[Touch-packages] [Bug 1916509] Re: Update PAM and PAM modules
This bug was fixed in the package pam - 1.4.0-10ubuntu1 --- pam (1.4.0-10ubuntu1) jammy; urgency=medium * Merge from Debian unstable (LP: #1916509). Remaining changes: - debian/control: have libpam-modules recommend update-motd package - debian/libpam-modules.postinst: Add PATH to /etc/environment if it's not present there or in /etc/security/pam_env.conf. (should send to Debian). - debian/libpam0g.postinst: only ask questions during update-manager when there are non-default services running. - debian/libpam0g.postinst: check if gdm is actually running before trying to reload it. - debian/patches-applied/ubuntu-rlimit_nice_correction: Explicitly initialise RLIMIT_NICE rather than relying on the kernel limits. - debian/patches-applied/pam_umask_usergroups_from_login.defs.patch: Deprecate pam_unix's explicit "usergroups" option and instead read it from /etc/login.def's "USERGROUP_ENAB" option if umask is only defined there. This restores compatibility with the pre-PAM behaviour of login. - debian/patches-applied/pam_motd-legal-notice: display the contents of /etc/legal once, then set a flag in the user's homedir to prevent showing it again. - debian/update-motd.5, debian/libpam-modules.manpages: add a manpage for update-motd, with some best practices and notes of explanation. - debian/patches/update-motd-manpage-ref: add a reference in pam_motd(8) to update-motd(5) - debian/local/common-session{,-noninteractive}: Enable pam_umask by default, now that the umask setting is gone from /etc/profile. - debian/local/pam-auth-update: Add the new md5sums for pam_umask addition. - debian/patches-applied/extrausers.patch: Add a pam_extrausers module that is basically just a copy of pam_unix but looks at /var/lib/extrausers/{group,passwd,shadow} instead of /etc/ - debian/libpam-modules-bin.install: install the helper binaries for pam_extrausers to /sbin - debian/rules: Make pam_extrausers_chkpwd sguid shadow - Add lintian override for pam_extrausers_chkpwd - Disable custom daemon restart detection code if needrestart is available - d/libpam-modules.postinst: Add /snap/bin to $PATH in /etc/environment * Dropped changes, obsoleted: - pam_motd: Export MOTD_SHOWN=pam after showing MOTD - Return only PAM_IGNORE or error from pam_motd - Fix patches to fix FTBFS - Backport pam_faillock module from pam 1.4.0 - debian/patches-applied/nullok_secure-compat.patch: Support nullok_secure as a deprecated alias for nullok. - debian/pam-configs/unix: use nullok, not nullok_secure. * Patches: - d/p/pam_motd-legal-notice: refreshed - Refreshed d/p/pam_umask_usergroups_from_login.defs.patch to use pam_modutil_search_key instead of our own hand-rolled version - d/p/extrausers.patch: Refreshed the patch and fixed the HAVE_LIBSELINUX conditional removed upstream. * d/local/pam-auth-update: refreshed the md5sum for debian/local/common-session -- Simon Chopin Tue, 26 Oct 2021 10:49:14 +0200 ** Changed in: pam (Ubuntu) Status: In Progress => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pam in Ubuntu. https://bugs.launchpad.net/bugs/1916509 Title: Update PAM and PAM modules Status in pam package in Ubuntu: Fix Released Bug description: I want to implement pam_faillock which replaces pam_tally2 but requires pam version >= 1.4.0 The ability to 'reliably' lock accounts after a certain number of failed attempts is a requirement of the NIST 800-171 controls implemented by many U.S. government agencies and contractors. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1916509/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1916509] Re: Update PAM and PAM modules
Removed request for sponsors, submitting MP against the packaging Git repo instead. ** Merge proposal linked: https://code.launchpad.net/~schopin/ubuntu/+source/pam/+git/pam/+merge/407168 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pam in Ubuntu. https://bugs.launchpad.net/bugs/1916509 Title: Update PAM and PAM modules Status in pam package in Ubuntu: In Progress Bug description: I want to implement pam_faillock which replaces pam_tally2 but requires pam version >= 1.4.0 The ability to 'reliably' lock accounts after a certain number of failed attempts is a requirement of the NIST 800-171 controls implemented by many U.S. government agencies and contractors. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1916509/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1916509] Re: Update PAM and PAM modules
** Patch added: "pam_from_debian.debdiff" https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1916509/+attachment/5517313/+files/pam_from_debian.debdiff -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pam in Ubuntu. https://bugs.launchpad.net/bugs/1916509 Title: Update PAM and PAM modules Status in pam package in Ubuntu: In Progress Bug description: I want to implement pam_faillock which replaces pam_tally2 but requires pam version >= 1.4.0 The ability to 'reliably' lock accounts after a certain number of failed attempts is a requirement of the NIST 800-171 controls implemented by many U.S. government agencies and contractors. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1916509/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1916509] Re: Update PAM and PAM modules
Deleting attachments as they're superseded by these new versions. First the diff against Ubuntu, followed by the one against Debian for reference. ** Patch removed: "pam_from_ubuntu.debdiff" https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1916509/+attachment/5517278/+files/pam_from_ubuntu.debdiff ** Patch removed: "pam_from_debian.debdiff" https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1916509/+attachment/5517277/+files/pam_from_debian.debdiff ** Patch added: "pam_from_ubuntu.debdiff" https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1916509/+attachment/5517312/+files/pam_from_ubuntu.debdiff -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pam in Ubuntu. https://bugs.launchpad.net/bugs/1916509 Title: Update PAM and PAM modules Status in pam package in Ubuntu: In Progress Bug description: I want to implement pam_faillock which replaces pam_tally2 but requires pam version >= 1.4.0 The ability to 'reliably' lock accounts after a certain number of failed attempts is a requirement of the NIST 800-171 controls implemented by many U.S. government agencies and contractors. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1916509/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1916509] Re: Update PAM and PAM modules
Here's the diff from the Ubuntu branch, much more massive as it includes the upstream diff... ** Patch added: "pam_from_ubuntu.debdiff" https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1916509/+attachment/5517278/+files/pam_from_ubuntu.debdiff ** Tags added: fr-1604 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pam in Ubuntu. https://bugs.launchpad.net/bugs/1916509 Title: Update PAM and PAM modules Status in pam package in Ubuntu: In Progress Bug description: I want to implement pam_faillock which replaces pam_tally2 but requires pam version >= 1.4.0 The ability to 'reliably' lock accounts after a certain number of failed attempts is a requirement of the NIST 800-171 controls implemented by many U.S. government agencies and contractors. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1916509/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1916509] Re: Update PAM and PAM modules
I worked on the merge from the current Debian version. Attached is the debdiff from the current Debian version, I'll post the debdiff from the current Ubuntu version shortly. I've uploaded the package to my PPA, see https://launchpad.net/~schopin/+archive/ubuntu/test- ppa/+sourcepub/12642612/+listing-archive-extra ** Changed in: pam (Ubuntu) Status: New => In Progress ** Changed in: pam (Ubuntu) Assignee: (unassigned) => Simon Chopin (schopin) ** Patch added: "pam_from_debian.debdiff" https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1916509/+attachment/5517277/+files/pam_from_debian.debdiff -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pam in Ubuntu. https://bugs.launchpad.net/bugs/1916509 Title: Update PAM and PAM modules Status in pam package in Ubuntu: In Progress Bug description: I want to implement pam_faillock which replaces pam_tally2 but requires pam version >= 1.4.0 The ability to 'reliably' lock accounts after a certain number of failed attempts is a requirement of the NIST 800-171 controls implemented by many U.S. government agencies and contractors. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1916509/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp