pam - Debian dgit repo for package pam

	Commit message (Collapse)	Author	Age
*	pam_unix: Use pam_syslog instead of helper_log_err.	Tomas Mraz	2018-11-27
\| \| \| \| \| \| \| \|	* modules/pam_unix/passverify.c (verify_pwd_hash): Add pamh argument via PAMH_ARG_DECL. Call pam_syslog() instead of helper_log_err(). * modules/pam_unix/passverify.h: Adjust the declaration of verify_pwd_hash(). * modules/pam_unix/support.c (_unix_verify_password): Add the pamh argument to verify_pwd_hash() call.
*	pam_unix: Add support for (gost-)yescrypt hashing methods.	Björn Esser	2018-11-23
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	libxcrypt (v4.2 and later) has added support for the yescrypt hashing method; gost-yescrypt has been added in v4.3. * modules/pam_unix/pam_unix.8.xml: Documentation for (gost-)yescrypt. * modules/pam_unix/pam_unix_acct.c: Use 64 bit type for control flags. * modules/pam_unix/pam_unix_auth.c: Likewise. * modules/pam_unix/pam_unix_passwd.c: Likewise. * modules/pam_unix/pam_unix_sess.c: Likewise. * modules/pam_unix/passverify.c: Add support for (gost-)yescrypt. * modules/pam_unix/passverify.h: Use 64 bit type for control flags. * modules/pam_unix/support.c: Set sane rounds for (gost-)yescrypt. * modules/pam_unix/support.h: Add support for (gost-)yescrypt.
*	Release version 1.2.1	Thorsten Kukuk	2015-06-22
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Security fix: CVE-2015-3238 If the process executing pam_sm_authenticate or pam_sm_chauthtok method of pam_unix is not privileged enough to check the password, e.g. if selinux is enabled, the _unix_run_helper_binary function is called. When a long enough password is supplied (16 pages or more, i.e. 65536+ bytes on a system with 4K pages), this helper function hangs indefinitely, blocked in the write(2) call while writing to a blocking pipe that has a limited capacity. With this fix, the verifiable password length will be limited to PAM_MAX_RESP_SIZE bytes (i.e. 512 bytes) for pam_exec and pam_unix. * NEWS: Update * configure.ac: Bump version * modules/pam_exec/pam_exec.8.xml: document limitation of password length * modules/pam_exec/pam_exec.c: limit password length to PAM_MAX_RESP_SIZE * modules/pam_unix/pam_unix.8.xml: document limitation of password length * modules/pam_unix/pam_unix_passwd.c: limit password length * modules/pam_unix/passverify.c: Likewise * modules/pam_unix/passverify.h: Likewise * modules/pam_unix/support.c: Likewise
*	Relevant BUGIDs:	Thorsten Kukuk	2008-12-01
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Purpose of commit: new feature Commit summary: --------------- 2008-12-01 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_unix/pam_unix.8.xml: Document blowfish option. * configure.in: Check for crypt_gensalt_rn. * modules/pam_unix/pam_unix_passwd.c: Pass pamh to create_password_hash function. * modules/pam_unix/passverify.c (create_password_hash): Add blowfish support. * modules/pam_unix/passverify.h: Adjust create_password_hash prototype. * modules/pam_unix/support.c: Add support for blowfish option. * modules/pam_unix/support.h: Add defines for blowfish option. Patch from Diego Flameeyes Pettenò <flameeyes@gmail.com>
*	Relevant BUGIDs:	Steve Langasek	2008-07-28
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	Purpose of commit: bugfix (thread safety) Commit summary: --------------- 2008-07-28 Steve Langasek <vorlon@debian.org> * modules/pam_unix/passverify.c: make save_old_password() thread-safe by using pam_modutil_getpwnam() instead of getpwnam() * modules/pam_unix/passverify.c, modules/pam_unix/passverify.h, modules/pam_unix/pam_unix_passwd.c: add pamh argument to save_old_password()
*	Relevant BUGIDs: 1836981	Tomas Mraz	2008-01-24
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Purpose of commit: bugfix Commit summary: --------------- 2008-01-24 Tomas Mraz <t8m@centrum.cz> * modules/pam_unix/bigcrypt.c (bigcrypt): Use crypt_r() when available. * modules/pam_unix/passverify.c (strip_hpux_aging): New function to strip HP/UX aging info from password hash. (verify_pwd_hash): Call strip_hpux_aging(), use crypt_r() when available.
*	Relevant BUGIDs:	Tomas Mraz	2008-01-23
\| \| \| \| \| \| \| \| \| \|	Purpose of commit: cleanup, new feature Commit summary: --------------- Merging the the refactorization pam_unix_ref branch into the trunk. Added support for sha256 and sha512 password hashes to pam_unix when the libcrypt supports them.
*	Relevant BUGIDs:	Tomas Mraz	2007-12-05
	Purpose of commit: cleanup Commit summary: --------------- 2007-12-05 Tomas Mraz <t8m@centrum.cz> * modules/pam_unix/Makefile.am: Add passverify.h and passverify.c as first part of pam_unix refactorization. * modules/pam_unix/pam_unix/pam_unix_acct.c: Include passverify.h. * modules/pam_unix/pam_unix_passwd.c: Likewise. * modules/pam_unix/passverify.c: New file with common functions. * modules/pam_unix/passverify.h: Prototypes for the common functions. * modules/pam_unix/support.c: Include passverify.h, move _unix_shadowed() to passverify.c. (_unix_verify_password): Refactor out verify_pwd_hash() function. * modules/pam_unix/support.h: Move _unix_shadowed() prototype to passverify.h * modules/pam_unix/unix_chkpwd.c: Use _unix_shadowed() and verify_pwd_hash() from passverify.c.