Ubuntu
openldap package

Merge ~ahasenack/ubuntu/+source/openldap:groovy-openldap-2453 into ubuntu/+source/openldap:debian/sid

  1. Git
  2. lp:~ahasenack/ubuntu/+source/openldap
  3. groovy-openldap-2453
  4. Merge into debian/sid
Proposed by Andreas Hasenack
Status: Merged
Approved by: Andreas Hasenack
Approved revision: 8de5b8ff7d4548766d92eeedde3a2bd4721865b4
Merge reported by: Christian Ehrhardt 
Merged at revision: 8de5b8ff7d4548766d92eeedde3a2bd4721865b4
Proposed branch: ~ahasenack/ubuntu/+source/openldap:groovy-openldap-2453
Merge into: ubuntu/+source/openldap:debian/sid
Diff against target: 3463 lines (+3005/-7)
15 files modified
debian/apparmor-profile (+61/-0)
debian/changelog (+2643/-0)
debian/configure.options (+1/-0)
debian/control (+5/-3)
debian/libldap-2.4-2.symbols (+7/-0)
debian/patches/contrib-makefiles (+21/-0)
debian/patches/fix_test_timing.patch (+27/-0)
debian/patches/gssapi.diff (+140/-0)
debian/patches/series (+2/-0)
debian/rules (+24/-4)
debian/slapd.README.Debian (+11/-0)
debian/slapd.install (+2/-0)
debian/slapd.manpages (+1/-0)
debian/slapd.py (+51/-0)
debian/slapd.ufw.profile (+9/-0)
Reviewer Review Type Date Requested Status
Christian Ehrhardt  (community) Approve
Canonical Server Pending
Review via email: mp+390398@code.launchpad.net

Description of the change

Quick merge from debian, updating to new upstream 2.4.53 which fixes multiple crashes. See https://<email address hidden>/thread/NKOM6DI7RQY6FDLRZGSGYJSGONKIRFEP/ for a quick reference to one.

Since there are also other changes adding features, I filed a bug to request a FFe, and, if this MP is approved, will only upload after the release team grants the FFe. I still have to fill the details in.

PPA, still building: https://launchpad.net/~ahasenack/+archive/ubuntu/openldap-2453

To post a comment you must log in.
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

:-/ No one got to this yet as I'd have hoped.
Well let me give this review a shot ...

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

The Delta is retained as-is and I was ok with it on the last merge.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

The FFe bug is one of the most awesome, detailed and good FFe bugs I've ever seen - I expect it to be approved soon.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Changelog entries all LGTM

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Git range diff confirms what I've already seen in changelog.
This is really just a rebase onto he new version.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Builds are complete and have no too concerning warnings/error or other suspicious entries (the few that are there we discussed on the last merge and we can't do anything about them).

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Overall LGTM +1

review: Approve
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Switching status to "approved", but holding off uploading until the FFe is also approved.

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

FFe approved

Tagging and uploading 8de5b8ff7d4548766d92eeedde3a2bd4721865b4

$ git push pkg upload/2.4.53+dfsg-1ubuntu1
Enumerating objects: 77, done.
Counting objects: 100% (77/77), done.
Delta compression using up to 4 threads
Compressing objects: 100% (62/62), done.
Writing objects: 100% (64/64), 26.53 KiB | 3.32 MiB/s, done.
Total 64 (delta 47), reused 6 (delta 2)
To ssh://git.launchpad.net/~usd-import-team/ubuntu/+source/openldap
 * [new tag] upload/2.4.53+dfsg-1ubuntu1 -> upload/2.4.53+dfsg-1ubuntu1

$ dput ubuntu ../openldap_2.4.53+dfsg-1ubuntu1_source.changes
Checking signature on .changes
gpg: ../openldap_2.4.53+dfsg-1ubuntu1_source.changes: Valid signature from AC983EB5BF6BCBA9
Checking signature on .dsc
gpg: ../openldap_2.4.53+dfsg-1ubuntu1.dsc: Valid signature from AC983EB5BF6BCBA9
Package includes an .orig.tar.gz file although the debian revision suggests
that it might not be required. Multiple uploads of the .orig.tar.gz may be
rejected by the upload queue management software.
Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading openldap_2.4.53+dfsg-1ubuntu1.dsc: done.
  Uploading openldap_2.4.53+dfsg.orig.tar.gz: done.
  Uploading openldap_2.4.53+dfsg-1ubuntu1.debian.tar.xz: done.
  Uploading openldap_2.4.53+dfsg-1ubuntu1_source.buildinfo: done.
  Uploading openldap_2.4.53+dfsg-1ubuntu1_source.changes: done.
Successfully uploaded packages.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Merged
 openldap | 2.4.53+dfsg-1ubuntu1 | groovy | source

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/apparmor-profile b/debian/apparmor-profile
2new file mode 100644
3index 0000000..9e1070f
4--- /dev/null
5+++ b/debian/apparmor-profile
6@@ -0,0 +1,61 @@
7+# vim:syntax=apparmor
8+# Last Modified: Fri Jun 6 13:51:00 2020
9+# Author: Jamie Strandboge <jamie@ubuntu.com>
10+
11+#include <tunables/global>
12+
13+/usr/sbin/slapd {
14+ #include <abstractions/base>
15+ #include <abstractions/nameservice>
16+ #include <abstractions/p11-kit>
17+
18+ #include <abstractions/ssl_certs>
19+ /etc/ssl/private/ r,
20+ /etc/ssl/private/* r,
21+
22+ /etc/sasldb2 r,
23+
24+ capability dac_override,
25+ capability net_bind_service,
26+ capability setgid,
27+ capability setuid,
28+
29+ /etc/gai.conf r,
30+ /etc/hosts.allow r,
31+ /etc/hosts.deny r,
32+
33+ # ldap files
34+ /etc/ldap/** kr,
35+ /etc/ldap/slapd.d/** rw,
36+
37+ # kerberos/gssapi
38+ /dev/tty rw,
39+ /etc/gss/mech.d/ r,
40+ /etc/gss/mech.d/* kr,
41+ /etc/krb5.keytab kr,
42+ /etc/krb5/user/*/client.keytab kr,
43+ owner /tmp/krb5cc_* rwk,
44+ /var/tmp/ rw,
45+ /var/tmp/** rw,
46+
47+ # the databases and logs
48+ /var/lib/ldap/ r,
49+ /var/lib/ldap/** rwk,
50+
51+ # lock file
52+ /var/lib/ldap/alock kw,
53+
54+ # pid files and sockets
55+ /{,var/}run/slapd/* w,
56+ /{,var/}run/slapd/ldapi rw,
57+ /{,var/}run/nslcd/socket rw,
58+ /{,var/}run/saslauthd/mux rw,
59+
60+ /usr/lib/ldap/ r,
61+ /usr/lib/ldap/* mr,
62+
63+ /usr/sbin/slapd mr,
64+
65+ # Site-specific additions and overrides. See local/README for details.
66+ #include <local/usr.sbin.slapd>
67+}
68diff --git a/debian/changelog b/debian/changelog
69index 7cafa02..2610ddb 100644
70--- a/debian/changelog
71+++ b/debian/changelog
72@@ -1,9 +1,112 @@
73+openldap (2.4.53+dfsg-1ubuntu1) groovy; urgency=medium
74+
75+ * Merge with Debian unstable (LP: #1894838). Remaining changes:
76+ - Enable AppArmor support:
77+ + d/apparmor-profile: add AppArmor profile
78+ + d/rules: use dh_apparmor
79+ + d/control: Build-Depends on dh-apparmor
80+ + d/slapd.README.Debian: add note about AppArmor
81+ - Enable GSSAPI support (first added in 2.4.18-0ubuntu2):
82+ + d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
83+ - Add --with-gssapi support
84+ - Make guess_service_principal() more robust when determining
85+ principal
86+ + d/configure.options: Configure with --with-gssapi
87+ + d/control: Added heimdal-dev as a build depend
88+ + d/rules:
89+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
90+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
91+ + d/libldap-2.4-2.symbols: add symbols for GSSAPI support
92+ This should be dropped when the soname changes.
93+ - Enable ufw support:
94+ + d/control: suggest ufw.
95+ + d/rules: install ufw profile.
96+ + d/slapd.ufw.profile: add ufw profile.
97+ - Enable nss overlay:
98+ + d/rules:
99+ - add nssov to CONTRIB_MODULES
100+ - add sysconfdir to CONTRIB_MAKEVARS
101+ + d/slapd.install: install nssov overlay
102+ + d/slapd.manpages: install slapo-nssov(5) man page
103+ + d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
104+ Debian bug #919136, we also have to patch the nssov makefile
105+ accordingly and thus update this patch.
106+ - d/{rules,slapd.py}: Add apport hook.
107+ - Add support for CLDAP (UDP) support, back then required by
108+ likewise-open (first enabled in 2.4.17-1ubuntu2):
109+ + d/rules: Enable -DLDAP_CONNECTIONLESS
110+ + d/libldap-2.4-2.symbols: add symbols for CLDAP (UDP)
111+ This should be dropped when the soname changes.
112+ - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because
113+ of test timing issue.
114+ - d/rules: better regexp to match the Maintainer tag in d/control,
115+ needed in the Ubuntu case because of XSBC-Original-Maintainer
116+ (Closes #960448, LP #1875697)
117+
118+ -- Andreas Hasenack <andreas@canonical.com> Tue, 08 Sep 2020 09:36:58 -0300
119+
120 openldap (2.4.53+dfsg-1) unstable; urgency=medium
121
122 * New upstream release.
123
124 -- Ryan Tandy <ryan@nardis.ca> Mon, 07 Sep 2020 09:47:28 -0700
125
126+openldap (2.4.51+dfsg-1ubuntu1) groovy; urgency=medium
127+
128+ * Merge with Debian unstable. Remaining changes:
129+ - Enable AppArmor support:
130+ + d/apparmor-profile: add AppArmor profile
131+ + d/rules: use dh_apparmor
132+ + d/control: Build-Depends on dh-apparmor
133+ + d/slapd.README.Debian: add note about AppArmor
134+ - Enable GSSAPI support (first added in 2.4.18-0ubuntu2):
135+ + d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
136+ - Add --with-gssapi support
137+ - Make guess_service_principal() more robust when determining
138+ principal
139+ + d/configure.options: Configure with --with-gssapi
140+ + d/control: Added heimdal-dev as a build depend
141+ + d/rules:
142+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
143+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
144+ + d/libldap-2.4-2.symbols: add symbols for GSSAPI support
145+ This should be dropped when the soname changes.
146+ - Enable ufw support:
147+ + d/control: suggest ufw.
148+ + d/rules: install ufw profile.
149+ + d/slapd.ufw.profile: add ufw profile.
150+ - Enable nss overlay:
151+ + d/rules:
152+ - add nssov to CONTRIB_MODULES
153+ - add sysconfdir to CONTRIB_MAKEVARS
154+ + d/slapd.install: install nssov overlay
155+ + d/slapd.manpages: install slapo-nssov(5) man page
156+ + d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
157+ Debian bug #919136, we also have to patch the nssov makefile
158+ accordingly and thus update this patch.
159+ - d/{rules,slapd.py}: Add apport hook.
160+ - Add support for CLDAP (UDP) support, back then required by
161+ likewise-open (first enabled in 2.4.17-1ubuntu2):
162+ + d/rules: Enable -DLDAP_CONNECTIONLESS
163+ + d/libldap-2.4-2.symbols: add symbols for CLDAP (UDP)
164+ This should be dropped when the soname changes.
165+ - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because
166+ of test timing issue.
167+ - d/rules: better regexp to match the Maintainer tag in d/control,
168+ needed in the Ubuntu case because of XSBC-Original-Maintainer
169+ (Closes #960448, LP #1875697)
170+ * Dropped:
171+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
172+ [In 2.4.51+dfsg-1]
173+ - d/slapd.scripts-common:
174+ + add slapcat_opts to local variables.
175+ + Fix backup directory naming for multiple reconfiguration.
176+ [In 2.4.51+dfsg-1]
177+ - debian/patches/set-maintainer-name: our d/rules change needs to
178+ be kept, but this patch is in 2.4.51+dfsg-1.
179+
180+ -- Andreas Hasenack <andreas@canonical.com> Wed, 26 Aug 2020 11:03:24 -0300
181+
182 openldap (2.4.51+dfsg-1) unstable; urgency=medium
183
184 * New upstream release.
185@@ -49,6 +152,85 @@ openldap (2.4.51+dfsg-1) unstable; urgency=medium
186
187 -- Ryan Tandy <ryan@nardis.ca> Sun, 23 Aug 2020 11:09:57 -0700
188
189+openldap (2.4.50+dfsg-1ubuntu3) groovy; urgency=medium
190+
191+ * No change rebuild against new libnettle8 and libhogweed6 ABI.
192+
193+ -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 29 Jun 2020 22:31:30 +0100
194+
195+openldap (2.4.50+dfsg-1ubuntu2) groovy; urgency=medium
196+
197+ * d/apparmor-profile: Update apparmor profile to grant access to
198+ the saslauthd socket, so that SASL authentication works. (LP: #1557157)
199+
200+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Fri, 12 Jun 2020 18:20:42 -0400
201+
202+openldap (2.4.50+dfsg-1ubuntu1) groovy; urgency=medium
203+
204+ * Merge with Debian unstable. Remaining changes:
205+ - Enable AppArmor support:
206+ + d/apparmor-profile: add AppArmor profile
207+ + d/rules: use dh_apparmor
208+ + d/control: Build-Depends on dh-apparmor
209+ + d/slapd.README.Debian: add note about AppArmor
210+ - Enable GSSAPI support (first added in 2.4.18-0ubuntu2):
211+ + d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
212+ - Add --with-gssapi support
213+ - Make guess_service_principal() more robust when determining
214+ principal
215+ + d/configure.options: Configure with --with-gssapi
216+ + d/control: Added heimdal-dev as a build depend
217+ + d/rules:
218+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
219+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
220+ + d/libldap-2.4-2.symbols: add symbols for GSSAPI support
221+ This should be dropped when the soname changes.
222+ - Enable ufw support:
223+ + d/control: suggest ufw.
224+ + d/rules: install ufw profile.
225+ + d/slapd.ufw.profile: add ufw profile.
226+ - Enable nss overlay:
227+ + d/rules:
228+ - add nssov to CONTRIB_MODULES
229+ - add sysconfdir to CONTRIB_MAKEVARS
230+ + d/slapd.install:
231+ - install nssov overlay
232+ + d/slapd.manpages:
233+ - install slapo-nssov(5) man page
234+ + d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
235+ Debian bug #919136, we also have to patch the nssov makefile
236+ accordingly and thus update this patch.
237+ - d/{rules,slapd.py}: Add apport hook.
238+ - d/slapd.scripts-common:
239+ + add slapcat_opts to local variables.
240+ + Fix backup directory naming for multiple reconfiguration.
241+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
242+ - Add support for CLDAP (UDP) support, back then required by
243+ likewise-open (first enabled in 2.4.17-1ubuntu2):
244+ + d/rules: Enable -DLDAP_CONNECTIONLESS
245+ + d/libldap-2.4-2.symbols: add symbols for CLDAP (UDP)
246+ This should be dropped when the soname changes.
247+ - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because
248+ of test timing issue.
249+ * Dropped:
250+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
251+ either the default DIT nor via an Authn mapping.
252+ [Not worth keeping a delta for, as having olcRootDN doesn't hurt]
253+ - Show distribution in version:
254+ - d/control: added lsb-release
255+ - d/patches/fix-ldap-distribution.patch: show distribution in version
256+ [Debian now shows the full package version]
257+ - SECURITY UPDATE: denial of service via nested search filters
258+ + debian/patches/CVE-2020-12243.patch: limit depth of nested
259+ filters in servers/slapd/filter.c.
260+ [Fixed upstream]
261+ * Added:
262+ - d/rules, debian/patches/set-maintainer-name: Extract maintainer
263+ address dynamically from debian/control. Thanks to Ryan Tandy
264+ <ryan@nardis.ca> (Closes: #960448, LP: #1875697)
265+
266+ -- Andreas Hasenack <andreas@canonical.com> Mon, 01 Jun 2020 09:19:58 -0300
267+
268 openldap (2.4.50+dfsg-1) unstable; urgency=medium
269
270 * New upstream release.
271@@ -91,6 +273,69 @@ openldap (2.4.49+dfsg-3) unstable; urgency=medium
272
273 -- Ryan Tandy <ryan@nardis.ca> Sat, 04 Apr 2020 10:43:56 -0700
274
275+openldap (2.4.49+dfsg-2ubuntu2) groovy; urgency=medium
276+
277+ * SECURITY UPDATE: denial of service via nested search filters
278+ - debian/patches/CVE-2020-12243.patch: limit depth of nested filters in
279+ servers/slapd/filter.c.
280+ - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because of
281+ test timing issue.
282+ - CVE-2020-12243
283+
284+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 01 May 2020 13:09:12 -0400
285+
286+openldap (2.4.49+dfsg-2ubuntu1) focal; urgency=medium
287+
288+ * Merge with Debian unstable (LP: #1866303). Remaining changes:
289+ - Enable AppArmor support:
290+ - d/apparmor-profile: add AppArmor profile
291+ - d/rules: use dh_apparmor
292+ - d/control: Build-Depends on dh-apparmor
293+ - d/slapd.README.Debian: add note about AppArmor
294+ - Enable GSSAPI support:
295+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
296+ - Add --with-gssapi support
297+ - Make guess_service_principal() more robust when determining
298+ principal
299+ [Dropped the ldap_gssapi_bind_s() hunk as that is already
300+ - d/configure.options: Configure with --with-gssapi
301+ - d/control: Added heimdal-dev as a build depend
302+ - d/rules:
303+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
304+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
305+ - Enable ufw support:
306+ - d/control: suggest ufw.
307+ - d/rules: install ufw profile.
308+ - d/slapd.ufw.profile: add ufw profile.
309+ - Enable nss overlay:
310+ - d/rules:
311+ - add nssov to CONTRIB_MODULES
312+ - add sysconfdir to CONTRIB_MAKEVARS
313+ - d/slapd.install:
314+ - install nssov overlay
315+ - d/slapd.manpages:
316+ - install slapo-nssov(5) man page
317+ - d/{rules,slapd.py}: Add apport hook.
318+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
319+ either the default DIT nor via an Authn mapping.
320+ - d/slapd.scripts-common:
321+ - add slapcat_opts to local variables.
322+ - Fix backup directory naming for multiple reconfiguration.
323+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
324+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
325+ in the openldap library, as required by Likewise-Open
326+ - Show distribution in version:
327+ - d/control: added lsb-release
328+ - d/patches/fix-ldap-distribution.patch: show distribution in version
329+ - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
330+ - CLDAP (UDP) was added in 2.4.17-1ubuntu2
331+ - GSSAPI support was enabled in 2.4.18-0ubuntu2
332+ - d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
333+ Debian bug #919136, we also have to patch the nssov makefile
334+ accordingly and thus update this patch.
335+
336+ -- Andreas Hasenack <andreas@canonical.com> Fri, 06 Mar 2020 11:39:12 -0300
337+
338 openldap (2.4.49+dfsg-2) unstable; urgency=medium
339
340 * slapd.README.Debian: Document the initial setup performed by slapd's
341@@ -102,6 +347,62 @@ openldap (2.4.49+dfsg-2) unstable; urgency=medium
342
343 -- Ryan Tandy <ryan@nardis.ca> Thu, 05 Mar 2020 12:59:46 -0800
344
345+openldap (2.4.49+dfsg-1ubuntu1) focal; urgency=medium
346+
347+ * Merge with Debian unstable. Remaining changes:
348+ - Enable AppArmor support:
349+ - d/apparmor-profile: add AppArmor profile
350+ - d/rules: use dh_apparmor
351+ - d/control: Build-Depends on dh-apparmor
352+ - d/slapd.README.Debian: add note about AppArmor
353+ - Enable GSSAPI support:
354+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
355+ - Add --with-gssapi support
356+ - Make guess_service_principal() more robust when determining
357+ principal
358+ [Dropped the ldap_gssapi_bind_s() hunk as that is already
359+ - d/configure.options: Configure with --with-gssapi
360+ - d/control: Added heimdal-dev as a build depend
361+ - d/rules:
362+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
363+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
364+ - Enable ufw support:
365+ - d/control: suggest ufw.
366+ - d/rules: install ufw profile.
367+ - d/slapd.ufw.profile: add ufw profile.
368+ - Enable nss overlay:
369+ - d/rules:
370+ - add nssov to CONTRIB_MODULES
371+ - add sysconfdir to CONTRIB_MAKEVARS
372+ - d/slapd.install:
373+ - install nssov overlay
374+ - d/slapd.manpages:
375+ - install slapo-nssov(5) man page
376+ - d/{rules,slapd.py}: Add apport hook.
377+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
378+ either the default DIT nor via an Authn mapping.
379+ - d/slapd.scripts-common:
380+ - add slapcat_opts to local variables.
381+ - Fix backup directory naming for multiple reconfiguration.
382+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
383+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
384+ in the openldap library, as required by Likewise-Open
385+ - Show distribution in version:
386+ - d/control: added lsb-release
387+ - d/patches/fix-ldap-distribution.patch: show distribution in version
388+ - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
389+ - CLDAP (UDP) was added in 2.4.17-1ubuntu2
390+ - GSSAPI support was enabled in 2.4.18-0ubuntu2
391+ - d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
392+ Debian bug #919136, we also have to patch the nssov makefile
393+ accordingly and thus update this patch.
394+ * Dropped:
395+ - d/control: slapd can depend on perl:any since it only uses perl for
396+ some maintainer and helper scripts.
397+ [In 2.4.49+dfsg-1]
398+
399+ -- Andreas Hasenack <andreas@canonical.com> Mon, 10 Feb 2020 12:13:47 -0300
400+
401 openldap (2.4.49+dfsg-1) unstable; urgency=medium
402
403 * New upstream release.
404@@ -130,6 +431,102 @@ openldap (2.4.49+dfsg-1) unstable; urgency=medium
405
406 -- Ryan Tandy <ryan@nardis.ca> Thu, 06 Feb 2020 10:08:12 -0800
407
408+openldap (2.4.48+dfsg-1ubuntu4) focal; urgency=medium
409+
410+ * d/control: slapd can depend on perl:any since it only uses perl for
411+ some maintainer and helper scripts. The perl backend links against
412+ the correct architecture perl libraries already. Can be dropped
413+ after https://salsa.debian.org/openldap-team/openldap/commit/794c736
414+ is in a Debian upload.
415+
416+ -- Andreas Hasenack <andreas@canonical.com> Mon, 06 Jan 2020 16:46:11 -0300
417+
418+openldap (2.4.48+dfsg-1ubuntu3) focal; urgency=medium
419+
420+ * No-change rebuild against libnettle7
421+
422+ -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 31 Oct 2019 22:13:44 +0000
423+
424+openldap (2.4.48+dfsg-1ubuntu2) focal; urgency=medium
425+
426+ * No-change rebuild for the perl update.
427+
428+ -- Matthias Klose <doko@ubuntu.com> Fri, 18 Oct 2019 19:37:23 +0000
429+
430+openldap (2.4.48+dfsg-1ubuntu1) eoan; urgency=medium
431+
432+ * Merge with Debian unstable. Remaining changes:
433+ - Enable AppArmor support:
434+ - d/apparmor-profile: add AppArmor profile
435+ - d/rules: use dh_apparmor
436+ - d/control: Build-Depends on dh-apparmor
437+ - d/slapd.README.Debian: add note about AppArmor
438+ - Enable GSSAPI support:
439+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
440+ - Add --with-gssapi support
441+ - Make guess_service_principal() more robust when determining
442+ principal
443+ - d/configure.options: Configure with --with-gssapi
444+ - d/control: Added heimdal-dev as a build depend
445+ - d/rules:
446+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
447+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
448+ - Enable ufw support:
449+ - d/control: suggest ufw.
450+ - d/rules: install ufw profile.
451+ - d/slapd.ufw.profile: add ufw profile.
452+ - Enable nss overlay:
453+ - d/rules:
454+ - add nssov to CONTRIB_MODULES
455+ - add sysconfdir to CONTRIB_MAKEVARS
456+ - d/slapd.install:
457+ - install nssov overlay
458+ - d/slapd.manpages:
459+ - install slapo-nssov(5) man page
460+ - d/{rules,slapd.py}: Add apport hook.
461+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
462+ either the default DIT nor via an Authn mapping.
463+ - d/slapd.scripts-common:
464+ - add slapcat_opts to local variables.
465+ - Fix backup directory naming for multiple reconfiguration.
466+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
467+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
468+ in the openldap library, as required by Likewise-Open
469+ - Show distribution in version:
470+ - d/control: added lsb-release
471+ - d/patches/fix-ldap-distribution.patch: show distribution in version
472+ - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
473+ - CLDAP (UDP) was added in 2.4.17-1ubuntu2
474+ - GSSAPI support was enabled in 2.4.18-0ubuntu2
475+ - d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
476+ Debian bug #919136, we also have to patch the nssov makefile
477+ accordingly and thus update this patch.
478+ * Dropped:
479+ - Fix sysv-generator unit file by customizing parameters (LP #1821343)
480+ + d/slapd-remain-after-exit.conf: Override RemainAfterExit to allow
481+ correct systemctl status for slapd daemon.
482+ + d/slapd.install: place override file in correct location.
483+ [Included in 2.4.48+dfsg-1]
484+ - SECURITY UPDATE: rootDN proxyauthz not restricted to its own databases
485+ + debian/patches/CVE-2019-13057-1.patch: add restriction to
486+ servers/slapd/saslauthz.c.
487+ + debian/patches/CVE-2019-13057-2.patch: add tests to
488+ tests/data/idassert.out, tests/data/slapd-idassert.conf,
489+ tests/data/test-idassert1.ldif, tests/scripts/test028-idassert.
490+ + debian/patches/CVE-2019-13057-3.patch: fix typo in
491+ tests/scripts/test028-idassert.
492+ + debian/patches/CVE-2019-13057-4.patch: fix typo in
493+ tests/scripts/test028-idassert.
494+ + CVE-2019-13057
495+ [Fixed upstream]
496+ - SECURITY UPDATE: SASL SSF not initialized per connection
497+ + debian/patches/CVE-2019-13565.patch: zero out sasl_ssf in
498+ connection_init in servers/slapd/connection.c.
499+ + CVE-2019-13565
500+ [Fixed upstream]
501+
502+ -- Andreas Hasenack <andreas@canonical.com> Wed, 31 Jul 2019 18:01:14 -0300
503+
504 openldap (2.4.48+dfsg-1) unstable; urgency=medium
505
506 * New upstream release.
507@@ -157,6 +554,87 @@ openldap (2.4.48+dfsg-1) unstable; urgency=medium
508
509 -- Ryan Tandy <ryan@nardis.ca> Thu, 25 Jul 2019 08:32:00 -0700
510
511+openldap (2.4.47+dfsg-3ubuntu3) eoan; urgency=medium
512+
513+ * SECURITY UPDATE: rootDN proxyauthz not restricted to its own databases
514+ - debian/patches/CVE-2019-13057-1.patch: add restriction to
515+ servers/slapd/saslauthz.c.
516+ - debian/patches/CVE-2019-13057-2.patch: add tests to
517+ tests/data/idassert.out, tests/data/slapd-idassert.conf,
518+ tests/data/test-idassert1.ldif, tests/scripts/test028-idassert.
519+ - debian/patches/CVE-2019-13057-3.patch: fix typo in
520+ tests/scripts/test028-idassert.
521+ - debian/patches/CVE-2019-13057-4.patch: fix typo in
522+ tests/scripts/test028-idassert.
523+ - CVE-2019-13057
524+ * SECURITY UPDATE: SASL SSF not initialized per connection
525+ - debian/patches/CVE-2019-13565.patch: zero out sasl_ssf in
526+ connection_init in servers/slapd/connection.c.
527+ - CVE-2019-13565
528+
529+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 26 Jul 2019 13:21:00 -0400
530+
531+openldap (2.4.47+dfsg-3ubuntu2) disco; urgency=medium
532+
533+ * Fix sysv-generator unit file by customizing parameters (LP: #1821343)
534+ - d/slapd-remain-after-exit.conf: Override RemainAfterExit to allow
535+ correct systemctl status for slapd daemon.
536+ - d/slapd.install: place override file in correct location.
537+
538+ -- Heitor Alves de Siqueira <halves@canonical.com> Mon, 08 Apr 2019 12:39:12 -0300
539+
540+openldap (2.4.47+dfsg-3ubuntu1) disco; urgency=medium
541+
542+ * Merge with Debian unstable. Remaining changes:
543+ - Enable AppArmor support:
544+ - d/apparmor-profile: add AppArmor profile
545+ - d/rules: use dh_apparmor
546+ - d/control: Build-Depends on dh-apparmor
547+ - d/slapd.README.Debian: add note about AppArmor
548+ - Enable GSSAPI support:
549+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
550+ - Add --with-gssapi support
551+ - Make guess_service_principal() more robust when determining
552+ principal
553+ - d/configure.options: Configure with --with-gssapi
554+ - d/control: Added heimdal-dev as a build depend
555+ - d/rules:
556+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
557+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
558+ - Enable ufw support:
559+ - d/control: suggest ufw.
560+ - d/rules: install ufw profile.
561+ - d/slapd.ufw.profile: add ufw profile.
562+ - Enable nss overlay:
563+ - d/rules:
564+ - add nssov to CONTRIB_MODULES
565+ - add sysconfdir to CONTRIB_MAKEVARS
566+ - d/slapd.install:
567+ - install nssov overlay
568+ - d/slapd.manpages:
569+ - install slapo-nssov(5) man page
570+ - d/{rules,slapd.py}: Add apport hook.
571+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
572+ either the default DIT nor via an Authn mapping.
573+ - d/slapd.scripts-common:
574+ - add slapcat_opts to local variables.
575+ - Fix backup directory naming for multiple reconfiguration.
576+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
577+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
578+ in the openldap library, as required by Likewise-Open
579+ - Show distribution in version:
580+ - d/control: added lsb-release
581+ - d/patches/fix-ldap-distribution.patch: show distribution in version
582+ - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
583+ - CLDAP (UDP) was added in 2.4.17-1ubuntu2
584+ - GSSAPI support was enabled in 2.4.18-0ubuntu2
585+ * Added changes:
586+ - d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
587+ Debian bug #919136, we also have to patch the nssov makefile
588+ accordingly and thus update this patch.
589+
590+ -- Andreas Hasenack <andreas@canonical.com> Mon, 11 Feb 2019 09:20:47 -0200
591+
592 openldap (2.4.47+dfsg-3) unstable; urgency=medium
593
594 * Restore patches to contrib Makefiles to set CFLAGS, CPPFLAGS, and LDFLAGS
595@@ -172,6 +650,63 @@ openldap (2.4.47+dfsg-3) unstable; urgency=medium
596
597 -- Ryan Tandy <ryan@nardis.ca> Sat, 02 Feb 2019 10:30:10 -0800
598
599+openldap (2.4.47+dfsg-2ubuntu1) disco; urgency=medium
600+
601+ * Merge from Debian unstable (LP: #1811630). Remaining changes:
602+ - Enable AppArmor support:
603+ - d/apparmor-profile: add AppArmor profile
604+ - d/rules: use dh_apparmor
605+ - d/control: Build-Depends on dh-apparmor
606+ - d/slapd.README.Debian: add note about AppArmor
607+ - Enable GSSAPI support:
608+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
609+ - Add --with-gssapi support
610+ - Make guess_service_principal() more robust when determining
611+ principal
612+ - d/configure.options: Configure with --with-gssapi
613+ - d/control: Added heimdal-dev as a build depend
614+ - d/rules:
615+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
616+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
617+ - Enable ufw support:
618+ - d/control: suggest ufw.
619+ - d/rules: install ufw profile.
620+ - d/slapd.ufw.profile: add ufw profile.
621+ - Enable nss overlay:
622+ - d/rules:
623+ - add nssov to CONTRIB_MODULES
624+ - add sysconfdir to CONTRIB_MAKEVARS
625+ - d/slapd.install:
626+ - install nssov overlay
627+ - d/slapd.manpages:
628+ - install slapo-nssov(5) man page
629+ - d/{rules,slapd.py}: Add apport hook.
630+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
631+ either the default DIT nor via an Authn mapping.
632+ - d/slapd.scripts-common:
633+ - add slapcat_opts to local variables.
634+ - Fix backup directory naming for multiple reconfiguration.
635+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
636+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
637+ in the openldap library, as required by Likewise-Open
638+ - Show distribution in version:
639+ - d/control: added lsb-release
640+ - d/patches/fix-ldap-distribution.patch: show distribution in version
641+ - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
642+ - CLDAP (UDP) was added in 2.4.17-1ubuntu2
643+ - GSSAPI support was enabled in 2.4.18-0ubuntu2
644+ * Update nssov build and packaging for Debian changes:
645+ - Drop patch nssov-build
646+ - d/rules:
647+ - add nssov to CONTRIB_MODULES
648+ - add sysconfdir to CONTRIB_MAKEVARS
649+ - d/slapd.install:
650+ - install nssov overlay
651+ - d/slapd.manpages:
652+ - install slapo-nssov(5) man page
653+
654+ -- Ryan Tandy <ryan@nardis.ca> Sun, 13 Jan 2019 04:47:09 +0000
655+
656 openldap (2.4.47+dfsg-2) unstable; urgency=medium
657
658 * Reintroduce slapi-dev binary package. (Closes: #711469)
659@@ -209,6 +744,63 @@ openldap (2.4.47+dfsg-1) unstable; urgency=medium
660
661 -- Ryan Tandy <ryan@nardis.ca> Sun, 23 Dec 2018 12:50:40 -0800
662
663+openldap (2.4.46+dfsg-5ubuntu3) disco; urgency=medium
664+
665+ * d/apparmor-profile: update apparmor profile to allow reading of
666+ files needed when slapd is behaving as a kerberos/gssapi client
667+ and acquiring its own ticket. (LP: #1783183)
668+
669+ -- Andreas Hasenack <andreas@canonical.com> Fri, 09 Nov 2018 21:29:51 -0200
670+
671+openldap (2.4.46+dfsg-5ubuntu2) disco; urgency=medium
672+
673+ * No-change rebuild for the perl 5.28 transition.
674+
675+ -- Adam Conrad <adconrad@ubuntu.com> Fri, 02 Nov 2018 18:14:37 -0600
676+
677+openldap (2.4.46+dfsg-5ubuntu1) cosmic; urgency=medium
678+
679+ * Merge from Debian unstable. Remaining changes:
680+ - Enable AppArmor support:
681+ - d/apparmor-profile: add AppArmor profile
682+ - d/rules: use dh_apparmor
683+ - d/control: Build-Depends on dh-apparmor
684+ - d/slapd.README.Debian: add note about AppArmor
685+ - Enable GSSAPI support:
686+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
687+ - Add --with-gssapi support
688+ - Make guess_service_principal() more robust when determining
689+ principal
690+ - d/configure.options: Configure with --with-gssapi
691+ - d/control: Added heimdal-dev as a build depend
692+ - d/rules:
693+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
694+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
695+ - Enable ufw support:
696+ - d/control: suggest ufw.
697+ - d/rules: install ufw profile.
698+ - d/slapd.ufw.profile: add ufw profile.
699+ - Enable nss overlay:
700+ - d/{patches/nssov-build,rules}: Apply, build and package the
701+ nss overlay.
702+ - d/{rules,slapd.py}: Add apport hook.
703+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
704+ either the default DIT nor via an Authn mapping.
705+ - d/slapd.scripts-common:
706+ - add slapcat_opts to local variables.
707+ - Fix backup directory naming for multiple reconfiguration.
708+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
709+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
710+ in the openldap library, as required by Likewise-Open
711+ - Show distribution in version:
712+ - d/control: added lsb-release
713+ - d/patches/fix-ldap-distribution.patch: show distribution in version
714+ - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
715+ - CLDAP (UDP) was added in 2.4.17-1ubuntu2
716+ - GSSAPI support was enabled in 2.4.18-0ubuntu2
717+
718+ -- Gianfranco Costamagna <locutusofborg@debian.org> Wed, 09 May 2018 13:44:37 +0200
719+
720 openldap (2.4.46+dfsg-5) unstable; urgency=medium
721
722 * Restore slapd-smbk5pwd now that libldap is installable in unstable.
723@@ -228,6 +820,49 @@ openldap (2.4.46+dfsg-3) unstable; urgency=medium
724
725 -- Ryan Tandy <ryan@nardis.ca> Fri, 04 May 2018 07:36:58 -0700
726
727+openldap (2.4.46+dfsg-2ubuntu1) cosmic; urgency=low
728+
729+ * Merge from Debian unstable. Remaining changes:
730+ - Enable AppArmor support:
731+ - d/apparmor-profile: add AppArmor profile
732+ - d/rules: use dh_apparmor
733+ - d/control: Build-Depends on dh-apparmor
734+ - d/slapd.README.Debian: add note about AppArmor
735+ - Enable GSSAPI support:
736+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
737+ - Add --with-gssapi support
738+ - Make guess_service_principal() more robust when determining
739+ principal
740+ - d/configure.options: Configure with --with-gssapi
741+ - d/control: Added heimdal-dev as a build depend
742+ - d/rules:
743+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
744+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
745+ - Enable ufw support:
746+ - d/control: suggest ufw.
747+ - d/rules: install ufw profile.
748+ - d/slapd.ufw.profile: add ufw profile.
749+ - Enable nss overlay:
750+ - d/{patches/nssov-build,rules}: Apply, build and package the
751+ nss overlay.
752+ - d/{rules,slapd.py}: Add apport hook.
753+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
754+ either the default DIT nor via an Authn mapping.
755+ - d/slapd.scripts-common:
756+ - add slapcat_opts to local variables.
757+ - Fix backup directory naming for multiple reconfiguration.
758+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
759+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
760+ in the openldap library, as required by Likewise-Open
761+ - Show distribution in version:
762+ - d/control: added lsb-release
763+ - d/patches/fix-ldap-distribution.patch: show distribution in version
764+ - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
765+ - CLDAP (UDP) was added in 2.4.17-1ubuntu2
766+ - GSSAPI support was enabled in 2.4.18-0ubuntu2
767+
768+ -- Gianfranco Costamagna <locutusofborg@debian.org> Fri, 04 May 2018 10:19:24 +0200
769+
770 openldap (2.4.46+dfsg-2) unstable; urgency=medium
771
772 * Remove version constraint from libldap-2.4-2 dependency on libldap-common.
773@@ -257,6 +892,49 @@ openldap (2.4.46+dfsg-1) unstable; urgency=medium
774
775 -- Ryan Tandy <ryan@nardis.ca> Thu, 03 May 2018 07:03:30 -0700
776
777+openldap (2.4.45+dfsg-1ubuntu1) artful; urgency=low
778+
779+ * Merge from Debian unstable. Remaining changes:
780+ - Enable AppArmor support:
781+ - d/apparmor-profile: add AppArmor profile
782+ - d/rules: use dh_apparmor
783+ - d/control: Build-Depends on dh-apparmor
784+ - d/slapd.README.Debian: add note about AppArmor
785+ - Enable GSSAPI support:
786+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
787+ - Add --with-gssapi support
788+ - Make guess_service_principal() more robust when determining
789+ principal
790+ - d/configure.options: Configure with --with-gssapi
791+ - d/control: Added heimdal-dev as a build depend
792+ - d/rules:
793+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
794+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
795+ - Enable ufw support:
796+ - d/control: suggest ufw.
797+ - d/rules: install ufw profile.
798+ - d/slapd.ufw.profile: add ufw profile.
799+ - Enable nss overlay:
800+ - d/{patches/nssov-build,rules}: Apply, build and package the
801+ nss overlay.
802+ - d/{rules,slapd.py}: Add apport hook.
803+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
804+ either the default DIT nor via an Authn mapping.
805+ - d/slapd.scripts-common:
806+ - add slapcat_opts to local variables.
807+ - Fix backup directory naming for multiple reconfiguration.
808+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
809+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
810+ in the openldap library, as required by Likewise-Open
811+ - Show distribution in version:
812+ - d/control: added lsb-release
813+ - d/patches/fix-ldap-distribution.patch: show distribution in version
814+ - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
815+ - CLDAP (UDP) was added in 2.4.17-1ubuntu2
816+ - GSSAPI support was enabled in 2.4.18-0ubuntu2
817+
818+ -- Gianfranco Costamagna <locutusofborg@debian.org> Fri, 28 Jul 2017 14:49:07 +0200
819+
820 openldap (2.4.45+dfsg-1) unstable; urgency=medium
821
822 * New upstream release.
823@@ -298,6 +976,49 @@ openldap (2.4.45+dfsg-1) unstable; urgency=medium
824
825 -- Ryan Tandy <ryan@nardis.ca> Thu, 27 Jul 2017 18:04:41 -0700
826
827+openldap (2.4.44+dfsg-8ubuntu1) artful; urgency=low
828+
829+ * Merge from Debian unstable. Remaining changes:
830+ - Enable AppArmor support:
831+ - d/apparmor-profile: add AppArmor profile
832+ - d/rules: use dh_apparmor
833+ - d/control: Build-Depends on dh-apparmor
834+ - d/slapd.README.Debian: add note about AppArmor
835+ - Enable GSSAPI support:
836+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
837+ - Add --with-gssapi support
838+ - Make guess_service_principal() more robust when determining
839+ principal
840+ - d/configure.options: Configure with --with-gssapi
841+ - d/control: Added heimdal-dev as a build depend
842+ - d/rules:
843+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
844+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
845+ - Enable ufw support:
846+ - d/control: suggest ufw.
847+ - d/rules: install ufw profile.
848+ - d/slapd.ufw.profile: add ufw profile.
849+ - Enable nss overlay:
850+ - d/{patches/nssov-build,rules}: Apply, build and package the
851+ nss overlay.
852+ - d/{rules,slapd.py}: Add apport hook.
853+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
854+ either the default DIT nor via an Authn mapping.
855+ - d/slapd.scripts-common:
856+ - add slapcat_opts to local variables.
857+ - Fix backup directory naming for multiple reconfiguration.
858+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
859+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
860+ in the openldap library, as required by Likewise-Open
861+ - Show distribution in version:
862+ - d/control: added lsb-release
863+ - d/patches/fix-ldap-distribution.patch: show distribution in version
864+ - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
865+ - CLDAP (UDP) was added in 2.4.17-1ubuntu2
866+ - GSSAPI support was enabled in 2.4.18-0ubuntu2
867+
868+ -- Gianfranco Costamagna <locutusofborg@debian.org> Mon, 17 Jul 2017 10:58:24 +0200
869+
870 openldap (2.4.44+dfsg-8) unstable; urgency=medium
871
872 * Disable test060-mt-hot on ppc64el temporarily to avoid failing tests until
873@@ -308,6 +1029,52 @@ openldap (2.4.44+dfsg-8) unstable; urgency=medium
874
875 -- Ryan Tandy <ryan@nardis.ca> Sun, 16 Jul 2017 12:57:41 -0700
876
877+openldap (2.4.44+dfsg-7ubuntu1) artful; urgency=medium
878+
879+ * Merge from Debian unstable. Remaining changes:
880+ - Enable AppArmor support:
881+ - d/apparmor-profile: add AppArmor profile
882+ - d/rules: use dh_apparmor
883+ - d/control: Build-Depends on dh-apparmor
884+ - d/slapd.README.Debian: add note about AppArmor
885+ - Enable GSSAPI support:
886+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
887+ - Add --with-gssapi support
888+ - Make guess_service_principal() more robust when determining
889+ principal
890+ - d/configure.options: Configure with --with-gssapi
891+ - d/control: Added heimdal-dev as a build depend
892+ - d/rules:
893+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
894+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
895+ - Enable ufw support:
896+ - d/control: suggest ufw.
897+ - d/rules: install ufw profile.
898+ - d/slapd.ufw.profile: add ufw profile.
899+ - Enable nss overlay:
900+ - d/{patches/nssov-build,rules}: Apply, build and package the
901+ nss overlay.
902+ - d/{rules,slapd.py}: Add apport hook.
903+ [ d/rules modification mentioned above was dropped in
904+ 2.4.23-6ubuntu1, re-adding it ]
905+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
906+ either the default DIT nor via an Authn mapping.
907+ - d/slapd.scripts-common:
908+ - add slapcat_opts to local variables.
909+ - Fix backup directory naming for multiple reconfiguration.
910+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
911+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
912+ in the openldap library, as required by Likewise-Open
913+ - Show distribution in version:
914+ - d/control: added lsb-release
915+ - d/patches/fix-ldap-distribution.patch: show distribution in version
916+ [ Refreshed patch ]
917+ - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
918+ - CLDAP (UDP) was added in 2.4.17-1ubuntu2
919+ - GSSAPI support was enabled in 2.4.18-0ubuntu2
920+
921+ -- Gianfranco Costamagna <locutusofborg@debian.org> Tue, 27 Jun 2017 10:21:41 +0200
922+
923 openldap (2.4.44+dfsg-7) unstable; urgency=medium
924
925 * Relax the dependency of libldap-2.4-2 on libldap-common to also permit
926@@ -315,6 +1082,52 @@ openldap (2.4.44+dfsg-7) unstable; urgency=medium
927
928 -- Ryan Tandy <ryan@nardis.ca> Tue, 27 Jun 2017 18:53:12 -0700
929
930+openldap (2.4.44+dfsg-6ubuntu1) artful; urgency=medium
931+
932+ * Merge from Debian unstable. Remaining changes:
933+ - Enable AppArmor support:
934+ - d/apparmor-profile: add AppArmor profile
935+ - d/rules: use dh_apparmor
936+ - d/control: Build-Depends on dh-apparmor
937+ - d/slapd.README.Debian: add note about AppArmor
938+ - Enable GSSAPI support:
939+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
940+ - Add --with-gssapi support
941+ - Make guess_service_principal() more robust when determining
942+ principal
943+ - d/configure.options: Configure with --with-gssapi
944+ - d/control: Added heimdal-dev as a build depend
945+ - d/rules:
946+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
947+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
948+ - Enable ufw support:
949+ - d/control: suggest ufw.
950+ - d/rules: install ufw profile.
951+ - d/slapd.ufw.profile: add ufw profile.
952+ - Enable nss overlay:
953+ - d/{patches/nssov-build,rules}: Apply, build and package the
954+ nss overlay.
955+ - d/{rules,slapd.py}: Add apport hook.
956+ [ d/rules modification mentioned above was dropped in
957+ 2.4.23-6ubuntu1, re-adding it ]
958+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
959+ either the default DIT nor via an Authn mapping.
960+ - d/slapd.scripts-common:
961+ - add slapcat_opts to local variables.
962+ - Fix backup directory naming for multiple reconfiguration.
963+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
964+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
965+ in the openldap library, as required by Likewise-Open
966+ - Show distribution in version:
967+ - d/control: added lsb-release
968+ - d/patches/fix-ldap-distribution.patch: show distribution in version
969+ [ Refreshed patch ]
970+ - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
971+ - CLDAP (UDP) was added in 2.4.17-1ubuntu2
972+ - GSSAPI support was enabled in 2.4.18-0ubuntu2
973+
974+ -- Gianfranco Costamagna <locutusofborg@debian.org> Tue, 27 Jun 2017 10:21:41 +0200
975+
976 openldap (2.4.44+dfsg-6) unstable; urgency=medium
977
978 * Update the list of non-translatable strings for the
979@@ -323,6 +1136,54 @@ openldap (2.4.44+dfsg-6) unstable; urgency=medium
980
981 -- Ryan Tandy <ryan@nardis.ca> Mon, 26 Jun 2017 19:42:02 -0700
982
983+openldap (2.4.44+dfsg-5ubuntu1) artful; urgency=medium
984+
985+ * Merge from Debian unstable. Remaining changes:
986+ - Enable AppArmor support:
987+ - d/apparmor-profile: add AppArmor profile
988+ - d/rules: use dh_apparmor
989+ - d/control: Build-Depends on dh-apparmor
990+ - d/slapd.README.Debian: add note about AppArmor
991+ - Enable GSSAPI support:
992+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
993+ - Add --with-gssapi support
994+ - Make guess_service_principal() more robust when determining
995+ principal
996+ - d/configure.options: Configure with --with-gssapi
997+ - d/control: Added heimdal-dev as a build depend
998+ - d/rules:
999+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
1000+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1001+ - Enable ufw support:
1002+ - d/control: suggest ufw.
1003+ - d/rules: install ufw profile.
1004+ - d/slapd.ufw.profile: add ufw profile.
1005+ - Enable nss overlay:
1006+ - d/{patches/nssov-build,rules}: Apply, build and package the
1007+ nss overlay.
1008+ - d/{rules,slapd.py}: Add apport hook.
1009+ [ d/rules modification mentioned above was dropped in
1010+ 2.4.23-6ubuntu1, re-adding it ]
1011+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1012+ either the default DIT nor via an Authn mapping.
1013+ - d/slapd.scripts-common:
1014+ - add slapcat_opts to local variables.
1015+ - Fix backup directory naming for multiple reconfiguration.
1016+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1017+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1018+ in the openldap library, as required by Likewise-Open
1019+ - Show distribution in version:
1020+ - d/control: added lsb-release
1021+ - d/patches/fix-ldap-distribution.patch: show distribution in version
1022+ [ Refreshed patch ]
1023+ - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1024+ - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1025+ - GSSAPI support was enabled in 2.4.18-0ubuntu2
1026+ [ undocumented in prior merge, added in 2.4.41+dfsg-1ubuntu1 ]
1027+ - Fix use after free with GnuTLS. (LP #1557248)
1028+
1029+ -- Gianfranco Costamagna <locutusofborg@debian.org> Sun, 28 May 2017 22:43:50 +0200
1030+
1031 openldap (2.4.44+dfsg-5) unstable; urgency=medium
1032
1033 * debian/patches/ITS-8644-wait-for-slapd-to-start-in-test064.patch: Fix an
1034@@ -334,6 +1195,54 @@ openldap (2.4.44+dfsg-5) unstable; urgency=medium
1035
1036 -- Ryan Tandy <ryan@nardis.ca> Sun, 28 May 2017 09:59:46 -0700
1037
1038+openldap (2.4.44+dfsg-4ubuntu1) artful; urgency=low
1039+
1040+ * Merge from Debian unstable. Remaining changes:
1041+ - Enable AppArmor support:
1042+ - d/apparmor-profile: add AppArmor profile
1043+ - d/rules: use dh_apparmor
1044+ - d/control: Build-Depends on dh-apparmor
1045+ - d/slapd.README.Debian: add note about AppArmor
1046+ - Enable GSSAPI support:
1047+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1048+ - Add --with-gssapi support
1049+ - Make guess_service_principal() more robust when determining
1050+ principal
1051+ - d/configure.options: Configure with --with-gssapi
1052+ - d/control: Added heimdal-dev as a build depend
1053+ - d/rules:
1054+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
1055+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1056+ - Enable ufw support:
1057+ - d/control: suggest ufw.
1058+ - d/rules: install ufw profile.
1059+ - d/slapd.ufw.profile: add ufw profile.
1060+ - Enable nss overlay:
1061+ - d/{patches/nssov-build,rules}: Apply, build and package the
1062+ nss overlay.
1063+ - d/{rules,slapd.py}: Add apport hook.
1064+ [ d/rules modification mentioned above was dropped in
1065+ 2.4.23-6ubuntu1, re-adding it ]
1066+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1067+ either the default DIT nor via an Authn mapping.
1068+ - d/slapd.scripts-common:
1069+ - add slapcat_opts to local variables.
1070+ - Fix backup directory naming for multiple reconfiguration.
1071+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1072+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1073+ in the openldap library, as required by Likewise-Open
1074+ - Show distribution in version:
1075+ - d/control: added lsb-release
1076+ - d/patches/fix-ldap-distribution.patch: show distribution in version
1077+ [ Refreshed patch ]
1078+ - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1079+ - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1080+ - GSSAPI support was enabled in 2.4.18-0ubuntu2
1081+ [ undocumented in prior merge, added in 2.4.41+dfsg-1ubuntu1 ]
1082+ - Fix use after free with GnuTLS. (LP #1557248)
1083+
1084+ -- Gianfranco Costamagna <locutusofborg@debian.org> Sat, 22 Apr 2017 14:28:54 +0200
1085+
1086 openldap (2.4.44+dfsg-4) unstable; urgency=medium
1087
1088 * Improve the slapd/ppolicy_schema_needs_update debconf template. Thanks to
1089@@ -380,6 +1289,67 @@ openldap (2.4.44+dfsg-4) unstable; urgency=medium
1090
1091 -- Ryan Tandy <ryan@nardis.ca> Sun, 16 Apr 2017 20:10:43 -0700
1092
1093+openldap (2.4.44+dfsg-3ubuntu2) zesty; urgency=medium
1094+
1095+ * d/rules: Fix typo in previous upload.
1096+
1097+ -- Nishanth Aravamudan <nish.aravamudan@canonical.com> Fri, 10 Feb 2017 12:17:02 -0800
1098+
1099+openldap (2.4.44+dfsg-3ubuntu1) zesty; urgency=medium
1100+
1101+ * Merge with Debian unstable (LP: #1663702, LP: #1654416). Remaining
1102+ changes
1103+ - Enable AppArmor support:
1104+ - d/apparmor-profile: add AppArmor profile
1105+ - d/rules: use dh_apparmor
1106+ - d/control: Build-Depends on dh-apparmor
1107+ - d/slapd.README.Debian: add note about AppArmor
1108+ - Enable GSSAPI support:
1109+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1110+ - Add --with-gssapi support
1111+ - Make guess_service_principal() more robust when determining
1112+ principal
1113+ - d/configure.options: Configure with --with-gssapi
1114+ - d/control: Added heimdal-dev as a build depend
1115+ - d/rules:
1116+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
1117+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1118+ - Enable ufw support:
1119+ - d/control: suggest ufw.
1120+ - d/rules: install ufw profile.
1121+ - d/slapd.ufw.profile: add ufw profile.
1122+ - Enable nss overlay:
1123+ - d/{patches/nssov-build,rules}: Apply, build and package the
1124+ nss overlay.
1125+ - d/{rules,slapd.py}: Add apport hook.
1126+ [ d/rules modification mentioned above was dropped in
1127+ 2.4.23-6ubuntu1, re-adding it ]
1128+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1129+ either the default DIT nor via an Authn mapping.
1130+ - d/slapd.scripts-common:
1131+ - add slapcat_opts to local variables.
1132+ - Fix backup directory naming for multiple reconfiguration.
1133+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1134+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1135+ in the openldap library, as required by Likewise-Open
1136+ - Show distribution in version:
1137+ - d/control: added lsb-release
1138+ - d/patches/fix-ldap-distribution.patch: show distribution in version
1139+ [ Refreshed patch ]
1140+ - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1141+ - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1142+ - GSSAPI support was enabled in 2.4.18-0ubuntu2
1143+ [ undocumented in prior merge, added in 2.4.41+dfsg-1ubuntu1 ]
1144+ - Fix use after free with GnuTLS. (LP #1557248)
1145+ * Drop:
1146+ - d/slapd.scripts-common:
1147+ + Remove unused variable new_conf.
1148+ [ configure_v2_protocol_support function removed in 2.4.44+dfsg-1 ]
1149+ - d/b/config.log: add config.log
1150+ [ previously undocumented, stray change ]
1151+
1152+ -- Nishanth Aravamudan <nish.aravamudan@canonical.com> Fri, 10 Feb 2017 11:38:57 -0800
1153+
1154 openldap (2.4.44+dfsg-3) unstable; urgency=medium
1155
1156 * Apply upstream patch to fix FTBFS on kFreeBSD. (Closes: #845394)
1157@@ -452,6 +1422,73 @@ openldap (2.4.44+dfsg-1) unstable; urgency=medium
1158
1159 -- Ryan Tandy <ryan@nardis.ca> Mon, 14 Nov 2016 18:59:30 -0800
1160
1161+openldap (2.4.42+dfsg-2ubuntu5) zesty; urgency=medium
1162+
1163+ * No-change rebuild for perl 5.24 transition
1164+
1165+ -- Iain Lane <iain@orangesquash.org.uk> Mon, 24 Oct 2016 10:37:13 +0100
1166+
1167+openldap (2.4.42+dfsg-2ubuntu4) yakkety; urgency=medium
1168+
1169+ * Fix use after free with GnuTLS. (LP: #1557248)
1170+
1171+ -- Maciej Puzio <maciej@work.swmed.edu> Fri, 25 Mar 2016 15:24:25 -0500
1172+
1173+openldap (2.4.42+dfsg-2ubuntu3) xenial; urgency=medium
1174+
1175+ * Fix building with gssapi suppport:
1176+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
1177+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1178+
1179+ -- Matthias Klose <doko@ubuntu.com> Thu, 18 Feb 2016 09:17:27 +0100
1180+
1181+openldap (2.4.42+dfsg-2ubuntu2) xenial; urgency=medium
1182+
1183+ * No-change rebuild for gnutls transition.
1184+
1185+ -- Matthias Klose <doko@ubuntu.com> Wed, 17 Feb 2016 22:27:04 +0000
1186+
1187+openldap (2.4.42+dfsg-2ubuntu1) xenial; urgency=medium
1188+
1189+ * Merge from Debian testing (LP: #1532648). Remaining changes:
1190+ - Enable AppArmor support:
1191+ - d/apparmor-profile: add AppArmor profile
1192+ - d/rules: use dh_apparmor
1193+ - d/control: Build-Depends on dh-apparmor
1194+ - d/slapd.README.Debian: add note about AppArmor
1195+ - Enable GSSAPI support:
1196+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1197+ - Add --with-gssapi support
1198+ - Make guess_service_principal() more robust when determining
1199+ principal
1200+ - d/configure.options: Configure with --with-gssapi
1201+ - d/control: Added heimdal-dev as a build depend
1202+ - Enable ufw support:
1203+ - d/control: suggest ufw.
1204+ - d/rules: install ufw profile.
1205+ - d/slapd.ufw.profile: add ufw profile.
1206+ - Enable nss overlay:
1207+ - d/{patches/nssov-build,rules}: Apply, build and package the
1208+ nss overlay.
1209+ - d/{rules,slapd.py}: Add apport hook.
1210+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1211+ either the default DIT nor via an Authn mapping.
1212+ - d/slapd.scripts-common:
1213+ - add slapcat_opts to local variables.
1214+ - Remove unused variable new_conf.
1215+ - Fix backup directory naming for multiple reconfiguration.
1216+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1217+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1218+ in the openldap library, as required by Likewise-Open
1219+ - Show distribution in version:
1220+ - d/control: added lsb-release
1221+ - d/patches/fix-ldap-distribution.patch: show distribution in version
1222+ * Drop CVE-2015-6908.patch, included in Debian.
1223+ * Remove DEB_HOST_ARCH from debian/rules: left over from when mdb was
1224+ disabled on ppc64el, no longer used, and missed in the previous merge.
1225+
1226+ -- Ryan Tandy <ryan@nardis.ca> Sun, 10 Jan 2016 15:50:53 -0800
1227+
1228 openldap (2.4.42+dfsg-2) unstable; urgency=medium
1229
1230 [ Ryan Tandy ]
1231@@ -519,6 +1556,71 @@ openldap (2.4.42+dfsg-1) unstable; urgency=medium
1232
1233 -- Ryan Tandy <ryan@nardis.ca> Fri, 21 Aug 2015 13:07:51 -0700
1234
1235+openldap (2.4.41+dfsg-1ubuntu3) xenial; urgency=medium
1236+
1237+ * Rebuild for Perl 5.22.1.
1238+
1239+ -- Colin Watson <cjwatson@ubuntu.com> Fri, 18 Dec 2015 15:10:17 +0000
1240+
1241+openldap (2.4.41+dfsg-1ubuntu2) wily; urgency=medium
1242+
1243+ * SECURITY UPDATE: denial of service via crafted BER data
1244+ - debian/patches/CVE-2015-6908.patch: remove obsolete assert in
1245+ libraries/liblber/io.c.
1246+ - CVE-2015-6908
1247+
1248+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 14 Sep 2015 10:25:04 -0400
1249+
1250+openldap (2.4.41+dfsg-1ubuntu1) wily; urgency=medium
1251+
1252+ * Merge from Debian testing (LP: #1471831). Remaining changes:
1253+ - Enable AppArmor support:
1254+ - d/apparmor-profile: add AppArmor profile
1255+ - d/rules: use dh_apparmor
1256+ - d/control: Build-Depends on dh-apparmor
1257+ - d/slapd.README.Debian: add note about AppArmor
1258+ - Enable GSSAPI support:
1259+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1260+ - Add --with-gssapi support
1261+ - Make guess_service_principal() more robust when determining
1262+ principal
1263+ - d/configure.options: Configure with --with-gssapi
1264+ - d/control: Added heimdal-dev as a build depend
1265+ - Enable ufw support:
1266+ - d/control: suggest ufw.
1267+ - d/rules: install ufw profile.
1268+ - d/slapd.ufw.profile: add ufw profile.
1269+ - Enable nss overlay:
1270+ - d/{patches/nssov-build,rules}: Apply, build and package the
1271+ nss overlay.
1272+ - d/{rules,slapd.py}: Add apport hook.
1273+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1274+ either the default DIT nor via an Authn mapping.
1275+ - d/slapd.scripts-common:
1276+ - add slapcat_opts to local variables.
1277+ - Remove unused variable new_conf.
1278+ - Fix backup directory naming for multiple reconfiguration.
1279+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1280+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1281+ in the openldap library, as required by Likewise-Open
1282+ - Show distribution in version:
1283+ - d/control: added lsb-release
1284+ - d/patches/fix-ldap-distribution.patch: show distribution in version
1285+ * Dropped changes:
1286+ - Fix cpp calls for GCC 5: fixed upstream (ITS#8056)
1287+ * Upstream fixes:
1288+ - slapd crash with auditlog overlay and large (~27KB) attribute values
1289+ (ITS#8003) (LP: #1461276)
1290+ - nssov updated to support recent nss-pam-ldapd client libraries
1291+ (ITS#8097) (LP: #1393306)
1292+ * Update d/patches/nssov-build for upstream changes.
1293+ * Tweak d/patches/gssapi.diff to apply without fuzz.
1294+ * d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1295+ - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1296+ - GSSAPI support was enabled in 2.4.18-0ubuntu2
1297+
1298+ -- Ryan Tandy <ryan@nardis.ca> Fri, 24 Jul 2015 14:12:06 -0700
1299+
1300 openldap (2.4.41+dfsg-1) unstable; urgency=medium
1301
1302 * New upstream release.
1303@@ -538,6 +1640,62 @@ openldap (2.4.40+dfsg-2) unstable; urgency=medium
1304
1305 -- Ryan Tandy <ryan@nardis.ca> Sun, 28 Jun 2015 20:40:37 -0700
1306
1307+openldap (2.4.40+dfsg-1ubuntu2) wily; urgency=medium
1308+
1309+ * No-change rebuild for the libnettle6 transition.
1310+
1311+ -- Adam Conrad <adconrad@ubuntu.com> Sun, 14 Jun 2015 03:58:30 -0600
1312+
1313+openldap (2.4.40+dfsg-1ubuntu1) wily; urgency=low
1314+
1315+ * Merge from Debian testing (LP: #1395098, LP: #1316124). Remaining changes:
1316+ - Enable AppArmor support:
1317+ - d/apparmor-profile: add AppArmor profile
1318+ - d/rules: use dh_apparmor
1319+ - d/control: Build-Depends on dh-apparmor
1320+ - d/slapd.README.Debian: add note about AppArmor
1321+ - Enable GSSAPI support:
1322+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1323+ - Add --with-gssapi support
1324+ - Make guess_service_principal() more robust when determining
1325+ principal
1326+ - d/configure.options: Configure with --with-gssapi
1327+ - d/control: Added heimdal-dev as a build depend
1328+ - Enable ufw support:
1329+ - d/control: suggest ufw.
1330+ - d/rules: install ufw profile.
1331+ - d/slapd.ufw.profile: add ufw profile.
1332+ - Enable nss overlay:
1333+ - d/{patches/nssov-build,rules}: Apply, build and package the
1334+ nss overlay.
1335+ - d/{rules,slapd.py}: Add apport hook.
1336+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1337+ either the default DIT nor via an Authn mapping.
1338+ - d/slapd.scripts-common:
1339+ - add slapcat_opts to local variables.
1340+ - Remove unused variable new_conf.
1341+ - Fix backup directory naming for multiple reconfiguration.
1342+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1343+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1344+ in the openldap library, as required by Likewise-Open
1345+ - Show distribution in version:
1346+ - d/control: added lsb-release
1347+ - d/patches/fix-ldap-distribution.patch: show distribution in version
1348+ * Drop patches included upstream:
1349+ - d/patches/0001-ITS-7430-GnuTLS-Avoid-use-of-deprecated-function.patch
1350+ - d/patches/bdb-deadlock.patch
1351+ - d/patches/its-7354-fix-delta-sync-mmr.diff
1352+ * Drop hardening-wrapper as Debian now sets PIE and bindnow flags.
1353+ * debian/patches/nssov-build: Adjust for upstream changes.
1354+ * debian/apparmor-profile:
1355+ - Change 'r' to 'rw' for ldapi and nslcd sockets, required for apparmor
1356+ kernel ABI v7 (utopic and later). (LP: #1392018)
1357+ - Reduce permissions on /run/nslcd to just the nslcd socket.
1358+ * Enable the mdb backend again on ppc64el, fixed upstream in ITS#7713.
1359+ (LP: #1293250)
1360+
1361+ -- Ryan Tandy <ryan@nardis.ca> Mon, 25 May 2015 19:49:21 -0700
1362+
1363 openldap (2.4.40+dfsg-1) unstable; urgency=medium
1364
1365 * Remove inetorgperson.schema from the upstream source. Replace it with a
1366@@ -726,6 +1884,187 @@ openldap (2.4.39-1) unstable; urgency=low
1367
1368 -- Steve Langasek <vorlon@debian.org> Mon, 17 Mar 2014 15:27:31 -0700
1369
1370+openldap (2.4.31-1+nmu2ubuntu12) vivid; urgency=medium
1371+
1372+ * Fix cpp calls for GCC 5.
1373+
1374+ -- Matthias Klose <doko@ubuntu.com> Fri, 06 Mar 2015 13:23:29 +0100
1375+
1376+openldap (2.4.31-1+nmu2ubuntu11) utopic; urgency=medium
1377+
1378+ * debian/apparmor-profile:
1379+ - allow p11-kit abstraction
1380+ - allow read of /etc/gss/mech.d/*
1381+
1382+ -- Jamie Strandboge <jamie@ubuntu.com> Tue, 02 Sep 2014 15:29:05 -0500
1383+
1384+openldap (2.4.31-1+nmu2ubuntu10) utopic; urgency=medium
1385+
1386+ * Rebuild for Perl 5.20.0.
1387+
1388+ -- Colin Watson <cjwatson@ubuntu.com> Thu, 21 Aug 2014 13:29:20 +0100
1389+
1390+openldap (2.4.31-1+nmu2ubuntu9) utopic; urgency=medium
1391+
1392+ * Cherry-pick upstream patch for compat with recent GNUTLS.
1393+ * Build-depend on libgnutls28-dev.
1394+ * Build-depend on libgcrypt20-dev.
1395+
1396+ -- Dimitri John Ledkov <xnox@ubuntu.com> Fri, 08 Aug 2014 11:01:56 +0100
1397+
1398+openldap (2.4.31-1+nmu2ubuntu8) trusty; urgency=medium
1399+
1400+ * Bump database_format_changed value to 2.4.31-1+nmu2ubuntu5 for db5.3.
1401+
1402+ -- Adam Conrad <adconrad@ubuntu.com> Mon, 17 Mar 2014 12:50:18 -0600
1403+
1404+openldap (2.4.31-1+nmu2ubuntu7) trusty; urgency=medium
1405+
1406+ * Disable mdb backend on ppc64el due to test-suite failures.
1407+
1408+ -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 17 Mar 2014 16:32:29 +0000
1409+
1410+openldap (2.4.31-1+nmu2ubuntu6) trusty; urgency=low
1411+
1412+ * Fix segfault issue with master-master syncrepl (LP: #1287730):
1413+ - d/patches/its-7354-fix-delta-sync-mmr.diff: Cherry picked
1414+ patch from upstream VCS.
1415+
1416+ -- Pierre Fersing <pfersing@sierrawireless.com> Tue, 04 Mar 2014 16:04:57 +0100
1417+
1418+openldap (2.4.31-1+nmu2ubuntu5) trusty; urgency=low
1419+
1420+ * Build-depend on libdb5.3-dev, instead of libdb5.1-dev.
1421+
1422+ -- Dmitrijs Ledkovs <xnox@ubuntu.com> Mon, 04 Nov 2013 08:04:30 +0000
1423+
1424+openldap (2.4.31-1+nmu2ubuntu4) trusty; urgency=low
1425+
1426+ * Rebuild for Perl 5.18.
1427+
1428+ -- Colin Watson <cjwatson@ubuntu.com> Tue, 22 Oct 2013 12:16:39 +0100
1429+
1430+openldap (2.4.31-1+nmu2ubuntu3) saucy; urgency=low
1431+
1432+ * Update build/config.guess and build/config.sub at build time; this was
1433+ not done automatically because the top-level configure.in does not use
1434+ Automake.
1435+
1436+ -- Colin Watson <cjwatson@ubuntu.com> Tue, 08 Oct 2013 17:24:59 +0100
1437+
1438+openldap (2.4.31-1+nmu2ubuntu2) saucy; urgency=low
1439+
1440+ * debian/control: added lsb-release
1441+ * debian/patches/fix-ldap-distribution.patch: show distribution in version
1442+
1443+ -- Yolanda Robla <yolanda.robla@canonical.com> Mon, 08 Jul 2013 16:53:09 +0200
1444+
1445+openldap (2.4.31-1+nmu2ubuntu1) saucy; urgency=low
1446+
1447+ * Merge from Debian unstable. Remaining changes:
1448+ - Enable AppArmor support:
1449+ - d/apparmor-profile: add AppArmor profile
1450+ - d/rules: use dh_apparmor
1451+ - d/control: Build-Depends on dh-apparmor
1452+ - d/slapd.README.Debian: add note about AppArmor
1453+ - d/slapd.dirs: add etc/apparmor.d/force-complain
1454+ - Enable GSSAPI support:
1455+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1456+ - Add --with-gssapi support
1457+ - Make guess_service_principal() more robust when determining
1458+ principal
1459+ - d/configure.options: Configure with --with-gssapi
1460+ - d/control: Added libkrb5-dev as a build depend
1461+ - Enable ufw support:
1462+ - d/control: suggest ufw.
1463+ - d/rules: install ufw profile.
1464+ - d/slapd.ufw.profile: add ufw profile.
1465+ - Enable nss overlay:
1466+ - d/{patches/nssov-build,/rules}: Apply, build and package the
1467+ nss overlay.
1468+ - d/{rules,slapd.py}: Add apport hook.
1469+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1470+ either the default DIT nor via an Authn mapping.
1471+ - d/slapd.scripts-common:
1472+ - add slapcat_opts to local variables.
1473+ - Remove unused variable new_conf.
1474+ - Fix backup directory naming for multiple reconfiguration.
1475+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1476+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1477+ in the openldap library, as required by Likewise-Open
1478+ - d/{control,rules}: enable PIE hardening
1479+
1480+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 30 May 2013 13:03:25 -0400
1481+
1482+openldap (2.4.31-1+nmu2) unstable; urgency=high
1483+
1484+ * Non-maintainer upload.
1485+ * No-change rebuild in a clean environment
1486+
1487+ -- Jonathan Wiltshire <jmw@debian.org> Tue, 23 Apr 2013 13:10:00 +0100
1488+
1489+openldap (2.4.31-1+nmu1) unstable; urgency=medium
1490+
1491+ * Non-maintainer upload.
1492+ * Avoid deadlocks in back-bdb that truncate slapcat output (closes: #673038).
1493+
1494+ -- Michael Gilbert <mgilbert@debian.org> Tue, 16 Apr 2013 03:35:31 +0000
1495+
1496+openldap (2.4.31-1ubuntu2) quantal-proposed; urgency=low
1497+
1498+ * debian/slapd.py: Add AppArmor info and logs to apport hook.
1499+
1500+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 20 Aug 2012 08:46:02 -0400
1501+
1502+openldap (2.4.31-1ubuntu1) quantal; urgency=low
1503+
1504+ * Merge from Debian unstable. Remaining changes:
1505+ - Enable AppArmor support:
1506+ - d/apparmor-profile: add AppArmor profile
1507+ - d/rules: use dh_apparmor
1508+ - d/control: Build-Depends on dh-apparmor
1509+ - d/slapd.README.Debian: add note about AppArmor
1510+ - d/slapd.dirs: add etc/apparmor.d/force-complain
1511+ - Enable GSSAPI support (LP: #495418):
1512+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1513+ - Add --with-gssapi support
1514+ - Make guess_service_principal() more robust when determining
1515+ principal
1516+ - d/configure.options: Configure with --with-gssapi
1517+ - d/control: Added libkrb5-dev as a build depend
1518+ - Enable ufw support (LP: #423246):
1519+ - d/control: suggest ufw.
1520+ - d/rules: install ufw profile.
1521+ - d/slapd.ufw.profile: add ufw profile.
1522+ - Enable nss overlay (LP: #675391):
1523+ - d/{patches/nssov-build,/rules}: Apply, build and package the
1524+ nss overlay.
1525+ - d/{rules,slapd.py}: Add apport hook. (LP: #610544)
1526+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1527+ either the default DIT nor via an Authn mapping.
1528+ - d/slapd.scripts-common:
1529+ - add slapcat_opts to local variables.
1530+ - Remove unused variable new_conf.
1531+ - Fix backup directory naming for multiple reconfiguration.
1532+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1533+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1534+ in the openldap library, as required by Likewise-Open (LP: #390579)
1535+ - d/{control,rules}: enable PIE hardening
1536+ * Dropped changes:
1537+ - d/patches/its-7107-fix-Operation-init-on-reuse.diff: Included in upstream release.
1538+ - d/patches/CVE-2011-4079: Included in upstream release.
1539+ - d/patches/service-operational-before-detach: Included in upstream release.
1540+ - d/schema/extra/misc.ldif: Included upstream.
1541+ - d/{rules,schema/extra}: Fix configure and clean rules to support
1542+ extra schemas shipped as part of the debian/schema/ directory; no longer required.
1543+ - Included in Debian:
1544+ + Document cn=config in README file.
1545+ + Install a default DIT; actually a minimal configuration.
1546+ + d/patches/heimdal-fix.
1547+ * General tidy of d/patches to remove obsolete patches being held in Ubuntu delta.
1548+
1549+ -- James Page <james.page@ubuntu.com> Fri, 20 Jul 2012 13:48:32 +0100
1550+
1551 openldap (2.4.31-1) unstable; urgency=low
1552
1553 * New upstream release.
1554@@ -752,6 +2091,121 @@ openldap (2.4.31-1) unstable; urgency=low
1555
1556 -- Steve Langasek <vorlon@debian.org> Wed, 27 Jun 2012 03:27:34 +0000
1557
1558+openldap (2.4.28-1.1ubuntu6) quantal; urgency=low
1559+
1560+ * Fix issue with intermittent connection issues when using LDAPv3
1561+ protocol (LP: #1023025):
1562+ - d/patches/its-7107-fix-Operation-init-on-reuse.diff: Cherry picked
1563+ patch from upstream VCS which ensures objects are initialized before
1564+ re-use.
1565+
1566+ -- Pierre Fersing <pfersing@sierrawireless.com> Thu, 19 Jul 2012 14:05:09 +0100
1567+
1568+openldap (2.4.28-1.1ubuntu5) quantal; urgency=low
1569+
1570+ * debian/rules: Add smbk5pwd build.
1571+ * debian/control: Add slapd-smbk5pwd binary package.
1572+ * debian/patches/heimdal-fix: adapt parameters of
1573+ hdb_generate_key_set_password() to heimdal 1.6~git20120311
1574+ (patch from Debian #664930).
1575+
1576+ -- Jorge Salamero Sanz <bencer@debian.org> Wed, 18 Jul 2012 09:30:28 -0400
1577+
1578+openldap (2.4.28-1.1ubuntu4) precise; urgency=low
1579+
1580+ * debian/control: Build-Depends on dh-apparmor (LP: #948481)
1581+
1582+ -- Jamie Strandboge <jamie@ubuntu.com> Thu, 05 Apr 2012 09:34:37 -0500
1583+
1584+openldap (2.4.28-1.1ubuntu3) precise; urgency=low
1585+
1586+ * Add its-7176-only-poll-sockets-for-write-as-needed.diff
1587+ (LP: #932823).
1588+
1589+ -- Timo Aaltonen <tjaalton@ubuntu.com> Tue, 21 Feb 2012 15:36:29 +0200
1590+
1591+openldap (2.4.28-1.1ubuntu2) precise; urgency=low
1592+
1593+ * Remove debian/patches/CVE-2011-4079; it's already in this upstream
1594+ version. Fixes FTBFS.
1595+
1596+ -- Daniel T Chen <crimsun@ubuntu.com> Wed, 25 Jan 2012 17:26:17 -0500
1597+
1598+openldap (2.4.28-1.1ubuntu1) precise; urgency=low
1599+
1600+ * Merge from Debian testing. Remaining changes:
1601+ - Install a default DIT (LP: #442498).
1602+ - Document cn=config in README file (LP: #370784).
1603+ - remaining changes:
1604+ + AppArmor support:
1605+ - debian/apparmor-profile: add AppArmor profile
1606+ - use dh_apparmor:
1607+ - debian/rules: use dh_apparmor
1608+ - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
1609+ - updated debian/slapd.README.Debian for note on AppArmor
1610+ - debian/slapd.dirs: add etc/apparmor.d/force-complain
1611+ + Enable GSSAPI support (LP: #495418):
1612+ - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1613+ - Add --with-gssapi support
1614+ - Make guess_service_principal() more robust when determining
1615+ principal
1616+ - debian/patches/series: apply gssapi.diff patch.
1617+ - debian/configure.options: Configure with --with-gssapi
1618+ - debian/control: Added libkrb5-dev as a build depend
1619+ + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1620+ in the openldap library, as required by Likewise-Open (LP: #390579)
1621+ + Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
1622+ - debian/control:
1623+ - remove build-dependency on heimdal-dev.
1624+ - remove slapd-smbk5pwd binary package.
1625+ - debian/rules: don't build smbk5pwd slapd module.
1626+ + debian/{control,rules}: enable PIE hardening
1627+ + ufw support (LP: #423246):
1628+ - debian/control: suggest ufw.
1629+ - debian/rules: install ufw profile.
1630+ - debian/slapd.ufw.profile: add ufw profile.
1631+ + Enable nssoverlay:
1632+ - debian/patches/nssov-build, debian/series, debian/rules:
1633+ Apply, build and package the nss overlay.
1634+ - debian/schema/extra/misc.ldif: add ldif file for the misc schema
1635+ which defines rfc822MailMember (required by the nss overlay).
1636+ + debian/rules, debian/schema/extra/:
1637+ Fix configure rule to supports extra schemas shipped as part
1638+ of the debian/schema/ directory.
1639+ + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
1640+ + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
1641+ neither the default DIT nor via an Authn mapping.
1642+ + debian/slapd.scripts-common: adjust minimum version that triggers a
1643+ database upgrade. Upgrade from maverick shouldn't trigger database
1644+ upgrade (which would happen with the version used in Debian).
1645+ + debian/slapd.scripts-common: add slapcat_opts to local variables.
1646+ Remove unused variable new_conf.
1647+ + debian/slapd.script-common: Fix package reconfiguration.
1648+ - Fix backup directory naming for multiple reconfiguration.
1649+ + debian/slapd.default, debian/slapd.README.Debian:
1650+ use the new configuration style.
1651+ + Install nss overlay (LP: #675391):
1652+ - debian/rules: run install target for nssov module.
1653+ - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema
1654+ + debian/patches/gssapi.diff:
1655+ - Update patch so that likewise-open is usuable again. (LP: #661547)
1656+ + debian/patches/service-operational-before-detach: New patch replacing old one
1657+ of the same name as previous could cause database corruption based on upstream commits.
1658+ (LP: #727973)
1659+ + debian/patches/CVE-2011-4079: fix off by one error in postalAddressNormalize()
1660+ (CVE-2011-4079)
1661+
1662+
1663+ -- Chuck Short <zulcss@ubuntu.com> Mon, 23 Jan 2012 10:01:13 -0500
1664+
1665+openldap (2.4.28-1.1) unstable; urgency=low
1666+
1667+ * Non-maintainer upload.
1668+ * Disable the mdb backend on non-Linux, it looks like it doesn't work with
1669+ linuxthreads (closes: #654824).
1670+
1671+ -- Julien Cristau <jcristau@debian.org> Mon, 16 Jan 2012 19:45:42 +0100
1672+
1673 openldap (2.4.28-1) unstable; urgency=low
1674
1675 * New upstream release.
1676@@ -779,6 +2233,72 @@ openldap (2.4.28-1) unstable; urgency=low
1677
1678 -- Steve Langasek <vorlon@debian.org> Thu, 05 Jan 2012 06:07:11 +0000
1679
1680+openldap (2.4.25-4ubuntu1) precise; urgency=low
1681+
1682+ * Merge from Debian testing. Remaining changes:
1683+ - Install a default DIT (LP: #442498).
1684+ - Document cn=config in README file (LP: #370784).
1685+ - remaining changes:
1686+ + AppArmor support:
1687+ - debian/apparmor-profile: add AppArmor profile
1688+ - use dh_apparmor:
1689+ - debian/rules: use dh_apparmor
1690+ - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
1691+ - updated debian/slapd.README.Debian for note on AppArmor
1692+ - debian/slapd.dirs: add etc/apparmor.d/force-complain
1693+ + Enable GSSAPI support (LP: #495418):
1694+ - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1695+ - Add --with-gssapi support
1696+ - Make guess_service_principal() more robust when determining
1697+ principal
1698+ - debian/patches/series: apply gssapi.diff patch.
1699+ - debian/configure.options: Configure with --with-gssapi
1700+ - debian/control: Added libkrb5-dev as a build depend
1701+ + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1702+ in the openldap library, as required by Likewise-Open (LP: #390579)
1703+ + Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
1704+ - debian/control:
1705+ - remove build-dependency on heimdal-dev.
1706+ - remove slapd-smbk5pwd binary package.
1707+ - debian/rules: don't build smbk5pwd slapd module.
1708+ + debian/{control,rules}: enable PIE hardening
1709+ + ufw support (LP: #423246):
1710+ - debian/control: suggest ufw.
1711+ - debian/rules: install ufw profile.
1712+ - debian/slapd.ufw.profile: add ufw profile.
1713+ + Enable nssoverlay:
1714+ - debian/patches/nssov-build, debian/series, debian/rules:
1715+ Apply, build and package the nss overlay.
1716+ - debian/schema/extra/misc.ldif: add ldif file for the misc schema
1717+ which defines rfc822MailMember (required by the nss overlay).
1718+ + debian/rules, debian/schema/extra/:
1719+ Fix configure rule to supports extra schemas shipped as part
1720+ of the debian/schema/ directory.
1721+ + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
1722+ + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
1723+ neither the default DIT nor via an Authn mapping.
1724+ + debian/slapd.scripts-common: adjust minimum version that triggers a
1725+ database upgrade. Upgrade from maverick shouldn't trigger database
1726+ upgrade (which would happen with the version used in Debian).
1727+ + debian/slapd.scripts-common: add slapcat_opts to local variables.
1728+ Remove unused variable new_conf.
1729+ + debian/slapd.script-common: Fix package reconfiguration.
1730+ - Fix backup directory naming for multiple reconfiguration.
1731+ + debian/slapd.default, debian/slapd.README.Debian:
1732+ use the new configuration style.
1733+ + Install nss overlay (LP: #675391):
1734+ - debian/rules: run install target for nssov module.
1735+ - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema
1736+ + debian/patches/gssapi.diff:
1737+ - Update patch so that likewise-open is usuable again. (LP: #661547)
1738+ + debian/patches/service-operational-before-detach: New patch replacing old one
1739+ of the same name as previous could cause database corruption based on upstream commits.
1740+ (LP: #727973)
1741+ + debian/patches/CVE-2011-4079: fix off by one error in postalAddressNormalize()
1742+ (CVE-2011-4079)
1743+
1744+ -- Chuck Short <zulcss@ubuntu.com> Tue, 22 Nov 2011 06:17:49 +0000
1745+
1746 openldap (2.4.25-4) unstable; urgency=low
1747
1748 * Drop explicit depends on libdb4.8, since we're now linking against
1749@@ -812,6 +2332,85 @@ openldap (2.4.25-4) unstable; urgency=low
1750
1751 -- Steve Langasek <vorlon@debian.org> Tue, 18 Oct 2011 01:08:34 +0000
1752
1753+openldap (2.4.25-3ubuntu3) precise; urgency=low
1754+
1755+ * Rebuild for Perl 5.14.
1756+
1757+ -- Colin Watson <cjwatson@ubuntu.com> Tue, 15 Nov 2011 20:50:09 +0000
1758+
1759+openldap (2.4.25-3ubuntu2) precise; urgency=low
1760+
1761+ * SECURITY UPDATE: potential denial of service (LP: #884163)
1762+ - debian/patches/CVE-2011-4079: fix off by one error in
1763+ postalAddressNormalize()
1764+ - CVE-2011-4079
1765+
1766+ -- Jamie Strandboge <jamie@ubuntu.com> Mon, 14 Nov 2011 13:59:56 -0600
1767+
1768+openldap (2.4.25-3ubuntu1) precise; urgency=low
1769+
1770+ * Merge from debian unstable. Remaining changes:
1771+ - Install a default DIT (LP: #442498).
1772+ - Document cn=config in README file (LP: #370784).
1773+ - remaining changes:
1774+ + AppArmor support:
1775+ - debian/apparmor-profile: add AppArmor profile
1776+ - use dh_apparmor:
1777+ - debian/rules: use dh_apparmor
1778+ - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
1779+ - updated debian/slapd.README.Debian for note on AppArmor
1780+ - debian/slapd.dirs: add etc/apparmor.d/force-complain
1781+ + Enable GSSAPI support (LP: #495418):
1782+ - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1783+ - Add --with-gssapi support
1784+ - Make guess_service_principal() more robust when determining
1785+ principal
1786+ - debian/patches/series: apply gssapi.diff patch.
1787+ - debian/configure.options: Configure with --with-gssapi
1788+ - debian/control: Added libkrb5-dev as a build depend
1789+ + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1790+ in the openldap library, as required by Likewise-Open (LP: #390579)
1791+ + Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
1792+ - debian/control:
1793+ - remove build-dependency on heimdal-dev.
1794+ - remove slapd-smbk5pwd binary package.
1795+ - debian/rules: don't build smbk5pwd slapd module.
1796+ + debian/{control,rules}: enable PIE hardening
1797+ + ufw support (LP: #423246):
1798+ - debian/control: suggest ufw.
1799+ - debian/rules: install ufw profile.
1800+ - debian/slapd.ufw.profile: add ufw profile.
1801+ + Enable nssoverlay:
1802+ - debian/patches/nssov-build, debian/series, debian/rules:
1803+ Apply, build and package the nss overlay.
1804+ - debian/schema/extra/misc.ldif: add ldif file for the misc schema
1805+ which defines rfc822MailMember (required by the nss overlay).
1806+ + debian/rules, debian/schema/extra/:
1807+ Fix configure rule to supports extra schemas shipped as part
1808+ of the debian/schema/ directory.
1809+ + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
1810+ + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
1811+ neither the default DIT nor via an Authn mapping.
1812+ + debian/slapd.scripts-common: adjust minimum version that triggers a
1813+ database upgrade. Upgrade from maverick shouldn't trigger database
1814+ upgrade (which would happen with the version used in Debian).
1815+ + debian/slapd.scripts-common: add slapcat_opts to local variables.
1816+ Remove unused variable new_conf.
1817+ + debian/slapd.script-common: Fix package reconfiguration.
1818+ - Fix backup directory naming for multiple reconfiguration.
1819+ + debian/slapd.default, debian/slapd.README.Debian:
1820+ use the new configuration style.
1821+ + Install nss overlay (LP: #675391):
1822+ - debian/rules: run install target for nssov module.
1823+ - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema
1824+ + debian/patches/gssapi.diff:
1825+ - Update patch so that likewise-open is usuable again. (LP: #661547)
1826+ + debian/patches/service-operational-before-detach: New patch replacing old one
1827+ of the same name as previous could cause database corruption based on upstream commits.
1828+ (LP: #727973)
1829+
1830+ -- Chuck Short <zulcss@ubuntu.com> Wed, 19 Oct 2011 20:53:08 +0000
1831+
1832 openldap (2.4.25-3) unstable; urgency=low
1833
1834 * Brown paper bag: really fix the .links.in handling, so we don't generate
1835@@ -834,6 +2433,92 @@ openldap (2.4.25-2) unstable; urgency=low
1836
1837 -- Steve Langasek <vorlon@debian.org> Sun, 14 Aug 2011 23:17:09 -0700
1838
1839+openldap (2.4.25-1.1ubuntu4) oneiric; urgency=low
1840+
1841+ * Brown paper bag: really fix the .links.in handling, so we don't generate
1842+ broken /usr/lib/${DEB_HOST_MULTIARCH} dirs.
1843+
1844+ -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 15 Aug 2011 09:43:29 +0000
1845+
1846+openldap (2.4.25-1.1ubuntu3) oneiric; urgency=low
1847+
1848+ * Cherry-pick multiarch support from Debian (LP: #826601):
1849+ - Bump to compat level 7, so we don't have to spell out debian/tmp in
1850+ every single .install file
1851+ - Build for multiarch.
1852+
1853+ -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 15 Aug 2011 02:23:43 -0700
1854+
1855+openldap (2.4.25-1.1ubuntu2) oneiric; urgency=low
1856+
1857+ * debian/apparmor-profile: Allow /var/run and /run. (LP: #810270)
1858+
1859+ -- Martin Pitt <martin.pitt@ubuntu.com> Thu, 14 Jul 2011 15:18:02 +0200
1860+
1861+openldap (2.4.25-1.1ubuntu1) oneiric; urgency=low
1862+
1863+ * Merge from debian unstable. Remaining changes:
1864+ - Install a default DIT (LP: #442498).
1865+ - Document cn=config in README file (LP: #370784).
1866+ - remaining changes:
1867+ + AppArmor support:
1868+ - debian/apparmor-profile: add AppArmor profile
1869+ - use dh_apparmor:
1870+ - debian/rules: use dh_apparmor
1871+ - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
1872+ - updated debian/slapd.README.Debian for note on AppArmor
1873+ - debian/slapd.dirs: add etc/apparmor.d/force-complain
1874+ + Enable GSSAPI support (LP: #495418):
1875+ - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1876+ - Add --with-gssapi support
1877+ - Make guess_service_principal() more robust when determining
1878+ principal
1879+ - debian/patches/series: apply gssapi.diff patch.
1880+ - debian/configure.options: Configure with --with-gssapi
1881+ - debian/control: Added libkrb5-dev as a build depend
1882+ + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1883+ in the openldap library, as required by Likewise-Open (LP: #390579)
1884+ + Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
1885+ - debian/control:
1886+ - remove build-dependency on heimdal-dev.
1887+ - remove slapd-smbk5pwd binary package.
1888+ - debian/rules: don't build smbk5pwd slapd module.
1889+ + debian/{control,rules}: enable PIE hardening
1890+ + ufw support (LP: #423246):
1891+ - debian/control: suggest ufw.
1892+ - debian/rules: install ufw profile.
1893+ - debian/slapd.ufw.profile: add ufw profile.
1894+ + Enable nssoverlay:
1895+ - debian/patches/nssov-build, debian/series, debian/rules:
1896+ Apply, build and package the nss overlay.
1897+ - debian/schema/extra/misc.ldif: add ldif file for the misc schema
1898+ which defines rfc822MailMember (required by the nss overlay).
1899+ + debian/rules, debian/schema/extra/:
1900+ Fix configure rule to supports extra schemas shipped as part
1901+ of the debian/schema/ directory.
1902+ + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
1903+ + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
1904+ neither the default DIT nor via an Authn mapping.
1905+ + debian/slapd.scripts-common: adjust minimum version that triggers a
1906+ database upgrade. Upgrade from maverick shouldn't trigger database
1907+ upgrade (which would happen with the version used in Debian).
1908+ + debian/slapd.scripts-common: add slapcat_opts to local variables.
1909+ Remove unused variable new_conf.
1910+ + debian/slapd.script-common: Fix package reconfiguration.
1911+ - Fix backup directory naming for multiple reconfiguration.
1912+ + debian/slapd.default, debian/slapd.README.Debian:
1913+ use the new configuration style.
1914+ + Install nss overlay (LP: #675391):
1915+ - debian/rules: run install target for nssov module.
1916+ - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema
1917+ + debian/patches/gssapi.diff:
1918+ - Update patch so that likewise-open is usuable again. (LP: #661547)
1919+ + debian/patches/service-operational-before-detach: New patch replacing old one
1920+ of the same name as previous could cause database corruption based on upstream commits.
1921+ (LP: #727973)
1922+
1923+ -- Chuck Short <zulcss@ubuntu.com> Sun, 05 Jun 2011 17:38:40 +0100
1924+
1925 openldap (2.4.25-1.1) unstable; urgency=low
1926
1927 * Non-maintainer upload to fix RC bug.
1928@@ -841,6 +2526,75 @@ openldap (2.4.25-1.1) unstable; urgency=low
1929
1930 -- Thijs Kinkhorst <thijs@debian.org> Tue, 31 May 2011 11:57:29 +0200
1931
1932+openldap (2.4.25-1ubuntu1) oneiric; urgency=low
1933+
1934+ * Merge from debian unstable. Remaining changes:
1935+ - Install a default DIT (LP: #442498).
1936+ - Document cn=config in README file (LP: #370784).
1937+ - remaining changes:
1938+ + AppArmor support:
1939+ - debian/apparmor-profile: add AppArmor profile
1940+ - use dh_apparmor:
1941+ - debian/rules: use dh_apparmor
1942+ - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
1943+ - updated debian/slapd.README.Debian for note on AppArmor
1944+ - debian/slapd.dirs: add etc/apparmor.d/force-complain
1945+ + Enable GSSAPI support (LP: #495418):
1946+ - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1947+ - Add --with-gssapi support
1948+ - Make guess_service_principal() more robust when determining
1949+ principal
1950+ - debian/patches/series: apply gssapi.diff patch.
1951+ - debian/configure.options: Configure with --with-gssapi
1952+ - debian/control: Added libkrb5-dev as a build depend
1953+ + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1954+ in the openldap library, as required by Likewise-Open (LP: #390579)
1955+ + Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
1956+ - debian/control:
1957+ - remove build-dependency on heimdal-dev.
1958+ - remove slapd-smbk5pwd binary package.
1959+ - debian/rules: don't build smbk5pwd slapd module.
1960+ + debian/{control,rules}: enable PIE hardening
1961+ + ufw support (LP: #423246):
1962+ - debian/control: suggest ufw.
1963+ - debian/rules: install ufw profile.
1964+ - debian/slapd.ufw.profile: add ufw profile.
1965+ + Enable nssoverlay:
1966+ - debian/patches/nssov-build, debian/series, debian/rules:
1967+ Apply, build and package the nss overlay.
1968+ - debian/schema/extra/misc.ldif: add ldif file for the misc schema
1969+ which defines rfc822MailMember (required by the nss overlay).
1970+ + debian/rules, debian/schema/extra/:
1971+ Fix configure rule to supports extra schemas shipped as part
1972+ of the debian/schema/ directory.
1973+ + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
1974+ + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
1975+ neither the default DIT nor via an Authn mapping.
1976+ + debian/slapd.scripts-common: adjust minimum version that triggers a
1977+ database upgrade. Upgrade from maverick shouldn't trigger database
1978+ upgrade (which would happen with the version used in Debian).
1979+ + debian/slapd.scripts-common: add slapcat_opts to local variables.
1980+ Remove unused variable new_conf.
1981+ + debian/slapd.script-common: Fix package reconfiguration.
1982+ - Fix backup directory naming for multiple reconfiguration.
1983+ + debian/slapd.default, debian/slapd.README.Debian:
1984+ use the new configuration style.
1985+ + Install nss overlay (LP: #675391):
1986+ - debian/rules: run install target for nssov module.
1987+ - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema
1988+ + debian/patches/gssapi.diff:
1989+ - Update patch so that likewise-open is usuable again. (LP: #661547)
1990+ + debian/patches/service-operational-before-detach: New patch replacing old one
1991+ of the same name as previous could cause database corruption based on upstream commits.
1992+ (LP: #727973)
1993+ + Dropped:
1994+ - debian/patches/gold: Use the debian version instead
1995+ - debian/patches/CVE-2011-1024: Fixed upstream
1996+ - debian/patches/CVE-2011-1025: Fixed upstream
1997+ - debian/patches/CVE-2011-1081: Fixed upstream
1998+
1999+ -- Chuck Short <zulcss@ubuntu.com> Sun, 08 May 2011 16:34:09 +0100
2000+
2001 openldap (2.4.25-1) unstable; urgency=low
2002
2003 * New upstream version (Closes: #617606, #618904, #606815, #608813)
2004@@ -872,6 +2626,116 @@ openldap (2.4.23-7) unstable; urgency=low
2005
2006 -- Matthijs Mohlmann <matthijs@cacholong.nl> Sat, 06 Nov 2010 12:13:01 +0100
2007
2008+openldap (2.4.23-6ubuntu7) oneiric; urgency=low
2009+
2010+ * Rebuild for Perl 5.12.
2011+
2012+ -- Colin Watson <cjwatson@ubuntu.com> Sun, 08 May 2011 13:40:28 +0100
2013+
2014+openldap (2.4.23-6ubuntu6) natty; urgency=low
2015+
2016+ * SECURITY UPDATE: fix successful anonymous bind via chain overlay when
2017+ using forwarded authentication failures
2018+ - debian/patches/CVE-2011-1024
2019+ - CVE-2011-1024
2020+ * SECURITY UPDATE: verify password when authenticating to rootdn and using ndb
2021+ backend. Note: Ubuntu is not compiled with --enable-ndb by default
2022+ - debian/patches/CVE-2011-1025
2023+ - CVE-2011-1025
2024+ * SECURITY UPDATE: fix DoS when processing unauthenticated modrdn requests
2025+ and requestDN is empty
2026+ - debian/patches/CVE-2011-1081
2027+ - CVE-2011-1081
2028+ - LP: #742104
2029+
2030+ -- Jamie Strandboge <jamie@ubuntu.com> Thu, 07 Apr 2011 11:36:53 -0500
2031+
2032+openldap (2.4.23-6ubuntu5) natty; urgency=low
2033+
2034+ * debian/patches/service-operational-before-detach: New patch replacing
2035+ old one of same name as previous could cause database corruption,
2036+ based on upstream commits. (LP: #727973)
2037+
2038+ -- Dave Walker (Daviey) <DaveWalker@ubuntu.com> Wed, 02 Mar 2011 20:33:08 +0000
2039+
2040+openldap (2.4.23-6ubuntu4) natty; urgency=low
2041+
2042+ * Fix FTBFS with ld.gold.
2043+
2044+ -- Matthias Klose <doko@ubuntu.com> Wed, 19 Jan 2011 07:39:49 +0100
2045+
2046+openldap (2.4.23-6ubuntu3) natty; urgency=low
2047+
2048+ * debian/patches/gssapi.diff:
2049+ Update patch so that likewise-open is usable again (LP: #661547)
2050+
2051+ -- Thierry Carrez (ttx) <thierry.carrez@ubuntu.com> Fri, 26 Nov 2010 15:50:11 +0100
2052+
2053+openldap (2.4.23-6ubuntu2) natty; urgency=low
2054+
2055+ * Install nss overlay (LP: #675391):
2056+ - debian/rules: run install target for nssov module.
2057+ - debian/patches/nssov-build: fix patch to install schema in
2058+ /etc/ldap/schema.
2059+
2060+ -- Mathias Gug <mathiaz@ubuntu.com> Wed, 17 Nov 2010 18:16:42 -0500
2061+
2062+openldap (2.4.23-6ubuntu1) natty; urgency=low
2063+
2064+ * Merge from Debian unstable:
2065+ - Install a default DIT (LP: #442498).
2066+ - Document cn=config in README file (LP: #370784).
2067+ - remaining changes:
2068+ + AppArmor support:
2069+ - debian/apparmor-profile: add AppArmor profile
2070+ - use dh_apparmor:
2071+ - debian/rules: use dh_apparmor
2072+ - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
2073+ - updated debian/slapd.README.Debian for note on AppArmor
2074+ - debian/slapd.dirs: add etc/apparmor.d/force-complain
2075+ + Enable GSSAPI support (LP: #495418):
2076+ - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
2077+ - Add --with-gssapi support
2078+ - Make guess_service_principal() more robust when determining
2079+ principal
2080+ - debian/patches/series: apply gssapi.diff patch.
2081+ - debian/configure.options: Configure with --with-gssapi
2082+ - debian/control: Added libkrb5-dev as a build depend
2083+ + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
2084+ in the openldap library, as required by Likewise-Open (LP: #390579)
2085+ + Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
2086+ - debian/control:
2087+ - remove build-dependency on heimdal-dev.
2088+ - remove slapd-smbk5pwd binary package.
2089+ - debian/rules: don't build smbk5pwd slapd module.
2090+ + debian/{control,rules}: enable PIE hardening
2091+ + ufw support (LP: #423246):
2092+ - debian/control: suggest ufw.
2093+ - debian/rules: install ufw profile.
2094+ - debian/slapd.ufw.profile: add ufw profile.
2095+ + Enable nssoverlay:
2096+ - debian/patches/nssov-build, debian/series, debian/rules:
2097+ Apply, build and package the nss overlay.
2098+ - debian/schema/extra/misc.ldif: add ldif file for the misc schema
2099+ which defines rfc822MailMember (required by the nss overlay).
2100+ + debian/rules, debian/schema/extra/:
2101+ Fix configure rule to supports extra schemas shipped as part
2102+ of the debian/schema/ directory.
2103+ + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
2104+ + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
2105+ neither the default DIT nor via an Authn mapping.
2106+ + debian/slapd.scripts-common: adjust minimum version that triggers a
2107+ database upgrade. Upgrade from maverick shouldn't trigger database
2108+ upgrade (which would happen with the version used in Debian).
2109+ + debian/slapd.scripts-common: add slapcat_opts to local variables.
2110+ Remove unused variable new_conf.
2111+ + debian/slapd.script-common: Fix package reconfiguration.
2112+ - Fix backup directory naming for multiple reconfiguration.
2113+ + debian/slapd.default, debian/slapd.README.Debian:
2114+ use the new configuration style.
2115+
2116+ -- Mathias Gug <mathiaz@ubuntu.com> Fri, 12 Nov 2010 15:19:07 -0500
2117+
2118 openldap (2.4.23-6) unstable; urgency=high
2119
2120 * Check for an empty directory to prevent an rm -f /*. (Closes: #597704)
2121@@ -994,6 +2858,80 @@ openldap (2.4.23-1) unstable; urgency=low
2122
2123 -- Matthijs Mohlmann <matthijs@cacholong.nl> Mon, 12 Jul 2010 13:25:00 +0200
2124
2125+openldap (2.4.23-0ubuntu4) natty; urgency=low
2126+
2127+ * debian/slapd.templates: amended typo in slapd/move_old_database
2128+ (LP: #666028)
2129+
2130+ -- James Page <james.page@canonical.com> Mon, 08 Nov 2010 10:00:58 +0000
2131+
2132+openldap (2.4.23-0ubuntu3.2) maverick-proposed; urgency=low
2133+
2134+ * debian/slapd.templates: re-add slapd/move_old_database template as it's
2135+ used during the package upgrade. Thanks to James Page for pointing it.
2136+ * debian/slapd.config: restore debconf question slapd/move_old_database.
2137+
2138+ -- Mathias Gug <mathiaz@ubuntu.com> Thu, 14 Oct 2010 16:56:38 -0400
2139+
2140+openldap (2.4.23-0ubuntu3.1) maverick-proposed; urgency=low
2141+
2142+ [ James Page ]
2143+ * Fixed install/upgrade process to dump/restore databases due
2144+ to uplift to libdb4.8-dev (LP: #658227)
2145+
2146+ -- Mathias Gug <mathiaz@ubuntu.com> Thu, 14 Oct 2010 14:50:49 -0400
2147+
2148+openldap (2.4.23-0ubuntu3) maverick; urgency=low
2149+
2150+ * debian/rules: move dh_apparmor before dh_installinit
2151+
2152+ -- Jamie Strandboge <jamie@ubuntu.com> Fri, 06 Aug 2010 17:34:21 -0500
2153+
2154+openldap (2.4.23-0ubuntu2) maverick; urgency=low
2155+
2156+ * convert to using dh_apparmor:
2157+ - debian/rules, debian/slapd.post{inst,rm}: use dh_apparmor
2158+ - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
2159+ * debian/apparmor-profile: use local include
2160+
2161+ -- Jamie Strandboge <jamie@ubuntu.com> Fri, 06 Aug 2010 15:08:55 -0500
2162+
2163+openldap (2.4.23-0ubuntu1) maverick; urgency=low
2164+
2165+ * New release, features include:
2166+ + Fixed libldap to return server's error code (ITS#6569)
2167+ + Fixed libldap memleaks (ITS#6568)
2168+ + Fixed liblutil off-by-one with delta (ITS#6541)
2169+ + Fixed slapd acls with glued databases (ITS#6468)
2170+ + Fixed slapd syncrepl rid logging (ITS#6533)
2171+ + Fixed slapd modrdn handling of invalid values (ITS#6570)
2172+ + Fixed slapd-bdb hasSubordinates computation (ITS#6549)
2173+ + Fixed slapd-bdb to use memcpy instead for strcpy (ITS#6474)
2174+ + Fixed slapd-bdb entry cache delete failure (ITS#6577)
2175+ + Fixed slapd-ldap to return control responses (ITS#6530)
2176+ + Fixed slapo-ppolicy to use Debug (ITS#6566)
2177+ + Fixed slapo-refint to zero out freed DN vals (ITS#6572)
2178+ + Fixed slapo-rwm to use Debug (ITS#6566)
2179+ + Fixed slapo-sssvlv to use Debug (ITS#6566)
2180+ + Fixed slapo-syncprov lost deletes in refresh phase (ITS#6555)
2181+ + Fixed slapo-valsort to use Debug (ITS#6566)
2182+ + Fixed contrib/nssov network.c missing patch (ITS#6562)
2183+ + Fixed test043 attribute sorting (ITS#6553)
2184+ + slapd-config(5) note default rootdn (ITS#6546)
2185+ * Rebased patches debian/patches/dropped nssov-build
2186+ * Resynchronize with Debian:
2187+ + debian/control:
2188+ - Bump standards-version to 3.9.0
2189+ - Use libdb4.8-dev (LP: #572489)
2190+ + Added debian/patches/issue-6534-patch
2191+ + Added debian/patches/ldap-conf-tls-cacertdir
2192+ * Add ufw support, thanks to PatRiehecky (LP: #423246)
2193+
2194+ [Adam Sommer]
2195+ * debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
2196+
2197+ -- Chuck Short <zulcss@ubuntu.com> Wed, 28 Jul 2010 11:35:16 -0400
2198+
2199 openldap (2.4.21-1) unstable; urgency=low
2200
2201 [ Steve Langasek ]
2202@@ -1025,6 +2963,79 @@ openldap (2.4.21-1) unstable; urgency=low
2203
2204 -- Matthijs Mohlmann <matthijs@cacholong.nl> Thu, 22 Apr 2010 23:40:30 +0200
2205
2206+openldap (2.4.21-0ubuntu5) lucid; urgency=low
2207+
2208+ * Fix local root connection access: replace olcAuthzRegexp mapping to
2209+ cn=localroot,cn=config with using the SASL dn directly in olcAccess.
2210+ Makes upgrades much simpler and robust (LP: #563829).
2211+
2212+ -- Mathias Gug <mathiaz@ubuntu.com> Fri, 23 Apr 2010 00:23:31 -0400
2213+
2214+openldap (2.4.21-0ubuntu4) lucid; urgency=low
2215+
2216+ [ Simon Olofsson ]
2217+ * debian/slapd.postinst:
2218+ - Show a message after successful migration (LP: #538848)
2219+
2220+ [ Jorgen Rosink ]
2221+ * debian/slapd.init: add simple status checking with LSB compatible exit
2222+ codes (LP: #562377)
2223+ * debian/slapd.init.ldif:
2224+ - remove admin user in default config database (LP: #556176)
2225+ - in default config, add olcAccess entries giving access to controls
2226+ available and cn=subschema (LP: #427842)
2227+
2228+ [ Scott Moser ]
2229+ * debian/slapd.scripts-common: Do not create /nonexistent directory
2230+ for openldap user's home (LP: #556176)
2231+ * debian/slapd.postinst: fix cn=config olcAccess migration (LP: #559070)
2232+
2233+ -- Scott Moser <smoser@ubuntu.com> Mon, 12 Apr 2010 16:16:47 -0400
2234+
2235+openldap (2.4.21-0ubuntu3) lucid; urgency=low
2236+
2237+ * debian/slapd.postinst, debian/slapd.scripts-common: Upgrade databases
2238+ before trying to convert to slapd.d, to avoid upgrade failure from hardy
2239+ (LP: #536958)
2240+ * debian/slapd.postinst: Add a {1} numeric index to olcAccess entry in
2241+ olcDatabase={0}config.ldif to avoid upgrade failures (LP: #538516, #526230)
2242+
2243+ -- Thierry Carrez <thierry.carrez@ubuntu.com> Mon, 29 Mar 2010 13:31:47 +0200
2244+
2245+openldap (2.4.21-0ubuntu2) lucid; urgency=low
2246+
2247+ * debian/apparmor-profile: Update apparmor profile. (LP: #508190)
2248+
2249+ -- Chuck Short <zulcss@ubuntu.com> Tue, 09 Mar 2010 13:33:35 -0500
2250+
2251+openldap (2.4.21-0ubuntu1) lucid; urgency=low
2252+
2253+ * New upstream release.
2254+ * debian/rules, debian/schema/extra/:
2255+ Fix get-orig-source rule to supports extra schemas shipped as part of the
2256+ debian/schema/ directory.
2257+
2258+ -- Mathias Gug <mathiaz@ubuntu.com> Thu, 18 Feb 2010 00:58:13 -0500
2259+
2260+openldap (2.4.18-0ubuntu2) lucid; urgency=low
2261+
2262+ * debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
2263+ - Add --with-gssapi support
2264+ - Make guess_service_principal() more robust when determining principal
2265+ * Enable GSSAPI support (LP: #495418):
2266+ - debian/configure.options: Configure with --with-gssapi
2267+ - debian/control: Added libkrb5-dev as a build depend
2268+
2269+ -- Thierry Carrez <thierry.carrez@ubuntu.com> Fri, 11 Dec 2009 11:31:11 +0100
2270+
2271+openldap (2.4.18-0ubuntu1) karmic; urgency=low
2272+
2273+ * New upstream release: (LP: #419515):
2274+ + pcache overlay supports disconnected mode.
2275+ * Fix nss overlay load (LP: #417163).
2276+
2277+ -- Mathias Gug <mathiaz@ubuntu.com> Mon, 07 Sep 2009 13:41:10 -0400
2278+
2279 openldap (2.4.17-2.1) unstable; urgency=high
2280
2281 * Non-maintainer upload by the Security Team.
2282@@ -1051,6 +3062,108 @@ openldap (2.4.17-2) unstable; urgency=low
2283
2284 -- Steve Langasek <vorlon@debian.org> Tue, 22 Sep 2009 20:06:34 -0700
2285
2286+openldap (2.4.17-1ubuntu3) karmic; urgency=low
2287+
2288+ * Install a minimal slapd configuration instead of creating a default
2289+ database with a default DIT:
2290+ + Move openldap user home from /var/lib/ldap to /nonexistent.
2291+ + Remove all code and templates dealing with the default database and DIT
2292+ creation.
2293+ + Add an Authz map from root user (UID=0) to cn=localroot,cn=config and
2294+ grant all access to the latter in the cn=config database as well as the
2295+ default backend configuration.
2296+ * Add cn=localroot,cn=config authz mapping on upgrades.
2297+
2298+ -- Mathias Gug <mathiaz@ubuntu.com> Tue, 11 Aug 2009 14:48:56 -0400
2299+
2300+openldap (2.4.17-1ubuntu2) karmic; urgency=low
2301+
2302+ [ Thierry Carrez ]
2303+ * debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
2304+ in the openldap library, as required by Likewise-Open (LP: #390579)
2305+
2306+ [ Mathias Gug ]
2307+ * debian/patches/its6077-uniqueness-overlay: fixes some issues with the
2308+ uniqueness overlay.
2309+ * debian/patches/its6220-writetimeout-directive: fixes a problem with the
2310+ writetimeout directive being in effect even if it wasn't set,
2311+ closing connections incorrectly.
2312+ * debian/patches/its6222-dncachesize-parameter: fixes the behavior of the
2313+ dncachesize parameter that was added in RE24, so that if it is set to
2314+ "0" (now the default), it has an unlimited DN cache (RE23 always
2315+ had an unlimited DN cache).
2316+
2317+ -- Mathias Gug <mathiaz@ubuntu.com> Fri, 31 Jul 2009 13:43:46 -0400
2318+
2319+openldap (2.4.17-1ubuntu1) karmic; urgency=low
2320+
2321+ [ Steve Langasek ]
2322+ * Fix up the lintian warnings:
2323+ - add missing misc-depends on all packages
2324+ - slapd, libldap-2.4-2-dbg sections changed to 'debug' to match archive
2325+ overrides
2326+ - bump Standards-Version to 3.8.2, no changes required.
2327+
2328+ [ Mathias Gug ]
2329+ * Resynchronise with Debian. Remaining changes:
2330+ - AppArmor support:
2331+ - debian/apparmor-profile: add AppArmor profile
2332+ - updated debian/slapd.README.Debian for note on AppArmor
2333+ - debian/slapd.dirs: add etc/apparmor.d/force-complain
2334+ - debian/slapd.postrm: remove symlink in force-complain/ on purge
2335+ - debian/rules: install apparmor profile.
2336+ - Don't use local statement in config script as it fails if /bin/sh
2337+ points to bash.
2338+ - debian/slapd.postinst, debian/slapd.script-common: set correct
2339+ ownership and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group
2340+ readable) and /var/run/slapd (world readable).
2341+ - Enable nssoverlay:
2342+ - debian/patches/nssov-build, debian/rules: Build and package the nss
2343+ overlay.
2344+ - debian/schema/misc.ldif: add ldif file for the misc schema which
2345+ defines rfc822MailMember (required by the nss overlay).
2346+ - debian/{control,rules}: enable PIE hardening
2347+ - Use cn=config as the default configuration backend instead of
2348+ slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade
2349+ asking the end user to enter a new password to control the access to
2350+ the cn=config tree.
2351+ - debian/slapd.postinst: create /var/run/slapd before updating its
2352+ permissions.
2353+ - debian/slapd.init: Correctly set slapd config backend option even if
2354+ the pidfile is configured in slapd default file.
2355+ * Dropped:
2356+ - Merged in Debian:
2357+ - Update priority of libldap-2.4-2 to match the archive override.
2358+ - Add the missing ldapexop and ldapurl tools to ldap-utils, as well as
2359+ the ldapurl(1) manpage.
2360+ - Bump build-dependency on debhelper to 6 instead of 5, since that's
2361+ what we're using.
2362+ - Set the default SLAPD_SERVICES to ldap:/// ldapi:///, instead of using
2363+ the built-in default of ldap:/// only.
2364+ - Fixed in upstream release:
2365+ - debian/patches/fix-ldap_back_entry_get_rwa.patch: fix test-0034
2366+ failure when built with PIE.
2367+ - debian/patches/gnutls-enable-v1-ca-certs: Enable V1 CA certs to be
2368+ trusted.
2369+ - Update Apparmor profile support: don't support upgrade from pre-hardy
2370+ systems:
2371+ - debian/slapd.postinst: Reload AA profile on configuration
2372+ - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
2373+ - debian/control: Conflicts with apparmor-profiles <<
2374+ 2.1+1075-0ubuntu4 to make sure that if earlier version of
2375+ apparmor-profiles gets installed it won't overwrite our profile.
2376+ - follow ApparmorProfileMigration and force apparmor complain mode on
2377+ some upgrades
2378+ - debian/slapd.preinst: create symlink for force-complain on
2379+ pre-feisty upgrades, upgrades where apparmor-profiles profile is
2380+ unchanged (ie non-enforcing) and upgrades where apparmor profile
2381+ does not exist.
2382+ - debian/patches/autogen.sh: no longer needed with karmic libtool.
2383+ - Call libtoolize with the --install option to install
2384+ config.{guess,sub} files.
2385+
2386+ -- Mathias Gug <mathiaz@ubuntu.com> Thu, 30 Jul 2009 16:42:58 -0400
2387+
2388 openldap (2.4.17-1) unstable; urgency=low
2389
2390 * New upstream version.
2391@@ -1073,6 +3186,153 @@ openldap (2.4.17-1) unstable; urgency=low
2392
2393 -- Steve Langasek <vorlon@debian.org> Tue, 28 Jul 2009 10:17:15 -0700
2394
2395+openldap (2.4.15-1.1ubuntu1) karmic; urgency=low
2396+
2397+ * Resynchronise with Debian. Remaining changes:
2398+ - AppArmor support:
2399+ - debian/apparmor-profile: add AppArmor profile
2400+ - debian/slapd.postinst: Reload AA profile on configuration
2401+ - updated debian/slapd.README.Debian for note on AppArmor
2402+ - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
2403+ - debian/control: Conflicts with apparmor-profiles <<
2404+ 2.1+1075-0ubuntu4 to make sure that if earlier version of
2405+ apparmor-profiles gets installed it won't overwrite our profile.
2406+ - follow ApparmorProfileMigration and force apparmor complain mode on
2407+ some upgrades
2408+ - debian/slapd.dirs: add etc/apparmor.d/force-complain
2409+ - debian/slapd.preinst: create symlink for force-complain on
2410+ pre-feisty upgrades, upgrades where apparmor-profiles profile is
2411+ unchanged (ie non-enforcing) and upgrades where apparmor profile
2412+ does not exist.
2413+ - debian/slapd.postrm: remove symlink in force-complain/ on purge
2414+ - debian/patches/autogen.sh:
2415+ - Call libtoolize with the --install option to install
2416+ config.{guess,sub} files.
2417+ - Don't use local statement in config script as it fails if /bin/sh
2418+ points to bash.
2419+ - debian/slapd.postinst, debian/slapd.script-common: set correct
2420+ ownership and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group
2421+ readable) and /var/run/slapd (world readable).
2422+ - Enable nssoverlay:
2423+ - debian/patches/nssov-build, debian/rules: Build and package the nss
2424+ overlay.
2425+ - debian/schema/misc.ldif: add ldif file for the misc schema which
2426+ defines rfc822MailMember (required by the nss overlay).
2427+ - debian/{control,rules}: enable PIE hardening
2428+ - Use cn=config as the default configuration backend instead of
2429+ slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade
2430+ asking the end user to enter a new password to control the access to
2431+ the cn=config tree.
2432+ - Update priority of libldap-2.4-2 to match the archive override.
2433+ - Add the missing ldapexop and ldapurl tools to ldap-utils, as well as
2434+ the ldapurl(1) manpage.
2435+ - Bump build-dependency on debhelper to 6 instead of 5, since that's
2436+ what we're using.
2437+ - Set the default SLAPD_SERVICES to ldap:/// ldapi:///, instead of using
2438+ the built-in default of ldap:/// only.
2439+ - debian/patches/fix-ldap_back_entry_get_rwa.patch: fix test-0034
2440+ failure when built with PIE.
2441+ - debian/patches/gnutls-enable-v1-ca-certs: Enable V1 CA certs to be
2442+ trusted.
2443+ - debian/slapd.postinst: create /var/run/slapd before updating its
2444+ permissions.
2445+ - debian/slapd.init: Correctly set slapd config backend option even if
2446+ the pidfile is configured in slapd default file.
2447+ * Drop patch to avoid the test suite on hppa, as hppa is EOL.
2448+
2449+ -- Colin Watson <cjwatson@ubuntu.com> Wed, 24 Jun 2009 10:45:20 +0100
2450+
2451+openldap (2.4.15-1.1) unstable; urgency=low
2452+
2453+ * Non-maintainer upload.
2454+ * Change libltdl3-dev Build-Depends to libltdl-dev | libltdl3-dev
2455+ (Closes: #522965)
2456+
2457+ -- Kurt Roeckx <kurt@roeckx.be> Sun, 19 Apr 2009 18:24:32 +0200
2458+
2459+openldap (2.4.15-1ubuntu3) jaunty; urgency=low
2460+
2461+ * No-change rebuild to fix lpia shared library dependencies.
2462+
2463+ -- Colin Watson <cjwatson@ubuntu.com> Thu, 19 Mar 2009 09:52:40 +0000
2464+
2465+openldap (2.4.15-1ubuntu2) jaunty; urgency=low
2466+
2467+ * debian/slapd.postinst: create /var/run/slapd before updating its
2468+ permissions (LP: #298928).
2469+ * debian/slapd.init: Correclty set slapd config backend option even if the
2470+ pidfile is configured in slapd default file (LP: #292364).
2471+ * debian/apparmor-profile: support multiple databases to be stored under
2472+ /var/lib/ldap/. (LP: #286614).
2473+
2474+ -- Mathias Gug <mathiaz@ubuntu.com> Fri, 13 Mar 2009 13:56:12 -0400
2475+
2476+openldap (2.4.15-1ubuntu1) jaunty; urgency=low
2477+
2478+ [ Steve Langasek ]
2479+ * Update priority of libldap-2.4-2 to match the archive override.
2480+ * Add the missing ldapexop and ldapurl tools to ldap-utils, as well as the
2481+ ldapurl(1) manpage. Thanks to Peter Marschall for the patch.
2482+ Closes: #496749.
2483+ * Bump build-dependency on debhelper to 6 instead of 5, since that's
2484+ what we're using. Closes: #498116.
2485+ * Set the default SLAPD_SERVICES to ldap:/// ldapi:///, instead of using
2486+ the built-in default of ldap:/// only.
2487+
2488+ [ Mathias Gug ]
2489+ * Merge from debian unstable, remaining changes:
2490+ - Modify Maintainer value to match the DebianMaintainerField
2491+ speficication.
2492+ - AppArmor support:
2493+ - debian/apparmor-profile: add AppArmor profile
2494+ - debian/slapd.postinst: Reload AA profile on configuration
2495+ - updated debian/slapd.README.Debian for note on AppArmor
2496+ - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
2497+ - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
2498+ to make sure that if earlier version of apparmour-profiles gets
2499+ installed it won't overwrite our profile.
2500+ - follow ApparmorProfileMigration and force apparmor compalin mode on
2501+ some upgrades (LP: #203529)
2502+ - debian/slapd.dirs: add etc/apparmor.d/force-complain
2503+ - debian/slapd.preinst: create symlink for force-complain on pre-feisty
2504+ upgrades, upgrades where apparmor-profiles profile is unchanged (ie
2505+ non-enforcing) and upgrades where apparmor profile does not exist.
2506+ - debian/slapd.postrm: remove symlink in force-complain/ on purge
2507+ - debian/control:
2508+ - Build-depend on libltdl7-dev rather then libltdl3-dev.
2509+ - debian/patches/autogen.sh:
2510+ - Call libtoolize with the --install option to install config.{guess,sub}
2511+ files.
2512+ - Don't use local statement in config script as it fails if /bin/sh
2513+ points to bash (LP: #286063).
2514+ - Disable the testsuite on hppa. Allows building of packages on this
2515+ architecture again, once this package is in the archive.
2516+ LP: #288908.
2517+ - debian/slapd.postinst, debian/slapd.script-common: set correct ownership
2518+ and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group readable) and
2519+ /var/run/slapd (world readable). (LP: #257667).
2520+ - Enable nssoverlay:
2521+ - debian/patches/nssov-build, debian/rules: Build and package
2522+ the nss overlay.
2523+ - debian/schema/misc.ldif: add ldif file for the misc schema
2524+ which defines rfc822MailMember (required by the nss overlay).
2525+ - debian/{control,rules}: enable PIE hardening
2526+ - Use cn=config as the default configuration backend instead of
2527+ slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade
2528+ asking the end user to enter a new password to control the access to the
2529+ cn=config tree.
2530+ * Dropped:
2531+ - debian/patches/corrupt-contextCSN: The contextCSN can get corrupted at
2532+ times. (ITS: #5947) Fixed in new upstream version 2.4.15.
2533+ - debian/patches/fix-ucred-libc due to changes how newer glibc handle
2534+ the ucred struct now. Implemented in Debian.
2535+ * debian/patches/fix-ldap_back_entry_get_rwa.patch: fix test-0034 failure
2536+ when built with PIE.
2537+ * debian/patches/gnutls-enable-v1-ca-certs: Enable V1 CA certs to be
2538+ trusted (LP: #305264).
2539+
2540+ -- Mathias Gug <mathiaz@ubuntu.com> Fri, 06 Mar 2009 17:34:21 -0500
2541+
2542 openldap (2.4.15-1) unstable; urgency=low
2543
2544 * New upstream version
2545@@ -1090,6 +3350,69 @@ openldap (2.4.15-1) unstable; urgency=low
2546
2547 -- Steve Langasek <vorlon@debian.org> Tue, 24 Feb 2009 14:27:35 -0800
2548
2549+openldap (2.4.14-0ubuntu1) jaunty; urgency=low
2550+
2551+ [ Steve Langasek ]
2552+ * New upstream version
2553+ - Fixes a bug with the pcache overlay not returning cached entries
2554+ (closes: #497697)
2555+ - Update evolution-ntlm patch to apply to current Makefiles.
2556+ - (tentatively) drop gnutls-ciphers, since this bug was reported to be
2557+ fixed upstream in 2.4.8. The fix applied in 2.4.8 didn't match the
2558+ patch from the bug report, so this should be watched for regressions.
2559+ * Build against db4.7 instead of db4.2 at last! Closes: #421946.
2560+ * Build with --disable-ndb, to avoid a misbuild when libmysqlclient is
2561+ installed in the build environment.
2562+ * New patch, no-crlcheck-for-gnutls, to fix a build failure when using
2563+ --with-tls=gnutls.
2564+
2565+ [ Mathias Gug ]
2566+ * Merge from debian unstable, remaining changes:
2567+ - debian/apparmor-profile: add AppArmor profile
2568+ - debian/slapd.postinst: Reload AA profile on configuration
2569+ - updated debian/slapd.README.Debian for note on AppArmor
2570+ - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
2571+ - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
2572+ to make sure that if earlier version of apparmour-profiles gets
2573+ installed it won't overwrite our profile.
2574+ - Modify Maintainer value to match the DebianMaintainerField
2575+ speficication.
2576+ - follow ApparmorProfileMigration and force apparmor compalin mode on
2577+ some upgrades (LP: #203529)
2578+ - debian/slapd.dirs: add etc/apparmor.d/force-complain
2579+ - debian/slapd.preinst: create symlink for force-complain on pre-feisty
2580+ upgrades, upgrades where apparmor-profiles profile is unchanged (ie
2581+ non-enforcing) and upgrades where apparmor profile does not exist.
2582+ - debian/slapd.postrm: remove symlink in force-complain/ on purge
2583+ - debian/patches/fix-ucred-libc due to changes how newer glibc handle
2584+ the ucred struct now.
2585+ - debian/control:
2586+ - Build-depend on libltdl7-dev rather then libltdl3-dev.
2587+ - debian/patches/autogen.sh:
2588+ - Call libtoolize with the --install option to install config.{guess,sub}
2589+ files.
2590+ - Don't use local statement in config script as it fails if /bin/sh
2591+ points to bash (LP: #286063).
2592+ - Disable the testsuite on hppa. Allows building of packages on this
2593+ architecture again, once this package is in the archive.
2594+ LP: #288908.
2595+ - debian/slapd.postinst, debian/slapd.script-common: set correct ownership
2596+ and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group readable) and
2597+ /var/run/slapd (world readable). (LP: #257667).
2598+ - debian/patches/nssov-build, debian/rules:
2599+ Build and package the nss overlay.
2600+ debian/schema/misc.ldif: add ldif file for the misc schema, which defines
2601+ rfc822MailMember (required by the nss overlay).
2602+ - debian/{control,rules}: enable PIE hardening
2603+ - Use cn=config as the default configuration backend instead of
2604+ slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade
2605+ asking the end user to enter a new password to control the access to the
2606+ cn=config tree.
2607+ * debian/patches/corrupt-contextCSN: The contextCSN can get corrupted at
2608+ times. (ITS: #5947)
2609+
2610+ -- Mathias Gug <mathiaz@ubuntu.com> Wed, 18 Feb 2009 18:44:00 -0500
2611+
2612 openldap (2.4.11-1) unstable; urgency=low
2613
2614 * New upstream version (closes: #499560).
2615@@ -1112,6 +3435,110 @@ openldap (2.4.11-1) unstable; urgency=low
2616
2617 -- Steve Langasek <vorlon@debian.org> Sat, 11 Oct 2008 01:53:55 -0700
2618
2619+openldap (2.4.11-0ubuntu7) jaunty; urgency=low
2620+
2621+ * Don't use local statement in config script as it fails if /bin/sh
2622+ points to bash (LP: #286063).
2623+
2624+ -- Mathias Gug <mathiaz@ubuntu.com> Tue, 04 Nov 2008 20:03:46 -0500
2625+
2626+openldap (2.4.11-0ubuntu6) intrepid; urgency=low
2627+
2628+ * Disable the testsuite on hppa. Allows building of packages on this
2629+ architecture again, once this package is in the archive.
2630+ LP: #288908.
2631+
2632+ -- Matthias Klose <doko@ubuntu.com> Fri, 24 Oct 2008 23:22:33 +0200
2633+
2634+openldap (2.4.11-0ubuntu5) intrepid; urgency=low
2635+
2636+ * Don't set admin passwords in ldif files if adminpw is empty.
2637+ (LP: #273988 - LP: #276606).
2638+
2639+ -- Mathias Gug <mathiaz@ubuntu.com> Mon, 13 Oct 2008 19:31:15 -0400
2640+
2641+openldap (2.4.11-0ubuntu4) intrepid; urgency=low
2642+
2643+ * debian/slapd.postinst, debian/slapd.script-common: set correct ownership
2644+ and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group readable) and
2645+ /var/run/slapd (world readable). (LP: #257667).
2646+ * debian/slapd.script-common:
2647+ - Fix package reconfiguration:
2648+ + Remove slapd.d/ directory if it already exists when creating a new
2649+ configuration.
2650+ + Fix backup directory naming for multiple reconfiguration.
2651+
2652+ -- Mathias Gug <mathiaz@ubuntu.com> Wed, 24 Sep 2008 21:01:42 -0400
2653+
2654+openldap (2.4.11-0ubuntu3) intrepid; urgency=low
2655+
2656+ * debian/patches/nssov-build, debian/rules:
2657+ Build and package the nss overlay.
2658+ * debian/schema/misc.ldif: add ldif file for the misc schema, which defines
2659+ rfc822MailMember (required by the nss overlay).
2660+
2661+ -- Mathias Gug <mathiaz@ubuntu.com> Tue, 26 Aug 2008 18:42:54 -0400
2662+
2663+openldap (2.4.11-0ubuntu2) intrepid; urgency=low
2664+
2665+ * debian/{control,rules}: enable PIE hardening
2666+
2667+ -- Kees Cook <kees@ubuntu.com> Wed, 20 Aug 2008 15:47:01 -0700
2668+
2669+openldap (2.4.11-0ubuntu1) intrepid; urgency=low
2670+
2671+ * New upstream version:
2672+ - Mainly bug fixes.
2673+ - New nss slapd overlay (not compiled by default).
2674+ * Use cn=config as the default configuration backend instead of
2675+ slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade
2676+ asking the end user to enter a new password to control the access to the
2677+ cn=config tree.
2678+
2679+ -- Mathias Gug <mathiaz@ubuntu.com> Mon, 11 Aug 2008 20:26:05 -0400
2680+
2681+openldap (2.4.10-3ubuntu1) intrepid; urgency=low
2682+
2683+ [ Mathias Gug ]
2684+ * Merge from debian unstable, remaining changes:
2685+ - debian/apparmor-profile: add AppArmor profile
2686+ - debian/slapd.postinst: Reload AA profile on configuration
2687+ - updated debian/slapd.README.Debian for note on AppArmor
2688+ - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
2689+ - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
2690+ to make sure that if earlier version of apparmour-profiles gets
2691+ installed it won't overwrite our profile.
2692+ - Modify Maintainer value to match the DebianMaintainerField
2693+ speficication.
2694+ - follow ApparmorProfileMigration and force apparmor compalin mode on
2695+ some upgrades (LP: #203529)
2696+ - debian/slapd.dirs: add etc/apparmor.d/force-complain
2697+ - debian/slapd.preinst: create symlink for force-complain on pre-feisty
2698+ upgrades, upgrades where apparmor-profiles profile is unchanged (ie
2699+ non-enforcing) and upgrades where apparmor profile does not exist.
2700+ - debian/slapd.postrm: remove symlink in force-complain/ on purge
2701+ - debian/patches/fix-ucred-libc due to changes how newer glibc handle
2702+ the ucred struct now.
2703+ - debian/patches/fix-unique-overlay-assertion.patch:
2704+ Fix another assertion error in unique overlay (LP: #243337).
2705+ Backport from head.
2706+ * Dropped - implemented in Debian:
2707+ - debian/patches/fix-gnutls-key-strength.patch:
2708+ Fix slapd handling of ssf using gnutls. (LP: #244925).
2709+ - debian/control:
2710+ Add time as build dependency: needed by make test.
2711+ * debian/control:
2712+ - Build-depend on libltdl7-dev rather then libltdl3-dev.
2713+ * debian/patches/autogen.sh:
2714+ - Call libtoolize with the --install option to install config.{guess,sub}
2715+ files.
2716+
2717+ [ Jamie Strandboge ]
2718+ * adjust apparmor profile to allow gssapi (LP: #229252)
2719+ * adjust apparmor profile to allow cnconfig (LP: #243525)
2720+
2721+ -- Mathias Gug <mathiaz@ubuntu.com> Wed, 30 Jul 2008 19:46:02 -0400
2722+
2723 openldap (2.4.10-3) unstable; urgency=low
2724
2725 [ Steve Langasek ]
2726@@ -1145,6 +3572,40 @@ openldap (2.4.10-3) unstable; urgency=low
2727
2728 -- Steve Langasek <vorlon@debian.org> Mon, 28 Jul 2008 15:26:06 -0700
2729
2730+openldap (2.4.10-2ubuntu1) intrepid; urgency=low
2731+
2732+ * Merge from debian unstable, remaining changes:
2733+ - debian/apparmor-profile: add AppArmor profile
2734+ - debian/slapd.postinst: Reload AA profile on configuration
2735+ - updated debian/slapd.README.Debian for note on AppArmor
2736+ - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
2737+ - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
2738+ to make sure that if earlier version of apparmour-profiles gets
2739+ installed it won't overwrite our profile.
2740+ - Modify Maintainer value to match the DebianMaintainerField
2741+ speficication.
2742+ - follow ApparmorProfileMigration and force apparmor compalin mode on
2743+ some upgrades (LP: #203529)
2744+ - debian/slapd.dirs: add etc/apparmor.d/force-complain
2745+ - debian/slapd.preinst: create symlink for force-complain on pre-feisty
2746+ upgrades, upgrades where apparmor-profiles profile is unchanged (ie
2747+ non-enforcing) and upgrades where apparmor profile does not exist.
2748+ - debian/slapd.postrm: remove symlink in force-complain/ on purge
2749+ - debian/patches/fix-ucred-libc due to changes how newer glibc handle
2750+ the ucred struct now.
2751+ - debian/patches/fix-unique-overlay-assertion.patch:
2752+ Fix another assertion error in unique overlay (LP: #243337).
2753+ Backport from head.
2754+ - debian/patches/fix-gnutls-key-strength.patch:
2755+ Fix slapd handling of ssf using gnutls. (LP: #244925).
2756+ - debian/control:
2757+ Add time as build dependency: needed by make test.
2758+ * Dropped - implemented in Debian:
2759+ - debian/rules:
2760+ Support debuild nocheck option: don't run tests if nocheck is set.
2761+
2762+ -- Mathias Gug <mathiaz@ubuntu.com> Thu, 10 Jul 2008 14:45:49 -0400
2763+
2764 openldap (2.4.10-2) unstable; urgency=low
2765
2766 * Support DEB_BUILD_OPTIONS=nocheck to disable running the test suite at
2767@@ -1159,6 +3620,54 @@ openldap (2.4.10-2) unstable; urgency=low
2768
2769 -- Steve Langasek <vorlon@debian.org> Sun, 06 Jul 2008 22:03:32 -0700
2770
2771+openldap2.3 (2.4.10-1ubuntu1) intrepid; urgency=low
2772+
2773+ * Merge from debian unstable, remaining changes:
2774+ - debian/apparmor-profile: add AppArmor profile
2775+ - debian/slapd.postinst: Reload AA profile on configuration
2776+ - updated debian/slapd.README.Debian for note on AppArmor
2777+ - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
2778+ - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
2779+ to make sure that if earlier version of apparmour-profiles gets
2780+ installed it won't overwrite our profile.
2781+ - Modify Maintainer value to match the DebianMaintainerField
2782+ speficication.
2783+ - follow ApparmorProfileMigration and force apparmor compalin mode on
2784+ some upgrades (LP: #203529)
2785+ - debian/slapd.dirs: add etc/apparmor.d/force-complain
2786+ - debian/slapd.preinst: create symlink for force-complain on pre-feisty
2787+ upgrades, upgrades where apparmor-profiles profile is unchanged (ie
2788+ non-enforcing) and upgrades where apparmor profile does not exist.
2789+ - debian/slapd.postrm: remove symlink in force-complain/ on purge
2790+ - debian/patches/fix-ucred-libc due to changes how newer glibc handle
2791+ the ucred struct now.
2792+ - debian/patches/fix-unique-overlay-assertion.patch:
2793+ Fix another assertion error in unique overlay (LP: #243337).
2794+ Backport from head.
2795+ * debian/control:
2796+ - add time as build dependency: needed by make test.
2797+ * debian/rules:
2798+ - support debuild nocheck option: don't run tests if nocheck is set.
2799+ * debian/patches/fix-gnutls-key-strength.patch:
2800+ - fix slapd handling of ssf using gnutls. (LP: #244925).
2801+ * Dropped - accepted in Debian:
2802+ - debian/rules, debian/slapd.links: use hard links to slapd instead of
2803+ symlinks for slap* so these applications aren't confined by apparmor
2804+ (LP: #203898)
2805+ * Dropped - fixed in new upstream release:
2806+ - debian/patches/fix-assertion-io.patch: Fixes ber_flush2 assertion.
2807+ (LP: #215904)
2808+ - debian/patches/fix-dnpretty-assertion.patch: Fix dnPrettyNormal assertion
2809+ error. (LP: #234196)
2810+ - dropped debian/patches/fix-notify-crasher.patch: Fix modify timestamp crashes.
2811+ (LP: #220724)
2812+ - debian/patches/fix-syncrepl-oops: Fixes segmentation fault when using
2813+ syncrepl. (LP: #227178)
2814+ - dropped debian/patches/SECURITY_CVE-2008-0658.patch. Already applied
2815+ upstream.
2816+
2817+ -- Mathias Gug <mathiaz@ubuntu.com> Thu, 03 Jul 2008 14:15:08 -0400
2818+
2819 openldap2.3 (2.4.10-1) unstable; urgency=low
2820
2821 [ Steve Langasek ]
2822@@ -1183,6 +3692,64 @@ openldap2.3 (2.4.10-1) unstable; urgency=low
2823
2824 -- Steve Langasek <vorlon@debian.org> Mon, 30 Jun 2008 04:28:34 -0700
2825
2826+openldap2.3 (2.4.9-1ubuntu4) intrepid; urgency=low
2827+
2828+ * debian/patches/fix-unique-overlay-assertion.patch:
2829+ - Fix another assertion error in unique overlay, backported from head.
2830+ (LP: #243337) Note: This patch will still be needed when moved to 2.4.10
2831+
2832+ -- Chuck Short <zulcss@ubuntu.com> Mon, 30 Jun 2008 18:49:52 +0000
2833+
2834+openldap2.3 (2.4.9-1ubuntu3) intrepid; urgency=low
2835+
2836+ * Drop spurious dependency on hiemdal-dev. Caused by an aborted attempt to
2837+ include the smbk5pwd overlay.
2838+
2839+ -- Chuck Short <zulcss@ubuntu.com> Wed, 11 Jun 2008 21:25:40 +0000
2840+
2841+openldap2.3 (2.4.9-1ubuntu2) intrepid; urgency=low
2842+
2843+ * Rebuild for perl 5.10 transition (LP: #230016)
2844+ * debian/patches/fix-syncrepl-oops: Fixes segmentation fault when using
2845+ syncrepl. (LP: #227178)
2846+
2847+ -- Chuck Short <zulcss@ubuntu.com> Mon, 09 Jun 2008 14:56:40 +0000
2848+
2849+openldap2.3 (2.4.9-1ubuntu1) intrepid; urgency=low
2850+
2851+ * Merge from debian unstable, remaining changes:
2852+ - debian/apparmor-profile: add AppArmor profile
2853+ - debian/slapd.postinst: Reload AA profile on configuration
2854+ - updated debian/slapd.README.Debian for note on AppArmor
2855+ - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
2856+ - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
2857+ to make sure that if earlier version of apparmour-profiles gets
2858+ installed it won't overwrite our profile.
2859+ - Modify Maintainer value to match the DebianMaintainerField
2860+ speficication.
2861+ - follow ApparmorProfileMigration and force apparmor compalin mode on
2862+ some upgrades (LP: #203529)
2863+ - debian/slapd.dirs: add etc/apparmor.d/force-complain
2864+ - debian/slapd.preinst: create symlink for force-complain on pre-feisty
2865+ upgrades, upgrades where apparmor-profiles profile is unchanged (ie
2866+ non-enforcing) and upgrades where apparmor profile does not exist.
2867+ - debian/slapd.postrm: remove symlink in force-complain/ on purge
2868+ - debian/rules, debian/slapd.links: use hard links to slapd instead of
2869+ symlinks for slap* so these applications aren't confined by apparmor
2870+ (LP: #203898)
2871+ - debian/patches/fix-assertion-io.patch: Fixes ber_flush2 assertion.
2872+ (LP: #215904)
2873+ - debian/patches/fix-dnpretty-assertion.patch: Fix dnPrettyNormal assertion
2874+ error. (LP: #234196)
2875+ - dropped debian/patches/fix-notify-crasher.patch: Fix modify timestamp crashes.
2876+ (LP: #220724)
2877+ - dropped debian/patches/SECURITY_CVE-2008-0658.patch. Already applied
2878+ upstream.
2879+ * Added debian/patches/fix-ucred-libc due to changes how newer glibc handle
2880+ the ucred struct now.
2881+
2882+ -- Chuck Short <zulcss@ubuntu.com> Fri, 30 May 2008 17:09:53 +0100
2883+
2884 openldap2.3 (2.4.9-1) unstable; urgency=low
2885
2886 [ Updated debconf translations ]
2887@@ -1253,6 +3820,51 @@ openldap2.3 (2.4.7-6.1) unstable; urgency=high
2888
2889 -- Nico Golde <nion@debian.org> Tue, 04 Mar 2008 14:34:44 +0100
2890
2891+openldap2.3 (2.4.7-6ubuntu3) hardy; urgency=low
2892+
2893+ * remove apparmor-profile workaround for Launchpad #202161 (it's now fixed
2894+ in klibc)
2895+
2896+ -- Jamie Strandboge <jamie@ubuntu.com> Mon, 07 Apr 2008 16:09:38 -0400
2897+
2898+openldap2.3 (2.4.7-6ubuntu2) hardy; urgency=low
2899+
2900+ * apparmor-profile workaround for Launchpad #202161
2901+ * follow ApparmorProfileMigration and force apparmor complain mode on some
2902+ upgrades (LP: #203529)
2903+ - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
2904+ - debian/slapd.dirs: add etc/apparmor.d/force-complain
2905+ - debian/slapd.preinst: create symlink for force-complain/ on pre-feisty
2906+ upgrades, upgrades where apparmor-profiles profile is unchanged (ie
2907+ non-enforcing) and upgrades where apparmor profile does not exist
2908+ - debian/slapd.postrm: remove symlink in force-complain/ on purge
2909+ * debian/rules, debian/slapd.links: use hard links to slapd instead of
2910+ symlinks for slap* so these applications aren't confined by apparmor
2911+ (LP: #203898)
2912+
2913+ -- Jamie Strandboge <jamie@ubuntu.com> Tue, 18 Mar 2008 13:53:23 -0400
2914+
2915+openldap2.3 (2.4.7-6ubuntu1) hardy; urgency=low
2916+
2917+ * Merge from Debian unstable, remaining changes:
2918+ + debian/patches/SECURITY_CVE-2008-0658.patch (LP: #197077)
2919+ slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39
2920+ allows remote authenticated users to cause a denial of service (daemon
2921+ crash) via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION)
2922+ control, a related issue to CVE-2007-6698.
2923+ + debian/apparmor-profile: add AppArmor profile
2924+ + debian/slapd.postinst: Reload AA profile on configuration
2925+ + updated debian/slapd.README.Debian for note on AppArmor
2926+ + debian/control: Replaces apparmor-profiles << 2.1+1075-0ubuntu4 as we
2927+ should now take control
2928+ + debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
2929+ to make sure that if earlier version of apparmor-profiles gets
2930+ installed it won't overwrite our profile
2931+ + Modify Maintainer value to match the DebianMaintainerField
2932+ specification.
2933+
2934+ -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 04 Mar 2008 01:59:51 +0000
2935+
2936 openldap2.3 (2.4.7-6) unstable; urgency=low
2937
2938 [ Updated debconf translations ]
2939@@ -1298,6 +3910,37 @@ openldap2.3 (2.4.7-6) unstable; urgency=low
2940
2941 -- Steve Langasek <vorlon@debian.org> Thu, 28 Feb 2008 22:15:17 -0800
2942
2943+openldap2.3 (2.4.7-5ubuntu2) hardy; urgency=low
2944+
2945+ * SECURITY UPDATE:
2946+ + debian/patches/SECURITY_CVE-2008-0658.patch (LP: #197077)
2947+ slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39
2948+ allows remote authenticated users to cause a denial of service (daemon crash)
2949+ via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION) control, a related
2950+ issue to CVE-2007-6698.
2951+
2952+ * References
2953+ - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-0658
2954+ - http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5358
2955+
2956+ -- Emanuele Gentili <emgent@emanuele-gentili.com> Sun, 02 Mar 2008 16:34:30 +0100
2957+
2958+openldap2.3 (2.4.7-5ubuntu1) hardy; urgency=low
2959+
2960+ * add AppArmor profile
2961+ + debian/apparmor-profile
2962+ + debian/slapd.postinst: Reload AA profile on configuration
2963+ * updated debian/slapd.README.Debian for note on AppArmor
2964+ * debian/control: Replaces apparmor-profiles << 2.1+1075-0ubuntu4 as we
2965+ should now take control
2966+ * debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
2967+ to make sure that if earlier version of apparmor-profiles gets installed
2968+ it won't overwrite our profile
2969+ * Modify Maintainer value to match the DebianMaintainerField
2970+ specification.
2971+
2972+ -- Jamie Strandboge <jamie@ubuntu.com> Wed, 13 Feb 2008 17:15:41 +0000
2973+
2974 openldap2.3 (2.4.7-5) unstable; urgency=low
2975
2976 [ Updated debconf translations ]
2977diff --git a/debian/configure.options b/debian/configure.options
2978index 08a55e0..9d3704e 100644
2979--- a/debian/configure.options
2980+++ b/debian/configure.options
2981@@ -175,6 +175,7 @@
2982 # --with-fetch with fetch(3) URL support [auto]
2983 # --with-threads with threads [auto]
2984 --with-threads
2985+--with-gssapi
2986 # --with-tls with TLS/SSL support auto|openssl|gnutls|moznss [auto]
2987 --with-tls=gnutls
2988 # --with-yielding-select with implicitly yielding select [auto]
2989diff --git a/debian/control b/debian/control
2990index 6daf556..d9d7774 100644
2991--- a/debian/control
2992+++ b/debian/control
2993@@ -1,14 +1,16 @@
2994 Source: openldap
2995 Section: net
2996 Priority: optional
2997-Maintainer: Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>
2998+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
2999+XSBC-Original-Maintainer: Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>
3000 Uploaders: Steve Langasek <vorlon@debian.org>,
3001 Torsten Landschoff <torsten@debian.org>,
3002 Ryan Tandy <ryan@nardis.ca>
3003 Build-Depends: debhelper (>= 10),
3004+ dh-apparmor,
3005 dpkg-dev (>= 1.17.14),
3006 groff-base,
3007- heimdal-multidev (>= 7.4.0.dfsg.1-1~) <!pkg.openldap.noslapd>,
3008+ heimdal-dev (>= 7.4.0.dfsg.1-1~) <!pkg.openldap.noslapd>,
3009 libargon2-dev <!pkg.openldap.noslapd>,
3010 libdb5.3-dev <!pkg.openldap.noslapd>,
3011 libgnutls28-dev,
3012@@ -35,7 +37,7 @@ Depends: ${shlibs:Depends}, libldap-2.4-2 (= ${binary:Version}),
3013 coreutils (>= 4.5.1-1), psmisc, perl:any (>> 5.8.0) | libmime-base64-perl,
3014 adduser, lsb-base (>= 3.2-13), ${perl:Depends}, ${misc:Depends}
3015 Recommends: ldap-utils
3016-Suggests: libsasl2-modules,
3017+Suggests: libsasl2-modules, ufw,
3018 libsasl2-modules-gssapi-mit | libsasl2-modules-gssapi-heimdal
3019 Conflicts: umich-ldapd, ldap-server, libltdl3 (= 1.5.4-1)
3020 Replaces: libldap2, ldap-utils (<< 2.2.23-3)
3021diff --git a/debian/libldap-2.4-2.symbols b/debian/libldap-2.4-2.symbols
3022index 1c89a2e..3214a35 100644
3023--- a/debian/libldap-2.4-2.symbols
3024+++ b/debian/libldap-2.4-2.symbols
3025@@ -118,6 +118,7 @@ liblber-2.4.so.2 libldap-2.4-2 #MINVER#
3026 ber_sockbuf_io_fd@OPENLDAP_2.4_2 2.4.7
3027 ber_sockbuf_io_readahead@OPENLDAP_2.4_2 2.4.7
3028 ber_sockbuf_io_tcp@OPENLDAP_2.4_2 2.4.7
3029+ ber_sockbuf_io_udp@OPENLDAP_2.4_2 2.4.17-1ubuntu2
3030 ber_sockbuf_remove_io@OPENLDAP_2.4_2 2.4.7
3031 ber_sos_dump@OPENLDAP_2.4_2 2.4.7
3032 ber_start@OPENLDAP_2.4_2 2.4.7
3033@@ -280,6 +281,11 @@ libldap_r-2.4.so.2 libldap-2.4-2 #MINVER#
3034 ldap_int_flush_request@OPENLDAP_2.4_2 2.4.7
3035 ldap_int_global_options@OPENLDAP_2.4_2 2.4.7
3036 ldap_int_gmtime_mutex@OPENLDAP_2.4_2 2.4.23
3037+ ldap_int_gssapi_close@OPENLDAP_2.4_2 2.4.18-0ubuntu2
3038+ ldap_int_gssapi_config@OPENLDAP_2.4_2 2.4.18-0ubuntu2
3039+ ldap_int_gssapi_get_option@OPENLDAP_2.4_2 2.4.18-0ubuntu2
3040+ ldap_int_gssapi_mutex@OPENLDAP_2.4_2 2.4.18-0ubuntu2
3041+ ldap_int_gssapi_set_option@OPENLDAP_2.4_2 2.4.18-0ubuntu2
3042 ldap_int_hostname@OPENLDAP_2.4_2 2.4.7
3043 ldap_int_hostname_mutex@OPENLDAP_2.4_2 2.4.39
3044 ldap_int_inet4or6@OPENLDAP_2.4_2 2.4.7
3045@@ -312,6 +318,7 @@ libldap_r-2.4.so.2 libldap-2.4-2 #MINVER#
3046 ldap_int_tls_start@OPENLDAP_2.4_2 2.4.7
3047 ldap_int_utils_init@OPENLDAP_2.4_2 2.4.7
3048 ldap_is_ldap_url@OPENLDAP_2.4_2 2.4.7
3049+ ldap_is_ldapc_url@OPENLDAP_2.4_2 2.4.17-1ubuntu2
3050 ldap_is_ldapi_url@OPENLDAP_2.4_2 2.4.7
3051 ldap_is_ldaps_url@OPENLDAP_2.4_2 2.4.7
3052 ldap_is_read_ready@OPENLDAP_2.4_2 2.4.7
3053diff --git a/debian/patches/contrib-makefiles b/debian/patches/contrib-makefiles
3054index 0aea4c3..bf04e60 100644
3055--- a/debian/patches/contrib-makefiles
3056+++ b/debian/patches/contrib-makefiles
3057@@ -183,3 +183,24 @@
3058 -rpath $(moduledir) -module -o $@ $? $(LIBS)
3059
3060 clean:
3061+--- a/contrib/slapd-modules/nssov/Makefile
3062++++ b/contrib/slapd-modules/nssov/Makefile
3063+@@ -52,15 +52,15 @@
3064+ .SUFFIXES: .c .o .lo
3065+
3066+ .c.lo:
3067+- $(LIBTOOL) --mode=compile $(CC) $(OPT) $(DEFS) $(INCS) -c $<
3068++ $(LIBTOOL) --mode=compile $(CC) $(CFLAGS) $(CPPFLAGS) $(DEFS) $(INCS) -c $<
3069+
3070+ tio.lo: nss-pam-ldapd/tio.c
3071+- $(LIBTOOL) --mode=compile $(CC) $(OPT) $(DEFS) $(INCS) -c $?
3072++ $(LIBTOOL) --mode=compile $(CC) $(CFLAGS) $(CPPFLAGS) $(DEFS) $(INCS) -c $?
3073+
3074+ $(OBJS): nssov.h
3075+
3076+ nssov.la: $(OBJS) $(XOBJS)
3077+- $(LIBTOOL) --mode=link $(CC) $(OPT) -version-info 0:0:0 \
3078++ $(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -version-info 0:0:0 \
3079+ -rpath $(moduledir) -module -o $@ $(OBJS) $(XOBJS) $(LIBS)
3080+
3081+ install: nssov.la
3082diff --git a/debian/patches/fix_test_timing.patch b/debian/patches/fix_test_timing.patch
3083new file mode 100644
3084index 0000000..bc57140
3085--- /dev/null
3086+++ b/debian/patches/fix_test_timing.patch
3087@@ -0,0 +1,27 @@
3088+Description: fix test timing on slow builders such as riscv64
3089+Author: Marc Deslauriers <marc.deslauriers@canonical.com>
3090+
3091+--- a/tests/data/ppolicy.ldif
3092++++ b/tests/data/ppolicy.ldif
3093+@@ -25,7 +25,7 @@ pwdLockoutDuration: 15
3094+ pwdInHistory: 6
3095+ pwdCheckQuality: 2
3096+ pwdExpireWarning: 10
3097+-pwdMaxAge: 30
3098++pwdMaxAge: 40
3099+ pwdMinLength: 5
3100+ pwdGraceAuthnLimit: 3
3101+ pwdAllowUserChange: TRUE
3102+--- a/tests/scripts/test022-ppolicy
3103++++ b/tests/scripts/test022-ppolicy
3104+@@ -100,8 +100,8 @@ if test $RC != 0 ; then
3105+ fi
3106+
3107+ echo "Testing password expiration"
3108+-echo "Waiting 20 seconds for password to expire..."
3109+-sleep 20
3110++echo "Waiting 40 seconds for password to expire..."
3111++sleep 40
3112+
3113+ $LDAPSEARCH -e ppolicy -h $LOCALHOST -p $PORT1 -D "$USER" -w $PASS \
3114+ -b "$BASEDN" -s base > $SEARCHOUT 2>&1
3115diff --git a/debian/patches/gssapi.diff b/debian/patches/gssapi.diff
3116new file mode 100644
3117index 0000000..5bcf266
3118--- /dev/null
3119+++ b/debian/patches/gssapi.diff
3120@@ -0,0 +1,140 @@
3121+--- a/configure.in
3122++++ b/configure.in
3123+@@ -244,6 +244,8 @@
3124+ auto, [auto yes no] )
3125+ OL_ARG_WITH(fetch,[ --with-fetch with fetch(3) URL support],
3126+ auto, [auto yes no] )
3127++OL_ARG_WITH(gssapi,[ --with-gssapi with GSSAPI support],
3128++ auto, [auto yes no] )
3129+ OL_ARG_WITH(threads,[ --with-threads with threads],
3130+ auto, [auto nt posix mach pth lwp yes no manual] )
3131+ OL_ARG_WITH(tls,[ --with-tls with TLS/SSL support auto|openssl|gnutls|moznss],
3132+@@ -591,6 +593,7 @@
3133+ KRB4_LIBS=
3134+ KRB5_LIBS=
3135+ SASL_LIBS=
3136++GSSAPI_LIBS=
3137+ TLS_LIBS=
3138+ MODULES_LIBS=
3139+ SLAPI_LIBS=
3140+@@ -1153,6 +1156,63 @@
3141+ fi
3142+
3143+ dnl ----------------------------------------------------------------
3144++dnl GSSAPI
3145++ol_link_gssapi=no
3146++
3147++case $ol_with_gssapi in yes | auto)
3148++
3149++ ol_header_gssapi=no
3150++ AC_CHECK_HEADERS(gssapi/gssapi.h)
3151++ if test $ac_cv_header_gssapi_gssapi_h = yes ; then
3152++ ol_header_gssapi=yes
3153++ else
3154++ AC_CHECK_HEADERS(gssapi.h)
3155++ if test $ac_cv_header_gssapi_h = yes ; then
3156++ ol_header_gssapi=yes
3157++ fi
3158++
3159++ dnl## not every gssapi has gss_oid_to_str()
3160++ dnl## as it's not defined in the GSSAPI V2 API
3161++ dnl## anymore
3162++ saveLIBS="$LIBS"
3163++ LIBS="$LIBS $GSSAPI_LIBS"
3164++ AC_CHECK_FUNCS(gss_oid_to_str)
3165++ LIBS="$saveLIBS"
3166++ fi
3167++
3168++ if test $ol_header_gssapi = yes ; then
3169++ dnl## we check for gss_wrap
3170++ dnl## as it's new to the GSSAPI V2 API
3171++ AC_CHECK_LIB(gssapi, gss_wrap,
3172++ [ol_link_gssapi=yes;GSSAPI_LIBS="-lgssapi"],
3173++ [ol_link_gssapi=no])
3174++ if test $ol_link_gssapi != yes ; then
3175++ AC_CHECK_LIB(gssapi_krb5, gss_wrap,
3176++ [ol_link_gssapi=yes;GSSAPI_LIBS="-lgssapi_krb5"],
3177++ [ol_link_gssapi=no])
3178++ fi
3179++ if test $ol_link_gssapi != yes ; then
3180++ AC_CHECK_LIB(gss, gss_wrap,
3181++ [ol_link_gssapi=yes;GSSAPI_LIBS="-lgss"],
3182++ [ol_link_gssapi=no])
3183++ fi
3184++ fi
3185++
3186++ ;;
3187++esac
3188++
3189++WITH_GSSAPI=no
3190++if test $ol_link_gssapi = yes; then
3191++ AC_DEFINE(HAVE_GSSAPI, 1, [define if you have GSSAPI])
3192++ WITH_GSSAPI=yes
3193++elif test $ol_with_gssapi = auto ; then
3194++ AC_MSG_WARN([Could not locate GSSAPI package])
3195++ AC_MSG_WARN([GSSAPI authentication not supported!])
3196++elif test $ol_with_gssapi = yes ; then
3197++ AC_MSG_ERROR([GSSAPI detection failed])
3198++fi
3199++
3200++dnl ----------------------------------------------------------------
3201+ dnl TLS/SSL
3202+
3203+ if test $ol_with_tls = yes ; then
3204+@@ -1928,6 +1988,13 @@
3205+ fi
3206+ AC_SUBST(VERSION_OPTION)
3207+
3208++VERSION_OPTION=""
3209++OL_SYMBOL_VERSIONING
3210++if test $ol_cv_ld_version_script_option = yes ; then
3211++ VERSION_OPTION="-Wl,--version-script="
3212++fi
3213++AC_SUBST(VERSION_OPTION)
3214++
3215+ dnl ----------------------------------------------------------------
3216+ if test $ol_enable_wrappers != no ; then
3217+ AC_CHECK_HEADERS(tcpd.h,[
3218+@@ -3159,6 +3226,7 @@
3219+ AC_SUBST(KRB4_LIBS)
3220+ AC_SUBST(KRB5_LIBS)
3221+ AC_SUBST(SASL_LIBS)
3222++AC_SUBST(GSSAPI_LIBS)
3223+ AC_SUBST(TLS_LIBS)
3224+ AC_SUBST(MODULES_LIBS)
3225+ AC_SUBST(SLAPI_LIBS)
3226+--- a/include/portable.hin
3227++++ b/include/portable.hin
3228+@@ -253,6 +253,18 @@
3229+ /* Define to 1 if you have the <grp.h> header file. */
3230+ #undef HAVE_GRP_H
3231+
3232++/* define if you have GSSAPI */
3233++#undef HAVE_GSSAPI
3234++
3235++/* Define to 1 if you have the <gssapi/gssapi.h> header file. */
3236++#undef HAVE_GSSAPI_GSSAPI_H
3237++
3238++/* Define to 1 if you have the <gssapi.h> header file. */
3239++#undef HAVE_GSSAPI_H
3240++
3241++/* Define to 1 if you have the `gss_oid_to_str' function. */
3242++#undef HAVE_GSS_OID_TO_STR
3243++
3244+ /* Define to 1 if you have the `hstrerror' function. */
3245+ #undef HAVE_HSTRERROR
3246+
3247+--- a/build/top.mk
3248++++ b/build/top.mk
3249+@@ -190,9 +190,10 @@
3250+ KRB5_LIBS = @KRB5_LIBS@
3251+ KRB_LIBS = @KRB4_LIBS@ @KRB5_LIBS@
3252+ SASL_LIBS = @SASL_LIBS@
3253++GSSAPI_LIBS = @GSSAPI_LIBS@
3254+ TLS_LIBS = @TLS_LIBS@
3255+ AUTH_LIBS = @AUTH_LIBS@
3256+-SECURITY_LIBS = $(SASL_LIBS) $(KRB_LIBS) $(TLS_LIBS) $(AUTH_LIBS)
3257++SECURITY_LIBS = $(SASL_LIBS) $(KRB_LIBS) $(GSSAPI_LIBS) $(TLS_LIBS) $(AUTH_LIBS)
3258+
3259+ MODULES_CPPFLAGS = @SLAPD_MODULES_CPPFLAGS@
3260+ MODULES_LDFLAGS = @SLAPD_MODULES_LDFLAGS@
3261diff --git a/debian/patches/series b/debian/patches/series
3262index 6181d9b..c93db6f 100644
3263--- a/debian/patches/series
3264+++ b/debian/patches/series
3265@@ -8,6 +8,7 @@ index-files-created-as-root
3266 sasl-default-path
3267 libldap-symbol-versions
3268 getaddrinfo-is-threadsafe
3269+gssapi.diff
3270 do-not-second-guess-sonames
3271 contrib-makefiles
3272 smbk5pwd-makefile-manpage
3273@@ -20,3 +21,4 @@ no-bdb-ABI-second-guessing
3274 ITS6035-olcauthzregex-needs-restart.patch
3275 set-maintainer-name
3276 ITS-9086-Add-debug-logging-for-more-GnuTLS-errors.patch
3277+fix_test_timing.patch
3278diff --git a/debian/rules b/debian/rules
3279index b0fbd54..f01e77b 100755
3280--- a/debian/rules
3281+++ b/debian/rules
3282@@ -7,7 +7,8 @@ include /usr/share/dpkg/pkg-info.mk
3283 # want the checks for DFSG-freeness.
3284 #DFSG_NONFREE = 1
3285
3286-export DEB_CFLAGS_MAINT_APPEND := -Wall -Wno-format-extra-args -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE
3287+export DEB_CFLAGS_MAINT_APPEND := -Wall -Wno-format-extra-args -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE -DLDAP_CONNECTIONLESS -I/usr/include/heimdal
3288+export DEB_LDFLAGS_MAINT_APPEND := -L/usr/lib/$(DEB_HOST_MULTIARCH)/heimdal
3289 export DEB_BUILD_MAINT_OPTIONS := hardening=+pie,+bindnow
3290
3291 # Configure calls AM_INIT_AUTOMAKE, but Automake fails as there is no Makefile.am.
3292@@ -15,7 +16,7 @@ export DEB_BUILD_MAINT_OPTIONS := hardening=+pie,+bindnow
3293 export AUTOMAKE = true
3294
3295 # Expose maintainer address to build/mkversion (see debian/patches/set-maintainer-name)
3296-export DEB_MAINTAINER := $(shell sed -ne 's/Maintainer:\s\+//p' debian/control)
3297+export DEB_MAINTAINER := $(shell sed -ne 's/^Maintainer:\s\+//p' debian/control)
3298
3299 # Expose DEB_VERSION to build/version.sh (see debian/patches/debian-version)
3300 export DEB_VERSION
3301@@ -31,7 +32,7 @@ ifneq ($(filter pkg.openldap.noslapd,$(DEB_BUILD_PROFILES)),)
3302 CONFIG += --disable-slapd
3303 endif
3304
3305-CONTRIB_MODULES = autogroup lastbind passwd passwd/argon2 passwd/pbkdf2 passwd/sha2 smbk5pwd
3306+CONTRIB_MODULES = autogroup lastbind nssov passwd passwd/argon2 passwd/pbkdf2 passwd/sha2 smbk5pwd
3307
3308 # Ensure CC is set correctly for cross builds, unless it has already
3309 # been set explicitly.
3310@@ -51,7 +52,8 @@ CONTRIB_MAKEVARS := \
3311 LDAP_BUILD='$(builddir)' \
3312 prefix=/usr \
3313 ldap_subdir=/ldap \
3314- moduledir='$$(libdir)$$(ldap_subdir)'
3315+ moduledir='$$(libdir)$$(ldap_subdir)' \
3316+ sysconfdir='/etc$$(ldap_subdir)'
3317
3318 # These variables are used only by get-orig-source, which will normally only
3319 # be run by maintainers.
3320@@ -165,6 +167,22 @@ endif
3321 find $(installdir)/usr/share/man -name \*.8 \
3322 | xargs perl -pi -e 's#(\.TH \w+ 8)C#$$1#'
3323
3324+ifeq ($(filter stage1,$(DEB_BUILD_PROFILES)),)
3325+override_dh_install-arch:
3326+ dh_install
3327+
3328+ # install AppArmor profile
3329+ install -D -m 644 $(CURDIR)/debian/apparmor-profile $(CURDIR)/debian/slapd/etc/apparmor.d/usr.sbin.slapd
3330+
3331+ # install Apport hook
3332+ install -D -m 644 $(CURDIR)/debian/slapd.py $(CURDIR)/debian/slapd/usr/share/apport/package-hooks/slapd.py
3333+
3334+ # install ufw profile
3335+ install -D -m 644 $(CURDIR)/debian/slapd.ufw.profile $(CURDIR)/debian/slapd/etc/ufw/applications.d/slapd
3336+
3337+ dh_apparmor -pslapd --profile-name=usr.sbin.slapd
3338+endif
3339+
3340 override_dh_installinit:
3341 dh_installinit -- "defaults 19 80"
3342
3343@@ -225,6 +243,8 @@ ifeq ($(filter pkg.openldap.noslapd,$(DEB_BUILD_PROFILES)),)
3344 done; \
3345 fi
3346
3347+ rm -f contrib/slapd-modules/nssov/nss-pam-ldapd/config.sub contrib/slapd-modules/nssov/nss-pam-ldapd/config.guess
3348+
3349 # Clean the contrib directory
3350 for mod in $(CONTRIB_MODULES); do \
3351 dh_auto_clean -Dcontrib/slapd-modules/$$mod -Bcontrib/slapd-modules/$$mod || exit $?; \
3352diff --git a/debian/slapd.README.Debian b/debian/slapd.README.Debian
3353index ecec104..084d19c 100644
3354--- a/debian/slapd.README.Debian
3355+++ b/debian/slapd.README.Debian
3356@@ -331,3 +331,14 @@ Unsafe access control rule installed by default in previous versions
3357 slapd.access(5) man page.
3358
3359 -- Ryan Tandy <ryan@nardis.ca>, Mon, 20 Oct 2014 11:45:20 -0700
3360+
3361+Apparmor Profile
3362+----------------
3363+
3364+ If your system uses AppArmor, please note that the shipped enforcing profile
3365+ works with the default installation, and changes in your configuration may
3366+ require changes to the installed apparmor profile. Please see
3367+ https://wiki.ubuntu.com/DebuggingApparmor before filing a bug against this
3368+ software.
3369+
3370+ -- Jamie Strandboge <jamie@ubuntu.com>, Mon, 4 Feb 2008 21:18:21 -0500
3371diff --git a/debian/slapd.install b/debian/slapd.install
3372index 0987dad..206a208 100644
3373--- a/debian/slapd.install
3374+++ b/debian/slapd.install
3375@@ -54,5 +54,7 @@ usr/lib/ldap/autogroup.so*
3376 usr/lib/ldap/autogroup.la
3377 usr/lib/ldap/lastbind.so*
3378 usr/lib/ldap/lastbind.la
3379+usr/lib/ldap/nssov.so*
3380+usr/lib/ldap/nssov.la
3381 usr/lib/ldap/pw-sha2.so*
3382 usr/lib/ldap/pw-sha2.la
3383diff --git a/debian/slapd.manpages b/debian/slapd.manpages
3384index ffd3243..25f6d43 100644
3385--- a/debian/slapd.manpages
3386+++ b/debian/slapd.manpages
3387@@ -43,3 +43,4 @@ debian/tmp/usr/share/man/man5/slapo-valsort.5
3388
3389 # contrib modules installed in main package
3390 debian/tmp/usr/share/man/man5/slapo-lastbind.5
3391+contrib/slapd-modules/nssov/slapo-nssov.5
3392diff --git a/debian/slapd.py b/debian/slapd.py
3393new file mode 100644
3394index 0000000..7d78699
3395--- /dev/null
3396+++ b/debian/slapd.py
3397@@ -0,0 +1,51 @@
3398+#!/usr/bin/python
3399+
3400+'''apport hook for slapd
3401+
3402+(c) 2010 Adam Sommer.
3403+Author: Adam Sommer <asommer@ubuntu.com>
3404+
3405+This program is free software; you can redistribute it and/or modify it
3406+under the terms of the GNU General Public License as published by the
3407+Free Software Foundation; either version 2 of the License, or (at your
3408+option) any later version. See http://www.gnu.org/copyleft/gpl.html for
3409+the full text of the license.
3410+'''
3411+
3412+from apport.hookutils import *
3413+import os
3414+
3415+# Scrub olcRootPW attribute and credentials strings if necessary.
3416+def scrub_pass_strings(config):
3417+ olcrootpw_regex = re.compile('olcRootPW:.*')
3418+ olcrootpw_string = olcrootpw_regex.search(config)
3419+ if olcrootpw_string:
3420+ config = config.replace(olcrootpw_string.group(0), 'olcRootPW: @@APPORTREPLACED@@')
3421+
3422+ credentials_regex = re.compile('credentials=.* ')
3423+ credentials_string = credentials_regex.search(config)
3424+ if credentials_string:
3425+ config = config.replace(credentials_string.group(0), 'credentials=@@APPORTREPLACED@@ ')
3426+
3427+ return config
3428+
3429+def add_info(report, ui):
3430+ response = ui.yesno("The contents of your /etc/ldap/slapd.d directory "
3431+ "may help developers diagnose your bug more "
3432+ "quickly. However, it may contain sensitive "
3433+ "information. Do you want to include it in your "
3434+ "bug report?")
3435+
3436+ if response == None: # user cancelled
3437+ raise StopIteration
3438+
3439+ elif response == True:
3440+ # Get the cn=config tree.
3441+ cn_config = root_command_output(['/usr/bin/ldapsearch', '-Q', '-LLL', '-Y EXTERNAL', '-H ldapi:///', '-b cn=config'])
3442+ report['CNConfig'] = scrub_pass_strings(cn_config)
3443+
3444+ # Get slapd messages from /var/log/syslog
3445+ slapd_re = re.compile('slapd', re.IGNORECASE)
3446+ report['SysLog'] = recent_syslog(slapd_re)
3447+
3448+ attach_mac_events(report, '/usr/sbin/slapd')
3449diff --git a/debian/slapd.ufw.profile b/debian/slapd.ufw.profile
3450new file mode 100644
3451index 0000000..3c4f676
3452--- /dev/null
3453+++ b/debian/slapd.ufw.profile
3454@@ -0,0 +1,9 @@
3455+[OpenLDAP LDAP]
3456+title=OpenLDAP with TLS
3457+description=OpenLDAP is a free, fast, lightweight LDAP server
3458+ports=389/tcp
3459+
3460+[OpenLDAP LDAPS]
3461+title=OpenLDAP over SSL
3462+description=OpenLDAP is a free, fast, lightweight LDAP server
3463+ports=636/tcp

Subscribers

People subscribed via source and target branches