Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted pam-u2f 1.3.0-1 (source) into unstable
Date: Sat, 06 Apr 2024 20:37:44 +0000
Signed by: Patrick Winnertz <winnie@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 06 Apr 2024 14:33:00 +0200
Source: pam-u2f
Architecture: source
Version: 1.3.0-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Authentication Maintainers <team+auth@tracker.debian.org>
Changed-By: Patrick Winnertz <winnie@debian.org>
Closes: 987545 1022073 1061859
Changes:
 pam-u2f (1.3.0-1) unstable; urgency=medium
 .
   * Update the keys according to the yubico website
     and delete one from the keyring.
   * Modify gbp.conf
     + Remove autosigning of upstream, I can't check that
       tag (and the content) before signing.
     + Extend the included gbp so that everybody
       uses gz in this case.
   * Accknowledge NMU from Salvatore Bonaccorso <carnil@debian.org>
     to close CVE-2021-31924 (Closes: #987545) - see release 1.1.1
   * New upstream version 1.3.0 (Closes: #1022073)
     + Add sanity checking of UV options to pamu2fcfg.
     + Add support for username expansion in the authfile path.
     + Improvements to the documentation.
     + 1.2.1:
     	+ Fixed an issue where native credentials could be truncated,
           resulting in failure to authenticate or successful
           authentication with missing options.
     	+ Stricter parsing of sshformat credentials.
     	+ pamu2fcfg now allows a combination of the
           --username and --nouser options.
     	+ Improved documentation on FIDO2 options.
     + 1.2.0:
         + Added support for EdDSA keys.
         + Added support for SSH ed25519-sk keys.
         + Added authenticator filtering based on user verification options.
         + Fixed an issue with privilege restoration on MacOS.
         + Fixed an issue where credentials created with pamu2fcfg
           1.0.8 or earlier were not handled correctly if their origin
           and appid differed.
         + Miscellaneous improvements to the documentation.
         + Miscellaneous minor bug fixes found by fuzzing.
     + 1.1.1:
     	+ Fix an issue where PIN authentication could be
           bypassed (CVE-2021-31924).
     	+ Fix an issue with nodetect and non-resident credentials.
     	+ Fix build issues with musl libc.
     	+ Add support for self-attestation in pamu2fcfg.
     	+ Fix minor bugs found by fuzzing.
   * Modify lintian override for new syntax
   * Update copyright and add myself
   * Switch to compat level 13
   * Raise the standards-version to 4.6.2 (no changes needed)
   * Switched from pkg-config to pkgconf.
   * Removed Alessio Di Mauro and Nicoo as uploaders, according
     to process described here: https://wiki.debian.org/PackageSalvaging
   * Install package into /usr according to the /usr-merge. (Closes: #1061859)
     Thanks to Michael Biebl <biebl@debian.org> for the patch.
Checksums-Sha1:
 9f743ff10c10192add00ccf21616b05135dee421 2277 pam-u2f_1.3.0-1.dsc
 5390be2801ad31e6ab3ba86db4b7f1b80ab07b0c 456281 pam-u2f_1.3.0.orig.tar.gz
 56c1bc0824962b8d3748ce2f88036caff1fc30d3 119 pam-u2f_1.3.0.orig.tar.gz.asc
 12a8918d7ff2bddeb274b9db36fc0eb55b4c7b67 63328 pam-u2f_1.3.0-1.debian.tar.xz
 dfad44bf78f937612b0d47460e341ef0ac6675c0 6926 pam-u2f_1.3.0-1_amd64.buildinfo
Checksums-Sha256:
 6236f091bef347185d879f7e2f84aba607964f0373ce7f7adb6a1a70b371c476 2277 pam-u2f_1.3.0-1.dsc
 72360c6875485eb4df409da8f8f52b17893f05e4d998529c238814480e115220 456281 pam-u2f_1.3.0.orig.tar.gz
 1d9ed7e8d1a464d4c4f899178a7a3029add1be7dd1802b52a38dc32da7b4d73c 119 pam-u2f_1.3.0.orig.tar.gz.asc
 489b568445cf789a8638cc074a18085b1c5799a7d681bd507863e63ef5066ddf 63328 pam-u2f_1.3.0-1.debian.tar.xz
 f0dc9d0b3d6d59952d8f1b207b0e1d755c4032b681aa63b69782a3106617689b 6926 pam-u2f_1.3.0-1_amd64.buildinfo
Files:
 817fc44e86b851de4190f4358fc88f1d 2277 admin optional pam-u2f_1.3.0-1.dsc
 e79696f5afb8f8f96c8344bffcf1edcc 456281 admin optional pam-u2f_1.3.0.orig.tar.gz
 faa4b40c64d305386129949ff76231e5 119 admin optional pam-u2f_1.3.0.orig.tar.gz.asc
 9b69c0c41750da264b75886d4bfa60b1 63328 admin optional pam-u2f_1.3.0-1.debian.tar.xz
 f94c0f2ad67f9b4aa00fe6473c4bd55c 6926 admin optional pam-u2f_1.3.0-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJGBAEBCgAwFiEEjSCBcjiIQIEbhdocxtUKQYjHDkMFAmYRqkESHHdpbm5pZUBk
ZWJpYW4ub3JnAAoJEMbVCkGIxw5DR8MP/0Hqp1/3vSpg8j8DweRVTSFQuMhe+pE9
m5xPYFIOX5NOcpIDd0qLK6ZDggrsYeQYQBl537p9z8p585Wy+tFBMxtm7tQQYe7V
VjTmXAqx9n+EIrCt2Q/HPFlBJjLkwzEObnWWKoa09DG978Xpvwjp8/NarhCPRdSa
u9m7GvG13l/LsNJKrsQjHiglyJJ68qXr6IdXqRJ7g2Qi0oeMOUfy9ywvqe2NoVkQ
lk1Nmo/Aomtn4/Wsyu4NGtPqKYvcNvsdhW2lenH8TsAbl4/QFinZhmbWMqCHY85J
bhIFvtDHdmmFbVM/ewRRsxESeXwNn/NlUFq9w+oN19rHWmL8hvN4eKxm3UeTHzVR
topiQXDHfZohH6SV0QM2R05o/iASoDcVyj9AIjDWTbU+hJWR9HbE6c4e7N60KHlh
UABYc5PMcK18duigzF8Q0GuKvX0WfLuZVTyTFKzNq8NjJ3XoLkllKp+JysiuZm3Y
QY1DC/2fiIU6qvQ6NbRD3eS36RHDvd/2EhXFCBfJ6o98TRV+eobsD6EQEYhOMb6G
BrodRLEzpAiuqRHc2UFkIPCOPBMZhzeguIkzbPZXTHpg7JrwJVEO/0TucL5nQO6V
t0+5AKciYmCf5zCP6ZoWh414BppktR3sFhfMF9dPEP/IBHnqXJtxzHc7l3oEEE2d
Wq2Rq0Pldv+0
=9Eph
-----END PGP SIGNATURE-----
News for package pam-u2f
