Get files ready for 0.9.12 release0.9.12

author: Arthur de Jong <arthur@arthurdejong.org> 2021-11-20 14:33:27 +0100
committer: Arthur de Jong <arthur@arthurdejong.org> 2021-11-20 14:33:27 +0100
commit: 0507f25a6237b72e4c19c8f2e8ad14a595b36fd5 (patch)
tree: 5f14c570b814075df567d249e1de5a120b0a7889
parent: 6e7e878f3e7ebf7aa66b82b1857bfdb8325f1288 (diff)
10 files changed, 243 insertions, 21 deletions
diff --git a/AUTHORS b/AUTHORS
index a2c34cd..6bfb9cb 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -146,3 +146,7 @@ Seth Wright <seth@crosse.org>
 HWLin <hwlin1414@gmail.com>
 Ching-Hsuan Yen <ching_hsuan_yen@trendmicro.com>
 Mizunashi Mana <mizunashi-mana@noreply.git>
+Benedict Reuschling <bcr@freebsd.org>
+Filip Dvorak <fdvorak@redhat.com>
+sebastienblavier <72022031+sebastienblavier@users.noreply.github.com>
+Ryan Tandy <ryan@nardis.ca>
diff --git a/ChangeLog b/ChangeLog
index 8ab7c6f..99760e4 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,196 @@
+2021-11-19  Arthur de Jong <arthur@arthurdejong.org>
+
+	* [6e7e878] man/nslcd.conf.5.xml, nslcd/cfg.c: Support DNSLDAPS
+	  in uri
+
+	  This supports both `uri DNSLDAPS` and `uri DNSLDAPS:some.domain`
+	  variants alongside the pre-existing `uri DNS` that was already
+	  supported generating ldaps URIs for all SRV records found.
+
+2021-11-15  Arthur de Jong <arthur@arthurdejong.org>
+
+	* [70819ae] configure.ac, tests/common.h: Fix internal assertion
+	  function detection on Solaris
+
+2021-11-15  Arthur de Jong <arthur@arthurdejong.org>
+
+	* [7b2a7fe] INSTALL, ar-lib, compile, depcomp, missing, py-compile,
+	  test-driver: Update files from latest automake
+
+2021-11-14  Arthur de Jong <arthur@arthurdejong.org>
+
+	* [9edf95c] tests/test.ldif, tests/test_ldapcmds.sh,
+	  tests/test_nsscmds.sh: Do not use user arthur in tests
+
+	  This makes it more complicated to run the tests on an environment
+	  where a local user arthur exists.
+
+2021-11-14  Arthur de Jong <arthur@arthurdejong.org>
+
+	* [2862447] pynslcd/mypidfile.py: Fix running pynslcd without
+	  uid option
+
+	  Fixes 65695aa
+
+2021-06-04  Ryan Tandy <ryan@nardis.ca>
+
+	* [15f67be] tests/config.ldif, tests/setup_slapd.sh: Support
+	  running tests with OpenLDAP 2.5
+
+	  - Change database backend to LMDB - Load external ppolicy schema
+	  conditionally
+
+2021-11-03  Arthur de Jong <arthur@arthurdejong.org>
+
+	* [4c46eef] .github/workflows/test.yml: Configure CodeQL code
+	  scanning
+
+2021-11-01  Arthur de Jong <arthur@arthurdejong.org>
+
+	* [906035b] man/nslcd.conf.5.xml, nslcd/cfg.c, tests/test_cfg.c:
+	  Support an empty search base
+
+	  This allows putting `base ""` in nslcd.conf to specify an empty
+	  search base.
+
+	  Note that the LDAP server needs to support this. With slapd this
+	  requires setting up an olcDefaultSearchBase attribute in the
+	  olcFrontendConfig object under cn=config or have the database
+	  have an empty suffix.
+
+	  Closes https://github.com/arthurdejong/nss-pam-ldapd/issues/50
+
+2021-10-17  Arthur de Jong <arthur@arthurdejong.org>
+
+	* [7d81616] common/expr.c, tests/test_expr.c: Support minus
+	  character in attribute expressions
+
+	  This requires the attribute name is contained within a ${var-name}
+	  expression.
+
+2021-05-25  Arthur de Jong <arthur@arthurdejong.org>
+
+	* [6d5a2eb] nslcd/myldap.c: Retry connecting to the first URI
+	  after idle_timelimit
+
+	  This ensures that a connection to the first URI listed in the
+	  config file will be re-established once the connection is closed
+	  cleanly after the idle time.
+
+	  This ensures that the listed URIs are handled more in a
+	  primary/fallback manner if an idle time is configured.
+
+	  Closes https://github.com/arthurdejong/nss-pam-ldapd/issues/46
+
+2021-05-26  Arthur de Jong <arthur@arthurdejong.org>
+
+	* [5226a6f] .github/workflows/test.yml, .travis.yml,
+	  tests/setup_slapd.sh, tests/test_nsscmds.sh: Replace Travis with
+	  GitHub actions
+
+	  This includes a few tweaks to the test scripts to make debugging
+	  easier and to avoid issues on Github action runners.
+
+2021-01-23  Arthur de Jong <arthur@arthurdejong.org>
+
+	* [d9710a2] man/nslcd.conf.5.xml, nslcd/cfg.c: Add tls_reqsan to
+	  check certificate SAN
+
+	  This option is passed to the LDAP library if it is supported.
+
+2021-01-23  Arthur de Jong <arthur@arthurdejong.org>
+
+	* [026f08c] man/nslcd.conf.5.xml, nslcd/cfg.c: Add tls_crlfile to
+	  check local CRL file
+
+	  This option is passed to the LDAP library if it is supported.
+
+2021-01-18  sebastienblavier
+<72022031+sebastienblavier@users.noreply.github.com>
+
+	* [78c00f1] man/nslcd.conf.5.xml, nslcd.conf, nslcd/cfg.c: Add
+	  tls_crlcheck to check Certificate Revocation List
+
+	  This option is passed to the LDAP library if it is supported.
+
+	  Closes https://github.com/arthurdejong/nss-pam-ldapd/pull/41
+
+2021-01-17  Arthur de Jong <arthur@arthurdejong.org>
+
+	* [d55bdb2] Makefile.am: Use the provided Python for `make distcheck`
+
+	  This ensures that if a Python interpreter was previously
+	  supplied to configure it is also used for subsequent calls to
+	  run a distribution check.
+
+2021-01-17  Arthur de Jong <arthur@arthurdejong.org>
+
+	* [b7b812f] ar-lib, compile, depcomp, install-sh, missing,
+	  mkinstalldirs, py-compile, test-driver: Update files from
+	  latest automake
+
+2020-09-11  Arthur de Jong <arthur@arthurdejong.org>
+
+	* [37a00e9] nslcd/myldap.c: Fix handling of the pam_authc_ppolicy
+	  option
+
+	  Check the result of the BIND operation instead of that of the
+	  ldap_result() call when pam_authc_ppolicy is set to "no".
+
+	  This could have resulted in successful authentication if the BIND
+	  operation to the LDAP server timed out and pam_authc_ppolicy was
+	  set to "no" but should not result in successful authentication
+	  otherwise so it is unlikely that setting pam_authc_ppolicy to
+	  "no" ever worked as intended. The timeout also would have to
+	  occur on the BIND operation, not on setting up the connection.
+
+	  Fixes 31cd2cf
+
+2020-04-19  Arthur de Jong <arthur@arthurdejong.org>
+
+	* [18740fb] README: Fix typo
+
+	  Thanks Filip Dvorak
+
+	  See https://bugzilla.redhat.com/show_bug.cgi?id=1825240
+
+2020-02-10  Arthur de Jong <arthur@arthurdejong.org>
+
+	* [b335518] man/nslcd.conf.5.xml: Fix typo in manual page
+
+	  Thanks Benedict Reuschling for pointing this out.
+
+	  Closes https://github.com/arthurdejong/nss-pam-ldapd/issues/39
+	  Fixes b93838d
+
+2019-11-11  Arthur de Jong <arthur@arthurdejong.org>
+
+	* [548efe5] nslcd/myldap.c: Log the correct timeout value
+
+	  This fixes logging of the LDAP_OPT_TIMEOUT,
+	  LDAP_OPT_NETWORK_TIMEOUT and LDAP_X_OPT_CONNECT_TIMEOUT options
+	  to actually log the value of the bind_timelimit option instead
+	  of the timelimit option.
+
+2019-10-13  Arthur de Jong <arthur@arthurdejong.org>
+
+	* [fea0f5e] pynslcd/cfg.py, pynslcd/pam.py: Add pam_authc_ppolicy
+	  support in pynslcd
+
+	  See https://bugs.debian.org/900253
+
+2019-10-13  Arthur de Jong <arthur@arthurdejong.org>
+
+	* [1025d5d] utils/chsh.py, utils/shells.py: Fix Python 3
+	  compatibility in chsh.ldap
+
+2019-10-06  Arthur de Jong <arthur@arthurdejong.org>
+
+	* [c4daf27] AUTHORS, ChangeLog, NEWS, configure.ac,
+	  man/chsh.ldap.1.xml, man/getent.ldap.1.xml, man/nslcd.8.xml,
+	  man/nslcd.conf.5.xml, man/pam_ldap.8.xml, man/pynslcd.8.xml,
+	  nslcd/nslcd.c, utils/cmdline.py: Get files ready for 0.9.11 release
+
 2019-10-06  Arthur de Jong <arthur@arthurdejong.org>
 
 	* [69922e3] tests/test_doctest.sh: Fix Python interpreter detection
diff --git a/NEWS b/NEWS
index 92fee38..9d2e4f9 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,28 @@
+changes from 0.9.11 to 0.9.12
+-----------------------------
+
+* allow explicitly configuring an empty search base (for LDAP servers
+  that support that)
+* support LDAP attributes with minus characters in attribute mapping
+  expressions
+* add tls_reqsan, tls_crlfile and tls_crlcheck options (thanks
+  Sebastien Blavier)
+* support generating ldaps:// URIs from DNS SRV records for port 389 by
+  using DNSLDAPS in the uri option
+* prefer the first URI listed in nslcd.conf after reconnecting after
+  idle_timelimit
+* fix handling of pam_authc_ppolicy no
+* fix debug logging of ldap timeout values
+* documentation improvements (thanks Filip Dvorak and Benedict Reuschling)
+* add pam_authc_ppolicy support to pynslcd
+* fix Python 3 compatibility in chsh.ldap
+* fix for running pynslcd without the uid option
+* partial support for running tests with slapd 2.5 (thanks Ryan Tandy)
+* miscellaneous test suite improvements
+* test suite fixes for Solaris (this will be the last release that will be
+  tested on Solaris)
+
+
 changes from 0.9.10 to 0.9.11
 -----------------------------
 
diff --git a/configure.ac b/configure.ac
index 27dbb7b..12bf35c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -23,7 +23,7 @@ AC_PREREQ(2.61)
 AC_COPYRIGHT(
 [Copyright (C) 2006 Luke Howard
 Copyright (C) 2006 West Consulting
-Copyright (C) 2006-2019 Arthur de Jong
+Copyright (C) 2006-2021 Arthur de Jong
 
 This configure script is derived from configure.ac which is free software;
 you can redistribute it and/or modify it under the terms of the GNU Lesser
@@ -33,10 +33,10 @@ configure.ac file for more details.])
 
 # initialize and set version and bugreport address
 AC_INIT([nss-pam-ldapd],
-        [0.9.11],
+        [0.9.12],
         [nss-pam-ldapd-users@lists.arthurdejong.org],,
         [https://arthurdejong.org/nss-pam-ldapd/])
-RELEASE_MONTH="Oct 2018"
+RELEASE_MONTH="Nov 2021"
 AC_SUBST(RELEASE_MONTH)
 AC_CONFIG_SRCDIR([nslcd.h])
 AC_CONFIG_MACRO_DIR([m4])
diff --git a/man/chsh.ldap.1.xml b/man/chsh.ldap.1.xml
index 95f8d62..e3be4b8 100644
--- a/man/chsh.ldap.1.xml
+++ b/man/chsh.ldap.1.xml
@@ -5,7 +5,7 @@
 <!--
    chsh.ldap.1.xml - docbook manual page for chsh.ldap
 
-   Copyright (C) 2013-2019 Arthur de Jong
+   Copyright (C) 2013-2021 Arthur de Jong
 
    This library is free software; you can redistribute it and/or
    modify it under the terms of the GNU Lesser General Public
@@ -35,9 +35,9 @@
  <refmeta>
   <refentrytitle>chsh.ldap</refentrytitle>
   <manvolnum>1</manvolnum>
-  <refmiscinfo class="version">Version 0.9.11</refmiscinfo>
+  <refmiscinfo class="version">Version 0.9.12</refmiscinfo>
   <refmiscinfo class="manual">User Commands</refmiscinfo>
-  <refmiscinfo class="date">Oct 2019</refmiscinfo>
+  <refmiscinfo class="date">Nov 2021</refmiscinfo>
  </refmeta>
 
  <refnamediv id="name">
diff --git a/man/getent.ldap.1.xml b/man/getent.ldap.1.xml
index 9c8cf68..57ade14 100644
--- a/man/getent.ldap.1.xml
+++ b/man/getent.ldap.1.xml
@@ -5,7 +5,7 @@
 <!--
    getent.ldap.1.xml - docbook manual page for getent.ldap
 
-   Copyright (C) 2013-2019 Arthur de Jong
+   Copyright (C) 2013-2021 Arthur de Jong
 
    This library is free software; you can redistribute it and/or
    modify it under the terms of the GNU Lesser General Public
@@ -35,9 +35,9 @@
  <refmeta>
   <refentrytitle>getent.ldap</refentrytitle>
   <manvolnum>1</manvolnum>
-  <refmiscinfo class="version">Version 0.9.11</refmiscinfo>
+  <refmiscinfo class="version">Version 0.9.12</refmiscinfo>
   <refmiscinfo class="manual">User Commands</refmiscinfo>
-  <refmiscinfo class="date">Oct 2019</refmiscinfo>
+  <refmiscinfo class="date">Nov 2021</refmiscinfo>
  </refmeta>
 
  <refnamediv id="name">
diff --git a/man/nslcd.8.xml b/man/nslcd.8.xml
index b979da0..96b053d 100644
--- a/man/nslcd.8.xml
+++ b/man/nslcd.8.xml
@@ -6,7 +6,7 @@
    nslcd.8.xml - docbook manual page for nslcd
 
    Copyright (C) 2006 West Consulting
-   Copyright (C) 2006-2019 Arthur de Jong
+   Copyright (C) 2006-2021 Arthur de Jong
 
    This library is free software; you can redistribute it and/or
    modify it under the terms of the GNU Lesser General Public
@@ -36,9 +36,9 @@
  <refmeta>
   <refentrytitle>nslcd</refentrytitle>
   <manvolnum>8</manvolnum>
-  <refmiscinfo class="version">Version 0.9.11</refmiscinfo>
+  <refmiscinfo class="version">Version 0.9.12</refmiscinfo>
   <refmiscinfo class="manual">System Manager's Manual</refmiscinfo>
-  <refmiscinfo class="date">Oct 2019</refmiscinfo>
+  <refmiscinfo class="date">Nov 2021</refmiscinfo>
  </refmeta>
 
  <refnamediv id="name">
diff --git a/man/nslcd.conf.5.xml b/man/nslcd.conf.5.xml
index aafb700..54d2f11 100644
--- a/man/nslcd.conf.5.xml
+++ b/man/nslcd.conf.5.xml
@@ -6,7 +6,7 @@
    nslcd.conf.5.xml - docbook manual page for nslcd.conf
 
    Copyright (C) 1997-2005 Luke Howard
-   Copyright (C) 2007-2019 Arthur de Jong
+   Copyright (C) 2007-2021 Arthur de Jong
 
    This library is free software; you can redistribute it and/or
    modify it under the terms of the GNU Lesser General Public
@@ -36,9 +36,9 @@
  <refmeta>
   <refentrytitle>nslcd.conf</refentrytitle>
   <manvolnum>5</manvolnum>
-  <refmiscinfo class="version">Version 0.9.11</refmiscinfo>
+  <refmiscinfo class="version">Version 0.9.12</refmiscinfo>
   <refmiscinfo class="manual">System Manager's Manual</refmiscinfo>
-  <refmiscinfo class="date">Oct 2019</refmiscinfo>
+  <refmiscinfo class="date">Nov 2021</refmiscinfo>
  </refmeta>
 
  <refnamediv id="name">
diff --git a/man/pam_ldap.8.xml b/man/pam_ldap.8.xml
index 0d1257f..0158adc 100644
--- a/man/pam_ldap.8.xml
+++ b/man/pam_ldap.8.xml
@@ -5,7 +5,7 @@
 <!--
    pam_ldap.8.xml - docbook manual page for pam_ldap PAM module
 
-   Copyright (C) 2009-2019 Arthur de Jong
+   Copyright (C) 2009-2021 Arthur de Jong
 
    This library is free software; you can redistribute it and/or
    modify it under the terms of the GNU Lesser General Public
@@ -35,9 +35,9 @@
  <refmeta>
   <refentrytitle>pam_ldap</refentrytitle>
   <manvolnum>8</manvolnum>
-  <refmiscinfo class="version">Version 0.9.11</refmiscinfo>
+  <refmiscinfo class="version">Version 0.9.12</refmiscinfo>
   <refmiscinfo class="manual">System Manager's Manual</refmiscinfo>
-  <refmiscinfo class="date">Oct 2019</refmiscinfo>
+  <refmiscinfo class="date">Nov 2021</refmiscinfo>
  </refmeta>
 
  <refnamediv id="name">
diff --git a/man/pynslcd.8.xml b/man/pynslcd.8.xml
index 315c60a..1160796 100644
--- a/man/pynslcd.8.xml
+++ b/man/pynslcd.8.xml
@@ -5,7 +5,7 @@
 <!--
    pynslcd.8.xml - docbook manual page for pynslcd
 
-   Copyright (C) 2012-2019 Arthur de Jong
+   Copyright (C) 2012-2021 Arthur de Jong
 
    This library is free software; you can redistribute it and/or
    modify it under the terms of the GNU Lesser General Public
@@ -35,9 +35,9 @@
  <refmeta>
   <refentrytitle>pynslcd</refentrytitle>
   <manvolnum>8</manvolnum>
-  <refmiscinfo class="version">Version 0.9.11</refmiscinfo>
+  <refmiscinfo class="version">Version 0.9.12</refmiscinfo>
   <refmiscinfo class="manual">System Manager's Manual</refmiscinfo>
-  <refmiscinfo class="date">Oct 2019</refmiscinfo>
+  <refmiscinfo class="date">Nov 2021</refmiscinfo>
  </refmeta>
 
  <refnamediv id="name">
author	Arthur de Jong <arthur@arthurdejong.org>	2021-11-20 14:33:27 +0100
committer	Arthur de Jong <arthur@arthurdejong.org>	2021-11-20 14:33:27 +0100
commit	0507f25a6237b72e4c19c8f2e8ad14a595b36fd5 (patch)
tree	5f14c570b814075df567d249e1de5a120b0a7889
parent	6e7e878f3e7ebf7aa66b82b1857bfdb8325f1288 (diff)