%define pam_ldap_version 184 Summary: NSS library and PAM module for LDAP Name: nss_ldap Version: 264 Release: 10%{?dist} Source0: ftp://ftp.padl.com/pub/nss_ldap-%{version}.tar.gz Source1: ftp://ftp.padl.com/pub/pam_ldap-%{pam_ldap_version}.tar.gz Source5: README.TLS Source6: version.c Source7: dlopen.sh Patch0: pam_ldap-184-dnsconfig.patch Patch1: pam_ldap-180-local_users.patch Patch3: pam_ldap-180-install-perms.patch Patch4: pam_ldap-180-bind.patch Patch6: nss_ldap-257-over-recursion.patch Patch7: pam_ldap-182-manpointer.patch Patch8: nss_ldap-254-soname.patch Patch13: pam_ldap-176-exop-modify.patch Patch15: nss_ldap-257-mozldap.patch Patch16: pam_ldap-184-referral-passwd2.patch Patch17: nss_ldap-259-res_init.patch Patch19: pam_ldap-184-broken-sasl-rebind.patch Patch20: pam_ldap-184-nsrole.patch Patch21: nss_ldap-264-checkcase.patch Patch22: nss_ldap-264-ent_internal.patch Patch23: pam_ldap-183-releaseconfig.patch Patch24: nss_ldap-264-cloexec.patch Patch25: nss_ldap-264-depth.patch Patch26: nss_ldap-265-erange.patch Patch27: nss_ldap-264-initgroups-minimum_uid.patch Patch28: pam_ldap-185-initgroups-minimum_uid.patch URL: http://www.padl.com/ License: LGPLv2+ Group: System Environment/Base BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: autoconf, automake, libtool BuildRequires: openssl-devel, openssl-static, pam-devel BuildRequires: cyrus-sasl-devel >= 2.1 BuildRequires: openldap-devel >= 2.0.27 BuildRequires: openldap-evolution-devel BuildRequires: krb5-devel >= 1.4 Requires: nscd Obsoletes: pam_ldap Requires(post): grep, mktemp, sed, textutils, /sbin/ldconfig %description This package includes two LDAP access clients: nss_ldap and pam_ldap. Nss_ldap is a set of C library extensions that allow X.500 and LDAP directory servers to be used as a primary source of aliases, ethers, groups, hosts, networks, protocol, users, RPCs, services, and shadow passwords (instead of or in addition to using flat files or NIS). Pam_ldap is a module for Linux-PAM that supports password changes, V2 clients, Netscape's SSL, ypldapd, Netscape Directory Server password policies, access authorization, and crypted hashes. %prep %setup -q -c -a 1 cp %{SOURCE5} . cp nss_ldap-%{version}/ldap.conf ldap.conf.nss_ldap cp pam_ldap-%{pam_ldap_version}/ldap.conf ldap.conf.pam_ldap cp nss_ldap-%{version}/resolve.c pam_ldap-%{pam_ldap_version}/ cp nss_ldap-%{version}/resolve.h pam_ldap-%{pam_ldap_version}/ cp nss_ldap-%{version}/snprintf.c pam_ldap-%{pam_ldap_version}/ cp nss_ldap-%{version}/snprintf.h pam_ldap-%{pam_ldap_version}/ pushd nss_ldap-%{version} %patch8 -p1 -b .soname %patch17 -p1 -b .res_init #%patch21 -p1 -b .checkcase %patch22 -p1 -b .ent_internal %patch24 -p1 -b .cloexec %patch25 -p1 -b .depth %patch26 -p1 -b .erange %patch27 -p1 -b .initgroups-minimum_uid autoreconf -f -i popd pushd pam_ldap-%{pam_ldap_version} %patch0 -p1 -b .dnsconfig %patch3 -p1 -b .install-perms %patch4 -p1 -b .bind %patch1 -p1 -b .local_users %patch7 -p1 -b .manpointer %patch13 -p1 -b .exop-modify %patch16 -p1 -b .referral-passwd2 %patch19 -p1 -b .broken-sasl-rebind %patch20 -p1 -b .nsrole %patch23 -p1 -b .releaseconfig %patch28 -p1 -b .initgroups-minimum_uid autoreconf -f -i popd rm -f pam.d/*.pam_console cp nss_ldap-%{version}/ANNOUNCE ANNOUNCE.nss_ldap cp nss_ldap-%{version}/AUTHORS AUTHORS.nss_ldap cp nss_ldap-%{version}/ChangeLog ChangeLog.nss_ldap cp nss_ldap-%{version}/COPYING COPYING.nss_ldap cp nss_ldap-%{version}/NEWS NEWS.nss_ldap cp nss_ldap-%{version}/README README.nss_ldap cp nss_ldap-%{version}/nsswitch.ldap nsswitch.ldap cp pam_ldap-%{pam_ldap_version}/AUTHORS AUTHORS.pam_ldap cp pam_ldap-%{pam_ldap_version}/ChangeLog ChangeLog.pam_ldap cp pam_ldap-%{pam_ldap_version}/COPYING COPYING.pam_ldap cp pam_ldap-%{pam_ldap_version}/COPYING.LIB COPYING.LIB.pam_ldap cp pam_ldap-%{pam_ldap_version}/NEWS NEWS.pam_ldap cp pam_ldap-%{pam_ldap_version}/README README.pam_ldap cp %{_datadir}/libtool/config/config.{sub,guess} nss_ldap-%{version}/ cp %{_datadir}/libtool/config/config.{sub,guess} pam_ldap-%{pam_ldap_version}/ %build # We're building modules here, so make sure -fPIC is always used. CFLAGS="$RPM_OPT_FLAGS -fPIC"; export CFLAGS # Build pam_ldap. pushd pam_ldap-%{pam_ldap_version} %configure --libdir=/%{_lib} make %{?_smp_mflags} popd pushd nss_ldap-%{version} %configure \ --with-ldap=openldap \ --enable-schema-mapping \ --enable-rfc2307bis \ --enable-configurable-krb5-ccname-gssapi make %{?_smp_mflags} LIBS="-Wl,-Bstatic -L%{_libdir}/evolution-openldap/%{_lib} -lldap -llber -lssl -lcrypto -Wl,-Bdynamic -lz -lsasl2 -lgssapi_krb5 -ldl -lpthread_nonshared -lnsl -lresolv" popd # Check that the modules are actually loadable. %{SOURCE7} ./nss_ldap-%{version}/nss_ldap.so %{SOURCE7} -lpam ./pam_ldap-%{pam_ldap_version}/pam_ldap.so %install [ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT mkdir -p $RPM_BUILD_ROOT/{etc,%{_lib}/security,%{_libdir}} # Let the nss_ldap install target do its thing, skipping the chown/chgrp bits # and making sure we only get one libc version, even on multilib boxen. # We used to do some gymnastics to match the form of libnss_ldap-$libcversion.so # filenames that the glibc-bundled modules do, but that doesn't tell us anything # more than which version of libc was available at build time. People tend to # assume that's also the nss_ldap version, too, so forget that. libcver=%{version} make -C nss_ldap-%{version} install \ DESTDIR=$RPM_BUILD_ROOT \ INST_UID=`id -un` INST_GID=`id -gn` \ LIBC_VERS=$libcver # Install the direct-linking symlink. ln -s libnss_ldap-$libcver.so $RPM_BUILD_ROOT/%{_libdir}/libnss_ldap.so # Install the module for PAM. pushd pam_ldap-%{pam_ldap_version} make install DESTDIR=$RPM_BUILD_ROOT # Install the default configuration file, but change the search bases to # something generic to avoid overloading padl.com servers and to match # good practice when using DNS domains in example configurations. sed 's|dc=padl|dc=example|g' ldap.conf > $RPM_BUILD_ROOT/etc/ldap.conf chmod 644 $RPM_BUILD_ROOT/etc/ldap.conf popd # Remove a doc file from /etc; we'll included it as a %%doc file. rm -f $RPM_BUILD_ROOT/etc/nsswitch.ldap # The makefile assumes installation into /lib, which is incorrect. rm -f $RPM_BUILD_ROOT/%{_libdir}/../%{_libdir}/libnss_ldap.so.2 %clean [ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT %post /sbin/ldconfig # Fix a logic mismatch between what the version of authconfig in RHL 7.2 would # generate and this version of pam_ldap. if grep -q '^account required /lib/security/pam_ldap.so$' /etc/pam.d/system-auth ; then newfile=`mktemp /etc/pam.d/system-auth-XXXXXX` if [ ! -z "$newfile" ] ; then cat /etc/pam.d/system-auth > $newfile sed 's,account required /lib/security/pam_ldap.so,account [default=bad success=ok user_unknown=ignore service_err=ignore system_err=ignore] pam_ldap.so,g' $newfile > /etc/pam.d/system-auth rm -f $newfile fi fi %postun -p /sbin/ldconfig %files %defattr(-,root,root) %attr(0755,root,root) /%{_libdir}/libnss_ldap-*.so %attr(0755,root,root) /%{_libdir}/libnss_ldap.so.? %attr(0755,root,root) /%{_lib}/security/*.so* %attr(0755,root,root) %{_libdir}/libnss_ldap.so %attr(0644,root,root) %{_mandir}/man5/*.5* %attr(0644,root,root) %config(noreplace) /etc/ldap.conf %doc README.TLS %doc nsswitch.ldap *.nss_ldap *.pam_ldap %doc pam_ldap-%{pam_ldap_version}/pam.d %doc pam_ldap-%{pam_ldap_version}/ldapns.schema %doc pam_ldap-%{pam_ldap_version}/ns-pwd-policy.schema %changelog * Fri Aug 20 2010 Nalin Dahyabhai <nalin@redhat.com> 264-10 - add proposed patch for avoiding recursion-until-death while resolving hosts - take another stab at implementing a working nss_initgroups_minimum_uid setting, and default it to 500 - add proposed patch for upstream #421: sometimes errno gets reset before we return control to libc * Mon Feb 15 2010 Nalin Dahyabhai <nalin@redhat.com> 264-9 - switch to linking with the evolution-specific libldap, because that's still available as a static library (#565065) - drop no-longer-used .versions files of our own * Wed Nov 4 2009 Nalin Dahyabhai <nalin@redhat.com> 264-8 - add "rtkit" and "pulse" to the list of users whom we default to ignoring for looking up supplemental groups (Gordon Messmer, part of #186527) * Tue Jul 28 2009 Nalin Dahyabhai <nalin@redhat.com> 264-7 - set close-on-exec on the dummy socket created in the child atfork() (#512856) * Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 264-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild * Wed Jul 22 2009 Nalin Dahyabhai <nalin@redhat.com> 264-5 - fix some minor leaks in pam_ldap, part of upstream #326,#333 * Tue Jul 7 2009 Nalin Dahyabhai <nalin@redhat.com> - 264-4 - add proposed patch for upstream #322: crashing in oneshot mode * Mon Jul 6 2009 Nalin Dahyabhai <nalin@redhat.com> - add but don't apply proposed patch for upstream #399: depending on the server to enforce the expected case-sensitivity opens up corner cases * Fri Jun 19 2009 Kedar Sovani <kedars@marvell.com> - 264-3 - BuildRequires: openssl-static * Fri Jun 19 2009 Nalin Dahyabhai <nalin@redhat.com> - revert most of the previous round of changes: splitting pam_ldap off won't be helpful in the long term if it, too, is eventually going to conflict with the nss-ldapd package * Mon Apr 6 2009 Nalin Dahyabhai <nalin@redhat.com> - 264/184-100 - split pam_ldap off into a separate binary package - require /%{_lib}/security/pam_ldap.so to pull in pam_ldap on upgrades - require our configuration file to come from somewhere - remove some cruft - move the %%postun that fixes up pam configs to the pam_ldap package * Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 264-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild * Tue Jan 27 2009 Nalin Dahyabhai <nalin@redhat.com> - 264-1 - update to 264, pulling in Luke's patch for #248, among others - add optional checking of nsRole to pam_ldap (#202135, upstream #382) * Mon Dec 22 2008 Nalin Dahyabhai <nalin@redhat.com> - 263-2 - correct some build errors - add but do not apply proposed pam_ldap patch to add nsrole support * Wed Oct 29 2008 Nalin Dahyabhai <nalin@redhat.com> - 263-1 - update to 263, pulling in Luke's patch for #374 (#445972) which doesn't leak the result message, and the fix for #376 (#466794) * Wed Oct 29 2008 Nalin Dahyabhai <nalin@redhat.com> - 261-5 - pam_ldap: don't crash when we have to follow a referral while looking up information about the authenticating user and we're using SASL, which affected 259-1 and later (patch from Paul P Komkoff Jr, #469061) * Fri Oct 17 2008 Nalin Dahyabhai <nalin@redhat.com> - 261-4 - add missing local-to-network conversion on port numbers when looking up services, which affected 259-1 and later (#450634) * Mon Sep 15 2008 Nalin Dahyabhai <nalin@redhat.com> - return 0 (fail) instead of 1 (success) when setnetgrent() is called for a netgroup which doesn't actually exist or which has no members (#445972, upstream #374) * Thu Sep 11 2008 Nalin Dahyabhai <nalin@redhat.com> - 261-3 - promote the previous change from a scratch build to the real thing * Tue Aug 26 2008 Nalin Dahyabhai <nalin@redhat.com> - 261-2 - add libssl and libcrypto to the list of libraries against which we link statically to avoid running into symbol collisions at run-time (#446860) * Wed Jul 16 2008 Nalin Dahyabhai <nalin@redhat.com> - 261-1 - update to version 261 - remove fuzz from patches * Wed Apr 16 2008 Nalin Dahyabhai <nalin@redhat.com> - 259-3 - try to work around not having had a populated resolver configuration earlier, but needing to use its data when we're asked to look up something (#442272) * Tue Apr 15 2008 Nalin Dahyabhai <nalin@redhat.com> - 259-2 - apply updated logic for finding libresolv to pam_ldap's build setup - add gdm,polkituser to default nss_initgroups_ignoreusers list * Tue Feb 26 2008 Nalin Dahyabhai <nalin@redhat.com> - 259-1 - update to nss_ldap 259 - nss_ldap: update to revised proposed patch for #248 - pam_ldap: replace two patches to handle password changing against replicas with Ralf Haferkamp's revision, which also sends the policy control with the initial password change request - pam_ldap: enable patch to stop also trying to change password using ldap_modify after trying to change it with an exop when the configuration is "pam_password exop_send_old" * Tue Feb 19 2008 Fedora Release Engineering <rel-eng@fedoraproject.org> - 257-7 - Autorebuild for GCC 4.3 * Wed Dec 5 2007 Nalin Dahyabhai <nalin@redhat.com> - 257-6 - rebuild * Wed Nov 21 2007 Nalin Dahyabhai <nalin@redhat.com> - 257-5 - nss_ldap: go back to linking with static libldap and liblber so that we don't get unresolved references which may be resolved by a different libldap used by the calling application * Thu Sep 20 2007 Nalin Dahyabhai <nalin@redhat.com> - revise not-applied patch for attempting to stop infinite recursion in poorly-configured case * Fri Aug 24 2007 Nalin Dahyabhai <nalin@redhat.com> - 257-3 - tack on a disttag * Fri Aug 24 2007 Nalin Dahyabhai <nalin@redhat.com> - 257-2 - construct LDAP URIs correctly during DNS autoconfiguration (upstream #338) * Tue Aug 21 2007 Nalin Dahyabhai <nalin@redhat.com> - 257-1 - update to nss_ldap 257 - look harder when we're looking for symbols provided by the resolver library (upstream #337) - clarify license (both under LGPLv2 or later) * Thu Jul 19 2007 Nalin Dahyabhai <nalin@redhat.com> - 256-1 - update to nss_ldap 256, pam_ldap 184 * Wed Mar 21 2007 Nalin Dahyabhai <nalin@redhat.com> - 254-2 - resize the supplemental GID array when it gets too large and an array size limit isn't set (Gavin Romig-Koch, #232713) * Mon Feb 26 2007 Nalin Dahyabhai <nalin@redhat.com> - 254-1 - update to nss_ldap 254 - use the upstream version scripts - stop trying to isolate us from the apps by building with static libraries, though that means we're tied to /usr now - move the nsswitch module to %%{_libdir}; its deps aren't available without a mounted /usr anyway - make rpmlint happier * Mon Nov 20 2006 Nalin Dahyabhai <nalin@redhat.com> - 253-4 - rebuild * Mon Nov 20 2006 Nalin Dahyabhai <nalin@redhat.com> - 253-3 - rebuild * Mon Nov 20 2006 Nalin Dahyabhai <nalin@redhat.com> - 253-2 - update to pam_ldap 183, resolving CVE-2006-5170 (#216421) * Fri Sep 22 2006 Nalin Dahyabhai <nalin@redhat.com> - 253-1 - update to 253 - closes a crasher when glibc's initgroups backend passes in a zero-length, NULL buffer to start - includes lookup_nssldap updates for autofs * Tue Sep 12 2006 Nalin Dahyabhai <nalin@redhat.com> - 251-2 - configure with --enable-configurable-krb5-ccname-gssapi instead of --enable-configurable-krb5-ccname, the latter of which doesn't actually do anything (Howard Wilkinson) * Thu Aug 3 2006 Nalin Dahyabhai <nalin@redhat.com> - 251-1 - update to 251 * Tue Jul 25 2006 Nalin Dahyabhai <nalin@redhat.com> - 250-6 - note the location of the man pages in /etc/ldap.conf (part of #146815) * Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 250-5.1 - rebuild * Tue May 16 2006 Nalin Dahyabhai <nalin@redhat.com> - 250-5 - adjust nss_ldap's makefile rule to more correctly deduce the right soversion for nsswitch modules (#191927) * Mon May 8 2006 Nalin Dahyabhai <nalin@redhat.com> - 250-4 - update the list of local users to include named,avahi,haldaemon (from #186527) * Tue May 2 2006 Nalin Dahyabhai <nalin@redhat.com> - 250-3 - update to pam_ldap 182 * Mon May 1 2006 Nalin Dahyabhai <nalin@redhat.com> - 250-2 - update to pam_ldap 181 - fix syntax error in pam_ldap.c (upstream #269) * Thu Apr 27 2006 Nalin Dahyabhai <nalin@redhat.com> - 250-1 - update to 250 - configure default time limits for binding/searching/idling * Fri Feb 24 2006 Nalin Dahyabhai <nalin@redhat.com> - 249-1 - update to 249, which incorporates the fix for #182464 * Thu Feb 23 2006 Nalin Dahyabhai <nalin@redhat.com> - 248-3 - fix deadlock in initgroups() (#182464, upstream #255) * Mon Feb 13 2006 Jesse Keating <jkeating@redhat.com> - 248-2.2 - rebump for build order issues during double-long bump * Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 248-2.1 - bump again for double-long bug on ppc(64) * Thu Feb 9 2006 Nalin Dahyabhai <nalin@redhat.com> - 248-2 - set "nss_initgroups_ignoreusers root,ldap" in the default configuration file, so that nss_ldap will assume that there are no supplemental groups for this user to be found in the directory server (#180657) * Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 248-1.1 - rebuilt for new gcc4.1 snapshot and glibc changes * Wed Jan 25 2006 Nalin Dahyabhai <nalin@redhat.com> 248-1 - update to nss_ldap 248 * Tue Jan 24 2006 Nalin Dahyabhai <nalin@redhat.com> 246-1 - update to nss_ldap 246 * Wed Jan 11 2006 Nalin Dahyabhai <nalin@redhat.com> 245-1 - update to nss_ldap 245 - add patch from upcoming 246 release to change the placeholder used when userPassword is unreadable from "x" to "*" (upstream #240) * Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com> - rebuilt * Mon Nov 21 2005 Nalin Dahyabhai <nalin@redhat.com> 244-2 - rebuild with new libldap and friends (#173794) * Thu Oct 27 2005 Nalin Dahyabhai <nalin@redhat.com> 244-1 - update to nss_ldap 244 * Tue Oct 4 2005 Nalin Dahyabhai <nalin@redhat.com> 243-1 - update to nss_ldap 243 * Wed Sep 28 2005 Nalin Dahyabhai <nalin@redhat.com> 242-2 - own the symlink for the module's soname (#169288) * Tue Sep 27 2005 Nalin Dahyabhai <nalin@redhat.com> 242-1 - update to nss_ldap 242 * Mon Sep 12 2005 Nalin Dahyabhai <nalin@redhat.com> 241-1 - update to nss_ldap 241 * Thu Sep 7 2005 Nalin Dahyabhai <nalin@redhat.com> 240-2 - install the pam_ldap man page (part of #167764) * Wed Aug 31 2005 Nalin Dahyabhai <nalin@redhat.com> 240-1 - update to nss_ldap 240 * Wed Aug 17 2005 Nalin Dahyabhai <nalin@redhat.com> 239-1 - update to nss_ldap 239 - provide a libnss_ldap.so link for directly linking with nss_ldap, as glibc does for the modules it provides * Wed Aug 17 2005 Nalin Dahyabhai <nalin@redhat.com> 234-6 - rebuild * Wed Aug 17 2005 Nalin Dahyabhai <nalin@redhat.com> 234-5 - update to pam_ldap 180 to get fix for vulnerability from parsing password policy controls which don't contain error numbers (#166164, CAN-2005-2497) * Fri May 20 2005 Nalin Dahyabhai <nalin@redhat.com> 234-4 - override glibc version detection so that mismatches between the versions of 32- and 64-bit glibc don't result in our %%install installing the module with a different name than the 'make install' target uses * Fri May 20 2005 Nalin Dahyabhai <nalin@redhat.com> 234-3 - fix type mismatch bug in patch for using non-blocking start_tls in preference to the blocking version when it's available (#156582) * Wed Mar 16 2005 Nalin Dahyabhai <nalin@redhat.com> 234-2 - rebuild * Mon Feb 28 2005 Nalin Dahyabhai <nalin@redhat.com> 234-1 - update to nss_ldap 234 - configure with --enable-configurable-krb5-ccname * Wed Feb 2 2005 Nalin Dahyabhai <nalin@redhat.com> 232-2 - prefer using libraries in %%{_libdir}/nss_ldap-openldap if we find any - use ldap_start_tls in preference to ldap_start_tls_s, if found, so that we can time out if the server has gone catatonic * Mon Jan 24 2005 Nalin Dahyabhai <nalin@redhat.com> 232-1 - update to version 232 * Fri Dec 31 2004 Nalin Dahyabhai <nalin@redhat.com> 227-1 - update to version 227 - force nss_ldap to mimic pam_ldap's behavior when the tls_checkpeer setting is unconfigured in ldap.conf * Fri Dec 31 2004 Nalin Dahyabhai <nalin@redhat.com> 226-3 - fix misleading doc comment in /etc/ldap.conf -- the checkpeer setting follows libldap's default, which is dependent on the version of OpenLDAP which which this package is linked (part of #143622) * Thu Oct 28 2004 Nalin Dahyabhai <nalin@redhat.com> 226-2 - rebuild * Thu Oct 28 2004 Nalin Dahyabhai <nalin@redhat.com> 226-1 - update to nss_ldap 226, pam_ldap 176 - rework pam_ldap dns autoconfig patch - require automake instead of automake15, because autoreconf uses the current version (#129877) * Tue Aug 31 2004 Nalin Dahyabhai <nalin@redhat.com> 220-3 - rebuild * Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com> - rebuilt * Mon Jun 7 2004 Nalin Dahyabhai <nalin@redhat.com> 220-1 - update to 220, pam_ldap 169 * Thu Apr 15 2004 Nalin Dahyabhai <nalin@redhat.com> - fail at build-time if the modules produced can't be loaded - fix missing module in pam_ldap build * Thu Mar 25 2004 Nalin Dahyabhai <nalin@redhat.com> 217-1 - include patch to set errno to ENOENT when returning NSS_STATUS_NOTFOUND to glibc * Tue Mar 23 2004 Nalin Dahyabhai <nalin@redhat.com> - update to 217 * Wed Mar 10 2004 Nalin Dahyabhai <nalin@redhat.com> 212-1 - update to 212, pam_ldap 167 - link nss_ldap with libgssapi_krb5, the static libsasl2 includes the gssapi mech, at least for now, and we pick up its unresolved symbols at link-time - fix out-of-bounds error at initialization-time (part of #101269) - include pam_ldap's authorization schema files for slapd as a doc file * Tue Mar 02 2004 Elliot Lee <sopwith@redhat.com> - rebuilt * Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com> - rebuilt * Tue Nov 25 2003 Nalin Dahyabhai <nalin@redhat.com> 207-6 - rebuild * Thu Nov 20 2003 Nalin Dahyabhai <nalin@redhat.com> 207-5 - fix objectclass and attribute mapping, which failed due to uninitialized fields in mapping index structures, fixed upstream in 210 (#110547) * Mon Nov 10 2003 Nalin Dahyabhai <nalin@redhat.com> 207-4 - link with the proper libsasl (1 or 2) for the version of OpenLDAP we are linking with (#106801) * Thu Aug 14 2003 Nalin Dahyabhai <nalin@redhat.com> 207-3 - link dynamically with libcom_err if it isn't in /usr/kerberos/%%{_lib} (which we assume means that it's in /%%{_lib}) * Wed Aug 13 2003 Nalin Dahyabhai <nalin@redhat.com> 207-2 - relax openldap-devel buildreq to 2.0.27 * Thu Jun 5 2003 Nalin Dahyabhai <nalin@redhat.com> 207-1 - update to build with newer OpenLDAP - add README.TLS to remind people that in order for TLS support to be usable, the server's certificate has to pass validation checks made by the client * Sun Mar 09 2003 Florian La Roche <Florian.LaRoche@redhat.de> - move pam into /lib64/security directory * Wed Jan 22 2003 Tim Powers <timp@redhat.com> - rebuilt * Wed Jan 15 2003 Nalin Dahyabhai <nalin@redhat.com> 202-4 - rework static link order to account for libssl requiring libkrb5 - force assembly locking on %%ix86 systems - link with libz, which libssl also requires * Thu Dec 12 2002 Elliot Lee <sopwith@redhat.com> 202-3 - Fix wildcard for symlink in %%install * Thu Nov 14 2002 Nalin Dahyabhai <nalin@redhat.com> 202-2 - apply DB patches from sleepycat.com - correctly point nss_ldap at the bundled DB library - create /%%{_lib} instead of /lib to install into * Wed Oct 2 2002 Nalin Dahyabhai <nalin@redhat.com> 202-1 - update to nss_ldap 202, pam_ldap 153 - update DB from 4.0.14 to 4.1.24.NC - try to address multilib path changes * Tue Aug 27 2002 Nalin Dahyabhai <nalin@redhat.com> 198-3 - rebuild * Fri Aug 9 2002 Nalin Dahyabhai <nalin@redhat.com> 198-2 - handle larger-than-expected DNS responses correctly * Wed Aug 7 2002 Nalin Dahyabhai <nalin@redhat.com> 198-1 - update to nss_ldap 198, closing a possible buffer overflow in DNS autoconfig * Fri Jul 19 2002 Nalin Dahyabhai <nalin@redhat.com> 197-1 - update to nss_ldap 197, pam_ldap 150 * Fri Jun 21 2002 Tim Powers <timp@redhat.com> - automated rebuild * Mon Jun 10 2002 Nalin Dahyabhai <nalin@redhat.com> 194-1 - update to nss_ldap 194, pam_ldap 148 * Sun May 26 2002 Tim Powers <timp@redhat.com> - automated rebuild * Mon May 20 2002 Nalin Dahyabhai <nalin@redhat.com> 189-3 - rebuild in new environment * Thu May 16 2002 Nalin Dahyabhai <nalin@redhat.com> 189-2 - build for RHL 7.2/7.3 * Thu May 16 2002 Nalin Dahyabhai <nalin@redhat.com> 189-1.7 - build for RHL 7/7.1 * Thu May 16 2002 Nalin Dahyabhai <nalin@redhat.com> 189-1.6 - fix up logic generated by authconfig from RHL 7.2 in %%post - build for RHL 6.x * Wed May 15 2002 Nalin Dahyabhai <nalin@redhat.com> - the triggerun should be a trigger postun * Tue May 7 2002 Nalin Dahyabhai <nalin@redhat.com> 189-1 - rebuild for RHL 7.2/7.3 * Tue May 7 2002 Nalin Dahyabhai <nalin@redhat.com> 189-0.7 - rebuild for RHL 7/7.1 * Tue May 7 2002 Nalin Dahyabhai <nalin@redhat.com> 189-0.6 - update to nss_ldap 189, pam_ldap 145 * Tue May 7 2002 Nalin Dahyabhai <nalin@redhat.com> 188-1 - rebuild for RHL 7.2/7.3 * Tue May 7 2002 Nalin Dahyabhai <nalin@redhat.com> 188-0.7 - rebuild for RHL 7/7.1 * Tue May 7 2002 Nalin Dahyabhai <nalin@redhat.com> 188-0.6 - rebuild for RHL 6.2 - change dependency on pam-devel to /usr/include/security/pam_modules.h - drop build deps on cyrus-sasl-devel and openldap >= 2.x - modify pam_ldap versions file so that binutils from RHL 6.2 can parse it - update to nss_ldap 188 - update to pam_ldap 144 * Fri Apr 5 2002 Nalin Dahyabhai <nalin@redhat.com> 185-1 - update to nss_ldap 185 - update to pam_ldap 140 * Thu Feb 28 2002 Nalin Dahyabhai <nalin@redhat.com> 184-1 - update to pam_ldap 138 - enable rfc2307bis schema support - version the pam_ldap module - add the proper soname to the nss_ldap module and remove the symlink - add a trigger to run ldconfig again when an upgrade removes the symlink, which used to be in this package (doh!) - fix the symlink from %%{_libdir} to the module (for linking directly to it) * Thu Feb 14 2002 Nalin Dahyabhai <nalin@redhat.com> - update to nss_ldap 184, pam_ldap 137 * Wed Jan 23 2002 Nalin Dahyabhai <nalin@redhat.com> 181-1 - update to nss_ldap 181, pam_ldap 136 * Thu Dec 20 2001 Nalin Dahyabhai <nalin@redhat.com> 175-1 - update to nss_ldap 175, pam_ldap 135 * Tue Nov 27 2001 Nalin Dahyabhai <nalin@redhat.com> 174-1 - update to nss_ldap 174 * Fri Nov 16 2001 Nalin Dahyabhai <nalin@redhat.com> 173-3 - update to pam_ldap 134 * Wed Oct 31 2001 Nalin Dahyabhai <nalin@redhat.com> 173-2 - build nss_ldap with --enable-schema-mapping * Mon Oct 29 2001 Nalin Dahyabhai <nalin@redhat.com> 173-1 - update to nss_ldap 173, which includes doc updates - update to pam_ldap 133, which simplifies the dnsconfig patch quite a bit * Thu Sep 6 2001 Nalin Dahyabhai <nalin@redhat.com> - update to pam_ldap 125, making checking of host attributes configurable * Fri Aug 31 2001 Nalin Dahyabhai <nalin@redhat.com> - link statically with libldap again, because libldap is linked with other shared libraries now (keeping us from having files in /usr open when we go to shut the system down) * Thu Aug 30 2001 Nalin Dahyabhai <nalin@redhat.com> - update to nss_ldap 172, fixing schema mapping code - update to pam_ldap 124, incorporating TLS default option and doc fixes * Mon Aug 6 2001 Nalin Dahyabhai <nalin@redhat.com> - update to nss_ldap 167, adding support for rebinds * Tue Jul 24 2001 Nalin Dahyabhai <nalin@redhat.com> - update to nss_ldap 164, fixing the timeout problem correctly - update to pam_ldap 122, fixing escaping of user name in filters * Thu Jul 12 2001 Nalin Dahyabhai <nalin@redhat.com> - update to nss_ldap 163, fixing the timeout problem - update to pam_ldap 120 - add gdbm-devel as a buildprereq, because we list it in $LIBS (#48999) - add db3-devel as a buildprereq (#48999) - add pam-devel as a buildprereq (#48999) * Tue Jul 10 2001 Nalin Dahyabhai <nalin@redhat.com> - update to nss_ldap 161 - attempt to fix hangs when no timeout is specified, or the timeout is 0 * Mon Jul 9 2001 Nalin Dahyabhai <nalin@redhat.com> - update to nss_ldap 160, pam_ldap 119 * Thu Jun 28 2001 Nalin Dahyabhai <nalin@redhat.com> - patch cleanups * Tue Jun 26 2001 Nalin Dahyabhai <nalin@redhat.com> - update to nss_ldap 159, pam_ldap 118 * Tue Jun 19 2001 Nalin Dahyabhai <nalin@redhat.com> - update to nss_ldap 153, pam_ldap 117 * Tue May 29 2001 Nalin Dahyabhai <nalin@redhat.com> - update to nss_ldap 152, pam_ldap 111 * Mon May 21 2001 Nalin Dahyabhai <nalin@redhat.com> - update to pam_ldap 108 * Wed Apr 25 2001 Nalin Dahyabhai <nalin@redhat.com> - update to pam_ldap 107 * Thu Apr 19 2001 Nalin Dahyabhai <nalin@redhat.com> - update to nss_ldap 150 (incorporates the fail patch) - update to pam_ldap 106 * Wed Mar 7 2001 Nalin Dahyabhai <nalin@redhat.com> - make nss_ldap fail when attempting to startup TLS fails, because that's what we do when LDAPS doesn't work (and what pam_ldap does already) - add DNS autoconfiguration to pam_ldap * Tue Mar 6 2001 Nalin Dahyabhai <nalin@redhat.com> - update to nss_ldap 149, minor fixes for compile glitches - update to pam_ldap 105, minor fixes (as above) and handles shadow expiration * Fri Mar 2 2001 Nalin Dahyabhai <nalin@redhat.com> - rebuild in new environment * Wed Feb 28 2001 Nalin Dahyabhai <nalin@redhat.com> - update to nss_ldap 146 to get a faster initgroups() back-end * Mon Feb 12 2001 Nalin Dahyabhai <nalin@redhat.com> - update to nss_ldap 143 to get the official fix for the heap corruption * Fri Feb 9 2001 Nalin Dahyabhai <nalin@redhat.com> - fix heap corruption when falling back to DNS SRV records for configuration * Mon Feb 5 2001 Nalin Dahyabhai <nalin@redhat.com> - update to nss_ldap 142, fixes a memory leak * Mon Jan 29 2001 Nalin Dahyabhai <nalin@redhat.com> - update to nss_ldap 140, fixes a configure bug and an alignment problem * Fri Jan 19 2001 Nalin Dahyabhai <nalin@redhat.com> - update to nss_ldap 139 * Mon Jan 15 2001 Nalin Dahyabhai <nalin@redhat.com> - update to nss_ldap 138, which folds in our patch for initgroups - change the default search base in ldap.conf to dc=example,dc=com * Wed Jan 10 2001 Nalin Dahyabhai <nalin@redhat.com> - update to nss_ldap 137 and pam_ldap 99 - try to not cause a segfault in _nss_ldap_initgroups * Wed Jan 3 2001 Nalin Dahyabhai <nalin@redhat.com> - update to nss_ldap 124 and pam_ldap 82 * Thu Dec 28 2000 Nalin Dahyabhai <nalin@redhat.com> - add a requires: for nscd * Thu Dec 14 2000 Nalin Dahyabhai <nalin@redhat.com> - version the NSS module so that it works properly with programs which have been linked statically to a different version of an LDAP library, like Netscape Communicator * Wed Dec 6 2000 Nalin Dahyabhai <nalin@redhat.com> - BuildPrereq gdbm-devel - pass RPM_OPT_FLAGS as CFLAGS to %%configure - if protocol version is 2, explicitly set protocol version to 3 before trying to start TLS - add STARTTLS support to nss_ldap - work around a build-time problem on ia64 * Tue Dec 5 2000 Nalin Dahyabhai <nalin@redhat.com> - BuildPrereq cyrus-sasl-devel instead of cyrus-sasl * Mon Nov 20 2000 Nalin Dahyabhai <nalin@redhat.com> - update to nss_ldap 123 and pam_ldap 82 * Fri Oct 27 2000 Nalin Dahyabhai <nalin@redhat.com> - update to nss_ldap 122 - link statically with libsasl, require the first devel package that supplied it * Thu Oct 19 2000 Nalin Dahyabhai <nalin@redhat.com> - update to nss_ldap 120 and pam_ldap 77 * Wed Oct 4 2000 Nalin Dahyabhai <nalin@redhat.com> - update to nss_ldap 116 and pam_ldap 74 * Fri Sep 7 2000 Nalin Dahyabhai <nalin@redhat.com> - rebuild in new environment * Thu Jul 27 2000 Nalin Dahyabhai <nalin@redhat.com> - update to pam_ldap 67 to fix a bug in template user code - convert symlink in /usr/lib to a relative one (#16132) * Thu Jul 27 2000 Nalin Dahyabhai <nalin@redhat.com> - update to nss_ldap 113 and pam_ldap 66 * Wed Jul 12 2000 Prospector <bugzilla@redhat.com> - automatic rebuild * Tue Jun 27 2000 Matt Wilson <msw@redhat.com> - changed all the -,- in attr statements to root,root * Tue Jun 27 2000 Nalin Dahyabhai <nalin@redhat.com> - update pam_ldap to 63 * Wed May 31 2000 Nalin Dahyabhai <nalin@redhat.com> - update pam_ldap to 56 * Tue May 30 2000 Nalin Dahyabhai <nalin@redhat.com> - update pam_ldap to 55 - back out no-threads patch for pam_ldap, not needed any more * Thu May 25 2000 Nalin Dahyabhai <nalin@redhat.com> - update to 110 - revert prototype patch, looks like a problem with the new glibc after all * Fri May 19 2000 Nalin Dahyabhai <nalin@redhat.com> - get libpthread out of the NSS module - fix prototype problems in getpwXXX() * Mon May 15 2000 Nalin Dahyabhai <nalin@redhat.com> - update to nss_ldap 109 * Sat Apr 29 2000 Nalin Dahyabhai <nalin@redhat.com> - update pam_ldap 51 * Tue Apr 25 2000 Nalin Dahyabhai <nalin@redhat.com> - update to nss_ldap 108 and pam_ldap 49 * Thu Apr 20 2000 Nalin Dahyabhai <nalin@redhat.com> - update to pam_ldap 48 * Thu Mar 30 2000 Nalin Dahyabhai <nalin@redhat.com> - update to nss_ldap 107 - note: check http://www.advogato.org/person/lukeh/ for Luke's changelog * Tue Mar 21 2000 Nalin Dahyabhai <nalin@redhat.com> - update to nss_ldap 106 * Wed Feb 9 2000 Nalin Dahyabhai <nalin@redhat.com> - update to nss_ldap 105 * Mon Feb 7 2000 Nalin Dahyabhai <nalin@redhat.com> - update to nss_ldap 104 and pam_ldap 46 - disable link against libpthread in pam_ldap * Tue Feb 1 2000 Nalin Dahyabhai <nalin@redhat.com> - remove migration tools, because this package requires openldap now, which also includes them * Fri Jan 28 2000 Nalin Dahyabhai <nalin@redhat.com> - update to nss_ldap 103 * Mon Jan 24 2000 Preston Brown <pbrown@redhat.com> - fix typo in linuxconf-pair pam cfg file (#7800) * Tue Jan 11 2000 Preston Brown <pbrown@redhat.com> - v99, made it require pam_ldap - added perl migration tools - integrate pam_ldap stuff * Fri Oct 22 1999 Bill Nottingham <notting@redhat.com> - statically link ldap libraries (they're in /usr/lib) * Tue Aug 10 1999 Cristian Gafton <gafton@redhat.com> - use the ldap.conf file as an external source - don't forcibly build the support for version 3 - imported the default spec file from the tarball and fixed it up for RH 6.1