Ubuntu
openldap package

Merge ~ahasenack/ubuntu/+source/openldap:focal-openldap-merge-to-grab-fix into ubuntu/+source/openldap:debian/sid

  1. Git
  2. lp:~ahasenack/ubuntu/+source/openldap
  3. focal-openldap-merge-to-grab-fix
  4. Merge into debian/sid
Proposed by Andreas Hasenack
Status: Merged
Approved by: Andreas Hasenack
Approved revision: 2f77298068c07b2c101f55d9ead3fda799e882bc
Merge reported by: Andreas Hasenack
Merged at revision: 2f77298068c07b2c101f55d9ead3fda799e882bc
Proposed branch: ~ahasenack/ubuntu/+source/openldap:focal-openldap-merge-to-grab-fix
Merge into: ubuntu/+source/openldap:debian/sid
Diff against target: 3307 lines (+2818/-12)
18 files modified
debian/apparmor-profile (+60/-0)
debian/changelog (+2450/-0)
debian/configure.options (+1/-0)
debian/control (+6/-3)
debian/libldap-2.4-2.symbols (+7/-0)
debian/patches/contrib-makefiles (+21/-0)
debian/patches/fix-ldap-distribution.patch (+24/-0)
debian/patches/gssapi.diff (+140/-0)
debian/patches/series (+2/-0)
debian/rules (+23/-3)
debian/slapd.README.Debian (+13/-2)
debian/slapd.default (+1/-1)
debian/slapd.init.ldif (+0/-1)
debian/slapd.install (+2/-0)
debian/slapd.manpages (+1/-0)
debian/slapd.py (+51/-0)
debian/slapd.scripts-common (+7/-2)
debian/slapd.ufw.profile (+9/-0)
Reviewer Review Type Date Requested Status
Christian Ehrhardt  (community) Approve
Canonical Server Pending
Review via email: mp+380368@code.launchpad.net

Description of the change

Merge from debian to grab a bug fix for a crash.

Testing instructions:

* get the files from the bug:
mkdir slapd-test-case; cd slapd-test-case
wget -ct0 https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1866303/+attachment/5334194/+files/slapd.conf https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1866303/+attachment/5334195/+files/data.ldif https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1866303/+attachment/5334196/+files/samba.schema https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1866303/+attachment/5334197/+files/script

* run the script:
sudo apt update && sudo sh ./script

* With the bug, the result is:
ldap_bind: Invalid credentials (49)
slapd dead

* With the fixed packages, you get a living slapd at the end (you can run the script again on the same system):
sudo add-apt-repository ppa:ahasenack/slapd-crash-bug-1866303 -y -u
sudo sh ./script
...
slapd running
ldap_bind: Invalid credentials (49)
slapd running

To post a comment you must log in.
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Thanks git rande-diff !
10: 1432313c ! 10: c8c73d89
  Just context noise in d/p/patches
13: 7df62af4 < -: -------- - was an empty commit for "dropped"
14: 848d4820 ! 13: aa3c53cd - changelog being different (ok)
15: 88f31ebd ! 14: 3834f198 - changelog being different (ok)
All others are ==

Changelog:
- [√] old content and logical tag match as expected
- [√] changelog entry correct version and targeted codename
- [√] changelog entries correct
- [√] update-maintainer has been run

Actual changes:
- [√] no major upstream changes to consider
- [√] no further upstream version to consider
- [√] debian changes look safe
    And in particular for now they don't need an FFe IMHO

Old Delta:
- [√] nothing else to drop
- [√] changes forwarded upstream/debian (no new content, and we had done in the past)

New Delta:
- [√] no new patches added

Build/Test:
- [√] build is ok
- [√] verified PPA package installs/uninstalls
- [√] sanity checks test fine

P.S. I see you also plan an SRU for this fix, I hope it backports well - at least it is small.

review: Approve
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Thanks, tagging and uploading 2f77298068c07b2c101f55d9ead3fda799e882bc

$ git push pkg upload/2.4.49+dfsg-2ubuntu1
Enumerating objects: 95, done.
Counting objects: 100% (95/95), done.
Delta compression using up to 4 threads
Compressing objects: 100% (77/77), done.
Writing objects: 100% (79/79), 28.89 KiB | 1.16 MiB/s, done.
Total 79 (delta 57), reused 5 (delta 2)
To ssh://git.launchpad.net/~usd-import-team/ubuntu/+source/openldap
 * [new tag] upload/2.4.49+dfsg-2ubuntu1 -> upload/2.4.49+dfsg-2ubuntu1

$ dput ubuntu ../openldap_2.4.49+dfsg-2ubuntu1_source.changes
Checking signature on .changes
gpg: ../openldap_2.4.49+dfsg-2ubuntu1_source.changes: Valid signature from AC983EB5BF6BCBA9
Checking signature on .dsc
gpg: ../openldap_2.4.49+dfsg-2ubuntu1.dsc: Valid signature from AC983EB5BF6BCBA9
Package includes an .orig.tar.gz file although the debian revision suggests
that it might not be required. Multiple uploads of the .orig.tar.gz may be
rejected by the upload queue management software.
Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading openldap_2.4.49+dfsg-2ubuntu1.dsc: done.
  Uploading openldap_2.4.49+dfsg.orig.tar.gz: done.
  Uploading openldap_2.4.49+dfsg-2ubuntu1.debian.tar.xz: done.
  Uploading openldap_2.4.49+dfsg-2ubuntu1_source.buildinfo: done.
  Uploading openldap_2.4.49+dfsg-2ubuntu1_source.changes: done.
Successfully uploaded packages.

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

This migrated.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/debian/apparmor-profile b/debian/apparmor-profile
0new file mode 1006440new file mode 100644
index 0000000..793fa7b
--- /dev/null
+++ b/debian/apparmor-profile
@@ -0,0 +1,60 @@
1# vim:syntax=apparmor
2# Last Modified: Fri Jan 4 15:18:13 2008
3# Author: Jamie Strandboge <jamie@ubuntu.com>
4
5#include <tunables/global>
6
7/usr/sbin/slapd {
8 #include <abstractions/base>
9 #include <abstractions/nameservice>
10 #include <abstractions/p11-kit>
11
12 #include <abstractions/ssl_certs>
13 /etc/ssl/private/ r,
14 /etc/ssl/private/* r,
15
16 /etc/sasldb2 r,
17
18 capability dac_override,
19 capability net_bind_service,
20 capability setgid,
21 capability setuid,
22
23 /etc/gai.conf r,
24 /etc/hosts.allow r,
25 /etc/hosts.deny r,
26
27 # ldap files
28 /etc/ldap/** kr,
29 /etc/ldap/slapd.d/** rw,
30
31 # kerberos/gssapi
32 /dev/tty rw,
33 /etc/gss/mech.d/ r,
34 /etc/gss/mech.d/* kr,
35 /etc/krb5.keytab kr,
36 /etc/krb5/user/*/client.keytab kr,
37 owner /tmp/krb5cc_* rwk,
38 /var/tmp/ rw,
39 /var/tmp/** rw,
40
41 # the databases and logs
42 /var/lib/ldap/ r,
43 /var/lib/ldap/** rwk,
44
45 # lock file
46 /var/lib/ldap/alock kw,
47
48 # pid files and sockets
49 /{,var/}run/slapd/* w,
50 /{,var/}run/slapd/ldapi rw,
51 /{,var/}run/nslcd/socket rw,
52
53 /usr/lib/ldap/ r,
54 /usr/lib/ldap/* mr,
55
56 /usr/sbin/slapd mr,
57
58 # Site-specific additions and overrides. See local/README for details.
59 #include <local/usr.sbin.slapd>
60}
diff --git a/debian/changelog b/debian/changelog
index 56ce1ee..e4fd52b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,55 @@
1openldap (2.4.49+dfsg-2ubuntu1) focal; urgency=medium
2
3 * Merge with Debian unstable (LP: #1866303). Remaining changes:
4 - Enable AppArmor support:
5 - d/apparmor-profile: add AppArmor profile
6 - d/rules: use dh_apparmor
7 - d/control: Build-Depends on dh-apparmor
8 - d/slapd.README.Debian: add note about AppArmor
9 - Enable GSSAPI support:
10 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
11 - Add --with-gssapi support
12 - Make guess_service_principal() more robust when determining
13 principal
14 [Dropped the ldap_gssapi_bind_s() hunk as that is already
15 - d/configure.options: Configure with --with-gssapi
16 - d/control: Added heimdal-dev as a build depend
17 - d/rules:
18 - Explicitly add -I/usr/include/heimdal to CFLAGS.
19 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
20 - Enable ufw support:
21 - d/control: suggest ufw.
22 - d/rules: install ufw profile.
23 - d/slapd.ufw.profile: add ufw profile.
24 - Enable nss overlay:
25 - d/rules:
26 - add nssov to CONTRIB_MODULES
27 - add sysconfdir to CONTRIB_MAKEVARS
28 - d/slapd.install:
29 - install nssov overlay
30 - d/slapd.manpages:
31 - install slapo-nssov(5) man page
32 - d/{rules,slapd.py}: Add apport hook.
33 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
34 either the default DIT nor via an Authn mapping.
35 - d/slapd.scripts-common:
36 - add slapcat_opts to local variables.
37 - Fix backup directory naming for multiple reconfiguration.
38 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
39 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
40 in the openldap library, as required by Likewise-Open
41 - Show distribution in version:
42 - d/control: added lsb-release
43 - d/patches/fix-ldap-distribution.patch: show distribution in version
44 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
45 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
46 - GSSAPI support was enabled in 2.4.18-0ubuntu2
47 - d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
48 Debian bug #919136, we also have to patch the nssov makefile
49 accordingly and thus update this patch.
50
51 -- Andreas Hasenack <andreas@canonical.com> Fri, 06 Mar 2020 11:39:12 -0300
52
1openldap (2.4.49+dfsg-2) unstable; urgency=medium53openldap (2.4.49+dfsg-2) unstable; urgency=medium
254
3 * slapd.README.Debian: Document the initial setup performed by slapd's55 * slapd.README.Debian: Document the initial setup performed by slapd's
@@ -9,6 +61,62 @@ openldap (2.4.49+dfsg-2) unstable; urgency=medium
961
10 -- Ryan Tandy <ryan@nardis.ca> Thu, 05 Mar 2020 12:59:46 -080062 -- Ryan Tandy <ryan@nardis.ca> Thu, 05 Mar 2020 12:59:46 -0800
1163
64openldap (2.4.49+dfsg-1ubuntu1) focal; urgency=medium
65
66 * Merge with Debian unstable. Remaining changes:
67 - Enable AppArmor support:
68 - d/apparmor-profile: add AppArmor profile
69 - d/rules: use dh_apparmor
70 - d/control: Build-Depends on dh-apparmor
71 - d/slapd.README.Debian: add note about AppArmor
72 - Enable GSSAPI support:
73 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
74 - Add --with-gssapi support
75 - Make guess_service_principal() more robust when determining
76 principal
77 [Dropped the ldap_gssapi_bind_s() hunk as that is already
78 - d/configure.options: Configure with --with-gssapi
79 - d/control: Added heimdal-dev as a build depend
80 - d/rules:
81 - Explicitly add -I/usr/include/heimdal to CFLAGS.
82 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
83 - Enable ufw support:
84 - d/control: suggest ufw.
85 - d/rules: install ufw profile.
86 - d/slapd.ufw.profile: add ufw profile.
87 - Enable nss overlay:
88 - d/rules:
89 - add nssov to CONTRIB_MODULES
90 - add sysconfdir to CONTRIB_MAKEVARS
91 - d/slapd.install:
92 - install nssov overlay
93 - d/slapd.manpages:
94 - install slapo-nssov(5) man page
95 - d/{rules,slapd.py}: Add apport hook.
96 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
97 either the default DIT nor via an Authn mapping.
98 - d/slapd.scripts-common:
99 - add slapcat_opts to local variables.
100 - Fix backup directory naming for multiple reconfiguration.
101 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
102 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
103 in the openldap library, as required by Likewise-Open
104 - Show distribution in version:
105 - d/control: added lsb-release
106 - d/patches/fix-ldap-distribution.patch: show distribution in version
107 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
108 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
109 - GSSAPI support was enabled in 2.4.18-0ubuntu2
110 - d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
111 Debian bug #919136, we also have to patch the nssov makefile
112 accordingly and thus update this patch.
113 * Dropped:
114 - d/control: slapd can depend on perl:any since it only uses perl for
115 some maintainer and helper scripts.
116 [In 2.4.49+dfsg-1]
117
118 -- Andreas Hasenack <andreas@canonical.com> Mon, 10 Feb 2020 12:13:47 -0300
119
12openldap (2.4.49+dfsg-1) unstable; urgency=medium120openldap (2.4.49+dfsg-1) unstable; urgency=medium
13121
14 * New upstream release.122 * New upstream release.
@@ -37,6 +145,102 @@ openldap (2.4.49+dfsg-1) unstable; urgency=medium
37145
38 -- Ryan Tandy <ryan@nardis.ca> Thu, 06 Feb 2020 10:08:12 -0800146 -- Ryan Tandy <ryan@nardis.ca> Thu, 06 Feb 2020 10:08:12 -0800
39147
148openldap (2.4.48+dfsg-1ubuntu4) focal; urgency=medium
149
150 * d/control: slapd can depend on perl:any since it only uses perl for
151 some maintainer and helper scripts. The perl backend links against
152 the correct architecture perl libraries already. Can be dropped
153 after https://salsa.debian.org/openldap-team/openldap/commit/794c736
154 is in a Debian upload.
155
156 -- Andreas Hasenack <andreas@canonical.com> Mon, 06 Jan 2020 16:46:11 -0300
157
158openldap (2.4.48+dfsg-1ubuntu3) focal; urgency=medium
159
160 * No-change rebuild against libnettle7
161
162 -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 31 Oct 2019 22:13:44 +0000
163
164openldap (2.4.48+dfsg-1ubuntu2) focal; urgency=medium
165
166 * No-change rebuild for the perl update.
167
168 -- Matthias Klose <doko@ubuntu.com> Fri, 18 Oct 2019 19:37:23 +0000
169
170openldap (2.4.48+dfsg-1ubuntu1) eoan; urgency=medium
171
172 * Merge with Debian unstable. Remaining changes:
173 - Enable AppArmor support:
174 - d/apparmor-profile: add AppArmor profile
175 - d/rules: use dh_apparmor
176 - d/control: Build-Depends on dh-apparmor
177 - d/slapd.README.Debian: add note about AppArmor
178 - Enable GSSAPI support:
179 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
180 - Add --with-gssapi support
181 - Make guess_service_principal() more robust when determining
182 principal
183 - d/configure.options: Configure with --with-gssapi
184 - d/control: Added heimdal-dev as a build depend
185 - d/rules:
186 - Explicitly add -I/usr/include/heimdal to CFLAGS.
187 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
188 - Enable ufw support:
189 - d/control: suggest ufw.
190 - d/rules: install ufw profile.
191 - d/slapd.ufw.profile: add ufw profile.
192 - Enable nss overlay:
193 - d/rules:
194 - add nssov to CONTRIB_MODULES
195 - add sysconfdir to CONTRIB_MAKEVARS
196 - d/slapd.install:
197 - install nssov overlay
198 - d/slapd.manpages:
199 - install slapo-nssov(5) man page
200 - d/{rules,slapd.py}: Add apport hook.
201 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
202 either the default DIT nor via an Authn mapping.
203 - d/slapd.scripts-common:
204 - add slapcat_opts to local variables.
205 - Fix backup directory naming for multiple reconfiguration.
206 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
207 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
208 in the openldap library, as required by Likewise-Open
209 - Show distribution in version:
210 - d/control: added lsb-release
211 - d/patches/fix-ldap-distribution.patch: show distribution in version
212 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
213 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
214 - GSSAPI support was enabled in 2.4.18-0ubuntu2
215 - d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
216 Debian bug #919136, we also have to patch the nssov makefile
217 accordingly and thus update this patch.
218 * Dropped:
219 - Fix sysv-generator unit file by customizing parameters (LP #1821343)
220 + d/slapd-remain-after-exit.conf: Override RemainAfterExit to allow
221 correct systemctl status for slapd daemon.
222 + d/slapd.install: place override file in correct location.
223 [Included in 2.4.48+dfsg-1]
224 - SECURITY UPDATE: rootDN proxyauthz not restricted to its own databases
225 + debian/patches/CVE-2019-13057-1.patch: add restriction to
226 servers/slapd/saslauthz.c.
227 + debian/patches/CVE-2019-13057-2.patch: add tests to
228 tests/data/idassert.out, tests/data/slapd-idassert.conf,
229 tests/data/test-idassert1.ldif, tests/scripts/test028-idassert.
230 + debian/patches/CVE-2019-13057-3.patch: fix typo in
231 tests/scripts/test028-idassert.
232 + debian/patches/CVE-2019-13057-4.patch: fix typo in
233 tests/scripts/test028-idassert.
234 + CVE-2019-13057
235 [Fixed upstream]
236 - SECURITY UPDATE: SASL SSF not initialized per connection
237 + debian/patches/CVE-2019-13565.patch: zero out sasl_ssf in
238 connection_init in servers/slapd/connection.c.
239 + CVE-2019-13565
240 [Fixed upstream]
241
242 -- Andreas Hasenack <andreas@canonical.com> Wed, 31 Jul 2019 18:01:14 -0300
243
40openldap (2.4.48+dfsg-1) unstable; urgency=medium244openldap (2.4.48+dfsg-1) unstable; urgency=medium
41245
42 * New upstream release.246 * New upstream release.
@@ -64,6 +268,87 @@ openldap (2.4.48+dfsg-1) unstable; urgency=medium
64268
65 -- Ryan Tandy <ryan@nardis.ca> Thu, 25 Jul 2019 08:32:00 -0700269 -- Ryan Tandy <ryan@nardis.ca> Thu, 25 Jul 2019 08:32:00 -0700
66270
271openldap (2.4.47+dfsg-3ubuntu3) eoan; urgency=medium
272
273 * SECURITY UPDATE: rootDN proxyauthz not restricted to its own databases
274 - debian/patches/CVE-2019-13057-1.patch: add restriction to
275 servers/slapd/saslauthz.c.
276 - debian/patches/CVE-2019-13057-2.patch: add tests to
277 tests/data/idassert.out, tests/data/slapd-idassert.conf,
278 tests/data/test-idassert1.ldif, tests/scripts/test028-idassert.
279 - debian/patches/CVE-2019-13057-3.patch: fix typo in
280 tests/scripts/test028-idassert.
281 - debian/patches/CVE-2019-13057-4.patch: fix typo in
282 tests/scripts/test028-idassert.
283 - CVE-2019-13057
284 * SECURITY UPDATE: SASL SSF not initialized per connection
285 - debian/patches/CVE-2019-13565.patch: zero out sasl_ssf in
286 connection_init in servers/slapd/connection.c.
287 - CVE-2019-13565
288
289 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 26 Jul 2019 13:21:00 -0400
290
291openldap (2.4.47+dfsg-3ubuntu2) disco; urgency=medium
292
293 * Fix sysv-generator unit file by customizing parameters (LP: #1821343)
294 - d/slapd-remain-after-exit.conf: Override RemainAfterExit to allow
295 correct systemctl status for slapd daemon.
296 - d/slapd.install: place override file in correct location.
297
298 -- Heitor Alves de Siqueira <halves@canonical.com> Mon, 08 Apr 2019 12:39:12 -0300
299
300openldap (2.4.47+dfsg-3ubuntu1) disco; urgency=medium
301
302 * Merge with Debian unstable. Remaining changes:
303 - Enable AppArmor support:
304 - d/apparmor-profile: add AppArmor profile
305 - d/rules: use dh_apparmor
306 - d/control: Build-Depends on dh-apparmor
307 - d/slapd.README.Debian: add note about AppArmor
308 - Enable GSSAPI support:
309 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
310 - Add --with-gssapi support
311 - Make guess_service_principal() more robust when determining
312 principal
313 - d/configure.options: Configure with --with-gssapi
314 - d/control: Added heimdal-dev as a build depend
315 - d/rules:
316 - Explicitly add -I/usr/include/heimdal to CFLAGS.
317 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
318 - Enable ufw support:
319 - d/control: suggest ufw.
320 - d/rules: install ufw profile.
321 - d/slapd.ufw.profile: add ufw profile.
322 - Enable nss overlay:
323 - d/rules:
324 - add nssov to CONTRIB_MODULES
325 - add sysconfdir to CONTRIB_MAKEVARS
326 - d/slapd.install:
327 - install nssov overlay
328 - d/slapd.manpages:
329 - install slapo-nssov(5) man page
330 - d/{rules,slapd.py}: Add apport hook.
331 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
332 either the default DIT nor via an Authn mapping.
333 - d/slapd.scripts-common:
334 - add slapcat_opts to local variables.
335 - Fix backup directory naming for multiple reconfiguration.
336 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
337 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
338 in the openldap library, as required by Likewise-Open
339 - Show distribution in version:
340 - d/control: added lsb-release
341 - d/patches/fix-ldap-distribution.patch: show distribution in version
342 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
343 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
344 - GSSAPI support was enabled in 2.4.18-0ubuntu2
345 * Added changes:
346 - d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
347 Debian bug #919136, we also have to patch the nssov makefile
348 accordingly and thus update this patch.
349
350 -- Andreas Hasenack <andreas@canonical.com> Mon, 11 Feb 2019 09:20:47 -0200
351
67openldap (2.4.47+dfsg-3) unstable; urgency=medium352openldap (2.4.47+dfsg-3) unstable; urgency=medium
68353
69 * Restore patches to contrib Makefiles to set CFLAGS, CPPFLAGS, and LDFLAGS354 * Restore patches to contrib Makefiles to set CFLAGS, CPPFLAGS, and LDFLAGS
@@ -79,6 +364,63 @@ openldap (2.4.47+dfsg-3) unstable; urgency=medium
79364
80 -- Ryan Tandy <ryan@nardis.ca> Sat, 02 Feb 2019 10:30:10 -0800365 -- Ryan Tandy <ryan@nardis.ca> Sat, 02 Feb 2019 10:30:10 -0800
81366
367openldap (2.4.47+dfsg-2ubuntu1) disco; urgency=medium
368
369 * Merge from Debian unstable (LP: #1811630). Remaining changes:
370 - Enable AppArmor support:
371 - d/apparmor-profile: add AppArmor profile
372 - d/rules: use dh_apparmor
373 - d/control: Build-Depends on dh-apparmor
374 - d/slapd.README.Debian: add note about AppArmor
375 - Enable GSSAPI support:
376 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
377 - Add --with-gssapi support
378 - Make guess_service_principal() more robust when determining
379 principal
380 - d/configure.options: Configure with --with-gssapi
381 - d/control: Added heimdal-dev as a build depend
382 - d/rules:
383 - Explicitly add -I/usr/include/heimdal to CFLAGS.
384 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
385 - Enable ufw support:
386 - d/control: suggest ufw.
387 - d/rules: install ufw profile.
388 - d/slapd.ufw.profile: add ufw profile.
389 - Enable nss overlay:
390 - d/rules:
391 - add nssov to CONTRIB_MODULES
392 - add sysconfdir to CONTRIB_MAKEVARS
393 - d/slapd.install:
394 - install nssov overlay
395 - d/slapd.manpages:
396 - install slapo-nssov(5) man page
397 - d/{rules,slapd.py}: Add apport hook.
398 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
399 either the default DIT nor via an Authn mapping.
400 - d/slapd.scripts-common:
401 - add slapcat_opts to local variables.
402 - Fix backup directory naming for multiple reconfiguration.
403 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
404 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
405 in the openldap library, as required by Likewise-Open
406 - Show distribution in version:
407 - d/control: added lsb-release
408 - d/patches/fix-ldap-distribution.patch: show distribution in version
409 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
410 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
411 - GSSAPI support was enabled in 2.4.18-0ubuntu2
412 * Update nssov build and packaging for Debian changes:
413 - Drop patch nssov-build
414 - d/rules:
415 - add nssov to CONTRIB_MODULES
416 - add sysconfdir to CONTRIB_MAKEVARS
417 - d/slapd.install:
418 - install nssov overlay
419 - d/slapd.manpages:
420 - install slapo-nssov(5) man page
421
422 -- Ryan Tandy <ryan@nardis.ca> Sun, 13 Jan 2019 04:47:09 +0000
423
82openldap (2.4.47+dfsg-2) unstable; urgency=medium424openldap (2.4.47+dfsg-2) unstable; urgency=medium
83425
84 * Reintroduce slapi-dev binary package. (Closes: #711469)426 * Reintroduce slapi-dev binary package. (Closes: #711469)
@@ -116,6 +458,63 @@ openldap (2.4.47+dfsg-1) unstable; urgency=medium
116458
117 -- Ryan Tandy <ryan@nardis.ca> Sun, 23 Dec 2018 12:50:40 -0800459 -- Ryan Tandy <ryan@nardis.ca> Sun, 23 Dec 2018 12:50:40 -0800
118460
461openldap (2.4.46+dfsg-5ubuntu3) disco; urgency=medium
462
463 * d/apparmor-profile: update apparmor profile to allow reading of
464 files needed when slapd is behaving as a kerberos/gssapi client
465 and acquiring its own ticket. (LP: #1783183)
466
467 -- Andreas Hasenack <andreas@canonical.com> Fri, 09 Nov 2018 21:29:51 -0200
468
469openldap (2.4.46+dfsg-5ubuntu2) disco; urgency=medium
470
471 * No-change rebuild for the perl 5.28 transition.
472
473 -- Adam Conrad <adconrad@ubuntu.com> Fri, 02 Nov 2018 18:14:37 -0600
474
475openldap (2.4.46+dfsg-5ubuntu1) cosmic; urgency=medium
476
477 * Merge from Debian unstable. Remaining changes:
478 - Enable AppArmor support:
479 - d/apparmor-profile: add AppArmor profile
480 - d/rules: use dh_apparmor
481 - d/control: Build-Depends on dh-apparmor
482 - d/slapd.README.Debian: add note about AppArmor
483 - Enable GSSAPI support:
484 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
485 - Add --with-gssapi support
486 - Make guess_service_principal() more robust when determining
487 principal
488 - d/configure.options: Configure with --with-gssapi
489 - d/control: Added heimdal-dev as a build depend
490 - d/rules:
491 - Explicitly add -I/usr/include/heimdal to CFLAGS.
492 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
493 - Enable ufw support:
494 - d/control: suggest ufw.
495 - d/rules: install ufw profile.
496 - d/slapd.ufw.profile: add ufw profile.
497 - Enable nss overlay:
498 - d/{patches/nssov-build,rules}: Apply, build and package the
499 nss overlay.
500 - d/{rules,slapd.py}: Add apport hook.
501 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
502 either the default DIT nor via an Authn mapping.
503 - d/slapd.scripts-common:
504 - add slapcat_opts to local variables.
505 - Fix backup directory naming for multiple reconfiguration.
506 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
507 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
508 in the openldap library, as required by Likewise-Open
509 - Show distribution in version:
510 - d/control: added lsb-release
511 - d/patches/fix-ldap-distribution.patch: show distribution in version
512 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
513 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
514 - GSSAPI support was enabled in 2.4.18-0ubuntu2
515
516 -- Gianfranco Costamagna <locutusofborg@debian.org> Wed, 09 May 2018 13:44:37 +0200
517
119openldap (2.4.46+dfsg-5) unstable; urgency=medium518openldap (2.4.46+dfsg-5) unstable; urgency=medium
120519
121 * Restore slapd-smbk5pwd now that libldap is installable in unstable.520 * Restore slapd-smbk5pwd now that libldap is installable in unstable.
@@ -135,6 +534,49 @@ openldap (2.4.46+dfsg-3) unstable; urgency=medium
135534
136 -- Ryan Tandy <ryan@nardis.ca> Fri, 04 May 2018 07:36:58 -0700535 -- Ryan Tandy <ryan@nardis.ca> Fri, 04 May 2018 07:36:58 -0700
137536
537openldap (2.4.46+dfsg-2ubuntu1) cosmic; urgency=low
538
539 * Merge from Debian unstable. Remaining changes:
540 - Enable AppArmor support:
541 - d/apparmor-profile: add AppArmor profile
542 - d/rules: use dh_apparmor
543 - d/control: Build-Depends on dh-apparmor
544 - d/slapd.README.Debian: add note about AppArmor
545 - Enable GSSAPI support:
546 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
547 - Add --with-gssapi support
548 - Make guess_service_principal() more robust when determining
549 principal
550 - d/configure.options: Configure with --with-gssapi
551 - d/control: Added heimdal-dev as a build depend
552 - d/rules:
553 - Explicitly add -I/usr/include/heimdal to CFLAGS.
554 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
555 - Enable ufw support:
556 - d/control: suggest ufw.
557 - d/rules: install ufw profile.
558 - d/slapd.ufw.profile: add ufw profile.
559 - Enable nss overlay:
560 - d/{patches/nssov-build,rules}: Apply, build and package the
561 nss overlay.
562 - d/{rules,slapd.py}: Add apport hook.
563 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
564 either the default DIT nor via an Authn mapping.
565 - d/slapd.scripts-common:
566 - add slapcat_opts to local variables.
567 - Fix backup directory naming for multiple reconfiguration.
568 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
569 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
570 in the openldap library, as required by Likewise-Open
571 - Show distribution in version:
572 - d/control: added lsb-release
573 - d/patches/fix-ldap-distribution.patch: show distribution in version
574 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
575 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
576 - GSSAPI support was enabled in 2.4.18-0ubuntu2
577
578 -- Gianfranco Costamagna <locutusofborg@debian.org> Fri, 04 May 2018 10:19:24 +0200
579
138openldap (2.4.46+dfsg-2) unstable; urgency=medium580openldap (2.4.46+dfsg-2) unstable; urgency=medium
139581
140 * Remove version constraint from libldap-2.4-2 dependency on libldap-common.582 * Remove version constraint from libldap-2.4-2 dependency on libldap-common.
@@ -164,6 +606,49 @@ openldap (2.4.46+dfsg-1) unstable; urgency=medium
164606
165 -- Ryan Tandy <ryan@nardis.ca> Thu, 03 May 2018 07:03:30 -0700607 -- Ryan Tandy <ryan@nardis.ca> Thu, 03 May 2018 07:03:30 -0700
166608
609openldap (2.4.45+dfsg-1ubuntu1) artful; urgency=low
610
611 * Merge from Debian unstable. Remaining changes:
612 - Enable AppArmor support:
613 - d/apparmor-profile: add AppArmor profile
614 - d/rules: use dh_apparmor
615 - d/control: Build-Depends on dh-apparmor
616 - d/slapd.README.Debian: add note about AppArmor
617 - Enable GSSAPI support:
618 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
619 - Add --with-gssapi support
620 - Make guess_service_principal() more robust when determining
621 principal
622 - d/configure.options: Configure with --with-gssapi
623 - d/control: Added heimdal-dev as a build depend
624 - d/rules:
625 - Explicitly add -I/usr/include/heimdal to CFLAGS.
626 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
627 - Enable ufw support:
628 - d/control: suggest ufw.
629 - d/rules: install ufw profile.
630 - d/slapd.ufw.profile: add ufw profile.
631 - Enable nss overlay:
632 - d/{patches/nssov-build,rules}: Apply, build and package the
633 nss overlay.
634 - d/{rules,slapd.py}: Add apport hook.
635 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
636 either the default DIT nor via an Authn mapping.
637 - d/slapd.scripts-common:
638 - add slapcat_opts to local variables.
639 - Fix backup directory naming for multiple reconfiguration.
640 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
641 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
642 in the openldap library, as required by Likewise-Open
643 - Show distribution in version:
644 - d/control: added lsb-release
645 - d/patches/fix-ldap-distribution.patch: show distribution in version
646 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
647 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
648 - GSSAPI support was enabled in 2.4.18-0ubuntu2
649
650 -- Gianfranco Costamagna <locutusofborg@debian.org> Fri, 28 Jul 2017 14:49:07 +0200
651
167openldap (2.4.45+dfsg-1) unstable; urgency=medium652openldap (2.4.45+dfsg-1) unstable; urgency=medium
168653
169 * New upstream release.654 * New upstream release.
@@ -205,6 +690,49 @@ openldap (2.4.45+dfsg-1) unstable; urgency=medium
205690
206 -- Ryan Tandy <ryan@nardis.ca> Thu, 27 Jul 2017 18:04:41 -0700691 -- Ryan Tandy <ryan@nardis.ca> Thu, 27 Jul 2017 18:04:41 -0700
207692
693openldap (2.4.44+dfsg-8ubuntu1) artful; urgency=low
694
695 * Merge from Debian unstable. Remaining changes:
696 - Enable AppArmor support:
697 - d/apparmor-profile: add AppArmor profile
698 - d/rules: use dh_apparmor
699 - d/control: Build-Depends on dh-apparmor
700 - d/slapd.README.Debian: add note about AppArmor
701 - Enable GSSAPI support:
702 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
703 - Add --with-gssapi support
704 - Make guess_service_principal() more robust when determining
705 principal
706 - d/configure.options: Configure with --with-gssapi
707 - d/control: Added heimdal-dev as a build depend
708 - d/rules:
709 - Explicitly add -I/usr/include/heimdal to CFLAGS.
710 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
711 - Enable ufw support:
712 - d/control: suggest ufw.
713 - d/rules: install ufw profile.
714 - d/slapd.ufw.profile: add ufw profile.
715 - Enable nss overlay:
716 - d/{patches/nssov-build,rules}: Apply, build and package the
717 nss overlay.
718 - d/{rules,slapd.py}: Add apport hook.
719 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
720 either the default DIT nor via an Authn mapping.
721 - d/slapd.scripts-common:
722 - add slapcat_opts to local variables.
723 - Fix backup directory naming for multiple reconfiguration.
724 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
725 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
726 in the openldap library, as required by Likewise-Open
727 - Show distribution in version:
728 - d/control: added lsb-release
729 - d/patches/fix-ldap-distribution.patch: show distribution in version
730 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
731 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
732 - GSSAPI support was enabled in 2.4.18-0ubuntu2
733
734 -- Gianfranco Costamagna <locutusofborg@debian.org> Mon, 17 Jul 2017 10:58:24 +0200
735
208openldap (2.4.44+dfsg-8) unstable; urgency=medium736openldap (2.4.44+dfsg-8) unstable; urgency=medium
209737
210 * Disable test060-mt-hot on ppc64el temporarily to avoid failing tests until 738 * Disable test060-mt-hot on ppc64el temporarily to avoid failing tests until
@@ -215,6 +743,52 @@ openldap (2.4.44+dfsg-8) unstable; urgency=medium
215743
216 -- Ryan Tandy <ryan@nardis.ca> Sun, 16 Jul 2017 12:57:41 -0700744 -- Ryan Tandy <ryan@nardis.ca> Sun, 16 Jul 2017 12:57:41 -0700
217745
746openldap (2.4.44+dfsg-7ubuntu1) artful; urgency=medium
747
748 * Merge from Debian unstable. Remaining changes:
749 - Enable AppArmor support:
750 - d/apparmor-profile: add AppArmor profile
751 - d/rules: use dh_apparmor
752 - d/control: Build-Depends on dh-apparmor
753 - d/slapd.README.Debian: add note about AppArmor
754 - Enable GSSAPI support:
755 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
756 - Add --with-gssapi support
757 - Make guess_service_principal() more robust when determining
758 principal
759 - d/configure.options: Configure with --with-gssapi
760 - d/control: Added heimdal-dev as a build depend
761 - d/rules:
762 - Explicitly add -I/usr/include/heimdal to CFLAGS.
763 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
764 - Enable ufw support:
765 - d/control: suggest ufw.
766 - d/rules: install ufw profile.
767 - d/slapd.ufw.profile: add ufw profile.
768 - Enable nss overlay:
769 - d/{patches/nssov-build,rules}: Apply, build and package the
770 nss overlay.
771 - d/{rules,slapd.py}: Add apport hook.
772 [ d/rules modification mentioned above was dropped in
773 2.4.23-6ubuntu1, re-adding it ]
774 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
775 either the default DIT nor via an Authn mapping.
776 - d/slapd.scripts-common:
777 - add slapcat_opts to local variables.
778 - Fix backup directory naming for multiple reconfiguration.
779 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
780 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
781 in the openldap library, as required by Likewise-Open
782 - Show distribution in version:
783 - d/control: added lsb-release
784 - d/patches/fix-ldap-distribution.patch: show distribution in version
785 [ Refreshed patch ]
786 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
787 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
788 - GSSAPI support was enabled in 2.4.18-0ubuntu2
789
790 -- Gianfranco Costamagna <locutusofborg@debian.org> Tue, 27 Jun 2017 10:21:41 +0200
791
218openldap (2.4.44+dfsg-7) unstable; urgency=medium792openldap (2.4.44+dfsg-7) unstable; urgency=medium
219793
220 * Relax the dependency of libldap-2.4-2 on libldap-common to also permit 794 * Relax the dependency of libldap-2.4-2 on libldap-common to also permit
@@ -222,6 +796,52 @@ openldap (2.4.44+dfsg-7) unstable; urgency=medium
222796
223 -- Ryan Tandy <ryan@nardis.ca> Tue, 27 Jun 2017 18:53:12 -0700797 -- Ryan Tandy <ryan@nardis.ca> Tue, 27 Jun 2017 18:53:12 -0700
224798
799openldap (2.4.44+dfsg-6ubuntu1) artful; urgency=medium
800
801 * Merge from Debian unstable. Remaining changes:
802 - Enable AppArmor support:
803 - d/apparmor-profile: add AppArmor profile
804 - d/rules: use dh_apparmor
805 - d/control: Build-Depends on dh-apparmor
806 - d/slapd.README.Debian: add note about AppArmor
807 - Enable GSSAPI support:
808 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
809 - Add --with-gssapi support
810 - Make guess_service_principal() more robust when determining
811 principal
812 - d/configure.options: Configure with --with-gssapi
813 - d/control: Added heimdal-dev as a build depend
814 - d/rules:
815 - Explicitly add -I/usr/include/heimdal to CFLAGS.
816 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
817 - Enable ufw support:
818 - d/control: suggest ufw.
819 - d/rules: install ufw profile.
820 - d/slapd.ufw.profile: add ufw profile.
821 - Enable nss overlay:
822 - d/{patches/nssov-build,rules}: Apply, build and package the
823 nss overlay.
824 - d/{rules,slapd.py}: Add apport hook.
825 [ d/rules modification mentioned above was dropped in
826 2.4.23-6ubuntu1, re-adding it ]
827 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
828 either the default DIT nor via an Authn mapping.
829 - d/slapd.scripts-common:
830 - add slapcat_opts to local variables.
831 - Fix backup directory naming for multiple reconfiguration.
832 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
833 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
834 in the openldap library, as required by Likewise-Open
835 - Show distribution in version:
836 - d/control: added lsb-release
837 - d/patches/fix-ldap-distribution.patch: show distribution in version
838 [ Refreshed patch ]
839 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
840 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
841 - GSSAPI support was enabled in 2.4.18-0ubuntu2
842
843 -- Gianfranco Costamagna <locutusofborg@debian.org> Tue, 27 Jun 2017 10:21:41 +0200
844
225openldap (2.4.44+dfsg-6) unstable; urgency=medium845openldap (2.4.44+dfsg-6) unstable; urgency=medium
226846
227 * Update the list of non-translatable strings for the 847 * Update the list of non-translatable strings for the
@@ -230,6 +850,54 @@ openldap (2.4.44+dfsg-6) unstable; urgency=medium
230850
231 -- Ryan Tandy <ryan@nardis.ca> Mon, 26 Jun 2017 19:42:02 -0700851 -- Ryan Tandy <ryan@nardis.ca> Mon, 26 Jun 2017 19:42:02 -0700
232852
853openldap (2.4.44+dfsg-5ubuntu1) artful; urgency=medium
854
855 * Merge from Debian unstable. Remaining changes:
856 - Enable AppArmor support:
857 - d/apparmor-profile: add AppArmor profile
858 - d/rules: use dh_apparmor
859 - d/control: Build-Depends on dh-apparmor
860 - d/slapd.README.Debian: add note about AppArmor
861 - Enable GSSAPI support:
862 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
863 - Add --with-gssapi support
864 - Make guess_service_principal() more robust when determining
865 principal
866 - d/configure.options: Configure with --with-gssapi
867 - d/control: Added heimdal-dev as a build depend
868 - d/rules:
869 - Explicitly add -I/usr/include/heimdal to CFLAGS.
870 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
871 - Enable ufw support:
872 - d/control: suggest ufw.
873 - d/rules: install ufw profile.
874 - d/slapd.ufw.profile: add ufw profile.
875 - Enable nss overlay:
876 - d/{patches/nssov-build,rules}: Apply, build and package the
877 nss overlay.
878 - d/{rules,slapd.py}: Add apport hook.
879 [ d/rules modification mentioned above was dropped in
880 2.4.23-6ubuntu1, re-adding it ]
881 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
882 either the default DIT nor via an Authn mapping.
883 - d/slapd.scripts-common:
884 - add slapcat_opts to local variables.
885 - Fix backup directory naming for multiple reconfiguration.
886 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
887 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
888 in the openldap library, as required by Likewise-Open
889 - Show distribution in version:
890 - d/control: added lsb-release
891 - d/patches/fix-ldap-distribution.patch: show distribution in version
892 [ Refreshed patch ]
893 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
894 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
895 - GSSAPI support was enabled in 2.4.18-0ubuntu2
896 [ undocumented in prior merge, added in 2.4.41+dfsg-1ubuntu1 ]
897 - Fix use after free with GnuTLS. (LP #1557248)
898
899 -- Gianfranco Costamagna <locutusofborg@debian.org> Sun, 28 May 2017 22:43:50 +0200
900
233openldap (2.4.44+dfsg-5) unstable; urgency=medium901openldap (2.4.44+dfsg-5) unstable; urgency=medium
234902
235 * debian/patches/ITS-8644-wait-for-slapd-to-start-in-test064.patch: Fix an 903 * debian/patches/ITS-8644-wait-for-slapd-to-start-in-test064.patch: Fix an
@@ -241,6 +909,54 @@ openldap (2.4.44+dfsg-5) unstable; urgency=medium
241909
242 -- Ryan Tandy <ryan@nardis.ca> Sun, 28 May 2017 09:59:46 -0700910 -- Ryan Tandy <ryan@nardis.ca> Sun, 28 May 2017 09:59:46 -0700
243911
912openldap (2.4.44+dfsg-4ubuntu1) artful; urgency=low
913
914 * Merge from Debian unstable. Remaining changes:
915 - Enable AppArmor support:
916 - d/apparmor-profile: add AppArmor profile
917 - d/rules: use dh_apparmor
918 - d/control: Build-Depends on dh-apparmor
919 - d/slapd.README.Debian: add note about AppArmor
920 - Enable GSSAPI support:
921 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
922 - Add --with-gssapi support
923 - Make guess_service_principal() more robust when determining
924 principal
925 - d/configure.options: Configure with --with-gssapi
926 - d/control: Added heimdal-dev as a build depend
927 - d/rules:
928 - Explicitly add -I/usr/include/heimdal to CFLAGS.
929 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
930 - Enable ufw support:
931 - d/control: suggest ufw.
932 - d/rules: install ufw profile.
933 - d/slapd.ufw.profile: add ufw profile.
934 - Enable nss overlay:
935 - d/{patches/nssov-build,rules}: Apply, build and package the
936 nss overlay.
937 - d/{rules,slapd.py}: Add apport hook.
938 [ d/rules modification mentioned above was dropped in
939 2.4.23-6ubuntu1, re-adding it ]
940 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
941 either the default DIT nor via an Authn mapping.
942 - d/slapd.scripts-common:
943 - add slapcat_opts to local variables.
944 - Fix backup directory naming for multiple reconfiguration.
945 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
946 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
947 in the openldap library, as required by Likewise-Open
948 - Show distribution in version:
949 - d/control: added lsb-release
950 - d/patches/fix-ldap-distribution.patch: show distribution in version
951 [ Refreshed patch ]
952 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
953 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
954 - GSSAPI support was enabled in 2.4.18-0ubuntu2
955 [ undocumented in prior merge, added in 2.4.41+dfsg-1ubuntu1 ]
956 - Fix use after free with GnuTLS. (LP #1557248)
957
958 -- Gianfranco Costamagna <locutusofborg@debian.org> Sat, 22 Apr 2017 14:28:54 +0200
959
244openldap (2.4.44+dfsg-4) unstable; urgency=medium960openldap (2.4.44+dfsg-4) unstable; urgency=medium
245961
246 * Improve the slapd/ppolicy_schema_needs_update debconf template. Thanks to 962 * Improve the slapd/ppolicy_schema_needs_update debconf template. Thanks to
@@ -287,6 +1003,67 @@ openldap (2.4.44+dfsg-4) unstable; urgency=medium
2871003
288 -- Ryan Tandy <ryan@nardis.ca> Sun, 16 Apr 2017 20:10:43 -07001004 -- Ryan Tandy <ryan@nardis.ca> Sun, 16 Apr 2017 20:10:43 -0700
2891005
1006openldap (2.4.44+dfsg-3ubuntu2) zesty; urgency=medium
1007
1008 * d/rules: Fix typo in previous upload.
1009
1010 -- Nishanth Aravamudan <nish.aravamudan@canonical.com> Fri, 10 Feb 2017 12:17:02 -0800
1011
1012openldap (2.4.44+dfsg-3ubuntu1) zesty; urgency=medium
1013
1014 * Merge with Debian unstable (LP: #1663702, LP: #1654416). Remaining
1015 changes
1016 - Enable AppArmor support:
1017 - d/apparmor-profile: add AppArmor profile
1018 - d/rules: use dh_apparmor
1019 - d/control: Build-Depends on dh-apparmor
1020 - d/slapd.README.Debian: add note about AppArmor
1021 - Enable GSSAPI support:
1022 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1023 - Add --with-gssapi support
1024 - Make guess_service_principal() more robust when determining
1025 principal
1026 - d/configure.options: Configure with --with-gssapi
1027 - d/control: Added heimdal-dev as a build depend
1028 - d/rules:
1029 - Explicitly add -I/usr/include/heimdal to CFLAGS.
1030 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1031 - Enable ufw support:
1032 - d/control: suggest ufw.
1033 - d/rules: install ufw profile.
1034 - d/slapd.ufw.profile: add ufw profile.
1035 - Enable nss overlay:
1036 - d/{patches/nssov-build,rules}: Apply, build and package the
1037 nss overlay.
1038 - d/{rules,slapd.py}: Add apport hook.
1039 [ d/rules modification mentioned above was dropped in
1040 2.4.23-6ubuntu1, re-adding it ]
1041 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1042 either the default DIT nor via an Authn mapping.
1043 - d/slapd.scripts-common:
1044 - add slapcat_opts to local variables.
1045 - Fix backup directory naming for multiple reconfiguration.
1046 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1047 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1048 in the openldap library, as required by Likewise-Open
1049 - Show distribution in version:
1050 - d/control: added lsb-release
1051 - d/patches/fix-ldap-distribution.patch: show distribution in version
1052 [ Refreshed patch ]
1053 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1054 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1055 - GSSAPI support was enabled in 2.4.18-0ubuntu2
1056 [ undocumented in prior merge, added in 2.4.41+dfsg-1ubuntu1 ]
1057 - Fix use after free with GnuTLS. (LP #1557248)
1058 * Drop:
1059 - d/slapd.scripts-common:
1060 + Remove unused variable new_conf.
1061 [ configure_v2_protocol_support function removed in 2.4.44+dfsg-1 ]
1062 - d/b/config.log: add config.log
1063 [ previously undocumented, stray change ]
1064
1065 -- Nishanth Aravamudan <nish.aravamudan@canonical.com> Fri, 10 Feb 2017 11:38:57 -0800
1066
290openldap (2.4.44+dfsg-3) unstable; urgency=medium1067openldap (2.4.44+dfsg-3) unstable; urgency=medium
2911068
292 * Apply upstream patch to fix FTBFS on kFreeBSD. (Closes: #845394)1069 * Apply upstream patch to fix FTBFS on kFreeBSD. (Closes: #845394)
@@ -359,6 +1136,73 @@ openldap (2.4.44+dfsg-1) unstable; urgency=medium
3591136
360 -- Ryan Tandy <ryan@nardis.ca> Mon, 14 Nov 2016 18:59:30 -08001137 -- Ryan Tandy <ryan@nardis.ca> Mon, 14 Nov 2016 18:59:30 -0800
3611138
1139openldap (2.4.42+dfsg-2ubuntu5) zesty; urgency=medium
1140
1141 * No-change rebuild for perl 5.24 transition
1142
1143 -- Iain Lane <iain@orangesquash.org.uk> Mon, 24 Oct 2016 10:37:13 +0100
1144
1145openldap (2.4.42+dfsg-2ubuntu4) yakkety; urgency=medium
1146
1147 * Fix use after free with GnuTLS. (LP: #1557248)
1148
1149 -- Maciej Puzio <maciej@work.swmed.edu> Fri, 25 Mar 2016 15:24:25 -0500
1150
1151openldap (2.4.42+dfsg-2ubuntu3) xenial; urgency=medium
1152
1153 * Fix building with gssapi suppport:
1154 - Explicitly add -I/usr/include/heimdal to CFLAGS.
1155 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1156
1157 -- Matthias Klose <doko@ubuntu.com> Thu, 18 Feb 2016 09:17:27 +0100
1158
1159openldap (2.4.42+dfsg-2ubuntu2) xenial; urgency=medium
1160
1161 * No-change rebuild for gnutls transition.
1162
1163 -- Matthias Klose <doko@ubuntu.com> Wed, 17 Feb 2016 22:27:04 +0000
1164
1165openldap (2.4.42+dfsg-2ubuntu1) xenial; urgency=medium
1166
1167 * Merge from Debian testing (LP: #1532648). Remaining changes:
1168 - Enable AppArmor support:
1169 - d/apparmor-profile: add AppArmor profile
1170 - d/rules: use dh_apparmor
1171 - d/control: Build-Depends on dh-apparmor
1172 - d/slapd.README.Debian: add note about AppArmor
1173 - Enable GSSAPI support:
1174 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1175 - Add --with-gssapi support
1176 - Make guess_service_principal() more robust when determining
1177 principal
1178 - d/configure.options: Configure with --with-gssapi
1179 - d/control: Added heimdal-dev as a build depend
1180 - Enable ufw support:
1181 - d/control: suggest ufw.
1182 - d/rules: install ufw profile.
1183 - d/slapd.ufw.profile: add ufw profile.
1184 - Enable nss overlay:
1185 - d/{patches/nssov-build,rules}: Apply, build and package the
1186 nss overlay.
1187 - d/{rules,slapd.py}: Add apport hook.
1188 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1189 either the default DIT nor via an Authn mapping.
1190 - d/slapd.scripts-common:
1191 - add slapcat_opts to local variables.
1192 - Remove unused variable new_conf.
1193 - Fix backup directory naming for multiple reconfiguration.
1194 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1195 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1196 in the openldap library, as required by Likewise-Open
1197 - Show distribution in version:
1198 - d/control: added lsb-release
1199 - d/patches/fix-ldap-distribution.patch: show distribution in version
1200 * Drop CVE-2015-6908.patch, included in Debian.
1201 * Remove DEB_HOST_ARCH from debian/rules: left over from when mdb was
1202 disabled on ppc64el, no longer used, and missed in the previous merge.
1203
1204 -- Ryan Tandy <ryan@nardis.ca> Sun, 10 Jan 2016 15:50:53 -0800
1205
362openldap (2.4.42+dfsg-2) unstable; urgency=medium1206openldap (2.4.42+dfsg-2) unstable; urgency=medium
3631207
364 [ Ryan Tandy ]1208 [ Ryan Tandy ]
@@ -426,6 +1270,71 @@ openldap (2.4.42+dfsg-1) unstable; urgency=medium
4261270
427 -- Ryan Tandy <ryan@nardis.ca> Fri, 21 Aug 2015 13:07:51 -07001271 -- Ryan Tandy <ryan@nardis.ca> Fri, 21 Aug 2015 13:07:51 -0700
4281272
1273openldap (2.4.41+dfsg-1ubuntu3) xenial; urgency=medium
1274
1275 * Rebuild for Perl 5.22.1.
1276
1277 -- Colin Watson <cjwatson@ubuntu.com> Fri, 18 Dec 2015 15:10:17 +0000
1278
1279openldap (2.4.41+dfsg-1ubuntu2) wily; urgency=medium
1280
1281 * SECURITY UPDATE: denial of service via crafted BER data
1282 - debian/patches/CVE-2015-6908.patch: remove obsolete assert in
1283 libraries/liblber/io.c.
1284 - CVE-2015-6908
1285
1286 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 14 Sep 2015 10:25:04 -0400
1287
1288openldap (2.4.41+dfsg-1ubuntu1) wily; urgency=medium
1289
1290 * Merge from Debian testing (LP: #1471831). Remaining changes:
1291 - Enable AppArmor support:
1292 - d/apparmor-profile: add AppArmor profile
1293 - d/rules: use dh_apparmor
1294 - d/control: Build-Depends on dh-apparmor
1295 - d/slapd.README.Debian: add note about AppArmor
1296 - Enable GSSAPI support:
1297 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1298 - Add --with-gssapi support
1299 - Make guess_service_principal() more robust when determining
1300 principal
1301 - d/configure.options: Configure with --with-gssapi
1302 - d/control: Added heimdal-dev as a build depend
1303 - Enable ufw support:
1304 - d/control: suggest ufw.
1305 - d/rules: install ufw profile.
1306 - d/slapd.ufw.profile: add ufw profile.
1307 - Enable nss overlay:
1308 - d/{patches/nssov-build,rules}: Apply, build and package the
1309 nss overlay.
1310 - d/{rules,slapd.py}: Add apport hook.
1311 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1312 either the default DIT nor via an Authn mapping.
1313 - d/slapd.scripts-common:
1314 - add slapcat_opts to local variables.
1315 - Remove unused variable new_conf.
1316 - Fix backup directory naming for multiple reconfiguration.
1317 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1318 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1319 in the openldap library, as required by Likewise-Open
1320 - Show distribution in version:
1321 - d/control: added lsb-release
1322 - d/patches/fix-ldap-distribution.patch: show distribution in version
1323 * Dropped changes:
1324 - Fix cpp calls for GCC 5: fixed upstream (ITS#8056)
1325 * Upstream fixes:
1326 - slapd crash with auditlog overlay and large (~27KB) attribute values
1327 (ITS#8003) (LP: #1461276)
1328 - nssov updated to support recent nss-pam-ldapd client libraries
1329 (ITS#8097) (LP: #1393306)
1330 * Update d/patches/nssov-build for upstream changes.
1331 * Tweak d/patches/gssapi.diff to apply without fuzz.
1332 * d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1333 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1334 - GSSAPI support was enabled in 2.4.18-0ubuntu2
1335
1336 -- Ryan Tandy <ryan@nardis.ca> Fri, 24 Jul 2015 14:12:06 -0700
1337
429openldap (2.4.41+dfsg-1) unstable; urgency=medium1338openldap (2.4.41+dfsg-1) unstable; urgency=medium
4301339
431 * New upstream release.1340 * New upstream release.
@@ -445,6 +1354,62 @@ openldap (2.4.40+dfsg-2) unstable; urgency=medium
4451354
446 -- Ryan Tandy <ryan@nardis.ca> Sun, 28 Jun 2015 20:40:37 -07001355 -- Ryan Tandy <ryan@nardis.ca> Sun, 28 Jun 2015 20:40:37 -0700
4471356
1357openldap (2.4.40+dfsg-1ubuntu2) wily; urgency=medium
1358
1359 * No-change rebuild for the libnettle6 transition.
1360
1361 -- Adam Conrad <adconrad@ubuntu.com> Sun, 14 Jun 2015 03:58:30 -0600
1362
1363openldap (2.4.40+dfsg-1ubuntu1) wily; urgency=low
1364
1365 * Merge from Debian testing (LP: #1395098, LP: #1316124). Remaining changes:
1366 - Enable AppArmor support:
1367 - d/apparmor-profile: add AppArmor profile
1368 - d/rules: use dh_apparmor
1369 - d/control: Build-Depends on dh-apparmor
1370 - d/slapd.README.Debian: add note about AppArmor
1371 - Enable GSSAPI support:
1372 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1373 - Add --with-gssapi support
1374 - Make guess_service_principal() more robust when determining
1375 principal
1376 - d/configure.options: Configure with --with-gssapi
1377 - d/control: Added heimdal-dev as a build depend
1378 - Enable ufw support:
1379 - d/control: suggest ufw.
1380 - d/rules: install ufw profile.
1381 - d/slapd.ufw.profile: add ufw profile.
1382 - Enable nss overlay:
1383 - d/{patches/nssov-build,rules}: Apply, build and package the
1384 nss overlay.
1385 - d/{rules,slapd.py}: Add apport hook.
1386 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1387 either the default DIT nor via an Authn mapping.
1388 - d/slapd.scripts-common:
1389 - add slapcat_opts to local variables.
1390 - Remove unused variable new_conf.
1391 - Fix backup directory naming for multiple reconfiguration.
1392 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1393 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1394 in the openldap library, as required by Likewise-Open
1395 - Show distribution in version:
1396 - d/control: added lsb-release
1397 - d/patches/fix-ldap-distribution.patch: show distribution in version
1398 * Drop patches included upstream:
1399 - d/patches/0001-ITS-7430-GnuTLS-Avoid-use-of-deprecated-function.patch
1400 - d/patches/bdb-deadlock.patch
1401 - d/patches/its-7354-fix-delta-sync-mmr.diff
1402 * Drop hardening-wrapper as Debian now sets PIE and bindnow flags.
1403 * debian/patches/nssov-build: Adjust for upstream changes.
1404 * debian/apparmor-profile:
1405 - Change 'r' to 'rw' for ldapi and nslcd sockets, required for apparmor
1406 kernel ABI v7 (utopic and later). (LP: #1392018)
1407 - Reduce permissions on /run/nslcd to just the nslcd socket.
1408 * Enable the mdb backend again on ppc64el, fixed upstream in ITS#7713.
1409 (LP: #1293250)
1410
1411 -- Ryan Tandy <ryan@nardis.ca> Mon, 25 May 2015 19:49:21 -0700
1412
448openldap (2.4.40+dfsg-1) unstable; urgency=medium1413openldap (2.4.40+dfsg-1) unstable; urgency=medium
4491414
450 * Remove inetorgperson.schema from the upstream source. Replace it with a1415 * Remove inetorgperson.schema from the upstream source. Replace it with a
@@ -633,6 +1598,187 @@ openldap (2.4.39-1) unstable; urgency=low
6331598
634 -- Steve Langasek <vorlon@debian.org> Mon, 17 Mar 2014 15:27:31 -07001599 -- Steve Langasek <vorlon@debian.org> Mon, 17 Mar 2014 15:27:31 -0700
6351600
1601openldap (2.4.31-1+nmu2ubuntu12) vivid; urgency=medium
1602
1603 * Fix cpp calls for GCC 5.
1604
1605 -- Matthias Klose <doko@ubuntu.com> Fri, 06 Mar 2015 13:23:29 +0100
1606
1607openldap (2.4.31-1+nmu2ubuntu11) utopic; urgency=medium
1608
1609 * debian/apparmor-profile:
1610 - allow p11-kit abstraction
1611 - allow read of /etc/gss/mech.d/*
1612
1613 -- Jamie Strandboge <jamie@ubuntu.com> Tue, 02 Sep 2014 15:29:05 -0500
1614
1615openldap (2.4.31-1+nmu2ubuntu10) utopic; urgency=medium
1616
1617 * Rebuild for Perl 5.20.0.
1618
1619 -- Colin Watson <cjwatson@ubuntu.com> Thu, 21 Aug 2014 13:29:20 +0100
1620
1621openldap (2.4.31-1+nmu2ubuntu9) utopic; urgency=medium
1622
1623 * Cherry-pick upstream patch for compat with recent GNUTLS.
1624 * Build-depend on libgnutls28-dev.
1625 * Build-depend on libgcrypt20-dev.
1626
1627 -- Dimitri John Ledkov <xnox@ubuntu.com> Fri, 08 Aug 2014 11:01:56 +0100
1628
1629openldap (2.4.31-1+nmu2ubuntu8) trusty; urgency=medium
1630
1631 * Bump database_format_changed value to 2.4.31-1+nmu2ubuntu5 for db5.3.
1632
1633 -- Adam Conrad <adconrad@ubuntu.com> Mon, 17 Mar 2014 12:50:18 -0600
1634
1635openldap (2.4.31-1+nmu2ubuntu7) trusty; urgency=medium
1636
1637 * Disable mdb backend on ppc64el due to test-suite failures.
1638
1639 -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 17 Mar 2014 16:32:29 +0000
1640
1641openldap (2.4.31-1+nmu2ubuntu6) trusty; urgency=low
1642
1643 * Fix segfault issue with master-master syncrepl (LP: #1287730):
1644 - d/patches/its-7354-fix-delta-sync-mmr.diff: Cherry picked
1645 patch from upstream VCS.
1646
1647 -- Pierre Fersing <pfersing@sierrawireless.com> Tue, 04 Mar 2014 16:04:57 +0100
1648
1649openldap (2.4.31-1+nmu2ubuntu5) trusty; urgency=low
1650
1651 * Build-depend on libdb5.3-dev, instead of libdb5.1-dev.
1652
1653 -- Dmitrijs Ledkovs <xnox@ubuntu.com> Mon, 04 Nov 2013 08:04:30 +0000
1654
1655openldap (2.4.31-1+nmu2ubuntu4) trusty; urgency=low
1656
1657 * Rebuild for Perl 5.18.
1658
1659 -- Colin Watson <cjwatson@ubuntu.com> Tue, 22 Oct 2013 12:16:39 +0100
1660
1661openldap (2.4.31-1+nmu2ubuntu3) saucy; urgency=low
1662
1663 * Update build/config.guess and build/config.sub at build time; this was
1664 not done automatically because the top-level configure.in does not use
1665 Automake.
1666
1667 -- Colin Watson <cjwatson@ubuntu.com> Tue, 08 Oct 2013 17:24:59 +0100
1668
1669openldap (2.4.31-1+nmu2ubuntu2) saucy; urgency=low
1670
1671 * debian/control: added lsb-release
1672 * debian/patches/fix-ldap-distribution.patch: show distribution in version
1673
1674 -- Yolanda Robla <yolanda.robla@canonical.com> Mon, 08 Jul 2013 16:53:09 +0200
1675
1676openldap (2.4.31-1+nmu2ubuntu1) saucy; urgency=low
1677
1678 * Merge from Debian unstable. Remaining changes:
1679 - Enable AppArmor support:
1680 - d/apparmor-profile: add AppArmor profile
1681 - d/rules: use dh_apparmor
1682 - d/control: Build-Depends on dh-apparmor
1683 - d/slapd.README.Debian: add note about AppArmor
1684 - d/slapd.dirs: add etc/apparmor.d/force-complain
1685 - Enable GSSAPI support:
1686 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1687 - Add --with-gssapi support
1688 - Make guess_service_principal() more robust when determining
1689 principal
1690 - d/configure.options: Configure with --with-gssapi
1691 - d/control: Added libkrb5-dev as a build depend
1692 - Enable ufw support:
1693 - d/control: suggest ufw.
1694 - d/rules: install ufw profile.
1695 - d/slapd.ufw.profile: add ufw profile.
1696 - Enable nss overlay:
1697 - d/{patches/nssov-build,/rules}: Apply, build and package the
1698 nss overlay.
1699 - d/{rules,slapd.py}: Add apport hook.
1700 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1701 either the default DIT nor via an Authn mapping.
1702 - d/slapd.scripts-common:
1703 - add slapcat_opts to local variables.
1704 - Remove unused variable new_conf.
1705 - Fix backup directory naming for multiple reconfiguration.
1706 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1707 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1708 in the openldap library, as required by Likewise-Open
1709 - d/{control,rules}: enable PIE hardening
1710
1711 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 30 May 2013 13:03:25 -0400
1712
1713openldap (2.4.31-1+nmu2) unstable; urgency=high
1714
1715 * Non-maintainer upload.
1716 * No-change rebuild in a clean environment
1717
1718 -- Jonathan Wiltshire <jmw@debian.org> Tue, 23 Apr 2013 13:10:00 +0100
1719
1720openldap (2.4.31-1+nmu1) unstable; urgency=medium
1721
1722 * Non-maintainer upload.
1723 * Avoid deadlocks in back-bdb that truncate slapcat output (closes: #673038).
1724
1725 -- Michael Gilbert <mgilbert@debian.org> Tue, 16 Apr 2013 03:35:31 +0000
1726
1727openldap (2.4.31-1ubuntu2) quantal-proposed; urgency=low
1728
1729 * debian/slapd.py: Add AppArmor info and logs to apport hook.
1730
1731 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 20 Aug 2012 08:46:02 -0400
1732
1733openldap (2.4.31-1ubuntu1) quantal; urgency=low
1734
1735 * Merge from Debian unstable. Remaining changes:
1736 - Enable AppArmor support:
1737 - d/apparmor-profile: add AppArmor profile
1738 - d/rules: use dh_apparmor
1739 - d/control: Build-Depends on dh-apparmor
1740 - d/slapd.README.Debian: add note about AppArmor
1741 - d/slapd.dirs: add etc/apparmor.d/force-complain
1742 - Enable GSSAPI support (LP: #495418):
1743 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1744 - Add --with-gssapi support
1745 - Make guess_service_principal() more robust when determining
1746 principal
1747 - d/configure.options: Configure with --with-gssapi
1748 - d/control: Added libkrb5-dev as a build depend
1749 - Enable ufw support (LP: #423246):
1750 - d/control: suggest ufw.
1751 - d/rules: install ufw profile.
1752 - d/slapd.ufw.profile: add ufw profile.
1753 - Enable nss overlay (LP: #675391):
1754 - d/{patches/nssov-build,/rules}: Apply, build and package the
1755 nss overlay.
1756 - d/{rules,slapd.py}: Add apport hook. (LP: #610544)
1757 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1758 either the default DIT nor via an Authn mapping.
1759 - d/slapd.scripts-common:
1760 - add slapcat_opts to local variables.
1761 - Remove unused variable new_conf.
1762 - Fix backup directory naming for multiple reconfiguration.
1763 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1764 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1765 in the openldap library, as required by Likewise-Open (LP: #390579)
1766 - d/{control,rules}: enable PIE hardening
1767 * Dropped changes:
1768 - d/patches/its-7107-fix-Operation-init-on-reuse.diff: Included in upstream release.
1769 - d/patches/CVE-2011-4079: Included in upstream release.
1770 - d/patches/service-operational-before-detach: Included in upstream release.
1771 - d/schema/extra/misc.ldif: Included upstream.
1772 - d/{rules,schema/extra}: Fix configure and clean rules to support
1773 extra schemas shipped as part of the debian/schema/ directory; no longer required.
1774 - Included in Debian:
1775 + Document cn=config in README file.
1776 + Install a default DIT; actually a minimal configuration.
1777 + d/patches/heimdal-fix.
1778 * General tidy of d/patches to remove obsolete patches being held in Ubuntu delta.
1779
1780 -- James Page <james.page@ubuntu.com> Fri, 20 Jul 2012 13:48:32 +0100
1781
636openldap (2.4.31-1) unstable; urgency=low1782openldap (2.4.31-1) unstable; urgency=low
6371783
638 * New upstream release.1784 * New upstream release.
@@ -659,6 +1805,121 @@ openldap (2.4.31-1) unstable; urgency=low
6591805
660 -- Steve Langasek <vorlon@debian.org> Wed, 27 Jun 2012 03:27:34 +00001806 -- Steve Langasek <vorlon@debian.org> Wed, 27 Jun 2012 03:27:34 +0000
6611807
1808openldap (2.4.28-1.1ubuntu6) quantal; urgency=low
1809
1810 * Fix issue with intermittent connection issues when using LDAPv3
1811 protocol (LP: #1023025):
1812 - d/patches/its-7107-fix-Operation-init-on-reuse.diff: Cherry picked
1813 patch from upstream VCS which ensures objects are initialized before
1814 re-use.
1815
1816 -- Pierre Fersing <pfersing@sierrawireless.com> Thu, 19 Jul 2012 14:05:09 +0100
1817
1818openldap (2.4.28-1.1ubuntu5) quantal; urgency=low
1819
1820 * debian/rules: Add smbk5pwd build.
1821 * debian/control: Add slapd-smbk5pwd binary package.
1822 * debian/patches/heimdal-fix: adapt parameters of
1823 hdb_generate_key_set_password() to heimdal 1.6~git20120311
1824 (patch from Debian #664930).
1825
1826 -- Jorge Salamero Sanz <bencer@debian.org> Wed, 18 Jul 2012 09:30:28 -0400
1827
1828openldap (2.4.28-1.1ubuntu4) precise; urgency=low
1829
1830 * debian/control: Build-Depends on dh-apparmor (LP: #948481)
1831
1832 -- Jamie Strandboge <jamie@ubuntu.com> Thu, 05 Apr 2012 09:34:37 -0500
1833
1834openldap (2.4.28-1.1ubuntu3) precise; urgency=low
1835
1836 * Add its-7176-only-poll-sockets-for-write-as-needed.diff
1837 (LP: #932823).
1838
1839 -- Timo Aaltonen <tjaalton@ubuntu.com> Tue, 21 Feb 2012 15:36:29 +0200
1840
1841openldap (2.4.28-1.1ubuntu2) precise; urgency=low
1842
1843 * Remove debian/patches/CVE-2011-4079; it's already in this upstream
1844 version. Fixes FTBFS.
1845
1846 -- Daniel T Chen <crimsun@ubuntu.com> Wed, 25 Jan 2012 17:26:17 -0500
1847
1848openldap (2.4.28-1.1ubuntu1) precise; urgency=low
1849
1850 * Merge from Debian testing. Remaining changes:
1851 - Install a default DIT (LP: #442498).
1852 - Document cn=config in README file (LP: #370784).
1853 - remaining changes:
1854 + AppArmor support:
1855 - debian/apparmor-profile: add AppArmor profile
1856 - use dh_apparmor:
1857 - debian/rules: use dh_apparmor
1858 - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
1859 - updated debian/slapd.README.Debian for note on AppArmor
1860 - debian/slapd.dirs: add etc/apparmor.d/force-complain
1861 + Enable GSSAPI support (LP: #495418):
1862 - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1863 - Add --with-gssapi support
1864 - Make guess_service_principal() more robust when determining
1865 principal
1866 - debian/patches/series: apply gssapi.diff patch.
1867 - debian/configure.options: Configure with --with-gssapi
1868 - debian/control: Added libkrb5-dev as a build depend
1869 + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1870 in the openldap library, as required by Likewise-Open (LP: #390579)
1871 + Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
1872 - debian/control:
1873 - remove build-dependency on heimdal-dev.
1874 - remove slapd-smbk5pwd binary package.
1875 - debian/rules: don't build smbk5pwd slapd module.
1876 + debian/{control,rules}: enable PIE hardening
1877 + ufw support (LP: #423246):
1878 - debian/control: suggest ufw.
1879 - debian/rules: install ufw profile.
1880 - debian/slapd.ufw.profile: add ufw profile.
1881 + Enable nssoverlay:
1882 - debian/patches/nssov-build, debian/series, debian/rules:
1883 Apply, build and package the nss overlay.
1884 - debian/schema/extra/misc.ldif: add ldif file for the misc schema
1885 which defines rfc822MailMember (required by the nss overlay).
1886 + debian/rules, debian/schema/extra/:
1887 Fix configure rule to supports extra schemas shipped as part
1888 of the debian/schema/ directory.
1889 + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
1890 + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
1891 neither the default DIT nor via an Authn mapping.
1892 + debian/slapd.scripts-common: adjust minimum version that triggers a
1893 database upgrade. Upgrade from maverick shouldn't trigger database
1894 upgrade (which would happen with the version used in Debian).
1895 + debian/slapd.scripts-common: add slapcat_opts to local variables.
1896 Remove unused variable new_conf.
1897 + debian/slapd.script-common: Fix package reconfiguration.
1898 - Fix backup directory naming for multiple reconfiguration.
1899 + debian/slapd.default, debian/slapd.README.Debian:
1900 use the new configuration style.
1901 + Install nss overlay (LP: #675391):
1902 - debian/rules: run install target for nssov module.
1903 - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema
1904 + debian/patches/gssapi.diff:
1905 - Update patch so that likewise-open is usuable again. (LP: #661547)
1906 + debian/patches/service-operational-before-detach: New patch replacing old one
1907 of the same name as previous could cause database corruption based on upstream commits.
1908 (LP: #727973)
1909 + debian/patches/CVE-2011-4079: fix off by one error in postalAddressNormalize()
1910 (CVE-2011-4079)
1911
1912
1913 -- Chuck Short <zulcss@ubuntu.com> Mon, 23 Jan 2012 10:01:13 -0500
1914
1915openldap (2.4.28-1.1) unstable; urgency=low
1916
1917 * Non-maintainer upload.
1918 * Disable the mdb backend on non-Linux, it looks like it doesn't work with
1919 linuxthreads (closes: #654824).
1920
1921 -- Julien Cristau <jcristau@debian.org> Mon, 16 Jan 2012 19:45:42 +0100
1922
662openldap (2.4.28-1) unstable; urgency=low1923openldap (2.4.28-1) unstable; urgency=low
6631924
664 * New upstream release.1925 * New upstream release.
@@ -686,6 +1947,72 @@ openldap (2.4.28-1) unstable; urgency=low
6861947
687 -- Steve Langasek <vorlon@debian.org> Thu, 05 Jan 2012 06:07:11 +00001948 -- Steve Langasek <vorlon@debian.org> Thu, 05 Jan 2012 06:07:11 +0000
6881949
1950openldap (2.4.25-4ubuntu1) precise; urgency=low
1951
1952 * Merge from Debian testing. Remaining changes:
1953 - Install a default DIT (LP: #442498).
1954 - Document cn=config in README file (LP: #370784).
1955 - remaining changes:
1956 + AppArmor support:
1957 - debian/apparmor-profile: add AppArmor profile
1958 - use dh_apparmor:
1959 - debian/rules: use dh_apparmor
1960 - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
1961 - updated debian/slapd.README.Debian for note on AppArmor
1962 - debian/slapd.dirs: add etc/apparmor.d/force-complain
1963 + Enable GSSAPI support (LP: #495418):
1964 - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1965 - Add --with-gssapi support
1966 - Make guess_service_principal() more robust when determining
1967 principal
1968 - debian/patches/series: apply gssapi.diff patch.
1969 - debian/configure.options: Configure with --with-gssapi
1970 - debian/control: Added libkrb5-dev as a build depend
1971 + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1972 in the openldap library, as required by Likewise-Open (LP: #390579)
1973 + Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
1974 - debian/control:
1975 - remove build-dependency on heimdal-dev.
1976 - remove slapd-smbk5pwd binary package.
1977 - debian/rules: don't build smbk5pwd slapd module.
1978 + debian/{control,rules}: enable PIE hardening
1979 + ufw support (LP: #423246):
1980 - debian/control: suggest ufw.
1981 - debian/rules: install ufw profile.
1982 - debian/slapd.ufw.profile: add ufw profile.
1983 + Enable nssoverlay:
1984 - debian/patches/nssov-build, debian/series, debian/rules:
1985 Apply, build and package the nss overlay.
1986 - debian/schema/extra/misc.ldif: add ldif file for the misc schema
1987 which defines rfc822MailMember (required by the nss overlay).
1988 + debian/rules, debian/schema/extra/:
1989 Fix configure rule to supports extra schemas shipped as part
1990 of the debian/schema/ directory.
1991 + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
1992 + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
1993 neither the default DIT nor via an Authn mapping.
1994 + debian/slapd.scripts-common: adjust minimum version that triggers a
1995 database upgrade. Upgrade from maverick shouldn't trigger database
1996 upgrade (which would happen with the version used in Debian).
1997 + debian/slapd.scripts-common: add slapcat_opts to local variables.
1998 Remove unused variable new_conf.
1999 + debian/slapd.script-common: Fix package reconfiguration.
2000 - Fix backup directory naming for multiple reconfiguration.
2001 + debian/slapd.default, debian/slapd.README.Debian:
2002 use the new configuration style.
2003 + Install nss overlay (LP: #675391):
2004 - debian/rules: run install target for nssov module.
2005 - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema
2006 + debian/patches/gssapi.diff:
2007 - Update patch so that likewise-open is usuable again. (LP: #661547)
2008 + debian/patches/service-operational-before-detach: New patch replacing old one
2009 of the same name as previous could cause database corruption based on upstream commits.
2010 (LP: #727973)
2011 + debian/patches/CVE-2011-4079: fix off by one error in postalAddressNormalize()
2012 (CVE-2011-4079)
2013
2014 -- Chuck Short <zulcss@ubuntu.com> Tue, 22 Nov 2011 06:17:49 +0000
2015
689openldap (2.4.25-4) unstable; urgency=low2016openldap (2.4.25-4) unstable; urgency=low
6902017
691 * Drop explicit depends on libdb4.8, since we're now linking against2018 * Drop explicit depends on libdb4.8, since we're now linking against
@@ -719,6 +2046,85 @@ openldap (2.4.25-4) unstable; urgency=low
7192046
720 -- Steve Langasek <vorlon@debian.org> Tue, 18 Oct 2011 01:08:34 +00002047 -- Steve Langasek <vorlon@debian.org> Tue, 18 Oct 2011 01:08:34 +0000
7212048
2049openldap (2.4.25-3ubuntu3) precise; urgency=low
2050
2051 * Rebuild for Perl 5.14.
2052
2053 -- Colin Watson <cjwatson@ubuntu.com> Tue, 15 Nov 2011 20:50:09 +0000
2054
2055openldap (2.4.25-3ubuntu2) precise; urgency=low
2056
2057 * SECURITY UPDATE: potential denial of service (LP: #884163)
2058 - debian/patches/CVE-2011-4079: fix off by one error in
2059 postalAddressNormalize()
2060 - CVE-2011-4079
2061
2062 -- Jamie Strandboge <jamie@ubuntu.com> Mon, 14 Nov 2011 13:59:56 -0600
2063
2064openldap (2.4.25-3ubuntu1) precise; urgency=low
2065
2066 * Merge from debian unstable. Remaining changes:
2067 - Install a default DIT (LP: #442498).
2068 - Document cn=config in README file (LP: #370784).
2069 - remaining changes:
2070 + AppArmor support:
2071 - debian/apparmor-profile: add AppArmor profile
2072 - use dh_apparmor:
2073 - debian/rules: use dh_apparmor
2074 - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
2075 - updated debian/slapd.README.Debian for note on AppArmor
2076 - debian/slapd.dirs: add etc/apparmor.d/force-complain
2077 + Enable GSSAPI support (LP: #495418):
2078 - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
2079 - Add --with-gssapi support
2080 - Make guess_service_principal() more robust when determining
2081 principal
2082 - debian/patches/series: apply gssapi.diff patch.
2083 - debian/configure.options: Configure with --with-gssapi
2084 - debian/control: Added libkrb5-dev as a build depend
2085 + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
2086 in the openldap library, as required by Likewise-Open (LP: #390579)
2087 + Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
2088 - debian/control:
2089 - remove build-dependency on heimdal-dev.
2090 - remove slapd-smbk5pwd binary package.
2091 - debian/rules: don't build smbk5pwd slapd module.
2092 + debian/{control,rules}: enable PIE hardening
2093 + ufw support (LP: #423246):
2094 - debian/control: suggest ufw.
2095 - debian/rules: install ufw profile.
2096 - debian/slapd.ufw.profile: add ufw profile.
2097 + Enable nssoverlay:
2098 - debian/patches/nssov-build, debian/series, debian/rules:
2099 Apply, build and package the nss overlay.
2100 - debian/schema/extra/misc.ldif: add ldif file for the misc schema
2101 which defines rfc822MailMember (required by the nss overlay).
2102 + debian/rules, debian/schema/extra/:
2103 Fix configure rule to supports extra schemas shipped as part
2104 of the debian/schema/ directory.
2105 + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
2106 + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
2107 neither the default DIT nor via an Authn mapping.
2108 + debian/slapd.scripts-common: adjust minimum version that triggers a
2109 database upgrade. Upgrade from maverick shouldn't trigger database
2110 upgrade (which would happen with the version used in Debian).
2111 + debian/slapd.scripts-common: add slapcat_opts to local variables.
2112 Remove unused variable new_conf.
2113 + debian/slapd.script-common: Fix package reconfiguration.
2114 - Fix backup directory naming for multiple reconfiguration.
2115 + debian/slapd.default, debian/slapd.README.Debian:
2116 use the new configuration style.
2117 + Install nss overlay (LP: #675391):
2118 - debian/rules: run install target for nssov module.
2119 - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema
2120 + debian/patches/gssapi.diff:
2121 - Update patch so that likewise-open is usuable again. (LP: #661547)
2122 + debian/patches/service-operational-before-detach: New patch replacing old one
2123 of the same name as previous could cause database corruption based on upstream commits.
2124 (LP: #727973)
2125
2126 -- Chuck Short <zulcss@ubuntu.com> Wed, 19 Oct 2011 20:53:08 +0000
2127
722openldap (2.4.25-3) unstable; urgency=low2128openldap (2.4.25-3) unstable; urgency=low
7232129
724 * Brown paper bag: really fix the .links.in handling, so we don't generate2130 * Brown paper bag: really fix the .links.in handling, so we don't generate
@@ -741,6 +2147,92 @@ openldap (2.4.25-2) unstable; urgency=low
7412147
742 -- Steve Langasek <vorlon@debian.org> Sun, 14 Aug 2011 23:17:09 -07002148 -- Steve Langasek <vorlon@debian.org> Sun, 14 Aug 2011 23:17:09 -0700
7432149
2150openldap (2.4.25-1.1ubuntu4) oneiric; urgency=low
2151
2152 * Brown paper bag: really fix the .links.in handling, so we don't generate
2153 broken /usr/lib/${DEB_HOST_MULTIARCH} dirs.
2154
2155 -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 15 Aug 2011 09:43:29 +0000
2156
2157openldap (2.4.25-1.1ubuntu3) oneiric; urgency=low
2158
2159 * Cherry-pick multiarch support from Debian (LP: #826601):
2160 - Bump to compat level 7, so we don't have to spell out debian/tmp in
2161 every single .install file
2162 - Build for multiarch.
2163
2164 -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 15 Aug 2011 02:23:43 -0700
2165
2166openldap (2.4.25-1.1ubuntu2) oneiric; urgency=low
2167
2168 * debian/apparmor-profile: Allow /var/run and /run. (LP: #810270)
2169
2170 -- Martin Pitt <martin.pitt@ubuntu.com> Thu, 14 Jul 2011 15:18:02 +0200
2171
2172openldap (2.4.25-1.1ubuntu1) oneiric; urgency=low
2173
2174 * Merge from debian unstable. Remaining changes:
2175 - Install a default DIT (LP: #442498).
2176 - Document cn=config in README file (LP: #370784).
2177 - remaining changes:
2178 + AppArmor support:
2179 - debian/apparmor-profile: add AppArmor profile
2180 - use dh_apparmor:
2181 - debian/rules: use dh_apparmor
2182 - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
2183 - updated debian/slapd.README.Debian for note on AppArmor
2184 - debian/slapd.dirs: add etc/apparmor.d/force-complain
2185 + Enable GSSAPI support (LP: #495418):
2186 - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
2187 - Add --with-gssapi support
2188 - Make guess_service_principal() more robust when determining
2189 principal
2190 - debian/patches/series: apply gssapi.diff patch.
2191 - debian/configure.options: Configure with --with-gssapi
2192 - debian/control: Added libkrb5-dev as a build depend
2193 + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
2194 in the openldap library, as required by Likewise-Open (LP: #390579)
2195 + Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
2196 - debian/control:
2197 - remove build-dependency on heimdal-dev.
2198 - remove slapd-smbk5pwd binary package.
2199 - debian/rules: don't build smbk5pwd slapd module.
2200 + debian/{control,rules}: enable PIE hardening
2201 + ufw support (LP: #423246):
2202 - debian/control: suggest ufw.
2203 - debian/rules: install ufw profile.
2204 - debian/slapd.ufw.profile: add ufw profile.
2205 + Enable nssoverlay:
2206 - debian/patches/nssov-build, debian/series, debian/rules:
2207 Apply, build and package the nss overlay.
2208 - debian/schema/extra/misc.ldif: add ldif file for the misc schema
2209 which defines rfc822MailMember (required by the nss overlay).
2210 + debian/rules, debian/schema/extra/:
2211 Fix configure rule to supports extra schemas shipped as part
2212 of the debian/schema/ directory.
2213 + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
2214 + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
2215 neither the default DIT nor via an Authn mapping.
2216 + debian/slapd.scripts-common: adjust minimum version that triggers a
2217 database upgrade. Upgrade from maverick shouldn't trigger database
2218 upgrade (which would happen with the version used in Debian).
2219 + debian/slapd.scripts-common: add slapcat_opts to local variables.
2220 Remove unused variable new_conf.
2221 + debian/slapd.script-common: Fix package reconfiguration.
2222 - Fix backup directory naming for multiple reconfiguration.
2223 + debian/slapd.default, debian/slapd.README.Debian:
2224 use the new configuration style.
2225 + Install nss overlay (LP: #675391):
2226 - debian/rules: run install target for nssov module.
2227 - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema
2228 + debian/patches/gssapi.diff:
2229 - Update patch so that likewise-open is usuable again. (LP: #661547)
2230 + debian/patches/service-operational-before-detach: New patch replacing old one
2231 of the same name as previous could cause database corruption based on upstream commits.
2232 (LP: #727973)
2233
2234 -- Chuck Short <zulcss@ubuntu.com> Sun, 05 Jun 2011 17:38:40 +0100
2235
744openldap (2.4.25-1.1) unstable; urgency=low2236openldap (2.4.25-1.1) unstable; urgency=low
7452237
746 * Non-maintainer upload to fix RC bug.2238 * Non-maintainer upload to fix RC bug.
@@ -748,6 +2240,75 @@ openldap (2.4.25-1.1) unstable; urgency=low
7482240
749 -- Thijs Kinkhorst <thijs@debian.org> Tue, 31 May 2011 11:57:29 +02002241 -- Thijs Kinkhorst <thijs@debian.org> Tue, 31 May 2011 11:57:29 +0200
7502242
2243openldap (2.4.25-1ubuntu1) oneiric; urgency=low
2244
2245 * Merge from debian unstable. Remaining changes:
2246 - Install a default DIT (LP: #442498).
2247 - Document cn=config in README file (LP: #370784).
2248 - remaining changes:
2249 + AppArmor support:
2250 - debian/apparmor-profile: add AppArmor profile
2251 - use dh_apparmor:
2252 - debian/rules: use dh_apparmor
2253 - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
2254 - updated debian/slapd.README.Debian for note on AppArmor
2255 - debian/slapd.dirs: add etc/apparmor.d/force-complain
2256 + Enable GSSAPI support (LP: #495418):
2257 - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
2258 - Add --with-gssapi support
2259 - Make guess_service_principal() more robust when determining
2260 principal
2261 - debian/patches/series: apply gssapi.diff patch.
2262 - debian/configure.options: Configure with --with-gssapi
2263 - debian/control: Added libkrb5-dev as a build depend
2264 + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
2265 in the openldap library, as required by Likewise-Open (LP: #390579)
2266 + Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
2267 - debian/control:
2268 - remove build-dependency on heimdal-dev.
2269 - remove slapd-smbk5pwd binary package.
2270 - debian/rules: don't build smbk5pwd slapd module.
2271 + debian/{control,rules}: enable PIE hardening
2272 + ufw support (LP: #423246):
2273 - debian/control: suggest ufw.
2274 - debian/rules: install ufw profile.
2275 - debian/slapd.ufw.profile: add ufw profile.
2276 + Enable nssoverlay:
2277 - debian/patches/nssov-build, debian/series, debian/rules:
2278 Apply, build and package the nss overlay.
2279 - debian/schema/extra/misc.ldif: add ldif file for the misc schema
2280 which defines rfc822MailMember (required by the nss overlay).
2281 + debian/rules, debian/schema/extra/:
2282 Fix configure rule to supports extra schemas shipped as part
2283 of the debian/schema/ directory.
2284 + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
2285 + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
2286 neither the default DIT nor via an Authn mapping.
2287 + debian/slapd.scripts-common: adjust minimum version that triggers a
2288 database upgrade. Upgrade from maverick shouldn't trigger database
2289 upgrade (which would happen with the version used in Debian).
2290 + debian/slapd.scripts-common: add slapcat_opts to local variables.
2291 Remove unused variable new_conf.
2292 + debian/slapd.script-common: Fix package reconfiguration.
2293 - Fix backup directory naming for multiple reconfiguration.
2294 + debian/slapd.default, debian/slapd.README.Debian:
2295 use the new configuration style.
2296 + Install nss overlay (LP: #675391):
2297 - debian/rules: run install target for nssov module.
2298 - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema
2299 + debian/patches/gssapi.diff:
2300 - Update patch so that likewise-open is usuable again. (LP: #661547)
2301 + debian/patches/service-operational-before-detach: New patch replacing old one
2302 of the same name as previous could cause database corruption based on upstream commits.
2303 (LP: #727973)
2304 + Dropped:
2305 - debian/patches/gold: Use the debian version instead
2306 - debian/patches/CVE-2011-1024: Fixed upstream
2307 - debian/patches/CVE-2011-1025: Fixed upstream
2308 - debian/patches/CVE-2011-1081: Fixed upstream
2309
2310 -- Chuck Short <zulcss@ubuntu.com> Sun, 08 May 2011 16:34:09 +0100
2311
751openldap (2.4.25-1) unstable; urgency=low2312openldap (2.4.25-1) unstable; urgency=low
7522313
753 * New upstream version (Closes: #617606, #618904, #606815, #608813)2314 * New upstream version (Closes: #617606, #618904, #606815, #608813)
@@ -779,6 +2340,116 @@ openldap (2.4.23-7) unstable; urgency=low
7792340
780 -- Matthijs Mohlmann <matthijs@cacholong.nl> Sat, 06 Nov 2010 12:13:01 +01002341 -- Matthijs Mohlmann <matthijs@cacholong.nl> Sat, 06 Nov 2010 12:13:01 +0100
7812342
2343openldap (2.4.23-6ubuntu7) oneiric; urgency=low
2344
2345 * Rebuild for Perl 5.12.
2346
2347 -- Colin Watson <cjwatson@ubuntu.com> Sun, 08 May 2011 13:40:28 +0100
2348
2349openldap (2.4.23-6ubuntu6) natty; urgency=low
2350
2351 * SECURITY UPDATE: fix successful anonymous bind via chain overlay when
2352 using forwarded authentication failures
2353 - debian/patches/CVE-2011-1024
2354 - CVE-2011-1024
2355 * SECURITY UPDATE: verify password when authenticating to rootdn and using ndb
2356 backend. Note: Ubuntu is not compiled with --enable-ndb by default
2357 - debian/patches/CVE-2011-1025
2358 - CVE-2011-1025
2359 * SECURITY UPDATE: fix DoS when processing unauthenticated modrdn requests
2360 and requestDN is empty
2361 - debian/patches/CVE-2011-1081
2362 - CVE-2011-1081
2363 - LP: #742104
2364
2365 -- Jamie Strandboge <jamie@ubuntu.com> Thu, 07 Apr 2011 11:36:53 -0500
2366
2367openldap (2.4.23-6ubuntu5) natty; urgency=low
2368
2369 * debian/patches/service-operational-before-detach: New patch replacing
2370 old one of same name as previous could cause database corruption,
2371 based on upstream commits. (LP: #727973)
2372
2373 -- Dave Walker (Daviey) <DaveWalker@ubuntu.com> Wed, 02 Mar 2011 20:33:08 +0000
2374
2375openldap (2.4.23-6ubuntu4) natty; urgency=low
2376
2377 * Fix FTBFS with ld.gold.
2378
2379 -- Matthias Klose <doko@ubuntu.com> Wed, 19 Jan 2011 07:39:49 +0100
2380
2381openldap (2.4.23-6ubuntu3) natty; urgency=low
2382
2383 * debian/patches/gssapi.diff:
2384 Update patch so that likewise-open is usable again (LP: #661547)
2385
2386 -- Thierry Carrez (ttx) <thierry.carrez@ubuntu.com> Fri, 26 Nov 2010 15:50:11 +0100
2387
2388openldap (2.4.23-6ubuntu2) natty; urgency=low
2389
2390 * Install nss overlay (LP: #675391):
2391 - debian/rules: run install target for nssov module.
2392 - debian/patches/nssov-build: fix patch to install schema in
2393 /etc/ldap/schema.
2394
2395 -- Mathias Gug <mathiaz@ubuntu.com> Wed, 17 Nov 2010 18:16:42 -0500
2396
2397openldap (2.4.23-6ubuntu1) natty; urgency=low
2398
2399 * Merge from Debian unstable:
2400 - Install a default DIT (LP: #442498).
2401 - Document cn=config in README file (LP: #370784).
2402 - remaining changes:
2403 + AppArmor support:
2404 - debian/apparmor-profile: add AppArmor profile
2405 - use dh_apparmor:
2406 - debian/rules: use dh_apparmor
2407 - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
2408 - updated debian/slapd.README.Debian for note on AppArmor
2409 - debian/slapd.dirs: add etc/apparmor.d/force-complain
2410 + Enable GSSAPI support (LP: #495418):
2411 - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
2412 - Add --with-gssapi support
2413 - Make guess_service_principal() more robust when determining
2414 principal
2415 - debian/patches/series: apply gssapi.diff patch.
2416 - debian/configure.options: Configure with --with-gssapi
2417 - debian/control: Added libkrb5-dev as a build depend
2418 + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
2419 in the openldap library, as required by Likewise-Open (LP: #390579)
2420 + Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
2421 - debian/control:
2422 - remove build-dependency on heimdal-dev.
2423 - remove slapd-smbk5pwd binary package.
2424 - debian/rules: don't build smbk5pwd slapd module.
2425 + debian/{control,rules}: enable PIE hardening
2426 + ufw support (LP: #423246):
2427 - debian/control: suggest ufw.
2428 - debian/rules: install ufw profile.
2429 - debian/slapd.ufw.profile: add ufw profile.
2430 + Enable nssoverlay:
2431 - debian/patches/nssov-build, debian/series, debian/rules:
2432 Apply, build and package the nss overlay.
2433 - debian/schema/extra/misc.ldif: add ldif file for the misc schema
2434 which defines rfc822MailMember (required by the nss overlay).
2435 + debian/rules, debian/schema/extra/:
2436 Fix configure rule to supports extra schemas shipped as part
2437 of the debian/schema/ directory.
2438 + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
2439 + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
2440 neither the default DIT nor via an Authn mapping.
2441 + debian/slapd.scripts-common: adjust minimum version that triggers a
2442 database upgrade. Upgrade from maverick shouldn't trigger database
2443 upgrade (which would happen with the version used in Debian).
2444 + debian/slapd.scripts-common: add slapcat_opts to local variables.
2445 Remove unused variable new_conf.
2446 + debian/slapd.script-common: Fix package reconfiguration.
2447 - Fix backup directory naming for multiple reconfiguration.
2448 + debian/slapd.default, debian/slapd.README.Debian:
2449 use the new configuration style.
2450
2451 -- Mathias Gug <mathiaz@ubuntu.com> Fri, 12 Nov 2010 15:19:07 -0500
2452
782openldap (2.4.23-6) unstable; urgency=high2453openldap (2.4.23-6) unstable; urgency=high
7832454
784 * Check for an empty directory to prevent an rm -f /*. (Closes: #597704)2455 * Check for an empty directory to prevent an rm -f /*. (Closes: #597704)
@@ -901,6 +2572,80 @@ openldap (2.4.23-1) unstable; urgency=low
9012572
902 -- Matthijs Mohlmann <matthijs@cacholong.nl> Mon, 12 Jul 2010 13:25:00 +02002573 -- Matthijs Mohlmann <matthijs@cacholong.nl> Mon, 12 Jul 2010 13:25:00 +0200
9032574
2575openldap (2.4.23-0ubuntu4) natty; urgency=low
2576
2577 * debian/slapd.templates: amended typo in slapd/move_old_database
2578 (LP: #666028)
2579
2580 -- James Page <james.page@canonical.com> Mon, 08 Nov 2010 10:00:58 +0000
2581
2582openldap (2.4.23-0ubuntu3.2) maverick-proposed; urgency=low
2583
2584 * debian/slapd.templates: re-add slapd/move_old_database template as it's
2585 used during the package upgrade. Thanks to James Page for pointing it.
2586 * debian/slapd.config: restore debconf question slapd/move_old_database.
2587
2588 -- Mathias Gug <mathiaz@ubuntu.com> Thu, 14 Oct 2010 16:56:38 -0400
2589
2590openldap (2.4.23-0ubuntu3.1) maverick-proposed; urgency=low
2591
2592 [ James Page ]
2593 * Fixed install/upgrade process to dump/restore databases due
2594 to uplift to libdb4.8-dev (LP: #658227)
2595
2596 -- Mathias Gug <mathiaz@ubuntu.com> Thu, 14 Oct 2010 14:50:49 -0400
2597
2598openldap (2.4.23-0ubuntu3) maverick; urgency=low
2599
2600 * debian/rules: move dh_apparmor before dh_installinit
2601
2602 -- Jamie Strandboge <jamie@ubuntu.com> Fri, 06 Aug 2010 17:34:21 -0500
2603
2604openldap (2.4.23-0ubuntu2) maverick; urgency=low
2605
2606 * convert to using dh_apparmor:
2607 - debian/rules, debian/slapd.post{inst,rm}: use dh_apparmor
2608 - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
2609 * debian/apparmor-profile: use local include
2610
2611 -- Jamie Strandboge <jamie@ubuntu.com> Fri, 06 Aug 2010 15:08:55 -0500
2612
2613openldap (2.4.23-0ubuntu1) maverick; urgency=low
2614
2615 * New release, features include:
2616 + Fixed libldap to return server's error code (ITS#6569)
2617 + Fixed libldap memleaks (ITS#6568)
2618 + Fixed liblutil off-by-one with delta (ITS#6541)
2619 + Fixed slapd acls with glued databases (ITS#6468)
2620 + Fixed slapd syncrepl rid logging (ITS#6533)
2621 + Fixed slapd modrdn handling of invalid values (ITS#6570)
2622 + Fixed slapd-bdb hasSubordinates computation (ITS#6549)
2623 + Fixed slapd-bdb to use memcpy instead for strcpy (ITS#6474)
2624 + Fixed slapd-bdb entry cache delete failure (ITS#6577)
2625 + Fixed slapd-ldap to return control responses (ITS#6530)
2626 + Fixed slapo-ppolicy to use Debug (ITS#6566)
2627 + Fixed slapo-refint to zero out freed DN vals (ITS#6572)
2628 + Fixed slapo-rwm to use Debug (ITS#6566)
2629 + Fixed slapo-sssvlv to use Debug (ITS#6566)
2630 + Fixed slapo-syncprov lost deletes in refresh phase (ITS#6555)
2631 + Fixed slapo-valsort to use Debug (ITS#6566)
2632 + Fixed contrib/nssov network.c missing patch (ITS#6562)
2633 + Fixed test043 attribute sorting (ITS#6553)
2634 + slapd-config(5) note default rootdn (ITS#6546)
2635 * Rebased patches debian/patches/dropped nssov-build
2636 * Resynchronize with Debian:
2637 + debian/control:
2638 - Bump standards-version to 3.9.0
2639 - Use libdb4.8-dev (LP: #572489)
2640 + Added debian/patches/issue-6534-patch
2641 + Added debian/patches/ldap-conf-tls-cacertdir
2642 * Add ufw support, thanks to PatRiehecky (LP: #423246)
2643
2644 [Adam Sommer]
2645 * debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
2646
2647 -- Chuck Short <zulcss@ubuntu.com> Wed, 28 Jul 2010 11:35:16 -0400
2648
904openldap (2.4.21-1) unstable; urgency=low2649openldap (2.4.21-1) unstable; urgency=low
9052650
906 [ Steve Langasek ]2651 [ Steve Langasek ]
@@ -932,6 +2677,79 @@ openldap (2.4.21-1) unstable; urgency=low
9322677
933 -- Matthijs Mohlmann <matthijs@cacholong.nl> Thu, 22 Apr 2010 23:40:30 +02002678 -- Matthijs Mohlmann <matthijs@cacholong.nl> Thu, 22 Apr 2010 23:40:30 +0200
9342679
2680openldap (2.4.21-0ubuntu5) lucid; urgency=low
2681
2682 * Fix local root connection access: replace olcAuthzRegexp mapping to
2683 cn=localroot,cn=config with using the SASL dn directly in olcAccess.
2684 Makes upgrades much simpler and robust (LP: #563829).
2685
2686 -- Mathias Gug <mathiaz@ubuntu.com> Fri, 23 Apr 2010 00:23:31 -0400
2687
2688openldap (2.4.21-0ubuntu4) lucid; urgency=low
2689
2690 [ Simon Olofsson ]
2691 * debian/slapd.postinst:
2692 - Show a message after successful migration (LP: #538848)
2693
2694 [ Jorgen Rosink ]
2695 * debian/slapd.init: add simple status checking with LSB compatible exit
2696 codes (LP: #562377)
2697 * debian/slapd.init.ldif:
2698 - remove admin user in default config database (LP: #556176)
2699 - in default config, add olcAccess entries giving access to controls
2700 available and cn=subschema (LP: #427842)
2701
2702 [ Scott Moser ]
2703 * debian/slapd.scripts-common: Do not create /nonexistent directory
2704 for openldap user's home (LP: #556176)
2705 * debian/slapd.postinst: fix cn=config olcAccess migration (LP: #559070)
2706
2707 -- Scott Moser <smoser@ubuntu.com> Mon, 12 Apr 2010 16:16:47 -0400
2708
2709openldap (2.4.21-0ubuntu3) lucid; urgency=low
2710
2711 * debian/slapd.postinst, debian/slapd.scripts-common: Upgrade databases
2712 before trying to convert to slapd.d, to avoid upgrade failure from hardy
2713 (LP: #536958)
2714 * debian/slapd.postinst: Add a {1} numeric index to olcAccess entry in
2715 olcDatabase={0}config.ldif to avoid upgrade failures (LP: #538516, #526230)
2716
2717 -- Thierry Carrez <thierry.carrez@ubuntu.com> Mon, 29 Mar 2010 13:31:47 +0200
2718
2719openldap (2.4.21-0ubuntu2) lucid; urgency=low
2720
2721 * debian/apparmor-profile: Update apparmor profile. (LP: #508190)
2722
2723 -- Chuck Short <zulcss@ubuntu.com> Tue, 09 Mar 2010 13:33:35 -0500
2724
2725openldap (2.4.21-0ubuntu1) lucid; urgency=low
2726
2727 * New upstream release.
2728 * debian/rules, debian/schema/extra/:
2729 Fix get-orig-source rule to supports extra schemas shipped as part of the
2730 debian/schema/ directory.
2731
2732 -- Mathias Gug <mathiaz@ubuntu.com> Thu, 18 Feb 2010 00:58:13 -0500
2733
2734openldap (2.4.18-0ubuntu2) lucid; urgency=low
2735
2736 * debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
2737 - Add --with-gssapi support
2738 - Make guess_service_principal() more robust when determining principal
2739 * Enable GSSAPI support (LP: #495418):
2740 - debian/configure.options: Configure with --with-gssapi
2741 - debian/control: Added libkrb5-dev as a build depend
2742
2743 -- Thierry Carrez <thierry.carrez@ubuntu.com> Fri, 11 Dec 2009 11:31:11 +0100
2744
2745openldap (2.4.18-0ubuntu1) karmic; urgency=low
2746
2747 * New upstream release: (LP: #419515):
2748 + pcache overlay supports disconnected mode.
2749 * Fix nss overlay load (LP: #417163).
2750
2751 -- Mathias Gug <mathiaz@ubuntu.com> Mon, 07 Sep 2009 13:41:10 -0400
2752
935openldap (2.4.17-2.1) unstable; urgency=high2753openldap (2.4.17-2.1) unstable; urgency=high
9362754
937 * Non-maintainer upload by the Security Team.2755 * Non-maintainer upload by the Security Team.
@@ -958,6 +2776,108 @@ openldap (2.4.17-2) unstable; urgency=low
9582776
959 -- Steve Langasek <vorlon@debian.org> Tue, 22 Sep 2009 20:06:34 -07002777 -- Steve Langasek <vorlon@debian.org> Tue, 22 Sep 2009 20:06:34 -0700
9602778
2779openldap (2.4.17-1ubuntu3) karmic; urgency=low
2780
2781 * Install a minimal slapd configuration instead of creating a default
2782 database with a default DIT:
2783 + Move openldap user home from /var/lib/ldap to /nonexistent.
2784 + Remove all code and templates dealing with the default database and DIT
2785 creation.
2786 + Add an Authz map from root user (UID=0) to cn=localroot,cn=config and
2787 grant all access to the latter in the cn=config database as well as the
2788 default backend configuration.
2789 * Add cn=localroot,cn=config authz mapping on upgrades.
2790
2791 -- Mathias Gug <mathiaz@ubuntu.com> Tue, 11 Aug 2009 14:48:56 -0400
2792
2793openldap (2.4.17-1ubuntu2) karmic; urgency=low
2794
2795 [ Thierry Carrez ]
2796 * debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
2797 in the openldap library, as required by Likewise-Open (LP: #390579)
2798
2799 [ Mathias Gug ]
2800 * debian/patches/its6077-uniqueness-overlay: fixes some issues with the
2801 uniqueness overlay.
2802 * debian/patches/its6220-writetimeout-directive: fixes a problem with the
2803 writetimeout directive being in effect even if it wasn't set,
2804 closing connections incorrectly.
2805 * debian/patches/its6222-dncachesize-parameter: fixes the behavior of the
2806 dncachesize parameter that was added in RE24, so that if it is set to
2807 "0" (now the default), it has an unlimited DN cache (RE23 always
2808 had an unlimited DN cache).
2809
2810 -- Mathias Gug <mathiaz@ubuntu.com> Fri, 31 Jul 2009 13:43:46 -0400
2811
2812openldap (2.4.17-1ubuntu1) karmic; urgency=low
2813
2814 [ Steve Langasek ]
2815 * Fix up the lintian warnings:
2816 - add missing misc-depends on all packages
2817 - slapd, libldap-2.4-2-dbg sections changed to 'debug' to match archive
2818 overrides
2819 - bump Standards-Version to 3.8.2, no changes required.
2820
2821 [ Mathias Gug ]
2822 * Resynchronise with Debian. Remaining changes:
2823 - AppArmor support:
2824 - debian/apparmor-profile: add AppArmor profile
2825 - updated debian/slapd.README.Debian for note on AppArmor
2826 - debian/slapd.dirs: add etc/apparmor.d/force-complain
2827 - debian/slapd.postrm: remove symlink in force-complain/ on purge
2828 - debian/rules: install apparmor profile.
2829 - Don't use local statement in config script as it fails if /bin/sh
2830 points to bash.
2831 - debian/slapd.postinst, debian/slapd.script-common: set correct
2832 ownership and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group
2833 readable) and /var/run/slapd (world readable).
2834 - Enable nssoverlay:
2835 - debian/patches/nssov-build, debian/rules: Build and package the nss
2836 overlay.
2837 - debian/schema/misc.ldif: add ldif file for the misc schema which
2838 defines rfc822MailMember (required by the nss overlay).
2839 - debian/{control,rules}: enable PIE hardening
2840 - Use cn=config as the default configuration backend instead of
2841 slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade
2842 asking the end user to enter a new password to control the access to
2843 the cn=config tree.
2844 - debian/slapd.postinst: create /var/run/slapd before updating its
2845 permissions.
2846 - debian/slapd.init: Correctly set slapd config backend option even if
2847 the pidfile is configured in slapd default file.
2848 * Dropped:
2849 - Merged in Debian:
2850 - Update priority of libldap-2.4-2 to match the archive override.
2851 - Add the missing ldapexop and ldapurl tools to ldap-utils, as well as
2852 the ldapurl(1) manpage.
2853 - Bump build-dependency on debhelper to 6 instead of 5, since that's
2854 what we're using.
2855 - Set the default SLAPD_SERVICES to ldap:/// ldapi:///, instead of using
2856 the built-in default of ldap:/// only.
2857 - Fixed in upstream release:
2858 - debian/patches/fix-ldap_back_entry_get_rwa.patch: fix test-0034
2859 failure when built with PIE.
2860 - debian/patches/gnutls-enable-v1-ca-certs: Enable V1 CA certs to be
2861 trusted.
2862 - Update Apparmor profile support: don't support upgrade from pre-hardy
2863 systems:
2864 - debian/slapd.postinst: Reload AA profile on configuration
2865 - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
2866 - debian/control: Conflicts with apparmor-profiles <<
2867 2.1+1075-0ubuntu4 to make sure that if earlier version of
2868 apparmor-profiles gets installed it won't overwrite our profile.
2869 - follow ApparmorProfileMigration and force apparmor complain mode on
2870 some upgrades
2871 - debian/slapd.preinst: create symlink for force-complain on
2872 pre-feisty upgrades, upgrades where apparmor-profiles profile is
2873 unchanged (ie non-enforcing) and upgrades where apparmor profile
2874 does not exist.
2875 - debian/patches/autogen.sh: no longer needed with karmic libtool.
2876 - Call libtoolize with the --install option to install
2877 config.{guess,sub} files.
2878
2879 -- Mathias Gug <mathiaz@ubuntu.com> Thu, 30 Jul 2009 16:42:58 -0400
2880
961openldap (2.4.17-1) unstable; urgency=low2881openldap (2.4.17-1) unstable; urgency=low
9622882
963 * New upstream version.2883 * New upstream version.
@@ -980,6 +2900,153 @@ openldap (2.4.17-1) unstable; urgency=low
9802900
981 -- Steve Langasek <vorlon@debian.org> Tue, 28 Jul 2009 10:17:15 -07002901 -- Steve Langasek <vorlon@debian.org> Tue, 28 Jul 2009 10:17:15 -0700
9822902
2903openldap (2.4.15-1.1ubuntu1) karmic; urgency=low
2904
2905 * Resynchronise with Debian. Remaining changes:
2906 - AppArmor support:
2907 - debian/apparmor-profile: add AppArmor profile
2908 - debian/slapd.postinst: Reload AA profile on configuration
2909 - updated debian/slapd.README.Debian for note on AppArmor
2910 - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
2911 - debian/control: Conflicts with apparmor-profiles <<
2912 2.1+1075-0ubuntu4 to make sure that if earlier version of
2913 apparmor-profiles gets installed it won't overwrite our profile.
2914 - follow ApparmorProfileMigration and force apparmor complain mode on
2915 some upgrades
2916 - debian/slapd.dirs: add etc/apparmor.d/force-complain
2917 - debian/slapd.preinst: create symlink for force-complain on
2918 pre-feisty upgrades, upgrades where apparmor-profiles profile is
2919 unchanged (ie non-enforcing) and upgrades where apparmor profile
2920 does not exist.
2921 - debian/slapd.postrm: remove symlink in force-complain/ on purge
2922 - debian/patches/autogen.sh:
2923 - Call libtoolize with the --install option to install
2924 config.{guess,sub} files.
2925 - Don't use local statement in config script as it fails if /bin/sh
2926 points to bash.
2927 - debian/slapd.postinst, debian/slapd.script-common: set correct
2928 ownership and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group
2929 readable) and /var/run/slapd (world readable).
2930 - Enable nssoverlay:
2931 - debian/patches/nssov-build, debian/rules: Build and package the nss
2932 overlay.
2933 - debian/schema/misc.ldif: add ldif file for the misc schema which
2934 defines rfc822MailMember (required by the nss overlay).
2935 - debian/{control,rules}: enable PIE hardening
2936 - Use cn=config as the default configuration backend instead of
2937 slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade
2938 asking the end user to enter a new password to control the access to
2939 the cn=config tree.
2940 - Update priority of libldap-2.4-2 to match the archive override.
2941 - Add the missing ldapexop and ldapurl tools to ldap-utils, as well as
2942 the ldapurl(1) manpage.
2943 - Bump build-dependency on debhelper to 6 instead of 5, since that's
2944 what we're using.
2945 - Set the default SLAPD_SERVICES to ldap:/// ldapi:///, instead of using
2946 the built-in default of ldap:/// only.
2947 - debian/patches/fix-ldap_back_entry_get_rwa.patch: fix test-0034
2948 failure when built with PIE.
2949 - debian/patches/gnutls-enable-v1-ca-certs: Enable V1 CA certs to be
2950 trusted.
2951 - debian/slapd.postinst: create /var/run/slapd before updating its
2952 permissions.
2953 - debian/slapd.init: Correctly set slapd config backend option even if
2954 the pidfile is configured in slapd default file.
2955 * Drop patch to avoid the test suite on hppa, as hppa is EOL.
2956
2957 -- Colin Watson <cjwatson@ubuntu.com> Wed, 24 Jun 2009 10:45:20 +0100
2958
2959openldap (2.4.15-1.1) unstable; urgency=low
2960
2961 * Non-maintainer upload.
2962 * Change libltdl3-dev Build-Depends to libltdl-dev | libltdl3-dev
2963 (Closes: #522965)
2964
2965 -- Kurt Roeckx <kurt@roeckx.be> Sun, 19 Apr 2009 18:24:32 +0200
2966
2967openldap (2.4.15-1ubuntu3) jaunty; urgency=low
2968
2969 * No-change rebuild to fix lpia shared library dependencies.
2970
2971 -- Colin Watson <cjwatson@ubuntu.com> Thu, 19 Mar 2009 09:52:40 +0000
2972
2973openldap (2.4.15-1ubuntu2) jaunty; urgency=low
2974
2975 * debian/slapd.postinst: create /var/run/slapd before updating its
2976 permissions (LP: #298928).
2977 * debian/slapd.init: Correclty set slapd config backend option even if the
2978 pidfile is configured in slapd default file (LP: #292364).
2979 * debian/apparmor-profile: support multiple databases to be stored under
2980 /var/lib/ldap/. (LP: #286614).
2981
2982 -- Mathias Gug <mathiaz@ubuntu.com> Fri, 13 Mar 2009 13:56:12 -0400
2983
2984openldap (2.4.15-1ubuntu1) jaunty; urgency=low
2985
2986 [ Steve Langasek ]
2987 * Update priority of libldap-2.4-2 to match the archive override.
2988 * Add the missing ldapexop and ldapurl tools to ldap-utils, as well as the
2989 ldapurl(1) manpage. Thanks to Peter Marschall for the patch.
2990 Closes: #496749.
2991 * Bump build-dependency on debhelper to 6 instead of 5, since that's
2992 what we're using. Closes: #498116.
2993 * Set the default SLAPD_SERVICES to ldap:/// ldapi:///, instead of using
2994 the built-in default of ldap:/// only.
2995
2996 [ Mathias Gug ]
2997 * Merge from debian unstable, remaining changes:
2998 - Modify Maintainer value to match the DebianMaintainerField
2999 speficication.
3000 - AppArmor support:
3001 - debian/apparmor-profile: add AppArmor profile
3002 - debian/slapd.postinst: Reload AA profile on configuration
3003 - updated debian/slapd.README.Debian for note on AppArmor
3004 - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
3005 - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
3006 to make sure that if earlier version of apparmour-profiles gets
3007 installed it won't overwrite our profile.
3008 - follow ApparmorProfileMigration and force apparmor compalin mode on
3009 some upgrades (LP: #203529)
3010 - debian/slapd.dirs: add etc/apparmor.d/force-complain
3011 - debian/slapd.preinst: create symlink for force-complain on pre-feisty
3012 upgrades, upgrades where apparmor-profiles profile is unchanged (ie
3013 non-enforcing) and upgrades where apparmor profile does not exist.
3014 - debian/slapd.postrm: remove symlink in force-complain/ on purge
3015 - debian/control:
3016 - Build-depend on libltdl7-dev rather then libltdl3-dev.
3017 - debian/patches/autogen.sh:
3018 - Call libtoolize with the --install option to install config.{guess,sub}
3019 files.
3020 - Don't use local statement in config script as it fails if /bin/sh
3021 points to bash (LP: #286063).
3022 - Disable the testsuite on hppa. Allows building of packages on this
3023 architecture again, once this package is in the archive.
3024 LP: #288908.
3025 - debian/slapd.postinst, debian/slapd.script-common: set correct ownership
3026 and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group readable) and
3027 /var/run/slapd (world readable). (LP: #257667).
3028 - Enable nssoverlay:
3029 - debian/patches/nssov-build, debian/rules: Build and package
3030 the nss overlay.
3031 - debian/schema/misc.ldif: add ldif file for the misc schema
3032 which defines rfc822MailMember (required by the nss overlay).
3033 - debian/{control,rules}: enable PIE hardening
3034 - Use cn=config as the default configuration backend instead of
3035 slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade
3036 asking the end user to enter a new password to control the access to the
3037 cn=config tree.
3038 * Dropped:
3039 - debian/patches/corrupt-contextCSN: The contextCSN can get corrupted at
3040 times. (ITS: #5947) Fixed in new upstream version 2.4.15.
3041 - debian/patches/fix-ucred-libc due to changes how newer glibc handle
3042 the ucred struct now. Implemented in Debian.
3043 * debian/patches/fix-ldap_back_entry_get_rwa.patch: fix test-0034 failure
3044 when built with PIE.
3045 * debian/patches/gnutls-enable-v1-ca-certs: Enable V1 CA certs to be
3046 trusted (LP: #305264).
3047
3048 -- Mathias Gug <mathiaz@ubuntu.com> Fri, 06 Mar 2009 17:34:21 -0500
3049
983openldap (2.4.15-1) unstable; urgency=low3050openldap (2.4.15-1) unstable; urgency=low
9843051
985 * New upstream version3052 * New upstream version
@@ -997,6 +3064,69 @@ openldap (2.4.15-1) unstable; urgency=low
9973064
998 -- Steve Langasek <vorlon@debian.org> Tue, 24 Feb 2009 14:27:35 -08003065 -- Steve Langasek <vorlon@debian.org> Tue, 24 Feb 2009 14:27:35 -0800
9993066
3067openldap (2.4.14-0ubuntu1) jaunty; urgency=low
3068
3069 [ Steve Langasek ]
3070 * New upstream version
3071 - Fixes a bug with the pcache overlay not returning cached entries
3072 (closes: #497697)
3073 - Update evolution-ntlm patch to apply to current Makefiles.
3074 - (tentatively) drop gnutls-ciphers, since this bug was reported to be
3075 fixed upstream in 2.4.8. The fix applied in 2.4.8 didn't match the
3076 patch from the bug report, so this should be watched for regressions.
3077 * Build against db4.7 instead of db4.2 at last! Closes: #421946.
3078 * Build with --disable-ndb, to avoid a misbuild when libmysqlclient is
3079 installed in the build environment.
3080 * New patch, no-crlcheck-for-gnutls, to fix a build failure when using
3081 --with-tls=gnutls.
3082
3083 [ Mathias Gug ]
3084 * Merge from debian unstable, remaining changes:
3085 - debian/apparmor-profile: add AppArmor profile
3086 - debian/slapd.postinst: Reload AA profile on configuration
3087 - updated debian/slapd.README.Debian for note on AppArmor
3088 - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
3089 - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
3090 to make sure that if earlier version of apparmour-profiles gets
3091 installed it won't overwrite our profile.
3092 - Modify Maintainer value to match the DebianMaintainerField
3093 speficication.
3094 - follow ApparmorProfileMigration and force apparmor compalin mode on
3095 some upgrades (LP: #203529)
3096 - debian/slapd.dirs: add etc/apparmor.d/force-complain
3097 - debian/slapd.preinst: create symlink for force-complain on pre-feisty
3098 upgrades, upgrades where apparmor-profiles profile is unchanged (ie
3099 non-enforcing) and upgrades where apparmor profile does not exist.
3100 - debian/slapd.postrm: remove symlink in force-complain/ on purge
3101 - debian/patches/fix-ucred-libc due to changes how newer glibc handle
3102 the ucred struct now.
3103 - debian/control:
3104 - Build-depend on libltdl7-dev rather then libltdl3-dev.
3105 - debian/patches/autogen.sh:
3106 - Call libtoolize with the --install option to install config.{guess,sub}
3107 files.
3108 - Don't use local statement in config script as it fails if /bin/sh
3109 points to bash (LP: #286063).
3110 - Disable the testsuite on hppa. Allows building of packages on this
3111 architecture again, once this package is in the archive.
3112 LP: #288908.
3113 - debian/slapd.postinst, debian/slapd.script-common: set correct ownership
3114 and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group readable) and
3115 /var/run/slapd (world readable). (LP: #257667).
3116 - debian/patches/nssov-build, debian/rules:
3117 Build and package the nss overlay.
3118 debian/schema/misc.ldif: add ldif file for the misc schema, which defines
3119 rfc822MailMember (required by the nss overlay).
3120 - debian/{control,rules}: enable PIE hardening
3121 - Use cn=config as the default configuration backend instead of
3122 slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade
3123 asking the end user to enter a new password to control the access to the
3124 cn=config tree.
3125 * debian/patches/corrupt-contextCSN: The contextCSN can get corrupted at
3126 times. (ITS: #5947)
3127
3128 -- Mathias Gug <mathiaz@ubuntu.com> Wed, 18 Feb 2009 18:44:00 -0500
3129
1000openldap (2.4.11-1) unstable; urgency=low3130openldap (2.4.11-1) unstable; urgency=low
10013131
1002 * New upstream version (closes: #499560).3132 * New upstream version (closes: #499560).
@@ -1019,6 +3149,110 @@ openldap (2.4.11-1) unstable; urgency=low
10193149
1020 -- Steve Langasek <vorlon@debian.org> Sat, 11 Oct 2008 01:53:55 -07003150 -- Steve Langasek <vorlon@debian.org> Sat, 11 Oct 2008 01:53:55 -0700
10213151
3152openldap (2.4.11-0ubuntu7) jaunty; urgency=low
3153
3154 * Don't use local statement in config script as it fails if /bin/sh
3155 points to bash (LP: #286063).
3156
3157 -- Mathias Gug <mathiaz@ubuntu.com> Tue, 04 Nov 2008 20:03:46 -0500
3158
3159openldap (2.4.11-0ubuntu6) intrepid; urgency=low
3160
3161 * Disable the testsuite on hppa. Allows building of packages on this
3162 architecture again, once this package is in the archive.
3163 LP: #288908.
3164
3165 -- Matthias Klose <doko@ubuntu.com> Fri, 24 Oct 2008 23:22:33 +0200
3166
3167openldap (2.4.11-0ubuntu5) intrepid; urgency=low
3168
3169 * Don't set admin passwords in ldif files if adminpw is empty.
3170 (LP: #273988 - LP: #276606).
3171
3172 -- Mathias Gug <mathiaz@ubuntu.com> Mon, 13 Oct 2008 19:31:15 -0400
3173
3174openldap (2.4.11-0ubuntu4) intrepid; urgency=low
3175
3176 * debian/slapd.postinst, debian/slapd.script-common: set correct ownership
3177 and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group readable) and
3178 /var/run/slapd (world readable). (LP: #257667).
3179 * debian/slapd.script-common:
3180 - Fix package reconfiguration:
3181 + Remove slapd.d/ directory if it already exists when creating a new
3182 configuration.
3183 + Fix backup directory naming for multiple reconfiguration.
3184
3185 -- Mathias Gug <mathiaz@ubuntu.com> Wed, 24 Sep 2008 21:01:42 -0400
3186
3187openldap (2.4.11-0ubuntu3) intrepid; urgency=low
3188
3189 * debian/patches/nssov-build, debian/rules:
3190 Build and package the nss overlay.
3191 * debian/schema/misc.ldif: add ldif file for the misc schema, which defines
3192 rfc822MailMember (required by the nss overlay).
3193
3194 -- Mathias Gug <mathiaz@ubuntu.com> Tue, 26 Aug 2008 18:42:54 -0400
3195
3196openldap (2.4.11-0ubuntu2) intrepid; urgency=low
3197
3198 * debian/{control,rules}: enable PIE hardening
3199
3200 -- Kees Cook <kees@ubuntu.com> Wed, 20 Aug 2008 15:47:01 -0700
3201
3202openldap (2.4.11-0ubuntu1) intrepid; urgency=low
3203
3204 * New upstream version:
3205 - Mainly bug fixes.
3206 - New nss slapd overlay (not compiled by default).
3207 * Use cn=config as the default configuration backend instead of
3208 slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade
3209 asking the end user to enter a new password to control the access to the
3210 cn=config tree.
3211
3212 -- Mathias Gug <mathiaz@ubuntu.com> Mon, 11 Aug 2008 20:26:05 -0400
3213
3214openldap (2.4.10-3ubuntu1) intrepid; urgency=low
3215
3216 [ Mathias Gug ]
3217 * Merge from debian unstable, remaining changes:
3218 - debian/apparmor-profile: add AppArmor profile
3219 - debian/slapd.postinst: Reload AA profile on configuration
3220 - updated debian/slapd.README.Debian for note on AppArmor
3221 - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
3222 - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
3223 to make sure that if earlier version of apparmour-profiles gets
3224 installed it won't overwrite our profile.
3225 - Modify Maintainer value to match the DebianMaintainerField
3226 speficication.
3227 - follow ApparmorProfileMigration and force apparmor compalin mode on
3228 some upgrades (LP: #203529)
3229 - debian/slapd.dirs: add etc/apparmor.d/force-complain
3230 - debian/slapd.preinst: create symlink for force-complain on pre-feisty
3231 upgrades, upgrades where apparmor-profiles profile is unchanged (ie
3232 non-enforcing) and upgrades where apparmor profile does not exist.
3233 - debian/slapd.postrm: remove symlink in force-complain/ on purge
3234 - debian/patches/fix-ucred-libc due to changes how newer glibc handle
3235 the ucred struct now.
3236 - debian/patches/fix-unique-overlay-assertion.patch:
3237 Fix another assertion error in unique overlay (LP: #243337).
3238 Backport from head.
3239 * Dropped - implemented in Debian:
3240 - debian/patches/fix-gnutls-key-strength.patch:
3241 Fix slapd handling of ssf using gnutls. (LP: #244925).
3242 - debian/control:
3243 Add time as build dependency: needed by make test.
3244 * debian/control:
3245 - Build-depend on libltdl7-dev rather then libltdl3-dev.
3246 * debian/patches/autogen.sh:
3247 - Call libtoolize with the --install option to install config.{guess,sub}
3248 files.
3249
3250 [ Jamie Strandboge ]
3251 * adjust apparmor profile to allow gssapi (LP: #229252)
3252 * adjust apparmor profile to allow cnconfig (LP: #243525)
3253
3254 -- Mathias Gug <mathiaz@ubuntu.com> Wed, 30 Jul 2008 19:46:02 -0400
3255
1022openldap (2.4.10-3) unstable; urgency=low3256openldap (2.4.10-3) unstable; urgency=low
10233257
1024 [ Steve Langasek ]3258 [ Steve Langasek ]
@@ -1052,6 +3286,40 @@ openldap (2.4.10-3) unstable; urgency=low
10523286
1053 -- Steve Langasek <vorlon@debian.org> Mon, 28 Jul 2008 15:26:06 -07003287 -- Steve Langasek <vorlon@debian.org> Mon, 28 Jul 2008 15:26:06 -0700
10543288
3289openldap (2.4.10-2ubuntu1) intrepid; urgency=low
3290
3291 * Merge from debian unstable, remaining changes:
3292 - debian/apparmor-profile: add AppArmor profile
3293 - debian/slapd.postinst: Reload AA profile on configuration
3294 - updated debian/slapd.README.Debian for note on AppArmor
3295 - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
3296 - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
3297 to make sure that if earlier version of apparmour-profiles gets
3298 installed it won't overwrite our profile.
3299 - Modify Maintainer value to match the DebianMaintainerField
3300 speficication.
3301 - follow ApparmorProfileMigration and force apparmor compalin mode on
3302 some upgrades (LP: #203529)
3303 - debian/slapd.dirs: add etc/apparmor.d/force-complain
3304 - debian/slapd.preinst: create symlink for force-complain on pre-feisty
3305 upgrades, upgrades where apparmor-profiles profile is unchanged (ie
3306 non-enforcing) and upgrades where apparmor profile does not exist.
3307 - debian/slapd.postrm: remove symlink in force-complain/ on purge
3308 - debian/patches/fix-ucred-libc due to changes how newer glibc handle
3309 the ucred struct now.
3310 - debian/patches/fix-unique-overlay-assertion.patch:
3311 Fix another assertion error in unique overlay (LP: #243337).
3312 Backport from head.
3313 - debian/patches/fix-gnutls-key-strength.patch:
3314 Fix slapd handling of ssf using gnutls. (LP: #244925).
3315 - debian/control:
3316 Add time as build dependency: needed by make test.
3317 * Dropped - implemented in Debian:
3318 - debian/rules:
3319 Support debuild nocheck option: don't run tests if nocheck is set.
3320
3321 -- Mathias Gug <mathiaz@ubuntu.com> Thu, 10 Jul 2008 14:45:49 -0400
3322
1055openldap (2.4.10-2) unstable; urgency=low3323openldap (2.4.10-2) unstable; urgency=low
10563324
1057 * Support DEB_BUILD_OPTIONS=nocheck to disable running the test suite at3325 * Support DEB_BUILD_OPTIONS=nocheck to disable running the test suite at
@@ -1066,6 +3334,54 @@ openldap (2.4.10-2) unstable; urgency=low
10663334
1067 -- Steve Langasek <vorlon@debian.org> Sun, 06 Jul 2008 22:03:32 -07003335 -- Steve Langasek <vorlon@debian.org> Sun, 06 Jul 2008 22:03:32 -0700
10683336
3337openldap2.3 (2.4.10-1ubuntu1) intrepid; urgency=low
3338
3339 * Merge from debian unstable, remaining changes:
3340 - debian/apparmor-profile: add AppArmor profile
3341 - debian/slapd.postinst: Reload AA profile on configuration
3342 - updated debian/slapd.README.Debian for note on AppArmor
3343 - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
3344 - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
3345 to make sure that if earlier version of apparmour-profiles gets
3346 installed it won't overwrite our profile.
3347 - Modify Maintainer value to match the DebianMaintainerField
3348 speficication.
3349 - follow ApparmorProfileMigration and force apparmor compalin mode on
3350 some upgrades (LP: #203529)
3351 - debian/slapd.dirs: add etc/apparmor.d/force-complain
3352 - debian/slapd.preinst: create symlink for force-complain on pre-feisty
3353 upgrades, upgrades where apparmor-profiles profile is unchanged (ie
3354 non-enforcing) and upgrades where apparmor profile does not exist.
3355 - debian/slapd.postrm: remove symlink in force-complain/ on purge
3356 - debian/patches/fix-ucred-libc due to changes how newer glibc handle
3357 the ucred struct now.
3358 - debian/patches/fix-unique-overlay-assertion.patch:
3359 Fix another assertion error in unique overlay (LP: #243337).
3360 Backport from head.
3361 * debian/control:
3362 - add time as build dependency: needed by make test.
3363 * debian/rules:
3364 - support debuild nocheck option: don't run tests if nocheck is set.
3365 * debian/patches/fix-gnutls-key-strength.patch:
3366 - fix slapd handling of ssf using gnutls. (LP: #244925).
3367 * Dropped - accepted in Debian:
3368 - debian/rules, debian/slapd.links: use hard links to slapd instead of
3369 symlinks for slap* so these applications aren't confined by apparmor
3370 (LP: #203898)
3371 * Dropped - fixed in new upstream release:
3372 - debian/patches/fix-assertion-io.patch: Fixes ber_flush2 assertion.
3373 (LP: #215904)
3374 - debian/patches/fix-dnpretty-assertion.patch: Fix dnPrettyNormal assertion
3375 error. (LP: #234196)
3376 - dropped debian/patches/fix-notify-crasher.patch: Fix modify timestamp crashes.
3377 (LP: #220724)
3378 - debian/patches/fix-syncrepl-oops: Fixes segmentation fault when using
3379 syncrepl. (LP: #227178)
3380 - dropped debian/patches/SECURITY_CVE-2008-0658.patch. Already applied
3381 upstream.
3382
3383 -- Mathias Gug <mathiaz@ubuntu.com> Thu, 03 Jul 2008 14:15:08 -0400
3384
1069openldap2.3 (2.4.10-1) unstable; urgency=low3385openldap2.3 (2.4.10-1) unstable; urgency=low
10703386
1071 [ Steve Langasek ]3387 [ Steve Langasek ]
@@ -1090,6 +3406,64 @@ openldap2.3 (2.4.10-1) unstable; urgency=low
10903406
1091 -- Steve Langasek <vorlon@debian.org> Mon, 30 Jun 2008 04:28:34 -07003407 -- Steve Langasek <vorlon@debian.org> Mon, 30 Jun 2008 04:28:34 -0700
10923408
3409openldap2.3 (2.4.9-1ubuntu4) intrepid; urgency=low
3410
3411 * debian/patches/fix-unique-overlay-assertion.patch:
3412 - Fix another assertion error in unique overlay, backported from head.
3413 (LP: #243337) Note: This patch will still be needed when moved to 2.4.10
3414
3415 -- Chuck Short <zulcss@ubuntu.com> Mon, 30 Jun 2008 18:49:52 +0000
3416
3417openldap2.3 (2.4.9-1ubuntu3) intrepid; urgency=low
3418
3419 * Drop spurious dependency on hiemdal-dev. Caused by an aborted attempt to
3420 include the smbk5pwd overlay.
3421
3422 -- Chuck Short <zulcss@ubuntu.com> Wed, 11 Jun 2008 21:25:40 +0000
3423
3424openldap2.3 (2.4.9-1ubuntu2) intrepid; urgency=low
3425
3426 * Rebuild for perl 5.10 transition (LP: #230016)
3427 * debian/patches/fix-syncrepl-oops: Fixes segmentation fault when using
3428 syncrepl. (LP: #227178)
3429
3430 -- Chuck Short <zulcss@ubuntu.com> Mon, 09 Jun 2008 14:56:40 +0000
3431
3432openldap2.3 (2.4.9-1ubuntu1) intrepid; urgency=low
3433
3434 * Merge from debian unstable, remaining changes:
3435 - debian/apparmor-profile: add AppArmor profile
3436 - debian/slapd.postinst: Reload AA profile on configuration
3437 - updated debian/slapd.README.Debian for note on AppArmor
3438 - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
3439 - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
3440 to make sure that if earlier version of apparmour-profiles gets
3441 installed it won't overwrite our profile.
3442 - Modify Maintainer value to match the DebianMaintainerField
3443 speficication.
3444 - follow ApparmorProfileMigration and force apparmor compalin mode on
3445 some upgrades (LP: #203529)
3446 - debian/slapd.dirs: add etc/apparmor.d/force-complain
3447 - debian/slapd.preinst: create symlink for force-complain on pre-feisty
3448 upgrades, upgrades where apparmor-profiles profile is unchanged (ie
3449 non-enforcing) and upgrades where apparmor profile does not exist.
3450 - debian/slapd.postrm: remove symlink in force-complain/ on purge
3451 - debian/rules, debian/slapd.links: use hard links to slapd instead of
3452 symlinks for slap* so these applications aren't confined by apparmor
3453 (LP: #203898)
3454 - debian/patches/fix-assertion-io.patch: Fixes ber_flush2 assertion.
3455 (LP: #215904)
3456 - debian/patches/fix-dnpretty-assertion.patch: Fix dnPrettyNormal assertion
3457 error. (LP: #234196)
3458 - dropped debian/patches/fix-notify-crasher.patch: Fix modify timestamp crashes.
3459 (LP: #220724)
3460 - dropped debian/patches/SECURITY_CVE-2008-0658.patch. Already applied
3461 upstream.
3462 * Added debian/patches/fix-ucred-libc due to changes how newer glibc handle
3463 the ucred struct now.
3464
3465 -- Chuck Short <zulcss@ubuntu.com> Fri, 30 May 2008 17:09:53 +0100
3466
1093openldap2.3 (2.4.9-1) unstable; urgency=low3467openldap2.3 (2.4.9-1) unstable; urgency=low
10943468
1095 [ Updated debconf translations ]3469 [ Updated debconf translations ]
@@ -1160,6 +3534,51 @@ openldap2.3 (2.4.7-6.1) unstable; urgency=high
11603534
1161 -- Nico Golde <nion@debian.org> Tue, 04 Mar 2008 14:34:44 +01003535 -- Nico Golde <nion@debian.org> Tue, 04 Mar 2008 14:34:44 +0100
11623536
3537openldap2.3 (2.4.7-6ubuntu3) hardy; urgency=low
3538
3539 * remove apparmor-profile workaround for Launchpad #202161 (it's now fixed
3540 in klibc)
3541
3542 -- Jamie Strandboge <jamie@ubuntu.com> Mon, 07 Apr 2008 16:09:38 -0400
3543
3544openldap2.3 (2.4.7-6ubuntu2) hardy; urgency=low
3545
3546 * apparmor-profile workaround for Launchpad #202161
3547 * follow ApparmorProfileMigration and force apparmor complain mode on some
3548 upgrades (LP: #203529)
3549 - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
3550 - debian/slapd.dirs: add etc/apparmor.d/force-complain
3551 - debian/slapd.preinst: create symlink for force-complain/ on pre-feisty
3552 upgrades, upgrades where apparmor-profiles profile is unchanged (ie
3553 non-enforcing) and upgrades where apparmor profile does not exist
3554 - debian/slapd.postrm: remove symlink in force-complain/ on purge
3555 * debian/rules, debian/slapd.links: use hard links to slapd instead of
3556 symlinks for slap* so these applications aren't confined by apparmor
3557 (LP: #203898)
3558
3559 -- Jamie Strandboge <jamie@ubuntu.com> Tue, 18 Mar 2008 13:53:23 -0400
3560
3561openldap2.3 (2.4.7-6ubuntu1) hardy; urgency=low
3562
3563 * Merge from Debian unstable, remaining changes:
3564 + debian/patches/SECURITY_CVE-2008-0658.patch (LP: #197077)
3565 slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39
3566 allows remote authenticated users to cause a denial of service (daemon
3567 crash) via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION)
3568 control, a related issue to CVE-2007-6698.
3569 + debian/apparmor-profile: add AppArmor profile
3570 + debian/slapd.postinst: Reload AA profile on configuration
3571 + updated debian/slapd.README.Debian for note on AppArmor
3572 + debian/control: Replaces apparmor-profiles << 2.1+1075-0ubuntu4 as we
3573 should now take control
3574 + debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
3575 to make sure that if earlier version of apparmor-profiles gets
3576 installed it won't overwrite our profile
3577 + Modify Maintainer value to match the DebianMaintainerField
3578 specification.
3579
3580 -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 04 Mar 2008 01:59:51 +0000
3581
1163openldap2.3 (2.4.7-6) unstable; urgency=low3582openldap2.3 (2.4.7-6) unstable; urgency=low
11643583
1165 [ Updated debconf translations ]3584 [ Updated debconf translations ]
@@ -1205,6 +3624,37 @@ openldap2.3 (2.4.7-6) unstable; urgency=low
12053624
1206 -- Steve Langasek <vorlon@debian.org> Thu, 28 Feb 2008 22:15:17 -08003625 -- Steve Langasek <vorlon@debian.org> Thu, 28 Feb 2008 22:15:17 -0800
12073626
3627openldap2.3 (2.4.7-5ubuntu2) hardy; urgency=low
3628
3629 * SECURITY UPDATE:
3630 + debian/patches/SECURITY_CVE-2008-0658.patch (LP: #197077)
3631 slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39
3632 allows remote authenticated users to cause a denial of service (daemon crash)
3633 via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION) control, a related
3634 issue to CVE-2007-6698.
3635
3636 * References
3637 - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-0658
3638 - http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5358
3639
3640 -- Emanuele Gentili <emgent@emanuele-gentili.com> Sun, 02 Mar 2008 16:34:30 +0100
3641
3642openldap2.3 (2.4.7-5ubuntu1) hardy; urgency=low
3643
3644 * add AppArmor profile
3645 + debian/apparmor-profile
3646 + debian/slapd.postinst: Reload AA profile on configuration
3647 * updated debian/slapd.README.Debian for note on AppArmor
3648 * debian/control: Replaces apparmor-profiles << 2.1+1075-0ubuntu4 as we
3649 should now take control
3650 * debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
3651 to make sure that if earlier version of apparmor-profiles gets installed
3652 it won't overwrite our profile
3653 * Modify Maintainer value to match the DebianMaintainerField
3654 specification.
3655
3656 -- Jamie Strandboge <jamie@ubuntu.com> Wed, 13 Feb 2008 17:15:41 +0000
3657
1208openldap2.3 (2.4.7-5) unstable; urgency=low3658openldap2.3 (2.4.7-5) unstable; urgency=low
12093659
1210 [ Updated debconf translations ]3660 [ Updated debconf translations ]
diff --git a/debian/configure.options b/debian/configure.options
index 08a55e0..9d3704e 100644
--- a/debian/configure.options
+++ b/debian/configure.options
@@ -175,6 +175,7 @@
175# --with-fetch with fetch(3) URL support [auto]175# --with-fetch with fetch(3) URL support [auto]
176# --with-threads with threads [auto]176# --with-threads with threads [auto]
177--with-threads177--with-threads
178--with-gssapi
178# --with-tls with TLS/SSL support auto|openssl|gnutls|moznss [auto]179# --with-tls with TLS/SSL support auto|openssl|gnutls|moznss [auto]
179--with-tls=gnutls180--with-tls=gnutls
180# --with-yielding-select with implicitly yielding select [auto]181# --with-yielding-select with implicitly yielding select [auto]
diff --git a/debian/control b/debian/control
index e88429a..a603885 100644
--- a/debian/control
+++ b/debian/control
@@ -1,20 +1,23 @@
1Source: openldap1Source: openldap
2Section: net2Section: net
3Priority: optional3Priority: optional
4Maintainer: Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>4Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
5XSBC-Original-Maintainer: Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>
5Uploaders: Steve Langasek <vorlon@debian.org>,6Uploaders: Steve Langasek <vorlon@debian.org>,
6 Torsten Landschoff <torsten@debian.org>,7 Torsten Landschoff <torsten@debian.org>,
7 Ryan Tandy <ryan@nardis.ca>8 Ryan Tandy <ryan@nardis.ca>
8Build-Depends: debhelper (>= 10),9Build-Depends: debhelper (>= 10),
10 dh-apparmor,
9 dpkg-dev (>= 1.17.14),11 dpkg-dev (>= 1.17.14),
10 groff-base,12 groff-base,
11 heimdal-multidev (>= 7.4.0.dfsg.1-1~) <!pkg.openldap.noslapd>,13 heimdal-dev (>= 7.4.0.dfsg.1-1~) <!pkg.openldap.noslapd>,
12 libdb5.3-dev <!pkg.openldap.noslapd>,14 libdb5.3-dev <!pkg.openldap.noslapd>,
13 libgnutls28-dev,15 libgnutls28-dev,
14 libltdl-dev <!pkg.openldap.noslapd>,16 libltdl-dev <!pkg.openldap.noslapd>,
15 libperl-dev (>= 5.8.0) <!pkg.openldap.noslapd>,17 libperl-dev (>= 5.8.0) <!pkg.openldap.noslapd>,
16 libsasl2-dev,18 libsasl2-dev,
17 libwrap0-dev <!pkg.openldap.noslapd>,19 libwrap0-dev <!pkg.openldap.noslapd>,
20 lsb-release,
18 nettle-dev <!pkg.openldap.noslapd>,21 nettle-dev <!pkg.openldap.noslapd>,
19 perl:any,22 perl:any,
20 po-debconf,23 po-debconf,
@@ -34,7 +37,7 @@ Depends: ${shlibs:Depends}, libldap-2.4-2 (= ${binary:Version}),
34 coreutils (>= 4.5.1-1), psmisc, perl:any (>> 5.8.0) | libmime-base64-perl,37 coreutils (>= 4.5.1-1), psmisc, perl:any (>> 5.8.0) | libmime-base64-perl,
35 adduser, lsb-base (>= 3.2-13), ${misc:Depends}38 adduser, lsb-base (>= 3.2-13), ${misc:Depends}
36Recommends: libsasl2-modules39Recommends: libsasl2-modules
37Suggests: ldap-utils,40Suggests: ldap-utils, ufw,
38 libsasl2-modules-gssapi-mit | libsasl2-modules-gssapi-heimdal41 libsasl2-modules-gssapi-mit | libsasl2-modules-gssapi-heimdal
39Conflicts: umich-ldapd, ldap-server, libltdl3 (= 1.5.4-1)42Conflicts: umich-ldapd, ldap-server, libltdl3 (= 1.5.4-1)
40Replaces: libldap2, ldap-utils (<< 2.2.23-3)43Replaces: libldap2, ldap-utils (<< 2.2.23-3)
diff --git a/debian/libldap-2.4-2.symbols b/debian/libldap-2.4-2.symbols
index d42ccec..55421bc 100644
--- a/debian/libldap-2.4-2.symbols
+++ b/debian/libldap-2.4-2.symbols
@@ -118,6 +118,7 @@ liblber-2.4.so.2 libldap-2.4-2 #MINVER#
118 ber_sockbuf_io_fd@OPENLDAP_2.4_2 2.4.7118 ber_sockbuf_io_fd@OPENLDAP_2.4_2 2.4.7
119 ber_sockbuf_io_readahead@OPENLDAP_2.4_2 2.4.7119 ber_sockbuf_io_readahead@OPENLDAP_2.4_2 2.4.7
120 ber_sockbuf_io_tcp@OPENLDAP_2.4_2 2.4.7120 ber_sockbuf_io_tcp@OPENLDAP_2.4_2 2.4.7
121 ber_sockbuf_io_udp@OPENLDAP_2.4_2 2.4.17-1ubuntu2
121 ber_sockbuf_remove_io@OPENLDAP_2.4_2 2.4.7122 ber_sockbuf_remove_io@OPENLDAP_2.4_2 2.4.7
122 ber_sos_dump@OPENLDAP_2.4_2 2.4.7123 ber_sos_dump@OPENLDAP_2.4_2 2.4.7
123 ber_start@OPENLDAP_2.4_2 2.4.7124 ber_start@OPENLDAP_2.4_2 2.4.7
@@ -280,6 +281,11 @@ libldap_r-2.4.so.2 libldap-2.4-2 #MINVER#
280 ldap_int_flush_request@OPENLDAP_2.4_2 2.4.7281 ldap_int_flush_request@OPENLDAP_2.4_2 2.4.7
281 ldap_int_global_options@OPENLDAP_2.4_2 2.4.7282 ldap_int_global_options@OPENLDAP_2.4_2 2.4.7
282 ldap_int_gmtime_mutex@OPENLDAP_2.4_2 2.4.23283 ldap_int_gmtime_mutex@OPENLDAP_2.4_2 2.4.23
284 ldap_int_gssapi_close@OPENLDAP_2.4_2 2.4.18-0ubuntu2
285 ldap_int_gssapi_config@OPENLDAP_2.4_2 2.4.18-0ubuntu2
286 ldap_int_gssapi_get_option@OPENLDAP_2.4_2 2.4.18-0ubuntu2
287 ldap_int_gssapi_mutex@OPENLDAP_2.4_2 2.4.18-0ubuntu2
288 ldap_int_gssapi_set_option@OPENLDAP_2.4_2 2.4.18-0ubuntu2
283 ldap_int_hostname@OPENLDAP_2.4_2 2.4.7289 ldap_int_hostname@OPENLDAP_2.4_2 2.4.7
284 ldap_int_hostname_mutex@OPENLDAP_2.4_2 2.4.39290 ldap_int_hostname_mutex@OPENLDAP_2.4_2 2.4.39
285 ldap_int_inet4or6@OPENLDAP_2.4_2 2.4.7291 ldap_int_inet4or6@OPENLDAP_2.4_2 2.4.7
@@ -312,6 +318,7 @@ libldap_r-2.4.so.2 libldap-2.4-2 #MINVER#
312 ldap_int_tls_start@OPENLDAP_2.4_2 2.4.7318 ldap_int_tls_start@OPENLDAP_2.4_2 2.4.7
313 ldap_int_utils_init@OPENLDAP_2.4_2 2.4.7319 ldap_int_utils_init@OPENLDAP_2.4_2 2.4.7
314 ldap_is_ldap_url@OPENLDAP_2.4_2 2.4.7320 ldap_is_ldap_url@OPENLDAP_2.4_2 2.4.7
321 ldap_is_ldapc_url@OPENLDAP_2.4_2 2.4.17-1ubuntu2
315 ldap_is_ldapi_url@OPENLDAP_2.4_2 2.4.7322 ldap_is_ldapi_url@OPENLDAP_2.4_2 2.4.7
316 ldap_is_ldaps_url@OPENLDAP_2.4_2 2.4.7323 ldap_is_ldaps_url@OPENLDAP_2.4_2 2.4.7
317 ldap_is_read_ready@OPENLDAP_2.4_2 2.4.7324 ldap_is_read_ready@OPENLDAP_2.4_2 2.4.7
diff --git a/debian/patches/contrib-makefiles b/debian/patches/contrib-makefiles
index 07256ba..4d820f7 100644
--- a/debian/patches/contrib-makefiles
+++ b/debian/patches/contrib-makefiles
@@ -157,3 +157,24 @@
157 -rpath $(moduledir) -module -o $@ $? $(LIBS)157 -rpath $(moduledir) -module -o $@ $? $(LIBS)
158 158
159 clean:159 clean:
160--- a/contrib/slapd-modules/nssov/Makefile
161+++ b/contrib/slapd-modules/nssov/Makefile
162@@ -52,15 +52,15 @@
163 .SUFFIXES: .c .o .lo
164
165 .c.lo:
166- $(LIBTOOL) --mode=compile $(CC) $(OPT) $(DEFS) $(INCS) -c $<
167+ $(LIBTOOL) --mode=compile $(CC) $(CFLAGS) $(CPPFLAGS) $(DEFS) $(INCS) -c $<
168
169 tio.lo: nss-pam-ldapd/tio.c
170- $(LIBTOOL) --mode=compile $(CC) $(OPT) $(DEFS) $(INCS) -c $?
171+ $(LIBTOOL) --mode=compile $(CC) $(CFLAGS) $(CPPFLAGS) $(DEFS) $(INCS) -c $?
172
173 $(OBJS): nssov.h
174
175 nssov.la: $(OBJS) $(XOBJS)
176- $(LIBTOOL) --mode=link $(CC) $(OPT) -version-info 0:0:0 \
177+ $(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -version-info 0:0:0 \
178 -rpath $(moduledir) -module -o $@ $(OBJS) $(XOBJS) $(LIBS)
179
180 install: nssov.la
diff --git a/debian/patches/fix-ldap-distribution.patch b/debian/patches/fix-ldap-distribution.patch
160new file mode 100644181new file mode 100644
index 0000000..17be364
--- /dev/null
+++ b/debian/patches/fix-ldap-distribution.patch
@@ -0,0 +1,24 @@
1--- a/build/mkversion
2+++ b/build/mkversion
3@@ -52,6 +52,12 @@
4 APPLICATION=$1
5 WHOWHERE="Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>"
6
7+if test -x /usr/bin/lsb_release; then
8+ OPENLDAP_DISTRIBUTION=" ($(lsb_release -si))"
9+else
10+ OPENLDAP_DISTRIBUTION=""
11+fi
12+
13 cat << __EOF__
14 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
15 *
16@@ -72,7 +78,7 @@
17 "COPYING RESTRICTIONS APPLY\n";
18
19 $static $const char $SYMBOL[] =
20-"@(#) \$$PACKAGE: $APPLICATION $VERSION (" __DATE__ " " __TIME__ ") \$\n"
21+"@(#) \$$PACKAGE: $APPLICATION $VERSION$OPENLDAP_DISTRIBUTION (" __DATE__ " " __TIME__ ") \$\n"
22 "\t$WHOWHERE\n";
23
24 __EOF__
diff --git a/debian/patches/gssapi.diff b/debian/patches/gssapi.diff
0new file mode 10064425new file mode 100644
index 0000000..5bcf266
--- /dev/null
+++ b/debian/patches/gssapi.diff
@@ -0,0 +1,140 @@
1--- a/configure.in
2+++ b/configure.in
3@@ -244,6 +244,8 @@
4 auto, [auto yes no] )
5 OL_ARG_WITH(fetch,[ --with-fetch with fetch(3) URL support],
6 auto, [auto yes no] )
7+OL_ARG_WITH(gssapi,[ --with-gssapi with GSSAPI support],
8+ auto, [auto yes no] )
9 OL_ARG_WITH(threads,[ --with-threads with threads],
10 auto, [auto nt posix mach pth lwp yes no manual] )
11 OL_ARG_WITH(tls,[ --with-tls with TLS/SSL support auto|openssl|gnutls|moznss],
12@@ -591,6 +593,7 @@
13 KRB4_LIBS=
14 KRB5_LIBS=
15 SASL_LIBS=
16+GSSAPI_LIBS=
17 TLS_LIBS=
18 MODULES_LIBS=
19 SLAPI_LIBS=
20@@ -1153,6 +1156,63 @@
21 fi
22
23 dnl ----------------------------------------------------------------
24+dnl GSSAPI
25+ol_link_gssapi=no
26+
27+case $ol_with_gssapi in yes | auto)
28+
29+ ol_header_gssapi=no
30+ AC_CHECK_HEADERS(gssapi/gssapi.h)
31+ if test $ac_cv_header_gssapi_gssapi_h = yes ; then
32+ ol_header_gssapi=yes
33+ else
34+ AC_CHECK_HEADERS(gssapi.h)
35+ if test $ac_cv_header_gssapi_h = yes ; then
36+ ol_header_gssapi=yes
37+ fi
38+
39+ dnl## not every gssapi has gss_oid_to_str()
40+ dnl## as it's not defined in the GSSAPI V2 API
41+ dnl## anymore
42+ saveLIBS="$LIBS"
43+ LIBS="$LIBS $GSSAPI_LIBS"
44+ AC_CHECK_FUNCS(gss_oid_to_str)
45+ LIBS="$saveLIBS"
46+ fi
47+
48+ if test $ol_header_gssapi = yes ; then
49+ dnl## we check for gss_wrap
50+ dnl## as it's new to the GSSAPI V2 API
51+ AC_CHECK_LIB(gssapi, gss_wrap,
52+ [ol_link_gssapi=yes;GSSAPI_LIBS="-lgssapi"],
53+ [ol_link_gssapi=no])
54+ if test $ol_link_gssapi != yes ; then
55+ AC_CHECK_LIB(gssapi_krb5, gss_wrap,
56+ [ol_link_gssapi=yes;GSSAPI_LIBS="-lgssapi_krb5"],
57+ [ol_link_gssapi=no])
58+ fi
59+ if test $ol_link_gssapi != yes ; then
60+ AC_CHECK_LIB(gss, gss_wrap,
61+ [ol_link_gssapi=yes;GSSAPI_LIBS="-lgss"],
62+ [ol_link_gssapi=no])
63+ fi
64+ fi
65+
66+ ;;
67+esac
68+
69+WITH_GSSAPI=no
70+if test $ol_link_gssapi = yes; then
71+ AC_DEFINE(HAVE_GSSAPI, 1, [define if you have GSSAPI])
72+ WITH_GSSAPI=yes
73+elif test $ol_with_gssapi = auto ; then
74+ AC_MSG_WARN([Could not locate GSSAPI package])
75+ AC_MSG_WARN([GSSAPI authentication not supported!])
76+elif test $ol_with_gssapi = yes ; then
77+ AC_MSG_ERROR([GSSAPI detection failed])
78+fi
79+
80+dnl ----------------------------------------------------------------
81 dnl TLS/SSL
82
83 if test $ol_with_tls = yes ; then
84@@ -1928,6 +1988,13 @@
85 fi
86 AC_SUBST(VERSION_OPTION)
87
88+VERSION_OPTION=""
89+OL_SYMBOL_VERSIONING
90+if test $ol_cv_ld_version_script_option = yes ; then
91+ VERSION_OPTION="-Wl,--version-script="
92+fi
93+AC_SUBST(VERSION_OPTION)
94+
95 dnl ----------------------------------------------------------------
96 if test $ol_enable_wrappers != no ; then
97 AC_CHECK_HEADERS(tcpd.h,[
98@@ -3159,6 +3226,7 @@
99 AC_SUBST(KRB4_LIBS)
100 AC_SUBST(KRB5_LIBS)
101 AC_SUBST(SASL_LIBS)
102+AC_SUBST(GSSAPI_LIBS)
103 AC_SUBST(TLS_LIBS)
104 AC_SUBST(MODULES_LIBS)
105 AC_SUBST(SLAPI_LIBS)
106--- a/include/portable.hin
107+++ b/include/portable.hin
108@@ -253,6 +253,18 @@
109 /* Define to 1 if you have the <grp.h> header file. */
110 #undef HAVE_GRP_H
111
112+/* define if you have GSSAPI */
113+#undef HAVE_GSSAPI
114+
115+/* Define to 1 if you have the <gssapi/gssapi.h> header file. */
116+#undef HAVE_GSSAPI_GSSAPI_H
117+
118+/* Define to 1 if you have the <gssapi.h> header file. */
119+#undef HAVE_GSSAPI_H
120+
121+/* Define to 1 if you have the `gss_oid_to_str' function. */
122+#undef HAVE_GSS_OID_TO_STR
123+
124 /* Define to 1 if you have the `hstrerror' function. */
125 #undef HAVE_HSTRERROR
126
127--- a/build/top.mk
128+++ b/build/top.mk
129@@ -190,9 +190,10 @@
130 KRB5_LIBS = @KRB5_LIBS@
131 KRB_LIBS = @KRB4_LIBS@ @KRB5_LIBS@
132 SASL_LIBS = @SASL_LIBS@
133+GSSAPI_LIBS = @GSSAPI_LIBS@
134 TLS_LIBS = @TLS_LIBS@
135 AUTH_LIBS = @AUTH_LIBS@
136-SECURITY_LIBS = $(SASL_LIBS) $(KRB_LIBS) $(TLS_LIBS) $(AUTH_LIBS)
137+SECURITY_LIBS = $(SASL_LIBS) $(KRB_LIBS) $(GSSAPI_LIBS) $(TLS_LIBS) $(AUTH_LIBS)
138
139 MODULES_CPPFLAGS = @SLAPD_MODULES_CPPFLAGS@
140 MODULES_LDFLAGS = @SLAPD_MODULES_LDFLAGS@
diff --git a/debian/patches/series b/debian/patches/series
index b0ef82d..ebd0ad3 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -7,6 +7,7 @@ index-files-created-as-root
7sasl-default-path 7sasl-default-path
8libldap-symbol-versions8libldap-symbol-versions
9getaddrinfo-is-threadsafe9getaddrinfo-is-threadsafe
10gssapi.diff
10do-not-second-guess-sonames11do-not-second-guess-sonames
11contrib-makefiles12contrib-makefiles
12smbk5pwd-makefile-manpage13smbk5pwd-makefile-manpage
@@ -21,3 +22,4 @@ ITS6035-olcauthzregex-needs-restart.patch
21set-maintainer-name22set-maintainer-name
22ITS-9086-Add-debug-logging-for-more-GnuTLS-errors.patch23ITS-9086-Add-debug-logging-for-more-GnuTLS-errors.patch
23ITS-9171-Insert-callback-in-the-right-place.patch24ITS-9171-Insert-callback-in-the-right-place.patch
25fix-ldap-distribution.patch
diff --git a/debian/rules b/debian/rules
index b13a6bc..4777bb2 100755
--- a/debian/rules
+++ b/debian/rules
@@ -7,7 +7,8 @@ include /usr/share/dpkg/pkg-info.mk
7# want the checks for DFSG-freeness.7# want the checks for DFSG-freeness.
8#DFSG_NONFREE = 18#DFSG_NONFREE = 1
99
10export DEB_CFLAGS_MAINT_APPEND := -Wall -Wno-format-extra-args -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE10export DEB_CFLAGS_MAINT_APPEND := -Wall -Wno-format-extra-args -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE -DLDAP_CONNECTIONLESS -I/usr/include/heimdal
11export DEB_LDFLAGS_MAINT_APPEND := -L/usr/lib/$(DEB_HOST_MULTIARCH)/heimdal
11export DEB_BUILD_MAINT_OPTIONS := hardening=+pie,+bindnow12export DEB_BUILD_MAINT_OPTIONS := hardening=+pie,+bindnow
1213
13# Workaround for bad glibc behavior when resolving localhost14# Workaround for bad glibc behavior when resolving localhost
@@ -21,7 +22,7 @@ ifneq ($(filter pkg.openldap.noslapd,$(DEB_BUILD_PROFILES)),)
21 CONFIG += --disable-slapd22 CONFIG += --disable-slapd
22endif23endif
2324
24CONTRIB_MODULES = autogroup lastbind passwd passwd/pbkdf2 passwd/sha2 smbk5pwd25CONTRIB_MODULES = autogroup lastbind nssov passwd passwd/pbkdf2 passwd/sha2 smbk5pwd
2526
26# Ensure CC is set correctly for cross builds, unless it has already 27# Ensure CC is set correctly for cross builds, unless it has already
27# been set explicitly.28# been set explicitly.
@@ -41,7 +42,8 @@ CONTRIB_MAKEVARS := \
41 LDAP_BUILD='$(builddir)' \42 LDAP_BUILD='$(builddir)' \
42 prefix=/usr \43 prefix=/usr \
43 ldap_subdir=/ldap \44 ldap_subdir=/ldap \
44 moduledir='$$(libdir)$$(ldap_subdir)'45 moduledir='$$(libdir)$$(ldap_subdir)' \
46 sysconfdir='/etc$$(ldap_subdir)'
4547
46# These variables are used only by get-orig-source, which will normally only48# These variables are used only by get-orig-source, which will normally only
47# be run by maintainers.49# be run by maintainers.
@@ -155,6 +157,22 @@ endif
155 find $(installdir)/usr/share/man -name \*.8 \157 find $(installdir)/usr/share/man -name \*.8 \
156 | xargs perl -pi -e 's#(\.TH \w+ 8)C#$$1#'158 | xargs perl -pi -e 's#(\.TH \w+ 8)C#$$1#'
157159
160ifeq ($(filter stage1,$(DEB_BUILD_PROFILES)),)
161override_dh_install-arch:
162 dh_install
163
164 # install AppArmor profile
165 install -D -m 644 $(CURDIR)/debian/apparmor-profile $(CURDIR)/debian/slapd/etc/apparmor.d/usr.sbin.slapd
166
167 # install Apport hook
168 install -D -m 644 $(CURDIR)/debian/slapd.py $(CURDIR)/debian/slapd/usr/share/apport/package-hooks/slapd.py
169
170 # install ufw profile
171 install -D -m 644 $(CURDIR)/debian/slapd.ufw.profile $(CURDIR)/debian/slapd/etc/ufw/applications.d/slapd
172
173 dh_apparmor -pslapd --profile-name=usr.sbin.slapd
174endif
175
158override_dh_installinit:176override_dh_installinit:
159 dh_installinit -- "defaults 19 80"177 dh_installinit -- "defaults 19 80"
160178
@@ -215,6 +233,8 @@ ifeq ($(filter pkg.openldap.noslapd,$(DEB_BUILD_PROFILES)),)
215 done; \233 done; \
216 fi234 fi
217235
236 rm -f contrib/slapd-modules/nssov/nss-pam-ldapd/config.sub contrib/slapd-modules/nssov/nss-pam-ldapd/config.guess
237
218 # Clean the contrib directory238 # Clean the contrib directory
219 for mod in $(CONTRIB_MODULES); do \239 for mod in $(CONTRIB_MODULES); do \
220 dh_auto_clean -Dcontrib/slapd-modules/$$mod -Bcontrib/slapd-modules/$$mod || exit $?; \240 dh_auto_clean -Dcontrib/slapd-modules/$$mod -Bcontrib/slapd-modules/$$mod || exit $?; \
diff --git a/debian/slapd.README.Debian b/debian/slapd.README.Debian
index a43dfe4..216e6ac 100644
--- a/debian/slapd.README.Debian
+++ b/debian/slapd.README.Debian
@@ -204,8 +204,8 @@ Running slapd under a Different UID/GID
204204
205 - Tell linux slapd can access configuration files -- usually:205 - Tell linux slapd can access configuration files -- usually:
206206
207 chgrp <group> /etc/ldap/slapd.conf207 chgrp -R <group> /etc/ldap/slapd.d
208 chmod 0640 /etc/ldap/slapd.conf208 chmod -R g+rX /etc/ldap/slapd.d
209209
210 - Tell linux slapd can access /var/run/slapd and write a PID file:210 - Tell linux slapd can access /var/run/slapd and write a PID file:
211211
@@ -339,3 +339,14 @@ Unsafe access control rule installed by default in previous versions
339 slapd.access(5) man page.339 slapd.access(5) man page.
340340
341 -- Ryan Tandy <ryan@nardis.ca>, Mon, 20 Oct 2014 11:45:20 -0700341 -- Ryan Tandy <ryan@nardis.ca>, Mon, 20 Oct 2014 11:45:20 -0700
342
343Apparmor Profile
344----------------
345
346 If your system uses AppArmor, please note that the shipped enforcing profile
347 works with the default installation, and changes in your configuration may
348 require changes to the installed apparmor profile. Please see
349 https://wiki.ubuntu.com/DebuggingApparmor before filing a bug against this
350 software.
351
352 -- Jamie Strandboge <jamie@ubuntu.com>, Mon, 4 Feb 2008 21:18:21 -0500
diff --git a/debian/slapd.default b/debian/slapd.default
index 372b8f4..4212e07 100644
--- a/debian/slapd.default
+++ b/debian/slapd.default
@@ -12,7 +12,7 @@ SLAPD_USER="openldap"
12SLAPD_GROUP="openldap"12SLAPD_GROUP="openldap"
1313
14# Path to the pid file of the slapd server. If not set the init.d script14# Path to the pid file of the slapd server. If not set the init.d script
15# will try to figure it out from $SLAPD_CONF (/etc/ldap/slapd.conf by15# will try to figure it out from $SLAPD_CONF (/etc/ldap/slapd.d by
16# default)16# default)
17SLAPD_PIDFILE=17SLAPD_PIDFILE=
1818
diff --git a/debian/slapd.init.ldif b/debian/slapd.init.ldif
index a5277c0..8fd30a5 100644
--- a/debian/slapd.init.ldif
+++ b/debian/slapd.init.ldif
@@ -32,7 +32,6 @@ objectClass: olcDatabaseConfig
32olcDatabase: config32olcDatabase: config
33# Allow unlimited access to local connection from the local root user33# Allow unlimited access to local connection from the local root user
34olcAccess: to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break34olcAccess: to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break
35olcRootDN: cn=admin,cn=config
3635
37# Load schemas36# Load schemas
38dn: cn=schema,cn=config37dn: cn=schema,cn=config
diff --git a/debian/slapd.install b/debian/slapd.install
index 0987dad..206a208 100644
--- a/debian/slapd.install
+++ b/debian/slapd.install
@@ -54,5 +54,7 @@ usr/lib/ldap/autogroup.so*
54usr/lib/ldap/autogroup.la54usr/lib/ldap/autogroup.la
55usr/lib/ldap/lastbind.so*55usr/lib/ldap/lastbind.so*
56usr/lib/ldap/lastbind.la56usr/lib/ldap/lastbind.la
57usr/lib/ldap/nssov.so*
58usr/lib/ldap/nssov.la
57usr/lib/ldap/pw-sha2.so*59usr/lib/ldap/pw-sha2.so*
58usr/lib/ldap/pw-sha2.la60usr/lib/ldap/pw-sha2.la
diff --git a/debian/slapd.manpages b/debian/slapd.manpages
index ffd3243..25f6d43 100644
--- a/debian/slapd.manpages
+++ b/debian/slapd.manpages
@@ -43,3 +43,4 @@ debian/tmp/usr/share/man/man5/slapo-valsort.5
4343
44# contrib modules installed in main package44# contrib modules installed in main package
45debian/tmp/usr/share/man/man5/slapo-lastbind.545debian/tmp/usr/share/man/man5/slapo-lastbind.5
46contrib/slapd-modules/nssov/slapo-nssov.5
diff --git a/debian/slapd.py b/debian/slapd.py
46new file mode 10064447new file mode 100644
index 0000000..7d78699
--- /dev/null
+++ b/debian/slapd.py
@@ -0,0 +1,51 @@
1#!/usr/bin/python
2
3'''apport hook for slapd
4
5(c) 2010 Adam Sommer.
6Author: Adam Sommer <asommer@ubuntu.com>
7
8This program is free software; you can redistribute it and/or modify it
9under the terms of the GNU General Public License as published by the
10Free Software Foundation; either version 2 of the License, or (at your
11option) any later version. See http://www.gnu.org/copyleft/gpl.html for
12the full text of the license.
13'''
14
15from apport.hookutils import *
16import os
17
18# Scrub olcRootPW attribute and credentials strings if necessary.
19def scrub_pass_strings(config):
20 olcrootpw_regex = re.compile('olcRootPW:.*')
21 olcrootpw_string = olcrootpw_regex.search(config)
22 if olcrootpw_string:
23 config = config.replace(olcrootpw_string.group(0), 'olcRootPW: @@APPORTREPLACED@@')
24
25 credentials_regex = re.compile('credentials=.* ')
26 credentials_string = credentials_regex.search(config)
27 if credentials_string:
28 config = config.replace(credentials_string.group(0), 'credentials=@@APPORTREPLACED@@ ')
29
30 return config
31
32def add_info(report, ui):
33 response = ui.yesno("The contents of your /etc/ldap/slapd.d directory "
34 "may help developers diagnose your bug more "
35 "quickly. However, it may contain sensitive "
36 "information. Do you want to include it in your "
37 "bug report?")
38
39 if response == None: # user cancelled
40 raise StopIteration
41
42 elif response == True:
43 # Get the cn=config tree.
44 cn_config = root_command_output(['/usr/bin/ldapsearch', '-Q', '-LLL', '-Y EXTERNAL', '-H ldapi:///', '-b cn=config'])
45 report['CNConfig'] = scrub_pass_strings(cn_config)
46
47 # Get slapd messages from /var/log/syslog
48 slapd_re = re.compile('slapd', re.IGNORECASE)
49 report['SysLog'] = recent_syslog(slapd_re)
50
51 attach_mac_events(report, '/usr/sbin/slapd')
diff --git a/debian/slapd.scripts-common b/debian/slapd.scripts-common
index b2b3d3d..0dc0045 100644
--- a/debian/slapd.scripts-common
+++ b/debian/slapd.scripts-common
@@ -175,8 +175,7 @@ dump_config() { # {{{
175dump_databases() { # {{{175dump_databases() { # {{{
176# If the user wants us to dump the databases they are dumped to the 176# If the user wants us to dump the databases they are dumped to the
177# configured directory.177# configured directory.
178178 local db suffix file dir failed slapcat_opts
179 local db suffix file dir failed
180179
181 database_dumping_enabled || return 0180 database_dumping_enabled || return 0
182181
@@ -365,6 +364,12 @@ compute_backup_path() { # {{{
365 id="$OLD_VERSION"364 id="$OLD_VERSION"
366 [ -n "$id" ] || id=`date +%Y%m%d-%H%M%S`365 [ -n "$id" ] || id=`date +%Y%m%d-%H%M%S`
367 target="/var/backups/$basedn-$id.ldapdb"366 target="/var/backups/$basedn-$id.ldapdb"
367 # Configuration via dpkg-reconfigure.
368 # The backup directory already exists when reconfigured
369 # twice or more: append a timestamp.
370 if [ -e "${target}" ] && ([ "$MODE" = reconfigure ] || [ "$DEBCONF_RECONFIGURE" ]); then
371 target="$target-`date +%Y%m%d-%H%M%S`"
372 fi
368 if [ -e "$target" ] && [ -z "$ok_exists" ]; then373 if [ -e "$target" ] && [ -z "$ok_exists" ]; then
369 echo >&2374 echo >&2
370 echo >&2 " Backup path $target exists. Giving up..."375 echo >&2 " Backup path $target exists. Giving up..."
diff --git a/debian/slapd.ufw.profile b/debian/slapd.ufw.profile
371new file mode 100644376new file mode 100644
index 0000000..3c4f676
--- /dev/null
+++ b/debian/slapd.ufw.profile
@@ -0,0 +1,9 @@
1[OpenLDAP LDAP]
2title=OpenLDAP with TLS
3description=OpenLDAP is a free, fast, lightweight LDAP server
4ports=389/tcp
5
6[OpenLDAP LDAPS]
7title=OpenLDAP over SSL
8description=OpenLDAP is a free, fast, lightweight LDAP server
9ports=636/tcp

Subscribers

People subscribed via source and target branches