From a672d0d688d3ee0e66c0f15287d9f9fcc32d45bf Mon Sep 17 00:00:00 2001 From: Arthur de Jong Date: Sun, 9 May 2010 11:40:20 +0000 Subject: get files ready for 0.7.4 release git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1096 ef36b2f9-881f-0410-afb5-c4e39611909c --- ChangeLog | 133 +++++++++++++++++++++++++++++++++++++++++++++++++++ NEWS | 19 ++++++++ TODO | 1 - configure.ac | 4 +- debian/changelog | 24 ++++++++++ man/nslcd.8.xml | 4 +- man/nslcd.conf.5.xml | 4 +- man/pam_ldap.8.xml | 4 +- 8 files changed, 184 insertions(+), 9 deletions(-) diff --git a/ChangeLog b/ChangeLog index 26e7ad5..5d6f508 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,136 @@ +2010-05-09 10:44 arthur + + * [r1095] nslcd/myldap.c: only log "connected to LDAP server" if + the previous connect failed or we are failing over to a different + server + +2010-05-09 10:39 arthur + + * [r1094] debian/nslcd.postinst, man/nslcd.conf.5.xml, nslcd/cfg.c, + nslcd/cfg.h, nslcd/myldap.c, tests/README, tests/nslcd-test.conf: + rename reconnect_maxsleeptime option to reconnect_retrytime + +2010-05-09 10:20 arthur + + * [r1093] nslcd/myldap.c: don't log errno if it is not set (make + error less confusing) + +2010-05-09 10:08 arthur + + * [r1092] nslcd/myldap.c: handle authentication searches a little + differently (only try once if an authentication error is + returned) + +2010-05-09 09:51 arthur + + * [r1091] man/nslcd.conf.5.xml, nslcd/cfg.c, nslcd/cfg.h, + nslcd/myldap.c: refactor retry timing mechanism to use time + between first and last error to determin when to rerty and only + try once (and don't sleep) when we have been failing for a long + time + +2010-05-08 10:39 arthur + + * [r1090] man/nslcd.conf.5.xml: fix wrapping of long line (thanks + lintian) + +2010-05-08 10:34 arthur + + * [r1089] man/nslcd.conf.5.xml, nslcd/cfg.c, nslcd/cfg.h, + nslcd/pam.c: rename authz_search option to pam_authz_search + +2010-05-07 21:45 arthur + + * [r1088] man/nslcd.conf.5.xml, man/pam_ldap.8.xml, nslcd/cfg.c, + nslcd/cfg.h, nslcd/pam.c: implement an authz_search option to + test whether the user is authorised + +2010-05-07 21:25 arthur + + * [r1087] nslcd/alias.c, nslcd/ether.c, nslcd/group.c, + nslcd/host.c, nslcd/netgroup.c, nslcd/network.c, nslcd/passwd.c, + nslcd/protocol.c, nslcd/rpc.c, nslcd/service.c, nslcd/shadow.c: + tune some buffer sizes and small cleanups + +2010-05-07 20:43 arthur + + * [r1086] tests/test_myldap.c: implement test for buffer overflow + +2010-05-07 20:40 arthur + + * [r1085] nslcd/myldap.c: fix buffer overflow + +2010-05-07 11:23 arthur + + * [r1084] man, man/Makefile.am: have the possibility to generate + HTML for manual pages (not done by default) + +2010-05-07 11:22 arthur + + * [r1083] man/nslcd.conf.5.xml, man/pam_ldap.8.xml: use docbook + elements where possible + +2010-05-06 21:40 arthur + + * [r1082] compat/pam_compat.h, configure.ac, + debian/libpam-ldapd.pam-auth-update, man/pam_ldap.8.xml, + pam/pam.c: implement a minimum_uid option for the PAM module to + ignore users that have a lower numeric user id + +2010-05-05 10:58 arthur + + * [r1081] config.guess, config.sub: include updated files + +2010-05-03 20:29 arthur + + * [r1080] debian/nslcd.config: also parse /etc/ldap.conf for + systems that use that for NSS and PAM configuration + +2010-04-13 19:21 arthur + + * [r1079] nslcd/myldap.c, nslcd/myldap.h, nslcd/pam.c: don't have + myldap_set_credentials() try to open a connection but have the + PAM code perform a search with the new credentials so we re-use + the fail-over mechanism in myldap_search() + +2010-04-13 19:17 arthur + + * [r1078] nslcd/cfg.c, nslcd/common.h, nslcd/myldap.c, + nslcd/myldap.h, nslcd/passwd.c, tests/test_myldap.c: also have + myldap_search() return an LDAP status code + +2010-04-01 19:49 arthur + + * [r1077] tests/README, tests/test.ldif.gz, tests/test_nsscmds.sh: + small improvements to the test setup + +2010-03-20 16:01 arthur + + * [r1076] man/nslcd.conf.5.xml, nslcd/cfg.c, nslcd/cfg.h, + nslcd/group.c: add an nss_initgroups_ignoreusers option to ignore + username to group lookups for the specified users + +2010-03-13 15:40 arthur + + * [r1075] man/nslcd.conf.5.xml: remove commented-oud default option + because it is not implemented and we have a better mechanism now + +2010-02-28 08:10 arthur + + * [r1074] nslcd/myldap.c: have less warnings when LDAP_OPT_X_TLS + isn't defined + +2010-02-28 08:07 arthur + + * [r1073] man/nslcd.conf.5.xml: document which attributes may be + mapped with an expression + +2010-02-27 15:28 arthur + + * [r1071] ChangeLog, NEWS, configure.ac, debian/changelog, + man/nslcd.8.xml, man/nslcd.conf.5.xml, man/pam_ldap.8.xml: get + files ready for 0.7.3 release + 2010-02-27 15:26 arthur * [r1070] debian/NEWS: add blank line for apt-listchanges diff --git a/NEWS b/NEWS index 2e01b01..c2c120e 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,22 @@ +changes from 0.7.3 to 0.7.4 +--------------------------- + +* fix a buffer overflow that should have no security consequences +* perform proper fail-over when authenticating in the PAM module +* add an nss_initgroups_ignoreusers option to ignore user name to group + lookups for the specified users +* add an pam_authz_search option to perform a flexible authorisation check on + login (e.g. to restrict which users can login to which hosts, etc) +* implement a minimum_uid option for the PAM module to ignore users that have + a lower numeric user id +* change the way retries are done to error out quicker if the LDAP server is + down for some time (this should make the system more responsive when the + LDAP server is unavailable) and rename the reconnect_maxsleeptime option to + reconnect_retrytime to better describe the behaviour +* only log "connected to LDAP server" if the previous connection failed +* documentation improvements + + changes from 0.7.2 to 0.7.3 --------------------------- diff --git a/TODO b/TODO index 35f21f9..eff19eb 100644 --- a/TODO +++ b/TODO @@ -22,7 +22,6 @@ * maybe make myldap code thread-safe (use locking) * review changes in nss_ldap and merge any useful changes * maybe rate-limit LDAP entry warnings -* test non-ASCII characters in fields (mostly cn) * only parse configuration options if they are available on the platform * have some more general mechanism to disable NSS lookups from nslcd * maybe support memberOf attribute in passwd entries that map to groups diff --git a/configure.ac b/configure.ac index cf8e8f6..c02d7df 100644 --- a/configure.ac +++ b/configure.ac @@ -32,8 +32,8 @@ version 2.1 of the License, or (at your option) any later version. See the configure.ac file for more details.]) # initialize and set version and bugreport address -AC_INIT([nss-pam-ldapd],[0.7.3],[nss-pam-ldapd-users@lists.arthurdejong.org]) -RELEASE_MONTH="Feb 2010" +AC_INIT([nss-pam-ldapd],[0.7.4],[nss-pam-ldapd-users@lists.arthurdejong.org]) +RELEASE_MONTH="May 2010" AC_SUBST(RELEASE_MONTH) AC_CONFIG_SRCDIR([nslcd.h]) diff --git a/debian/changelog b/debian/changelog index 329c7b0..42efb8b 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,27 @@ +nss-pam-ldapd (0.7.4) unstable; urgency=low + + * fix a buffer overflow that should have no security consequences + * perform proper fail-over when authenticating in the PAM module + (closes: #577593) + * add an nss_initgroups_ignoreusers option to ignore user name to group + lookups for the specified users + * add an pam_authz_search option to perform a flexible authorisation check + on login (e.g. to restrict which users can login to which hosts, etc) + * implement a minimum_uid option for the PAM module to ignore users that + have a lower numeric user id and make 1000 the default value for Debian + (closes: #579574) + * change the way retries are done to error out quicker if the LDAP server + is down for some time (this should make the system more responsive when + the LDAP server is unavailable) and rename the reconnect_maxsleeptime + option to reconnect_retrytime to better describe the behaviour + * only log "connected to LDAP server" if the previous connection failed + (closes: #483795) + * documentation improvements + * debian/nslcd.config: also parse /etc/ldap.conf for systems that put NSS + and PAM configuration there + + -- Arthur de Jong Sat, 08 May 2010 12:00:00 +0200 + nss-pam-ldapd (0.7.3) unstable; urgency=low * allow password modification by root using the rootpwmoddn configuration diff --git a/man/nslcd.8.xml b/man/nslcd.8.xml index a92dfc7..d1401c4 100644 --- a/man/nslcd.8.xml +++ b/man/nslcd.8.xml @@ -36,9 +36,9 @@ nslcd 8 - Version 0.7.3 + Version 0.7.4 System Manager's Manual - Dec 2009 + May 2010 diff --git a/man/nslcd.conf.5.xml b/man/nslcd.conf.5.xml index 3180764..7b31050 100644 --- a/man/nslcd.conf.5.xml +++ b/man/nslcd.conf.5.xml @@ -36,9 +36,9 @@ nslcd.conf 5 - Version 0.7.3 + Version 0.7.4 System Manager's Manual - Dec 2009 + May 2010 diff --git a/man/pam_ldap.8.xml b/man/pam_ldap.8.xml index ad91878..cf69514 100644 --- a/man/pam_ldap.8.xml +++ b/man/pam_ldap.8.xml @@ -35,9 +35,9 @@ pam_ldap 8 - Version 0.7.3 + Version 0.7.4 System Manager's Manual - Dec 2009 + May 2010 -- cgit v1.2.3