source: openpam/trunk/HISTORY @ 912

Last change on this file since 912 was 912, checked in by Dag-Erling Smørgrav, 4 years ago

Postpone Radula until next Saturday.

  • Property svn:eol-style set to native
  • Property svn:mime-type set to text/plain
File size: 17.4 KB
Line 
1OpenPAM Radula                                                  2017-01-28
2
3 - BUGFIX: Fix an inverted test which prevented pam_get_authtok(3) and
4   pam_get_user(3) from using application-provided custom prompts.
5
6 - BUGFIX: Plug a potential memory leak in openpam_readlinev(3).
7
8 - BUGFIX: In openpam_readword(3), support line continuations within
9   whitespace.
10
11 - ENHANCE: Add a feature flag to control fallback to "other" policy.
12
13 - ENHANCE: Add a pam_return(8) module which returns an arbitrary
14   code specified in the module options.
15
16 - ENHANCE: More and better unit tests.
17============================================================================
18OpenPAM Ourouparia                                              2014-09-12
19
20 - ENHANCE: When executing a chain, require at least one service
21   function to succeed.  This mitigates fail-open scenarios caused by
22   misconfigurations or missing modules.
23
24 - ENHANCE: Make sure to overwrite buffers which may have contained an
25   authentication token when they're no longer needed.
26
27 - BUGFIX: Under certain circumstances, specifying a non-existent
28   module (or misspelling the name of a module) in a policy could
29   result in a fail-open scenario.  (CVE-2014-3879)
30
31 - FEATURE: Add a search path for modules.  This was implemented in
32   Nummularia but inadvertently left out of the release notes.
33
34 - BUGFIX: The is_upper() predicate only accepted the letter A as an
35   upper-case character instead of the entire A-Z range.  As a result,
36   service and module names containing upper-case letters other than A
37   would be rejected.
38============================================================================
39OpenPAM Nummularia                                              2013-09-07
40
41 - ENHANCE: Rewrite the dynamic loader to improve readability and
42   reliability.  Modules can now be listed without the ".so" suffix in
43   the policy file; OpenPAM will automatically add it, just like it
44   will automatically add the version number if required.
45
46 - ENHANCE: Allow openpam_straddch(3) to be called without a character
47   so it can be used to preallocate a string.
48
49 - ENHANCE: Improve portability by adding simple asprintf(3) and
50   vasprintf(3) implementations for platforms that don't have them.
51
52 - ENHANCE: Move the libpam sources into a separate subdirectory.
53
54 - ENHANCE: Substantial documentation improvements.
55
56 - BUGFIX: When openpam_readword(3) encountered an opening quote, it
57   would set the first byte in the buffer to '\0', discarding all
58   existing text and, unless the buffer was empty to begin with, all
59   subsequent text as well.  This went unnoticed because none of the
60   unit tests for quoted strings had any text preceding the opening
61   quote.
62
63 - BUGFIX: make --with-modules-dir work the way it was meant to work
64   (but never did).
65============================================================================
66OpenPAM Micrampelis                                             2012-05-26
67
68 - FEATURE: Add an openpam_readword(3) function which reads the next
69   word from an input stream, applying shell quoting and escaping
70   rules.  Add numerous unit tests for openpam_readword(3).
71
72 - FEATURE: Add an openpam_readlinev(3) function which uses the
73   openpam_readword(3) function to read words from an input stream one
74   at a time until it reaches an unquoted, unescaped newline, and
75   returns an array of those words.  Add several unit tests for
76   openpam_readlinev(3).
77
78 - FEATURE: Add a PAM_HOST item which pam_start(3) initializes to the
79   machine's hostname.  This was implemented in Lycopsida but
80   inadvertantly left out of the release notes.
81
82 - FEATURE: In pam_get_authtok(3), if neither the application nor the
83   module have specified a prompt and PAM_HOST and PAM_RHOST are both
84   defined but not equal, use a different default prompt that includes
85   PAM_USER and PAM_HOST.
86
87 - ENHANCE: Rewrite the policy parser to used openpam_readlinev(),
88   which greatly simplifies the code.
89
90 - ENHANCE: The previous implementation of the policy parser relied on
91   the openpam_readline(3) function, which (by design) munges
92   whitespace and understands neither quotes nor backslash escapes.
93   As a result of the aforementioned rewrite, whitespace, quotes and
94   backslash escapes in policy files are now handled in a consistent
95   and predictable manner.
96
97 - ENHANCE: On platforms that have it, use fdlopen(3) to load modules.
98   This closes the race between the ownership / permission check and
99   the dlopen(3) call.
100
101 - ENHANCE: Reduce the amount of pointless error messages generated
102   while searching for a module.
103
104 - ENHANCE: Numerous documentation improvements, both in content and
105   formatting.
106
107 - BUGFIX: A patch incorporated in Lycopsida inadvertantly changed
108   OpenPAM's behavior when several policies exist for the same
109   service, from ignoring all but the first to concatenating them all.
110   Revert to the original behavior.
111
112 - BUGFIX: Plug a memory leak in the policy parser.
113============================================================================
114OpenPAM Lycopsida                                               2011-12-18
115
116 - ENHANCE: removed static build autodetection, which didn't work
117   anyway.  Use an explicit, user-specified preprocessor variable
118   instead.
119
120 - ENHANCE: cleaned up the documentation a bit.
121
122 - ENHANCE: added openpam_subst(3), allowing certain PAM items to be
123   embedded in strings such as prompts.  Apply it to the prompts used
124   by pam_get_user(3) and pam_get_authtok(3).
125
126 - ENHANCE: added support for the user_prompt, authtok_prompt and
127   oldauthtok_prompt module options, which override the prompts passed
128   by the module to pam_set_user(3) and pam_get_authtok(3).
129
130 - ENHANCE: rewrote the policy parser to support quoted option values.
131
132 - ENHANCE: added pamtest(1), a tool for testing modules and policies.
133
134 - ENHANCE: added code to check the ownership and permissions of a
135   module before loading it.
136
137 - ENHANCE: added / improved input validation in many cases, including
138   the policy file and some function arguments.  (CVE-2011-4122)
139============================================================================
140OpenPAM Hydrangea                                               2007-12-21
141
142 - ENHANCE: when compiling with GCC, mark up API functions with GCC
143   attributes where appropriate.
144
145 - BUGFIX: fixed numerous warnings uncovered by GCC 4.
146
147 - ENHANCE: building the documentation is now optional.
148
149 - ENHANCE: corrected a number of mistakes and style issues in the
150   build system.
151
152 - ENHANCE: API function arguments are now const where appropriate, to
153   match corresponding changes in the Solaris PAM and Linux-PAM APIs.
154
155 - ENHANCE: corrected a number of C namespace violations.
156
157 - ENHANCE: the module cache has been removed, allowing long-lived
158   applications to pick up module changes.  This also allows multiple
159   threads to use PAM simultaneously (as long as they use separate PAM
160   contexts), since the module cache was the only part of OpenPAM that
161   was not thread-safe.
162============================================================================
163OpenPAM Figwort                                                 2005-06-16
164
165 - BUGFIX: Correct several small signedness and initialization bugs
166   discovered during review by the NetBSD team.
167
168 - BUGFIX: Modify gendoc.pl to sort cross-references in dictionary
169   order within each section.
170
171 - ENHANCE: if a policy specifies a relative module path, prepend the
172   module directory so we never call dlopen(3) with a relative path.
173
174 - ENHANCE: add a pam.conf(5) manual page.
175============================================================================
176OpenPAM Feterita                                                2005-02-01
177
178 - BUGFIX: Correct numerous markup errors, invalid cross-references,
179   and other issues in the manual pages, with kind assistance from
180   Ruslan Ermilov <ru@freebsd.org>.
181
182 - BUGFIX: Avoid multiple evaluation of macro arguments in ENTERX()
183   and RETURNX() macros.
184
185 - BUGFIX: Remove an unnecessary and non-portable pointer cast in
186   pam_get_data(3).
187
188 - BUGFIX: Fix identical typos in PAM_ACCT_EXPIRED case in
189   pam_strerror(3) and gendoc.pl.
190
191 - ENHANCE: Minor overhaul of the autoconf / build system.
192
193 - ENHANCE: Add openpam_free_envlist(3).
194============================================================================
195OpenPAM Eelgrass                                                2004-02-10
196
197 - BUGFIX: Correct array handling bugs in conversation code.
198
199 - BUGFIX: In openpam_ttyconv(3), don't strip trailing linear
200   whitespace from the user's response.
201
202 - BUGFIX: Many constness issues addressed.
203============================================================================
204OpenPAM Dogwood                                                 2003-07-15
205
206 - ENHANCE: Use the GNU autotools.
207
208 - ENHANCE: Constify the msg field in struct pam_message.
209
210 - BUGFIX: Remove left-over debugging output
211
212 - BUGFIX: Avoid side effects in arguments to the FREE() macro
213
214 - ENHANCE: Make openpam_ttyconv(3) use read(2) rather than fgets(3).
215
216 - BUGFIX: Staticize some variables which shouldn't be global.
217
218 - BUGFIX: Correcly anticipate a NULL user in pam_get_user(3).
219
220 - ENHANCE: Various minor documentation improvements.
221
222Thanks to Dmitry V. Levin <ldv@altlinux.org> for considerable
223assistance with this release.
224============================================================================
225OpenPAM Digitalis                                               2003-06-01
226
227 - ENHANCE: Completely rewrite the configuration parser and add
228   support for the "include" control flag.
229
230 - ENHANCE: Improve portability to NetBSD, OpenBSD and Linux.
231
232 - ENHANCE: Lots of additional paranoia.
233
234 - BUGFIX: The sample su(1) application dropped privileges before
235   forking instead of after.
236
237 - ENHANCE: Document openpam_log(3).
238
239 - ENHANCE: Other minor documentation fixes.
240
241Thanks to Dmitry V. Levin <ldv@altlinux.org> for considerable
242assistance with this release.
243============================================================================
244OpenPAM Dianthus                                                2003-05-02
245
246 - BUGFIX: Initialize some potentially uninitialized variables.
247
248 - BUGFIX: Silence some warnings emitted by gcc -std=iso9899:1999.
249
250 - BUGFIX: In pam_getenv(), return a pointer to the stored variable
251   instead of a freshly allocated copy.
252
253 - ENHANCE: Detect recursion in openpam_borrow_cred()
254
255 - ENHANCE: Make borrowing one's own credentials a no-op.
256
257 - ENHANCE: Further improve debugging support.
258
259 - ENHANCE: Clean up some variable names.
260============================================================================
261OpenPAM Daffodil                                                2003-01-06
262
263 - ENHANCE: Document dependency on <sys/types.h> (for size_t)
264
265 - ENHANCE: Slightly improve error detection in openpam_ttyconv().
266
267 - BUGFIX: Fix several typos in debugging macros.
268============================================================================
269OpenPAM Cyclamen                                                2002-12-12
270
271 - ENHANCE: Improve recursion detection in openpam_dispatch().
272
273 - ENHANCE: Add debugging messages at entry and exit points of most
274   functions.
275
276 - ENHANCE: Fix some minor style issues.
277
278 - BUGFIX: Add default cases to the switches in openpam_log.c.
279
280 - ENHANCE: Add /usr/local/etc/pam.conf to policy search path.
281
282 - BUGFIX: In openpam_ttyconv(3), print the prompt to stdout rather
283   than stderr.
284============================================================================
285OpenPAM Citronella                                              2002-06-30
286
287 - ENHANCE: Add the "binding" control flag (from Solaris 9).
288
289 - ENHANCE: Define struct pam_repository and PAM_REPOSITORY (from
290   Solaris 9).
291
292 - ENHANCE: Flesh out the pam(3) man page.
293
294 - ENHANCE: Add an openpam(3) page with cross-references to all the
295   documented OpenPAM API extensions.
296
297 - ENHANCE: Add a pam_conv(3) man page describing the conversation
298   system.
299
300 - ENHANCE: Improved sample application.
301
302 - ENHANCE: Added sample pam_unix module.
303
304 - BUGFIX: Various documentation nits.
305============================================================================
306OpenPAM Cinquefoil                                              2002-05-24
307
308 - BUGFIX: Various warnings uncovered by gcc 3.1.
309
310 - ENHANCE: Add a null conversation function, openpam_nullconv(3).
311
312 - BUGFIX: Initialize the "other" chain to all zeroes.
313
314 - ENHANCE: Document openpam_ttyconv(3).
315============================================================================
316OpenPAM Cinnamon                                                2002-05-02
317
318 - ENHANCE: Add a null conversation function, openpam_nullconv().
319
320 - BUGFIX: Various markup bugs in the documentation.
321
322 - BUGFIX: Document <security/openpam.h>.
323
324 - BUGFIX: Duplicate expansion of openpam_log() macro arguments.
325
326 - ENHANCE: Restructure the policy-loading code and align our use of
327   the "other" policy with Solaris and Linux-PAM.
328
329 - ENHANCE: Log dlopen() and dlsym() failures.
330
331 - ENHANCE: In openpam_ttyconv(), emit a newline after error and info
332   messages unless the message contains one already.
333
334 - BUGFIX: In pam_vprompt(), initialize the response pointer to NULL
335   so we can detect whether the conversation function touched it.
336============================================================================
337OpenPAM Cineraria                                               2002-04-14
338
339 - BUGFIX: Fix confusion between token and prompt in
340   pam_get_authtok(3).
341
342 - ENHANCE: Improved documentation.
343
344 - ENHANCE: Adopt the same preprocessor tricks that were used in
345   FreeBSD's version of Linux-PAM to simplify static linking without
346   requiring dummy primitives.
347
348 - ENHANCE: Move the policy-loading code out of pam_start.c.
349
350 - BUGFIX: Fix typo in one of the versions of the openpam_log macro.
351
352 - ENHANCE: Add versioning macros.
353============================================================================
354OpenPAM Cinchona                                                2002-04-08
355
356 - ENHANCE: Improved documentation for several API functions.
357
358 - BUGFIX: Fix bug in pam_set_data() that would result in corruption
359   of the module data list.
360
361 - BUGFIX: Allocate the correct amount of memory for the environment
362   list in pam_putenv().
363
364 - ENHANCE: Change pam_get_authtok()'s prototype so the caller can
365   specify what token it wants.  Also introduce PAM_OLDAUTHTOK_PROMPT.
366
367 - BUGFIX: Plug memory leak in pam_get_user() / pam_get_authtok(), and
368   reduce differences between these very similar functions.
369
370 - ENHANCE: Check flags carefully in pam_authenticate() and
371   pam_chauthtok().
372
373 - BUGFIX: Fix bugs in portability code; libpam now builds on NetBSD.
374
375 - ENHANCE: In pam_get_authtok(), if PAM_OLDAUTHTOK is set, we're
376   asked for PAM_AUTHTOK, and we have to prompt the user, prompt her
377   twice and compare the responses.
378
379 - ENHANCE: Add openpam_{borrow,restore}_cred(), for temporarily
380   switching to user credentials.
381
382 - ENHANCE: Add openpam_free_data(), a generic cleanup function for
383   pam_set_data() consumers.
384============================================================================
385OpenPAM Centaury                                                2002-03-14
386
387 - BUGFIX: Add missing #include <string.h> to openpam_log.c.
388
389 - BUGFIX: s/PAM_REINITIALISE_CRED/PAM_REINITIALIZE_CRED/.  XSSO uses
390   the former, but Solaris and Linux-PAM use the latter.
391
392 - BUGFIX: The dynamic loader and the module cache contained a number
393   of bugs which would cause a segmentation fault if pam_start(3) was
394   called again after pam_end(3), as happens in login(1), xdm(1) etc.
395   after a failed login.
396
397 - BUGFIX: Refer to a module by the name used in the policy file, even
398   if the module that was actually loaded was versioned.
399
400 - ENHANCE: Suppress debugging logs, unless compiled with -DDEBUG.
401============================================================================
402OpenPAM Celandine                                               2002-03-05
403
404 - BUGFIX: PAM_TRY_AGAIN is a valid return value for pam_chauthtok().
405
406 - BUGFIX: Run passwd chain twice, first with the PAM_PRELIM_CHECK
407   flag set, then with the PAM_UPDATE_AUTHTOK flag set.
408
409 - BUGFIX: Failure of a "sufficient" module should not terminate the
410   passwd chain if the PAM_PRELIM_CHECK flag is set.
411
412 - BUGFIX: Clear PAM_AUTHTOK after running the service modules.
413
414 - ENHANCE: Prevent applications from specifying the PAM_PRELIM_CHECK
415   or PAM_UPDATE_AUTHTOK flags themselves.
416
417 - BUGFIX: openpam_set_option() did not support changing the value of
418   an existing option.
419
420 - ENHANCE: Add support for module versioning.  OpenPAM will prefer a
421   module with the same version number as the library itself to one
422   with no version number at all.
423============================================================================
424OpenPAM Cantaloupe                                              2002-02-22
425
426 - BUGFIX: The proper use of PAM_SYMBOL_ERR is to indicate an invalid
427   argument to pam_[gs]et_item(3), not to indicate dlsym(3) failures.
428
429 - ENHANCE: Add in-line documentation in most source files, and a Perl
430   script that generates mdoc code from that.
431
432 - BUGFIX: The environment list was not properly NULL-terminated.
433
434 - ENHANCE: Allow the PAM_AUTHTOK_PROMPT item to override the prompt
435   specified by the module.
436
437 - BUGFIX: PAM_NUM_ITEMS was set too low.  It has been moved to
438   pam_constants.h to avoid it going stale again.
439
440 - ENHANCE: Move all code related to static modules into a separate
441   file.
442
443 - ENHANCE: openpam_ttyconv() now masks most signals while prompting the
444   user, and supports setting a timeout (which defaults to off).
445
446 - BUGFIX: Some manual pages referenced XSSO even though they
447   documented OpenPAM-specific functions.
448
449 - ENHANCE: Added openpam_get_option() and openpam_set_option().
450
451 - ENHANCE: openpam_get_authtok() now respects the echo_pass,
452   try_first_pass, and use_first_pass options.
453============================================================================
454OpenPAM Caliopsis                                               2002-02-13
455
456Fixed a number of bugs in the previous release, including:
457  - a number of bugs in and related to pam_[gs]et_item(3)
458  - off-by-one bug in pam_start.c would trim last character off certain
459    configuration lines
460  - incorrect ordering of an array in openpam_load.c would cause service
461    module functions to get mixed up
462  - missing 'continue' in openpam_dispatch.c caused successes to be
463    counted as failures
464============================================================================
465OpenPAM Calamite                                                2002-02-09
466
467First (beta) release.
Note: See TracBrowser for help on using the repository browser.