Author: Jamie Strandboge
Revision Date: 2011-03-16 10:22:57 UTC

* SECURITY UPDATE: fix successful anonymous bind via chain overlay when
  using forwarded authentication failures
  - debian/patches/CVE-2011-1024
  - CVE-2011-1024
* SECURITY UPDATE: fix DoS when processing unauthenticated modrdn requests
  and requestDN is empty
  - debian/patches/CVE-2011-1081
  - CVE-2011-1081

Author: Jamie Strandboge
Revision Date: 2011-03-16 10:22:57 UTC

* SECURITY UPDATE: fix successful anonymous bind via chain overlay when
  using forwarded authentication failures
  - debian/patches/CVE-2011-1024
  - CVE-2011-1024
* SECURITY UPDATE: fix DoS when processing unauthenticated modrdn requests
  and requestDN is empty
  - debian/patches/CVE-2011-1081
  - CVE-2011-1081

Author: Mathias Gug
Revision Date: 2008-07-03 14:15:08 UTC

* Merge from debian unstable, remaining changes:
  - debian/apparmor-profile: add AppArmor profile
  - debian/slapd.postinst: Reload AA profile on configuration
  - updated debian/slapd.README.Debian for note on AppArmor
  - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
  - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
    to make sure that if earlier version of apparmour-profiles gets
    installed it won't overwrite our profile.
  - Modify Maintainer value to match the DebianMaintainerField
    speficication.
  - follow ApparmorProfileMigration and force apparmor compalin mode on
    some upgrades (LP: #203529)
  - debian/slapd.dirs: add etc/apparmor.d/force-complain
  - debian/slapd.preinst: create symlink for force-complain on pre-feisty
    upgrades, upgrades where apparmor-profiles profile is unchanged (ie
    non-enforcing) and upgrades where apparmor profile does not exist.
  - debian/slapd.postrm: remove symlink in force-complain/ on purge
  - debian/patches/fix-ucred-libc due to changes how newer glibc handle
    the ucred struct now.
  - debian/patches/fix-unique-overlay-assertion.patch:
    Fix another assertion error in unique overlay (LP: #243337).
    Backport from head.
* debian/control:
  - add time as build dependency: needed by make test.
* debian/rules:
  - support debuild nocheck option: don't run tests if nocheck is set.
* debian/patches/fix-gnutls-key-strength.patch:
  - fix slapd handling of ssf using gnutls. (LP: #244925).
* Dropped - accepted in Debian:
  - debian/rules, debian/slapd.links: use hard links to slapd instead of
    symlinks for slap* so these applications aren't confined by apparmor
    (LP: #203898)
* Dropped - fixed in new upstream release:
  - debian/patches/fix-assertion-io.patch: Fixes ber_flush2 assertion.
    (LP: #215904)
  - debian/patches/fix-dnpretty-assertion.patch: Fix dnPrettyNormal assertion
    error. (LP: #234196)
  - dropped debian/patches/fix-notify-crasher.patch: Fix modify timestamp crashes.
    (LP: #220724)
  - debian/patches/fix-syncrepl-oops: Fixes segmentation fault when using
    syncrepl. (LP: #227178)
  - dropped debian/patches/SECURITY_CVE-2008-0658.patch. Already applied
    upstream.

Author: Jamie Strandboge
Revision Date: 2008-04-07 16:09:38 UTC

remove apparmor-profile workaround for Launchpad #202161 (it's now fixed
in klibc)

Author: Russ Allbery
Revision Date: 2007-05-30 22:42:28 UTC

* New upstream release with many bug fixes.
  - Allow syncprov to follow aliases. (Closes: #422087)
* Apply upstream patches:
  - ITS#4924: client crash on incorrectly tagged result from server.
  - ITS#4925: NOOP modify with BDB backend crashed slapd.
  - ITS#4966: Delete of valsort-controlled entries crashed slapd.
* Enable SLAPI support. (Closes: #390954)
* Re-enable use of the epoll system call since Debian no longer supports
  2.4 kernels. This means that the OpenLDAP packages will not work on
  pre-2.6 kernels.
* Remove schema files that contain text from IETF RFCs from the upstream
  source since that text is not DFSG-free. Instead, install stripped
  versions of those schema files containing only the functional
  interface specifications, a comment explaining why this is needed, and
  a pointer to the relevant RFC. (Closes: #361846)
* Document the repackaging of the upstream source in debian/copyright.
* Update config.guess and config.sub during the build instead of in the
  clean target and remove them in the clean target for a clean diff.
  Build-depend on autotools-dev so that we can unconditionally copy over
  the latest versions.
* Added commentary and upstream ITS numbers for several patches
  applicable upstream.
* Use debian/compat rather than the deprecated DH_COMPAT rules setting.
* Update to debhelper compatibility level V5 (no changes required).

Author: Matthijs Mohlmann
Revision Date: 2006-12-12 21:34:44 UTC

Make sure that the pidfile directory doesn't exist in the init script.
(Closes: #402705)

Author: Mathias Gug
Revision Date: 2009-03-25 14:30:35 UTC

debian/patches/gnutls-enable-v1-ca-certs: Enable V1 CA certs to be
trusted (LP: #305264).

Author: Kees Cook
Revision Date: 2008-07-31 16:06:53 UTC

* SECURITY UPDATE: denial of service via broken BER decoding.
* Added debian/patches/security-ber-decoding.patch: upstream fixes.
* References
  CVE-2008-2952

Author: Kees Cook
Revision Date: 2008-07-31 16:06:53 UTC

* SECURITY UPDATE: denial of service via broken BER decoding.
* Added debian/patches/security-ber-decoding.patch: upstream fixes.
* References
  CVE-2008-2952

Author: Kees Cook
Revision Date: 2008-07-31 16:06:53 UTC

* SECURITY UPDATE: denial of service via broken BER decoding.
* Added debian/patches/security-ber-decoding.patch: upstream fixes.
* References
  CVE-2008-2952

Author: Kees Cook
Revision Date: 2008-07-31 16:06:53 UTC

* SECURITY UPDATE: denial of service via broken BER decoding.
* Added debian/patches/security-ber-decoding.patch: upstream fixes.
* References
  CVE-2008-2952