Server IP : 213.176.29.180 / Your IP : 3.128.205.187 Web Server : Apache System : Linux 213.176.29.180.hostiran.name 4.18.0-553.22.1.el8_10.x86_64 #1 SMP Tue Sep 24 05:16:59 EDT 2024 x86_64 User : webtaragh ( 1001) PHP Version : 7.4.33 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON Directory (0755) : /sbin/../share/modulefiles/../doc/kexec-tools/../libXt/../python3-decorator/../libuser/ |
[ Home ] | [ C0mmand ] | [ Upload File ] |
---|
0.62: * Fixed security vulnerabilities: * \n characters were allowed in files/shadow fields (CVE-2015-3245) * Non-atomic file updates in files/shadow module (CVE-2015-3246) Thanks to Qualys for reporting these issues. * The files and shadow modules now use a shadow-utils compatible scheme (primarily lckpwdf()). 0.61: * Python 3 is now supported. Consistent with the Python 3 C API and its prevailing usage, only UTF-8 locales work. Note that importing libuser in non-UTF-8 locales will fail in Python 3. * The Python extension now requires Python 2.7. * Translations are now maintained in https://fedora.zanata.org/ . * tests/fs_test can be edited to truly perform operations as root, without fakeroot. * sgml2txt is no longer required for building from the released tarball. * Miscellaneous bug fixes and cleanups, primarily in the Python extension. 0.60: * New functions lu_homedir_remove_for_user() and lu_homedir_remove_for_user_if_owned(). * libuser's pkg-config file no longer refers to internally-used libraries. glib-2.0 and gobject-2.0 are still included because they are required to use the API anyway. * When setting dates in shadow fields, avoid the special value 0 if the clock is incorrect. * Miscellaneous cleanups. 0.59: * Fixed security vulnerabilities: * Race conditions in copying and removing home directories (CVE-2012-5630) * Information disclosure when moving users' home directory (CVE-2012-5644) Related changes: - INCOMPATIBLE API CHANGES: lu_homedir_move() and lu_homedir_populate() will refuse to use a pre-existing directory as a destination. - setuid/setgid bits are now preserved when copying regular files in home directories (from /etc/skel or when moving a home directory) * Empty fields in /etc/shadow are now treated as "missing", like libc does. * Specific values of the attributes can be used to represent "missing data". * lchage(1) now handles missing fields on both input and output. * Refuse to build when secure_getenv() is not available. * Miscellaneous bug fixes and cleanups. 0.58 * API enhancements: * New helpers for attribute access replace 4-5 function calls with 1: lu_ent_get_first_{string,id,value_strdup}(), lu_ent_set_{string,id,long}() * New header <libuser/fs.h>, providing lu_homedir_{populate,move,remove}, lu_nscd_flush_cache(), and lu_mail_spool_{create,remove}. * lu_users_enumerate_by_group_full() and lu_groups_enumerate_by_user_full() are now fully supported. * New module-private function lu_util_append_values(). * Documented that LU_*PASSWORD should not be manipulated directly. * deleteUser in Python bindings now removes the mail spool instead of creating it. * New warning in libuser.conf.5 about storing a LDAP password in system-wide configuration. * Module interface ABI has changed. * Miscellaneous bug fixes and cleanups, quite a few memory leaks fixed. 0.57.7 * lu_users_enumerate_by_group_full() added, implemented ONLY for LDAP for now. Related functions and functionality in other modules will be added later. Applications are advised to NOT USE these functions yet. * group/user list by name of a user/group now returns an error if the user/group was not found. The Python bindings enumerateUsersFull and enumerateGroupsFull no longer crash in this situation. * Updated translations. 0.57.6 * Make it possible to use ldapi: URLs by not trying to use TLS (based on a patch by <davide.principi@nethesis.it>). * Hopefully fix races in test suite, causing failures on slower computers. * Mark --help messages for translation and improve them a bit. * Update translations. 0.57.5 * Update translations. 0.57.4 * Don't crash when a database file size is a multiple of page size. * Miscellaneous bug fixes and cleanups. 0.57.3 * Don't assume user/group IDs start at 500 in Python getFirstUnusedGid and getFirstUnusedUid. * Preserve S_ISGID and other bits when copying directories from /etc/skel. * Deprecate lu_*_t typedefs: use {struct,enum} lu_* instead. * Update to build with recent gtk-doc. 0.57.2 * Fix adding LDAP users with empty gecos. * Correctly preserve algorithm used to hash an LDAP password when changing it. * Don't hard-code ports used in the test suite (to allow parallel development and builds). * Miscellaneous bug fixes. 0.57.1 * Fix a crash when a module refuses to load with a warning (e.g. the "shadow" module when /etc/shadow is not present) 0.57 * Resolve an ambiguity about "password" value format that could cause setting a known plaintext password in LDAP accounts: the "files"/"shadow" and LDAP modules may not be used together any more, and the module interface ABI has changed to support this. * Don't authenticate the user (in lchfn, lchsh, lpasswd) if the application is not set*id and it does not need elevated privileges. In particular, this allows the above programs to be used for LDAP administration by unprivileged users. * Change default crypt_style to sha512. * Don't abort on invalid ID values. * Miscellaneous bug fixes. 0.56.18 * Update translations. 0.56.17 * New Python constant VALUE_INVALID_ID and function validateIdValue. * Update translations. 0.56.16 * Update translations. 0.56.15 * Update translations. 0.56.14 * Use dgettext() inside the library. * Allow passing passwords using a pipe. * Allow specifying the LDAP password in a config file (patch by Rob Myers <rob.myers@gtri.gatech.edu>). 0.56.13 * Report error in lid if the specified name does not exist. * Don't default a home directory to a path that contains a "." or ".." component derived from the user name (explicitly specified home directories that contain such components are accepted). * Detect naming conflicts when renaming an entry in the "files" or "shadow" module. * Add new arguments to luseradd and lusermod, to support creating and modifying LDAP user entries with the inetOrgPerson objectClass. 0.56.12 * Update translations. 0.56.11 * Remove user's mail spool as well in (luserdel -r). * Refuse GID and UID values (id_t)-1. * Verify name validity when renaming an entity. * Fix flushing of nscd cache by luser* utilities. 0.56.10 * Prohibit entity values that contain ':' in the files and shadow module (except for the last field on the line). * Don't corrupt LDAP passwords that use an unsupported password encryption scheme. * When the user name is used as a default group name, don't interpret it as a number. * Minor test suite and man page fixes. 0.56.9 * Warn in lusermod if changing a primary group ID to a group that does not exist. (#1) * Fix pastos in man pages. 0.56.8 * New home page at https://fedorahosted.org/libuser/ . 0.56.7 * Fix a crash with disabled SELinux * Add support for SHA256 and SHA512 in password hashes. * Fix file locking on some architectures * Remove default.-c, moving the provided functions to libuser proper. 0.56.6 * Set SELinux file contexts when creating home directories and preserve them when moving home directories 0.56.5 * Work around spurious error messages when run against the Fedora Directory server * Fix error reporting when creating home directories and creating / removing mail spool files 0.56.4 * Update the last password change date field when changing passwords. 0.56.3 * Allow specifying a SASL mechanism (#240904, original patch by Simo Sorce). 0.56.2 * Update translations 0.56.1 * When changing passwords, only silently ignore known shadow markers, not all invalid hashes 0.56 * Document the correct types used for attribute values. Use these types for parsing, to avoid corrupting number-like strings, e.g. '07' -> 7; this expands the API requirements * Miscellaneous bug fixes, optimizations and cleanups; module interface ABI has changed 0.55 * Remove the quota library and Python module. It doesn't even compile and has no known users. * Add support for the 64-bit API of Python 2.5 * Minor cleanups 0.54.8 * Add importing of HOME from default/useradd. 0.54.7 * Update translations 0.54.6 * Fix bugs in handling of invalid lines in the files and shadow modules. * Fix pattern matching in lu_*_enumerate_full in the files and shadow modules. * Add more error reporting, return non-zero exit status on error from utils. * Use the skeleton directory specified in libuser.conf by Python admin.createHome and admin.addUser, add parameter skeleton= to admin.addUser. 0.54.5 * Don't reference @pkglibdir@ in libuser.conf.5 to avoid multilib file conflicts. 0.54.4 * Fix compilation with pre-C99 compilers (#179385, patch by Dan Yefimov). * Allow building without Python (#179384, original patch by Dan Yefimov). 0.54.3 * Fix a crash when lpasswd is run without specifying an user name 0.54.2 * Avoid using deprecated openldap functions 0.54.1 * Support for importing of configuration from shadow (/etc/login.defs and /etc/default/useradd) * New libuser.conf(5) man page * Minor cleanups and bug fixes all over the code 0.54 * Make sure attributes with no values can never appear * Fix crash in the "files" module when an attribute is missing * Use hidden visibility for internal functions, remove them from libuser/user_private.h; this changes module interface ABI * Miscellaneous source code simplifications 0.53.8 * Permit "portable" user and group names as defined by SUSv3, plus trailing $ * Disable building static libraries by default * Miscellaneous build machinery improvements 0.53.7 * Add missing translations * Update translations 0.53.6 * Allow empty configuration values. 0.53.5 * Ignore nss_compat lines in the "files" module. * Autodetect Python version. 0.53.4 * Fix adding of objectclasses to LDAP user accounts. 0.53.3 * Handle more I/O failures. 0.53.2 * Important bug fixes in lchage, lgroupmod, lnewusers and lusermod; minor bug fixes in lpasswd and luseradd. * Add man pages for the utilities. 0.53.1 * Export UT_NAMESIZE from <utmp.h> to Python 0.53 * Support UID and GID values larger than LONG_MAX (#124967) * Fix updating of groups after user renaming in lusermod * Allow setting a shadow password even if the current shadow password is invalid (#131180) * Add lu_{user,group}_unlock_nonempty (#86414); module interface ABI has changed * Miscellaneous bug and memory leak fixes 0.52.6 * Mark more strings for translation * Make error reporting more consistent and more verbose, output error messages on stderr. * Port sasldb backend to Cyrus SASL v2, make it at least minimally usable 0.52.5 * Fix home directory renaming in ADMIN.modifyUser (#135280) * Further Python reference counting fixes 0.52.4 * Memory leak fixes 0.52.3 * Fix compilation without libuser headers already installed (#134085) 0.52.2 * Allow LDAP connection using ldaps, custom ports or without TLS (original patch from Pawel Salek). 0.52.1 * Fix freecon() of uninitialized value in files/shadow module 0.52 * Usable LDAP backend * Miscellaneous bug fixes 0.51.12 * Don't claim success and exception at the same time (#133479) * LDAP fixes, second round * Various other bug fixes 0.51.11 * Allow documented optional arguments in Python ADMIN.{addUser,modifyUser,deleteUser} (#119812) * Add man pages for lchfn and lchsh * LDAP fixes, first round * Avoid file conflict on multilib systems * Call ldconfig correctly 0.51.10 * Don't attempt to lookup using original entity name after entity modification (rename in particular) (#78376, #121252) * Fix copying of symlinks from /etc/skel (#87572, original patch from gLaNDix) * Make --enable-quota work, and fix the quota code to at least compile (#89114) * Fix several bugs (#120168, original patch from Steve Grubb) * Don't hardcode python version in spec file (#130952, from Robert Scheck) * Properly integrate the SELinux patch, it should actually be used now, even though it was "enabled" since 0.51.7-6 0.51.9 * Fix various typos * Document library interfaces * Build all shared libraries with -fPIC (#72536) 0.51.8 * Update to build with latest autotools and gtk-doc * Update ALL_LINGUAS and POTFILES.in * Rebuild to depend on newer openldap 0.51.7-7 * fix is_selinux_enabled call 0.51.7-3 * Add SELinux support 0.51.7 * ldap: set error codes correctly when we encounter failures initializing * don't double-close modules which fail initialization * ldap: don't set an error in cases where one is already set 0.51.6 * use a crypt salt consistent with the defaults/crypt_style setting when setting new passwords (#79337) 0.51.5 * expose lu_get_first_unused_id() as a package-private function * provide libuser.ADMIN.getFirstUnusedUid and libuser.ADMIN.getFirstUnusedGid in python 0.51.4 * fix not freeing resources properly in files.c(generic_is_locked), spotted by Zou Pengcheng 0.51.2 * degrade gracefully * build with --with-pic and -fPIC * remove unpackaged man page 0.51.1-2 * translation updates 0.51.1-1 * doc updates -- cvs tree moved * language updates * disallow weird characters in account names * automated rebuild 0.51 * files: ignore blank lines in files * libuser: disallow creation of accounts with names containing whitespace, control characters, or non-ASCII characters 0.50.2 * refresh translations * fix a heap-corruption bug in the python bindings 0.50 * bump version * refresh translations 0.49.102 * ldap: cache an entity's dn in the entity structure to try to speed things up 0.49.101-2 * add missing buildreqs on cyrus-sasl-devel and openldap-devel (#59456) * translation refresh 0.49.101-1 * fix python bindings of enumerateFull functions * adjust prompter wrapping to not error out on successful returns 0.49.100 * be more careful about printing error messages * fix refreshing after adding of accounts * ldap: try to use a search to convert names to DNs, and only fall back to guessing if it turns up nothing * files: fix an off-by-one in removal of entries 0.49.99 * refresh translations * fix admin() constructor comments in the python module 0.49.98 * automatically refresh entities after add, modify, setpass, removepass, lock, and unlock operations * remove debug spewage when creating and removing mail spools * files: fix saving of multi-valued attributes * rename MEMBERUID attribute for groups to MEMBERNAME 0.49.97 * files: fix bug in removals * ldap: revert attempts at being smart at startup time, because it makes UIs very messy (up the three whole dialogs just to start the ldap stuff!) 0.49.96 * fix thinko in dispatch routines 0.49.95 * lgroupmod: fix thinko 0.49.93 * move shadow initialization for groups to the proper callback * rework locking in the files module to not require that files be writable * expose lu_strerror() * add various typedefs for types used by the library 0.49.92 * add removepass() functions * lchfn,lchsh,lpasswd - reorder PAM authentication calls * include API docs in the package 0.49.91 * ldap: finish port to new API * sasl: finish port to new API (needs test) * libuser: don't commit object changes before passing data to service functions which might need differing data sets to figure out what to change (for example, ldap) 0.49.90 * bind the internal mail spool creation/removal functions for python * renamed the python module * revamped internals to use gobject's gvalues and gvaluearrays instead of glists of cached strings * add enumeration-with-data functions to the C library * require linuxdoc-tools instead of sgml-tools for rawhide * fixup build files to allow building for arbitrary versions of python 0.32 * link the python module against libpam * attempt to import the python modules at build-time to verify dependencies 0.31 * fix a file-parsing bug that popped up in 0.29's mmap modifications 0.30 * quotaq: fix argument order when reading quota information * user_quota: set quota grace periods correctly * luseradd: never create home directories for system accounts * add da translation files * update translations 0.29 * add an explicit build dependency on jade (for the docs) * HUP nscd on modifications * userutil.c: mmap files we're reading for probable speed gain * userutil.c: be conservative with the amount of random data we read * docs fixes 0.28 * apps: print usage on errors * lnewusers.c: initialize groups as groups, not users * lnewusers.c: set passwords for new accounts * luseradd.c: accept group names in addition to IDs for the -g flag * luseradd.c: allow the primary GID to be a preexisting group 0.27 * add ko translation files * files.c: fix a heap corruption bug in lock/unlock (#51750) * files.c: close a memory leak in reading of files * files.c: remove implementation limits on lengths of lines 0.26 * lusermod: change user name in groups the user is a member of during renames * lgroupmod: change primary GID for users who are in the group during renumbers * ldap.c: handle new attributes more gracefully if possible * add ru translation files 0.25.1 * rename the quota source files to match the library, which clears up a file conflict with older quota packages * add ja translation files * add lu_ent_clear_all() function 0.25 * close up some memory leaks * add the ability to include resident versions of modules in the library 0.24-4 * fix incorrect Py_BuildValue invocation in python module 0.24-3 * stop leaking descriptors in the files module * speed up user creation by reordering some checks for IDs being in use * update the shadowLastChanged attribute when we set a password * adjust usage of getXXXXX_r where needed * fix assorted bugs in python binding which break prompting 0.23 * install sv translation * make lpasswd prompt for passwords when none are given on the command line * make sure all user-visible strings are marked for translation * clean up some user-visible strings * require PAM authentication in lchsh, lchfn, and lpasswd for non-networked modules * print uids and gids of users and names in lid app * fix tree traversal in users_enumerate_by_group and groups_enumerate_by_users * implement enumerate_by_group and enumerate_by_user in ldap module * fix id-based lookups in the ldap module * implement islocked() method in ldap module * implement setpass() method in ldap module * add lchfn and lchsh apps * add %d substitution to libuser.conf 0.21 * finish adding a sasldb module which manipulates a sasldb file * add users_enumerate_by_group and groups_enumerate_by_users * luserdel: remove the user's primary group if it has the same name as the user and has no members configured (-G disables) * fixup some configure stuff to make libuser.conf get generated correctly even when execprefix isn't specified 0.20 * only call the auth module when setting passwords (oops) * use GTrees instead of GHashTables for most internal tables * files: complain properly about unset attributes * files: group passwords are single-valued, not multiple-valued * add lpasswd app, make sure all apps start up popt with the right names 0.18 * actually make the new optional arguments optional * fix lu_error_new() to actually report errors right * fix part of the python bindings * include tools in the binary package again * fixup modules so that password-changing works right again * add a "key" field to prompt structures for use by apps which like to cache these things * add an optional "mvhomedir" argument to userModify (python) 0.16.1 * finish home directory population * implement home directory moving * change entity get semantics in the python bindings to allow default values for .get() * add lu_ent_has(), and a python has_key() method to Entity types * don't include tools in the binary package * add translated strings * lib/user.c: catch and ignore errors when running stacks * lusermod: fix slightly bogus help messages * luseradd: when adding a user and group, use the gid of the group instead of the user's uid as the primary group * properly set the password field in user accounts created using auth-only auth modules (shadow needs "x" instead of "!!") * implement home directory removal, start on population * fix group password setting in the files module * setpass affects both auth and info, so run both stacks * make the testbed apps noinst * fix errors due to uninitialized fields in the python bindings * add kwargs support to all python wrappers * add a mechanism for passing arguments to python callbacks * stub out the krb5 and ldap modules so that they'll at least compile again * don't bail when writing empty fields to colon-delimited files * use permissions of the original file when making backup files instead of 0600 * finish implementing is_locked methods in files/shadow module * finish cleanup of the python bindings * allow conditional builds of modules so that we can build without all of the prereqs for all of the modules * add error reporting facilities * split public header into pieces by function * backend cleanups * make %{name}-devel require %{name} and not %{name}-devel * clean up quota bindings some more * finish most of the ldap bindings * fix a subtle bug in the files module that would show up when renaming accounts * fix mapping methods for entity structures in python * get bindings for prompts to work correctly * clean up some of the add/remove semantics (set source on add) * ldap: implement enumeration * samples/enum: fix the argument order * clean up python bindings for quota 0.11 * finish up python bindings for quota support * finish up quota support libs * start quota support library to get some type safety * start looking at quota manipulation * add functions for enumerating users and groups, optionally per-module * lusermod.c: -s should specify the shell, not the home directory 0.10 * finish the python bindings and verify that the file backend works again * remove a redundant check which was breaking modifications * finish adding setpass methods 0.9 * get a start on some Python bindings 0.8.2 * make binary-incompatible change in headers 0.8.1 * add doxygen docs and a "doc" target for them 0.8 * add a "quiet" prompter * add --interactive flag to sample apps and default to using quiet prompter * ldap: attempt a "self" bind if other attempts fail * krb5: connect to the password-changing service if the user principal has the NULL instance * the great adding-of-the-copyright-statements * take more care when creating backup files in the files module 0.7 * add openldap-devel as a buildprereq * krb5: use a continuous connection * krb5: add "realm" config directive * ldap: use a continuous connection * ldap: add "server", "basedn", "binddn", "user", "authuser" config directives * ldap: actually finish the account deletion function * ldap: don't send cleartext passwords to the directory * fix naming attribute for users (should be uid, not gid) * refine the search-by-id,convert-to-name,search-by-name logic * fix handling of defaults when the config file is read in but contains no value * implement an LDAP information store * try to clean up module naming with libtool * luseradd: pass plaintext passwords along * luseradd: use symbolic attribute names instead of hard-coded * lusermod: pass plaintext passwords along * lgroupadd: pass plaintext passwords along * lgroupmod: pass plaintext passwords along * add libuser as a dependency of libuser-devel 0.6 * See changelog in libuser.spec.in from here on. 0.5 * Implemented the krb5 back-end (user add, modify, delete only). * Lookups in the files module use O_RDONLY instead of O_RDWR. 0.4 * Modify lu_start prototype and add semantics for non-superuser use (we'll need this later). 0.3 * Remove recursive account locking from the files/shadow module. * Fixup popt help text. * Remove dependency on krb5 profile sublibrary for reading config files. 0.2 * Implemented prompting. * Added macros for LU_USERNAME and LU_GROUPNAME, found a bug in the files module while converting to use them. * Switched from getopt() to popt for argument parsing to get autohelp in the various test/demo programs. 0.1 * Finished up most of the internals and the files back-end. * Simple shadow-like programs.