Linux-PAM-1.5.3

[Bruce Dubbs]

New point version.

[Xi Ruoyao]

Major changes

About 40 memory errors in code paths handling malloc failures have been fixed. While these issues shouldn't impact security, this improves robustness under memory pressure.

The result of generate-id() is now deterministic across multiple transformations fixing many issues with reproducible builds.

Most of the test suite has been ported to C.

Bug fixes

• Fix memory errors in code handling malloc failures
• imports: Fix import/include cycle check
• xsltlocale: Fix xsltNewLocale on macOS
• Make xsl:sort thread-safe
• Make generate-id() deterministic

Improvements

• Stop using xmlStringCurrentChar
• attributes.h needs to include xsltInternals.h (David Kilzer)
• transform: Avoid null deref on documents without root node
• numbers: Fix floating point overflows
• date: Fix integer overflow in exsltDateFormatDuration
• numbers: Fix harmless integer sign change
• date: Add more overflow checks to formatting code (David Kilzer)
• date: Fix rounding to make Windows tests pass
• date: Rewrite duration and seconds formatting
• xsltlocale: Make API platform-independent
• Also accept application/xslt+xml media type in stylesheet PIs
• warnings: Fix strict prototypes warning
• xsltEvalUserParams() and xsltQuoteUserParams() are susceptible to integer overflow when iterating through const char array (David Kilzer)
• xslt: Return NULL stylesheet on attribute set errors
• xsltproc: Fix unused variable warning
• xslt: Remove declaration for old libxml2
• Fix various compiler warnings
• Fix compiler warnings in xsltGenerateIdFunction
• Disable Python bindings for debugger
• Don't declare disabled functions
• Migrate from PyEval_ to PyObject_

Build system

• cmake: Use version script
• autotools: Link with --undefined-version
• win32: Remove broken libxslt.def.src
• Stop updating version script
• add support for Windows time functions (Rosen Penev)
• cmake: link against libm on UNIX systems (Alex Richardson)
• build: Add a distutils-based build system for the Python bits (Chun-wei Fan)
• CMake: Relax check for Python 3.x support on Windows (Chun-wei Fan)
• python/types.c: Fix building against older libxml2 (Chun-wei Fan)
• python/libxslt.c: Replace ssize_t with Py_ssize_t (Chun-wei Fan)
• cmake: Fix build with libxslt and libxml2 as subprojects
• cmake: Set SOVERSION
• cmake: Extract version from configure.ac
• Fix classic Windows configuration for libexslt (Christoph M. Becker)
• autotools: Fix Python tests in VPATH builds
• autotools: Disable parallel Python build
• autotools: Use AM_CFLAGS consistently
• autotools: Link with -no-undefined
• cmake: Fix Python installation
• cmake: Don't check for Python 2
• python: Don't output missing generators during build
• python: Create .pyd on Windows
• python: Fix build on Windows
• python: Support Python 3 on Windows
• cmake: Enable GCC compiler warnings
• Update GCC compiler warnings

Tests

• python: Remove temp file when running tests/basic.py
• fuzz: Improve fuzzers
• xsltlocale: Add test
• gitlab-ci: Reenable MSan and LeakSanitizer
• tests: Remove unused files
• tests: Enable runtest.exe under MSVC
• tests: Fix LIBXSLT_PLUGINS_PATH for multi-config CMake
• tests: Remove unused leak statistics
• tests: Skip some tests if iconv/ICU is disabled
• gitlab-ci: Run Autotools tests with out-of-tree (VPATH) builds
• tests: Port most of the test suite to C
• tests: Fix out-of-tree Python tests
• tests: Fix source directory for reports tests
• gitlab-ci: Consolidate CMake test scripts
• gitlab-ci: Only install cmake MinGW package if needed
• gitlab-ci: Install 7-Zip using the .msi
• gitlab-ci: Add CI job for MinGW/Autotools
• gitlab-ci: Disable MSan for now
• Run CI tests with -fsanitize=integer
• Fix EXSLT functions tests when libxml2 is built --without-debug
• Make CI tests exit on failure
• Run Python 3 CI job with minimal configuration
• Set library path when running Python tests

Documentation

• doc: Remove unused cross-reference data
• doc: Update apibuild.py

[Xi Ruoyao]

Release 1.5.3

• configure: added options to configure stylesheets.
• configure: added --enable-logind option to use logind instead of utmp in pam_issue and pam_timestamp.
• pam_modutil_getlogin: changed to use getlogin() from libc instead of parsing utmp.
• Added libeconf support to pam_env and pam_shells.
• Added vendor directory support to pam_access, pam_env, pam_group, pam_faillock, pam_limits, pam_namespace, pam_pwhistory, pam_sepermit, pam_shells, and pam_time.
• pam_limits: changed to not fail on missing config files.
• pam_pwhistory: added conf= option to specify config file location.
• pam_pwhistory: added file= option to specify password history file location.
• pam_shells: added shells.d support when libeconf and vendordir are enabled.
• Deprecated pam_lastlog: this module is no longer built by default because it uses utmp, wtmp, btmp and lastlog, but none of them are Y2038 safe, even on 64bit architectures. pam_lastlog will be removed in one of the next releases, consider using pam_lastlog2 (from ​https://github.com/thkukuk/lastlog2) and/or pam_wtmpdb (from ​https://github.com/thkukuk/wtmpdb) instead.
• Deprecated _pam_overwrite(), _pam_overwrite_n(), and _pam_drop_reply() macros provided by _pam_macros.h; the memory override performed by these macros can be optimized out by the compiler and therefore can no longer be relied upon.
• Multiple minor bug fixes, portability fixes, documentation improvements, and translation updates.

[Xi Ruoyao]

I've installed it but I don't think it's related to the recent systemd -ftrivial-auto-var-init=zero issue.

[Tim Tassonis]

I can take this, I would however not check the systemd/elogind stuff.

[Tim Tassonis]

Fixed in commit 516e46e3fa

[Bruce Dubbs]

Milestone renamed