Sophie

Sophie

distrib > Fedora > 15 > i386 > by-pkgid > 65ba85e231111338fd72d84b071b84f8 > files > 6

pam_mysql-0.7-0.12.rc1.fc15.i686.rpm

Version 0.7-RC1   2006/1/10  <moriyoshi@users.sourceforge.net>

* Add a option "disconnect_every_op" option that forces pam_mysql to
  disconnect from the database every operation (PR #1325395). -moriyoshi
* Use geteuid() instead of getuid() to check if the current user is authorized
  to change the password (PR #1338667). -moriyoshi
* Allow root (uid=0) to change the passwords of other users without their old
  password. -moriyoshi


Version 0.7-pre3  2005/9/29  <moriyoshi@users.sourceforge.net>

* Changed handling of the "where" option to not escape meta characters
  (PR #1261484). -moriyoshi
* Overhauled the SQL logging facility (PR #1256243). -moriyoshi
* Added logrhostcolumn (log.rhost_column) option that enables you to log the
  value of the "rhost" item specified by the application. -moriyoshi
* Fixed possible security flaw (though not considered to be severe). -moriyoshi
* Fixed memory leaks spotted when "config_file" option is used. -moriyoshi
* Fixed try_first_pass behaviour. -moriyoshi
* Changed option parsing behaviour so "=" following each option name is not
  needed. -moriyoshi


Version 0.7-pre2  2005/9/18  <moriyoshi@users.sourceforge.net>

* Changed column name handling to not escape meta characters. Now you can
  specify an expression to every XXXcolumn variable like "CONCAT(a, b, c)".
  -moriyoshi
* Supported SHA1 hash (PR #1117036). -moriyoshi, alexeen
* Supported use_first_pass and try_first_pass options. -moriyoshi


Version 0.7-pre1  2005/6/13  <moriyoshi@users.sourceforge.net>

* Support for NSS-mysql style configuration file which is inspired
  by the Florian's work. -moriyoshi


Version 0.6.2  2005/9/29  <moriyoshi@users.sourceforge.net>

* Overhauled the SQL logging facility (PR #1256243). -moriyoshi
* Fixed possible security flaw (though not considered to be severe). -moriyoshi


Version 0.6.1  2005/9/18  <moriyoshi@users.sourceforge.net>

* Added use_323_passwd option that allows you to use an encryption function
  used in the old MySQL versions (3.23.x). -moriyoshi, Daniel Renaud
* Fixed account management code that wouldn't work at all :-p -moriyoshi
* Included pam_mysql.spec to the tarball by default. This enables you to
  make a RPM with the following oneliner: (rpmbuild -tb pam_mysql.tar.gz).
  -moriyoshi
* Fixed compile failure that occurs with the old mysql_config (< 4.0.16).
  -moriyoshi
* Fixed compile failure on Solaris when --with-openssl is specified to the
  configure script.


Version 0.6  2005/6/13  <moriyoshi@users.sourceforge.net>

* Adopted autoconf / automake for build system. -moriyoshi
* Portable MD5 support by using OpenSSL / Cyrus-SASL. -moriyoshi
* MySQL library detection. -moriyoshi
* Added RPM spec file. -moriyoshi
* Tidied up the entire code for security and maintainability. -moriyoshi
* Modified log output to be more verbose. -moriyoshi
* Changed log facility type to LOG_AUTHPRIV as per the recommendation in
  the PAM documentation. -moriyoshi
* Added support for unix socket and non-default ports. -moriyoshi
* Added account management and authentication token alteration code. -moriyoshi
* Remove default values for string parameters for the sake of performance.
  -moriyoshi
* Enhanced SQL logging function to log session state as well. -moriyoshi
* Solaris support. -moriyoshi


Version 0.5  2002/11/20  <jo2y@users.sourceforge.net>

* Added md5 support by default -ksmith
* Added a makefile that works fon FreeBSD -ksmith
* More buffer overflow related fixes -jo2y
* Added -lz flag to link against the libz library -jo2y
* Backport of sql logging into main branch -jo2y
* Fixed a memoryleak with mysql_free_result() -jo2y
* Fixed buffer overflow in parseArgs() -jo2y
* Add askForPassword() for new passwords in pam_sm_chauthtok() -ksmith
* All instances of syslog() now have a format string -ksmith
* Many fixes from B J Black


Version 0.4.7 2000/9/7  <delancie@users.sourceforge.net>

* URGENT! This release fixes a SERIOUS security hole in the authentication
  mechanism and is one I am deeply to ashamed to admit was there, but must.
  The SQL statement was never being escaped, so your users can effectively
  'break out' of the query, add their own SQL and get authentication.
  Whichever version of PAM-MYSQL you are running, you should upgrade
  immediately to fix this problem. ANYONE can get authenticated on your
    system without needing to know the password of the user they are
  trying to be authenticated as. This means root too. And it is easy...
  Specify the username as root. Specify the password as;
  ' and user='SomeKnownUser'

  and whammo, you have root access to the machine because PAM authorised you.

  UPGRADE NOW!

  Thanks to Shaun Clowes at Secure Reality (http://www.securereality.com.au)
  for bringing this to my attention.

  Also, if you don't want users passwords displayed in your sql log, switch
  off logging for select statements!


Version 0.4.6 2000/9/5  <delancie@users.sourceforge.net>

* ACK! Logfile spam from acct_mgmt() Removed it... Or rather, added it to the
  #ifdef


Version 0.4.5 2000/9/5  <delancie@users.sourceforge.net>

* Applied patch from Martin "Edas" Edlman to fix PASSWORD() method and combine
  crypt() into one call..
* Changed the way PAM_MYSQL logs, removed _pam_log() and now just use syslog()
  instead of vsyslog() (Actually not sure why vsyslog was used anyway)
  which should hopefully fix another set of SEGV problems people have
  reported.
* Removed debug logging. Compile with -DDEBUG if you want it. Most people
  won't though :)


Version 0.4   2000/7/27 <delancie@users.sourceforge.net>

* Added the ability to have a where clause in addition to the username='blah'.
  Note though that spaces are NOT allowed in this where clause, sorry.
* Fixed a nasty (and really stupid!) bug whereby user not existing would cause
  the sql string to be free'd twice, causing nastiness, lockups or
  segfaults.


Version 0.3   2000/7/26 <delancie@users.sourceforge.net>

* This file started.
* Merged patches for crypt() support and local mysql support from Tamas SZERB
  and Matjaz Godez.
* Fixed potential buffer overrun in sql statement (username could be big,
  shouldn't be, but could be!).
* Fixed potential buffer overrun in crypt password checks. Password provided
  could be long.
* Combined queries into 1 when using internal MySQL password() crypt routine.
* Changed Makefile to use staticly linked libmysqlclient, as dynamic causes a
  sigsegv when being unloaded. If anyone has any idea why that might be,
  please email me!
* Patch to avoid second select submitted by Gus. Implemented with mods.
* Changes to conversation function to make more generic. Hopefully its not broken anything!
* Changes to better fit PAM spec.
* Changes to explicitly close MySQL connection when finished.
* Beginnings of ability to use use_first_pass (tied in with changes to
  conversation functions)
* Implementation of stub functions for acct_mgmt, credential, chauthtok and
  session stuff.
* If you are Tamas, Matjaz or Gus, please email me your contact details if
  you'd like to be in the CREDITS file :)

#############################################################################

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional