Debian Bug report logs - #230875
libpam-pgsql: Some notes about pam_pgsql security

version graph

Package: libpam-pgsql; Maintainer for libpam-pgsql is Jan Dittberner <jandd@debian.org>; Source for libpam-pgsql is src:pam-pgsql.

Reported by: Primoz Bratanic <primoz@slo-tech.com>

Date: Tue, 3 Feb 2004 03:18:01 UTC

Severity: grave

Tags: security

Merged with 307366, 307784

Found in versions 0.5.2-7, 0.5.2-8

Fixed in version pam-pgsql/0.5.2-9

Done: Steve Langasek <vorlon@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, primoz@slo-tech.com, Joerg Wendland <joergland@debian.org>:
Bug#230875; Package libpam-pgsql. Full text and rfc822 format available.

Acknowledgement sent to Primoz Bratanic <primoz@slo-tech.com>:
New Bug report received and forwarded. Copy sent to primoz@slo-tech.com, Joerg Wendland <joergland@debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Primoz Bratanic <primoz@slo-tech.com>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: libpam-pgsql: Some notes about pam_pgsql security
Date: Tue, 03 Feb 2004 04:01:11 +0100
Package: libpam-pgsql
Version: 0.5.2-7
Severity: grave
Tags: security sid
Justification: user security hole

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Since shipping with postgresql 7.4 it should probably make use of
PQescapeString function. 

Package does not escape anything sent to database except username. It should
probably escape everything. Otherwise strange things may happen due to
errors in configuration files. 

IMPORTANT:

NEW PASSWORDS ARE NOT ESCAPED. CONFIGURATION ALLOWS HAVING PLAINTEXT
PASSWORDS. USING PLAINTEXT PASSWORDS ALLOW INJECTION OF ARBITRARY STRING 
INTO UPDATE SQL TO ANY USER CHANGING HIS/HER PASSWORD. 


- -- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.0-1-686
Locale: LANG=C, LC_CTYPE=sl_SI.UTF-8

Versions of packages libpam-pgsql depends on:
ii  libc6                       2.3.2.ds1-11 GNU C Library: Shared libraries an
ii  libmhash2                   0.8.18-4     Library for cryptographic hashing 
ii  libpam0g                    0.76-15      Pluggable Authentication Modules l
ii  libpq3                      7.4.1-2      Shared library libpq.so.3 for Post

- -- no debconf information

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFAHw73HOuqnSwJthERAnPIAKDhcfT2jV9SKmQRVjknUi5Qlv3KrACfSVqD
V6jaxxc3+VeblveWLKNi8Us=
=t4sT
-----END PGP SIGNATURE-----



Tags removed: sid Request was from Frank Lichtenheld <djpig@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Joerg Wendland <joergland@debian.org>:
Bug#230875; Package libpam-pgsql. Full text and rfc822 format available.

Acknowledgement sent to Bencsath Boldizsar <boldi+dbug@mail2003.etl.hu>:
Extra info received and forwarded to list. Copy sent to Joerg Wendland <joergland@debian.org>. Full text and rfc822 format available.

Message #12 received at 230875@bugs.debian.org (full text, mbox):

From: Bencsath Boldizsar <boldi+dbug@mail2003.etl.hu>
To: 230875@bugs.debian.org
Cc: security@debian.org
Subject: fix patch libpam-pgsql security hole
Date: Sat, 20 Mar 2004 03:52:08 +0100 (CET)
For the security team: this security hole in the "sid" release can affect
"woody" and under special circumstances can result user pivilege
escalation (user->root or something).
To achieve this:
a.) the system should use pam_pgsql
b.) a user should be set to change her/his password at next login, or so.
c.) a malformed password should be used, like
"alfa9'; update account set password='root' where user_name='root';update
account set user_name='kamu" (and this is extended by "where
user='originaluser'" from the module and prefixed by "update account set
password='")

----
details:

I can acknowledge the bugreport from "primoz", it is really a security
hole. While libpam-pgsql is not generally used as login front-end, it
should be noticed, that the bug is serious. A malicious user can inject
any sql command into the password backend database and thus he can control
everything that the libpam-pgsql is used for.

I only checked the sid version.
Some notices:

In the original sid version, the function "sqlescape" is doing the sql
escape job. The data needed to escape:

pam module parameters (from pam parameters or from /etc/pam_pgsql.conf)
user name
password

While the pam module parameters is controlled by the system administrator,
and therefore it is not "so" neccessary to sanitize the content,  the user
name and password have client selectable values.

While user name was correctly escaped, password field was passed to the
encrypt_password function, and then clearly forwarded to the sql backend.

The encrypt_password function does a simple strdup in case of clear
passwords.

sqlescape function is almost the same as the PQescapeString function in
the latest postgresql versions.
the pam_pgsql version has a different parameter order.
pam_pgsql has a not-working case for character \0 (filtered by the "while"
contraint)
pam_pgsql
it escapes backslash (\) as double backslash (\\)
it escapes apostrophe (') as backslash-apostrophe (\')
it escapes (") as (\")

while
PQescapeString does
\->\\ (the same)
apostrophe to double-apostrophe ('->'')
and does not escape (")

Considering the possibilities I propose to remove sqlescape routine from
pam_pgsql and to use PQescapeString for security reasons. If it is
affected with any security holes, then it can be solved at the single
place of the postgresql source code. This is the first part of the patch.

Second, it is not mandatory, but a much cleaner job to sanitize all values
that goes to the database backed ("firewalling"). Therefore all the module
and configuration file parameters were also escaped with PQescapeString.
For security reasons this is used just before the queries, not at the
loading of the configuration (therefore it is obvious that every input of
the query has been escaped).

Third, the result of the function encrypt_password is escaped just before
the query.

At last, as far as i see, a free(user_s) was placed at a wrong place at
line ~740, which could result in freeing of a previously un-malloc-ed
memory area, which can also result security considerations.

patch follows (long lines wrapped..), or it can be downloaded from
http://dc.hu/~boldi/pam_pgsql.c.diff

the patch is against the affected source file, so please apply to the
debian diff (as the package has no patch management).

--- orig/pam-pgsql-0.5.2/pam_pgsql.c    Sat Mar 20 02:57:03 2004
+++ pam-pgsql-0.5.2/pam_pgsql.c Sat Mar 20 03:10:34 2004
@@ -375,47 +375,7 @@
 static size_t
 sqlescape(const char *from, char *to, size_t len)
 {
-    const char *source = from;
-    char *target = to;
-    unsigned int remaining = len;
-
-    while (remaining > 0 && *source != '\0') {
-        switch (*source) {
-        case '\0':
-            *target = '\\';
-            target++;
-            *target = '0';
-            break;
-
-        case '\\':
-            *target = '\\';
-            target++;
-            *target = '\\';
-            break;
-
-        case '\'':
-            *target = '\\';
-            target++;
-            *target = '\'';
-            break;
-
-        case '"':
-            *target = '\\';
-            target++;
-            *target = '"';
-            break;
-
-        default:
-            *target = *source;
-        }
-        source++;
-        target++;
-        remaining--;
-    }
-
-    *target = '\0';
-
-    return target - to;
+return PQescapeString(to,from,len);
 }

 /* private: authenticate user and passwd against database */
@@ -425,24 +385,39 @@
 {
     PGresult *res;
     PGconn *conn;
-    int rc, ulen;
+    int rc, esclen;
     char *user_s;
+    char *pwd_column_s;
+    char *table_s;
+    char *user_column_s;
 #define CRYPT_LEN 13

     if(!(conn = pg_connect(options)))
         return PAM_AUTH_ERR;

-    ulen = strlen(user)*2+1;
-    user_s = malloc(ulen);
+    esclen = strlen(user)*2+1;
+    user_s = malloc(esclen);

     sqlescape(user, user_s, strlen(user));
     DBGLOG("%s", user_s);

-    DBGLOG("query: SELECT %s FROM %s WHERE %s='%s'", options->pwd_column,
option
s->table, options->user_column, user);
+    esclen = strlen(options->pwd_column)*2+1;
+    pwd_column_s = malloc(esclen);
+    sqlescape(options->pwd_column, pwd_column_s,
strlen(options->pwd_column));
+
+    esclen = strlen(options->table)*2+1;
+    table_s = malloc(esclen);
+    sqlescape(options->table, table_s, strlen(options->table));
+
+    esclen = strlen(options->user_column)*2+1;
+    user_column_s = malloc(esclen);
+    sqlescape(options->user_column, user_column_s,
strlen(options->user_column))
;
+
+    DBGLOG("query: SELECT %s FROM %s WHERE %s='%s'", pwd_column_s,
table_s, user
_column_s, user_s);
     if(pg_exec(options, conn, &res, "SELECT %s FROM %s WHERE %s='%s'",
-               options->pwd_column,
-               options->table,
-               options->user_column,
+               pwd_column_s,
+               table_s,
+               user_column_s,
                user_s) != 0) {
         PQfinish(conn);
         return PAM_AUTH_ERR;
@@ -498,6 +473,9 @@
     PQclear(res);
     PQfinish(conn);
     free(user_s);
+    free(table_s);
+    free(user_column_s);
+    free(pwd_column_s);
     return rc;
 }

@@ -545,7 +523,11 @@
     struct module_options *options;
     const char *user;
     char *user_s;
-    int rc, ulen;
+    char *table_s;
+    char *expired_column_s;
+    char *user_column_s;
+    char *newtok_column_s;
+    int rc, esclen;
     PGconn *conn;
     PGresult *res;

@@ -572,21 +554,39 @@
         return PAM_AUTH_ERR;
     }

-    ulen = strlen(user)*2+1;
-    user_s = malloc(ulen);
+    esclen = strlen(user)*2+1;
+    user_s = malloc(esclen);

     sqlescape(user, user_s, strlen(user));

+
+    esclen = strlen(options->expired_column)*2+1;
+    expired_column_s = malloc(esclen);
+    sqlescape(options->expired_column, expired_column_s,
strlen(options->expired
_column));
+
+    esclen = strlen(options->table)*2+1;
+    table_s = malloc(esclen);
+    sqlescape(options->table, table_s, strlen(options->table));
+
+    esclen = strlen(options->user_column)*2+1;
+    user_column_s = malloc(esclen);
+    sqlescape(options->user_column, user_column_s,
strlen(options->user_column))
;
+
+    esclen = strlen(options->newtok_column)*2+1;
+    newtok_column_s = malloc(esclen);
+    sqlescape(options->newtok_column, newtok_column_s,
strlen(options->newtok_co
lumn));
+
+
     /* if account has expired then expired_column = '1' or 'y' */
     if(options->expired_column) {
-        DBGLOG("query: SELECT 1 FROM %s WHERE %s='%s' AND %s='y' OR
%s='1'", opt
ions->table, options->user_column, user, options->expired_column,
options->expire
d_column);
+        DBGLOG("query: SELECT 1 FROM %s WHERE %s='%s' AND %s='y' OR
%s='1'", tab
le_s, user_column_s, user_s, expired_column_s, expired_column_s);
         if(pg_exec(options, conn, &res,
                    "SELECT 1 FROM %s WHERE %s='%s' AND (%s='y' OR
%s='1')" ,
-                   options->table,
-                   options->user_column,
+                   table_s,
+                   user_column_s,
                    user_s,
-                   options->expired_column,
-                   options->expired_column) != 0) {
+                   expired_column_s,
+                   expired_column_s) != 0) {
             PQfinish(conn);
             free_module_options(options);
             return PAM_AUTH_ERR;
@@ -602,14 +602,14 @@

     /* if new password is required then newtok_column = 'y' or '1' */
     if(options->newtok_column) {
-        DBGLOG("query: SELECT 1 FROM %s WHERE %s='%s' AND %s='y' OR
%s='1'", opt
ions->table, options->user_column, user, options->newtok_column,
options->newtok_
column);
+        DBGLOG("query: SELECT 1 FROM %s WHERE %s='%s' AND %s='y' OR
%s='1'", tab
le_s, user_column_s, user_s, newtok_column_s, newtok_column_s);
         if(pg_exec(options, conn, &res,
                    "SELECT 1 FROM %s WHERE %s='%s' AND (%s='y' OR
%s='1')",
-                   options->table,
-                   options->user_column,
+                   table_s,
+                   user_column_s,
                    user_s,
-                   options->newtok_column,
-                   options->newtok_column) != 0) {
+                   newtok_column_s,
+                   newtok_column_s) != 0) {
             PQfinish(conn);
             free_module_options(options);
             return PAM_AUTH_ERR;
@@ -625,6 +625,10 @@

     PQfinish(conn);
     free(user_s);
+    free(table_s);
+    free(newtok_column_s);
+    free(user_column_s);
+    free(expired_column_s);
     return PAM_SUCCESS;
 }

@@ -633,9 +637,13 @@
 pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char
**argv)
 {
     struct module_options *options;
-    int rc, std_flags, ulen;
+    int rc, std_flags, esclen;
     const char *user, *pass, *newpass;
     char *newpass_crypt, *user_s;
+    char *table_s;
+    char *newpass_crypt_s;
+    char *user_column_s;
+    char *pwd_column_s;
     PGconn *conn;
     PGresult *res;

@@ -714,18 +722,34 @@
             return PAM_AUTHINFO_UNAVAIL;
         }

-        ulen = strlen(user)*2+1;
-        user_s = malloc(ulen);
+        esclen = strlen(user)*2+1;
+        user_s = malloc(esclen);

         sqlescape(user, user_s, strlen(user));

-        DBGLOG("query: UPDATE %s SET %s='%s' WHERE %s='%s'",
options->table, opt
ions->pwd_column, "******", options->user_column, user);
+        esclen = strlen(options->pwd_column)*2+1;
+        pwd_column_s = malloc(esclen);
+        sqlescape(options->pwd_column, pwd_column_s,
strlen(options->pwd_column)
);
+
+        esclen = strlen(options->table)*2+1;
+        table_s = malloc(esclen);
+        sqlescape(options->table, table_s, strlen(options->table));
+
+        esclen = strlen(options->user_column)*2+1;
+        user_column_s = malloc(esclen);
+        sqlescape(options->user_column, user_column_s,
strlen(options->user_colu
mn));
+
+        esclen = strlen(newpass_crypt)*2+1;
+        newpass_crypt_s = malloc(esclen);
+        sqlescape(newpass_crypt, newpass_crypt_s, strlen(newpass_crypt));
+
+        DBGLOG("query: UPDATE %s SET %s='%s' WHERE %s='%s'", table_s,
pwd_column
_s, "******", user_column_s, user_s);
         if(pg_exec(options, conn, &res,
                    "UPDATE %s SET %s='%s' WHERE %s='%s'",
-                   options->table,
-                   options->pwd_column,
-                   newpass_crypt,
-                   options->user_column,
+                   table_s,
+                   pwd_column_s,
+                   newpass_crypt_s,
+                   user_column_s,
                    user_s) != 0) {
             free(newpass_crypt);
             free_module_options(options);
@@ -735,12 +759,16 @@

         /* if we get here, we must have succeeded (pg_exec checks for
success) *
/
         free(newpass_crypt);
+        free(newpass_crypt_s);
+        free(user_s);
+        free(pwd_column_s);
+        free(user_column_s);
+        free(table_s);
         PQclear(res);
         PQfinish(conn);
     }

     free_module_options(options);
-    free(user_s);
     SYSLOG("(%s) password for '%s' was changed.", pam_get_service(pamh),
user);
     return PAM_SUCCESS;
 }

####this is the end of the message from boldi ;-)



Information forwarded to debian-bugs-dist@lists.debian.org, Joerg Wendland <joergland@debian.org>:
Bug#230875; Package libpam-pgsql. Full text and rfc822 format available.

Acknowledgement sent to Martin Schulze <joey@infodrom.org>:
Extra info received and forwarded to list. Copy sent to Joerg Wendland <joergland@debian.org>. Full text and rfc822 format available.

Message #17 received at 230875@bugs.debian.org (full text, mbox):

From: Martin Schulze <joey@infodrom.org>
To: Bencsath Boldizsar <boldi+dbug@mail2003.etl.hu>
Cc: 230875@bugs.debian.org, security@debian.org
Subject: Re: fix patch libpam-pgsql security hole
Date: Sat, 20 Mar 2004 12:19:01 +0100
Bencsath Boldizsar wrote:
> For the security team: this security hole in the "sid" release can affect
> "woody" and under special circumstances can result user pivilege
> escalation (user->root or something).

I agree.  Thanks for spotting the problem and providing a fix.

However, the version in woody cannot use PQencodeString, but needs to
stay with the homebrown version.

> sqlescape function is almost the same as the PQescapeString function in
> the latest postgresql versions.
> the pam_pgsql version has a different parameter order.
> pam_pgsql has a not-working case for character \0 (filtered by the "while"
> contraint)
> pam_pgsql
> it escapes backslash (\) as double backslash (\\)
> it escapes apostrophe (') as backslash-apostrophe (\')
> it escapes (") as (\")
> 
> while
> PQescapeString does
> \->\\ (the same)
> apostrophe to double-apostrophe ('->'')
> and does not escape (")
> 
> Considering the possibilities I propose to remove sqlescape routine from
> pam_pgsql and to use PQescapeString for security reasons. If it is
> affected with any security holes, then it can be solved at the single
> place of the postgresql source code. This is the first part of the patch.

For the woody update, I'll adjust the implementation of sqlescape instead.

> At last, as far as i see, a free(user_s) was placed at a wrong place at
> line ~740, which could result in freeing of a previously un-malloc-ed
> memory area, which can also result security considerations.

Indeed.

Did you notice that you don't free the malloc()'ed space when
authentification failed but only when it passes?

I don't think it is serious, but at least unclean.

Regards,

	Joey

-- 
Of course, I didn't mean that, which is why I didn't say it.
What I meant to say, I said.              -- Thomas Bushnell

Please always Cc to me when replying to me on the lists.



Information forwarded to debian-bugs-dist@lists.debian.org, Joerg Wendland <joergland@debian.org>:
Bug#230875; Package libpam-pgsql. Full text and rfc822 format available.

Acknowledgement sent to Matt Zimmerman <mdz@debian.org>:
Extra info received and forwarded to list. Copy sent to Joerg Wendland <joergland@debian.org>. Full text and rfc822 format available.

Message #22 received at 230875@bugs.debian.org (full text, mbox):

From: Matt Zimmerman <mdz@debian.org>
To: Martin Schulze <joey@infodrom.org>
Cc: Bencsath Boldizsar <boldi+dbug@mail2003.etl.hu>, 230875@bugs.debian.org, security@debian.org
Subject: Re: fix patch libpam-pgsql security hole
Date: Sat, 20 Mar 2004 11:08:33 -0800
On Sat, Mar 20, 2004 at 12:19:01PM +0100, Martin Schulze wrote:

> For the woody update, I'll adjust the implementation of sqlescape instead.

It doesn't seem necessary to change the implementation; it seems sufficient.
It only needs to be applied to the password as well as the username.

-- 
 - mdz



Information forwarded to debian-bugs-dist@lists.debian.org, Joerg Wendland <joergland@debian.org>:
Bug#230875; Package libpam-pgsql. Full text and rfc822 format available.

Acknowledgement sent to Martin Schulze <joey@infodrom.org>:
Extra info received and forwarded to list. Copy sent to Joerg Wendland <joergland@debian.org>. Full text and rfc822 format available.

Message #27 received at 230875@bugs.debian.org (full text, mbox):

From: Martin Schulze <joey@infodrom.org>
To: Joerg Wendland <joergland@debian.org>
Cc: Debian Security Team <team@security.debian.org>, Bencsath Boldizsar <boldi@mail2004.etl.hu>, 230875@bugs.debian.org
Subject: Re: fix patch libpam-pgsql security hole
Date: Tue, 23 Mar 2004 10:31:46 +0100
Martin Schulze wrote:
> > > Jens: FYI, this refers to Bug#230875.  Please prepare an update for
> > > sid as well and let me know which version will contain the fixes so
> > > I can include it in the advisory.  Unfortunately, I still don't have
> > > a CAN so we have to go without until I get it.

Here's the missing security reference: CAN-2004-0366

Regards,

	Joey

-- 
GNU GPL: "The source will be with you... always."



Information forwarded to debian-bugs-dist@lists.debian.org, Joerg Wendland <joergland@debian.org>:
Bug#230875; Package libpam-pgsql. Full text and rfc822 format available.

Acknowledgement sent to Martin Schulze <joey@infodrom.org>:
Extra info received and forwarded to list. Copy sent to Joerg Wendland <joergland@debian.org>. Full text and rfc822 format available.

Message #32 received at 230875@bugs.debian.org (full text, mbox):

From: Martin Schulze <joey@infodrom.org>
To: 230875@bugs.debian.org
Cc: control@bugs.debian.org
Subject: fixed in NMU
Date: Mon, 29 Mar 2004 15:46:02 +0200
[Message part 1 (text/plain, inline)]
tags 230875 fixed
thanks

Below is the patch I used.

Regards,

	Joey

-- 
Never trust an operating system you don't have source for!

Please always Cc to me when replying to me on the lists.
[patch.CAN-2004-0366.pam-pgsql (text/plain, attachment)]

Tags added: fixed Request was from Martin Schulze <joey@infodrom.org> to control@bugs.debian.org. Full text and rfc822 format available.

Tags removed: fixed Request was from Steve Langasek <vorlon@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Merged 230875 307784. Request was from Steve Langasek <vorlon@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Merged 230875 307366 307784. Request was from Micha Lenk <micha.lenk@mathe-info.fs.uni-karlsruhe.de> to control@bugs.debian.org. Full text and rfc822 format available.

Reply sent to Primoz Bratanic <primoz@slo-tech.com>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Primoz Bratanic <primoz@slo-tech.com>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #45 received at 230875-close@bugs.debian.org (full text, mbox):

From: Primoz Bratanic <primoz@slo-tech.com>
To: 230875-close@bugs.debian.org
Subject: Bug#230875: fixed in pam-pgsql 0.5.2-9
Date: Mon, 09 May 2005 07:32:18 -0400
Source: pam-pgsql
Source-Version: 0.5.2-9

We believe that the bug you reported is fixed in the latest version of
pam-pgsql, which is due to be installed in the Debian FTP archive:

libpam-pgsql_0.5.2-9_i386.deb
  to pool/main/p/pam-pgsql/libpam-pgsql_0.5.2-9_i386.deb
pam-pgsql_0.5.2-9.diff.gz
  to pool/main/p/pam-pgsql/pam-pgsql_0.5.2-9.diff.gz
pam-pgsql_0.5.2-9.dsc
  to pool/main/p/pam-pgsql/pam-pgsql_0.5.2-9.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 230875@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Primoz Bratanic <primoz@slo-tech.com> (supplier of updated pam-pgsql package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sun, 8 May 2005 23:10:16 +0200
Source: pam-pgsql
Binary: libpam-pgsql
Architecture: source i386
Version: 0.5.2-9
Distribution: unstable
Urgency: low
Maintainer: Primoz Bratanic <primoz@slo-tech.com>
Changed-By: Primoz Bratanic <primoz@slo-tech.com>
Description: 
 libpam-pgsql - PAM module to authenticate using a PostgreSQL database
Closes: 130496 139473 142889 204181 204439 218291 230875 236484 240823 247536 280774 281703 303198 307366 307784
Changes: 
 pam-pgsql (0.5.2-9) unstable; urgency=low
 .
   * Reapplied security patches (Closes: #230875,#307784)
   * Boolean values works with boolean type as well (Closes: #130496)
   * Documentation typo (Closes: #218291)
   * Reapplied other NMU patches (Closes: #307366)
   * Allow port specification (Closes: #247536)
   * Reapplied "Stack-Friendly patch" (Closes: #139473)
   * Deleted wrong README.Debian (Closes: #204181)
   * Documented host and port options (Closes: #204439)
   * Reapplied patch to allow different config files (Closes: #236484)
   * Reapplied patch to support another MD5 type passwords (Closes: #142889)
   * Change "must change password" field (if any) to false after changing password
   * Deleted build-all from root (Closes: #240823)
   * Fixed few memory leaks (Closes: #280774)
   * Added timeout option for database connects (Closes: #281703)
   * Use debian/compat instead of DH_COMPAT
   * drop DH_COMPAT and DH_VERBOSE exports from debian/rules
   * don't ask root for password whan changing password
   * New Maintainer (Closes: #303198)
   * Fixed PAM stack to behave exactly as expected with use_authtok
   * Fixed a lot of memory leaks introduced by security patches
   * Fixed a lot of memory leaks arround returning error early
Files: 
 074fc0709067f077f6972e980ed6a464 620 admin extra pam-pgsql_0.5.2-9.dsc
 f667f5b2dc4689d4b5abe58adea10428 71833 admin extra pam-pgsql_0.5.2-9.diff.gz
 41fbf6743108146098868d82abb79b86 15394 admin extra libpam-pgsql_0.5.2-9_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)

iD8DBQFCf0ZA97LBwbNFvdMRAjxdAJ4mx2lgQnszA30FmjovGtEx460gyQCfYwAB
mymZOzojT/MstkqwUrKX/K8=
=dJ7/
-----END PGP SIGNATURE-----




Bug reopened, originator not changed. Request was from Adrian Bunk <bunk@stusta.de> to control@bugs.debian.org. Full text and rfc822 format available.

Tags added: sarge Request was from Adrian Bunk <bunk@stusta.de> to control@bugs.debian.org. Full text and rfc822 format available.

Tags removed: sarge Request was from Steve Langasek <vorlon@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Bug closed, send any further explanations to Primoz Bratanic <primoz@slo-tech.com> Request was from Steve Langasek <vorlon@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri Apr 18 20:49:28 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.