Your message dated Sun, 08 Jun 2014 13:04:13 +0000
with message-id <[email protected]>
and subject line Bug#659488: fixed in nss-pam-ldapd 0.9.4-1
has caused the Debian Bug report #659488,
regarding nss-pam-ldapd: problem with mixed endian multiarch
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
659488: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659488
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Subject: nss-pam-ldapd: problem with mixed endian multiarch
Source: nss-pam-ldapd
Version: 0.8.4
Severity: important
User: [email protected]
Usertags: multiarch
Tags: help

The communication protocol that is in use between the NSS and PAM
modules on one end and nslcd on the other end uses host byte order to
transfer integer values. This will cause issues when the NSS or PAM
module uses a different endianness than nslcd.

Ideally, the protocol should be updated to always use network byte
order. This is however a backwards incompatible change and may need
careful consideration during upgrades.

For example, running processes may have an older version of the NSS
module loaded and will no longer be able to find users unless nslcd
accepts both the old and new protocol.

Updating the protocol does also offer some room to make other
improvements (for example to the PAM part of the protocol).

Advice on how to handle this is more than welcome.

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: i386 (x86_64)

Kernel: Linux 3.2.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

-- 
-- arthur - [email protected] - http://people.debian.org/~adejong --

Attachment: signature.asc
Description: This is a digitally signed message part


--- End Message ---
--- Begin Message ---
Source: nss-pam-ldapd
Source-Version: 0.9.4-1

We believe that the bug you reported is fixed in the latest version of
nss-pam-ldapd, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Arthur de Jong <[email protected]> (supplier of updated nss-pam-ldapd package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 08 Jun 2014 14:00:00 +0200
Source: nss-pam-ldapd
Binary: nslcd pynslcd libnss-ldapd libpam-ldapd nslcd-utils
Architecture: source i386 all
Version: 0.9.4-1
Distribution: unstable
Urgency: medium
Maintainer: Arthur de Jong <[email protected]>
Changed-By: Arthur de Jong <[email protected]>
Description:
 libnss-ldapd - NSS module for using LDAP as a naming service
 libpam-ldapd - PAM module for using LDAP as an authentication service
 nslcd      - daemon for NSS and PAM lookups using LDAP
 nslcd-utils - utilities for querying LDAP via nslcd
 pynslcd    - daemon for NSS and PAM lookups via LDAP - Python version
Closes: 647502 659488 695044 699841 706913 707193 711867 711884 711889 712231 
712311 712728 712847 712876 713047 713921 713987 714651 717063 726435 739330
Changes:
 nss-pam-ldapd (0.9.4-1) unstable; urgency=medium
 .
   * upload to unstable
   * new upstream release:
     - also handle password policy information on BIND failure (this makes it
       possible to distinguish between a wrong password and an expired
       password)
     - fix mapping the member attribute to an empty string
     - any buffers that may have held passwords are cleared before the memory
       is released
     - increase buffer size for passwords to support extremely long passwords
       (thanks ushi)
     - increase buffer size for DN to support very long names or names with
       non-ASCII characters
     - log an error in almost all places where a defined buffer is not large
       enough to hold the provided data instead of just (sometimes silently)
       failing
     - logging improvements (start-up problems, login failures)
   * add signature checking option to watch file
   * add a debian/upstream/metadata file
 .
 nss-pam-ldapd (0.9.3-1) experimental; urgency=low
 .
   * new upstream release:
     - make the dn2uid cache lifetime configurable with the cache
       configuration option
     - have the nslcd process only exit after the service is completely
       available to avoid race conditions in the init script
     - the nslcd daemon now properly daemonises (double fork)
     - support mapping the member attribute to an empty string to disable the
       functionality to do extra lookups for member DN to member uid
       translations
     - implement deref control handling to request the LDAP server to
       dereference group member attribute values to uid values
     - support getting built-in groups from Active Directory (thanks Davy
       Defaud)
     - fix for pwdLastSet attribute value handling (thanks Joshua Shire)
     - fix a possible crash in the NSS module when retrieving large networks
       entries (thanks Lukas Slebodnik)
     - correct NSS h_errnop return value to indicate buffer too small (thanks
       Nalin Dahyabhai)
     - fix a bug with shadow values on 64-bit architectures (closes: #739330)
   * debian/copyright: copyright year updates
   * add build dependencies for used Python modules because the new upstream
     version checks them with configure script
 .
 nss-pam-ldapd (0.9.2-1) experimental; urgency=low
 .
   * new upstream release:
     - increase password value buffer size (by Bersl)
     - avoid more broken pipe errors by using a low timeout when aborting
       reading requested information from nslcd (thanks John Sullivan)
     - only log broken pipe errors in debugging mode
     - fix buffer overflow on interrupted read that is hard to trigger (thanks
       John Sullivan)
     - use clock_gettime() with CLOCK_MONOTONIC for timeout calculations to
       avoid clock adjustments errors (thanks John Sullivan)
     - extend test suite to test for CLOCK_MONOTONIC and timed IO timeout
       calculations
     - increase the maximum number of base statements per map to 31
     - use larger nslcd send buffers to reduce the number of write operations
       in nslcd and consequently the number of reads in the NSS and PAM modules
       (thanks John Sullivan)
     - also run invalidators after first successful search
     - various clean-ups, portability improvements and fixes for compiler
       warnings
     - import configure checks of Python modules
     - provide a script for setting up slapd in a test environment,
       automatically loaded with the required test data
     - add script for evaluating test environment availability
     - portability improvements in the test scripts and test environment
   * avoid prompting to restart services on initial install
   * upgrade to standards-version 3.9.5 (no changes needed)
   * add DEP-8 autopkgtest end-to-end tests of installed packages running an
     LDAP server and performing NSS and PAM operations
 .
 nss-pam-ldapd (0.9.1-2) experimental; urgency=low
 .
   * mark pynslcd as multi-arch foreign to allow it to satisfy dependencies
     on any arch
   * add init script dependency on $network to ensure that network is up
     before starting nslcd (closes: #726435)
   * clean generated manual pages to allow the package to be built twice in
     a row
   * when upgrading from a pre-0.9 version, have the nslcd preinst check if
     a screensaver is running that could end up locking users out of their
     system (heavily based on the eglibc and pam packaging)
   * when upgrading from a pre-0.9 version, have the nslcd postinst check
     if any services need to be restarted to load the new modules (heavily
     based on the eglibc and pam packaging)
   * debconf translation updates:
     - Dutch by Arthur de Jong
 .
 nss-pam-ldapd (0.9.1-1) experimental; urgency=low
 .
   * new upstream release:
     - rename the nscd_invalidate option to reconnect_invalidate and allow
       flushing the nfsidmap cache with the new option (perhaps a fix for
       #500778)
     - implement an -n switch to not daemonise (by Caleb Callaway)
     - nslcd will now return partial shadow information to non-root users to
       avoid authorisation problems with setgid shadow authentication helpers
       with some PAM stacks (closes: #706913)
     - nslcd will now retry failing LDAP connections after receiving SIGUSR1
     - the code for the nslcd utilities (getent.ldap and chsh.ldap) is now
       installed in /usr/share/nslcd-utils
     - improve error and help output of the getent.ldap command
     - documentation updates
     - fix for a potential, small memory leak in PAM module regarding temporary
       saving of old password
     - a large number of bug fixes and improvements in pynslcd
     - hide passwords from the pynslcd debug output
     - support start_tls, pam_password_prohibit_message, nss_min_uid and
       nss_initgroups_ignoreusers in pynslcd
     - fix rootpwmodpw handling in pynslcd
     - complete a basic PAM implementation in pynslcd (some things such as
       shadow attribute checking remain to be implemented)
   * drop 02-fix-missing-self.patch which is part of 0.9.1
   * install the same documentation in pynslcd as with nslcd
   * debian/nslcd.config: properly handle preseeding and reading values
     from the configuration file by forcefully overwriting debconf values
     from nslcd.conf and not overwriting debconf values when reading other
     configuration files (closes: #717063)
   * fix the tests by adding python-daemon and python-ldap to Build-Depends
     and fixing the permissions of the test configuration file
   * install an if-up scripts for nslcd that sends SIGUSR1 to the daemon to
     re-check LDAP server availability
 .
 nss-pam-ldapd (0.9.0-2) experimental; urgency=low
 .
   * debconf translation updates:
     - Japanese by Kenshi Muto (closes: #711867)
     - Russian by Yuri Kozlov (closes: #711884)
     - Slovak by Slavko (closes: #711889)
     - Portuguese by Américo Monteiro (closes: #712231)
     - Danish by Joe Hansen (closes: #712311)
     - German by Chris Leick (closes: #712728)
     - French by Christian Perrier (closes: #712847)
     - Turkish by Atila KOÇ (closes: #712876)
     - Czech by Miroslav Kure (closes: #713047)
     - Italian by Beatrice Torracca (closes: #713987)
     - Dutch by Arthur de Jong
     - Swedish by Martin Bagge (closes: #714651)
   * new debconf translations:
     - Polish by Michał Kułach (closes: #713921)
   * remove debian/pynslcd.init in clean target
   * move python build dependency from Build-Depends-Indep to Build-Depends
     because dh_python2 is used for every dh invocation
 .
 nss-pam-ldapd (0.9.0-1) experimental; urgency=low
 .
   * new upstream release:
     - use network byte order in the the communications protocol between
       nslcd and NSS and PAM modules  to work on mixed endian multiarch
       systems (closes: #659488)
     - netgroup lookups now makes a distinction between empty netgroups and
       non-existing netgroups
     - request and handle password policy controls on LDAP authentication
     - implement support for nested groups which can be enabled with the
       nss_nested_groups option (thanks Steve Hill) (closes: #647502)
     - add a log option to configure log level and logging to plain files
       (closes: #699841)
     - add an nscd_invalidate option to invalidate the nscd cache after
       recovering from LDAP connection problems (to clear any negative cache
       entries)
     - allow trimming expressions with ${foo#bar} syntax in attribute mapping
       expressions (thanks Thorsten Glaser) (closes: #695044)
       (pynslcd supports trimming expressions with full shell glob matching)
     - support password modification in pynslcd
     - support children search scope for systems that have it
     - add a getent.ldap utility to perform nslcd queries bypassing the libc
       NSS stack
     - implement functionality for changing user information and provide a
       chsh.ldap utility to allow users to change their login shell
     - remove deprecated use_sasl, reconnect_tries, reconnect_maxsleeptime and
       tls_checkpeer options which have been replaced long ago
     - allow names with one character in default validnames option and allow
       parentheses (taken from Fedora packages)
     - fall back to updating the lastChange attribute with the normal LDAP
       connection
     - dump full nslcd configuration at debug level on start-up
     - export an _nss_ldap_version symbol in the NSS module to make finding
       version mismatches easier (the NSS module version is logged from nslcd)
     - documentation improvements
     - temporary disable the caching functionality of pynslcd
     - usability improvements in the pynslcd implementation
   * debian/copyright: copyright year updates
   * introduce a nslcd-2 (for the protocol version) virtual package that can
     be shared between nslcd, pynslcd and potentially nssov
   * introduce a nslcd-utils package that contains the getent.ldap and
     chsh.ldap utilities
   * libnss-ldapd.postrm: do not offer to remove entries from nsswitch.conf
     when switching between module implementation or architecture
   * feedback from the debian-l10n-english contributors on the debconf
     templates and package descriptions (closes: #707193) (thanks Christian
     PERRIER and Justin B Rye)
   * introduce a pynslcd package that provides an alternative, experimental
     implementation of nslcd in Python (this package shares configuration
     and packaging scripts with nslcd)
   * 02-fix-missing-self.patch: fix a bug in pynslcd
   * ensure that /var/run/nslcd is not removed and /etc/nslcd.conf is not
     purged as long as an nslcd implementation is still present
Checksums-Sha1:
 9434ae6df45f61e7fc1c36432bffb70f6d8e4533 1688 nss-pam-ldapd_0.9.4-1.dsc
 a112b7d0d73bf2f9e1792accaa0573feffdf22fb 746269 nss-pam-ldapd_0.9.4.orig.tar.gz
 f9ceaa1ea6ab79fe96482666e793d33b74afb474 129724 
nss-pam-ldapd_0.9.4-1.debian.tar.xz
 aee264d6c29e9030db6a21a433ff96a5e6c2b36e 199014 nslcd_0.9.4-1_i386.deb
 fa04efcc1a579079b95b9ee77aa38eb94af1e8d2 164838 pynslcd_0.9.4-1_all.deb
 ccc99d345ce559b8734e878eda89b56e302720f1 72756 libnss-ldapd_0.9.4-1_i386.deb
 34d6e7b4896c384be14e1658a6f3d9b748bbe7c5 59820 libpam-ldapd_0.9.4-1_i386.deb
 927d80d369fe934da7fd02142ff904d1ebd1fda2 56906 nslcd-utils_0.9.4-1_all.deb
Checksums-Sha256:
 a402d20278b9e15ef50d7bc3bfd5f1502e3140bcc50fe5e1bacade77d6c5708b 1688 
nss-pam-ldapd_0.9.4-1.dsc
 fd2e3e0935acfd3d2b13682962f51d28d5855472e690d787e36a476fa40c88e6 746269 
nss-pam-ldapd_0.9.4.orig.tar.gz
 4aeb472c0be479ea1a1fccab70ba7613bbe2fd3bae6f69c67f6b2892b50f8d99 129724 
nss-pam-ldapd_0.9.4-1.debian.tar.xz
 266e9b7bc10bd0c187b1593ba8afa85d16338988679b45e371679afbcb603440 199014 
nslcd_0.9.4-1_i386.deb
 cf7d4897a935fc770fe4b0881eff0fa20e7d80ee396416b4bba2a8a9adfa5f7d 164838 
pynslcd_0.9.4-1_all.deb
 49299c0669ca34d5b0273b646a7a23a999e53383485241eeb75c7d6dcb888873 72756 
libnss-ldapd_0.9.4-1_i386.deb
 672d9ef346db9aa200fc63785518e19cf9b3a6d6c78f995d77295dfe3fa93eaa 59820 
libpam-ldapd_0.9.4-1_i386.deb
 5057b7a988ff80bf9ed9858ec07a8ef9dae05a5bcec472db9ddd0155fefc35c8 56906 
nslcd-utils_0.9.4-1_all.deb
Files:
 2984aeb0517514320efbe5cf59a26675 199014 admin extra nslcd_0.9.4-1_i386.deb
 33155b6be96acc69056ace70b46485fc 164838 admin extra pynslcd_0.9.4-1_all.deb
 3891bf17e88c8548ff607bd881242466 72756 admin extra 
libnss-ldapd_0.9.4-1_i386.deb
 ae5f3451a167338bf73f6dc3be3a2856 59820 admin extra 
libpam-ldapd_0.9.4-1_i386.deb
 b85b60e7fc9bf6bc78b5d3ac5626eb3d 56906 admin extra nslcd-utils_0.9.4-1_all.deb
 5cb3329463b420895ed400d487594e1c 1688 admin extra nss-pam-ldapd_0.9.4-1.dsc
 0d74202700efdde3b6e551bfff49c132 746269 admin extra 
nss-pam-ldapd_0.9.4.orig.tar.gz
 c6cd9298cf6695ac2b157ddfec43f57b 129724 admin extra 
nss-pam-ldapd_0.9.4-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEARECAAYFAlOUWMIACgkQVYan35+NCKertwCZAWZmMzB2JmE5rskBI4FQEq78
V9IAoKQvfZjhDoLyOAtVdw8yt4caXXAl
=DGUr
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to