diff options
author | Steve Langasek <steve.langasek@ubuntu.com> | 2019-01-03 21:13:04 -0800 |
---|---|---|
committer | Steve Langasek <steve.langasek@ubuntu.com> | 2019-01-03 21:13:04 -0800 |
commit | c55c14c5c6762139ec6695d84ea0e2e917da5264 (patch) | |
tree | 9e6119760c93841b2bc3e05680ac9e4e15ae9c25 /ChangeLog | |
parent | f3c0273b7bd2d7fdcac3fe3604cedd82afc57f49 (diff) | |
parent | fc772e7236a7aea9c9c26b0be2ee6f3ed8ae444a (diff) |
New upstream version 1.1.5
Diffstat (limited to 'ChangeLog')
-rw-r--r-- | ChangeLog | 271 |
1 files changed, 271 insertions, 0 deletions
@@ -1,3 +1,274 @@ +2011-10-25 Thorsten Kukuk <kukuk@thkukuk.de> + + * release version 1.1.5 + + * configure.in: Bump version number. + + * modules/pam_tally2/pam_tally2.8.xml: Remove never used option + "no_lock_time". + +2011-10-14 Kees Cook <kees@debian.org> + + * modules/pam_env/pam_env.c (_expand_arg): Abort when encountering an + overflowed environment variable expansion. + Fixes CVE-2011-3149. + Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/874565 + + * modules/pam_env/pam_env.c (_assemble_line): Correctly count leading + whitespace. + Fixes CVE-2011-3148. + Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/874469 + +2011-10-10 Tomas Mraz <tm@t8m.info> + + * modules/pam_access/pam_access.c: Add hostname resolution + cache. + (user_match): Clear the cache in fake_item. + (from_match): If from is not hostname, do not try to resolve it. + Cache the getaddrinfo() result. + (network_netmask_match): Cache the getaddrinfo() result. + (pam_sm_authenticate): Free the getaddrinfo() result. + + * modules/pam_access/pam_access.c (netgroup_match): If getdomainname() + fails or domainname not set use NULL as domain in innetgr(). + +2011-09-30 Tomas Mraz <tm@t8m.info> + + * doc/man/pam.conf-syntax.xml: Improve documentation of the + sufficient and requisite control values. (Red Hat Bug #742413) + +2011-08-25 Tomas Mraz <tm@t8m.info> + + * modules/pam_access/pam_access.c (user_match): Fix the split + on @ in the user field. (Red Hat Bug #732081) + + * modules/pam_loginuid/pam_loginuid.c: Correct the FSF address. + +2011-08-23 Tomas Mraz <tm@t8m.info> + + * modules/pam_env/pam_env.c (_pam_parse): Fix missing dereference. + +2011-06-22 Thorsten Kukuk <kukuk@thkukuk.de> + + * release version 1.1.4 + + * configure.in: Bump version number. + * NEWS: Document changes since 1.1.3 + * libpam/Makefile.am: Bump release number of shared library + * po/de.po: Translate new string. + + * modules/pam_unix/Makefile.am (pam_unix_la_LIBADD): Reorder + Libraries. + +2011-06-21 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_limits/pam_limits.c: Add set_all option, + read limits from PID one if no limit is specified and set_all + is set. + * modules/pam_limits/pam_limits.8.xml: Document set_all option. + Based on Patch by Kees Cook. + +2011-06-15 Tomas Mraz <tm@t8m.info> + + * modules/pam_sepermit/pam_sepermit.c (check_running): Avoid + leaking memory and dir handle on realloc failure. + (sepermit_unlock): Cast fcntl() and close() calls to void. + + * modules/pam_pwhistory/opasswd.c (check_old_password): Do not + needlessly call strdupa(). + (save_old_password): Avoid memleaks in error paths. Avoid memleak of + buf. Make the opasswd entry parsing more robust. + * modules/pam_pwhistory/pam_pwhistory.8.xml: Document the + special meaning of remember=0. + + * modules/pam_unix/support.c (_set_ctrl): Do not crash when remember, + minlen, or rounds options are used with wrong module type. + + * modules/pam_timestamp/pam_timestamp.c (pam_sm_authenticate): Avoid + memleak in error path. + (pam_sm_open_session): Avoid memleak and fd leak in error path. + + * modules/pam_access/pam_access.c (user_match): Initialize the + fake_item from item. + +2011-06-14 Thorsten Kukuk <kukuk@thkukuk.de> + + * configure.in: Check for libtirpc by default. + * libpam/Makefile.am: Add support for libtirpc. + * modules/pam_access/Makefile.am: Likewise. + * modules/pam_unix/Makefile.am: Likewise. + * modules/pam_unix/pam_unix_passwd.c: Change ifdefs for + new libtirpc support. + * modules/pam_unix/yppasswd_xdr.c: Only compile if we have rpc/rpc.h. + +2011-06-13 Tomas Mraz <tm@t8m.info> + + * modules/pam_securetty/pam_securetty.c (securetty_perform_check): Test + also whether the tty is in the /sys/class/tty/console/active file. + * modules/pam_securetty/pam_securetty.8.xml: Document the new check of + /sys/class/tty/console/active/file. + +2011-06-07 Tomas Mraz <tm@t8m.info> + + * modules/pam_namespace/pam_namespace.c (root_shared): New + function to detect shared / mount. + (pam_sm_open_session): Call the root_shared() and enable + private mounts based on that. + * modules/pam_namespace/pam_namespace.8.xml: Document the + automatic detection of shared / mount. + +2011-06-06 Tomas Mraz <tm@t8m.info> + + * modules/pam_group/pam_group.c (shift_bytes): Removed. + (shift_buf, trim_spaces): Added new functions. + (read_field): Thorough rewrite of the parsing. + (check_account): read_field() now uses state information. No + extra read_field() call at the end of configuration line. + * modules/pam_time/pam_time.c (shift_bytes): Removed. + (shift_buf, trim_spaces): Added new functions. + (read_field): Thorough rewrite of the parsing. + (check_account): read_field() now uses state information. No + extra read_field() call at the end of configuration line. + + * modules/pam_namespace/pam_namespace.h: Define the MS_PRIVATE and + MS_REC flags if they are not in sys/mount.h. + +2011-06-06 Nguyễn Thái Ngọc Duy <pclouds@gmail.com> + + * po/LINGUAS: Add vietnamese. + * po/vi.po: Add vietnamese translation. + +2011-06-02 Tomas Mraz <tm@t8m.info> + + * modules/pam_namespace/pam_namespace.c (protect_dir): Add parameter + to always do protect mount the last directory in the path. + (check_inst_parent, create_polydir): Update the protect_dir() call. + (ns_setup): Likewise and add the MS_PRIVATE mount() call. + (pam_sm_open_session): Check the mount_private option. + * modules/pam_namespace/pam_namespace.h: Add the PAMNS_MOUNT_PRIVATE. + * modules/pam_namespace/pam_namespace.8.xml: Document the mount_private + option. + + * modules/pam_cracklib/pam_cracklib.c (str_lower): Make it no-op + on NULL strings. + (password_check): Guard for NULLs returned from memory allocation. + + * modules/pam_filter/pam_filter.c (process_args): Guard for error return + from pam_get_user(). + + * modules/pam_echo/pam_echo.c (replace_and_print): Guard for error return + from pam_get_item(). + +2011-05-30 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_timestamp/pam_timestamp.c (main): Remove unsused + variable pretval. + + * modules/pam_stress/pam_stress.c (converse): **message is const. + (stress_get_password): pmsg is const. + (pam_sm_chauthtok): Likewise. + * libpam/pam_item.c (pam_get_user): Make pmsg const and remove + casts. + +2011-05-30 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_env/pam_env.c (_pam_parse): Implement debug option. + Based on patch by Tomas Mraz. + +2011-05-24 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_listfile/pam_listfile.c (pam_sm_authenticate): quiet + option has no argument, print no missing file if quiet is set + [sf#3194930]. + +2011-05-04 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_lastlog/pam_lastlog.c (last_login_failed): Don't + abort with error if btmp file does not exist. + +2011-03-21 Tomas Mraz <tm@t8m.info> + + * modules/pam_unix/md5.c (MD5Final): Clear the whole ctx. + +2011-03-18 Tomas Mraz <tm@t8m.info> + + * modules/pam_namespace/md5.c (MD5Final): Clear the whole ctx. + * modules/pam_namespace/pam_namespace.c (del_polydir): Guard for NULL poly. + (protect_dir): Guard for -1 passing to close(). + (ns_setup): Likewise. + (pam_sm_open_session): Correctly test for SELinux enabled flag. + +2011-03-17 Tomas Mraz <tm@t8m.info> + + * modules/pam_selinux/pam_selinux.c (config_context): Fix leak of type. + (manual_context): Likewise. + (context_from_env): Remove extraneous auditing in success case. + + * modules/pam_unix/support.c (_unix_run_helper_binary): Remove extra + close() call. + +2011-02-22 Tomas Mraz <tm@t8m.info> + + * modules/pam_nologin/pam_nologin.8.xml: Add missing space. + * modules/pam_limits/limits.conf.5.xml: Fix typo. + +2010-12-21 Tomas Mraz <tm@t8m.info> + + * modules/pam_selinux/pam_selinux.c (mls_range_allowed): Unhardcode + values for security class and av permission bit. + +2010-12-14 Tomas Mraz <tm@t8m.info> + + * modules/pam_limits/pam_limits.c (parse_uid_range): New function + to parse the range of uids or gids. + (parse_config_file): Call parse_uid_range() and if uid/gid range + is identified, setup the limits if the range matches. New parameters + containing user's uid and primary gid. + (pam_sm_open_session): Pass the user's uid and primary gid to + parse_config_file(). + * modules/pam_limits/limits.conf.5.xml: Document the uid/gid ranges. + +2010-12-14 Bahadır Kandemir <bahadir@pardus.org.tr> + + * po/tr.po: Updated translations. + +2010-11-25 Tomas Mraz <tm@t8m.info> + + * modules/pam_securetty/pam_securetty.8.xml: Improve documentation + of the kernel console feature and the noconsole option. + +2010-11-24 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_securetty/pam_securetty.c: Parse console= kernel + option, add noconsole option. + * modules/pam_securetty/pam_securetty.8.xml: Document new behavior + for serial console. + Patch from Lennart Poettering. + +2010-11-24 Tomas Mraz <tm@t8m.info> + + * modules/pam_limits/limits.conf.5.xml: Document the %group syntax. + +2010-11-18 Tomas Mraz <tm@t8m.info> + + * modules/pam_limits/pam_limits.c (pam_parse,pam_sm_open_session): + Drop obsolete and broken option change_uid. + * modules/pam_limits/pam_limits.8.xml: Likewise. + +2010-11-16 Tomas Mraz <tm@t8m.info> + + * modules/pam_pwhistory/pam_pwhistory.c (pam_sm_chauthtok): Remove + dead and duplicate code. Return PAM_INCOMPLETE instead of + PAM_CONV_AGAIN. + +2010-11-11 Tomas Mraz <tm@t8m.info> + + * modules/pam_selinux/pam_selinux.c (pam_sm_open_session): Fix + potential use after free in case SELinux is misconfigured. + + * modules/pam_namespace/pam_namespace.c (process_line): Fix memory + leak when parsing empty config file lines. + 2010-10-28 Thorsten Kukuk <kukuk@thkukuk.de> * release version 1.1.3 |