Version 0.5  20/11/2002 <jo2y@users.sourceforge.net>
Added md5 support by default -ksmith
added a makefile that works fon FreeBSD -ksmith
More buffer overflow related fixes -jo2y
added -lz flag to link against the libz library -jo2y
backport of sql logging into main branch -jo2y
fixed a memoryleak with mysql_free_result() -jo2y
Fixes buffer overflow in parseArgs() -jo2y
Add askForPassword() for new passwords in pam_sm_chauthtok() -ksmith
all instances of syslog() now have a format string -ksmith
Many fixes from B J Black


Version 0.4.7 7/9/2000 <delancie@users.sourceforge.net>
URGENT! This release fixes a SERIOUS security hole in the authentication
mechanism and is one I am deeply to ashamed to admit was there, but must.
The SQL statement was never being escaped, so your users can effectively
'break out' of the query, add their own SQL and get authentication.
Whichever version of PAM-MYSQL you are running, you should upgrade
immediately to fix this problem. ANYONE can get authenticated on your
system without needing to know the password of the user they are
trying to be authenticated as. This means root too. And it is easy...
Specify the username as root. Specify the password as;
' and user='SomeKnownUser'

and whammo, you have root access to the machine because PAM authorised you.

UPGRADE NOW!

Thanks to Shaun Clowes at Secure Reality (http://www.securereality.com.au)
for bringing this to my attention.

Also, if you don't want users passwords displayed in your sql log, switch
off logging for select statements!

Version 0.4.6 5/9/2000 <delancie@users.sourceforge.net>
ACK! Logfile spam from acct_mgmt()
	Removed it... Or rather, added it to the #ifdef

Version 0.4.5 5/9/2000 <delancie@users.sourceforge.net>
Applied patch from Martin "Edas" Edlman to fix PASSWORD() method and combine
	crypt() into one call..
Changed the way PAM_MYSQL logs, removed _pam_log() and now just use syslog()
	instead of vsyslog() (Actually not sure why vsyslog was used anyway)
	which should hopefully fix another set of SEGV problems people have
	reported.
Removed debug logging. Compile with -DDEBUG if you want it. Most people
	won't though :)

Version 0.4 27/7/2000 <delancie@users.sourceforge.net>
Added the ability to have a where clause in addition to the username = 'blah'
	Note though that spaces are NOT allowed in this where clause, sorry
Fixed a nasty (and really stupid!) bug whereby user not existing would cause
	the sql string to be free'd twice, causing nastiness, lockups or
	segfaults.

Version 0.3 26/7/2000 <delancie@users.sourceforge.net>
This file started.
Merged patches for crypt() support and local mysql support from Tamas SZERB and Matjaz Godez
Fixed potential buffer overrun in sql statement (username could be big, shouldn't be, but could be!)
Fixed potential buffer overrun in crypt password checks. Password provided could be long.
Combined queries into 1 when using internal MySQL password() crypt routine
Changed Makefile to use staticly linked libmysqlclient, as dynamic causes a sigsegv when being unloaded.
	If anyone has any idea why that might be, please email me!
Patch to avoid second select submitted by Gus. Implemented with mods.
Changes to conversation function to make more generic. Hopefully its not broken anything!
Changes to better fit PAM spec.
Changes to explicitly close MySQL connection when finished.
Beginnings of ability to use use_first_pass (tied in with changes to conversation functions)
Implementation of stub functions for acct_mgmt, credential, chauthtok and session stuff

If you are Tamas, Matjaz or Gus, please email me your contact details if you'd like
to be in the CREDITS file :)

#############################################################################
