Changes between Initial Version and Version 1 of Releases/Ourouparia


Ignore:
Timestamp:
Sep 12, 2014, 8:04:19 AM (6 years ago)
Author:
Dag-Erling Smørgrav
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • Releases/Ourouparia

    v1 v1  
     1= OpenPAM Ourouparia =
     2
     3OpenPAM Ourouparia was released on 2014-09-12.
     4
     5 - '''ENHANCE''' When executing a chain, require at least one service function to succeed.  This mitigates fail-open scenarios caused by misconfigurations or missing modules.
     6
     7 - '''ENHANCE''' Make sure to overwrite buffers which may have contained an authentication token when they're no longer needed.
     8
     9 - '''BUGFIX''' Under certain circumstances, specifying a non-existent module (or misspelling the name of a module) in a policy could result in a fail-open scenario.  (`CVE`-2014-3879)
     10
     11 - '''FEATURE''' Add a search path for modules.  This was implemented in Nummularia but inadvertently left out of the release notes.
     12
     13 - '''BUGFIX''' The `is_upper()` predicate only accepted the letter A as an upper-case character instead of the entire A-Z range.  As a result, service and module names containing upper-case letters other than A would be rejected.
     14
     15[http://sourceforge.net/projects/openpam/files/openpam/Ourouparia/ Download from Sourceforge]