Hello community,
here is the log from the commit of package pam_passwdqc
checked in at Fri Apr 4 01:39:48 CEST 2008.
--------
--- pam_passwdqc/pam_passwdqc.changes 2006-08-10 13:57:03.000000000 +0200
+++ /mounts/work_src_done/STABLE/pam_passwdqc/pam_passwdqc.changes 2008-04-03 11:36:20.030222000 +0200
@@ -1,0 +2,17 @@
+Thu Apr 3 11:31:34 CEST 2008 - mc@suse.de
+
+- update to version 1.0.5
+ - Replaced the separator characters with some of those defined by RFC 3986
+ as being safe within "userinfo" part of URLs without encoding.
+ - Reduced the default value for the N2 parameter to min=... (the minimum
+ length for passphrases) from 12 to 11.
+ - Corrected the potentially misleading description of N2 (Debian bug #310595).
+ - Applied minor grammar and style corrections to the documentation, a
+ pam_passwdqc message, and source code comments.
+ - Changed Makefile to pass list of libraries to linker after regular
+ object files, to fix build with -Wl,--as-needed.
+ - Fixed potential memory leak in conversation wrapper.
+ - Restricted list of global symbols exported by the PAM module
+ to standard set of six pam_sm_* functions.
+
+-------------------------------------------------------------------
Old:
----
pam_passwdqc-1.0.2.diff
pam_passwdqc-1.0.2.tar.bz2
New:
----
pam_passwdqc-1.0.5.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ pam_passwdqc.spec ++++++
--- /var/tmp/diff_new_pack.Z12102/_old 2008-04-04 01:39:30.000000000 +0200
+++ /var/tmp/diff_new_pack.Z12102/_new 2008-04-04 01:39:30.000000000 +0200
@@ -1,7 +1,7 @@
#
-# spec file for package pam_passwdqc (Version 1.0.2)
+# spec file for package pam_passwdqc (Version 1.0.5)
#
-# Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine
# package are under the same license as the package itself.
#
@@ -10,20 +10,20 @@
# norootforbuild
+
Name: pam_passwdqc
-URL: http://www.openwall.com/passwdqc/
+Url: http://www.openwall.com/passwdqc/
BuildRequires: pam-devel
-License: BSD, distributable
+License: BSD 3-Clause; Other uncritical OpenSource License; Public Domain, Freeware
Group: System/Libraries
Requires: pam
Provides: pam-modules:/%_lib/security/pam_passwdqc.so
-Autoreqprov: on
-Version: 1.0.2
+AutoReqProv: on
+Version: 1.0.5
Release: 1
-Summary: Simple password strength checking module
-Source0: pam_passwdqc-1.0.2.tar.bz2
+Summary: Simple Password Strength Checking Module
+Source0: pam_passwdqc-1.0.5.tar.bz2
Source50: dlopen.sh
-Patch0: pam_passwdqc-1.0.2.diff
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@@ -31,16 +31,15 @@
allows system administrators to set authentication policies without
having to recompile programs that do authentication.
-pam_passwdqc is a simple password strength checking module for
-PAM-aware password changing programs. In addition to checking regular
-passwords, it offers support for passphrases and can provide randomly
-generated ones.
+pam_passwdqc is a simple password strength checking module forPAM-aware
+password changing programs. In addition to checking regular passwords,
+it offers support for passphrases and can provide randomly generated
+ones.
%prep
%setup
-%patch0
%build
EXTRA_CFLAGS="-fno-strict-aliasing"
@@ -81,6 +80,20 @@
%attr(755,root,root) /%{_lib}/security/pam_*.so
%attr(644,root,root) %doc %{_mandir}/man8/pam_*.8.gz
-%changelog -n pam_passwdqc
-* Thu Aug 10 2006 - mc@suse.de
+%changelog
+* Thu Apr 03 2008 mc@suse.de
+- update to version 1.0.5
+ - Replaced the separator characters with some of those defined by RFC 3986
+ as being safe within "userinfo" part of URLs without encoding.
+ - Reduced the default value for the N2 parameter to min=... (the minimum
+ length for passphrases) from 12 to 11.
+ - Corrected the potentially misleading description of N2 (Debian bug #310595).
+ - Applied minor grammar and style corrections to the documentation, a
+ pam_passwdqc message, and source code comments.
+ - Changed Makefile to pass list of libraries to linker after regular
+ object files, to fix build with -Wl,--as-needed.
+ - Fixed potential memory leak in conversation wrapper.
+ - Restricted list of global symbols exported by the PAM module
+ to standard set of six pam_sm_* functions.
+* Thu Aug 10 2006 mc@suse.de
- version 1.0.2 branched from pam-modules
++++++ pam_passwdqc-1.0.2.tar.bz2 -> pam_passwdqc-1.0.5.tar.bz2 ++++++
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_passwdqc-1.0.2/INTERNALS new/pam_passwdqc-1.0.5/INTERNALS
--- old/pam_passwdqc-1.0.2/INTERNALS 2000-09-22 05:17:14.000000000 +0200
+++ new/pam_passwdqc-1.0.5/INTERNALS 2008-02-12 20:23:32.000000000 +0100
@@ -1,2 +1,3 @@
The functions defined in passwdqc.h may be used without PAM at all.
-They will eventually be moved into a libpasswdqc.
+They will eventually be moved into a libpasswdqc (which has already been
+done in ALT Linux distributions).
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_passwdqc-1.0.2/LICENSE new/pam_passwdqc-1.0.5/LICENSE
--- old/pam_passwdqc-1.0.2/LICENSE 2002-07-27 21:02:34.000000000 +0200
+++ new/pam_passwdqc-1.0.5/LICENSE 2005-11-16 14:28:57.000000000 +0100
@@ -15,4 +15,4 @@
versions under (L)GPL, thus disallowing further re-distribution in
binary-only form.
-$Id: LICENSE,v 1.2 2002/07/27 19:02:34 solar Exp $
+$Owl: Owl/packages/pam_passwdqc/pam_passwdqc/LICENSE,v 1.3 2005/11/16 13:28:57 solar Exp $
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_passwdqc-1.0.2/Makefile new/pam_passwdqc-1.0.5/Makefile
--- old/pam_passwdqc-1.0.2/Makefile 2005-05-18 20:12:47.000000000 +0200
+++ new/pam_passwdqc-1.0.5/Makefile 2008-02-12 20:27:56.000000000 +0100
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2000-2003,2005 by Solar Designer. See LICENSE.
+# Copyright (c) 2000-2003,2005 by Solar Designer. See LICENSE.
#
CC = gcc
@@ -8,9 +8,14 @@
MKDIR = mkdir -p
INSTALL = install -c
CFLAGS = -Wall -fPIC -O2
-LDFLAGS = -s --shared -lpam -lcrypt
-LDFLAGS_SUN = -s -G -lpam -lcrypt
-LDFLAGS_HP = -s -b -lpam -lsec
+LDFLAGS = --shared
+LDFLAGS_LINUX = --shared -Wl,--version-script,$(MAP)
+LDFLAGS_SUN = -G
+LDFLAGS_HP = -b
+LDLIBS = -lpam -lcrypt
+LDLIBS_LINUX = -lpam -lcrypt
+LDLIBS_SUN = -lpam -lcrypt
+LDLIBS_HP = -lpam -lsec
# Uncomment this to use cc instead of gcc
#CC = cc
@@ -20,7 +25,8 @@
#CFLAGS = -Ae +w1 +W 474,486,542 +z +O2
TITLE = pam_passwdqc
-LIBSHARED = $(TITLE).so
+PAM_SO_SUFFIX =
+LIBSHARED = $(TITLE).so$(PAM_SO_SUFFIX)
SHLIBMODE = 755
MAN8 = $(TITLE).8
MANMODE = 644
@@ -30,22 +36,24 @@
PROJ = $(LIBSHARED)
OBJS = pam_passwdqc.o passwdqc_check.o passwdqc_random.o wordset_4k.o
+MAP = pam_passwdqc.map
all:
- if [ "`uname -s`" = "Linux" ]; then \
- $(MAKE) CFLAGS="$(CFLAGS) -DHAVE_SHADOW" $(PROJ); \
- elif [ "`uname -s`" = "SunOS" ]; then \
- $(MAKE) CFLAGS="$(CFLAGS) -DHAVE_SHADOW" \
- LD=ld LDFLAGS="$(LDFLAGS_SUN)" $(PROJ); \
- elif [ "`uname -s`" = "HP-UX" ]; then \
- $(MAKE) CFLAGS="$(CFLAGS) -DHAVE_SHADOW" \
- LD=ld LDFLAGS="$(LDFLAGS_HP)" $(PROJ); \
- else \
- $(MAKE) $(PROJ); \
- fi
+ case "`uname -s`" in \
+ Linux) $(MAKE) CFLAGS="$(CFLAGS) -DHAVE_SHADOW" \
+ LDFLAGS="$(LDFLAGS_LINUX)" LDLIBS="$(LDLIBS_LINUX)" \
+ $(PROJ);; \
+ SunOS) $(MAKE) CFLAGS="$(CFLAGS) -DHAVE_SHADOW" \
+ LD=ld LDFLAGS="$(LDFLAGS_SUN)" LDLIBS="$(LDLIBS_SUN)" \
+ $(PROJ);; \
+ HP-UX) $(MAKE) CFLAGS="$(CFLAGS) -DHAVE_SHADOW" \
+ LD=ld LDFLAGS="$(LDFLAGS_HP)" LDLIBS="$(LDLIBS_HP)" \
+ $(PROJ);; \
+ *) $(MAKE) $(PROJ);; \
+ esac
-$(LIBSHARED): $(OBJS)
- $(LD) $(LDFLAGS) $(OBJS) -o $(LIBSHARED)
+$(LIBSHARED): $(OBJS) $(MAP)
+ $(LD) $(LDFLAGS) $(OBJS) $(LDLIBS) -o $(LIBSHARED)
.c.o:
$(CC) $(CFLAGS) -c $*.c
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_passwdqc-1.0.2/pam_macros.h new/pam_passwdqc-1.0.5/pam_macros.h
--- old/pam_passwdqc-1.0.2/pam_macros.h 2000-10-30 01:31:58.000000000 +0100
+++ new/pam_passwdqc-1.0.5/pam_macros.h 2007-06-21 17:53:49.000000000 +0200
@@ -4,25 +4,37 @@
* domain.
*/
-#if !defined(_PAM_MACROS_H) && !defined(_pam_overwrite)
-#define _PAM_MACROS_H
+#ifndef PAM_PASSWDQC_MACROS_H__
+#define PAM_PASSWDQC_MACROS_H__
#include
#include
-#define _pam_overwrite(x) \
- memset((x), 0, strlen((x)))
+#define pwqc_overwrite_string(x) \
+do { \
+ if (x) \
+ memset((x), 0, strlen(x)); \
+} while (0)
+
+#define pwqc_drop_mem(x) \
+do { \
+ if (x) { \
+ free(x); \
+ (x) = NULL; \
+ } \
+} while (0)
-#define _pam_drop_reply(/* struct pam_response * */ reply, /* int */ replies) \
+#define pwqc_drop_pam_reply(/* struct pam_response* */ reply, /* int */ replies) \
do { \
- int i; \
+ if (reply) { \
+ int reply_i; \
\
- for (i = 0; i < (replies); i++) \
- if ((reply)[i].resp) { \
- _pam_overwrite((reply)[i].resp); \
- free((reply)[i].resp); \
+ for (reply_i = 0; reply_i < (replies); ++reply_i) { \
+ pwqc_overwrite_string((reply)[reply_i].resp); \
+ pwqc_drop_mem((reply)[reply_i].resp); \
+ } \
+ pwqc_drop_mem(reply); \
} \
- if ((reply)) free((reply)); \
} while (0)
-#endif
+#endif /* PAM_PASSWDQC_MACROS_H__ */
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_passwdqc-1.0.2/pam_passwdqc.8 new/pam_passwdqc-1.0.5/pam_passwdqc.8
--- old/pam_passwdqc-1.0.2/pam_passwdqc.8 2005-01-25 23:18:21.000000000 +0100
+++ new/pam_passwdqc-1.0.5/pam_passwdqc.8 2008-02-12 21:33:09.000000000 +0100
@@ -1,4 +1,4 @@
-.\" Copyright (c) 2000-2003,2005 Solar Designer.
+.\" Copyright (c) 2000-2003,2005,2008 Solar Designer.
.\" All rights reserved.
.\" Copyright (c) 2001 Networks Associates Technology, Inc.
.\" All rights reserved.
@@ -33,9 +33,9 @@
.\" SUCH DAMAGE.
.\"
.\" $FreeBSD: src/lib/libpam/modules/pam_passwdqc/pam_passwdqc.8,v 1.4 2002/05/30 14:49:57 ru Exp $
-.\" $Id: pam_passwdqc.8,v 1.6 2005/01/25 22:18:21 solar Exp $
+.\" $Owl: Owl/packages/pam_passwdqc/pam_passwdqc/pam_passwdqc.8,v 1.11 2008/02/12 20:33:09 solar Exp $
.\"
-.Dd January 26, 2005
+.Dd February 12, 2008
.Dt PAM_PASSWDQC 8
.Os
.Sh NAME
@@ -80,7 +80,7 @@
.Sm on
.Xc
.Sm off
-.Pq Cm min No = Cm disabled , No 24 , 12 , 8 , 7
+.Pq Cm min No = Cm disabled , No 24 , 11 , 8 , 7
.Sm on
The minimum allowed password lengths for different kinds of
passwords/passphrases.
@@ -98,16 +98,16 @@
letters, and other characters.
There is also a special class for
.No non- Ns Tn ASCII
-characters which could not
-be classified, but are assumed to be non-digits.
+characters, which could not be classified, but are assumed to be non-digits.
.Pp
.Ar N1
is used for passwords consisting of characters from two character
-classes which do not meet the requirements for a passphrase.
+classes that do not meet the requirements for a passphrase.
.Pp
.Ar N2
is used for passphrases.
-A passphrase must consist of sufficient words (see the
+Note that besides meeting this length requirement,
+a passphrase must also consist of a sufficient number of words (see the
.Cm passphrase
option below).
.Pp
@@ -128,7 +128,7 @@
.It Cm max Ns = Ns Ar N
.Pq Cm max Ns = Ns 40
The maximum allowed password length.
-This can be used to prevent users from setting passwords which may be
+This can be used to prevent users from setting passwords that may be
too long for some system services.
The value 8 is treated specially: if
.Cm max
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_passwdqc-1.0.2/pam_passwdqc.c new/pam_passwdqc-1.0.5/pam_passwdqc.c
--- old/pam_passwdqc-1.0.2/pam_passwdqc.c 2005-05-18 20:18:59.000000000 +0200
+++ new/pam_passwdqc-1.0.5/pam_passwdqc.c 2008-02-12 21:11:13.000000000 +0100
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000-2003,2005 by Solar Designer. See LICENSE.
+ * Copyright (c) 2000-2003,2005 by Solar Designer. See LICENSE.
*/
#ifdef __FreeBSD__
@@ -74,7 +74,7 @@
static params_t defaults = {
{
- {INT_MAX, 24, 12, 8, 7}, /* min */
+ {INT_MAX, 24, 11, 8, 7}, /* min */
40, /* max */
3, /* passphrase_words */
4, /* match_length */
@@ -126,7 +126,7 @@
"classes used.\n"
#define MESSAGE_EXPLAIN_PASSPHRASE \
"A passphrase should be of at least %d words, %d to %d characters\n" \
- "long and contain enough different characters.\n"
+ "long, and contain enough different characters.\n"
#define MESSAGE_RANDOM \
"Alternatively, if noone else can see your terminal now, you can\n" \
"pick this as your password: \"%s\".\n"
@@ -161,6 +161,7 @@
struct pam_message msg, *pmsg;
int status;
+ *resp = NULL;
status = pam_get_item(pamh, PAM_CONV, &item);
if (status != PAM_SUCCESS)
return status;
@@ -170,7 +171,6 @@
msg.msg_style = style;
msg.msg = text;
- *resp = NULL;
return conv->conv(1, (lo_const struct pam_message **)&pmsg, resp,
conv->appdata_ptr);
}
@@ -192,7 +192,8 @@
if ((unsigned int)needed < sizeof(buffer)) {
status = converse(pamh, style, buffer, &resp);
- _pam_overwrite(buffer);
+ pwqc_overwrite_string(buffer);
+ pwqc_drop_pam_reply(resp, 1);
} else {
status = PAM_ABORT;
memset(buffer, 0, sizeof(buffer));
@@ -411,7 +412,7 @@
if (resp && resp->resp) {
status = pam_set_item(pamh,
PAM_OLDAUTHTOK, resp->resp);
- _pam_drop_reply(resp, 1);
+ pwqc_drop_pam_reply(resp, 1);
} else
status = PAM_AUTHTOK_RECOVERY_ERR;
}
@@ -530,7 +531,7 @@
status = say(pamh, PAM_TEXT_INFO, randomonly ?
MESSAGE_RANDOMONLY : MESSAGE_RANDOM, randompass);
if (status != PAM_SUCCESS) {
- _pam_overwrite(randompass);
+ pwqc_overwrite_string(randompass);
randompass = NULL;
}
} else
@@ -545,16 +546,16 @@
status = PAM_AUTHTOK_ERR;
if (status != PAM_SUCCESS) {
- if (randompass) _pam_overwrite(randompass);
+ pwqc_overwrite_string(randompass);
return status;
}
trypass = strdup(resp->resp);
- _pam_drop_reply(resp, 1);
+ pwqc_drop_pam_reply(resp, 1);
if (!trypass) {
- if (randompass) _pam_overwrite(randompass);
+ pwqc_overwrite_string(randompass);
return PAM_AUTHTOK_ERR;
}
@@ -591,7 +592,7 @@
retry_wanted = 1;
}
}
- _pam_drop_reply(resp, 1);
+ pwqc_drop_pam_reply(resp, 1);
} else
status = PAM_AUTHTOK_ERR;
}
@@ -599,9 +600,9 @@
if (status == PAM_SUCCESS)
status = pam_set_item(pamh, PAM_AUTHTOK, trypass);
- if (randompass) _pam_overwrite(randompass);
- _pam_overwrite(trypass);
- free(trypass);
+ pwqc_overwrite_string(randompass);
+ pwqc_overwrite_string(trypass);
+ pwqc_drop_mem(trypass);
if (retry_wanted && --retries_left > 0) {
status = say(pamh, PAM_TEXT_INFO, MESSAGE_RETRY);
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_passwdqc-1.0.2/pam_passwdqc.map new/pam_passwdqc-1.0.5/pam_passwdqc.map
--- old/pam_passwdqc-1.0.2/pam_passwdqc.map 1970-01-01 01:00:00.000000000 +0100
+++ new/pam_passwdqc-1.0.5/pam_passwdqc.map 2005-11-16 14:28:58.000000000 +0100
@@ -0,0 +1,14 @@
+# $Owl: Owl/packages/pam_passwdqc/pam_passwdqc/pam_passwdqc.map,v 1.2 2005/11/16 13:28:58 solar Exp $
+
+{
+ global:
+ pam_sm_acct_mgmt;
+ pam_sm_authenticate;
+ pam_sm_chauthtok;
+ pam_sm_close_session;
+ pam_sm_open_session;
+ pam_sm_setcred;
+
+ local:
+ *;
+};
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_passwdqc-1.0.2/pam_passwdqc.spec new/pam_passwdqc-1.0.5/pam_passwdqc.spec
--- old/pam_passwdqc-1.0.2/pam_passwdqc.spec 2005-05-18 20:29:35.000000000 +0200
+++ new/pam_passwdqc-1.0.5/pam_passwdqc.spec 2008-02-12 21:28:48.000000000 +0100
@@ -1,13 +1,14 @@
-# $Id: pam_passwdqc.spec,v 1.30 2005/05/18 18:29:35 solar Exp $
+# $Owl: Owl/packages/pam_passwdqc/pam_passwdqc/pam_passwdqc.spec,v 1.38 2008/02/12 20:28:48 solar Exp $
Summary: Pluggable password quality-control module.
Name: pam_passwdqc
-Version: 1.0.2
+Version: 1.0.5
Release: owl1
License: BSD-compatible
Group: System Environment/Base
URL: http://www.openwall.com/passwdqc/
Source: ftp://ftp.openwall.com/pub/projects/pam/modules/%name/%name-%version.tar.gz
+BuildRequires: pam-devel
BuildRoot: /override/%name-%version
%description
@@ -21,114 +22,133 @@
%setup -q
%build
-make CFLAGS="-Wall -fPIC -DHAVE_SHADOW -DLINUX_PAM $RPM_OPT_FLAGS"
+%__make CFLAGS="-Wall -fPIC -DLINUX_PAM %optflags"
%install
rm -rf %buildroot
-make install DESTDIR=%buildroot MANDIR=%_mandir
+%__make install DESTDIR=%buildroot MANDIR=%_mandir SECUREDIR=/%_lib/security
%files
%defattr(-,root,root)
%doc LICENSE README
-/lib/security/pam_passwdqc.so
+/%_lib/security/pam_passwdqc.so
%_mandir/man*/*
%changelog
-* Wed May 18 2005 Solar Designer 1.0.2-owl1
+* Tue Feb 12 2008 Solar Designer 1.0.5-owl1
+- Replaced the separator characters with some of those defined by RFC 3986
+as being safe within "userinfo" part of URLs without encoding.
+- Reduced the default value for the N2 parameter to min=... (the minimum
+length for passphrases) from 12 to 11.
+- Corrected the potentially misleading description of N2 (Debian bug #310595).
+- Applied minor grammar and style corrections to the documentation, a
+pam_passwdqc message, and source code comments.
+
+* Tue Apr 04 2006 Dmitry V. Levin 1.0.4-owl1
+- Changed Makefile to pass list of libraries to linker after regular
+object files, to fix build with -Wl,--as-needed.
+- Corrected specfile to make it build on x86_64.
+
+* Wed Aug 17 2005 Dmitry V. Levin 1.0.3-owl1
+- Fixed potential memory leak in conversation wrapper.
+- Restricted list of global symbols exported by the PAM module
+to standard set of six pam_sm_* functions.
+
+* Wed May 18 2005 Solar Designer 1.0.2-owl1
- Fixed compiler warnings seen on FreeBSD 5.3.
- Updated the Makefile to not require editing on FreeBSD.
- Updated the FreeBSD-specific notes in PLATFORMS.
-* Sun Mar 27 2005 Solar Designer 1.0.1-owl1
+* Sun Mar 27 2005 Solar Designer 1.0.1-owl1
- Further compiler warning fixes on LP64 platforms.
-* Fri Mar 25 2005 Solar Designer 1.0-owl1
+* Fri Mar 25 2005 Solar Designer 1.0-owl1
- Corrected the source code to not break C strict aliasing rules.
-* Wed Jan 26 2005 Solar Designer 0.7.6-owl1
+* Wed Jan 26 2005 Solar Designer 0.7.6-owl1
- Disallow unreasonable random= settings.
- Clarified the allowable bit sizes for randomly-generated passphrases and
the lack of relationship between passphrase= and random= options.
-* Fri Oct 31 2003 Solar Designer 0.7.5-owl1
+* Fri Oct 31 2003 Solar Designer 0.7.5-owl1
- Assume invocation by root only if both the UID is 0 and the PAM service
name is "passwd"; this should solve changing expired passwords on Solaris
and HP-UX and make "enforce=users" safe.
- Produce proper English explanations for a wider variety of settings.
- Moved the "-c" out of CFLAGS, renamed FAKEROOT to DESTDIR.
-* Sat Jun 21 2003 Solar Designer 0.7.4-owl1
+* Sat Jun 21 2003 Solar Designer 0.7.4-owl1
- Documented that "enforce=users" may not always work for services other
than the passwd command.
- Applied a patch to PLATFORMS from Mike Gerdts of GE Medical Systems
to reflect how Solaris 8 patch 108993-18 (or 108994-18 on x86) changes
Solaris 8's PAM implementation to look like Solaris 9.
-* Mon Jun 02 2003 Solar Designer 0.7.3.1-owl1
+* Mon Jun 02 2003 Solar Designer 0.7.3.1-owl1
- Added URL.
-* Thu Oct 31 2002 Solar Designer 0.7.3-owl1
+* Thu Oct 31 2002 Solar Designer 0.7.3-owl1
- When compiling with gcc, also link with gcc.
- Use $(MAKE) to invoke sub-makes.
-* Fri Oct 04 2002 Solar Designer
+* Fri Oct 04 2002 Solar Designer
- Solaris 9 notes in PLATFORMS.
-* Wed Sep 18 2002 Solar Designer
+* Wed Sep 18 2002 Solar Designer
- Build with Sun's C compiler cleanly, from Kevin Steves.
- Use install -c as that actually makes a difference on at least HP-UX
(otherwise install would possibly move files and not change the owner).
-* Fri Sep 13 2002 Solar Designer
+* Fri Sep 13 2002 Solar Designer
- Have the same pam_passwdqc binary work for both trusted and non-trusted
HP-UX, from Kevin Steves.
-* Fri Sep 06 2002 Solar Designer
+* Fri Sep 06 2002 Solar Designer
- Use bigcrypt() on HP-UX whenever necessary, from Kevin Steves of Atomic
Gears LLC.
- Moved the old password checking into a separate function.
-* Wed Jul 31 2002 Solar Designer
+* Wed Jul 31 2002 Solar Designer
- Call it 0.6.
-* Sat Jul 27 2002 Solar Designer
+* Sat Jul 27 2002 Solar Designer
- Documented that the man page is under the 3-clause BSD-style license.
- HP-UX 11 support.
-* Tue Jul 23 2002 Solar Designer
+* Tue Jul 23 2002 Solar Designer
- Applied minor corrections to the man page and at the same time eliminated
unneeded/unimportant differences between it and the README.
-* Sun Jul 21 2002 Solar Designer
+* Sun Jul 21 2002 Solar Designer
- 0.5.1: imported the pam_passwdqc(8) manual page back from FreeBSD.
-* Tue Apr 16 2002 Solar Designer
+* Tue Apr 16 2002 Solar Designer
- 0.5: preliminary OpenPAM (FreeBSD-current) support in the code and related
code cleanups (thanks to Dag-Erling Smorgrav).
-* Thu Feb 07 2002 Michail Litvak
+* Thu Feb 07 2002 Michail Litvak
- Enforce our new spec file conventions.
-* Sun Nov 04 2001 Solar Designer
+* Sun Nov 04 2001 Solar Designer
- Updated to 0.4:
- Added "ask_oldauthtok" and "check_oldauthtok" as needed for stacking with
the Solaris pam_unix;
- Permit for stacking of more than one instance of this module (no statics).
-* Tue Feb 13 2001 Solar Designer
+* Tue Feb 13 2001 Solar Designer
- Install the module as mode 755.
-* Tue Dec 19 2000 Solar Designer
+* Tue Dec 19 2000 Solar Designer
- Added "-Wall -fPIC" to the CFLAGS.
-* Mon Oct 30 2000 Solar Designer
+* Mon Oct 30 2000 Solar Designer
- 0.3: portability fixes (this might build on non-Linux-PAM now).
-* Fri Sep 22 2000 Solar Designer
+* Fri Sep 22 2000 Solar Designer
- 0.2: added "use_authtok", added README.
-* Fri Aug 18 2000 Solar Designer
+* Fri Aug 18 2000 Solar Designer
- 0.1, "retry_wanted" bugfix.
-* Sun Jul 02 2000 Solar Designer
+* Sun Jul 02 2000 Solar Designer
- Initial version (non-public).
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_passwdqc-1.0.2/passwdqc_check.c new/pam_passwdqc-1.0.5/passwdqc_check.c
--- old/pam_passwdqc-1.0.2/passwdqc_check.c 2002-04-16 17:59:04.000000000 +0200
+++ new/pam_passwdqc-1.0.5/passwdqc_check.c 2008-02-12 20:31:52.000000000 +0100
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000-2002 by Solar Designer. See LICENSE.
+ * Copyright (c) 2000-2002 by Solar Designer. See LICENSE.
*/
#include
@@ -39,7 +39,7 @@
/*
* Calculates the expected number of different characters for a random
- * password of a given length. The result is rounded down. We use this
+ * password of a given length. The result is rounded down. We use this
* with the _requested_ minimum length (so longer passwords don't have
* to meet this strict requirement for their length).
*/
@@ -95,8 +95,8 @@
c = (unsigned char)newpass[length - 1];
if (digits && isascii(c) && isdigit(c)) digits--;
-/* Count the number of different character classes we've seen. We assume
- * that there're no non-ASCII characters for digits. */
+/* Count the number of different character classes we've seen. We assume
+ * that there are no non-ASCII characters for digits. */
classes = 0;
if (digits) classes++;
if (lowers) classes++;
@@ -242,13 +242,13 @@
/*
* This wordlist check is now the least important given the checks above
* and the support for passphrases (which are based on dictionary words,
- * and checked by other means). It is still useful to trap simple short
+ * and checked by other means). It is still useful to trap simple short
* passwords (if short passwords are allowed) that are word-based, but
* passed the other checks due to uncommon capitalization, digits, and
- * special characters. We (mis)use the same set of words that are used
- * to generate random passwords. This list is much smaller than those
+ * special characters. We (mis)use the same set of words that are used
+ * to generate random passwords. This list is much smaller than those
* used for password crackers, and it doesn't contain common passwords
- * that aren't short English words. Perhaps support for large wordlists
+ * that aren't short English words. Perhaps support for large wordlists
* should still be added, even though this is now of little importance.
*/
static int is_word_based(passwdqc_params_t *params,
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_passwdqc-1.0.2/passwdqc.h new/pam_passwdqc-1.0.5/passwdqc.h
--- old/pam_passwdqc-1.0.2/passwdqc.h 2002-04-16 17:59:06.000000000 +0200
+++ new/pam_passwdqc-1.0.5/passwdqc.h 2008-02-12 20:30:00.000000000 +0100
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000-2002 by Solar Designer. See LICENSE.
+ * Copyright (c) 2000-2002 by Solar Designer. See LICENSE.
*/
#ifndef _PASSWDQC_H
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_passwdqc-1.0.2/passwdqc_random.c new/pam_passwdqc-1.0.5/passwdqc_random.c
--- old/pam_passwdqc-1.0.2/passwdqc_random.c 2005-03-27 19:34:06.000000000 +0200
+++ new/pam_passwdqc-1.0.5/passwdqc_random.c 2008-02-12 20:11:56.000000000 +0100
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000-2002,2005 by Solar Designer. See LICENSE.
+ * Copyright (c) 2000-2002,2005,2008 by Solar Designer. See LICENSE.
*/
#include
@@ -10,7 +10,17 @@
#include "passwdqc.h"
-#define SEPARATORS "_,.;:-!&"
+/*
+ * We separate words in the generated "passphrases" with random special
+ * characters out of a set of 8 (so we encode 3 bits per separator
+ * character). To enable the use of our "passphrases" within FTP URLs
+ * (and similar), we pick characters that are defined by RFC 3986 as
+ * being safe within "userinfo" part of URLs without encoding and
+ * without having a special meaning. Out of those, we avoid characters
+ * that are visually ambiguous or difficult over the phone. This
+ * happens to leave us with exactly 8 characters.
+ */
+#define SEPARATORS "-_!$&*+="
static int read_loop(int fd, unsigned char *buffer, int count)
{
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_passwdqc-1.0.2/PLATFORMS new/pam_passwdqc-1.0.5/PLATFORMS
--- old/pam_passwdqc-1.0.2/PLATFORMS 2005-05-18 20:06:14.000000000 +0200
+++ new/pam_passwdqc-1.0.5/PLATFORMS 2005-11-16 14:28:57.000000000 +0100
@@ -37,4 +37,4 @@
process characters past 8. Of course this way you only get about one
third of the functionality of pam_passwdqc.
-$Id: PLATFORMS,v 1.9 2005/05/18 18:06:14 solar Exp $
+$Owl: Owl/packages/pam_passwdqc/pam_passwdqc/PLATFORMS,v 1.10 2005/11/16 13:28:57 solar Exp $
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_passwdqc-1.0.2/README new/pam_passwdqc-1.0.5/README
--- old/pam_passwdqc-1.0.2/README 2005-01-25 22:59:35.000000000 +0100
+++ new/pam_passwdqc-1.0.5/README 2008-02-12 20:43:33.000000000 +0100
@@ -18,7 +18,7 @@
There's a number of supported options which can be used to modify the
behavior of pam_passwdqc (defaults are given in square brackets):
- min=N0,N1,N2,N3,N4 [min=disabled,24,12,8,7]
+ min=N0,N1,N2,N3,N4 [min=disabled,24,11,8,7]
The minimum allowed password lengths for different kinds of passwords
and passphrases. The keyword "disabled" can be used to disallow
@@ -28,13 +28,14 @@
N0 is used for passwords consisting of characters from one character
class only. The character classes are: digits, lower-case letters,
upper-case letters, and other characters. There is also a special
-class for non-ASCII characters which could not be classified, but are
+class for non-ASCII characters, which could not be classified, but are
assumed to be non-digits.
N1 is used for passwords consisting of characters from two character
-classes which do not meet the requirements for a passphrase.
+classes that do not meet the requirements for a passphrase.
-N2 is used for passphrases. A passphrase must consist of sufficient
+N2 is used for passphrases. Note that besides meeting this length
+requirement, a passphrase must also consist of a sufficient number of
words (see the "passphrase" option below).
N3 and N4 are used for passwords consisting of characters from three
@@ -51,7 +52,7 @@
max=N [max=40]
The maximum allowed password length. This can be used to prevent
-users from setting passwords which may be too long for some system
+users from setting passwords that may be too long for some system
services.
The value 8 is treated specially: with max=8, passwords longer than 8
@@ -144,4 +145,4 @@
--
Solar Designer <solar at openwall.com>
-$Id: README,v 1.6 2005/01/25 21:59:35 solar Exp $
+$Owl: Owl/packages/pam_passwdqc/pam_passwdqc/README,v 1.11 2008/02/12 19:43:33 solar Exp $
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org