-
Notifications
You must be signed in to change notification settings - Fork 51
/
ChangeLog
240 lines (199 loc) · 7.34 KB
/
ChangeLog
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
31- May 2021
- Version 0.6.12
- Limit signature length to 65536 bytes.
- Workaround for buggy PKCS#11 C_Sign() implementation that always
returns the same signature length along with
CKR_BUFFER_TOO_SMALL.
- Don't stuck if wait_for_card=false and ignore the token not found
error when the authentication isn't restricted to card only
(either by the option `card_only` or by PKCS11_LOGIN_TOKEN_NAME
environment variable).
- Added the example PAM configuration which uses the ignore status
result.
- Added `screen_savers` to example config.
- Fixes to deal with old and new OpenSSL versions.
- Various small fixes including type casts and printf() formats.
22- May 2019
- Version 0.6.11
- Support OpenSSL 1.1.0
- use green instead of blue text for logs on the console
- Solaris runs build process outside of srcdir
- Fix openssh_mapper_match_keys() for OpenSSL 1.0 & 1.1
- Fix 64-bit pkcs11_inspect(1) fails on SPARC with a SIBGUS due to misaligned access
- Add support of ECDSA signature in addition to RSA
12- Sep 2018
- Version 0.6.10 is out.
- Fixed some security issues (thx @frankmorgner):
(https://www.x41-dsec.de/lab/advisories/x41-2018-003-pam_pkcs11/)
-- fixed buffer overflow with long home directory;
-- fixed wiping secrets (now using OpenSSL_cleanse());
-- verify using a nonce from the system, not the card.
08- Sep 2005
- Fixes to pam_pkcs11.spec
07- Sep 2005
- Conditional compilation of pcsc-lite, curl and ldap dependent
modules
- Added LDAP mapper. Thanks to Dominik Fisher
- TODO roadmap updated
06- Sep 2005
- Add new OpenSSH mapper. Thanks again Andreas for pam_openssh module
03- Sep 2005
- Add base64 encoding functions
02- Sep 2005
- Make source doxygen friendly
01- Sep 2005
- Finished OpenSC mapper. Thanks to Andreas for their pam_opensc module
- New .spec file
- Cleaning tasks to prepare next release
31- Aug 2005
- Include HOWTO in Pam-pkcs11 manual
- Several fixes in src/mappers/Makefile.am to properly manage libraries
30- Aug 2005
- Allow static mapper to be instantiated with defaults if
no configuration block defined
- Documentation updates
- Make pam_pkcs11.so to be installed at /lib/security
- Debugging improvements
29- Aug 2005
- Mappers can be now statically linked
- Added Mapper API documentation
- Moved most of mappers to be static
28- Aug 2005
- Documentation Updates
- Created libmapper
- pam_sm_authenticate fail on xdmcp remote users
05- Jul 2005
- Many improvements to code by Ludovic Rousseau
- Configure.in library checks improvements
- Do not compile card-eventmgr if pcsc is not installed
09- Jun 2005
- Preliminary works on OpenSC mapper
06- Jun 2005
- Added openssh mapper
- Now pam_pkcs11 generates PEM data for cert and pubk
- Many bugfixes
14- Apr 2005
- finish coding of generic_maper
- Move common code of pwent_mapper to mapper.c and mapper.h
- Fix MAINTAINERCLEAN entries in some Makefile.am files
11- Apr 2005
- Change package name to pam-pkcs11
- Change directory names according with package name
- Rewrite pwent mapper to use cert_info library
08- Apr 2005
- Some typos in some messages
- Make sources more "gcc -pedantic" friendly.
- Changes in DBG(X) macros, to be C99 compliant
07- Apr 2005
- pkcs11_login-0.5.1 is out
- Fix configure.in AM_MAINTAINER_MODE
- Makefile fixes
- Fix some typos and sample files
04- Apr 2005
- Tarball moved to OpenSC Project web pages
02- Apr 2005
- pkcs11_login-0.5 is out
- Mail mapper rewritten to use cert_info lib
- First works on mapper api:
. create structs and macros in mapper.h
. rewrite mappers to initialize mapper_module_st entries
- Published roadmap to 1.0 version. See TODO file
- Fix: Dont free key/value map entries, as they come from buffer entry
31- Mar 2005
- Added CA & CRL mgmnt doc to manual
- Changed occurrences of "if (!x) free(x)" to "free(x)" as glibc
already does proper null check
- Finished krb_mapper ( no pkinit, just kpn -> login map ).
NOTE: I assume that KPN is stored as ASN1_STRING, but cannot
deduce it from RFC's
- MS mapper rewritten to use cert_info lib
29- Mar 2005
- Manual rewritten in xml format
- Check for manual in html format. Re-generate if not present
- pkcs11_eventmgr: reset time_counter on expire() event fixed
- Update .spec file to release 0.5-0
28- Mar 2005
- pkcs11_login-0.5beta1 is out
- Manual and web page updated
22- Mar 2005
- recoded cn and krb mappers to use cert_info library
- buxfix in conf file
20- Mar 2005
- New tool: pkcs11_inspect, to see contents of certificate
- Man pages: several typos and bugfixes
- Recoded uid mapper to use cert_info library
18- Mar 2005
- No more warns in compile: fix "-no-strict-alias" cflag when
linking with /usr/lib/libpam.so
- Several bugfixes and configuration files typos.
- Updated .spec file
- New files cert_info.[ch] to get and show cert contents.
This will allow coding of some tools to inspect certificates
without loading mapper modules
- Re-coded digest and subject mapper to use cert_info library.
The idea is:
1- Get all mappers use cert_info library
2- join all mappers in one big dynload module to
store all pre-defined mappers
17- Mar 2005
- Add mapper module function: mapper_find_entries(), in module
API to get textual (ie: without mapping) entries on certificate
- Reorganize sources: add src/common directory for shared code
and move most of common functions there to create a library
- Fixed tons of warnings related to "const char *" typecast
- Rename cert.[ch] to cert_vfy.[ch]
15- Mar 2005
- Add Certificate Digest mapper ( updated doc and sample files )
4- Mar 2005
- Added mapfiles to UID mapper
- ms_mapper now works properly ( sorry, no ADS connection yet :-( )
- Updated doc and sample files
3- Mar 2005
- Implemented routines API for file mapping:
{set,get,end}_mapfile()
mapfile_{find,match}()
- Implemented mapfiles in mail_mapper
- Added mapfiles to cn_mapper
- file_mapper changed to subject_mapper
1- Mar 2005
- Pkcs#11-Login 0.4.4 is out.
- New web pages
28- Feb 2005
- New pkcs11_eventmgr tool. card_eventmgr is now deprecated,
but still supported
- Updated manual
24- Feb 2005
- Proper detect [no]debug commandline option
- Updated manual
- Fixed pcsc-lite version control in card_eventmgr.c
- Several configure.in compatibility issues
16- Feb 2005
- Move scconf to be statically linked
- New tool: pklogin_finder
- Some manual pages
- Redhat .spec file
- Bugfixes
11- Feb 2005
- Works on Card Event manager finished
- Update documentation
10- Feb 2005
- Preliminary version of card_eventmgr tool to detect
insert/extract card events and launch proper actions
9- Feb 2005
- Allow empty strings as user name, and deduce login from certificate
- Bugfix: call close_pkcs11_session() on all error conditions
- Updated manuals and README's
8- Feb 2005
- New pw_mapper CN-to-getpwent() mapper
- Ignoredomain support for mail_mapper
- Minor bugs in cn and uid mappers
7- Feb 2005
pkcs11_login-0.4 released:
- Now pam_pkcs11 can take arguments from command line
or via configuration file
- Certificate to User mappin has been modularized
- Preliminary works on entering session without userlogin prompt:
just insert certificate and enter PIN
2- Feb 2005
Thanks Mario Strasser for allow me re-work in their pam_pkcs11
module and re-release it under LGPL