diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2021-11-02 11:38:50 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2021-11-02 11:38:50 +0000 |
| commit | fec29b6955e85b25199e86b0e62719b7e900b8e2 (patch) | |
| tree | dc83329f4443bed742f34d52104de0596d873aa7 | |
| parent | Adding upstream version 2.18. (diff) | |
| download | libpam-mount-fec29b6955e85b25199e86b0e62719b7e900b8e2.tar.xz libpam-mount-fec29b6955e85b25199e86b0e62719b7e900b8e2.zip | |
Adding debian version 2.18-2.debian/2.18-2
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
29 files changed, 2754 insertions, 0 deletions
diff --git a/debian/NEWS b/debian/NEWS new file mode 100644 index 0000000..644d567 --- /dev/null +++ b/debian/NEWS @@ -0,0 +1,78 @@ +libpam-mount (2.16-7) unstable; urgency=medium + + libpam-mount was split into libpam-mount (containing the PAM library) and + libpam-mount-bin (containing helper binaries). You probably want to make + sure libpam-mount-bin is installed to use libpam-mount. + + -- Jochen Sprickerhof <jspricke@debian.org> Sun, 30 Sep 2018 22:55:53 +0200 + +libpam-mount (2.16-3) unstable; urgency=medium + + This version drops the pmt-fd0ssh and pmt-ofl tools. Please install the + hxtools package if you need them. + + -- Jochen Sprickerhof <jspricke@debian.org> Mon, 26 Jun 2017 09:15:27 +0200 + +libpam-mount (1.27-3) unstable; urgency=low + + The file inclusion of /etc/pam.d/common-pammount is now deprecated. + It has been replaced with pam-auth-update(8). Read the + pam-auth-update(8) manpage for more information. + . + As a result, all manually added inclusions of common-pammount of + files in /etc/pam.d should be removed or commented out. + A note will be printed on the console if such inclusions are + detected on upgrade. + + -- Bastian Kleineidam <calvin@debian.org> Tue, 18 Aug 2009 22:29:29 +0200 + +libpam-mount (1.2+gitaa4791f-1) unstable; urgency=low + + Upgrading from version << 0.20 is not supported anymore. + Please install an intermediate version 0.49 for upgrading. + + -- Bastian Kleineidam <calvin@debian.org> Wed, 12 Nov 2008 17:48:27 +0100 + +libpam-mount (0.21-2) unstable; urgency=low + + When upgrading from versions << 0.20 the old configuration will + automatically be converted to the new format and stored at + /etc/security/pam_mount.conf.xml. + The default configuration will be available at + /etc/security/pam_mount.conf.xml.default. + . + Note that per-user configuration files ($HOME/.pam_mount.conf) + have still to be converted manually. + . + IMPORTANT: please check the validity of the converted file + /etc/security/pam_mount.conf.xml, since the converter might + have introduced bugs. + + -- Bastian Kleineidam <calvin@debian.org> Tue, 18 Sep 2007 19:31:13 +0200 + +libpam-mount (0.20-1) unstable; urgency=low + + The pam_mount.conf syntax changed in version 0.20.0. It is now + in an XML format and stored in /etc/security/pam_mount.conf.xml. + . + You can convert your old pam_mount.conf file to the new XML syntax + with the script + /usr/share/doc/libpam-mount/examples/convert_pam_mount_conf.pl. + . + Note that this script needs the libxml-writer-perl package installed. + + -- Bastian Kleineidam <calvin@debian.org> Wed, 05 Sep 2007 20:02:46 +0200 + +libpam-mount (0.10.0-2) unstable; urgency=low + + The pam_mount.conf syntax changed in version 0.10.0. + Old 'local' filesystem types are now invalid. Replace them with + the actual filesystem type of the partition you are mounting. + For example a line: + volume user local - /home/user.img /home/user loop,user,exec,encryption=aes,keybits=256 - - + now must be: + volume user ext3 - /home/user.img /home/user loop,user,exec,encryption=aes,keybits=256 - - + + Furthermore, the old "smb" filesystem type must be renamed to "smbfs". + + -- Bastian Kleineidam <calvin@debian.org> Sun, 4 Dec 2005 20:09:04 +0100 diff --git a/debian/README.Debian b/debian/README.Debian new file mode 100644 index 0000000..d46d661 --- /dev/null +++ b/debian/README.Debian @@ -0,0 +1,71 @@ +Installation on a Debian system +=============================== + +Edit the global configuration file /etc/security/pam_mount.conf.xml +and add the volumes you want to mount upon login. +If you enable the "luserconf" entry, every user can specify their +own mounts in $HOME/.pam_mount.conf.xml. +Note that user-specified volumes are mounted under the logged in user, +not as root. + +See the pam_mount(8) and pam_mount.conf(5) man pages for more information. + +All changes to the file /etc/security/pam_mount.conf.xml +take effect on the next login, so the next time a login shell is started, +any new configured volumes will be read and mounted. + +If xmllint is installed, the configuration file can be validated with +the following command: + xmllint --nonet --noout --loaddtd --valid + --path /usr/share/xml/pam_mount/dtd /etc/security/pam_mount.conf.xml + + +Configuration of PAM applications +================================== + +This package uses pam-auth-update(8) to configure itself for all PAM +applications. See the pam-auth-update(8) manpage for more info. + + +Required packages for specific mount types +========================================== +All the packages below are suggested, since you do +not need all of them to successfully use libpam-mount. + +Mount type Required packages +------------------------------------------------- +Samba (cifs) cifs-utils +NetWare (ncpfs) ncpfs +LUKS or Dm-crypt (crypt) cryptsetup, openssl, psmisc, fuser +cryptoloop openssl, cryptoloop-source (for 2.4 kernels) +Fuse (fuser) fuse, sshfs +Truecrypt (truecrypt) no official package available +WebDAV (davfs) davfs2 +XFS (xfs) xfsprogs + +All filesystems also require the appropriate kernel support. +See /proc/filesystems for a list of supported filesystems of the +current kernel. + + +Notes and bugs +-------------- +- If you use SSH, you have to adjust /etc/ssh/sshd_config like this: + + UsePAM yes + UsePrivilegeSeparation no + ChallengeResponseAuthentication no + PasswordAuthentication yes + +- Does not work properly with most (all?) ssh implementations + + openssh-server and the old ssh-krb5 mount ok, but do not unmount + see bug: + https://bugs.debian.org/372680 + + lsh-server does not work at all; it does not use PAM + +- Only works with gksu when debugging is disabled. Be sure to set + "debug 0" in /etc/security/pam_mount.conf.xml if you use gksu. + +Some PAM modules require a mounted home directory (eg. +pam_gnome_keyring used in gdm). These modules have to be moved +after the common-pammount include if home directories are mounted. diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..fbdb624 --- /dev/null +++ b/debian/changelog @@ -0,0 +1,1960 @@ +libpam-mount (2.18-2) unstable; urgency=medium + + [ Christian Ehrhardt ] + * d/t/local-luks: since v2.2 the minimal size is 32M + * d/t/local-luks: adapt tests to whitespace changes in the default config + * d/t/local-luks: unmount is lazy and might affect the next test step + + [ Jochen Sprickerhof ] + * Drop old Breaks/Replaces + * Remove old transition scripts (obsolete since oldstable) + * Bump policy versions (no changes) + + -- Jochen Sprickerhof <jspricke@debian.org> Mon, 01 Nov 2021 09:40:03 +0100 + +libpam-mount (2.18-1) unstable; urgency=medium + + * New upstream version 2.18 + * Rebase patches + + -- Jochen Sprickerhof <jspricke@debian.org> Wed, 06 Jan 2021 08:58:38 +0100 + +libpam-mount (2.17-2) unstable; urgency=medium + + * Make d/not-installed arch independent + * Document sshfs without fd0ssh. + Thanks to Michel Le Bihan (Closes: #952989) + + -- Jochen Sprickerhof <jspricke@debian.org> Fri, 25 Dec 2020 16:54:23 +0100 + +libpam-mount (2.17-1) unstable; urgency=medium + + [ Debian Janitor ] + * Wrap long lines in changelog entries: 2.16-10, 0.9.5-1. + * Set field Upstream-Name in debian/copyright. + * Set upstream metadata fields: Repository. + * Update standards version to 4.4.1, no changes needed. + + [ Jochen Sprickerhof ] + * d/watch check signature + * New upstream version 2.17 + * Rebase patches, drop LUKS2 patch (fixed upstream) (LP: #1906118) + * Install pmt-ehd manpage. + Thanks to Paride Legovini (Closes: #976154) + * bump policy and debhelper versions + * drop gitlab-ci + * Install mount helpers to /sbin + * update copyright + * Add patch to fix compiler warning + * Fix pcre2 patch (LP: #1891552) + * Fix path in manpage + * Fix fd0ssh name in manpage + * Update typos patch + + -- Jochen Sprickerhof <jspricke@debian.org> Fri, 25 Dec 2020 15:25:42 +0100 + +libpam-mount (2.16-10) unstable; urgency=medium + + [ Christian Ehrhardt ] + * - d/tests/control, d/tests/local-luks: add autopkgtest for luks1/luks2 + automount on user login. + + [ Jochen Sprickerhof ] + * Bump policy version (no changes) + * switch to debhelper-compat and debhelper 12 + * add Salsa CI + + -- Jochen Sprickerhof <jspricke@debian.org> Wed, 31 Jul 2019 20:35:51 +0200 + +libpam-mount (2.16-9) unstable; urgency=medium + + * Add patch for pcr2 support (Closes: #911029) (LP: 1792544) + * Guard rmdir in postinst + + -- Jochen Sprickerhof <jspricke@debian.org> Wed, 17 Oct 2018 22:14:25 +0200 + +libpam-mount (2.16-8) unstable; urgency=medium + + * Move to libpcre2-dev (LP: 1792544) + + -- Jochen Sprickerhof <jspricke@debian.org> Sun, 14 Oct 2018 19:38:37 +0200 + +libpam-mount (2.16-7) unstable; urgency=medium + + [ Ondřej Nový ] + * d/changelog: Remove trailing whitespaces + + [ Jochen Sprickerhof ] + * Update copyright and some cleanup + * Split package to make it multi arch friendly (Closes: #696012) + + -- Jochen Sprickerhof <jspricke@debian.org> Sat, 13 Oct 2018 11:45:17 +0200 + +libpam-mount (2.16-6) unstable; urgency=medium + + * Remove old pmt-ofl manpage + * Add patch for CRYPT_LUKS2 + * Bump policy version (no changes) + * Rework packaging (Closes: #696012) + + -- Jochen Sprickerhof <jspricke@debian.org> Sun, 30 Sep 2018 20:23:17 +0200 + +libpam-mount (2.16-5) unstable; urgency=medium + + * Upload to unstable. + + -- Jochen Sprickerhof <jspricke@debian.org> Thu, 12 Apr 2018 19:29:03 +0200 + +libpam-mount (2.16-4) experimental; urgency=medium + + * Fix priority and dependencies (Fix lintian warnings) + * Update Vcs URLs to salsa.d.o + * Add R³ + * http -> https + * Update policy and debhelper versions + * Remove .dirs, not needed + * Add patch for mount point comparison (Closes: #799752) + + -- Jochen Sprickerhof <jspricke@debian.org> Sun, 01 Apr 2018 12:52:41 +0200 + +libpam-mount (2.16-3) unstable; urgency=medium + + [ Jochen Sprickerhof ] + * Remove ancient config changes (not even needed for old-stable) + * Replace fd0ssh and ofl by new versions in hxtools + * Add patch to fix doc target. + Thanks to Felix Lechner (Closes: #856992) + * Add patch for luserconf outside home. + Thanks to Felix Lechner (Closes: #857244) + * Bump standards version and remove autogen + * Update NEWS file + * Really enable hardening + + [ Trent W. Buck ] + * mount with NEW password after expired-password reset (Closes: #862225) + + -- Jochen Sprickerhof <jspricke@debian.org> Mon, 26 Jun 2017 23:56:52 +0200 + +libpam-mount (2.16-2) unstable; urgency=medium + + * Remove old and unavailable suggested packages (Closes: #774246) + * Fix xmllint call (Closes: #780378) + * Update standards version (no changes needed) + * Remove ancient dependency versions and conflicts + * Really set DEB_BUILD_MAINT_OPTIONS. + Thanks to Matthias Klose, Jeremy Bicha (Closes: #849306) + + -- Jochen Sprickerhof <jspricke@debian.org> Sun, 25 Dec 2016 16:32:48 +0100 + +libpam-mount (2.16-1) unstable; urgency=medium + + * Update watch file + * New upstream version 2.16 (Closes: #828404, #768495) + * Update patches + * Add patch for array declaration + * New maintainer (Closes: #774991) + + -- Jochen Sprickerhof <jspricke@debian.org> Fri, 18 Nov 2016 09:33:22 +0100 + +libpam-mount (2.14-2) unstable; urgency=medium + + * QA upload. + * Orphan the package, see #774991. + * Run wrap-and-sort -ast. + * d/rules: remove override_dh_builddeb, xz compression is now default. + * Bump debhelper compat level to 10. + * Stop using hardening-wrapper, make use of dpkg-buildflags with + DEB_BUILD_MAINT_OPTIONS=hardening=+all + instead. Closes: #836635 + * Add Vcs-* fields pointing to a collab-maint git repository- + * Remove obsolete lintian override to patch-system-but-direct-changes-in-diff. + + -- Mattia Rizzolo <mattia@debian.org> Tue, 27 Sep 2016 09:50:05 +0000 + +libpam-mount (2.14-1.1) unstable; urgency=medium + + * Non-maintainer upload. + * Backport upstream's patch dropping the -p0 mount option. It is no + longer available in util-linux >= 2.23. i(Closes: #764451) + + -- Christian Kastner <debian@kvr.at> Tue, 23 Dec 2014 12:00:32 +0100 + +libpam-mount (2.14-1) unstable; urgency=low + + * New upstream release. + + -- Bastian Kleineidam <calvin@debian.org> Sat, 31 Aug 2013 17:12:07 +0200 + +libpam-mount (2.14~zgit3+966c6bea-3) unstable; urgency=low + + * New patch 012-groups-malloc-check + Fixes the groups malloc error check. + * Updated README.Debian (Closes: #705710) + + -- Bastian Kleineidam <calvin@debian.org> Wed, 24 Jul 2013 23:25:11 +0200 + +libpam-mount (2.14~zgit3+966c6bea-2) unstable; urgency=low + + * New patch 011-pmvarrun-no-l0g: + Do not use l0g() function in pmvarrun, it segfaults. + + -- Bastian Kleineidam <calvin@debian.org> Thu, 27 Jun 2013 18:36:29 +0100 + +libpam-mount (2.14~zgit3+966c6bea-1) unstable; urgency=low + + * New upstream git snapshot. + * Add missing crypto libs to mount.crypt (Closes: #713621) + + -- Bastian Kleineidam <calvin@debian.org> Tue, 25 Jun 2013 21:52:50 +0200 + +libpam-mount (2.14~zgit2+aa0d624e-2) unstable; urgency=low + + * Suggest fuse instead of fuse-utils. + Closes: #698182 + + -- Bastian Kleineidam <calvin@debian.org> Tue, 15 Jan 2013 07:27:27 +0100 + +libpam-mount (2.14~zgit2+aa0d624e-1) unstable; urgency=low + + * New git upstream snapshot. + + -- Bastian Kleineidam <calvin@debian.org> Fri, 09 Nov 2012 12:56:05 +0100 + +libpam-mount (2.14~zgit1+ad53f3559-1) unstable; urgency=low + + * New git upstream snapshot. + * Added patch disallow-luserconf-path: do not allow setting of PATH + in user-owned configuration files. + + -- Bastian Kleineidam <calvin@debian.org> Thu, 09 Aug 2012 12:00:05 +0200 + +libpam-mount (2.14~git+d1d6f871-1) unstable; urgency=low + + * New git upstream snapshot. + * New Standards version 3.9.3. + + -- Bastian Kleineidam <calvin@debian.org> Sat, 31 Mar 2012 14:25:04 +0200 + +libpam-mount (2.14~gited542159-2) unstable; urgency=low + + * Added patch fix-mount-crypt-fork-bomb: specifying "fstype=crypt" + to mount.crypt is now ignored. + (Closes: #649126) + + -- Bastian Kleineidam <calvin@debian.org> Mon, 16 Jan 2012 19:48:56 +0100 + +libpam-mount (2.14~gited542159-1) unstable; urgency=low + + * Upstream git snapshot from commit ed542159. + + fixes "ehd_logctl: feature 1 is already zero" messages + (Closes: #655921) + * Make the package build only on Linux systems. Other systems + like kfreebsd or hurd are not supported upstream. + (Closes: #655083) + * Use debhelper compatibility level 8. + + -- Bastian Kleineidam <calvin@debian.org> Mon, 16 Jan 2012 17:39:39 +0100 + +libpam-mount (2.13-1) unstable; urgency=low + + * New upstream release. + (Closes: #652474, #622693) + * Depend on libhx >= 3.12.1 + (Closes: #652762) + * Configure pam_mount for interactive sessions only. + Prevents errors when using non-interactive sudo with pam_mount. + I might re-enable it once #648066 is fixed, or when users start + complaining. I would be interested which scripts really need + pam_mount in non-interactive mode. + * Updated patches for fd0ssh and ofl from hxtools package. + * Updated build-depends: add libmount-dev and libblkid-dev + * Add patch to fix pmt-ehd compilation. + + -- Bastian Kleineidam <calvin@debian.org> Tue, 20 Dec 2011 20:10:14 +0100 + +libpam-mount (2.11-1) unstable; urgency=low + + * New upstream release. + * Removed Vcs-Git and Vcs-Browser from debian/control since they are + supposed to include the debian/ files and not only upstream. + (Closes: #635083) + * Suggest cifs-utils instead of smbfs. (Closes: #638155) + * Require base-files >= 6.4 since /run is used now. + + -- Bastian Kleineidam <calvin@debian.org> Thu, 08 Sep 2011 20:10:29 +0200 + +libpam-mount (2.10-2) unstable; urgency=low + + * Remove unused cdbs from build-depends. + * Use hardening-wrapper for security flags. + + -- Bastian Kleineidam <calvin@debian.org> Sun, 01 May 2011 08:35:01 +0200 + +libpam-mount (2.10-1) unstable; urgency=low + + * New upstream release. + + Properly umounts partitions (Closes: #610232) + + Print warning about read-only /etc/mtab, which addresses #622693 + * Depend on libhx >= 3.10.1 + * Standards version 3.9.2 (no changes required) + + -- Bastian Kleineidam <calvin@debian.org> Sun, 17 Apr 2011 07:36:22 +0200 + +libpam-mount (2.9-1) unstable; urgency=low + + * New upstream release. + + -- Bastian Kleineidam <calvin@debian.org> Thu, 07 Apr 2011 06:48:37 +0200 + +libpam-mount (2.8-2) unstable; urgency=low + + * Updated Vcs-Git and Vcs-Browser URLs. + * Do not report EACCES in pmvarrun when unlinking login count file. + Solves half of #615874. + * Updated README.Debian to use pmt-ehd in the examples. + + -- Bastian Kleineidam <calvin@debian.org> Mon, 21 Mar 2011 09:09:36 +0100 + +libpam-mount (2.8-1) unstable; urgency=low + + * New upstream release. + * Add libtool to build depends. + + -- Bastian Kleineidam <calvin@debian.org> Sat, 25 Dec 2010 11:24:23 +0100 + +libpam-mount (2.7-2) unstable; urgency=low + + * Fix build on kfreebsd-* + (Closes: #606343) + + -- Bastian Kleineidam <calvin@debian.org> Wed, 08 Dec 2010 21:08:36 +0100 + +libpam-mount (2.7-1) unstable; urgency=low + + * New upstream release. + + Remove mnt_fallback patch since squeeze will have 2.5 and upgrading + from 0.4x versions is not needed anymore. + + Readd copy of ofl and fd0ssh to avoid installing a complete new + package. + + -- Bastian Kleineidam <calvin@debian.org> Fri, 03 Dec 2010 20:27:54 +0100 + +libpam-mount (2.5-4) unstable; urgency=low + + * Added patch hurd-path-max-define fixing build errors on HURD. + + -- Bastian Kleineidam <calvin@debian.org> Wed, 01 Sep 2010 21:13:40 +0200 + +libpam-mount (2.5-3) unstable; urgency=medium + + * Depend on mount only on linux. Other architectures have the mount binary + in other packages. This makes the package installable on kfreebsd-*. + (Closes: #594640) + * Urgency medium due to RC bugfix. + + -- Bastian Kleineidam <calvin@debian.org> Mon, 30 Aug 2010 19:37:31 +0200 + +libpam-mount (2.5-2) unstable; urgency=medium + + * Improved arch detection in debian/rules. + * Fix configure flag to disable libcryptsetup on non-linux systems. + (Closes: #592492) + * Urgency medium due to RC bugfix. + + -- Bastian Kleineidam <calvin@debian.org> Wed, 25 Aug 2010 21:26:53 +0200 + +libpam-mount (2.5-1) unstable; urgency=low + + * New upstream release. + * Fixed debian/watch regex. + * debian/control: use Standards version 3.9.1 + * Build libcryptsetup support only on Linux systems + (Closes: #592492) + + -- Bastian Kleineidam <calvin@debian.org> Tue, 10 Aug 2010 21:39:59 +0200 + +libpam-mount (2.4-1) unstable; urgency=low + + * New upstream release. + * debian/control: use Standards version 3.9.0 + + -- Bastian Kleineidam <calvin@debian.org> Fri, 23 Jul 2010 23:00:05 +0200 + +libpam-mount (2.3-1) unstable; urgency=low + + * New upstream release. + + mount.crypt passes keyfile info to open LUKS volumes + (Closes: #528366) + + umount.crypt works again (Closes: #581713) + + -- Bastian Kleineidam <calvin@debian.org> Wed, 19 May 2010 04:05:25 +0200 + +libpam-mount (2.1+git20100509-1) unstable; urgency=low + + * New upstream release, plus git changes until 9.5.2010 + + Works now with other password slots than zero on crypted mounts + (Closes: #580636) + + Certainly includes old patch fixing the cron segfaults + (Closes: #484122) + * Only warn about missing fskey hash when an fskey path has been given. + (Closes: #580430) + + -- Bastian Kleineidam <calvin@debian.org> Sun, 09 May 2010 10:46:01 +0200 + +libpam-mount (2.0-1) unstable; urgency=low + + * New upstream release. + * Build-Depend on libcryptsetup-dev, and remove cryptsetup from + the suggested packages. + * Remove patch var_run_cmtab, which was applied upstream. + * Add upstream git commit b4dbbfe to fix command line expansion. + + -- Bastian Kleineidam <calvin@debian.org> Wed, 28 Apr 2010 02:54:45 +0200 + +libpam-mount (1.36-1) unstable; urgency=low + + * New upstream release. + * Build-Depend on libhx >= 3.4 + * Replace suggestion of truecrypt | truecrypt-util with tc-utils, + which actually exists. + Closes: #577588 + + -- Bastian Kleineidam <calvin@debian.org> Tue, 13 Apr 2010 23:00:12 +0200 + +libpam-mount (1.33-2) unstable; urgency=low + + * Added patch grab_authtok_retcode: + Fix regression in authentication token handling. + + -- Bastian Kleineidam <calvin@debian.org> Fri, 05 Mar 2010 22:42:52 +0100 + +libpam-mount (1.33-1) unstable; urgency=low + + * New upstream release. (Closes: #551976) + * Use Standards version 3.8.4 + + -- Bastian Kleineidam <calvin@debian.org> Fri, 05 Mar 2010 00:25:56 +0100 + +libpam-mount (1.32-2) unstable; urgency=low + + * Use /var/run/cmtab instead of /etc/cmtab to store dynamic mount + information. Complies with FHS standard. (Closes: #551327) + * Switch to 3.0 (quilt) source format. + * Switch to quilt patch management from dpatch + * Remove old checks for <<0.22 versions since 0.44 is in stable + + -- Bastian Kleineidam <calvin@debian.org> Tue, 17 Nov 2009 04:48:00 +0100 + +libpam-mount (1.32-1) unstable; urgency=low + + * New upstream release. + + -- Bastian Kleineidam <calvin@debian.org> Wed, 23 Sep 2009 07:18:19 +0200 + +libpam-mount (1.31-1) unstable; urgency=low + + * New upstream release. + + patch 01_check_authtok_null: dropped, applied upstream + * Add deprecation comment to common-pammount (Closes: #546188) + + -- Bastian Kleineidam <calvin@debian.org> Sun, 13 Sep 2009 21:55:19 +0200 + +libpam-mount (1.30-2) unstable; urgency=medium + + * New patch 01_check_authtok_null: + Fixes segfault when running /bin/su and logging in from console as + root. + Urgency medium since this could lock out users from the system. + (Closes: #545846) + + -- Bastian Kleineidam <calvin@debian.org> Wed, 09 Sep 2009 20:28:26 +0200 + +libpam-mount (1.30-1) unstable; urgency=low + + * New upstream release. + + patch 14_no_double_mtab_removal: dropped, applied upstream + + patch 13_avoid_sudo_crash: dropped, applied upstream + + patch 07_correct_default_hash: dropped; there is no default hash + or digest for openssl documented, so don't claim there is one. + * The new version depends on an updated libHX library, so the FTBFS + occuring with an older libHX library is fixed. + (Closes: #545589) + * Documented the pam-auth-update(8) usage as replacement of the + old common-pammount file in debian/NEWS, the postinstall script, + and debian/README.Debian. + (Closes: #542787) + + -- Bastian Kleineidam <calvin@debian.org> Sat, 29 Aug 2009 08:03:43 +0200 + +libpam-mount (1.27-4) unstable; urgency=low + + * Remove old use_first_pass option from debian/pam-auth-update + to avoid warnings. + * Added pmt-ofl(1) manpage. + + -- Bastian Kleineidam <calvin@debian.org> Wed, 19 Aug 2009 21:05:32 +0200 + +libpam-mount (1.27-3) unstable; urgency=low + + * Install DTD for the XML configuration file so that it can be + validated with xmllint. + * Updated README.Debian: + - added note about configuration validation + - remove old notes about common-pammount + * Added sshfs to the suggested packages. + * Use Standards version 3.8.3 (no further changes required) + * Updated 15_kfreebsd_defines patch: don't compile src/mount-sysv.c + on kfreebsd systems. + * Use pam-auth-update instead of a custom common-pammount file. Thanks + to Steve Langasek for the patch. (Closes: #519956) + + -- Bastian Kleineidam <calvin@debian.org> Tue, 18 Aug 2009 22:29:29 +0200 + +libpam-mount (1.27-2) unstable; urgency=low + + * Build-depend on autotools-dev to be sure current config.guess and + config.sub are used when compiling. + * Add patch 15_kfreebsd_defines: + Should fix compile error on GNU/k*BSD systems + + -- Bastian Kleineidam <calvin@debian.org> Wed, 12 Aug 2009 20:36:01 +0200 + +libpam-mount (1.27-1) unstable; urgency=low + + * New upstream release. + - new patch 12_mnt_fallback: + For upgrading, fall back to mtab parsing on unmount. + - new patch 13_avoid_sudo_crash: + Avoid sudo crashing; picked from upstream git. + - new patch 14_no_double_mtab_removal: + Avoid double mtab removal; picked from upstream git. + - fixed interactive password input (Closes: #509234) + - fixed SGRP matching (Closes: #512030) + - does not ignore XML syntax errors (Closes: #532877) + - added NFS4 recognition (Closes: #532875) + + -- Bastian Kleineidam <calvin@debian.org> Sun, 09 Aug 2009 10:47:41 +0200 + +libpam-mount (1.10-1) unstable; urgency=low + + * New upstream release. + * Remove outdated FAQ entry (Closes: #514855) + + -- Bastian Kleineidam <calvin@debian.org> Wed, 11 Feb 2009 15:39:00 +0100 + +libpam-mount (1.9-1) unstable; urgency=low + + * New upstream release. + + -- Bastian Kleineidam <calvin@debian.org> Fri, 16 Jan 2009 19:25:05 +0100 + +libpam-mount (1.8-1) unstable; urgency=low + + * New upstream release. + - Fixes segfault when used in cron environments (Closes: #510990) + * Removed use_first_pass from common-pammount (Closes: #509233) + + -- Bastian Kleineidam <calvin@debian.org> Wed, 07 Jan 2009 10:12:37 +0100 + +libpam-mount (1.7-1) unstable; urgency=low + + * New upstream release. + + -- Bastian Kleineidam <calvin@debian.org> Fri, 02 Jan 2009 17:58:18 +0100 + +libpam-mount (1.6-1) unstable; urgency=low + + * New upstream release. + + -- Bastian Kleineidam <calvin@debian.org> Sun, 28 Dec 2008 10:17:39 +0100 + +libpam-mount (1.5-2) unstable; urgency=low + + * Remove use_first_pass from common-pammount (Closes: #509233) + + -- Bastian Kleineidam <calvin@debian.org> Mon, 22 Dec 2008 14:08:21 +0100 + +libpam-mount (1.5-1) unstable; urgency=low + + * New upstream release. + + -- Bastian Kleineidam <calvin@debian.org> Sun, 14 Dec 2008 08:52:03 +0100 + +libpam-mount (1.4-1) unstable; urgency=low + + * New upstream release. + + -- Bastian Kleineidam <calvin@debian.org> Tue, 25 Nov 2008 00:31:21 +0100 + +libpam-mount (1.2+gitaa4791f-2) unstable; urgency=low + + * Replace try_first_pass in common-pammount with use_first_pass. + * Remove old PAM keyword try_first_pass from manpage documentation + (Closes: #505933) + * Adjusted README.Debian to use '~' instead of '/home/user' in examples. + * Add manpage aliases (u)mount.crypt_LUKS.8 to the (u)mount.crypt.8 + pages. + + -- Bastian Kleineidam <calvin@debian.org> Tue, 18 Nov 2008 10:49:13 +0100 + +libpam-mount (1.2+gitaa4791f-1) unstable; urgency=low + + * New upstream release (with some patches still in the git repo). + + Fixes cryptoloop bug (Closes: #502357, #502355) + + Fixes unmounting folders ending in a slash (Closes: #495177) + + Replaces old mount_ehd script (Closes: #494108) + + Fixes mount.crypt option error (Closes: #502956) + * Updated package description. + * Suggest xfsprogs for XFS volume mounting. + * Added patch from Michael Bramer to allow usernames to start with + digits. Thanks! (Closes: #505258) + * Do not support upgrading from old versions << 0.20 anymore. + This means debconf templates are not needed anymore, including the + new swedish one from Martin Bagge. Thanks anyway! (Closes: #503873) + * New patch 11_correct_device_for_luks_test: + + fix mounting of LUKS devices with mount.crypt + * New patch 12_init_crypto_device_name: + + Initialize crypto device name with NULL + + -- Bastian Kleineidam <calvin@debian.org> Wed, 12 Nov 2008 17:48:27 +0100 + +libpam-mount (0.48-1) unstable; urgency=high + + * New upstream release, using libhx >= 0.25. + - Prevents security flaw CVE-2008-3970 (thus urgency high) (Closes: #499841) + - Prevents double free in "su" usage (Closes: #493234) + - Does "~" expanding in paths again (Closes: #497813) + - Print names of blocking processes on umount (Closes: #494107) + + -- Bastian Kleineidam <calvin@debian.org> Sun, 28 Sep 2008 19:50:41 +0200 + +libpam-mount (0.44-1) unstable; urgency=low + + * New upstream release. + (Closes: #492559, #493497, #493234, #494107) + + -- Bastian Kleineidam <calvin@debian.org> Mon, 25 Aug 2008 22:47:56 +0200 + +libpam-mount (0.43-1) unstable; urgency=low + + * New upstream release (Closes: #491222). + + -- Bastian Kleineidam <calvin@debian.org> Sat, 19 Jul 2008 21:11:42 +0200 + +libpam-mount (0.41-1) unstable; urgency=low + + * New upstream release. + + Fixes wrong mount.crypt options in pam_mount.conf.xml. (Closes: #486599) + + -- Bastian Kleineidam <calvin@debian.org> Tue, 17 Jun 2008 09:59:01 +0200 + +libpam-mount (0.40-1) unstable; urgency=medium + + * New upstream release. + + Fixes segfault when more than one volume was defined, thus + urgency medium. (Closes: #485620) + * New patch 07_use_fsck_conf: + Make configured fsck options available to mount.crypt via + the FSCK environment variable. + (Closes: #481366) + * New patch 08_check_return_codes: + Check error conditions of some init functions. + * New patch 09_fix_umount_crypt + Fix conditional expression syntax of umount.crypt. + * Use Standards version 3.8.0 + * (Build-)Depend on libhx >= 0.18 + * Install pam_mount(8) and pam_mount.conf(5) manpages. + + -- Bastian Kleineidam <calvin@debian.org> Tue, 10 Jun 2008 21:33:46 +0200 + +libpam-mount (0.39-1) unstable; urgency=low + + * New upstream release. + * Use debhelper v7 + * Updated build dependencies to use libhx-dev >= 1.17 + + -- Bastian Kleineidam <calvin@debian.org> Wed, 28 May 2008 20:37:06 +0200 + +libpam-mount (0.38-1) unstable; urgency=low + + * New upstream release. + * Updated README.Debian file. + + mention ordering of PAM modules using a mounted home directory + (Closes: #481527) + + -- Bastian Kleineidam <calvin@debian.org> Sun, 18 May 2008 21:01:10 +0200 + +libpam-mount (0.35.1-1) unstable; urgency=low + + * New upstream release. + + -- Bastian Kleineidam <calvin@debian.org> Fri, 11 Apr 2008 17:24:16 +0200 + +libpam-mount (0.35-2) unstable; urgency=low + + * Pull upstream patch to fix autodetection of ssl support. + (Closes: #475256) + + -- Bastian Kleineidam <calvin@debian.org> Thu, 10 Apr 2008 11:10:16 +0200 + +libpam-mount (0.35-1) unstable; urgency=low + + * New upstream release. + * Build-Depend on libhx >= 1.15, needed for the new %(ifnempty...) + configuration magic. + * Remove unneeded zlib development library from build dependencies. + * Added pmt-fd0ssh(1) manpage. + + -- Bastian Kleineidam <calvin@debian.org> Sun, 06 Apr 2008 18:13:59 +0200 + +libpam-mount (0.33-3) unstable; urgency=low + + * Properly escape minus signs in pam_mount(8) manpage. Fixes lintian + warnings. + * Override lintian warning patch-system-but-direct-changes-in-diff + since pam_mount.txt is generated from pam_mount.8 which we modified. + * Use debhelper v6 and dh_lintian. + * New patch 11_check_ftruncate_err: check ftruncate() return value. + * Avoid linking pmvarrun against unused libraries -lssl -lcrypto. + + -- Bastian Kleineidam <calvin@debian.org> Fri, 14 Mar 2008 09:39:57 +0100 + +libpam-mount (0.33-2) unstable; urgency=low + + * Fix loop mount logic error. Thanks Holger Brunn for the patch. + (Closes: #470081) + + -- Bastian Kleineidam <calvin@debian.org> Mon, 10 Mar 2008 00:37:31 +0100 + +libpam-mount (0.33-1) unstable; urgency=low + + * New upstream release. + + -- Bastian Kleineidam <calvin@debian.org> Sat, 23 Feb 2008 08:48:31 +0100 + +libpam-mount (0.32-5) unstable; urgency=low + + * Use security flags for gcc invocations. + * Upstream vcs is now git, so use Vcs-Git and adjust Vcs-Browser + variables in debian/control. + * Clarify that src/* files are LGPL licensed, all other files are GPL. + + -- Bastian Kleineidam <calvin@debian.org> Fri, 15 Feb 2008 18:43:20 +0100 + +libpam-mount (0.32-4) unstable; urgency=low + + * Update package description and Debconf templates as reviewed by the + debian-l10n-english team as part of the Smith review project. + (Closes: #459227) + * Debconf translation updates: + + Portuguese (Closes: #459967) + + German (Closes: #462491) + + Galician (Closes: #459988) + + Vietnamese (Closes: #460032) + + Basque (Closes: #460046, #462023) + + Finnish (Closes: #460285) + + Czech (Closes: #460950) + + Italian (Closes: #461562) + + Russian (Closes: #462133) + + Dutch (Closes: #462436) + + French (Closes: #462771) + * Thanks to all the translators and the debian l10n team! + + -- Bastian Kleineidam <calvin@debian.org> Mon, 14 Jan 2008 14:37:36 +0100 + +libpam-mount (0.32-3) unstable; urgency=high + + * Build-depend on pkg-config. This should really fix the + FTBFS errors (Closes: #454967, #454971), thus urgency high. + * Make sure to remove old config files on purge. (Closes: #455032) + + -- Bastian Kleineidam <calvin@debian.org> Mon, 10 Dec 2007 07:53:06 +0100 + +libpam-mount (0.32-2) unstable; urgency=high + + * Fixed typo in versioned build dependencies for libhx-dev. This fixes + FTBFS (Closes: #454967, #454971), thus urgency high. + + -- Bastian Kleineidam <calvin@debian.org> Sat, 08 Dec 2007 18:44:50 +0100 + +libpam-mount (0.32-1) unstable; urgency=low + + * New upstream release. + + -- Bastian Kleineidam <calvin@debian.org> Fri, 07 Dec 2007 01:54:11 +0100 + +libpam-mount (0.31-3) unstable; urgency=low + + * Forgot to apply updated patch 02_check_null_options + * Update Standards Version to 3.7.3, no changes required + + -- Bastian Kleineidam <calvin@debian.org> Tue, 04 Dec 2007 04:41:00 +0100 + +libpam-mount (0.31-2) unstable; urgency=low + + * Add portugese debconf translations, thanks Américo Monteiro. + (Closes: #453917) + * Updated patches: + + 02_check_null_options, add upstream SVN patch to prevent segfault + caused by a NULL options value, and check the return value of + HXbtree_init(). + + -- Bastian Kleineidam <calvin@debian.org> Mon, 03 Dec 2007 12:59:23 +0100 + +libpam-mount (0.31-1) unstable; urgency=low + + * New upstream release. + * Patches applied upstream: + + 01_pam_mount_conf_fix + + 04_convert_local_fstype_fix + + 08_convert_attrs_after_splice_fix + * Updated patches: + + 02_check_null_options, fixed another segfault when logging out + + -- Bastian Kleineidam <calvin@debian.org> Sun, 02 Dec 2007 12:20:23 +0100 + +libpam-mount (0.29-5) unstable; urgency=low + + * Let the user decide wether to automatically convert the + configuration to the new XML format or not. Also display a note + to check the converted configuration, in case something goes wrong. + (Downgrades: #452901) + + -- Bastian Kleineidam <calvin@debian.org> Mon, 26 Nov 2007 08:20:10 +0000 + +libpam-mount (0.29-4) unstable; urgency=low + + * New patch 04_convert_local_fstype_fix: convert 'local' fstype + entries from old configuration format correctly. + * New patch 07_already_mounted_no_fspt_test: The check if a + volume is already mounted must ignore the target mount point. + Else the case where a device is already mounted elsewhere is + never detected. + (Closes: #451156) + * Add Vcs-Svn and Vcs-Browser fields to debian/control + * New patch 08_convert_attrs_after_splice_fix: + The sgrp, pgrp and user attributes must be filled after checking + wrong splits, not before. Else user entries with spaces won't be + converted correctly. + (Closes: #452504) + + -- Bastian Kleineidam <calvin@debian.org> Fri, 23 Nov 2007 14:35:59 +0100 + +libpam-mount (0.29-3) unstable; urgency=low + + * New patch 02_check_null_options: check if options are NULL + before using them. (Closes: #448417) + + -- Bastian Kleineidam <calvin@debian.org> Mon, 29 Oct 2007 09:01:39 +0100 + +libpam-mount (0.29-2) unstable; urgency=low + + * Fix Suggestion typo psmis -> psmisc. + * Fixed copy-and-paste error in pam_mount.conf converter script, patch + from SVN r380. (Closes: #446382) + + -- Bastian Kleineidam <calvin@debian.org> Fri, 12 Oct 2007 23:38:33 +0200 + +libpam-mount (0.29-1) unstable; urgency=low + + * New upstream release. + * Dropped patches: + + 04_spawn_pipes, applied upstream + * First release with only Debian specific patches. Yay! + * Added bugs.txt to documentation, which also lists PAM applications that + drop root privileges, and thus fail to unmount properly on logout. + Closes: #444419 + + -- Bastian Kleineidam <calvin@debian.org> Mon, 01 Oct 2007 15:55:23 +0200 + +libpam-mount (0.28-1) unstable; urgency=low + + * New upstream release. + * Dropped patches: + + 07_mount_option_space + uneeded, mount and nfsmount support -o without a space + + 09_password_prompt + unneeded, the password prompt is configurable through the config + + 14_convert_luserconf + applied upstream + + 15_pmvarrun_abspath + unneeded, the bug is fixed via setting PATH manually + + 16_close_session_no_volumes + applied upstream + * Add patch 04_spawn_pipes from upstream SVN: + Fix file descriptor initialization and out-of-bounds array access. + * Remove uneeded glib from Build-Depends. + * Cleanup and updates for README.Debian: + + put package requirements into separate paragraph + + updated the examples for the new XML configuration format + * Add psmisc and fuser packages to the Suggests since the umount.crypt + uses them. + + -- Bastian Kleineidam <calvin@debian.org> Tue, 25 Sep 2007 14:24:49 +0200 + +libpam-mount (0.26-1) unstable; urgency=low + + * New upstream release. + + Adds a "nullok" option for passwordless users. + (Closes: #438186) + * Dropped patches applied upstream: + 08_mount_crypt_luksopen_args, 10_mount_crypt_syntax, + 11_convert_empty_fields, 12_convert_error_msg, + 13_convert_leading_whitespace + * Mention that user-specified configuration files ($HOME/.pam_mount.conf) + have to be manually converted in NEWS.Debian. + (Closes: #443317) + * Converter should write luserconf file with ".xml" appended. + (Closes: #443316) + * Ensure pmvarrun is an absolute path in the default configuration. + * Move Homepage from description into control field. + * Don't run pmvarrun or lookup user credentials when no volumes are + configured. Fixes segfault when pam_mount is configured with su. + (Closes: #443704) + + -- Bastian Kleineidam <calvin@debian.org> Mon, 24 Sep 2007 01:53:45 +0200 + +libpam-mount (0.21-3) unstable; urgency=medium + + * Fix order of argument in luksOpen call in mount.crypt. Without + this, the cryptsetup call could segfault as outlined in + http://bugs.debian.org/438198 + Set urgency medium for this. Closes: #443192 + + -- Bastian Kleineidam <calvin@debian.org> Wed, 19 Sep 2007 13:55:42 +0200 + +libpam-mount (0.21-2) unstable; urgency=low + + * Fixes for convert_pam_mount_conf.pl: + + Don't write empty fields as '-' when converting old config files + with the convert script. (Closes: #442014) + + Strip leading whitespace. (Closes: #442019) + * When upgrading from versions << 0.20 run convert_pam_mount_conf.pl + automatically. (Closes: #442017) + + -- Bastian Kleineidam <calvin@debian.org> Tue, 18 Sep 2007 19:31:13 +0200 + +libpam-mount (0.21-1) unstable; urgency=high + + * New upstream version. + * Dropped patches applied upstream: + 04_largefile64_macro, 10_mount_crypt_loop_check, 21_delay_system_auth + * Updated patches: + 03_debian_docs, 06_debian_manpages, 07_mount_option_space + * Removed patches: + 14_faq_debian (the CLOSE_SESSION param has been removed in current + releases) + * Install upstream changelog. + * Add libxml2-dev to the build depends; RC bug, thus urgency high. + Closes: #442986, #441922 + * Rename debian/NEWS.Debian to debian/NEWS, so it really gets + installed as /usr/share/doc/libpam-mount/NEWS.Debian :-o + (References: #442017) + + -- Bastian Kleineidam <calvin@debian.org> Tue, 18 Sep 2007 14:50:13 +0200 + +libpam-mount (0.20-1) unstable; urgency=low + + * New upstream version. + + Waits for up to 5 seconds when umounting a busy mount point. + That and using lazy unmounting ("umount -l") should be enough + workarounds for buggy applications that leave processes using + the device after a session close. (Closes: #370526) + + Uses new configuration file syntax; see NEWS.Debian for more info. + * Dropped patches applied upstream: + 02_hide_debug, 05_mount_crypt_break, 08_mount_crypt_readonly_luksopen, + 11_no_debug, 17_readlink_path, 18_clear_krb5_env + * Updated patches: + 03_debian_docs, 04_largefile64_macro, 06_debian_manpages, + 07_mount_option_space, 09_password_prompt, 10_mount_crypt_loop_check + 14_faq_debian, 21_delay_system_auth + * Add fuse-utils to suggested packages. + * Add truecrypt-utils to suggested packages. The truecrypt license is + non-free but the user could have a private package for it. + * Add davfs2 to suggested packages. + * Mention new filesystem types in README.Debian. + * Remove the "send patches" line of the description. It is sufficient + to have it in the README and manpage. + + -- Bastian Kleineidam <calvin@debian.org> Wed, 05 Sep 2007 20:02:46 +0200 + +libpam-mount (0.18-7) unstable; urgency=low + + * Adjust debian/watch file to use tar.bz2 instead of the older .tbz2 + extension. + * Use "Password:" as default password prompt, just like login(1) and + other text-based login programs. (Closes: #439611) + * Don't build a loop device on top of a loop device. This happens + when the "loop" option is used. (Closes: #439703) + + -- Bastian Kleineidam <calvin@debian.org> Thu, 09 Aug 2007 12:19:45 +0200 + +libpam-mount (0.18-6) unstable; urgency=medium + + * Define _LARGEFILE64_SOURCE to enable 64 bit gzopen() on 32 bit + systems. Fixes a compiler warning and possible segfaults on some + architectures; thus urgency medium. (Closes: #435424) + + -- Bastian Kleineidam <calvin@debian.org> Tue, 31 Jul 2007 19:29:26 +0200 + +libpam-mount (0.18-5) unstable; urgency=low + + * Clear Kerberos environment setting after login. + * Improved detection when to avoid an xdm crash + * Add space before mount -o options (Closes: #434707) + * Use luksOpen --readonly option for read-only LUKS mounts in + mount.crypt. + * Verified that openssh-server now works somewhat - mounts ok, but + does not unmount. But at least it is usable. Thanks Margarita + Manterola for testing. (Closes: #254679) + + -- Bastian Kleineidam <calvin@debian.org> Tue, 12 Dec 2006 09:39:23 +0100 + +libpam-mount (0.18-4) unstable; urgency=low + + * Added patch 21_delay_system_auth, fixing su and cron when + configured with pam_mount. + + -- Bastian Kleineidam <calvin@debian.org> Sun, 3 Dec 2006 21:54:59 +0100 + +libpam-mount (0.18-3) unstable; urgency=medium + + * Remove the default debug option from pmvarrun (Closes: #390946) + * Urgency medium, since the debug option enabled local attackers + to verify valid usernames. + + -- Bastian Kleineidam <calvin@debian.org> Wed, 4 Oct 2006 12:11:27 +0200 + +libpam-mount (0.18-2) unstable; urgency=low + + * Document in NEWS.Debian that smb must be renamed to smbfs in + releases >= 0.10. Thanks to Hubert Krause for the note. + (Closes: #385555) + + -- Bastian Kleineidam <calvin@debian.org> Thu, 14 Sep 2006 19:55:10 +0200 + +libpam-mount (0.18-1) unstable; urgency=low + + * New upstream release. + + Dropped 12_check_xmemdup, applied upstream + + Dropped 15_va_args_reuse, applied upstream + + Dropped 16_fusemount_chdir, applied upstream + + -- Bastian Kleineidam <calvin@debian.org> Thu, 7 Sep 2006 20:07:50 +0200 + +libpam-mount (0.17-3) unstable; urgency=medium + + * Patch 17_readlink_path: fix the path to readlink in umount.crypt + * Urgency medium, since the 15_va_args_reuse patch fixes a segfault + on AMD64 systems, which makes the package mostly unusable there. + + -- Bastian Kleineidam <calvin@debian.org> Wed, 9 Aug 2006 19:23:28 +0200 + +libpam-mount (0.17-2) unstable; urgency=low + + * Dropped 13_cifsmount_user patch: not necessary + * Patch 14_faq_debian: update FAQ entry about Debian login package and + CLOSE_SESSIONS + * Patch 15_va_args_reuse pulled from SVN: avoid reusing va_list + variables, fixes segfault on AMD64 + * Patch 16_fusemount_chdir pulled from SVN: chdir to / for fusermount + to work + + -- Bastian Kleineidam <calvin@debian.org> Tue, 8 Aug 2006 22:52:33 +0200 + +libpam-mount (0.17-1) unstable; urgency=low + + * New upstream release. + * Updated README.Debian wrt to bugs in ssh servers + * 04_sbin_umount dropped, applied upstream + * Added patch 12_check_xmemdup: check return value of the xmemdup + function + * Added patch 11_no_debug: disable debug per default, since gksu is + not working with debug enabled + * Added patch 13_cifsmount_user: fix cifs user mount option + + -- Bastian Kleineidam <calvin@debian.org> Mon, 7 Aug 2006 19:57:44 +0200 + +libpam-mount (0.15-1) unstable; urgency=low + + * New upstream release (there was no 0.14 release). + * Disable debugging per default, since the gksu program does not work + with pam_mount debugging enabled + * Disable patch 07_local_vol_user for now, this has to be tested more. + * Disable the renaming of the debug variable (aka the XDM crasher), + since upstream has fixed/worked around that. + + -- Bastian Kleineidam <calvin@debian.org> Fri, 28 Jul 2006 21:08:41 +0200 + +libpam-mount (0.13-4) unstable; urgency=low + + * Add LUKS example to README.Debian + * New patch 09_spawn_set_sigchld + Always set SIGCHLD signal handler to prevent gdm from destroying + the pam_mount thread. + * New patch 10_waitpid_check + Added missing waitpid error checks, improved error message. + + -- Bastian Kleineidam <calvin@debian.org> Thu, 1 Jun 2006 23:47:41 +0200 + +libpam-mount (0.13-3) unstable; urgency=low + + * New patch 08_ehd_grep: + Support wildcard entries in passwdehd and autoehd scripts. + Improved error message when copying failed in passwdehd + * Added command descriptions to passwdehd.1 and autoehd.1 manpages. + * Standards version 3.7.2.0 (no changes required) + + -- Bastian Kleineidam <calvin@debian.org> Tue, 30 May 2006 21:05:38 +0200 + +libpam-mount (0.13-2) unstable; urgency=low + + * New patch 04_sbin_umount: + Since umount.crypt moved to /sbin, also adjust the hard coded path + when unmounting crypt devices. + + -- Bastian Kleineidam <calvin@debian.org> Fri, 21 Apr 2006 00:37:10 +0200 + +libpam-mount (0.13-1) unstable; urgency=low + + * New upstream release. + * Dropped 22_loop_dev_sed.dpatch, applied upstream with modifications + * Move (u)mount.crypt to /sbin which removes the symlink kludge + * Drop 06_debian_install_prefix patch in favor of --libdir configure + option + + -- Bastian Kleineidam <calvin@debian.org> Wed, 12 Apr 2006 23:37:05 +0200 + +libpam-mount (0.12.2-3) unstable; urgency=low + + * Fix device name for loopback crypt mounts. Patch by Johannes + Lehtinen. (Closes: #358916) + + -- Bastian Kleineidam <calvin@debian.org> Sun, 26 Mar 2006 23:36:25 +0200 + +libpam-mount (0.12.2-2) unstable; urgency=low + + * Allow local .pam_mount.conf entries to have another username than + the user logging in. Useful for example when the samba username is + not equal to the unix username + + -- Bastian Kleineidam <calvin@debian.org> Thu, 2 Feb 2006 19:44:58 +0100 + +libpam-mount (0.12.2-1) unstable; urgency=low + + * New upstream release. + * README.Debian: remove paragraph about the deprececated CLOSE_SESSIONS + option. + + -- Bastian Kleineidam <calvin@debian.org> Tue, 31 Jan 2006 17:47:44 +0100 + +libpam-mount (0.12.0-1) unstable; urgency=low + + * New upstream release. + Dropped patches applies upstream: + 22_fstype_nodev + 23_log_argv_close_cstdin + 24_local_config + 25_volume_record_asserts + + -- Bastian Kleineidam <calvin@debian.org> Wed, 11 Jan 2006 22:29:46 +0100 + +libpam-mount (0.11.0-1) unstable; urgency=low + + * New upstream version. + Dropped patches applied upstream: + 05_warnings 15_config_pam_mount_item 18_umount_crypt_errors + 19_match_null 20_session_error + * Remove suggestion of the realpath package since readlink -f is now + used instead, which is in coreutils. + * Remove build-depends on 'check', since it is not used. + + -- Bastian Kleineidam <calvin@debian.org> Fri, 30 Dec 2005 22:15:39 +0100 + +libpam-mount (0.10.0-3) unstable; urgency=low + + * updated debian/watch file to use new download URL + * updated patch 18_umount_crypt_errors to accept a trailing slash + in the umount path argument in case no /usr/bin/realpath is + installed. + + -- Bastian Kleineidam <calvin@debian.org> Thu, 8 Dec 2005 20:14:41 +0100 + +libpam-mount (0.10.0-2) unstable; urgency=low + + * Replace old 'local' fstype config examples with 'ext3', in + README.Debian and pam_mount.conf. + Add an appropriate note to NEWS.Debian. + * Fixed fstype_nodev() so that the check_filesystem() fsck routine is + actually run. + + -- Bastian Kleineidam <calvin@debian.org> Mon, 5 Dec 2005 00:26:15 +0100 + +libpam-mount (0.10.0-1) unstable; urgency=low + + * New upstream release. The original bzipped tarball has been + repackaged to an orig.tar.gz, no changes were made. + * updated debian/copyright due to new upstream maintainer + * updated README.Debian for new upstream changes + * Use debhelper v5 + + -- Bastian Kleineidam <calvin@debian.org> Fri, 18 Nov 2005 22:31:56 +0100 + +libpam-mount (0.9.27.62-2) unstable; urgency=low + + * Update 17_mount_crypt_stdin again by not using the -d option of + cryptsetup which disables the hashing. + (Closes: #334694, #335208) + + -- Bastian Kleineidam <calvin@debian.org> Mon, 24 Oct 2005 23:17:47 +0200 + +libpam-mount (0.9.27.62-1) unstable; urgency=low + + * New upstream version, again via private mail from the new maintainer + Jan Engelhardt. And the patch list changelog: + - 01_init_sigmask + dropped, applied upstream + - 02_command_args + dropped, applied upstream + - 04_g_ascii_strup + dropped, applied upstream + - 07_mount_crypt_luks + dropped, applied upstream + - 08_user_groups + dropped, applied upstream + - 09_umount_crypt_realpath + dropped, applied upstream + - 10_mount_links + dropped, applied upstream + - 11_config_examples + dropped, applied upstream + - 12_pmvarrun_debug + dropped, applied upstream + - 13_symbol_clash_fix + replaced with 21_pmdebug + - 14_mount_crypt_quoting + dropped, applied upstream (a little modified) + - 16_vol_to_dev_cpy + dropped, applied upstream + - 17_mount_crypt_stdin + updated, use test -t 0 for interactivity test + (Closes: #334694) + - 18_umount_crypt_errors + new: Add REALPATH var, and check if it exists. + - 19_string_index + new: Fix off-by-one index errors, and make sure that the volume + device is delimited with \0. + - 20_session_error + new: When mounts fail the session should indicate error. Otherwise + a $HOME volume mount with a "required" entry in the PAM config + is not working, ie. the user logs in even if the partition + could not be mounted. + - 21_pmdebug + new: Rename Debug -> PMDebug to avoid crash when using with xdm. + + -- Bastian Kleineidam <calvin@debian.org> Wed, 19 Oct 2005 18:34:03 +0200 + +libpam-mount (0.9.27.49-2) unstable; urgency=low + + * Add exec and fsck to the mount options in the README.Debian + examples. + * Avoid conflicting symbols with other libraries and/or programs by + using a unique prefix for global variables and methods. Thanks Paul + Hampson for the note. + (Closes: #324735) + * Fix quoting of mount.crypt options, thanks Mattia Monga for the + patch. (Closes: #332869, #334115) + * Fix double free of config items if pam_close_session is called + twice. Thanks Paul Hampson for the patch. (Closes: #302024) + * Fix some string copy lengths in vol_to_dev(), could garble the + device name display. + * Make sure that crypsetup password is read from stdin in mount.crypt. + + -- Bastian Kleineidam <calvin@debian.org> Mon, 17 Oct 2005 23:21:29 +0200 + +libpam-mount (0.9.27.49-1) unstable; urgency=low + + * New upstream release from Jan Engelhardt (via private mail) with lots + of our patches and more included. Here is the complete list: + - 02_setuid_helper + dropped, applied to upstream + - 03_mkehd_bash_script + dropped, applied to upstream + - 04_debian_install_prefix + renamed to 06_debian_install_prefix + - 05_disable_mntcheck + dropped, unnecessary + - 06_user_mount_tools + dropped, applied upstream + - 07_setuid_user + dropped, applied upstream + - 10_chown_user_mount_count + dropped, applied upstream + - 11_crypt_types + dropped, applied upstream + - 12_dont_free_dirname + dropped, the new g_dirname() function uses malloc()ed memory + and it definitely must be freed. + - 13_empty_options + dropped, applied upstream + - 15_no_error_warnings + dropped, applied upstream + - 16_compiler_warnings + dropped, applied upstream + - 18_more_err_msgs + dropped, applied upstream + - 20_loop_in_mtab_symlink + dropped, applied upstream + - 22_example_docs + applied upstream in parts, rest is in 03_debian_docs + - 26_unmount_wrong_directory + dropped, applied upstream + - 27_fix_dmdevice_name + dropped, applied upstream + - 28_converse_resp_check + dropped, applied upstream + - 29_crypto_compile_fix + dropped, applied upstream + - 31_no_ws_arg_split + dropped, applied upstream + - 32_mount_crypt_options + dropped, applied upstream + - 33_pmvarrun_errors + dropped, applied upstream + - 34_losetup_password + dropped, applied upstream + - 35_mount_crypt_luks + renamed to 07_mount_crypt_luks + - 36_user_groups + renamed to 08_user_groups + - 37_umount_crypt_realpath + renamed to 09_umount_crypt_realpath and adjusted (see below) + - 38_mount_links + partly applied upstream, renamed to 10_mount_links and updated + * Initialize signal mask before setting signal handlers (patch + 01_init_sigmask). + * Fixed all hyphen quoting in the manpages: "\-" is a minus and "-" is + a hyphen (weird but true). + * Improve the documentation in README.Debian and the + comment in common-pammount to make clear there is only one + include per PAM application, not two. + Also, adjust the original README to mention common-pammount. + (Closes: #302024) - Fails to unmount on session close and crash + * Only call realpath when it exists and is executable. This is due to + the fact that + a) /usr might not be mounted or + b) the realpath package is not installed. + Add a Suggests: realpath in debian/control. + (Closes: #332325) - should depend on realpath + * NULL-terminate command arguments, thanks Paul Hampson for the patch. + (Closes: #324735) - does not mount with xdm + * Patches 04_g_ascii_strup and 05_warnings: fix deprecated functions + and some compiler warnings. + + -- Bastian Kleineidam <calvin@debian.org> Thu, 6 Oct 2005 02:35:15 +0200 + +libpam-mount (0.9.25-4) unstable; urgency=low + + * Added fsck to the default allowed options. Also add it to one of the + example mount configs to give users a hint that this option is + useful for home directory mounts. + * Allow to specify a group name as user for volume mounts with + '@group'. This lets all users in the given group mount a volume. + This option is only allowed in the global config. (Closes: #276322) + * Allow relative pathnames with umount.crypt (Closes: #327614) + * New patch 38_mount_links thanks to Julien Soula. + (Closes: #329094) - fails to check already mounted volume when links + are used + + -- Bastian Kleineidam <calvin@debian.org> Fri, 23 Sep 2005 14:52:38 +0200 + +libpam-mount (0.9.25-3) unstable; urgency=low + + * Added option to mount.crypt to specify filesystem type. + Use like this: + $ mount.crypt -o fstype=ext3 + Or in pam_mount.conf add "fstype=ext3" to the crypt mount options. + Note that you only need this if mount(8) does not detect the file + system type automatically. + (Closes: #324871) + * Add cryptsetup LUKS support to (u)mount.crypt. Thanks Florian Frank + for the patch (Closes: #325028) + + -- Bastian Kleineidam <calvin@debian.org> Fri, 26 Aug 2005 12:09:20 +0200 + +libpam-mount (0.9.25-2) unstable; urgency=low + + * Added FSCK definition to mount.crypt. Thanks Ruediger Otte (Closes: + #324287) + * Add build dependency on 'check', a C unit testing framework. Right + now it is not used, but we don't want to get errors if upstream + decides to use it. + + -- Bastian Kleineidam <calvin@debian.org> Sun, 21 Aug 2005 15:59:18 +0200 + +libpam-mount (0.9.25-1) unstable; urgency=low + + * New upstream release. + * Updated standards version to 3.6.2.1 + + -- Bastian Kleineidam <calvin@debian.org> Wed, 6 Jul 2005 01:12:30 +0200 + +libpam-mount (0.9.24-1) unstable; urgency=low + + * New upstream release. + * Remove bug note about CLOSE_SESSIONS since the default is now "yes". + + -- Bastian Kleineidam <calvin@debian.org> Mon, 30 May 2005 15:47:52 +0200 + +libpam-mount (0.9.23-1) unstable; urgency=low + + * New upstream release. + * Improved documentation in README.Debian and pam_mount.conf for encrypted + loopback mounts. + + -- Bastian Kleineidam <calvin@debian.org> Tue, 10 May 2005 18:37:19 +0200 + +libpam-mount (0.9.22-7) unstable; urgency=low + + * added better error reporting when calling pmvarrun + * on losetup call pipe password to stdin (Closes: #306594) + * fix example pam_mount.conf line in README.Debian for local loopback + encrypted volume + + -- Bastian Kleineidam <calvin@debian.org> Thu, 28 Apr 2005 17:59:44 +0200 + +libpam-mount (0.9.22-6) unstable; urgency=high + + * Fix IFS setting in mount.crypt and umount.crypt (Closes: #302006) + + -- Bastian Kleineidam <calvin@debian.org> Tue, 29 Mar 2005 22:18:43 +0200 + +libpam-mount (0.9.22-5) unstable; urgency=high + + * README.Debian: + - Improved the dm-crypt mount point example using a random password + keyfile, not a simple password string. + - Clarified the mystic keysize calculation (bits vs. bytes). + - Added note about how important the .key files are for crypted + partitions + * Added space to IFS in mount.crypt when splitting options, + thanks to Jörg Sommer for the patch. (Closes: #301233). + * added more improvements from Jörg Sommer to mount.crypt + (Closes: #301234) + * Added fsck option to mount.crypt to execute fsck before mounting + (Closes: #301232) + * urgency still high + + -- Bastian Kleineidam <calvin@debian.org> Mon, 28 Mar 2005 15:03:23 +0200 + +libpam-mount (0.9.22-4) unstable; urgency=high + + * Incorporated the lost mount.crypt patches from the 0.9.20 release, and + added some more improvements from Jörg Sommer (Closes: #298141) + This also (Closes: #297494). + * Urgency high, this fix must get into sarge. + + -- Bastian Kleineidam <calvin@debian.org> Mon, 7 Mar 2005 16:51:02 +0100 + +libpam-mount (0.9.22-3) unstable; urgency=medium + + * fix mount.crypt options (Closes: #298074) + Thanks to Sören Köpping for the patch. + * Urgency still medium. + + -- Bastian Kleineidam <calvin@debian.org> Fri, 4 Mar 2005 16:16:43 +0100 + +libpam-mount (0.9.22-2) unstable; urgency=medium + + * Fix nfsmount configuration entry to split off the %(MNTPT) before + the options. + * Fix all -o options to not include a space that will not be split + off before calling exec(3). + (Closes: #297200) - libpam-mount doesn't work after the last update + (Closes: #297494) - mount.crypt doesn't seem to work + * Urgency medium since without this fix some mount types will not + work. + + -- Bastian Kleineidam <calvin@debian.org> Tue, 1 Mar 2005 00:05:27 +0100 + +libpam-mount (0.9.22-1) unstable; urgency=low + + * New upstream release. + * Dropped patches applied upstream, and updated all others. + * New patches: + - 29_crypto_compile_fix: add missing includes + - 31_no_ws_arg_split: support whitespace in command arguments + (Closes: #296417) - does not mount smb shares with whitespace + + -- Bastian Kleineidam <calvin@debian.org> Tue, 22 Feb 2005 18:32:45 +0100 + +libpam-mount (0.9.20-11) unstable; urgency=low + + * New patch 28_converse_resp_check: + - Detect invalid converse responses and set retval accordingly. + Prevents triggered assertion in smbd PAM usage (Closes: #288780) + + -- Bastian Kleineidam <calvin@debian.org> Wed, 26 Jan 2005 23:40:44 +0100 + +libpam-mount (0.9.20-10) unstable; urgency=low + + * new patch 26_unmount_wrong_directory: + - fix grep pattern for mount point. + (Closes: #286705) Thanks to Brian Rolfe for the patch. + * new patch 27_fix_dmdevice_name: + - search for correct crypted device + (Closes: #286707) Thanks to Brian Rolfe for the patch. + * Adjusted all patch descriptions. + + -- Bastian Kleineidam <calvin@debian.org> Tue, 21 Dec 2004 23:19:49 +0100 + +libpam-mount (0.9.20-9) unstable; urgency=high + + * Updated (u)mount.crypt patches. + * New patch 25_set_pam_error: set pam error return code in case of a + successful but with a NULL result get_password call + (Closes: #284234), and thus urgency high + * Note in REAMDE.Debian that common-pammount should be included + after common-auth and after common-session. + + -- Bastian Kleineidam <calvin@debian.org> Thu, 9 Dec 2004 14:17:32 +0100 + +libpam-mount (0.9.20-8) unstable; urgency=low + + * replace note about ssh in common-pammount with a pointer to + README.Debian + * new patch 24_ssl_string_error: print human readable SSL error + messages + + -- Bastian Kleineidam <calvin@debian.org> Tue, 9 Nov 2004 23:44:53 +0100 + +libpam-mount (0.9.20-7) unstable; urgency=low + + * improved tmpfs example (patch again from Mike Hommey) + (Closes: #275746) + + -- Bastian Kleineidam <calvin@debian.org> Wed, 13 Oct 2004 10:49:15 +0200 + +libpam-mount (0.9.20-6) unstable; urgency=medium + + * fixed typos and wording in package description + * added encrypted loopback mount initialization docs to README.Debian + * updated the bugs list in README.Debian, noting that libpam-mount + does not work with ssh, only with ssh-krb5 + With this documentation the severity of bug #254679 can be lowered + from "important" to "normal". + * urgency medium since the ssh incompatibility documentation is + important + + -- Bastian Kleineidam <calvin@debian.org> Wed, 6 Oct 2004 18:54:32 +0200 + +libpam-mount (0.9.20-5) unstable; urgency=low + + * New patch 23_fix_fsck_target: the fsck target was hardcoded to + /dev/loop7, the patch fixes this to use the correct volume name. + (Closes: #273853) + * Added interesting tmpfs example from Mike Hommey to the config docs. + * Added the cryptsetup and openssl packages to the suggestions. They are + used for dm-crypt and cryptoloop mounts. + * Added more documentation for the dm-crypt mount type to the + configuration file and to README.Debian. + * Fixed the cryptsetup option processing for mount.crypt. + (Closes: #270281) + + -- Bastian Kleineidam <calvin@debian.org> Sat, 2 Oct 2004 14:04:16 +0200 + +libpam-mount (0.9.20-4) unstable; urgency=medium + + * Make log_argv function non-static (Closes: #271604) + Urgency medium since this is grave. + * More documentation cleanup wrt. root versus user permissions. Thanks + to Ariel for clarifying the problems. + + -- Bastian Kleineidam <calvin@debian.org> Tue, 14 Sep 2004 14:10:44 +0200 + +libpam-mount (0.9.20-3) unstable; urgency=low + + * More debug messages, now the executed mount commands are actually + printed out when debugging is on :) (Closes: #271447) + * Better documentation of what mounts can be executed as user and + what mounts need root permissions, ie. either an fstab entry or + an entry in the global configuration. (Closes: #259032) + * Better document the fact that specified mount parameters + should match the given parameters in the mount commands. + (Closes: #271431) + + -- Bastian Kleineidam <calvin@debian.org> Mon, 6 Sep 2004 16:50:45 +0200 + +libpam-mount (0.9.20-2) unstable; urgency=low + + * Added a keysize option to mount.crypt. (Closes: #268261) + * fix a typo in mount.crypt script and make the call to cryptsetup use + an absolute path + * added symlink /sbin/mount.crypt -> /usr/bin/mount.crypt so that + mount -t crypt actually works (Closes: #267285) + * All of the above patches are the work of Vance Lankhaar. Thanks! + * fix mount.crypt to accept options after the device and directory + name, since /bin/mount uses this ordering. + + -- Bastian Kleineidam <calvin@debian.org> Sun, 5 Sep 2004 14:05:12 +0200 + +libpam-mount (0.9.20-1) unstable; urgency=low + + * New upstream release. + - fixes cifs mount problems (Closes: #259028) + * use cdbs to build the package + * update and correct the pmvarrun.8 man page + * unfuzzed and/or renamed patches: + 01_zlib_compile_fix + 03_mkehd_bash_script + 04_debian_install_prefix + 05_disable_mntcheck + 08_pam_acct_mgmt + 09_enable_static_compile + 10_chown_user_mount_count + 11_crypt_types + 12_dont_free_dirname + 13_empty_options + 14_include_fsuid + 15_no_error_warnings + * patches updated to use g_spawn_async_with_pipes(): + 02_setuid_helper + 06_user_mount_tools + 07_setuid_user + * fix more warnings by adding -fno-strict-aliasing to the compile + options (updated patch 16_compiler_warnings) + * use LOG_AUTHPRIV as syslog level (new patch 17_auth_log_level) + * print error messages of failed PAM calls with pam_strerror() + (new patch 18_more_err_msgs) + * Re-read the PAM user if it is not there. Needed for ssh since all + ssh PAM functions are called in a separate forked process. + (new patch 19_reread_user) + * get mount name from loop device (eg if mtab is a symlink) + (new patch 20_loop_in_mtab_symlink) + Thanks to Jörg Sommer for the patch (Closes: #259228) + + -- Bastian Kleineidam <calvin@debian.org> Mon, 19 Jul 2004 15:01:48 +0200 + +libpam-mount (0.9.18-2) unstable; urgency=high + + * get rid of automake stuff, put patches into Makefile.in's intead of + Makefile.am (Closes: #256029) + * update patch 02_setuid_helper: + move set_uid helper function in misc*.c before usage + * new patch 14_include_fsuid: + include sys/fsuid.h when HAVE_SETFSUID is defined + * the two previous changes above fix a compile error on powerpc; + thanks to J¶rg Sommer for the patches (Closes: #256032) + * new patch 15_no_error_warnings: + soften -Werror to -Wall, I don't want every warning to be a + compile error, esp. since new versions of gcc tend to spew out + a lot or warnings + * new patch 16_fix_warnings: + Fix various compiler warnings like unused variables and missing + braces. Thanks to J¶rg Sommer for the patches. (Closes: #256042) + * urgency high since this release fixes FTBFS errors + + -- Bastian Kleineidam <calvin@debian.org> Thu, 24 Jun 2004 16:54:46 +0200 + +libpam-mount (0.9.18-1) unstable; urgency=low + + * New upstream release (Closes: #253996) + - adjust all patches to upstream code reworks + * added manpages mount.crypt(1), umount.crypt(1), pmvarrun(8) + + -- Bastian Kleineidam <calvin@debian.org> Tue, 15 Jun 2004 13:50:33 +0200 + +libpam-mount (0.9.17-1) unstable; urgency=low + + * New upstream release + * patch 01_zlib_compile_fix + removed, applied upstream + * patch 06_fix_config + updated + * patch 07_use_user_mount + updated + * patch 10_chown_user_mount_count + updated + * patch 11_crypt_types + updated + * patch 12_dont_free_dirname + updated + * patch 13_empty_options + new; set OPTIONS config value to empty string if it is not supplied + in pam_mount.conf. (Closes #241370) + * use and build-depend on automake 1.8 + + -- Bastian Kleineidam <calvin@debian.org> Mon, 26 Apr 2004 14:14:16 +0200 + +libpam-mount (0.9.13-2) unstable; urgency=low + + * 11_crypt_types patch updated: + more ia64 warnings fixed, hopefully I got them all + + -- Bastian Kleineidam <calvin@debian.org> Mon, 9 Feb 2004 00:31:38 +0100 + +libpam-mount (0.9.13-1) unstable; urgency=low + + * New upstream release. + + -- Bastian Kleineidam <calvin@debian.org> Fri, 6 Feb 2004 13:47:37 +0100 + +libpam-mount (0.9.11-3) unstable; urgency=low + + * New patches + - 11_crypt_types + fix warnings on ia64 build (Closes: #230946) + - 12_dont_free_dirname + dont free dirname() return argument (Closes: #230429), thanks Andrew + Ruder for detecting this + + -- Bastian Kleineidam <calvin@debian.org> Tue, 3 Feb 2004 23:44:55 +0100 + +libpam-mount (0.9.11-2) unstable; urgency=low + + * added libglib2.0-dev build dependency + + -- Bastian Kleineidam <calvin@debian.org> Mon, 12 Jan 2004 16:12:42 +0100 + +libpam-mount (0.9.11-1) unstable; urgency=low + + * New upstream release. + * updated patches: + - 06_fix_config + - 07_use_user_mount + - 10_chown_user_mount_count + * updated README.Debian for cryptoloop stuff + + -- Bastian Kleineidam <calvin@debian.org> Thu, 8 Jan 2004 19:35:40 +0100 + +libpam-mount (0.9.10-1) unstable; urgency=low + + * New upstream release (Closes: #225320) + attention: pam_mount.conf syntax has changed, please update your + configuration files! + * removed patches + - 01_fix_functions + applied upstream + * new patches + - 01_zlib_compile_fix + added -lz to linker flags + - 02_setuid_helper + helper function to set uid of current process to given username + this function uses w4rn instead of l0g now (Closes: #218375) + - 03_mkehd_bash_script + the script uses array variables which are only provided by bash, + so use #!/bin/bash + - 06_fix_config + disable BSD mount check and escape quotes in OPTION var + * updated patches + - 05_setuid_user + use the set_uid helper function and make sure all commands call + setuid if defined by a user-specified config file + - 07_use_user_mount + use user-callable mount commands smb(u)mount,ncp(u)mount + - 08_pam_acct_mgmt + add PAM account management stub + - 09_enable_static_compile + enable static compilation + - 10_chown_user_mount_count + make user count file owned by the logged in user + * added libz build dependency + + -- Bastian Kleineidam <calvin@debian.org> Wed, 7 Jan 2004 19:19:36 +0100 + +libpam-mount (0.9.5-2) unstable; urgency=low + + * Added note about cryptoloop patch for 2.4.22 kernels in + README.Debian + + -- Bastian Kleineidam <calvin@debian.org> Wed, 1 Oct 2003 19:13:44 +0200 + +libpam-mount (0.9.5-1) unstable; urgency=low + + * New upstream release. + - fixes smb volume name expansion + (Closes: #212820) (Closes: #210728) (Closes: #213565) + * doh, use *UMOUNT constants instead of *MOUNT in do_unmount + * add dependency on mount (>= 2.12-3) to be able to mount encrypted home + volumes with 2.6 kernels, kernels from www.kerneli.org, and vanilla 2.4.22 + kernels with the cryptoloop patch found at + http://www.kernel.org/pub/linux/kernel/crypto/v2.4/testing/patch-cryptoloop-jari-2.4.22.0 + + -- Bastian Kleineidam <calvin@debian.org> Mon, 29 Sep 2003 08:17:25 +0200 + +libpam-mount (0.9.4-1) unstable; urgency=low + + * New upstream release. (Closes: #208052) + * removed 10_fix_key_decryption applied upstream + * updated all other patches + * updated README.Debian with installation instructions + * added /etc/pam.d/common-pammount for inclusion in PAM configs + * Standards version 3.6.1, no changes + * rerun debian/autogen.sh with new automake 1.7.7 + + -- Bastian Kleineidam <calvin@debian.org> Tue, 9 Sep 2003 09:22:10 +0200 + +libpam-mount (0.9.2-3) unstable; urgency=low + + * conflict with old libncp versions + * new patch 10_fix_key_decryption; patch from nokos@gmx.net to fix + decryption of filesystem keys. Thanks, nokos. (Closes: #200305) + + -- Bastian Kleineidam <calvin@debian.org> Mon, 7 Jul 2003 17:56:45 +0200 + +libpam-mount (0.9.2-2) unstable; urgency=low + + * added README_SSHD to documentation + + -- Bastian Kleineidam <calvin@debian.org> Sat, 5 Jul 2003 12:58:45 +0200 + +libpam-mount (0.9.2-1) unstable; urgency=low + + * New upstream release. + - does not bail out on failed close() in error path, which seemed + to confuse xdm and gdm. + Tested only with xdm, but this Closes: #192520 + * updated/unfuzzed patches + - 01_fix_functions + - 04_debian_install_prefix (renamed) + - 05_setuid_user + - 06_use_user_mount + - 07_disable_mntcheck + - 08_pam_acct_mgmt + - 09_enable_static_compile + * removed patches applied upstream + - 02_remove_int_pointer_casts + - 10_fix_dotconf_realloc + + -- Bastian Kleineidam <calvin@debian.org> Wed, 25 Jun 2003 00:41:06 +0200 + +libpam-mount (0.5.16-2) unstable; urgency=low + + * new patch 10_fix_dotconf_realloc fixing off-by-one error in realloc + * Standards version 2.5.10 (no changes) + + -- Bastian Kleineidam <calvin@debian.org> Tue, 27 May 2003 16:37:06 +0200 + +libpam-mount (0.5.16-1) unstable; urgency=low + + * New upstream release: + - fixed libcrypto detection (Closes: #193996) + * removed all patches applied upstream, remaining are: + - 02_remove_int_pointer_casts + - 04_debian_use_prefix_on_install + - 05_setuid_user + - 06_use_user_mount + - 07_disable_mntcheck + - 08_pam_acct_mgmt + - 09_enable_static_compilation + * new patches: + - 01_fix_functions: rename log() to pm_log() to avoid conflict + with the math log() logarithm function, and fix the read_password + definition + + -- Bastian Kleineidam <calvin@debian.org> Tue, 20 May 2003 15:22:52 +0200 + +libpam-mount (0.5.14-2) unstable; urgency=low + + * 11_pam_acct_mgmt - add account management routine + * 12_enable_static_compilation - add module structure for static + compile + + -- Bastian Kleineidam <calvin@debian.org> Fri, 9 May 2003 10:45:06 +0200 + +libpam-mount (0.5.14-1) unstable; urgency=low + + * New upstream release. + * Updated patch 07_setuid_user: + only setuid(user) on luserconf entries (Closes: #190267) + * New patch 10_disable_mntcheck: + disable the BSD mntcheck config entry, it crashes on Linux systems + * add note about current Debian mount(8) bugs in README.Debian + + -- Bastian Kleineidam <calvin@debian.org> Thu, 8 May 2003 21:50:39 +0200 + +libpam-mount (0.5.13-2) unstable; urgency=low + + * execute debian/autogen.sh with /bin/sh (Closes: #190196) + + -- Bastian Kleineidam <calvin@debian.org> Tue, 22 Apr 2003 20:56:26 +0200 + +libpam-mount (0.5.13-1) unstable; urgency=low + + * New upstream release. + * The following patches are applied: + - 01_add_log_vargs + make a log function with variable arguments + - 02_remove_int_pointer_casts + fix compile on 64bit platforms + - 03_catch_errors + Catch return values in close() and asprintf(). + - 04_debian_use_prefix_on_install + Install files into debian/$package, not root dir + This requires running debian/autogen.sh to regenerate the Makefiles + - 05_fix_buffer_overflow + Fix some potential buffer overflows in option handling + - 06_fix_mount_options + Fix ncpfs mount options (Closes: #187412) + - 07_setuid_user + originally, mounts and umounts got executed as root; now, they + get executed as the user requesting the service. + umount as root was a security hole allowing any user to umount + any volume. + the drawback is we cannot use mount(8) anymore, see patch 08 + - 08_use_user_mount + mount cannot be executed as a normal user, so be sure to use + smbmount resp. ncpmount for this. Likewise for umount. + - 09_fix_memleak_on_exit + free config on exit + + -- Bastian Kleineidam <calvin@debian.org> Sun, 13 Apr 2003 13:39:21 +0200 + +libpam-mount (0.5.10-6) unstable; urgency=low + + * fix option order for mount.ncp (Closes: #187412) + * 04_set_gid_uid.dpatch: + set effective gid and uid to the logged in user before mounting + Thanks to Daniel Dehennin for the patch. + * 05_typos.dpatch: + fix some typos in source + Thanks to Daniel Dehennin for the patch. + + -- Bastian Kleineidam <calvin@debian.org> Sat, 12 Apr 2003 18:02:05 +0200 + +libpam-mount (0.5.10-5) unstable; urgency=low + + * fix typos in description + * pass options to ncpmount (Closes: #184266) + Thanks to Daniel Dehennin for the patch + * use dpatch for those patches + * use debian/compat instead of DH_COMPAT + + -- Bastian Kleineidam <calvin@debian.org> Wed, 2 Apr 2003 15:32:47 +0200 + +libpam-mount (0.5.10-4) unstable; urgency=low + + * Remove casts failing on 64bit platforms (Closes: #186874) + * Suggest ncpfs and smbfs + * Standards version 3.5.9 (no changes) + + -- Bastian Kleineidam <calvin@debian.org> Mon, 31 Mar 2003 02:28:26 +0200 + +libpam-mount (0.5.10-3) unstable; urgency=low + + * move ncpmount -V volume option to correct position + + -- Bastian Kleineidam <calvin@debian.org> Mon, 3 Mar 2003 21:59:50 +0100 + +libpam-mount (0.5.10-2) unstable; urgency=low + + * fix memory corruption in pmhelper argument parsing (Closes: #180586) + + -- Bastian Kleineidam <calvin@debian.org> Tue, 11 Feb 2003 20:00:31 +0100 + +libpam-mount (0.5.10-1) unstable; urgency=low + + * Initial release. (Closes: #177079). + * Reupload: Copyright is LGPL, not GPL as stated in the first upload + + -- Bastian Kleineidam <calvin@debian.org> Wed, 22 Jan 2003 02:08:28 +0100 diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..6aef76a --- /dev/null +++ b/debian/control @@ -0,0 +1,69 @@ +Source: libpam-mount +Section: admin +Priority: optional +Maintainer: Jochen Sprickerhof <jspricke@debian.org> +Build-Depends: + debhelper-compat (= 13), + libblkid-dev, + libcryptsetup-dev, + libhx-dev, + libmount-dev, + libpam0g-dev, + libpcre2-dev, + libssl-dev, + libtool, + libxml2-dev, + pkg-config +Standards-Version: 4.6.0 +Rules-Requires-Root: no +Homepage: http://pam-mount.sourceforge.net/ +Vcs-Git: https://salsa.debian.org/debian/libpam-mount.git +Vcs-Browser: https://salsa.debian.org/debian/libpam-mount + +Package: libpam-mount +Architecture: linux-any +Multi-Arch: same +Depends: + libpam-runtime, + ${misc:Depends}, + ${shlibs:Depends}, +Recommends: libpam-mount-bin +Suggests: + cifs-utils, + davfs2, + fuse, + lsof, + openssl, + psmisc, + sshfs, + xfsprogs, + hxtools +Description: PAM module that can mount volumes for a user session + This module is aimed at environments with central file servers that a + user wishes to mount on login and unmount on logout, such as + (semi-)diskless stations where many users can login. + . + The module also supports mounting local filesystems of any kind the + normal mount utility supports, with extra code to make sure certain + volumes are set up properly because often they need more than just a + mount call, such as encrypted volumes. This includes SMB/CIFS, FUSE, + dm-crypt and LUKS. + +Package: libpam-mount-bin +Architecture: linux-any +Multi-Arch: foreign +Depends: + ${misc:Depends}, + ${shlibs:Depends}, +Description: PAM module that can mount volumes for a user session - helper + This module is aimed at environments with central file servers that a + user wishes to mount on login and unmount on logout, such as + (semi-)diskless stations where many users can login. + . + The module also supports mounting local filesystems of any kind the + normal mount utility supports, with extra code to make sure certain + volumes are set up properly because often they need more than just a + mount call, such as encrypted volumes. This includes SMB/CIFS, FUSE, + dm-crypt and LUKS. + . + This package contains helper binaries diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 0000000..9915f25 --- /dev/null +++ b/debian/copyright @@ -0,0 +1,104 @@ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Contact: Jan Engelhardt <jengelh@gmx de> +Source: https://sourceforge.net/projects/pam-mount +Upstream-Name: pam_mount + +Files: * +Copyright: 2005, Bastian Kleineidam <calvin [at] debian org> + 2000, Elvis Pfützenreuter <epx@conectiva.com> + 1991-2013, Free Software Foundation, Inc + 2005-2011, Jan Engelhardt + 2004, W. Michael Petullo <mike@flyn.org> +License: LGPL-2.1+ + +Files: Makefile.in + aclocal.m4 + config/Makefile.in + doc/Makefile.in + src/Makefile.in +Copyright: 2012-2015, Dan Nicholson <dbn.lists@gmail.com> + 1994-2020, Free Software Foundation, Inc + 2004, Scott James Remnant <scott@netsplit.com> +License: FSFULLR-WARRANTY + +Files: m4/libtool.m4 + m4/ltoptions.m4 + m4/ltsugar.m4 + m4/ltversion.m4 + m4/lt~obsolete.m4 +Copyright: 1996-2015, Free Software Foundation, Inc +License: FSFULLR + +Files: configure.ac +Copyright: 2005-2010, Jan Engelhardt + 2002, W. Michael Petullo <mike@flyn.org> +License: GPL-2+ + +Files: build-aux/install-sh +Copyright: 1994, X Consortium +License: Expat + +Files: configure +Copyright: 1992-2014, Free Software Foundation, Inc +License: FSFUL + +Files: debian/* +Copyright: 2002-2013, Bastian Kleineidam <calvin@debian.org> + 2016-2018, Jochen Sprickerhof <jspricke@debian.org> +License: GPL-2 or GPL-3 + +License: Expat + Permission is hereby granted, free of charge, to any person obtaining a copy + of this software and associated documentation files (the "Software"), to + deal in the Software without restriction, including without limitation the + rights to use, copy, modify, merge, publish, distribute, sublicense, and/or + sell copies of the Software, and to permit persons to whom the Software is + furnished to do so, subject to the following conditions: + . + The above copyright notice and this permission notice shall be included in + all copies or substantial portions of the Software. + . + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN + AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNEC- + TION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + . + Except as contained in this notice, the name of the X Consortium shall not + be used in advertising or otherwise to promote the sale, use or other deal- + ings in this Software without prior written authorization from the X Consor- + tium. + . + FSF changes to this file are in the public domain. + +License: FSFUL + This configure script is free software; the Free Software Foundation + gives unlimited permission to copy, distribute and modify it. + +License: FSFULLR + This file is free software; the Free Software Foundation gives + unlimited permission to copy and/or distribute it, with or without + modifications, as long as this notice is preserved. + +License: FSFULLR-WARRANTY + This file is free software; the Free Software Foundation + gives unlimited permission to copy and/or distribute it, + with or without modifications, as long as this notice is preserved. + . + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY, to the extent permitted by law; without + even the implied warranty of MERCHANTABILITY or FITNESS FOR A + PARTICULAR PURPOSE. + +License: GPL-2 + See /usr/share/common-licenses/GPL-2. + +License: GPL-2+ + See /usr/share/common-licenses/GPL-2. + +License: GPL-3 + See /usr/share/common-licenses/GPL-3. + +License: LGPL-2.1+ + See /usr/share/common-licenses/LGPL-2.1. diff --git a/debian/libpam-mount-bin.install b/debian/libpam-mount-bin.install new file mode 100644 index 0000000..ebab107 --- /dev/null +++ b/debian/libpam-mount-bin.install @@ -0,0 +1,4 @@ +etc/selinux/strict/src/policy/file_contexts +usr/sbin/pm* +/usr/sbin/mount.* /sbin +/usr/sbin/umount.* /sbin diff --git a/debian/libpam-mount-bin.manpages b/debian/libpam-mount-bin.manpages new file mode 100644 index 0000000..6dd23f7 --- /dev/null +++ b/debian/libpam-mount-bin.manpages @@ -0,0 +1,8 @@ +usr/share/man/man8/mount.crypt.8 +usr/share/man/man8/mount.crypt_LUKS.8 +usr/share/man/man8/mount.crypto_LUKS.8 +usr/share/man/man8/pmt-ehd.8 +usr/share/man/man8/pmvarrun.8 +usr/share/man/man8/umount.crypt.8 +usr/share/man/man8/umount.crypt_LUKS.8 +usr/share/man/man8/umount.crypto_LUKS.8 diff --git a/debian/libpam-mount.docs b/debian/libpam-mount.docs new file mode 100644 index 0000000..a41d1c0 --- /dev/null +++ b/debian/libpam-mount.docs @@ -0,0 +1,4 @@ +doc/bugs.txt +doc/faq.txt +doc/options.txt +doc/todo.txt diff --git a/debian/libpam-mount.install b/debian/libpam-mount.install new file mode 100644 index 0000000..201a817 --- /dev/null +++ b/debian/libpam-mount.install @@ -0,0 +1,6 @@ +etc/security +etc/selinux/strict/src/policy/macros +lib/*/security +lib/*/*.so.* +usr/share/xml +debian/pam-configs /usr/share diff --git a/debian/libpam-mount.lintian-overrides b/debian/libpam-mount.lintian-overrides new file mode 100644 index 0000000..6af611b --- /dev/null +++ b/debian/libpam-mount.lintian-overrides @@ -0,0 +1,5 @@ +# libcryptmount is an internal library +libpam-mount: package-name-doesnt-match-sonames + +# false positive, it's in a example where it's right that way +spelling-error-in-readme-debian ncpfs ncpfs (duplicate word) ncpfs diff --git a/debian/libpam-mount.manpages b/debian/libpam-mount.manpages new file mode 100644 index 0000000..1973a55 --- /dev/null +++ b/debian/libpam-mount.manpages @@ -0,0 +1,2 @@ +usr/share/man/man8/pam_mount.8 +usr/share/man/man5/pam_mount.conf.5 diff --git a/debian/libpam-mount.postinst b/debian/libpam-mount.postinst new file mode 100644 index 0000000..551b362 --- /dev/null +++ b/debian/libpam-mount.postinst @@ -0,0 +1,19 @@ +#!/bin/sh + +set -e + +case "$1" in + abort-upgrade|abort-remove|abort-deconfigure|configure) + ;; + +*) + echo "postinst called with unknown argument \`$1'" >&2 + exit 1 +;; +esac + +pam-auth-update --package + +#DEBHELPER# + +exit 0 diff --git a/debian/libpam-mount.prerm b/debian/libpam-mount.prerm new file mode 100644 index 0000000..3c2c64d --- /dev/null +++ b/debian/libpam-mount.prerm @@ -0,0 +1,20 @@ +#! /bin/sh + +set -e + +# pam-auth-update --remove removes the named profile from the active +# config. It arguably should be called during deconfigure as well, +# but deconfigure can happen in some cases during a dist-upgrade and +# we don't want to deconfigure all PAM modules in the middle of a +# dist-upgrade by accident. +# +# More importantly, with the current implementation, --remove also +# removes all local preferences for the named config (such as whether +# it's enabled or disabled), which we don't want to do on deconfigure. +# This may need to change later as pam-auth-update evolves. + +if [ "$1" = "remove" ] ; then + pam-auth-update --package --remove libpam-mount +fi + +#DEBHELPER# diff --git a/debian/not-installed b/debian/not-installed new file mode 100644 index 0000000..48a1be6 --- /dev/null +++ b/debian/not-installed @@ -0,0 +1,4 @@ +lib/*/libcryptmount.la +lib/*/libcryptmount.so +lib/*/pkgconfig/libcryptmount.pc +usr/include/libcryptmount.h diff --git a/debian/pam-configs/libpam-mount b/debian/pam-configs/libpam-mount new file mode 100644 index 0000000..9f251d6 --- /dev/null +++ b/debian/pam-configs/libpam-mount @@ -0,0 +1,13 @@ +Name: Mount volumes for user +Default: yes +Priority: 128 +Auth-Type: Additional +Auth: + optional pam_mount.so +Session-Interactive-Only: yes +Session-Type: Additional +Session: + optional pam_mount.so +Password-Type: Additional +Password: + optional pam_mount.so disable_interactive diff --git a/debian/patches/0014-Don-t-compare-source-when-checking-if-it-s-already-m.patch b/debian/patches/0014-Don-t-compare-source-when-checking-if-it-s-already-m.patch new file mode 100644 index 0000000..e751dcc --- /dev/null +++ b/debian/patches/0014-Don-t-compare-source-when-checking-if-it-s-already-m.patch @@ -0,0 +1,33 @@ +From: Jochen Sprickerhof <jspricke@debian.org> +Date: Mon, 25 Dec 2017 21:05:34 +0100 +Subject: Don't compare source when checking if it's already mounted + +When mounting encrypted volumes, vpt->volume would be something like +/dev/sdaX but source would be /dev/mapper/_dev_sdaX. This way +pmt_utabent_matches would always return false. +--- + src/mount.c | 7 +------ + 1 file changed, 1 insertion(+), 6 deletions(-) + +diff --git a/src/mount.c b/src/mount.c +index 2acf41f..aa34775 100644 +--- a/src/mount.c ++++ b/src/mount.c +@@ -120,16 +120,11 @@ static void run_ofl(const struct config *const config, const char *mntpt, + */ + static bool pmt_utabent_matches(const struct vol *vpt, struct libmnt_fs *fs) + { +- int (*xcmp)(const char *, const char *); +- const char *source = mnt_fs_get_source(fs); + const char *target = mnt_fs_get_target(fs); + bool result = false; + +- xcmp = fstype2_icase(vpt->type) ? strcasecmp : strcmp; +- if (source != NULL) +- result = xcmp(vpt->volume, source) == 0; + if (target != NULL) +- result &= strcmp(vpt->mountpoint, target) == 0; ++ result = strcmp(vpt->mountpoint, target) == 0; + return result; + } + diff --git a/debian/patches/004-allow-usernames-beginning-with-numbers b/debian/patches/004-allow-usernames-beginning-with-numbers new file mode 100644 index 0000000..6b997a3 --- /dev/null +++ b/debian/patches/004-allow-usernames-beginning-with-numbers @@ -0,0 +1,15 @@ +Allow numbers at the beginning of user names in pmvarrun. +Note that this patch is Debian-specific; other distributions might not +support this. + +--- a/src/pmvarrun.c ++++ b/src/pmvarrun.c +@@ -113,7 +113,7 @@ static bool valid_username(const char *n) + * more characters. + */ + if (!((*n >= 'A' && *n <= 'Z') || (*n >= 'a' && *n <= 'z') || +- *n == '_')) ++ (*n >= '0' && *n <= '9') || *n == '_')) + return false; + + while (*n != '\0') { diff --git a/debian/patches/005-debian-manpages b/debian/patches/005-debian-manpages new file mode 100644 index 0000000..b8bfcfe --- /dev/null +++ b/debian/patches/005-debian-manpages @@ -0,0 +1,11 @@ +Correct path to original author info. + +--- a/doc/pmvarrun.8 ++++ b/doc/pmvarrun.8 +@@ -55,5 +55,5 @@ This manpage was originally written by Bastian Kleineidam + <calvin@debian.org> for the Debian distribution of libpam\-mount but + may be used by others. + .PP +-See /usr/share/doc/packages/pam_mount/AUTHORS for the list of original authors ++See /usr/share/doc/libpam\-mount\-bin/copyright for the list of original authors + of pam_mount. diff --git a/debian/patches/006-pmvarrun-allow-eacces b/debian/patches/006-pmvarrun-allow-eacces new file mode 100644 index 0000000..8c81c65 --- /dev/null +++ b/debian/patches/006-pmvarrun-allow-eacces @@ -0,0 +1,13 @@ +Do not complain if pmvarrun had no permission to unlink. + +--- a/src/pmvarrun.c ++++ b/src/pmvarrun.c +@@ -459,7 +459,7 @@ static int write_count(int fd, long nv, const char *filename) { + if (nv <= 0) { + if (unlink(filename) >= 0) + return true; +- if (errno != EPERM) ++ if (errno != EPERM && errno != EACCES) + l0g("could not unlink %s: %s\n", filename, strerror(errno)); + /* + * Fallback to just blanking the file. This can happen when diff --git a/debian/patches/008-disallow-luserconf-path b/debian/patches/008-disallow-luserconf-path new file mode 100644 index 0000000..7d5ff10 --- /dev/null +++ b/debian/patches/008-disallow-luserconf-path @@ -0,0 +1,14 @@ +Index: libpam-mount-2.14/src/rdconf1.c +=================================================================== +--- a/src/rdconf1.c ++++ b/src/rdconf1.c +@@ -857,6 +857,9 @@ static const char *rc_string(xmlNode *node, struct config *config, + config->msg_sessionpw = xstrdup(signed_cast(const char *, node->content)); + break; + case CMDA_PATH: ++ if (config->level != CONTEXT_GLOBAL) ++ return "Tried to set path from user config: " ++ "not permitted\n"; + free(config->path); + config->path = xstrdup(signed_cast(const char *, node->content)); + break; diff --git a/debian/patches/011-pmvarrun-no-l0g b/debian/patches/011-pmvarrun-no-l0g new file mode 100644 index 0000000..22b689e --- /dev/null +++ b/debian/patches/011-pmvarrun-no-l0g @@ -0,0 +1,142 @@ +Index: libpam-mount-2.14/src/pmvarrun.c +=================================================================== +--- a/src/pmvarrun.c ++++ b/src/pmvarrun.c +@@ -147,12 +147,12 @@ long str_to_long(const char *n) + long val; + char *endptr = NULL; + if (n == NULL) { +- l0g("count string is NULL\n"); ++ fprintf(stderr, "count string is NULL\n"); + return LONG_MAX; + } + val = strtol(n, &endptr, 10); + if (*endptr != '\0') { +- l0g("count string is not valid\n"); ++ fprintf(stderr, "count string is not valid\n"); + return LONG_MAX; + } + return val; +@@ -225,14 +225,14 @@ static int modify_pm_count(const char *user, long amount) + + if ((pent = getpwnam(user)) == NULL) { + ret = -errno; +- l0g("could not resolve user %s\n", user); ++ fprintf(stderr, "could not resolve user %s\n", user); + return ret; + } + + if (stat(VAR_RUN_PMT, &sb) < 0) { + if (errno != ENOENT) { + ret = -errno; +- l0g("unable to stat " VAR_RUN_PMT ": %s\n", ++ fprintf(stderr, "unable to stat " VAR_RUN_PMT ": %s\n", + strerror(errno)); + return ret; + } +@@ -311,12 +311,12 @@ static int create_var_run(void) + w4rn("creating " VAR_RUN_PMT); + if (HX_mkdir(VAR_RUN_PMT, mode) < 0) { + ret = -errno; +- l0g("unable to create " VAR_RUN_PMT ": %s\n", strerror(errno)); ++ fprintf(stderr, "unable to create " VAR_RUN_PMT ": %s\n", strerror(errno)); + return ret; + } + if (chown(VAR_RUN_PMT, 0, 0) < 0) { + ret = -errno; +- l0g("unable to chown " VAR_RUN_PMT ": %s\n", strerror(errno)); ++ fprintf(stderr, "unable to chown " VAR_RUN_PMT ": %s\n", strerror(errno)); + return ret; + } + +@@ -326,7 +326,7 @@ static int create_var_run(void) + */ + if (chmod(VAR_RUN_PMT, mode) < 0) { + ret = -errno; +- l0g("unable to chmod " VAR_RUN_PMT ": %s\n", strerror(errno)); ++ fprintf(stderr, "unable to chmod " VAR_RUN_PMT ": %s\n", strerror(errno)); + return ret; + } + +@@ -354,12 +354,12 @@ static int open_and_lock(const char *filename, long uid) { + + if ((fd = open(filename, O_RDWR | O_CREAT, S_IRUSR | S_IWUSR)) < 0) { + ret = -errno; +- l0g("unable to open %s: %s\n", filename, strerror(errno)); ++ fprintf(stderr, "unable to open %s: %s\n", filename, strerror(errno)); + return ret; + } + if (fchown(fd, uid, 0) < 0) { + ret = -errno; +- l0g("unable to chown %s: %s\n", filename, strerror(errno)); ++ fprintf(stderr, "unable to chown %s: %s\n", filename, strerror(errno)); + return ret; + } + +@@ -423,7 +423,7 @@ static long read_current_count(int fd, const char *filename) { + + if ((ret = read(fd, buf, sizeof(buf))) < 0) { + ret = -errno; +- l0g("read error on %s: %s\n", filename, strerror(errno)); ++ fprintf(stderr, "read error on %s: %s\n", filename, strerror(errno)); + close(fd); + return ret; + } else if (ret == 0) { +@@ -431,12 +431,12 @@ static long read_current_count(int fd, const char *filename) { + } else if (ret < sizeof(buf)) { + char *p; + if ((ret = strtol(buf, &p, 0)) >= LONG_MAX || p == buf) { +- l0g("parse problem / session count corrupt " ++ fprintf(stderr, "parse problem / session count corrupt " + "(overflow), check your refcount file\n"); + return -EOVERFLOW; + } + } else if (ret >= sizeof(buf)) { +- l0g("session count corrupt (overflow)\n"); ++ fprintf(stderr, "session count corrupt (overflow)\n"); + return -EOVERFLOW; + } + +@@ -447,7 +447,7 @@ static long read_current_count(int fd, const char *filename) { + * write_count - + * @fd: file descriptor to write to + * @nv: new value to write +- * @filename: filename, only used for l0g() ++ * @filename: filename, only used for frpintf() + * + * Writes @nv as a number in hexadecimal to the start of the file @fd and + * truncates the file to the written length. +@@ -460,7 +460,7 @@ static int write_count(int fd, long nv, const char *filename) { + if (unlink(filename) >= 0) + return true; + if (errno != EPERM && errno != EACCES) +- l0g("could not unlink %s: %s\n", filename, strerror(errno)); ++ fprintf(stderr, "could not unlink %s: %s\n", filename, strerror(errno)); + /* + * Fallback to just blanking the file. This can happen when + * pmvarrun is called as unprivileged user. +@@ -472,21 +472,21 @@ static int write_count(int fd, long nv, const char *filename) { + + if ((ret = lseek(fd, 0, SEEK_SET)) != 0) { + ret = -errno; +- l0g("failed to seek in %s: %s\n", filename, strerror(errno)); ++ fprintf(stderr, "failed to seek in %s: %s\n", filename, strerror(errno)); + return ret; + } + + len = snprintf(buf, sizeof(buf), "0x%lX", nv); + if ((wrt = write(fd, buf, len)) != len) { + ret = -errno; +- l0g("wrote %d of %d bytes; write error on %s: %s\n", ++ fprintf(stderr, "wrote %d of %d bytes; write error on %s: %s\n", + (wrt < 0) ? 0 : wrt, len, filename, strerror(errno)); + return ret; + } + + if (ftruncate(fd, len) < 0) { + ret = -errno; +- l0g("truncate failed: %s\n", strerror(errno)); ++ fprintf(stderr, "truncate failed: %s\n", strerror(errno)); + return ret; + } + diff --git a/debian/patches/series b/debian/patches/series new file mode 100644 index 0000000..8e2bae9 --- /dev/null +++ b/debian/patches/series @@ -0,0 +1,6 @@ +004-allow-usernames-beginning-with-numbers +005-debian-manpages +006-pmvarrun-allow-eacces +008-disallow-luserconf-path +011-pmvarrun-no-l0g +0014-Don-t-compare-source-when-checking-if-it-s-already-m.patch diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..4bf31d9 --- /dev/null +++ b/debian/rules @@ -0,0 +1,18 @@ +#!/usr/bin/make -f + +export DEB_BUILD_MAINT_OPTIONS = hardening=+all + +%: + dh $@ + +ifeq ($(DEB_HOST_ARCH_OS),linux) +EXTRACONF:=--with-cryptsetup +else +EXTRACONF:=--without-cryptsetup +endif + +override_dh_auto_configure: + dh_auto_configure -- --libdir=/lib/$(DEB_HOST_MULTIARCH) --with-slibdir=/lib/$(DEB_HOST_MULTIARCH) --with-selinux --with-dtd $(EXTRACONF) + +override_dh_installchangelogs: + dh_installchangelogs doc/news.txt diff --git a/debian/source/format b/debian/source/format new file mode 100644 index 0000000..163aaf8 --- /dev/null +++ b/debian/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/debian/tests/control b/debian/tests/control new file mode 100644 index 0000000..7a02d06 --- /dev/null +++ b/debian/tests/control @@ -0,0 +1,3 @@ +Tests: local-luks +Depends: @, cryptsetup, openssl, openssh-client, openssh-server +Restrictions: allow-stderr, needs-root, isolation-machine diff --git a/debian/tests/local-luks b/debian/tests/local-luks new file mode 100644 index 0000000..502c259 --- /dev/null +++ b/debian/tests/local-luks @@ -0,0 +1,76 @@ +#!/bin/sh +set -uxe +echo "libpam-mount is working" > expected + +createluks() +{ + id=${1} + type=${2} + tdir=$(mktemp --directory) + + fallocate -l 32M "/tmp/disk-l${id}.img" + cryptsetup luksFormat --batch-mode --verbose --force-password --key-file=/home/alice/alice.key --type "${type}" "/tmp/disk-l${id}.img" + cryptsetup open --type "${type}" --batch-mode --verbose --key-file=/home/alice/alice.key "/tmp/disk-l${id}.img" "img-luks${id}" + mkfs.ext4 -L "IMG-LUKS${id}" "/dev/mapper/img-luks${id}" + mount "/dev/mapper/img-luks${id}" "${tdir}" + echo "libpam-mount is working" > "${tdir}/testfile" + umount "/dev/mapper/img-luks${id}" + cryptsetup close "img-luks${id}" +} + +checkluks() +{ + id=${1} + bckp=$(mktemp) + + # backup and modify configuration + cp /etc/security/pam_mount.conf.xml "${bckp}" + sed -i -e 's/debug enable="0"/debug enable="1"/' /etc/security/pam_mount.conf.xml + sed -i -e "/<!-- Volume definitions -->/a<volume user='alice' path='/tmp/disk-l${id}.img' mountpoint='~/img-luks${id}' fstype='crypt' fskeycipher='none' fskeyhash='md5' fskeypath='/home/alice/alice.key' />" /etc/security/pam_mount.conf.xml + + # smoke tests the mount and if not working print debug from journal + # shellcheck disable=SC2029 + ssh -o "StrictHostKeyChecking=no" -i test.key alice@localhost "ls -laF ~/img-luks${id}/testfile" || journalctl -xe -u ssh --no-pager + sleep 5s + + # make sure we are using an actual mount + ssh -o "StrictHostKeyChecking=no" -i test.key alice@localhost "mount" | grep "img-luks${id}" + sleep 5s + + # compare data on encrypted disk via local login shell + # ensure su from root (needs no PW) does not re-ask for a pass (gets it from ~alice/alice.key anyway) + sed -i -e 's/pam_mount.so\s*$/pam_mount.so disable_interactive/' /etc/pam.d/common-auth + sed -i -e 's/pam_mount.so\s*$/pam_mount.so disable_interactive/' /etc/pam.d/common-session + su --login --command "cat ~/img-luks${id}/testfile" alice > "luks${id}" + sleep 5s + cmp expected "luks${id}" + + # compare data on encrypted disk via ssh based login + # shellcheck disable=SC2029 + ssh -o "StrictHostKeyChecking=no" -i test.key alice@localhost "cat ~/img-luks${id}/testfile" > "luks${id}" + sleep 5s + cmp expected "luks${id}" + + # restore configuration + cp "${bckp}" /etc/security/pam_mount.conf.xml +} + +# create user alice with PW alice +sudo useradd -m --password "$(openssl passwd -1 alice)" alice +# trivial passphrase +printf "alice" > ~alice/alice.key +# non interactive ssh login +ssh-keygen -t rsa -N "" -f test.key +mkdir -p ~alice/.ssh +chown alice:alice ~alice/.ssh +cp test.key.pub ~alice/.ssh/authorized_keys +# LUKS mountpoints +mkdir -p /home/alice/img-luks1 /home/alice/img-luks2 +chown alice:alice ~alice/.ssh/authorized_keys /home/alice/img-luks1 /home/alice/img-luks2 + +# create LUKS devices with known content +createluks 1 luks +createluks 2 luks2 + +checkluks 1 +checkluks 2 diff --git a/debian/upstream/metadata b/debian/upstream/metadata new file mode 100644 index 0000000..dad76b4 --- /dev/null +++ b/debian/upstream/metadata @@ -0,0 +1 @@ +Repository: https://git.code.sf.net/p/pam-mount/pam-mount diff --git a/debian/upstream/signing-key.asc b/debian/upstream/signing-key.asc new file mode 100644 index 0000000..3453e47 --- /dev/null +++ b/debian/upstream/signing-key.asc @@ -0,0 +1,52 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBF6oma8BEACXgERXgUrTVTUu1ivWCzo3zUu2VJpEFZulgSklraVs0YZLbiCl +8IKXMAM5B83ZQn8fK0NMF8nzgfOMTeiTOtb5nKUNcHAzAaVEZEpze+CK/dTERlXL +aqOBs3Q8H6vaHV5vtjtovIm+h2J5gpnDe5tFHnk3Z+COVjKm2tfTL/URbvs2qeyY +Dqf/r7rAEdoBQ29XJbQ4MMCafgiIfdL8yja0hbEKZhUeaaxNSASq8zoVyjQsu4PW +QCFYgdBGSzpWjju6zBmZdhQ016KCbOHys+6pj5n4tKJBfs7AnyFhsQA2HuiUECmN +V4S56eKstFtxmX5QARXTQelptzfW17AxhdU/2jQ1ioOD5jl9uw4NMxB89j7WHMw2 +fkKicHZaGJ6TgmUk2b86c6J2WM/77ckdxEUwVdz8iA1rMTkNVDqP74f+rZTiODbQ +sVAZupnBfFISs0Xd31ugSEq3vgA6PbXXTOiLJYgf8aHsic6PgCLGtuzIoq1W5m2D +p4raE06P8ISF2c+nawYYwD+BMlKeM9FpHYtdujc9pN2zDKmghoZYalE8Kbrcegtf +klaSc3PmOmNKdTIENLhiBTuaE878FJryl4Wtdf+tXBjEYMMftEwLlL0pIKQzxdRN +7faVX1wXiD5cFHSCEC84F29IBWJP6CCJ8dK2DOUlW4ZceVUgthLZBL0BMwARAQAB +tCBKYW4gRW5nZWxoYXJkdCA8amVuZ2VsaEBpbmFpLmRlPokCUwQTAQoAPRYhBCNo +bBCkVpG+ekJRCdY4gYHzWgk4BQJeqJmvAhsDBQkJlCYABAsJCAcFFQoJCAsFFgID +AQACHgECF4AACgkQ1jiBgfNaCTgURw/+M+R0KfuVbLUkh1PsXweGYRYnzlNQqK0x ++3dsWG2T6P89T1MBXFfnGcPjkLiUjCZC0x0Jt6W8vtaLsGdSLd81oWE1UaD4gRh2 +tLYO9gw6IheEOwlsrEHOpStYWX6mqtBGwxM222aYnXRq/0ZfCGXEfzXfH5kfucAL +E/dxNlhEcQ6sw0viIWl9Dp40Cno3DdPY5F54s87vvzyTqpW+lWwlBhj35UaCk3Um +wviTZxNBNxP3zhXur1AwE0/oKHF+Q3YTUaNSvd4u/022HGT+tEeEeRAYpd8n0gT1 +8lOcE8OhzKW0jiHZWDvqcA0+tLxpROEmA7pLR+RgMI52gyY3rfAkldzd+SLDQVhz +UGqgSLNAgPrFxUEwd6caf+9uk/CUeVv+3fv4rKul2OQ+65ahl0EYTahQkQLCNKOx +G7xAFfwDFuI5QBQPM1IudQwKcnFNgtwTwqXRJk2sqvqnDy38zkht6Y8se6cYKA6X +d+kVVlaVHs0ia8idTKczpSOhqBkqlpfn1YNVIFbXLOtRtlqu7NO0tLt0Qrf114ly +PcVYlw4f202g7sB1Xtim+kF46tqduoDmVadcDCUzB6yRQWDhmEZ3705sa2d8cQvG +BGWQILCvz/RAKJ3NhbvlDYnTxeU+W18/4Y7B42FxbAjQSe6ETnbjyII++kwM4GeL +tBjlt7M5B3i5Ag0EXqiZrwEQAOJMlaEkNofyV8l0oCfC1WwxYjsMkx37+lAlV9jz +SHwUC9wu0S2mw3rallfAhkQXJcc81AoFQpLlTwTOZZ/tBHElpVcNXQ3GeYaSwNzx +/U5YCgQa40b8xKHK2ADXVE1kRFN9b4qV5r9BSbcSw6wqqX42g5IPJuYuv7eDGneB +0ZG1cTlyOJKNBQF56UnqFvrX3XiUIwaH7O9rpNeFOyXxjqvi5V9l1PAAtWzZcAfp +IE844Bp6e4ANIJHtA+pfpTevYghmkqvaShQJbI+4qRUWGO4gSPpwqI90y0L2fH5q +wXWHUbKweZAkUGXmetjRAsAisX48X2Jf9yqX55kIkHFh07kVUaxe7fHjbzvEaUKZ +svnH8IdOoLRD6JuHiaWVIx7qaHauodjLf5DaHjMHL9djSzXZ3FKVb94FUWO2xJiU +NLCUe4ZJFb4JiPYni5ZlGOWobwnqFhWWLI/mPAIwAhMPl+ufZYYy3xG96y2PqUKp +8Kk3jKGMhBmdGSEZ4Ni81DOJFNSWOElmN6Pm6YA1AVaWBKTJTo50wnTKt7PDrFxW +tbixsqtHCawoSdKSHcqU4JEH5gaM/3nHMXvOIuNqSJOb75uhOkd+pgsJOp1a9LiP +lgNfTJ/JJpM5KD5sTzYtRLtCiyFEwjplYAkBGy2Mka2FggVu/hB3JkNxvBS0fMGJ +ixdfABEBAAGJAjsEGAEKACYWIQQjaGwQpFaRvnpCUQnWOIGB81oJOAUCXqiZrwIb +DAUJCZQmAAAKCRDWOIGB81oJOHorD/Y2O956ujqkT+QVuqFjQ2U5TriatREgIMzV +u7Vl2r+lijYuMi2gmgmJCfJEr0o8bNOmrFpbnXQDkfDir3J6mgRmnxXS1x9s9LaX ++/vxb2qHdG4xrEPJWHiKOsMK900++M9uYSiKG65QUfoaf3URVPe+OL+0AlbL5Oxj +26a7tliJ5BNMYrmO0zGYMDtL/vL6vMydem+81rT/k1Jrldpah8hvRvqGiRLW0sJN +faRMTjzD9F4oltW4pjni95/4tuf0C/oi50dMoX/yo8EDTiCP+ucHo2LoCNQGgVOw +7NegRUV7vmQejDx7SBWFcndyqTijdiu+GLBf12iBAI1MQiyMcntw0WkBPNQsubYW +FPhbIScOjlLi7iSqy3P0XfxvR4zTPrhNf8sFA1ZzaFcE3NL8e9GSMRYwzt8QaSHI +Ha1z85tFAmKegtShgcoWtVYooxAke4KZYrkDSGzKuRASkeBxIdnZZnVc74i6Fcxc +pKt43tWZftpmHNi8Tl3An3PlMBHY+APxEX5BPqhV5a0upkTn4pCgRnbKCRsYgri9 +OhifoVuTluGGN+RGKFzzlGA3OhvzXGGrGhY3ilAy6/5vk5Nj34Gv6jhDNb067yIh +8beeUVDkGzaW/CAAzUYcEarih1+BLnHEpZwADr50M+BwnyEhRhAqYOWMQaNMvucg +NGTT6x12 +=QLsa +-----END PGP PUBLIC KEY BLOCK----- diff --git a/debian/watch b/debian/watch new file mode 100644 index 0000000..13c405f --- /dev/null +++ b/debian/watch @@ -0,0 +1,2 @@ +version=4 +opts="pgpsigurlmangle=s%.xz$%.asc%,decompress" https://sf.net/pam-mount/pam_mount-(.*)\.tar\.xz |