Ubuntu
openldap package

Merge ~ahasenack/ubuntu/+source/openldap:eoan-openldap-2.4.38-merge into ubuntu/+source/openldap:debian/sid

  1. Git
  2. lp:~ahasenack/ubuntu/+source/openldap
  3. eoan-openldap-2.4.38-merge
  4. Merge into debian/sid
Proposed by Andreas Hasenack
Status: Merged
Approved by: Andreas Hasenack
Approved revision: c764ab810f802f3f0a35fded361bb9f7a80e2cc1
Merge reported by: Andreas Hasenack
Merged at revision: c764ab810f802f3f0a35fded361bb9f7a80e2cc1
Proposed branch: ~ahasenack/ubuntu/+source/openldap:eoan-openldap-2.4.38-merge
Merge into: ubuntu/+source/openldap:debian/sid
Diff against target: 3190 lines (+2715/-12)
18 files modified
debian/apparmor-profile (+60/-0)
debian/changelog (+2320/-0)
debian/configure.options (+1/-0)
debian/control (+6/-3)
debian/libldap-2.4-2.symbols (+7/-0)
debian/patches/contrib-makefiles (+21/-0)
debian/patches/fix-ldap-distribution.patch (+24/-0)
debian/patches/gssapi.diff (+167/-0)
debian/patches/series (+2/-0)
debian/rules (+23/-3)
debian/slapd.README.Debian (+13/-2)
debian/slapd.default (+1/-1)
debian/slapd.init.ldif (+0/-1)
debian/slapd.install (+2/-0)
debian/slapd.manpages (+1/-0)
debian/slapd.py (+51/-0)
debian/slapd.scripts-common (+7/-2)
debian/slapd.ufw.profile (+9/-0)
Reviewer Review Type Date Requested Status
Christian Ehrhardt  (community) Approve
Ryan Tandy (community) Approve
Canonical Server Pending
Review via email: mp+370689@code.launchpad.net

Description of the change

PPA: https://launchpad.net/~ahasenack/+archive/ubuntu/eoan-openldap-2.4.38-merge
add-apt-repository ppa:ahasenack/eoan-openldap-2.4.38-merge -y -u

Merge from debian's 2.4.38. Able to drop one piece of delta what Ubuntu added recently and that debian adopted ("Fix sysv-generator unit"). Debian didn't add the Type=forking line, which is reduntant as that is included in the generated-from-sysv service file already.

To post a comment you must log in.
Revision history for this message
Ryan Tandy (rtandy) :
review: Approve
Revision history for this message
Ryan Tandy (rtandy) wrote :

Hi Andreas,

If it's not too late, you might consider mentioning bug 1838370 in the changelog. Something like:

* New upstream release.
  - fixed slapo-rwm double free when rewritten search filter is invalid (ITS#8964) (LP: #1838370)

Thank you!

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Will do

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Thanks for your review, sorry I didn't upload this yet. Per team policy we require a review from a fellow core-dev in ubuntu.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

You might want to run the tests in Bileto since a new test is added.
There is plenty of more (unused) stuff in d/t/

Revision history for this message
Christian Ehrhardt  (paelzer) :
review: Needs Information
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Usually when we have a lot is is "disable foo, not in main", but here is is enable gssapi, ufw, nss.
This is not stopping this merge, but you might want to give this a try to reduce Delta on these.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

I'd expect to squash
Enable nss (and all it does)
with the later added
  49 - d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
  50 Debian bug #919136, we also have to patch the nssov makefile
  51 accordingly and thus update this patch.

Otherwise this will get ever longer.
I think we can squash the commits and jus omit the later message. maybe becoming one line
 "patch the nssov makefile"

There is enough Delta already, streamlining this a bit will make it more readable.
Also if we'd drop (or upstream) nss, then the nssov changes would belong to the same.

review: Needs Fixing
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

The changelog strealining is up to you and the "submit-to-Debian" can be done after this merge.
+1 Under the condition that the dep8 tests succeed in our infra.

review: Approve
Revision history for this message
Ryan Tandy (rtandy) wrote :

Yeah, just ignore the unused stuff in debian/tests. I don't think any of it has actually worked since probably etch or so... It's ancient maintainer test scripts that I need to review and probably just delete. Sorry for leaving the noise in there while starting to add the autopkgtest.

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Started a bileto run at https://bileto.ubuntu.com/#/ticket/3774

Revision history for this message
Ryan Tandy (rtandy) wrote :

Unfortunately it looks like there is now a -3ubuntu3 in eoan which conflicts with this (bileto's diff shows the changelog -/+)

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Yes, a security update. I can rebase.

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

repushed, kicked a new bileto run

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Tests are green

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

i'll streamline the changelog together with pushing these delta bits to debian

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

We talked about this in standup and agreed another review wasn't necessary.

Therefore I'm uploading c764ab810f802f3f0a35fded361bb9f7a80e2cc1

BTW, my branch name is slightly incorrect, as the version openldap is being updated to is 2.4.48, not 2.4.38.

$ git push pkg upload/2.4.48+dfsg-1ubuntu1
Enumerating objects: 98, done.
Counting objects: 100% (98/98), done.
Delta compression using up to 2 threads
Compressing objects: 100% (78/78), done.
Writing objects: 100% (82/82), 29.78 KiB | 1.14 MiB/s, done.
Total 82 (delta 57), reused 7 (delta 4)
To ssh://git.launchpad.net/~usd-import-team/ubuntu/+source/openldap
 * [new tag] upload/2.4.48+dfsg-1ubuntu1 -> upload/2.4.48+dfsg-1ubuntu1

$ dput ubuntu ../openldap_2.4.48+dfsg-1ubuntu1_source.changes
Checking signature on .changes
gpg: ../openldap_2.4.48+dfsg-1ubuntu1_source.changes: Valid signature from AC983EB5BF6BCBA9
Checking signature on .dsc
gpg: ../openldap_2.4.48+dfsg-1ubuntu1.dsc: Valid signature from AC983EB5BF6BCBA9
Package includes an .orig.tar.gz file although the debian revision suggests
that it might not be required. Multiple uploads of the .orig.tar.gz may be
rejected by the upload queue management software.
Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading openldap_2.4.48+dfsg-1ubuntu1.dsc: done.
  Uploading openldap_2.4.48+dfsg.orig.tar.gz: done.
  Uploading openldap_2.4.48+dfsg-1ubuntu1.debian.tar.xz: done.
  Uploading openldap_2.4.48+dfsg-1ubuntu1_source.buildinfo: done.
  Uploading openldap_2.4.48+dfsg-1ubuntu1_source.changes: done.
Successfully uploaded packages.

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

This migrated in eoan.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/debian/apparmor-profile b/debian/apparmor-profile
0new file mode 1006440new file mode 100644
index 0000000..793fa7b
--- /dev/null
+++ b/debian/apparmor-profile
@@ -0,0 +1,60 @@
1# vim:syntax=apparmor
2# Last Modified: Fri Jan 4 15:18:13 2008
3# Author: Jamie Strandboge <jamie@ubuntu.com>
4
5#include <tunables/global>
6
7/usr/sbin/slapd {
8 #include <abstractions/base>
9 #include <abstractions/nameservice>
10 #include <abstractions/p11-kit>
11
12 #include <abstractions/ssl_certs>
13 /etc/ssl/private/ r,
14 /etc/ssl/private/* r,
15
16 /etc/sasldb2 r,
17
18 capability dac_override,
19 capability net_bind_service,
20 capability setgid,
21 capability setuid,
22
23 /etc/gai.conf r,
24 /etc/hosts.allow r,
25 /etc/hosts.deny r,
26
27 # ldap files
28 /etc/ldap/** kr,
29 /etc/ldap/slapd.d/** rw,
30
31 # kerberos/gssapi
32 /dev/tty rw,
33 /etc/gss/mech.d/ r,
34 /etc/gss/mech.d/* kr,
35 /etc/krb5.keytab kr,
36 /etc/krb5/user/*/client.keytab kr,
37 owner /tmp/krb5cc_* rwk,
38 /var/tmp/ rw,
39 /var/tmp/** rw,
40
41 # the databases and logs
42 /var/lib/ldap/ r,
43 /var/lib/ldap/** rwk,
44
45 # lock file
46 /var/lib/ldap/alock kw,
47
48 # pid files and sockets
49 /{,var/}run/slapd/* w,
50 /{,var/}run/slapd/ldapi rw,
51 /{,var/}run/nslcd/socket rw,
52
53 /usr/lib/ldap/ r,
54 /usr/lib/ldap/* mr,
55
56 /usr/sbin/slapd mr,
57
58 # Site-specific additions and overrides. See local/README for details.
59 #include <local/usr.sbin.slapd>
60}
diff --git a/debian/changelog b/debian/changelog
index e4742f0..ab08ec7 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,77 @@
1openldap (2.4.48+dfsg-1ubuntu1) eoan; urgency=medium
2
3 * Merge with Debian unstable. Remaining changes:
4 - Enable AppArmor support:
5 - d/apparmor-profile: add AppArmor profile
6 - d/rules: use dh_apparmor
7 - d/control: Build-Depends on dh-apparmor
8 - d/slapd.README.Debian: add note about AppArmor
9 - Enable GSSAPI support:
10 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
11 - Add --with-gssapi support
12 - Make guess_service_principal() more robust when determining
13 principal
14 - d/configure.options: Configure with --with-gssapi
15 - d/control: Added heimdal-dev as a build depend
16 - d/rules:
17 - Explicitly add -I/usr/include/heimdal to CFLAGS.
18 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
19 - Enable ufw support:
20 - d/control: suggest ufw.
21 - d/rules: install ufw profile.
22 - d/slapd.ufw.profile: add ufw profile.
23 - Enable nss overlay:
24 - d/rules:
25 - add nssov to CONTRIB_MODULES
26 - add sysconfdir to CONTRIB_MAKEVARS
27 - d/slapd.install:
28 - install nssov overlay
29 - d/slapd.manpages:
30 - install slapo-nssov(5) man page
31 - d/{rules,slapd.py}: Add apport hook.
32 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
33 either the default DIT nor via an Authn mapping.
34 - d/slapd.scripts-common:
35 - add slapcat_opts to local variables.
36 - Fix backup directory naming for multiple reconfiguration.
37 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
38 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
39 in the openldap library, as required by Likewise-Open
40 - Show distribution in version:
41 - d/control: added lsb-release
42 - d/patches/fix-ldap-distribution.patch: show distribution in version
43 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
44 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
45 - GSSAPI support was enabled in 2.4.18-0ubuntu2
46 - d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
47 Debian bug #919136, we also have to patch the nssov makefile
48 accordingly and thus update this patch.
49 * Dropped:
50 - Fix sysv-generator unit file by customizing parameters (LP #1821343)
51 + d/slapd-remain-after-exit.conf: Override RemainAfterExit to allow
52 correct systemctl status for slapd daemon.
53 + d/slapd.install: place override file in correct location.
54 [Included in 2.4.48+dfsg-1]
55 - SECURITY UPDATE: rootDN proxyauthz not restricted to its own databases
56 + debian/patches/CVE-2019-13057-1.patch: add restriction to
57 servers/slapd/saslauthz.c.
58 + debian/patches/CVE-2019-13057-2.patch: add tests to
59 tests/data/idassert.out, tests/data/slapd-idassert.conf,
60 tests/data/test-idassert1.ldif, tests/scripts/test028-idassert.
61 + debian/patches/CVE-2019-13057-3.patch: fix typo in
62 tests/scripts/test028-idassert.
63 + debian/patches/CVE-2019-13057-4.patch: fix typo in
64 tests/scripts/test028-idassert.
65 + CVE-2019-13057
66 [Fixed upstream]
67 - SECURITY UPDATE: SASL SSF not initialized per connection
68 + debian/patches/CVE-2019-13565.patch: zero out sasl_ssf in
69 connection_init in servers/slapd/connection.c.
70 + CVE-2019-13565
71 [Fixed upstream]
72
73 -- Andreas Hasenack <andreas@canonical.com> Wed, 31 Jul 2019 18:01:14 -0300
74
1openldap (2.4.48+dfsg-1) unstable; urgency=medium75openldap (2.4.48+dfsg-1) unstable; urgency=medium
276
3 * New upstream release.77 * New upstream release.
@@ -25,6 +99,87 @@ openldap (2.4.48+dfsg-1) unstable; urgency=medium
2599
26 -- Ryan Tandy <ryan@nardis.ca> Thu, 25 Jul 2019 08:32:00 -0700100 -- Ryan Tandy <ryan@nardis.ca> Thu, 25 Jul 2019 08:32:00 -0700
27101
102openldap (2.4.47+dfsg-3ubuntu3) eoan; urgency=medium
103
104 * SECURITY UPDATE: rootDN proxyauthz not restricted to its own databases
105 - debian/patches/CVE-2019-13057-1.patch: add restriction to
106 servers/slapd/saslauthz.c.
107 - debian/patches/CVE-2019-13057-2.patch: add tests to
108 tests/data/idassert.out, tests/data/slapd-idassert.conf,
109 tests/data/test-idassert1.ldif, tests/scripts/test028-idassert.
110 - debian/patches/CVE-2019-13057-3.patch: fix typo in
111 tests/scripts/test028-idassert.
112 - debian/patches/CVE-2019-13057-4.patch: fix typo in
113 tests/scripts/test028-idassert.
114 - CVE-2019-13057
115 * SECURITY UPDATE: SASL SSF not initialized per connection
116 - debian/patches/CVE-2019-13565.patch: zero out sasl_ssf in
117 connection_init in servers/slapd/connection.c.
118 - CVE-2019-13565
119
120 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 26 Jul 2019 13:21:00 -0400
121
122openldap (2.4.47+dfsg-3ubuntu2) disco; urgency=medium
123
124 * Fix sysv-generator unit file by customizing parameters (LP: #1821343)
125 - d/slapd-remain-after-exit.conf: Override RemainAfterExit to allow
126 correct systemctl status for slapd daemon.
127 - d/slapd.install: place override file in correct location.
128
129 -- Heitor Alves de Siqueira <halves@canonical.com> Mon, 08 Apr 2019 12:39:12 -0300
130
131openldap (2.4.47+dfsg-3ubuntu1) disco; urgency=medium
132
133 * Merge with Debian unstable. Remaining changes:
134 - Enable AppArmor support:
135 - d/apparmor-profile: add AppArmor profile
136 - d/rules: use dh_apparmor
137 - d/control: Build-Depends on dh-apparmor
138 - d/slapd.README.Debian: add note about AppArmor
139 - Enable GSSAPI support:
140 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
141 - Add --with-gssapi support
142 - Make guess_service_principal() more robust when determining
143 principal
144 - d/configure.options: Configure with --with-gssapi
145 - d/control: Added heimdal-dev as a build depend
146 - d/rules:
147 - Explicitly add -I/usr/include/heimdal to CFLAGS.
148 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
149 - Enable ufw support:
150 - d/control: suggest ufw.
151 - d/rules: install ufw profile.
152 - d/slapd.ufw.profile: add ufw profile.
153 - Enable nss overlay:
154 - d/rules:
155 - add nssov to CONTRIB_MODULES
156 - add sysconfdir to CONTRIB_MAKEVARS
157 - d/slapd.install:
158 - install nssov overlay
159 - d/slapd.manpages:
160 - install slapo-nssov(5) man page
161 - d/{rules,slapd.py}: Add apport hook.
162 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
163 either the default DIT nor via an Authn mapping.
164 - d/slapd.scripts-common:
165 - add slapcat_opts to local variables.
166 - Fix backup directory naming for multiple reconfiguration.
167 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
168 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
169 in the openldap library, as required by Likewise-Open
170 - Show distribution in version:
171 - d/control: added lsb-release
172 - d/patches/fix-ldap-distribution.patch: show distribution in version
173 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
174 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
175 - GSSAPI support was enabled in 2.4.18-0ubuntu2
176 * Added changes:
177 - d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
178 Debian bug #919136, we also have to patch the nssov makefile
179 accordingly and thus update this patch.
180
181 -- Andreas Hasenack <andreas@canonical.com> Mon, 11 Feb 2019 09:20:47 -0200
182
28openldap (2.4.47+dfsg-3) unstable; urgency=medium183openldap (2.4.47+dfsg-3) unstable; urgency=medium
29184
30 * Restore patches to contrib Makefiles to set CFLAGS, CPPFLAGS, and LDFLAGS185 * Restore patches to contrib Makefiles to set CFLAGS, CPPFLAGS, and LDFLAGS
@@ -40,6 +195,63 @@ openldap (2.4.47+dfsg-3) unstable; urgency=medium
40195
41 -- Ryan Tandy <ryan@nardis.ca> Sat, 02 Feb 2019 10:30:10 -0800196 -- Ryan Tandy <ryan@nardis.ca> Sat, 02 Feb 2019 10:30:10 -0800
42197
198openldap (2.4.47+dfsg-2ubuntu1) disco; urgency=medium
199
200 * Merge from Debian unstable (LP: #1811630). Remaining changes:
201 - Enable AppArmor support:
202 - d/apparmor-profile: add AppArmor profile
203 - d/rules: use dh_apparmor
204 - d/control: Build-Depends on dh-apparmor
205 - d/slapd.README.Debian: add note about AppArmor
206 - Enable GSSAPI support:
207 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
208 - Add --with-gssapi support
209 - Make guess_service_principal() more robust when determining
210 principal
211 - d/configure.options: Configure with --with-gssapi
212 - d/control: Added heimdal-dev as a build depend
213 - d/rules:
214 - Explicitly add -I/usr/include/heimdal to CFLAGS.
215 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
216 - Enable ufw support:
217 - d/control: suggest ufw.
218 - d/rules: install ufw profile.
219 - d/slapd.ufw.profile: add ufw profile.
220 - Enable nss overlay:
221 - d/rules:
222 - add nssov to CONTRIB_MODULES
223 - add sysconfdir to CONTRIB_MAKEVARS
224 - d/slapd.install:
225 - install nssov overlay
226 - d/slapd.manpages:
227 - install slapo-nssov(5) man page
228 - d/{rules,slapd.py}: Add apport hook.
229 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
230 either the default DIT nor via an Authn mapping.
231 - d/slapd.scripts-common:
232 - add slapcat_opts to local variables.
233 - Fix backup directory naming for multiple reconfiguration.
234 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
235 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
236 in the openldap library, as required by Likewise-Open
237 - Show distribution in version:
238 - d/control: added lsb-release
239 - d/patches/fix-ldap-distribution.patch: show distribution in version
240 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
241 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
242 - GSSAPI support was enabled in 2.4.18-0ubuntu2
243 * Update nssov build and packaging for Debian changes:
244 - Drop patch nssov-build
245 - d/rules:
246 - add nssov to CONTRIB_MODULES
247 - add sysconfdir to CONTRIB_MAKEVARS
248 - d/slapd.install:
249 - install nssov overlay
250 - d/slapd.manpages:
251 - install slapo-nssov(5) man page
252
253 -- Ryan Tandy <ryan@nardis.ca> Sun, 13 Jan 2019 04:47:09 +0000
254
43openldap (2.4.47+dfsg-2) unstable; urgency=medium255openldap (2.4.47+dfsg-2) unstable; urgency=medium
44256
45 * Reintroduce slapi-dev binary package. (Closes: #711469)257 * Reintroduce slapi-dev binary package. (Closes: #711469)
@@ -77,6 +289,63 @@ openldap (2.4.47+dfsg-1) unstable; urgency=medium
77289
78 -- Ryan Tandy <ryan@nardis.ca> Sun, 23 Dec 2018 12:50:40 -0800290 -- Ryan Tandy <ryan@nardis.ca> Sun, 23 Dec 2018 12:50:40 -0800
79291
292openldap (2.4.46+dfsg-5ubuntu3) disco; urgency=medium
293
294 * d/apparmor-profile: update apparmor profile to allow reading of
295 files needed when slapd is behaving as a kerberos/gssapi client
296 and acquiring its own ticket. (LP: #1783183)
297
298 -- Andreas Hasenack <andreas@canonical.com> Fri, 09 Nov 2018 21:29:51 -0200
299
300openldap (2.4.46+dfsg-5ubuntu2) disco; urgency=medium
301
302 * No-change rebuild for the perl 5.28 transition.
303
304 -- Adam Conrad <adconrad@ubuntu.com> Fri, 02 Nov 2018 18:14:37 -0600
305
306openldap (2.4.46+dfsg-5ubuntu1) cosmic; urgency=medium
307
308 * Merge from Debian unstable. Remaining changes:
309 - Enable AppArmor support:
310 - d/apparmor-profile: add AppArmor profile
311 - d/rules: use dh_apparmor
312 - d/control: Build-Depends on dh-apparmor
313 - d/slapd.README.Debian: add note about AppArmor
314 - Enable GSSAPI support:
315 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
316 - Add --with-gssapi support
317 - Make guess_service_principal() more robust when determining
318 principal
319 - d/configure.options: Configure with --with-gssapi
320 - d/control: Added heimdal-dev as a build depend
321 - d/rules:
322 - Explicitly add -I/usr/include/heimdal to CFLAGS.
323 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
324 - Enable ufw support:
325 - d/control: suggest ufw.
326 - d/rules: install ufw profile.
327 - d/slapd.ufw.profile: add ufw profile.
328 - Enable nss overlay:
329 - d/{patches/nssov-build,rules}: Apply, build and package the
330 nss overlay.
331 - d/{rules,slapd.py}: Add apport hook.
332 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
333 either the default DIT nor via an Authn mapping.
334 - d/slapd.scripts-common:
335 - add slapcat_opts to local variables.
336 - Fix backup directory naming for multiple reconfiguration.
337 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
338 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
339 in the openldap library, as required by Likewise-Open
340 - Show distribution in version:
341 - d/control: added lsb-release
342 - d/patches/fix-ldap-distribution.patch: show distribution in version
343 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
344 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
345 - GSSAPI support was enabled in 2.4.18-0ubuntu2
346
347 -- Gianfranco Costamagna <locutusofborg@debian.org> Wed, 09 May 2018 13:44:37 +0200
348
80openldap (2.4.46+dfsg-5) unstable; urgency=medium349openldap (2.4.46+dfsg-5) unstable; urgency=medium
81350
82 * Restore slapd-smbk5pwd now that libldap is installable in unstable.351 * Restore slapd-smbk5pwd now that libldap is installable in unstable.
@@ -96,6 +365,49 @@ openldap (2.4.46+dfsg-3) unstable; urgency=medium
96365
97 -- Ryan Tandy <ryan@nardis.ca> Fri, 04 May 2018 07:36:58 -0700366 -- Ryan Tandy <ryan@nardis.ca> Fri, 04 May 2018 07:36:58 -0700
98367
368openldap (2.4.46+dfsg-2ubuntu1) cosmic; urgency=low
369
370 * Merge from Debian unstable. Remaining changes:
371 - Enable AppArmor support:
372 - d/apparmor-profile: add AppArmor profile
373 - d/rules: use dh_apparmor
374 - d/control: Build-Depends on dh-apparmor
375 - d/slapd.README.Debian: add note about AppArmor
376 - Enable GSSAPI support:
377 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
378 - Add --with-gssapi support
379 - Make guess_service_principal() more robust when determining
380 principal
381 - d/configure.options: Configure with --with-gssapi
382 - d/control: Added heimdal-dev as a build depend
383 - d/rules:
384 - Explicitly add -I/usr/include/heimdal to CFLAGS.
385 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
386 - Enable ufw support:
387 - d/control: suggest ufw.
388 - d/rules: install ufw profile.
389 - d/slapd.ufw.profile: add ufw profile.
390 - Enable nss overlay:
391 - d/{patches/nssov-build,rules}: Apply, build and package the
392 nss overlay.
393 - d/{rules,slapd.py}: Add apport hook.
394 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
395 either the default DIT nor via an Authn mapping.
396 - d/slapd.scripts-common:
397 - add slapcat_opts to local variables.
398 - Fix backup directory naming for multiple reconfiguration.
399 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
400 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
401 in the openldap library, as required by Likewise-Open
402 - Show distribution in version:
403 - d/control: added lsb-release
404 - d/patches/fix-ldap-distribution.patch: show distribution in version
405 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
406 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
407 - GSSAPI support was enabled in 2.4.18-0ubuntu2
408
409 -- Gianfranco Costamagna <locutusofborg@debian.org> Fri, 04 May 2018 10:19:24 +0200
410
99openldap (2.4.46+dfsg-2) unstable; urgency=medium411openldap (2.4.46+dfsg-2) unstable; urgency=medium
100412
101 * Remove version constraint from libldap-2.4-2 dependency on libldap-common.413 * Remove version constraint from libldap-2.4-2 dependency on libldap-common.
@@ -125,6 +437,49 @@ openldap (2.4.46+dfsg-1) unstable; urgency=medium
125437
126 -- Ryan Tandy <ryan@nardis.ca> Thu, 03 May 2018 07:03:30 -0700438 -- Ryan Tandy <ryan@nardis.ca> Thu, 03 May 2018 07:03:30 -0700
127439
440openldap (2.4.45+dfsg-1ubuntu1) artful; urgency=low
441
442 * Merge from Debian unstable. Remaining changes:
443 - Enable AppArmor support:
444 - d/apparmor-profile: add AppArmor profile
445 - d/rules: use dh_apparmor
446 - d/control: Build-Depends on dh-apparmor
447 - d/slapd.README.Debian: add note about AppArmor
448 - Enable GSSAPI support:
449 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
450 - Add --with-gssapi support
451 - Make guess_service_principal() more robust when determining
452 principal
453 - d/configure.options: Configure with --with-gssapi
454 - d/control: Added heimdal-dev as a build depend
455 - d/rules:
456 - Explicitly add -I/usr/include/heimdal to CFLAGS.
457 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
458 - Enable ufw support:
459 - d/control: suggest ufw.
460 - d/rules: install ufw profile.
461 - d/slapd.ufw.profile: add ufw profile.
462 - Enable nss overlay:
463 - d/{patches/nssov-build,rules}: Apply, build and package the
464 nss overlay.
465 - d/{rules,slapd.py}: Add apport hook.
466 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
467 either the default DIT nor via an Authn mapping.
468 - d/slapd.scripts-common:
469 - add slapcat_opts to local variables.
470 - Fix backup directory naming for multiple reconfiguration.
471 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
472 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
473 in the openldap library, as required by Likewise-Open
474 - Show distribution in version:
475 - d/control: added lsb-release
476 - d/patches/fix-ldap-distribution.patch: show distribution in version
477 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
478 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
479 - GSSAPI support was enabled in 2.4.18-0ubuntu2
480
481 -- Gianfranco Costamagna <locutusofborg@debian.org> Fri, 28 Jul 2017 14:49:07 +0200
482
128openldap (2.4.45+dfsg-1) unstable; urgency=medium483openldap (2.4.45+dfsg-1) unstable; urgency=medium
129484
130 * New upstream release.485 * New upstream release.
@@ -166,6 +521,49 @@ openldap (2.4.45+dfsg-1) unstable; urgency=medium
166521
167 -- Ryan Tandy <ryan@nardis.ca> Thu, 27 Jul 2017 18:04:41 -0700522 -- Ryan Tandy <ryan@nardis.ca> Thu, 27 Jul 2017 18:04:41 -0700
168523
524openldap (2.4.44+dfsg-8ubuntu1) artful; urgency=low
525
526 * Merge from Debian unstable. Remaining changes:
527 - Enable AppArmor support:
528 - d/apparmor-profile: add AppArmor profile
529 - d/rules: use dh_apparmor
530 - d/control: Build-Depends on dh-apparmor
531 - d/slapd.README.Debian: add note about AppArmor
532 - Enable GSSAPI support:
533 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
534 - Add --with-gssapi support
535 - Make guess_service_principal() more robust when determining
536 principal
537 - d/configure.options: Configure with --with-gssapi
538 - d/control: Added heimdal-dev as a build depend
539 - d/rules:
540 - Explicitly add -I/usr/include/heimdal to CFLAGS.
541 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
542 - Enable ufw support:
543 - d/control: suggest ufw.
544 - d/rules: install ufw profile.
545 - d/slapd.ufw.profile: add ufw profile.
546 - Enable nss overlay:
547 - d/{patches/nssov-build,rules}: Apply, build and package the
548 nss overlay.
549 - d/{rules,slapd.py}: Add apport hook.
550 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
551 either the default DIT nor via an Authn mapping.
552 - d/slapd.scripts-common:
553 - add slapcat_opts to local variables.
554 - Fix backup directory naming for multiple reconfiguration.
555 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
556 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
557 in the openldap library, as required by Likewise-Open
558 - Show distribution in version:
559 - d/control: added lsb-release
560 - d/patches/fix-ldap-distribution.patch: show distribution in version
561 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
562 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
563 - GSSAPI support was enabled in 2.4.18-0ubuntu2
564
565 -- Gianfranco Costamagna <locutusofborg@debian.org> Mon, 17 Jul 2017 10:58:24 +0200
566
169openldap (2.4.44+dfsg-8) unstable; urgency=medium567openldap (2.4.44+dfsg-8) unstable; urgency=medium
170568
171 * Disable test060-mt-hot on ppc64el temporarily to avoid failing tests until 569 * Disable test060-mt-hot on ppc64el temporarily to avoid failing tests until
@@ -176,6 +574,52 @@ openldap (2.4.44+dfsg-8) unstable; urgency=medium
176574
177 -- Ryan Tandy <ryan@nardis.ca> Sun, 16 Jul 2017 12:57:41 -0700575 -- Ryan Tandy <ryan@nardis.ca> Sun, 16 Jul 2017 12:57:41 -0700
178576
577openldap (2.4.44+dfsg-7ubuntu1) artful; urgency=medium
578
579 * Merge from Debian unstable. Remaining changes:
580 - Enable AppArmor support:
581 - d/apparmor-profile: add AppArmor profile
582 - d/rules: use dh_apparmor
583 - d/control: Build-Depends on dh-apparmor
584 - d/slapd.README.Debian: add note about AppArmor
585 - Enable GSSAPI support:
586 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
587 - Add --with-gssapi support
588 - Make guess_service_principal() more robust when determining
589 principal
590 - d/configure.options: Configure with --with-gssapi
591 - d/control: Added heimdal-dev as a build depend
592 - d/rules:
593 - Explicitly add -I/usr/include/heimdal to CFLAGS.
594 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
595 - Enable ufw support:
596 - d/control: suggest ufw.
597 - d/rules: install ufw profile.
598 - d/slapd.ufw.profile: add ufw profile.
599 - Enable nss overlay:
600 - d/{patches/nssov-build,rules}: Apply, build and package the
601 nss overlay.
602 - d/{rules,slapd.py}: Add apport hook.
603 [ d/rules modification mentioned above was dropped in
604 2.4.23-6ubuntu1, re-adding it ]
605 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
606 either the default DIT nor via an Authn mapping.
607 - d/slapd.scripts-common:
608 - add slapcat_opts to local variables.
609 - Fix backup directory naming for multiple reconfiguration.
610 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
611 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
612 in the openldap library, as required by Likewise-Open
613 - Show distribution in version:
614 - d/control: added lsb-release
615 - d/patches/fix-ldap-distribution.patch: show distribution in version
616 [ Refreshed patch ]
617 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
618 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
619 - GSSAPI support was enabled in 2.4.18-0ubuntu2
620
621 -- Gianfranco Costamagna <locutusofborg@debian.org> Tue, 27 Jun 2017 10:21:41 +0200
622
179openldap (2.4.44+dfsg-7) unstable; urgency=medium623openldap (2.4.44+dfsg-7) unstable; urgency=medium
180624
181 * Relax the dependency of libldap-2.4-2 on libldap-common to also permit 625 * Relax the dependency of libldap-2.4-2 on libldap-common to also permit
@@ -183,6 +627,52 @@ openldap (2.4.44+dfsg-7) unstable; urgency=medium
183627
184 -- Ryan Tandy <ryan@nardis.ca> Tue, 27 Jun 2017 18:53:12 -0700628 -- Ryan Tandy <ryan@nardis.ca> Tue, 27 Jun 2017 18:53:12 -0700
185629
630openldap (2.4.44+dfsg-6ubuntu1) artful; urgency=medium
631
632 * Merge from Debian unstable. Remaining changes:
633 - Enable AppArmor support:
634 - d/apparmor-profile: add AppArmor profile
635 - d/rules: use dh_apparmor
636 - d/control: Build-Depends on dh-apparmor
637 - d/slapd.README.Debian: add note about AppArmor
638 - Enable GSSAPI support:
639 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
640 - Add --with-gssapi support
641 - Make guess_service_principal() more robust when determining
642 principal
643 - d/configure.options: Configure with --with-gssapi
644 - d/control: Added heimdal-dev as a build depend
645 - d/rules:
646 - Explicitly add -I/usr/include/heimdal to CFLAGS.
647 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
648 - Enable ufw support:
649 - d/control: suggest ufw.
650 - d/rules: install ufw profile.
651 - d/slapd.ufw.profile: add ufw profile.
652 - Enable nss overlay:
653 - d/{patches/nssov-build,rules}: Apply, build and package the
654 nss overlay.
655 - d/{rules,slapd.py}: Add apport hook.
656 [ d/rules modification mentioned above was dropped in
657 2.4.23-6ubuntu1, re-adding it ]
658 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
659 either the default DIT nor via an Authn mapping.
660 - d/slapd.scripts-common:
661 - add slapcat_opts to local variables.
662 - Fix backup directory naming for multiple reconfiguration.
663 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
664 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
665 in the openldap library, as required by Likewise-Open
666 - Show distribution in version:
667 - d/control: added lsb-release
668 - d/patches/fix-ldap-distribution.patch: show distribution in version
669 [ Refreshed patch ]
670 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
671 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
672 - GSSAPI support was enabled in 2.4.18-0ubuntu2
673
674 -- Gianfranco Costamagna <locutusofborg@debian.org> Tue, 27 Jun 2017 10:21:41 +0200
675
186openldap (2.4.44+dfsg-6) unstable; urgency=medium676openldap (2.4.44+dfsg-6) unstable; urgency=medium
187677
188 * Update the list of non-translatable strings for the 678 * Update the list of non-translatable strings for the
@@ -191,6 +681,54 @@ openldap (2.4.44+dfsg-6) unstable; urgency=medium
191681
192 -- Ryan Tandy <ryan@nardis.ca> Mon, 26 Jun 2017 19:42:02 -0700682 -- Ryan Tandy <ryan@nardis.ca> Mon, 26 Jun 2017 19:42:02 -0700
193683
684openldap (2.4.44+dfsg-5ubuntu1) artful; urgency=medium
685
686 * Merge from Debian unstable. Remaining changes:
687 - Enable AppArmor support:
688 - d/apparmor-profile: add AppArmor profile
689 - d/rules: use dh_apparmor
690 - d/control: Build-Depends on dh-apparmor
691 - d/slapd.README.Debian: add note about AppArmor
692 - Enable GSSAPI support:
693 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
694 - Add --with-gssapi support
695 - Make guess_service_principal() more robust when determining
696 principal
697 - d/configure.options: Configure with --with-gssapi
698 - d/control: Added heimdal-dev as a build depend
699 - d/rules:
700 - Explicitly add -I/usr/include/heimdal to CFLAGS.
701 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
702 - Enable ufw support:
703 - d/control: suggest ufw.
704 - d/rules: install ufw profile.
705 - d/slapd.ufw.profile: add ufw profile.
706 - Enable nss overlay:
707 - d/{patches/nssov-build,rules}: Apply, build and package the
708 nss overlay.
709 - d/{rules,slapd.py}: Add apport hook.
710 [ d/rules modification mentioned above was dropped in
711 2.4.23-6ubuntu1, re-adding it ]
712 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
713 either the default DIT nor via an Authn mapping.
714 - d/slapd.scripts-common:
715 - add slapcat_opts to local variables.
716 - Fix backup directory naming for multiple reconfiguration.
717 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
718 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
719 in the openldap library, as required by Likewise-Open
720 - Show distribution in version:
721 - d/control: added lsb-release
722 - d/patches/fix-ldap-distribution.patch: show distribution in version
723 [ Refreshed patch ]
724 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
725 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
726 - GSSAPI support was enabled in 2.4.18-0ubuntu2
727 [ undocumented in prior merge, added in 2.4.41+dfsg-1ubuntu1 ]
728 - Fix use after free with GnuTLS. (LP #1557248)
729
730 -- Gianfranco Costamagna <locutusofborg@debian.org> Sun, 28 May 2017 22:43:50 +0200
731
194openldap (2.4.44+dfsg-5) unstable; urgency=medium732openldap (2.4.44+dfsg-5) unstable; urgency=medium
195733
196 * debian/patches/ITS-8644-wait-for-slapd-to-start-in-test064.patch: Fix an 734 * debian/patches/ITS-8644-wait-for-slapd-to-start-in-test064.patch: Fix an
@@ -202,6 +740,54 @@ openldap (2.4.44+dfsg-5) unstable; urgency=medium
202740
203 -- Ryan Tandy <ryan@nardis.ca> Sun, 28 May 2017 09:59:46 -0700741 -- Ryan Tandy <ryan@nardis.ca> Sun, 28 May 2017 09:59:46 -0700
204742
743openldap (2.4.44+dfsg-4ubuntu1) artful; urgency=low
744
745 * Merge from Debian unstable. Remaining changes:
746 - Enable AppArmor support:
747 - d/apparmor-profile: add AppArmor profile
748 - d/rules: use dh_apparmor
749 - d/control: Build-Depends on dh-apparmor
750 - d/slapd.README.Debian: add note about AppArmor
751 - Enable GSSAPI support:
752 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
753 - Add --with-gssapi support
754 - Make guess_service_principal() more robust when determining
755 principal
756 - d/configure.options: Configure with --with-gssapi
757 - d/control: Added heimdal-dev as a build depend
758 - d/rules:
759 - Explicitly add -I/usr/include/heimdal to CFLAGS.
760 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
761 - Enable ufw support:
762 - d/control: suggest ufw.
763 - d/rules: install ufw profile.
764 - d/slapd.ufw.profile: add ufw profile.
765 - Enable nss overlay:
766 - d/{patches/nssov-build,rules}: Apply, build and package the
767 nss overlay.
768 - d/{rules,slapd.py}: Add apport hook.
769 [ d/rules modification mentioned above was dropped in
770 2.4.23-6ubuntu1, re-adding it ]
771 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
772 either the default DIT nor via an Authn mapping.
773 - d/slapd.scripts-common:
774 - add slapcat_opts to local variables.
775 - Fix backup directory naming for multiple reconfiguration.
776 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
777 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
778 in the openldap library, as required by Likewise-Open
779 - Show distribution in version:
780 - d/control: added lsb-release
781 - d/patches/fix-ldap-distribution.patch: show distribution in version
782 [ Refreshed patch ]
783 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
784 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
785 - GSSAPI support was enabled in 2.4.18-0ubuntu2
786 [ undocumented in prior merge, added in 2.4.41+dfsg-1ubuntu1 ]
787 - Fix use after free with GnuTLS. (LP #1557248)
788
789 -- Gianfranco Costamagna <locutusofborg@debian.org> Sat, 22 Apr 2017 14:28:54 +0200
790
205openldap (2.4.44+dfsg-4) unstable; urgency=medium791openldap (2.4.44+dfsg-4) unstable; urgency=medium
206792
207 * Improve the slapd/ppolicy_schema_needs_update debconf template. Thanks to 793 * Improve the slapd/ppolicy_schema_needs_update debconf template. Thanks to
@@ -248,6 +834,67 @@ openldap (2.4.44+dfsg-4) unstable; urgency=medium
248834
249 -- Ryan Tandy <ryan@nardis.ca> Sun, 16 Apr 2017 20:10:43 -0700835 -- Ryan Tandy <ryan@nardis.ca> Sun, 16 Apr 2017 20:10:43 -0700
250836
837openldap (2.4.44+dfsg-3ubuntu2) zesty; urgency=medium
838
839 * d/rules: Fix typo in previous upload.
840
841 -- Nishanth Aravamudan <nish.aravamudan@canonical.com> Fri, 10 Feb 2017 12:17:02 -0800
842
843openldap (2.4.44+dfsg-3ubuntu1) zesty; urgency=medium
844
845 * Merge with Debian unstable (LP: #1663702, LP: #1654416). Remaining
846 changes
847 - Enable AppArmor support:
848 - d/apparmor-profile: add AppArmor profile
849 - d/rules: use dh_apparmor
850 - d/control: Build-Depends on dh-apparmor
851 - d/slapd.README.Debian: add note about AppArmor
852 - Enable GSSAPI support:
853 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
854 - Add --with-gssapi support
855 - Make guess_service_principal() more robust when determining
856 principal
857 - d/configure.options: Configure with --with-gssapi
858 - d/control: Added heimdal-dev as a build depend
859 - d/rules:
860 - Explicitly add -I/usr/include/heimdal to CFLAGS.
861 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
862 - Enable ufw support:
863 - d/control: suggest ufw.
864 - d/rules: install ufw profile.
865 - d/slapd.ufw.profile: add ufw profile.
866 - Enable nss overlay:
867 - d/{patches/nssov-build,rules}: Apply, build and package the
868 nss overlay.
869 - d/{rules,slapd.py}: Add apport hook.
870 [ d/rules modification mentioned above was dropped in
871 2.4.23-6ubuntu1, re-adding it ]
872 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
873 either the default DIT nor via an Authn mapping.
874 - d/slapd.scripts-common:
875 - add slapcat_opts to local variables.
876 - Fix backup directory naming for multiple reconfiguration.
877 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
878 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
879 in the openldap library, as required by Likewise-Open
880 - Show distribution in version:
881 - d/control: added lsb-release
882 - d/patches/fix-ldap-distribution.patch: show distribution in version
883 [ Refreshed patch ]
884 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
885 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
886 - GSSAPI support was enabled in 2.4.18-0ubuntu2
887 [ undocumented in prior merge, added in 2.4.41+dfsg-1ubuntu1 ]
888 - Fix use after free with GnuTLS. (LP #1557248)
889 * Drop:
890 - d/slapd.scripts-common:
891 + Remove unused variable new_conf.
892 [ configure_v2_protocol_support function removed in 2.4.44+dfsg-1 ]
893 - d/b/config.log: add config.log
894 [ previously undocumented, stray change ]
895
896 -- Nishanth Aravamudan <nish.aravamudan@canonical.com> Fri, 10 Feb 2017 11:38:57 -0800
897
251openldap (2.4.44+dfsg-3) unstable; urgency=medium898openldap (2.4.44+dfsg-3) unstable; urgency=medium
252899
253 * Apply upstream patch to fix FTBFS on kFreeBSD. (Closes: #845394)900 * Apply upstream patch to fix FTBFS on kFreeBSD. (Closes: #845394)
@@ -320,6 +967,73 @@ openldap (2.4.44+dfsg-1) unstable; urgency=medium
320967
321 -- Ryan Tandy <ryan@nardis.ca> Mon, 14 Nov 2016 18:59:30 -0800968 -- Ryan Tandy <ryan@nardis.ca> Mon, 14 Nov 2016 18:59:30 -0800
322969
970openldap (2.4.42+dfsg-2ubuntu5) zesty; urgency=medium
971
972 * No-change rebuild for perl 5.24 transition
973
974 -- Iain Lane <iain@orangesquash.org.uk> Mon, 24 Oct 2016 10:37:13 +0100
975
976openldap (2.4.42+dfsg-2ubuntu4) yakkety; urgency=medium
977
978 * Fix use after free with GnuTLS. (LP: #1557248)
979
980 -- Maciej Puzio <maciej@work.swmed.edu> Fri, 25 Mar 2016 15:24:25 -0500
981
982openldap (2.4.42+dfsg-2ubuntu3) xenial; urgency=medium
983
984 * Fix building with gssapi suppport:
985 - Explicitly add -I/usr/include/heimdal to CFLAGS.
986 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
987
988 -- Matthias Klose <doko@ubuntu.com> Thu, 18 Feb 2016 09:17:27 +0100
989
990openldap (2.4.42+dfsg-2ubuntu2) xenial; urgency=medium
991
992 * No-change rebuild for gnutls transition.
993
994 -- Matthias Klose <doko@ubuntu.com> Wed, 17 Feb 2016 22:27:04 +0000
995
996openldap (2.4.42+dfsg-2ubuntu1) xenial; urgency=medium
997
998 * Merge from Debian testing (LP: #1532648). Remaining changes:
999 - Enable AppArmor support:
1000 - d/apparmor-profile: add AppArmor profile
1001 - d/rules: use dh_apparmor
1002 - d/control: Build-Depends on dh-apparmor
1003 - d/slapd.README.Debian: add note about AppArmor
1004 - Enable GSSAPI support:
1005 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1006 - Add --with-gssapi support
1007 - Make guess_service_principal() more robust when determining
1008 principal
1009 - d/configure.options: Configure with --with-gssapi
1010 - d/control: Added heimdal-dev as a build depend
1011 - Enable ufw support:
1012 - d/control: suggest ufw.
1013 - d/rules: install ufw profile.
1014 - d/slapd.ufw.profile: add ufw profile.
1015 - Enable nss overlay:
1016 - d/{patches/nssov-build,rules}: Apply, build and package the
1017 nss overlay.
1018 - d/{rules,slapd.py}: Add apport hook.
1019 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1020 either the default DIT nor via an Authn mapping.
1021 - d/slapd.scripts-common:
1022 - add slapcat_opts to local variables.
1023 - Remove unused variable new_conf.
1024 - Fix backup directory naming for multiple reconfiguration.
1025 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1026 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1027 in the openldap library, as required by Likewise-Open
1028 - Show distribution in version:
1029 - d/control: added lsb-release
1030 - d/patches/fix-ldap-distribution.patch: show distribution in version
1031 * Drop CVE-2015-6908.patch, included in Debian.
1032 * Remove DEB_HOST_ARCH from debian/rules: left over from when mdb was
1033 disabled on ppc64el, no longer used, and missed in the previous merge.
1034
1035 -- Ryan Tandy <ryan@nardis.ca> Sun, 10 Jan 2016 15:50:53 -0800
1036
323openldap (2.4.42+dfsg-2) unstable; urgency=medium1037openldap (2.4.42+dfsg-2) unstable; urgency=medium
3241038
325 [ Ryan Tandy ]1039 [ Ryan Tandy ]
@@ -387,6 +1101,71 @@ openldap (2.4.42+dfsg-1) unstable; urgency=medium
3871101
388 -- Ryan Tandy <ryan@nardis.ca> Fri, 21 Aug 2015 13:07:51 -07001102 -- Ryan Tandy <ryan@nardis.ca> Fri, 21 Aug 2015 13:07:51 -0700
3891103
1104openldap (2.4.41+dfsg-1ubuntu3) xenial; urgency=medium
1105
1106 * Rebuild for Perl 5.22.1.
1107
1108 -- Colin Watson <cjwatson@ubuntu.com> Fri, 18 Dec 2015 15:10:17 +0000
1109
1110openldap (2.4.41+dfsg-1ubuntu2) wily; urgency=medium
1111
1112 * SECURITY UPDATE: denial of service via crafted BER data
1113 - debian/patches/CVE-2015-6908.patch: remove obsolete assert in
1114 libraries/liblber/io.c.
1115 - CVE-2015-6908
1116
1117 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 14 Sep 2015 10:25:04 -0400
1118
1119openldap (2.4.41+dfsg-1ubuntu1) wily; urgency=medium
1120
1121 * Merge from Debian testing (LP: #1471831). Remaining changes:
1122 - Enable AppArmor support:
1123 - d/apparmor-profile: add AppArmor profile
1124 - d/rules: use dh_apparmor
1125 - d/control: Build-Depends on dh-apparmor
1126 - d/slapd.README.Debian: add note about AppArmor
1127 - Enable GSSAPI support:
1128 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1129 - Add --with-gssapi support
1130 - Make guess_service_principal() more robust when determining
1131 principal
1132 - d/configure.options: Configure with --with-gssapi
1133 - d/control: Added heimdal-dev as a build depend
1134 - Enable ufw support:
1135 - d/control: suggest ufw.
1136 - d/rules: install ufw profile.
1137 - d/slapd.ufw.profile: add ufw profile.
1138 - Enable nss overlay:
1139 - d/{patches/nssov-build,rules}: Apply, build and package the
1140 nss overlay.
1141 - d/{rules,slapd.py}: Add apport hook.
1142 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1143 either the default DIT nor via an Authn mapping.
1144 - d/slapd.scripts-common:
1145 - add slapcat_opts to local variables.
1146 - Remove unused variable new_conf.
1147 - Fix backup directory naming for multiple reconfiguration.
1148 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1149 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1150 in the openldap library, as required by Likewise-Open
1151 - Show distribution in version:
1152 - d/control: added lsb-release
1153 - d/patches/fix-ldap-distribution.patch: show distribution in version
1154 * Dropped changes:
1155 - Fix cpp calls for GCC 5: fixed upstream (ITS#8056)
1156 * Upstream fixes:
1157 - slapd crash with auditlog overlay and large (~27KB) attribute values
1158 (ITS#8003) (LP: #1461276)
1159 - nssov updated to support recent nss-pam-ldapd client libraries
1160 (ITS#8097) (LP: #1393306)
1161 * Update d/patches/nssov-build for upstream changes.
1162 * Tweak d/patches/gssapi.diff to apply without fuzz.
1163 * d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1164 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1165 - GSSAPI support was enabled in 2.4.18-0ubuntu2
1166
1167 -- Ryan Tandy <ryan@nardis.ca> Fri, 24 Jul 2015 14:12:06 -0700
1168
390openldap (2.4.41+dfsg-1) unstable; urgency=medium1169openldap (2.4.41+dfsg-1) unstable; urgency=medium
3911170
392 * New upstream release.1171 * New upstream release.
@@ -406,6 +1185,62 @@ openldap (2.4.40+dfsg-2) unstable; urgency=medium
4061185
407 -- Ryan Tandy <ryan@nardis.ca> Sun, 28 Jun 2015 20:40:37 -07001186 -- Ryan Tandy <ryan@nardis.ca> Sun, 28 Jun 2015 20:40:37 -0700
4081187
1188openldap (2.4.40+dfsg-1ubuntu2) wily; urgency=medium
1189
1190 * No-change rebuild for the libnettle6 transition.
1191
1192 -- Adam Conrad <adconrad@ubuntu.com> Sun, 14 Jun 2015 03:58:30 -0600
1193
1194openldap (2.4.40+dfsg-1ubuntu1) wily; urgency=low
1195
1196 * Merge from Debian testing (LP: #1395098, LP: #1316124). Remaining changes:
1197 - Enable AppArmor support:
1198 - d/apparmor-profile: add AppArmor profile
1199 - d/rules: use dh_apparmor
1200 - d/control: Build-Depends on dh-apparmor
1201 - d/slapd.README.Debian: add note about AppArmor
1202 - Enable GSSAPI support:
1203 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1204 - Add --with-gssapi support
1205 - Make guess_service_principal() more robust when determining
1206 principal
1207 - d/configure.options: Configure with --with-gssapi
1208 - d/control: Added heimdal-dev as a build depend
1209 - Enable ufw support:
1210 - d/control: suggest ufw.
1211 - d/rules: install ufw profile.
1212 - d/slapd.ufw.profile: add ufw profile.
1213 - Enable nss overlay:
1214 - d/{patches/nssov-build,rules}: Apply, build and package the
1215 nss overlay.
1216 - d/{rules,slapd.py}: Add apport hook.
1217 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1218 either the default DIT nor via an Authn mapping.
1219 - d/slapd.scripts-common:
1220 - add slapcat_opts to local variables.
1221 - Remove unused variable new_conf.
1222 - Fix backup directory naming for multiple reconfiguration.
1223 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1224 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1225 in the openldap library, as required by Likewise-Open
1226 - Show distribution in version:
1227 - d/control: added lsb-release
1228 - d/patches/fix-ldap-distribution.patch: show distribution in version
1229 * Drop patches included upstream:
1230 - d/patches/0001-ITS-7430-GnuTLS-Avoid-use-of-deprecated-function.patch
1231 - d/patches/bdb-deadlock.patch
1232 - d/patches/its-7354-fix-delta-sync-mmr.diff
1233 * Drop hardening-wrapper as Debian now sets PIE and bindnow flags.
1234 * debian/patches/nssov-build: Adjust for upstream changes.
1235 * debian/apparmor-profile:
1236 - Change 'r' to 'rw' for ldapi and nslcd sockets, required for apparmor
1237 kernel ABI v7 (utopic and later). (LP: #1392018)
1238 - Reduce permissions on /run/nslcd to just the nslcd socket.
1239 * Enable the mdb backend again on ppc64el, fixed upstream in ITS#7713.
1240 (LP: #1293250)
1241
1242 -- Ryan Tandy <ryan@nardis.ca> Mon, 25 May 2015 19:49:21 -0700
1243
409openldap (2.4.40+dfsg-1) unstable; urgency=medium1244openldap (2.4.40+dfsg-1) unstable; urgency=medium
4101245
411 * Remove inetorgperson.schema from the upstream source. Replace it with a1246 * Remove inetorgperson.schema from the upstream source. Replace it with a
@@ -594,6 +1429,187 @@ openldap (2.4.39-1) unstable; urgency=low
5941429
595 -- Steve Langasek <vorlon@debian.org> Mon, 17 Mar 2014 15:27:31 -07001430 -- Steve Langasek <vorlon@debian.org> Mon, 17 Mar 2014 15:27:31 -0700
5961431
1432openldap (2.4.31-1+nmu2ubuntu12) vivid; urgency=medium
1433
1434 * Fix cpp calls for GCC 5.
1435
1436 -- Matthias Klose <doko@ubuntu.com> Fri, 06 Mar 2015 13:23:29 +0100
1437
1438openldap (2.4.31-1+nmu2ubuntu11) utopic; urgency=medium
1439
1440 * debian/apparmor-profile:
1441 - allow p11-kit abstraction
1442 - allow read of /etc/gss/mech.d/*
1443
1444 -- Jamie Strandboge <jamie@ubuntu.com> Tue, 02 Sep 2014 15:29:05 -0500
1445
1446openldap (2.4.31-1+nmu2ubuntu10) utopic; urgency=medium
1447
1448 * Rebuild for Perl 5.20.0.
1449
1450 -- Colin Watson <cjwatson@ubuntu.com> Thu, 21 Aug 2014 13:29:20 +0100
1451
1452openldap (2.4.31-1+nmu2ubuntu9) utopic; urgency=medium
1453
1454 * Cherry-pick upstream patch for compat with recent GNUTLS.
1455 * Build-depend on libgnutls28-dev.
1456 * Build-depend on libgcrypt20-dev.
1457
1458 -- Dimitri John Ledkov <xnox@ubuntu.com> Fri, 08 Aug 2014 11:01:56 +0100
1459
1460openldap (2.4.31-1+nmu2ubuntu8) trusty; urgency=medium
1461
1462 * Bump database_format_changed value to 2.4.31-1+nmu2ubuntu5 for db5.3.
1463
1464 -- Adam Conrad <adconrad@ubuntu.com> Mon, 17 Mar 2014 12:50:18 -0600
1465
1466openldap (2.4.31-1+nmu2ubuntu7) trusty; urgency=medium
1467
1468 * Disable mdb backend on ppc64el due to test-suite failures.
1469
1470 -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 17 Mar 2014 16:32:29 +0000
1471
1472openldap (2.4.31-1+nmu2ubuntu6) trusty; urgency=low
1473
1474 * Fix segfault issue with master-master syncrepl (LP: #1287730):
1475 - d/patches/its-7354-fix-delta-sync-mmr.diff: Cherry picked
1476 patch from upstream VCS.
1477
1478 -- Pierre Fersing <pfersing@sierrawireless.com> Tue, 04 Mar 2014 16:04:57 +0100
1479
1480openldap (2.4.31-1+nmu2ubuntu5) trusty; urgency=low
1481
1482 * Build-depend on libdb5.3-dev, instead of libdb5.1-dev.
1483
1484 -- Dmitrijs Ledkovs <xnox@ubuntu.com> Mon, 04 Nov 2013 08:04:30 +0000
1485
1486openldap (2.4.31-1+nmu2ubuntu4) trusty; urgency=low
1487
1488 * Rebuild for Perl 5.18.
1489
1490 -- Colin Watson <cjwatson@ubuntu.com> Tue, 22 Oct 2013 12:16:39 +0100
1491
1492openldap (2.4.31-1+nmu2ubuntu3) saucy; urgency=low
1493
1494 * Update build/config.guess and build/config.sub at build time; this was
1495 not done automatically because the top-level configure.in does not use
1496 Automake.
1497
1498 -- Colin Watson <cjwatson@ubuntu.com> Tue, 08 Oct 2013 17:24:59 +0100
1499
1500openldap (2.4.31-1+nmu2ubuntu2) saucy; urgency=low
1501
1502 * debian/control: added lsb-release
1503 * debian/patches/fix-ldap-distribution.patch: show distribution in version
1504
1505 -- Yolanda Robla <yolanda.robla@canonical.com> Mon, 08 Jul 2013 16:53:09 +0200
1506
1507openldap (2.4.31-1+nmu2ubuntu1) saucy; urgency=low
1508
1509 * Merge from Debian unstable. Remaining changes:
1510 - Enable AppArmor support:
1511 - d/apparmor-profile: add AppArmor profile
1512 - d/rules: use dh_apparmor
1513 - d/control: Build-Depends on dh-apparmor
1514 - d/slapd.README.Debian: add note about AppArmor
1515 - d/slapd.dirs: add etc/apparmor.d/force-complain
1516 - Enable GSSAPI support:
1517 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1518 - Add --with-gssapi support
1519 - Make guess_service_principal() more robust when determining
1520 principal
1521 - d/configure.options: Configure with --with-gssapi
1522 - d/control: Added libkrb5-dev as a build depend
1523 - Enable ufw support:
1524 - d/control: suggest ufw.
1525 - d/rules: install ufw profile.
1526 - d/slapd.ufw.profile: add ufw profile.
1527 - Enable nss overlay:
1528 - d/{patches/nssov-build,/rules}: Apply, build and package the
1529 nss overlay.
1530 - d/{rules,slapd.py}: Add apport hook.
1531 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1532 either the default DIT nor via an Authn mapping.
1533 - d/slapd.scripts-common:
1534 - add slapcat_opts to local variables.
1535 - Remove unused variable new_conf.
1536 - Fix backup directory naming for multiple reconfiguration.
1537 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1538 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1539 in the openldap library, as required by Likewise-Open
1540 - d/{control,rules}: enable PIE hardening
1541
1542 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 30 May 2013 13:03:25 -0400
1543
1544openldap (2.4.31-1+nmu2) unstable; urgency=high
1545
1546 * Non-maintainer upload.
1547 * No-change rebuild in a clean environment
1548
1549 -- Jonathan Wiltshire <jmw@debian.org> Tue, 23 Apr 2013 13:10:00 +0100
1550
1551openldap (2.4.31-1+nmu1) unstable; urgency=medium
1552
1553 * Non-maintainer upload.
1554 * Avoid deadlocks in back-bdb that truncate slapcat output (closes: #673038).
1555
1556 -- Michael Gilbert <mgilbert@debian.org> Tue, 16 Apr 2013 03:35:31 +0000
1557
1558openldap (2.4.31-1ubuntu2) quantal-proposed; urgency=low
1559
1560 * debian/slapd.py: Add AppArmor info and logs to apport hook.
1561
1562 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 20 Aug 2012 08:46:02 -0400
1563
1564openldap (2.4.31-1ubuntu1) quantal; urgency=low
1565
1566 * Merge from Debian unstable. Remaining changes:
1567 - Enable AppArmor support:
1568 - d/apparmor-profile: add AppArmor profile
1569 - d/rules: use dh_apparmor
1570 - d/control: Build-Depends on dh-apparmor
1571 - d/slapd.README.Debian: add note about AppArmor
1572 - d/slapd.dirs: add etc/apparmor.d/force-complain
1573 - Enable GSSAPI support (LP: #495418):
1574 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1575 - Add --with-gssapi support
1576 - Make guess_service_principal() more robust when determining
1577 principal
1578 - d/configure.options: Configure with --with-gssapi
1579 - d/control: Added libkrb5-dev as a build depend
1580 - Enable ufw support (LP: #423246):
1581 - d/control: suggest ufw.
1582 - d/rules: install ufw profile.
1583 - d/slapd.ufw.profile: add ufw profile.
1584 - Enable nss overlay (LP: #675391):
1585 - d/{patches/nssov-build,/rules}: Apply, build and package the
1586 nss overlay.
1587 - d/{rules,slapd.py}: Add apport hook. (LP: #610544)
1588 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1589 either the default DIT nor via an Authn mapping.
1590 - d/slapd.scripts-common:
1591 - add slapcat_opts to local variables.
1592 - Remove unused variable new_conf.
1593 - Fix backup directory naming for multiple reconfiguration.
1594 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1595 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1596 in the openldap library, as required by Likewise-Open (LP: #390579)
1597 - d/{control,rules}: enable PIE hardening
1598 * Dropped changes:
1599 - d/patches/its-7107-fix-Operation-init-on-reuse.diff: Included in upstream release.
1600 - d/patches/CVE-2011-4079: Included in upstream release.
1601 - d/patches/service-operational-before-detach: Included in upstream release.
1602 - d/schema/extra/misc.ldif: Included upstream.
1603 - d/{rules,schema/extra}: Fix configure and clean rules to support
1604 extra schemas shipped as part of the debian/schema/ directory; no longer required.
1605 - Included in Debian:
1606 + Document cn=config in README file.
1607 + Install a default DIT; actually a minimal configuration.
1608 + d/patches/heimdal-fix.
1609 * General tidy of d/patches to remove obsolete patches being held in Ubuntu delta.
1610
1611 -- James Page <james.page@ubuntu.com> Fri, 20 Jul 2012 13:48:32 +0100
1612
597openldap (2.4.31-1) unstable; urgency=low1613openldap (2.4.31-1) unstable; urgency=low
5981614
599 * New upstream release.1615 * New upstream release.
@@ -620,6 +1636,121 @@ openldap (2.4.31-1) unstable; urgency=low
6201636
621 -- Steve Langasek <vorlon@debian.org> Wed, 27 Jun 2012 03:27:34 +00001637 -- Steve Langasek <vorlon@debian.org> Wed, 27 Jun 2012 03:27:34 +0000
6221638
1639openldap (2.4.28-1.1ubuntu6) quantal; urgency=low
1640
1641 * Fix issue with intermittent connection issues when using LDAPv3
1642 protocol (LP: #1023025):
1643 - d/patches/its-7107-fix-Operation-init-on-reuse.diff: Cherry picked
1644 patch from upstream VCS which ensures objects are initialized before
1645 re-use.
1646
1647 -- Pierre Fersing <pfersing@sierrawireless.com> Thu, 19 Jul 2012 14:05:09 +0100
1648
1649openldap (2.4.28-1.1ubuntu5) quantal; urgency=low
1650
1651 * debian/rules: Add smbk5pwd build.
1652 * debian/control: Add slapd-smbk5pwd binary package.
1653 * debian/patches/heimdal-fix: adapt parameters of
1654 hdb_generate_key_set_password() to heimdal 1.6~git20120311
1655 (patch from Debian #664930).
1656
1657 -- Jorge Salamero Sanz <bencer@debian.org> Wed, 18 Jul 2012 09:30:28 -0400
1658
1659openldap (2.4.28-1.1ubuntu4) precise; urgency=low
1660
1661 * debian/control: Build-Depends on dh-apparmor (LP: #948481)
1662
1663 -- Jamie Strandboge <jamie@ubuntu.com> Thu, 05 Apr 2012 09:34:37 -0500
1664
1665openldap (2.4.28-1.1ubuntu3) precise; urgency=low
1666
1667 * Add its-7176-only-poll-sockets-for-write-as-needed.diff
1668 (LP: #932823).
1669
1670 -- Timo Aaltonen <tjaalton@ubuntu.com> Tue, 21 Feb 2012 15:36:29 +0200
1671
1672openldap (2.4.28-1.1ubuntu2) precise; urgency=low
1673
1674 * Remove debian/patches/CVE-2011-4079; it's already in this upstream
1675 version. Fixes FTBFS.
1676
1677 -- Daniel T Chen <crimsun@ubuntu.com> Wed, 25 Jan 2012 17:26:17 -0500
1678
1679openldap (2.4.28-1.1ubuntu1) precise; urgency=low
1680
1681 * Merge from Debian testing. Remaining changes:
1682 - Install a default DIT (LP: #442498).
1683 - Document cn=config in README file (LP: #370784).
1684 - remaining changes:
1685 + AppArmor support:
1686 - debian/apparmor-profile: add AppArmor profile
1687 - use dh_apparmor:
1688 - debian/rules: use dh_apparmor
1689 - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
1690 - updated debian/slapd.README.Debian for note on AppArmor
1691 - debian/slapd.dirs: add etc/apparmor.d/force-complain
1692 + Enable GSSAPI support (LP: #495418):
1693 - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1694 - Add --with-gssapi support
1695 - Make guess_service_principal() more robust when determining
1696 principal
1697 - debian/patches/series: apply gssapi.diff patch.
1698 - debian/configure.options: Configure with --with-gssapi
1699 - debian/control: Added libkrb5-dev as a build depend
1700 + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1701 in the openldap library, as required by Likewise-Open (LP: #390579)
1702 + Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
1703 - debian/control:
1704 - remove build-dependency on heimdal-dev.
1705 - remove slapd-smbk5pwd binary package.
1706 - debian/rules: don't build smbk5pwd slapd module.
1707 + debian/{control,rules}: enable PIE hardening
1708 + ufw support (LP: #423246):
1709 - debian/control: suggest ufw.
1710 - debian/rules: install ufw profile.
1711 - debian/slapd.ufw.profile: add ufw profile.
1712 + Enable nssoverlay:
1713 - debian/patches/nssov-build, debian/series, debian/rules:
1714 Apply, build and package the nss overlay.
1715 - debian/schema/extra/misc.ldif: add ldif file for the misc schema
1716 which defines rfc822MailMember (required by the nss overlay).
1717 + debian/rules, debian/schema/extra/:
1718 Fix configure rule to supports extra schemas shipped as part
1719 of the debian/schema/ directory.
1720 + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
1721 + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
1722 neither the default DIT nor via an Authn mapping.
1723 + debian/slapd.scripts-common: adjust minimum version that triggers a
1724 database upgrade. Upgrade from maverick shouldn't trigger database
1725 upgrade (which would happen with the version used in Debian).
1726 + debian/slapd.scripts-common: add slapcat_opts to local variables.
1727 Remove unused variable new_conf.
1728 + debian/slapd.script-common: Fix package reconfiguration.
1729 - Fix backup directory naming for multiple reconfiguration.
1730 + debian/slapd.default, debian/slapd.README.Debian:
1731 use the new configuration style.
1732 + Install nss overlay (LP: #675391):
1733 - debian/rules: run install target for nssov module.
1734 - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema
1735 + debian/patches/gssapi.diff:
1736 - Update patch so that likewise-open is usuable again. (LP: #661547)
1737 + debian/patches/service-operational-before-detach: New patch replacing old one
1738 of the same name as previous could cause database corruption based on upstream commits.
1739 (LP: #727973)
1740 + debian/patches/CVE-2011-4079: fix off by one error in postalAddressNormalize()
1741 (CVE-2011-4079)
1742
1743
1744 -- Chuck Short <zulcss@ubuntu.com> Mon, 23 Jan 2012 10:01:13 -0500
1745
1746openldap (2.4.28-1.1) unstable; urgency=low
1747
1748 * Non-maintainer upload.
1749 * Disable the mdb backend on non-Linux, it looks like it doesn't work with
1750 linuxthreads (closes: #654824).
1751
1752 -- Julien Cristau <jcristau@debian.org> Mon, 16 Jan 2012 19:45:42 +0100
1753
623openldap (2.4.28-1) unstable; urgency=low1754openldap (2.4.28-1) unstable; urgency=low
6241755
625 * New upstream release.1756 * New upstream release.
@@ -647,6 +1778,72 @@ openldap (2.4.28-1) unstable; urgency=low
6471778
648 -- Steve Langasek <vorlon@debian.org> Thu, 05 Jan 2012 06:07:11 +00001779 -- Steve Langasek <vorlon@debian.org> Thu, 05 Jan 2012 06:07:11 +0000
6491780
1781openldap (2.4.25-4ubuntu1) precise; urgency=low
1782
1783 * Merge from Debian testing. Remaining changes:
1784 - Install a default DIT (LP: #442498).
1785 - Document cn=config in README file (LP: #370784).
1786 - remaining changes:
1787 + AppArmor support:
1788 - debian/apparmor-profile: add AppArmor profile
1789 - use dh_apparmor:
1790 - debian/rules: use dh_apparmor
1791 - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
1792 - updated debian/slapd.README.Debian for note on AppArmor
1793 - debian/slapd.dirs: add etc/apparmor.d/force-complain
1794 + Enable GSSAPI support (LP: #495418):
1795 - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1796 - Add --with-gssapi support
1797 - Make guess_service_principal() more robust when determining
1798 principal
1799 - debian/patches/series: apply gssapi.diff patch.
1800 - debian/configure.options: Configure with --with-gssapi
1801 - debian/control: Added libkrb5-dev as a build depend
1802 + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1803 in the openldap library, as required by Likewise-Open (LP: #390579)
1804 + Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
1805 - debian/control:
1806 - remove build-dependency on heimdal-dev.
1807 - remove slapd-smbk5pwd binary package.
1808 - debian/rules: don't build smbk5pwd slapd module.
1809 + debian/{control,rules}: enable PIE hardening
1810 + ufw support (LP: #423246):
1811 - debian/control: suggest ufw.
1812 - debian/rules: install ufw profile.
1813 - debian/slapd.ufw.profile: add ufw profile.
1814 + Enable nssoverlay:
1815 - debian/patches/nssov-build, debian/series, debian/rules:
1816 Apply, build and package the nss overlay.
1817 - debian/schema/extra/misc.ldif: add ldif file for the misc schema
1818 which defines rfc822MailMember (required by the nss overlay).
1819 + debian/rules, debian/schema/extra/:
1820 Fix configure rule to supports extra schemas shipped as part
1821 of the debian/schema/ directory.
1822 + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
1823 + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
1824 neither the default DIT nor via an Authn mapping.
1825 + debian/slapd.scripts-common: adjust minimum version that triggers a
1826 database upgrade. Upgrade from maverick shouldn't trigger database
1827 upgrade (which would happen with the version used in Debian).
1828 + debian/slapd.scripts-common: add slapcat_opts to local variables.
1829 Remove unused variable new_conf.
1830 + debian/slapd.script-common: Fix package reconfiguration.
1831 - Fix backup directory naming for multiple reconfiguration.
1832 + debian/slapd.default, debian/slapd.README.Debian:
1833 use the new configuration style.
1834 + Install nss overlay (LP: #675391):
1835 - debian/rules: run install target for nssov module.
1836 - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema
1837 + debian/patches/gssapi.diff:
1838 - Update patch so that likewise-open is usuable again. (LP: #661547)
1839 + debian/patches/service-operational-before-detach: New patch replacing old one
1840 of the same name as previous could cause database corruption based on upstream commits.
1841 (LP: #727973)
1842 + debian/patches/CVE-2011-4079: fix off by one error in postalAddressNormalize()
1843 (CVE-2011-4079)
1844
1845 -- Chuck Short <zulcss@ubuntu.com> Tue, 22 Nov 2011 06:17:49 +0000
1846
650openldap (2.4.25-4) unstable; urgency=low1847openldap (2.4.25-4) unstable; urgency=low
6511848
652 * Drop explicit depends on libdb4.8, since we're now linking against1849 * Drop explicit depends on libdb4.8, since we're now linking against
@@ -680,6 +1877,85 @@ openldap (2.4.25-4) unstable; urgency=low
6801877
681 -- Steve Langasek <vorlon@debian.org> Tue, 18 Oct 2011 01:08:34 +00001878 -- Steve Langasek <vorlon@debian.org> Tue, 18 Oct 2011 01:08:34 +0000
6821879
1880openldap (2.4.25-3ubuntu3) precise; urgency=low
1881
1882 * Rebuild for Perl 5.14.
1883
1884 -- Colin Watson <cjwatson@ubuntu.com> Tue, 15 Nov 2011 20:50:09 +0000
1885
1886openldap (2.4.25-3ubuntu2) precise; urgency=low
1887
1888 * SECURITY UPDATE: potential denial of service (LP: #884163)
1889 - debian/patches/CVE-2011-4079: fix off by one error in
1890 postalAddressNormalize()
1891 - CVE-2011-4079
1892
1893 -- Jamie Strandboge <jamie@ubuntu.com> Mon, 14 Nov 2011 13:59:56 -0600
1894
1895openldap (2.4.25-3ubuntu1) precise; urgency=low
1896
1897 * Merge from debian unstable. Remaining changes:
1898 - Install a default DIT (LP: #442498).
1899 - Document cn=config in README file (LP: #370784).
1900 - remaining changes:
1901 + AppArmor support:
1902 - debian/apparmor-profile: add AppArmor profile
1903 - use dh_apparmor:
1904 - debian/rules: use dh_apparmor
1905 - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
1906 - updated debian/slapd.README.Debian for note on AppArmor
1907 - debian/slapd.dirs: add etc/apparmor.d/force-complain
1908 + Enable GSSAPI support (LP: #495418):
1909 - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1910 - Add --with-gssapi support
1911 - Make guess_service_principal() more robust when determining
1912 principal
1913 - debian/patches/series: apply gssapi.diff patch.
1914 - debian/configure.options: Configure with --with-gssapi
1915 - debian/control: Added libkrb5-dev as a build depend
1916 + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1917 in the openldap library, as required by Likewise-Open (LP: #390579)
1918 + Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
1919 - debian/control:
1920 - remove build-dependency on heimdal-dev.
1921 - remove slapd-smbk5pwd binary package.
1922 - debian/rules: don't build smbk5pwd slapd module.
1923 + debian/{control,rules}: enable PIE hardening
1924 + ufw support (LP: #423246):
1925 - debian/control: suggest ufw.
1926 - debian/rules: install ufw profile.
1927 - debian/slapd.ufw.profile: add ufw profile.
1928 + Enable nssoverlay:
1929 - debian/patches/nssov-build, debian/series, debian/rules:
1930 Apply, build and package the nss overlay.
1931 - debian/schema/extra/misc.ldif: add ldif file for the misc schema
1932 which defines rfc822MailMember (required by the nss overlay).
1933 + debian/rules, debian/schema/extra/:
1934 Fix configure rule to supports extra schemas shipped as part
1935 of the debian/schema/ directory.
1936 + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
1937 + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
1938 neither the default DIT nor via an Authn mapping.
1939 + debian/slapd.scripts-common: adjust minimum version that triggers a
1940 database upgrade. Upgrade from maverick shouldn't trigger database
1941 upgrade (which would happen with the version used in Debian).
1942 + debian/slapd.scripts-common: add slapcat_opts to local variables.
1943 Remove unused variable new_conf.
1944 + debian/slapd.script-common: Fix package reconfiguration.
1945 - Fix backup directory naming for multiple reconfiguration.
1946 + debian/slapd.default, debian/slapd.README.Debian:
1947 use the new configuration style.
1948 + Install nss overlay (LP: #675391):
1949 - debian/rules: run install target for nssov module.
1950 - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema
1951 + debian/patches/gssapi.diff:
1952 - Update patch so that likewise-open is usuable again. (LP: #661547)
1953 + debian/patches/service-operational-before-detach: New patch replacing old one
1954 of the same name as previous could cause database corruption based on upstream commits.
1955 (LP: #727973)
1956
1957 -- Chuck Short <zulcss@ubuntu.com> Wed, 19 Oct 2011 20:53:08 +0000
1958
683openldap (2.4.25-3) unstable; urgency=low1959openldap (2.4.25-3) unstable; urgency=low
6841960
685 * Brown paper bag: really fix the .links.in handling, so we don't generate1961 * Brown paper bag: really fix the .links.in handling, so we don't generate
@@ -702,6 +1978,92 @@ openldap (2.4.25-2) unstable; urgency=low
7021978
703 -- Steve Langasek <vorlon@debian.org> Sun, 14 Aug 2011 23:17:09 -07001979 -- Steve Langasek <vorlon@debian.org> Sun, 14 Aug 2011 23:17:09 -0700
7041980
1981openldap (2.4.25-1.1ubuntu4) oneiric; urgency=low
1982
1983 * Brown paper bag: really fix the .links.in handling, so we don't generate
1984 broken /usr/lib/${DEB_HOST_MULTIARCH} dirs.
1985
1986 -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 15 Aug 2011 09:43:29 +0000
1987
1988openldap (2.4.25-1.1ubuntu3) oneiric; urgency=low
1989
1990 * Cherry-pick multiarch support from Debian (LP: #826601):
1991 - Bump to compat level 7, so we don't have to spell out debian/tmp in
1992 every single .install file
1993 - Build for multiarch.
1994
1995 -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 15 Aug 2011 02:23:43 -0700
1996
1997openldap (2.4.25-1.1ubuntu2) oneiric; urgency=low
1998
1999 * debian/apparmor-profile: Allow /var/run and /run. (LP: #810270)
2000
2001 -- Martin Pitt <martin.pitt@ubuntu.com> Thu, 14 Jul 2011 15:18:02 +0200
2002
2003openldap (2.4.25-1.1ubuntu1) oneiric; urgency=low
2004
2005 * Merge from debian unstable. Remaining changes:
2006 - Install a default DIT (LP: #442498).
2007 - Document cn=config in README file (LP: #370784).
2008 - remaining changes:
2009 + AppArmor support:
2010 - debian/apparmor-profile: add AppArmor profile
2011 - use dh_apparmor:
2012 - debian/rules: use dh_apparmor
2013 - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
2014 - updated debian/slapd.README.Debian for note on AppArmor
2015 - debian/slapd.dirs: add etc/apparmor.d/force-complain
2016 + Enable GSSAPI support (LP: #495418):
2017 - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
2018 - Add --with-gssapi support
2019 - Make guess_service_principal() more robust when determining
2020 principal
2021 - debian/patches/series: apply gssapi.diff patch.
2022 - debian/configure.options: Configure with --with-gssapi
2023 - debian/control: Added libkrb5-dev as a build depend
2024 + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
2025 in the openldap library, as required by Likewise-Open (LP: #390579)
2026 + Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
2027 - debian/control:
2028 - remove build-dependency on heimdal-dev.
2029 - remove slapd-smbk5pwd binary package.
2030 - debian/rules: don't build smbk5pwd slapd module.
2031 + debian/{control,rules}: enable PIE hardening
2032 + ufw support (LP: #423246):
2033 - debian/control: suggest ufw.
2034 - debian/rules: install ufw profile.
2035 - debian/slapd.ufw.profile: add ufw profile.
2036 + Enable nssoverlay:
2037 - debian/patches/nssov-build, debian/series, debian/rules:
2038 Apply, build and package the nss overlay.
2039 - debian/schema/extra/misc.ldif: add ldif file for the misc schema
2040 which defines rfc822MailMember (required by the nss overlay).
2041 + debian/rules, debian/schema/extra/:
2042 Fix configure rule to supports extra schemas shipped as part
2043 of the debian/schema/ directory.
2044 + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
2045 + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
2046 neither the default DIT nor via an Authn mapping.
2047 + debian/slapd.scripts-common: adjust minimum version that triggers a
2048 database upgrade. Upgrade from maverick shouldn't trigger database
2049 upgrade (which would happen with the version used in Debian).
2050 + debian/slapd.scripts-common: add slapcat_opts to local variables.
2051 Remove unused variable new_conf.
2052 + debian/slapd.script-common: Fix package reconfiguration.
2053 - Fix backup directory naming for multiple reconfiguration.
2054 + debian/slapd.default, debian/slapd.README.Debian:
2055 use the new configuration style.
2056 + Install nss overlay (LP: #675391):
2057 - debian/rules: run install target for nssov module.
2058 - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema
2059 + debian/patches/gssapi.diff:
2060 - Update patch so that likewise-open is usuable again. (LP: #661547)
2061 + debian/patches/service-operational-before-detach: New patch replacing old one
2062 of the same name as previous could cause database corruption based on upstream commits.
2063 (LP: #727973)
2064
2065 -- Chuck Short <zulcss@ubuntu.com> Sun, 05 Jun 2011 17:38:40 +0100
2066
705openldap (2.4.25-1.1) unstable; urgency=low2067openldap (2.4.25-1.1) unstable; urgency=low
7062068
707 * Non-maintainer upload to fix RC bug.2069 * Non-maintainer upload to fix RC bug.
@@ -709,6 +2071,75 @@ openldap (2.4.25-1.1) unstable; urgency=low
7092071
710 -- Thijs Kinkhorst <thijs@debian.org> Tue, 31 May 2011 11:57:29 +02002072 -- Thijs Kinkhorst <thijs@debian.org> Tue, 31 May 2011 11:57:29 +0200
7112073
2074openldap (2.4.25-1ubuntu1) oneiric; urgency=low
2075
2076 * Merge from debian unstable. Remaining changes:
2077 - Install a default DIT (LP: #442498).
2078 - Document cn=config in README file (LP: #370784).
2079 - remaining changes:
2080 + AppArmor support:
2081 - debian/apparmor-profile: add AppArmor profile
2082 - use dh_apparmor:
2083 - debian/rules: use dh_apparmor
2084 - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
2085 - updated debian/slapd.README.Debian for note on AppArmor
2086 - debian/slapd.dirs: add etc/apparmor.d/force-complain
2087 + Enable GSSAPI support (LP: #495418):
2088 - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
2089 - Add --with-gssapi support
2090 - Make guess_service_principal() more robust when determining
2091 principal
2092 - debian/patches/series: apply gssapi.diff patch.
2093 - debian/configure.options: Configure with --with-gssapi
2094 - debian/control: Added libkrb5-dev as a build depend
2095 + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
2096 in the openldap library, as required by Likewise-Open (LP: #390579)
2097 + Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
2098 - debian/control:
2099 - remove build-dependency on heimdal-dev.
2100 - remove slapd-smbk5pwd binary package.
2101 - debian/rules: don't build smbk5pwd slapd module.
2102 + debian/{control,rules}: enable PIE hardening
2103 + ufw support (LP: #423246):
2104 - debian/control: suggest ufw.
2105 - debian/rules: install ufw profile.
2106 - debian/slapd.ufw.profile: add ufw profile.
2107 + Enable nssoverlay:
2108 - debian/patches/nssov-build, debian/series, debian/rules:
2109 Apply, build and package the nss overlay.
2110 - debian/schema/extra/misc.ldif: add ldif file for the misc schema
2111 which defines rfc822MailMember (required by the nss overlay).
2112 + debian/rules, debian/schema/extra/:
2113 Fix configure rule to supports extra schemas shipped as part
2114 of the debian/schema/ directory.
2115 + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
2116 + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
2117 neither the default DIT nor via an Authn mapping.
2118 + debian/slapd.scripts-common: adjust minimum version that triggers a
2119 database upgrade. Upgrade from maverick shouldn't trigger database
2120 upgrade (which would happen with the version used in Debian).
2121 + debian/slapd.scripts-common: add slapcat_opts to local variables.
2122 Remove unused variable new_conf.
2123 + debian/slapd.script-common: Fix package reconfiguration.
2124 - Fix backup directory naming for multiple reconfiguration.
2125 + debian/slapd.default, debian/slapd.README.Debian:
2126 use the new configuration style.
2127 + Install nss overlay (LP: #675391):
2128 - debian/rules: run install target for nssov module.
2129 - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema
2130 + debian/patches/gssapi.diff:
2131 - Update patch so that likewise-open is usuable again. (LP: #661547)
2132 + debian/patches/service-operational-before-detach: New patch replacing old one
2133 of the same name as previous could cause database corruption based on upstream commits.
2134 (LP: #727973)
2135 + Dropped:
2136 - debian/patches/gold: Use the debian version instead
2137 - debian/patches/CVE-2011-1024: Fixed upstream
2138 - debian/patches/CVE-2011-1025: Fixed upstream
2139 - debian/patches/CVE-2011-1081: Fixed upstream
2140
2141 -- Chuck Short <zulcss@ubuntu.com> Sun, 08 May 2011 16:34:09 +0100
2142
712openldap (2.4.25-1) unstable; urgency=low2143openldap (2.4.25-1) unstable; urgency=low
7132144
714 * New upstream version (Closes: #617606, #618904, #606815, #608813)2145 * New upstream version (Closes: #617606, #618904, #606815, #608813)
@@ -740,6 +2171,116 @@ openldap (2.4.23-7) unstable; urgency=low
7402171
741 -- Matthijs Mohlmann <matthijs@cacholong.nl> Sat, 06 Nov 2010 12:13:01 +01002172 -- Matthijs Mohlmann <matthijs@cacholong.nl> Sat, 06 Nov 2010 12:13:01 +0100
7422173
2174openldap (2.4.23-6ubuntu7) oneiric; urgency=low
2175
2176 * Rebuild for Perl 5.12.
2177
2178 -- Colin Watson <cjwatson@ubuntu.com> Sun, 08 May 2011 13:40:28 +0100
2179
2180openldap (2.4.23-6ubuntu6) natty; urgency=low
2181
2182 * SECURITY UPDATE: fix successful anonymous bind via chain overlay when
2183 using forwarded authentication failures
2184 - debian/patches/CVE-2011-1024
2185 - CVE-2011-1024
2186 * SECURITY UPDATE: verify password when authenticating to rootdn and using ndb
2187 backend. Note: Ubuntu is not compiled with --enable-ndb by default
2188 - debian/patches/CVE-2011-1025
2189 - CVE-2011-1025
2190 * SECURITY UPDATE: fix DoS when processing unauthenticated modrdn requests
2191 and requestDN is empty
2192 - debian/patches/CVE-2011-1081
2193 - CVE-2011-1081
2194 - LP: #742104
2195
2196 -- Jamie Strandboge <jamie@ubuntu.com> Thu, 07 Apr 2011 11:36:53 -0500
2197
2198openldap (2.4.23-6ubuntu5) natty; urgency=low
2199
2200 * debian/patches/service-operational-before-detach: New patch replacing
2201 old one of same name as previous could cause database corruption,
2202 based on upstream commits. (LP: #727973)
2203
2204 -- Dave Walker (Daviey) <DaveWalker@ubuntu.com> Wed, 02 Mar 2011 20:33:08 +0000
2205
2206openldap (2.4.23-6ubuntu4) natty; urgency=low
2207
2208 * Fix FTBFS with ld.gold.
2209
2210 -- Matthias Klose <doko@ubuntu.com> Wed, 19 Jan 2011 07:39:49 +0100
2211
2212openldap (2.4.23-6ubuntu3) natty; urgency=low
2213
2214 * debian/patches/gssapi.diff:
2215 Update patch so that likewise-open is usable again (LP: #661547)
2216
2217 -- Thierry Carrez (ttx) <thierry.carrez@ubuntu.com> Fri, 26 Nov 2010 15:50:11 +0100
2218
2219openldap (2.4.23-6ubuntu2) natty; urgency=low
2220
2221 * Install nss overlay (LP: #675391):
2222 - debian/rules: run install target for nssov module.
2223 - debian/patches/nssov-build: fix patch to install schema in
2224 /etc/ldap/schema.
2225
2226 -- Mathias Gug <mathiaz@ubuntu.com> Wed, 17 Nov 2010 18:16:42 -0500
2227
2228openldap (2.4.23-6ubuntu1) natty; urgency=low
2229
2230 * Merge from Debian unstable:
2231 - Install a default DIT (LP: #442498).
2232 - Document cn=config in README file (LP: #370784).
2233 - remaining changes:
2234 + AppArmor support:
2235 - debian/apparmor-profile: add AppArmor profile
2236 - use dh_apparmor:
2237 - debian/rules: use dh_apparmor
2238 - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
2239 - updated debian/slapd.README.Debian for note on AppArmor
2240 - debian/slapd.dirs: add etc/apparmor.d/force-complain
2241 + Enable GSSAPI support (LP: #495418):
2242 - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
2243 - Add --with-gssapi support
2244 - Make guess_service_principal() more robust when determining
2245 principal
2246 - debian/patches/series: apply gssapi.diff patch.
2247 - debian/configure.options: Configure with --with-gssapi
2248 - debian/control: Added libkrb5-dev as a build depend
2249 + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
2250 in the openldap library, as required by Likewise-Open (LP: #390579)
2251 + Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
2252 - debian/control:
2253 - remove build-dependency on heimdal-dev.
2254 - remove slapd-smbk5pwd binary package.
2255 - debian/rules: don't build smbk5pwd slapd module.
2256 + debian/{control,rules}: enable PIE hardening
2257 + ufw support (LP: #423246):
2258 - debian/control: suggest ufw.
2259 - debian/rules: install ufw profile.
2260 - debian/slapd.ufw.profile: add ufw profile.
2261 + Enable nssoverlay:
2262 - debian/patches/nssov-build, debian/series, debian/rules:
2263 Apply, build and package the nss overlay.
2264 - debian/schema/extra/misc.ldif: add ldif file for the misc schema
2265 which defines rfc822MailMember (required by the nss overlay).
2266 + debian/rules, debian/schema/extra/:
2267 Fix configure rule to supports extra schemas shipped as part
2268 of the debian/schema/ directory.
2269 + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
2270 + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
2271 neither the default DIT nor via an Authn mapping.
2272 + debian/slapd.scripts-common: adjust minimum version that triggers a
2273 database upgrade. Upgrade from maverick shouldn't trigger database
2274 upgrade (which would happen with the version used in Debian).
2275 + debian/slapd.scripts-common: add slapcat_opts to local variables.
2276 Remove unused variable new_conf.
2277 + debian/slapd.script-common: Fix package reconfiguration.
2278 - Fix backup directory naming for multiple reconfiguration.
2279 + debian/slapd.default, debian/slapd.README.Debian:
2280 use the new configuration style.
2281
2282 -- Mathias Gug <mathiaz@ubuntu.com> Fri, 12 Nov 2010 15:19:07 -0500
2283
743openldap (2.4.23-6) unstable; urgency=high2284openldap (2.4.23-6) unstable; urgency=high
7442285
745 * Check for an empty directory to prevent an rm -f /*. (Closes: #597704)2286 * Check for an empty directory to prevent an rm -f /*. (Closes: #597704)
@@ -862,6 +2403,80 @@ openldap (2.4.23-1) unstable; urgency=low
8622403
863 -- Matthijs Mohlmann <matthijs@cacholong.nl> Mon, 12 Jul 2010 13:25:00 +02002404 -- Matthijs Mohlmann <matthijs@cacholong.nl> Mon, 12 Jul 2010 13:25:00 +0200
8642405
2406openldap (2.4.23-0ubuntu4) natty; urgency=low
2407
2408 * debian/slapd.templates: amended typo in slapd/move_old_database
2409 (LP: #666028)
2410
2411 -- James Page <james.page@canonical.com> Mon, 08 Nov 2010 10:00:58 +0000
2412
2413openldap (2.4.23-0ubuntu3.2) maverick-proposed; urgency=low
2414
2415 * debian/slapd.templates: re-add slapd/move_old_database template as it's
2416 used during the package upgrade. Thanks to James Page for pointing it.
2417 * debian/slapd.config: restore debconf question slapd/move_old_database.
2418
2419 -- Mathias Gug <mathiaz@ubuntu.com> Thu, 14 Oct 2010 16:56:38 -0400
2420
2421openldap (2.4.23-0ubuntu3.1) maverick-proposed; urgency=low
2422
2423 [ James Page ]
2424 * Fixed install/upgrade process to dump/restore databases due
2425 to uplift to libdb4.8-dev (LP: #658227)
2426
2427 -- Mathias Gug <mathiaz@ubuntu.com> Thu, 14 Oct 2010 14:50:49 -0400
2428
2429openldap (2.4.23-0ubuntu3) maverick; urgency=low
2430
2431 * debian/rules: move dh_apparmor before dh_installinit
2432
2433 -- Jamie Strandboge <jamie@ubuntu.com> Fri, 06 Aug 2010 17:34:21 -0500
2434
2435openldap (2.4.23-0ubuntu2) maverick; urgency=low
2436
2437 * convert to using dh_apparmor:
2438 - debian/rules, debian/slapd.post{inst,rm}: use dh_apparmor
2439 - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
2440 * debian/apparmor-profile: use local include
2441
2442 -- Jamie Strandboge <jamie@ubuntu.com> Fri, 06 Aug 2010 15:08:55 -0500
2443
2444openldap (2.4.23-0ubuntu1) maverick; urgency=low
2445
2446 * New release, features include:
2447 + Fixed libldap to return server's error code (ITS#6569)
2448 + Fixed libldap memleaks (ITS#6568)
2449 + Fixed liblutil off-by-one with delta (ITS#6541)
2450 + Fixed slapd acls with glued databases (ITS#6468)
2451 + Fixed slapd syncrepl rid logging (ITS#6533)
2452 + Fixed slapd modrdn handling of invalid values (ITS#6570)
2453 + Fixed slapd-bdb hasSubordinates computation (ITS#6549)
2454 + Fixed slapd-bdb to use memcpy instead for strcpy (ITS#6474)
2455 + Fixed slapd-bdb entry cache delete failure (ITS#6577)
2456 + Fixed slapd-ldap to return control responses (ITS#6530)
2457 + Fixed slapo-ppolicy to use Debug (ITS#6566)
2458 + Fixed slapo-refint to zero out freed DN vals (ITS#6572)
2459 + Fixed slapo-rwm to use Debug (ITS#6566)
2460 + Fixed slapo-sssvlv to use Debug (ITS#6566)
2461 + Fixed slapo-syncprov lost deletes in refresh phase (ITS#6555)
2462 + Fixed slapo-valsort to use Debug (ITS#6566)
2463 + Fixed contrib/nssov network.c missing patch (ITS#6562)
2464 + Fixed test043 attribute sorting (ITS#6553)
2465 + slapd-config(5) note default rootdn (ITS#6546)
2466 * Rebased patches debian/patches/dropped nssov-build
2467 * Resynchronize with Debian:
2468 + debian/control:
2469 - Bump standards-version to 3.9.0
2470 - Use libdb4.8-dev (LP: #572489)
2471 + Added debian/patches/issue-6534-patch
2472 + Added debian/patches/ldap-conf-tls-cacertdir
2473 * Add ufw support, thanks to PatRiehecky (LP: #423246)
2474
2475 [Adam Sommer]
2476 * debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
2477
2478 -- Chuck Short <zulcss@ubuntu.com> Wed, 28 Jul 2010 11:35:16 -0400
2479
865openldap (2.4.21-1) unstable; urgency=low2480openldap (2.4.21-1) unstable; urgency=low
8662481
867 [ Steve Langasek ]2482 [ Steve Langasek ]
@@ -893,6 +2508,79 @@ openldap (2.4.21-1) unstable; urgency=low
8932508
894 -- Matthijs Mohlmann <matthijs@cacholong.nl> Thu, 22 Apr 2010 23:40:30 +02002509 -- Matthijs Mohlmann <matthijs@cacholong.nl> Thu, 22 Apr 2010 23:40:30 +0200
8952510
2511openldap (2.4.21-0ubuntu5) lucid; urgency=low
2512
2513 * Fix local root connection access: replace olcAuthzRegexp mapping to
2514 cn=localroot,cn=config with using the SASL dn directly in olcAccess.
2515 Makes upgrades much simpler and robust (LP: #563829).
2516
2517 -- Mathias Gug <mathiaz@ubuntu.com> Fri, 23 Apr 2010 00:23:31 -0400
2518
2519openldap (2.4.21-0ubuntu4) lucid; urgency=low
2520
2521 [ Simon Olofsson ]
2522 * debian/slapd.postinst:
2523 - Show a message after successful migration (LP: #538848)
2524
2525 [ Jorgen Rosink ]
2526 * debian/slapd.init: add simple status checking with LSB compatible exit
2527 codes (LP: #562377)
2528 * debian/slapd.init.ldif:
2529 - remove admin user in default config database (LP: #556176)
2530 - in default config, add olcAccess entries giving access to controls
2531 available and cn=subschema (LP: #427842)
2532
2533 [ Scott Moser ]
2534 * debian/slapd.scripts-common: Do not create /nonexistent directory
2535 for openldap user's home (LP: #556176)
2536 * debian/slapd.postinst: fix cn=config olcAccess migration (LP: #559070)
2537
2538 -- Scott Moser <smoser@ubuntu.com> Mon, 12 Apr 2010 16:16:47 -0400
2539
2540openldap (2.4.21-0ubuntu3) lucid; urgency=low
2541
2542 * debian/slapd.postinst, debian/slapd.scripts-common: Upgrade databases
2543 before trying to convert to slapd.d, to avoid upgrade failure from hardy
2544 (LP: #536958)
2545 * debian/slapd.postinst: Add a {1} numeric index to olcAccess entry in
2546 olcDatabase={0}config.ldif to avoid upgrade failures (LP: #538516, #526230)
2547
2548 -- Thierry Carrez <thierry.carrez@ubuntu.com> Mon, 29 Mar 2010 13:31:47 +0200
2549
2550openldap (2.4.21-0ubuntu2) lucid; urgency=low
2551
2552 * debian/apparmor-profile: Update apparmor profile. (LP: #508190)
2553
2554 -- Chuck Short <zulcss@ubuntu.com> Tue, 09 Mar 2010 13:33:35 -0500
2555
2556openldap (2.4.21-0ubuntu1) lucid; urgency=low
2557
2558 * New upstream release.
2559 * debian/rules, debian/schema/extra/:
2560 Fix get-orig-source rule to supports extra schemas shipped as part of the
2561 debian/schema/ directory.
2562
2563 -- Mathias Gug <mathiaz@ubuntu.com> Thu, 18 Feb 2010 00:58:13 -0500
2564
2565openldap (2.4.18-0ubuntu2) lucid; urgency=low
2566
2567 * debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
2568 - Add --with-gssapi support
2569 - Make guess_service_principal() more robust when determining principal
2570 * Enable GSSAPI support (LP: #495418):
2571 - debian/configure.options: Configure with --with-gssapi
2572 - debian/control: Added libkrb5-dev as a build depend
2573
2574 -- Thierry Carrez <thierry.carrez@ubuntu.com> Fri, 11 Dec 2009 11:31:11 +0100
2575
2576openldap (2.4.18-0ubuntu1) karmic; urgency=low
2577
2578 * New upstream release: (LP: #419515):
2579 + pcache overlay supports disconnected mode.
2580 * Fix nss overlay load (LP: #417163).
2581
2582 -- Mathias Gug <mathiaz@ubuntu.com> Mon, 07 Sep 2009 13:41:10 -0400
2583
896openldap (2.4.17-2.1) unstable; urgency=high2584openldap (2.4.17-2.1) unstable; urgency=high
8972585
898 * Non-maintainer upload by the Security Team.2586 * Non-maintainer upload by the Security Team.
@@ -919,6 +2607,108 @@ openldap (2.4.17-2) unstable; urgency=low
9192607
920 -- Steve Langasek <vorlon@debian.org> Tue, 22 Sep 2009 20:06:34 -07002608 -- Steve Langasek <vorlon@debian.org> Tue, 22 Sep 2009 20:06:34 -0700
9212609
2610openldap (2.4.17-1ubuntu3) karmic; urgency=low
2611
2612 * Install a minimal slapd configuration instead of creating a default
2613 database with a default DIT:
2614 + Move openldap user home from /var/lib/ldap to /nonexistent.
2615 + Remove all code and templates dealing with the default database and DIT
2616 creation.
2617 + Add an Authz map from root user (UID=0) to cn=localroot,cn=config and
2618 grant all access to the latter in the cn=config database as well as the
2619 default backend configuration.
2620 * Add cn=localroot,cn=config authz mapping on upgrades.
2621
2622 -- Mathias Gug <mathiaz@ubuntu.com> Tue, 11 Aug 2009 14:48:56 -0400
2623
2624openldap (2.4.17-1ubuntu2) karmic; urgency=low
2625
2626 [ Thierry Carrez ]
2627 * debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
2628 in the openldap library, as required by Likewise-Open (LP: #390579)
2629
2630 [ Mathias Gug ]
2631 * debian/patches/its6077-uniqueness-overlay: fixes some issues with the
2632 uniqueness overlay.
2633 * debian/patches/its6220-writetimeout-directive: fixes a problem with the
2634 writetimeout directive being in effect even if it wasn't set,
2635 closing connections incorrectly.
2636 * debian/patches/its6222-dncachesize-parameter: fixes the behavior of the
2637 dncachesize parameter that was added in RE24, so that if it is set to
2638 "0" (now the default), it has an unlimited DN cache (RE23 always
2639 had an unlimited DN cache).
2640
2641 -- Mathias Gug <mathiaz@ubuntu.com> Fri, 31 Jul 2009 13:43:46 -0400
2642
2643openldap (2.4.17-1ubuntu1) karmic; urgency=low
2644
2645 [ Steve Langasek ]
2646 * Fix up the lintian warnings:
2647 - add missing misc-depends on all packages
2648 - slapd, libldap-2.4-2-dbg sections changed to 'debug' to match archive
2649 overrides
2650 - bump Standards-Version to 3.8.2, no changes required.
2651
2652 [ Mathias Gug ]
2653 * Resynchronise with Debian. Remaining changes:
2654 - AppArmor support:
2655 - debian/apparmor-profile: add AppArmor profile
2656 - updated debian/slapd.README.Debian for note on AppArmor
2657 - debian/slapd.dirs: add etc/apparmor.d/force-complain
2658 - debian/slapd.postrm: remove symlink in force-complain/ on purge
2659 - debian/rules: install apparmor profile.
2660 - Don't use local statement in config script as it fails if /bin/sh
2661 points to bash.
2662 - debian/slapd.postinst, debian/slapd.script-common: set correct
2663 ownership and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group
2664 readable) and /var/run/slapd (world readable).
2665 - Enable nssoverlay:
2666 - debian/patches/nssov-build, debian/rules: Build and package the nss
2667 overlay.
2668 - debian/schema/misc.ldif: add ldif file for the misc schema which
2669 defines rfc822MailMember (required by the nss overlay).
2670 - debian/{control,rules}: enable PIE hardening
2671 - Use cn=config as the default configuration backend instead of
2672 slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade
2673 asking the end user to enter a new password to control the access to
2674 the cn=config tree.
2675 - debian/slapd.postinst: create /var/run/slapd before updating its
2676 permissions.
2677 - debian/slapd.init: Correctly set slapd config backend option even if
2678 the pidfile is configured in slapd default file.
2679 * Dropped:
2680 - Merged in Debian:
2681 - Update priority of libldap-2.4-2 to match the archive override.
2682 - Add the missing ldapexop and ldapurl tools to ldap-utils, as well as
2683 the ldapurl(1) manpage.
2684 - Bump build-dependency on debhelper to 6 instead of 5, since that's
2685 what we're using.
2686 - Set the default SLAPD_SERVICES to ldap:/// ldapi:///, instead of using
2687 the built-in default of ldap:/// only.
2688 - Fixed in upstream release:
2689 - debian/patches/fix-ldap_back_entry_get_rwa.patch: fix test-0034
2690 failure when built with PIE.
2691 - debian/patches/gnutls-enable-v1-ca-certs: Enable V1 CA certs to be
2692 trusted.
2693 - Update Apparmor profile support: don't support upgrade from pre-hardy
2694 systems:
2695 - debian/slapd.postinst: Reload AA profile on configuration
2696 - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
2697 - debian/control: Conflicts with apparmor-profiles <<
2698 2.1+1075-0ubuntu4 to make sure that if earlier version of
2699 apparmor-profiles gets installed it won't overwrite our profile.
2700 - follow ApparmorProfileMigration and force apparmor complain mode on
2701 some upgrades
2702 - debian/slapd.preinst: create symlink for force-complain on
2703 pre-feisty upgrades, upgrades where apparmor-profiles profile is
2704 unchanged (ie non-enforcing) and upgrades where apparmor profile
2705 does not exist.
2706 - debian/patches/autogen.sh: no longer needed with karmic libtool.
2707 - Call libtoolize with the --install option to install
2708 config.{guess,sub} files.
2709
2710 -- Mathias Gug <mathiaz@ubuntu.com> Thu, 30 Jul 2009 16:42:58 -0400
2711
922openldap (2.4.17-1) unstable; urgency=low2712openldap (2.4.17-1) unstable; urgency=low
9232713
924 * New upstream version.2714 * New upstream version.
@@ -941,6 +2731,153 @@ openldap (2.4.17-1) unstable; urgency=low
9412731
942 -- Steve Langasek <vorlon@debian.org> Tue, 28 Jul 2009 10:17:15 -07002732 -- Steve Langasek <vorlon@debian.org> Tue, 28 Jul 2009 10:17:15 -0700
9432733
2734openldap (2.4.15-1.1ubuntu1) karmic; urgency=low
2735
2736 * Resynchronise with Debian. Remaining changes:
2737 - AppArmor support:
2738 - debian/apparmor-profile: add AppArmor profile
2739 - debian/slapd.postinst: Reload AA profile on configuration
2740 - updated debian/slapd.README.Debian for note on AppArmor
2741 - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
2742 - debian/control: Conflicts with apparmor-profiles <<
2743 2.1+1075-0ubuntu4 to make sure that if earlier version of
2744 apparmor-profiles gets installed it won't overwrite our profile.
2745 - follow ApparmorProfileMigration and force apparmor complain mode on
2746 some upgrades
2747 - debian/slapd.dirs: add etc/apparmor.d/force-complain
2748 - debian/slapd.preinst: create symlink for force-complain on
2749 pre-feisty upgrades, upgrades where apparmor-profiles profile is
2750 unchanged (ie non-enforcing) and upgrades where apparmor profile
2751 does not exist.
2752 - debian/slapd.postrm: remove symlink in force-complain/ on purge
2753 - debian/patches/autogen.sh:
2754 - Call libtoolize with the --install option to install
2755 config.{guess,sub} files.
2756 - Don't use local statement in config script as it fails if /bin/sh
2757 points to bash.
2758 - debian/slapd.postinst, debian/slapd.script-common: set correct
2759 ownership and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group
2760 readable) and /var/run/slapd (world readable).
2761 - Enable nssoverlay:
2762 - debian/patches/nssov-build, debian/rules: Build and package the nss
2763 overlay.
2764 - debian/schema/misc.ldif: add ldif file for the misc schema which
2765 defines rfc822MailMember (required by the nss overlay).
2766 - debian/{control,rules}: enable PIE hardening
2767 - Use cn=config as the default configuration backend instead of
2768 slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade
2769 asking the end user to enter a new password to control the access to
2770 the cn=config tree.
2771 - Update priority of libldap-2.4-2 to match the archive override.
2772 - Add the missing ldapexop and ldapurl tools to ldap-utils, as well as
2773 the ldapurl(1) manpage.
2774 - Bump build-dependency on debhelper to 6 instead of 5, since that's
2775 what we're using.
2776 - Set the default SLAPD_SERVICES to ldap:/// ldapi:///, instead of using
2777 the built-in default of ldap:/// only.
2778 - debian/patches/fix-ldap_back_entry_get_rwa.patch: fix test-0034
2779 failure when built with PIE.
2780 - debian/patches/gnutls-enable-v1-ca-certs: Enable V1 CA certs to be
2781 trusted.
2782 - debian/slapd.postinst: create /var/run/slapd before updating its
2783 permissions.
2784 - debian/slapd.init: Correctly set slapd config backend option even if
2785 the pidfile is configured in slapd default file.
2786 * Drop patch to avoid the test suite on hppa, as hppa is EOL.
2787
2788 -- Colin Watson <cjwatson@ubuntu.com> Wed, 24 Jun 2009 10:45:20 +0100
2789
2790openldap (2.4.15-1.1) unstable; urgency=low
2791
2792 * Non-maintainer upload.
2793 * Change libltdl3-dev Build-Depends to libltdl-dev | libltdl3-dev
2794 (Closes: #522965)
2795
2796 -- Kurt Roeckx <kurt@roeckx.be> Sun, 19 Apr 2009 18:24:32 +0200
2797
2798openldap (2.4.15-1ubuntu3) jaunty; urgency=low
2799
2800 * No-change rebuild to fix lpia shared library dependencies.
2801
2802 -- Colin Watson <cjwatson@ubuntu.com> Thu, 19 Mar 2009 09:52:40 +0000
2803
2804openldap (2.4.15-1ubuntu2) jaunty; urgency=low
2805
2806 * debian/slapd.postinst: create /var/run/slapd before updating its
2807 permissions (LP: #298928).
2808 * debian/slapd.init: Correclty set slapd config backend option even if the
2809 pidfile is configured in slapd default file (LP: #292364).
2810 * debian/apparmor-profile: support multiple databases to be stored under
2811 /var/lib/ldap/. (LP: #286614).
2812
2813 -- Mathias Gug <mathiaz@ubuntu.com> Fri, 13 Mar 2009 13:56:12 -0400
2814
2815openldap (2.4.15-1ubuntu1) jaunty; urgency=low
2816
2817 [ Steve Langasek ]
2818 * Update priority of libldap-2.4-2 to match the archive override.
2819 * Add the missing ldapexop and ldapurl tools to ldap-utils, as well as the
2820 ldapurl(1) manpage. Thanks to Peter Marschall for the patch.
2821 Closes: #496749.
2822 * Bump build-dependency on debhelper to 6 instead of 5, since that's
2823 what we're using. Closes: #498116.
2824 * Set the default SLAPD_SERVICES to ldap:/// ldapi:///, instead of using
2825 the built-in default of ldap:/// only.
2826
2827 [ Mathias Gug ]
2828 * Merge from debian unstable, remaining changes:
2829 - Modify Maintainer value to match the DebianMaintainerField
2830 speficication.
2831 - AppArmor support:
2832 - debian/apparmor-profile: add AppArmor profile
2833 - debian/slapd.postinst: Reload AA profile on configuration
2834 - updated debian/slapd.README.Debian for note on AppArmor
2835 - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
2836 - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
2837 to make sure that if earlier version of apparmour-profiles gets
2838 installed it won't overwrite our profile.
2839 - follow ApparmorProfileMigration and force apparmor compalin mode on
2840 some upgrades (LP: #203529)
2841 - debian/slapd.dirs: add etc/apparmor.d/force-complain
2842 - debian/slapd.preinst: create symlink for force-complain on pre-feisty
2843 upgrades, upgrades where apparmor-profiles profile is unchanged (ie
2844 non-enforcing) and upgrades where apparmor profile does not exist.
2845 - debian/slapd.postrm: remove symlink in force-complain/ on purge
2846 - debian/control:
2847 - Build-depend on libltdl7-dev rather then libltdl3-dev.
2848 - debian/patches/autogen.sh:
2849 - Call libtoolize with the --install option to install config.{guess,sub}
2850 files.
2851 - Don't use local statement in config script as it fails if /bin/sh
2852 points to bash (LP: #286063).
2853 - Disable the testsuite on hppa. Allows building of packages on this
2854 architecture again, once this package is in the archive.
2855 LP: #288908.
2856 - debian/slapd.postinst, debian/slapd.script-common: set correct ownership
2857 and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group readable) and
2858 /var/run/slapd (world readable). (LP: #257667).
2859 - Enable nssoverlay:
2860 - debian/patches/nssov-build, debian/rules: Build and package
2861 the nss overlay.
2862 - debian/schema/misc.ldif: add ldif file for the misc schema
2863 which defines rfc822MailMember (required by the nss overlay).
2864 - debian/{control,rules}: enable PIE hardening
2865 - Use cn=config as the default configuration backend instead of
2866 slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade
2867 asking the end user to enter a new password to control the access to the
2868 cn=config tree.
2869 * Dropped:
2870 - debian/patches/corrupt-contextCSN: The contextCSN can get corrupted at
2871 times. (ITS: #5947) Fixed in new upstream version 2.4.15.
2872 - debian/patches/fix-ucred-libc due to changes how newer glibc handle
2873 the ucred struct now. Implemented in Debian.
2874 * debian/patches/fix-ldap_back_entry_get_rwa.patch: fix test-0034 failure
2875 when built with PIE.
2876 * debian/patches/gnutls-enable-v1-ca-certs: Enable V1 CA certs to be
2877 trusted (LP: #305264).
2878
2879 -- Mathias Gug <mathiaz@ubuntu.com> Fri, 06 Mar 2009 17:34:21 -0500
2880
944openldap (2.4.15-1) unstable; urgency=low2881openldap (2.4.15-1) unstable; urgency=low
9452882
946 * New upstream version2883 * New upstream version
@@ -958,6 +2895,69 @@ openldap (2.4.15-1) unstable; urgency=low
9582895
959 -- Steve Langasek <vorlon@debian.org> Tue, 24 Feb 2009 14:27:35 -08002896 -- Steve Langasek <vorlon@debian.org> Tue, 24 Feb 2009 14:27:35 -0800
9602897
2898openldap (2.4.14-0ubuntu1) jaunty; urgency=low
2899
2900 [ Steve Langasek ]
2901 * New upstream version
2902 - Fixes a bug with the pcache overlay not returning cached entries
2903 (closes: #497697)
2904 - Update evolution-ntlm patch to apply to current Makefiles.
2905 - (tentatively) drop gnutls-ciphers, since this bug was reported to be
2906 fixed upstream in 2.4.8. The fix applied in 2.4.8 didn't match the
2907 patch from the bug report, so this should be watched for regressions.
2908 * Build against db4.7 instead of db4.2 at last! Closes: #421946.
2909 * Build with --disable-ndb, to avoid a misbuild when libmysqlclient is
2910 installed in the build environment.
2911 * New patch, no-crlcheck-for-gnutls, to fix a build failure when using
2912 --with-tls=gnutls.
2913
2914 [ Mathias Gug ]
2915 * Merge from debian unstable, remaining changes:
2916 - debian/apparmor-profile: add AppArmor profile
2917 - debian/slapd.postinst: Reload AA profile on configuration
2918 - updated debian/slapd.README.Debian for note on AppArmor
2919 - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
2920 - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
2921 to make sure that if earlier version of apparmour-profiles gets
2922 installed it won't overwrite our profile.
2923 - Modify Maintainer value to match the DebianMaintainerField
2924 speficication.
2925 - follow ApparmorProfileMigration and force apparmor compalin mode on
2926 some upgrades (LP: #203529)
2927 - debian/slapd.dirs: add etc/apparmor.d/force-complain
2928 - debian/slapd.preinst: create symlink for force-complain on pre-feisty
2929 upgrades, upgrades where apparmor-profiles profile is unchanged (ie
2930 non-enforcing) and upgrades where apparmor profile does not exist.
2931 - debian/slapd.postrm: remove symlink in force-complain/ on purge
2932 - debian/patches/fix-ucred-libc due to changes how newer glibc handle
2933 the ucred struct now.
2934 - debian/control:
2935 - Build-depend on libltdl7-dev rather then libltdl3-dev.
2936 - debian/patches/autogen.sh:
2937 - Call libtoolize with the --install option to install config.{guess,sub}
2938 files.
2939 - Don't use local statement in config script as it fails if /bin/sh
2940 points to bash (LP: #286063).
2941 - Disable the testsuite on hppa. Allows building of packages on this
2942 architecture again, once this package is in the archive.
2943 LP: #288908.
2944 - debian/slapd.postinst, debian/slapd.script-common: set correct ownership
2945 and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group readable) and
2946 /var/run/slapd (world readable). (LP: #257667).
2947 - debian/patches/nssov-build, debian/rules:
2948 Build and package the nss overlay.
2949 debian/schema/misc.ldif: add ldif file for the misc schema, which defines
2950 rfc822MailMember (required by the nss overlay).
2951 - debian/{control,rules}: enable PIE hardening
2952 - Use cn=config as the default configuration backend instead of
2953 slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade
2954 asking the end user to enter a new password to control the access to the
2955 cn=config tree.
2956 * debian/patches/corrupt-contextCSN: The contextCSN can get corrupted at
2957 times. (ITS: #5947)
2958
2959 -- Mathias Gug <mathiaz@ubuntu.com> Wed, 18 Feb 2009 18:44:00 -0500
2960
961openldap (2.4.11-1) unstable; urgency=low2961openldap (2.4.11-1) unstable; urgency=low
9622962
963 * New upstream version (closes: #499560).2963 * New upstream version (closes: #499560).
@@ -980,6 +2980,110 @@ openldap (2.4.11-1) unstable; urgency=low
9802980
981 -- Steve Langasek <vorlon@debian.org> Sat, 11 Oct 2008 01:53:55 -07002981 -- Steve Langasek <vorlon@debian.org> Sat, 11 Oct 2008 01:53:55 -0700
9822982
2983openldap (2.4.11-0ubuntu7) jaunty; urgency=low
2984
2985 * Don't use local statement in config script as it fails if /bin/sh
2986 points to bash (LP: #286063).
2987
2988 -- Mathias Gug <mathiaz@ubuntu.com> Tue, 04 Nov 2008 20:03:46 -0500
2989
2990openldap (2.4.11-0ubuntu6) intrepid; urgency=low
2991
2992 * Disable the testsuite on hppa. Allows building of packages on this
2993 architecture again, once this package is in the archive.
2994 LP: #288908.
2995
2996 -- Matthias Klose <doko@ubuntu.com> Fri, 24 Oct 2008 23:22:33 +0200
2997
2998openldap (2.4.11-0ubuntu5) intrepid; urgency=low
2999
3000 * Don't set admin passwords in ldif files if adminpw is empty.
3001 (LP: #273988 - LP: #276606).
3002
3003 -- Mathias Gug <mathiaz@ubuntu.com> Mon, 13 Oct 2008 19:31:15 -0400
3004
3005openldap (2.4.11-0ubuntu4) intrepid; urgency=low
3006
3007 * debian/slapd.postinst, debian/slapd.script-common: set correct ownership
3008 and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group readable) and
3009 /var/run/slapd (world readable). (LP: #257667).
3010 * debian/slapd.script-common:
3011 - Fix package reconfiguration:
3012 + Remove slapd.d/ directory if it already exists when creating a new
3013 configuration.
3014 + Fix backup directory naming for multiple reconfiguration.
3015
3016 -- Mathias Gug <mathiaz@ubuntu.com> Wed, 24 Sep 2008 21:01:42 -0400
3017
3018openldap (2.4.11-0ubuntu3) intrepid; urgency=low
3019
3020 * debian/patches/nssov-build, debian/rules:
3021 Build and package the nss overlay.
3022 * debian/schema/misc.ldif: add ldif file for the misc schema, which defines
3023 rfc822MailMember (required by the nss overlay).
3024
3025 -- Mathias Gug <mathiaz@ubuntu.com> Tue, 26 Aug 2008 18:42:54 -0400
3026
3027openldap (2.4.11-0ubuntu2) intrepid; urgency=low
3028
3029 * debian/{control,rules}: enable PIE hardening
3030
3031 -- Kees Cook <kees@ubuntu.com> Wed, 20 Aug 2008 15:47:01 -0700
3032
3033openldap (2.4.11-0ubuntu1) intrepid; urgency=low
3034
3035 * New upstream version:
3036 - Mainly bug fixes.
3037 - New nss slapd overlay (not compiled by default).
3038 * Use cn=config as the default configuration backend instead of
3039 slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade
3040 asking the end user to enter a new password to control the access to the
3041 cn=config tree.
3042
3043 -- Mathias Gug <mathiaz@ubuntu.com> Mon, 11 Aug 2008 20:26:05 -0400
3044
3045openldap (2.4.10-3ubuntu1) intrepid; urgency=low
3046
3047 [ Mathias Gug ]
3048 * Merge from debian unstable, remaining changes:
3049 - debian/apparmor-profile: add AppArmor profile
3050 - debian/slapd.postinst: Reload AA profile on configuration
3051 - updated debian/slapd.README.Debian for note on AppArmor
3052 - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
3053 - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
3054 to make sure that if earlier version of apparmour-profiles gets
3055 installed it won't overwrite our profile.
3056 - Modify Maintainer value to match the DebianMaintainerField
3057 speficication.
3058 - follow ApparmorProfileMigration and force apparmor compalin mode on
3059 some upgrades (LP: #203529)
3060 - debian/slapd.dirs: add etc/apparmor.d/force-complain
3061 - debian/slapd.preinst: create symlink for force-complain on pre-feisty
3062 upgrades, upgrades where apparmor-profiles profile is unchanged (ie
3063 non-enforcing) and upgrades where apparmor profile does not exist.
3064 - debian/slapd.postrm: remove symlink in force-complain/ on purge
3065 - debian/patches/fix-ucred-libc due to changes how newer glibc handle
3066 the ucred struct now.
3067 - debian/patches/fix-unique-overlay-assertion.patch:
3068 Fix another assertion error in unique overlay (LP: #243337).
3069 Backport from head.
3070 * Dropped - implemented in Debian:
3071 - debian/patches/fix-gnutls-key-strength.patch:
3072 Fix slapd handling of ssf using gnutls. (LP: #244925).
3073 - debian/control:
3074 Add time as build dependency: needed by make test.
3075 * debian/control:
3076 - Build-depend on libltdl7-dev rather then libltdl3-dev.
3077 * debian/patches/autogen.sh:
3078 - Call libtoolize with the --install option to install config.{guess,sub}
3079 files.
3080
3081 [ Jamie Strandboge ]
3082 * adjust apparmor profile to allow gssapi (LP: #229252)
3083 * adjust apparmor profile to allow cnconfig (LP: #243525)
3084
3085 -- Mathias Gug <mathiaz@ubuntu.com> Wed, 30 Jul 2008 19:46:02 -0400
3086
983openldap (2.4.10-3) unstable; urgency=low3087openldap (2.4.10-3) unstable; urgency=low
9843088
985 [ Steve Langasek ]3089 [ Steve Langasek ]
@@ -1013,6 +3117,40 @@ openldap (2.4.10-3) unstable; urgency=low
10133117
1014 -- Steve Langasek <vorlon@debian.org> Mon, 28 Jul 2008 15:26:06 -07003118 -- Steve Langasek <vorlon@debian.org> Mon, 28 Jul 2008 15:26:06 -0700
10153119
3120openldap (2.4.10-2ubuntu1) intrepid; urgency=low
3121
3122 * Merge from debian unstable, remaining changes:
3123 - debian/apparmor-profile: add AppArmor profile
3124 - debian/slapd.postinst: Reload AA profile on configuration
3125 - updated debian/slapd.README.Debian for note on AppArmor
3126 - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
3127 - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
3128 to make sure that if earlier version of apparmour-profiles gets
3129 installed it won't overwrite our profile.
3130 - Modify Maintainer value to match the DebianMaintainerField
3131 speficication.
3132 - follow ApparmorProfileMigration and force apparmor compalin mode on
3133 some upgrades (LP: #203529)
3134 - debian/slapd.dirs: add etc/apparmor.d/force-complain
3135 - debian/slapd.preinst: create symlink for force-complain on pre-feisty
3136 upgrades, upgrades where apparmor-profiles profile is unchanged (ie
3137 non-enforcing) and upgrades where apparmor profile does not exist.
3138 - debian/slapd.postrm: remove symlink in force-complain/ on purge
3139 - debian/patches/fix-ucred-libc due to changes how newer glibc handle
3140 the ucred struct now.
3141 - debian/patches/fix-unique-overlay-assertion.patch:
3142 Fix another assertion error in unique overlay (LP: #243337).
3143 Backport from head.
3144 - debian/patches/fix-gnutls-key-strength.patch:
3145 Fix slapd handling of ssf using gnutls. (LP: #244925).
3146 - debian/control:
3147 Add time as build dependency: needed by make test.
3148 * Dropped - implemented in Debian:
3149 - debian/rules:
3150 Support debuild nocheck option: don't run tests if nocheck is set.
3151
3152 -- Mathias Gug <mathiaz@ubuntu.com> Thu, 10 Jul 2008 14:45:49 -0400
3153
1016openldap (2.4.10-2) unstable; urgency=low3154openldap (2.4.10-2) unstable; urgency=low
10173155
1018 * Support DEB_BUILD_OPTIONS=nocheck to disable running the test suite at3156 * Support DEB_BUILD_OPTIONS=nocheck to disable running the test suite at
@@ -1027,6 +3165,54 @@ openldap (2.4.10-2) unstable; urgency=low
10273165
1028 -- Steve Langasek <vorlon@debian.org> Sun, 06 Jul 2008 22:03:32 -07003166 -- Steve Langasek <vorlon@debian.org> Sun, 06 Jul 2008 22:03:32 -0700
10293167
3168openldap2.3 (2.4.10-1ubuntu1) intrepid; urgency=low
3169
3170 * Merge from debian unstable, remaining changes:
3171 - debian/apparmor-profile: add AppArmor profile
3172 - debian/slapd.postinst: Reload AA profile on configuration
3173 - updated debian/slapd.README.Debian for note on AppArmor
3174 - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
3175 - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
3176 to make sure that if earlier version of apparmour-profiles gets
3177 installed it won't overwrite our profile.
3178 - Modify Maintainer value to match the DebianMaintainerField
3179 speficication.
3180 - follow ApparmorProfileMigration and force apparmor compalin mode on
3181 some upgrades (LP: #203529)
3182 - debian/slapd.dirs: add etc/apparmor.d/force-complain
3183 - debian/slapd.preinst: create symlink for force-complain on pre-feisty
3184 upgrades, upgrades where apparmor-profiles profile is unchanged (ie
3185 non-enforcing) and upgrades where apparmor profile does not exist.
3186 - debian/slapd.postrm: remove symlink in force-complain/ on purge
3187 - debian/patches/fix-ucred-libc due to changes how newer glibc handle
3188 the ucred struct now.
3189 - debian/patches/fix-unique-overlay-assertion.patch:
3190 Fix another assertion error in unique overlay (LP: #243337).
3191 Backport from head.
3192 * debian/control:
3193 - add time as build dependency: needed by make test.
3194 * debian/rules:
3195 - support debuild nocheck option: don't run tests if nocheck is set.
3196 * debian/patches/fix-gnutls-key-strength.patch:
3197 - fix slapd handling of ssf using gnutls. (LP: #244925).
3198 * Dropped - accepted in Debian:
3199 - debian/rules, debian/slapd.links: use hard links to slapd instead of
3200 symlinks for slap* so these applications aren't confined by apparmor
3201 (LP: #203898)
3202 * Dropped - fixed in new upstream release:
3203 - debian/patches/fix-assertion-io.patch: Fixes ber_flush2 assertion.
3204 (LP: #215904)
3205 - debian/patches/fix-dnpretty-assertion.patch: Fix dnPrettyNormal assertion
3206 error. (LP: #234196)
3207 - dropped debian/patches/fix-notify-crasher.patch: Fix modify timestamp crashes.
3208 (LP: #220724)
3209 - debian/patches/fix-syncrepl-oops: Fixes segmentation fault when using
3210 syncrepl. (LP: #227178)
3211 - dropped debian/patches/SECURITY_CVE-2008-0658.patch. Already applied
3212 upstream.
3213
3214 -- Mathias Gug <mathiaz@ubuntu.com> Thu, 03 Jul 2008 14:15:08 -0400
3215
1030openldap2.3 (2.4.10-1) unstable; urgency=low3216openldap2.3 (2.4.10-1) unstable; urgency=low
10313217
1032 [ Steve Langasek ]3218 [ Steve Langasek ]
@@ -1051,6 +3237,64 @@ openldap2.3 (2.4.10-1) unstable; urgency=low
10513237
1052 -- Steve Langasek <vorlon@debian.org> Mon, 30 Jun 2008 04:28:34 -07003238 -- Steve Langasek <vorlon@debian.org> Mon, 30 Jun 2008 04:28:34 -0700
10533239
3240openldap2.3 (2.4.9-1ubuntu4) intrepid; urgency=low
3241
3242 * debian/patches/fix-unique-overlay-assertion.patch:
3243 - Fix another assertion error in unique overlay, backported from head.
3244 (LP: #243337) Note: This patch will still be needed when moved to 2.4.10
3245
3246 -- Chuck Short <zulcss@ubuntu.com> Mon, 30 Jun 2008 18:49:52 +0000
3247
3248openldap2.3 (2.4.9-1ubuntu3) intrepid; urgency=low
3249
3250 * Drop spurious dependency on hiemdal-dev. Caused by an aborted attempt to
3251 include the smbk5pwd overlay.
3252
3253 -- Chuck Short <zulcss@ubuntu.com> Wed, 11 Jun 2008 21:25:40 +0000
3254
3255openldap2.3 (2.4.9-1ubuntu2) intrepid; urgency=low
3256
3257 * Rebuild for perl 5.10 transition (LP: #230016)
3258 * debian/patches/fix-syncrepl-oops: Fixes segmentation fault when using
3259 syncrepl. (LP: #227178)
3260
3261 -- Chuck Short <zulcss@ubuntu.com> Mon, 09 Jun 2008 14:56:40 +0000
3262
3263openldap2.3 (2.4.9-1ubuntu1) intrepid; urgency=low
3264
3265 * Merge from debian unstable, remaining changes:
3266 - debian/apparmor-profile: add AppArmor profile
3267 - debian/slapd.postinst: Reload AA profile on configuration
3268 - updated debian/slapd.README.Debian for note on AppArmor
3269 - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
3270 - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
3271 to make sure that if earlier version of apparmour-profiles gets
3272 installed it won't overwrite our profile.
3273 - Modify Maintainer value to match the DebianMaintainerField
3274 speficication.
3275 - follow ApparmorProfileMigration and force apparmor compalin mode on
3276 some upgrades (LP: #203529)
3277 - debian/slapd.dirs: add etc/apparmor.d/force-complain
3278 - debian/slapd.preinst: create symlink for force-complain on pre-feisty
3279 upgrades, upgrades where apparmor-profiles profile is unchanged (ie
3280 non-enforcing) and upgrades where apparmor profile does not exist.
3281 - debian/slapd.postrm: remove symlink in force-complain/ on purge
3282 - debian/rules, debian/slapd.links: use hard links to slapd instead of
3283 symlinks for slap* so these applications aren't confined by apparmor
3284 (LP: #203898)
3285 - debian/patches/fix-assertion-io.patch: Fixes ber_flush2 assertion.
3286 (LP: #215904)
3287 - debian/patches/fix-dnpretty-assertion.patch: Fix dnPrettyNormal assertion
3288 error. (LP: #234196)
3289 - dropped debian/patches/fix-notify-crasher.patch: Fix modify timestamp crashes.
3290 (LP: #220724)
3291 - dropped debian/patches/SECURITY_CVE-2008-0658.patch. Already applied
3292 upstream.
3293 * Added debian/patches/fix-ucred-libc due to changes how newer glibc handle
3294 the ucred struct now.
3295
3296 -- Chuck Short <zulcss@ubuntu.com> Fri, 30 May 2008 17:09:53 +0100
3297
1054openldap2.3 (2.4.9-1) unstable; urgency=low3298openldap2.3 (2.4.9-1) unstable; urgency=low
10553299
1056 [ Updated debconf translations ]3300 [ Updated debconf translations ]
@@ -1121,6 +3365,51 @@ openldap2.3 (2.4.7-6.1) unstable; urgency=high
11213365
1122 -- Nico Golde <nion@debian.org> Tue, 04 Mar 2008 14:34:44 +01003366 -- Nico Golde <nion@debian.org> Tue, 04 Mar 2008 14:34:44 +0100
11233367
3368openldap2.3 (2.4.7-6ubuntu3) hardy; urgency=low
3369
3370 * remove apparmor-profile workaround for Launchpad #202161 (it's now fixed
3371 in klibc)
3372
3373 -- Jamie Strandboge <jamie@ubuntu.com> Mon, 07 Apr 2008 16:09:38 -0400
3374
3375openldap2.3 (2.4.7-6ubuntu2) hardy; urgency=low
3376
3377 * apparmor-profile workaround for Launchpad #202161
3378 * follow ApparmorProfileMigration and force apparmor complain mode on some
3379 upgrades (LP: #203529)
3380 - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
3381 - debian/slapd.dirs: add etc/apparmor.d/force-complain
3382 - debian/slapd.preinst: create symlink for force-complain/ on pre-feisty
3383 upgrades, upgrades where apparmor-profiles profile is unchanged (ie
3384 non-enforcing) and upgrades where apparmor profile does not exist
3385 - debian/slapd.postrm: remove symlink in force-complain/ on purge
3386 * debian/rules, debian/slapd.links: use hard links to slapd instead of
3387 symlinks for slap* so these applications aren't confined by apparmor
3388 (LP: #203898)
3389
3390 -- Jamie Strandboge <jamie@ubuntu.com> Tue, 18 Mar 2008 13:53:23 -0400
3391
3392openldap2.3 (2.4.7-6ubuntu1) hardy; urgency=low
3393
3394 * Merge from Debian unstable, remaining changes:
3395 + debian/patches/SECURITY_CVE-2008-0658.patch (LP: #197077)
3396 slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39
3397 allows remote authenticated users to cause a denial of service (daemon
3398 crash) via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION)
3399 control, a related issue to CVE-2007-6698.
3400 + debian/apparmor-profile: add AppArmor profile
3401 + debian/slapd.postinst: Reload AA profile on configuration
3402 + updated debian/slapd.README.Debian for note on AppArmor
3403 + debian/control: Replaces apparmor-profiles << 2.1+1075-0ubuntu4 as we
3404 should now take control
3405 + debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
3406 to make sure that if earlier version of apparmor-profiles gets
3407 installed it won't overwrite our profile
3408 + Modify Maintainer value to match the DebianMaintainerField
3409 specification.
3410
3411 -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 04 Mar 2008 01:59:51 +0000
3412
1124openldap2.3 (2.4.7-6) unstable; urgency=low3413openldap2.3 (2.4.7-6) unstable; urgency=low
11253414
1126 [ Updated debconf translations ]3415 [ Updated debconf translations ]
@@ -1166,6 +3455,37 @@ openldap2.3 (2.4.7-6) unstable; urgency=low
11663455
1167 -- Steve Langasek <vorlon@debian.org> Thu, 28 Feb 2008 22:15:17 -08003456 -- Steve Langasek <vorlon@debian.org> Thu, 28 Feb 2008 22:15:17 -0800
11683457
3458openldap2.3 (2.4.7-5ubuntu2) hardy; urgency=low
3459
3460 * SECURITY UPDATE:
3461 + debian/patches/SECURITY_CVE-2008-0658.patch (LP: #197077)
3462 slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39
3463 allows remote authenticated users to cause a denial of service (daemon crash)
3464 via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION) control, a related
3465 issue to CVE-2007-6698.
3466
3467 * References
3468 - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-0658
3469 - http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5358
3470
3471 -- Emanuele Gentili <emgent@emanuele-gentili.com> Sun, 02 Mar 2008 16:34:30 +0100
3472
3473openldap2.3 (2.4.7-5ubuntu1) hardy; urgency=low
3474
3475 * add AppArmor profile
3476 + debian/apparmor-profile
3477 + debian/slapd.postinst: Reload AA profile on configuration
3478 * updated debian/slapd.README.Debian for note on AppArmor
3479 * debian/control: Replaces apparmor-profiles << 2.1+1075-0ubuntu4 as we
3480 should now take control
3481 * debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
3482 to make sure that if earlier version of apparmor-profiles gets installed
3483 it won't overwrite our profile
3484 * Modify Maintainer value to match the DebianMaintainerField
3485 specification.
3486
3487 -- Jamie Strandboge <jamie@ubuntu.com> Wed, 13 Feb 2008 17:15:41 +0000
3488
1169openldap2.3 (2.4.7-5) unstable; urgency=low3489openldap2.3 (2.4.7-5) unstable; urgency=low
11703490
1171 [ Updated debconf translations ]3491 [ Updated debconf translations ]
diff --git a/debian/configure.options b/debian/configure.options
index 08a55e0..9d3704e 100644
--- a/debian/configure.options
+++ b/debian/configure.options
@@ -175,6 +175,7 @@
175# --with-fetch with fetch(3) URL support [auto]175# --with-fetch with fetch(3) URL support [auto]
176# --with-threads with threads [auto]176# --with-threads with threads [auto]
177--with-threads177--with-threads
178--with-gssapi
178# --with-tls with TLS/SSL support auto|openssl|gnutls|moznss [auto]179# --with-tls with TLS/SSL support auto|openssl|gnutls|moznss [auto]
179--with-tls=gnutls180--with-tls=gnutls
180# --with-yielding-select with implicitly yielding select [auto]181# --with-yielding-select with implicitly yielding select [auto]
diff --git a/debian/control b/debian/control
index 8c8eda8..f3baaa9 100644
--- a/debian/control
+++ b/debian/control
@@ -1,20 +1,23 @@
1Source: openldap1Source: openldap
2Section: net2Section: net
3Priority: optional3Priority: optional
4Maintainer: Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>4Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
5XSBC-Original-Maintainer: Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>
5Uploaders: Steve Langasek <vorlon@debian.org>,6Uploaders: Steve Langasek <vorlon@debian.org>,
6 Torsten Landschoff <torsten@debian.org>,7 Torsten Landschoff <torsten@debian.org>,
7 Ryan Tandy <ryan@nardis.ca>8 Ryan Tandy <ryan@nardis.ca>
8Build-Depends: debhelper (>= 10),9Build-Depends: debhelper (>= 10),
10 dh-apparmor,
9 dpkg-dev (>= 1.17.14),11 dpkg-dev (>= 1.17.14),
10 groff-base,12 groff-base,
11 heimdal-multidev (>= 7.4.0.dfsg.1-1~) <!stage1>,13 heimdal-dev (>= 7.4.0.dfsg.1-1~) <!stage1>,
12 libdb5.3-dev <!stage1>,14 libdb5.3-dev <!stage1>,
13 libgnutls28-dev,15 libgnutls28-dev,
14 libltdl-dev <!stage1>,16 libltdl-dev <!stage1>,
15 libperl-dev (>= 5.8.0) <!stage1>,17 libperl-dev (>= 5.8.0) <!stage1>,
16 libsasl2-dev,18 libsasl2-dev,
17 libwrap0-dev <!stage1>,19 libwrap0-dev <!stage1>,
20 lsb-release,
18 nettle-dev <!stage1>,21 nettle-dev <!stage1>,
19 perl:any,22 perl:any,
20 po-debconf,23 po-debconf,
@@ -34,7 +37,7 @@ Depends: ${shlibs:Depends}, libldap-2.4-2 (= ${binary:Version}),
34 coreutils (>= 4.5.1-1), psmisc, perl (>> 5.8.0) | libmime-base64-perl,37 coreutils (>= 4.5.1-1), psmisc, perl (>> 5.8.0) | libmime-base64-perl,
35 adduser, lsb-base (>= 3.2-13), ${misc:Depends}38 adduser, lsb-base (>= 3.2-13), ${misc:Depends}
36Recommends: libsasl2-modules39Recommends: libsasl2-modules
37Suggests: ldap-utils,40Suggests: ldap-utils, ufw,
38 libsasl2-modules-gssapi-mit | libsasl2-modules-gssapi-heimdal41 libsasl2-modules-gssapi-mit | libsasl2-modules-gssapi-heimdal
39Conflicts: umich-ldapd, ldap-server, libltdl3 (= 1.5.4-1)42Conflicts: umich-ldapd, ldap-server, libltdl3 (= 1.5.4-1)
40Replaces: libldap2, ldap-utils (<< 2.2.23-3)43Replaces: libldap2, ldap-utils (<< 2.2.23-3)
diff --git a/debian/libldap-2.4-2.symbols b/debian/libldap-2.4-2.symbols
index d42ccec..55421bc 100644
--- a/debian/libldap-2.4-2.symbols
+++ b/debian/libldap-2.4-2.symbols
@@ -118,6 +118,7 @@ liblber-2.4.so.2 libldap-2.4-2 #MINVER#
118 ber_sockbuf_io_fd@OPENLDAP_2.4_2 2.4.7118 ber_sockbuf_io_fd@OPENLDAP_2.4_2 2.4.7
119 ber_sockbuf_io_readahead@OPENLDAP_2.4_2 2.4.7119 ber_sockbuf_io_readahead@OPENLDAP_2.4_2 2.4.7
120 ber_sockbuf_io_tcp@OPENLDAP_2.4_2 2.4.7120 ber_sockbuf_io_tcp@OPENLDAP_2.4_2 2.4.7
121 ber_sockbuf_io_udp@OPENLDAP_2.4_2 2.4.17-1ubuntu2
121 ber_sockbuf_remove_io@OPENLDAP_2.4_2 2.4.7122 ber_sockbuf_remove_io@OPENLDAP_2.4_2 2.4.7
122 ber_sos_dump@OPENLDAP_2.4_2 2.4.7123 ber_sos_dump@OPENLDAP_2.4_2 2.4.7
123 ber_start@OPENLDAP_2.4_2 2.4.7124 ber_start@OPENLDAP_2.4_2 2.4.7
@@ -280,6 +281,11 @@ libldap_r-2.4.so.2 libldap-2.4-2 #MINVER#
280 ldap_int_flush_request@OPENLDAP_2.4_2 2.4.7281 ldap_int_flush_request@OPENLDAP_2.4_2 2.4.7
281 ldap_int_global_options@OPENLDAP_2.4_2 2.4.7282 ldap_int_global_options@OPENLDAP_2.4_2 2.4.7
282 ldap_int_gmtime_mutex@OPENLDAP_2.4_2 2.4.23283 ldap_int_gmtime_mutex@OPENLDAP_2.4_2 2.4.23
284 ldap_int_gssapi_close@OPENLDAP_2.4_2 2.4.18-0ubuntu2
285 ldap_int_gssapi_config@OPENLDAP_2.4_2 2.4.18-0ubuntu2
286 ldap_int_gssapi_get_option@OPENLDAP_2.4_2 2.4.18-0ubuntu2
287 ldap_int_gssapi_mutex@OPENLDAP_2.4_2 2.4.18-0ubuntu2
288 ldap_int_gssapi_set_option@OPENLDAP_2.4_2 2.4.18-0ubuntu2
283 ldap_int_hostname@OPENLDAP_2.4_2 2.4.7289 ldap_int_hostname@OPENLDAP_2.4_2 2.4.7
284 ldap_int_hostname_mutex@OPENLDAP_2.4_2 2.4.39290 ldap_int_hostname_mutex@OPENLDAP_2.4_2 2.4.39
285 ldap_int_inet4or6@OPENLDAP_2.4_2 2.4.7291 ldap_int_inet4or6@OPENLDAP_2.4_2 2.4.7
@@ -312,6 +318,7 @@ libldap_r-2.4.so.2 libldap-2.4-2 #MINVER#
312 ldap_int_tls_start@OPENLDAP_2.4_2 2.4.7318 ldap_int_tls_start@OPENLDAP_2.4_2 2.4.7
313 ldap_int_utils_init@OPENLDAP_2.4_2 2.4.7319 ldap_int_utils_init@OPENLDAP_2.4_2 2.4.7
314 ldap_is_ldap_url@OPENLDAP_2.4_2 2.4.7320 ldap_is_ldap_url@OPENLDAP_2.4_2 2.4.7
321 ldap_is_ldapc_url@OPENLDAP_2.4_2 2.4.17-1ubuntu2
315 ldap_is_ldapi_url@OPENLDAP_2.4_2 2.4.7322 ldap_is_ldapi_url@OPENLDAP_2.4_2 2.4.7
316 ldap_is_ldaps_url@OPENLDAP_2.4_2 2.4.7323 ldap_is_ldaps_url@OPENLDAP_2.4_2 2.4.7
317 ldap_is_read_ready@OPENLDAP_2.4_2 2.4.7324 ldap_is_read_ready@OPENLDAP_2.4_2 2.4.7
diff --git a/debian/patches/contrib-makefiles b/debian/patches/contrib-makefiles
index 07256ba..4d820f7 100644
--- a/debian/patches/contrib-makefiles
+++ b/debian/patches/contrib-makefiles
@@ -157,3 +157,24 @@
157 -rpath $(moduledir) -module -o $@ $? $(LIBS)157 -rpath $(moduledir) -module -o $@ $? $(LIBS)
158 158
159 clean:159 clean:
160--- a/contrib/slapd-modules/nssov/Makefile
161+++ b/contrib/slapd-modules/nssov/Makefile
162@@ -52,15 +52,15 @@
163 .SUFFIXES: .c .o .lo
164
165 .c.lo:
166- $(LIBTOOL) --mode=compile $(CC) $(OPT) $(DEFS) $(INCS) -c $<
167+ $(LIBTOOL) --mode=compile $(CC) $(CFLAGS) $(CPPFLAGS) $(DEFS) $(INCS) -c $<
168
169 tio.lo: nss-pam-ldapd/tio.c
170- $(LIBTOOL) --mode=compile $(CC) $(OPT) $(DEFS) $(INCS) -c $?
171+ $(LIBTOOL) --mode=compile $(CC) $(CFLAGS) $(CPPFLAGS) $(DEFS) $(INCS) -c $?
172
173 $(OBJS): nssov.h
174
175 nssov.la: $(OBJS) $(XOBJS)
176- $(LIBTOOL) --mode=link $(CC) $(OPT) -version-info 0:0:0 \
177+ $(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -version-info 0:0:0 \
178 -rpath $(moduledir) -module -o $@ $(OBJS) $(XOBJS) $(LIBS)
179
180 install: nssov.la
diff --git a/debian/patches/fix-ldap-distribution.patch b/debian/patches/fix-ldap-distribution.patch
160new file mode 100644181new file mode 100644
index 0000000..17be364
--- /dev/null
+++ b/debian/patches/fix-ldap-distribution.patch
@@ -0,0 +1,24 @@
1--- a/build/mkversion
2+++ b/build/mkversion
3@@ -52,6 +52,12 @@
4 APPLICATION=$1
5 WHOWHERE="Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>"
6
7+if test -x /usr/bin/lsb_release; then
8+ OPENLDAP_DISTRIBUTION=" ($(lsb_release -si))"
9+else
10+ OPENLDAP_DISTRIBUTION=""
11+fi
12+
13 cat << __EOF__
14 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
15 *
16@@ -72,7 +78,7 @@
17 "COPYING RESTRICTIONS APPLY\n";
18
19 $static $const char $SYMBOL[] =
20-"@(#) \$$PACKAGE: $APPLICATION $VERSION (" __DATE__ " " __TIME__ ") \$\n"
21+"@(#) \$$PACKAGE: $APPLICATION $VERSION$OPENLDAP_DISTRIBUTION (" __DATE__ " " __TIME__ ") \$\n"
22 "\t$WHOWHERE\n";
23
24 __EOF__
diff --git a/debian/patches/gssapi.diff b/debian/patches/gssapi.diff
0new file mode 10064425new file mode 100644
index 0000000..49c0e5e
--- /dev/null
+++ b/debian/patches/gssapi.diff
@@ -0,0 +1,167 @@
1Index: openldap-2.4.23/configure.in
2===================================================================
3--- openldap-2.4.23.orig/configure.in 2010-07-28 11:20:57.054712043 -0400
4+++ openldap-2.4.23/configure.in 2010-07-28 11:21:15.542403952 -0400
5@@ -242,6 +242,8 @@
6 auto, [auto yes no] )
7 OL_ARG_WITH(fetch,[ --with-fetch with fetch(3) URL support],
8 auto, [auto yes no] )
9+OL_ARG_WITH(gssapi,[ --with-gssapi with GSSAPI support],
10+ auto, [auto yes no] )
11 OL_ARG_WITH(threads,[ --with-threads with threads],
12 auto, [auto nt posix mach pth lwp yes no manual] )
13 OL_ARG_WITH(tls,[ --with-tls with TLS/SSL support auto|openssl|gnutls|moznss],
14@@ -584,6 +586,7 @@
15 KRB4_LIBS=
16 KRB5_LIBS=
17 SASL_LIBS=
18+GSSAPI_LIBS=
19 TLS_LIBS=
20 MODULES_LIBS=
21 SLAPI_LIBS=
22@@ -1148,6 +1151,63 @@
23 fi
24
25 dnl ----------------------------------------------------------------
26+dnl GSSAPI
27+ol_link_gssapi=no
28+
29+case $ol_with_gssapi in yes | auto)
30+
31+ ol_header_gssapi=no
32+ AC_CHECK_HEADERS(gssapi/gssapi.h)
33+ if test $ac_cv_header_gssapi_gssapi_h = yes ; then
34+ ol_header_gssapi=yes
35+ else
36+ AC_CHECK_HEADERS(gssapi.h)
37+ if test $ac_cv_header_gssapi_h = yes ; then
38+ ol_header_gssapi=yes
39+ fi
40+
41+ dnl## not every gssapi has gss_oid_to_str()
42+ dnl## as it's not defined in the GSSAPI V2 API
43+ dnl## anymore
44+ saveLIBS="$LIBS"
45+ LIBS="$LIBS $GSSAPI_LIBS"
46+ AC_CHECK_FUNCS(gss_oid_to_str)
47+ LIBS="$saveLIBS"
48+ fi
49+
50+ if test $ol_header_gssapi = yes ; then
51+ dnl## we check for gss_wrap
52+ dnl## as it's new to the GSSAPI V2 API
53+ AC_CHECK_LIB(gssapi, gss_wrap,
54+ [ol_link_gssapi=yes;GSSAPI_LIBS="-lgssapi"],
55+ [ol_link_gssapi=no])
56+ if test $ol_link_gssapi != yes ; then
57+ AC_CHECK_LIB(gssapi_krb5, gss_wrap,
58+ [ol_link_gssapi=yes;GSSAPI_LIBS="-lgssapi_krb5"],
59+ [ol_link_gssapi=no])
60+ fi
61+ if test $ol_link_gssapi != yes ; then
62+ AC_CHECK_LIB(gss, gss_wrap,
63+ [ol_link_gssapi=yes;GSSAPI_LIBS="-lgss"],
64+ [ol_link_gssapi=no])
65+ fi
66+ fi
67+
68+ ;;
69+esac
70+
71+WITH_GSSAPI=no
72+if test $ol_link_gssapi = yes; then
73+ AC_DEFINE(HAVE_GSSAPI, 1, [define if you have GSSAPI])
74+ WITH_GSSAPI=yes
75+elif test $ol_with_gssapi = auto ; then
76+ AC_MSG_WARN([Could not locate GSSAPI package])
77+ AC_MSG_WARN([GSSAPI authentication not supported!])
78+elif test $ol_with_gssapi = yes ; then
79+ AC_MSG_ERROR([GSSAPI detection failed])
80+fi
81+
82+dnl ----------------------------------------------------------------
83 dnl TLS/SSL
84
85 if test $ol_with_tls = yes ; then
86@@ -1902,6 +1962,13 @@
87 fi
88 AC_SUBST(VERSION_OPTION)
89
90+VERSION_OPTION=""
91+OL_SYMBOL_VERSIONING
92+if test $ol_cv_ld_version_script_option = yes ; then
93+ VERSION_OPTION="-Wl,--version-script="
94+fi
95+AC_SUBST(VERSION_OPTION)
96+
97 dnl ----------------------------------------------------------------
98 if test $ol_enable_wrappers != no ; then
99 AC_CHECK_HEADERS(tcpd.h,[
100@@ -3112,6 +3179,7 @@
101 AC_SUBST(KRB4_LIBS)
102 AC_SUBST(KRB5_LIBS)
103 AC_SUBST(SASL_LIBS)
104+AC_SUBST(GSSAPI_LIBS)
105 AC_SUBST(TLS_LIBS)
106 AC_SUBST(MODULES_LIBS)
107 AC_SUBST(SLAPI_LIBS)
108Index: openldap-2.4.23/include/ldap.h
109===================================================================
110--- openldap-2.4.23.orig/include/ldap.h 2010-07-28 11:20:37.000000000 -0400
111+++ openldap-2.4.23/include/ldap.h 2010-07-28 11:21:15.542403952 -0400
112@@ -1216,6 +1216,16 @@
113 struct berval **servercredp,
114 int freeit ));
115
116+/*
117+ * in gssapi.c:
118+ */
119+LDAP_F( int )
120+ldap_gssapi_bind_s LDAP_P((
121+ LDAP *ld,
122+ LDAP_CONST char *dn,
123+ LDAP_CONST char *creds));
124+
125+
126 #if LDAP_DEPRECATED
127 /*
128 * in bind.c:
129Index: openldap-2.4.23/include/portable.hin
130===================================================================
131--- openldap-2.4.23.orig/include/portable.hin 2010-04-19 15:22:30.000000000 -0400
132+++ openldap-2.4.23/include/portable.hin 2010-07-28 11:21:15.542403952 -0400
133@@ -253,6 +253,18 @@
134 /* Define to 1 if you have the <grp.h> header file. */
135 #undef HAVE_GRP_H
136
137+/* define if you have GSSAPI */
138+#undef HAVE_GSSAPI
139+
140+/* Define to 1 if you have the <gssapi/gssapi.h> header file. */
141+#undef HAVE_GSSAPI_GSSAPI_H
142+
143+/* Define to 1 if you have the <gssapi.h> header file. */
144+#undef HAVE_GSSAPI_H
145+
146+/* Define to 1 if you have the `gss_oid_to_str' function. */
147+#undef HAVE_GSS_OID_TO_STR
148+
149 /* Define to 1 if you have the `hstrerror' function. */
150 #undef HAVE_HSTRERROR
151
152Index: openldap-2.4.23/build/top.mk
153===================================================================
154--- openldap-2.4.23.orig/build/top.mk 2010-07-28 11:20:57.000000000 -0400
155+++ openldap-2.4.23/build/top.mk 2010-07-28 11:21:15.542403952 -0400
156@@ -190,9 +190,10 @@
157 KRB5_LIBS = @KRB5_LIBS@
158 KRB_LIBS = @KRB4_LIBS@ @KRB5_LIBS@
159 SASL_LIBS = @SASL_LIBS@
160+GSSAPI_LIBS = @GSSAPI_LIBS@
161 TLS_LIBS = @TLS_LIBS@
162 AUTH_LIBS = @AUTH_LIBS@
163-SECURITY_LIBS = $(SASL_LIBS) $(KRB_LIBS) $(TLS_LIBS) $(AUTH_LIBS)
164+SECURITY_LIBS = $(SASL_LIBS) $(KRB_LIBS) $(GSSAPI_LIBS) $(TLS_LIBS) $(AUTH_LIBS)
165 ICU_LIBS = @ICU_LIBS@
166
167 MODULES_CPPFLAGS = @SLAPD_MODULES_CPPFLAGS@
diff --git a/debian/patches/series b/debian/patches/series
index 80193c1..0e14f25 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -7,6 +7,7 @@ index-files-created-as-root
7sasl-default-path 7sasl-default-path
8libldap-symbol-versions8libldap-symbol-versions
9getaddrinfo-is-threadsafe9getaddrinfo-is-threadsafe
10gssapi.diff
10do-not-second-guess-sonames11do-not-second-guess-sonames
11contrib-makefiles12contrib-makefiles
12smbk5pwd-makefile-manpage13smbk5pwd-makefile-manpage
@@ -20,3 +21,4 @@ no-bdb-ABI-second-guessing
20ITS6035-olcauthzregex-needs-restart.patch21ITS6035-olcauthzregex-needs-restart.patch
21set-maintainer-name22set-maintainer-name
22no-gnutls_global_set_mutex23no-gnutls_global_set_mutex
24fix-ldap-distribution.patch
diff --git a/debian/rules b/debian/rules
index f595024..a76f08a 100755
--- a/debian/rules
+++ b/debian/rules
@@ -7,7 +7,8 @@ include /usr/share/dpkg/pkg-info.mk
7# want the checks for DFSG-freeness.7# want the checks for DFSG-freeness.
8#DFSG_NONFREE = 18#DFSG_NONFREE = 1
99
10export DEB_CFLAGS_MAINT_APPEND := -Wall -Wno-format-extra-args -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE10export DEB_CFLAGS_MAINT_APPEND := -Wall -Wno-format-extra-args -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE -DLDAP_CONNECTIONLESS -I/usr/include/heimdal
11export DEB_LDFLAGS_MAINT_APPEND := -L/usr/lib/$(DEB_HOST_MULTIARCH)/heimdal
11export DEB_BUILD_MAINT_OPTIONS := hardening=+pie,+bindnow12export DEB_BUILD_MAINT_OPTIONS := hardening=+pie,+bindnow
1213
13# Workaround for bad glibc behavior when resolving localhost14# Workaround for bad glibc behavior when resolving localhost
@@ -21,7 +22,7 @@ ifneq ($(filter stage1,$(DEB_BUILD_PROFILES)),)
21 CONFIG += --disable-slapd22 CONFIG += --disable-slapd
22endif23endif
2324
24CONTRIB_MODULES = autogroup lastbind passwd passwd/pbkdf2 passwd/sha2 smbk5pwd25CONTRIB_MODULES = autogroup lastbind nssov passwd passwd/pbkdf2 passwd/sha2 smbk5pwd
2526
26# Ensure CC is set correctly for cross builds, unless it has already 27# Ensure CC is set correctly for cross builds, unless it has already
27# been set explicitly.28# been set explicitly.
@@ -41,7 +42,8 @@ CONTRIB_MAKEVARS := \
41 LDAP_BUILD='$(builddir)' \42 LDAP_BUILD='$(builddir)' \
42 prefix=/usr \43 prefix=/usr \
43 ldap_subdir=/ldap \44 ldap_subdir=/ldap \
44 moduledir='$$(libdir)$$(ldap_subdir)'45 moduledir='$$(libdir)$$(ldap_subdir)' \
46 sysconfdir='/etc$$(ldap_subdir)'
4547
46# These variables are used only by get-orig-source, which will normally only48# These variables are used only by get-orig-source, which will normally only
47# be run by maintainers.49# be run by maintainers.
@@ -155,6 +157,22 @@ endif
155 find $(installdir)/usr/share/man -name \*.8 \157 find $(installdir)/usr/share/man -name \*.8 \
156 | xargs perl -pi -e 's#(\.TH \w+ 8)C#$$1#'158 | xargs perl -pi -e 's#(\.TH \w+ 8)C#$$1#'
157159
160ifeq ($(filter stage1,$(DEB_BUILD_PROFILES)),)
161override_dh_install-arch:
162 dh_install
163
164 # install AppArmor profile
165 install -D -m 644 $(CURDIR)/debian/apparmor-profile $(CURDIR)/debian/slapd/etc/apparmor.d/usr.sbin.slapd
166
167 # install Apport hook
168 install -D -m 644 $(CURDIR)/debian/slapd.py $(CURDIR)/debian/slapd/usr/share/apport/package-hooks/slapd.py
169
170 # install ufw profile
171 install -D -m 644 $(CURDIR)/debian/slapd.ufw.profile $(CURDIR)/debian/slapd/etc/ufw/applications.d/slapd
172
173 dh_apparmor -pslapd --profile-name=usr.sbin.slapd
174endif
175
158override_dh_installinit:176override_dh_installinit:
159 dh_installinit -- "defaults 19 80"177 dh_installinit -- "defaults 19 80"
160178
@@ -217,6 +235,8 @@ ifeq ($(filter stage1,$(DEB_BUILD_PROFILES)),)
217 done; \235 done; \
218 fi236 fi
219237
238 rm -f contrib/slapd-modules/nssov/nss-pam-ldapd/config.sub contrib/slapd-modules/nssov/nss-pam-ldapd/config.guess
239
220 # Clean the contrib directory240 # Clean the contrib directory
221 for mod in $(CONTRIB_MODULES); do \241 for mod in $(CONTRIB_MODULES); do \
222 dh_auto_clean -Dcontrib/slapd-modules/$$mod -Bcontrib/slapd-modules/$$mod || exit $?; \242 dh_auto_clean -Dcontrib/slapd-modules/$$mod -Bcontrib/slapd-modules/$$mod || exit $?; \
diff --git a/debian/slapd.README.Debian b/debian/slapd.README.Debian
index a5e307f..3446af6 100644
--- a/debian/slapd.README.Debian
+++ b/debian/slapd.README.Debian
@@ -144,8 +144,8 @@ Running slapd under a Different UID/GID
144144
145 - Tell linux slapd can access configuration files -- usually:145 - Tell linux slapd can access configuration files -- usually:
146146
147 chgrp <group> /etc/ldap/slapd.conf147 chgrp -R <group> /etc/ldap/slapd.d
148 chmod 0640 /etc/ldap/slapd.conf148 chmod -R g+rX /etc/ldap/slapd.d
149149
150 - Tell linux slapd can access /var/run/slapd and write a PID file:150 - Tell linux slapd can access /var/run/slapd and write a PID file:
151151
@@ -279,3 +279,14 @@ Unsafe access control rule installed by default in previous versions
279 slapd.access(5) man page.279 slapd.access(5) man page.
280280
281 -- Ryan Tandy <ryan@nardis.ca>, Mon, 20 Oct 2014 11:45:20 -0700281 -- Ryan Tandy <ryan@nardis.ca>, Mon, 20 Oct 2014 11:45:20 -0700
282
283Apparmor Profile
284----------------
285
286 If your system uses AppArmor, please note that the shipped enforcing profile
287 works with the default installation, and changes in your configuration may
288 require changes to the installed apparmor profile. Please see
289 https://wiki.ubuntu.com/DebuggingApparmor before filing a bug against this
290 software.
291
292 -- Jamie Strandboge <jamie@ubuntu.com>, Mon, 4 Feb 2008 21:18:21 -0500
diff --git a/debian/slapd.default b/debian/slapd.default
index 372b8f4..4212e07 100644
--- a/debian/slapd.default
+++ b/debian/slapd.default
@@ -12,7 +12,7 @@ SLAPD_USER="openldap"
12SLAPD_GROUP="openldap"12SLAPD_GROUP="openldap"
1313
14# Path to the pid file of the slapd server. If not set the init.d script14# Path to the pid file of the slapd server. If not set the init.d script
15# will try to figure it out from $SLAPD_CONF (/etc/ldap/slapd.conf by15# will try to figure it out from $SLAPD_CONF (/etc/ldap/slapd.d by
16# default)16# default)
17SLAPD_PIDFILE=17SLAPD_PIDFILE=
1818
diff --git a/debian/slapd.init.ldif b/debian/slapd.init.ldif
index 163a8d8..cc15b68 100644
--- a/debian/slapd.init.ldif
+++ b/debian/slapd.init.ldif
@@ -32,7 +32,6 @@ objectClass: olcDatabaseConfig
32olcDatabase: config32olcDatabase: config
33# Allow unlimited access to local connection from the local root user33# Allow unlimited access to local connection from the local root user
34olcAccess: to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break34olcAccess: to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break
35olcRootDN: cn=admin,cn=config
3635
37# Load schemas36# Load schemas
38dn: cn=schema,cn=config37dn: cn=schema,cn=config
diff --git a/debian/slapd.install b/debian/slapd.install
index ea197a9..bb496c1 100644
--- a/debian/slapd.install
+++ b/debian/slapd.install
@@ -56,5 +56,7 @@ usr/lib/ldap/autogroup.so*
56usr/lib/ldap/autogroup.la56usr/lib/ldap/autogroup.la
57usr/lib/ldap/lastbind.so*57usr/lib/ldap/lastbind.so*
58usr/lib/ldap/lastbind.la58usr/lib/ldap/lastbind.la
59usr/lib/ldap/nssov.so*
60usr/lib/ldap/nssov.la
59usr/lib/ldap/pw-sha2.so*61usr/lib/ldap/pw-sha2.so*
60usr/lib/ldap/pw-sha2.la62usr/lib/ldap/pw-sha2.la
diff --git a/debian/slapd.manpages b/debian/slapd.manpages
index ffd3243..25f6d43 100644
--- a/debian/slapd.manpages
+++ b/debian/slapd.manpages
@@ -43,3 +43,4 @@ debian/tmp/usr/share/man/man5/slapo-valsort.5
4343
44# contrib modules installed in main package44# contrib modules installed in main package
45debian/tmp/usr/share/man/man5/slapo-lastbind.545debian/tmp/usr/share/man/man5/slapo-lastbind.5
46contrib/slapd-modules/nssov/slapo-nssov.5
diff --git a/debian/slapd.py b/debian/slapd.py
46new file mode 10064447new file mode 100644
index 0000000..7d78699
--- /dev/null
+++ b/debian/slapd.py
@@ -0,0 +1,51 @@
1#!/usr/bin/python
2
3'''apport hook for slapd
4
5(c) 2010 Adam Sommer.
6Author: Adam Sommer <asommer@ubuntu.com>
7
8This program is free software; you can redistribute it and/or modify it
9under the terms of the GNU General Public License as published by the
10Free Software Foundation; either version 2 of the License, or (at your
11option) any later version. See http://www.gnu.org/copyleft/gpl.html for
12the full text of the license.
13'''
14
15from apport.hookutils import *
16import os
17
18# Scrub olcRootPW attribute and credentials strings if necessary.
19def scrub_pass_strings(config):
20 olcrootpw_regex = re.compile('olcRootPW:.*')
21 olcrootpw_string = olcrootpw_regex.search(config)
22 if olcrootpw_string:
23 config = config.replace(olcrootpw_string.group(0), 'olcRootPW: @@APPORTREPLACED@@')
24
25 credentials_regex = re.compile('credentials=.* ')
26 credentials_string = credentials_regex.search(config)
27 if credentials_string:
28 config = config.replace(credentials_string.group(0), 'credentials=@@APPORTREPLACED@@ ')
29
30 return config
31
32def add_info(report, ui):
33 response = ui.yesno("The contents of your /etc/ldap/slapd.d directory "
34 "may help developers diagnose your bug more "
35 "quickly. However, it may contain sensitive "
36 "information. Do you want to include it in your "
37 "bug report?")
38
39 if response == None: # user cancelled
40 raise StopIteration
41
42 elif response == True:
43 # Get the cn=config tree.
44 cn_config = root_command_output(['/usr/bin/ldapsearch', '-Q', '-LLL', '-Y EXTERNAL', '-H ldapi:///', '-b cn=config'])
45 report['CNConfig'] = scrub_pass_strings(cn_config)
46
47 # Get slapd messages from /var/log/syslog
48 slapd_re = re.compile('slapd', re.IGNORECASE)
49 report['SysLog'] = recent_syslog(slapd_re)
50
51 attach_mac_events(report, '/usr/sbin/slapd')
diff --git a/debian/slapd.scripts-common b/debian/slapd.scripts-common
index a3ab443..44a78ba 100644
--- a/debian/slapd.scripts-common
+++ b/debian/slapd.scripts-common
@@ -175,8 +175,7 @@ dump_config() { # {{{
175dump_databases() { # {{{175dump_databases() { # {{{
176# If the user wants us to dump the databases they are dumped to the 176# If the user wants us to dump the databases they are dumped to the
177# configured directory.177# configured directory.
178178 local db suffix file dir failed slapcat_opts
179 local db suffix file dir failed
180179
181 database_dumping_enabled || return 0180 database_dumping_enabled || return 0
182181
@@ -365,6 +364,12 @@ compute_backup_path() { # {{{
365 id="$OLD_VERSION"364 id="$OLD_VERSION"
366 [ -n "$id" ] || id=`date +%Y%m%d-%H%M%S`365 [ -n "$id" ] || id=`date +%Y%m%d-%H%M%S`
367 target="/var/backups/$basedn-$id.ldapdb"366 target="/var/backups/$basedn-$id.ldapdb"
367 # Configuration via dpkg-reconfigure.
368 # The backup directory already exists when reconfigured
369 # twice or more: append a timestamp.
370 if [ -e "${target}" ] && ([ "$MODE" = reconfigure ] || [ "$DEBCONF_RECONFIGURE" ]); then
371 target="$target-`date +%Y%m%d-%H%M%S`"
372 fi
368 if [ -e "$target" ] && [ -z "$ok_exists" ]; then373 if [ -e "$target" ] && [ -z "$ok_exists" ]; then
369 echo >&2374 echo >&2
370 echo >&2 " Backup path $target exists. Giving up..."375 echo >&2 " Backup path $target exists. Giving up..."
diff --git a/debian/slapd.ufw.profile b/debian/slapd.ufw.profile
371new file mode 100644376new file mode 100644
index 0000000..3c4f676
--- /dev/null
+++ b/debian/slapd.ufw.profile
@@ -0,0 +1,9 @@
1[OpenLDAP LDAP]
2title=OpenLDAP with TLS
3description=OpenLDAP is a free, fast, lightweight LDAP server
4ports=389/tcp
5
6[OpenLDAP LDAPS]
7title=OpenLDAP over SSL
8description=OpenLDAP is a free, fast, lightweight LDAP server
9ports=636/tcp

Subscribers

People subscribed via source and target branches