1 files changed, 104 insertions, 1 deletions

diff --git a/ChangeLog.txt b/ChangeLog.txt
index b44af413..d6f335c0 100644
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@@ -1,3 +1,99 @@
+Wed Feb 12 05:05:50 UTC 2020
+Hey folks! PAM has finally landed in /testing. Some here wanted it to go
+right into the main tree immediately, and in a more normal development cycle
+I'd have been inclined to agree (it is -current, after all). But it's
+probably better for it to appear in /testing first, to make sure we didn't
+miss any bugs and also to serve as a warning shot that we'll be shaking up
+the tree pretty good over the next few weeks. I'd like to see this merged
+into the main tree in a day or two, so any testing is greatly appreciated.
+Switching to the PAM packages (or reverting from them) is as easy as
+installing all of them with upgradepkg --install-new, and if reverting then
+remove the three leftover _pam packages. After reverting, a bit of residue
+will remain in /etc/pam.d/ and /etc/security/ which can either be manually
+deleted or simply ignored. While there are many more features available in
+PAM compared with plain shadow, out of the box about the only noticable
+change is the use of cracklib and libpwquality to check the quality of a
+user-supplied password. Hopefully having PAM and krb5 will get us on track
+to having proper Active Directory integration as well as using code paths
+that are likely better audited these days. The attack surface *might* be
+bigger, but it's also a lot better scrutinized.
+Thanks to Robby Workman and Vincent Batts who did most of the initial heavy
+lifting on the core PAM packages as a side project for many years. Thanks
+also to Phantom X whose PAM related SlackBuilds were a valuable reference.
+And thanks as well to ivandi - I learned a lot from the SlackMATE build
+scripts and was even occasionally thankful for the amusing ways you would
+kick my ass on LQ. ;-) You're more than welcome to let us know where we've
+messed up this time.
+The binutils and glibc packages in /testing were removed and are off the
+table for now. I'm not seeing much upside to heading down that rabbit hole
+at the moment. Next we need to be looking at Xfce 4.14 and Plasma 5.18 LTS
+and some other things that have been held back since KDE4 couldn't use them.
+Cheers! :-)
+a/kernel-generic-5.4.19-x86_64-1.txz:  Upgraded.
+a/kernel-huge-5.4.19-x86_64-1.txz:  Upgraded.
+a/kernel-modules-5.4.19-x86_64-1.txz:  Upgraded.
+a/lvm2-2.03.08-x86_64-1.txz:  Upgraded.
+a/shadow-4.8.1-x86_64-2.txz:  Rebuilt.
+  Automatically backup /etc/login.defs and install the new version if
+  incompatible PAM options are detected.
+d/kernel-headers-5.4.19-x86-1.txz:  Upgraded.
+k/kernel-source-5.4.19-noarch-1.txz:  Upgraded.
+  VALIDATE_FS_PARSER y -> n
+xap/mozilla-thunderbird-68.5.0-x86_64-1.txz:  Upgraded.
+  This release contains security fixes and improvements.
+  For more information, see:
+    https://www.mozilla.org/en-US/thunderbird/68.5.0/releasenotes/
+    https://www.mozilla.org/en-US/security/advisories/mfsa2020-07/
+    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6793
+    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6794
+    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6795
+    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6797
+    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6798
+    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6792
+    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6800
+  (* Security fix *)
+isolinux/initrd.img:  Rebuilt.
+kernels/*:  Upgraded.
+testing/packages/PAM/ConsoleKit2-1.2.1-x86_64-1_pam.txz:  Added.
+testing/packages/PAM/at-3.2.1-x86_64-1_pam.txz:  Added.
+testing/packages/PAM/cifs-utils-6.10-x86_64-2_pam.txz:  Added.
+testing/packages/PAM/cracklib-2.9.7-x86_64-1_pam.txz:  Added.
+testing/packages/PAM/cups-2.3.1-x86_64-1_pam.txz:  Added.
+testing/packages/PAM/cyrus-sasl-2.1.27-x86_64-2_pam.txz:  Added.
+testing/packages/PAM/dovecot-2.3.9.2-x86_64-1_pam.txz:  Added.
+testing/packages/PAM/gnome-keyring-3.34.0-x86_64-1_pam.txz:  Added.
+testing/packages/PAM/hplip-3.19.12-x86_64-2_pam.txz:  Added.
+testing/packages/PAM/kde-workspace-4.11.22-x86_64-6_pam.txz:  Added.
+testing/packages/PAM/libcap-2.31-x86_64-1_pam.txz:  Added.
+testing/packages/PAM/libcgroup-0.41-x86_64-5_pam.txz:  Added.
+testing/packages/PAM/libpwquality-1.4.2-x86_64-1_pam.txz:  Added.
+testing/packages/PAM/mariadb-10.4.12-x86_64-1_pam.txz:  Added.
+testing/packages/PAM/netatalk-3.1.12-x86_64-2_pam.txz:  Added.
+testing/packages/PAM/netkit-rsh-0.17-x86_64-2_pam.txz:  Added.
+testing/packages/PAM/openssh-8.1p1-x86_64-1_pam.txz:  Added.
+testing/packages/PAM/openvpn-2.4.8-x86_64-1_pam.txz:  Added.
+testing/packages/PAM/pam-1.3.1-x86_64-1_pam.txz:  Added.
+testing/packages/PAM/polkit-0.116-x86_64-1_pam.txz:  Added.
+testing/packages/PAM/popa3d-1.0.3-x86_64-3_pam.txz:  Added.
+testing/packages/PAM/ppp-2.4.7-x86_64-3_pam.txz:  Added.
+testing/packages/PAM/proftpd-1.3.6b-x86_64-1_pam.txz:  Added.
+testing/packages/PAM/samba-4.11.6-x86_64-1_pam.txz:  Added.
+testing/packages/PAM/screen-4.8.0-x86_64-1_pam.txz:  Added.
+testing/packages/PAM/shadow-4.8.1-x86_64-2_pam.txz:  Added.
+testing/packages/PAM/sudo-1.8.31-x86_64-1_pam.txz:  Added.
+testing/packages/PAM/system-config-printer-1.5.12-x86_64-2_pam.txz:  Added.
+testing/packages/PAM/util-linux-2.35.1-x86_64-1_pam.txz:  Added.
+testing/packages/PAM/vsftpd-3.0.3-x86_64-5_pam.txz:  Added.
+testing/packages/PAM/xdm-1.1.11-x86_64-9_pam.txz:  Added.
+testing/packages/PAM/xlockmore-5.62-x86_64-1_pam.txz:  Added.
+testing/packages/PAM/xscreensaver-5.43-x86_64-1_pam.txz:  Added.
+testing/packages/binutils-2.34-x86_64-1.txz:  Removed.
+testing/packages/glibc-2.31-x86_64-1.txz:  Removed.
+testing/packages/glibc-i18n-2.31-x86_64-1.txz:  Removed.
+testing/packages/glibc-profile-2.31-x86_64-1.txz:  Removed.
+testing/packages/glibc-solibs-2.31-x86_64-1.txz:  Removed.
+usb-and-pxe-installers/usbboot.img:  Rebuilt.
++--------------------------+
 Tue Feb 11 04:45:36 UTC 2020
 ap/man-pages-5.05-noarch-2.txz:  Rebuilt.
   Clean up /usr/man directory moving miscellaneous documentation to
@@ -5,9 +101,16 @@ ap/man-pages-5.05-noarch-2.txz:  Rebuilt.
 d/python-setuptools-45.2.0-x86_64-1.txz:  Upgraded.
 n/nfs-utils-2.4.3-x86_64-1.txz:  Upgraded.
 xap/mozilla-firefox-68.5.0esr-x86_64-1.txz:  Upgraded.
-  This is a bugfix release.
+  This release contains security fixes and improvements.
   For more information, see:
     https://www.mozilla.org/en-US/firefox/68.5.0/releasenotes/
+    https://www.mozilla.org/security/advisories/mfsa2020-06/
+    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6796
+    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6797
+    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6798
+    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6799
+    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6800
+  (* Security fix *)
 +--------------------------+
 Sun Feb  9 23:04:46 UTC 2020
 ap/man-pages-5.05-noarch-1.txz:  Upgraded.