Release Notes: The default hash encoding prefix has been changed from "$2a$" to "$2y$" (which requires crypt_blowfish 1.2 or newer).
Release Notes: A faulty check for sparse files has been removed as needed for compatibility with modern filesystems such as btrfs.
Release Notes: The .data section size has been reduced by 256 KB when tcb is compiled against Linux 2.6 kernel headers.
Release Notes: A non-security buffer overflow bug with more than NGROUPS_MAX groups per user has been fixed. The Makefiles have been cleaned up.
Release Notes: Child processes spawned by pam_tcb will now always use _exit(2) rather than exit(3) to avoid triggering side effects. When changing passwords, pam_tcb will now fsync(2) the temporary file prior to renaming it over the actual shadow file, as needed on filesystems with not entirely atomic rename(2) (XFS).
Release Notes: pam_sm_open_session() has been hardened to fail for unknown users. Memory leaks in the PAM module and tcb_chkpwd helper have been fixed.
Release Notes: Support for OpenPAM and for the new interfaces provided by Linux-PAM 0.99.1.0 and above has been implemented (older versions of Linux-PAM continue to be supported). The list of global symbols exported by the library, NSS, and PAM modules has been restricted. The PAM module will no longer invoke openlog(3)/closelog(3) by default (according to the new Linux-PAM convention), unless the new option "openlog" is specified.
Release Notes: This release corrects the usage of readdir(3) in tcb_unconvert for glibc 2.3+.
Release Notes: The PAM module will now be built with -fPIC, and FAKEROOT has been renamed to DESTDIR.