Changelog for
nss-pam-ldapd-0.8.10-16.1.i586.rpm :
Fri Apr 26 14:00:00 2013 mmeisterAATTsuse.com
- Added autoreconf -i option to fix build with new automake
Wed Mar 13 13:00:00 2013 varkolyAATTsuse.com
- bnc#804682 - VUL-0: CVE-2013-0288: nss-pam-ldapd: FD_SET array index
error, leading to stack-based buffer overflow
Fri Aug 17 14:00:00 2012 larsAATTsamba.org
- Update to 0.8.10:
* documentation improvements
* fix a problem that causes the PAM module to prompt for a new password even
though the old one was wrong
* log successful password change in nslcd
* install default configuration file with reduced permissions (further
protection for CVE-2009-1073)
- The 0.8 series has a few advantages over the 0.7 series. Apart from numerous
small improvements and new features the biggest changes are:
* introduction of pynslcd, an experimental alternative for nslcd
* addition of a validnames option
* checking shadow attributes for PAM authorisation
* support mapping to the objectSid attribute
* support pam_unix when not getting shadow information from LDAP
- Add configure option --with-pam-seclib-dir
Fri Dec 2 13:00:00 2011 cooloAATTsuse.com
- add automake as buildrequire to avoid implicit dependency
Tue Aug 2 14:00:00 2011 ajAATTsuse.de
- Create ghost /var/run/nslcd to fix build failure.
Tue Jan 4 13:00:00 2011 seife+obsAATTb1-systems.com
- update to 0.7.13:
* fix handling of idle_timelimit option
* fix error code for problem while doing password modification
- fix build for pre-11.3 systems
Tue Nov 16 13:00:00 2010 rhaferAATTnovell.com
- Renamed to nss-pam-ldapd to reflect upstream rename
- Updated to 0.7.12:
* rename software to nss-pam-ldapd to indicate that PAM module
is now a standard part of the software
* the PAM module is now built by default
* the default configuration file name has been changed to
/etc/nslcd.conf
Mon Feb 1 13:00:00 2010 jengelhAATTmedozas.de
- package baselibs.conf
Wed Aug 26 14:00:00 2009 mlsAATTsuse.de
- make patch0 usage consistent
Tue Jun 30 14:00:00 2009 rhaferAATTnovell.com
- Updated to 0.6.10:
* implement searching through multiple search bases, based on a
patch by Leigh Wedding
* fix a segmentation fault that could occur when using any of
the tls_
* options with a string parameter
* the code for reading and writing protocol entries between the
NSS module and the daemon was improved
* documentation updates
* removed SSL/TLS related warnings during startup
* produce more detailed logging in debug mode and allow
multiple -d options to be specified to also include logging
from the LDAP library
* some LDAP configuration options are now initialized globally
instead of per connection which should fix problems with the
tls_reqcert option
* documentation improvements for the NSLCD protocol used between
the NSS module and the nslcd server
* fix a bug with writing alternate service names and add checks
for validity of passed buffer in NSS module
- Fixed a possible off by one bug in nslcd (bnc#515559)
Thu Jun 25 14:00:00 2009 sbrabecAATTsuse.cz
- Supplement glibc-32bit/glibc-64bit in baselibs.conf (bnc#354164).
Wed Mar 25 13:00:00 2009 rhaferAATTsuse.de
- Updated to 0.6.8:
* the nss-ldapd.conf was created world-readable which could cause
problems if the bindpw option is used. (bnc#487737, CVE-2009-1073)
* clean the environment and set LDAPNOINIT to disable parsing of LDAP
configuration files (.ldaprc, /etc/ldap/ldap.conf, etc)
* remove sslpath option because it wasn\'t used
* correctly set SSL/TLS options when using StartTLS
* rename the tls_checkpeer option to tls_reqcert, deprecating the old name
and supporting all values that OpenLDAP supports
* allow backslashes in user and group names execpt as first or last
character
* check user and group names against LOGIN_NAME_MAX if it is defined
* allow spaces in user and group names because it was causing problems in
some environments
* if ldap_set_option() fails log the option name instead of number
* retry connecting to LDAP server in more cases
- Adjust config file permissions upon update, to fix world-readable
/etc/nss-ldapd.conf as created by older versions
(bnc#487737, CVE-2009-1073)