-
Committer:
Andrey Bondarenko
-
Date:
2012-11-12 04:06:42 UTC
-
mfrom:
(77.2.5 abone)
-
Revision ID:
abondarenko@users.sourceforge.net-20121112040642-dk4okaep13mc2fm3
* debian/patches-applied/parse_userenv_as_envfile: user_envfile is parsed as an env
file instead of parsing it as a conffile which has different syntax.
see: https://fedorahosted.org/pipermail/pam-developers/2011-June/thread.html#75
* Pull changes from 1.1.3-2ubuntu2.1. Remaining changes:
- debian/patches-applied/parse_userenv_as_envfile: user_envfile is parsed
as an env file instead of parsing it as a conffile which has different
syntax.
* Merge changes from 1.1.2-2ubuntu8.3 and 1.1.2-2ubuntu8.2+abone1.
* SECURITY REGRESSION:
- debian/patches/security-dropprivs.patch: updated patch to preserve
ABI and prevent daemons from needing to be restarted. (LP: #790538)
- debian/patches/autoconf.patch: refreshed
* debian/patches-applied/parse_userenv_as_envfile: user_envfile is parsed
as an env file instead of parsing it as a conffile which has different
syntax.
* SECURITY UPDATE: multiple issues with lack of adequate privilege
dropping
- debian/patches/security-dropprivs.patch: introduce new privilege
dropping code in libpam/pam_modutil_priv.c, libpam/Makefile.*,
libpam/include/security/pam_modutil.h, libpam/libpam.map,
modules/pam_env/pam_env.c, modules/pam_mail/pam_mail.c,
modules/pam_xauth/pam_xauth.c.
- CVE-2010-3430
- CVE-2010-3431
- CVE-2010-3435
- CVE-2010-4706
- CVE-2010-4707
* SECURITY UPDATE: privilege escalation via incorrect environment
- debian/patches/CVE-2010-3853.patch: use clean environment in
modules/pam_namespace/pam_namespace.c.
- CVE-2010-3853
* debian/patches-applied/series: disable hurd_no_setfsuid patch, as it
isn't needed for Ubuntu, and it needs to be rewritten to work with the
massive privilege refactoring in the security patches.
* debian/patches-applied/update-motd: santize the environment before
calling run-parts, LP: #610125