Merge ~ahasenack/ubuntu/+source/openldap:focal-openldap-merge-to-grab-fix into ubuntu/+source/openldap:debian/sid

Proposed by Andreas Hasenack on 2020-03-06
Status: Merged
Approved by: Andreas Hasenack on 2020-03-09
Approved revision: 2f77298068c07b2c101f55d9ead3fda799e882bc
Merge reported by: Andreas Hasenack
Merged at revision: 2f77298068c07b2c101f55d9ead3fda799e882bc
Proposed branch: ~ahasenack/ubuntu/+source/openldap:focal-openldap-merge-to-grab-fix
Merge into: ubuntu/+source/openldap:debian/sid
Diff against target: 3307 lines (+2818/-12)
18 files modified
debian/apparmor-profile (+60/-0)
debian/changelog (+2450/-0)
debian/configure.options (+1/-0)
debian/control (+6/-3)
debian/libldap-2.4-2.symbols (+7/-0)
debian/patches/contrib-makefiles (+21/-0)
debian/patches/fix-ldap-distribution.patch (+24/-0)
debian/patches/gssapi.diff (+140/-0)
debian/patches/series (+2/-0)
debian/rules (+23/-3)
debian/slapd.README.Debian (+13/-2)
debian/slapd.default (+1/-1)
debian/slapd.init.ldif (+0/-1)
debian/slapd.install (+2/-0)
debian/slapd.manpages (+1/-0)
debian/slapd.py (+51/-0)
debian/slapd.scripts-common (+7/-2)
debian/slapd.ufw.profile (+9/-0)
Reviewer Review Type Date Requested Status
Christian Ehrhardt  2020-03-06 Approve on 2020-03-09
Canonical Server Team 2020-03-06 Pending
Review via email: mp+380368@code.launchpad.net

Description of the change

Merge from debian to grab a bug fix for a crash.

Testing instructions:

* get the files from the bug:
mkdir slapd-test-case; cd slapd-test-case
wget -ct0 https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1866303/+attachment/5334194/+files/slapd.conf https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1866303/+attachment/5334195/+files/data.ldif https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1866303/+attachment/5334196/+files/samba.schema https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1866303/+attachment/5334197/+files/script

* run the script:
sudo apt update && sudo sh ./script

* With the bug, the result is:
ldap_bind: Invalid credentials (49)
slapd dead

* With the fixed packages, you get a living slapd at the end (you can run the script again on the same system):
sudo add-apt-repository ppa:ahasenack/slapd-crash-bug-1866303 -y -u
sudo sh ./script
...
slapd running
ldap_bind: Invalid credentials (49)
slapd running

To post a comment you must log in.
Christian Ehrhardt  (paelzer) wrote :

Thanks git rande-diff !
10: 1432313c ! 10: c8c73d89
  Just context noise in d/p/patches
13: 7df62af4 < -: -------- - was an empty commit for "dropped"
14: 848d4820 ! 13: aa3c53cd - changelog being different (ok)
15: 88f31ebd ! 14: 3834f198 - changelog being different (ok)
All others are ==

Changelog:
- [√] old content and logical tag match as expected
- [√] changelog entry correct version and targeted codename
- [√] changelog entries correct
- [√] update-maintainer has been run

Actual changes:
- [√] no major upstream changes to consider
- [√] no further upstream version to consider
- [√] debian changes look safe
    And in particular for now they don't need an FFe IMHO

Old Delta:
- [√] nothing else to drop
- [√] changes forwarded upstream/debian (no new content, and we had done in the past)

New Delta:
- [√] no new patches added

Build/Test:
- [√] build is ok
- [√] verified PPA package installs/uninstalls
- [√] sanity checks test fine

P.S. I see you also plan an SRU for this fix, I hope it backports well - at least it is small.

review: Approve
Andreas Hasenack (ahasenack) wrote :

Thanks, tagging and uploading 2f77298068c07b2c101f55d9ead3fda799e882bc

$ git push pkg upload/2.4.49+dfsg-2ubuntu1
Enumerating objects: 95, done.
Counting objects: 100% (95/95), done.
Delta compression using up to 4 threads
Compressing objects: 100% (77/77), done.
Writing objects: 100% (79/79), 28.89 KiB | 1.16 MiB/s, done.
Total 79 (delta 57), reused 5 (delta 2)
To ssh://git.launchpad.net/~usd-import-team/ubuntu/+source/openldap
 * [new tag] upload/2.4.49+dfsg-2ubuntu1 -> upload/2.4.49+dfsg-2ubuntu1

$ dput ubuntu ../openldap_2.4.49+dfsg-2ubuntu1_source.changes
Checking signature on .changes
gpg: ../openldap_2.4.49+dfsg-2ubuntu1_source.changes: Valid signature from AC983EB5BF6BCBA9
Checking signature on .dsc
gpg: ../openldap_2.4.49+dfsg-2ubuntu1.dsc: Valid signature from AC983EB5BF6BCBA9
Package includes an .orig.tar.gz file although the debian revision suggests
that it might not be required. Multiple uploads of the .orig.tar.gz may be
rejected by the upload queue management software.
Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading openldap_2.4.49+dfsg-2ubuntu1.dsc: done.
  Uploading openldap_2.4.49+dfsg.orig.tar.gz: done.
  Uploading openldap_2.4.49+dfsg-2ubuntu1.debian.tar.xz: done.
  Uploading openldap_2.4.49+dfsg-2ubuntu1_source.buildinfo: done.
  Uploading openldap_2.4.49+dfsg-2ubuntu1_source.changes: done.
Successfully uploaded packages.

Andreas Hasenack (ahasenack) wrote :

This migrated.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/apparmor-profile b/debian/apparmor-profile
2new file mode 100644
3index 0000000..793fa7b
4--- /dev/null
5+++ b/debian/apparmor-profile
6@@ -0,0 +1,60 @@
7+# vim:syntax=apparmor
8+# Last Modified: Fri Jan 4 15:18:13 2008
9+# Author: Jamie Strandboge <jamie@ubuntu.com>
10+
11+#include <tunables/global>
12+
13+/usr/sbin/slapd {
14+ #include <abstractions/base>
15+ #include <abstractions/nameservice>
16+ #include <abstractions/p11-kit>
17+
18+ #include <abstractions/ssl_certs>
19+ /etc/ssl/private/ r,
20+ /etc/ssl/private/* r,
21+
22+ /etc/sasldb2 r,
23+
24+ capability dac_override,
25+ capability net_bind_service,
26+ capability setgid,
27+ capability setuid,
28+
29+ /etc/gai.conf r,
30+ /etc/hosts.allow r,
31+ /etc/hosts.deny r,
32+
33+ # ldap files
34+ /etc/ldap/** kr,
35+ /etc/ldap/slapd.d/** rw,
36+
37+ # kerberos/gssapi
38+ /dev/tty rw,
39+ /etc/gss/mech.d/ r,
40+ /etc/gss/mech.d/* kr,
41+ /etc/krb5.keytab kr,
42+ /etc/krb5/user/*/client.keytab kr,
43+ owner /tmp/krb5cc_* rwk,
44+ /var/tmp/ rw,
45+ /var/tmp/** rw,
46+
47+ # the databases and logs
48+ /var/lib/ldap/ r,
49+ /var/lib/ldap/** rwk,
50+
51+ # lock file
52+ /var/lib/ldap/alock kw,
53+
54+ # pid files and sockets
55+ /{,var/}run/slapd/* w,
56+ /{,var/}run/slapd/ldapi rw,
57+ /{,var/}run/nslcd/socket rw,
58+
59+ /usr/lib/ldap/ r,
60+ /usr/lib/ldap/* mr,
61+
62+ /usr/sbin/slapd mr,
63+
64+ # Site-specific additions and overrides. See local/README for details.
65+ #include <local/usr.sbin.slapd>
66+}
67diff --git a/debian/changelog b/debian/changelog
68index 56ce1ee..e4fd52b 100644
69--- a/debian/changelog
70+++ b/debian/changelog
71@@ -1,3 +1,55 @@
72+openldap (2.4.49+dfsg-2ubuntu1) focal; urgency=medium
73+
74+ * Merge with Debian unstable (LP: #1866303). Remaining changes:
75+ - Enable AppArmor support:
76+ - d/apparmor-profile: add AppArmor profile
77+ - d/rules: use dh_apparmor
78+ - d/control: Build-Depends on dh-apparmor
79+ - d/slapd.README.Debian: add note about AppArmor
80+ - Enable GSSAPI support:
81+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
82+ - Add --with-gssapi support
83+ - Make guess_service_principal() more robust when determining
84+ principal
85+ [Dropped the ldap_gssapi_bind_s() hunk as that is already
86+ - d/configure.options: Configure with --with-gssapi
87+ - d/control: Added heimdal-dev as a build depend
88+ - d/rules:
89+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
90+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
91+ - Enable ufw support:
92+ - d/control: suggest ufw.
93+ - d/rules: install ufw profile.
94+ - d/slapd.ufw.profile: add ufw profile.
95+ - Enable nss overlay:
96+ - d/rules:
97+ - add nssov to CONTRIB_MODULES
98+ - add sysconfdir to CONTRIB_MAKEVARS
99+ - d/slapd.install:
100+ - install nssov overlay
101+ - d/slapd.manpages:
102+ - install slapo-nssov(5) man page
103+ - d/{rules,slapd.py}: Add apport hook.
104+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
105+ either the default DIT nor via an Authn mapping.
106+ - d/slapd.scripts-common:
107+ - add slapcat_opts to local variables.
108+ - Fix backup directory naming for multiple reconfiguration.
109+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
110+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
111+ in the openldap library, as required by Likewise-Open
112+ - Show distribution in version:
113+ - d/control: added lsb-release
114+ - d/patches/fix-ldap-distribution.patch: show distribution in version
115+ - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
116+ - CLDAP (UDP) was added in 2.4.17-1ubuntu2
117+ - GSSAPI support was enabled in 2.4.18-0ubuntu2
118+ - d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
119+ Debian bug #919136, we also have to patch the nssov makefile
120+ accordingly and thus update this patch.
121+
122+ -- Andreas Hasenack <andreas@canonical.com> Fri, 06 Mar 2020 11:39:12 -0300
123+
124 openldap (2.4.49+dfsg-2) unstable; urgency=medium
125
126 * slapd.README.Debian: Document the initial setup performed by slapd's
127@@ -9,6 +61,62 @@ openldap (2.4.49+dfsg-2) unstable; urgency=medium
128
129 -- Ryan Tandy <ryan@nardis.ca> Thu, 05 Mar 2020 12:59:46 -0800
130
131+openldap (2.4.49+dfsg-1ubuntu1) focal; urgency=medium
132+
133+ * Merge with Debian unstable. Remaining changes:
134+ - Enable AppArmor support:
135+ - d/apparmor-profile: add AppArmor profile
136+ - d/rules: use dh_apparmor
137+ - d/control: Build-Depends on dh-apparmor
138+ - d/slapd.README.Debian: add note about AppArmor
139+ - Enable GSSAPI support:
140+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
141+ - Add --with-gssapi support
142+ - Make guess_service_principal() more robust when determining
143+ principal
144+ [Dropped the ldap_gssapi_bind_s() hunk as that is already
145+ - d/configure.options: Configure with --with-gssapi
146+ - d/control: Added heimdal-dev as a build depend
147+ - d/rules:
148+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
149+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
150+ - Enable ufw support:
151+ - d/control: suggest ufw.
152+ - d/rules: install ufw profile.
153+ - d/slapd.ufw.profile: add ufw profile.
154+ - Enable nss overlay:
155+ - d/rules:
156+ - add nssov to CONTRIB_MODULES
157+ - add sysconfdir to CONTRIB_MAKEVARS
158+ - d/slapd.install:
159+ - install nssov overlay
160+ - d/slapd.manpages:
161+ - install slapo-nssov(5) man page
162+ - d/{rules,slapd.py}: Add apport hook.
163+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
164+ either the default DIT nor via an Authn mapping.
165+ - d/slapd.scripts-common:
166+ - add slapcat_opts to local variables.
167+ - Fix backup directory naming for multiple reconfiguration.
168+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
169+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
170+ in the openldap library, as required by Likewise-Open
171+ - Show distribution in version:
172+ - d/control: added lsb-release
173+ - d/patches/fix-ldap-distribution.patch: show distribution in version
174+ - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
175+ - CLDAP (UDP) was added in 2.4.17-1ubuntu2
176+ - GSSAPI support was enabled in 2.4.18-0ubuntu2
177+ - d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
178+ Debian bug #919136, we also have to patch the nssov makefile
179+ accordingly and thus update this patch.
180+ * Dropped:
181+ - d/control: slapd can depend on perl:any since it only uses perl for
182+ some maintainer and helper scripts.
183+ [In 2.4.49+dfsg-1]
184+
185+ -- Andreas Hasenack <andreas@canonical.com> Mon, 10 Feb 2020 12:13:47 -0300
186+
187 openldap (2.4.49+dfsg-1) unstable; urgency=medium
188
189 * New upstream release.
190@@ -37,6 +145,102 @@ openldap (2.4.49+dfsg-1) unstable; urgency=medium
191
192 -- Ryan Tandy <ryan@nardis.ca> Thu, 06 Feb 2020 10:08:12 -0800
193
194+openldap (2.4.48+dfsg-1ubuntu4) focal; urgency=medium
195+
196+ * d/control: slapd can depend on perl:any since it only uses perl for
197+ some maintainer and helper scripts. The perl backend links against
198+ the correct architecture perl libraries already. Can be dropped
199+ after https://salsa.debian.org/openldap-team/openldap/commit/794c736
200+ is in a Debian upload.
201+
202+ -- Andreas Hasenack <andreas@canonical.com> Mon, 06 Jan 2020 16:46:11 -0300
203+
204+openldap (2.4.48+dfsg-1ubuntu3) focal; urgency=medium
205+
206+ * No-change rebuild against libnettle7
207+
208+ -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 31 Oct 2019 22:13:44 +0000
209+
210+openldap (2.4.48+dfsg-1ubuntu2) focal; urgency=medium
211+
212+ * No-change rebuild for the perl update.
213+
214+ -- Matthias Klose <doko@ubuntu.com> Fri, 18 Oct 2019 19:37:23 +0000
215+
216+openldap (2.4.48+dfsg-1ubuntu1) eoan; urgency=medium
217+
218+ * Merge with Debian unstable. Remaining changes:
219+ - Enable AppArmor support:
220+ - d/apparmor-profile: add AppArmor profile
221+ - d/rules: use dh_apparmor
222+ - d/control: Build-Depends on dh-apparmor
223+ - d/slapd.README.Debian: add note about AppArmor
224+ - Enable GSSAPI support:
225+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
226+ - Add --with-gssapi support
227+ - Make guess_service_principal() more robust when determining
228+ principal
229+ - d/configure.options: Configure with --with-gssapi
230+ - d/control: Added heimdal-dev as a build depend
231+ - d/rules:
232+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
233+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
234+ - Enable ufw support:
235+ - d/control: suggest ufw.
236+ - d/rules: install ufw profile.
237+ - d/slapd.ufw.profile: add ufw profile.
238+ - Enable nss overlay:
239+ - d/rules:
240+ - add nssov to CONTRIB_MODULES
241+ - add sysconfdir to CONTRIB_MAKEVARS
242+ - d/slapd.install:
243+ - install nssov overlay
244+ - d/slapd.manpages:
245+ - install slapo-nssov(5) man page
246+ - d/{rules,slapd.py}: Add apport hook.
247+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
248+ either the default DIT nor via an Authn mapping.
249+ - d/slapd.scripts-common:
250+ - add slapcat_opts to local variables.
251+ - Fix backup directory naming for multiple reconfiguration.
252+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
253+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
254+ in the openldap library, as required by Likewise-Open
255+ - Show distribution in version:
256+ - d/control: added lsb-release
257+ - d/patches/fix-ldap-distribution.patch: show distribution in version
258+ - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
259+ - CLDAP (UDP) was added in 2.4.17-1ubuntu2
260+ - GSSAPI support was enabled in 2.4.18-0ubuntu2
261+ - d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
262+ Debian bug #919136, we also have to patch the nssov makefile
263+ accordingly and thus update this patch.
264+ * Dropped:
265+ - Fix sysv-generator unit file by customizing parameters (LP #1821343)
266+ + d/slapd-remain-after-exit.conf: Override RemainAfterExit to allow
267+ correct systemctl status for slapd daemon.
268+ + d/slapd.install: place override file in correct location.
269+ [Included in 2.4.48+dfsg-1]
270+ - SECURITY UPDATE: rootDN proxyauthz not restricted to its own databases
271+ + debian/patches/CVE-2019-13057-1.patch: add restriction to
272+ servers/slapd/saslauthz.c.
273+ + debian/patches/CVE-2019-13057-2.patch: add tests to
274+ tests/data/idassert.out, tests/data/slapd-idassert.conf,
275+ tests/data/test-idassert1.ldif, tests/scripts/test028-idassert.
276+ + debian/patches/CVE-2019-13057-3.patch: fix typo in
277+ tests/scripts/test028-idassert.
278+ + debian/patches/CVE-2019-13057-4.patch: fix typo in
279+ tests/scripts/test028-idassert.
280+ + CVE-2019-13057
281+ [Fixed upstream]
282+ - SECURITY UPDATE: SASL SSF not initialized per connection
283+ + debian/patches/CVE-2019-13565.patch: zero out sasl_ssf in
284+ connection_init in servers/slapd/connection.c.
285+ + CVE-2019-13565
286+ [Fixed upstream]
287+
288+ -- Andreas Hasenack <andreas@canonical.com> Wed, 31 Jul 2019 18:01:14 -0300
289+
290 openldap (2.4.48+dfsg-1) unstable; urgency=medium
291
292 * New upstream release.
293@@ -64,6 +268,87 @@ openldap (2.4.48+dfsg-1) unstable; urgency=medium
294
295 -- Ryan Tandy <ryan@nardis.ca> Thu, 25 Jul 2019 08:32:00 -0700
296
297+openldap (2.4.47+dfsg-3ubuntu3) eoan; urgency=medium
298+
299+ * SECURITY UPDATE: rootDN proxyauthz not restricted to its own databases
300+ - debian/patches/CVE-2019-13057-1.patch: add restriction to
301+ servers/slapd/saslauthz.c.
302+ - debian/patches/CVE-2019-13057-2.patch: add tests to
303+ tests/data/idassert.out, tests/data/slapd-idassert.conf,
304+ tests/data/test-idassert1.ldif, tests/scripts/test028-idassert.
305+ - debian/patches/CVE-2019-13057-3.patch: fix typo in
306+ tests/scripts/test028-idassert.
307+ - debian/patches/CVE-2019-13057-4.patch: fix typo in
308+ tests/scripts/test028-idassert.
309+ - CVE-2019-13057
310+ * SECURITY UPDATE: SASL SSF not initialized per connection
311+ - debian/patches/CVE-2019-13565.patch: zero out sasl_ssf in
312+ connection_init in servers/slapd/connection.c.
313+ - CVE-2019-13565
314+
315+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 26 Jul 2019 13:21:00 -0400
316+
317+openldap (2.4.47+dfsg-3ubuntu2) disco; urgency=medium
318+
319+ * Fix sysv-generator unit file by customizing parameters (LP: #1821343)
320+ - d/slapd-remain-after-exit.conf: Override RemainAfterExit to allow
321+ correct systemctl status for slapd daemon.
322+ - d/slapd.install: place override file in correct location.
323+
324+ -- Heitor Alves de Siqueira <halves@canonical.com> Mon, 08 Apr 2019 12:39:12 -0300
325+
326+openldap (2.4.47+dfsg-3ubuntu1) disco; urgency=medium
327+
328+ * Merge with Debian unstable. Remaining changes:
329+ - Enable AppArmor support:
330+ - d/apparmor-profile: add AppArmor profile
331+ - d/rules: use dh_apparmor
332+ - d/control: Build-Depends on dh-apparmor
333+ - d/slapd.README.Debian: add note about AppArmor
334+ - Enable GSSAPI support:
335+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
336+ - Add --with-gssapi support
337+ - Make guess_service_principal() more robust when determining
338+ principal
339+ - d/configure.options: Configure with --with-gssapi
340+ - d/control: Added heimdal-dev as a build depend
341+ - d/rules:
342+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
343+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
344+ - Enable ufw support:
345+ - d/control: suggest ufw.
346+ - d/rules: install ufw profile.
347+ - d/slapd.ufw.profile: add ufw profile.
348+ - Enable nss overlay:
349+ - d/rules:
350+ - add nssov to CONTRIB_MODULES
351+ - add sysconfdir to CONTRIB_MAKEVARS
352+ - d/slapd.install:
353+ - install nssov overlay
354+ - d/slapd.manpages:
355+ - install slapo-nssov(5) man page
356+ - d/{rules,slapd.py}: Add apport hook.
357+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
358+ either the default DIT nor via an Authn mapping.
359+ - d/slapd.scripts-common:
360+ - add slapcat_opts to local variables.
361+ - Fix backup directory naming for multiple reconfiguration.
362+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
363+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
364+ in the openldap library, as required by Likewise-Open
365+ - Show distribution in version:
366+ - d/control: added lsb-release
367+ - d/patches/fix-ldap-distribution.patch: show distribution in version
368+ - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
369+ - CLDAP (UDP) was added in 2.4.17-1ubuntu2
370+ - GSSAPI support was enabled in 2.4.18-0ubuntu2
371+ * Added changes:
372+ - d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
373+ Debian bug #919136, we also have to patch the nssov makefile
374+ accordingly and thus update this patch.
375+
376+ -- Andreas Hasenack <andreas@canonical.com> Mon, 11 Feb 2019 09:20:47 -0200
377+
378 openldap (2.4.47+dfsg-3) unstable; urgency=medium
379
380 * Restore patches to contrib Makefiles to set CFLAGS, CPPFLAGS, and LDFLAGS
381@@ -79,6 +364,63 @@ openldap (2.4.47+dfsg-3) unstable; urgency=medium
382
383 -- Ryan Tandy <ryan@nardis.ca> Sat, 02 Feb 2019 10:30:10 -0800
384
385+openldap (2.4.47+dfsg-2ubuntu1) disco; urgency=medium
386+
387+ * Merge from Debian unstable (LP: #1811630). Remaining changes:
388+ - Enable AppArmor support:
389+ - d/apparmor-profile: add AppArmor profile
390+ - d/rules: use dh_apparmor
391+ - d/control: Build-Depends on dh-apparmor
392+ - d/slapd.README.Debian: add note about AppArmor
393+ - Enable GSSAPI support:
394+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
395+ - Add --with-gssapi support
396+ - Make guess_service_principal() more robust when determining
397+ principal
398+ - d/configure.options: Configure with --with-gssapi
399+ - d/control: Added heimdal-dev as a build depend
400+ - d/rules:
401+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
402+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
403+ - Enable ufw support:
404+ - d/control: suggest ufw.
405+ - d/rules: install ufw profile.
406+ - d/slapd.ufw.profile: add ufw profile.
407+ - Enable nss overlay:
408+ - d/rules:
409+ - add nssov to CONTRIB_MODULES
410+ - add sysconfdir to CONTRIB_MAKEVARS
411+ - d/slapd.install:
412+ - install nssov overlay
413+ - d/slapd.manpages:
414+ - install slapo-nssov(5) man page
415+ - d/{rules,slapd.py}: Add apport hook.
416+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
417+ either the default DIT nor via an Authn mapping.
418+ - d/slapd.scripts-common:
419+ - add slapcat_opts to local variables.
420+ - Fix backup directory naming for multiple reconfiguration.
421+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
422+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
423+ in the openldap library, as required by Likewise-Open
424+ - Show distribution in version:
425+ - d/control: added lsb-release
426+ - d/patches/fix-ldap-distribution.patch: show distribution in version
427+ - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
428+ - CLDAP (UDP) was added in 2.4.17-1ubuntu2
429+ - GSSAPI support was enabled in 2.4.18-0ubuntu2
430+ * Update nssov build and packaging for Debian changes:
431+ - Drop patch nssov-build
432+ - d/rules:
433+ - add nssov to CONTRIB_MODULES
434+ - add sysconfdir to CONTRIB_MAKEVARS
435+ - d/slapd.install:
436+ - install nssov overlay
437+ - d/slapd.manpages:
438+ - install slapo-nssov(5) man page
439+
440+ -- Ryan Tandy <ryan@nardis.ca> Sun, 13 Jan 2019 04:47:09 +0000
441+
442 openldap (2.4.47+dfsg-2) unstable; urgency=medium
443
444 * Reintroduce slapi-dev binary package. (Closes: #711469)
445@@ -116,6 +458,63 @@ openldap (2.4.47+dfsg-1) unstable; urgency=medium
446
447 -- Ryan Tandy <ryan@nardis.ca> Sun, 23 Dec 2018 12:50:40 -0800
448
449+openldap (2.4.46+dfsg-5ubuntu3) disco; urgency=medium
450+
451+ * d/apparmor-profile: update apparmor profile to allow reading of
452+ files needed when slapd is behaving as a kerberos/gssapi client
453+ and acquiring its own ticket. (LP: #1783183)
454+
455+ -- Andreas Hasenack <andreas@canonical.com> Fri, 09 Nov 2018 21:29:51 -0200
456+
457+openldap (2.4.46+dfsg-5ubuntu2) disco; urgency=medium
458+
459+ * No-change rebuild for the perl 5.28 transition.
460+
461+ -- Adam Conrad <adconrad@ubuntu.com> Fri, 02 Nov 2018 18:14:37 -0600
462+
463+openldap (2.4.46+dfsg-5ubuntu1) cosmic; urgency=medium
464+
465+ * Merge from Debian unstable. Remaining changes:
466+ - Enable AppArmor support:
467+ - d/apparmor-profile: add AppArmor profile
468+ - d/rules: use dh_apparmor
469+ - d/control: Build-Depends on dh-apparmor
470+ - d/slapd.README.Debian: add note about AppArmor
471+ - Enable GSSAPI support:
472+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
473+ - Add --with-gssapi support
474+ - Make guess_service_principal() more robust when determining
475+ principal
476+ - d/configure.options: Configure with --with-gssapi
477+ - d/control: Added heimdal-dev as a build depend
478+ - d/rules:
479+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
480+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
481+ - Enable ufw support:
482+ - d/control: suggest ufw.
483+ - d/rules: install ufw profile.
484+ - d/slapd.ufw.profile: add ufw profile.
485+ - Enable nss overlay:
486+ - d/{patches/nssov-build,rules}: Apply, build and package the
487+ nss overlay.
488+ - d/{rules,slapd.py}: Add apport hook.
489+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
490+ either the default DIT nor via an Authn mapping.
491+ - d/slapd.scripts-common:
492+ - add slapcat_opts to local variables.
493+ - Fix backup directory naming for multiple reconfiguration.
494+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
495+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
496+ in the openldap library, as required by Likewise-Open
497+ - Show distribution in version:
498+ - d/control: added lsb-release
499+ - d/patches/fix-ldap-distribution.patch: show distribution in version
500+ - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
501+ - CLDAP (UDP) was added in 2.4.17-1ubuntu2
502+ - GSSAPI support was enabled in 2.4.18-0ubuntu2
503+
504+ -- Gianfranco Costamagna <locutusofborg@debian.org> Wed, 09 May 2018 13:44:37 +0200
505+
506 openldap (2.4.46+dfsg-5) unstable; urgency=medium
507
508 * Restore slapd-smbk5pwd now that libldap is installable in unstable.
509@@ -135,6 +534,49 @@ openldap (2.4.46+dfsg-3) unstable; urgency=medium
510
511 -- Ryan Tandy <ryan@nardis.ca> Fri, 04 May 2018 07:36:58 -0700
512
513+openldap (2.4.46+dfsg-2ubuntu1) cosmic; urgency=low
514+
515+ * Merge from Debian unstable. Remaining changes:
516+ - Enable AppArmor support:
517+ - d/apparmor-profile: add AppArmor profile
518+ - d/rules: use dh_apparmor
519+ - d/control: Build-Depends on dh-apparmor
520+ - d/slapd.README.Debian: add note about AppArmor
521+ - Enable GSSAPI support:
522+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
523+ - Add --with-gssapi support
524+ - Make guess_service_principal() more robust when determining
525+ principal
526+ - d/configure.options: Configure with --with-gssapi
527+ - d/control: Added heimdal-dev as a build depend
528+ - d/rules:
529+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
530+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
531+ - Enable ufw support:
532+ - d/control: suggest ufw.
533+ - d/rules: install ufw profile.
534+ - d/slapd.ufw.profile: add ufw profile.
535+ - Enable nss overlay:
536+ - d/{patches/nssov-build,rules}: Apply, build and package the
537+ nss overlay.
538+ - d/{rules,slapd.py}: Add apport hook.
539+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
540+ either the default DIT nor via an Authn mapping.
541+ - d/slapd.scripts-common:
542+ - add slapcat_opts to local variables.
543+ - Fix backup directory naming for multiple reconfiguration.
544+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
545+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
546+ in the openldap library, as required by Likewise-Open
547+ - Show distribution in version:
548+ - d/control: added lsb-release
549+ - d/patches/fix-ldap-distribution.patch: show distribution in version
550+ - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
551+ - CLDAP (UDP) was added in 2.4.17-1ubuntu2
552+ - GSSAPI support was enabled in 2.4.18-0ubuntu2
553+
554+ -- Gianfranco Costamagna <locutusofborg@debian.org> Fri, 04 May 2018 10:19:24 +0200
555+
556 openldap (2.4.46+dfsg-2) unstable; urgency=medium
557
558 * Remove version constraint from libldap-2.4-2 dependency on libldap-common.
559@@ -164,6 +606,49 @@ openldap (2.4.46+dfsg-1) unstable; urgency=medium
560
561 -- Ryan Tandy <ryan@nardis.ca> Thu, 03 May 2018 07:03:30 -0700
562
563+openldap (2.4.45+dfsg-1ubuntu1) artful; urgency=low
564+
565+ * Merge from Debian unstable. Remaining changes:
566+ - Enable AppArmor support:
567+ - d/apparmor-profile: add AppArmor profile
568+ - d/rules: use dh_apparmor
569+ - d/control: Build-Depends on dh-apparmor
570+ - d/slapd.README.Debian: add note about AppArmor
571+ - Enable GSSAPI support:
572+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
573+ - Add --with-gssapi support
574+ - Make guess_service_principal() more robust when determining
575+ principal
576+ - d/configure.options: Configure with --with-gssapi
577+ - d/control: Added heimdal-dev as a build depend
578+ - d/rules:
579+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
580+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
581+ - Enable ufw support:
582+ - d/control: suggest ufw.
583+ - d/rules: install ufw profile.
584+ - d/slapd.ufw.profile: add ufw profile.
585+ - Enable nss overlay:
586+ - d/{patches/nssov-build,rules}: Apply, build and package the
587+ nss overlay.
588+ - d/{rules,slapd.py}: Add apport hook.
589+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
590+ either the default DIT nor via an Authn mapping.
591+ - d/slapd.scripts-common:
592+ - add slapcat_opts to local variables.
593+ - Fix backup directory naming for multiple reconfiguration.
594+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
595+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
596+ in the openldap library, as required by Likewise-Open
597+ - Show distribution in version:
598+ - d/control: added lsb-release
599+ - d/patches/fix-ldap-distribution.patch: show distribution in version
600+ - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
601+ - CLDAP (UDP) was added in 2.4.17-1ubuntu2
602+ - GSSAPI support was enabled in 2.4.18-0ubuntu2
603+
604+ -- Gianfranco Costamagna <locutusofborg@debian.org> Fri, 28 Jul 2017 14:49:07 +0200
605+
606 openldap (2.4.45+dfsg-1) unstable; urgency=medium
607
608 * New upstream release.
609@@ -205,6 +690,49 @@ openldap (2.4.45+dfsg-1) unstable; urgency=medium
610
611 -- Ryan Tandy <ryan@nardis.ca> Thu, 27 Jul 2017 18:04:41 -0700
612
613+openldap (2.4.44+dfsg-8ubuntu1) artful; urgency=low
614+
615+ * Merge from Debian unstable. Remaining changes:
616+ - Enable AppArmor support:
617+ - d/apparmor-profile: add AppArmor profile
618+ - d/rules: use dh_apparmor
619+ - d/control: Build-Depends on dh-apparmor
620+ - d/slapd.README.Debian: add note about AppArmor
621+ - Enable GSSAPI support:
622+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
623+ - Add --with-gssapi support
624+ - Make guess_service_principal() more robust when determining
625+ principal
626+ - d/configure.options: Configure with --with-gssapi
627+ - d/control: Added heimdal-dev as a build depend
628+ - d/rules:
629+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
630+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
631+ - Enable ufw support:
632+ - d/control: suggest ufw.
633+ - d/rules: install ufw profile.
634+ - d/slapd.ufw.profile: add ufw profile.
635+ - Enable nss overlay:
636+ - d/{patches/nssov-build,rules}: Apply, build and package the
637+ nss overlay.
638+ - d/{rules,slapd.py}: Add apport hook.
639+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
640+ either the default DIT nor via an Authn mapping.
641+ - d/slapd.scripts-common:
642+ - add slapcat_opts to local variables.
643+ - Fix backup directory naming for multiple reconfiguration.
644+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
645+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
646+ in the openldap library, as required by Likewise-Open
647+ - Show distribution in version:
648+ - d/control: added lsb-release
649+ - d/patches/fix-ldap-distribution.patch: show distribution in version
650+ - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
651+ - CLDAP (UDP) was added in 2.4.17-1ubuntu2
652+ - GSSAPI support was enabled in 2.4.18-0ubuntu2
653+
654+ -- Gianfranco Costamagna <locutusofborg@debian.org> Mon, 17 Jul 2017 10:58:24 +0200
655+
656 openldap (2.4.44+dfsg-8) unstable; urgency=medium
657
658 * Disable test060-mt-hot on ppc64el temporarily to avoid failing tests until
659@@ -215,6 +743,52 @@ openldap (2.4.44+dfsg-8) unstable; urgency=medium
660
661 -- Ryan Tandy <ryan@nardis.ca> Sun, 16 Jul 2017 12:57:41 -0700
662
663+openldap (2.4.44+dfsg-7ubuntu1) artful; urgency=medium
664+
665+ * Merge from Debian unstable. Remaining changes:
666+ - Enable AppArmor support:
667+ - d/apparmor-profile: add AppArmor profile
668+ - d/rules: use dh_apparmor
669+ - d/control: Build-Depends on dh-apparmor
670+ - d/slapd.README.Debian: add note about AppArmor
671+ - Enable GSSAPI support:
672+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
673+ - Add --with-gssapi support
674+ - Make guess_service_principal() more robust when determining
675+ principal
676+ - d/configure.options: Configure with --with-gssapi
677+ - d/control: Added heimdal-dev as a build depend
678+ - d/rules:
679+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
680+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
681+ - Enable ufw support:
682+ - d/control: suggest ufw.
683+ - d/rules: install ufw profile.
684+ - d/slapd.ufw.profile: add ufw profile.
685+ - Enable nss overlay:
686+ - d/{patches/nssov-build,rules}: Apply, build and package the
687+ nss overlay.
688+ - d/{rules,slapd.py}: Add apport hook.
689+ [ d/rules modification mentioned above was dropped in
690+ 2.4.23-6ubuntu1, re-adding it ]
691+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
692+ either the default DIT nor via an Authn mapping.
693+ - d/slapd.scripts-common:
694+ - add slapcat_opts to local variables.
695+ - Fix backup directory naming for multiple reconfiguration.
696+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
697+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
698+ in the openldap library, as required by Likewise-Open
699+ - Show distribution in version:
700+ - d/control: added lsb-release
701+ - d/patches/fix-ldap-distribution.patch: show distribution in version
702+ [ Refreshed patch ]
703+ - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
704+ - CLDAP (UDP) was added in 2.4.17-1ubuntu2
705+ - GSSAPI support was enabled in 2.4.18-0ubuntu2
706+
707+ -- Gianfranco Costamagna <locutusofborg@debian.org> Tue, 27 Jun 2017 10:21:41 +0200
708+
709 openldap (2.4.44+dfsg-7) unstable; urgency=medium
710
711 * Relax the dependency of libldap-2.4-2 on libldap-common to also permit
712@@ -222,6 +796,52 @@ openldap (2.4.44+dfsg-7) unstable; urgency=medium
713
714 -- Ryan Tandy <ryan@nardis.ca> Tue, 27 Jun 2017 18:53:12 -0700
715
716+openldap (2.4.44+dfsg-6ubuntu1) artful; urgency=medium
717+
718+ * Merge from Debian unstable. Remaining changes:
719+ - Enable AppArmor support:
720+ - d/apparmor-profile: add AppArmor profile
721+ - d/rules: use dh_apparmor
722+ - d/control: Build-Depends on dh-apparmor
723+ - d/slapd.README.Debian: add note about AppArmor
724+ - Enable GSSAPI support:
725+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
726+ - Add --with-gssapi support
727+ - Make guess_service_principal() more robust when determining
728+ principal
729+ - d/configure.options: Configure with --with-gssapi
730+ - d/control: Added heimdal-dev as a build depend
731+ - d/rules:
732+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
733+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
734+ - Enable ufw support:
735+ - d/control: suggest ufw.
736+ - d/rules: install ufw profile.
737+ - d/slapd.ufw.profile: add ufw profile.
738+ - Enable nss overlay:
739+ - d/{patches/nssov-build,rules}: Apply, build and package the
740+ nss overlay.
741+ - d/{rules,slapd.py}: Add apport hook.
742+ [ d/rules modification mentioned above was dropped in
743+ 2.4.23-6ubuntu1, re-adding it ]
744+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
745+ either the default DIT nor via an Authn mapping.
746+ - d/slapd.scripts-common:
747+ - add slapcat_opts to local variables.
748+ - Fix backup directory naming for multiple reconfiguration.
749+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
750+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
751+ in the openldap library, as required by Likewise-Open
752+ - Show distribution in version:
753+ - d/control: added lsb-release
754+ - d/patches/fix-ldap-distribution.patch: show distribution in version
755+ [ Refreshed patch ]
756+ - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
757+ - CLDAP (UDP) was added in 2.4.17-1ubuntu2
758+ - GSSAPI support was enabled in 2.4.18-0ubuntu2
759+
760+ -- Gianfranco Costamagna <locutusofborg@debian.org> Tue, 27 Jun 2017 10:21:41 +0200
761+
762 openldap (2.4.44+dfsg-6) unstable; urgency=medium
763
764 * Update the list of non-translatable strings for the
765@@ -230,6 +850,54 @@ openldap (2.4.44+dfsg-6) unstable; urgency=medium
766
767 -- Ryan Tandy <ryan@nardis.ca> Mon, 26 Jun 2017 19:42:02 -0700
768
769+openldap (2.4.44+dfsg-5ubuntu1) artful; urgency=medium
770+
771+ * Merge from Debian unstable. Remaining changes:
772+ - Enable AppArmor support:
773+ - d/apparmor-profile: add AppArmor profile
774+ - d/rules: use dh_apparmor
775+ - d/control: Build-Depends on dh-apparmor
776+ - d/slapd.README.Debian: add note about AppArmor
777+ - Enable GSSAPI support:
778+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
779+ - Add --with-gssapi support
780+ - Make guess_service_principal() more robust when determining
781+ principal
782+ - d/configure.options: Configure with --with-gssapi
783+ - d/control: Added heimdal-dev as a build depend
784+ - d/rules:
785+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
786+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
787+ - Enable ufw support:
788+ - d/control: suggest ufw.
789+ - d/rules: install ufw profile.
790+ - d/slapd.ufw.profile: add ufw profile.
791+ - Enable nss overlay:
792+ - d/{patches/nssov-build,rules}: Apply, build and package the
793+ nss overlay.
794+ - d/{rules,slapd.py}: Add apport hook.
795+ [ d/rules modification mentioned above was dropped in
796+ 2.4.23-6ubuntu1, re-adding it ]
797+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
798+ either the default DIT nor via an Authn mapping.
799+ - d/slapd.scripts-common:
800+ - add slapcat_opts to local variables.
801+ - Fix backup directory naming for multiple reconfiguration.
802+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
803+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
804+ in the openldap library, as required by Likewise-Open
805+ - Show distribution in version:
806+ - d/control: added lsb-release
807+ - d/patches/fix-ldap-distribution.patch: show distribution in version
808+ [ Refreshed patch ]
809+ - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
810+ - CLDAP (UDP) was added in 2.4.17-1ubuntu2
811+ - GSSAPI support was enabled in 2.4.18-0ubuntu2
812+ [ undocumented in prior merge, added in 2.4.41+dfsg-1ubuntu1 ]
813+ - Fix use after free with GnuTLS. (LP #1557248)
814+
815+ -- Gianfranco Costamagna <locutusofborg@debian.org> Sun, 28 May 2017 22:43:50 +0200
816+
817 openldap (2.4.44+dfsg-5) unstable; urgency=medium
818
819 * debian/patches/ITS-8644-wait-for-slapd-to-start-in-test064.patch: Fix an
820@@ -241,6 +909,54 @@ openldap (2.4.44+dfsg-5) unstable; urgency=medium
821
822 -- Ryan Tandy <ryan@nardis.ca> Sun, 28 May 2017 09:59:46 -0700
823
824+openldap (2.4.44+dfsg-4ubuntu1) artful; urgency=low
825+
826+ * Merge from Debian unstable. Remaining changes:
827+ - Enable AppArmor support:
828+ - d/apparmor-profile: add AppArmor profile
829+ - d/rules: use dh_apparmor
830+ - d/control: Build-Depends on dh-apparmor
831+ - d/slapd.README.Debian: add note about AppArmor
832+ - Enable GSSAPI support:
833+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
834+ - Add --with-gssapi support
835+ - Make guess_service_principal() more robust when determining
836+ principal
837+ - d/configure.options: Configure with --with-gssapi
838+ - d/control: Added heimdal-dev as a build depend
839+ - d/rules:
840+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
841+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
842+ - Enable ufw support:
843+ - d/control: suggest ufw.
844+ - d/rules: install ufw profile.
845+ - d/slapd.ufw.profile: add ufw profile.
846+ - Enable nss overlay:
847+ - d/{patches/nssov-build,rules}: Apply, build and package the
848+ nss overlay.
849+ - d/{rules,slapd.py}: Add apport hook.
850+ [ d/rules modification mentioned above was dropped in
851+ 2.4.23-6ubuntu1, re-adding it ]
852+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
853+ either the default DIT nor via an Authn mapping.
854+ - d/slapd.scripts-common:
855+ - add slapcat_opts to local variables.
856+ - Fix backup directory naming for multiple reconfiguration.
857+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
858+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
859+ in the openldap library, as required by Likewise-Open
860+ - Show distribution in version:
861+ - d/control: added lsb-release
862+ - d/patches/fix-ldap-distribution.patch: show distribution in version
863+ [ Refreshed patch ]
864+ - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
865+ - CLDAP (UDP) was added in 2.4.17-1ubuntu2
866+ - GSSAPI support was enabled in 2.4.18-0ubuntu2
867+ [ undocumented in prior merge, added in 2.4.41+dfsg-1ubuntu1 ]
868+ - Fix use after free with GnuTLS. (LP #1557248)
869+
870+ -- Gianfranco Costamagna <locutusofborg@debian.org> Sat, 22 Apr 2017 14:28:54 +0200
871+
872 openldap (2.4.44+dfsg-4) unstable; urgency=medium
873
874 * Improve the slapd/ppolicy_schema_needs_update debconf template. Thanks to
875@@ -287,6 +1003,67 @@ openldap (2.4.44+dfsg-4) unstable; urgency=medium
876
877 -- Ryan Tandy <ryan@nardis.ca> Sun, 16 Apr 2017 20:10:43 -0700
878
879+openldap (2.4.44+dfsg-3ubuntu2) zesty; urgency=medium
880+
881+ * d/rules: Fix typo in previous upload.
882+
883+ -- Nishanth Aravamudan <nish.aravamudan@canonical.com> Fri, 10 Feb 2017 12:17:02 -0800
884+
885+openldap (2.4.44+dfsg-3ubuntu1) zesty; urgency=medium
886+
887+ * Merge with Debian unstable (LP: #1663702, LP: #1654416). Remaining
888+ changes
889+ - Enable AppArmor support:
890+ - d/apparmor-profile: add AppArmor profile
891+ - d/rules: use dh_apparmor
892+ - d/control: Build-Depends on dh-apparmor
893+ - d/slapd.README.Debian: add note about AppArmor
894+ - Enable GSSAPI support:
895+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
896+ - Add --with-gssapi support
897+ - Make guess_service_principal() more robust when determining
898+ principal
899+ - d/configure.options: Configure with --with-gssapi
900+ - d/control: Added heimdal-dev as a build depend
901+ - d/rules:
902+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
903+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
904+ - Enable ufw support:
905+ - d/control: suggest ufw.
906+ - d/rules: install ufw profile.
907+ - d/slapd.ufw.profile: add ufw profile.
908+ - Enable nss overlay:
909+ - d/{patches/nssov-build,rules}: Apply, build and package the
910+ nss overlay.
911+ - d/{rules,slapd.py}: Add apport hook.
912+ [ d/rules modification mentioned above was dropped in
913+ 2.4.23-6ubuntu1, re-adding it ]
914+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
915+ either the default DIT nor via an Authn mapping.
916+ - d/slapd.scripts-common:
917+ - add slapcat_opts to local variables.
918+ - Fix backup directory naming for multiple reconfiguration.
919+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
920+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
921+ in the openldap library, as required by Likewise-Open
922+ - Show distribution in version:
923+ - d/control: added lsb-release
924+ - d/patches/fix-ldap-distribution.patch: show distribution in version
925+ [ Refreshed patch ]
926+ - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
927+ - CLDAP (UDP) was added in 2.4.17-1ubuntu2
928+ - GSSAPI support was enabled in 2.4.18-0ubuntu2
929+ [ undocumented in prior merge, added in 2.4.41+dfsg-1ubuntu1 ]
930+ - Fix use after free with GnuTLS. (LP #1557248)
931+ * Drop:
932+ - d/slapd.scripts-common:
933+ + Remove unused variable new_conf.
934+ [ configure_v2_protocol_support function removed in 2.4.44+dfsg-1 ]
935+ - d/b/config.log: add config.log
936+ [ previously undocumented, stray change ]
937+
938+ -- Nishanth Aravamudan <nish.aravamudan@canonical.com> Fri, 10 Feb 2017 11:38:57 -0800
939+
940 openldap (2.4.44+dfsg-3) unstable; urgency=medium
941
942 * Apply upstream patch to fix FTBFS on kFreeBSD. (Closes: #845394)
943@@ -359,6 +1136,73 @@ openldap (2.4.44+dfsg-1) unstable; urgency=medium
944
945 -- Ryan Tandy <ryan@nardis.ca> Mon, 14 Nov 2016 18:59:30 -0800
946
947+openldap (2.4.42+dfsg-2ubuntu5) zesty; urgency=medium
948+
949+ * No-change rebuild for perl 5.24 transition
950+
951+ -- Iain Lane <iain@orangesquash.org.uk> Mon, 24 Oct 2016 10:37:13 +0100
952+
953+openldap (2.4.42+dfsg-2ubuntu4) yakkety; urgency=medium
954+
955+ * Fix use after free with GnuTLS. (LP: #1557248)
956+
957+ -- Maciej Puzio <maciej@work.swmed.edu> Fri, 25 Mar 2016 15:24:25 -0500
958+
959+openldap (2.4.42+dfsg-2ubuntu3) xenial; urgency=medium
960+
961+ * Fix building with gssapi suppport:
962+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
963+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
964+
965+ -- Matthias Klose <doko@ubuntu.com> Thu, 18 Feb 2016 09:17:27 +0100
966+
967+openldap (2.4.42+dfsg-2ubuntu2) xenial; urgency=medium
968+
969+ * No-change rebuild for gnutls transition.
970+
971+ -- Matthias Klose <doko@ubuntu.com> Wed, 17 Feb 2016 22:27:04 +0000
972+
973+openldap (2.4.42+dfsg-2ubuntu1) xenial; urgency=medium
974+
975+ * Merge from Debian testing (LP: #1532648). Remaining changes:
976+ - Enable AppArmor support:
977+ - d/apparmor-profile: add AppArmor profile
978+ - d/rules: use dh_apparmor
979+ - d/control: Build-Depends on dh-apparmor
980+ - d/slapd.README.Debian: add note about AppArmor
981+ - Enable GSSAPI support:
982+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
983+ - Add --with-gssapi support
984+ - Make guess_service_principal() more robust when determining
985+ principal
986+ - d/configure.options: Configure with --with-gssapi
987+ - d/control: Added heimdal-dev as a build depend
988+ - Enable ufw support:
989+ - d/control: suggest ufw.
990+ - d/rules: install ufw profile.
991+ - d/slapd.ufw.profile: add ufw profile.
992+ - Enable nss overlay:
993+ - d/{patches/nssov-build,rules}: Apply, build and package the
994+ nss overlay.
995+ - d/{rules,slapd.py}: Add apport hook.
996+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
997+ either the default DIT nor via an Authn mapping.
998+ - d/slapd.scripts-common:
999+ - add slapcat_opts to local variables.
1000+ - Remove unused variable new_conf.
1001+ - Fix backup directory naming for multiple reconfiguration.
1002+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1003+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1004+ in the openldap library, as required by Likewise-Open
1005+ - Show distribution in version:
1006+ - d/control: added lsb-release
1007+ - d/patches/fix-ldap-distribution.patch: show distribution in version
1008+ * Drop CVE-2015-6908.patch, included in Debian.
1009+ * Remove DEB_HOST_ARCH from debian/rules: left over from when mdb was
1010+ disabled on ppc64el, no longer used, and missed in the previous merge.
1011+
1012+ -- Ryan Tandy <ryan@nardis.ca> Sun, 10 Jan 2016 15:50:53 -0800
1013+
1014 openldap (2.4.42+dfsg-2) unstable; urgency=medium
1015
1016 [ Ryan Tandy ]
1017@@ -426,6 +1270,71 @@ openldap (2.4.42+dfsg-1) unstable; urgency=medium
1018
1019 -- Ryan Tandy <ryan@nardis.ca> Fri, 21 Aug 2015 13:07:51 -0700
1020
1021+openldap (2.4.41+dfsg-1ubuntu3) xenial; urgency=medium
1022+
1023+ * Rebuild for Perl 5.22.1.
1024+
1025+ -- Colin Watson <cjwatson@ubuntu.com> Fri, 18 Dec 2015 15:10:17 +0000
1026+
1027+openldap (2.4.41+dfsg-1ubuntu2) wily; urgency=medium
1028+
1029+ * SECURITY UPDATE: denial of service via crafted BER data
1030+ - debian/patches/CVE-2015-6908.patch: remove obsolete assert in
1031+ libraries/liblber/io.c.
1032+ - CVE-2015-6908
1033+
1034+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 14 Sep 2015 10:25:04 -0400
1035+
1036+openldap (2.4.41+dfsg-1ubuntu1) wily; urgency=medium
1037+
1038+ * Merge from Debian testing (LP: #1471831). Remaining changes:
1039+ - Enable AppArmor support:
1040+ - d/apparmor-profile: add AppArmor profile
1041+ - d/rules: use dh_apparmor
1042+ - d/control: Build-Depends on dh-apparmor
1043+ - d/slapd.README.Debian: add note about AppArmor
1044+ - Enable GSSAPI support:
1045+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1046+ - Add --with-gssapi support
1047+ - Make guess_service_principal() more robust when determining
1048+ principal
1049+ - d/configure.options: Configure with --with-gssapi
1050+ - d/control: Added heimdal-dev as a build depend
1051+ - Enable ufw support:
1052+ - d/control: suggest ufw.
1053+ - d/rules: install ufw profile.
1054+ - d/slapd.ufw.profile: add ufw profile.
1055+ - Enable nss overlay:
1056+ - d/{patches/nssov-build,rules}: Apply, build and package the
1057+ nss overlay.
1058+ - d/{rules,slapd.py}: Add apport hook.
1059+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1060+ either the default DIT nor via an Authn mapping.
1061+ - d/slapd.scripts-common:
1062+ - add slapcat_opts to local variables.
1063+ - Remove unused variable new_conf.
1064+ - Fix backup directory naming for multiple reconfiguration.
1065+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1066+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1067+ in the openldap library, as required by Likewise-Open
1068+ - Show distribution in version:
1069+ - d/control: added lsb-release
1070+ - d/patches/fix-ldap-distribution.patch: show distribution in version
1071+ * Dropped changes:
1072+ - Fix cpp calls for GCC 5: fixed upstream (ITS#8056)
1073+ * Upstream fixes:
1074+ - slapd crash with auditlog overlay and large (~27KB) attribute values
1075+ (ITS#8003) (LP: #1461276)
1076+ - nssov updated to support recent nss-pam-ldapd client libraries
1077+ (ITS#8097) (LP: #1393306)
1078+ * Update d/patches/nssov-build for upstream changes.
1079+ * Tweak d/patches/gssapi.diff to apply without fuzz.
1080+ * d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1081+ - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1082+ - GSSAPI support was enabled in 2.4.18-0ubuntu2
1083+
1084+ -- Ryan Tandy <ryan@nardis.ca> Fri, 24 Jul 2015 14:12:06 -0700
1085+
1086 openldap (2.4.41+dfsg-1) unstable; urgency=medium
1087
1088 * New upstream release.
1089@@ -445,6 +1354,62 @@ openldap (2.4.40+dfsg-2) unstable; urgency=medium
1090
1091 -- Ryan Tandy <ryan@nardis.ca> Sun, 28 Jun 2015 20:40:37 -0700
1092
1093+openldap (2.4.40+dfsg-1ubuntu2) wily; urgency=medium
1094+
1095+ * No-change rebuild for the libnettle6 transition.
1096+
1097+ -- Adam Conrad <adconrad@ubuntu.com> Sun, 14 Jun 2015 03:58:30 -0600
1098+
1099+openldap (2.4.40+dfsg-1ubuntu1) wily; urgency=low
1100+
1101+ * Merge from Debian testing (LP: #1395098, LP: #1316124). Remaining changes:
1102+ - Enable AppArmor support:
1103+ - d/apparmor-profile: add AppArmor profile
1104+ - d/rules: use dh_apparmor
1105+ - d/control: Build-Depends on dh-apparmor
1106+ - d/slapd.README.Debian: add note about AppArmor
1107+ - Enable GSSAPI support:
1108+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1109+ - Add --with-gssapi support
1110+ - Make guess_service_principal() more robust when determining
1111+ principal
1112+ - d/configure.options: Configure with --with-gssapi
1113+ - d/control: Added heimdal-dev as a build depend
1114+ - Enable ufw support:
1115+ - d/control: suggest ufw.
1116+ - d/rules: install ufw profile.
1117+ - d/slapd.ufw.profile: add ufw profile.
1118+ - Enable nss overlay:
1119+ - d/{patches/nssov-build,rules}: Apply, build and package the
1120+ nss overlay.
1121+ - d/{rules,slapd.py}: Add apport hook.
1122+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1123+ either the default DIT nor via an Authn mapping.
1124+ - d/slapd.scripts-common:
1125+ - add slapcat_opts to local variables.
1126+ - Remove unused variable new_conf.
1127+ - Fix backup directory naming for multiple reconfiguration.
1128+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1129+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1130+ in the openldap library, as required by Likewise-Open
1131+ - Show distribution in version:
1132+ - d/control: added lsb-release
1133+ - d/patches/fix-ldap-distribution.patch: show distribution in version
1134+ * Drop patches included upstream:
1135+ - d/patches/0001-ITS-7430-GnuTLS-Avoid-use-of-deprecated-function.patch
1136+ - d/patches/bdb-deadlock.patch
1137+ - d/patches/its-7354-fix-delta-sync-mmr.diff
1138+ * Drop hardening-wrapper as Debian now sets PIE and bindnow flags.
1139+ * debian/patches/nssov-build: Adjust for upstream changes.
1140+ * debian/apparmor-profile:
1141+ - Change 'r' to 'rw' for ldapi and nslcd sockets, required for apparmor
1142+ kernel ABI v7 (utopic and later). (LP: #1392018)
1143+ - Reduce permissions on /run/nslcd to just the nslcd socket.
1144+ * Enable the mdb backend again on ppc64el, fixed upstream in ITS#7713.
1145+ (LP: #1293250)
1146+
1147+ -- Ryan Tandy <ryan@nardis.ca> Mon, 25 May 2015 19:49:21 -0700
1148+
1149 openldap (2.4.40+dfsg-1) unstable; urgency=medium
1150
1151 * Remove inetorgperson.schema from the upstream source. Replace it with a
1152@@ -633,6 +1598,187 @@ openldap (2.4.39-1) unstable; urgency=low
1153
1154 -- Steve Langasek <vorlon@debian.org> Mon, 17 Mar 2014 15:27:31 -0700
1155
1156+openldap (2.4.31-1+nmu2ubuntu12) vivid; urgency=medium
1157+
1158+ * Fix cpp calls for GCC 5.
1159+
1160+ -- Matthias Klose <doko@ubuntu.com> Fri, 06 Mar 2015 13:23:29 +0100
1161+
1162+openldap (2.4.31-1+nmu2ubuntu11) utopic; urgency=medium
1163+
1164+ * debian/apparmor-profile:
1165+ - allow p11-kit abstraction
1166+ - allow read of /etc/gss/mech.d/*
1167+
1168+ -- Jamie Strandboge <jamie@ubuntu.com> Tue, 02 Sep 2014 15:29:05 -0500
1169+
1170+openldap (2.4.31-1+nmu2ubuntu10) utopic; urgency=medium
1171+
1172+ * Rebuild for Perl 5.20.0.
1173+
1174+ -- Colin Watson <cjwatson@ubuntu.com> Thu, 21 Aug 2014 13:29:20 +0100
1175+
1176+openldap (2.4.31-1+nmu2ubuntu9) utopic; urgency=medium
1177+
1178+ * Cherry-pick upstream patch for compat with recent GNUTLS.
1179+ * Build-depend on libgnutls28-dev.
1180+ * Build-depend on libgcrypt20-dev.
1181+
1182+ -- Dimitri John Ledkov <xnox@ubuntu.com> Fri, 08 Aug 2014 11:01:56 +0100
1183+
1184+openldap (2.4.31-1+nmu2ubuntu8) trusty; urgency=medium
1185+
1186+ * Bump database_format_changed value to 2.4.31-1+nmu2ubuntu5 for db5.3.
1187+
1188+ -- Adam Conrad <adconrad@ubuntu.com> Mon, 17 Mar 2014 12:50:18 -0600
1189+
1190+openldap (2.4.31-1+nmu2ubuntu7) trusty; urgency=medium
1191+
1192+ * Disable mdb backend on ppc64el due to test-suite failures.
1193+
1194+ -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 17 Mar 2014 16:32:29 +0000
1195+
1196+openldap (2.4.31-1+nmu2ubuntu6) trusty; urgency=low
1197+
1198+ * Fix segfault issue with master-master syncrepl (LP: #1287730):
1199+ - d/patches/its-7354-fix-delta-sync-mmr.diff: Cherry picked
1200+ patch from upstream VCS.
1201+
1202+ -- Pierre Fersing <pfersing@sierrawireless.com> Tue, 04 Mar 2014 16:04:57 +0100
1203+
1204+openldap (2.4.31-1+nmu2ubuntu5) trusty; urgency=low
1205+
1206+ * Build-depend on libdb5.3-dev, instead of libdb5.1-dev.
1207+
1208+ -- Dmitrijs Ledkovs <xnox@ubuntu.com> Mon, 04 Nov 2013 08:04:30 +0000
1209+
1210+openldap (2.4.31-1+nmu2ubuntu4) trusty; urgency=low
1211+
1212+ * Rebuild for Perl 5.18.
1213+
1214+ -- Colin Watson <cjwatson@ubuntu.com> Tue, 22 Oct 2013 12:16:39 +0100
1215+
1216+openldap (2.4.31-1+nmu2ubuntu3) saucy; urgency=low
1217+
1218+ * Update build/config.guess and build/config.sub at build time; this was
1219+ not done automatically because the top-level configure.in does not use
1220+ Automake.
1221+
1222+ -- Colin Watson <cjwatson@ubuntu.com> Tue, 08 Oct 2013 17:24:59 +0100
1223+
1224+openldap (2.4.31-1+nmu2ubuntu2) saucy; urgency=low
1225+
1226+ * debian/control: added lsb-release
1227+ * debian/patches/fix-ldap-distribution.patch: show distribution in version
1228+
1229+ -- Yolanda Robla <yolanda.robla@canonical.com> Mon, 08 Jul 2013 16:53:09 +0200
1230+
1231+openldap (2.4.31-1+nmu2ubuntu1) saucy; urgency=low
1232+
1233+ * Merge from Debian unstable. Remaining changes:
1234+ - Enable AppArmor support:
1235+ - d/apparmor-profile: add AppArmor profile
1236+ - d/rules: use dh_apparmor
1237+ - d/control: Build-Depends on dh-apparmor
1238+ - d/slapd.README.Debian: add note about AppArmor
1239+ - d/slapd.dirs: add etc/apparmor.d/force-complain
1240+ - Enable GSSAPI support:
1241+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1242+ - Add --with-gssapi support
1243+ - Make guess_service_principal() more robust when determining
1244+ principal
1245+ - d/configure.options: Configure with --with-gssapi
1246+ - d/control: Added libkrb5-dev as a build depend
1247+ - Enable ufw support:
1248+ - d/control: suggest ufw.
1249+ - d/rules: install ufw profile.
1250+ - d/slapd.ufw.profile: add ufw profile.
1251+ - Enable nss overlay:
1252+ - d/{patches/nssov-build,/rules}: Apply, build and package the
1253+ nss overlay.
1254+ - d/{rules,slapd.py}: Add apport hook.
1255+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1256+ either the default DIT nor via an Authn mapping.
1257+ - d/slapd.scripts-common:
1258+ - add slapcat_opts to local variables.
1259+ - Remove unused variable new_conf.
1260+ - Fix backup directory naming for multiple reconfiguration.
1261+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1262+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1263+ in the openldap library, as required by Likewise-Open
1264+ - d/{control,rules}: enable PIE hardening
1265+
1266+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 30 May 2013 13:03:25 -0400
1267+
1268+openldap (2.4.31-1+nmu2) unstable; urgency=high
1269+
1270+ * Non-maintainer upload.
1271+ * No-change rebuild in a clean environment
1272+
1273+ -- Jonathan Wiltshire <jmw@debian.org> Tue, 23 Apr 2013 13:10:00 +0100
1274+
1275+openldap (2.4.31-1+nmu1) unstable; urgency=medium
1276+
1277+ * Non-maintainer upload.
1278+ * Avoid deadlocks in back-bdb that truncate slapcat output (closes: #673038).
1279+
1280+ -- Michael Gilbert <mgilbert@debian.org> Tue, 16 Apr 2013 03:35:31 +0000
1281+
1282+openldap (2.4.31-1ubuntu2) quantal-proposed; urgency=low
1283+
1284+ * debian/slapd.py: Add AppArmor info and logs to apport hook.
1285+
1286+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 20 Aug 2012 08:46:02 -0400
1287+
1288+openldap (2.4.31-1ubuntu1) quantal; urgency=low
1289+
1290+ * Merge from Debian unstable. Remaining changes:
1291+ - Enable AppArmor support:
1292+ - d/apparmor-profile: add AppArmor profile
1293+ - d/rules: use dh_apparmor
1294+ - d/control: Build-Depends on dh-apparmor
1295+ - d/slapd.README.Debian: add note about AppArmor
1296+ - d/slapd.dirs: add etc/apparmor.d/force-complain
1297+ - Enable GSSAPI support (LP: #495418):
1298+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1299+ - Add --with-gssapi support
1300+ - Make guess_service_principal() more robust when determining
1301+ principal
1302+ - d/configure.options: Configure with --with-gssapi
1303+ - d/control: Added libkrb5-dev as a build depend
1304+ - Enable ufw support (LP: #423246):
1305+ - d/control: suggest ufw.
1306+ - d/rules: install ufw profile.
1307+ - d/slapd.ufw.profile: add ufw profile.
1308+ - Enable nss overlay (LP: #675391):
1309+ - d/{patches/nssov-build,/rules}: Apply, build and package the
1310+ nss overlay.
1311+ - d/{rules,slapd.py}: Add apport hook. (LP: #610544)
1312+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1313+ either the default DIT nor via an Authn mapping.
1314+ - d/slapd.scripts-common:
1315+ - add slapcat_opts to local variables.
1316+ - Remove unused variable new_conf.
1317+ - Fix backup directory naming for multiple reconfiguration.
1318+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1319+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1320+ in the openldap library, as required by Likewise-Open (LP: #390579)
1321+ - d/{control,rules}: enable PIE hardening
1322+ * Dropped changes:
1323+ - d/patches/its-7107-fix-Operation-init-on-reuse.diff: Included in upstream release.
1324+ - d/patches/CVE-2011-4079: Included in upstream release.
1325+ - d/patches/service-operational-before-detach: Included in upstream release.
1326+ - d/schema/extra/misc.ldif: Included upstream.
1327+ - d/{rules,schema/extra}: Fix configure and clean rules to support
1328+ extra schemas shipped as part of the debian/schema/ directory; no longer required.
1329+ - Included in Debian:
1330+ + Document cn=config in README file.
1331+ + Install a default DIT; actually a minimal configuration.
1332+ + d/patches/heimdal-fix.
1333+ * General tidy of d/patches to remove obsolete patches being held in Ubuntu delta.
1334+
1335+ -- James Page <james.page@ubuntu.com> Fri, 20 Jul 2012 13:48:32 +0100
1336+
1337 openldap (2.4.31-1) unstable; urgency=low
1338
1339 * New upstream release.
1340@@ -659,6 +1805,121 @@ openldap (2.4.31-1) unstable; urgency=low
1341
1342 -- Steve Langasek <vorlon@debian.org> Wed, 27 Jun 2012 03:27:34 +0000
1343
1344+openldap (2.4.28-1.1ubuntu6) quantal; urgency=low
1345+
1346+ * Fix issue with intermittent connection issues when using LDAPv3
1347+ protocol (LP: #1023025):
1348+ - d/patches/its-7107-fix-Operation-init-on-reuse.diff: Cherry picked
1349+ patch from upstream VCS which ensures objects are initialized before
1350+ re-use.
1351+
1352+ -- Pierre Fersing <pfersing@sierrawireless.com> Thu, 19 Jul 2012 14:05:09 +0100
1353+
1354+openldap (2.4.28-1.1ubuntu5) quantal; urgency=low
1355+
1356+ * debian/rules: Add smbk5pwd build.
1357+ * debian/control: Add slapd-smbk5pwd binary package.
1358+ * debian/patches/heimdal-fix: adapt parameters of
1359+ hdb_generate_key_set_password() to heimdal 1.6~git20120311
1360+ (patch from Debian #664930).
1361+
1362+ -- Jorge Salamero Sanz <bencer@debian.org> Wed, 18 Jul 2012 09:30:28 -0400
1363+
1364+openldap (2.4.28-1.1ubuntu4) precise; urgency=low
1365+
1366+ * debian/control: Build-Depends on dh-apparmor (LP: #948481)
1367+
1368+ -- Jamie Strandboge <jamie@ubuntu.com> Thu, 05 Apr 2012 09:34:37 -0500
1369+
1370+openldap (2.4.28-1.1ubuntu3) precise; urgency=low
1371+
1372+ * Add its-7176-only-poll-sockets-for-write-as-needed.diff
1373+ (LP: #932823).
1374+
1375+ -- Timo Aaltonen <tjaalton@ubuntu.com> Tue, 21 Feb 2012 15:36:29 +0200
1376+
1377+openldap (2.4.28-1.1ubuntu2) precise; urgency=low
1378+
1379+ * Remove debian/patches/CVE-2011-4079; it's already in this upstream
1380+ version. Fixes FTBFS.
1381+
1382+ -- Daniel T Chen <crimsun@ubuntu.com> Wed, 25 Jan 2012 17:26:17 -0500
1383+
1384+openldap (2.4.28-1.1ubuntu1) precise; urgency=low
1385+
1386+ * Merge from Debian testing. Remaining changes:
1387+ - Install a default DIT (LP: #442498).
1388+ - Document cn=config in README file (LP: #370784).
1389+ - remaining changes:
1390+ + AppArmor support:
1391+ - debian/apparmor-profile: add AppArmor profile
1392+ - use dh_apparmor:
1393+ - debian/rules: use dh_apparmor
1394+ - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
1395+ - updated debian/slapd.README.Debian for note on AppArmor
1396+ - debian/slapd.dirs: add etc/apparmor.d/force-complain
1397+ + Enable GSSAPI support (LP: #495418):
1398+ - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1399+ - Add --with-gssapi support
1400+ - Make guess_service_principal() more robust when determining
1401+ principal
1402+ - debian/patches/series: apply gssapi.diff patch.
1403+ - debian/configure.options: Configure with --with-gssapi
1404+ - debian/control: Added libkrb5-dev as a build depend
1405+ + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1406+ in the openldap library, as required by Likewise-Open (LP: #390579)
1407+ + Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
1408+ - debian/control:
1409+ - remove build-dependency on heimdal-dev.
1410+ - remove slapd-smbk5pwd binary package.
1411+ - debian/rules: don't build smbk5pwd slapd module.
1412+ + debian/{control,rules}: enable PIE hardening
1413+ + ufw support (LP: #423246):
1414+ - debian/control: suggest ufw.
1415+ - debian/rules: install ufw profile.
1416+ - debian/slapd.ufw.profile: add ufw profile.
1417+ + Enable nssoverlay:
1418+ - debian/patches/nssov-build, debian/series, debian/rules:
1419+ Apply, build and package the nss overlay.
1420+ - debian/schema/extra/misc.ldif: add ldif file for the misc schema
1421+ which defines rfc822MailMember (required by the nss overlay).
1422+ + debian/rules, debian/schema/extra/:
1423+ Fix configure rule to supports extra schemas shipped as part
1424+ of the debian/schema/ directory.
1425+ + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
1426+ + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
1427+ neither the default DIT nor via an Authn mapping.
1428+ + debian/slapd.scripts-common: adjust minimum version that triggers a
1429+ database upgrade. Upgrade from maverick shouldn't trigger database
1430+ upgrade (which would happen with the version used in Debian).
1431+ + debian/slapd.scripts-common: add slapcat_opts to local variables.
1432+ Remove unused variable new_conf.
1433+ + debian/slapd.script-common: Fix package reconfiguration.
1434+ - Fix backup directory naming for multiple reconfiguration.
1435+ + debian/slapd.default, debian/slapd.README.Debian:
1436+ use the new configuration style.
1437+ + Install nss overlay (LP: #675391):
1438+ - debian/rules: run install target for nssov module.
1439+ - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema
1440+ + debian/patches/gssapi.diff:
1441+ - Update patch so that likewise-open is usuable again. (LP: #661547)
1442+ + debian/patches/service-operational-before-detach: New patch replacing old one
1443+ of the same name as previous could cause database corruption based on upstream commits.
1444+ (LP: #727973)
1445+ + debian/patches/CVE-2011-4079: fix off by one error in postalAddressNormalize()
1446+ (CVE-2011-4079)
1447+
1448+
1449+ -- Chuck Short <zulcss@ubuntu.com> Mon, 23 Jan 2012 10:01:13 -0500
1450+
1451+openldap (2.4.28-1.1) unstable; urgency=low
1452+
1453+ * Non-maintainer upload.
1454+ * Disable the mdb backend on non-Linux, it looks like it doesn't work with
1455+ linuxthreads (closes: #654824).
1456+
1457+ -- Julien Cristau <jcristau@debian.org> Mon, 16 Jan 2012 19:45:42 +0100
1458+
1459 openldap (2.4.28-1) unstable; urgency=low
1460
1461 * New upstream release.
1462@@ -686,6 +1947,72 @@ openldap (2.4.28-1) unstable; urgency=low
1463
1464 -- Steve Langasek <vorlon@debian.org> Thu, 05 Jan 2012 06:07:11 +0000
1465
1466+openldap (2.4.25-4ubuntu1) precise; urgency=low
1467+
1468+ * Merge from Debian testing. Remaining changes:
1469+ - Install a default DIT (LP: #442498).
1470+ - Document cn=config in README file (LP: #370784).
1471+ - remaining changes:
1472+ + AppArmor support:
1473+ - debian/apparmor-profile: add AppArmor profile
1474+ - use dh_apparmor:
1475+ - debian/rules: use dh_apparmor
1476+ - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
1477+ - updated debian/slapd.README.Debian for note on AppArmor
1478+ - debian/slapd.dirs: add etc/apparmor.d/force-complain
1479+ + Enable GSSAPI support (LP: #495418):
1480+ - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1481+ - Add --with-gssapi support
1482+ - Make guess_service_principal() more robust when determining
1483+ principal
1484+ - debian/patches/series: apply gssapi.diff patch.
1485+ - debian/configure.options: Configure with --with-gssapi
1486+ - debian/control: Added libkrb5-dev as a build depend
1487+ + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1488+ in the openldap library, as required by Likewise-Open (LP: #390579)
1489+ + Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
1490+ - debian/control:
1491+ - remove build-dependency on heimdal-dev.
1492+ - remove slapd-smbk5pwd binary package.
1493+ - debian/rules: don't build smbk5pwd slapd module.
1494+ + debian/{control,rules}: enable PIE hardening
1495+ + ufw support (LP: #423246):
1496+ - debian/control: suggest ufw.
1497+ - debian/rules: install ufw profile.
1498+ - debian/slapd.ufw.profile: add ufw profile.
1499+ + Enable nssoverlay:
1500+ - debian/patches/nssov-build, debian/series, debian/rules:
1501+ Apply, build and package the nss overlay.
1502+ - debian/schema/extra/misc.ldif: add ldif file for the misc schema
1503+ which defines rfc822MailMember (required by the nss overlay).
1504+ + debian/rules, debian/schema/extra/:
1505+ Fix configure rule to supports extra schemas shipped as part
1506+ of the debian/schema/ directory.
1507+ + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
1508+ + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
1509+ neither the default DIT nor via an Authn mapping.
1510+ + debian/slapd.scripts-common: adjust minimum version that triggers a
1511+ database upgrade. Upgrade from maverick shouldn't trigger database
1512+ upgrade (which would happen with the version used in Debian).
1513+ + debian/slapd.scripts-common: add slapcat_opts to local variables.
1514+ Remove unused variable new_conf.
1515+ + debian/slapd.script-common: Fix package reconfiguration.
1516+ - Fix backup directory naming for multiple reconfiguration.
1517+ + debian/slapd.default, debian/slapd.README.Debian:
1518+ use the new configuration style.
1519+ + Install nss overlay (LP: #675391):
1520+ - debian/rules: run install target for nssov module.
1521+ - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema
1522+ + debian/patches/gssapi.diff:
1523+ - Update patch so that likewise-open is usuable again. (LP: #661547)
1524+ + debian/patches/service-operational-before-detach: New patch replacing old one
1525+ of the same name as previous could cause database corruption based on upstream commits.
1526+ (LP: #727973)
1527+ + debian/patches/CVE-2011-4079: fix off by one error in postalAddressNormalize()
1528+ (CVE-2011-4079)
1529+
1530+ -- Chuck Short <zulcss@ubuntu.com> Tue, 22 Nov 2011 06:17:49 +0000
1531+
1532 openldap (2.4.25-4) unstable; urgency=low
1533
1534 * Drop explicit depends on libdb4.8, since we're now linking against
1535@@ -719,6 +2046,85 @@ openldap (2.4.25-4) unstable; urgency=low
1536
1537 -- Steve Langasek <vorlon@debian.org> Tue, 18 Oct 2011 01:08:34 +0000
1538
1539+openldap (2.4.25-3ubuntu3) precise; urgency=low
1540+
1541+ * Rebuild for Perl 5.14.
1542+
1543+ -- Colin Watson <cjwatson@ubuntu.com> Tue, 15 Nov 2011 20:50:09 +0000
1544+
1545+openldap (2.4.25-3ubuntu2) precise; urgency=low
1546+
1547+ * SECURITY UPDATE: potential denial of service (LP: #884163)
1548+ - debian/patches/CVE-2011-4079: fix off by one error in
1549+ postalAddressNormalize()
1550+ - CVE-2011-4079
1551+
1552+ -- Jamie Strandboge <jamie@ubuntu.com> Mon, 14 Nov 2011 13:59:56 -0600
1553+
1554+openldap (2.4.25-3ubuntu1) precise; urgency=low
1555+
1556+ * Merge from debian unstable. Remaining changes:
1557+ - Install a default DIT (LP: #442498).
1558+ - Document cn=config in README file (LP: #370784).
1559+ - remaining changes:
1560+ + AppArmor support:
1561+ - debian/apparmor-profile: add AppArmor profile
1562+ - use dh_apparmor:
1563+ - debian/rules: use dh_apparmor
1564+ - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
1565+ - updated debian/slapd.README.Debian for note on AppArmor
1566+ - debian/slapd.dirs: add etc/apparmor.d/force-complain
1567+ + Enable GSSAPI support (LP: #495418):
1568+ - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1569+ - Add --with-gssapi support
1570+ - Make guess_service_principal() more robust when determining
1571+ principal
1572+ - debian/patches/series: apply gssapi.diff patch.
1573+ - debian/configure.options: Configure with --with-gssapi
1574+ - debian/control: Added libkrb5-dev as a build depend
1575+ + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1576+ in the openldap library, as required by Likewise-Open (LP: #390579)
1577+ + Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
1578+ - debian/control:
1579+ - remove build-dependency on heimdal-dev.
1580+ - remove slapd-smbk5pwd binary package.
1581+ - debian/rules: don't build smbk5pwd slapd module.
1582+ + debian/{control,rules}: enable PIE hardening
1583+ + ufw support (LP: #423246):
1584+ - debian/control: suggest ufw.
1585+ - debian/rules: install ufw profile.
1586+ - debian/slapd.ufw.profile: add ufw profile.
1587+ + Enable nssoverlay:
1588+ - debian/patches/nssov-build, debian/series, debian/rules:
1589+ Apply, build and package the nss overlay.
1590+ - debian/schema/extra/misc.ldif: add ldif file for the misc schema
1591+ which defines rfc822MailMember (required by the nss overlay).
1592+ + debian/rules, debian/schema/extra/:
1593+ Fix configure rule to supports extra schemas shipped as part
1594+ of the debian/schema/ directory.
1595+ + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
1596+ + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
1597+ neither the default DIT nor via an Authn mapping.
1598+ + debian/slapd.scripts-common: adjust minimum version that triggers a
1599+ database upgrade. Upgrade from maverick shouldn't trigger database
1600+ upgrade (which would happen with the version used in Debian).
1601+ + debian/slapd.scripts-common: add slapcat_opts to local variables.
1602+ Remove unused variable new_conf.
1603+ + debian/slapd.script-common: Fix package reconfiguration.
1604+ - Fix backup directory naming for multiple reconfiguration.
1605+ + debian/slapd.default, debian/slapd.README.Debian:
1606+ use the new configuration style.
1607+ + Install nss overlay (LP: #675391):
1608+ - debian/rules: run install target for nssov module.
1609+ - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema
1610+ + debian/patches/gssapi.diff:
1611+ - Update patch so that likewise-open is usuable again. (LP: #661547)
1612+ + debian/patches/service-operational-before-detach: New patch replacing old one
1613+ of the same name as previous could cause database corruption based on upstream commits.
1614+ (LP: #727973)
1615+
1616+ -- Chuck Short <zulcss@ubuntu.com> Wed, 19 Oct 2011 20:53:08 +0000
1617+
1618 openldap (2.4.25-3) unstable; urgency=low
1619
1620 * Brown paper bag: really fix the .links.in handling, so we don't generate
1621@@ -741,6 +2147,92 @@ openldap (2.4.25-2) unstable; urgency=low
1622
1623 -- Steve Langasek <vorlon@debian.org> Sun, 14 Aug 2011 23:17:09 -0700
1624
1625+openldap (2.4.25-1.1ubuntu4) oneiric; urgency=low
1626+
1627+ * Brown paper bag: really fix the .links.in handling, so we don't generate
1628+ broken /usr/lib/${DEB_HOST_MULTIARCH} dirs.
1629+
1630+ -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 15 Aug 2011 09:43:29 +0000
1631+
1632+openldap (2.4.25-1.1ubuntu3) oneiric; urgency=low
1633+
1634+ * Cherry-pick multiarch support from Debian (LP: #826601):
1635+ - Bump to compat level 7, so we don't have to spell out debian/tmp in
1636+ every single .install file
1637+ - Build for multiarch.
1638+
1639+ -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 15 Aug 2011 02:23:43 -0700
1640+
1641+openldap (2.4.25-1.1ubuntu2) oneiric; urgency=low
1642+
1643+ * debian/apparmor-profile: Allow /var/run and /run. (LP: #810270)
1644+
1645+ -- Martin Pitt <martin.pitt@ubuntu.com> Thu, 14 Jul 2011 15:18:02 +0200
1646+
1647+openldap (2.4.25-1.1ubuntu1) oneiric; urgency=low
1648+
1649+ * Merge from debian unstable. Remaining changes:
1650+ - Install a default DIT (LP: #442498).
1651+ - Document cn=config in README file (LP: #370784).
1652+ - remaining changes:
1653+ + AppArmor support:
1654+ - debian/apparmor-profile: add AppArmor profile
1655+ - use dh_apparmor:
1656+ - debian/rules: use dh_apparmor
1657+ - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
1658+ - updated debian/slapd.README.Debian for note on AppArmor
1659+ - debian/slapd.dirs: add etc/apparmor.d/force-complain
1660+ + Enable GSSAPI support (LP: #495418):
1661+ - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1662+ - Add --with-gssapi support
1663+ - Make guess_service_principal() more robust when determining
1664+ principal
1665+ - debian/patches/series: apply gssapi.diff patch.
1666+ - debian/configure.options: Configure with --with-gssapi
1667+ - debian/control: Added libkrb5-dev as a build depend
1668+ + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1669+ in the openldap library, as required by Likewise-Open (LP: #390579)
1670+ + Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
1671+ - debian/control:
1672+ - remove build-dependency on heimdal-dev.
1673+ - remove slapd-smbk5pwd binary package.
1674+ - debian/rules: don't build smbk5pwd slapd module.
1675+ + debian/{control,rules}: enable PIE hardening
1676+ + ufw support (LP: #423246):
1677+ - debian/control: suggest ufw.
1678+ - debian/rules: install ufw profile.
1679+ - debian/slapd.ufw.profile: add ufw profile.
1680+ + Enable nssoverlay:
1681+ - debian/patches/nssov-build, debian/series, debian/rules:
1682+ Apply, build and package the nss overlay.
1683+ - debian/schema/extra/misc.ldif: add ldif file for the misc schema
1684+ which defines rfc822MailMember (required by the nss overlay).
1685+ + debian/rules, debian/schema/extra/:
1686+ Fix configure rule to supports extra schemas shipped as part
1687+ of the debian/schema/ directory.
1688+ + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
1689+ + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
1690+ neither the default DIT nor via an Authn mapping.
1691+ + debian/slapd.scripts-common: adjust minimum version that triggers a
1692+ database upgrade. Upgrade from maverick shouldn't trigger database
1693+ upgrade (which would happen with the version used in Debian).
1694+ + debian/slapd.scripts-common: add slapcat_opts to local variables.
1695+ Remove unused variable new_conf.
1696+ + debian/slapd.script-common: Fix package reconfiguration.
1697+ - Fix backup directory naming for multiple reconfiguration.
1698+ + debian/slapd.default, debian/slapd.README.Debian:
1699+ use the new configuration style.
1700+ + Install nss overlay (LP: #675391):
1701+ - debian/rules: run install target for nssov module.
1702+ - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema
1703+ + debian/patches/gssapi.diff:
1704+ - Update patch so that likewise-open is usuable again. (LP: #661547)
1705+ + debian/patches/service-operational-before-detach: New patch replacing old one
1706+ of the same name as previous could cause database corruption based on upstream commits.
1707+ (LP: #727973)
1708+
1709+ -- Chuck Short <zulcss@ubuntu.com> Sun, 05 Jun 2011 17:38:40 +0100
1710+
1711 openldap (2.4.25-1.1) unstable; urgency=low
1712
1713 * Non-maintainer upload to fix RC bug.
1714@@ -748,6 +2240,75 @@ openldap (2.4.25-1.1) unstable; urgency=low
1715
1716 -- Thijs Kinkhorst <thijs@debian.org> Tue, 31 May 2011 11:57:29 +0200
1717
1718+openldap (2.4.25-1ubuntu1) oneiric; urgency=low
1719+
1720+ * Merge from debian unstable. Remaining changes:
1721+ - Install a default DIT (LP: #442498).
1722+ - Document cn=config in README file (LP: #370784).
1723+ - remaining changes:
1724+ + AppArmor support:
1725+ - debian/apparmor-profile: add AppArmor profile
1726+ - use dh_apparmor:
1727+ - debian/rules: use dh_apparmor
1728+ - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
1729+ - updated debian/slapd.README.Debian for note on AppArmor
1730+ - debian/slapd.dirs: add etc/apparmor.d/force-complain
1731+ + Enable GSSAPI support (LP: #495418):
1732+ - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1733+ - Add --with-gssapi support
1734+ - Make guess_service_principal() more robust when determining
1735+ principal
1736+ - debian/patches/series: apply gssapi.diff patch.
1737+ - debian/configure.options: Configure with --with-gssapi
1738+ - debian/control: Added libkrb5-dev as a build depend
1739+ + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1740+ in the openldap library, as required by Likewise-Open (LP: #390579)
1741+ + Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
1742+ - debian/control:
1743+ - remove build-dependency on heimdal-dev.
1744+ - remove slapd-smbk5pwd binary package.
1745+ - debian/rules: don't build smbk5pwd slapd module.
1746+ + debian/{control,rules}: enable PIE hardening
1747+ + ufw support (LP: #423246):
1748+ - debian/control: suggest ufw.
1749+ - debian/rules: install ufw profile.
1750+ - debian/slapd.ufw.profile: add ufw profile.
1751+ + Enable nssoverlay:
1752+ - debian/patches/nssov-build, debian/series, debian/rules:
1753+ Apply, build and package the nss overlay.
1754+ - debian/schema/extra/misc.ldif: add ldif file for the misc schema
1755+ which defines rfc822MailMember (required by the nss overlay).
1756+ + debian/rules, debian/schema/extra/:
1757+ Fix configure rule to supports extra schemas shipped as part
1758+ of the debian/schema/ directory.
1759+ + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
1760+ + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
1761+ neither the default DIT nor via an Authn mapping.
1762+ + debian/slapd.scripts-common: adjust minimum version that triggers a
1763+ database upgrade. Upgrade from maverick shouldn't trigger database
1764+ upgrade (which would happen with the version used in Debian).
1765+ + debian/slapd.scripts-common: add slapcat_opts to local variables.
1766+ Remove unused variable new_conf.
1767+ + debian/slapd.script-common: Fix package reconfiguration.
1768+ - Fix backup directory naming for multiple reconfiguration.
1769+ + debian/slapd.default, debian/slapd.README.Debian:
1770+ use the new configuration style.
1771+ + Install nss overlay (LP: #675391):
1772+ - debian/rules: run install target for nssov module.
1773+ - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema
1774+ + debian/patches/gssapi.diff:
1775+ - Update patch so that likewise-open is usuable again. (LP: #661547)
1776+ + debian/patches/service-operational-before-detach: New patch replacing old one
1777+ of the same name as previous could cause database corruption based on upstream commits.
1778+ (LP: #727973)
1779+ + Dropped:
1780+ - debian/patches/gold: Use the debian version instead
1781+ - debian/patches/CVE-2011-1024: Fixed upstream
1782+ - debian/patches/CVE-2011-1025: Fixed upstream
1783+ - debian/patches/CVE-2011-1081: Fixed upstream
1784+
1785+ -- Chuck Short <zulcss@ubuntu.com> Sun, 08 May 2011 16:34:09 +0100
1786+
1787 openldap (2.4.25-1) unstable; urgency=low
1788
1789 * New upstream version (Closes: #617606, #618904, #606815, #608813)
1790@@ -779,6 +2340,116 @@ openldap (2.4.23-7) unstable; urgency=low
1791
1792 -- Matthijs Mohlmann <matthijs@cacholong.nl> Sat, 06 Nov 2010 12:13:01 +0100
1793
1794+openldap (2.4.23-6ubuntu7) oneiric; urgency=low
1795+
1796+ * Rebuild for Perl 5.12.
1797+
1798+ -- Colin Watson <cjwatson@ubuntu.com> Sun, 08 May 2011 13:40:28 +0100
1799+
1800+openldap (2.4.23-6ubuntu6) natty; urgency=low
1801+
1802+ * SECURITY UPDATE: fix successful anonymous bind via chain overlay when
1803+ using forwarded authentication failures
1804+ - debian/patches/CVE-2011-1024
1805+ - CVE-2011-1024
1806+ * SECURITY UPDATE: verify password when authenticating to rootdn and using ndb
1807+ backend. Note: Ubuntu is not compiled with --enable-ndb by default
1808+ - debian/patches/CVE-2011-1025
1809+ - CVE-2011-1025
1810+ * SECURITY UPDATE: fix DoS when processing unauthenticated modrdn requests
1811+ and requestDN is empty
1812+ - debian/patches/CVE-2011-1081
1813+ - CVE-2011-1081
1814+ - LP: #742104
1815+
1816+ -- Jamie Strandboge <jamie@ubuntu.com> Thu, 07 Apr 2011 11:36:53 -0500
1817+
1818+openldap (2.4.23-6ubuntu5) natty; urgency=low
1819+
1820+ * debian/patches/service-operational-before-detach: New patch replacing
1821+ old one of same name as previous could cause database corruption,
1822+ based on upstream commits. (LP: #727973)
1823+
1824+ -- Dave Walker (Daviey) <DaveWalker@ubuntu.com> Wed, 02 Mar 2011 20:33:08 +0000
1825+
1826+openldap (2.4.23-6ubuntu4) natty; urgency=low
1827+
1828+ * Fix FTBFS with ld.gold.
1829+
1830+ -- Matthias Klose <doko@ubuntu.com> Wed, 19 Jan 2011 07:39:49 +0100
1831+
1832+openldap (2.4.23-6ubuntu3) natty; urgency=low
1833+
1834+ * debian/patches/gssapi.diff:
1835+ Update patch so that likewise-open is usable again (LP: #661547)
1836+
1837+ -- Thierry Carrez (ttx) <thierry.carrez@ubuntu.com> Fri, 26 Nov 2010 15:50:11 +0100
1838+
1839+openldap (2.4.23-6ubuntu2) natty; urgency=low
1840+
1841+ * Install nss overlay (LP: #675391):
1842+ - debian/rules: run install target for nssov module.
1843+ - debian/patches/nssov-build: fix patch to install schema in
1844+ /etc/ldap/schema.
1845+
1846+ -- Mathias Gug <mathiaz@ubuntu.com> Wed, 17 Nov 2010 18:16:42 -0500
1847+
1848+openldap (2.4.23-6ubuntu1) natty; urgency=low
1849+
1850+ * Merge from Debian unstable:
1851+ - Install a default DIT (LP: #442498).
1852+ - Document cn=config in README file (LP: #370784).
1853+ - remaining changes:
1854+ + AppArmor support:
1855+ - debian/apparmor-profile: add AppArmor profile
1856+ - use dh_apparmor:
1857+ - debian/rules: use dh_apparmor
1858+ - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
1859+ - updated debian/slapd.README.Debian for note on AppArmor
1860+ - debian/slapd.dirs: add etc/apparmor.d/force-complain
1861+ + Enable GSSAPI support (LP: #495418):
1862+ - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1863+ - Add --with-gssapi support
1864+ - Make guess_service_principal() more robust when determining
1865+ principal
1866+ - debian/patches/series: apply gssapi.diff patch.
1867+ - debian/configure.options: Configure with --with-gssapi
1868+ - debian/control: Added libkrb5-dev as a build depend
1869+ + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1870+ in the openldap library, as required by Likewise-Open (LP: #390579)
1871+ + Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
1872+ - debian/control:
1873+ - remove build-dependency on heimdal-dev.
1874+ - remove slapd-smbk5pwd binary package.
1875+ - debian/rules: don't build smbk5pwd slapd module.
1876+ + debian/{control,rules}: enable PIE hardening
1877+ + ufw support (LP: #423246):
1878+ - debian/control: suggest ufw.
1879+ - debian/rules: install ufw profile.
1880+ - debian/slapd.ufw.profile: add ufw profile.
1881+ + Enable nssoverlay:
1882+ - debian/patches/nssov-build, debian/series, debian/rules:
1883+ Apply, build and package the nss overlay.
1884+ - debian/schema/extra/misc.ldif: add ldif file for the misc schema
1885+ which defines rfc822MailMember (required by the nss overlay).
1886+ + debian/rules, debian/schema/extra/:
1887+ Fix configure rule to supports extra schemas shipped as part
1888+ of the debian/schema/ directory.
1889+ + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
1890+ + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
1891+ neither the default DIT nor via an Authn mapping.
1892+ + debian/slapd.scripts-common: adjust minimum version that triggers a
1893+ database upgrade. Upgrade from maverick shouldn't trigger database
1894+ upgrade (which would happen with the version used in Debian).
1895+ + debian/slapd.scripts-common: add slapcat_opts to local variables.
1896+ Remove unused variable new_conf.
1897+ + debian/slapd.script-common: Fix package reconfiguration.
1898+ - Fix backup directory naming for multiple reconfiguration.
1899+ + debian/slapd.default, debian/slapd.README.Debian:
1900+ use the new configuration style.
1901+
1902+ -- Mathias Gug <mathiaz@ubuntu.com> Fri, 12 Nov 2010 15:19:07 -0500
1903+
1904 openldap (2.4.23-6) unstable; urgency=high
1905
1906 * Check for an empty directory to prevent an rm -f /*. (Closes: #597704)
1907@@ -901,6 +2572,80 @@ openldap (2.4.23-1) unstable; urgency=low
1908
1909 -- Matthijs Mohlmann <matthijs@cacholong.nl> Mon, 12 Jul 2010 13:25:00 +0200
1910
1911+openldap (2.4.23-0ubuntu4) natty; urgency=low
1912+
1913+ * debian/slapd.templates: amended typo in slapd/move_old_database
1914+ (LP: #666028)
1915+
1916+ -- James Page <james.page@canonical.com> Mon, 08 Nov 2010 10:00:58 +0000
1917+
1918+openldap (2.4.23-0ubuntu3.2) maverick-proposed; urgency=low
1919+
1920+ * debian/slapd.templates: re-add slapd/move_old_database template as it's
1921+ used during the package upgrade. Thanks to James Page for pointing it.
1922+ * debian/slapd.config: restore debconf question slapd/move_old_database.
1923+
1924+ -- Mathias Gug <mathiaz@ubuntu.com> Thu, 14 Oct 2010 16:56:38 -0400
1925+
1926+openldap (2.4.23-0ubuntu3.1) maverick-proposed; urgency=low
1927+
1928+ [ James Page ]
1929+ * Fixed install/upgrade process to dump/restore databases due
1930+ to uplift to libdb4.8-dev (LP: #658227)
1931+
1932+ -- Mathias Gug <mathiaz@ubuntu.com> Thu, 14 Oct 2010 14:50:49 -0400
1933+
1934+openldap (2.4.23-0ubuntu3) maverick; urgency=low
1935+
1936+ * debian/rules: move dh_apparmor before dh_installinit
1937+
1938+ -- Jamie Strandboge <jamie@ubuntu.com> Fri, 06 Aug 2010 17:34:21 -0500
1939+
1940+openldap (2.4.23-0ubuntu2) maverick; urgency=low
1941+
1942+ * convert to using dh_apparmor:
1943+ - debian/rules, debian/slapd.post{inst,rm}: use dh_apparmor
1944+ - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
1945+ * debian/apparmor-profile: use local include
1946+
1947+ -- Jamie Strandboge <jamie@ubuntu.com> Fri, 06 Aug 2010 15:08:55 -0500
1948+
1949+openldap (2.4.23-0ubuntu1) maverick; urgency=low
1950+
1951+ * New release, features include:
1952+ + Fixed libldap to return server's error code (ITS#6569)
1953+ + Fixed libldap memleaks (ITS#6568)
1954+ + Fixed liblutil off-by-one with delta (ITS#6541)
1955+ + Fixed slapd acls with glued databases (ITS#6468)
1956+ + Fixed slapd syncrepl rid logging (ITS#6533)
1957+ + Fixed slapd modrdn handling of invalid values (ITS#6570)
1958+ + Fixed slapd-bdb hasSubordinates computation (ITS#6549)
1959+ + Fixed slapd-bdb to use memcpy instead for strcpy (ITS#6474)
1960+ + Fixed slapd-bdb entry cache delete failure (ITS#6577)
1961+ + Fixed slapd-ldap to return control responses (ITS#6530)
1962+ + Fixed slapo-ppolicy to use Debug (ITS#6566)
1963+ + Fixed slapo-refint to zero out freed DN vals (ITS#6572)
1964+ + Fixed slapo-rwm to use Debug (ITS#6566)
1965+ + Fixed slapo-sssvlv to use Debug (ITS#6566)
1966+ + Fixed slapo-syncprov lost deletes in refresh phase (ITS#6555)
1967+ + Fixed slapo-valsort to use Debug (ITS#6566)
1968+ + Fixed contrib/nssov network.c missing patch (ITS#6562)
1969+ + Fixed test043 attribute sorting (ITS#6553)
1970+ + slapd-config(5) note default rootdn (ITS#6546)
1971+ * Rebased patches debian/patches/dropped nssov-build
1972+ * Resynchronize with Debian:
1973+ + debian/control:
1974+ - Bump standards-version to 3.9.0
1975+ - Use libdb4.8-dev (LP: #572489)
1976+ + Added debian/patches/issue-6534-patch
1977+ + Added debian/patches/ldap-conf-tls-cacertdir
1978+ * Add ufw support, thanks to PatRiehecky (LP: #423246)
1979+
1980+ [Adam Sommer]
1981+ * debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
1982+
1983+ -- Chuck Short <zulcss@ubuntu.com> Wed, 28 Jul 2010 11:35:16 -0400
1984+
1985 openldap (2.4.21-1) unstable; urgency=low
1986
1987 [ Steve Langasek ]
1988@@ -932,6 +2677,79 @@ openldap (2.4.21-1) unstable; urgency=low
1989
1990 -- Matthijs Mohlmann <matthijs@cacholong.nl> Thu, 22 Apr 2010 23:40:30 +0200
1991
1992+openldap (2.4.21-0ubuntu5) lucid; urgency=low
1993+
1994+ * Fix local root connection access: replace olcAuthzRegexp mapping to
1995+ cn=localroot,cn=config with using the SASL dn directly in olcAccess.
1996+ Makes upgrades much simpler and robust (LP: #563829).
1997+
1998+ -- Mathias Gug <mathiaz@ubuntu.com> Fri, 23 Apr 2010 00:23:31 -0400
1999+
2000+openldap (2.4.21-0ubuntu4) lucid; urgency=low
2001+
2002+ [ Simon Olofsson ]
2003+ * debian/slapd.postinst:
2004+ - Show a message after successful migration (LP: #538848)
2005+
2006+ [ Jorgen Rosink ]
2007+ * debian/slapd.init: add simple status checking with LSB compatible exit
2008+ codes (LP: #562377)
2009+ * debian/slapd.init.ldif:
2010+ - remove admin user in default config database (LP: #556176)
2011+ - in default config, add olcAccess entries giving access to controls
2012+ available and cn=subschema (LP: #427842)
2013+
2014+ [ Scott Moser ]
2015+ * debian/slapd.scripts-common: Do not create /nonexistent directory
2016+ for openldap user's home (LP: #556176)
2017+ * debian/slapd.postinst: fix cn=config olcAccess migration (LP: #559070)
2018+
2019+ -- Scott Moser <smoser@ubuntu.com> Mon, 12 Apr 2010 16:16:47 -0400
2020+
2021+openldap (2.4.21-0ubuntu3) lucid; urgency=low
2022+
2023+ * debian/slapd.postinst, debian/slapd.scripts-common: Upgrade databases
2024+ before trying to convert to slapd.d, to avoid upgrade failure from hardy
2025+ (LP: #536958)
2026+ * debian/slapd.postinst: Add a {1} numeric index to olcAccess entry in
2027+ olcDatabase={0}config.ldif to avoid upgrade failures (LP: #538516, #526230)
2028+
2029+ -- Thierry Carrez <thierry.carrez@ubuntu.com> Mon, 29 Mar 2010 13:31:47 +0200
2030+
2031+openldap (2.4.21-0ubuntu2) lucid; urgency=low
2032+
2033+ * debian/apparmor-profile: Update apparmor profile. (LP: #508190)
2034+
2035+ -- Chuck Short <zulcss@ubuntu.com> Tue, 09 Mar 2010 13:33:35 -0500
2036+
2037+openldap (2.4.21-0ubuntu1) lucid; urgency=low
2038+
2039+ * New upstream release.
2040+ * debian/rules, debian/schema/extra/:
2041+ Fix get-orig-source rule to supports extra schemas shipped as part of the
2042+ debian/schema/ directory.
2043+
2044+ -- Mathias Gug <mathiaz@ubuntu.com> Thu, 18 Feb 2010 00:58:13 -0500
2045+
2046+openldap (2.4.18-0ubuntu2) lucid; urgency=low
2047+
2048+ * debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
2049+ - Add --with-gssapi support
2050+ - Make guess_service_principal() more robust when determining principal
2051+ * Enable GSSAPI support (LP: #495418):
2052+ - debian/configure.options: Configure with --with-gssapi
2053+ - debian/control: Added libkrb5-dev as a build depend
2054+
2055+ -- Thierry Carrez <thierry.carrez@ubuntu.com> Fri, 11 Dec 2009 11:31:11 +0100
2056+
2057+openldap (2.4.18-0ubuntu1) karmic; urgency=low
2058+
2059+ * New upstream release: (LP: #419515):
2060+ + pcache overlay supports disconnected mode.
2061+ * Fix nss overlay load (LP: #417163).
2062+
2063+ -- Mathias Gug <mathiaz@ubuntu.com> Mon, 07 Sep 2009 13:41:10 -0400
2064+
2065 openldap (2.4.17-2.1) unstable; urgency=high
2066
2067 * Non-maintainer upload by the Security Team.
2068@@ -958,6 +2776,108 @@ openldap (2.4.17-2) unstable; urgency=low
2069
2070 -- Steve Langasek <vorlon@debian.org> Tue, 22 Sep 2009 20:06:34 -0700
2071
2072+openldap (2.4.17-1ubuntu3) karmic; urgency=low
2073+
2074+ * Install a minimal slapd configuration instead of creating a default
2075+ database with a default DIT:
2076+ + Move openldap user home from /var/lib/ldap to /nonexistent.
2077+ + Remove all code and templates dealing with the default database and DIT
2078+ creation.
2079+ + Add an Authz map from root user (UID=0) to cn=localroot,cn=config and
2080+ grant all access to the latter in the cn=config database as well as the
2081+ default backend configuration.
2082+ * Add cn=localroot,cn=config authz mapping on upgrades.
2083+
2084+ -- Mathias Gug <mathiaz@ubuntu.com> Tue, 11 Aug 2009 14:48:56 -0400
2085+
2086+openldap (2.4.17-1ubuntu2) karmic; urgency=low
2087+
2088+ [ Thierry Carrez ]
2089+ * debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
2090+ in the openldap library, as required by Likewise-Open (LP: #390579)
2091+
2092+ [ Mathias Gug ]
2093+ * debian/patches/its6077-uniqueness-overlay: fixes some issues with the
2094+ uniqueness overlay.
2095+ * debian/patches/its6220-writetimeout-directive: fixes a problem with the
2096+ writetimeout directive being in effect even if it wasn't set,
2097+ closing connections incorrectly.
2098+ * debian/patches/its6222-dncachesize-parameter: fixes the behavior of the
2099+ dncachesize parameter that was added in RE24, so that if it is set to
2100+ "0" (now the default), it has an unlimited DN cache (RE23 always
2101+ had an unlimited DN cache).
2102+
2103+ -- Mathias Gug <mathiaz@ubuntu.com> Fri, 31 Jul 2009 13:43:46 -0400
2104+
2105+openldap (2.4.17-1ubuntu1) karmic; urgency=low
2106+
2107+ [ Steve Langasek ]
2108+ * Fix up the lintian warnings:
2109+ - add missing misc-depends on all packages
2110+ - slapd, libldap-2.4-2-dbg sections changed to 'debug' to match archive
2111+ overrides
2112+ - bump Standards-Version to 3.8.2, no changes required.
2113+
2114+ [ Mathias Gug ]
2115+ * Resynchronise with Debian. Remaining changes:
2116+ - AppArmor support:
2117+ - debian/apparmor-profile: add AppArmor profile
2118+ - updated debian/slapd.README.Debian for note on AppArmor
2119+ - debian/slapd.dirs: add etc/apparmor.d/force-complain
2120+ - debian/slapd.postrm: remove symlink in force-complain/ on purge
2121+ - debian/rules: install apparmor profile.
2122+ - Don't use local statement in config script as it fails if /bin/sh
2123+ points to bash.
2124+ - debian/slapd.postinst, debian/slapd.script-common: set correct
2125+ ownership and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group
2126+ readable) and /var/run/slapd (world readable).
2127+ - Enable nssoverlay:
2128+ - debian/patches/nssov-build, debian/rules: Build and package the nss
2129+ overlay.
2130+ - debian/schema/misc.ldif: add ldif file for the misc schema which
2131+ defines rfc822MailMember (required by the nss overlay).
2132+ - debian/{control,rules}: enable PIE hardening
2133+ - Use cn=config as the default configuration backend instead of
2134+ slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade
2135+ asking the end user to enter a new password to control the access to
2136+ the cn=config tree.
2137+ - debian/slapd.postinst: create /var/run/slapd before updating its
2138+ permissions.
2139+ - debian/slapd.init: Correctly set slapd config backend option even if
2140+ the pidfile is configured in slapd default file.
2141+ * Dropped:
2142+ - Merged in Debian:
2143+ - Update priority of libldap-2.4-2 to match the archive override.
2144+ - Add the missing ldapexop and ldapurl tools to ldap-utils, as well as
2145+ the ldapurl(1) manpage.
2146+ - Bump build-dependency on debhelper to 6 instead of 5, since that's
2147+ what we're using.
2148+ - Set the default SLAPD_SERVICES to ldap:/// ldapi:///, instead of using
2149+ the built-in default of ldap:/// only.
2150+ - Fixed in upstream release:
2151+ - debian/patches/fix-ldap_back_entry_get_rwa.patch: fix test-0034
2152+ failure when built with PIE.
2153+ - debian/patches/gnutls-enable-v1-ca-certs: Enable V1 CA certs to be
2154+ trusted.
2155+ - Update Apparmor profile support: don't support upgrade from pre-hardy
2156+ systems:
2157+ - debian/slapd.postinst: Reload AA profile on configuration
2158+ - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
2159+ - debian/control: Conflicts with apparmor-profiles <<
2160+ 2.1+1075-0ubuntu4 to make sure that if earlier version of
2161+ apparmor-profiles gets installed it won't overwrite our profile.
2162+ - follow ApparmorProfileMigration and force apparmor complain mode on
2163+ some upgrades
2164+ - debian/slapd.preinst: create symlink for force-complain on
2165+ pre-feisty upgrades, upgrades where apparmor-profiles profile is
2166+ unchanged (ie non-enforcing) and upgrades where apparmor profile
2167+ does not exist.
2168+ - debian/patches/autogen.sh: no longer needed with karmic libtool.
2169+ - Call libtoolize with the --install option to install
2170+ config.{guess,sub} files.
2171+
2172+ -- Mathias Gug <mathiaz@ubuntu.com> Thu, 30 Jul 2009 16:42:58 -0400
2173+
2174 openldap (2.4.17-1) unstable; urgency=low
2175
2176 * New upstream version.
2177@@ -980,6 +2900,153 @@ openldap (2.4.17-1) unstable; urgency=low
2178
2179 -- Steve Langasek <vorlon@debian.org> Tue, 28 Jul 2009 10:17:15 -0700
2180
2181+openldap (2.4.15-1.1ubuntu1) karmic; urgency=low
2182+
2183+ * Resynchronise with Debian. Remaining changes:
2184+ - AppArmor support:
2185+ - debian/apparmor-profile: add AppArmor profile
2186+ - debian/slapd.postinst: Reload AA profile on configuration
2187+ - updated debian/slapd.README.Debian for note on AppArmor
2188+ - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
2189+ - debian/control: Conflicts with apparmor-profiles <<
2190+ 2.1+1075-0ubuntu4 to make sure that if earlier version of
2191+ apparmor-profiles gets installed it won't overwrite our profile.
2192+ - follow ApparmorProfileMigration and force apparmor complain mode on
2193+ some upgrades
2194+ - debian/slapd.dirs: add etc/apparmor.d/force-complain
2195+ - debian/slapd.preinst: create symlink for force-complain on
2196+ pre-feisty upgrades, upgrades where apparmor-profiles profile is
2197+ unchanged (ie non-enforcing) and upgrades where apparmor profile
2198+ does not exist.
2199+ - debian/slapd.postrm: remove symlink in force-complain/ on purge
2200+ - debian/patches/autogen.sh:
2201+ - Call libtoolize with the --install option to install
2202+ config.{guess,sub} files.
2203+ - Don't use local statement in config script as it fails if /bin/sh
2204+ points to bash.
2205+ - debian/slapd.postinst, debian/slapd.script-common: set correct
2206+ ownership and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group
2207+ readable) and /var/run/slapd (world readable).
2208+ - Enable nssoverlay:
2209+ - debian/patches/nssov-build, debian/rules: Build and package the nss
2210+ overlay.
2211+ - debian/schema/misc.ldif: add ldif file for the misc schema which
2212+ defines rfc822MailMember (required by the nss overlay).
2213+ - debian/{control,rules}: enable PIE hardening
2214+ - Use cn=config as the default configuration backend instead of
2215+ slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade
2216+ asking the end user to enter a new password to control the access to
2217+ the cn=config tree.
2218+ - Update priority of libldap-2.4-2 to match the archive override.
2219+ - Add the missing ldapexop and ldapurl tools to ldap-utils, as well as
2220+ the ldapurl(1) manpage.
2221+ - Bump build-dependency on debhelper to 6 instead of 5, since that's
2222+ what we're using.
2223+ - Set the default SLAPD_SERVICES to ldap:/// ldapi:///, instead of using
2224+ the built-in default of ldap:/// only.
2225+ - debian/patches/fix-ldap_back_entry_get_rwa.patch: fix test-0034
2226+ failure when built with PIE.
2227+ - debian/patches/gnutls-enable-v1-ca-certs: Enable V1 CA certs to be
2228+ trusted.
2229+ - debian/slapd.postinst: create /var/run/slapd before updating its
2230+ permissions.
2231+ - debian/slapd.init: Correctly set slapd config backend option even if
2232+ the pidfile is configured in slapd default file.
2233+ * Drop patch to avoid the test suite on hppa, as hppa is EOL.
2234+
2235+ -- Colin Watson <cjwatson@ubuntu.com> Wed, 24 Jun 2009 10:45:20 +0100
2236+
2237+openldap (2.4.15-1.1) unstable; urgency=low
2238+
2239+ * Non-maintainer upload.
2240+ * Change libltdl3-dev Build-Depends to libltdl-dev | libltdl3-dev
2241+ (Closes: #522965)
2242+
2243+ -- Kurt Roeckx <kurt@roeckx.be> Sun, 19 Apr 2009 18:24:32 +0200
2244+
2245+openldap (2.4.15-1ubuntu3) jaunty; urgency=low
2246+
2247+ * No-change rebuild to fix lpia shared library dependencies.
2248+
2249+ -- Colin Watson <cjwatson@ubuntu.com> Thu, 19 Mar 2009 09:52:40 +0000
2250+
2251+openldap (2.4.15-1ubuntu2) jaunty; urgency=low
2252+
2253+ * debian/slapd.postinst: create /var/run/slapd before updating its
2254+ permissions (LP: #298928).
2255+ * debian/slapd.init: Correclty set slapd config backend option even if the
2256+ pidfile is configured in slapd default file (LP: #292364).
2257+ * debian/apparmor-profile: support multiple databases to be stored under
2258+ /var/lib/ldap/. (LP: #286614).
2259+
2260+ -- Mathias Gug <mathiaz@ubuntu.com> Fri, 13 Mar 2009 13:56:12 -0400
2261+
2262+openldap (2.4.15-1ubuntu1) jaunty; urgency=low
2263+
2264+ [ Steve Langasek ]
2265+ * Update priority of libldap-2.4-2 to match the archive override.
2266+ * Add the missing ldapexop and ldapurl tools to ldap-utils, as well as the
2267+ ldapurl(1) manpage. Thanks to Peter Marschall for the patch.
2268+ Closes: #496749.
2269+ * Bump build-dependency on debhelper to 6 instead of 5, since that's
2270+ what we're using. Closes: #498116.
2271+ * Set the default SLAPD_SERVICES to ldap:/// ldapi:///, instead of using
2272+ the built-in default of ldap:/// only.
2273+
2274+ [ Mathias Gug ]
2275+ * Merge from debian unstable, remaining changes:
2276+ - Modify Maintainer value to match the DebianMaintainerField
2277+ speficication.
2278+ - AppArmor support:
2279+ - debian/apparmor-profile: add AppArmor profile
2280+ - debian/slapd.postinst: Reload AA profile on configuration
2281+ - updated debian/slapd.README.Debian for note on AppArmor
2282+ - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
2283+ - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
2284+ to make sure that if earlier version of apparmour-profiles gets
2285+ installed it won't overwrite our profile.
2286+ - follow ApparmorProfileMigration and force apparmor compalin mode on
2287+ some upgrades (LP: #203529)
2288+ - debian/slapd.dirs: add etc/apparmor.d/force-complain
2289+ - debian/slapd.preinst: create symlink for force-complain on pre-feisty
2290+ upgrades, upgrades where apparmor-profiles profile is unchanged (ie
2291+ non-enforcing) and upgrades where apparmor profile does not exist.
2292+ - debian/slapd.postrm: remove symlink in force-complain/ on purge
2293+ - debian/control:
2294+ - Build-depend on libltdl7-dev rather then libltdl3-dev.
2295+ - debian/patches/autogen.sh:
2296+ - Call libtoolize with the --install option to install config.{guess,sub}
2297+ files.
2298+ - Don't use local statement in config script as it fails if /bin/sh
2299+ points to bash (LP: #286063).
2300+ - Disable the testsuite on hppa. Allows building of packages on this
2301+ architecture again, once this package is in the archive.
2302+ LP: #288908.
2303+ - debian/slapd.postinst, debian/slapd.script-common: set correct ownership
2304+ and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group readable) and
2305+ /var/run/slapd (world readable). (LP: #257667).
2306+ - Enable nssoverlay:
2307+ - debian/patches/nssov-build, debian/rules: Build and package
2308+ the nss overlay.
2309+ - debian/schema/misc.ldif: add ldif file for the misc schema
2310+ which defines rfc822MailMember (required by the nss overlay).
2311+ - debian/{control,rules}: enable PIE hardening
2312+ - Use cn=config as the default configuration backend instead of
2313+ slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade
2314+ asking the end user to enter a new password to control the access to the
2315+ cn=config tree.
2316+ * Dropped:
2317+ - debian/patches/corrupt-contextCSN: The contextCSN can get corrupted at
2318+ times. (ITS: #5947) Fixed in new upstream version 2.4.15.
2319+ - debian/patches/fix-ucred-libc due to changes how newer glibc handle
2320+ the ucred struct now. Implemented in Debian.
2321+ * debian/patches/fix-ldap_back_entry_get_rwa.patch: fix test-0034 failure
2322+ when built with PIE.
2323+ * debian/patches/gnutls-enable-v1-ca-certs: Enable V1 CA certs to be
2324+ trusted (LP: #305264).
2325+
2326+ -- Mathias Gug <mathiaz@ubuntu.com> Fri, 06 Mar 2009 17:34:21 -0500
2327+
2328 openldap (2.4.15-1) unstable; urgency=low
2329
2330 * New upstream version
2331@@ -997,6 +3064,69 @@ openldap (2.4.15-1) unstable; urgency=low
2332
2333 -- Steve Langasek <vorlon@debian.org> Tue, 24 Feb 2009 14:27:35 -0800
2334
2335+openldap (2.4.14-0ubuntu1) jaunty; urgency=low
2336+
2337+ [ Steve Langasek ]
2338+ * New upstream version
2339+ - Fixes a bug with the pcache overlay not returning cached entries
2340+ (closes: #497697)
2341+ - Update evolution-ntlm patch to apply to current Makefiles.
2342+ - (tentatively) drop gnutls-ciphers, since this bug was reported to be
2343+ fixed upstream in 2.4.8. The fix applied in 2.4.8 didn't match the
2344+ patch from the bug report, so this should be watched for regressions.
2345+ * Build against db4.7 instead of db4.2 at last! Closes: #421946.
2346+ * Build with --disable-ndb, to avoid a misbuild when libmysqlclient is
2347+ installed in the build environment.
2348+ * New patch, no-crlcheck-for-gnutls, to fix a build failure when using
2349+ --with-tls=gnutls.
2350+
2351+ [ Mathias Gug ]
2352+ * Merge from debian unstable, remaining changes:
2353+ - debian/apparmor-profile: add AppArmor profile
2354+ - debian/slapd.postinst: Reload AA profile on configuration
2355+ - updated debian/slapd.README.Debian for note on AppArmor
2356+ - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
2357+ - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
2358+ to make sure that if earlier version of apparmour-profiles gets
2359+ installed it won't overwrite our profile.
2360+ - Modify Maintainer value to match the DebianMaintainerField
2361+ speficication.
2362+ - follow ApparmorProfileMigration and force apparmor compalin mode on
2363+ some upgrades (LP: #203529)
2364+ - debian/slapd.dirs: add etc/apparmor.d/force-complain
2365+ - debian/slapd.preinst: create symlink for force-complain on pre-feisty
2366+ upgrades, upgrades where apparmor-profiles profile is unchanged (ie
2367+ non-enforcing) and upgrades where apparmor profile does not exist.
2368+ - debian/slapd.postrm: remove symlink in force-complain/ on purge
2369+ - debian/patches/fix-ucred-libc due to changes how newer glibc handle
2370+ the ucred struct now.
2371+ - debian/control:
2372+ - Build-depend on libltdl7-dev rather then libltdl3-dev.
2373+ - debian/patches/autogen.sh:
2374+ - Call libtoolize with the --install option to install config.{guess,sub}
2375+ files.
2376+ - Don't use local statement in config script as it fails if /bin/sh
2377+ points to bash (LP: #286063).
2378+ - Disable the testsuite on hppa. Allows building of packages on this
2379+ architecture again, once this package is in the archive.
2380+ LP: #288908.
2381+ - debian/slapd.postinst, debian/slapd.script-common: set correct ownership
2382+ and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group readable) and
2383+ /var/run/slapd (world readable). (LP: #257667).
2384+ - debian/patches/nssov-build, debian/rules:
2385+ Build and package the nss overlay.
2386+ debian/schema/misc.ldif: add ldif file for the misc schema, which defines
2387+ rfc822MailMember (required by the nss overlay).
2388+ - debian/{control,rules}: enable PIE hardening
2389+ - Use cn=config as the default configuration backend instead of
2390+ slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade
2391+ asking the end user to enter a new password to control the access to the
2392+ cn=config tree.
2393+ * debian/patches/corrupt-contextCSN: The contextCSN can get corrupted at
2394+ times. (ITS: #5947)
2395+
2396+ -- Mathias Gug <mathiaz@ubuntu.com> Wed, 18 Feb 2009 18:44:00 -0500
2397+
2398 openldap (2.4.11-1) unstable; urgency=low
2399
2400 * New upstream version (closes: #499560).
2401@@ -1019,6 +3149,110 @@ openldap (2.4.11-1) unstable; urgency=low
2402
2403 -- Steve Langasek <vorlon@debian.org> Sat, 11 Oct 2008 01:53:55 -0700
2404
2405+openldap (2.4.11-0ubuntu7) jaunty; urgency=low
2406+
2407+ * Don't use local statement in config script as it fails if /bin/sh
2408+ points to bash (LP: #286063).
2409+
2410+ -- Mathias Gug <mathiaz@ubuntu.com> Tue, 04 Nov 2008 20:03:46 -0500
2411+
2412+openldap (2.4.11-0ubuntu6) intrepid; urgency=low
2413+
2414+ * Disable the testsuite on hppa. Allows building of packages on this
2415+ architecture again, once this package is in the archive.
2416+ LP: #288908.
2417+
2418+ -- Matthias Klose <doko@ubuntu.com> Fri, 24 Oct 2008 23:22:33 +0200
2419+
2420+openldap (2.4.11-0ubuntu5) intrepid; urgency=low
2421+
2422+ * Don't set admin passwords in ldif files if adminpw is empty.
2423+ (LP: #273988 - LP: #276606).
2424+
2425+ -- Mathias Gug <mathiaz@ubuntu.com> Mon, 13 Oct 2008 19:31:15 -0400
2426+
2427+openldap (2.4.11-0ubuntu4) intrepid; urgency=low
2428+
2429+ * debian/slapd.postinst, debian/slapd.script-common: set correct ownership
2430+ and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group readable) and
2431+ /var/run/slapd (world readable). (LP: #257667).
2432+ * debian/slapd.script-common:
2433+ - Fix package reconfiguration:
2434+ + Remove slapd.d/ directory if it already exists when creating a new
2435+ configuration.
2436+ + Fix backup directory naming for multiple reconfiguration.
2437+
2438+ -- Mathias Gug <mathiaz@ubuntu.com> Wed, 24 Sep 2008 21:01:42 -0400
2439+
2440+openldap (2.4.11-0ubuntu3) intrepid; urgency=low
2441+
2442+ * debian/patches/nssov-build, debian/rules:
2443+ Build and package the nss overlay.
2444+ * debian/schema/misc.ldif: add ldif file for the misc schema, which defines
2445+ rfc822MailMember (required by the nss overlay).
2446+
2447+ -- Mathias Gug <mathiaz@ubuntu.com> Tue, 26 Aug 2008 18:42:54 -0400
2448+
2449+openldap (2.4.11-0ubuntu2) intrepid; urgency=low
2450+
2451+ * debian/{control,rules}: enable PIE hardening
2452+
2453+ -- Kees Cook <kees@ubuntu.com> Wed, 20 Aug 2008 15:47:01 -0700
2454+
2455+openldap (2.4.11-0ubuntu1) intrepid; urgency=low
2456+
2457+ * New upstream version:
2458+ - Mainly bug fixes.
2459+ - New nss slapd overlay (not compiled by default).
2460+ * Use cn=config as the default configuration backend instead of
2461+ slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade
2462+ asking the end user to enter a new password to control the access to the
2463+ cn=config tree.
2464+
2465+ -- Mathias Gug <mathiaz@ubuntu.com> Mon, 11 Aug 2008 20:26:05 -0400
2466+
2467+openldap (2.4.10-3ubuntu1) intrepid; urgency=low
2468+
2469+ [ Mathias Gug ]
2470+ * Merge from debian unstable, remaining changes:
2471+ - debian/apparmor-profile: add AppArmor profile
2472+ - debian/slapd.postinst: Reload AA profile on configuration
2473+ - updated debian/slapd.README.Debian for note on AppArmor
2474+ - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
2475+ - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
2476+ to make sure that if earlier version of apparmour-profiles gets
2477+ installed it won't overwrite our profile.
2478+ - Modify Maintainer value to match the DebianMaintainerField
2479+ speficication.
2480+ - follow ApparmorProfileMigration and force apparmor compalin mode on
2481+ some upgrades (LP: #203529)
2482+ - debian/slapd.dirs: add etc/apparmor.d/force-complain
2483+ - debian/slapd.preinst: create symlink for force-complain on pre-feisty
2484+ upgrades, upgrades where apparmor-profiles profile is unchanged (ie
2485+ non-enforcing) and upgrades where apparmor profile does not exist.
2486+ - debian/slapd.postrm: remove symlink in force-complain/ on purge
2487+ - debian/patches/fix-ucred-libc due to changes how newer glibc handle
2488+ the ucred struct now.
2489+ - debian/patches/fix-unique-overlay-assertion.patch:
2490+ Fix another assertion error in unique overlay (LP: #243337).
2491+ Backport from head.
2492+ * Dropped - implemented in Debian:
2493+ - debian/patches/fix-gnutls-key-strength.patch:
2494+ Fix slapd handling of ssf using gnutls. (LP: #244925).
2495+ - debian/control:
2496+ Add time as build dependency: needed by make test.
2497+ * debian/control:
2498+ - Build-depend on libltdl7-dev rather then libltdl3-dev.
2499+ * debian/patches/autogen.sh:
2500+ - Call libtoolize with the --install option to install config.{guess,sub}
2501+ files.
2502+
2503+ [ Jamie Strandboge ]
2504+ * adjust apparmor profile to allow gssapi (LP: #229252)
2505+ * adjust apparmor profile to allow cnconfig (LP: #243525)
2506+
2507+ -- Mathias Gug <mathiaz@ubuntu.com> Wed, 30 Jul 2008 19:46:02 -0400
2508+
2509 openldap (2.4.10-3) unstable; urgency=low
2510
2511 [ Steve Langasek ]
2512@@ -1052,6 +3286,40 @@ openldap (2.4.10-3) unstable; urgency=low
2513
2514 -- Steve Langasek <vorlon@debian.org> Mon, 28 Jul 2008 15:26:06 -0700
2515
2516+openldap (2.4.10-2ubuntu1) intrepid; urgency=low
2517+
2518+ * Merge from debian unstable, remaining changes:
2519+ - debian/apparmor-profile: add AppArmor profile
2520+ - debian/slapd.postinst: Reload AA profile on configuration
2521+ - updated debian/slapd.README.Debian for note on AppArmor
2522+ - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
2523+ - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
2524+ to make sure that if earlier version of apparmour-profiles gets
2525+ installed it won't overwrite our profile.
2526+ - Modify Maintainer value to match the DebianMaintainerField
2527+ speficication.
2528+ - follow ApparmorProfileMigration and force apparmor compalin mode on
2529+ some upgrades (LP: #203529)
2530+ - debian/slapd.dirs: add etc/apparmor.d/force-complain
2531+ - debian/slapd.preinst: create symlink for force-complain on pre-feisty
2532+ upgrades, upgrades where apparmor-profiles profile is unchanged (ie
2533+ non-enforcing) and upgrades where apparmor profile does not exist.
2534+ - debian/slapd.postrm: remove symlink in force-complain/ on purge
2535+ - debian/patches/fix-ucred-libc due to changes how newer glibc handle
2536+ the ucred struct now.
2537+ - debian/patches/fix-unique-overlay-assertion.patch:
2538+ Fix another assertion error in unique overlay (LP: #243337).
2539+ Backport from head.
2540+ - debian/patches/fix-gnutls-key-strength.patch:
2541+ Fix slapd handling of ssf using gnutls. (LP: #244925).
2542+ - debian/control:
2543+ Add time as build dependency: needed by make test.
2544+ * Dropped - implemented in Debian:
2545+ - debian/rules:
2546+ Support debuild nocheck option: don't run tests if nocheck is set.
2547+
2548+ -- Mathias Gug <mathiaz@ubuntu.com> Thu, 10 Jul 2008 14:45:49 -0400
2549+
2550 openldap (2.4.10-2) unstable; urgency=low
2551
2552 * Support DEB_BUILD_OPTIONS=nocheck to disable running the test suite at
2553@@ -1066,6 +3334,54 @@ openldap (2.4.10-2) unstable; urgency=low
2554
2555 -- Steve Langasek <vorlon@debian.org> Sun, 06 Jul 2008 22:03:32 -0700
2556
2557+openldap2.3 (2.4.10-1ubuntu1) intrepid; urgency=low
2558+
2559+ * Merge from debian unstable, remaining changes:
2560+ - debian/apparmor-profile: add AppArmor profile
2561+ - debian/slapd.postinst: Reload AA profile on configuration
2562+ - updated debian/slapd.README.Debian for note on AppArmor
2563+ - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
2564+ - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
2565+ to make sure that if earlier version of apparmour-profiles gets
2566+ installed it won't overwrite our profile.
2567+ - Modify Maintainer value to match the DebianMaintainerField
2568+ speficication.
2569+ - follow ApparmorProfileMigration and force apparmor compalin mode on
2570+ some upgrades (LP: #203529)
2571+ - debian/slapd.dirs: add etc/apparmor.d/force-complain
2572+ - debian/slapd.preinst: create symlink for force-complain on pre-feisty
2573+ upgrades, upgrades where apparmor-profiles profile is unchanged (ie
2574+ non-enforcing) and upgrades where apparmor profile does not exist.
2575+ - debian/slapd.postrm: remove symlink in force-complain/ on purge
2576+ - debian/patches/fix-ucred-libc due to changes how newer glibc handle
2577+ the ucred struct now.
2578+ - debian/patches/fix-unique-overlay-assertion.patch:
2579+ Fix another assertion error in unique overlay (LP: #243337).
2580+ Backport from head.
2581+ * debian/control:
2582+ - add time as build dependency: needed by make test.
2583+ * debian/rules:
2584+ - support debuild nocheck option: don't run tests if nocheck is set.
2585+ * debian/patches/fix-gnutls-key-strength.patch:
2586+ - fix slapd handling of ssf using gnutls. (LP: #244925).
2587+ * Dropped - accepted in Debian:
2588+ - debian/rules, debian/slapd.links: use hard links to slapd instead of
2589+ symlinks for slap* so these applications aren't confined by apparmor
2590+ (LP: #203898)
2591+ * Dropped - fixed in new upstream release:
2592+ - debian/patches/fix-assertion-io.patch: Fixes ber_flush2 assertion.
2593+ (LP: #215904)
2594+ - debian/patches/fix-dnpretty-assertion.patch: Fix dnPrettyNormal assertion
2595+ error. (LP: #234196)
2596+ - dropped debian/patches/fix-notify-crasher.patch: Fix modify timestamp crashes.
2597+ (LP: #220724)
2598+ - debian/patches/fix-syncrepl-oops: Fixes segmentation fault when using
2599+ syncrepl. (LP: #227178)
2600+ - dropped debian/patches/SECURITY_CVE-2008-0658.patch. Already applied
2601+ upstream.
2602+
2603+ -- Mathias Gug <mathiaz@ubuntu.com> Thu, 03 Jul 2008 14:15:08 -0400
2604+
2605 openldap2.3 (2.4.10-1) unstable; urgency=low
2606
2607 [ Steve Langasek ]
2608@@ -1090,6 +3406,64 @@ openldap2.3 (2.4.10-1) unstable; urgency=low
2609
2610 -- Steve Langasek <vorlon@debian.org> Mon, 30 Jun 2008 04:28:34 -0700
2611
2612+openldap2.3 (2.4.9-1ubuntu4) intrepid; urgency=low
2613+
2614+ * debian/patches/fix-unique-overlay-assertion.patch:
2615+ - Fix another assertion error in unique overlay, backported from head.
2616+ (LP: #243337) Note: This patch will still be needed when moved to 2.4.10
2617+
2618+ -- Chuck Short <zulcss@ubuntu.com> Mon, 30 Jun 2008 18:49:52 +0000
2619+
2620+openldap2.3 (2.4.9-1ubuntu3) intrepid; urgency=low
2621+
2622+ * Drop spurious dependency on hiemdal-dev. Caused by an aborted attempt to
2623+ include the smbk5pwd overlay.
2624+
2625+ -- Chuck Short <zulcss@ubuntu.com> Wed, 11 Jun 2008 21:25:40 +0000
2626+
2627+openldap2.3 (2.4.9-1ubuntu2) intrepid; urgency=low
2628+
2629+ * Rebuild for perl 5.10 transition (LP: #230016)
2630+ * debian/patches/fix-syncrepl-oops: Fixes segmentation fault when using
2631+ syncrepl. (LP: #227178)
2632+
2633+ -- Chuck Short <zulcss@ubuntu.com> Mon, 09 Jun 2008 14:56:40 +0000
2634+
2635+openldap2.3 (2.4.9-1ubuntu1) intrepid; urgency=low
2636+
2637+ * Merge from debian unstable, remaining changes:
2638+ - debian/apparmor-profile: add AppArmor profile
2639+ - debian/slapd.postinst: Reload AA profile on configuration
2640+ - updated debian/slapd.README.Debian for note on AppArmor
2641+ - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
2642+ - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
2643+ to make sure that if earlier version of apparmour-profiles gets
2644+ installed it won't overwrite our profile.
2645+ - Modify Maintainer value to match the DebianMaintainerField
2646+ speficication.
2647+ - follow ApparmorProfileMigration and force apparmor compalin mode on
2648+ some upgrades (LP: #203529)
2649+ - debian/slapd.dirs: add etc/apparmor.d/force-complain
2650+ - debian/slapd.preinst: create symlink for force-complain on pre-feisty
2651+ upgrades, upgrades where apparmor-profiles profile is unchanged (ie
2652+ non-enforcing) and upgrades where apparmor profile does not exist.
2653+ - debian/slapd.postrm: remove symlink in force-complain/ on purge
2654+ - debian/rules, debian/slapd.links: use hard links to slapd instead of
2655+ symlinks for slap* so these applications aren't confined by apparmor
2656+ (LP: #203898)
2657+ - debian/patches/fix-assertion-io.patch: Fixes ber_flush2 assertion.
2658+ (LP: #215904)
2659+ - debian/patches/fix-dnpretty-assertion.patch: Fix dnPrettyNormal assertion
2660+ error. (LP: #234196)
2661+ - dropped debian/patches/fix-notify-crasher.patch: Fix modify timestamp crashes.
2662+ (LP: #220724)
2663+ - dropped debian/patches/SECURITY_CVE-2008-0658.patch. Already applied
2664+ upstream.
2665+ * Added debian/patches/fix-ucred-libc due to changes how newer glibc handle
2666+ the ucred struct now.
2667+
2668+ -- Chuck Short <zulcss@ubuntu.com> Fri, 30 May 2008 17:09:53 +0100
2669+
2670 openldap2.3 (2.4.9-1) unstable; urgency=low
2671
2672 [ Updated debconf translations ]
2673@@ -1160,6 +3534,51 @@ openldap2.3 (2.4.7-6.1) unstable; urgency=high
2674
2675 -- Nico Golde <nion@debian.org> Tue, 04 Mar 2008 14:34:44 +0100
2676
2677+openldap2.3 (2.4.7-6ubuntu3) hardy; urgency=low
2678+
2679+ * remove apparmor-profile workaround for Launchpad #202161 (it's now fixed
2680+ in klibc)
2681+
2682+ -- Jamie Strandboge <jamie@ubuntu.com> Mon, 07 Apr 2008 16:09:38 -0400
2683+
2684+openldap2.3 (2.4.7-6ubuntu2) hardy; urgency=low
2685+
2686+ * apparmor-profile workaround for Launchpad #202161
2687+ * follow ApparmorProfileMigration and force apparmor complain mode on some
2688+ upgrades (LP: #203529)
2689+ - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
2690+ - debian/slapd.dirs: add etc/apparmor.d/force-complain
2691+ - debian/slapd.preinst: create symlink for force-complain/ on pre-feisty
2692+ upgrades, upgrades where apparmor-profiles profile is unchanged (ie
2693+ non-enforcing) and upgrades where apparmor profile does not exist
2694+ - debian/slapd.postrm: remove symlink in force-complain/ on purge
2695+ * debian/rules, debian/slapd.links: use hard links to slapd instead of
2696+ symlinks for slap* so these applications aren't confined by apparmor
2697+ (LP: #203898)
2698+
2699+ -- Jamie Strandboge <jamie@ubuntu.com> Tue, 18 Mar 2008 13:53:23 -0400
2700+
2701+openldap2.3 (2.4.7-6ubuntu1) hardy; urgency=low
2702+
2703+ * Merge from Debian unstable, remaining changes:
2704+ + debian/patches/SECURITY_CVE-2008-0658.patch (LP: #197077)
2705+ slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39
2706+ allows remote authenticated users to cause a denial of service (daemon
2707+ crash) via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION)
2708+ control, a related issue to CVE-2007-6698.
2709+ + debian/apparmor-profile: add AppArmor profile
2710+ + debian/slapd.postinst: Reload AA profile on configuration
2711+ + updated debian/slapd.README.Debian for note on AppArmor
2712+ + debian/control: Replaces apparmor-profiles << 2.1+1075-0ubuntu4 as we
2713+ should now take control
2714+ + debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
2715+ to make sure that if earlier version of apparmor-profiles gets
2716+ installed it won't overwrite our profile
2717+ + Modify Maintainer value to match the DebianMaintainerField
2718+ specification.
2719+
2720+ -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 04 Mar 2008 01:59:51 +0000
2721+
2722 openldap2.3 (2.4.7-6) unstable; urgency=low
2723
2724 [ Updated debconf translations ]
2725@@ -1205,6 +3624,37 @@ openldap2.3 (2.4.7-6) unstable; urgency=low
2726
2727 -- Steve Langasek <vorlon@debian.org> Thu, 28 Feb 2008 22:15:17 -0800
2728
2729+openldap2.3 (2.4.7-5ubuntu2) hardy; urgency=low
2730+
2731+ * SECURITY UPDATE:
2732+ + debian/patches/SECURITY_CVE-2008-0658.patch (LP: #197077)
2733+ slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39
2734+ allows remote authenticated users to cause a denial of service (daemon crash)
2735+ via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION) control, a related
2736+ issue to CVE-2007-6698.
2737+
2738+ * References
2739+ - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-0658
2740+ - http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5358
2741+
2742+ -- Emanuele Gentili <emgent@emanuele-gentili.com> Sun, 02 Mar 2008 16:34:30 +0100
2743+
2744+openldap2.3 (2.4.7-5ubuntu1) hardy; urgency=low
2745+
2746+ * add AppArmor profile
2747+ + debian/apparmor-profile
2748+ + debian/slapd.postinst: Reload AA profile on configuration
2749+ * updated debian/slapd.README.Debian for note on AppArmor
2750+ * debian/control: Replaces apparmor-profiles << 2.1+1075-0ubuntu4 as we
2751+ should now take control
2752+ * debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
2753+ to make sure that if earlier version of apparmor-profiles gets installed
2754+ it won't overwrite our profile
2755+ * Modify Maintainer value to match the DebianMaintainerField
2756+ specification.
2757+
2758+ -- Jamie Strandboge <jamie@ubuntu.com> Wed, 13 Feb 2008 17:15:41 +0000
2759+
2760 openldap2.3 (2.4.7-5) unstable; urgency=low
2761
2762 [ Updated debconf translations ]
2763diff --git a/debian/configure.options b/debian/configure.options
2764index 08a55e0..9d3704e 100644
2765--- a/debian/configure.options
2766+++ b/debian/configure.options
2767@@ -175,6 +175,7 @@
2768 # --with-fetch with fetch(3) URL support [auto]
2769 # --with-threads with threads [auto]
2770 --with-threads
2771+--with-gssapi
2772 # --with-tls with TLS/SSL support auto|openssl|gnutls|moznss [auto]
2773 --with-tls=gnutls
2774 # --with-yielding-select with implicitly yielding select [auto]
2775diff --git a/debian/control b/debian/control
2776index e88429a..a603885 100644
2777--- a/debian/control
2778+++ b/debian/control
2779@@ -1,20 +1,23 @@
2780 Source: openldap
2781 Section: net
2782 Priority: optional
2783-Maintainer: Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>
2784+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
2785+XSBC-Original-Maintainer: Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>
2786 Uploaders: Steve Langasek <vorlon@debian.org>,
2787 Torsten Landschoff <torsten@debian.org>,
2788 Ryan Tandy <ryan@nardis.ca>
2789 Build-Depends: debhelper (>= 10),
2790+ dh-apparmor,
2791 dpkg-dev (>= 1.17.14),
2792 groff-base,
2793- heimdal-multidev (>= 7.4.0.dfsg.1-1~) <!pkg.openldap.noslapd>,
2794+ heimdal-dev (>= 7.4.0.dfsg.1-1~) <!pkg.openldap.noslapd>,
2795 libdb5.3-dev <!pkg.openldap.noslapd>,
2796 libgnutls28-dev,
2797 libltdl-dev <!pkg.openldap.noslapd>,
2798 libperl-dev (>= 5.8.0) <!pkg.openldap.noslapd>,
2799 libsasl2-dev,
2800 libwrap0-dev <!pkg.openldap.noslapd>,
2801+ lsb-release,
2802 nettle-dev <!pkg.openldap.noslapd>,
2803 perl:any,
2804 po-debconf,
2805@@ -34,7 +37,7 @@ Depends: ${shlibs:Depends}, libldap-2.4-2 (= ${binary:Version}),
2806 coreutils (>= 4.5.1-1), psmisc, perl:any (>> 5.8.0) | libmime-base64-perl,
2807 adduser, lsb-base (>= 3.2-13), ${misc:Depends}
2808 Recommends: libsasl2-modules
2809-Suggests: ldap-utils,
2810+Suggests: ldap-utils, ufw,
2811 libsasl2-modules-gssapi-mit | libsasl2-modules-gssapi-heimdal
2812 Conflicts: umich-ldapd, ldap-server, libltdl3 (= 1.5.4-1)
2813 Replaces: libldap2, ldap-utils (<< 2.2.23-3)
2814diff --git a/debian/libldap-2.4-2.symbols b/debian/libldap-2.4-2.symbols
2815index d42ccec..55421bc 100644
2816--- a/debian/libldap-2.4-2.symbols
2817+++ b/debian/libldap-2.4-2.symbols
2818@@ -118,6 +118,7 @@ liblber-2.4.so.2 libldap-2.4-2 #MINVER#
2819 ber_sockbuf_io_fd@OPENLDAP_2.4_2 2.4.7
2820 ber_sockbuf_io_readahead@OPENLDAP_2.4_2 2.4.7
2821 ber_sockbuf_io_tcp@OPENLDAP_2.4_2 2.4.7
2822+ ber_sockbuf_io_udp@OPENLDAP_2.4_2 2.4.17-1ubuntu2
2823 ber_sockbuf_remove_io@OPENLDAP_2.4_2 2.4.7
2824 ber_sos_dump@OPENLDAP_2.4_2 2.4.7
2825 ber_start@OPENLDAP_2.4_2 2.4.7
2826@@ -280,6 +281,11 @@ libldap_r-2.4.so.2 libldap-2.4-2 #MINVER#
2827 ldap_int_flush_request@OPENLDAP_2.4_2 2.4.7
2828 ldap_int_global_options@OPENLDAP_2.4_2 2.4.7
2829 ldap_int_gmtime_mutex@OPENLDAP_2.4_2 2.4.23
2830+ ldap_int_gssapi_close@OPENLDAP_2.4_2 2.4.18-0ubuntu2
2831+ ldap_int_gssapi_config@OPENLDAP_2.4_2 2.4.18-0ubuntu2
2832+ ldap_int_gssapi_get_option@OPENLDAP_2.4_2 2.4.18-0ubuntu2
2833+ ldap_int_gssapi_mutex@OPENLDAP_2.4_2 2.4.18-0ubuntu2
2834+ ldap_int_gssapi_set_option@OPENLDAP_2.4_2 2.4.18-0ubuntu2
2835 ldap_int_hostname@OPENLDAP_2.4_2 2.4.7
2836 ldap_int_hostname_mutex@OPENLDAP_2.4_2 2.4.39
2837 ldap_int_inet4or6@OPENLDAP_2.4_2 2.4.7
2838@@ -312,6 +318,7 @@ libldap_r-2.4.so.2 libldap-2.4-2 #MINVER#
2839 ldap_int_tls_start@OPENLDAP_2.4_2 2.4.7
2840 ldap_int_utils_init@OPENLDAP_2.4_2 2.4.7
2841 ldap_is_ldap_url@OPENLDAP_2.4_2 2.4.7
2842+ ldap_is_ldapc_url@OPENLDAP_2.4_2 2.4.17-1ubuntu2
2843 ldap_is_ldapi_url@OPENLDAP_2.4_2 2.4.7
2844 ldap_is_ldaps_url@OPENLDAP_2.4_2 2.4.7
2845 ldap_is_read_ready@OPENLDAP_2.4_2 2.4.7
2846diff --git a/debian/patches/contrib-makefiles b/debian/patches/contrib-makefiles
2847index 07256ba..4d820f7 100644
2848--- a/debian/patches/contrib-makefiles
2849+++ b/debian/patches/contrib-makefiles
2850@@ -157,3 +157,24 @@
2851 -rpath $(moduledir) -module -o $@ $? $(LIBS)
2852
2853 clean:
2854+--- a/contrib/slapd-modules/nssov/Makefile
2855++++ b/contrib/slapd-modules/nssov/Makefile
2856+@@ -52,15 +52,15 @@
2857+ .SUFFIXES: .c .o .lo
2858+
2859+ .c.lo:
2860+- $(LIBTOOL) --mode=compile $(CC) $(OPT) $(DEFS) $(INCS) -c $<
2861++ $(LIBTOOL) --mode=compile $(CC) $(CFLAGS) $(CPPFLAGS) $(DEFS) $(INCS) -c $<
2862+
2863+ tio.lo: nss-pam-ldapd/tio.c
2864+- $(LIBTOOL) --mode=compile $(CC) $(OPT) $(DEFS) $(INCS) -c $?
2865++ $(LIBTOOL) --mode=compile $(CC) $(CFLAGS) $(CPPFLAGS) $(DEFS) $(INCS) -c $?
2866+
2867+ $(OBJS): nssov.h
2868+
2869+ nssov.la: $(OBJS) $(XOBJS)
2870+- $(LIBTOOL) --mode=link $(CC) $(OPT) -version-info 0:0:0 \
2871++ $(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -version-info 0:0:0 \
2872+ -rpath $(moduledir) -module -o $@ $(OBJS) $(XOBJS) $(LIBS)
2873+
2874+ install: nssov.la
2875diff --git a/debian/patches/fix-ldap-distribution.patch b/debian/patches/fix-ldap-distribution.patch
2876new file mode 100644
2877index 0000000..17be364
2878--- /dev/null
2879+++ b/debian/patches/fix-ldap-distribution.patch
2880@@ -0,0 +1,24 @@
2881+--- a/build/mkversion
2882++++ b/build/mkversion
2883+@@ -52,6 +52,12 @@
2884+ APPLICATION=$1
2885+ WHOWHERE="Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>"
2886+
2887++if test -x /usr/bin/lsb_release; then
2888++ OPENLDAP_DISTRIBUTION=" ($(lsb_release -si))"
2889++else
2890++ OPENLDAP_DISTRIBUTION=""
2891++fi
2892++
2893+ cat << __EOF__
2894+ /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
2895+ *
2896+@@ -72,7 +78,7 @@
2897+ "COPYING RESTRICTIONS APPLY\n";
2898+
2899+ $static $const char $SYMBOL[] =
2900+-"@(#) \$$PACKAGE: $APPLICATION $VERSION (" __DATE__ " " __TIME__ ") \$\n"
2901++"@(#) \$$PACKAGE: $APPLICATION $VERSION$OPENLDAP_DISTRIBUTION (" __DATE__ " " __TIME__ ") \$\n"
2902+ "\t$WHOWHERE\n";
2903+
2904+ __EOF__
2905diff --git a/debian/patches/gssapi.diff b/debian/patches/gssapi.diff
2906new file mode 100644
2907index 0000000..5bcf266
2908--- /dev/null
2909+++ b/debian/patches/gssapi.diff
2910@@ -0,0 +1,140 @@
2911+--- a/configure.in
2912++++ b/configure.in
2913+@@ -244,6 +244,8 @@
2914+ auto, [auto yes no] )
2915+ OL_ARG_WITH(fetch,[ --with-fetch with fetch(3) URL support],
2916+ auto, [auto yes no] )
2917++OL_ARG_WITH(gssapi,[ --with-gssapi with GSSAPI support],
2918++ auto, [auto yes no] )
2919+ OL_ARG_WITH(threads,[ --with-threads with threads],
2920+ auto, [auto nt posix mach pth lwp yes no manual] )
2921+ OL_ARG_WITH(tls,[ --with-tls with TLS/SSL support auto|openssl|gnutls|moznss],
2922+@@ -591,6 +593,7 @@
2923+ KRB4_LIBS=
2924+ KRB5_LIBS=
2925+ SASL_LIBS=
2926++GSSAPI_LIBS=
2927+ TLS_LIBS=
2928+ MODULES_LIBS=
2929+ SLAPI_LIBS=
2930+@@ -1153,6 +1156,63 @@
2931+ fi
2932+
2933+ dnl ----------------------------------------------------------------
2934++dnl GSSAPI
2935++ol_link_gssapi=no
2936++
2937++case $ol_with_gssapi in yes | auto)
2938++
2939++ ol_header_gssapi=no
2940++ AC_CHECK_HEADERS(gssapi/gssapi.h)
2941++ if test $ac_cv_header_gssapi_gssapi_h = yes ; then
2942++ ol_header_gssapi=yes
2943++ else
2944++ AC_CHECK_HEADERS(gssapi.h)
2945++ if test $ac_cv_header_gssapi_h = yes ; then
2946++ ol_header_gssapi=yes
2947++ fi
2948++
2949++ dnl## not every gssapi has gss_oid_to_str()
2950++ dnl## as it's not defined in the GSSAPI V2 API
2951++ dnl## anymore
2952++ saveLIBS="$LIBS"
2953++ LIBS="$LIBS $GSSAPI_LIBS"
2954++ AC_CHECK_FUNCS(gss_oid_to_str)
2955++ LIBS="$saveLIBS"
2956++ fi
2957++
2958++ if test $ol_header_gssapi = yes ; then
2959++ dnl## we check for gss_wrap
2960++ dnl## as it's new to the GSSAPI V2 API
2961++ AC_CHECK_LIB(gssapi, gss_wrap,
2962++ [ol_link_gssapi=yes;GSSAPI_LIBS="-lgssapi"],
2963++ [ol_link_gssapi=no])
2964++ if test $ol_link_gssapi != yes ; then
2965++ AC_CHECK_LIB(gssapi_krb5, gss_wrap,
2966++ [ol_link_gssapi=yes;GSSAPI_LIBS="-lgssapi_krb5"],
2967++ [ol_link_gssapi=no])
2968++ fi
2969++ if test $ol_link_gssapi != yes ; then
2970++ AC_CHECK_LIB(gss, gss_wrap,
2971++ [ol_link_gssapi=yes;GSSAPI_LIBS="-lgss"],
2972++ [ol_link_gssapi=no])
2973++ fi
2974++ fi
2975++
2976++ ;;
2977++esac
2978++
2979++WITH_GSSAPI=no
2980++if test $ol_link_gssapi = yes; then
2981++ AC_DEFINE(HAVE_GSSAPI, 1, [define if you have GSSAPI])
2982++ WITH_GSSAPI=yes
2983++elif test $ol_with_gssapi = auto ; then
2984++ AC_MSG_WARN([Could not locate GSSAPI package])
2985++ AC_MSG_WARN([GSSAPI authentication not supported!])
2986++elif test $ol_with_gssapi = yes ; then
2987++ AC_MSG_ERROR([GSSAPI detection failed])
2988++fi
2989++
2990++dnl ----------------------------------------------------------------
2991+ dnl TLS/SSL
2992+
2993+ if test $ol_with_tls = yes ; then
2994+@@ -1928,6 +1988,13 @@
2995+ fi
2996+ AC_SUBST(VERSION_OPTION)
2997+
2998++VERSION_OPTION=""
2999++OL_SYMBOL_VERSIONING
3000++if test $ol_cv_ld_version_script_option = yes ; then
3001++ VERSION_OPTION="-Wl,--version-script="
3002++fi
3003++AC_SUBST(VERSION_OPTION)
3004++
3005+ dnl ----------------------------------------------------------------
3006+ if test $ol_enable_wrappers != no ; then
3007+ AC_CHECK_HEADERS(tcpd.h,[
3008+@@ -3159,6 +3226,7 @@
3009+ AC_SUBST(KRB4_LIBS)
3010+ AC_SUBST(KRB5_LIBS)
3011+ AC_SUBST(SASL_LIBS)
3012++AC_SUBST(GSSAPI_LIBS)
3013+ AC_SUBST(TLS_LIBS)
3014+ AC_SUBST(MODULES_LIBS)
3015+ AC_SUBST(SLAPI_LIBS)
3016+--- a/include/portable.hin
3017++++ b/include/portable.hin
3018+@@ -253,6 +253,18 @@
3019+ /* Define to 1 if you have the <grp.h> header file. */
3020+ #undef HAVE_GRP_H
3021+
3022++/* define if you have GSSAPI */
3023++#undef HAVE_GSSAPI
3024++
3025++/* Define to 1 if you have the <gssapi/gssapi.h> header file. */
3026++#undef HAVE_GSSAPI_GSSAPI_H
3027++
3028++/* Define to 1 if you have the <gssapi.h> header file. */
3029++#undef HAVE_GSSAPI_H
3030++
3031++/* Define to 1 if you have the `gss_oid_to_str' function. */
3032++#undef HAVE_GSS_OID_TO_STR
3033++
3034+ /* Define to 1 if you have the `hstrerror' function. */
3035+ #undef HAVE_HSTRERROR
3036+
3037+--- a/build/top.mk
3038++++ b/build/top.mk
3039+@@ -190,9 +190,10 @@
3040+ KRB5_LIBS = @KRB5_LIBS@
3041+ KRB_LIBS = @KRB4_LIBS@ @KRB5_LIBS@
3042+ SASL_LIBS = @SASL_LIBS@
3043++GSSAPI_LIBS = @GSSAPI_LIBS@
3044+ TLS_LIBS = @TLS_LIBS@
3045+ AUTH_LIBS = @AUTH_LIBS@
3046+-SECURITY_LIBS = $(SASL_LIBS) $(KRB_LIBS) $(TLS_LIBS) $(AUTH_LIBS)
3047++SECURITY_LIBS = $(SASL_LIBS) $(KRB_LIBS) $(GSSAPI_LIBS) $(TLS_LIBS) $(AUTH_LIBS)
3048+
3049+ MODULES_CPPFLAGS = @SLAPD_MODULES_CPPFLAGS@
3050+ MODULES_LDFLAGS = @SLAPD_MODULES_LDFLAGS@
3051diff --git a/debian/patches/series b/debian/patches/series
3052index b0ef82d..ebd0ad3 100644
3053--- a/debian/patches/series
3054+++ b/debian/patches/series
3055@@ -7,6 +7,7 @@ index-files-created-as-root
3056 sasl-default-path
3057 libldap-symbol-versions
3058 getaddrinfo-is-threadsafe
3059+gssapi.diff
3060 do-not-second-guess-sonames
3061 contrib-makefiles
3062 smbk5pwd-makefile-manpage
3063@@ -21,3 +22,4 @@ ITS6035-olcauthzregex-needs-restart.patch
3064 set-maintainer-name
3065 ITS-9086-Add-debug-logging-for-more-GnuTLS-errors.patch
3066 ITS-9171-Insert-callback-in-the-right-place.patch
3067+fix-ldap-distribution.patch
3068diff --git a/debian/rules b/debian/rules
3069index b13a6bc..4777bb2 100755
3070--- a/debian/rules
3071+++ b/debian/rules
3072@@ -7,7 +7,8 @@ include /usr/share/dpkg/pkg-info.mk
3073 # want the checks for DFSG-freeness.
3074 #DFSG_NONFREE = 1
3075
3076-export DEB_CFLAGS_MAINT_APPEND := -Wall -Wno-format-extra-args -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE
3077+export DEB_CFLAGS_MAINT_APPEND := -Wall -Wno-format-extra-args -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE -DLDAP_CONNECTIONLESS -I/usr/include/heimdal
3078+export DEB_LDFLAGS_MAINT_APPEND := -L/usr/lib/$(DEB_HOST_MULTIARCH)/heimdal
3079 export DEB_BUILD_MAINT_OPTIONS := hardening=+pie,+bindnow
3080
3081 # Workaround for bad glibc behavior when resolving localhost
3082@@ -21,7 +22,7 @@ ifneq ($(filter pkg.openldap.noslapd,$(DEB_BUILD_PROFILES)),)
3083 CONFIG += --disable-slapd
3084 endif
3085
3086-CONTRIB_MODULES = autogroup lastbind passwd passwd/pbkdf2 passwd/sha2 smbk5pwd
3087+CONTRIB_MODULES = autogroup lastbind nssov passwd passwd/pbkdf2 passwd/sha2 smbk5pwd
3088
3089 # Ensure CC is set correctly for cross builds, unless it has already
3090 # been set explicitly.
3091@@ -41,7 +42,8 @@ CONTRIB_MAKEVARS := \
3092 LDAP_BUILD='$(builddir)' \
3093 prefix=/usr \
3094 ldap_subdir=/ldap \
3095- moduledir='$$(libdir)$$(ldap_subdir)'
3096+ moduledir='$$(libdir)$$(ldap_subdir)' \
3097+ sysconfdir='/etc$$(ldap_subdir)'
3098
3099 # These variables are used only by get-orig-source, which will normally only
3100 # be run by maintainers.
3101@@ -155,6 +157,22 @@ endif
3102 find $(installdir)/usr/share/man -name \*.8 \
3103 | xargs perl -pi -e 's#(\.TH \w+ 8)C#$$1#'
3104
3105+ifeq ($(filter stage1,$(DEB_BUILD_PROFILES)),)
3106+override_dh_install-arch:
3107+ dh_install
3108+
3109+ # install AppArmor profile
3110+ install -D -m 644 $(CURDIR)/debian/apparmor-profile $(CURDIR)/debian/slapd/etc/apparmor.d/usr.sbin.slapd
3111+
3112+ # install Apport hook
3113+ install -D -m 644 $(CURDIR)/debian/slapd.py $(CURDIR)/debian/slapd/usr/share/apport/package-hooks/slapd.py
3114+
3115+ # install ufw profile
3116+ install -D -m 644 $(CURDIR)/debian/slapd.ufw.profile $(CURDIR)/debian/slapd/etc/ufw/applications.d/slapd
3117+
3118+ dh_apparmor -pslapd --profile-name=usr.sbin.slapd
3119+endif
3120+
3121 override_dh_installinit:
3122 dh_installinit -- "defaults 19 80"
3123
3124@@ -215,6 +233,8 @@ ifeq ($(filter pkg.openldap.noslapd,$(DEB_BUILD_PROFILES)),)
3125 done; \
3126 fi
3127
3128+ rm -f contrib/slapd-modules/nssov/nss-pam-ldapd/config.sub contrib/slapd-modules/nssov/nss-pam-ldapd/config.guess
3129+
3130 # Clean the contrib directory
3131 for mod in $(CONTRIB_MODULES); do \
3132 dh_auto_clean -Dcontrib/slapd-modules/$$mod -Bcontrib/slapd-modules/$$mod || exit $?; \
3133diff --git a/debian/slapd.README.Debian b/debian/slapd.README.Debian
3134index a43dfe4..216e6ac 100644
3135--- a/debian/slapd.README.Debian
3136+++ b/debian/slapd.README.Debian
3137@@ -204,8 +204,8 @@ Running slapd under a Different UID/GID
3138
3139 - Tell linux slapd can access configuration files -- usually:
3140
3141- chgrp <group> /etc/ldap/slapd.conf
3142- chmod 0640 /etc/ldap/slapd.conf
3143+ chgrp -R <group> /etc/ldap/slapd.d
3144+ chmod -R g+rX /etc/ldap/slapd.d
3145
3146 - Tell linux slapd can access /var/run/slapd and write a PID file:
3147
3148@@ -339,3 +339,14 @@ Unsafe access control rule installed by default in previous versions
3149 slapd.access(5) man page.
3150
3151 -- Ryan Tandy <ryan@nardis.ca>, Mon, 20 Oct 2014 11:45:20 -0700
3152+
3153+Apparmor Profile
3154+----------------
3155+
3156+ If your system uses AppArmor, please note that the shipped enforcing profile
3157+ works with the default installation, and changes in your configuration may
3158+ require changes to the installed apparmor profile. Please see
3159+ https://wiki.ubuntu.com/DebuggingApparmor before filing a bug against this
3160+ software.
3161+
3162+ -- Jamie Strandboge <jamie@ubuntu.com>, Mon, 4 Feb 2008 21:18:21 -0500
3163diff --git a/debian/slapd.default b/debian/slapd.default
3164index 372b8f4..4212e07 100644
3165--- a/debian/slapd.default
3166+++ b/debian/slapd.default
3167@@ -12,7 +12,7 @@ SLAPD_USER="openldap"
3168 SLAPD_GROUP="openldap"
3169
3170 # Path to the pid file of the slapd server. If not set the init.d script
3171-# will try to figure it out from $SLAPD_CONF (/etc/ldap/slapd.conf by
3172+# will try to figure it out from $SLAPD_CONF (/etc/ldap/slapd.d by
3173 # default)
3174 SLAPD_PIDFILE=
3175
3176diff --git a/debian/slapd.init.ldif b/debian/slapd.init.ldif
3177index a5277c0..8fd30a5 100644
3178--- a/debian/slapd.init.ldif
3179+++ b/debian/slapd.init.ldif
3180@@ -32,7 +32,6 @@ objectClass: olcDatabaseConfig
3181 olcDatabase: config
3182 # Allow unlimited access to local connection from the local root user
3183 olcAccess: to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break
3184-olcRootDN: cn=admin,cn=config
3185
3186 # Load schemas
3187 dn: cn=schema,cn=config
3188diff --git a/debian/slapd.install b/debian/slapd.install
3189index 0987dad..206a208 100644
3190--- a/debian/slapd.install
3191+++ b/debian/slapd.install
3192@@ -54,5 +54,7 @@ usr/lib/ldap/autogroup.so*
3193 usr/lib/ldap/autogroup.la
3194 usr/lib/ldap/lastbind.so*
3195 usr/lib/ldap/lastbind.la
3196+usr/lib/ldap/nssov.so*
3197+usr/lib/ldap/nssov.la
3198 usr/lib/ldap/pw-sha2.so*
3199 usr/lib/ldap/pw-sha2.la
3200diff --git a/debian/slapd.manpages b/debian/slapd.manpages
3201index ffd3243..25f6d43 100644
3202--- a/debian/slapd.manpages
3203+++ b/debian/slapd.manpages
3204@@ -43,3 +43,4 @@ debian/tmp/usr/share/man/man5/slapo-valsort.5
3205
3206 # contrib modules installed in main package
3207 debian/tmp/usr/share/man/man5/slapo-lastbind.5
3208+contrib/slapd-modules/nssov/slapo-nssov.5
3209diff --git a/debian/slapd.py b/debian/slapd.py
3210new file mode 100644
3211index 0000000..7d78699
3212--- /dev/null
3213+++ b/debian/slapd.py
3214@@ -0,0 +1,51 @@
3215+#!/usr/bin/python
3216+
3217+'''apport hook for slapd
3218+
3219+(c) 2010 Adam Sommer.
3220+Author: Adam Sommer <asommer@ubuntu.com>
3221+
3222+This program is free software; you can redistribute it and/or modify it
3223+under the terms of the GNU General Public License as published by the
3224+Free Software Foundation; either version 2 of the License, or (at your
3225+option) any later version. See http://www.gnu.org/copyleft/gpl.html for
3226+the full text of the license.
3227+'''
3228+
3229+from apport.hookutils import *
3230+import os
3231+
3232+# Scrub olcRootPW attribute and credentials strings if necessary.
3233+def scrub_pass_strings(config):
3234+ olcrootpw_regex = re.compile('olcRootPW:.*')
3235+ olcrootpw_string = olcrootpw_regex.search(config)
3236+ if olcrootpw_string:
3237+ config = config.replace(olcrootpw_string.group(0), 'olcRootPW: @@APPORTREPLACED@@')
3238+
3239+ credentials_regex = re.compile('credentials=.* ')
3240+ credentials_string = credentials_regex.search(config)
3241+ if credentials_string:
3242+ config = config.replace(credentials_string.group(0), 'credentials=@@APPORTREPLACED@@ ')
3243+
3244+ return config
3245+
3246+def add_info(report, ui):
3247+ response = ui.yesno("The contents of your /etc/ldap/slapd.d directory "
3248+ "may help developers diagnose your bug more "
3249+ "quickly. However, it may contain sensitive "
3250+ "information. Do you want to include it in your "
3251+ "bug report?")
3252+
3253+ if response == None: # user cancelled
3254+ raise StopIteration
3255+
3256+ elif response == True:
3257+ # Get the cn=config tree.
3258+ cn_config = root_command_output(['/usr/bin/ldapsearch', '-Q', '-LLL', '-Y EXTERNAL', '-H ldapi:///', '-b cn=config'])
3259+ report['CNConfig'] = scrub_pass_strings(cn_config)
3260+
3261+ # Get slapd messages from /var/log/syslog
3262+ slapd_re = re.compile('slapd', re.IGNORECASE)
3263+ report['SysLog'] = recent_syslog(slapd_re)
3264+
3265+ attach_mac_events(report, '/usr/sbin/slapd')
3266diff --git a/debian/slapd.scripts-common b/debian/slapd.scripts-common
3267index b2b3d3d..0dc0045 100644
3268--- a/debian/slapd.scripts-common
3269+++ b/debian/slapd.scripts-common
3270@@ -175,8 +175,7 @@ dump_config() { # {{{
3271 dump_databases() { # {{{
3272 # If the user wants us to dump the databases they are dumped to the
3273 # configured directory.
3274-
3275- local db suffix file dir failed
3276+ local db suffix file dir failed slapcat_opts
3277
3278 database_dumping_enabled || return 0
3279
3280@@ -365,6 +364,12 @@ compute_backup_path() { # {{{
3281 id="$OLD_VERSION"
3282 [ -n "$id" ] || id=`date +%Y%m%d-%H%M%S`
3283 target="/var/backups/$basedn-$id.ldapdb"
3284+ # Configuration via dpkg-reconfigure.
3285+ # The backup directory already exists when reconfigured
3286+ # twice or more: append a timestamp.
3287+ if [ -e "${target}" ] && ([ "$MODE" = reconfigure ] || [ "$DEBCONF_RECONFIGURE" ]); then
3288+ target="$target-`date +%Y%m%d-%H%M%S`"
3289+ fi
3290 if [ -e "$target" ] && [ -z "$ok_exists" ]; then
3291 echo >&2
3292 echo >&2 " Backup path $target exists. Giving up..."
3293diff --git a/debian/slapd.ufw.profile b/debian/slapd.ufw.profile
3294new file mode 100644
3295index 0000000..3c4f676
3296--- /dev/null
3297+++ b/debian/slapd.ufw.profile
3298@@ -0,0 +1,9 @@
3299+[OpenLDAP LDAP]
3300+title=OpenLDAP with TLS
3301+description=OpenLDAP is a free, fast, lightweight LDAP server
3302+ports=389/tcp
3303+
3304+[OpenLDAP LDAPS]
3305+title=OpenLDAP over SSL
3306+description=OpenLDAP is a free, fast, lightweight LDAP server
3307+ports=636/tcp

Subscribers

People subscribed via source and target branches