diff options
| author | Steve Langasek <steve.langasek@canonical.com> | 2020-08-11 14:54:29 -0700 |
|---|---|---|
| committer | Steve Langasek <steve.langasek@canonical.com> | 2020-08-11 14:54:29 -0700 |
| commit | f6d08ed47a3da3c08345bce2ca366e961c52ad7c (patch) | |
| tree | dcbd0efb229b17f696f7195671f05b354b4f70fc /NEWS | |
| parent | 668b13da8f830c38388cecac45539972e80cb246 (diff) | |
| parent | 9e5bea9e146dee574796259ca464ad2435be3590 (diff) | |
| download | pam-f6d08ed47a3da3c08345bce2ca366e961c52ad7c.tar.gz pam-f6d08ed47a3da3c08345bce2ca366e961c52ad7c.tar.bz2 pam-f6d08ed47a3da3c08345bce2ca366e961c52ad7c.zip | |
New upstream version 1.4.0
Diffstat (limited to 'NEWS')
| -rw-r--r-- | NEWS | 58 |
1 files changed, 54 insertions, 4 deletions
@@ -1,5 +1,55 @@ Linux-PAM NEWS -- history of user-visible changes. +Release 1.4.0 +* Multiple minor bug fixes and documentation improvements +* Fixed grammar of messages printed via pam_prompt +* Added support for a vendor directory and libeconf +* configure: Added --enable-Werror option to enable -Werror build +* configure: Allowed disabling documentation through --disable-doc +* pam_get_authtok_verify: Avoid duplicate password verification +* pam_cracklib: Fixed parsing of options without arguments +* pam_env: Changed the default to not read the user .pam_environment file +* pam_exec: Require a user name to be specified before the command is executed +* pam_faillock: New module for locking after multiple auth failures +* pam_group, pam_time: Fixed logical error with multiple ! operators +* pam_keyinit: In pam_sm_setcred do the same as in pam_sm_open_session +* pam_lastlog: Do not log info about failed login if the session was opened + with PAM_SILENT flag +* pam_lastlog: Limit lastlog file use by LASTLOG_UID_MAX option in login.defs +* pam_lastlog: With 'unlimited' option prevent SIGXFSZ due to reduced 'fsize' + limit +* pam_mkhomedir: Fixed return value when the user is unknown +* pam_motd: Export MOTD_SHOWN=pam after showing MOTD +* pam_motd: Support multiple motd paths specified, with filename overrides +* pam_namespace: Added a systemd service, which creates the namespaced + instance parent directories during boot +* pam_namespace: Support for noexec, nosuid and nodev flags for tmpfs mounts +* pam_selinux: Check unknown object classes or permissions in current policy +* pam_selinux: Fall back to log to syslog if audit logging fails +* pam_setquota: New module to set or modify disk quotas on session start +* pam_shells: Recognize /bin/sh as the default shell +* pam_succeed_if: Fixed potential override of the default prompt +* pam_succeed_if: Support lists in group membership checks +* pam_time: Added conffile= option to specify an alternative configuration file +* pam_tty_audit: If kernel audit is disabled return PAM_IGNORE +* pam_umask: Added new 'nousergroups' module argument and allowed specifying + the default for usergroups at build-time +* pam_unix: Added 'nullresetok' option to allow resetting blank passwords +* pam_unix: Report unusable hashes found by checksalt to syslog +* pam_unix: Return PAM_AUTHINFO_UNAVAIL when shadow entry is unavailable +* pam_unix: Support for (gost-)yescrypt hashing methods +* pam_unix: Use bcrypt b-variant when it bcrypt is chosen +* pam_usertype: New module to tell if uid is in login.defs ranges +* Fixed and documented possible values returned by pam_get_user() +* Added new API call pam_start_confdir() for special applications that + cannot use the system-default PAM configuration paths and need to + explicitly specify another path +* Deprecated pam_cracklib: this module is no longer built by default and will + be removed in the next release, use pam_passwdqc (from passwdqc project) + or pam_pwquality (from libpwquality project) instead +* Deprecated pam_tally and pam_tally2: these modules are no longer built + by default and will be removed in the next release, use pam_faillock instead + Release 1.3.1 * pam_motd: add support for a motd.d directory * pam_umask: Fix documentation to align with order of loading umask @@ -82,8 +132,8 @@ Release 1.1.4 Release 1.1.3 -* pam_namespace: Clean environment for childs (CVE-2010-3853) -* libpam: New interface to drop/regain privilegs +* pam_namespace: Clean environment for child processes (CVE-2010-3853) +* libpam: New interface to drop/regain privileges * Drop root privilegs in pam_env, pam_mail and pam_xauth before accessing user files (CVE-2010-3430, CVE-2010-3431) * pam_unix: Add minlen option, change default from 6 to 0 @@ -189,7 +239,7 @@ Release 0.99.10.0 SELinux mode. * Improved functionality of pam_namespace.so module (method flags, namespace.d configuration directory, new options). -* Finaly removed deprecated pam_rhosts_auth module. +* Finally removed deprecated pam_rhosts_auth module. Release 0.99.9.0 @@ -283,7 +333,7 @@ Release 0.99.4.0 * Add test suite * Fix building of static variants of libpam, libpamc and libpam_misc * pam_listfile: Add support for password and session management -* pam_exec: New PAM module to execute arbitary commands +* pam_exec: New PAM module to execute arbitrary commands * Fix building of a static libpam including all PAM modules * New/updated translations for: nl, pt, pl, fi, km, tr, uk, fr * pam_access: Add network(address) / netmask and IPv6 support |