| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: pam-devel | Distribution: openSUSE:Factory:zSystems |
| Version: 1.5.3 | Vendor: openSUSE |
| Release: 3.1 | Build date: Fri Sep 1 17:24:21 2023 |
| Group: Development/Libraries/C and C++ | Build host: s390zl23 |
| Size: 51178 | Source RPM: pam-1.5.3-3.1.src.rpm |
| Packager: https://bugs.opensuse.org | |
| Url: https://github.com/linux-pam/linux-pam | |
| Summary: Include Files and Libraries for PAM Development | |
PAM (Pluggable Authentication Modules) is a system security tool which allows system administrators to set authentication policy without having to recompile programs which do authentication. This package contains header files and static libraries used for building both PAM-aware applications and modules for use with PAM.
GPL-2.0-or-later OR BSD-3-Clause
* Wed Aug 23 2023 Thorsten Kukuk <kukuk@suse.com>
- Fix building without SELinux
* Mon Aug 07 2023 Thorsten Kukuk <kukuk@suse.com>
- pam_access backports from upstream:
- pam_access-doc-IPv6-link-local.patch:
Document only partial supported IPv6 link local addresses
- pam_access-hostname-debug.patch:
Don't print error if we cannot resolve a hostname, does not
need to be a hostname
- pam_shells-fix-econf-memory-leak.patch:
Free econf keys variable
- disable-examples.patch:
Don't build examples
* Tue May 09 2023 Thorsten Kukuk <kukuk@suse.com>
- Update to final 1.5.3 release:
- configure: added --enable-logind option to use logind instead of utmp
in pam_issue and pam_timestamp.
- pam_modutil_getlogin: changed to use getlogin() from libc instead of
parsing utmp.
- Added libeconf support to pam_env and pam_shells.
- Added vendor directory support to pam_access, pam_env, pam_group,
pam_faillock, pam_limits, pam_namespace, pam_pwhistory, pam_sepermit,
pam_shells, and pam_time.
- pam_limits: changed to not fail on missing config files.
- pam_pwhistory: added conf= option to specify config file location.
- pam_pwhistory: added file= option to specify password history file
location.
- pam_shells: added shells.d support when libeconf and vendordir are enabled.
- Deprecated pam_lastlog: this module is no longer built by default because
it uses utmp, wtmp, btmp and lastlog, but none of them are Y2038 safe,
even on 64bit architectures.
pam_lastlog will be removed in one of the next releases, consider using
pam_lastlog2 (from https://github.com/thkukuk/lastlog2) and/or
pam_wtmpdb (from https://github.com/thkukuk/wtmpdb) instead.
- Deprecated _pam_overwrite(), _pam_overwrite_n(), and _pam_drop_reply()
macros provided by _pam_macros.h; the memory override performed by these
macros can be optimized out by the compiler and therefore can no longer
be relied upon.
* Thu Apr 20 2023 Thorsten Kukuk <kukuk@suse.com>
- pam-extra: add split provide
* Wed Apr 12 2023 Thorsten Kukuk <kukuk@suse.com>
- pam-userdb: add split provide
* Tue Apr 11 2023 Thorsten Kukuk <kukuk@suse.com>
- Drop pam-xauth_ownership.patch, got fixed in sudo itself
- Drop pam-bsc1177858-dont-free-environment-string.patch, was a
fix for above patch
* Thu Apr 06 2023 Thorsten Kukuk <kukuk@suse.com>
- Use bcond selinux to disable SELinux
- Remove old pam_unix_* compat symlinks
- Move pam_userdb to own pam-userdb sub-package
- pam-extra contains now modules having extended dependencies like
libsystemd
- Update to 1.5.3.90 git snapshot
- Drop merged patches:
- pam-git.diff
- docbook5.patch
- pam_pwhistory-docu.patch
- pam_xauth_data.3.xml.patch
- Drop Linux-PAM-1.5.2.90.tar.xz as we have to rebuild all
documentation anyways and don't use the prebuild versions
- Move all devel manual pages to pam-manpages, too. Fixes the
problem that adjusted defaults not shown correct.
* Mon Mar 20 2023 Thorsten Kukuk <kukuk@suse.com>
- Add common-session-nonlogin and postlogin-* pam.d config files
for https://github.com/SUSE/pam-config/pull/16, pam_lastlog2
and upcoming pam_wtmpdb.
* Fri Mar 10 2023 Giuliano Belinassi <giuliano.belinassi@suse.com>
- Enable livepatching support on x86_64.
* Tue Jan 24 2023 Valentin Lefebvre <valentin.lefebvre@suse.com>
- Use rpm macros for pam dist conf dir (/usr/etc/security)
* Wed Jan 18 2023 Stefan Schubert <schubi@suse.com>
- Moved following files/dirs in /etc/security to vendor directory:
access.conf, limits.d, sepermit.conf, time.conf, namespace.conf,
namespace.d, namespace.init
* Sat Dec 24 2022 Dominique Leuenberger <dleuenberger@suse.com>
- Also obsolete pam_unix-32bit to have clean upgrade path.
* Fri Dec 16 2022 Thorsten Kukuk <kukuk@suse.com>
- Merge pam_unix back into pam, seperate package not needed anymore
* Thu Dec 15 2022 Thorsten Kukuk <kukuk@suse.com>
- Update pam-git.diff to current upstream
- pam_env: Use vendor specific pam_env.conf and environment as fallback
- pam_shells: Use the vendor directory
obsoletes pam_env_econf.patch
- Refresh docbook5.patch
* Tue Dec 06 2022 Thorsten Kukuk <kukuk@suse.com>
- pam_pwhistory-docu.patch, docbook5.patch: convert docu to
docbook5
* Thu Dec 01 2022 Thorsten Kukuk <kukuk@suse.com>
- pam-git.diff: update to current git
- obsoletes pam-hostnames-in-access_conf.patch
- obsoletes tst-pam_env-retval.c
- pam_env_econf.patch refresh
* Tue Nov 22 2022 Thorsten Kukuk <kukuk@suse.com>
- Move pam_env config files below /usr/etc
* Tue Oct 11 2022 Stefan Schubert <schubi@suse.com>
- pam_env: Using libeconf for reading configuration and environment
files. (Patch: pam_env_econf.patch; Testcase: tst-pam_env-retval.c)
* Fri Jun 17 2022 Thorsten Kukuk <kukuk@suse.com>
- Keep old directory in filelist for migration
* Wed Jun 01 2022 Thorsten Kukuk <kukuk@suse.com>
- Move PAM config files from /usr/etc/pam.d to /usr/lib/pam.d
* Fri Mar 11 2022 Thorsten Kukuk <kukuk@suse.com>
- pam-hostnames-in-access_conf.patch: update with upstream
submission. Fixes several bugs including memory leaks.
* Wed Feb 09 2022 Thorsten Kukuk <kukuk@suse.com>
- Move group.conf and faillock.conf to /usr/etc/security
* Mon Feb 07 2022 Thorsten Kukuk <kukuk@suse.com>
- Update to current git for enhanced vendordir support (pam-git.diff)
Obsoletes:
- 0001-Include-pam_xauth_data.3.xml-in-source-archive-400.patch
- 0002-Only-include-vendordir-in-manual-page-if-set-401.patch
- 0003-Use-vendor-specific-limits.conf-as-fallback-402.patch
* Mon Dec 13 2021 Thorsten Kukuk <kukuk@suse.com>
- Drop pam_umask-usergroups-login_defs.patch, does more harm
than helps. If not explizit specified as module option, we
use UMASK from login.defs unmodified.
* Thu Nov 25 2021 Thorsten Kukuk <kukuk@suse.com>
- Don't define doc/manpages packages in main build
* Wed Nov 24 2021 Thorsten Kukuk <kukuk@suse.com>
- Add missing recommends and split provides
* Wed Nov 24 2021 Thorsten Kukuk <kukuk@suse.com>
- Use multibuild to build docu with correct paths and available
features.
* Mon Nov 22 2021 Thorsten Kukuk <kukuk@suse.com>
- common-session: move pam_systemd to first position as if the
file would have been generated with pam-config
- Add vendordir fixes and enhancements from upstream:
- pam_xauth_data.3.xml.patch
- 0001-Include-pam_xauth_data.3.xml-in-source-archive-400.patch
- 0002-Only-include-vendordir-in-manual-page-if-set-401.patch
- 0003-Use-vendor-specific-limits.conf-as-fallback-402.patch
- For buggy bot: Makefile-pam_unix-nis.diff belonged to the other
spec file.
* Wed Nov 17 2021 Stanislav Brabec <sbrabec@suse.com>
- Update pam-login_defs-check.sh regexp and
login_defs-support-for-pam symbol to version 1.5.2
(new variable HMAC_CRYPTO_ALGO).
* Tue Nov 02 2021 Callum Farmer <gmbr3@opensuse.org>
- Add /run/pam_timestamp to pam.tmpfiles
* Tue Oct 12 2021 Josef Möllers <josef.moellers@suse.com>
- Corrected macro definition of %_pam_moduledir:
%_pam_moduledir %{_libdir}/security
[macros.pam]
* Wed Oct 06 2021 Josef Möllers <josef.moellers@suse.com>
- Prepend a slash to the expansion of %{_lib} in macros.pam as
this are defined without a leading slash!
* Wed Sep 15 2021 Thorsten Kukuk <kukuk@suse.com>
- Rename motd.tmpfiles to pam.tmpfiles
- Add /run/faillock directory
* Fri Sep 10 2021 Thorsten Kukuk <kukuk@suse.com>
- pam-login_defs-check.sh: adjust for new login.defs variable usages
* Mon Sep 06 2021 Josef Möllers <josef.moellers@suse.com>
- Update to 1.5.2
Noteworthy changes in Linux-PAM 1.5.2:
* pam_exec: implemented quiet_log option.
* pam_mkhomedir: added support of HOME_MODE and UMASK from
/etc/login.defs.
* pam_timestamp: changed hmac algorithm to call openssl instead
of the bundled sha1 implementation if selected, added option
to select the hash algorithm to use with HMAC.
* Added pkgconfig files for provided libraries.
* Added --with-systemdunitdir configure option to specify systemd
unit directory.
* Added --with-misc-conv-bufsize configure option to specify the
buffer size in libpam_misc's misc_conv() function, raised the
default value for this parameter from 512 to 4096.
* Multiple minor bug fixes, portability fixes, documentation
improvements, and translation updates.
pam_tally2 has been removed upstream, remove pam_tally2-removal.patch
pam_cracklib has been removed from the upstream sources. This
obsoletes pam-pam_cracklib-add-usersubstr.patch and
pam_cracklib-removal.patch.
The following patches have been accepted upstream and, so,
are obsolete:
- pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch
- pam_securetty-don-t-complain-about-missing-config.patch
- bsc1184358-prevent-LOCAL-from-being-resolved.patch
- revert-check_shadow_expiry.diff
[Linux-PAM-1.5.2-docs.tar.xz, Linux-PAM-1.5.2-docs.tar.xz.asc,
Linux-PAM-1.5.2.tar.xz, Linux-PAM-1.5.2.tar.xz.asc,
pam-pam_cracklib-add-usersubstr.patch, pam_cracklib-removal.patch,
pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch,
pam_securetty-don-t-complain-about-missing-config.patch,
bsc1184358-prevent-LOCAL-from-being-resolved.patch,
revert-check_shadow_expiry.diff]
* Thu Aug 12 2021 Thorsten Kukuk <kukuk@suse.com>
- pam_umask-usergroups-login_defs.patch: Deprecate pam_umask
explicit "usergroups" option and instead read it from login.def's
"USERGROUP_ENAB" option if umask is only defined there.
[bsc#1189139]
* Tue Aug 03 2021 pgajdos@suse.com
- package man5/motd.5 as a man-pages link to man8/pam_motd.8
[bsc#1188724]
* Tue Jul 13 2021 Thorsten Kukuk <kukuk@suse.com>
- revert-check_shadow_expiry.diff: revert wrong
CRYPT_SALT_METHOD_LEGACY check.
* Fri Jun 25 2021 Callum Farmer <gmbr3@opensuse.org>
- Create /run/motd.d
* Wed Jun 09 2021 Ludwig Nussel <lnussel@suse.de>
- Remove legacy pre-usrmerge compat code (removed pam-usrmerge.diff)
- Backport patch to not install /usr/etc/securetty (boo#1033626) ie
no distro defaults and don't complain about it missing
(pam_securetty-don-t-complain-about-missing-config.patch)
- add debug bcond to be able to build pam with debug output easily
- add macros file to allow other packages to stop hardcoding
directory names. Compatible with Fedora.
* Mon May 10 2021 Josef Möllers <josef.moellers@suse.com>
- In the 32-bit compatibility package for 64-bit architectures,
require "systemd-32bit" to be also installed as it contains
pam_systemd.so for 32 bit applications.
[bsc#1185562, baselibs.conf]
* Wed Apr 07 2021 Josef Möllers <josef.moellers@suse.com>
- If "LOCAL" is configured in access.conf, and a login attempt from
a remote host is made, pam_access tries to resolve "LOCAL" as
a hostname and logs a failure.
Checking explicitly for "LOCAL" and rejecting access in this case
resolves this issue.
[bsc#1184358, bsc1184358-prevent-LOCAL-from-being-resolved.patch]
* Wed Mar 31 2021 Josef Möllers <josef.moellers@suse.com>
- pam_limits: "unlimited" is not a legitimate value for "nofile"
(see setrlimit(2)). So, when "nofile" is set to one of the
"unlimited" values, it is set to the contents of
"/proc/sys/fs/nr_open" instead.
Also changed the manpage of pam_limits to express this.
[bsc#1181443, pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch]
* Thu Feb 18 2021 Thorsten Kukuk <kukuk@suse.com>
- Add missing conflicts for pam_unix-nis
* Tue Feb 16 2021 Thorsten Kukuk <kukuk@suse.com>
- Split out pam_unix module and build without NIS support
* Fri Nov 27 2020 Thorsten Kukuk <kukuk@suse.com>
- Update to 1.5.1
- pam_unix: fixed CVE-2020-27780 - authentication bypass when a user
doesn't exist and root password is blank [bsc#1179166]
- pam_faillock: added nodelay option to not set pam_fail_delay
- pam_wheel: use pam_modutil_user_in_group to check for the group membership
with getgrouplist where it is available
* Thu Nov 26 2020 Ludwig Nussel <lnussel@suse.de>
- add macros.pam to abstract directory for pam modules
* Thu Nov 19 2020 Thorsten Kukuk <kukuk@suse.com>
- Update to 1.5.0
- obsoletes pam-bsc1178727-initialize-daysleft.patch
- Multiple minor bug fixes, portability fixes, and documentation improvements.
- Extended libpam API with pam_modutil_check_user_in_passwd function.
- pam_faillock: changed /run/faillock/$USER permissions from 0600 to 0660.
- pam_motd: read motd files with target user credentials skipping unreadable ones.
- pam_pwhistory: added a SELinux helper executable.
- pam_unix, pam_usertype: implemented avoidance of certain timing attacks.
- pam_wheel: implemented PAM_RUSER fallback for the case when getlogin fails.
- pam_env: Reading of the user environment is deprecated and will be removed
at some point in the future.
- libpam: pam_modutil_drop_priv() now correctly sets the target user's
supplementary groups, allowing pam_motd to filter messages accordingly
- Refresh pam-xauth_ownership.patch
- pam_tally2-removal.patch: Re-add pam_tally2 for deprecated sub-package
- pam_cracklib-removal.patch: Re-add pam_cracklib for deprecated sub-package
* Wed Nov 18 2020 Josef Möllers <josef.moellers@suse.com>
- pam_cracklib: added code to check whether the password contains
a substring of of the user's name of at least <N> characters length
in some form.
This is enabled by the new parameter "usersubstr=<N>"
See https://github.com/libpwquality/libpwquality/commit/bfef79dbe6aa525e9557bf4b0a61e6dde12749c4
[jsc#SLE-16719, jsc#SLE-16720, pam-pam_cracklib-add-usersubstr.patch]
* Wed Nov 18 2020 Josef Möllers <josef.moellers@suse.com>
- pam_xauth.c: do not free() a string which has been (successfully)
passed to putenv().
[bsc#1177858, pam-bsc1177858-dont-free-environment-string.patch]
* Fri Nov 13 2020 Josef Möllers <josef.moellers@suse.com>
- Initialize pam_unix pam_sm_acct_mgmt() local variable "daysleft"
to avoid spurious (and misleading)
Warning: your password will expire in ... days.
fixed upstream with commit db6b293046a
[bsc#1178727, pam-bsc1178727-initialize-daysleft.patch]
* Tue Nov 10 2020 Thorsten Kukuk <kukuk@suse.com>
- Enable pam_faillock [bnc#1171562]
* Thu Oct 29 2020 Ludwig Nussel <lnussel@suse.de>
- prepare usrmerge (boo#1029961, pam-usrmerge.diff)
* Thu Oct 08 2020 Josef Möllers <josef.moellers@suse.com>
- /usr/bin/xauth chokes on the old user's $HOME being on an NFS
file system. Run /usr/bin/xauth using the old user's uid/gid
Patch courtesy of Dr. Werner Fink.
[bsc#1174593, pam-xauth_ownership.patch]
* Thu Oct 08 2020 Stanislav Brabec <sbrabec@suse.com>
- pam-login_defs-check.sh: Fix the regexp to get a real variable
list (boo#1164274).
* Wed Jun 24 2020 Josef Möllers <josef.moellers@suse.com>
- Revert the previous change [SR#815713].
The group is not necessary for PAM functionality but used only
during testing. The test system should therefore create this group.
[bsc#1171016, pam.spec]
* Mon Jun 15 2020 Josef Möllers <josef.moellers@suse.com>
- Add requirement for group "wheel" to spec file.
[bsc#1171016, pam.spec]
* Mon Jun 08 2020 Thorsten Kukuk <kukuk@suse.com>
- Update to final 1.4.0 release
- includes pam-check-user-home-dir.patch
- obsoletes fix-man-links.dif
* Mon Jun 08 2020 Thorsten Kukuk <kukuk@suse.com>
- common-password: remove pam_cracklib, as that is deprecated.
* Thu May 28 2020 Josef Möllers <josef.moellers@suse.com>
- pam_setquota.so:
When setting quota, don't apply any quota if the user's $HOME is
a mountpoint (ie the user has a partition of his/her own).
[bsc#1171721, pam-check-user-home-dir.patch]
* Wed May 27 2020 Thorsten Kukuk <kukuk@suse.com>
- Update to current Linux-PAM snapshot
- pam_tally* and pam_cracklib got deprecated
- Disable pam_faillock and pam_setquota until they are whitelisted
* Tue May 12 2020 Josef Möllers <josef.moellers@suse.com>
- Adapted patch pam-hostnames-in-access_conf.patch for new version
New version obsoleted patch use-correct-IP-address.patch
[pam-hostnames-in-access_conf.patch,
use-correct-IP-address.patch]
* Tue May 12 2020 Thorsten Kukuk <kukuk@suse.com>
- Update to current Linux-PAM snapshot
- Obsoletes pam_namespace-systemd.diff
* Tue May 12 2020 Thorsten Kukuk <kukuk@suse.com>
- Update to current Linux-PAM snapshot
- Add pam_faillock
- Multiple minor bug fixes and documentation improvements
- Fixed grammar of messages printed via pam_prompt
- Added support for a vendor directory and libeconf
- configure: Allowed disabling documentation through --disable-doc
- pam_get_authtok_verify: Avoid duplicate password verification
- pam_env: Changed the default to not read the user .pam_environment file
- pam_group, pam_time: Fixed logical error with multiple ! operators
- pam_keyinit: In pam_sm_setcred do the same as in pam_sm_open_session
- pam_lastlog: Do not log info about failed login if the session was opened
with PAM_SILENT flag
- pam_lastlog: Limit lastlog file use by LASTLOG_UID_MAX option in login.defs
- pam_lastlog: With 'unlimited' option prevent SIGXFSZ due to reduced 'fsize'
limit
- pam_motd: Export MOTD_SHOWN=pam after showing MOTD
- pam_motd: Support multiple motd paths specified, with filename overrides
- pam_namespace: Added a systemd service, which creates the namespaced
instance parent directories during boot
- pam_namespace: Support for noexec, nosuid and nodev flags for tmpfs mounts
- pam_shells: Recognize /bin/sh as the default shell
- pam_succeed_if: Support lists in group membership checks
- pam_tty_audit: If kernel audit is disabled return PAM_IGNORE
- pam_umask: Added new 'nousergroups' module argument and allowed specifying
the default for usergroups at build-time
- pam_unix: Added 'nullresetok' option to allow resetting blank passwords
- pam_unix: Report unusable hashes found by checksalt to syslog
- pam_unix: Support for (gost-)yescrypt hashing methods
- pam_unix: Use bcrypt b-variant when it bcrypt is chosen
- pam_usertype: New module to tell if uid is in login.defs ranges
- Added new API call pam_start_confdir() for special applications that
cannot use the system-default PAM configuration paths and need to
explicitly specify another path
- pam_namespace-systemd.diff: fix path of pam_namespace.services
* Thu Apr 02 2020 Ludwig Nussel <lnussel@suse.de>
- own /usr/lib/motd.d/ so other packages can add files there
* Tue Mar 24 2020 Josef Möllers <josef.moellers@suse.com>
- Listed all manual pages seperately as pam_userdb.8 has been moved
to pam-extra.
Also %exclude %{_defaultdocdir}/pam as the docs are in a separate
package.
[pam.spec]
* Mon Mar 16 2020 Josef Möllers <josef.moellers@suse.com>
- pam_userdb moved to a new package pam-extra as pam-modules
is obsolete and not part of SLE.
[bsc#1166510, pam.spec]
* Thu Mar 12 2020 Josef Möllers <josef.moellers@suse.com>
- Removed pam_userdb from this package and moved to pam-modules.
This removed the requirement for libdb.
Also made "xz" required for all releases.
Remove limits for nproc from /etc/security/limits.conf
[bsc#1164562, bsc#1166510, bsc#1110700, pam.spec]
* Wed Feb 19 2020 kukuk@suse.de
- Recommend login.defs only (no hard requirement)
/usr/include/security /usr/include/security/_pam_compat.h /usr/include/security/_pam_macros.h /usr/include/security/_pam_types.h /usr/include/security/pam_appl.h /usr/include/security/pam_client.h /usr/include/security/pam_ext.h /usr/include/security/pam_filter.h /usr/include/security/pam_misc.h /usr/include/security/pam_modules.h /usr/include/security/pam_modutil.h /usr/lib/rpm/macros.d/macros.pam /usr/lib64/libpam.so /usr/lib64/libpam_misc.so /usr/lib64/libpamc.so /usr/lib64/pkgconfig/pam.pc /usr/lib64/pkgconfig/pam_misc.pc /usr/lib64/pkgconfig/pamc.pc
Generated by rpm2html 1.8.1
Fabrice Bellet, Sat Mar 9 12:50:11 2024