Regenerate po/Linux-PAM.pot and po/*.po using "make -C po update-po"
command. This essentially updates the project version, line numbers,
and timestamps.
Regenerate po/Linux-PAM.pot and po/*.po using "make -C po update-po"
command. This removes translations of pam_cracklib, pam_tally, and
pam_tally2 modules that were removed in v1.5.0.
Complements: v1.5.0~10 "Remove deprecated pam_cracklib module"
Complements: v1.5.0~9 "Remove deprecated pam_tally and pam_tally2 modules"
* zanata.xml: Configuration file for zanata client.
* po/LINGUAS: Update languages as supported by Zanata.
* po/Linux-PAM.pot: Updated from sources.
* po/*.po: Updated from sources.
Security fix: CVE-2015-3238
If the process executing pam_sm_authenticate or pam_sm_chauthtok method
of pam_unix is not privileged enough to check the password, e.g.
if selinux is enabled, the _unix_run_helper_binary function is called.
When a long enough password is supplied (16 pages or more, i.e. 65536+
bytes on a system with 4K pages), this helper function hangs
indefinitely, blocked in the write(2) call while writing to a blocking
pipe that has a limited capacity.
With this fix, the verifiable password length will be limited to
PAM_MAX_RESP_SIZE bytes (i.e. 512 bytes) for pam_exec and pam_unix.
* NEWS: Update
* configure.ac: Bump version
* modules/pam_exec/pam_exec.8.xml: document limitation of password length
* modules/pam_exec/pam_exec.c: limit password length to PAM_MAX_RESP_SIZE
* modules/pam_unix/pam_unix.8.xml: document limitation of password length
* modules/pam_unix/pam_unix_passwd.c: limit password length
* modules/pam_unix/passverify.c: Likewise
* modules/pam_unix/passverify.h: Likewise
* modules/pam_unix/support.c: Likewise
* NEWS: Update
* configure.ac: Bump version
* libpam/Makefile.am: Bump version of libpam
* libpam_misc/Makefile.am: Bump version of libpam_misc
* po/*: Regenerate po files
