lists.arthurdejong.org
RSS feed

nss-pam-ldapd commit: r1417 - in nss-pam-ldapd: . debian man

[Date Prev][Date Next] [Thread Prev][Thread Next]

nss-pam-ldapd commit: r1417 - in nss-pam-ldapd: . debian man



Author: arthur
Date: Sat Mar 26 21:51:58 2011
New Revision: 1417
URL: http://arthurdejong.org/viewvc/nss-pam-ldapd?view=rev&revision=1417

Log:
get files ready for 0.8.2 release

Modified:
   nss-pam-ldapd/ChangeLog
   nss-pam-ldapd/NEWS
   nss-pam-ldapd/TODO
   nss-pam-ldapd/configure.ac
   nss-pam-ldapd/debian/changelog
   nss-pam-ldapd/man/nslcd.8.xml
   nss-pam-ldapd/man/nslcd.conf.5.xml
   nss-pam-ldapd/man/pam_ldap.8.xml

Modified: nss-pam-ldapd/ChangeLog
==============================================================================
--- nss-pam-ldapd/ChangeLog     Sat Mar 26 17:16:16 2011        (r1416)
+++ nss-pam-ldapd/ChangeLog     Sat Mar 26 21:51:58 2011        (r1417)
@@ -1,3 +1,172 @@
+2011-03-26 16:16  arthur
+
+       * [r1416] tests/Makefile.am, tests/test_nsscmds.sh,
+         tests/test_pamcmds.sh: ensure that all test source files are
+         distibuted and can tests can be run when source directory differs
+         from build directory
+
+2011-03-26 14:36  arthur
+
+       * [r1415] pynslcd/common.py: sync validname regular expression with
+         nslcd
+
+2011-03-25 21:39  arthur
+
+       * [r1414] configure.ac, nslcd/nslcd.c: no longer indefinitely wait
+         for all worker threads to finish before exiting (but wait a few
+         seconds on platforms with pthread_timedjoin_np())
+
+2011-03-25 16:15  arthur
+
+       * [r1413] tests/Makefile.am, tests/test_cfg.c, tests/test_common.c,
+         tests/test_myldap.c: re-organise tests somewhat making things
+         more consistent
+
+2011-03-25 16:08  arthur
+
+       * [r1412] debian/nslcd.config, debian/nslcd.postinst: integrate
+         patch by Daniel Dehennin to not loose debconf values of
+         previously set options with dpkg-reconfigure
+
+2011-03-25 13:30  arthur
+
+       * [r1411] configure.ac, man/nslcd.conf.5.xml, nslcd/cfg.c,
+         nslcd/cfg.h, nslcd/common.c, tests/Makefile.am,
+         tests/test_common.c: implement a validnames option that can be
+         used to fine-tune the test for valid user and group names using a
+         regular expression
+
+2011-03-24 22:19  arthur
+
+       * [r1410] pynslcd/protocol.py, pynslcd/pynslcd.py, pynslcd/rpc.py,
+         pynslcd/service.py: implement service, protocol and rpc lookups
+
+2011-03-24 22:18  arthur
+
+       * [r1409] pynslcd/host.py, pynslcd/network.py: fix the case where
+         the RDN is for some reason not in the cn
+
+2011-03-24 22:15  arthur
+
+       * [r1408] pynslcd/pam.py: fix configuration name
+
+2011-03-24 22:09  arthur
+
+       * [r1407] pynslcd/mypidfile.py: truncate pidfile to ensure remains
+         of previous value is gone
+
+2011-03-23 21:55  arthur
+
+       * [r1406] pynslcd/host.py: fix use of spaces
+
+2011-03-23 21:43  arthur
+
+       * [r1405] nslcd/protocol.c, nslcd/shadow.c: fix descriptions of
+         files
+
+2011-03-23 21:28  arthur
+
+       * [r1403] compat/daemon.h, configure.ac, nslcd/nslcd.c: provide a
+         definition of daemon() for systems that lack it
+
+2011-03-23 20:30  arthur
+
+       * [r1402] compat/ether.h: typo fix in comment
+
+2011-03-19 15:14  arthur
+
+       * [r1401] Makefile.am, common, compat, nslcd, nss, pam, tests,
+         tests/test_expr.c, tests/test_pamcmds.expect, tests/test_tio.c:
+         more tests and general test improvements
+
+2011-03-19 15:14  arthur
+
+       * [r1400] common/expr.c, nslcd/myldap.h, nslcd/nslcd.c,
+         nss/common.h, nss/prototypes.h, pam/common.h, pam/pam.c: small
+         code improvements
+
+2011-03-19 15:13  arthur
+
+       * [r1399] nslcd/log.c, nslcd/log.h: remove logging functionality
+         that isn't used
+
+2011-03-18 14:33  arthur
+
+       * [r1398] tests, tests/Makefile.am, tests/in_testenv.sh,
+         tests/test_nsscmds.sh, tests/test_pamcmds.expect,
+         tests/test_pamcmds.sh: implement test cases for some of the
+         common PAM actions (test environment required for this)
+
+2011-03-17 21:02  arthur
+
+       * [r1397] configure.ac, tests/Makefile.am, tests/common.h,
+         tests/test_cfg.c, tests/test_common.c, tests/test_expr.c,
+         tests/test_getpeercred.c, tests/test_myldap.c, tests/test_tio.c:
+         put all assertion functions and compatibility code into one
+         header file
+
+2011-03-17 21:01  arthur
+
+       * [r1396] nslcd.conf: put idle_timelimit option in Active Directory
+         example with low enough default
+
+2011-03-16 21:54  arthur
+
+       * [r1395] tests/Makefile.am, tests/test_aliases.c,
+         tests/test_ethers.c, tests/test_group.c, tests/test_hosts.c,
+         tests/test_netgroup.c, tests/test_networks.c,
+         tests/test_nslcd_group.c, tests/test_passwd.c,
+         tests/test_protocols.c, tests/test_rpc.c, tests/test_services.c,
+         tests/test_shadow.c: remove legacy test code that is no longer
+         used
+
+2011-03-14 21:42  arthur
+
+       * [r1394] pam/pam.c: check for user existence before trying
+         password change
+
+2011-03-14 20:19  arthur
+
+       * [r1393] common/tio.c: fix a problem in the timeout paramater that
+         was being passed to select() and could contain too many µsec
+         (fixes Solaris runtime issue)
+
+2011-03-13 15:25  arthur
+
+       * [r1392] tests/test_nsscmds.sh: fix name of script in header
+
+2011-03-12 08:41  arthur
+
+       * [r1391] configure.ac: include the resolv library for hstrerror()
+         on platforms that need it (thanks Peter Bray)
+
+2011-03-12 08:34  arthur
+
+       * [r1390] nslcd/common.h, nslcd/pam.c: put all HOST_NAME_MAX
+         fallbacks in common.h and fall back to _POSIX_HOST_NAME_MAX
+         (thanks Peter Bray)
+
+2011-03-11 20:37  arthur
+
+       * [r1389] Makefile.am: ensure that permissions are sane in the
+         distributed tarball
+
+2011-03-11 18:02  arthur
+
+       * [r1388] nslcd/myldap.c: fix problem with endless loop on
+         incorrect password
+
+2011-03-11 15:49  arthur
+
+       * [r1387] nslcd/common.c, nslcd/common.h: move HOST_NAME_MAX
+         fallback definition to header file
+
+2011-03-10 21:45  arthur
+
+       * [r1385] ChangeLog, NEWS, TODO, configure.ac, debian/changelog,
+         man/nslcd.8.xml, man/nslcd.conf.5.xml, man/pam_ldap.8.xml: get
+         files ready for 0.8.1 release
+
 2011-03-10 20:35  arthur
 
        * [r1384] Makefile.am, common/tio.c, compat/Makefile.am,

Modified: nss-pam-ldapd/NEWS
==============================================================================
--- nss-pam-ldapd/NEWS  Sat Mar 26 17:16:16 2011        (r1416)
+++ nss-pam-ldapd/NEWS  Sat Mar 26 21:51:58 2011        (r1417)
@@ -1,11 +1,30 @@
+changes from 0.8.1 to 0.8.2
+---------------------------
+
+* fix problem with endless loop on incorrect password
+* fix a communication problem between nslcd and the NSS and PAM modules when
+  running on Solaris 10
+* fix a compilation issue on systems without HOST_NAME_MAX
+* link to the resolv library for hstrerror() on platforms that need it
+* ignore password change requests for users not in LDAP
+* many clean-ups to the tests and added some new tests including some
+  integration tests for the PAM functionality
+* some smaller code clean-ups and improvements
+* improvements to pynslcd, including implementations for service, protocol and
+  rpc lookups
+* implement a validnames option that can be used to filter valid user and
+  group names using a regular expression
+* improvements to the way nslcd shuts down with hanging worker threads
+
+
 changes from 0.8.0 to 0.8.1
 ---------------------------
 
 * SECURITY FIX: the PAM module will allow authentication for users that do not
                 exist in LDAP, this allows login to local users with an
                 incorrect password (CVE-2011-0438)
-                the explotability of the problem depends on the details of the
-                PAM stack and the use of the minimum_uid PAM option
+                the exploitability of the problem depends on the details of
+                the PAM stack and the use of the minimum_uid PAM option
 * include a file that was missing for Solaris support
 * add FreeBSD support, partially imported from the FreeBSD port (thanks to
   Jacques Vidrine, Artem Kazakov and Alexander V. Chernikov)

Modified: nss-pam-ldapd/TODO
==============================================================================
--- nss-pam-ldapd/TODO  Sat Mar 26 17:16:16 2011        (r1416)
+++ nss-pam-ldapd/TODO  Sat Mar 26 21:51:58 2011        (r1417)
@@ -19,9 +19,6 @@
 * make it possible to start nslcd real early in the boot process and have
   it become available when it determines it can (other timeout/retry mechanism
   on startup)
-* write a simple PAM test application
-* make user/group name filtering configurable (with regular expression)
-  (perhaps even extend the filtering to other data)
 * implement requesting and handling password policy information when binding
   as a user
 * implement nested groups
@@ -32,4 +29,3 @@
 * fix buffer handling in read_**string() functions (Solaris support)
 * complete pynslcd implementation
 * in nslcd/pam.c check shadow properties if present
-* write test cases for the PAM code

Modified: nss-pam-ldapd/configure.ac
==============================================================================
--- nss-pam-ldapd/configure.ac  Sat Mar 26 17:16:16 2011        (r1416)
+++ nss-pam-ldapd/configure.ac  Sat Mar 26 21:51:58 2011        (r1417)
@@ -33,7 +33,7 @@
 
 # initialize and set version and bugreport address
 AC_INIT([nss-pam-ldapd],
-        [0.8.1],
+        [0.8.2],
         [nss-pam-ldapd-users@lists.arthurdejong.org],,
         [http://arthurdejong.org/nss-pam-ldapd/])
 RELEASE_MONTH="Mar 2011"

Modified: nss-pam-ldapd/debian/changelog
==============================================================================
--- nss-pam-ldapd/debian/changelog      Sat Mar 26 17:16:16 2011        (r1416)
+++ nss-pam-ldapd/debian/changelog      Sat Mar 26 21:51:58 2011        (r1417)
@@ -1,9 +1,28 @@
+nss-pam-ldapd (0.8.2) experimental; urgency=low
+
+  * fix problem with endless loop on incorrect password
+  * fix definition of HOST_NAME_MAX (closes: #618795) and fall back to
+    _POSIX_HOST_NAME_MAX
+  * ignore password change requests for users not in LDAP (closes: #617452)
+  * many clean-ups to the tests and added some new tests including some
+    integration tests for the PAM functionality
+  * some smaller code clean-ups and improvements
+  * improvements to pynslcd, including implementations for service, protocol
+    and rpc lookups
+  * implement a validnames option that can be used to filter valid user and
+    group names using a regular expression
+  * integrate patch by Daniel Dehennin to not loose debconf values of
+    previously set options with dpkg-reconfigure (closes: #610117)
+  * improvements to the way nslcd shuts down with hanging worker threads
+
+ -- Arthur de Jong <adejong@debian.org>  Sat, 26 Mar 2011 19:00:00 +0100
+
 nss-pam-ldapd (0.8.1) experimental; urgency=low
 
   * SECURITY FIX: the PAM module will allow authentication for users that do
                   not exist in LDAP, this allows login to local users with an
                   incorrect password (CVE-2011-0438)
-                  the explotability of the problem depends on the details of
+                  the exploitability of the problem depends on the details of
                   the PAM stack and the use of the minimum_uid PAM option
   * add FreeBSD support, partially imported from the FreeBSD port (thanks to
     Jacques Vidrine, Artem Kazakov and Alexander V. Chernikov)

Modified: nss-pam-ldapd/man/nslcd.8.xml
==============================================================================
--- nss-pam-ldapd/man/nslcd.8.xml       Sat Mar 26 17:16:16 2011        (r1416)
+++ nss-pam-ldapd/man/nslcd.8.xml       Sat Mar 26 21:51:58 2011        (r1417)
@@ -36,7 +36,7 @@
  <refmeta>
   <refentrytitle>nslcd</refentrytitle>
   <manvolnum>8</manvolnum>
-  <refmiscinfo class="version">Version 0.8.1</refmiscinfo>
+  <refmiscinfo class="version">Version 0.8.2</refmiscinfo>
   <refmiscinfo class="manual">System Manager's Manual</refmiscinfo>
   <refmiscinfo class="date">Mar 2011</refmiscinfo>
  </refmeta>

Modified: nss-pam-ldapd/man/nslcd.conf.5.xml
==============================================================================
--- nss-pam-ldapd/man/nslcd.conf.5.xml  Sat Mar 26 17:16:16 2011        (r1416)
+++ nss-pam-ldapd/man/nslcd.conf.5.xml  Sat Mar 26 21:51:58 2011        (r1417)
@@ -36,7 +36,7 @@
  <refmeta>
   <refentrytitle>nslcd.conf</refentrytitle>
   <manvolnum>5</manvolnum>
-  <refmiscinfo class="version">Version 0.8.1</refmiscinfo>
+  <refmiscinfo class="version">Version 0.8.2</refmiscinfo>
   <refmiscinfo class="manual">System Manager's Manual</refmiscinfo>
   <refmiscinfo class="date">Mar 2011</refmiscinfo>
  </refmeta>

Modified: nss-pam-ldapd/man/pam_ldap.8.xml
==============================================================================
--- nss-pam-ldapd/man/pam_ldap.8.xml    Sat Mar 26 17:16:16 2011        (r1416)
+++ nss-pam-ldapd/man/pam_ldap.8.xml    Sat Mar 26 21:51:58 2011        (r1417)
@@ -35,7 +35,7 @@
  <refmeta>
   <refentrytitle>pam_ldap</refentrytitle>
   <manvolnum>8</manvolnum>
-  <refmiscinfo class="version">Version 0.8.1</refmiscinfo>
+  <refmiscinfo class="version">Version 0.8.2</refmiscinfo>
   <refmiscinfo class="manual">System Manager's Manual</refmiscinfo>
   <refmiscinfo class="date">Mar 2011</refmiscinfo>
  </refmeta>
-- 
To unsubscribe send an email to
nss-pam-ldapd-commits-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-commits