Relevant BUGIDs:

[linux-pam] / ChangeLog

2008-10-10  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_cracklib/pam_cracklib.c (_pam_unix_approve_pass):
        Remove check for re-used passwords.
        * modules/pam_cracklib/pam_cracklib.8.xml: Remove documentation
        of re-used password check.

        * configure.in: add modules/pam_pwhistory/Makefile.
        * doc/sag/Linux-PAM_SAG.xml: Include pam_pwhistory.xml.
        * doc/sag/pam_pwhistory.xml: New.
        * libpam/pam_static_modules.h: Add pam_pwhistory data.
        * modules/Makefile.am: Add pam_pwhistory directory.
        * modules/pam_pwhistory/Makefile.am: New.
        * modules/pam_pwhistory/README.xml: New.
        * modules/pam_pwhistory/opasswd.c: New.
        * modules/pam_pwhistory/opasswd.h: New.
        * modules/pam_pwhistory/pam_pwhistory.8.xml: New.
        * modules/pam_pwhistory/pam_pwhistory.c: New.
        * modules/pam_pwhistory/tst-pam_pwhistory: New.
        * xtests/Makefile.am: New.
        * xtests/run-xtests.sh: New.
        * xtests/tst-pam_pwhistory1.c: New.
        * xtests/tst-pam_pwhistory1.pamd: New.
        * xtests/tst-pam_pwhistory1.sh: New.
        * po/POTFILES.in: Add modules/pam_pwhistory/.
        * po/de.po: Update translations.

2008-10-02  Thorsten Kukuk  <kukuk@thkukuk.de>

        * po/de.po: Update translations.

2008-09-30  Manoj Kumar Giri <mgiri@redhat.com>

        * po/or.po: Updated translations.

2008-09-30  Sharuzzaman Ahmat Raslan <sharuzzaman@gmail.com>

        * po/ms.po: New translation to Malay.

2008-09-30  Taylon Silmer Lacerda Silva <taylonsilva@gmail.com>

        * po/pt_BR.po: Updated translations.

2008-09-30  Tomas Mraz <t8m@centrum.cz>

        * modules/pam_lastlog/pam_lastlog.8.xml: Document new options
        noupdate and showfailed.
        * modules/pam_lastlog/pam_lastlog.c(pam_parse): Recognize the new
        options.
        (last_login_read): New output parameter lltime. Do not display
        the last login message if it would be empty.
        (last_login_date): New output parameter lltime. Do not write the
        last login info when LASTLOG_UPDATE is not set.
        (last_login_failed): New function to display the last bad login
        attempt from btmp.
        (pam_sm_open_session): Obtain lltime from last_login_date() and
        call last_login_failed() when appropriate.

        * po/Linux-pam.pot: Updated strings to translate.
        * po/*.po: Likewise.

2008-09-29  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_echo/pam_echo.8.xml: Fix format error.

2008-09-25  Tomas Mraz <t8m@centrum.cz>

        * modules/pam_tally/pam_tally.c(get_tally): Fix syslog message.
        (tally_check): Open faillog read only. Close file descriptor.
        Fix typos in messages.

2008-09-25  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_mail/pam_mail.c (report_mail): Fix logic of
        "quiet" option (Patch from Andreas Henriksson <andreas@fatal.se>)

        * modules/pam_mail/pam_mail.8.xml: Fix typo.

2008-09-23  Tomas Mraz <t8m@centrum.cz>

        * modules/pam_limits/limits.conf.5.xml: Comment that rss limit is
        ignored.

2008-09-19  Tomas Mraz <t8m@centrum.cz>

        * modules/pam_cracklib/pam_cracklib.8.xml: Fix description
        of the palindrome test. Document new options maxrepeat and
        reject_username.
        * modules/pam_cracklib/pam_cracklib.c(_pam_parse): Parse
        the maxrepeat and reject_username options.
        (password_check): Call the new tests usercheck() and
        consecutive().
        (_pam_unix_approve_pass): Pass user name to the password_check().

2008-09-16  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_cracklib/pam_cracklib.8.xml: Fix typo.

        * modules/pam_unix/pam_unix.8.xml: Fix typo.

2008-09-03  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_exec/pam_exec.c: Expose authtok if requested,
        provide environment variable containing service type.
        * modules/pam_exec/pam_exec.8.xml: Document new option.

2008-08-29  Tomas Mraz <t8m@centrum.cz>

        * modules/pam_loginuid/pam_loginuid.c(set_loginuid): Uids
        are unsigned.

2008-08-18  Thorsten Kukuk  <kukuk@thkukuk.de>

        * Makefile.am (M4_FILES): Adjust list.

        * modules/pam_access/pam_access.8.xml: Fix module service
        vs. module type.
        * modules/pam_cracklib/pam_cracklib.8.xml: Likewise.
        * modules/pam_debug/pam_debug.8.xml: Likewise.
        * modules/pam_deny/pam_deny.8.xml: Likewise.
        * modules/pam_echo/pam_echo.8.xml: Likewise.
        * modules/pam_env/pam_env.8.xml: Likewise.
        * modules/pam_exec/pam_exec.8.xml: Likewise.
        * modules/pam_faildelay/pam_faildelay.8.xml: Likewise.
        * modules/pam_filter/pam_filter.8.xml: Likewise.
        * modules/pam_ftp/pam_ftp.8.xml: Likewise.
        * modules/pam_group/pam_group.8.xml: Likewise.
        * modules/pam_issue/pam_issue.8.xml: Likewise.
        * modules/pam_keyinit/pam_keyinit.8.xml: Likewise.
        * modules/pam_lastlog/pam_lastlog.8.xml: Likewise.
        * modules/pam_limits/pam_limits.8.xml: Likewise.
        * modules/pam_listfile/pam_listfile.8.xml: Likewise.
        * modules/pam_localuser/pam_localuser.8.xml: Likewise.
        * modules/pam_loginuid/pam_loginuid.8.xml: Likewise.
        * modules/pam_mail/pam_mail.8.xml: Likewise.
        * modules/pam_mkhomedir/pam_mkhomedir.8.xml: Likewise.
        * modules/pam_motd/pam_motd.8.xml: Likewise.
        * modules/pam_namespace/pam_namespace.8.xml: Likewise.
        * modules/pam_nologin/pam_nologin.8.xml: Likewise.
        * modules/pam_permit/pam_permit.8.xml: Likewise.
        * modules/pam_rhosts/pam_rhosts.8.xml: Likewise.
        * modules/pam_rootok/pam_rootok.8.xml: Likewise.
        * modules/pam_securetty/pam_securetty.8.xml: Likewise.
        * modules/pam_selinux/pam_selinux.8.xml: Likewise.
        * modules/pam_sepermit/pam_sepermit.8.xml: Likewise.
        * modules/pam_shells/pam_shells.8.xml: Likewise.
        * modules/pam_succeed_if/pam_succeed_if.8.xml: Likewise.
        * modules/pam_tally/pam_tally.8.xml: Likewise.
        * modules/pam_time/pam_time.8.xml: Likewise.
        * modules/pam_tty_audit/pam_tty_audit.8.xml: Likewise.
        * modules/pam_umask/pam_umask.8.xml: Likewise.
        * modules/pam_unix/pam_unix.8.xml: Likewise.
        * modules/pam_userdb/pam_userdb.8.xml: Likewise.
        * modules/pam_warn/pam_warn.8.xml: Likewise.
        * modules/pam_wheel/pam_wheel.8.xml: Likewise.
        * modules/pam_xauth/pam_xauth.8.xml: Likewise.

2008-08-01  Thorsten Kukuk  <kukuk@thkukuk.de>

        * configure.in: Add version for gettext, add search path
        for m4 directory, fix handling of --disable-* options.
        Patches from Diego Pettenò <flameeyes@gmail.com>.

        * configure.in: Run autoupdate on it.

        * acincludde.m4: Rename to ...
        * m4/jh_path_xml_catalog.m4: ... this.

        * m4/*.m4: Remove all autoconf m4 files.

2008-07-29  Steve Langasek <vorlon@debian.org>

        * modules/pam_cracklib/pam_cracklib.8.xml: correct a typo,
        "Only he" -> "Only the"

2008-07-28  Steve Langasek <vorlon@debian.org>

        * libpamc/test/regress/test.libpamc.c: use standard u_int8_t
        type instead of __u8, as elsewhere.
        Patch from Roger Leigh <rleigh@debian.org>.
        * modules/pam_unix/passverify.c: make save_old_password()
        thread-safe by using pam_modutil_getpwnam() instead of getpwnam()
        * modules/pam_unix/passverify.c, modules/pam_unix/passverify.h,
        modules/pam_unix/pam_unix_passwd.c: add pamh argument to
        save_old_password()

2008-07-27  Steve Langasek <vorlon@debian.org>

        * modules/pam_*/pam_*.8.xml: fix up the references to pam.d,
        which is in manpage section 5, not 8.
        * modules/pam_env/environment, modules/pam_env/pam_env.8.xml:
        spelling fix, seperate -> separate

2008-07-26  Steve Langasek <vorlon@debian.org>

        * modules/pam_env/pam_env.c: Fix module to skip over
        non-alphanumeric variable names, and to handle the case when
        asked to delete a non-existent variable.

2008-07-13  Tomas Mraz <t8m@centrum.cz>

        * modules/pam_mail/pam_mail.8.xml: Module supports session and
        not account service (#1980773).

2008-07-11  Tomas Mraz <t8m@centrum.cz>

        * modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary): Do
        not close the pipe descriptor in borderline case (#2009766).
        * modules/pam_unix/pam_unix_passwd.c (_unix_run_update_binary):
        Likewise.
        * modules/pam_unix/support.c (_unix_run_helper_binary): Likewise.
        * modules/pam_unix/support.h: Define upper limit of fds we will
        attempt to close.

        * modules/pam_selinux/pam_selinux.c (config_context): Do not
        ask for the level if use_current_range is set.
        (context_from_env): New function to obtain the context from
        PAM environment variables.
        (pam_sm_open_session): Call context_from_env() if env_params option
        is present. use_current_range now modifies behavior of the
        context_from_env and config_context options.
        * modules/pam_selinux/pam_selinux.8.xml: Describe the env_params
        option. Adjust description of use_current_range option.

2008-07-09  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_exec/pam_exec.c (call_exec): Move all variable
        declaration to begin of a block (#1976310).

        * xtests/tst-pam_group1.c (run_test): Move no_grps declaration
        to begin of function (#1976310).

        * modules/pam_securetty/pam_securetty.8.xml: Replace
        PAM_IGNORE with PAM_USER_UNKNOWN (#1994330).

        * modules/pam_tally/pam_tally.c: Add support for silent and
        no_log_info options.
        * modules/pam_tally/pam_tally.8.xml: Document silent and
        no_log_info options.

2008-07-08  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_unix/passverify.c (verify_pwd_hash): Adjust debug
        statement.

2008-06-22  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_unix/unix_chkpwd.c (main): Fix compiling without
        audit support.

        * modules/pam_cracklib/pam_cracklib.8.xml: Fix typo in ucredit
        description (reported by Wayne Pollock <pollock@acm.org>)

2008-06-19  Tomas Mraz <t8m@centrum.cz>

        * modules/pam_succeed_if/pam_succeed_if.c (pam_sm_authenticate):
        Detect configuration errors. Fail on incomplete condition.

2008-05-20  Tomas Mraz <t8m@centrum.cz>

        * configure.in: Work correctly with autoconf-2.62.

2008-05-19  Tomas Mraz <t8m@centrum.cz>

        * doc/man/pam_getenv.3.xml: Correct the pam_getenv documentation.

        * doc/man/pam_prompt.3.xml: Add missing description.

2008-05-14  Kjartan Maraas <kmaraas@gnome.org>

        * po/nb.po: Updated translation.

2008-05-14  Sulyok Péter <peti@sulyok.hu>

        * po/hu.po: Updated translation.

2008-05-14  Tomas Mraz <t8m@centrum.cz>

        * libpam/pam_modutil_getgrgid.c: Replace hardcoded constant with
        define PWD_LENGTH_SHIFT.
        * libpam/pam_modutil_getgrnam.c: Likewise.
        * libpam/pam_modutil_getpwnam.c: Likewise.
        * libpam/pam_modutil_getpwuid.c: Likewise.
        * libpam/pam_modutil_getspnam.c: Likewise.
        * libpam/pam_modutil_private.h: Adjust values for PWD_ constants.

        * modules/pam_unix/pam_unix_passwd.c(pam_sm_chauthtok): Unset authtok
        item when password is not approved.
        * modules/pam_unix/support.c(_unix_read_password): UNIX_USE_FIRST_PASS
        is always set when UNIX_AUTHTOK is set, change order of conditions.

2008-05-02  Tomas Mraz <t8m@centrum.cz>

        * modules/pam_selinux/pam_selinux.c(query_response): Add handling
        for NULL response.
        (manual_context): Handle failed query_response() properly. Rename
        variable responses to response which is more correct name.
        (config_context): Likewise.
        (pam_sm_open_session): Do not base decision on whether there is a tty.

2008-04-22  Tomas Mraz <t8m@centrum.cz>

        * modules/pam_selinux/pam_selinux.c(pam_sm_close_sesion): Fix
        regression from the change from 2008-03-20. setexeccon() must be
        called also with NULL prev_context.

2008-04-21  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_access/access.conf.5.xml: Document changed behavior
        of LOCAL keyword.
        * modules/pam_access/pam_access.c: Add from_remote_host to
        struct login_info to change behavior of LOCAL keyword: if
        PAM_RHOST is not set, LOCAL will be true.

2008-04-18  Tomas Mraz <t8m@centrum.cz>

        * modules/pam_namespace/pam_namespace.c: New functions
        unprotect_dirs(), cleanup_protect_data(), protect_mount(),
        protect_dir() to protect directory by bind mount.
        (cleanup_data): Renamed to cleanup_polydir_data().
        (parse_create_params): Allow missing specification of mode
        or owner.
        (check_inst_parent): Call protect_dir() on the instance parent
        directory. The directory is created when it doesn't exist.
        (create_polydir): Protect and make the polydir by protect_dir(),
        remove potential races.
        (create_dirs): Renamed to create_instance(), remove call to
        inst_init().
        (ns_setup): Call protect_dir() on the polydir if it already exists.
        Call inst_init() after the polydir is mounted.
        (setup_namespace): Set the namespace protect data to be cleaned up
        on pam_close_session()/pam_end().
        (pam_sm_open_session): Initialize the protect_dirs.
        (pam_sm_close_session): Cleanup namespace protect data.
        * modules/pam_namespace/pam_namespace.h: Define struct for the
        stack of protected dirs.
        * modules/pam_namespace/pam_namespace.8.xml: Document when the
        instance init script is called.
        * modules/pam_namespace/namespace.conf.5.xml: Likewise.

2008-04-17  Tomas Mraz <t8m@centrum.cz>

        * modules/pam_access/pam_access.c(myhostname): Removed function.
        (user_match): Supply hostname of the machine to the netgroup_match().
        Use hostname from the loginfo instead of calling myhostname().
        (pam_sm_authenticate): Call gethostname() to fill hostname in the
        loginfo.

        * modules/pam_sepermit/pam_sepermit.c(sepermit_match): Do not try
        to lock if euid != 0.

2008-04-16  Tomas Mraz <t8m@centrum.cz>

        * modules/pam_unix/Makefile.am: Link unix_chkpwd with libaudit.
        * modules/pam_unix/unix_chkpwd.c(_audit_log): New function for audit.
        (main): Call _audit_log() when appropriate.

        * modules/pam_cracklib/pam_cracklib.c(_pam_parse): Recognize also
        try_first_pass and use_first_pass options.
        (pam_sm_chauthtok): Implement the new options.

2008-04-08  Tomas Mraz <t8m@centrum.cz>

        * modules/pam_xauth/pam_xauth.c(run_coprocess): Avoid multiple
        calls to sysconf() (based on patch by Sami Farin).

        * libpam/pam_item.c (TRY_SET): Do not set when destination
        is identical to source.
        (pam_set_item): Do not overwrite destination when it
        is identical to source.

2008-04-07  Miloš Komarčević <kmilos@gmail.com>

        * po/sr.po: New file with translation.
        * po/sr@latin.po: Likewise.
        * po/LINGUAS: Add sr and sr@latin.

2008-04-03  Thorsten Kukuk  <kukuk@thkukuk.de>

        * release version 1.0.0

        * configure.in: Set version number to 1.0.0.
        * libpam/Makefile.am: Bump patchlevel of libpam.
        * doc/adg/Linux-PAM_ADG.xml: Update version/date.
        * doc/mwg/Linux-PAM_MWG.xml: Likewise.
        * doc/sag/Linux-PAM_SAG.xml: Likewise.

2008-03-31  Dan Walsh <dwalsh@redhat.com>

        * modules/pam_sepermit/pam_sepermit.c(sepermit_lock): Mark lock fd to
        be closed on exec.

2008-03-25  Leah Liu <lliu@redhat.com>

        * po/zh_CN.po: Updated translation.

2008-03-20  Tomas Mraz <t8m@centrum.cz>

        * modules/pam_namespace/pam_namespace.c(poly_name): Switch to USER
        method only when appropriate.
        (setup_namespace): Do not umount when not mounted with RUSER.

        * modules/pam_selinux/pam_selinux.c(pam_sm_close_session): Call
        freecontext() after the context is logged not before.

2008-03-18  Canniot Thomas <thomas.canniot@mrtomlinux.org>

        * po/fr.po: Updated translation.

2008-03-13  Ankit Patel <ankit@redhat.com>

        * po/gu.po: Updated translation.

2008-03-05  Tomas Mraz <t8m@centrum.cz>

        * modules/pam_cracklib/pam_cracklib.c(pam_sm_chauthtok): Avoid
        unnecessary x_strdup() of resp.
        * modules/pam_ftp/pam_ftp(pam_sm_authenticate): Call _pam_overwrite()
        before dropping password resp.

2008-03-03  Tomas Mraz <t8m@centrum.cz>

        * modules/pam_selinux/pam_selinux.c: Do not translate syslog messages.
        * po/Linux-PAM.pot: Update.

        * libpam/pam_item.c(RESET): Rename to TRY_SET, handle strdup failure.
        (pam_set_item): Use TRY_SET() also for PAM_AUTHTOK and PAM_OLDAUTHTOK.
        Handle allocation failure for PAM_XAUTHDATA.
        (pam_get_user): Return error when conversation returns NULL user.
        Call pam_set_item() instead of RESET().

2008-02-26  Tomas Mraz <t8m@centrum.cz>

        * modules/pam_unix/Makefile.am: Do not link to cracklib.
        * modules/pam_unix/pam_unix_passwd.c(_pam_unix_approve_pass):
        Do not call FascistCheck() from cracklib.

2008-02-29  Fabian Affolter <fab@fedoraproject.org>

        * po/de.po: Updated translation.

2008-02-28  Piotr Drąg <piotrdrag@gmail.com>

        * po/pl.po: Updated translation.

2008-02-26  Tomas Mraz <t8m@centrum.cz>

        * po/LINUGAS: New languages added.
        * po/es.po: Updated translations.
        * po/fr.po: Likewise.
        * po/it.po: Likewise.
        * po/ja.po: Likewise.
        * po/nl.po: Likewise.
        * po/pl.po: Likewise.
        * po/pt_BR.po: Likewise.
        * po/ru.po: Likewise.
        * po/zh_CN.po: Likewise.
        * po/as.po: New file.
        * po/gu.po: Likewise.
        * po/hi.po: Likewise.
        * po/kn.po: Likewise.
        * po/ko.po: Likewise.
        * po/ml.po: Likewise.
        * po/or.po: Likewise.
        * po/si.po: Likewise.
        * po/ta.po: Likewise.

2008-02-21  Tomas Mraz <t8m@centrum.cz>

        * libpam/pam_audit.c (_pam_audit_writelog): Silence syslog
        message on non-error return.

        * modules/pam_unix/unix_chkpwd.c (main): Proceed as unprivileged
        user when checking password of another user.
        * modules/pam_unix/unix_update.c: Fix comment.

2008-02-18  Dmitry V. Levin  <ldv@altlinux.org>

        * libpam/pam_handlers.c (_pam_assemble_line): Fix potential
        buffer overflow.
        * xtests/tst-pam_assemble_line1.pamd: New test for
        _pam_assemble_line.
        * xtests/tst-pam_assemble_line1.sh: New script for
        tst-pam_assemble_line1.
        * xtests/Makefile.am (NOSRCTESTS): Add tst-pam_assemble_line1.
        (EXTRA_DIST): Add tst-pam_assemble_line1.pamd and
        tst-pam_assemble_line1.sh

        * modules/pam_exec/pam_exec.c (call_exec): Fix asprintf return
        code check.

2008-02-13  Thorsten Kukuk  <kukuk@thkukuk.de>

        * release version 0.99.10.0

        * configure.in: set version number.

        * modules/pam_rhosts/Makefile.am: Remove pam_rhosts_auth.
        * modules/pam_rhosts/pam_rhosts_auth.c: Removed.
        * modules/pam_rhosts/tst-pam_rhosts_auth: Removed.

        * modules/pam_namespace/Makefile.am (noinst_HEADERS): Add
        pam_namespace.h.

2008-02-13  Tomas Mraz  <t8m@centrum.cz>

        * modules/pam_namespace/Makefile.am: Add argv_parse files and namespace.d
        dir.
        * modules/pam_namespace/argv_parse.c: New file.
        * modules/pam_namespace/argv_parse.h: New file.
        * modules/pam_namespace/namespace.conf.5.xml: Document new features.
        * modules/pam_namespace/pam_namespace.8.xml: Likewise.
        * modules/pam_namespace/pam_namespace.h: Use SECURECONF_DIR define.
        Define NAMESPACE_D_DIR and NAMESPACE_D_GLOB. Define new option flags
        and polydir flags.
        (polydir_s): Add rdir, replace exclusive with flags, add init_script,
        owner, group, and mode.
        (instance_data): Add ruser, gid, and ruid.
        * modules/pam_namespace/pam_namespace.c: Remove now unused copy_ent().
        (add_polydir_entry): Add the entry directly, no copy.
        (del_polydir): New function.
        (del_polydir_list): Call del_polydir().
        (expand_variables, parse_create_params, parse_iscript_params,
        parse_method): New functions.
        (process_line): Call expand_variables() on polydir and instance prefix.
        Call argv_parse() instead of strtok_r(). Allocate struct polydir_s on heap.
        (parse_config_file): Parse .conf files from namespace.d dir after
        namespace.conf.
        (form_context): Call getcon() or get_default_context_with_level() when
        appropriate flags are set.
        (poly_name): Handle shared polydir flag.
        (inst_init): Execute non-default init script when specified.
        (create_polydir): New function.
        (create_dirs): Remove the code which checks the polydir. Do not call
        inst_init() when noinit flag is set.
        (ns_setup): Check the polydir and eventually create it if the create flag
        is set.
        (setup_namespace): Use ruser uid from idata. Set the namespace polydir
        pam data only when namespace was set up correctly. Unmount polydir
        based on ruser.
        (get_user_data): New function.
        (pam_sm_open_session): Check for use_current_context and
        use_default_context options. Call get_user_data().
        (pam_sm_close_session): Call get_user_data().

2008-02-06  Thorsten Kukuk  <kukuk@thkukuk.de>

        * po/de.po: Translate some more strings.

2008-02-05  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_unix/unix_update.c: Remove unused declarations.

2008-02-04  Thorsten Kukuk  <kukuk@thkukuk.de>

        * libpam/pam_static_modules.h: Add _pam_sepermit_modstruct.
        * modules/pam_sepermit/pam_sepermit.c: Fix typo.
        * modules/pam_sepermit/Makefile.am: Install config file only
        if we build the module.

        * README: Add --disable-pie to configure options for static library.

        * doc/man/Makefile.am: Fix building outside of src directory.

        * libpam/Makefile.am: Bump version number of libpam.

        * modules/Makefile.am: Add pam_sepermit.

        * doc/Makefile.am: Fix build out of source directory.

        * po/POTFILES.in: Add pam_sepermit.c.

        * modules/pam_exec/pam_exec.c: Set PAM environment variables and
        add 'quiet' option.
        * modules/pam_exec/pam_exec.8.xml: Document new behavior.
        Patch from Julien Lecomte <julien@lecomte.at>.

2008-02-01  Tomas Mraz  <t8m@centrum.cz>

        * modules/pam_namespace/namespace.conf.5.xml: Add documentation for
        tmpfs and tmpdir polyinst and for ~ user list modifier.
        * modules/pam_namespace/namespace.init: Add documentation for the
        new init parameter. Add home directory initialization script.
        * modules/pam_namespace/pam_namespace.8.xml: Document the new
        init parameter of the namespace.init script.
        * modules/pam_namespace/pam_namespace.c(copy_ent): Copy exclusive flag.
        (cleanup_data): New function.
        (process_line): Set exclusive flag. Add tmpfs and tmpdir methods.
        (ns_override): Change behavior on the exclusive flag.
        (poly_name): Process tmpfs and tmpdir methods.
        (inst_init): Add flag for new directory initialization.
        (create_dirs): Process the tmpdir method, add the new directory
        flag.
        (ns_setup): Remove unused code. Process the tmpfs method.
        (cleanup_tmpdirs): New function.
        (setup_namespace): Set data for proper cleanup. Cleanup the tmpdirs
        on failures.
        (pam_sm_close_session): Instead of parsing the config file again use
        the previously set data for cleanup.
        * modules/pam_namespace/pam_namespace.h: Add TMPFS and TMPDIR methods
        and exclusive flag.

2008-01-29  Tomas Mraz  <t8m@centrum.cz>

        * configure.in: Test for setkeycreatecon needs libselinux.
        Add new module pam_sepermit.
        * modules/Makefile.am: Add new module pam_sepermit.
        * modules/pam_sepermit/.cvsignore: New file.
        * modules/pam_sepermit/Makefile.am: Likewise.
        * modules/pam_sepermit/README.xml: Likewise.
        * modules/pam_sepermit/pam_sepermit.8.xml: Likewise.
        * modules/pam_sepermit/pam_sepermit.c: Likewise.
        * modules/pam_sepermit/sepermit.conf: Likewise.
        * modules/pam_sepermit/tst-pam_sepermit: Likewise.
        * doc/sag/pam_sepermit.xml: Likewise.

        * doc/sag/pam_tty_audit.xml: Add pam_tty_audit to SAG.

2008-01-29  Miloslav Trmac  <mitr@redhat.com>

        * modules/pam_tty_audit/README.xml: Add notes section.
        * modules/pam_tty_audit/pam_tty_audit.8.xml: Describe patterns
        support and open_only option. Add notes.
        * modules/pam_tty_audit/pam_tty_audit.c(pam_sm_open_session): Add
        support for pattern matching and the open_only option.

2008-01-28  Thorsten Kukuk  <kukuk@thkukuk.de>

        * libpam/pam_audit.c: Include pam_modutil_private.h.

        * libpam/pam_item.c (pam_set_item): Fix compiler warning.

        * libpam/pam_end.c (pam_end): Cast to correct pointer type.
        * libpam/include/security/_pam_macros.h (_pam_overwrite_n): Use
        unsigned int.

        * modules/pam_unix/passverify.c: Fix compiling without SELinux
        support.

2008-01-24  Tomas Mraz  <t8m@centrum.cz>

        * modules/pam_unix/bigcrypt.c (bigcrypt): Use crypt_r() when
        available.
        * modules/pam_unix/passverify.c (strip_hpux_aging): New function
        to strip HP/UX aging info from password hash.
        (verify_pwd_hash): Call strip_hpux_aging(), use crypt_r() when
        available.

2008-01-23  Tomas Mraz  <t8m@centrum.cz>

        * configure.in: Add test for crypt_r(). Add setting/disabling random
        device support.

        * modules/pam_unix/Makefile.am: Add unix_update.8 manpage generated from
        XML, generate also unix_chkpwd.8 from XML.
        * modules/pam_unix/pam_unix_acct.c: Add rounds parameter to _set_ctrl().
        * modules/pam_unix/pam_unix_auth.c: Likewise.
        * modules/pam_unix/pam_unix_sess.c: Likewise.
        * modules/pam_unix/pam_unix_passwd.c: Likewise.
        * modules/pam_unix/support.c(_set_ctrl): Likewise.
        * modules/pam_unix/support.h: Likewise. Add UNIX_SHA256_PASS,
        UNIX_SHA512_PASS, and UNIX_ALGO_ROUNDS ctrls.
        (pam_sm_chauthtok): Refactor out new password encryption.
        * modules/pam_unix/passverify.c(crypt_make_salt): New function.
        (crypt_md5_wrapper): Call crypt_make_salt().
        (create_password_hash): New function refactored out of
        pam_sm_chauthtok(). Support for new password hashes.
        * modules/pam_unix/passverify.h: Drop ascii_to_bin() and bin_to_ascii()
        macros. Add prototype for create_password_hash().
        * modules/pam_unix/unix_update.8.xml: New file.
        * modules/pam_unix/unix_chkpwd.8.xml: Likewise.

        * modules/pam_unix/Makefile.am: Add unix_update helper.
        * modules/pam_unix/pam_unix_passwd.c: Move functions i64c(),
        crypt_md5_wrapper(), save_old_password(), _update_passwd() and
        _update_shadow() to passverify.c file. Rename _unix_run_shadow_binary()
        to _unix_run_update_binary(), which also verifies old password and
        does all writing.
        (_do_setpass, pam_sm_chauthtok): lckpwdf()->lock_pwdf(), the same for unlock.
        Call _unix_run_update_binary() appropriately.
        _update_passwd()->unix_update_passwd(), the same for shadow.
        * modules/pam_unix/passverify.c: Add new functions moved from
        pam_unix_passwd.c and unix_chkpwd.c.
        * modules/pam_unix/passverify.h: Likewise.
        * modules/pam_unix/unix_chkpwd.c: Remove SELinux checks. Move
        su_sighandler(), setup_signals(), getuidname() to passverify.c.
        (main): Remove 'shadow' option. Refactor out read_passwords() and
        call it. More strict checking how the binary is called.
        * modules/pam_unix/unix_update.c: New helper binary - non-setuid,
        called from SELinux confined apps only.

        * modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary): Return
        status and daysleft instead of fake shadow entry.
        (pam_sm_acct_mgmt): Call _unix_run_verify_binary() appropriately.
        * modules/pam_unix/pam_unix_passwd.c (_unix_verify_shadow): Call
        get_account_info() and check_shadow_expiry().
        * modules/pam_unix/support.h: Adjust _unix_run_verify_binary()
        prototype.
        * modules/pam_unix/support.c (_unix_run_helper_binary): Remove check
        on selinux enabled/disabled.
        * modules/pam_unix/unix_chkpwd.c (_verify_account): Rename to
        _check_expiry(), now checks shadow expiry info.
        (main): Remove check on selinux enabled/disabled. Check shadow
        expiry through _check_expiry().

        * modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): Call
        get_account_info() and check_shadow_expiry().
        * modules/pam_unix/passverify.c: Add get_account_info() to
        obtain shadow and passwd entry. Add check_shadow_expiry() to
        for shadow password expiry check.
        (get_pwd_hash): Call get_account_info().
        * modules/pam_unix/passverify.h: Add prototypes for get_account_info()
        and check_shadow_expiry().

2008-01-08  Thorsten Kukuk  <kukuk@thkukuk.de>

        * doc/man/Makefile.am: Fix manual page dependencies,
        add hack for bug in xsl stylestheets.

2008-01-07  Thorsten Kukuk  <kukuk@thkukuk.de>

        * po/it.po: Fix typos.
        * po/de.po: Few new translations.
        * po/POTFILES.in: Add pam_tty_audit.c and passverify.c.
        * doc/man/pam_xauth_data.3.xml: Added to CVS.
        * doc/man/pam_xauth_data.3: Likewise.
        * modules/pam_tty_audit/README: Likewise.
        * modules/pam_tty_audit/pam_tty_audit.8: Likewise.
        * po/sv.po: Update swedish translation [#1857531].
        * modules/pam_succeed_if/pam_succeed_if.8.xml: Fix
        cut & paste error [#1863490].

2008-01-02  Petteri Räty  <betelgeuse@gentoo.org>
        * modules/pam_limits/limits.conf: document allowed values for
        nice.
        * modules/pam_limits/limits.conf.5.xml: Likewise.

2007-12-18  Thorsten Kukuk  <kukuk@thkukuk.de>

        * README: Document how to run make check with static modules
        (SF#1822779).

2007-12-18  Peter Breitenlohner  <peb@mppmu.mpg.de>
        * README: Document that "make check" requires a file
        /etc/pam.d/other (SF#1822764).

2007-12-12  Eamon Walsh  <ewalsh@tycho.nsa.gov>

        * doc/man/pam_item_types_ext.inc.xml: More appropriate wording
        for PAM_XDISPLAY doc.

2007-12-07  Tomas Mraz  <t8m@centrum.cz>

        * po/cs.po: Updated translations.

        * libpam/libpam.map: Add LIBPAM_MODUTIL_1.1 version.
        * libpam/pam_audit.c: Add _pam_audit_open() and
        pam_modutil_audit_write().
        (_pam_auditlog): Call _pam_audit_open().
        * libpam/include/security/pam_modutil.h: Add pam_modutil_audit_write().
        * modules/pam_access/pam_access.8.xml: Add noaudit option.
        Document auditing.
        * modules/pam_access/pam_access.c: Move fs, sep, pam_access_debug, and
        only_new_group_syntax variables to struct login_info. Add noaudit
        member.
        (_parse_args): Adjust for the move of variables and add support for
        noaudit option.
        (group_match): Add debug parameter.
        (string_match): Likewise.
        (network_netmask_match): Likewise.
        (login_access): Adjust for the move of variables. Add nonall_match.
        Add call to pam_modutil_audit_write().
        (list_match): Adjust for the move of variables.
        (user_match): Likewise.
        (from_match): Likewise.
        (pam_sm_authenticate): Call _parse_args() earlier.
        * modules/pam_limits/pam_limits.8.xml: Add noaudit option.
        Document auditing.
        * modules/pam_limits/pam_limits.c (_pam_parse): Add noaudit option.
        (setup_limits): Call pam_modutil_audit_write().
        * modules/pam_time/pam_time.8.xml: Add debug and noaudit options.
        Document auditing.
        * modules/pam_time/pam_time.c: Add option parsing (_pam_parse()).
        (check_account): Call _pam_parse(). Call pam_modutil_audit_write()
        and pam_syslog() on login denials.

2007-12-07  Luca Bruno  <luca.br@uno.it>

        * po/it.po: Updated translations.

2007-12-06  Eamon Walsh  <ewalsh@tycho.nsa.gov>

        * libpam/include/security/_pam_macros.h: Add _pam_overwrite_n()
        macro.
        * libpam/include/security/_pam_types.h: Add PAM_XDISPLAY,
        PAM_XAUTHDATA items, pam_xauth_data struct.
        * libpam/pam_item.c (pam_set_item, pam_get_item): Handle
        PAM_XDISPLAY and PAM_XAUTHDATA items.
        * libpam/pam_end.c (pam_end): Destroy the new items.
        * libpam/pam_private.h (pam_handle): Add data members for new
        items. Add prototype for _pam_memdup.
        * libpam/pam_misc.c: Add _pam_memdup.
        * doc/man/Makefile.am: Add pam_xauth_data.3. Replace
        pam_item_types.inc.xml with pam_item_types_std.inc.xml and
        pam_item_types_ext.inc.xml.
        * doc/man/pam_get_item.3.xml: Replace pam_item_types.inc.xml
        with pam_item_types_std.inc.xml and pam_item_types_ext.inc.xml.
        * doc/man/pam_set_item.3.xml: Likewise.
        * doc/man/pam_item_types.inc.xml: Removed file.
        * doc/man/pam_item_types_ext.inc.xml: New file.
        * doc/man/pam_item_types_std.inc.xml: New file.

2007-12-06  Tomas Mraz  <t8m@centrum.cz>

        * modules/pam_tty_audit/pam_tty_audit.8.xml: Fix example.

2007-12-05  Miloslav Trmac  <mitr@redhat.com>

        * configure.in: Add test for audit_tty_status struct. Add
        pam_tty_audit module.
        * libpam/pam_static_modules.h: Add pam_tty_audit module.
        * modules/pam_tty_audit/Makefile.am: New file.
        * modules/pam_tty_audit/README.xml: Likewise.
        * modules/pam_tty_audit/pam_tty_audit.8.xml: Likewise.
        * modules/pam_tty_audit/pam_tty_audit.c: Likewise.

2007-12-05  Tomas Mraz  <t8m@centrum.cz>

        * modules/pam_unix/Makefile.am: Add passverify.h and passverify.c
        as first part of pam_unix refactorization.
        * modules/pam_unix/pam_unix/pam_unix_acct.c: Include passverify.h.
        * modules/pam_unix/pam_unix_passwd.c: Likewise.
        * modules/pam_unix/passverify.c: New file with common functions.
        * modules/pam_unix/passverify.h: Prototypes for the common functions.
        * modules/pam_unix/support.c: Include passverify.h, move
        _unix_shadowed() to passverify.c.
        (_unix_verify_password): Refactor out verify_pwd_hash() function.
        * modules/pam_unix/support.h: Move _unix_shadowed() prototype to
        passverify.h
        * modules/pam_unix/unix_chkpwd.c: Use _unix_shadowed() and
        verify_pwd_hash() from passverify.c.

2007-11-20  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_unix/Makefile.am (unix_chkpwd_LDADD): Don't link
        unix_chkpwd unnecessary against libpam (#1822779).

        * modules/pam_tally/pam_tally.c (tally_log): Map
        pam_modutil_getpwnam to getpwnam if we don't compile
        as module.
        * modules/pam_tally/Makefile.am: Don't link pam_tally_app
        against libpam (#1822779).

2007-11-06  Thorsten Kukuk  <kukuk@thkukuk.de>

        * xtests/tst-pam_group1.c: Include stdlib.h
        * xtests/tst-pam_succeed_if1.c: Likewise.
        * xtests/tst-pam_limits1.c: Likewise.
        * xtests/tst-pam_access1.c: Likewise.
        * xtests/tst-pam_access2.c: Likewise.
        * xtests/tst-pam_access3.c: Likewise.
        * xtests/tst-pam_access4.c: Likewise.
        * xtests/tst-pam_unix1.c: Likewise.
        * xtests/tst-pam_unix2.c: Likewise.
        * xtests/tst-pam_unix3.c: Likewise.
        * xtests/tst-pam_cracklib1.c: Likewise.
        * xtests/tst-pam_cracklib2.c: Likewise.

        * libpam/pam_static_modules.h: Fix name of pam_namespace variable.

2007-11-01  Peter Breitenlohner <peb@mppmu.mpg.de>

        * doc/man/pam_conv.3.xml: Correct typo.

2007-10-30  Peter Breitenlohner <peb@mppmu.mpg.de>

        * modules/pam_rhosts/pam_rhosts_auth.c (__icheckhost): Correct
        misplaced parenthesis.
        * modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): Prevent use of
        dngettext() when NLS is disabled.
        * modules/pam_exec/pam_exec.c (call_exec): Avoid gcc warning.
        * doc/specs/parse_y.y (set_label, new_counter): Break trigraphs to
        avoid gcc warning.
        * modules/pam_wheel/pam_wheel.c: Remove excessive initializer
        elements.

        * modules/pam_cracklib/pam_cracklib.8.xml: Correct typo.
        * modules/pam_limits/limits.conf.5.xml: Likewise.
        * modules/pam_listfile/pam_listfile.8.xml: Likewise.
        * modules/pam_xauth/pam_xauth.8.xml: Likewise.

        * modules/pam_deny/pam_deny.8.xml: Correct spelling.
        * modules/pam_group/pam_group.8.xml: Likewise.
        * modules/pam_permit/pam_permit.8.xml: Likewise.
        * modules/pam_shells/pam_shells.8.xml: Likewise.
        * modules/pam_time/pam_time.8.xml: Likewise.
        * modules/pam_warn/pam_warn.8.xml: Likewise.

        * tests/tst-dlopen.c: Return 77 in case of static modules, such that
        all modules/pam_*/tst-pam_* tests yield SKIP instead of FAIL.
        * libpam/Makefile.am (libpam_la_LIBADD): Use "$(shell ls ...)" instead
        of "`ls ...`", to allow for static modules.
        * libpam/pam_static_modules.h: Make pam_keyinit module depend on
        HAVE_KEY_MANAGEMENT; correct name of pam_faildelay pam_module struct.
        * modules/pam_faildelay/pam_faildelay.c: Correct name of pam_module
        struct.

2007-10-25  Steve Langasek  <vorlon@debian.org>

        * modules/pam_tally/pam_tally.c: fix the definition of OPT_AUDIT
        to be octal instead of decimal, so that it works properly in a
        bit field instead of forcing the "even_deny_root_account" and
        "no_reset" options to on.
        Patch from Corey Wright <undefined@pobox.com>.

2007-10-19  Tomas Mraz  <t8m@centrum.cz>

        * xtests/tst-pam_access1.c: Use different name for user and group.
        * xtests/tst-pam_access1.sh: Likewise.
        * xtests/tst-pam_access2.c: Likewise.
        * xtests/tst-pam_access2.sh: Likewise.
        * xtests/tst-pam_access4.c: Likewise.
        * xtests/tst-pam_access4.sh: Likewise.
        * xtests/group.conf: Likewise.
        * xtests/tst-pam_group1.c: Likewise.
        * xtests/tst-pam_group1.sh: Likewise.

        * libpam/pam_dispatch.c (_pam_dispatch_aux): Save states for substacks,
        record substack level, skip over virtual substack modules, implement
        evaluation of done, die, reset and jumps in substacks. Also fixes
        too far jumps in substacks.
        * libpam/pam_end.c (pam_end): Drop substack evaluation states.
        * libpam/pam_handlers.c (_pam_parse_conf_file): Add substack level
        parameter, instead of must_fail use handler_type needed for virtual
        substack modules.
        (_pam_load_conf_file): Add substack level parameter.
        (_pam_init_handlers): Substack level parameter added to
        _pam_parse_conf_file() calls.
        (_pam_load_module): New function.
        (_pam_add_handler): Refactor code into the _pam_load_module(). Add
        support for virtual substack modules.
        * libpam/pam_private.h: Rename must_fail to handler_type, add stack_level
        to struct handler. Define handler type constants. Add struct
        for substack evaluation states. Define constant for maximum
        substack level. Add substack states pointer to former state struct.
        * libpam/pam_start.c (pam_start): Initialize pointer to substack states.
        * doc/man/pam.conf-syntax.xml: Document substack control.
        * xtests/Makefile.am: Add new tests for substack evaluation.
        * xtests/run_xtests.sh: Support multiple .pamd files in a test.
        * xtests/tst-pam_authfail.pamd: New tests for substack evaluation.
        * xtests/tst-pam_authsucceed.pamd: Likewise.
        * xtests/tst-pam_substack1.pamd: Likewise.
        * xtests/tst-pam_substack1a.pamd: Likewise.
        * xtests/tst-pam_substack1.sh: Likewise.
        * xtests/tst-pam_substack2.pamd: Likewise.
        * xtests/tst-pam_substack2a.pamd: Likewise.
        * xtests/tst-pam_substack2.sh: Likewise.
        * xtests/tst-pam_substack3.pamd: Likewise.
        * xtests/tst-pam_substack3a.pamd: Likewise.
        * xtests/tst-pam_substack3.sh: Likewise.
        * xtests/tst-pam_substack4.pamd: Likewise.
        * xtests/tst-pam_substack4a.pamd: Likewise.
        * xtests/tst-pam_substack4.sh: Likewise.
        * xtests/tst-pam_substack5.pamd: Likewise.
        * xtests/tst-pam_substack5a.pamd: Likewise.
        * xtests/tst-pam_substack5.sh: Likewise.

2007-10-18  Tomas Mraz  <t8m@centrum.cz>

        * xtests/tst-pam_dispatch4.c: Fix comment about the test.
        * xtests/tst-pam_dispatch4.pamd: Improve the testcase.
        * xtests/tst-pam_cracklib2.c: Make the testcase more robust.

2007-10-12  Thorsten Kukuk  <kukuk@thkukuk.de>

        * xtests/Makefile.am: Add tst-pam_dispatch5 sources
        * xtests/tst-pam_dispatch5.c: New test for jump too far.
        * xtests/tst-pam_dispatch5.pamd: New test configuration.

2007-10-09  Tomas Mraz  <t8m@centrum.cz>

        * modules/pam_tally/pam_tally.8.xml: Document audit option
        correctly.

2007-10-09  Thorsten Kukuk  <kukuk@thkukuk.de>

        * release version 0.99.9.0

        * configure.in: Increase vesion number.

        * libpam/Makefile.am: Increase release number.
        * libpam_misc/Makefile.am: Increase release number.

        * po/*.po: Regenerate.

2007-10-08  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_time/pam_time.c (is_same): Length of strings without
        wildcard needs to be the same.
        * modules/pam_group/pam_group.c (is_same): Likewise.

2007-10-01  Thorsten Kukuk  <kukuk@thkukuk.de>

        * xtests/tst-pam_group1.c: New test case for user compare in pam_group.
        * xtests/tst-pam_group1.sh: Script to run test case.
        * xtests/tst-pam_group1.pamd: Config for test case.
        * xtests/Makefile.am: Add tst-pam_group1 test case.
        * xtests/run-xtests.sh: Save/restore group.conf.
        * xtests/group.conf: New.

        * modules/pam_xauth/pam_xauth.c (pam_sm_open_session): Don't
        free arguments used for putenv().

        * doc/man/pam_putenv.3.xml: Document that application has to free
        the memory.

2007-09-27  Tomas Mraz  <t8m@centrum.cz>

        * modules/pam_succeed_if/pam_succeed_if.c (evaluate_inlist): Fix in
        operator rhbz #295151.
        * modules/pam_namespace/pam_namespace.c (poly_name): Do not try to
        get context when SELinux is disabled.

2007-09-27  Thorsten Kukuk  <kukuk@thkukuk.de>

        * xtests/tst-pam_succeed_if1.c: New test case for
        https://bugzilla.redhat.com/show_bug.cgi?id=295151
        * xtests/tst-pam_succeed_if1.sh: Script to run test case.
        * xtests/tst-pam_succeed_if1.pamd: Config for test case.
        * xtests/Makefile.am: Add tst-pam_succeed_if1 test case.

        * xtests/run-xtests.sh: Add support to skip tests.
        * xtests/tst-pam_limits1.c: Skip test if RLIMIT_NICE is not
        defined.

2007-09-03  Steve Langasek  <vorlon@debian.org>

        * modules/pam_limits/pam_limits.c: remove a number of unnecessary
        string manipulations, including a strncpy() that was acting on
        overlapping memory.

        * libpam_misc/misc_conv.c: don't block SIGINT in misc_conv; it's
        perfectly valid to allow the user to interrupt at a prompt.  If
        an application wants prompts to not be interruptable, the
        application should take responsibility for blocking SIGINT.

2007-09-02  Thorsten Kukuk  <kukuk@thkukuk.de>

        * examples/Makefile.am: Fix usage of LIBADD, LDADD and LDFLAGS.
        * libpam/Makefile.am: Likewise.
        * modules/pam_access/Makefile.am: Likewise.
        * modules/pam_cracklib/Makefile.am: Likewise.
        * modules/pam_debug/Makefile.am: Likewise.
        * modules/pam_deny/Makefile.am: Likewise.
        * modules/pam_echo/Makefile.am: Likewise.
        * modules/pam_env/Makefile.am: Likewise.
        * modules/pam_exec/Makefile.am: Likewise.
        * modules/pam_faildelay/Makefile.am: Likewise.
        * modules/pam_filter/Makefile.am: Likewise.
        * modules/pam_filter/upperLOWER/Makefile.am: Likewise.
        * modules/pam_ftp/Makefile.am: Likewise.
        * modules/pam_group/Makefile.am: Likewise.
        * modules/pam_issue/Makefile.am: Likewise.
        * modules/pam_keyinit/Makefile.am: Likewise.
        * modules/pam_lastlog/Makefile.am: Likewise.
        * modules/pam_limits/Makefile.am: Likewise.
        * modules/pam_listfile/Makefile.am: Likewise.
        * modules/pam_localuser/Makefile.am: Likewise.
        * modules/pam_loginuid/Makefile.am: Likewise.
        * modules/pam_mail/Makefile.am: Likewise.
        * modules/pam_mkhomedir/Makefile.am: Likewise.
        * modules/pam_motd/Makefile.am: Likewise.
        * modules/pam_namespace/Makefile.am: Likewise.
        * modules/pam_nologin/Makefile.am: Likewise.
        * modules/pam_permit/Makefile.am: Likewise.
        * modules/pam_rhosts/Makefile.am: Likewise.
        * modules/pam_rootok/Makefile.am: Likewise.
        * modules/pam_securetty/Makefile.am: Likewise.
        * modules/pam_selinux/Makefile.am: Likewise.
        * modules/pam_shells/Makefile.am: Likewise.
        * modules/pam_stress/Makefile.am: Likewise.
        * modules/pam_succeed_if/Makefile.am: Likewise.
        * modules/pam_tally/Makefile.am: Likewise.
        * modules/pam_time/Makefile.am: Likewise.
        * modules/pam_umask/Makefile.am: Likewise.
        * modules/pam_unix/Makefile.am: Likewise.
        * tests/Makefile.am: Likewise.

2007-08-31  Steve Langasek  <vorlon@debian.org>

        * modules/pam_group/group.conf: don't use "games" as an example
        group, on some distros this is a pre-existing group that it would
        be a security hole to give users access to.

2007-08-30  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_limits/limits.conf.5.xml: Document that maxlogins
        is ignored for users with UID 0.

2007-08-30  Steve Langasek  <vorlon@debian.org>

        * modules/pam_unix/support.c, modules/pam_unix/unix_chkpwd.c:
        A wrong username doesn't need to be logged at LOG_ALERT;
        LOG_WARNING should be sufficient.
        Patch from Sam Hartman <hartmans@debian.org>.

        * modules/pam_cracklib/pam_cracklib.c:
        s/CRACKLIB_DICT/CRACKLIB_DICTS/, for consistency with existing
        #define in pam_unix

2007-08-29  Steve Langasek  <vorlon@debian.org>

        * libpam/pam_modutil_getgrgid.c, libpam/pam_modutil_getgrnam.c,
        libpam/pam_modutil_getpwnam.c, libpam/pam_modutil_getpwuid.c,
        libpam/pam_modutil_getspnam.c: don't use pthread mutexes in libpam
        unnecessarily; this avoids linking problems on non-Linux
        platforms.

        * modules/pam_listfile/pam_listfile.c, modules/pam_listfile/README,
        modules/pam_listfile/pam_listfile.8,
        modules/pam_listfile/pam_listfile.8.xml: add a 'quiet' option to
        avoid logging errors any time a user is refused service by this
        module.

2007-08-29  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_rhosts/pam_rhosts_auth.c: buflen needs to be size_t.
        (__icheckhost): Cast to int32_t to fix limited range error.

        * modules/pam_cracklib/pam_cracklib.c: Mark cracklib_dictpath
        as const.

2007-08-29  Steve Langasek <vorlon@debian.org>

        * modules/pam_rhosts/pam_rhosts_auth.c: getline returns -1 at
        EOF, not 0.  Check accordingly to fix an infinite loop.  Thanks
        to Stephan Springl <springl-rhosts@bfw-online.de> for catching
        this.

2007-08-28  Steve Langasek <vorlon@debian.org>

        * configure.in: call AC_CHECK_HEADERS instead of AC_CHECK_HEADER
        for crack.h, so we get a HAVE_CRACK_H define.
        * modules/pam_cracklib/pam_cracklib.c: don't copy around the
        cracklib dictpath into a fixed-width buffer, when we can just
        point at the existing strings; and allow users to override the
        default cracklib path with -DCRACKLIB_DICT, required for
        compatibility with cracklib 2.7.

2007-08-27  Steve Langasek <vorlon@debian.org>

        * modules/pam_limits/pam_limits.c: when building on non-Linux
        systems, give a warning only, not an error; no one seems to
        remember why this error was here in the first place, but leave
        something in that might still grab the attention of non-Linux
        users.
        Patch from Michal Suchanek <hramrach_l@centrum.cz>.
        * configure.in, modules/pam_rhosts/pam_rhosts_auth.c: check for
        the presence of net/if.h before using, required for Hurd
        compatibility.
        Patch from Igor Khavkine <i_khavki@alcor.concordia.ca>.
        * modules/pam_limits/pam_limits.c: conditionalize the use of
        RLIMIT_AS, which is not present on the Hurd.
        Patch from Igor Khavkine <i_khavki@alcor.concordia.ca>.
        * modules/pam_rhosts/pam_rhosts_auth.c: use getline() instead of
        a static buffer when available; fixes the build on systems
        without MAXHOSTNAMELEN (i.e., the Hurd).
        * modules/pam_xauth/pam_xauth.c: make sure PATH_MAX is defined
        before using it.

2007-08-26  Andrew Morgan  <morgan@kernel.org>

        * doc/man/pam.conf-syntax.xml
        Minor fixes: '\[' -> '\]'.

2007-08-25  Steve Langasek  <vorlon@debian.org>

        * doc/man/pam.conf-syntax.xml, doc/man/pam.conf.5:
        Document "new" control options conv_again and incomplete, supported
        in pam.d's extended syntax.
        Patch from Ben Collins <bcollins@debian.org>.

2007-08-15  Tomas Mraz  <t8m@centrum.cz>

        * modules/pam_access/pam_access.c (list_match): Add explicit
        sptr argument for strtok_r, otherwise the code is not portable.

2007-08-13  Olivier Blin <blino@mandriva.com>

        * doc/man/pam.3.xml: Fix typo.
        * doc/man/pam.3: Likewise.
        * doc/man/pam_end.3.xml: Likewise.
        * doc/man/pam_end.3: Likewise.

2007-07-18  Thorsten Kukuk  <kukuk@thkukuk.de>

        * release version 0.99.8.1

        * libpam/pam_audit.c: Include unistd.h for getuid().
        * libpam/Makefile.am: Bump version number.

2007-07-12  Thorsten Kukuk  <kukuk@thkukuk.de>

        * libpam/pam_audit.c (_pam_audit_writelog): Don't return
        error if application runs as normal user. Fixes regression
        introduced with last change.

2007-07-10  Thorsten Kukuk  <kukuk@thkukuk.de>

        * configure.in: Add --with-db-uniquename option to support
        db libraries and functions with unique name extension.
        Patch from Diego 'Flameeyes' Pettenò <flameeyes@gmail.com>.

        * modules/pam_limits/pam_limits.c: Include locale.h.

2007-07-06  Thorsten Kukuk  <kukuk@thkukuk.de>

        * release version 0.99.8.0

        * configure.in: Check for audit_log_acct_message instead of
        audit_log_user_message.
        * libpam/pam_audit.c: Use audit_log_acct_message.
        Based on patch from Mark J Cox <mjc@redhat.com>.
        * libpam/Makefile.am: Bump version number of libpam.

        * modules/pam_umask/pam_umask.c (set_umask): mode_t is 32bit,
        not 64bit.

        * xtests/tst-pam_limits1.c: Fix printf arguments.

        * po/*.po: Merge po files with latest code changes.

2007-06-26  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_limits/pam_limits.c (process_limit): Check upper and
        lower limit of nice value, fix off-by-one in conversation to rlim_t.
        * xtests/Makefile.am: Add new pam_limits test case.
        * xtests/limits.conf: New, config file for test case.
        * xtests/pam_limits1.c: New, test case for RLIMIT_NICE.
        * xtests/pam_limits1.sh: Likewise.
        * xtests/pam_limits1.pamd: Likewise.

2007-06-25  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_access/pam_access.c (list_match): Use saveptr of strtok_r
        result for recursive calls.
        * xtests/Makefile.am: Add new pam_access test cases.
        * xtests/pam_access1.c: New test case.
        * xtests/pam_access2.c: Likewise.
        * xtests/pam_access3.c: Likewise.
        * xtests/pam_access4.c: Likewise.
        * xtests/pam_access1.sh: Wrapper to create user accounts.
        * xtests/pam_access2.sh: Likewise.
        * xtests/pam_access3.sh: Likewise.
        * xtests/pam_access4.sh: Likewise.
        * xtests/pam_access1.pamd: PAM config file for pam_access tests.
        * xtests/pam_access2.pamd: Likewise.
        * xtests/pam_access3.pamd: Likewise.
        * xtests/pam_access4.pamd: Likewise.
        * xtests/access.conf: Config file for pam_access tests.
        * xtests/run-tests.sh: Install access.conf into system.

2007-06-22  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_loginuid/pam_loginuid.c (set_loginuid): Print
        better error message if /proc/self/loginuid cannot be opened.

        * modules/pam_limits/pam_limits.c (process_limit): Check for
        variable overflow after multiplication [bnc#283001].

        * modules/pam_access/pam_access.c: Add new syntax for groups
        in access.conf to differentiate group names from account names.
        Based on patch from Julien Lecomte <julien@famille-lecomte.net>,
        solves feature request [#411390].
        * modules/pam_access/access.conf: Add example for new group
        syntax.
        * modules/pam_access/access.conf.5.xml: Document new syntax.

2007-06-20  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_cracklib/pam_cracklib.8.xml: Document new minclass
        option.
        * modules/pam_cracklib/pam_cracklib.c: Add support for minimum
        character classes [#1688777]. Based on patch from Keith Schincke.

        * xtests/tst-pam_cracklib2.c: New, test case for minclass option.
        * xtests/tst-pam_cracklib2.pamd: New, PAM config file for test case.
        * xtests/Makefile.am: Add new testcase.

        * xtests/pam_cracklib.c: Fix comment what this application tests.

        * configure.in: Use /lib64 on x86-64, ppc64, s390x, sparc64

2007-06-15  Tomas Mraz  <t8m@centrum.cz>

        * modules/pam_selinux/pam_selinux.8.xml: Remove multiple option,
        add select_context and use_current_range options.
        * modules/pam_selinux/pam_selinux.c (send_audit_message): Added
        function for auditing role/level changes.
        (query_response): Add default response.
        (select_context): Removed.
        (manual_context): Query only role and level.
        (mls_range_allowed): Added function for range check.
        (config_context): Added function for role and level override.
        (pam_sm_open_session): Remove multiple option, add select_context
        and use_current_range_options. Use getseuserbyname to obtain
        SELinux user and level. Audit role/level changes. Call setkeycreatecon
        to assign key creation context. Don't fail on errors when SELinux
        is not in enforcing mode.
        * configure.in: Check for setkeycreatecon().

        * modules/pam_namespace/README.xml: Avoid duplication of
        documentation.
        * modules/pam_namespace/namespace.conf: More real life example
        from MLS support.
        * modules/pam_namespace/namespace.conf.5.xml: Likewise plus
        properly describe how instance directory names are formed.
        * modules/pam_namespace/namespace.init: Preserve euid when
        called from setuid apps (su, newrole).
        * modules/pam_namespace/pam_namespace.8.xml: Added option
        no_unmount_on_close.
        * modules/pam_namespace/pam_namespace.c (process_line): Polyinst
        methods are now user, level and context. Fix crash on unknown
        override user in config file.
        (ns_override): Add explicit uid parameter.
        (form_context): Skip for user method. Implement level based
        polyinstantiation.
        (poly_name): Initialize contexts. Add level based polyinst,
        remove 'both' metod. Use raw contexts for instance names,
        truncate long instance names and add hash.
        (ns_setup): Hashing moved to poly_name().
        (setup_namespace): Handle correctly override users for
        su (when unmnt_remnt is used).
        (pam_sm_close_session): Added no_unmount_on_close option.
        * modules/pam_namespace/pam_namespace.h: Added
        no_unmount_on_close_option, level method, limit on instance
        directory name length.

2007-05-04  Thorsten Kukuk  <kukuk@suse.de>

        * xtests/run-xtests.sh: Use SRCDIR to find PAM config files.
        * xtests/Makefile.am: Call run-xtests.sh with srcdir as first
        argument.
        Based on patch by Bernard Leak <thisisnotapipe@hotmail.com>.

2007-04-30  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_limits/limits.conf: Address space limit is KB.
        * modules/pam_limits/limits.conf.5.xml: Likewise.
        Reported by Thomas Vander Stichele <thomas@apestaart.org>.

        * modules/pam_mail/pam_mail.c (_do_mail): Remove duplicate
        check for PAM_SILENT and don't bail out if it is set [#1706247].

2007-03-29  Tomas Mraz  <t8m@centrum.cz>

        * modules/pam_access/pam_access.c (login_access, list_match):
        Replace strtok with strtok_r.
        * modules/pam_cracklib/pam_cracklib.c (check_old_password):
        Likewise.
        * modules/pam_ftp/pam_ftp.c (lookup, pam_authenticate):
        Likewise.
        * modules/pam_unix/pam_unix_passwd.c (check_old_password,
        save_old_password): Likewise.

        * modules/pam_limits/Makefile.am: Define limits.d dir and install it.
        * modules/pam_limits/pam_limits.8.xml: Describe limits.d parsing.
        * modules/pam_limits/pam_limits.c (pam_limit_s): Make conf_file ptr.
        (pam_parse): conf_file is now ptr.
        (pam_sm_open_session): Add parsing files from limits.d subdir using
        glob, change pl to pointer.

2007-03-12  Thorsten Kukuk  <kukuk@thkukuk.de>

        * po/ar.po: New translation.
        * po/ca.po: Likewise.
        * po/da.po: Likewise.
        * po/ru.po: Likewise.
        * po/sv.po: Likewise.
        * po/zu.po: Likewise.
        * po/LINGUAS: Add ar, ca, da, ru, sv, zu

        * po/hu.po: Update translation.

2007-02-21  Tomas Mraz  <t8m@centrum.cz>

        * modules/pam_unix/unix_chkpwd.c (_unix_verify_password): Test for
        allocation failure in bigcrypt().

        * modules/pam_unix/pam_unix_passwd.c (pam_sm_chauthtok): Allow
        modification of '*' password by root.

2007-02-06  Tomas Mraz  <t8m@centrum.cz>

        * modules/pam_loginuid/pam_loginuid.c (set_loginuid): Remove
        debug syslog message when loginuid doesn't exist.

2007-02-01  Tomas Mraz  <t8m@centrum.cz>

        * xtests/tst-pam_unix3.c: Fix typos in comments.

        * modules/pam_unix/support.c (_unix_verify_password): Explicitly
        disallow '!' in the beginning of password hash. Treat only
        13 bytes password hash specifically. (Suggested by Solar Designer.)
        Fix a warning and test for allocation failure.
        * modules/pam_unix/unix_chkpwd.c (_unix_verify_password): Likewise.

2007-01-31  Thorsten Kukuk  <kukuk@thkukuk.de>

        * xtests/Makefile.am: Add new pam_unix.so tests
        * xtests/run-xtests.sh: Prefer shell scripts (wrapper)
        over binaries.
        * xtests/tst-pam_cracklib1.c: Fix typo.
        * xtests/tst-pam_unix1.c: New, for sucurity fix.
        * xtests/tst-pam_unix1.pamd: New.
        * xtests/tst-pam_unix1.sh: New.
        * xtests/tst-pam_unix2.c: New, for crypt checks.
        * xtests/tst-pam_unix2.pamd: New.
        * xtests/tst-pam_unix2.sh: New.
        * xtests/tst-pam_unix3.c: New, for bigcrypt checks.
        * xtests/tst-pam_unix3.pamd: New.
        * xtests/tst-pam_unix3.sh: New.

2007-01-23  Thorsten Kukuk  <kukuk@suse.de>

        * release 0.99.7.1

        * configure.in: Set version number to 0.99.7.1

2007-01-23  Thorsten Kukuk  <kukuk@thukuk.de>
            Tomas Mraz  <t8m@centrum.cz>

        * modules/pam_unix/support.c (_unix_verify_password): Always
        compare full encrypted passwords (CVE-2007-0003).

2007-01-23  Tomas Mraz  <t8m@centrum.cz>

        * modules/pam_loginuid/Makefile.am (AM_LDFLAGS): Add LIBAUDIT.

        * modules/pam_selinux/Makefile.am (pam_selinux_check_LDFLAGS): Add
        AM_LDFLAGS.
        (pam_selinux_la_LDFLAGS): Likewise.

2007-01-17  Thorsten Kukuk  <kukuk@thkukuk.de>

        * release 0.99.7.0

        * configure.in: Set version number to 0.99.7.0

        * Makefile.am (M4_FILES): Replace GNU make extension by listing
        all m4 files.

2007-01-17  Tomas Mraz  <t8m@centrum.cz>

        * po/*.po: Updated strings to translate.
        * po/Linux-PAM.pot: Likewise.

2007-01-16  Thorsten Kukuk  <kukuk@thkukuk.de>

        * doc/man/pam.conf-syntax.xml: Improve documentation about
        sufficient keyword (Patch by Petteri Räty <betelgeuse@gentoo.org>)

2006-12-20  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_unix/pam_unix_passwd.c (pam_sm_chauthtok): Forbid
        only '+' and '-' as first characters for account names.
        * modules/pam_unix/pam_unix_auth.c (pam_sm_authenticate): Likewise.

2006-12-18  Thorsten Kukuk  <kukuk@thkukuk.de>

        * configure.in: Fix ENOKEY check (specify errno.h as header
        file to search in).

        * configure.in: Add AM_PROG_CC_C_O.
        * libpam/Makefile.am: Add content of AM_LDFLAGS to *_LDFLAGS.
        * modules/pam_tally/Makefile.am: Likewise.
        * modules/pam_unix/Makefile.am: Likewise.

        * modules/pam_stress/pam_stress.c (pam_sm_chauthtok): Fix
        localisation of message printed to user.
        * po/de.po: Adjust translation.

2006-12-18  Tomas Mraz  <t8m@centrum.cz>

        * modules/pam_unix/pam_unix_passwd.c (pam_sm_chauthtok): Localize
        message printed to user.

        * modules/pam_unix/support.c (_unix_verify_password): Use strncmp
        only for bigcrypt result.

        * modules/pam_keyinit/pam_keyinit.c (kill_keyrings): Switch to new
        egid first, euid next. Revert euid/egid to old euid/egid and not
        ruid/rgid.
        (pam_sm_open_session): Switch to new rgid first, ruid next.

2006-12-13  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_localuser/pam_localuser.c: Add support for session
        and chauthtok [SF#1606180].
        * modules/pam_localuser/pam_localuser.8.xml: Document last change.

        * libpam/pam_audit.c (_pam_audit_writelog): Print error message
        only once.

2006-12-12  Thorsten Kukuk  <kukuk@thkukuk.de>

        * libpam/pam_audit.c (_pam_audit_writelog): Print error
        message on failure to syslog.

2006-12-09  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_umask/pam_umask.c: Use strtoul instead of strtol,
        fix overflow detection.

2006-12-06  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_mkhomedir/pam_mkhomedir.c (rec_mkdir): Fix
        handling of left-most path component [SF#1591598].
        (create_homedir): Mark user visible messages for translation.
        * po/de.po: Adjust german translation for pam_mkhomedir.

        * modules/pam_faildelay/pam_faildelay.c: If no argument is
        given, try to read FAIL_DELAY from /etc/login.defs.
        * modules/pam_faildelay/pam_faildelay.8.xml: Document usage
        of /etc/login.defs.

2006-12-04  Tomas Mraz <t8m@centrun.cz>

        * po/jp.po: Fixed mistake in Password: message (from
        Peng Huang <phuang@redhat.com>).

2006-11-28  Thorsten Kukuk  <kukuk@thkukuk.de>

        * po/hu.po: Update hungarian translation (from
        Kalman Kemenczy <kkemenczy@novell.com>).

        * configure.in: Allow disabling support for cracklib, audit, libdb.

        * modules/pam_faildelay/pam_faildelay.8.xml: Correct name of Author.

        * configure.in: Remove --enable-docdir (obsolete by --docdir).
        * doc/Makefile.am: Don't overwrite htmldir.
        * doc/adg/Makefile.am: Use docdir, htmldir and pdfdir.
        * doc/mwg/Makefile.am: Likewise.
        * doc/sag/Makefile.am: Likewise.
        * doc/specs/Makefile.am: Use docdir.

        * tests/tst-pam_set_data.c: New test cases for pam_set_data().
        * tests/Makefile.am: Add pam_set_data test case.

        * libpam/pam_data.c: Add NULL pointer check for module_data_name.
        * libpam/Makefile.am: Bump revision of shared library.

2006-11-08  Thorsten Kukuk  <kukuk@thkukuk.de>

        * configure.in: Add modules/pam_faildelay/Makefile.
        * doc/sag/Linux-PAM_SAG.xml: Include pam_faildelay.xml.
        * doc/sag/pam_faildelay.xml: New.
        * libpam/pam_static_modules.h: Include static pam_faildelay data.
        * modules/Makefile.am: Add pam_faildelay directory.
        * modules/pam_faildelay/Makefile.am: New.
        * modules/pam_faildelay/README: New, generated from XML file.
        * modules/pam_faildelay/README.xml: New.
        * modules/pam_faildelay/pam_faildelay.8: New, generated from xml.
        * modules/pam_faildelay/pam_faildelay.8.xml: New.
        * modules/pam_faildelay/pam_faildelay.c: New.
        * modules/pam_faildelay/tst-pam_faildelay: New.

        * po/POTFILES.in: Add pam_faildelay.c and pam_loginuid.c.

2006-11-07  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_cracklib/pam_cracklib.c: PAM_DEBUG_ARG
        is a bit mask and not a boolean value (Reported by
        Jochen Voss <voss@seehuhn.de>).

2006-10-26  Thorsten Kukuk  <kukuk@thkukuk.de>

        * doc/man/pam.3.xml: Add pam_get_user function.

        * modules/pam_motd/pam_motd.8.xml: Fix typo.

2006-10-24  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_namespace/pam_namespace.c: Reserve space for
        trailing zero.

2006-10-24  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_unix/support.c (_unix_verify_password): Try system
        crypt() if we don't know the hash alogorithm.
        * modules/pam_unix/unix_chkpwd.c (_unix_verify_password): Likewise.

2006-10-13  Tomas Mraz <t8m@centrum.cz>

        * doc/mwg/Linux-PAM_MWG.xml: Add id[s] to section[s].
        * doc/sag/pam_access.xml: Likewise.
        * doc/sag/pam_echo.xml: Likewise.
        * doc/sag/pam_env.xml: Likewise.
        * doc/sag/pam_exec.xml: Likewise.
        * doc/sag/pam_group.xml: Likewise.
        * doc/sag/pam_limits.xml: Likewise.
        * doc/sag/pam_namespace.xml: Likewise.
        * doc/sag/pam_time.xml: Likewise.
        * doc/sag/Linux-PAM_SAG.xml: Add id to book.
        * doc/adg/Linux-PAM_ADG.xml: Add id to book.
        * doc/mwg/Linux-PAM_MWG.xml: Add id to book.


2006-10-07  Thorsten Kukuk  <kukuk@thkukuk.de>

        * po/hu.po: Updated hungarian translation (from
        Kalman Kemenczy <kkemenczy@novell.com>)

2006-09-20  Thorsten Kukuk  <kukuk@thkukuk.de>

        * doc/adg/Makefile.am: Add manual pages as dependency.
        * doc/mwg/Makefile.am: Likewise.
        * doc/sag/Makefile.am: Likewise.
        * doc/sag/Linux-PAM_SAG.xml: Include pam_unix.xml.
        * doc/sag/pam_unix.xml: New.
        * modules/pam_unix/Makefile.am: Generate pam_unix.8 manual page.
        * modules/pam_unix/README.xml: New.
        * modules/pam_unix/pam_unix.8.xml: New.
        * modules/pam_unix/README: Regenerate from XML.
        * modules/pam_unix/pam_unix.8: Generated from XML.

2006-09-09  Dmitry V. Levin  <ldv@altlinux.org>

        * modules/pam_wheel/pam_wheel.8.xml: Fix typo.
        * modules/pam_wheel/pam_wheel.8: Likewise.
        * modules/pam_wheel/README: Likewise.

2006-09-08  Thorsten Kukuk  <kukuk@thkukuk.de>

        * po/de.po: Fix typo.

2006-09-06  Thorsten Kukuk  <kukuk@thkukuk.de>

        * release version 0.99.6.3

2006-09-01  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_loginuid/pam_loginuid.8.xml: Fix typo in
        config name.

2006-08-31  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_env/environment: New, dummy environment example
        config file.

        * modules/pam_namespace/Makefile.am: Don't install
        manual page if we don't build module.

        * m4/ld-as-needed.m4: Don't set LDFLAGS if check failed.
        * m4/ld-O1: Likewise.

2006-08-30  Tomas Mraz  <t8m@centrum.cz>

        * modules/pam_access/pam_access.8.xml: All services supported.
        * modules/pam_access/pam_access.c (pam_sm_open_session): New.
        (pam_sm_close_session): New.
        (pam_sm_chauthtok): New.

        * modules/pam_access/pam_succeed_if.8.xml: All services supported.
        * modules/pam_access/pam_succeed_if.c (pam_sm_setcred): Return
        PAM_IGNORE rather than success.
        (pam_sm_open_session): New.
        (pam_sm_close_session): New.
        (pam_sm_chauthtok): New.

2006-08-30  Thorsten Kukuk  <kukuk@thkukuk.de>

        * xtests/Makefile.am: Move shell code to execute tests from here ...
        * xtests/run-xtests.sh: ... to here.
        * xtests/*.c: Include config.h.
        * tests/*.c: Likewise.

        * modules/pam_namespace/pam_namespace.c: Use pam_modutil_getpwnam()
        instead of getpwnam().

2006-08-29  Thorsten Kukuk  <kukuk@thkukuk.de>

        * doc/sag/pam_loginuid.xml: New.
        * doc/sag/Linux-PAM_SAG.xml: Include pam_loginuid.xml.

        * configure.in: Add modules/pam_loginuid/Makefile.
        * modules/Makefile.am: Add pam_loginuid sub directory.

        * libpam/pam_static_modules.h: Add pam_loginuid.

        * modules/pam_loginuid/Makefile.am: New.
        * modules/pam_loginuid/tst-pam_loginuid: New.
        * modules/pam_loginuid/pam_loginuid.8.xml: New.
        * modules/pam_loginuid/pam_loginuid.8: New, generated from XML source.
        * modules/pam_loginuid/pam_loginuid.c: New.
        * modules/pam_loginuid/README.xml: New.
        * modules/pam_loginuid/README: New, generated from XML source.

2006-08-29  Dmitry V. Levin  <ldv@altlinux.org>

        * modules/pam_exec/pam_exec.c (call_exec): Add required third
        argument to open() call with O_CREAT flag set.

2006-08-28  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_cracklib/pam_cracklib.c (pam_sm_chauthtok): Remove
        duplicate code.

2006-08-24  Thorsten Kukuk  <kukuk@thkukuk.de>

        * release version 0.99.6.2

        * modules/pam_lastlog/pam_lastlog.c (last_login_date): Create
        lastlog file if it does not exist.

        * modules/pam_cracklib/pam_cracklib.c (pam_sm_chauthtok): Check
        for error from getting second token.
        * xtests/Makefile.am: Add tst-pam_cracklib1
        * xtests/tst-pam_cracklib1.c: New, check for pam_cracklib seg.fault.
        * xtests/tst-pam_cracklib1.pamd: New, config for cracklib test.

2006-08-24  Thorsten Kukuk  <kukuk@thkukuk.de>

        * xtests/tst-pam_dispatch4.c: New test.
        * xtests/tst-pam_dispatch4.pamd: PAM config for new test.

2006-08-09  Thorsten Kukuk  <kukuk@thkukuk.de>

        * release version 0.99.6.1

2006-08-09  David Howells  <dhowells@redhat.com>

        * modules/pam_keyinit/pam_keyinit.c (kill_keyrings): Set real uid
        to user's before revoking.
        (pam_sm_open_session): Remember the uid.

2006-08-06  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_umask/pam_umask.c (setup_limits_from_gecos):
        Add error handling.
        * modules/pam_umask/pam_umask.8.xml: Document silent option.

        * xtests/Makefile.am: Fix includes for bootstrapping.
        Reported by Greg Schafer <gschafer@zip.com.au>.

2006-08-05  Thorsten Kukuk  <kukuk@thkukuk.de>

        * release version 0.99.6.0

        * modules/pam_limits/pam_limits.c (pam_sm_open_session): Use
        pam_modutil_getpwnam instead of getpwnam.

        * modules/pam_succeed_if/pam_succeed_if.c (evaluate): Cast
        svc variable to char pointer for snprintf.

        * configure.in: Generate xtests/Makefile.
        * Makefile.am (SUBDIRS): Add xtests.
        * README: Document make check and make xtests.
        * xtests/Makefile.am: New.
        * xtests/tst-pam_dispatch1.pamd: New.
        * xtests/tst-pam_dispatch2.pamd: New.
        * xtests/tst-pam_dispatch3.pamd: New.
        * xtests/tst-pam_dispatch1.c: New.
        * xtests/tst-pam_dispatch2.c: New.
        * xtests/tst-pam_dispatch3.c: New.

2006-08-04 Ray Strode  <rstrode@redhat.com>

        * modules/pam_succeed_if/pam_succeed_if.c (pam_sm_authenticate):
        Return PAM_USER_UNKNOWN instead of PAM_SERVICE_ERR where appropriate.

2006-08-03  David Howells  <dhowells@redhat.com>

        * modules/pam_keyinit/pam_keyinit.c: Debug should be off by default.
        (init_keyrings): Properly handle multiple invocations of the module.
        (kill_keyrings, pam_sm_open_session, pam_sm_close_session): Likewise.

2006-08-03  Tomas Mraz  <t8m@centrum.cz>

        * modules/pam_succeed_if/pam_succeed_if.c (evaluate_inlist):
        New function for list matching.
        (evaluate_notinlist): Likewise.
        (evaluate): Add service value match, list matching.
        * modules/pam_succeed_if/pam_succeed_if.8.xml: Document the
        features.

        * modules/pam_selinux/pam_selinux.c (security_label_tty): Don't log
        relabelling error when the tty device doesn't exist (ENOENT).

2006-08-01  Thorsten Kukuk  <kukuk@thkukuk.de>

        * doc/man/pam_fail_delay.3.xml: Fix some Bugs and enhance
        rationale about when this function should be used and when not.

        * doc/index.html: Cleanup to look prettier.

2006-08-01  Thorsten Kukuk  <kukuk@thkukuk.de>

        * libpam/Makefile.am: Bump patchlevel of libpam.
        * libpam/pam_dispatch.c (_pam_dispatch_aux): If [return=die]
        or [return=bad] is used, don't return PAM_IGNORE. Based on
        patch by Tomas Mraz <t8m@centrum.cz>, [BRC#196859].

2006-07-28  Thorsten Kukuk  <kukuk@thkukuk.de>

        * ABOUT-NLS: Upgrade to gettext-0.15.
        * config.rpath: Likewise.
        * m4/gettext.m4: Upgrade to gettext-0.15.
        * m4/inttypes-h.m4: New file, from gettext-0.15.
        * m4/inttypes-pri.m4: Upgrade to gettext-0.15.
        * m4/lib-link.m4: Upgrade to gettext-0.15.
        * m4/lib-prefix.m4: Upgrade to gettext-0.15.
        * m4/lock.m4: New file, from gettext-0.15.
        * m4/longdouble.m4: Upgrade to gettext-0.15.
        * m4/nls.m4: Upgrade to gettext-0.15.
        * m4/po.m4: Upgrade to gettext-0.15.
        * m4/size_max.m4: Upgrade to gettext-0.15.
        * m4/visibility.m4: New file, from gettext-0.15.
        * po/Makefile.in.in: Upgrade to gettext-0.15.

2006-07-24  David Quigley   <dpquigl@tycho.nsa.gov>

        * modules/pam_namespace/Makefile.am: Add pam_namespace.h.
        * modules/pam_namespace/pam_namespace.c: Move includes and
        data structure definitions from here ...
        * modules/pam_namespace/pam_namespace.h: ... here. New file.

        * modules/pam_namespace/pam_namespace.c: Move large sections
        of code into new functions.

2006-07-24  Thorsten Kukuk  <kukuk@thkukuk.de>

        * doc/adg/Makefile.am: Add uninstall and distclean rules.
        * doc/mwg/Makefile.am: Likewise.
        * doc/sag/Makefile.am: Likewise.

2006-07-08  Daniel Richard G.  <skunk@iskunk.org>

        * conf/pam_conv1/Makefile.am: Fix rules for lex and yacc files.
        * conf/pam_conv1/pam_conv.lex: Rename to ...
        * conf/pam_conv1/pam_conv_l.l: ... this.
        * conf/pam_conv1/pam_conv.y: Rename to ...
        * conf/pam_conv1/pam_conv_y.y: ... this.
        * configure.in: Add AC_HELP_STRING()s to various AC_ARG_ENABLE()
        calls.
        * doc/Makefile.am: Fix rule to install index.html.
        * doc/adg/Makefile.am: Fix test usage.
        * doc/mwg/Makefile.am: Likewise.
        * doc/sag/Makefile.am: Likewise.
        * doc/specs/Makefile.am: Fix rules for lex and yacc files.
        * specs/parse.lex: Rename to ...
        * doc/specs/parse_l.l: ... this.
        * doc/specs/parse.y: Rename to ...
        * doc/specs/parse_y.y: ... this.
        * libpam/pam_account.c: Fix #if vs. #ifdef.
        * libpam/pam_audit.c: Likewise.
        * libpam/pam_auth.c: Likewise.
        * libpam/pam_password.c: Likewise.
        * libpam/pam_private.h: Likewise.
        * libpam/pam_session.c: Likewise.
        * libpam/pam_start.c: Likewise.
        * libpam/pam_static.c: Fix "empty sourcefile" warning.
        * modules/pam_limits/pam_limits.c: Check for __linux, too.
        * modules/pam_userdb/Makefile.am: Don't run test if no
        libdb available.
        * tests/tst-dlopen.c: Include config.h.

2006-07-03  Dan Yefimov  <dan@D00M.lightwave.net.ru>

        * configure.in: Fixed have_key_syscalls test.

        * modules/pam_access/pam_access.c (from_match): Fixed IPv4 network
        match, removed AI_ADDRCONFIG flag.

2006-06-30  Tomas Mraz  <t8m@centrum.cz>

        * modules/pam_namespace/Makefile.am(EXTRA_DIST): Add namespace.init.

2006-06-29  Thorsten Kukuk  <kukuk@thkukuk.de>

        * doc/Makefile.am (releasedocs): Fix directory layout.
        * doc/adg/Makefile.am: Likewise.
        * doc/mwg/Makefile.am: Likewise.
        * doc/sag/Makefile.am: Likewise.

2006-06-28  Thorsten Kukuk  <kukuk@thkukuk.de>

        * doc/sag: System Administrator Guide as XML source.
        * doc/sag/Makefile.am: New.
        * doc/sag/Linux-PAM_SAG.xml: New, main XML document.
        * doc/sag/pam_*.xml: New, wrapper to include module documentation.

        * doc/adg: Application Developers Guide as XML source.
        * doc/adg/Makefile.am: New.
        * doc/adg/Linux-PAM_ADG.xml: New, main XML document.
        * doc/adg/pam_*.xml: New, wrappers to include manual pages.

        * doc/mwg: Application Developers Guide as XML source.
        * doc/mwg/Makefile.am: New.
        * doc/mwg/Linux-PAM_MWG.xml: New, main XML document.
        * doc/mwg/pam_*.xml: New, wrappers to include manual pages.

        * doc/CREDITS: Removed.
        * doc/NOTES: Removed.
        * doc/pam_appl.sgml: Removed.
        * doc/pam_modules.sgml: Removed.
        * doc/pam_source.sgml: Removed.
        * doc/figs/pam_orient.txt: Removed.
        * doc/figs: Removed.

        * configure.in: Remove checks for sgml2* progrs, add sag, adg
        and mwg Makefiles.

        * doc/Makefile.am: Remove references to sgml, add sag, adg and mwg
        directories.
        * doc/modules: Remove directory.
        * doc/html: Remove directory.
        * doc/ps: Remove directory.
        * doc/pdf: Remove directory.
        * doc/txts: Remove directory.
        * doc/index.html: Moved from html directory to here.

2006-06-28  Thorsten Kukuk  <kukuk@thkukuk.de>

        * release version 0.99.5.0

        * bump version number to 0.99.5.0

        * modules/pam_rhosts/pam_rhosts.c: New module, replaces
        pam_rhosts_auth.so.
        * modules/pam_rhosts/pam_rhosts.8.xml: New.
        * modules/pam_rhosts/pam_rhosts.8: New, generated from XML source.
        * modules/pam_rhosts/tst-pam_rhosts: New.
        * modules/pam_rhosts/Makefile.am: Add pam_rhosts, generate
        manual page and README.
        * modules/pam_rhosts/README.xml: New.
        * modules/pam_rhosts/reADME: Regenerated from XML source.

        * doc/man/pam_sm_acct_mgmt.3.xml: Adjust syntax for module
        writers guide.
        * doc/man/pam_sm_authenticate.3.xml: Likewise.
        * doc/man/pam_sm_chauthtok.3.xml: Likewise.
        * doc/man/pam_sm_close_session.3.xml: Likewise.
        * doc/man/pam_sm_open_session.3.xml: Likewise.
        * doc/man/pam_sm_setcred.3.xml: Likewise.

        * po/POTFILES.in: Add new source files.

        * libpam/pam_static_modules.h: Add new modules.

        * modules/pam_keyinit.c: Add _pam_keyinit_modstruct.

        * modules/pam_keyinit/Makefile.am (EXTRA_DIST): Add XML
        files and manual page.

2006-06-27  Thorsten Kukuk <kukuk@thkukuk.de>

        * configure.in: Allow disabling of SELinux support, check for
        rootok_af.

2006-06-27  Tomas Mraz <t8m@centrum.cz>

        * modules/pam_namespace/pam_namespace.c: New module
        originally written by Janak Desai.
        * modules/pam_namespace/Makefile.am: New.
        * modules/pam_namespace/README: New.
        * modules/pam_namespace/md5.c: New.
        * modules/pam_namespace/md5.h: New.
        * modules/pam_namespace/namespace.conf: New.
        * modules/pam_namespace/namespace.conf.5: New.
        * modules/pam_namespace/namespace.conf.5.xml: New.
        * modules/pam_namespace/namespace.init: New.
        * modules/pam_namespace/pam_namespace.8: New.
        * modules/pam_namespace/pam_namespace.8.xml: New.
        * modules/pam_namespace/tst-pam_namespace: New.
        * modules/Makefile.am: Added pam_namespace.
        * configure.in: Added pam_namespace, test for unshare
        library call.

2006-06-27  David Howells <dhowells@redhat.com>

        * modules/pam_keyinit/pam_keyinit.c: New module.
        * modules/pam_keyinit/pam_keyinit.8: New.
        * modules/pam_keyinit/pam_keyinit.8.xml: New.
        * modules/pam_keyinit/README: New.
        * modules/pam_keyinit/README.xml: New.
        * modules/pam_keyinit/Makefile.am: New.
        * modules/pam_keyinit/tst-pam_keyinit: New.
        * modules/Makefile.am: Added pam_keyinit.
        * configure.in: Added test for the key mgmt syscall.

2006-06-27  Thorsten Kukuk <kukuk@thkukuk.de>

        * m4/libprelude.m4: Sync with upstream.

2006-06-27  Tomas Mraz <t8m@centrum.cz>

        * modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary):
        signal() fails with SIG_ERR return
        * modules/pam_unix/pam_unix_passwd.c(_unix_run_shadow_binary):
        Likewise.
        * modules/pam_unix/support.c(_unix_run_helper_binary):
        Likewise.

2006-06-25  Thorsten Kukuk  <kukuk@thkukuk.de>

        * doc/man/misc_conv.3.xml: New.
        * doc/man/misc_conv.3: New.
        * doc/man/pam_misc_paste_env.3.xml: New.
        * doc/man/pam_misc_paste_env.3: New.
        * doc/man/pam_misc_drop_env.3.xml: New.
        * doc/man/pam_misc_drop_env.3: New.
        * doc/man/pam_misc_setenv.3.xml: New.
        * doc/man/pam_misc_setenv.3: New.
        * doc/man/Makefile.am: Add new manual pages.

        * doc/man/pam_acct_mgmt.3.xml: Fix syntax for inclusion
        in Applicatoin Developer Guide.
        * doc/man/pam_authenticate.3.xml: Likewise
        * doc/man/pam_chauthtok.3.xml: Likewise
        * doc/man/pam_close_session.3.xml: Likewise
        * doc/man/pam_conv.3.xml: Likewise
        * doc/man/pam_end.3.xml: Likewise
        * doc/man/pam_fail_delay.3.xml: Likewise
        * doc/man/pam_getenv.3.xml: Likewise
        * doc/man/pam_getenvlist.3.xml: Likewise
        * doc/man/pam_open_session.3.xml: Likewise
        * doc/man/pam_putenv.3.xml: Likewise
        * doc/man/pam_setcred.3.xml: Likewise
        * doc/man/pam_start.3.xml: Likewise
        * doc/man/pam_strerror.3.xml: Likewise

        * doc/man/pam_acct_mgmt.3: Regenerate from XML source.
        * doc/man/pam_authenticate.3: Likewise
        * doc/man/pam_chauthtok.3: Likewise
        * doc/man/pam_close_session.3: Likewise
        * doc/man/pam_conv.3: Likewise
        * doc/man/pam_end.3: Likewise
        * doc/man/pam_fail_delay.3: Likewise
        * doc/man/pam_getenv.3: Likewise
        * doc/man/pam_getenvlist.3: Likewise
        * doc/man/pam_open_session.3: Likewise
        * doc/man/pam_putenv.3: Likewise
        * doc/man/pam_setcred.3: Likewise
        * doc/man/pam_sm_close_session.3: Likewise
        * doc/man/pam_start.3: Likewise
        * doc/man/pam_strerror.3: Likewise
        * doc/man/pam_syslog.3: Likewise
        * doc/man/PAM.8: Likewise

2006-06-24  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_limits/pam_limits.c (setup_limits): Don't
        reset priority for root.

2006-06-23  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_access/access.conf.5.xml: Fix syntax for SAG.
        * modules/pam_access/pam_access.8.xml: Likewise.
        * modules/pam_deny/pam_deny.8.xml: Likewise.
        * modules/pam_echo/pam_echo.8.xml: Likewise.
        * modules/pam_env/pam_env.8.xml: Likewise.
        * modules/pam_env/pam_env.conf.5.xml: Likewise.
        * modules/pam_group/group.conf.5.xml: Likewise.
        * modules/pam_group/pam_group.8.xml: Likewise.
        * modules/pam_limits/limits.conf.5.xml: Likewise.
        * modules/pam_listfile/pam_listfile.8.xml: Likewise.
        * modules/pam_succeed_if/pam_succeed_if.8.xml: Likewise.
        * modules/pam_time/pam_time.8.xml: Likewise.
        * modules/pam_time/time.conf.5.xml: Likewise.

        * modules/pam_access/access.conf.5: Regenerate.
        * modules/pam_access/pam_access.8: Likewise.
        * modules/pam_deny/pam_deny.8: Likewise.
        * modules/pam_echo/README: Likewise.
        * modules/pam_echo/pam_echo.8: Likewise.
        * modules/pam_env/pam_env.8: Likewise.
        * modules/pam_env/pam_env.conf.5: Likewise.
        * modules/pam_group/README: Likewise.
        * modules/pam_group/group.conf.5: Likewise.
        * modules/pam_group/pam_group.8: Likewise.
        * modules/pam_limits/limits.conf.5: Likewise.
        * modules/pam_listfile/README: Likewise.
        * modules/pam_listfile/pam_listfile.8: Likewise.
        * modules/pam_succeed_if/pam_succeed_if.8: Likewise.
        * modules/pam_time/pam_time.8: Likewise.
        * modules/pam_time/time.conf.5: Likewise.

        * doc/man/Makefile.am: Add pam.conf-desc.xml, pam.conf-dir.xml
        and pam.conf-syntax.xml.
        * doc/man/pam.conf.5.xml: Split into different pieces for SAG.
        * doc/man/pam.conf.5: Regenerated.
        * doc/man/pam.conf-desc.xml: New.
        * doc/man/pam.conf-dir.xml: New.
        * doc/man/pam.conf-syntax.xml: New.

2006-06-21  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_selinux/Makefile.am: Fix "make dist" if libselinux
        is not installed.

        * modules/pam_issue/pam_issue.8.xml: Fix listing of escapes.
        * modules/pam_issue/pam_issue.8: Regenerate.

2006-06-20  Thorsten Kukuk  <kukuk@thkukuk.de>

        * configure.in: Remove unused check for libcap.

        * m4/ld-as-needed.m4: New.
        * m4/ld-O1.m4: New.
        * configure.in: Call PAM_LD_AS_NEEDED and PAM_LD_O1,
        require docbook version 4.4.

2006-06-19  Thorsten Kukuk  <kukuk@thkukuk.de>

        * doc/man/pam.8.xml: Syntax cleanup.
        * doc/pam/PAM.8: Regenerated from xml source.
        * man/pam_sm_chauthtok.3: New.
        * man/pam_sm_chauthtok.3.xml: New.
        * man/pam_sm_close_session.3: New.
        * man/pam_sm_close_session.3.xml: New.
        * man/pam_sm_open_session.3: New.
        * man/pam_sm_open_session.3.xml: New.
        * man/pam_sm_authenticate.3: New.
        * man/pam_sm_authenticate.3.xml: New.
        * man/pam_sm_setcred.3: New.
        * man/pam_sm_setcred.3.xml: New.
        * man/Makefile.am: Add new pam_sm_* manual pages.

        * specs/Makefile.am: Fix rule to generate draft.

2006-06-18  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_tally/Makefile.am: Include Make.xml.rules.
        * modules/pam_tally/pam_tally.8.xml: New.
        * modules/pam_tally/pam_tally.8: New, generated from xml file.
        * modules/pam_tally/README.xml: New.
        * modules/pam_tally/README: Regenerated from xml file.

        * modules/pam_selinux/Makefile.am: Include Make.xml.rules.
        * modules/pam_selinux/pam_selinux.8.xml: New.
        * modules/pam_selinux/pam_selinux.8: Regenerated from xml file.
        * modules/pam_selinux/README.xml: New.
        * modules/pam_selinux/README: Regenerated from xml file.

2006-06-17  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_debug/Makefile.am: Include Make.xml.rules.
        * modules/pam_debug/pam_debug.8.xml: New.
        * modules/pam_debug/pam_debug.8: New, generated from xml file.
        * modules/pam_debug/README.xml: New.
        * modules/pam_debug/README: Regenerated from xml file.

        * examples/vpass.c: UID is unsigned on Linux.
        * modules/pam_exec/pam_exec.c: Likewise.
        * modules/pam_unix/pam_unix_acct.c: Likewise.
        * modules/pam_unix/pam_unix_sess.c: Likewise.

        * modules/pam_succeed_if/pam_succeed_if.8.xml: Fix syntax error.
        * modules/pam_succeed_if/pam_succeed_if.8: Regenerated.
        * modules/pam_succeed_if/README: Regenerated.

        * modules/pam_limits/Makefile.am: Include Make.xml.rules.
        * modules/pam_limits/limits.conf.5: New, generated from xml file.
        * modules/pam_limits/limits.conf.5.xml: New.
        * modules/pam_limits/pam_limits.8: New, generated from xml file.
        * modules/pam_limits/pam_limits.8.xml: New.
        * modules/pam_limits/README.xml: New.
        * modules/pam_limits/README: Regenerated from README.xml.

2006-06-16  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_unix/pam_unix_passwd.c (save_old_password): UIDs
        are unsigned on Linux, don't truncate them.
        (_do_setpass): err is of type clnt_stat, not int.

        * modules/pam_lastlog/pam_lastlog.c (last_login_read): Don't
        truncate UID for syslog output.

        * modules/pam_time/pam_time.c: Replace type boolean with int.
        * modules/pam_group/pam_group.c: Likewise.

2006-06-15  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_unix/bigcrypt.h: New.
        * modules/pam_unix/Makefile.am: Add bigcrypt.h.
        * modules/pam_unix/bigcrypt.c: Include bigcrypt.h.
        * modules/pam_unix/support.c: Include bigcrypt.h, remove
        own prototype.
        * modules/pam_unix/bigcrypt_main.c: Include bigcrypt.h, remove
        own prototype.
        * modules/pam_unix/pam_unix_passwd.c: Include bigcrypt.h, remove
        own prototype.

        * modules/pam_time/pam_time.c (logic_member): Remove unused
        variable len.

        * modules/pam_group/pam_group.c (logic_field): Accept
        colon in tty name. [#1428276].
        (logic_member): Remove unused variable len.
        (check_account): Fix usage of err variable in debug code.

        * modules/pam_time/pam_time.c (logic_field): Likewise.

        * configure.in: Add special exceptions for icc: different
        compiler warnings, no PIE support.

2006-06-14  Thorsten Kukuk  <kukuk@thkukuk.de>

        * libpam/pam_misc.c (_pam_strdup): Use strlen and strcpy.

        * configure.in: Remove --enable-memory-debug, add option
        to disable prelude if installed.

        * modules/pam_tally/pam_tally.c: Remove MEMORY_DEBUG
        * modules/pam_filter/upperLOWER/upperLOWER.c: Likewise.
        * modules/pam_unix/unix_chkpwd.c: Likewise.
        * libpam/include/security/_pam_types.h: Likewise.
        * libpam/libpam.map: Remove LIBPAM_MALLOC_DEBUG export.
        * libpam/pam_malloc.c: Remove file.
        * libpam/Makefile.am: Remove pam_malloc.c and pam_malloc.h.

        * libpam/pam_handlers.c (extract_modulename): Use _pam_strdup
        instead of strdup.

        * libpam/pam_private.h: Remove _pam_strCMP.
        * libpam/pam_misc.c: Likewise.
        * libpam/pam_handlers.c: Replaced _pam_strCMP with strcasecmp.

2006-06-12  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_tally/Makefile.am (AM_LDFLAGS): Remove flags
        for modules from main application.

2006-06-09  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_time/Makefile.am: Include Make.xml.rules.
        * modules/pam_time/time.conf.5: New, generated from xml file.
        * modules/pam_time/time.conf.5.xml: New.
        * modules/pam_time/pam_time.8: New, generated from xml file.
        * modules/pam_time/pam_time.8.xml: New.
        * modules/pam_time/README.xml: New.
        * modules/pam_time/README: Regenerated from README.xml.

        * modules/pam_wheel/Makefile.am: Include Make.xml.rules.
        * modules/pam_wheel/pam_wheel.8.xml: New.
        * modules/pam_wheel/pam_wheel.8: New, generated from xml file.
        * modules/pam_wheel/README.xml: New.
        * modules/pam_wheel/README: Regenerated from xml file.

        * modules/pam_xauth/Makefile.am: Include Make.xml.rules.
        * modules/pam_xauth/pam_xauth.8.xml: New.
        * modules/pam_xauth/pam_xauth.8: Regenerated from xml file.
        * modules/pam_xauth/README.xml: New.
        * modules/pam_xauth/README: Regenerated from xml file.

        * modules/pam_deny/pam_deny.8.xml: Fix syntax errors.
        * modules/pam_deny/pam_deny.8: Regenerate from xml file.
        * modules/pam_deny/README: Likewise.

        * modules/pam_warn/Makefile.am: Include Make.xml.rules.
        * modules/pam_warn/pam_warn.8.xml: New.
        * modules/pam_warn/pam_warn.8: New, generated from xml file.
        * modules/pam_warn/README.xml: New.
        * modules/pam_warn/README: Regenerated from xml file.

        * modules/pam_userdb/Makefile.am: Include Make.xml.rules.
        * modules/pam_userdb/pam_userdb.8.xml: New.
        * modules/pam_userdb/pam_userdb.8: New, generated from xml file.
        * modules/pam_userdb/README.xml: New.
        * modules/pam_userdb/README: Regenerated from xml file.

2006-06-06  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_shells/Makefile.am: Include Make.xml.rules.
        * modules/pam_shells/pam_shells.8.xml: New.
        * modules/pam_shells/pam_shells.8: New, generated from xml file.
        * modules/pam_shells/README.xml: New.
        * modules/pam_shells/README: Regenerated from xml file.

        * libpam/include/security/pam_malloc.h: Add missing license
        informations.

        * libpam/include/security/pam_ext.h: Add brackets for C++.
        * libpam/include/security/pam_modutil.h: Likewise.

        * libpam/include/security/pam_modules.h: Document where to
        find the copyright/license informations.

        * libpam/include/security/pam_appl.h: Move _pam_compat.h
        include inside of brackets.

2006-06-04  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_securetty/Makefile.am: Include Make.xml.rules.
        * modules/pam_securetty/pam_securetty.8.xml: New.
        * modules/pam_securetty/pam_securetty.8: Regenerated from xml file.
        * modules/pam_securetty/README.xml: New.
        * modules/pam_securetty/README: Regenerated from xml file.

        * modules/pam_rootok/Makefile.am: Include Make.xml.rules.
        * modules/pam_rootok/pam_rootok.8.xml: New.
        * modules/pam_rootok/pam_rootok.8: New, generated from xml file.
        * modules/pam_rootok/README.xml: New.
        * modules/pam_rootok/README: Regenerated from xml file.

        * modules/pam_permit/Makefile.am: Include Make.xml.rules.
        * modules/pam_permit/pam_permit.8.xml: New.
        * modules/pam_permit/pam_permit.8: New, generated from xml file.
        * modules/pam_permit/README.xml: New.
        * modules/pam_permit/README: Regenerated from xml file.

        * modules/pam_nologin/Makefile.am: Include Make.xml.rules.
        * modules/pam_nologin/pam_nologin.8.xml: New.
        * modules/pam_nologin/pam_nologin.8: Regenerated from xml file.
        * modules/pam_nologin/README.xml: New.
        * modules/pam_nologin/README: Regenerated from xml file.

2006-06-03  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_motd/Makefile.am: Include Make.xml.rules.
        * modules/pam_motd/pam_motd.8.xml: New.
        * modules/pam_motd/pam_motd.8: New, generated from xml file.
        * modules/pam_motd/README.xml: New.
        * modules/pam_motd/README: New, generated from xml file.

2006-06-02  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_mail/Makefile.am: Include Make.xml.rules.
        * modules/pam_mail/pam_mail.8.xml: New.
        * modules/pam_mail/pam_mail.8: New, generated from xml file.
        * modules/pam_mail/README.xml: New.
        * modules/pam_mail/README: Regenerated from xml file.

        * modules/pam_localuser/Makefile.am: Include Make.xml.rules.
        * modules/pam_localuser/pam_localuser.8.xml: New.
        * modules/pam_localuser/pam_localuser.8: New, generated from xml file.
        * modules/pam_localuser/README.xml: New.
        * modules/pam_localuser/README: Regenerated from xml file.

        * doc/man/PAM.8: Regenerate with DocBook XSL Stylesheets v1.70.1.
        * doc/man/pam.3: Likewise.
        * doc/man/pam.conf.5: Likewise.
        * doc/man/pam_acct_mgmt.3: Likewise.
        * doc/man/pam_authenticate.3: Likewise.
        * doc/man/pam_chauthtok.3: Likewise.
        * doc/man/pam_close_session.3: Likewise.
        * doc/man/pam_conv.3: Likewise.
        * doc/man/pam_end.3: Likewise.
        * doc/man/pam_error.3: Likewise.
        * doc/man/pam_fail_delay.3: Likewise.
        * doc/man/pam_get_data.3: Likewise.
        * doc/man/pam_get_item.3: Likewise.
        * doc/man/pam_get_user.3: Likewise.
        * doc/man/pam_getenv.3: Likewise.
        * doc/man/pam_getenvlist.3: Likewise.
        * doc/man/pam_info.3: Likewise.
        * doc/man/pam_open_session.3: Likewise.
        * doc/man/pam_prompt.3: Likewise.
        * doc/man/pam_putenv.3: Likewise.
        * doc/man/pam_set_data.3: Likewise.
        * doc/man/pam_set_item.3: Likewise.
        * doc/man/pam_setcred.3: Likewise.
        * doc/man/pam_sm_acct_mgmt.3: Likewise.
        * doc/man/pam_start.3: Likewise.
        * doc/man/pam_strerror.3: Likewise.
        * doc/man/pam_syslog.3: Likewise.
        * modules/pam_access/access.conf.5: Likewise.
        * modules/pam_access/pam_access.8: Likewise.
        * modules/pam_cracklib/pam_cracklib.8: Likewise.
        * modules/pam_deny/pam_deny.8: Likewise.
        * modules/pam_echo/pam_echo.8: Likewise.
        * modules/pam_env/pam_env.8: Likewise.
        * modules/pam_env/pam_env.conf.5: Likewise.
        * modules/pam_exec/pam_exec.8: Likewise.
        * modules/pam_filter/pam_filter.8: Likewise.
        * modules/pam_ftp/pam_ftp.8: Likewise.
        * modules/pam_group/group.conf.5: Likewise.
        * modules/pam_group/pam_group.8: Likewise.
        * modules/pam_issue/pam_issue.8: Likewise.
        * modules/pam_lastlog/pam_lastlog.8: Likewise.
        * modules/pam_mkhomedir/pam_mkhomedir.8: Likewise.
        * modules/pam_succeed_if/pam_succeed_if.8: Likewise.
        * modules/pam_umask/pam_umask.8: Likewise.

        * modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): Use
        dngettext if available [#1427738].
        * configure.in: Check for dngettext [#1427738].
        * po/*.po: Update to dngettext usage.

        * modules/pam_listfile/Makefile.am: Include Make.xml.rules.
        * modules/pam_listfile/pam_listfile.8.xml: New.
        * modules/pam_listfile/pam_listfile.8: New, generated from xml file.
        * modules/pam_listfile/README.xml: New.
        * modules/pam_listfile/README: Regenerated from xml file.

2006-06-01  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_lastlog/Makefile.am: Include Make.xml.rules.
        * modules/pam_lastlog/pam_lastlog.8.xml: New.
        * modules/pam_lastlog/pam_lastlog.8: New, generated from xml file.
        * modules/pam_lastlog/README.xml: New.
        * modules/pam_lastlog/README: Regenerated from xml file.

        * modules/pam_group/Makefile.am: Include Make.xml.rules.
        * modules/pam_group/group.conf.5.xml: New.
        * modules/pam_group/group.conf.5: New, generated from xml file.
        * modules/pam_group/pam_group.8.xml: New.
        * modules/pam_group/pam_group.8: New, generated from xml file.
        * modules/pam_group/README.xml: New.
        * modules/pam_group/README: Regenerated from xml file.

        * modules/pam_ftp/Makefile.am: Include Make.xml.rules.
        * modules/pam_ftp/pam_ftp.8.xml: New.
        * modules/pam_ftp/pam_ftp.8: New, generated from xml file.
        * modules/pam_ftp/README.xml: New.
        * modules/pam_ftp/README: Regenerated from xml file.

        * modules/pam_issue/Makefile.am: Include Make.xml.rules.
        * modules/pam_issue/pam_issue.8.xml: New.
        * modules/pam_issue/pam_issue.8: New, generated from xml file.
        * modules/pam_issue/README.xml: New.
        * modules/pam_issue/README: Regenerated from xml file.

        * modules/pam_filter/Makefile.am: Include Make.xml.rules.
        * modules/pam_filter/pam_filter.8.xml: New.
        * modules/pam_filter/pam_filter.8: New, generated from xml file.
        * modules/pam_filter/README.xml: New.
        * modules/pam_filter/README: Regenerated from xml file.

2006-05-30  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_mkhomedir/pam_mkhomedir.8.xml: Fix umask and skel
        directory documentation.

        * modules/pam_umask/Makefile.am: Include Make.xml.rules.
        * modules/pam_umask/pam_umask.8.xml: New.
        * modules/pam_umask/pam_umask.8: New, generated from xml file.
        * modules/pam_umask/README.xml: New.
        * modules/pam_umask/README: Regenerated from xml file.

2006-05-29  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_mkhomedir/Makefile.am: Include Make.xml.rules.
        * modules/pam_mkhomedir/pam_mkhomedir.8.xml: New.
        * modules/pam_mkhomedir/pam_mkhomedir.8: New, generated from xml file.
        * modules/pam_mkhomedir/README.xml: New.
        * modules/pam_mkhomedir/README: Regenerated from xml file.

2006-05-23  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_echo/pam_echo.c (pam_echo): Use pam_modutil_read()
        instead of read().

2006-05-22  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_listfile/pam_listfile.c (pam_sm_authenticate):
        Fix memory leaks, [#1490956] found by Coverity.

        * modules/pam_tally/pam_tally.c (pam_get_uid): Check return
        value of pam_get_user().
        (tally_get_data): Check if oldtime is not NULL.
        [#1489818] found by Coverity.

        * modules/pam_mkhomedir/pam_mkhomedir.c (create_homedir): Don't
        ignore return value of stat(). [#1489808] found by Coverity.

        * modules/pam_mail/pam_mail.c (get_folder): Fix a potential
        NULL pointer dereference. [#1489792] found by Coverity.

        * libpam/Makefile.am: bump release number of libpam.so.
        * libpam/pam_misc.c (_pam_mkargv): Fix memory leak,
        [#1489804] found by Coverity.

        * modules/pam_echo/pam_echo.c (replace_and_print): Initialize
        str, [#1489658] found by Coverity.

        * modules/pam_cracklib/pam_cracklib.c (_pam_unix_approve_pass): Fix
        a potential NULL pointer dereference.
        (pam_sm_chauthtok): Remove dead code.
        [#1489634] found by Coverity.

2006-05-04  Thorsten Kukuk  <kukuk@thkukuk.de>

        * configure.in: Check for fseeko.
        * modules/pam_tally/pam_tally.c: Use fseeko if available
        (Based on patch by IBM).

2006-05-04  Thorsten Kukuk  <kukuk@thkukuk.de>

        * release version 0.99.4.0

        * libpam/pam_strerror.c: Unify error messages.

        * po/zh_TW.po: Adjust for last pam_strerror changes.
        * po/zh_CN.po: Likewise.
        * po/uk.po: Likewise.
        * po/tr.po: Likewise.
        * po/pt.po: Likewise.
        * po/pt_BR.po: Likewise.
        * po/pl.po: Likewise.
        * po/ja.po: Likewise.
        * po/nl.po: Likewise.
        * po/nb.po: Likewise.
        * po/it.po: Likewise.
        * po/hu.po: Likewise.
        * po/fr.po: Likewise.
        * po/fi.po: Likewise.
        * po/es.po: Likewise.
        * po/de.po: Likewise.
        * po/cs.po: Likewise.

        * doc/man/pam.3.xml: New.
        * doc/man/pam.3. New, generated from XML file.

        * doc/man/pam_sm_acct_mgmt.3.xml: New.
        * doc/man/pam_sm_acct_mgmt.3: New, generated from XML file.

        * doc/man/*.xml: Fix encoding and use always UTF-8, regenerate
        all manual pages.

        * doc/pam_modules.sgml (PAM_NEW_AUTHTOKEN_REQD): Fix typo.

2006-05-02  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): Use
        different strings for plural or not [#1427738]

        * po/*.po: Adjust for pam_unix.so translation fix.

        * modules/pam_tally/pam_tally.c: Always close file handle
        in error case, don't close it depending on *TALLY value [#1478180]

2006-04-21  Thorsten Kukuk  <kukuk@thkukuk.de>

        * po/fr.po: Updated.

2006-04-11  Thorsten Kukuk  <kukuk@thkukuk.de>

        * po/km.po: Updated.

2006-03-27  Thorsten Kukuk  <kukuk@thkukuk.de>

        * po/LINGUAS: Add uk.

        * po/uk.po: New.
        * po/cs.po: Updated.
        * po/po/es.po: Updated.
        * po/fi.po: Updated.
        * po/fr.po: Updated.
        * po/hu.po: Updated.
        * po/it.po: Updated.
        * po/ja.po: Updated.
        * po/nb.po: Updated.
        * po/pl.po: Updated.
        * po/pt.po: Updated.
        * po/pt_BR.po: Updated.
        * po/zh_CN.po: Updated.
        * po/zh_TW.po: Updated.

2006-03-21  Thorsten Kukuk  <kukuk@thkukuk.de>

        * configure.in: Remove ALL_LINGUAS.
        * po/LINGUAS: New.
        * po/tr.po: New (from Ismail Donmez <ismail@pardus.org.tr>).

2006-03-13  Thorsten Kukuk  <kukuk@thkukuk.de>

        * doc/man/pam_error.3.xml: New.
        * doc/man/pam_error.3: New, generated from XML file.
        * doc/man/pam_verror.3: New, generated from XML file.
        * doc/man/Makefile.am: Add pam_error.3 and pam_verror.3.

        * modules/pam_lastlog/Makefile.am: Fix typo.

        * modules/pam_lastlog/pam_lastlog.c: Move comment for
        translators in right line.
        * po/*.po: Update po files with comment for translator.

2006-03-12  Thorsten Kukuk  <kukuk@thkukuk.de>

        * doc/man/Makefile.am: Add new manual pages.

        * doc/man/pam.conf.5.xml: Replace link with content
        of PAM admin guide.
        * doc/man/pam.conf.5: Regenerated from XML file.

        * doc/man/pam_info.3.xml: New.
        * doc/man/pam_info.3: New, generated from XML file.
        * doc/man/pam_vinfo.3: New, generated from XML file.

        * doc/man/pam_conv.3.xml: New.
        * doc/man/pam_conv.3: New, generated from XML file.

        * doc/man/pam_putenv.3.xml: New.
        * doc/man/pam_putenv.3: New, generated from XML file.

        * doc/man/pam_getenv.3.xml: New.
        * doc/man/pam_getenv.3: New, generated from XML file.

        * doc/man/pam_getenvlist.3.xml: New.
        * doc/man/pam_getenvlist.3: New, generated from XML file.

        * libpam/pam_item.c (pam_get_user): Check for valid pamh before
        using it.

        * configure.in: create tests/Makefile
        * Makefile.am (SUBDIRS): Add tests
        * tests/Makefile.am: New.
        * tests/tst-dlopen.c: New.
        * tests/tst-pam_acct_mgmt.c: New.
        * tests/tst-pam_authenticate.c: New.
        * tests/tst-pam_chauthtok.c: New.
        * tests/tst-pam_close_session.c: New.
        * tests/tst-pam_end.c: New.
        * tests/tst-pam_fail_delay.c: New.
        * tests/tst-pam_getenvlist.c: New.
        * tests/tst-pam_get_item.c: New.
        * tests/tst-pam_open_session.c: New.
        * tests/tst-pam_setcred.c: New.
        * tests/tst-pam_set_item.c: New.
        * tests/tst-pam_start.c: New.
        * tests/tst-pam_get_user.c: New.

        * modules/pam_access/Makefile.am: Add rules for make check
        * modules/pam_access/tst-pam_access: New
        * modules/pam_cracklib/Makefile.am: Add rules for make check
        * modules/pam_cracklib/tst-pam_cracklib: New
        * modules/pam_debug/Makefile.am: Add rules for make check
        * modules/pam_debug/tst-pam_debug: New
        * modules/pam_deny/Makefile.am: Add rules for make check
        * modules/pam_deny/tst-pam_deny: New
        * modules/pam_echo/Makefile.am: Add rules for make check
        * modules/pam_echo/tst-pam_echo: New
        * modules/pam_env/Makefile.am: Add rules for make check
        * modules/pam_env/tst-pam_env: New
        * modules/pam_exec/Makefile.am: Add rules for make check
        * modules/pam_exec/tst-pam_exec: New
        * modules/pam_filter/Makefile.am: Add rules for make check
        * modules/pam_filter/tst-pam_filter: New
        * modules/pam_ftp/Makefile.am: Add rules for make check
        * modules/pam_ftp/tst-pam_ftp: New
        * modules/pam_group/Makefile.am: Add rules for make check
        * modules/pam_group/tst-pam_group: New
        * modules/pam_issue/Makefile.am: Add rules for make check
        * modules/pam_issue/tst-pam_issue: New
        * modules/pam_lastlog/Makefile.am: Add rules for make check
        * modules/pam_lastlog/tst-pam_lastlog: New
        * modules/pam_limits/Makefile.am: Add rules for make check
        * modules/pam_limits/tst-pam_limits: New
        * modules/pam_listfile/Makefile.am: Add rules for make check
        * modules/pam_listfile/tst-pam_listfile: New
        * modules/pam_localuser/Makefile.am: Add rules for make check
        * modules/pam_localuser/tst-pam_localuser: New
        * modules/pam_mail/Makefile.am: Add rules for make check
        * modules/pam_mail/tst-pam_mail: New
        * modules/pam_mkhomedir/Makefile.am: Add rules for make check
        * modules/pam_mkhomedir/tst-pam_mkhomedir: New
        * modules/pam_motd/Makefile.am: Add rules for make check
        * modules/pam_motd/tst-pam_motd: New
        * modules/pam_nologin/Makefile.am: Add rules for make check
        * modules/pam_nologin/tst-pam_nologin: New
        * modules/pam_permit/Makefile.am: Add rules for make check
        * modules/pam_permit/tst-pam_permit: New
        * modules/pam_rhosts/Makefile.am: Add rules for make check
        * modules/pam_rhosts/tst-pam_rhosts: New
        * modules/pam_rootok/Makefile.am: Add rules for make check
        * modules/pam_rootok/tst-pam_rootok: New
        * modules/pam_securetty/Makefile.am: Add rules for make check
        * modules/pam_securetty/tst-pam_securetty: New
        * modules/pam_selinux/Makefile.am: Add rules for make check
        * modules/pam_selinux/tst-pam_selinux: New
        * modules/pam_shells/Makefile.am: Add rules for make check
        * modules/pam_shells/tst-pam_shells: New
        * modules/pam_stress/Makefile.am: Add rules for make check
        * modules/pam_stress/tst-pam_stress: New
        * modules/pam_succeed_if/Makefile.am: Add rules for make check
        * modules/pam_succeed_if/tst-pam_succeed_if: New
        * modules/pam_tally/Makefile.am: Add rules for make check
        * modules/pam_tally/tst-pam_tally: New
        * modules/pam_time/Makefile.am: Add rules for make check
        * modules/pam_time/tst-pam_time: New
        * modules/pam_umask/Makefile.am: Add rules for make check
        * modules/pam_umask/tst-pam_umask: New
        * modules/pam_unix/Makefile.am: Add rules for make check
        * modules/pam_unix/tst-pam_unix: New
        * modules/pam_userdb/Makefile.am: Add rules for make check
        * modules/pam_userdb/tst-pam_userdb: New
        * modules/pam_warn/Makefile.am: Add rules for make check
        * modules/pam_warn/tst-pam_warn: New
        * modules/pam_wheel/Makefile.am: Add rules for make check
        * modules/pam_wheel/tst-pam_wheel: New
        * modules/pam_xauth/Makefile.am: Add rules for make check
        * modules/pam_xauth/tst-pam_xauth: New

2006-03-11  Thorsten Kukuk  <kukuk@thkukuk.de>

        * doc/man/pam_fail_delay.3.xml: New.
        * doc/man/pam_fail_delay.3: New, generated from xml.
        * doc/man/pam_prompt.3.xml: New.
        * doc/man/pam_prompt.3: New, generated from xml.
        * doc/man/pam_syslog.3.xml: New.
        * doc/man/pam_syslog.3: New, generated from xml.
        * doc/man/pam_vprompt.3: New, generated from xml.
        * doc/man/pam_vsyslog.3: New, generated from xml.

2006-02-24  Thorsten Kukuk  <kukuk@thkukuk.de>

        * po/km.po: Update Khmer translation.

2006-02-24  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_succeed_if/pam_succeed_if.8.xml: New, based on
        version from #1425487.
        * modules/pam_succeed_if/pam_succeed_if.8: Regenerated from xml.
        * modules/pam_succeed_if/Makefile.am: Include XML rules.
        * modules/pam_succeed_if/README.xml: New.
        * modules/pam_succeed_if/README: Regenerated from xml.
        * modules/pam_succeed_if/pam_succeed_if.c: Fix comment about
        return values.

2006-02-22  Thorsten Kukuk  <kukuk@thkukuk.de>

        * configure.in: Fix check for incomplete libaudit installations
        (Patch from Ruediger Oertel <ro@suse.de>).

        * modules/pam_lastlog/pam_lastlog.c (last_login_write): Initialize
        correct last_login field [#1427401].

        * modules/pam_lastlog/pam_lastlog.c (last_login_read): Mark strftime
        format string for translation to allow reorder [#1428269].
        * po/*.po: Update with last pam_lastlog change.


2006-02-17  Thorsten Kukuk  <kukuk@thkukuk.de>

        * doc/man/Makefile.am: Add new manual pages.
        * doc/man/pam_end.3: Regenerated from xml file.
        * doc/man/pam_end.3.xml: Document freeing of item data.
        * doc/man/pam_get_user.3: New.
        * doc/man/pam_get_user.3.xml: New.
        * modules/pam_access/access.conf.5.xml: Fix typos.
        * modules/pam_env/Makefile.am: Add new manual pages.
        * modules/pam_env/README: Regenerate from xml file.
        * modules/pam_env/README.xml: New.
        * modules/pam_env/pam_env.8: New.
        * modules/pam_env/pam_env.8.xml: New.
        * modules/pam_env/pam_env.conf.5: New.
        * modules/pam_env/pam_env.conf.5.xml New.

2006-02-14  Thorsten Kukuk  <kukuk@thkukuk.de>

        * po/fi.po: Updated translations.
        * po/pl.po: Likewise.
        * po/km.po: New translation.
        * configure.in: Add km as new language.

2006-02-13  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_echo/pam_echo.8.xml: New.
        * modules/pam_echo/pam_echo.8: Regenerated from xml file.
        * modules/pam_echo/Makefile.am: Include Make.xml.rules.
        * modules/pam_echo/pam_echo.c: Fix return value.

        * doc/modules/pam_chroot.sgml: Remove obsolete sgml file.

2006-02-12  Thorsten Kukuk  <kukuk@thkukuk.de>

        * configure.in: Add doc/man/Makefile.
        * Make.xml.rules: Enable xincludes for manual pages.
        * doc/Makefile.am (EXRA_DIST): Remove manual pages.
        (SUBDIR): Add man subdirectory.
        * doc/man/Makefile.am: New.
        * doc/man/pam_acct_mgmt.3: New.
        * doc/man/pam_acct_mgmt.3.xml: New.
        * doc/man/pam_get_data.3: New.
        * doc/man/pam_get_data.3.xml: New.
        * doc/man/pam_set_data.3: New.
        * doc/man/pam_set_data.3.xml: New.
        * doc/man/pam.8.xml: New.
        * doc/man/pam.8: Regenerated from xml file.
        * doc/man/pam_authenticate.3.xml: New.
        * doc/man/pam_authenticate.3: Regenerated from xml file.
        * doc/man/pam_chauthtok.3.xml: New.
        * doc/man/pam_chauthtok.3: Regenerated from xml file.
        * doc/man/pam_close_session.3.xml: New.
        * doc/man/pam_close_session.3: Regenerated from xml file.
        * doc/man/pam_end.3.xml: New.
        * doc/man/pam_end.3: Regenerated from xml file.
        * doc/man/pam_fail_delay.3.xml: New.
        * doc/man/pam_fail_delay.3: Regenerated from xml file.
        * doc/man/pam_get_item.3.xml: New.
        * doc/man/pam_get_item.3: Regenerated from xml file.
        * doc/man/pam_item_types.inc.xml: New.
        * doc/man/pam_open_session.3.xml: New.
        * doc/man/pam_open_session.3: Regenerated from xml file.
        * doc/man/pam_set_item.3.xml: New.
        * doc/man/pam_set_item.3: Regenerated from xml file.
        * doc/man/pam_setcred.3.xml: New.
        * doc/man/pam_setcred.3: Regenerated from xml file.
        * doc/man/pam_start.3.xml: New.
        * doc/man/pam_start.3: Regenerated from xml file.
        * doc/man/pam_strerror.3.xml: New.
        * doc/man/pam_strerror.3: Regenerated from xml file.
        * doc/man/template-man: Removed.

2006-02-10  Thorsten Kukuk  <kukuk@thkukuk.de>

        * configure.in: Remove pam_pwdb support.
        * modules/Makefile.am: remove pam_pwdb.
        * modules/pam_pwdb: Remove complete directory.
        * libpam/Makefile.am: Remove LIBPWDB references.
        * libpam/pam_static_modules.h: Remove pam_pwdb references.
        * doc/modules/pam_pwdb.sgml: Removed.
        * po/POTFILES.in: Remove modules/pam_pwdb/*.c entries.
        * doc/pam_source.sgml: Remove references to libpwdb.
        * doc/modules/pam_limits.sgml: Remove wrong reference to libpwdb.
        * doc/modules/pam_group.sgml: Likewise.
        * doc/modules/pam_cracklib.sgml: Replace pam_pwdb with pam_unix.
        * doc/modules/pam_userdb.sgml: Likewise.
        * modules/pam_cracklib/pam_cracklib.8.xml: Replace pam_pwdb
        with pam_unix.
        * modules/pam_mkhomedir/pam_mkhomedir.c: Likewise.
        * modules/pam_group/pam_group.c: Remove dead code for libpwdb.

        * modules/pam_access/Makefile.am: Fix EXTRA_DIST.
        * modules/pam_cracklib/Makefile.am: Likewise.
        * modules/pam_deny/Makefile.am: Likewise.
        * modules/pam_exec/Makefile.am: Likewise.

2006-02-07  Thorsten Kukuk  <kukuk@thkukuk.de>

        * configure.in: Check for text browser.
        * Make.xml.rules: Add rule to generate README from README.xml.

        * modules/pam_access/Makefile.am: Include Make.xml.rules.
        * modules/pam_access/README: Regenerated from README.xml.
        * modules/pam_access/README.xml: New.
        * modules/pam_access/access.conf: Extended by new examples.
        * modules/pam_access/access.conf.5: New, generated from xml file.
        * modules/pam_access/access.conf.5.xml: New.
        * modules/pam_access/pam_access.8: New, generated from xml file.
        * modules/pam_access/pam_access.8.xml: New.
        * modules/pam_access/pam_access.c: Add rules for IPv6 and
        netmasks.
        Based on patch from Mike Becher <Mike.Becher@lrz-muenchen.de>.

        * modules/pam_deny/Makefile.am: Include Make.xml.rules.
        * modules/pam_deny/pam_deny.8.xml: New.
        * modules/pam_deny/pam_deny.8: New, generated from xml file.
        * modules/pam_deny/README.xml: New.
        * modules/pam_deny/README: Regenerated from xml file.

        * modules/pam_cracklib/Makefile.am: Include Make.xml.rules.
        * modules/pam_cracklib/pam_cracklib.8.xml: New.
        * modules/pam_cracklib/pam_cracklib.8: New, generated from xml file.
        * modules/pam_cracklib/README.xml: New.
        * modules/pam_cracklib/README: Regenerated from xml file.

        * modules/pam_exec/Makefile.am: Add rule to generate README.
        * modules/pam_exec/README: Regenerated from xml file.
        * modules/pam_exec/pam_exec.8: Regenerated from xml file.
        * modules/pam_exec/pam_exec.8.xml: Syntax files.

2006-02-06  Thorsten Kukuk  <kukuk@thkukuk.de>

        * po/nl.po: New.
        * po/pt.po: Update translations.
        * configure.in: Add nl as new language.

2006-01-30  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_exec/pam_exec.8.xml: Fix syntax of Return Value section.
        * modules/pam_exec/Makefile.am: Include Make.xml.rules.

        * Make.xml.rules: New.

        * Makefile.am (EXTRA_DIST): Add Make.xml.rules.

2006-01-27  Thorsten Kukuk  <kukuk@thkukuk.de>

        * configure.in: Prefer libdb over libndbm, fix check for
        libcrack and remove not needed BACKUP_LIBS.

2006-01-24  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_debug/pam_debug.c: Fix name of pam_module struct.

        * po/de.po: Fix one translation.

        * configure.in: Add modules/pam_exec.
        * modules/Makefile.am: Add pam_exec subdirectory.
        * modules/pam_exec/README: New.
        * modules/pam_exec/Makefile.am: New.
        * modules/pam_exec/pam_exec.8: New.
        * modules/pam_exec/pam_exec.c: New.
        * modules/pam_exec/pam_exec.8.xml: New.
        * po/POTFILES.in: Add modules/pam_exec/pam_exec.c.
        * po/*.po: Merge new pam_exec strings.

        * libpam/pam_static_modules.h: New.
        * Makefile.am: Reorder subdirectories for static modules.
        * configure.in: Add --enable-static-modules option.
        * libpam/Makefile.am: Define WITH_SELINUX and WITH_PWDB if
        necessary, add pam_static_modules.h, link against all PAM
        module object files if STATIC_MODULES is defined.
        * libpam/pam_static.c: Remove old _static_module* includes,
        include pam_static_modules.h.

        * configure.in: Add checks for xsltproc, xmllint and docbook
        xsl stylesheet.
        * m4/jh_path_xml_catalog.m4: New.

2006-01-22  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_succeed_if/pam_succeed_if.c: Add support for
        static modules.
        * modules/pam_xauth/pam_xauth.c: Likewise.

        * libpam/pam_static.c (_pam_open_static_handler): Add pamh
        as argument.
        * libpam/pam_private.h: Adjust prototype.
        * libpam/pam_handlers.c (_pam_add_handler): Add pamh to
        _pam_open_static_handler call.

        * configure.in: Don't define PAM_DYNAMIC.
        * libpam/pam_handlers.c: Get ride of PAM_DYNAMIC, don't
        include pam_dynamic.h
        * libpam/pam_dynamic.c: Don't include pam_dynamic.h,
        exclude functions if we compile with PAM_STATIC.
        * libpam/pam_dynamic.h: Remove.
        * libpam/pam_private.h: Add function prototypes from pam_dynamic.h.
        * libpam/Makefile.am: Bump version number of libpam, remove
        pam_dynamic.h.

2006-01-21  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_listfile/pam_listfile.c: Add support for session
        and password management.

2006-01-19  Thorsten Kukuk  <kukuk@thkukuk.de>

        * doc/specs/Makefile.am (spec): Add padout to fix parallel
        build (Reported by Andreas Haumer <andreas@xss.co.at>).

2006-01-15  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_echo/pam_echo.c: Define HOST_NAME_MAX if not
        already defined.

2006-01-13  Thorsten Kukuk  <kukuk@thkukuk.de>

        * release version 0.99.3.0

        * libpam_misc/misc_conv.c (misc_conv): Fix strict aliasing
        error.

        * modules/pam_umask/pam_umask.c (search_key): Don't ignore
        EOF/error return value from fgets().

        * configure.in: Check for getline and getdelim

        * po/fi.po: Add new translations.
        * po/de.po: Likewise.
        * po/es.po: Likewise.
        * po/fr.po: Likewise.
        * po/it.po: Likewise.
        * po/ja.po: Likewise.
        * po/pt_BR.po: Likewise.
        * po/zh_CH.po: Likewise.
        * po/zh_TW.po: Likewise.

2006-01-13  Dmitry V. Levin  <ldv@altlinux.org>

        * libpam/pam_audit.c (_pam_auditlog): Replace strerror(errno)
        call with %m specifier.

2006-01-12  Thorsten Kukuk  <kukuk@thkukuk.de>

        * configure.in: Add check for -fpie/-pie
        * modules/pam_filter/upperLOWER/Makefile.am: Compile/link
        upperLOWER with -fpie/-pie if supported.
        * modules/pam_unix/Makefile.am: Compile/link unix_chkpwd
        with -fpie/-pie if supported.

2006-01-12  Steve Grubb  <sgrubb@redhat.com>

        * configure.in: Add check for audit library.
        * libpam/Makefile.am (libpam_la_LDFLAGS): Add LIBAUDIT.
        (libpam_la_SOURCES): Add pam_audit.c.
        * libpam/pam_account.c (pam_acct_mgmt): Add _pam_auditlog() call.
        * libpam/pam_auth.c (pam_authenticate), (pam_setcred): Likewise.
        * libpam/pam_password.c (pam_chauthtok):  Likewise.
        * libpam/pam_session.c (pam_open_session),
        (pam_close_session): Likewise.
        * libpam/pam_private.h: Add audit_state member to pam_handle,
        declare _pam_auditlog and _pam_audit_end.
        * libpam/pam_start.c (pam_start): Initialize audit_state.
        * libpam/pam_audit.c: New file with _pam_auditlog and _pam_audit_end
        implementation.
        * libpam/pam_end.c (pam_end): Add _pam_audit_end() call.
        * NEWS: Note about added auditing.

2006-01-11  Thorsten Kukuk  <kukuk@thkukuk.de>

        * libpam/Makefile.am (AM_CFLAGS): Define LIBPAM_COMPILE.

        * libpam/include/security/_pam_types.h: Don't define PAM_NONNULL
        if we compile libpam itself.

        * po/hu.po: Update with new translations.

2006-01-08  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_cracklib/pam_cracklib.c: Use PAM_AUTHTOK_RECOVERY_ERR
        instead of PAM_AUTHTOK_RECOVER_ERR.
        * modules/pam_pwdb/support.-c: Likewise.
        * modules/pam_unix/support.c: Likewise.
        * modules/pam_userdb/pam_userdb.c (pam_sm_authenticate): Likewise.
        * libpam/pam_strerror.c (pam_strerror): Likewise.

        * libpam/include/security/_pam_compat.h: Define
        PAM_AUTHTOK_RECOVER_ERR for backward compatibility.

        * libpam/include/security/_pam_types.h: Rename
        PAM_AUTHTOK_RECOVER_ERR to PAM_AUTHTOK_RECOVERY_ERR.

2006-01-05  Thorsten Kukuk  <kukuk@thkukuk.de>

        * libpam/include/security/_pam_types.h: Remove nonnull attribute
        from third paramter (item) of pam_get_item.
        * libpam/Makefile.am: Bump version number of shared library.

2005-12-21  Tomas Mraz <t8m@centrum.cz>

        * modules/pam_succeed_if/pam_succeed_if.c (evaluate_ingroup),
        (evaluate_notingroup): Simplified.
        (evaluate_innetgr), (evaluate_notinnetgr): New functions.
        (evaluate): Added calls to evaluate_(not)innetgr().
        * modules/pam_succeed_if/README: Documented netgroup matching.
        * NEWS: Mentioned the added netgroup matching support.

2005-12-20  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_lastlog/pam_lastlog.c (last_login_read): Use
        strftime instead of ctime.

        * po/de.po: Fix typo.

2005-12-19  Thorsten Kukuk  <kukuk@thkukuk.de>

        * libpam/pam_syslog.c: Define LOG_AUTHPRIV as LOG_AUTH on Solaris.
        Reported by Charles_H_Bedford@nbc.gov.

        * modules/pam_time/pam_time.c (check_account): Implement
        support for netgroups.

        * modules/pam_time/time.conf: Document usage of netgroups.

2005-12-16  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_group/pam_group.c (check_account): Implement
        support for netgroups.

        * modules/pam_group/group.conf: Add all documentation to this
        example config file and don't reference to outdated configs.

        * modules/pam_group/README: New.

        * modules/pam_group/Makefile.am: Add README to EXTRADIST.

2005-12-15  Thorsten Kukuk  <kukuk@suse.de>

        * modules/pam_lastlog/pam_lastlog.c (last_login_read): Don't report an
        error if user logins the first time.

        * modules/pam_lastlog/README: New.

        * modules/pam_lastlog/Makefile.am: Add README to EXTRADIST.

2005-12-14  Thorsten Kukuk  <kukuk@suse.de>

        * modules/pam_deny/pam_deny.c: Fix comment.

        * doc/pam_appl.sgml: Fix typo.

        Reported by Russell Bateman <russ@windofkeltia.com>

2005-12-12  Thorsten Kukuk  <kukuk@thkukuk.de>

        * release version 0.99.2.1

        * po/de.po: Remove new fuzzy entry

        * NEWS: Add 0.99.2.1 changes

        * configure.in: bump version number to 0.99.2.1

2005-12-12  Dmitry V. Levin  <ldv@altlinux.org>

        Cleanup pam_syslog messages.

        * modules/pam_env/pam_env.c (_expand_arg): Fix compiler warning.
        * modules/pam_filter/pam_filter.c (set_filter): Append %m
        specifier to pam_syslog messages where appropriate.
        * modules/pam_group/pam_group.c (read_field): Likewise.
        * modules/pam_mkhomedir/pam_mkhomedir.c (make_remark): Remove.
        (create_homedir): Do not use make_remark() wrapper, call
        pam_info() directly.  Call pam_syslog() right after failed
        operation and append %m specifier to pam_syslog messages where
        appropriate.
        * modules/pam_rhosts/pam_rhosts_auth.c (pam_iruserok): Replace
        sequence of malloc(), strcpy() and strcat() calls with asprintf().
        Append %m specifier to pam_syslog messages where appropriate.
        * modules/pam_securetty/pam_securetty.c (securetty_perform_check):
        Append %m specifier to pam_syslog messages where appropriate.
        * modules/pam_shells/pam_shells.c (perform_check): Likewise.

2005-12-12  Tomas Mraz  <t8m@centrum.cz>

        * modules/pam_mail/pam_mail.c (report_mail): Fixed typo in string.
        * po/Linux-PAM.pot: Likewise.
        * po/de.po: Likewise.
        * po/es.po: Likewise.
        * po/fi.po: Likewise.
        * po/fr.po: Likewise.
        * po/hu.po: Likewise.
        * po/it.po: Likewise.
        * po/ja.po: Likewise.
        * po/nb.po: Likewise.
        * po/pa.po: Likewise.
        * po/pl.po: Likewise.
        * po/pt.po: Likewise.
        * po/pt_BR.po: Likewise.
        * po/zh_CN.po: Likewise.
        * po/zh_TW.po: Likewise.
        * po/de.po: Add new translation, fixed typo in string.

2005-12-12  Mike Becher  <Mike.Becher@lrz-muenchen.de>

        * doc/Makefile.am: Fixed install of PS, PDF, TXT and HTML files.

2005-12-12  Thorsten Kukuk  <kukuk@suse.de>

        * modules/pam_mail/README: Document "quiet" and "standard"
        options.

2005-12-07  Thorsten Kukuk  <kukuk@suse.de>

        * modules/pam_mail/pam_mail.c: Modify assembling of output
        for easier translation.

        * po/de.po: Translate new pam_mail messages.


2005-11-24  Thorsten Kukuk  <kukuk@thkukuk.de>

        * po/de.po: Add new translation, fix wrong format specifier.
        * po/cs.po: Fix wrong format specifier.
        * po/es.po: Likewise.
        * po/fi.po: Likewise.
        * po/fr.po: Likewise.
        * po/hu.po: Likewise.
        * po/it.po: Likewise.
        * po/ja.po: Likewise.
        * po/nb.po: Likewise.
        * po/pa.po: Likewise.
        * po/pl.po: Likewise.
        * po/pt.po: Likewise.
        * po/pt_BR.po: Likewise.
        * po/zh_CN.po: Likewise.
        * po/zh_TW.po: Likewise.

2005-11-24  Dmitry V. Levin  <ldv@altlinux.org>

        * config.h.in: Remove generated file.
        * .cvsignore: Add config.h.in.

        * configure.in: Do not check for strerror.
        * libpam_misc/misc_conv.c (read_string): Replace strerror()
        call with %m specifier.
        * libpamc/pamc_converse.c (pamc_converse): Likewise.
        * modules/pam_echo/pam_echo.c (pam_echo): Likewise.
        * modules/pam_localuser/pam_localuser.c (pam_sm_authenticate):
        Likewise.
        * modules/pam_selinux/pam_selinux.c (security_label_tty):
        Likewise.
        (security_restorelabel_tty, security_label_tty): Append %m
        specifier where appropriate.
        * modules/pam_selinux/pam_selinux_check.c (main): Replace
        strerror() call with %m specifier.
        * modules/pam_unix/pam_unix_passwd.c (save_old_password,
        _update_passwd, _update_shadow): Likewise.
        * modules/pam_unix/support.c (_unix_run_helper_binary): Likewise.
        * modules/pam_unix/unix_chkpwd.c (_update_shadow): Likewise.
        * po/Linux-PAM.pot: Update strings from pam_selinux.
        * po/cs.po: Likewise.
        * po/de.po: Likewise.
        * po/es.po: Likewise.
        * po/fi.po: Likewise.
        * po/fr.po: Likewise.
        * po/hu.po: Likewise.
        * po/it.po: Likewise.
        * po/ja.po: Likewise.
        * po/nb.po: Likewise.
        * po/pa.po: Likewise.
        * po/pl.po: Likewise.
        * po/pt.po: Likewise.
        * po/pt_BR.po: Likewise.
        * po/zh_CN.po: Likewise.
        * po/zh_TW.po: Likewise.

2005-11-23  Thorsten Kukuk  <kukuk@suse.de>

        * modules/pam_xauth/pam_xauth.c (pam_sm_open_session): Introduce
        new variable to fix compiler warning.

        * libpam/pam_modutil_getlogin.c (pam_modutil_getlogin): PAM_TTY
        don't need to start with /dev/.

2005-11-21  Thorsten Kukuk  <kukuk@thkukuk.de>

        * release version 0.99.2.0

        * libpam_misc/Makefile.am: Increase release number (for change
        from 2005-11-09)

        * NEWS: Adjust for 0.99.2.0

2005-11-17  Thorsten Kukuk  <kukuk@thkukuk.de>

        * libpam/include/security/_pam_compat.h: Fix wrong #ifdef nesting.
        Redefine PAM_CHANGE_EXPIRED_AUTHTOK [#604380]

2005-11-16  Thorsten Kukuk  <kukuk@thkukuk.de>

        * libpam/pam_handlers.c: Replace code for all dlopen variants with
        a generic wrapper.
        * libpam/pam_dynamic.c: Implement generic wrapper for dlopen.
        * libpam/pam_dynamic.h: Provide prototypes.
        For Mac OS X support [#534205]

2005-11-09  Tomas Mraz <t8m@centrum.cz>

        * modules/pam_access/pam_access.c (pam_sm_acct_mgmt): Parse correctly
        full path tty name.
        * modules/pam_time/pam_time.c (pam_sm_acct_mgmt): Parse correctly
        full path tty name. Allow unset tty.
        (logic_member): Allow matching ':' in tty name.
        * modules/pam_group/pam_group.c (pam_sm_acct_mgmt): Parse correctly
        full path tty name. Allow unset tty.
        (logic_member): Allow matching ':' in tty name.

        * libpam_misc/misc_conv.c (read_string): Read only up to EOL if stdin
        is not terminal.

2005-11-07  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_unix/pam_unix_passwd.c (_unix_verify_shadow): Use
        correct variable names.

2005-11-06  Steve Langasek <vorlon@debian.org>

        * modules/pam_env/pam_env.c: don't treat a missing
        /etc/environment as a fatal error when attempting to read it,
        and try to read this file by default; this restores the behavior
        from Linux-PAM 0.76.

2005-11-02  Tomas Mraz <t8m@centrum.cz>

        * modules/pam_unix/support.c (_unix_getpwnam): Fix typo [#1224807]
        by ohyajapn.

        * modules/pam_unix/pam_unix_passwd.c (_unix_verify_shadow): Change the
        logic when comparing dates to handle corner cases better [#1245888].

2005-10-31  Thorsten Kukuk  <kukuk@suse.de>

        * modules/pam_filter/pam_filter.c: Use XCASE only if defined
        [#624214]

2005-10-27  Thorsten Kukuk  <kukuk@suse.de>

        * doc/man/pam.8: Fix wording for authentication chapter [#1197444]

2005-10-26  Tomas Mraz  <t8m@centrum.cz>

        * modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary),
        modules/pam_unix/pam_unix_passwd.c (_unix_run_shadow_binary),
        modules/pam_unix/support.c (_unix_run_shadow_binary_): Set real
        uid to 0 before executing the helper if SELinux is enabled.
        * modules/pam_unix/unix_chkpwd.c (main): Disable user check only
        if real uid is 0 (CVE-2005-2977). Log failed password check attempt.


2005-10-20  Tomas Mraz  <t8m@centrum.cz>

        * configure.in: Added check for xauth binary and --with-xauth option.
        * config.h.in: Added configurable PAM_PATH_XAUTH.
        * modules/pam_xauth/README,
        modules/pam_xauth/pam_xauth.8: Document where xauth is looked for.
        * modules/pam_xauth/pam_xauth.c (pam_sm_open_session): Implement
        searching xauth binary on multiple places.
        (run_coprocess): Don't use execvp as it can be a security risk.

2005-10-04  Steve Langasek  <vorlon@debian.org>

        * libpam/include/security/pam_malloc.h,
        libpam/include/security/pam_modules.h: Declare public header
        files extern "C" so that they are C++-safe.

2005-10-02  Dmitry V. Levin  <ldv@altlinux.org>
            Steve Langasek  <vorlon@debian.org>

        Cleanup gratuitous use of strdup().
        Fix "missing argument" checks.

        * modules/pam_env/pam_env.c (_pam_parse): Add const qualifier
        to conffile and envfile arguments.  Do not use x_strdup() for
        conffile and envfile initialization.  Fix "missing argument"
        checks.
        (_parse_config_file): Take conffile argument of type "const char *"
        instead of "char **".  Do not free conffile.
        (_parse_env_file): Take env_file argument of type "const char *"
        instead of "char **".  Do not free env_file.
        (pam_sm_setcred): Add const qualifier to conf_file and env_file.
        Pass conf_file and env_file to _parse_config_file() and
        _parse_env_file() by value.
        (pam_sm_open_session): Likewise.

        * modules/pam_ftp/pam_ftp.c (_pam_parse): Add const qualifier to
        users argument.  Do not use x_strdup() for users initialization.
        (lookup):  Add const qualifier to list argument.
        (pam_sm_authenticate): Add const qualifier to users argument.

        * modules/pam_mail/pam_mail.c (_pam_parse): Add const qualifier
        to maildir argument.  Do not use x_strdup() for maildir
        initialization.  Fix "missing argument" check.
        (get_folder): Take path_mail argument of type "const char *"
        instead of "char **".  Do not free path_mail.
        (_do_mail): Add const qualifier to path_mail argument.
        Pass path_mail to get_folder() by value.

        * modules/pam_motd/pam_motd.c: Include <syslog.h>.
        (pam_sm_open_session): Add const qualifier to motd_path.
        Do not use x_strdup() for motd_path initialization.  Do not
        free motd_path.  Fix "missing argument" check.  Add "unknown
        option" warning.

        * modules/pam_userdb/pam_userdb.c (_pam_parse): Add const
        qualifier to database and cryptmode arguments.  Fix "missing
        argument" checks.
        (pam_sm_authenticate): Add const qualifier to database and cryptmode.
        (pam_sm_acct_mgmt): Likewise.

2005-10-01  Steve Langasek  <vorlon@debian.org>

        * modules/pam_userdb/pam_userdb.c: spelling fix in log message.

2005-09-30  Steve Langasek  <vorlon@debian.org>

        * modules/pam_userdb/pam_userdb.c: Fix memory leak due to
        gratuitous use of strdup().

2005-09-27  Thorsten Kukuk  <kukuk@thkukuk.de>

        * release 0.99.1.0

        * doc/specs/Makefile.am (install-data-local): Install
        rfc and draft.
        (all): Copy rfc if we build outside of source directory.

2005-09-27  Thorsten Kukuk  <kukuk@suse.de>

        * NEWS: Document removal of pam_radius.
        * autogen.sh: Make configure script executeable.

        * conv/pam_conv1/Makefile (EXTRA_DIST): Removed lex.yy.c
        (lex.yy.c): Fixed out of tree build.

        * conv/pam_conv1/pam_conv.y: Fix main prototype.

        * README: Adjust.

        * po/POTFILES.in: Remove files not distributed by tar archive
        and not containing strings for translation.

2005-09-26  Tomas Mraz  <t8m@centrum.cz>

        * NEWS: Add a few missing entries from CHANGELOG.

        * AUTHORS: Fixed entries for Toady and me.

        * Makefile.am (M4_FILES): Fixed out of tree build.
        * doc/specs/Makefile.am (EXTRA_DIST): Removed lex.yy.c
        (spec, lex.yy.c): Fixed out of tree build.

        * modules/pam_userdb/README: Document try_first_pass and
        use_first_pass options, remove use_authtok option.


2005-09-26  Dmitry V. Levin  <ldv@altlinux.org>

        * NEWS: Mention changes in pam_lastlog.

2005-09-26  Thorsten Kukuk  <kukuk@suse.de>

        * NEWS: New file.
        * autogen.sh: Don't generate NEWS file.
        * CHANGELOG: Document it as obsolete.

2005-09-26  Tomas Mraz  <t8m@centrum.cz>

        * modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary):
        _log_err() -> pam_syslog()
        (pam_sm_acct_mgmt): _log_err() -> pam_syslog(), fix warning.
        * modules/pam_unix/pam_unix_auth.c (pam_sm_authenticate):
        _log_err() -> pam_syslog()
        * modules/pam_unix/pam_unix_passwd.c: removed obsolete ifdef
        (getNISserver, _unix_run_shadow_binary, _update_passwd,
        _update_shadow, _do_setpass, _pam_unix_approve_pass,
        pam_sm_chauthtok): _log_err() -> pam_syslog()
        * modules/pam_unix/pam_unix_sess.c: removed obsolete ifdef
        (pam_sm_open_session, pam_sm_close_session):
        _log_err() -> pam_syslog()
        * modules/pam_unix/support.c (_log_err, converse): removed
        (_make_remark): use pam_prompt() instead of converse()
        (_set_ctrl, _cleanup_failures, _unix_run_helper_binary,
        _unix_verify_password, _unix_read_password):
        _log_err() -> pam_syslog()
        _cleanup(), _unix_cleanup(): Silence unused param warnings.
        (_cleanup_failures, _unix_verify_password, _unix_getpwnam,
        _unix_run_helper_binary): Silence incorrect type warnings.
        (_unix_read_password): Use multiple pam_prompt() and pam_info() calls
        instead of converse().
        * modules/pam_unix/support.h (_log_err): removed
        * modules/pam_unix/unix_chkpwd.c (_log_err): LOG_AUTH -> LOG_AUTHPRIV

2005-09-26  Thorsten Kukuk  <kukuk@suse.de>

        * configure.in: Add doc/specs/Makefile.
        * Makefile.am: Add releasedocs rule.
        * doc/Makefile.am: Add specs subdir, remove files from specs
        directory, add rfc86.0.txt to releasedocs.
        * doc/specs/Makefile.am: New file.
        * doc/specs/formatter/parse.y: move from here ...
        * doc/specs/parse.y: ... here.
        * doc/specs/formatter/parse.lex: move from here ...
        * doc/specs/parse.lex: ... here.

        * modules/pam_mail/pam_mail.c: Mark missing strings for translation
        * po/Linux-PAM.pot: Add new strings from pam_mail
        * po/cs.po: Likewise.
        * po/de.po: Likewise.
        * po/es.po: Likewise.
        * po/fi.po: Likewise.
        * po/fr.po: Likewise.
        * po/hu.po: Likewise.
        * po/it.po: Likewise.
        * po/ja.po: Likewise.
        * po/nb.po: Likewise.
        * po/pa.po: Likewise.
        * po/pl.po: Likewise.
        * po/pt.po: Likewise.
        * po/pt_BR.po: Likewise.
        * po/zh_CN.po: Likewise.
        * po/zh_TW.po: Likewise.

2005-09-23  Tomas Mraz  <t8m@centrum.cz>

        * modules/pam_access/pam_access.c (from_match): Support NULL from.
        (string_match): Support NULL string, add NONE keyword matching it.
        (pam_sm_acct_mgmt): Don't fail when ttyname returns NULL.
        * modules/pam_access/access.conf: NONE keyword description
        * modules/pam_access/README: NONE keyword description

2005-09-22  Dmitry V. Levin  <ldv@altlinux.org>

        * modules/pam_xauth/pam_xauth.c: (check_acl, pam_sm_open_session,
        pam_sm_close_session): Strip redundant "pam_xauth: " prefix from
        text of log messages.
        (pam_sm_open_session): Replace sequence of malloc(), strcpy()
        and strcat() calls with asprintf().  Replace syslog() calls
        with pam_syslog().

        * modules/pam_nologin/pam_nologin.c (parse_args): Use strncmp()
        instead of memcmp() for string comparison.

2005-09-21  Dmitry V. Levin  <ldv@altlinux.org>

        * modules/pam_nologin/pam_nologin.c: Include <syslog.h>.
        (parse_args): Add pam_handle_t* argument.  Log unrecognized
        options.
        (perform_check): Log pam_get_user() and malloc() failures.
        (pam_sm_authenticate, pam_sm_setcred, pam_sm_acct_mgmt):
        Pass pam_handle_t* to parse_args().

        * modules/pam_mail/pam_mail.c: Include <errno.h>.
        Remove YOUR_MAIL_VERBOSE_FORMAT, YOUR_MAIL_STANDARD_FORMAT and
        NO_MAIL_STANDARD_FORMAT macros.
        (parse_args, get_folder): Cleanup error messages.
        (get_folder): Fix leak of the path_mail variable in case of
        pam_get_user() failure.  Cleanup memory management.
        (get_mail_status): Add pam_handle_t* argument.  Fix leaks of
        namelist variable.  Cleanup memory management.  Log memory
        allocation failures.  Remove 250-byte limit on Maildir pathname.
        (report_mail): Mark text messages for translation.
        (_do_mail): Cleanup memory management.  Pass pam_handle_t*
        to get_mail_status().

        * po/Linux-PAM.pot: Update with new strings from pam_mail for
        translation.
        * po/cs.po: Likewise.
        * po/de.po: Likewise.
        * po/es.po: Likewise.
        * po/fi.po: Likewise.
        * po/fr.po: Likewise.
        * po/hu.po: Likewise.
        * po/it.po: Likewise.
        * po/ja.po: Likewise.
        * po/nb.po: Likewise.
        * po/pa.po: Likewise.
        * po/pl.po: Likewise.
        * po/pt.po: Likewise.
        * po/pt_BR.po: Likewise.
        * po/zh_CN.po: Likewise.
        * po/zh_TW.po: Likewise.

2005-09-20  Thorsten Kukuk  <kukuk@suse.de>

        * configure.in: Add finish translation.
        * po/fi.po: New.

        * acinclude.m4: remove libprelude macros.
        * m4/libprelude.m4: New.

        * Makefile.am (EXTRA_DIST): make sure we include all m4 macros.

        * libpamc/Makefile.am (EXTRA_DIST): Add License.

See CHANGELOG for earlier changes.