From 5f4aacc4a96b452c11e7a1a5625e86d29cb38b1e Mon Sep 17 00:00:00 2001 From: Arthur de Jong Date: Sun, 9 Feb 2025 18:00:44 +0100 Subject: Get files ready for 0.9.13 release --- AUTHORS | 3 + ChangeLog | 185 ++++++++++++++++++++++++++++++++++++++++++++++++++ NEWS | 19 ++++++ README | 2 +- configure.ac | 8 +-- man/chsh.ldap.1.xml | 6 +- man/getent.ldap.1.xml | 6 +- man/nslcd.8.xml | 6 +- man/nslcd.conf.5.xml | 6 +- man/pam_ldap.8.xml | 6 +- man/pynslcd.8.xml | 6 +- nslcd/nslcd.c | 4 +- 12 files changed, 232 insertions(+), 25 deletions(-) diff --git a/AUTHORS b/AUTHORS index 6bfb9cb..70c600b 100644 --- a/AUTHORS +++ b/AUTHORS @@ -150,3 +150,6 @@ Benedict Reuschling Filip Dvorak sebastienblavier <72022031+sebastienblavier@users.noreply.github.com> Ryan Tandy +Consus +Cristian Othón Martínez Vera +Brett Lymn diff --git a/ChangeLog b/ChangeLog index 99760e4..f65008a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,188 @@ +2025-02-09 Arthur de Jong + + * [e5ee16f] INSTALL, ar-lib, compile, depcomp, install-sh, + missing, mkinstalldirs, py-compile, test-driver: Update files + from latest automake + +2025-02-09 Arthur de Jong + + * [a81bb35] nslcd/attmap.c: Add extra safety check in attribute + parsing + + This ensures that we never have a buffer underflow in + attmap_get_value() even when expr_parse() would return unexpected + values in the buffer. + + Closes https://github.com/arthurdejong/nss-pam-ldapd/issues/72 + +2025-02-09 Arthur de Jong + + * [4a6c963] nslcd/cfg.c: Clarify the name of the function to parse + TLS values + +2024-10-14 Arthur de Jong + + * [09ed954] .github/workflows/test.yml: Switch to Ubuntu 22.04 + fir GitHub tests + + Ubuntu 24.04 has an issue with AppArmor. + +2024-08-27 Arthur de Jong + + * [9a353ac] nslcd/cfg.c: Fix memory leak in config parsing + + This fixes a one-time memory leak in reading the base configuration + option. + +2024-08-27 Arthur de Jong + + * [91bb8c9] nslcd/passwd.c: Fix NULL pointer deref on memory + allocation failure + + This fixes a NULL pointer dereference when a call to malloc() + failed. + + Closes https://github.com/arthurdejong/nss-pam-ldapd/issues/70 + +2024-06-29 Consus + + * [b7841fc] nslcd/nslcd.c: Do not pass invalid file descriptor + to FD_ISSET() + + Currently there is a race condition between the main thread and + the workers threads. The main thread sets nslcd_serversocket + to -1 without ensuring that all worker threads are stopped, + giving them the window of opportunity to pass the now invalid + fd to FD_ISSET(). This results in SIGBUS on musl libc. + + Closing the file descriptor is enough. I've also dropped close() + in exithandler() to prevent misleading logs. The OS will close + the socket anyway. + +2024-06-29 Consus + + * [ed4041c] nslcd/nslcd.c: Do not try to kill thread that was + successfully joined + + Calling pthread_kill() after a successfull call + pthread_timedjoin_np() is considered a UB because pthread_t object + is no longer valid. This results in SIGSEGV at least on musl libc. + +2024-03-03 Arthur de Jong + + * [cced213] man/nslcd.conf.5.xml: Clarify the map option in the + manual page + + This tries to make it a little clearer how expressions in the + map statement may be used. + +2024-02-24 Arthur de Jong + + * [1cca4b0] .gitignore, autogen.sh, config.guess, config.sub: + Update files from latest automake + + This also updates the autogen.sh script to just use the latest + version of automake (tested with automake 1.16). + +2024-02-24 Arthur de Jong + + * [b42d8c0] man/nslcd.8.xml, nslcd/nslcd.c: Add an option to test + the configuration file + +2024-02-24 Arthur de Jong + + * [baf3bee] man/nslcd.8.xml, nslcd/nslcd.c: Make configuration + file to use configurable + +2023-08-06 Arthur de Jong + + * [33cf91c] compat/nss_compat.h: Define NETDB_INTERNAL for musl libc + + musl libc doesn't define ```NETDB_INTERNAL```. Add that definition + when it's missing. + + Thanks Cristian Othón Martínez Vera. + + Closes https://github.com/arthurdejong/nss-pam-ldapd/pull/60 + +2023-06-17 Arthur de Jong + + * [4b6556d] .github/workflows/test.yml: Update GitHub checkout + action to latest version + +2023-06-17 Arthur de Jong + + * [737e4a5] tests/pylint.rc: Update Pylint configuration file + + Some options do not appear to be present in Pylint 2.16.2 but + this used to work in version 1.9.4 (this config works with + both versions). + +2023-05-30 Brett Lymn + + * [e9662f1] compat/getpeercred.c: Fix compilation issues on NetBSD + + Fixes da63099 + +2022-10-10 Arthur de Jong + + * [2f6e65a] configure.ac, nslcd/daemonize.c, nslcd/invalidator.c: + Use closefrom() if available + + One some systems _SC_OPEN_MAX can be *very* large. + + Closes https://github.com/arthurdejong/nss-pam-ldapd/issues/53 + +2022-10-10 Arthur de Jong + + * [1c9b021] nslcd/daemonize.c: Fix off-by one error in closing + file descriptors + + This could leave file descriptor 3 open from the parent process + starting nslcd. + +2022-09-04 Arthur de Jong + + * [2fc652f] nslcd/common.h: Increase password buffer length + + This allows passwords to contain up to 255 characters even though + they are most likely don't add any meaningful password security. + + Closes https://github.com/arthurdejong/nss-pam-ldapd/issues/52 + +2022-08-27 Arthur de Jong + + * [6ee1981] tests/test.ldif: Don't force password change during tests + + Change the configuration of the password policy in the test + suite to not set pwdMustChange to TRUE. Between OpenLDAP 2.4 + and 2.5 the behaviour of the LDAP server was changed to force + a password change whenever the administrator changed a user's + password. This change ensures that the old behaviour is maintained. + + See https://bugs.openldap.org/show_bug.cgi?id=7084 + +2022-08-27 Arthur de Jong + + * [ae25521] tests/pylint.rc: Fix pylint config for newer versions + of pylint + + Apparently newer versions of pylint parse the evaluation option + differently. + +2022-08-27 Arthur de Jong + + * [3c9edc1] .github/workflows/test.yml: Upgrade to CodeQL Action v2 + + https://github.blog/changelog/2022-04-27-code-scanning-deprecation-of-codeql-action-v1/ + +2021-11-20 Arthur de Jong + + * [0507f25] AUTHORS, ChangeLog, NEWS, configure.ac, + man/chsh.ldap.1.xml, man/getent.ldap.1.xml, man/nslcd.8.xml, + man/nslcd.conf.5.xml, man/pam_ldap.8.xml, man/pynslcd.8.xml: + Get files ready for 0.9.12 release + 2021-11-19 Arthur de Jong * [6e7e878] man/nslcd.conf.5.xml, nslcd/cfg.c: Support DNSLDAPS diff --git a/NEWS b/NEWS index 9d2e4f9..37f0115 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,22 @@ +changes from 0.9.12 to 0.9.13 +----------------------------- + +* add a command line -f, --config option to specify an alternate + configuration file +* add a command line -t, --test option to check the configuration file + validity +* support passwords with up to 255 characters +* fixes for potential memory issues in parsing configuration file +* fix NULL pointer deref on out of memory +* fix race condition in thread start-up (thanks Consus) +* fix issue with stopping threads on shutdown (thanks Consus) +* provide compatibility with musl libc (thanks Cristian Othón Martínez Vera) +* fix compilation issues on NetBSD (thanks Brett Lymn) +* use closefrom() if available to fix slow invalidation on FreeBSD + (thanks Alan Somers) +* fix file descriptor leaking from process starting nslcd + + changes from 0.9.11 to 0.9.12 ----------------------------- diff --git a/README b/README index 36cff68..728a500 100644 --- a/README +++ b/README @@ -15,7 +15,7 @@ Copyright (C) 1997-2006 Luke Howard Copyright (C) 2006-2007 West Consulting - Copyright (C) 2006-2018 Arthur de Jong + Copyright (C) 2006-2025 Arthur de Jong Copyright (C) 2009 Howard Chu Copyright (C) 2010 Symas Corporation diff --git a/configure.ac b/configure.ac index 27b2fda..8d361ac 100644 --- a/configure.ac +++ b/configure.ac @@ -2,7 +2,7 @@ # # Copyright (C) 2006 Luke Howard # Copyright (C) 2006 West Consulting -# Copyright (C) 2006-2022 Arthur de Jong +# Copyright (C) 2006-2025 Arthur de Jong # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public @@ -23,7 +23,7 @@ AC_PREREQ(2.61) AC_COPYRIGHT( [Copyright (C) 2006 Luke Howard Copyright (C) 2006 West Consulting -Copyright (C) 2006-2022 Arthur de Jong +Copyright (C) 2006-2025 Arthur de Jong This configure script is derived from configure.ac which is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser @@ -33,10 +33,10 @@ configure.ac file for more details.]) # initialize and set version and bugreport address AC_INIT([nss-pam-ldapd], - [0.9.12], + [0.9.13], [nss-pam-ldapd-users@lists.arthurdejong.org],, [https://arthurdejong.org/nss-pam-ldapd/]) -RELEASE_MONTH="Nov 2021" +RELEASE_MONTH="Feb 2025" AC_SUBST(RELEASE_MONTH) AC_CONFIG_SRCDIR([nslcd.h]) AC_CONFIG_MACRO_DIR([m4]) diff --git a/man/chsh.ldap.1.xml b/man/chsh.ldap.1.xml index e3be4b8..4ab010b 100644 --- a/man/chsh.ldap.1.xml +++ b/man/chsh.ldap.1.xml @@ -5,7 +5,7 @@