Merge ~ahasenack/ubuntu/+source/openldap:groovy-openldap-2.4.50-merge-and-delta-drop into ubuntu/+source/openldap:debian/sid
- Git
- lp:~ahasenack/ubuntu/+source/openldap
- groovy-openldap-2.4.50-merge-and-delta-drop
- Merge into debian/sid
Status: | Merged | ||||
---|---|---|---|---|---|
Approved by: | Andreas Hasenack | ||||
Approved revision: | 890c4eea118142866ff23abe7b8be5d408316d98 | ||||
Merge reported by: | Andreas Hasenack | ||||
Merged at revision: | 890c4eea118142866ff23abe7b8be5d408316d98 | ||||
Proposed branch: | ~ahasenack/ubuntu/+source/openldap:groovy-openldap-2.4.50-merge-and-delta-drop | ||||
Merge into: | ubuntu/+source/openldap:debian/sid | ||||
Diff against target: |
3397 lines (+2901/-12) 18 files modified
debian/apparmor-profile (+60/-0) debian/changelog (+2527/-0) debian/configure.options (+1/-0) debian/control (+5/-3) debian/libldap-2.4-2.symbols (+7/-0) debian/patches/contrib-makefiles (+21/-0) debian/patches/fix_test_timing.patch (+27/-0) debian/patches/gssapi.diff (+140/-0) debian/patches/series (+2/-0) debian/patches/set-maintainer-name (+1/-1) debian/rules (+26/-3) debian/slapd.README.Debian (+13/-2) debian/slapd.default (+1/-1) debian/slapd.install (+2/-0) debian/slapd.manpages (+1/-0) debian/slapd.py (+51/-0) debian/slapd.scripts-common (+7/-2) debian/slapd.ufw.profile (+9/-0) |
||||
Related bugs: |
|
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Christian Ehrhardt (community) | Approve | ||
Canonical Server | Pending | ||
Review via email: mp+383797@code.launchpad.net |
Commit message
Description of the change
Most of the diff is in d/changelog, for carrying such a large delta for so long.
Debian merge of 2.4.50, plus a lot of delta drop. Let's go!
Bileto (still running, mostly done, i386 known failures so far): https:/
I added sssd to that ticket because it has nice ldap integration tests.
First, remaining "normal" delta:
- apparmor
- ufw
- apport
The remaining bits:
- d/slapd.
- add slapcat_opts to local variables.
Added to debian in https:/
- Fix backup directory naming for multiple reconfiguration.
Submitted to debian via https:/
- d/{slapd.
Adopted by debian in https:/
- debian/
of test timing issue.
Not submitted yet
- d/p/set-
instead of hardcoding an email (LP: #1875697)
Submitted to debian via https:/
The drops!
I hope the reasoning for each drop, even though just a short sentence, is clarifying enough. Most of the drops are because we no longer ship likewise-open. But here we go:
- nss overlay: we don't need another name service switch module, we have standardized on sssd
- gssapi support: we still have it, via sasl gssapi. Bug #495418 (which introduced this delta) even has a comment from upstream asking us to drop this. This was also added because of likewise-open, it probably didn't work with sasl back then.
- olcRootDN for the ldif init: not worth keeping a delta for. It's just an authentication entity that there is no way for someone to authenticate as, but the ACL in that ldif grant the "manage" access to the sasl external entity, so that is in effect the new admin. There is no harm in keeping olcRootDN, so let's drop this.
- CLDAP support. Also added because of likewise-open. This was required for windows 2k domain joins, as cldap was the only way to query the server for what ldap suffixes it had, and other discovery things.
- show distribution in version: debian now shows the package version, which will have the "ubuntu" name in it in our case, so dropped (also requested in https:/
That's it!
Andreas Hasenack (ahasenack) wrote : | # |
Andreas Hasenack (ahasenack) wrote : | # |
More comments. This time, ">" are mine:
On Tue, May 12, 2020 at 02:32:18PM -0300, Andreas Hasenack wrote:
>We should be able to rely on the symbols file to handle upgrades, no?
>Or do you mean in terms of debian policy the soname must change?
The symbols file tracks when new interfaces were added, but when
changing or removing already exported ones, the SONAME must change.
https:/
>Scripting with the cn=config backend is tough. And just removing nssov
>for the sake of having slapd start up fine would hide the change
>somewhat.
Yeah. I was thinking more along the lines of failing the upgrade in
preinst if nssov is enabled, rather than get into a state where recovery
requires manual changes in /etc/ldap/slapd.d.
But the number of users affected is honestly going to be single-digit or
zero, so a release note is probably about all the effort it's worth.
>The nss overlay requires "the client-side stuf library from
>nss-pam-ldapd", which we only have in universe since precise, and I
>would like to standardize on sssd as much as possible.
ACK, recommending sssd makes sense for sure.
Christian Ehrhardt (paelzer) wrote : | # |
Looong changelog, but after reading it twice I agree.
Glad you could drop so much.
I like that you added the reasoning for each of them.
And I also agree that early in the post-LTS cycle is the right time to do so.
Also thanks for sending all the remaining bits that are applicable to Debian already.
This is so much I need to look a bit further, but so far it LGTM
Christian Ehrhardt (paelzer) wrote : | # |
ok, AFAICS old delta is retained correctly.
But a lot is going on, so I hope I didn't miss anything.
Hopefully you can drop more of the already submitted changes next time to further clean this up.
ben thielsen (btb-bitrate) wrote : | # |
i use and prefer nss-pam-ldapd, so removing nssov would break things for my installations. it doesn't really matter to me if nssov is loaded/
as a side note, it would be disappointing to see sssd pushed over nss-pam-ldapd, generally speaking.
Andreas Hasenack (ahasenack) wrote : | # |
As recommended by Ryan Tandy (debian maintainer of openldap), and after a discussion with my colleagues, we decided to not drop the gssapi and CLDAP deltas at this time, because that would require buming the soname of the openldap libraries, which is already at 2.4. When the next upstream major release happens, 2.5, that will be the right time to drop this delta. It's unfortunate, but it's the price to pay for having introduced that back in 2009 without much thinking ahead.
Andreas Hasenack (ahasenack) wrote : | # |
I emailed ubuntu-server@ about these changes, and also posted on the discourse forum.
https:/
https:/
ben thielsen (btb-bitrate), we can continue the nss overlay discussion there.
Andreas Hasenack (ahasenack) wrote : | # |
About the nssov removal, if the previous install is using the overlay, the upgrade fails, quite as expected:
May 21 19:05:20 groovy-nss-overlay slapd[1275]: lt_dlopenext failed: (nssov) file not found
...
Errors were encountered while processing:
slapd
E: Sub-process /usr/bin/dpkg returned an error code (1)
Expected, but not very nice. Ryan Tandy suggested a check in preinst.
Andreas Hasenack (ahasenack) wrote : | # |
If I check for the nss overlay in slapd.preinst, and exit 1 (just for the sake of testing, let's assume there are debconf prompts asking what to do, and the user chose to abort), then we get:
(...)
Preparing to unpack .../slapd_
Saving current slapd configuration to /var/backups/
nss overlay in use, aborting install
dpkg: error processing archive ./slapd_
new slapd package pre-installation script subprocess returned error exit status 1
Backing up /etc/ldap/slapd.d in /var/backups/
Setting up libldap-common (2.4.50+
Setting up libldap-2.4-2:amd64 (2.4.50+
Setting up ldap-utils (2.4.50+
Processing triggers for man-db (2.9.1-1) ...
Processing triggers for libc-bin (2.31-0ubuntu9) ...
Errors were encountered while processing:
./slapd_
$ echo $?
1
Summary:
- apt exits 1, indicating a failure
- slapd stays at the previous version, but other packages remain upgraded
- slapd is restarted, but stays running instead of failing to come up
Removing the nss overlay configuration in postinst is complicated, error prone, and might render the system without a working login (assuming the overlay is being used in that system for logins: not always the case).
These are the options as far as I can see, at the moment:
a) don't remove nssov
b) remove nssov, and exit 1 in preinst if it's detected, with the outcome detailed above
c) remove nssov and not handle it. apt fails, slapd remains stopped at the end, system might be without a working logn
d) remove nssov, go through great lengths to remove it from slapd's config (very complicated due to cn=config and the fact that slapd doesn't support removing modules dynamically via ldap commands), and in the end have a running slapd, but without nssov. System might again be without a working login, if nssov was used for that on this system.
If we chose (a), I might as well fix bug #381829 and bug #1452087
Andreas Hasenack (ahasenack) wrote : | # |
I emailed ubuntu-devel[1] about the nssov situation, and will keep the overlay for now until I can come up with a better plan for its removal that doesn't horribly break upgrades for people who are using it.
Andreas Hasenack (ahasenack) wrote : | # |
And the link to my ubuntu-devel post, which I forgot to add in my previous comment:
https:/
Andreas Hasenack (ahasenack) wrote : | # |
I updated the branch keeping the nssov delta, and I also rearranged the commits a bit so they are together where it makes sense:
a)
commit cee0c2496d9abae
Author: Andreas Hasenack <email address hidden>
Date: Fri Feb 8 18:23:23 2019 -0200
- d/libldap-
- CLDAP (UDP) was added in 2.4.17-1ubuntu2
- GSSAPI support was enabled in 2.4.18-0ubuntu2
I split this one up in two pieces, and folded them together each with the commit that added the feature. I also added notes about when this can be dropped:
commit b8787fe7f9e5ed0
Author: Andreas Hasenack <email address hidden>
Date: Fri Feb 8 18:22:00 2019 -0200
- Add support for CLDAP (UDP) support, back then required by
+ d/rules: Enable -DLDAP_
+ d/libldap-
This should be dropped when the soname changes.
and
commit 90eba5f78d1a44a
Author: Andreas Hasenack <email address hidden>
Date: Fri Feb 8 18:16:01 2019 -0200
- Enable GSSAPI support (first added in 2.4.18-0ubuntu2):
...
+ d/libldap-
This should be dropped when the soname changes.
b)
commit a23fad285c57ba7
Author: Andreas Hasenack <email address hidden>
Date: Mon Feb 11 09:18:28 2019 -0200
- d/p/contrib-
Debian bug #919136, we also have to patch the nssov makefile
Squashed the above commit into the one adding the nssov delta:
commit 3ebf10cacef2c35
Author: Andreas Hasenack <email address hidden>
Date: Fri Feb 8 18:19:09 2019 -0200
- Enable nss overlay:
...
+ d/p/contrib-
Debian bug #919136, we also have to patch the nssov makefile
Andreas Hasenack (ahasenack) wrote : | # |
Finally, i also updated the commit messages with the correct list symbol for each indentation level. Basically, replaced many "-" with "+".
- b76ceba... by Ryan Tandy
-
* Added:
- d/rules, debian/patches/ set-maintainer- name: Extract maintainer
address dynamically from debian/control. Thanks to Ryan Tandy
<email address hidden> (Closes: #960448, LP: #1875697)
Christian Ehrhardt (paelzer) wrote : | # |
sigh, soname troubles plus this nssov thing - this clearly is one of the more ugly merged.
/me hugs Andreas
Re-reviewing the MP as it is right now ...
- Ack on not removing nssov (for now)
- Ack on keeping the bad symbols until we can soname bump
(both as discussed)
+1 on the new set of kept/dropped changes.
One thing if you want to experiment a bit more with it since we can't get rid of the extra features/symbols we have that came to my mind last weekend was deprecating them.
Would it be a reasonable delta to throw in some "deprecated" attributes via [1]?
That way - once we some day remove it - everyone linking against them would have had quite some time being told that they are deprecated.
One could think of a similar strategy for nssov to now yell/warn/message about that it will be dropped later in all places you can - to reduce the impact when you do it some time down the road. IIRC you already have the code to detect nssov and while I agree messing with the config is error-prone, warning that it should not be used would be fine IMHO.
[1]: https:/
Andreas Hasenack (ahasenack) wrote : | # |
> One thing if you want to experiment a bit more with it since we can't get rid of
> the extra features/symbols we have that came to my mind last weekend was
> deprecating them. Would it be a reasonable delta to throw in some "deprecated"
> attributes via [1]?
I can play with this, but I'm not sure it's the right thing to do. These symbols are not deprecated, and they fall into two categories:
- cldap support: ber_sockbuf_io_udp and ldap_is_ldapc_url. Both defined in public header files:
include/
and
include/ldap.h:
#ifdef LDAP_CONNECTIONLESS
LDAP_F( int )
ldap_is_ldapc_url LDAP_P((
LDAP_CONST char *url ));
#endif
Both are only used if LDAP_CONNECTIONLESS is defined.
- gssapi support
This is the "bad" one, as the delta we have is adding internal symbols to the symbols file. For example, ldap_int_
Anyway, going back to the point of deprecating symbols, adding a patch that changes C code marking the, say, gssapi symbols deprecated isn't correct, as they shouldn't be exposed in the first place. Using them when linking with the ubuntu openldap packages (if possible, given we don't ship the corresponding header file), that is what is "deprecated", because we want to remove them.
Andreas Hasenack (ahasenack) wrote : | # |
Hm, there are many other *_int_* symbols in the symbols file, also defined just in the -int header file that is not shipped. Meh.
Andreas Hasenack (ahasenack) wrote : | # |
I tested patching one attribute with that flag:
-LDAP_F(void) ldap_int_
+LDAP_F(void) ldap_int_
The build shows this then:
../../.
../../.
620 | ldap_int_
| ^~~~~~~
../../.
581 | void ldap_int_
| ^~~~~~~
since that function is used internally, correctly. So I don't think it's a good approach.
Christian Ehrhardt (paelzer) wrote : | # |
Ok, thanks for trying - it was worth that but you have shown it doesn't match your case :-/
I was +1 otherwise on it, so +1 is all that is left after trying the deprecation trick.
Andreas Hasenack (ahasenack) wrote : | # |
About notifying the user that nssov will eventually be removed, I thought of these options:
- d/NEWS file. A bit weird, because we are not changing it yet, so I'm not sure this mechanism applies. But is an interesting notification mechanism for those who have apt-listchanges (I think that's the name) installed. It would only show once, thouch, iiuc.
- simple postinst "echo" lines. Can get lost in all those messages, but can show the warning with every upgrade if we want (i.e., do the check regardless of the package version that is being upgraded)
Any other ideas? Also keep in mind we might not be able to cleanly removed this overlay, so maybe adding these warnings now is premature.
Christian Ehrhardt (paelzer) wrote : | # |
We know that eventually there will always be someone that misses it and later complain.
So don't let perfection be the enemy of progress and pick something that works for the majority.
For this particular case I'm fan of something very noisy on the upgrade if we detected it is in use.
That way the majority of users won't see anything and that is ok as it isn't "for them".
For all the others I think it would be good to be loud and noisy on upgrades.
Actually - we can detect that it is in use can we?
Furthermore orthogonal to the packaging changes something that you can find with a search engine, maybe release notes or server guide (or even a blog if you want). Whatever you think is best for you.
Andreas Hasenack (ahasenack) wrote : | # |
I'm actually -1 on adding notes about future upcoming changes to the packaging at the moment, when such changes aren't there. It's our intention, and that was communicated in 2 mailing lists and the discourse forum. I added a d/slapd.NEWS bit, but am ready to revert that.
- 421b8d2... by Andreas Hasenack
-
merge-changelogs
- 1c96234... by Andreas Hasenack
-
reconstruct-
changelog - 890c4ee... by Andreas Hasenack
-
update-maintainer
Christian Ehrhardt (paelzer) wrote : | # |
As I said above, "Whatever you think is best for you", so if ML+Discourse is what you want that is fine with me. The NEWS entry would be just another Delta with potentially low gain - so I'm ok if you drop it before upload.
I mostly wanted to spawn the idea of trying to communicate it, not define how exactly we do it.
Andreas Hasenack (ahasenack) wrote : | # |
Thanks, sorry for misunderstanding.
Andreas Hasenack (ahasenack) wrote : | # |
Tagging and uploading 890c4eea1181428
$ git push pkg upload/
Enumerating objects: 94, done.
Counting objects: 100% (94/94), done.
Delta compression using up to 4 threads
Compressing objects: 100% (76/76), done.
Writing objects: 100% (78/78), 28.91 KiB | 1.11 MiB/s, done.
Total 78 (delta 55), reused 6 (delta 2)
To ssh://git.
* [new tag] upload/
$ dput ubuntu ../openldap_
Checking signature on .changes
gpg: ../openldap_
Checking signature on .dsc
gpg: ../openldap_
Uploading to ubuntu (via ftp to upload.ubuntu.com):
Uploading openldap_
Uploading openldap_
Uploading openldap_
Uploading openldap_
Successfully uploaded packages.
Andreas Hasenack (ahasenack) wrote : | # |
This migrated.
Preview Diff
1 | diff --git a/debian/apparmor-profile b/debian/apparmor-profile | |||
2 | 0 | new file mode 100644 | 0 | new file mode 100644 |
3 | index 0000000..793fa7b | |||
4 | --- /dev/null | |||
5 | +++ b/debian/apparmor-profile | |||
6 | @@ -0,0 +1,60 @@ | |||
7 | 1 | # vim:syntax=apparmor | ||
8 | 2 | # Last Modified: Fri Jan 4 15:18:13 2008 | ||
9 | 3 | # Author: Jamie Strandboge <jamie@ubuntu.com> | ||
10 | 4 | |||
11 | 5 | #include <tunables/global> | ||
12 | 6 | |||
13 | 7 | /usr/sbin/slapd { | ||
14 | 8 | #include <abstractions/base> | ||
15 | 9 | #include <abstractions/nameservice> | ||
16 | 10 | #include <abstractions/p11-kit> | ||
17 | 11 | |||
18 | 12 | #include <abstractions/ssl_certs> | ||
19 | 13 | /etc/ssl/private/ r, | ||
20 | 14 | /etc/ssl/private/* r, | ||
21 | 15 | |||
22 | 16 | /etc/sasldb2 r, | ||
23 | 17 | |||
24 | 18 | capability dac_override, | ||
25 | 19 | capability net_bind_service, | ||
26 | 20 | capability setgid, | ||
27 | 21 | capability setuid, | ||
28 | 22 | |||
29 | 23 | /etc/gai.conf r, | ||
30 | 24 | /etc/hosts.allow r, | ||
31 | 25 | /etc/hosts.deny r, | ||
32 | 26 | |||
33 | 27 | # ldap files | ||
34 | 28 | /etc/ldap/** kr, | ||
35 | 29 | /etc/ldap/slapd.d/** rw, | ||
36 | 30 | |||
37 | 31 | # kerberos/gssapi | ||
38 | 32 | /dev/tty rw, | ||
39 | 33 | /etc/gss/mech.d/ r, | ||
40 | 34 | /etc/gss/mech.d/* kr, | ||
41 | 35 | /etc/krb5.keytab kr, | ||
42 | 36 | /etc/krb5/user/*/client.keytab kr, | ||
43 | 37 | owner /tmp/krb5cc_* rwk, | ||
44 | 38 | /var/tmp/ rw, | ||
45 | 39 | /var/tmp/** rw, | ||
46 | 40 | |||
47 | 41 | # the databases and logs | ||
48 | 42 | /var/lib/ldap/ r, | ||
49 | 43 | /var/lib/ldap/** rwk, | ||
50 | 44 | |||
51 | 45 | # lock file | ||
52 | 46 | /var/lib/ldap/alock kw, | ||
53 | 47 | |||
54 | 48 | # pid files and sockets | ||
55 | 49 | /{,var/}run/slapd/* w, | ||
56 | 50 | /{,var/}run/slapd/ldapi rw, | ||
57 | 51 | /{,var/}run/nslcd/socket rw, | ||
58 | 52 | |||
59 | 53 | /usr/lib/ldap/ r, | ||
60 | 54 | /usr/lib/ldap/* mr, | ||
61 | 55 | |||
62 | 56 | /usr/sbin/slapd mr, | ||
63 | 57 | |||
64 | 58 | # Site-specific additions and overrides. See local/README for details. | ||
65 | 59 | #include <local/usr.sbin.slapd> | ||
66 | 60 | } | ||
67 | diff --git a/debian/changelog b/debian/changelog | |||
68 | index 7d3dc4c..504f29f 100644 | |||
69 | --- a/debian/changelog | |||
70 | +++ b/debian/changelog | |||
71 | @@ -1,3 +1,69 @@ | |||
72 | 1 | openldap (2.4.50+dfsg-1ubuntu1) groovy; urgency=medium | ||
73 | 2 | |||
74 | 3 | * Merge with Debian unstable. Remaining changes: | ||
75 | 4 | - Enable AppArmor support: | ||
76 | 5 | + d/apparmor-profile: add AppArmor profile | ||
77 | 6 | + d/rules: use dh_apparmor | ||
78 | 7 | + d/control: Build-Depends on dh-apparmor | ||
79 | 8 | + d/slapd.README.Debian: add note about AppArmor | ||
80 | 9 | - Enable GSSAPI support (first added in 2.4.18-0ubuntu2): | ||
81 | 10 | + d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): | ||
82 | 11 | - Add --with-gssapi support | ||
83 | 12 | - Make guess_service_principal() more robust when determining | ||
84 | 13 | principal | ||
85 | 14 | + d/configure.options: Configure with --with-gssapi | ||
86 | 15 | + d/control: Added heimdal-dev as a build depend | ||
87 | 16 | + d/rules: | ||
88 | 17 | - Explicitly add -I/usr/include/heimdal to CFLAGS. | ||
89 | 18 | - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS. | ||
90 | 19 | + d/libldap-2.4-2.symbols: add symbols for GSSAPI support | ||
91 | 20 | This should be dropped when the soname changes. | ||
92 | 21 | - Enable ufw support: | ||
93 | 22 | + d/control: suggest ufw. | ||
94 | 23 | + d/rules: install ufw profile. | ||
95 | 24 | + d/slapd.ufw.profile: add ufw profile. | ||
96 | 25 | - Enable nss overlay: | ||
97 | 26 | + d/rules: | ||
98 | 27 | - add nssov to CONTRIB_MODULES | ||
99 | 28 | - add sysconfdir to CONTRIB_MAKEVARS | ||
100 | 29 | + d/slapd.install: | ||
101 | 30 | - install nssov overlay | ||
102 | 31 | + d/slapd.manpages: | ||
103 | 32 | - install slapo-nssov(5) man page | ||
104 | 33 | + d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding | ||
105 | 34 | Debian bug #919136, we also have to patch the nssov makefile | ||
106 | 35 | accordingly and thus update this patch. | ||
107 | 36 | - d/{rules,slapd.py}: Add apport hook. | ||
108 | 37 | - d/slapd.scripts-common: | ||
109 | 38 | + add slapcat_opts to local variables. | ||
110 | 39 | + Fix backup directory naming for multiple reconfiguration. | ||
111 | 40 | - d/{slapd.default,slapd.README.Debian}: use the new configuration style. | ||
112 | 41 | - Add support for CLDAP (UDP) support, back then required by | ||
113 | 42 | likewise-open (first enabled in 2.4.17-1ubuntu2): | ||
114 | 43 | + d/rules: Enable -DLDAP_CONNECTIONLESS | ||
115 | 44 | + d/libldap-2.4-2.symbols: add symbols for CLDAP (UDP) | ||
116 | 45 | This should be dropped when the soname changes. | ||
117 | 46 | - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because | ||
118 | 47 | of test timing issue. | ||
119 | 48 | * Dropped: | ||
120 | 49 | - d/slapd.init.ldif: don't set olcRootDN since it's not defined in | ||
121 | 50 | either the default DIT nor via an Authn mapping. | ||
122 | 51 | [Not worth keeping a delta for, as having olcRootDN doesn't hurt] | ||
123 | 52 | - Show distribution in version: | ||
124 | 53 | - d/control: added lsb-release | ||
125 | 54 | - d/patches/fix-ldap-distribution.patch: show distribution in version | ||
126 | 55 | [Debian now shows the full package version] | ||
127 | 56 | - SECURITY UPDATE: denial of service via nested search filters | ||
128 | 57 | + debian/patches/CVE-2020-12243.patch: limit depth of nested | ||
129 | 58 | filters in servers/slapd/filter.c. | ||
130 | 59 | [Fixed upstream] | ||
131 | 60 | * Added: | ||
132 | 61 | - d/rules, debian/patches/set-maintainer-name: Extract maintainer | ||
133 | 62 | address dynamically from debian/control. Thanks to Ryan Tandy | ||
134 | 63 | <ryan@nardis.ca> (Closes: #960448, LP: #1875697) | ||
135 | 64 | |||
136 | 65 | -- Andreas Hasenack <andreas@canonical.com> Mon, 01 Jun 2020 09:19:58 -0300 | ||
137 | 66 | |||
138 | 1 | openldap (2.4.50+dfsg-1) unstable; urgency=medium | 67 | openldap (2.4.50+dfsg-1) unstable; urgency=medium |
139 | 2 | 68 | ||
140 | 3 | * New upstream release. | 69 | * New upstream release. |
141 | @@ -40,6 +106,69 @@ openldap (2.4.49+dfsg-3) unstable; urgency=medium | |||
142 | 40 | 106 | ||
143 | 41 | -- Ryan Tandy <ryan@nardis.ca> Sat, 04 Apr 2020 10:43:56 -0700 | 107 | -- Ryan Tandy <ryan@nardis.ca> Sat, 04 Apr 2020 10:43:56 -0700 |
144 | 42 | 108 | ||
145 | 109 | openldap (2.4.49+dfsg-2ubuntu2) groovy; urgency=medium | ||
146 | 110 | |||
147 | 111 | * SECURITY UPDATE: denial of service via nested search filters | ||
148 | 112 | - debian/patches/CVE-2020-12243.patch: limit depth of nested filters in | ||
149 | 113 | servers/slapd/filter.c. | ||
150 | 114 | - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because of | ||
151 | 115 | test timing issue. | ||
152 | 116 | - CVE-2020-12243 | ||
153 | 117 | |||
154 | 118 | -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 01 May 2020 13:09:12 -0400 | ||
155 | 119 | |||
156 | 120 | openldap (2.4.49+dfsg-2ubuntu1) focal; urgency=medium | ||
157 | 121 | |||
158 | 122 | * Merge with Debian unstable (LP: #1866303). Remaining changes: | ||
159 | 123 | - Enable AppArmor support: | ||
160 | 124 | - d/apparmor-profile: add AppArmor profile | ||
161 | 125 | - d/rules: use dh_apparmor | ||
162 | 126 | - d/control: Build-Depends on dh-apparmor | ||
163 | 127 | - d/slapd.README.Debian: add note about AppArmor | ||
164 | 128 | - Enable GSSAPI support: | ||
165 | 129 | - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): | ||
166 | 130 | - Add --with-gssapi support | ||
167 | 131 | - Make guess_service_principal() more robust when determining | ||
168 | 132 | principal | ||
169 | 133 | [Dropped the ldap_gssapi_bind_s() hunk as that is already | ||
170 | 134 | - d/configure.options: Configure with --with-gssapi | ||
171 | 135 | - d/control: Added heimdal-dev as a build depend | ||
172 | 136 | - d/rules: | ||
173 | 137 | - Explicitly add -I/usr/include/heimdal to CFLAGS. | ||
174 | 138 | - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS. | ||
175 | 139 | - Enable ufw support: | ||
176 | 140 | - d/control: suggest ufw. | ||
177 | 141 | - d/rules: install ufw profile. | ||
178 | 142 | - d/slapd.ufw.profile: add ufw profile. | ||
179 | 143 | - Enable nss overlay: | ||
180 | 144 | - d/rules: | ||
181 | 145 | - add nssov to CONTRIB_MODULES | ||
182 | 146 | - add sysconfdir to CONTRIB_MAKEVARS | ||
183 | 147 | - d/slapd.install: | ||
184 | 148 | - install nssov overlay | ||
185 | 149 | - d/slapd.manpages: | ||
186 | 150 | - install slapo-nssov(5) man page | ||
187 | 151 | - d/{rules,slapd.py}: Add apport hook. | ||
188 | 152 | - d/slapd.init.ldif: don't set olcRootDN since it's not defined in | ||
189 | 153 | either the default DIT nor via an Authn mapping. | ||
190 | 154 | - d/slapd.scripts-common: | ||
191 | 155 | - add slapcat_opts to local variables. | ||
192 | 156 | - Fix backup directory naming for multiple reconfiguration. | ||
193 | 157 | - d/{slapd.default,slapd.README.Debian}: use the new configuration style. | ||
194 | 158 | - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support | ||
195 | 159 | in the openldap library, as required by Likewise-Open | ||
196 | 160 | - Show distribution in version: | ||
197 | 161 | - d/control: added lsb-release | ||
198 | 162 | - d/patches/fix-ldap-distribution.patch: show distribution in version | ||
199 | 163 | - d/libldap-2.4-2.symbols: Add symbols not present in Debian. | ||
200 | 164 | - CLDAP (UDP) was added in 2.4.17-1ubuntu2 | ||
201 | 165 | - GSSAPI support was enabled in 2.4.18-0ubuntu2 | ||
202 | 166 | - d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding | ||
203 | 167 | Debian bug #919136, we also have to patch the nssov makefile | ||
204 | 168 | accordingly and thus update this patch. | ||
205 | 169 | |||
206 | 170 | -- Andreas Hasenack <andreas@canonical.com> Fri, 06 Mar 2020 11:39:12 -0300 | ||
207 | 171 | |||
208 | 43 | openldap (2.4.49+dfsg-2) unstable; urgency=medium | 172 | openldap (2.4.49+dfsg-2) unstable; urgency=medium |
209 | 44 | 173 | ||
210 | 45 | * slapd.README.Debian: Document the initial setup performed by slapd's | 174 | * slapd.README.Debian: Document the initial setup performed by slapd's |
211 | @@ -51,6 +180,62 @@ openldap (2.4.49+dfsg-2) unstable; urgency=medium | |||
212 | 51 | 180 | ||
213 | 52 | -- Ryan Tandy <ryan@nardis.ca> Thu, 05 Mar 2020 12:59:46 -0800 | 181 | -- Ryan Tandy <ryan@nardis.ca> Thu, 05 Mar 2020 12:59:46 -0800 |
214 | 53 | 182 | ||
215 | 183 | openldap (2.4.49+dfsg-1ubuntu1) focal; urgency=medium | ||
216 | 184 | |||
217 | 185 | * Merge with Debian unstable. Remaining changes: | ||
218 | 186 | - Enable AppArmor support: | ||
219 | 187 | - d/apparmor-profile: add AppArmor profile | ||
220 | 188 | - d/rules: use dh_apparmor | ||
221 | 189 | - d/control: Build-Depends on dh-apparmor | ||
222 | 190 | - d/slapd.README.Debian: add note about AppArmor | ||
223 | 191 | - Enable GSSAPI support: | ||
224 | 192 | - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): | ||
225 | 193 | - Add --with-gssapi support | ||
226 | 194 | - Make guess_service_principal() more robust when determining | ||
227 | 195 | principal | ||
228 | 196 | [Dropped the ldap_gssapi_bind_s() hunk as that is already | ||
229 | 197 | - d/configure.options: Configure with --with-gssapi | ||
230 | 198 | - d/control: Added heimdal-dev as a build depend | ||
231 | 199 | - d/rules: | ||
232 | 200 | - Explicitly add -I/usr/include/heimdal to CFLAGS. | ||
233 | 201 | - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS. | ||
234 | 202 | - Enable ufw support: | ||
235 | 203 | - d/control: suggest ufw. | ||
236 | 204 | - d/rules: install ufw profile. | ||
237 | 205 | - d/slapd.ufw.profile: add ufw profile. | ||
238 | 206 | - Enable nss overlay: | ||
239 | 207 | - d/rules: | ||
240 | 208 | - add nssov to CONTRIB_MODULES | ||
241 | 209 | - add sysconfdir to CONTRIB_MAKEVARS | ||
242 | 210 | - d/slapd.install: | ||
243 | 211 | - install nssov overlay | ||
244 | 212 | - d/slapd.manpages: | ||
245 | 213 | - install slapo-nssov(5) man page | ||
246 | 214 | - d/{rules,slapd.py}: Add apport hook. | ||
247 | 215 | - d/slapd.init.ldif: don't set olcRootDN since it's not defined in | ||
248 | 216 | either the default DIT nor via an Authn mapping. | ||
249 | 217 | - d/slapd.scripts-common: | ||
250 | 218 | - add slapcat_opts to local variables. | ||
251 | 219 | - Fix backup directory naming for multiple reconfiguration. | ||
252 | 220 | - d/{slapd.default,slapd.README.Debian}: use the new configuration style. | ||
253 | 221 | - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support | ||
254 | 222 | in the openldap library, as required by Likewise-Open | ||
255 | 223 | - Show distribution in version: | ||
256 | 224 | - d/control: added lsb-release | ||
257 | 225 | - d/patches/fix-ldap-distribution.patch: show distribution in version | ||
258 | 226 | - d/libldap-2.4-2.symbols: Add symbols not present in Debian. | ||
259 | 227 | - CLDAP (UDP) was added in 2.4.17-1ubuntu2 | ||
260 | 228 | - GSSAPI support was enabled in 2.4.18-0ubuntu2 | ||
261 | 229 | - d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding | ||
262 | 230 | Debian bug #919136, we also have to patch the nssov makefile | ||
263 | 231 | accordingly and thus update this patch. | ||
264 | 232 | * Dropped: | ||
265 | 233 | - d/control: slapd can depend on perl:any since it only uses perl for | ||
266 | 234 | some maintainer and helper scripts. | ||
267 | 235 | [In 2.4.49+dfsg-1] | ||
268 | 236 | |||
269 | 237 | -- Andreas Hasenack <andreas@canonical.com> Mon, 10 Feb 2020 12:13:47 -0300 | ||
270 | 238 | |||
271 | 54 | openldap (2.4.49+dfsg-1) unstable; urgency=medium | 239 | openldap (2.4.49+dfsg-1) unstable; urgency=medium |
272 | 55 | 240 | ||
273 | 56 | * New upstream release. | 241 | * New upstream release. |
274 | @@ -79,6 +264,102 @@ openldap (2.4.49+dfsg-1) unstable; urgency=medium | |||
275 | 79 | 264 | ||
276 | 80 | -- Ryan Tandy <ryan@nardis.ca> Thu, 06 Feb 2020 10:08:12 -0800 | 265 | -- Ryan Tandy <ryan@nardis.ca> Thu, 06 Feb 2020 10:08:12 -0800 |
277 | 81 | 266 | ||
278 | 267 | openldap (2.4.48+dfsg-1ubuntu4) focal; urgency=medium | ||
279 | 268 | |||
280 | 269 | * d/control: slapd can depend on perl:any since it only uses perl for | ||
281 | 270 | some maintainer and helper scripts. The perl backend links against | ||
282 | 271 | the correct architecture perl libraries already. Can be dropped | ||
283 | 272 | after https://salsa.debian.org/openldap-team/openldap/commit/794c736 | ||
284 | 273 | is in a Debian upload. | ||
285 | 274 | |||
286 | 275 | -- Andreas Hasenack <andreas@canonical.com> Mon, 06 Jan 2020 16:46:11 -0300 | ||
287 | 276 | |||
288 | 277 | openldap (2.4.48+dfsg-1ubuntu3) focal; urgency=medium | ||
289 | 278 | |||
290 | 279 | * No-change rebuild against libnettle7 | ||
291 | 280 | |||
292 | 281 | -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 31 Oct 2019 22:13:44 +0000 | ||
293 | 282 | |||
294 | 283 | openldap (2.4.48+dfsg-1ubuntu2) focal; urgency=medium | ||
295 | 284 | |||
296 | 285 | * No-change rebuild for the perl update. | ||
297 | 286 | |||
298 | 287 | -- Matthias Klose <doko@ubuntu.com> Fri, 18 Oct 2019 19:37:23 +0000 | ||
299 | 288 | |||
300 | 289 | openldap (2.4.48+dfsg-1ubuntu1) eoan; urgency=medium | ||
301 | 290 | |||
302 | 291 | * Merge with Debian unstable. Remaining changes: | ||
303 | 292 | - Enable AppArmor support: | ||
304 | 293 | - d/apparmor-profile: add AppArmor profile | ||
305 | 294 | - d/rules: use dh_apparmor | ||
306 | 295 | - d/control: Build-Depends on dh-apparmor | ||
307 | 296 | - d/slapd.README.Debian: add note about AppArmor | ||
308 | 297 | - Enable GSSAPI support: | ||
309 | 298 | - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): | ||
310 | 299 | - Add --with-gssapi support | ||
311 | 300 | - Make guess_service_principal() more robust when determining | ||
312 | 301 | principal | ||
313 | 302 | - d/configure.options: Configure with --with-gssapi | ||
314 | 303 | - d/control: Added heimdal-dev as a build depend | ||
315 | 304 | - d/rules: | ||
316 | 305 | - Explicitly add -I/usr/include/heimdal to CFLAGS. | ||
317 | 306 | - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS. | ||
318 | 307 | - Enable ufw support: | ||
319 | 308 | - d/control: suggest ufw. | ||
320 | 309 | - d/rules: install ufw profile. | ||
321 | 310 | - d/slapd.ufw.profile: add ufw profile. | ||
322 | 311 | - Enable nss overlay: | ||
323 | 312 | - d/rules: | ||
324 | 313 | - add nssov to CONTRIB_MODULES | ||
325 | 314 | - add sysconfdir to CONTRIB_MAKEVARS | ||
326 | 315 | - d/slapd.install: | ||
327 | 316 | - install nssov overlay | ||
328 | 317 | - d/slapd.manpages: | ||
329 | 318 | - install slapo-nssov(5) man page | ||
330 | 319 | - d/{rules,slapd.py}: Add apport hook. | ||
331 | 320 | - d/slapd.init.ldif: don't set olcRootDN since it's not defined in | ||
332 | 321 | either the default DIT nor via an Authn mapping. | ||
333 | 322 | - d/slapd.scripts-common: | ||
334 | 323 | - add slapcat_opts to local variables. | ||
335 | 324 | - Fix backup directory naming for multiple reconfiguration. | ||
336 | 325 | - d/{slapd.default,slapd.README.Debian}: use the new configuration style. | ||
337 | 326 | - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support | ||
338 | 327 | in the openldap library, as required by Likewise-Open | ||
339 | 328 | - Show distribution in version: | ||
340 | 329 | - d/control: added lsb-release | ||
341 | 330 | - d/patches/fix-ldap-distribution.patch: show distribution in version | ||
342 | 331 | - d/libldap-2.4-2.symbols: Add symbols not present in Debian. | ||
343 | 332 | - CLDAP (UDP) was added in 2.4.17-1ubuntu2 | ||
344 | 333 | - GSSAPI support was enabled in 2.4.18-0ubuntu2 | ||
345 | 334 | - d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding | ||
346 | 335 | Debian bug #919136, we also have to patch the nssov makefile | ||
347 | 336 | accordingly and thus update this patch. | ||
348 | 337 | * Dropped: | ||
349 | 338 | - Fix sysv-generator unit file by customizing parameters (LP #1821343) | ||
350 | 339 | + d/slapd-remain-after-exit.conf: Override RemainAfterExit to allow | ||
351 | 340 | correct systemctl status for slapd daemon. | ||
352 | 341 | + d/slapd.install: place override file in correct location. | ||
353 | 342 | [Included in 2.4.48+dfsg-1] | ||
354 | 343 | - SECURITY UPDATE: rootDN proxyauthz not restricted to its own databases | ||
355 | 344 | + debian/patches/CVE-2019-13057-1.patch: add restriction to | ||
356 | 345 | servers/slapd/saslauthz.c. | ||
357 | 346 | + debian/patches/CVE-2019-13057-2.patch: add tests to | ||
358 | 347 | tests/data/idassert.out, tests/data/slapd-idassert.conf, | ||
359 | 348 | tests/data/test-idassert1.ldif, tests/scripts/test028-idassert. | ||
360 | 349 | + debian/patches/CVE-2019-13057-3.patch: fix typo in | ||
361 | 350 | tests/scripts/test028-idassert. | ||
362 | 351 | + debian/patches/CVE-2019-13057-4.patch: fix typo in | ||
363 | 352 | tests/scripts/test028-idassert. | ||
364 | 353 | + CVE-2019-13057 | ||
365 | 354 | [Fixed upstream] | ||
366 | 355 | - SECURITY UPDATE: SASL SSF not initialized per connection | ||
367 | 356 | + debian/patches/CVE-2019-13565.patch: zero out sasl_ssf in | ||
368 | 357 | connection_init in servers/slapd/connection.c. | ||
369 | 358 | + CVE-2019-13565 | ||
370 | 359 | [Fixed upstream] | ||
371 | 360 | |||
372 | 361 | -- Andreas Hasenack <andreas@canonical.com> Wed, 31 Jul 2019 18:01:14 -0300 | ||
373 | 362 | |||
374 | 82 | openldap (2.4.48+dfsg-1) unstable; urgency=medium | 363 | openldap (2.4.48+dfsg-1) unstable; urgency=medium |
375 | 83 | 364 | ||
376 | 84 | * New upstream release. | 365 | * New upstream release. |
377 | @@ -106,6 +387,87 @@ openldap (2.4.48+dfsg-1) unstable; urgency=medium | |||
378 | 106 | 387 | ||
379 | 107 | -- Ryan Tandy <ryan@nardis.ca> Thu, 25 Jul 2019 08:32:00 -0700 | 388 | -- Ryan Tandy <ryan@nardis.ca> Thu, 25 Jul 2019 08:32:00 -0700 |
380 | 108 | 389 | ||
381 | 390 | openldap (2.4.47+dfsg-3ubuntu3) eoan; urgency=medium | ||
382 | 391 | |||
383 | 392 | * SECURITY UPDATE: rootDN proxyauthz not restricted to its own databases | ||
384 | 393 | - debian/patches/CVE-2019-13057-1.patch: add restriction to | ||
385 | 394 | servers/slapd/saslauthz.c. | ||
386 | 395 | - debian/patches/CVE-2019-13057-2.patch: add tests to | ||
387 | 396 | tests/data/idassert.out, tests/data/slapd-idassert.conf, | ||
388 | 397 | tests/data/test-idassert1.ldif, tests/scripts/test028-idassert. | ||
389 | 398 | - debian/patches/CVE-2019-13057-3.patch: fix typo in | ||
390 | 399 | tests/scripts/test028-idassert. | ||
391 | 400 | - debian/patches/CVE-2019-13057-4.patch: fix typo in | ||
392 | 401 | tests/scripts/test028-idassert. | ||
393 | 402 | - CVE-2019-13057 | ||
394 | 403 | * SECURITY UPDATE: SASL SSF not initialized per connection | ||
395 | 404 | - debian/patches/CVE-2019-13565.patch: zero out sasl_ssf in | ||
396 | 405 | connection_init in servers/slapd/connection.c. | ||
397 | 406 | - CVE-2019-13565 | ||
398 | 407 | |||
399 | 408 | -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 26 Jul 2019 13:21:00 -0400 | ||
400 | 409 | |||
401 | 410 | openldap (2.4.47+dfsg-3ubuntu2) disco; urgency=medium | ||
402 | 411 | |||
403 | 412 | * Fix sysv-generator unit file by customizing parameters (LP: #1821343) | ||
404 | 413 | - d/slapd-remain-after-exit.conf: Override RemainAfterExit to allow | ||
405 | 414 | correct systemctl status for slapd daemon. | ||
406 | 415 | - d/slapd.install: place override file in correct location. | ||
407 | 416 | |||
408 | 417 | -- Heitor Alves de Siqueira <halves@canonical.com> Mon, 08 Apr 2019 12:39:12 -0300 | ||
409 | 418 | |||
410 | 419 | openldap (2.4.47+dfsg-3ubuntu1) disco; urgency=medium | ||
411 | 420 | |||
412 | 421 | * Merge with Debian unstable. Remaining changes: | ||
413 | 422 | - Enable AppArmor support: | ||
414 | 423 | - d/apparmor-profile: add AppArmor profile | ||
415 | 424 | - d/rules: use dh_apparmor | ||
416 | 425 | - d/control: Build-Depends on dh-apparmor | ||
417 | 426 | - d/slapd.README.Debian: add note about AppArmor | ||
418 | 427 | - Enable GSSAPI support: | ||
419 | 428 | - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): | ||
420 | 429 | - Add --with-gssapi support | ||
421 | 430 | - Make guess_service_principal() more robust when determining | ||
422 | 431 | principal | ||
423 | 432 | - d/configure.options: Configure with --with-gssapi | ||
424 | 433 | - d/control: Added heimdal-dev as a build depend | ||
425 | 434 | - d/rules: | ||
426 | 435 | - Explicitly add -I/usr/include/heimdal to CFLAGS. | ||
427 | 436 | - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS. | ||
428 | 437 | - Enable ufw support: | ||
429 | 438 | - d/control: suggest ufw. | ||
430 | 439 | - d/rules: install ufw profile. | ||
431 | 440 | - d/slapd.ufw.profile: add ufw profile. | ||
432 | 441 | - Enable nss overlay: | ||
433 | 442 | - d/rules: | ||
434 | 443 | - add nssov to CONTRIB_MODULES | ||
435 | 444 | - add sysconfdir to CONTRIB_MAKEVARS | ||
436 | 445 | - d/slapd.install: | ||
437 | 446 | - install nssov overlay | ||
438 | 447 | - d/slapd.manpages: | ||
439 | 448 | - install slapo-nssov(5) man page | ||
440 | 449 | - d/{rules,slapd.py}: Add apport hook. | ||
441 | 450 | - d/slapd.init.ldif: don't set olcRootDN since it's not defined in | ||
442 | 451 | either the default DIT nor via an Authn mapping. | ||
443 | 452 | - d/slapd.scripts-common: | ||
444 | 453 | - add slapcat_opts to local variables. | ||
445 | 454 | - Fix backup directory naming for multiple reconfiguration. | ||
446 | 455 | - d/{slapd.default,slapd.README.Debian}: use the new configuration style. | ||
447 | 456 | - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support | ||
448 | 457 | in the openldap library, as required by Likewise-Open | ||
449 | 458 | - Show distribution in version: | ||
450 | 459 | - d/control: added lsb-release | ||
451 | 460 | - d/patches/fix-ldap-distribution.patch: show distribution in version | ||
452 | 461 | - d/libldap-2.4-2.symbols: Add symbols not present in Debian. | ||
453 | 462 | - CLDAP (UDP) was added in 2.4.17-1ubuntu2 | ||
454 | 463 | - GSSAPI support was enabled in 2.4.18-0ubuntu2 | ||
455 | 464 | * Added changes: | ||
456 | 465 | - d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding | ||
457 | 466 | Debian bug #919136, we also have to patch the nssov makefile | ||
458 | 467 | accordingly and thus update this patch. | ||
459 | 468 | |||
460 | 469 | -- Andreas Hasenack <andreas@canonical.com> Mon, 11 Feb 2019 09:20:47 -0200 | ||
461 | 470 | |||
462 | 109 | openldap (2.4.47+dfsg-3) unstable; urgency=medium | 471 | openldap (2.4.47+dfsg-3) unstable; urgency=medium |
463 | 110 | 472 | ||
464 | 111 | * Restore patches to contrib Makefiles to set CFLAGS, CPPFLAGS, and LDFLAGS | 473 | * Restore patches to contrib Makefiles to set CFLAGS, CPPFLAGS, and LDFLAGS |
465 | @@ -121,6 +483,63 @@ openldap (2.4.47+dfsg-3) unstable; urgency=medium | |||
466 | 121 | 483 | ||
467 | 122 | -- Ryan Tandy <ryan@nardis.ca> Sat, 02 Feb 2019 10:30:10 -0800 | 484 | -- Ryan Tandy <ryan@nardis.ca> Sat, 02 Feb 2019 10:30:10 -0800 |
468 | 123 | 485 | ||
469 | 486 | openldap (2.4.47+dfsg-2ubuntu1) disco; urgency=medium | ||
470 | 487 | |||
471 | 488 | * Merge from Debian unstable (LP: #1811630). Remaining changes: | ||
472 | 489 | - Enable AppArmor support: | ||
473 | 490 | - d/apparmor-profile: add AppArmor profile | ||
474 | 491 | - d/rules: use dh_apparmor | ||
475 | 492 | - d/control: Build-Depends on dh-apparmor | ||
476 | 493 | - d/slapd.README.Debian: add note about AppArmor | ||
477 | 494 | - Enable GSSAPI support: | ||
478 | 495 | - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): | ||
479 | 496 | - Add --with-gssapi support | ||
480 | 497 | - Make guess_service_principal() more robust when determining | ||
481 | 498 | principal | ||
482 | 499 | - d/configure.options: Configure with --with-gssapi | ||
483 | 500 | - d/control: Added heimdal-dev as a build depend | ||
484 | 501 | - d/rules: | ||
485 | 502 | - Explicitly add -I/usr/include/heimdal to CFLAGS. | ||
486 | 503 | - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS. | ||
487 | 504 | - Enable ufw support: | ||
488 | 505 | - d/control: suggest ufw. | ||
489 | 506 | - d/rules: install ufw profile. | ||
490 | 507 | - d/slapd.ufw.profile: add ufw profile. | ||
491 | 508 | - Enable nss overlay: | ||
492 | 509 | - d/rules: | ||
493 | 510 | - add nssov to CONTRIB_MODULES | ||
494 | 511 | - add sysconfdir to CONTRIB_MAKEVARS | ||
495 | 512 | - d/slapd.install: | ||
496 | 513 | - install nssov overlay | ||
497 | 514 | - d/slapd.manpages: | ||
498 | 515 | - install slapo-nssov(5) man page | ||
499 | 516 | - d/{rules,slapd.py}: Add apport hook. | ||
500 | 517 | - d/slapd.init.ldif: don't set olcRootDN since it's not defined in | ||
501 | 518 | either the default DIT nor via an Authn mapping. | ||
502 | 519 | - d/slapd.scripts-common: | ||
503 | 520 | - add slapcat_opts to local variables. | ||
504 | 521 | - Fix backup directory naming for multiple reconfiguration. | ||
505 | 522 | - d/{slapd.default,slapd.README.Debian}: use the new configuration style. | ||
506 | 523 | - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support | ||
507 | 524 | in the openldap library, as required by Likewise-Open | ||
508 | 525 | - Show distribution in version: | ||
509 | 526 | - d/control: added lsb-release | ||
510 | 527 | - d/patches/fix-ldap-distribution.patch: show distribution in version | ||
511 | 528 | - d/libldap-2.4-2.symbols: Add symbols not present in Debian. | ||
512 | 529 | - CLDAP (UDP) was added in 2.4.17-1ubuntu2 | ||
513 | 530 | - GSSAPI support was enabled in 2.4.18-0ubuntu2 | ||
514 | 531 | * Update nssov build and packaging for Debian changes: | ||
515 | 532 | - Drop patch nssov-build | ||
516 | 533 | - d/rules: | ||
517 | 534 | - add nssov to CONTRIB_MODULES | ||
518 | 535 | - add sysconfdir to CONTRIB_MAKEVARS | ||
519 | 536 | - d/slapd.install: | ||
520 | 537 | - install nssov overlay | ||
521 | 538 | - d/slapd.manpages: | ||
522 | 539 | - install slapo-nssov(5) man page | ||
523 | 540 | |||
524 | 541 | -- Ryan Tandy <ryan@nardis.ca> Sun, 13 Jan 2019 04:47:09 +0000 | ||
525 | 542 | |||
526 | 124 | openldap (2.4.47+dfsg-2) unstable; urgency=medium | 543 | openldap (2.4.47+dfsg-2) unstable; urgency=medium |
527 | 125 | 544 | ||
528 | 126 | * Reintroduce slapi-dev binary package. (Closes: #711469) | 545 | * Reintroduce slapi-dev binary package. (Closes: #711469) |
529 | @@ -158,6 +577,63 @@ openldap (2.4.47+dfsg-1) unstable; urgency=medium | |||
530 | 158 | 577 | ||
531 | 159 | -- Ryan Tandy <ryan@nardis.ca> Sun, 23 Dec 2018 12:50:40 -0800 | 578 | -- Ryan Tandy <ryan@nardis.ca> Sun, 23 Dec 2018 12:50:40 -0800 |
532 | 160 | 579 | ||
533 | 580 | openldap (2.4.46+dfsg-5ubuntu3) disco; urgency=medium | ||
534 | 581 | |||
535 | 582 | * d/apparmor-profile: update apparmor profile to allow reading of | ||
536 | 583 | files needed when slapd is behaving as a kerberos/gssapi client | ||
537 | 584 | and acquiring its own ticket. (LP: #1783183) | ||
538 | 585 | |||
539 | 586 | -- Andreas Hasenack <andreas@canonical.com> Fri, 09 Nov 2018 21:29:51 -0200 | ||
540 | 587 | |||
541 | 588 | openldap (2.4.46+dfsg-5ubuntu2) disco; urgency=medium | ||
542 | 589 | |||
543 | 590 | * No-change rebuild for the perl 5.28 transition. | ||
544 | 591 | |||
545 | 592 | -- Adam Conrad <adconrad@ubuntu.com> Fri, 02 Nov 2018 18:14:37 -0600 | ||
546 | 593 | |||
547 | 594 | openldap (2.4.46+dfsg-5ubuntu1) cosmic; urgency=medium | ||
548 | 595 | |||
549 | 596 | * Merge from Debian unstable. Remaining changes: | ||
550 | 597 | - Enable AppArmor support: | ||
551 | 598 | - d/apparmor-profile: add AppArmor profile | ||
552 | 599 | - d/rules: use dh_apparmor | ||
553 | 600 | - d/control: Build-Depends on dh-apparmor | ||
554 | 601 | - d/slapd.README.Debian: add note about AppArmor | ||
555 | 602 | - Enable GSSAPI support: | ||
556 | 603 | - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): | ||
557 | 604 | - Add --with-gssapi support | ||
558 | 605 | - Make guess_service_principal() more robust when determining | ||
559 | 606 | principal | ||
560 | 607 | - d/configure.options: Configure with --with-gssapi | ||
561 | 608 | - d/control: Added heimdal-dev as a build depend | ||
562 | 609 | - d/rules: | ||
563 | 610 | - Explicitly add -I/usr/include/heimdal to CFLAGS. | ||
564 | 611 | - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS. | ||
565 | 612 | - Enable ufw support: | ||
566 | 613 | - d/control: suggest ufw. | ||
567 | 614 | - d/rules: install ufw profile. | ||
568 | 615 | - d/slapd.ufw.profile: add ufw profile. | ||
569 | 616 | - Enable nss overlay: | ||
570 | 617 | - d/{patches/nssov-build,rules}: Apply, build and package the | ||
571 | 618 | nss overlay. | ||
572 | 619 | - d/{rules,slapd.py}: Add apport hook. | ||
573 | 620 | - d/slapd.init.ldif: don't set olcRootDN since it's not defined in | ||
574 | 621 | either the default DIT nor via an Authn mapping. | ||
575 | 622 | - d/slapd.scripts-common: | ||
576 | 623 | - add slapcat_opts to local variables. | ||
577 | 624 | - Fix backup directory naming for multiple reconfiguration. | ||
578 | 625 | - d/{slapd.default,slapd.README.Debian}: use the new configuration style. | ||
579 | 626 | - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support | ||
580 | 627 | in the openldap library, as required by Likewise-Open | ||
581 | 628 | - Show distribution in version: | ||
582 | 629 | - d/control: added lsb-release | ||
583 | 630 | - d/patches/fix-ldap-distribution.patch: show distribution in version | ||
584 | 631 | - d/libldap-2.4-2.symbols: Add symbols not present in Debian. | ||
585 | 632 | - CLDAP (UDP) was added in 2.4.17-1ubuntu2 | ||
586 | 633 | - GSSAPI support was enabled in 2.4.18-0ubuntu2 | ||
587 | 634 | |||
588 | 635 | -- Gianfranco Costamagna <locutusofborg@debian.org> Wed, 09 May 2018 13:44:37 +0200 | ||
589 | 636 | |||
590 | 161 | openldap (2.4.46+dfsg-5) unstable; urgency=medium | 637 | openldap (2.4.46+dfsg-5) unstable; urgency=medium |
591 | 162 | 638 | ||
592 | 163 | * Restore slapd-smbk5pwd now that libldap is installable in unstable. | 639 | * Restore slapd-smbk5pwd now that libldap is installable in unstable. |
593 | @@ -177,6 +653,49 @@ openldap (2.4.46+dfsg-3) unstable; urgency=medium | |||
594 | 177 | 653 | ||
595 | 178 | -- Ryan Tandy <ryan@nardis.ca> Fri, 04 May 2018 07:36:58 -0700 | 654 | -- Ryan Tandy <ryan@nardis.ca> Fri, 04 May 2018 07:36:58 -0700 |
596 | 179 | 655 | ||
597 | 656 | openldap (2.4.46+dfsg-2ubuntu1) cosmic; urgency=low | ||
598 | 657 | |||
599 | 658 | * Merge from Debian unstable. Remaining changes: | ||
600 | 659 | - Enable AppArmor support: | ||
601 | 660 | - d/apparmor-profile: add AppArmor profile | ||
602 | 661 | - d/rules: use dh_apparmor | ||
603 | 662 | - d/control: Build-Depends on dh-apparmor | ||
604 | 663 | - d/slapd.README.Debian: add note about AppArmor | ||
605 | 664 | - Enable GSSAPI support: | ||
606 | 665 | - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): | ||
607 | 666 | - Add --with-gssapi support | ||
608 | 667 | - Make guess_service_principal() more robust when determining | ||
609 | 668 | principal | ||
610 | 669 | - d/configure.options: Configure with --with-gssapi | ||
611 | 670 | - d/control: Added heimdal-dev as a build depend | ||
612 | 671 | - d/rules: | ||
613 | 672 | - Explicitly add -I/usr/include/heimdal to CFLAGS. | ||
614 | 673 | - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS. | ||
615 | 674 | - Enable ufw support: | ||
616 | 675 | - d/control: suggest ufw. | ||
617 | 676 | - d/rules: install ufw profile. | ||
618 | 677 | - d/slapd.ufw.profile: add ufw profile. | ||
619 | 678 | - Enable nss overlay: | ||
620 | 679 | - d/{patches/nssov-build,rules}: Apply, build and package the | ||
621 | 680 | nss overlay. | ||
622 | 681 | - d/{rules,slapd.py}: Add apport hook. | ||
623 | 682 | - d/slapd.init.ldif: don't set olcRootDN since it's not defined in | ||
624 | 683 | either the default DIT nor via an Authn mapping. | ||
625 | 684 | - d/slapd.scripts-common: | ||
626 | 685 | - add slapcat_opts to local variables. | ||
627 | 686 | - Fix backup directory naming for multiple reconfiguration. | ||
628 | 687 | - d/{slapd.default,slapd.README.Debian}: use the new configuration style. | ||
629 | 688 | - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support | ||
630 | 689 | in the openldap library, as required by Likewise-Open | ||
631 | 690 | - Show distribution in version: | ||
632 | 691 | - d/control: added lsb-release | ||
633 | 692 | - d/patches/fix-ldap-distribution.patch: show distribution in version | ||
634 | 693 | - d/libldap-2.4-2.symbols: Add symbols not present in Debian. | ||
635 | 694 | - CLDAP (UDP) was added in 2.4.17-1ubuntu2 | ||
636 | 695 | - GSSAPI support was enabled in 2.4.18-0ubuntu2 | ||
637 | 696 | |||
638 | 697 | -- Gianfranco Costamagna <locutusofborg@debian.org> Fri, 04 May 2018 10:19:24 +0200 | ||
639 | 698 | |||
640 | 180 | openldap (2.4.46+dfsg-2) unstable; urgency=medium | 699 | openldap (2.4.46+dfsg-2) unstable; urgency=medium |
641 | 181 | 700 | ||
642 | 182 | * Remove version constraint from libldap-2.4-2 dependency on libldap-common. | 701 | * Remove version constraint from libldap-2.4-2 dependency on libldap-common. |
643 | @@ -206,6 +725,49 @@ openldap (2.4.46+dfsg-1) unstable; urgency=medium | |||
644 | 206 | 725 | ||
645 | 207 | -- Ryan Tandy <ryan@nardis.ca> Thu, 03 May 2018 07:03:30 -0700 | 726 | -- Ryan Tandy <ryan@nardis.ca> Thu, 03 May 2018 07:03:30 -0700 |
646 | 208 | 727 | ||
647 | 728 | openldap (2.4.45+dfsg-1ubuntu1) artful; urgency=low | ||
648 | 729 | |||
649 | 730 | * Merge from Debian unstable. Remaining changes: | ||
650 | 731 | - Enable AppArmor support: | ||
651 | 732 | - d/apparmor-profile: add AppArmor profile | ||
652 | 733 | - d/rules: use dh_apparmor | ||
653 | 734 | - d/control: Build-Depends on dh-apparmor | ||
654 | 735 | - d/slapd.README.Debian: add note about AppArmor | ||
655 | 736 | - Enable GSSAPI support: | ||
656 | 737 | - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): | ||
657 | 738 | - Add --with-gssapi support | ||
658 | 739 | - Make guess_service_principal() more robust when determining | ||
659 | 740 | principal | ||
660 | 741 | - d/configure.options: Configure with --with-gssapi | ||
661 | 742 | - d/control: Added heimdal-dev as a build depend | ||
662 | 743 | - d/rules: | ||
663 | 744 | - Explicitly add -I/usr/include/heimdal to CFLAGS. | ||
664 | 745 | - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS. | ||
665 | 746 | - Enable ufw support: | ||
666 | 747 | - d/control: suggest ufw. | ||
667 | 748 | - d/rules: install ufw profile. | ||
668 | 749 | - d/slapd.ufw.profile: add ufw profile. | ||
669 | 750 | - Enable nss overlay: | ||
670 | 751 | - d/{patches/nssov-build,rules}: Apply, build and package the | ||
671 | 752 | nss overlay. | ||
672 | 753 | - d/{rules,slapd.py}: Add apport hook. | ||
673 | 754 | - d/slapd.init.ldif: don't set olcRootDN since it's not defined in | ||
674 | 755 | either the default DIT nor via an Authn mapping. | ||
675 | 756 | - d/slapd.scripts-common: | ||
676 | 757 | - add slapcat_opts to local variables. | ||
677 | 758 | - Fix backup directory naming for multiple reconfiguration. | ||
678 | 759 | - d/{slapd.default,slapd.README.Debian}: use the new configuration style. | ||
679 | 760 | - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support | ||
680 | 761 | in the openldap library, as required by Likewise-Open | ||
681 | 762 | - Show distribution in version: | ||
682 | 763 | - d/control: added lsb-release | ||
683 | 764 | - d/patches/fix-ldap-distribution.patch: show distribution in version | ||
684 | 765 | - d/libldap-2.4-2.symbols: Add symbols not present in Debian. | ||
685 | 766 | - CLDAP (UDP) was added in 2.4.17-1ubuntu2 | ||
686 | 767 | - GSSAPI support was enabled in 2.4.18-0ubuntu2 | ||
687 | 768 | |||
688 | 769 | -- Gianfranco Costamagna <locutusofborg@debian.org> Fri, 28 Jul 2017 14:49:07 +0200 | ||
689 | 770 | |||
690 | 209 | openldap (2.4.45+dfsg-1) unstable; urgency=medium | 771 | openldap (2.4.45+dfsg-1) unstable; urgency=medium |
691 | 210 | 772 | ||
692 | 211 | * New upstream release. | 773 | * New upstream release. |
693 | @@ -247,6 +809,49 @@ openldap (2.4.45+dfsg-1) unstable; urgency=medium | |||
694 | 247 | 809 | ||
695 | 248 | -- Ryan Tandy <ryan@nardis.ca> Thu, 27 Jul 2017 18:04:41 -0700 | 810 | -- Ryan Tandy <ryan@nardis.ca> Thu, 27 Jul 2017 18:04:41 -0700 |
696 | 249 | 811 | ||
697 | 812 | openldap (2.4.44+dfsg-8ubuntu1) artful; urgency=low | ||
698 | 813 | |||
699 | 814 | * Merge from Debian unstable. Remaining changes: | ||
700 | 815 | - Enable AppArmor support: | ||
701 | 816 | - d/apparmor-profile: add AppArmor profile | ||
702 | 817 | - d/rules: use dh_apparmor | ||
703 | 818 | - d/control: Build-Depends on dh-apparmor | ||
704 | 819 | - d/slapd.README.Debian: add note about AppArmor | ||
705 | 820 | - Enable GSSAPI support: | ||
706 | 821 | - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): | ||
707 | 822 | - Add --with-gssapi support | ||
708 | 823 | - Make guess_service_principal() more robust when determining | ||
709 | 824 | principal | ||
710 | 825 | - d/configure.options: Configure with --with-gssapi | ||
711 | 826 | - d/control: Added heimdal-dev as a build depend | ||
712 | 827 | - d/rules: | ||
713 | 828 | - Explicitly add -I/usr/include/heimdal to CFLAGS. | ||
714 | 829 | - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS. | ||
715 | 830 | - Enable ufw support: | ||
716 | 831 | - d/control: suggest ufw. | ||
717 | 832 | - d/rules: install ufw profile. | ||
718 | 833 | - d/slapd.ufw.profile: add ufw profile. | ||
719 | 834 | - Enable nss overlay: | ||
720 | 835 | - d/{patches/nssov-build,rules}: Apply, build and package the | ||
721 | 836 | nss overlay. | ||
722 | 837 | - d/{rules,slapd.py}: Add apport hook. | ||
723 | 838 | - d/slapd.init.ldif: don't set olcRootDN since it's not defined in | ||
724 | 839 | either the default DIT nor via an Authn mapping. | ||
725 | 840 | - d/slapd.scripts-common: | ||
726 | 841 | - add slapcat_opts to local variables. | ||
727 | 842 | - Fix backup directory naming for multiple reconfiguration. | ||
728 | 843 | - d/{slapd.default,slapd.README.Debian}: use the new configuration style. | ||
729 | 844 | - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support | ||
730 | 845 | in the openldap library, as required by Likewise-Open | ||
731 | 846 | - Show distribution in version: | ||
732 | 847 | - d/control: added lsb-release | ||
733 | 848 | - d/patches/fix-ldap-distribution.patch: show distribution in version | ||
734 | 849 | - d/libldap-2.4-2.symbols: Add symbols not present in Debian. | ||
735 | 850 | - CLDAP (UDP) was added in 2.4.17-1ubuntu2 | ||
736 | 851 | - GSSAPI support was enabled in 2.4.18-0ubuntu2 | ||
737 | 852 | |||
738 | 853 | -- Gianfranco Costamagna <locutusofborg@debian.org> Mon, 17 Jul 2017 10:58:24 +0200 | ||
739 | 854 | |||
740 | 250 | openldap (2.4.44+dfsg-8) unstable; urgency=medium | 855 | openldap (2.4.44+dfsg-8) unstable; urgency=medium |
741 | 251 | 856 | ||
742 | 252 | * Disable test060-mt-hot on ppc64el temporarily to avoid failing tests until | 857 | * Disable test060-mt-hot on ppc64el temporarily to avoid failing tests until |
743 | @@ -257,6 +862,52 @@ openldap (2.4.44+dfsg-8) unstable; urgency=medium | |||
744 | 257 | 862 | ||
745 | 258 | -- Ryan Tandy <ryan@nardis.ca> Sun, 16 Jul 2017 12:57:41 -0700 | 863 | -- Ryan Tandy <ryan@nardis.ca> Sun, 16 Jul 2017 12:57:41 -0700 |
746 | 259 | 864 | ||
747 | 865 | openldap (2.4.44+dfsg-7ubuntu1) artful; urgency=medium | ||
748 | 866 | |||
749 | 867 | * Merge from Debian unstable. Remaining changes: | ||
750 | 868 | - Enable AppArmor support: | ||
751 | 869 | - d/apparmor-profile: add AppArmor profile | ||
752 | 870 | - d/rules: use dh_apparmor | ||
753 | 871 | - d/control: Build-Depends on dh-apparmor | ||
754 | 872 | - d/slapd.README.Debian: add note about AppArmor | ||
755 | 873 | - Enable GSSAPI support: | ||
756 | 874 | - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): | ||
757 | 875 | - Add --with-gssapi support | ||
758 | 876 | - Make guess_service_principal() more robust when determining | ||
759 | 877 | principal | ||
760 | 878 | - d/configure.options: Configure with --with-gssapi | ||
761 | 879 | - d/control: Added heimdal-dev as a build depend | ||
762 | 880 | - d/rules: | ||
763 | 881 | - Explicitly add -I/usr/include/heimdal to CFLAGS. | ||
764 | 882 | - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS. | ||
765 | 883 | - Enable ufw support: | ||
766 | 884 | - d/control: suggest ufw. | ||
767 | 885 | - d/rules: install ufw profile. | ||
768 | 886 | - d/slapd.ufw.profile: add ufw profile. | ||
769 | 887 | - Enable nss overlay: | ||
770 | 888 | - d/{patches/nssov-build,rules}: Apply, build and package the | ||
771 | 889 | nss overlay. | ||
772 | 890 | - d/{rules,slapd.py}: Add apport hook. | ||
773 | 891 | [ d/rules modification mentioned above was dropped in | ||
774 | 892 | 2.4.23-6ubuntu1, re-adding it ] | ||
775 | 893 | - d/slapd.init.ldif: don't set olcRootDN since it's not defined in | ||
776 | 894 | either the default DIT nor via an Authn mapping. | ||
777 | 895 | - d/slapd.scripts-common: | ||
778 | 896 | - add slapcat_opts to local variables. | ||
779 | 897 | - Fix backup directory naming for multiple reconfiguration. | ||
780 | 898 | - d/{slapd.default,slapd.README.Debian}: use the new configuration style. | ||
781 | 899 | - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support | ||
782 | 900 | in the openldap library, as required by Likewise-Open | ||
783 | 901 | - Show distribution in version: | ||
784 | 902 | - d/control: added lsb-release | ||
785 | 903 | - d/patches/fix-ldap-distribution.patch: show distribution in version | ||
786 | 904 | [ Refreshed patch ] | ||
787 | 905 | - d/libldap-2.4-2.symbols: Add symbols not present in Debian. | ||
788 | 906 | - CLDAP (UDP) was added in 2.4.17-1ubuntu2 | ||
789 | 907 | - GSSAPI support was enabled in 2.4.18-0ubuntu2 | ||
790 | 908 | |||
791 | 909 | -- Gianfranco Costamagna <locutusofborg@debian.org> Tue, 27 Jun 2017 10:21:41 +0200 | ||
792 | 910 | |||
793 | 260 | openldap (2.4.44+dfsg-7) unstable; urgency=medium | 911 | openldap (2.4.44+dfsg-7) unstable; urgency=medium |
794 | 261 | 912 | ||
795 | 262 | * Relax the dependency of libldap-2.4-2 on libldap-common to also permit | 913 | * Relax the dependency of libldap-2.4-2 on libldap-common to also permit |
796 | @@ -264,6 +915,52 @@ openldap (2.4.44+dfsg-7) unstable; urgency=medium | |||
797 | 264 | 915 | ||
798 | 265 | -- Ryan Tandy <ryan@nardis.ca> Tue, 27 Jun 2017 18:53:12 -0700 | 916 | -- Ryan Tandy <ryan@nardis.ca> Tue, 27 Jun 2017 18:53:12 -0700 |
799 | 266 | 917 | ||
800 | 918 | openldap (2.4.44+dfsg-6ubuntu1) artful; urgency=medium | ||
801 | 919 | |||
802 | 920 | * Merge from Debian unstable. Remaining changes: | ||
803 | 921 | - Enable AppArmor support: | ||
804 | 922 | - d/apparmor-profile: add AppArmor profile | ||
805 | 923 | - d/rules: use dh_apparmor | ||
806 | 924 | - d/control: Build-Depends on dh-apparmor | ||
807 | 925 | - d/slapd.README.Debian: add note about AppArmor | ||
808 | 926 | - Enable GSSAPI support: | ||
809 | 927 | - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): | ||
810 | 928 | - Add --with-gssapi support | ||
811 | 929 | - Make guess_service_principal() more robust when determining | ||
812 | 930 | principal | ||
813 | 931 | - d/configure.options: Configure with --with-gssapi | ||
814 | 932 | - d/control: Added heimdal-dev as a build depend | ||
815 | 933 | - d/rules: | ||
816 | 934 | - Explicitly add -I/usr/include/heimdal to CFLAGS. | ||
817 | 935 | - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS. | ||
818 | 936 | - Enable ufw support: | ||
819 | 937 | - d/control: suggest ufw. | ||
820 | 938 | - d/rules: install ufw profile. | ||
821 | 939 | - d/slapd.ufw.profile: add ufw profile. | ||
822 | 940 | - Enable nss overlay: | ||
823 | 941 | - d/{patches/nssov-build,rules}: Apply, build and package the | ||
824 | 942 | nss overlay. | ||
825 | 943 | - d/{rules,slapd.py}: Add apport hook. | ||
826 | 944 | [ d/rules modification mentioned above was dropped in | ||
827 | 945 | 2.4.23-6ubuntu1, re-adding it ] | ||
828 | 946 | - d/slapd.init.ldif: don't set olcRootDN since it's not defined in | ||
829 | 947 | either the default DIT nor via an Authn mapping. | ||
830 | 948 | - d/slapd.scripts-common: | ||
831 | 949 | - add slapcat_opts to local variables. | ||
832 | 950 | - Fix backup directory naming for multiple reconfiguration. | ||
833 | 951 | - d/{slapd.default,slapd.README.Debian}: use the new configuration style. | ||
834 | 952 | - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support | ||
835 | 953 | in the openldap library, as required by Likewise-Open | ||
836 | 954 | - Show distribution in version: | ||
837 | 955 | - d/control: added lsb-release | ||
838 | 956 | - d/patches/fix-ldap-distribution.patch: show distribution in version | ||
839 | 957 | [ Refreshed patch ] | ||
840 | 958 | - d/libldap-2.4-2.symbols: Add symbols not present in Debian. | ||
841 | 959 | - CLDAP (UDP) was added in 2.4.17-1ubuntu2 | ||
842 | 960 | - GSSAPI support was enabled in 2.4.18-0ubuntu2 | ||
843 | 961 | |||
844 | 962 | -- Gianfranco Costamagna <locutusofborg@debian.org> Tue, 27 Jun 2017 10:21:41 +0200 | ||
845 | 963 | |||
846 | 267 | openldap (2.4.44+dfsg-6) unstable; urgency=medium | 964 | openldap (2.4.44+dfsg-6) unstable; urgency=medium |
847 | 268 | 965 | ||
848 | 269 | * Update the list of non-translatable strings for the | 966 | * Update the list of non-translatable strings for the |
849 | @@ -272,6 +969,54 @@ openldap (2.4.44+dfsg-6) unstable; urgency=medium | |||
850 | 272 | 969 | ||
851 | 273 | -- Ryan Tandy <ryan@nardis.ca> Mon, 26 Jun 2017 19:42:02 -0700 | 970 | -- Ryan Tandy <ryan@nardis.ca> Mon, 26 Jun 2017 19:42:02 -0700 |
852 | 274 | 971 | ||
853 | 972 | openldap (2.4.44+dfsg-5ubuntu1) artful; urgency=medium | ||
854 | 973 | |||
855 | 974 | * Merge from Debian unstable. Remaining changes: | ||
856 | 975 | - Enable AppArmor support: | ||
857 | 976 | - d/apparmor-profile: add AppArmor profile | ||
858 | 977 | - d/rules: use dh_apparmor | ||
859 | 978 | - d/control: Build-Depends on dh-apparmor | ||
860 | 979 | - d/slapd.README.Debian: add note about AppArmor | ||
861 | 980 | - Enable GSSAPI support: | ||
862 | 981 | - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): | ||
863 | 982 | - Add --with-gssapi support | ||
864 | 983 | - Make guess_service_principal() more robust when determining | ||
865 | 984 | principal | ||
866 | 985 | - d/configure.options: Configure with --with-gssapi | ||
867 | 986 | - d/control: Added heimdal-dev as a build depend | ||
868 | 987 | - d/rules: | ||
869 | 988 | - Explicitly add -I/usr/include/heimdal to CFLAGS. | ||
870 | 989 | - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS. | ||
871 | 990 | - Enable ufw support: | ||
872 | 991 | - d/control: suggest ufw. | ||
873 | 992 | - d/rules: install ufw profile. | ||
874 | 993 | - d/slapd.ufw.profile: add ufw profile. | ||
875 | 994 | - Enable nss overlay: | ||
876 | 995 | - d/{patches/nssov-build,rules}: Apply, build and package the | ||
877 | 996 | nss overlay. | ||
878 | 997 | - d/{rules,slapd.py}: Add apport hook. | ||
879 | 998 | [ d/rules modification mentioned above was dropped in | ||
880 | 999 | 2.4.23-6ubuntu1, re-adding it ] | ||
881 | 1000 | - d/slapd.init.ldif: don't set olcRootDN since it's not defined in | ||
882 | 1001 | either the default DIT nor via an Authn mapping. | ||
883 | 1002 | - d/slapd.scripts-common: | ||
884 | 1003 | - add slapcat_opts to local variables. | ||
885 | 1004 | - Fix backup directory naming for multiple reconfiguration. | ||
886 | 1005 | - d/{slapd.default,slapd.README.Debian}: use the new configuration style. | ||
887 | 1006 | - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support | ||
888 | 1007 | in the openldap library, as required by Likewise-Open | ||
889 | 1008 | - Show distribution in version: | ||
890 | 1009 | - d/control: added lsb-release | ||
891 | 1010 | - d/patches/fix-ldap-distribution.patch: show distribution in version | ||
892 | 1011 | [ Refreshed patch ] | ||
893 | 1012 | - d/libldap-2.4-2.symbols: Add symbols not present in Debian. | ||
894 | 1013 | - CLDAP (UDP) was added in 2.4.17-1ubuntu2 | ||
895 | 1014 | - GSSAPI support was enabled in 2.4.18-0ubuntu2 | ||
896 | 1015 | [ undocumented in prior merge, added in 2.4.41+dfsg-1ubuntu1 ] | ||
897 | 1016 | - Fix use after free with GnuTLS. (LP #1557248) | ||
898 | 1017 | |||
899 | 1018 | -- Gianfranco Costamagna <locutusofborg@debian.org> Sun, 28 May 2017 22:43:50 +0200 | ||
900 | 1019 | |||
901 | 275 | openldap (2.4.44+dfsg-5) unstable; urgency=medium | 1020 | openldap (2.4.44+dfsg-5) unstable; urgency=medium |
902 | 276 | 1021 | ||
903 | 277 | * debian/patches/ITS-8644-wait-for-slapd-to-start-in-test064.patch: Fix an | 1022 | * debian/patches/ITS-8644-wait-for-slapd-to-start-in-test064.patch: Fix an |
904 | @@ -283,6 +1028,54 @@ openldap (2.4.44+dfsg-5) unstable; urgency=medium | |||
905 | 283 | 1028 | ||
906 | 284 | -- Ryan Tandy <ryan@nardis.ca> Sun, 28 May 2017 09:59:46 -0700 | 1029 | -- Ryan Tandy <ryan@nardis.ca> Sun, 28 May 2017 09:59:46 -0700 |
907 | 285 | 1030 | ||
908 | 1031 | openldap (2.4.44+dfsg-4ubuntu1) artful; urgency=low | ||
909 | 1032 | |||
910 | 1033 | * Merge from Debian unstable. Remaining changes: | ||
911 | 1034 | - Enable AppArmor support: | ||
912 | 1035 | - d/apparmor-profile: add AppArmor profile | ||
913 | 1036 | - d/rules: use dh_apparmor | ||
914 | 1037 | - d/control: Build-Depends on dh-apparmor | ||
915 | 1038 | - d/slapd.README.Debian: add note about AppArmor | ||
916 | 1039 | - Enable GSSAPI support: | ||
917 | 1040 | - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): | ||
918 | 1041 | - Add --with-gssapi support | ||
919 | 1042 | - Make guess_service_principal() more robust when determining | ||
920 | 1043 | principal | ||
921 | 1044 | - d/configure.options: Configure with --with-gssapi | ||
922 | 1045 | - d/control: Added heimdal-dev as a build depend | ||
923 | 1046 | - d/rules: | ||
924 | 1047 | - Explicitly add -I/usr/include/heimdal to CFLAGS. | ||
925 | 1048 | - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS. | ||
926 | 1049 | - Enable ufw support: | ||
927 | 1050 | - d/control: suggest ufw. | ||
928 | 1051 | - d/rules: install ufw profile. | ||
929 | 1052 | - d/slapd.ufw.profile: add ufw profile. | ||
930 | 1053 | - Enable nss overlay: | ||
931 | 1054 | - d/{patches/nssov-build,rules}: Apply, build and package the | ||
932 | 1055 | nss overlay. | ||
933 | 1056 | - d/{rules,slapd.py}: Add apport hook. | ||
934 | 1057 | [ d/rules modification mentioned above was dropped in | ||
935 | 1058 | 2.4.23-6ubuntu1, re-adding it ] | ||
936 | 1059 | - d/slapd.init.ldif: don't set olcRootDN since it's not defined in | ||
937 | 1060 | either the default DIT nor via an Authn mapping. | ||
938 | 1061 | - d/slapd.scripts-common: | ||
939 | 1062 | - add slapcat_opts to local variables. | ||
940 | 1063 | - Fix backup directory naming for multiple reconfiguration. | ||
941 | 1064 | - d/{slapd.default,slapd.README.Debian}: use the new configuration style. | ||
942 | 1065 | - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support | ||
943 | 1066 | in the openldap library, as required by Likewise-Open | ||
944 | 1067 | - Show distribution in version: | ||
945 | 1068 | - d/control: added lsb-release | ||
946 | 1069 | - d/patches/fix-ldap-distribution.patch: show distribution in version | ||
947 | 1070 | [ Refreshed patch ] | ||
948 | 1071 | - d/libldap-2.4-2.symbols: Add symbols not present in Debian. | ||
949 | 1072 | - CLDAP (UDP) was added in 2.4.17-1ubuntu2 | ||
950 | 1073 | - GSSAPI support was enabled in 2.4.18-0ubuntu2 | ||
951 | 1074 | [ undocumented in prior merge, added in 2.4.41+dfsg-1ubuntu1 ] | ||
952 | 1075 | - Fix use after free with GnuTLS. (LP #1557248) | ||
953 | 1076 | |||
954 | 1077 | -- Gianfranco Costamagna <locutusofborg@debian.org> Sat, 22 Apr 2017 14:28:54 +0200 | ||
955 | 1078 | |||
956 | 286 | openldap (2.4.44+dfsg-4) unstable; urgency=medium | 1079 | openldap (2.4.44+dfsg-4) unstable; urgency=medium |
957 | 287 | 1080 | ||
958 | 288 | * Improve the slapd/ppolicy_schema_needs_update debconf template. Thanks to | 1081 | * Improve the slapd/ppolicy_schema_needs_update debconf template. Thanks to |
959 | @@ -329,6 +1122,67 @@ openldap (2.4.44+dfsg-4) unstable; urgency=medium | |||
960 | 329 | 1122 | ||
961 | 330 | -- Ryan Tandy <ryan@nardis.ca> Sun, 16 Apr 2017 20:10:43 -0700 | 1123 | -- Ryan Tandy <ryan@nardis.ca> Sun, 16 Apr 2017 20:10:43 -0700 |
962 | 331 | 1124 | ||
963 | 1125 | openldap (2.4.44+dfsg-3ubuntu2) zesty; urgency=medium | ||
964 | 1126 | |||
965 | 1127 | * d/rules: Fix typo in previous upload. | ||
966 | 1128 | |||
967 | 1129 | -- Nishanth Aravamudan <nish.aravamudan@canonical.com> Fri, 10 Feb 2017 12:17:02 -0800 | ||
968 | 1130 | |||
969 | 1131 | openldap (2.4.44+dfsg-3ubuntu1) zesty; urgency=medium | ||
970 | 1132 | |||
971 | 1133 | * Merge with Debian unstable (LP: #1663702, LP: #1654416). Remaining | ||
972 | 1134 | changes | ||
973 | 1135 | - Enable AppArmor support: | ||
974 | 1136 | - d/apparmor-profile: add AppArmor profile | ||
975 | 1137 | - d/rules: use dh_apparmor | ||
976 | 1138 | - d/control: Build-Depends on dh-apparmor | ||
977 | 1139 | - d/slapd.README.Debian: add note about AppArmor | ||
978 | 1140 | - Enable GSSAPI support: | ||
979 | 1141 | - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): | ||
980 | 1142 | - Add --with-gssapi support | ||
981 | 1143 | - Make guess_service_principal() more robust when determining | ||
982 | 1144 | principal | ||
983 | 1145 | - d/configure.options: Configure with --with-gssapi | ||
984 | 1146 | - d/control: Added heimdal-dev as a build depend | ||
985 | 1147 | - d/rules: | ||
986 | 1148 | - Explicitly add -I/usr/include/heimdal to CFLAGS. | ||
987 | 1149 | - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS. | ||
988 | 1150 | - Enable ufw support: | ||
989 | 1151 | - d/control: suggest ufw. | ||
990 | 1152 | - d/rules: install ufw profile. | ||
991 | 1153 | - d/slapd.ufw.profile: add ufw profile. | ||
992 | 1154 | - Enable nss overlay: | ||
993 | 1155 | - d/{patches/nssov-build,rules}: Apply, build and package the | ||
994 | 1156 | nss overlay. | ||
995 | 1157 | - d/{rules,slapd.py}: Add apport hook. | ||
996 | 1158 | [ d/rules modification mentioned above was dropped in | ||
997 | 1159 | 2.4.23-6ubuntu1, re-adding it ] | ||
998 | 1160 | - d/slapd.init.ldif: don't set olcRootDN since it's not defined in | ||
999 | 1161 | either the default DIT nor via an Authn mapping. | ||
1000 | 1162 | - d/slapd.scripts-common: | ||
1001 | 1163 | - add slapcat_opts to local variables. | ||
1002 | 1164 | - Fix backup directory naming for multiple reconfiguration. | ||
1003 | 1165 | - d/{slapd.default,slapd.README.Debian}: use the new configuration style. | ||
1004 | 1166 | - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support | ||
1005 | 1167 | in the openldap library, as required by Likewise-Open | ||
1006 | 1168 | - Show distribution in version: | ||
1007 | 1169 | - d/control: added lsb-release | ||
1008 | 1170 | - d/patches/fix-ldap-distribution.patch: show distribution in version | ||
1009 | 1171 | [ Refreshed patch ] | ||
1010 | 1172 | - d/libldap-2.4-2.symbols: Add symbols not present in Debian. | ||
1011 | 1173 | - CLDAP (UDP) was added in 2.4.17-1ubuntu2 | ||
1012 | 1174 | - GSSAPI support was enabled in 2.4.18-0ubuntu2 | ||
1013 | 1175 | [ undocumented in prior merge, added in 2.4.41+dfsg-1ubuntu1 ] | ||
1014 | 1176 | - Fix use after free with GnuTLS. (LP #1557248) | ||
1015 | 1177 | * Drop: | ||
1016 | 1178 | - d/slapd.scripts-common: | ||
1017 | 1179 | + Remove unused variable new_conf. | ||
1018 | 1180 | [ configure_v2_protocol_support function removed in 2.4.44+dfsg-1 ] | ||
1019 | 1181 | - d/b/config.log: add config.log | ||
1020 | 1182 | [ previously undocumented, stray change ] | ||
1021 | 1183 | |||
1022 | 1184 | -- Nishanth Aravamudan <nish.aravamudan@canonical.com> Fri, 10 Feb 2017 11:38:57 -0800 | ||
1023 | 1185 | |||
1024 | 332 | openldap (2.4.44+dfsg-3) unstable; urgency=medium | 1186 | openldap (2.4.44+dfsg-3) unstable; urgency=medium |
1025 | 333 | 1187 | ||
1026 | 334 | * Apply upstream patch to fix FTBFS on kFreeBSD. (Closes: #845394) | 1188 | * Apply upstream patch to fix FTBFS on kFreeBSD. (Closes: #845394) |
1027 | @@ -401,6 +1255,73 @@ openldap (2.4.44+dfsg-1) unstable; urgency=medium | |||
1028 | 401 | 1255 | ||
1029 | 402 | -- Ryan Tandy <ryan@nardis.ca> Mon, 14 Nov 2016 18:59:30 -0800 | 1256 | -- Ryan Tandy <ryan@nardis.ca> Mon, 14 Nov 2016 18:59:30 -0800 |
1030 | 403 | 1257 | ||
1031 | 1258 | openldap (2.4.42+dfsg-2ubuntu5) zesty; urgency=medium | ||
1032 | 1259 | |||
1033 | 1260 | * No-change rebuild for perl 5.24 transition | ||
1034 | 1261 | |||
1035 | 1262 | -- Iain Lane <iain@orangesquash.org.uk> Mon, 24 Oct 2016 10:37:13 +0100 | ||
1036 | 1263 | |||
1037 | 1264 | openldap (2.4.42+dfsg-2ubuntu4) yakkety; urgency=medium | ||
1038 | 1265 | |||
1039 | 1266 | * Fix use after free with GnuTLS. (LP: #1557248) | ||
1040 | 1267 | |||
1041 | 1268 | -- Maciej Puzio <maciej@work.swmed.edu> Fri, 25 Mar 2016 15:24:25 -0500 | ||
1042 | 1269 | |||
1043 | 1270 | openldap (2.4.42+dfsg-2ubuntu3) xenial; urgency=medium | ||
1044 | 1271 | |||
1045 | 1272 | * Fix building with gssapi suppport: | ||
1046 | 1273 | - Explicitly add -I/usr/include/heimdal to CFLAGS. | ||
1047 | 1274 | - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS. | ||
1048 | 1275 | |||
1049 | 1276 | -- Matthias Klose <doko@ubuntu.com> Thu, 18 Feb 2016 09:17:27 +0100 | ||
1050 | 1277 | |||
1051 | 1278 | openldap (2.4.42+dfsg-2ubuntu2) xenial; urgency=medium | ||
1052 | 1279 | |||
1053 | 1280 | * No-change rebuild for gnutls transition. | ||
1054 | 1281 | |||
1055 | 1282 | -- Matthias Klose <doko@ubuntu.com> Wed, 17 Feb 2016 22:27:04 +0000 | ||
1056 | 1283 | |||
1057 | 1284 | openldap (2.4.42+dfsg-2ubuntu1) xenial; urgency=medium | ||
1058 | 1285 | |||
1059 | 1286 | * Merge from Debian testing (LP: #1532648). Remaining changes: | ||
1060 | 1287 | - Enable AppArmor support: | ||
1061 | 1288 | - d/apparmor-profile: add AppArmor profile | ||
1062 | 1289 | - d/rules: use dh_apparmor | ||
1063 | 1290 | - d/control: Build-Depends on dh-apparmor | ||
1064 | 1291 | - d/slapd.README.Debian: add note about AppArmor | ||
1065 | 1292 | - Enable GSSAPI support: | ||
1066 | 1293 | - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): | ||
1067 | 1294 | - Add --with-gssapi support | ||
1068 | 1295 | - Make guess_service_principal() more robust when determining | ||
1069 | 1296 | principal | ||
1070 | 1297 | - d/configure.options: Configure with --with-gssapi | ||
1071 | 1298 | - d/control: Added heimdal-dev as a build depend | ||
1072 | 1299 | - Enable ufw support: | ||
1073 | 1300 | - d/control: suggest ufw. | ||
1074 | 1301 | - d/rules: install ufw profile. | ||
1075 | 1302 | - d/slapd.ufw.profile: add ufw profile. | ||
1076 | 1303 | - Enable nss overlay: | ||
1077 | 1304 | - d/{patches/nssov-build,rules}: Apply, build and package the | ||
1078 | 1305 | nss overlay. | ||
1079 | 1306 | - d/{rules,slapd.py}: Add apport hook. | ||
1080 | 1307 | - d/slapd.init.ldif: don't set olcRootDN since it's not defined in | ||
1081 | 1308 | either the default DIT nor via an Authn mapping. | ||
1082 | 1309 | - d/slapd.scripts-common: | ||
1083 | 1310 | - add slapcat_opts to local variables. | ||
1084 | 1311 | - Remove unused variable new_conf. | ||
1085 | 1312 | - Fix backup directory naming for multiple reconfiguration. | ||
1086 | 1313 | - d/{slapd.default,slapd.README.Debian}: use the new configuration style. | ||
1087 | 1314 | - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support | ||
1088 | 1315 | in the openldap library, as required by Likewise-Open | ||
1089 | 1316 | - Show distribution in version: | ||
1090 | 1317 | - d/control: added lsb-release | ||
1091 | 1318 | - d/patches/fix-ldap-distribution.patch: show distribution in version | ||
1092 | 1319 | * Drop CVE-2015-6908.patch, included in Debian. | ||
1093 | 1320 | * Remove DEB_HOST_ARCH from debian/rules: left over from when mdb was | ||
1094 | 1321 | disabled on ppc64el, no longer used, and missed in the previous merge. | ||
1095 | 1322 | |||
1096 | 1323 | -- Ryan Tandy <ryan@nardis.ca> Sun, 10 Jan 2016 15:50:53 -0800 | ||
1097 | 1324 | |||
1098 | 404 | openldap (2.4.42+dfsg-2) unstable; urgency=medium | 1325 | openldap (2.4.42+dfsg-2) unstable; urgency=medium |
1099 | 405 | 1326 | ||
1100 | 406 | [ Ryan Tandy ] | 1327 | [ Ryan Tandy ] |
1101 | @@ -468,6 +1389,71 @@ openldap (2.4.42+dfsg-1) unstable; urgency=medium | |||
1102 | 468 | 1389 | ||
1103 | 469 | -- Ryan Tandy <ryan@nardis.ca> Fri, 21 Aug 2015 13:07:51 -0700 | 1390 | -- Ryan Tandy <ryan@nardis.ca> Fri, 21 Aug 2015 13:07:51 -0700 |
1104 | 470 | 1391 | ||
1105 | 1392 | openldap (2.4.41+dfsg-1ubuntu3) xenial; urgency=medium | ||
1106 | 1393 | |||
1107 | 1394 | * Rebuild for Perl 5.22.1. | ||
1108 | 1395 | |||
1109 | 1396 | -- Colin Watson <cjwatson@ubuntu.com> Fri, 18 Dec 2015 15:10:17 +0000 | ||
1110 | 1397 | |||
1111 | 1398 | openldap (2.4.41+dfsg-1ubuntu2) wily; urgency=medium | ||
1112 | 1399 | |||
1113 | 1400 | * SECURITY UPDATE: denial of service via crafted BER data | ||
1114 | 1401 | - debian/patches/CVE-2015-6908.patch: remove obsolete assert in | ||
1115 | 1402 | libraries/liblber/io.c. | ||
1116 | 1403 | - CVE-2015-6908 | ||
1117 | 1404 | |||
1118 | 1405 | -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 14 Sep 2015 10:25:04 -0400 | ||
1119 | 1406 | |||
1120 | 1407 | openldap (2.4.41+dfsg-1ubuntu1) wily; urgency=medium | ||
1121 | 1408 | |||
1122 | 1409 | * Merge from Debian testing (LP: #1471831). Remaining changes: | ||
1123 | 1410 | - Enable AppArmor support: | ||
1124 | 1411 | - d/apparmor-profile: add AppArmor profile | ||
1125 | 1412 | - d/rules: use dh_apparmor | ||
1126 | 1413 | - d/control: Build-Depends on dh-apparmor | ||
1127 | 1414 | - d/slapd.README.Debian: add note about AppArmor | ||
1128 | 1415 | - Enable GSSAPI support: | ||
1129 | 1416 | - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): | ||
1130 | 1417 | - Add --with-gssapi support | ||
1131 | 1418 | - Make guess_service_principal() more robust when determining | ||
1132 | 1419 | principal | ||
1133 | 1420 | - d/configure.options: Configure with --with-gssapi | ||
1134 | 1421 | - d/control: Added heimdal-dev as a build depend | ||
1135 | 1422 | - Enable ufw support: | ||
1136 | 1423 | - d/control: suggest ufw. | ||
1137 | 1424 | - d/rules: install ufw profile. | ||
1138 | 1425 | - d/slapd.ufw.profile: add ufw profile. | ||
1139 | 1426 | - Enable nss overlay: | ||
1140 | 1427 | - d/{patches/nssov-build,rules}: Apply, build and package the | ||
1141 | 1428 | nss overlay. | ||
1142 | 1429 | - d/{rules,slapd.py}: Add apport hook. | ||
1143 | 1430 | - d/slapd.init.ldif: don't set olcRootDN since it's not defined in | ||
1144 | 1431 | either the default DIT nor via an Authn mapping. | ||
1145 | 1432 | - d/slapd.scripts-common: | ||
1146 | 1433 | - add slapcat_opts to local variables. | ||
1147 | 1434 | - Remove unused variable new_conf. | ||
1148 | 1435 | - Fix backup directory naming for multiple reconfiguration. | ||
1149 | 1436 | - d/{slapd.default,slapd.README.Debian}: use the new configuration style. | ||
1150 | 1437 | - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support | ||
1151 | 1438 | in the openldap library, as required by Likewise-Open | ||
1152 | 1439 | - Show distribution in version: | ||
1153 | 1440 | - d/control: added lsb-release | ||
1154 | 1441 | - d/patches/fix-ldap-distribution.patch: show distribution in version | ||
1155 | 1442 | * Dropped changes: | ||
1156 | 1443 | - Fix cpp calls for GCC 5: fixed upstream (ITS#8056) | ||
1157 | 1444 | * Upstream fixes: | ||
1158 | 1445 | - slapd crash with auditlog overlay and large (~27KB) attribute values | ||
1159 | 1446 | (ITS#8003) (LP: #1461276) | ||
1160 | 1447 | - nssov updated to support recent nss-pam-ldapd client libraries | ||
1161 | 1448 | (ITS#8097) (LP: #1393306) | ||
1162 | 1449 | * Update d/patches/nssov-build for upstream changes. | ||
1163 | 1450 | * Tweak d/patches/gssapi.diff to apply without fuzz. | ||
1164 | 1451 | * d/libldap-2.4-2.symbols: Add symbols not present in Debian. | ||
1165 | 1452 | - CLDAP (UDP) was added in 2.4.17-1ubuntu2 | ||
1166 | 1453 | - GSSAPI support was enabled in 2.4.18-0ubuntu2 | ||
1167 | 1454 | |||
1168 | 1455 | -- Ryan Tandy <ryan@nardis.ca> Fri, 24 Jul 2015 14:12:06 -0700 | ||
1169 | 1456 | |||
1170 | 471 | openldap (2.4.41+dfsg-1) unstable; urgency=medium | 1457 | openldap (2.4.41+dfsg-1) unstable; urgency=medium |
1171 | 472 | 1458 | ||
1172 | 473 | * New upstream release. | 1459 | * New upstream release. |
1173 | @@ -487,6 +1473,62 @@ openldap (2.4.40+dfsg-2) unstable; urgency=medium | |||
1174 | 487 | 1473 | ||
1175 | 488 | -- Ryan Tandy <ryan@nardis.ca> Sun, 28 Jun 2015 20:40:37 -0700 | 1474 | -- Ryan Tandy <ryan@nardis.ca> Sun, 28 Jun 2015 20:40:37 -0700 |
1176 | 489 | 1475 | ||
1177 | 1476 | openldap (2.4.40+dfsg-1ubuntu2) wily; urgency=medium | ||
1178 | 1477 | |||
1179 | 1478 | * No-change rebuild for the libnettle6 transition. | ||
1180 | 1479 | |||
1181 | 1480 | -- Adam Conrad <adconrad@ubuntu.com> Sun, 14 Jun 2015 03:58:30 -0600 | ||
1182 | 1481 | |||
1183 | 1482 | openldap (2.4.40+dfsg-1ubuntu1) wily; urgency=low | ||
1184 | 1483 | |||
1185 | 1484 | * Merge from Debian testing (LP: #1395098, LP: #1316124). Remaining changes: | ||
1186 | 1485 | - Enable AppArmor support: | ||
1187 | 1486 | - d/apparmor-profile: add AppArmor profile | ||
1188 | 1487 | - d/rules: use dh_apparmor | ||
1189 | 1488 | - d/control: Build-Depends on dh-apparmor | ||
1190 | 1489 | - d/slapd.README.Debian: add note about AppArmor | ||
1191 | 1490 | - Enable GSSAPI support: | ||
1192 | 1491 | - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): | ||
1193 | 1492 | - Add --with-gssapi support | ||
1194 | 1493 | - Make guess_service_principal() more robust when determining | ||
1195 | 1494 | principal | ||
1196 | 1495 | - d/configure.options: Configure with --with-gssapi | ||
1197 | 1496 | - d/control: Added heimdal-dev as a build depend | ||
1198 | 1497 | - Enable ufw support: | ||
1199 | 1498 | - d/control: suggest ufw. | ||
1200 | 1499 | - d/rules: install ufw profile. | ||
1201 | 1500 | - d/slapd.ufw.profile: add ufw profile. | ||
1202 | 1501 | - Enable nss overlay: | ||
1203 | 1502 | - d/{patches/nssov-build,rules}: Apply, build and package the | ||
1204 | 1503 | nss overlay. | ||
1205 | 1504 | - d/{rules,slapd.py}: Add apport hook. | ||
1206 | 1505 | - d/slapd.init.ldif: don't set olcRootDN since it's not defined in | ||
1207 | 1506 | either the default DIT nor via an Authn mapping. | ||
1208 | 1507 | - d/slapd.scripts-common: | ||
1209 | 1508 | - add slapcat_opts to local variables. | ||
1210 | 1509 | - Remove unused variable new_conf. | ||
1211 | 1510 | - Fix backup directory naming for multiple reconfiguration. | ||
1212 | 1511 | - d/{slapd.default,slapd.README.Debian}: use the new configuration style. | ||
1213 | 1512 | - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support | ||
1214 | 1513 | in the openldap library, as required by Likewise-Open | ||
1215 | 1514 | - Show distribution in version: | ||
1216 | 1515 | - d/control: added lsb-release | ||
1217 | 1516 | - d/patches/fix-ldap-distribution.patch: show distribution in version | ||
1218 | 1517 | * Drop patches included upstream: | ||
1219 | 1518 | - d/patches/0001-ITS-7430-GnuTLS-Avoid-use-of-deprecated-function.patch | ||
1220 | 1519 | - d/patches/bdb-deadlock.patch | ||
1221 | 1520 | - d/patches/its-7354-fix-delta-sync-mmr.diff | ||
1222 | 1521 | * Drop hardening-wrapper as Debian now sets PIE and bindnow flags. | ||
1223 | 1522 | * debian/patches/nssov-build: Adjust for upstream changes. | ||
1224 | 1523 | * debian/apparmor-profile: | ||
1225 | 1524 | - Change 'r' to 'rw' for ldapi and nslcd sockets, required for apparmor | ||
1226 | 1525 | kernel ABI v7 (utopic and later). (LP: #1392018) | ||
1227 | 1526 | - Reduce permissions on /run/nslcd to just the nslcd socket. | ||
1228 | 1527 | * Enable the mdb backend again on ppc64el, fixed upstream in ITS#7713. | ||
1229 | 1528 | (LP: #1293250) | ||
1230 | 1529 | |||
1231 | 1530 | -- Ryan Tandy <ryan@nardis.ca> Mon, 25 May 2015 19:49:21 -0700 | ||
1232 | 1531 | |||
1233 | 490 | openldap (2.4.40+dfsg-1) unstable; urgency=medium | 1532 | openldap (2.4.40+dfsg-1) unstable; urgency=medium |
1234 | 491 | 1533 | ||
1235 | 492 | * Remove inetorgperson.schema from the upstream source. Replace it with a | 1534 | * Remove inetorgperson.schema from the upstream source. Replace it with a |
1236 | @@ -675,6 +1717,187 @@ openldap (2.4.39-1) unstable; urgency=low | |||
1237 | 675 | 1717 | ||
1238 | 676 | -- Steve Langasek <vorlon@debian.org> Mon, 17 Mar 2014 15:27:31 -0700 | 1718 | -- Steve Langasek <vorlon@debian.org> Mon, 17 Mar 2014 15:27:31 -0700 |
1239 | 677 | 1719 | ||
1240 | 1720 | openldap (2.4.31-1+nmu2ubuntu12) vivid; urgency=medium | ||
1241 | 1721 | |||
1242 | 1722 | * Fix cpp calls for GCC 5. | ||
1243 | 1723 | |||
1244 | 1724 | -- Matthias Klose <doko@ubuntu.com> Fri, 06 Mar 2015 13:23:29 +0100 | ||
1245 | 1725 | |||
1246 | 1726 | openldap (2.4.31-1+nmu2ubuntu11) utopic; urgency=medium | ||
1247 | 1727 | |||
1248 | 1728 | * debian/apparmor-profile: | ||
1249 | 1729 | - allow p11-kit abstraction | ||
1250 | 1730 | - allow read of /etc/gss/mech.d/* | ||
1251 | 1731 | |||
1252 | 1732 | -- Jamie Strandboge <jamie@ubuntu.com> Tue, 02 Sep 2014 15:29:05 -0500 | ||
1253 | 1733 | |||
1254 | 1734 | openldap (2.4.31-1+nmu2ubuntu10) utopic; urgency=medium | ||
1255 | 1735 | |||
1256 | 1736 | * Rebuild for Perl 5.20.0. | ||
1257 | 1737 | |||
1258 | 1738 | -- Colin Watson <cjwatson@ubuntu.com> Thu, 21 Aug 2014 13:29:20 +0100 | ||
1259 | 1739 | |||
1260 | 1740 | openldap (2.4.31-1+nmu2ubuntu9) utopic; urgency=medium | ||
1261 | 1741 | |||
1262 | 1742 | * Cherry-pick upstream patch for compat with recent GNUTLS. | ||
1263 | 1743 | * Build-depend on libgnutls28-dev. | ||
1264 | 1744 | * Build-depend on libgcrypt20-dev. | ||
1265 | 1745 | |||
1266 | 1746 | -- Dimitri John Ledkov <xnox@ubuntu.com> Fri, 08 Aug 2014 11:01:56 +0100 | ||
1267 | 1747 | |||
1268 | 1748 | openldap (2.4.31-1+nmu2ubuntu8) trusty; urgency=medium | ||
1269 | 1749 | |||
1270 | 1750 | * Bump database_format_changed value to 2.4.31-1+nmu2ubuntu5 for db5.3. | ||
1271 | 1751 | |||
1272 | 1752 | -- Adam Conrad <adconrad@ubuntu.com> Mon, 17 Mar 2014 12:50:18 -0600 | ||
1273 | 1753 | |||
1274 | 1754 | openldap (2.4.31-1+nmu2ubuntu7) trusty; urgency=medium | ||
1275 | 1755 | |||
1276 | 1756 | * Disable mdb backend on ppc64el due to test-suite failures. | ||
1277 | 1757 | |||
1278 | 1758 | -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 17 Mar 2014 16:32:29 +0000 | ||
1279 | 1759 | |||
1280 | 1760 | openldap (2.4.31-1+nmu2ubuntu6) trusty; urgency=low | ||
1281 | 1761 | |||
1282 | 1762 | * Fix segfault issue with master-master syncrepl (LP: #1287730): | ||
1283 | 1763 | - d/patches/its-7354-fix-delta-sync-mmr.diff: Cherry picked | ||
1284 | 1764 | patch from upstream VCS. | ||
1285 | 1765 | |||
1286 | 1766 | -- Pierre Fersing <pfersing@sierrawireless.com> Tue, 04 Mar 2014 16:04:57 +0100 | ||
1287 | 1767 | |||
1288 | 1768 | openldap (2.4.31-1+nmu2ubuntu5) trusty; urgency=low | ||
1289 | 1769 | |||
1290 | 1770 | * Build-depend on libdb5.3-dev, instead of libdb5.1-dev. | ||
1291 | 1771 | |||
1292 | 1772 | -- Dmitrijs Ledkovs <xnox@ubuntu.com> Mon, 04 Nov 2013 08:04:30 +0000 | ||
1293 | 1773 | |||
1294 | 1774 | openldap (2.4.31-1+nmu2ubuntu4) trusty; urgency=low | ||
1295 | 1775 | |||
1296 | 1776 | * Rebuild for Perl 5.18. | ||
1297 | 1777 | |||
1298 | 1778 | -- Colin Watson <cjwatson@ubuntu.com> Tue, 22 Oct 2013 12:16:39 +0100 | ||
1299 | 1779 | |||
1300 | 1780 | openldap (2.4.31-1+nmu2ubuntu3) saucy; urgency=low | ||
1301 | 1781 | |||
1302 | 1782 | * Update build/config.guess and build/config.sub at build time; this was | ||
1303 | 1783 | not done automatically because the top-level configure.in does not use | ||
1304 | 1784 | Automake. | ||
1305 | 1785 | |||
1306 | 1786 | -- Colin Watson <cjwatson@ubuntu.com> Tue, 08 Oct 2013 17:24:59 +0100 | ||
1307 | 1787 | |||
1308 | 1788 | openldap (2.4.31-1+nmu2ubuntu2) saucy; urgency=low | ||
1309 | 1789 | |||
1310 | 1790 | * debian/control: added lsb-release | ||
1311 | 1791 | * debian/patches/fix-ldap-distribution.patch: show distribution in version | ||
1312 | 1792 | |||
1313 | 1793 | -- Yolanda Robla <yolanda.robla@canonical.com> Mon, 08 Jul 2013 16:53:09 +0200 | ||
1314 | 1794 | |||
1315 | 1795 | openldap (2.4.31-1+nmu2ubuntu1) saucy; urgency=low | ||
1316 | 1796 | |||
1317 | 1797 | * Merge from Debian unstable. Remaining changes: | ||
1318 | 1798 | - Enable AppArmor support: | ||
1319 | 1799 | - d/apparmor-profile: add AppArmor profile | ||
1320 | 1800 | - d/rules: use dh_apparmor | ||
1321 | 1801 | - d/control: Build-Depends on dh-apparmor | ||
1322 | 1802 | - d/slapd.README.Debian: add note about AppArmor | ||
1323 | 1803 | - d/slapd.dirs: add etc/apparmor.d/force-complain | ||
1324 | 1804 | - Enable GSSAPI support: | ||
1325 | 1805 | - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): | ||
1326 | 1806 | - Add --with-gssapi support | ||
1327 | 1807 | - Make guess_service_principal() more robust when determining | ||
1328 | 1808 | principal | ||
1329 | 1809 | - d/configure.options: Configure with --with-gssapi | ||
1330 | 1810 | - d/control: Added libkrb5-dev as a build depend | ||
1331 | 1811 | - Enable ufw support: | ||
1332 | 1812 | - d/control: suggest ufw. | ||
1333 | 1813 | - d/rules: install ufw profile. | ||
1334 | 1814 | - d/slapd.ufw.profile: add ufw profile. | ||
1335 | 1815 | - Enable nss overlay: | ||
1336 | 1816 | - d/{patches/nssov-build,/rules}: Apply, build and package the | ||
1337 | 1817 | nss overlay. | ||
1338 | 1818 | - d/{rules,slapd.py}: Add apport hook. | ||
1339 | 1819 | - d/slapd.init.ldif: don't set olcRootDN since it's not defined in | ||
1340 | 1820 | either the default DIT nor via an Authn mapping. | ||
1341 | 1821 | - d/slapd.scripts-common: | ||
1342 | 1822 | - add slapcat_opts to local variables. | ||
1343 | 1823 | - Remove unused variable new_conf. | ||
1344 | 1824 | - Fix backup directory naming for multiple reconfiguration. | ||
1345 | 1825 | - d/{slapd.default,slapd.README.Debian}: use the new configuration style. | ||
1346 | 1826 | - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support | ||
1347 | 1827 | in the openldap library, as required by Likewise-Open | ||
1348 | 1828 | - d/{control,rules}: enable PIE hardening | ||
1349 | 1829 | |||
1350 | 1830 | -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 30 May 2013 13:03:25 -0400 | ||
1351 | 1831 | |||
1352 | 1832 | openldap (2.4.31-1+nmu2) unstable; urgency=high | ||
1353 | 1833 | |||
1354 | 1834 | * Non-maintainer upload. | ||
1355 | 1835 | * No-change rebuild in a clean environment | ||
1356 | 1836 | |||
1357 | 1837 | -- Jonathan Wiltshire <jmw@debian.org> Tue, 23 Apr 2013 13:10:00 +0100 | ||
1358 | 1838 | |||
1359 | 1839 | openldap (2.4.31-1+nmu1) unstable; urgency=medium | ||
1360 | 1840 | |||
1361 | 1841 | * Non-maintainer upload. | ||
1362 | 1842 | * Avoid deadlocks in back-bdb that truncate slapcat output (closes: #673038). | ||
1363 | 1843 | |||
1364 | 1844 | -- Michael Gilbert <mgilbert@debian.org> Tue, 16 Apr 2013 03:35:31 +0000 | ||
1365 | 1845 | |||
1366 | 1846 | openldap (2.4.31-1ubuntu2) quantal-proposed; urgency=low | ||
1367 | 1847 | |||
1368 | 1848 | * debian/slapd.py: Add AppArmor info and logs to apport hook. | ||
1369 | 1849 | |||
1370 | 1850 | -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 20 Aug 2012 08:46:02 -0400 | ||
1371 | 1851 | |||
1372 | 1852 | openldap (2.4.31-1ubuntu1) quantal; urgency=low | ||
1373 | 1853 | |||
1374 | 1854 | * Merge from Debian unstable. Remaining changes: | ||
1375 | 1855 | - Enable AppArmor support: | ||
1376 | 1856 | - d/apparmor-profile: add AppArmor profile | ||
1377 | 1857 | - d/rules: use dh_apparmor | ||
1378 | 1858 | - d/control: Build-Depends on dh-apparmor | ||
1379 | 1859 | - d/slapd.README.Debian: add note about AppArmor | ||
1380 | 1860 | - d/slapd.dirs: add etc/apparmor.d/force-complain | ||
1381 | 1861 | - Enable GSSAPI support (LP: #495418): | ||
1382 | 1862 | - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): | ||
1383 | 1863 | - Add --with-gssapi support | ||
1384 | 1864 | - Make guess_service_principal() more robust when determining | ||
1385 | 1865 | principal | ||
1386 | 1866 | - d/configure.options: Configure with --with-gssapi | ||
1387 | 1867 | - d/control: Added libkrb5-dev as a build depend | ||
1388 | 1868 | - Enable ufw support (LP: #423246): | ||
1389 | 1869 | - d/control: suggest ufw. | ||
1390 | 1870 | - d/rules: install ufw profile. | ||
1391 | 1871 | - d/slapd.ufw.profile: add ufw profile. | ||
1392 | 1872 | - Enable nss overlay (LP: #675391): | ||
1393 | 1873 | - d/{patches/nssov-build,/rules}: Apply, build and package the | ||
1394 | 1874 | nss overlay. | ||
1395 | 1875 | - d/{rules,slapd.py}: Add apport hook. (LP: #610544) | ||
1396 | 1876 | - d/slapd.init.ldif: don't set olcRootDN since it's not defined in | ||
1397 | 1877 | either the default DIT nor via an Authn mapping. | ||
1398 | 1878 | - d/slapd.scripts-common: | ||
1399 | 1879 | - add slapcat_opts to local variables. | ||
1400 | 1880 | - Remove unused variable new_conf. | ||
1401 | 1881 | - Fix backup directory naming for multiple reconfiguration. | ||
1402 | 1882 | - d/{slapd.default,slapd.README.Debian}: use the new configuration style. | ||
1403 | 1883 | - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support | ||
1404 | 1884 | in the openldap library, as required by Likewise-Open (LP: #390579) | ||
1405 | 1885 | - d/{control,rules}: enable PIE hardening | ||
1406 | 1886 | * Dropped changes: | ||
1407 | 1887 | - d/patches/its-7107-fix-Operation-init-on-reuse.diff: Included in upstream release. | ||
1408 | 1888 | - d/patches/CVE-2011-4079: Included in upstream release. | ||
1409 | 1889 | - d/patches/service-operational-before-detach: Included in upstream release. | ||
1410 | 1890 | - d/schema/extra/misc.ldif: Included upstream. | ||
1411 | 1891 | - d/{rules,schema/extra}: Fix configure and clean rules to support | ||
1412 | 1892 | extra schemas shipped as part of the debian/schema/ directory; no longer required. | ||
1413 | 1893 | - Included in Debian: | ||
1414 | 1894 | + Document cn=config in README file. | ||
1415 | 1895 | + Install a default DIT; actually a minimal configuration. | ||
1416 | 1896 | + d/patches/heimdal-fix. | ||
1417 | 1897 | * General tidy of d/patches to remove obsolete patches being held in Ubuntu delta. | ||
1418 | 1898 | |||
1419 | 1899 | -- James Page <james.page@ubuntu.com> Fri, 20 Jul 2012 13:48:32 +0100 | ||
1420 | 1900 | |||
1421 | 678 | openldap (2.4.31-1) unstable; urgency=low | 1901 | openldap (2.4.31-1) unstable; urgency=low |
1422 | 679 | 1902 | ||
1423 | 680 | * New upstream release. | 1903 | * New upstream release. |
1424 | @@ -701,6 +1924,121 @@ openldap (2.4.31-1) unstable; urgency=low | |||
1425 | 701 | 1924 | ||
1426 | 702 | -- Steve Langasek <vorlon@debian.org> Wed, 27 Jun 2012 03:27:34 +0000 | 1925 | -- Steve Langasek <vorlon@debian.org> Wed, 27 Jun 2012 03:27:34 +0000 |
1427 | 703 | 1926 | ||
1428 | 1927 | openldap (2.4.28-1.1ubuntu6) quantal; urgency=low | ||
1429 | 1928 | |||
1430 | 1929 | * Fix issue with intermittent connection issues when using LDAPv3 | ||
1431 | 1930 | protocol (LP: #1023025): | ||
1432 | 1931 | - d/patches/its-7107-fix-Operation-init-on-reuse.diff: Cherry picked | ||
1433 | 1932 | patch from upstream VCS which ensures objects are initialized before | ||
1434 | 1933 | re-use. | ||
1435 | 1934 | |||
1436 | 1935 | -- Pierre Fersing <pfersing@sierrawireless.com> Thu, 19 Jul 2012 14:05:09 +0100 | ||
1437 | 1936 | |||
1438 | 1937 | openldap (2.4.28-1.1ubuntu5) quantal; urgency=low | ||
1439 | 1938 | |||
1440 | 1939 | * debian/rules: Add smbk5pwd build. | ||
1441 | 1940 | * debian/control: Add slapd-smbk5pwd binary package. | ||
1442 | 1941 | * debian/patches/heimdal-fix: adapt parameters of | ||
1443 | 1942 | hdb_generate_key_set_password() to heimdal 1.6~git20120311 | ||
1444 | 1943 | (patch from Debian #664930). | ||
1445 | 1944 | |||
1446 | 1945 | -- Jorge Salamero Sanz <bencer@debian.org> Wed, 18 Jul 2012 09:30:28 -0400 | ||
1447 | 1946 | |||
1448 | 1947 | openldap (2.4.28-1.1ubuntu4) precise; urgency=low | ||
1449 | 1948 | |||
1450 | 1949 | * debian/control: Build-Depends on dh-apparmor (LP: #948481) | ||
1451 | 1950 | |||
1452 | 1951 | -- Jamie Strandboge <jamie@ubuntu.com> Thu, 05 Apr 2012 09:34:37 -0500 | ||
1453 | 1952 | |||
1454 | 1953 | openldap (2.4.28-1.1ubuntu3) precise; urgency=low | ||
1455 | 1954 | |||
1456 | 1955 | * Add its-7176-only-poll-sockets-for-write-as-needed.diff | ||
1457 | 1956 | (LP: #932823). | ||
1458 | 1957 | |||
1459 | 1958 | -- Timo Aaltonen <tjaalton@ubuntu.com> Tue, 21 Feb 2012 15:36:29 +0200 | ||
1460 | 1959 | |||
1461 | 1960 | openldap (2.4.28-1.1ubuntu2) precise; urgency=low | ||
1462 | 1961 | |||
1463 | 1962 | * Remove debian/patches/CVE-2011-4079; it's already in this upstream | ||
1464 | 1963 | version. Fixes FTBFS. | ||
1465 | 1964 | |||
1466 | 1965 | -- Daniel T Chen <crimsun@ubuntu.com> Wed, 25 Jan 2012 17:26:17 -0500 | ||
1467 | 1966 | |||
1468 | 1967 | openldap (2.4.28-1.1ubuntu1) precise; urgency=low | ||
1469 | 1968 | |||
1470 | 1969 | * Merge from Debian testing. Remaining changes: | ||
1471 | 1970 | - Install a default DIT (LP: #442498). | ||
1472 | 1971 | - Document cn=config in README file (LP: #370784). | ||
1473 | 1972 | - remaining changes: | ||
1474 | 1973 | + AppArmor support: | ||
1475 | 1974 | - debian/apparmor-profile: add AppArmor profile | ||
1476 | 1975 | - use dh_apparmor: | ||
1477 | 1976 | - debian/rules: use dh_apparmor | ||
1478 | 1977 | - debian/control: Build-Depends on debhelper 7.4.20ubuntu5 | ||
1479 | 1978 | - updated debian/slapd.README.Debian for note on AppArmor | ||
1480 | 1979 | - debian/slapd.dirs: add etc/apparmor.d/force-complain | ||
1481 | 1980 | + Enable GSSAPI support (LP: #495418): | ||
1482 | 1981 | - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise): | ||
1483 | 1982 | - Add --with-gssapi support | ||
1484 | 1983 | - Make guess_service_principal() more robust when determining | ||
1485 | 1984 | principal | ||
1486 | 1985 | - debian/patches/series: apply gssapi.diff patch. | ||
1487 | 1986 | - debian/configure.options: Configure with --with-gssapi | ||
1488 | 1987 | - debian/control: Added libkrb5-dev as a build depend | ||
1489 | 1988 | + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support | ||
1490 | 1989 | in the openldap library, as required by Likewise-Open (LP: #390579) | ||
1491 | 1990 | + Don't build smbk5pwd overlay since it uses heimdal instead of krb5: | ||
1492 | 1991 | - debian/control: | ||
1493 | 1992 | - remove build-dependency on heimdal-dev. | ||
1494 | 1993 | - remove slapd-smbk5pwd binary package. | ||
1495 | 1994 | - debian/rules: don't build smbk5pwd slapd module. | ||
1496 | 1995 | + debian/{control,rules}: enable PIE hardening | ||
1497 | 1996 | + ufw support (LP: #423246): | ||
1498 | 1997 | - debian/control: suggest ufw. | ||
1499 | 1998 | - debian/rules: install ufw profile. | ||
1500 | 1999 | - debian/slapd.ufw.profile: add ufw profile. | ||
1501 | 2000 | + Enable nssoverlay: | ||
1502 | 2001 | - debian/patches/nssov-build, debian/series, debian/rules: | ||
1503 | 2002 | Apply, build and package the nss overlay. | ||
1504 | 2003 | - debian/schema/extra/misc.ldif: add ldif file for the misc schema | ||
1505 | 2004 | which defines rfc822MailMember (required by the nss overlay). | ||
1506 | 2005 | + debian/rules, debian/schema/extra/: | ||
1507 | 2006 | Fix configure rule to supports extra schemas shipped as part | ||
1508 | 2007 | of the debian/schema/ directory. | ||
1509 | 2008 | + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544) | ||
1510 | 2009 | + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in | ||
1511 | 2010 | neither the default DIT nor via an Authn mapping. | ||
1512 | 2011 | + debian/slapd.scripts-common: adjust minimum version that triggers a | ||
1513 | 2012 | database upgrade. Upgrade from maverick shouldn't trigger database | ||
1514 | 2013 | upgrade (which would happen with the version used in Debian). | ||
1515 | 2014 | + debian/slapd.scripts-common: add slapcat_opts to local variables. | ||
1516 | 2015 | Remove unused variable new_conf. | ||
1517 | 2016 | + debian/slapd.script-common: Fix package reconfiguration. | ||
1518 | 2017 | - Fix backup directory naming for multiple reconfiguration. | ||
1519 | 2018 | + debian/slapd.default, debian/slapd.README.Debian: | ||
1520 | 2019 | use the new configuration style. | ||
1521 | 2020 | + Install nss overlay (LP: #675391): | ||
1522 | 2021 | - debian/rules: run install target for nssov module. | ||
1523 | 2022 | - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema | ||
1524 | 2023 | + debian/patches/gssapi.diff: | ||
1525 | 2024 | - Update patch so that likewise-open is usuable again. (LP: #661547) | ||
1526 | 2025 | + debian/patches/service-operational-before-detach: New patch replacing old one | ||
1527 | 2026 | of the same name as previous could cause database corruption based on upstream commits. | ||
1528 | 2027 | (LP: #727973) | ||
1529 | 2028 | + debian/patches/CVE-2011-4079: fix off by one error in postalAddressNormalize() | ||
1530 | 2029 | (CVE-2011-4079) | ||
1531 | 2030 | |||
1532 | 2031 | |||
1533 | 2032 | -- Chuck Short <zulcss@ubuntu.com> Mon, 23 Jan 2012 10:01:13 -0500 | ||
1534 | 2033 | |||
1535 | 2034 | openldap (2.4.28-1.1) unstable; urgency=low | ||
1536 | 2035 | |||
1537 | 2036 | * Non-maintainer upload. | ||
1538 | 2037 | * Disable the mdb backend on non-Linux, it looks like it doesn't work with | ||
1539 | 2038 | linuxthreads (closes: #654824). | ||
1540 | 2039 | |||
1541 | 2040 | -- Julien Cristau <jcristau@debian.org> Mon, 16 Jan 2012 19:45:42 +0100 | ||
1542 | 2041 | |||
1543 | 704 | openldap (2.4.28-1) unstable; urgency=low | 2042 | openldap (2.4.28-1) unstable; urgency=low |
1544 | 705 | 2043 | ||
1545 | 706 | * New upstream release. | 2044 | * New upstream release. |
1546 | @@ -728,6 +2066,72 @@ openldap (2.4.28-1) unstable; urgency=low | |||
1547 | 728 | 2066 | ||
1548 | 729 | -- Steve Langasek <vorlon@debian.org> Thu, 05 Jan 2012 06:07:11 +0000 | 2067 | -- Steve Langasek <vorlon@debian.org> Thu, 05 Jan 2012 06:07:11 +0000 |
1549 | 730 | 2068 | ||
1550 | 2069 | openldap (2.4.25-4ubuntu1) precise; urgency=low | ||
1551 | 2070 | |||
1552 | 2071 | * Merge from Debian testing. Remaining changes: | ||
1553 | 2072 | - Install a default DIT (LP: #442498). | ||
1554 | 2073 | - Document cn=config in README file (LP: #370784). | ||
1555 | 2074 | - remaining changes: | ||
1556 | 2075 | + AppArmor support: | ||
1557 | 2076 | - debian/apparmor-profile: add AppArmor profile | ||
1558 | 2077 | - use dh_apparmor: | ||
1559 | 2078 | - debian/rules: use dh_apparmor | ||
1560 | 2079 | - debian/control: Build-Depends on debhelper 7.4.20ubuntu5 | ||
1561 | 2080 | - updated debian/slapd.README.Debian for note on AppArmor | ||
1562 | 2081 | - debian/slapd.dirs: add etc/apparmor.d/force-complain | ||
1563 | 2082 | + Enable GSSAPI support (LP: #495418): | ||
1564 | 2083 | - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise): | ||
1565 | 2084 | - Add --with-gssapi support | ||
1566 | 2085 | - Make guess_service_principal() more robust when determining | ||
1567 | 2086 | principal | ||
1568 | 2087 | - debian/patches/series: apply gssapi.diff patch. | ||
1569 | 2088 | - debian/configure.options: Configure with --with-gssapi | ||
1570 | 2089 | - debian/control: Added libkrb5-dev as a build depend | ||
1571 | 2090 | + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support | ||
1572 | 2091 | in the openldap library, as required by Likewise-Open (LP: #390579) | ||
1573 | 2092 | + Don't build smbk5pwd overlay since it uses heimdal instead of krb5: | ||
1574 | 2093 | - debian/control: | ||
1575 | 2094 | - remove build-dependency on heimdal-dev. | ||
1576 | 2095 | - remove slapd-smbk5pwd binary package. | ||
1577 | 2096 | - debian/rules: don't build smbk5pwd slapd module. | ||
1578 | 2097 | + debian/{control,rules}: enable PIE hardening | ||
1579 | 2098 | + ufw support (LP: #423246): | ||
1580 | 2099 | - debian/control: suggest ufw. | ||
1581 | 2100 | - debian/rules: install ufw profile. | ||
1582 | 2101 | - debian/slapd.ufw.profile: add ufw profile. | ||
1583 | 2102 | + Enable nssoverlay: | ||
1584 | 2103 | - debian/patches/nssov-build, debian/series, debian/rules: | ||
1585 | 2104 | Apply, build and package the nss overlay. | ||
1586 | 2105 | - debian/schema/extra/misc.ldif: add ldif file for the misc schema | ||
1587 | 2106 | which defines rfc822MailMember (required by the nss overlay). | ||
1588 | 2107 | + debian/rules, debian/schema/extra/: | ||
1589 | 2108 | Fix configure rule to supports extra schemas shipped as part | ||
1590 | 2109 | of the debian/schema/ directory. | ||
1591 | 2110 | + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544) | ||
1592 | 2111 | + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in | ||
1593 | 2112 | neither the default DIT nor via an Authn mapping. | ||
1594 | 2113 | + debian/slapd.scripts-common: adjust minimum version that triggers a | ||
1595 | 2114 | database upgrade. Upgrade from maverick shouldn't trigger database | ||
1596 | 2115 | upgrade (which would happen with the version used in Debian). | ||
1597 | 2116 | + debian/slapd.scripts-common: add slapcat_opts to local variables. | ||
1598 | 2117 | Remove unused variable new_conf. | ||
1599 | 2118 | + debian/slapd.script-common: Fix package reconfiguration. | ||
1600 | 2119 | - Fix backup directory naming for multiple reconfiguration. | ||
1601 | 2120 | + debian/slapd.default, debian/slapd.README.Debian: | ||
1602 | 2121 | use the new configuration style. | ||
1603 | 2122 | + Install nss overlay (LP: #675391): | ||
1604 | 2123 | - debian/rules: run install target for nssov module. | ||
1605 | 2124 | - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema | ||
1606 | 2125 | + debian/patches/gssapi.diff: | ||
1607 | 2126 | - Update patch so that likewise-open is usuable again. (LP: #661547) | ||
1608 | 2127 | + debian/patches/service-operational-before-detach: New patch replacing old one | ||
1609 | 2128 | of the same name as previous could cause database corruption based on upstream commits. | ||
1610 | 2129 | (LP: #727973) | ||
1611 | 2130 | + debian/patches/CVE-2011-4079: fix off by one error in postalAddressNormalize() | ||
1612 | 2131 | (CVE-2011-4079) | ||
1613 | 2132 | |||
1614 | 2133 | -- Chuck Short <zulcss@ubuntu.com> Tue, 22 Nov 2011 06:17:49 +0000 | ||
1615 | 2134 | |||
1616 | 731 | openldap (2.4.25-4) unstable; urgency=low | 2135 | openldap (2.4.25-4) unstable; urgency=low |
1617 | 732 | 2136 | ||
1618 | 733 | * Drop explicit depends on libdb4.8, since we're now linking against | 2137 | * Drop explicit depends on libdb4.8, since we're now linking against |
1619 | @@ -761,6 +2165,85 @@ openldap (2.4.25-4) unstable; urgency=low | |||
1620 | 761 | 2165 | ||
1621 | 762 | -- Steve Langasek <vorlon@debian.org> Tue, 18 Oct 2011 01:08:34 +0000 | 2166 | -- Steve Langasek <vorlon@debian.org> Tue, 18 Oct 2011 01:08:34 +0000 |
1622 | 763 | 2167 | ||
1623 | 2168 | openldap (2.4.25-3ubuntu3) precise; urgency=low | ||
1624 | 2169 | |||
1625 | 2170 | * Rebuild for Perl 5.14. | ||
1626 | 2171 | |||
1627 | 2172 | -- Colin Watson <cjwatson@ubuntu.com> Tue, 15 Nov 2011 20:50:09 +0000 | ||
1628 | 2173 | |||
1629 | 2174 | openldap (2.4.25-3ubuntu2) precise; urgency=low | ||
1630 | 2175 | |||
1631 | 2176 | * SECURITY UPDATE: potential denial of service (LP: #884163) | ||
1632 | 2177 | - debian/patches/CVE-2011-4079: fix off by one error in | ||
1633 | 2178 | postalAddressNormalize() | ||
1634 | 2179 | - CVE-2011-4079 | ||
1635 | 2180 | |||
1636 | 2181 | -- Jamie Strandboge <jamie@ubuntu.com> Mon, 14 Nov 2011 13:59:56 -0600 | ||
1637 | 2182 | |||
1638 | 2183 | openldap (2.4.25-3ubuntu1) precise; urgency=low | ||
1639 | 2184 | |||
1640 | 2185 | * Merge from debian unstable. Remaining changes: | ||
1641 | 2186 | - Install a default DIT (LP: #442498). | ||
1642 | 2187 | - Document cn=config in README file (LP: #370784). | ||
1643 | 2188 | - remaining changes: | ||
1644 | 2189 | + AppArmor support: | ||
1645 | 2190 | - debian/apparmor-profile: add AppArmor profile | ||
1646 | 2191 | - use dh_apparmor: | ||
1647 | 2192 | - debian/rules: use dh_apparmor | ||
1648 | 2193 | - debian/control: Build-Depends on debhelper 7.4.20ubuntu5 | ||
1649 | 2194 | - updated debian/slapd.README.Debian for note on AppArmor | ||
1650 | 2195 | - debian/slapd.dirs: add etc/apparmor.d/force-complain | ||
1651 | 2196 | + Enable GSSAPI support (LP: #495418): | ||
1652 | 2197 | - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise): | ||
1653 | 2198 | - Add --with-gssapi support | ||
1654 | 2199 | - Make guess_service_principal() more robust when determining | ||
1655 | 2200 | principal | ||
1656 | 2201 | - debian/patches/series: apply gssapi.diff patch. | ||
1657 | 2202 | - debian/configure.options: Configure with --with-gssapi | ||
1658 | 2203 | - debian/control: Added libkrb5-dev as a build depend | ||
1659 | 2204 | + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support | ||
1660 | 2205 | in the openldap library, as required by Likewise-Open (LP: #390579) | ||
1661 | 2206 | + Don't build smbk5pwd overlay since it uses heimdal instead of krb5: | ||
1662 | 2207 | - debian/control: | ||
1663 | 2208 | - remove build-dependency on heimdal-dev. | ||
1664 | 2209 | - remove slapd-smbk5pwd binary package. | ||
1665 | 2210 | - debian/rules: don't build smbk5pwd slapd module. | ||
1666 | 2211 | + debian/{control,rules}: enable PIE hardening | ||
1667 | 2212 | + ufw support (LP: #423246): | ||
1668 | 2213 | - debian/control: suggest ufw. | ||
1669 | 2214 | - debian/rules: install ufw profile. | ||
1670 | 2215 | - debian/slapd.ufw.profile: add ufw profile. | ||
1671 | 2216 | + Enable nssoverlay: | ||
1672 | 2217 | - debian/patches/nssov-build, debian/series, debian/rules: | ||
1673 | 2218 | Apply, build and package the nss overlay. | ||
1674 | 2219 | - debian/schema/extra/misc.ldif: add ldif file for the misc schema | ||
1675 | 2220 | which defines rfc822MailMember (required by the nss overlay). | ||
1676 | 2221 | + debian/rules, debian/schema/extra/: | ||
1677 | 2222 | Fix configure rule to supports extra schemas shipped as part | ||
1678 | 2223 | of the debian/schema/ directory. | ||
1679 | 2224 | + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544) | ||
1680 | 2225 | + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in | ||
1681 | 2226 | neither the default DIT nor via an Authn mapping. | ||
1682 | 2227 | + debian/slapd.scripts-common: adjust minimum version that triggers a | ||
1683 | 2228 | database upgrade. Upgrade from maverick shouldn't trigger database | ||
1684 | 2229 | upgrade (which would happen with the version used in Debian). | ||
1685 | 2230 | + debian/slapd.scripts-common: add slapcat_opts to local variables. | ||
1686 | 2231 | Remove unused variable new_conf. | ||
1687 | 2232 | + debian/slapd.script-common: Fix package reconfiguration. | ||
1688 | 2233 | - Fix backup directory naming for multiple reconfiguration. | ||
1689 | 2234 | + debian/slapd.default, debian/slapd.README.Debian: | ||
1690 | 2235 | use the new configuration style. | ||
1691 | 2236 | + Install nss overlay (LP: #675391): | ||
1692 | 2237 | - debian/rules: run install target for nssov module. | ||
1693 | 2238 | - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema | ||
1694 | 2239 | + debian/patches/gssapi.diff: | ||
1695 | 2240 | - Update patch so that likewise-open is usuable again. (LP: #661547) | ||
1696 | 2241 | + debian/patches/service-operational-before-detach: New patch replacing old one | ||
1697 | 2242 | of the same name as previous could cause database corruption based on upstream commits. | ||
1698 | 2243 | (LP: #727973) | ||
1699 | 2244 | |||
1700 | 2245 | -- Chuck Short <zulcss@ubuntu.com> Wed, 19 Oct 2011 20:53:08 +0000 | ||
1701 | 2246 | |||
1702 | 764 | openldap (2.4.25-3) unstable; urgency=low | 2247 | openldap (2.4.25-3) unstable; urgency=low |
1703 | 765 | 2248 | ||
1704 | 766 | * Brown paper bag: really fix the .links.in handling, so we don't generate | 2249 | * Brown paper bag: really fix the .links.in handling, so we don't generate |
1705 | @@ -783,6 +2266,92 @@ openldap (2.4.25-2) unstable; urgency=low | |||
1706 | 783 | 2266 | ||
1707 | 784 | -- Steve Langasek <vorlon@debian.org> Sun, 14 Aug 2011 23:17:09 -0700 | 2267 | -- Steve Langasek <vorlon@debian.org> Sun, 14 Aug 2011 23:17:09 -0700 |
1708 | 785 | 2268 | ||
1709 | 2269 | openldap (2.4.25-1.1ubuntu4) oneiric; urgency=low | ||
1710 | 2270 | |||
1711 | 2271 | * Brown paper bag: really fix the .links.in handling, so we don't generate | ||
1712 | 2272 | broken /usr/lib/${DEB_HOST_MULTIARCH} dirs. | ||
1713 | 2273 | |||
1714 | 2274 | -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 15 Aug 2011 09:43:29 +0000 | ||
1715 | 2275 | |||
1716 | 2276 | openldap (2.4.25-1.1ubuntu3) oneiric; urgency=low | ||
1717 | 2277 | |||
1718 | 2278 | * Cherry-pick multiarch support from Debian (LP: #826601): | ||
1719 | 2279 | - Bump to compat level 7, so we don't have to spell out debian/tmp in | ||
1720 | 2280 | every single .install file | ||
1721 | 2281 | - Build for multiarch. | ||
1722 | 2282 | |||
1723 | 2283 | -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 15 Aug 2011 02:23:43 -0700 | ||
1724 | 2284 | |||
1725 | 2285 | openldap (2.4.25-1.1ubuntu2) oneiric; urgency=low | ||
1726 | 2286 | |||
1727 | 2287 | * debian/apparmor-profile: Allow /var/run and /run. (LP: #810270) | ||
1728 | 2288 | |||
1729 | 2289 | -- Martin Pitt <martin.pitt@ubuntu.com> Thu, 14 Jul 2011 15:18:02 +0200 | ||
1730 | 2290 | |||
1731 | 2291 | openldap (2.4.25-1.1ubuntu1) oneiric; urgency=low | ||
1732 | 2292 | |||
1733 | 2293 | * Merge from debian unstable. Remaining changes: | ||
1734 | 2294 | - Install a default DIT (LP: #442498). | ||
1735 | 2295 | - Document cn=config in README file (LP: #370784). | ||
1736 | 2296 | - remaining changes: | ||
1737 | 2297 | + AppArmor support: | ||
1738 | 2298 | - debian/apparmor-profile: add AppArmor profile | ||
1739 | 2299 | - use dh_apparmor: | ||
1740 | 2300 | - debian/rules: use dh_apparmor | ||
1741 | 2301 | - debian/control: Build-Depends on debhelper 7.4.20ubuntu5 | ||
1742 | 2302 | - updated debian/slapd.README.Debian for note on AppArmor | ||
1743 | 2303 | - debian/slapd.dirs: add etc/apparmor.d/force-complain | ||
1744 | 2304 | + Enable GSSAPI support (LP: #495418): | ||
1745 | 2305 | - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise): | ||
1746 | 2306 | - Add --with-gssapi support | ||
1747 | 2307 | - Make guess_service_principal() more robust when determining | ||
1748 | 2308 | principal | ||
1749 | 2309 | - debian/patches/series: apply gssapi.diff patch. | ||
1750 | 2310 | - debian/configure.options: Configure with --with-gssapi | ||
1751 | 2311 | - debian/control: Added libkrb5-dev as a build depend | ||
1752 | 2312 | + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support | ||
1753 | 2313 | in the openldap library, as required by Likewise-Open (LP: #390579) | ||
1754 | 2314 | + Don't build smbk5pwd overlay since it uses heimdal instead of krb5: | ||
1755 | 2315 | - debian/control: | ||
1756 | 2316 | - remove build-dependency on heimdal-dev. | ||
1757 | 2317 | - remove slapd-smbk5pwd binary package. | ||
1758 | 2318 | - debian/rules: don't build smbk5pwd slapd module. | ||
1759 | 2319 | + debian/{control,rules}: enable PIE hardening | ||
1760 | 2320 | + ufw support (LP: #423246): | ||
1761 | 2321 | - debian/control: suggest ufw. | ||
1762 | 2322 | - debian/rules: install ufw profile. | ||
1763 | 2323 | - debian/slapd.ufw.profile: add ufw profile. | ||
1764 | 2324 | + Enable nssoverlay: | ||
1765 | 2325 | - debian/patches/nssov-build, debian/series, debian/rules: | ||
1766 | 2326 | Apply, build and package the nss overlay. | ||
1767 | 2327 | - debian/schema/extra/misc.ldif: add ldif file for the misc schema | ||
1768 | 2328 | which defines rfc822MailMember (required by the nss overlay). | ||
1769 | 2329 | + debian/rules, debian/schema/extra/: | ||
1770 | 2330 | Fix configure rule to supports extra schemas shipped as part | ||
1771 | 2331 | of the debian/schema/ directory. | ||
1772 | 2332 | + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544) | ||
1773 | 2333 | + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in | ||
1774 | 2334 | neither the default DIT nor via an Authn mapping. | ||
1775 | 2335 | + debian/slapd.scripts-common: adjust minimum version that triggers a | ||
1776 | 2336 | database upgrade. Upgrade from maverick shouldn't trigger database | ||
1777 | 2337 | upgrade (which would happen with the version used in Debian). | ||
1778 | 2338 | + debian/slapd.scripts-common: add slapcat_opts to local variables. | ||
1779 | 2339 | Remove unused variable new_conf. | ||
1780 | 2340 | + debian/slapd.script-common: Fix package reconfiguration. | ||
1781 | 2341 | - Fix backup directory naming for multiple reconfiguration. | ||
1782 | 2342 | + debian/slapd.default, debian/slapd.README.Debian: | ||
1783 | 2343 | use the new configuration style. | ||
1784 | 2344 | + Install nss overlay (LP: #675391): | ||
1785 | 2345 | - debian/rules: run install target for nssov module. | ||
1786 | 2346 | - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema | ||
1787 | 2347 | + debian/patches/gssapi.diff: | ||
1788 | 2348 | - Update patch so that likewise-open is usuable again. (LP: #661547) | ||
1789 | 2349 | + debian/patches/service-operational-before-detach: New patch replacing old one | ||
1790 | 2350 | of the same name as previous could cause database corruption based on upstream commits. | ||
1791 | 2351 | (LP: #727973) | ||
1792 | 2352 | |||
1793 | 2353 | -- Chuck Short <zulcss@ubuntu.com> Sun, 05 Jun 2011 17:38:40 +0100 | ||
1794 | 2354 | |||
1795 | 786 | openldap (2.4.25-1.1) unstable; urgency=low | 2355 | openldap (2.4.25-1.1) unstable; urgency=low |
1796 | 787 | 2356 | ||
1797 | 788 | * Non-maintainer upload to fix RC bug. | 2357 | * Non-maintainer upload to fix RC bug. |
1798 | @@ -790,6 +2359,75 @@ openldap (2.4.25-1.1) unstable; urgency=low | |||
1799 | 790 | 2359 | ||
1800 | 791 | -- Thijs Kinkhorst <thijs@debian.org> Tue, 31 May 2011 11:57:29 +0200 | 2360 | -- Thijs Kinkhorst <thijs@debian.org> Tue, 31 May 2011 11:57:29 +0200 |
1801 | 792 | 2361 | ||
1802 | 2362 | openldap (2.4.25-1ubuntu1) oneiric; urgency=low | ||
1803 | 2363 | |||
1804 | 2364 | * Merge from debian unstable. Remaining changes: | ||
1805 | 2365 | - Install a default DIT (LP: #442498). | ||
1806 | 2366 | - Document cn=config in README file (LP: #370784). | ||
1807 | 2367 | - remaining changes: | ||
1808 | 2368 | + AppArmor support: | ||
1809 | 2369 | - debian/apparmor-profile: add AppArmor profile | ||
1810 | 2370 | - use dh_apparmor: | ||
1811 | 2371 | - debian/rules: use dh_apparmor | ||
1812 | 2372 | - debian/control: Build-Depends on debhelper 7.4.20ubuntu5 | ||
1813 | 2373 | - updated debian/slapd.README.Debian for note on AppArmor | ||
1814 | 2374 | - debian/slapd.dirs: add etc/apparmor.d/force-complain | ||
1815 | 2375 | + Enable GSSAPI support (LP: #495418): | ||
1816 | 2376 | - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise): | ||
1817 | 2377 | - Add --with-gssapi support | ||
1818 | 2378 | - Make guess_service_principal() more robust when determining | ||
1819 | 2379 | principal | ||
1820 | 2380 | - debian/patches/series: apply gssapi.diff patch. | ||
1821 | 2381 | - debian/configure.options: Configure with --with-gssapi | ||
1822 | 2382 | - debian/control: Added libkrb5-dev as a build depend | ||
1823 | 2383 | + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support | ||
1824 | 2384 | in the openldap library, as required by Likewise-Open (LP: #390579) | ||
1825 | 2385 | + Don't build smbk5pwd overlay since it uses heimdal instead of krb5: | ||
1826 | 2386 | - debian/control: | ||
1827 | 2387 | - remove build-dependency on heimdal-dev. | ||
1828 | 2388 | - remove slapd-smbk5pwd binary package. | ||
1829 | 2389 | - debian/rules: don't build smbk5pwd slapd module. | ||
1830 | 2390 | + debian/{control,rules}: enable PIE hardening | ||
1831 | 2391 | + ufw support (LP: #423246): | ||
1832 | 2392 | - debian/control: suggest ufw. | ||
1833 | 2393 | - debian/rules: install ufw profile. | ||
1834 | 2394 | - debian/slapd.ufw.profile: add ufw profile. | ||
1835 | 2395 | + Enable nssoverlay: | ||
1836 | 2396 | - debian/patches/nssov-build, debian/series, debian/rules: | ||
1837 | 2397 | Apply, build and package the nss overlay. | ||
1838 | 2398 | - debian/schema/extra/misc.ldif: add ldif file for the misc schema | ||
1839 | 2399 | which defines rfc822MailMember (required by the nss overlay). | ||
1840 | 2400 | + debian/rules, debian/schema/extra/: | ||
1841 | 2401 | Fix configure rule to supports extra schemas shipped as part | ||
1842 | 2402 | of the debian/schema/ directory. | ||
1843 | 2403 | + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544) | ||
1844 | 2404 | + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in | ||
1845 | 2405 | neither the default DIT nor via an Authn mapping. | ||
1846 | 2406 | + debian/slapd.scripts-common: adjust minimum version that triggers a | ||
1847 | 2407 | database upgrade. Upgrade from maverick shouldn't trigger database | ||
1848 | 2408 | upgrade (which would happen with the version used in Debian). | ||
1849 | 2409 | + debian/slapd.scripts-common: add slapcat_opts to local variables. | ||
1850 | 2410 | Remove unused variable new_conf. | ||
1851 | 2411 | + debian/slapd.script-common: Fix package reconfiguration. | ||
1852 | 2412 | - Fix backup directory naming for multiple reconfiguration. | ||
1853 | 2413 | + debian/slapd.default, debian/slapd.README.Debian: | ||
1854 | 2414 | use the new configuration style. | ||
1855 | 2415 | + Install nss overlay (LP: #675391): | ||
1856 | 2416 | - debian/rules: run install target for nssov module. | ||
1857 | 2417 | - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema | ||
1858 | 2418 | + debian/patches/gssapi.diff: | ||
1859 | 2419 | - Update patch so that likewise-open is usuable again. (LP: #661547) | ||
1860 | 2420 | + debian/patches/service-operational-before-detach: New patch replacing old one | ||
1861 | 2421 | of the same name as previous could cause database corruption based on upstream commits. | ||
1862 | 2422 | (LP: #727973) | ||
1863 | 2423 | + Dropped: | ||
1864 | 2424 | - debian/patches/gold: Use the debian version instead | ||
1865 | 2425 | - debian/patches/CVE-2011-1024: Fixed upstream | ||
1866 | 2426 | - debian/patches/CVE-2011-1025: Fixed upstream | ||
1867 | 2427 | - debian/patches/CVE-2011-1081: Fixed upstream | ||
1868 | 2428 | |||
1869 | 2429 | -- Chuck Short <zulcss@ubuntu.com> Sun, 08 May 2011 16:34:09 +0100 | ||
1870 | 2430 | |||
1871 | 793 | openldap (2.4.25-1) unstable; urgency=low | 2431 | openldap (2.4.25-1) unstable; urgency=low |
1872 | 794 | 2432 | ||
1873 | 795 | * New upstream version (Closes: #617606, #618904, #606815, #608813) | 2433 | * New upstream version (Closes: #617606, #618904, #606815, #608813) |
1874 | @@ -821,6 +2459,116 @@ openldap (2.4.23-7) unstable; urgency=low | |||
1875 | 821 | 2459 | ||
1876 | 822 | -- Matthijs Mohlmann <matthijs@cacholong.nl> Sat, 06 Nov 2010 12:13:01 +0100 | 2460 | -- Matthijs Mohlmann <matthijs@cacholong.nl> Sat, 06 Nov 2010 12:13:01 +0100 |
1877 | 823 | 2461 | ||
1878 | 2462 | openldap (2.4.23-6ubuntu7) oneiric; urgency=low | ||
1879 | 2463 | |||
1880 | 2464 | * Rebuild for Perl 5.12. | ||
1881 | 2465 | |||
1882 | 2466 | -- Colin Watson <cjwatson@ubuntu.com> Sun, 08 May 2011 13:40:28 +0100 | ||
1883 | 2467 | |||
1884 | 2468 | openldap (2.4.23-6ubuntu6) natty; urgency=low | ||
1885 | 2469 | |||
1886 | 2470 | * SECURITY UPDATE: fix successful anonymous bind via chain overlay when | ||
1887 | 2471 | using forwarded authentication failures | ||
1888 | 2472 | - debian/patches/CVE-2011-1024 | ||
1889 | 2473 | - CVE-2011-1024 | ||
1890 | 2474 | * SECURITY UPDATE: verify password when authenticating to rootdn and using ndb | ||
1891 | 2475 | backend. Note: Ubuntu is not compiled with --enable-ndb by default | ||
1892 | 2476 | - debian/patches/CVE-2011-1025 | ||
1893 | 2477 | - CVE-2011-1025 | ||
1894 | 2478 | * SECURITY UPDATE: fix DoS when processing unauthenticated modrdn requests | ||
1895 | 2479 | and requestDN is empty | ||
1896 | 2480 | - debian/patches/CVE-2011-1081 | ||
1897 | 2481 | - CVE-2011-1081 | ||
1898 | 2482 | - LP: #742104 | ||
1899 | 2483 | |||
1900 | 2484 | -- Jamie Strandboge <jamie@ubuntu.com> Thu, 07 Apr 2011 11:36:53 -0500 | ||
1901 | 2485 | |||
1902 | 2486 | openldap (2.4.23-6ubuntu5) natty; urgency=low | ||
1903 | 2487 | |||
1904 | 2488 | * debian/patches/service-operational-before-detach: New patch replacing | ||
1905 | 2489 | old one of same name as previous could cause database corruption, | ||
1906 | 2490 | based on upstream commits. (LP: #727973) | ||
1907 | 2491 | |||
1908 | 2492 | -- Dave Walker (Daviey) <DaveWalker@ubuntu.com> Wed, 02 Mar 2011 20:33:08 +0000 | ||
1909 | 2493 | |||
1910 | 2494 | openldap (2.4.23-6ubuntu4) natty; urgency=low | ||
1911 | 2495 | |||
1912 | 2496 | * Fix FTBFS with ld.gold. | ||
1913 | 2497 | |||
1914 | 2498 | -- Matthias Klose <doko@ubuntu.com> Wed, 19 Jan 2011 07:39:49 +0100 | ||
1915 | 2499 | |||
1916 | 2500 | openldap (2.4.23-6ubuntu3) natty; urgency=low | ||
1917 | 2501 | |||
1918 | 2502 | * debian/patches/gssapi.diff: | ||
1919 | 2503 | Update patch so that likewise-open is usable again (LP: #661547) | ||
1920 | 2504 | |||
1921 | 2505 | -- Thierry Carrez (ttx) <thierry.carrez@ubuntu.com> Fri, 26 Nov 2010 15:50:11 +0100 | ||
1922 | 2506 | |||
1923 | 2507 | openldap (2.4.23-6ubuntu2) natty; urgency=low | ||
1924 | 2508 | |||
1925 | 2509 | * Install nss overlay (LP: #675391): | ||
1926 | 2510 | - debian/rules: run install target for nssov module. | ||
1927 | 2511 | - debian/patches/nssov-build: fix patch to install schema in | ||
1928 | 2512 | /etc/ldap/schema. | ||
1929 | 2513 | |||
1930 | 2514 | -- Mathias Gug <mathiaz@ubuntu.com> Wed, 17 Nov 2010 18:16:42 -0500 | ||
1931 | 2515 | |||
1932 | 2516 | openldap (2.4.23-6ubuntu1) natty; urgency=low | ||
1933 | 2517 | |||
1934 | 2518 | * Merge from Debian unstable: | ||
1935 | 2519 | - Install a default DIT (LP: #442498). | ||
1936 | 2520 | - Document cn=config in README file (LP: #370784). | ||
1937 | 2521 | - remaining changes: | ||
1938 | 2522 | + AppArmor support: | ||
1939 | 2523 | - debian/apparmor-profile: add AppArmor profile | ||
1940 | 2524 | - use dh_apparmor: | ||
1941 | 2525 | - debian/rules: use dh_apparmor | ||
1942 | 2526 | - debian/control: Build-Depends on debhelper 7.4.20ubuntu5 | ||
1943 | 2527 | - updated debian/slapd.README.Debian for note on AppArmor | ||
1944 | 2528 | - debian/slapd.dirs: add etc/apparmor.d/force-complain | ||
1945 | 2529 | + Enable GSSAPI support (LP: #495418): | ||
1946 | 2530 | - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise): | ||
1947 | 2531 | - Add --with-gssapi support | ||
1948 | 2532 | - Make guess_service_principal() more robust when determining | ||
1949 | 2533 | principal | ||
1950 | 2534 | - debian/patches/series: apply gssapi.diff patch. | ||
1951 | 2535 | - debian/configure.options: Configure with --with-gssapi | ||
1952 | 2536 | - debian/control: Added libkrb5-dev as a build depend | ||
1953 | 2537 | + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support | ||
1954 | 2538 | in the openldap library, as required by Likewise-Open (LP: #390579) | ||
1955 | 2539 | + Don't build smbk5pwd overlay since it uses heimdal instead of krb5: | ||
1956 | 2540 | - debian/control: | ||
1957 | 2541 | - remove build-dependency on heimdal-dev. | ||
1958 | 2542 | - remove slapd-smbk5pwd binary package. | ||
1959 | 2543 | - debian/rules: don't build smbk5pwd slapd module. | ||
1960 | 2544 | + debian/{control,rules}: enable PIE hardening | ||
1961 | 2545 | + ufw support (LP: #423246): | ||
1962 | 2546 | - debian/control: suggest ufw. | ||
1963 | 2547 | - debian/rules: install ufw profile. | ||
1964 | 2548 | - debian/slapd.ufw.profile: add ufw profile. | ||
1965 | 2549 | + Enable nssoverlay: | ||
1966 | 2550 | - debian/patches/nssov-build, debian/series, debian/rules: | ||
1967 | 2551 | Apply, build and package the nss overlay. | ||
1968 | 2552 | - debian/schema/extra/misc.ldif: add ldif file for the misc schema | ||
1969 | 2553 | which defines rfc822MailMember (required by the nss overlay). | ||
1970 | 2554 | + debian/rules, debian/schema/extra/: | ||
1971 | 2555 | Fix configure rule to supports extra schemas shipped as part | ||
1972 | 2556 | of the debian/schema/ directory. | ||
1973 | 2557 | + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544) | ||
1974 | 2558 | + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in | ||
1975 | 2559 | neither the default DIT nor via an Authn mapping. | ||
1976 | 2560 | + debian/slapd.scripts-common: adjust minimum version that triggers a | ||
1977 | 2561 | database upgrade. Upgrade from maverick shouldn't trigger database | ||
1978 | 2562 | upgrade (which would happen with the version used in Debian). | ||
1979 | 2563 | + debian/slapd.scripts-common: add slapcat_opts to local variables. | ||
1980 | 2564 | Remove unused variable new_conf. | ||
1981 | 2565 | + debian/slapd.script-common: Fix package reconfiguration. | ||
1982 | 2566 | - Fix backup directory naming for multiple reconfiguration. | ||
1983 | 2567 | + debian/slapd.default, debian/slapd.README.Debian: | ||
1984 | 2568 | use the new configuration style. | ||
1985 | 2569 | |||
1986 | 2570 | -- Mathias Gug <mathiaz@ubuntu.com> Fri, 12 Nov 2010 15:19:07 -0500 | ||
1987 | 2571 | |||
1988 | 824 | openldap (2.4.23-6) unstable; urgency=high | 2572 | openldap (2.4.23-6) unstable; urgency=high |
1989 | 825 | 2573 | ||
1990 | 826 | * Check for an empty directory to prevent an rm -f /*. (Closes: #597704) | 2574 | * Check for an empty directory to prevent an rm -f /*. (Closes: #597704) |
1991 | @@ -943,6 +2691,80 @@ openldap (2.4.23-1) unstable; urgency=low | |||
1992 | 943 | 2691 | ||
1993 | 944 | -- Matthijs Mohlmann <matthijs@cacholong.nl> Mon, 12 Jul 2010 13:25:00 +0200 | 2692 | -- Matthijs Mohlmann <matthijs@cacholong.nl> Mon, 12 Jul 2010 13:25:00 +0200 |
1994 | 945 | 2693 | ||
1995 | 2694 | openldap (2.4.23-0ubuntu4) natty; urgency=low | ||
1996 | 2695 | |||
1997 | 2696 | * debian/slapd.templates: amended typo in slapd/move_old_database | ||
1998 | 2697 | (LP: #666028) | ||
1999 | 2698 | |||
2000 | 2699 | -- James Page <james.page@canonical.com> Mon, 08 Nov 2010 10:00:58 +0000 | ||
2001 | 2700 | |||
2002 | 2701 | openldap (2.4.23-0ubuntu3.2) maverick-proposed; urgency=low | ||
2003 | 2702 | |||
2004 | 2703 | * debian/slapd.templates: re-add slapd/move_old_database template as it's | ||
2005 | 2704 | used during the package upgrade. Thanks to James Page for pointing it. | ||
2006 | 2705 | * debian/slapd.config: restore debconf question slapd/move_old_database. | ||
2007 | 2706 | |||
2008 | 2707 | -- Mathias Gug <mathiaz@ubuntu.com> Thu, 14 Oct 2010 16:56:38 -0400 | ||
2009 | 2708 | |||
2010 | 2709 | openldap (2.4.23-0ubuntu3.1) maverick-proposed; urgency=low | ||
2011 | 2710 | |||
2012 | 2711 | [ James Page ] | ||
2013 | 2712 | * Fixed install/upgrade process to dump/restore databases due | ||
2014 | 2713 | to uplift to libdb4.8-dev (LP: #658227) | ||
2015 | 2714 | |||
2016 | 2715 | -- Mathias Gug <mathiaz@ubuntu.com> Thu, 14 Oct 2010 14:50:49 -0400 | ||
2017 | 2716 | |||
2018 | 2717 | openldap (2.4.23-0ubuntu3) maverick; urgency=low | ||
2019 | 2718 | |||
2020 | 2719 | * debian/rules: move dh_apparmor before dh_installinit | ||
2021 | 2720 | |||
2022 | 2721 | -- Jamie Strandboge <jamie@ubuntu.com> Fri, 06 Aug 2010 17:34:21 -0500 | ||
2023 | 2722 | |||
2024 | 2723 | openldap (2.4.23-0ubuntu2) maverick; urgency=low | ||
2025 | 2724 | |||
2026 | 2725 | * convert to using dh_apparmor: | ||
2027 | 2726 | - debian/rules, debian/slapd.post{inst,rm}: use dh_apparmor | ||
2028 | 2727 | - debian/control: Build-Depends on debhelper 7.4.20ubuntu5 | ||
2029 | 2728 | * debian/apparmor-profile: use local include | ||
2030 | 2729 | |||
2031 | 2730 | -- Jamie Strandboge <jamie@ubuntu.com> Fri, 06 Aug 2010 15:08:55 -0500 | ||
2032 | 2731 | |||
2033 | 2732 | openldap (2.4.23-0ubuntu1) maverick; urgency=low | ||
2034 | 2733 | |||
2035 | 2734 | * New release, features include: | ||
2036 | 2735 | + Fixed libldap to return server's error code (ITS#6569) | ||
2037 | 2736 | + Fixed libldap memleaks (ITS#6568) | ||
2038 | 2737 | + Fixed liblutil off-by-one with delta (ITS#6541) | ||
2039 | 2738 | + Fixed slapd acls with glued databases (ITS#6468) | ||
2040 | 2739 | + Fixed slapd syncrepl rid logging (ITS#6533) | ||
2041 | 2740 | + Fixed slapd modrdn handling of invalid values (ITS#6570) | ||
2042 | 2741 | + Fixed slapd-bdb hasSubordinates computation (ITS#6549) | ||
2043 | 2742 | + Fixed slapd-bdb to use memcpy instead for strcpy (ITS#6474) | ||
2044 | 2743 | + Fixed slapd-bdb entry cache delete failure (ITS#6577) | ||
2045 | 2744 | + Fixed slapd-ldap to return control responses (ITS#6530) | ||
2046 | 2745 | + Fixed slapo-ppolicy to use Debug (ITS#6566) | ||
2047 | 2746 | + Fixed slapo-refint to zero out freed DN vals (ITS#6572) | ||
2048 | 2747 | + Fixed slapo-rwm to use Debug (ITS#6566) | ||
2049 | 2748 | + Fixed slapo-sssvlv to use Debug (ITS#6566) | ||
2050 | 2749 | + Fixed slapo-syncprov lost deletes in refresh phase (ITS#6555) | ||
2051 | 2750 | + Fixed slapo-valsort to use Debug (ITS#6566) | ||
2052 | 2751 | + Fixed contrib/nssov network.c missing patch (ITS#6562) | ||
2053 | 2752 | + Fixed test043 attribute sorting (ITS#6553) | ||
2054 | 2753 | + slapd-config(5) note default rootdn (ITS#6546) | ||
2055 | 2754 | * Rebased patches debian/patches/dropped nssov-build | ||
2056 | 2755 | * Resynchronize with Debian: | ||
2057 | 2756 | + debian/control: | ||
2058 | 2757 | - Bump standards-version to 3.9.0 | ||
2059 | 2758 | - Use libdb4.8-dev (LP: #572489) | ||
2060 | 2759 | + Added debian/patches/issue-6534-patch | ||
2061 | 2760 | + Added debian/patches/ldap-conf-tls-cacertdir | ||
2062 | 2761 | * Add ufw support, thanks to PatRiehecky (LP: #423246) | ||
2063 | 2762 | |||
2064 | 2763 | [Adam Sommer] | ||
2065 | 2764 | * debian/rules, debian/slapd.py: Add apport hook. (LP: #610544) | ||
2066 | 2765 | |||
2067 | 2766 | -- Chuck Short <zulcss@ubuntu.com> Wed, 28 Jul 2010 11:35:16 -0400 | ||
2068 | 2767 | |||
2069 | 946 | openldap (2.4.21-1) unstable; urgency=low | 2768 | openldap (2.4.21-1) unstable; urgency=low |
2070 | 947 | 2769 | ||
2071 | 948 | [ Steve Langasek ] | 2770 | [ Steve Langasek ] |
2072 | @@ -974,6 +2796,79 @@ openldap (2.4.21-1) unstable; urgency=low | |||
2073 | 974 | 2796 | ||
2074 | 975 | -- Matthijs Mohlmann <matthijs@cacholong.nl> Thu, 22 Apr 2010 23:40:30 +0200 | 2797 | -- Matthijs Mohlmann <matthijs@cacholong.nl> Thu, 22 Apr 2010 23:40:30 +0200 |
2075 | 976 | 2798 | ||
2076 | 2799 | openldap (2.4.21-0ubuntu5) lucid; urgency=low | ||
2077 | 2800 | |||
2078 | 2801 | * Fix local root connection access: replace olcAuthzRegexp mapping to | ||
2079 | 2802 | cn=localroot,cn=config with using the SASL dn directly in olcAccess. | ||
2080 | 2803 | Makes upgrades much simpler and robust (LP: #563829). | ||
2081 | 2804 | |||
2082 | 2805 | -- Mathias Gug <mathiaz@ubuntu.com> Fri, 23 Apr 2010 00:23:31 -0400 | ||
2083 | 2806 | |||
2084 | 2807 | openldap (2.4.21-0ubuntu4) lucid; urgency=low | ||
2085 | 2808 | |||
2086 | 2809 | [ Simon Olofsson ] | ||
2087 | 2810 | * debian/slapd.postinst: | ||
2088 | 2811 | - Show a message after successful migration (LP: #538848) | ||
2089 | 2812 | |||
2090 | 2813 | [ Jorgen Rosink ] | ||
2091 | 2814 | * debian/slapd.init: add simple status checking with LSB compatible exit | ||
2092 | 2815 | codes (LP: #562377) | ||
2093 | 2816 | * debian/slapd.init.ldif: | ||
2094 | 2817 | - remove admin user in default config database (LP: #556176) | ||
2095 | 2818 | - in default config, add olcAccess entries giving access to controls | ||
2096 | 2819 | available and cn=subschema (LP: #427842) | ||
2097 | 2820 | |||
2098 | 2821 | [ Scott Moser ] | ||
2099 | 2822 | * debian/slapd.scripts-common: Do not create /nonexistent directory | ||
2100 | 2823 | for openldap user's home (LP: #556176) | ||
2101 | 2824 | * debian/slapd.postinst: fix cn=config olcAccess migration (LP: #559070) | ||
2102 | 2825 | |||
2103 | 2826 | -- Scott Moser <smoser@ubuntu.com> Mon, 12 Apr 2010 16:16:47 -0400 | ||
2104 | 2827 | |||
2105 | 2828 | openldap (2.4.21-0ubuntu3) lucid; urgency=low | ||
2106 | 2829 | |||
2107 | 2830 | * debian/slapd.postinst, debian/slapd.scripts-common: Upgrade databases | ||
2108 | 2831 | before trying to convert to slapd.d, to avoid upgrade failure from hardy | ||
2109 | 2832 | (LP: #536958) | ||
2110 | 2833 | * debian/slapd.postinst: Add a {1} numeric index to olcAccess entry in | ||
2111 | 2834 | olcDatabase={0}config.ldif to avoid upgrade failures (LP: #538516, #526230) | ||
2112 | 2835 | |||
2113 | 2836 | -- Thierry Carrez <thierry.carrez@ubuntu.com> Mon, 29 Mar 2010 13:31:47 +0200 | ||
2114 | 2837 | |||
2115 | 2838 | openldap (2.4.21-0ubuntu2) lucid; urgency=low | ||
2116 | 2839 | |||
2117 | 2840 | * debian/apparmor-profile: Update apparmor profile. (LP: #508190) | ||
2118 | 2841 | |||
2119 | 2842 | -- Chuck Short <zulcss@ubuntu.com> Tue, 09 Mar 2010 13:33:35 -0500 | ||
2120 | 2843 | |||
2121 | 2844 | openldap (2.4.21-0ubuntu1) lucid; urgency=low | ||
2122 | 2845 | |||
2123 | 2846 | * New upstream release. | ||
2124 | 2847 | * debian/rules, debian/schema/extra/: | ||
2125 | 2848 | Fix get-orig-source rule to supports extra schemas shipped as part of the | ||
2126 | 2849 | debian/schema/ directory. | ||
2127 | 2850 | |||
2128 | 2851 | -- Mathias Gug <mathiaz@ubuntu.com> Thu, 18 Feb 2010 00:58:13 -0500 | ||
2129 | 2852 | |||
2130 | 2853 | openldap (2.4.18-0ubuntu2) lucid; urgency=low | ||
2131 | 2854 | |||
2132 | 2855 | * debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise): | ||
2133 | 2856 | - Add --with-gssapi support | ||
2134 | 2857 | - Make guess_service_principal() more robust when determining principal | ||
2135 | 2858 | * Enable GSSAPI support (LP: #495418): | ||
2136 | 2859 | - debian/configure.options: Configure with --with-gssapi | ||
2137 | 2860 | - debian/control: Added libkrb5-dev as a build depend | ||
2138 | 2861 | |||
2139 | 2862 | -- Thierry Carrez <thierry.carrez@ubuntu.com> Fri, 11 Dec 2009 11:31:11 +0100 | ||
2140 | 2863 | |||
2141 | 2864 | openldap (2.4.18-0ubuntu1) karmic; urgency=low | ||
2142 | 2865 | |||
2143 | 2866 | * New upstream release: (LP: #419515): | ||
2144 | 2867 | + pcache overlay supports disconnected mode. | ||
2145 | 2868 | * Fix nss overlay load (LP: #417163). | ||
2146 | 2869 | |||
2147 | 2870 | -- Mathias Gug <mathiaz@ubuntu.com> Mon, 07 Sep 2009 13:41:10 -0400 | ||
2148 | 2871 | |||
2149 | 977 | openldap (2.4.17-2.1) unstable; urgency=high | 2872 | openldap (2.4.17-2.1) unstable; urgency=high |
2150 | 978 | 2873 | ||
2151 | 979 | * Non-maintainer upload by the Security Team. | 2874 | * Non-maintainer upload by the Security Team. |
2152 | @@ -1000,6 +2895,108 @@ openldap (2.4.17-2) unstable; urgency=low | |||
2153 | 1000 | 2895 | ||
2154 | 1001 | -- Steve Langasek <vorlon@debian.org> Tue, 22 Sep 2009 20:06:34 -0700 | 2896 | -- Steve Langasek <vorlon@debian.org> Tue, 22 Sep 2009 20:06:34 -0700 |
2155 | 1002 | 2897 | ||
2156 | 2898 | openldap (2.4.17-1ubuntu3) karmic; urgency=low | ||
2157 | 2899 | |||
2158 | 2900 | * Install a minimal slapd configuration instead of creating a default | ||
2159 | 2901 | database with a default DIT: | ||
2160 | 2902 | + Move openldap user home from /var/lib/ldap to /nonexistent. | ||
2161 | 2903 | + Remove all code and templates dealing with the default database and DIT | ||
2162 | 2904 | creation. | ||
2163 | 2905 | + Add an Authz map from root user (UID=0) to cn=localroot,cn=config and | ||
2164 | 2906 | grant all access to the latter in the cn=config database as well as the | ||
2165 | 2907 | default backend configuration. | ||
2166 | 2908 | * Add cn=localroot,cn=config authz mapping on upgrades. | ||
2167 | 2909 | |||
2168 | 2910 | -- Mathias Gug <mathiaz@ubuntu.com> Tue, 11 Aug 2009 14:48:56 -0400 | ||
2169 | 2911 | |||
2170 | 2912 | openldap (2.4.17-1ubuntu2) karmic; urgency=low | ||
2171 | 2913 | |||
2172 | 2914 | [ Thierry Carrez ] | ||
2173 | 2915 | * debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support | ||
2174 | 2916 | in the openldap library, as required by Likewise-Open (LP: #390579) | ||
2175 | 2917 | |||
2176 | 2918 | [ Mathias Gug ] | ||
2177 | 2919 | * debian/patches/its6077-uniqueness-overlay: fixes some issues with the | ||
2178 | 2920 | uniqueness overlay. | ||
2179 | 2921 | * debian/patches/its6220-writetimeout-directive: fixes a problem with the | ||
2180 | 2922 | writetimeout directive being in effect even if it wasn't set, | ||
2181 | 2923 | closing connections incorrectly. | ||
2182 | 2924 | * debian/patches/its6222-dncachesize-parameter: fixes the behavior of the | ||
2183 | 2925 | dncachesize parameter that was added in RE24, so that if it is set to | ||
2184 | 2926 | "0" (now the default), it has an unlimited DN cache (RE23 always | ||
2185 | 2927 | had an unlimited DN cache). | ||
2186 | 2928 | |||
2187 | 2929 | -- Mathias Gug <mathiaz@ubuntu.com> Fri, 31 Jul 2009 13:43:46 -0400 | ||
2188 | 2930 | |||
2189 | 2931 | openldap (2.4.17-1ubuntu1) karmic; urgency=low | ||
2190 | 2932 | |||
2191 | 2933 | [ Steve Langasek ] | ||
2192 | 2934 | * Fix up the lintian warnings: | ||
2193 | 2935 | - add missing misc-depends on all packages | ||
2194 | 2936 | - slapd, libldap-2.4-2-dbg sections changed to 'debug' to match archive | ||
2195 | 2937 | overrides | ||
2196 | 2938 | - bump Standards-Version to 3.8.2, no changes required. | ||
2197 | 2939 | |||
2198 | 2940 | [ Mathias Gug ] | ||
2199 | 2941 | * Resynchronise with Debian. Remaining changes: | ||
2200 | 2942 | - AppArmor support: | ||
2201 | 2943 | - debian/apparmor-profile: add AppArmor profile | ||
2202 | 2944 | - updated debian/slapd.README.Debian for note on AppArmor | ||
2203 | 2945 | - debian/slapd.dirs: add etc/apparmor.d/force-complain | ||
2204 | 2946 | - debian/slapd.postrm: remove symlink in force-complain/ on purge | ||
2205 | 2947 | - debian/rules: install apparmor profile. | ||
2206 | 2948 | - Don't use local statement in config script as it fails if /bin/sh | ||
2207 | 2949 | points to bash. | ||
2208 | 2950 | - debian/slapd.postinst, debian/slapd.script-common: set correct | ||
2209 | 2951 | ownership and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group | ||
2210 | 2952 | readable) and /var/run/slapd (world readable). | ||
2211 | 2953 | - Enable nssoverlay: | ||
2212 | 2954 | - debian/patches/nssov-build, debian/rules: Build and package the nss | ||
2213 | 2955 | overlay. | ||
2214 | 2956 | - debian/schema/misc.ldif: add ldif file for the misc schema which | ||
2215 | 2957 | defines rfc822MailMember (required by the nss overlay). | ||
2216 | 2958 | - debian/{control,rules}: enable PIE hardening | ||
2217 | 2959 | - Use cn=config as the default configuration backend instead of | ||
2218 | 2960 | slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade | ||
2219 | 2961 | asking the end user to enter a new password to control the access to | ||
2220 | 2962 | the cn=config tree. | ||
2221 | 2963 | - debian/slapd.postinst: create /var/run/slapd before updating its | ||
2222 | 2964 | permissions. | ||
2223 | 2965 | - debian/slapd.init: Correctly set slapd config backend option even if | ||
2224 | 2966 | the pidfile is configured in slapd default file. | ||
2225 | 2967 | * Dropped: | ||
2226 | 2968 | - Merged in Debian: | ||
2227 | 2969 | - Update priority of libldap-2.4-2 to match the archive override. | ||
2228 | 2970 | - Add the missing ldapexop and ldapurl tools to ldap-utils, as well as | ||
2229 | 2971 | the ldapurl(1) manpage. | ||
2230 | 2972 | - Bump build-dependency on debhelper to 6 instead of 5, since that's | ||
2231 | 2973 | what we're using. | ||
2232 | 2974 | - Set the default SLAPD_SERVICES to ldap:/// ldapi:///, instead of using | ||
2233 | 2975 | the built-in default of ldap:/// only. | ||
2234 | 2976 | - Fixed in upstream release: | ||
2235 | 2977 | - debian/patches/fix-ldap_back_entry_get_rwa.patch: fix test-0034 | ||
2236 | 2978 | failure when built with PIE. | ||
2237 | 2979 | - debian/patches/gnutls-enable-v1-ca-certs: Enable V1 CA certs to be | ||
2238 | 2980 | trusted. | ||
2239 | 2981 | - Update Apparmor profile support: don't support upgrade from pre-hardy | ||
2240 | 2982 | systems: | ||
2241 | 2983 | - debian/slapd.postinst: Reload AA profile on configuration | ||
2242 | 2984 | - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6 | ||
2243 | 2985 | - debian/control: Conflicts with apparmor-profiles << | ||
2244 | 2986 | 2.1+1075-0ubuntu4 to make sure that if earlier version of | ||
2245 | 2987 | apparmor-profiles gets installed it won't overwrite our profile. | ||
2246 | 2988 | - follow ApparmorProfileMigration and force apparmor complain mode on | ||
2247 | 2989 | some upgrades | ||
2248 | 2990 | - debian/slapd.preinst: create symlink for force-complain on | ||
2249 | 2991 | pre-feisty upgrades, upgrades where apparmor-profiles profile is | ||
2250 | 2992 | unchanged (ie non-enforcing) and upgrades where apparmor profile | ||
2251 | 2993 | does not exist. | ||
2252 | 2994 | - debian/patches/autogen.sh: no longer needed with karmic libtool. | ||
2253 | 2995 | - Call libtoolize with the --install option to install | ||
2254 | 2996 | config.{guess,sub} files. | ||
2255 | 2997 | |||
2256 | 2998 | -- Mathias Gug <mathiaz@ubuntu.com> Thu, 30 Jul 2009 16:42:58 -0400 | ||
2257 | 2999 | |||
2258 | 1003 | openldap (2.4.17-1) unstable; urgency=low | 3000 | openldap (2.4.17-1) unstable; urgency=low |
2259 | 1004 | 3001 | ||
2260 | 1005 | * New upstream version. | 3002 | * New upstream version. |
2261 | @@ -1022,6 +3019,153 @@ openldap (2.4.17-1) unstable; urgency=low | |||
2262 | 1022 | 3019 | ||
2263 | 1023 | -- Steve Langasek <vorlon@debian.org> Tue, 28 Jul 2009 10:17:15 -0700 | 3020 | -- Steve Langasek <vorlon@debian.org> Tue, 28 Jul 2009 10:17:15 -0700 |
2264 | 1024 | 3021 | ||
2265 | 3022 | openldap (2.4.15-1.1ubuntu1) karmic; urgency=low | ||
2266 | 3023 | |||
2267 | 3024 | * Resynchronise with Debian. Remaining changes: | ||
2268 | 3025 | - AppArmor support: | ||
2269 | 3026 | - debian/apparmor-profile: add AppArmor profile | ||
2270 | 3027 | - debian/slapd.postinst: Reload AA profile on configuration | ||
2271 | 3028 | - updated debian/slapd.README.Debian for note on AppArmor | ||
2272 | 3029 | - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6 | ||
2273 | 3030 | - debian/control: Conflicts with apparmor-profiles << | ||
2274 | 3031 | 2.1+1075-0ubuntu4 to make sure that if earlier version of | ||
2275 | 3032 | apparmor-profiles gets installed it won't overwrite our profile. | ||
2276 | 3033 | - follow ApparmorProfileMigration and force apparmor complain mode on | ||
2277 | 3034 | some upgrades | ||
2278 | 3035 | - debian/slapd.dirs: add etc/apparmor.d/force-complain | ||
2279 | 3036 | - debian/slapd.preinst: create symlink for force-complain on | ||
2280 | 3037 | pre-feisty upgrades, upgrades where apparmor-profiles profile is | ||
2281 | 3038 | unchanged (ie non-enforcing) and upgrades where apparmor profile | ||
2282 | 3039 | does not exist. | ||
2283 | 3040 | - debian/slapd.postrm: remove symlink in force-complain/ on purge | ||
2284 | 3041 | - debian/patches/autogen.sh: | ||
2285 | 3042 | - Call libtoolize with the --install option to install | ||
2286 | 3043 | config.{guess,sub} files. | ||
2287 | 3044 | - Don't use local statement in config script as it fails if /bin/sh | ||
2288 | 3045 | points to bash. | ||
2289 | 3046 | - debian/slapd.postinst, debian/slapd.script-common: set correct | ||
2290 | 3047 | ownership and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group | ||
2291 | 3048 | readable) and /var/run/slapd (world readable). | ||
2292 | 3049 | - Enable nssoverlay: | ||
2293 | 3050 | - debian/patches/nssov-build, debian/rules: Build and package the nss | ||
2294 | 3051 | overlay. | ||
2295 | 3052 | - debian/schema/misc.ldif: add ldif file for the misc schema which | ||
2296 | 3053 | defines rfc822MailMember (required by the nss overlay). | ||
2297 | 3054 | - debian/{control,rules}: enable PIE hardening | ||
2298 | 3055 | - Use cn=config as the default configuration backend instead of | ||
2299 | 3056 | slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade | ||
2300 | 3057 | asking the end user to enter a new password to control the access to | ||
2301 | 3058 | the cn=config tree. | ||
2302 | 3059 | - Update priority of libldap-2.4-2 to match the archive override. | ||
2303 | 3060 | - Add the missing ldapexop and ldapurl tools to ldap-utils, as well as | ||
2304 | 3061 | the ldapurl(1) manpage. | ||
2305 | 3062 | - Bump build-dependency on debhelper to 6 instead of 5, since that's | ||
2306 | 3063 | what we're using. | ||
2307 | 3064 | - Set the default SLAPD_SERVICES to ldap:/// ldapi:///, instead of using | ||
2308 | 3065 | the built-in default of ldap:/// only. | ||
2309 | 3066 | - debian/patches/fix-ldap_back_entry_get_rwa.patch: fix test-0034 | ||
2310 | 3067 | failure when built with PIE. | ||
2311 | 3068 | - debian/patches/gnutls-enable-v1-ca-certs: Enable V1 CA certs to be | ||
2312 | 3069 | trusted. | ||
2313 | 3070 | - debian/slapd.postinst: create /var/run/slapd before updating its | ||
2314 | 3071 | permissions. | ||
2315 | 3072 | - debian/slapd.init: Correctly set slapd config backend option even if | ||
2316 | 3073 | the pidfile is configured in slapd default file. | ||
2317 | 3074 | * Drop patch to avoid the test suite on hppa, as hppa is EOL. | ||
2318 | 3075 | |||
2319 | 3076 | -- Colin Watson <cjwatson@ubuntu.com> Wed, 24 Jun 2009 10:45:20 +0100 | ||
2320 | 3077 | |||
2321 | 3078 | openldap (2.4.15-1.1) unstable; urgency=low | ||
2322 | 3079 | |||
2323 | 3080 | * Non-maintainer upload. | ||
2324 | 3081 | * Change libltdl3-dev Build-Depends to libltdl-dev | libltdl3-dev | ||
2325 | 3082 | (Closes: #522965) | ||
2326 | 3083 | |||
2327 | 3084 | -- Kurt Roeckx <kurt@roeckx.be> Sun, 19 Apr 2009 18:24:32 +0200 | ||
2328 | 3085 | |||
2329 | 3086 | openldap (2.4.15-1ubuntu3) jaunty; urgency=low | ||
2330 | 3087 | |||
2331 | 3088 | * No-change rebuild to fix lpia shared library dependencies. | ||
2332 | 3089 | |||
2333 | 3090 | -- Colin Watson <cjwatson@ubuntu.com> Thu, 19 Mar 2009 09:52:40 +0000 | ||
2334 | 3091 | |||
2335 | 3092 | openldap (2.4.15-1ubuntu2) jaunty; urgency=low | ||
2336 | 3093 | |||
2337 | 3094 | * debian/slapd.postinst: create /var/run/slapd before updating its | ||
2338 | 3095 | permissions (LP: #298928). | ||
2339 | 3096 | * debian/slapd.init: Correclty set slapd config backend option even if the | ||
2340 | 3097 | pidfile is configured in slapd default file (LP: #292364). | ||
2341 | 3098 | * debian/apparmor-profile: support multiple databases to be stored under | ||
2342 | 3099 | /var/lib/ldap/. (LP: #286614). | ||
2343 | 3100 | |||
2344 | 3101 | -- Mathias Gug <mathiaz@ubuntu.com> Fri, 13 Mar 2009 13:56:12 -0400 | ||
2345 | 3102 | |||
2346 | 3103 | openldap (2.4.15-1ubuntu1) jaunty; urgency=low | ||
2347 | 3104 | |||
2348 | 3105 | [ Steve Langasek ] | ||
2349 | 3106 | * Update priority of libldap-2.4-2 to match the archive override. | ||
2350 | 3107 | * Add the missing ldapexop and ldapurl tools to ldap-utils, as well as the | ||
2351 | 3108 | ldapurl(1) manpage. Thanks to Peter Marschall for the patch. | ||
2352 | 3109 | Closes: #496749. | ||
2353 | 3110 | * Bump build-dependency on debhelper to 6 instead of 5, since that's | ||
2354 | 3111 | what we're using. Closes: #498116. | ||
2355 | 3112 | * Set the default SLAPD_SERVICES to ldap:/// ldapi:///, instead of using | ||
2356 | 3113 | the built-in default of ldap:/// only. | ||
2357 | 3114 | |||
2358 | 3115 | [ Mathias Gug ] | ||
2359 | 3116 | * Merge from debian unstable, remaining changes: | ||
2360 | 3117 | - Modify Maintainer value to match the DebianMaintainerField | ||
2361 | 3118 | speficication. | ||
2362 | 3119 | - AppArmor support: | ||
2363 | 3120 | - debian/apparmor-profile: add AppArmor profile | ||
2364 | 3121 | - debian/slapd.postinst: Reload AA profile on configuration | ||
2365 | 3122 | - updated debian/slapd.README.Debian for note on AppArmor | ||
2366 | 3123 | - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6 | ||
2367 | 3124 | - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4 | ||
2368 | 3125 | to make sure that if earlier version of apparmour-profiles gets | ||
2369 | 3126 | installed it won't overwrite our profile. | ||
2370 | 3127 | - follow ApparmorProfileMigration and force apparmor compalin mode on | ||
2371 | 3128 | some upgrades (LP: #203529) | ||
2372 | 3129 | - debian/slapd.dirs: add etc/apparmor.d/force-complain | ||
2373 | 3130 | - debian/slapd.preinst: create symlink for force-complain on pre-feisty | ||
2374 | 3131 | upgrades, upgrades where apparmor-profiles profile is unchanged (ie | ||
2375 | 3132 | non-enforcing) and upgrades where apparmor profile does not exist. | ||
2376 | 3133 | - debian/slapd.postrm: remove symlink in force-complain/ on purge | ||
2377 | 3134 | - debian/control: | ||
2378 | 3135 | - Build-depend on libltdl7-dev rather then libltdl3-dev. | ||
2379 | 3136 | - debian/patches/autogen.sh: | ||
2380 | 3137 | - Call libtoolize with the --install option to install config.{guess,sub} | ||
2381 | 3138 | files. | ||
2382 | 3139 | - Don't use local statement in config script as it fails if /bin/sh | ||
2383 | 3140 | points to bash (LP: #286063). | ||
2384 | 3141 | - Disable the testsuite on hppa. Allows building of packages on this | ||
2385 | 3142 | architecture again, once this package is in the archive. | ||
2386 | 3143 | LP: #288908. | ||
2387 | 3144 | - debian/slapd.postinst, debian/slapd.script-common: set correct ownership | ||
2388 | 3145 | and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group readable) and | ||
2389 | 3146 | /var/run/slapd (world readable). (LP: #257667). | ||
2390 | 3147 | - Enable nssoverlay: | ||
2391 | 3148 | - debian/patches/nssov-build, debian/rules: Build and package | ||
2392 | 3149 | the nss overlay. | ||
2393 | 3150 | - debian/schema/misc.ldif: add ldif file for the misc schema | ||
2394 | 3151 | which defines rfc822MailMember (required by the nss overlay). | ||
2395 | 3152 | - debian/{control,rules}: enable PIE hardening | ||
2396 | 3153 | - Use cn=config as the default configuration backend instead of | ||
2397 | 3154 | slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade | ||
2398 | 3155 | asking the end user to enter a new password to control the access to the | ||
2399 | 3156 | cn=config tree. | ||
2400 | 3157 | * Dropped: | ||
2401 | 3158 | - debian/patches/corrupt-contextCSN: The contextCSN can get corrupted at | ||
2402 | 3159 | times. (ITS: #5947) Fixed in new upstream version 2.4.15. | ||
2403 | 3160 | - debian/patches/fix-ucred-libc due to changes how newer glibc handle | ||
2404 | 3161 | the ucred struct now. Implemented in Debian. | ||
2405 | 3162 | * debian/patches/fix-ldap_back_entry_get_rwa.patch: fix test-0034 failure | ||
2406 | 3163 | when built with PIE. | ||
2407 | 3164 | * debian/patches/gnutls-enable-v1-ca-certs: Enable V1 CA certs to be | ||
2408 | 3165 | trusted (LP: #305264). | ||
2409 | 3166 | |||
2410 | 3167 | -- Mathias Gug <mathiaz@ubuntu.com> Fri, 06 Mar 2009 17:34:21 -0500 | ||
2411 | 3168 | |||
2412 | 1025 | openldap (2.4.15-1) unstable; urgency=low | 3169 | openldap (2.4.15-1) unstable; urgency=low |
2413 | 1026 | 3170 | ||
2414 | 1027 | * New upstream version | 3171 | * New upstream version |
2415 | @@ -1039,6 +3183,69 @@ openldap (2.4.15-1) unstable; urgency=low | |||
2416 | 1039 | 3183 | ||
2417 | 1040 | -- Steve Langasek <vorlon@debian.org> Tue, 24 Feb 2009 14:27:35 -0800 | 3184 | -- Steve Langasek <vorlon@debian.org> Tue, 24 Feb 2009 14:27:35 -0800 |
2418 | 1041 | 3185 | ||
2419 | 3186 | openldap (2.4.14-0ubuntu1) jaunty; urgency=low | ||
2420 | 3187 | |||
2421 | 3188 | [ Steve Langasek ] | ||
2422 | 3189 | * New upstream version | ||
2423 | 3190 | - Fixes a bug with the pcache overlay not returning cached entries | ||
2424 | 3191 | (closes: #497697) | ||
2425 | 3192 | - Update evolution-ntlm patch to apply to current Makefiles. | ||
2426 | 3193 | - (tentatively) drop gnutls-ciphers, since this bug was reported to be | ||
2427 | 3194 | fixed upstream in 2.4.8. The fix applied in 2.4.8 didn't match the | ||
2428 | 3195 | patch from the bug report, so this should be watched for regressions. | ||
2429 | 3196 | * Build against db4.7 instead of db4.2 at last! Closes: #421946. | ||
2430 | 3197 | * Build with --disable-ndb, to avoid a misbuild when libmysqlclient is | ||
2431 | 3198 | installed in the build environment. | ||
2432 | 3199 | * New patch, no-crlcheck-for-gnutls, to fix a build failure when using | ||
2433 | 3200 | --with-tls=gnutls. | ||
2434 | 3201 | |||
2435 | 3202 | [ Mathias Gug ] | ||
2436 | 3203 | * Merge from debian unstable, remaining changes: | ||
2437 | 3204 | - debian/apparmor-profile: add AppArmor profile | ||
2438 | 3205 | - debian/slapd.postinst: Reload AA profile on configuration | ||
2439 | 3206 | - updated debian/slapd.README.Debian for note on AppArmor | ||
2440 | 3207 | - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6 | ||
2441 | 3208 | - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4 | ||
2442 | 3209 | to make sure that if earlier version of apparmour-profiles gets | ||
2443 | 3210 | installed it won't overwrite our profile. | ||
2444 | 3211 | - Modify Maintainer value to match the DebianMaintainerField | ||
2445 | 3212 | speficication. | ||
2446 | 3213 | - follow ApparmorProfileMigration and force apparmor compalin mode on | ||
2447 | 3214 | some upgrades (LP: #203529) | ||
2448 | 3215 | - debian/slapd.dirs: add etc/apparmor.d/force-complain | ||
2449 | 3216 | - debian/slapd.preinst: create symlink for force-complain on pre-feisty | ||
2450 | 3217 | upgrades, upgrades where apparmor-profiles profile is unchanged (ie | ||
2451 | 3218 | non-enforcing) and upgrades where apparmor profile does not exist. | ||
2452 | 3219 | - debian/slapd.postrm: remove symlink in force-complain/ on purge | ||
2453 | 3220 | - debian/patches/fix-ucred-libc due to changes how newer glibc handle | ||
2454 | 3221 | the ucred struct now. | ||
2455 | 3222 | - debian/control: | ||
2456 | 3223 | - Build-depend on libltdl7-dev rather then libltdl3-dev. | ||
2457 | 3224 | - debian/patches/autogen.sh: | ||
2458 | 3225 | - Call libtoolize with the --install option to install config.{guess,sub} | ||
2459 | 3226 | files. | ||
2460 | 3227 | - Don't use local statement in config script as it fails if /bin/sh | ||
2461 | 3228 | points to bash (LP: #286063). | ||
2462 | 3229 | - Disable the testsuite on hppa. Allows building of packages on this | ||
2463 | 3230 | architecture again, once this package is in the archive. | ||
2464 | 3231 | LP: #288908. | ||
2465 | 3232 | - debian/slapd.postinst, debian/slapd.script-common: set correct ownership | ||
2466 | 3233 | and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group readable) and | ||
2467 | 3234 | /var/run/slapd (world readable). (LP: #257667). | ||
2468 | 3235 | - debian/patches/nssov-build, debian/rules: | ||
2469 | 3236 | Build and package the nss overlay. | ||
2470 | 3237 | debian/schema/misc.ldif: add ldif file for the misc schema, which defines | ||
2471 | 3238 | rfc822MailMember (required by the nss overlay). | ||
2472 | 3239 | - debian/{control,rules}: enable PIE hardening | ||
2473 | 3240 | - Use cn=config as the default configuration backend instead of | ||
2474 | 3241 | slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade | ||
2475 | 3242 | asking the end user to enter a new password to control the access to the | ||
2476 | 3243 | cn=config tree. | ||
2477 | 3244 | * debian/patches/corrupt-contextCSN: The contextCSN can get corrupted at | ||
2478 | 3245 | times. (ITS: #5947) | ||
2479 | 3246 | |||
2480 | 3247 | -- Mathias Gug <mathiaz@ubuntu.com> Wed, 18 Feb 2009 18:44:00 -0500 | ||
2481 | 3248 | |||
2482 | 1042 | openldap (2.4.11-1) unstable; urgency=low | 3249 | openldap (2.4.11-1) unstable; urgency=low |
2483 | 1043 | 3250 | ||
2484 | 1044 | * New upstream version (closes: #499560). | 3251 | * New upstream version (closes: #499560). |
2485 | @@ -1061,6 +3268,110 @@ openldap (2.4.11-1) unstable; urgency=low | |||
2486 | 1061 | 3268 | ||
2487 | 1062 | -- Steve Langasek <vorlon@debian.org> Sat, 11 Oct 2008 01:53:55 -0700 | 3269 | -- Steve Langasek <vorlon@debian.org> Sat, 11 Oct 2008 01:53:55 -0700 |
2488 | 1063 | 3270 | ||
2489 | 3271 | openldap (2.4.11-0ubuntu7) jaunty; urgency=low | ||
2490 | 3272 | |||
2491 | 3273 | * Don't use local statement in config script as it fails if /bin/sh | ||
2492 | 3274 | points to bash (LP: #286063). | ||
2493 | 3275 | |||
2494 | 3276 | -- Mathias Gug <mathiaz@ubuntu.com> Tue, 04 Nov 2008 20:03:46 -0500 | ||
2495 | 3277 | |||
2496 | 3278 | openldap (2.4.11-0ubuntu6) intrepid; urgency=low | ||
2497 | 3279 | |||
2498 | 3280 | * Disable the testsuite on hppa. Allows building of packages on this | ||
2499 | 3281 | architecture again, once this package is in the archive. | ||
2500 | 3282 | LP: #288908. | ||
2501 | 3283 | |||
2502 | 3284 | -- Matthias Klose <doko@ubuntu.com> Fri, 24 Oct 2008 23:22:33 +0200 | ||
2503 | 3285 | |||
2504 | 3286 | openldap (2.4.11-0ubuntu5) intrepid; urgency=low | ||
2505 | 3287 | |||
2506 | 3288 | * Don't set admin passwords in ldif files if adminpw is empty. | ||
2507 | 3289 | (LP: #273988 - LP: #276606). | ||
2508 | 3290 | |||
2509 | 3291 | -- Mathias Gug <mathiaz@ubuntu.com> Mon, 13 Oct 2008 19:31:15 -0400 | ||
2510 | 3292 | |||
2511 | 3293 | openldap (2.4.11-0ubuntu4) intrepid; urgency=low | ||
2512 | 3294 | |||
2513 | 3295 | * debian/slapd.postinst, debian/slapd.script-common: set correct ownership | ||
2514 | 3296 | and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group readable) and | ||
2515 | 3297 | /var/run/slapd (world readable). (LP: #257667). | ||
2516 | 3298 | * debian/slapd.script-common: | ||
2517 | 3299 | - Fix package reconfiguration: | ||
2518 | 3300 | + Remove slapd.d/ directory if it already exists when creating a new | ||
2519 | 3301 | configuration. | ||
2520 | 3302 | + Fix backup directory naming for multiple reconfiguration. | ||
2521 | 3303 | |||
2522 | 3304 | -- Mathias Gug <mathiaz@ubuntu.com> Wed, 24 Sep 2008 21:01:42 -0400 | ||
2523 | 3305 | |||
2524 | 3306 | openldap (2.4.11-0ubuntu3) intrepid; urgency=low | ||
2525 | 3307 | |||
2526 | 3308 | * debian/patches/nssov-build, debian/rules: | ||
2527 | 3309 | Build and package the nss overlay. | ||
2528 | 3310 | * debian/schema/misc.ldif: add ldif file for the misc schema, which defines | ||
2529 | 3311 | rfc822MailMember (required by the nss overlay). | ||
2530 | 3312 | |||
2531 | 3313 | -- Mathias Gug <mathiaz@ubuntu.com> Tue, 26 Aug 2008 18:42:54 -0400 | ||
2532 | 3314 | |||
2533 | 3315 | openldap (2.4.11-0ubuntu2) intrepid; urgency=low | ||
2534 | 3316 | |||
2535 | 3317 | * debian/{control,rules}: enable PIE hardening | ||
2536 | 3318 | |||
2537 | 3319 | -- Kees Cook <kees@ubuntu.com> Wed, 20 Aug 2008 15:47:01 -0700 | ||
2538 | 3320 | |||
2539 | 3321 | openldap (2.4.11-0ubuntu1) intrepid; urgency=low | ||
2540 | 3322 | |||
2541 | 3323 | * New upstream version: | ||
2542 | 3324 | - Mainly bug fixes. | ||
2543 | 3325 | - New nss slapd overlay (not compiled by default). | ||
2544 | 3326 | * Use cn=config as the default configuration backend instead of | ||
2545 | 3327 | slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade | ||
2546 | 3328 | asking the end user to enter a new password to control the access to the | ||
2547 | 3329 | cn=config tree. | ||
2548 | 3330 | |||
2549 | 3331 | -- Mathias Gug <mathiaz@ubuntu.com> Mon, 11 Aug 2008 20:26:05 -0400 | ||
2550 | 3332 | |||
2551 | 3333 | openldap (2.4.10-3ubuntu1) intrepid; urgency=low | ||
2552 | 3334 | |||
2553 | 3335 | [ Mathias Gug ] | ||
2554 | 3336 | * Merge from debian unstable, remaining changes: | ||
2555 | 3337 | - debian/apparmor-profile: add AppArmor profile | ||
2556 | 3338 | - debian/slapd.postinst: Reload AA profile on configuration | ||
2557 | 3339 | - updated debian/slapd.README.Debian for note on AppArmor | ||
2558 | 3340 | - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6 | ||
2559 | 3341 | - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4 | ||
2560 | 3342 | to make sure that if earlier version of apparmour-profiles gets | ||
2561 | 3343 | installed it won't overwrite our profile. | ||
2562 | 3344 | - Modify Maintainer value to match the DebianMaintainerField | ||
2563 | 3345 | speficication. | ||
2564 | 3346 | - follow ApparmorProfileMigration and force apparmor compalin mode on | ||
2565 | 3347 | some upgrades (LP: #203529) | ||
2566 | 3348 | - debian/slapd.dirs: add etc/apparmor.d/force-complain | ||
2567 | 3349 | - debian/slapd.preinst: create symlink for force-complain on pre-feisty | ||
2568 | 3350 | upgrades, upgrades where apparmor-profiles profile is unchanged (ie | ||
2569 | 3351 | non-enforcing) and upgrades where apparmor profile does not exist. | ||
2570 | 3352 | - debian/slapd.postrm: remove symlink in force-complain/ on purge | ||
2571 | 3353 | - debian/patches/fix-ucred-libc due to changes how newer glibc handle | ||
2572 | 3354 | the ucred struct now. | ||
2573 | 3355 | - debian/patches/fix-unique-overlay-assertion.patch: | ||
2574 | 3356 | Fix another assertion error in unique overlay (LP: #243337). | ||
2575 | 3357 | Backport from head. | ||
2576 | 3358 | * Dropped - implemented in Debian: | ||
2577 | 3359 | - debian/patches/fix-gnutls-key-strength.patch: | ||
2578 | 3360 | Fix slapd handling of ssf using gnutls. (LP: #244925). | ||
2579 | 3361 | - debian/control: | ||
2580 | 3362 | Add time as build dependency: needed by make test. | ||
2581 | 3363 | * debian/control: | ||
2582 | 3364 | - Build-depend on libltdl7-dev rather then libltdl3-dev. | ||
2583 | 3365 | * debian/patches/autogen.sh: | ||
2584 | 3366 | - Call libtoolize with the --install option to install config.{guess,sub} | ||
2585 | 3367 | files. | ||
2586 | 3368 | |||
2587 | 3369 | [ Jamie Strandboge ] | ||
2588 | 3370 | * adjust apparmor profile to allow gssapi (LP: #229252) | ||
2589 | 3371 | * adjust apparmor profile to allow cnconfig (LP: #243525) | ||
2590 | 3372 | |||
2591 | 3373 | -- Mathias Gug <mathiaz@ubuntu.com> Wed, 30 Jul 2008 19:46:02 -0400 | ||
2592 | 3374 | |||
2593 | 1064 | openldap (2.4.10-3) unstable; urgency=low | 3375 | openldap (2.4.10-3) unstable; urgency=low |
2594 | 1065 | 3376 | ||
2595 | 1066 | [ Steve Langasek ] | 3377 | [ Steve Langasek ] |
2596 | @@ -1094,6 +3405,40 @@ openldap (2.4.10-3) unstable; urgency=low | |||
2597 | 1094 | 3405 | ||
2598 | 1095 | -- Steve Langasek <vorlon@debian.org> Mon, 28 Jul 2008 15:26:06 -0700 | 3406 | -- Steve Langasek <vorlon@debian.org> Mon, 28 Jul 2008 15:26:06 -0700 |
2599 | 1096 | 3407 | ||
2600 | 3408 | openldap (2.4.10-2ubuntu1) intrepid; urgency=low | ||
2601 | 3409 | |||
2602 | 3410 | * Merge from debian unstable, remaining changes: | ||
2603 | 3411 | - debian/apparmor-profile: add AppArmor profile | ||
2604 | 3412 | - debian/slapd.postinst: Reload AA profile on configuration | ||
2605 | 3413 | - updated debian/slapd.README.Debian for note on AppArmor | ||
2606 | 3414 | - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6 | ||
2607 | 3415 | - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4 | ||
2608 | 3416 | to make sure that if earlier version of apparmour-profiles gets | ||
2609 | 3417 | installed it won't overwrite our profile. | ||
2610 | 3418 | - Modify Maintainer value to match the DebianMaintainerField | ||
2611 | 3419 | speficication. | ||
2612 | 3420 | - follow ApparmorProfileMigration and force apparmor compalin mode on | ||
2613 | 3421 | some upgrades (LP: #203529) | ||
2614 | 3422 | - debian/slapd.dirs: add etc/apparmor.d/force-complain | ||
2615 | 3423 | - debian/slapd.preinst: create symlink for force-complain on pre-feisty | ||
2616 | 3424 | upgrades, upgrades where apparmor-profiles profile is unchanged (ie | ||
2617 | 3425 | non-enforcing) and upgrades where apparmor profile does not exist. | ||
2618 | 3426 | - debian/slapd.postrm: remove symlink in force-complain/ on purge | ||
2619 | 3427 | - debian/patches/fix-ucred-libc due to changes how newer glibc handle | ||
2620 | 3428 | the ucred struct now. | ||
2621 | 3429 | - debian/patches/fix-unique-overlay-assertion.patch: | ||
2622 | 3430 | Fix another assertion error in unique overlay (LP: #243337). | ||
2623 | 3431 | Backport from head. | ||
2624 | 3432 | - debian/patches/fix-gnutls-key-strength.patch: | ||
2625 | 3433 | Fix slapd handling of ssf using gnutls. (LP: #244925). | ||
2626 | 3434 | - debian/control: | ||
2627 | 3435 | Add time as build dependency: needed by make test. | ||
2628 | 3436 | * Dropped - implemented in Debian: | ||
2629 | 3437 | - debian/rules: | ||
2630 | 3438 | Support debuild nocheck option: don't run tests if nocheck is set. | ||
2631 | 3439 | |||
2632 | 3440 | -- Mathias Gug <mathiaz@ubuntu.com> Thu, 10 Jul 2008 14:45:49 -0400 | ||
2633 | 3441 | |||
2634 | 1097 | openldap (2.4.10-2) unstable; urgency=low | 3442 | openldap (2.4.10-2) unstable; urgency=low |
2635 | 1098 | 3443 | ||
2636 | 1099 | * Support DEB_BUILD_OPTIONS=nocheck to disable running the test suite at | 3444 | * Support DEB_BUILD_OPTIONS=nocheck to disable running the test suite at |
2637 | @@ -1108,6 +3453,54 @@ openldap (2.4.10-2) unstable; urgency=low | |||
2638 | 1108 | 3453 | ||
2639 | 1109 | -- Steve Langasek <vorlon@debian.org> Sun, 06 Jul 2008 22:03:32 -0700 | 3454 | -- Steve Langasek <vorlon@debian.org> Sun, 06 Jul 2008 22:03:32 -0700 |
2640 | 1110 | 3455 | ||
2641 | 3456 | openldap2.3 (2.4.10-1ubuntu1) intrepid; urgency=low | ||
2642 | 3457 | |||
2643 | 3458 | * Merge from debian unstable, remaining changes: | ||
2644 | 3459 | - debian/apparmor-profile: add AppArmor profile | ||
2645 | 3460 | - debian/slapd.postinst: Reload AA profile on configuration | ||
2646 | 3461 | - updated debian/slapd.README.Debian for note on AppArmor | ||
2647 | 3462 | - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6 | ||
2648 | 3463 | - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4 | ||
2649 | 3464 | to make sure that if earlier version of apparmour-profiles gets | ||
2650 | 3465 | installed it won't overwrite our profile. | ||
2651 | 3466 | - Modify Maintainer value to match the DebianMaintainerField | ||
2652 | 3467 | speficication. | ||
2653 | 3468 | - follow ApparmorProfileMigration and force apparmor compalin mode on | ||
2654 | 3469 | some upgrades (LP: #203529) | ||
2655 | 3470 | - debian/slapd.dirs: add etc/apparmor.d/force-complain | ||
2656 | 3471 | - debian/slapd.preinst: create symlink for force-complain on pre-feisty | ||
2657 | 3472 | upgrades, upgrades where apparmor-profiles profile is unchanged (ie | ||
2658 | 3473 | non-enforcing) and upgrades where apparmor profile does not exist. | ||
2659 | 3474 | - debian/slapd.postrm: remove symlink in force-complain/ on purge | ||
2660 | 3475 | - debian/patches/fix-ucred-libc due to changes how newer glibc handle | ||
2661 | 3476 | the ucred struct now. | ||
2662 | 3477 | - debian/patches/fix-unique-overlay-assertion.patch: | ||
2663 | 3478 | Fix another assertion error in unique overlay (LP: #243337). | ||
2664 | 3479 | Backport from head. | ||
2665 | 3480 | * debian/control: | ||
2666 | 3481 | - add time as build dependency: needed by make test. | ||
2667 | 3482 | * debian/rules: | ||
2668 | 3483 | - support debuild nocheck option: don't run tests if nocheck is set. | ||
2669 | 3484 | * debian/patches/fix-gnutls-key-strength.patch: | ||
2670 | 3485 | - fix slapd handling of ssf using gnutls. (LP: #244925). | ||
2671 | 3486 | * Dropped - accepted in Debian: | ||
2672 | 3487 | - debian/rules, debian/slapd.links: use hard links to slapd instead of | ||
2673 | 3488 | symlinks for slap* so these applications aren't confined by apparmor | ||
2674 | 3489 | (LP: #203898) | ||
2675 | 3490 | * Dropped - fixed in new upstream release: | ||
2676 | 3491 | - debian/patches/fix-assertion-io.patch: Fixes ber_flush2 assertion. | ||
2677 | 3492 | (LP: #215904) | ||
2678 | 3493 | - debian/patches/fix-dnpretty-assertion.patch: Fix dnPrettyNormal assertion | ||
2679 | 3494 | error. (LP: #234196) | ||
2680 | 3495 | - dropped debian/patches/fix-notify-crasher.patch: Fix modify timestamp crashes. | ||
2681 | 3496 | (LP: #220724) | ||
2682 | 3497 | - debian/patches/fix-syncrepl-oops: Fixes segmentation fault when using | ||
2683 | 3498 | syncrepl. (LP: #227178) | ||
2684 | 3499 | - dropped debian/patches/SECURITY_CVE-2008-0658.patch. Already applied | ||
2685 | 3500 | upstream. | ||
2686 | 3501 | |||
2687 | 3502 | -- Mathias Gug <mathiaz@ubuntu.com> Thu, 03 Jul 2008 14:15:08 -0400 | ||
2688 | 3503 | |||
2689 | 1111 | openldap2.3 (2.4.10-1) unstable; urgency=low | 3504 | openldap2.3 (2.4.10-1) unstable; urgency=low |
2690 | 1112 | 3505 | ||
2691 | 1113 | [ Steve Langasek ] | 3506 | [ Steve Langasek ] |
2692 | @@ -1132,6 +3525,64 @@ openldap2.3 (2.4.10-1) unstable; urgency=low | |||
2693 | 1132 | 3525 | ||
2694 | 1133 | -- Steve Langasek <vorlon@debian.org> Mon, 30 Jun 2008 04:28:34 -0700 | 3526 | -- Steve Langasek <vorlon@debian.org> Mon, 30 Jun 2008 04:28:34 -0700 |
2695 | 1134 | 3527 | ||
2696 | 3528 | openldap2.3 (2.4.9-1ubuntu4) intrepid; urgency=low | ||
2697 | 3529 | |||
2698 | 3530 | * debian/patches/fix-unique-overlay-assertion.patch: | ||
2699 | 3531 | - Fix another assertion error in unique overlay, backported from head. | ||
2700 | 3532 | (LP: #243337) Note: This patch will still be needed when moved to 2.4.10 | ||
2701 | 3533 | |||
2702 | 3534 | -- Chuck Short <zulcss@ubuntu.com> Mon, 30 Jun 2008 18:49:52 +0000 | ||
2703 | 3535 | |||
2704 | 3536 | openldap2.3 (2.4.9-1ubuntu3) intrepid; urgency=low | ||
2705 | 3537 | |||
2706 | 3538 | * Drop spurious dependency on hiemdal-dev. Caused by an aborted attempt to | ||
2707 | 3539 | include the smbk5pwd overlay. | ||
2708 | 3540 | |||
2709 | 3541 | -- Chuck Short <zulcss@ubuntu.com> Wed, 11 Jun 2008 21:25:40 +0000 | ||
2710 | 3542 | |||
2711 | 3543 | openldap2.3 (2.4.9-1ubuntu2) intrepid; urgency=low | ||
2712 | 3544 | |||
2713 | 3545 | * Rebuild for perl 5.10 transition (LP: #230016) | ||
2714 | 3546 | * debian/patches/fix-syncrepl-oops: Fixes segmentation fault when using | ||
2715 | 3547 | syncrepl. (LP: #227178) | ||
2716 | 3548 | |||
2717 | 3549 | -- Chuck Short <zulcss@ubuntu.com> Mon, 09 Jun 2008 14:56:40 +0000 | ||
2718 | 3550 | |||
2719 | 3551 | openldap2.3 (2.4.9-1ubuntu1) intrepid; urgency=low | ||
2720 | 3552 | |||
2721 | 3553 | * Merge from debian unstable, remaining changes: | ||
2722 | 3554 | - debian/apparmor-profile: add AppArmor profile | ||
2723 | 3555 | - debian/slapd.postinst: Reload AA profile on configuration | ||
2724 | 3556 | - updated debian/slapd.README.Debian for note on AppArmor | ||
2725 | 3557 | - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6 | ||
2726 | 3558 | - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4 | ||
2727 | 3559 | to make sure that if earlier version of apparmour-profiles gets | ||
2728 | 3560 | installed it won't overwrite our profile. | ||
2729 | 3561 | - Modify Maintainer value to match the DebianMaintainerField | ||
2730 | 3562 | speficication. | ||
2731 | 3563 | - follow ApparmorProfileMigration and force apparmor compalin mode on | ||
2732 | 3564 | some upgrades (LP: #203529) | ||
2733 | 3565 | - debian/slapd.dirs: add etc/apparmor.d/force-complain | ||
2734 | 3566 | - debian/slapd.preinst: create symlink for force-complain on pre-feisty | ||
2735 | 3567 | upgrades, upgrades where apparmor-profiles profile is unchanged (ie | ||
2736 | 3568 | non-enforcing) and upgrades where apparmor profile does not exist. | ||
2737 | 3569 | - debian/slapd.postrm: remove symlink in force-complain/ on purge | ||
2738 | 3570 | - debian/rules, debian/slapd.links: use hard links to slapd instead of | ||
2739 | 3571 | symlinks for slap* so these applications aren't confined by apparmor | ||
2740 | 3572 | (LP: #203898) | ||
2741 | 3573 | - debian/patches/fix-assertion-io.patch: Fixes ber_flush2 assertion. | ||
2742 | 3574 | (LP: #215904) | ||
2743 | 3575 | - debian/patches/fix-dnpretty-assertion.patch: Fix dnPrettyNormal assertion | ||
2744 | 3576 | error. (LP: #234196) | ||
2745 | 3577 | - dropped debian/patches/fix-notify-crasher.patch: Fix modify timestamp crashes. | ||
2746 | 3578 | (LP: #220724) | ||
2747 | 3579 | - dropped debian/patches/SECURITY_CVE-2008-0658.patch. Already applied | ||
2748 | 3580 | upstream. | ||
2749 | 3581 | * Added debian/patches/fix-ucred-libc due to changes how newer glibc handle | ||
2750 | 3582 | the ucred struct now. | ||
2751 | 3583 | |||
2752 | 3584 | -- Chuck Short <zulcss@ubuntu.com> Fri, 30 May 2008 17:09:53 +0100 | ||
2753 | 3585 | |||
2754 | 1135 | openldap2.3 (2.4.9-1) unstable; urgency=low | 3586 | openldap2.3 (2.4.9-1) unstable; urgency=low |
2755 | 1136 | 3587 | ||
2756 | 1137 | [ Updated debconf translations ] | 3588 | [ Updated debconf translations ] |
2757 | @@ -1202,6 +3653,51 @@ openldap2.3 (2.4.7-6.1) unstable; urgency=high | |||
2758 | 1202 | 3653 | ||
2759 | 1203 | -- Nico Golde <nion@debian.org> Tue, 04 Mar 2008 14:34:44 +0100 | 3654 | -- Nico Golde <nion@debian.org> Tue, 04 Mar 2008 14:34:44 +0100 |
2760 | 1204 | 3655 | ||
2761 | 3656 | openldap2.3 (2.4.7-6ubuntu3) hardy; urgency=low | ||
2762 | 3657 | |||
2763 | 3658 | * remove apparmor-profile workaround for Launchpad #202161 (it's now fixed | ||
2764 | 3659 | in klibc) | ||
2765 | 3660 | |||
2766 | 3661 | -- Jamie Strandboge <jamie@ubuntu.com> Mon, 07 Apr 2008 16:09:38 -0400 | ||
2767 | 3662 | |||
2768 | 3663 | openldap2.3 (2.4.7-6ubuntu2) hardy; urgency=low | ||
2769 | 3664 | |||
2770 | 3665 | * apparmor-profile workaround for Launchpad #202161 | ||
2771 | 3666 | * follow ApparmorProfileMigration and force apparmor complain mode on some | ||
2772 | 3667 | upgrades (LP: #203529) | ||
2773 | 3668 | - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6 | ||
2774 | 3669 | - debian/slapd.dirs: add etc/apparmor.d/force-complain | ||
2775 | 3670 | - debian/slapd.preinst: create symlink for force-complain/ on pre-feisty | ||
2776 | 3671 | upgrades, upgrades where apparmor-profiles profile is unchanged (ie | ||
2777 | 3672 | non-enforcing) and upgrades where apparmor profile does not exist | ||
2778 | 3673 | - debian/slapd.postrm: remove symlink in force-complain/ on purge | ||
2779 | 3674 | * debian/rules, debian/slapd.links: use hard links to slapd instead of | ||
2780 | 3675 | symlinks for slap* so these applications aren't confined by apparmor | ||
2781 | 3676 | (LP: #203898) | ||
2782 | 3677 | |||
2783 | 3678 | -- Jamie Strandboge <jamie@ubuntu.com> Tue, 18 Mar 2008 13:53:23 -0400 | ||
2784 | 3679 | |||
2785 | 3680 | openldap2.3 (2.4.7-6ubuntu1) hardy; urgency=low | ||
2786 | 3681 | |||
2787 | 3682 | * Merge from Debian unstable, remaining changes: | ||
2788 | 3683 | + debian/patches/SECURITY_CVE-2008-0658.patch (LP: #197077) | ||
2789 | 3684 | slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39 | ||
2790 | 3685 | allows remote authenticated users to cause a denial of service (daemon | ||
2791 | 3686 | crash) via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION) | ||
2792 | 3687 | control, a related issue to CVE-2007-6698. | ||
2793 | 3688 | + debian/apparmor-profile: add AppArmor profile | ||
2794 | 3689 | + debian/slapd.postinst: Reload AA profile on configuration | ||
2795 | 3690 | + updated debian/slapd.README.Debian for note on AppArmor | ||
2796 | 3691 | + debian/control: Replaces apparmor-profiles << 2.1+1075-0ubuntu4 as we | ||
2797 | 3692 | should now take control | ||
2798 | 3693 | + debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4 | ||
2799 | 3694 | to make sure that if earlier version of apparmor-profiles gets | ||
2800 | 3695 | installed it won't overwrite our profile | ||
2801 | 3696 | + Modify Maintainer value to match the DebianMaintainerField | ||
2802 | 3697 | specification. | ||
2803 | 3698 | |||
2804 | 3699 | -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 04 Mar 2008 01:59:51 +0000 | ||
2805 | 3700 | |||
2806 | 1205 | openldap2.3 (2.4.7-6) unstable; urgency=low | 3701 | openldap2.3 (2.4.7-6) unstable; urgency=low |
2807 | 1206 | 3702 | ||
2808 | 1207 | [ Updated debconf translations ] | 3703 | [ Updated debconf translations ] |
2809 | @@ -1247,6 +3743,37 @@ openldap2.3 (2.4.7-6) unstable; urgency=low | |||
2810 | 1247 | 3743 | ||
2811 | 1248 | -- Steve Langasek <vorlon@debian.org> Thu, 28 Feb 2008 22:15:17 -0800 | 3744 | -- Steve Langasek <vorlon@debian.org> Thu, 28 Feb 2008 22:15:17 -0800 |
2812 | 1249 | 3745 | ||
2813 | 3746 | openldap2.3 (2.4.7-5ubuntu2) hardy; urgency=low | ||
2814 | 3747 | |||
2815 | 3748 | * SECURITY UPDATE: | ||
2816 | 3749 | + debian/patches/SECURITY_CVE-2008-0658.patch (LP: #197077) | ||
2817 | 3750 | slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39 | ||
2818 | 3751 | allows remote authenticated users to cause a denial of service (daemon crash) | ||
2819 | 3752 | via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION) control, a related | ||
2820 | 3753 | issue to CVE-2007-6698. | ||
2821 | 3754 | |||
2822 | 3755 | * References | ||
2823 | 3756 | - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-0658 | ||
2824 | 3757 | - http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5358 | ||
2825 | 3758 | |||
2826 | 3759 | -- Emanuele Gentili <emgent@emanuele-gentili.com> Sun, 02 Mar 2008 16:34:30 +0100 | ||
2827 | 3760 | |||
2828 | 3761 | openldap2.3 (2.4.7-5ubuntu1) hardy; urgency=low | ||
2829 | 3762 | |||
2830 | 3763 | * add AppArmor profile | ||
2831 | 3764 | + debian/apparmor-profile | ||
2832 | 3765 | + debian/slapd.postinst: Reload AA profile on configuration | ||
2833 | 3766 | * updated debian/slapd.README.Debian for note on AppArmor | ||
2834 | 3767 | * debian/control: Replaces apparmor-profiles << 2.1+1075-0ubuntu4 as we | ||
2835 | 3768 | should now take control | ||
2836 | 3769 | * debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4 | ||
2837 | 3770 | to make sure that if earlier version of apparmor-profiles gets installed | ||
2838 | 3771 | it won't overwrite our profile | ||
2839 | 3772 | * Modify Maintainer value to match the DebianMaintainerField | ||
2840 | 3773 | specification. | ||
2841 | 3774 | |||
2842 | 3775 | -- Jamie Strandboge <jamie@ubuntu.com> Wed, 13 Feb 2008 17:15:41 +0000 | ||
2843 | 3776 | |||
2844 | 1250 | openldap2.3 (2.4.7-5) unstable; urgency=low | 3777 | openldap2.3 (2.4.7-5) unstable; urgency=low |
2845 | 1251 | 3778 | ||
2846 | 1252 | [ Updated debconf translations ] | 3779 | [ Updated debconf translations ] |
2847 | diff --git a/debian/configure.options b/debian/configure.options | |||
2848 | index 08a55e0..9d3704e 100644 | |||
2849 | --- a/debian/configure.options | |||
2850 | +++ b/debian/configure.options | |||
2851 | @@ -175,6 +175,7 @@ | |||
2852 | 175 | # --with-fetch with fetch(3) URL support [auto] | 175 | # --with-fetch with fetch(3) URL support [auto] |
2853 | 176 | # --with-threads with threads [auto] | 176 | # --with-threads with threads [auto] |
2854 | 177 | --with-threads | 177 | --with-threads |
2855 | 178 | --with-gssapi | ||
2856 | 178 | # --with-tls with TLS/SSL support auto|openssl|gnutls|moznss [auto] | 179 | # --with-tls with TLS/SSL support auto|openssl|gnutls|moznss [auto] |
2857 | 179 | --with-tls=gnutls | 180 | --with-tls=gnutls |
2858 | 180 | # --with-yielding-select with implicitly yielding select [auto] | 181 | # --with-yielding-select with implicitly yielding select [auto] |
2859 | diff --git a/debian/control b/debian/control | |||
2860 | index fa7c8a1..f8060d2 100644 | |||
2861 | --- a/debian/control | |||
2862 | +++ b/debian/control | |||
2863 | @@ -1,14 +1,16 @@ | |||
2864 | 1 | Source: openldap | 1 | Source: openldap |
2865 | 2 | Section: net | 2 | Section: net |
2866 | 3 | Priority: optional | 3 | Priority: optional |
2868 | 4 | Maintainer: Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org> | 4 | Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com> |
2869 | 5 | XSBC-Original-Maintainer: Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org> | ||
2870 | 5 | Uploaders: Steve Langasek <vorlon@debian.org>, | 6 | Uploaders: Steve Langasek <vorlon@debian.org>, |
2871 | 6 | Torsten Landschoff <torsten@debian.org>, | 7 | Torsten Landschoff <torsten@debian.org>, |
2872 | 7 | Ryan Tandy <ryan@nardis.ca> | 8 | Ryan Tandy <ryan@nardis.ca> |
2873 | 8 | Build-Depends: debhelper (>= 10), | 9 | Build-Depends: debhelper (>= 10), |
2874 | 10 | dh-apparmor, | ||
2875 | 9 | dpkg-dev (>= 1.17.14), | 11 | dpkg-dev (>= 1.17.14), |
2876 | 10 | groff-base, | 12 | groff-base, |
2878 | 11 | heimdal-multidev (>= 7.4.0.dfsg.1-1~) <!pkg.openldap.noslapd>, | 13 | heimdal-dev (>= 7.4.0.dfsg.1-1~) <!pkg.openldap.noslapd>, |
2879 | 12 | libargon2-dev <!pkg.openldap.noslapd>, | 14 | libargon2-dev <!pkg.openldap.noslapd>, |
2880 | 13 | libdb5.3-dev <!pkg.openldap.noslapd>, | 15 | libdb5.3-dev <!pkg.openldap.noslapd>, |
2881 | 14 | libgnutls28-dev, | 16 | libgnutls28-dev, |
2882 | @@ -35,7 +37,7 @@ Depends: ${shlibs:Depends}, libldap-2.4-2 (= ${binary:Version}), | |||
2883 | 35 | coreutils (>= 4.5.1-1), psmisc, perl:any (>> 5.8.0) | libmime-base64-perl, | 37 | coreutils (>= 4.5.1-1), psmisc, perl:any (>> 5.8.0) | libmime-base64-perl, |
2884 | 36 | adduser, lsb-base (>= 3.2-13), ${perl:Depends}, ${misc:Depends} | 38 | adduser, lsb-base (>= 3.2-13), ${perl:Depends}, ${misc:Depends} |
2885 | 37 | Recommends: libsasl2-modules | 39 | Recommends: libsasl2-modules |
2887 | 38 | Suggests: ldap-utils, | 40 | Suggests: ldap-utils, ufw, |
2888 | 39 | libsasl2-modules-gssapi-mit | libsasl2-modules-gssapi-heimdal | 41 | libsasl2-modules-gssapi-mit | libsasl2-modules-gssapi-heimdal |
2889 | 40 | Conflicts: umich-ldapd, ldap-server, libltdl3 (= 1.5.4-1) | 42 | Conflicts: umich-ldapd, ldap-server, libltdl3 (= 1.5.4-1) |
2890 | 41 | Replaces: libldap2, ldap-utils (<< 2.2.23-3) | 43 | Replaces: libldap2, ldap-utils (<< 2.2.23-3) |
2891 | diff --git a/debian/libldap-2.4-2.symbols b/debian/libldap-2.4-2.symbols | |||
2892 | index d42ccec..55421bc 100644 | |||
2893 | --- a/debian/libldap-2.4-2.symbols | |||
2894 | +++ b/debian/libldap-2.4-2.symbols | |||
2895 | @@ -118,6 +118,7 @@ liblber-2.4.so.2 libldap-2.4-2 #MINVER# | |||
2896 | 118 | ber_sockbuf_io_fd@OPENLDAP_2.4_2 2.4.7 | 118 | ber_sockbuf_io_fd@OPENLDAP_2.4_2 2.4.7 |
2897 | 119 | ber_sockbuf_io_readahead@OPENLDAP_2.4_2 2.4.7 | 119 | ber_sockbuf_io_readahead@OPENLDAP_2.4_2 2.4.7 |
2898 | 120 | ber_sockbuf_io_tcp@OPENLDAP_2.4_2 2.4.7 | 120 | ber_sockbuf_io_tcp@OPENLDAP_2.4_2 2.4.7 |
2899 | 121 | ber_sockbuf_io_udp@OPENLDAP_2.4_2 2.4.17-1ubuntu2 | ||
2900 | 121 | ber_sockbuf_remove_io@OPENLDAP_2.4_2 2.4.7 | 122 | ber_sockbuf_remove_io@OPENLDAP_2.4_2 2.4.7 |
2901 | 122 | ber_sos_dump@OPENLDAP_2.4_2 2.4.7 | 123 | ber_sos_dump@OPENLDAP_2.4_2 2.4.7 |
2902 | 123 | ber_start@OPENLDAP_2.4_2 2.4.7 | 124 | ber_start@OPENLDAP_2.4_2 2.4.7 |
2903 | @@ -280,6 +281,11 @@ libldap_r-2.4.so.2 libldap-2.4-2 #MINVER# | |||
2904 | 280 | ldap_int_flush_request@OPENLDAP_2.4_2 2.4.7 | 281 | ldap_int_flush_request@OPENLDAP_2.4_2 2.4.7 |
2905 | 281 | ldap_int_global_options@OPENLDAP_2.4_2 2.4.7 | 282 | ldap_int_global_options@OPENLDAP_2.4_2 2.4.7 |
2906 | 282 | ldap_int_gmtime_mutex@OPENLDAP_2.4_2 2.4.23 | 283 | ldap_int_gmtime_mutex@OPENLDAP_2.4_2 2.4.23 |
2907 | 284 | ldap_int_gssapi_close@OPENLDAP_2.4_2 2.4.18-0ubuntu2 | ||
2908 | 285 | ldap_int_gssapi_config@OPENLDAP_2.4_2 2.4.18-0ubuntu2 | ||
2909 | 286 | ldap_int_gssapi_get_option@OPENLDAP_2.4_2 2.4.18-0ubuntu2 | ||
2910 | 287 | ldap_int_gssapi_mutex@OPENLDAP_2.4_2 2.4.18-0ubuntu2 | ||
2911 | 288 | ldap_int_gssapi_set_option@OPENLDAP_2.4_2 2.4.18-0ubuntu2 | ||
2912 | 283 | ldap_int_hostname@OPENLDAP_2.4_2 2.4.7 | 289 | ldap_int_hostname@OPENLDAP_2.4_2 2.4.7 |
2913 | 284 | ldap_int_hostname_mutex@OPENLDAP_2.4_2 2.4.39 | 290 | ldap_int_hostname_mutex@OPENLDAP_2.4_2 2.4.39 |
2914 | 285 | ldap_int_inet4or6@OPENLDAP_2.4_2 2.4.7 | 291 | ldap_int_inet4or6@OPENLDAP_2.4_2 2.4.7 |
2915 | @@ -312,6 +318,7 @@ libldap_r-2.4.so.2 libldap-2.4-2 #MINVER# | |||
2916 | 312 | ldap_int_tls_start@OPENLDAP_2.4_2 2.4.7 | 318 | ldap_int_tls_start@OPENLDAP_2.4_2 2.4.7 |
2917 | 313 | ldap_int_utils_init@OPENLDAP_2.4_2 2.4.7 | 319 | ldap_int_utils_init@OPENLDAP_2.4_2 2.4.7 |
2918 | 314 | ldap_is_ldap_url@OPENLDAP_2.4_2 2.4.7 | 320 | ldap_is_ldap_url@OPENLDAP_2.4_2 2.4.7 |
2919 | 321 | ldap_is_ldapc_url@OPENLDAP_2.4_2 2.4.17-1ubuntu2 | ||
2920 | 315 | ldap_is_ldapi_url@OPENLDAP_2.4_2 2.4.7 | 322 | ldap_is_ldapi_url@OPENLDAP_2.4_2 2.4.7 |
2921 | 316 | ldap_is_ldaps_url@OPENLDAP_2.4_2 2.4.7 | 323 | ldap_is_ldaps_url@OPENLDAP_2.4_2 2.4.7 |
2922 | 317 | ldap_is_read_ready@OPENLDAP_2.4_2 2.4.7 | 324 | ldap_is_read_ready@OPENLDAP_2.4_2 2.4.7 |
2923 | diff --git a/debian/patches/contrib-makefiles b/debian/patches/contrib-makefiles | |||
2924 | index 0aea4c3..bf04e60 100644 | |||
2925 | --- a/debian/patches/contrib-makefiles | |||
2926 | +++ b/debian/patches/contrib-makefiles | |||
2927 | @@ -183,3 +183,24 @@ | |||
2928 | 183 | -rpath $(moduledir) -module -o $@ $? $(LIBS) | 183 | -rpath $(moduledir) -module -o $@ $? $(LIBS) |
2929 | 184 | 184 | ||
2930 | 185 | clean: | 185 | clean: |
2931 | 186 | --- a/contrib/slapd-modules/nssov/Makefile | ||
2932 | 187 | +++ b/contrib/slapd-modules/nssov/Makefile | ||
2933 | 188 | @@ -52,15 +52,15 @@ | ||
2934 | 189 | .SUFFIXES: .c .o .lo | ||
2935 | 190 | |||
2936 | 191 | .c.lo: | ||
2937 | 192 | - $(LIBTOOL) --mode=compile $(CC) $(OPT) $(DEFS) $(INCS) -c $< | ||
2938 | 193 | + $(LIBTOOL) --mode=compile $(CC) $(CFLAGS) $(CPPFLAGS) $(DEFS) $(INCS) -c $< | ||
2939 | 194 | |||
2940 | 195 | tio.lo: nss-pam-ldapd/tio.c | ||
2941 | 196 | - $(LIBTOOL) --mode=compile $(CC) $(OPT) $(DEFS) $(INCS) -c $? | ||
2942 | 197 | + $(LIBTOOL) --mode=compile $(CC) $(CFLAGS) $(CPPFLAGS) $(DEFS) $(INCS) -c $? | ||
2943 | 198 | |||
2944 | 199 | $(OBJS): nssov.h | ||
2945 | 200 | |||
2946 | 201 | nssov.la: $(OBJS) $(XOBJS) | ||
2947 | 202 | - $(LIBTOOL) --mode=link $(CC) $(OPT) -version-info 0:0:0 \ | ||
2948 | 203 | + $(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -version-info 0:0:0 \ | ||
2949 | 204 | -rpath $(moduledir) -module -o $@ $(OBJS) $(XOBJS) $(LIBS) | ||
2950 | 205 | |||
2951 | 206 | install: nssov.la | ||
2952 | diff --git a/debian/patches/fix_test_timing.patch b/debian/patches/fix_test_timing.patch | |||
2953 | 186 | new file mode 100644 | 207 | new file mode 100644 |
2954 | index 0000000..bc57140 | |||
2955 | --- /dev/null | |||
2956 | +++ b/debian/patches/fix_test_timing.patch | |||
2957 | @@ -0,0 +1,27 @@ | |||
2958 | 1 | Description: fix test timing on slow builders such as riscv64 | ||
2959 | 2 | Author: Marc Deslauriers <marc.deslauriers@canonical.com> | ||
2960 | 3 | |||
2961 | 4 | --- a/tests/data/ppolicy.ldif | ||
2962 | 5 | +++ b/tests/data/ppolicy.ldif | ||
2963 | 6 | @@ -25,7 +25,7 @@ pwdLockoutDuration: 15 | ||
2964 | 7 | pwdInHistory: 6 | ||
2965 | 8 | pwdCheckQuality: 2 | ||
2966 | 9 | pwdExpireWarning: 10 | ||
2967 | 10 | -pwdMaxAge: 30 | ||
2968 | 11 | +pwdMaxAge: 40 | ||
2969 | 12 | pwdMinLength: 5 | ||
2970 | 13 | pwdGraceAuthnLimit: 3 | ||
2971 | 14 | pwdAllowUserChange: TRUE | ||
2972 | 15 | --- a/tests/scripts/test022-ppolicy | ||
2973 | 16 | +++ b/tests/scripts/test022-ppolicy | ||
2974 | 17 | @@ -100,8 +100,8 @@ if test $RC != 0 ; then | ||
2975 | 18 | fi | ||
2976 | 19 | |||
2977 | 20 | echo "Testing password expiration" | ||
2978 | 21 | -echo "Waiting 20 seconds for password to expire..." | ||
2979 | 22 | -sleep 20 | ||
2980 | 23 | +echo "Waiting 40 seconds for password to expire..." | ||
2981 | 24 | +sleep 40 | ||
2982 | 25 | |||
2983 | 26 | $LDAPSEARCH -e ppolicy -h $LOCALHOST -p $PORT1 -D "$USER" -w $PASS \ | ||
2984 | 27 | -b "$BASEDN" -s base > $SEARCHOUT 2>&1 | ||
2985 | diff --git a/debian/patches/gssapi.diff b/debian/patches/gssapi.diff | |||
2986 | 0 | new file mode 100644 | 28 | new file mode 100644 |
2987 | index 0000000..5bcf266 | |||
2988 | --- /dev/null | |||
2989 | +++ b/debian/patches/gssapi.diff | |||
2990 | @@ -0,0 +1,140 @@ | |||
2991 | 1 | --- a/configure.in | ||
2992 | 2 | +++ b/configure.in | ||
2993 | 3 | @@ -244,6 +244,8 @@ | ||
2994 | 4 | auto, [auto yes no] ) | ||
2995 | 5 | OL_ARG_WITH(fetch,[ --with-fetch with fetch(3) URL support], | ||
2996 | 6 | auto, [auto yes no] ) | ||
2997 | 7 | +OL_ARG_WITH(gssapi,[ --with-gssapi with GSSAPI support], | ||
2998 | 8 | + auto, [auto yes no] ) | ||
2999 | 9 | OL_ARG_WITH(threads,[ --with-threads with threads], | ||
3000 | 10 | auto, [auto nt posix mach pth lwp yes no manual] ) | ||
3001 | 11 | OL_ARG_WITH(tls,[ --with-tls with TLS/SSL support auto|openssl|gnutls|moznss], | ||
3002 | 12 | @@ -591,6 +593,7 @@ | ||
3003 | 13 | KRB4_LIBS= | ||
3004 | 14 | KRB5_LIBS= | ||
3005 | 15 | SASL_LIBS= | ||
3006 | 16 | +GSSAPI_LIBS= | ||
3007 | 17 | TLS_LIBS= | ||
3008 | 18 | MODULES_LIBS= | ||
3009 | 19 | SLAPI_LIBS= | ||
3010 | 20 | @@ -1153,6 +1156,63 @@ | ||
3011 | 21 | fi | ||
3012 | 22 | |||
3013 | 23 | dnl ---------------------------------------------------------------- | ||
3014 | 24 | +dnl GSSAPI | ||
3015 | 25 | +ol_link_gssapi=no | ||
3016 | 26 | + | ||
3017 | 27 | +case $ol_with_gssapi in yes | auto) | ||
3018 | 28 | + | ||
3019 | 29 | + ol_header_gssapi=no | ||
3020 | 30 | + AC_CHECK_HEADERS(gssapi/gssapi.h) | ||
3021 | 31 | + if test $ac_cv_header_gssapi_gssapi_h = yes ; then | ||
3022 | 32 | + ol_header_gssapi=yes | ||
3023 | 33 | + else | ||
3024 | 34 | + AC_CHECK_HEADERS(gssapi.h) | ||
3025 | 35 | + if test $ac_cv_header_gssapi_h = yes ; then | ||
3026 | 36 | + ol_header_gssapi=yes | ||
3027 | 37 | + fi | ||
3028 | 38 | + | ||
3029 | 39 | + dnl## not every gssapi has gss_oid_to_str() | ||
3030 | 40 | + dnl## as it's not defined in the GSSAPI V2 API | ||
3031 | 41 | + dnl## anymore | ||
3032 | 42 | + saveLIBS="$LIBS" | ||
3033 | 43 | + LIBS="$LIBS $GSSAPI_LIBS" | ||
3034 | 44 | + AC_CHECK_FUNCS(gss_oid_to_str) | ||
3035 | 45 | + LIBS="$saveLIBS" | ||
3036 | 46 | + fi | ||
3037 | 47 | + | ||
3038 | 48 | + if test $ol_header_gssapi = yes ; then | ||
3039 | 49 | + dnl## we check for gss_wrap | ||
3040 | 50 | + dnl## as it's new to the GSSAPI V2 API | ||
3041 | 51 | + AC_CHECK_LIB(gssapi, gss_wrap, | ||
3042 | 52 | + [ol_link_gssapi=yes;GSSAPI_LIBS="-lgssapi"], | ||
3043 | 53 | + [ol_link_gssapi=no]) | ||
3044 | 54 | + if test $ol_link_gssapi != yes ; then | ||
3045 | 55 | + AC_CHECK_LIB(gssapi_krb5, gss_wrap, | ||
3046 | 56 | + [ol_link_gssapi=yes;GSSAPI_LIBS="-lgssapi_krb5"], | ||
3047 | 57 | + [ol_link_gssapi=no]) | ||
3048 | 58 | + fi | ||
3049 | 59 | + if test $ol_link_gssapi != yes ; then | ||
3050 | 60 | + AC_CHECK_LIB(gss, gss_wrap, | ||
3051 | 61 | + [ol_link_gssapi=yes;GSSAPI_LIBS="-lgss"], | ||
3052 | 62 | + [ol_link_gssapi=no]) | ||
3053 | 63 | + fi | ||
3054 | 64 | + fi | ||
3055 | 65 | + | ||
3056 | 66 | + ;; | ||
3057 | 67 | +esac | ||
3058 | 68 | + | ||
3059 | 69 | +WITH_GSSAPI=no | ||
3060 | 70 | +if test $ol_link_gssapi = yes; then | ||
3061 | 71 | + AC_DEFINE(HAVE_GSSAPI, 1, [define if you have GSSAPI]) | ||
3062 | 72 | + WITH_GSSAPI=yes | ||
3063 | 73 | +elif test $ol_with_gssapi = auto ; then | ||
3064 | 74 | + AC_MSG_WARN([Could not locate GSSAPI package]) | ||
3065 | 75 | + AC_MSG_WARN([GSSAPI authentication not supported!]) | ||
3066 | 76 | +elif test $ol_with_gssapi = yes ; then | ||
3067 | 77 | + AC_MSG_ERROR([GSSAPI detection failed]) | ||
3068 | 78 | +fi | ||
3069 | 79 | + | ||
3070 | 80 | +dnl ---------------------------------------------------------------- | ||
3071 | 81 | dnl TLS/SSL | ||
3072 | 82 | |||
3073 | 83 | if test $ol_with_tls = yes ; then | ||
3074 | 84 | @@ -1928,6 +1988,13 @@ | ||
3075 | 85 | fi | ||
3076 | 86 | AC_SUBST(VERSION_OPTION) | ||
3077 | 87 | |||
3078 | 88 | +VERSION_OPTION="" | ||
3079 | 89 | +OL_SYMBOL_VERSIONING | ||
3080 | 90 | +if test $ol_cv_ld_version_script_option = yes ; then | ||
3081 | 91 | + VERSION_OPTION="-Wl,--version-script=" | ||
3082 | 92 | +fi | ||
3083 | 93 | +AC_SUBST(VERSION_OPTION) | ||
3084 | 94 | + | ||
3085 | 95 | dnl ---------------------------------------------------------------- | ||
3086 | 96 | if test $ol_enable_wrappers != no ; then | ||
3087 | 97 | AC_CHECK_HEADERS(tcpd.h,[ | ||
3088 | 98 | @@ -3159,6 +3226,7 @@ | ||
3089 | 99 | AC_SUBST(KRB4_LIBS) | ||
3090 | 100 | AC_SUBST(KRB5_LIBS) | ||
3091 | 101 | AC_SUBST(SASL_LIBS) | ||
3092 | 102 | +AC_SUBST(GSSAPI_LIBS) | ||
3093 | 103 | AC_SUBST(TLS_LIBS) | ||
3094 | 104 | AC_SUBST(MODULES_LIBS) | ||
3095 | 105 | AC_SUBST(SLAPI_LIBS) | ||
3096 | 106 | --- a/include/portable.hin | ||
3097 | 107 | +++ b/include/portable.hin | ||
3098 | 108 | @@ -253,6 +253,18 @@ | ||
3099 | 109 | /* Define to 1 if you have the <grp.h> header file. */ | ||
3100 | 110 | #undef HAVE_GRP_H | ||
3101 | 111 | |||
3102 | 112 | +/* define if you have GSSAPI */ | ||
3103 | 113 | +#undef HAVE_GSSAPI | ||
3104 | 114 | + | ||
3105 | 115 | +/* Define to 1 if you have the <gssapi/gssapi.h> header file. */ | ||
3106 | 116 | +#undef HAVE_GSSAPI_GSSAPI_H | ||
3107 | 117 | + | ||
3108 | 118 | +/* Define to 1 if you have the <gssapi.h> header file. */ | ||
3109 | 119 | +#undef HAVE_GSSAPI_H | ||
3110 | 120 | + | ||
3111 | 121 | +/* Define to 1 if you have the `gss_oid_to_str' function. */ | ||
3112 | 122 | +#undef HAVE_GSS_OID_TO_STR | ||
3113 | 123 | + | ||
3114 | 124 | /* Define to 1 if you have the `hstrerror' function. */ | ||
3115 | 125 | #undef HAVE_HSTRERROR | ||
3116 | 126 | |||
3117 | 127 | --- a/build/top.mk | ||
3118 | 128 | +++ b/build/top.mk | ||
3119 | 129 | @@ -190,9 +190,10 @@ | ||
3120 | 130 | KRB5_LIBS = @KRB5_LIBS@ | ||
3121 | 131 | KRB_LIBS = @KRB4_LIBS@ @KRB5_LIBS@ | ||
3122 | 132 | SASL_LIBS = @SASL_LIBS@ | ||
3123 | 133 | +GSSAPI_LIBS = @GSSAPI_LIBS@ | ||
3124 | 134 | TLS_LIBS = @TLS_LIBS@ | ||
3125 | 135 | AUTH_LIBS = @AUTH_LIBS@ | ||
3126 | 136 | -SECURITY_LIBS = $(SASL_LIBS) $(KRB_LIBS) $(TLS_LIBS) $(AUTH_LIBS) | ||
3127 | 137 | +SECURITY_LIBS = $(SASL_LIBS) $(KRB_LIBS) $(GSSAPI_LIBS) $(TLS_LIBS) $(AUTH_LIBS) | ||
3128 | 138 | |||
3129 | 139 | MODULES_CPPFLAGS = @SLAPD_MODULES_CPPFLAGS@ | ||
3130 | 140 | MODULES_LDFLAGS = @SLAPD_MODULES_LDFLAGS@ | ||
3131 | diff --git a/debian/patches/series b/debian/patches/series | |||
3132 | index 6181d9b..c93db6f 100644 | |||
3133 | --- a/debian/patches/series | |||
3134 | +++ b/debian/patches/series | |||
3135 | @@ -8,6 +8,7 @@ index-files-created-as-root | |||
3136 | 8 | sasl-default-path | 8 | sasl-default-path |
3137 | 9 | libldap-symbol-versions | 9 | libldap-symbol-versions |
3138 | 10 | getaddrinfo-is-threadsafe | 10 | getaddrinfo-is-threadsafe |
3139 | 11 | gssapi.diff | ||
3140 | 11 | do-not-second-guess-sonames | 12 | do-not-second-guess-sonames |
3141 | 12 | contrib-makefiles | 13 | contrib-makefiles |
3142 | 13 | smbk5pwd-makefile-manpage | 14 | smbk5pwd-makefile-manpage |
3143 | @@ -20,3 +21,4 @@ no-bdb-ABI-second-guessing | |||
3144 | 20 | ITS6035-olcauthzregex-needs-restart.patch | 21 | ITS6035-olcauthzregex-needs-restart.patch |
3145 | 21 | set-maintainer-name | 22 | set-maintainer-name |
3146 | 22 | ITS-9086-Add-debug-logging-for-more-GnuTLS-errors.patch | 23 | ITS-9086-Add-debug-logging-for-more-GnuTLS-errors.patch |
3147 | 24 | fix_test_timing.patch | ||
3148 | diff --git a/debian/patches/set-maintainer-name b/debian/patches/set-maintainer-name | |||
3149 | index 262b7ef..35f8f77 100644 | |||
3150 | --- a/debian/patches/set-maintainer-name | |||
3151 | +++ b/debian/patches/set-maintainer-name | |||
3152 | @@ -10,7 +10,7 @@ | |||
3153 | 10 | -else | 10 | -else |
3154 | 11 | - WHOWHERE="$USER@$(uname -n):$(pwd)" | 11 | - WHOWHERE="$USER@$(uname -n):$(pwd)" |
3155 | 12 | -fi | 12 | -fi |
3157 | 13 | +WHOWHERE="Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>" | 13 | +WHOWHERE="${DEB_MAINTAINER:-openldap}" |
3158 | 14 | 14 | ||
3159 | 15 | cat << __EOF__ | 15 | cat << __EOF__ |
3160 | 16 | /* This work is part of OpenLDAP Software <http://www.openldap.org/>. | 16 | /* This work is part of OpenLDAP Software <http://www.openldap.org/>. |
3161 | diff --git a/debian/rules b/debian/rules | |||
3162 | index 1eb0d5b..30cf8e0 100755 | |||
3163 | --- a/debian/rules | |||
3164 | +++ b/debian/rules | |||
3165 | @@ -7,13 +7,17 @@ include /usr/share/dpkg/pkg-info.mk | |||
3166 | 7 | # want the checks for DFSG-freeness. | 7 | # want the checks for DFSG-freeness. |
3167 | 8 | #DFSG_NONFREE = 1 | 8 | #DFSG_NONFREE = 1 |
3168 | 9 | 9 | ||
3170 | 10 | export DEB_CFLAGS_MAINT_APPEND := -Wall -Wno-format-extra-args -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE | 10 | export DEB_CFLAGS_MAINT_APPEND := -Wall -Wno-format-extra-args -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE -DLDAP_CONNECTIONLESS -I/usr/include/heimdal |
3171 | 11 | export DEB_LDFLAGS_MAINT_APPEND := -L/usr/lib/$(DEB_HOST_MULTIARCH)/heimdal | ||
3172 | 11 | export DEB_BUILD_MAINT_OPTIONS := hardening=+pie,+bindnow | 12 | export DEB_BUILD_MAINT_OPTIONS := hardening=+pie,+bindnow |
3173 | 12 | 13 | ||
3174 | 13 | # Configure calls AM_INIT_AUTOMAKE, but Automake fails as there is no Makefile.am. | 14 | # Configure calls AM_INIT_AUTOMAKE, but Automake fails as there is no Makefile.am. |
3175 | 14 | # Tell dh-autoreconf to skip automake. | 15 | # Tell dh-autoreconf to skip automake. |
3176 | 15 | export AUTOMAKE = true | 16 | export AUTOMAKE = true |
3177 | 16 | 17 | ||
3178 | 18 | # Expose maintainer address to build/mkversion (see debian/patches/set-maintainer-name) | ||
3179 | 19 | export DEB_MAINTAINER := $(shell sed -ne 's/^Maintainer:\s\+//p' debian/control) | ||
3180 | 20 | |||
3181 | 17 | # Expose DEB_VERSION to build/version.sh (see debian/patches/debian-version) | 21 | # Expose DEB_VERSION to build/version.sh (see debian/patches/debian-version) |
3182 | 18 | export DEB_VERSION | 22 | export DEB_VERSION |
3183 | 19 | 23 | ||
3184 | @@ -28,7 +32,7 @@ ifneq ($(filter pkg.openldap.noslapd,$(DEB_BUILD_PROFILES)),) | |||
3185 | 28 | CONFIG += --disable-slapd | 32 | CONFIG += --disable-slapd |
3186 | 29 | endif | 33 | endif |
3187 | 30 | 34 | ||
3189 | 31 | CONTRIB_MODULES = autogroup lastbind passwd passwd/argon2 passwd/pbkdf2 passwd/sha2 smbk5pwd | 35 | CONTRIB_MODULES = autogroup lastbind nssov passwd passwd/argon2 passwd/pbkdf2 passwd/sha2 smbk5pwd |
3190 | 32 | 36 | ||
3191 | 33 | # Ensure CC is set correctly for cross builds, unless it has already | 37 | # Ensure CC is set correctly for cross builds, unless it has already |
3192 | 34 | # been set explicitly. | 38 | # been set explicitly. |
3193 | @@ -48,7 +52,8 @@ CONTRIB_MAKEVARS := \ | |||
3194 | 48 | LDAP_BUILD='$(builddir)' \ | 52 | LDAP_BUILD='$(builddir)' \ |
3195 | 49 | prefix=/usr \ | 53 | prefix=/usr \ |
3196 | 50 | ldap_subdir=/ldap \ | 54 | ldap_subdir=/ldap \ |
3198 | 51 | moduledir='$$(libdir)$$(ldap_subdir)' | 55 | moduledir='$$(libdir)$$(ldap_subdir)' \ |
3199 | 56 | sysconfdir='/etc$$(ldap_subdir)' | ||
3200 | 52 | 57 | ||
3201 | 53 | # These variables are used only by get-orig-source, which will normally only | 58 | # These variables are used only by get-orig-source, which will normally only |
3202 | 54 | # be run by maintainers. | 59 | # be run by maintainers. |
3203 | @@ -162,6 +167,22 @@ endif | |||
3204 | 162 | find $(installdir)/usr/share/man -name \*.8 \ | 167 | find $(installdir)/usr/share/man -name \*.8 \ |
3205 | 163 | | xargs perl -pi -e 's#(\.TH \w+ 8)C#$$1#' | 168 | | xargs perl -pi -e 's#(\.TH \w+ 8)C#$$1#' |
3206 | 164 | 169 | ||
3207 | 170 | ifeq ($(filter stage1,$(DEB_BUILD_PROFILES)),) | ||
3208 | 171 | override_dh_install-arch: | ||
3209 | 172 | dh_install | ||
3210 | 173 | |||
3211 | 174 | # install AppArmor profile | ||
3212 | 175 | install -D -m 644 $(CURDIR)/debian/apparmor-profile $(CURDIR)/debian/slapd/etc/apparmor.d/usr.sbin.slapd | ||
3213 | 176 | |||
3214 | 177 | # install Apport hook | ||
3215 | 178 | install -D -m 644 $(CURDIR)/debian/slapd.py $(CURDIR)/debian/slapd/usr/share/apport/package-hooks/slapd.py | ||
3216 | 179 | |||
3217 | 180 | # install ufw profile | ||
3218 | 181 | install -D -m 644 $(CURDIR)/debian/slapd.ufw.profile $(CURDIR)/debian/slapd/etc/ufw/applications.d/slapd | ||
3219 | 182 | |||
3220 | 183 | dh_apparmor -pslapd --profile-name=usr.sbin.slapd | ||
3221 | 184 | endif | ||
3222 | 185 | |||
3223 | 165 | override_dh_installinit: | 186 | override_dh_installinit: |
3224 | 166 | dh_installinit -- "defaults 19 80" | 187 | dh_installinit -- "defaults 19 80" |
3225 | 167 | 188 | ||
3226 | @@ -222,6 +243,8 @@ ifeq ($(filter pkg.openldap.noslapd,$(DEB_BUILD_PROFILES)),) | |||
3227 | 222 | done; \ | 243 | done; \ |
3228 | 223 | fi | 244 | fi |
3229 | 224 | 245 | ||
3230 | 246 | rm -f contrib/slapd-modules/nssov/nss-pam-ldapd/config.sub contrib/slapd-modules/nssov/nss-pam-ldapd/config.guess | ||
3231 | 247 | |||
3232 | 225 | # Clean the contrib directory | 248 | # Clean the contrib directory |
3233 | 226 | for mod in $(CONTRIB_MODULES); do \ | 249 | for mod in $(CONTRIB_MODULES); do \ |
3234 | 227 | dh_auto_clean -Dcontrib/slapd-modules/$$mod -Bcontrib/slapd-modules/$$mod || exit $?; \ | 250 | dh_auto_clean -Dcontrib/slapd-modules/$$mod -Bcontrib/slapd-modules/$$mod || exit $?; \ |
3235 | diff --git a/debian/slapd.README.Debian b/debian/slapd.README.Debian | |||
3236 | index a43dfe4..216e6ac 100644 | |||
3237 | --- a/debian/slapd.README.Debian | |||
3238 | +++ b/debian/slapd.README.Debian | |||
3239 | @@ -204,8 +204,8 @@ Running slapd under a Different UID/GID | |||
3240 | 204 | 204 | ||
3241 | 205 | - Tell linux slapd can access configuration files -- usually: | 205 | - Tell linux slapd can access configuration files -- usually: |
3242 | 206 | 206 | ||
3245 | 207 | chgrp <group> /etc/ldap/slapd.conf | 207 | chgrp -R <group> /etc/ldap/slapd.d |
3246 | 208 | chmod 0640 /etc/ldap/slapd.conf | 208 | chmod -R g+rX /etc/ldap/slapd.d |
3247 | 209 | 209 | ||
3248 | 210 | - Tell linux slapd can access /var/run/slapd and write a PID file: | 210 | - Tell linux slapd can access /var/run/slapd and write a PID file: |
3249 | 211 | 211 | ||
3250 | @@ -339,3 +339,14 @@ Unsafe access control rule installed by default in previous versions | |||
3251 | 339 | slapd.access(5) man page. | 339 | slapd.access(5) man page. |
3252 | 340 | 340 | ||
3253 | 341 | -- Ryan Tandy <ryan@nardis.ca>, Mon, 20 Oct 2014 11:45:20 -0700 | 341 | -- Ryan Tandy <ryan@nardis.ca>, Mon, 20 Oct 2014 11:45:20 -0700 |
3254 | 342 | |||
3255 | 343 | Apparmor Profile | ||
3256 | 344 | ---------------- | ||
3257 | 345 | |||
3258 | 346 | If your system uses AppArmor, please note that the shipped enforcing profile | ||
3259 | 347 | works with the default installation, and changes in your configuration may | ||
3260 | 348 | require changes to the installed apparmor profile. Please see | ||
3261 | 349 | https://wiki.ubuntu.com/DebuggingApparmor before filing a bug against this | ||
3262 | 350 | software. | ||
3263 | 351 | |||
3264 | 352 | -- Jamie Strandboge <jamie@ubuntu.com>, Mon, 4 Feb 2008 21:18:21 -0500 | ||
3265 | diff --git a/debian/slapd.default b/debian/slapd.default | |||
3266 | index 372b8f4..4212e07 100644 | |||
3267 | --- a/debian/slapd.default | |||
3268 | +++ b/debian/slapd.default | |||
3269 | @@ -12,7 +12,7 @@ SLAPD_USER="openldap" | |||
3270 | 12 | SLAPD_GROUP="openldap" | 12 | SLAPD_GROUP="openldap" |
3271 | 13 | 13 | ||
3272 | 14 | # Path to the pid file of the slapd server. If not set the init.d script | 14 | # Path to the pid file of the slapd server. If not set the init.d script |
3274 | 15 | # will try to figure it out from $SLAPD_CONF (/etc/ldap/slapd.conf by | 15 | # will try to figure it out from $SLAPD_CONF (/etc/ldap/slapd.d by |
3275 | 16 | # default) | 16 | # default) |
3276 | 17 | SLAPD_PIDFILE= | 17 | SLAPD_PIDFILE= |
3277 | 18 | 18 | ||
3278 | diff --git a/debian/slapd.install b/debian/slapd.install | |||
3279 | index 0987dad..206a208 100644 | |||
3280 | --- a/debian/slapd.install | |||
3281 | +++ b/debian/slapd.install | |||
3282 | @@ -54,5 +54,7 @@ usr/lib/ldap/autogroup.so* | |||
3283 | 54 | usr/lib/ldap/autogroup.la | 54 | usr/lib/ldap/autogroup.la |
3284 | 55 | usr/lib/ldap/lastbind.so* | 55 | usr/lib/ldap/lastbind.so* |
3285 | 56 | usr/lib/ldap/lastbind.la | 56 | usr/lib/ldap/lastbind.la |
3286 | 57 | usr/lib/ldap/nssov.so* | ||
3287 | 58 | usr/lib/ldap/nssov.la | ||
3288 | 57 | usr/lib/ldap/pw-sha2.so* | 59 | usr/lib/ldap/pw-sha2.so* |
3289 | 58 | usr/lib/ldap/pw-sha2.la | 60 | usr/lib/ldap/pw-sha2.la |
3290 | diff --git a/debian/slapd.manpages b/debian/slapd.manpages | |||
3291 | index ffd3243..25f6d43 100644 | |||
3292 | --- a/debian/slapd.manpages | |||
3293 | +++ b/debian/slapd.manpages | |||
3294 | @@ -43,3 +43,4 @@ debian/tmp/usr/share/man/man5/slapo-valsort.5 | |||
3295 | 43 | 43 | ||
3296 | 44 | # contrib modules installed in main package | 44 | # contrib modules installed in main package |
3297 | 45 | debian/tmp/usr/share/man/man5/slapo-lastbind.5 | 45 | debian/tmp/usr/share/man/man5/slapo-lastbind.5 |
3298 | 46 | contrib/slapd-modules/nssov/slapo-nssov.5 | ||
3299 | diff --git a/debian/slapd.py b/debian/slapd.py | |||
3300 | 46 | new file mode 100644 | 47 | new file mode 100644 |
3301 | index 0000000..7d78699 | |||
3302 | --- /dev/null | |||
3303 | +++ b/debian/slapd.py | |||
3304 | @@ -0,0 +1,51 @@ | |||
3305 | 1 | #!/usr/bin/python | ||
3306 | 2 | |||
3307 | 3 | '''apport hook for slapd | ||
3308 | 4 | |||
3309 | 5 | (c) 2010 Adam Sommer. | ||
3310 | 6 | Author: Adam Sommer <asommer@ubuntu.com> | ||
3311 | 7 | |||
3312 | 8 | This program is free software; you can redistribute it and/or modify it | ||
3313 | 9 | under the terms of the GNU General Public License as published by the | ||
3314 | 10 | Free Software Foundation; either version 2 of the License, or (at your | ||
3315 | 11 | option) any later version. See http://www.gnu.org/copyleft/gpl.html for | ||
3316 | 12 | the full text of the license. | ||
3317 | 13 | ''' | ||
3318 | 14 | |||
3319 | 15 | from apport.hookutils import * | ||
3320 | 16 | import os | ||
3321 | 17 | |||
3322 | 18 | # Scrub olcRootPW attribute and credentials strings if necessary. | ||
3323 | 19 | def scrub_pass_strings(config): | ||
3324 | 20 | olcrootpw_regex = re.compile('olcRootPW:.*') | ||
3325 | 21 | olcrootpw_string = olcrootpw_regex.search(config) | ||
3326 | 22 | if olcrootpw_string: | ||
3327 | 23 | config = config.replace(olcrootpw_string.group(0), 'olcRootPW: @@APPORTREPLACED@@') | ||
3328 | 24 | |||
3329 | 25 | credentials_regex = re.compile('credentials=.* ') | ||
3330 | 26 | credentials_string = credentials_regex.search(config) | ||
3331 | 27 | if credentials_string: | ||
3332 | 28 | config = config.replace(credentials_string.group(0), 'credentials=@@APPORTREPLACED@@ ') | ||
3333 | 29 | |||
3334 | 30 | return config | ||
3335 | 31 | |||
3336 | 32 | def add_info(report, ui): | ||
3337 | 33 | response = ui.yesno("The contents of your /etc/ldap/slapd.d directory " | ||
3338 | 34 | "may help developers diagnose your bug more " | ||
3339 | 35 | "quickly. However, it may contain sensitive " | ||
3340 | 36 | "information. Do you want to include it in your " | ||
3341 | 37 | "bug report?") | ||
3342 | 38 | |||
3343 | 39 | if response == None: # user cancelled | ||
3344 | 40 | raise StopIteration | ||
3345 | 41 | |||
3346 | 42 | elif response == True: | ||
3347 | 43 | # Get the cn=config tree. | ||
3348 | 44 | cn_config = root_command_output(['/usr/bin/ldapsearch', '-Q', '-LLL', '-Y EXTERNAL', '-H ldapi:///', '-b cn=config']) | ||
3349 | 45 | report['CNConfig'] = scrub_pass_strings(cn_config) | ||
3350 | 46 | |||
3351 | 47 | # Get slapd messages from /var/log/syslog | ||
3352 | 48 | slapd_re = re.compile('slapd', re.IGNORECASE) | ||
3353 | 49 | report['SysLog'] = recent_syslog(slapd_re) | ||
3354 | 50 | |||
3355 | 51 | attach_mac_events(report, '/usr/sbin/slapd') | ||
3356 | diff --git a/debian/slapd.scripts-common b/debian/slapd.scripts-common | |||
3357 | index b2b3d3d..0dc0045 100644 | |||
3358 | --- a/debian/slapd.scripts-common | |||
3359 | +++ b/debian/slapd.scripts-common | |||
3360 | @@ -175,8 +175,7 @@ dump_config() { # {{{ | |||
3361 | 175 | dump_databases() { # {{{ | 175 | dump_databases() { # {{{ |
3362 | 176 | # If the user wants us to dump the databases they are dumped to the | 176 | # If the user wants us to dump the databases they are dumped to the |
3363 | 177 | # configured directory. | 177 | # configured directory. |
3366 | 178 | 178 | local db suffix file dir failed slapcat_opts | |
3365 | 179 | local db suffix file dir failed | ||
3367 | 180 | 179 | ||
3368 | 181 | database_dumping_enabled || return 0 | 180 | database_dumping_enabled || return 0 |
3369 | 182 | 181 | ||
3370 | @@ -365,6 +364,12 @@ compute_backup_path() { # {{{ | |||
3371 | 365 | id="$OLD_VERSION" | 364 | id="$OLD_VERSION" |
3372 | 366 | [ -n "$id" ] || id=`date +%Y%m%d-%H%M%S` | 365 | [ -n "$id" ] || id=`date +%Y%m%d-%H%M%S` |
3373 | 367 | target="/var/backups/$basedn-$id.ldapdb" | 366 | target="/var/backups/$basedn-$id.ldapdb" |
3374 | 367 | # Configuration via dpkg-reconfigure. | ||
3375 | 368 | # The backup directory already exists when reconfigured | ||
3376 | 369 | # twice or more: append a timestamp. | ||
3377 | 370 | if [ -e "${target}" ] && ([ "$MODE" = reconfigure ] || [ "$DEBCONF_RECONFIGURE" ]); then | ||
3378 | 371 | target="$target-`date +%Y%m%d-%H%M%S`" | ||
3379 | 372 | fi | ||
3380 | 368 | if [ -e "$target" ] && [ -z "$ok_exists" ]; then | 373 | if [ -e "$target" ] && [ -z "$ok_exists" ]; then |
3381 | 369 | echo >&2 | 374 | echo >&2 |
3382 | 370 | echo >&2 " Backup path $target exists. Giving up..." | 375 | echo >&2 " Backup path $target exists. Giving up..." |
3383 | diff --git a/debian/slapd.ufw.profile b/debian/slapd.ufw.profile | |||
3384 | 371 | new file mode 100644 | 376 | new file mode 100644 |
3385 | index 0000000..3c4f676 | |||
3386 | --- /dev/null | |||
3387 | +++ b/debian/slapd.ufw.profile | |||
3388 | @@ -0,0 +1,9 @@ | |||
3389 | 1 | [OpenLDAP LDAP] | ||
3390 | 2 | title=OpenLDAP with TLS | ||
3391 | 3 | description=OpenLDAP is a free, fast, lightweight LDAP server | ||
3392 | 4 | ports=389/tcp | ||
3393 | 5 | |||
3394 | 6 | [OpenLDAP LDAPS] | ||
3395 | 7 | title=OpenLDAP over SSL | ||
3396 | 8 | description=OpenLDAP is a free, fast, lightweight LDAP server | ||
3397 | 9 | ports=636/tcp |
I got this review via email from Ryan Tandy, the debian maintainer of openldap. ">" are his comments, and my reply below.
> - dropping GSSAPI is an ABI break (removing public symbols), therefore I
> think it requires a SONAME change and transition. I was going to
> propose dropping this when we eventually update to 2.5 as I don't
> foresee a SONAME bump happening sooner.
After an LTS is the right time to drop such an old delta, that was /bugs.launchpad .net/ubuntu/ +source/ openldap/ +bug/495418/ comments/ 2
even requested by (now upstream)
https:/
We should be able to rely on the symbols file to handle upgrades, no?
Or do you mean in terms of debian policy the soname must change?
> - dropping nssov breaks upgrades for anyone who has it enabled, unless
> you specifically add scripting to detect and disable it. I guess the
> numbers of users is small but I know at least one person who was (not
> sure whether still is) using nssov.
Scripting with the cn=config backend is tough. And just removing nssov
for the sake of having slapd start up fine would hide the change
somewhat.
For both these changes, we will certainly need release notes, and I
wrote this down already to add to the notes when we are closer to
release. I can also email ubuntu-server@ or even ubuntu-devel@ to get
a feeling who is using these, and what people think. I also think that
right after the LTS is a good time to tackle this problem and drop
stuff we don't use anymore, nor want our users still use. The nss
overlay requires "the client-side stuf library from nss-pam-ldapd",
which we only have in universe since precise, and I would like to
standardize on sssd as much as possible.