Upgrade to OpenPAM Ourouparia.

1 files changed, 22 insertions, 3 deletions

diff --git a/contrib/openpam/HISTORY b/contrib/openpam/HISTORY
index ddb4d42..31a2c71 100644
--- a/contrib/openpam/HISTORY
+++ b/contrib/openpam/HISTORY
@@ -1,3 +1,24 @@
+OpenPAM Ourouparia						2014-09-12
+
+ - ENHANCE: When executing a chain, require at least one service
+   function to succeed.  This mitigates fail-open scenarios caused by
+   misconfigurations or missing modules.
+
+ - ENHANCE: Make sure to overwrite buffers which may have contained an
+   authentication token when they're no longer needed.
+
+ - BUGFIX: Under certain circumstances, specifying a non-existent
+   module (or misspelling the name of a module) in a policy could
+   result in a fail-open scenario.  (CVE-2014-3879)
+
+ - FEATURE: Add a search path for modules.  This was implemented in
+   Nummularia but inadvertently left out of the release notes.
+
+ - BUGFIX: The is_upper() predicate only accepted the letter A as an
+   upper-case character instead of the entire A-Z range.  As a result,
+   service and module names containing upper-case letters other than A
+   would be rejected.
+============================================================================
 OpenPAM Nummularia						2013-09-07
 
  - ENHANCE: Rewrite the dynamic loader to improve readability and
@@ -97,7 +118,7 @@ OpenPAM Lycopsida						2011-12-18
    module before loading it.
 
  - ENHANCE: added / improved input validation in many cases, including
-   the policy file and some function arguments.
+   the policy file and some function arguments.  (CVE-2011-4122)
 ============================================================================
 OpenPAM Hydrangea						2007-12-21
 
@@ -427,5 +448,3 @@ Fixed a number of bugs in the previous release, including:
 OpenPAM Calamite						2002-02-09
 
 First (beta) release.
-============================================================================
-$Id: HISTORY 737 2013-09-07 12:53:55Z des $