summaryrefslogtreecommitdiff
path: root/NEWS
blob: a480eeb1c7ba94aecd63234029b0c14a7f7d6957 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
Linux-PAM NEWS -- history of user-visible changes.


Release 1.0.90

* Supply hostname of the machine to netgroup match call in pam_access
* Make pam_namespace to work safe on child directories of parent directories
  owned by users
* Redefine LOCAL keyword of pam_access configuration file
* Add support for try_first_pass and use_first_pass to pam_cracklib
* Print informative messages for rejected login and add silent and
  no_log_info options to pam_tally
* Add support for passing PAM_AUTHTOK to stdin of helpers from pam_exec
* New password quality tests in pam_cracklib
* New options for pam_lastlog to show last failed login attempt and
  to disable lastlog update
* New pam_pwhistory module to store last used passwords
* New pam_tally2 module similar to pam_tally with wordsize independent
  tally data format
* Make libpam not log missing module if its type is prepended with '-'
* New pam_timestamp module for authentication based on recent successful
  login.
* Add blowfish support to pam_unix.

Release 1.0.2

* Regression fixed in pam_selinux
* Problem with big UIDs fixed in pam_loginuid

Release 1.0.1

* Regression fixed in pam_set_item()


Release 1.0.0

* Small bug fixes
* Translation updates


Release 0.99.10.0

* New substack directive in config file syntax.
* New module pam_tty_audit.so for enabling and disabling tty
  auditing.
* New PAM items PAM_XDISPLAY and PAM_XAUTHDATA.
* Auditing login denials based by origin (pam_access), time (pam_time),
  and number of sessions (pam_limits) to the Linux audit subsystem.
* Support sha256 and sha512 algorithms in pam_unix when they are supported
  by crypt().
* New pam_sepermit.so module for allowing/rejecting access based on
  SELinux mode.
* Improved functionality of pam_namespace.so module (method flags,
  namespace.d configuration directory, new options).
* Finaly removed deprecated pam_rhosts_auth module.


Release 0.99.9.0

* misc_conv no longer blocks SIGINT; applications that don't want
  user-interruptable prompts should block SIGINT themselves
* Merge fixes from Debian
* Fix parser for pam_group and pam_time


Release 0.99.8.1

* Fix a regression in audit code introduced with last release
* Fix compiling with --disable-nls


Release 0.99.8.0

* Add translations for ar, ca, da, ru, sv and zu.
* Update hungarian translation.
* Add support for limits.d directory to pam_limits.
* Improve pam_namespace module tobe more useful
  for MLS, fixed crash with bad config files.
* Improve pam_selinux module to be more useful
  for MLS.
* Add minclass option to pam_cracklib
* Add new group syntax to pam_access


Release 0.99.7.1

* Security fix for pam_unix.so (CVE-2007-0003).


Release 0.99.7.0

* Add manual page for pam_unix.so.
* Add pam_faildelay module to set pam_fail_delay() value.
* Fix possible seg.fault in libpam/pam_set_data().
* Cleanup of configure options.
* Update hungarian translation, fix german translation.


Release 0.99.6.3

* pam_loginuid: New PAM module.
* pam_access, pam_succeed_if: Support passwd and session services.


Release 0.99.6.2

* pam_lastlog: Don't refuse login if lastlog file got lost.
* pam_cracklib: Fix a user triggerable crash.
* documentation: Regenerate with fixed docbook stylesheet.


Release 0.99.6.1

* Fix bootstrapping problems.
* Bug fixes: pam_keyinit, pam_umask


Release 0.99.6.0

* pam_namespace: Code cleanup, add init script to tar archive.
* pam_succeed_if: Add support for service match.
* Add xtests (to run after installation).
* Documentation: Convert sgml guides to XML, unify documentation
  for PAM functions and modules.


Release 0.99.5.0

* pam_tally: Fix support for large UIDs
* Fixed all problems found by Coverity
* Add support for Intel C Compiler
* Add manual page for pam_mkhomedir, pam_umask, pam_filter,
  pam_issue, pam_ftp, pam_group, pam_lastlog, pam_listfile,
  pam_localuser, pam_mail, pam_motd, pam_nologin, pam_permit,
  pam_rootok, pam_securetty, pam_shells, pam_userdb, pam_warn,
  pam_time, pam_limits, pam_debug, pam_tally
* The libpam memory debug code was removed
* pam_keyinit: New module to initialise kernel session keyring.
* pam_namespace: New module to configure private namespace for a session.
* pam_rhosts: New module which replaces pam_rhosts_auth, now IPv6 capable.
* pam_rhosts_auth: This module is now deprecated.


Release 0.99.4.0

* Add test suite
* Fix building of static variants of libpam, libpamc and libpam_misc
* pam_listfile: Add support for password and session management
* pam_exec: New PAM module to execute arbitary commands
* Fix building of a static libpam including all PAM modules
* New/updated translations for: nl, pt, pl, fi, km, tr, uk, fr
* pam_access: Add network(address) / netmask and IPv6 support
* Add manual pages for pam_cracklib, pam_deny and pam_access
* pam_pwdb: This deprecated module was removed
* Manual pages: Major rewrite/cleanup


Release 0.99.3.0

* Fix NULL pointer checks in libpam.so
* pam_succeed_if, pam_group, pam_time: Support netgroup matching
* New translations for: nb, hu, fi, de, es, fr, it, ja, pt_BR, zh_CN, zh_TW
* Audit PAM calls if Linux Audit is available
* Compile upperLOWER and unix_chkpwd as PIE binaries


Release 0.99.2.1

* Fix install of PS, PDF, TXT and HTML files
* pam_mail: Update README
* Use %m consistent
* pam_modutil_getlogin: Fix parsing of PAM_TTY variable


Release 0.99.2.0

* Fix parsing of full path tty name in various modules
* pam_xauth: Look for xauth executable in multiple places
* pam_unix: Disable user check in unix_chkpwd only if real uid
  is 0 (CVE-2005-2977). Log failed password check attempt.
* pam_env: Support /etc/environment again, but don't treat it as
  error if it is missing.
* pam_userdb: Fix memory leak.


Release 0.99.1.0

* Use autoconf/automake/libtool
* Add gettext support
* Add translations for cs, de, es, fr, hu, it, ja, nb, pa, pt_BR,
  pt, zh_CN and zh_TW
* libpam: Remove pam_authenticate_secondary stub
* libpam: Add pam_prompt,pam_vprompt,pam_error,pam_verror,pam_info
  and pam_vinfo functions for use by modules as extension
* libpam: Add pam_syslog function for unified syslog messages from
  PAM modules
* libpam: Moved functions from pammodutil to libpam
* pam_umask: New module for setting umask from GECOS field, /etc/login.defs
  or /etc/default/login
* pam_echo: New PAM module for message output
* pam_userdb: Fix regression (crash when crypt param not specified)
* pam_limits: Fix regression from RLIMIT_NICE support (wrong limit
  values for other limits are applied)
* pam_access: Support for NULL tty - matches ALL and NONE keywords
* pam_lastlog: Enable log to wtmp by default.  Add "nowtmp" option
* pam_radius: This module was removed