Debian Bug report logs - #699159
Enable pam_tty_audit module

version graph

Package: src:pam; Maintainer for src:pam is Steve Langasek <vorlon@debian.org>;

Reported by: Henrik Ahlgren <pablo@seestieto.com>

Date: Mon, 28 Jan 2013 11:27:01 UTC

Severity: wishlist

Found in version pam/1.1.3-7.1

Fixed in version pam/1.1.3-10

Done: Steve Langasek <vorlon@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Steve Langasek <vorlon@debian.org>:
Bug#699159; Package src:pam. (Mon, 28 Jan 2013 11:27:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Henrik Ahlgren <pablo@seestieto.com>:
New Bug report received and forwarded. Copy sent to Steve Langasek <vorlon@debian.org>. (Mon, 28 Jan 2013 11:27:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Henrik Ahlgren <pablo@seestieto.com>
To: submit@bugs.debian.org
Subject: Enable pam_tty_audit module
Date: Mon, 28 Jan 2013 12:54:22 +0200
Source: pam
Version: 1.1.3-7.1
Severity: wishlist

Dear maintainer,

PAM is built with with the "--disable-audit" configure option, so the
pam_tty_audit module is not included libpam-modules or other
binary packages.

Said module is useful in high-security environments requiring an audit
trail of administrator activities. Please consider including the
module either in libpam-modules, or creating a separate binary package
(libpam-tty-audit?) to avoid dependency to libaudit0.

I have manually tested compiling the module in Squeeze and it appears
to work just fine. I have not yet tested it in Wheezy.

Best regards,
Henrik Ahlgren





Reply sent to Steve Langasek <vorlon@debian.org>:
You have taken responsibility. (Tue, 12 Feb 2013 06:21:11 GMT) Full text and rfc822 format available.

Notification sent to Henrik Ahlgren <pablo@seestieto.com>:
Bug acknowledged by developer. (Tue, 12 Feb 2013 06:21:11 GMT) Full text and rfc822 format available.

Message #10 received at 699159-close@bugs.debian.org (full text, mbox):

From: Steve Langasek <vorlon@debian.org>
To: 699159-close@bugs.debian.org
Subject: Bug#699159: fixed in pam 1.1.3-8
Date: Tue, 12 Feb 2013 06:17:41 +0000
Source: pam
Source-Version: 1.1.3-8

We believe that the bug you reported is fixed in the latest version of
pam, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 699159@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Steve Langasek <vorlon@debian.org> (supplier of updated pam package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 12 Feb 2013 05:36:29 +0000
Source: pam
Binary: libpam0g libpam-modules libpam-modules-bin libpam-runtime libpam0g-dev libpam-cracklib libpam-doc
Architecture: source amd64 all
Version: 1.1.3-8
Distribution: unstable
Urgency: low
Maintainer: Steve Langasek <vorlon@debian.org>
Changed-By: Steve Langasek <vorlon@debian.org>
Description: 
 libpam-cracklib - PAM module to enable cracklib support
 libpam-doc - Documentation of PAM
 libpam-modules - Pluggable Authentication Modules for PAM
 libpam-modules-bin - Pluggable Authentication Modules for PAM - helper binaries
 libpam-runtime - Runtime support for the PAM library
 libpam0g   - Pluggable Authentication Modules library
 libpam0g-dev - Development files for PAM
Closes: 648695 693450 693995 699159
Changes: 
 pam (1.1.3-8) unstable; urgency=low
 .
   * Confirm NMU for bug #611136; thanks to Michael Gilbert.
     - As a side effect, there will no longer be errors from reading the
       .pam_environment twice since we are now reading it 0 times.
       LP: #955032.
   * Adjust the pam_env documentation to match the module behavior resulting
     from the previous security upload.  Closes: #693995.
   * debian/rules: never regenerate manpages at build time; this may cause
     build skew that breaks the world in a multiarch context.  LP: #1095887.
   * debian/patches-applied/glibc-2_16-compilation-fix.patch: fix missing
     include causing build failure with eglibc 2.16.  Thanks to Daniel
     Schepler <dschepler@gmail.com>.  Closes: #693450.
   * Ditch autoconf patch in favor of a build-dependency on dh-autoreconf,
     which will let us keep up-to-date with newer autotools.  In the present
     instance, this gets us aarch64 support.
   * Install pam_timestamp_check - and while we're at it, move the manpage
     to the correct binary package.  Closes: #648695.
   * Update lintian overrides to suppress some noise about hardening and
     manpages.
   * Enable audit support, by popular demand.  This should have no major
     impact unless you're also running auditd; but I reserve the right to
     disable this again in the event that this causes a performance hit or
     breaks upgrades (since the dependency is pulled into libpam, not just
     into pam_tty_audit).  Closes: #699159, LP: #937005.
Checksums-Sha1: 
 0684707506b07b7c2ccbac4b79ae4370e9b1bbb6 2433 pam_1.1.3-8.dsc
 f134a8fdcd935151f3ec37a2d3b25edcf85901cd 179313 pam_1.1.3-8.diff.gz
 3fdeccc85b17a67c6dd1e69fa4cbdd5a51f4ae6f 130004 libpam0g_1.1.3-8_amd64.deb
 47c044a7ce284a9c3c8d3bf48140166a2552e870 354084 libpam-modules_1.1.3-8_amd64.deb
 271d28fc190f6e1c76155a81d87f7321efcf0bc3 118254 libpam-modules-bin_1.1.3-8_amd64.deb
 93c0626979b87eebe6ac6ebb10700141a2f6e9e6 222208 libpam-runtime_1.1.3-8_all.deb
 599817396cbc3ab662c7072cb54531cc5769a0b2 193202 libpam0g-dev_1.1.3-8_amd64.deb
 ab596c70804f59912fdbee40cdbe5bf87d5d3339 84560 libpam-cracklib_1.1.3-8_amd64.deb
 b67b153454768bc467f766c55ad64f81b188a88e 104346 libpam-doc_1.1.3-8_all.deb
Checksums-Sha256: 
 9ca5b79fda8aa05414f509f6aae8836969e96960b5a6f31568bc593749117576 2433 pam_1.1.3-8.dsc
 0202af9d30f7312a07543daca052e2133a077977dc75f38a688270a100c8014c 179313 pam_1.1.3-8.diff.gz
 96836deace34e951b631116dd9a60181c8d429761fac54ca0339ad106aa68141 130004 libpam0g_1.1.3-8_amd64.deb
 5d8dd5e589054e9472f3dd70f19e7115fb1b3bc9072fecd4a479cc2fd44dea96 354084 libpam-modules_1.1.3-8_amd64.deb
 16453fc9e225f8e395c6bf0b1f94b9b252466bed8c36940868b036f013e21f83 118254 libpam-modules-bin_1.1.3-8_amd64.deb
 8b7f78fa638c8bcce89d5b629d84c9250d63cf9afa2d87fda929bf9d0a7f57f4 222208 libpam-runtime_1.1.3-8_all.deb
 3ae1000f0b5d44d9c5e146ed403604e1e5f493ba35f8fdafee4615efe8bfc203 193202 libpam0g-dev_1.1.3-8_amd64.deb
 7a3dddc395af9456afdee2e294662929424ebd47889e6df4e2d868dee7ddb2dd 84560 libpam-cracklib_1.1.3-8_amd64.deb
 9a2a4bca85f15faac87d6a54d1ff28c40f61acd7d7c7c031489528173f47dceb 104346 libpam-doc_1.1.3-8_all.deb
Files: 
 a66a4307e4963a091654c6929c568359 2433 libs optional pam_1.1.3-8.dsc
 256c661054f74b3076f2f9e2aaa90e7b 179313 libs optional pam_1.1.3-8.diff.gz
 1d8887f6b751abaa5b4ceb7c36ecf007 130004 libs required libpam0g_1.1.3-8_amd64.deb
 d8417dd801d327e6405af7854ea94204 354084 admin required libpam-modules_1.1.3-8_amd64.deb
 9b52356e51755cfb382fc33ef562ee20 118254 admin required libpam-modules-bin_1.1.3-8_amd64.deb
 c0fa3bb0a6741ab76c585eedff3930f1 222208 admin required libpam-runtime_1.1.3-8_all.deb
 54a0a40cc80097cc9f43952435ae4da7 193202 libdevel optional libpam0g-dev_1.1.3-8_amd64.deb
 faceebfb814c8051610395a45a151c3c 84560 admin optional libpam-cracklib_1.1.3-8_amd64.deb
 c8c2a9f026a2f4988c55c826f87b263f 104346 doc optional libpam-doc_1.1.3-8_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJRGdsJAAoJEFaNMPMhshM9nzcP/0cl6w+y9wdWUFT6VNx4Pwo2
ABU0GBwrBaK0wVa9eyx8NtKMG4lsutkeZxrN1PTwl6RQuNQ/Fy+HNUBoRLcZVMmU
D/lUZgmecDMoCi/6EMndFzl8XcKiLVWOsLYJ3IFOtMoy5jVAVPW8affYjkaqWo25
8qneN/nAEfawNwUp+wljlBFKFRG/g3q0x8hXY/fLzlsGKTOv9iuG7UNlQXDfDiwu
hqvUaymo50+RDHlSAwPqev7TQWrBUXGjLC3daFmOaq1SGYJ8vMDiRXyCgTKSiVMM
If7L8jE6nuMYEf4uiR0H1u7x+rqCZLaZOpD92rDHLOSVK2pjfhcJeX/u00x5bGuM
TLIjwhEAQabAlI9QzeOgId/LL3OnWxdtZ7ajoj50urROrfOeRml1kZ+qTxDsLJ97
sIMwfNB2l2Jka2Bu8IgcD7nTKglr+SLkzMyrAzNuZc+mrwwnVvNM03QJlyYB69cC
gL6JZn48yKtmEUrnw2+NsIwGxt+UCNe5mW5zAyj/reZESrJIOcaOLg5WvIVsgHvn
gi/II1OZi/YlQgqGs9YyfLsere+n2tlW+aH7r5QIU1jkyOauXWm6jnyMgnwfclCq
+gcvB1HjP67c1pfhf0Pkp3FsLYm7yEBhAyKRcLXAwk2smV+LkX3blfg3IHtlUhnR
gPfaOY1luozqKcrJTWVi
=OZTr
-----END PGP SIGNATURE-----




Information forwarded to debian-bugs-dist@lists.debian.org, Steve Langasek <vorlon@debian.org>:
Bug#699159; Package src:pam. (Wed, 13 Feb 2013 03:09:07 GMT) Full text and rfc822 format available.

Acknowledgement sent to Guillem Jover <guillem@debian.org>:
Extra info received and forwarded to list. Copy sent to Steve Langasek <vorlon@debian.org>. (Wed, 13 Feb 2013 03:09:07 GMT) Full text and rfc822 format available.

Message #15 received at 699159@bugs.debian.org (full text, mbox):

From: Guillem Jover <guillem@debian.org>
To: 699159@bugs.debian.org
Subject: Re: Bug#699159 closed by Steve Langasek <vorlon@debian.org> (Bug#699159: fixed in pam 1.1.3-8)
Date: Wed, 13 Feb 2013 04:04:27 +0100
On Tue, 2013-02-12 at 06:21:11 +0000, Debian Bug Tracking System wrote:
>  pam (1.1.3-8) unstable; urgency=low
>  .
[...]
>    * Enable audit support, by popular demand.  This should have no major
>      impact unless you're also running auditd; but I reserve the right to
>      disable this again in the event that this causes a performance hit or
>      breaks upgrades (since the dependency is pulled into libpam, not just
>      into pam_tty_audit).  Closes: #699159, LP: #937005.

This means libaudit is pulled now into the pseudo-essential set,
I think this change deserves a discussion (but at last a courtesy
mention) in debian-devel because of that (and the implied new
addition to a Pre-Depends).

Also libaudit is not Multi-Arch ready so now pam is not
installable/upgradable anymore on those setups.

Regards,
Guillem



Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#699159; Package src:pam. (Wed, 13 Feb 2013 03:27:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Steve Langasek <vorlon@debian.org>:
Extra info received and forwarded to list. (Wed, 13 Feb 2013 03:27:03 GMT) Full text and rfc822 format available.

Message #20 received at 699159@bugs.debian.org (full text, mbox):

From: Steve Langasek <vorlon@debian.org>
To: Guillem Jover <guillem@debian.org>, 699159@bugs.debian.org
Subject: Re: Bug#699159: closed by Steve Langasek <vorlon@debian.org> (Bug#699159: fixed in pam 1.1.3-8)
Date: Tue, 12 Feb 2013 19:23:15 -0800
[Message part 1 (text/plain, inline)]
reopen 699159
thanks

On Wed, Feb 13, 2013 at 04:04:27AM +0100, Guillem Jover wrote:
> On Tue, 2013-02-12 at 06:21:11 +0000, Debian Bug Tracking System wrote:
> >  pam (1.1.3-8) unstable; urgency=low
> >  .
> [...]
> >    * Enable audit support, by popular demand.  This should have no major
> >      impact unless you're also running auditd; but I reserve the right to
> >      disable this again in the event that this causes a performance hit or
> >      breaks upgrades (since the dependency is pulled into libpam, not just
> >      into pam_tty_audit).  Closes: #699159, LP: #937005.

> This means libaudit is pulled now into the pseudo-essential set,
> I think this change deserves a discussion (but at last a courtesy
> mention) in debian-devel because of that (and the implied new
> addition to a Pre-Depends).

Yep, agreed; sorry, I didn't think through the fact that this was a
pre-depend and warranted discussion.

> Also libaudit is not Multi-Arch ready so now pam is not
> installable/upgradable anymore on those setups.

Right, this has also been pointed out to me and I've reverted this change in
unstable as a result.  libaudit1 in experimental is multiarch ready; pam
should wait for it to hit unstable before enabling audit support again.

-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                    http://www.debian.org/
slangasek@ubuntu.com                                     vorlon@debian.org
[signature.asc (application/pgp-signature, inline)]

Bug reopened Request was from Steve Langasek <vorlon@debian.org> to control@bugs.debian.org. (Wed, 13 Feb 2013 03:27:05 GMT) Full text and rfc822 format available.

No longer marked as fixed in versions pam/1.1.3-8. Request was from Steve Langasek <vorlon@debian.org> to control@bugs.debian.org. (Wed, 13 Feb 2013 03:27:06 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Steve Langasek <vorlon@debian.org>:
Bug#699159; Package src:pam. (Thu, 29 Aug 2013 10:54:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Laurent Bigonville <bigon@debian.org>:
Extra info received and forwarded to list. Copy sent to Steve Langasek <vorlon@debian.org>. (Thu, 29 Aug 2013 10:54:04 GMT) Full text and rfc822 format available.

Message #29 received at 699159@bugs.debian.org (full text, mbox):

From: Laurent Bigonville <bigon@debian.org>
To: 699159@bugs.debian.org
Subject: Re: Enable pam_tty_audit module
Date: Thu, 29 Aug 2013 12:51:50 +0200
Hi,

Multiarchified audit (1:2.3.2-2) package has now been uploaded in
unstable. I guess the pam_tty_audit module can be enabled now.

Cheers

Laurent Bigonville



Reply sent to Steve Langasek <vorlon@debian.org>:
You have taken responsibility. (Mon, 21 Oct 2013 00:21:05 GMT) Full text and rfc822 format available.

Notification sent to Henrik Ahlgren <pablo@seestieto.com>:
Bug acknowledged by developer. (Mon, 21 Oct 2013 00:21:05 GMT) Full text and rfc822 format available.

Message #34 received at 699159-close@bugs.debian.org (full text, mbox):

From: Steve Langasek <vorlon@debian.org>
To: 699159-close@bugs.debian.org
Subject: Bug#699159: fixed in pam 1.1.3-10
Date: Mon, 21 Oct 2013 00:18:35 +0000
Source: pam
Source-Version: 1.1.3-10

We believe that the bug you reported is fixed in the latest version of
pam, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 699159@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Steve Langasek <vorlon@debian.org> (supplier of updated pam package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 20 Oct 2013 15:30:46 -0700
Source: pam
Binary: libpam0g libpam-modules libpam-modules-bin libpam-runtime libpam0g-dev libpam-cracklib libpam-doc
Architecture: source amd64 all
Version: 1.1.3-10
Distribution: unstable
Urgency: low
Maintainer: Steve Langasek <vorlon@debian.org>
Changed-By: Steve Langasek <vorlon@debian.org>
Description: 
 libpam-cracklib - PAM module to enable cracklib support
 libpam-doc - Documentation of PAM
 libpam-modules - Pluggable Authentication Modules for PAM
 libpam-modules-bin - Pluggable Authentication Modules for PAM - helper binaries
 libpam-runtime - Runtime support for the PAM library
 libpam0g   - Pluggable Authentication Modules library
 libpam0g-dev - Development files for PAM
Closes: 699159
Changes: 
 pam (1.1.3-10) unstable; urgency=low
 .
   * Fix pam-auth-update handling of trailing blank lines in the fields of
     profiles.  LP: #1160288.
   * Reintroduce libaudit support now that libaudit has been multiarched.
     Closes: #699159.
Checksums-Sha1: 
 4e8a671c350b8b38bba05d831c1a523c9beeb009 2437 pam_1.1.3-10.dsc
 2c08ecdaa7af969b2c037f2121b160135077091e 178904 pam_1.1.3-10.diff.gz
 7fbebfe57db6e64c83b066c5f8154142a109b104 122602 libpam0g_1.1.3-10_amd64.deb
 76c78ac49446f78b564c1c92863e35ea5f7ca5bc 295618 libpam-modules_1.1.3-10_amd64.deb
 a328d683c81a12be5a2145b603b767b63623b993 102202 libpam-modules-bin_1.1.3-10_amd64.deb
 7cdb08f1669fccd7c82e4a9424e7cd74ffdd7574 195680 libpam-runtime_1.1.3-10_all.deb
 22291060810fc70ee11b9c6dbdcb1b2f9febafd9 181598 libpam0g-dev_1.1.3-10_amd64.deb
 8c5782e28407966938f380e6a6c5f7884148090d 83744 libpam-cracklib_1.1.3-10_amd64.deb
 7f2f63faf5f4b7fd3a57a21e120246f4e412cc51 104744 libpam-doc_1.1.3-10_all.deb
Checksums-Sha256: 
 d29ac9133203bbc893a42a40019ff3791183ef7b6824114274fae79f826c6595 2437 pam_1.1.3-10.dsc
 92ca04f1c45f368a2226d7a7f3ecf6de623a0be2a32955fabb2150dd6e1fc200 178904 pam_1.1.3-10.diff.gz
 dca2b04b7d3ff699a216ea43f74a9d85555a3c801b66beab03b4ffb7fb86b66a 122602 libpam0g_1.1.3-10_amd64.deb
 e7064b8b02e1d4b08fcb6003fb49197296a6c97a63d05af024bfd4ca0aab44af 295618 libpam-modules_1.1.3-10_amd64.deb
 a86f5586f6fd2dc70813883c888dab2156f949e54e5c572c714c2157586baf71 102202 libpam-modules-bin_1.1.3-10_amd64.deb
 2b191f1548fe314a9def411ef6851a7e9819c7ca9dc172db1e0fd6e5501413ae 195680 libpam-runtime_1.1.3-10_all.deb
 b3dd4e475fba435690b86218ebbbc34d9e8a416026c8d0dde541d2cbfdb548d4 181598 libpam0g-dev_1.1.3-10_amd64.deb
 3b127b7dfa795557361148a71c3c7188621a2965d68770dcf6e88abb0a2e8bf9 83744 libpam-cracklib_1.1.3-10_amd64.deb
 f2b92aba0a61e6e08280015525be6b207ef37345e09a5086450b4e91b761f300 104744 libpam-doc_1.1.3-10_all.deb
Files: 
 9e0a9683ae6a883128e59e76a1cc65c7 2437 libs optional pam_1.1.3-10.dsc
 b10286191a2fd990546c42f826c34c4c 178904 libs optional pam_1.1.3-10.diff.gz
 a83a7d373506d780cda9b78745528cf8 122602 libs required libpam0g_1.1.3-10_amd64.deb
 7b479bb651b221adb214d3bf95ca9785 295618 admin required libpam-modules_1.1.3-10_amd64.deb
 516de08e7ba1f7dbf62893234f8de8d7 102202 admin required libpam-modules-bin_1.1.3-10_amd64.deb
 08f16e9af53f523287447d58b10271ba 195680 admin required libpam-runtime_1.1.3-10_all.deb
 85b34cc34e337ee3fecbb19d9b4c1161 181598 libdevel optional libpam0g-dev_1.1.3-10_amd64.deb
 fa5ff05b5d278ff91865ccd3db443869 83744 admin optional libpam-cracklib_1.1.3-10_amd64.deb
 b0e6d1c31e273fd65bacf39afa4995ae 104744 doc optional libpam-doc_1.1.3-10_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)

iQIcBAEBCAAGBQJSZHF/AAoJEFaNMPMhshM9QiQQAL9GplsR17KbsUY4VYLdUeWL
uXtMbjxoGh0R4ud7aiKKHS64S5LWtORIAeo5obyQ56fM8BlvUTnqUVucjw1Gk0DG
JecnVUAJ55AnkF6gUQ+YJRmlMnxwGFHQsfgO8YE3Bd/BnBsxZTCkLZC2VVAKHEq3
13/1UCNQzX/W58eecsk/kZUufRBoUEEUAUx6CJkod5moxgZEjQTvIHKlubXwiyhs
rqZmH4CeIqT4fqNdXXuk7sV7Gm9xtu0Q9rQI3Nm6UlYxIx4jfcN8l50a8jZhvbjf
8Yi4QRSSHNGKJP0F85EwNT+vtwo4OUIHySqnr83CU5FnD9roNwo1anxPbw0LY3iN
LOBULLFJ7ZxduWP1xsq+DioGPwF7HCry02dTXns9yT10oGAzr7xn01bSm4nbQU7H
544kyZEW0M/FR3ba6bmC9PZwOQjLparvIwQ3Ng8T+p8uEGrF43WnoIUY6w4p08Ev
uLPLayYUDe/JPJaJ64BtKC83iPdYw7fw/gk8bCTEwfn39DBAkKOD28SppxA/Xm04
NlAYMd+K6RPIHm72vbHIeZVD+NOQkRxqLNC+Cd1w6rjpx1p6CJd1LcSPtCZSuUWe
E6sxagxf0QFLVC2ZJHBuGu9j07dSkLT+frRZh0s5EV3WONBx3c1nbwQ/azmOE0aV
YKPGLpISN2vL1WyKvNU8
=iLKO
-----END PGP SIGNATURE-----




Information forwarded to debian-bugs-dist@lists.debian.org, Steve Langasek <vorlon@debian.org>:
Bug#699159; Package src:pam. (Mon, 21 Oct 2013 19:00:09 GMT) Full text and rfc822 format available.

Acknowledgement sent to Guillem Jover <guillem@debian.org>:
Extra info received and forwarded to list. Copy sent to Steve Langasek <vorlon@debian.org>. (Mon, 21 Oct 2013 19:00:09 GMT) Full text and rfc822 format available.

Message #39 received at 699159@bugs.debian.org (full text, mbox):

From: Guillem Jover <guillem@debian.org>
To: 699159@bugs.debian.org
Subject: Re: Bug#699159: closed by Steve Langasek <vorlon@debian.org> (Bug#699159: fixed in pam 1.1.3-8)
Date: Mon, 21 Oct 2013 20:56:26 +0200
On Wed, 2013-02-13 at 04:04:27 +0100, Guillem Jover wrote:
> On Tue, 2013-02-12 at 06:21:11 +0000, Debian Bug Tracking System wrote:
> >  pam (1.1.3-8) unstable; urgency=low
> >  .
> [...]
> >    * Enable audit support, by popular demand.  This should have no major
> >      impact unless you're also running auditd; but I reserve the right to
> >      disable this again in the event that this causes a performance hit or
> >      breaks upgrades (since the dependency is pulled into libpam, not just
> >      into pam_tty_audit).  Closes: #699159, LP: #937005.

> This means libaudit is pulled now into the pseudo-essential set,
> I think this change deserves a discussion (but at last a courtesy
> mention) in debian-devel because of that (and the implied new
> addition to a Pre-Depends).

> On Mon, 2013-10-21 at 00:21:05 +0000, Debian Bug Tracking System wrote:
> >  pam (1.1.3-10) unstable; urgency=low
> >  .
> […]
> >    * Reintroduce libaudit support now that libaudit has been multiarched.
> >      Closes: #699159.

The above comment still applies, and I don't remember any mention of
this on debian-devel, but I could have missed it.

Regards,
Guillem



Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#699159; Package src:pam. (Mon, 21 Oct 2013 19:27:08 GMT) Full text and rfc822 format available.

Acknowledgement sent to Steve Langasek <vorlon@debian.org>:
Extra info received and forwarded to list. (Mon, 21 Oct 2013 19:27:08 GMT) Full text and rfc822 format available.

Message #44 received at 699159@bugs.debian.org (full text, mbox):

From: Steve Langasek <vorlon@debian.org>
To: Guillem Jover <guillem@debian.org>, 699159@bugs.debian.org
Subject: Re: Bug#699159: closed by Steve Langasek <vorlon@debian.org> (Bug#699159: fixed in pam 1.1.3-8)
Date: Mon, 21 Oct 2013 12:25:12 -0700
[Message part 1 (text/plain, inline)]
On Mon, Oct 21, 2013 at 08:56:26PM +0200, Guillem Jover wrote:
> On Wed, 2013-02-13 at 04:04:27 +0100, Guillem Jover wrote:
> > On Tue, 2013-02-12 at 06:21:11 +0000, Debian Bug Tracking System wrote:
> > >  pam (1.1.3-8) unstable; urgency=low
> > >  .
> > [...]
> > >    * Enable audit support, by popular demand.  This should have no major
> > >      impact unless you're also running auditd; but I reserve the right to
> > >      disable this again in the event that this causes a performance hit or
> > >      breaks upgrades (since the dependency is pulled into libpam, not just
> > >      into pam_tty_audit).  Closes: #699159, LP: #937005.

> > This means libaudit is pulled now into the pseudo-essential set,
> > I think this change deserves a discussion (but at last a courtesy
> > mention) in debian-devel because of that (and the implied new
> > addition to a Pre-Depends).

> > On Mon, 2013-10-21 at 00:21:05 +0000, Debian Bug Tracking System wrote:
> > >  pam (1.1.3-10) unstable; urgency=low
> > >  .
> > […]
> > >    * Reintroduce libaudit support now that libaudit has been multiarched.
> > >      Closes: #699159.

> The above comment still applies, and I don't remember any mention of
> this on debian-devel, but I could have missed it.

You're right, sorry for forgetting about this.  Kicking off a discussion
now.

-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                    http://www.debian.org/
slangasek@ubuntu.com                                     vorlon@debian.org
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#699159; Package src:pam. (Mon, 21 Oct 2013 19:57:08 GMT) Full text and rfc822 format available.

Acknowledgement sent to Steve Langasek <vorlon@debian.org>:
Extra info received and forwarded to list. (Mon, 21 Oct 2013 19:57:08 GMT) Full text and rfc822 format available.

Message #49 received at 699159@bugs.debian.org (full text, mbox):

From: Steve Langasek <vorlon@debian.org>
To: debian-devel@lists.debian.org, 699159@bugs.debian.org
Subject: Proposed new dependency from libpam-modules on libaudit
Date: Mon, 21 Oct 2013 12:56:39 -0700
[Message part 1 (text/plain, inline)]
Hi folks,

So with wheezy out, libaudit is now multiarch-capable, which means for
jessie I would like to enable the tty_audit PAM module.  This brings
libaudit into the transitively essential set of libraries, so should be
discussed here.  (I forgot to raise this thread before actually uploading
this change to unstable; sorry about that.  Since I believe this change will
be fairly uncontroversial, I'll leave it as-is in the archive pending the
outcome of this discussion, unless someone is aware of issues that it's
causing.)

libaudit provides core security functionality, related, as the name implies,
to audit logs for sessions.  It enables auditd, but does not depend on it;
auditd itself remains optional, and libaudit is a no-op with reasonably low
overhead without it.  But support for it must be enabled in the core
packages in order for auditd to do its job usefully.

libaudit1 has no new external dependencies (just libaudit-common), and is a
tiny waif of a library (~200k).

Are there any objections to pulling libaudit into the base set?

Thanks,
-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                    http://www.debian.org/
slangasek@ubuntu.com                                     vorlon@debian.org
[signature.asc (application/pgp-signature, inline)]

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Wed, 19 Mar 2014 07:31:35 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Apr 16 19:00:55 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.