[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Accepted nss-pam-ldapd 0.9.4-2~bpo70+1 (source amd64 all) into wheezy-backports, wheezy-backports

Hash: SHA1

Format: 1.8
Date: Mon, 11 Aug 2014 14:35:52 +0200
Source: nss-pam-ldapd
Binary: nslcd libnss-ldapd libpam-ldapd nslcd-utils
Architecture: source amd64 all
Version: 0.9.4-2~bpo70+1
Distribution: wheezy-backports
Urgency: medium
Maintainer: Martijn van Brummelen <martijn@brumit.nl>
Changed-By: Martijn van Brummelen <martijn@brumit.nl>
 libnss-ldapd - NSS module for using LDAP as a naming service
 libpam-ldapd - PAM module for using LDAP as an authentication service
 nslcd      - daemon for NSS and PAM lookups using LDAP
 nslcd-utils - utilities for querying LDAP via nslcd
Closes: 647502 659488 661872 692633 694420 695044 699841 701067 706913 707193 711867 711884 711889 712231 712311 712728 712847 712876 713047 713921 713987 714651 717063 726435 739330 750949 751047 751100 752515 752550 753691 753710 753948 754101 754284 754476 754989 755037 755282
 nss-pam-ldapd (0.9.4-2~bpo70+1) wheezy-backports; urgency=medium
   * Rebuild for wheezy-backports.
   * Change maintainer to "me".
   * Disable pynslcd as it is still experimental.
   * Remove uneeded python dependency's .
 nss-pam-ldapd (0.9.4-2) unstable; urgency=low
   * debconf translation updates:
     - Portuguese by Américo Monteiro (closes: #751047)
     - French by Christian Perrier (closes: #751100)
     - Japanese by Kenshi Muto (closes: #752515)
     - Russian by Yuri Kozlov (closes: #752550)
     - Dutch by Arthur de Jong
     - Swedish by Martin Bagge (closes: #753691)
       (with corrections by Anders Jonsson)
     - Czech by Miroslav Kure (closes: #753710)
     - Danish by Joe Hansen (closes: #753948)
     - Turkish by Mert Dirik (closes: #754101)
     - Slovak by Slavko (closes: #754284)
     - German by Chris Leick (closes: #754476)
     - Polish by Michał Kułach (closes: #754989)
     - Spanish by Matías A. Bellone (closes: #755037)
     - Italian by Beatrice Torracca (closes: #755282)
   * for new installs add tls_cacertfile /etc/ssl/certs/ca-certificates.crt to
     nslcd.conf (closes: #750949)
   * provide a debconf prompt for tls_cacertfile if TLS is enabled and reqcert
     is configured (closes: #750949, #661872)
   * update autopkgtest tests to dump daemon debug info if tests fail and not
     stop the tests on first failure
 nss-pam-ldapd (0.9.4-1) unstable; urgency=medium
   * upload to unstable
   * new upstream release:
     - also handle password policy information on BIND failure (this makes it
       possible to distinguish between a wrong password and an expired
     - fix mapping the member attribute to an empty string
     - any buffers that may have held passwords are cleared before the memory
       is released
     - increase buffer size for passwords to support extremely long passwords
       (thanks ushi)
     - increase buffer size for DN to support very long names or names with
       non-ASCII characters
     - log an error in almost all places where a defined buffer is not large
       enough to hold the provided data instead of just (sometimes silently)
     - logging improvements (start-up problems, login failures)
   * add signature checking option to watch file
   * add a debian/upstream/metadata file
 nss-pam-ldapd (0.9.3-1) experimental; urgency=low
   * new upstream release:
     - make the dn2uid cache lifetime configurable with the cache
       configuration option
     - have the nslcd process only exit after the service is completely
       available to avoid race conditions in the init script
     - the nslcd daemon now properly daemonises (double fork)
     - support mapping the member attribute to an empty string to disable the
       functionality to do extra lookups for member DN to member uid
     - implement deref control handling to request the LDAP server to
       dereference group member attribute values to uid values
     - support getting built-in groups from Active Directory (thanks Davy
     - fix for pwdLastSet attribute value handling (thanks Joshua Shire)
     - fix a possible crash in the NSS module when retrieving large networks
       entries (thanks Lukas Slebodnik)
     - correct NSS h_errnop return value to indicate buffer too small (thanks
       Nalin Dahyabhai)
     - fix a bug with shadow values on 64-bit architectures (closes: #739330)
   * debian/copyright: copyright year updates
   * add build dependencies for used Python modules because the new upstream
     version checks them with configure script
 nss-pam-ldapd (0.9.2-1) experimental; urgency=low
   * new upstream release:
     - increase password value buffer size (by Bersl)
     - avoid more broken pipe errors by using a low timeout when aborting
       reading requested information from nslcd (thanks John Sullivan)
     - only log broken pipe errors in debugging mode
     - fix buffer overflow on interrupted read that is hard to trigger (thanks
       John Sullivan)
     - use clock_gettime() with CLOCK_MONOTONIC for timeout calculations to
       avoid clock adjustments errors (thanks John Sullivan)
     - extend test suite to test for CLOCK_MONOTONIC and timed IO timeout
     - increase the maximum number of base statements per map to 31
     - use larger nslcd send buffers to reduce the number of write operations
       in nslcd and consequently the number of reads in the NSS and PAM modules
       (thanks John Sullivan)
     - also run invalidators after first successful search
     - various clean-ups, portability improvements and fixes for compiler
     - import configure checks of Python modules
     - provide a script for setting up slapd in a test environment,
       automatically loaded with the required test data
     - add script for evaluating test environment availability
     - portability improvements in the test scripts and test environment
   * avoid prompting to restart services on initial install
   * upgrade to standards-version 3.9.5 (no changes needed)
   * add DEP-8 autopkgtest end-to-end tests of installed packages running an
     LDAP server and performing NSS and PAM operations
 nss-pam-ldapd (0.9.1-2) experimental; urgency=low
   * mark pynslcd as multi-arch foreign to allow it to satisfy dependencies
     on any arch
   * add init script dependency on $network to ensure that network is up
     before starting nslcd (closes: #726435)
   * clean generated manual pages to allow the package to be built twice in
     a row
   * when upgrading from a pre-0.9 version, have the nslcd preinst check if
     a screensaver is running that could end up locking users out of their
     system (heavily based on the eglibc and pam packaging)
   * when upgrading from a pre-0.9 version, have the nslcd postinst check
     if any services need to be restarted to load the new modules (heavily
     based on the eglibc and pam packaging)
   * debconf translation updates:
     - Dutch by Arthur de Jong
 nss-pam-ldapd (0.9.1-1) experimental; urgency=low
   * new upstream release:
     - rename the nscd_invalidate option to reconnect_invalidate and allow
       flushing the nfsidmap cache with the new option (perhaps a fix for
     - implement an -n switch to not daemonise (by Caleb Callaway)
     - nslcd will now return partial shadow information to non-root users to
       avoid authorisation problems with setgid shadow authentication helpers
       with some PAM stacks (closes: #706913)
     - nslcd will now retry failing LDAP connections after receiving SIGUSR1
     - the code for the nslcd utilities (getent.ldap and chsh.ldap) is now
       installed in /usr/share/nslcd-utils
     - improve error and help output of the getent.ldap command
     - documentation updates
     - fix for a potential, small memory leak in PAM module regarding temporary
       saving of old password
     - a large number of bug fixes and improvements in pynslcd
     - hide passwords from the pynslcd debug output
     - support start_tls, pam_password_prohibit_message, nss_min_uid and
       nss_initgroups_ignoreusers in pynslcd
     - fix rootpwmodpw handling in pynslcd
     - complete a basic PAM implementation in pynslcd (some things such as
       shadow attribute checking remain to be implemented)
   * drop 02-fix-missing-self.patch which is part of 0.9.1
   * install the same documentation in pynslcd as with nslcd
   * debian/nslcd.config: properly handle preseeding and reading values
     from the configuration file by forcefully overwriting debconf values
     from nslcd.conf and not overwriting debconf values when reading other
     configuration files (closes: #717063)
   * fix the tests by adding python-daemon and python-ldap to Build-Depends
     and fixing the permissions of the test configuration file
   * install an if-up scripts for nslcd that sends SIGUSR1 to the daemon to
     re-check LDAP server availability
 nss-pam-ldapd (0.9.0-2) experimental; urgency=low
   * debconf translation updates:
     - Japanese by Kenshi Muto (closes: #711867)
     - Russian by Yuri Kozlov (closes: #711884)
     - Slovak by Slavko (closes: #711889)
     - Portuguese by Américo Monteiro (closes: #712231)
     - Danish by Joe Hansen (closes: #712311)
     - German by Chris Leick (closes: #712728)
     - French by Christian Perrier (closes: #712847)
     - Turkish by Atila KOÇ (closes: #712876)
     - Czech by Miroslav Kure (closes: #713047)
     - Italian by Beatrice Torracca (closes: #713987)
     - Dutch by Arthur de Jong
     - Swedish by Martin Bagge (closes: #714651)
   * new debconf translations:
     - Polish by Michał Kułach (closes: #713921)
   * remove debian/pynslcd.init in clean target
   * move python build dependency from Build-Depends-Indep to Build-Depends
     because dh_python2 is used for every dh invocation
 nss-pam-ldapd (0.9.0-1) experimental; urgency=low
   * new upstream release:
     - use network byte order in the the communications protocol between
       nslcd and NSS and PAM modules  to work on mixed endian multiarch
       systems (closes: #659488)
     - netgroup lookups now makes a distinction between empty netgroups and
       non-existing netgroups
     - request and handle password policy controls on LDAP authentication
     - implement support for nested groups which can be enabled with the
       nss_nested_groups option (thanks Steve Hill) (closes: #647502)
     - add a log option to configure log level and logging to plain files
       (closes: #699841)
     - add an nscd_invalidate option to invalidate the nscd cache after
       recovering from LDAP connection problems (to clear any negative cache
     - allow trimming expressions with ${foo#bar} syntax in attribute mapping
       expressions (thanks Thorsten Glaser) (closes: #695044)
       (pynslcd supports trimming expressions with full shell glob matching)
     - support password modification in pynslcd
     - support children search scope for systems that have it
     - add a getent.ldap utility to perform nslcd queries bypassing the libc
       NSS stack
     - implement functionality for changing user information and provide a
       chsh.ldap utility to allow users to change their login shell
     - remove deprecated use_sasl, reconnect_tries, reconnect_maxsleeptime and
       tls_checkpeer options which have been replaced long ago
     - allow names with one character in default validnames option and allow
       parentheses (taken from Fedora packages)
     - fall back to updating the lastChange attribute with the normal LDAP
     - dump full nslcd configuration at debug level on start-up
     - export an _nss_ldap_version symbol in the NSS module to make finding
       version mismatches easier (the NSS module version is logged from nslcd)
     - documentation improvements
     - temporary disable the caching functionality of pynslcd
     - usability improvements in the pynslcd implementation
   * debian/copyright: copyright year updates
   * introduce a nslcd-2 (for the protocol version) virtual package that can
     be shared between nslcd, pynslcd and potentially nssov
   * introduce a nslcd-utils package that contains the getent.ldap and
     chsh.ldap utilities
   * libnss-ldapd.postrm: do not offer to remove entries from nsswitch.conf
     when switching between module implementation or architecture
   * feedback from the debian-l10n-english contributors on the debconf
     templates and package descriptions (closes: #707193) (thanks Christian
     PERRIER and Justin B Rye)
   * introduce a pynslcd package that provides an alternative, experimental
     implementation of nslcd in Python (this package shares configuration
     and packaging scripts with nslcd)
   * 02-fix-missing-self.patch: fix a bug in pynslcd
   * ensure that /var/run/nslcd is not removed and /etc/nslcd.conf is not
     purged as long as an nslcd implementation is still present
 nss-pam-ldapd (0.8.13-1) unstable; urgency=low
   * new upstream release:
     - include an extra sanity check to ensure not too many file
       descriptors are open
     - fix handling of gid configuration option if it listed before the uid
     - return NSS_STATUS_TRYAGAIN on zero-length (but not-NULL) buffer (thanks
       Jakub Hrozek)
     - provide an _nss_ldap_version symbol in the NSS module to help debug
       problems with a newer nslcd
     - retry updating the lastChange attribute with the normal nslcd LDAP
       connection if the update with the user's connection failed
     - avoid processing passwd_byuid requests for uids below nss_min_uid
     - fix a few minor or very unlikely to occur memory leaks
     - miscellaneous minor changes, fixes and compatibility improvements
   * drop 01-fix-set-usec-instead-of-sec.patch which is part of 0.8.13
   * remove compatibility code that converted nss-ldapd.conf to nslcd.conf
     for upgrading from pre-0.7 versions of nss-ldapd (thanks Dominik George)
   * remove code for fixing permissions when upgrading from a pre-
   * updated Turkish debconf translation by Atila KOÇ (closes: #701067)
   * drop Richard A Nelson from uploaders
   * add build dependency on autotools-dev to ensure config.sub and
     config.guess are automatically updated during build
 nss-pam-ldapd (0.8.12-1) experimental; urgency=low
   * new upstream release:
     - fix a problem with the sasl_canonicalize option that would cause
       errors on non-SASL enabled systems
     - ensure that the file descriptors in the NSS and PAM modules for
       connecting to nslcd are closed on exec of the process
     - allow attribute options in attribute mapping expressions
     - show reconnect messages when failing over to a different LDAP server
       or re-establishing the connection to an LDAP server (the message
       accidentally got hidden in 0.7.4)
     - small improvement to PAM error logging
   * added Turkish debconf translation by Atila KOÇ (closes: #694420)
   * 01-fix-set-usec-instead-of-sec.patch: fix a problem in the timeout
     calculation used in the communication protocol between nslcd and the
     NSS and PAM modules, thanks Julien Cristau
 nss-pam-ldapd (0.8.11-1) experimental; urgency=low
   * new upstream release:
     - add a pam_password_prohibit_message nslcd.conf option to deny password
       change (thanks to Ted Cheng)
     - add a sasl_canonicalize option to allow disabling of hostname
       canonicalisation in OpenLDAP
     - have the nslcd daemon load the nslcd user's supplementary groups to have
       more flexibility with assigning group permissions (LP: #1020303)
     - fix logic error when falling back to getting ranged attribute values for
       possibly binary attributes (thanks scan-build)
     - fix a problem when storing negative hit to dn2uid cache (thanks
     - small portability improvements
     - grow all search filter buffers to 4096 bytes
   * drop 01-use-poll-instead-of-select.patch which is part of 0.8.11
   * install upstream ldapns.ldif instead of debian/ldapns.ldif one
   * mark ldapns.schema and ldapns.ldif as example files
   * upgrade to standards-version 3.9.4 (no changes needed)
   * small language improvement in debconf template and list more SASL
   * update X-Start-Before in the init script so that nslcd is started
     before various IMAP servers (closes: #692633)
   * update X-Start-Before in the init script so that nslcd is started
     before a display manager
   * update Should-Start in the init script so that nslcd is started after
     a Kerberos KDC is available
 eb7b64a3fa81e47cd20eef172190fbdba14ba614 1877 nss-pam-ldapd_0.9.4-2~bpo70+1.dsc
 4e739564f8fe3f33015fb7a52b9ef5acb0c5b27d 155650 nss-pam-ldapd_0.9.4-2~bpo70+1.debian.tar.gz
 71f6aa3a2967dd125f7f453dda095e6db86641a7 218430 nslcd_0.9.4-2~bpo70+1_amd64.deb
 b2a2da61766460133d2ff4620b38313fe3a2f69a 76874 libnss-ldapd_0.9.4-2~bpo70+1_amd64.deb
 8d83eb1ec13930f6e76501ebc9a08d7a1fbf4e22 62656 libpam-ldapd_0.9.4-2~bpo70+1_amd64.deb
 8c0866de0c790a1a148334874ab3b7f6f4fdf622 59088 nslcd-utils_0.9.4-2~bpo70+1_all.deb
 c05c30f74b710d820c0b0e77e4592aedca75debb62440345ff54bdfd80def068 1877 nss-pam-ldapd_0.9.4-2~bpo70+1.dsc
 b1b91497f9ce6614f1d2e92a339a5d544ec67be839302d2d90a2b54aa2e7dae3 155650 nss-pam-ldapd_0.9.4-2~bpo70+1.debian.tar.gz
 a03eb7fc8ad993d66c15de64714ee9e4ba477f0d0cf37a6af20f8c408d8af5c1 218430 nslcd_0.9.4-2~bpo70+1_amd64.deb
 e8f184f2630c076aa9a2d5b9e1904d3ded819040e8ebc5e64d2fbcd351275761 76874 libnss-ldapd_0.9.4-2~bpo70+1_amd64.deb
 eb4f1c5bd73573b308026ac0ce3c1ce7793aa9d9caaaebde2a945a7a35c3a9d9 62656 libpam-ldapd_0.9.4-2~bpo70+1_amd64.deb
 e2e049f6944718ba51de3c796823ca2c21ad2d2038504f314b23a90d4bb48589 59088 nslcd-utils_0.9.4-2~bpo70+1_all.deb
 f401e1d8922c2a0844381066888b7f49 1877 admin extra nss-pam-ldapd_0.9.4-2~bpo70+1.dsc
 2e32a9d7ca33b63db10d91ab657e69fb 155650 admin extra nss-pam-ldapd_0.9.4-2~bpo70+1.debian.tar.gz
 ce5fd5fe20715dd226ed479891eb79e0 218430 admin extra nslcd_0.9.4-2~bpo70+1_amd64.deb
 df325d2af9269171f8684adb24cba411 76874 admin extra libnss-ldapd_0.9.4-2~bpo70+1_amd64.deb
 efdeb0f8e188ae93c257316fe18c79aa 62656 admin extra libpam-ldapd_0.9.4-2~bpo70+1_amd64.deb
 70054ffce99cc1b39f6dd6f7015d8110 59088 admin extra nslcd-utils_0.9.4-2~bpo70+1_all.deb

Version: GnuPG v1


Reply to: