For details, see the history as recorded in the git repository.

HEAD
====


v2.5 (August 10 2010)
=====================
Changes:
- mount.crypt: fix incorrect processing of binary files in keyfile passthrough
- call mount.crypt by means of mount -t crypt (selinux), same for umount
- reorder the default path to search in /usr/local first, then /usr, /
- config: add missing fd0ssh command to restore volumes using ssh
- ofl is now run as a separate process (selinux policy simplification)


v2.4 (June 26 2010)
===================
Notes:
- see doc/bugs.txt for cryptsetup behavior that impacts
  pam_mount users since version 2.0
- recommending use of device-mapper >= 1.02.48 to avoid a race

Fixes:
- umount.crypt: fix use of a wrong field for smtab/cmtab staleness check
Changes:
- make libcryptsetup truly optional at compile-time
  (it was only claimed in the doc, but not fully realized until now)
- make libcrypto truly optional at compile-time
  (this had once worked in pam_mount 0.x, now it does again)


v2.3 (May 19 2010)
==================
Fixes:
- umount.crypt had erroneously mounted instead of umounted


v2.2 (May 16 2010)
==================
Fixes:
- mount.crypt: fix memory scribble crash when crypto device could
  not be initialized
- mount.crypt: do not fail when unlocking key slot other than #0
- fusermount is now called with supplementary groups initialized
- rdconf: do not warn about missing fskeyhash when no fskey specified
- mount: prefer sysv mount API over bsd
- pmt-ehd: reword help text for -k option
- pmt-ehd: apply default value for -k option
- pmt-ehd: fix fskey generation which was pegged at 256 bits
- pmt-ehd: avoid needless overtruncation/sparsifying
- pmt-ehd: zero LUKS header to avoid setup failure of PLAIN volume
Changes:
- pmt-ehd: speed up writing random data
- pmt-ehd: reword help text for -k option
- mount.crypt: ignore cmtab update errors
- mount.crypt: add support for keyfile passthru using -ofsk_cipher=none
- doc: document mount.crypt's -o hash option
- mount.crypt: warn on ignored options


v2.1 (May 02 2010)
==================
Fixes:
- config: rdconf1 static data had unclosed %(if) tags
- config: rdconf1 static data had extraneous %(OPTIONS) parameter


v2.0 (April 20 2010)
====================
Changes:
- mount.crypt: make use of libcryptsetup
- cmtab is now stored below localstatedir (usually /var/run)
- use HXformat2. This invalidates old constructs like %(before=\"-o\"...),
  which need to be replaced with the new syntax. (See below.)

In general, the old syntax was only used by commands Note to updaters: As the
old syntax %(after=...) %(before=...) %(ifempty=...) %(ifnempty=...)
%(lower=...) %(upper=...) only appeared in commands, and commands are not part
of the default config file anymore since v1.0~15^2~15, there should be little
worry. The configuration options in question are <cifsmount>, <cryptmount>,
<cryptumount>, <fd0ssh>, <fsck>, <fusemount>, <fuseumount>, <lclmount>,
<nfsmount>, <ncpmount>, <ncpumount>, <pmvarrun>, <smbmount>, <smbumount>
<umount> and should normally not be needed in pam_mount.conf.xml.


v1.36 (April 13 2010)
====================
Changes:
- cope better with cryptsetup's assumption that keysize=256
- augment doc/bugs.txt about caveats with cryptsetup create


v1.35 (April 10 2010)
=====================
Fixes:
- avoid a mlock(NULL) when there is no auth token
Changes:
- print error code when mkmountpoint failed
- print warning when cmtab is not creatable


v1.34 (April 08 2010)
=====================
Changes:
- update for libHX 3.4
Fixes:
- do decrease the login refcount on logout when no volumes are defined


v1.33 (January 10 2010)
=======================
Fixes:
- avoid multi-free of auth token when pam_mount is rerun in a PAM stack
- avoid NULL dereference when there is an empty line in mtab


v1.32 (September 21 2009)
=========================
Fixes:
- luserconf: fix skipping luser volume mounting
- config: allow arbitrary source paths for tmpfs


v1.31 (September 02 2009)
=========================
Fixes:
- pam_mount: fix a potential strlen(NULL) on login


v1.30 (August 27 2009)
======================
Fixes:
- pam_mount: avoid crash in sudo by not calling setenv() with NULL
- pam_mount: unwind krb5 environment info at the right time
- umount.crypt: do not remove entry from /etc/mtab twice
- doc: mount.crypt has no defaults for fsk_cipher and fsk_hash
- doc: pmt-ehd defaults to using SHA1 hash
- doc: mention preferred location of <debug>
Changes:
- config: move <debug> to top
Enhancements:
- luserconf: delayed parsing and mounting of luserconf volumes


v1.27 (July 01 2009)
====================
Changes:
- mounting: stdout from mount programs is now discarded


v1.26 (June 19 2009)
====================
Fixes:
- config: do parse <cryptumount> elements from .xml
Enhancements:
- mount: pass fstype to NFS mount program
- config: map "nfs4" fstype to NFSMOUNT
- pam_mount: PAM function return code audit
- config: warn about ignored "server" attribute in <volume>
- config: print error message on config file syntax error


v1.25 (May 09 2009)
===================
Fixes:
- fix splitting of "NTDOMAIN\username" strings
Enhancements:
- config: broaden variable expansion to resolve a case where it
  did not do expected expansion with AUFS


v1.24 (April 23 2009)
=====================
Fixes:
- src: fix one uninitialized value
- mount.crypt: write options, not "defaults" to /etc/mtab
- mount.crypt: keysize truncation must happen later


v1.22 (April 05 2009)
=====================
Changes:
- mount.crypt: pass -o ro/rw down to mount program
- mount.crypt: support for -o remount
- mount.crypt: support overriding keysize


v1.21 (March 17 2009)
=====================
Fixes:
- mount.crypt: must pass -s option to cryptsetup
  (otherwise its odd default of truncating the key kicks in)
Documentation:
- mount.crypt: add "Deprecated Mount options" section to manpage


v1.20 (March 01 2009)
=====================
Fixes:
- pam_mount: fix a double free that can happen when stale entries are in cmtab
- pam_mount: first-time overriding of mntoptions failed to work


v1.19 (February 27 2009)
========================
Fixes:
- pmvarrun: do not segfault when no username is specified (corner-case)
- pmvarrun: recognize internal _PMT_DEBUG_LEVEL env var
- mtab: automatically ignore and remove stale entries from cmtab
- pam_mount: fix unexpected termination after pam_mount ran
- doc: list support contacts in man page


v1.18 (February 07 2009)
========================
Fixes:
- mount.crypt: warn on insecure ciphers/hashes
- pam_mount: fix case-insensitive sgrp matching for <volume>
- pam_mount: additional safety check for NULL 'converse' structs
- doc: add sudo to the Known Bugs list


v1.17 (January 26 2009)
=======================
Fixes:
- mount.crypt: resolve valgrind warnings (incapability to umount)
- mount.crypt: correct exit status on mount
- mtab: do not fail if file not found
- pam_mount: look into cmtab when checking for already-mounted volumes

Features:
- ports: FreeBSD loop device (MD) support
- ports: NetBSD loop device (VND) support
- ports: NetBSD crypto device (CGD) support


v1.16 (January 24 2009)
=======================
Fixes:
- nucrypt2: resolve compiler warnings
- nucrypt2: avoid NULL deref in pmt_cmtab_add
- mount.crypt: avoid random deref in bogus printf
- mount.crypt: only use mount -i on __linux__
- mount.crypt: avoid umount attemps when not mounted


v1.15 (January 23 2009)
=======================
Features:
- mount.crypt: use /etc/cmtab file to keep crypto mount info

Fixes:
- mount.crypt/pmt-ehd: flush tty input queue before prompting for password


v1.10 (January 22 2009)
=======================
Fixes:
- crypto: add missing return statements during loop+crypto setup
- pmt-ehd: fix return statements
- ehd: do not feed password's '\0' into openSSL


v1.9 (January 13 2009)
======================
Fixes:
- umount was called on anything but the last session
- ofl: fix per-task fd lookup (again)
- luserconf: re-enforce three-wall option checks

Changes:
- doc: remove old use_first_pass from doc
- doc: add version string and reldate to manpages


v1.8 (January 07 2009)
======================
- doc: add manpage aliases crypt{,o}_LUKS
- mount.crypt: fix return code regression
- logging: <debug> should not turn off errors
- src: traverse non-whitespace properly, check for '\0'
- pam_mount: fix segfault in case of an undefined converse function (e.g. cron)
- mount.crypt: fix segfault when password is NULL
- umount.crypt: fix segfault when path is not mounted

Additions:
- ports: pam_mount.so compiles on FreeBSD (7.1)


v1.7 (January 01 2009)
======================
Fixes:
- spawns: correctly interpret return codes when signalled
- pmt-ehd: fix a wrong return value in the error path
- src: close some leaking fds
- src: resolve memory leaks from HXformat use
- mount.crypt: continue on umount errors
- rdconf: silence debug messages if debug turned off

Changes:
- signals: block SIGPIPE during the entire pam_mount run time
- signals: use refcounted SIGCHLD
- src: use libHX 2.2's proc interface


v1.6 (December 27 2008)
=======================
- update to libHX 2.0
- block-linux: close a leaking fd
- config: optionally install DTD and instructions for verification
- config: resynchronize DTD with XML
- build: autotools fixes, make `make dist` work
- pam_mount.so now builds on BSD


v1.5 (December 07 2008)
=======================
- mount.crypt: support fsck mount option


v1.4 (November 24 2008)
=======================
- mount.crypt: fix is_luks detection
- mount.crypt: add warnings for unneeded/unsupported options
- build: supply "crypto_LUKS" fstype symlinks


v1.3 (November 16 2008)
=======================
- ofl: fix per-task fd lookup
- mount.crypt: -v takes no argument
- mount.crypt: use original container name as dmdevice name
- mount.crypt: reduce output on wrong password
- mount.crypt: only require -o cipher when really needed
- always proceed with mount even when a password is missing


v1.2 (October 23 2008)
======================
- pmt-ehd: autodetect size for block devices
- config: add missing %(CIPHER) to CMD_CRYPTMOUNT command line
- mount.crypt: allow -v to be set through -o verbose too
  (that way you can enable it per-<volume>)
- mount.crypt: pass -c to cryptsetup also for LUKS
- config: expand placeholders in the <volume options="..."> attribute
- config: make %(GROUP) variable working


v1.1 (October 20 2008)
======================
- config: fix unfortunate inversion in user_in_sgrp
- config: fix unintentional inversion in mntoptions deny processing
- mount.crypt: allow specification of a hash alg
- pmt-ehd: add -D option for debugging
- mount.crypt: propagate -o fstype=x to mount(8)
- pmt-ehd: double-ask for password
- config: remove bogus user check for ncpfs
- pmt-ehd: fix segfault when using -c option
- pmt-ehd: add -h option to pick hash for key derivation
- pmt-ehd: default to using SHA1 for hash
- mount.crypt: do not default to any cipher/hash
- pmt-ehd: print <volume> line after creation
- config: introduce <volume fskeyhash=""> attribute
- config: introduce <volume cipher=""> attribute


v1.0 (October 12 2008)
======================
- convert_pam_mount_conf.pl: ignore unknown commands
- fix leftover assertion in crypto.c
- remove legacy truecrypt 4.x support
- deprecate cryptoloop (unsafe for journalled fs)
- remove BSD mntcheck code
- remove BSD mntagain leftovers
- remove BSD mount_ehd/vnconfig scripts
- remove code that set up a loop device for fsck
  (fsck can operate on normal files)
- new crypto helper: pmt-ehd replaces scripts/mkehd
- new crypto helper: mount.crypt is now a proper program
- add %(GROUP) variable
- remove convert_pam_mount.conf.pl


v0.49 (October 07 2008)
=======================
- convert_pam_mount_conf.pl: ignore unknown commands
- fix leftover assertion in crypto.c
- remove legacy truecrypt 4.x support
- deprecate cryptoloop (unsafe for journalled fs)
- revert "mount.crypt: default to aes-cbc-essiv:sha256/sha512"
- fix invalid pointer causing crash on fskey decryption


v0.48 (September 10 2008)
=========================
- upgrade for libHX 1.25
  (this fixes a potential crash in the fskey decryption routine)
- move more documentation from pam_mount.conf.xml into pam_mount.conf.5


v0.47 (September 04 2008)
=========================
This release incorporates a security fix (item 3 on the list).
All administrators who have enabled <luserconf> in the configuration
file should upgrade. A workaround is to comment out <luserconf>.

- mount.crypt: add missing null command to conform to sh syntax
  (SF bug #2089446)
- conf: fix printing of strings when luser volume options were not ok
- conf: re-add luserconf security checks
- add support for encfs 1.3.x (1.4.x already has been in for long)
- conf: add the "noroot" attribute for <volume> to force mounting with
  the unprivileged user account (required for FUSE filesystems)
- replace fixed-size buffers and arrays with dynamic ones (complete)


v0.45 (August 31 2008)
======================
- fix double-freeing the authentication token
- use ofl instead of lsof/fuser
- kill-on-logout support (terminate processes that would stand in the
  way of unmounting)
- mount.crypt: auto-detect necessity for running losetup
- replace fixed-size buffers with dynamic ones (first part)


v0.44 (August 16 2008)
======================
Bugfixes only.
- mount.crypt: fix option slurping (SF bug #2054323)
- properly handle simple sgrp config items (Debian bug #493497)
- src: correct error check in run_lsof()
- conf: check that slash follows home tilde
- conf: wildcard inadvertently matched root sometimes


v0.43 (July 16 2008)
====================
A few accumulated patches, but no real new glaring features.
- remove davfs support
- pass fsck definition from pam_mount.conf.xml to mount.crypt
- document pam_mount.conf.xml defaults
- do not call fsck from within pam_mount for encrypted devices,
  let mount.crypt do it


v0.41 (June 17 2008)
====================
This is a stable release, no new features, bugfixes only.
Fixes regressions found in 0.39 and 0.40. Most important changes:
- bypass /sbin/mount for mount.crypt
- umount.crypt: fix expression syntax for _PMT_DEBUG_LEVEL
- re-add support for user="*" wildcard
- add missing pgrp/sgrp attribute handling for simple user control
- mount.crypt: handle arbitrary argument order
- correct extended sgrp handling
- manpages: add missing description for <fsck>, and reorder <path>


v0.40 (June 11 2008)
====================
- the documentation in pam_mount.conf.xml has been reworked and
  split off into pam_mount.conf(5).
- extensive user selection for <volume> (revised)
- case-insensitive matching for user, pgrp, sgrp
- fixed segfault when more than one volume was defined


v0.39 (May 28 2008)
===================
- extended user selection for <volume>
- fix an unwanted inversion for handling <options allow=" (nonempty) ">
- store per-volume option list in ordered form --
  essentially fixes the problem of "user" (implies noeexec)
  overriding "exec"


v0.38 (May 18 2008)
===================
- fix null pointer deref (from new UID/GID range support)
- mount.crypt uses normal sleep from coreutils again


v0.37 (May 17 2008)
===================
- truecrypt 5.x is not supported because the truecrypt CLI component
  that pam_mount requires was removed
- <volume> tag in pam_mount.conf.xml supports UID and GID ranges now
- avoid printing a line of garbage into logs


v0.35.1 (April 10 2008)
=======================
- fix HAVE_LIBCRYPTO regression;
  crypto was always disabled even if openssl present


v0.35 (April 06 2008)
=====================
- mount.crypt: fix loop device detection
- mount.crypt: wait for dm devices to show up
- fixed: mount flag and value were one argument
- pmvarrun: support unprivileged mode
- Support for SSH keyboard-interactive authenticated volumes
- documentation updates


v0.33 (February 22 2008)
========================
- notify about unknown options in /etc/pam.d/*
- support "debug" option for pam_mount in /etc/pam.d/*
- mount.crypt: detect loop devices by major number
- remove trailing comma from mount options


v0.32 (December 06 2007)
========================
- remove unintended zeroing of variable
- rip out mntagain hack


v0.31 (December 01 2007)
========================
Fixed parsing of old-style pam_mount.conf with spaces in group names,
copy-and-paste typos and a missing return value. Added workaround for
CIFS volumes within NFS mounts with "root_squash" option.

- allow --keyfile to be used for non-LUKS too
- add workaround for CIFS mounts within root_squashed NFS
- luksClose is the same as Remove (in umount.crypt)
- fix copy-and-paste error in converter script
- convert "local" fstype entries from old configuration format correctly.
- fixed parsing of old pam_mount.conf with spaces in group names
- fixed: When no volumes were to be mounted, return value
  was not PAM_SUCCESS.


v0.29 (September 27 2007)
=========================
An uninitialized array and a copy-and-paste error were corrected in
the recently introduced process spawn code.

- explicitly initialize fd array (spawn.c)
- fix a copy-and-paste typo during dup2() (spawn.c)


v0.28 (September 27 2007)
=========================
A hotfix for an incorrect printf format specification in pmvarrun.
Also installs config files by default now.

- install pam_mount.conf.xml by default
- add --with-selinux configure option to install selinux files
- fix crash due to printf arguments in pmvarrun.c


v0.27 (September 26 2007)
=========================
This release fixes a crash on logout with su by using a fixed $PATH
to work around broken login programs. MSAD usernames are now accepted
in pmvarrun. The libglib dependency has been dropped.

- add luserconf conversion note to convert_pam_mount_conf.pl
- do not print "mount errors" if there won't be any
- allow MSAD usernames (with spaces and backslash) in pmvarrun
- quick-terminate if there is nothing to do on closing session
- fix crash on logout with su (unsigned loop underflow)
- drop libglib dependency
- always use fixed $PATH


v0.26 (September 20 2007)
=========================
Luks argument ordering, mountpoint creation as user, and the
converter script were corrected. The "nullok" and --keyfile options
were added.

- revert r290 which incorrectly changed the luks argument order
- --keyfile option added to mount.crypt
- improved error reporting in the config converter script
- do not literally copy the special-meaning single dashes
  in converter script
- fix mount.crypt inner shell syntax
- add "nullok" option
- fix a missing user identity switch after mkmountpoint'ing


v0.21 (September 17 2007)
=========================
Some mount helpers needed a different option passing method.
Stacking of loop devices is now avoided, and pam_mount will not ask
for a password if no volumes are to be mounted. The documentation has
been updated to include PAM module stacking (e.g. when using pam_ldap
with pam_mount).

- silence unwanted error message (fallout from r240)
- add "Known Bugs and Issues" documentation
- more documentation - How to stack PAM modules without pam_stack
- option passing to some mount helpers needs to be different
- avoid stacking of loop devices
- do not ask for password if no volumes found


v0.20 (September 05 2007)
=========================
This release adds extra options regarding pam_mount behavior
(messages and mount points).

- do not use absolute paths, search $PATH instead for programs
- add pam_mount.conf to .conf.xml converter
- "sufficient" keyword documentation
- misc cryptmount fix
- pass down readonly flag to luksOpen
- add option to retain automatically created mountpoints
- create mountpoint as user if possible (e.g. if /home/USER
  already exists and your volume is /home/USER/myvol)
- build fixes, making it work OOTB again with FC6 and Autoconf 2.59
- allow changing the password prompt
- add an overview of pam_mount options (options.txt)
- implement the "soft_try_pass" option


v0.19 (July 04 2007)
====================
pam_mount now uses an XML config file, which also has a few new
variables and options. Support for truecrypt was added.

- pam_mount switched to an XML configuration.
- NT domain placeholders
- properly detect loop64 support
- split group matching into multiple attributes
- add an "invert" attribute
- remove pam_mount.la from `make install`ed directory
- partial davfs support
- added truecrypt support


v0.18 (September 07 2006)
=========================
A crash on x86_64 has been fixed. pam_mount now changes to the root
directory before attempting to (un)mount.

- change to / before attempting mount
- check return value in xmemdup()
- fix segfault on x64: Do not reuse va_lists (found by Celestar)


v0.17 (August 06 2006)
======================
This release fixes memory corruption issues and improper zeroing.

- use standard allocators
- fix memory corruption issue
- enhance debugging messages with file/line
- fix improper zeroing (deceived as memory corruption)


v0.16 (July 30 2006)
====================
The GDM SIGCHLD workaround handling has been improved, essential
environment variables for FUSE daemons are now set, and configure has
two new options (--slibdir and --sbindir).

- SIGCHLD handling updated
- set important environment variables for fuse daemons
- added new --slibdir and --ssbindir options to configure
- documentation updates


v0.15 (July 26 2006)
====================
- mount.crypt and umount.crypt are installed to /sbin rather
  than /usr/sbin; /bin/mount only looks into /sbin
- KRB5 credentials are now set in the environment
- fix XDM crash, for GCC >= 4.x
- disable debug output by default (confused gksu) [sf bug #1524325]
- do FUSE mounts done unprivileged [sf bug #1489657 and ML]
- fixed: /bin/login sends SIGHUP/SIGTERM to outstanding session
  processes after PAM completed; this killed fuse daemons
- work around XDM crash (symbol clash), for GCC <= 3.x;
  the proper solution would be that XDM be NOT compiled with -rdynamic
- properly truncate /var/run/pam_mount/YOURNAME files [sf bug #1503246]


v0.13 (April 01 2006)
=====================
Before SVN, patchsets were used.

[patch 01/11] January 28 2006
- src/readconfig.c, mount.c: mount volumes with user credentials,
  not as root
- src/mount.c: add a swift error message for people using broken distros

[patch 02/11] January 28 2006
- config/pam_mount.conf, readconfig.c: lsof is in /usr/bin

[patch 03/11] February 23 2006
- dry/pam_mount.spec: fixed: forgot to clean out unpackaged files

[patch 04/11] February 27 2006
- config/pam_mount.conf: update some examples

[patch 05/11] Februrary 27 2006
- scripts/mount.crypt: fix SED expression

[patch 06/11] March 04 2006
- src/mount.c: add an extra hint for old distros

[patch 07/11] March 19 2006
- src/*.h: fix position of #include's, they need to be before extern "C".

[patch 08/11] March 19 2006
- config/pam_mount.conf: fix examples for shares with spaces

[patch 09/11] March 19 2006
- src/pam_mount.c: relookup user (for LDAP)

[patch 10/11] April 01 2006
- use own SIGCHLD handler during pam_mount operations (try to fix a
  quirk with GDM)

[patch 11/11] April 01 2006
- configure: enforce straight /lib position for pam_mount Linux


v0.12.2 (January 31 2006)
=========================
Mount smbfs and cifs mounts with ownership belonging to the user
rather than root.


v0.12.0 (January 11 2006)
=========================
This version fixes an fd leak, expansion problems with @group and a
wrong inversion. The smb/ncp filesystem types have been superseded by
smbfs/ncpfs. Support for secondary "@@groups" was added.


v0.11 (December 28 2005)
========================
- fix some memory leaks, unterminated strings, extra trailing
  slashes, double frees
- fixed: wildcards were not expanded for "@group"s
- account for trailing slashes and path resolution in umount.crypt


v0.10 (November 18 2005)
========================
- support ANY [kernel] filesystem (yes, finally) -- includes tmpfs,
  fuse mounts and --bind operations.
- merged various patches and fixes by Bastian Kleineidam
- handle symlinks better (read: resolve them, so that the result
  matches /bin/mount's resolving behavior)
- implemented group volumes, to be used by "volume @xyz ..."
- cleaned the code up here and there