From 9af03209b998e7aba5a28fdfaa7da4b7e96c5c6f Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Thu, 19 Sep 2013 11:30:37 +0200 Subject: Release version 1.1.8 --- NEWS | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'NEWS') diff --git a/NEWS b/NEWS index 00df663a..7be6c6bf 100644 --- a/NEWS +++ b/NEWS @@ -1,5 +1,9 @@ Linux-PAM NEWS -- history of user-visible changes. +Release 1.1.8 +* pam_unix: bug fix for compiling with SELinux, fix crash at login time + + Release 1.1.7 * Update translations * pam_exec: add stdout and type= options @@ -9,6 +13,7 @@ Release 1.1.7 * pam_selinux/pam_tally2: Add tty and rhost to audit data * Lot of docu and code fixes + Release 1.1.6 * Update translations * pam_cracklib: Add more checks for weak passwords -- cgit v1.2.3 From 8b4fa62e67bb0368af797ea0e2eb622209106af0 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Mon, 27 Apr 2015 16:50:32 +0200 Subject: Release version 1.2.0 * NEWS: Update * configure.ac: Bump version * libpam/Makefile.am: Bump version of libpam * libpam_misc/Makefile.am: Bump version of libpam_misc * po/*: Regenerate po files --- NEWS | 2 ++ 1 file changed, 2 insertions(+) (limited to 'NEWS') diff --git a/NEWS b/NEWS index 7be6c6bf..2bc21505 100644 --- a/NEWS +++ b/NEWS @@ -1,5 +1,7 @@ Linux-PAM NEWS -- history of user-visible changes. +Release 1.2.0 + Release 1.1.8 * pam_unix: bug fix for compiling with SELinux, fix crash at login time -- cgit v1.2.3 From f4fbbbcc52696d67ebe57ee8214fbbdf4c479dbc Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Mon, 27 Apr 2015 16:57:39 +0200 Subject: Update NEWS file --- NEWS | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'NEWS') diff --git a/NEWS b/NEWS index 2bc21505..9de2713d 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,14 @@ Linux-PAM NEWS -- history of user-visible changes. Release 1.2.0 +* Update documentation +* Update translations +* pam_unix: add quiet option +* libpam: support alternative configuration files in /usr/lib/pam.d + as fallback +* pam_env: add support for @{HOME} and @{SHELL} +* libpam: add grantor field to audit records +* libpam: Introduce pam_modutil_sanitize_helper_fds Release 1.1.8 * pam_unix: bug fix for compiling with SELinux, fix crash at login time -- cgit v1.2.3 From e89d4c97385ff8180e6e81e84c5aa745daf28a79 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Mon, 22 Jun 2015 14:53:01 +0200 Subject: Release version 1.2.1 Security fix: CVE-2015-3238 If the process executing pam_sm_authenticate or pam_sm_chauthtok method of pam_unix is not privileged enough to check the password, e.g. if selinux is enabled, the _unix_run_helper_binary function is called. When a long enough password is supplied (16 pages or more, i.e. 65536+ bytes on a system with 4K pages), this helper function hangs indefinitely, blocked in the write(2) call while writing to a blocking pipe that has a limited capacity. With this fix, the verifiable password length will be limited to PAM_MAX_RESP_SIZE bytes (i.e. 512 bytes) for pam_exec and pam_unix. * NEWS: Update * configure.ac: Bump version * modules/pam_exec/pam_exec.8.xml: document limitation of password length * modules/pam_exec/pam_exec.c: limit password length to PAM_MAX_RESP_SIZE * modules/pam_unix/pam_unix.8.xml: document limitation of password length * modules/pam_unix/pam_unix_passwd.c: limit password length * modules/pam_unix/passverify.c: Likewise * modules/pam_unix/passverify.h: Likewise * modules/pam_unix/support.c: Likewise --- NEWS | 3 +++ 1 file changed, 3 insertions(+) (limited to 'NEWS') diff --git a/NEWS b/NEWS index 9de2713d..5349d031 100644 --- a/NEWS +++ b/NEWS @@ -1,5 +1,8 @@ Linux-PAM NEWS -- history of user-visible changes. +Release 1.2.1 +* Fix CVE-2015-3238, affected PAM modules are pam_unix and pam_exec + Release 1.2.0 * Update documentation * Update translations -- cgit v1.2.3 From 1cad9fb2a0d729c5b5e5aa7297c521df7d5a2d33 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Thu, 28 Apr 2016 13:54:30 +0200 Subject: Release version 1.3.0 * NEWS: add changes for 1.3.0. * configure.ac: bump version number. * libpam/Makefile.am: bump revision of libpam.so version. --- NEWS | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'NEWS') diff --git a/NEWS b/NEWS index 5349d031..eecd883d 100644 --- a/NEWS +++ b/NEWS @@ -1,8 +1,19 @@ Linux-PAM NEWS -- history of user-visible changes. +Release 1.3.0 +* Remove of static modules support +* pam_unix: pass_not_set was removed +* Lot of documentation fixes +* Use TI-RPC function calls if we build against libtirpc +* Add support for new, IPv6 enabled libnsl +* Lot of bug fixes +* Use fedora.zanata.org for translations + + Release 1.2.1 * Fix CVE-2015-3238, affected PAM modules are pam_unix and pam_exec + Release 1.2.0 * Update documentation * Update translations @@ -13,6 +24,7 @@ Release 1.2.0 * libpam: add grantor field to audit records * libpam: Introduce pam_modutil_sanitize_helper_fds + Release 1.1.8 * pam_unix: bug fix for compiling with SELinux, fix crash at login time -- cgit v1.2.3