get files ready for 0.8.1 release0.8.1

git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1385 ef36b2f9-881f-0410-afb5-c4e39611909c
author: Arthur de Jong <arthur@arthurdejong.org> 2011-03-10 22:45:14 +0100
committer: Arthur de Jong <arthur@arthurdejong.org> 2011-03-10 22:45:14 +0100
commit: 7bd6de3921993855d280a42e8e5e81f7e2360ba3 (patch)
tree: 5b831004753d3913ccbd574f10c2c6bdce2332f2
parent: b7b283dc8db16ecabb42d0792e8e7f06e3eeced8 (diff)
8 files changed, 188 insertions, 13 deletions
diff --git a/ChangeLog b/ChangeLog
index 58f6536..a489fc9 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,141 @@
+2011-03-10 20:35  arthur
+
+	* [r1384] Makefile.am, common/tio.c, compat/Makefile.am,
+	  compat/ether.h, compat/ldap_compat.h, compat/pam_get_authtok.c,
+	  man/Makefile.am, nslcd/attmap.c, nslcd/attmap.h, nslcd/common.c,
+	  nslcd/common.h, nss/prototypes.h, pam/common.h, pynslcd/ether.py,
+	  pynslcd/pynslcd.py, pynslcd/tio.py: update copyright headers to
+	  add missing years
+
+2011-03-09 22:33  arthur
+
+	* [r1383] nslcd/pam.c: fix compiler warning
+
+2011-03-09 22:32  arthur
+
+	* [r1382] nslcd/pam.c, nslcd/passwd.c: properly handle
+	  user-not-found errors when doing authentication (CVE-2011-0438)
+
+2011-03-06 15:58  arthur
+
+	* [r1381] pynslcd/Makefile.am, pynslcd/netgroup.py,
+	  pynslcd/pynslcd.py: implement module for netgroup lookups
+
+2011-03-06 15:09  arthur
+
+	* [r1380] pynslcd/Makefile.am, pynslcd/network.py,
+	  pynslcd/pynslcd.py: add network name lookups
+
+2011-03-06 15:06  arthur
+
+	* [r1379] tests/test.ldif.gz, tests/test_nsscmds.sh: add some test
+	  groups and add the arthur user to them to test whether all are
+	  returned correctly
+
+2011-03-06 14:52  arthur
+
+	* [r1378] Makefile.am: pass --enable-pynslcd with distcheck
+
+2011-03-06 14:52  arthur
+
+	* [r1377] pynslcd/Makefile.am: clean up compiled python files
+
+2011-03-06 14:49  arthur
+
+	* [r1376] pynslcd/host.py: fix search filter objectClass for hosts
+
+2011-03-06 14:23  arthur
+
+	* [r1375] nslcd/log.c, nslcd/log.h, nslcd/nslcd.c: ensure that
+	  session id is only logged while handling a connection
+
+2011-03-06 13:01  arthur
+
+	* [r1374] man/nslcd.conf.5.xml: note that attribute mapping
+	  expressions cannot be used for all attributes
+
+2011-02-14 21:12  arthur
+
+	* [r1373] pynslcd/Makefile.am, pynslcd/host.py, pynslcd/pynslcd.py,
+	  pynslcd/tio.py: implement module for hostname lookups
+
+2011-02-14 21:11  arthur
+
+	* [r1372] pynslcd/ether.py: fix comment
+
+2011-02-14 21:08  arthur
+
+	* [r1371] pynslcd/Makefile.am, pynslcd/debugio.py: clean up and add
+	  missing files to installation
+
+2011-02-11 22:18  arthur
+
+	* [r1370] configure.ac: fix FreeBSD nss_ldap soname (as seen in
+	  current FreeBSD packaging)
+
+2011-02-11 22:16  arthur
+
+	* [r1369] nslcd/nslcd.c: create the directory for the socket and
+	  pidfile
+
+2011-01-29 20:19  arthur
+
+	* [r1368] man/nslcd.conf.5.xml: document a proper replacement for
+	  pam_check_host_attr (thanks Luca Capello) and add a section on
+	  quoting
+
+2011-01-29 20:15  arthur
+
+	* [r1367] man/nslcd.conf.5.xml, nslcd/cfg.c, nslcd/common.c,
+	  nslcd/common.h, nslcd/pam.c: implement a fqdn variable that can
+	  be used inside pam_authz_search filters
+
+2011-01-23 20:59  arthur
+
+	* [r1366] man/nslcd.conf.5.xml: name pam_check_service_attr and
+	  pam_check_host_attr options in manual page and indicate how
+	  pam_authz_search replaces them
+
+2011-01-05 19:39  arthur
+
+	* [r1365] AUTHORS, HACKING, configure.ac, debian/copyright,
+	  nss/Makefile.am, nss/bsdnss.c, nss/exports.freebsd,
+	  nss/prototypes.h: add FreeBSD support, partially imported from
+	  the FreeBSD port (thanks to Jacques Vidrine, Artem Kazakov and
+	  Alexander V. Chernikov)
+
+2011-01-01 14:46  arthur
+
+	* [r1364] nss/Makefile.am: put solnss.c under
+	  EXTRA_nss_ldap_so_SOURCES
+
+2011-01-01 14:25  arthur
+
+	* [r1363] man/nslcd.8.xml, man/nslcd.conf.5.xml,
+	  man/pam_ldap.8.xml: add ids to options so we can more easily
+	  reference them from elsewhere (especially useful for generated
+	  HTML)
+
+2011-01-01 14:12  arthur
+
+	* [r1362] nslcd/myldap.c: include definition of rc in all code
+	  paths because it's used most of the time
+
+2011-01-01 14:10  arthur
+
+	* [r1361] configure.ac: fix quoting of NSS_MODULE_OBJS expression
+	  to one that is supported by more shells
+
+2011-01-01 14:07  arthur
+
+	* [r1360] nss/Makefile.am: ensure that solnss.c ends up in tarball
+
+2010-12-30 21:28  arthur
+
+	* [r1358] ChangeLog, NEWS, TODO, configure.ac, debian/changelog,
+	  man/nslcd.8.xml, man/nslcd.conf.5.xml, man/pam_ldap.8.xml: get
+	  files ready for 0.8.0 release
+
 2010-12-30 16:43  arthur
 
 	* [r1357] README, debian/copyright: update copyright information
diff --git a/NEWS b/NEWS
index eb79260..71ad535 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,21 @@
+changes from 0.8.0 to 0.8.1
+---------------------------
+
+* SECURITY FIX: the PAM module will allow authentication for users that do not
+                exist in LDAP, this allows login to local users with an
+                incorrect password (CVE-2011-0438)
+                the explotability of the problem depends on the details of the
+                PAM stack and the use of the minimum_uid PAM option
+* include a file that was missing for Solaris support
+* add FreeBSD support, partially imported from the FreeBSD port (thanks to
+  Jacques Vidrine, Artem Kazakov and Alexander V. Chernikov)
+* document how to replace name pam_check_service_attr and pam_check_host_attr
+  options in PADL's pam_ldap with with pam_authz_search in nss-pam-ldapd
+* implement a fqdn variable that can be used in pam_authz_search filters
+* create the directory to hold the socket and pidfile on startup
+* implement host, network and netgroup support in pynslcd
+
+
 changes from 0.7.13 to 0.8.0
 ----------------------------
 
diff --git a/TODO b/TODO
index 5399a5c..5c82a8b 100644
--- a/TODO
+++ b/TODO
@@ -24,7 +24,6 @@
   (perhaps even extend the filtering to other data)
 * implement requesting and handling password policy information when binding
   as a user
-* integrate the FreeBSD code
 * implement nested groups
 * implement other services in nslcd: sudo and autofs are candidates
 * restart unscd on postinst, just like nscd (or perhaps do nscd -i <MAP>)
@@ -32,3 +31,5 @@
 * properly test Solaris support
 * fix buffer handling in read_**string() functions (Solaris support)
 * complete pynslcd implementation
+* in nslcd/pam.c check shadow properties if present
+* write test cases for the PAM code
diff --git a/configure.ac b/configure.ac
index aaac7fe..eb6efac 100644
--- a/configure.ac
+++ b/configure.ac
@@ -23,7 +23,7 @@ AC_PREREQ(2.61)
 AC_COPYRIGHT(
 [Copyright (C) 2006 Luke Howard
 Copyright (C) 2006 West Consulting
-Copyright (C) 2006, 2007, 2008, 2009, 2010 Arthur de Jong
+Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Arthur de Jong
 
 This configure script is derived from configure.ac which is free software;
 you can redistribute it and/or modify it under the terms of the GNU Lesser
@@ -33,10 +33,10 @@ configure.ac file for more details.])
 
 # initialize and set version and bugreport address
 AC_INIT([nss-pam-ldapd],
-        [0.8.0],
+        [0.8.1],
         [nss-pam-ldapd-users@lists.arthurdejong.org],,
         [http://arthurdejong.org/nss-pam-ldapd/])
-RELEASE_MONTH="Dec 2010"
+RELEASE_MONTH="Mar 2011"
 AC_SUBST(RELEASE_MONTH)
 AC_CONFIG_SRCDIR([nslcd.h])
 
diff --git a/debian/changelog b/debian/changelog
index 0e5dcf3..6d74432 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,21 @@
+nss-pam-ldapd (0.8.1) experimental; urgency=low
+
+  * SECURITY FIX: the PAM module will allow authentication for users that do
+                  not exist in LDAP, this allows login to local users with an
+                  incorrect password (CVE-2011-0438)
+                  the explotability of the problem depends on the details of
+                  the PAM stack and the use of the minimum_uid PAM option
+  * add FreeBSD support, partially imported from the FreeBSD port (thanks to
+    Jacques Vidrine, Artem Kazakov and Alexander V. Chernikov)
+  * document how to replace name pam_check_service_attr and
+    pam_check_host_attr options in PADL's pam_ldap with with pam_authz_search
+    in nss-pam-ldapd (closes: #610925)
+  * implement a fqdn variable that can be used in pam_authz_search filters
+  * create the directory to hold the socket and pidfile on startup
+  * implement host, network and netgroup support in pynslcd
+
+ -- Arthur de Jong <adejong@debian.org>  Thu, 10 Mar 2011 22:00:00 +0100
+
 nss-pam-ldapd (0.8.0) experimental; urgency=low
 
   * include Solaris support developed by Ted C. Cheng of Symas Corporation
diff --git a/man/nslcd.8.xml b/man/nslcd.8.xml
index 36ba3f8..81396e5 100644
--- a/man/nslcd.8.xml
+++ b/man/nslcd.8.xml
@@ -6,7 +6,7 @@
    nslcd.8.xml - docbook manual page for nslcd
 
    Copyright (C) 2006 West Consulting
-   Copyright (C) 2006, 2007, 2008, 2009, 2010 Arthur de Jong
+   Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Arthur de Jong
 
    This library is free software; you can redistribute it and/or
    modify it under the terms of the GNU Lesser General Public
@@ -36,9 +36,9 @@
  <refmeta>
   <refentrytitle>nslcd</refentrytitle>
   <manvolnum>8</manvolnum>
-  <refmiscinfo class="version">Version 0.8.0</refmiscinfo>
+  <refmiscinfo class="version">Version 0.8.1</refmiscinfo>
   <refmiscinfo class="manual">System Manager's Manual</refmiscinfo>
-  <refmiscinfo class="date">Dec 2010</refmiscinfo>
+  <refmiscinfo class="date">Mar 2011</refmiscinfo>
  </refmeta>
 
  <refnamediv id="name">
diff --git a/man/nslcd.conf.5.xml b/man/nslcd.conf.5.xml
index c7e8f65..29ecd23 100644
--- a/man/nslcd.conf.5.xml
+++ b/man/nslcd.conf.5.xml
@@ -6,7 +6,7 @@
    nslcd.conf.5.xml - docbook manual page for nslcd.conf
 
    Copyright (C) 1997-2005 Luke Howard
-   Copyright (C) 2007, 2008, 2009, 2010 Arthur de Jong
+   Copyright (C) 2007, 2008, 2009, 2010, 2011 Arthur de Jong
 
    This library is free software; you can redistribute it and/or
    modify it under the terms of the GNU Lesser General Public
@@ -36,9 +36,9 @@
  <refmeta>
   <refentrytitle>nslcd.conf</refentrytitle>
   <manvolnum>5</manvolnum>
-  <refmiscinfo class="version">Version 0.8.0</refmiscinfo>
+  <refmiscinfo class="version">Version 0.8.1</refmiscinfo>
   <refmiscinfo class="manual">System Manager's Manual</refmiscinfo>
-  <refmiscinfo class="date">Dec 2010</refmiscinfo>
+  <refmiscinfo class="date">Mar 2011</refmiscinfo>
  </refmeta>
 
  <refnamediv id="name">
diff --git a/man/pam_ldap.8.xml b/man/pam_ldap.8.xml
index 276468e..ea19980 100644
--- a/man/pam_ldap.8.xml
+++ b/man/pam_ldap.8.xml
@@ -5,7 +5,7 @@
 <!--
    pam_ldap.8.xml - docbook manual page for pam_ldap PAM module
 
-   Copyright (C) 2009, 2010 Arthur de Jong
+   Copyright (C) 2009, 2010, 2011 Arthur de Jong
 
    This library is free software; you can redistribute it and/or
    modify it under the terms of the GNU Lesser General Public
@@ -35,9 +35,9 @@
  <refmeta>
   <refentrytitle>pam_ldap</refentrytitle>
   <manvolnum>8</manvolnum>
-  <refmiscinfo class="version">Version 0.8.0</refmiscinfo>
+  <refmiscinfo class="version">Version 0.8.1</refmiscinfo>
   <refmiscinfo class="manual">System Manager's Manual</refmiscinfo>
-  <refmiscinfo class="date">Dec 2010</refmiscinfo>
+  <refmiscinfo class="date">Mar 2011</refmiscinfo>
  </refmeta>
 
  <refnamediv id="name">
author	Arthur de Jong <arthur@arthurdejong.org>	2011-03-10 22:45:14 +0100
committer	Arthur de Jong <arthur@arthurdejong.org>	2011-03-10 22:45:14 +0100
commit	7bd6de3921993855d280a42e8e5e81f7e2360ba3 (patch)
tree	5b831004753d3913ccbd574f10c2c6bdce2332f2
parent	b7b283dc8db16ecabb42d0792e8e7f06e3eeced8 (diff)