pam_lastlog: Respect PAM_SILENT flag
    * Fix regressions from the last commits.
    * Replace strndupa with strncpy
    * build: ignore pam_lastlog when logwtmp is not available.
    * build: ignore pam_rhosts if neither ruserok nor ruserok_af is available.
    * pam_motd: Cleanup the code and avoid unnecessary logging
    * pam_lastlog: Limit lastlog file use by LASTLOG_UID_MAX option in login.defs.
    * Move the duplicated search_key function to pam_modutil.
    * pam_unix: Use pam_syslog instead of helper_log_err.
    * pam_unix: Report unusable hashes found by checksalt to syslog.
    * Revert "pam_unix: Add crypt_default method, if supported."
    * pam_unix: Add crypt_default method, if supported.
    * Revert part of the commit 4da9febc
    * pam_unix: Add support for (gost-)yescrypt hashing methods.
    * pam_unix: Fix closing curly brace. (#77)
    * pam_unix: Add support for crypt_checksalt, if libcrypt supports it.
    * pam_unix: Prefer a gensalt function, that supports auto entropy.
    * pam_motd: Fix segmentation fault when no motd_dir specified (#76)
    * pam_motd: Support multiple motd paths specified, with filename overrides (#69)
    * pam_unix: Use bcrypt b-variant for computing new hashes.
    * pam_tally, pam_tally2: fix grammar and spelling (#54)
    * Fix grammar of messages printed via pam_prompt
    * pam_stress: do not mark messages for translation
    * pam_unix: remove obsolete _UNIX_AUTHTOK, _UNIX_OLD_AUTHTOK, and _UNIX_NEW_AUTHTOK macros
    * pam_unix: remove obsolete _unix_read_password prototype
* Thu May 02 2019 sbrabec@suse.com
  - Add virtual symbols for login.defs compatibility (bsc#1121197).
  - Add login.defs safety check pam-login_defs-check.sh
    (bsc#1121197).
* Thu Nov 15 2018 josef.moellers@suse.com
  - When comparing an incoming IP address with an entry in
    access.conf that only specified a single host (ie no netmask),
    the incoming IP address was used rather than the IP address from
    access.conf, effectively comparing the incoming address with
    itself.  (Also fixed a small typo while I was at it)
    {bsc#1115640, use-correct-IP-address.patch, CVE-2018-17953]
* Mon Oct 22 2018 josef.moellers@suse.com
  - Upgrade to 1.3.1
    * pam_motd: add support for a motd.d directory
    * pam_umask: Fix documentation to align with order of loading umask
    * pam_get_user.3: Fix missing word in documentation
    * pam_tally2 --reset: avoid creating a missing tallylog file
    * pam_mkhomedir: Allow creating parent of homedir under /
    * access.conf.5: Add note about spaces around ':'
    * pam.8: Workaround formatting problem
    * pam_unix: Check return value of malloc used for setcred data
    * pam_cracklib: Drop unused prompt macros
    * pam_tty_audit: Support matching users by uid range
    * pam_access: support parsing files in /etc/security/access.d/*.conf
    * pam_localuser: Correct documentation
    * pam_issue: Fix no prompting in parse escape codes mode
    * Unification and cleanup of syslog log levels
    Also: removed nproc limit, referred to systemd instead.
    Patch5 (pam-fix-config-order-in-manpage.patch) not needed any more.
    [bsc#1112508, pam-fix-config-order-in-manpage.patch]
* Fri Aug 24 2018 psimons@suse.com
  - Add libdb as build-time dependency to enable pam_userdb module.
    This module is useful for implementing virtual user support for
    vsftpd and possibly other daemons, too. [bsc#929711, fate#322538]
* Fri Jul 13 2018 sbrabec@suse.com
  - Install empty directory /etc/security/namespace.d for
    pam_namespace.so iscript.
* Thu May 03 2018 josef.moellers@suse.com
  - pam_umask.8 needed to be patched as well.
    [bsc#1089884, pam-fix-config-order-in-manpage.patch]
* Wed May 02 2018 josef.moellers@suse.com
  - Changed order of configuration files to reflect actual code.
    [bsc#1089884, pam-fix-config-order-in-manpage.patch]
* Thu Feb 22 2018 fvogt@suse.com
  - Use %license (boo#1082318)
* Thu Oct 12 2017 schwab@suse.de
  - Prerequire group(shadow), user(root)
* Fri Jan 27 2017 josef.moellers@suse.com
  - Allow symbolic hostnames in access.conf file.
    [pam-hostnames-in-access_conf.patch, boo#1019866]
* Thu Dec 08 2016 josef.moellers@suse.com
  - Increased nproc limits for non-privileged users to 4069/16384.
    Removed limits for "root".
    [pam-limit-nproc.patch, bsc#1012494, bsc#1013706]
* Sun Jul 31 2016 develop7@develop7.info
  - pam-limit-nproc.patch: increased process limit to help
    Chrome/Chromuim users with really lots of tabs. New limit gets
    closer to UserTasksMax parameter in logind.conf
* Thu Jul 28 2016 kukuk@suse.de
  - Add doc directory to filelist.
* Mon May 02 2016 kukuk@suse.de
  - Remove obsolete README.pam_tally [bsc#977973]
* Thu Apr 28 2016 kukuk@suse.de
  - Update Linux-PAM to version 1.3.0
  - Rediff encryption_method_nis.diff
  - Link pam_unix against libtirpc and external libnsl to enable
    IPv6 support.
* Thu Apr 14 2016 kukuk@suse.de
  - Add /sbin/unix2_chkpwd (moved from pam-modules)
* Mon Apr 11 2016 kukuk@suse.de
  - Remove (since accepted upstream):
    - 0001-Remove-YP-dependencies-from-pam_access-they-were-nev.patch
    - 0002-Remove-enable-static-modules-option-and-support-from.patch
    - 0003-fix-nis-checks.patch
    - 0004-PAM_EXTERN-isn-t-needed-anymore-but-don-t-remove-it-.patch
    - 0005-Use-TI-RPC-functions-if-we-compile-and-link-against-.patch
* Fri Apr 01 2016 kukuk@suse.de
  - Add 0005-Use-TI-RPC-functions-if-we-compile-and-link-against-.patch
    - Replace IPv4 only functions
* Fri Apr 01 2016 kukuk@suse.de
  - Fix typo in common-account.pamd [bnc#959439]
* Tue Mar 29 2016 kukuk@suse.de
  - Add 0004-PAM_EXTERN-isn-t-needed-anymore-but-don-t-remove-it-.patch
    - readd PAM_EXTERN for external PAM modules
* Wed Mar 23 2016 kukuk@suse.de
  - Add 0001-Remove-YP-dependencies-from-pam_access-they-were-nev.patch
  - Add 0002-Remove-enable-static-modules-option-and-support-from.patch
  - Add 0003-fix-nis-checks.patch
* Sat Jul 25 2015 joschibrauchle@gmx.de
  - Add folder /etc/security/limits.d as mentioned in 'man pam_limits'
* Fri Jun 26 2015 kukuk@suse.de
  - Update to version 1.2.1
    - security update for CVE-2015-3238
* Mon Apr 27 2015 kukuk@suse.de
  - Update to version 1.2.0
    - obsoletes Linux-PAM-git-20150109.diff
* Fri Jan 09 2015 kukuk@suse.de
  - Re-add lost patch encryption_method_nis.diff [bnc#906660]
* Fri Jan 09 2015 kukuk@suse.de
  - Update to current git:
    - Linux-PAM-git-20150109.diff replaces Linux-PAM-git-20140127.diff
    - obsoletes pam_loginuid-log_write_errors.diff
    - obsoletes pam_xauth-sigpipe.diff
    - obsoletes bug-870433_pam_timestamp-fix-directory-traversal.patch
* Fri Jan 09 2015 bwiedemann@suse.com
  - increase process limit to 1200 to help chromium users with many tabs
* Tue May 06 2014 bwiedemann@suse.com
  - limit number of processes to 700 to harden against fork-bombs
    Add pam-limit-nproc.patch
* Wed Apr 09 2014 ckornacker@suse.com
  - Fix CVE-2014-2583: pam_timestamp path injection (bnc#870433)
    bug-870433_pam_timestamp-fix-directory-traversal.patch
* Tue Apr 01 2014 ckornacker@suse.com
  - adding sclp_line0/ttysclp0 to /etc/securetty on s390 (bnc#869664)
* Mon Jan 27 2014 kukuk@suse.de
  - Add pam_loginuid-log_write_errors.diff: log significant loginuid
    write errors
  - pam_xauth-sigpipe.diff: avoid potential SIGPIPE when writing to
    xauth process
* Mon Jan 27 2014 kukuk@suse.de
  - Update to current git (Linux-PAM-git-20140127.diff), which
    obsoletes pam_loginuid-part1.diff, pam_loginuid-part2.diff and
    Linux-PAM-git-20140109.diff.
    - Fix gratuitous use of strdup and x_strdup
    - pam_xauth: log fatal errors preventing xauth process execution
    - pam_loginuid: cleanup loginuid buffer initialization
    - libpam_misc: fix an inconsistency in handling memory allocation errors
    - pam_limits: fix utmp->ut_user handling
    - pam_mkhomedir: check and create home directory for the same user
    - pam_limits: detect and ignore stale utmp entries
  - Disable pam_userdb (remove db-devel from build requires)
* Fri Jan 10 2014 kukuk@suse.com
  - Add pam_loginuid-part1.diff: Ignore missing /proc/self/loginuid
  - Add pam_loginuid-part2.diff: Workaround to run pam_loginuid inside lxc
* Thu Jan 09 2014 kukuk@suse.de
  - Update to current git (Linux-PAM-git-20140109.diff, which
    replaces pam_unix.diff and encryption_method_nis.diff)
    - pam_access: fix debug level logging
    - pam_warn: log flags passed to the module
    - pam_securetty: check return value of fgets
    - pam_lastlog: fix format string
    - pam_loginuid: If the correct loginuid is already set, skip writing it
* Fri Nov 29 2013 schwab@linux-m68k.org
  - common-session.pamd: add missing newline
* Thu Nov 28 2013 kukuk@suse.de
  - Remove libtrpc support to solve dependency/build cycles, plain
    glibc is enough for now.
* Tue Nov 12 2013 kukuk@suse.de
  - Add encryption_method_nis.diff:
    - implement pam_unix2 functionality to use another hash for
      NIS passwords.
* Fri Nov 08 2013 kukuk@suse.de
  - Add pam_unix.diff:
    - fix if /etc/login.defs uses DES
    - ask always for old password if a NIS password will be changed
* Sat Sep 28 2013 mc@suse.com
  - fix manpages links (bnc#842872) [fix-man-links.dif]
* Fri Sep 20 2013 hrvoje.senjan@gmail.com
  - Explicitly add pam_systemd.so to list of modules in
    common-session.pamd (bnc#812462)
* Fri Sep 20 2013 kukuk@suse.de
  - Update to official release 1.1.8 (1.1.7 + git-20130916.diff)
  - Remove needless pam_tally-deprecated.diff patch
* Mon Sep 16 2013 kukuk@suse.de
  - Replace fix-compiler-warnings.diff with current git snapshot
    (git-20130916.diff) for pam_unix.so:
    - fix glibc warnings
    - fix syntax error in SELinux code
    - fix crash at login
* Thu Sep 12 2013 kukuk@suse.de
  - Remove pam_unix-login.defs.diff, not needed anymore
* Thu Sep 12 2013 kukuk@suse.de
  - Update to version 1.1.7 (bugfix release)
    - Drop missing-DESTDIR.diff and pam-fix-includes.patch
    - fix-compiler-warnings.diff: fix unchecked setuid return code
* Tue Aug 06 2013 mc@suse.de
  - adding hvc0-hvc7 to /etc/securetty on s390 (bnc#718516)
* Mon May 27 2013 kukuk@suse.de
  - Fix typo in common-password [bnc#821526]
* Fri Apr 26 2013 mmeister@suse.com
  - Added libtool as BuildRequire, and autoreconf -i option to fix
    build with new automake
* Tue Feb 05 2013 kukuk@suse.de
  - Update pam_unix-login.defs.diff patch to the final upstream
    version.
* Tue Feb 05 2013 kukuk@suse.de
  - Adjust URL
  - Add set_permission macro and PreReq
  - Read default encryption method from /etc/login.defs
    (pam_unix-login.defs.diff)
* Fri Jan 25 2013 kukuk@suse.com
  - Remove deprecated pam_tally.so module, it's too buggy and can
    destroy config and log files.
* Mon Nov 12 2012 kukuk@suse.de
  - Sync common-*.pamd config with pam-config (use pam_unix.so as
    default).
* Wed Sep 19 2012 kukuk@suse.de
  - Fix building in Factory (add patch missing-DESTDIR.diff)
* Fri Sep 14 2012 kukuk@suse.de
  - Update to Linux-PAM 1.1.6
    - Update translations
    - pam_cracklib: Add more checks for weak passwords
    - pam_lastlog: Never lock out root
    - Lot of bug fixes and smaller enhancements
* Thu Jun 21 2012 aj@suse.de
  - Include correct headers for getrlimit (add patch pam-fix-includes.patch).
* Mon Apr 23 2012 jengelh@medozas.de
  - Update homepage URL in specfile
* Sat Mar 03 2012 jengelh@medozas.de
  - Update to new upstream release 1.1.5
    * pam_env: Fix CVE-2011-3148: correctly count leading whitespace
    when parsing environment file in pam_env
    * Fix CVE-2011-3149: when overflowing, exit with PAM_BUF_ERR in
    pam_env
    * pam_access: Add hostname resolution cache
* Tue Oct 25 2011 mc@suse.de
  - pam_tally2: remove invalid options from manpage (bnc#726071)
  - fix possible overflow and DOS in pam_env (bnc#724480)
    CVE-2011-3148, CVE-2011-3149
* Mon Jun 27 2011 kukuk@suse.de
  - Update to version 1.1.4
    * pam_securetty: Honour console= kernel option, add noconsole option
    * pam_limits: Add %group syntax, drop change_uid option, add set_all option
    * Lot of small bug fixes
    * Add support for libtirpc
  - Build against libtirpc
* Thu May 26 2011 cfarrell@novell.com
  - license update: GPL-2.0+ or BSD-3-Clause
    Updating to spdx.org/licenses syntax as legal-auto for some reason did
    not accept the previous spec file license
* Wed May 25 2011 kukuk@suse.de
  - Remove libxcrypt-devel from BuildRequires
* Wed Feb 23 2011 vcizek@novell.com
  - bnc#673826 rework
    * manpage is left intact, as it was
    * correct parsing of "quiet" option
* Wed Feb 23 2011 vcizek@novell.com
  - fix for bnc#673826 (pam_listfile)
    * removed unnecessary logging when listfile is missing and quiet
    option is specified
    * manpage is also updated, to reflect that all option
    require values
* Thu Oct 28 2010 kukuk@suse.de
  - Update to Linux-PAM 1.1.3
    - fixes CVE-2010-3853, CVE-2010-3431, CVE-2010-3430
    - pam_unix: Add minlen option, change default from 6 to 0
* Tue Aug 31 2010 kukuk@suse.de
  - Update to Linux-PAM 1.1.2
* Mon Jun 28 2010 jengelh@medozas.de
  - use %_smp_mflags
* Mon May 10 2010 kukuk@suse.de
  - Update to current CVS version (pam_rootok: Add support for
    chauthtok and acct_mgmt, [bnc#533249])
* Thu Mar 11 2010 kukuk@suse.de
  - Install correct documentation
* Wed Dec 16 2009 kukuk@suse.de
  - Update to Linux-PAM 1.1.1 (bug fix release)
* Sat Dec 12 2009 jengelh@medozas.de
  - add baselibs.conf as a source
* Wed Dec 09 2009 jengelh@medozas.de
  - enable parallel building
* Fri Jun 26 2009 kukuk@suse.de
  - Add fixes from CVS
* Wed Jun 24 2009 kukuk@suse.de
  - Update to final version 1.1.0 (spelling fixes)
* Tue May 05 2009 kukuk@suse.de
  - Update to version 1.0.92:
    * Update translations
    * pam_succeed_if: Use provided username
    * pam_mkhomedir: Fix handling of options
* Fri Apr 03 2009 rguenther@suse.de
  - Remove cracklib-dict-full and pwdutils BuildRequires again.
* Fri Mar 27 2009 kukuk@suse.de
  - Update to version 1.0.91 aka 1.1 Beta2:
    * Changes in the behavior of the password stack. Results of
      PRELIM_CHECK are not used for the final run.
    * Redefine LOCAL keyword of pam_access configuration file
    * Add support for try_first_pass and use_first_pass to
      pam_cracklib
    * New password quality tests in pam_cracklib
    * Add support for passing PAM_AUTHTOK to stdin of helpers from
      pam_exec
    * New options for pam_lastlog to show last failed login attempt and
      to disable lastlog update
    * New pam_pwhistory module to store last used passwords
    * New pam_tally2 module similar to pam_tally with wordsize independent
      tally data format, obsoletes pam_tally
    * Make libpam not log missing module if its type is prepended with '-'
    * New pam_timestamp module for authentication based on recent successful
      login.
    * Add blowfish support to pam_unix.
    * Add support for user specific environment file to pam_env.
    * Add pam_get_authtok to libpam as Linux-PAM extension.
* Wed Feb 11 2009 ro@suse.de
  - use sr@latin instead of sr@Latn
* Thu Feb 05 2009 kukuk@suse.de
  - Log failures of setrlimit in pam_limits [bnc#448314]
  - Fix using of requisite in password stack [bnc#470337]
* Tue Jan 20 2009 kukuk@suse.de
  - Regenerate documentation [bnc#448314]
* Wed Dec 10 2008 olh@suse.de
  - use Obsoletes: -XXbit only for ppc64 to help solver during distupgrade
    (bnc#437293)
* Thu Dec 04 2008 olh@suse.de
  - obsolete old -XXbit packages (bnc#437293)
* Thu Nov 27 2008 mc@suse.de
  - enhance the man page for limits.conf (bnc#448314)
* Mon Nov 24 2008 kukuk@suse.de
  - pam_time: fix parsing if '|' is used [bdo#326407]
* Wed Nov 19 2008 kukuk@suse.de
  - pam_xauth: update last patch
  - pam_pwhistory: add missing type option
* Tue Nov 04 2008 mc@suse.de
  - pam_xauth: put XAUTHLOCALHOSTNAME into new enviroment
    (bnc#441314)
* Fri Oct 17 2008 kukuk@suse.de
  - Add pam_tally2
  - Regenerate Documentation
* Sat Oct 11 2008 kukuk@suse.de
  - Enhance pam_lastlog with status output
  - Add pam_pwhistory as tech preview
* Fri Sep 26 2008 kukuk@suse.de
  - pam_tally: fix fd leak
  - pam_mail: fix "quiet" option
* Fri Aug 29 2008 kukuk@suse.de
  - Update to version 1.0.2 (fix SELinux regression)
  - enhance pam_tally [FATE#303753]
  - Backport fixes from CVS
* Wed Aug 20 2008 prusnak@suse.cz
  - enabled SELinux support [Fate#303662]
* Wed Apr 16 2008 kukuk@suse.de
  - Update to version 1.0.1:
    - Fixes regression in pam_set_item().
* Thu Apr 10 2008 ro@suse.de
  - added baselibs.conf file to build xxbit packages
    for multilib support
* Fri Apr 04 2008 kukuk@suse.de
  - Remove devfs lines from securetty [bnc#372241]
* Thu Apr 03 2008 kukuk@suse.de
  - Update to version 1.0.0:
    - Official first "stable" release
    - bug fixes
    - translation updates
* Fri Feb 15 2008 kukuk@suse.de
  - Update to version 0.99.10.0:
    - New substack directive in config file syntax
    - New module pam_tty_audit.so for enabling and disabling tty
      auditing
    - New PAM items PAM_XDISPLAY and PAM_XAUTHDATA
    - Improved functionality of pam_namespace.so module (method flags,
      namespace.d configuration directory, new options).
    - Finaly removed deprecated pam_rhosts_auth module.
* Wed Oct 10 2007 kukuk@suse.de
  - Update to version 0.99.9.0:
    - misc_conv no longer blocks SIGINT; applications that don't want
      user-interruptable prompts should block SIGINT themselves
    - Merge fixes from Debian
    - Fix parser for pam_group and pam_time
* Wed Jul 18 2007 kukuk@suse.de
  - Update to version 0.99.8.1:
    - Fix regression in pam_audit
* Fri Jul 06 2007 kukuk@suse.de
  - Update to version 0.99.8.0:
    - Add translations for ar, ca, da, ru, sv and zu.
    - Update hungarian translation.
    - Add support for limits.d directory to pam_limits.
    - Add minclass option to pam_cracklib
    - Add new group syntax to pam_access
* Thu Apr 19 2007 mc@suse.de
  - move the documentation into a seperate package (pam-doc)
    [partly fixes Bug #265733]
* Mon Mar 26 2007 rguenther@suse.de
  - add flex and bison BuildRequires
* Wed Jan 24 2007 mc@suse.de
  - add %verify_permissions for /sbin/unix_chkpwd
    [#237625]
* Tue Jan 23 2007 kukuk@suse.de
  - Update to Version 0.99.7.1 (security fix)
* Wed Jan 17 2007 kukuk@suse.de
  - Update to Version 0.99.7.0
    * Add manual page for pam_unix.so.
    * Add pam_faildelay module to set pam_fail_delay() value.
    * Fix possible seg.fault in libpam/pam_set_data().
    * Cleanup of configure options.
    * Update hungarian translation, fix german translation.
* Wed Jan 17 2007 lnussel@suse.de
  - install unix_chkpwd setuid root instead of setgid shadow (#216816)
* Tue Oct 24 2006 kukuk@suse.de
  - pam_unix.so/unix_chkpwd: teach about blowfish [#213929]
  - pam_namespace.so: Fix two possible buffer overflow
  - link against libxcrypt
* Sat Oct 07 2006 kukuk@suse.de
  - Update hungarian translation [#210091]
* Tue Sep 19 2006 kukuk@suse.de
  - Don't remove pam_unix.so
  - Use cracklib again (goes lost with one of the last cleanups)
* Thu Sep 14 2006 kukuk@suse.de
  - Add pam_umask.so to common-session [Fate#3621]
* Wed Sep 06 2006 kukuk@suse.de
  - Update to Linux-PAM 0.99.6.3 (merges all patches)
* Wed Aug 30 2006 kukuk@suse.de
  - Update to Linux-PAM 0.99.6.2 (incorporate last change)
  - Add pam_loginuid and fixes from CVS [Fate#300486]
* Wed Aug 23 2006 kukuk@suse.de
  - Fix seg.fault in pam_cracklib if retyped password is empty
* Tue Aug 22 2006 kukuk@suse.de
  - Remove use_first_pass from pam_unix2.so in password section
* Fri Aug 11 2006 kukuk@suse.de
  - Update to Linux-PAM 0.99.6.1 (big documentation update)
* Fri Jul 28 2006 kukuk@suse.de
  - Add missing namespace.init script
* Thu Jul 27 2006 kukuk@suse.de
  - Reenable audit subsystem [Fate#300486]
* Wed Jun 28 2006 kukuk@suse.de
  - Update to Linux-PAM 0.99.5.0 (more manual pages, three new PAM
    modules: pam_keyinit, pam_namespace, pam_rhosts)
* Mon Jun 12 2006 kukuk@suse.de
  - Update to current CVS (lot of new manual pages and docu)
* Tue May 30 2006 kukuk@suse.de
  - Update to Linux-PAM 0.99.4.0 (merge all patches and translations)
* Wed May 24 2006 kukuk@suse.de
  - Fix problems found by Coverity
* Wed May 17 2006 schwab@suse.de
  - Don't strip binaries.
* Fri May 05 2006 kukuk@suse.de
  - Fix pam_tally LFS support [#172492]
* Fri Apr 21 2006 kukuk@suse.de
  - Update fr.po and pl.po
* Tue Apr 11 2006 kukuk@suse.de
  - Update km.po
* Tue Apr 04 2006 kukuk@suse.de
  - Remove obsolete pam-laus from the system
* Mon Mar 27 2006 kukuk@suse.de
  - Update translations for pt, pl, fr, fi and cs
  - Add translation for uk
* Tue Mar 21 2006 kukuk@suse.de
  - Update hu.po
* Tue Mar 21 2006 kukuk@suse.de
  - Add translation for tr
* Mon Mar 13 2006 kukuk@suse.de
  - Fix order of NULL checks in pam_get_user
  - Fix comment in pam_lastlog for translators to be visible in
    pot file
  - Docu update, remove pam_selinux docu
* Thu Mar 02 2006 kukuk@suse.de
  - Update km translation
* Thu Feb 23 2006 kukuk@suse.de
  - pam_lastlog:
    - Initialize correct struct member [SF#1427401]
    - Mark strftime fmt string for translation [SF#1428269]
* Sun Feb 19 2006 kukuk@suse.de
  - Update more manual pages
* Sat Feb 18 2006 ro@suse.de
  - really disable audit if header file not present
* Tue Feb 14 2006 kukuk@suse.de
  - Update fi.po
  - Add km.po
  - Update pl.po
* Mon Feb 13 2006 kukuk@suse.de
  - Update with better manual pages
* Thu Feb 09 2006 kukuk@suse.de
  - Add translation for nl, update pt translation
* Fri Jan 27 2006 kukuk@suse.de
  - Move devel manual pages to -devel package
  - Mark PAM config files as noreplace
  - Mark /etc/securetty as noreplace
  - Run ldconfig
  - Fix libdb/ndbm compat detection with gdbm
  - Adjust german translation
  - Add all services to pam_listfile
* Wed Jan 25 2006 mls@suse.de
  - converted neededforbuild to BuildRequires
* Fri Jan 13 2006 kukuk@suse.de
  - Update to Linux-PAM 0.99.3.0 release candiate tar balls
    (new translations)
* Mon Jan 09 2006 kukuk@suse.de
  - Fix NULL handling for LSB-pam test suite [#141240]
* Sun Jan 08 2006 kukuk@suse.de
  - Fix usage of PAM_AUTHTOK_RECOVER_ERR vs. PAM_AUTHTOK_RECOVERY_ERR
* Fri Jan 06 2006 kukuk@suse.de
  - NULL is allowed as thirs argument for pam_get_item [#141240]
* Wed Dec 21 2005 kukuk@suse.de
  - Add fixes from CVS
* Thu Dec 15 2005 kukuk@suse.de
  - Fix pam_lastlog: don't report error on first login
* Tue Dec 13 2005 kukuk@suse.de
  - Update to 0.99.2.1
* Fri Dec 09 2005 kukuk@suse.de
  - Add /etc/environment to avoid warnings in syslog
* Mon Dec 05 2005 kukuk@suse.de
  - disable SELinux
* Wed Nov 23 2005 kukuk@suse.de
  - Update getlogin() fix to final one
* Mon Nov 21 2005 kukuk@suse.de
  - Fix PAM getlogin() implementation
* Mon Nov 21 2005 kukuk@suse.de
  - Update to official 0.99.2.0 release
* Tue Nov 08 2005 kukuk@suse.de
  - Update to new snapshot
* Mon Oct 10 2005 kukuk@suse.de
  - Enable original pam_wheel module
* Tue Sep 27 2005 kukuk@suse.de
  - Update to current CVS
  - Compile libpam_misc with -fno-strict-aliasing
* Mon Sep 19 2005 kukuk@suse.de
  - Update to current CVS
  - Fix compiling of pammodutil with -fPIC
* Sun Sep 18 2005 kukuk@suse.de
  - Update to current CVS
* Tue Aug 23 2005 kukuk@suse.de
  - Update to new snapshot (Major version is back to 0)
* Fri Aug 19 2005 kukuk@suse.de
  - Update to Linux-PAM 0.99.0.3 snapshot
* Mon Jul 11 2005 kukuk@suse.de
  - Add pam_umask
* Mon Jul 04 2005 kukuk@suse.de
  - Update to current CVS snapshot
* Thu Jun 23 2005 kukuk@suse.de
  - Update to current CVS snapshot
  - Add pam_loginuid
* Thu Jun 09 2005 kukuk@suse.de
  - Update to current CVS snapshot
* Mon Jun 06 2005 kukuk@suse.de
  - Don't reset priority [#81690]
  - Fix creating of symlinks
* Fri May 20 2005 kukuk@suse.de
  - Update to current CVS snapshot
  - Real fix for [#82687] (don't include kernel header files)
* Thu May 12 2005 schubi@suse.de
  - Bug 82687 - pam_client.h redefines __u8 and __u32
* Fri Apr 29 2005 kukuk@suse.de
  - Apply lot of fixes from CVS (including SELinux support)
* Fri Apr 01 2005 kukuk@suse.de
  - Update to final 0.79 release
* Mon Mar 14 2005 kukuk@suse.de
  - Apply patch for pam_xauth to preserve DISPLAY variable [#66885]
* Mon Jan 24 2005 kukuk@suse.de
  - Compile with large file support
* Mon Jan 24 2005 schubi@suse.de
  - Made patch of latest CVS tree
  - Removed patch pam_handler.diff ( included in CVS now )
  - moved Linux-PAM-0.78.dif to pam_group_time.diff
* Wed Jan 05 2005 kukuk@suse.de
  - Fix seg.fault, if a PAM config line is incomplete
* Thu Nov 18 2004 kukuk@suse.de
  - Update to final 0.78
* Mon Nov 08 2004 kukuk@suse.de
  - Add pam_env.so to common-auth
  - Add pam_limit.so to common-session
* Wed Oct 13 2004 kukuk@suse.de
  - Update to 0.78-Beta1
* Wed Sep 22 2004 kukuk@suse.de
  - Create pam.d/common-{auth,account,password,session} and include
    them in pam.d/other
  - Update to current CVS version of upcoming 0.78 release
* Mon Aug 23 2004 kukuk@suse.de
  - Update "code cleanup" patch
  - Disable reading of /etc/environment in pam_env.so per default
* Thu Aug 19 2004 kukuk@suse.de
  - Reenable a "fixed" version of "code cleanup" patch
  - Use pam_wheel from pam-modules package
* Wed Aug 18 2004 kukuk@suse.de
  - Disable "code cleanup" patch (no more comments about security
    fixes)
* Fri Aug 13 2004 kukuk@suse.de
  - Apply big "code cleanup" patch [Bug #39673]
* Fri Mar 12 2004 kukuk@suse.de
  - pam_wheel: Use original getlogin again, PAM internal does not
    work without application help [Bug #35682]
* Sun Jan 18 2004 meissner@suse.de
  - We no longer have pam in the buildsystem, so we
    need some buildroot magic flags for the dlopen tests.
* Thu Jan 15 2004 kukuk@suse.de
  - Cleanup neededforbuild
* Fri Dec 05 2003 kukuk@suse.de
  - Add manual pages from SLES8
* Fri Nov 28 2003 kukuk@suse.de
  - Fix installing manual pages of modules
  - Remove pthread check (db is now linked against pthread)
* Thu Nov 27 2003 kukuk@suse.de
  - Merge with current CVS
  - Apply bug fixes from bugtracking system
  - Build as normal user
* Fri Nov 21 2003 kukuk@suse.de
  - Compile with noexecstack
* Thu Nov 06 2003 kukuk@suse.de
  - Fix pam_securetty CVS patch
* Wed Oct 29 2003 kukuk@suse.de
  - Sync with current CVS version
* Thu Oct 02 2003 kukuk@suse.de
  - Add patch to implement "include" statement in pamd files
* Wed Sep 10 2003 uli@suse.de
  - added ttyS1 (VT220) to securetty on s390* (bug #29239)
* Mon Jul 28 2003 kukuk@suse.de
  - Apply lot of fixes for various problems
* Tue Jun 10 2003 kukuk@suse.de
  - Fix getlogin handling in pam_wheel.so
* Tue May 27 2003 ro@suse.de
  - added cracklib-devel to neededforbuild
* Thu Feb 13 2003 kukuk@suse.de
  - Update pam_localuser and pam_xauth.
* Wed Nov 13 2002 kukuk@suse.de
  - Update to Linux-PAM 0.77 (minor bug fixes and enhancemants)
* Mon Nov 11 2002 ro@suse.de
  - changed neededforbuild <sp> to <opensp>
* Sat Sep 14 2002 ro@suse.de
  - changed securetty / use extra file
* Fri Sep 13 2002 bk@suse.de
  - 390: standard console (4,64)/ttyS0 ->only ttyS0 in /etc/securetty
* Tue Aug 27 2002 kukuk@suse.de
  - Call password checking helper from pam_unix.so whenever the
    passwd field is invalid.
* Sat Aug 24 2002 kukuk@suse.de
  - Don't build ps and pdf documentation
* Fri Aug 09 2002 kukuk@suse.de
  - pam-devel requires pam [Bug #17543]
* Wed Jul 17 2002 kukuk@suse.de
  - Remove explicit requires
* Wed Jul 10 2002 kukuk@suse.de
  - Update to Linux-PAM 0.76
  - Remove reentrant patch for original PAM modules (needs to be
    rewritten for new PAM version)
  - Add docu in PDF format
* Thu Jul 04 2002 kukuk@suse.de
  - Fix build on different partitions
* Tue Apr 16 2002 mmj@suse.de
  - Fix to not own /usr/shar/man/man3
* Wed Mar 13 2002 kukuk@suse.de
  - Add /usr/include/security to pam-devel filelist
* Mon Feb 11 2002 ro@suse.de
  - tar option for bz2 is "j"
* Fri Jan 25 2002 kukuk@suse.de
  - Fix last pam_securetty patch
* Thu Jan 24 2002 kukuk@suse.de
  - Use reentrant getpwnam functions for most modules
  - Fix unresolved symbols in pam_access and pam_userdb
* Sun Jan 20 2002 kukuk@suse.de
  - libpam_misc: Don't handle Ctrl-D as error.
* Wed Jan 16 2002 kukuk@suse.de
  - Remove SuSEconfig.pam
  - Update pam_localuser and pam_xauth
  - Add new READMEs about blowfish and cracklib
* Mon Nov 12 2001 kukuk@suse.de
  - Remove pam_unix.so (is part of pam-modules)
* Fri Nov 09 2001 kukuk@suse.de
  - Move extra PAM modules to separate package
  - Require pam-modules package
* Fri Aug 24 2001 kukuk@suse.de
  - Move susehelp config file to susehelp package
* Mon Aug 13 2001 ro@suse.de
  - changed neededforbuild <sp_libs> to <sp-devel>
* Tue Aug 07 2001 kukuk@suse.de
  - Fixes wrong symlink handling of pam_homecheck [Bug #3905]
* Wed Jul 11 2001 kukuk@suse.de
  - Sync pam_homecheck and pam_unix2 fixes from 7.2
  - Always ask for the old password if it is expired
* Sat May 05 2001 kukuk@suse.de
  - Cleanup Patches, make tar archive from extra pam modules
* Fri May 04 2001 kukuk@suse.de
  - Use LOG_NOTICE for trace option [Bug #7673]
* Thu Apr 12 2001 kukuk@suse.de
  - Linux-PAM: link pam_access against libnsl
  - Add pam.conf for susehelp/pam html docu
* Tue Apr 10 2001 kukuk@suse.de
  - Linux-PAM: Update to version 0.75
* Tue Apr 03 2001 kukuk@suse.de
  - Linux-PAM: link libpam_misc against libpam [Bug #6890]
* Thu Mar 08 2001 kukuk@suse.de
  - Linux-PAM: Fix manual pages (.so reference)
  - pam_pwcheck: fix Makefile
* Tue Mar 06 2001 kukuk@suse.de
  - Update for Linux-PAM 0.74
  - Drop pwdb subpackage
* Tue Feb 13 2001 kukuk@suse.de
  - pam_unix2: Create temp files with permission 0600
* Tue Feb 06 2001 ro@suse.de
  - pam_issue.c: include time.h to make it compile
* Fri Jan 05 2001 kukuk@suse.de
  - Don't print error message about failed initialization from
    pam_limits with kernel 2.2 [Bug #5198]
* Thu Jan 04 2001 kukuk@suse.de
  - Adjust docu for pam_limits
* Sun Dec 17 2000 kukuk@suse.de
  - Adjust docu for pam_pwcheck
* Thu Dec 07 2000 kukuk@suse.de
  - Add fix for pam_limits from 0.73
* Thu Oct 26 2000 kukuk@suse.de
  - Add db-devel to need for build
* Fri Oct 20 2000 kukuk@suse.de
  - Don't link PAM modules against old libpam library
* Wed Oct 18 2000 kukuk@suse.de
  - Create new "devel" subpackage
* Thu Oct 12 2000 kukuk@suse.de
  - Add SuSEconfig.pam
* Tue Oct 03 2000 kukuk@suse.de
  - Fix problems with new gcc and glibc 2.2 header files
* Wed Sep 13 2000 kukuk@suse.de
  - Fix problem with passwords longer then PASS_MAX_LEN
* Wed Sep 06 2000 kukuk@suse.de
  - Add missing PAM modules to filelist
  - Fix seg.fault in pam_pwcheck [BUG #3894]
  - Clean spec file
* Fri Jun 23 2000 kukuk@suse.de
  - Lot of bug fixes in pam_unix2 and pam_pwcheck
  - compress postscript docu
* Mon May 15 2000 kukuk@suse.de
  - Move docu to /usr/share/doc/pam
  - Fix some bugs in pam_unix2 and pam_pwcheck
* Tue Apr 25 2000 kukuk@suse.de
  - Add pam_homecheck Module
* Tue Apr 25 2000 kukuk@suse.de
  - Add devfs devices to /etc/securetty
* Wed Mar 01 2000 kukuk@suse.de
  - Fix handling of changing passwords to empty one
* Tue Feb 22 2000 kukuk@suse.de
  - Set correct attr for unix_chkpwd and pwdb_chkpwd
* Tue Feb 15 2000 kukuk@suse.de
  - Update pam_pwcheck
  - Update pam_unix2
* Mon Feb 07 2000 kukuk@suse.de
  - pwdb: Update to 0.61
* Thu Jan 27 2000 kukuk@suse.de
  - Add config files and README for md5 passwords
  - Update pam_pwcheck
  - Update pam_unix2
* Thu Jan 13 2000 kukuk@suse.de
  - Update pam_unix2
  - New: pam_pwcheck
  - Update to Linux-PAM 0.72
* Wed Oct 13 1999 kukuk@suse.de
  - pam_pwdb: Add security fixes from RedHat
* Mon Oct 11 1999 kukuk@suse.de
  - Update to Linux-PAM 0.70
  - Update to pwdb-0.60
  - Fix more pam_unix2 shadow bugs
* Fri Oct 08 1999 kukuk@suse.de
  - Add more PAM fixes
  - Implement Password changing request (sp_lstchg == 0)
* Mon Sep 13 1999 bs@suse.de
  - ran old prepare_spec on spec file to switch to new prepare_spec.
* Sat Sep 11 1999 kukuk@suse.de
  - Add pam_wheel to file list
  - pam_wheel: Minor fixes
  - pam_unix2: root is allowed to change passwords with wrong
      password aging information
* Mon Aug 30 1999 kukuk@suse.de
  - pam_unix2: Fix typo
* Thu Aug 19 1999 kukuk@suse.de
  - Linux-PAM: Update to version 0.69
* Fri Jul 16 1999 kukuk@suse.de
  - pam_unix2: Root is allowed to use the old password again.
* Tue Jul 13 1999 kukuk@suse.de
  - pam_unix2: Allow root to set an empty password.
* Sat Jul 10 1999 kukuk@suse.de
  - Add HP-UX password aging to pam_unix2.
* Wed Jul 07 1999 kukuk@suse.de
  - Don't install .cvsignore files
  - Make sure, /etc/shadow has the correct rights
* Tue Jul 06 1999 kukuk@suse.de
  - Update to Linux-PAM 0.68
* Wed Jun 30 1999 kukuk@suse.de
  - pam_unix2: more bug fixes
* Tue Jun 29 1999 kukuk@suse.de
  - pam_unix2: Fix "inactive" password
* Mon Jun 28 1999 kukuk@suse.de
  - pam_warn: Add missing functions
  - other.pamd: Update
  - Add more doku
* Thu Jun 24 1999 kukuk@suse.de
  - Add securetty config file
  - Fix Debian pam_env patch
* Mon Jun 21 1999 kukuk@suse.de
  - Update to Linux-PAM 0.67
  - Add Debian pam_env patch
* Thu Jun 17 1999 kukuk@suse.de
  - pam_ftp malloc (core dump) fix
* Tue Jun 15 1999 kukuk@suse.de
  - pam_unix2 fixes
* Mon Jun 07 1999 kukuk@suse.de
  - First PAM package: pam 0.66, pwdb 0.57 and pam_unix2

Files

/usr/lib/libpam.so.0
/usr/lib/libpam.so.0.85.1
/usr/lib/libpam_misc.so.0
/usr/lib/libpam_misc.so.0.82.1
/usr/lib/libpamc.so.0
/usr/lib/libpamc.so.0.82.1
/usr/lib/security
/usr/lib/security/pam_access.so
/usr/lib/security/pam_canonicalize_user.so
/usr/lib/security/pam_debug.so
/usr/lib/security/pam_deny.so
/usr/lib/security/pam_echo.so
/usr/lib/security/pam_env.so
/usr/lib/security/pam_exec.so
/usr/lib/security/pam_faildelay.so
/usr/lib/security/pam_faillock.so
/usr/lib/security/pam_filter.so
/usr/lib/security/pam_ftp.so
/usr/lib/security/pam_group.so
/usr/lib/security/pam_keyinit.so
/usr/lib/security/pam_listfile.so
/usr/lib/security/pam_localuser.so
/usr/lib/security/pam_loginuid.so
/usr/lib/security/pam_mail.so
/usr/lib/security/pam_mkhomedir.so
/usr/lib/security/pam_motd.so
/usr/lib/security/pam_namespace.so
/usr/lib/security/pam_nologin.so
/usr/lib/security/pam_permit.so
/usr/lib/security/pam_pwhistory.so
/usr/lib/security/pam_rhosts.so
/usr/lib/security/pam_rootok.so
/usr/lib/security/pam_securetty.so
/usr/lib/security/pam_selinux.so
/usr/lib/security/pam_sepermit.so
/usr/lib/security/pam_setquota.so
/usr/lib/security/pam_shells.so
/usr/lib/security/pam_stress.so
/usr/lib/security/pam_succeed_if.so
/usr/lib/security/pam_time.so
/usr/lib/security/pam_tty_audit.so
/usr/lib/security/pam_umask.so
/usr/lib/security/pam_unix.so
/usr/lib/security/pam_usertype.so
/usr/lib/security/pam_warn.so
/usr/lib/security/pam_wheel.so
/usr/lib/security/pam_xauth.so


Generated by rpm2html 1.8.1

Fabrice Bellet, Fri Dec 13 23:36:37 2024