7529268...
by
"Dmitry V. Levin" <email address hidden>
pam_env: fix error handling in econf_read_file
* modules/pam_env/pam_env.c [USE_ECONF] (econf_read_file): Make sure
the returned array of strings is properly initialized
when econf_getStringValue() fails to return a value.
aabd531...
by
"Dmitry V. Levin" <email address hidden>
pam_env: fix NULL dereference on error path in econf_read_file
* modules/pam_env/pam_env.c [USE_ECONF] (econf_read_file): Handle NULL
value returned by econf_getStringValue().
0f6796e...
by
"Dmitry V. Levin" <email address hidden>
Move all historic changelog files to a top-level ChangeLog.old directory
Move all historic changelog files away to avoid confusion.
a7eb114...
by
"Dmitry V. Levin" <email address hidden>
build: do not distribute historic changelog files
Since 2011, ChangeLog file is generated from git log history.
ChangeLog-CVS is a historic changelog file that was maintained before
the project was migrated from cvs to git.
CHANGELOG is another historic changelog file that was replaced by
ChangeLog in 2005.
modules/pam_unix/CHANGELOG is the oldest of historic changelog files,
it is not maintained since 1999.
All these historic changelog files are no longer relevant, so they are
no longer included into release tarballs.
libpam/pam_modutil_check_user.c: explicitly convert the character
read from /etc/passwd to type "char" to get the same signedness
as the one compared with. Otherwise the functionality will depend
on the (implementation defined) signedness of "char" on the
platform built for.
Dag-Erling Smørgrav's name was encoded using some encoding other than
UTF-8 (that line predates the UTF-8 consensus). This changes it to use
UTF-8, so that it renders properly and so that editors that guess the
file is UTF-8 do not get confused about it.
cec36a8...
by
Christoph Anton Mitterer <email address hidden>
pam_umask: document details about the GECOS field
Signed-off-by: Christoph Anton Mitterer <email address hidden>
ffe8178...
by
Christoph Anton Mitterer <email address hidden>
pam_umask: minor improvements to wording
The previous sentence was strange to read.
Signed-off-by: Christoph Anton Mitterer <email address hidden>
42064cd...
by
=?utf-8?q?Christian_G=C3=B6ttsche?= <email address hidden>
pam_unix: compare password hashes in constant time
Compare the hashes in constant time as a defense-in-depth mechanism,
since performance is not a priority.
c11ccdf...
by
=?utf-8?q?Christian_G=C3=B6ttsche?= <email address hidden>
libpam: add helper to compare strings in constant time
Add a helper function to compare two strings for equality, that performs
the same amount of operations based on the first argument, regardless of
the length of the second argument, or the position of the first
difference.
This can be used as defense-in-depth mitigation against timing attacks
of password comparisons.