Home | Back
Version 1.98
============

Fixed some possible crashes and minor issues:

* Under some conditions, there is a double-free bug
  in pam_ssh. The data of the "ssh_agent_env_agent"
  pam_handle_t's item may have been free'd without being
  nullified, which trigger a bug on the cleanup phase.
  (ticket #13 double-free bug with pam_ssh-1.97)
* Before executing ssh-agent, pam_ssh restores root
  privileges with openpam_restore_cred, then uses only setuid
  to adjust privileges. Thus ssh-agent runs with gid 0.
  (ticket #12 pam_ssh doesn't set gid/groups before executing ssh-agent)
* Clear signal mask before executing ssh-agent as
  pam_ssh code can be called from kdm with blocked TERM signal
  which would be inherited by ssh-agent
* fixed crash caused by EOF password
  (ticket 14 pam_ssh segfaults on abort with empty password)


Version 1.97
============

SECURITY FIX: pam_ssh used a certain prompt if a user found to exist
to ask for the SSH passphrase explicitely depending on whether the
username was valid or invalid, which made it easier for remote
attackers to enumerate usernames. (CVE-2009-1273)


**********************************************************************
* The pam_ssh maintained on Novell's DeveloperNet got merged back    *
* to SourceForge with Version 1.96 and syncs both up to the same     *
* level. The DeveloperNet version isn't going to maintained further  *
* http://developer.novell.com/wiki/index.php/Pam_ssh                 *
**********************************************************************

Version 1.96 (Novell DeveloperNet)
============

SECURITY FIX: The allow_blank_passphrase option was defeatable simply
by entering a random but non-blank passphrase.  Thanks to Rob
Henderson for the report.

Version 1.95 (Novell DeveloperNet)
============

Bugfix release to avoid double-free and and a null-pointer dereference
issues.

Version 1.94 (Novell DeveloperNet)
============

Improved logging and bugfix release with improved recovery after
system crashes.

Version 1.93 (Novell DeveloperNet)
============

The option to allow blank passphrases is now 'nullok' while the old
option is still available but deprecated.
The debug option is now really supported as documented.
We didn't start the ssh-agent if the close_session module wasn't  called
correctly but the ssh-agent was killed (e.g. system crashes).
That should be solved in almost all cases now.

Version 1.92 (Novell DeveloperNet)
============

The module is usable now for session use only if wanted. It starts
an ssh-agent without adding keys to it in that case.

Version 1.92 (SourceForge)
============

SECURITY FIX: The allow_blank_passphrase option was defeatable simply
by entering a random but non-blank passphrase.  Thanks to Rob
Henderson for the report.

Version 1.91
============

Don't allow blank passphrases by default.  Add option
allow_blank_passphrase to re-enable them.  Thanks to red0x for the
suggestion.

Version 1.9
===========

Code cleanup release.  Updated OpenSSH compatibility code to 3.7.1p2.
Updated for newer Autoconf and Automake.  Plus we use Autoheader now.

Version 1.8
===========

This version is more portable about the way it juggles user IDs when
starting the agent.  As a result, it works on Linux systems.  Also,
it tries to run as the user rather than root as much as possible.

Other portability changes were made--pam_ssh should now work on
Mac OS X systems.

Version 1.7
===========

Mark R V Murray of the FreeBSD project wrote a manual page, which we
now include in the distribution.

We now use Automake, Autoconf, and Libtool.  I think a guy named Trey
donated most of the Autoconf logic, which I probably ended up marring
beyond recognition.  Trey, if you're out there, drop me another note
so I can give you proper credit.

In this version we fixed a bunch of bugs and added support for OpenPAM
and pam_std_option(), all thanks to FreeBSD.  The OpenSSH code has
been updated to 3.4p1.

Version 1.6
===========

Only one agent is started per user per host.  Thanks to
<hmh@debian.org> for this idea.  Each agent has an associated file
with environment data (.ssh/agent-<hostname>).  When a concurrent
session is started, the session phase need only pass this environment
data to the application rather than starting a new agent and adding
the keys.  A filename (.ssh/agent-<host>-<tty> or
.ssh/agent-<host>-<display>) is hard linked to this environment file
for each session to keep a reference count of the number of sessions
using the agent.  Only when the count drops to zero is the agent
killed.

Added keyfiles option to specify which key files to use for
authentication.  Only these keys will be given to the agent in the
session phase.

Updated OpenSSH code to version 2.9p2.