Bug#845443: jessie-pu: package nss-pam-ldapd/0.9.4-3+deb8u2
On Wed, 2016-11-23 at 14:19 +0100, Salvatore Bonaccorso wrote: > nss-pam-ldapd's nslcd under the conditions as described in #814881 > might fail to restart. nslcd restart which is stop+start with > systemd, is racy, and might lead to nslcd not running after a > restart. Ferenc has posted his analysis in > https://bugs.debian.org/814881#39 > confirming that the debdiff fixes the issue. Thanks for picking this up and sorry for not working on this. At the very least I can confirm that the debdiff has the correct change to fix #814881 and I support getting this fixed in jessie. Thanks and sorry, -- -- arthur - adej...@debian.org - https://people.debian.org/~adejong -- signature.asc Description: This is a digitally signed message part
Bug#785053: jessie-pu: package nss-pam-ldapd/0.9.4-3+deb8u1
On Fri, 2016-01-01 at 17:16 +, Adam D. Barratt wrote:
> Apologies for the repeated delay. :-| Please go ahead.
Just when I wanted to wrap this up, another important bug popped up
with a trivial fix :)
The bug is #811476 which has a trivial fix that has been in testing for
a long time and affects people who put IPv6 addresses in LDAP. A patch
that can be dropped in debian/patches is attached.
To not delay this process much longer I'll upload 0.9.4-3+deb8u1 with
the fixes for #759544, #794686 and #794068 which were previously
approved in about a week.
Thanks,
--
-- arthur - adej...@debian.org - http://people.debian.org/~adejong --
Description: Fix uninitialised variable
This fixes a bug in the NSS library when encountering IPv6 addresses in
the hosts map.
Author: Mark R Bannister
Origin: upstream, http://arthurdejong.org/git/nss-pam-ldapd/commit/?id=ed8b312f0968ce4fd9059b0ebb52d993cf3cdf36
Bug-Debian: https://bugs.debian.org/811476
---
nss/hosts.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/nss/hosts.c
+++ b/nss/hosts.c
@@ -99,7 +99,7 @@ static nss_status_t read_one_hostent(TFI
}
else
{
- SKIP(fp, tmpint32);
+ SKIP(fp, tmp2int32);
}
}
/* null-terminate address list */
signature.asc
Description: This is a digitally signed message part
Re: Bug#785053: jessie-pu: package nss-pam-ldapd/0.9.4-3+deb8u1
On Sat, 2015-08-29 at 15:26 +0200, Julien Cristau wrote: > Sorry for the delay in getting back to you. > > Please feel free to upload 0.9.4-3+deb8u1. Thanks. In the meantime, two more bugs arose in nss-pam-ldapd that I would like to fix in jessie. The first (#794686) is an RC bug with a one-line fix. The problem was that the exit code of the init script was wrong in some cases. I would also like to get #794068 fixed. This fixes password policy expiration. Instead of forcing the user to change their password, a warning message should be presented to the user instead. I have just uploaded the fix to unstable. Attached is a debdiff with the changes. Thanks, -- -- arthur - adej...@debian.org - http://people.debian.org/~adejong -- diff -Nru nss-pam-ldapd-0.9.4/debian/changelog nss-pam-ldapd-0.9.4/debian/changelog --- nss-pam-ldapd-0.9.4/debian/changelog 2014-09-28 15:08:58.0 +0200 +++ nss-pam-ldapd-0.9.4/debian/changelog 2015-08-30 13:58:54.0 +0200 @@ -1,3 +1,14 @@ +nss-pam-ldapd (0.9.4-3+deb8u1) stable; urgency=low + + * fix-issues-withdaemonising.patch, avoid-signal-race.patch: patches to +fix issues with daemonising nslcd and avoid a race condition in signal +handling during start-up (closes: #759544) + * ensure proper return code of init script (closes: #794686) + * fix-ppolicy-expiration-warnings.patch: fix password policy expiration +warnings (closes: #794068) + + -- Arthur de Jong Sun, 30 Aug 2015 13:00:00 +0200 + nss-pam-ldapd (0.9.4-3) unstable; urgency=low * use-ip-range-for-tests.patch: use a different IP range for running the diff -Nru nss-pam-ldapd-0.9.4/debian/nslcd.init nss-pam-ldapd-0.9.4/debian/nslcd.init --- nss-pam-ldapd-0.9.4/debian/nslcd.init 2014-06-08 00:33:57.0 +0200 +++ nss-pam-ldapd-0.9.4/debian/nslcd.init 2015-08-30 13:53:17.0 +0200 @@ -174,5 +174,3 @@ exit 1 ;; esac - -exit 0 diff -Nru nss-pam-ldapd-0.9.4/debian/patches/avoid-signal-race.patch nss-pam-ldapd-0.9.4/debian/patches/avoid-signal-race.patch --- nss-pam-ldapd-0.9.4/debian/patches/avoid-signal-race.patch 1970-01-01 01:00:00.0 +0100 +++ nss-pam-ldapd-0.9.4/debian/patches/avoid-signal-race.patch 2015-08-30 11:19:41.0 +0200 @@ -0,0 +1,71 @@ +From: Arthur de Jong +Subject: Avoid signal race condition on start-up + +This only restores the signal mask after signal handlers are in place +and the daemon has completely daemonised to avoid a race condition in +the start-up phase of nslcd where a signal could be sent to nslcd +causing it to quit or fail to write information to the parent process. + +This also block signals sooner in an attempt to avoid race conditions. + +Origin: upstream, http://arthurdejong.org/git/nss-pam-ldapd/commit/?id=1d3b19b1ecd3b10f36e8925e8a752a28e3e74b56 +Origin: upstream, http://arthurdejong.org/git/nss-pam-ldapd/commit/?id=530cc24c83dd5d2d347acb40d64c3ae06a43a293 +Bug-Debian: http://bugs.debian.org/759544 + +--- a/nslcd/nslcd.c b/nslcd/nslcd.c +@@ -648,6 +648,17 @@ int main(int argc, char *argv[]) + #ifdef HAVE_PTHREAD_TIMEDJOIN_NP + struct timespec ts; + #endif /* HAVE_PTHREAD_TIMEDJOIN_NP */ ++ /* block all these signals so our worker threads won't handle them */ ++ sigemptyset(&signalmask); ++ sigaddset(&signalmask, SIGHUP); ++ sigaddset(&signalmask, SIGINT); ++ sigaddset(&signalmask, SIGQUIT); ++ sigaddset(&signalmask, SIGABRT); ++ sigaddset(&signalmask, SIGPIPE); ++ sigaddset(&signalmask, SIGTERM); ++ sigaddset(&signalmask, SIGUSR1); ++ sigaddset(&signalmask, SIGUSR2); ++ pthread_sigmask(SIG_BLOCK, &signalmask, &oldmask); + /* close all file descriptors (except stdin/out/err) */ + daemonize_closefds(); + /* parse the command line */ +@@ -785,17 +796,6 @@ int main(int argc, char *argv[]) + } + log_log(LOG_DEBUG, "setuid(%d) done", (int)nslcd_cfg->uid); + } +- /* block all these signals so our worker threads won't handle them */ +- sigemptyset(&signalmask); +- sigaddset(&signalmask, SIGHUP); +- sigaddset(&signalmask, SIGINT); +- sigaddset(&signalmask, SIGQUIT); +- sigaddset(&signalmask, SIGABRT); +- sigaddset(&signalmask, SIGPIPE); +- sigaddset(&signalmask, SIGTERM); +- sigaddset(&signalmask, SIGUSR1); +- sigaddset(&signalmask, SIGUSR2); +- pthread_sigmask(SIG_BLOCK, &signalmask, &oldmask); + /* start worker threads */ + log_log(LOG_INFO, "accepting connections"); + nslcd_threads = (pthread_t *)malloc(nslcd_cfg->threads * sizeof(pthread_t)); +@@ -815,8 +815,7 @@ int main(int argc, char *argv[]) + exit(EXIT_FAILURE); + } + } +- pthread_sigmask(SIG_SETMASK, &oldmask, NULL); +- /* install signalhandlers for some signals */ ++ /* install signal handlers for some signals */ + install_sighandler(SIGHUP, sig_handler); + install_sighandler(SIGINT, sig_handler); + install_sighandler(SIGQUIT, sig_handler); +@@ -827,6 +
Re: Bug#785053: jessie-pu: package nss-pam-ldapd/0.9.4-3
On Thu, 2015-06-04 at 21:04 +0200, Arthur de Jong wrote: > On Mon, 2015-05-11 at 23:12 +0200, Arthur de Jong wrote: > > I would like to fix #759544 in jessie. > > Just to clarify, #759544 seems to affect people who use systemd and > network-manager together with nslcd. The bug is a race condition in > nslcd that results in a failed start-up of nslcd which means LDAP > users are not able to log in. Hi, Apparently my mails to this bug never ended up on the debian-release list so I'd like to re-raise this issue. See the BTS for more details and debdiffs. Please let me know what you think. -- -- arthur - adej...@debian.org - http://people.debian.org/~adejong -- signature.asc Description: This is a digitally signed message part
Bug#691640: unblock: nss-pam-ldapd/0.8.10-4
Control: tag -1 - moreinfo Control: retitle -1 unblock: nss-pam-ldapd/0.8.10-4 On Sat, 2012-12-08 at 15:17 +0100, Julien Cristau wrote: > On Sat, Oct 27, 2012 at 23:05:06 +0200, Arthur de Jong wrote: > > +@@ -97,39 +85,27 @@ static inline void tio_tv_prepare(struct > > + deadline->tv_usec=0; > > + return; > > + } > > +- tio_tv_add(deadline,timeout); > > ++ deadline->tv_sec+=timeout/1000; > > ++ deadline->tv_sec+=(timeout%1000)*1000; > > Looks to me like the second line should set tv_usec, not tv_sec Thanks for the detailed review and catching this. This didn't show up in the tests because there is sanity checking code in place that prevents huge timeout values that could be caused by clock jumps so luckily it shouldn't be a severe problem in practice. It will be fixed in the next upstream release and I've uploaded 0.8.10-4 to unstable that contains this fix. Thanks for your hard work, -- -- arthur - adej...@debian.org - http://people.debian.org/~adejong -- signature.asc Description: This is a digitally signed message part
Bug#691640: unblock: nss-pam-ldapd/0.8.10-3
On Sat, 2012-10-27 at 23:05 +0200, Arthur de Jong wrote: > I've uploaded nss-pam-ldapd 0.8.10-3 to unstable that includes the > following fixes (from debian/changelog): > > * fix a problem in sed logic for commenting out disabled options > (closes: #689296) > * support "EXTERNAL" SASL mechanism in debconf configuration (LP: #1063923) > (the debconf template update has been postponed to avoid having to > update all translations for a relatively minor change) > * 01-use-poll-instead-of-select.patch: use poll() instead of select() > for checking file descriptor activity to also correctly work if more > than FD_SETSIZE files are already open (closes: #690319) > > The first two should be really simple changes. The last one backports a > change from the upstream 0.8.11 release. I've uploaded a newer version to experimental that also includes a fix for the init.d dependencies release goal. The relevant changes are: * update X-Start-Before in the init script so that nslcd is started before various IMAP servers (closes: #692633) * update X-Start-Before in the init script so that nslcd is started before a display manager * update Should-Start in the init script so that nslcd is started after a Kerberos KDC is available The diff is really simple but can fix a number of important issues that users may run into: diff -Nru nss-pam-ldapd-0.8.10/debian/nslcd.init nss-pam-ldapd-0.8.11/debian/nslcd.init --- nss-pam-ldapd-0.8.10/debian/nslcd.init 2012-10-13 20:38:25.0 +0200 +++ nss-pam-ldapd-0.8.11/debian/nslcd.init 2012-11-16 15:52:25.0 +0100 @@ -23,8 +23,8 @@ # Provides: nslcd # Required-Start:$remote_fs $syslog $time # Required-Stop: $remote_fs $syslog -# Should-Start: $named slapd -# X-Start-Before:$mail-transport-agent mail-transport-agent exim4 sendmail nullmailer masqmail citadel cron +# Should-Start: $named slapd krb5-kdc heimdal-kdc heimdal-kcm shishi-kdc +# X-Start-Before:$mail-transport-agent $x-display-manager am-utils apache2 atd autofs citadel courier-ldap # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: LDAP connection daemon The Should-Start change ensures that users using Kerberos to authenticate to the LDAP server can do so, the X-Start-Before change ensures that all normal user accounts should be accessible when the respective services are started. Should I upload a new version to unstable (0.8.11-4) with the above changes? If there is anything I can do to make it easier to review, please let me know. Thanks. -- -- arthur - adej...@debian.org - http://people.debian.org/~adejong -- signature.asc Description: This is a digitally signed message part
Re: [Python-apps-team] Getting Trac 0.12.4 into wheezy?
On Mon, 2012-10-29 at 23:04 +0100, W. Martin Borgert wrote: > could you please test 0.12.4-1 from experimental for any > regressions? Esp. in combination with the trac plugins we have > in wheezy. Thanks! Sorry to not get back to you sooner. I've had a quick test with the plugins that I'm using (non-packaged AccountManager and SpamFilter) and everything seems to work fine for me. I don't think trac-spamfilter works though with this version (but also doesn't work with 0.12.3-1, see #691696). I think #691696 should be RC and trac-spamfilter should probably be removed from wheezy. -- -- arthur - adej...@debian.org - http://people.debian.org/~adejong -- signature.asc Description: This is a digitally signed message part
Bug#691640: unblock: nss-pam-ldapd/0.8.10-3
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package nss-pam-ldapd Dear release team, I've uploaded nss-pam-ldapd 0.8.10-3 to unstable that includes the following fixes (from debian/changelog): * fix a problem in sed logic for commenting out disabled options (closes: #689296) * support "EXTERNAL" SASL mechanism in debconf configuration (LP: #1063923) (the debconf template update has been postponed to avoid having to update all translations for a relatively minor change) * 01-use-poll-instead-of-select.patch: use poll() instead of select() for checking file descriptor activity to also correctly work if more than FD_SETSIZE files are already open (closes: #690319) The first two should be really simple changes. The last one backports a change from the upstream 0.8.11 release. Attached is a debdiff between 0.8.10-1 currently in testing and 0.8.10-2. Thanks. unblock nss-pam-ldapd/0.8.10-3 -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: i386 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- -- arthur - adej...@debian.org - http://people.debian.org/~adejong -- diff -Nru nss-pam-ldapd-0.8.10/debian/changelog nss-pam-ldapd-0.8.10/debian/changelog --- nss-pam-ldapd-0.8.10/debian/changelog 2012-08-31 23:43:09.0 +0200 +++ nss-pam-ldapd-0.8.10/debian/changelog 2012-10-14 23:00:01.0 +0200 @@ -1,3 +1,16 @@ +nss-pam-ldapd (0.8.10-3) unstable; urgency=low + + * fix a problem in sed logic for commenting out disabled options +(closes: #689296) + * support "EXTERNAL" SASL mechanism in debconf configuration (LP: #1063923) +(the debconf template has been postponed to avoid having to update all +translations for a relatively minor change) + * 01-use-poll-instead-of-select.patch: use poll() instead of select() +for checking file descriptor activity to also correctly work if more +than FD_SETSIZE files are already open (closes: #690319) + + -- Arthur de Jong Sun, 14 Oct 2012 23:00:00 +0200 + nss-pam-ldapd (0.8.10-2) unstable; urgency=low * fix typo in comment (thanks Caleb Callaway) diff -Nru nss-pam-ldapd-0.8.10/debian/nslcd.postinst nss-pam-ldapd-0.8.10/debian/nslcd.postinst --- nss-pam-ldapd-0.8.10/debian/nslcd.postinst 2012-08-31 23:27:07.0 +0200 +++ nss-pam-ldapd-0.8.10/debian/nslcd.postinst 2012-10-01 21:28:17.0 +0200 @@ -49,7 +49,7 @@ # lines to not match nomatch_re="^$param_re[[:space:]][[:space:]]*\(aliases\|ethers\|group\|hosts\|netgroup\|networks\|passwd\|protocols\|rpc\|services\|shadow\)" # comment out the option -sed -i '/'"$nomatch_re"'/n;s/^'"$param_re"'[[:space:]].*$/#&/i' "$CONFFILE" +sed -i '/'"$nomatch_re"'/!s/^'"$param_re"'[[:space:]].*$/#&/i' "$CONFFILE" # we're done done return 0 diff -Nru nss-pam-ldapd-0.8.10/debian/nslcd.templates nss-pam-ldapd-0.8.10/debian/nslcd.templates --- nss-pam-ldapd-0.8.10/debian/nslcd.templates 2012-04-27 00:02:58.0 +0200 +++ nss-pam-ldapd-0.8.10/debian/nslcd.templates 2012-10-08 22:43:56.0 +0200 @@ -42,7 +42,7 @@ Template: nslcd/ldap-sasl-mech Type: select -Choices: auto, LOGIN, PLAIN, NTLM, CRAM-MD5, DIGEST-MD5, GSSAPI, OTP +Choices: auto, LOGIN, PLAIN, NTLM, CRAM-MD5, DIGEST-MD5, GSSAPI, OTP, EXTERNAL _Description: SASL mechanism to use: Choose the SASL mechanism that will be used to authenticate to the LDAP database: diff -Nru nss-pam-ldapd-0.8.10/debian/patches/01-use-poll-instead-of-select.patch nss-pam-ldapd-0.8.10/debian/patches/01-use-poll-instead-of-select.patch --- nss-pam-ldapd-0.8.10/debian/patches/01-use-poll-instead-of-select.patch 1970-01-01 01:00:00.0 +0100 +++ nss-pam-ldapd-0.8.10/debian/patches/01-use-poll-instead-of-select.patch 2012-10-14 23:01:08.0 +0200 @@ -0,0 +1,440 @@ +Description: use poll() instead of select() to check file descriptor activity + This patch replaces the calls in the NSS module to use poll() instead of + select() to also correctly do name lookups if more than FD_SETSIZE files + are already open. + . + These changes are part of the 0.8.11 release. +Author: Arthur de Jong +Origin: upstream, http://arthurdejong.org/viewvc/nss-pam-ldapd?revision=1783&view=revision +Bug-Debian: http://bugs.debian.org/690319 + +--- a/common/tio.h b/common/tio.h +@@ -46,9 +46,8 @@ + typedef struct tio_fileinfo TFILE; + + /* Open a new TFILE based on the file descriptor. The timeout is set for any +- operation. The timeout value is copied so may be dereferenced after the
Getting Trac 0.12.4 into wheezy?
Hi release team! We recently discussed the status of Trac for wheezy [0] and would like to try to get Trac 0.12.4 into wheezy (it currently has 0.12.3-1). Trac 0.12.4 is a LTS release and should only get fixes for serious issues and receives security support. It is probably easier to support 0.12.4 than 0.12.3 in terms of backporting changes and it would be useful to have fixes for some of the issues that were addressed in 0.12.4. The bugs that were fixes in 0.12.4 are in [1]. I've had a quick look and most seem to address important issues. The bug logs contain links to the specific changes which of which most seem to be minimal. Most changes are also backports from the development or 1.0 version so are likely well tested already. The diffstat totals between 0.12.3 and 0.12.4 are: 58 files changed, 441 insertions(+), 178 deletions(-) (excluding documentation, translations and tests) which would be OK to review if required. What is the release team's opinion on this? Thanks, [0] http://lists.alioth.debian.org/pipermail/python-apps-team/2012-September/006772.html [1] http://trac.edgewall.org/query?group=status&milestone=0.12.4 -- -- arthur - adej...@debian.org - http://people.debian.org/~adejong -- signature.asc Description: This is a digitally signed message part
Bug#682583: pu: package nss-pam-ldapd/0.7.15+squeeze2
On Fri, 2012-09-21 at 09:00 +0200, Philipp Kern wrote: > Basically ACK, but… > > > - char shell[100]; > > + char shell[64]; > > …unless there's a strong reason to make shell smaller, please don't do it in a > stable upload. (Sorry for not having spotted this earlier.) No problem. It was a consistency change but I've switched the size back to 100. > Otherwise the diff looks fine. The latest we'd accept it from p-u-NEW would be > Sunday, so it should hit the archive by Saturday. :-) I've just uploaded nss-pam-ldapd_0.7.15+squeeze2 so that should be on time. Thanks, -- -- arthur - adej...@debian.org - http://people.debian.org/~adejong -- signature.asc Description: This is a digitally signed message part
Bug#682583: pu: package nss-pam-ldapd/0.7.15+squeeze2
;$as_me:${as_lineno-$LINENO}: checking size of unsigned long long int" >&5
+$as_echo_n "checking size of unsigned long long int... " >&6; }
+if test "${ac_cv_sizeof_unsigned_long_long_int+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (unsigned long long int))" "ac_cv_sizeof_unsigned_long_long_int""$ac_includes_default"; then :
+
+else
+ if test "$ac_cv_type_unsigned_long_long_int" = yes; then
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error 77 "cannot compute sizeof (unsigned long long int)
+See \`config.log' for more details" "$LINENO" 5 ; }
+ else
+ ac_cv_sizeof_unsigned_long_long_int=0
+ fi
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_unsigned_long_long_int" >&5
+$as_echo "$ac_cv_sizeof_unsigned_long_long_int" >&6; }
+
+
+
+cat >>confdefs.h <<_ACEOF
+#define SIZEOF_UNSIGNED_LONG_LONG_INT $ac_cv_sizeof_unsigned_long_long_int
+_ACEOF
+
+
+# The cast to long int works around a bug in the HP C Compiler
+# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
+# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
+# This bug is HP SR number 8606223364.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of uid_t" >&5
+$as_echo_n "checking size of uid_t... " >&6; }
+if test "${ac_cv_sizeof_uid_t+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (uid_t))" "ac_cv_sizeof_uid_t""$ac_includes_default"; then :
+
+else
+ if test "$ac_cv_type_uid_t" = yes; then
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error 77 "cannot compute sizeof (uid_t)
+See \`config.log' for more details" "$LINENO" 5 ; }
+ else
+ ac_cv_sizeof_uid_t=0
+ fi
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_uid_t" >&5
+$as_echo "$ac_cv_sizeof_uid_t" >&6; }
+
+
+
+cat >>confdefs.h <<_ACEOF
+#define SIZEOF_UID_T $ac_cv_sizeof_uid_t
+_ACEOF
+
+
+# The cast to long int works around a bug in the HP C Compiler
+# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
+# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
+# This bug is HP SR number 8606223364.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of gid_t" >&5
+$as_echo_n "checking size of gid_t... " >&6; }
+if test "${ac_cv_sizeof_gid_t+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (gid_t))" "ac_cv_sizeof_gid_t""$ac_includes_default"; then :
+
+else
+ if test "$ac_cv_type_gid_t" = yes; then
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error 77 "cannot compute sizeof (gid_t)
+See \`config.log' for more details" "$LINENO" 5 ; }
+ else
+ ac_cv_sizeof_gid_t=0
+ fi
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_gid_t" >&5
+$as_echo "$ac_cv_sizeof_gid_t" >&6; }
+
+
+
+cat >>confdefs.h <<_ACEOF
+#define SIZEOF_GID_T $ac_cv_sizeof_gid_t
+_ACEOF
+
+
# check for support for the __thread keyword
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC supports '__thread'" >&5
diff -Nru nss-pam-ldapd-0.7.15+squeeze1/configure.ac nss-pam-ldapd-0.7.15+squeeze2/configure.ac
--- nss-pam-ldapd-0.7.15+squeeze1/configure.ac 2012-01-15 09:27:35.0 +0100
+++ nss-pam-ldapd-0.7.15+squeeze2/configure.ac 2012-09-20 20:36:13.0 +0200
@@ -222,7 +222,7 @@
AC_CHECK_FUNCS([sigaction snprintf])
AC_CHECK_FUNCS(gethostbyname)
AC_SEARCH_LIBS(socket,socket)
-AC_CHECK_FUNCS([strcasecmp strncasecmp strchr strcspn strspn strtol])
+AC_CHECK_FUNCS([strcasecmp strncasecmp strchr strcspn strspn strtol strtoul strtoull])
AC_CHECK_FUNCS([malloc realloc])
AC_FUNC_FORK
@@ -235,6 +235,11 @@
AC_TYPE_UINT8_T
AC_TYPE_UINT16_T
AC_TYPE_UINT32_T
+AC_CHECK_SIZEOF(unsigned int)
+AC_CHECK_SIZEOF(unsigned long int)
+AC_CHECK_SIZEOF(unsigned long long int)
+AC_CHECK_SIZEOF(uid_t)
+AC_CHECK_SIZEOF(gid_t)
# check for support for the __thread keyword
AC_CACHE_CHECK([whether $CC supports &#
Bug#687980: unblock: nss-pam-ldapd/0.8.10-2
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package nss-pam-ldapd.
Dear release team,
I've made an upload of nss-pam-ldapd 0.8.10-2 that includes the
following changes (from debian/changelog):
* fix typo in comment (thanks Caleb Callaway)
* install a ldapns.ldif in nslcd doc directory (closes: #674591)
* ensure that time is set before starting k5start to ensure that Kerberos
ticket is granted (closes: #659227)
* properly parse and write configuration options with an optional map
parameter during debconf configuration (LP: #1029062)
The first two points should be simple and minor changes. The third is
also a simple change that shouldn't affect the boot order too much.
The last one is the trickiest one but also the most important one. The
changes are in nslcd.config and nslcd.postinst and the changes ensure
that the base statement isn't changed when using a map-specific option.
So this isn't matched and changed any more:
base passwd ou=people,dc=example,dc=com
but this is:
base dc=example,dc=com
I've tested it pretty thoroughly and it should work correctly.
Attached is a debdiff between 0.8.10-1 currently in testing and
0.8.10-2.
Thanks.
unblock nss-pam-ldapd/0.8.10-2
--
-- arthur - adej...@debian.org - http://people.debian.org/~adejong --
diff -Nru nss-pam-ldapd-0.8.10/debian/changelog nss-pam-ldapd-0.8.10/debian/changelog
--- nss-pam-ldapd-0.8.10/debian/changelog 2012-06-29 12:29:18.0 +0200
+++ nss-pam-ldapd-0.8.10/debian/changelog 2012-08-31 23:43:09.0 +0200
@@ -1,6 +1,17 @@
+nss-pam-ldapd (0.8.10-2) unstable; urgency=low
+
+ * fix typo in comment (thanks Caleb Callaway)
+ * install a ldapns.ldif in nslcd doc directory (closes: #674591)
+ * ensure that time is set before starting k5start to ensure that Kerberos
+ticket is granted (closes: #659227)
+ * properly parse and write configuration options with an optional map
+parameter during debconf configuration (LP: #1029062)
+
+ -- Arthur de Jong Fri, 31 Aug 2012 23:30:00 +0200
+
nss-pam-ldapd (0.8.10-1) unstable; urgency=low
- * New upstream release:
+ * new upstream release:
- documentation improvements
- fix a problem that causes the PAM module to prompt for a new password
even though the old one was wrong
@@ -38,7 +49,7 @@
- fix a problem in the handling of PAM requests in nslcd (closes: #670419)
- install the ldapns.schema in nslcd docs (closes: #669680)
* use the configuration file contents to determine the authentication
-type, not the debconf database (closes: #670133)
+type, not the debconf database (closes: #670133) (LP: #1000205)
* switch PAM account type to primary because it now does all the
authorisation checks that pam_unix also does
* drop functionality to check whether shadow information is exposed
diff -Nru nss-pam-ldapd-0.8.10/debian/ldapns.ldif nss-pam-ldapd-0.8.10/debian/ldapns.ldif
--- nss-pam-ldapd-0.8.10/debian/ldapns.ldif 1970-01-01 01:00:00.0 +0100
+++ nss-pam-ldapd-0.8.10/debian/ldapns.ldif 2012-08-31 12:37:15.0 +0200
@@ -0,0 +1,15 @@
+# LDAP Name Service Additional Schema
+# Source: pam_ldap package by Luke Howard converted to LDIF by Slavko
+# Has not been published in Internet Draft or RFC.
+
+dn: cn=ldapns,cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: ldapns
+olcAttributeTypes: {0}( 1.3.6.1.4.1.5322.17.2.1 NAME 'authorizedService' DESC
+ 'IANA GSS-API authorized service name' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.
+ 1.4.1.1466.115.121.1.15{256} )
+olcObjectClasses: {0}( 1.3.6.1.4.1.5322.17.1.1 NAME 'authorizedServiceObject'
+ DESC 'Auxiliary object class for adding authorizedService attribute' SUP top
+ AUXILIARY MAY authorizedService )
+olcObjectClasses: {1}( 1.3.6.1.4.1.5322.17.1.2 NAME 'hostObject' DESC 'Auxilia
+ ry object class for adding host attribute' SUP top AUXILIARY MAY host )
diff -Nru nss-pam-ldapd-0.8.10/debian/libnss-ldapd.config nss-pam-ldapd-0.8.10/debian/libnss-ldapd.config
--- nss-pam-ldapd-0.8.10/debian/libnss-ldapd.config 2012-01-20 17:05:16.0 +0100
+++ nss-pam-ldapd-0.8.10/debian/libnss-ldapd.config 2012-07-07 17:04:36.0 +0200
@@ -7,7 +7,7 @@
db_version 2.0
#
-# This is the fist part of the script. In this part an attempt
+# This is the first part of the script. In this part an attempt
# is made to get or guess the current configuration. This information
# is used later on to prompt the user and to provide a sensible
# default.
diff -Nru nss-pam-ldapd-0.8.10/debian/nslcd.config nss-pam-ldapd-0.8.10/debian/nslcd.config
--- nss-pam-ldapd-0.8.10/debian/nslcd.config 2012-05-09 22:56:09.0 +0200
+++ nss-pam-ldapd-0.8.10/debian/nslcd.config 2012-08-31 23:26:52.0 +0200
@@ -14,7 +14,7 @@
db_capb backup
#
-# This is the fist part of the script. In this part an attempt
+# Thi
Bug#682583: pu: package nss-pam-ldapd/0.7.15+squeeze2
On Fri, 2012-09-07 at 22:53 +0200, Philipp Kern wrote: > > (1) extra checking of overflows of numeric values retrieved from LDAP > > This change was developed and tested by Redhat and has been in > > upstream releases 0.7.16 and 0.8.4 (and is also present in the > > version currently in testing). > > The diff in 0.7.16 which should apply without issues to 0.7.15: > > http://arthurdejong.org/viewvc/nss-pam-ldapd?revision=1600&view=revision > > svn diff -c 1600 http://arthurdejong.org/svn/nss-pam-ldapd > > What's the consequence if we don't include this? I.e. what does this solve > exactly? It fixes the range checking code that is in place for checking numeric results from LDAP. For example it should now correctly reject negative values and some other out of range values instead of silently converting them to some other value. This change also includes proper length checking for the uid attribute (e.g. when the LDAP server would contain a value that would not fit in uid_t). > > (4) increase buffer size for pam_authz_search and ensure log message > > isn't cut short (this is Ubuntu bug #951343) > > These changes were in 0.7.16 and 0.8.7. > > The diffs: > > http://arthurdejong.org/viewvc/nss-pam-ldapd?revision=1629&view=revision > > http://arthurdejong.org/viewvc/nss-pam-ldapd?revision=1648&view=revision > > svn diff -c 1629 http://arthurdejong.org/svn/nss-pam-ldapd > > That seems gratious and is IMHO not suitable. Actually, this is the better part of the fix for this problem IMO. The problem was that only the first part of the string was logged. If the search was very long it would log: pam_authz_search "very log string that will eventually be cut off The increase in buffer size ensures that the cut-off is later but some syslog implementations have also been known to have a limited length for log messages. This change also ensures that the core of the message (that the filter is invalid) is at the front of the log message. The only downside I see from this is that if you have log filtering rules that pick up on this they will have to be changed. However, this error message should only appear if you make specific configuration errors in /etc/nslcd.conf. Thanks for reviewing! -- -- arthur - adej...@debian.org - http://people.debian.org/~adejong -- signature.asc Description: This is a digitally signed message part
Bug#684387: unblock: rabbitvcs/0.15.0.5-3
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package rabbitvcs. Version 0.15.0.5-3 was just uploaded to unstable which includes an upstream patch to support Subversion 1.7 working copies. As such it is part of the effort to get Subversion 1.7 in wheezy. Attached is a debdiff from the version currently in wheezy. Thanks. unblock rabbitvcs/0.15.0.5-3 -- -- arthur - adej...@debian.org - http://people.debian.org/~adejong -- diff -Nru rabbitvcs-0.15.0.5/debian/changelog rabbitvcs-0.15.0.5/debian/changelog --- rabbitvcs-0.15.0.5/debian/changelog 2012-03-21 23:09:27.0 +0100 +++ rabbitvcs-0.15.0.5/debian/changelog 2012-08-09 11:43:56.0 +0200 @@ -1,3 +1,18 @@ +rabbitvcs (0.15.0.5-3) unstable; urgency=low + + * Team upload. + * Upload to unstable targeted for wheezy. + + -- Arthur de Jong Thu, 09 Aug 2012 11:43:56 +0200 + +rabbitvcs (0.15.0.5-2) experimental; urgency=low + + * Team upload. + * Add 60_support_subversion_1.7.patch from upstream that adds support +for Subversion 1.7 working copies. + + -- Arthur de Jong Mon, 23 Jul 2012 21:32:41 +0200 + rabbitvcs (0.15.0.5-1) unstable; urgency=low * Team upload. diff -Nru rabbitvcs-0.15.0.5/debian/patches/60_support_subversion_1.7.patch rabbitvcs-0.15.0.5/debian/patches/60_support_subversion_1.7.patch --- rabbitvcs-0.15.0.5/debian/patches/60_support_subversion_1.7.patch 1970-01-01 01:00:00.0 +0100 +++ rabbitvcs-0.15.0.5/debian/patches/60_support_subversion_1.7.patch 2012-07-21 00:38:10.0 +0200 @@ -0,0 +1,45 @@ +Description: Support Subversion 1.7 working copies +Author: Adam Plumb +Origin: upstream, http://code.google.com/p/rabbitvcs/source/detail?r=3047 +Bug: http://code.google.com/p/rabbitvcs/issues/detail?id=601 +Bug: http://code.google.com/p/rabbitvcs/issues/detail?id=623 + +--- a/rabbitvcs/vcs/svn/__init__.py b/rabbitvcs/vcs/svn/__init__.py +@@ -276,6 +276,16 @@ + path = realpath(path) + return self.client.info(path) + ++def find_repository_path(self, path): ++path_to_check = path ++while path_to_check != "/" and path_to_check != "": ++if os.path.isdir(os.path.join(path_to_check, ".svn")): ++return path_to_check ++ ++path_to_check = os.path.split(path_to_check)[0] ++ ++return None ++ + def status(self, path, summarize=True, invalidate=False): + if path in self.cache: + if invalidate: +@@ -323,14 +333,17 @@ + return False + + def is_in_a_or_a_working_copy(self, path): +-return self.is_working_copy(path) or self.is_working_copy(os.path.split(path)[0]) ++if self.is_working_copy(path): ++return True ++ ++return (self.find_repository_path(os.path.split(path)[0]) != "") + + def is_versioned(self, path): + if self.is_working_copy(path): + return True + else: + # info will return nothing for an unversioned file inside a working copy +-if (self.is_working_copy(os.path.split(path)[0]) and ++if (self.is_in_a_or_a_working_copy(path) and + self.client_info(path)): + return True + diff -Nru rabbitvcs-0.15.0.5/debian/patches/series rabbitvcs-0.15.0.5/debian/patches/series --- rabbitvcs-0.15.0.5/debian/patches/series 2012-03-19 22:18:05.0 +0100 +++ rabbitvcs-0.15.0.5/debian/patches/series 2012-07-21 00:33:39.0 +0200 @@ -1,2 +1,3 @@ 50_fix_gedit3_plugin.patch +60_support_subversion_1.7.patch 99_setup.py.patch signature.asc Description: This is a digitally signed message part
Bug#682583: pu: package nss-pam-ldapd/0.7.15+squeeze2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: pu Dear stable release team, I would like to upload a new release of nss-pam-ldapd for squeeze that fixes a few bugs. The fixes below (apart from the first one) should all be very straightforward. (1) extra checking of overflows of numeric values retrieved from LDAP This change was developed and tested by Redhat and has been in upstream releases 0.7.16 and 0.8.4 (and is also present in the version currently in testing). The diff in 0.7.16 which should apply without issues to 0.7.15: http://arthurdejong.org/viewvc/nss-pam-ldapd?revision=1600&view=revision svn diff -c 1600 http://arthurdejong.org/svn/nss-pam-ldapd (2) fix gecos buffer length and make some other buffers have a consistent size (this is #640781) This change was in 0.8.5 and is scheduled for a next 0.7 upstream release. The bug reporter requested this change to go in a squeeze point release. The diff: http://arthurdejong.org/viewvc/nss-pam-ldapd?revision=1727&view=revision svn diff -c 1727 http://arthurdejong.org/svn/nss-pam-ldapd (3) fix two possible NULL pointer dereferences (not very common scenario) These changes were in 0.8.5 and are scheduled for a next 0.7 upstream release. The diffs: http://arthurdejong.org/viewvc/nss-pam-ldapd?revision=1728&view=revision http://arthurdejong.org/viewvc/nss-pam-ldapd?revision=1730&view=revision svn diff -c 1728 http://arthurdejong.org/svn/nss-pam-ldapd svn diff -c 1730 http://arthurdejong.org/svn/nss-pam-ldapd (4) increase buffer size for pam_authz_search and ensure log message isn't cut short (this is Ubuntu bug #951343) These changes were in 0.7.16 and 0.8.7. The diffs: http://arthurdejong.org/viewvc/nss-pam-ldapd?revision=1629&view=revision http://arthurdejong.org/viewvc/nss-pam-ldapd?revision=1648&view=revision svn diff -c 1629 http://arthurdejong.org/svn/nss-pam-ldapd svn diff -c 1648 http://arthurdejong.org/svn/nss-pam-ldapd Do you think any of the above are acceptable or unacceptable for a point release. If you like I can provide more background information or prepare a debdiff. Thanks, -- -- arthur - adej...@debian.org - http://people.debian.org/~adejong -- signature.asc Description: This is a digitally signed message part
Re: [Call for Test] Please test your package with python-svn/experimental (version 1.7.6-0.1)
On Mon, 2012-07-23 at 21:07 +0900, Hideki Yamane wrote: > > Any preference as to whether I upload to unstable or experimental (there > > is no dependency on the newer pysvn)? > > First, please upload to experimental and ask users (probably include > you :) to test with pysvn 1.7.5 in unstable. If there is no breakage, > then upload to unstable. I've made an upload to experimental. I've done some quick tests with this version and it seems to work fine but I don't really actively use it (I just did some cleanup of the packaging a few months back). If anyone that uses it more could test it, it would be great. -- -- arthur - adej...@debian.org - http://people.debian.org/~adejong -- signature.asc Description: This is a digitally signed message part
Re: [Call for Test] Please test your package with python-svn/experimental (version 1.7.6-0.1)
On Thu, 2012-07-19 at 06:53 +0900, Hideki Yamane wrote: > I've put pysvn 1.7.6 package to experimental, it is necessary update > to put Subversion1.7 to Wheezy. Your package seems to have a > dependency for this python-svn package, so please check it with > python-svn_1.7.6-0.1 in experimental. Thanks. I've had a look at rabbitvcs and while it works with python-svn 1.7.6-0.1 there is a problem with the fact that subversion 1.7 no longer ships a .svn directory in every subdirectory of a working copy. This has also been reported upstream and fixed in their repository. I've created a patch in the Python Applications Packaging Team svn repository: http://anonscm.debian.org/viewvc/python-apps/?view=revision&revision=8963 I've confirmed that this patches fixes the problems in the nautilus plugin and had a quick look at the other components and haven't found a problem. Any preference as to whether I upload to unstable or experimental (there is no dependency on the newer pysvn)? -- -- arthur - adej...@debian.org - http://people.debian.org/~adejong -- signature.asc Description: This is a digitally signed message part
Re: Consider blocking svn2cl
On Sun, 2012-07-15 at 17:26 +0200, Cyril Brulebois wrote: > assuming that by squeeze you actually meant wheezy: Hmm, yeah. I always get the names confused. Sorry about that. > svn2cl is installable in wheezy, there's no needed for subversion 1.7. Indeed it is but then subversion-tools would end up being removed. That means that users would have to choose between subversion-tools (shipping svn2cl 0.11) or the svn2cl package (0.13). > Well, if you depended on subversion (>= 1.7), migration to testing would > be “linked” through this dependency. Ok, but the dependency is not otherwise strictly needed for technical reasons. > I'm not sure what you want us to do here. I guess it depends on where you think the subversion package is headed. If 1.7 will will be part of wheezy (1) not much else will need to happen. If it will ship with 1.6, I think either the svn2cl package will have to be removed (2) to avoid user confusion or the svn2cl component would have to be removed from the subversion-tools package (3) in wheezy. My personal preference would be 1, 3, 2 but for all of these input from the release team is needed and at least for option 3 cooperation from the subversion packagers is needed (Cc'd). Thanks, -- -- arthur - adej...@debian.org - http://people.debian.org/~adejong -- signature.asc Description: This is a digitally signed message part
Consider blocking svn2cl
Hi release team, I recently uploaded an svn2cl package to provide functionality that was in the subversion-tools package before but has been moved out as of subversion 1.7. However, subversion 1.7 is currently blocked so it would be confusing to have an uninstallable (due to breaks/replaces) svn2cl package in squeeze if subversion 1.7 doesn't get in. Could you consider removing svn2cl from squeeze and link migration of svn2cl to the subversion transition so that they can migrate together (or is there some bug magic that I can do to make it work)? Thanks for your hard work, -- -- arthur - adej...@debian.org - http://people.debian.org/~adejong -- signature.asc Description: This is a digitally signed message part
Bug#649173: pu: package nss-pam-ldapd/0.7.16
On Fri, 2012-01-20 at 16:47 +, Adam D. Barratt wrote: > Please go ahead; thanks. The package was uploaded. Thanks. -- -- arthur - adej...@debian.org - http://people.debian.org/~adejong -- signature.asc Description: This is a digitally signed message part
Bug#649173: pu: package nss-pam-ldapd/0.7.16
On Fri, 2012-01-20 at 13:22 +, Adam D. Barratt wrote:
> A debdiff would be great, just for final checks; thanks.
Attached is a debdiff for 0.7.15+squeeze1 which includes all three
changes as discussed.
Thanks,
--
-- arthur - adej...@debian.org - http://people.debian.org/~adejong --
diff -Nru nss-pam-ldapd-0.7.15/debian/changelog nss-pam-ldapd-0.7.15+squeeze1/debian/changelog
--- nss-pam-ldapd-0.7.15/debian/changelog 2011-10-02 11:14:58.0 +0200
+++ nss-pam-ldapd-0.7.15+squeeze1/debian/changelog 2012-01-20 15:35:34.0 +0100
@@ -1,3 +1,13 @@
+nss-pam-ldapd (0.7.15+squeeze1) stable; urgency=low
+
+ * fix an issue where changes in /etc/nsswitch.conf were not correctly
+picked up and could lead to lookups being disabled on upgrade
+(closes: #645599)
+ * fix an issue with detecting the uid of the calling process
+ * fix a problem in the disconnect logic code
+
+ -- Arthur de Jong Fri, 20 Jan 2012 15:30:00 +0100
+
nss-pam-ldapd (0.7.15) stable; urgency=low
* in debconf, treat the "hard" value for tls_reqcert as if it was "demand"
diff -Nru nss-pam-ldapd-0.7.15/debian/libnss-ldapd.config nss-pam-ldapd-0.7.15+squeeze1/debian/libnss-ldapd.config
--- nss-pam-ldapd-0.7.15/debian/libnss-ldapd.config 2010-09-24 09:07:12.0 +0200
+++ nss-pam-ldapd-0.7.15+squeeze1/debian/libnss-ldapd.config 2012-01-20 11:27:43.0 +0100
@@ -14,11 +14,9 @@
#
# parse /etc/nsswitch.conf and see which services have ldap specified
-db_get libnss-ldapd/nsswitch
-if [ -z "$RET" ]
+configured=`sed -n 's/^\([a-z]*\):.*[[:space:]]ldap\([[:space:]].*\)\?/\1/p' /etc/nsswitch.conf`
+if [ -n "$configured" ]
then
- # find name services that currently use LDAP
- configured=`sed -n 's/^\([a-z]*\):.*[[:space:]]ldap\([[:space:]].*\)\?/\1/p' /etc/nsswitch.conf`
# separate by commas
configured=`echo $configured | sed 's/ /, /g'`
# store configured services
diff -Nru nss-pam-ldapd-0.7.15/nslcd/myldap.c nss-pam-ldapd-0.7.15+squeeze1/nslcd/myldap.c
--- nss-pam-ldapd-0.7.15/nslcd/myldap.c 2011-06-05 11:19:27.0 +0200
+++ nss-pam-ldapd-0.7.15+squeeze1/nslcd/myldap.c 2012-01-20 15:32:40.0 +0100
@@ -1198,7 +1198,7 @@
}
/* close connection on some connection problems */
if ((rc==LDAP_UNAVAILABLE)||(rc==LDAP_SERVER_DOWN)||(rc==LDAP_SUCCESS)||
-(rc==LDAP_TIMELIMIT_EXCEEDED)|(rc==LDAP_OPERATIONS_ERROR)||
+(rc==LDAP_TIMELIMIT_EXCEEDED)||(rc==LDAP_OPERATIONS_ERROR)||
(rc==LDAP_PROTOCOL_ERROR))
{
do_close(search->session);
diff -Nru nss-pam-ldapd-0.7.15/nslcd/nslcd.c nss-pam-ldapd-0.7.15+squeeze1/nslcd/nslcd.c
--- nss-pam-ldapd-0.7.15/nslcd/nslcd.c 2010-09-24 09:07:16.0 +0200
+++ nss-pam-ldapd-0.7.15+squeeze1/nslcd/nslcd.c 2012-01-20 15:23:49.0 +0100
@@ -357,9 +357,9 @@
TFILE *fp;
int32_t action;
struct timeval readtimeout,writetimeout;
- uid_t uid;
- gid_t gid;
- pid_t pid;
+ uid_t uid=(uid_t)-1;
+ gid_t gid=(gid_t)-1;
+ pid_t pid=(pid_t)-1;
/* indicate new connection to logging module (genrates unique id) */
log_newsession();
/* log connection */
signature.asc
Description: This is a digitally signed message part
Bug#649173: pu: package nss-pam-ldapd/0.7.16
On Thu, 2012-01-19 at 22:09 +, Adam D. Barratt wrote: > > To be clear, there are three changes up for consideration: > > > > (1) is #645599 which is essentially: > > > > http://arthurdejong.org/viewvc/nss-pam-ldapd/nss-pam-ldapd-0.7/debian/libnss-ldapd.config?r1=1209&r2=1555 > > (2) is a problem with not-initialised variables which is: > > > > http://arthurdejong.org/viewvc/nss-pam-ldapd/nss-pam-ldapd-0.7/nslcd/nslcd.c?r1=1209&r2=1559 > > (3) is a typo in error handling code: > > > > http://arthurdejong.org/viewvc/nss-pam-ldapd/nss-pam-ldapd-0.7/nslcd/myldap.c?r1=1469&r2=1561 > > Those are the changes I was referring to above when I said I'd be happy > to look at them, yes. Thanks. > The range checking patch could be okay, although given that we're > getting quite close to the end of the window for 6.0.4 I'm tempted to > say we'll look at it for a future update. Ok. > Are any of the other changes you mentioned which are fixed in 0.8 and > aren't particularly intrusive easily reviewable? The other fixes aren't in a released version yet so they will have to wait. > As I mentioned, the latter would be preferable as it makes the diff much > cleaner, targetted and easier to review. In retrospect, we possibly > should have raised that for the earlier updates. Ok, thanks. I've also been giving it some thought also and a 0.7.15+squeeze1 version would also allow me with some more freedom to release a new upstream 0.7.16 (not targeted at Debian). Please let me know if you want me to prepare a debdiff or do an upload and with which changes. Thanks for looking into this. -- -- arthur - adej...@debian.org - http://people.debian.org/~adejong -- signature.asc Description: This is a digitally signed message part
Bug#649173: pu: package nss-pam-ldapd/0.7.16
On Wed, 2012-01-18 at 13:42 +, Adam D. Barratt wrote: > If the two further changes included in the debdiff from > <1324994307.2556.15.ca...@sorbet.thuis.net> are resovled in unstable (if > appropriate) then I'd be happy to look at including those in a stable > update. I have to admit that, like Julien, I would prefer an update > that only includes the changes relevant to the bug fixes; I appreciate > this means a little more maintenance burden when you're dealing with a > native package. To be clear, there are three changes up for consideration: (1) is #645599 which is essentially: http://arthurdejong.org/viewvc/nss-pam-ldapd/nss-pam-ldapd-0.7/debian/libnss-ldapd.config?r1=1209&r2=1555 (2) is a problem with not-initialised variables which is: http://arthurdejong.org/viewvc/nss-pam-ldapd/nss-pam-ldapd-0.7/nslcd/nslcd.c?r1=1209&r2=1559 (3) is a typo in error handling code: http://arthurdejong.org/viewvc/nss-pam-ldapd/nss-pam-ldapd-0.7/nslcd/myldap.c?r1=1469&r2=1561 All three fixes were also made in 0.8.5 that are in both unstable and testing (though the fix for (1) in 0.8.5 was a little more intrusive: http://arthurdejong.org/viewvc/nss-pam-ldapd/nss-pam-ldapd/debian/libnss-ldapd.config?r1=1543&r2=1597 I also have a few more fixes that I would also like to fix in a 0.7 version. One of which is the range checking stuff in my second mail to the bug report and a few more that are contributed by Jakub Hrozek of Redhat (those patches are used at Redhat). Some of these changes are more intrusive. Not all of these are in a released 0.8 version yet. Which of the above fixes are OK for a stable update? This leaves the question of what version number to use. I could upload a 0.7.16 which would also include updates to the version number in the code and manual pages (like in the previous debdiffs) or a 0.7.15+squeeze1 version (which would only also change debian/changelog). Thanks for considering and thanks for reviewing this stuff, -- -- arthur - adej...@debian.org - http://people.debian.org/~adejong -- signature.asc Description: This is a digitally signed message part
Bug#649173: pu: package nss-pam-ldapd/0.7.16
On Thu, 2012-01-12 at 22:10 +0100, Julien Cristau wrote: > Any chance you could consider an upload with *just* the above change > (and a changelog entry), and without the version change noise in the > rest of your diff? I could do this but the other two functional changes, although not affecting many users, are bugs with simple and clear fixes. The range checking patch is a little bigger though. Is there any reason the other changes are inappropriate? I could upload a 0.7.15+squeeze1 package with just the one change (#645599, no version bumps) if you like but 0.7.16 would be easier for me to track versions. I'm planning on switching to non-native packaging to make these things simpler in the future. Attached is a debdiff for 0.7.15+squeeze1. Thanks. -- -- arthur - adej...@debian.org - http://people.debian.org/~adejong -- diff -Nru nss-pam-ldapd-0.7.15/debian/changelog nss-pam-ldapd-0.7.15+squeeze1/debian/changelog --- nss-pam-ldapd-0.7.15/debian/changelog 2011-10-02 11:14:58.0 +0200 +++ nss-pam-ldapd-0.7.15+squeeze1/debian/changelog 2012-01-15 09:36:25.0 +0100 @@ -1,3 +1,11 @@ +nss-pam-ldapd (0.7.15+squeeze1) stable; urgency=low + + * fix an issue where changes in /etc/nsswitch.conf were not correctly +picked up and could lead to lookups being disabled on upgrade +(closes: #645599) + + -- Arthur de Jong Sun, 15 Jan 2012 09:30:00 +0100 + nss-pam-ldapd (0.7.15) stable; urgency=low * in debconf, treat the "hard" value for tls_reqcert as if it was "demand" diff -Nru nss-pam-ldapd-0.7.15/debian/libnss-ldapd.config nss-pam-ldapd-0.7.15+squeeze1/debian/libnss-ldapd.config --- nss-pam-ldapd-0.7.15/debian/libnss-ldapd.config 2010-09-24 09:07:12.0 +0200 +++ nss-pam-ldapd-0.7.15+squeeze1/debian/libnss-ldapd.config 2012-01-15 09:29:32.0 +0100 @@ -14,11 +14,9 @@ # # parse /etc/nsswitch.conf and see which services have ldap specified -db_get libnss-ldapd/nsswitch -if [ -z "$RET" ] +configured=`sed -n 's/^\([a-z]*\):.*[[:space:]]ldap\([[:space:]].*\)\?/\1/p' /etc/nsswitch.conf` +if [ -n "$configured" ] then - # find name services that currently use LDAP - configured=`sed -n 's/^\([a-z]*\):.*[[:space:]]ldap\([[:space:]].*\)\?/\1/p' /etc/nsswitch.conf` # separate by commas configured=`echo $configured | sed 's/ /, /g'` # store configured services signature.asc Description: This is a digitally signed message part
Bug#649173: pu: package nss-pam-ldapd/0.7.16
On Fri, 2011-11-18 at 15:08 +0100, Arthur de Jong wrote: > I would like to upload a new release of nss-pam-ldapd for squeeze that > fixes a bugs that apparently locks some users out of their system. The > bug itself is not a regression in 0.7.15 but it is triggered in some > cases by the stable update. The bug is #645599. > > I think there is a similar bug in nslcd although the changes of it > showing up in normal cases is a lot slimmer than in the above bug and > the changes required are much bigger. I will try to get that fixed in > unstable first for a while (it is really tricky to support both > preseeding and properly picking up current configuration in debconf). I have two more small changes that I would like to push in an update (along with the issue above). The diff for both should be obvious and simple. The first is an issue with some not-initialised variables to fix an issue with detecting the uid of the calling process. The problem itself should only occur when looking up the uid failed for some reason. The second is typo which shouldn't cause many problems in usual cases. These two changes along with the previous change are in an updated attached nss-pam-ldapd-0.7.15-0.7.16.debdiff. I'm also considering another fix that correctly handles overflows in numeric values in the LDAP directory correctly. Redhat is using this patch for some time now but it is a bit more invasive than the other changes so I'd like your input on this. Details of this change are in nss-pam-ldapd-0.7-fix-range-checking.patch. Thanks, -- -- arthur - adej...@debian.org - http://people.debian.org/~adejong -- diff -Nru nss-pam-ldapd-0.7.15/ChangeLog nss-pam-ldapd-0.7.16/ChangeLog --- nss-pam-ldapd-0.7.15/ChangeLog 2011-10-02 11:10:27.0 +0200 +++ nss-pam-ldapd-0.7.16/ChangeLog 2011-12-27 11:47:09.0 +0100 @@ -1,3 +1,29 @@ +2011-12-09 13:58 arthur + + * [r1562] config.guess, config.sub: revert changes to config.guess + config.sub that were accidentaly part of r1561 + +2011-12-09 13:54 arthur + + * [r1561] ., config.guess, config.sub, nslcd/myldap.c: fix a typo + in disconnect logic (r1560 from 0.8 branch) + +2011-12-08 21:34 arthur + + * [r1559] nslcd/nslcd.c: properly ensure that uid, gid and pid vars + are properly initialised (part of r1558 from trunk) + +2011-11-18 13:02 arthur + + * [r1555] debian/libnss-ldapd.config: fix an issues where changes + to /etc/nsswitch.conf outside of debconf were not picked up + +2011-10-02 09:47 arthur + + * [r1549] ChangeLog, NEWS, configure.ac, debian/changelog, + man/nslcd.8.xml, man/nslcd.conf.5.xml, man/pam_ldap.8.xml: get + files ready for 0.7.15 release + 2011-10-02 09:09 arthur * [r1548] ., debian/nslcd.config: treat the "hard" value for diff -Nru nss-pam-ldapd-0.7.15/configure nss-pam-ldapd-0.7.16/configure --- nss-pam-ldapd-0.7.15/configure 2011-10-02 11:35:15.0 +0200 +++ nss-pam-ldapd-0.7.16/configure 2011-12-27 12:24:35.0 +0100 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.67 for nss-pam-ldapd 0.7.15. +# Generated by GNU Autoconf 2.67 for nss-pam-ldapd 0.7.16. # # Report bugs to . # @@ -562,8 +562,8 @@ # Identity of this package. PACKAGE_NAME='nss-pam-ldapd' PACKAGE_TARNAME='nss-pam-ldapd' -PACKAGE_VERSION='0.7.15' -PACKAGE_STRING='nss-pam-ldapd 0.7.15' +PACKAGE_VERSION='0.7.16' +PACKAGE_STRING='nss-pam-ldapd 0.7.16' PACKAGE_BUGREPORT='nss-pam-ldapd-us...@lists.arthurdejong.org' PACKAGE_URL='' @@ -1300,7 +1300,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures nss-pam-ldapd 0.7.15 to adapt to many kinds of systems. +\`configure' configures nss-pam-ldapd 0.7.16 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1371,7 +1371,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of nss-pam-ldapd 0.7.15:";; + short | recursive ) echo "Configuration of nss-pam-ldapd 0.7.16:";; esac cat <<\_ACEOF @@ -1485,7 +1485,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -nss-pam-ldapd configure 0.7.15 +nss-pam-ldapd configure 0.7.16 generated by GNU Autoconf 2.67 Copyright (C) 2010 Free Software Foundation, Inc. @@ -2045,7 +2045,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by nss-pam-ldapd $as_me 0.7.15, which was +It was created by nss-pam-ldapd $as_me 0.7.16, which was generated by GNU Autoconf 2.67. Invocation command line was $ $0 $@
Bug#649173: pu: package nss-pam-ldapd/0.7.16
_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/&/g'`" ac_cs_version="\\ -nss-pam-ldapd config.status 0.7.15 +nss-pam-ldapd config.status 0.7.16 configured by $0, generated by GNU Autoconf 2.67, with options \\"\$ac_cs_config\\" diff -Nru nss-pam-ldapd-0.7.15/configure.ac nss-pam-ldapd-0.7.16/configure.ac --- nss-pam-ldapd-0.7.15/configure.ac 2011-10-02 11:35:06.0 +0200 +++ nss-pam-ldapd-0.7.16/configure.ac 2011-11-18 14:25:31.0 +0100 @@ -32,8 +32,8 @@ configure.ac file for more details.]) # initialize and set version and bugreport address -AC_INIT([nss-pam-ldapd],[0.7.15],[nss-pam-ldapd-us...@lists.arthurdejong.org]) -RELEASE_MONTH="Oct 2011" +AC_INIT([nss-pam-ldapd],[0.7.16],[nss-pam-ldapd-us...@lists.arthurdejong.org]) +RELEASE_MONTH="Nov 2011" AC_SUBST(RELEASE_MONTH) AC_CONFIG_SRCDIR([nslcd.h]) diff -Nru nss-pam-ldapd-0.7.15/debian/changelog nss-pam-ldapd-0.7.16/debian/changelog --- nss-pam-ldapd-0.7.15/debian/changelog 2011-10-02 11:14:58.0 +0200 +++ nss-pam-ldapd-0.7.16/debian/changelog 2011-11-18 14:04:08.0 +0100 @@ -1,3 +1,11 @@ +nss-pam-ldapd (0.7.16) stable; urgency=low + + * fix an issue where changes in /etc/nsswitch.conf were not correctly +picked up and could lead to lookups being disabled on upgrade +(closes: #645599) + + -- Arthur de Jong Fri, 18 Nov 2011 14:03:11 +0100 + nss-pam-ldapd (0.7.15) stable; urgency=low * in debconf, treat the "hard" value for tls_reqcert as if it was "demand" diff -Nru nss-pam-ldapd-0.7.15/debian/libnss-ldapd.config nss-pam-ldapd-0.7.16/debian/libnss-ldapd.config --- nss-pam-ldapd-0.7.15/debian/libnss-ldapd.config 2010-09-24 09:07:12.0 +0200 +++ nss-pam-ldapd-0.7.16/debian/libnss-ldapd.config 2011-11-18 13:55:43.0 +0100 @@ -14,11 +14,9 @@ # # parse /etc/nsswitch.conf and see which services have ldap specified -db_get libnss-ldapd/nsswitch -if [ -z "$RET" ] +configured=`sed -n 's/^\([a-z]*\):.*[[:space:]]ldap\([[:space:]].*\)\?/\1/p' /etc/nsswitch.conf` +if [ -n "$configured" ] then - # find name services that currently use LDAP - configured=`sed -n 's/^\([a-z]*\):.*[[:space:]]ldap\([[:space:]].*\)\?/\1/p' /etc/nsswitch.conf` # separate by commas configured=`echo $configured | sed 's/ /, /g'` # store configured services diff -Nru nss-pam-ldapd-0.7.15/man/nslcd.8 nss-pam-ldapd-0.7.16/man/nslcd.8 --- nss-pam-ldapd-0.7.15/man/nslcd.8 2011-10-01 00:23:12.0 +0200 +++ nss-pam-ldapd-0.7.16/man/nslcd.8 2011-11-18 14:28:39.0 +0100 @@ -5,7 +5,7 @@ \\$2 \(la\\$1\(ra\\$3 .. .if \n(.g .mso www.tmac -.TH nslcd 8 "Oct 2011" "Version 0.7.15" "System Manager's Manual" +.TH nslcd 8 "Nov 2011" "Version 0.7.16" "System Manager's Manual" .SH NAME nslcd \- local LDAP name service daemon. .SH SYNOPSIS diff -Nru nss-pam-ldapd-0.7.15/man/nslcd.8.xml nss-pam-ldapd-0.7.16/man/nslcd.8.xml --- nss-pam-ldapd-0.7.15/man/nslcd.8.xml 2011-10-01 00:21:28.0 +0200 +++ nss-pam-ldapd-0.7.16/man/nslcd.8.xml 2011-11-18 14:25:23.0 +0100 @@ -36,9 +36,9 @@ nslcd 8 - Version 0.7.15 + Version 0.7.16 System Manager's Manual - Oct 2011 + Nov 2011 diff -Nru nss-pam-ldapd-0.7.15/man/nslcd.conf.5 nss-pam-ldapd-0.7.16/man/nslcd.conf.5 --- nss-pam-ldapd-0.7.15/man/nslcd.conf.5 2011-10-01 00:23:12.0 +0200 +++ nss-pam-ldapd-0.7.16/man/nslcd.conf.5 2011-11-18 14:28:39.0 +0100 @@ -5,7 +5,7 @@ \\$2 \(la\\$1\(ra\\$3 .. .if \n(.g .mso www.tmac -.TH nslcd.conf 5 "Oct 2011" "Version 0.7.15" "System Manager's Manual" +.TH nslcd.conf 5 "Nov 2011" "Version 0.7.16" "System Manager's Manual" .SH NAME nslcd.conf \- configuration file for LDAP nameservice daemon .SH DESCRIPTION diff -Nru nss-pam-ldapd-0.7.15/man/nslcd.conf.5.xml nss-pam-ldapd-0.7.16/man/nslcd.conf.5.xml --- nss-pam-ldapd-0.7.15/man/nslcd.conf.5.xml 2011-10-01 00:21:21.0 +0200 +++ nss-pam-ldapd-0.7.16/man/nslcd.conf.5.xml 2011-11-18 14:25:12.0 +0100 @@ -36,9 +36,9 @@ nslcd.conf 5 - Version 0.7.15 + Version 0.7.16 System Manager's Manual - Oct 2011 + Nov 2011 diff -Nru nss-pam-ldapd-0.7.15/man/pam_ldap.8 nss-pam-ldapd-0.7.16/man/pam_ldap.8 --- nss-pam-ldapd-0.7.15/man/pam_ldap.8 2011-10-01 00:23:12.0 +0200 +++ nss-pam-ldapd-0.7.16/man/pam_ldap.8 2011-11-18 14:28:39.0 +0100 @@ -5,7 +5,7 @@ \\$2 \(la\\$1\(ra\\$3 .. .if \n(.g .mso www.tmac -.TH pam_ldap 8 "Oct 2011" "Version 0.7.15" "System Manager's Manual" +.TH pam_ldap 8 "Nov 2011" "Version 0.7.16" "System Manager's Manual" .SH NAME pam_ldap \- PAM module for L
Re: Bug#642347: pu: package nss-pam-ldapd/0.7.14
On Wed, 2011-09-28 at 22:41 +0200, Philipp Kern wrote: > It still shows a debconf prompt, but I guess this is already better than no > fix > before we can push that stable update. Can you upload it? I've uploaded 0.7.15. Thanks. -- -- arthur - adej...@debian.org - http://people.debian.org/~adejong -- signature.asc Description: This is a digitally signed message part
Bug#641020: pu: package nss-pam-ldapd/0.7.14
Subject: pu: package nss-pam-ldapd/0.7.14
Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: pu
Severity: normal
Dear stable release team,
I would like to upload a new release of nss-pam-ldapd for squeeze that
fixes a few annoying bugs. These are all one or two-line changes that
have been available in the development series for some time now.
Attached is a debdiff.
I would also like to have your feedback on whether #619881 is suitable
for a squeeze update. It does introduce new functionality though it
shouldn't affect much of the existing code:
http://lists.arthurdejong.org/nss-pam-ldapd-commits/2010/msg00302.html
The bug log itself contains some arguments from users for fixing this in
squeeze.
Thanks,
--
-- arthur - adej...@debian.org - http://people.debian.org/~adejong --
diff -Nru nss-pam-ldapd-0.7.13/ChangeLog nss-pam-ldapd-0.7.14/ChangeLog
--- nss-pam-ldapd-0.7.13/ChangeLog 2010-12-11 22:57:09.0 +0100
+++ nss-pam-ldapd-0.7.14/ChangeLog 2011-09-09 13:18:47.0 +0200
@@ -1,3 +1,42 @@
+2011-08-24 20:45 arthur
+
+ * [r1516] ., nslcd/cfg.c: fix a problem with uninitialised memory
+ while parsing the tls_ciphers option (r1471 from development)
+
+2011-07-02 21:28 arthur
+
+ * [r1477] ., nslcd/group.c, nslcd/passwd.c, nslcd/shadow.c: grow
+ static buffers so that they should be large enough (part of r1476
+ from trunk)
+
+2011-06-05 09:18 arthur
+
+ * [r1472] ., common/expr.c, tests/test_expr.c: handle expressions
+ where the expander function returns NULL (handle it as an empty
+ string) (r1471 from development)
+
+2011-06-05 08:55 arthur
+
+ * [r1469] nslcd/myldap.c: fix r1465 to split attribute/value at
+ right place
+
+2011-05-21 14:54 arthur
+
+ * [r1465] ., nslcd/myldap.c: fix problem with partial attribute
+ name matches in DN (e.g. uid vs. uidNumber) (thanks to Timothy
+ White for the fix) (r1464 from trunk)
+
+2011-04-22 10:03 arthur
+
+ * [r1432] ., nslcd/myldap.c: report correct reported error from
+ ldap_abandon() (merge r1431 from development)
+
+2010-12-11 21:57 arthur
+
+ * [r1323] ChangeLog, NEWS, configure.ac, debian/changelog,
+ man/nslcd.8.xml, man/nslcd.conf.5.xml, man/pam_ldap.8.xml: get
+ files ready for 0.7.13 release
+
2010-12-11 20:11 arthur
* [r1321] ., nslcd/pam.c: return correct kind of error code from
diff -Nru nss-pam-ldapd-0.7.13/common/expr.c nss-pam-ldapd-0.7.14/common/expr.c
--- nss-pam-ldapd-0.7.13/common/expr.c 2010-09-24 09:07:17.0 +0200
+++ nss-pam-ldapd-0.7.14/common/expr.c 2011-06-05 11:19:27.0 +0200
@@ -93,6 +93,8 @@
if (parse_name(str,ptr,varname,sizeof(varname))==NULL)
return NULL;
varvalue=expander(varname,expander_arg);
+if (varvalue==NULL)
+ varvalue="";
if (str[*ptr]=='}')
{
/* simple substitute */
@@ -148,6 +150,8 @@
if (parse_name(str,ptr,varname,sizeof(varname))==NULL)
return NULL;
varvalue=expander(varname,expander_arg);
+if (varvalue==NULL)
+ varvalue="";
if (strlen(varvalue)>=buflen)
return NULL;
strcpy(buffer,varvalue);
diff -Nru nss-pam-ldapd-0.7.13/configure nss-pam-ldapd-0.7.14/configure
--- nss-pam-ldapd-0.7.13/configure 2010-12-11 22:52:05.0 +0100
+++ nss-pam-ldapd-0.7.14/configure 2011-09-09 15:35:05.0 +0200
@@ -1,12 +1,12 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.67 for nss-pam-ldapd 0.7.13.
+# Generated by GNU Autoconf 2.67 for nss-pam-ldapd 0.7.14.
#
# Report bugs to .
#
# Copyright (C) 2006 Luke Howard
# Copyright (C) 2006 West Consulting
-# Copyright (C) 2006, 2007, 2008, 2009, 2010 Arthur de Jong
+# Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Arthur de Jong
#
# This configure script is derived from configure.ac which is free software;
# you can redistribute it and/or modify it under the terms of the GNU Lesser
@@ -562,8 +562,8 @@
# Identity of this package.
PACKAGE_NAME='nss-pam-ldapd'
PACKAGE_TARNAME='nss-pam-ldapd'
-PACKAGE_VERSION='0.7.13'
-PACKAGE_STRING='nss-pam-ldapd 0.7.13'
+PACKAGE_VERSION='0.7.14'
+PACKAGE_STRING='nss-pam-ldapd 0.7.14'
PACKAGE_BUGREPORT='nss-pam-ldapd-us...@lists.arthurdejong.org'
PACKAGE_URL=''
@@ -1300,7 +1300,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures nss-pam-ldapd 0.7.13 to adapt to many kinds of systems.
+\`configure' configures nss-pam-ldapd 0.7.14 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1371,7 +1371,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of nss-pam-ldapd 0.7.13:";;
+ short | recursive ) echo "Con
Bug#640386: RM: trac-ja-resource/0.11.5.ja1-1
Subject: RM: trac-ja-resource/0.11.5.ja1-1 Package: release.debian.org User: release.debian@packages.debian.org Usertags: rm Severity: normal X-Debbugs-CC: trac-ja-resou...@packages.debian.org Dear release team, Please consider removing trac-ja-resource from testing to allow trac to migrate. trac-ja-resource is a language pack for trac and as such has a versioned dependency on trac 0.11 which prevents the 0.12 version from migrating. I've filed #637719 three weeks ago but there is no response from the maintainer so far. Thanks. -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (x86_64) Kernel: Linux 3.0.0-1-amd64 (SMP w/2 CPU cores) Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- -- arthur - art...@arthurdejong.org - http://arthurdejong.org -- signature.asc Description: This is a digitally signed message part
Bug#607360: unblock: nss-pam-ldapd/0.7.13
Subject: unblock: nss-pam-ldapd/0.7.13 Package: release.debian.org User: release.debian@packages.debian.org Usertags: freeze-exception Severity: normal Please unblock version 0.7.13 of nss-pam-ldapd. It has the following changes: * fix handling of idle_timelimit option * fix error code for problem while doing password modification The second change is rather minor but is just a one-line fix (the change in nslcd/pam.c) that should be obvious and without possible side effects. The first change is the RC one because it causes problems if the LDAP server closes the connection after a timeout. This confuses the reconnect-handling and timeout code and makes the LDAP server appear to be unavailable for some time. This is apparently common when using Microsoft Active Directory and makes it impossible to resolve user names (and anything else that comes from LDAP). A proper fix for this is in the works in the development version but that is much larger. The fix is for the workaround that is normally used for this (have the client side use a timeout). The problem was that timed out connections were never closed because the new search was started before trying to close the old connection. Some background for this problem is available here: http://lists.arthurdejong.org/nss-pam-ldapd-users/2010/msg00173.html (since this issue did not come in through the BTS it's not there) Thanks for considering. -- -- arthur - adej...@debian.org - http://people.debian.org/~adejong -- signature.asc Description: This is a digitally signed message part
Bug#600458: unblock: nss-pam-ldapd/0.7.11
On Sun, 2010-10-17 at 13:11 +0200, Philipp Kern wrote: > On Sun, Oct 17, 2010 at 12:54:05PM +0200, Arthur de Jong wrote: > > I have another pending change that fixes a problem when nslcd would hang > > under certain circumstances (using TLS and seeing a certain type of > > network problem during a search). This change is a little larger and was > > the result of missing a last part of #596983. > > > > It involves setting a timeout on the socket when closing the connection > > and ensuring that in all places that the connection is closed the same > > function is executed. It is a workaround for a bug in OpenLDAP when used > > with GnuTLS. The relevant change can be seen here: > > > > http://arthurdejong.org/viewvc/nss-pam-ldapd/nss-pam-ldapd/nslcd/myldap.c?r1=1276&r2=1275&pathrev=1276 > > (except the changes from line 690 onwards because they are specific to > > changes in the trunk) > > > > Do you want me to prepare an upload to unstable with the above change? > > Two issues in one bug report is a bit annoying. Please let the above > version migrate first. Since 0.7.11 migrated to testing I've uploaded a version 0.7.12 to unstable that fixes the remaining disconnect problems. > Workarounds like these are really hard to judge IMHO. But as the line 690+ > changes are irrelevant you can go ahead. The diff should be minimal. Only the first part of the diff (to nslcd.c) applies the actual timeout setting and only just before closing the connection. When that code hits no useful data should be sent over the connection anyway. The other changes just replace the call to ldap_unbind() with a call to do_close() which ensures that unbinds are done the same way in every case. If you need more background feel free to ask. Thanks for your work. -- -- arthur - adej...@debian.org - http://people.debian.org/~adejong -- signature.asc Description: This is a digitally signed message part
Bug#600458: unblock: nss-pam-ldapd/0.7.11
Subject: unblock: nss-pam-ldapd/0.7.11 Package: release.debian.org User: release.debian@packages.debian.org Usertags: freeze-exception Severity: normal Please unblock version 0.7.11 of nss-pam-ldapd. It has the following changes: * updated Vietnamese debconf translation by Clytie Siddall (closes: #598500) * grow the buffer for the PAM ruser to not reject logins for users with a ruser including a domain part (closes: #600065) It is debatable whether the second one is really RC but it prevents certain users from logging in and is a very minor change (one line in nslcd/pam.c). I have another pending change that fixes a problem when nslcd would hang under certain circumstances (using TLS and seeing a certain type of network problem during a search). This change is a little larger and was the result of missing a last part of #596983. It involves setting a timeout on the socket when closing the connection and ensuring that in all places that the connection is closed the same function is executed. It is a workaround for a bug in OpenLDAP when used with GnuTLS. The relevant change can be seen here: http://arthurdejong.org/viewvc/nss-pam-ldapd/nss-pam-ldapd/nslcd/myldap.c?r1=1276&r2=1275&pathrev=1276 (except the changes from line 690 onwards because they are specific to changes in the trunk) Do you want me to prepare an upload to unstable with the above change? Thanks for considering. -- -- arthur - adej...@debian.org - http://people.debian.org/~adejong -- signature.asc Description: This is a digitally signed message part
Bug#598148: unblock: nss-pam-ldapd/0.7.10
Subject: unblock: nss-pam-ldapd/0.7.10 Package: release.debian.org User: release.debian@packages.debian.org Usertags: freeze-exception Severity: normal Sorry to bother you guys with yet another unblock request but can you please unblock nss-pam-ldapd? It fixes a problem (#596983) with the way some network problems are handled. In some cases the nslcd daemon does not fail over correctly. The change consists of two parts (in nslcd/myldap.c): - combine error handling for timeout, explicit error and unexpected result - disconnect on more error conditions (and automatically reconnect and fail-over if applicable) I think the change is rather minimal and it passes all tests in my test environment (including the new test that came up in #596983). Thanks for considering (why do all these bugs show up during the freeze). -- -- arthur - adej...@debian.org - http://people.debian.org/~adejong -- signature.asc Description: This is a digitally signed message part
Bug#595779: unblock: cvsd/1.0.20
retitle 595779 unblock: cvsd/1.0.21 thanks On Tue, 2010-09-07 at 23:03 +0200, Julien Cristau wrote: > On Tue, Sep 7, 2010 at 21:50:14 +0200, Arthur de Jong wrote: > > The daemon does a call to getaddrinfo() to figure out which addresses it > > should listen on and tries each one. Currently at least one bind() of > > the returned addresses should succeed, other failures are ignored. > > I can't see any reason for bind() failure to not be fatal... I think when the original code was written I implemented in a similar fashion as other daemons at the time. At least sshd currently still only logs bind() failures and doesn't bail out. It only bails out if no address can be bound at all (which cvsd also does). > > Ignoring bind() failures used to be necessary when not using > > IPV6_V6ONLY. Without it both IPv6 and IPv4 addresses were returned and > > the bind on the IPv4 address would always fail if the IPv6 one > > succeeded. cvsd 1.0.20 only changes which failures are ignored. > > They should both succeed if done in the right order, iirc (meaning the > order they're returned from getaddrinfo() with AI_PASSIVE). And in any > case they should both succeed with IPV6_V6ONLY set. If getaddrinfo() returns an IPv6 address and an IPv4 address the bind() for the IPv4 address will fail unless IPV6_V6ONLY is set or the net.ipv6.bindv6only sysctl is set to 1. Between lenny and squeeze getaddrinf() was changed to return the IPv4 address first. Without IPV6_V6ONLY and the sysctl the second bind() will still fail. Anyway, I've uploaded cvsd 1.0.21 to unstable that logs an error on any bind() failure and bails out. -- -- arthur - adej...@debian.org - http://people.debian.org/~adejong -- signature.asc Description: This is a digitally signed message part
Bug#595779: unblock: cvsd/1.0.20
On Mon, 2010-09-06 at 23:37 +0200, Julien Cristau wrote: > On Mon, Sep 6, 2010 at 18:13:59 +0200, Arthur de Jong wrote: > > Please unblock package cvsd. The 1.0.20 contains a fix for mixing IPv4 > > and IPv6 sockets regardless of the order of addresses returned by > > getaddrinfo() (which changed between lenny and squeeze) and the > > net.ipv6.bindv6only sysctl. > > Ignoring failure from bind(2) seems like a pretty bad idea. The daemon does a call to getaddrinfo() to figure out which addresses it should listen on and tries each one. Currently at least one bind() of the returned addresses should succeed, other failures are ignored. Ignoring bind() failures used to be necessary when not using IPV6_V6ONLY. Without it both IPv6 and IPv4 addresses were returned and the bind on the IPv4 address would always fail if the IPv6 one succeeded. cvsd 1.0.20 only changes which failures are ignored. Perhaps it is now also possible, since we're using IPV6_V6ONLY and AI_ADDRCONFIG, to log all bind() failures (or even bail out on all failures) but I'm not 100% sure if that will work on all platforms so that's why I didn't go that far with the change. I think sticking with the previous functionality is the safest at this point but if you think switching to errorring out or logging as error is better, I'm also fine with that and would upload a version with that change. Anyway, thanks for your review. Your work is much appreciated. -- -- arthur - adej...@debian.org - http://people.debian.org/~adejong -- signature.asc Description: This is a digitally signed message part
Bug#595779: unblock: cvsd/1.0.20
Subject: unblock: cvsd/1.0.20 Package: release.debian.org User: release.debian@packages.debian.org Usertags: freeze-exception Severity: normal Please unblock package cvsd. The 1.0.20 contains a fix for mixing IPv4 and IPv6 sockets regardless of the order of addresses returned by getaddrinfo() (which changed between lenny and squeeze) and the net.ipv6.bindv6only sysctl. The diff is pretty minimal. More background information can be found here: https://bugs.launchpad.net/ubuntu/+source/cvsd/+bug/622035 http://lists.arthurdejong.org/cvsd-users/2010/msg0.html Thanks. -- -- arthur - adej...@debian.org - http://people.debian.org/~adejong -- signature.asc Description: This is a digitally signed message part
Re: updated packages for squeeze
On Thu, 2010-08-19 at 22:22 +0200, Arthur de Jong wrote: > On Thu, 2010-08-19 at 10:15 +0100, Julien Cristau wrote: > > For nss-pam-ldapd: > [...] > > $with_nslcd_socket should be $with_nss_ldap_soname. > [...] > > s/rpcent/nss_status/ > > Thanks, fixed in svn. Luckily it doesn't affect the Debian package. I'll > upload an updated nss-pam-ldapd package after the 27th. I'll send > another mail to debian-release then. nss-pam-ldapd 0.7.9 is now available in unstable. It fixes the above bug, has a couple of debconf template fixes and the updated translations for the template changes introduced in 0.7.8. Most translations are now up-to-date but I haven't seen any activity from the language teams of the missing languages so I don't expect to get more translations very soon. Can you let 0.7.9 in squeeze? Thanks. -- -- arthur - adej...@debian.org - http://people.debian.org/~adejong -- signature.asc Description: This is a digitally signed message part
Re: updated packages for squeeze
On Thu, 2010-08-19 at 10:15 +0100, Julien Cristau wrote: > cvsd unblocked. Thanks. > For nss-pam-ldapd: [...] > $with_nslcd_socket should be $with_nss_ldap_soname. [...] > s/rpcent/nss_status/ Thanks, fixed in svn. Luckily it doesn't affect the Debian package. I'll upload an updated nss-pam-ldapd package after the 27th. I'll send another mail to debian-release then. -- -- arthur - adej...@debian.org - http://people.debian.org/~adejong -- signature.asc Description: This is a digitally signed message part
Re: updated packages for squeeze
On Tue, 2010-08-17 at 21:19 +0200, Julien Cristau wrote: > Thanks, please ping us again when the package is accepted to get the > unblock. Both cvsd 1.0.19 and nss-pam-ldapd 0.7.8 are now both in unstable. Translations for nss-pam-ldapd are coming in now. Is there a date before which you prefer to have the version with all translations included (I've put Friday, 27th of August in the call for translations)? -- -- arthur - adej...@debian.org - http://people.debian.org/~adejong -- signature.asc Description: This is a digitally signed message part
Re: updated packages for squeeze
On Tue, 2010-08-17 at 00:16 +0200, Julien Cristau wrote: > On Sun, Aug 15, 2010 at 13:15:59 +0200, Arthur de Jong wrote: > > cvsd (1.0.19) UNRELEASED; urgency=low > > I'd avoid the package format change if possible. The rest sounds fine. I thought there weren't any meaningful differences between 1.0 (native) and 3.0 (native)? Anyway, I'll switch back to 1.0 (keeping the debian/source/format file) and upload to unstable. > > nss-pam-ldapd (0.7.8) UNRELEASED; urgency=low > > Seems ok. I'm not sure about modifying nsswitch.conf, but the devil is > probably in the details. The postinst and postrm of libnss-ldapd already do this (that is also where the code to do the actual modification came from so it should be well tested). A discussion on whether this is ok can be found here: http://lists.debian.org/debian-devel/2007/02/msg00076.html > Please request translations early though, if not already done. I've asked for an English review first (which gave very useful feedback) and will send out a call for translations shortly. In the mean time I'll upload the changes above so people can test. > > python-stdnum (0.2-1) UNRELEASED; urgency=low > > Will probably remove it, then. That is probably the best, please remove python-stdnum from squeeze. Thanks for the reply and thanks for all the hard work. -- -- arthur - adej...@debian.org - http://people.debian.org/~adejong -- signature.asc Description: This is a digitally signed message part
updated packages for squeeze
I'm a bit late with this but I didn't have the time and energy before my
vacation and some things came up very late. Do you think I can get the
following changes into squeeze (I haven't uploaded to unstable yet):
cvsd (1.0.19) UNRELEASED; urgency=low
* cvsd-buildroot: ignore commented out lines in CVSROOT/passwd files
* cvsd-buildroot: set an umask for generated files
* some documentation updates
* change init script dependency on $remote_fs (for /usr) from Should
to Required (thanks lintian)
* upgrade to standards-version 3.9.1 (no changes needed)
* switch to "3.0 (native)" format
These are not extremely critical but all are very minor changes and it
would be nice to get them fixed for the next stable release. The init
script change addresses a release goal.
nss-pam-ldapd (0.7.8) UNRELEASED; urgency=low
* minor portability improvements and cleanups (thanks Alexander V.
Chernikov and Ted C. Cheng)
* don't expand variables in rest of ${var:-rest} and ${var:+rest}
expressions if it is not needed (closes: #592320)
* libpam-ldapd.postinst: offer to add ldap to shadow in nsswitch.conf
if a potential broken configuration is found (closes: #592104)
* merge the suggests of libnss-ldapd and libpam-ldapd into those of
the nslcd package to have a single consistent list of PAM
alternatives for libnss-ldapd (closes: #591773)
* add libpam-sss as an alternative to libpam-ldapd (closes: #591773)
* upgrade to standards-version 3.9.1 (no changes needed)
#592320 is minor but a very simple fix, #592104 is important and could
affect a number of users and may be hard to track down for users,
#591773 is important for Debian Edu and all other changes are very minor
and well tested. The change for #592104 will probably require another
upload with translation updates.
python-stdnum (0.2-1) UNRELEASED; urgency=low
* New upstream release:
- rename validate() function to is_valid() for all modules
- handle wrong types passed to is_valid() more gracefully
- add more tests and fix some minor bugs
Neither of these is critical but I would rather not have python-stdnum
0.1 in stable. This package is not important for stable, there are no
reverse dependencies yet and it is very new. Perhaps removing it from
squeeze is the best.
Should I upload these packages to unstable? Thanks for your time.
--
-- arthur - adej...@debian.org - http://people.debian.org/~adejong --
signature.asc
Description: This is a digitally signed message part
Re: Bug#552433: stable update: nss-ldapd (#552433: libnss-ldapd: ignores case of uids)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sun, 2009-12-06 at 17:48 +0100, Arthur de Jong wrote: I have prepared a 0.6.7.2 version which can be found here: [2], [3]. The debdiff is attached (9 source files changed, 133 insertions and 151 deletions). Please go ahead. Thanks, I will upload an updated package to proposed-updates this weekend. - -- - -- arthur - adej...@debian.org - http://people.debian.org/~adejong -- -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAksonTgACgkQVYan35+NCKdCygCg6yvIkCiIKQIqYoitEErZLeyy GFAAnj0UuIjfJawZR2omv6fA42bqeo8U =/Ajb -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
stable update: nss-ldapd (#552433: libnss-ldapd: ignores case of uids)
I brought up bug #552433 here earlier [0] and have been in contact with
the security team about this but haven't had a definite answer from them
whether they want (or don't want) to issue an advisory for this.
I'm now convinced this is a security problem because it can result in
wrong privileges to be assigned and in denial of service (see [1] for
more information). Since I haven't heard back from the security team in
a month (I've sent several pings) I guess it should go through
proposed-updates.
I have prepared a 0.6.7.2 version which can be found here: [2], [3]. The
debdiff is attached (9 source files changed, 133 insertions and 151
deletions).
I it OK to upload this to proposed-updates?
[0] http://lists.debian.org/debian-release/2009/10/msg00242.html
[1] http://arthurdejong.org/nss-pam-ldapd/news.html#20091122
[2] http://arthurdejong.org/viewvc/nss-pam-ldapd/nss-ldapd-0.6.7.2/
[3] http://arthurdejong.org/svn/nss-pam-ldapd/nss-ldapd-0.6.7.2/
--
-- arthur - adej...@debian.org - http://people.debian.org/~adejong --
diff -Nru nss-ldapd-0.6.7.1/debian/changelog nss-ldapd-0.6.7.2/debian/changelog
--- nss-ldapd-0.6.7.1/debian/changelog 2009-03-21 10:48:50.0 +0100
+++ nss-ldapd-0.6.7.2/debian/changelog 2009-11-07 12:04:10.0 +0100
@@ -1,6 +1,14 @@
-nss-ldapd (0.6.7.1) stable-security; urgency=high
+nss-ldapd (0.6.7.2) stable-security; urgency=low
* security upload
+ * perform case-sensitive filtering for group, netgroup, passwd, protocols,
+rpc, services and shadow lookups (closes: #552433)
+
+ -- Arthur de Jong Thu, 07 Nov 2009 12:00:00 +0100
+
+nss-ldapd (0.6.7.1) stable-security; urgency=high
+
+ * security upload (CVE-2009-1073)
* fix the permissions of /etc/nss-ldapd.conf to not be world readable
(file can be used to store LDAP password) (closes: #520476)
diff -Nru nss-ldapd-0.6.7.1/nslcd/alias.c nss-ldapd-0.6.7.2/nslcd/alias.c
--- nss-ldapd-0.6.7.1/nslcd/alias.c 2009-03-21 09:40:45.0 +0100
+++ nss-ldapd-0.6.7.2/nslcd/alias.c 2009-11-05 21:34:55.0 +0100
@@ -92,34 +92,27 @@
static int write_alias(TFILE *fp,MYLDAP_ENTRY *entry,const char *reqalias)
{
int32_t tmpint32,tmp2int32,tmp3int32;
- const char *tmparr[2];
const char **names,**members;
int i;
/* get the name of the alias */
- if (reqalias!=NULL)
+ names=myldap_get_values(entry,attmap_alias_cn);
+ if ((names==NULL)||(names[0]==NULL))
{
-names=tmparr;
-names[0]=reqalias;
-names[1]=NULL;
- }
- else
- {
-names=myldap_get_values(entry,attmap_alias_cn);
-if ((names==NULL)||(names[0]==NULL))
-{
- log_log(LOG_WARNING,"alias entry %s does not contain %s value",
- myldap_get_dn(entry),attmap_alias_cn);
- return 0;
-}
+log_log(LOG_WARNING,"alias entry %s does not contain %s value",
+myldap_get_dn(entry),attmap_alias_cn);
+return 0;
}
/* get the members of the alias */
members=myldap_get_values(entry,attmap_alias_rfc822MailMember);
/* for each name, write an entry */
for (i=0;names[i]!=NULL;i++)
{
-WRITE_INT32(fp,NSLCD_RESULT_SUCCESS);
-WRITE_STRING(fp,names[i]);
-WRITE_STRINGLIST(fp,members);
+if ((reqalias==NULL)||(strcasecmp(reqalias,names[i])==0))
+{
+ WRITE_INT32(fp,NSLCD_RESULT_SUCCESS);
+ WRITE_STRING(fp,names[i]);
+ WRITE_STRINGLIST(fp,members);
+}
}
return 0;
}
diff -Nru nss-ldapd-0.6.7.1/nslcd/ether.c nss-ldapd-0.6.7.2/nslcd/ether.c
--- nss-ldapd-0.6.7.1/nslcd/ether.c 2009-03-21 09:40:45.0 +0100
+++ nss-ldapd-0.6.7.2/nslcd/ether.c 2009-11-05 21:34:55.0 +0100
@@ -122,21 +122,12 @@
const char **names,**ethers;
int i,j;
/* get the name of the ether entry */
- if (reqname!=NULL)
+ names=myldap_get_values(entry,attmap_ether_cn);
+ if ((names==NULL)||(names[0]==NULL))
{
-names=tmparr;
-names[0]=reqname;
-names[1]=NULL;
- }
- else
- {
-names=myldap_get_values(entry,attmap_ether_cn);
-if ((names==NULL)||(names[0]==NULL))
-{
- log_log(LOG_WARNING,"ether entry %s does not contain %s value",
- myldap_get_dn(entry),attmap_ether_cn);
- return 0;
-}
+log_log(LOG_WARNING,"ether entry %s does not contain %s value",
+myldap_get_dn(entry),attmap_ether_cn);
+return 0;
}
/* get the addresses */
if (reqether!=NULL)
@@ -158,12 +149,13 @@
}
/* write entries for all names and addresses */
for (i=0;names[i]!=NULL;i++)
-for (j=0;ethers[j]!=NULL;j++)
-{
- WRITE_INT32(fp,NSLCD_RESULT_SUCCESS);
- WRITE_STRING(fp,names[i]);
- WRITE_ETHER(fp,ethers[j]);
-}
+if ((reqname==NULL)||(strcasecmp(reqname,names[i])==0))
+ for (j=0;ethers[j]!=NULL;j++)
+ {
+WRITE_INT32(fp,NSLCD_RESULT_SUCCESS);
+WRITE_STRING(fp,names[i]);
+WRITE_ETHER(fp,ethers[j]);
+ }
return 0;
}
Re: Bug#552433: Fwd: Bug#552433: libnss-ldapd: ignores case of uids
On Thu, 2009-11-05 at 17:32 +0100, Petter Reinholdtsen wrote: > I really hope you find time to fix this in Lenny, as it affects Debian > Edu. The issue is also a security issue, where users can by-pass > netgroup based limitations by changing the case of the username they use > when logging in. See > http://bugs.skolelinux.org/show_bug.cgi?id=1383 > for more > information about that facet of this problem. Thanks for pointing this out and providing the link. I will contact the security team and prepare an update. It is strange though that the group membership is lost because I would think those lookups would also be case-insensitive. I noticed the case-insensitive problem before (that's why it's fixed in 0.6.11) but not the group-membership problem. -- -- arthur - adej...@debian.org - http://people.debian.org/~adejong -- signature.asc Description: This is a digitally signed message part
Fwd: Bug#552433: libnss-ldapd: ignores case of uids
Dear stable release team, A user reported a bug (#552433) against libnss-ldapd which causes some problems and asked if a fix can be made available in a stable update. I can probably backport the fix to version 0.6.7.1 but I wanted to know if such a fix will be considered a candidate for proposed-updates before putting in the effort. I'm not 100% sure I completely agree with the severity but in a multi-user system one user can "pollute" the nscd cache which causes problems for another user user which is not good. A little more info is in the bugreport. Btw, the commit that implements this functionality can be found here: http://arthurdejong.org/viewvc/nss-pam-ldapd?view=rev&revision=934 I haven't tested yet if it applies correctly to 0.6.7.1 but it is not very small (9 files changed, 133 insertions, 151 deletions, excluding documentation and tests). Thanks. -- -- arthur - adej...@debian.org - http://people.debian.org/~adejong -- signature.asc Description: This is a digitally signed message part
Re: Unblock request for nss-ldapd 0.6.7
On Wed, 2008-11-19 at 20:20 +0100, Adeodato Simó wrote: > * Arthur de Jong [Tue, 18 Nov 2008 00:13:38 +0100]: > > Dear release managers, > > > > Please unblock nss-ldapd 0.6.7 to allow it to migrate into lenny. > > Already unblocked by Luk. Thanks. > -- -- arthur - [EMAIL PROTECTED] - http://people.debian.org/~adejong -- signature.asc Description: This is a digitally signed message part
Unblock request for nss-ldapd 0.6.7
Dear release managers,
Please unblock nss-ldapd 0.6.7 to allow it to migrate into lenny. The
changelog is:
Source: nss-ldapd
Binary: libnss-ldapd
Version: 0.6.7
Distribution: unstable
Urgency: low
Maintainer: Arthur de Jong <[EMAIL PROTECTED]>
Closes: 505384
Changes:
nss-ldapd (0.6.7) unstable; urgency=low
.
* a fix for a problem in debconf configuration that would ignore user input
and use automatically detected values instead (closes: 505384)
This release contains a fix in the debian/libnss-ldapd.config file that
ensures that user input (through debconf) is actually used when
installing the package for the first time (see the bugreport for more
details).
For the exact changes between release 0.6.6 and 0.6.7 see:
svn diff http://arthurenhella.demon.nl/svn/nss-ldapd/nss-ldapd-0.6.{6,7}
I believe this fix is important enough to let the new version into
lenny.
Thanks.
--
-- arthur - [EMAIL PROTECTED] - http://people.debian.org/~adejong --
signature.asc
Description: This is a digitally signed message part
Unblock request for nss-ldapd 0.6.6
Dear release managers,
Please consider unblocking nss-ldapd 0.6.6 to allow it to migrate into
testing. The changelog is:
Source: nss-ldapd
Version: 0.6.6
Distribution: unstable
Urgency: low
Maintainer: Arthur de Jong <[EMAIL PROTECTED]>
Closes: 488635 499892 504142
Changes:
nss-ldapd (0.6.6) unstable; urgency=low
.
* clarify relationship to nss_ldap in package description (closes: #499892)
* fix test for nscd init script in postinst (closes: #504142)
* allow spaces in user and group names (closes: #488635)
* if ldap_set_option() fails log the option name instead of number
* retry connecting to LDAP server in more cases
The release does not contain any new features, does contain some
documentation fixes (one corrected inaccuracy and some spelling fixes)
and contains a total of 5 one-line code changes.
For exact details of what changed in the source package after 0.6.5 do:
svn diff http://arthurenhella.demon.nl/svn/nss-ldapd/nss-ldapd-0.6.{5,6}
I believe none of the changes should cause any regressions and this
version fixes an RC bug (#504142).
Thanks.
--
-- arthur - [EMAIL PROTECTED] - http://people.debian.org/~adejong --
signature.asc
Description: This is a digitally signed message part
Please unblock nss-ldapd
Hi,
I have uploaded nss-ldapd 0.6.5 to unstable which just includes two new
debconf translations but otherwise should be identical to 0.6.4 which is
already in testing.
Debdiff:
File lists identical on package level (after any substitutions)
Control files: lines which differ (wdiff format)
Installed-Size: [-236-] {+300+}
Version: [-0.6.4-] {+0.6.5+}
Other info (including changelog):
http://packages.qa.debian.org/nss-ldapd
Please allow version 0.6.5 to migrate to testing. Thanks.
--
-- arthur - [EMAIL PROTECTED] - http://people.debian.org/~adejong --
signature.asc
Description: This is a digitally signed message part
please consider letting my packages in
I have recently uploaded new versions of two of my packages. They fix some problems but are not release critical. I seem to have missed the freeze by a few days so they will not automatically propagate to sarge. randomize-lines - fixes a problem with reading and writing streams (http://bugs.debian.org/305782) cvsd - fixes a bug that affects systems with lib64 directories, the amd64 people will probably be happy to get this in sarge (originally http://bugs.debian.org/298460) plus some documentation fixes Again, both bugs are probably not release critical but introducing these packages in sarge should not produce any problems (the changes are minor). Both packages are priority optional and have no reverse depends. Just trying to get my packages in the best shape possible in sarge. Any chance to let these packages in sarge? (just flame me if this mail is inappropriate) -- -- arthur - [EMAIL PROTECTED] - http://people.debian.org/~adejong -- signature.asc Description: This is a digitally signed message part
