+2009-03-24 Tomas Mraz <t8m@centrum.cz>
+
+ * modules/pam_unix/passverify.c(save_old_password): Call fflush() and
+ fsync().
+ (unix_update_passwd, unix_update_shadow): Likewise.
+ * modules/pam_pwhistory/opasswd.c(save_old_password): Likewise.
+
+ * po/cs.po: Updated translations.
+
+2009-03-09 Thorsten Kukuk <kukuk@thkukuk.de>
+
+ * release version 1.0.91
+
+ * libpam/Makefile.am (libpam_la_LDFLAGS): Bump version number.
+ * xtests/Makefile.am: Add tst-pam_unix4.pamd, tst-pam_unix4.sh
+ and time.conf.
+
+2009-03-03 Dmitry V. Levin <ldv@altlinux.org>
+
+ * tests/tst-pam_mkargv.c (main): Fix for non-64bit architectures.
+
+2009-03-03 Tomas Mraz <t8m@centrum.cz>
+
+ * modules/pam_unix/pam_unix_acct.c(_unix_run_verify_binary): Test
+ for abnormal exit of the helper binary.
+ * modules/pam_unix/pam_unix_passwd.c(_unix_run_update_binary): Likewise.
+ * modules/pam_unix/support.c(_unix_run_helper_binary): Likewise.
+ * modules/pam_mkhomedir/pam_mkhomedir.c(create_homedir): Likewise.
+
+2009-02-27 Tomas Mraz <t8m@centrum.cz>
+
+ * modules/pam_mkhomedir/pam_mkhomedir.c(create_homedir): Replace
+ signal() with sigaction().
+ * modules/pam_namespace/pam_namespace.c(inst_init, cleanup_tmpdirs):
+ Likewise.
+ * modules/pam_unix/pam_unix_acct.c(_unix_run_verify_binary): Likewise.
+ * modules/pam_unix/pam_unix_passwd.c(_unix_run_update_binary):
+ Likewise.
+ * modules/pam_unix/passverify.c(su_sighandler): Likewise.
+ * modules/pam_unix/support.c(_unix_run_helper_binary): Likewise.
+
+ * modules/pam_tally2/Makefile.am: Link the pam_tally2 app to libpam
+ for auxiliary functions.
+ * modules/pam_tally2/pam_tally2.8.xml: Drop non-existing no_reset
+ option. Document new serialize option.
+ * modules/pam_tally2/pam_tally2.c: Add support for the new serialize
+ option.
+ (_cleanup, tally_set_data, tally_get_data): Add tally file handle to
+ tally PAM data. Needed for fcntl() locking.
+ (get_tally): Use low level file access instead of stdio buffered FILE.
+ If serialize option is used lock the tally file access.
+ (set_tally, tally_bump, tally_reset): Use low level file access instead
+ of stdio buffered FILE. Close the file handle only when it is not owned
+ by PAM data.
+ (pam_sm_authenticate, pam_sm_setcred, pam_sm_acct_mgmt): Pass the tally
+ file handle to tally_set_data(). Get it from tally_get_data().
+ (main): Use low level file access instead of stdio buffered FILE.
+
+2009-02-26 Tomas Mraz <t8m@centrum.cz>
+
+ * xtests/Makefile.am: Add tst-pam_unix4.
+ * xtests/tst-pam_unix4.c: New test for password change
+ and shadow min days limit.
+ * xtests/tst-pam_unix4.pamd: Likewise.
+ * xtests/tst-pam_unix4.sh: Likewise.
+
+ * modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): Ignore
+ PAM_AUTHTOK_ERR on shadow verification.
+ * modules/pam_unix/passverify.c (check_shadow_expiry): Return
+ PAM_AUTHTOK_ERR if sp_min limit for password change is defied.
+
+2009-02-26 Timur Birsh <taem@linukz.org>
+
+ * po/LINGUAS: New Kazakh translation.
+ * po/kk.po: New Kazakh translation.
+
+2009-02-25 Thorsten Kukuk <kukuk@thkukuk.de>
+
+ * libpam/pam_misc.c (_pam_StrTok): Use unsigned char
+ instead of int. Reported by Marcus Granado.
+ * tests/Makefile.am (TESTS): Add tst-pam_mkargv.
+ * tests/tst-pam_mkargv.c (main): Test case for
+ _pam_mkargv.
+
+ * po/de.po: Update fuzzy translations.
+
+2009-02-25 Tomas Mraz <t8m@centrum.cz>
+
+ * xtests/access.conf: Add a line for name resolution test case.
+ * xtests/tst-pam_access4.c (main): Set PAM_RHOST for testing the LOCAL
+ keyword. Add a test case for name resolution.
+
+ * modules/pam_access/pam_access.c (from_match): Move name resolution
+ to network_netmask_match().
+ (network_netmask_match): Do a name resolution of the origin only if
+ matching against a real network/netmask.
+
+2009-02-25 Fabian Affolter <fabian@bernewireless.net>
+
+ * po/de.po: Updated translations.
+
+2009-02-25 Taylon Silmer Lacerda Silva <taylonsilva@gmail.com>
+
+ * po/pt_BR.po: Updated translations.
+
+2009-02-25 Domingo Becker <domingobecker@gmail.com>
+
+ * po/es.po: Updated translations.
+
+2009-02-20 Thorsten Kukuk <kukuk@thkukuk.de>
+
+ * modules/pam_limits/limits.conf.5.xml: Document that the kernel
+ can refuse values out of range for the local system.
+ * modules/pam_limits/pam_limits.c (setup_limits): Log if setrlimit
+ fails.
+
+2009-02-18 Thorsten Kukuk <kukuk@thkukuk.de>
+
+ * libpam/pam_password.c (pam_chauthtok): Make sure applications
+ don't set internal flags.
+
+2009-02-17 Thorsten Kukuk <kukuk@thkukuk.de>
+
+ * doc/man/pam_sm_chauthtok.3.xml: Document that sufficient
+ can break the PRELIM_CHECK chain.
+
+ * libpam/pam_dispatch.c: Don't freeze chain for chauthtok
+ [bugzilla.novell.com#470337]
+
+2009-02-11 Daniel Nylander <po@danielnylander.se>
+
+ * po/sv.po: Updated translations.
+
+2009-01-29 Thorsten Kukuk <kukuk@thkukuk.de>
+
+ * doc/man/pam_sm_setcred.3.xml: Document PAM_ESTABLISH_CRED.
+
+2009-01-19 Tomas Mraz <t8m@centrum.cz>
+
+ * modules/pam_mkhomedir/Makefile.am: Add mkhomedir_helper.
+ * modules/pam_mkhomedir/mkhomedir_helper.8.xml: New file. Manual page
+ for mkhomedir_helper.
+ * modules/pam_mkhomedir/mkhomedir_helper.c: New file. Source
+ for mkhomedir_helper. Most of the code moved from pam_mkhomedir.c.
+ * modules/pam_mkhomedir/pam_mkhomedir.c (_pam_parse): Do not convert umask
+ to integer.
+ (rec_mkdir): Moved to mkhomedir_helper.c.
+ (create_homedir): Just exec the helper.
+ (pam_sm_open_session): Improve logging.
+
+2009-01-19 Daniel Cabrera <h.daniel.cabrera@gmail.com>
+
+ * po/es.po: Updated translations.
+
+2009-01-14 Thorsten Kukuk <kukuk@thkukuk.de>
+
+ * po/de.po: Updated translations.
+
+2009-01-07 Piotr Drąg <piotrdrag@gmail.com>
+
+ * po/pl.po: Updated translations.
+
+2008-12-23 Piotr Drąg <piotrdrag@gmail.com>
+
+ * po/pl.po: Updated translations.
+
+2008-12-18 Thorsten Kukuk <kukuk@thkukuk.de>
+
+ * modules/pam_pwhistory/pam_pwhistory.c (parse_option): Rename
+ type= option to authtok_type= (because of pam_get_authtok).
+ * modules/pam_pwhistory/pam_pwhistory.8.xml: Likewise.
+
+2008-12-17 Tomas Mraz <t8m@centrum.cz>
+
+ * modules/pam_tty_audit/pam_tty_audit.c (pam_sm_open_session): Do
+ not abort on unknown option. Avoid double free of old_status.
+ (pam_sm_close_session): Use LOG_DEBUG for restored status message.
+
+ * configure.in: Test for getseuser().
+ * modules/pam_selinux/pam_selinux.c (pam_sm_open_session): Call getseuser()
+ instead of getseuserbyname() if the function is available.
+
+2008-12-12 Thorsten Kukuk <kukuk@thkukuk.de>
+
+ * release version 1.0.90
+
+ * libpam_misc/Makefile.am: Increase version number of shared library.
+ * libpamc/Makefile.am: Likewise.
+
+2008-12-12 Tomas Mraz <t8m@centrum.cz>
+
+ * modules/pam_tally2/pam_tally2.c (get_tally): Test for EACCES
+ instead of EPERM.
+ * modules/pam_tally2/pam_tally2.8.xml: Fix documentation.
+
+2008-12-10 Thorsten Kukuk <kukuk@thkukuk.de>
+
+ * doc/man/pam_item_types_ext.inc.xml: Document PAM_AUTHTOK_TYPE.
+ * libpam/pam_end.c (pam_end): Free authtok_type.
+ * tests/tst-pam_get_item.c: Add PAM_AUTHTOK_TYPE
+ as test case.
+ * tests/tst-pam_set_item.c: Likewise.
+ * libpam/pam_start.c (pam_start): Initialize xdisplay,
+ xauth and authtok_type.
+ * libpam/pam_get_authtok.c (pam_get_authtok): Rename "type"
+ to "authtok_type".
+ * modules/pam_cracklib/pam_cracklib.8.xml: Replace "type=" with
+ "authtok_type=".
+ * doc/man/pam_get_authtok.3.xml: Document authtok_type argument.
+ * modules/pam_cracklib/pam_cracklib.c (pam_sm_chauthtok): Set
+ type= argument as PAM_AUTHTOK_TYPE item.
+ * libpam/pam_get_authtok.c (pam_get_authtok): If no type
+ argument given, use PAM_AUTHTOK_TYPE item.
+ * libpam/pam_item.c (pam_get_item): Fetch PAM_AUTHTOK_TYPE item.
+ (pam_set_item): Store PAM_AUTHTOK_TYPE item.
+ * libpam/pam_private.h: Add authtok_type to pam_handle.
+ * libpam/include/security/_pam_types.h (PAM_AUTHTOK_TYPE): New.
+
+2008-12-03 Thorsten Kukuk <kukuk@thkukuk.de>
+
+ * modules/pam_access/access.conf.5.xml: Replace
+ 2001:4ca0 with 2001:db8:: [bug#2356400].
+
+ * doc/man/Makefile.am: Add pam_get_authtok.3.xml.
+ * doc/man/pam_get_authtok.3.xml: New.
+ * libpam/Makefile.am: Add pam_get_authtok.c.
+ * libpam/libpam.map: Export pam_get_authtok.
+ * libpam/pam_get_authtok.c: New.
+ * libpam/pam_private.h: Add mod_argc and mod_argv to pam_handle.
+ * libpam_include/security/pam_ext.h: Add pam_get_authtok
+ prototype.
+ * modules/pam_cracklib/pam_cracklib.c: Use pam_get_authtok.
+ * modules/pam_pwhistory/pam_pwhistory.c: Likewise.
+ * po/POTFILES.in: Add libpam/pam_get_authtok.c.
+ * xtests/tst-pam_cracklib1.c: Adjust error codes.
+
+ * modules/pam_timestamp/Makefile.am: Remove hmactest.c from
+ EXTRA_DIST.
+
+ * po/*.po: Regenerated.
+
+2008-12-02 Michael Calmer <mc@suse.de>
+
+ * modules/pam_limits/limits.conf.5.xml: Document valid values
+ for limits (bnc#448314).
+
+2008-12-02 Thorsten Kukuk <kukuk@thkukuk.de>
+
+ * modules/pam_env/pam_env.c: Add support for user specific
+ environment file. Based on a patch from Ubuntu.
+ * modules/pam_env/pam_env.8.xml: Document new options.
+
+2008-12-02 Olivier Fourdan <ofourdan@redhat.com>
+
+ * modules/pam_filter/pam_filter.c (master): Use /dev/ptmx
+ instead of the old BSD pseudoterminal API.
+ (set_filter): Call grantpt(), unlockpt() and ptsname(). Do not
+ close pseudoterminal handle in filter child.
+ * modules/pam_filter/upperLOWER/upperLOWER.c (main): Use
+ regular read() instead of pam_modutil_read() to allow for
+ short reads.
+
2008-12-02 Tomas Mraz <t8m@centrum.cz>
* modules/pam_timestamp/Makefile.am: Add hmacfile to tests.
libdb available.
* tests/tst-dlopen.c: Include config.h.
-2006-07-03 Dan Yefimov <dan@D00M.lightwave.net.ru>
+2006-07-03 Dan Yefimov
* configure.in: Fixed have_key_syscalls test.