linux/poky.git/meta/recipes-extended/pam/libpam, branch master

The poky repository master branch is no longer being updated.

2025-11-07T13:31:53+00:00

You can either: a) switch to individual clones of bitbake, openembedded-core, meta-yocto and yocto-docs b) use the new bitbake-setup You can find information about either approach in our documentation: https://docs.yoctoproject.org/ Note that "poky" the distro setting is still available in meta-yocto as before and we continue to use and maintain that. Long live Poky! Some further information on the background of this change can be found in: https://lists.openembedded.org/g/openembedded-architecture/message/2179 Signed-off-by: Richard Purdie

libpam: upgrade 1.7.0 -> 1.7.1

2025-07-07T21:12:50+00:00

0001-meson.build-correct-check-for-existence-of-two-prepr.patch removed since it's included in 1.7.1 Changelog: =============== * pam_access: do not resolve ttys or display variables as hostnames. * pam_access: added "nodns" option to disallow resolving of tokens as hostnames (CVE-2024-10963). * pam_limits: added support for rttime (RLIMIT_RTTIME). * pam_namespace: fixed potential privilege escalation (CVE-2025-6020). * meson: added support of elogind as a logind provider. * Multiple minor bug fixes, build fixes, portability fixes, documentation improvements, and translation updates. (From OE-Core rev: 5e77c48e074a20e58a233ab5ed6d8ef09bbd55c8) Signed-off-by: Wang Mingyu Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie

libpam: update 1.6.1 -> 1.7.0

2024-12-05T17:07:10+00:00

Change from autotools to meson. ptest support is removed for now, as pam-ptest isn't executed on the autobuilder. Adjust packaging as pam now installs everything into /usr rather than /. (From OE-Core rev: 00eb730291f9630eb70480d37ed48fbadecc547a) Signed-off-by: Alexander Kanavin Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie

libpam: upgrade 1.6.0 -> 1.6.1

2024-04-25T09:06:02+00:00

0001-pam_namespace-include-stdint-h.patch removed since it's included in 1.6.1 Changelog: =========== * build: fail if specified configure options cannot be satisfied. * pam_env: fixed --disable-econf --enable-vendordir support. * pam_unix: do not warn if password aging is disabled. * pam_unix: try to set uid to 0 before unix_chkpwd invocation. * pam_unix: allow empty passwords with non-empty hashes. * Multiple minor bug fixes, build fixes, portability fixes, documentation improvements, and translation updates. (From OE-Core rev: 2758bc1e521270c77c768a6d9701cb15dd30ea82) Signed-off-by: Wang Mingyu Signed-off-by: Richard Purdie

libpam: update 1.5.3 -> 1.6.0

2024-04-16T07:07:01+00:00

(From OE-Core rev: 2a194d5dd1d82f233fa28a44412aea1ba4ccd434) Signed-off-by: Alexander Kanavin Signed-off-by: Richard Purdie

pam: Fix build with musl

2024-03-18T12:21:45+00:00

Apply a backported patch (From OE-Core rev: e4fbb97fda6fe6232df743e655d0488f2353a24e) Signed-off-by: Khem Raj Signed-off-by: Richard Purdie

libpam: Fix examples build on musl

2023-07-10T10:36:34+00:00

This came with latest libpam upgrade ../../Linux-PAM-1.5.3/examples/tty_conv.c:9:10: fatal error: 'termio.h' file not found ^~~~~~~~~~ 1 error generated. (From OE-Core rev: 00b5cbad49ccce7f2886b2e70b93e60e054f8f46) Signed-off-by: Khem Raj Signed-off-by: Richard Purdie

libpam: update 1.5.2 -> 1.5.3

2023-06-27T15:23:40+00:00

(From OE-Core rev: ddb5e0f8a2cc7c48e1fb53b665e2fd5ed263bb19) Signed-off-by: Alexander Kanavin Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie

libpam: Fix the xtests/tst-pam_motd[1|3] failures

2023-04-14T15:44:24+00:00

Reproducer: 1.Enable the ptest of libpam and build the image. 2.Boot the rootfs with nfs, then run the following tests as root: cd /usr/share/Linux-PAM/xtests /usr/share/Linux-PAM/xtests# ./run-xtests.sh . tst-pam_motd1 /usr/share/Linux-PAM/xtests# ./run-xtests.sh . tst-pam_motd3 After applying this patch, the ptest doesn't be failed. (From OE-Core rev: 549e54ad6a175359b0a57987ccdab8989df9d3a9) Signed-off-by: Zhixiong Chi Signed-off-by: Luca Ceresoli Signed-off-by: Richard Purdie

libpam: fix CVE-2022-28321

2022-11-23T18:27:07+00:00

The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for SSH logins. The pam_access.so module doesn't correctly restrict login if a user tries to connect from an IP address that is not resolvable via DNS. In such conditions, a user with denied access to a machine can still get access. NOTE: the relevance of this issue is largely limited to openSUSE Tumbleweed and openSUSE Factory; it does not affect Linux-PAM upstream. References: https://nvd.nist.gov/vuln/detail/CVE-2022-28321 Upstream patches: https://github.com/linux-pam/linux-pam/commit/08992030c56c940c0707ccbc442b1c325aa01e6d https://github.com/linux-pam/linux-pam/commit/23393bef92c1e768eda329813d7af55481c6ca9f (From OE-Core rev: b1fd799af0086347de1ec4b72d562b1fb490def1) Signed-off-by: Archana Polampalli Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie