From 2dc3367c5f593eb54af4ef31e7c2d100f73eb364 Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Wed, 17 Jan 2024 08:00:00 +0000 Subject: Prepare for 1.6.0 release * configure.ac (AC_INIT): Raise version to 1.6.0. * po/Linux-PAM.pot (Project-Id-Version): Likewise. * NEWS: Update. Resolves: https://github.com/linux-pam/linux-pam/issues/690 --- NEWS | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) (limited to 'NEWS') diff --git a/NEWS b/NEWS index 75548fb8..ab821e51 100644 --- a/NEWS +++ b/NEWS @@ -1,5 +1,46 @@ Linux-PAM NEWS -- history of user-visible changes. +Release 1.6.0 +* Added support of configuration files with arbitrarily long lines. +* build: fixed build outside of the source tree. +* libpam: added use of getrandom(2) as a source of randomness if available. +* libpam: fixed calculation of fail delay with very long delays. +* libpam: fixed potential infinite recursion with includes. +* libpam: implemented string to number conversions validation when parsing + controls in configuration. +* pam_access: added quiet_log option. +* pam_access: fixed truncation of very long group names. +* pam_canonicalize_user: new module to canonicalize user name. +* pam_echo: fixed file handling to prevent overflows and short reads. +* pam_env: added support of '\' character in environment variable values. +* pam_exec: allowed expose_authtok for password PAM_TYPE. +* pam_exec: fixed stack overflow with binary output of programs. +* pam_faildelay: implemented parameter ranges validation. +* pam_listfile: changed to treat \r and \n exactly the same in configuration. +* pam_mkhomedir: hardened directory creation against timing attacks. + Please note that using *at functions leads to more open file handles + during creation. +* pam_namespace: fixed potential local DoS (CVE-2024-22365). +* pam_nologin: fixed file handling to prevent short reads. +* pam_pwhistory: helper binary is now built only if SELinux support is enabled. +* pam_pwhistory: implemented reliable usernames handling when remembering + passwords. +* pam_shells: changed to allow shell entries with absolute paths only. +* pam_succeed_if: fixed treating empty strings as numerical value 0. +* pam_unix: added support of disabled password aging. +* pam_unix: synchronized password aging with shadow. +* pam_unix: implemented string to number conversions validation. +* pam_unix: fixed truncation of very long user names. +* pam_unix: corrected rounds retrieval for configured encryption method. +* pam_unix: implemented reliable usernames handling when remembering passwords. +* pam_unix: changed to always run the helper to obtain shadow password entries. +* pam_unix: unix_update helper binary is now built only if SELinux support + is enabled. +* pam_unix: added audit support to unix_update helper. +* pam_userdb: added gdbm support. +* Multiple minor bug fixes, portability fixes, documentation improvements, + and translation updates. + Release 1.5.3 * configure: added options to configure stylesheets. * configure: added --enable-logind option to use logind instead of utmp -- cgit v1.2.3