source: openpam/trunk/HISTORY @ 805

Last change on this file since 805 was 805, checked in by Dag-Erling Smørgrav, 6 years ago

Include CVE numbers when available

  • Property svn:eol-style set to native
  • Property svn:mime-type set to text/plain
File size: 16.5 KB
Line 
1OpenPAM ??????????                                              2014-??-??
2
3 - BUGFIX: Under certain circumstances, specifying a non-existent
4   module (or misspelling the name of a module) in a policy could
5   result in a fail-open scenario.  (CVE-2014-3879)
6
7 - FEATURE: Add a pam_oath module that implements RFC 4226 (HOTP) and
8   RFC 6238 (TOTP).
9
10 - FEATURE: Add a search path for modules.  This was implemented in
11   Nummularia but inadvertantly left out of the release notes.
12
13 - BUGFIX: The is_upper() predicate only accepted the letter A as an
14   upper-case character instead of the entire A-Z range.  As a result,
15   service and module names containing upper-case letters other than A
16   would be rejected.
17============================================================================
18OpenPAM Nummularia                                              2013-09-07
19
20 - ENHANCE: Rewrite the dynamic loader to improve readability and
21   reliability.  Modules can now be listed without the ".so" suffix in
22   the policy file; OpenPAM will automatically add it, just like it
23   will automatically add the version number if required.
24
25 - ENHANCE: Allow openpam_straddch(3) to be called without a character
26   so it can be used to preallocate a string.
27
28 - ENHANCE: Improve portability by adding simple asprintf(3) and
29   vasprintf(3) implementations for platforms that don't have them.
30
31 - ENHANCE: Move the libpam sources into a separate subdirectory.
32
33 - ENHANCE: Substantial documentation improvements.
34
35 - BUGFIX: When openpam_readword(3) encountered an opening quote, it
36   would set the first byte in the buffer to '\0', discarding all
37   existing text and, unless the buffer was empty to begin with, all
38   subsequent text as well.  This went unnoticed because none of the
39   unit tests for quoted strings had any text preceding the opening
40   quote.
41
42 - BUGFIX: make --with-modules-dir work the way it was meant to work
43   (but never did).
44============================================================================
45OpenPAM Micrampelis                                             2012-05-26
46
47 - FEATURE: Add an openpam_readword(3) function which reads the next
48   word from an input stream, applying shell quoting and escaping
49   rules.  Add numerous unit tests for openpam_readword(3).
50
51 - FEATURE: Add an openpam_readlinev(3) function which uses the
52   openpam_readword(3) function to read words from an input stream one
53   at a time until it reaches an unquoted, unescaped newline, and
54   returns an array of those words.  Add several unit tests for
55   openpam_readlinev(3).
56
57 - FEATURE: Add a PAM_HOST item which pam_start(3) initializes to the
58   machine's hostname.  This was implemented in Lycopsida but
59   inadvertantly left out of the release notes.
60
61 - FEATURE: In pam_get_authtok(3), if neither the application nor the
62   module have specified a prompt and PAM_HOST and PAM_RHOST are both
63   defined but not equal, use a different default prompt that includes
64   PAM_USER and PAM_HOST.
65
66 - ENHANCE: Rewrite the policy parser to used openpam_readlinev(),
67   which greatly simplifies the code.
68
69 - ENHANCE: The previous implementation of the policy parser relied on
70   the openpam_readline(3) function, which (by design) munges
71   whitespace and understands neither quotes nor backslash escapes.
72   As a result of the aforementioned rewrite, whitespace, quotes and
73   backslash escapes in policy files are now handled in a consistent
74   and predictable manner.
75
76 - ENHANCE: On platforms that have it, use fdlopen(3) to load modules.
77   This closes the race between the ownership / permission check and
78   the dlopen(3) call.
79
80 - ENHANCE: Reduce the amount of pointless error messages generated
81   while searching for a module.
82
83 - ENHANCE: Numerous documentation improvements, both in content and
84   formatting.
85
86 - BUGFIX: A patch incorporated in Lycopsida inadvertantly changed
87   OpenPAM's behavior when several policies exist for the same
88   service, from ignoring all but the first to concatenating them all.
89   Revert to the original behavior.
90
91 - BUGFIX: Plug a memory leak in the policy parser.
92============================================================================
93OpenPAM Lycopsida                                               2011-12-18
94
95 - ENHANCE: removed static build autodetection, which didn't work
96   anyway.  Use an explicit, user-specified preprocessor variable
97   instead.
98
99 - ENHANCE: cleaned up the documentation a bit.
100
101 - ENHANCE: added openpam_subst(3), allowing certain PAM items to be
102   embedded in strings such as prompts.  Apply it to the prompts used
103   by pam_get_user(3) and pam_get_authtok(3).
104
105 - ENHANCE: added support for the user_prompt, authtok_prompt and
106   oldauthtok_prompt module options, which override the prompts passed
107   by the module to pam_set_user(3) and pam_get_authtok(3).
108
109 - ENHANCE: rewrote the policy parser to support quoted option values.
110
111 - ENHANCE: added pamtest(1), a tool for testing modules and policies.
112
113 - ENHANCE: added code to check the ownership and permissions of a
114   module before loading it.
115
116 - ENHANCE: added / improved input validation in many cases, including
117   the policy file and some function arguments.  (CVE-2011-4122)
118============================================================================
119OpenPAM Hydrangea                                               2007-12-21
120
121 - ENHANCE: when compiling with GCC, mark up API functions with GCC
122   attributes where appropriate.
123
124 - BUGFIX: fixed numerous warnings uncovered by GCC 4.
125
126 - ENHANCE: building the documentation is now optional.
127
128 - ENHANCE: corrected a number of mistakes and style issues in the
129   build system.
130
131 - ENHANCE: API function arguments are now const where appropriate, to
132   match corresponding changes in the Solaris PAM and Linux-PAM APIs.
133
134 - ENHANCE: corrected a number of C namespace violations.
135
136 - ENHANCE: the module cache has been removed, allowing long-lived
137   applications to pick up module changes.  This also allows multiple
138   threads to use PAM simultaneously (as long as they use separate PAM
139   contexts), since the module cache was the only part of OpenPAM that
140   was not thread-safe.
141============================================================================
142OpenPAM Figwort                                                 2005-06-16
143
144 - BUGFIX: Correct several small signedness and initialization bugs
145   discovered during review by the NetBSD team.
146
147 - BUGFIX: Modify gendoc.pl to sort cross-references in dictionary
148   order within each section.
149
150 - ENHANCE: if a policy specifies a relative module path, prepend the
151   module directory so we never call dlopen(3) with a relative path.
152
153 - ENHANCE: add a pam.conf(5) manual page.
154============================================================================
155OpenPAM Feterita                                                2005-02-01
156
157 - BUGFIX: Correct numerous markup errors, invalid cross-references,
158   and other issues in the manual pages, with kind assistance from
159   Ruslan Ermilov <ru@freebsd.org>.
160
161 - BUGFIX: Avoid multiple evaluation of macro arguments in ENTERX()
162   and RETURNX() macros.
163
164 - BUGFIX: Remove an unnecessary and non-portable pointer cast in
165   pam_get_data(3).
166
167 - BUGFIX: Fix identical typos in PAM_ACCT_EXPIRED case in
168   pam_strerror(3) and gendoc.pl.
169
170 - ENHANCE: Minor overhaul of the autoconf / build system.
171
172 - ENHANCE: Add openpam_free_envlist(3).
173============================================================================
174OpenPAM Eelgrass                                                2004-02-10
175
176 - BUGFIX: Correct array handling bugs in conversation code.
177
178 - BUGFIX: In openpam_ttyconv(3), don't strip trailing linear
179   whitespace from the user's response.
180
181 - BUGFIX: Many constness issues addressed.
182============================================================================
183OpenPAM Dogwood                                                 2003-07-15
184
185 - ENHANCE: Use the GNU autotools.
186
187 - ENHANCE: Constify the msg field in struct pam_message.
188
189 - BUGFIX: Remove left-over debugging output
190
191 - BUGFIX: Avoid side effects in arguments to the FREE() macro
192
193 - ENHANCE: Make openpam_ttyconv(3) use read(2) rather than fgets(3).
194
195 - BUGFIX: Staticize some variables which shouldn't be global.
196
197 - BUGFIX: Correcly anticipate a NULL user in pam_get_user(3).
198
199 - ENHANCE: Various minor documentation improvements.
200
201Thanks to Dmitry V. Levin <ldv@altlinux.org> for considerable
202assistance with this release.
203============================================================================
204OpenPAM Digitalis                                               2003-06-01
205
206 - ENHANCE: Completely rewrite the configuration parser and add
207   support for the "include" control flag.
208
209 - ENHANCE: Improve portability to NetBSD, OpenBSD and Linux.
210
211 - ENHANCE: Lots of additional paranoia.
212
213 - BUGFIX: The sample su(1) application dropped privileges before
214   forking instead of after.
215
216 - ENHANCE: Document openpam_log(3).
217
218 - ENHANCE: Other minor documentation fixes.
219
220Thanks to Dmitry V. Levin <ldv@altlinux.org> for considerable
221assistance with this release.
222============================================================================
223OpenPAM Dianthus                                                2003-05-02
224
225 - BUGFIX: Initialize some potentially uninitialized variables.
226
227 - BUGFIX: Silence some warnings emitted by gcc -std=iso9899:1999.
228
229 - BUGFIX: In pam_getenv(), return a pointer to the stored variable
230   instead of a freshly allocated copy.
231
232 - ENHANCE: Detect recursion in openpam_borrow_cred()
233
234 - ENHANCE: Make borrowing one's own credentials a no-op.
235
236 - ENHANCE: Further improve debugging support.
237
238 - ENHANCE: Clean up some variable names.
239============================================================================
240OpenPAM Daffodil                                                2003-01-06
241
242 - ENHANCE: Document dependency on <sys/types.h> (for size_t)
243
244 - ENHANCE: Slightly improve error detection in openpam_ttyconv().
245
246 - BUGFIX: Fix several typos in debugging macros.
247============================================================================
248OpenPAM Cyclamen                                                2002-12-12
249
250 - ENHANCE: Improve recursion detection in openpam_dispatch().
251
252 - ENHANCE: Add debugging messages at entry and exit points of most
253   functions.
254
255 - ENHANCE: Fix some minor style issues.
256
257 - BUGFIX: Add default cases to the switches in openpam_log.c.
258
259 - ENHANCE: Add /usr/local/etc/pam.conf to policy search path.
260
261 - BUGFIX: In openpam_ttyconv(3), print the prompt to stdout rather
262   than stderr.
263============================================================================
264OpenPAM Citronella                                              2002-06-30
265
266 - ENHANCE: Add the "binding" control flag (from Solaris 9).
267
268 - ENHANCE: Define struct pam_repository and PAM_REPOSITORY (from
269   Solaris 9).
270
271 - ENHANCE: Flesh out the pam(3) man page.
272
273 - ENHANCE: Add an openpam(3) page with cross-references to all the
274   documented OpenPAM API extensions.
275
276 - ENHANCE: Add a pam_conv(3) man page describing the conversation
277   system.
278
279 - ENHANCE: Improved sample application.
280
281 - ENHANCE: Added sample pam_unix module.
282
283 - BUGFIX: Various documentation nits.
284============================================================================
285OpenPAM Cinquefoil                                              2002-05-24
286
287 - BUGFIX: Various warnings uncovered by gcc 3.1.
288
289 - ENHANCE: Add a null conversation function, openpam_nullconv(3).
290
291 - BUGFIX: Initialize the "other" chain to all zeroes.
292
293 - ENHANCE: Document openpam_ttyconv(3).
294============================================================================
295OpenPAM Cinnamon                                                2002-05-02
296
297 - ENHANCE: Add a null conversation function, openpam_nullconv().
298
299 - BUGFIX: Various markup bugs in the documentation.
300
301 - BUGFIX: Document <security/openpam.h>.
302
303 - BUGFIX: Duplicate expansion of openpam_log() macro arguments.
304
305 - ENHANCE: Restructure the policy-loading code and align our use of
306   the "other" policy with Solaris and Linux-PAM.
307
308 - ENHANCE: Log dlopen() and dlsym() failures.
309
310 - ENHANCE: In openpam_ttyconv(), emit a newline after error and info
311   messages unless the message contains one already.
312
313 - BUGFIX: In pam_vprompt(), initialize the response pointer to NULL
314   so we can detect whether the conversation function touched it.
315============================================================================
316OpenPAM Cineraria                                               2002-04-14
317
318 - BUGFIX: Fix confusion between token and prompt in
319   pam_get_authtok(3).
320
321 - ENHANCE: Improved documentation.
322
323 - ENHANCE: Adopt the same preprocessor tricks that were used in
324   FreeBSD's version of Linux-PAM to simplify static linking without
325   requiring dummy primitives.
326
327 - ENHANCE: Move the policy-loading code out of pam_start.c.
328
329 - BUGFIX: Fix typo in one of the versions of the openpam_log macro.
330
331 - ENHANCE: Add versioning macros.
332============================================================================
333OpenPAM Cinchona                                                2002-04-08
334
335 - ENHANCE: Improved documentation for several API functions.
336
337 - BUGFIX: Fix bug in pam_set_data() that would result in corruption
338   of the module data list.
339
340 - BUGFIX: Allocate the correct amount of memory for the environment
341   list in pam_putenv().
342
343 - ENHANCE: Change pam_get_authtok()'s prototype so the caller can
344   specify what token it wants.  Also introduce PAM_OLDAUTHTOK_PROMPT.
345
346 - BUGFIX: Plug memory leak in pam_get_user() / pam_get_authtok(), and
347   reduce differences between these very similar functions.
348
349 - ENHANCE: Check flags carefully in pam_authenticate() and
350   pam_chauthtok().
351
352 - BUGFIX: Fix bugs in portability code; libpam now builds on NetBSD.
353
354 - ENHANCE: In pam_get_authtok(), if PAM_OLDAUTHTOK is set, we're
355   asked for PAM_AUTHTOK, and we have to prompt the user, prompt her
356   twice and compare the responses.
357
358 - ENHANCE: Add openpam_{borrow,restore}_cred(), for temporarily
359   switching to user credentials.
360
361 - ENHANCE: Add openpam_free_data(), a generic cleanup function for
362   pam_set_data() consumers.
363============================================================================
364OpenPAM Centaury                                                2002-03-14
365
366 - BUGFIX: Add missing #include <string.h> to openpam_log.c.
367
368 - BUGFIX: s/PAM_REINITIALISE_CRED/PAM_REINITIALIZE_CRED/.  XSSO uses
369   the former, but Solaris and Linux-PAM use the latter.
370
371 - BUGFIX: The dynamic loader and the module cache contained a number
372   of bugs which would cause a segmentation fault if pam_start(3) was
373   called again after pam_end(3), as happens in login(1), xdm(1) etc.
374   after a failed login.
375
376 - BUGFIX: Refer to a module by the name used in the policy file, even
377   if the module that was actually loaded was versioned.
378
379 - ENHANCE: Suppress debugging logs, unless compiled with -DDEBUG.
380============================================================================
381OpenPAM Celandine                                               2002-03-05
382
383 - BUGFIX: PAM_TRY_AGAIN is a valid return value for pam_chauthtok().
384
385 - BUGFIX: Run passwd chain twice, first with the PAM_PRELIM_CHECK
386   flag set, then with the PAM_UPDATE_AUTHTOK flag set.
387
388 - BUGFIX: Failure of a "sufficient" module should not terminate the
389   passwd chain if the PAM_PRELIM_CHECK flag is set.
390
391 - BUGFIX: Clear PAM_AUTHTOK after running the service modules.
392
393 - ENHANCE: Prevent applications from specifying the PAM_PRELIM_CHECK
394   or PAM_UPDATE_AUTHTOK flags themselves.
395
396 - BUGFIX: openpam_set_option() did not support changing the value of
397   an existing option.
398
399 - ENHANCE: Add support for module versioning.  OpenPAM will prefer a
400   module with the same version number as the library itself to one
401   with no version number at all.
402============================================================================
403OpenPAM Cantaloupe                                              2002-02-22
404
405 - BUGFIX: The proper use of PAM_SYMBOL_ERR is to indicate an invalid
406   argument to pam_[gs]et_item(3), not to indicate dlsym(3) failures.
407
408 - ENHANCE: Add in-line documentation in most source files, and a Perl
409   script that generates mdoc code from that.
410
411 - BUGFIX: The environment list was not properly NULL-terminated.
412
413 - ENHANCE: Allow the PAM_AUTHTOK_PROMPT item to override the prompt
414   specified by the module.
415
416 - BUGFIX: PAM_NUM_ITEMS was set too low.  It has been moved to
417   pam_constants.h to avoid it going stale again.
418
419 - ENHANCE: Move all code related to static modules into a separate
420   file.
421
422 - ENHANCE: openpam_ttyconv() now masks most signals while prompting the
423   user, and supports setting a timeout (which defaults to off).
424
425 - BUGFIX: Some manual pages referenced XSSO even though they
426   documented OpenPAM-specific functions.
427
428 - ENHANCE: Added openpam_get_option() and openpam_set_option().
429
430 - ENHANCE: openpam_get_authtok() now respects the echo_pass,
431   try_first_pass, and use_first_pass options.
432============================================================================
433OpenPAM Caliopsis                                               2002-02-13
434
435Fixed a number of bugs in the previous release, including:
436  - a number of bugs in and related to pam_[gs]et_item(3)
437  - off-by-one bug in pam_start.c would trim last character off certain
438    configuration lines
439  - incorrect ordering of an array in openpam_load.c would cause service
440    module functions to get mixed up
441  - missing 'continue' in openpam_dispatch.c caused successes to be
442    counted as failures
443============================================================================
444OpenPAM Calamite                                                2002-02-09
445
446First (beta) release.
Note: See TracBrowser for help on using the repository browser.