New upstream version 1.3.0

1 files changed, 970 insertions, 0 deletions

diff --git a/ChangeLog b/ChangeLog
index a86707d2..328a0da3 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,973 @@
+2016-04-28  Tomas Mraz  <tmraz@fedoraproject.org>
+
+	Updated translations from Zanata.
+	* po/*.po: Updated translations from Zanata.
+
+2016-04-19  Tomas Mraz  <tmraz@fedoraproject.org>
+
+	pam_wheel: Correct the documentation of the root_only option.
+	* modules/pam_wheel/pam_wheel.8.xml: Correct the documentation of the
+	root_only option.
+
+	pam_unix: Document that MD5 password hash is used to store old passwords.
+	modules/pam_unix/pam_unix.8.xml: Document that the MD5 password hash is used
+	to store the old passwords when remember option is set.
+
+2016-04-14  Tomas Mraz  <tmraz@fedoraproject.org>
+
+	Project registered at Zanata (fedora.zanata.org) for translations.
+	* zanata.xml: Configuration file for zanata client.
+	* po/LINGUAS: Update languages as supported by Zanata.
+	* po/Linux-PAM.pot: Updated from sources.
+	* po/*.po: Updated from sources.
+
+2016-04-06  Tomas Mraz  <tmraz@fedoraproject.org>
+
+	pam_unix: Use pam_get_authtok() instead of direct pam_prompt() calls.
+	We have to drop support for not_set_pass option which is not much useful
+	anyway. Instead we get proper support for authtok_type option.
+
+	* modules/pam_unix/pam_unix.8.xml: Removed not_set_pass option, added authtok_ty
+	pe
+	option.
+	* modules/pam_unix/pam_unix_auth.c (pam_sm_authenticate): Replace _unix_read_pas
+	sword()
+	call with equivalent pam_get_authtok() call.
+	* modules/pam_unix/pam_unix_passwd.c (pam_sm_chauthtok): Likewise and also drop
+	support for not_set_pass.
+	* modules/pam_unix/support.c (_unix_read_password): Remove.
+	* modules/pam_unix/support.h: Remove UNIX_NOT_SET_PASS add UNIX_AUTHTOK_TYPE.
+
+	pam_get_authtok(): Add authtok_type support to current password prompt.
+	* libpam/pam_get_authtok.c (pam_get_authtok_internal): When changing password,
+	use different prompt for current password allowing for authtok_type to be
+	displayed to the user.
+
+2016-04-04  Tomas Mraz  <tmraz@fedoraproject.org>
+
+	pam_unix: Make password expiration messages more user-friendly.
+	* modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): Make password
+	expiration messages more user-friendly.
+
+2016-04-04  Thorsten Kukuk  <kukuk@thkukuk.de>
+
+	innetgr may not be there so make sure that when innetgr is not present then we inform about it and not use it. [ticket#46]
+	* modules/pam_group/pam_group.c: ditto
+	* modules/pam_succeed_if/pam_succeed_if.c: ditto
+	* modules/pam_time/pam_time.c: ditto
+
+	build: fix build when crypt() is not part of crypt_libs [ticket#46]
+	* configure.ac: Don't set empty -l option in crypt check
+
+	build: use $host_cpu for lib64 directory handling [ticket#46]
+	* configure.ac: use $host_cpu for lib64 directory handling.
+
+2016-04-01  Dmitry V. Levin  <ldv@altlinux.org>
+
+	Fix whitespace issues.
+	Remove blank lines at EOF introduced by commit
+	a684595c0bbd88df71285f43fb27630e3829121e,
+	making the project free of warnings reported by
+	git diff --check 4b825dc642cb6eb9a060e54bf8d69288fbee4904 HEAD
+
+	* libpam/pam_dynamic.c: Remove blank line at EOF.
+	* modules/pam_echo/pam_echo.c: Likewise.
+	* modules/pam_keyinit/pam_keyinit.c: Likewise.
+	* modules/pam_mkhomedir/pam_mkhomedir.c: Likewise.
+	* modules/pam_pwhistory/pam_pwhistory.c: Likewise.
+	* modules/pam_rhosts/pam_rhosts.c: Likewise.
+	* modules/pam_sepermit/pam_sepermit.c: Likewise.
+	* modules/pam_stress/pam_stress.c: Likewise.
+
+2016-04-01  Thorsten Kukuk  <kukuk@thkukuk.de>
+
+	Use TI-RPC functions if we compile and link against libtirpc. The old SunRPC functions don't work with IPv6.
+	* configure.ac: Set and restore CPPFLAGS
+	* modules/pam_unix/pam_unix_passwd.c: Replace getrpcport with
+	  rpcb_getaddr if available.
+
+2016-03-29  Thorsten Kukuk  <kukuk@thkukuk.de>
+
+	PAM_EXTERN isn't needed anymore, but don't remove it to not break lot of external code using it.
+	* libpam/include/security/pam_modules.h: Readd PAM_EXTERN for compatibility
+
+	Remove "--enable-static-modules" option and support from  Linux-PAM. It was never official supported and was broken since years.
+	* configure.ac: Remove --enable-static-modules option.
+	* doc/man/pam_sm_acct_mgmt.3.xml: Remove PAM_EXTERN.
+	* doc/man/pam_sm_authenticate.3.xml: Likewise.
+	* doc/man/pam_sm_chauthtok.3.xml: Likewise.
+	* doc/man/pam_sm_close_session.3.xml: Likewise.
+	* doc/man/pam_sm_open_session.3.xml: Likewise.
+	* doc/man/pam_sm_setcred.3.xml: Likewise.
+	* libpam/Makefile.am: Remove STATIC_MODULES cases.
+	* libpam/include/security/pam_modules.h: Remove PAM_STATIC parts.
+	* libpam/pam_dynamic.c: Likewise.
+	* libpam/pam_handlers.c: Likewise.
+	* libpam/pam_private.h: Likewise.
+	* libpam/pam_static.c: Remove file.
+	* libpam/pam_static_modules.h: Remove header file.
+	* modules/pam_access/pam_access.c: Remove PAM_EXTERN and PAM_STATIC parts.
+	* modules/pam_cracklib/pam_cracklib.c: Likewise.
+	* modules/pam_debug/pam_debug.c: Likewise.
+	* modules/pam_deny/pam_deny.c: Likewise.
+	* modules/pam_echo/pam_echo.c: Likewise.
+	* modules/pam_env/pam_env.c: Likewise.
+	* modules/pam_exec/pam_exec.c: Likewise.
+	* modules/pam_faildelay/pam_faildelay.c: Likewise.
+	* modules/pam_filter/pam_filter.c: Likewise.
+	* modules/pam_ftp/pam_ftp.c: Likewise.
+	* modules/pam_group/pam_group.c: Likewise.
+	* modules/pam_issue/pam_issue.c: Likewise.
+	* modules/pam_keyinit/pam_keyinit.c: Likewise.
+	* modules/pam_lastlog/pam_lastlog.c: Likewise.
+	* modules/pam_limits/pam_limits.c: Likewise.
+	* modules/pam_listfile/pam_listfile.c: Likewise.
+	* modules/pam_localuser/pam_localuser.c: Likewise.
+	* modules/pam_loginuid/pam_loginuid.c: Likewise.
+	* modules/pam_mail/pam_mail.c: Likewise.
+	* modules/pam_mkhomedir/pam_mkhomedir.c: Likewise.
+	* modules/pam_motd/pam_motd.c: Likewise.
+	* modules/pam_namespace/pam_namespace.c: Likewise.
+	* modules/pam_nologin/pam_nologin.c: Likewise.
+	* modules/pam_permit/pam_permit.c: Likewise.
+	* modules/pam_pwhistory/pam_pwhistory.c: Likewise.
+	* modules/pam_rhosts/pam_rhosts.c: Likewise.
+	* modules/pam_rootok/pam_rootok.c: Likewise.
+	* modules/pam_securetty/pam_securetty.c: Likewise.
+	* modules/pam_selinux/pam_selinux.c: Likewise.
+	* modules/pam_sepermit/pam_sepermit.c: Likewise.
+	* modules/pam_shells/pam_shells.c: Likewise.
+	* modules/pam_stress/pam_stress.c: Likewise.
+	* modules/pam_succeed_if/pam_succeed_if.c: Likewise.
+	* modules/pam_tally/pam_tally.c: Likewise.
+	* modules/pam_tally2/pam_tally2.c: Likewise.
+	* modules/pam_time/pam_time.c: Likewise.
+	* modules/pam_timestamp/pam_timestamp.c: Likewise.
+	* modules/pam_tty_audit/pam_tty_audit.c: Likewise.
+	* modules/pam_umask/pam_umask.c: Likewise.
+	* modules/pam_userdb/pam_userdb.c: Likewise.
+	* modules/pam_warn/pam_warn.c: Likewise.
+	* modules/pam_wheel/pam_wheel.c: Likewise.
+	* modules/pam_xauth/pam_xauth.c: Likewise.
+	* modules/pam_unix/Makefile.am: Remove STATIC_MODULES part.
+	* modules/pam_unix/pam_unix_acct.c: Remove PAM_STATIC part.
+	* modules/pam_unix/pam_unix_auth.c: Likewise.
+	* modules/pam_unix/pam_unix_passwd.c: Likewise.
+	* modules/pam_unix/pam_unix_sess.c: Likewise.
+	* modules/pam_unix/pam_unix_static.c: Removed.
+	* modules/pam_unix/pam_unix_static.h: Removed.
+	* po/POTFILES.in: Remove removed files.
+	* tests/tst-dlopen.c: Remove PAM_STATIC part.
+
+2016-03-24  Thorsten Kukuk  <kukuk@thkukuk.de>
+
+	Fix check for libtirpc and enhance check for libnsl to include new libnsl.
+	* configure.ac: fix setting of CFLAGS/LIBS, enhance libnsl check
+	* modules/pam_unix/Makefile.am: replace NIS_* with TIRPC_* and NSL_*
+
+2016-03-23  Thorsten Kukuk  <kukuk@thkukuk.de>
+
+	Remove YP dependencies from pam_access, they were never used and such not needed.
+	* modules/pam_access/Makefile.am: Remove NIS_CFLAGS and NIS_LIBS
+	* modules/pam_access/pam_access.c: Remove yp_get_default_domain case,
+	  it will never be used.
+
+2016-03-04  Tomas Mraz  <tmraz@fedoraproject.org>
+
+	Add checks for localtime() returning NULL.
+	* modules/pam_lastlog/pam_lastlog.c (last_login_read): Check for localtime_r
+	returning NULL.
+	* modules/pam_tally2/pam_tally2.c (print_one): Check for localtime returning
+	NULL.
+
+	pam_unix: Silence warnings and fix a minor bug.
+	Fixes a minor bug in behavior when is_selinux_enabled()
+	returned negative value.
+
+	* modules/pam_unix/passverify.c: Add parentheses to SELINUX_ENABLED macro.
+	(unix_update_shadow): Safe cast forwho to non-const char *.
+	* modules/pam_unix/support.c: Remove unused SELINUX_ENABLED macro.
+
+2016-02-17  Tomas Mraz  <tmraz@fedoraproject.org>
+
+	pam_env: Document the /etc/environment file.
+	* modules/pam_env/Makefile.am: Add the environment.5 soelim stub.
+	* modules/pam_env/pam_env.8.xml: Add environ(7) reference.
+	* modules/pam_env/pam_env.conf.5.xml: Add environment alias name.
+	Add a paragraph about /etc/environment. Add environ(7) reference.
+
+	pam_unix: Add no_pass_expiry option to ignore password expiration.
+	* modules/pam_unix/pam_unix.8.xml: Document the no_pass_expiry option.
+	* modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): If no_pass_expiry
+	is on and return value data is not set to PAM_SUCCESS then ignore
+	PAM_NEW_AUTHTOK_REQD and PAM_AUTHTOK_EXPIRED returns.
+	* modules/pam_unix/pam_unix_auth.c (pam_sm_authenticate): Always set the
+	return value data.
+	(pam_sm_setcred): Test for likeauth option and use the return value data
+	only if set.
+	* modules/pam_unix/support.h: Add the no_pass_expiry option.
+
+2016-01-25  Tomas Mraz  <tmraz@fedoraproject.org>
+
+	pam_unix: Change the salt length for new hashes to 16 characters.
+	* modules/pam_unix/passverify.c (create_password_hash): Change the
+	salt length for new hashes to 16 characters.
+
+2015-12-17  Tomas Mraz  <tmraz@fedoraproject.org>
+
+	Relax the conditions for fatal failure on auditing.
+	The PAM library calls will not fail anymore for any uid if the return
+	value from the libaudit call is -EPERM.
+
+	* libpam/pam_audit.c (_pam_audit_writelog): Remove check for uid != 0.
+
+2015-12-16  Tomas Mraz  <tmraz@fedoraproject.org>
+
+	pam_tally2: Optionally log the tally count when checking.
+	* modules/pam_tally2/pam_tally2.c (tally_parse_args): Add debug option.
+	(tally_check): Always log the tally count with debug option.
+
+2015-10-02  Jakub Hrozek  <jakub.hrozek@posteo.se>
+
+	Docfix: pam handle is const in pam_syslog() and pam_vsyslog()
+	* doc/man/pam_syslog.3.xml: Add const to pam handle in pam_syslog() and pam_vsyslog().
+
+2015-09-24  Tomas Mraz  <tmraz@fedoraproject.org>
+
+	pam_loginuid: Add syslog message if required auditd is not detected.
+	* modules/pam_loginuid/pam_loginuid.c (_pam_loginuid): Add syslog message
+	if required auditd is not detected.
+
+2015-09-04  Tomas Mraz  <tmraz@fedoraproject.org>
+
+	Allow links to be used instead of w3m for documentation regeneration.
+	* configure.ac: If w3m is not found check for links.
+
+	Add missing space in pam_misc_setenv man page.
+	* doc/man/pam_misc_setenv.3.xml: Add a missing space.
+
+2015-08-12  Tomas Mraz  <tmraz@fedoraproject.org>
+
+	pam_rootok: use rootok permission instead of passwd permission in SELinux check.
+	* modules/pam_rootok/pam_rootok.c (selinux_check_root): Use rootok instead of
+	passwd permission.
+
+2015-08-05  Amarnath Valluri  <amarnath.valluri@intel.com>
+
+	pam_timestamp: Avoid leaking file descriptor.
+	* modules/pam_timestamp/hmacsha1.c(hmac_key_create):
+	    close 'keyfd' when failed to own it.
+
+2015-06-22  Thorsten Kukuk  <kukuk@thkukuk.de>
+
+	Release version 1.2.1.
+	Security fix: CVE-2015-3238
+
+	If the process executing pam_sm_authenticate or pam_sm_chauthtok method
+	of pam_unix is not privileged enough to check the password, e.g.
+	if selinux is enabled, the _unix_run_helper_binary function is called.
+	When a long enough password is supplied (16 pages or more, i.e. 65536+
+	bytes on a system with 4K pages), this helper function hangs
+	indefinitely, blocked in the write(2) call while writing to a blocking
+	pipe that has a limited capacity.
+	With this fix, the verifiable password length will be limited to
+	PAM_MAX_RESP_SIZE bytes (i.e. 512 bytes) for pam_exec and pam_unix.
+
+	* NEWS: Update
+	* configure.ac: Bump version
+	* modules/pam_exec/pam_exec.8.xml: document limitation of password length
+	* modules/pam_exec/pam_exec.c: limit password length to PAM_MAX_RESP_SIZE
+	* modules/pam_unix/pam_unix.8.xml: document limitation of password length
+	* modules/pam_unix/pam_unix_passwd.c: limit password length
+	* modules/pam_unix/passverify.c: Likewise
+	* modules/pam_unix/passverify.h: Likewise
+	* modules/pam_unix/support.c: Likewise
+
+2015-04-27  Thorsten Kukuk  <kukuk@thkukuk.de>
+
+	Update NEWS file.
+
+	Release version 1.2.0.
+	* NEWS: Update
+	* configure.ac: Bump version
+	* libpam/Makefile.am: Bump version of libpam
+	* libpam_misc/Makefile.am: Bump version of libpam_misc
+	* po/*: Regenerate po files
+
+	Fix some grammatical errors in documentation. Patch by Louis Sautier.
+	* doc/adg/Linux-PAM_ADG.xml: Fix gramatical errors.
+	* doc/man/pam.3.xml: Likewise.
+	* doc/man/pam_acct_mgmt.3.xml: Likewise.
+	* doc/man/pam_chauthtok.3.xml: Likewise.
+	* doc/man/pam_sm_chauthtok.3.xml: Likewise.
+	* modules/pam_limits/limits.conf.5.xml: Likewise.
+	* modules/pam_mail/pam_mail.8.xml: Likewise.
+	* modules/pam_rhosts/pam_rhosts.c: Likewise.
+	* modules/pam_shells/pam_shells.8.xml: Likewise.
+	* modules/pam_tally/pam_tally.8.xml: Likewise.
+	* modules/pam_tally2/pam_tally2.8.xml: Likewise.
+	* modules/pam_unix/pam_unix.8.xml: Likewise.
+
+2015-04-23  Thorsten Kukuk  <kukuk@thkukuk.de>
+
+	Add "quiet" option to pam_unix to suppress informential info messages from session.
+	* modules/pam_unix/pam_unix.8.xml: Document new option.
+	* modules/pam_unix/support.h: Add quiet option.
+	* modules/pam_unix/pam_unix_sess.c: Don't print LOG_INFO messages if
+	 'quiet' option is set.
+
+2015-04-07  Tomas Mraz  <tmraz@fedoraproject.org>
+
+	Use crypt_r if available in pam_userdb and in pam_unix.
+	* modules/pam_unix/passverify.c (create_password_hash): Call crypt_r()
+	instead of crypt() if available.
+	* modules/pam_userdb/pam_userdb.c (user_lookup): Call crypt_r()
+	instead of crypt() if available.
+
+2015-03-25  Thorsten Kukuk  <kukuk@thkukuk.de>
+
+	Support alternative "vendor configuration" files as fallback to /etc (Ticket#34, patch from ay Sievers <kay@vrfy.org>)
+	* doc/man/pam.8.xml: document additonal config directory
+	* libpam/pam_handlers.c: add /usr/lib/pam.d as config file fallback directory
+	* libpam/pam_private.h: adjust defines
+
+	pam_env: expand @{HOME} and @{SHELL} and enhance documentation (Ticket#24 and #29)
+	* modules/pam_env/pam_env.c: Replace @{HOME} and @{SHELL} with passwd entries
+	* modules/pam_env/pam_env.conf.5.xml: Document @{HOME} and @{SHELL}
+	* modules/pam_env/pam_env.8.xml: Enhance documentation
+
+2015-03-24  Thorsten Kukuk  <kukuk@thkukuk.de>
+
+	Clarify pam_access docs re PAM service names and X $DISPLAY value testing. (Ticket #39)
+	* modules/pam_access/access.conf.5.xml
+	* modules/pam_access/pam_access.8.xml
+
+	Don't use sudo directory, the timestamp format is different (Ticket#32)
+	* modules/pam_timestamp/pam_timestamp.c: Change default timestamp directory.
+
+	Enhance group.conf examples (Ticket#35)
+	* modules/pam_group/group.conf.5.xml: Enhance example by logic group entry.
+
+	Document timestampdir option (Ticket#33)
+	* modules/pam_timestamp/pam_timestamp.8.xml: Add timestampdir option.
+
+	Adjust documentation (Ticket#36)
+	* libpam/pam_delay.c: Change 25% in comment to 50% as used in code.
+	* doc/man/pam_fail_delay.3.xml: Change 25% to 50%
+
+2015-02-18  Tomas Mraz  <tmraz@fedoraproject.org>
+
+	Updated translations from Transifex.
+	* po/*.po: Updated translations from Transifex.
+
+2015-01-07  Dmitry V. Levin  <ldv@altlinux.org>
+
+	build: raise gettext version requirement.
+	Raise gettext requirement to the latest oldstable version 0.18.3.
+	This fixes the following automake warning:
+
+	configure.ac:581: warning: The 'AM_PROG_MKDIR_P' macro is deprecated, and its use is discouraged.
+	configure.ac:581: You should use the Autoconf-provided 'AC_PROG_MKDIR_P' macro instead,
+	configure.ac:581: and use '$(MKDIR_P)' instead of '$(mkdir_p)'in your Makefile.am files.
+
+	* configure.ac (AM_GNU_GETTEXT_VERSION): Raise from 0.15 to 0.18.3.
+	* po/Makevars: Update from gettext-0.18.3.
+
+2015-01-07  Ronny Chevalier  <chevalier.ronny@gmail.com>
+
+	build: adjust automake warning flags.
+	Enable all automake warning flags except for the portability issues,
+	since non portable features are used among the makefiles.
+
+	* configure.ac (AM_INIT_AUTOMAKE): Add -Wall -Wno-portability.
+
+2015-01-07  Dmitry V. Levin  <ldv@altlinux.org>
+
+	build: rename configure.in to configure.ac.
+	This fixes the following automake warning:
+	aclocal: warning: autoconf input should be named 'configure.ac', not 'configure.in'
+
+	* configure.in: Rename to configure.ac.
+
+	Remove unmodified GNU gettext files installed by autopoint.
+	These files are part of GNU gettext; we have not modified them, they are
+	installed by autopoint which is called by autoreconf, so they had to be
+	removed from this repository along with ABOUT-NLS, config.rpath, and
+	mkinstalldirs files that were removed by commit
+	Linux-PAM-1_1_5-7-g542ec8b.
+
+	* po/Makefile.in.in: Remove.
+	* po/Rules-quot: Likewise.
+	* po/boldquot.sed: Likewise.
+	* po/en@boldquot.header: Likewise.
+	* po/en@quot.header: Likewise.
+	* po/insert-header.sin: Likewise.
+	* po/quot.sed: Likewise.
+	* po/remove-potcdate.sin: Likewise.
+	* po/.gitignore: Ignore these files.
+
+2015-01-06  Ronny Chevalier  <chevalier.ronny@gmail.com>
+
+	Update .gitignore.
+	* .gitignore: Ignore *.log and *.trs files.
+
+2015-01-02  Luke Shumaker  <lukeshu@sbcglobal.net>
+
+	libpam: Only print "Password change aborted" when it's true.
+	pam_get_authtok() may be used any time that a password needs to be entered,
+	unlike pam_get_authtok_{no,}verify(), which may only be used when
+	changing a password; yet when the user aborts, it prints "Password change
+	aborted." whether or not that was the operation being performed.
+
+	This bug was non-obvious because none of the modules distributed with
+	Linux-PAM use it for anything but changing passwords; pam_unix has its
+	own utility function that it uses instead.  As an example, the
+	nss-pam-ldapd package uses it in pam_sm_authenticate().
+
+	libpam/pam_get_authtok.c (pam_get_authtok_internal): check that the
+	password is trying to be changed before printing a message about the
+	password change being aborted.
+
+2014-12-10  Dmitry V. Levin  <ldv@altlinux.org>
+
+	build: extend cross compiling check to cover CPPFLAGS (ticket #21)
+	Use BUILD_CPPFLAGS variable to override CPPFLAGS where necessary in
+	case of cross compiling, in addition to CC_FOR_BUILD, BUILD_CFLAGS,
+	and BUILD_LDFLAGS variables introduced earlier to override CC,
+	CFLAGS, and LDFLAGS, respectively.
+
+	* configure.in (BUILD_CPPFLAGS): Define.
+	* doc/specs/Makefile.am (CPPFLAGS): Define to @BUILD_CPPFLAGS@.
+
+2014-12-09  Dmitry V. Levin  <ldv@altlinux.org>
+
+	Do not use yywrap (ticket #42)
+	Our scanners do not really use yywrap.  Explicitly disable yywrap
+	so that no references to yywrap will be generated and no LEXLIB
+	would be needed.
+
+	* conf/pam_conv1/Makefile.am (pam_conv1_LDADD): Remove.
+	* conf/pam_conv1/pam_conv_l.l: Enable noyywrap option.
+	* doc/specs/Makefile.am (padout_LDADD): Remove.
+	* doc/specs/parse_l.l: Enable noyywrap option.
+
+2014-12-09  Kyle Manna  <kyle@kylemanna.com>
+
+	doc: fix a trivial typo in pam_authenticate return values (ticket #38)
+	* doc/man/pam_authenticate.3.xml: Fix a typo in PAM_AUTHINFO_UNAVAIL.
+
+2014-12-09  Ronny Chevalier  <chevalier.ronny@gmail.com>
+
+	doc: fix typo in pam_authenticate.3.xml.
+	* doc/man/pam_authenticate.3.xml: Fix typo.
+
+2014-10-17  Tomas Mraz  <tmraz@fedoraproject.org>
+
+	pam_succeed_if: Fix copy&paste error in rhost and tty values.
+	modules/pam_succeed_if/pam_succeed_if.c (evaluate): Use PAM_RHOST
+	and PAM_TTY properly for the rhost and tty values.
+
+	pam_succeed_if: Use long long type for numeric values.
+	The currently used long with additional conversion to int is
+	too small for uids and gids.
+
+	modules/pam_succeed_if/pam_succeed_if.c (evaluate_num): Replace
+	strtol() with strtoll() and int with long long in the parameters
+	of comparison functions.
+
+2014-09-05  Tomas Mraz  <tmraz@fedoraproject.org>
+
+	Add grantor field to audit records of libpam.
+	The grantor field gives audit trail of PAM modules which granted access
+	for successful return from libpam calls. In case of failed return
+	the grantor field is set to '?'.
+	libpam/pam_account.c (pam_acct_mgmt): Remove _pam_auditlog() call.
+	libpam/pam_auth.c (pam_authenticate, pam_setcred): Likewise.
+	libpam/pam_password.c (pam_chauthtok): Likewise.
+	libpam/pam_session.c (pam_open_session, pam_close_session): Likewise.
+	libpam/pam_audit.c (_pam_audit_writelog): Add grantors parameter,
+	add grantor= field to the message if grantors is set.
+	(_pam_list_grantors): New function creating the string with grantors list.
+	(_pam_auditlog): Add struct handler pointer parameter, call _pam_list_grantors()
+	to list the grantors from the handler list.
+	(_pam_audit_end): Add NULL handler parameter to _pam_auditlog() call.
+	(pam_modutil_audit_write): Add NULL grantors parameter to _pam_audit_writelog().
+	libpam/pam_dispatch.c (_pam_dispatch_aux): Set h->grantor where appropriate.
+	(_pam_clear_grantors): New function to clear grantor field of handler.
+	(_pam_dispatch): Call _pam_clear_grantors() before executing the stack.
+	Call _pam_auditlog() when appropriate.
+	libpam/pam_handlers.c (extract_modulename): Do not allow empty module name
+	or just "?" to avoid confusing audit trail.
+	(_pam_add_handler): Test for NULL return from extract_modulename().
+	Clear grantor field of handler.
+	libpam/pam_private.h: Add grantor field to struct handler, add handler pointer
+	parameter to _pam_auditlog().
+
+2014-08-26  Tomas Mraz  <tmraz@fedoraproject.org>
+
+	pam_mkhomedir: Drop superfluous stat() call.
+	modules/pam_mkhomedir/mkhomedir_helper.c (create_homedir): Drop superfluous
+	stat() call.
+
+	pam_exec: Do not depend on open() returning STDOUT_FILENO.
+	modules/pam_exec/pam_exec.c (call_exec): Move the descriptor to
+	STDOUT_FILENO if needed.
+
+2014-08-25  Robin Hack  <rhack@redhat.com>
+
+	pam_keyinit: Check return value of setregid.
+	modules/pam_keyinit/pam_keyinit.c (pam_sm_open_session): Log if setregid() fails.
+
+	pam_filter: Avoid leaking descriptors when fork() fails.
+	modules/pam_filter/pam_filter.c (set_filter): Close descriptors when fork() fails.
+
+2014-08-14  Robin Hack  <rhack@redhat.com>
+
+	pam_echo: Avoid leaking file descriptor.
+	modules/pam_echo/pam_echo.c (pam_echo): Close fd in error cases.
+
+2014-08-13  Robin Hack  <rhack@redhat.com>
+
+	pam_tty_audit: Silence Coverity reporting uninitialized use.
+	modules/pam_tty_audit/pam_tty_audit.c (nl_recv): Initialize also
+	msg_flags.
+
+2014-08-13  Tomas Mraz  <tmraz@fedoraproject.org>
+
+	pam_tally2: Avoid uninitialized use of fileinfo.
+	Problem found by Robin Hack <rhack@redhat.com>.
+	modules/pam_tally2/pam_tally2.c (get_tally): Do not depend on file size
+	just try to read it.
+
+	pam_access: Avoid uninitialized access of line.
+	* modules/pam_access/pam_access.c (login_access): Reorder condition
+	so line is not accessed when uninitialized.
+
+2014-08-05  Tomas Mraz  <tmraz@fedoraproject.org>
+
+	pam_lastlog: Properly clean up last_login structure before use.
+	modules/pam_lastlog/pam_lastlog.c (last_login_write): Properly clean up last_login
+	structure before use.
+
+2014-07-21  Tomas Mraz  <tmraz@fedoraproject.org>
+
+	Make pam_pwhistory and pam_unix tolerant of corrupted opasswd file.
+	* modules/pam_pwhistory/opasswd.c (parse_entry): Test for missing fields
+	in opasswd entry and return error.
+	* modules/pam_unix/passverify.c (save_old_password): Test for missing fields
+	in opasswd entry and skip it.
+
+2014-07-01  Dmitry V. Levin  <ldv@altlinux.org>
+
+	doc: add missing build dependencies for soelim stubs.
+	* doc/man/Makefile.am [ENABLE_REGENERATE_MAN]: Add dependencies for
+	pam_verror.3, pam_vinfo.3, pam_vprompt.3, and pam_vsyslog.3 soelim stubs.
+
+2014-06-23  Dmitry V. Levin  <ldv@altlinux.org>
+
+	doc: fix install in case of out of tree build (ticket #31)
+	* doc/adg/Makefile.am (install-data-local, releasedocs): Fall back
+	to srcdir if documentation files haven't been found in builddir.
+	(releasedocs): Treat missing documentation files as an error.
+	* doc/mwg/Makefile.am: Likewise.
+	* doc/sag/Makefile.am: Likewise.
+
+2014-06-19  Dmitry V. Levin  <ldv@altlinux.org>
+
+	doc: fix installation of adg-*.html and mwg-*.html files (ticket #31)
+	Fix a typo due to which sag-*.html files might be installed instead of
+	adg-*.html and mwg-*.html files.
+
+	* doc/adg/Makefile.am (install-data-local): Install adg-*.html instead
+	of sag-*.html.
+	* doc/mwg/Makefile.am (install-data-local): Install mwg-*.html instead
+	of sag-*.html.
+
+	Patch-by: Mike Frysinger <vapier@gentoo.org>
+
+2014-06-19  Tomas Mraz  <tmraz@fedoraproject.org>
+
+	pam_limits: nofile refers to file descriptors not files.
+	modules/pam_limits/limits.conf.5.xml: Correct documentation of nofile limit.
+	modules/pam_limits/limits.conf: Likewise.
+
+	pam_limits: clarify documentation of maxlogins and maxsyslogins limits.
+	modules/pam_limits/limits.conf.5.xml: clarify documentation of
+	maxlogins and maxsyslogins limits.
+
+	pam_unix: Check for NULL return from Goodcrypt_md5().
+	modules/pam_unix/pam_unix_passwd.c (check_old_password): Check for
+	NULL return from Goodcrypt_md5().
+
+	pam_unix: check for NULL return from malloc()
+	* modules/pam_unix/md5_crypt.c (crypt_md5): Check for NULL return from malloc().
+
+2014-05-22  Tomas Mraz  <tmraz@fedoraproject.org>
+
+	pam_loginuid: Document one more possible case of PAM_IGNORE return.
+	modules/pam_loginuid/pam_loginuid.8.xml: Document one more possible case
+	of PAM_IGNORE return value.
+
+	pam_loginuid: Document other possible return values.
+	modules/pam_loginuid/pam_loginuid.8.xml: Document the possible return
+	values.
+
+2014-03-26  Dmitry V. Levin  <ldv@altlinux.org>
+
+	pam_timestamp: fix potential directory traversal issue (ticket #27)
+	pam_timestamp uses values of PAM_RUSER and PAM_TTY as components of
+	the timestamp pathname it creates, so extra care should be taken to
+	avoid potential directory traversal issues.
+
+	* modules/pam_timestamp/pam_timestamp.c (check_tty): Treat
+	"." and ".." tty values as invalid.
+	(get_ruser): Treat "." and ".." ruser values, as well as any ruser
+	value containing '/', as invalid.
+
+	Fixes CVE-2014-2583.
+
+	Reported-by: Sebastian Krahmer <krahmer@suse.de>
+
+2014-03-20  Tomas Mraz  <tmraz@fedoraproject.org>
+
+	pam_userdb: document that .db suffix should not be used.
+	modules/pam_userdb/pam_userdb.8.xml: Document that .db suffix
+	should not be used and correct the example.
+
+2014-03-11  Tomas Mraz  <tmraz@fedoraproject.org>
+
+	pam_selinux: canonicalize user name.
+	SELinux expects canonical user name for example without domain component.
+
+	* modules/pam_selinux/pam_selinux.c (compute_exec_context): Canonicalize user name with pam_modutil_getpwnam().
+
+2014-01-28  Dmitry V. Levin  <ldv@altlinux.org>
+
+	Change tarball name back to "Linux-PAM"
+	As a side effect of commit Linux-PAM-1_1_8-11-g3fa23ce, tarball name
+	changed accidentally from "Linux-PAM" to "linux-pam".
+	This change brings it back to "Linux-PAM".
+
+	* configure.in (AC_INIT): Explicitly specify TARNAME argument.
+
+2014-01-27  Dmitry V. Levin  <ldv@altlinux.org>
+
+	Introduce pam_modutil_sanitize_helper_fds.
+	This change introduces pam_modutil_sanitize_helper_fds - a new function
+	that redirects standard descriptors and closes all other descriptors.
+
+	pam_modutil_sanitize_helper_fds supports three types of input and output
+	redirection:
+	- PAM_MODUTIL_IGNORE_FD: do not redirect at all.
+	- PAM_MODUTIL_PIPE_FD: redirect to a pipe.  For stdin, it is implemented
+	  by creating a pipe, closing its write end, and redirecting stdin to
+	  its read end.  Likewise, for stdout/stderr it is implemented by
+	  creating a pipe, closing its read end, and redirecting to its write
+	  end.  Unlike stdin redirection, stdout/stderr redirection to a pipe
+	  has a side effect that a process writing to such descriptor should be
+	  prepared to handle SIGPIPE appropriately.
+	- PAM_MODUTIL_NULL_FD: redirect to /dev/null.  For stdin, it is
+	  implemented via PAM_MODUTIL_PIPE_FD because there is no functional
+	  difference.  For stdout/stderr, it is classic redirection to
+	  /dev/null.
+
+	PAM_MODUTIL_PIPE_FD is usually more suitable due to linux kernel
+	security restrictions, but when the helper process might be writing to
+	the corresponding descriptor and termination of the helper process by
+	SIGPIPE is not desirable, one should choose PAM_MODUTIL_NULL_FD.
+
+	* libpam/pam_modutil_sanitize.c: New file.
+	* libpam/Makefile.am (libpam_la_SOURCES): Add it.
+	* libpam/include/security/pam_modutil.h (pam_modutil_redirect_fd,
+	pam_modutil_sanitize_helper_fds): New declarations.
+	* libpam/libpam.map (LIBPAM_MODUTIL_1.1.9): New interface.
+	* modules/pam_exec/pam_exec.c (call_exec): Use
+	pam_modutil_sanitize_helper_fds.
+	* modules/pam_mkhomedir/pam_mkhomedir.c (create_homedir): Likewise.
+	* modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary): Likewise.
+	* modules/pam_unix/pam_unix_passwd.c (_unix_run_update_binary):
+	Likewise.
+	* modules/pam_unix/support.c (_unix_run_helper_binary): Likewise.
+	* modules/pam_xauth/pam_xauth.c (run_coprocess): Likewise.
+	* modules/pam_unix/support.h (MAX_FD_NO): Remove.
+
+	pam_xauth: avoid potential SIGPIPE when writing to xauth process.
+	Similar issue in pam_unix was fixed by commit Linux-PAM-0-73~8.
+
+	* modules/pam_xauth/pam_xauth.c (run_coprocess): In the parent process,
+	close the read end of input pipe after writing to its write end.
+
+	pam_loginuid: log significant loginuid write errors.
+	* modules/pam_loginuid/pam_loginuid.c (set_loginuid): Log those errors
+	during /proc/self/loginuid update that are not ignored.
+
+	Fix gratuitous use of strdup and x_strdup.
+	There is no need to copy strings passed as arguments to execve,
+	the only potentially noticeable effect of using strdup/x_strdup
+	would be a malformed argument list in case of memory allocation error.
+
+	Also, x_strdup, being a thin wrapper around strdup, is of no benefit
+	when its argument is known to be non-NULL, and should not be used in
+	such cases.
+
+	* modules/pam_cracklib/pam_cracklib.c (password_check): Use strdup
+	instead of x_strdup, the latter is of no benefit in this case.
+	* modules/pam_ftp/pam_ftp.c (lookup): Likewise.
+	* modules/pam_userdb/pam_userdb.c (user_lookup): Likewise.
+	* modules/pam_userdb/pam_userdb.h (x_strdup): Remove.
+	* modules/pam_mkhomedir/pam_mkhomedir.c (create_homedir): Do not use
+	x_strdup for strings passed as arguments to execve.
+	* modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary): Likewise.
+	* modules/pam_unix/pam_unix_passwd.c (_unix_run_update_binary): Likewise.
+	* modules/pam_unix/support.c (_unix_run_helper_binary): Likewise.
+	(_unix_verify_password): Use strdup instead of x_strdup, the latter
+	is of no benefit in this case.
+	* modules/pam_xauth/pam_xauth.c (run_coprocess): Do not use strdup for
+	strings passed as arguments to execv.
+
+	pam_userdb: fix password hash comparison.
+	Starting with commit Linux-PAM-0-77-28-g0b3e583 that introduced hashed
+	passwords support in pam_userdb, hashes are compared case-insensitively.
+	This bug leads to accepting hashes for completely different passwords in
+	addition to those that should be accepted.
+
+	Additionally, commit Linux-PAM-1_1_6-13-ge2a8187 that added support for
+	modern password hashes with different lengths and settings, did not
+	update the hash comparison accordingly, which leads to accepting
+	computed hashes longer than stored hashes when the latter is a prefix
+	of the former.
+
+	* modules/pam_userdb/pam_userdb.c (user_lookup): Reject the computed
+	hash whose length differs from the stored hash length.
+	Compare computed and stored hashes case-sensitively.
+	Fixes CVE-2013-7041.
+
+	Bug-Debian: http://bugs.debian.org/731368
+
+2014-01-24  Dmitry V. Levin  <ldv@altlinux.org>
+
+	pam_xauth: log fatal errors preventing xauth process execution.
+	* modules/pam_xauth/pam_xauth.c (run_coprocess): Log errors from pipe()
+	and fork() calls.
+
+2014-01-22  Dmitry V. Levin  <ldv@altlinux.org>
+
+	pam_loginuid: cleanup loginuid buffer initialization.
+	* modules/pam_loginuid/pam_loginuid.c (set_loginuid): Move loginuid
+	buffer initialization closer to its first use.
+
+	libpam_misc: fix an inconsistency in handling memory allocation errors.
+	When misc_conv fails to allocate memory for pam_response array, it
+	returns PAM_CONV_ERR.  However, when read_string fails to allocate
+	memory for a response string, it loses the response string and silently
+	ignores the error, with net result as if EOF has been read.
+
+	* libpam_misc/misc_conv.c (read_string): Use strdup instead of x_strdup,
+	the latter is of no benefit in this case.
+	Do not ignore potential memory allocation errors returned by strdup,
+	forward them to misc_conv.
+
+2014-01-20  Dmitry V. Levin  <ldv@altlinux.org>
+
+	pam_limits: fix utmp->ut_user handling.
+	ut_user member of struct utmp is a string that is not necessarily
+	null-terminated, so extra care should be taken when using it.
+
+	* modules/pam_limits/pam_limits.c (check_logins): Convert ut->UT_USER to
+	a null-terminated string and consistently use it where a null-terminated
+	string is expected.
+
+	pam_mkhomedir: check and create home directory for the same user (ticket #22)
+	Before pam_mkhomedir helper was introduced in commit
+	7b14630ef39e71f603aeca0c47edf2f384717176, pam_mkhomedir was checking for
+	existance and creating the same directory - the home directory of the
+	user NAME returned by pam_get_item(PAM_USER).
+
+	The change in behaviour accidentally introduced along with
+	mkhomedir_helper is not consistent: while the module still checks for
+	getpwnam(NAME)->pw_dir, the directory created by mkhomedir_helper is
+	getpwnam(getpwnam(NAME)->pw_name)->pw_dir, which is not necessarily
+	the same as the directory being checked.
+
+	This change brings check and creation back in sync, both handling
+	getpwnam(NAME)->pw_dir.
+
+	* modules/pam_mkhomedir/pam_mkhomedir.c (create_homedir): Replace
+	"struct passwd *" argument with user's name and home directory.
+	Pass user's name to MKHOMEDIR_HELPER.
+	(pam_sm_open_session): Update create_homedir call.
+
+2014-01-20  Tomas Mraz  <tmraz@fedoraproject.org>
+
+	pam_limits: detect and ignore stale utmp entries.
+	Original idea by Christopher Hailey
+
+	* modules/pam_limits/pam_limits.c (check_logins): Use kill() to
+	detect if pid of the utmp entry is still running and ignore the entry
+	if it is not.
+
+2014-01-19  Stéphane Graber  <stgraber@ubuntu.com>
+
+	pam_loginuid: Always return PAM_IGNORE in userns.
+	The previous patch to support user namespaces works fine with containers
+	that are started from a desktop/terminal session but fails when dealing
+	with containers that were started from a remote session such as ssh.
+
+	I haven't looked at the exact reason for that in the kernel but on the
+	userspace side of things, the difference is that containers started from
+	an ssh session will happily let pam open /proc/self/loginuid read-write,
+	will let it read its content but will then fail with EPERM when trying
+	to write to it.
+
+	So to make the userns support bullet proof, this commit moves the userns
+	check earlier in the function (which means a small performance impact as
+	it'll now happen everytime on kernels that have userns support) and will
+	set rc = PAM_IGNORE instead of rc = PAM_ERROR.
+
+	The rest of the code is still executed in the event that PAM is run on a
+	future kernel where we have some kind of audit namespace that includes a
+	working loginuid.
+
+2014-01-15  Steve Langasek  <vorlon@debian.org>
+
+	pam_namespace: don't use bashisms in default namespace.init script.
+	* modules/pam_namespace/pam_namespace.c: call setuid() before execing the
+	namespace init script, so that scripts run with maximum privilege regardless
+	of the shell implementation.
+	* modules/pam_namespace/namespace.init: drop the '-p' bashism from the
+	shebang line
+
+	This is not a POSIX standard option, it's a bashism.  The bash manpage says
+	that it's used to prevent the effective user id from being reset to the real
+	user id on startup, and to ignore certain unsafe variables from the
+	environment.
+
+	In the case of pam_namespace, the -p is not necessary for environment
+	sanitizing because the PAM module (properly) sanitizes the environment
+	before execing the script.
+
+	The stated reason given in CVS history for passing -p is to "preserve euid
+	when called from setuid apps (su, newrole)."  This should be done more
+	portably, by calling setuid() before spawning the shell.
+
+	Bug-Debian: http://bugs.debian.org/624842
+	Bug-Ubuntu: https://bugs.launchpad.net/bugs/1081323
+
+2014-01-10  Stéphane Graber  <stgraber@ubuntu.com>
+
+	pam_loginuid: Ignore failure in user namespaces.
+	When running pam_loginuid in a container using the user namespaces, even
+	uid 0 isn't allowed to set the loginuid property.
+
+	This change catches the EACCES from opening loginuid, checks if the user
+	is in the host namespace (by comparing the uid_map with the host's one)
+	and only if that's the case, sets rc to 1.
+
+	Should uid_map not exist or be unreadable for some reason, it'll be
+	assumed that the process is running on the host's namespace.
+
+	The initial reason behind this change was failure to ssh into an
+	unprivileged container (using a 3.13 kernel and current LXC) when using
+	a standard pam profile for sshd (which requires success from
+	pam_loginuid).
+
+	I believe this solution doesn't have any drawback and will allow people
+	to use unprivileged containers normally. An alternative would be to have
+	all distros set pam_loginuid as optional but that'd be bad for any of
+	the other potential failure case which people may care about.
+
+	There has also been some discussions to get some of the audit features
+	tied with the user namespaces but currently none of that has been merged
+	upstream and the currently proposed implementation doesn't cover
+	loginuid (nor is it clear how this should even work when loginuid is set
+	as immutable after initial write).
+
+2014-01-10  Dmitry V. Levin  <ldv@altlinux.org>
+
+	pam_loginuid: return PAM_IGNORE when /proc/self/loginuid does not exist.
+	When /proc/self/loginuid does not exist, return PAM_IGNORE instead of
+	PAM_SUCCESS, so that we can distinguish between "loginuid set
+	successfully" and "loginuid not set, but this is expected".
+
+	Suggested by Steve Langasek.
+
+	* modules/pam_loginuid/pam_loginuid.c (set_loginuid): Change return
+	code semantics: return PAM_SUCCESS on success, PAM_IGNORE when loginuid
+	does not exist, PAM_SESSION_ERR in case of any other error.
+	(_pam_loginuid): Forward the PAM error code returned by set_loginuid.
+
+2013-11-20  Dmitry V. Levin  <ldv@altlinux.org>
+
+	pam_access: fix debug level logging (ticket #19)
+	* modules/pam_access/pam_access.c (group_match): Log the group token
+	passed to the function, not an uninitialized data on the stack.
+
+	pam_warn: log flags passed to the module (ticket #25)
+	* modules/pam_warn/pam_warn.c (log_items): Take "flags" argument and
+	log it using pam_syslog.
+	(pam_sm_authenticate, pam_sm_setcred, pam_sm_chauthtok,
+	pam_sm_acct_mgmt, pam_sm_open_session, pam_sm_close_session): Pass
+	"flags" argument to log_items.
+
+	Modernize AM_INIT_AUTOMAKE invocation.
+	Before this change, automake complained that two- and three-arguments
+	forms of AM_INIT_AUTOMAKE are deprecated.
+
+	* configure.in: Pass PACKAGE and VERSION arguments to AC_INIT instead
+	of AM_INIT_AUTOMAKE.
+
+	Fix autoconf warnings.
+	Before this change, autoconf complained that AC_COMPILE_IFELSE
+	and AC_RUN_IFELSE was called before AC_USE_SYSTEM_EXTENSIONS.
+
+	* configure.in: Call AC_USE_SYSTEM_EXTENSIONS before LT_INIT.
+
+	pam_securetty: check return value of fgets.
+	Checking return value of fgets not only silences the warning from glibc
+	but also leads to a cleaner code.
+
+	* modules/pam_securetty/pam_securetty.c (securetty_perform_check):
+	Check return value of fgets.
+
+	pam_lastlog: fix format string.
+	gcc -Wformat justly complains:
+	format '%d' expects argument of type 'int', but argument 5 has type 'time_t'
+
+	* modules/pam_lastlog/pam_lastlog.c (pam_sm_authenticate): Fix format
+	string.
+
+2013-11-20  Darren Tucker  <dtucker@zip.com.au>
+
+	If the correct loginuid is set already, skip writing it.
+	modules/pam_loginuid/pam_loginuid.c (set_loginuid): Read the current loginuid
+	and skip writing if already correctly set.
+
+2013-11-11  Thorsten Kukuk  <kukuk@thkukuk.de>
+
+		Always ask for old password if changing NIS account.
+		* modules/pam_unix/pam_unix_passwd.c (pam_sm_chauthtok): ask
+		for old password if NIS account.
+
+2013-11-08  Thorsten Kukuk  <kukuk@thkukuk.de>
+
+	Allow DES as compatibility option for /etc/login.defs.
+	* modules/pam_unix/support.h: Add UNIX_DES
+
+2013-10-14  Tomas Mraz  <tmraz@fedoraproject.org>
+
+	Docfix: pam_prompt() and pam_vprompt() return int.
+	doc/man/pam_prompt.3.xml: pam_prompt() and pam_vprompt() return int.
+
+	Make pam_tty_audit work with old kernels not supporting log_passwd.
+	modules/pam_tty_audit/pam_tty_audit.c(nl_recv): Pad result with zeros
+	if message is short from older kernel.
+
+2013-09-25  Tomas Mraz  <tmraz@fedoraproject.org>
+
+	Fix pam_tty_audit log_passwd support and regression.
+	modules/pam_tty_audit/pam_tty_audit.c: Add missing "config.h" include.
+	(pam_sm_open_session): Always copy the old status as initialization of new.
+
 2013-09-19  Thorsten Kukuk  <kukuk@thkukuk.de>
 
 	Release version 1.1.8.