[d00270]: doc / news.txt  Maximize  Restore  History

Download this file

877 lines (693 with data), 28.0 kB

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
For details, see the history as recorded in the git repository.
HEAD
====
v2.15 (2014-12-01)
==================
Changes:
* util-linux >= 2.20 is required at runtime
(just mentioning it again; it was already needed for building)
* use the helper= option to get umount.crypt invoked on calling umount
* remove unsupported -p0 mount option
* fix a crash in ehd_log
v2.14 (2013-08-27)
==================
Enhancements:
- pam_mount: add an "allow_discard" option for volumes to enable
trim support on the block device without enabling it for the filesystem.
- config: regexes can now be used for the <user> and <group> configuration
options
Fixes:
- fix "feature 1 already set to zero"
- pmt-ehd: avoid miscalculating blockdev size obtained from BLKGETSIZE64
- pam_mount: give more verbose output on "unknown digest/cipher"
- pam_mount: fix crash when an unknown digest/cipher was specified
- pam_mount: correctly mkdir mountpoint if requested
- pam_mount: only remove mountpoint if actually created
- config: restore DOMAIN_USER and DOMAIN_NAME expansion in mount options
Changes:
- Complain louder when EUID is not 0
- Make CIFS mounts work again after util-linux option parser update.
util-linux has received updates to its option parser in or around
v2.22, and pam_mount was incorrectly using the "user" moutn option
to specify a username; the proper option is, of course, "username".
(as in: <volume fstype="cifs" ... options="username=someoneelse" />)
- Make Winbind user logins (DOMAIN\user) work with cifs-utils > 5.5
v2.13 (2011-12-15)
==================
Fixes:
- pam_mount: restore keyfile support for non-crypto mounts
(useful for accessing volumes with a different password than the login one)
Changes:
- pam_mount: use libmount for utab/mtab operations
- Move crypto code into a separate library, libcryptmount
rather than including the .o files in every executable
Enhancements:
- mount.crypt: add support for crypto name mapping (new -o crypto_name= option)
v2.12 (2011-10-06)
==================
Fixes:
- build: make build of pmt-ehd dependent upon HAVE_LIBCRYPTSETUP
- mount.crypt: restore support for files >= 4 GB
Changes:
- config: default to calling umount.crypt directly
v2.11 (2011-08-07)
==================
Fixes:
- mount.crypt: fix a bogus "realpath (null): ..." message when trying to
umount a non-existing directory
- mount.crypt: make -v option on umount work again
Changes:
- support for old encfs 1.3.x has been removed
- mount.crypt: print the location of cmtab/smtab and its contents
when an entry was not found
- mount.crypt: add diagnostic to determine how the smtab entry was found
- mount.crypt: do not call lower-level helpers with -n option
(there are setups where that has no effect anyway)
- mount.crypt: do not call lower-level helpers with -i option
- mount.crypt: use /run directory to store cmtab
- pmvarrun: use /run/pam_mount directory
- pmt-ehd: exclusively create LUKS partitions from now on
Enhancements:
- config: allow specifying CIFS/NCP/NFS <volume>s without a "server" attribute
v2.10 (2011-04-15)
==================
Fixes:
- loop-linux: wait for loop device deallocation to succeed
- crypto: avoid premature attempt of unloading the loop device
- mtab: cope with mtab-less systems in staleness check
Changes:
- mount.crypt: reduce mtab-less message from error to warning
v2.9 (2011-04-06)
=================
Fixes:
- build: fix configure --without-crypt{o,setup}
Changes:
- mount.crypt: warn of unwritable /etc/mtab
Enhancements:
- debug: print /proc/self/mountinfo when available (and avoid df)
- pam_mount: support mounting files with bind/move
v2.8 (2010-12-22)
=================
Fixes:
- config: options need to have a space for mount.fuse
- pam_mount: fix truncation of groups on FUSE mounts
Changes:
- pam_mount: reimplement mkmountpoint
- pam_mount: remove mountpoint early when mount failed
v2.7 (2010-12-01)
=================
Changes:
- conf: %(shell EXPR) is now activated and usable from the global config file
v2.6 (2010-10-30)
=================
Fixes:
- pam_mount: up the refcount once freeconfig is live
Changes:
- remove shipped copy of ofl, use hxtools's original variant
- remove shipped copy of fd0ssh, use hxtools's original variant
v2.5 (2010-08-10)
=================
Changes:
- mount.crypt: fix incorrect processing of binary files in keyfile passthrough
- call mount.crypt by means of mount -t crypt (selinux), same for umount
- reorder the default path to search in /usr/local first, then /usr, /
- config: add missing fd0ssh command to restore volumes using ssh
- ofl is now run as a separate process (selinux policy simplification)
v2.4 (2010-06-26)
=================
Notes:
- see doc/bugs.txt for cryptsetup behavior that impacts
pam_mount users since version 2.0
- recommending use of device-mapper >= 1.02.48 to avoid a race
Fixes:
- umount.crypt: fix use of a wrong field for smtab/cmtab staleness check
Changes:
- make libcryptsetup truly optional at compile-time
(it was only claimed in the doc, but not fully realized until now)
- make libcrypto truly optional at compile-time
(this had once worked in pam_mount 0.x, now it does again)
v2.3 (2010-05-19)
=================
Fixes:
- umount.crypt had erroneously mounted instead of umounted
v2.2 (2010-05-16)
=================
Fixes:
- mount.crypt: fix memory scribble crash when crypto device could
not be initialized
- mount.crypt: do not fail when unlocking key slot other than #0
- fusermount is now called with supplementary groups initialized
- rdconf: do not warn about missing fskeyhash when no fskey specified
- mount: prefer sysv mount API over bsd
- pmt-ehd: reword help text for -k option
- pmt-ehd: apply default value for -k option
- pmt-ehd: fix fskey generation which was pegged at 256 bits
- pmt-ehd: avoid needless overtruncation/sparsifying
- pmt-ehd: zero LUKS header to avoid setup failure of PLAIN volume
Changes:
- pmt-ehd: speed up writing random data
- pmt-ehd: reword help text for -k option
- mount.crypt: ignore cmtab update errors
- mount.crypt: add support for keyfile passthru using -ofsk_cipher=none
- doc: document mount.crypt's -o hash option
- mount.crypt: warn on ignored options
v2.1 (2010-05-02)
=================
Fixes:
- config: rdconf1 static data had unclosed %(if) tags
- config: rdconf1 static data had extraneous %(OPTIONS) parameter
v2.0 (2010-04-20)
=================
Changes:
- mount.crypt: make use of libcryptsetup
- cmtab is now stored below localstatedir (usually /var/run)
- use HXformat2. This invalidates old constructs like %(before=\"-o\"...),
which need to be replaced with the new syntax. (See below.)
In general, the old syntax was only used by commands Note to updaters: As the
old syntax %(after=...) %(before=...) %(ifempty=...) %(ifnempty=...)
%(lower=...) %(upper=...) only appeared in commands, and commands are not part
of the default config file anymore since v1.0~15^2~15, there should be little
worry. The configuration options in question are <cifsmount>, <cryptmount>,
<cryptumount>, <fd0ssh>, <fsck>, <fusemount>, <fuseumount>, <lclmount>,
<nfsmount>, <ncpmount>, <ncpumount>, <pmvarrun>, <smbmount>, <smbumount>
<umount> and should normally not be needed in pam_mount.conf.xml.
v1.36 (2010-04-13)
==================
Changes:
- cope better with cryptsetup's assumption that keysize=256
- augment doc/bugs.txt about caveats with cryptsetup create
v1.35 (2010-04-10)
==================
Fixes:
- avoid a mlock(NULL) when there is no auth token
Changes:
- print error code when mkmountpoint failed
- print warning when cmtab is not creatable
v1.34 (2010-04-08)
==================
Changes:
- update for libHX 3.4
Fixes:
- do decrease the login refcount on logout when no volumes are defined
v1.33 (2010-01-10)
==================
Fixes:
- avoid multi-free of auth token when pam_mount is rerun in a PAM stack
- avoid NULL dereference when there is an empty line in mtab
v1.32 (2009-09-21)
==================
Fixes:
- luserconf: fix skipping luser volume mounting
- config: allow arbitrary source paths for tmpfs
v1.31 (2009-09-02)
==================
Fixes:
- pam_mount: fix a potential strlen(NULL) on login
v1.30 (2009-08-27)
==================
Fixes:
- pam_mount: avoid crash in sudo by not calling setenv() with NULL
- pam_mount: unwind krb5 environment info at the right time
- umount.crypt: do not remove entry from /etc/mtab twice
- doc: mount.crypt has no defaults for fsk_cipher and fsk_hash
- doc: pmt-ehd defaults to using SHA1 hash
- doc: mention preferred location of <debug>
Changes:
- config: move <debug> to top
Enhancements:
- luserconf: delayed parsing and mounting of luserconf volumes
v1.27 (2009-07-01)
==================
Changes:
- mounting: stdout from mount programs is now discarded
v1.26 (2009-06-19)
==================
Fixes:
- config: do parse <cryptumount> elements from .xml
Enhancements:
- mount: pass fstype to NFS mount program
- config: map "nfs4" fstype to NFSMOUNT
- pam_mount: PAM function return code audit
- config: warn about ignored "server" attribute in <volume>
- config: print error message on config file syntax error
v1.25 (2009-05-09)
==================
Fixes:
- fix splitting of "NTDOMAIN\username" strings
Enhancements:
- config: broaden variable expansion to resolve a case where it
did not do expected expansion with AUFS
v1.24 (2009-04-23)
==================
Fixes:
- src: fix one uninitialized value
- mount.crypt: write options, not "defaults" to /etc/mtab
- mount.crypt: keysize truncation must happen later
v1.22 (2009-04-05)
==================
Changes:
- mount.crypt: pass -o ro/rw down to mount program
- mount.crypt: support for -o remount
- mount.crypt: support overriding keysize
v1.21 (2009-05-17)
==================
Fixes:
- mount.crypt: must pass -s option to cryptsetup
(otherwise its odd default of truncating the key kicks in)
Documentation:
- mount.crypt: add "Deprecated Mount options" section to manpage
v1.20 (2009-03-01)
==================
Fixes:
- pam_mount: fix a double free that can happen when stale entries are in cmtab
- pam_mount: first-time overriding of mntoptions failed to work
v1.19 (2009-02-27)
==================
Fixes:
- pmvarrun: do not segfault when no username is specified (corner-case)
- pmvarrun: recognize internal _PMT_DEBUG_LEVEL env var
- mtab: automatically ignore and remove stale entries from cmtab
- pam_mount: fix unexpected termination after pam_mount ran
- doc: list support contacts in man page
v1.18 (2009-02-07)
==================
Fixes:
- mount.crypt: warn on insecure ciphers/hashes
- pam_mount: fix case-insensitive sgrp matching for <volume>
- pam_mount: additional safety check for NULL 'converse' structs
- doc: add sudo to the Known Bugs list
v1.17 (2009-01-26)
==================
Fixes:
- mount.crypt: resolve valgrind warnings (incapability to umount)
- mount.crypt: correct exit status on mount
- mtab: do not fail if file not found
- pam_mount: look into cmtab when checking for already-mounted volumes
Features:
- ports: FreeBSD loop device (MD) support
- ports: NetBSD loop device (VND) support
- ports: NetBSD crypto device (CGD) support
v1.16 (2009-01-24)
==================
Fixes:
- nucrypt2: resolve compiler warnings
- nucrypt2: avoid NULL deref in pmt_cmtab_add
- mount.crypt: avoid random deref in bogus printf
- mount.crypt: only use mount -i on __linux__
- mount.crypt: avoid umount attemps when not mounted
v1.15 (2009-01-23)
==================
Enhancements:
- mount.crypt: use /etc/cmtab file to keep crypto mount info
Fixes:
- mount.crypt/pmt-ehd: flush tty input queue before prompting for password
v1.10 (2009-01-22)
==================
Fixes:
- crypto: add missing return statements during loop+crypto setup
- pmt-ehd: fix return statements
- ehd: do not feed password's '\0' into openSSL
v1.9 (2009-01-13)
=================
Fixes:
- umount was called on anything but the last session
- ofl: fix per-task fd lookup (again)
- luserconf: re-enforce three-wall option checks
Changes:
- doc: remove old use_first_pass from doc
- doc: add version string and reldate to manpages
v1.8 (2009-01-07)
=================
- doc: add manpage aliases crypt{,o}_LUKS
- mount.crypt: fix return code regression
- logging: <debug> should not turn off errors
- src: traverse non-whitespace properly, check for '\0'
- pam_mount: fix segfault in case of an undefined converse function (e.g. cron)
- mount.crypt: fix segfault when password is NULL
- umount.crypt: fix segfault when path is not mounted
Enhancements:
- ports: pam_mount.so compiles on FreeBSD (7.1)
v1.7 (2009-01-01)
=================
Fixes:
- spawns: correctly interpret return codes when signalled
- pmt-ehd: fix a wrong return value in the error path
- src: close some leaking fds
- src: resolve memory leaks from HXformat use
- mount.crypt: continue on umount errors
- rdconf: silence debug messages if debug turned off
Changes:
- signals: block SIGPIPE during the entire pam_mount run time
- signals: use refcounted SIGCHLD
- src: use libHX 2.2's proc interface
v1.6 (2008-12-27)
=================
- update to libHX 2.0
- block-linux: close a leaking fd
- config: optionally install DTD and instructions for verification
- config: resynchronize DTD with XML
- build: autotools fixes, make `make dist` work
- pam_mount.so now builds on BSD
v1.5 (2008-12-07)
=================
- mount.crypt: support fsck mount option
v1.4 (2008-11-24)
=================
- mount.crypt: fix is_luks detection
- mount.crypt: add warnings for unneeded/unsupported options
- build: supply "crypto_LUKS" fstype symlinks
v1.3 (2008-11-16)
=================
- ofl: fix per-task fd lookup
- mount.crypt: -v takes no argument
- mount.crypt: use original container name as dmdevice name
- mount.crypt: reduce output on wrong password
- mount.crypt: only require -o cipher when really needed
- always proceed with mount even when a password is missing
v1.2 (2008-10-23)
=================
- pmt-ehd: autodetect size for block devices
- config: add missing %(CIPHER) to CMD_CRYPTMOUNT command line
- mount.crypt: allow -v to be set through -o verbose too
(that way you can enable it per-<volume>)
- mount.crypt: pass -c to cryptsetup also for LUKS
- config: expand placeholders in the <volume options="..."> attribute
- config: make %(GROUP) variable working
v1.1 (2008-10-20)
=================
- config: fix unfortunate inversion in user_in_sgrp
- config: fix unintentional inversion in mntoptions deny processing
- mount.crypt: allow specification of a hash alg
- pmt-ehd: add -D option for debugging
- mount.crypt: propagate -o fstype=x to mount(8)
- pmt-ehd: double-ask for password
- config: remove bogus user check for ncpfs
- pmt-ehd: fix segfault when using -c option
- pmt-ehd: add -h option to pick hash for key derivation
- pmt-ehd: default to using SHA1 for hash
- mount.crypt: do not default to any cipher/hash
- pmt-ehd: print <volume> line after creation
- config: introduce <volume fskeyhash=""> attribute
- config: introduce <volume cipher=""> attribute
v1.0 (2008-10-12)
=================
- convert_pam_mount_conf.pl: ignore unknown commands
- fix leftover assertion in crypto.c
- remove legacy truecrypt 4.x support
- deprecate cryptoloop (unsafe for journalled fs)
- remove BSD mntcheck code
- remove BSD mntagain leftovers
- remove BSD mount_ehd/vnconfig scripts
- remove code that set up a loop device for fsck
(fsck can operate on normal files)
- new crypto helper: pmt-ehd replaces scripts/mkehd
- new crypto helper: mount.crypt is now a proper program
- add %(GROUP) variable
- remove convert_pam_mount.conf.pl
v0.49 (2008-10-07)
==================
- convert_pam_mount_conf.pl: ignore unknown commands
- fix leftover assertion in crypto.c
- remove legacy truecrypt 4.x support
- deprecate cryptoloop (unsafe for journalled fs)
- revert "mount.crypt: default to aes-cbc-essiv:sha256/sha512"
- fix invalid pointer causing crash on fskey decryption
v0.48 (2008-09-10)
==================
- upgrade for libHX 1.25
(this fixes a potential crash in the fskey decryption routine)
- move more documentation from pam_mount.conf.xml into pam_mount.conf.5
v0.47 (2008-09-04)
==================
This release incorporates a security fix (item 3 on the list).
All administrators who have enabled <luserconf> in the configuration
file should upgrade. A workaround is to comment out <luserconf>.
- mount.crypt: add missing null command to conform to sh syntax
(SF bug #2089446)
- conf: fix printing of strings when luser volume options were not ok
- conf: re-add luserconf security checks
- add support for encfs 1.3.x (1.4.x already has been in for long)
- conf: add the "noroot" attribute for <volume> to force mounting with
the unprivileged user account (required for FUSE filesystems)
- replace fixed-size buffers and arrays with dynamic ones (complete)
v0.45 (2008-08-31)
==================
- fix double-freeing the authentication token
- use ofl instead of lsof/fuser
- kill-on-logout support (terminate processes that would stand in the
way of unmounting)
- mount.crypt: auto-detect necessity for running losetup
- replace fixed-size buffers with dynamic ones (first part)
v0.44 (2008-08-16)
==================
Bugfixes only.
- mount.crypt: fix option slurping (SF bug #2054323)
- properly handle simple sgrp config items (Debian bug #493497)
- src: correct error check in run_lsof()
- conf: check that slash follows home tilde
- conf: wildcard inadvertently matched root sometimes
v0.43 (2008-07-16)
==================
A few accumulated patches, but no real new glaring features.
- remove davfs support
- pass fsck definition from pam_mount.conf.xml to mount.crypt
- document pam_mount.conf.xml defaults
- do not call fsck from within pam_mount for encrypted devices,
let mount.crypt do it
v0.41 (2008-06-17)
==================
This is a stable release, no new features, bugfixes only.
Fixes regressions found in 0.39 and 0.40. Most important changes:
- bypass /sbin/mount for mount.crypt
- umount.crypt: fix expression syntax for _PMT_DEBUG_LEVEL
- re-add support for user="*" wildcard
- add missing pgrp/sgrp attribute handling for simple user control
- mount.crypt: handle arbitrary argument order
- correct extended sgrp handling
- manpages: add missing description for <fsck>, and reorder <path>
v0.40 (2008-06-11)
==================
- the documentation in pam_mount.conf.xml has been reworked and
split off into pam_mount.conf(5).
- extensive user selection for <volume> (revised)
- case-insensitive matching for user, pgrp, sgrp
- fixed segfault when more than one volume was defined
v0.39 (2008-05-28)
==================
- extended user selection for <volume>
- fix an unwanted inversion for handling <options allow=" (nonempty) ">
- store per-volume option list in ordered form --
essentially fixes the problem of "user" (implies noeexec)
overriding "exec"
v0.38 (2008-05-18)
==================
- fix null pointer deref (from new UID/GID range support)
- mount.crypt uses normal sleep from coreutils again
v0.37 (2008-05-17)
==================
- truecrypt 5.x is not supported because the truecrypt CLI component
that pam_mount requires was removed
- <volume> tag in pam_mount.conf.xml supports UID and GID ranges now
- avoid printing a line of garbage into logs
v0.35.1 (2008-04-10)
====================
- fix HAVE_LIBCRYPTO regression;
crypto was always disabled even if openssl present
v0.35 (2008-04-06)
==================
- mount.crypt: fix loop device detection
- mount.crypt: wait for dm devices to show up
- fixed: mount flag and value were one argument
- pmvarrun: support unprivileged mode
- Support for SSH keyboard-interactive authenticated volumes
- documentation updates
v0.33 (2008-02-22)
==================
- notify about unknown options in /etc/pam.d/*
- support "debug" option for pam_mount in /etc/pam.d/*
- mount.crypt: detect loop devices by major number
- remove trailing comma from mount options
v0.32 (2007-12-06)
==================
- remove unintended zeroing of variable
- rip out mntagain hack
v0.31 (2007-12-01)
==================
Fixed parsing of old-style pam_mount.conf with spaces in group names,
copy-and-paste typos and a missing return value. Added workaround for
CIFS volumes within NFS mounts with "root_squash" option.
- allow --keyfile to be used for non-LUKS too
- add workaround for CIFS mounts within root_squashed NFS
- luksClose is the same as Remove (in umount.crypt)
- fix copy-and-paste error in converter script
- convert "local" fstype entries from old configuration format correctly.
- fixed parsing of old pam_mount.conf with spaces in group names
- fixed: When no volumes were to be mounted, return value
was not PAM_SUCCESS.
v0.29 (2007-09-27)
==================
An uninitialized array and a copy-and-paste error were corrected in
the recently introduced process spawn code.
- explicitly initialize fd array (spawn.c)
- fix a copy-and-paste typo during dup2() (spawn.c)
v0.28 (2007-09-27)
==================
A hotfix for an incorrect printf format specification in pmvarrun.
Also installs config files by default now.
- install pam_mount.conf.xml by default
- add --with-selinux configure option to install selinux files
- fix crash due to printf arguments in pmvarrun.c
v0.27 (2007-09-26)
==================
This release fixes a crash on logout with su by using a fixed $PATH
to work around broken login programs. MSAD usernames are now accepted
in pmvarrun. The libglib dependency has been dropped.
- add luserconf conversion note to convert_pam_mount_conf.pl
- do not print "mount errors" if there won't be any
- allow MSAD usernames (with spaces and backslash) in pmvarrun
- quick-terminate if there is nothing to do on closing session
- fix crash on logout with su (unsigned loop underflow)
- drop libglib dependency
- always use fixed $PATH
v0.26 (2007-09-20)
==================
Luks argument ordering, mountpoint creation as user, and the
converter script were corrected. The "nullok" and --keyfile options
were added.
- revert r290 which incorrectly changed the luks argument order
- --keyfile option added to mount.crypt
- improved error reporting in the config converter script
- do not literally copy the special-meaning single dashes
in converter script
- fix mount.crypt inner shell syntax
- add "nullok" option
- fix a missing user identity switch after mkmountpoint'ing
v0.21 (2007-09-17)
==================
Some mount helpers needed a different option passing method.
Stacking of loop devices is now avoided, and pam_mount will not ask
for a password if no volumes are to be mounted. The documentation has
been updated to include PAM module stacking (e.g. when using pam_ldap
with pam_mount).
- silence unwanted error message (fallout from r240)
- add "Known Bugs and Issues" documentation
- more documentation - How to stack PAM modules without pam_stack
- option passing to some mount helpers needs to be different
- avoid stacking of loop devices
- do not ask for password if no volumes found
v0.20 (2007-09-05)
==================
This release adds extra options regarding pam_mount behavior
(messages and mount points).
- do not use absolute paths, search $PATH instead for programs
- add pam_mount.conf to .conf.xml converter
- "sufficient" keyword documentation
- misc cryptmount fix
- pass down readonly flag to luksOpen
- add option to retain automatically created mountpoints
- create mountpoint as user if possible (e.g. if /home/USER
already exists and your volume is /home/USER/myvol)
- build fixes, making it work OOTB again with FC6 and Autoconf 2.59
- allow changing the password prompt
- add an overview of pam_mount options (options.txt)
- implement the "soft_try_pass" option
v0.19 (2007-07-04)
==================
pam_mount now uses an XML config file, which also has a few new
variables and options. Support for truecrypt was added.
- pam_mount switched to an XML configuration.
- NT domain placeholders
- properly detect loop64 support
- split group matching into multiple attributes
- add an "invert" attribute
- remove pam_mount.la from `make install`ed directory
- partial davfs support
- added truecrypt support
v0.18 (2006-09-07)
==================
A crash on x86_64 has been fixed. pam_mount now changes to the root
directory before attempting to (un)mount.
- change to / before attempting mount
- check return value in xmemdup()
- fix segfault on x64: Do not reuse va_lists (found by Celestar)
v0.17 (2006-08-06)
==================
This release fixes memory corruption issues and improper zeroing.
- use standard allocators
- fix memory corruption issue
- enhance debugging messages with file/line
- fix improper zeroing (deceived as memory corruption)
v0.16 (2006-07-30)
==================
The GDM SIGCHLD workaround handling has been improved, essential
environment variables for FUSE daemons are now set, and configure has
two new options (--slibdir and --sbindir).
- SIGCHLD handling updated
- set important environment variables for fuse daemons
- added new --slibdir and --ssbindir options to configure
- documentation updates
v0.15 (2006-07-26)
==================
- mount.crypt and umount.crypt are installed to /sbin rather
than /usr/sbin; /bin/mount only looks into /sbin
- KRB5 credentials are now set in the environment
- fix XDM crash, for GCC >= 4.x
- disable debug output by default (confused gksu) [sf bug #1524325]
- do FUSE mounts done unprivileged [sf bug #1489657 and ML]
- fixed: /bin/login sends SIGHUP/SIGTERM to outstanding session
processes after PAM completed; this killed fuse daemons
- work around XDM crash (symbol clash), for GCC <= 3.x;
the proper solution would be that XDM be NOT compiled with -rdynamic
- properly truncate /var/run/pam_mount/YOURNAME files [sf bug #1503246]
v0.13 (2006-04-01)
==================
Before SVN, patchsets were used.
[patch 01/11] January 28 2006
- src/readconfig.c, mount.c: mount volumes with user credentials,
not as root
- src/mount.c: add a swift error message for people using broken distros
[patch 02/11] January 28 2006
- config/pam_mount.conf, readconfig.c: lsof is in /usr/bin
[patch 03/11] February 23 2006
- dry/pam_mount.spec: fixed: forgot to clean out unpackaged files
[patch 04/11] February 27 2006
- config/pam_mount.conf: update some examples
[patch 05/11] Februrary 27 2006
- scripts/mount.crypt: fix SED expression
[patch 06/11] March 04 2006
- src/mount.c: add an extra hint for old distros
[patch 07/11] March 19 2006
- src/*.h: fix position of #include's, they need to be before extern "C".
[patch 08/11] March 19 2006
- config/pam_mount.conf: fix examples for shares with spaces
[patch 09/11] March 19 2006
- src/pam_mount.c: relookup user (for LDAP)
[patch 10/11] April 01 2006
- use own SIGCHLD handler during pam_mount operations (try to fix a
quirk with GDM)
[patch 11/11] April 01 2006
- configure: enforce straight /lib position for pam_mount Linux
v0.12.2 (2006-01-31)
====================
Mount smbfs and cifs mounts with ownership belonging to the user
rather than root.
v0.12.0 (2006-01-11)
====================
This version fixes an fd leak, expansion problems with @group and a
wrong inversion. The smb/ncp filesystem types have been superseded by
smbfs/ncpfs. Support for secondary "@@groups" was added.
v0.11 (2005-12-28)
==================
- fix some memory leaks, unterminated strings, extra trailing
slashes, double frees
- fixed: wildcards were not expanded for "@group"s
- account for trailing slashes and path resolution in umount.crypt
v0.10 (2005-11-18)
==================
- support ANY [kernel] filesystem (yes, finally) -- includes tmpfs,
fuse mounts and --bind operations.
- merged various patches and fixes by Bastian Kleineidam
- handle symlinks better (read: resolve them, so that the result
matches /bin/mount's resolving behavior)
- implemented group volumes, to be used by "volume @xyz ..."
- cleaned the code up here and there

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks