pam-u2f (1.3.2-1) unstable; urgency=medium
* New upstream version 1.3.2
-- Patrick Winnertz <winnie@debian.org> Sat, 18 Jan 2025 23:32:12 +0100
pam-u2f (1.3.1-1) unstable; urgency=medium
* Team upload.
[ Debian Janitor ]
* Set upstream metadata fields.
[ Simon Josefsson ]
* New upstream version 1.3.1
* Bump d/* copyright years, adding myself.
* Use Standards-Version 4.7.0.
* Run wrap-and-sort -satbk.
* Add d/salsa-ci.yml.
-- Simon Josefsson <simon@josefsson.org> Tue, 14 Jan 2025 18:20:07 +0100
pam-u2f (1.3.0-1) unstable; urgency=medium
* Update the keys according to the yubico website
and delete one from the keyring.
* Modify gbp.conf
+ Remove autosigning of upstream, I can't check that
tag (and the content) before signing.
+ Extend the included gbp so that everybody
uses gz in this case.
* Accknowledge NMU from Salvatore Bonaccorso <carnil@debian.org>
to close CVE-2021-31924 (Closes: #987545) - see release 1.1.1
* New upstream version 1.3.0 (Closes: #1022073)
+ Add sanity checking of UV options to pamu2fcfg.
+ Add support for username expansion in the authfile path.
+ Improvements to the documentation.
+ 1.2.1:
+ Fixed an issue where native credentials could be truncated,
resulting in failure to authenticate or successful
authentication with missing options.
+ Stricter parsing of sshformat credentials.
+ pamu2fcfg now allows a combination of the
--username and --nouser options.
+ Improved documentation on FIDO2 options.
+ 1.2.0:
+ Added support for EdDSA keys.
+ Added support for SSH ed25519-sk keys.
+ Added authenticator filtering based on user verification options.
+ Fixed an issue with privilege restoration on MacOS.
+ Fixed an issue where credentials created with pamu2fcfg
1.0.8 or earlier were not handled correctly if their origin
and appid differed.
+ Miscellaneous improvements to the documentation.
+ Miscellaneous minor bug fixes found by fuzzing.
+ 1.1.1:
+ Fix an issue where PIN authentication could be
bypassed (CVE-2021-31924).
+ Fix an issue with nodetect and non-resident credentials.
+ Fix build issues with musl libc.
+ Add support for self-attestation in pamu2fcfg.
+ Fix minor bugs found by fuzzing.
* Modify lintian override for new syntax
* Update copyright and add myself
* Switch to compat level 13
* Raise the standards-version to 4.6.2 (no changes needed)
* Switched from pkg-config to pkgconf.
* Removed Alessio Di Mauro and Nicoo as uploaders, according
to process described here: https://wiki.debian.org/PackageSalvaging
* Install package into /usr according to the /usr-merge. (Closes: #1061859)
Thanks to Michael Biebl <biebl@debian.org> for the patch.
-- Patrick Winnertz <winnie@debian.org> Sat, 06 Apr 2024 14:33:00 +0200
pam-u2f (1.1.0-1.1) unstable; urgency=medium
* Non-maintainer upload.
* Handle converse() returning NULL (CVE-2021-31924) (Closes: #987545)
-- Salvatore Bonaccorso <carnil@debian.org> Sat, 05 Jun 2021 15:04:24 +0200
pam-u2f (1.1.0-1) unstable; urgency=low
* New upstream version 1.1.0 (2020-09-17)
+ Add support for FIDO2
Switch from libu2f-host+libu2f-server to libfido2
+ Add support for User Verification
+ Add support for PIN Verification
+ Add support for Resident Credentials
+ Add support for SSH credential format
* Update nicoo's name & address
* libpam-u2f: Override Lintian warning about the pam_u2f(8) manpage.
See Lintian bug #973604
* d/copyright:
+ Set Upstream-Contact to Yubico's OSS maintainers role
+ Update package authorship metadata
* Switch to debhelper 12.
Replace the deprecated debian/compat file with a Build-Depends on
debhelper-compat
* d/upstream: Update signing keyring
* d/control: Declare compliance with policy v4.5.0.
No change required
* Drop obsolete README.source.
The package should explain how to explain cowbuilder, or refer to the
packaging repo by an URL that has been obsolete for years.
* d/gbp.conf: Sign tags.
Unsure why I disabled it.
* d/rules: No need to pass --builddirectory to dh
* d/watch: Update to uscan v4, tidy up the syntax
-- nicoo <nicoo@debian.org> Mon, 02 Nov 2020 13:49:23 +0100
pam-u2f (1.0.8-1) unstable; urgency=high (security)
[ nicoo ]
* New upstream version 1.0.8 (2019-06-04)
+ Fix insecure debug file handling CVE-2019-12209. (Closes: #930021)
+ Fix debug file descriptor leak CVE-2019-12210. (Closes: #930023)
+ Fix a non-critical buffer out-of-bounds access. (Closes: #930047)
* Comply with Debian policy v4.4.0
+ debian/control: Set Rules-Requires-Root to no
+ debian/rules: Install upstream's changelog
* debian/control: Update my email address
* debian/gbp.conf: Move the packaging branch to debian/sid
[ Simon Josefsson ]
* Drop myself from Uploader's.
-- nicoo <nicoo@debian.org> Sat, 20 Jul 2019 13:01:18 +0200
pam-u2f (1.0.7-1) unstable; urgency=high
* New upstream version 1.0.7 (2018-05-15)
Closes: #898519
* Update & complete debian/copyright
* Move the packaging repository to salsa.d.o
* Use the tracker.debian.org email address for the maintainers.
* Switch to debhelper 11
-- nicoo <nicoo@debian.org> Tue, 29 May 2018 14:33:06 +0200
pam-u2f (1.0.6-1) unstable; urgency=medium
* New upstream version (2018-04-18)
- Remove upstreamed patch
* Bump Standards-Version to 4.1.4
- debian/copyright: Use HTTPS Format URI
* Update upstream's keyring
- Move it to debian/upstream
- Include a script debian/upstream/signing-key.sh that generates it
-- nicoo <nicoo@debian.org> Mon, 30 Apr 2018 13:35:48 +0200
pam-u2f (1.0.4-2) unstable; urgency=medium
* debian/control: Add myself as uploader
* debian/control: Move the packaging repo to Alioth
-- nicoo <nicoo@debian.org> Fri, 23 Sep 2016 20:38:06 +0200
pam-u2f (1.0.4-1) unstable; urgency=medium
* Acknowledge NMU, thanks nicoo.
-- Simon Josefsson <simon@josefsson.org> Wed, 10 Aug 2016 16:08:42 +0200
pam-u2f (1.0.4-0.3) unstable; urgency=medium
* Non-maintainer upload.
* Fix the generated binaries on Debian/kFreeBSD
* Drop spurious dependency on autotools-dev
-- nicoo <nicoo@debian.org> Tue, 02 Aug 2016 15:48:58 +0200
pam-u2f (1.0.4-0.2) unstable; urgency=medium
* Non-maintainer upload.
* Set Breaks and Replaces for the moved manpage.
-- nicoo <nicoo@debian.org> Thu, 14 Jul 2016 21:53:52 +0200
pam-u2f (1.0.4-0.1) unstable; urgency=medium
* Non-maintainer upload.
* New upstream version.
Fixes possible permission escalation when using XDG_CONFIG_HOME.
* Use HTTPS for Vcs-Git.
* Use build-time hardening.
* Bump Standards-Version to 3.9.8.
No change required.
* Put the pam_u2f(8) manpage in the libpam_u2f package.
-- nicoo <nicoo@debian.org> Wed, 06 Jul 2016 13:25:51 +0200
pam-u2f (1.0.3-1) unstable; urgency=medium
* New upstream release.
-- Alessio Di Mauro <alessio@yubico.com> Mon, 02 Nov 2015 15:47:25 +0100
pam-u2f (1.0.2-1) unstable; urgency=medium
[ Alessio Di Mauro ]
* New upstream version
[ Simon Josefsson ]
* Update upstream-signing-key.pgp.
-- Alessio Di Mauro <alessio@yubico.com> Tue, 06 Oct 2015 14:34:08 +0200
pam-u2f (1.0.1-1) unstable; urgency=medium
[ Alessio Di Mauro ]
* New upstream release.
[ Simon Josefsson ]
* Update README.source.
* Update upstream-signing-key.pgp.
* Add gbp.conf.
-- Alessio Di Mauro <alessio@yubico.com> Thu, 18 Jun 2015 10:35:12 +0200
pam-u2f (1.0.0-1) unstable; urgency=medium
* New upstream release.
-- Alessio Di Mauro <alessio@yubico.com> Wed, 17 Jun 2015 14:19:14 +0200
pam-u2f (0.0.1-1) unstable; urgency=low
* Initial release. (Closes: #776091)
-- Alessio Di Mauro <alessio@yubico.com> Mon, 26 Jan 2015 13:57:25 +0100