Merge ~ahasenack/ubuntu/+source/openldap:groovy-openldap-2.4.50-merge-and-delta-drop into ubuntu/+source/openldap:debian/sid

Proposed by Andreas Hasenack
Status: Merged
Approved by: Andreas Hasenack
Approved revision: 890c4eea118142866ff23abe7b8be5d408316d98
Merge reported by: Andreas Hasenack
Merged at revision: 890c4eea118142866ff23abe7b8be5d408316d98
Proposed branch: ~ahasenack/ubuntu/+source/openldap:groovy-openldap-2.4.50-merge-and-delta-drop
Merge into: ubuntu/+source/openldap:debian/sid
Diff against target: 3397 lines (+2901/-12)
18 files modified
debian/apparmor-profile (+60/-0)
debian/changelog (+2527/-0)
debian/configure.options (+1/-0)
debian/control (+5/-3)
debian/libldap-2.4-2.symbols (+7/-0)
debian/patches/contrib-makefiles (+21/-0)
debian/patches/fix_test_timing.patch (+27/-0)
debian/patches/gssapi.diff (+140/-0)
debian/patches/series (+2/-0)
debian/patches/set-maintainer-name (+1/-1)
debian/rules (+26/-3)
debian/slapd.README.Debian (+13/-2)
debian/slapd.default (+1/-1)
debian/slapd.install (+2/-0)
debian/slapd.manpages (+1/-0)
debian/slapd.py (+51/-0)
debian/slapd.scripts-common (+7/-2)
debian/slapd.ufw.profile (+9/-0)
Reviewer Review Type Date Requested Status
Christian Ehrhardt  (community) Approve
Canonical Server Team Pending
Review via email: mp+383797@code.launchpad.net

Description of the change

Most of the diff is in d/changelog, for carrying such a large delta for so long.

Debian merge of 2.4.50, plus a lot of delta drop. Let's go!

Bileto (still running, mostly done, i386 known failures so far): https://bileto.ubuntu.com/#/ticket/4053

I added sssd to that ticket because it has nice ldap integration tests.

First, remaining "normal" delta:
- apparmor
- ufw
- apport

The remaining bits:
    - d/slapd.scripts-common:
      - add slapcat_opts to local variables.
Added to debian in https://salsa.debian.org/openldap-team/openldap/-/commit/50a32c03d83ed8f8026a93da0fba0ef0b639a7ee

      - Fix backup directory naming for multiple reconfiguration.
Submitted to debian via https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=960449

    - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
Adopted by debian in https://salsa.debian.org/openldap-team/openldap/-/commit/50a32c03d83ed8f8026a93da0fba0ef0b639a7ee

    - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because
      of test timing issue.
Not submitted yet

    - d/p/set-maintainer-name: use the Maintainer field from d/control
      instead of hardcoding an email (LP: #1875697)
Submitted to debian via https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=960448

The drops!

I hope the reasoning for each drop, even though just a short sentence, is clarifying enough. Most of the drops are because we no longer ship likewise-open. But here we go:
- nss overlay: we don't need another name service switch module, we have standardized on sssd
- gssapi support: we still have it, via sasl gssapi. Bug #495418 (which introduced this delta) even has a comment from upstream asking us to drop this. This was also added because of likewise-open, it probably didn't work with sasl back then.
- olcRootDN for the ldif init: not worth keeping a delta for. It's just an authentication entity that there is no way for someone to authenticate as, but the ACL in that ldif grant the "manage" access to the sasl external entity, so that is in effect the new admin. There is no harm in keeping olcRootDN, so let's drop this.
- CLDAP support. Also added because of likewise-open. This was required for windows 2k domain joins, as cldap was the only way to query the server for what ldap suffixes it had, and other discovery things.
- show distribution in version: debian now shows the package version, which will have the "ubuntu" name in it in our case, so dropped (also requested in https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1875697). The delta I added makes the maintainer email dynamic, and I pushed that to debian too (but see the (*) remark above). The debian maintainer said in the bug he would accept something dynamic, so let's see if my parsing of d/control is ok.

That's it!

To post a comment you must log in.
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

I got this review via email from Ryan Tandy, the debian maintainer of openldap. ">" are his comments, and my reply below.

> - dropping GSSAPI is an ABI break (removing public symbols), therefore I
> think it requires a SONAME change and transition. I was going to
> propose dropping this when we eventually update to 2.5 as I don't
> foresee a SONAME bump happening sooner.

After an LTS is the right time to drop such an old delta, that was
even requested by (now upstream)
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/495418/comments/2

We should be able to rely on the symbols file to handle upgrades, no?
Or do you mean in terms of debian policy the soname must change?

> - dropping nssov breaks upgrades for anyone who has it enabled, unless
> you specifically add scripting to detect and disable it. I guess the
> numbers of users is small but I know at least one person who was (not
> sure whether still is) using nssov.

Scripting with the cn=config backend is tough. And just removing nssov
for the sake of having slapd start up fine would hide the change
somewhat.

For both these changes, we will certainly need release notes, and I
wrote this down already to add to the notes when we are closer to
release. I can also email ubuntu-server@ or even ubuntu-devel@ to get
a feeling who is using these, and what people think. I also think that
right after the LTS is a good time to tackle this problem and drop
stuff we don't use anymore, nor want our users still use. The nss
overlay requires "the client-side stuf library from nss-pam-ldapd",
which we only have in universe since precise, and I would like to
standardize on sssd as much as possible.

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

More comments. This time, ">" are mine:

On Tue, May 12, 2020 at 02:32:18PM -0300, Andreas Hasenack wrote:
>We should be able to rely on the symbols file to handle upgrades, no?
>Or do you mean in terms of debian policy the soname must change?

The symbols file tracks when new interfaces were added, but when
changing or removing already exported ones, the SONAME must change.

https://www.debian.org/doc/debian-policy/ch-sharedlibs.html#run-time-shared-libraries

>Scripting with the cn=config backend is tough. And just removing nssov
>for the sake of having slapd start up fine would hide the change
>somewhat.

Yeah. I was thinking more along the lines of failing the upgrade in
preinst if nssov is enabled, rather than get into a state where recovery
requires manual changes in /etc/ldap/slapd.d.

But the number of users affected is honestly going to be single-digit or
zero, so a release note is probably about all the effort it's worth.

>The nss overlay requires "the client-side stuf library from
>nss-pam-ldapd", which we only have in universe since precise, and I
>would like to standardize on sssd as much as possible.

ACK, recommending sssd makes sense for sure.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Looong changelog, but after reading it twice I agree.
Glad you could drop so much.

I like that you added the reasoning for each of them.
And I also agree that early in the post-LTS cycle is the right time to do so.

Also thanks for sending all the remaining bits that are applicable to Debian already.

This is so much I need to look a bit further, but so far it LGTM

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

ok, AFAICS old delta is retained correctly.
But a lot is going on, so I hope I didn't miss anything.

Hopefully you can drop more of the already submitted changes next time to further clean this up.

review: Approve
Revision history for this message
ben thielsen (btb-bitrate) wrote :

i use and prefer nss-pam-ldapd, so removing nssov would break things for my installations. it doesn't really matter to me if nssov is loaded/enabled/configured by the packaging system [in fact, i would prefer it not be, myself], but it's not clear to me what problem it causes to include it in the package, so people who want it can use it.

as a side note, it would be disappointing to see sssd pushed over nss-pam-ldapd, generally speaking.

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

As recommended by Ryan Tandy (debian maintainer of openldap), and after a discussion with my colleagues, we decided to not drop the gssapi and CLDAP deltas at this time, because that would require buming the soname of the openldap libraries, which is already at 2.4. When the next upstream major release happens, 2.5, that will be the right time to drop this delta. It's unfortunate, but it's the price to pay for having introduced that back in 2009 without much thinking ahead.

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

I emailed ubuntu-server@ about these changes, and also posted on the discourse forum.

https://lists.ubuntu.com/archives/ubuntu-server/2020-May/008333.html

https://discourse.ubuntu.com/t/cleaning-up-openldap-packaging/16287

ben thielsen (btb-bitrate), we can continue the nss overlay discussion there.

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

About the nssov removal, if the previous install is using the overlay, the upgrade fails, quite as expected:

May 21 19:05:20 groovy-nss-overlay slapd[1275]: lt_dlopenext failed: (nssov) file not found
...

Errors were encountered while processing:
 slapd
E: Sub-process /usr/bin/dpkg returned an error code (1)

Expected, but not very nice. Ryan Tandy suggested a check in preinst.

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

If I check for the nss overlay in slapd.preinst, and exit 1 (just for the sake of testing, let's assume there are debconf prompts asking what to do, and the user chose to abort), then we get:

(...)
Preparing to unpack .../slapd_2.4.50+dfsg-1ubuntu1~ppa4_amd64.deb ...
Saving current slapd configuration to /var/backups/slapd-2.4.49+dfsg-2ubuntu2...
nss overlay in use, aborting install
dpkg: error processing archive ./slapd_2.4.50+dfsg-1ubuntu1~ppa4_amd64.deb (--install):
 new slapd package pre-installation script subprocess returned error exit status 1
  Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.4.50+dfsg-1ubuntu1~ppa4... done.
Setting up libldap-common (2.4.50+dfsg-1ubuntu1~ppa4) ...
Setting up libldap-2.4-2:amd64 (2.4.50+dfsg-1ubuntu1~ppa4) ...
Setting up ldap-utils (2.4.50+dfsg-1ubuntu1~ppa4) ...
Processing triggers for man-db (2.9.1-1) ...
Processing triggers for libc-bin (2.31-0ubuntu9) ...
Errors were encountered while processing:
 ./slapd_2.4.50+dfsg-1ubuntu1~ppa4_amd64.deb
$ echo $?
1

Summary:
- apt exits 1, indicating a failure
- slapd stays at the previous version, but other packages remain upgraded
- slapd is restarted, but stays running instead of failing to come up

Removing the nss overlay configuration in postinst is complicated, error prone, and might render the system without a working login (assuming the overlay is being used in that system for logins: not always the case).

These are the options as far as I can see, at the moment:
a) don't remove nssov
b) remove nssov, and exit 1 in preinst if it's detected, with the outcome detailed above
c) remove nssov and not handle it. apt fails, slapd remains stopped at the end, system might be without a working logn
d) remove nssov, go through great lengths to remove it from slapd's config (very complicated due to cn=config and the fact that slapd doesn't support removing modules dynamically via ldap commands), and in the end have a running slapd, but without nssov. System might again be without a working login, if nssov was used for that on this system.

If we chose (a), I might as well fix bug #381829 and bug #1452087

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

I emailed ubuntu-devel[1] about the nssov situation, and will keep the overlay for now until I can come up with a better plan for its removal that doesn't horribly break upgrades for people who are using it.

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

And the link to my ubuntu-devel post, which I forgot to add in my previous comment:

https://lists.ubuntu.com/archives/ubuntu-devel/2020-May/041004.html

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

I updated the branch keeping the nssov delta, and I also rearranged the commits a bit so they are together where it makes sense:

a)
commit cee0c2496d9abaee94778cb201462300372d0763
Author: Andreas Hasenack <email address hidden>
Date: Fri Feb 8 18:23:23 2019 -0200

        - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
          - CLDAP (UDP) was added in 2.4.17-1ubuntu2
          - GSSAPI support was enabled in 2.4.18-0ubuntu2

I split this one up in two pieces, and folded them together each with the commit that added the feature. I also added notes about when this can be dropped:
commit b8787fe7f9e5ed0a9d3aabd0fe3c65c5a3d64db1
Author: Andreas Hasenack <email address hidden>
Date: Fri Feb 8 18:22:00 2019 -0200

        - Add support for CLDAP (UDP) support, back then required by
          likewise-open (first enabled in 2.4.17-1ubuntu2):
          + d/rules: Enable -DLDAP_CONNECTIONLESS
          + d/libldap-2.4-2.symbols: add symbols for CLDAP (UDP)
          This should be dropped when the soname changes.

and
commit 90eba5f78d1a44aa3b86956b6916edc8e518f9f8
Author: Andreas Hasenack <email address hidden>
Date: Fri Feb 8 18:16:01 2019 -0200

        - Enable GSSAPI support (first added in 2.4.18-0ubuntu2):
...
          + d/libldap-2.4-2.symbols: add symbols for GSSAPI support
          This should be dropped when the soname changes.

b)
commit a23fad285c57ba7ba8c2a14668c66e637a2a584a
Author: Andreas Hasenack <email address hidden>
Date: Mon Feb 11 09:18:28 2019 -0200

        - d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
          Debian bug #919136, we also have to patch the nssov makefile
          accordingly and thus update this patch.

Squashed the above commit into the one adding the nssov delta:
commit 3ebf10cacef2c35e7598c131118aea769b091427
Author: Andreas Hasenack <email address hidden>
Date: Fri Feb 8 18:19:09 2019 -0200

        - Enable nss overlay:
...
          + d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
            Debian bug #919136, we also have to patch the nssov makefile
            accordingly and thus update this patch.

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Finally, i also updated the commit messages with the correct list symbol for each indentation level. Basically, replaced many "-" with "+".

b76ceba... by Ryan Tandy

  * Added:
    - d/rules, debian/patches/set-maintainer-name: Extract maintainer
      address dynamically from debian/control. Thanks to Ryan Tandy
      <email address hidden> (Closes: #960448, LP: #1875697)

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

sigh, soname troubles plus this nssov thing - this clearly is one of the more ugly merged.
/me hugs Andreas

Re-reviewing the MP as it is right now ...

- Ack on not removing nssov (for now)
- Ack on keeping the bad symbols until we can soname bump
(both as discussed)

+1 on the new set of kept/dropped changes.

One thing if you want to experiment a bit more with it since we can't get rid of the extra features/symbols we have that came to my mind last weekend was deprecating them.
Would it be a reasonable delta to throw in some "deprecated" attributes via [1]?
That way - once we some day remove it - everyone linking against them would have had quite some time being told that they are deprecated.

One could think of a similar strategy for nssov to now yell/warn/message about that it will be dropped later in all places you can - to reduce the impact when you do it some time down the road. IIRC you already have the code to detect nssov and while I agree messing with the config is error-prone, warning that it should not be used would be fine IMHO.

[1]: https://gcc.gnu.org/onlinedocs/gcc-4.7.1/gcc/Type-Attributes.html#Type-Attributes

review: Needs Information
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

> One thing if you want to experiment a bit more with it since we can't get rid of
> the extra features/symbols we have that came to my mind last weekend was
> deprecating them. Would it be a reasonable delta to throw in some "deprecated"
> attributes via [1]?

I can play with this, but I'm not sure it's the right thing to do. These symbols are not deprecated, and they fall into two categories:

- cldap support: ber_sockbuf_io_udp and ldap_is_ldapc_url. Both defined in public header files:

include/lber.h:LBER_V( Sockbuf_IO ) ber_sockbuf_io_udp;

and

include/ldap.h:
#ifdef LDAP_CONNECTIONLESS
LDAP_F( int )
ldap_is_ldapc_url LDAP_P((
    LDAP_CONST char *url ));
#endif

Both are only used if LDAP_CONNECTIONLESS is defined.

- gssapi support
This is the "bad" one, as the delta we have is adding internal symbols to the symbols file. For example, ldap_int_gssapi_close is defined in ./libraries/libldap/ldap-int.h. This header file is not even shipped in the libldap2-dev package. Hm, since the header file isn't shipped, I wonder if these symbols can even be used?

Anyway, going back to the point of deprecating symbols, adding a patch that changes C code marking the, say, gssapi symbols deprecated isn't correct, as they shouldn't be exposed in the first place. Using them when linking with the ubuntu openldap packages (if possible, given we don't ship the corresponding header file), that is what is "deprecated", because we want to remove them.

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Hm, there are many other *_int_* symbols in the symbols file, also defined just in the -int header file that is not shipped. Meh.

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

I tested patching one attribute with that flag:

-LDAP_F(void) ldap_int_gssapi_close LDAP_P(( LDAP *ld, LDAPConn *lc ));
+LDAP_F(void) ldap_int_gssapi_close LDAP_P(( LDAP *ld, LDAPConn *lc )) __attribute__ ((deprecated));

The build shows this then:
../../../../libraries/libldap/gssapi.c: In function ‘ldap_int_gssapi_setup’:
../../../../libraries/libldap/gssapi.c:620:2: warning: ‘ldap_int_gssapi_close’ is deprecated [-Wdeprecated-declarations]
  620 | ldap_int_gssapi_close( ld, lc );
      | ^~~~~~~~~~~~~~~~~~~~~
../../../../libraries/libldap/gssapi.c:581:6: note: declared here
  581 | void ldap_int_gssapi_close( LDAP *ld, LDAPConn *lc )
      | ^~~~~~~~~~~~~~~~~~~~~

since that function is used internally, correctly. So I don't think it's a good approach.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Ok, thanks for trying - it was worth that but you have shown it doesn't match your case :-/

I was +1 otherwise on it, so +1 is all that is left after trying the deprecation trick.

review: Approve
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

About notifying the user that nssov will eventually be removed, I thought of these options:
- d/NEWS file. A bit weird, because we are not changing it yet, so I'm not sure this mechanism applies. But is an interesting notification mechanism for those who have apt-listchanges (I think that's the name) installed. It would only show once, thouch, iiuc.
- simple postinst "echo" lines. Can get lost in all those messages, but can show the warning with every upgrade if we want (i.e., do the check regardless of the package version that is being upgraded)

Any other ideas? Also keep in mind we might not be able to cleanly removed this overlay, so maybe adding these warnings now is premature.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

We know that eventually there will always be someone that misses it and later complain.
So don't let perfection be the enemy of progress and pick something that works for the majority.

For this particular case I'm fan of something very noisy on the upgrade if we detected it is in use.
That way the majority of users won't see anything and that is ok as it isn't "for them".
For all the others I think it would be good to be loud and noisy on upgrades.
Actually - we can detect that it is in use can we?

Furthermore orthogonal to the packaging changes something that you can find with a search engine, maybe release notes or server guide (or even a blog if you want). Whatever you think is best for you.

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

I'm actually -1 on adding notes about future upcoming changes to the packaging at the moment, when such changes aren't there. It's our intention, and that was communicated in 2 mailing lists and the discourse forum. I added a d/slapd.NEWS bit, but am ready to revert that.

421b8d2... by Andreas Hasenack

merge-changelogs

1c96234... by Andreas Hasenack

reconstruct-changelog

890c4ee... by Andreas Hasenack

update-maintainer

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

As I said above, "Whatever you think is best for you", so if ML+Discourse is what you want that is fine with me. The NEWS entry would be just another Delta with potentially low gain - so I'm ok if you drop it before upload.
I mostly wanted to spawn the idea of trying to communicate it, not define how exactly we do it.

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Thanks, sorry for misunderstanding.

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Tagging and uploading 890c4eea118142866ff23abe7b8be5d408316d98

$ git push pkg upload/2.4.50+dfsg-1ubuntu1
Enumerating objects: 94, done.
Counting objects: 100% (94/94), done.
Delta compression using up to 4 threads
Compressing objects: 100% (76/76), done.
Writing objects: 100% (78/78), 28.91 KiB | 1.11 MiB/s, done.
Total 78 (delta 55), reused 6 (delta 2)
To ssh://git.launchpad.net/~usd-import-team/ubuntu/+source/openldap
 * [new tag] upload/2.4.50+dfsg-1ubuntu1 -> upload/2.4.50+dfsg-1ubuntu1

$ dput ubuntu ../openldap_2.4.50+dfsg-1ubuntu1_source.changes
Checking signature on .changes
gpg: ../openldap_2.4.50+dfsg-1ubuntu1_source.changes: Valid signature from AC983EB5BF6BCBA9
Checking signature on .dsc
gpg: ../openldap_2.4.50+dfsg-1ubuntu1.dsc: Valid signature from AC983EB5BF6BCBA9
Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading openldap_2.4.50+dfsg-1ubuntu1.dsc: done.
  Uploading openldap_2.4.50+dfsg-1ubuntu1.debian.tar.xz: done.
  Uploading openldap_2.4.50+dfsg-1ubuntu1_source.buildinfo: done.
  Uploading openldap_2.4.50+dfsg-1ubuntu1_source.changes: done.
Successfully uploaded packages.

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

This migrated.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/debian/apparmor-profile b/debian/apparmor-profile
0new file mode 1006440new file mode 100644
index 0000000..793fa7b
--- /dev/null
+++ b/debian/apparmor-profile
@@ -0,0 +1,60 @@
1# vim:syntax=apparmor
2# Last Modified: Fri Jan 4 15:18:13 2008
3# Author: Jamie Strandboge <jamie@ubuntu.com>
4
5#include <tunables/global>
6
7/usr/sbin/slapd {
8 #include <abstractions/base>
9 #include <abstractions/nameservice>
10 #include <abstractions/p11-kit>
11
12 #include <abstractions/ssl_certs>
13 /etc/ssl/private/ r,
14 /etc/ssl/private/* r,
15
16 /etc/sasldb2 r,
17
18 capability dac_override,
19 capability net_bind_service,
20 capability setgid,
21 capability setuid,
22
23 /etc/gai.conf r,
24 /etc/hosts.allow r,
25 /etc/hosts.deny r,
26
27 # ldap files
28 /etc/ldap/** kr,
29 /etc/ldap/slapd.d/** rw,
30
31 # kerberos/gssapi
32 /dev/tty rw,
33 /etc/gss/mech.d/ r,
34 /etc/gss/mech.d/* kr,
35 /etc/krb5.keytab kr,
36 /etc/krb5/user/*/client.keytab kr,
37 owner /tmp/krb5cc_* rwk,
38 /var/tmp/ rw,
39 /var/tmp/** rw,
40
41 # the databases and logs
42 /var/lib/ldap/ r,
43 /var/lib/ldap/** rwk,
44
45 # lock file
46 /var/lib/ldap/alock kw,
47
48 # pid files and sockets
49 /{,var/}run/slapd/* w,
50 /{,var/}run/slapd/ldapi rw,
51 /{,var/}run/nslcd/socket rw,
52
53 /usr/lib/ldap/ r,
54 /usr/lib/ldap/* mr,
55
56 /usr/sbin/slapd mr,
57
58 # Site-specific additions and overrides. See local/README for details.
59 #include <local/usr.sbin.slapd>
60}
diff --git a/debian/changelog b/debian/changelog
index 7d3dc4c..504f29f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,69 @@
1openldap (2.4.50+dfsg-1ubuntu1) groovy; urgency=medium
2
3 * Merge with Debian unstable. Remaining changes:
4 - Enable AppArmor support:
5 + d/apparmor-profile: add AppArmor profile
6 + d/rules: use dh_apparmor
7 + d/control: Build-Depends on dh-apparmor
8 + d/slapd.README.Debian: add note about AppArmor
9 - Enable GSSAPI support (first added in 2.4.18-0ubuntu2):
10 + d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
11 - Add --with-gssapi support
12 - Make guess_service_principal() more robust when determining
13 principal
14 + d/configure.options: Configure with --with-gssapi
15 + d/control: Added heimdal-dev as a build depend
16 + d/rules:
17 - Explicitly add -I/usr/include/heimdal to CFLAGS.
18 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
19 + d/libldap-2.4-2.symbols: add symbols for GSSAPI support
20 This should be dropped when the soname changes.
21 - Enable ufw support:
22 + d/control: suggest ufw.
23 + d/rules: install ufw profile.
24 + d/slapd.ufw.profile: add ufw profile.
25 - Enable nss overlay:
26 + d/rules:
27 - add nssov to CONTRIB_MODULES
28 - add sysconfdir to CONTRIB_MAKEVARS
29 + d/slapd.install:
30 - install nssov overlay
31 + d/slapd.manpages:
32 - install slapo-nssov(5) man page
33 + d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
34 Debian bug #919136, we also have to patch the nssov makefile
35 accordingly and thus update this patch.
36 - d/{rules,slapd.py}: Add apport hook.
37 - d/slapd.scripts-common:
38 + add slapcat_opts to local variables.
39 + Fix backup directory naming for multiple reconfiguration.
40 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
41 - Add support for CLDAP (UDP) support, back then required by
42 likewise-open (first enabled in 2.4.17-1ubuntu2):
43 + d/rules: Enable -DLDAP_CONNECTIONLESS
44 + d/libldap-2.4-2.symbols: add symbols for CLDAP (UDP)
45 This should be dropped when the soname changes.
46 - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because
47 of test timing issue.
48 * Dropped:
49 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
50 either the default DIT nor via an Authn mapping.
51 [Not worth keeping a delta for, as having olcRootDN doesn't hurt]
52 - Show distribution in version:
53 - d/control: added lsb-release
54 - d/patches/fix-ldap-distribution.patch: show distribution in version
55 [Debian now shows the full package version]
56 - SECURITY UPDATE: denial of service via nested search filters
57 + debian/patches/CVE-2020-12243.patch: limit depth of nested
58 filters in servers/slapd/filter.c.
59 [Fixed upstream]
60 * Added:
61 - d/rules, debian/patches/set-maintainer-name: Extract maintainer
62 address dynamically from debian/control. Thanks to Ryan Tandy
63 <ryan@nardis.ca> (Closes: #960448, LP: #1875697)
64
65 -- Andreas Hasenack <andreas@canonical.com> Mon, 01 Jun 2020 09:19:58 -0300
66
1openldap (2.4.50+dfsg-1) unstable; urgency=medium67openldap (2.4.50+dfsg-1) unstable; urgency=medium
268
3 * New upstream release.69 * New upstream release.
@@ -40,6 +106,69 @@ openldap (2.4.49+dfsg-3) unstable; urgency=medium
40106
41 -- Ryan Tandy <ryan@nardis.ca> Sat, 04 Apr 2020 10:43:56 -0700107 -- Ryan Tandy <ryan@nardis.ca> Sat, 04 Apr 2020 10:43:56 -0700
42108
109openldap (2.4.49+dfsg-2ubuntu2) groovy; urgency=medium
110
111 * SECURITY UPDATE: denial of service via nested search filters
112 - debian/patches/CVE-2020-12243.patch: limit depth of nested filters in
113 servers/slapd/filter.c.
114 - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because of
115 test timing issue.
116 - CVE-2020-12243
117
118 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 01 May 2020 13:09:12 -0400
119
120openldap (2.4.49+dfsg-2ubuntu1) focal; urgency=medium
121
122 * Merge with Debian unstable (LP: #1866303). Remaining changes:
123 - Enable AppArmor support:
124 - d/apparmor-profile: add AppArmor profile
125 - d/rules: use dh_apparmor
126 - d/control: Build-Depends on dh-apparmor
127 - d/slapd.README.Debian: add note about AppArmor
128 - Enable GSSAPI support:
129 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
130 - Add --with-gssapi support
131 - Make guess_service_principal() more robust when determining
132 principal
133 [Dropped the ldap_gssapi_bind_s() hunk as that is already
134 - d/configure.options: Configure with --with-gssapi
135 - d/control: Added heimdal-dev as a build depend
136 - d/rules:
137 - Explicitly add -I/usr/include/heimdal to CFLAGS.
138 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
139 - Enable ufw support:
140 - d/control: suggest ufw.
141 - d/rules: install ufw profile.
142 - d/slapd.ufw.profile: add ufw profile.
143 - Enable nss overlay:
144 - d/rules:
145 - add nssov to CONTRIB_MODULES
146 - add sysconfdir to CONTRIB_MAKEVARS
147 - d/slapd.install:
148 - install nssov overlay
149 - d/slapd.manpages:
150 - install slapo-nssov(5) man page
151 - d/{rules,slapd.py}: Add apport hook.
152 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
153 either the default DIT nor via an Authn mapping.
154 - d/slapd.scripts-common:
155 - add slapcat_opts to local variables.
156 - Fix backup directory naming for multiple reconfiguration.
157 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
158 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
159 in the openldap library, as required by Likewise-Open
160 - Show distribution in version:
161 - d/control: added lsb-release
162 - d/patches/fix-ldap-distribution.patch: show distribution in version
163 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
164 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
165 - GSSAPI support was enabled in 2.4.18-0ubuntu2
166 - d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
167 Debian bug #919136, we also have to patch the nssov makefile
168 accordingly and thus update this patch.
169
170 -- Andreas Hasenack <andreas@canonical.com> Fri, 06 Mar 2020 11:39:12 -0300
171
43openldap (2.4.49+dfsg-2) unstable; urgency=medium172openldap (2.4.49+dfsg-2) unstable; urgency=medium
44173
45 * slapd.README.Debian: Document the initial setup performed by slapd's174 * slapd.README.Debian: Document the initial setup performed by slapd's
@@ -51,6 +180,62 @@ openldap (2.4.49+dfsg-2) unstable; urgency=medium
51180
52 -- Ryan Tandy <ryan@nardis.ca> Thu, 05 Mar 2020 12:59:46 -0800181 -- Ryan Tandy <ryan@nardis.ca> Thu, 05 Mar 2020 12:59:46 -0800
53182
183openldap (2.4.49+dfsg-1ubuntu1) focal; urgency=medium
184
185 * Merge with Debian unstable. Remaining changes:
186 - Enable AppArmor support:
187 - d/apparmor-profile: add AppArmor profile
188 - d/rules: use dh_apparmor
189 - d/control: Build-Depends on dh-apparmor
190 - d/slapd.README.Debian: add note about AppArmor
191 - Enable GSSAPI support:
192 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
193 - Add --with-gssapi support
194 - Make guess_service_principal() more robust when determining
195 principal
196 [Dropped the ldap_gssapi_bind_s() hunk as that is already
197 - d/configure.options: Configure with --with-gssapi
198 - d/control: Added heimdal-dev as a build depend
199 - d/rules:
200 - Explicitly add -I/usr/include/heimdal to CFLAGS.
201 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
202 - Enable ufw support:
203 - d/control: suggest ufw.
204 - d/rules: install ufw profile.
205 - d/slapd.ufw.profile: add ufw profile.
206 - Enable nss overlay:
207 - d/rules:
208 - add nssov to CONTRIB_MODULES
209 - add sysconfdir to CONTRIB_MAKEVARS
210 - d/slapd.install:
211 - install nssov overlay
212 - d/slapd.manpages:
213 - install slapo-nssov(5) man page
214 - d/{rules,slapd.py}: Add apport hook.
215 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
216 either the default DIT nor via an Authn mapping.
217 - d/slapd.scripts-common:
218 - add slapcat_opts to local variables.
219 - Fix backup directory naming for multiple reconfiguration.
220 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
221 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
222 in the openldap library, as required by Likewise-Open
223 - Show distribution in version:
224 - d/control: added lsb-release
225 - d/patches/fix-ldap-distribution.patch: show distribution in version
226 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
227 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
228 - GSSAPI support was enabled in 2.4.18-0ubuntu2
229 - d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
230 Debian bug #919136, we also have to patch the nssov makefile
231 accordingly and thus update this patch.
232 * Dropped:
233 - d/control: slapd can depend on perl:any since it only uses perl for
234 some maintainer and helper scripts.
235 [In 2.4.49+dfsg-1]
236
237 -- Andreas Hasenack <andreas@canonical.com> Mon, 10 Feb 2020 12:13:47 -0300
238
54openldap (2.4.49+dfsg-1) unstable; urgency=medium239openldap (2.4.49+dfsg-1) unstable; urgency=medium
55240
56 * New upstream release.241 * New upstream release.
@@ -79,6 +264,102 @@ openldap (2.4.49+dfsg-1) unstable; urgency=medium
79264
80 -- Ryan Tandy <ryan@nardis.ca> Thu, 06 Feb 2020 10:08:12 -0800265 -- Ryan Tandy <ryan@nardis.ca> Thu, 06 Feb 2020 10:08:12 -0800
81266
267openldap (2.4.48+dfsg-1ubuntu4) focal; urgency=medium
268
269 * d/control: slapd can depend on perl:any since it only uses perl for
270 some maintainer and helper scripts. The perl backend links against
271 the correct architecture perl libraries already. Can be dropped
272 after https://salsa.debian.org/openldap-team/openldap/commit/794c736
273 is in a Debian upload.
274
275 -- Andreas Hasenack <andreas@canonical.com> Mon, 06 Jan 2020 16:46:11 -0300
276
277openldap (2.4.48+dfsg-1ubuntu3) focal; urgency=medium
278
279 * No-change rebuild against libnettle7
280
281 -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 31 Oct 2019 22:13:44 +0000
282
283openldap (2.4.48+dfsg-1ubuntu2) focal; urgency=medium
284
285 * No-change rebuild for the perl update.
286
287 -- Matthias Klose <doko@ubuntu.com> Fri, 18 Oct 2019 19:37:23 +0000
288
289openldap (2.4.48+dfsg-1ubuntu1) eoan; urgency=medium
290
291 * Merge with Debian unstable. Remaining changes:
292 - Enable AppArmor support:
293 - d/apparmor-profile: add AppArmor profile
294 - d/rules: use dh_apparmor
295 - d/control: Build-Depends on dh-apparmor
296 - d/slapd.README.Debian: add note about AppArmor
297 - Enable GSSAPI support:
298 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
299 - Add --with-gssapi support
300 - Make guess_service_principal() more robust when determining
301 principal
302 - d/configure.options: Configure with --with-gssapi
303 - d/control: Added heimdal-dev as a build depend
304 - d/rules:
305 - Explicitly add -I/usr/include/heimdal to CFLAGS.
306 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
307 - Enable ufw support:
308 - d/control: suggest ufw.
309 - d/rules: install ufw profile.
310 - d/slapd.ufw.profile: add ufw profile.
311 - Enable nss overlay:
312 - d/rules:
313 - add nssov to CONTRIB_MODULES
314 - add sysconfdir to CONTRIB_MAKEVARS
315 - d/slapd.install:
316 - install nssov overlay
317 - d/slapd.manpages:
318 - install slapo-nssov(5) man page
319 - d/{rules,slapd.py}: Add apport hook.
320 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
321 either the default DIT nor via an Authn mapping.
322 - d/slapd.scripts-common:
323 - add slapcat_opts to local variables.
324 - Fix backup directory naming for multiple reconfiguration.
325 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
326 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
327 in the openldap library, as required by Likewise-Open
328 - Show distribution in version:
329 - d/control: added lsb-release
330 - d/patches/fix-ldap-distribution.patch: show distribution in version
331 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
332 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
333 - GSSAPI support was enabled in 2.4.18-0ubuntu2
334 - d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
335 Debian bug #919136, we also have to patch the nssov makefile
336 accordingly and thus update this patch.
337 * Dropped:
338 - Fix sysv-generator unit file by customizing parameters (LP #1821343)
339 + d/slapd-remain-after-exit.conf: Override RemainAfterExit to allow
340 correct systemctl status for slapd daemon.
341 + d/slapd.install: place override file in correct location.
342 [Included in 2.4.48+dfsg-1]
343 - SECURITY UPDATE: rootDN proxyauthz not restricted to its own databases
344 + debian/patches/CVE-2019-13057-1.patch: add restriction to
345 servers/slapd/saslauthz.c.
346 + debian/patches/CVE-2019-13057-2.patch: add tests to
347 tests/data/idassert.out, tests/data/slapd-idassert.conf,
348 tests/data/test-idassert1.ldif, tests/scripts/test028-idassert.
349 + debian/patches/CVE-2019-13057-3.patch: fix typo in
350 tests/scripts/test028-idassert.
351 + debian/patches/CVE-2019-13057-4.patch: fix typo in
352 tests/scripts/test028-idassert.
353 + CVE-2019-13057
354 [Fixed upstream]
355 - SECURITY UPDATE: SASL SSF not initialized per connection
356 + debian/patches/CVE-2019-13565.patch: zero out sasl_ssf in
357 connection_init in servers/slapd/connection.c.
358 + CVE-2019-13565
359 [Fixed upstream]
360
361 -- Andreas Hasenack <andreas@canonical.com> Wed, 31 Jul 2019 18:01:14 -0300
362
82openldap (2.4.48+dfsg-1) unstable; urgency=medium363openldap (2.4.48+dfsg-1) unstable; urgency=medium
83364
84 * New upstream release.365 * New upstream release.
@@ -106,6 +387,87 @@ openldap (2.4.48+dfsg-1) unstable; urgency=medium
106387
107 -- Ryan Tandy <ryan@nardis.ca> Thu, 25 Jul 2019 08:32:00 -0700388 -- Ryan Tandy <ryan@nardis.ca> Thu, 25 Jul 2019 08:32:00 -0700
108389
390openldap (2.4.47+dfsg-3ubuntu3) eoan; urgency=medium
391
392 * SECURITY UPDATE: rootDN proxyauthz not restricted to its own databases
393 - debian/patches/CVE-2019-13057-1.patch: add restriction to
394 servers/slapd/saslauthz.c.
395 - debian/patches/CVE-2019-13057-2.patch: add tests to
396 tests/data/idassert.out, tests/data/slapd-idassert.conf,
397 tests/data/test-idassert1.ldif, tests/scripts/test028-idassert.
398 - debian/patches/CVE-2019-13057-3.patch: fix typo in
399 tests/scripts/test028-idassert.
400 - debian/patches/CVE-2019-13057-4.patch: fix typo in
401 tests/scripts/test028-idassert.
402 - CVE-2019-13057
403 * SECURITY UPDATE: SASL SSF not initialized per connection
404 - debian/patches/CVE-2019-13565.patch: zero out sasl_ssf in
405 connection_init in servers/slapd/connection.c.
406 - CVE-2019-13565
407
408 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 26 Jul 2019 13:21:00 -0400
409
410openldap (2.4.47+dfsg-3ubuntu2) disco; urgency=medium
411
412 * Fix sysv-generator unit file by customizing parameters (LP: #1821343)
413 - d/slapd-remain-after-exit.conf: Override RemainAfterExit to allow
414 correct systemctl status for slapd daemon.
415 - d/slapd.install: place override file in correct location.
416
417 -- Heitor Alves de Siqueira <halves@canonical.com> Mon, 08 Apr 2019 12:39:12 -0300
418
419openldap (2.4.47+dfsg-3ubuntu1) disco; urgency=medium
420
421 * Merge with Debian unstable. Remaining changes:
422 - Enable AppArmor support:
423 - d/apparmor-profile: add AppArmor profile
424 - d/rules: use dh_apparmor
425 - d/control: Build-Depends on dh-apparmor
426 - d/slapd.README.Debian: add note about AppArmor
427 - Enable GSSAPI support:
428 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
429 - Add --with-gssapi support
430 - Make guess_service_principal() more robust when determining
431 principal
432 - d/configure.options: Configure with --with-gssapi
433 - d/control: Added heimdal-dev as a build depend
434 - d/rules:
435 - Explicitly add -I/usr/include/heimdal to CFLAGS.
436 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
437 - Enable ufw support:
438 - d/control: suggest ufw.
439 - d/rules: install ufw profile.
440 - d/slapd.ufw.profile: add ufw profile.
441 - Enable nss overlay:
442 - d/rules:
443 - add nssov to CONTRIB_MODULES
444 - add sysconfdir to CONTRIB_MAKEVARS
445 - d/slapd.install:
446 - install nssov overlay
447 - d/slapd.manpages:
448 - install slapo-nssov(5) man page
449 - d/{rules,slapd.py}: Add apport hook.
450 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
451 either the default DIT nor via an Authn mapping.
452 - d/slapd.scripts-common:
453 - add slapcat_opts to local variables.
454 - Fix backup directory naming for multiple reconfiguration.
455 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
456 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
457 in the openldap library, as required by Likewise-Open
458 - Show distribution in version:
459 - d/control: added lsb-release
460 - d/patches/fix-ldap-distribution.patch: show distribution in version
461 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
462 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
463 - GSSAPI support was enabled in 2.4.18-0ubuntu2
464 * Added changes:
465 - d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
466 Debian bug #919136, we also have to patch the nssov makefile
467 accordingly and thus update this patch.
468
469 -- Andreas Hasenack <andreas@canonical.com> Mon, 11 Feb 2019 09:20:47 -0200
470
109openldap (2.4.47+dfsg-3) unstable; urgency=medium471openldap (2.4.47+dfsg-3) unstable; urgency=medium
110472
111 * Restore patches to contrib Makefiles to set CFLAGS, CPPFLAGS, and LDFLAGS473 * Restore patches to contrib Makefiles to set CFLAGS, CPPFLAGS, and LDFLAGS
@@ -121,6 +483,63 @@ openldap (2.4.47+dfsg-3) unstable; urgency=medium
121483
122 -- Ryan Tandy <ryan@nardis.ca> Sat, 02 Feb 2019 10:30:10 -0800484 -- Ryan Tandy <ryan@nardis.ca> Sat, 02 Feb 2019 10:30:10 -0800
123485
486openldap (2.4.47+dfsg-2ubuntu1) disco; urgency=medium
487
488 * Merge from Debian unstable (LP: #1811630). Remaining changes:
489 - Enable AppArmor support:
490 - d/apparmor-profile: add AppArmor profile
491 - d/rules: use dh_apparmor
492 - d/control: Build-Depends on dh-apparmor
493 - d/slapd.README.Debian: add note about AppArmor
494 - Enable GSSAPI support:
495 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
496 - Add --with-gssapi support
497 - Make guess_service_principal() more robust when determining
498 principal
499 - d/configure.options: Configure with --with-gssapi
500 - d/control: Added heimdal-dev as a build depend
501 - d/rules:
502 - Explicitly add -I/usr/include/heimdal to CFLAGS.
503 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
504 - Enable ufw support:
505 - d/control: suggest ufw.
506 - d/rules: install ufw profile.
507 - d/slapd.ufw.profile: add ufw profile.
508 - Enable nss overlay:
509 - d/rules:
510 - add nssov to CONTRIB_MODULES
511 - add sysconfdir to CONTRIB_MAKEVARS
512 - d/slapd.install:
513 - install nssov overlay
514 - d/slapd.manpages:
515 - install slapo-nssov(5) man page
516 - d/{rules,slapd.py}: Add apport hook.
517 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
518 either the default DIT nor via an Authn mapping.
519 - d/slapd.scripts-common:
520 - add slapcat_opts to local variables.
521 - Fix backup directory naming for multiple reconfiguration.
522 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
523 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
524 in the openldap library, as required by Likewise-Open
525 - Show distribution in version:
526 - d/control: added lsb-release
527 - d/patches/fix-ldap-distribution.patch: show distribution in version
528 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
529 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
530 - GSSAPI support was enabled in 2.4.18-0ubuntu2
531 * Update nssov build and packaging for Debian changes:
532 - Drop patch nssov-build
533 - d/rules:
534 - add nssov to CONTRIB_MODULES
535 - add sysconfdir to CONTRIB_MAKEVARS
536 - d/slapd.install:
537 - install nssov overlay
538 - d/slapd.manpages:
539 - install slapo-nssov(5) man page
540
541 -- Ryan Tandy <ryan@nardis.ca> Sun, 13 Jan 2019 04:47:09 +0000
542
124openldap (2.4.47+dfsg-2) unstable; urgency=medium543openldap (2.4.47+dfsg-2) unstable; urgency=medium
125544
126 * Reintroduce slapi-dev binary package. (Closes: #711469)545 * Reintroduce slapi-dev binary package. (Closes: #711469)
@@ -158,6 +577,63 @@ openldap (2.4.47+dfsg-1) unstable; urgency=medium
158577
159 -- Ryan Tandy <ryan@nardis.ca> Sun, 23 Dec 2018 12:50:40 -0800578 -- Ryan Tandy <ryan@nardis.ca> Sun, 23 Dec 2018 12:50:40 -0800
160579
580openldap (2.4.46+dfsg-5ubuntu3) disco; urgency=medium
581
582 * d/apparmor-profile: update apparmor profile to allow reading of
583 files needed when slapd is behaving as a kerberos/gssapi client
584 and acquiring its own ticket. (LP: #1783183)
585
586 -- Andreas Hasenack <andreas@canonical.com> Fri, 09 Nov 2018 21:29:51 -0200
587
588openldap (2.4.46+dfsg-5ubuntu2) disco; urgency=medium
589
590 * No-change rebuild for the perl 5.28 transition.
591
592 -- Adam Conrad <adconrad@ubuntu.com> Fri, 02 Nov 2018 18:14:37 -0600
593
594openldap (2.4.46+dfsg-5ubuntu1) cosmic; urgency=medium
595
596 * Merge from Debian unstable. Remaining changes:
597 - Enable AppArmor support:
598 - d/apparmor-profile: add AppArmor profile
599 - d/rules: use dh_apparmor
600 - d/control: Build-Depends on dh-apparmor
601 - d/slapd.README.Debian: add note about AppArmor
602 - Enable GSSAPI support:
603 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
604 - Add --with-gssapi support
605 - Make guess_service_principal() more robust when determining
606 principal
607 - d/configure.options: Configure with --with-gssapi
608 - d/control: Added heimdal-dev as a build depend
609 - d/rules:
610 - Explicitly add -I/usr/include/heimdal to CFLAGS.
611 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
612 - Enable ufw support:
613 - d/control: suggest ufw.
614 - d/rules: install ufw profile.
615 - d/slapd.ufw.profile: add ufw profile.
616 - Enable nss overlay:
617 - d/{patches/nssov-build,rules}: Apply, build and package the
618 nss overlay.
619 - d/{rules,slapd.py}: Add apport hook.
620 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
621 either the default DIT nor via an Authn mapping.
622 - d/slapd.scripts-common:
623 - add slapcat_opts to local variables.
624 - Fix backup directory naming for multiple reconfiguration.
625 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
626 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
627 in the openldap library, as required by Likewise-Open
628 - Show distribution in version:
629 - d/control: added lsb-release
630 - d/patches/fix-ldap-distribution.patch: show distribution in version
631 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
632 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
633 - GSSAPI support was enabled in 2.4.18-0ubuntu2
634
635 -- Gianfranco Costamagna <locutusofborg@debian.org> Wed, 09 May 2018 13:44:37 +0200
636
161openldap (2.4.46+dfsg-5) unstable; urgency=medium637openldap (2.4.46+dfsg-5) unstable; urgency=medium
162638
163 * Restore slapd-smbk5pwd now that libldap is installable in unstable.639 * Restore slapd-smbk5pwd now that libldap is installable in unstable.
@@ -177,6 +653,49 @@ openldap (2.4.46+dfsg-3) unstable; urgency=medium
177653
178 -- Ryan Tandy <ryan@nardis.ca> Fri, 04 May 2018 07:36:58 -0700654 -- Ryan Tandy <ryan@nardis.ca> Fri, 04 May 2018 07:36:58 -0700
179655
656openldap (2.4.46+dfsg-2ubuntu1) cosmic; urgency=low
657
658 * Merge from Debian unstable. Remaining changes:
659 - Enable AppArmor support:
660 - d/apparmor-profile: add AppArmor profile
661 - d/rules: use dh_apparmor
662 - d/control: Build-Depends on dh-apparmor
663 - d/slapd.README.Debian: add note about AppArmor
664 - Enable GSSAPI support:
665 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
666 - Add --with-gssapi support
667 - Make guess_service_principal() more robust when determining
668 principal
669 - d/configure.options: Configure with --with-gssapi
670 - d/control: Added heimdal-dev as a build depend
671 - d/rules:
672 - Explicitly add -I/usr/include/heimdal to CFLAGS.
673 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
674 - Enable ufw support:
675 - d/control: suggest ufw.
676 - d/rules: install ufw profile.
677 - d/slapd.ufw.profile: add ufw profile.
678 - Enable nss overlay:
679 - d/{patches/nssov-build,rules}: Apply, build and package the
680 nss overlay.
681 - d/{rules,slapd.py}: Add apport hook.
682 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
683 either the default DIT nor via an Authn mapping.
684 - d/slapd.scripts-common:
685 - add slapcat_opts to local variables.
686 - Fix backup directory naming for multiple reconfiguration.
687 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
688 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
689 in the openldap library, as required by Likewise-Open
690 - Show distribution in version:
691 - d/control: added lsb-release
692 - d/patches/fix-ldap-distribution.patch: show distribution in version
693 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
694 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
695 - GSSAPI support was enabled in 2.4.18-0ubuntu2
696
697 -- Gianfranco Costamagna <locutusofborg@debian.org> Fri, 04 May 2018 10:19:24 +0200
698
180openldap (2.4.46+dfsg-2) unstable; urgency=medium699openldap (2.4.46+dfsg-2) unstable; urgency=medium
181700
182 * Remove version constraint from libldap-2.4-2 dependency on libldap-common.701 * Remove version constraint from libldap-2.4-2 dependency on libldap-common.
@@ -206,6 +725,49 @@ openldap (2.4.46+dfsg-1) unstable; urgency=medium
206725
207 -- Ryan Tandy <ryan@nardis.ca> Thu, 03 May 2018 07:03:30 -0700726 -- Ryan Tandy <ryan@nardis.ca> Thu, 03 May 2018 07:03:30 -0700
208727
728openldap (2.4.45+dfsg-1ubuntu1) artful; urgency=low
729
730 * Merge from Debian unstable. Remaining changes:
731 - Enable AppArmor support:
732 - d/apparmor-profile: add AppArmor profile
733 - d/rules: use dh_apparmor
734 - d/control: Build-Depends on dh-apparmor
735 - d/slapd.README.Debian: add note about AppArmor
736 - Enable GSSAPI support:
737 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
738 - Add --with-gssapi support
739 - Make guess_service_principal() more robust when determining
740 principal
741 - d/configure.options: Configure with --with-gssapi
742 - d/control: Added heimdal-dev as a build depend
743 - d/rules:
744 - Explicitly add -I/usr/include/heimdal to CFLAGS.
745 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
746 - Enable ufw support:
747 - d/control: suggest ufw.
748 - d/rules: install ufw profile.
749 - d/slapd.ufw.profile: add ufw profile.
750 - Enable nss overlay:
751 - d/{patches/nssov-build,rules}: Apply, build and package the
752 nss overlay.
753 - d/{rules,slapd.py}: Add apport hook.
754 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
755 either the default DIT nor via an Authn mapping.
756 - d/slapd.scripts-common:
757 - add slapcat_opts to local variables.
758 - Fix backup directory naming for multiple reconfiguration.
759 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
760 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
761 in the openldap library, as required by Likewise-Open
762 - Show distribution in version:
763 - d/control: added lsb-release
764 - d/patches/fix-ldap-distribution.patch: show distribution in version
765 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
766 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
767 - GSSAPI support was enabled in 2.4.18-0ubuntu2
768
769 -- Gianfranco Costamagna <locutusofborg@debian.org> Fri, 28 Jul 2017 14:49:07 +0200
770
209openldap (2.4.45+dfsg-1) unstable; urgency=medium771openldap (2.4.45+dfsg-1) unstable; urgency=medium
210772
211 * New upstream release.773 * New upstream release.
@@ -247,6 +809,49 @@ openldap (2.4.45+dfsg-1) unstable; urgency=medium
247809
248 -- Ryan Tandy <ryan@nardis.ca> Thu, 27 Jul 2017 18:04:41 -0700810 -- Ryan Tandy <ryan@nardis.ca> Thu, 27 Jul 2017 18:04:41 -0700
249811
812openldap (2.4.44+dfsg-8ubuntu1) artful; urgency=low
813
814 * Merge from Debian unstable. Remaining changes:
815 - Enable AppArmor support:
816 - d/apparmor-profile: add AppArmor profile
817 - d/rules: use dh_apparmor
818 - d/control: Build-Depends on dh-apparmor
819 - d/slapd.README.Debian: add note about AppArmor
820 - Enable GSSAPI support:
821 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
822 - Add --with-gssapi support
823 - Make guess_service_principal() more robust when determining
824 principal
825 - d/configure.options: Configure with --with-gssapi
826 - d/control: Added heimdal-dev as a build depend
827 - d/rules:
828 - Explicitly add -I/usr/include/heimdal to CFLAGS.
829 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
830 - Enable ufw support:
831 - d/control: suggest ufw.
832 - d/rules: install ufw profile.
833 - d/slapd.ufw.profile: add ufw profile.
834 - Enable nss overlay:
835 - d/{patches/nssov-build,rules}: Apply, build and package the
836 nss overlay.
837 - d/{rules,slapd.py}: Add apport hook.
838 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
839 either the default DIT nor via an Authn mapping.
840 - d/slapd.scripts-common:
841 - add slapcat_opts to local variables.
842 - Fix backup directory naming for multiple reconfiguration.
843 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
844 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
845 in the openldap library, as required by Likewise-Open
846 - Show distribution in version:
847 - d/control: added lsb-release
848 - d/patches/fix-ldap-distribution.patch: show distribution in version
849 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
850 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
851 - GSSAPI support was enabled in 2.4.18-0ubuntu2
852
853 -- Gianfranco Costamagna <locutusofborg@debian.org> Mon, 17 Jul 2017 10:58:24 +0200
854
250openldap (2.4.44+dfsg-8) unstable; urgency=medium855openldap (2.4.44+dfsg-8) unstable; urgency=medium
251856
252 * Disable test060-mt-hot on ppc64el temporarily to avoid failing tests until 857 * Disable test060-mt-hot on ppc64el temporarily to avoid failing tests until
@@ -257,6 +862,52 @@ openldap (2.4.44+dfsg-8) unstable; urgency=medium
257862
258 -- Ryan Tandy <ryan@nardis.ca> Sun, 16 Jul 2017 12:57:41 -0700863 -- Ryan Tandy <ryan@nardis.ca> Sun, 16 Jul 2017 12:57:41 -0700
259864
865openldap (2.4.44+dfsg-7ubuntu1) artful; urgency=medium
866
867 * Merge from Debian unstable. Remaining changes:
868 - Enable AppArmor support:
869 - d/apparmor-profile: add AppArmor profile
870 - d/rules: use dh_apparmor
871 - d/control: Build-Depends on dh-apparmor
872 - d/slapd.README.Debian: add note about AppArmor
873 - Enable GSSAPI support:
874 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
875 - Add --with-gssapi support
876 - Make guess_service_principal() more robust when determining
877 principal
878 - d/configure.options: Configure with --with-gssapi
879 - d/control: Added heimdal-dev as a build depend
880 - d/rules:
881 - Explicitly add -I/usr/include/heimdal to CFLAGS.
882 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
883 - Enable ufw support:
884 - d/control: suggest ufw.
885 - d/rules: install ufw profile.
886 - d/slapd.ufw.profile: add ufw profile.
887 - Enable nss overlay:
888 - d/{patches/nssov-build,rules}: Apply, build and package the
889 nss overlay.
890 - d/{rules,slapd.py}: Add apport hook.
891 [ d/rules modification mentioned above was dropped in
892 2.4.23-6ubuntu1, re-adding it ]
893 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
894 either the default DIT nor via an Authn mapping.
895 - d/slapd.scripts-common:
896 - add slapcat_opts to local variables.
897 - Fix backup directory naming for multiple reconfiguration.
898 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
899 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
900 in the openldap library, as required by Likewise-Open
901 - Show distribution in version:
902 - d/control: added lsb-release
903 - d/patches/fix-ldap-distribution.patch: show distribution in version
904 [ Refreshed patch ]
905 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
906 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
907 - GSSAPI support was enabled in 2.4.18-0ubuntu2
908
909 -- Gianfranco Costamagna <locutusofborg@debian.org> Tue, 27 Jun 2017 10:21:41 +0200
910
260openldap (2.4.44+dfsg-7) unstable; urgency=medium911openldap (2.4.44+dfsg-7) unstable; urgency=medium
261912
262 * Relax the dependency of libldap-2.4-2 on libldap-common to also permit 913 * Relax the dependency of libldap-2.4-2 on libldap-common to also permit
@@ -264,6 +915,52 @@ openldap (2.4.44+dfsg-7) unstable; urgency=medium
264915
265 -- Ryan Tandy <ryan@nardis.ca> Tue, 27 Jun 2017 18:53:12 -0700916 -- Ryan Tandy <ryan@nardis.ca> Tue, 27 Jun 2017 18:53:12 -0700
266917
918openldap (2.4.44+dfsg-6ubuntu1) artful; urgency=medium
919
920 * Merge from Debian unstable. Remaining changes:
921 - Enable AppArmor support:
922 - d/apparmor-profile: add AppArmor profile
923 - d/rules: use dh_apparmor
924 - d/control: Build-Depends on dh-apparmor
925 - d/slapd.README.Debian: add note about AppArmor
926 - Enable GSSAPI support:
927 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
928 - Add --with-gssapi support
929 - Make guess_service_principal() more robust when determining
930 principal
931 - d/configure.options: Configure with --with-gssapi
932 - d/control: Added heimdal-dev as a build depend
933 - d/rules:
934 - Explicitly add -I/usr/include/heimdal to CFLAGS.
935 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
936 - Enable ufw support:
937 - d/control: suggest ufw.
938 - d/rules: install ufw profile.
939 - d/slapd.ufw.profile: add ufw profile.
940 - Enable nss overlay:
941 - d/{patches/nssov-build,rules}: Apply, build and package the
942 nss overlay.
943 - d/{rules,slapd.py}: Add apport hook.
944 [ d/rules modification mentioned above was dropped in
945 2.4.23-6ubuntu1, re-adding it ]
946 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
947 either the default DIT nor via an Authn mapping.
948 - d/slapd.scripts-common:
949 - add slapcat_opts to local variables.
950 - Fix backup directory naming for multiple reconfiguration.
951 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
952 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
953 in the openldap library, as required by Likewise-Open
954 - Show distribution in version:
955 - d/control: added lsb-release
956 - d/patches/fix-ldap-distribution.patch: show distribution in version
957 [ Refreshed patch ]
958 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
959 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
960 - GSSAPI support was enabled in 2.4.18-0ubuntu2
961
962 -- Gianfranco Costamagna <locutusofborg@debian.org> Tue, 27 Jun 2017 10:21:41 +0200
963
267openldap (2.4.44+dfsg-6) unstable; urgency=medium964openldap (2.4.44+dfsg-6) unstable; urgency=medium
268965
269 * Update the list of non-translatable strings for the 966 * Update the list of non-translatable strings for the
@@ -272,6 +969,54 @@ openldap (2.4.44+dfsg-6) unstable; urgency=medium
272969
273 -- Ryan Tandy <ryan@nardis.ca> Mon, 26 Jun 2017 19:42:02 -0700970 -- Ryan Tandy <ryan@nardis.ca> Mon, 26 Jun 2017 19:42:02 -0700
274971
972openldap (2.4.44+dfsg-5ubuntu1) artful; urgency=medium
973
974 * Merge from Debian unstable. Remaining changes:
975 - Enable AppArmor support:
976 - d/apparmor-profile: add AppArmor profile
977 - d/rules: use dh_apparmor
978 - d/control: Build-Depends on dh-apparmor
979 - d/slapd.README.Debian: add note about AppArmor
980 - Enable GSSAPI support:
981 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
982 - Add --with-gssapi support
983 - Make guess_service_principal() more robust when determining
984 principal
985 - d/configure.options: Configure with --with-gssapi
986 - d/control: Added heimdal-dev as a build depend
987 - d/rules:
988 - Explicitly add -I/usr/include/heimdal to CFLAGS.
989 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
990 - Enable ufw support:
991 - d/control: suggest ufw.
992 - d/rules: install ufw profile.
993 - d/slapd.ufw.profile: add ufw profile.
994 - Enable nss overlay:
995 - d/{patches/nssov-build,rules}: Apply, build and package the
996 nss overlay.
997 - d/{rules,slapd.py}: Add apport hook.
998 [ d/rules modification mentioned above was dropped in
999 2.4.23-6ubuntu1, re-adding it ]
1000 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1001 either the default DIT nor via an Authn mapping.
1002 - d/slapd.scripts-common:
1003 - add slapcat_opts to local variables.
1004 - Fix backup directory naming for multiple reconfiguration.
1005 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1006 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1007 in the openldap library, as required by Likewise-Open
1008 - Show distribution in version:
1009 - d/control: added lsb-release
1010 - d/patches/fix-ldap-distribution.patch: show distribution in version
1011 [ Refreshed patch ]
1012 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1013 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1014 - GSSAPI support was enabled in 2.4.18-0ubuntu2
1015 [ undocumented in prior merge, added in 2.4.41+dfsg-1ubuntu1 ]
1016 - Fix use after free with GnuTLS. (LP #1557248)
1017
1018 -- Gianfranco Costamagna <locutusofborg@debian.org> Sun, 28 May 2017 22:43:50 +0200
1019
275openldap (2.4.44+dfsg-5) unstable; urgency=medium1020openldap (2.4.44+dfsg-5) unstable; urgency=medium
2761021
277 * debian/patches/ITS-8644-wait-for-slapd-to-start-in-test064.patch: Fix an 1022 * debian/patches/ITS-8644-wait-for-slapd-to-start-in-test064.patch: Fix an
@@ -283,6 +1028,54 @@ openldap (2.4.44+dfsg-5) unstable; urgency=medium
2831028
284 -- Ryan Tandy <ryan@nardis.ca> Sun, 28 May 2017 09:59:46 -07001029 -- Ryan Tandy <ryan@nardis.ca> Sun, 28 May 2017 09:59:46 -0700
2851030
1031openldap (2.4.44+dfsg-4ubuntu1) artful; urgency=low
1032
1033 * Merge from Debian unstable. Remaining changes:
1034 - Enable AppArmor support:
1035 - d/apparmor-profile: add AppArmor profile
1036 - d/rules: use dh_apparmor
1037 - d/control: Build-Depends on dh-apparmor
1038 - d/slapd.README.Debian: add note about AppArmor
1039 - Enable GSSAPI support:
1040 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1041 - Add --with-gssapi support
1042 - Make guess_service_principal() more robust when determining
1043 principal
1044 - d/configure.options: Configure with --with-gssapi
1045 - d/control: Added heimdal-dev as a build depend
1046 - d/rules:
1047 - Explicitly add -I/usr/include/heimdal to CFLAGS.
1048 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1049 - Enable ufw support:
1050 - d/control: suggest ufw.
1051 - d/rules: install ufw profile.
1052 - d/slapd.ufw.profile: add ufw profile.
1053 - Enable nss overlay:
1054 - d/{patches/nssov-build,rules}: Apply, build and package the
1055 nss overlay.
1056 - d/{rules,slapd.py}: Add apport hook.
1057 [ d/rules modification mentioned above was dropped in
1058 2.4.23-6ubuntu1, re-adding it ]
1059 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1060 either the default DIT nor via an Authn mapping.
1061 - d/slapd.scripts-common:
1062 - add slapcat_opts to local variables.
1063 - Fix backup directory naming for multiple reconfiguration.
1064 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1065 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1066 in the openldap library, as required by Likewise-Open
1067 - Show distribution in version:
1068 - d/control: added lsb-release
1069 - d/patches/fix-ldap-distribution.patch: show distribution in version
1070 [ Refreshed patch ]
1071 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1072 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1073 - GSSAPI support was enabled in 2.4.18-0ubuntu2
1074 [ undocumented in prior merge, added in 2.4.41+dfsg-1ubuntu1 ]
1075 - Fix use after free with GnuTLS. (LP #1557248)
1076
1077 -- Gianfranco Costamagna <locutusofborg@debian.org> Sat, 22 Apr 2017 14:28:54 +0200
1078
286openldap (2.4.44+dfsg-4) unstable; urgency=medium1079openldap (2.4.44+dfsg-4) unstable; urgency=medium
2871080
288 * Improve the slapd/ppolicy_schema_needs_update debconf template. Thanks to 1081 * Improve the slapd/ppolicy_schema_needs_update debconf template. Thanks to
@@ -329,6 +1122,67 @@ openldap (2.4.44+dfsg-4) unstable; urgency=medium
3291122
330 -- Ryan Tandy <ryan@nardis.ca> Sun, 16 Apr 2017 20:10:43 -07001123 -- Ryan Tandy <ryan@nardis.ca> Sun, 16 Apr 2017 20:10:43 -0700
3311124
1125openldap (2.4.44+dfsg-3ubuntu2) zesty; urgency=medium
1126
1127 * d/rules: Fix typo in previous upload.
1128
1129 -- Nishanth Aravamudan <nish.aravamudan@canonical.com> Fri, 10 Feb 2017 12:17:02 -0800
1130
1131openldap (2.4.44+dfsg-3ubuntu1) zesty; urgency=medium
1132
1133 * Merge with Debian unstable (LP: #1663702, LP: #1654416). Remaining
1134 changes
1135 - Enable AppArmor support:
1136 - d/apparmor-profile: add AppArmor profile
1137 - d/rules: use dh_apparmor
1138 - d/control: Build-Depends on dh-apparmor
1139 - d/slapd.README.Debian: add note about AppArmor
1140 - Enable GSSAPI support:
1141 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1142 - Add --with-gssapi support
1143 - Make guess_service_principal() more robust when determining
1144 principal
1145 - d/configure.options: Configure with --with-gssapi
1146 - d/control: Added heimdal-dev as a build depend
1147 - d/rules:
1148 - Explicitly add -I/usr/include/heimdal to CFLAGS.
1149 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1150 - Enable ufw support:
1151 - d/control: suggest ufw.
1152 - d/rules: install ufw profile.
1153 - d/slapd.ufw.profile: add ufw profile.
1154 - Enable nss overlay:
1155 - d/{patches/nssov-build,rules}: Apply, build and package the
1156 nss overlay.
1157 - d/{rules,slapd.py}: Add apport hook.
1158 [ d/rules modification mentioned above was dropped in
1159 2.4.23-6ubuntu1, re-adding it ]
1160 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1161 either the default DIT nor via an Authn mapping.
1162 - d/slapd.scripts-common:
1163 - add slapcat_opts to local variables.
1164 - Fix backup directory naming for multiple reconfiguration.
1165 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1166 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1167 in the openldap library, as required by Likewise-Open
1168 - Show distribution in version:
1169 - d/control: added lsb-release
1170 - d/patches/fix-ldap-distribution.patch: show distribution in version
1171 [ Refreshed patch ]
1172 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1173 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1174 - GSSAPI support was enabled in 2.4.18-0ubuntu2
1175 [ undocumented in prior merge, added in 2.4.41+dfsg-1ubuntu1 ]
1176 - Fix use after free with GnuTLS. (LP #1557248)
1177 * Drop:
1178 - d/slapd.scripts-common:
1179 + Remove unused variable new_conf.
1180 [ configure_v2_protocol_support function removed in 2.4.44+dfsg-1 ]
1181 - d/b/config.log: add config.log
1182 [ previously undocumented, stray change ]
1183
1184 -- Nishanth Aravamudan <nish.aravamudan@canonical.com> Fri, 10 Feb 2017 11:38:57 -0800
1185
332openldap (2.4.44+dfsg-3) unstable; urgency=medium1186openldap (2.4.44+dfsg-3) unstable; urgency=medium
3331187
334 * Apply upstream patch to fix FTBFS on kFreeBSD. (Closes: #845394)1188 * Apply upstream patch to fix FTBFS on kFreeBSD. (Closes: #845394)
@@ -401,6 +1255,73 @@ openldap (2.4.44+dfsg-1) unstable; urgency=medium
4011255
402 -- Ryan Tandy <ryan@nardis.ca> Mon, 14 Nov 2016 18:59:30 -08001256 -- Ryan Tandy <ryan@nardis.ca> Mon, 14 Nov 2016 18:59:30 -0800
4031257
1258openldap (2.4.42+dfsg-2ubuntu5) zesty; urgency=medium
1259
1260 * No-change rebuild for perl 5.24 transition
1261
1262 -- Iain Lane <iain@orangesquash.org.uk> Mon, 24 Oct 2016 10:37:13 +0100
1263
1264openldap (2.4.42+dfsg-2ubuntu4) yakkety; urgency=medium
1265
1266 * Fix use after free with GnuTLS. (LP: #1557248)
1267
1268 -- Maciej Puzio <maciej@work.swmed.edu> Fri, 25 Mar 2016 15:24:25 -0500
1269
1270openldap (2.4.42+dfsg-2ubuntu3) xenial; urgency=medium
1271
1272 * Fix building with gssapi suppport:
1273 - Explicitly add -I/usr/include/heimdal to CFLAGS.
1274 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1275
1276 -- Matthias Klose <doko@ubuntu.com> Thu, 18 Feb 2016 09:17:27 +0100
1277
1278openldap (2.4.42+dfsg-2ubuntu2) xenial; urgency=medium
1279
1280 * No-change rebuild for gnutls transition.
1281
1282 -- Matthias Klose <doko@ubuntu.com> Wed, 17 Feb 2016 22:27:04 +0000
1283
1284openldap (2.4.42+dfsg-2ubuntu1) xenial; urgency=medium
1285
1286 * Merge from Debian testing (LP: #1532648). Remaining changes:
1287 - Enable AppArmor support:
1288 - d/apparmor-profile: add AppArmor profile
1289 - d/rules: use dh_apparmor
1290 - d/control: Build-Depends on dh-apparmor
1291 - d/slapd.README.Debian: add note about AppArmor
1292 - Enable GSSAPI support:
1293 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1294 - Add --with-gssapi support
1295 - Make guess_service_principal() more robust when determining
1296 principal
1297 - d/configure.options: Configure with --with-gssapi
1298 - d/control: Added heimdal-dev as a build depend
1299 - Enable ufw support:
1300 - d/control: suggest ufw.
1301 - d/rules: install ufw profile.
1302 - d/slapd.ufw.profile: add ufw profile.
1303 - Enable nss overlay:
1304 - d/{patches/nssov-build,rules}: Apply, build and package the
1305 nss overlay.
1306 - d/{rules,slapd.py}: Add apport hook.
1307 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1308 either the default DIT nor via an Authn mapping.
1309 - d/slapd.scripts-common:
1310 - add slapcat_opts to local variables.
1311 - Remove unused variable new_conf.
1312 - Fix backup directory naming for multiple reconfiguration.
1313 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1314 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1315 in the openldap library, as required by Likewise-Open
1316 - Show distribution in version:
1317 - d/control: added lsb-release
1318 - d/patches/fix-ldap-distribution.patch: show distribution in version
1319 * Drop CVE-2015-6908.patch, included in Debian.
1320 * Remove DEB_HOST_ARCH from debian/rules: left over from when mdb was
1321 disabled on ppc64el, no longer used, and missed in the previous merge.
1322
1323 -- Ryan Tandy <ryan@nardis.ca> Sun, 10 Jan 2016 15:50:53 -0800
1324
404openldap (2.4.42+dfsg-2) unstable; urgency=medium1325openldap (2.4.42+dfsg-2) unstable; urgency=medium
4051326
406 [ Ryan Tandy ]1327 [ Ryan Tandy ]
@@ -468,6 +1389,71 @@ openldap (2.4.42+dfsg-1) unstable; urgency=medium
4681389
469 -- Ryan Tandy <ryan@nardis.ca> Fri, 21 Aug 2015 13:07:51 -07001390 -- Ryan Tandy <ryan@nardis.ca> Fri, 21 Aug 2015 13:07:51 -0700
4701391
1392openldap (2.4.41+dfsg-1ubuntu3) xenial; urgency=medium
1393
1394 * Rebuild for Perl 5.22.1.
1395
1396 -- Colin Watson <cjwatson@ubuntu.com> Fri, 18 Dec 2015 15:10:17 +0000
1397
1398openldap (2.4.41+dfsg-1ubuntu2) wily; urgency=medium
1399
1400 * SECURITY UPDATE: denial of service via crafted BER data
1401 - debian/patches/CVE-2015-6908.patch: remove obsolete assert in
1402 libraries/liblber/io.c.
1403 - CVE-2015-6908
1404
1405 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 14 Sep 2015 10:25:04 -0400
1406
1407openldap (2.4.41+dfsg-1ubuntu1) wily; urgency=medium
1408
1409 * Merge from Debian testing (LP: #1471831). Remaining changes:
1410 - Enable AppArmor support:
1411 - d/apparmor-profile: add AppArmor profile
1412 - d/rules: use dh_apparmor
1413 - d/control: Build-Depends on dh-apparmor
1414 - d/slapd.README.Debian: add note about AppArmor
1415 - Enable GSSAPI support:
1416 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1417 - Add --with-gssapi support
1418 - Make guess_service_principal() more robust when determining
1419 principal
1420 - d/configure.options: Configure with --with-gssapi
1421 - d/control: Added heimdal-dev as a build depend
1422 - Enable ufw support:
1423 - d/control: suggest ufw.
1424 - d/rules: install ufw profile.
1425 - d/slapd.ufw.profile: add ufw profile.
1426 - Enable nss overlay:
1427 - d/{patches/nssov-build,rules}: Apply, build and package the
1428 nss overlay.
1429 - d/{rules,slapd.py}: Add apport hook.
1430 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1431 either the default DIT nor via an Authn mapping.
1432 - d/slapd.scripts-common:
1433 - add slapcat_opts to local variables.
1434 - Remove unused variable new_conf.
1435 - Fix backup directory naming for multiple reconfiguration.
1436 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1437 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1438 in the openldap library, as required by Likewise-Open
1439 - Show distribution in version:
1440 - d/control: added lsb-release
1441 - d/patches/fix-ldap-distribution.patch: show distribution in version
1442 * Dropped changes:
1443 - Fix cpp calls for GCC 5: fixed upstream (ITS#8056)
1444 * Upstream fixes:
1445 - slapd crash with auditlog overlay and large (~27KB) attribute values
1446 (ITS#8003) (LP: #1461276)
1447 - nssov updated to support recent nss-pam-ldapd client libraries
1448 (ITS#8097) (LP: #1393306)
1449 * Update d/patches/nssov-build for upstream changes.
1450 * Tweak d/patches/gssapi.diff to apply without fuzz.
1451 * d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1452 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1453 - GSSAPI support was enabled in 2.4.18-0ubuntu2
1454
1455 -- Ryan Tandy <ryan@nardis.ca> Fri, 24 Jul 2015 14:12:06 -0700
1456
471openldap (2.4.41+dfsg-1) unstable; urgency=medium1457openldap (2.4.41+dfsg-1) unstable; urgency=medium
4721458
473 * New upstream release.1459 * New upstream release.
@@ -487,6 +1473,62 @@ openldap (2.4.40+dfsg-2) unstable; urgency=medium
4871473
488 -- Ryan Tandy <ryan@nardis.ca> Sun, 28 Jun 2015 20:40:37 -07001474 -- Ryan Tandy <ryan@nardis.ca> Sun, 28 Jun 2015 20:40:37 -0700
4891475
1476openldap (2.4.40+dfsg-1ubuntu2) wily; urgency=medium
1477
1478 * No-change rebuild for the libnettle6 transition.
1479
1480 -- Adam Conrad <adconrad@ubuntu.com> Sun, 14 Jun 2015 03:58:30 -0600
1481
1482openldap (2.4.40+dfsg-1ubuntu1) wily; urgency=low
1483
1484 * Merge from Debian testing (LP: #1395098, LP: #1316124). Remaining changes:
1485 - Enable AppArmor support:
1486 - d/apparmor-profile: add AppArmor profile
1487 - d/rules: use dh_apparmor
1488 - d/control: Build-Depends on dh-apparmor
1489 - d/slapd.README.Debian: add note about AppArmor
1490 - Enable GSSAPI support:
1491 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1492 - Add --with-gssapi support
1493 - Make guess_service_principal() more robust when determining
1494 principal
1495 - d/configure.options: Configure with --with-gssapi
1496 - d/control: Added heimdal-dev as a build depend
1497 - Enable ufw support:
1498 - d/control: suggest ufw.
1499 - d/rules: install ufw profile.
1500 - d/slapd.ufw.profile: add ufw profile.
1501 - Enable nss overlay:
1502 - d/{patches/nssov-build,rules}: Apply, build and package the
1503 nss overlay.
1504 - d/{rules,slapd.py}: Add apport hook.
1505 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1506 either the default DIT nor via an Authn mapping.
1507 - d/slapd.scripts-common:
1508 - add slapcat_opts to local variables.
1509 - Remove unused variable new_conf.
1510 - Fix backup directory naming for multiple reconfiguration.
1511 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1512 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1513 in the openldap library, as required by Likewise-Open
1514 - Show distribution in version:
1515 - d/control: added lsb-release
1516 - d/patches/fix-ldap-distribution.patch: show distribution in version
1517 * Drop patches included upstream:
1518 - d/patches/0001-ITS-7430-GnuTLS-Avoid-use-of-deprecated-function.patch
1519 - d/patches/bdb-deadlock.patch
1520 - d/patches/its-7354-fix-delta-sync-mmr.diff
1521 * Drop hardening-wrapper as Debian now sets PIE and bindnow flags.
1522 * debian/patches/nssov-build: Adjust for upstream changes.
1523 * debian/apparmor-profile:
1524 - Change 'r' to 'rw' for ldapi and nslcd sockets, required for apparmor
1525 kernel ABI v7 (utopic and later). (LP: #1392018)
1526 - Reduce permissions on /run/nslcd to just the nslcd socket.
1527 * Enable the mdb backend again on ppc64el, fixed upstream in ITS#7713.
1528 (LP: #1293250)
1529
1530 -- Ryan Tandy <ryan@nardis.ca> Mon, 25 May 2015 19:49:21 -0700
1531
490openldap (2.4.40+dfsg-1) unstable; urgency=medium1532openldap (2.4.40+dfsg-1) unstable; urgency=medium
4911533
492 * Remove inetorgperson.schema from the upstream source. Replace it with a1534 * Remove inetorgperson.schema from the upstream source. Replace it with a
@@ -675,6 +1717,187 @@ openldap (2.4.39-1) unstable; urgency=low
6751717
676 -- Steve Langasek <vorlon@debian.org> Mon, 17 Mar 2014 15:27:31 -07001718 -- Steve Langasek <vorlon@debian.org> Mon, 17 Mar 2014 15:27:31 -0700
6771719
1720openldap (2.4.31-1+nmu2ubuntu12) vivid; urgency=medium
1721
1722 * Fix cpp calls for GCC 5.
1723
1724 -- Matthias Klose <doko@ubuntu.com> Fri, 06 Mar 2015 13:23:29 +0100
1725
1726openldap (2.4.31-1+nmu2ubuntu11) utopic; urgency=medium
1727
1728 * debian/apparmor-profile:
1729 - allow p11-kit abstraction
1730 - allow read of /etc/gss/mech.d/*
1731
1732 -- Jamie Strandboge <jamie@ubuntu.com> Tue, 02 Sep 2014 15:29:05 -0500
1733
1734openldap (2.4.31-1+nmu2ubuntu10) utopic; urgency=medium
1735
1736 * Rebuild for Perl 5.20.0.
1737
1738 -- Colin Watson <cjwatson@ubuntu.com> Thu, 21 Aug 2014 13:29:20 +0100
1739
1740openldap (2.4.31-1+nmu2ubuntu9) utopic; urgency=medium
1741
1742 * Cherry-pick upstream patch for compat with recent GNUTLS.
1743 * Build-depend on libgnutls28-dev.
1744 * Build-depend on libgcrypt20-dev.
1745
1746 -- Dimitri John Ledkov <xnox@ubuntu.com> Fri, 08 Aug 2014 11:01:56 +0100
1747
1748openldap (2.4.31-1+nmu2ubuntu8) trusty; urgency=medium
1749
1750 * Bump database_format_changed value to 2.4.31-1+nmu2ubuntu5 for db5.3.
1751
1752 -- Adam Conrad <adconrad@ubuntu.com> Mon, 17 Mar 2014 12:50:18 -0600
1753
1754openldap (2.4.31-1+nmu2ubuntu7) trusty; urgency=medium
1755
1756 * Disable mdb backend on ppc64el due to test-suite failures.
1757
1758 -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 17 Mar 2014 16:32:29 +0000
1759
1760openldap (2.4.31-1+nmu2ubuntu6) trusty; urgency=low
1761
1762 * Fix segfault issue with master-master syncrepl (LP: #1287730):
1763 - d/patches/its-7354-fix-delta-sync-mmr.diff: Cherry picked
1764 patch from upstream VCS.
1765
1766 -- Pierre Fersing <pfersing@sierrawireless.com> Tue, 04 Mar 2014 16:04:57 +0100
1767
1768openldap (2.4.31-1+nmu2ubuntu5) trusty; urgency=low
1769
1770 * Build-depend on libdb5.3-dev, instead of libdb5.1-dev.
1771
1772 -- Dmitrijs Ledkovs <xnox@ubuntu.com> Mon, 04 Nov 2013 08:04:30 +0000
1773
1774openldap (2.4.31-1+nmu2ubuntu4) trusty; urgency=low
1775
1776 * Rebuild for Perl 5.18.
1777
1778 -- Colin Watson <cjwatson@ubuntu.com> Tue, 22 Oct 2013 12:16:39 +0100
1779
1780openldap (2.4.31-1+nmu2ubuntu3) saucy; urgency=low
1781
1782 * Update build/config.guess and build/config.sub at build time; this was
1783 not done automatically because the top-level configure.in does not use
1784 Automake.
1785
1786 -- Colin Watson <cjwatson@ubuntu.com> Tue, 08 Oct 2013 17:24:59 +0100
1787
1788openldap (2.4.31-1+nmu2ubuntu2) saucy; urgency=low
1789
1790 * debian/control: added lsb-release
1791 * debian/patches/fix-ldap-distribution.patch: show distribution in version
1792
1793 -- Yolanda Robla <yolanda.robla@canonical.com> Mon, 08 Jul 2013 16:53:09 +0200
1794
1795openldap (2.4.31-1+nmu2ubuntu1) saucy; urgency=low
1796
1797 * Merge from Debian unstable. Remaining changes:
1798 - Enable AppArmor support:
1799 - d/apparmor-profile: add AppArmor profile
1800 - d/rules: use dh_apparmor
1801 - d/control: Build-Depends on dh-apparmor
1802 - d/slapd.README.Debian: add note about AppArmor
1803 - d/slapd.dirs: add etc/apparmor.d/force-complain
1804 - Enable GSSAPI support:
1805 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1806 - Add --with-gssapi support
1807 - Make guess_service_principal() more robust when determining
1808 principal
1809 - d/configure.options: Configure with --with-gssapi
1810 - d/control: Added libkrb5-dev as a build depend
1811 - Enable ufw support:
1812 - d/control: suggest ufw.
1813 - d/rules: install ufw profile.
1814 - d/slapd.ufw.profile: add ufw profile.
1815 - Enable nss overlay:
1816 - d/{patches/nssov-build,/rules}: Apply, build and package the
1817 nss overlay.
1818 - d/{rules,slapd.py}: Add apport hook.
1819 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1820 either the default DIT nor via an Authn mapping.
1821 - d/slapd.scripts-common:
1822 - add slapcat_opts to local variables.
1823 - Remove unused variable new_conf.
1824 - Fix backup directory naming for multiple reconfiguration.
1825 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1826 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1827 in the openldap library, as required by Likewise-Open
1828 - d/{control,rules}: enable PIE hardening
1829
1830 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 30 May 2013 13:03:25 -0400
1831
1832openldap (2.4.31-1+nmu2) unstable; urgency=high
1833
1834 * Non-maintainer upload.
1835 * No-change rebuild in a clean environment
1836
1837 -- Jonathan Wiltshire <jmw@debian.org> Tue, 23 Apr 2013 13:10:00 +0100
1838
1839openldap (2.4.31-1+nmu1) unstable; urgency=medium
1840
1841 * Non-maintainer upload.
1842 * Avoid deadlocks in back-bdb that truncate slapcat output (closes: #673038).
1843
1844 -- Michael Gilbert <mgilbert@debian.org> Tue, 16 Apr 2013 03:35:31 +0000
1845
1846openldap (2.4.31-1ubuntu2) quantal-proposed; urgency=low
1847
1848 * debian/slapd.py: Add AppArmor info and logs to apport hook.
1849
1850 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 20 Aug 2012 08:46:02 -0400
1851
1852openldap (2.4.31-1ubuntu1) quantal; urgency=low
1853
1854 * Merge from Debian unstable. Remaining changes:
1855 - Enable AppArmor support:
1856 - d/apparmor-profile: add AppArmor profile
1857 - d/rules: use dh_apparmor
1858 - d/control: Build-Depends on dh-apparmor
1859 - d/slapd.README.Debian: add note about AppArmor
1860 - d/slapd.dirs: add etc/apparmor.d/force-complain
1861 - Enable GSSAPI support (LP: #495418):
1862 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1863 - Add --with-gssapi support
1864 - Make guess_service_principal() more robust when determining
1865 principal
1866 - d/configure.options: Configure with --with-gssapi
1867 - d/control: Added libkrb5-dev as a build depend
1868 - Enable ufw support (LP: #423246):
1869 - d/control: suggest ufw.
1870 - d/rules: install ufw profile.
1871 - d/slapd.ufw.profile: add ufw profile.
1872 - Enable nss overlay (LP: #675391):
1873 - d/{patches/nssov-build,/rules}: Apply, build and package the
1874 nss overlay.
1875 - d/{rules,slapd.py}: Add apport hook. (LP: #610544)
1876 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1877 either the default DIT nor via an Authn mapping.
1878 - d/slapd.scripts-common:
1879 - add slapcat_opts to local variables.
1880 - Remove unused variable new_conf.
1881 - Fix backup directory naming for multiple reconfiguration.
1882 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1883 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1884 in the openldap library, as required by Likewise-Open (LP: #390579)
1885 - d/{control,rules}: enable PIE hardening
1886 * Dropped changes:
1887 - d/patches/its-7107-fix-Operation-init-on-reuse.diff: Included in upstream release.
1888 - d/patches/CVE-2011-4079: Included in upstream release.
1889 - d/patches/service-operational-before-detach: Included in upstream release.
1890 - d/schema/extra/misc.ldif: Included upstream.
1891 - d/{rules,schema/extra}: Fix configure and clean rules to support
1892 extra schemas shipped as part of the debian/schema/ directory; no longer required.
1893 - Included in Debian:
1894 + Document cn=config in README file.
1895 + Install a default DIT; actually a minimal configuration.
1896 + d/patches/heimdal-fix.
1897 * General tidy of d/patches to remove obsolete patches being held in Ubuntu delta.
1898
1899 -- James Page <james.page@ubuntu.com> Fri, 20 Jul 2012 13:48:32 +0100
1900
678openldap (2.4.31-1) unstable; urgency=low1901openldap (2.4.31-1) unstable; urgency=low
6791902
680 * New upstream release.1903 * New upstream release.
@@ -701,6 +1924,121 @@ openldap (2.4.31-1) unstable; urgency=low
7011924
702 -- Steve Langasek <vorlon@debian.org> Wed, 27 Jun 2012 03:27:34 +00001925 -- Steve Langasek <vorlon@debian.org> Wed, 27 Jun 2012 03:27:34 +0000
7031926
1927openldap (2.4.28-1.1ubuntu6) quantal; urgency=low
1928
1929 * Fix issue with intermittent connection issues when using LDAPv3
1930 protocol (LP: #1023025):
1931 - d/patches/its-7107-fix-Operation-init-on-reuse.diff: Cherry picked
1932 patch from upstream VCS which ensures objects are initialized before
1933 re-use.
1934
1935 -- Pierre Fersing <pfersing@sierrawireless.com> Thu, 19 Jul 2012 14:05:09 +0100
1936
1937openldap (2.4.28-1.1ubuntu5) quantal; urgency=low
1938
1939 * debian/rules: Add smbk5pwd build.
1940 * debian/control: Add slapd-smbk5pwd binary package.
1941 * debian/patches/heimdal-fix: adapt parameters of
1942 hdb_generate_key_set_password() to heimdal 1.6~git20120311
1943 (patch from Debian #664930).
1944
1945 -- Jorge Salamero Sanz <bencer@debian.org> Wed, 18 Jul 2012 09:30:28 -0400
1946
1947openldap (2.4.28-1.1ubuntu4) precise; urgency=low
1948
1949 * debian/control: Build-Depends on dh-apparmor (LP: #948481)
1950
1951 -- Jamie Strandboge <jamie@ubuntu.com> Thu, 05 Apr 2012 09:34:37 -0500
1952
1953openldap (2.4.28-1.1ubuntu3) precise; urgency=low
1954
1955 * Add its-7176-only-poll-sockets-for-write-as-needed.diff
1956 (LP: #932823).
1957
1958 -- Timo Aaltonen <tjaalton@ubuntu.com> Tue, 21 Feb 2012 15:36:29 +0200
1959
1960openldap (2.4.28-1.1ubuntu2) precise; urgency=low
1961
1962 * Remove debian/patches/CVE-2011-4079; it's already in this upstream
1963 version. Fixes FTBFS.
1964
1965 -- Daniel T Chen <crimsun@ubuntu.com> Wed, 25 Jan 2012 17:26:17 -0500
1966
1967openldap (2.4.28-1.1ubuntu1) precise; urgency=low
1968
1969 * Merge from Debian testing. Remaining changes:
1970 - Install a default DIT (LP: #442498).
1971 - Document cn=config in README file (LP: #370784).
1972 - remaining changes:
1973 + AppArmor support:
1974 - debian/apparmor-profile: add AppArmor profile
1975 - use dh_apparmor:
1976 - debian/rules: use dh_apparmor
1977 - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
1978 - updated debian/slapd.README.Debian for note on AppArmor
1979 - debian/slapd.dirs: add etc/apparmor.d/force-complain
1980 + Enable GSSAPI support (LP: #495418):
1981 - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1982 - Add --with-gssapi support
1983 - Make guess_service_principal() more robust when determining
1984 principal
1985 - debian/patches/series: apply gssapi.diff patch.
1986 - debian/configure.options: Configure with --with-gssapi
1987 - debian/control: Added libkrb5-dev as a build depend
1988 + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1989 in the openldap library, as required by Likewise-Open (LP: #390579)
1990 + Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
1991 - debian/control:
1992 - remove build-dependency on heimdal-dev.
1993 - remove slapd-smbk5pwd binary package.
1994 - debian/rules: don't build smbk5pwd slapd module.
1995 + debian/{control,rules}: enable PIE hardening
1996 + ufw support (LP: #423246):
1997 - debian/control: suggest ufw.
1998 - debian/rules: install ufw profile.
1999 - debian/slapd.ufw.profile: add ufw profile.
2000 + Enable nssoverlay:
2001 - debian/patches/nssov-build, debian/series, debian/rules:
2002 Apply, build and package the nss overlay.
2003 - debian/schema/extra/misc.ldif: add ldif file for the misc schema
2004 which defines rfc822MailMember (required by the nss overlay).
2005 + debian/rules, debian/schema/extra/:
2006 Fix configure rule to supports extra schemas shipped as part
2007 of the debian/schema/ directory.
2008 + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
2009 + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
2010 neither the default DIT nor via an Authn mapping.
2011 + debian/slapd.scripts-common: adjust minimum version that triggers a
2012 database upgrade. Upgrade from maverick shouldn't trigger database
2013 upgrade (which would happen with the version used in Debian).
2014 + debian/slapd.scripts-common: add slapcat_opts to local variables.
2015 Remove unused variable new_conf.
2016 + debian/slapd.script-common: Fix package reconfiguration.
2017 - Fix backup directory naming for multiple reconfiguration.
2018 + debian/slapd.default, debian/slapd.README.Debian:
2019 use the new configuration style.
2020 + Install nss overlay (LP: #675391):
2021 - debian/rules: run install target for nssov module.
2022 - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema
2023 + debian/patches/gssapi.diff:
2024 - Update patch so that likewise-open is usuable again. (LP: #661547)
2025 + debian/patches/service-operational-before-detach: New patch replacing old one
2026 of the same name as previous could cause database corruption based on upstream commits.
2027 (LP: #727973)
2028 + debian/patches/CVE-2011-4079: fix off by one error in postalAddressNormalize()
2029 (CVE-2011-4079)
2030
2031
2032 -- Chuck Short <zulcss@ubuntu.com> Mon, 23 Jan 2012 10:01:13 -0500
2033
2034openldap (2.4.28-1.1) unstable; urgency=low
2035
2036 * Non-maintainer upload.
2037 * Disable the mdb backend on non-Linux, it looks like it doesn't work with
2038 linuxthreads (closes: #654824).
2039
2040 -- Julien Cristau <jcristau@debian.org> Mon, 16 Jan 2012 19:45:42 +0100
2041
704openldap (2.4.28-1) unstable; urgency=low2042openldap (2.4.28-1) unstable; urgency=low
7052043
706 * New upstream release.2044 * New upstream release.
@@ -728,6 +2066,72 @@ openldap (2.4.28-1) unstable; urgency=low
7282066
729 -- Steve Langasek <vorlon@debian.org> Thu, 05 Jan 2012 06:07:11 +00002067 -- Steve Langasek <vorlon@debian.org> Thu, 05 Jan 2012 06:07:11 +0000
7302068
2069openldap (2.4.25-4ubuntu1) precise; urgency=low
2070
2071 * Merge from Debian testing. Remaining changes:
2072 - Install a default DIT (LP: #442498).
2073 - Document cn=config in README file (LP: #370784).
2074 - remaining changes:
2075 + AppArmor support:
2076 - debian/apparmor-profile: add AppArmor profile
2077 - use dh_apparmor:
2078 - debian/rules: use dh_apparmor
2079 - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
2080 - updated debian/slapd.README.Debian for note on AppArmor
2081 - debian/slapd.dirs: add etc/apparmor.d/force-complain
2082 + Enable GSSAPI support (LP: #495418):
2083 - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
2084 - Add --with-gssapi support
2085 - Make guess_service_principal() more robust when determining
2086 principal
2087 - debian/patches/series: apply gssapi.diff patch.
2088 - debian/configure.options: Configure with --with-gssapi
2089 - debian/control: Added libkrb5-dev as a build depend
2090 + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
2091 in the openldap library, as required by Likewise-Open (LP: #390579)
2092 + Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
2093 - debian/control:
2094 - remove build-dependency on heimdal-dev.
2095 - remove slapd-smbk5pwd binary package.
2096 - debian/rules: don't build smbk5pwd slapd module.
2097 + debian/{control,rules}: enable PIE hardening
2098 + ufw support (LP: #423246):
2099 - debian/control: suggest ufw.
2100 - debian/rules: install ufw profile.
2101 - debian/slapd.ufw.profile: add ufw profile.
2102 + Enable nssoverlay:
2103 - debian/patches/nssov-build, debian/series, debian/rules:
2104 Apply, build and package the nss overlay.
2105 - debian/schema/extra/misc.ldif: add ldif file for the misc schema
2106 which defines rfc822MailMember (required by the nss overlay).
2107 + debian/rules, debian/schema/extra/:
2108 Fix configure rule to supports extra schemas shipped as part
2109 of the debian/schema/ directory.
2110 + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
2111 + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
2112 neither the default DIT nor via an Authn mapping.
2113 + debian/slapd.scripts-common: adjust minimum version that triggers a
2114 database upgrade. Upgrade from maverick shouldn't trigger database
2115 upgrade (which would happen with the version used in Debian).
2116 + debian/slapd.scripts-common: add slapcat_opts to local variables.
2117 Remove unused variable new_conf.
2118 + debian/slapd.script-common: Fix package reconfiguration.
2119 - Fix backup directory naming for multiple reconfiguration.
2120 + debian/slapd.default, debian/slapd.README.Debian:
2121 use the new configuration style.
2122 + Install nss overlay (LP: #675391):
2123 - debian/rules: run install target for nssov module.
2124 - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema
2125 + debian/patches/gssapi.diff:
2126 - Update patch so that likewise-open is usuable again. (LP: #661547)
2127 + debian/patches/service-operational-before-detach: New patch replacing old one
2128 of the same name as previous could cause database corruption based on upstream commits.
2129 (LP: #727973)
2130 + debian/patches/CVE-2011-4079: fix off by one error in postalAddressNormalize()
2131 (CVE-2011-4079)
2132
2133 -- Chuck Short <zulcss@ubuntu.com> Tue, 22 Nov 2011 06:17:49 +0000
2134
731openldap (2.4.25-4) unstable; urgency=low2135openldap (2.4.25-4) unstable; urgency=low
7322136
733 * Drop explicit depends on libdb4.8, since we're now linking against2137 * Drop explicit depends on libdb4.8, since we're now linking against
@@ -761,6 +2165,85 @@ openldap (2.4.25-4) unstable; urgency=low
7612165
762 -- Steve Langasek <vorlon@debian.org> Tue, 18 Oct 2011 01:08:34 +00002166 -- Steve Langasek <vorlon@debian.org> Tue, 18 Oct 2011 01:08:34 +0000
7632167
2168openldap (2.4.25-3ubuntu3) precise; urgency=low
2169
2170 * Rebuild for Perl 5.14.
2171
2172 -- Colin Watson <cjwatson@ubuntu.com> Tue, 15 Nov 2011 20:50:09 +0000
2173
2174openldap (2.4.25-3ubuntu2) precise; urgency=low
2175
2176 * SECURITY UPDATE: potential denial of service (LP: #884163)
2177 - debian/patches/CVE-2011-4079: fix off by one error in
2178 postalAddressNormalize()
2179 - CVE-2011-4079
2180
2181 -- Jamie Strandboge <jamie@ubuntu.com> Mon, 14 Nov 2011 13:59:56 -0600
2182
2183openldap (2.4.25-3ubuntu1) precise; urgency=low
2184
2185 * Merge from debian unstable. Remaining changes:
2186 - Install a default DIT (LP: #442498).
2187 - Document cn=config in README file (LP: #370784).
2188 - remaining changes:
2189 + AppArmor support:
2190 - debian/apparmor-profile: add AppArmor profile
2191 - use dh_apparmor:
2192 - debian/rules: use dh_apparmor
2193 - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
2194 - updated debian/slapd.README.Debian for note on AppArmor
2195 - debian/slapd.dirs: add etc/apparmor.d/force-complain
2196 + Enable GSSAPI support (LP: #495418):
2197 - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
2198 - Add --with-gssapi support
2199 - Make guess_service_principal() more robust when determining
2200 principal
2201 - debian/patches/series: apply gssapi.diff patch.
2202 - debian/configure.options: Configure with --with-gssapi
2203 - debian/control: Added libkrb5-dev as a build depend
2204 + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
2205 in the openldap library, as required by Likewise-Open (LP: #390579)
2206 + Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
2207 - debian/control:
2208 - remove build-dependency on heimdal-dev.
2209 - remove slapd-smbk5pwd binary package.
2210 - debian/rules: don't build smbk5pwd slapd module.
2211 + debian/{control,rules}: enable PIE hardening
2212 + ufw support (LP: #423246):
2213 - debian/control: suggest ufw.
2214 - debian/rules: install ufw profile.
2215 - debian/slapd.ufw.profile: add ufw profile.
2216 + Enable nssoverlay:
2217 - debian/patches/nssov-build, debian/series, debian/rules:
2218 Apply, build and package the nss overlay.
2219 - debian/schema/extra/misc.ldif: add ldif file for the misc schema
2220 which defines rfc822MailMember (required by the nss overlay).
2221 + debian/rules, debian/schema/extra/:
2222 Fix configure rule to supports extra schemas shipped as part
2223 of the debian/schema/ directory.
2224 + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
2225 + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
2226 neither the default DIT nor via an Authn mapping.
2227 + debian/slapd.scripts-common: adjust minimum version that triggers a
2228 database upgrade. Upgrade from maverick shouldn't trigger database
2229 upgrade (which would happen with the version used in Debian).
2230 + debian/slapd.scripts-common: add slapcat_opts to local variables.
2231 Remove unused variable new_conf.
2232 + debian/slapd.script-common: Fix package reconfiguration.
2233 - Fix backup directory naming for multiple reconfiguration.
2234 + debian/slapd.default, debian/slapd.README.Debian:
2235 use the new configuration style.
2236 + Install nss overlay (LP: #675391):
2237 - debian/rules: run install target for nssov module.
2238 - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema
2239 + debian/patches/gssapi.diff:
2240 - Update patch so that likewise-open is usuable again. (LP: #661547)
2241 + debian/patches/service-operational-before-detach: New patch replacing old one
2242 of the same name as previous could cause database corruption based on upstream commits.
2243 (LP: #727973)
2244
2245 -- Chuck Short <zulcss@ubuntu.com> Wed, 19 Oct 2011 20:53:08 +0000
2246
764openldap (2.4.25-3) unstable; urgency=low2247openldap (2.4.25-3) unstable; urgency=low
7652248
766 * Brown paper bag: really fix the .links.in handling, so we don't generate2249 * Brown paper bag: really fix the .links.in handling, so we don't generate
@@ -783,6 +2266,92 @@ openldap (2.4.25-2) unstable; urgency=low
7832266
784 -- Steve Langasek <vorlon@debian.org> Sun, 14 Aug 2011 23:17:09 -07002267 -- Steve Langasek <vorlon@debian.org> Sun, 14 Aug 2011 23:17:09 -0700
7852268
2269openldap (2.4.25-1.1ubuntu4) oneiric; urgency=low
2270
2271 * Brown paper bag: really fix the .links.in handling, so we don't generate
2272 broken /usr/lib/${DEB_HOST_MULTIARCH} dirs.
2273
2274 -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 15 Aug 2011 09:43:29 +0000
2275
2276openldap (2.4.25-1.1ubuntu3) oneiric; urgency=low
2277
2278 * Cherry-pick multiarch support from Debian (LP: #826601):
2279 - Bump to compat level 7, so we don't have to spell out debian/tmp in
2280 every single .install file
2281 - Build for multiarch.
2282
2283 -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 15 Aug 2011 02:23:43 -0700
2284
2285openldap (2.4.25-1.1ubuntu2) oneiric; urgency=low
2286
2287 * debian/apparmor-profile: Allow /var/run and /run. (LP: #810270)
2288
2289 -- Martin Pitt <martin.pitt@ubuntu.com> Thu, 14 Jul 2011 15:18:02 +0200
2290
2291openldap (2.4.25-1.1ubuntu1) oneiric; urgency=low
2292
2293 * Merge from debian unstable. Remaining changes:
2294 - Install a default DIT (LP: #442498).
2295 - Document cn=config in README file (LP: #370784).
2296 - remaining changes:
2297 + AppArmor support:
2298 - debian/apparmor-profile: add AppArmor profile
2299 - use dh_apparmor:
2300 - debian/rules: use dh_apparmor
2301 - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
2302 - updated debian/slapd.README.Debian for note on AppArmor
2303 - debian/slapd.dirs: add etc/apparmor.d/force-complain
2304 + Enable GSSAPI support (LP: #495418):
2305 - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
2306 - Add --with-gssapi support
2307 - Make guess_service_principal() more robust when determining
2308 principal
2309 - debian/patches/series: apply gssapi.diff patch.
2310 - debian/configure.options: Configure with --with-gssapi
2311 - debian/control: Added libkrb5-dev as a build depend
2312 + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
2313 in the openldap library, as required by Likewise-Open (LP: #390579)
2314 + Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
2315 - debian/control:
2316 - remove build-dependency on heimdal-dev.
2317 - remove slapd-smbk5pwd binary package.
2318 - debian/rules: don't build smbk5pwd slapd module.
2319 + debian/{control,rules}: enable PIE hardening
2320 + ufw support (LP: #423246):
2321 - debian/control: suggest ufw.
2322 - debian/rules: install ufw profile.
2323 - debian/slapd.ufw.profile: add ufw profile.
2324 + Enable nssoverlay:
2325 - debian/patches/nssov-build, debian/series, debian/rules:
2326 Apply, build and package the nss overlay.
2327 - debian/schema/extra/misc.ldif: add ldif file for the misc schema
2328 which defines rfc822MailMember (required by the nss overlay).
2329 + debian/rules, debian/schema/extra/:
2330 Fix configure rule to supports extra schemas shipped as part
2331 of the debian/schema/ directory.
2332 + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
2333 + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
2334 neither the default DIT nor via an Authn mapping.
2335 + debian/slapd.scripts-common: adjust minimum version that triggers a
2336 database upgrade. Upgrade from maverick shouldn't trigger database
2337 upgrade (which would happen with the version used in Debian).
2338 + debian/slapd.scripts-common: add slapcat_opts to local variables.
2339 Remove unused variable new_conf.
2340 + debian/slapd.script-common: Fix package reconfiguration.
2341 - Fix backup directory naming for multiple reconfiguration.
2342 + debian/slapd.default, debian/slapd.README.Debian:
2343 use the new configuration style.
2344 + Install nss overlay (LP: #675391):
2345 - debian/rules: run install target for nssov module.
2346 - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema
2347 + debian/patches/gssapi.diff:
2348 - Update patch so that likewise-open is usuable again. (LP: #661547)
2349 + debian/patches/service-operational-before-detach: New patch replacing old one
2350 of the same name as previous could cause database corruption based on upstream commits.
2351 (LP: #727973)
2352
2353 -- Chuck Short <zulcss@ubuntu.com> Sun, 05 Jun 2011 17:38:40 +0100
2354
786openldap (2.4.25-1.1) unstable; urgency=low2355openldap (2.4.25-1.1) unstable; urgency=low
7872356
788 * Non-maintainer upload to fix RC bug.2357 * Non-maintainer upload to fix RC bug.
@@ -790,6 +2359,75 @@ openldap (2.4.25-1.1) unstable; urgency=low
7902359
791 -- Thijs Kinkhorst <thijs@debian.org> Tue, 31 May 2011 11:57:29 +02002360 -- Thijs Kinkhorst <thijs@debian.org> Tue, 31 May 2011 11:57:29 +0200
7922361
2362openldap (2.4.25-1ubuntu1) oneiric; urgency=low
2363
2364 * Merge from debian unstable. Remaining changes:
2365 - Install a default DIT (LP: #442498).
2366 - Document cn=config in README file (LP: #370784).
2367 - remaining changes:
2368 + AppArmor support:
2369 - debian/apparmor-profile: add AppArmor profile
2370 - use dh_apparmor:
2371 - debian/rules: use dh_apparmor
2372 - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
2373 - updated debian/slapd.README.Debian for note on AppArmor
2374 - debian/slapd.dirs: add etc/apparmor.d/force-complain
2375 + Enable GSSAPI support (LP: #495418):
2376 - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
2377 - Add --with-gssapi support
2378 - Make guess_service_principal() more robust when determining
2379 principal
2380 - debian/patches/series: apply gssapi.diff patch.
2381 - debian/configure.options: Configure with --with-gssapi
2382 - debian/control: Added libkrb5-dev as a build depend
2383 + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
2384 in the openldap library, as required by Likewise-Open (LP: #390579)
2385 + Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
2386 - debian/control:
2387 - remove build-dependency on heimdal-dev.
2388 - remove slapd-smbk5pwd binary package.
2389 - debian/rules: don't build smbk5pwd slapd module.
2390 + debian/{control,rules}: enable PIE hardening
2391 + ufw support (LP: #423246):
2392 - debian/control: suggest ufw.
2393 - debian/rules: install ufw profile.
2394 - debian/slapd.ufw.profile: add ufw profile.
2395 + Enable nssoverlay:
2396 - debian/patches/nssov-build, debian/series, debian/rules:
2397 Apply, build and package the nss overlay.
2398 - debian/schema/extra/misc.ldif: add ldif file for the misc schema
2399 which defines rfc822MailMember (required by the nss overlay).
2400 + debian/rules, debian/schema/extra/:
2401 Fix configure rule to supports extra schemas shipped as part
2402 of the debian/schema/ directory.
2403 + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
2404 + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
2405 neither the default DIT nor via an Authn mapping.
2406 + debian/slapd.scripts-common: adjust minimum version that triggers a
2407 database upgrade. Upgrade from maverick shouldn't trigger database
2408 upgrade (which would happen with the version used in Debian).
2409 + debian/slapd.scripts-common: add slapcat_opts to local variables.
2410 Remove unused variable new_conf.
2411 + debian/slapd.script-common: Fix package reconfiguration.
2412 - Fix backup directory naming for multiple reconfiguration.
2413 + debian/slapd.default, debian/slapd.README.Debian:
2414 use the new configuration style.
2415 + Install nss overlay (LP: #675391):
2416 - debian/rules: run install target for nssov module.
2417 - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema
2418 + debian/patches/gssapi.diff:
2419 - Update patch so that likewise-open is usuable again. (LP: #661547)
2420 + debian/patches/service-operational-before-detach: New patch replacing old one
2421 of the same name as previous could cause database corruption based on upstream commits.
2422 (LP: #727973)
2423 + Dropped:
2424 - debian/patches/gold: Use the debian version instead
2425 - debian/patches/CVE-2011-1024: Fixed upstream
2426 - debian/patches/CVE-2011-1025: Fixed upstream
2427 - debian/patches/CVE-2011-1081: Fixed upstream
2428
2429 -- Chuck Short <zulcss@ubuntu.com> Sun, 08 May 2011 16:34:09 +0100
2430
793openldap (2.4.25-1) unstable; urgency=low2431openldap (2.4.25-1) unstable; urgency=low
7942432
795 * New upstream version (Closes: #617606, #618904, #606815, #608813)2433 * New upstream version (Closes: #617606, #618904, #606815, #608813)
@@ -821,6 +2459,116 @@ openldap (2.4.23-7) unstable; urgency=low
8212459
822 -- Matthijs Mohlmann <matthijs@cacholong.nl> Sat, 06 Nov 2010 12:13:01 +01002460 -- Matthijs Mohlmann <matthijs@cacholong.nl> Sat, 06 Nov 2010 12:13:01 +0100
8232461
2462openldap (2.4.23-6ubuntu7) oneiric; urgency=low
2463
2464 * Rebuild for Perl 5.12.
2465
2466 -- Colin Watson <cjwatson@ubuntu.com> Sun, 08 May 2011 13:40:28 +0100
2467
2468openldap (2.4.23-6ubuntu6) natty; urgency=low
2469
2470 * SECURITY UPDATE: fix successful anonymous bind via chain overlay when
2471 using forwarded authentication failures
2472 - debian/patches/CVE-2011-1024
2473 - CVE-2011-1024
2474 * SECURITY UPDATE: verify password when authenticating to rootdn and using ndb
2475 backend. Note: Ubuntu is not compiled with --enable-ndb by default
2476 - debian/patches/CVE-2011-1025
2477 - CVE-2011-1025
2478 * SECURITY UPDATE: fix DoS when processing unauthenticated modrdn requests
2479 and requestDN is empty
2480 - debian/patches/CVE-2011-1081
2481 - CVE-2011-1081
2482 - LP: #742104
2483
2484 -- Jamie Strandboge <jamie@ubuntu.com> Thu, 07 Apr 2011 11:36:53 -0500
2485
2486openldap (2.4.23-6ubuntu5) natty; urgency=low
2487
2488 * debian/patches/service-operational-before-detach: New patch replacing
2489 old one of same name as previous could cause database corruption,
2490 based on upstream commits. (LP: #727973)
2491
2492 -- Dave Walker (Daviey) <DaveWalker@ubuntu.com> Wed, 02 Mar 2011 20:33:08 +0000
2493
2494openldap (2.4.23-6ubuntu4) natty; urgency=low
2495
2496 * Fix FTBFS with ld.gold.
2497
2498 -- Matthias Klose <doko@ubuntu.com> Wed, 19 Jan 2011 07:39:49 +0100
2499
2500openldap (2.4.23-6ubuntu3) natty; urgency=low
2501
2502 * debian/patches/gssapi.diff:
2503 Update patch so that likewise-open is usable again (LP: #661547)
2504
2505 -- Thierry Carrez (ttx) <thierry.carrez@ubuntu.com> Fri, 26 Nov 2010 15:50:11 +0100
2506
2507openldap (2.4.23-6ubuntu2) natty; urgency=low
2508
2509 * Install nss overlay (LP: #675391):
2510 - debian/rules: run install target for nssov module.
2511 - debian/patches/nssov-build: fix patch to install schema in
2512 /etc/ldap/schema.
2513
2514 -- Mathias Gug <mathiaz@ubuntu.com> Wed, 17 Nov 2010 18:16:42 -0500
2515
2516openldap (2.4.23-6ubuntu1) natty; urgency=low
2517
2518 * Merge from Debian unstable:
2519 - Install a default DIT (LP: #442498).
2520 - Document cn=config in README file (LP: #370784).
2521 - remaining changes:
2522 + AppArmor support:
2523 - debian/apparmor-profile: add AppArmor profile
2524 - use dh_apparmor:
2525 - debian/rules: use dh_apparmor
2526 - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
2527 - updated debian/slapd.README.Debian for note on AppArmor
2528 - debian/slapd.dirs: add etc/apparmor.d/force-complain
2529 + Enable GSSAPI support (LP: #495418):
2530 - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
2531 - Add --with-gssapi support
2532 - Make guess_service_principal() more robust when determining
2533 principal
2534 - debian/patches/series: apply gssapi.diff patch.
2535 - debian/configure.options: Configure with --with-gssapi
2536 - debian/control: Added libkrb5-dev as a build depend
2537 + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
2538 in the openldap library, as required by Likewise-Open (LP: #390579)
2539 + Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
2540 - debian/control:
2541 - remove build-dependency on heimdal-dev.
2542 - remove slapd-smbk5pwd binary package.
2543 - debian/rules: don't build smbk5pwd slapd module.
2544 + debian/{control,rules}: enable PIE hardening
2545 + ufw support (LP: #423246):
2546 - debian/control: suggest ufw.
2547 - debian/rules: install ufw profile.
2548 - debian/slapd.ufw.profile: add ufw profile.
2549 + Enable nssoverlay:
2550 - debian/patches/nssov-build, debian/series, debian/rules:
2551 Apply, build and package the nss overlay.
2552 - debian/schema/extra/misc.ldif: add ldif file for the misc schema
2553 which defines rfc822MailMember (required by the nss overlay).
2554 + debian/rules, debian/schema/extra/:
2555 Fix configure rule to supports extra schemas shipped as part
2556 of the debian/schema/ directory.
2557 + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
2558 + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
2559 neither the default DIT nor via an Authn mapping.
2560 + debian/slapd.scripts-common: adjust minimum version that triggers a
2561 database upgrade. Upgrade from maverick shouldn't trigger database
2562 upgrade (which would happen with the version used in Debian).
2563 + debian/slapd.scripts-common: add slapcat_opts to local variables.
2564 Remove unused variable new_conf.
2565 + debian/slapd.script-common: Fix package reconfiguration.
2566 - Fix backup directory naming for multiple reconfiguration.
2567 + debian/slapd.default, debian/slapd.README.Debian:
2568 use the new configuration style.
2569
2570 -- Mathias Gug <mathiaz@ubuntu.com> Fri, 12 Nov 2010 15:19:07 -0500
2571
824openldap (2.4.23-6) unstable; urgency=high2572openldap (2.4.23-6) unstable; urgency=high
8252573
826 * Check for an empty directory to prevent an rm -f /*. (Closes: #597704)2574 * Check for an empty directory to prevent an rm -f /*. (Closes: #597704)
@@ -943,6 +2691,80 @@ openldap (2.4.23-1) unstable; urgency=low
9432691
944 -- Matthijs Mohlmann <matthijs@cacholong.nl> Mon, 12 Jul 2010 13:25:00 +02002692 -- Matthijs Mohlmann <matthijs@cacholong.nl> Mon, 12 Jul 2010 13:25:00 +0200
9452693
2694openldap (2.4.23-0ubuntu4) natty; urgency=low
2695
2696 * debian/slapd.templates: amended typo in slapd/move_old_database
2697 (LP: #666028)
2698
2699 -- James Page <james.page@canonical.com> Mon, 08 Nov 2010 10:00:58 +0000
2700
2701openldap (2.4.23-0ubuntu3.2) maverick-proposed; urgency=low
2702
2703 * debian/slapd.templates: re-add slapd/move_old_database template as it's
2704 used during the package upgrade. Thanks to James Page for pointing it.
2705 * debian/slapd.config: restore debconf question slapd/move_old_database.
2706
2707 -- Mathias Gug <mathiaz@ubuntu.com> Thu, 14 Oct 2010 16:56:38 -0400
2708
2709openldap (2.4.23-0ubuntu3.1) maverick-proposed; urgency=low
2710
2711 [ James Page ]
2712 * Fixed install/upgrade process to dump/restore databases due
2713 to uplift to libdb4.8-dev (LP: #658227)
2714
2715 -- Mathias Gug <mathiaz@ubuntu.com> Thu, 14 Oct 2010 14:50:49 -0400
2716
2717openldap (2.4.23-0ubuntu3) maverick; urgency=low
2718
2719 * debian/rules: move dh_apparmor before dh_installinit
2720
2721 -- Jamie Strandboge <jamie@ubuntu.com> Fri, 06 Aug 2010 17:34:21 -0500
2722
2723openldap (2.4.23-0ubuntu2) maverick; urgency=low
2724
2725 * convert to using dh_apparmor:
2726 - debian/rules, debian/slapd.post{inst,rm}: use dh_apparmor
2727 - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
2728 * debian/apparmor-profile: use local include
2729
2730 -- Jamie Strandboge <jamie@ubuntu.com> Fri, 06 Aug 2010 15:08:55 -0500
2731
2732openldap (2.4.23-0ubuntu1) maverick; urgency=low
2733
2734 * New release, features include:
2735 + Fixed libldap to return server's error code (ITS#6569)
2736 + Fixed libldap memleaks (ITS#6568)
2737 + Fixed liblutil off-by-one with delta (ITS#6541)
2738 + Fixed slapd acls with glued databases (ITS#6468)
2739 + Fixed slapd syncrepl rid logging (ITS#6533)
2740 + Fixed slapd modrdn handling of invalid values (ITS#6570)
2741 + Fixed slapd-bdb hasSubordinates computation (ITS#6549)
2742 + Fixed slapd-bdb to use memcpy instead for strcpy (ITS#6474)
2743 + Fixed slapd-bdb entry cache delete failure (ITS#6577)
2744 + Fixed slapd-ldap to return control responses (ITS#6530)
2745 + Fixed slapo-ppolicy to use Debug (ITS#6566)
2746 + Fixed slapo-refint to zero out freed DN vals (ITS#6572)
2747 + Fixed slapo-rwm to use Debug (ITS#6566)
2748 + Fixed slapo-sssvlv to use Debug (ITS#6566)
2749 + Fixed slapo-syncprov lost deletes in refresh phase (ITS#6555)
2750 + Fixed slapo-valsort to use Debug (ITS#6566)
2751 + Fixed contrib/nssov network.c missing patch (ITS#6562)
2752 + Fixed test043 attribute sorting (ITS#6553)
2753 + slapd-config(5) note default rootdn (ITS#6546)
2754 * Rebased patches debian/patches/dropped nssov-build
2755 * Resynchronize with Debian:
2756 + debian/control:
2757 - Bump standards-version to 3.9.0
2758 - Use libdb4.8-dev (LP: #572489)
2759 + Added debian/patches/issue-6534-patch
2760 + Added debian/patches/ldap-conf-tls-cacertdir
2761 * Add ufw support, thanks to PatRiehecky (LP: #423246)
2762
2763 [Adam Sommer]
2764 * debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
2765
2766 -- Chuck Short <zulcss@ubuntu.com> Wed, 28 Jul 2010 11:35:16 -0400
2767
946openldap (2.4.21-1) unstable; urgency=low2768openldap (2.4.21-1) unstable; urgency=low
9472769
948 [ Steve Langasek ]2770 [ Steve Langasek ]
@@ -974,6 +2796,79 @@ openldap (2.4.21-1) unstable; urgency=low
9742796
975 -- Matthijs Mohlmann <matthijs@cacholong.nl> Thu, 22 Apr 2010 23:40:30 +02002797 -- Matthijs Mohlmann <matthijs@cacholong.nl> Thu, 22 Apr 2010 23:40:30 +0200
9762798
2799openldap (2.4.21-0ubuntu5) lucid; urgency=low
2800
2801 * Fix local root connection access: replace olcAuthzRegexp mapping to
2802 cn=localroot,cn=config with using the SASL dn directly in olcAccess.
2803 Makes upgrades much simpler and robust (LP: #563829).
2804
2805 -- Mathias Gug <mathiaz@ubuntu.com> Fri, 23 Apr 2010 00:23:31 -0400
2806
2807openldap (2.4.21-0ubuntu4) lucid; urgency=low
2808
2809 [ Simon Olofsson ]
2810 * debian/slapd.postinst:
2811 - Show a message after successful migration (LP: #538848)
2812
2813 [ Jorgen Rosink ]
2814 * debian/slapd.init: add simple status checking with LSB compatible exit
2815 codes (LP: #562377)
2816 * debian/slapd.init.ldif:
2817 - remove admin user in default config database (LP: #556176)
2818 - in default config, add olcAccess entries giving access to controls
2819 available and cn=subschema (LP: #427842)
2820
2821 [ Scott Moser ]
2822 * debian/slapd.scripts-common: Do not create /nonexistent directory
2823 for openldap user's home (LP: #556176)
2824 * debian/slapd.postinst: fix cn=config olcAccess migration (LP: #559070)
2825
2826 -- Scott Moser <smoser@ubuntu.com> Mon, 12 Apr 2010 16:16:47 -0400
2827
2828openldap (2.4.21-0ubuntu3) lucid; urgency=low
2829
2830 * debian/slapd.postinst, debian/slapd.scripts-common: Upgrade databases
2831 before trying to convert to slapd.d, to avoid upgrade failure from hardy
2832 (LP: #536958)
2833 * debian/slapd.postinst: Add a {1} numeric index to olcAccess entry in
2834 olcDatabase={0}config.ldif to avoid upgrade failures (LP: #538516, #526230)
2835
2836 -- Thierry Carrez <thierry.carrez@ubuntu.com> Mon, 29 Mar 2010 13:31:47 +0200
2837
2838openldap (2.4.21-0ubuntu2) lucid; urgency=low
2839
2840 * debian/apparmor-profile: Update apparmor profile. (LP: #508190)
2841
2842 -- Chuck Short <zulcss@ubuntu.com> Tue, 09 Mar 2010 13:33:35 -0500
2843
2844openldap (2.4.21-0ubuntu1) lucid; urgency=low
2845
2846 * New upstream release.
2847 * debian/rules, debian/schema/extra/:
2848 Fix get-orig-source rule to supports extra schemas shipped as part of the
2849 debian/schema/ directory.
2850
2851 -- Mathias Gug <mathiaz@ubuntu.com> Thu, 18 Feb 2010 00:58:13 -0500
2852
2853openldap (2.4.18-0ubuntu2) lucid; urgency=low
2854
2855 * debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
2856 - Add --with-gssapi support
2857 - Make guess_service_principal() more robust when determining principal
2858 * Enable GSSAPI support (LP: #495418):
2859 - debian/configure.options: Configure with --with-gssapi
2860 - debian/control: Added libkrb5-dev as a build depend
2861
2862 -- Thierry Carrez <thierry.carrez@ubuntu.com> Fri, 11 Dec 2009 11:31:11 +0100
2863
2864openldap (2.4.18-0ubuntu1) karmic; urgency=low
2865
2866 * New upstream release: (LP: #419515):
2867 + pcache overlay supports disconnected mode.
2868 * Fix nss overlay load (LP: #417163).
2869
2870 -- Mathias Gug <mathiaz@ubuntu.com> Mon, 07 Sep 2009 13:41:10 -0400
2871
977openldap (2.4.17-2.1) unstable; urgency=high2872openldap (2.4.17-2.1) unstable; urgency=high
9782873
979 * Non-maintainer upload by the Security Team.2874 * Non-maintainer upload by the Security Team.
@@ -1000,6 +2895,108 @@ openldap (2.4.17-2) unstable; urgency=low
10002895
1001 -- Steve Langasek <vorlon@debian.org> Tue, 22 Sep 2009 20:06:34 -07002896 -- Steve Langasek <vorlon@debian.org> Tue, 22 Sep 2009 20:06:34 -0700
10022897
2898openldap (2.4.17-1ubuntu3) karmic; urgency=low
2899
2900 * Install a minimal slapd configuration instead of creating a default
2901 database with a default DIT:
2902 + Move openldap user home from /var/lib/ldap to /nonexistent.
2903 + Remove all code and templates dealing with the default database and DIT
2904 creation.
2905 + Add an Authz map from root user (UID=0) to cn=localroot,cn=config and
2906 grant all access to the latter in the cn=config database as well as the
2907 default backend configuration.
2908 * Add cn=localroot,cn=config authz mapping on upgrades.
2909
2910 -- Mathias Gug <mathiaz@ubuntu.com> Tue, 11 Aug 2009 14:48:56 -0400
2911
2912openldap (2.4.17-1ubuntu2) karmic; urgency=low
2913
2914 [ Thierry Carrez ]
2915 * debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
2916 in the openldap library, as required by Likewise-Open (LP: #390579)
2917
2918 [ Mathias Gug ]
2919 * debian/patches/its6077-uniqueness-overlay: fixes some issues with the
2920 uniqueness overlay.
2921 * debian/patches/its6220-writetimeout-directive: fixes a problem with the
2922 writetimeout directive being in effect even if it wasn't set,
2923 closing connections incorrectly.
2924 * debian/patches/its6222-dncachesize-parameter: fixes the behavior of the
2925 dncachesize parameter that was added in RE24, so that if it is set to
2926 "0" (now the default), it has an unlimited DN cache (RE23 always
2927 had an unlimited DN cache).
2928
2929 -- Mathias Gug <mathiaz@ubuntu.com> Fri, 31 Jul 2009 13:43:46 -0400
2930
2931openldap (2.4.17-1ubuntu1) karmic; urgency=low
2932
2933 [ Steve Langasek ]
2934 * Fix up the lintian warnings:
2935 - add missing misc-depends on all packages
2936 - slapd, libldap-2.4-2-dbg sections changed to 'debug' to match archive
2937 overrides
2938 - bump Standards-Version to 3.8.2, no changes required.
2939
2940 [ Mathias Gug ]
2941 * Resynchronise with Debian. Remaining changes:
2942 - AppArmor support:
2943 - debian/apparmor-profile: add AppArmor profile
2944 - updated debian/slapd.README.Debian for note on AppArmor
2945 - debian/slapd.dirs: add etc/apparmor.d/force-complain
2946 - debian/slapd.postrm: remove symlink in force-complain/ on purge
2947 - debian/rules: install apparmor profile.
2948 - Don't use local statement in config script as it fails if /bin/sh
2949 points to bash.
2950 - debian/slapd.postinst, debian/slapd.script-common: set correct
2951 ownership and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group
2952 readable) and /var/run/slapd (world readable).
2953 - Enable nssoverlay:
2954 - debian/patches/nssov-build, debian/rules: Build and package the nss
2955 overlay.
2956 - debian/schema/misc.ldif: add ldif file for the misc schema which
2957 defines rfc822MailMember (required by the nss overlay).
2958 - debian/{control,rules}: enable PIE hardening
2959 - Use cn=config as the default configuration backend instead of
2960 slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade
2961 asking the end user to enter a new password to control the access to
2962 the cn=config tree.
2963 - debian/slapd.postinst: create /var/run/slapd before updating its
2964 permissions.
2965 - debian/slapd.init: Correctly set slapd config backend option even if
2966 the pidfile is configured in slapd default file.
2967 * Dropped:
2968 - Merged in Debian:
2969 - Update priority of libldap-2.4-2 to match the archive override.
2970 - Add the missing ldapexop and ldapurl tools to ldap-utils, as well as
2971 the ldapurl(1) manpage.
2972 - Bump build-dependency on debhelper to 6 instead of 5, since that's
2973 what we're using.
2974 - Set the default SLAPD_SERVICES to ldap:/// ldapi:///, instead of using
2975 the built-in default of ldap:/// only.
2976 - Fixed in upstream release:
2977 - debian/patches/fix-ldap_back_entry_get_rwa.patch: fix test-0034
2978 failure when built with PIE.
2979 - debian/patches/gnutls-enable-v1-ca-certs: Enable V1 CA certs to be
2980 trusted.
2981 - Update Apparmor profile support: don't support upgrade from pre-hardy
2982 systems:
2983 - debian/slapd.postinst: Reload AA profile on configuration
2984 - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
2985 - debian/control: Conflicts with apparmor-profiles <<
2986 2.1+1075-0ubuntu4 to make sure that if earlier version of
2987 apparmor-profiles gets installed it won't overwrite our profile.
2988 - follow ApparmorProfileMigration and force apparmor complain mode on
2989 some upgrades
2990 - debian/slapd.preinst: create symlink for force-complain on
2991 pre-feisty upgrades, upgrades where apparmor-profiles profile is
2992 unchanged (ie non-enforcing) and upgrades where apparmor profile
2993 does not exist.
2994 - debian/patches/autogen.sh: no longer needed with karmic libtool.
2995 - Call libtoolize with the --install option to install
2996 config.{guess,sub} files.
2997
2998 -- Mathias Gug <mathiaz@ubuntu.com> Thu, 30 Jul 2009 16:42:58 -0400
2999
1003openldap (2.4.17-1) unstable; urgency=low3000openldap (2.4.17-1) unstable; urgency=low
10043001
1005 * New upstream version.3002 * New upstream version.
@@ -1022,6 +3019,153 @@ openldap (2.4.17-1) unstable; urgency=low
10223019
1023 -- Steve Langasek <vorlon@debian.org> Tue, 28 Jul 2009 10:17:15 -07003020 -- Steve Langasek <vorlon@debian.org> Tue, 28 Jul 2009 10:17:15 -0700
10243021
3022openldap (2.4.15-1.1ubuntu1) karmic; urgency=low
3023
3024 * Resynchronise with Debian. Remaining changes:
3025 - AppArmor support:
3026 - debian/apparmor-profile: add AppArmor profile
3027 - debian/slapd.postinst: Reload AA profile on configuration
3028 - updated debian/slapd.README.Debian for note on AppArmor
3029 - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
3030 - debian/control: Conflicts with apparmor-profiles <<
3031 2.1+1075-0ubuntu4 to make sure that if earlier version of
3032 apparmor-profiles gets installed it won't overwrite our profile.
3033 - follow ApparmorProfileMigration and force apparmor complain mode on
3034 some upgrades
3035 - debian/slapd.dirs: add etc/apparmor.d/force-complain
3036 - debian/slapd.preinst: create symlink for force-complain on
3037 pre-feisty upgrades, upgrades where apparmor-profiles profile is
3038 unchanged (ie non-enforcing) and upgrades where apparmor profile
3039 does not exist.
3040 - debian/slapd.postrm: remove symlink in force-complain/ on purge
3041 - debian/patches/autogen.sh:
3042 - Call libtoolize with the --install option to install
3043 config.{guess,sub} files.
3044 - Don't use local statement in config script as it fails if /bin/sh
3045 points to bash.
3046 - debian/slapd.postinst, debian/slapd.script-common: set correct
3047 ownership and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group
3048 readable) and /var/run/slapd (world readable).
3049 - Enable nssoverlay:
3050 - debian/patches/nssov-build, debian/rules: Build and package the nss
3051 overlay.
3052 - debian/schema/misc.ldif: add ldif file for the misc schema which
3053 defines rfc822MailMember (required by the nss overlay).
3054 - debian/{control,rules}: enable PIE hardening
3055 - Use cn=config as the default configuration backend instead of
3056 slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade
3057 asking the end user to enter a new password to control the access to
3058 the cn=config tree.
3059 - Update priority of libldap-2.4-2 to match the archive override.
3060 - Add the missing ldapexop and ldapurl tools to ldap-utils, as well as
3061 the ldapurl(1) manpage.
3062 - Bump build-dependency on debhelper to 6 instead of 5, since that's
3063 what we're using.
3064 - Set the default SLAPD_SERVICES to ldap:/// ldapi:///, instead of using
3065 the built-in default of ldap:/// only.
3066 - debian/patches/fix-ldap_back_entry_get_rwa.patch: fix test-0034
3067 failure when built with PIE.
3068 - debian/patches/gnutls-enable-v1-ca-certs: Enable V1 CA certs to be
3069 trusted.
3070 - debian/slapd.postinst: create /var/run/slapd before updating its
3071 permissions.
3072 - debian/slapd.init: Correctly set slapd config backend option even if
3073 the pidfile is configured in slapd default file.
3074 * Drop patch to avoid the test suite on hppa, as hppa is EOL.
3075
3076 -- Colin Watson <cjwatson@ubuntu.com> Wed, 24 Jun 2009 10:45:20 +0100
3077
3078openldap (2.4.15-1.1) unstable; urgency=low
3079
3080 * Non-maintainer upload.
3081 * Change libltdl3-dev Build-Depends to libltdl-dev | libltdl3-dev
3082 (Closes: #522965)
3083
3084 -- Kurt Roeckx <kurt@roeckx.be> Sun, 19 Apr 2009 18:24:32 +0200
3085
3086openldap (2.4.15-1ubuntu3) jaunty; urgency=low
3087
3088 * No-change rebuild to fix lpia shared library dependencies.
3089
3090 -- Colin Watson <cjwatson@ubuntu.com> Thu, 19 Mar 2009 09:52:40 +0000
3091
3092openldap (2.4.15-1ubuntu2) jaunty; urgency=low
3093
3094 * debian/slapd.postinst: create /var/run/slapd before updating its
3095 permissions (LP: #298928).
3096 * debian/slapd.init: Correclty set slapd config backend option even if the
3097 pidfile is configured in slapd default file (LP: #292364).
3098 * debian/apparmor-profile: support multiple databases to be stored under
3099 /var/lib/ldap/. (LP: #286614).
3100
3101 -- Mathias Gug <mathiaz@ubuntu.com> Fri, 13 Mar 2009 13:56:12 -0400
3102
3103openldap (2.4.15-1ubuntu1) jaunty; urgency=low
3104
3105 [ Steve Langasek ]
3106 * Update priority of libldap-2.4-2 to match the archive override.
3107 * Add the missing ldapexop and ldapurl tools to ldap-utils, as well as the
3108 ldapurl(1) manpage. Thanks to Peter Marschall for the patch.
3109 Closes: #496749.
3110 * Bump build-dependency on debhelper to 6 instead of 5, since that's
3111 what we're using. Closes: #498116.
3112 * Set the default SLAPD_SERVICES to ldap:/// ldapi:///, instead of using
3113 the built-in default of ldap:/// only.
3114
3115 [ Mathias Gug ]
3116 * Merge from debian unstable, remaining changes:
3117 - Modify Maintainer value to match the DebianMaintainerField
3118 speficication.
3119 - AppArmor support:
3120 - debian/apparmor-profile: add AppArmor profile
3121 - debian/slapd.postinst: Reload AA profile on configuration
3122 - updated debian/slapd.README.Debian for note on AppArmor
3123 - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
3124 - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
3125 to make sure that if earlier version of apparmour-profiles gets
3126 installed it won't overwrite our profile.
3127 - follow ApparmorProfileMigration and force apparmor compalin mode on
3128 some upgrades (LP: #203529)
3129 - debian/slapd.dirs: add etc/apparmor.d/force-complain
3130 - debian/slapd.preinst: create symlink for force-complain on pre-feisty
3131 upgrades, upgrades where apparmor-profiles profile is unchanged (ie
3132 non-enforcing) and upgrades where apparmor profile does not exist.
3133 - debian/slapd.postrm: remove symlink in force-complain/ on purge
3134 - debian/control:
3135 - Build-depend on libltdl7-dev rather then libltdl3-dev.
3136 - debian/patches/autogen.sh:
3137 - Call libtoolize with the --install option to install config.{guess,sub}
3138 files.
3139 - Don't use local statement in config script as it fails if /bin/sh
3140 points to bash (LP: #286063).
3141 - Disable the testsuite on hppa. Allows building of packages on this
3142 architecture again, once this package is in the archive.
3143 LP: #288908.
3144 - debian/slapd.postinst, debian/slapd.script-common: set correct ownership
3145 and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group readable) and
3146 /var/run/slapd (world readable). (LP: #257667).
3147 - Enable nssoverlay:
3148 - debian/patches/nssov-build, debian/rules: Build and package
3149 the nss overlay.
3150 - debian/schema/misc.ldif: add ldif file for the misc schema
3151 which defines rfc822MailMember (required by the nss overlay).
3152 - debian/{control,rules}: enable PIE hardening
3153 - Use cn=config as the default configuration backend instead of
3154 slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade
3155 asking the end user to enter a new password to control the access to the
3156 cn=config tree.
3157 * Dropped:
3158 - debian/patches/corrupt-contextCSN: The contextCSN can get corrupted at
3159 times. (ITS: #5947) Fixed in new upstream version 2.4.15.
3160 - debian/patches/fix-ucred-libc due to changes how newer glibc handle
3161 the ucred struct now. Implemented in Debian.
3162 * debian/patches/fix-ldap_back_entry_get_rwa.patch: fix test-0034 failure
3163 when built with PIE.
3164 * debian/patches/gnutls-enable-v1-ca-certs: Enable V1 CA certs to be
3165 trusted (LP: #305264).
3166
3167 -- Mathias Gug <mathiaz@ubuntu.com> Fri, 06 Mar 2009 17:34:21 -0500
3168
1025openldap (2.4.15-1) unstable; urgency=low3169openldap (2.4.15-1) unstable; urgency=low
10263170
1027 * New upstream version3171 * New upstream version
@@ -1039,6 +3183,69 @@ openldap (2.4.15-1) unstable; urgency=low
10393183
1040 -- Steve Langasek <vorlon@debian.org> Tue, 24 Feb 2009 14:27:35 -08003184 -- Steve Langasek <vorlon@debian.org> Tue, 24 Feb 2009 14:27:35 -0800
10413185
3186openldap (2.4.14-0ubuntu1) jaunty; urgency=low
3187
3188 [ Steve Langasek ]
3189 * New upstream version
3190 - Fixes a bug with the pcache overlay not returning cached entries
3191 (closes: #497697)
3192 - Update evolution-ntlm patch to apply to current Makefiles.
3193 - (tentatively) drop gnutls-ciphers, since this bug was reported to be
3194 fixed upstream in 2.4.8. The fix applied in 2.4.8 didn't match the
3195 patch from the bug report, so this should be watched for regressions.
3196 * Build against db4.7 instead of db4.2 at last! Closes: #421946.
3197 * Build with --disable-ndb, to avoid a misbuild when libmysqlclient is
3198 installed in the build environment.
3199 * New patch, no-crlcheck-for-gnutls, to fix a build failure when using
3200 --with-tls=gnutls.
3201
3202 [ Mathias Gug ]
3203 * Merge from debian unstable, remaining changes:
3204 - debian/apparmor-profile: add AppArmor profile
3205 - debian/slapd.postinst: Reload AA profile on configuration
3206 - updated debian/slapd.README.Debian for note on AppArmor
3207 - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
3208 - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
3209 to make sure that if earlier version of apparmour-profiles gets
3210 installed it won't overwrite our profile.
3211 - Modify Maintainer value to match the DebianMaintainerField
3212 speficication.
3213 - follow ApparmorProfileMigration and force apparmor compalin mode on
3214 some upgrades (LP: #203529)
3215 - debian/slapd.dirs: add etc/apparmor.d/force-complain
3216 - debian/slapd.preinst: create symlink for force-complain on pre-feisty
3217 upgrades, upgrades where apparmor-profiles profile is unchanged (ie
3218 non-enforcing) and upgrades where apparmor profile does not exist.
3219 - debian/slapd.postrm: remove symlink in force-complain/ on purge
3220 - debian/patches/fix-ucred-libc due to changes how newer glibc handle
3221 the ucred struct now.
3222 - debian/control:
3223 - Build-depend on libltdl7-dev rather then libltdl3-dev.
3224 - debian/patches/autogen.sh:
3225 - Call libtoolize with the --install option to install config.{guess,sub}
3226 files.
3227 - Don't use local statement in config script as it fails if /bin/sh
3228 points to bash (LP: #286063).
3229 - Disable the testsuite on hppa. Allows building of packages on this
3230 architecture again, once this package is in the archive.
3231 LP: #288908.
3232 - debian/slapd.postinst, debian/slapd.script-common: set correct ownership
3233 and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group readable) and
3234 /var/run/slapd (world readable). (LP: #257667).
3235 - debian/patches/nssov-build, debian/rules:
3236 Build and package the nss overlay.
3237 debian/schema/misc.ldif: add ldif file for the misc schema, which defines
3238 rfc822MailMember (required by the nss overlay).
3239 - debian/{control,rules}: enable PIE hardening
3240 - Use cn=config as the default configuration backend instead of
3241 slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade
3242 asking the end user to enter a new password to control the access to the
3243 cn=config tree.
3244 * debian/patches/corrupt-contextCSN: The contextCSN can get corrupted at
3245 times. (ITS: #5947)
3246
3247 -- Mathias Gug <mathiaz@ubuntu.com> Wed, 18 Feb 2009 18:44:00 -0500
3248
1042openldap (2.4.11-1) unstable; urgency=low3249openldap (2.4.11-1) unstable; urgency=low
10433250
1044 * New upstream version (closes: #499560).3251 * New upstream version (closes: #499560).
@@ -1061,6 +3268,110 @@ openldap (2.4.11-1) unstable; urgency=low
10613268
1062 -- Steve Langasek <vorlon@debian.org> Sat, 11 Oct 2008 01:53:55 -07003269 -- Steve Langasek <vorlon@debian.org> Sat, 11 Oct 2008 01:53:55 -0700
10633270
3271openldap (2.4.11-0ubuntu7) jaunty; urgency=low
3272
3273 * Don't use local statement in config script as it fails if /bin/sh
3274 points to bash (LP: #286063).
3275
3276 -- Mathias Gug <mathiaz@ubuntu.com> Tue, 04 Nov 2008 20:03:46 -0500
3277
3278openldap (2.4.11-0ubuntu6) intrepid; urgency=low
3279
3280 * Disable the testsuite on hppa. Allows building of packages on this
3281 architecture again, once this package is in the archive.
3282 LP: #288908.
3283
3284 -- Matthias Klose <doko@ubuntu.com> Fri, 24 Oct 2008 23:22:33 +0200
3285
3286openldap (2.4.11-0ubuntu5) intrepid; urgency=low
3287
3288 * Don't set admin passwords in ldif files if adminpw is empty.
3289 (LP: #273988 - LP: #276606).
3290
3291 -- Mathias Gug <mathiaz@ubuntu.com> Mon, 13 Oct 2008 19:31:15 -0400
3292
3293openldap (2.4.11-0ubuntu4) intrepid; urgency=low
3294
3295 * debian/slapd.postinst, debian/slapd.script-common: set correct ownership
3296 and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group readable) and
3297 /var/run/slapd (world readable). (LP: #257667).
3298 * debian/slapd.script-common:
3299 - Fix package reconfiguration:
3300 + Remove slapd.d/ directory if it already exists when creating a new
3301 configuration.
3302 + Fix backup directory naming for multiple reconfiguration.
3303
3304 -- Mathias Gug <mathiaz@ubuntu.com> Wed, 24 Sep 2008 21:01:42 -0400
3305
3306openldap (2.4.11-0ubuntu3) intrepid; urgency=low
3307
3308 * debian/patches/nssov-build, debian/rules:
3309 Build and package the nss overlay.
3310 * debian/schema/misc.ldif: add ldif file for the misc schema, which defines
3311 rfc822MailMember (required by the nss overlay).
3312
3313 -- Mathias Gug <mathiaz@ubuntu.com> Tue, 26 Aug 2008 18:42:54 -0400
3314
3315openldap (2.4.11-0ubuntu2) intrepid; urgency=low
3316
3317 * debian/{control,rules}: enable PIE hardening
3318
3319 -- Kees Cook <kees@ubuntu.com> Wed, 20 Aug 2008 15:47:01 -0700
3320
3321openldap (2.4.11-0ubuntu1) intrepid; urgency=low
3322
3323 * New upstream version:
3324 - Mainly bug fixes.
3325 - New nss slapd overlay (not compiled by default).
3326 * Use cn=config as the default configuration backend instead of
3327 slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade
3328 asking the end user to enter a new password to control the access to the
3329 cn=config tree.
3330
3331 -- Mathias Gug <mathiaz@ubuntu.com> Mon, 11 Aug 2008 20:26:05 -0400
3332
3333openldap (2.4.10-3ubuntu1) intrepid; urgency=low
3334
3335 [ Mathias Gug ]
3336 * Merge from debian unstable, remaining changes:
3337 - debian/apparmor-profile: add AppArmor profile
3338 - debian/slapd.postinst: Reload AA profile on configuration
3339 - updated debian/slapd.README.Debian for note on AppArmor
3340 - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
3341 - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
3342 to make sure that if earlier version of apparmour-profiles gets
3343 installed it won't overwrite our profile.
3344 - Modify Maintainer value to match the DebianMaintainerField
3345 speficication.
3346 - follow ApparmorProfileMigration and force apparmor compalin mode on
3347 some upgrades (LP: #203529)
3348 - debian/slapd.dirs: add etc/apparmor.d/force-complain
3349 - debian/slapd.preinst: create symlink for force-complain on pre-feisty
3350 upgrades, upgrades where apparmor-profiles profile is unchanged (ie
3351 non-enforcing) and upgrades where apparmor profile does not exist.
3352 - debian/slapd.postrm: remove symlink in force-complain/ on purge
3353 - debian/patches/fix-ucred-libc due to changes how newer glibc handle
3354 the ucred struct now.
3355 - debian/patches/fix-unique-overlay-assertion.patch:
3356 Fix another assertion error in unique overlay (LP: #243337).
3357 Backport from head.
3358 * Dropped - implemented in Debian:
3359 - debian/patches/fix-gnutls-key-strength.patch:
3360 Fix slapd handling of ssf using gnutls. (LP: #244925).
3361 - debian/control:
3362 Add time as build dependency: needed by make test.
3363 * debian/control:
3364 - Build-depend on libltdl7-dev rather then libltdl3-dev.
3365 * debian/patches/autogen.sh:
3366 - Call libtoolize with the --install option to install config.{guess,sub}
3367 files.
3368
3369 [ Jamie Strandboge ]
3370 * adjust apparmor profile to allow gssapi (LP: #229252)
3371 * adjust apparmor profile to allow cnconfig (LP: #243525)
3372
3373 -- Mathias Gug <mathiaz@ubuntu.com> Wed, 30 Jul 2008 19:46:02 -0400
3374
1064openldap (2.4.10-3) unstable; urgency=low3375openldap (2.4.10-3) unstable; urgency=low
10653376
1066 [ Steve Langasek ]3377 [ Steve Langasek ]
@@ -1094,6 +3405,40 @@ openldap (2.4.10-3) unstable; urgency=low
10943405
1095 -- Steve Langasek <vorlon@debian.org> Mon, 28 Jul 2008 15:26:06 -07003406 -- Steve Langasek <vorlon@debian.org> Mon, 28 Jul 2008 15:26:06 -0700
10963407
3408openldap (2.4.10-2ubuntu1) intrepid; urgency=low
3409
3410 * Merge from debian unstable, remaining changes:
3411 - debian/apparmor-profile: add AppArmor profile
3412 - debian/slapd.postinst: Reload AA profile on configuration
3413 - updated debian/slapd.README.Debian for note on AppArmor
3414 - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
3415 - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
3416 to make sure that if earlier version of apparmour-profiles gets
3417 installed it won't overwrite our profile.
3418 - Modify Maintainer value to match the DebianMaintainerField
3419 speficication.
3420 - follow ApparmorProfileMigration and force apparmor compalin mode on
3421 some upgrades (LP: #203529)
3422 - debian/slapd.dirs: add etc/apparmor.d/force-complain
3423 - debian/slapd.preinst: create symlink for force-complain on pre-feisty
3424 upgrades, upgrades where apparmor-profiles profile is unchanged (ie
3425 non-enforcing) and upgrades where apparmor profile does not exist.
3426 - debian/slapd.postrm: remove symlink in force-complain/ on purge
3427 - debian/patches/fix-ucred-libc due to changes how newer glibc handle
3428 the ucred struct now.
3429 - debian/patches/fix-unique-overlay-assertion.patch:
3430 Fix another assertion error in unique overlay (LP: #243337).
3431 Backport from head.
3432 - debian/patches/fix-gnutls-key-strength.patch:
3433 Fix slapd handling of ssf using gnutls. (LP: #244925).
3434 - debian/control:
3435 Add time as build dependency: needed by make test.
3436 * Dropped - implemented in Debian:
3437 - debian/rules:
3438 Support debuild nocheck option: don't run tests if nocheck is set.
3439
3440 -- Mathias Gug <mathiaz@ubuntu.com> Thu, 10 Jul 2008 14:45:49 -0400
3441
1097openldap (2.4.10-2) unstable; urgency=low3442openldap (2.4.10-2) unstable; urgency=low
10983443
1099 * Support DEB_BUILD_OPTIONS=nocheck to disable running the test suite at3444 * Support DEB_BUILD_OPTIONS=nocheck to disable running the test suite at
@@ -1108,6 +3453,54 @@ openldap (2.4.10-2) unstable; urgency=low
11083453
1109 -- Steve Langasek <vorlon@debian.org> Sun, 06 Jul 2008 22:03:32 -07003454 -- Steve Langasek <vorlon@debian.org> Sun, 06 Jul 2008 22:03:32 -0700
11103455
3456openldap2.3 (2.4.10-1ubuntu1) intrepid; urgency=low
3457
3458 * Merge from debian unstable, remaining changes:
3459 - debian/apparmor-profile: add AppArmor profile
3460 - debian/slapd.postinst: Reload AA profile on configuration
3461 - updated debian/slapd.README.Debian for note on AppArmor
3462 - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
3463 - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
3464 to make sure that if earlier version of apparmour-profiles gets
3465 installed it won't overwrite our profile.
3466 - Modify Maintainer value to match the DebianMaintainerField
3467 speficication.
3468 - follow ApparmorProfileMigration and force apparmor compalin mode on
3469 some upgrades (LP: #203529)
3470 - debian/slapd.dirs: add etc/apparmor.d/force-complain
3471 - debian/slapd.preinst: create symlink for force-complain on pre-feisty
3472 upgrades, upgrades where apparmor-profiles profile is unchanged (ie
3473 non-enforcing) and upgrades where apparmor profile does not exist.
3474 - debian/slapd.postrm: remove symlink in force-complain/ on purge
3475 - debian/patches/fix-ucred-libc due to changes how newer glibc handle
3476 the ucred struct now.
3477 - debian/patches/fix-unique-overlay-assertion.patch:
3478 Fix another assertion error in unique overlay (LP: #243337).
3479 Backport from head.
3480 * debian/control:
3481 - add time as build dependency: needed by make test.
3482 * debian/rules:
3483 - support debuild nocheck option: don't run tests if nocheck is set.
3484 * debian/patches/fix-gnutls-key-strength.patch:
3485 - fix slapd handling of ssf using gnutls. (LP: #244925).
3486 * Dropped - accepted in Debian:
3487 - debian/rules, debian/slapd.links: use hard links to slapd instead of
3488 symlinks for slap* so these applications aren't confined by apparmor
3489 (LP: #203898)
3490 * Dropped - fixed in new upstream release:
3491 - debian/patches/fix-assertion-io.patch: Fixes ber_flush2 assertion.
3492 (LP: #215904)
3493 - debian/patches/fix-dnpretty-assertion.patch: Fix dnPrettyNormal assertion
3494 error. (LP: #234196)
3495 - dropped debian/patches/fix-notify-crasher.patch: Fix modify timestamp crashes.
3496 (LP: #220724)
3497 - debian/patches/fix-syncrepl-oops: Fixes segmentation fault when using
3498 syncrepl. (LP: #227178)
3499 - dropped debian/patches/SECURITY_CVE-2008-0658.patch. Already applied
3500 upstream.
3501
3502 -- Mathias Gug <mathiaz@ubuntu.com> Thu, 03 Jul 2008 14:15:08 -0400
3503
1111openldap2.3 (2.4.10-1) unstable; urgency=low3504openldap2.3 (2.4.10-1) unstable; urgency=low
11123505
1113 [ Steve Langasek ]3506 [ Steve Langasek ]
@@ -1132,6 +3525,64 @@ openldap2.3 (2.4.10-1) unstable; urgency=low
11323525
1133 -- Steve Langasek <vorlon@debian.org> Mon, 30 Jun 2008 04:28:34 -07003526 -- Steve Langasek <vorlon@debian.org> Mon, 30 Jun 2008 04:28:34 -0700
11343527
3528openldap2.3 (2.4.9-1ubuntu4) intrepid; urgency=low
3529
3530 * debian/patches/fix-unique-overlay-assertion.patch:
3531 - Fix another assertion error in unique overlay, backported from head.
3532 (LP: #243337) Note: This patch will still be needed when moved to 2.4.10
3533
3534 -- Chuck Short <zulcss@ubuntu.com> Mon, 30 Jun 2008 18:49:52 +0000
3535
3536openldap2.3 (2.4.9-1ubuntu3) intrepid; urgency=low
3537
3538 * Drop spurious dependency on hiemdal-dev. Caused by an aborted attempt to
3539 include the smbk5pwd overlay.
3540
3541 -- Chuck Short <zulcss@ubuntu.com> Wed, 11 Jun 2008 21:25:40 +0000
3542
3543openldap2.3 (2.4.9-1ubuntu2) intrepid; urgency=low
3544
3545 * Rebuild for perl 5.10 transition (LP: #230016)
3546 * debian/patches/fix-syncrepl-oops: Fixes segmentation fault when using
3547 syncrepl. (LP: #227178)
3548
3549 -- Chuck Short <zulcss@ubuntu.com> Mon, 09 Jun 2008 14:56:40 +0000
3550
3551openldap2.3 (2.4.9-1ubuntu1) intrepid; urgency=low
3552
3553 * Merge from debian unstable, remaining changes:
3554 - debian/apparmor-profile: add AppArmor profile
3555 - debian/slapd.postinst: Reload AA profile on configuration
3556 - updated debian/slapd.README.Debian for note on AppArmor
3557 - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
3558 - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
3559 to make sure that if earlier version of apparmour-profiles gets
3560 installed it won't overwrite our profile.
3561 - Modify Maintainer value to match the DebianMaintainerField
3562 speficication.
3563 - follow ApparmorProfileMigration and force apparmor compalin mode on
3564 some upgrades (LP: #203529)
3565 - debian/slapd.dirs: add etc/apparmor.d/force-complain
3566 - debian/slapd.preinst: create symlink for force-complain on pre-feisty
3567 upgrades, upgrades where apparmor-profiles profile is unchanged (ie
3568 non-enforcing) and upgrades where apparmor profile does not exist.
3569 - debian/slapd.postrm: remove symlink in force-complain/ on purge
3570 - debian/rules, debian/slapd.links: use hard links to slapd instead of
3571 symlinks for slap* so these applications aren't confined by apparmor
3572 (LP: #203898)
3573 - debian/patches/fix-assertion-io.patch: Fixes ber_flush2 assertion.
3574 (LP: #215904)
3575 - debian/patches/fix-dnpretty-assertion.patch: Fix dnPrettyNormal assertion
3576 error. (LP: #234196)
3577 - dropped debian/patches/fix-notify-crasher.patch: Fix modify timestamp crashes.
3578 (LP: #220724)
3579 - dropped debian/patches/SECURITY_CVE-2008-0658.patch. Already applied
3580 upstream.
3581 * Added debian/patches/fix-ucred-libc due to changes how newer glibc handle
3582 the ucred struct now.
3583
3584 -- Chuck Short <zulcss@ubuntu.com> Fri, 30 May 2008 17:09:53 +0100
3585
1135openldap2.3 (2.4.9-1) unstable; urgency=low3586openldap2.3 (2.4.9-1) unstable; urgency=low
11363587
1137 [ Updated debconf translations ]3588 [ Updated debconf translations ]
@@ -1202,6 +3653,51 @@ openldap2.3 (2.4.7-6.1) unstable; urgency=high
12023653
1203 -- Nico Golde <nion@debian.org> Tue, 04 Mar 2008 14:34:44 +01003654 -- Nico Golde <nion@debian.org> Tue, 04 Mar 2008 14:34:44 +0100
12043655
3656openldap2.3 (2.4.7-6ubuntu3) hardy; urgency=low
3657
3658 * remove apparmor-profile workaround for Launchpad #202161 (it's now fixed
3659 in klibc)
3660
3661 -- Jamie Strandboge <jamie@ubuntu.com> Mon, 07 Apr 2008 16:09:38 -0400
3662
3663openldap2.3 (2.4.7-6ubuntu2) hardy; urgency=low
3664
3665 * apparmor-profile workaround for Launchpad #202161
3666 * follow ApparmorProfileMigration and force apparmor complain mode on some
3667 upgrades (LP: #203529)
3668 - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
3669 - debian/slapd.dirs: add etc/apparmor.d/force-complain
3670 - debian/slapd.preinst: create symlink for force-complain/ on pre-feisty
3671 upgrades, upgrades where apparmor-profiles profile is unchanged (ie
3672 non-enforcing) and upgrades where apparmor profile does not exist
3673 - debian/slapd.postrm: remove symlink in force-complain/ on purge
3674 * debian/rules, debian/slapd.links: use hard links to slapd instead of
3675 symlinks for slap* so these applications aren't confined by apparmor
3676 (LP: #203898)
3677
3678 -- Jamie Strandboge <jamie@ubuntu.com> Tue, 18 Mar 2008 13:53:23 -0400
3679
3680openldap2.3 (2.4.7-6ubuntu1) hardy; urgency=low
3681
3682 * Merge from Debian unstable, remaining changes:
3683 + debian/patches/SECURITY_CVE-2008-0658.patch (LP: #197077)
3684 slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39
3685 allows remote authenticated users to cause a denial of service (daemon
3686 crash) via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION)
3687 control, a related issue to CVE-2007-6698.
3688 + debian/apparmor-profile: add AppArmor profile
3689 + debian/slapd.postinst: Reload AA profile on configuration
3690 + updated debian/slapd.README.Debian for note on AppArmor
3691 + debian/control: Replaces apparmor-profiles << 2.1+1075-0ubuntu4 as we
3692 should now take control
3693 + debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
3694 to make sure that if earlier version of apparmor-profiles gets
3695 installed it won't overwrite our profile
3696 + Modify Maintainer value to match the DebianMaintainerField
3697 specification.
3698
3699 -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 04 Mar 2008 01:59:51 +0000
3700
1205openldap2.3 (2.4.7-6) unstable; urgency=low3701openldap2.3 (2.4.7-6) unstable; urgency=low
12063702
1207 [ Updated debconf translations ]3703 [ Updated debconf translations ]
@@ -1247,6 +3743,37 @@ openldap2.3 (2.4.7-6) unstable; urgency=low
12473743
1248 -- Steve Langasek <vorlon@debian.org> Thu, 28 Feb 2008 22:15:17 -08003744 -- Steve Langasek <vorlon@debian.org> Thu, 28 Feb 2008 22:15:17 -0800
12493745
3746openldap2.3 (2.4.7-5ubuntu2) hardy; urgency=low
3747
3748 * SECURITY UPDATE:
3749 + debian/patches/SECURITY_CVE-2008-0658.patch (LP: #197077)
3750 slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39
3751 allows remote authenticated users to cause a denial of service (daemon crash)
3752 via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION) control, a related
3753 issue to CVE-2007-6698.
3754
3755 * References
3756 - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-0658
3757 - http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5358
3758
3759 -- Emanuele Gentili <emgent@emanuele-gentili.com> Sun, 02 Mar 2008 16:34:30 +0100
3760
3761openldap2.3 (2.4.7-5ubuntu1) hardy; urgency=low
3762
3763 * add AppArmor profile
3764 + debian/apparmor-profile
3765 + debian/slapd.postinst: Reload AA profile on configuration
3766 * updated debian/slapd.README.Debian for note on AppArmor
3767 * debian/control: Replaces apparmor-profiles << 2.1+1075-0ubuntu4 as we
3768 should now take control
3769 * debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
3770 to make sure that if earlier version of apparmor-profiles gets installed
3771 it won't overwrite our profile
3772 * Modify Maintainer value to match the DebianMaintainerField
3773 specification.
3774
3775 -- Jamie Strandboge <jamie@ubuntu.com> Wed, 13 Feb 2008 17:15:41 +0000
3776
1250openldap2.3 (2.4.7-5) unstable; urgency=low3777openldap2.3 (2.4.7-5) unstable; urgency=low
12513778
1252 [ Updated debconf translations ]3779 [ Updated debconf translations ]
diff --git a/debian/configure.options b/debian/configure.options
index 08a55e0..9d3704e 100644
--- a/debian/configure.options
+++ b/debian/configure.options
@@ -175,6 +175,7 @@
175# --with-fetch with fetch(3) URL support [auto]175# --with-fetch with fetch(3) URL support [auto]
176# --with-threads with threads [auto]176# --with-threads with threads [auto]
177--with-threads177--with-threads
178--with-gssapi
178# --with-tls with TLS/SSL support auto|openssl|gnutls|moznss [auto]179# --with-tls with TLS/SSL support auto|openssl|gnutls|moznss [auto]
179--with-tls=gnutls180--with-tls=gnutls
180# --with-yielding-select with implicitly yielding select [auto]181# --with-yielding-select with implicitly yielding select [auto]
diff --git a/debian/control b/debian/control
index fa7c8a1..f8060d2 100644
--- a/debian/control
+++ b/debian/control
@@ -1,14 +1,16 @@
1Source: openldap1Source: openldap
2Section: net2Section: net
3Priority: optional3Priority: optional
4Maintainer: Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>4Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
5XSBC-Original-Maintainer: Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>
5Uploaders: Steve Langasek <vorlon@debian.org>,6Uploaders: Steve Langasek <vorlon@debian.org>,
6 Torsten Landschoff <torsten@debian.org>,7 Torsten Landschoff <torsten@debian.org>,
7 Ryan Tandy <ryan@nardis.ca>8 Ryan Tandy <ryan@nardis.ca>
8Build-Depends: debhelper (>= 10),9Build-Depends: debhelper (>= 10),
10 dh-apparmor,
9 dpkg-dev (>= 1.17.14),11 dpkg-dev (>= 1.17.14),
10 groff-base,12 groff-base,
11 heimdal-multidev (>= 7.4.0.dfsg.1-1~) <!pkg.openldap.noslapd>,13 heimdal-dev (>= 7.4.0.dfsg.1-1~) <!pkg.openldap.noslapd>,
12 libargon2-dev <!pkg.openldap.noslapd>,14 libargon2-dev <!pkg.openldap.noslapd>,
13 libdb5.3-dev <!pkg.openldap.noslapd>,15 libdb5.3-dev <!pkg.openldap.noslapd>,
14 libgnutls28-dev,16 libgnutls28-dev,
@@ -35,7 +37,7 @@ Depends: ${shlibs:Depends}, libldap-2.4-2 (= ${binary:Version}),
35 coreutils (>= 4.5.1-1), psmisc, perl:any (>> 5.8.0) | libmime-base64-perl,37 coreutils (>= 4.5.1-1), psmisc, perl:any (>> 5.8.0) | libmime-base64-perl,
36 adduser, lsb-base (>= 3.2-13), ${perl:Depends}, ${misc:Depends}38 adduser, lsb-base (>= 3.2-13), ${perl:Depends}, ${misc:Depends}
37Recommends: libsasl2-modules39Recommends: libsasl2-modules
38Suggests: ldap-utils,40Suggests: ldap-utils, ufw,
39 libsasl2-modules-gssapi-mit | libsasl2-modules-gssapi-heimdal41 libsasl2-modules-gssapi-mit | libsasl2-modules-gssapi-heimdal
40Conflicts: umich-ldapd, ldap-server, libltdl3 (= 1.5.4-1)42Conflicts: umich-ldapd, ldap-server, libltdl3 (= 1.5.4-1)
41Replaces: libldap2, ldap-utils (<< 2.2.23-3)43Replaces: libldap2, ldap-utils (<< 2.2.23-3)
diff --git a/debian/libldap-2.4-2.symbols b/debian/libldap-2.4-2.symbols
index d42ccec..55421bc 100644
--- a/debian/libldap-2.4-2.symbols
+++ b/debian/libldap-2.4-2.symbols
@@ -118,6 +118,7 @@ liblber-2.4.so.2 libldap-2.4-2 #MINVER#
118 ber_sockbuf_io_fd@OPENLDAP_2.4_2 2.4.7118 ber_sockbuf_io_fd@OPENLDAP_2.4_2 2.4.7
119 ber_sockbuf_io_readahead@OPENLDAP_2.4_2 2.4.7119 ber_sockbuf_io_readahead@OPENLDAP_2.4_2 2.4.7
120 ber_sockbuf_io_tcp@OPENLDAP_2.4_2 2.4.7120 ber_sockbuf_io_tcp@OPENLDAP_2.4_2 2.4.7
121 ber_sockbuf_io_udp@OPENLDAP_2.4_2 2.4.17-1ubuntu2
121 ber_sockbuf_remove_io@OPENLDAP_2.4_2 2.4.7122 ber_sockbuf_remove_io@OPENLDAP_2.4_2 2.4.7
122 ber_sos_dump@OPENLDAP_2.4_2 2.4.7123 ber_sos_dump@OPENLDAP_2.4_2 2.4.7
123 ber_start@OPENLDAP_2.4_2 2.4.7124 ber_start@OPENLDAP_2.4_2 2.4.7
@@ -280,6 +281,11 @@ libldap_r-2.4.so.2 libldap-2.4-2 #MINVER#
280 ldap_int_flush_request@OPENLDAP_2.4_2 2.4.7281 ldap_int_flush_request@OPENLDAP_2.4_2 2.4.7
281 ldap_int_global_options@OPENLDAP_2.4_2 2.4.7282 ldap_int_global_options@OPENLDAP_2.4_2 2.4.7
282 ldap_int_gmtime_mutex@OPENLDAP_2.4_2 2.4.23283 ldap_int_gmtime_mutex@OPENLDAP_2.4_2 2.4.23
284 ldap_int_gssapi_close@OPENLDAP_2.4_2 2.4.18-0ubuntu2
285 ldap_int_gssapi_config@OPENLDAP_2.4_2 2.4.18-0ubuntu2
286 ldap_int_gssapi_get_option@OPENLDAP_2.4_2 2.4.18-0ubuntu2
287 ldap_int_gssapi_mutex@OPENLDAP_2.4_2 2.4.18-0ubuntu2
288 ldap_int_gssapi_set_option@OPENLDAP_2.4_2 2.4.18-0ubuntu2
283 ldap_int_hostname@OPENLDAP_2.4_2 2.4.7289 ldap_int_hostname@OPENLDAP_2.4_2 2.4.7
284 ldap_int_hostname_mutex@OPENLDAP_2.4_2 2.4.39290 ldap_int_hostname_mutex@OPENLDAP_2.4_2 2.4.39
285 ldap_int_inet4or6@OPENLDAP_2.4_2 2.4.7291 ldap_int_inet4or6@OPENLDAP_2.4_2 2.4.7
@@ -312,6 +318,7 @@ libldap_r-2.4.so.2 libldap-2.4-2 #MINVER#
312 ldap_int_tls_start@OPENLDAP_2.4_2 2.4.7318 ldap_int_tls_start@OPENLDAP_2.4_2 2.4.7
313 ldap_int_utils_init@OPENLDAP_2.4_2 2.4.7319 ldap_int_utils_init@OPENLDAP_2.4_2 2.4.7
314 ldap_is_ldap_url@OPENLDAP_2.4_2 2.4.7320 ldap_is_ldap_url@OPENLDAP_2.4_2 2.4.7
321 ldap_is_ldapc_url@OPENLDAP_2.4_2 2.4.17-1ubuntu2
315 ldap_is_ldapi_url@OPENLDAP_2.4_2 2.4.7322 ldap_is_ldapi_url@OPENLDAP_2.4_2 2.4.7
316 ldap_is_ldaps_url@OPENLDAP_2.4_2 2.4.7323 ldap_is_ldaps_url@OPENLDAP_2.4_2 2.4.7
317 ldap_is_read_ready@OPENLDAP_2.4_2 2.4.7324 ldap_is_read_ready@OPENLDAP_2.4_2 2.4.7
diff --git a/debian/patches/contrib-makefiles b/debian/patches/contrib-makefiles
index 0aea4c3..bf04e60 100644
--- a/debian/patches/contrib-makefiles
+++ b/debian/patches/contrib-makefiles
@@ -183,3 +183,24 @@
183 -rpath $(moduledir) -module -o $@ $? $(LIBS)183 -rpath $(moduledir) -module -o $@ $? $(LIBS)
184 184
185 clean:185 clean:
186--- a/contrib/slapd-modules/nssov/Makefile
187+++ b/contrib/slapd-modules/nssov/Makefile
188@@ -52,15 +52,15 @@
189 .SUFFIXES: .c .o .lo
190
191 .c.lo:
192- $(LIBTOOL) --mode=compile $(CC) $(OPT) $(DEFS) $(INCS) -c $<
193+ $(LIBTOOL) --mode=compile $(CC) $(CFLAGS) $(CPPFLAGS) $(DEFS) $(INCS) -c $<
194
195 tio.lo: nss-pam-ldapd/tio.c
196- $(LIBTOOL) --mode=compile $(CC) $(OPT) $(DEFS) $(INCS) -c $?
197+ $(LIBTOOL) --mode=compile $(CC) $(CFLAGS) $(CPPFLAGS) $(DEFS) $(INCS) -c $?
198
199 $(OBJS): nssov.h
200
201 nssov.la: $(OBJS) $(XOBJS)
202- $(LIBTOOL) --mode=link $(CC) $(OPT) -version-info 0:0:0 \
203+ $(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -version-info 0:0:0 \
204 -rpath $(moduledir) -module -o $@ $(OBJS) $(XOBJS) $(LIBS)
205
206 install: nssov.la
diff --git a/debian/patches/fix_test_timing.patch b/debian/patches/fix_test_timing.patch
186new file mode 100644207new file mode 100644
index 0000000..bc57140
--- /dev/null
+++ b/debian/patches/fix_test_timing.patch
@@ -0,0 +1,27 @@
1Description: fix test timing on slow builders such as riscv64
2Author: Marc Deslauriers <marc.deslauriers@canonical.com>
3
4--- a/tests/data/ppolicy.ldif
5+++ b/tests/data/ppolicy.ldif
6@@ -25,7 +25,7 @@ pwdLockoutDuration: 15
7 pwdInHistory: 6
8 pwdCheckQuality: 2
9 pwdExpireWarning: 10
10-pwdMaxAge: 30
11+pwdMaxAge: 40
12 pwdMinLength: 5
13 pwdGraceAuthnLimit: 3
14 pwdAllowUserChange: TRUE
15--- a/tests/scripts/test022-ppolicy
16+++ b/tests/scripts/test022-ppolicy
17@@ -100,8 +100,8 @@ if test $RC != 0 ; then
18 fi
19
20 echo "Testing password expiration"
21-echo "Waiting 20 seconds for password to expire..."
22-sleep 20
23+echo "Waiting 40 seconds for password to expire..."
24+sleep 40
25
26 $LDAPSEARCH -e ppolicy -h $LOCALHOST -p $PORT1 -D "$USER" -w $PASS \
27 -b "$BASEDN" -s base > $SEARCHOUT 2>&1
diff --git a/debian/patches/gssapi.diff b/debian/patches/gssapi.diff
0new file mode 10064428new file mode 100644
index 0000000..5bcf266
--- /dev/null
+++ b/debian/patches/gssapi.diff
@@ -0,0 +1,140 @@
1--- a/configure.in
2+++ b/configure.in
3@@ -244,6 +244,8 @@
4 auto, [auto yes no] )
5 OL_ARG_WITH(fetch,[ --with-fetch with fetch(3) URL support],
6 auto, [auto yes no] )
7+OL_ARG_WITH(gssapi,[ --with-gssapi with GSSAPI support],
8+ auto, [auto yes no] )
9 OL_ARG_WITH(threads,[ --with-threads with threads],
10 auto, [auto nt posix mach pth lwp yes no manual] )
11 OL_ARG_WITH(tls,[ --with-tls with TLS/SSL support auto|openssl|gnutls|moznss],
12@@ -591,6 +593,7 @@
13 KRB4_LIBS=
14 KRB5_LIBS=
15 SASL_LIBS=
16+GSSAPI_LIBS=
17 TLS_LIBS=
18 MODULES_LIBS=
19 SLAPI_LIBS=
20@@ -1153,6 +1156,63 @@
21 fi
22
23 dnl ----------------------------------------------------------------
24+dnl GSSAPI
25+ol_link_gssapi=no
26+
27+case $ol_with_gssapi in yes | auto)
28+
29+ ol_header_gssapi=no
30+ AC_CHECK_HEADERS(gssapi/gssapi.h)
31+ if test $ac_cv_header_gssapi_gssapi_h = yes ; then
32+ ol_header_gssapi=yes
33+ else
34+ AC_CHECK_HEADERS(gssapi.h)
35+ if test $ac_cv_header_gssapi_h = yes ; then
36+ ol_header_gssapi=yes
37+ fi
38+
39+ dnl## not every gssapi has gss_oid_to_str()
40+ dnl## as it's not defined in the GSSAPI V2 API
41+ dnl## anymore
42+ saveLIBS="$LIBS"
43+ LIBS="$LIBS $GSSAPI_LIBS"
44+ AC_CHECK_FUNCS(gss_oid_to_str)
45+ LIBS="$saveLIBS"
46+ fi
47+
48+ if test $ol_header_gssapi = yes ; then
49+ dnl## we check for gss_wrap
50+ dnl## as it's new to the GSSAPI V2 API
51+ AC_CHECK_LIB(gssapi, gss_wrap,
52+ [ol_link_gssapi=yes;GSSAPI_LIBS="-lgssapi"],
53+ [ol_link_gssapi=no])
54+ if test $ol_link_gssapi != yes ; then
55+ AC_CHECK_LIB(gssapi_krb5, gss_wrap,
56+ [ol_link_gssapi=yes;GSSAPI_LIBS="-lgssapi_krb5"],
57+ [ol_link_gssapi=no])
58+ fi
59+ if test $ol_link_gssapi != yes ; then
60+ AC_CHECK_LIB(gss, gss_wrap,
61+ [ol_link_gssapi=yes;GSSAPI_LIBS="-lgss"],
62+ [ol_link_gssapi=no])
63+ fi
64+ fi
65+
66+ ;;
67+esac
68+
69+WITH_GSSAPI=no
70+if test $ol_link_gssapi = yes; then
71+ AC_DEFINE(HAVE_GSSAPI, 1, [define if you have GSSAPI])
72+ WITH_GSSAPI=yes
73+elif test $ol_with_gssapi = auto ; then
74+ AC_MSG_WARN([Could not locate GSSAPI package])
75+ AC_MSG_WARN([GSSAPI authentication not supported!])
76+elif test $ol_with_gssapi = yes ; then
77+ AC_MSG_ERROR([GSSAPI detection failed])
78+fi
79+
80+dnl ----------------------------------------------------------------
81 dnl TLS/SSL
82
83 if test $ol_with_tls = yes ; then
84@@ -1928,6 +1988,13 @@
85 fi
86 AC_SUBST(VERSION_OPTION)
87
88+VERSION_OPTION=""
89+OL_SYMBOL_VERSIONING
90+if test $ol_cv_ld_version_script_option = yes ; then
91+ VERSION_OPTION="-Wl,--version-script="
92+fi
93+AC_SUBST(VERSION_OPTION)
94+
95 dnl ----------------------------------------------------------------
96 if test $ol_enable_wrappers != no ; then
97 AC_CHECK_HEADERS(tcpd.h,[
98@@ -3159,6 +3226,7 @@
99 AC_SUBST(KRB4_LIBS)
100 AC_SUBST(KRB5_LIBS)
101 AC_SUBST(SASL_LIBS)
102+AC_SUBST(GSSAPI_LIBS)
103 AC_SUBST(TLS_LIBS)
104 AC_SUBST(MODULES_LIBS)
105 AC_SUBST(SLAPI_LIBS)
106--- a/include/portable.hin
107+++ b/include/portable.hin
108@@ -253,6 +253,18 @@
109 /* Define to 1 if you have the <grp.h> header file. */
110 #undef HAVE_GRP_H
111
112+/* define if you have GSSAPI */
113+#undef HAVE_GSSAPI
114+
115+/* Define to 1 if you have the <gssapi/gssapi.h> header file. */
116+#undef HAVE_GSSAPI_GSSAPI_H
117+
118+/* Define to 1 if you have the <gssapi.h> header file. */
119+#undef HAVE_GSSAPI_H
120+
121+/* Define to 1 if you have the `gss_oid_to_str' function. */
122+#undef HAVE_GSS_OID_TO_STR
123+
124 /* Define to 1 if you have the `hstrerror' function. */
125 #undef HAVE_HSTRERROR
126
127--- a/build/top.mk
128+++ b/build/top.mk
129@@ -190,9 +190,10 @@
130 KRB5_LIBS = @KRB5_LIBS@
131 KRB_LIBS = @KRB4_LIBS@ @KRB5_LIBS@
132 SASL_LIBS = @SASL_LIBS@
133+GSSAPI_LIBS = @GSSAPI_LIBS@
134 TLS_LIBS = @TLS_LIBS@
135 AUTH_LIBS = @AUTH_LIBS@
136-SECURITY_LIBS = $(SASL_LIBS) $(KRB_LIBS) $(TLS_LIBS) $(AUTH_LIBS)
137+SECURITY_LIBS = $(SASL_LIBS) $(KRB_LIBS) $(GSSAPI_LIBS) $(TLS_LIBS) $(AUTH_LIBS)
138
139 MODULES_CPPFLAGS = @SLAPD_MODULES_CPPFLAGS@
140 MODULES_LDFLAGS = @SLAPD_MODULES_LDFLAGS@
diff --git a/debian/patches/series b/debian/patches/series
index 6181d9b..c93db6f 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -8,6 +8,7 @@ index-files-created-as-root
8sasl-default-path 8sasl-default-path
9libldap-symbol-versions9libldap-symbol-versions
10getaddrinfo-is-threadsafe10getaddrinfo-is-threadsafe
11gssapi.diff
11do-not-second-guess-sonames12do-not-second-guess-sonames
12contrib-makefiles13contrib-makefiles
13smbk5pwd-makefile-manpage14smbk5pwd-makefile-manpage
@@ -20,3 +21,4 @@ no-bdb-ABI-second-guessing
20ITS6035-olcauthzregex-needs-restart.patch21ITS6035-olcauthzregex-needs-restart.patch
21set-maintainer-name22set-maintainer-name
22ITS-9086-Add-debug-logging-for-more-GnuTLS-errors.patch23ITS-9086-Add-debug-logging-for-more-GnuTLS-errors.patch
24fix_test_timing.patch
diff --git a/debian/patches/set-maintainer-name b/debian/patches/set-maintainer-name
index 262b7ef..35f8f77 100644
--- a/debian/patches/set-maintainer-name
+++ b/debian/patches/set-maintainer-name
@@ -10,7 +10,7 @@
10-else10-else
11- WHOWHERE="$USER@$(uname -n):$(pwd)"11- WHOWHERE="$USER@$(uname -n):$(pwd)"
12-fi12-fi
13+WHOWHERE="Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>"13+WHOWHERE="${DEB_MAINTAINER:-openldap}"
14 14
15 cat << __EOF__15 cat << __EOF__
16 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.16 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
diff --git a/debian/rules b/debian/rules
index 1eb0d5b..30cf8e0 100755
--- a/debian/rules
+++ b/debian/rules
@@ -7,13 +7,17 @@ include /usr/share/dpkg/pkg-info.mk
7# want the checks for DFSG-freeness.7# want the checks for DFSG-freeness.
8#DFSG_NONFREE = 18#DFSG_NONFREE = 1
99
10export DEB_CFLAGS_MAINT_APPEND := -Wall -Wno-format-extra-args -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE10export DEB_CFLAGS_MAINT_APPEND := -Wall -Wno-format-extra-args -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE -DLDAP_CONNECTIONLESS -I/usr/include/heimdal
11export DEB_LDFLAGS_MAINT_APPEND := -L/usr/lib/$(DEB_HOST_MULTIARCH)/heimdal
11export DEB_BUILD_MAINT_OPTIONS := hardening=+pie,+bindnow12export DEB_BUILD_MAINT_OPTIONS := hardening=+pie,+bindnow
1213
13# Configure calls AM_INIT_AUTOMAKE, but Automake fails as there is no Makefile.am.14# Configure calls AM_INIT_AUTOMAKE, but Automake fails as there is no Makefile.am.
14# Tell dh-autoreconf to skip automake.15# Tell dh-autoreconf to skip automake.
15export AUTOMAKE = true16export AUTOMAKE = true
1617
18# Expose maintainer address to build/mkversion (see debian/patches/set-maintainer-name)
19export DEB_MAINTAINER := $(shell sed -ne 's/^Maintainer:\s\+//p' debian/control)
20
17# Expose DEB_VERSION to build/version.sh (see debian/patches/debian-version)21# Expose DEB_VERSION to build/version.sh (see debian/patches/debian-version)
18export DEB_VERSION22export DEB_VERSION
1923
@@ -28,7 +32,7 @@ ifneq ($(filter pkg.openldap.noslapd,$(DEB_BUILD_PROFILES)),)
28 CONFIG += --disable-slapd32 CONFIG += --disable-slapd
29endif33endif
3034
31CONTRIB_MODULES = autogroup lastbind passwd passwd/argon2 passwd/pbkdf2 passwd/sha2 smbk5pwd35CONTRIB_MODULES = autogroup lastbind nssov passwd passwd/argon2 passwd/pbkdf2 passwd/sha2 smbk5pwd
3236
33# Ensure CC is set correctly for cross builds, unless it has already 37# Ensure CC is set correctly for cross builds, unless it has already
34# been set explicitly.38# been set explicitly.
@@ -48,7 +52,8 @@ CONTRIB_MAKEVARS := \
48 LDAP_BUILD='$(builddir)' \52 LDAP_BUILD='$(builddir)' \
49 prefix=/usr \53 prefix=/usr \
50 ldap_subdir=/ldap \54 ldap_subdir=/ldap \
51 moduledir='$$(libdir)$$(ldap_subdir)'55 moduledir='$$(libdir)$$(ldap_subdir)' \
56 sysconfdir='/etc$$(ldap_subdir)'
5257
53# These variables are used only by get-orig-source, which will normally only58# These variables are used only by get-orig-source, which will normally only
54# be run by maintainers.59# be run by maintainers.
@@ -162,6 +167,22 @@ endif
162 find $(installdir)/usr/share/man -name \*.8 \167 find $(installdir)/usr/share/man -name \*.8 \
163 | xargs perl -pi -e 's#(\.TH \w+ 8)C#$$1#'168 | xargs perl -pi -e 's#(\.TH \w+ 8)C#$$1#'
164169
170ifeq ($(filter stage1,$(DEB_BUILD_PROFILES)),)
171override_dh_install-arch:
172 dh_install
173
174 # install AppArmor profile
175 install -D -m 644 $(CURDIR)/debian/apparmor-profile $(CURDIR)/debian/slapd/etc/apparmor.d/usr.sbin.slapd
176
177 # install Apport hook
178 install -D -m 644 $(CURDIR)/debian/slapd.py $(CURDIR)/debian/slapd/usr/share/apport/package-hooks/slapd.py
179
180 # install ufw profile
181 install -D -m 644 $(CURDIR)/debian/slapd.ufw.profile $(CURDIR)/debian/slapd/etc/ufw/applications.d/slapd
182
183 dh_apparmor -pslapd --profile-name=usr.sbin.slapd
184endif
185
165override_dh_installinit:186override_dh_installinit:
166 dh_installinit -- "defaults 19 80"187 dh_installinit -- "defaults 19 80"
167188
@@ -222,6 +243,8 @@ ifeq ($(filter pkg.openldap.noslapd,$(DEB_BUILD_PROFILES)),)
222 done; \243 done; \
223 fi244 fi
224245
246 rm -f contrib/slapd-modules/nssov/nss-pam-ldapd/config.sub contrib/slapd-modules/nssov/nss-pam-ldapd/config.guess
247
225 # Clean the contrib directory248 # Clean the contrib directory
226 for mod in $(CONTRIB_MODULES); do \249 for mod in $(CONTRIB_MODULES); do \
227 dh_auto_clean -Dcontrib/slapd-modules/$$mod -Bcontrib/slapd-modules/$$mod || exit $?; \250 dh_auto_clean -Dcontrib/slapd-modules/$$mod -Bcontrib/slapd-modules/$$mod || exit $?; \
diff --git a/debian/slapd.README.Debian b/debian/slapd.README.Debian
index a43dfe4..216e6ac 100644
--- a/debian/slapd.README.Debian
+++ b/debian/slapd.README.Debian
@@ -204,8 +204,8 @@ Running slapd under a Different UID/GID
204204
205 - Tell linux slapd can access configuration files -- usually:205 - Tell linux slapd can access configuration files -- usually:
206206
207 chgrp <group> /etc/ldap/slapd.conf207 chgrp -R <group> /etc/ldap/slapd.d
208 chmod 0640 /etc/ldap/slapd.conf208 chmod -R g+rX /etc/ldap/slapd.d
209209
210 - Tell linux slapd can access /var/run/slapd and write a PID file:210 - Tell linux slapd can access /var/run/slapd and write a PID file:
211211
@@ -339,3 +339,14 @@ Unsafe access control rule installed by default in previous versions
339 slapd.access(5) man page.339 slapd.access(5) man page.
340340
341 -- Ryan Tandy <ryan@nardis.ca>, Mon, 20 Oct 2014 11:45:20 -0700341 -- Ryan Tandy <ryan@nardis.ca>, Mon, 20 Oct 2014 11:45:20 -0700
342