debian/0000775000000000000000000000000012311110060007151 5ustar debian/examples0000664000000000000000000000001212076551570010732 0ustar sample.sqldebian/copyright0000664000000000000000000000076712076551570011145 0ustar Upstream Author: David D.W. Downey ("pgpkeys") Upstream Source: http://sourceforge.net/projects/pam-pgsql/ Copyright (c) 2000. Leon J Breedt , Copyright (c) 2002. David D.W. Downey ("pgpkeys") You are free to distribute this software under the terms of the GNU General Public License v2.0 or later. On Debian systems, the complete text of the GNU General Public License can be found in /usr/share/common-licenses/GPL-2 file. debian/source/0000775000000000000000000000000012076551570010500 5ustar debian/source/format0000664000000000000000000000001412076551570011706 0ustar 3.0 (quilt) debian/changelog0000664000000000000000000003465312311110060011036 0ustar pam-pgsql (0.7.3.1-4ubuntu1) trusty; urgency=medium * debian/control: Prefer libgcrypt11-dev for deterministic dependencies, this can and should be dropped when we have only one gcrypt again. -- Adam Conrad Sat, 15 Mar 2014 11:38:45 -0600 pam-pgsql (0.7.3.1-4) unstable; urgency=low * Fix "CVE-2013-0191: NULL password query result permits login with any password" by adding patch debian/patches/fix-698241-null-passwort-result-permits-login.patch from upstream bug tracker (Closes: #698241) -- Jan Dittberner Sat, 19 Jan 2013 18:10:09 +0100 pam-pgsql (0.7.3.1-3) unstable; urgency=low * apply hardened build flags (Closes: #656003), thanks for the patch to Moritz Muehlenhoff * bump Standards-Version to 3.9.3 (no changes) -- Jan Dittberner Fri, 06 Apr 2012 21:04:45 +0200 pam-pgsql (0.7.3.1-2) unstable; urgency=low * Stop shipping libtool la files in binary packages. http://wiki.debian.org/ReleaseGoals/LAFileRemoval (Closes: #621850), thanks to Andreas Metzler -- Jan Dittberner Sat, 09 Apr 2011 21:04:35 +0200 pam-pgsql (0.7.3.1-1) unstable; urgency=low * New upstream version * remove patches debian/patches/md5_64bit_584683.patch, debian/patches/md5postgres_594721.patch, debian/patches/ipaddr- crash_603436.patch and debian/patches/better_logging.patch which are integrated in upstream release * debian/control: add libgcrypt-dev to and remove libmhash-dev from Build-Depends -- Jan Dittberner Sun, 27 Mar 2011 10:47:45 +0200 pam-pgsql (0.7.1-5) unstable; urgency=low * add debian/patches/better_logging.patch to improve logging * add debian/patches/ipaddr-crash_603436.patch: fix crash on long addresses that trigger signedness in "%d", thanks to Kees Cook for the patch (LP: #722386, Closes: 603436). -- Jan Dittberner Wed, 23 Feb 2011 10:57:01 +0100 pam-pgsql (0.7.1-4) unstable; urgency=low * update DEP-3 information in debian/patches/md5postgres_594721.patch, and fix a typo * add debian/NEWS to notify about the change of default pw_type -- Jan Dittberner Sat, 11 Sep 2010 21:51:41 +0200 pam-pgsql (0.7.1-3) unstable; urgency=low * add debian/patches/md5postgres_594721.patch to add support for PostgreSQLs own md5 passwords (Closes: #594721) * add debian/postinst to set pw_type = clear on upgrades from version < 0.7.1 where no pw_type has been specified. The default password type has been changed from clear to sha1 (Closes: #596375) -- Jan Dittberner Fri, 10 Sep 2010 22:35:05 +0200 pam-pgsql (0.7.1-2) unstable; urgency=low * add debian/patches/md5_64bit_584683.patch to fix MD5 issue on non- Alpha 64bit systems (Closes: #584683) * debian/control: - bump Standards-Version to 3.9.1 (no changes needed) - change debhelper dependency to 7.0.50~ to simplify backports * remove unused debian/patches/ftbfs_544586.patch -- Jan Dittberner Sun, 15 Aug 2010 18:13:32 +0200 pam-pgsql (0.7.1-1) unstable; urgency=low * New upstream version * disable debian/patches/ftbfs_544686.patch, upstream restructured configure.ac and it does not apply anymore * debian/rules: - update configure call and make install call to match new upstream build system - remove sample.sql and CHANGELOG from installed files to let dh_installchangelogs and dh_installexamples do their jobs * debian/control: update Standards-Version to 3.8.4 (no changes needed) -- Jan Dittberner Fri, 02 Apr 2010 12:51:17 +0200 pam-pgsql (0.7-4) unstable; urgency=low * switch to dh7 - debian/compat: debhelper compatibility level 5 -> 7 - debian/control: update debhelper dependency to 7.0.50, add ${misc:Depends} to Depends - debian/rules: use dh7 features, override dh_makeshlibs to not insert useless ldconfig calls * switch to source format 3.0 (quilt) - debian/control: remove explicit quilt dependency - debian/rules: remove quilt patching and unpatching - create debian/source/format with "3.0 (quilt)" - remove debian/README.source * add debian/docs and debian/examples for dh_installdocs - add COPYRIGHT to docs - add samples.sql to examples * debian/copyright: link to GPL-2 instead of GPL symlink -- Jan Dittberner Sun, 06 Dec 2009 20:22:43 +0100 pam-pgsql (0.7-3) unstable; urgency=low * debian/control: add autoconf, automake and libtool to Build-Depends * debian/rules: rebuild configure (Closes: #544586) thanks Kibi -- Jan Dittberner Thu, 03 Sep 2009 08:42:49 +0200 pam-pgsql (0.7-2) unstable; urgency=low * debian/control: - update Standards-Version to 3.8.3 (no changes needed) - change email address to new @d.o address * add debian/patches/ftbfs_544586.patch (Closes: #544586) to fix FTBFS on GNU/kFreeBSD thanks to Petr Salinger -- Jan Dittberner Wed, 02 Sep 2009 17:22:13 +0200 pam-pgsql (0.7-1) unstable; urgency=low * New Upstream Version * debian/watch: switch to new upstream file name * debian/README.source: remove notice that upstream debian directory is removed because this is no longer true * refresh debian/patches/ftbfs_441679.patch -- Jan Dittberner Wed, 03 Jun 2009 22:51:07 +0200 pam-pgsql (0.6.4-2) unstable; urgency=low * release to unstable -- Jan Dittberner Sun, 22 Feb 2009 00:55:54 +0100 pam-pgsql (0.6.4-1) experimental; urgency=low * New Upstream Version * Update watch file to use new upstream naming convention * add debian/README.source * debian/control: - update Standards-Version to 3.8.0 - rewrap Build-Depends - New maintainer (Closes: #456679) - add Vcs-Git and Vcs-Browser fields * remove debian/patches/security_481970.patch because it has been applied by upstream * debian/patches/ftbfs_441679.patch: add header to describe patch * debian/copyright: update upstream URL -- Jan Dittberner Fri, 23 Jan 2009 23:48:08 +0100 pam-pgsql (0.6.3-2) unstable; urgency=high * High-urgency QA upload to get security fix into testing. * Fix upstream security issue that granted root access when pressing Ctrl-C in sudo’s authentication conversation, closes: #481970. The problem was caused by a mistake in operator precedence leading to a pam_get_pass call always being considered successful; it is fixed by adding a level of parentheses. -- Michael Schutte Sat, 24 May 2008 22:30:02 +0200 pam-pgsql (0.6.3-1) unstable; urgency=low * QA upload. + Set maintainer to Debian QA Group . * Acknowledge NMUs. (Closes: #441679, #355180, #423928, #429978). * New upstream release. (Closes: #466873). + Revert old unneeded patches. * Add watch file. * Add Homepage entry in source header. * Use latest version of the config.{sub,guess} files. * Bump debhelper build-dep and compat to 5. * Bump Standards Version to 3.7.3. -- Barry deFreese Fri, 11 Apr 2008 21:34:22 -0400 pam-pgsql (0.5.2-9.3) unstable; urgency=low * Non-maintainer upload. * Fix FTBFS `error: NULL undeclared', thanks to Cyril Brulebois. (Closes: #441679) -- Philipp Kern Sun, 16 Sep 2007 11:48:46 +0200 pam-pgsql (0.5.2-9.2) unstable; urgency=low * Non-maintainer upload. * Added quilt to the build system. * Made `binary-indep' an empty target and introduced `build-stamp'. * Fixed a memory leak. (Closes: #355180) * Applied a patch to remove unnecessary escaping of the SQL queries. (Closes: #423928) * Do not install `test.c' as an example. -- Philipp Kern Sun, 26 Aug 2007 22:14:25 +0200 pam-pgsql (0.5.2-9.1) unstable; urgency=medium * Non-maintainer upload. * Build-Depend on libpq-dev instead of postgresql-dev. Closes: #429978 -- Andreas Barth Fri, 20 Jul 2007 21:14:09 +0000 pam-pgsql (0.5.2-9) unstable; urgency=low * Reapplied security patches (Closes: #230875,#307784) * Boolean values works with boolean type as well (Closes: #130496) * Documentation typo (Closes: #218291) * Reapplied other NMU patches (Closes: #307366) * Allow port specification (Closes: #247536) * Reapplied "Stack-Friendly patch" (Closes: #139473) * Deleted wrong README.Debian (Closes: #204181) * Documented host and port options (Closes: #204439) * Reapplied patch to allow different config files (Closes: #236484) * Reapplied patch to support another MD5 type passwords (Closes: #142889) * Change "must change password" field (if any) to false after changing password * Deleted build-all from root (Closes: #240823) * Fixed few memory leaks (Closes: #280774) * Added timeout option for database connects (Closes: #281703) * Use debian/compat instead of DH_COMPAT * drop DH_COMPAT and DH_VERBOSE exports from debian/rules * don't ask root for password whan changing password * New Maintainer (Closes: #303198) * Fixed PAM stack to behave exactly as expected with use_authtok * Fixed a lot of memory leaks introduced by security patches * Fixed a lot of memory leaks arround returning error early -- Primoz Bratanic Sun, 8 May 2005 23:10:16 +0200 pam-pgsql (0.5.2-8) unstable; urgency=low * Orphan. Set maintainer to QA. -- Debian QA Group Mon, 18 Apr 2005 09:22:16 +0200 pam-pgsql (0.5.2-7) unstable; urgency=high * Fix possible format string vulnerability in logging of username. Thanks to Florian Zumbiehl for pointing this out. (closes: Bug#204438) * urgency=high for this reason -- Joerg Wendland Thu, 7 Aug 2003 12:47:24 +0200 pam-pgsql (0.5.2-6) unstable; urgency=low * New Maintainer. (closes: Bug#188658) * Standards-Version 3.5.9. * Rebuild against libpq3. (closes: Bug#179766) * DH_COMPAT=4 * Move to main. * More to come soon... -- Joerg Wendland Tue, 13 May 2003 23:38:23 +0200 pam-pgsql (0.5.2-5) unstable; urgency=critical * Reupload with urgency=critical since we really want this in woody. -- Tollef Fog Heen Sun, 28 Apr 2002 22:26:49 +0200 pam-pgsql (0.5.2-4) unstable; urgency=low * Marking the removal of the ("pgpkeys") from my Comment field in the gpg key. Since the original secret key was lost in a crash I changed the key and the Commet field. * Added a sub-dir called public_key/ which contains both the OLD public key and the NEW public key. The OLD key was signed with the NEW key in order to establish within the package that a key changeover had taken place. Since there was no way to revoke the key publicly, all documentation regarding the lost key discussion can be found in the debian-devel@lists.debian.org mail list archives. NOTE: This is _not_ meant to _supplant_ the established Debian rules regarding keys, but merely to _augment_ that policy. * Also imported entire structure from pristine source through current version into CVS. I felt it was time to start using cvs-buildpackage to handle package maintenence. HEAVY thanks go out to michaelw@debian.org for helping me with getting the cvs up and running and teaching me the basics correctly of cvs-buildpackage. (gotta love cvs-inject *.dsc) * Fixed typo in README for pwtype. Thanks Tobias Olsson and Robert Pintarelli . Closes: #138602, #142849 * Bad code for the queries was causing the system to lock out _every_ user on the box if any single account was expired. Not Good(Tm). The fix for this was submitted by Robert Pintarelli Closes: #143745 -- David D.W. Downey Fri, 26 Apr 2002 16:54:52 -0700 pam-pgsql (0.5.2-3) unstable; urgency=low * Just a rebuild against the current libpgsql. Hopefully this fixes any problems with libpgsql2 version differences. -- David D.W. Downey ("pgpkeys") Fri, 8 Mar 2002 18:13:57 -0800 pam-pgsql (0.5.2-2) unstable; urgency=low * Added escaped special char check and rewrite to handle bug #130114 Patch submitted by Joerg Wendland Closes: #130114 * Added additional `\0` sanity check in while loop. Submitted by a friend who wishes to remain anonymous due to legal contraints from his employer. -- David D.W. Downey ("pgpkeys") Mon, 21 Jan 2002 01:41:36 -0800 pam-pgsql (0.5.2-1) unstable; urgency=low * New maintainer: David D.W. Downey ("pgpkeys") Closes: #128400 * New upstream version (new upstream maintainer - me as well =) * Not a debian native package any more * New upstream source location is http://libpam-pgsql.codecastle.com -- David D.W. Downey ("pgpkeys") Mon, 14 Jan 2002 09:37:28 -0800 pam-pgsql (0.5.1) unstable; urgency=low * Add libmhash-dev to Build-Depends. Closes: #94520 -- Leon Breedt Thu, 19 Apr 2001 19:09:50 +0200 pam-pgsql (0.5) unstable; urgency=low * Always log error conditions to syslog. * Fix typo in README, update CREDITS, and also taking this opportunity to close wishlist bug fixed in 0.4 already. Closes: #76644 -- Leon Breedt Wed, 18 Apr 2001 22:39:58 +0200 pam-pgsql (0.4) unstable; urgency=low * added MD5 and crypt() password support (introduces dependency on mhash) * slightly more informative logging when 'debug' option is enabled -- Leon Breedt Tue, 17 Apr 2001 23:08:46 +0200 pam-pgsql (0.3.1) unstable; urgency=low * Non-maintainer upload, suggested by the maintainer, to recompile with libpgsql2.1, because libpgsql2 was removed. As exception from the rule the concerning bug is herewith closed because I am also its submitter; closes: #86528 -- Dr. Guenter Bechly Tue, 20 Feb 2001 22:03:20 +0100 pam-pgsql (0.3) unstable; urgency=low * Add Build-Depends for m68k build daemon -- Leon Breedt Wed, 2 Aug 2000 13:05:23 +0200 pam-pgsql (0.2) unstable; urgency=low * Initial autoconf support * Include test.c in the examples * Support for the FreeBSD platform -- Leon Breedt Tue, 04 Jul 2000 17:17:07 +0200 pam-pgsql (0.1) unstable; urgency=low * Initial release. -- Leon Breedt Sat, 24 Jun 2000 21:20:40 +0200 debian/compat0000664000000000000000000000000212076551570010376 0ustar 7 debian/rules0000775000000000000000000000155412076551570010265 0ustar #!/usr/bin/make -f # -- Rules to build libpam-pgsql package ## globals PACKAGE= libpam-pgsql DESTDIR= $(CURDIR)/debian/${PACKAGE} INSTALL= /usr/bin/install SHELL= /bin/sh override_dh_auto_configure: cp /usr/share/misc/config.sub . cp /usr/share/misc/config.guess . autoreconf -vfi # Build the module ./configure $(shell dpkg-buildflags --export=configure) --docdir=/usr/share/doc/libpam-pgsql --libdir=/lib \ --enable-shared override_dh_auto_install: # Install it ${MAKE} DESTDIR=${DESTDIR} install rm -f ${DESTDIR}/usr/share/doc/libpam-pgsql/CHANGELOG \ ${DESTDIR}/usr/share/doc/libpam-pgsql/sample.sql \ ${DESTDIR}/lib/security/pam_pgsql.la override_dh_auto_clean: # Clean up [ ! -f Makefile ] || ${MAKE} distclean rm -f build-all install-stamp rm -f config.sub config.guess override_dh_makeshlibs: dh_makeshlibs --noscripts %: dh $@ debian/control0000664000000000000000000000154712311110063010566 0ustar Source: pam-pgsql Section: admin Priority: extra Maintainer: Ubuntu Developers XSBC-Original-Maintainer: Jan Dittberner Standards-Version: 3.9.3 Build-Depends: debhelper (>= 7.0.50~), autotools-dev, libpam0g-dev, libpq-dev, autoconf, automake, libtool, libgcrypt11-dev | libgcrypt-dev Homepage: http://sourceforge.net/projects/pam-pgsql/ Vcs-Git: git://git.debian.org/git/collab-maint/pam-pgsql.git Vcs-Browser: http://git.debian.org/?p=collab-maint/pam-pgsql.git;a=summary Package: libpam-pgsql Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends} Description: PAM module to authenticate using a PostgreSQL database This module lets you authenticate users against a table in a PostgreSQL database. It also supports checking account information and updating authentication tokens (ie. passwords). debian/postinst0000664000000000000000000000300512076551570011004 0ustar #! /bin/sh set -e # summary of how this script can be called: # * `configure' # * `abort-upgrade' # * `abort-remove' `in-favour' # # * `abort-deconfigure' `in-favour' # `removing' # # for details, see http://www.debian.org/doc/debian-policy/ or # the debian-policy package # # quoting from the policy: # Any necessary prompting should almost always be confined to the # post-installation script, and should be protected with a conditional # so that unnecessary prompting doesn't happen if a package's # installation fails and the `postinst' is called with `abort-upgrade', # `abort-remove' or `abort-deconfigure'. log() { echo $* >&2 } PAMFILE=/etc/pam_pgsql.conf case "$1" in configure) if [ -n "$2" ] \ && dpkg --compare-versions "$2" lt "0.7.1" \ && [ -f $PAMFILE ] \ && ! grep -q ^pw_type $PAMFILE then log "Adding 'pw_type = clear' to $PAMFILE. You should upgrade your database to store hashes." echo "pw_type = clear" >>$PAMFILE fi ;; abort-upgrade|abort-remove|abort-deconfigure) ;; *) log "postinst called with unknown argument \`$1'" exit 1 ;; esac # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts. #DEBHELPER# exit 0 debian/NEWS0000664000000000000000000000122412076551570007676 0ustar pam-pgsql (0.7.1-4) unstable; urgency=low The default setting for pw_type has been changed from clear to sha1. This change will break setups that previously used pam-pgsql < 0.7.1 where no pw_type has been specified and another configuration file then /etc/pam_pgsql.conf is used. The postinst script will set pw_type = clear explicitly if you are upgrading from a version less than 0.7.1 and your system's setup uses /etc/pam_pgsql.conf. You are encouraged to change your setup to use a more secure mechanism (i.e. sha1) and to change your database accordingly though. -- Jan Dittberner Sat, 11 Sep 2010 21:28:22 +0200 debian/watch0000664000000000000000000000007712076551570010235 0ustar version=3 http://sf.net/pam-pgsql/pam-pgsql-([\d.]+)\.tar\.gz debian/docs0000664000000000000000000000003112076551570010045 0ustar CREDITS README COPYRIGHT debian/patches/0000775000000000000000000000000012076551570010627 5ustar debian/patches/ftbfs_441679.patch0000664000000000000000000000037512076551570013617 0ustar Fix FTBFS by including missing security/pam_client.h --- a/src/pam_get_service.c +++ b/src/pam_get_service.c @@ -7,6 +7,7 @@ #include #include +#include #include const char * debian/patches/fix-698241-null-passwort-result-permits-login.patch0000664000000000000000000000135112076551570022144 0ustar Subject: Fix NULL password query result permits login with any password Author: Lucas Clemente Vella Origin: upstream, http://sourceforge.net/u/lvella/pam-pgsql/ci/9361f5970e5dd90a747319995b67c2f73b91448c/ Bug: https://sourceforge.net/p/pam-pgsql/bugs/13/ Bug-Debian: http://bugs.debian.org/698241 --- a/src/backend_pgsql.c +++ b/src/backend_pgsql.c @@ -258,7 +258,7 @@ if(pg_execParam(conn, &res, options->query_auth, service, user, passwd, rhost) == PAM_SUCCESS) { if(PQntuples(res) == 0) { rc = PAM_USER_UNKNOWN; - } else { + } else if (!PQgetisnull(res, 0, 0)) { char *stored_pw = PQgetvalue(res, 0, 0); if (!strcmp(stored_pw, (tmp = password_encrypt(options, user, passwd, stored_pw)))) rc = PAM_SUCCESS; free (tmp); debian/patches/series0000664000000000000000000000010712076551570012042 0ustar ftbfs_441679.patch fix-698241-null-passwort-result-permits-login.patch