1 files changed, 693 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
new file mode 100644
index 00000000..a86707d2
--- /dev/null
+++ b/ChangeLog
@@ -0,0 +1,693 @@
+2013-09-19  Thorsten Kukuk  <kukuk@thkukuk.de>
+
+	Release version 1.1.8.
+
+2013-09-16  Thorsten Kukuk  <kukuk@thkukuk.de>
+
+	Check return value of setuid to remove glibc warnings.
+	* modules/pam_unix/pam_unix_acct.c: Check setuid return value.
+	* modules/pam_unix/support.c: Likewise.
+
+2013-09-13  Tomas Mraz  <tmraz@fedoraproject.org>
+
+	Write to *rounds only if non-NULL.
+	modules/pam_unix/support.c(_set_ctrl): Write to *rounds only if non-NULL.
+
+	Add missing ')'
+	modules/pam_unix/pam_unix_passwd.c: Add missing ')'..
+
+2013-09-11  Thorsten Kukuk  <kukuk@thkukuk.de>
+
+	Release version 1.1.7.
+
+2013-09-11  Tomas Mraz  <tmraz@fedoraproject.org>
+
+	Updated translations from Transifex.
+	po/*.po: Updated translations from Transifex.
+
+2013-09-04  Thorsten Kukuk  <kukuk@thkukuk.de>
+
+	Extend pam_exec by stdout and type= options (ticket #8):
+	* modules/pam_exec/pam_exec.c: Add stdout and type= option
+	* modules/pam_exec/pam_exec.8.xml: Document new options
+
+2013-08-30  Thorsten Kukuk  <kukuk@thkukuk.de>
+
+	Fix compile error.
+	* modules/pam_unix/pam_unix_acct.c: fix last change
+
+2013-08-29  Thorsten Kukuk  <kukuk@thkukuk.de>
+
+	Restart waitpid if it returns with EINTR (ticket #17)
+	* modules/pam_unix/pam_unix_acct.c: run waitpid in a while loop.
+	* modules/pam_unix/pam_unix_passwd.c: Likewise.
+	* modules/pam_unix/support.c: Likewise.
+
+2013-08-28  Thorsten Kukuk  <kukuk@thkukuk.de>
+
+	misc_conv.3: Fix documentation of misc_conv.
+	doc/man/misc_conv.3.xml: Fix return value of misc_conv
+
+2013-08-23  Tomas Mraz  <tmraz@fedoraproject.org>
+
+	Apply the exclusive check in pam_sepermit only when loginuid not set.
+	* modules/pam_sepermit/pam_sepermit.c(get_loginuid): Read loginuid from
+	/proc
+	(sepermit_match): Apply the exclusive check only when loginuid not set.
+
+2013-08-22  Tomas Mraz  <tmraz@fedoraproject.org>
+
+	Updated translations from Transifex.
+	* po/*.po: Updated translations from Transifex.
+
+2013-07-02  Dmitry V. Levin  <ldv@altlinux.org>
+
+	pam_rootok: fix linking in --enable-audit mode.
+	pam_rootok.c explicitly uses functions from libaudit, so the module has
+	to be linked with the library.
+
+	* modules/pam_rootok/Makefile.am (pam_rootok_la_LIBADD): Add @LIBAUDIT@.
+
+2013-07-01  Richard Guy Briggs  <rgb@redhat.com>
+
+	pam_tty_audit: fix a typo that crept in during patch review.
+	* modules/pam_tty_audit/pam_tty_audit.c (pam_sm_open_session): Replace
+	all occurrences of HAVE_AUDIT_TTY_STATUS_LOG_PASSWD with
+	HAVE_STRUCT_AUDIT_TTY_STATUS_LOG_PASSWD.
+	* configure.in (HAVE_AUDIT_TTY_STATUS_LOG_PASSWD): Remove.
+
+2013-06-21  Richard Guy Briggs  <rgb@redhat.com>
+
+	pam_tty_audit: add an option to control logging of passwords: log_passwd
+	Most commands are entered one line at a time and processed as complete lines
+	in non-canonical mode.  Commands that interactively require a password, enter
+	canonical mode with echo set to off to do this.  This feature (icanon and
+	!echo) can be used to avoid logging passwords by audit while still logging the
+	rest of the command.  Adding a member to the struct audit_tty_status passed in
+	by pam_tty_audit allows control of logging passwords per task.
+
+	* configure.in: autoconf bits to conditionally add support at compile time
+	depending on struct audit_tty_status kernel header version.
+	* modules/pam_tty_audit/pam_tty_audit.8.xml: Document new pam_tty_audit module
+	log_passwd option.
+	* modules/pam_tty_audit/pam_tty_audit.c: (pam_sm_open_session): Added
+	"log_passwd" option parsing.
+
+2013-06-20  Tomas Mraz  <tmraz@fedoraproject.org>
+
+	Man page fix - unix_update runs in the permissive mode as well.
+	modules/pam_unix/unix_update.8.xml: unix_update helper runs in the
+	permissive mode as well.
+
+2013-06-18  Thorsten Kukuk  <kukuk@orinoco.thkukuk.de>
+
+	Use hash from /etc/login.defs as default if no other one is specified as argument.
+	* modules/pam_unix/support.c: Add search_key, call from __set_ctrl
+	* modules/pam_unix/support.h: Add define for /etc/login.defs
+	* modules/pam_unix/pam_unix.8.xml: Document new behavior.
+	* modules/pam_umask/pam_umask.c: Add missing NULL pointer check
+
+2013-04-12  Tomas Mraz  <tmraz@fedoraproject.org>
+
+	pam_access: better not change the default function used to get domain name.
+	modules/pam_access/pam_access.c (netgroup_match): As we did not use
+	yp_get_default_domain() in the 1.1 branch due to typo in ifdef
+	we should use it only as fallback.
+
+2013-03-28  Tomas Mraz  <tmraz@fedoraproject.org>
+
+	Fix strict aliasing issue in MD5 implementations.
+	modules/pam_namespace/md5.c (MD5Final): Use memcpy instead of assignment.
+	modules/pam_unix/md5.c (MD5Final): Use memcpy instead of assignment.
+
+2013-03-22  Tomas Mraz  <tmraz@fedoraproject.org>
+
+	pam_lastlog: Do not fail on short read if btmp is corrupted.
+	modules/pam_lastlog/pam_lastlog.c (last_login_failed): Just warn, not fail
+	on short read or read error.
+
+	pam_rootok: Allow proper logging of the user AVC if access disallowed by SELinux
+	modules/pam_rootok/pam_rootok.c (log_callback, selinux_check_root): New functions.
+	(check_for_root): Use the selinux_check_root() instead of checkPasswdAccess.
+
+2013-02-08  Tomas Mraz  <tmraz@fedoraproject.org>
+
+	Add checks for crypt() returning NULL.
+	modules/pam_pwhistory/opasswd.c (compare_password): Add check for crypt() NULL return.
+	modules/pam_unix/bigcrypt.c (bigcrypt): Likewise.
+
+2013-02-07  Tomas Mraz  <tmraz@fedoraproject.org>
+
+	pam_userdb: Allow also modern password hashes supported by crypt().
+	modules/pam_userdb/pam_userdb.c (user_lookup): Allow password hashes
+	longer than 13 characters and long salt.
+
+2013-01-18  Walter de Jong  <walter.dejong@surfsara.nl>
+
+	pam_access: fix typo in ifdef.
+	modules/pam_access/pam_access.c (netgroup_match): Fix typo
+	in #ifdef HAVE_YP_GET_DEFAULT_DOMAIN.
+
+2012-12-20  Tomas Mraz  <tmraz@fedoraproject.org>
+
+	pam_cracklib: Mention checks that are not run for root.
+	modules/pam_cracklib/pam_cracklib.8.xml: Add note about checks
+	when run as root.
+
+	Update also the POT file.
+	po/Linux-PAM.pot: Update to reflect current sources.
+
+2012-12-12  Tomas Mraz  <tmraz@fedoraproject.org>
+
+	Updated translations from Transifex, added new languages.
+	po/LINGUAS: Added new languages.
+	po/*.po: Updated translations from Transifex including new languages.
+
+2012-11-30  Tomas Mraz  <tmraz@fedoraproject.org>
+
+	pam_selinux: Drop obsolete and unsupported manual context selection.
+	modules/pam_selinux/pam_selinux.c (manual_context): Drop function.
+	(compute_exec_context): Drop manual_context() call.
+
+2012-11-23  Tomas Mraz  <tmraz@fedoraproject.org>
+
+	pam_limits: fix grammatical mistake.
+	modules/pam_limits/limits.conf: Fix grammatical mistake.
+
+2012-11-13  Tomas Mraz  <tmraz@fedoraproject.org>
+
+	Reflect the enforce_for_root semantics change in pam_pwhistory xtest.
+	xtests/tst-pam_pwhistory1.pamd: Use enforce_for_root as the test is
+	running with real uid == 0.
+
+2012-10-10  Dmitry V. Levin  <ldv@altlinux.org>
+
+	pam_unix: fix build in --enable-selinux mode.
+	glibc's <sys/wait.h> starting with commit
+	http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=glibc-2.15-231-gd94a467
+	does not include <sys/resource.h> for POSIX 2008 conformance reasons, so
+	when pam is being built with SELinux support enabled, pam_unix_passwd.c
+	uses getrlimit(2) and therefore should include <sys/resource.h> without
+	relying on other headers.
+
+	* modules/pam_unix/pam_unix_passwd.c: Include <sys/resource.h>.
+
+	Reported-by: Guido Trentalancia <guido@trentalancia.com>
+	Reported-by: "Jory A. Pratt" <anarchy@gentoo.org>
+	Reported-by: Diego Elio Pettenò <flameeyes@flameeyes.eu>
+
+2012-10-10  Tomas Mraz  <tmraz@fedoraproject.org>
+
+	pam_namespace: add mntopts flag for tmpfs mount options.
+	modules/pam_namespace/pam_namespace.h: Add mount_opts member to polydir
+	structure.
+	modules/pam_namespace/pam_namespace.c (del_polydir): Free the mount_opts.
+	(parse_method): Parse the mntopts flag.
+	(ns_setup): Pass the mount_opts to mount().
+	modules/pam_namespace/namespace.conf.5.xml: Document the mntopts flag.
+
+2012-09-06  Tomas Mraz  <tmraz@fedoraproject.org>
+
+	pam_selinux, pam_tally2: Add tty and rhost to audit data.
+	modules/pam_selinux/pam_selinux.c (send_audit_message): Obtain tty and
+	rhost from PAM items and pass them to audit.
+	modules/pam_tally2/pam_tally2.c (tally_check): Obtain tty and
+	rhost from PAM items and pass them to audit.
+	(main): Obtain tty name of stdin and pass it to audit.
+
+	Update configure.in to use more recent interfaces.
+	configure.in: Use LT_INIT instead of AC_PROG_LIBTOOL and AS_HELP_STRING instead
+	of AC_HELP_STRING.
+
+2012-08-17  Tomas Mraz  <tmraz@fedoraproject.org>
+
+	Add missing $(DESTDIR) when making directories on install.
+	modules/pam_namespace/Makefile.am: Add missing $(DESTDIR) when making
+	$(namespaceddir) on install.
+	modules/pam_sepermit/Makefile.am: Add missing $(DESTDIR) when making
+	$(sepermitlockdir) on install.
+
+2012-08-17  Thorsten Kukuk  <kukuk@orinoco.thkukuk.de>
+
+	release version 1.1.6.
+	configure.in: Bump version to 1.1.6
+	NEWS: Document changes
+	po/*.po: Regenerate *.po files
+
+2012-08-16  Thorsten Kukuk  <kukuk@thkukuk.de>
+
+	Small documentation and define fixes.
+	modules/pam_limits/limits.conf.5.xml: Document race of maxlogins [#10]
+	modules/pam_namespace/pam_namespace.h: Define MS_SLAVE if necessary
+	modules/pam_pwhistory/pam_pwhistory.c: Document how the module works
+	modules/pam_unix/pam_unix.8.xml: Document remember option obsoleted by pam_pwhistory [#6]
+
+2012-08-13  Tomas Mraz  <tmraz@fedoraproject.org>
+
+	Respect PAM_AUTHTOK_TYPE in pam_get_authtok_verify().
+	libpam/pam_get_authtok.c (pam_get_authtok_internal): Set the PAM_AUTHTOK_TYPE
+	item when obtained from module options.
+	(pam_get_authtok_verify): Use the PAM_AUTHTOK_TYPE item when prompting.
+
+2012-08-09  Tomas Mraz  <tmraz@fedoraproject.org>
+
+	Document limits.d also in the limits.conf manpage.
+	modules/pam_limits/limits.conf.5.xml: Document the limits.d existence.
+
+2012-07-23  Tomas Mraz  <tmraz@fedoraproject.org>
+
+	New autotools do not create empty directories on install.
+	modules/pam_namespace/Makefile.am: Add install-data-local target to create
+	namespaceddir.
+	modules/pam_sepermit/Makefile.am: Add install-data-local target to create
+	sepermitlockdir.
+
+2012-07-09  Stevan Bajić  <stevan@bajic.ch>
+
+	RLIMIT_* variables are no longer defined unless you explicitly include sys/resource.h.
+
+	modules/pam_unix/pam_unix_acct.c: Include sys/resource.h.
+
+2012-06-27  Tomas Mraz  <tmraz@fedoraproject.org>
+
+	pam_umask: correct the documentation of GECOS field parsing.
+	modules/pam_umask/pam_umask.8.xml: Correct the documentation of GECOS field
+	parsing.
+
+2012-06-22  Tomas Mraz  <tmraz@fedoraproject.org>
+
+	pam_cracklib: Add monotonic character sequence checking.
+	modules/pam_cracklib/pam_cracklib.c (_pam_parse): Parse the maxsequence option.
+	(sequence): New function to check for too long monotonic sequence of characters.
+	(password_check): Call the sequence().
+	modules/pam_cracklib/pam_cracklib.8.xml: Document the maxsequence check.
+
+2012-06-01  Tomas Mraz  <tmraz@fedoraproject.org>
+
+	pam_timestamp: Fix copy&paste error in manpage.
+	modules/pam_timestamp/pam_timestamp.8.xml: Fix AUTHOR section.
+
+2012-05-28  Tomas Mraz  <tmraz@fedoraproject.org>
+
+	Pulled new translations from Transifex.
+	po/*.po: Updated translations.
+
+	pam_pwhistory: Always record the old password even when root changes it.
+	modules/pam_pwhistory/pam_pwhistory.c (pam_sm_chauthtok): Use the UID of
+	the process instead of the target user UID (same as in pam_cracklib) to
+	check for root. Always record old password.
+
+2012-05-24  Tomas Mraz  <tmraz@fedoraproject.org>
+
+	pam_cracklib: Add enforce_for_root option.
+	modules/pam_cracklib/pam_cracklib.c (_pam_parse): Recognize the enforce_for_root option.
+	(pam_sm_chauthtok): Enforce errors for root with the option.
+	modules/pam_cracklib/pam_cracklib.8.xml: Document the enforce_for_root option.
+
+2012-04-30  Tomas Mraz  <tmraz@fedoraproject.org>
+
+	pam_cracklib: Add maxclassrepeat, gecoscheck checks and remove unused difignore.
+	modules/pam_cracklib/pam_cracklib.c (_pam_parse): Recognize the maxclassrepeat, gecoscheck options. Ignore difignore option.
+	(simple): Add the check for the same class repetition.
+	(usercheck): Refactor into wordcheck().
+	(gecoscheck): New test for words from the GECOS field.
+	(password_check): Call the gecoscheck().
+	(pam_sm_chauthtok): Drop the diff_ignore from options struct.
+	modules/pam_cracklib/pam_cracklib.8.xml: Document the maxclassrepeat and gecoscheck checks, update the documentation of the difok test.
+
+	pam_lastlog: Never lock out the root account.
+	modules/pam_lastlog/pam_lastlog.c (pam_sm_authenticate): Return PAM_SUCCESS if
+	uid==0.
+	modules/pam_lastlog/pam_lastlog.8.xml: Improve documentation.
+
+2012-04-17  Tomas Mraz  <tmraz@fedoraproject.org>
+
+	pam_lastlog: add possibility to lock out inactive users in auth or account
+	* modules/pam_lastlog/pam_lastlog.8.xml: Document the new functionality and
+	option.
+	* modules/pam_lastlog/pam_lastlog.c: Add the inactive user lock out.
+	(_pam_session_parse): Renamed from _pam_parse.
+	(_pam_auth_parse): New function to parse auth arguments.
+	(_last_login_open): Factor out opening of the lastlog file.
+	(_last_login_read): Factor out opening of the lastlog file.
+	(pam_sm_authenticate): Implement the lockout functionality.
+	(pam_sm_setcred): Just return PAM_SUCCESS.
+	(pam_sm_acct_mgmt): Call pam_sm_authenticate().
+
+2012-04-11  Paul Wouters  <pwouters@redhat.com>
+
+	Check for crypt() failure returning NULL.
+	* modules/pam_unix/pam_unix_passwd.c (pam_sm_chauthtok): Adjust syslog message.
+	* modules/pam_unix/passverify.c (create_password_hash): Check for crypt()
+	returning NULL.
+
+2012-02-03  Dmitry V. Levin  <ldv@altlinux.org>
+
+	pam_unix: make configuration consistent in --enable-static-modules mode.
+	In --enable-static-modules mode, it was not possible to use "pam_unix"
+	in PAM config files.  Instead, different names had to be used for each
+	management group: pam_unix_auth, pam_unix_acct, pam_unix_passwd and
+	pam_unix_session.  This change makes pam_unix configuration consistent
+	with other PAM modules.
+
+	* README: Remove the paragraph describing pam_unix distinctions in
+	--enable-static-modules mode.
+	* libpam/pam_static_modules.h (_pam_unix_acct_modstruct,
+	_pam_unix_auth_modstruct, _pam_unix_passwd_modstruct,
+	_pam_unix_session_modstruct): Remove.
+	(_pam_unix_modstruct): New pam_module declaration.
+	* modules/pam_unix/pam_unix_static.h: New file.
+	* modules/pam_unix/pam_unix_static.c: Likewise.
+	* modules/pam_unix/Makefile.am (noinst_HEADERS): Add pam_unix_static.h
+	(pam_unix_la_SOURCES) [STATIC_MODULES]: Add pam_unix_static.c
+	* modules/pam_unix/pam_unix_acct.c [PAM_STATIC]: Include
+	pam_unix_static.h
+	[PAM_STATIC] (_pam_unix_acct_modstruct): Remove.
+	* modules/pam_unix/pam_unix_auth.c [PAM_STATIC]: Include
+	pam_unix_static.h
+	[PAM_STATIC] (_pam_unix_auth_modstruct): Remove.
+	* modules/pam_unix/pam_unix_passwd.c [PAM_STATIC]: Include
+	pam_unix_static.h
+	[PAM_STATIC] (_pam_unix_passwd_modstruct): Remove.
+	* modules/pam_unix/pam_unix_sess.c [PAM_STATIC]: Include
+	pam_unix_static.h
+	[PAM_STATIC] (_pam_unix_session_modstruct): Remove.
+
+	Suggested-by: Matveychikov Ilya <i.matveychikov@securitycode.ru>
+
+2012-01-27  Dmitry V. Levin  <ldv@altlinux.org>
+
+	Make --disable-cracklib compatible with --enable-static-modules mode.
+	* configure.in: Define HAVE_LIBCRACK when cracklib is enabled.
+	* libpam/pam_static_modules.h (static_modules): Guard the use of
+	_pam_cracklib_modstruct by HAVE_LIBCRACK macro.
+
+2012-02-10  Tomas Mraz  <tmraz@fedoraproject.org>
+
+	Add missing includes for types used in the pam_modutil.h.
+	* libpam/include/security/pam_modutil.h: Add missing includes for used types.
+
+2012-01-27  Matveychikov Ilya  <i.matveychikov@securitycode.ru>
+
+	Fix compile time errors in --enable-static-modules mode.
+	* libpam/pam_static_modules.h (_pam_rhosts_auth_modstruct): Remove
+	obsolete declaration.
+	(static_modules): Remove undefined reference to
+	_pam_rhosts_auth_modstruct.
+	* modules/pam_pwhistory/opasswd.h: Rename {save,check}_old_password to
+	{save,check}_old_pass in order to avoid conflicts with pam_unix.
+	* modules/pam_pwhistory/opasswd.c: Likewise.
+	* modules/pam_pwhistory/pam_pwhistory.c: Likewise.
+	* modules/pam_tally2/pam_tally2.c: Rename _pam_tally_modstruct to
+	_pam_tally2_modstruct.
+
+2012-01-26  Dmitry V. Levin  <ldv@altlinux.org>
+
+	Fix SUBDIRS for --enable-static-modules mode.
+	There is no way to build "modules" subdirectory before "libpam" anyway.
+	In STATIC_MODULES mode, "libpam" subdirectory must be built twice to
+	produce a usable libpam.a without undefined references to multiple
+	_pam_*_modstruct symbols.
+
+	* Makefile.am: Use default SUBDIRS in STATIC_MODULES mode.
+
+2012-01-26  Matveychikov Ilya  <i.matveychikov@securitycode.ru>
+
+	configure: fix typo in --disable-nis help string.
+	* configure.in: Change '-disable-nis' to '--disable-nis'.
+
+2012-01-26  Tomas Mraz  <tmraz@fedoraproject.org>
+
+	Do not unmount anything by default in pam_namespace close session call.
+	* modules/pam_namespace/pam_namespace.c (pam_sm_close_session): Recognize
+	the unmount_on_close option and make the default to be to not unmount.
+	* modules/pam_namespace/pam_namespace.h: Rename PAMNS_NO_UNMOUNT_ON_CLOSE to
+	PAMNS_UNMOUNT_ON_CLOSE.
+	* modules/pam_namespace/pam_namespace.8.xml: Document the change.
+
+2012-01-24  Tomas Mraz  <tmraz@fedoraproject.org>
+
+	Make / mount as rslave instead of bind mounting polydirs.
+	* modules/pam_namespace/pam_namespace.c (protect_dir): Drop the always argument.
+	(check_inst_parent): Drop the always argument from protect_dir().
+	(create_polydir): Likewise.
+	(ns_setup): Likewise and do not mark the polydir with MS_PRIVATE.
+	(setup_namespace): Mark the / with MS_SLAVE|MS_REC.
+	* modules/pam_namespace/pam_namespace.8.xml: Reflect the change in docs.
+
+2012-01-13  Tomas Mraz  <tmraz@fedoraproject.org>
+
+	Add possibility to match ruser, rhost, and tty in pam_succeed_if.
+	* modules/pam_succeed_if/pam_succeed_if.c (evaluate): Match ruser,
+	rhost, and tty as left operand.
+	* modules/pam_succeed_if/pam_succeed_if.8.xml: Document the new
+	possible left operands.
+
+2012-01-03  Tomas Mraz  <tmraz@fedoraproject.org>
+
+	Merge branch 'master' of ssh://git.fedorahosted.org/git/linux-pam.
+
+	Fix matching of usernames in the pam_unix remember feature.
+	* modules/pam_unix/pam_unix_passwd.c (check_old_password): Make
+	sure we match only the whole username in opasswd entry.
+	* modules/pam_unix/passverify.c (save_old_password): Likewise make
+	sure we match only the whole username in opasswd entry.
+
+2011-12-26  Dmitry V. Levin  <ldv@altlinux.org>
+
+	pam_start: fix memory leak on error path.
+	* libpam/pam_start.c (pam_start): If _pam_make_env() or
+	_pam_init_handlers() returned an error, release the memory allocated
+	for pam_conv structure.
+
+	Patch-by: cancel <suntsu@yandex.ru>.
+
+2011-11-03  Dmitry V. Levin  <ldv@altlinux.org>
+
+	pam_selinux.8.xml: update.
+	* modules/pam_selinux/pam_selinux.8.xml (pam_selinux-cmdsynopsis):
+	Reorder options, add new "restore" option.
+	pam_selinux-description): Rewrite.
+	(pam_selinux-options): Reorder options, describe new "restore" option.
+	(pam_selinux-return_values): Remove PAM_AUTH_ERR, PAM_SESSION_ERR
+	and PAM_BUF_ERR.
+	(pam_selinux-see_also): Remove pam.conf(5).  Add execve(2), tty(4)
+	and selinux(8).
+
+	pam_selinux.c: add "restore" option.
+	* modules/pam_selinux/pam_selinux.c (pam_sm_open_session): Add new
+	"restore" option.
+
+	pam_selinux.c: rewrite using pam_get_data/pam_set_data.
+	* modules/pam_selinux/pam_selinux.c (security_restorelabel_tty,
+	security_label_tty): Remove old functions.
+	(module_data_t): New structure.
+	(free_module_data, cleanup, get_module_data, get_item,
+	set_exec_context, set_file_context, compute_exec_context,
+	compute_tty_context, restore_context, set_context,
+	create_context): New functions.
+	(pam_sm_authenticate, pam_sm_setcred, pam_sm_open_session,
+	pam_sm_close_session): Use them.
+
+2011-10-28  Dmitry V. Levin  <ldv@altlinux.org>
+
+	Use libpam.la/libpam_misc.la to link with -lpam/-lpam_misc.
+	GNU automake documentation recommends to avoid using -l options in
+	LDADD or LIBADD when referring to libraries built by the package.
+	Instead, it recommends to write the file name of the library explicitly,
+	and use -l option only to list third-party libraries.  As result, the
+	default value of *_DEPENDENCIES will list all local libraries and omit
+	the other ones.
+	* modules/pam_access/Makefile.am (pam_access_la_LIBADD): Replace
+	"-L$(top_builddir)/libpam -lpam" with
+	"$(top_builddir)/libpam/libpam.la", to follow GNU automake
+	recommendations.
+	* modules/pam_cracklib/Makefile.am (pam_cracklib_la_LIBADD): Likewise.
+	* modules/pam_debug/Makefile.am (pam_debug_la_LIBADD): Likewise.
+	* modules/pam_deny/Makefile.am (pam_deny_la_LIBADD): Likewise.
+	* modules/pam_echo/Makefile.am (pam_echo_la_LIBADD): Likewise.
+	* modules/pam_env/Makefile.am (pam_env_la_LIBADD): Likewise.
+	* modules/pam_exec/Makefile.am (pam_exec_la_LIBADD): Likewise.
+	* modules/pam_faildelay/Makefile.am (pam_faildelay_la_LIBADD): Likewise.
+	* modules/pam_filter/Makefile.am (pam_filter_la_LIBADD): Likewise.
+	* modules/pam_filter/upperLOWER/Makefile.am (LDADD): Likewise.
+	* modules/pam_ftp/Makefile.am (pam_ftp_la_LIBADD): Likewise.
+	* modules/pam_group/Makefile.am (pam_group_la_LIBADD): Likewise.
+	* modules/pam_issue/Makefile.am (pam_issue_la_LIBADD): Likewise.
+	* modules/pam_keyinit/Makefile.am (pam_keyinit_la_LIBADD): Likewise.
+	* modules/pam_lastlog/Makefile.am (pam_lastlog_la_LIBADD): Likewise.
+	* modules/pam_limits/Makefile.am (pam_limits_la_LIBADD): Likewise.
+	* modules/pam_listfile/Makefile.am (pam_listfile_la_LIBADD): Likewise.
+	* modules/pam_localuser/Makefile.am (pam_localuser_la_LIBADD): Likewise.
+	* modules/pam_loginuid/Makefile.am (pam_loginuid_la_LIBADD): Likewise.
+	* modules/pam_mail/Makefile.am (pam_mail_la_LIBADD): Likewise.
+	* modules/pam_mkhomedir/Makefile.am (pam_mkhomedir_la_LIBADD,
+	mkhomedir_helper_LDADD): Likewise.
+	* modules/pam_motd/Makefile.am (pam_motd_la_LIBADD): Likewise.
+	* modules/pam_namespace/Makefile.am (pam_namespace_la_LIBADD): Likewise.
+	* modules/pam_nologin/Makefile.am (pam_nologin_la_LIBADD): Likewise.
+	* modules/pam_permit/Makefile.am (pam_permit_la_LIBADD): Likewise.
+	* modules/pam_pwhistory/Makefile.am (pam_pwhistory_la_LIBADD): Likewise.
+	* modules/pam_rhosts/Makefile.am (pam_rhosts_la_LIBADD): Likewise.
+	* modules/pam_rootok/Makefile.am (pam_rootok_la_LIBADD): Likewise.
+	* modules/pam_securetty/Makefile.am (pam_securetty_la_LIBADD): Likewise.
+	* modules/pam_sepermit/Makefile.am (pam_sepermit_la_LIBADD): Likewise.
+	* modules/pam_shells/Makefile.am (pam_shells_la_LIBADD): Likewise.
+	* modules/pam_stress/Makefile.am (pam_stress_la_LIBADD): Likewise.
+	* modules/pam_succeed_if/Makefile.am (pam_succeed_if_la_LIBADD):
+	Likewise.
+	* modules/pam_tally/Makefile.am (pam_tally_la_LIBADD): Likewise.
+	* modules/pam_tally2/Makefile.am (pam_tally2_la_LIBADD,
+	pam_tally2_LDADD): Likewise.
+	* modules/pam_time/Makefile.am (pam_time_la_LIBADD): Likewise.
+	* modules/pam_timestamp/Makefile.am (pam_timestamp_la_LIBADD,
+	pam_timestamp_check_LDADD, hmacfile_LDADD): Likewise.
+	* modules/pam_tty_audit/Makefile.am (pam_tty_audit_la_LIBADD): Likewise.
+	* modules/pam_umask/Makefile.am (pam_umask_la_LIBADD): Likewise.
+	* modules/pam_unix/Makefile.am (pam_unix_la_LIBADD): Likewise.
+	* modules/pam_userdb/Makefile.am (pam_userdb_la_LIBADD): Likewise.
+	* modules/pam_warn/Makefile.am (pam_warn_la_LIBADD): Likewise.
+	* modules/pam_wheel/Makefile.am (pam_wheel_la_LIBADD): Likewise.
+	* modules/pam_xauth/Makefile.am (pam_xauth_la_LIBADD): Likewise.
+	* tests/Makefile.am (LDADD): Likewise.
+	* examples/Makefile.am (LDADD): Replace "-L$(top_builddir)/libpam -lpam"
+	with "$(top_builddir)/libpam/libpam.la", and
+	"-L$(top_builddir)/libpam_misc -lpam_misc" with
+	"$(top_builddir)/libpam_misc/libpam_misc.la", to follow GNU automake
+	recommendations.
+	* xtests/Makefile.am (LDADD): Likewise.
+	* modules/pam_selinux/Makefile.am (pam_selinux_la_LIBADD): Likewise.
+
+	Fix usage of LIBADD, LDADD and LDFLAGS.
+	* modules/pam_selinux/Makefile.am: Rename pam_selinux_check_LDFLAGS to
+	pam_selinux_check_LDADD.
+	* modules/pam_userdb/Makefile.am: Split out pam_userdb_la_LIBADD from
+	AM_LDFLAGS.
+	* modules/pam_warn/Makefile.am: Split out pam_warn_la_LIBADD from
+	AM_LDFLAGS.
+	* modules/pam_wheel/Makefile.am: Split out pam_wheel_la_LIBADD from
+	AM_LDFLAGS.
+	* modules/pam_xauth/Makefile.am: split out pam_xauth_la_LIBADD from
+	AM_LDFLAGS.
+	* xtests/Makefile.am: Rename AM_LDFLAGS to LDADD.
+
+2011-10-27  Dmitry V. Levin  <ldv@altlinux.org>
+
+	Update .gitignore files.
+	* .gitignore: Add common ignore patterns.
+	* m4/.gitignore: Unignore local m4 files.
+	* dynamic/.gitignore: Unignore Makefile.
+	* libpamc/test/modules/.gitignore: Likewise.
+	* libpamc/test/regress/.gitignore: Likewise.
+	* po/.gitignore: Add Makevars.template.
+	* conf/.gitignore: Remove common ignore patterns.
+	* conf/pam_conv1/.gitignore: Likewise.
+	* doc/.gitignore: Likewise.
+	* doc/specs/.gitignore: Likewise.
+	* doc/specs/formatter/.gitignore: Likewise.
+	* examples/.gitignore: Likewise.
+	* modules/pam_filter/upperLOWER/.gitignore: Likewise.
+	* modules/pam_mkhomedir/.gitignore: Likewise.
+	* modules/pam_selinux/.gitignore: Likewise.
+	* modules/pam_stress/.gitignore: Likewise.
+	* modules/pam_tally/.gitignore: Likewise.
+	* modules/pam_tally2/.gitignore: Likewise.
+	* modules/pam_timestamp/.gitignore: Likewise.
+	* modules/pam_unix/.gitignore: Likewise.
+	* tests/.gitignore: Likewise.
+	* xtests/.gitignore: Likewise.
+	* doc/adg/.gitignore: Remove.
+	* doc/man/.gitignore: Remove.
+	* doc/mwg/.gitignore: Remove.
+	* doc/sag/.gitignore: Remove.
+	* libpamc/.gitignore: Remove.
+	* libpamc/test/.gitignore: Remove.
+	* libpam/.gitignore: Remove.
+	* libpam_misc/.gitignore: Remove.
+	* modules/.gitignore: Remove.
+	* modules/pam_access/.gitignore: Remove.
+	* modules/pam_cracklib/.gitignore: Remove.
+	* modules/pam_debug/.gitignore: Remove.
+	* modules/pam_deny/.gitignore: Remove.
+	* modules/pam_echo/.gitignore: Remove.
+	* modules/pam_env/.gitignore: Remove.
+	* modules/pam_exec/.gitignore: Remove.
+	* modules/pam_faildelay/.gitignore: Remove.
+	* modules/pam_filter/.gitignore: Remove.
+	* modules/pam_ftp/.gitignore: Remove.
+	* modules/pam_group/.gitignore: Remove.
+	* modules/pam_issue/.gitignore: Remove.
+	* modules/pam_keyinit/.gitignore: Remove.
+	* modules/pam_lastlog/.gitignore: Remove.
+	* modules/pam_limits/.gitignore: Remove.
+	* modules/pam_listfile/.gitignore: Remove.
+	* modules/pam_localuser/.gitignore: Remove.
+	* modules/pam_loginuid/.gitignore: Remove.
+	* modules/pam_mail/.gitignore: Remove.
+	* modules/pam_motd/.gitignore: Remove.
+	* modules/pam_namespace/.gitignore: Remove.
+	* modules/pam_nologin/.gitignore: Remove.
+	* modules/pam_permit/.gitignore: Remove.
+	* modules/pam_pwhistory/.gitignore: Remove.
+	* modules/pam_rhosts/.gitignore: Remove.
+	* modules/pam_rootok/.gitignore: Remove.
+	* modules/pam_securetty/.gitignore: Remove.
+	* modules/pam_sepermit/.gitignore: Remove.
+	* modules/pam_shells/.gitignore: Remove.
+	* modules/pam_succeed_if/.gitignore: Remove.
+	* modules/pam_time/.gitignore: Remove.
+	* modules/pam_tty_audit/.gitignore: Remove.
+	* modules/pam_umask/.gitignore: Remove.
+	* modules/pam_userdb/.gitignore: Remove.
+	* modules/pam_warn/.gitignore: Remove.
+	* modules/pam_wheel/.gitignore: Remove.
+	* modules/pam_xauth/.gitignore: Remove.
+
+	Move generated auxiliary files to build-aux directory.
+	* configure.in: Add AC_CONFIG_AUX_DIR([build-aux]).
+
+	Remove generated files.
+	* ABOUT-NLS: Remove.
+	* INSTALL: Remove.
+	* config.rpath: Remove.
+	* install-sh: Remove.
+	* mkinstalldirs: Remove.
+	* Makefile.am (EXTRA_DIST): Remove config.rpath and mkinstalldirs.
+	* .gitignore: Add ABOUT-NLS and INSTALL.
+
+	Create release tarballs using safe ownership and permissions.
+	* Makefile.am: Define and export TAR_OPTIONS.
+
+	Generate ChangeLog from git log.
+	* .gitignore: Add ChangeLog
+	* ChangeLog: Rename to ChangeLog-CVS.
+	* Makefile.am (gen-changelog): New rule.
+	(dist-hook, .PHONY): Depend on it.
+	(EXTRA_DIST): Add ChangeLog-CVS.
+	* README-hacking: New file.
+	* gitlog-to-changelog: Import from gnulib.
+	* autogen.sh: Create empty ChangeLog file to make automake strictness
+	check happy.  Use automated "autoreconf -fiv" instead of manual
+	invocations of various autotools.
+
+	Fix "make distcheck"
+	There is no use to distribute m4 files manually, because automake does
+	the right thing, while manual distribution is not only redundant but
+	also very fragile.
+	* Makefile.am (M4_FILES): Remove.
+	(EXTRA_DIST): Remove M4_FILES.
+
+	Remove modules/pam_timestamp/hmacfile from distribution.
+	* modules/pam_timestamp/Makefile.am (dist_TESTS): Add tst-pam_timestamp.
+	(nodist_TESTS): Add hmacfile.
+	(EXTRA_DIST): Replace TESTS with dist_TESTS.
+
+	Rename all .cvsignore files to .gitignore.
+
+	Fix whitespace issues.
+	Cleanup trailing whitespaces, indentation that uses spaces before tabs,
+	and blank lines at EOF.  Make the project free of warnings reported by
+	git diff --check 4b825dc642cb6eb9a060e54bf8d69288fbee4904 HEAD
+
+
+See ChangeLog-CVS for earlier changes.