lp://staging/ubuntu/lucid-security/pam
- Get this branch:
- bzr branch lp://staging/ubuntu/lucid-security/pam
Branch merges
Branch information
Recent revisions
- 67. By Marc Deslauriers
-
* SECURITY UPDATE: possible code execution via incorrect environment file
parsing (LP: #874469)
- debian/patches- applied/ CVE-2011- 3148.patch: correctly count leading
whitespace when parsing environment file in modules/pam_env/ pam_env. c.
- CVE-2011-3148
* SECURITY UPDATE: denial of service via overflowed environment variable
expansion (LP: #874565)
- debian/patches- applied/ CVE-2011- 3149.patch: when overflowing, exit
with PAM_BUF_ERR in modules/pam_env/ pam_env. c.
- CVE-2011-3149
* SECURITY UPDATE: code execution via incorrect environment cleaning
- debian/patches- applied/ update- motd: updated to use clean environment
and absolute paths in modules/pam_motd/ pam_motd. c.
- CVE-2011-XXXX - 66. By Marc Deslauriers
-
* SECURITY REGRESSION:
- debian/patches/ security- dropprivs. patch: updated patch to preserve
ABI and prevent daemons from needing to be restarted. (LP: #790538)
- debian/patches/ autoconf. patch: refreshed - 65. By Marc Deslauriers
-
* SECURITY UPDATE: multiple issues with lack of adequate privilege
dropping
- debian/patches/ security- dropprivs. patch: introduce new privilege
dropping code in libpam/pam_modutil_ priv.c, libpam/Makefile.*,
libpam/include/ security/ pam_modutil. h, libpam/libpam.map,
modules/pam_env/ pam_env. c, modules/ pam_mail/ pam_mail. c,
modules/pam_xauth/ pam_xauth. c.
- CVE-2010-3316
- CVE-2010-3430
- CVE-2010-3431
- CVE-2010-3435
- CVE-2010-4706
- CVE-2010-4707
* SECURITY UPDATE: privilege escalation via incorrect environment
- debian/patches/ CVE-2010- 3853.patch: use clean environment in
modules/pam_namespace/ pam_namespace. c.
- CVE-2010-3853
* debian/patches- applied/ series: disable hurd_no_setfsuid patch, as it
isn't needed for Ubuntu, and it needs to be rewritten to work with the
massive privilege refactoring in the security patches. - 64. By Kees Cook
-
* SECURITY UPDATE: root privilege escalation via symlink following.
- debian/patches- applied/ pam_motd- legal-notice: drop privs for work.
- CVE-2010-0832 - 63. By Dustin Kirkland
-
* debian/
update- motd.5, debian/ libpam- modules. manpages: add a manpage
for update-motd, with some best practices and notes of explanation,
LP: #562566
* debian/patches/ update- motd-manpage- ref: add a reference in pam_mod(8)
to update-motd(5), LP: #552175 - 62. By Steve Langasek
-
* Merge from Debian, remaining changes:
- debian/libpam- modules. postinst: Add PATH to /etc/environment if it's not
present there or in /etc/security/pam_env. conf. (should send to Debian).
- debian/libpam0g. postinst: only ask questions during update-manager when
there are non-default services running.
- debian/patches- applied/ series: Ubuntu patches are as below ...
- debian/patches- applied/ ubuntu- no-error- if-missingok: add a new, magic
module option 'missingok' which will suppress logging of errors by
libpam if the module is not found.
- debian/patches- applied/ ubuntu- rlimit_ nice_correction : Explicitly
initialise RLIMIT_NICE rather than relying on the kernel limits.
- Change Vcs-Bzr to point at the Ubuntu branch.
- Make libpam-modules depend on base-files (>= 5.0.0ubuntu6), to ensure
run-parts does the right thing in /etc/update-motd.d.
- debian/patches- applied/ pam_motd- legal-notice: display the contents of
/etc/legal once, then set a flag in the user's homedir to prevent showing
it again.
- debian/local/common- {auth,account, password} .md5sums: include the
Ubuntu-specific intrepid,jaunty md5sums for use during the
common-session- noninteractive upgrade. - 61. By Steve Langasek
-
* Merge from Debian, remaining changes:
- debian/libpam- modules. postinst: Add PATH to /etc/environment if it's not
present there or in /etc/security/pam_env. conf. (should send to Debian).
- debian/libpam0g. postinst: only ask questions during update-manager when
there are non-default services running.
- debian/patches- applied/ series: Ubuntu patches are as below ...
- debian/patches- applied/ ubuntu- no-error- if-missingok: add a new, magic
module option 'missingok' which will suppress logging of errors by
libpam if the module is not found.
- debian/patches- applied/ ubuntu- rlimit_ nice_correction : Explicitly
initialise RLIMIT_NICE rather than relying on the kernel limits.
- Change Vcs-Bzr to point at the Ubuntu branch.
- Make libpam-modules depend on base-files (>= 5.0.0ubuntu6), to ensure
run-parts does the right thing in /etc/update-motd.d.
- debian/patches- applied/ pam_motd- legal-notice: display the contents of
/etc/legal once, then set a flag in the user's homedir to prevent showing
it again.
- debian/local/common- {auth,account, password} .md5sums: include the
Ubuntu-specific intrepid,jaunty md5sums for use during the
common-session- noninteractive upgrade. - 59. By Steve Langasek
-
* "Rebase" Ubuntu patches to apply them last in the series.
* Drop patch ubuntu-regression_ fix_securetty, superseded by the more
precise fix in pam_securetty_tty_check_ before_ user_check. - 58. By Steve Langasek
-
* Merge from Debian, remaining changes:
- debian/libpam- modules. postinst: Add PATH to /etc/environment if it's not
present there or in /etc/security/pam_env. conf. (should send to Debian).
- debian/libpam0g. postinst: only ask questions during update-manager when
there are non-default services running.
- debian/patches- applied/ series: Ubuntu patches are as below ...
- debian/patches- applied/ ubuntu- no-error- if-missingok: add a new, magic
module option 'missingok' which will suppress logging of errors by
libpam if the module is not found.
- debian/patches- applied/ ubuntu- regression_ fix_securetty: prompt for
password on bad username.
- debian/patches- applied/ ubuntu- rlimit_ nice_correction : Explicitly
initialise RLIMIT_NICE rather than relying on the kernel limits.
- Change Vcs-Bzr to point at the Ubuntu branch.
- Make libpam-modules depend on base-files (>= 5.0.0ubuntu6), to ensure
run-parts does the right thing in /etc/update-motd.d.
- debian/patches- applied/ pam_motd- legal-notice: display the contents of
/etc/legal once, then set a flag in the user's homedir to prevent showing
it again.
- debian/local/common- {auth,account, password} .md5sums: include the
Ubuntu-specific intrepid,jaunty md5sums for use during the
common-session- noninteractive upgrade.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp://staging/ubuntu/maverick/pam