Bug #59730 “/usr/bin/passwd crashes with a segmentation fault if...” : Bugs : pam package : Ubuntu

Revision history for this message

In Debian Bug tracker #338810, Christian Perrier (bubulle) wrote on 2005-11-17: Bug reproduced

#1

tags 338810 upstream
thanks

I can reproduce this bug about entering Ctrl-D when prompted for a new
password by passwd.

This bug did not happen with sarge version of passwd:

spongebob@mykerinos:~$ passwd
Changing password for spongebob
(current) UNIX password:
Enter new UNIX password: ^D
Retype new UNIX password: ^D
Erreur de segmentation

Sarge:

bubulle@kheops:~$ passwd
Changing password for bubulle
(current) UNIX password:
Enter new UNIX password: ^D
Retype new UNIX password: ^D
No password supplied

--

Revision history for this message

In Debian Bug tracker #338810, Nicolas François (nicolas-francois) wrote on 2005-11-18: /usr/bin/passwd segfaults on eof when changing a password

#2

reassign 338810 libpam0g 0.79-3
thanks

Hello,

This issue happens when entering Control+D as the first password during a
password change:

> # passwd
> Enter new UNIX password: ^D
> Retype new UNIX password: ^D
> Segmentation fault

I could not reproduce it with 0.76-23.

In 0.79, a NULL string is returned by the libpam_misc default conversation
fonction (it was an empty string in 0.76).

I'm not sure where this shall be fixed.

I attach 3 patches:
* libpam-modules_pam_unix_null_passwd.patch
   This fixes this issue in the pam_unix module.
   I'm not sure it is the right place to fix this (maybe this bug can
   appear on other PAM modules). However, another protection should not
   harm.

* libpam0g_pam_misc_null_passwd.patch
   This fixes the issue at the conversation function level.
   I'm not sure this patch is correct (I don't know if there are some
   specifications that indicate if the password string must be NULL or
   empty in this case).

* libpam-modules_pam_unix_typo.patch
This one just fixes a typo.

Kind Regards,
--
Nekral

Revision history for this message

In Debian Bug tracker #338810, Nicolas François (nicolas-francois) wrote on 2005-11-19: Re: Bug#338810: /usr/bin/passwd segfaults on eof when changing a password

#3

tags 338810 - upstream
tags 338810 patch
thanks

It was forwarded to the shadow's upstream. So I remove the upstream tag.

--
Nekral

Revision history for this message

In Debian Bug tracker #338810, Steve Langasek (vorlon) wrote on 2005-11-20:

#4

tags 338810 +upstream
notforwarded 338810
thanks

Wrong change. This is still an upstream bug, even if it's a different
upstream -- you meant to un-forward the bug instead.

Cheers,
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
<email address hidden> http://www.debian.org/

Revision history for this message

In Debian Bug tracker #338810, Nicolas François (nicolas-francois) wrote on 2006-04-05: merge 338810 and 360657

#5

# Raise 338810's severity for the merge.
# (not sure this bug is really important. I will let the PAM maintained
# lower it)
severity 338810 important

merge 338810 360657
thanks,
--
Nekral

Revision history for this message

In Debian Bug tracker #338810, Nicolas François (nicolas-francois) wrote on 2006-06-24: Re: Processed: severity of 368952 is important, merging 368952 360657

#6

# re-merge the bugs because I messed up with the previous command.

reassign 360657 libpam-modules
merge 368952 360657
thanks

--
Nekral

Revision history for this message

In Debian Bug tracker #338810, Margarita Manterola (marga) wrote on 2006-08-11: Fixed in NMU of pam 0.79-3.2

#7

tag 360657 + fixed

quit

This message was generated automatically in response to a
non-maintainer upload. The .changes file follows.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sat, 5 Aug 2006 02:11:22 -0300
Source: pam
Binary: libpam0g-dev libpam0g libpam-modules libpam-doc libpam-runtime libpam-cracklib
Architecture: source i386 all
Version: 0.79-3.2
Distribution: unstable
Urgency: low
Maintainer: Sam Hartman <email address hidden>
Changed-By: Margarita Manterola <email address hidden>
Description:
libpam-cracklib - PAM module to enable cracklib support.
libpam-doc - Documentation of PAM
libpam-modules - Pluggable Authentication Modules for PAM
libpam-runtime - Runtime support for the PAM library
libpam0g - Pluggable Authentication Modules library
libpam0g-dev - Development files for PAM
Closes: 360657
Changes:
pam (0.79-3.2) unstable; urgency=low
.
   * Non-maintainer upload to fix important bug, that makes passwd segfault
     when CTRL-D is pressed at the password prompt. Applied the patch provided
     by Dann Frazier. (Closes: #360657)
Files:
00c5f8906d4338df8b42460f9bd43f45 940 base optional pam_0.79-3.2.dsc
b4a8792d2ed624052df12eb2f9357072 129306 base optional pam_0.79-3.2.diff.gz
788a05d10eeaf83c54dae27487951df0 63492 base required libpam-runtime_0.79-3.2_all.deb
d607dd0a50d00ea64b67969d2ce47cfa 730572 doc optional libpam-doc_0.79-3.2_all.deb
f8b34ce2869e27fd1b17644ec379ec77 78890 base required libpam0g_0.79-3.2_i386.deb
973e370e6bc082e975e0b1ba0a8f3c6e 186380 base required libpam-modules_0.79-3.2_i386.deb
517a09feb7007f039e4a5e80e98ee21c 117108 libdevel optional libpam0g-dev_0.79-3.2_i386.deb
16959aa7cc71519b97774594176b9732 58768 libs optional libpam-cracklib_0.79-3.2_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFE1CvglAuUx1tI/64RAtsSAJ9FeF5C2K6fTUlOr41Hx8Y1Y6heogCcDKd9
TMy1pvPENHWUcBMm7zWgIq0=
=JMco
-----END PGP SIGNATURE-----

Revision history for this message

Andrew Pilley (ashridah) wrote on 2006-09-10:

#8

Binary package hint: passwd

While changing my password, i hit CTRL-D at one of the inputs, and the program crashed after all password prompts had been cleared:

$ passwd
Changing password for ashridah
(current) UNIX password: <password as normal>
Enter new UNIX password: <enter ctrl-d instead of new password>
Retype new UNIX password: <enter anything>
Segmentation fault

This is easily repeatable, but only if ctrl-d is used for the first new password prompt. Entering ctrl-d for the second new password prompt fails as normal.

It doesn't appear to be much of a security issue, however, as passwd doesn't leave a core file or any other means to exploit it as it's setuid, but it probably should be checked carefully just in case.

Andrew

Revision history for this message

didier (did447-deactivatedaccount) wrote on 2006-09-10:

#9

Moved to pam.

This bug is in libpam-modules. pam_unix.so, read_string() return NULL on CTRL-D

Changed in shadow:
status:	Unconfirmed → Confirmed

Revision history for this message

In Debian Bug tracker #338810, Vorlon-users (vorlon-users) wrote on 2006-10-23: PAM Debian ci: r395 - in trunk/pam: Linux-PAM/modules/pam_unix debian debian/patches-applied

#10

tags 360657 pending
thanks

Author: vorlon
Date: 2006-10-23 12:32:09 +0000 (Mon, 23 Oct 2006)
New Revision: 395

Added:
   trunk/pam/debian/patches-applied/063_paswd_segv
Modified:
   trunk/pam/Linux-PAM/modules/pam_unix/pam_unix_passwd.c
   trunk/pam/debian/changelog
Log:
Incorporate 0.79-3.2 NMU:
Non-maintainer upload to fix important bug, that makes passwd segfault
when CTRL-D is pressed at the password prompt. Applied the patch
provided by Dann Frazier. (Closes: #360657)

Modified: trunk/pam/Linux-PAM/modules/pam_unix/pam_unix_passwd.c
===================================================================
--- trunk/pam/Linux-PAM/modules/pam_unix/pam_unix_passwd.c 2006-10-23 12:24:25 UTC (rev 394)
+++ trunk/pam/Linux-PAM/modules/pam_unix/pam_unix_passwd.c 2006-10-23 12:32:09 UTC (rev 395)
@@ -1121,7 +1121,7 @@
* password is acceptable.
*/

- if (pass_new[0] == '\0') { /* "\0" password = NULL */
+ if (pass_new && pass_new[0] == '\0') { /* "\0" password = NULL */
     pass_new = NULL;
    }
    retval = _pam_unix_approve_pass(pamh, ctrl, pass_old, pass_new);

Modified: trunk/pam/debian/changelog
===================================================================
--- trunk/pam/debian/changelog 2006-10-23 12:24:25 UTC (rev 394)
+++ trunk/pam/debian/changelog 2006-10-23 12:32:09 UTC (rev 395)
@@ -40,6 +40,14 @@

-- Steve Langasek <email address hidden> Mon, 23 Oct 2006 02:09:51 -0700

+pam (0.79-3.2) unstable; urgency=low
+
+ * Non-maintainer upload to fix important bug, that makes passwd segfault
+ when CTRL-D is pressed at the password prompt. Applied the patch
+ provided by Dann Frazier. (Closes: #360657)
+
+ -- Margarita Manterola <email address hidden> Sat, 5 Aug 2006 02:11:22 -0300
+
pam (0.79-3.1) unstable; urgency=low

* Non-maintainer upload.

Added: trunk/pam/debian/patches-applied/063_paswd_segv
===================================================================
--- trunk/pam/debian/patches-applied/063_paswd_segv (rev 0)
+++ trunk/pam/debian/patches-applied/063_paswd_segv 2006-10-23 12:32:09 UTC (rev 395)
@@ -0,0 +1,13 @@
+Index: Linux-PAM/modules/pam_unix/pam_unix_passwd.c
+===================================================================
+--- Linux-PAM/modules/pam_unix/pam_unix_passwd.c (revision 392)
++++ Linux-PAM/modules/pam_unix/pam_unix_passwd.c (working copy)
+@@ -1121,7 +1121,7 @@
+ * password is acceptable.
+ */
+
+- if (pass_new[0] == '\0') { /* "\0" password = NULL */
++ if (pass_new && pass_new[0] == '\0') { /* "\0" password = NULL */
+ pass_new = NULL;
+ }
+ retval = _pam_unix_approve_pass(pamh, ctrl, pass_old, pass_new);

tags 360657 pending
thanks

Author: vorlon
Date: 2006-10-23 12:32:09 +0000 (Mon, 23 Oct 2006)
New Revision: 395

Added:
   trunk/pam/debian/patches-applied/063_paswd_segv
Modified:
   trunk/pam/Linux-PAM/modules/pam_unix/pam_unix_passwd.c
   trunk/pam/debian/changelog
Log:
Incorporate 0.79-3.2 NMU:
 Non-maintainer upload to fix important bug, that makes passwd segfault
 when CTRL-D is pressed at the password prompt.  Applied the patch
 provided by Dann Frazier.  (Closes: #360657)

Modified: trunk/pam/Linux-PAM/modules/pam_unix/pam_unix_passwd.c
===================================================================
--- trunk/pam/Linux-PAM/modules/pam_unix/pam_unix_passwd.c	2006-10-23 12:24:25 UTC (rev 394)
+++ trunk/pam/Linux-PAM/modules/pam_unix/pam_unix_passwd.c	2006-10-23 12:32:09 UTC (rev 395)
@@ -1121,7 +1121,7 @@
 			 * password is acceptable.
 			 */
 
-			if (pass_new[0] == '\0') {	/* "\0" password = NULL */
+			if (pass_new && pass_new[0] == '\0') {	/* "\0" password = NULL */
 				pass_new = NULL;
 			}
 			retval = _pam_unix_approve_pass(pamh, ctrl, pass_old, pass_new);

Modified: trunk/pam/debian/changelog
===================================================================
--- trunk/pam/debian/changelog	2006-10-23 12:24:25 UTC (rev 394)
+++ trunk/pam/debian/changelog	2006-10-23 12:32:09 UTC (rev 395)
@@ -40,6 +40,14 @@
 
  -- Steve Langasek <vorlon@debian.org>  Mon, 23 Oct 2006 02:09:51 -0700
 
+pam (0.79-3.2) unstable; urgency=low
+
+  * Non-maintainer upload to fix important bug, that makes passwd segfault
+    when CTRL-D is pressed at the password prompt.  Applied the patch 
+    provided by Dann Frazier.  (Closes: #360657)
+
+ -- Margarita Manterola <marga@debian.org>  Sat,  5 Aug 2006 02:11:22 -0300
+
 pam (0.79-3.1) unstable; urgency=low
 
   * Non-maintainer upload.

Added: trunk/pam/debian/patches-applied/063_paswd_segv
===================================================================
--- trunk/pam/debian/patches-applied/063_paswd_segv	                        (rev 0)
+++ trunk/pam/debian/patches-applied/063_paswd_segv	2006-10-23 12:32:09 UTC (rev 395)
@@ -0,0 +1,13 @@
+Index: Linux-PAM/modules/pam_unix/pam_unix_passwd.c
+===================================================================
+--- Linux-PAM/modules/pam_unix/pam_unix_passwd.c	(revision 392)
++++ Linux-PAM/modules/pam_unix/pam_unix_passwd.c	(working copy)
+@@ -1121,7 +1121,7 @@
+ 			 * password is acceptable.
+ 			 */
+ 
+-			if (pass_new[0] == '\0') {	/* "\0" password = NULL */
++			if (pass_new && pass_new[0] == '\0') {	/* "\0" password = NULL */
+ 				pass_new = NULL;
+ 			}
+ 			retval = _pam_unix_approve_pass(pamh, ctrl, pass_old, pass_new);

Revision history for this message

In Debian Bug tracker #338810, Vorlon-users (vorlon-users) wrote on 2006-10-23: PAM Debian ci: r397 - in tags: . debian_version_0.79-4 debian_version_0.79-4/pam/debian

#11

Download full text (122.1 KiB)

tags 344447 pending
tags 335273 pending
tags 327272 pending
tags 352329 pending
tags 122400 pending
tags 149027 pending
tags 149883 pending
tags 241663 pending
tags 313542 pending
tags 313588 pending
tags 388431 pending
tags 318452 pending
tags 360657 pending
tags 344447 pending
tags 330829 pending
tags 330852 pending
tags 165068 pending
tags 330458 pending
tags 284954 pending
tags 300775 pending
tags 319026 pending
tags 323982 pending
tags 330097 pending
tags 248310 pending
tags 249499 pending
tags 327876 pending
tags 295296 pending
tags 259634 pending
tags 248928 pending
tags 277633 pending
tags 254904 pending
tags 243698 pending
tags 243413 pending
tags 218318 pending
tags 227681 pending
tags 237537 pending
tags 228114 pending
tags 213566 pending
tags 204506 pending
tags 209755 pending
tags 210014 pending
tags 212354 pending
tags 212158 pending
tags 214092 pending
tags 220980 pending
tags 221318 pending
tags 220439 pending
tags 220158 pending
tags 186011 pending
tags 207497 pending
tags 196605 pending
tags 186011 pending
tags 198618 pending
tags 197080 pending
tags 176693 pending
tags 196903 pending
tags 196949 pending
tags 191906 pending
tags 175900 pending
tags 191906 pending
tags 190954 pending
tags 185286 pending
tags 165240 pending
tags 180310 pending
tags 172229 pending
tags 172914 pending
tags 172186 pending
tags 173097 pending
tags 167798 pending
tags 153152 pending
tags 164713 pending
tags 165066 pending
tags 038 pending
tags 039 pending
tags 165065 pending
tags 169836 pending
tags 165190 pending
tags 164659 pending
tags 163839 pending
tags 164298 pending
tags 163787 pending
tags 163841 pending
tags 163839 pending
tags 163711 pending
tags 163742 pending
tags 163600 pending
tags 162175 pending
tags 112965 pending
tags 160566 pending
tags 126251 pending
tags 159961 pending
tags 58429 pending
tags 116874 pending
tags 132545 pending
tags 148657 pending
tags 143801 pending
tags 103495 pending
tags 139949 pending
tags 147763 pending
tags 135990 pending
tags 135604 pending
tags 120795 pending
tags 93414 pending
tags 126251 pending
tags 109281 pending
tags 119893 pending
tags 107705 pending
tags 119689 pending
tags 111854 pending
tags 108697 pending
tags 103556 pending
tags 104584 pending
tags 100812 pending
tags 95220 pending
tags 66152 pending
tags 100125 pending
tags 96779 pending
tags 96736 pending
tags 92874 pending
tags 91998 pending
tags 93063 pending
tags 92353 pending
tags 89390 pending
tags 88825 pending
tags 84428 pending
tags 88794 pending
tags 88401 pending
tags 88406 pending
tags 88525 pending
tags 88399 pending
tags 59917 pending
tags 86156 pending
tags 88519 pending
tags 86203 pending
tags 85352 pending
tags 82100 pending
tags 76119 pending
tags 66849 pending
tags 77229 pending
tags 74176 pending
tags 77228 pending
tags 69960 pending
tags 78959 pending
tags 75987 pending
tags 71442 pending
tags 80397 pending
tags 77017 pending
tags 76119 pending
tags 71941 pending
tags 67172 pending
tags 80249 pending
tags 77661 pending
tags 76087 pending
tags 72858 pending
tags 69550 pending
tags 76236 pending
tags 69242 pending
tags 64473 pending
tags 69236 pending
tags 61759 pending
tags 70000 pending
tags 70 pending
tags 59459 pending
...

tags 344447 pending
tags 335273 pending
tags 327272 pending
tags 352329 pending
tags 122400 pending
tags 149027 pending
tags 149883 pending
tags 241663 pending
tags 313542 pending
tags 313588 pending
tags 388431 pending
tags 318452 pending
tags 360657 pending
tags 344447 pending
tags 330829 pending
tags 330852 pending
tags 165068 pending
tags 330458 pending
tags 284954 pending
tags 300775 pending
tags 319026 pending
tags 323982 pending
tags 330097 pending
tags 248310 pending
tags 249499 pending
tags 327876 pending
tags 295296 pending
tags 259634 pending
tags 248928 pending
tags 277633 pending
tags 254904 pending
tags 243698 pending
tags 243413 pending
tags 218318 pending
tags 227681 pending
tags 237537 pending
tags 228114 pending
tags 213566 pending
tags 204506 pending
tags 209755 pending
tags 210014 pending
tags 212354 pending
tags 212158 pending
tags 214092 pending
tags 220980 pending
tags 221318 pending
tags 220439 pending
tags 220158 pending
tags 186011 pending
tags 207497 pending
tags 196605 pending
tags 186011 pending
tags 198618 pending
tags 197080 pending
tags 176693 pending
tags 196903 pending
tags 196949 pending
tags 191906 pending
tags 175900 pending
tags 191906 pending
tags 190954 pending
tags 185286 pending
tags 165240 pending
tags 180310 pending
tags 172229 pending
tags 172914 pending
tags 172186 pending
tags 173097 pending
tags 167798 pending
tags 153152 pending
tags 164713 pending
tags 165066 pending
tags 038 pending
tags 039 pending
tags 165065 pending
tags 169836 pending
tags 165190 pending
tags 164659 pending
tags 163839 pending
tags 164298 pending
tags 163787 pending
tags 163841 pending
tags 163839 pending
tags 163711 pending
tags 163742 pending
tags 163600 pending
tags 162175 pending
tags 112965 pending
tags 160566 pending
tags 126251 pending
tags 159961 pending
tags 58429 pending
tags 116874 pending
tags 132545 pending
tags 148657 pending
tags 143801 pending
tags 103495 pending
tags 139949 pending
tags 147763 pending
tags 135990 pending
tags 135604 pending
tags 120795 pending
tags 93414 pending
tags 126251 pending
tags 109281 pending
tags 119893 pending
tags 107705 pending
tags 119689 pending
tags 111854 pending
tags 108697 pending
tags 103556 pending
tags 104584 pending
tags 100812 pending
tags 95220 pending
tags 66152 pending
tags 100125 pending
tags 96779 pending
tags 96736 pending
tags 92874 pending
tags 91998 pending
tags 93063 pending
tags 92353 pending
tags 89390 pending
tags 88825 pending
tags 84428 pending
tags 88794 pending
tags 88401 pending
tags 88406 pending
tags 88525 pending
tags 88399 pending
tags 59917 pending
tags 86156 pending
tags 88519 pending
tags 86203 pending
tags 85352 pending
tags 82100 pending
tags 76119 pending
tags 66849 pending
tags 77229 pending
tags 74176 pending
tags 77228 pending
tags 69960 pending
tags 78959 pending
tags 75987 pending
tags 71442 pending
tags 80397 pending
tags 77017 pending
tags 76119 pending
tags 71941 pending
tags 67172 pending
tags 80249 pending
tags 77661 pending
tags 76087 pending
tags 72858 pending
tags 69550 pending
tags 76236 pending
tags 69242 pending
tags 64473 pending
tags 69236 pending
tags 61759 pending
tags 70000 pending
tags 70 pending
tags 59459 pending
tags 61090 pending
tags 67291 pending
tags 62448 pending
tags 66270 pending
tags 63752 pending
tags 64854 pending
tags 67786 pending
tags 65321 pending
tags 65401 pending
tags 60817 pending
tags 61439 pending
tags 61966 pending
tags 61724 pending
tags 61942 pending
tags 61942 pending
tags 61644 pending
tags 63230 pending
tags 62448 pending
tags 54180 pending
tags 62237 pending
tags 59911 pending
tags 60287 pending
tags 58677 pending
tags 57800 pending
tags 58164 pending
tags 56578 pending
tags 56587 pending
tags 56375 pending
tags 56370 pending
tags 49832 pending
tags 53653 pending
tags 51619 pending
tags 49584 pending
tags 47162 pending
tags 45631 pending
tags 49833 pending
tags 50314 pending
tags 50716 pending
tags 47288 pending
tags 47004 pending
tags 46511 pending
tags 46104 pending
tags 45801 pending
tags 46122 pending
tags 45686 pending
tags 45632 pending
tags 45446 pending
tags 45670 pending
tags 42230 pending
tags 35302 pending
tags 45488 pending
tags 45408 pending
tags 45088 pending
tags 45001 pending
tags 45064 pending
tags 40754 pending
tags 38631 pending
tags 44054 pending
tags 41845 pending
tags 44142 pending
tags 39129 pending
tags 39871 pending
tags 44412 pending
tags 41608 pending
tags 39747 pending
tags 38976 pending
tags 38632 pending
tags 39119 pending
tags 37627 pending
tags 36169 pending
tags 34626 pending
tags 35388 pending
tags 33615 pending
tags 31150 pending
tags 26544 pending
tags 32809 pending
tags 32274 pending
tags 16882 pending
tags 30862 pending
tags 7725 pending
tags 16882 pending
tags 30862 pending
tags 7725 pending
tags 10234 pending
tags 10406 pending
tags 12210 pending
tags 10941 pending
tags 14533 pending
tags 25915 pending
tags 28075 pending
tags 31548 pending
tags 31191 pending
thanks

Author: vorlon
Date: 2006-10-23 12:40:52 +0000 (Mon, 23 Oct 2006)
New Revision: 397

Added:
   tags/debian_version_0.79-4/
   tags/debian_version_0.79-4/pam/
   tags/debian_version_0.79-4/pam/debian/changelog
Removed:
   tags/debian_version_0.79-4/pam/
   tags/debian_version_0.79-4/pam/debian/changelog
Log:
Tag the release

Copied: tags/debian_version_0.79-4 (from rev 377, trunk)

Copied: tags/debian_version_0.79-4/pam (from rev 395, trunk/pam)

Deleted: tags/debian_version_0.79-4/pam/debian/changelog
===================================================================
--- trunk/pam/debian/changelog	2006-10-23 12:32:09 UTC (rev 395)
+++ tags/debian_version_0.79-4/pam/debian/changelog	2006-10-23 12:40:52 UTC (rev 397)
@@ -1,1366 +0,0 @@
-pam (0.79-4) UNRELEASED; urgency=low
-
-  * Move libpam-modules and libpam0g to Section: libs and libpam-runtime
-    to section: admin, to match the overrides in the archive.
-  * Move old changelog entries (well, entry) that don't follow the current
-    format to debian/changelog.old, since there's no way to figure out a
-    timestamp for an 8-year-old upload, and this is the most effective
-    way to clear a glut of lintian warnings.
-  * Fix the formatting of the libpam-cracklib package description.
-  * Patch 010: remove parts of the patch that aren't necessary for C++
-    compatibility.
-  * Patch 060: fix a segfault in pam_tally caused by misuse of
-    pam_get_data(); already fixed upstream.  Closes: #335273.
-  * Patch 061: fix a double free in pam_issue, caused by overuse (and misuse)
-    of strdup (similar to patch 059).  Already fixed upstream.
-    Closes: #327272.
-  * Don't build-depend on libselinux1-dev and libcap-dev on kfreebsd archs.
-    Closes: #352329.
-  * Patch 005: sync pam_limits with upstream:
-    - support "-" (unlimited) for all limit types except process priority.
-    - support the additional aliases "-1", "unlimited", and "infinity" for
-      clearing the limits; closes: #122400, #149027.
-    - restrict the range of process priority, login count, and system login
-      count settings to (INT_MIN,INT_MAX) (heh).
-    - special-case RLIM_INFINITY when applying multipliers to values from
-      the config.
-    - document maxsyslogins in the default limits.conf; closes: #149883.
-    - use the current process priority as a default instead of resetting to
-      0; closes: #241663.
-    - add support for (and document) new RLIMIT_NICE and RLIMIT_RTPRIO
-      settings in Linux 2.6.12 and above; closes: #313542, #313588.
-    - allow imposing limits on uid=0.
-  * Patch 027: only set RLIM_INFINITY as the default for the limits where
-    we know this is sensible, so that recompiling in an environment with new
-    limits doesn't create a security hole -- as happened with RLIMIT_NICE and
-    RLIMIT_RTPRIO!  Thanks to Ville Hallik for the initial patch.
-    Closes: #388431.
-  * Patch 029, 047: Fix up the broken pam_limits capabilities patch so it
-    actually works -- which may well be a first...  Closes: #318452.
-
- -- Steve Langasek <vorlon@debian.org>  Mon, 23 Oct 2006 02:09:51 -0700
-
-pam (0.79-3.2) unstable; urgency=low
-
-  * Non-maintainer upload to fix important bug, that makes passwd segfault
-    when CTRL-D is pressed at the password prompt.  Applied the patch 
-    provided by Dann Frazier.  (Closes: #360657)
-
- -- Margarita Manterola <marga@debian.org>  Sat,  5 Aug 2006 02:11:22 -0300
-
-pam (0.79-3.1) unstable; urgency=low
-
-  * Non-maintainer upload.
-  * Linux-PAM/libpamc/include/security/pam_client.h,
-    Linux-PAM/libpamc/pamc_converse.c: Apply patch from
-    latest upstream version to remove redefinition of internal
-    glibc/libstdc++ types.  Closes: #344447.
-
- -- Roger Leigh <rleigh@debian.org>  Sun,  5 Feb 2006 21:46:59 +0000
-
-pam (0.79-3) unstable; urgency=low
-
-  * Patch 059
-    - Fix a segfault in pam_userdb when the new "crypt=" option
-      is unset, as will be the case for all existing users; already fixed
-      upstream.  Closes: #330829.
-    - Fix a memory leak in the same code due to gratuitous strdup()s.
-  * Further regression in pam_env: don't treat a missing /etc/environment
-    as a fatal error, either.  Amend patch 058 accordingly.  Closes: #330852.
-
- -- Steve Langasek <vorlon@debian.org>  Fri, 30 Sep 2005 01:17:53 -0700
-
-pam (0.79-2) unstable; urgency=low
-
-  The ".c.o: rm -rf $@" release
-  * Fix debian/rules so that make clean doesn't remove ./configure when the
-    timestamp on configure.in is newer (!).
-  * Switch pam_userdb from db3 to db4.3, which according to the libdb
-    maintainers should require no manual intervention for upgrading on-disk
-    database formats.  Closes: #165068.
-  * Patch 058:  yes, of course we want to read /etc/environment by
-    default.  Grr!  Revert upstream change which disables this for no
-    apparent reason (closes: #330458).
-  * Tweak selinux rootok code to use the version of the function call that
-    doesn't pollute namespace
-
- -- Steve Langasek <vorlon@debian.org>  Tue, 27 Sep 2005 02:44:36 -0700
-
-pam (0.79-1) unstable; urgency=low
-
-  * New upstream version (closes: #284954, #300775).
-    - includes some fixes for typos (closes: #319026).
-    - pam_unix should now be LSB 3.0-compliant (closes: #323982).
-    - fixes segfaults in libpam on config file syntax errors
-      (closes: #330097).
-  * Drop patches 000_bootstrap, 004_libpam_makefile_static_works,
-    011_pam_access, 013_pam_filter_termio_to_termios, 017_misc_fixes,
-    025_pam_group_conffile_name, 028_pam_mail_delete_only_when_set,
-    033_use_gcc_not_ld, 034_pam_dispatch_ignore_PAM_IGNORE,
-    035_pam_unix_security, 039_pam_mkhomedir_no_maxpathlen_required,
-    041_call_bootstrap, 042_pam_mkhomedir_dest_not_source_for_errors,
-    051_32_bit_pam_lastlog_ll_time, and
-    053_pam_unix_user_known_returns_user_unknown which have been
-    integrated upstream.
-  * Merge one last bit of patch 053 into patch 043, where it should have
-    been in the first place
-  * Patch 057: SELinux support:
-    - add support to pam_unix for copying SELinux security contexts when
-      writing out new passwd/shadow files and creating lockfiles
-    - support calling unix_chkpwd if opening /etc/shadow fails due to
-      SELinux permissions
-    - allow unix_chkpwd to authenticate for any user when in an SELinux
-      context (hurray!); we depend on SELinux policies to prevent the
-      helper's use as a brute force tool
-    - also support querying user expiration info via unix_chkpwd
-    - misc cleanup: clean up file descriptors when invoking unix_chkpwd
-      (closes: #248310)
-    - make pam_rootok check the SELinux passwd class permissions, not just
-      the uid
-    - add new pam_selinux module (closes: #249499)
-  * Build-depend on libselinux1-dev.
-  * Fix pam_getenv, so that it can read the actual format of /etc/environment
-    instead of trying to read it using the syntax of
-    /etc/security/pam_env.conf; thanks to Colin Watson for the patch.
-    Closes: #327876.
-  * Set LC_COLLATE=C when using alphabetic range expressions in
-    debian/rules; bah, so *that's* what kept happening to my README file
-    when trying to build out of svn!  Closes: #295296.
-  * Add a reference to the text of the GPL to debian/copyright.
-
- -- Steve Langasek <vorlon@debian.org>  Sun, 25 Sep 2005 22:08:20 -0700
-
-pam (0.76-23) unstable; urgency=low
-
-  * Fix Gcc 3.4 compilation, Closes: #259634
-  * Note that pam.conf is not read if /etc/pam.d exists, Closes: #248928
-  * Fix typo in pam_env.conf, Closes: #277633
-
- -- Sam Hartman <hartmans@debian.org>  Sun, 10 Jul 2005 16:42:25 -0400
-
-pam (0.76-22) unstable; urgency=medium
-
-  * Add uploaders
-  * Document location of repository
-  * Fix options containing arguments in pam_unix, Closes: #254904
-
- -- Sam Hartman <hartmans@debian.org>  Mon, 28 Jun 2004 14:28:08 -0400
-
-pam (0.76-21) unstable; urgency=medium
-
-  * Fix patch 055 again because -20 was broken and didn't actually fix the
-    problem. 
-
- -- Sam Hartman <hartmans@debian.org>  Tue,  4 May 2004 21:37:38 -0400
-
-pam (0.76-20) unstable; urgency=medium
-
-  * Update to patch 55 to only check securetty when we are sure the
-    password is null, Closes: #243698
-  * Medium urgency because the version now in testing has confusing and
-    verbose log messages.
-  * Include pam_getenv script which hopefully will be used by some people
-    somewhere for some purpose 
-
- -- Sam Hartman <hartmans@debian.org>  Wed, 28 Apr 2004 22:51:18 -0400
-
-pam (0.76-19) unstable; urgency=low
-
-  * Oops, too busy testing the upgrade from woody to make sure the upgrade
-    from -16 to -18 worked.  Thanks to all those who reported, 
-      Closes: #243413 
-
- -- Sam Hartman <hartmans@debian.org>  Tue, 13 Apr 2004 16:08:54 -0400
-
-pam (0.76-18) unstable; urgency=low
-
-  * Manipulate conffiles to avoid unnecessary prompt in woody to sarge
-    upgrade, Closes: #218318 
-
- -- Sam Hartman <hartmans@debian.org>  Sat, 10 Apr 2004 18:10:35 -0400
-
-pam (0.76-17) unstable; urgency=low
-
-  * common-password now includes length restrictions and cracklib
-    examples, Closes: #227681, #237537
-  * Patch 054: abstract out the logic from pam_securetty to determine if a
-    tty is in /etc/securetty into a library function 
-  * Patch 55: Add nullok_secure option to pam_unix.  If set,  then null
-    passwords are accepted from terminals in /etc/securetty. 
-  * common-auth now includes nullok_secure, Closes: #228114
-
-
- -- Sam Hartman <hartmans@debian.org>  Sun,  4 Apr 2004 23:10:11 -0400
-
-pam (0.76-16) unstable; urgency=low
-
-  * Patch 51 from the x86-64 folks to support 32-bit ll_time in
-    pam_lastlog even if time_t is 64-bits 
-  * Don't call openlog in pam_unix (patch 52), Closes: #213566 
-  * Return PAM_USER_UNKNOWN for unknown users in pam_unix (patch 53), Closes: #204506
-
- -- Sam Hartman <hartmans@debian.org>  Tue, 23 Mar 2004 22:26:04 -0500
-
-pam (0.76-15) unstable; urgency=low
-
-  * Fix description of libpam-runtime, Closes: #209755
-  * Fix description of libpam-cracklib, Closes: #210014
-  * Depend on libc6-dev|libc-dev not libc6-dev, Closes: #212354
-  *  Clean up binaries, Thanks Russell, Closes: #212158
-  * Depend on sufficiently new cracklib2-dev, Closes: #214092
-  * Treate GNU/* as GNU for OS variable to make pam_limits compile,
-    (patch 050) Closes: #220980 
-  * No longer build-depend on latex2html, Closes: #221318 
-  * Allow : in tty specification for pam_group, (patch 048) Closes: #220439
-  * Pull in locking patch from Linux-PAM CVS; this ended up causing
-    021_pam_nis_locking to be reworked and that patch now no longer
-    contains locking fixes, but just NIS cleanup in general.  See
-    049_pam_unix_sane_locking for the locking changes,  Closes: #220158
-
- -- Sam Hartman <hartmans@debian.org>  Mon, 12 Jan 2004 02:23:59 -0500
-
-pam (0.76-14) unstable; urgency=low
-
-  * Pull in NMU diff from 13.1, Closes: #186011
-  * Split out common-password into its own file, Closes: #207497
-  * Make other a conffile again and update to @include stuff
-  * Add missing symlink, Closes: #196605
-  * Remove undocumented manpages
-  * Update PAM mini-policy
-
- -- Sam Hartman <hartmans@debian.org>  Mon,  1 Sep 2003 18:08:54 -0400
-
-pam (0.76-13.1) unstable; urgency=low
-
-  * NMU with maintainer's permission.
-  * Add three new config files (/etc/pam.d/common-{auth,account,session})
-    to libpam-runtime.  Other packages which depend on libpam-runtime
-    can now @include these files from their own PAM configs.
-  * Convert /etc/pam.d/other from a conffile to a non-conffile config
-    file.  Closes: #186011.
-  * Remove empty libpam-runtime.prerm script (debhelper will autocreate if needed)
-
- -- Steve Langasek <vorlon@debian.org>  Tue, 19 Aug 2003 19:41:03 -0500
-
-pam (0.76-13) unstable; urgency=low
-
-  * Nope, that dependency didn't work, so let's remove it.  If we run into other module versioning issues, I now have an arm build environment to debug with.  Closes: #198618
-
- -- Sam Hartman <hartmans@debian.org>  Mon,  7 Jul 2003 00:22:34 -0400
-
-pam (0.76-12) unstable; urgency=low
-
-  * Fix group.conf example, (patch 046) Closes: #197080
-  * Ignore module return value in jumps, (patch 045) Closes: #176693
-  * Accept string value for chroot limit, thanks Andrei Pelinescu-Onciul,
-    Patch (047), Closes: #196903
-  * Depend on libpam-modules instead of conflicting with older versions.
-    This creates a circular dependency between libpam0g and
-    libpam-modules.  James says this works fine; we hope he's right.
-    Closes: #196949
- -- Sam Hartman <hartmans@debian.org>  Sat, 21 Jun 2003 17:19:29 -0400
-
-pam (0.76-11) unstable; urgency=low
-
-  * Don't allow db4 to satisfy build-depends because it doesn't actually
-    work, and sometimes building with it would be wrong. 
-  * Don't depend on libpcap-dev on Debian BSD
-  * Conflict with old libpam-modules, Closes: #191906
-  * Incorrect username should not be logged at alert (patch 43),
-  Closes: #175900
-  * Patch to support FreeBSD (patch 44, thanks Robert), Closes: #191906
-
- -- Sam Hartman <hartmans@debian.org>  Sat, 31 May 2003 19:55:26 -0400
-
-pam (0.76-10) unstable; urgency=low
-
-  * Don't double list conffiles, Closes: #190954
-  * Only install example sources not executables,  Closes: #185286
-  * Display correct directory in error message for  pam_mkhomedir, patch
-    042 thanks to Akira TAGOH, Closes: #165240 
-  * Don't log  EPERM when setting NOFILE limit as Linux doesn't let you
-    set that to -1, Closes: #180310 
-  * Add newline to end of distributed time.conf, Closes: #172229
-  * Up our standards version  and support noopt in DEB_BUILD_OPTIONS
-
- -- Sam Hartman <hartmans@debian.org>  Sat,  3 May 2003 22:28:37 -0400
-
-pam (0.76-9) unstable; urgency=low
-
-  * Fix pam_rhosts hurd patch so it actually works, Closes: #172914
-  * Fix patch 040 not to clobber errno when logging the error fails,
-    Closes: #172186 
-  * Fix dependency for linuxdoc-tools, Closes: #173097
-
- -- Sam Hartman <hartmans@debian.org>  Sun, 15 Dec 2002 17:10:58 -0500
-
-pam (0.76-8) unstable; urgency=low
-
-  * Have makefile appropriately depend on bootstrap-libpam
-  * Install pam minipolicy, Closes: #167798
-  * Don't segfault if ttyname is null; this avoids the segfault but does
-    not actually make pam_issue useful for ssh.  I believe the way
-    pam_issue works is fundamentally incompatible with what sshd expects
-    from PAM (patch 037), Closes: #153152
-  * We actually fixed passwords containing , in  0.76-6, but failed to
-    document it.  They do work, Closes: #164713
-  * Note that /etc/pam.d/other is a fall back  for each service
-  * Patches from Michal 'hramrach' Suchanek" <hramrach_l@centrum.cz> to
-    make HURD work, Closes: #165066 (patch 038 and 039)
-  * Don't depend on gs and other doc prep tools for build-depends, just
-    build-depends-indep, Closes: #165065
-  * Patch from Eric Anderson <anderse@hpl.hp.com> to log failures of
-    setrlimit (patch 040), Closes: #169836
-  * Build pam_limits on hurd, Closes: #165190
-
- -- Sam Hartman <hartmans@debian.org>  Sun, 24 Nov 2002 22:04:28 -0500
-
-pam (0.76-7) unstable; urgency=low
-
-  * Fix handling of pam_ignore  in case where we're skipping modules;
-    update to patch 034
-
- -- Sam Hartman <hartmans@debian.org>  Sun, 20 Oct 2002 21:49:22 -0400
-
-pam (0.76-6) unstable; urgency=low
-
-      * The "No, I don't think I actually want any of what upstream is
-    smoking" release
-  * If this were already in testing, this would be an severity emergency
-    upload 
-  * pam_unix currently treats * in shadow file as no password not
-    disabled; major security issue; fixed in upstream CVS, (patch 035) Closes: #164659
-  * OK, I think this actually fixes the rest of the manpage symlinks,
-    Closes: #163839, #164298
-  * You don't want to use getlogin for pam_wheel because utmp may be wrong or for xterm have no entry, pull forward patch from the 0.72 packages (patch 036), Closes: #163787
-
- -- Sam Hartman <hartmans@debian.org>  Tue, 15 Oct 2002 10:44:56 -0400
-
-pam (0.76-5) unstable; urgency=low
-
-  * Fix library links from 0.75 to 0.76
-  * Ignore PAM_IGNORE in _pam_dispatch_aux (patch 34), Closes: #163841
-  * Fix man page symlinks, Closes: #163839
-
- -- Sam Hartman <hartmans@debian.org>  Fri, 11 Oct 2002 01:08:06 -0400
-
-pam (0.76-4) unstable; urgency=low
-
-  * Upstream correctly states that one should  use gcc not ld when
-    linking and then hapilly proceeds to actually use ld, fixed, Closes: #163711
-   
-  * Remove experimental warning from readme, Closes: 163742
-
- -- Sam Hartman <hartmans@debian.org>  Mon,  7 Oct 2002 23:45:53 -0400
-
-pam (0.76-3) unstable; urgency=low
-
-  * Oops, let's try building -fpic.  This currently builds everything
-    -fpic which is somewhat wrong, but doing more than that requires
-    significant build system hacking (touch every makefile for dynamic
-    objects), so it will wait, Closes: #163600
-
- -- Sam Hartman <hartmans@debian.org>  Sun,  6 Oct 2002 23:33:12 -0400
-
-pam (0.76-2) unstable; urgency=low
-
-  * Link against appropriate libraries so we find  the symbols we need,
-    Closes: #162175
-  * The if everyone's going to complain when I upload broken software to
-    experimental release, I might as well upload to unstable and give them
-    something worth actually complaining about release.
-  * Also the remove the scourge of dbs release
-  * Include patch 034 from the 0.72 packages, meaning that we've included
-    all the patches we need before release
-  * Reject the patch to pam_wheel as I cannot find out what reasonable
-    thing it was trying to do and it seemed broken
-  * libpam-cracklib should depend on wordlist  so it actually works;
-    thanks Olaf Meeuwissen,
-    Closes: #112965
-  * Merge build-depends and build-depends-indep because I'm a bad person
-    and was too lazy to make docs build in a separate pass.  I'll deal in
-    a few versions.
-
- -- Sam Hartman <hartmans@debian.org>  Sun,  6 Oct 2002 18:52:13 -0400
-
-pam (0.76-1) experimental; urgency=low
-
-  * New upstream version
-  * Upstream includes fix to not break cron, Closes: 160566
-  * New Upstream correctly handles priority < 0 for pam_limits, Closes: #126251
-  * .cvsignores removed, Closes: #159961
-
- -- Sam Hartman <hartmans@debian.org>  Sun, 22 Sep 2002 16:11:35 -0400
-
-pam (0.75-3) experimental; urgency=low
-
-      * Apply patch 027  pam_limits so that we initialize to wide open not
-    current limits.
-      * In pam_mail, don't complain about deleting environment variable if
-    we never set it, Closes: #58429
-      * Don't set default max procs limit in pam_limits, Closes: #116874
-        * libpam-runtime now arch all since it has no arch-specific files,
-    Closes: #132545
-      * Update mini policy to reflect confusion on debian-devel
-
- -- Sam Hartman <hartmans@debian.org>  Tue, 16 Jul 2002 09:30:50 -0400
-
-pam (0.75-2) experimental; urgency=low
-
-  * Fix pam_userdb to build and to build against db3, fixes patch 020 
-  * Fix upstream makefile so pam_group has valid configuration, closes: #148657
-  * time.conf reference to logoutd removed, closes: #143801
-  * The static library contains all the appropriate symbols in this
-    version. You may find the complete lack of PAM modules somewhat
-    frustrating; currently the static pam library is only useful if you
-    register your own modules.  Fixing this would require annoying hacking
-    on the upstream build system, closes: #103495
-  * unix_chkpwd.8 typo fixes thanks to dancer@anthill.echidna.id.au,
-    Closes: #139949
-  * Since we're working on the new upstream version, we also have the new docs, closes: #147763
-  * Patch from Martin Schwenke <martin@meltin.net> to only change
-    passwords in pam_unix when they exist in the password file; hopefully
-    does not break NIS, closes: #135990
-  * Another patch from Martin to return PAM_USER_UNKNOWN if we ever
-    actually do get into the password changing routine only to find that
-    we have no password to change, closes: #135604
-  * .cvsignore no longer installed, closes: #120795
-  * We're using debhelper 3, just in time to be obselete, Closes: #93414
-
- -- Sam Hartman <hartmans@debian.org>  Sat,  8 Jun 2002 18:04:40 -0400
-
-pam (0.75-1) experimental; urgency=low
-
-  * Preliminary test packages
-  * New upstream version
-  * Hopefully works mostly the same as  0.72 except for  upstream bug
-    fixes and for the fact that pam_limits is fairly broken right now.
-  * If it breaks you are lucky if you get to keep both pieces release.
-
- -- Sam Hartman <hartmans@debian.org>  Sat, 25 May 2002 22:57:57 -0400
-
-pam (0.72-35) unstable; urgency=medium
-
-  * Fix like_auth to make libpam-krb5 and libpam-heimdal actually useful,
-    patch from RISKO   Gergely , closes: #126251
-
- -- Sam Hartman <hartmans@debian.org>  Mon, 21 Jan 2002 15:20:22 -0500
-
-pam (0.72-34) unstable; urgency=medium
-
-  * Note that HOME may not be useful in pam_environment, closes: #109281
-  * Don't smash case domains (groups/users) in pam_limits, closes: #119893
-  * Remove double the from description, closes: #107705
-  * Fix typo on mail message, closes: #119689
-  * Medium since these are small fixes that should go into woody
-
- -- Sam Hartman <hartmans@debian.org>  Fri, 23 Nov 2001 21:24:20 -0500
-
-pam (0.72-33) unstable; urgency=low
-
-  * Fix pam_mail to look in /var/mail not /var/spool/mail, thanks mjb.
-
- -- Sam Hartman <hartmans@debian.org>  Thu, 11 Oct 2001 15:44:32 -0400
-
-pam (0.72-32) unstable; urgency=medium
-
-  * This should probably get into testing before freeze; medium.
-  * Patch from Volker Stolz to fix bug in previous pam_group patch,
-    closes: #111854 
-
- -- Sam Hartman <hartmans@debian.org>  Sat, 22 Sep 2001 06:32:29 -0400
-
-pam (0.72-31) unstable; urgency=low
-
-  * Add support for credential reinitialization in pam_group, closes: #108697
-
- -- Sam Hartman <hartmans@debian.org>  Fri, 31 Aug 2001 13:16:39 -0400
-
-pam (0.72-30) unstable; urgency=low
-
-  * Include patch from  robbe@orcus.priv.at to build pam_limits on hurd,
-    closes: #103556 
-  * Start installing limits.conf for hurd (may not work quite right)
-
- -- Sam Hartman <hartmans@debian.org>  Mon, 16 Jul 2001 09:35:51 -0400
-
-pam (0.72-29) unstable; urgency=low
-
-  * Correctly declare uint32 type for ia64, closes: #104584
-
- -- Sam Hartman <hartmans@debian.org>  Sat, 14 Jul 2001 01:30:39 -0400
-
-pam (0.72-28) unstable; urgency=low
-
-  * Fix scanf string so pam_limits chroot works, closes: #100812
-  * Only log unknown user at warning, not alert, closes: #95220
-  * By default do complete matches not substring matches for pam_time.
-    You can include explicit wildcard for substring, closes: #66152 
-
- -- Sam Hartman <hartmans@debian.org>  Tue,  3 Jul 2001 17:31:45 -0400
-
-pam (0.72-27) unstable; urgency=low
-
-  * Fix  typo in last patch
-
- -- Sam Hartman <hartmans@debian.org>  Mon, 25 Jun 2001 18:27:42 -0400
-
-pam (0.72-26) unstable; urgency=low
-
-  * Block SIGCHLD when calling unix password verification program, patch from mdz@debian.org, fixes pam part of #97977
-
- -- Sam Hartman <hartmans@debian.org>  Mon, 25 Jun 2001 08:47:12 -0400
-
-pam (0.72-25) unstable; urgency=medium
-
-  * Depend on opensp, working around #89063, closes: #100125
-  * This is urgency medium to get docs back into testing.
-
- -- Sam Hartman <hartmans@debian.org>  Fri,  8 Jun 2001 11:44:12 -0400
-
-pam (0.72-24) unstable; urgency=low
-
-  * New NIS double locking and root password patch from  Philippe Troin
-    <phil@fifi.org>, fixes bug in unreleased patch submitted for
-    0.72-23.  Also improves changing root password so it does something;
-    ongoing discussion on whether this is right.
-
- -- Sam Hartman <hartmans@debian.org>  Mon, 21 May 2001 08:06:05 -0400
-
-pam (0.72-23) unstable; urgency=low
-
-  * Patch from Benoit Gaussen <ben@trez42.net> , Don't trim from , to end
-  of string in user input, only trim from salt 
-    grabbed from passwd file, closes: #96779 
-  * Fix NIS double locking, closes: #96736
-
- -- Sam Hartman <hartmans@debian.org>  Wed, 16 May 2001 15:46:34 -0400
-
-pam (0.72-22) unstable; urgency=low
-
-  * Fix pam.8 to be pam.7, closes: #92874
-
- -- Sam Hartman <hartmans@debian.org>  Tue, 17 Apr 2001 23:04:04 -0400
-
-pam (0.72-21) unstable; urgency=low
-
-  * Don't depend on libcap for hurd, closes: #91998
-  * Don't list scurity/limits.conf as a conffile for hurd
-
- -- Sam Hartman <hartmans@debian.org>  Mon,  9 Apr 2001 12:30:18 -0400
-
-pam (0.72-20) unstable; urgency=low
-
-  * Install pam-undocumented in -runtime not -dev, closes: #93063
-  * Mark pam-runtime as replacing files from -dev in case you installed
-    -19 and have pam-undocumented in the wrong place
-
- -- Sam Hartman <hartmans@debian.org>  Fri,  6 Apr 2001 06:38:15 -0400
-
-
-
-pam (0.72-19) unstable; urgency=low
-
-  * New maintainer, closes: #92353
-  * Install pam-undocumented; somehow it was not installed in -18
-  
- -- Sam Hartman <hartmans@debian.org>  Wed,  4 Apr 2001 21:32:17 -0400
-
-pam (0.72-18) unstable; urgency=low
-
-  * pam_securetty: log failed tty checks. Normally this was only done if
-    the "debug" option was on...do it regardless now, closes: #89390
-  * Get rid of log message for when "root" is not applied to group checks.
-    closes: #88825
-  * Add quiet option to pam_listfile, closes: #84428
-  * pam(8) should be pam(7), pam.conf(8) should be pam.conf(5), closes:
-    #89322
-  * Added groff to Build-Depends-Indep, closes: #88794
-
- -- Ben Collins <bcollins@debian.org>  Sun, 25 Mar 2001 21:40:32 -0500
-
-pam (0.72-17) unstable; urgency=low
-
-  * Fixed login in pam_limits where the max logins could be ignored.
-
- -- Ben Collins <bcollins@debian.org>  Fri,  9 Mar 2001 09:14:48 -0500
-
-pam (0.72-16) unstable; urgency=low
-
-  * New pam limits cap patch from Topi Miettinen
-    <Topi.Miettinen@koti.tpo.fi>, closes: #88401, #88406, #88525, #88399,
-    #86197
-  * pwdb no longer used, closes: #59917
-  * fix patch 023 for gethostbyname build failure, closes: #86156
-  * Make sure unix_chkpwd gets installed as suid root, closes: #88519
-  * Fix whatis parse of manpages, closes: #86203
-  * pam_listfile, fix arg parsing when arg does not contain '=', closes:
-    #86070
-
- -- Ben Collins <bcollins@debian.org>  Sun,  4 Mar 2001 22:45:58 -0500
-
-pam (0.72-15) unstable; urgency=low
-
-  * Doh, added build-depends for libcap, closes: #85352
-  * Change section of libpam-cracklib from admin to libs to match
-    overrides.
-
- -- Ben Collins <bcollins@debian.org>  Fri,  9 Feb 2001 09:06:40 -0500
-
-pam (0.72-14) unstable; urgency=low
-
-  * Added fix to pam_access for gethostname decleration. closes: #82100
-  * Just name the lib/security directory instead of all the modules
-    seperately for dh_movefiles. closes: #76119
-  * Fix pam_env corruption, closes: #66849, #77229
-  * Add patch to allow recursive /etc/skel copy in pam_mkhomedir, closes:
-    #67211
-  * remove dh_suidregister call, added conflict for old suidregister
-    package
-  * Applied patch for Linux capabilities in pam_limits, closes: #74176
-  * pam_issue.so works for me, without segv, and even with escapes. This
-    is with login. Note, things like pam_issue do not work with ssh simply
-    because ssh is not able to work in that way (does not support
-    arbiitrary conversations). So if you want it to work there, file a bug
-    on ssh, not on libpam-modules. closes: #77228
-  * unix_chkpwd: check for NULL password, closes: #69960
-
- -- Ben Collins <bcollins@debian.org>  Thu,  8 Feb 2001 11:06:03 -0500
-
-pam (0.72-13) unstable; urgency=low
-
-  * Fix grammar in pam_source.sgml, closes: #78959
-  * pam_undocumented.7: Fix escaped 's, closes: #75987
-  * Fix build ordering, closes: #71442, #80397, #77017
-  * Applied Hurd patch, closes: #76119
-  * Use gcc for linking, not ld. closes: #71941
-  * Pretty sure this was fixed, closes: #67172
-  * Applied spealang fixes to Debian-mini-policy. closes: #80249
-  * Applied patch to allow devfs style terminal devices with pam_group,
-    closes: #77661
-  * Could not reproduce, even using md5 passwords. User, if you still have
-  * this problem, you need to tell me with what service (login, which I
-    tested, sshd, telnet, etc...) and also send me the entire pam.d file
-    for that service. closes: #76087
-  * Fixed awhile back, closes: #72858
-  * Closing this since I am not going to include any modules in this
-    package that aren't in upstream. If someone else wants to package
-    these modules seperately, they can do so. closes: #69550
-  * For correct usage, pam_wheel.so should be used with "sufficient" and
-    not "required". This is documented. If you use "required", then you
-    must also use the "trust" option, but that doesn't give you the
-    results you want. closes: #76236
-
- -- Ben Collins <bcollins@debian.org>  Sun, 31 Dec 2000 05:38:23 -0500
-
-pam (0.72-12) frozen unstable; urgency=low
-
-  * Recompile against db2 for glibc change
-  * Add db2 to build-deps
-
- -- Ben Collins <bcollins@debian.org>  Wed, 27 Sep 2000 12:08:11 -0400
-
-pam (0.72-11) frozen unstable; urgency=low
-
-  * Removed all traces of pwdb in packages. libpwdb has been removed from
-    the archive. This means that the pam_pwdb and pam_radius modules are
-    no longer available (from the libpam-pwdb package).
-  * doc/modules/pam_wheel.sgml: Really spell out that being a member of a
-    group meands the user is listed in /etc/group, closes: #69242
-  * doc/*: s/PAM_AUTHOK_RECOVERY_ERR/PAM_AUTHOK_RECOVER_ERR/g,
-    closes: #64473
-  * pam_wheel: PAM does not distinguish it, the libc calls make the
-    distinction. The users gid is returned in their passwd info, while
-    getgrent() returns only the members of the group listed in /etc/group.
-    This is ok, because if it's really that important, you can actually
-    have it in both places. The fact that it's documented should suffice
-    in making this clear, closes: #69236
-  * Sorry, but seperate modules generally need to be packaged seperately.
-    I don't want to overload this package with everyone's pet module, so I
-    have to put my foot down, closes: #61759
-  * Actually, I'm going to move in Woody to make packages depend more on
-    the defaults in /etc/pam.d/other, so that admins have less to
-    maintain. For one, all packages should not have a password service
-    listed, closes: #70000 (YAY! I got the 70k rollover bug number!)
-  * Sorry, I can't include this. "," is a legitimate char in a password
-    salt/hash. If you can code up something that is super intelligent
-    about lenghts of the field, I can go for it, maybe, closes: #59459
-  * modules/pam_limits: Added chroot feature patch, closes: #61090
-  * modules/pam_access: Allow last field to contain ':', closes: #67291
-  * modules/pam_limits: Allow explicit limits for root, closes: #62448
-  * modules/pam_unix: Do not zero old/new password fields, libpam does
-    this itself, and doing so in the module breaks stacking,
-    closes: #66270
-  * modules/pam_group: Allow alpha *and* numeric in tty field (duh),
-    closes: #63752
-  * modules/pam_access: Enable NIS, closes: #64854
-  * libpam0g-dbg: removed, useless anyway
-
- -- Ben Collins <bcollins@debian.org>  Wed, 30 Aug 2000 18:39:32 -0400
-
-pam (0.72-10) frozen unstable; urgency=low
-
-  * Update build depends
-  * Fixed logic for showing non-existent user names when auth failed in
-    pam_unix.so, closes: #67786 (thanks to Jim Breton for being patient in
-    helping track this down). It would sometimes show them, even if we
-    didn't want to.
-
- -- Ben Collins <bcollins@debian.org>  Thu, 27 Jul 2000 09:17:08 -0400
-
-pam (0.72-9) frozen unstable; urgency=low
-
-  * pam_unix: do not call obscure_msg() of pass_old is NULL,
-    closes: #65321
-  * pam_access: check for from[0] == '\0' so that tty logic is actually
-    used, closes: #65401
-
- -- Ben Collins <bcollins@debian.org>  Wed, 14 Jun 2000 11:38:35 -0400
-
-pam (0.72-8) frozen unstable; urgency=low
-
-  * Build depends added in previous version, closes: #60817, #61439
-  * Allow use of ":0" in group.conf, closes: #61966
-  * Added syslog entry to notify that a user succesfully changed their
-    password, closes: #61724
-  * Make pam_unix compatible with HP-UX style NIS+ password information,
-    patch from ldaffner@rsn.hp.com, closes: #61942
-  * If "audit" is not enabled, don't let pam_unix print the names of
-    unknown users for auth attempts, closes: #61942
-  * Fixed ttyname() parsing in pam_access to match that of the old shadow
-    access.conf s,/dev/,, closes: #61644
-  * Set some sane defaults for pam_limits.so instead of carrying over
-    potentially bad defaults, patch from Peter Paluch
-    <peterp@frcatel.fri.utc.sk> closes: #63230
-  * Allow explicit (e.g. specified specifically for) limits for root,
-    patch from Topi Miettinen <Topi.Miettinen@nic.fi>, closes: #62448
-  * Added information to time.conf about logoutd, which is now enabled via
-    this file.
-  * cracklib maintainer claims this isn't a bug, closes: #54180
-  * fixed control syntax handling which was causing segfaults, closes: #62237
-
- -- Ben Collins <bcollins@debian.org>  Sat, 29 Apr 2000 11:39:59 -0400
-
-pam (0.72-7) frozen unstable; urgency=low
-
-  * pam_limits: fix parsing of users which explicitly removes limits,
-    closes: #59911, #60287
-  * Added build-depends
-
- -- Ben Collins <bcollins@debian.org>  Mon, 20 Mar 2000 16:06:28 -0500
-
-pam (0.72-6) frozen unstable; urgency=low
-
-  * Remove conflict for libpam0g-util from libpam0g and put it in
-    libpam-runtime. This should fix a problem with upgrades that apt
-    experiences, closes: #58677
-
- -- Ben Collins <bcollins@debian.org>  Mon, 28 Feb 2000 14:05:28 -0500
-
-pam (0.72-5) frozen unstable; urgency=low
-
-  * Added obscure password checks to pam_unix. Required for shadow to be
-    able to emulate the pre-PAM setup (referenced in a bug on passwd).
-  * Applied patch from #57800 to fix NIS/NIS+ shadow accounting checks,
-    closes: #57800, #58164
-  * Fixed two typos in the PAM System Administrators Guide,
-    closes: #56578, #56587
-
- -- Ben Collins <bcollins@debian.org>  Mon, 28 Feb 2000 10:58:09 -0500
-
-pam (0.72-4) frozen unstable; urgency=low
-
-  * unix_chkpwd: check for NULL on stdin aswell as 0 reads, closes: #56375
-  * pam_unix/Makefile: removed bashism, closes: #56370
-  * fixed in shadow upload, closes: #49832
-
- -- Ben Collins <bcollins@debian.org>  Sat, 29 Jan 2000 00:27:28 -0500
-
-pam (0.72-3) unstable; urgency=low
-
-  * Added cpluplus wraps in all the headers, closes: #53653
-
- -- Ben Collins <bcollins@debian.org>  Sun,  2 Jan 2000 15:15:40 -0500
-
-pam (0.72-2) unstable; urgency=low
-
-  * Well, this is an odd one. A recompile fixes it. So it must have been a
-    problem from linking with 0.71 when this is version 0.72. All of this
-    build daemons seem to have compiled the latest 0.72, so this should be
-    resolved after this gets recompiled on all of them, closes: #51619, #49584
-  * This is from a very old version (0.56) of libpam0. It is not relevant
-    to the latest version, closes: #47162
-
- -- Ben Collins <bcollins@debian.org>  Sun, 26 Dec 1999 09:10:13 -0500
-
-pam (0.72-1) unstable; urgency=low
-
-  * New upstream source release, lots of patches merged upstream (thanks
-    Andrew).
-  * libpam-doc: now provides pam-doc, closes: #45631
-  * cleanups to the build system
-  * shlibs.local: bumped shlib deps
-
- -- Ben Collins <bcollins@debian.org>  Tue, 14 Dec 1999 11:17:36 -0500
-
-pam (0.71-3) unstable; urgency=low
-
-  * Debian-PAM-MiniPolicy: new document describing how PAM is implemented
-    in Debian
-
- -- Ben Collins <bcollins@debian.org>  Fri, 26 Nov 1999 17:26:40 -0500
-
-pam (0.71-2) unstable; urgency=low
-
-  * pam_listfile: lstat -> stat, closes: #49833
-  * pam_tally: install the pam_tally program, closes: #50314
-  * debian/control: libpam-modules, replaces libpam0g-util, closes: #50716
-
- -- Ben Collins <bcollins@debian.org>  Thu, 25 Nov 1999 21:02:23 -0500
-
-pam (0.71-1) unstable; urgency=low
-
-  * New upstream release, merges lots of patches from the Debian source,
-    also merges the pam_{motd,mkhomedir,issue} modules into the main
-    source. Lots of minor bugs fixed, and compiler warnings
-  * pam_mail: Reimplemented the authentication handlers, so now this works
-    as both (changes nothing in Debian, but was required to get the patch
-    accepted upstream)
-  * general: Lots of small edits to fix compiler warnings
-  * pam_userdb: fixed potential usage of an unitialized value as
-    PAM_AUTHTOK, doesn't look particularly exploitable, but better safe
-    than sorry
-
- -- Ben Collins <bcollins@debian.org>  Mon,  8 Nov 1999 19:21:52 -0500
-
-pam (0.70-4) unstable; urgency=low
-
-  * pam_wheel/pam_wheel.c: change to use getpwuid(getuid()) by default, so
-    avoid the problems associated with getlogin()
-
- -- Ben Collins <bcollins@debian.org>  Mon,  1 Nov 1999 13:33:10 -0500
-
-pam (0.70-3) unstable; urgency=low
-
-  * Applied patch from Herbert Xu to enable PAM_CONV_AGAIN support in
-    pam_ftp, closes: #47288
-
- -- Ben Collins <bcollins@debian.org>  Wed, 13 Oct 1999 13:25:21 -0400
-
-pam (0.70-2) unstable; urgency=low
-
-  * 100_pam_pwdb_security_fix: new patch fixes security problem with
-    regard to NIS accounts
-
- -- Ben Collins <bcollins@debian.org>  Wed, 13 Oct 1999 11:42:41 -0400
-
-pam (0.70-1) unstable; urgency=low
-
-  * New upstream release
-  * Seems there were a lot of fixes merged/matches upstream, looks good,
-    (maybe it's time I start sending my patches in, since the maintainer
-    is active again).
-  * libpamc: new library (libpam client library), this actually used to be
-    in the Debian packages for a few versions, but it was removed upstream.
-    Guess what, it's back :)
-
- -- Ben Collins <bcollins@debian.org>  Sun, 10 Oct 1999 01:07:43 -0400
-
-pam (0.69-11) unstable; urgency=low
-
-  * {pwdb,unix}_chkpwd.8: fixed format to get rid of "no whatis" warnings
-    from mandb, closes: #47004
-  * pam_unix.sgml: new file, documents the pam_unix.so module,
-    closes: #46511
-
- -- Ben Collins <bcollins@debian.org>  Sat,  9 Oct 1999 12:41:58 -0400
-
-pam (0.69-10) unstable; urgency=low
-
-  * libpam/pam_item.c: fixed debug message being in wrong place
-  * 013_pam_issue: new patch, provides issue file parsing for PAM
-    applications (helps to replace lost functionality in login).
-
- -- Ben Collins <bcollins@debian.org>  Wed,  6 Oct 1999 20:30:17 -0400
-
-pam (0.69-9) unstable; urgency=low
-
-  * Fix typo in pam_mail.so module's "no" return
-
- -- Ben Collins <bcollins@debian.org>  Sun,  3 Oct 1999 15:08:56 -0400
-
-pam (0.69-8) unstable; urgency=low
-
-  * docs/modules/pam_mkhomedir.sgml: Fixed module name
-  * changed build system structure
-  * libpam/Makefile: add -lcrypt to the linked libs, closes: #46104
-  * increase shlib deps to 0.69-7, closes: #45801
-  * pam_motd.c: close motd file after reading, closes: #46122
-  * pam_motd.c: fix setting \0 in the wrong place when motd file is
-    zero length, closes: #45686, #45632
-  * pam_unix_acct.c: allow '0' to denote disabled for some expiry fields
-    since chage(1) documents it this way, closes: #45446
-  * pam_mail.c|modules/pam_mail.sgml: added 2 options, one "standard" to
-    give the old style "You have ..." response and "quiet" which only
-    reports new mail for both formats, documented both options,
-    closes: #45670
-  * with the new pam_unix module, this bug is fixed, closes: #42230
-  * pam_limits.c: make sure that we not only ignore limits on root, we
-    also remove them just in case we are su'ing from a limited user to
-    the root account (since as root they can remove the limits anyway),
-    closes: #35302
-
- -- Ben Collins <bcollins@debian.org>  Sun,  3 Oct 1999 12:07:28 -0400
-
-pam (0.69-7) unstable; urgency=low
-
-  * debian/rules: fixed module_check
-  * pam_env/pam_env.c: fixed env parsing to include values wrapped in ''
-    and also allow continued lines with a trailing '\'.
-  * pam_motd,pam_mail: converted to session modules, so that they could
-    be ordered with the lastlog module
-  * updated default pam.d/login to reflect above change (now login looks
-    the same as the non-PAM version, lastlog, then motd, and then mail
-    check)
-  * pam_motd: removed extraneous \n from output
-  * modules/pam_limits/pam_limits.c: Fixed parsing of lines with only
-    "domain -", which was documented as being able to get rid of limits
-    for that user or group.
-  * debian/control: (libpam-cracklib) Added depends for cracklib-runtime,
-    closes: #45488
-  * modules/pam_env.c: Fixed /etc/environment parsing causing segfaults on
-    long lines, closes: #45408
-
- -- Ben Collins <bcollins@debian.org>  Sun, 19 Sep 1999 13:50:40 -0400
-
-pam (0.69-6) unstable; urgency=low
-
-  * Install unix_chkpwd suid root, it's needed for NIS to work without
-    modification to the binary.
-  * modules/pam_limits/pam_limits.c: hmm, some how I got a strange broken
-    patch left over from the source upgrade...removed all but the pwdb
-    purging, closes: #45088
-  * modules/pam_env/pam_env.c: Changed to a debug message, instead of a
-    syslog message when /etc/environment does not exist.
-
- -- Ben Collins <bcollins@debian.org>  Wed, 15 Sep 1999 04:25:21 -0400
-
-pam (0.69-5) unstable; urgency=low
-
-  * Removed libpam0g's preinst check for full paths in the pam.d files,
-    this should really be a lintian check at build (i think the old libpam
-    could not work like this, but hey...things change for the better some
-    times. This PAM works fine like that). closes: #45001
-   +NOTE: Debian packages should not reference modules by the full path
-    so they don't break if I ever decide to move the modules to a different
-    default directory. Only the admin should reference full paths and only
-    for locally installed modules. I have submitted a request to check for
-    this in lintian along with a few other devious things.
-  * debian/patches/008_pam_mkhomedir: Fix title of sgml doc
-  * modules/pam_userdb/Makefile: added patch for building against glibc 2.0
-    (request from Roman Hodek), closes: #45064
-
- -- Ben Collins <bcollins@debian.org>  Tue, 14 Sep 1999 06:12:34 -0400
-
-pam (0.69-4) unstable; urgency=low
-
-  * Link all dynamic modules with libpam. For some reason, alpha doesn't
-    like it when we don't
-
- -- Ben Collins <bcollins@debian.org>  Mon, 13 Sep 1999 06:01:40 -0400
-
-pam (0.69-3) unstable; urgency=low
-
-  * doc/modules/pam_cracklib.sgml: changed to correct path for
-    cracklib_dict reference.
-  * modules/pam_env/pam_env.c: now groks bash style env's from
-    /etc/environment to be compatible with other programs that use it.
-  * modules/pam_securetty/pam_securetty.c: don't just plain fail when
-    root isn't allowed to login, fake a password request just like any
-    good auth module would. Keeps us from letting them know that they
-    are doing something bad :)
-  * modules/pam_{motd,mkhomedir}: merged these two modules into this
-    source, also wrote corresponding sgml files for libpam-doc,
-    closes: #40754
-  * debian/control: Moved libpam0g, libpam-modules and libpam-runtime
-    to base with required priority since login depends on them and
-    policy will require this
-
- -- Ben Collins <bcollins@debian.org>  Sat, 11 Sep 1999 08:06:02 -0400
-
-pam (0.69-2) unstable; urgency=low
-
-  * Modified build so that it uses libs and headers in the build tree
-    rather than on the local system. This involved changint the build
-    order slightly and should make it easier to compile on new archs.
-  * Modified pam_limits so that it was invoked during pam_sm_setcred()
-    instead of during pam_sm_session_open() so that it will work with
-    shadow's su.
-  * Fixed missing symbols in libpam.so, they were caused by it thinking
-    it was supposed to have static modules built in.
-  * Fixed problem where libpam was getting built with -DDEBUG
-  * pam_unix_passwd.c: Changed the perms on shadow to be 0.42 and 0640
-    instead of 0.0 and 0600
-  * unix_chkpwd: fix it not being sgid shadow 
-
- -- Ben Collins <bcollins@debian.org>  Thu,  9 Sep 1999 13:52:01 -0400
-
-pam (0.69-1) unstable; urgency=low
-
-  * New upstream source
-    - Now with a new and improved pam_unix module, closes: #38631
-    - Lot's of documentation cleanups
-  * Converted build system to dbs (doogie's build system, aka Adam Heath)
-  * Fixed libpam.so compilation so that it did not link with any of the
-    modules (this was causing lot's of problems, closes; #43913, #40739
-  * modules/pam_ftp/pam_ftp.c: Fixed sizeof, to use strlen,
-    closes: #44054, #41845, #44142, #39129, #39871, #44412
-  * Postscript pages are now generated correctly, closes: #41608
-  * Moved to FHS compliance (including use of debhelper 2.0.40),
-    this also raises the policy version to 3.0.1.1
-  * Don't check the paths in /etc/pam.d files anymore. This is old
-    and causes nothing but complaints, closes: #39747
-  * Build libpam0g-dbg with debuggable static and shared libraries, also
-    enabled the internal DEBUG_REL compile flag for these so that the
-    debugging messages will also be output
-
- -- Ben Collins <bcollins@debian.org>  Tue,  7 Sep 1999 17:45:20 -0400
-
-pam (0.66-10) unstable; urgency=low
-
-  * Added ability for pam_env to parse /etc/environment and updated
-    docs to reflect it
-  * Applied patch for pwdb_chkpwd man page, closes: #38976
-  * Merged pam_unix_*.so modules into one pam_unix.so with symlinks
-    for backward compatibility. This helps centralize this module the
-    same way the pam_pwdb.so is and the way pam_unix.so is on other
-    operating systems (commercial ones specifically).
-  * Closed by pam-apps upload, closes: #38632
-  * Fixed `sgml2latex' syntax, closes: #39119
-  * Added doc-base support, closes: #37627
-
- -- Ben Collins <bcollins@debian.org>  Wed, 16 Jun 1999 01:20:23 -0400
-
-pam (0.66-9.1) unstable; urgency=low
-
-  *  SPARC NMU to fix chown symbols when compiling with glibc 2.1.1
-
- -- Ben Collins <bcollins@debian.org>  Tue, 11 May 1999 13:33:33 +0000
-
-pam (0.66-9) unstable; urgency=low
-
-  * Changed the debian/rules to not mess with the library symlinks (ie
-    running ldconfig in the lib dir) and all is well, closes: #36169
-
- -- Ben Collins <bcollins@debian.org>  Sun, 18 Apr 1999 09:09:51 -0400
-
-pam (0.66-8) unstable; urgency=low
-
-  * Compiled with libpam_client.so now (seperate lib in libpam0g)
-  * Made regex for libpam0g postinst a little more specific so it
-    didn't flag false problems. closes: #34626
-  * Applied patch to fix pam_ftp, closes: #35388
-  * Modified pam_mail and pam_lastlog to honor PAM_SILENT in order to
-    enable apps to use hushlogin/PAM_SILENT
-  * Fixed problem with libpam_client.so being static
-
- -- Ben Collins <bcollins@debian.org>  Mon, 15 Mar 1999 20:54:23 -0500
-
-pam (0.66-7) unstable; urgency=low
-
-  * Fixed XCASE in pam_filter.c (not really in glibc 2.1 by default)
-
- -- Ben Collins <bcollins@debian.org>  Sat,  6 Mar 1999 18:46:56 -0500
-
-pam (0.66-6) unstable; urgency=low
-
-  * Removed empty /lib/security/ from libpam0g (is created in
-    libpam-runtime)
-  * Added a depends for libpam-runtime to libpam0g (was supposed to be
-    there, must have deleted it)
-  * Removed empty /usr/bin from libpam-runtime (old directory where
-    upperLOWER was)
-
- -- Ben Collins <bcollins@debian.org>  Wed, 24 Feb 1999 13:14:25 -0500
-
-pam (0.66-5) unstable; urgency=low
-
-  * Removed harcoded libc6 dependency from libpam0g-dev and changed it to 
-    libc6-dev. closes: #33615
-  * Added md5 flag for pam_unix_passwd.so
-  * Removed upperLOWER program since it is just an example. Moved it's
-    source to the examples directory in libpam-modules
-  * Fixed documentation of pam_strerror() and examples. closes #31142
-  * Made pam_unix_passwd.so leave /etc/shadow mode 640 and root.shadow
-    after changes
-  * Fixed problem in pam_unix_auth that didn't let you su from a normal
-    user to another normal user (ie. neither one was root)
-  * Closing misc fixed bugs. closes #32809, #32274 (have been fixed,
-    just need closing)
-  * Tested lockvc with pam support, works for normal users (pam_pwdb)
-    closes: #31150
-  * Changed /var/log/wtmp in pam_lastlog docs to reflect correct
-    /var/log/lastlog file. closes: #26544
-  * Added -ldl to libpam.so, so apps don't have to
-
- -- Ben Collins <bcollins@debian.org>  Fri, 19 Feb 1999 18:47:30 -0500
-
-pam (0.66-4) unstable; urgency=low
-
-  * Changed pwdb_chkpwd to sgid shadow instead of suid root since it only
-    needs read permissions to /etc/shadow and not write.
-  * Moved a lot of files arouns to get rid of libpam-runtime dependencies
-  * Put libpam-pwdb into it's own package
-  * Removed -lpwdb links for modules since libpwdb is somewhat buggy (or
-    alteast it's interaction with libpam is)
-  * Fixed bug in pam_unix_passwd.so that caused it to never authenticate
-    the correct passwd, making it so you couldn't change the passwd
-
- -- Ben Collins <bcollins@debian.org>  Tue, 16 Feb 1999 15:50:28 -0500
-
-pam (0.66-3) unstable; urgency=low
-
-  * Fixed defaults in /etc/pam.d/other to be pam_unix_*.so modules instead
-    of the accidental pam_pwdb.so module
-  * Fixed suid of pwdb_chkpwd (had to move dh_fixperms after
-    dh_suidregister)
-  * Added Replaces: libpam0g-util in order to help dpkg upgrade from
-    older packages
-  * Applied glibc 2.1 patch from Christian Meder. closes: #32809
-  * Moved libpam-doc to Section doc. closes: #32274
-
- -- Ben Collins <bcollins@debian.org>  Fri, 12 Feb 1999 02:01:43 -0500
-
-pam (0.66-2) unstable; urgency=low
-
-  * Removed all of the versioned module stuff. Modules are now in
-    /lib/security and stay there. Seems after discussion, that modules may
-    not change as often as thought
-  * Fixed suidregister for pwdb_chkpwd
-  * Fixed incomplete descriptions in control file
-  * This is a kludge to close some bugs since the last upload was yanked
-    before being installed in the archive, closes: #16882, #30862, #7725,
-    #10234, #10406, #12210, #14291, #15528, #15529, #20660, #25330,
-    #29868, #31088, #31128, #9131, #9919, #19383, #5132, #14533, #25915,
-    #28075, #31548, #31191
-
- -- Ben Collins <bcollins@debian.org>  Tue,  2 Feb 1999 12:47:25 -0500
-
-pam (0.66-1) unstable; urgency=low
-
-  * New maintainer
-  * New upstream release. closes: #16882, #30862, #7725
-  * Created a better split of the main lib and the runtime to kill the
-    circular dependencies and make it possible to have two .so version of
-    the library installed for upgrades. closes: #10234, #10406, #12210,
-    bug #14291, #15528, #15529, #20660, #25330, #29868, #31088, #31128,
-    bug #9131, #9919.
-  * Harcoded modules directory prefixed with the .so version, and
-    used alternatives to create the symlink to the 'default' modules
-    directory. libpam will use the full path when specified, but use the
-    versioned modules directory for relative names.
-  * Put libpam0g-cracklib modules back in (own package). This means that
-    cracklib support is _not_ in the static libpam.a, also cracklib
-    support is _not_ in pam_unix_passwd.o, but only in pam_cracklib.so
-    by itself.
-  * Fixed a few typos in the source causing compile errors
-  * Fixed source #include's so that pam _didn't_ have to be installed
-    in order to compile the source ( changed from <> to "" )
-  * Removed empty directories from built packages
-  * Opted not to build examples, only going to put *.c files in examples
-    directory for libpam0g-dev
-  * Moved *.sgml files for modules into their own directory (looks like
-    that is what the original maintainer wanted to do, but it didn't go)
-  * Moved doc build to arch-indep build in rules so that it doesn't get
-    built when specifying -B with debuild/dpkg-buildpackage.
-  * Moved `touch .quiet...' to build-stamp in order to have -B builds not
-    ask about pam.conf
-  * Split out non-standard modules to their own package, so as to make the
-    base install smaller (planning for base inclusion here)
-  * Created small manpage for pwdb_chkpwd. closes: #10941
-  * The Copright file in /usr/doc/*/ was already named copright and not
-    compressed. closes: #14533
-  * Package is now lintian clean. closes #19383, #5132
-  * There is a maintainer now and the patch for #25915 is still included
-    so.... closes: #25915
-  * Added check for editor backup files in /etc/pam.d (*~). closes: #28075
-  * Applied patch for md5.h in pam_pwdb module. closes: #31548
-  * Added support for dhelp in libpam-doc. closes: #31191
-
- -- Ben Collins <bcollins@debian.org>  Wed, 20 Jan 1999 07:09:15 -0500
-
-pam (0.65-0.8) frozen unstable; urgency=high
-
-  * Marked PAM as orphaned, given that there has been no maintainer upload
-    in almost two years.
-  * [defs/debian.defs] Removed superflous cracklib2 dependency.
-    (Urgent as cracklib still has release-critical bugs).
-    (Fixes #30862).
-
- -- J.H.M. Dassen (Ray) <jdassen@wi.LeidenUniv.nl>  Wed, 20 Jan 1999 09:34:35 +0100
-
-pam (0.65-0.7) frozen unstable; urgency=high
-
-  * Fixed security vulnerability in the pam_unix and pam_tally modules
-    (reported by Michal Zalewski on bugtraq; patch 
-    A000-SECURITY-PATCH-0.65-and-below.gz by Andrey V. Savochkin).
-
- -- J.H.M. Dassen (Ray) <jdassen@wi.LeidenUniv.nl>  Tue, 29 Dec 1998 16:20:18 +0100
-
-pam (0.65-0.6) unstable; urgency=high
-
-  * Fixed distribution of files over the various packages, which was
-    severely messed up.
-  * Added appropriate Replaces: to ensure upgrading from both the hamm
-    version and previous slink versions.
-  * Fixed debug libraries, PAM module loading.
-  * Added examples.
-  * Added a "pam-undocumented" manpage pointing to libpam-doc, and
-    made links for functions without a manpage to that.
-
- -- J.H.M. Dassen (Ray) <jdassen@wi.LeidenUniv.nl>  Sun, 11 Oct 1998 19:29:40 +0200
-
-pam (0.65-0.5) unstable; urgency=low
-
-  * Rewritten the preinst warning text (it still mentioned the search path).
-
- -- J.H.M. Dassen (Ray) <jdassen@wi.LeidenUniv.nl>  Fri,  9 Oct 1998 14:23:18 +0200
-
-pam (0.65-0.4) unstable; urgency=high
-
-  * It looks like I misunderstood DEFAULT_MODULE_PATH: Linux-PAM does not
-    currently seem to be easily configured to look for modules in more than
-    one directory. With this version, it's configured to look only in
-    /lib/security .
-
- -- J.H.M. Dassen (Ray) <jdassen@wi.LeidenUniv.nl>  Fri,  9 Oct 1998 11:43:34 +0200
-
-pam (0.65-0.3) unstable; urgency=medium
-
-  * Moving the PAM modules to /lib/security broke netatalk.
-    Added a preinst script to detect /etc/pam.d files with explicit paths to
-    PAM modules, give a warning about them, and offer to abort the install
-    (Fixes #27514).
-
- -- J.H.M. Dassen (Ray) <jdassen@wi.LeidenUniv.nl>  Tue,  6 Oct 1998 20:10:43 +0200
-
-pam (0.65-0.2) unstable; urgency=low
-
-  * Argh. The tools didn't recognise -0.1 as a new upstream release, so
-    my previous upload was rejected due to a missing .orig.tar.gz .
-
- -- J.H.M. Dassen (Ray) <jdassen@wi.LeidenUniv.nl>  Sun,  4 Oct 1998 17:15:09 +0200
-
-pam (0.65-0.1) experimental; urgency=low
-
-  * New upstream version.
-  * Non-maintainer upload.
-  * Major package overhaul; now uses debhelper.
-  * In experimental for now. *Please* provide feedback; if the feedback is
-    positive, we can put this in slink.
-  * Dropped libc5 support.
-  * [libpam/pam_static.c] Fixed compilation: "pamh" was undefined; use "NULL".
-    is this the correct fix?
-  * [defs/debian.defs] New.
-  * [Makefile]
-    * Exit when a make in a subdirectory fails.
-    * Compile statically too.
-    * New variables: LC, LP, LPLIBS, DEFAULT_MODULE_PATH .
-  * [libpam/Makefile]
-    * Use DEFAULT_MODULE_PATH if nonempty.
-    * Link libpam against LPLIBS.
-  * [modules/*/Makefile]
-    * Link the dynamic security objects against libpam and libc
-     (LP and LC).
-  * [modules/pam_pwdb/Makefile]
-    * Link dynamic security objects against libcrypt and libnsl.
-  * [conf/install_conf] Allow for non-interactive install (as the other
-    install_conf scripts already did).
-  * Automatically determine the list of /etc/security/* conffiles.
-  * Moved libpam to /lib, and PAM modules to /lib/security as they will
-    become part of the base system in the future.
-  * Built without cracklib support, to keep the base system smaller.
-  * /sbin/pwdb_chkpwd is undocumented, as is upperLOWER.
-
- -- J.H.M. Dassen (Ray) <jdassen@wi.LeidenUniv.nl>  Fri,  2 Oct 1998 20:23:27 +0200
-
-pam (0.57b-0.4) unstable; urgency=high
-
-  * Non maintainer upload
-    My previous upload had removed the libc5 stuff from the controlfile
-    messing up things. Change 'Architecture: any' to 'i386 m68k' for those
-    .deb's instead.
-
- -- Turbo Fredriksson <turbo@debian.org>  Thu, 20 Aug 1998 20:06:50 -0400
-
-pam (0.57b-0.3) unstable; urgency=high
-
-  * Non maintainer upload
-    On a glibc2.1 system, XCASE is only defined in the <bits/termios.h>
-    _IF_ '__USE_MISC' or '__USE_UNIX98' is defined.
-
- -- Turbo Fredriksson <turbo@debian.org>  Sun, 16 Aug 1998 22:13:45 -0400
-
-pam (0.57b-0.2) unstable; urgency=high
-
-  * Yet another non-maintainer release.
-  * Zero changes; simply a re-upload due to a rm-trigger happy release
-    ``manager''.
-
- -- James Troup <jjtroup@comp.brad.ac.uk>  Tue, 17 Mar 1998 19:55:16 +0100
-
-pam (0.57b-0.1) unstable; urgency=medium
-
-  * Non-maintainer release.
-  * debian/control (Standards-Version): Updated to 2.4.0.0.
-  * debian/control (libpam0g-dev): Also conflict with libpam-dbg.
-  * debian/postinst: use case statement instead of if.
-  * debian/rules (COMPAT_ARCHES): removed sparc.
-  * debian/rules (binary-libc6-dev, binary-libc5-altdev): strip static libraries with
-    --strip-debug, not --strip-unneeded.
-  * debian/rules: each package now has it's own doc directory under
-    /usr/doc/, containing at least the copyright file (Policy 5.6).
-  * debian/rules: install files with `install -m 644' not `cp -p' to avoid
-    read-only files.
-  * debian/rules (binary-libc6-util): strip /usr/lib/*/security/*.so with
-    --strip-unneeded.
-  * debian/rules (binary-libc5-util): ditto.
-  * debian/rules (binary-libc5): don't depend on binary-libc5.
-
- -- James Troup <jjtroup@comp.brad.ac.uk>  Sat,  7 Mar 1998 18:04:19 +0100
-
-pam (0.57b-0) unstable; urgency=medium
-
-  * Non-maintainer release.
-  * New upstream version.
-  * Doesn't use pristine upstream source as the upstream tar ball is broken.
-  * Added libc6 libraries libpam0g, libpam0g-dev, libpam0g-dbg and
-    libpam0g-util. [#11697]
-  * libpam-dev becomes libpam0-altdev, libpam-util -> libpam0-altutil and
-    libpam-dbg is removed.
-  * libpam0 depends on libpam0g because libpam0g contains the pam conffile.
-  * libpam0-util depends on libpam0g-util because libpam0g contains the binary.
-  * Compiled with -D_REENTRANT and link with -lc.
-  * Fixed permissions on shared libraries.
-  * Corrected syntax of /etc/pam.d/other. [#10497, #10758, #12030]
-  * Fixed typos in postinst. [#10474, #11365]
-  * Made /etc/pam.conf a conffile.
-  * Updated URL in copyright file.
-  * Removed over-zelaously installed README* files from libpam-doc.
-
- -- James Troup <jjtroup@comp.brad.ac.uk>  Sat, 22 Nov 1997 17:54:30 +0100
-
-pam (0.56-2) unstable; urgency=low
-
-  * Added /etc/pam.d/other with policy 'deny'.
-  * Add manual pages for PAM security modules.
-
- -- Klee Dienes <klee@debian.org>  Sat, 15 Mar 1997 22:33:22 -0500
-
-pam (0.56-1) unstable; urgency=low
-
-  * New upstream release.
-  * Converted to new packaging format.
-  * Reorganization of package structure (-dev, -dbg, etc).
-
- -- Klee Dienes <klee@debian.org>  Sat, 8 Mar 1997 01:21:17 -0500

Copied: tags/debian_version_0.79-4/pam/debian/changelog (from rev 396, trunk/pam/debian/changelog)
===================================================================
--- tags/debian_version_0.79-4/pam/debian/changelog	                        (rev 0)
+++ tags/debian_version_0.79-4/pam/debian/changelog	2006-10-23 12:40:52 UTC (rev 397)
@@ -0,0 +1,1368 @@
+pam (0.79-4) unstable; urgency=medium
+
+  * Medium-urgency upload; at least one RC bugfix, but also a
+    significant number of changes, hence not urgency=high.
+  * Move libpam-modules and libpam0g to Section: libs and libpam-runtime
+    to section: admin, to match the overrides in the archive.
+  * Move old changelog entries (well, entry) that don't follow the current
+    format to debian/changelog.old, since there's no way to figure out a
+    timestamp for an 8-year-old upload, and this is the most effective
+    way to clear a glut of lintian warnings.
+  * Fix the formatting of the libpam-cracklib package description.
+  * Patch 010: remove parts of the patch that aren't necessary for C++
+    compatibility.
+  * Patch 060: fix a segfault in pam_tally caused by misuse of
+    pam_get_data(); already fixed upstream.  Closes: #335273.
+  * Patch 061: fix a double free in pam_issue, caused by overuse (and misuse)
+    of strdup (similar to patch 059).  Already fixed upstream.
+    Closes: #327272.
+  * Don't build-depend on libselinux1-dev and libcap-dev on kfreebsd archs.
+    Closes: #352329.
+  * Patch 005: sync pam_limits with upstream:
+    - support "-" (unlimited) for all limit types except process priority.
+    - support the additional aliases "-1", "unlimited", and "infinity" for
+      clearing the limits; closes: #122400, #149027.
+    - restrict the range of process priority, login count, and system login
+      count settings to (INT_MIN,INT_MAX) (heh).
+    - special-case RLIM_INFINITY when applying multipliers to values from
+      the config.
+    - document maxsyslogins in the default limits.conf; closes: #149883.
+    - use the current process priority as a default instead of resetting to
+      0; closes: #241663.
+    - add support for (and document) new RLIMIT_NICE and RLIMIT_RTPRIO
+      settings in Linux 2.6.12 and above; closes: #313542, #313588.
+    - allow imposing limits on uid=0.
+  * Patch 027: only set RLIM_INFINITY as the default for the limits where
+    we know this is sensible, so that recompiling in an environment with new
+    limits doesn't create a security hole -- as happened with RLIMIT_NICE and
+    RLIMIT_RTPRIO!  Thanks to Ville Hallik for the initial patch.
+    Closes: #388431.
+  * Patch 029, 047: Fix up the broken pam_limits capabilities patch so it
+    actually works -- which may well be a first...  Closes: #318452.
+
+ -- Steve Langasek <vorlon@debian.org>  Mon, 23 Oct 2006 05:36:08 -0700
+
+pam (0.79-3.2) unstable; urgency=low
+
+  * Non-maintainer upload to fix important bug, that makes passwd segfault
+    when CTRL-D is pressed at the password prompt.  Applied the patch 
+    provided by Dann Frazier.  (Closes: #360657)
+
+ -- Margarita Manterola <marga@debian.org>  Sat,  5 Aug 2006 02:11:22 -0300
+
+pam (0.79-3.1) unstable; urgency=low
+
+  * Non-maintainer upload.
+  * Linux-PAM/libpamc/include/security/pam_client.h,
+    Linux-PAM/libpamc/pamc_converse.c: Apply patch from
+    latest upstream version to remove redefinition of internal
+    glibc/libstdc++ types.  Closes: #344447.
+
+ -- Roger Leigh <rleigh@debian.org>  Sun,  5 Feb 2006 21:46:59 +0000
+
+pam (0.79-3) unstable; urgency=low
+
+  * Patch 059
+    - Fix a segfault in pam_userdb when the new "crypt=" option
+      is unset, as will be the case for all existing users; already fixed
+      upstream.  Closes: #330829.
+    - Fix a memory leak in the same code due to gratuitous strdup()s.
+  * Further regression in pam_env: don't treat a missing /etc/environment
+    as a fatal error, either.  Amend patch 058 accordingly.  Closes: #330852.
+
+ -- Steve Langasek <vorlon@debian.org>  Fri, 30 Sep 2005 01:17:53 -0700
+
+pam (0.79-2) unstable; urgency=low
+
+  The ".c.o: rm -rf $@" release
+  * Fix debian/rules so that make clean doesn't remove ./configure when the
+    timestamp on configure.in is newer (!).
+  * Switch pam_userdb from db3 to db4.3, which according to the libdb
+    maintainers should require no manual intervention for upgrading on-disk
+    database formats.  Closes: #165068.
+  * Patch 058:  yes, of course we want to read /etc/environment by
+    default.  Grr!  Revert upstream change which disables this for no
+    apparent reason (closes: #330458).
+  * Tweak selinux rootok code to use the version of the function call that
+    doesn't pollute namespace
+
+ -- Steve Langasek <vorlon@debian.org>  Tue, 27 Sep 2005 02:44:36 -0700
+
+pam (0.79-1) unstable; urgency=low
+
+  * New upstream version (closes: #284954, #300775).
+    - includes some fixes for typos (closes: #319026).
+    - pam_unix should now be LSB 3.0-compliant (closes: #323982).
+    - fixes segfaults in libpam on config file syntax errors
+      (closes: #330097).
+  * Drop patches 000_bootstrap, 004_libpam_makefile_static_works,
+    011_pam_access, 013_pam_filter_termio_to_termios, 017_misc_fixes,
+    025_pam_group_conffile_name, 028_pam_mail_delete_only_when_set,
+    033_use_gcc_not_ld, 034_pam_dispatch_ignore_PAM_IGNORE,
+    035_pam_unix_security, 039_pam_mkhomedir_no_maxpathlen_required,
+    041_call_bootstrap, 042_pam_mkhomedir_dest_not_source_for_errors,
+    051_32_bit_pam_lastlog_ll_time, and
+    053_pam_unix_user_known_returns_user_unknown which have been
+    integrated upstream.
+  * Merge one last bit of patch 053 into patch 043, where it should have
+    been in the first place
+  * Patch 057: SELinux support:
+    - add support to pam_unix for copying SELinux security contexts when
+      writing out new passwd/shadow files and creating lockfiles
+    - support calling unix_chkpwd if opening /etc/shadow fails due to
+      SELinux permissions
+    - allow unix_chkpwd to authenticate for any user when in an SELinux
+      context (hurray!); we depend on SELinux policies to prevent the
+      helper's use as a brute force tool
+    - also support querying user expiration info via unix_chkpwd
+    - misc cleanup: clean up file descriptors when invoking unix_chkpwd
+      (closes: #248310)
+    - make pam_rootok check the SELinux passwd class permissions, not just
+      the uid
+    - add new pam_selinux module (closes: #249499)
+  * Build-depend on libselinux1-dev.
+  * Fix pam_getenv, so that it can read the actual format of /etc/environment
+    instead of trying to read it using the syntax of
+    /etc/security/pam_env.conf; thanks to Colin Watson for the patch.
+    Closes: #327876.
+  * Set LC_COLLATE=C when using alphabetic range expressions in
+    debian/rules; bah, so *that's* what kept happening to my README file
+    when trying to build out of svn!  Closes: #295296.
+  * Add a reference to the text of the GPL to debian/copyright.
+
+ -- Steve Langasek <vorlon@debian.org>  Sun, 25 Sep 2005 22:08:20 -0700
+
+pam (0.76-23) unstable; urgency=low
+
+  * Fix Gcc 3.4 compilation, Closes: #259634
+  * Note that pam.conf is not read if /etc/pam.d exists, Closes: #248928
+  * Fix typo in pam_env.conf, Closes: #277633
+
+ -- Sam Hartman <hartmans@debian.org>  Sun, 10 Jul 2005 16:42:25 -0400
+
+pam (0.76-22) unstable; urgency=medium
+
+  * Add uploaders
+  * Document location of repository
+  * Fix options containing arguments in pam_unix, Closes: #254904
+
+ -- Sam Hartman <hartmans@debian.org>  Mon, 28 Jun 2004 14:28:08 -0400
+
+pam (0.76-21) unstable; urgency=medium
+
+  * Fix patch 055 again because -20 was broken and didn't actually fix the
+    problem. 
+
+ -- Sam Hartman <hartmans@debian.org>  Tue,  4 May 2004 21:37:38 -0400
+
+pam (0.76-20) unstable; urgency=medium
+
+  * Update to patch 55 to only check securetty when we are sure the
+    password is null, Closes: #243698
+  * Medium urgency because the version now in testing has confusing and
+    verbose log messages.
+  * Include pam_getenv script which hopefully will be used by some people
+    somewhere for some purpose 
+
+ -- Sam Hartman <hartmans@debian.org>  Wed, 28 Apr 2004 22:51:18 -0400
+
+pam (0.76-19) unstable; urgency=low
+
+  * Oops, too busy testing the upgrade from woody to make sure the upgrade
+    from -16 to -18 worked.  Thanks to all those who reported, 
+      Closes: #243413 
+
+ -- Sam Hartman <hartmans@debian.org>  Tue, 13 Apr 2004 16:08:54 -0400
+
+pam (0.76-18) unstable; urgency=low
+
+  * Manipulate conffiles to avoid unnecessary prompt in woody to sarge
+    upgrade, Closes: #218318 
+
+ -- Sam Hartman <hartmans@debian.org>  Sat, 10 Apr 2004 18:10:35 -0400
+
+pam (0.76-17) unstable; urgency=low
+
+  * common-password now includes length restrictions and cracklib
+    examples, Closes: #227681, #237537
+  * Patch 054: abstract out the logic from pam_securetty to determine if a
+    tty is in /etc/securetty into a library function 
+  * Patch 55: Add nullok_secure option to pam_unix.  If set,  then null
+    passwords are accepted from terminals in /etc/securetty. 
+  * common-auth now includes nullok_secure, Closes: #228114
+
+
+ -- Sam Hartman <hartmans@debian.org>  Sun,  4 Apr 2004 23:10:11 -0400
+
+pam (0.76-16) unstable; urgency=low
+
+  * Patch 51 from the x86-64 folks to support 32-bit ll_time in
+    pam_lastlog even if time_t is 64-bits 
+  * Don't call openlog in pam_unix (patch 52), Closes: #213566 
+  * Return PAM_USER_UNKNOWN for unknown users in pam_unix (patch 53), Closes: #204506
+
+ -- Sam Hartman <hartmans@debian.org>  Tue, 23 Mar 2004 22:26:04 -0500
+
+pam (0.76-15) unstable; urgency=low
+
+  * Fix description of libpam-runtime, Closes: #209755
+  * Fix description of libpam-cracklib, Closes: #210014
+  * Depend on libc6-dev|libc-dev not libc6-dev, Closes: #212354
+  *  Clean up binaries, Thanks Russell, Closes: #212158
+  * Depend on sufficiently new cracklib2-dev, Closes: #214092
+  * Treate GNU/* as GNU for OS variable to make pam_limits compile,
+    (patch 050) Closes: #220980 
+  * No longer build-depend on latex2html, Closes: #221318 
+  * Allow : in tty specification for pam_group, (patch 048) Closes: #220439
+  * Pull in locking patch from Linux-PAM CVS; this ended up causing
+    021_pam_nis_locking to be reworked and that patch now no longer
+    contains locking fixes, but just NIS cleanup in general.  See
+    049_pam_unix_sane_locking for the locking changes,  Closes: #220158
+
+ -- Sam Hartman <hartmans@debian.org>  Mon, 12 Jan 2004 02:23:59 -0500
+
+pam (0.76-14) unstable; urgency=low
+
+  * Pull in NMU diff from 13.1, Closes: #186011
+  * Split out common-password into its own file, Closes: #207497
+  * Make other a conffile again and update to @include stuff
+  * Add missing symlink, Closes: #196605
+  * Remove undocumented manpages
+  * Update PAM mini-policy
+
+ -- Sam Hartman <hartmans@debian.org>  Mon,  1 Sep 2003 18:08:54 -0400
+
+pam (0.76-13.1) unstable; urgency=low
+
+  * NMU with maintainer's permission.
+  * Add three new config files (/etc/pam.d/common-{auth,account,session})
+    to libpam-runtime.  Other packages which depend on libpam-runtime
+    can now @include these files from their own PAM configs.
+  * Convert /etc/pam.d/other from a conffile to a non-conffile config
+    file.  Closes: #186011.
+  * Remove empty libpam-runtime.prerm script (debhelper will autocreate if needed)
+
+ -- Steve Langasek <vorlon@debian.org>  Tue, 19 Aug 2003 19:41:03 -0500
+
+pam (0.76-13) unstable; urgency=low
+
+  * Nope, that dependency didn't work, so let's remove it.  If we run into other module versioning issues, I now have an arm build environment to debug with.  Closes: #198618
+
+ -- Sam Hartman <hartmans@debian.org>  Mon,  7 Jul 2003 00:22:34 -0400
+
+pam (0.76-12) unstable; urgency=low
+
+  * Fix group.conf example, (patch 046) Closes: #197080
+  * Ignore module return value in jumps, (patch 045) Closes: #176693
+  * Accept string value for chroot limit, thanks Andrei Pelinescu-Onciul,
+    Patch (047), Closes: #196903
+  * Depend on libpam-modules instead of conflicting with older versions.
+    This creates a circular dependency between libpam0g and
+    libpam-modules.  James says this works fine; we hope he's right.
+    Closes: #196949
+ -- Sam Hartman <hartmans@debian.org>  Sat, 21 Jun 2003 17:19:29 -0400
+
+pam (0.76-11) unstable; urgency=low
+
+  * Don't allow db4 to satisfy build-depends because it doesn't actually
+    work, and sometimes building with it would be wrong. 
+  * Don't depend on libpcap-dev on Debian BSD
+  * Conflict with old libpam-modules, Closes: #191906
+  * Incorrect username should not be logged at alert (patch 43),
+  Closes: #175900
+  * Patch to support FreeBSD (patch 44, thanks Robert), Closes: #191906
+
+ -- Sam Hartman <hartmans@debian.org>  Sat, 31 May 2003 19:55:26 -0400
+
+pam (0.76-10) unstable; urgency=low
+
+  * Don't double list conffiles, Closes: #190954
+  * Only install example sources not executables,  Closes: #185286
+  * Display correct directory in error message for  pam_mkhomedir, patch
+    042 thanks to Akira TAGOH, Closes: #165240 
+  * Don't log  EPERM when setting NOFILE limit as Linux doesn't let you
+    set that to -1, Closes: #180310 
+  * Add newline to end of distributed time.conf, Closes: #172229
+  * Up our standards version  and support noopt in DEB_BUILD_OPTIONS
+
+ -- Sam Hartman <hartmans@debian.org>  Sat,  3 May 2003 22:28:37 -0400
+
+pam (0.76-9) unstable; urgency=low
+
+  * Fix pam_rhosts hurd patch so it actually works, Closes: #172914
+  * Fix patch 040 not to clobber errno when logging the error fails,
+    Closes: #172186 
+  * Fix dependency for linuxdoc-tools, Closes: #173097
+
+ -- Sam Hartman <hartmans@debian.org>  Sun, 15 Dec 2002 17:10:58 -0500
+
+pam (0.76-8) unstable; urgency=low
+
+  * Have makefile appropriately depend on bootstrap-libpam
+  * Install pam minipolicy, Closes: #167798
+  * Don't segfault if ttyname is null; this avoids the segfault but does
+    not actually make pam_issue useful for ssh.  I believe the way
+    pam_issue works is fundamentally incompatible with what sshd expects
+    from PAM (patch 037), Closes: #153152
+  * We actually fixed passwords containing , in  0.76-6, but failed to
+    document it.  They do work, Closes: #164713
+  * Note that /etc/pam.d/other is a fall back  for each service
+  * Patches from Michal 'hramrach' Suchanek" <hramrach_l@centrum.cz> to
+    make HURD work, Closes: #165066 (patch 038 and 039)
+  * Don't depend on gs and other doc prep tools for build-depends, just
+    build-depends-indep, Closes: #165065
+  * Patch from Eric Anderson <anderse@hpl.hp.com> to log failures of
+    setrlimit (patch 040), Closes: #169836
+  * Build pam_limits on hurd, Closes: #165190
+
+ -- Sam Hartman <hartmans@debian.org>  Sun, 24 Nov 2002 22:04:28 -0500
+
+pam (0.76-7) unstable; urgency=low
+
+  * Fix handling of pam_ignore  in case where we're skipping modules;
+    update to patch 034
+
+ -- Sam Hartman <hartmans@debian.org>  Sun, 20 Oct 2002 21:49:22 -0400
+
+pam (0.76-6) unstable; urgency=low
+
+      * The "No, I don't think I actually want any of what upstream is
+    smoking" release
+  * If this were already in testing, this would be an severity emergency
+    upload 
+  * pam_unix currently treats * in shadow file as no password not
+    disabled; major security issue; fixed in upstream CVS, (patch 035) Closes: #164659
+  * OK, I think this actually fixes the rest of the manpage symlinks,
+    Closes: #163839, #164298
+  * You don't want to use getlogin for pam_wheel because utmp may be wrong or for xterm have no entry, pull forward patch from the 0.72 packages (patch 036), Closes: #163787
+
+ -- Sam Hartman <hartmans@debian.org>  Tue, 15 Oct 2002 10:44:56 -0400
+
+pam (0.76-5) unstable; urgency=low
+
+  * Fix library links from 0.75 to 0.76
+  * Ignore PAM_IGNORE in _pam_dispatch_aux (patch 34), Closes: #163841
+  * Fix man page symlinks, Closes: #163839
+
+ -- Sam Hartman <hartmans@debian.org>  Fri, 11 Oct 2002 01:08:06 -0400
+
+pam (0.76-4) unstable; urgency=low
+
+  * Upstream correctly states that one should  use gcc not ld when
+    linking and then hapilly proceeds to actually use ld, fixed, Closes: #163711
+   
+  * Remove experimental warning from readme, Closes: 163742
+
+ -- Sam Hartman <hartmans@debian.org>  Mon,  7 Oct 2002 23:45:53 -0400
+
+pam (0.76-3) unstable; urgency=low
+
+  * Oops, let's try building -fpic.  This currently builds everything
+    -fpic which is somewhat wrong, but doing more than that requires
+    significant build system hacking (touch every makefile for dynamic
+    objects), so it will wait, Closes: #163600
+
+ -- Sam Hartman <hartmans@debian.org>  Sun,  6 Oct 2002 23:33:12 -0400
+
+pam (0.76-2) unstable; urgency=low
+
+  * Link against appropriate libraries so we find  the symbols we need,
+    Closes: #162175
+  * The if everyone's going to complain when I upload broken software to
+    experimental release, I might as well upload to unstable and give them
+    something worth actually complaining about release.
+  * Also the remove the scourge of dbs release
+  * Include patch 034 from the 0.72 packages, meaning that we've included
+    all the patches we need before release
+  * Reject the patch to pam_wheel as I cannot find out what reasonable
+    thing it was trying to do and it seemed broken
+  * libpam-cracklib should depend on wordlist  so it actually works;
+    thanks Olaf Meeuwissen,
+    Closes: #112965
+  * Merge build-depends and build-depends-indep because I'm a bad person
+    and was too lazy to make docs build in a separate pass.  I'll deal in
+    a few versions.
+
+ -- Sam Hartman <hartmans@debian.org>  Sun,  6 Oct 2002 18:52:13 -0400
+
+pam (0.76-1) experimental; urgency=low
+
+  * New upstream version
+  * Upstream includes fix to not break cron, Closes: 160566
+  * New Upstream correctly handles priority < 0 for pam_limits, Closes: #126251
+  * .cvsignores removed, Closes: #159961
+
+ -- Sam Hartman <hartmans@debian.org>  Sun, 22 Sep 2002 16:11:35 -0400
+
+pam (0.75-3) experimental; urgency=low
+
+      * Apply patch 027  pam_limits so that we initialize to wide open not
+    current limits.
+      * In pam_mail, don't complain about deleting environment variable if
+    we never set it, Closes: #58429
+      * Don't set default max procs limit in pam_limits, Closes: #116874
+        * libpam-runtime now arch all since it has no arch-specific files,
+    Closes: #132545
+      * Update mini policy to reflect confusion on debian-devel
+
+ -- Sam Hartman <hartmans@debian.org>  Tue, 16 Jul 2002 09:30:50 -0400
+
+pam (0.75-2) experimental; urgency=low
+
+  * Fix pam_userdb to build and to build against db3, fixes patch 020 
+  * Fix upstream makefile so pam_group has valid configuration, closes: #148657
+  * time.conf reference to logoutd removed, closes: #143801
+  * The static library contains all the appropriate symbols in this
+    version. You may find the complete lack of PAM modules somewhat
+    frustrating; currently the static pam library is only useful if you
+    register your own modules.  Fixing this would require annoying hacking
+    on the upstream build system, closes: #103495
+  * unix_chkpwd.8 typo fixes thanks to dancer@anthill.echidna.id.au,
+    Closes: #139949
+  * Since we're working on the new upstream version, we also have the new docs, closes: #147763
+  * Patch from Martin Schwenke <martin@meltin.net> to only change
+    passwords in pam_unix when they exist in the password file; hopefully
+    does not break NIS, closes: #135990
+  * Another patch from Martin to return PAM_USER_UNKNOWN if we ever
+    actually do get into the password changing routine only to find that
+    we have no password to change, closes: #135604
+  * .cvsignore no longer installed, closes: #120795
+  * We're using debhelper 3, just in time to be obselete, Closes: #93414
+
+ -- Sam Hartman <hartmans@debian.org>  Sat,  8 Jun 2002 18:04:40 -0400
+
+pam (0.75-1) experimental; urgency=low
+
+  * Preliminary test packages
+  * New upstream version
+  * Hopefully works mostly the same as  0.72 except for  upstream bug
+    fixes and for the fact that pam_limits is fairly broken right now.
+  * If it breaks you are lucky if you get to keep both pieces release.
+
+ -- Sam Hartman <hartmans@debian.org>  Sat, 25 May 2002 22:57:57 -0400
+
+pam (0.72-35) unstable; urgency=medium
+
+  * Fix like_auth to make libpam-krb5 and libpam-heimdal actually useful,
+    patch from RISKO   Gergely , closes: #126251
+
+ -- Sam Hartman <hartmans@debian.org>  Mon, 21 Jan 2002 15:20:22 -0500
+
+pam (0.72-34) unstable; urgency=medium
+
+  * Note that HOME may not be useful in pam_environment, closes: #109281
+  * Don't smash case domains (groups/users) in pam_limits, closes: #119893
+  * Remove double the from description, closes: #107705
+  * Fix typo on mail message, closes: #119689
+  * Medium since these are small fixes that should go into woody
+
+ -- Sam Hartman <hartmans@debian.org>  Fri, 23 Nov 2001 21:24:20 -0500
+
+pam (0.72-33) unstable; urgency=low
+
+  * Fix pam_mail to look in /var/mail not /var/spool/mail, thanks mjb.
+
+ -- Sam Hartman <hartmans@debian.org>  Thu, 11 Oct 2001 15:44:32 -0400
+
+pam (0.72-32) unstable; urgency=medium
+
+  * This should probably get into testing before freeze; medium.
+  * Patch from Volker Stolz to fix bug in previous pam_group patch,
+    closes: #111854 
+
+ -- Sam Hartman <hartmans@debian.org>  Sat, 22 Sep 2001 06:32:29 -0400
+
+pam (0.72-31) unstable; urgency=low
+
+  * Add support for credential reinitialization in pam_group, closes: #108697
+
+ -- Sam Hartman <hartmans@debian.org>  Fri, 31 Aug 2001 13:16:39 -0400
+
+pam (0.72-30) unstable; urgency=low
+
+  * Include patch from  robbe@orcus.priv.at to build pam_limits on hurd,
+    closes: #103556 
+  * Start installing limits.conf for hurd (may not work quite right)
+
+ -- Sam Hartman <hartmans@debian.org>  Mon, 16 Jul 2001 09:35:51 -0400
+
+pam (0.72-29) unstable; urgency=low
+
+  * Correctly declare uint32 type for ia64, closes: #104584
+
+ -- Sam Hartman <hartmans@debian.org>  Sat, 14 Jul 2001 01:30:39 -0400
+
+pam (0.72-28) unstable; urgency=low
+
+  * Fix scanf string so pam_limits chroot works, closes: #100812
+  * Only log unknown user at warning, not alert, closes: #95220
+  * By default do complete matches not substring matches for pam_time.
+    You can include explicit wildcard for substring, closes: #66152 
+
+ -- Sam Hartman <hartmans@debian.org>  Tue,  3 Jul 2001 17:31:45 -0400
+
+pam (0.72-27) unstable; urgency=low
+
+  * Fix  typo in last patch
+
+ -- Sam Hartman <hartmans@debian.org>  Mon, 25 Jun 2001 18:27:42 -0400
+
+pam (0.72-26) unstable; urgency=low
+
+  * Block SIGCHLD when calling unix password verification program, patch from mdz@debian.org, fixes pam part of #97977
+
+ -- Sam Hartman <hartmans@debian.org>  Mon, 25 Jun 2001 08:47:12 -0400
+
+pam (0.72-25) unstable; urgency=medium
+
+  * Depend on opensp, working around #89063, closes: #100125
+  * This is urgency medium to get docs back into testing.
+
+ -- Sam Hartman <hartmans@debian.org>  Fri,  8 Jun 2001 11:44:12 -0400
+
+pam (0.72-24) unstable; urgency=low
+
+  * New NIS double locking and root password patch from  Philippe Troin
+    <phil@fifi.org>, fixes bug in unreleased patch submitted for
+    0.72-23.  Also improves changing root password so it does something;
+    ongoing discussion on whether this is right.
+
+ -- Sam Hartman <hartmans@debian.org>  Mon, 21 May 2001 08:06:05 -0400
+
+pam (0.72-23) unstable; urgency=low
+
+  * Patch from Benoit Gaussen <ben@trez42.net> , Don't trim from , to end
+  of string in user input, only trim from salt 
+    grabbed from passwd file, closes: #96779 
+  * Fix NIS double locking, closes: #96736
+
+ -- Sam Hartman <hartmans@debian.org>  Wed, 16 May 2001 15:46:34 -0400
+
+pam (0.72-22) unstable; urgency=low
+
+  * Fix pam.8 to be pam.7, closes: #92874
+
+ -- Sam Hartman <hartmans@debian.org>  Tue, 17 Apr 2001 23:04:04 -0400
+
+pam (0.72-21) unstable; urgency=low
+
+  * Don't depend on libcap for hurd, closes: #91998
+  * Don't list scurity/limits.conf as a conffile for hurd
+
+ -- Sam Hartman <hartmans@debian.org>  Mon,  9 Apr 2001 12:30:18 -0400
+
+pam (0.72-20) unstable; urgency=low
+
+  * Install pam-undocumented in -runtime not -dev, closes: #93063
+  * Mark pam-runtime as replacing files from -dev in case you installed
+    -19 and have pam-undocumented in the wrong place
+
+ -- Sam Hartman <hartmans@debian.org>  Fri,  6 Apr 2001 06:38:15 -0400
+
+
+
+pam (0.72-19) unstable; urgency=low
+
+  * New maintainer, closes: #92353
+  * Install pam-undocumented; somehow it was not installed in -18
+  
+ -- Sam Hartman <hartmans@debian.org>  Wed,  4 Apr 2001 21:32:17 -0400
+
+pam (0.72-18) unstable; urgency=low
+
+  * pam_securetty: log failed tty checks. Normally this was only done if
+    the "debug" option was on...do it regardless now, closes: #89390
+  * Get rid of log message for when "root" is not applied to group checks.
+    closes: #88825
+  * Add quiet option to pam_listfile, closes: #84428
+  * pam(8) should be pam(7), pam.conf(8) should be pam.conf(5), closes:
+    #89322
+  * Added groff to Build-Depends-Indep, closes: #88794
+
+ -- Ben Collins <bcollins@debian.org>  Sun, 25 Mar 2001 21:40:32 -0500
+
+pam (0.72-17) unstable; urgency=low
+
+  * Fixed login in pam_limits where the max logins could be ignored.
+
+ -- Ben Collins <bcollins@debian.org>  Fri,  9 Mar 2001 09:14:48 -0500
+
+pam (0.72-16) unstable; urgency=low
+
+  * New pam limits cap patch from Topi Miettinen
+    <Topi.Miettinen@koti.tpo.fi>, closes: #88401, #88406, #88525, #88399,
+    #86197
+  * pwdb no longer used, closes: #59917
+  * fix patch 023 for gethostbyname build failure, closes: #86156
+  * Make sure unix_chkpwd gets installed as suid root, closes: #88519
+  * Fix whatis parse of manpages, closes: #86203
+  * pam_listfile, fix arg parsing when arg does not contain '=', closes:
+    #86070
+
+ -- Ben Collins <bcollins@debian.org>  Sun,  4 Mar 2001 22:45:58 -0500
+
+pam (0.72-15) unstable; urgency=low
+
+  * Doh, added build-depends for libcap, closes: #85352
+  * Change section of libpam-cracklib from admin to libs to match
+    overrides.
+
+ -- Ben Collins <bcollins@debian.org>  Fri,  9 Feb 2001 09:06:40 -0500
+
+pam (0.72-14) unstable; urgency=low
+
+  * Added fix to pam_access for gethostname decleration. closes: #82100
+  * Just name the lib/security directory instead of all the modules
+    seperately for dh_movefiles. closes: #76119
+  * Fix pam_env corruption, closes: #66849, #77229
+  * Add patch to allow recursive /etc/skel copy in pam_mkhomedir, closes:
+    #67211
+  * remove dh_suidregister call, added conflict for old suidregister
+    package
+  * Applied patch for Linux capabilities in pam_limits, closes: #74176
+  * pam_issue.so works for me, without segv, and even with escapes. This
+    is with login. Note, things like pam_issue do not work with ssh simply
+    because ssh is not able to work in that way (does not support
+    arbiitrary conversations). So if you want it to work there, file a bug
+    on ssh, not on libpam-modules. closes: #77228
+  * unix_chkpwd: check for NULL password, closes: #69960
+
+ -- Ben Collins <bcollins@debian.org>  Thu,  8 Feb 2001 11:06:03 -0500
+
+pam (0.72-13) unstable; urgency=low
+
+  * Fix grammar in pam_source.sgml, closes: #78959
+  * pam_undocumented.7: Fix escaped 's, closes: #75987
+  * Fix build ordering, closes: #71442, #80397, #77017
+  * Applied Hurd patch, closes: #76119
+  * Use gcc for linking, not ld. closes: #71941
+  * Pretty sure this was fixed, closes: #67172
+  * Applied spealang fixes to Debian-mini-policy. closes: #80249
+  * Applied patch to allow devfs style terminal devices with pam_group,
+    closes: #77661
+  * Could not reproduce, even using md5 passwords. User, if you still have
+  * this problem, you need to tell me with what service (login, which I
+    tested, sshd, telnet, etc...) and also send me the entire pam.d file
+    for that service. closes: #76087
+  * Fixed awhile back, closes: #72858
+  * Closing this since I am not going to include any modules in this
+    package that aren't in upstream. If someone else wants to package
+    these modules seperately, they can do so. closes: #69550
+  * For correct usage, pam_wheel.so should be used with "sufficient" and
+    not "required". This is documented. If you use "required", then you
+    must also use the "trust" option, but that doesn't give you the
+    results you want. closes: #76236
+
+ -- Ben Collins <bcollins@debian.org>  Sun, 31 Dec 2000 05:38:23 -0500
+
+pam (0.72-12) frozen unstable; urgency=low
+
+  * Recompile against db2 for glibc change
+  * Add db2 to build-deps
+
+ -- Ben Collins <bcollins@debian.org>  Wed, 27 Sep 2000 12:08:11 -0400
+
+pam (0.72-11) frozen unstable; urgency=low
+
+  * Removed all traces of pwdb in packages. libpwdb has been removed from
+    the archive. This means that the pam_pwdb and pam_radius modules are
+    no longer available (from the libpam-pwdb package).
+  * doc/modules/pam_wheel.sgml: Really spell out that being a member of a
+    group meands the user is listed in /etc/group, closes: #69242
+  * doc/*: s/PAM_AUTHOK_RECOVERY_ERR/PAM_AUTHOK_RECOVER_ERR/g,
+    closes: #64473
+  * pam_wheel: PAM does not distinguish it, the libc calls make the
+    distinction. The users gid is returned in their passwd info, while
+    getgrent() returns only the members of the group listed in /etc/group.
+    This is ok, because if it's really that important, you can actually
+    have it in both places. The fact that it's documented should suffice
+    in making this clear, closes: #69236
+  * Sorry, but seperate modules generally need to be packaged seperately.
+    I don't want to overload this package with everyone's pet module, so I
+    have to put my foot down, closes: #61759
+  * Actually, I'm going to move in Woody to make packages depend more on
+    the defaults in /etc/pam.d/other, so that admins have less to
+    maintain. For one, all packages should not have a password service
+    listed, closes: #70000 (YAY! I got the 70k rollover bug number!)
+  * Sorry, I can't include this. "," is a legitimate char in a password
+    salt/hash. If you can code up something that is super intelligent
+    about lenghts of the field, I can go for it, maybe, closes: #59459
+  * modules/pam_limits: Added chroot feature patch, closes: #61090
+  * modules/pam_access: Allow last field to contain ':', closes: #67291
+  * modules/pam_limits: Allow explicit limits for root, closes: #62448
+  * modules/pam_unix: Do not zero old/new password fields, libpam does
+    this itself, and doing so in the module breaks stacking,
+    closes: #66270
+  * modules/pam_group: Allow alpha *and* numeric in tty field (duh),
+    closes: #63752
+  * modules/pam_access: Enable NIS, closes: #64854
+  * libpam0g-dbg: removed, useless anyway
+
+ -- Ben Collins <bcollins@debian.org>  Wed, 30 Aug 2000 18:39:32 -0400
+
+pam (0.72-10) frozen unstable; urgency=low
+
+  * Update build depends
+  * Fixed logic for showing non-existent user names when auth failed in
+    pam_unix.so, closes: #67786 (thanks to Jim Breton for being patient in
+    helping track this down). It would sometimes show them, even if we
+    didn't want to.
+
+ -- Ben Collins <bcollins@debian.org>  Thu, 27 Jul 2000 09:17:08 -0400
+
+pam (0.72-9) frozen unstable; urgency=low
+
+  * pam_unix: do not call obscure_msg() of pass_old is NULL,
+    closes: #65321
+  * pam_access: check for from[0] == '\0' so that tty logic is actually
+    used, closes: #65401
+
+ -- Ben Collins <bcollins@debian.org>  Wed, 14 Jun 2000 11:38:35 -0400
+
+pam (0.72-8) frozen unstable; urgency=low
+
+  * Build depends added in previous version, closes: #60817, #61439
+  * Allow use of ":0" in group.conf, closes: #61966
+  * Added syslog entry to notify that a user succesfully changed their
+    password, closes: #61724
+  * Make pam_unix compatible with HP-UX style NIS+ password information,
+    patch from ldaffner@rsn.hp.com, closes: #61942
+  * If "audit" is not enabled, don't let pam_unix print the names of
+    unknown users for auth attempts, closes: #61942
+  * Fixed ttyname() parsing in pam_access to match that of the old shadow
+    access.conf s,/dev/,, closes: #61644
+  * Set some sane defaults for pam_limits.so instead of carrying over
+    potentially bad defaults, patch from Peter Paluch
+    <peterp@frcatel.fri.utc.sk> closes: #63230
+  * Allow explicit (e.g. specified specifically for) limits for root,
+    patch from Topi Miettinen <Topi.Miettinen@nic.fi>, closes: #62448
+  * Added information to time.conf about logoutd, which is now enabled via
+    this file.
+  * cracklib maintainer claims this isn't a bug, closes: #54180
+  * fixed control syntax handling which was causing segfaults, closes: #62237
+
+ -- Ben Collins <bcollins@debian.org>  Sat, 29 Apr 2000 11:39:59 -0400
+
+pam (0.72-7) frozen unstable; urgency=low
+
+  * pam_limits: fix parsing of users which explicitly removes limits,
+    closes: #59911, #60287
+  * Added build-depends
+
+ -- Ben Collins <bcollins@debian.org>  Mon, 20 Mar 2000 16:06:28 -0500
+
+pam (0.72-6) frozen unstable; urgency=low
+
+  * Remove conflict for libpam0g-util from libpam0g and put it in
+    libpam-runtime. This should fix a problem with upgrades that apt
+    experiences, closes: #58677
+
+ -- Ben Collins <bcollins@debian.org>  Mon, 28 Feb 2000 14:05:28 -0500
+
+pam (0.72-5) frozen unstable; urgency=low
+
+  * Added obscure password checks to pam_unix. Required for shadow to be
+    able to emulate the pre-PAM setup (referenced in a bug on passwd).
+  * Applied patch from #57800 to fix NIS/NIS+ shadow accounting checks,
+    closes: #57800, #58164
+  * Fixed two typos in the PAM System Administrators Guide,
+    closes: #56578, #56587
+
+ -- Ben Collins <bcollins@debian.org>  Mon, 28 Feb 2000 10:58:09 -0500
+
+pam (0.72-4) frozen unstable; urgency=low
+
+  * unix_chkpwd: check for NULL on stdin aswell as 0 reads, closes: #56375
+  * pam_unix/Makefile: removed bashism, closes: #56370
+  * fixed in shadow upload, closes: #49832
+
+ -- Ben Collins <bcollins@debian.org>  Sat, 29 Jan 2000 00:27:28 -0500
+
+pam (0.72-3) unstable; urgency=low
+
+  * Added cpluplus wraps in all the headers, closes: #53653
+
+ -- Ben Collins <bcollins@debian.org>  Sun,  2 Jan 2000 15:15:40 -0500
+
+pam (0.72-2) unstable; urgency=low
+
+  * Well, this is an odd one. A recompile fixes it. So it must have been a
+    problem from linking with 0.71 when this is version 0.72. All of this
+    build daemons seem to have compiled the latest 0.72, so this should be
+    resolved after this gets recompiled on all of them, closes: #51619, #49584
+  * This is from a very old version (0.56) of libpam0. It is not relevant
+    to the latest version, closes: #47162
+
+ -- Ben Collins <bcollins@debian.org>  Sun, 26 Dec 1999 09:10:13 -0500
+
+pam (0.72-1) unstable; urgency=low
+
+  * New upstream source release, lots of patches merged upstream (thanks
+    Andrew).
+  * libpam-doc: now provides pam-doc, closes: #45631
+  * cleanups to the build system
+  * shlibs.local: bumped shlib deps
+
+ -- Ben Collins <bcollins@debian.org>  Tue, 14 Dec 1999 11:17:36 -0500
+
+pam (0.71-3) unstable; urgency=low
+
+  * Debian-PAM-MiniPolicy: new document describing how PAM is implemented
+    in Debian
+
+ -- Ben Collins <bcollins@debian.org>  Fri, 26 Nov 1999 17:26:40 -0500
+
+pam (0.71-2) unstable; urgency=low
+
+  * pam_listfile: lstat -> stat, closes: #49833
+  * pam_tally: install the pam_tally program, closes: #50314
+  * debian/control: libpam-modules, replaces libpam0g-util, closes: #50716
+
+ -- Ben Collins <bcollins@debian.org>  Thu, 25 Nov 1999 21:02:23 -0500
+
+pam (0.71-1) unstable; urgency=low
+
+  * New upstream release, merges lots of patches from the Debian source,
+    also merges the pam_{motd,mkhomedir,issue} modules into the main
+    source. Lots of minor bugs fixed, and compiler warnings
+  * pam_mail: Reimplemented the authentication handlers, so now this works
+    as both (changes nothing in Debian, but was required to get the patch
+    accepted upstream)
+  * general: Lots of small edits to fix compiler warnings
+  * pam_userdb: fixed potential usage of an unitialized value as
+    PAM_AUTHTOK, doesn't look particularly exploitable, but better safe
+    than sorry
+
+ -- Ben Collins <bcollins@debian.org>  Mon,  8 Nov 1999 19:21:52 -0500
+
+pam (0.70-4) unstable; urgency=low
+
+  * pam_wheel/pam_wheel.c: change to use getpwuid(getuid()) by default, so
+    avoid the problems associated with getlogin()
+
+ -- Ben Collins <bcollins@debian.org>  Mon,  1 Nov 1999 13:33:10 -0500
+
+pam (0.70-3) unstable; urgency=low
+
+  * Applied patch from Herbert Xu to enable PAM_CONV_AGAIN support in
+    pam_ftp, closes: #47288
+
+ -- Ben Collins <bcollins@debian.org>  Wed, 13 Oct 1999 13:25:21 -0400
+
+pam (0.70-2) unstable; urgency=low
+
+  * 100_pam_pwdb_security_fix: new patch fixes security problem with
+    regard to NIS accounts
+
+ -- Ben Collins <bcollins@debian.org>  Wed, 13 Oct 1999 11:42:41 -0400
+
+pam (0.70-1) unstable; urgency=low
+
+  * New upstream release
+  * Seems there were a lot of fixes merged/matches upstream, looks good,
+    (maybe it's time I start sending my patches in, since the maintainer
+    is active again).
+  * libpamc: new library (libpam client library), this actually used to be
+    in the Debian packages for a few versions, but it was removed upstream.
+    Guess what, it's back :)
+
+ -- Ben Collins <bcollins@debian.org>  Sun, 10 Oct 1999 01:07:43 -0400
+
+pam (0.69-11) unstable; urgency=low
+
+  * {pwdb,unix}_chkpwd.8: fixed format to get rid of "no whatis" warnings
+    from mandb, closes: #47004
+  * pam_unix.sgml: new file, documents the pam_unix.so module,
+    closes: #46511
+
+ -- Ben Collins <bcollins@debian.org>  Sat,  9 Oct 1999 12:41:58 -0400
+
+pam (0.69-10) unstable; urgency=low
+
+  * libpam/pam_item.c: fixed debug message being in wrong place
+  * 013_pam_issue: new patch, provides issue file parsing for PAM
+    applications (helps to replace lost functionality in login).
+
+ -- Ben Collins <bcollins@debian.org>  Wed,  6 Oct 1999 20:30:17 -0400
+
+pam (0.69-9) unstable; urgency=low
+
+  * Fix typo in pam_mail.so module's "no" return
+
+ -- Ben Collins <bcollins@debian.org>  Sun,  3 Oct 1999 15:08:56 -0400
+
+pam (0.69-8) unstable; urgency=low
+
+  * docs/modules/pam_mkhomedir.sgml: Fixed module name
+  * changed build system structure
+  * libpam/Makefile: add -lcrypt to the linked libs, closes: #46104
+  * increase shlib deps to 0.69-7, closes: #45801
+  * pam_motd.c: close motd file after reading, closes: #46122
+  * pam_motd.c: fix setting \0 in the wrong place when motd file is
+    zero length, closes: #45686, #45632
+  * pam_unix_acct.c: allow '0' to denote disabled for some expiry fields
+    since chage(1) documents it this way, closes: #45446
+  * pam_mail.c|modules/pam_mail.sgml: added 2 options, one "standard" to
+    give the old style "You have ..." response and "quiet" which only
+    reports new mail for both formats, documented both options,
+    closes: #45670
+  * with the new pam_unix module, this bug is fixed, closes: #42230
+  * pam_limits.c: make sure that we not only ignore limits on root, we
+    also remove them just in case we are su'ing from a limited user to
+    the root account (since as root they can remove the limits anyway),
+    closes: #35302
+
+ -- Ben Collins <bcollins@debian.org>  Sun,  3 Oct 1999 12:07:28 -0400
+
+pam (0.69-7) unstable; urgency=low
+
+  * debian/rules: fixed module_check
+  * pam_env/pam_env.c: fixed env parsing to include values wrapped in ''
+    and also allow continued lines with a trailing '\'.
+  * pam_motd,pam_mail: converted to session modules, so that they could
+    be ordered with the lastlog module
+  * updated default pam.d/login to reflect above change (now login looks
+    the same as the non-PAM version, lastlog, then motd, and then mail
+    check)
+  * pam_motd: removed extraneous \n from output
+  * modules/pam_limits/pam_limits.c: Fixed parsing of lines with only
+    "domain -", which was documented as being able to get rid of limits
+    for that user or group.
+  * debian/control: (libpam-cracklib) Added depends for cracklib-runtime,
+    closes: #45488
+  * modules/pam_env.c: Fixed /etc/environment parsing causing segfaults on
+    long lines, closes: #45408
+
+ -- Ben Collins <bcollins@debian.org>  Sun, 19 Sep 1999 13:50:40 -0400
+
+pam (0.69-6) unstable; urgency=low
+
+  * Install unix_chkpwd suid root, it's needed for NIS to work without
+    modification to the binary.
+  * modules/pam_limits/pam_limits.c: hmm, some how I got a strange broken
+    patch left over from the source upgrade...removed all but the pwdb
+    purging, closes: #45088
+  * modules/pam_env/pam_env.c: Changed to a debug message, instead of a
+    syslog message when /etc/environment does not exist.
+
+ -- Ben Collins <bcollins@debian.org>  Wed, 15 Sep 1999 04:25:21 -0400
+
+pam (0.69-5) unstable; urgency=low
+
+  * Removed libpam0g's preinst check for full paths in the pam.d files,
+    this should really be a lintian check at build (i think the old libpam
+    could not work like this, but hey...things change for the better some
+    times. This PAM works fine like that). closes: #45001
+   +NOTE: Debian packages should not reference modules by the full path
+    so they don't break if I ever decide to move the modules to a different
+    default directory. Only the admin should reference full paths and only
+    for locally installed modules. I have submitted a request to check for
+    this in lintian along with a few other devious things.
+  * debian/patches/008_pam_mkhomedir: Fix title of sgml doc
+  * modules/pam_userdb/Makefile: added patch for building against glibc 2.0
+    (request from Roman Hodek), closes: #45064
+
+ -- Ben Collins <bcollins@debian.org>  Tue, 14 Sep 1999 06:12:34 -0400
+
+pam (0.69-4) unstable; urgency=low
+
+  * Link all dynamic modules with libpam. For some reason, alpha doesn't
+    like it when we don't
+
+ -- Ben Collins <bcollins@debian.org>  Mon, 13 Sep 1999 06:01:40 -0400
+
+pam (0.69-3) unstable; urgency=low
+
+  * doc/modules/pam_cracklib.sgml: changed to correct path for
+    cracklib_dict reference.
+  * modules/pam_env/pam_env.c: now groks bash style env's from
+    /etc/environment to be compatible with other programs that use it.
+  * modules/pam_securetty/pam_securetty.c: don't just plain fail when
+    root isn't allowed to login, fake a password request just like any
+    good auth module would. Keeps us from letting them know that they
+    are doing something bad :)
+  * modules/pam_{motd,mkhomedir}: merged these two modules into this
+    source, also wrote corresponding sgml files for libpam-doc,
+    closes: #40754
+  * debian/control: Moved libpam0g, libpam-modules and libpam-runtime
+    to base with required priority since login depends on them and
+    policy will require this
+
+ -- Ben Collins <bcollins@debian.org>  Sat, 11 Sep 1999 08:06:02 -0400
+
+pam (0.69-2) unstable; urgency=low
+
+  * Modified build so that it uses libs and headers in the build tree
+    rather than on the local system. This involved changint the build
+    order slightly and should make it easier to compile on new archs.
+  * Modified pam_limits so that it was invoked during pam_sm_setcred()
+    instead of during pam_sm_session_open() so that it will work with
+    shadow's su.
+  * Fixed missing symbols in libpam.so, they were caused by it thinking
+    it was supposed to have static modules built in.
+  * Fixed problem where libpam was getting built with -DDEBUG
+  * pam_unix_passwd.c: Changed the perms on shadow to be 0.42 and 0640
+    instead of 0.0 and 0600
+  * unix_chkpwd: fix it not being sgid shadow 
+
+ -- Ben Collins <bcollins@debian.org>  Thu,  9 Sep 1999 13:52:01 -0400
+
+pam (0.69-1) unstable; urgency=low
+
+  * New upstream source
+    - Now with a new and improved pam_unix module, closes: #38631
+    - Lot's of documentation cleanups
+  * Converted build system to dbs (doogie's build system, aka Adam Heath)
+  * Fixed libpam.so compilation so that it did not link with any of the
+    modules (this was causing lot's of problems, closes; #43913, #40739
+  * modules/pam_ftp/pam_ftp.c: Fixed sizeof, to use strlen,
+    closes: #44054, #41845, #44142, #39129, #39871, #44412
+  * Postscript pages are now generated correctly, closes: #41608
+  * Moved to FHS compliance (including use of debhelper 2.0.40),
+    this also raises the policy version to 3.0.1.1
+  * Don't check the paths in /etc/pam.d files anymore. This is old
+    and causes nothing but complaints, closes: #39747
+  * Build libpam0g-dbg with debuggable static and shared libraries, also
+    enabled the internal DEBUG_REL compile flag for these so that the
+    debugging messages will also be output
+
+ -- Ben Collins <bcollins@debian.org>  Tue,  7 Sep 1999 17:45:20 -0400
+
+pam (0.66-10) unstable; urgency=low
+
+  * Added ability for pam_env to parse /etc/environment and updated
+    docs to reflect it
+  * Applied patch for pwdb_chkpwd man page, closes: #38976
+  * Merged pam_unix_*.so modules into one pam_unix.so with symlinks
+    for backward compatibility. This helps centralize this module the
+    same way the pam_pwdb.so is and the way pam_unix.so is on other
+    operating systems (commercial ones specifically).
+  * Closed by pam-apps upload, closes: #38632
+  * Fixed `sgml2latex' syntax, closes: #39119
+  * Added doc-base support, closes: #37627
+
+ -- Ben Collins <bcollins@debian.org>  Wed, 16 Jun 1999 01:20:23 -0400
+
+pam (0.66-9.1) unstable; urgency=low
+
+  *  SPARC NMU to fix chown symbols when compiling with glibc 2.1.1
+
+ -- Ben Collins <bcollins@debian.org>  Tue, 11 May 1999 13:33:33 +0000
+
+pam (0.66-9) unstable; urgency=low
+
+  * Changed the debian/rules to not mess with the library symlinks (ie
+    running ldconfig in the lib dir) and all is well, closes: #36169
+
+ -- Ben Collins <bcollins@debian.org>  Sun, 18 Apr 1999 09:09:51 -0400
+
+pam (0.66-8) unstable; urgency=low
+
+  * Compiled with libpam_client.so now (seperate lib in libpam0g)
+  * Made regex for libpam0g postinst a little more specific so it
+    didn't flag false problems. closes: #34626
+  * Applied patch to fix pam_ftp, closes: #35388
+  * Modified pam_mail and pam_lastlog to honor PAM_SILENT in order to
+    enable apps to use hushlogin/PAM_SILENT
+  * Fixed problem with libpam_client.so being static
+
+ -- Ben Collins <bcollins@debian.org>  Mon, 15 Mar 1999 20:54:23 -0500
+
+pam (0.66-7) unstable; urgency=low
+
+  * Fixed XCASE in pam_filter.c (not really in glibc 2.1 by default)
+
+ -- Ben Collins <bcollins@debian.org>  Sat,  6 Mar 1999 18:46:56 -0500
+
+pam (0.66-6) unstable; urgency=low
+
+  * Removed empty /lib/security/ from libpam0g (is created in
+    libpam-runtime)
+  * Added a depends for libpam-runtime to libpam0g (was supposed to be
+    there, must have deleted it)
+  * Removed empty /usr/bin from libpam-runtime (old directory where
+    upperLOWER was)
+
+ -- Ben Collins <bcollins@debian.org>  Wed, 24 Feb 1999 13:14:25 -0500
+
+pam (0.66-5) unstable; urgency=low
+
+  * Removed harcoded libc6 dependency from libpam0g-dev and changed it to 
+    libc6-dev. closes: #33615
+  * Added md5 flag for pam_unix_passwd.so
+  * Removed upperLOWER program since it is just an example. Moved it's
+    source to the examples directory in libpam-modules
+  * Fixed documentation of pam_strerror() and examples. closes #31142
+  * Made pam_unix_passwd.so leave /etc/shadow mode 640 and root.shadow
+    after changes
+  * Fixed problem in pam_unix_auth that didn't let you su from a normal
+    user to another normal user (ie. neither one was root)
+  * Closing misc fixed bugs. closes #32809, #32274 (have been fixed,
+    just need closing)
+  * Tested lockvc with pam support, works for normal users (pam_pwdb)
+    closes: #31150
+  * Changed /var/log/wtmp in pam_lastlog docs to reflect correct
+    /var/log/lastlog file. closes: #26544
+  * Added -ldl to libpam.so, so apps don't have to
+
+ -- Ben Collins <bcollins@debian.org>  Fri, 19 Feb 1999 18:47:30 -0500
+
+pam (0.66-4) unstable; urgency=low
+
+  * Changed pwdb_chkpwd to sgid shadow instead of suid root since it only
+    needs read permissions to /etc/shadow and not write.
+  * Moved a lot of files arouns to get rid of libpam-runtime dependencies
+  * Put libpam-pwdb into it's own package
+  * Removed -lpwdb links for modules since libpwdb is somewhat buggy (or
+    alteast it's interaction with libpam is)
+  * Fixed bug in pam_unix_passwd.so that caused it to never authenticate
+    the correct passwd, making it so you couldn't change the passwd
+
+ -- Ben Collins <bcollins@debian.org>  Tue, 16 Feb 1999 15:50:28 -0500
+
+pam (0.66-3) unstable; urgency=low
+
+  * Fixed defaults in /etc/pam.d/other to be pam_unix_*.so modules instead
+    of the accidental pam_pwdb.so module
+  * Fixed suid of pwdb_chkpwd (had to move dh_fixperms after
+    dh_suidregister)
+  * Added Replaces: libpam0g-util in order to help dpkg upgrade from
+    older packages
+  * Applied glibc 2.1 patch from Christian Meder. closes: #32809
+  * Moved libpam-doc to Section doc. closes: #32274
+
+ -- Ben Collins <bcollins@debian.org>  Fri, 12 Feb 1999 02:01:43 -0500
+
+pam (0.66-2) unstable; urgency=low
+
+  * Removed all of the versioned module stuff. Modules are now in
+    /lib/security and stay there. Seems after discussion, that modules may
+    not change as often as thought
+  * Fixed suidregister for pwdb_chkpwd
+  * Fixed incomplete descriptions in control file
+  * This is a kludge to close some bugs since the last upload was yanked
+    before being installed in the archive, closes: #16882, #30862, #7725,
+    #10234, #10406, #12210, #14291, #15528, #15529, #20660, #25330,
+    #29868, #31088, #31128, #9131, #9919, #19383, #5132, #14533, #25915,
+    #28075, #31548, #31191
+
+ -- Ben Collins <bcollins@debian.org>  Tue,  2 Feb 1999 12:47:25 -0500
+
+pam (0.66-1) unstable; urgency=low
+
+  * New maintainer
+  * New upstream release. closes: #16882, #30862, #7725
+  * Created a better split of the main lib and the runtime to kill the
+    circular dependencies and make it possible to have two .so version of
+    the library installed for upgrades. closes: #10234, #10406, #12210,
+    bug #14291, #15528, #15529, #20660, #25330, #29868, #31088, #31128,
+    bug #9131, #9919.
+  * Harcoded modules directory prefixed with the .so version, and
+    used alternatives to create the symlink to the 'default' modules
+    directory. libpam will use the full path when specified, but use the
+    versioned modules directory for relative names.
+  * Put libpam0g-cracklib modules back in (own package). This means that
+    cracklib support is _not_ in the static libpam.a, also cracklib
+    support is _not_ in pam_unix_passwd.o, but only in pam_cracklib.so
+    by itself.
+  * Fixed a few typos in the source causing compile errors
+  * Fixed source #include's so that pam _didn't_ have to be installed
+    in order to compile the source ( changed from <> to "" )
+  * Removed empty directories from built packages
+  * Opted not to build examples, only going to put *.c files in examples
+    directory for libpam0g-dev
+  * Moved *.sgml files for modules into their own directory (looks like
+    that is what the original maintainer wanted to do, but it didn't go)
+  * Moved doc build to arch-indep build in rules so that it doesn't get
+    built when specifying -B with debuild/dpkg-buildpackage.
+  * Moved `touch .quiet...' to build-stamp in order to have -B builds not
+    ask about pam.conf
+  * Split out non-standard modules to their own package, so as to make the
+    base install smaller (planning for base inclusion here)
+  * Created small manpage for pwdb_chkpwd. closes: #10941
+  * The Copright file in /usr/doc/*/ was already named copright and not
+    compressed. closes: #14533
+  * Package is now lintian clean. closes #19383, #5132
+  * There is a maintainer now and the patch for #25915 is still included
+    so.... closes: #25915
+  * Added check for editor backup files in /etc/pam.d (*~). closes: #28075
+  * Applied patch for md5.h in pam_pwdb module. closes: #31548
+  * Added support for dhelp in libpam-doc. closes: #31191
+
+ -- Ben Collins <bcollins@debian.org>  Wed, 20 Jan 1999 07:09:15 -0500
+
+pam (0.65-0.8) frozen unstable; urgency=high
+
+  * Marked PAM as orphaned, given that there has been no maintainer upload
+    in almost two years.
+  * [defs/debian.defs] Removed superflous cracklib2 dependency.
+    (Urgent as cracklib still has release-critical bugs).
+    (Fixes #30862).
+
+ -- J.H.M. Dassen (Ray) <jdassen@wi.LeidenUniv.nl>  Wed, 20 Jan 1999 09:34:35 +0100
+
+pam (0.65-0.7) frozen unstable; urgency=high
+
+  * Fixed security vulnerability in the pam_unix and pam_tally modules
+    (reported by Michal Zalewski on bugtraq; patch 
+    A000-SECURITY-PATCH-0.65-and-below.gz by Andrey V. Savochkin).
+
+ -- J.H.M. Dassen (Ray) <jdassen@wi.LeidenUniv.nl>  Tue, 29 Dec 1998 16:20:18 +0100
+
+pam (0.65-0.6) unstable; urgency=high
+
+  * Fixed distribution of files over the various packages, which was
+    severely messed up.
+  * Added appropriate Replaces: to ensure upgrading from both the hamm
+    version and previous slink versions.
+  * Fixed debug libraries, PAM module loading.
+  * Added examples.
+  * Added a "pam-undocumented" manpage pointing to libpam-doc, and
+    made links for functions without a manpage to that.
+
+ -- J.H.M. Dassen (Ray) <jdassen@wi.LeidenUniv.nl>  Sun, 11 Oct 1998 19:29:40 +0200
+
+pam (0.65-0.5) unstable; urgency=low
+
+  * Rewritten the preinst warning text (it still mentioned the search path).
+
+ -- J.H.M. Dassen (Ray) <jdassen@wi.LeidenUniv.nl>  Fri,  9 Oct 1998 14:23:18 +0200
+
+pam (0.65-0.4) unstable; urgency=high
+
+  * It looks like I misunderstood DEFAULT_MODULE_PATH: Linux-PAM does not
+    currently seem to be easily configured to look for modules in more than
+    one directory. With this version, it's configured to look only in
+    /lib/security .
+
+ -- J.H.M. Dassen (Ray) <jdassen@wi.LeidenUniv.nl>  Fri,  9 Oct 1998 11:43:34 +0200
+
+pam (0.65-0.3) unstable; urgency=medium
+
+  * Moving the PAM modules to /lib/security broke netatalk.
+    Added a preinst script to detect /etc/pam.d files with explicit paths to
+    PAM modules, give a warning about them, and offer to abort the install
+    (Fixes #27514).
+
+ -- J.H.M. Dassen (Ray) <jdassen@wi.LeidenUniv.nl>  Tue,  6 Oct 1998 20:10:43 +0200
+
+pam (0.65-0.2) unstable; urgency=low
+
+  * Argh. The tools didn't recognise -0.1 as a new upstream release, so
+    my previous upload was rejected due to a missing .orig.tar.gz .
+
+ -- J.H.M. Dassen (Ray) <jdassen@wi.LeidenUniv.nl>  Sun,  4 Oct 1998 17:15:09 +0200
+
+pam (0.65-0.1) experimental; urgency=low
+
+  * New upstream version.
+  * Non-maintainer upload.
+  * Major package overhaul; now uses debhelper.
+  * In experimental for now. *Please* provide feedback; if the feedback is
+    positive, we can put this in slink.
+  * Dropped libc5 support.
+  * [libpam/pam_static.c] Fixed compilation: "pamh" was undefined; use "NULL".
+    is this the correct fix?
+  * [defs/debian.defs] New.
+  * [Makefile]
+    * Exit when a make in a subdirectory fails.
+    * Compile statically too.
+    * New variables: LC, LP, LPLIBS, DEFAULT_MODULE_PATH .
+  * [libpam/Makefile]
+    * Use DEFAULT_MODULE_PATH if nonempty.
+    * Link libpam against LPLIBS.
+  * [modules/*/Makefile]
+    * Link the dynamic security objects against libpam and libc
+     (LP and LC).
+  * [modules/pam_pwdb/Makefile]
+    * Link dynamic security objects against libcrypt and libnsl.
+  * [conf/install_conf] Allow for non-interactive install (as the other
+    install_conf scripts already did).
+  * Automatically determine the list of /etc/security/* conffiles.
+  * Moved libpam to /lib, and PAM modules to /lib/security as they will
+    become part of the base system in the future.
+  * Built without cracklib support, to keep the base system smaller.
+  * /sbin/pwdb_chkpwd is undocumented, as is upperLOWER.
+
+ -- J.H.M. Dassen (Ray) <jdassen@wi.LeidenUniv.nl>  Fri,  2 Oct 1998 20:23:27 +0200
+
+pam (0.57b-0.4) unstable; urgency=high
+
+  * Non maintainer upload
+    My previous upload had removed the libc5 stuff from the controlfile
+    messing up things. Change 'Architecture: any' to 'i386 m68k' for those
+    .deb's instead.
+
+ -- Turbo Fredriksson <turbo@debian.org>  Thu, 20 Aug 1998 20:06:50 -0400
+
+pam (0.57b-0.3) unstable; urgency=high
+
+  * Non maintainer upload
+    On a glibc2.1 system, XCASE is only defined in the <bits/termios.h>
+    _IF_ '__USE_MISC' or '__USE_UNIX98' is defined.
+
+ -- Turbo Fredriksson <turbo@debian.org>  Sun, 16 Aug 1998 22:13:45 -0400
+
+pam (0.57b-0.2) unstable; urgency=high
+
+  * Yet another non-maintainer release.
+  * Zero changes; simply a re-upload due to a rm-trigger happy release
+    ``manager''.
+
+ -- James Troup <jjtroup@comp.brad.ac.uk>  Tue, 17 Mar 1998 19:55:16 +0100
+
+pam (0.57b-0.1) unstable; urgency=medium
+
+  * Non-maintainer release.
+  * debian/control (Standards-Version): Updated to 2.4.0.0.
+  * debian/control (libpam0g-dev): Also conflict with libpam-dbg.
+  * debian/postinst: use case statement instead of if.
+  * debian/rules (COMPAT_ARCHES): removed sparc.
+  * debian/rules (binary-libc6-dev, binary-libc5-altdev): strip static libraries with
+    --strip-debug, not --strip-unneeded.
+  * debian/rules: each package now has it's own doc directory under
+    /usr/doc/, containing at least the copyright file (Policy 5.6).
+  * debian/rules: install files with `install -m 644' not `cp -p' to avoid
+    read-only files.
+  * debian/rules (binary-libc6-util): strip /usr/lib/*/security/*.so with
+    --strip-unneeded.
+  * debian/rules (binary-libc5-util): ditto.
+  * debian/rules (binary-libc5): don't depend on binary-libc5.
+
+ -- James Troup <jjtroup@comp.brad.ac.uk>  Sat,  7 Mar 1998 18:04:19 +0100
+
+pam (0.57b-0) unstable; urgency=medium
+
+  * Non-maintainer release.
+  * New upstream version.
+  * Doesn't use pristine upstream source as the upstream tar ball is broken.
+  * Added libc6 libraries libpam0g, libpam0g-dev, libpam0g-dbg and
+    libpam0g-util. [#11697]
+  * libpam-dev becomes libpam0-altdev, libpam-util -> libpam0-altutil and
+    libpam-dbg is removed.
+  * libpam0 depends on libpam0g because libpam0g contains the pam conffile.
+  * libpam0-util depends on libpam0g-util because libpam0g contains the binary.
+  * Compiled with -D_REENTRANT and link with -lc.
+  * Fixed permissions on shared libraries.
+  * Corrected syntax of /etc/pam.d/other. [#10497, #10758, #12030]
+  * Fixed typos in postinst. [#10474, #11365]
+  * Made /etc/pam.conf a conffile.
+  * Updated URL in copyright file.
+  * Removed over-zelaously installed README* files from libpam-doc.
+
+ -- James Troup <jjtroup@comp.brad.ac.uk>  Sat, 22 Nov 1997 17:54:30 +0100
+
+pam (0.56-2) unstable; urgency=low
+
+  * Added /etc/pam.d/other with policy 'deny'.
+  * Add manual pages for PAM security modules.
+
+ -- Klee Dienes <klee@debian.org>  Sat, 15 Mar 1997 22:33:22 -0500
+
+pam (0.56-1) unstable; urgency=low
+
+  * New upstream release.
+  * Converted to new packaging format.
+  * Reorganization of package structure (-dev, -dbg, etc).
+
+ -- Klee Dienes <klee@debian.org>  Sat, 8 Mar 1997 01:21:17 -0500

Bug Watch Updater (bug-watch-updater) on 2006-12-07

Changed in pam:
status:	Unknown → Fix Released

Revision history for this message

Colin Watson (cjwatson) wrote on 2006-12-19:

#12

Fixed in Feisty by merging this change from Debian:

pam (0.79-3.2) unstable; urgency=low

  * Non-maintainer upload to fix important bug, that makes passwd segfault
    when CTRL-D is pressed at the password prompt. Applied the patch
    provided by Dann Frazier. (Closes: #360657)

-- Margarita Manterola <email address hidden> Sat, 5 Aug 2006 02:11:22 -0300

I don't think this is a security issue, as you can't get an arbitrary pointer in there - all you can do is make it dereference a null pointer, which will immediately raise SIGSEGV.

Changed in pam:
assignee:	nobody → kamion
status:	Confirmed → Fix Released

Affects		Status	Importance	Assigned to	Milestone
	pam (Debian)	Fix Released	Unknown	debbugs #338810
	pam (Ubuntu)	Fix Released	Undecided	Colin Watson

Ubuntu
pam package

/usr/bin/passwd crashes with a segmentation fault if given null input

Bug Description

Duplicates of this bug

Other bug subscribers

Remote bug watches

Ubuntupam package

/usr/bin/passwd crashes with a segmentation fault if given null input

Bug Description

Duplicates of this bug

Other bug subscribers

Remote bug watches

Ubuntu
pam package