SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for nss-pam-ldapd-0.8.10-2.5.1.x86_64.rpm :

* Wed Mar 13 2013 varkolyAATTsuse.com- bnc#804682.diff: CVE-2013-0288: nss-pam-ldapd: FD_SET array index error, leading to stack-based buffer overflow
* Fri Aug 17 2012 larsAATTsamba.org- Update to 0.8.10:
* documentation improvements
* fix a problem that causes the PAM module to prompt for a new password even though the old one was wrong
* log successful password change in nslcd
* install default configuration file with reduced permissions (further protection for CVE-2009-1073)- The 0.8 series has a few advantages over the 0.7 series. Apart from numerous small improvements and new features the biggest changes are:
* introduction of pynslcd, an experimental alternative for nslcd
* addition of a validnames option
* checking shadow attributes for PAM authorisation
* support mapping to the objectSid attribute
* support pam_unix when not getting shadow information from LDAP- Add configure option --with-pam-seclib-dir
* Fri Dec 02 2011 cooloAATTsuse.com- add automake as buildrequire to avoid implicit dependency
* Tue Aug 02 2011 ajAATTsuse.de- Create ghost /var/run/nslcd to fix build failure.
* Tue Jan 04 2011 seife+obsAATTb1-systems.com- update to 0.7.13:
* fix handling of idle_timelimit option
* fix error code for problem while doing password modification- fix build for pre-11.3 systems
* Tue Nov 16 2010 rhaferAATTnovell.com- Renamed to nss-pam-ldapd to reflect upstream rename- Updated to 0.7.12:
* rename software to nss-pam-ldapd to indicate that PAM module is now a standard part of the software
* the PAM module is now built by default
* the default configuration file name has been changed to /etc/nslcd.conf
* Mon Feb 01 2010 jengelhAATTmedozas.de- package baselibs.conf
* Wed Aug 26 2009 mlsAATTsuse.de- make patch0 usage consistent
* Tue Jun 30 2009 rhaferAATTnovell.com- Updated to 0.6.10:
* implement searching through multiple search bases, based on a patch by Leigh Wedding
* fix a segmentation fault that could occur when using any of the tls_
* options with a string parameter
* the code for reading and writing protocol entries between the NSS module and the daemon was improved
* documentation updates
* removed SSL/TLS related warnings during startup
* produce more detailed logging in debug mode and allow multiple -d options to be specified to also include logging from the LDAP library
* some LDAP configuration options are now initialized globally instead of per connection which should fix problems with the tls_reqcert option
* documentation improvements for the NSLCD protocol used between the NSS module and the nslcd server
* fix a bug with writing alternate service names and add checks for validity of passed buffer in NSS module- Fixed a possible off by one bug in nslcd (bnc#515559)
* Thu Jun 25 2009 sbrabecAATTsuse.cz- Supplement glibc-32bit/glibc-64bit in baselibs.conf (bnc#354164).
* Wed Mar 25 2009 rhaferAATTsuse.de- Updated to 0.6.8:
* the nss-ldapd.conf was created world-readable which could cause problems if the bindpw option is used. (bnc#487737, CVE-2009-1073)
* clean the environment and set LDAPNOINIT to disable parsing of LDAP configuration files (.ldaprc, /etc/ldap/ldap.conf, etc)
* remove sslpath option because it wasn\'t used
* correctly set SSL/TLS options when using StartTLS
* rename the tls_checkpeer option to tls_reqcert, deprecating the old name and supporting all values that OpenLDAP supports
* allow backslashes in user and group names execpt as first or last character
* check user and group names against LOGIN_NAME_MAX if it is defined
* allow spaces in user and group names because it was causing problems in some environments
* if ldap_set_option() fails log the option name instead of number
* retry connecting to LDAP server in more cases- Adjust config file permissions upon update, to fix world-readable /etc/nss-ldapd.conf as created by older versions (bnc#487737, CVE-2009-1073)
  
ICM