source: openpam/trunk/HISTORY @ 923

Last change on this file since 923 was 923, checked in by Dag-Erling Smørgrav, 4 years ago

Prepare to release OpenPAM Radula.

  • Property svn:eol-style set to native
  • Property svn:mime-type set to text/plain
File size: 17.4 KB
Line 
1OpenPAM Radula                                                  2017-02-19
2
3 - BUGFIX: Fix an inverted test which prevented pam_get_authtok(3) and
4   pam_get_user(3) from using application-provided custom prompts.
5
6 - BUGFIX: Plug a memory leak in pam_set_item(3).
7
8 - BUGFIX: Plug a potential memory leak in openpam_readlinev(3).
9
10 - BUGFIX: In openpam_readword(3), support line continuations within
11   whitespace.
12
13 - ENHANCE: Add a feature flag to control fallback to "other" policy.
14
15 - ENHANCE: Add a pam_return(8) module which returns an arbitrary
16   code specified in the module options.
17
18 - ENHANCE: More and better unit tests.
19============================================================================
20OpenPAM Ourouparia                                              2014-09-12
21
22 - ENHANCE: When executing a chain, require at least one service
23   function to succeed.  This mitigates fail-open scenarios caused by
24   misconfigurations or missing modules.
25
26 - ENHANCE: Make sure to overwrite buffers which may have contained an
27   authentication token when they're no longer needed.
28
29 - BUGFIX: Under certain circumstances, specifying a non-existent
30   module (or misspelling the name of a module) in a policy could
31   result in a fail-open scenario.  (CVE-2014-3879)
32
33 - FEATURE: Add a search path for modules.  This was implemented in
34   Nummularia but inadvertently left out of the release notes.
35
36 - BUGFIX: The is_upper() predicate only accepted the letter A as an
37   upper-case character instead of the entire A-Z range.  As a result,
38   service and module names containing upper-case letters other than A
39   would be rejected.
40============================================================================
41OpenPAM Nummularia                                              2013-09-07
42
43 - ENHANCE: Rewrite the dynamic loader to improve readability and
44   reliability.  Modules can now be listed without the ".so" suffix in
45   the policy file; OpenPAM will automatically add it, just like it
46   will automatically add the version number if required.
47
48 - ENHANCE: Allow openpam_straddch(3) to be called without a character
49   so it can be used to preallocate a string.
50
51 - ENHANCE: Improve portability by adding simple asprintf(3) and
52   vasprintf(3) implementations for platforms that don't have them.
53
54 - ENHANCE: Move the libpam sources into a separate subdirectory.
55
56 - ENHANCE: Substantial documentation improvements.
57
58 - BUGFIX: When openpam_readword(3) encountered an opening quote, it
59   would set the first byte in the buffer to '\0', discarding all
60   existing text and, unless the buffer was empty to begin with, all
61   subsequent text as well.  This went unnoticed because none of the
62   unit tests for quoted strings had any text preceding the opening
63   quote.
64
65 - BUGFIX: make --with-modules-dir work the way it was meant to work
66   (but never did).
67============================================================================
68OpenPAM Micrampelis                                             2012-05-26
69
70 - FEATURE: Add an openpam_readword(3) function which reads the next
71   word from an input stream, applying shell quoting and escaping
72   rules.  Add numerous unit tests for openpam_readword(3).
73
74 - FEATURE: Add an openpam_readlinev(3) function which uses the
75   openpam_readword(3) function to read words from an input stream one
76   at a time until it reaches an unquoted, unescaped newline, and
77   returns an array of those words.  Add several unit tests for
78   openpam_readlinev(3).
79
80 - FEATURE: Add a PAM_HOST item which pam_start(3) initializes to the
81   machine's hostname.  This was implemented in Lycopsida but
82   inadvertantly left out of the release notes.
83
84 - FEATURE: In pam_get_authtok(3), if neither the application nor the
85   module have specified a prompt and PAM_HOST and PAM_RHOST are both
86   defined but not equal, use a different default prompt that includes
87   PAM_USER and PAM_HOST.
88
89 - ENHANCE: Rewrite the policy parser to used openpam_readlinev(),
90   which greatly simplifies the code.
91
92 - ENHANCE: The previous implementation of the policy parser relied on
93   the openpam_readline(3) function, which (by design) munges
94   whitespace and understands neither quotes nor backslash escapes.
95   As a result of the aforementioned rewrite, whitespace, quotes and
96   backslash escapes in policy files are now handled in a consistent
97   and predictable manner.
98
99 - ENHANCE: On platforms that have it, use fdlopen(3) to load modules.
100   This closes the race between the ownership / permission check and
101   the dlopen(3) call.
102
103 - ENHANCE: Reduce the amount of pointless error messages generated
104   while searching for a module.
105
106 - ENHANCE: Numerous documentation improvements, both in content and
107   formatting.
108
109 - BUGFIX: A patch incorporated in Lycopsida inadvertantly changed
110   OpenPAM's behavior when several policies exist for the same
111   service, from ignoring all but the first to concatenating them all.
112   Revert to the original behavior.
113
114 - BUGFIX: Plug a memory leak in the policy parser.
115============================================================================
116OpenPAM Lycopsida                                               2011-12-18
117
118 - ENHANCE: removed static build autodetection, which didn't work
119   anyway.  Use an explicit, user-specified preprocessor variable
120   instead.
121
122 - ENHANCE: cleaned up the documentation a bit.
123
124 - ENHANCE: added openpam_subst(3), allowing certain PAM items to be
125   embedded in strings such as prompts.  Apply it to the prompts used
126   by pam_get_user(3) and pam_get_authtok(3).
127
128 - ENHANCE: added support for the user_prompt, authtok_prompt and
129   oldauthtok_prompt module options, which override the prompts passed
130   by the module to pam_set_user(3) and pam_get_authtok(3).
131
132 - ENHANCE: rewrote the policy parser to support quoted option values.
133
134 - ENHANCE: added pamtest(1), a tool for testing modules and policies.
135
136 - ENHANCE: added code to check the ownership and permissions of a
137   module before loading it.
138
139 - ENHANCE: added / improved input validation in many cases, including
140   the policy file and some function arguments.  (CVE-2011-4122)
141============================================================================
142OpenPAM Hydrangea                                               2007-12-21
143
144 - ENHANCE: when compiling with GCC, mark up API functions with GCC
145   attributes where appropriate.
146
147 - BUGFIX: fixed numerous warnings uncovered by GCC 4.
148
149 - ENHANCE: building the documentation is now optional.
150
151 - ENHANCE: corrected a number of mistakes and style issues in the
152   build system.
153
154 - ENHANCE: API function arguments are now const where appropriate, to
155   match corresponding changes in the Solaris PAM and Linux-PAM APIs.
156
157 - ENHANCE: corrected a number of C namespace violations.
158
159 - ENHANCE: the module cache has been removed, allowing long-lived
160   applications to pick up module changes.  This also allows multiple
161   threads to use PAM simultaneously (as long as they use separate PAM
162   contexts), since the module cache was the only part of OpenPAM that
163   was not thread-safe.
164============================================================================
165OpenPAM Figwort                                                 2005-06-16
166
167 - BUGFIX: Correct several small signedness and initialization bugs
168   discovered during review by the NetBSD team.
169
170 - BUGFIX: Modify gendoc.pl to sort cross-references in dictionary
171   order within each section.
172
173 - ENHANCE: if a policy specifies a relative module path, prepend the
174   module directory so we never call dlopen(3) with a relative path.
175
176 - ENHANCE: add a pam.conf(5) manual page.
177============================================================================
178OpenPAM Feterita                                                2005-02-01
179
180 - BUGFIX: Correct numerous markup errors, invalid cross-references,
181   and other issues in the manual pages, with kind assistance from
182   Ruslan Ermilov <ru@freebsd.org>.
183
184 - BUGFIX: Avoid multiple evaluation of macro arguments in ENTERX()
185   and RETURNX() macros.
186
187 - BUGFIX: Remove an unnecessary and non-portable pointer cast in
188   pam_get_data(3).
189
190 - BUGFIX: Fix identical typos in PAM_ACCT_EXPIRED case in
191   pam_strerror(3) and gendoc.pl.
192
193 - ENHANCE: Minor overhaul of the autoconf / build system.
194
195 - ENHANCE: Add openpam_free_envlist(3).
196============================================================================
197OpenPAM Eelgrass                                                2004-02-10
198
199 - BUGFIX: Correct array handling bugs in conversation code.
200
201 - BUGFIX: In openpam_ttyconv(3), don't strip trailing linear
202   whitespace from the user's response.
203
204 - BUGFIX: Many constness issues addressed.
205============================================================================
206OpenPAM Dogwood                                                 2003-07-15
207
208 - ENHANCE: Use the GNU autotools.
209
210 - ENHANCE: Constify the msg field in struct pam_message.
211
212 - BUGFIX: Remove left-over debugging output
213
214 - BUGFIX: Avoid side effects in arguments to the FREE() macro
215
216 - ENHANCE: Make openpam_ttyconv(3) use read(2) rather than fgets(3).
217
218 - BUGFIX: Staticize some variables which shouldn't be global.
219
220 - BUGFIX: Correcly anticipate a NULL user in pam_get_user(3).
221
222 - ENHANCE: Various minor documentation improvements.
223
224Thanks to Dmitry V. Levin <ldv@altlinux.org> for considerable
225assistance with this release.
226============================================================================
227OpenPAM Digitalis                                               2003-06-01
228
229 - ENHANCE: Completely rewrite the configuration parser and add
230   support for the "include" control flag.
231
232 - ENHANCE: Improve portability to NetBSD, OpenBSD and Linux.
233
234 - ENHANCE: Lots of additional paranoia.
235
236 - BUGFIX: The sample su(1) application dropped privileges before
237   forking instead of after.
238
239 - ENHANCE: Document openpam_log(3).
240
241 - ENHANCE: Other minor documentation fixes.
242
243Thanks to Dmitry V. Levin <ldv@altlinux.org> for considerable
244assistance with this release.
245============================================================================
246OpenPAM Dianthus                                                2003-05-02
247
248 - BUGFIX: Initialize some potentially uninitialized variables.
249
250 - BUGFIX: Silence some warnings emitted by gcc -std=iso9899:1999.
251
252 - BUGFIX: In pam_getenv(), return a pointer to the stored variable
253   instead of a freshly allocated copy.
254
255 - ENHANCE: Detect recursion in openpam_borrow_cred()
256
257 - ENHANCE: Make borrowing one's own credentials a no-op.
258
259 - ENHANCE: Further improve debugging support.
260
261 - ENHANCE: Clean up some variable names.
262============================================================================
263OpenPAM Daffodil                                                2003-01-06
264
265 - ENHANCE: Document dependency on <sys/types.h> (for size_t)
266
267 - ENHANCE: Slightly improve error detection in openpam_ttyconv().
268
269 - BUGFIX: Fix several typos in debugging macros.
270============================================================================
271OpenPAM Cyclamen                                                2002-12-12
272
273 - ENHANCE: Improve recursion detection in openpam_dispatch().
274
275 - ENHANCE: Add debugging messages at entry and exit points of most
276   functions.
277
278 - ENHANCE: Fix some minor style issues.
279
280 - BUGFIX: Add default cases to the switches in openpam_log.c.
281
282 - ENHANCE: Add /usr/local/etc/pam.conf to policy search path.
283
284 - BUGFIX: In openpam_ttyconv(3), print the prompt to stdout rather
285   than stderr.
286============================================================================
287OpenPAM Citronella                                              2002-06-30
288
289 - ENHANCE: Add the "binding" control flag (from Solaris 9).
290
291 - ENHANCE: Define struct pam_repository and PAM_REPOSITORY (from
292   Solaris 9).
293
294 - ENHANCE: Flesh out the pam(3) man page.
295
296 - ENHANCE: Add an openpam(3) page with cross-references to all the
297   documented OpenPAM API extensions.
298
299 - ENHANCE: Add a pam_conv(3) man page describing the conversation
300   system.
301
302 - ENHANCE: Improved sample application.
303
304 - ENHANCE: Added sample pam_unix module.
305
306 - BUGFIX: Various documentation nits.
307============================================================================
308OpenPAM Cinquefoil                                              2002-05-24
309
310 - BUGFIX: Various warnings uncovered by gcc 3.1.
311
312 - ENHANCE: Add a null conversation function, openpam_nullconv(3).
313
314 - BUGFIX: Initialize the "other" chain to all zeroes.
315
316 - ENHANCE: Document openpam_ttyconv(3).
317============================================================================
318OpenPAM Cinnamon                                                2002-05-02
319
320 - ENHANCE: Add a null conversation function, openpam_nullconv().
321
322 - BUGFIX: Various markup bugs in the documentation.
323
324 - BUGFIX: Document <security/openpam.h>.
325
326 - BUGFIX: Duplicate expansion of openpam_log() macro arguments.
327
328 - ENHANCE: Restructure the policy-loading code and align our use of
329   the "other" policy with Solaris and Linux-PAM.
330
331 - ENHANCE: Log dlopen() and dlsym() failures.
332
333 - ENHANCE: In openpam_ttyconv(), emit a newline after error and info
334   messages unless the message contains one already.
335
336 - BUGFIX: In pam_vprompt(), initialize the response pointer to NULL
337   so we can detect whether the conversation function touched it.
338============================================================================
339OpenPAM Cineraria                                               2002-04-14
340
341 - BUGFIX: Fix confusion between token and prompt in
342   pam_get_authtok(3).
343
344 - ENHANCE: Improved documentation.
345
346 - ENHANCE: Adopt the same preprocessor tricks that were used in
347   FreeBSD's version of Linux-PAM to simplify static linking without
348   requiring dummy primitives.
349
350 - ENHANCE: Move the policy-loading code out of pam_start.c.
351
352 - BUGFIX: Fix typo in one of the versions of the openpam_log macro.
353
354 - ENHANCE: Add versioning macros.
355============================================================================
356OpenPAM Cinchona                                                2002-04-08
357
358 - ENHANCE: Improved documentation for several API functions.
359
360 - BUGFIX: Fix bug in pam_set_data() that would result in corruption
361   of the module data list.
362
363 - BUGFIX: Allocate the correct amount of memory for the environment
364   list in pam_putenv().
365
366 - ENHANCE: Change pam_get_authtok()'s prototype so the caller can
367   specify what token it wants.  Also introduce PAM_OLDAUTHTOK_PROMPT.
368
369 - BUGFIX: Plug memory leak in pam_get_user() / pam_get_authtok(), and
370   reduce differences between these very similar functions.
371
372 - ENHANCE: Check flags carefully in pam_authenticate() and
373   pam_chauthtok().
374
375 - BUGFIX: Fix bugs in portability code; libpam now builds on NetBSD.
376
377 - ENHANCE: In pam_get_authtok(), if PAM_OLDAUTHTOK is set, we're
378   asked for PAM_AUTHTOK, and we have to prompt the user, prompt her
379   twice and compare the responses.
380
381 - ENHANCE: Add openpam_{borrow,restore}_cred(), for temporarily
382   switching to user credentials.
383
384 - ENHANCE: Add openpam_free_data(), a generic cleanup function for
385   pam_set_data() consumers.
386============================================================================
387OpenPAM Centaury                                                2002-03-14
388
389 - BUGFIX: Add missing #include <string.h> to openpam_log.c.
390
391 - BUGFIX: s/PAM_REINITIALISE_CRED/PAM_REINITIALIZE_CRED/.  XSSO uses
392   the former, but Solaris and Linux-PAM use the latter.
393
394 - BUGFIX: The dynamic loader and the module cache contained a number
395   of bugs which would cause a segmentation fault if pam_start(3) was
396   called again after pam_end(3), as happens in login(1), xdm(1) etc.
397   after a failed login.
398
399 - BUGFIX: Refer to a module by the name used in the policy file, even
400   if the module that was actually loaded was versioned.
401
402 - ENHANCE: Suppress debugging logs, unless compiled with -DDEBUG.
403============================================================================
404OpenPAM Celandine                                               2002-03-05
405
406 - BUGFIX: PAM_TRY_AGAIN is a valid return value for pam_chauthtok().
407
408 - BUGFIX: Run passwd chain twice, first with the PAM_PRELIM_CHECK
409   flag set, then with the PAM_UPDATE_AUTHTOK flag set.
410
411 - BUGFIX: Failure of a "sufficient" module should not terminate the
412   passwd chain if the PAM_PRELIM_CHECK flag is set.
413
414 - BUGFIX: Clear PAM_AUTHTOK after running the service modules.
415
416 - ENHANCE: Prevent applications from specifying the PAM_PRELIM_CHECK
417   or PAM_UPDATE_AUTHTOK flags themselves.
418
419 - BUGFIX: openpam_set_option() did not support changing the value of
420   an existing option.
421
422 - ENHANCE: Add support for module versioning.  OpenPAM will prefer a
423   module with the same version number as the library itself to one
424   with no version number at all.
425============================================================================
426OpenPAM Cantaloupe                                              2002-02-22
427
428 - BUGFIX: The proper use of PAM_SYMBOL_ERR is to indicate an invalid
429   argument to pam_[gs]et_item(3), not to indicate dlsym(3) failures.
430
431 - ENHANCE: Add in-line documentation in most source files, and a Perl
432   script that generates mdoc code from that.
433
434 - BUGFIX: The environment list was not properly NULL-terminated.
435
436 - ENHANCE: Allow the PAM_AUTHTOK_PROMPT item to override the prompt
437   specified by the module.
438
439 - BUGFIX: PAM_NUM_ITEMS was set too low.  It has been moved to
440   pam_constants.h to avoid it going stale again.
441
442 - ENHANCE: Move all code related to static modules into a separate
443   file.
444
445 - ENHANCE: openpam_ttyconv() now masks most signals while prompting the
446   user, and supports setting a timeout (which defaults to off).
447
448 - BUGFIX: Some manual pages referenced XSSO even though they
449   documented OpenPAM-specific functions.
450
451 - ENHANCE: Added openpam_get_option() and openpam_set_option().
452
453 - ENHANCE: openpam_get_authtok() now respects the echo_pass,
454   try_first_pass, and use_first_pass options.
455============================================================================
456OpenPAM Caliopsis                                               2002-02-13
457
458Fixed a number of bugs in the previous release, including:
459  - a number of bugs in and related to pam_[gs]et_item(3)
460  - off-by-one bug in pam_start.c would trim last character off certain
461    configuration lines
462  - incorrect ordering of an array in openpam_load.c would cause service
463    module functions to get mixed up
464  - missing 'continue' in openpam_dispatch.c caused successes to be
465    counted as failures
466============================================================================
467OpenPAM Calamite                                                2002-02-09
468
469First (beta) release.
Note: See TracBrowser for help on using the repository browser.