SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for pam_u2f-debugsource-1.3.2-1.1.x86_64.rpm :

* Tue Jan 21 2025 Paolo Perego - update to 1.3.2:
* Relax authfile permission check to a warning instead of an error to prevent a breaking change locking existing users out of their systems.
* Wed Jan 15 2025 Paolo Perego - update to 1.3.1:
* Fix incorrect usage of PAM_IGNORE (YSA-2025-01, CVE-2025-23013).
* Changed return value when nouserok is enabled and the user has no credentials, PAM_IGNORE is used instead of PAM_SUCCESS.
* Hardened checks of authfile permissions.
* Hardened checks for nouserok.
* Improved debug messages.
* Improved documentation.
* Sat Apr 15 2023 Dirk Müller - update to 1.3.0:
* Add sanity checking of UV options to pamu2fcfg.
* Add support for username expansion in the authfile path.
* Improvements to the documentation.
* Sun May 29 2022 Dirk Müller - update to 1.2.1:
* Fixed an issue where native credentials could be truncated, resulting in failure to authenticate or successful authentication with missing options.
* Stricter parsing of sshformat credentials.
* pamu2fcfg now allows a combination of the --username and --nouser options.
* Improved documentation on FIDO2 options.- add keyring for validation
* Mon Oct 18 2021 Torsten Gruner - Define macro _pam_moduledir if not set to fix builds for Leap and SLE
* Wed Oct 13 2021 Paolo Perego - Update to version 1.2.0 (released 2021-09-22)
* Added support for EdDSA keys.
* Added support for SSH ed25519-sk keys.
* Added authenticator filtering based on user verification options.
* Fixed an issue with privilege restoration on MacOS.
* Fixed an issue where credentials created with pamu2fcfg 1.0.8 or earlier were not handled correctly if their origin and appid differed.
* Miscellaneous improvements to the documentation.
* Miscellaneous minor bug fixes found by fuzzing.- Fix for bsc#1190961 - Removed hardcoded library pathnames using %{_pam_moduledir}
* Thu May 20 2021 Torsten Gruner - Update to version 1.1.1 (released 2021-05-19)
* Fix an issue where PIN authentication could be bypassed (CVE-2021-31924).
* Fix an issue with nodetect and non-resident credentials.
* Fix build issues with musl libc.
* Add support for self-attestation in pamu2fcfg.
* Fix minor bugs found by fuzzing.
* Thu Oct 15 2020 Ismail Dönmez - Update to version 1.1.0
* Add support to FIDO2 (move from libu2f-host+libu2f-server to libfido2)
* Add support to User Verification
* Add support to PIN Verification
* Add support to Resident Credentials
* Add support to SSH credential format- Drop libu2f-host and libu2f-server BuildRequires- Add BuildRequires on pkgconfig(libfido2)- Add explicit BuildRequires on pkgconfig(libcrypto), this was being pulled down implicitly before.
* Tue Jun 04 2019 Karol Babioch - Version 1.0.8 (released 2019-06-04)
* Fix insecure debug file handling CVE-2019-12209 (bsc#1135729).
* Fix debug file descriptor leak CVE-2019-12210 (bsc#1135727).
* Fix a non-critical buffer oob access.- Applied spec-cleaner
* Tue May 15 2018 kbabiochAATTsuse.com- Update to version 1.0.7: - Add authpending_file to signal authentication activity - Add nodetect to skip to avoid unnecessary cue messages
  
ICM