Accepted nss-pam-ldapd 0.9.4-1 (source i386 all)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 08 Jun 2014 14:00:00 +0200
Source: nss-pam-ldapd
Binary: nslcd pynslcd libnss-ldapd libpam-ldapd nslcd-utils
Architecture: source i386 all
Version: 0.9.4-1
Distribution: unstable
Urgency: medium
Maintainer: Arthur de Jong <adejong@debian.org>
Changed-By: Arthur de Jong <adejong@debian.org>
Description:
libnss-ldapd - NSS module for using LDAP as a naming service
libpam-ldapd - PAM module for using LDAP as an authentication service
nslcd - daemon for NSS and PAM lookups using LDAP
nslcd-utils - utilities for querying LDAP via nslcd
pynslcd - daemon for NSS and PAM lookups via LDAP - Python version
Closes: 647502 659488 695044 699841 706913 707193 711867 711884 711889 712231 712311 712728 712847 712876 713047 713921 713987 714651 717063 726435 739330
Changes:
nss-pam-ldapd (0.9.4-1) unstable; urgency=medium
.
* upload to unstable
* new upstream release:
- also handle password policy information on BIND failure (this makes it
possible to distinguish between a wrong password and an expired
password)
- fix mapping the member attribute to an empty string
- any buffers that may have held passwords are cleared before the memory
is released
- increase buffer size for passwords to support extremely long passwords
(thanks ushi)
- increase buffer size for DN to support very long names or names with
non-ASCII characters
- log an error in almost all places where a defined buffer is not large
enough to hold the provided data instead of just (sometimes silently)
failing
- logging improvements (start-up problems, login failures)
* add signature checking option to watch file
* add a debian/upstream/metadata file
.
nss-pam-ldapd (0.9.3-1) experimental; urgency=low
.
* new upstream release:
- make the dn2uid cache lifetime configurable with the cache
configuration option
- have the nslcd process only exit after the service is completely
available to avoid race conditions in the init script
- the nslcd daemon now properly daemonises (double fork)
- support mapping the member attribute to an empty string to disable the
functionality to do extra lookups for member DN to member uid
translations
- implement deref control handling to request the LDAP server to
dereference group member attribute values to uid values
- support getting built-in groups from Active Directory (thanks Davy
Defaud)
- fix for pwdLastSet attribute value handling (thanks Joshua Shire)
- fix a possible crash in the NSS module when retrieving large networks
entries (thanks Lukas Slebodnik)
- correct NSS h_errnop return value to indicate buffer too small (thanks
Nalin Dahyabhai)
- fix a bug with shadow values on 64-bit architectures (closes: #739330)
* debian/copyright: copyright year updates
* add build dependencies for used Python modules because the new upstream
version checks them with configure script
.
nss-pam-ldapd (0.9.2-1) experimental; urgency=low
.
* new upstream release:
- increase password value buffer size (by Bersl)
- avoid more broken pipe errors by using a low timeout when aborting
reading requested information from nslcd (thanks John Sullivan)
- only log broken pipe errors in debugging mode
- fix buffer overflow on interrupted read that is hard to trigger (thanks
John Sullivan)
- use clock_gettime() with CLOCK_MONOTONIC for timeout calculations to
avoid clock adjustments errors (thanks John Sullivan)
- extend test suite to test for CLOCK_MONOTONIC and timed IO timeout
calculations
- increase the maximum number of base statements per map to 31
- use larger nslcd send buffers to reduce the number of write operations
in nslcd and consequently the number of reads in the NSS and PAM modules
(thanks John Sullivan)
- also run invalidators after first successful search
- various clean-ups, portability improvements and fixes for compiler
warnings
- import configure checks of Python modules
- provide a script for setting up slapd in a test environment,
automatically loaded with the required test data
- add script for evaluating test environment availability
- portability improvements in the test scripts and test environment
* avoid prompting to restart services on initial install
* upgrade to standards-version 3.9.5 (no changes needed)
* add DEP-8 autopkgtest end-to-end tests of installed packages running an
LDAP server and performing NSS and PAM operations
.
nss-pam-ldapd (0.9.1-2) experimental; urgency=low
.
* mark pynslcd as multi-arch foreign to allow it to satisfy dependencies
on any arch
* add init script dependency on $network to ensure that network is up
before starting nslcd (closes: #726435)
* clean generated manual pages to allow the package to be built twice in
a row
* when upgrading from a pre-0.9 version, have the nslcd preinst check if
a screensaver is running that could end up locking users out of their
system (heavily based on the eglibc and pam packaging)
* when upgrading from a pre-0.9 version, have the nslcd postinst check
if any services need to be restarted to load the new modules (heavily
based on the eglibc and pam packaging)
* debconf translation updates:
- Dutch by Arthur de Jong
.
nss-pam-ldapd (0.9.1-1) experimental; urgency=low
.
* new upstream release:
- rename the nscd_invalidate option to reconnect_invalidate and allow
flushing the nfsidmap cache with the new option (perhaps a fix for
#500778)
- implement an -n switch to not daemonise (by Caleb Callaway)
- nslcd will now return partial shadow information to non-root users to
avoid authorisation problems with setgid shadow authentication helpers
with some PAM stacks (closes: #706913)
- nslcd will now retry failing LDAP connections after receiving SIGUSR1
- the code for the nslcd utilities (getent.ldap and chsh.ldap) is now
installed in /usr/share/nslcd-utils
- improve error and help output of the getent.ldap command
- documentation updates
- fix for a potential, small memory leak in PAM module regarding temporary
saving of old password
- a large number of bug fixes and improvements in pynslcd
- hide passwords from the pynslcd debug output
- support start_tls, pam_password_prohibit_message, nss_min_uid and
nss_initgroups_ignoreusers in pynslcd
- fix rootpwmodpw handling in pynslcd
- complete a basic PAM implementation in pynslcd (some things such as
shadow attribute checking remain to be implemented)
* drop 02-fix-missing-self.patch which is part of 0.9.1
* install the same documentation in pynslcd as with nslcd
* debian/nslcd.config: properly handle preseeding and reading values
from the configuration file by forcefully overwriting debconf values
from nslcd.conf and not overwriting debconf values when reading other
configuration files (closes: #717063)
* fix the tests by adding python-daemon and python-ldap to Build-Depends
and fixing the permissions of the test configuration file
* install an if-up scripts for nslcd that sends SIGUSR1 to the daemon to
re-check LDAP server availability
.
nss-pam-ldapd (0.9.0-2) experimental; urgency=low
.
* debconf translation updates:
- Japanese by Kenshi Muto (closes: #711867)
- Russian by Yuri Kozlov (closes: #711884)
- Slovak by Slavko (closes: #711889)
- Portuguese by Américo Monteiro (closes: #712231)
- Danish by Joe Hansen (closes: #712311)
- German by Chris Leick (closes: #712728)
- French by Christian Perrier (closes: #712847)
- Turkish by Atila KOÇ (closes: #712876)
- Czech by Miroslav Kure (closes: #713047)
- Italian by Beatrice Torracca (closes: #713987)
- Dutch by Arthur de Jong
- Swedish by Martin Bagge (closes: #714651)
* new debconf translations:
- Polish by Michał Kułach (closes: #713921)
* remove debian/pynslcd.init in clean target
* move python build dependency from Build-Depends-Indep to Build-Depends
because dh_python2 is used for every dh invocation
.
nss-pam-ldapd (0.9.0-1) experimental; urgency=low
.
* new upstream release:
- use network byte order in the the communications protocol between
nslcd and NSS and PAM modules to work on mixed endian multiarch
systems (closes: #659488)
- netgroup lookups now makes a distinction between empty netgroups and
non-existing netgroups
- request and handle password policy controls on LDAP authentication
- implement support for nested groups which can be enabled with the
nss_nested_groups option (thanks Steve Hill) (closes: #647502)
- add a log option to configure log level and logging to plain files
(closes: #699841)
- add an nscd_invalidate option to invalidate the nscd cache after
recovering from LDAP connection problems (to clear any negative cache
entries)
- allow trimming expressions with ${foo#bar} syntax in attribute mapping
expressions (thanks Thorsten Glaser) (closes: #695044)
(pynslcd supports trimming expressions with full shell glob matching)
- support password modification in pynslcd
- support children search scope for systems that have it
- add a getent.ldap utility to perform nslcd queries bypassing the libc
NSS stack
- implement functionality for changing user information and provide a
chsh.ldap utility to allow users to change their login shell
- remove deprecated use_sasl, reconnect_tries, reconnect_maxsleeptime and
tls_checkpeer options which have been replaced long ago
- allow names with one character in default validnames option and allow
parentheses (taken from Fedora packages)
- fall back to updating the lastChange attribute with the normal LDAP
connection
- dump full nslcd configuration at debug level on start-up
- export an _nss_ldap_version symbol in the NSS module to make finding
version mismatches easier (the NSS module version is logged from nslcd)
- documentation improvements
- temporary disable the caching functionality of pynslcd
- usability improvements in the pynslcd implementation
* debian/copyright: copyright year updates
* introduce a nslcd-2 (for the protocol version) virtual package that can
be shared between nslcd, pynslcd and potentially nssov
* introduce a nslcd-utils package that contains the getent.ldap and
chsh.ldap utilities
* libnss-ldapd.postrm: do not offer to remove entries from nsswitch.conf
when switching between module implementation or architecture
* feedback from the debian-l10n-english contributors on the debconf
templates and package descriptions (closes: #707193) (thanks Christian
PERRIER and Justin B Rye)
* introduce a pynslcd package that provides an alternative, experimental
implementation of nslcd in Python (this package shares configuration
and packaging scripts with nslcd)
* 02-fix-missing-self.patch: fix a bug in pynslcd
* ensure that /var/run/nslcd is not removed and /etc/nslcd.conf is not
purged as long as an nslcd implementation is still present
Checksums-Sha1:
9434ae6df45f61e7fc1c36432bffb70f6d8e4533 1688 nss-pam-ldapd_0.9.4-1.dsc
a112b7d0d73bf2f9e1792accaa0573feffdf22fb 746269 nss-pam-ldapd_0.9.4.orig.tar.gz
f9ceaa1ea6ab79fe96482666e793d33b74afb474 129724 nss-pam-ldapd_0.9.4-1.debian.tar.xz
aee264d6c29e9030db6a21a433ff96a5e6c2b36e 199014 nslcd_0.9.4-1_i386.deb
fa04efcc1a579079b95b9ee77aa38eb94af1e8d2 164838 pynslcd_0.9.4-1_all.deb
ccc99d345ce559b8734e878eda89b56e302720f1 72756 libnss-ldapd_0.9.4-1_i386.deb
34d6e7b4896c384be14e1658a6f3d9b748bbe7c5 59820 libpam-ldapd_0.9.4-1_i386.deb
927d80d369fe934da7fd02142ff904d1ebd1fda2 56906 nslcd-utils_0.9.4-1_all.deb
Checksums-Sha256:
a402d20278b9e15ef50d7bc3bfd5f1502e3140bcc50fe5e1bacade77d6c5708b 1688 nss-pam-ldapd_0.9.4-1.dsc
fd2e3e0935acfd3d2b13682962f51d28d5855472e690d787e36a476fa40c88e6 746269 nss-pam-ldapd_0.9.4.orig.tar.gz
4aeb472c0be479ea1a1fccab70ba7613bbe2fd3bae6f69c67f6b2892b50f8d99 129724 nss-pam-ldapd_0.9.4-1.debian.tar.xz
266e9b7bc10bd0c187b1593ba8afa85d16338988679b45e371679afbcb603440 199014 nslcd_0.9.4-1_i386.deb
cf7d4897a935fc770fe4b0881eff0fa20e7d80ee396416b4bba2a8a9adfa5f7d 164838 pynslcd_0.9.4-1_all.deb
49299c0669ca34d5b0273b646a7a23a999e53383485241eeb75c7d6dcb888873 72756 libnss-ldapd_0.9.4-1_i386.deb
672d9ef346db9aa200fc63785518e19cf9b3a6d6c78f995d77295dfe3fa93eaa 59820 libpam-ldapd_0.9.4-1_i386.deb
5057b7a988ff80bf9ed9858ec07a8ef9dae05a5bcec472db9ddd0155fefc35c8 56906 nslcd-utils_0.9.4-1_all.deb
Files:
2984aeb0517514320efbe5cf59a26675 199014 admin extra nslcd_0.9.4-1_i386.deb
33155b6be96acc69056ace70b46485fc 164838 admin extra pynslcd_0.9.4-1_all.deb
3891bf17e88c8548ff607bd881242466 72756 admin extra libnss-ldapd_0.9.4-1_i386.deb
ae5f3451a167338bf73f6dc3be3a2856 59820 admin extra libpam-ldapd_0.9.4-1_i386.deb
b85b60e7fc9bf6bc78b5d3ac5626eb3d 56906 admin extra nslcd-utils_0.9.4-1_all.deb
5cb3329463b420895ed400d487594e1c 1688 admin extra nss-pam-ldapd_0.9.4-1.dsc
0d74202700efdde3b6e551bfff49c132 746269 admin extra nss-pam-ldapd_0.9.4.orig.tar.gz
c6cd9298cf6695ac2b157ddfec43f57b 129724 admin extra nss-pam-ldapd_0.9.4-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEARECAAYFAlOUWMIACgkQVYan35+NCKertwCZAWZmMzB2JmE5rskBI4FQEq78
V9IAoKQvfZjhDoLyOAtVdw8yt4caXXAl
=DGUr
-----END PGP SIGNATURE-----