-$Id$
+=======================================================================
+=======================================================================
+
+ This file is no longer used for tracking changes for Linux-PAM. For
+ user visible changes, please look at the NEWS file. A more verbose
+ list of changes can be found in ChangeLog.
+
+=======================================================================
+=======================================================================
-----------------------------
library for helping to develop modules that contains it and other
stuff. Also add sha-1 and ripemd-160 digest algorithms.
- once above is done. remove hacks from the secret@here module etc..
- - remove prototype for gethostname in pam_access.c (Derrick)
- document PAM_INCOMPLETE changes
- verify that the PAM_INCOMPLETE interface is sensible. Can we
catch errors? should we permit item changing etc., between
- verify that the PAM_INCOMPLETE interface works (auth seems ok..)
- add PAM_INCOMPLETE support to modules (partially added to pam_pwdb)
- work on RFC.
- - do we still need to remove openlog/closelog from modules..?
- auth and acct support in pam_cracklib, "yes, I know the password
you just typed was valid, I just don't think it was very strong..."
- - add in the pam_cap and pam_netid modules
====================================================================
-Note, as of release 0.73, all checkins should be accompanied with a
-Bug ID. The bug IDs relate to sourceforge IDs.. (Of course, nothing is
-ever that simple. It turns out that at some point in Sourceforge's
-history all of the bug ids got bumped by 100000, so pretty much if you
-see a bug ID below that begins with a '1' and your attempted query
-fails, try adding 100000 to the number and trying again. I believe
-this only affects bugs before release 0.76.)
-
-You can query the related bug description with the following URL:
-
- http://sourceforge.net/tracker/index.php?func=detail&aid=XXXXXX&group_id=6663&atid=106663
-
-Where you should replace XXXXXX with a bug-id.
-
-For general documentation completion work, I'm doing it all with
-respect to specific tasks. Open tasks are listed here:
-
- http://sourceforge.net/pm/task.php?group_id=6663&group_project_id=2741&func=browse&set=open
If you have found a bug in Linux-PAM (including a documentation bug,
or a new feature request and/or patch), please consider filing such a
====================================================================
-0.78: please submit patches for this section with actual code/doc
+0.81: please submit patches for this section with actual code/doc
patches!
-
+* pam_umask: New module for setting umask from GECOS field, /etc/login.defs
+ or /etc/default/login (kukuk)
+* configure/pam_strerror: Remove old ugly-hack option for pam_strerror
+ interface change (kukuk)
+* configure.in: Fix AC_DEFINE usage for autoheader (kukuk)
+* configure.in/_pam_aconf.h.in: Remove feature.h inclusion (kukuk)
+* defs: Remove obsolete directory/content (kukuk)
+* Rename _pam_aconf.h.in to config.h (kukuk)
+* pam_unix: Don't ignore pam_get_item return value (kukuk)
+* pam_userdb: Fix regression - crash when crypt param not specified (t8m)
+* libpam: Remove pam_authenticate_secondary stub (kukuk)
+* Use autoconf/automake/libtool (kukuk)
+* pam_securetty: Be fail-close on user lookups, always log failures,
+ not just with "debug" (Solar Designer)
+* Add gettext support
+* Add translations for cs, de, es, fr, hu, it, ja, nb, pa, pt_BR,
+ pt, zh_CN and zh_TW
+* pam_limits: Apply ALT Linux/Owl patch
+* pam_motd: Apply ALT Linux/Owl patch
+* libpam: Cache pam_get_user() failures
+* libpam: Add pam_prompt,pam_vprompt,pam_error,pam_verror,pam_info
+ and pam_vinfo functions for use by modules as extension (kukuk).
+* pam_cracklib: Make path to cracklib dicts an option (kukuk).
+* libpam: Add pam_syslog function for unified syslog messages from
+ PAM modules (kukuk).
+* pam_tally, pam_time, pam_userdb: use pam_syslog and pam_prompt (ldv)
+* pam_issue: major cleanup (ldv)
+* pam_echo: New PAM module for message output (kukuk)
+* pam_limits: Fix regression from RLIMIT_NICE support (wrong limit
+ values for other limits are applied) patch by Anton Guda
+* pam_unix: Always honor nis flag on password change (by Aaron Hope)
+* libpam: Moved functions from pammodutil to libpam (t8m)
+* pam_lastlog: Cleanup, fix broken logic in pam_parse,
+ modify wtmp by default, nowtmp option switches that off (ldv)
+
+0.80: Wed Jul 13 13:23:20 CEST 2005
+* pam_tally: test for NULL data before dereferencing them (t8m)
+* pam_unix: fix regression introduced in 0.78 - both NIS and local password
+ should be changed if possible (t8m)
+* misc_conv: flush input first then print the prompt - fixes problem
+ with expect scripts (t8m)
+* pam_unix: nis option shouldn't clear the shadow option (t8m)
+* cleanups and minor bugfixes by Steve Grubb (t8m)
+* pam_private.h: set PAM_DEFAULT_PROMPT to "login: " (kukuk)
+* pam_mkhomedir: Create parent directories if they do not already
+ exist (Bug 600351 - kukuk)
+* pam_mkhomedir: Set owner/permissions of home directory after we
+ created all files (Bug 1032922 - kukuk)
+* pam_rhosts: Get rid of static buffer for path (kukuk)
+* pam_selinux/pam_unix/pam_rootok: Add SELinux support based on
+ patch from Red Hat (kukuk)
+* pam_limits: Correct support of unlimited limits, use correct type
+ for rlimit value (Bug 945449 - kukuk, t8m)
+* pam_xauth: Unset the XAUTHORITY variable when requesting user is
+ root and target user is not (t8m)
+* pam_access: Add listsep option to set list element separator by
+ Richard Shaffer (t8m)
+* pam_limits: Don't reset process priority if none is specified in
+ the config file (Novell #81690 - kukuk)
+* Fix all occurrence of dereferencing type-punned pointer will break
+ strict-aliasing rules warnings (kukuk)
+* pam_limits: Support new limits in linux 2.6.12 (t8m)
+* pam_mkhomedir: change mode datatype (toady)
+* pam_limits: Don't lowercase login names (kukuk)
+
+0.79: Thu Mar 31 16:48:45 CEST 2005
+* pam_tally: added audit option (toady)
+* pam_unix: don't log user unknown failure when he can be properly
+ authenticated by another module (t8m)
+* configure: don't abort if no cracklib dictinaries were found, but
+ warn user that pam_cracklib will not be built (kukuk)
+* modules/pam_unix/support.c: Fix return value if user aborts while
+ changes the password (Bug 872945 - kukuk)
+* modules/pam_unix/support.c: Fix return value for an unknown user
+ (Bug 872943 - kukuk)
+* pam_limits: support for new Linux kernel 2.6 limits (from toby cabot
+ - t8m)
+* pam_tally: major rewrite of the module (t8m)
+* libpam: don't return PAM_IGNORE for OK or JUMP actions if using
+ cached chain (Bug 629251 - t8m)
+* pam_nologin: don't overwrite return value with return from
+ pam_get_item (t8m)
+* libpam: Add more checks for broken PAM configuration files to
+ avoid seg.faults (kukuk)
+* pam_shells: correct README
+* libpam: Fix debug code (kukuk)
+* pam_limits: Fix order of LIMITS_DEF_* priorities (kukuk)
+* pam_xauth: preserve DISPLAY variable (Novell #66885 - kukuk)
+* libpam: Add prelude ids (http://www.prelude-ids.org) support,
+ as experimental. (toady)
+* configure: Add the directory where new versions of cracklib is
+ installed (from Jim Gifford - toady)
+* libpamc: Use standard u_intX_t types instead of __uX (kukuk)
+
+0.78: Do Nov 18 14:48:36 CET 2004
+
+* pam_unix: change the order of trying password changes - local first,
+ NIS second (t8m)
+* pam_wheel: add option only_root to make it affect authentication
+ to root account only
+* pam_unix: test return values on renaming files and report error to
+ syslog and to user
+* pam_unix: forced password change shouldn't trump account expiration
+* pam_unix: remove the use of openlog (from debian - toady)
+* pam_unix: NIS cleanup (patch from Philippe Troin)
+* pam_access: you can now authenticate an explicit user on an explicit
+ tty (from debian - toady)
+* pam_limits, pam_rhosts, pam_unix: fixed hurd portability issues
+ (patch from Igor Khavkine)
+* pam_env: added comments in the configuration file to avoid errors
+ (from debian - toady)
+* pam_mail: check PAM_NO_ENV to know if we can delete the environment
+ variable (from debian - toady)
+* pam_filter: s/termio/termios/g (from debian - toady)
+* pam_mkhomedir: no maxpathlen required (from debian - toady)
+* pam_limits: applied patch to allow explicit limits for root
+ and remove limits on su. (from debian - toady)
* pam_unix: severe denial of service possible with this module since
it locked too aggressively. Bug report and testing help from Sascha
Loetz. (Bug 664290 - agmorgan)
The whole idea is to create few "systemwide" pam configs and include
parts of them in application pam configs.
(patch by "Dmitry V. Levin" <ldv@altlinux.org>) (Bug 812567 - baggins).
-
-
+* doc/modules/pam_mkhomedir.sgml: Remove wrong debug options
+ (Bug 591605 - kukuk)
+* pam_unix: Call password checking helper whenever the password field
+ contains only one character (Bug 1027903 - kukuk)
+* libpam/pam_start.c: All service names should be files below /etc/pam.d
+ and nothing else. Forbid paths. (Bug 1027912 - kukuk)
+* pam_cracklib: Fix error in distance algorithm in the 0.9 pam_cracklib
+ module (Bug 1010142 - toady)
+* pam_userdb: applied patch from Paul Walmsley <paul@booyaka.com>
+ it now indicates whether encrypted or plaintext passwords are stored
+ in the database needed for pam_userdb (BerliOS - toady)
+* pam_group: The module should also ignore PAM_REINITIALIZE_CRED to
+ avoid spurious errors (from Linux distributors - kukuk)
+* pam_cracklib: Clear the entire options structure (from Linux
+ distributors - kukuk)
+* pam_issue: We write a NUL to prompt_tmp[tot_size] later, so make sure
+ that the destination is part of the allocated block, make do_prompt
+ static (from Linux distributors - kukuk)
+* ldconfig: Only run full ldconfig, if we don't install into a FAKEROOT
+ environment, else let ldconfig only create the symlinks correct
+ (from Linux distributors - kukuk)
+* pam_unix/pam_pwdb: Use SIG_DFL instead of SIG_IGN for SIGCHLD
+ (from Linux distributors - kukuk)
+* Add most of Steve Grubb's resource leak and other fixes (from
+ Linux distributors - kukuk)
+* doc/Makefile: Don't include .cvsignore files in tar ball (kukuk)
+* libpam_misc/misc_conv.c: Differentiate between Ctrl-D and
+ <Return> (Bug 1032604 - kukuk)
+* Make.Rules.in: Add targets for installing man pages for modules
+ (from Linux distributors - kukuk)
+* Add pam_xauth module (Bug 436440 - kukuk)
+* Add pam_localuser module (Bug 436444 - kukuk)
+* Add pam_succeed_if module (from Linux distributors - kukuk)
+* configure.in: Fix check for libcrypt (Bug 417704 - kukuk)
+* Add the "broken_shadow" argument to pam_unix, for ignoring errors
+ reading shadow information (from Linux distributors - kukuk)
+* Add patches to make PAM modules reentrant (Bug 440107 - kukuk)
+* Merge patches from Red Hat (Bug 477000 and other - kukuk)
+* Fix pam_rhosts option parsing (Bug 922648 - kukuk)
+* Add $ISA support in config files (from Red Hat - kukuk)
0.77: Mon Sep 23 10:25:42 PDT 2002
projects / linux-pam / blobdiff