diff options
| author | Dmitry V. Levin <ldv@strace.io> | 2024-01-17 08:00:00 +0000 |
|---|---|---|
| committer | Dmitry V. Levin <ldv@strace.io> | 2024-01-17 08:00:00 +0000 |
| commit | 2dc3367c5f593eb54af4ef31e7c2d100f73eb364 (patch) | |
| tree | 62dba91d1ee8ab728ddc3bad562a4649d506666e /NEWS | |
| parent | 031bb5a5d0d950253b68138b498dc93be69a64cb (diff) | |
| download | pam-2dc3367c5f593eb54af4ef31e7c2d100f73eb364.tar.gz pam-2dc3367c5f593eb54af4ef31e7c2d100f73eb364.tar.bz2 pam-2dc3367c5f593eb54af4ef31e7c2d100f73eb364.zip | |
Prepare for 1.6.0 release
* configure.ac (AC_INIT): Raise version to 1.6.0.
* po/Linux-PAM.pot (Project-Id-Version): Likewise.
* NEWS: Update.
Resolves: https://github.com/linux-pam/linux-pam/issues/690
Diffstat (limited to 'NEWS')
| -rw-r--r-- | NEWS | 41 |
1 files changed, 41 insertions, 0 deletions
@@ -1,5 +1,46 @@ Linux-PAM NEWS -- history of user-visible changes. +Release 1.6.0 +* Added support of configuration files with arbitrarily long lines. +* build: fixed build outside of the source tree. +* libpam: added use of getrandom(2) as a source of randomness if available. +* libpam: fixed calculation of fail delay with very long delays. +* libpam: fixed potential infinite recursion with includes. +* libpam: implemented string to number conversions validation when parsing + controls in configuration. +* pam_access: added quiet_log option. +* pam_access: fixed truncation of very long group names. +* pam_canonicalize_user: new module to canonicalize user name. +* pam_echo: fixed file handling to prevent overflows and short reads. +* pam_env: added support of '\' character in environment variable values. +* pam_exec: allowed expose_authtok for password PAM_TYPE. +* pam_exec: fixed stack overflow with binary output of programs. +* pam_faildelay: implemented parameter ranges validation. +* pam_listfile: changed to treat \r and \n exactly the same in configuration. +* pam_mkhomedir: hardened directory creation against timing attacks. + Please note that using *at functions leads to more open file handles + during creation. +* pam_namespace: fixed potential local DoS (CVE-2024-22365). +* pam_nologin: fixed file handling to prevent short reads. +* pam_pwhistory: helper binary is now built only if SELinux support is enabled. +* pam_pwhistory: implemented reliable usernames handling when remembering + passwords. +* pam_shells: changed to allow shell entries with absolute paths only. +* pam_succeed_if: fixed treating empty strings as numerical value 0. +* pam_unix: added support of disabled password aging. +* pam_unix: synchronized password aging with shadow. +* pam_unix: implemented string to number conversions validation. +* pam_unix: fixed truncation of very long user names. +* pam_unix: corrected rounds retrieval for configured encryption method. +* pam_unix: implemented reliable usernames handling when remembering passwords. +* pam_unix: changed to always run the helper to obtain shadow password entries. +* pam_unix: unix_update helper binary is now built only if SELinux support + is enabled. +* pam_unix: added audit support to unix_update helper. +* pam_userdb: added gdbm support. +* Multiple minor bug fixes, portability fixes, documentation improvements, + and translation updates. + Release 1.5.3 * configure: added options to configure stylesheets. * configure: added --enable-logind option to use logind instead of utmp |