openldap 2.4.48+dfsg-1ubuntu1 source package in Ubuntu
Changelog
openldap (2.4.48+dfsg-1ubuntu1) eoan; urgency=medium * Merge with Debian unstable. Remaining changes: - Enable AppArmor support: - d/apparmor-profile: add AppArmor profile - d/rules: use dh_apparmor - d/control: Build-Depends on dh-apparmor - d/slapd.README.Debian: add note about AppArmor - Enable GSSAPI support: - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): - Add --with-gssapi support - Make guess_service_principal() more robust when determining principal - d/configure.options: Configure with --with-gssapi - d/control: Added heimdal-dev as a build depend - d/rules: - Explicitly add -I/usr/include/heimdal to CFLAGS. - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS. - Enable ufw support: - d/control: suggest ufw. - d/rules: install ufw profile. - d/slapd.ufw.profile: add ufw profile. - Enable nss overlay: - d/rules: - add nssov to CONTRIB_MODULES - add sysconfdir to CONTRIB_MAKEVARS - d/slapd.install: - install nssov overlay - d/slapd.manpages: - install slapo-nssov(5) man page - d/{rules,slapd.py}: Add apport hook. - d/slapd.init.ldif: don't set olcRootDN since it's not defined in either the default DIT nor via an Authn mapping. - d/slapd.scripts-common: - add slapcat_opts to local variables. - Fix backup directory naming for multiple reconfiguration. - d/{slapd.default,slapd.README.Debian}: use the new configuration style. - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support in the openldap library, as required by Likewise-Open - Show distribution in version: - d/control: added lsb-release - d/patches/fix-ldap-distribution.patch: show distribution in version - d/libldap-2.4-2.symbols: Add symbols not present in Debian. - CLDAP (UDP) was added in 2.4.17-1ubuntu2 - GSSAPI support was enabled in 2.4.18-0ubuntu2 - d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding Debian bug #919136, we also have to patch the nssov makefile accordingly and thus update this patch. * Dropped: - Fix sysv-generator unit file by customizing parameters (LP #1821343) + d/slapd-remain-after-exit.conf: Override RemainAfterExit to allow correct systemctl status for slapd daemon. + d/slapd.install: place override file in correct location. [Included in 2.4.48+dfsg-1] - SECURITY UPDATE: rootDN proxyauthz not restricted to its own databases + debian/patches/CVE-2019-13057-1.patch: add restriction to servers/slapd/saslauthz.c. + debian/patches/CVE-2019-13057-2.patch: add tests to tests/data/idassert.out, tests/data/slapd-idassert.conf, tests/data/test-idassert1.ldif, tests/scripts/test028-idassert. + debian/patches/CVE-2019-13057-3.patch: fix typo in tests/scripts/test028-idassert. + debian/patches/CVE-2019-13057-4.patch: fix typo in tests/scripts/test028-idassert. + CVE-2019-13057 [Fixed upstream] - SECURITY UPDATE: SASL SSF not initialized per connection + debian/patches/CVE-2019-13565.patch: zero out sasl_ssf in connection_init in servers/slapd/connection.c. + CVE-2019-13565 [Fixed upstream] openldap (2.4.48+dfsg-1) unstable; urgency=medium * New upstream release. - fixed slapd to restrict rootDN proxyauthz to its own databases (CVE-2019-13057) (ITS#9038) (Closes: #932997) - fixed slapd to enforce sasl_ssf ACL statement on every connection (CVE-2019-13565) (ITS#9052) (Closes: #932998) - added new openldap.h header with OpenLDAP specific libldap interfaces (ITS#8671) - updated lastbind overlay to support forwarding authTimestamp updates (ITS#7721) (Closes: #880656) * Update Standards-Version to 4.4.0. * Add a systemd drop-in to set RemainAfterExit=no on the slapd service, so that systemd marks the service as dead after it crashes or is killed. Thanks to Heitor Alves de Siqueira. (Closes: #926657, LP: #1821343) * Use more entropy for generating a random admin password, if none was set during initial configuration. Thanks to Judicael Courant. (Closes: #932270) * Replace debian/rules calls to dpkg-architecture and dpkg-parsechangelog with variables provided by dpkg-dev includes. * Declare R³: no. * Create a simple autopkgtest that tests installing slapd and connecting to it with an ldap tool. * Install the new openldap.h header in libldap2-dev. -- Andreas Hasenack <email address hidden> Wed, 31 Jul 2019 18:01:14 -0300
Upload details
- Uploaded by:
- Andreas Hasenack
- Uploaded to:
- Eoan
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any all
- Section:
- net
- Urgency:
- Medium Urgency
See full publishing history Publishing
Series | Published | Component | Section |
---|
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
openldap_2.4.48+dfsg.orig.tar.gz | 4.6 MiB | 8645601c28f094b01baed02a604479b175a45ba010e407212d214313bc6a80ba |
openldap_2.4.48+dfsg-1ubuntu1.debian.tar.xz | 174.9 KiB | ead23f7be35e1c9e29842b6cdd05f9109c152a48d05d6d25b338d7489b747604 |
openldap_2.4.48+dfsg-1ubuntu1.dsc | 2.9 KiB | 55f8393e57088acd89438cfa66e19af919edc867c8ee462d4c6132cb597a2916 |
Available diffs
Binary packages built by this source
- ldap-utils: No summary available for ldap-utils in ubuntu eoan.
No description available for ldap-utils in ubuntu eoan.
- ldap-utils-dbgsym: No summary available for ldap-utils-dbgsym in ubuntu eoan.
No description available for ldap-utils-dbgsym in ubuntu eoan.
- libldap-2.4-2: No summary available for libldap-2.4-2 in ubuntu eoan.
No description available for libldap-2.4-2 in ubuntu eoan.
- libldap-2.4-2-dbgsym: No summary available for libldap-2.4-2-dbgsym in ubuntu eoan.
No description available for libldap-
2.4-2-dbgsym in ubuntu eoan.
- libldap-common: OpenLDAP common files for libraries
These are common files for the run-time libraries for the OpenLDAP
(Lightweight Directory Access Protocol) servers and clients.
- libldap2-dev: No summary available for libldap2-dev in ubuntu eoan.
No description available for libldap2-dev in ubuntu eoan.
- slapd: No summary available for slapd in ubuntu eoan.
No description available for slapd in ubuntu eoan.
- slapd-contrib: contributed plugins for OpenLDAP slapd
This package contains a number of slapd overlays and plugins contributed by
the OpenLDAP community. While distributed as part of OpenLDAP Software, they
are not necessarily supported by the OpenLDAP Project.
- slapd-contrib-dbgsym: debug symbols for slapd-contrib
- slapd-dbgsym: No summary available for slapd-dbgsym in ubuntu eoan.
No description available for slapd-dbgsym in ubuntu eoan.
- slapd-smbk5pwd: No summary available for slapd-smbk5pwd in ubuntu eoan.
No description available for slapd-smbk5pwd in ubuntu eoan.
- slapi-dev: development libraries for OpenLDAP SLAPI plugin interface
This package allows development of plugins for the OpenLDAP slapd server
using the SLAPI interface. It includes the headers and libraries needed
to build such plugins.