Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Newer
Older
100644 118 lines (86 sloc) 3.964 kB
52d5923 @marschap Imported Upstream version 1.97
authored
1 $Id: NEWS,v 1.12 2009/04/11 19:43:44 rosenauer Exp $
dbb6559 @marschap Imported Upstream version 1.92
authored
2
52d5923 @marschap Imported Upstream version 1.97
authored
3 Version 1.97
4 ============
5
6 SECURITY FIX: pam_ssh used a certain prompt if a user found to exist
7 to ask for the SSH passphrase explicitely depending on whether the
8 username was valid or invalid, which made it easier for remote
9 attackers to enumerate usernames. (CVE-2009-1273)
10
11
12 **********************************************************************
13 * The pam_ssh maintained on Novell's DeveloperNet got merged back *
14 * to SourceForge with Version 1.96 and syncs both up to the same *
15 * level. The DeveloperNet version isn't going to maintained further *
16 * http://developer.novell.com/wiki/index.php/Pam_ssh *
17 **********************************************************************
18
19 Version 1.96 (Novell DeveloperNet)
20 ============
21
22 SECURITY FIX: The allow_blank_passphrase option was defeatable simply
23 by entering a random but non-blank passphrase. Thanks to Rob
24 Henderson for the report.
25
26 Version 1.95 (Novell DeveloperNet)
27 ============
28
29 Bugfix release to avoid double-free and and a null-pointer dereference
30 issues.
31
32 Version 1.94 (Novell DeveloperNet)
33 ============
34
35 Improved logging and bugfix release with improved recovery after
36 system crashes.
37
38 Version 1.93 (Novell DeveloperNet)
39 ============
40
41 The option to allow blank passphrases is now 'nullok' while the old
42 option is still available but deprecated.
43 The debug option is now really supported as documented.
44 We didn't start the ssh-agent if the close_session module wasn't called
45 correctly but the ssh-agent was killed (e.g. system crashes).
46 That should be solved in almost all cases now.
47
48 Version 1.92 (Novell DeveloperNet)
49 ============
50
51 The module is usable now for session use only if wanted. It starts
52 an ssh-agent without adding keys to it in that case.
53
54 Version 1.92 (SourceForge)
dbb6559 @marschap Imported Upstream version 1.92
authored
55 ============
56
57 SECURITY FIX: The allow_blank_passphrase option was defeatable simply
58 by entering a random but non-blank passphrase. Thanks to Rob
59 Henderson for the report.
60
61 Version 1.91
62 ============
63
64 Don't allow blank passphrases by default. Add option
65 allow_blank_passphrase to re-enable them. Thanks to red0x for the
66 suggestion.
67
68 Version 1.9
69 ===========
70
71 Code cleanup release. Updated OpenSSH compatibility code to 3.7.1p2.
72 Updated for newer Autoconf and Automake. Plus we use Autoheader now.
73
74 Version 1.8
75 ===========
76
77 This version is more portable about the way it juggles user IDs when
78 starting the agent. As a result, it works on Linux systems. Also,
79 it tries to run as the user rather than root as much as possible.
80
81 Other portability changes were made--pam_ssh should now work on
82 Mac OS X systems.
83
84 Version 1.7
85 ===========
86
87 Mark R V Murray of the FreeBSD project wrote a manual page, which we
88 now include in the distribution.
89
90 We now use Automake, Autoconf, and Libtool. I think a guy named Trey
91 donated most of the Autoconf logic, which I probably ended up marring
92 beyond recognition. Trey, if you're out there, drop me another note
93 so I can give you proper credit.
94
95 In this version we fixed a bunch of bugs and added support for OpenPAM
96 and pam_std_option(), all thanks to FreeBSD. The OpenSSH code has
97 been updated to 3.4p1.
98
99 Version 1.6
100 ===========
101
102 Only one agent is started per user per host. Thanks to
103 <hmh@debian.org> for this idea. Each agent has an associated file
104 with environment data (.ssh/agent-<hostname>). When a concurrent
105 session is started, the session phase need only pass this environment
106 data to the application rather than starting a new agent and adding
107 the keys. A filename (.ssh/agent-<host>-<tty> or
108 .ssh/agent-<host>-<display>) is hard linked to this environment file
109 for each session to keep a reference count of the number of sessions
110 using the agent. Only when the count drops to zero is the agent
111 killed.
112
113 Added keyfiles option to specify which key files to use for
114 authentication. Only these keys will be given to the agent in the
115 session phase.
116
117 Updated OpenSSH code to version 2.9p2.
Something went wrong with that request. Please try again.