[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#687980: unblock: nss-pam-ldapd/0.8.10-2

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package nss-pam-ldapd.

Dear release team,

I've made an upload of nss-pam-ldapd 0.8.10-2 that includes the
following changes (from debian/changelog):

  * fix typo in comment (thanks Caleb Callaway)
  * install a ldapns.ldif in nslcd doc directory (closes: #674591)
  * ensure that time is set before starting k5start to ensure that Kerberos
    ticket is granted (closes: #659227)
  * properly parse and write configuration options with an optional map
    parameter during debconf configuration (LP: #1029062)

The first two points should be simple and minor changes. The third is
also a simple change that shouldn't affect the boot order too much.

The last one is the trickiest one but also the most important one. The
changes are in nslcd.config and nslcd.postinst and the changes ensure
that the base statement isn't changed when using a map-specific option.
So this isn't matched and changed any more:
  base passwd ou=people,dc=example,dc=com
but this is:
  base dc=example,dc=com
I've tested it pretty thoroughly and it should work correctly.

Attached is a debdiff between 0.8.10-1 currently in testing and
0.8.10-2.

Thanks.

unblock nss-pam-ldapd/0.8.10-2

-- 
-- arthur - adejong@debian.org - http://people.debian.org/~adejong --

diff -Nru nss-pam-ldapd-0.8.10/debian/changelog nss-pam-ldapd-0.8.10/debian/changelog
--- nss-pam-ldapd-0.8.10/debian/changelog	2012-06-29 12:29:18.000000000 +0200
+++ nss-pam-ldapd-0.8.10/debian/changelog	2012-08-31 23:43:09.000000000 +0200
@@ -1,6 +1,17 @@
+nss-pam-ldapd (0.8.10-2) unstable; urgency=low
+
+  * fix typo in comment (thanks Caleb Callaway)
+  * install a ldapns.ldif in nslcd doc directory (closes: #674591)
+  * ensure that time is set before starting k5start to ensure that Kerberos
+    ticket is granted (closes: #659227)
+  * properly parse and write configuration options with an optional map
+    parameter during debconf configuration (LP: #1029062)
+
+ -- Arthur de Jong <adejong@debian.org>  Fri, 31 Aug 2012 23:30:00 +0200
+
 nss-pam-ldapd (0.8.10-1) unstable; urgency=low
 
-  * New upstream release:
+  * new upstream release:
     - documentation improvements
     - fix a problem that causes the PAM module to prompt for a new password
       even though the old one was wrong
@@ -38,7 +49,7 @@
     - fix a problem in the handling of PAM requests in nslcd (closes: #670419)
     - install the ldapns.schema in nslcd docs (closes: #669680)
   * use the configuration file contents to determine the authentication
-    type, not the debconf database (closes: #670133)
+    type, not the debconf database (closes: #670133) (LP: #1000205)
   * switch PAM account type to primary because it now does all the
     authorisation checks that pam_unix also does
   * drop functionality to check whether shadow information is exposed
diff -Nru nss-pam-ldapd-0.8.10/debian/ldapns.ldif nss-pam-ldapd-0.8.10/debian/ldapns.ldif
--- nss-pam-ldapd-0.8.10/debian/ldapns.ldif	1970-01-01 01:00:00.000000000 +0100
+++ nss-pam-ldapd-0.8.10/debian/ldapns.ldif	2012-08-31 12:37:15.000000000 +0200
@@ -0,0 +1,15 @@
+# LDAP Name Service Additional Schema
+# Source: pam_ldap package by Luke Howard converted to LDIF by Slavko
+# Has not been published in Internet Draft or RFC.
+
+dn: cn=ldapns,cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: ldapns
+olcAttributeTypes: {0}( 1.3.6.1.4.1.5322.17.2.1 NAME 'authorizedService' DESC
+ 'IANA GSS-API authorized service name' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.
+ 1.4.1.1466.115.121.1.15{256} )
+olcObjectClasses: {0}( 1.3.6.1.4.1.5322.17.1.1 NAME 'authorizedServiceObject'
+ DESC 'Auxiliary object class for adding authorizedService attribute' SUP top
+ AUXILIARY MAY authorizedService )
+olcObjectClasses: {1}( 1.3.6.1.4.1.5322.17.1.2 NAME 'hostObject' DESC 'Auxilia
+ ry object class for adding host attribute' SUP top AUXILIARY MAY host )
diff -Nru nss-pam-ldapd-0.8.10/debian/libnss-ldapd.config nss-pam-ldapd-0.8.10/debian/libnss-ldapd.config
--- nss-pam-ldapd-0.8.10/debian/libnss-ldapd.config	2012-01-20 17:05:16.000000000 +0100
+++ nss-pam-ldapd-0.8.10/debian/libnss-ldapd.config	2012-07-07 17:04:36.000000000 +0200
@@ -7,7 +7,7 @@
 db_version 2.0
 
 #
-# This is the fist part of the script. In this part an attempt
+# This is the first part of the script. In this part an attempt
 # is made to get or guess the current configuration. This information
 # is used later on to prompt the user and to provide a sensible
 # default.
diff -Nru nss-pam-ldapd-0.8.10/debian/nslcd.config nss-pam-ldapd-0.8.10/debian/nslcd.config
--- nss-pam-ldapd-0.8.10/debian/nslcd.config	2012-05-09 22:56:09.000000000 +0200
+++ nss-pam-ldapd-0.8.10/debian/nslcd.config	2012-08-31 23:26:52.000000000 +0200
@@ -14,7 +14,7 @@
 db_capb backup
 
 #
-# This is the fist part of the script. In this part an attempt
+# This is the first part of the script. In this part an attempt
 # is made to get or guess the current configuration. This information
 # is used later on to prompt the user and to provide a sensible
 # default.
@@ -29,7 +29,8 @@
   # overwrite debconf value if different from config file
   db_get "$debconf_param"
   debconf_value="$RET"
-  cfgfile_value=`sed -n 's/^'"$cfg_param"'[[:space:]]*\([^[:space:]].*[^[:space:]]\)[[:space:]]*$/\1/ip' "$cfgfile" | head -n 1`
+  # the first part avoids getting options that have an option MAP parameter
+  cfgfile_value=`sed -n '/^'"$cfg_param"'[[:space:]]\(aliases\|ethers\|group\|hosts\|netgroup\|networks\|passwd\|protocols\|rpc\|services\|shadow\)[[:space:]]/!s/^'"$cfg_param"'[[:space:]]*\([^[:space:]].*[^[:space:]]\)[[:space:]]*$/\1/ip' "$cfgfile" | head -n 1`
   [ -n "$cfgfile_value" ] && [ "$debconf_value" != "$cfgfile_value" ] && db_set "$debconf_param" "$cfgfile_value"
   # we're done
   return 0
diff -Nru nss-pam-ldapd-0.8.10/debian/nslcd.docs nss-pam-ldapd-0.8.10/debian/nslcd.docs
--- nss-pam-ldapd-0.8.10/debian/nslcd.docs	2012-04-27 10:42:15.000000000 +0200
+++ nss-pam-ldapd-0.8.10/debian/nslcd.docs	2012-07-20 13:02:23.000000000 +0200
@@ -2,3 +2,4 @@
 AUTHORS
 NEWS
 ldapns.schema
+debian/ldapns.ldif
diff -Nru nss-pam-ldapd-0.8.10/debian/nslcd.init nss-pam-ldapd-0.8.10/debian/nslcd.init
--- nss-pam-ldapd-0.8.10/debian/nslcd.init	2012-02-04 14:48:36.000000000 +0100
+++ nss-pam-ldapd-0.8.10/debian/nslcd.init	2012-07-11 21:08:05.000000000 +0200
@@ -21,7 +21,7 @@
 
 ### BEGIN INIT INFO
 # Provides:          nslcd
-# Required-Start:    $remote_fs $syslog
+# Required-Start:    $remote_fs $syslog $time
 # Required-Stop:     $remote_fs $syslog
 # Should-Start:      $named slapd
 # X-Start-Before:    $mail-transport-agent mail-transport-agent exim4 sendmail nullmailer masqmail citadel cron atd autofs am-utils apache2 slim wdm gdm3 xdm kdm
diff -Nru nss-pam-ldapd-0.8.10/debian/nslcd.postinst nss-pam-ldapd-0.8.10/debian/nslcd.postinst
--- nss-pam-ldapd-0.8.10/debian/nslcd.postinst	2012-04-26 23:09:55.000000000 +0200
+++ nss-pam-ldapd-0.8.10/debian/nslcd.postinst	2012-08-31 23:27:07.000000000 +0200
@@ -10,19 +10,12 @@
 {
   parameter="$1"
   value="$2"
-  # make matching of spaces better in parameter
-  # this is complicated becase of the "base [map] dn" keyword
-  param_re=`echo "$parameter" | sed 's#^#[[:space:]]*#;s#[[:space:]][[:space:]]*#[[:space:]][[:space:]]*#g'`
-  # lines to not match
-  nomatch_re="^$param_re[[:space:]][[:space:]]*\(aliases\|ethers\|group\|hosts\|netgroup\|networks\|passwd\|protocols\|rpc\|services\|shadow\)"
   # check if the parameter is defined
-  line=`sed -n '/'"$nomatch_re"'/n;/^'"$param_re"'[[:space:]]/p' "$CONFFILE" | head -n 1`
+  line=`sed -n '/^'"$parameter"'[[:space:]]*\(aliases\|ethers\|group\|hosts\|netgroup\|networks\|passwd\|protocols\|rpc\|services\|shadow\)[[:space:]]/d;/^'"$parameter"'[[:space:]]/p' "$CONFFILE" | head -n 1`
   if [ -z "$line" ]
   then
     # check if the parameter is commented out
-    param_re="#$param_re"
-    nomatch_re="^$param_re[[:space:]][[:space:]]*\(aliases\|ethers\|group\|hosts\|netgroup\|networks\|passwd\|protocols\|rpc\|services\|shadow\)"
-    line=`sed -n '/'"$nomatch_re"'/n;/^'"$param_re"'[[:space:]]/p' "$CONFFILE" | head -n 1`
+    line=`sed -n '/^#'"$parameter"'[[:space:]]*[aeghnprs][acedgihklopsrutwv]*[[:space:]]/d;/^#'"$parameter"'[[:space:]]/p' "$CONFFILE" | head -n 1`
   fi
   # decide what to do
   if [ -z "$line" ]

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: