summaryrefslogtreecommitdiff
path: root/NEWS
diff options
context:
space:
mode:
Diffstat (limited to 'NEWS')
-rw-r--r--NEWS64
1 files changed, 64 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index e8c0de87..719b7194 100644
--- a/NEWS
+++ b/NEWS
@@ -1,5 +1,69 @@
Linux-PAM NEWS -- history of user-visible changes.
+Release 1.5.3
+* configure: added options to configure stylesheets.
+* configure: added --enable-logind option to use logind instead of utmp
+ in pam_issue and pam_timestamp.
+* pam_modutil_getlogin: changed to use getlogin() from libc instead of parsing utmp.
+* Added libeconf support to pam_env and pam_shells.
+* Added vendor directory support to pam_access, pam_env, pam_group, pam_faillock,
+ pam_limits, pam_namespace, pam_pwhistory, pam_sepermit, pam_shells, and pam_time.
+* pam_limits: changed to not fail on missing config files.
+* pam_pwhistory: added conf= option to specify config file location.
+* pam_pwhistory: added file= option to specify password history file location.
+* pam_shells: added shells.d support when libeconf and vendordir are enabled.
+* Deprecated pam_lastlog: this module is no longer built by default because
+ it uses utmp, wtmp, btmp and lastlog, but none of them are Y2038 safe,
+ even on 64bit architectures.
+ pam_lastlog will be removed in one of the next releases, consider using
+ pam_lastlog2 (from https://github.com/thkukuk/lastlog2) and/or
+ pam_wtmpdb (from https://github.com/thkukuk/wtmpdb) instead.
+* Deprecated _pam_overwrite(), _pam_overwrite_n(), and _pam_drop_reply() macros
+ provided by _pam_macros.h; the memory override performed by these macros can
+ be optimized out by the compiler and therefore can no longer be relied upon.
+* Multiple minor bug fixes, portability fixes, documentation improvements,
+ and translation updates.
+
+Release 1.5.2
+* pam_exec: implemented quiet_log option.
+* pam_mkhomedir: added support of HOME_MODE and UMASK from /etc/login.defs.
+* pam_timestamp: changed hmac algorithm to call openssl instead of the bundled
+ sha1 implementation if selected, added option to select
+ the hash algorithm to use with HMAC.
+* Added pkgconfig files for provided libraries.
+* Added --with-systemdunitdir configure option to specify systemd unit
+ directory.
+* Added --with-misc-conv-bufsize configure option to specify the buffer size
+ in libpam_misc's misc_conv() function, raised the default value for this
+ parameter from 512 to 4096.
+* Multiple minor bug fixes, portability fixes, documentation improvements,
+ and translation updates.
+
+Release 1.5.1
+* pam_unix: fixed CVE-2020-27780 - authentication bypass when a user
+ doesn't exist and root password is blank
+* pam_faillock: added nodelay option to not set pam_fail_delay
+* pam_wheel: use pam_modutil_user_in_group to check for the group membership
+ with getgrouplist where it is available
+
+Release 1.5.0
+* Multiple minor bug fixes, portability fixes, and documentation improvements.
+* Extended libpam API with pam_modutil_check_user_in_passwd function.
+* configure: added --disable-unix option to disable build of pam_unix module.
+* pam_faillock: changed /run/faillock/$USER permissions from 0600 to 0660.
+* pam_limits: added support for nonewprivs item.
+* pam_motd: read motd files with target user credentials skipping unreadable ones.
+* pam_pwhistory: added a SELinux helper executable.
+* pam_unix, pam_usertype: implemented avoidance of certain timing attacks.
+* pam_wheel: implemented PAM_RUSER fallback for the case when getlogin fails.
+* Removed deprecated pam_cracklib module, use pam_passwdqc (from passwdqc project)
+ or pam_pwquality (from libpwquality project) instead.
+* Removed deprecated pam_tally and pam_tally2 modules, use pam_faillock instead.
+* pam_env: Reading of the user environment is deprecated and will be removed
+ at some point in the future.
+* libpam: pam_modutil_drop_priv() now correctly sets the target user's
+ supplementary groups, allowing pam_motd to filter messages accordingly
+
Release 1.4.0
* Multiple minor bug fixes and documentation improvements
* Fixed grammar of messages printed via pam_prompt