Accepted nss-pam-ldapd 0.9.4-2~bpo70+1 (source amd64 all) into wheezy-backports, wheezy-backports
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 11 Aug 2014 14:35:52 +0200
Source: nss-pam-ldapd
Binary: nslcd libnss-ldapd libpam-ldapd nslcd-utils
Architecture: source amd64 all
Version: 0.9.4-2~bpo70+1
Distribution: wheezy-backports
Urgency: medium
Maintainer: Martijn van Brummelen <martijn@brumit.nl>
Changed-By: Martijn van Brummelen <martijn@brumit.nl>
Description:
libnss-ldapd - NSS module for using LDAP as a naming service
libpam-ldapd - PAM module for using LDAP as an authentication service
nslcd - daemon for NSS and PAM lookups using LDAP
nslcd-utils - utilities for querying LDAP via nslcd
Closes: 647502 659488 661872 692633 694420 695044 699841 701067 706913 707193 711867 711884 711889 712231 712311 712728 712847 712876 713047 713921 713987 714651 717063 726435 739330 750949 751047 751100 752515 752550 753691 753710 753948 754101 754284 754476 754989 755037 755282
Changes:
nss-pam-ldapd (0.9.4-2~bpo70+1) wheezy-backports; urgency=medium
.
* Rebuild for wheezy-backports.
* Change maintainer to "me".
* Disable pynslcd as it is still experimental.
* Remove uneeded python dependency's .
.
nss-pam-ldapd (0.9.4-2) unstable; urgency=low
.
* debconf translation updates:
- Portuguese by Américo Monteiro (closes: #751047)
- French by Christian Perrier (closes: #751100)
- Japanese by Kenshi Muto (closes: #752515)
- Russian by Yuri Kozlov (closes: #752550)
- Dutch by Arthur de Jong
- Swedish by Martin Bagge (closes: #753691)
(with corrections by Anders Jonsson)
- Czech by Miroslav Kure (closes: #753710)
- Danish by Joe Hansen (closes: #753948)
- Turkish by Mert Dirik (closes: #754101)
- Slovak by Slavko (closes: #754284)
- German by Chris Leick (closes: #754476)
- Polish by Michał Kułach (closes: #754989)
- Spanish by Matías A. Bellone (closes: #755037)
- Italian by Beatrice Torracca (closes: #755282)
* for new installs add tls_cacertfile /etc/ssl/certs/ca-certificates.crt to
nslcd.conf (closes: #750949)
* provide a debconf prompt for tls_cacertfile if TLS is enabled and reqcert
is configured (closes: #750949, #661872)
* update autopkgtest tests to dump daemon debug info if tests fail and not
stop the tests on first failure
.
nss-pam-ldapd (0.9.4-1) unstable; urgency=medium
.
* upload to unstable
* new upstream release:
- also handle password policy information on BIND failure (this makes it
possible to distinguish between a wrong password and an expired
password)
- fix mapping the member attribute to an empty string
- any buffers that may have held passwords are cleared before the memory
is released
- increase buffer size for passwords to support extremely long passwords
(thanks ushi)
- increase buffer size for DN to support very long names or names with
non-ASCII characters
- log an error in almost all places where a defined buffer is not large
enough to hold the provided data instead of just (sometimes silently)
failing
- logging improvements (start-up problems, login failures)
* add signature checking option to watch file
* add a debian/upstream/metadata file
.
nss-pam-ldapd (0.9.3-1) experimental; urgency=low
.
* new upstream release:
- make the dn2uid cache lifetime configurable with the cache
configuration option
- have the nslcd process only exit after the service is completely
available to avoid race conditions in the init script
- the nslcd daemon now properly daemonises (double fork)
- support mapping the member attribute to an empty string to disable the
functionality to do extra lookups for member DN to member uid
translations
- implement deref control handling to request the LDAP server to
dereference group member attribute values to uid values
- support getting built-in groups from Active Directory (thanks Davy
Defaud)
- fix for pwdLastSet attribute value handling (thanks Joshua Shire)
- fix a possible crash in the NSS module when retrieving large networks
entries (thanks Lukas Slebodnik)
- correct NSS h_errnop return value to indicate buffer too small (thanks
Nalin Dahyabhai)
- fix a bug with shadow values on 64-bit architectures (closes: #739330)
* debian/copyright: copyright year updates
* add build dependencies for used Python modules because the new upstream
version checks them with configure script
.
nss-pam-ldapd (0.9.2-1) experimental; urgency=low
.
* new upstream release:
- increase password value buffer size (by Bersl)
- avoid more broken pipe errors by using a low timeout when aborting
reading requested information from nslcd (thanks John Sullivan)
- only log broken pipe errors in debugging mode
- fix buffer overflow on interrupted read that is hard to trigger (thanks
John Sullivan)
- use clock_gettime() with CLOCK_MONOTONIC for timeout calculations to
avoid clock adjustments errors (thanks John Sullivan)
- extend test suite to test for CLOCK_MONOTONIC and timed IO timeout
calculations
- increase the maximum number of base statements per map to 31
- use larger nslcd send buffers to reduce the number of write operations
in nslcd and consequently the number of reads in the NSS and PAM modules
(thanks John Sullivan)
- also run invalidators after first successful search
- various clean-ups, portability improvements and fixes for compiler
warnings
- import configure checks of Python modules
- provide a script for setting up slapd in a test environment,
automatically loaded with the required test data
- add script for evaluating test environment availability
- portability improvements in the test scripts and test environment
* avoid prompting to restart services on initial install
* upgrade to standards-version 3.9.5 (no changes needed)
* add DEP-8 autopkgtest end-to-end tests of installed packages running an
LDAP server and performing NSS and PAM operations
.
nss-pam-ldapd (0.9.1-2) experimental; urgency=low
.
* mark pynslcd as multi-arch foreign to allow it to satisfy dependencies
on any arch
* add init script dependency on $network to ensure that network is up
before starting nslcd (closes: #726435)
* clean generated manual pages to allow the package to be built twice in
a row
* when upgrading from a pre-0.9 version, have the nslcd preinst check if
a screensaver is running that could end up locking users out of their
system (heavily based on the eglibc and pam packaging)
* when upgrading from a pre-0.9 version, have the nslcd postinst check
if any services need to be restarted to load the new modules (heavily
based on the eglibc and pam packaging)
* debconf translation updates:
- Dutch by Arthur de Jong
.
nss-pam-ldapd (0.9.1-1) experimental; urgency=low
.
* new upstream release:
- rename the nscd_invalidate option to reconnect_invalidate and allow
flushing the nfsidmap cache with the new option (perhaps a fix for
#500778)
- implement an -n switch to not daemonise (by Caleb Callaway)
- nslcd will now return partial shadow information to non-root users to
avoid authorisation problems with setgid shadow authentication helpers
with some PAM stacks (closes: #706913)
- nslcd will now retry failing LDAP connections after receiving SIGUSR1
- the code for the nslcd utilities (getent.ldap and chsh.ldap) is now
installed in /usr/share/nslcd-utils
- improve error and help output of the getent.ldap command
- documentation updates
- fix for a potential, small memory leak in PAM module regarding temporary
saving of old password
- a large number of bug fixes and improvements in pynslcd
- hide passwords from the pynslcd debug output
- support start_tls, pam_password_prohibit_message, nss_min_uid and
nss_initgroups_ignoreusers in pynslcd
- fix rootpwmodpw handling in pynslcd
- complete a basic PAM implementation in pynslcd (some things such as
shadow attribute checking remain to be implemented)
* drop 02-fix-missing-self.patch which is part of 0.9.1
* install the same documentation in pynslcd as with nslcd
* debian/nslcd.config: properly handle preseeding and reading values
from the configuration file by forcefully overwriting debconf values
from nslcd.conf and not overwriting debconf values when reading other
configuration files (closes: #717063)
* fix the tests by adding python-daemon and python-ldap to Build-Depends
and fixing the permissions of the test configuration file
* install an if-up scripts for nslcd that sends SIGUSR1 to the daemon to
re-check LDAP server availability
.
nss-pam-ldapd (0.9.0-2) experimental; urgency=low
.
* debconf translation updates:
- Japanese by Kenshi Muto (closes: #711867)
- Russian by Yuri Kozlov (closes: #711884)
- Slovak by Slavko (closes: #711889)
- Portuguese by Américo Monteiro (closes: #712231)
- Danish by Joe Hansen (closes: #712311)
- German by Chris Leick (closes: #712728)
- French by Christian Perrier (closes: #712847)
- Turkish by Atila KOÇ (closes: #712876)
- Czech by Miroslav Kure (closes: #713047)
- Italian by Beatrice Torracca (closes: #713987)
- Dutch by Arthur de Jong
- Swedish by Martin Bagge (closes: #714651)
* new debconf translations:
- Polish by Michał Kułach (closes: #713921)
* remove debian/pynslcd.init in clean target
* move python build dependency from Build-Depends-Indep to Build-Depends
because dh_python2 is used for every dh invocation
.
nss-pam-ldapd (0.9.0-1) experimental; urgency=low
.
* new upstream release:
- use network byte order in the the communications protocol between
nslcd and NSS and PAM modules to work on mixed endian multiarch
systems (closes: #659488)
- netgroup lookups now makes a distinction between empty netgroups and
non-existing netgroups
- request and handle password policy controls on LDAP authentication
- implement support for nested groups which can be enabled with the
nss_nested_groups option (thanks Steve Hill) (closes: #647502)
- add a log option to configure log level and logging to plain files
(closes: #699841)
- add an nscd_invalidate option to invalidate the nscd cache after
recovering from LDAP connection problems (to clear any negative cache
entries)
- allow trimming expressions with ${foo#bar} syntax in attribute mapping
expressions (thanks Thorsten Glaser) (closes: #695044)
(pynslcd supports trimming expressions with full shell glob matching)
- support password modification in pynslcd
- support children search scope for systems that have it
- add a getent.ldap utility to perform nslcd queries bypassing the libc
NSS stack
- implement functionality for changing user information and provide a
chsh.ldap utility to allow users to change their login shell
- remove deprecated use_sasl, reconnect_tries, reconnect_maxsleeptime and
tls_checkpeer options which have been replaced long ago
- allow names with one character in default validnames option and allow
parentheses (taken from Fedora packages)
- fall back to updating the lastChange attribute with the normal LDAP
connection
- dump full nslcd configuration at debug level on start-up
- export an _nss_ldap_version symbol in the NSS module to make finding
version mismatches easier (the NSS module version is logged from nslcd)
- documentation improvements
- temporary disable the caching functionality of pynslcd
- usability improvements in the pynslcd implementation
* debian/copyright: copyright year updates
* introduce a nslcd-2 (for the protocol version) virtual package that can
be shared between nslcd, pynslcd and potentially nssov
* introduce a nslcd-utils package that contains the getent.ldap and
chsh.ldap utilities
* libnss-ldapd.postrm: do not offer to remove entries from nsswitch.conf
when switching between module implementation or architecture
* feedback from the debian-l10n-english contributors on the debconf
templates and package descriptions (closes: #707193) (thanks Christian
PERRIER and Justin B Rye)
* introduce a pynslcd package that provides an alternative, experimental
implementation of nslcd in Python (this package shares configuration
and packaging scripts with nslcd)
* 02-fix-missing-self.patch: fix a bug in pynslcd
* ensure that /var/run/nslcd is not removed and /etc/nslcd.conf is not
purged as long as an nslcd implementation is still present
.
nss-pam-ldapd (0.8.13-1) unstable; urgency=low
.
* new upstream release:
- include an extra sanity check to ensure not too many file
descriptors are open
- fix handling of gid configuration option if it listed before the uid
option
- return NSS_STATUS_TRYAGAIN on zero-length (but not-NULL) buffer (thanks
Jakub Hrozek)
- provide an _nss_ldap_version symbol in the NSS module to help debug
problems with a newer nslcd
- retry updating the lastChange attribute with the normal nslcd LDAP
connection if the update with the user's connection failed
- avoid processing passwd_byuid requests for uids below nss_min_uid
- fix a few minor or very unlikely to occur memory leaks
- miscellaneous minor changes, fixes and compatibility improvements
* drop 01-fix-set-usec-instead-of-sec.patch which is part of 0.8.13
* remove compatibility code that converted nss-ldapd.conf to nslcd.conf
for upgrading from pre-0.7 versions of nss-ldapd (thanks Dominik George)
* remove code for fixing permissions when upgrading from a pre-0.6.7.1
version
* updated Turkish debconf translation by Atila KOÇ (closes: #701067)
* drop Richard A Nelson from uploaders
* add build dependency on autotools-dev to ensure config.sub and
config.guess are automatically updated during build
.
nss-pam-ldapd (0.8.12-1) experimental; urgency=low
.
* new upstream release:
- fix a problem with the sasl_canonicalize option that would cause
errors on non-SASL enabled systems
- ensure that the file descriptors in the NSS and PAM modules for
connecting to nslcd are closed on exec of the process
- allow attribute options in attribute mapping expressions
- show reconnect messages when failing over to a different LDAP server
or re-establishing the connection to an LDAP server (the message
accidentally got hidden in 0.7.4)
- small improvement to PAM error logging
* added Turkish debconf translation by Atila KOÇ (closes: #694420)
* 01-fix-set-usec-instead-of-sec.patch: fix a problem in the timeout
calculation used in the communication protocol between nslcd and the
NSS and PAM modules, thanks Julien Cristau
.
nss-pam-ldapd (0.8.11-1) experimental; urgency=low
.
* new upstream release:
- add a pam_password_prohibit_message nslcd.conf option to deny password
change (thanks to Ted Cheng)
- add a sasl_canonicalize option to allow disabling of hostname
canonicalisation in OpenLDAP
- have the nslcd daemon load the nslcd user's supplementary groups to have
more flexibility with assigning group permissions (LP: #1020303)
- fix logic error when falling back to getting ranged attribute values for
possibly binary attributes (thanks scan-build)
- fix a problem when storing negative hit to dn2uid cache (thanks
scan-build)
- small portability improvements
- grow all search filter buffers to 4096 bytes
* drop 01-use-poll-instead-of-select.patch which is part of 0.8.11
* install upstream ldapns.ldif instead of debian/ldapns.ldif one
* mark ldapns.schema and ldapns.ldif as example files
* upgrade to standards-version 3.9.4 (no changes needed)
* small language improvement in debconf template and list more SASL
mechanisms
* update X-Start-Before in the init script so that nslcd is started
before various IMAP servers (closes: #692633)
* update X-Start-Before in the init script so that nslcd is started
before a display manager
* update Should-Start in the init script so that nslcd is started after
a Kerberos KDC is available
Checksums-Sha1:
eb7b64a3fa81e47cd20eef172190fbdba14ba614 1877 nss-pam-ldapd_0.9.4-2~bpo70+1.dsc
4e739564f8fe3f33015fb7a52b9ef5acb0c5b27d 155650 nss-pam-ldapd_0.9.4-2~bpo70+1.debian.tar.gz
71f6aa3a2967dd125f7f453dda095e6db86641a7 218430 nslcd_0.9.4-2~bpo70+1_amd64.deb
b2a2da61766460133d2ff4620b38313fe3a2f69a 76874 libnss-ldapd_0.9.4-2~bpo70+1_amd64.deb
8d83eb1ec13930f6e76501ebc9a08d7a1fbf4e22 62656 libpam-ldapd_0.9.4-2~bpo70+1_amd64.deb
8c0866de0c790a1a148334874ab3b7f6f4fdf622 59088 nslcd-utils_0.9.4-2~bpo70+1_all.deb
Checksums-Sha256:
c05c30f74b710d820c0b0e77e4592aedca75debb62440345ff54bdfd80def068 1877 nss-pam-ldapd_0.9.4-2~bpo70+1.dsc
b1b91497f9ce6614f1d2e92a339a5d544ec67be839302d2d90a2b54aa2e7dae3 155650 nss-pam-ldapd_0.9.4-2~bpo70+1.debian.tar.gz
a03eb7fc8ad993d66c15de64714ee9e4ba477f0d0cf37a6af20f8c408d8af5c1 218430 nslcd_0.9.4-2~bpo70+1_amd64.deb
e8f184f2630c076aa9a2d5b9e1904d3ded819040e8ebc5e64d2fbcd351275761 76874 libnss-ldapd_0.9.4-2~bpo70+1_amd64.deb
eb4f1c5bd73573b308026ac0ce3c1ce7793aa9d9caaaebde2a945a7a35c3a9d9 62656 libpam-ldapd_0.9.4-2~bpo70+1_amd64.deb
e2e049f6944718ba51de3c796823ca2c21ad2d2038504f314b23a90d4bb48589 59088 nslcd-utils_0.9.4-2~bpo70+1_all.deb
Files:
f401e1d8922c2a0844381066888b7f49 1877 admin extra nss-pam-ldapd_0.9.4-2~bpo70+1.dsc
2e32a9d7ca33b63db10d91ab657e69fb 155650 admin extra nss-pam-ldapd_0.9.4-2~bpo70+1.debian.tar.gz
ce5fd5fe20715dd226ed479891eb79e0 218430 admin extra nslcd_0.9.4-2~bpo70+1_amd64.deb
df325d2af9269171f8684adb24cba411 76874 admin extra libnss-ldapd_0.9.4-2~bpo70+1_amd64.deb
efdeb0f8e188ae93c257316fe18c79aa 62656 admin extra libpam-ldapd_0.9.4-2~bpo70+1_amd64.deb
70054ffce99cc1b39f6dd6f7015d8110 59088 admin extra nslcd-utils_0.9.4-2~bpo70+1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBAgAGBQJT8uQlAAoJEFb2GnlAHawEi+4H/1W+Pi8whf7dvrvWm9BpSoqr
U1EZCdYUoOt+cY+xg0AnfBR+HO4L1SuCp1cy4lO2Mads24b22ijcPWPP6JLvq3gX
MUjJ8RSbRZLVg57BDDoKL/n9CxdGDeQb1Pt3/iYN3f4NGSSG2DdvmZrhoiu+RM1n
aXWrOOcsXgOW8ePfFii7bgatGa9Vw/qu8tD/mDJTlNJvgp+9AJa5H+mUkQnLScH2
Ev8f1JnAMm8o42PW+0DfdnhyDqEgMvTduITxne/mguOaThQQg+lNJLYaBoMUF5Lq
KneRHGBP5RcFqHdrgisSSoMfRkJyf+CmxxfMfLtZRHBGPaCOoIMNgh8uCw0j2JI=
=Yps2
-----END PGP SIGNATURE-----
Reply to: