| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Security fix: CVE-2015-3238
If the process executing pam_sm_authenticate or pam_sm_chauthtok method
of pam_unix is not privileged enough to check the password, e.g.
if selinux is enabled, the _unix_run_helper_binary function is called.
When a long enough password is supplied (16 pages or more, i.e. 65536+
bytes on a system with 4K pages), this helper function hangs
indefinitely, blocked in the write(2) call while writing to a blocking
pipe that has a limited capacity.
With this fix, the verifiable password length will be limited to
PAM_MAX_RESP_SIZE bytes (i.e. 512 bytes) for pam_exec and pam_unix.
* NEWS: Update
* configure.ac: Bump version
* modules/pam_exec/pam_exec.8.xml: document limitation of password length
* modules/pam_exec/pam_exec.c: limit password length to PAM_MAX_RESP_SIZE
* modules/pam_unix/pam_unix.8.xml: document limitation of password length
* modules/pam_unix/pam_unix_passwd.c: limit password length
* modules/pam_unix/passverify.c: Likewise
* modules/pam_unix/passverify.h: Likewise
* modules/pam_unix/support.c: Likewise
|
|
|
|
|
|
|
|
| |
* NEWS: Update
* configure.ac: Bump version
* libpam/Makefile.am: Bump version of libpam
* libpam_misc/Makefile.am: Bump version of libpam_misc
* po/*: Regenerate po files
|
| |
|
| |
|
|
|
|
| |
* po/*.po: Updated translations from Transifex.
|
|
|
|
|
| |
po/LINGUAS: Added new languages.
po/*.po: Updated translations from Transifex including new languages.
|
|
|
|
|
|
| |
configure.in: Bump version to 1.1.6
NEWS: Document changes
po/*.po: Regenerate *.po files
|
|
|
|
| |
po/*.po: Updated translations.
|
|
|
|
|
|
|
|
|
| |
* release version 1.1.4
* configure.in: Bump version number.
* NEWS: Document changes since 1.1.3
* libpam/Makefile.am: Bump release number of shared library
* po/de.po: Translate new string.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2010-10-27 Thorsten Kukuk <kukuk@thkukuk.de>
* doc/adg/Makefile.am: Use UTF-8 for html docu.
* doc/mwg/Makefile.am: Likewise.
* doc/sag/Makefile.am: Likewise.
kernel.org webserver is using UTF-8
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new release
Commit summary:
---------------
2010-08-31 Thorsten Kukuk <kukuk@thkukuk.de>
* release version 1.1.2
* configure.in: Bump version number.
* NEWS: Document changes since 1.1.1.
* doc/adg/Linux-PAM_ADG.xml: Bump version number.
* doc/mwg/Linux-PAM_MWG.xml: Likewise.
* doc/sag/Linux-PAM_SAG.xml: Likewise.
* libpam/Makefile.am: Bump revision of shared library.
* po/*.po: Regenerate.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2010-06-15 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_xauth/pam_xauth.c (pam_sm_close_session): Call
setfsuid to be allowed to remove temporary files (#3010705).
(pam_sm_open_session): Call fchown with correct permissions.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: new feature
Commit summary:
---------------
2010-04-06 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_rootok/pam_rootok.c: Add support for acct_mgmt
and chauthtok.
* modules/pam_rootok/pam_rootok.8.xml: Document new module
types.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: release
Commit summary:
---------------
2009-12-16 Thorsten Kukuk <kukuk@suse.de>
* release version 1.1.1
* NEWS: Adjust for 1.1.1
* configure.in: Likewise.
* doc/adg/Linux-PAM_ADG.xml: Likewise.
* doc/mwg/Linux-PAM_MWG.xml: Likewise.
* doc/sag/Linux-PAM_SAG.xml: Likewise.
* po/*.po: Regenerated.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: regression fix
Commit summary:
---------------
2009-11-10 Thorsten Kukuk <kukuk@suse.de>
* doc/man/pam_get_authtok.3.xml: Document pam_get_authtok_noverify
and pam_get_authtok_verify.
* libpam/Makefile.am (libpam_la_LDFLAGS): Bump revesion of libpam.
* libpam/pam_get_authtok.c (pam_get_authtok_internal): Renamed
from pam_get_authtok, add flags argument, always check return
values.
* modules/pam_cracklib/pam_cracklib.c (pam_sm_chauthtok): Use
pam_get_authtok_noverify and pam_get_authtok_verify.
* libpam/include/security/pam_ext.h: Add prototypes for
pam_get_authtok_noverify and pam_get_authtok_verify.
* libpam/libpam.map: Add new pam_get_authtok_* functions.
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2009-07-21 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_cracklib/pam_cracklib.c (pam_sm_chauthtok): Delete
new token if it does not match strength criteria.
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: release
Commit summary:
---------------
2009-06-19 Thorsten Kukuk <kukuk@thkukuk.de>
* release version 1.1.0
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: beta release
Commit summary:
---------------
2009-05-05 Thorsten Kukuk <kukuk@thkukuk.de>
* release 1.0.92
* libpamc/Makefile.am (libpamc_la_LDFLAGS): Increase revesion.
* configure.in: Increase version to 1.0.92.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: bugfix
Commit summary:
---------------
2009-03-25 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_mkhomedir/pam_mkhomedir.c: Make option handling
reentrant (#2487654)
(_pam_parse): Fix umask option.
* modules/pam_unix/passverify.c: Fix typo.
* modules/pam_issue/pam_issue.c: Fix compiler warning.
* modules/pam_ftp/pam_ftp.c: Likewise.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Purpose of commit: release
Commit summary:
---------------
2009-03-09 Thorsten Kukuk <kukuk@thkukuk.de>
* release version 1.0.91
* libpam/Makefile.am (libpam_la_LDFLAGS): Bump version number.
* xtests/Makefile.am: Add tst-pam_unix4.pamd, tst-pam_unix4.sh
and time.conf.
|
|
Purpose of commit: translation
Commit summary:
---------------
2009-02-26 Timur Birsh <taem@linukz.org>
* po/LINGUAS: New Kazakh translation.
* po/kk.po: New Kazakh translation.
|