Changes since pam-p11-0.1.5 from the NEWS file:
New in 0.3.1; 2019-09-11; Frank Morgner
* CVE-2019-16058: Fixed buffer overflow when creating signatures longer than 256
bytes
New in 0.3.0; 2019-04-24; Frank Morgner
* Add Italian translation
* Add support for matching the PIN-input with a regular expression
* Add support for macOS
* Add support for building with OpenSSL 1.1.1
* Add support for nistp256/384/521 keys in authorized_keys file
New in 0.2.0; 2018-05-16; Frank Morgner
* Add user documentation in Readme.md
* Add support for PIN pad readers
* Add support for changing/unblocking PIN (use with passwd)
* Add support for localized user feedback
* Add support for cards without certificates (e.g. OpenPGP card)
* Add support for PKCS#11 modules with multiple slots
* Add support for building with OpenSSL 1.1
* Merged opensc and openssh module into pam_p11.so
* Fixed memory leaks, coverity issues, compiler warnings
* Created `test-passwd` and `test-login` for testing standard use cases
New in 0.1.6; 2017-03-06; Alon Bar-Lev
* Build system rewritten (NOTICE: configure options was modified).
Unsorted entries in PLIST files have generated a pkglint warning for at
least 12 years. Somewhat more recently, pkglint has learned to sort
PLIST files automatically. Since pkglint 5.4.23, the sorting is only
done in obvious, simple cases. These have been applied by running:
pkglint -Cnone,PLIST -Wnone,plist-sort -r -F
Problems found locating distfiles:
Package f-prot-antivirus6-fs-bin: missing distfile fp-NetBSD.x86.32-fs-6.2.3.tar.gz
Package f-prot-antivirus6-ws-bin: missing distfile fp-NetBSD.x86.32-ws-6.2.3.tar.gz
Package libidea: missing distfile libidea-0.8.2b.tar.gz
Package openssh: missing distfile openssh-7.1p1-hpn-20150822.diff.bz2
Package uvscan: missing distfile vlp4510e.tar.Z
Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden). All existing
SHA1 digests retained for now as an audit trail.
The new distfile has a bad name and doesn't have the auto* generated
files. Given that it's on github, these issues are not likely to be
fixed. There has been no upstream release since 2008, so there's
really no point in dealing with that until there is. For now, just
use MASTER_SITE_BACKUP to avoid the old URL giving errors.
crpytographic PKCS#11 tokens such as smart cards and usb crypto
tokens for local authentication.
Pam_p11 implements two authentication modules:
* pam_p11_openssh authenticates the user against public keys found
in OpenSSH ~/.ssh/authorized_keys file.
* pam_p11_opensc authenticates the user against certificates found
in ~/.eid/authorized_certificates.
