Hi guys,
I have an upload of pam in preparation that violates Neil's recently-posted
list of criteria for freeze exceptions in every conceivable way.
- no RC bugfixes
- package is definitely not priority: optional or extra
- includes fixes for bugs of normal or lower
- includes upstream changes with no linked Debian bug report.
So while I would vouch for this being a good set of improvements over the
current package, you probably don't want the whole thing since it's also
low-priority. :)
But perhaps there's a subset of fixes that are worth considering? Below is
the current debian changelog for the package, followed by my suggestions of
which bits might be suitable input for a 'squeeze' package branch that I
could upload to testing.
If you say 'no' to all of it, I can just upload pam 1.1.2-1 to unstable
since there are no ABI changes involved; but before that I'd like to confirm
whether you'd like any part of this in squeeze.
pam (1.1.2-1) UNRELEASED; urgency=low
* New upstream release.
- Add support for NSS groups to pam_group. Closes: #589019,
LP: #297408.
- Support cross-building the package. Thanks to Neil Williams
<codehelp@debian.org> for the patch. Closes: #284854.
* debian/rules: pass getconf LFS_CFLAGS so that we get a 64-bit rlimit
interface. Closes: #579402.
* Drop patches conditional_module,_conditional_man and
mkhomedir_linking.patch, which are included upstream.
* debian/patches/hurd_no_setfsuid: pam_env and pam_mail now also use
setfsuid, so patch them to be likewise Hurd-safe.
* Update debian/source.lintian-overrides to clean up some spurious
warnings.
* debian/libpam-modules.postinst: if any 'min=n' options are found in
/etc/pam.d/common-password, convert them on upgrade to 'minlen=n' for
compatibility with upstream.
* debian/NEWS: document the disappearance of 'min=n', in case users have
encoded this option elsewhere outside of /etc/pam.d/common-password.
* debian/patches/007_modules_pam_unix: drop compatibility handling of
'max=' no-op; use of this option will now log an error, as warned three
years ago.
* Bump Standards-Version to 3.9.1.
* Add lintian overrides for a few more spurious warnings.
* debian/patches-applied/no_PATH_MAX_on_hurd: define PATH_MAX for
compatibility when it's not already set. Closes: #552043.
* debian/local/pam-auth-update: Don't try to pass embedded newlines to
debconf; backslash-escape them instead and use CAPB escape.
* debian/local/pam-auth-update: sort additional module options before
writing them out, so that we don't wind up with a different config file
on every invocation. Thanks to Jim Paris <jim@jtan.com> for the patch.
Closes: #594123.
The bits I recommend taking are these:
* debian/rules: pass getconf LFS_CFLAGS so that we get a 64-bit rlimit
interface. Closes: #579402.
* Update debian/source.lintian-overrides to clean up some spurious
warnings.
* Bump Standards-Version to 3.9.1.
* Add lintian overrides for a few more spurious warnings.
* debian/patches-applied/no_PATH_MAX_on_hurd: define PATH_MAX for
compatibility when it's not already set. Closes: #552043.
* debian/local/pam-auth-update: Don't try to pass embedded newlines to
debconf; backslash-escape them instead and use CAPB escape.
* debian/local/pam-auth-update: sort additional module options before
writing them out, so that we don't wind up with a different config file
on every invocation. Thanks to Jim Paris <jim@jtan.com> for the patch.
Closes: #594123.
The pam-auth-update fix for embedded newlines is a potential security issue
with certain locally generated PAM module profiles (no bug filed).
What would you like me to do?
Thanks,
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer http://www.debian.org/
slangasek@ubuntu.com vorlon@debian.org
Attachment:
signature.asc
Description: Digital signature