Group :: System/Base
RPM: tcb
Main Changelog Spec Patches Sources Download Gear Bugs and FR Repocop
24 august 2021 Dmitry V. Levin <ldv at altlinux.org> 1.2-alt2
- Disabled build and packaging of libtcb.a.
- 1.1.9.1 -> 1.2.
- 1.1.0.1 -> 1.1.9.1.
- Replaced PreReq with Requires.
- pam_tcb:
+ dropped obsolete nis/nis+ support (closes: #34919);
+ changed to use default prefix implemented by libcrypt;
+ changed to use pam_get_authtok(3);
+ dropped not_set_pass option;
+ added authtok_type= option;
+ synced password expiration messages with Linux-PAM. - Enabled LFS support.
- Updated to 1.1:
* Sun Jul 17 2011 Solar Designer <solar@owl> 1.1-owl1 - Changed the default hash encoding prefix from "$2a$" to "$2y$"
(requires crypt_blowfish 1.2 or newer).
- pam0_tcb: Added and enabled NLS support.
- pam0_tcb: Added description to tcb_chkpwd control (closes: #17283).
- Rebuilt for debuginfo.
- Rebuilt for soname set-versions.
- Dropped faulty check for sparse files in tcb_is_suspect().
- Decreased the size of tcb_privs structure allocated in .data segment
from 256K to a two dozen bytes by moving a groups array to .bss segment.
- Fixed potential grpbuf buffer overflow in tcb_drop_priv_r().
There doesn't appear to be any untrusted user input involved,
so this bug doesn't have to be treated as a security issue. - Patched Makefiles to use LDFLAGS more consistently. Reported
by Pawel Hajdan.
- In the PAM module, replaced all calls to exit(3) in child processes
with calls to _exit(2). Reported by Pascal Terjan. - In the PAM module, added fflush(3) and fsync(2) calls right before
closing file opened for writing. Reported by Ermanno Scaglione.
- Removed obsolete %post_ldconfig/%postun_ldconfig calls.
- Adjusted %post scripts for current rpmbuild.
- In the PAM module and tcb_chkpwd helper, fixed memory leaks
reported by Alexander Kanevskiy.
- In the PAM module, hardened pam_sm_open_session() to fail for unknown users.
- Rebuilt for new style PAM dependencies generated by rpm-build-4.0.4-alt55.
- Updated to 1.0 (with all changes made in previous release applied).
- In the PAM module, changed conversation code to use pam_prompt.
- In the PAM module,
+ Fixed potential NULL dereferences in unix_verify_password_plain()
and pam_sm_chauthtok().
+ Disabled overriding default prompt in pam_get_user() calls.
+ Changed logging to use pam_syslog.
- Updated to 0.9.9 (with all changes made in previous release applied).
- Restricted list of global symbols exported by the library,
NSS and PAM modules. - In the PAM module, implemented "openlog" option and disabled
openlog/closelog calls for each logging function invocation,
according to new convention introduced in pam-0.80-alt1.
- Updated to 0.9.8.9 (with alt-warnings applied).
- tcb-utils: packaged /etc/tcb as %ghost.
- pam_tcb: removed obsolete pam_unix* provides.
- Redone alt-warnings and alt-openpam patches.
- In pam_tcb:
+ keep tcb_chkpwd at mode "restricted" in the package, but default
it to "tcb" in %post when the package is first installed.
This avoids a race and fail-open behavior.
+ Instructed RPM to not verify permissions and group ownership
of tcb_chkpwd file which is controlled via control(8) facility.
- Fixed multilib [take 2] (closes #4896).
- Fixed multilib (closes #4896).
- tcb_unconvert: Zero errno before each readdir(3) call.
- Deal with compilation warnings generated by new gcc compiler.
- Updated to 0.9.8.7:
* Sun Nov 02 2003 Solar Designer <solar@owl> 0.9.8.7-owl1 - Build the PAM module with -fPIC.
- Renamed FAKEROOT to DESTDIR.
- Rediffed patches.
- Updated to 0.9.8.6:
* Wed Oct 29 2003 Solar Designer <solar@owl> 0.9.8.6-owl1 - Don't depend on *BSD-style asprintf(3) semantics
as glibc upstream has rejected that patch.
- Fixed build with OpenPAM.
- Added Linux-PAM/OpenPAM multi-build support.
- Updated to 0.9.8.5:
* Fri Apr 18 2003 Solar Designer <solar@owl> 0.9.8.5-owl1 - Use bold face for component names in .SH NAME, but avoid *roff commands
to not confuse makewhatis and apropos(1).
- In pam_tcb, implemented proper fake salt creation to avoid a timing attack.
- Implemented proper dummy salt creation to avoid a timing attack.
- Updated to 0.9.8.3:
* Thu Oct 31 2002 Solar Designer <solar@owl> - Optimized unix_verify_password() a bit, from Dmitry V. Levin of ALT Linux.
* Wed Oct 30 2002 Solar Designer <solar@owl> - In tcb_convert.8, noted that /etc/shadow backups need to be removed as
well, with /etc/shadow- as the particular example. - Added control support for tcb_chkpwd, with three alternatives:
"tcb" (default), "traditional" (for shadow/nis) and "restricted" (root only).
- Updated to 0.9.8.1:
* Thu Oct 24 2002 Solar Designer <solar@owl> - Cleaned up the recent changes.
* Mon Aug 19 2002 Rafal Wojtczuk <nergal@owl> - Merged enhancements which remove 32K users limit.
- Added ENABLE_SETFSUGID.
- Pass the username to the helper binary such that it can handle
non-unique UIDs. - tcb_chkpwd: optimized unix_verify_password() a bit.
- Use subst instead of perl for build.
- Updated devel-static requirements.
- 0.9.7.4:
+ Moved the pam_tcb and pam_unix manual pages to section 8.
+ No longer let root enforced password changes (sp_lstchg == 0) take
precedence over expired accounts (sp_expire). - Moved static library to devel-static subpackage.
- Fixed libtcb.so symlink (appeared to be broken in previous release).
- 0.9.7.1: relocated helper:
/sbin/chkpwd.d/tcb_chkpwd --> /usr/lib/chkpwd/tcb_chkpwd.
- Refined fsuid patch.
- libtcb/tcb_{drop,gain}_priv_r: use fsuid instead of euid.
- tcb_convert: try auth group by default.
- ALT adaptions, libification.
- Various minor fixes from Dmitry V. Levin of ALT Linux.
- A GNU-style ChangeLog will now be maintained.
- Patches from Nergal to make delays on failure work with the "fork"
option and to not produce a warning when su'ing to pseudo-users from
root.
- Don't include the /sbin/chkpwd.d directory in this package as it's
provided by our pam package. - Use a trigger on shadow-utils for possibly creating and making use of
group shadow. This makes no difference on Owl as either the group is
provided by owl-etc (on new installs) or groupadd is already available
when this package is installed, but may be useful on hybrid systems.
- Provide compatibility symlinks and a man page for pam_unix.
- tcb_convert(8) man page fixes from Nergal.
- Moved all of pam_tcb's prompts and messages to support.h and made them
more consistent with those used by pam_passwdqc. - Improved logging.
- Changed everything all over the place during October. ;-)
- Makefiles and code layout rewrite.
- Added reentrant tcb_*_privs_r() functions, needed for nss.
- version 0.5
- man pages
- nis fixes
- removed ugly _unix_getpwnam(), clean replacement
- 0.4 packaged for Owl.