diff options
| -rw-r--r-- | ChangeLog | 121 | ||||
| -rw-r--r-- | NEWS | 22 | ||||
| -rw-r--r-- | TODO | 9 | ||||
| -rw-r--r-- | configure.ac | 8 | ||||
| -rw-r--r-- | debian/changelog | 25 | ||||
| -rw-r--r-- | man/nslcd.8.xml | 6 | ||||
| -rw-r--r-- | man/nss-ldapd.conf.5.xml | 6 |
7 files changed, 186 insertions, 11 deletions
@@ -1,3 +1,124 @@ +2009-03-22 21:20 arthur + + * [r824] README, debian/copyright: update copyright year + +2009-03-22 21:12 arthur + + * [r823] nslcd/nslcd.c: update copyright year + +2009-03-22 17:05 arthur + + * [r822] debian/compat, debian/control, debian/rules: upgrade to + debhelper compatibility level 7 + +2009-03-22 16:53 arthur + + * [r821] debian/control: upgrade to standards-version 3.8.1 (no + changes needed) + +2009-03-22 16:46 arthur + + * [r820] Makefile.am, debian/libnss-ldapd.lintian-overrides, + debian/rules: add lintian override for missing shlibs and symbols + control files (we are a shared library that should not be + directly linked to) + +2009-03-21 11:33 arthur + + * [r818] NEWS: fix version numbers in NEWS file + +2009-03-21 11:30 arthur + + * [r817] nss-ldapd.conf: add a note about permissions of + nss-ldapd.conf when using the bindpw option + +2009-03-21 09:51 arthur + + * [r816] debian/libnss-ldapd.postinst: instead of bindpw check + always create config file with proper permissions and fix + permissions once on upgrade + +2009-03-20 12:23 arthur + + * [r814] debian/libnss-ldapd.postinst: add bindpw-related warning + message to default installed config file + +2009-03-20 10:55 arthur + + * [r813] debian/libnss-ldapd.postinst: fix permissions of + configfile if passwords are stored + +2009-03-15 17:30 arthur + + * [r812] debian/control: follow change in override file + +2009-02-27 18:09 arthur + + * [r811] debian/control: use misc:Depends to generate debconf + dependency + +2009-02-27 17:27 arthur + + * [r810] nslcd/common.c: check user and group names against + LOGIN_NAME_MAX if it is defined + +2009-02-27 16:39 arthur + + * [r809] man/Makefile.am: generate utf-8 encoded manual page (no + non-ascii characters used at the moment) + +2009-02-27 16:28 arthur + + * [r808] nslcd/passwd.c: add some more documentation + +2009-01-30 18:05 arthur + + * [r807] compat/getpeercred.c: fix for getpeercred() on Solaris by + David Bartley <dtbartle@csclub.uwaterloo.ca> + +2008-12-15 11:20 arthur + + * [r806] man/nss-ldapd.conf.5.xml: add a note about permissions of + configfile when bindpw is used + +2008-12-06 16:58 arthur + + * [r805] man/nss-ldapd.conf.5.xml, nslcd/cfg.c, nslcd/cfg.h, + nslcd/myldap.c, nss-ldapd.conf: rename the tls_checkpeer option + to tls_reqcert, deprecating the old name and supporting all + options that OpenLDAP supports for that value + +2008-12-03 22:45 arthur + + * [r804] nslcd/common.c, tests/test_common.c: allow backslashes in + names execpt as first or last character + +2008-12-03 22:11 arthur + + * [r803] configure.ac, nslcd/nslcd.c: clean the environment and set + LDAPNOINIT to disable parsing of LDAP configfiles (.ldaprc, + /etc/ldap/ldap.conf, etc) + +2008-11-29 15:18 arthur + + * [r802] nslcd/myldap.c: use tls_* options also for StartTLS + connections + +2008-11-29 14:43 arthur + + * [r801] man/nss-ldapd.conf.5.xml, nslcd/cfg.c, nslcd/cfg.h: remove + sslpath option because it wasn't used for anything + +2008-11-29 14:41 arthur + + * [r800] debian/changelog: add missing pound sign + +2008-11-14 15:44 arthur + + * [r798] ChangeLog, NEWS, configure.ac, debian/changelog, + man/nslcd.8.xml, man/nss-ldapd.conf.5.xml: get files ready for + 0.6.7 release + 2008-11-13 21:27 arthur * [r797] debian/libnss-ldapd.templates: also leave out empty @@ -1,3 +1,25 @@ +changes from 0.6.7 to 0.6.8 +--------------------------- + +* SECURITY FIX: the nss-ldapd.conf file that is installed by the Debian + package was created world-readable which could cause problems + if the bindpw option is used + this has been fixed in the Debian package but other users + should check the permissions of the nss-ldapd.conf file when + the bindpw option is used (warnings have been added to the + manual page and sample nss-ldapd.conf) +* clean the environment and set LDAPNOINIT to disable parsing of LDAP + configuration files (.ldaprc, /etc/ldap/ldap.conf, etc) +* remove sslpath option because it wasn't used +* correctly set SSL/TLS options when using StartTLS +* rename the tls_checkpeer option to tls_reqcert, deprecating the old name and + supporting all values that OpenLDAP supports +* allow backslashes in user and group names execpt as first or last character +* check user and group names against LOGIN_NAME_MAX if it is defined +* fix for getpeercred() on Solaris by David Bartley +* Debian packaging improvements + + changes form 0.6.6 to 0.6.7 --------------------------- @@ -46,6 +46,13 @@ other items * maybe use datagram sockets for NSS/nslcd communication * support multiple search bases * support memberOf attribute in passwd entries that map to groups -* rename tls_checkpeer option to tls_reqcert * setnetgrent() may need to return an error if the netgroup is undefined * handle repeated calls to getent() better (see http://bugzilla.padl.com/show_bug.cgi?id=376) +* make it possible to define nisNetgroup as a ou-like thing with + handling all sub-nisNetgroup objects as memberNisNetgroup, host objects as + nisNetgroupTriple (HOST,,), users as (,USER?,) +* make it possible to start nslcd really early in the boot process and have + it become available when it determines it can (other timeout/retry mechanism + on startup) +* if Debconf base is empty do something more useful +* make lookups case-sensitive diff --git a/configure.ac b/configure.ac index aee261c..b34aa10 100644 --- a/configure.ac +++ b/configure.ac @@ -2,7 +2,7 @@ # # Copyright (C) 2006 Luke Howard # Copyright (C) 2006 West Consulting -# Copyright (C) 2006, 2007, 2008 Arthur de Jong +# Copyright (C) 2006, 2007, 2008, 2009 Arthur de Jong # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public @@ -23,7 +23,7 @@ AC_PREREQ(2.59) AC_COPYRIGHT( [Copyright (C) 2006 Luke Howard Copyright (C) 2006 West Consulting -Copyright (C) 2006, 2007, 2008 Arthur de Jong +Copyright (C) 2006, 2007, 2008, 2009 Arthur de Jong This configure script is derived from configure.ac which is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser @@ -32,8 +32,8 @@ version 2.1 of the License, or (at your option) any later version. See the configure.ac file for more details.]) # initialize and set version and bugreport address -AC_INIT([nss-ldapd],[0.6.7],[arthur@ch.tudelft.nl]) -RELEASE_MONTH="Nov 2008" +AC_INIT([nss-ldapd],[0.6.8],[arthur@ch.tudelft.nl]) +RELEASE_MONTH="Mar 2009" AC_SUBST(RELEASE_MONTH) AC_CONFIG_SRCDIR([nslcd.h]) diff --git a/debian/changelog b/debian/changelog index 3f08818..0ccaae3 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,28 @@ +nss-ldapd (0.6.8) unstable; urgency=high + + * SECURITY FIX: the nss-ldapd.conf file that is installed was created + world-readable which could cause problems if the bindpw + option is used + this has been fixed and warnings have been added to the + manual page and sample nss-ldapd.conf (closes: #520476) + * clean the environment and set LDAPNOINIT to disable parsing of LDAP + configuration files (.ldaprc, /etc/ldap/ldap.conf, etc) + * remove sslpath option because it wasn't used + * correctly set SSL/TLS options when using StartTLS + * rename the tls_checkpeer option to tls_reqcert, deprecating the old name + and supporting all values that OpenLDAP supports + * allow backslashes in user and group names execpt as first or last + character + * check user and group names against LOGIN_NAME_MAX if it is defined + * fix for getpeercred() on Solaris by David Bartley + * debian/control: change section to admin to follow change in override file + * add lintian override for missing shlibs and symbols control files (we are + a shared library that should not be directly linked to) + * upgrade to standards-version 3.8.1 (no changes needed) + * upgrade to debhelper compatibility level 7 + + -- Arthur de Jong <adejong@debian.org> Sat, 22 Mar 2009 22:00:00 +0100 + nss-ldapd (0.6.7) unstable; urgency=low * a fix for a problem in debconf configuration that would ignore user input diff --git a/man/nslcd.8.xml b/man/nslcd.8.xml index d734c80..a02092b 100644 --- a/man/nslcd.8.xml +++ b/man/nslcd.8.xml @@ -6,7 +6,7 @@ nslcd.8.xml - docbook manual page for nslcd Copyright (C) 2006 West Consulting - Copyright (C) 2006, 2007, 2008 Arthur de Jong + Copyright (C) 2006, 2007, 2008, 2009 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public @@ -36,9 +36,9 @@ <refmeta> <refentrytitle>nslcd</refentrytitle> <manvolnum>8</manvolnum> - <refmiscinfo class="version">Version 0.6.7</refmiscinfo> + <refmiscinfo class="version">Version 0.6.8</refmiscinfo> <refmiscinfo class="manual">System Manager's Manual</refmiscinfo> - <refmiscinfo class="date">Nov 2008</refmiscinfo> + <refmiscinfo class="date">Mar 2009</refmiscinfo> </refmeta> <refnamediv id="name"> diff --git a/man/nss-ldapd.conf.5.xml b/man/nss-ldapd.conf.5.xml index f7a78d3..2df32c1 100644 --- a/man/nss-ldapd.conf.5.xml +++ b/man/nss-ldapd.conf.5.xml @@ -6,7 +6,7 @@ nss-ldapd.conf.5.xml - docbook manual page for nss-ldapd.conf Copyright (C) 1997-2005 Luke Howard - Copyright (C) 2007, 2008 Arthur de Jong + Copyright (C) 2007, 2008, 2009 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public @@ -36,9 +36,9 @@ <refmeta> <refentrytitle>nss-ldapd.conf</refentrytitle> <manvolnum>5</manvolnum> - <refmiscinfo class="version">Version 0.6.7</refmiscinfo> + <refmiscinfo class="version">Version 0.6.8</refmiscinfo> <refmiscinfo class="manual">System Manager's Manual</refmiscinfo> - <refmiscinfo class="date">Nov 2008</refmiscinfo> + <refmiscinfo class="date">Mar 2009</refmiscinfo> </refmeta> <refnamediv id="name"> |