Your message dated Sun, 08 Jun 2014 13:04:13 +0000
with message-id <[email protected]>
and subject line Bug#659488: fixed in nss-pam-ldapd 0.9.4-1
has caused the Debian Bug report #659488,
regarding nss-pam-ldapd: problem with mixed endian multiarch
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
659488: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659488
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Subject: nss-pam-ldapd: problem with mixed endian multiarch
Source: nss-pam-ldapd
Version: 0.8.4
Severity: important
User: [email protected]
Usertags: multiarch
Tags: help
The communication protocol that is in use between the NSS and PAM
modules on one end and nslcd on the other end uses host byte order to
transfer integer values. This will cause issues when the NSS or PAM
module uses a different endianness than nslcd.
Ideally, the protocol should be updated to always use network byte
order. This is however a backwards incompatible change and may need
careful consideration during upgrades.
For example, running processes may have an older version of the NSS
module loaded and will no longer be able to find users unless nslcd
accepts both the old and new protocol.
Updating the protocol does also offer some room to make other
improvements (for example to the PAM part of the protocol).
Advice on how to handle this is more than welcome.
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: i386 (x86_64)
Kernel: Linux 3.2.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
--
-- arthur - [email protected] - http://people.debian.org/~adejong --
signature.asc
Description: This is a digitally signed message part
--- End Message ---
--- Begin Message ---
Source: nss-pam-ldapd
Source-Version: 0.9.4-1
We believe that the bug you reported is fixed in the latest version of
nss-pam-ldapd, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Arthur de Jong <[email protected]> (supplier of updated nss-pam-ldapd package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 08 Jun 2014 14:00:00 +0200
Source: nss-pam-ldapd
Binary: nslcd pynslcd libnss-ldapd libpam-ldapd nslcd-utils
Architecture: source i386 all
Version: 0.9.4-1
Distribution: unstable
Urgency: medium
Maintainer: Arthur de Jong <[email protected]>
Changed-By: Arthur de Jong <[email protected]>
Description:
libnss-ldapd - NSS module for using LDAP as a naming service
libpam-ldapd - PAM module for using LDAP as an authentication service
nslcd - daemon for NSS and PAM lookups using LDAP
nslcd-utils - utilities for querying LDAP via nslcd
pynslcd - daemon for NSS and PAM lookups via LDAP - Python version
Closes: 647502 659488 695044 699841 706913 707193 711867 711884 711889 712231
712311 712728 712847 712876 713047 713921 713987 714651 717063 726435 739330
Changes:
nss-pam-ldapd (0.9.4-1) unstable; urgency=medium
.
* upload to unstable
* new upstream release:
- also handle password policy information on BIND failure (this makes it
possible to distinguish between a wrong password and an expired
password)
- fix mapping the member attribute to an empty string
- any buffers that may have held passwords are cleared before the memory
is released
- increase buffer size for passwords to support extremely long passwords
(thanks ushi)
- increase buffer size for DN to support very long names or names with
non-ASCII characters
- log an error in almost all places where a defined buffer is not large
enough to hold the provided data instead of just (sometimes silently)
failing
- logging improvements (start-up problems, login failures)
* add signature checking option to watch file
* add a debian/upstream/metadata file
.
nss-pam-ldapd (0.9.3-1) experimental; urgency=low
.
* new upstream release:
- make the dn2uid cache lifetime configurable with the cache
configuration option
- have the nslcd process only exit after the service is completely
available to avoid race conditions in the init script
- the nslcd daemon now properly daemonises (double fork)
- support mapping the member attribute to an empty string to disable the
functionality to do extra lookups for member DN to member uid
translations
- implement deref control handling to request the LDAP server to
dereference group member attribute values to uid values
- support getting built-in groups from Active Directory (thanks Davy
Defaud)
- fix for pwdLastSet attribute value handling (thanks Joshua Shire)
- fix a possible crash in the NSS module when retrieving large networks
entries (thanks Lukas Slebodnik)
- correct NSS h_errnop return value to indicate buffer too small (thanks
Nalin Dahyabhai)
- fix a bug with shadow values on 64-bit architectures (closes: #739330)
* debian/copyright: copyright year updates
* add build dependencies for used Python modules because the new upstream
version checks them with configure script
.
nss-pam-ldapd (0.9.2-1) experimental; urgency=low
.
* new upstream release:
- increase password value buffer size (by Bersl)
- avoid more broken pipe errors by using a low timeout when aborting
reading requested information from nslcd (thanks John Sullivan)
- only log broken pipe errors in debugging mode
- fix buffer overflow on interrupted read that is hard to trigger (thanks
John Sullivan)
- use clock_gettime() with CLOCK_MONOTONIC for timeout calculations to
avoid clock adjustments errors (thanks John Sullivan)
- extend test suite to test for CLOCK_MONOTONIC and timed IO timeout
calculations
- increase the maximum number of base statements per map to 31
- use larger nslcd send buffers to reduce the number of write operations
in nslcd and consequently the number of reads in the NSS and PAM modules
(thanks John Sullivan)
- also run invalidators after first successful search
- various clean-ups, portability improvements and fixes for compiler
warnings
- import configure checks of Python modules
- provide a script for setting up slapd in a test environment,
automatically loaded with the required test data
- add script for evaluating test environment availability
- portability improvements in the test scripts and test environment
* avoid prompting to restart services on initial install
* upgrade to standards-version 3.9.5 (no changes needed)
* add DEP-8 autopkgtest end-to-end tests of installed packages running an
LDAP server and performing NSS and PAM operations
.
nss-pam-ldapd (0.9.1-2) experimental; urgency=low
.
* mark pynslcd as multi-arch foreign to allow it to satisfy dependencies
on any arch
* add init script dependency on $network to ensure that network is up
before starting nslcd (closes: #726435)
* clean generated manual pages to allow the package to be built twice in
a row
* when upgrading from a pre-0.9 version, have the nslcd preinst check if
a screensaver is running that could end up locking users out of their
system (heavily based on the eglibc and pam packaging)
* when upgrading from a pre-0.9 version, have the nslcd postinst check
if any services need to be restarted to load the new modules (heavily
based on the eglibc and pam packaging)
* debconf translation updates:
- Dutch by Arthur de Jong
.
nss-pam-ldapd (0.9.1-1) experimental; urgency=low
.
* new upstream release:
- rename the nscd_invalidate option to reconnect_invalidate and allow
flushing the nfsidmap cache with the new option (perhaps a fix for
#500778)
- implement an -n switch to not daemonise (by Caleb Callaway)
- nslcd will now return partial shadow information to non-root users to
avoid authorisation problems with setgid shadow authentication helpers
with some PAM stacks (closes: #706913)
- nslcd will now retry failing LDAP connections after receiving SIGUSR1
- the code for the nslcd utilities (getent.ldap and chsh.ldap) is now
installed in /usr/share/nslcd-utils
- improve error and help output of the getent.ldap command
- documentation updates
- fix for a potential, small memory leak in PAM module regarding temporary
saving of old password
- a large number of bug fixes and improvements in pynslcd
- hide passwords from the pynslcd debug output
- support start_tls, pam_password_prohibit_message, nss_min_uid and
nss_initgroups_ignoreusers in pynslcd
- fix rootpwmodpw handling in pynslcd
- complete a basic PAM implementation in pynslcd (some things such as
shadow attribute checking remain to be implemented)
* drop 02-fix-missing-self.patch which is part of 0.9.1
* install the same documentation in pynslcd as with nslcd
* debian/nslcd.config: properly handle preseeding and reading values
from the configuration file by forcefully overwriting debconf values
from nslcd.conf and not overwriting debconf values when reading other
configuration files (closes: #717063)
* fix the tests by adding python-daemon and python-ldap to Build-Depends
and fixing the permissions of the test configuration file
* install an if-up scripts for nslcd that sends SIGUSR1 to the daemon to
re-check LDAP server availability
.
nss-pam-ldapd (0.9.0-2) experimental; urgency=low
.
* debconf translation updates:
- Japanese by Kenshi Muto (closes: #711867)
- Russian by Yuri Kozlov (closes: #711884)
- Slovak by Slavko (closes: #711889)
- Portuguese by Américo Monteiro (closes: #712231)
- Danish by Joe Hansen (closes: #712311)
- German by Chris Leick (closes: #712728)
- French by Christian Perrier (closes: #712847)
- Turkish by Atila KOÇ (closes: #712876)
- Czech by Miroslav Kure (closes: #713047)
- Italian by Beatrice Torracca (closes: #713987)
- Dutch by Arthur de Jong
- Swedish by Martin Bagge (closes: #714651)
* new debconf translations:
- Polish by Michał Kułach (closes: #713921)
* remove debian/pynslcd.init in clean target
* move python build dependency from Build-Depends-Indep to Build-Depends
because dh_python2 is used for every dh invocation
.
nss-pam-ldapd (0.9.0-1) experimental; urgency=low
.
* new upstream release:
- use network byte order in the the communications protocol between
nslcd and NSS and PAM modules to work on mixed endian multiarch
systems (closes: #659488)
- netgroup lookups now makes a distinction between empty netgroups and
non-existing netgroups
- request and handle password policy controls on LDAP authentication
- implement support for nested groups which can be enabled with the
nss_nested_groups option (thanks Steve Hill) (closes: #647502)
- add a log option to configure log level and logging to plain files
(closes: #699841)
- add an nscd_invalidate option to invalidate the nscd cache after
recovering from LDAP connection problems (to clear any negative cache
entries)
- allow trimming expressions with ${foo#bar} syntax in attribute mapping
expressions (thanks Thorsten Glaser) (closes: #695044)
(pynslcd supports trimming expressions with full shell glob matching)
- support password modification in pynslcd
- support children search scope for systems that have it
- add a getent.ldap utility to perform nslcd queries bypassing the libc
NSS stack
- implement functionality for changing user information and provide a
chsh.ldap utility to allow users to change their login shell
- remove deprecated use_sasl, reconnect_tries, reconnect_maxsleeptime and
tls_checkpeer options which have been replaced long ago
- allow names with one character in default validnames option and allow
parentheses (taken from Fedora packages)
- fall back to updating the lastChange attribute with the normal LDAP
connection
- dump full nslcd configuration at debug level on start-up
- export an _nss_ldap_version symbol in the NSS module to make finding
version mismatches easier (the NSS module version is logged from nslcd)
- documentation improvements
- temporary disable the caching functionality of pynslcd
- usability improvements in the pynslcd implementation
* debian/copyright: copyright year updates
* introduce a nslcd-2 (for the protocol version) virtual package that can
be shared between nslcd, pynslcd and potentially nssov
* introduce a nslcd-utils package that contains the getent.ldap and
chsh.ldap utilities
* libnss-ldapd.postrm: do not offer to remove entries from nsswitch.conf
when switching between module implementation or architecture
* feedback from the debian-l10n-english contributors on the debconf
templates and package descriptions (closes: #707193) (thanks Christian
PERRIER and Justin B Rye)
* introduce a pynslcd package that provides an alternative, experimental
implementation of nslcd in Python (this package shares configuration
and packaging scripts with nslcd)
* 02-fix-missing-self.patch: fix a bug in pynslcd
* ensure that /var/run/nslcd is not removed and /etc/nslcd.conf is not
purged as long as an nslcd implementation is still present
Checksums-Sha1:
9434ae6df45f61e7fc1c36432bffb70f6d8e4533 1688 nss-pam-ldapd_0.9.4-1.dsc
a112b7d0d73bf2f9e1792accaa0573feffdf22fb 746269 nss-pam-ldapd_0.9.4.orig.tar.gz
f9ceaa1ea6ab79fe96482666e793d33b74afb474 129724
nss-pam-ldapd_0.9.4-1.debian.tar.xz
aee264d6c29e9030db6a21a433ff96a5e6c2b36e 199014 nslcd_0.9.4-1_i386.deb
fa04efcc1a579079b95b9ee77aa38eb94af1e8d2 164838 pynslcd_0.9.4-1_all.deb
ccc99d345ce559b8734e878eda89b56e302720f1 72756 libnss-ldapd_0.9.4-1_i386.deb
34d6e7b4896c384be14e1658a6f3d9b748bbe7c5 59820 libpam-ldapd_0.9.4-1_i386.deb
927d80d369fe934da7fd02142ff904d1ebd1fda2 56906 nslcd-utils_0.9.4-1_all.deb
Checksums-Sha256:
a402d20278b9e15ef50d7bc3bfd5f1502e3140bcc50fe5e1bacade77d6c5708b 1688
nss-pam-ldapd_0.9.4-1.dsc
fd2e3e0935acfd3d2b13682962f51d28d5855472e690d787e36a476fa40c88e6 746269
nss-pam-ldapd_0.9.4.orig.tar.gz
4aeb472c0be479ea1a1fccab70ba7613bbe2fd3bae6f69c67f6b2892b50f8d99 129724
nss-pam-ldapd_0.9.4-1.debian.tar.xz
266e9b7bc10bd0c187b1593ba8afa85d16338988679b45e371679afbcb603440 199014
nslcd_0.9.4-1_i386.deb
cf7d4897a935fc770fe4b0881eff0fa20e7d80ee396416b4bba2a8a9adfa5f7d 164838
pynslcd_0.9.4-1_all.deb
49299c0669ca34d5b0273b646a7a23a999e53383485241eeb75c7d6dcb888873 72756
libnss-ldapd_0.9.4-1_i386.deb
672d9ef346db9aa200fc63785518e19cf9b3a6d6c78f995d77295dfe3fa93eaa 59820
libpam-ldapd_0.9.4-1_i386.deb
5057b7a988ff80bf9ed9858ec07a8ef9dae05a5bcec472db9ddd0155fefc35c8 56906
nslcd-utils_0.9.4-1_all.deb
Files:
2984aeb0517514320efbe5cf59a26675 199014 admin extra nslcd_0.9.4-1_i386.deb
33155b6be96acc69056ace70b46485fc 164838 admin extra pynslcd_0.9.4-1_all.deb
3891bf17e88c8548ff607bd881242466 72756 admin extra
libnss-ldapd_0.9.4-1_i386.deb
ae5f3451a167338bf73f6dc3be3a2856 59820 admin extra
libpam-ldapd_0.9.4-1_i386.deb
b85b60e7fc9bf6bc78b5d3ac5626eb3d 56906 admin extra nslcd-utils_0.9.4-1_all.deb
5cb3329463b420895ed400d487594e1c 1688 admin extra nss-pam-ldapd_0.9.4-1.dsc
0d74202700efdde3b6e551bfff49c132 746269 admin extra
nss-pam-ldapd_0.9.4.orig.tar.gz
c6cd9298cf6695ac2b157ddfec43f57b 129724 admin extra
nss-pam-ldapd_0.9.4-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEARECAAYFAlOUWMIACgkQVYan35+NCKertwCZAWZmMzB2JmE5rskBI4FQEq78
V9IAoKQvfZjhDoLyOAtVdw8yt4caXXAl
=DGUr
-----END PGP SIGNATURE-----
--- End Message ---