Revisions of pam
Thorsten Kukuk (kukuk)
committed
(revision 296)
- Update to version 1.6.1
- pam_env: fixed --disable-econf --enable-vendordir support.
- pam_unix: do not warn if password aging is disabled.
- pam_unix: try to set uid to 0 before unix_chkpwd invocation.
- pam_unix: allow empty passwords with non-empty hashes.
- Multiple minor bug fixes, build fixes, portability fixes,
documentation improvements, and translation updates.
- Remove backports:
- pam_env-fix_vendordir.patch
- pam_env-fix-enable-vendordir-fallback.patch
- pam_env-remove-escaped-newlines.patch
- pam_unix-fix-password-aging-disabled.patch
Valentin Lefebvre (vlefebvre)
accepted
request 1149618
from
Valentin Lefebvre (vlefebvre)
(revision 295)
Use autosetup
Thorsten Kukuk (kukuk)
committed
(revision 294)
- pam.tmpfiles: Make sure the content of the /run directories get removed in case of a soft-reboot
Thorsten Kukuk (kukuk)
committed
(revision 291)
Thorsten Kukuk (kukuk)
committed
(revision 290)
Thorsten Kukuk (kukuk)
committed
(revision 289)
Thorsten Kukuk (kukuk)
committed
(revision 288)
- Move pam_namespace to pam-extra due to systemd dependencies
Thorsten Kukuk (kukuk)
committed
(revision 287)
- Add post 1.6.0 release fixes for pam_env and pam_unix: - pam_unix-fix-password-aging-disabled.patch
Thorsten Kukuk (kukuk)
committed
(revision 286)
Thorsten Kukuk (kukuk)
committed
(revision 285)
- Add post 1.6.0 release fixes for pam_env: - pam_env-fix-enable-vendordir-fallback.patch - pam_env-fix_vendordir.patch - pam_env-remove-escaped-newlines.patch
Thorsten Kukuk (kukuk)
committed
(revision 284)
Thorsten Kukuk (kukuk)
committed
(revision 283)
Thorsten Kukuk (kukuk)
committed
(revision 282)
Thorsten Kukuk (kukuk)
committed
(revision 281)
- disable-pam_env-test.patch: disable tst-pam_env-retval.c as it is broken
Thorsten Kukuk (kukuk)
committed
(revision 280)
- Update to version 1.6.0
- Added support of configuration files with arbitrarily long lines.
- build: fixed build outside of the source tree.
- libpam: added use of getrandom(2) as a source of randomness if available.
- libpam: fixed calculation of fail delay with very long delays.
- libpam: fixed potential infinite recursion with includes.
- libpam: implemented string to number conversions validation when parsing
controls in configuration.
- pam_access: added quiet_log option.
- pam_access: fixed truncation of very long group names.
- pam_canonicalize_user: new module to canonicalize user name.
- pam_echo: fixed file handling to prevent overflows and short reads.
- pam_env: added support of '\' character in environment variable values.
- pam_exec: allowed expose_authtok for password PAM_TYPE.
- pam_exec: fixed stack overflow with binary output of programs.
- pam_faildelay: implemented parameter ranges validation.
- pam_listfile: changed to treat \r and \n exactly the same in configuration.
- pam_mkhomedir: hardened directory creation against timing attacks.
- Please note that using *at functions leads to more open file handles
during creation.
- pam_namespace: fixed potential local DoS (CVE-2024-22365).
- pam_nologin: fixed file handling to prevent short reads.
- pam_pwhistory: helper binary is now built only if SELinux support is
enabled.
- pam_pwhistory: implemented reliable usernames handling when remembering
passwords.
- pam_shells: changed to allow shell entries with absolute paths only.
- pam_succeed_if: fixed treating empty strings as numerical value 0.
- pam_unix: added support of disabled password aging.
- pam_unix: synchronized password aging with shadow.
Thorsten Kukuk (kukuk)
accepted
request 1105450
from
Thorsten Kukuk (kukuk)
(revision 279)
- Fix building without SELinux
Thorsten Kukuk (kukuk)
committed
(revision 278)
- pam_access backports from upstream:
- pam_access-doc-IPv6-link-local.patch:
Document only partial supported IPv6 link local addresses
- pam_access-hostname-debug.patch:
Don't print error if we cannot resolve a hostname, does not
need to be a hostname
- pam_shells-fix-econf-memory-leak.patch:
Free econf keys variable
- disable-examples.patch:
Don't build examples
Valentin Lefebvre (vlefebvre)
accepted
request 1085746
from
Thorsten Kukuk (kukuk)
(revision 277)
- Update to final 1.5.3 release:
- configure: added --enable-logind option to use logind instead of utmp
in pam_issue and pam_timestamp.
- pam_modutil_getlogin: changed to use getlogin() from libc instead of
parsing utmp.
- Added libeconf support to pam_env and pam_shells.
- Added vendor directory support to pam_access, pam_env, pam_group,
pam_faillock, pam_limits, pam_namespace, pam_pwhistory, pam_sepermit,
pam_shells, and pam_time.
- pam_limits: changed to not fail on missing config files.
- pam_pwhistory: added conf= option to specify config file location.
- pam_pwhistory: added file= option to specify password history file
location.
- pam_shells: added shells.d support when libeconf and vendordir are enabled.
- Deprecated pam_lastlog: this module is no longer built by default because
it uses utmp, wtmp, btmp and lastlog, but none of them are Y2038 safe,
even on 64bit architectures.
pam_lastlog will be removed in one of the next releases, consider using
pam_lastlog2 (from https://github.com/thkukuk/lastlog2) and/or
pam_wtmpdb (from https://github.com/thkukuk/wtmpdb) instead.
- Deprecated _pam_overwrite(), _pam_overwrite_n(), and _pam_drop_reply()
macros provided by _pam_macros.h; the memory override performed by these
macros can be optimized out by the compiler and therefore can no longer
be relied upon.
Displaying revisions 1 - 20 of 296
