source: openpam/trunk/HISTORY @ 806

Last change on this file since 806 was 806, checked in by Dag-Erling Smørgrav, 6 years ago

Prepare for releasing Ourouparia on Thursday.

  • Property svn:eol-style set to native
  • Property svn:mime-type set to text/plain
File size: 16.9 KB
Line 
1OpenPAM ??????????                                              2014-??-??
2
3 - FEATURE: Add a pam_oath module that implements RFC 4226 (HOTP) and
4   RFC 6238 (TOTP).
5============================================================================
6OpenPAM Ourouparia                                              2014-09-11
7
8 - ENHANCE: When executing a chain, require at least one service
9   function to succeed.  This mitigates fail-open scenarios caused by
10   misconfigurations or missing modules.
11
12 - ENHANCE: Make sure to overwrite buffers which may have contained an
13   authentication token when they're no longer needed.
14
15 - BUGFIX: Under certain circumstances, specifying a non-existent
16   module (or misspelling the name of a module) in a policy could
17   result in a fail-open scenario.  (CVE-2014-3879)
18
19 - FEATURE: Add a search path for modules.  This was implemented in
20   Nummularia but inadvertantly left out of the release notes.
21
22 - BUGFIX: The is_upper() predicate only accepted the letter A as an
23   upper-case character instead of the entire A-Z range.  As a result,
24   service and module names containing upper-case letters other than A
25   would be rejected.
26============================================================================
27OpenPAM Nummularia                                              2013-09-07
28
29 - ENHANCE: Rewrite the dynamic loader to improve readability and
30   reliability.  Modules can now be listed without the ".so" suffix in
31   the policy file; OpenPAM will automatically add it, just like it
32   will automatically add the version number if required.
33
34 - ENHANCE: Allow openpam_straddch(3) to be called without a character
35   so it can be used to preallocate a string.
36
37 - ENHANCE: Improve portability by adding simple asprintf(3) and
38   vasprintf(3) implementations for platforms that don't have them.
39
40 - ENHANCE: Move the libpam sources into a separate subdirectory.
41
42 - ENHANCE: Substantial documentation improvements.
43
44 - BUGFIX: When openpam_readword(3) encountered an opening quote, it
45   would set the first byte in the buffer to '\0', discarding all
46   existing text and, unless the buffer was empty to begin with, all
47   subsequent text as well.  This went unnoticed because none of the
48   unit tests for quoted strings had any text preceding the opening
49   quote.
50
51 - BUGFIX: make --with-modules-dir work the way it was meant to work
52   (but never did).
53============================================================================
54OpenPAM Micrampelis                                             2012-05-26
55
56 - FEATURE: Add an openpam_readword(3) function which reads the next
57   word from an input stream, applying shell quoting and escaping
58   rules.  Add numerous unit tests for openpam_readword(3).
59
60 - FEATURE: Add an openpam_readlinev(3) function which uses the
61   openpam_readword(3) function to read words from an input stream one
62   at a time until it reaches an unquoted, unescaped newline, and
63   returns an array of those words.  Add several unit tests for
64   openpam_readlinev(3).
65
66 - FEATURE: Add a PAM_HOST item which pam_start(3) initializes to the
67   machine's hostname.  This was implemented in Lycopsida but
68   inadvertantly left out of the release notes.
69
70 - FEATURE: In pam_get_authtok(3), if neither the application nor the
71   module have specified a prompt and PAM_HOST and PAM_RHOST are both
72   defined but not equal, use a different default prompt that includes
73   PAM_USER and PAM_HOST.
74
75 - ENHANCE: Rewrite the policy parser to used openpam_readlinev(),
76   which greatly simplifies the code.
77
78 - ENHANCE: The previous implementation of the policy parser relied on
79   the openpam_readline(3) function, which (by design) munges
80   whitespace and understands neither quotes nor backslash escapes.
81   As a result of the aforementioned rewrite, whitespace, quotes and
82   backslash escapes in policy files are now handled in a consistent
83   and predictable manner.
84
85 - ENHANCE: On platforms that have it, use fdlopen(3) to load modules.
86   This closes the race between the ownership / permission check and
87   the dlopen(3) call.
88
89 - ENHANCE: Reduce the amount of pointless error messages generated
90   while searching for a module.
91
92 - ENHANCE: Numerous documentation improvements, both in content and
93   formatting.
94
95 - BUGFIX: A patch incorporated in Lycopsida inadvertantly changed
96   OpenPAM's behavior when several policies exist for the same
97   service, from ignoring all but the first to concatenating them all.
98   Revert to the original behavior.
99
100 - BUGFIX: Plug a memory leak in the policy parser.
101============================================================================
102OpenPAM Lycopsida                                               2011-12-18
103
104 - ENHANCE: removed static build autodetection, which didn't work
105   anyway.  Use an explicit, user-specified preprocessor variable
106   instead.
107
108 - ENHANCE: cleaned up the documentation a bit.
109
110 - ENHANCE: added openpam_subst(3), allowing certain PAM items to be
111   embedded in strings such as prompts.  Apply it to the prompts used
112   by pam_get_user(3) and pam_get_authtok(3).
113
114 - ENHANCE: added support for the user_prompt, authtok_prompt and
115   oldauthtok_prompt module options, which override the prompts passed
116   by the module to pam_set_user(3) and pam_get_authtok(3).
117
118 - ENHANCE: rewrote the policy parser to support quoted option values.
119
120 - ENHANCE: added pamtest(1), a tool for testing modules and policies.
121
122 - ENHANCE: added code to check the ownership and permissions of a
123   module before loading it.
124
125 - ENHANCE: added / improved input validation in many cases, including
126   the policy file and some function arguments.  (CVE-2011-4122)
127============================================================================
128OpenPAM Hydrangea                                               2007-12-21
129
130 - ENHANCE: when compiling with GCC, mark up API functions with GCC
131   attributes where appropriate.
132
133 - BUGFIX: fixed numerous warnings uncovered by GCC 4.
134
135 - ENHANCE: building the documentation is now optional.
136
137 - ENHANCE: corrected a number of mistakes and style issues in the
138   build system.
139
140 - ENHANCE: API function arguments are now const where appropriate, to
141   match corresponding changes in the Solaris PAM and Linux-PAM APIs.
142
143 - ENHANCE: corrected a number of C namespace violations.
144
145 - ENHANCE: the module cache has been removed, allowing long-lived
146   applications to pick up module changes.  This also allows multiple
147   threads to use PAM simultaneously (as long as they use separate PAM
148   contexts), since the module cache was the only part of OpenPAM that
149   was not thread-safe.
150============================================================================
151OpenPAM Figwort                                                 2005-06-16
152
153 - BUGFIX: Correct several small signedness and initialization bugs
154   discovered during review by the NetBSD team.
155
156 - BUGFIX: Modify gendoc.pl to sort cross-references in dictionary
157   order within each section.
158
159 - ENHANCE: if a policy specifies a relative module path, prepend the
160   module directory so we never call dlopen(3) with a relative path.
161
162 - ENHANCE: add a pam.conf(5) manual page.
163============================================================================
164OpenPAM Feterita                                                2005-02-01
165
166 - BUGFIX: Correct numerous markup errors, invalid cross-references,
167   and other issues in the manual pages, with kind assistance from
168   Ruslan Ermilov <ru@freebsd.org>.
169
170 - BUGFIX: Avoid multiple evaluation of macro arguments in ENTERX()
171   and RETURNX() macros.
172
173 - BUGFIX: Remove an unnecessary and non-portable pointer cast in
174   pam_get_data(3).
175
176 - BUGFIX: Fix identical typos in PAM_ACCT_EXPIRED case in
177   pam_strerror(3) and gendoc.pl.
178
179 - ENHANCE: Minor overhaul of the autoconf / build system.
180
181 - ENHANCE: Add openpam_free_envlist(3).
182============================================================================
183OpenPAM Eelgrass                                                2004-02-10
184
185 - BUGFIX: Correct array handling bugs in conversation code.
186
187 - BUGFIX: In openpam_ttyconv(3), don't strip trailing linear
188   whitespace from the user's response.
189
190 - BUGFIX: Many constness issues addressed.
191============================================================================
192OpenPAM Dogwood                                                 2003-07-15
193
194 - ENHANCE: Use the GNU autotools.
195
196 - ENHANCE: Constify the msg field in struct pam_message.
197
198 - BUGFIX: Remove left-over debugging output
199
200 - BUGFIX: Avoid side effects in arguments to the FREE() macro
201
202 - ENHANCE: Make openpam_ttyconv(3) use read(2) rather than fgets(3).
203
204 - BUGFIX: Staticize some variables which shouldn't be global.
205
206 - BUGFIX: Correcly anticipate a NULL user in pam_get_user(3).
207
208 - ENHANCE: Various minor documentation improvements.
209
210Thanks to Dmitry V. Levin <ldv@altlinux.org> for considerable
211assistance with this release.
212============================================================================
213OpenPAM Digitalis                                               2003-06-01
214
215 - ENHANCE: Completely rewrite the configuration parser and add
216   support for the "include" control flag.
217
218 - ENHANCE: Improve portability to NetBSD, OpenBSD and Linux.
219
220 - ENHANCE: Lots of additional paranoia.
221
222 - BUGFIX: The sample su(1) application dropped privileges before
223   forking instead of after.
224
225 - ENHANCE: Document openpam_log(3).
226
227 - ENHANCE: Other minor documentation fixes.
228
229Thanks to Dmitry V. Levin <ldv@altlinux.org> for considerable
230assistance with this release.
231============================================================================
232OpenPAM Dianthus                                                2003-05-02
233
234 - BUGFIX: Initialize some potentially uninitialized variables.
235
236 - BUGFIX: Silence some warnings emitted by gcc -std=iso9899:1999.
237
238 - BUGFIX: In pam_getenv(), return a pointer to the stored variable
239   instead of a freshly allocated copy.
240
241 - ENHANCE: Detect recursion in openpam_borrow_cred()
242
243 - ENHANCE: Make borrowing one's own credentials a no-op.
244
245 - ENHANCE: Further improve debugging support.
246
247 - ENHANCE: Clean up some variable names.
248============================================================================
249OpenPAM Daffodil                                                2003-01-06
250
251 - ENHANCE: Document dependency on <sys/types.h> (for size_t)
252
253 - ENHANCE: Slightly improve error detection in openpam_ttyconv().
254
255 - BUGFIX: Fix several typos in debugging macros.
256============================================================================
257OpenPAM Cyclamen                                                2002-12-12
258
259 - ENHANCE: Improve recursion detection in openpam_dispatch().
260
261 - ENHANCE: Add debugging messages at entry and exit points of most
262   functions.
263
264 - ENHANCE: Fix some minor style issues.
265
266 - BUGFIX: Add default cases to the switches in openpam_log.c.
267
268 - ENHANCE: Add /usr/local/etc/pam.conf to policy search path.
269
270 - BUGFIX: In openpam_ttyconv(3), print the prompt to stdout rather
271   than stderr.
272============================================================================
273OpenPAM Citronella                                              2002-06-30
274
275 - ENHANCE: Add the "binding" control flag (from Solaris 9).
276
277 - ENHANCE: Define struct pam_repository and PAM_REPOSITORY (from
278   Solaris 9).
279
280 - ENHANCE: Flesh out the pam(3) man page.
281
282 - ENHANCE: Add an openpam(3) page with cross-references to all the
283   documented OpenPAM API extensions.
284
285 - ENHANCE: Add a pam_conv(3) man page describing the conversation
286   system.
287
288 - ENHANCE: Improved sample application.
289
290 - ENHANCE: Added sample pam_unix module.
291
292 - BUGFIX: Various documentation nits.
293============================================================================
294OpenPAM Cinquefoil                                              2002-05-24
295
296 - BUGFIX: Various warnings uncovered by gcc 3.1.
297
298 - ENHANCE: Add a null conversation function, openpam_nullconv(3).
299
300 - BUGFIX: Initialize the "other" chain to all zeroes.
301
302 - ENHANCE: Document openpam_ttyconv(3).
303============================================================================
304OpenPAM Cinnamon                                                2002-05-02
305
306 - ENHANCE: Add a null conversation function, openpam_nullconv().
307
308 - BUGFIX: Various markup bugs in the documentation.
309
310 - BUGFIX: Document <security/openpam.h>.
311
312 - BUGFIX: Duplicate expansion of openpam_log() macro arguments.
313
314 - ENHANCE: Restructure the policy-loading code and align our use of
315   the "other" policy with Solaris and Linux-PAM.
316
317 - ENHANCE: Log dlopen() and dlsym() failures.
318
319 - ENHANCE: In openpam_ttyconv(), emit a newline after error and info
320   messages unless the message contains one already.
321
322 - BUGFIX: In pam_vprompt(), initialize the response pointer to NULL
323   so we can detect whether the conversation function touched it.
324============================================================================
325OpenPAM Cineraria                                               2002-04-14
326
327 - BUGFIX: Fix confusion between token and prompt in
328   pam_get_authtok(3).
329
330 - ENHANCE: Improved documentation.
331
332 - ENHANCE: Adopt the same preprocessor tricks that were used in
333   FreeBSD's version of Linux-PAM to simplify static linking without
334   requiring dummy primitives.
335
336 - ENHANCE: Move the policy-loading code out of pam_start.c.
337
338 - BUGFIX: Fix typo in one of the versions of the openpam_log macro.
339
340 - ENHANCE: Add versioning macros.
341============================================================================
342OpenPAM Cinchona                                                2002-04-08
343
344 - ENHANCE: Improved documentation for several API functions.
345
346 - BUGFIX: Fix bug in pam_set_data() that would result in corruption
347   of the module data list.
348
349 - BUGFIX: Allocate the correct amount of memory for the environment
350   list in pam_putenv().
351
352 - ENHANCE: Change pam_get_authtok()'s prototype so the caller can
353   specify what token it wants.  Also introduce PAM_OLDAUTHTOK_PROMPT.
354
355 - BUGFIX: Plug memory leak in pam_get_user() / pam_get_authtok(), and
356   reduce differences between these very similar functions.
357
358 - ENHANCE: Check flags carefully in pam_authenticate() and
359   pam_chauthtok().
360
361 - BUGFIX: Fix bugs in portability code; libpam now builds on NetBSD.
362
363 - ENHANCE: In pam_get_authtok(), if PAM_OLDAUTHTOK is set, we're
364   asked for PAM_AUTHTOK, and we have to prompt the user, prompt her
365   twice and compare the responses.
366
367 - ENHANCE: Add openpam_{borrow,restore}_cred(), for temporarily
368   switching to user credentials.
369
370 - ENHANCE: Add openpam_free_data(), a generic cleanup function for
371   pam_set_data() consumers.
372============================================================================
373OpenPAM Centaury                                                2002-03-14
374
375 - BUGFIX: Add missing #include <string.h> to openpam_log.c.
376
377 - BUGFIX: s/PAM_REINITIALISE_CRED/PAM_REINITIALIZE_CRED/.  XSSO uses
378   the former, but Solaris and Linux-PAM use the latter.
379
380 - BUGFIX: The dynamic loader and the module cache contained a number
381   of bugs which would cause a segmentation fault if pam_start(3) was
382   called again after pam_end(3), as happens in login(1), xdm(1) etc.
383   after a failed login.
384
385 - BUGFIX: Refer to a module by the name used in the policy file, even
386   if the module that was actually loaded was versioned.
387
388 - ENHANCE: Suppress debugging logs, unless compiled with -DDEBUG.
389============================================================================
390OpenPAM Celandine                                               2002-03-05
391
392 - BUGFIX: PAM_TRY_AGAIN is a valid return value for pam_chauthtok().
393
394 - BUGFIX: Run passwd chain twice, first with the PAM_PRELIM_CHECK
395   flag set, then with the PAM_UPDATE_AUTHTOK flag set.
396
397 - BUGFIX: Failure of a "sufficient" module should not terminate the
398   passwd chain if the PAM_PRELIM_CHECK flag is set.
399
400 - BUGFIX: Clear PAM_AUTHTOK after running the service modules.
401
402 - ENHANCE: Prevent applications from specifying the PAM_PRELIM_CHECK
403   or PAM_UPDATE_AUTHTOK flags themselves.
404
405 - BUGFIX: openpam_set_option() did not support changing the value of
406   an existing option.
407
408 - ENHANCE: Add support for module versioning.  OpenPAM will prefer a
409   module with the same version number as the library itself to one
410   with no version number at all.
411============================================================================
412OpenPAM Cantaloupe                                              2002-02-22
413
414 - BUGFIX: The proper use of PAM_SYMBOL_ERR is to indicate an invalid
415   argument to pam_[gs]et_item(3), not to indicate dlsym(3) failures.
416
417 - ENHANCE: Add in-line documentation in most source files, and a Perl
418   script that generates mdoc code from that.
419
420 - BUGFIX: The environment list was not properly NULL-terminated.
421
422 - ENHANCE: Allow the PAM_AUTHTOK_PROMPT item to override the prompt
423   specified by the module.
424
425 - BUGFIX: PAM_NUM_ITEMS was set too low.  It has been moved to
426   pam_constants.h to avoid it going stale again.
427
428 - ENHANCE: Move all code related to static modules into a separate
429   file.
430
431 - ENHANCE: openpam_ttyconv() now masks most signals while prompting the
432   user, and supports setting a timeout (which defaults to off).
433
434 - BUGFIX: Some manual pages referenced XSSO even though they
435   documented OpenPAM-specific functions.
436
437 - ENHANCE: Added openpam_get_option() and openpam_set_option().
438
439 - ENHANCE: openpam_get_authtok() now respects the echo_pass,
440   try_first_pass, and use_first_pass options.
441============================================================================
442OpenPAM Caliopsis                                               2002-02-13
443
444Fixed a number of bugs in the previous release, including:
445  - a number of bugs in and related to pam_[gs]et_item(3)
446  - off-by-one bug in pam_start.c would trim last character off certain
447    configuration lines
448  - incorrect ordering of an array in openpam_load.c would cause service
449    module functions to get mixed up
450  - missing 'continue' in openpam_dispatch.c caused successes to be
451    counted as failures
452============================================================================
453OpenPAM Calamite                                                2002-02-09
454
455First (beta) release.
Note: See TracBrowser for help on using the repository browser.