mirror of
https://github.com/vincentmli/bpfire.git
synced 2026-04-28 11:43:25 +02:00
pam: Update to version 1.6.0
- Update from version 1.5.3 to 1.6.0
- Update of rootfile
- A build bug was found with 1.6.0 if --enable-read-both-confs was set in the configure.
A commit fixing this has been released and converted into a patch for IPFire. This
will end up in the next pam release version and the IPFire patch can then be removed.
- Changelog
1.6.0
* Added support of configuration files with arbitrarily long lines.
* build: fixed build outside of the source tree.
* libpam: added use of getrandom(2) as a source of randomness if available.
* libpam: fixed calculation of fail delay with very long delays.
* libpam: fixed potential infinite recursion with includes.
* libpam: implemented string to number conversions validation when parsing
controls in configuration.
* pam_access: added quiet_log option.
* pam_access: fixed truncation of very long group names.
* pam_canonicalize_user: new module to canonicalize user name.
* pam_echo: fixed file handling to prevent overflows and short reads.
* pam_env: added support of '\' character in environment variable values.
* pam_exec: allowed expose_authtok for password PAM_TYPE.
* pam_exec: fixed stack overflow with binary output of programs.
* pam_faildelay: implemented parameter ranges validation.
* pam_listfile: changed to treat \r and \n exactly the same in configuration.
* pam_mkhomedir: hardened directory creation against timing attacks.
Please note that using *at functions leads to more open file handles
during creation.
* pam_namespace: fixed potential local DoS (CVE-2024-22365).
* pam_nologin: fixed file handling to prevent short reads.
* pam_pwhistory: helper binary is now built only if SELinux support is enabled.
* pam_pwhistory: implemented reliable usernames handling when remembering
passwords.
* pam_shells: changed to allow shell entries with absolute paths only.
* pam_succeed_if: fixed treating empty strings as numerical value 0.
* pam_unix: added support of disabled password aging.
* pam_unix: synchronized password aging with shadow.
* pam_unix: implemented string to number conversions validation.
* pam_unix: fixed truncation of very long user names.
* pam_unix: corrected rounds retrieval for configured encryption method.
* pam_unix: implemented reliable usernames handling when remembering passwords.
* pam_unix: changed to always run the helper to obtain shadow password entries.
* pam_unix: unix_update helper binary is now built only if SELinux support
is enabled.
* pam_unix: added audit support to unix_update helper.
* pam_userdb: added gdbm support.
* Multiple minor bug fixes, portability fixes, documentation improvements,
and translation updates.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This commit is contained in:
Adolf Belka
committed by
Michael Tremer
Michael Tremer
parent
f4ca072ce4
commit
64f9606302
@@ -17,6 +17,8 @@ etc/security
|
||||
#lib/security/mkhomedir_helper
|
||||
#lib/security/pam_access.la
|
||||
lib/security/pam_access.so
|
||||
#lib/security/pam_canonicalize_user.la
|
||||
#lib/security/pam_canonicalize_user.so
|
||||
#lib/security/pam_debug.la
|
||||
#lib/security/pam_debug.so
|
||||
#lib/security/pam_deny.la
|
||||
@@ -193,6 +195,7 @@ usr/lib/libpamc.so.0.82.1
|
||||
#usr/share/man/man8/mkhomedir_helper.8
|
||||
#usr/share/man/man8/pam.8
|
||||
#usr/share/man/man8/pam_access.8
|
||||
#usr/share/man/man8/pam_canonicalize_user.8
|
||||
#usr/share/man/man8/pam_debug.8
|
||||
#usr/share/man/man8/pam_deny.8
|
||||
#usr/share/man/man8/pam_echo.8
|
||||
|
||||
Reference in New Issue
Block a user