[Pkg-shadow-devel] Ubuntu shadow 1:4.0.18.2-1ubuntu1

Ubuntu Merge-o-Matic mom at ubuntu.com
Fri Feb 15 20:41:59 UTC 2008 

This e-mail has been sent due to an upload to Ubuntu that contains Ubuntu
changes.  It contains the difference between the new version and the
previous version of the same source package in Ubuntu.
-------------- next part --------------
Format: 1.7
Date: Fri, 08 Feb 2008 02:20:06 -0500
Source: shadow
Binary: login passwd
Architecture: source
Version: 1:4.0.18.2-1ubuntu1
Distribution: hardy
Urgency: low
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Caleb Case <ccase at tresys.com>
Description: 
 login      - system login tools
 passwd     - change and administer password and group data
Launchpad-Bugs-Fixed: 191326
Changes: 
 shadow (1:4.0.18.2-1ubuntu1) hardy; urgency=low
 .
   * debian/login.pam: Enable SELinux support in login.pam (LP: #191326).
Files: 
 3a86465ca63e3704dced2b7a303e6e9b 1148 admin required shadow_4.0.18.2-1ubuntu1.dsc
 3ea5f2c42d0d4f8dc9a5c4c255e81d95 91091 admin required shadow_4.0.18.2-1ubuntu1.diff.gz
Original-Maintainer: Shadow package maintainers <pkg-shadow-devel at lists.alioth.debian.org>
-------------- next part --------------
diff -pruN 1:4.0.18.2-1/debian/changelog 1:4.0.18.2-1ubuntu1/debian/changelog
--- 1:4.0.18.2-1/debian/changelog	2008-02-15 20:15:06.000000000 +0000
+++ 1:4.0.18.2-1ubuntu1/debian/changelog	2008-02-15 20:15:05.000000000 +0000
@@ -1,3 +1,9 @@
+shadow (1:4.0.18.2-1ubuntu1) hardy; urgency=low
+
+  * debian/login.pam: Enable SELinux support in login.pam (LP: #191326).
+
+ -- Caleb Case <ccase at tresys.com>  Fri, 08 Feb 2008 02:20:06 -0500
+
 shadow (1:4.0.18.2-1) unstable; urgency=low
 
   * The "Vacherin" release.
diff -pruN 1:4.0.18.2-1/debian/control 1:4.0.18.2-1ubuntu1/debian/control
--- 1:4.0.18.2-1/debian/control	2008-02-15 20:15:06.000000000 +0000
+++ 1:4.0.18.2-1ubuntu1/debian/control	2008-02-15 20:15:05.000000000 +0000
@@ -1,7 +1,8 @@
 Source: shadow
 Section: admin
 Priority: required
-Maintainer: Shadow package maintainers <pkg-shadow-devel at lists.alioth.debian.org>
+Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
+XSBC-Original-Maintainer: Shadow package maintainers <pkg-shadow-devel at lists.alioth.debian.org>
 Standards-Version: 3.7.2.0
 Uploaders: Christian Perrier <bubulle at debian.org>, Martin Quinson <mquinson at debian.org>, Nicolas FRANCOIS (Nekral) <nicolas.francois at centraliens.net>
 Build-Depends: autoconf, automake1.9, libtool, gettext, libpam0g-dev, debhelper (>= 5.0.0), quilt, dpkg-dev (>= 1.13.5), xsltproc, docbook-xsl, docbook-xml, libxml2-utils, cdbs, libselinux1-dev [!hurd-i386 !kfreebsd-i386 !kfreebsd-amd64], gnome-doc-utils (>= 0.4.3-1)
diff -pruN 1:4.0.18.2-1/debian/login.pam 1:4.0.18.2-1ubuntu1/debian/login.pam
--- 1:4.0.18.2-1/debian/login.pam	2008-02-15 20:15:06.000000000 +0000
+++ 1:4.0.18.2-1ubuntu1/debian/login.pam	2008-02-15 20:15:05.000000000 +0000
@@ -14,6 +14,12 @@ auth       requisite  pam_securetty.so
 # (Replaces the `NOLOGINS_FILE' option from login.defs)
 auth       requisite  pam_nologin.so
 
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.  (When SELinux
+# is disabled, this returns success.)
+session    required   pam_selinux.so close
+
 # This module parses environment configuration file(s)
 # and also allows you to use an extended config
 # file /etc/security/pam_env.conf.
@@ -66,12 +72,13 @@ session    optional   pam_motd.so
 # See comments in /etc/login.defs
 session    optional   pam_mail.so standard
 
-# SELinux needs to intervene at login time to ensure that the process
-# starts in the proper default security context.
-# Uncomment the following line to enable SELinux
-# session required pam_selinux.so multiple
-
 # Standard Un*x account and session
 @include common-account
 @include common-session
 @include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.  (When
+# SELinux is disabled, this returns success.)
+session required pam_selinux.so open

More information about the Pkg-shadow-devel mailing list