Linux-PAM NEWS -- history of user-visible changes.
+Release 1.3.0
+* Remove of static modules support
+* pam_unix: pass_not_set was removed
+* Lot of documentation fixes
+* Use TI-RPC function calls if we build against libtirpc
+* Add support for new, IPv6 enabled libnsl
+* Lot of bug fixes
+* Use fedora.zanata.org for translations
+
+
+Release 1.2.1
+* Fix CVE-2015-3238, affected PAM modules are pam_unix and pam_exec
+
+
+Release 1.2.0
+* Update documentation
+* Update translations
+* pam_unix: add quiet option
+* libpam: support alternative configuration files in /usr/lib/pam.d
+ as fallback
+* pam_env: add support for @{HOME} and @{SHELL}
+* libpam: add grantor field to audit records
+* libpam: Introduce pam_modutil_sanitize_helper_fds
+
+
+Release 1.1.8
+* pam_unix: bug fix for compiling with SELinux, fix crash at login time
+
+
+Release 1.1.7
+* Update translations
+* pam_exec: add stdout and type= options
+* pam_tty_audit: add options to control logging of passwords
+* pam_unix: Read defaults from /etc/login.defs
+* pam_userdb: Allow modern password hashes
+* pam_selinux/pam_tally2: Add tty and rhost to audit data
+* Lot of docu and code fixes
+
+
+Release 1.1.6
+* Update translations
+* pam_cracklib: Add more checks for weak passwords
+* pam_lastlog: Never lock out root
+* Lot of bug fixes and smaller enhancements
+
+
+Release 1.1.5
+* pam_env: Fix CVE-2011-3148 and CVE-2011-3149
+* pam_access: Add hostname resolution cache
+* Documentation: Improvements/fixes
+
+
+Release 1.1.4
+
+* Add vietnamese translation
+* pam_namepace: Add new functionality
+* pam_securetty: Honour console= kernel option, add noconsole option
+* pam_limits: Add %group syntax, drop change_uid option, add set_all option
+* Lot of small bug fixes
+* Lot of compiler warnings fixed
+* Add support for libtirpc
+
+
+Release 1.1.3
+
+* pam_namespace: Clean environment for childs (CVE-2010-3853)
+* libpam: New interface to drop/regain privilegs
+* Drop root privilegs in pam_env, pam_mail and pam_xauth before
+ accessing user files (CVE-2010-3430, CVE-2010-3431)
+* pam_unix: Add minlen option, change default from 6 to 0
+* Documentation improvements
+* Lot of small bug fixes
+
+Release 1.1.2
+
+* pam_unix: Add minlen= option
+* pam_group: Add support for UNIX groups beside netgroups
+* pam_tally: Document that it is deprecated
+* pam_rootok: Add support for chauthtok and acct_mgmt
+* Update translations
+
+Release 1.1.1
+
+* Update translations
+* pam_access: Revert netgroup match to original behavior, add new
+ syntax for adding the local hostname to netgroup match
+* libpam: Add new functions pam_get_authtok_noverify() and
+ pam_get_authtok_verify()
+* Add sepermit.conf.5 manual page
+* Lot of bug fixes
+
+Release 1.1.0
+
+* Update translations
+* Documentation updates and fixes
+
+Release 1.0.92
+
+* Update translations
+* pam_succeed_if: Use provided username
+* pam_mkhomedir: Fix handling of options
+
+Release 1.0.91
+
+* Fixed CVE-2009-0579 (minimum days limit on password change is ignored).
+* Fix libpam internal config/argument parser
+* Add optional file locking to pam_tally2
+* Update translations
+* pam_access improvements
+* Changes in the behavior of the password stack. Results of PRELIM_CHECK
+ are not used for the final run.
+
+Release 1.0.90
+
+* Supply hostname of the machine to netgroup match call in pam_access
+* Make pam_namespace to work safe on child directories of parent directories
+ owned by users
+* Redefine LOCAL keyword of pam_access configuration file
+* Add support for try_first_pass and use_first_pass to pam_cracklib
+* Print informative messages for rejected login and add silent and
+ no_log_info options to pam_tally
+* Add support for passing PAM_AUTHTOK to stdin of helpers from pam_exec
+* New password quality tests in pam_cracklib
+* New options for pam_lastlog to show last failed login attempt and
+ to disable lastlog update
+* New pam_pwhistory module to store last used passwords
+* New pam_tally2 module similar to pam_tally with wordsize independent
+ tally data format
+* Make libpam not log missing module if its type is prepended with '-'
+* New pam_timestamp module for authentication based on recent successful
+ login.
+* Add blowfish support to pam_unix.
+* Add support for user specific environment file to pam_env.
+* Add pam_get_authtok to libpam as Linux-PAM extension.
+* Rename type option of pam_cracklib to authtok_type.
+
+Release 1.0.3
+
+* Small bug fix release
+
+
+Release 1.0.2
+
+* Regression fixed in pam_selinux
+* Problem with big UIDs fixed in pam_loginuid
+
+
+Release 1.0.1
+
+* Regression fixed in pam_set_item()
+
+
+Release 1.0.0
+
+* Small bug fixes
+* Translation updates
+
+
+Release 0.99.10.0
+
* New substack directive in config file syntax.
* New module pam_tty_audit.so for enabling and disabling tty
auditing.
SELinux mode.
* Improved functionality of pam_namespace.so module (method flags,
namespace.d configuration directory, new options).
+* Finaly removed deprecated pam_rhosts_auth module.
+
Release 0.99.9.0
+
* misc_conv no longer blocks SIGINT; applications that don't want
user-interruptable prompts should block SIGINT themselves
* Merge fixes from Debian
* Fix parser for pam_group and pam_time
+
Release 0.99.8.1
+
* Fix a regression in audit code introduced with last release
* Fix compiling with --disable-nls
+
Release 0.99.8.0
* Add translations for ar, ca, da, ru, sv and zu.