2009-04-03  Dmitry V. Levin  <ldv at owl.openwall.com>

	* tcb.spec: 1.0.3.

2009-04-02  Dmitry V. Levin  <ldv at owl.openwall.com>

	* LICENSE: Update copyright for 2009 year.

	* pam_tcb/pam_unix_passwd.c (update_file): Call fflush(3) and
	fsync(2).
	Reported by Ermanno Scaglione <erm67 at yahoo.it>.

	* pam_tcb/support.c (_unix_fork, unix_run_helper_binary): Replace
	all calls to exit(3) in child processes with calls to _exit(2).
	Reported by Pascal Terjan <pterjan at mandriva.com>.

2006-10-31  Dmitry V. Levin  <ldv at owl.openwall.com>

	* tcb.spec: 1.0.2.

	* pam_tcb/pam_unix_auth.c (pam_sm_authenticate): Free retval_data
	pointer on error path.
	* pam_tcb/support.c (user_in_nisdb): Free userinfo string.
	* progs/tcb_chkpwd.c (zeroise): New function, zeroises string.
	(unix_verify_password): Free stored_hash string, zeroise hash
	strings.
	Reported by Alexander Kanevskiy.

2006-05-06  Dmitry V. Levin  <ldv at owl.openwall.com>

	* tcb.spec: 1.0.1.
	* LICENSE: Updated copyright for 2006 year.

	* pam_tcb/pam_unix_sess.c (pam_sm_open_session): Fail with
	PAM_SESSION_ERR for unknown users.

2005-12-28  Dmitry V. Levin  <ldv at owl.openwall.com>

	* tcb.spec: 1.0.
	* LICENSE: Updated copyrights for 2004 and 2005 years.

	* pam_tcb/pam_unix_passwd.c (pam_sm_chauthtok): Bump syslog
	priorities of three error messages.

2005-09-26  Dmitry V. Levin  <ldv at owl.openwall.com>

	Update logging code to use pam_syslog.
	Update conversation code to use pam_prompt.

	* include/attribute.h (TCB_GNUC_PREREQ, TCB_FORMAT, TCB_NONNULL):
	New macro.
	(unused): Rewrite using TCB_GNUC_PREREQ.
	* pam_tcb/compat.c: New file, defines pam_syslog and pam_prompt
	if PAM does not provide them.
	* pam_tcb/compat.h: New file, defines prototypes for pam_syslog
	and pam_prompt if PAM does not provide them.
	* pam_tcb/Makefile (LIBSRC): Add compat.c.
	* pam_tcb/pam_unix_acct.c (acct_shadow): Add pam handle parameter.
	(pam_sm_acct_mgmt): Pass pam handle to functions which now require
	it.  Replace _log_err with pam_syslog.	Replace _make_remark
	with pam_error and pam_info.
	* pam_tcb/pam_unix_auth.c (pam_sm_authenticate, pam_sm_setcred):
	Pass pam handle to functions which now require it.
	(pam_sm_authenticate): Replace _log_err with pam_syslog.
	* pam_tcb/pam_unix_passwd.c (PASSWD_TMP_FILE): Remove macro.
	(update_file): New function, based on update_passwd and
	update_shadow.
	(update_passwd, update_shadow): Rewrite using update_file.
	(get_nis_server, update_nis, do_setpass): Add pam handle
	parameter.
	(get_nis_server, update_nis, do_setpass, unix_approve_pass,
	unix_prelim, pam_sm_chauthtok): Pass pam handle to functions
	which now require it.  Replace _log_err with pam_syslog.
	Replace _make_remark with pam_error.
	* pam_tcb/pam_unix_sess.c (pam_sm_open_session,
	pam_sm_close_session): Pass pam handle to functions which now
	require it.  Replace _log_err with pam_syslog.
	* pam_tcb/support.c (_log_err, converse, _make_remark): Remove
	no longer used functions.
	(_unix_fork, user_in_file, _unix_user_in_db,
	unix_blankpasswd_plain, _unix_blankpasswd, check_crypt,
	unix_verify_password_plain, crypt_wrapper_ra, crypt_wrapper,
	do_crypt, parse_opt, _set_ctrl): Add pam handle parameter.
	Pass pam handle to functions which now require it.
	Replace _log_err with pam_syslog.
	(_unix_read_password): Rewrite prompt handling to use pam_info
	and pam_prompt.
	* pam_tcb/support.h: Include "attribute.h" and "compat.h".
	(cmdline_opts): Add const qualifier to optname variable.
	(cb_func, _unix_user_in_db, _unix_fork, _set_ctrl,
	_unix_blankpasswd, _unix_read_password, crypt_wrapper, do_crypt):
	Update function prototypes.
	(_log_err, _make_remark): Remove prototypes of removed functions.

2005-09-12  Dmitry V. Levin  <ldv at owl.openwall.com>

	Implement OpenPAM build support.

	* Make.defs (CFLAGS): Remove -DLINUX_PAM.
	* pam_tcb/pam_unix_acct.c: Include <syslog.h>.
	Include <security/pam_appl.h> if and only if
	[!__LIBPAM_VERSION && !__LINUX_PAM__].
	* pam_tcb/pam_unix_auth.c: Likewise.
	* pam_tcb/pam_unix_passwd.c: Likewise.
	* pam_tcb/pam_unix_sess.c: Likewise.
	* pam_tcb/support.c: Likewise.

	* pam_tcb/support.h: Define pam_item_t and pam_data_t.
	* pam_tcb/pam_unix_acct.c (pam_sm_acct_mgmt): Change type of
	item variable.
	* pam_tcb/pam_unix_auth.c (pam_sm_authenticate, pam_sm_setcred):
	Likewise.
	* pam_tcb/pam_unix_passwd.c (unix_prelim, pam_sm_chauthtok):
	Likewise.
	* pam_tcb/pam_unix_sess.c (pam_sm_open_session,
	pam_sm_close_session): Likewise.
	* pam_tcb/support.c (converse, failures_cleanup,
	do_record_failure, _unix_read_password): Likewise.

	* pam_tcb/pam_unix_auth.c (pam_sm_authenticate): Protect code
	which uses PAM_CONV_AGAIN and PAM_INCOMPLETE with appropriate
	ifdefs.
	* pam_tcb/support.c (converse): Likewise.

2005-09-11  Dmitry V. Levin  <ldv at owl.openwall.com>

	* pam_tcb/pam_unix_auth.c (pam_sm_authenticate): Do not override
	user prompt in calls to pam_get_user, recent PAM releases provide
	better default.
	* pam_tcb/pam_unix_passwd.c (pam_sm_chauthtok): Likewise.
	* pam_tcb/support.h: Remove PROMPT_USER.

	* pam_tcb/pam_unix_passwd.c (pam_sm_chauthtok): Fix password
	string check to avoid potential NULL dereference.
	* pam_tcb/support.c (unix_verify_password_plain): Check password
	string to avoid potential NULL dereference.
	(unix_run_helper_binary): Remove redundant password string check.

	* progs/tcb_unconvert.c (copy_user_from_tcb): Add const qualifier
	to msg variable, to fix warning reported by "gcc -Wwrite-strings".

2005-08-23  Dmitry V. Levin  <ldv at altlinux.org>

	Package pam_pwdb.so symlink and pam_pwdb(8) manual page link.

	* pam_tcb/pam_pwdb.8: New file.
	* Makefile, pam_tcb/Makefile, tcb.spec:
	Install pam_pwdb.so and pam_pwdb.8.

	* tcb.spec: 0.9.9.

2005-08-19  Dmitry V. Levin  <ldv at altlinux.org>

	In the PAM module, implement "openlog" option and disable
	openlog/closelog calls for each logging function invocation
	by default.

	* pam_tcb/support.h: Rename UNIX_NOOPENLOG to UNIX_OPENLOG.
	* pam_tcb/support.c (_log_err): When UNIX_OPENLOG is not set,
	prefix log line with the module name.
	(bool_names): Add negate field.
	(unix_bools): Add "openlog" option.
	(parse_opt): Handle negate field.
	(_set_ctrl) [ENABLE_OPENLOG]: Set UNIX_OPENLOG.
	* pam_tcb/pam_tcb.8: Document "openlog" option.

2005-08-18  Dmitry V. Levin  <ldv at altlinux.org>

	Restrict list of global symbols exported by the library,
	NSS and PAM modules.

	* libs/Makefile: New variables: LIB_MAP and NSS_MAP.  Pass
	--version-script argument when linking shared library and the
	NSS module.
	* libs/libnss_tcb.map: New file, version script for the NSS module.
	* libs/libtcb.c (ch_uid, ch_gid): Make static.
	* libs/libtcb.map: New file, version script for the library.

	* pam_tcb/Makefile: New variable: PAM_MAP.  Pass --version-script
	argument when linking the PAM module.
	* pam_tcb/pam_tcb.map: New file, version script for the PAM module.

2005-04-22  Dmitry V. Levin  <ldv at altlinux.org>

	Enhance multilib support.

	* Make.defs: New variables: SLIBDIR and LIBDIR.
	* libs/Makefile, pam_tcb/Makefile, tcb.spec: Use them.

	* libs/Makefile, pam_tcb/Makefile, misc/Makefile, progs/Makefile:
	Create all necessary directories in the beginning of install target.

2005-04-22  Dmitry V. Levin  <ldv at altlinux.org>

	Deal with compilation warnings generated by new gcc compiler.

	* include/attribute.h: New file.
	* libs/libtcb.c, pam_tcb/pam_unix_passwd.c,
	pam_tcb/pam_unix_auth.c, pam_tcb/support.c, pam_tcb/support.h:
	Include it.

	* include/attribute.h, pam_tcb/support.h (_log_err): Add
	workaround for those systems which lack support for __attribute__
	directive.

	* pam_tcb/support.c (_log_err): Remove no longer needed
	__attribute__ directive.

	* libs/libtcb.c (alarm_catch), pam_tcb/pam_unix_auth.c
	(retval_cleanup), pam_tcb/pam_unix_passwd.c (update_nis),
	pam_tcb/support.c (data_cleanup):
	Mark unused arguments with "unused" attribute.

	* libs/libtcb.c (ch_uid, ch_gid, tcb_drop_priv_r),
	progs/tcb_chkpwd.c (is_two_strings),
	pam_tcb/support.c (_set_ctrl):
	Avoid comparison between signed and unsigned.

	* pam_tcb/support.c (unix_run_helper_binary,
	unix_verify_password_plain): Eliminate unused variable pamh.

	* pam_tcb/pam_unix_acct.c (pam_sm_acct_mgmt),
	pam_tcb/pam_unix_auth.c (pam_sm_authenticate, pam_sm_setcred),
	pam_tcb/pam_unix_passwd.c (update_nis, do_setpass, unix_prelim,
	pam_sm_chauthtok), pam_tcb/pam_unix_sess.c (pam_sm_open_session,
	pam_sm_close_session), pam_tcb/support.c (converse,
	failures_cleanup, do_record_failure, _unix_read_password):
	Fix the strict aliasing issues.

	* tcb.spec: 0.9.8.9.

2004-06-25  Dmitry V. Levin  <ldv at altlinux.org>

	* progs/tcb_unconvert.c (copy_from_tcb):
	Zero errno before each readdir(3) call.

	* tcb.spec: 0.9.8.8.

2003-11-02  Solar Designer  <solar at owl.openwall.com>

	* pam_tcb/Makefile: Use -fPIC.

	* libs/Makefile, misc/Makefile, pam_tcb/Makefile, progs/Makefile,
	tcb.spec: Renamed FAKEROOT to DESTDIR.

	* tcb.spec: 0.9.8.7.

2003-10-29  Solar Designer  <solar at owl.openwall.com>

	* libs/nss.c, libs/libtcb.c, pam_tcb/support.c,
	pam_tcb/pam_unix_passwd.c, pam_tcb/pam_unix_acct.c,
	progs/tcb_convert.c, progs/tcb_unconvert.c: Don't depend on
	*BSD-style asprintf(3) semantics as Ulrich has rejected that
	patch.

	* README: New file, explains how tcb may be built on non-Owl.

	* tcb.spec: 0.9.8.6.

2003-04-18  Solar Designer  <solar at owl.openwall.com>

	* misc/tcb.5, pam_tcb/pam_tcb.8, progs/tcb_convert.8: Use bold
	face for component names in .SH NAME, but avoid *roff commands
	to not confuse makewhatis and apropos(1).

	* LICENSE: Updated copyrights for year 2003.

	* tcb.spec: 0.9.8.5.

2003-04-16  Dmitry V. Levin  <ldv at altlinux.org>

	* pam_tcb/support.c: Implemented proper fake salt creation
	to avoid a timing attack.

	* tcb.spec: 0.9.8.4.

2002-10-31  Solar Designer  <solar at owl.openwall.com>

	* progs/tcb_chkpwd.c: Optimized unix_verify_password() a bit,
	from Dmitry V. Levin <ldv at altlinux.org>.

	* tcb.spec: 0.9.8.3.

2002-10-30  Solar Designer  <solar at owl.openwall.com>

	* progs/tcb_convert.8: Noted that /etc/shadow backups need to be
	removed as well, with /etc/shadow- as the particular example.

	* tcb.spec: 0.9.8.2.

2002-10-24  Solar Designer  <solar at owl.openwall.com>

	* libs/nss.c, libs/libtcb.c, pam_tcb/support.c,
	progs/tcb_chkpwd.c, progs/tcb_unconvert.c, misc/tcb.5: Cleaned
	up the recent changes.

	* tcb.spec: Set version to 0.9.8.1.

2002-08-20  Rafal Wojtczuk  <nergal at owl.openwall.com>

	* libs/nss.c, progs/tcb_unconvert.c, misc/tcb.5: Merged
	enhancements which remove 32K users limit.

	* libs/libtcb.c, include/tcb.h: Added ENABLE_SETFSUGID.

	* pam_tcb/support.c, progs/tcb_chkpwd.c: Pass the username to
	the helper binary such that it can handle non-unique UIDs.

	* tcb.spec, libs/Makefile: Set version to 0.9.8.

2002-08-19  Solar Designer  <solar at owl.openwall.com>

	* tcb.spec, libs/Makefile: Moved libtcb.so symlink to /usr/lib
	(patch from Dmitry V. Levin).

2002-08-04  Solar Designer  <solar at owl.openwall.com>

	* pam_tcb/pam_tcb.5, pam_tcb/pam_unix.5: Moved these manual
	pages to section 8 (the files are now gone).

	* pam_tcb/pam_tcb.8, pam_tcb/pam_unix.8: New files, based on
	the section 5 manual pages with minor changes.

	* tcb.spec, misc/tcb.5, progs/tcb_convert.8, pam_tcb/Makefile:
	Updates to reflect the above change.

	* libs/Makefile: Use trailing slashes after directories with
	install commands.

2002-07-07  Solar Designer  <solar at owl.openwall.com>

	* pam_tcb/pam_unix_acct.c, pam_tcb/pam_unix_passwd.c: No
	longer let root enforced password changes (sp_lstchg == 0)
	take precedence over expired accounts (sp_expire).

2002-05-19  Solar Designer  <solar at owl.openwall.com>

	* Make.defs: Renamed SYSBIN to SBINDIR, define LIBEXECDIR.

	* tcb.spec, progs/Makefile, pam_tcb/Makefile,
	pam_tcb/pam_tcb.5, misc/tcb.5: Moved the chkpwd directory to
	/usr/lib.

	* misc/Makefile: Deal with SBINDIR and LIBEXECDIR.

2001-11-28  Dmitry V. Levin  <ldv at altlinux.org>

	* pam_tcb/support.c: Replaced signal call with sigaction call.

	* pam_tcb/support.c: Fixed possible "dereferencing NULL" typo.

	* progs/tcb_chkpwd.c: Test also stdout for isatty.

	* progs/Makefile: Create relative symlink instead of absolute.

	* libs/nss.c: Fixed glibc-2.2.4 compilation warning.
	* pam_tcb/pam_unix_passwd.c: Likewise.
	* progs/tcb_unconvert.c: Likewise.
