[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#682583: pu: package nss-pam-ldapd/0.7.15+squeeze2

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: pu

Dear stable release team,

I would like to upload a new release of nss-pam-ldapd for squeeze that
fixes a few bugs. The fixes below (apart from the first one) should all
be very straightforward.

(1) extra checking of overflows of numeric values retrieved from LDAP
    This change was developed and tested by Redhat and has been in
    upstream releases 0.7.16 and 0.8.4 (and is also present in the
    version currently in testing).
    The diff in 0.7.16 which should apply without issues to 0.7.15:
    svn diff -c 1600 http://arthurdejong.org/svn/nss-pam-ldapd

(2) fix gecos buffer length and make some other buffers have a
    consistent size (this is #640781)
    This change was in 0.8.5 and is scheduled for a next 0.7 upstream
    release. The bug reporter requested this change to go in a squeeze
    point release.
    The diff:
    svn diff -c 1727 http://arthurdejong.org/svn/nss-pam-ldapd

(3) fix two possible NULL pointer dereferences (not very common
    These changes were in 0.8.5 and are scheduled for a next 0.7
    upstream release.
    The diffs:
    svn diff -c 1728 http://arthurdejong.org/svn/nss-pam-ldapd
    svn diff -c 1730 http://arthurdejong.org/svn/nss-pam-ldapd

(4) increase buffer size for pam_authz_search and ensure log message
    isn't cut short (this is Ubuntu bug #951343)
    These changes were in 0.7.16 and 0.8.7.
    The diffs:
    svn diff -c 1629 http://arthurdejong.org/svn/nss-pam-ldapd
    svn diff -c 1648 http://arthurdejong.org/svn/nss-pam-ldapd

Do you think any of the above are acceptable or unacceptable for a point
release. If you like I can provide more background information or
prepare a debdiff.


-- arthur - adejong@debian.org - http://people.debian.org/~adejong --

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: