summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Relevant BUGIDs:Tomas Mraz2010-11-16
| | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2010-11-16 Tomas Mraz <tm@t8m.info> * modules/pam_pwhistory/pam_pwhistory.c (pam_sm_chauthtok): Remove dead and duplicate code. Return PAM_INCOMPLETE instead of PAM_CONV_AGAIN.
* Relevant BUGIDs:Tomas Mraz2010-11-11
| | | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2010-11-11 Tomas Mraz <tm@t8m.info> * modules/pam_selinux/pam_selinux.c (pam_sm_open_session): Fix potential use after free in case SELinux is misconfigured. * modules/pam_namespace/pam_namespace.c (process_line): Fix memory leak when parsing empty config file lines.
* Relevant BUGIDs:Thorsten Kukuk2010-10-28
| | | | | | | | | | | | | | | | | Purpose of commit: release Commit summary: --------------- 2010-10-28 Thorsten Kukuk <kukuk@thkukuk.de> * release version 1.1.3 * configure.in: Increase version to 1.1.3 * NEWS: document visible changes * libpam/Makefile.am (libpam_la_LDFLAGS): Bump version number.
* Relevant BUGIDs:Thorsten Kukuk2010-10-27
| | | | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2010-10-27 Thorsten Kukuk <kukuk@thkukuk.de> * doc/adg/Makefile.am: Use UTF-8 for html docu. * doc/mwg/Makefile.am: Likewise. * doc/sag/Makefile.am: Likewise. kernel.org webserver is using UTF-8
* Relevant BUGIDs:Tomas Mraz2010-10-22
| | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2010-10-22 Tomas Mraz <tm@t8m.info> * modules/pam_namespace/pam_namespace.c (inst_init): Use execle() to execute the init script with clean environment. (CVE-2010-3853) (cleanup_tmpdirs): Likewise for executing rm.
* Relevant BUGIDs:Dmitry V. Levin2010-10-21
| | | | | | | | | | | | | | Purpose of commit: cleanup Commit summary: --------------- 2010-10-21 Dmitry V. Levin <ldv@altlinux.org> * modules/pam_mkhomedir/mkhomedir_helper.c (rec_mkdir): Remove. (create_homedir): Use mkdir() instead of rec_mkdir(). (make_parent_dirs): New function. (main): Use make_parent_dirs() to create parent directories only for the home directory itself.
* Relevant BUGIDs:Thorsten Kukuk2010-10-21
| | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2010-10-21 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_unix/support.c (_unix_getpwnam): Don't allocate unneeded buffer for uid/gid [sf#3059572].
* Relevant BUGIDs:Thorsten Kukuk2010-10-20
| | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2010-10-20 Thorsten Kukuk <kukuk@thkukuk.de> * doc/man/pam_get_authtok.3.xml: Fix xml code.
* Relevant BUGIDs:Thorsten Kukuk2010-10-20
| | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2010-10-20 Thorsten Kukuk <kukuk@thkukuk.de> * doc/man/Makefile.am: Fix build dependencys of pam_get_authtok.3. * xtests/Makefile.am: Only build xtests if we run xtests.
* Relevant BUGIDs:Thorsten Kukuk2010-10-20
| | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2010-10-20 Thorsten Kukuk <kukuk@thkukuk.de> * configure.in: Check for libdb with symbol versions, too. Patch from Diego Elio Pettenò.
* Relevant BUGIDs:Thorsten Kukuk2010-10-20
| | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2010-10-20 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_mkhomedir/mkhomedir_helper.c (rec_mkdir): Create parent directories always with mode 0755. (create_homedir): Create main directory with mode 0700 at first.
* Relevant BUGIDs:Dmitry V. Levin2010-10-19
| | | | | | | | | | | Purpose of commit: cleanup Commit summary: --------------- 2010-10-19 Dmitry V. Levin <ldv@altlinux.org> * modules/pam_selinux/pam_selinux.c (verbose_message): Remove. (pam_sm_open_session): Call send_text() instead of verbose_message().
* Relevant BUGIDs:Dmitry V. Levin2010-10-19
| | | | | | | | | | | | Purpose of commit: new feature Commit summary: --------------- 2010-10-19 Dmitry V. Levin <ldv@altlinux.org> * m4/ld-no-undefined.m4: New file. * configure.in: Use PAM_LD_NO_UNDEFINED. * Makefile.am (M4_FILES): Add m4/ld-no-undefined.m4.
* Relevant BUGIDs:Dmitry V. Levin2010-10-19
| | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2010-10-19 Dmitry V. Levin <ldv@altlinux.org> * m4/ld-O1.m4 (PAM_LD_O1): Fix typo.
* Relevant BUGIDs:Dmitry V. Levin2010-10-19
| | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2010-10-19 Dmitry V. Levin <ldv@altlinux.org> * modules/pam_selinux/Makefile.am (pam_selinux_la_LIBADD): Add @LIBAUDIT@.
* Relevant BUGIDs:Thorsten Kukuk2010-10-19
| | | | | | | | | | | | | | Purpose of commit: documentation Commit summary: --------------- 2010-10-19 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_env/pam_env.8.xml: Document side effects of environment variables in the stack. * modules/pam_exec/pam_exec.8.xml: Document that user can have controll over the environment.
* revert preceding patch; under discussion, no consensusSteve Langasek2010-10-11
|
* Relevant BUGIDs:Tomas Mraz2010-10-11
| | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2010-10-11 Tomas Mraz <t8m@centrum.cz> * modules/pam_env/pam_env.c: Change default for user_readenv to 0. * modules/pam_env/pam_env.8.xml: Document the new default for user_readenv.
* Relevant BUGIDs:Dmitry V. Levin2010-10-08
| | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2010-10-07 Dmitry V. Levin <ldv@altlinux.org> * modules/pam_selinux/pam_selinux.c (verbose_message): Fix format string.
* Relevant BUGIDs:Dmitry V. Levin2010-10-03
| | | | | | | | | | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2010-10-04 Dmitry V. Levin <ldv@altlinux.org> * libpam/pam_modutil_priv.c: New file. * libpam/Makefile.am (libpam_la_SOURCES): Add it. * libpam/include/security/pam_modutil.h (struct pam_modutil_privs, PAM_MODUTIL_DEF_PRIVS, pam_modutil_drop_priv, pam_modutil_regain_priv): New declarations. * libpam/libpam.map (LIBPAM_MODUTIL_1.1.3): New interface. * modules/pam_env/pam_env.c (handle_env): Use new pam_modutil interface. * modules/pam_mail/pam_mail.c (_do_mail): Likewise. * modules/pam_xauth/pam_xauth.c (check_acl, pam_sm_open_session, pam_sm_close_session): Likewise. (pam_sm_open_session): Remove redundant fchown call. Fixes CVE-2010-3430, CVE-2010-3431.
* Relevant BUGIDs: #3078936Thorsten Kukuk2010-10-01
| | | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2010-10-01 Thorsten Kukuk <kukuk@thkukuk.de> * configure.in: Extend cross compiling check. * doc/specs/Makefile.am: Set CFLAGS and LDFLAGS to BUILD_CFLAGS and BUILD_LDFLAGS. Bug #3078936 / gentoo #339174
* Relevant BUGIDs:Thorsten Kukuk2010-09-30
| | | | | | | | | | | | Purpose of commit: cleanup Commit summary: --------------- 2010-09-30 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_xauth/pam_xauth.c (pam_sm_close_session): Warn if unlink() fails.
* Relevant BUGIDs:Dmitry V. Levin2010-09-28
| | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2010-09-27 Dmitry V. Levin <ldv@altlinux.org> * modules/pam_xauth/pam_xauth.c (pam_sm_close_session): Return PAM_SUCCESS immediately if no cookie file is defined. Return PAM_SESSION_ERR if cookie file is defined but target uid cannot be determined. Do not modify cookiefile string returned by pam_get_data.
* Relevant BUGIDs:Dmitry V. Levin2010-09-28
| | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2010-09-27 Dmitry V. Levin <ldv@altlinux.org> * modules/pam_xauth/pam_xauth.c (check_acl): Check that the given access control file is a regular file.
* Relevant BUGIDs:Dmitry V. Levin2010-09-20
| | | | | | | | | | | | | | Purpose of commit: cleanup Commit summary: --------------- 2010-09-16 Dmitry V. Levin <ldv@altlinux.org> * modules/pam_env/pam_env.c (handle_env): Use setfsuid() return code. * modules/pam_mail/pam_mail.c (_do_mail): Likewise. * modules/pam_xauth/pam_xauth.c (check_acl, pam_sm_open_session, pam_sm_close_session): Likewise.
* Relevant BUGIDs:Thorsten Kukuk2010-08-31
| | | | | | | | | | | | | | | | | | | Purpose of commit: new release Commit summary: --------------- 2010-08-31 Thorsten Kukuk <kukuk@thkukuk.de> * release version 1.1.2 * configure.in: Bump version number. * NEWS: Document changes since 1.1.1. * doc/adg/Linux-PAM_ADG.xml: Bump version number. * doc/mwg/Linux-PAM_MWG.xml: Likewise. * doc/sag/Linux-PAM_SAG.xml: Likewise. * libpam/Makefile.am: Bump revision of shared library. * po/*.po: Regenerate.
* Relevant BUGIDs:Tomas Mraz2010-08-26
| | | | | | | | | | | | | Purpose of commit: new feature Commit summary: --------------- 2010-08-26 Tomas Mraz <t8m@centrum.cz> * modules/pam_nologin/pam_nologin.c (perform_check): Try first /var/run/nologin if the nologin file is not explicitly specified. * modules/pam_nologin/pam_nologin.8.xml: Document that /var/run/nologin is tried first.
* Relevant BUGIDs:Tomas Mraz2010-08-26
| | | | | | | | | | | | | | Purpose of commit: translation Commit summary: --------------- 2010-08-26 Sweta Kothari <swkothar@redhat.com> * po/gu.po: Updated translations. 2010-08-26 Geert Warrink <geert.warrink@onsnet.nu> * po/nl.po: Updated translations.
* Relevant BUGIDs: #2315432, debian#284854#42.Thorsten Kukuk2010-08-26
| | | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2010-08-26 Thorsten Kukuk <kukuk@thkukuk.de> * doc/specs/Makefile.am: Use CC_FOR_BUILD as compiler (cross compile support). * configure.in: Check for host compiler if cross compiling. Bug #2315432, debian#284854#42.
* Relevant BUGIDs:Thorsten Kukuk2010-08-17
| | | | | | | | | | | | | | | | | | | | | Purpose of commit: new feature Commit summary: --------------- 2010-08-17 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_unix/pam_unix_passwd.c: Implement minlen option. * modules/pam_unix/support.c: Likewise. * modules/pam_unix/support.h: Likewise. * modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): Adjust arguments for _set_ctrl call. * modules/pam_unix/pam_unix_auth.c (pam_sm_authenticate): Likewise. * modules/pam_unix/pam_unix_session.c: Likewise. * modules/pam_unix/pam_unix.8.xml: Document minlen option. Based on patch by Steve Langasek.
* Relevant BUGIDs:Thorsten Kukuk2010-08-13
| | | | | | | | | | | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2010-08-12 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_mail/pam_mail.c: Check for mail only with user privilegs. * modules/pam_xauth/pam_xauth.c (run_coprocess): Check return value of setgid, setgroups and setuid. * modules/pam_xauth/pam_xauth.c (check_acl): Save errno for later usage. * modules/pam_env/pam_env.c (handle_env): Check if user exists, read local user config only with user privilegs.`
* Relevant BUGIDs:Thorsten Kukuk2010-08-09
| | | | | | | | | | | | | | Purpose of commit: bugfix/cleanup Commit summary: --------------- 2010-08-09 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_tally/pam_tally.8.xml: Document that pam_tally is deprecated. * modules/pam_tty_audit/Makefile.am (EXTRA_DIST): Fix make dist.
* Relevant BUGIDs: 2923437Thorsten Kukuk2010-08-09
| | | | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2010-08-09 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_unix/passverify.c (check_shadow_expiry): Correct check for expired date. * modules/pam_unix/pam_unix_passwd.c (_pam_unix_approve_pass): Remove check for password length. Bug #2923437.
* Relevant BUGIDs:Thorsten Kukuk2010-08-04
| | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2010-08-04 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_tally2/pam_tally2.c (get_tally): Create file with correct permissions. Patch by Diego Elio "Flameeyes" Pettenò.
* Relevant BUGIDs: 2730965Thorsten Kukuk2010-08-04
| | | | | | | | | | | | Purpose of commit: workaround Commit summary: --------------- 2010-08-04 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_unix/passverify.c (PAMH_ARG_DECL): Don't request password change if time is not yet set (1.1.1970). Bug #2730965.
* Relevant BUGIDs: #3035919, #3002340, #3037155Thorsten Kukuk2010-08-04
| | | | | | | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2010-08-04 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_access/pam_access.c (user_match): Make sure that user@host will not match @@netgroup. Bug #3035919. * modules/pam_group/pam_group.c (check_account): Add '%' for UNIX groups. * modules/pam_group/group.conf: Add example for '%'. * modules/pam_group/group.conf.5.xml: Document '%' syntax. Bug #3002340, #3037155.
* Relevant BUGIDs: Debian bug #582362Steve Langasek2010-08-02
| | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- Don't pass --version-script options when linking executables, only when linking libraries Patch from Julien Cristau <jcristau@debian.org>
* Relevant BUGIDs: 2917257Thorsten Kukuk2010-07-12
| | | | | | | | | | | | | | | Purpose of commit: enhancement Commit summary: --------------- 2010-07-12 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_succeed_if/pam_succeed_if.c (pam_sm_authenticate): Add audit flag to enable logging about unknown user (#2917257). * modules/pam_succeed_if/pam_succeed_if.8.xml: Document audit. * modules/pam_succeed_if/pam_succeed_if.8: Regenerated from xml. * modules/pam_succeed_if/README: Regenerated from xml.
* Relevant BUGIDs: 3004656Thorsten Kukuk2010-06-22
| | | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2010-06-22 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_umask/pam_umask.8.xml: Remove comparisation of gid and uid for usergroups. * modules/pam_umask/pam_umask.c (setup_limits_from_gecos): Likewise. Bug #3004656
* Relevant BUGIDs:Thorsten Kukuk2010-06-22
| | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2010-06-22 Thorsten Kukuk <kukuk@thkukuk.de> * configure.in: Don't check for libxcrypt if no xcrypt.h exists, fix typo introduced with 1.1.1. Reported by Diego Elio "Flameeyes" Pettenò.
* Relevant BUGIDs: 3010705Thorsten Kukuk2010-06-15
| | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2010-06-15 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_xauth/pam_xauth.c (pam_sm_close_session): Call setfsuid to be allowed to remove temporary files (#3010705). (pam_sm_open_session): Call fchown with correct permissions.
* Relevant BUGIDs:Thorsten Kukuk2010-06-09
| | | | | | | | | | | | | | | Purpose of commit: bugfix Add test case for unresolved symbols 2010-06-09 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_tty_audit/Makefile.am (TESTS): Add tst-pam_tty_audit. * modules/pam_tty_audit/tst-pam_tty_audit: New. Commit summary: ---------------
* Relevant BUGIDs: Ubuntu bug #588547Steve Langasek2010-06-07
| | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2010-06-07 Steve Langasek <vorlon@debian.org> * modules/pam_tty_audit/Makefile.am: If we don't have the libraries required for building pam_tty_audit, we shouldn't install the manpage either.
* Relevant BUGIDs:Thorsten Kukuk2010-05-27
| | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2010-05-27 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_userdb/pam_userdb.c: Define HAVE_DBM for BerkDB 5.0 support. Patch by Diego Elio Pettenò.
* Relevant BUGIDs:Thorsten Kukuk2010-05-05
| | | | | | | | | | | Purpose of commit: docu fix Commit summary: --------------- 2010-04-15 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_exec/pam_exec.8.xml: Fix example.
* Relevant BUGIDs:Thorsten Kukuk2010-04-14
| | | | | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2010-04-13 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_pwhistory/opasswd.c: Fix compilation if cyprt_r() is not available. * configure.in: check for getutent_r. * modules/pam_timestamp/pam_timestamp.c: Use getutent() if getutent_r() does not exist. Patch from Diego Elio "Flameeyes" Pettenò.
* Relevant BUGIDs:Thorsten Kukuk2010-04-12
| | | | | | | | | | | | Purpose of commit: enhancement Commit summary: --------------- 2010-04-12 Thorsten Kukuk <kukuk@thkukuk.de> * doc/man/pam.conf-syntax.xml: Better documentation of "actionN". Patch from Michal Soltys <soltys@ziu.info>.
* Relevant BUGIDs:Thorsten Kukuk2010-04-06
| | | | | | | | | | | | | | Purpose of commit: new feature Commit summary: --------------- 2010-04-06 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_rootok/pam_rootok.c: Add support for acct_mgmt and chauthtok. * modules/pam_rootok/pam_rootok.8.xml: Document new module types.
* Relevant BUGIDs:Thorsten Kukuk2010-03-29
| | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- po/ar.po: Add missing Plural-Forms entry to header.
* Relevant BUGIDs:Tomas Mraz2010-03-25
| | | | | | | | | | Purpose of commit: translation Commit summary: --------------- 2010-03-25 Daniel Nylander <po@danielnylander.se> * po/sv.po: Updated translations.