Arthur de Jong

Open Source / Free Software developer

summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorArthur de Jong <arthur@arthurdejong.org>2011-03-26 21:51:58 +0100
committerArthur de Jong <arthur@arthurdejong.org>2011-03-26 21:51:58 +0100
commita04b5b2a57c4fcfe33439310853b8966d1806275 (patch)
treea77887bc5f7385e1724020b2dbb868a7766e3618
parentf3ccc1018357b4d26ad348c264ef29d68b3610bb (diff)
get files ready for 0.8.2 release0.8.2
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1417 ef36b2f9-881f-0410-afb5-c4e39611909c
Diffstat
-rw-r--r--ChangeLog169
-rw-r--r--NEWS23
-rw-r--r--TODO4
-rw-r--r--configure.ac2
-rw-r--r--debian/changelog21
-rw-r--r--man/nslcd.8.xml2
-rw-r--r--man/nslcd.conf.5.xml2
-rw-r--r--man/pam_ldap.8.xml2
8 files changed, 214 insertions, 11 deletions
diff --git a/ChangeLog b/ChangeLog
index a489fc9..2b59e33 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,172 @@
+2011-03-26 16:16 arthur
+
+ * [r1416] tests/Makefile.am, tests/test_nsscmds.sh,
+ tests/test_pamcmds.sh: ensure that all test source files are
+ distibuted and can tests can be run when source directory differs
+ from build directory
+
+2011-03-26 14:36 arthur
+
+ * [r1415] pynslcd/common.py: sync validname regular expression with
+ nslcd
+
+2011-03-25 21:39 arthur
+
+ * [r1414] configure.ac, nslcd/nslcd.c: no longer indefinitely wait
+ for all worker threads to finish before exiting (but wait a few
+ seconds on platforms with pthread_timedjoin_np())
+
+2011-03-25 16:15 arthur
+
+ * [r1413] tests/Makefile.am, tests/test_cfg.c, tests/test_common.c,
+ tests/test_myldap.c: re-organise tests somewhat making things
+ more consistent
+
+2011-03-25 16:08 arthur
+
+ * [r1412] debian/nslcd.config, debian/nslcd.postinst: integrate
+ patch by Daniel Dehennin to not loose debconf values of
+ previously set options with dpkg-reconfigure
+
+2011-03-25 13:30 arthur
+
+ * [r1411] configure.ac, man/nslcd.conf.5.xml, nslcd/cfg.c,
+ nslcd/cfg.h, nslcd/common.c, tests/Makefile.am,
+ tests/test_common.c: implement a validnames option that can be
+ used to fine-tune the test for valid user and group names using a
+ regular expression
+
+2011-03-24 22:19 arthur
+
+ * [r1410] pynslcd/protocol.py, pynslcd/pynslcd.py, pynslcd/rpc.py,
+ pynslcd/service.py: implement service, protocol and rpc lookups
+
+2011-03-24 22:18 arthur
+
+ * [r1409] pynslcd/host.py, pynslcd/network.py: fix the case where
+ the RDN is for some reason not in the cn
+
+2011-03-24 22:15 arthur
+
+ * [r1408] pynslcd/pam.py: fix configuration name
+
+2011-03-24 22:09 arthur
+
+ * [r1407] pynslcd/mypidfile.py: truncate pidfile to ensure remains
+ of previous value is gone
+
+2011-03-23 21:55 arthur
+
+ * [r1406] pynslcd/host.py: fix use of spaces
+
+2011-03-23 21:43 arthur
+
+ * [r1405] nslcd/protocol.c, nslcd/shadow.c: fix descriptions of
+ files
+
+2011-03-23 21:28 arthur
+
+ * [r1403] compat/daemon.h, configure.ac, nslcd/nslcd.c: provide a
+ definition of daemon() for systems that lack it
+
+2011-03-23 20:30 arthur
+
+ * [r1402] compat/ether.h: typo fix in comment
+
+2011-03-19 15:14 arthur
+
+ * [r1401] Makefile.am, common, compat, nslcd, nss, pam, tests,
+ tests/test_expr.c, tests/test_pamcmds.expect, tests/test_tio.c:
+ more tests and general test improvements
+
+2011-03-19 15:14 arthur
+
+ * [r1400] common/expr.c, nslcd/myldap.h, nslcd/nslcd.c,
+ nss/common.h, nss/prototypes.h, pam/common.h, pam/pam.c: small
+ code improvements
+
+2011-03-19 15:13 arthur
+
+ * [r1399] nslcd/log.c, nslcd/log.h: remove logging functionality
+ that isn't used
+
+2011-03-18 14:33 arthur
+
+ * [r1398] tests, tests/Makefile.am, tests/in_testenv.sh,
+ tests/test_nsscmds.sh, tests/test_pamcmds.expect,
+ tests/test_pamcmds.sh: implement test cases for some of the
+ common PAM actions (test environment required for this)
+
+2011-03-17 21:02 arthur
+
+ * [r1397] configure.ac, tests/Makefile.am, tests/common.h,
+ tests/test_cfg.c, tests/test_common.c, tests/test_expr.c,
+ tests/test_getpeercred.c, tests/test_myldap.c, tests/test_tio.c:
+ put all assertion functions and compatibility code into one
+ header file
+
+2011-03-17 21:01 arthur
+
+ * [r1396] nslcd.conf: put idle_timelimit option in Active Directory
+ example with low enough default
+
+2011-03-16 21:54 arthur
+
+ * [r1395] tests/Makefile.am, tests/test_aliases.c,
+ tests/test_ethers.c, tests/test_group.c, tests/test_hosts.c,
+ tests/test_netgroup.c, tests/test_networks.c,
+ tests/test_nslcd_group.c, tests/test_passwd.c,
+ tests/test_protocols.c, tests/test_rpc.c, tests/test_services.c,
+ tests/test_shadow.c: remove legacy test code that is no longer
+ used
+
+2011-03-14 21:42 arthur
+
+ * [r1394] pam/pam.c: check for user existence before trying
+ password change
+
+2011-03-14 20:19 arthur
+
+ * [r1393] common/tio.c: fix a problem in the timeout paramater that
+ was being passed to select() and could contain too many µsec
+ (fixes Solaris runtime issue)
+
+2011-03-13 15:25 arthur
+
+ * [r1392] tests/test_nsscmds.sh: fix name of script in header
+
+2011-03-12 08:41 arthur
+
+ * [r1391] configure.ac: include the resolv library for hstrerror()
+ on platforms that need it (thanks Peter Bray)
+
+2011-03-12 08:34 arthur
+
+ * [r1390] nslcd/common.h, nslcd/pam.c: put all HOST_NAME_MAX
+ fallbacks in common.h and fall back to _POSIX_HOST_NAME_MAX
+ (thanks Peter Bray)
+
+2011-03-11 20:37 arthur
+
+ * [r1389] Makefile.am: ensure that permissions are sane in the
+ distributed tarball
+
+2011-03-11 18:02 arthur
+
+ * [r1388] nslcd/myldap.c: fix problem with endless loop on
+ incorrect password
+
+2011-03-11 15:49 arthur
+
+ * [r1387] nslcd/common.c, nslcd/common.h: move HOST_NAME_MAX
+ fallback definition to header file
+
+2011-03-10 21:45 arthur
+
+ * [r1385] ChangeLog, NEWS, TODO, configure.ac, debian/changelog,
+ man/nslcd.8.xml, man/nslcd.conf.5.xml, man/pam_ldap.8.xml: get
+ files ready for 0.8.1 release
+
2011-03-10 20:35 arthur
* [r1384] Makefile.am, common/tio.c, compat/Makefile.am,
diff --git a/NEWS b/NEWS
index 71ad535..eb7faeb 100644
--- a/NEWS
+++ b/NEWS
@@ -1,11 +1,30 @@
+changes from 0.8.1 to 0.8.2
+---------------------------
+
+* fix problem with endless loop on incorrect password
+* fix a communication problem between nslcd and the NSS and PAM modules when
+ running on Solaris 10
+* fix a compilation issue on systems without HOST_NAME_MAX
+* link to the resolv library for hstrerror() on platforms that need it
+* ignore password change requests for users not in LDAP
+* many clean-ups to the tests and added some new tests including some
+ integration tests for the PAM functionality
+* some smaller code clean-ups and improvements
+* improvements to pynslcd, including implementations for service, protocol and
+ rpc lookups
+* implement a validnames option that can be used to filter valid user and
+ group names using a regular expression
+* improvements to the way nslcd shuts down with hanging worker threads
+
+
changes from 0.8.0 to 0.8.1
---------------------------
* SECURITY FIX: the PAM module will allow authentication for users that do not
exist in LDAP, this allows login to local users with an
incorrect password (CVE-2011-0438)
- the explotability of the problem depends on the details of the
- PAM stack and the use of the minimum_uid PAM option
+ the exploitability of the problem depends on the details of
+ the PAM stack and the use of the minimum_uid PAM option
* include a file that was missing for Solaris support
* add FreeBSD support, partially imported from the FreeBSD port (thanks to
Jacques Vidrine, Artem Kazakov and Alexander V. Chernikov)
diff --git a/TODO b/TODO
index 5c82a8b..6b2ebfc 100644
--- a/TODO
+++ b/TODO
@@ -19,9 +19,6 @@
* make it possible to start nslcd real early in the boot process and have
it become available when it determines it can (other timeout/retry mechanism
on startup)
-* write a simple PAM test application
-* make user/group name filtering configurable (with regular expression)
- (perhaps even extend the filtering to other data)
* implement requesting and handling password policy information when binding
as a user
* implement nested groups
@@ -32,4 +29,3 @@
* fix buffer handling in read_**string() functions (Solaris support)
* complete pynslcd implementation
* in nslcd/pam.c check shadow properties if present
-* write test cases for the PAM code
diff --git a/configure.ac b/configure.ac
index 9cff07c..0a860ce 100644
--- a/configure.ac
+++ b/configure.ac
@@ -33,7 +33,7 @@ configure.ac file for more details.])
# initialize and set version and bugreport address
AC_INIT([nss-pam-ldapd],
- [0.8.1],
+ [0.8.2],
[nss-pam-ldapd-users@lists.arthurdejong.org],,
[http://arthurdejong.org/nss-pam-ldapd/])
RELEASE_MONTH="Mar 2011"
diff --git a/debian/changelog b/debian/changelog
index 6d74432..75b0d6b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,9 +1,28 @@
+nss-pam-ldapd (0.8.2) experimental; urgency=low
+
+ * fix problem with endless loop on incorrect password
+ * fix definition of HOST_NAME_MAX (closes: #618795) and fall back to
+ _POSIX_HOST_NAME_MAX
+ * ignore password change requests for users not in LDAP (closes: #617452)
+ * many clean-ups to the tests and added some new tests including some
+ integration tests for the PAM functionality
+ * some smaller code clean-ups and improvements
+ * improvements to pynslcd, including implementations for service, protocol
+ and rpc lookups
+ * implement a validnames option that can be used to filter valid user and
+ group names using a regular expression
+ * integrate patch by Daniel Dehennin to not loose debconf values of
+ previously set options with dpkg-reconfigure (closes: #610117)
+ * improvements to the way nslcd shuts down with hanging worker threads
+
+ -- Arthur de Jong <adejong@debian.org> Sat, 26 Mar 2011 19:00:00 +0100
+
nss-pam-ldapd (0.8.1) experimental; urgency=low
* SECURITY FIX: the PAM module will allow authentication for users that do
not exist in LDAP, this allows login to local users with an
incorrect password (CVE-2011-0438)
- the explotability of the problem depends on the details of
+ the exploitability of the problem depends on the details of
the PAM stack and the use of the minimum_uid PAM option
* add FreeBSD support, partially imported from the FreeBSD port (thanks to
Jacques Vidrine, Artem Kazakov and Alexander V. Chernikov)
diff --git a/man/nslcd.8.xml b/man/nslcd.8.xml
index 81396e5..177a0dc 100644
--- a/man/nslcd.8.xml
+++ b/man/nslcd.8.xml
@@ -36,7 +36,7 @@
<refmeta>
<refentrytitle>nslcd</refentrytitle>
<manvolnum>8</manvolnum>
- <refmiscinfo class="version">Version 0.8.1</refmiscinfo>
+ <refmiscinfo class="version">Version 0.8.2</refmiscinfo>
<refmiscinfo class="manual">System Manager's Manual</refmiscinfo>
<refmiscinfo class="date">Mar 2011</refmiscinfo>
</refmeta>
diff --git a/man/nslcd.conf.5.xml b/man/nslcd.conf.5.xml
index 45d48bc..200e89a 100644
--- a/man/nslcd.conf.5.xml
+++ b/man/nslcd.conf.5.xml
@@ -36,7 +36,7 @@
<refmeta>
<refentrytitle>nslcd.conf</refentrytitle>
<manvolnum>5</manvolnum>
- <refmiscinfo class="version">Version 0.8.1</refmiscinfo>
+ <refmiscinfo class="version">Version 0.8.2</refmiscinfo>
<refmiscinfo class="manual">System Manager's Manual</refmiscinfo>
<refmiscinfo class="date">Mar 2011</refmiscinfo>
</refmeta>
diff --git a/man/pam_ldap.8.xml b/man/pam_ldap.8.xml
index ea19980..139ba4c 100644
--- a/man/pam_ldap.8.xml
+++ b/man/pam_ldap.8.xml
@@ -35,7 +35,7 @@
<refmeta>
<refentrytitle>pam_ldap</refentrytitle>
<manvolnum>8</manvolnum>
- <refmiscinfo class="version">Version 0.8.1</refmiscinfo>
+ <refmiscinfo class="version">Version 0.8.2</refmiscinfo>
<refmiscinfo class="manual">System Manager's Manual</refmiscinfo>
<refmiscinfo class="date">Mar 2011</refmiscinfo>
</refmeta>