Debian Patches
Status for pam-u2f/1.1.0-1.1+deb12u1
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| Handle-converse-returning-NULL.patch | Handle converse() returning NULL If a PIN is required and converse() returns NULL, abort the authentication flow instead of reverting to FIDO2 without PIN. Fixes #175. |
pedro martelletto <pedro@yubico.com> | yes | debian upstream | https://github.com/Yubico/pam-u2f/commit/6059b057dd9b6d0164fc16f9422c0d728f902bb5 | 2021-05-19 |
| check_permissions_authfile.patch | commit 51cea61c89b750cad899eb2d34299d5d41d04090 util: check permissions of authfile |
Ludvig Michaelsson <ludvig.michaelsson@yubico.com> | no | 2025-01-13 | ||
| relax-permission.patch | commit f573707012f92e31172a7b14b6e36f8e93a02478 util: soften authfile permission check to a warning We'd like to make this a hard error but it has proven to break existing installations. To avoid breaking changes, revert to trying our hardest to inform the administrator that this user is authenticating with a potentially unsafe authfile. |
Ludvig Michaelsson <ludvig.michaelsson@yubico.com> | no | 2025-01-15 | ||
| tighten_down_nouserok.patch | commit 08199144d870a63275a4601dbc6751ac68d48301 pam: tighten down nouserok Move PAM return value handling to get_devices_from_authfile(): If `nouserok` is set, return - PAM_IGNORE if open() returns ENOENT; - PAM_IGNORE if user is not found in the authfile; - PAM_IGNORE if user is found in the but have no credentials; - PAM_AUTHINFO_UNAVAIL otherwise. If `nouserok` is *not* set, return - PAM_USER_UNKNOWN if user is not found in the authfile; - PAM_USER_UNKNOWN if user is found but have no credentials; - PAM_AUTHINFO_UNAVAIL otherwise. This commit is part of a fix for YSA-2025-01 / CVE-2025-23013. |
Ludvig Michaelsson <ludvig.michaelsson@yubico.com> | no | 2024-11-21 | ||
| do_not_return_PAM_IGNORE.patch | commit a96ef17f74b8e4ed80a97322120af1a228a1ffb7 pam: do not return PAM_IGNORE on system errors Instead, use more meaningful status codes: - PAM_SYSTEM_ERR if getpwuid_r(), gethostname(), or pam_modutil_{drop,regain}_priv() fails; - PAM_BUF_ERR if memory allocation routines fails; and - PAM_ABORT for any uncaught errors. This commit is part of a fix for YSA-2025-01 / CVE-2025-23013. |
Ludvig Michaelsson <ludvig.michaelsson@yubico.com> | no | 2024-11-20 | ||
| test_update_retvals.patch | commit cf68862af2dbe7730ed7c5fd8a02ac8aada9e7b5 tests: update return value |
Ludvig Michaelsson <ludvig.michaelsson@yubico.com> | no | 2024-11-21 |
All known versions for source package 'pam-u2f'
- 1.4.0-3 (forky, sid)
- 1.4.0-1 (trixie)
- 1.1.0-1.1+deb12u1 (bookworm-security, bookworm)