Author: Ryan Tandy
Revision Date: 2015-06-25 09:40:29 UTC

debian/apparmor-profile: Change 'r' to 'rw' for ldapi and nslcd sockets,
required for apparmor kernel ABI v7 (utopic and later). (LP: #1392018)

Author: Ryan Tandy
Revision Date: 2015-06-25 09:40:29 UTC

debian/apparmor-profile: Change 'r' to 'rw' for ldapi and nslcd sockets,
required for apparmor kernel ABI v7 (utopic and later). (LP: #1392018)

Author: Adam Conrad
Revision Date: 2015-06-14 03:58:30 UTC

No-change rebuild for the libnettle6 transition.

Author: Adam Conrad
Revision Date: 2015-06-14 03:58:30 UTC

No-change rebuild for the libnettle6 transition.

Author: Felipe Reyes
Revision Date: 2015-05-19 12:59:29 UTC

* SECURITY UPDATE: fix rwm overlay reference counting. (LP: #1446809)
  - debian/patches/CVE-2013-4449.patch: fix reference counting
  - CVE-2013-4449
* SECURITY UPDATE: fix NULL pointer dereference in deref_parseCtrl()
  - debian/patches/CVE-2015-1545.patch: require non-empty AttributeList
  - CVE-2015-1545

Author: Felipe Reyes
Revision Date: 2015-05-19 12:59:29 UTC

* SECURITY UPDATE: fix rwm overlay reference counting. (LP: #1446809)
  - debian/patches/CVE-2013-4449.patch: fix reference counting
  - CVE-2013-4449
* SECURITY UPDATE: fix NULL pointer dereference in deref_parseCtrl()
  - debian/patches/CVE-2015-1545.patch: require non-empty AttributeList
  - CVE-2015-1545

Author: Felipe Reyes
Revision Date: 2015-05-19 13:00:21 UTC

* SECURITY UPDATE: fix rwm overlay reference counting. (LP: #1446809)
  - debian/patches/CVE-2013-4449.patch: fix reference counting
  - CVE-2013-4449
* SECURITY UPDATE: fix NULL pointer dereference in deref_parseCtrl()
  - debian/patches/CVE-2015-1545.patch: require non-empty AttributeList
  - CVE-2015-1545

Author: Felipe Reyes
Revision Date: 2015-05-19 13:00:21 UTC

* SECURITY UPDATE: fix rwm overlay reference counting. (LP: #1446809)
  - debian/patches/CVE-2013-4449.patch: fix reference counting
  - CVE-2013-4449
* SECURITY UPDATE: fix NULL pointer dereference in deref_parseCtrl()
  - debian/patches/CVE-2015-1545.patch: require non-empty AttributeList
  - CVE-2015-1545

Author: Felipe Reyes
Revision Date: 2015-05-19 11:53:17 UTC

* SECURITY UPDATE: denial of service via an LDAP search query
  with attrsOnly set to true. (LP: #1446809)
  - debian/patches/CVE-2012-1164.1.patch: don't leave empty slots in
    normalized attr values
  - debian/patches/CVE-2012-1164.2.patch: add FIXME comment, note that
    current patch is not ideal
  - debian/patches/CVE-2012-1164.3.patch: fix attr_dup2 when no values are
    present (attrsOnly = TRUE)
  - CVE-2012-1164
* SECURITY UPDATE: fix rwm overlay reference counting
  - debian/patches/CVE-2013-4449.patch: fix reference counting
  - CVE-2013-4449
* SECURITY UPDATE: fix NULL pointer dereference in deref_parseCtrl()
  - debian/patches/CVE-2015-1545.patch: require non-empty AttributeList
  - CVE-2015-1545

Author: Felipe Reyes
Revision Date: 2015-05-19 12:58:25 UTC

* SECURITY UPDATE: fix rwm overlay reference counting. (LP: #1446809)
  - debian/patches/CVE-2013-4449.patch: fix reference counting
  - CVE-2013-4449
* SECURITY UPDATE: fix NULL pointer dereference in deref_parseCtrl()
  - debian/patches/CVE-2015-1545.patch: require non-empty AttributeList
  - CVE-2015-1545

Author: Felipe Reyes
Revision Date: 2015-05-19 11:53:17 UTC

* SECURITY UPDATE: denial of service via an LDAP search query
  with attrsOnly set to true. (LP: #1446809)
  - debian/patches/CVE-2012-1164.1.patch: don't leave empty slots in
    normalized attr values
  - debian/patches/CVE-2012-1164.2.patch: add FIXME comment, note that
    current patch is not ideal
  - debian/patches/CVE-2012-1164.3.patch: fix attr_dup2 when no values are
    present (attrsOnly = TRUE)
  - CVE-2012-1164
* SECURITY UPDATE: fix rwm overlay reference counting
  - debian/patches/CVE-2013-4449.patch: fix reference counting
  - CVE-2013-4449
* SECURITY UPDATE: fix NULL pointer dereference in deref_parseCtrl()
  - debian/patches/CVE-2015-1545.patch: require non-empty AttributeList
  - CVE-2015-1545

Author: Matthias Klose
Revision Date: 2015-03-06 13:23:29 UTC

Fix cpp calls for GCC 5.

Author: Jamie Strandboge
Revision Date: 2014-09-02 15:29:05 UTC

* debian/apparmor-profile:
  - allow p11-kit abstraction
  - allow read of /etc/gss/mech.d/*

Author: Jamie Strandboge
Revision Date: 2014-09-02 15:29:05 UTC

* debian/apparmor-profile:
  - allow p11-kit abstraction
  - allow read of /etc/gss/mech.d/*

Author: Adam Conrad
Revision Date: 2014-03-17 12:50:18 UTC

Bump database_format_changed value to 2.4.31-1+nmu2ubuntu5 for db5.3.

Author: Adam Conrad
Revision Date: 2014-03-17 12:50:18 UTC

Bump database_format_changed value to 2.4.31-1+nmu2ubuntu5 for db5.3.

Author: Colin Watson
Revision Date: 2013-10-08 17:24:59 UTC

Update build/config.guess and build/config.sub at build time; this was
not done automatically because the top-level configure.in does not use
Automake.

Author: Colin Watson
Revision Date: 2013-10-08 17:24:59 UTC

Update build/config.guess and build/config.sub at build time; this was
not done automatically because the top-level configure.in does not use
Automake.

Author: Roel Standaert
Revision Date: 2013-08-31 08:29:45 UTC

* Backport fix for back-mdb, fixes crash when deleting an entry
  that contains an indexed numeric attribute (LP: #1216650):
  - d/patches/its-7174-lutil_str2bin-cant-modify-input-strings.patch:
    Upstream patch to make sure that lutil_str2bin does not
    attempt to modify its input.

Author: Roel Standaert
Revision Date: 2013-08-31 06:36:42 UTC

* Backport fix for back-mdb, fixes crash when deleting an entry
  that contains an indexed numeric attribute (LP: #1216650):
  - d/patches/its-7174-lutil_str2bin-cant-modify-input-strings.patch:
    Upstream patch to make sure that lutil_str2bin does not
    attempt to modify its input.

Author: Yolanda Robla
Revision Date: 2013-07-08 14:57:17 UTC

* debian/control: added lsb-release
* debian/patches/fix-ldap-distribution.patch: show distribution in version

Author: Ryan Tandy
Revision Date: 2013-06-04 09:18:48 UTC

* Avoid deadlocks in back-bdb that truncate slapcat output (LP: #1185908):
  - d/patches/bdb-deadlock.patch: Patch copied from Debian #673038

Author: Ryan Tandy
Revision Date: 2013-06-04 09:18:48 UTC

* Avoid deadlocks in back-bdb that truncate slapcat output (LP: #1185908):
  - d/patches/bdb-deadlock.patch: Patch copied from Debian #673038

Author: Yolanda Robla
Revision Date: 2013-05-28 15:20:54 UTC

debian/tests: added autopkgtests

Author: Marc Deslauriers
Revision Date: 2012-08-20 08:46:02 UTC

debian/slapd.py: Add AppArmor info and logs to apport hook.

Author: Marc Deslauriers
Revision Date: 2012-08-20 08:46:02 UTC

debian/slapd.py: Add AppArmor info and logs to apport hook.

Author: Marc Deslauriers
Revision Date: 2012-08-20 08:46:02 UTC

debian/slapd.py: Add AppArmor info and logs to apport hook.

Author: Adam Gandelman
Revision Date: 2012-05-04 22:23:00 UTC

Fix changelog entry

Author: Jamie Strandboge
Revision Date: 2012-04-05 09:34:37 UTC

debian/control: Build-Depends on dh-apparmor (LP: #948481)

Author: Robie Basak
Revision Date: 2011-12-14 14:05:18 UTC

* Fix replication when attr has no matching rule (LP: #903901):
  - debian/patches/fix-syncrepl-when-attr-has-no-matching-rule.patch:
    backport fix from upstream
  - debian/patches/fix-syncrepl-when-attr-has-no-matching-rule-test.patch:
    backport test from upstream

Author: Jamie Strandboge
Revision Date: 2011-11-14 13:29:39 UTC

* SECURITY UPDATE: potential denial of service (LP: #884163)
  - debian/patches/CVE-2011-4079: fix off by one error in
    postalAddressNormalize()
  - CVE-2011-4079

Author: Robie Basak
Revision Date: 2011-12-14 14:05:18 UTC

* Fix replication when attr has no matching rule (LP: #903901):
  - debian/patches/fix-syncrepl-when-attr-has-no-matching-rule.patch:
    backport fix from upstream
  - debian/patches/fix-syncrepl-when-attr-has-no-matching-rule-test.patch:
    backport test from upstream

Author: Jamie Strandboge
Revision Date: 2011-11-14 13:22:54 UTC

* SECURITY UPDATE: potential denial of service (LP: #884163)
  - debian/patches/CVE-2011-4079: fix off by one error in
    postalAddressNormalize()
  - CVE-2011-4079

Author: Jamie Strandboge
Revision Date: 2011-11-14 13:30:50 UTC

* SECURITY UPDATE: potential denial of service (LP: #884163)
  - debian/patches/CVE-2011-4079: fix off by one error in
    postalAddressNormalize()
  - CVE-2011-4079

Author: Jamie Strandboge
Revision Date: 2011-11-14 13:22:54 UTC

* SECURITY UPDATE: potential denial of service (LP: #884163)
  - debian/patches/CVE-2011-4079: fix off by one error in
    postalAddressNormalize()
  - CVE-2011-4079

Author: Jamie Strandboge
Revision Date: 2011-11-14 13:29:39 UTC

* SECURITY UPDATE: potential denial of service (LP: #884163)
  - debian/patches/CVE-2011-4079: fix off by one error in
    postalAddressNormalize()
  - CVE-2011-4079

Author: Jamie Strandboge
Revision Date: 2011-11-14 13:32:11 UTC

* SECURITY UPDATE: potential denial of service (LP: #884163)
  - debian/patches/CVE-2011-4079: fix off by one error in
    postalAddressNormalize()
  - CVE-2011-4079

Author: Jamie Strandboge
Revision Date: 2011-11-14 13:30:50 UTC

* SECURITY UPDATE: potential denial of service (LP: #884163)
  - debian/patches/CVE-2011-4079: fix off by one error in
    postalAddressNormalize()
  - CVE-2011-4079

Author: Steve Langasek
Revision Date: 2011-08-15 09:43:29 UTC

Brown paper bag: really fix the .links.in handling, so we don't generate
broken /usr/lib/${DEB_HOST_MULTIARCH} dirs.

Author: James Page
Revision Date: 2011-06-02 12:08:59 UTC

* Fix issue causing replication failures in SASL/GSSAPI configurations
  (LP: #783836).
  - debian/patches/set.sock.err.to.EAGAIN.on.partial.write.patch: upstream
    patch to provide better error handling for partial writes.

Author: James Page
Revision Date: 2011-05-20 10:01:54 UTC

* Fix issue causing replication failures in SASL/GSSAPI configurations
  (LP: #783836).
  - debian/patches/set.sock.err.to.EAGAIN.on.partial.write.patch: upstream
    patch to provide better error handling for partial writes.

Author: James Page
Revision Date: 2011-05-20 10:00:58 UTC

* Fix issue causing replication failures in SASL/GSSAPI configurations
  (LP: #783836).
  - debian/patches/set.sock.err.to.EAGAIN.on.partial.write.patch: upstream
    patch to provide better error handling for partial writes.

Author: Jamie Strandboge
Revision Date: 2011-04-07 11:36:53 UTC

* SECURITY UPDATE: fix successful anonymous bind via chain overlay when
  using forwarded authentication failures
  - debian/patches/CVE-2011-1024
  - CVE-2011-1024
* SECURITY UPDATE: verify password when authenticating to rootdn and using ndb
  backend. Note: Ubuntu is not compiled with --enable-ndb by default
  - debian/patches/CVE-2011-1025
  - CVE-2011-1025
* SECURITY UPDATE: fix DoS when processing unauthenticated modrdn requests
  and requestDN is empty
  - debian/patches/CVE-2011-1081
  - CVE-2011-1081
  - LP: #742104

Author: Peter Pearse
Revision Date: 2011-04-07 12:36:26 UTC

Updated bootstrap - builds unbootstrapped now.

Author: Dave Walker
Revision Date: 2011-03-02 22:00:52 UTC

debian/patches/service-operational-before-detach: New patch replacing
old one of same name as previous could cause database corruption,
based on upstream commits. (LP: #727973)

Author: Jamie Strandboge
Revision Date: 2011-03-16 10:17:57 UTC

* SECURITY UPDATE: fix successful anonymous bind via chain overlay when
  using forwarded authentication failures
  - debian/patches/CVE-2011-1024
  - CVE-2011-1024
* SECURITY UPDATE: verify password when authenticating to rootdn and using ndb
  backend. Note: Ubuntu is not compiled with --enable-ndb by default
  - debian/patches/CVE-2011-1025
  - CVE-2011-1025
* SECURITY UPDATE: fix DoS when processing unauthenticated modrdn requests
  and requestDN is empty
  - debian/patches/CVE-2011-1081
  - CVE-2011-1081

Author: Jamie Strandboge
Revision Date: 2011-03-16 10:17:57 UTC

* SECURITY UPDATE: fix successful anonymous bind via chain overlay when
  using forwarded authentication failures
  - debian/patches/CVE-2011-1024
  - CVE-2011-1024
* SECURITY UPDATE: verify password when authenticating to rootdn and using ndb
  backend. Note: Ubuntu is not compiled with --enable-ndb by default
  - debian/patches/CVE-2011-1025
  - CVE-2011-1025
* SECURITY UPDATE: fix DoS when processing unauthenticated modrdn requests
  and requestDN is empty
  - debian/patches/CVE-2011-1081
  - CVE-2011-1081

Author: Peter Pearse
Revision Date: 2011-02-24 17:00:30 UTC

Patched for crossing, staged build, DEB_BOOTSTRAP=1

Author: James Page
Revision Date: 2010-11-08 12:55:23 UTC

debian/slapd.templates: amended typo in slapd/move_old_database
(LP: #666028)

Author: James Page
Revision Date: 2010-11-08 17:14:39 UTC

debian/slapd.templates: amended typo in slapd/move_old_database
(LP: #666028)

Author: James Page
Revision Date: 2010-10-13 19:05:30 UTC

Fixed install/upgrade process to dump/restore databases due
to uplift to libdb4.8-dev (LP: #658227)

Author: Jamie Strandboge
Revision Date: 2010-08-06 17:34:21 UTC

debian/rules: move dh_apparmor before dh_installinit

Author: Steve Beattie
Revision Date: 2010-07-28 23:28:31 UTC

* SECURITY UPDATE: null ptr deref, free uninitialized data in modrdn calls
  - openldap-2.4.22-CVE-2010-0211-modrdn_check_error.patch:
    - check return for errors and clean up uninitialized data
  - openldap-2.4.22-CVE-2010-0212-modrdn_null_deref.patch:
    - return error on 0-length or binary RDNs
  - CVE-2010-0211, CVE-2010-0212

Author: Steve Beattie
Revision Date: 2010-07-28 23:28:31 UTC

* SECURITY UPDATE: null ptr deref, free uninitialized data in modrdn calls
  - openldap-2.4.22-CVE-2010-0211-modrdn_check_error.patch:
    - check return for errors and clean up uninitialized data
  - openldap-2.4.22-CVE-2010-0212-modrdn_null_deref.patch:
    - return error on 0-length or binary RDNs
  - CVE-2010-0211, CVE-2010-0212

Author: Mathias Gug
Revision Date: 2010-07-23 13:03:17 UTC

debian/slapd.postinst: Properly index cn=localroot,cn=config olcAccess
line on upgrade from karmic.
(LP: #571057)

Author: Mathias Gug
Revision Date: 2010-04-23 00:23:31 UTC

Fix local root connection access: replace olcAuthzRegexp mapping to
cn=localroot,cn=config with using the SASL dn directly in olcAccess.
Makes upgrades much simpler and robust (LP: #563829).

Author: Thierry Carrez
Revision Date: 2010-04-29 12:10:06 UTC

Also apply previous rule for updates from 0ubuntu5

Author: Mathias Gug
Revision Date: 2010-04-29 02:28:50 UTC

Clean up non-indexed olcAccess to avoid upgrade failure (LP: #571057).

Author: Mathias Gug
Revision Date: 2010-04-23 04:23:54 UTC

Fix local root connection access: replace olcAuthzRegexp mapping to
cn=localroot,cn=config with using the SASL dn directly in olcAccess.
Makes upgrades much simpler and robust (LP: #563829).

Author: Scott Moser
Revision Date: 2010-04-14 06:11:00 UTC

fix replacement value in hardy2lucid upgrade path

Author: Mathias Gug
Revision Date: 2009-09-07 13:41:10 UTC

* New upstream release: (LP: #419515):
  + pcache overlay supports disconnected mode.
* Fix nss overlay load (LP: #417163).

Author: Colin Watson
Revision Date: 2009-03-19 09:52:40 UTC

No-change rebuild to fix lpia shared library dependencies.

Author: Matthias Klose
Revision Date: 2008-10-24 23:22:33 UTC

Disable the testsuite on hppa. Allows building of packages on this
architecture again, once this package is in the archive.
LP: #288908.

Author: Mathias Gug
Revision Date: 2009-03-25 12:52:23 UTC

debian/patches/gnutls-enable-v1-ca-certs: Enable V1 CA certs to be
trusted (LP: #305264).

Author: Mathias Gug
Revision Date: 2009-03-25 12:52:23 UTC

debian/patches/gnutls-enable-v1-ca-certs: Enable V1 CA certs to be
trusted (LP: #305264).