Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

pam-1.5.3-3.1 RPM for s390x

From OpenSuSE Ports Tumbleweed for s390x

Name: pam Distribution: openSUSE:Factory:zSystems
Version: 1.5.3 Vendor: openSUSE
Release: 3.1 Build date: Fri Sep 1 17:24:21 2023
Group: System/Libraries Build host: s390zl23
Size: 1445207 Source RPM: pam-1.5.3-3.1.src.rpm
Summary: A Security Tool that Provides Authentication for Applications
PAM (Pluggable Authentication Modules) is a system security tool that
allows system administrators to set authentication policies without
having to recompile programs that do authentication.




GPL-2.0-or-later OR BSD-3-Clause


* Wed Aug 23 2023 Thorsten Kukuk <>
  - Fix building without SELinux
* Mon Aug 07 2023 Thorsten Kukuk <>
  - pam_access backports from upstream:
    - pam_access-doc-IPv6-link-local.patch:
      Document only partial supported IPv6 link local addresses
    - pam_access-hostname-debug.patch:
      Don't print error if we cannot resolve a hostname, does not
      need to be a hostname
    - pam_shells-fix-econf-memory-leak.patch:
      Free econf keys variable
    - disable-examples.patch:
      Don't build examples
* Tue May 09 2023 Thorsten Kukuk <>
  - Update to final 1.5.3 release:
    - configure: added --enable-logind option to use logind instead of utmp
      in pam_issue and pam_timestamp.
    - pam_modutil_getlogin: changed to use getlogin() from libc instead of
      parsing utmp.
    - Added libeconf support to pam_env and pam_shells.
    - Added vendor directory support to pam_access, pam_env, pam_group,
      pam_faillock, pam_limits, pam_namespace, pam_pwhistory, pam_sepermit,
      pam_shells, and pam_time.
    - pam_limits: changed to not fail on missing config files.
    - pam_pwhistory: added conf= option to specify config file location.
    - pam_pwhistory: added file= option to specify password history file
    - pam_shells: added shells.d support when libeconf and vendordir are enabled.
    - Deprecated pam_lastlog: this module is no longer built by default because
      it uses utmp, wtmp, btmp and lastlog, but none of them are Y2038 safe,
      even on 64bit architectures.
      pam_lastlog will be removed in one of the next releases, consider using
      pam_lastlog2 (from and/or
      pam_wtmpdb (from instead.
    - Deprecated _pam_overwrite(), _pam_overwrite_n(), and _pam_drop_reply()
      macros provided by _pam_macros.h; the memory override performed by these
      macros can be optimized out by the compiler and therefore can no longer
      be relied upon.
* Thu Apr 20 2023 Thorsten Kukuk <>
  - pam-extra: add split provide
* Wed Apr 12 2023 Thorsten Kukuk <>
  - pam-userdb: add split provide
* Tue Apr 11 2023 Thorsten Kukuk <>
  - Drop pam-xauth_ownership.patch, got fixed in sudo itself
  - Drop pam-bsc1177858-dont-free-environment-string.patch, was a
    fix for above patch
* Thu Apr 06 2023 Thorsten Kukuk <>
  - Use bcond selinux to disable SELinux
  - Remove old pam_unix_* compat symlinks
  - Move pam_userdb to own pam-userdb sub-package
  - pam-extra contains now modules having extended dependencies like
  - Update to git snapshot
  - Drop merged patches:
    - pam-git.diff
    - docbook5.patch
    - pam_pwhistory-docu.patch
    - pam_xauth_data.3.xml.patch
  - Drop Linux-PAM- as we have to rebuild all
    documentation anyways and don't use the prebuild versions
  - Move all devel manual pages to pam-manpages, too. Fixes the
    problem that adjusted defaults not shown correct.
* Mon Mar 20 2023 Thorsten Kukuk <>
  - Add common-session-nonlogin and postlogin-* pam.d config files
    for, pam_lastlog2
    and upcoming pam_wtmpdb.
* Fri Mar 10 2023 Giuliano Belinassi <>
  - Enable livepatching support on x86_64.
* Tue Jan 24 2023 Valentin Lefebvre <>
  - Use rpm macros for pam dist conf dir (/usr/etc/security)
* Wed Jan 18 2023 Stefan Schubert <>
  - Moved following files/dirs in /etc/security to vendor directory:
    access.conf, limits.d, sepermit.conf, time.conf, namespace.conf,
    namespace.d, namespace.init
* Sat Dec 24 2022 Dominique Leuenberger <>
  - Also obsolete pam_unix-32bit to have clean upgrade path.
* Fri Dec 16 2022 Thorsten Kukuk <>
  - Merge pam_unix back into pam, seperate package not needed anymore
* Thu Dec 15 2022 Thorsten Kukuk <>
  - Update pam-git.diff to current upstream
    - pam_env: Use vendor specific pam_env.conf and environment as fallback
    - pam_shells: Use the vendor directory
    obsoletes pam_env_econf.patch
  - Refresh docbook5.patch
* Tue Dec 06 2022 Thorsten Kukuk <>
  - pam_pwhistory-docu.patch, docbook5.patch: convert docu to
* Thu Dec 01 2022 Thorsten Kukuk <>
  - pam-git.diff: update to current git
    - obsoletes pam-hostnames-in-access_conf.patch
    - obsoletes tst-pam_env-retval.c
  - pam_env_econf.patch refresh
* Tue Nov 22 2022 Thorsten Kukuk <>
  - Move pam_env config files below /usr/etc
* Tue Oct 11 2022 Stefan Schubert <>
  - pam_env: Using libeconf for reading configuration and environment
    files. (Patch: pam_env_econf.patch; Testcase: tst-pam_env-retval.c)
* Fri Jun 17 2022 Thorsten Kukuk <>
  - Keep old directory in filelist for migration
* Wed Jun 01 2022 Thorsten Kukuk <>
  - Move PAM config files from /usr/etc/pam.d to /usr/lib/pam.d
* Fri Mar 11 2022 Thorsten Kukuk <>
  - pam-hostnames-in-access_conf.patch: update with upstream
    submission. Fixes several bugs including memory leaks.
* Wed Feb 09 2022 Thorsten Kukuk <>
  - Move group.conf and faillock.conf to /usr/etc/security
* Mon Feb 07 2022 Thorsten Kukuk <>
  - Update to current git for enhanced vendordir support (pam-git.diff)
    - 0001-Include-pam_xauth_data.3.xml-in-source-archive-400.patch
    - 0002-Only-include-vendordir-in-manual-page-if-set-401.patch
    - 0003-Use-vendor-specific-limits.conf-as-fallback-402.patch
* Mon Dec 13 2021 Thorsten Kukuk <>
  - Drop pam_umask-usergroups-login_defs.patch, does more harm
    than helps. If not explizit specified as module option, we
    use UMASK from login.defs unmodified.
* Thu Nov 25 2021 Thorsten Kukuk <>
  - Don't define doc/manpages packages in main build
* Wed Nov 24 2021 Thorsten Kukuk <>
  - Add missing recommends and split provides
* Wed Nov 24 2021 Thorsten Kukuk <>
  - Use multibuild to build docu with correct paths and available
* Mon Nov 22 2021 Thorsten Kukuk <>
  - common-session: move pam_systemd to first position as if the
    file would have been generated with pam-config
  - Add vendordir fixes and enhancements from upstream:
    - pam_xauth_data.3.xml.patch
    - 0001-Include-pam_xauth_data.3.xml-in-source-archive-400.patch
    - 0002-Only-include-vendordir-in-manual-page-if-set-401.patch
    - 0003-Use-vendor-specific-limits.conf-as-fallback-402.patch
  - For buggy bot: Makefile-pam_unix-nis.diff belonged to the other
    spec file.
* Wed Nov 17 2021 Stanislav Brabec <>
  - Update regexp and
    login_defs-support-for-pam symbol to version 1.5.2
    (new variable HMAC_CRYPTO_ALGO).
* Tue Nov 02 2021 Callum Farmer <>
  - Add /run/pam_timestamp to pam.tmpfiles
* Tue Oct 12 2021 Josef Möllers <>
  - Corrected macro definition of %_pam_moduledir:
    %_pam_moduledir %{_libdir}/security
* Wed Oct 06 2021 Josef Möllers <>
  - Prepend a slash to the expansion of %{_lib} in macros.pam as
    this are defined without a leading slash!
* Wed Sep 15 2021 Thorsten Kukuk <>
  - Rename motd.tmpfiles to pam.tmpfiles
    - Add /run/faillock directory
* Fri Sep 10 2021 Thorsten Kukuk <>
  - adjust for new login.defs variable usages
* Mon Sep 06 2021 Josef Möllers <>
  - Update to 1.5.2
    Noteworthy changes in Linux-PAM 1.5.2:
    * pam_exec: implemented quiet_log option.
    * pam_mkhomedir: added support of HOME_MODE and UMASK from
    * pam_timestamp: changed hmac algorithm to call openssl instead
      of the bundled sha1 implementation if selected, added option
      to select the hash algorithm to use with HMAC.
    * Added pkgconfig files for provided libraries.
    * Added --with-systemdunitdir configure option to specify systemd
      unit directory.
    * Added --with-misc-conv-bufsize configure option to specify the
      buffer size in libpam_misc's misc_conv() function, raised the
      default value for this parameter from 512 to 4096.
    * Multiple minor bug fixes, portability fixes, documentation
      improvements, and translation updates.
    pam_tally2 has been removed upstream, remove pam_tally2-removal.patch
    pam_cracklib has been removed from the upstream sources. This
    obsoletes pam-pam_cracklib-add-usersubstr.patch and
    The following patches have been accepted upstream and, so,
    are obsolete:
    - pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch
    - pam_securetty-don-t-complain-about-missing-config.patch
    - bsc1184358-prevent-LOCAL-from-being-resolved.patch
    - revert-check_shadow_expiry.diff
    [Linux-PAM-1.5.2-docs.tar.xz, Linux-PAM-1.5.2-docs.tar.xz.asc,
    Linux-PAM-1.5.2.tar.xz, Linux-PAM-1.5.2.tar.xz.asc,
    pam-pam_cracklib-add-usersubstr.patch, pam_cracklib-removal.patch,
* Thu Aug 12 2021 Thorsten Kukuk <>
  - pam_umask-usergroups-login_defs.patch: Deprecate pam_umask
    explicit "usergroups" option and instead read it from login.def's
    "USERGROUP_ENAB" option if umask is only defined there.
* Tue Aug 03 2021
  - package man5/motd.5 as a man-pages link to man8/pam_motd.8
* Tue Jul 13 2021 Thorsten Kukuk <>
  - revert-check_shadow_expiry.diff: revert wrong
* Fri Jun 25 2021 Callum Farmer <>
  - Create /run/motd.d
* Wed Jun 09 2021 Ludwig Nussel <>
  - Remove legacy pre-usrmerge compat code (removed pam-usrmerge.diff)
  - Backport patch to not install /usr/etc/securetty (boo#1033626) ie
    no distro defaults and don't complain about it missing
  - add debug bcond to be able to build pam with debug output easily
  - add macros file to allow other packages to stop hardcoding
    directory names. Compatible with Fedora.
* Mon May 10 2021 Josef Möllers <>
  - In the 32-bit compatibility package for 64-bit architectures,
    require "systemd-32bit" to be also installed as it contains for 32 bit applications.
    [bsc#1185562, baselibs.conf]
* Wed Apr 07 2021 Josef Möllers <>
  - If "LOCAL" is configured in access.conf, and a login attempt from
    a remote host is made, pam_access tries to resolve "LOCAL" as
    a hostname and logs a failure.
    Checking explicitly for "LOCAL" and rejecting access in this case
    resolves this issue.
    [bsc#1184358, bsc1184358-prevent-LOCAL-from-being-resolved.patch]
* Wed Mar 31 2021 Josef Möllers <>
  - pam_limits: "unlimited" is not a legitimate value for "nofile"
    (see setrlimit(2)). So, when "nofile" is set to one of the
    "unlimited" values, it is set to the contents of
    "/proc/sys/fs/nr_open" instead.
    Also changed the manpage of pam_limits to express this.
    [bsc#1181443, pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch]
* Thu Feb 18 2021 Thorsten Kukuk <>
  - Add missing conflicts for pam_unix-nis
* Tue Feb 16 2021 Thorsten Kukuk <>
  - Split out pam_unix module and build without NIS support
* Fri Nov 27 2020 Thorsten Kukuk <>
  - Update to 1.5.1
    - pam_unix: fixed CVE-2020-27780 - authentication bypass when a user
      doesn't exist and root password is blank [bsc#1179166]
    - pam_faillock: added nodelay option to not set pam_fail_delay
    - pam_wheel: use pam_modutil_user_in_group to check for the group membership
      with getgrouplist where it is available
* Thu Nov 26 2020 Ludwig Nussel <>
  - add macros.pam to abstract directory for pam modules
* Thu Nov 19 2020 Thorsten Kukuk <>
  - Update to 1.5.0
    - obsoletes pam-bsc1178727-initialize-daysleft.patch
    - Multiple minor bug fixes, portability fixes, and documentation improvements.
    - Extended libpam API with pam_modutil_check_user_in_passwd function.
    - pam_faillock: changed /run/faillock/$USER permissions from 0600 to 0660.
    - pam_motd: read motd files with target user credentials skipping unreadable ones.
    - pam_pwhistory: added a SELinux helper executable.
    - pam_unix, pam_usertype: implemented avoidance of certain timing attacks.
    - pam_wheel: implemented PAM_RUSER fallback for the case when getlogin fails.
    - pam_env: Reading of the user environment is deprecated and will be removed
      at some point in the future.
    - libpam: pam_modutil_drop_priv() now correctly sets the target user's
      supplementary groups, allowing pam_motd to filter messages accordingly
  - Refresh pam-xauth_ownership.patch
  - pam_tally2-removal.patch: Re-add pam_tally2 for deprecated sub-package
  - pam_cracklib-removal.patch: Re-add pam_cracklib for deprecated sub-package
* Wed Nov 18 2020 Josef Möllers <>
  - pam_cracklib: added code to check whether the password contains
    a substring of of the user's name of at least <N> characters length
    in some form.
    This is enabled by the new parameter "usersubstr=<N>"
    [jsc#SLE-16719, jsc#SLE-16720, pam-pam_cracklib-add-usersubstr.patch]
* Wed Nov 18 2020 Josef Möllers <>
  - pam_xauth.c: do not free() a string which has been (successfully)
    passed to putenv().
    [bsc#1177858, pam-bsc1177858-dont-free-environment-string.patch]
* Fri Nov 13 2020 Josef Möllers <>
  - Initialize pam_unix pam_sm_acct_mgmt() local variable "daysleft"
    to avoid spurious (and misleading)
      Warning: your password will expire in ... days.
    fixed upstream with commit db6b293046a
    [bsc#1178727, pam-bsc1178727-initialize-daysleft.patch]
* Tue Nov 10 2020 Thorsten Kukuk <>
  - Enable pam_faillock [bnc#1171562]
* Thu Oct 29 2020 Ludwig Nussel <>
  - prepare usrmerge (boo#1029961, pam-usrmerge.diff)
* Thu Oct 08 2020 Josef Möllers <>
  - /usr/bin/xauth chokes on the old user's $HOME being on an NFS
    file system. Run /usr/bin/xauth using the old user's uid/gid
    Patch courtesy of Dr. Werner Fink.
    [bsc#1174593, pam-xauth_ownership.patch]
* Thu Oct 08 2020 Stanislav Brabec <>
  - Fix the regexp to get a real variable
    list (boo#1164274).
* Wed Jun 24 2020 Josef Möllers <>
  - Revert the previous change [SR#815713].
    The group is not necessary for PAM functionality but used only
    during testing. The test system should therefore create this group.
    [bsc#1171016, pam.spec]
* Mon Jun 15 2020 Josef Möllers <>
  - Add requirement for group "wheel" to spec file.
    [bsc#1171016, pam.spec]
* Mon Jun 08 2020 Thorsten Kukuk <>
  - Update to final 1.4.0 release
    - includes pam-check-user-home-dir.patch
    - obsoletes fix-man-links.dif
* Mon Jun 08 2020 Thorsten Kukuk <>
  - common-password: remove pam_cracklib, as that is deprecated.
* Thu May 28 2020 Josef Möllers <>
    When setting quota, don't apply any quota if the user's $HOME is
    a mountpoint (ie the user has a partition of his/her own).
    [bsc#1171721, pam-check-user-home-dir.patch]
* Wed May 27 2020 Thorsten Kukuk <>
  - Update to current Linux-PAM snapshot
    - pam_tally* and pam_cracklib got deprecated
  - Disable pam_faillock and pam_setquota until they are whitelisted
* Tue May 12 2020 Josef Möllers <>
  - Adapted patch pam-hostnames-in-access_conf.patch for new version
    New version obsoleted patch use-correct-IP-address.patch
* Tue May 12 2020 Thorsten Kukuk <>
  - Update to current Linux-PAM snapshot
    - Obsoletes pam_namespace-systemd.diff
* Tue May 12 2020 Thorsten Kukuk <>
  - Update to current Linux-PAM snapshot
    - Add pam_faillock
    - Multiple minor bug fixes and documentation improvements
    - Fixed grammar of messages printed via pam_prompt
    - Added support for a vendor directory and libeconf
    - configure: Allowed disabling documentation through --disable-doc
    - pam_get_authtok_verify: Avoid duplicate password verification
    - pam_env: Changed the default to not read the user .pam_environment file
    - pam_group, pam_time: Fixed logical error with multiple ! operators
    - pam_keyinit: In pam_sm_setcred do the same as in pam_sm_open_session
    - pam_lastlog: Do not log info about failed login if the session was opened
      with PAM_SILENT flag
    - pam_lastlog: Limit lastlog file use by LASTLOG_UID_MAX option in login.defs
    - pam_lastlog: With 'unlimited' option prevent SIGXFSZ due to reduced 'fsize'
    - pam_motd: Export MOTD_SHOWN=pam after showing MOTD
    - pam_motd: Support multiple motd paths specified, with filename overrides
    - pam_namespace: Added a systemd service, which creates the namespaced
      instance parent directories during boot
    - pam_namespace: Support for noexec, nosuid and nodev flags for tmpfs mounts
    - pam_shells: Recognize /bin/sh as the default shell
    - pam_succeed_if: Support lists in group membership checks
    - pam_tty_audit: If kernel audit is disabled return PAM_IGNORE
    - pam_umask: Added new 'nousergroups' module argument and allowed specifying
      the default for usergroups at build-time
    - pam_unix: Added 'nullresetok' option to allow resetting blank passwords
    - pam_unix: Report unusable hashes found by checksalt to syslog
    - pam_unix: Support for (gost-)yescrypt hashing methods
    - pam_unix: Use bcrypt b-variant when it bcrypt is chosen
    - pam_usertype: New module to tell if uid is in login.defs ranges
    - Added new API call pam_start_confdir() for special applications that
      cannot use the system-default PAM configuration paths and need to
      explicitly specify another path
  - pam_namespace-systemd.diff: fix path of
* Thu Apr 02 2020 Ludwig Nussel <>
  - own /usr/lib/motd.d/ so other packages can add files there
* Tue Mar 24 2020 Josef Möllers <>
  - Listed all manual pages seperately as pam_userdb.8 has been moved
    to pam-extra.
    Also %exclude %{_defaultdocdir}/pam as the docs are in a separate
* Mon Mar 16 2020 Josef Möllers <>
  - pam_userdb moved to a new package pam-extra as pam-modules
    is obsolete and not part of SLE.
    [bsc#1166510, pam.spec]
* Thu Mar 12 2020 Josef Möllers <>
  - Removed pam_userdb from this package and moved to pam-modules.
    This removed the requirement for libdb.
    Also made "xz" required for all releases.
    Remove limits for nproc from /etc/security/limits.conf
    [bsc#1164562, bsc#1166510, bsc#1110700, pam.spec]
* Wed Feb 19 2020
  - Recommend login.defs only (no hard requirement)



Generated by rpm2html 1.8.1

Fabrice Bellet, Fri Feb 9 12:47:21 2024