Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

pam-devel-1.5.2-6.4 RPM for armv6hl

From OpenSuSE Ports Tumbleweed for armv6hl

Name: pam-devel Distribution: openSUSE Tumbleweed
Version: 1.5.2 Vendor: openSUSE
Release: 6.4 Build date: Thu May 12 23:03:33 2022
Group: Development/Libraries/C and C++ Build host: obs-arm-10
Size: 99788 Source RPM: pam-1.5.2-6.4.src.rpm
Summary: Include Files and Libraries for PAM Development
PAM (Pluggable Authentication Modules) is a system security tool which
allows system administrators to set authentication policy without
having to recompile programs which do authentication.

This package contains header files and static libraries used for
building both PAM-aware applications and modules for use with PAM.




GPL-2.0-or-later OR BSD-3-Clause


* Fri Mar 11 2022 Thorsten Kukuk <>
  - pam-hostnames-in-access_conf.patch: update with upstream
    submission. Fixes several bugs including memory leaks.
* Wed Feb 09 2022 Thorsten Kukuk <>
  - Move group.conf and faillock.conf to /usr/etc/security
* Mon Feb 07 2022 Thorsten Kukuk <>
  - Update to current git for enhanced vendordir support (pam-git.diff)
    - 0001-Include-pam_xauth_data.3.xml-in-source-archive-400.patch
    - 0002-Only-include-vendordir-in-manual-page-if-set-401.patch
    - 0003-Use-vendor-specific-limits.conf-as-fallback-402.patch
* Mon Dec 13 2021 Thorsten Kukuk <>
  - Drop pam_umask-usergroups-login_defs.patch, does more harm
    than helps. If not explizit specified as module option, we
    use UMASK from login.defs unmodified.
* Thu Nov 25 2021 Thorsten Kukuk <>
  - Don't define doc/manpages packages in main build
* Wed Nov 24 2021 Thorsten Kukuk <>
  - Add missing recommends and split provides
* Wed Nov 24 2021 Thorsten Kukuk <>
  - Use multibuild to build docu with correct paths and available
* Mon Nov 22 2021 Thorsten Kukuk <>
  - common-session: move pam_systemd to first position as if the
    file would have been generated with pam-config
  - Add vendordir fixes and enhancements from upstream:
    - pam_xauth_data.3.xml.patch
    - 0001-Include-pam_xauth_data.3.xml-in-source-archive-400.patch
    - 0002-Only-include-vendordir-in-manual-page-if-set-401.patch
    - 0003-Use-vendor-specific-limits.conf-as-fallback-402.patch
  - For buggy bot: Makefile-pam_unix-nis.diff belonged to the other
    spec file.
* Wed Nov 17 2021 Stanislav Brabec <>
  - Update regexp and
    login_defs-support-for-pam symbol to version 1.5.2
    (new variable HMAC_CRYPTO_ALGO).
* Tue Nov 02 2021 Callum Farmer <>
  - Add /run/pam_timestamp to pam.tmpfiles
* Tue Oct 12 2021 Josef Möllers <>
  - Corrected macro definition of %_pam_moduledir:
    %_pam_moduledir %{_libdir}/security
* Wed Oct 06 2021 Josef Möllers <>
  - Prepend a slash to the expansion of %{_lib} in macros.pam as
    this are defined without a leading slash!
* Wed Sep 15 2021 Thorsten Kukuk <>
  - Rename motd.tmpfiles to pam.tmpfiles
    - Add /run/faillock directory
* Fri Sep 10 2021 Thorsten Kukuk <>
  - adjust for new login.defs variable usages
* Mon Sep 06 2021 Josef Möllers <>
  - Update to 1.5.2
    Noteworthy changes in Linux-PAM 1.5.2:
    * pam_exec: implemented quiet_log option.
    * pam_mkhomedir: added support of HOME_MODE and UMASK from
    * pam_timestamp: changed hmac algorithm to call openssl instead
      of the bundled sha1 implementation if selected, added option
      to select the hash algorithm to use with HMAC.
    * Added pkgconfig files for provided libraries.
    * Added --with-systemdunitdir configure option to specify systemd
      unit directory.
    * Added --with-misc-conv-bufsize configure option to specify the
      buffer size in libpam_misc's misc_conv() function, raised the
      default value for this parameter from 512 to 4096.
    * Multiple minor bug fixes, portability fixes, documentation
      improvements, and translation updates.
    pam_tally2 has been removed upstream, remove pam_tally2-removal.patch
    pam_cracklib has been removed from the upstream sources. This
    obsoletes pam-pam_cracklib-add-usersubstr.patch and
    The following patches have been accepted upstream and, so,
    are obsolete:
    - pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch
    - pam_securetty-don-t-complain-about-missing-config.patch
    - bsc1184358-prevent-LOCAL-from-being-resolved.patch
    - revert-check_shadow_expiry.diff
    [Linux-PAM-1.5.2-docs.tar.xz, Linux-PAM-1.5.2-docs.tar.xz.asc,
    Linux-PAM-1.5.2.tar.xz, Linux-PAM-1.5.2.tar.xz.asc,
    pam-pam_cracklib-add-usersubstr.patch, pam_cracklib-removal.patch,
* Thu Aug 12 2021 Thorsten Kukuk <>
  - pam_umask-usergroups-login_defs.patch: Deprecate pam_umask
    explicit "usergroups" option and instead read it from login.def's
    "USERGROUP_ENAB" option if umask is only defined there.
* Tue Aug 03 2021
  - package man5/motd.5 as a man-pages link to man8/pam_motd.8
* Tue Jul 13 2021 Thorsten Kukuk <>
  - revert-check_shadow_expiry.diff: revert wrong
* Fri Jun 25 2021 Callum Farmer <>
  - Create /run/motd.d
* Wed Jun 09 2021 Ludwig Nussel <>
  - Remove legacy pre-usrmerge compat code (removed pam-usrmerge.diff)
  - Backport patch to not install /usr/etc/securetty (boo#1033626) ie
    no distro defaults and don't complain about it missing
  - add debug bcond to be able to build pam with debug output easily
  - add macros file to allow other packages to stop hardcoding
    directory names. Compatible with Fedora.
* Mon May 10 2021 Josef Möllers <>
  - In the 32-bit compatibility package for 64-bit architectures,
    require "systemd-32bit" to be also installed as it contains for 32 bit applications.
    [bsc#1185562, baselibs.conf]
* Wed Apr 07 2021 Josef Möllers <>
  - If "LOCAL" is configured in access.conf, and a login attempt from
    a remote host is made, pam_access tries to resolve "LOCAL" as
    a hostname and logs a failure.
    Checking explicitly for "LOCAL" and rejecting access in this case
    resolves this issue.
    [bsc#1184358, bsc1184358-prevent-LOCAL-from-being-resolved.patch]
* Wed Mar 31 2021 Josef Möllers <>
  - pam_limits: "unlimited" is not a legitimate value for "nofile"
    (see setrlimit(2)). So, when "nofile" is set to one of the
    "unlimited" values, it is set to the contents of
    "/proc/sys/fs/nr_open" instead.
    Also changed the manpage of pam_limits to express this.
    [bsc#1181443, pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch]
* Thu Feb 18 2021 Thorsten Kukuk <>
  - Add missing conflicts for pam_unix-nis
* Tue Feb 16 2021 Thorsten Kukuk <>
  - Split out pam_unix module and build without NIS support
* Fri Nov 27 2020 Thorsten Kukuk <>
  - Update to 1.5.1
    - pam_unix: fixed CVE-2020-27780 - authentication bypass when a user
      doesn't exist and root password is blank [bsc#1179166]
    - pam_faillock: added nodelay option to not set pam_fail_delay
    - pam_wheel: use pam_modutil_user_in_group to check for the group membership
      with getgrouplist where it is available
* Thu Nov 26 2020 Ludwig Nussel <>
  - add macros.pam to abstract directory for pam modules
* Thu Nov 19 2020 Thorsten Kukuk <>
  - Update to 1.5.0
    - obsoletes pam-bsc1178727-initialize-daysleft.patch
    - Multiple minor bug fixes, portability fixes, and documentation improvements.
    - Extended libpam API with pam_modutil_check_user_in_passwd function.
    - pam_faillock: changed /run/faillock/$USER permissions from 0600 to 0660.
    - pam_motd: read motd files with target user credentials skipping unreadable ones.
    - pam_pwhistory: added a SELinux helper executable.
    - pam_unix, pam_usertype: implemented avoidance of certain timing attacks.
    - pam_wheel: implemented PAM_RUSER fallback for the case when getlogin fails.
    - pam_env: Reading of the user environment is deprecated and will be removed
      at some point in the future.
    - libpam: pam_modutil_drop_priv() now correctly sets the target user's
      supplementary groups, allowing pam_motd to filter messages accordingly
  - Refresh pam-xauth_ownership.patch
  - pam_tally2-removal.patch: Re-add pam_tally2 for deprecated sub-package
  - pam_cracklib-removal.patch: Re-add pam_cracklib for deprecated sub-package
* Wed Nov 18 2020 Josef Möllers <>
  - pam_cracklib: added code to check whether the password contains
    a substring of of the user's name of at least <N> characters length
    in some form.
    This is enabled by the new parameter "usersubstr=<N>"
    [jsc#SLE-16719, jsc#SLE-16720, pam-pam_cracklib-add-usersubstr.patch]
* Wed Nov 18 2020 Josef Möllers <>
  - pam_xauth.c: do not free() a string which has been (successfully)
    passed to putenv().
    [bsc#1177858, pam-bsc1177858-dont-free-environment-string.patch]
* Fri Nov 13 2020 Josef Möllers <>
  - Initialize pam_unix pam_sm_acct_mgmt() local variable "daysleft"
    to avoid spurious (and misleading)
      Warning: your password will expire in ... days.
    fixed upstream with commit db6b293046a
    [bsc#1178727, pam-bsc1178727-initialize-daysleft.patch]
* Tue Nov 10 2020 Thorsten Kukuk <>
  - Enable pam_faillock [bnc#1171562]
* Thu Oct 29 2020 Ludwig Nussel <>
  - prepare usrmerge (boo#1029961, pam-usrmerge.diff)
* Thu Oct 08 2020 Josef Möllers <>
  - /usr/bin/xauth chokes on the old user's $HOME being on an NFS
    file system. Run /usr/bin/xauth using the old user's uid/gid
    Patch courtesy of Dr. Werner Fink.
    [bsc#1174593, pam-xauth_ownership.patch]
* Thu Oct 08 2020 Stanislav Brabec <>
  - Fix the regexp to get a real variable
    list (boo#1164274).
* Wed Jun 24 2020 Josef Möllers <>
  - Revert the previous change [SR#815713].
    The group is not necessary for PAM functionality but used only
    during testing. The test system should therefore create this group.
    [bsc#1171016, pam.spec]
* Mon Jun 15 2020 Josef Möllers <>
  - Add requirement for group "wheel" to spec file.
    [bsc#1171016, pam.spec]
* Mon Jun 08 2020 Thorsten Kukuk <>
  - Update to final 1.4.0 release
    - includes pam-check-user-home-dir.patch
    - obsoletes fix-man-links.dif
* Mon Jun 08 2020 Thorsten Kukuk <>
  - common-password: remove pam_cracklib, as that is deprecated.
* Thu May 28 2020 Josef Möllers <>
    When setting quota, don't apply any quota if the user's $HOME is
    a mountpoint (ie the user has a partition of his/her own).
    [bsc#1171721, pam-check-user-home-dir.patch]
* Wed May 27 2020 Thorsten Kukuk <>
  - Update to current Linux-PAM snapshot
    - pam_tally* and pam_cracklib got deprecated
  - Disable pam_faillock and pam_setquota until they are whitelisted
* Tue May 12 2020 Josef Möllers <>
  - Adapted patch pam-hostnames-in-access_conf.patch for new version
    New version obsoleted patch use-correct-IP-address.patch
* Tue May 12 2020 Thorsten Kukuk <>
  - Update to current Linux-PAM snapshot
    - Obsoletes pam_namespace-systemd.diff
* Tue May 12 2020 Thorsten Kukuk <>
  - Update to current Linux-PAM snapshot
    - Add pam_faillock
    - Multiple minor bug fixes and documentation improvements
    - Fixed grammar of messages printed via pam_prompt
    - Added support for a vendor directory and libeconf
    - configure: Allowed disabling documentation through --disable-doc
    - pam_get_authtok_verify: Avoid duplicate password verification
    - pam_env: Changed the default to not read the user .pam_environment file
    - pam_group, pam_time: Fixed logical error with multiple ! operators
    - pam_keyinit: In pam_sm_setcred do the same as in pam_sm_open_session
    - pam_lastlog: Do not log info about failed login if the session was opened
      with PAM_SILENT flag
    - pam_lastlog: Limit lastlog file use by LASTLOG_UID_MAX option in login.defs
    - pam_lastlog: With 'unlimited' option prevent SIGXFSZ due to reduced 'fsize'
    - pam_motd: Export MOTD_SHOWN=pam after showing MOTD
    - pam_motd: Support multiple motd paths specified, with filename overrides
    - pam_namespace: Added a systemd service, which creates the namespaced
      instance parent directories during boot
    - pam_namespace: Support for noexec, nosuid and nodev flags for tmpfs mounts
    - pam_shells: Recognize /bin/sh as the default shell
    - pam_succeed_if: Support lists in group membership checks
    - pam_tty_audit: If kernel audit is disabled return PAM_IGNORE
    - pam_umask: Added new 'nousergroups' module argument and allowed specifying
      the default for usergroups at build-time
    - pam_unix: Added 'nullresetok' option to allow resetting blank passwords
    - pam_unix: Report unusable hashes found by checksalt to syslog
    - pam_unix: Support for (gost-)yescrypt hashing methods
    - pam_unix: Use bcrypt b-variant when it bcrypt is chosen
    - pam_usertype: New module to tell if uid is in login.defs ranges
    - Added new API call pam_start_confdir() for special applications that
      cannot use the system-default PAM configuration paths and need to
      explicitly specify another path
  - pam_namespace-systemd.diff: fix path of
* Thu Apr 02 2020 Ludwig Nussel <>
  - own /usr/lib/motd.d/ so other packages can add files there
* Tue Mar 24 2020 Josef Möllers <>
  - Listed all manual pages seperately as pam_userdb.8 has been moved
    to pam-extra.
    Also %exclude %{_defaultdocdir}/pam as the docs are in a separate
* Mon Mar 16 2020 Josef Möllers <>
  - pam_userdb moved to a new package pam-extra as pam-modules
    is obsolete and not part of SLE.
    [bsc#1166510, pam.spec]
* Thu Mar 12 2020 Josef Möllers <>
  - Removed pam_userdb from this package and moved to pam-modules.
    This removed the requirement for libdb.
    Also made "xz" required for all releases.
    Remove limits for nproc from /etc/security/limits.conf
    [bsc#1164562, bsc#1166510, bsc#1110700, pam.spec]
* Wed Feb 19 2020
  - Recommend login.defs only (no hard requirement)
* Tue Sep 24 2019
  - Update to version 1.3.1+git20190923.ea78d67:
    * Fixed missing quotes in configure script
    * Add support for a vendor directory and libeconf (#136)
    * pam_lastlog: document the 'unlimited' option
    * pam_lastlog: prevent crash due to reduced 'fsize' limit
    * pam_unix_sess.c add uid for opening session
    * Fix the man page for "pam_fail_delay()"
    * Fix a typo
    * Update a function comment
  - drop usr-etc-support.patch (accepted upstream)
* Thu Sep 05 2019
  - Add migration support from /etc to /usr/etc during upgrade
* Wed Sep 04 2019
  - Update to version 1.3.1+git20190902.9de67ee:
    * pwhistory: fix read of uninitialized data and memory leak when modifying opasswd
* Tue Aug 27 2019
  - Update to version 1.3.1+git20190826.1b087ed:
    * libpam/pam_modutil_sanitize.c: optimize the way to close fds
* Thu Aug 22 2019 Jan Engelhardt <>
  - Replace old $RPM_* shell vars by macros.
  - Avoid unnecessary invocation of subshells.
  - Shorten recipe for constructing securetty contents on s390.
* Mon Aug 19 2019
  - usr-etc-support.patch: Add support for /usr/etc/pam.d
* Mon Aug 19 2019
  - encryption_method_nis.diff: obsolete, NIS clients shouldn't
    require DES anymore.
  - etc.environment: removed, the sources contain the same
* Mon Aug 19 2019
  - Update to version 1.3.1+git20190807.e31dd6c:
    * pam_tty_audit: Manual page clarification about password logging
    * pam_get_authtok_verify: Avoid duplicate password verification
    * Mention that ./ is needeed to be run if you check out the sources from git
    * pam_unix: Correct MAXPASS define name in the previous two commits.
    * Restrict password length when changing password
    * Trim password at PAM_MAX_RESP_SIZE chars
    * pam_succeed_if: Request user data only when needed
    * pam_tally2: Remove unnecessary fsync()
    * Fixed a grammer mistake
    * Fix documentation for pam_wheel
    * Fix a typo in the documentation
    * pam_lastlog: Improve silent option documentation
    * pam_lastlog: Respect PAM_SILENT flag
    * Fix regressions from the last commits.
    * Replace strndupa with strncpy
    * build: ignore pam_lastlog when logwtmp is not available.
    * build: ignore pam_rhosts if neither ruserok nor ruserok_af is available.
    * pam_motd: Cleanup the code and avoid unnecessary logging
    * pam_lastlog: Limit lastlog file use by LASTLOG_UID_MAX option in login.defs.
    * Move the duplicated search_key function to pam_modutil.
    * pam_unix: Use pam_syslog instead of helper_log_err.
    * pam_unix: Report unusable hashes found by checksalt to syslog.
    * Revert "pam_unix: Add crypt_default method, if supported."
    * pam_unix: Add crypt_default method, if supported.
    * Revert part of the commit 4da9febc
    * pam_unix: Add support for (gost-)yescrypt hashing methods.
    * pam_unix: Fix closing curly brace. (#77)
    * pam_unix: Add support for crypt_checksalt, if libcrypt supports it.
    * pam_unix: Prefer a gensalt function, that supports auto entropy.
    * pam_motd: Fix segmentation fault when no motd_dir specified (#76)
    * pam_motd: Support multiple motd paths specified, with filename overrides (#69)
    * pam_unix: Use bcrypt b-variant for computing new hashes.
    * pam_tally, pam_tally2: fix grammar and spelling (#54)
    * Fix grammar of messages printed via pam_prompt
    * pam_stress: do not mark messages for translation
    * pam_unix: remove obsolete _UNIX_AUTHTOK, _UNIX_OLD_AUTHTOK, and _UNIX_NEW_AUTHTOK macros
    * pam_unix: remove obsolete _unix_read_password prototype
* Thu May 02 2019
  - Add virtual symbols for login.defs compatibility (bsc#1121197).
  - Add login.defs safety check



Generated by rpm2html 1.8.1

Fabrice Bellet, Tue Jun 14 23:46:20 2022