diff options
Diffstat (limited to 'Linux-PAM/CHANGELOG')
| -rw-r--r-- | Linux-PAM/CHANGELOG | 145 |
1 files changed, 141 insertions, 4 deletions
diff --git a/Linux-PAM/CHANGELOG b/Linux-PAM/CHANGELOG index f187f0f7..3a886546 100644 --- a/Linux-PAM/CHANGELOG +++ b/Linux-PAM/CHANGELOG @@ -1,5 +1,5 @@ -$Id: CHANGELOG,v 1.1.1.2 2002/09/15 20:08:18 hartmans Exp $ +$Id: CHANGELOG,v 1.184 2005/03/31 14:50:39 kukuk Exp $ ----------------------------- @@ -50,14 +50,151 @@ bug report - outstanding bugs are listed here: (to file another bug see the 'submit bug' button on that page). + +There is now a second bug tracking system for Linux-PAM on BerliOS. +You can find the list of outstanding bugs on BerliOS here: + +http://developer.berlios.de/bugs/?func=browse&group_id=2134&set=open + +BerliOS Bugs are marked with (BerliOS #XXXX). + ==================================================================== -0.76: please submit patches for this section with actual code/doc - patches! +0.79: Thu Mar 31 16:48:45 CEST 2005 +* pam_tally: added audit option (toady) +* pam_unix: don't log user unknown failure when he can be properly + authenticated by another module (t8m) +* configure: don't abort if no cracklib dictinaries were found, but + warn user that pam_cracklib will not be built (kukuk) +* modules/pam_unix/support.c: Fix return value if user aborts while + changes the password (Bug 872945 - kukuk) +* modules/pam_unix/support.c: Fix return value for an unknown user + (Bug 872943 - kukuk) +* pam_limits: support for new Linux kernel 2.6 limits (from toby cabot + - t8m) +* pam_tally: major rewrite of the module (t8m) +* libpam: don't return PAM_IGNORE for OK or JUMP actions if using + cached chain (Bug 629251 - t8m) +* pam_nologin: don't overwrite return value with return from + pam_get_item (t8m) +* libpam: Add more checks for broken PAM configuration files to + avoid seg.faults (kukuk) +* pam_shells: correct README +* libpam: Fix debug code (kukuk) +* pam_limits: Fix order of LIMITS_DEF_* priorities (kukuk) +* pam_xauth: preserve DISPLAY variable (Novell #66885 - kukuk) +* libpam: Add prelude ids (http://www.prelude-ids.org) support, + as experimental. (toady) +* configure: Add the directory where new versions of cracklib is + installed (from Jim Gifford - toady) + +0.78: Do Nov 18 14:48:36 CET 2004 + +* pam_unix: change the order of trying password changes - local first, + NIS second (t8m) +* pam_wheel: add option only_root to make it affect authentication + to root account only +* pam_unix: test return values on renaming files and report error to + syslog and to user +* pam_unix: forced password change shouldn't trump account expiration +* pam_unix: remove the use of openlog (from debian - toady) +* pam_unix: NIS cleanup (patch from Philippe Troin) +* pam_access: you can now authenticate an explicit user on an explicit + tty (from debian - toady) +* pam_limits, pam_rhosts, pam_unix: fixed hurd portability issues + (patch from Igor Khavkine) +* pam_env: added comments in the configuration file to avoid errors + (from debian - toady) +* pam_mail: check PAM_NO_ENV to know if we can delete the environment + variable (from debian - toady) +* pam_filter: s/termio/termios/g (from debian - toady) +* pam_mkhomedir: no maxpathlen required (from debian - toady) +* pam_limits: applied patch to allow explicit limits for root + and remove limits on su. (from debian - toady) +* pam_unix: severe denial of service possible with this module since + it locked too aggressively. Bug report and testing help from Sascha + Loetz. (Bug 664290 - agmorgan) +* getlogin was spoofable: "/tmp/" and "/dev/" have the same number of + characters, so 'ln /dev/tty /tmp/tty1 ; bash < /tmp/tty1 ; logname' + attacks could potentially spoof pam_wheel with the 'trust' module + argument into granting access to a luser. Also, pam_unix gave + odd error messages in such a situation (logname != uid). This + problem was found by David Endler of iDefense.com (Bug 667584 - + agmorgan). +* added my new DSA public key to the pgp.keys.asc file. Also included + a signed copy of my new public key (1024D/D41A6DF2) made with my old + key (1024/2A398175). +* added "include" directive to config file syntax. + The whole idea is to create few "systemwide" pam configs and include + parts of them in application pam configs. + (patch by "Dmitry V. Levin" <ldv@altlinux.org>) (Bug 812567 - baggins). +* doc/modules/pam_mkhomedir.sgml: Remove wrong debug options + (Bug 591605 - kukuk) +* pam_unix: Call password checking helper whenever the password field + contains only one character (Bug 1027903 - kukuk) +* libpam/pam_start.c: All service names should be files below /etc/pam.d + and nothing else. Forbid paths. (Bug 1027912 - kukuk) +* pam_cracklib: Fix error in distance algorithm in the 0.9 pam_cracklib + module (Bug 1010142 - toady) +* pam_userdb: applied patch from Paul Walmsley <paul@booyaka.com> + it now indicates whether encrypted or plaintext passwords are stored + in the database needed for pam_userdb (BerliOS - toady) +* pam_group: The module should also ignore PAM_REINITIALIZE_CRED to + avoid spurious errors (from Linux distributors - kukuk) +* pam_cracklib: Clear the entire options structure (from Linux + distributors - kukuk) +* pam_issue: We write a NUL to prompt_tmp[tot_size] later, so make sure + that the destination is part of the allocated block, make do_prompt + static (from Linux distributors - kukuk) +* ldconfig: Only run full ldconfig, if we don't install into a FAKEROOT + environment, else let ldconfig only create the symlinks correct + (from Linux distributors - kukuk) +* pam_unix/pam_pwdb: Use SIG_DFL instead of SIG_IGN for SIGCHLD + (from Linux distributors - kukuk) +* Add most of Steve Grubb's resource leak and other fixes (from + Linux distributors - kukuk) +* doc/Makefile: Don't include .cvsignore files in tar ball (kukuk) +* libpam_misc/misc_conv.c: Differentiate between Ctrl-D and + <Return> (Bug 1032604 - kukuk) +* Make.Rules.in: Add targets for installing man pages for modules + (from Linux distributors - kukuk) +* Add pam_xauth module (Bug 436440 - kukuk) +* Add pam_localuser module (Bug 436444 - kukuk) +* Add pam_succeed_if module (from Linux distributors - kukuk) +* configure.in: Fix check for libcrypt (Bug 417704 - kukuk) +* Add the "broken_shadow" argument to pam_unix, for ignoring errors + reading shadow information (from Linux distributors - kukuk) +* Add patches to make PAM modules reentrant (Bug 440107 - kukuk) +* Merge patches from Red Hat (Bug 477000 and other - kukuk) +* Fix pam_rhosts option parsing (Bug 922648 - kukuk) +* Add $ISA support in config files (from Red Hat - kukuk) + +0.77: Mon Sep 23 10:25:42 PDT 2002 + +* documentation support for pdf files was not quite right - + installation was messed up. +* pam_wheel was too aggressive to grant access (in the case of the + 'deny' option you want to pay attention to 'trust'). Fix from + Nalin (Bugs 476951, 476953 - agmorgan) +* account management support for: pam_shells, pam_listfile, pam_wheel + and pam_securetty (+ static module fix for pam_nologin). Patch from + redhat through Harald Welte (Bug 436435 - agmorgan). +* pam_wheel feature from Nalin - can use the module to provide wheel + access to non-root accounts. Also from Nalin, a bugfix related to + the primary group of the applicant is the 'wheel' group. (Bugs + 476980, 476941 - agmorgan) +* pam_unix and pam_pwdb: by default turn off the SIGCHLD handler while + running the helper binary (patch from Nalin) added the "noreap" + module argument to both of these modules to turn off this new + default. Bugfix found by Silvan Minghetti for former module and + 521314 checkin. (Bugs 476963, 521314 - agmorgan). +* updated CHANGELOG and configure.in for 0.77 work. + +0.76: Mon Jul 8 21:44:59 PDT 2002 * pam_unix: fix for legacy crypt() support when the password entered was long. (Bug 521314 - agmorgan). -* pam_access no longer include gethostname() prototype complained from +* pam_access no longer include gethostname() prototype complaint from David Lee (Bug 415423 - agmorgan). * make pam_nologin more secure by default, added two new module arguments etc. - acting on suggestion from Nico (Bug 419307 - |