| < 2015 Changes | Russ Allbery > Recent Changes | 2013 Changes > |
This page lists all changes to my web site in 2014, except for new journal entries, along with a brief description. For more recent changes and the current RSS feed, see the current changes page. For older changes, see the changes for 2013, 2012, 2011, 2010, 2009, and 2008.
Review of Three Parts Dead by Max Gladstone.
Review of Some Remarks by Neal Stephenson.
New no_update_user option to suppress the normal PAM_USER update after username canonicalization. Suppress spurious Heimdal password prompts with PKINIT. Map unknown realm errors to PAM_AUTHINFO_UNAVAIL. Treat more error codes as authentication failures for try_first_pass purposes for better compatibility between MIT client libraries and Heimdal KDCs. Add the version at which each module option was introduce to the documentation.
Check for integer overflow in vector_join and vector_cjoin. Avoid strlcpy in getnameinfo and setenv replacements. New Perl style/module-version.t for Perl modules. Fix visibility of some util and portability functions. Fix network_addr_match with empty strings on AIX. Ensure all network utility functions accept both "any" and "all" for source addresses. Fix portability of EINVAL error codes on Windows. Add a new portable/socket-unix.h layer for UNIX sockets. Add PIPE_READ and PIPE_WRITE macros to name the elements of the array passed to pipe. Add support for more PAM data elements in the fakepam testing library. Support requiring PKINIT configuration when initializing a Kerberos test.
The runtests harness now supports ignoring comments and blank lines in test lists, and ignoring leading whitespace before test names.
Review of Bad Pharma by Ben Goldacre.
Review of Wakulla Springs by Andy Duncan & Ellen Klages.
Review of 2014 Hugos: Novelettes by Loncon 3 (ed.).
Rename the duo object type to duo-pam and add new duo-radius, duo-ldap, and duo-rdp object types. Add support for renaming file objects.
Add the winner of the 2014 World Fantasy award for best novel (A Stranger in Olondria, by Sofia Samatar).
Julien ÉLIE wrote new POD documentation for innwatch. Make it available on the web for INN CURRENT and 2.5.
Another periodic cleanup of broken links and removing of permanent redirects.
Review of Turn the Ship Around! by L. David Marquet.
Review of 2014 Hugos: Short Story Nominees.
Another periodic cleanup of broken links and removing of permanent redirects.
Add the winners of the 2014 Hugo award for best novel (Ancillary Justice by Ann Leckie), the Mythopoeic award for best adult novel (The Golem and the Jinni by Helene Wecker), and the British Fantasy award for best fantasy novel (A Stranger in Olondria by Sofia Samatar).
Refrain from deleting the *_source.changes file when doing source-only package builds.
Put this document in the public domain and rewrote it to be more clearly in the past tense.
Rather than converting the old text documentation to HTML, convert all of my old CVS notes to thread. This eliminates the last dependency on files in AFS for generating the web site.
Review wording of the distribution pages of all obsolete software packages and update to not imply that I still work for Stanford.
Update all orphaned software packages to the latest page layout with sidebars. Rephrase commentary that implied I work for Stanford. Standardized phrasing for Debian package availability. Remove some notes about future plans, which are now irrelevant since I'm orphaning the packages.
Add a new page for orphaned software and orphan afs-admin-tools, afs-backend, afs-balance, afs-monitor, afs-mount, afs-pag, afsdb, filter-syslog, krb5-sync, lbcd, newsyslog, pam-afs-session, pam-webauth-otp, tracker, and WebAuth.
Another periodic cleanup of broken links and removing of permanent redirects.
Review of Parasite by Mira Grant.
Rename NEWS to Changes. Add repository and bugtracker information to the distribution metadata. Use Lancaster Consensus environment variables to control tests.
Fix AuthType StanfordAuth support. Fix build issues when remctl support is disabled. Expiring password warnings are shown in WebLogin after any POST-based authentication. The confirmation page is forced if authorization identity switching is available. The username field is verified before multifactor authentication to avoid subsequent warnings. Newlines, CRs, and tabs are allowed in the XML sent from the WebKDC for user messages. Empty RT and ST parameters are correctly diagnosed. Some documentation improvements. New mod_webkdc configuration directive to configure FAST armor for the initial password authentication. New auth factors mp and v.
Add new object type, duo, to manage Duo Security integrations. owner and getacl now return the name of the ACL, not the ID. The date passed to expires can be in any date format understood by Date::Parse. Fix wallet-rekey on keytabs containing multiple principals. Fix enctype restrictions for keytabs. Fix documentation of the ldap_map_principal callback. Create principals in Heimdal with a long, random password to avoid problems with strength checking. Remove erroneous foreign key constraints for the history tables and add more useful indices. Use DateTime uniformly when interacting with date fields in the database. Record ACL renames in the ACL history. Fix wallet-backend parsing of the expires argument. Fix ordering of table drops during wallet-admin destroy. Require Perl 5.8. Add new contrib script, wallet-rekey-periodic.
Review of Neptune's Brood by Charles Stross.
New Perl module that provides a Perl API to the Duo Security REST APIs. It attempts to abstract some of the API details and provide an object-oriented view of the returned objects in order to make use of the API in Perl code more natural than dealing with JSON data structures directly. Currently, some parts of the Auth and Admin APIs are implemented alongside with generic methods to call any of the JSON-based APIs.
New server ACL type, localgroup, that converts the Kerberos principal to a local username and checks for membership in a local group. Use calloc and reallocarray in favor of malloc and reallocwhen calculating sizes. Fix incorrect handling of signal-interrupted network writes in the server. Reset SIGPIPE handling before running a command in the server. Add version and compatibility information to all manual pages.
Add the 2014 winners of the Locus award for SF (James S.A. Corey's Abaddon's Gate) and fantasy (Neil Gaiman's The Ocean at the End of the Lane).
Fix network_read and network_write timeout handling when interrupted by a signal. Provide a reallocarray replacement on systems that don't have it, an xreallocarray wrapper, and use calloc or reallocarray when allocating a calculated amount of memory. portable/system.h now guarantees inclusion of inttypes.h and limits.h. portable/pam.h will now build with a C++ compiler. The Kerberos Autoconf macros provide a Makefile variable for use with gcc that mark Kerberos headers as system headers. The util/messages-krb5 test will be skipped if not built with Kerberos support.
Update what part of Stanford I work for to catch up with current reorganizations and group renamings. Promote eagle@eyrie.org as my primary personal email address and drop rra@stanford.edu from the contact page.
ok, okv, and is_* functions now return true if the test succeeds and false if it fails. diag and sysdiag always return 1. New breallocarray inspired by the OpenBSD reallocarray function. Check for integer overflows on memory allocation. Replace all remaining uses of sprintf.
Review of Lockstep by Karl Schroeder.
Review of Ancillary Justice by Ann Leckie.
Review of The Knowledge by Lewis Dartnell.
Review of The Wilding by C.S. Friedman.
Review of The Emergency Sasquatch Ordinance by Kevin Underhill.
Review of Due Diligence by David Roodman.
Review of A People's History of the Supreme Court by Peter Irons.
Review of Face of the Enemy by Sandra Barret.
Add the winner of the 2014 John W. Campbell Memorial award winner (Strange Bodies by Marcel Theroux).
New stable bug-fix release of INN. radius.conf has been renamed to inn-radius.conf to avoid conflicts. The MOTD files are now installed as examples rather than live configuration files. controlchan and pgpverify can now deal with keys with multiple UIDs and UIDs with spaces in them. The attributes hash has been exposed to nnrpd posting filters in addition to authentication and authorization hooks. Lots of other bug fixes for crashes, build issues, log rotation issues, and other problems. Thanks to Julien ÉLIE for making this release.
Add the nominees for the Nebula and the Hugo, the winner of the Nebula for best novel (Anne Leckie's Ancillary Justice), the winner of the Arthur C. Clarke award (same), the joint winners of the BSFA Award for best novel (joint between Ancillary Justice and Gareth L. Powell's Ack Ack Macaque), and the winner of the Philip K. Dick award (Ben H. Winters's Countdown City).
Review of Debt by David Graeber.
Some compiler and linker combinations don't support -R and require -Wl,-rpath instead. Mention that option and modify some of the instructions accordingly.
Review of Hyperbole and a Half by Allie Brosh.
Review of Cryptography Engineering by Niels Ferguson, et al..
Add a pointer to the Puppet module for remctl at Puppet Forge, written by the IN2P3 Computing Centre.
Review of With Charity for All by Ken Stern.
Review of Fantasy & Science Fiction, September/October 2011.
Remove the changes from December 2013 from the Recent Changes page. (I'm a little late in doing this rollover; usually I do it in February.)
Only metadata changes in this release, for chile.*, dictator.*, and grisbi.*.
Review of Asimov's Science Fiction, September 2011.
Review of Sundiver by David Brin.
Add support for SQLite password dictionaries that can reject passwords within edit distance one of a dictionary word. Rename cdbmake-wordlist to krb5-strength-wordlist and add support for generating SQLite databases. Add a password history implementation for Heimdal that can stack with other external password quality check programs. Add a new configuration option, minimum_different, that requires passwords contain at least that many different characters.
Rename skip_unless_maintainer to skip_unless_author in Test::RRA and add skip_unless_automated. Use these functions for more generic Perl tests that don't uncover functionality issues. Switch from RRA_MAINTAINER_TESTS to AUTHOR_TESTING, AUTOMATED_TESTING, and RELEASE_TESTING for consistency with Perl packages. Add Autoconf macros for SQLite.
Convert the package to Module::Build and the new Perl module test infrastructure from rra-c-util. Fix various documentation typos and add a SEE ALSO reference. Skip more tests if not doing automated or release testing, and use the Lancaster Consensus environment variables.
Add the 2014 winner of the Tiptree Award (Rupetta, by N.A. Sulway).
Another periodic cleanup of broken links and removing of permanent redirects.
New configuration driective, WebAuthCookiePath, that supports adding a path scope to cookies set by mod_webauth. WebAuthOptional now works with Apache 2.4. Don't prematurely delete notes in mod_webauth to avoid multiple redirects to WebLogin. Maintain separate in-memory keyrings for each virtual host for better support of the ITK MPM. Be more thorough about telling browsers not to cache pages. Lock keyrings before writing to them, and preserve ownership and permissions where possible. Use the authenticated identity returned by the WebKDC for multifactor authentication. Add support for a new remctl-based password change protocol to libwebauth and WebLogin. Set the correct template variable when the code field is left blank on the WebLogin multifactor screen. Map unknown realm and invalid principal errors to better WebLogin errors. Fix the workaround for invalid XML from the WebKDC. Log a more detailed error message when password change fails.
Add support for skipping Perl syntax checks if required modules are not found. Work around two problems with the current Perl::Tidy and its unconditional creation of log files.
Dreamwidth is blocked in Russia because they refuse to remove user content that's legal in the United States but not in Russia. Add a parenthetical note to my page about blog comments and mention that there are other blog hosting facilities available as well. Remove the mention of invite codes, since Dreamwidth no longer uses them.
Review of Air Apparent by Mark Monmonier.
Another periodic cleanup of broken links and removing of permanent redirects.
Convert the remctl server to libevent, which improves handling of process exit without having to poll. Completely fill a MESSAGE_OUTPUT token from the server with as much data as the protocol allows it to hold. Fix minor server and client memory leaks. Write the server PID file atomically.
The quote is not original to D'Israeli, so correct the attribution.
Suppress shell errors in the systemd unit directory probe when pkg-config is not installed. Add Autoconf probes for libevent and a portability layer to support most of the 2.x API on top of 1.4. Add a new message_handlers_reset function to reset all message handlers to their defaults and free any allocated memory. Improve the process TAP add-on to flush output from the process after stopping it, free memory in non-primary processes, fix a memory leak when using fakeroot, and use a cleaner method of waiting for processes to exit. Port the Kerberos TAP add-on to the new test_cleanup_register API. Fix compilation of portable/krb5.h with C++ compilers. Add additional suppressions for Kerberos libraries to the valgrind configuration.
Callbacks passed to test_cleanup_register now take a second argument indicating whether they are running in the primary process, and are called on exit from all processes, not just the primary one. The test harness now reopens standard input to /dev/null when running tests from a list and avoids leaking extraneous file descriptors to tests.
Add support for setting a password expiration on newly-created accounts. Map password quality errors from create or reset_passwd to generic errors in the Heimdal backend.
Review of Honeyed Words by J.A. Pitts.
Fix a memory leak in the client library when remctl_set_ccache is used. Fix Net::Remctl::Backend argument count verification when one argument comes from standard input. Add startup notification and socket activation support for systemd and install systemd unit files. Add support for upstart's expect stop synchronization method via the -Z flag. Work around a Module::Build bug in RHEL 5. Check that the object argument is not undef in Net::Remctl and related classes.
Another periodic cleanup of broken links and removing of permanent redirects.
Add Autoconf macros for systemd support, both installing unit files and linking with libsystemd-daemon, and a header wrapper that stubs out the calls I've needed so far if systemd is not available. Fix process_start_fakeroot and remctld_start_fakeroot.
Mark lbcd listening sockets close-on-exec. Document the systemd environment variables. Add an examples section to the lbcd man page. Fix various issues with the systemd service and socket units.
Add an overview of my 2013 reading, main book recommendations, and reading statistics.
Move all web site changes for 2013 to a separate page and remove all entries older than December of 2013 from the current changes page.
| < 2015 Changes | Russ Allbery > Recent Changes | 2013 Changes > |