Ubuntu
openldap package

Merge ~ahasenack/ubuntu/+source/openldap:groovy-openldap-2453 into ubuntu/+source/openldap:debian/sid

  1. Git
  2. lp:~ahasenack/ubuntu/+source/openldap
  3. groovy-openldap-2453
  4. Merge into debian/sid
Proposed by Andreas Hasenack
Status: Merged
Approved by: Andreas Hasenack
Approved revision: 8de5b8ff7d4548766d92eeedde3a2bd4721865b4
Merge reported by: Christian Ehrhardt 
Merged at revision: 8de5b8ff7d4548766d92eeedde3a2bd4721865b4
Proposed branch: ~ahasenack/ubuntu/+source/openldap:groovy-openldap-2453
Merge into: ubuntu/+source/openldap:debian/sid
Diff against target: 3463 lines (+3005/-7)
15 files modified
debian/apparmor-profile (+61/-0)
debian/changelog (+2643/-0)
debian/configure.options (+1/-0)
debian/control (+5/-3)
debian/libldap-2.4-2.symbols (+7/-0)
debian/patches/contrib-makefiles (+21/-0)
debian/patches/fix_test_timing.patch (+27/-0)
debian/patches/gssapi.diff (+140/-0)
debian/patches/series (+2/-0)
debian/rules (+24/-4)
debian/slapd.README.Debian (+11/-0)
debian/slapd.install (+2/-0)
debian/slapd.manpages (+1/-0)
debian/slapd.py (+51/-0)
debian/slapd.ufw.profile (+9/-0)
Reviewer Review Type Date Requested Status
Christian Ehrhardt  (community) Approve
Canonical Server Pending
Review via email: mp+390398@code.launchpad.net

Description of the change

Quick merge from debian, updating to new upstream 2.4.53 which fixes multiple crashes. See https://<email address hidden>/thread/NKOM6DI7RQY6FDLRZGSGYJSGONKIRFEP/ for a quick reference to one.

Since there are also other changes adding features, I filed a bug to request a FFe, and, if this MP is approved, will only upload after the release team grants the FFe. I still have to fill the details in.

PPA, still building: https://launchpad.net/~ahasenack/+archive/ubuntu/openldap-2453

To post a comment you must log in.
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

:-/ No one got to this yet as I'd have hoped.
Well let me give this review a shot ...

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

The Delta is retained as-is and I was ok with it on the last merge.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

The FFe bug is one of the most awesome, detailed and good FFe bugs I've ever seen - I expect it to be approved soon.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Changelog entries all LGTM

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Git range diff confirms what I've already seen in changelog.
This is really just a rebase onto he new version.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Builds are complete and have no too concerning warnings/error or other suspicious entries (the few that are there we discussed on the last merge and we can't do anything about them).

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Overall LGTM +1

review: Approve
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Switching status to "approved", but holding off uploading until the FFe is also approved.

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

FFe approved

Tagging and uploading 8de5b8ff7d4548766d92eeedde3a2bd4721865b4

$ git push pkg upload/2.4.53+dfsg-1ubuntu1
Enumerating objects: 77, done.
Counting objects: 100% (77/77), done.
Delta compression using up to 4 threads
Compressing objects: 100% (62/62), done.
Writing objects: 100% (64/64), 26.53 KiB | 3.32 MiB/s, done.
Total 64 (delta 47), reused 6 (delta 2)
To ssh://git.launchpad.net/~usd-import-team/ubuntu/+source/openldap
 * [new tag] upload/2.4.53+dfsg-1ubuntu1 -> upload/2.4.53+dfsg-1ubuntu1

$ dput ubuntu ../openldap_2.4.53+dfsg-1ubuntu1_source.changes
Checking signature on .changes
gpg: ../openldap_2.4.53+dfsg-1ubuntu1_source.changes: Valid signature from AC983EB5BF6BCBA9
Checking signature on .dsc
gpg: ../openldap_2.4.53+dfsg-1ubuntu1.dsc: Valid signature from AC983EB5BF6BCBA9
Package includes an .orig.tar.gz file although the debian revision suggests
that it might not be required. Multiple uploads of the .orig.tar.gz may be
rejected by the upload queue management software.
Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading openldap_2.4.53+dfsg-1ubuntu1.dsc: done.
  Uploading openldap_2.4.53+dfsg.orig.tar.gz: done.
  Uploading openldap_2.4.53+dfsg-1ubuntu1.debian.tar.xz: done.
  Uploading openldap_2.4.53+dfsg-1ubuntu1_source.buildinfo: done.
  Uploading openldap_2.4.53+dfsg-1ubuntu1_source.changes: done.
Successfully uploaded packages.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Merged
 openldap | 2.4.53+dfsg-1ubuntu1 | groovy | source

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/debian/apparmor-profile b/debian/apparmor-profile
0new file mode 1006440new file mode 100644
index 0000000..9e1070f
--- /dev/null
+++ b/debian/apparmor-profile
@@ -0,0 +1,61 @@
1# vim:syntax=apparmor
2# Last Modified: Fri Jun 6 13:51:00 2020
3# Author: Jamie Strandboge <jamie@ubuntu.com>
4
5#include <tunables/global>
6
7/usr/sbin/slapd {
8 #include <abstractions/base>
9 #include <abstractions/nameservice>
10 #include <abstractions/p11-kit>
11
12 #include <abstractions/ssl_certs>
13 /etc/ssl/private/ r,
14 /etc/ssl/private/* r,
15
16 /etc/sasldb2 r,
17
18 capability dac_override,
19 capability net_bind_service,
20 capability setgid,
21 capability setuid,
22
23 /etc/gai.conf r,
24 /etc/hosts.allow r,
25 /etc/hosts.deny r,
26
27 # ldap files
28 /etc/ldap/** kr,
29 /etc/ldap/slapd.d/** rw,
30
31 # kerberos/gssapi
32 /dev/tty rw,
33 /etc/gss/mech.d/ r,
34 /etc/gss/mech.d/* kr,
35 /etc/krb5.keytab kr,
36 /etc/krb5/user/*/client.keytab kr,
37 owner /tmp/krb5cc_* rwk,
38 /var/tmp/ rw,
39 /var/tmp/** rw,
40
41 # the databases and logs
42 /var/lib/ldap/ r,
43 /var/lib/ldap/** rwk,
44
45 # lock file
46 /var/lib/ldap/alock kw,
47
48 # pid files and sockets
49 /{,var/}run/slapd/* w,
50 /{,var/}run/slapd/ldapi rw,
51 /{,var/}run/nslcd/socket rw,
52 /{,var/}run/saslauthd/mux rw,
53
54 /usr/lib/ldap/ r,
55 /usr/lib/ldap/* mr,
56
57 /usr/sbin/slapd mr,
58
59 # Site-specific additions and overrides. See local/README for details.
60 #include <local/usr.sbin.slapd>
61}
diff --git a/debian/changelog b/debian/changelog
index 7cafa02..2610ddb 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,9 +1,112 @@
1openldap (2.4.53+dfsg-1ubuntu1) groovy; urgency=medium
2
3 * Merge with Debian unstable (LP: #1894838). Remaining changes:
4 - Enable AppArmor support:
5 + d/apparmor-profile: add AppArmor profile
6 + d/rules: use dh_apparmor
7 + d/control: Build-Depends on dh-apparmor
8 + d/slapd.README.Debian: add note about AppArmor
9 - Enable GSSAPI support (first added in 2.4.18-0ubuntu2):
10 + d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
11 - Add --with-gssapi support
12 - Make guess_service_principal() more robust when determining
13 principal
14 + d/configure.options: Configure with --with-gssapi
15 + d/control: Added heimdal-dev as a build depend
16 + d/rules:
17 - Explicitly add -I/usr/include/heimdal to CFLAGS.
18 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
19 + d/libldap-2.4-2.symbols: add symbols for GSSAPI support
20 This should be dropped when the soname changes.
21 - Enable ufw support:
22 + d/control: suggest ufw.
23 + d/rules: install ufw profile.
24 + d/slapd.ufw.profile: add ufw profile.
25 - Enable nss overlay:
26 + d/rules:
27 - add nssov to CONTRIB_MODULES
28 - add sysconfdir to CONTRIB_MAKEVARS
29 + d/slapd.install: install nssov overlay
30 + d/slapd.manpages: install slapo-nssov(5) man page
31 + d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
32 Debian bug #919136, we also have to patch the nssov makefile
33 accordingly and thus update this patch.
34 - d/{rules,slapd.py}: Add apport hook.
35 - Add support for CLDAP (UDP) support, back then required by
36 likewise-open (first enabled in 2.4.17-1ubuntu2):
37 + d/rules: Enable -DLDAP_CONNECTIONLESS
38 + d/libldap-2.4-2.symbols: add symbols for CLDAP (UDP)
39 This should be dropped when the soname changes.
40 - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because
41 of test timing issue.
42 - d/rules: better regexp to match the Maintainer tag in d/control,
43 needed in the Ubuntu case because of XSBC-Original-Maintainer
44 (Closes #960448, LP #1875697)
45
46 -- Andreas Hasenack <andreas@canonical.com> Tue, 08 Sep 2020 09:36:58 -0300
47
1openldap (2.4.53+dfsg-1) unstable; urgency=medium48openldap (2.4.53+dfsg-1) unstable; urgency=medium
249
3 * New upstream release.50 * New upstream release.
451
5 -- Ryan Tandy <ryan@nardis.ca> Mon, 07 Sep 2020 09:47:28 -070052 -- Ryan Tandy <ryan@nardis.ca> Mon, 07 Sep 2020 09:47:28 -0700
653
54openldap (2.4.51+dfsg-1ubuntu1) groovy; urgency=medium
55
56 * Merge with Debian unstable. Remaining changes:
57 - Enable AppArmor support:
58 + d/apparmor-profile: add AppArmor profile
59 + d/rules: use dh_apparmor
60 + d/control: Build-Depends on dh-apparmor
61 + d/slapd.README.Debian: add note about AppArmor
62 - Enable GSSAPI support (first added in 2.4.18-0ubuntu2):
63 + d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
64 - Add --with-gssapi support
65 - Make guess_service_principal() more robust when determining
66 principal
67 + d/configure.options: Configure with --with-gssapi
68 + d/control: Added heimdal-dev as a build depend
69 + d/rules:
70 - Explicitly add -I/usr/include/heimdal to CFLAGS.
71 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
72 + d/libldap-2.4-2.symbols: add symbols for GSSAPI support
73 This should be dropped when the soname changes.
74 - Enable ufw support:
75 + d/control: suggest ufw.
76 + d/rules: install ufw profile.
77 + d/slapd.ufw.profile: add ufw profile.
78 - Enable nss overlay:
79 + d/rules:
80 - add nssov to CONTRIB_MODULES
81 - add sysconfdir to CONTRIB_MAKEVARS
82 + d/slapd.install: install nssov overlay
83 + d/slapd.manpages: install slapo-nssov(5) man page
84 + d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
85 Debian bug #919136, we also have to patch the nssov makefile
86 accordingly and thus update this patch.
87 - d/{rules,slapd.py}: Add apport hook.
88 - Add support for CLDAP (UDP) support, back then required by
89 likewise-open (first enabled in 2.4.17-1ubuntu2):
90 + d/rules: Enable -DLDAP_CONNECTIONLESS
91 + d/libldap-2.4-2.symbols: add symbols for CLDAP (UDP)
92 This should be dropped when the soname changes.
93 - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because
94 of test timing issue.
95 - d/rules: better regexp to match the Maintainer tag in d/control,
96 needed in the Ubuntu case because of XSBC-Original-Maintainer
97 (Closes #960448, LP #1875697)
98 * Dropped:
99 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
100 [In 2.4.51+dfsg-1]
101 - d/slapd.scripts-common:
102 + add slapcat_opts to local variables.
103 + Fix backup directory naming for multiple reconfiguration.
104 [In 2.4.51+dfsg-1]
105 - debian/patches/set-maintainer-name: our d/rules change needs to
106 be kept, but this patch is in 2.4.51+dfsg-1.
107
108 -- Andreas Hasenack <andreas@canonical.com> Wed, 26 Aug 2020 11:03:24 -0300
109
7openldap (2.4.51+dfsg-1) unstable; urgency=medium110openldap (2.4.51+dfsg-1) unstable; urgency=medium
8111
9 * New upstream release.112 * New upstream release.
@@ -49,6 +152,85 @@ openldap (2.4.51+dfsg-1) unstable; urgency=medium
49152
50 -- Ryan Tandy <ryan@nardis.ca> Sun, 23 Aug 2020 11:09:57 -0700153 -- Ryan Tandy <ryan@nardis.ca> Sun, 23 Aug 2020 11:09:57 -0700
51154
155openldap (2.4.50+dfsg-1ubuntu3) groovy; urgency=medium
156
157 * No change rebuild against new libnettle8 and libhogweed6 ABI.
158
159 -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 29 Jun 2020 22:31:30 +0100
160
161openldap (2.4.50+dfsg-1ubuntu2) groovy; urgency=medium
162
163 * d/apparmor-profile: Update apparmor profile to grant access to
164 the saslauthd socket, so that SASL authentication works. (LP: #1557157)
165
166 -- Sergio Durigan Junior <sergio.durigan@canonical.com> Fri, 12 Jun 2020 18:20:42 -0400
167
168openldap (2.4.50+dfsg-1ubuntu1) groovy; urgency=medium
169
170 * Merge with Debian unstable. Remaining changes:
171 - Enable AppArmor support:
172 + d/apparmor-profile: add AppArmor profile
173 + d/rules: use dh_apparmor
174 + d/control: Build-Depends on dh-apparmor
175 + d/slapd.README.Debian: add note about AppArmor
176 - Enable GSSAPI support (first added in 2.4.18-0ubuntu2):
177 + d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
178 - Add --with-gssapi support
179 - Make guess_service_principal() more robust when determining
180 principal
181 + d/configure.options: Configure with --with-gssapi
182 + d/control: Added heimdal-dev as a build depend
183 + d/rules:
184 - Explicitly add -I/usr/include/heimdal to CFLAGS.
185 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
186 + d/libldap-2.4-2.symbols: add symbols for GSSAPI support
187 This should be dropped when the soname changes.
188 - Enable ufw support:
189 + d/control: suggest ufw.
190 + d/rules: install ufw profile.
191 + d/slapd.ufw.profile: add ufw profile.
192 - Enable nss overlay:
193 + d/rules:
194 - add nssov to CONTRIB_MODULES
195 - add sysconfdir to CONTRIB_MAKEVARS
196 + d/slapd.install:
197 - install nssov overlay
198 + d/slapd.manpages:
199 - install slapo-nssov(5) man page
200 + d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
201 Debian bug #919136, we also have to patch the nssov makefile
202 accordingly and thus update this patch.
203 - d/{rules,slapd.py}: Add apport hook.
204 - d/slapd.scripts-common:
205 + add slapcat_opts to local variables.
206 + Fix backup directory naming for multiple reconfiguration.
207 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
208 - Add support for CLDAP (UDP) support, back then required by
209 likewise-open (first enabled in 2.4.17-1ubuntu2):
210 + d/rules: Enable -DLDAP_CONNECTIONLESS
211 + d/libldap-2.4-2.symbols: add symbols for CLDAP (UDP)
212 This should be dropped when the soname changes.
213 - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because
214 of test timing issue.
215 * Dropped:
216 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
217 either the default DIT nor via an Authn mapping.
218 [Not worth keeping a delta for, as having olcRootDN doesn't hurt]
219 - Show distribution in version:
220 - d/control: added lsb-release
221 - d/patches/fix-ldap-distribution.patch: show distribution in version
222 [Debian now shows the full package version]
223 - SECURITY UPDATE: denial of service via nested search filters
224 + debian/patches/CVE-2020-12243.patch: limit depth of nested
225 filters in servers/slapd/filter.c.
226 [Fixed upstream]
227 * Added:
228 - d/rules, debian/patches/set-maintainer-name: Extract maintainer
229 address dynamically from debian/control. Thanks to Ryan Tandy
230 <ryan@nardis.ca> (Closes: #960448, LP: #1875697)
231
232 -- Andreas Hasenack <andreas@canonical.com> Mon, 01 Jun 2020 09:19:58 -0300
233
52openldap (2.4.50+dfsg-1) unstable; urgency=medium234openldap (2.4.50+dfsg-1) unstable; urgency=medium
53235
54 * New upstream release.236 * New upstream release.
@@ -91,6 +273,69 @@ openldap (2.4.49+dfsg-3) unstable; urgency=medium
91273
92 -- Ryan Tandy <ryan@nardis.ca> Sat, 04 Apr 2020 10:43:56 -0700274 -- Ryan Tandy <ryan@nardis.ca> Sat, 04 Apr 2020 10:43:56 -0700
93275
276openldap (2.4.49+dfsg-2ubuntu2) groovy; urgency=medium
277
278 * SECURITY UPDATE: denial of service via nested search filters
279 - debian/patches/CVE-2020-12243.patch: limit depth of nested filters in
280 servers/slapd/filter.c.
281 - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because of
282 test timing issue.
283 - CVE-2020-12243
284
285 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 01 May 2020 13:09:12 -0400
286
287openldap (2.4.49+dfsg-2ubuntu1) focal; urgency=medium
288
289 * Merge with Debian unstable (LP: #1866303). Remaining changes:
290 - Enable AppArmor support:
291 - d/apparmor-profile: add AppArmor profile
292 - d/rules: use dh_apparmor
293 - d/control: Build-Depends on dh-apparmor
294 - d/slapd.README.Debian: add note about AppArmor
295 - Enable GSSAPI support:
296 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
297 - Add --with-gssapi support
298 - Make guess_service_principal() more robust when determining
299 principal
300 [Dropped the ldap_gssapi_bind_s() hunk as that is already
301 - d/configure.options: Configure with --with-gssapi
302 - d/control: Added heimdal-dev as a build depend
303 - d/rules:
304 - Explicitly add -I/usr/include/heimdal to CFLAGS.
305 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
306 - Enable ufw support:
307 - d/control: suggest ufw.
308 - d/rules: install ufw profile.
309 - d/slapd.ufw.profile: add ufw profile.
310 - Enable nss overlay:
311 - d/rules:
312 - add nssov to CONTRIB_MODULES
313 - add sysconfdir to CONTRIB_MAKEVARS
314 - d/slapd.install:
315 - install nssov overlay
316 - d/slapd.manpages:
317 - install slapo-nssov(5) man page
318 - d/{rules,slapd.py}: Add apport hook.
319 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
320 either the default DIT nor via an Authn mapping.
321 - d/slapd.scripts-common:
322 - add slapcat_opts to local variables.
323 - Fix backup directory naming for multiple reconfiguration.
324 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
325 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
326 in the openldap library, as required by Likewise-Open
327 - Show distribution in version:
328 - d/control: added lsb-release
329 - d/patches/fix-ldap-distribution.patch: show distribution in version
330 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
331 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
332 - GSSAPI support was enabled in 2.4.18-0ubuntu2
333 - d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
334 Debian bug #919136, we also have to patch the nssov makefile
335 accordingly and thus update this patch.
336
337 -- Andreas Hasenack <andreas@canonical.com> Fri, 06 Mar 2020 11:39:12 -0300
338
94openldap (2.4.49+dfsg-2) unstable; urgency=medium339openldap (2.4.49+dfsg-2) unstable; urgency=medium
95340
96 * slapd.README.Debian: Document the initial setup performed by slapd's341 * slapd.README.Debian: Document the initial setup performed by slapd's
@@ -102,6 +347,62 @@ openldap (2.4.49+dfsg-2) unstable; urgency=medium
102347
103 -- Ryan Tandy <ryan@nardis.ca> Thu, 05 Mar 2020 12:59:46 -0800348 -- Ryan Tandy <ryan@nardis.ca> Thu, 05 Mar 2020 12:59:46 -0800
104349
350openldap (2.4.49+dfsg-1ubuntu1) focal; urgency=medium
351
352 * Merge with Debian unstable. Remaining changes:
353 - Enable AppArmor support:
354 - d/apparmor-profile: add AppArmor profile
355 - d/rules: use dh_apparmor
356 - d/control: Build-Depends on dh-apparmor
357 - d/slapd.README.Debian: add note about AppArmor
358 - Enable GSSAPI support:
359 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
360 - Add --with-gssapi support
361 - Make guess_service_principal() more robust when determining
362 principal
363 [Dropped the ldap_gssapi_bind_s() hunk as that is already
364 - d/configure.options: Configure with --with-gssapi
365 - d/control: Added heimdal-dev as a build depend
366 - d/rules:
367 - Explicitly add -I/usr/include/heimdal to CFLAGS.
368 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
369 - Enable ufw support:
370 - d/control: suggest ufw.
371 - d/rules: install ufw profile.
372 - d/slapd.ufw.profile: add ufw profile.
373 - Enable nss overlay:
374 - d/rules:
375 - add nssov to CONTRIB_MODULES
376 - add sysconfdir to CONTRIB_MAKEVARS
377 - d/slapd.install:
378 - install nssov overlay
379 - d/slapd.manpages:
380 - install slapo-nssov(5) man page
381 - d/{rules,slapd.py}: Add apport hook.
382 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
383 either the default DIT nor via an Authn mapping.
384 - d/slapd.scripts-common:
385 - add slapcat_opts to local variables.
386 - Fix backup directory naming for multiple reconfiguration.
387 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
388 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
389 in the openldap library, as required by Likewise-Open
390 - Show distribution in version:
391 - d/control: added lsb-release
392 - d/patches/fix-ldap-distribution.patch: show distribution in version
393 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
394 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
395 - GSSAPI support was enabled in 2.4.18-0ubuntu2
396 - d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
397 Debian bug #919136, we also have to patch the nssov makefile
398 accordingly and thus update this patch.
399 * Dropped:
400 - d/control: slapd can depend on perl:any since it only uses perl for
401 some maintainer and helper scripts.
402 [In 2.4.49+dfsg-1]
403
404 -- Andreas Hasenack <andreas@canonical.com> Mon, 10 Feb 2020 12:13:47 -0300
405
105openldap (2.4.49+dfsg-1) unstable; urgency=medium406openldap (2.4.49+dfsg-1) unstable; urgency=medium
106407
107 * New upstream release.408 * New upstream release.
@@ -130,6 +431,102 @@ openldap (2.4.49+dfsg-1) unstable; urgency=medium
130431
131 -- Ryan Tandy <ryan@nardis.ca> Thu, 06 Feb 2020 10:08:12 -0800432 -- Ryan Tandy <ryan@nardis.ca> Thu, 06 Feb 2020 10:08:12 -0800
132433
434openldap (2.4.48+dfsg-1ubuntu4) focal; urgency=medium
435
436 * d/control: slapd can depend on perl:any since it only uses perl for
437 some maintainer and helper scripts. The perl backend links against
438 the correct architecture perl libraries already. Can be dropped
439 after https://salsa.debian.org/openldap-team/openldap/commit/794c736
440 is in a Debian upload.
441
442 -- Andreas Hasenack <andreas@canonical.com> Mon, 06 Jan 2020 16:46:11 -0300
443
444openldap (2.4.48+dfsg-1ubuntu3) focal; urgency=medium
445
446 * No-change rebuild against libnettle7
447
448 -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 31 Oct 2019 22:13:44 +0000
449
450openldap (2.4.48+dfsg-1ubuntu2) focal; urgency=medium
451
452 * No-change rebuild for the perl update.
453
454 -- Matthias Klose <doko@ubuntu.com> Fri, 18 Oct 2019 19:37:23 +0000
455
456openldap (2.4.48+dfsg-1ubuntu1) eoan; urgency=medium
457
458 * Merge with Debian unstable. Remaining changes:
459 - Enable AppArmor support:
460 - d/apparmor-profile: add AppArmor profile
461 - d/rules: use dh_apparmor
462 - d/control: Build-Depends on dh-apparmor
463 - d/slapd.README.Debian: add note about AppArmor
464 - Enable GSSAPI support:
465 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
466 - Add --with-gssapi support
467 - Make guess_service_principal() more robust when determining
468 principal
469 - d/configure.options: Configure with --with-gssapi
470 - d/control: Added heimdal-dev as a build depend
471 - d/rules:
472 - Explicitly add -I/usr/include/heimdal to CFLAGS.
473 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
474 - Enable ufw support:
475 - d/control: suggest ufw.
476 - d/rules: install ufw profile.
477 - d/slapd.ufw.profile: add ufw profile.
478 - Enable nss overlay:
479 - d/rules:
480 - add nssov to CONTRIB_MODULES
481 - add sysconfdir to CONTRIB_MAKEVARS
482 - d/slapd.install:
483 - install nssov overlay
484 - d/slapd.manpages:
485 - install slapo-nssov(5) man page
486 - d/{rules,slapd.py}: Add apport hook.
487 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
488 either the default DIT nor via an Authn mapping.
489 - d/slapd.scripts-common:
490 - add slapcat_opts to local variables.
491 - Fix backup directory naming for multiple reconfiguration.
492 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
493 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
494 in the openldap library, as required by Likewise-Open
495 - Show distribution in version:
496 - d/control: added lsb-release
497 - d/patches/fix-ldap-distribution.patch: show distribution in version
498 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
499 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
500 - GSSAPI support was enabled in 2.4.18-0ubuntu2
501 - d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
502 Debian bug #919136, we also have to patch the nssov makefile
503 accordingly and thus update this patch.
504 * Dropped:
505 - Fix sysv-generator unit file by customizing parameters (LP #1821343)
506 + d/slapd-remain-after-exit.conf: Override RemainAfterExit to allow
507 correct systemctl status for slapd daemon.
508 + d/slapd.install: place override file in correct location.
509 [Included in 2.4.48+dfsg-1]
510 - SECURITY UPDATE: rootDN proxyauthz not restricted to its own databases
511 + debian/patches/CVE-2019-13057-1.patch: add restriction to
512 servers/slapd/saslauthz.c.
513 + debian/patches/CVE-2019-13057-2.patch: add tests to
514 tests/data/idassert.out, tests/data/slapd-idassert.conf,
515 tests/data/test-idassert1.ldif, tests/scripts/test028-idassert.
516 + debian/patches/CVE-2019-13057-3.patch: fix typo in
517 tests/scripts/test028-idassert.
518 + debian/patches/CVE-2019-13057-4.patch: fix typo in
519 tests/scripts/test028-idassert.
520 + CVE-2019-13057
521 [Fixed upstream]
522 - SECURITY UPDATE: SASL SSF not initialized per connection
523 + debian/patches/CVE-2019-13565.patch: zero out sasl_ssf in
524 connection_init in servers/slapd/connection.c.
525 + CVE-2019-13565
526 [Fixed upstream]
527
528 -- Andreas Hasenack <andreas@canonical.com> Wed, 31 Jul 2019 18:01:14 -0300
529
133openldap (2.4.48+dfsg-1) unstable; urgency=medium530openldap (2.4.48+dfsg-1) unstable; urgency=medium
134531
135 * New upstream release.532 * New upstream release.
@@ -157,6 +554,87 @@ openldap (2.4.48+dfsg-1) unstable; urgency=medium
157554
158 -- Ryan Tandy <ryan@nardis.ca> Thu, 25 Jul 2019 08:32:00 -0700555 -- Ryan Tandy <ryan@nardis.ca> Thu, 25 Jul 2019 08:32:00 -0700
159556
557openldap (2.4.47+dfsg-3ubuntu3) eoan; urgency=medium
558
559 * SECURITY UPDATE: rootDN proxyauthz not restricted to its own databases
560 - debian/patches/CVE-2019-13057-1.patch: add restriction to
561 servers/slapd/saslauthz.c.
562 - debian/patches/CVE-2019-13057-2.patch: add tests to
563 tests/data/idassert.out, tests/data/slapd-idassert.conf,
564 tests/data/test-idassert1.ldif, tests/scripts/test028-idassert.
565 - debian/patches/CVE-2019-13057-3.patch: fix typo in
566 tests/scripts/test028-idassert.
567 - debian/patches/CVE-2019-13057-4.patch: fix typo in
568 tests/scripts/test028-idassert.
569 - CVE-2019-13057
570 * SECURITY UPDATE: SASL SSF not initialized per connection
571 - debian/patches/CVE-2019-13565.patch: zero out sasl_ssf in
572 connection_init in servers/slapd/connection.c.
573 - CVE-2019-13565
574
575 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 26 Jul 2019 13:21:00 -0400
576
577openldap (2.4.47+dfsg-3ubuntu2) disco; urgency=medium
578
579 * Fix sysv-generator unit file by customizing parameters (LP: #1821343)
580 - d/slapd-remain-after-exit.conf: Override RemainAfterExit to allow
581 correct systemctl status for slapd daemon.
582 - d/slapd.install: place override file in correct location.
583
584 -- Heitor Alves de Siqueira <halves@canonical.com> Mon, 08 Apr 2019 12:39:12 -0300
585
586openldap (2.4.47+dfsg-3ubuntu1) disco; urgency=medium
587
588 * Merge with Debian unstable. Remaining changes:
589 - Enable AppArmor support:
590 - d/apparmor-profile: add AppArmor profile
591 - d/rules: use dh_apparmor
592 - d/control: Build-Depends on dh-apparmor
593 - d/slapd.README.Debian: add note about AppArmor
594 - Enable GSSAPI support:
595 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
596 - Add --with-gssapi support
597 - Make guess_service_principal() more robust when determining
598 principal
599 - d/configure.options: Configure with --with-gssapi
600 - d/control: Added heimdal-dev as a build depend
601 - d/rules:
602 - Explicitly add -I/usr/include/heimdal to CFLAGS.
603 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
604 - Enable ufw support:
605 - d/control: suggest ufw.
606 - d/rules: install ufw profile.
607 - d/slapd.ufw.profile: add ufw profile.
608 - Enable nss overlay:
609 - d/rules:
610 - add nssov to CONTRIB_MODULES
611 - add sysconfdir to CONTRIB_MAKEVARS
612 - d/slapd.install:
613 - install nssov overlay
614 - d/slapd.manpages:
615 - install slapo-nssov(5) man page
616 - d/{rules,slapd.py}: Add apport hook.
617 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
618 either the default DIT nor via an Authn mapping.
619 - d/slapd.scripts-common:
620 - add slapcat_opts to local variables.
621 - Fix backup directory naming for multiple reconfiguration.
622 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
623 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
624 in the openldap library, as required by Likewise-Open
625 - Show distribution in version:
626 - d/control: added lsb-release
627 - d/patches/fix-ldap-distribution.patch: show distribution in version
628 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
629 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
630 - GSSAPI support was enabled in 2.4.18-0ubuntu2
631 * Added changes:
632 - d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
633 Debian bug #919136, we also have to patch the nssov makefile
634 accordingly and thus update this patch.
635
636 -- Andreas Hasenack <andreas@canonical.com> Mon, 11 Feb 2019 09:20:47 -0200
637
160openldap (2.4.47+dfsg-3) unstable; urgency=medium638openldap (2.4.47+dfsg-3) unstable; urgency=medium
161639
162 * Restore patches to contrib Makefiles to set CFLAGS, CPPFLAGS, and LDFLAGS640 * Restore patches to contrib Makefiles to set CFLAGS, CPPFLAGS, and LDFLAGS
@@ -172,6 +650,63 @@ openldap (2.4.47+dfsg-3) unstable; urgency=medium
172650
173 -- Ryan Tandy <ryan@nardis.ca> Sat, 02 Feb 2019 10:30:10 -0800651 -- Ryan Tandy <ryan@nardis.ca> Sat, 02 Feb 2019 10:30:10 -0800
174652
653openldap (2.4.47+dfsg-2ubuntu1) disco; urgency=medium
654
655 * Merge from Debian unstable (LP: #1811630). Remaining changes:
656 - Enable AppArmor support:
657 - d/apparmor-profile: add AppArmor profile
658 - d/rules: use dh_apparmor
659 - d/control: Build-Depends on dh-apparmor
660 - d/slapd.README.Debian: add note about AppArmor
661 - Enable GSSAPI support:
662 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
663 - Add --with-gssapi support
664 - Make guess_service_principal() more robust when determining
665 principal
666 - d/configure.options: Configure with --with-gssapi
667 - d/control: Added heimdal-dev as a build depend
668 - d/rules:
669 - Explicitly add -I/usr/include/heimdal to CFLAGS.
670 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
671 - Enable ufw support:
672 - d/control: suggest ufw.
673 - d/rules: install ufw profile.
674 - d/slapd.ufw.profile: add ufw profile.
675 - Enable nss overlay:
676 - d/rules:
677 - add nssov to CONTRIB_MODULES
678 - add sysconfdir to CONTRIB_MAKEVARS
679 - d/slapd.install:
680 - install nssov overlay
681 - d/slapd.manpages:
682 - install slapo-nssov(5) man page
683 - d/{rules,slapd.py}: Add apport hook.
684 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
685 either the default DIT nor via an Authn mapping.
686 - d/slapd.scripts-common:
687 - add slapcat_opts to local variables.
688 - Fix backup directory naming for multiple reconfiguration.
689 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
690 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
691 in the openldap library, as required by Likewise-Open
692 - Show distribution in version:
693 - d/control: added lsb-release
694 - d/patches/fix-ldap-distribution.patch: show distribution in version
695 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
696 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
697 - GSSAPI support was enabled in 2.4.18-0ubuntu2
698 * Update nssov build and packaging for Debian changes:
699 - Drop patch nssov-build
700 - d/rules:
701 - add nssov to CONTRIB_MODULES
702 - add sysconfdir to CONTRIB_MAKEVARS
703 - d/slapd.install:
704 - install nssov overlay
705 - d/slapd.manpages:
706 - install slapo-nssov(5) man page
707
708 -- Ryan Tandy <ryan@nardis.ca> Sun, 13 Jan 2019 04:47:09 +0000
709
175openldap (2.4.47+dfsg-2) unstable; urgency=medium710openldap (2.4.47+dfsg-2) unstable; urgency=medium
176711
177 * Reintroduce slapi-dev binary package. (Closes: #711469)712 * Reintroduce slapi-dev binary package. (Closes: #711469)
@@ -209,6 +744,63 @@ openldap (2.4.47+dfsg-1) unstable; urgency=medium
209744
210 -- Ryan Tandy <ryan@nardis.ca> Sun, 23 Dec 2018 12:50:40 -0800745 -- Ryan Tandy <ryan@nardis.ca> Sun, 23 Dec 2018 12:50:40 -0800
211746
747openldap (2.4.46+dfsg-5ubuntu3) disco; urgency=medium
748
749 * d/apparmor-profile: update apparmor profile to allow reading of
750 files needed when slapd is behaving as a kerberos/gssapi client
751 and acquiring its own ticket. (LP: #1783183)
752
753 -- Andreas Hasenack <andreas@canonical.com> Fri, 09 Nov 2018 21:29:51 -0200
754
755openldap (2.4.46+dfsg-5ubuntu2) disco; urgency=medium
756
757 * No-change rebuild for the perl 5.28 transition.
758
759 -- Adam Conrad <adconrad@ubuntu.com> Fri, 02 Nov 2018 18:14:37 -0600
760
761openldap (2.4.46+dfsg-5ubuntu1) cosmic; urgency=medium
762
763 * Merge from Debian unstable. Remaining changes:
764 - Enable AppArmor support:
765 - d/apparmor-profile: add AppArmor profile
766 - d/rules: use dh_apparmor
767 - d/control: Build-Depends on dh-apparmor
768 - d/slapd.README.Debian: add note about AppArmor
769 - Enable GSSAPI support:
770 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
771 - Add --with-gssapi support
772 - Make guess_service_principal() more robust when determining
773 principal
774 - d/configure.options: Configure with --with-gssapi
775 - d/control: Added heimdal-dev as a build depend
776 - d/rules:
777 - Explicitly add -I/usr/include/heimdal to CFLAGS.
778 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
779 - Enable ufw support:
780 - d/control: suggest ufw.
781 - d/rules: install ufw profile.
782 - d/slapd.ufw.profile: add ufw profile.
783 - Enable nss overlay:
784 - d/{patches/nssov-build,rules}: Apply, build and package the
785 nss overlay.
786 - d/{rules,slapd.py}: Add apport hook.
787 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
788 either the default DIT nor via an Authn mapping.
789 - d/slapd.scripts-common:
790 - add slapcat_opts to local variables.
791 - Fix backup directory naming for multiple reconfiguration.
792 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
793 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
794 in the openldap library, as required by Likewise-Open
795 - Show distribution in version:
796 - d/control: added lsb-release
797 - d/patches/fix-ldap-distribution.patch: show distribution in version
798 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
799 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
800 - GSSAPI support was enabled in 2.4.18-0ubuntu2
801
802 -- Gianfranco Costamagna <locutusofborg@debian.org> Wed, 09 May 2018 13:44:37 +0200
803
212openldap (2.4.46+dfsg-5) unstable; urgency=medium804openldap (2.4.46+dfsg-5) unstable; urgency=medium
213805
214 * Restore slapd-smbk5pwd now that libldap is installable in unstable.806 * Restore slapd-smbk5pwd now that libldap is installable in unstable.
@@ -228,6 +820,49 @@ openldap (2.4.46+dfsg-3) unstable; urgency=medium
228820
229 -- Ryan Tandy <ryan@nardis.ca> Fri, 04 May 2018 07:36:58 -0700821 -- Ryan Tandy <ryan@nardis.ca> Fri, 04 May 2018 07:36:58 -0700
230822
823openldap (2.4.46+dfsg-2ubuntu1) cosmic; urgency=low
824
825 * Merge from Debian unstable. Remaining changes:
826 - Enable AppArmor support:
827 - d/apparmor-profile: add AppArmor profile
828 - d/rules: use dh_apparmor
829 - d/control: Build-Depends on dh-apparmor
830 - d/slapd.README.Debian: add note about AppArmor
831 - Enable GSSAPI support:
832 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
833 - Add --with-gssapi support
834 - Make guess_service_principal() more robust when determining
835 principal
836 - d/configure.options: Configure with --with-gssapi
837 - d/control: Added heimdal-dev as a build depend
838 - d/rules:
839 - Explicitly add -I/usr/include/heimdal to CFLAGS.
840 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
841 - Enable ufw support:
842 - d/control: suggest ufw.
843 - d/rules: install ufw profile.
844 - d/slapd.ufw.profile: add ufw profile.
845 - Enable nss overlay:
846 - d/{patches/nssov-build,rules}: Apply, build and package the
847 nss overlay.
848 - d/{rules,slapd.py}: Add apport hook.
849 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
850 either the default DIT nor via an Authn mapping.
851 - d/slapd.scripts-common:
852 - add slapcat_opts to local variables.
853 - Fix backup directory naming for multiple reconfiguration.
854 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
855 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
856 in the openldap library, as required by Likewise-Open
857 - Show distribution in version:
858 - d/control: added lsb-release
859 - d/patches/fix-ldap-distribution.patch: show distribution in version
860 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
861 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
862 - GSSAPI support was enabled in 2.4.18-0ubuntu2
863
864 -- Gianfranco Costamagna <locutusofborg@debian.org> Fri, 04 May 2018 10:19:24 +0200
865
231openldap (2.4.46+dfsg-2) unstable; urgency=medium866openldap (2.4.46+dfsg-2) unstable; urgency=medium
232867
233 * Remove version constraint from libldap-2.4-2 dependency on libldap-common.868 * Remove version constraint from libldap-2.4-2 dependency on libldap-common.
@@ -257,6 +892,49 @@ openldap (2.4.46+dfsg-1) unstable; urgency=medium
257892
258 -- Ryan Tandy <ryan@nardis.ca> Thu, 03 May 2018 07:03:30 -0700893 -- Ryan Tandy <ryan@nardis.ca> Thu, 03 May 2018 07:03:30 -0700
259894
895openldap (2.4.45+dfsg-1ubuntu1) artful; urgency=low
896
897 * Merge from Debian unstable. Remaining changes:
898 - Enable AppArmor support:
899 - d/apparmor-profile: add AppArmor profile
900 - d/rules: use dh_apparmor
901 - d/control: Build-Depends on dh-apparmor
902 - d/slapd.README.Debian: add note about AppArmor
903 - Enable GSSAPI support:
904 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
905 - Add --with-gssapi support
906 - Make guess_service_principal() more robust when determining
907 principal
908 - d/configure.options: Configure with --with-gssapi
909 - d/control: Added heimdal-dev as a build depend
910 - d/rules:
911 - Explicitly add -I/usr/include/heimdal to CFLAGS.
912 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
913 - Enable ufw support:
914 - d/control: suggest ufw.
915 - d/rules: install ufw profile.
916 - d/slapd.ufw.profile: add ufw profile.
917 - Enable nss overlay:
918 - d/{patches/nssov-build,rules}: Apply, build and package the
919 nss overlay.
920 - d/{rules,slapd.py}: Add apport hook.
921 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
922 either the default DIT nor via an Authn mapping.
923 - d/slapd.scripts-common:
924 - add slapcat_opts to local variables.
925 - Fix backup directory naming for multiple reconfiguration.
926 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
927 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
928 in the openldap library, as required by Likewise-Open
929 - Show distribution in version:
930 - d/control: added lsb-release
931 - d/patches/fix-ldap-distribution.patch: show distribution in version
932 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
933 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
934 - GSSAPI support was enabled in 2.4.18-0ubuntu2
935
936 -- Gianfranco Costamagna <locutusofborg@debian.org> Fri, 28 Jul 2017 14:49:07 +0200
937
260openldap (2.4.45+dfsg-1) unstable; urgency=medium938openldap (2.4.45+dfsg-1) unstable; urgency=medium
261939
262 * New upstream release.940 * New upstream release.
@@ -298,6 +976,49 @@ openldap (2.4.45+dfsg-1) unstable; urgency=medium
298976
299 -- Ryan Tandy <ryan@nardis.ca> Thu, 27 Jul 2017 18:04:41 -0700977 -- Ryan Tandy <ryan@nardis.ca> Thu, 27 Jul 2017 18:04:41 -0700
300978
979openldap (2.4.44+dfsg-8ubuntu1) artful; urgency=low
980
981 * Merge from Debian unstable. Remaining changes:
982 - Enable AppArmor support:
983 - d/apparmor-profile: add AppArmor profile
984 - d/rules: use dh_apparmor
985 - d/control: Build-Depends on dh-apparmor
986 - d/slapd.README.Debian: add note about AppArmor
987 - Enable GSSAPI support:
988 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
989 - Add --with-gssapi support
990 - Make guess_service_principal() more robust when determining
991 principal
992 - d/configure.options: Configure with --with-gssapi
993 - d/control: Added heimdal-dev as a build depend
994 - d/rules:
995 - Explicitly add -I/usr/include/heimdal to CFLAGS.
996 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
997 - Enable ufw support:
998 - d/control: suggest ufw.
999 - d/rules: install ufw profile.
1000 - d/slapd.ufw.profile: add ufw profile.
1001 - Enable nss overlay:
1002 - d/{patches/nssov-build,rules}: Apply, build and package the
1003 nss overlay.
1004 - d/{rules,slapd.py}: Add apport hook.
1005 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1006 either the default DIT nor via an Authn mapping.
1007 - d/slapd.scripts-common:
1008 - add slapcat_opts to local variables.
1009 - Fix backup directory naming for multiple reconfiguration.
1010 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1011 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1012 in the openldap library, as required by Likewise-Open
1013 - Show distribution in version:
1014 - d/control: added lsb-release
1015 - d/patches/fix-ldap-distribution.patch: show distribution in version
1016 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1017 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1018 - GSSAPI support was enabled in 2.4.18-0ubuntu2
1019
1020 -- Gianfranco Costamagna <locutusofborg@debian.org> Mon, 17 Jul 2017 10:58:24 +0200
1021
301openldap (2.4.44+dfsg-8) unstable; urgency=medium1022openldap (2.4.44+dfsg-8) unstable; urgency=medium
3021023
303 * Disable test060-mt-hot on ppc64el temporarily to avoid failing tests until1024 * Disable test060-mt-hot on ppc64el temporarily to avoid failing tests until
@@ -308,6 +1029,52 @@ openldap (2.4.44+dfsg-8) unstable; urgency=medium
3081029
309 -- Ryan Tandy <ryan@nardis.ca> Sun, 16 Jul 2017 12:57:41 -07001030 -- Ryan Tandy <ryan@nardis.ca> Sun, 16 Jul 2017 12:57:41 -0700
3101031
1032openldap (2.4.44+dfsg-7ubuntu1) artful; urgency=medium
1033
1034 * Merge from Debian unstable. Remaining changes:
1035 - Enable AppArmor support:
1036 - d/apparmor-profile: add AppArmor profile
1037 - d/rules: use dh_apparmor
1038 - d/control: Build-Depends on dh-apparmor
1039 - d/slapd.README.Debian: add note about AppArmor
1040 - Enable GSSAPI support:
1041 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1042 - Add --with-gssapi support
1043 - Make guess_service_principal() more robust when determining
1044 principal
1045 - d/configure.options: Configure with --with-gssapi
1046 - d/control: Added heimdal-dev as a build depend
1047 - d/rules:
1048 - Explicitly add -I/usr/include/heimdal to CFLAGS.
1049 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1050 - Enable ufw support:
1051 - d/control: suggest ufw.
1052 - d/rules: install ufw profile.
1053 - d/slapd.ufw.profile: add ufw profile.
1054 - Enable nss overlay:
1055 - d/{patches/nssov-build,rules}: Apply, build and package the
1056 nss overlay.
1057 - d/{rules,slapd.py}: Add apport hook.
1058 [ d/rules modification mentioned above was dropped in
1059 2.4.23-6ubuntu1, re-adding it ]
1060 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1061 either the default DIT nor via an Authn mapping.
1062 - d/slapd.scripts-common:
1063 - add slapcat_opts to local variables.
1064 - Fix backup directory naming for multiple reconfiguration.
1065 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1066 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1067 in the openldap library, as required by Likewise-Open
1068 - Show distribution in version:
1069 - d/control: added lsb-release
1070 - d/patches/fix-ldap-distribution.patch: show distribution in version
1071 [ Refreshed patch ]
1072 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1073 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1074 - GSSAPI support was enabled in 2.4.18-0ubuntu2
1075
1076 -- Gianfranco Costamagna <locutusofborg@debian.org> Tue, 27 Jun 2017 10:21:41 +0200
1077
311openldap (2.4.44+dfsg-7) unstable; urgency=medium1078openldap (2.4.44+dfsg-7) unstable; urgency=medium
3121079
313 * Relax the dependency of libldap-2.4-2 on libldap-common to also permit1080 * Relax the dependency of libldap-2.4-2 on libldap-common to also permit
@@ -315,6 +1082,52 @@ openldap (2.4.44+dfsg-7) unstable; urgency=medium
3151082
316 -- Ryan Tandy <ryan@nardis.ca> Tue, 27 Jun 2017 18:53:12 -07001083 -- Ryan Tandy <ryan@nardis.ca> Tue, 27 Jun 2017 18:53:12 -0700
3171084
1085openldap (2.4.44+dfsg-6ubuntu1) artful; urgency=medium
1086
1087 * Merge from Debian unstable. Remaining changes:
1088 - Enable AppArmor support:
1089 - d/apparmor-profile: add AppArmor profile
1090 - d/rules: use dh_apparmor
1091 - d/control: Build-Depends on dh-apparmor
1092 - d/slapd.README.Debian: add note about AppArmor
1093 - Enable GSSAPI support:
1094 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1095 - Add --with-gssapi support
1096 - Make guess_service_principal() more robust when determining
1097 principal
1098 - d/configure.options: Configure with --with-gssapi
1099 - d/control: Added heimdal-dev as a build depend
1100 - d/rules:
1101 - Explicitly add -I/usr/include/heimdal to CFLAGS.
1102 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1103 - Enable ufw support:
1104 - d/control: suggest ufw.
1105 - d/rules: install ufw profile.
1106 - d/slapd.ufw.profile: add ufw profile.
1107 - Enable nss overlay:
1108 - d/{patches/nssov-build,rules}: Apply, build and package the
1109 nss overlay.
1110 - d/{rules,slapd.py}: Add apport hook.
1111 [ d/rules modification mentioned above was dropped in
1112 2.4.23-6ubuntu1, re-adding it ]
1113 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1114 either the default DIT nor via an Authn mapping.
1115 - d/slapd.scripts-common:
1116 - add slapcat_opts to local variables.
1117 - Fix backup directory naming for multiple reconfiguration.
1118 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1119 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1120 in the openldap library, as required by Likewise-Open
1121 - Show distribution in version:
1122 - d/control: added lsb-release
1123 - d/patches/fix-ldap-distribution.patch: show distribution in version
1124 [ Refreshed patch ]
1125 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1126 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1127 - GSSAPI support was enabled in 2.4.18-0ubuntu2
1128
1129 -- Gianfranco Costamagna <locutusofborg@debian.org> Tue, 27 Jun 2017 10:21:41 +0200
1130
318openldap (2.4.44+dfsg-6) unstable; urgency=medium1131openldap (2.4.44+dfsg-6) unstable; urgency=medium
3191132
320 * Update the list of non-translatable strings for the1133 * Update the list of non-translatable strings for the
@@ -323,6 +1136,54 @@ openldap (2.4.44+dfsg-6) unstable; urgency=medium
3231136
324 -- Ryan Tandy <ryan@nardis.ca> Mon, 26 Jun 2017 19:42:02 -07001137 -- Ryan Tandy <ryan@nardis.ca> Mon, 26 Jun 2017 19:42:02 -0700
3251138
1139openldap (2.4.44+dfsg-5ubuntu1) artful; urgency=medium
1140
1141 * Merge from Debian unstable. Remaining changes:
1142 - Enable AppArmor support:
1143 - d/apparmor-profile: add AppArmor profile
1144 - d/rules: use dh_apparmor
1145 - d/control: Build-Depends on dh-apparmor
1146 - d/slapd.README.Debian: add note about AppArmor
1147 - Enable GSSAPI support:
1148 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1149 - Add --with-gssapi support
1150 - Make guess_service_principal() more robust when determining
1151 principal
1152 - d/configure.options: Configure with --with-gssapi
1153 - d/control: Added heimdal-dev as a build depend
1154 - d/rules:
1155 - Explicitly add -I/usr/include/heimdal to CFLAGS.
1156 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1157 - Enable ufw support:
1158 - d/control: suggest ufw.
1159 - d/rules: install ufw profile.
1160 - d/slapd.ufw.profile: add ufw profile.
1161 - Enable nss overlay:
1162 - d/{patches/nssov-build,rules}: Apply, build and package the
1163 nss overlay.
1164 - d/{rules,slapd.py}: Add apport hook.
1165 [ d/rules modification mentioned above was dropped in
1166 2.4.23-6ubuntu1, re-adding it ]
1167 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1168 either the default DIT nor via an Authn mapping.
1169 - d/slapd.scripts-common:
1170 - add slapcat_opts to local variables.
1171 - Fix backup directory naming for multiple reconfiguration.
1172 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1173 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1174 in the openldap library, as required by Likewise-Open
1175 - Show distribution in version:
1176 - d/control: added lsb-release
1177 - d/patches/fix-ldap-distribution.patch: show distribution in version
1178 [ Refreshed patch ]
1179 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1180 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1181 - GSSAPI support was enabled in 2.4.18-0ubuntu2
1182 [ undocumented in prior merge, added in 2.4.41+dfsg-1ubuntu1 ]
1183 - Fix use after free with GnuTLS. (LP #1557248)
1184
1185 -- Gianfranco Costamagna <locutusofborg@debian.org> Sun, 28 May 2017 22:43:50 +0200
1186
326openldap (2.4.44+dfsg-5) unstable; urgency=medium1187openldap (2.4.44+dfsg-5) unstable; urgency=medium
3271188
328 * debian/patches/ITS-8644-wait-for-slapd-to-start-in-test064.patch: Fix an1189 * debian/patches/ITS-8644-wait-for-slapd-to-start-in-test064.patch: Fix an
@@ -334,6 +1195,54 @@ openldap (2.4.44+dfsg-5) unstable; urgency=medium
3341195
335 -- Ryan Tandy <ryan@nardis.ca> Sun, 28 May 2017 09:59:46 -07001196 -- Ryan Tandy <ryan@nardis.ca> Sun, 28 May 2017 09:59:46 -0700
3361197
1198openldap (2.4.44+dfsg-4ubuntu1) artful; urgency=low
1199
1200 * Merge from Debian unstable. Remaining changes:
1201 - Enable AppArmor support:
1202 - d/apparmor-profile: add AppArmor profile
1203 - d/rules: use dh_apparmor
1204 - d/control: Build-Depends on dh-apparmor
1205 - d/slapd.README.Debian: add note about AppArmor
1206 - Enable GSSAPI support:
1207 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1208 - Add --with-gssapi support
1209 - Make guess_service_principal() more robust when determining
1210 principal
1211 - d/configure.options: Configure with --with-gssapi
1212 - d/control: Added heimdal-dev as a build depend
1213 - d/rules:
1214 - Explicitly add -I/usr/include/heimdal to CFLAGS.
1215 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1216 - Enable ufw support:
1217 - d/control: suggest ufw.
1218 - d/rules: install ufw profile.
1219 - d/slapd.ufw.profile: add ufw profile.
1220 - Enable nss overlay:
1221 - d/{patches/nssov-build,rules}: Apply, build and package the
1222 nss overlay.
1223 - d/{rules,slapd.py}: Add apport hook.
1224 [ d/rules modification mentioned above was dropped in
1225 2.4.23-6ubuntu1, re-adding it ]
1226 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1227 either the default DIT nor via an Authn mapping.
1228 - d/slapd.scripts-common:
1229 - add slapcat_opts to local variables.
1230 - Fix backup directory naming for multiple reconfiguration.
1231 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1232 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1233 in the openldap library, as required by Likewise-Open
1234 - Show distribution in version:
1235 - d/control: added lsb-release
1236 - d/patches/fix-ldap-distribution.patch: show distribution in version
1237 [ Refreshed patch ]
1238 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1239 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1240 - GSSAPI support was enabled in 2.4.18-0ubuntu2
1241 [ undocumented in prior merge, added in 2.4.41+dfsg-1ubuntu1 ]
1242 - Fix use after free with GnuTLS. (LP #1557248)
1243
1244 -- Gianfranco Costamagna <locutusofborg@debian.org> Sat, 22 Apr 2017 14:28:54 +0200
1245
337openldap (2.4.44+dfsg-4) unstable; urgency=medium1246openldap (2.4.44+dfsg-4) unstable; urgency=medium
3381247
339 * Improve the slapd/ppolicy_schema_needs_update debconf template. Thanks to1248 * Improve the slapd/ppolicy_schema_needs_update debconf template. Thanks to
@@ -380,6 +1289,67 @@ openldap (2.4.44+dfsg-4) unstable; urgency=medium
3801289
381 -- Ryan Tandy <ryan@nardis.ca> Sun, 16 Apr 2017 20:10:43 -07001290 -- Ryan Tandy <ryan@nardis.ca> Sun, 16 Apr 2017 20:10:43 -0700
3821291
1292openldap (2.4.44+dfsg-3ubuntu2) zesty; urgency=medium
1293
1294 * d/rules: Fix typo in previous upload.
1295
1296 -- Nishanth Aravamudan <nish.aravamudan@canonical.com> Fri, 10 Feb 2017 12:17:02 -0800
1297
1298openldap (2.4.44+dfsg-3ubuntu1) zesty; urgency=medium
1299
1300 * Merge with Debian unstable (LP: #1663702, LP: #1654416). Remaining
1301 changes
1302 - Enable AppArmor support:
1303 - d/apparmor-profile: add AppArmor profile
1304 - d/rules: use dh_apparmor
1305 - d/control: Build-Depends on dh-apparmor
1306 - d/slapd.README.Debian: add note about AppArmor
1307 - Enable GSSAPI support:
1308 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1309 - Add --with-gssapi support
1310 - Make guess_service_principal() more robust when determining
1311 principal
1312 - d/configure.options: Configure with --with-gssapi
1313 - d/control: Added heimdal-dev as a build depend
1314 - d/rules:
1315 - Explicitly add -I/usr/include/heimdal to CFLAGS.
1316 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1317 - Enable ufw support:
1318 - d/control: suggest ufw.
1319 - d/rules: install ufw profile.
1320 - d/slapd.ufw.profile: add ufw profile.
1321 - Enable nss overlay:
1322 - d/{patches/nssov-build,rules}: Apply, build and package the
1323 nss overlay.
1324 - d/{rules,slapd.py}: Add apport hook.
1325 [ d/rules modification mentioned above was dropped in
1326 2.4.23-6ubuntu1, re-adding it ]
1327 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1328 either the default DIT nor via an Authn mapping.
1329 - d/slapd.scripts-common:
1330 - add slapcat_opts to local variables.
1331 - Fix backup directory naming for multiple reconfiguration.
1332 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1333 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1334 in the openldap library, as required by Likewise-Open
1335 - Show distribution in version:
1336 - d/control: added lsb-release
1337 - d/patches/fix-ldap-distribution.patch: show distribution in version
1338 [ Refreshed patch ]
1339 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1340 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1341 - GSSAPI support was enabled in 2.4.18-0ubuntu2
1342 [ undocumented in prior merge, added in 2.4.41+dfsg-1ubuntu1 ]
1343 - Fix use after free with GnuTLS. (LP #1557248)
1344 * Drop:
1345 - d/slapd.scripts-common:
1346 + Remove unused variable new_conf.
1347 [ configure_v2_protocol_support function removed in 2.4.44+dfsg-1 ]
1348 - d/b/config.log: add config.log
1349 [ previously undocumented, stray change ]
1350
1351 -- Nishanth Aravamudan <nish.aravamudan@canonical.com> Fri, 10 Feb 2017 11:38:57 -0800
1352
383openldap (2.4.44+dfsg-3) unstable; urgency=medium1353openldap (2.4.44+dfsg-3) unstable; urgency=medium
3841354
385 * Apply upstream patch to fix FTBFS on kFreeBSD. (Closes: #845394)1355 * Apply upstream patch to fix FTBFS on kFreeBSD. (Closes: #845394)
@@ -452,6 +1422,73 @@ openldap (2.4.44+dfsg-1) unstable; urgency=medium
4521422
453 -- Ryan Tandy <ryan@nardis.ca> Mon, 14 Nov 2016 18:59:30 -08001423 -- Ryan Tandy <ryan@nardis.ca> Mon, 14 Nov 2016 18:59:30 -0800
4541424
1425openldap (2.4.42+dfsg-2ubuntu5) zesty; urgency=medium
1426
1427 * No-change rebuild for perl 5.24 transition
1428
1429 -- Iain Lane <iain@orangesquash.org.uk> Mon, 24 Oct 2016 10:37:13 +0100
1430
1431openldap (2.4.42+dfsg-2ubuntu4) yakkety; urgency=medium
1432
1433 * Fix use after free with GnuTLS. (LP: #1557248)
1434
1435 -- Maciej Puzio <maciej@work.swmed.edu> Fri, 25 Mar 2016 15:24:25 -0500
1436
1437openldap (2.4.42+dfsg-2ubuntu3) xenial; urgency=medium
1438
1439 * Fix building with gssapi suppport:
1440 - Explicitly add -I/usr/include/heimdal to CFLAGS.
1441 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1442
1443 -- Matthias Klose <doko@ubuntu.com> Thu, 18 Feb 2016 09:17:27 +0100
1444
1445openldap (2.4.42+dfsg-2ubuntu2) xenial; urgency=medium
1446
1447 * No-change rebuild for gnutls transition.
1448
1449 -- Matthias Klose <doko@ubuntu.com> Wed, 17 Feb 2016 22:27:04 +0000
1450
1451openldap (2.4.42+dfsg-2ubuntu1) xenial; urgency=medium
1452
1453 * Merge from Debian testing (LP: #1532648). Remaining changes:
1454 - Enable AppArmor support:
1455 - d/apparmor-profile: add AppArmor profile
1456 - d/rules: use dh_apparmor
1457 - d/control: Build-Depends on dh-apparmor
1458 - d/slapd.README.Debian: add note about AppArmor
1459 - Enable GSSAPI support:
1460 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1461 - Add --with-gssapi support
1462 - Make guess_service_principal() more robust when determining
1463 principal
1464 - d/configure.options: Configure with --with-gssapi
1465 - d/control: Added heimdal-dev as a build depend
1466 - Enable ufw support:
1467 - d/control: suggest ufw.
1468 - d/rules: install ufw profile.
1469 - d/slapd.ufw.profile: add ufw profile.
1470 - Enable nss overlay:
1471 - d/{patches/nssov-build,rules}: Apply, build and package the
1472 nss overlay.
1473 - d/{rules,slapd.py}: Add apport hook.
1474 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1475 either the default DIT nor via an Authn mapping.
1476 - d/slapd.scripts-common:
1477 - add slapcat_opts to local variables.
1478 - Remove unused variable new_conf.
1479 - Fix backup directory naming for multiple reconfiguration.
1480 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1481 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1482 in the openldap library, as required by Likewise-Open
1483 - Show distribution in version:
1484 - d/control: added lsb-release
1485 - d/patches/fix-ldap-distribution.patch: show distribution in version
1486 * Drop CVE-2015-6908.patch, included in Debian.
1487 * Remove DEB_HOST_ARCH from debian/rules: left over from when mdb was
1488 disabled on ppc64el, no longer used, and missed in the previous merge.
1489
1490 -- Ryan Tandy <ryan@nardis.ca> Sun, 10 Jan 2016 15:50:53 -0800
1491
455openldap (2.4.42+dfsg-2) unstable; urgency=medium1492openldap (2.4.42+dfsg-2) unstable; urgency=medium
4561493
457 [ Ryan Tandy ]1494 [ Ryan Tandy ]
@@ -519,6 +1556,71 @@ openldap (2.4.42+dfsg-1) unstable; urgency=medium
5191556
520 -- Ryan Tandy <ryan@nardis.ca> Fri, 21 Aug 2015 13:07:51 -07001557 -- Ryan Tandy <ryan@nardis.ca> Fri, 21 Aug 2015 13:07:51 -0700
5211558
1559openldap (2.4.41+dfsg-1ubuntu3) xenial; urgency=medium
1560
1561 * Rebuild for Perl 5.22.1.
1562
1563 -- Colin Watson <cjwatson@ubuntu.com> Fri, 18 Dec 2015 15:10:17 +0000
1564
1565openldap (2.4.41+dfsg-1ubuntu2) wily; urgency=medium
1566
1567 * SECURITY UPDATE: denial of service via crafted BER data
1568 - debian/patches/CVE-2015-6908.patch: remove obsolete assert in
1569 libraries/liblber/io.c.
1570 - CVE-2015-6908
1571
1572 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 14 Sep 2015 10:25:04 -0400
1573
1574openldap (2.4.41+dfsg-1ubuntu1) wily; urgency=medium
1575
1576 * Merge from Debian testing (LP: #1471831). Remaining changes:
1577 - Enable AppArmor support:
1578 - d/apparmor-profile: add AppArmor profile
1579 - d/rules: use dh_apparmor
1580 - d/control: Build-Depends on dh-apparmor
1581 - d/slapd.README.Debian: add note about AppArmor
1582 - Enable GSSAPI support:
1583 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1584 - Add --with-gssapi support
1585 - Make guess_service_principal() more robust when determining
1586 principal
1587 - d/configure.options: Configure with --with-gssapi
1588 - d/control: Added heimdal-dev as a build depend
1589 - Enable ufw support:
1590 - d/control: suggest ufw.
1591 - d/rules: install ufw profile.
1592 - d/slapd.ufw.profile: add ufw profile.
1593 - Enable nss overlay:
1594 - d/{patches/nssov-build,rules}: Apply, build and package the
1595 nss overlay.
1596 - d/{rules,slapd.py}: Add apport hook.
1597 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1598 either the default DIT nor via an Authn mapping.
1599 - d/slapd.scripts-common:
1600 - add slapcat_opts to local variables.
1601 - Remove unused variable new_conf.
1602 - Fix backup directory naming for multiple reconfiguration.
1603 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1604 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1605 in the openldap library, as required by Likewise-Open
1606 - Show distribution in version:
1607 - d/control: added lsb-release
1608 - d/patches/fix-ldap-distribution.patch: show distribution in version
1609 * Dropped changes:
1610 - Fix cpp calls for GCC 5: fixed upstream (ITS#8056)
1611 * Upstream fixes:
1612 - slapd crash with auditlog overlay and large (~27KB) attribute values
1613 (ITS#8003) (LP: #1461276)
1614 - nssov updated to support recent nss-pam-ldapd client libraries
1615 (ITS#8097) (LP: #1393306)
1616 * Update d/patches/nssov-build for upstream changes.
1617 * Tweak d/patches/gssapi.diff to apply without fuzz.
1618 * d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1619 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1620 - GSSAPI support was enabled in 2.4.18-0ubuntu2
1621
1622 -- Ryan Tandy <ryan@nardis.ca> Fri, 24 Jul 2015 14:12:06 -0700
1623
522openldap (2.4.41+dfsg-1) unstable; urgency=medium1624openldap (2.4.41+dfsg-1) unstable; urgency=medium
5231625
524 * New upstream release.1626 * New upstream release.
@@ -538,6 +1640,62 @@ openldap (2.4.40+dfsg-2) unstable; urgency=medium
5381640
539 -- Ryan Tandy <ryan@nardis.ca> Sun, 28 Jun 2015 20:40:37 -07001641 -- Ryan Tandy <ryan@nardis.ca> Sun, 28 Jun 2015 20:40:37 -0700
5401642
1643openldap (2.4.40+dfsg-1ubuntu2) wily; urgency=medium
1644
1645 * No-change rebuild for the libnettle6 transition.
1646
1647 -- Adam Conrad <adconrad@ubuntu.com> Sun, 14 Jun 2015 03:58:30 -0600
1648
1649openldap (2.4.40+dfsg-1ubuntu1) wily; urgency=low
1650
1651 * Merge from Debian testing (LP: #1395098, LP: #1316124). Remaining changes:
1652 - Enable AppArmor support:
1653 - d/apparmor-profile: add AppArmor profile
1654 - d/rules: use dh_apparmor
1655 - d/control: Build-Depends on dh-apparmor
1656 - d/slapd.README.Debian: add note about AppArmor
1657 - Enable GSSAPI support:
1658 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1659 - Add --with-gssapi support
1660 - Make guess_service_principal() more robust when determining
1661 principal
1662 - d/configure.options: Configure with --with-gssapi
1663 - d/control: Added heimdal-dev as a build depend
1664 - Enable ufw support:
1665 - d/control: suggest ufw.
1666 - d/rules: install ufw profile.
1667 - d/slapd.ufw.profile: add ufw profile.
1668 - Enable nss overlay:
1669 - d/{patches/nssov-build,rules}: Apply, build and package the
1670 nss overlay.
1671 - d/{rules,slapd.py}: Add apport hook.
1672 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1673 either the default DIT nor via an Authn mapping.
1674 - d/slapd.scripts-common:
1675 - add slapcat_opts to local variables.
1676 - Remove unused variable new_conf.
1677 - Fix backup directory naming for multiple reconfiguration.
1678 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1679 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1680 in the openldap library, as required by Likewise-Open
1681 - Show distribution in version:
1682 - d/control: added lsb-release
1683 - d/patches/fix-ldap-distribution.patch: show distribution in version
1684 * Drop patches included upstream:
1685 - d/patches/0001-ITS-7430-GnuTLS-Avoid-use-of-deprecated-function.patch
1686 - d/patches/bdb-deadlock.patch
1687 - d/patches/its-7354-fix-delta-sync-mmr.diff
1688 * Drop hardening-wrapper as Debian now sets PIE and bindnow flags.
1689 * debian/patches/nssov-build: Adjust for upstream changes.
1690 * debian/apparmor-profile:
1691 - Change 'r' to 'rw' for ldapi and nslcd sockets, required for apparmor
1692 kernel ABI v7 (utopic and later). (LP: #1392018)
1693 - Reduce permissions on /run/nslcd to just the nslcd socket.
1694 * Enable the mdb backend again on ppc64el, fixed upstream in ITS#7713.
1695 (LP: #1293250)
1696
1697 -- Ryan Tandy <ryan@nardis.ca> Mon, 25 May 2015 19:49:21 -0700
1698
541openldap (2.4.40+dfsg-1) unstable; urgency=medium1699openldap (2.4.40+dfsg-1) unstable; urgency=medium
5421700
543 * Remove inetorgperson.schema from the upstream source. Replace it with a1701 * Remove inetorgperson.schema from the upstream source. Replace it with a
@@ -726,6 +1884,187 @@ openldap (2.4.39-1) unstable; urgency=low
7261884
727 -- Steve Langasek <vorlon@debian.org> Mon, 17 Mar 2014 15:27:31 -07001885 -- Steve Langasek <vorlon@debian.org> Mon, 17 Mar 2014 15:27:31 -0700
7281886
1887openldap (2.4.31-1+nmu2ubuntu12) vivid; urgency=medium
1888
1889 * Fix cpp calls for GCC 5.
1890
1891 -- Matthias Klose <doko@ubuntu.com> Fri, 06 Mar 2015 13:23:29 +0100
1892
1893openldap (2.4.31-1+nmu2ubuntu11) utopic; urgency=medium
1894
1895 * debian/apparmor-profile:
1896 - allow p11-kit abstraction
1897 - allow read of /etc/gss/mech.d/*
1898
1899 -- Jamie Strandboge <jamie@ubuntu.com> Tue, 02 Sep 2014 15:29:05 -0500
1900
1901openldap (2.4.31-1+nmu2ubuntu10) utopic; urgency=medium
1902
1903 * Rebuild for Perl 5.20.0.
1904
1905 -- Colin Watson <cjwatson@ubuntu.com> Thu, 21 Aug 2014 13:29:20 +0100
1906
1907openldap (2.4.31-1+nmu2ubuntu9) utopic; urgency=medium
1908
1909 * Cherry-pick upstream patch for compat with recent GNUTLS.
1910 * Build-depend on libgnutls28-dev.
1911 * Build-depend on libgcrypt20-dev.
1912
1913 -- Dimitri John Ledkov <xnox@ubuntu.com> Fri, 08 Aug 2014 11:01:56 +0100
1914
1915openldap (2.4.31-1+nmu2ubuntu8) trusty; urgency=medium
1916
1917 * Bump database_format_changed value to 2.4.31-1+nmu2ubuntu5 for db5.3.
1918
1919 -- Adam Conrad <adconrad@ubuntu.com> Mon, 17 Mar 2014 12:50:18 -0600
1920
1921openldap (2.4.31-1+nmu2ubuntu7) trusty; urgency=medium
1922
1923 * Disable mdb backend on ppc64el due to test-suite failures.
1924
1925 -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 17 Mar 2014 16:32:29 +0000
1926
1927openldap (2.4.31-1+nmu2ubuntu6) trusty; urgency=low
1928
1929 * Fix segfault issue with master-master syncrepl (LP: #1287730):
1930 - d/patches/its-7354-fix-delta-sync-mmr.diff: Cherry picked
1931 patch from upstream VCS.
1932
1933 -- Pierre Fersing <pfersing@sierrawireless.com> Tue, 04 Mar 2014 16:04:57 +0100
1934
1935openldap (2.4.31-1+nmu2ubuntu5) trusty; urgency=low
1936
1937 * Build-depend on libdb5.3-dev, instead of libdb5.1-dev.
1938
1939 -- Dmitrijs Ledkovs <xnox@ubuntu.com> Mon, 04 Nov 2013 08:04:30 +0000
1940
1941openldap (2.4.31-1+nmu2ubuntu4) trusty; urgency=low
1942
1943 * Rebuild for Perl 5.18.
1944
1945 -- Colin Watson <cjwatson@ubuntu.com> Tue, 22 Oct 2013 12:16:39 +0100
1946
1947openldap (2.4.31-1+nmu2ubuntu3) saucy; urgency=low
1948
1949 * Update build/config.guess and build/config.sub at build time; this was
1950 not done automatically because the top-level configure.in does not use
1951 Automake.
1952
1953 -- Colin Watson <cjwatson@ubuntu.com> Tue, 08 Oct 2013 17:24:59 +0100
1954
1955openldap (2.4.31-1+nmu2ubuntu2) saucy; urgency=low
1956
1957 * debian/control: added lsb-release
1958 * debian/patches/fix-ldap-distribution.patch: show distribution in version
1959
1960 -- Yolanda Robla <yolanda.robla@canonical.com> Mon, 08 Jul 2013 16:53:09 +0200
1961
1962openldap (2.4.31-1+nmu2ubuntu1) saucy; urgency=low
1963
1964 * Merge from Debian unstable. Remaining changes:
1965 - Enable AppArmor support:
1966 - d/apparmor-profile: add AppArmor profile
1967 - d/rules: use dh_apparmor
1968 - d/control: Build-Depends on dh-apparmor
1969 - d/slapd.README.Debian: add note about AppArmor
1970 - d/slapd.dirs: add etc/apparmor.d/force-complain
1971 - Enable GSSAPI support:
1972 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1973 - Add --with-gssapi support
1974 - Make guess_service_principal() more robust when determining
1975 principal
1976 - d/configure.options: Configure with --with-gssapi
1977 - d/control: Added libkrb5-dev as a build depend
1978 - Enable ufw support:
1979 - d/control: suggest ufw.
1980 - d/rules: install ufw profile.
1981 - d/slapd.ufw.profile: add ufw profile.
1982 - Enable nss overlay:
1983 - d/{patches/nssov-build,/rules}: Apply, build and package the
1984 nss overlay.
1985 - d/{rules,slapd.py}: Add apport hook.
1986 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1987 either the default DIT nor via an Authn mapping.
1988 - d/slapd.scripts-common:
1989 - add slapcat_opts to local variables.
1990 - Remove unused variable new_conf.
1991 - Fix backup directory naming for multiple reconfiguration.
1992 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1993 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1994 in the openldap library, as required by Likewise-Open
1995 - d/{control,rules}: enable PIE hardening
1996
1997 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 30 May 2013 13:03:25 -0400
1998
1999openldap (2.4.31-1+nmu2) unstable; urgency=high
2000
2001 * Non-maintainer upload.
2002 * No-change rebuild in a clean environment
2003
2004 -- Jonathan Wiltshire <jmw@debian.org> Tue, 23 Apr 2013 13:10:00 +0100
2005
2006openldap (2.4.31-1+nmu1) unstable; urgency=medium
2007
2008 * Non-maintainer upload.
2009 * Avoid deadlocks in back-bdb that truncate slapcat output (closes: #673038).
2010
2011 -- Michael Gilbert <mgilbert@debian.org> Tue, 16 Apr 2013 03:35:31 +0000
2012
2013openldap (2.4.31-1ubuntu2) quantal-proposed; urgency=low
2014
2015 * debian/slapd.py: Add AppArmor info and logs to apport hook.
2016
2017 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 20 Aug 2012 08:46:02 -0400
2018
2019openldap (2.4.31-1ubuntu1) quantal; urgency=low
2020
2021 * Merge from Debian unstable. Remaining changes:
2022 - Enable AppArmor support:
2023 - d/apparmor-profile: add AppArmor profile
2024 - d/rules: use dh_apparmor
2025 - d/control: Build-Depends on dh-apparmor
2026 - d/slapd.README.Debian: add note about AppArmor
2027 - d/slapd.dirs: add etc/apparmor.d/force-complain
2028 - Enable GSSAPI support (LP: #495418):
2029 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
2030 - Add --with-gssapi support
2031 - Make guess_service_principal() more robust when determining
2032 principal
2033 - d/configure.options: Configure with --with-gssapi
2034 - d/control: Added libkrb5-dev as a build depend
2035 - Enable ufw support (LP: #423246):
2036 - d/control: suggest ufw.
2037 - d/rules: install ufw profile.
2038 - d/slapd.ufw.profile: add ufw profile.
2039 - Enable nss overlay (LP: #675391):
2040 - d/{patches/nssov-build,/rules}: Apply, build and package the
2041 nss overlay.
2042 - d/{rules,slapd.py}: Add apport hook. (LP: #610544)
2043 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
2044 either the default DIT nor via an Authn mapping.
2045 - d/slapd.scripts-common:
2046 - add slapcat_opts to local variables.
2047 - Remove unused variable new_conf.
2048 - Fix backup directory naming for multiple reconfiguration.
2049 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
2050 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
2051 in the openldap library, as required by Likewise-Open (LP: #390579)
2052 - d/{control,rules}: enable PIE hardening
2053 * Dropped changes:
2054 - d/patches/its-7107-fix-Operation-init-on-reuse.diff: Included in upstream release.
2055 - d/patches/CVE-2011-4079: Included in upstream release.
2056 - d/patches/service-operational-before-detach: Included in upstream release.
2057 - d/schema/extra/misc.ldif: Included upstream.
2058 - d/{rules,schema/extra}: Fix configure and clean rules to support
2059 extra schemas shipped as part of the debian/schema/ directory; no longer required.
2060 - Included in Debian:
2061 + Document cn=config in README file.
2062 + Install a default DIT; actually a minimal configuration.
2063 + d/patches/heimdal-fix.
2064 * General tidy of d/patches to remove obsolete patches being held in Ubuntu delta.
2065
2066 -- James Page <james.page@ubuntu.com> Fri, 20 Jul 2012 13:48:32 +0100
2067
729openldap (2.4.31-1) unstable; urgency=low2068openldap (2.4.31-1) unstable; urgency=low
7302069
731 * New upstream release.2070 * New upstream release.
@@ -752,6 +2091,121 @@ openldap (2.4.31-1) unstable; urgency=low
7522091
753 -- Steve Langasek <vorlon@debian.org> Wed, 27 Jun 2012 03:27:34 +00002092 -- Steve Langasek <vorlon@debian.org> Wed, 27 Jun 2012 03:27:34 +0000
7542093
2094openldap (2.4.28-1.1ubuntu6) quantal; urgency=low
2095
2096 * Fix issue with intermittent connection issues when using LDAPv3
2097 protocol (LP: #1023025):
2098 - d/patches/its-7107-fix-Operation-init-on-reuse.diff: Cherry picked
2099 patch from upstream VCS which ensures objects are initialized before
2100 re-use.
2101
2102 -- Pierre Fersing <pfersing@sierrawireless.com> Thu, 19 Jul 2012 14:05:09 +0100
2103
2104openldap (2.4.28-1.1ubuntu5) quantal; urgency=low
2105
2106 * debian/rules: Add smbk5pwd build.
2107 * debian/control: Add slapd-smbk5pwd binary package.
2108 * debian/patches/heimdal-fix: adapt parameters of
2109 hdb_generate_key_set_password() to heimdal 1.6~git20120311
2110 (patch from Debian #664930).
2111
2112 -- Jorge Salamero Sanz <bencer@debian.org> Wed, 18 Jul 2012 09:30:28 -0400
2113
2114openldap (2.4.28-1.1ubuntu4) precise; urgency=low
2115
2116 * debian/control: Build-Depends on dh-apparmor (LP: #948481)
2117
2118 -- Jamie Strandboge <jamie@ubuntu.com> Thu, 05 Apr 2012 09:34:37 -0500
2119
2120openldap (2.4.28-1.1ubuntu3) precise; urgency=low
2121
2122 * Add its-7176-only-poll-sockets-for-write-as-needed.diff
2123 (LP: #932823).
2124
2125 -- Timo Aaltonen <tjaalton@ubuntu.com> Tue, 21 Feb 2012 15:36:29 +0200
2126
2127openldap (2.4.28-1.1ubuntu2) precise; urgency=low
2128
2129 * Remove debian/patches/CVE-2011-4079; it's already in this upstream
2130 version. Fixes FTBFS.
2131
2132 -- Daniel T Chen <crimsun@ubuntu.com> Wed, 25 Jan 2012 17:26:17 -0500
2133
2134openldap (2.4.28-1.1ubuntu1) precise; urgency=low
2135
2136 * Merge from Debian testing. Remaining changes:
2137 - Install a default DIT (LP: #442498).
2138 - Document cn=config in README file (LP: #370784).
2139 - remaining changes:
2140 + AppArmor support:
2141 - debian/apparmor-profile: add AppArmor profile
2142 - use dh_apparmor:
2143 - debian/rules: use dh_apparmor
2144 - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
2145 - updated debian/slapd.README.Debian for note on AppArmor
2146 - debian/slapd.dirs: add etc/apparmor.d/force-complain
2147 + Enable GSSAPI support (LP: #495418):
2148 - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
2149 - Add --with-gssapi support
2150 - Make guess_service_principal() more robust when determining
2151 principal
2152 - debian/patches/series: apply gssapi.diff patch.
2153 - debian/configure.options: Configure with --with-gssapi
2154 - debian/control: Added libkrb5-dev as a build depend
2155 + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
2156 in the openldap library, as required by Likewise-Open (LP: #390579)
2157 + Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
2158 - debian/control:
2159 - remove build-dependency on heimdal-dev.
2160 - remove slapd-smbk5pwd binary package.
2161 - debian/rules: don't build smbk5pwd slapd module.
2162 + debian/{control,rules}: enable PIE hardening
2163 + ufw support (LP: #423246):
2164 - debian/control: suggest ufw.
2165 - debian/rules: install ufw profile.
2166 - debian/slapd.ufw.profile: add ufw profile.
2167 + Enable nssoverlay:
2168 - debian/patches/nssov-build, debian/series, debian/rules:
2169 Apply, build and package the nss overlay.
2170 - debian/schema/extra/misc.ldif: add ldif file for the misc schema
2171 which defines rfc822MailMember (required by the nss overlay).
2172 + debian/rules, debian/schema/extra/:
2173 Fix configure rule to supports extra schemas shipped as part
2174 of the debian/schema/ directory.
2175 + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
2176 + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
2177 neither the default DIT nor via an Authn mapping.
2178 + debian/slapd.scripts-common: adjust minimum version that triggers a
2179 database upgrade. Upgrade from maverick shouldn't trigger database
2180 upgrade (which would happen with the version used in Debian).
2181 + debian/slapd.scripts-common: add slapcat_opts to local variables.
2182 Remove unused variable new_conf.
2183 + debian/slapd.script-common: Fix package reconfiguration.
2184 - Fix backup directory naming for multiple reconfiguration.
2185 + debian/slapd.default, debian/slapd.README.Debian:
2186 use the new configuration style.
2187 + Install nss overlay (LP: #675391):
2188 - debian/rules: run install target for nssov module.
2189 - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema
2190 + debian/patches/gssapi.diff:
2191 - Update patch so that likewise-open is usuable again. (LP: #661547)
2192 + debian/patches/service-operational-before-detach: New patch replacing old one
2193 of the same name as previous could cause database corruption based on upstream commits.
2194 (LP: #727973)
2195 + debian/patches/CVE-2011-4079: fix off by one error in postalAddressNormalize()
2196 (CVE-2011-4079)
2197
2198
2199 -- Chuck Short <zulcss@ubuntu.com> Mon, 23 Jan 2012 10:01:13 -0500
2200
2201openldap (2.4.28-1.1) unstable; urgency=low
2202
2203 * Non-maintainer upload.
2204 * Disable the mdb backend on non-Linux, it looks like it doesn't work with
2205 linuxthreads (closes: #654824).
2206
2207 -- Julien Cristau <jcristau@debian.org> Mon, 16 Jan 2012 19:45:42 +0100
2208
755openldap (2.4.28-1) unstable; urgency=low2209openldap (2.4.28-1) unstable; urgency=low
7562210
757 * New upstream release.2211 * New upstream release.
@@ -779,6 +2233,72 @@ openldap (2.4.28-1) unstable; urgency=low
7792233
780 -- Steve Langasek <vorlon@debian.org> Thu, 05 Jan 2012 06:07:11 +00002234 -- Steve Langasek <vorlon@debian.org> Thu, 05 Jan 2012 06:07:11 +0000
7812235
2236openldap (2.4.25-4ubuntu1) precise; urgency=low
2237
2238 * Merge from Debian testing. Remaining changes:
2239 - Install a default DIT (LP: #442498).
2240 - Document cn=config in README file (LP: #370784).
2241 - remaining changes:
2242 + AppArmor support:
2243 - debian/apparmor-profile: add AppArmor profile
2244 - use dh_apparmor:
2245 - debian/rules: use dh_apparmor
2246 - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
2247 - updated debian/slapd.README.Debian for note on AppArmor
2248 - debian/slapd.dirs: add etc/apparmor.d/force-complain
2249 + Enable GSSAPI support (LP: #495418):
2250 - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
2251 - Add --with-gssapi support
2252 - Make guess_service_principal() more robust when determining
2253 principal
2254 - debian/patches/series: apply gssapi.diff patch.
2255 - debian/configure.options: Configure with --with-gssapi
2256 - debian/control: Added libkrb5-dev as a build depend
2257 + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
2258 in the openldap library, as required by Likewise-Open (LP: #390579)
2259 + Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
2260 - debian/control:
2261 - remove build-dependency on heimdal-dev.
2262 - remove slapd-smbk5pwd binary package.
2263 - debian/rules: don't build smbk5pwd slapd module.
2264 + debian/{control,rules}: enable PIE hardening
2265 + ufw support (LP: #423246):
2266 - debian/control: suggest ufw.
2267 - debian/rules: install ufw profile.
2268 - debian/slapd.ufw.profile: add ufw profile.
2269 + Enable nssoverlay:
2270 - debian/patches/nssov-build, debian/series, debian/rules:
2271 Apply, build and package the nss overlay.
2272 - debian/schema/extra/misc.ldif: add ldif file for the misc schema
2273 which defines rfc822MailMember (required by the nss overlay).
2274 + debian/rules, debian/schema/extra/:
2275 Fix configure rule to supports extra schemas shipped as part
2276 of the debian/schema/ directory.
2277 + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
2278 + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
2279 neither the default DIT nor via an Authn mapping.
2280 + debian/slapd.scripts-common: adjust minimum version that triggers a
2281 database upgrade. Upgrade from maverick shouldn't trigger database
2282 upgrade (which would happen with the version used in Debian).
2283 + debian/slapd.scripts-common: add slapcat_opts to local variables.
2284 Remove unused variable new_conf.
2285 + debian/slapd.script-common: Fix package reconfiguration.
2286 - Fix backup directory naming for multiple reconfiguration.
2287 + debian/slapd.default, debian/slapd.README.Debian:
2288 use the new configuration style.
2289 + Install nss overlay (LP: #675391):
2290 - debian/rules: run install target for nssov module.
2291 - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema
2292 + debian/patches/gssapi.diff:
2293 - Update patch so that likewise-open is usuable again. (LP: #661547)
2294 + debian/patches/service-operational-before-detach: New patch replacing old one
2295 of the same name as previous could cause database corruption based on upstream commits.
2296 (LP: #727973)
2297 + debian/patches/CVE-2011-4079: fix off by one error in postalAddressNormalize()
2298 (CVE-2011-4079)
2299
2300 -- Chuck Short <zulcss@ubuntu.com> Tue, 22 Nov 2011 06:17:49 +0000
2301
782openldap (2.4.25-4) unstable; urgency=low2302openldap (2.4.25-4) unstable; urgency=low
7832303
784 * Drop explicit depends on libdb4.8, since we're now linking against2304 * Drop explicit depends on libdb4.8, since we're now linking against
@@ -812,6 +2332,85 @@ openldap (2.4.25-4) unstable; urgency=low
8122332
813 -- Steve Langasek <vorlon@debian.org> Tue, 18 Oct 2011 01:08:34 +00002333 -- Steve Langasek <vorlon@debian.org> Tue, 18 Oct 2011 01:08:34 +0000
8142334
2335openldap (2.4.25-3ubuntu3) precise; urgency=low
2336
2337 * Rebuild for Perl 5.14.
2338
2339 -- Colin Watson <cjwatson@ubuntu.com> Tue, 15 Nov 2011 20:50:09 +0000
2340
2341openldap (2.4.25-3ubuntu2) precise; urgency=low
2342
2343 * SECURITY UPDATE: potential denial of service (LP: #884163)
2344 - debian/patches/CVE-2011-4079: fix off by one error in
2345 postalAddressNormalize()
2346 - CVE-2011-4079
2347
2348 -- Jamie Strandboge <jamie@ubuntu.com> Mon, 14 Nov 2011 13:59:56 -0600
2349
2350openldap (2.4.25-3ubuntu1) precise; urgency=low
2351
2352 * Merge from debian unstable. Remaining changes:
2353 - Install a default DIT (LP: #442498).
2354 - Document cn=config in README file (LP: #370784).
2355 - remaining changes:
2356 + AppArmor support:
2357 - debian/apparmor-profile: add AppArmor profile
2358 - use dh_apparmor:
2359 - debian/rules: use dh_apparmor
2360 - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
2361 - updated debian/slapd.README.Debian for note on AppArmor
2362 - debian/slapd.dirs: add etc/apparmor.d/force-complain
2363 + Enable GSSAPI support (LP: #495418):
2364 - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
2365 - Add --with-gssapi support
2366 - Make guess_service_principal() more robust when determining
2367 principal
2368 - debian/patches/series: apply gssapi.diff patch.
2369 - debian/configure.options: Configure with --with-gssapi
2370 - debian/control: Added libkrb5-dev as a build depend
2371 + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
2372 in the openldap library, as required by Likewise-Open (LP: #390579)
2373 + Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
2374 - debian/control:
2375 - remove build-dependency on heimdal-dev.
2376 - remove slapd-smbk5pwd binary package.
2377 - debian/rules: don't build smbk5pwd slapd module.
2378 + debian/{control,rules}: enable PIE hardening
2379 + ufw support (LP: #423246):
2380 - debian/control: suggest ufw.
2381 - debian/rules: install ufw profile.
2382 - debian/slapd.ufw.profile: add ufw profile.
2383 + Enable nssoverlay:
2384 - debian/patches/nssov-build, debian/series, debian/rules:
2385 Apply, build and package the nss overlay.
2386 - debian/schema/extra/misc.ldif: add ldif file for the misc schema
2387 which defines rfc822MailMember (required by the nss overlay).
2388 + debian/rules, debian/schema/extra/:
2389 Fix configure rule to supports extra schemas shipped as part
2390 of the debian/schema/ directory.
2391 + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
2392 + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
2393 neither the default DIT nor via an Authn mapping.
2394 + debian/slapd.scripts-common: adjust minimum version that triggers a
2395 database upgrade. Upgrade from maverick shouldn't trigger database
2396 upgrade (which would happen with the version used in Debian).
2397 + debian/slapd.scripts-common: add slapcat_opts to local variables.
2398 Remove unused variable new_conf.
2399 + debian/slapd.script-common: Fix package reconfiguration.
2400 - Fix backup directory naming for multiple reconfiguration.
2401 + debian/slapd.default, debian/slapd.README.Debian:
2402 use the new configuration style.
2403 + Install nss overlay (LP: #675391):
2404 - debian/rules: run install target for nssov module.
2405 - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema
2406 + debian/patches/gssapi.diff:
2407 - Update patch so that likewise-open is usuable again. (LP: #661547)
2408 + debian/patches/service-operational-before-detach: New patch replacing old one
2409 of the same name as previous could cause database corruption based on upstream commits.
2410 (LP: #727973)
2411
2412 -- Chuck Short <zulcss@ubuntu.com> Wed, 19 Oct 2011 20:53:08 +0000
2413
815openldap (2.4.25-3) unstable; urgency=low2414openldap (2.4.25-3) unstable; urgency=low
8162415
817 * Brown paper bag: really fix the .links.in handling, so we don't generate2416 * Brown paper bag: really fix the .links.in handling, so we don't generate
@@ -834,6 +2433,92 @@ openldap (2.4.25-2) unstable; urgency=low
8342433
835 -- Steve Langasek <vorlon@debian.org> Sun, 14 Aug 2011 23:17:09 -07002434 -- Steve Langasek <vorlon@debian.org> Sun, 14 Aug 2011 23:17:09 -0700
8362435
2436openldap (2.4.25-1.1ubuntu4) oneiric; urgency=low
2437
2438 * Brown paper bag: really fix the .links.in handling, so we don't generate
2439 broken /usr/lib/${DEB_HOST_MULTIARCH} dirs.
2440
2441 -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 15 Aug 2011 09:43:29 +0000
2442
2443openldap (2.4.25-1.1ubuntu3) oneiric; urgency=low
2444
2445 * Cherry-pick multiarch support from Debian (LP: #826601):
2446 - Bump to compat level 7, so we don't have to spell out debian/tmp in
2447 every single .install file
2448 - Build for multiarch.
2449
2450 -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 15 Aug 2011 02:23:43 -0700
2451
2452openldap (2.4.25-1.1ubuntu2) oneiric; urgency=low
2453
2454 * debian/apparmor-profile: Allow /var/run and /run. (LP: #810270)
2455
2456 -- Martin Pitt <martin.pitt@ubuntu.com> Thu, 14 Jul 2011 15:18:02 +0200
2457
2458openldap (2.4.25-1.1ubuntu1) oneiric; urgency=low
2459
2460 * Merge from debian unstable. Remaining changes:
2461 - Install a default DIT (LP: #442498).
2462 - Document cn=config in README file (LP: #370784).
2463 - remaining changes:
2464 + AppArmor support:
2465 - debian/apparmor-profile: add AppArmor profile
2466 - use dh_apparmor:
2467 - debian/rules: use dh_apparmor
2468 - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
2469 - updated debian/slapd.README.Debian for note on AppArmor
2470 - debian/slapd.dirs: add etc/apparmor.d/force-complain
2471 + Enable GSSAPI support (LP: #495418):
2472 - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
2473 - Add --with-gssapi support
2474 - Make guess_service_principal() more robust when determining
2475 principal
2476 - debian/patches/series: apply gssapi.diff patch.
2477 - debian/configure.options: Configure with --with-gssapi
2478 - debian/control: Added libkrb5-dev as a build depend
2479 + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
2480 in the openldap library, as required by Likewise-Open (LP: #390579)
2481 + Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
2482 - debian/control:
2483 - remove build-dependency on heimdal-dev.
2484 - remove slapd-smbk5pwd binary package.
2485 - debian/rules: don't build smbk5pwd slapd module.
2486 + debian/{control,rules}: enable PIE hardening
2487 + ufw support (LP: #423246):
2488 - debian/control: suggest ufw.
2489 - debian/rules: install ufw profile.
2490 - debian/slapd.ufw.profile: add ufw profile.
2491 + Enable nssoverlay:
2492 - debian/patches/nssov-build, debian/series, debian/rules:
2493 Apply, build and package the nss overlay.
2494 - debian/schema/extra/misc.ldif: add ldif file for the misc schema
2495 which defines rfc822MailMember (required by the nss overlay).
2496 + debian/rules, debian/schema/extra/:
2497 Fix configure rule to supports extra schemas shipped as part
2498 of the debian/schema/ directory.
2499 + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
2500 + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
2501 neither the default DIT nor via an Authn mapping.
2502 + debian/slapd.scripts-common: adjust minimum version that triggers a
2503 database upgrade. Upgrade from maverick shouldn't trigger database
2504 upgrade (which would happen with the version used in Debian).
2505 + debian/slapd.scripts-common: add slapcat_opts to local variables.
2506 Remove unused variable new_conf.
2507 + debian/slapd.script-common: Fix package reconfiguration.
2508 - Fix backup directory naming for multiple reconfiguration.
2509 + debian/slapd.default, debian/slapd.README.Debian:
2510 use the new configuration style.
2511 + Install nss overlay (LP: #675391):
2512 - debian/rules: run install target for nssov module.
2513 - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema
2514 + debian/patches/gssapi.diff:
2515 - Update patch so that likewise-open is usuable again. (LP: #661547)
2516 + debian/patches/service-operational-before-detach: New patch replacing old one
2517 of the same name as previous could cause database corruption based on upstream commits.
2518 (LP: #727973)
2519
2520 -- Chuck Short <zulcss@ubuntu.com> Sun, 05 Jun 2011 17:38:40 +0100
2521
837openldap (2.4.25-1.1) unstable; urgency=low2522openldap (2.4.25-1.1) unstable; urgency=low
8382523
839 * Non-maintainer upload to fix RC bug.2524 * Non-maintainer upload to fix RC bug.
@@ -841,6 +2526,75 @@ openldap (2.4.25-1.1) unstable; urgency=low
8412526
842 -- Thijs Kinkhorst <thijs@debian.org> Tue, 31 May 2011 11:57:29 +02002527 -- Thijs Kinkhorst <thijs@debian.org> Tue, 31 May 2011 11:57:29 +0200
8432528
2529openldap (2.4.25-1ubuntu1) oneiric; urgency=low
2530
2531 * Merge from debian unstable. Remaining changes:
2532 - Install a default DIT (LP: #442498).
2533 - Document cn=config in README file (LP: #370784).
2534 - remaining changes:
2535 + AppArmor support:
2536 - debian/apparmor-profile: add AppArmor profile
2537 - use dh_apparmor:
2538 - debian/rules: use dh_apparmor
2539 - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
2540 - updated debian/slapd.README.Debian for note on AppArmor
2541 - debian/slapd.dirs: add etc/apparmor.d/force-complain
2542 + Enable GSSAPI support (LP: #495418):
2543 - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
2544 - Add --with-gssapi support
2545 - Make guess_service_principal() more robust when determining
2546 principal
2547 - debian/patches/series: apply gssapi.diff patch.
2548 - debian/configure.options: Configure with --with-gssapi
2549 - debian/control: Added libkrb5-dev as a build depend
2550 + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
2551 in the openldap library, as required by Likewise-Open (LP: #390579)
2552 + Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
2553 - debian/control:
2554 - remove build-dependency on heimdal-dev.
2555 - remove slapd-smbk5pwd binary package.
2556 - debian/rules: don't build smbk5pwd slapd module.
2557 + debian/{control,rules}: enable PIE hardening
2558 + ufw support (LP: #423246):
2559 - debian/control: suggest ufw.
2560 - debian/rules: install ufw profile.
2561 - debian/slapd.ufw.profile: add ufw profile.
2562 + Enable nssoverlay:
2563 - debian/patches/nssov-build, debian/series, debian/rules:
2564 Apply, build and package the nss overlay.
2565 - debian/schema/extra/misc.ldif: add ldif file for the misc schema
2566 which defines rfc822MailMember (required by the nss overlay).
2567 + debian/rules, debian/schema/extra/:
2568 Fix configure rule to supports extra schemas shipped as part
2569 of the debian/schema/ directory.
2570 + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
2571 + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
2572 neither the default DIT nor via an Authn mapping.
2573 + debian/slapd.scripts-common: adjust minimum version that triggers a
2574 database upgrade. Upgrade from maverick shouldn't trigger database
2575 upgrade (which would happen with the version used in Debian).
2576 + debian/slapd.scripts-common: add slapcat_opts to local variables.
2577 Remove unused variable new_conf.
2578 + debian/slapd.script-common: Fix package reconfiguration.
2579 - Fix backup directory naming for multiple reconfiguration.
2580 + debian/slapd.default, debian/slapd.README.Debian:
2581 use the new configuration style.
2582 + Install nss overlay (LP: #675391):
2583 - debian/rules: run install target for nssov module.
2584 - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema
2585 + debian/patches/gssapi.diff:
2586 - Update patch so that likewise-open is usuable again. (LP: #661547)
2587 + debian/patches/service-operational-before-detach: New patch replacing old one
2588 of the same name as previous could cause database corruption based on upstream commits.
2589 (LP: #727973)
2590 + Dropped:
2591 - debian/patches/gold: Use the debian version instead
2592 - debian/patches/CVE-2011-1024: Fixed upstream
2593 - debian/patches/CVE-2011-1025: Fixed upstream
2594 - debian/patches/CVE-2011-1081: Fixed upstream
2595
2596 -- Chuck Short <zulcss@ubuntu.com> Sun, 08 May 2011 16:34:09 +0100
2597
844openldap (2.4.25-1) unstable; urgency=low2598openldap (2.4.25-1) unstable; urgency=low
8452599
846 * New upstream version (Closes: #617606, #618904, #606815, #608813)2600 * New upstream version (Closes: #617606, #618904, #606815, #608813)
@@ -872,6 +2626,116 @@ openldap (2.4.23-7) unstable; urgency=low
8722626
873 -- Matthijs Mohlmann <matthijs@cacholong.nl> Sat, 06 Nov 2010 12:13:01 +01002627 -- Matthijs Mohlmann <matthijs@cacholong.nl> Sat, 06 Nov 2010 12:13:01 +0100
8742628
2629openldap (2.4.23-6ubuntu7) oneiric; urgency=low
2630
2631 * Rebuild for Perl 5.12.
2632
2633 -- Colin Watson <cjwatson@ubuntu.com> Sun, 08 May 2011 13:40:28 +0100
2634
2635openldap (2.4.23-6ubuntu6) natty; urgency=low
2636
2637 * SECURITY UPDATE: fix successful anonymous bind via chain overlay when
2638 using forwarded authentication failures
2639 - debian/patches/CVE-2011-1024
2640 - CVE-2011-1024
2641 * SECURITY UPDATE: verify password when authenticating to rootdn and using ndb
2642 backend. Note: Ubuntu is not compiled with --enable-ndb by default
2643 - debian/patches/CVE-2011-1025
2644 - CVE-2011-1025
2645 * SECURITY UPDATE: fix DoS when processing unauthenticated modrdn requests
2646 and requestDN is empty
2647 - debian/patches/CVE-2011-1081
2648 - CVE-2011-1081
2649 - LP: #742104
2650
2651 -- Jamie Strandboge <jamie@ubuntu.com> Thu, 07 Apr 2011 11:36:53 -0500
2652
2653openldap (2.4.23-6ubuntu5) natty; urgency=low
2654
2655 * debian/patches/service-operational-before-detach: New patch replacing
2656 old one of same name as previous could cause database corruption,
2657 based on upstream commits. (LP: #727973)
2658
2659 -- Dave Walker (Daviey) <DaveWalker@ubuntu.com> Wed, 02 Mar 2011 20:33:08 +0000
2660
2661openldap (2.4.23-6ubuntu4) natty; urgency=low
2662
2663 * Fix FTBFS with ld.gold.
2664
2665 -- Matthias Klose <doko@ubuntu.com> Wed, 19 Jan 2011 07:39:49 +0100
2666
2667openldap (2.4.23-6ubuntu3) natty; urgency=low
2668
2669 * debian/patches/gssapi.diff:
2670 Update patch so that likewise-open is usable again (LP: #661547)
2671
2672 -- Thierry Carrez (ttx) <thierry.carrez@ubuntu.com> Fri, 26 Nov 2010 15:50:11 +0100
2673
2674openldap (2.4.23-6ubuntu2) natty; urgency=low
2675
2676 * Install nss overlay (LP: #675391):
2677 - debian/rules: run install target for nssov module.
2678 - debian/patches/nssov-build: fix patch to install schema in
2679 /etc/ldap/schema.
2680
2681 -- Mathias Gug <mathiaz@ubuntu.com> Wed, 17 Nov 2010 18:16:42 -0500
2682
2683openldap (2.4.23-6ubuntu1) natty; urgency=low
2684
2685 * Merge from Debian unstable:
2686 - Install a default DIT (LP: #442498).
2687 - Document cn=config in README file (LP: #370784).
2688 - remaining changes:
2689 + AppArmor support:
2690 - debian/apparmor-profile: add AppArmor profile
2691 - use dh_apparmor:
2692 - debian/rules: use dh_apparmor
2693 - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
2694 - updated debian/slapd.README.Debian for note on AppArmor
2695 - debian/slapd.dirs: add etc/apparmor.d/force-complain
2696 + Enable GSSAPI support (LP: #495418):
2697 - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
2698 - Add --with-gssapi support
2699 - Make guess_service_principal() more robust when determining
2700 principal
2701 - debian/patches/series: apply gssapi.diff patch.
2702 - debian/configure.options: Configure with --with-gssapi
2703 - debian/control: Added libkrb5-dev as a build depend
2704 + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
2705 in the openldap library, as required by Likewise-Open (LP: #390579)
2706 + Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
2707 - debian/control:
2708 - remove build-dependency on heimdal-dev.
2709 - remove slapd-smbk5pwd binary package.
2710 - debian/rules: don't build smbk5pwd slapd module.
2711 + debian/{control,rules}: enable PIE hardening
2712 + ufw support (LP: #423246):
2713 - debian/control: suggest ufw.
2714 - debian/rules: install ufw profile.
2715 - debian/slapd.ufw.profile: add ufw profile.
2716 + Enable nssoverlay:
2717 - debian/patches/nssov-build, debian/series, debian/rules:
2718 Apply, build and package the nss overlay.
2719 - debian/schema/extra/misc.ldif: add ldif file for the misc schema
2720 which defines rfc822MailMember (required by the nss overlay).
2721 + debian/rules, debian/schema/extra/:
2722 Fix configure rule to supports extra schemas shipped as part
2723 of the debian/schema/ directory.
2724 + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
2725 + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
2726 neither the default DIT nor via an Authn mapping.
2727 + debian/slapd.scripts-common: adjust minimum version that triggers a
2728 database upgrade. Upgrade from maverick shouldn't trigger database
2729 upgrade (which would happen with the version used in Debian).
2730 + debian/slapd.scripts-common: add slapcat_opts to local variables.
2731 Remove unused variable new_conf.
2732 + debian/slapd.script-common: Fix package reconfiguration.
2733 - Fix backup directory naming for multiple reconfiguration.
2734 + debian/slapd.default, debian/slapd.README.Debian:
2735 use the new configuration style.
2736
2737 -- Mathias Gug <mathiaz@ubuntu.com> Fri, 12 Nov 2010 15:19:07 -0500
2738
875openldap (2.4.23-6) unstable; urgency=high2739openldap (2.4.23-6) unstable; urgency=high
8762740
877 * Check for an empty directory to prevent an rm -f /*. (Closes: #597704)2741 * Check for an empty directory to prevent an rm -f /*. (Closes: #597704)
@@ -994,6 +2858,80 @@ openldap (2.4.23-1) unstable; urgency=low
9942858
995 -- Matthijs Mohlmann <matthijs@cacholong.nl> Mon, 12 Jul 2010 13:25:00 +02002859 -- Matthijs Mohlmann <matthijs@cacholong.nl> Mon, 12 Jul 2010 13:25:00 +0200
9962860
2861openldap (2.4.23-0ubuntu4) natty; urgency=low
2862
2863 * debian/slapd.templates: amended typo in slapd/move_old_database
2864 (LP: #666028)
2865
2866 -- James Page <james.page@canonical.com> Mon, 08 Nov 2010 10:00:58 +0000
2867
2868openldap (2.4.23-0ubuntu3.2) maverick-proposed; urgency=low
2869
2870 * debian/slapd.templates: re-add slapd/move_old_database template as it's
2871 used during the package upgrade. Thanks to James Page for pointing it.
2872 * debian/slapd.config: restore debconf question slapd/move_old_database.
2873
2874 -- Mathias Gug <mathiaz@ubuntu.com> Thu, 14 Oct 2010 16:56:38 -0400
2875
2876openldap (2.4.23-0ubuntu3.1) maverick-proposed; urgency=low
2877
2878 [ James Page ]
2879 * Fixed install/upgrade process to dump/restore databases due
2880 to uplift to libdb4.8-dev (LP: #658227)
2881
2882 -- Mathias Gug <mathiaz@ubuntu.com> Thu, 14 Oct 2010 14:50:49 -0400
2883
2884openldap (2.4.23-0ubuntu3) maverick; urgency=low
2885
2886 * debian/rules: move dh_apparmor before dh_installinit
2887
2888 -- Jamie Strandboge <jamie@ubuntu.com> Fri, 06 Aug 2010 17:34:21 -0500
2889
2890openldap (2.4.23-0ubuntu2) maverick; urgency=low
2891
2892 * convert to using dh_apparmor:
2893 - debian/rules, debian/slapd.post{inst,rm}: use dh_apparmor
2894 - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
2895 * debian/apparmor-profile: use local include
2896
2897 -- Jamie Strandboge <jamie@ubuntu.com> Fri, 06 Aug 2010 15:08:55 -0500
2898
2899openldap (2.4.23-0ubuntu1) maverick; urgency=low
2900
2901 * New release, features include:
2902 + Fixed libldap to return server's error code (ITS#6569)
2903 + Fixed libldap memleaks (ITS#6568)
2904 + Fixed liblutil off-by-one with delta (ITS#6541)
2905 + Fixed slapd acls with glued databases (ITS#6468)
2906 + Fixed slapd syncrepl rid logging (ITS#6533)
2907 + Fixed slapd modrdn handling of invalid values (ITS#6570)
2908 + Fixed slapd-bdb hasSubordinates computation (ITS#6549)
2909 + Fixed slapd-bdb to use memcpy instead for strcpy (ITS#6474)
2910 + Fixed slapd-bdb entry cache delete failure (ITS#6577)
2911 + Fixed slapd-ldap to return control responses (ITS#6530)
2912 + Fixed slapo-ppolicy to use Debug (ITS#6566)
2913 + Fixed slapo-refint to zero out freed DN vals (ITS#6572)
2914 + Fixed slapo-rwm to use Debug (ITS#6566)
2915 + Fixed slapo-sssvlv to use Debug (ITS#6566)
2916 + Fixed slapo-syncprov lost deletes in refresh phase (ITS#6555)
2917 + Fixed slapo-valsort to use Debug (ITS#6566)
2918 + Fixed contrib/nssov network.c missing patch (ITS#6562)
2919 + Fixed test043 attribute sorting (ITS#6553)
2920 + slapd-config(5) note default rootdn (ITS#6546)
2921 * Rebased patches debian/patches/dropped nssov-build
2922 * Resynchronize with Debian:
2923 + debian/control:
2924 - Bump standards-version to 3.9.0
2925 - Use libdb4.8-dev (LP: #572489)
2926 + Added debian/patches/issue-6534-patch
2927 + Added debian/patches/ldap-conf-tls-cacertdir
2928 * Add ufw support, thanks to PatRiehecky (LP: #423246)
2929
2930 [Adam Sommer]
2931 * debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
2932
2933 -- Chuck Short <zulcss@ubuntu.com> Wed, 28 Jul 2010 11:35:16 -0400
2934
997openldap (2.4.21-1) unstable; urgency=low2935openldap (2.4.21-1) unstable; urgency=low
9982936
999 [ Steve Langasek ]2937 [ Steve Langasek ]
@@ -1025,6 +2963,79 @@ openldap (2.4.21-1) unstable; urgency=low
10252963
1026 -- Matthijs Mohlmann <matthijs@cacholong.nl> Thu, 22 Apr 2010 23:40:30 +02002964 -- Matthijs Mohlmann <matthijs@cacholong.nl> Thu, 22 Apr 2010 23:40:30 +0200
10272965
2966openldap (2.4.21-0ubuntu5) lucid; urgency=low
2967
2968 * Fix local root connection access: replace olcAuthzRegexp mapping to
2969 cn=localroot,cn=config with using the SASL dn directly in olcAccess.
2970 Makes upgrades much simpler and robust (LP: #563829).
2971
2972 -- Mathias Gug <mathiaz@ubuntu.com> Fri, 23 Apr 2010 00:23:31 -0400
2973
2974openldap (2.4.21-0ubuntu4) lucid; urgency=low
2975
2976 [ Simon Olofsson ]
2977 * debian/slapd.postinst:
2978 - Show a message after successful migration (LP: #538848)
2979
2980 [ Jorgen Rosink ]
2981 * debian/slapd.init: add simple status checking with LSB compatible exit
2982 codes (LP: #562377)
2983 * debian/slapd.init.ldif:
2984 - remove admin user in default config database (LP: #556176)
2985 - in default config, add olcAccess entries giving access to controls
2986 available and cn=subschema (LP: #427842)
2987
2988 [ Scott Moser ]
2989 * debian/slapd.scripts-common: Do not create /nonexistent directory
2990 for openldap user's home (LP: #556176)
2991 * debian/slapd.postinst: fix cn=config olcAccess migration (LP: #559070)
2992
2993 -- Scott Moser <smoser@ubuntu.com> Mon, 12 Apr 2010 16:16:47 -0400
2994
2995openldap (2.4.21-0ubuntu3) lucid; urgency=low
2996
2997 * debian/slapd.postinst, debian/slapd.scripts-common: Upgrade databases
2998 before trying to convert to slapd.d, to avoid upgrade failure from hardy
2999 (LP: #536958)
3000 * debian/slapd.postinst: Add a {1} numeric index to olcAccess entry in
3001 olcDatabase={0}config.ldif to avoid upgrade failures (LP: #538516, #526230)
3002
3003 -- Thierry Carrez <thierry.carrez@ubuntu.com> Mon, 29 Mar 2010 13:31:47 +0200
3004
3005openldap (2.4.21-0ubuntu2) lucid; urgency=low
3006
3007 * debian/apparmor-profile: Update apparmor profile. (LP: #508190)
3008
3009 -- Chuck Short <zulcss@ubuntu.com> Tue, 09 Mar 2010 13:33:35 -0500
3010
3011openldap (2.4.21-0ubuntu1) lucid; urgency=low
3012
3013 * New upstream release.
3014 * debian/rules, debian/schema/extra/:
3015 Fix get-orig-source rule to supports extra schemas shipped as part of the
3016 debian/schema/ directory.
3017
3018 -- Mathias Gug <mathiaz@ubuntu.com> Thu, 18 Feb 2010 00:58:13 -0500
3019
3020openldap (2.4.18-0ubuntu2) lucid; urgency=low
3021
3022 * debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
3023 - Add --with-gssapi support
3024 - Make guess_service_principal() more robust when determining principal
3025 * Enable GSSAPI support (LP: #495418):
3026 - debian/configure.options: Configure with --with-gssapi
3027 - debian/control: Added libkrb5-dev as a build depend
3028
3029 -- Thierry Carrez <thierry.carrez@ubuntu.com> Fri, 11 Dec 2009 11:31:11 +0100
3030
3031openldap (2.4.18-0ubuntu1) karmic; urgency=low
3032
3033 * New upstream release: (LP: #419515):
3034 + pcache overlay supports disconnected mode.
3035 * Fix nss overlay load (LP: #417163).
3036
3037 -- Mathias Gug <mathiaz@ubuntu.com> Mon, 07 Sep 2009 13:41:10 -0400
3038
1028openldap (2.4.17-2.1) unstable; urgency=high3039openldap (2.4.17-2.1) unstable; urgency=high
10293040
1030 * Non-maintainer upload by the Security Team.3041 * Non-maintainer upload by the Security Team.
@@ -1051,6 +3062,108 @@ openldap (2.4.17-2) unstable; urgency=low
10513062
1052 -- Steve Langasek <vorlon@debian.org> Tue, 22 Sep 2009 20:06:34 -07003063 -- Steve Langasek <vorlon@debian.org> Tue, 22 Sep 2009 20:06:34 -0700
10533064
3065openldap (2.4.17-1ubuntu3) karmic; urgency=low
3066
3067 * Install a minimal slapd configuration instead of creating a default
3068 database with a default DIT:
3069 + Move openldap user home from /var/lib/ldap to /nonexistent.
3070 + Remove all code and templates dealing with the default database and DIT
3071 creation.
3072 + Add an Authz map from root user (UID=0) to cn=localroot,cn=config and
3073 grant all access to the latter in the cn=config database as well as the
3074 default backend configuration.
3075 * Add cn=localroot,cn=config authz mapping on upgrades.
3076
3077 -- Mathias Gug <mathiaz@ubuntu.com> Tue, 11 Aug 2009 14:48:56 -0400
3078
3079openldap (2.4.17-1ubuntu2) karmic; urgency=low
3080
3081 [ Thierry Carrez ]
3082 * debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
3083 in the openldap library, as required by Likewise-Open (LP: #390579)
3084
3085 [ Mathias Gug ]
3086 * debian/patches/its6077-uniqueness-overlay: fixes some issues with the
3087 uniqueness overlay.
3088 * debian/patches/its6220-writetimeout-directive: fixes a problem with the
3089 writetimeout directive being in effect even if it wasn't set,
3090 closing connections incorrectly.
3091 * debian/patches/its6222-dncachesize-parameter: fixes the behavior of the
3092 dncachesize parameter that was added in RE24, so that if it is set to
3093 "0" (now the default), it has an unlimited DN cache (RE23 always
3094 had an unlimited DN cache).
3095
3096 -- Mathias Gug <mathiaz@ubuntu.com> Fri, 31 Jul 2009 13:43:46 -0400
3097
3098openldap (2.4.17-1ubuntu1) karmic; urgency=low
3099
3100 [ Steve Langasek ]
3101 * Fix up the lintian warnings:
3102 - add missing misc-depends on all packages
3103 - slapd, libldap-2.4-2-dbg sections changed to 'debug' to match archive
3104 overrides
3105 - bump Standards-Version to 3.8.2, no changes required.
3106
3107 [ Mathias Gug ]
3108 * Resynchronise with Debian. Remaining changes:
3109 - AppArmor support:
3110 - debian/apparmor-profile: add AppArmor profile
3111 - updated debian/slapd.README.Debian for note on AppArmor
3112 - debian/slapd.dirs: add etc/apparmor.d/force-complain
3113 - debian/slapd.postrm: remove symlink in force-complain/ on purge
3114 - debian/rules: install apparmor profile.
3115 - Don't use local statement in config script as it fails if /bin/sh
3116 points to bash.
3117 - debian/slapd.postinst, debian/slapd.script-common: set correct
3118 ownership and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group
3119 readable) and /var/run/slapd (world readable).
3120 - Enable nssoverlay:
3121 - debian/patches/nssov-build, debian/rules: Build and package the nss
3122 overlay.
3123 - debian/schema/misc.ldif: add ldif file for the misc schema which
3124 defines rfc822MailMember (required by the nss overlay).
3125 - debian/{control,rules}: enable PIE hardening
3126 - Use cn=config as the default configuration backend instead of
3127 slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade
3128 asking the end user to enter a new password to control the access to
3129 the cn=config tree.
3130 - debian/slapd.postinst: create /var/run/slapd before updating its
3131 permissions.
3132 - debian/slapd.init: Correctly set slapd config backend option even if
3133 the pidfile is configured in slapd default file.
3134 * Dropped:
3135 - Merged in Debian:
3136 - Update priority of libldap-2.4-2 to match the archive override.
3137 - Add the missing ldapexop and ldapurl tools to ldap-utils, as well as
3138 the ldapurl(1) manpage.
3139 - Bump build-dependency on debhelper to 6 instead of 5, since that's
3140 what we're using.
3141 - Set the default SLAPD_SERVICES to ldap:/// ldapi:///, instead of using
3142 the built-in default of ldap:/// only.
3143 - Fixed in upstream release:
3144 - debian/patches/fix-ldap_back_entry_get_rwa.patch: fix test-0034
3145 failure when built with PIE.
3146 - debian/patches/gnutls-enable-v1-ca-certs: Enable V1 CA certs to be
3147 trusted.
3148 - Update Apparmor profile support: don't support upgrade from pre-hardy
3149 systems:
3150 - debian/slapd.postinst: Reload AA profile on configuration
3151 - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
3152 - debian/control: Conflicts with apparmor-profiles <<
3153 2.1+1075-0ubuntu4 to make sure that if earlier version of
3154 apparmor-profiles gets installed it won't overwrite our profile.
3155 - follow ApparmorProfileMigration and force apparmor complain mode on
3156 some upgrades
3157 - debian/slapd.preinst: create symlink for force-complain on
3158 pre-feisty upgrades, upgrades where apparmor-profiles profile is
3159 unchanged (ie non-enforcing) and upgrades where apparmor profile
3160 does not exist.
3161 - debian/patches/autogen.sh: no longer needed with karmic libtool.
3162 - Call libtoolize with the --install option to install
3163 config.{guess,sub} files.
3164
3165 -- Mathias Gug <mathiaz@ubuntu.com> Thu, 30 Jul 2009 16:42:58 -0400
3166
1054openldap (2.4.17-1) unstable; urgency=low3167openldap (2.4.17-1) unstable; urgency=low
10553168
1056 * New upstream version.3169 * New upstream version.
@@ -1073,6 +3186,153 @@ openldap (2.4.17-1) unstable; urgency=low
10733186
1074 -- Steve Langasek <vorlon@debian.org> Tue, 28 Jul 2009 10:17:15 -07003187 -- Steve Langasek <vorlon@debian.org> Tue, 28 Jul 2009 10:17:15 -0700
10753188
3189openldap (2.4.15-1.1ubuntu1) karmic; urgency=low
3190
3191 * Resynchronise with Debian. Remaining changes:
3192 - AppArmor support:
3193 - debian/apparmor-profile: add AppArmor profile
3194 - debian/slapd.postinst: Reload AA profile on configuration
3195 - updated debian/slapd.README.Debian for note on AppArmor
3196 - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
3197 - debian/control: Conflicts with apparmor-profiles <<
3198 2.1+1075-0ubuntu4 to make sure that if earlier version of
3199 apparmor-profiles gets installed it won't overwrite our profile.
3200 - follow ApparmorProfileMigration and force apparmor complain mode on
3201 some upgrades
3202 - debian/slapd.dirs: add etc/apparmor.d/force-complain
3203 - debian/slapd.preinst: create symlink for force-complain on
3204 pre-feisty upgrades, upgrades where apparmor-profiles profile is
3205 unchanged (ie non-enforcing) and upgrades where apparmor profile
3206 does not exist.
3207 - debian/slapd.postrm: remove symlink in force-complain/ on purge
3208 - debian/patches/autogen.sh:
3209 - Call libtoolize with the --install option to install
3210 config.{guess,sub} files.
3211 - Don't use local statement in config script as it fails if /bin/sh
3212 points to bash.
3213 - debian/slapd.postinst, debian/slapd.script-common: set correct
3214 ownership and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group
3215 readable) and /var/run/slapd (world readable).
3216 - Enable nssoverlay:
3217 - debian/patches/nssov-build, debian/rules: Build and package the nss
3218 overlay.
3219 - debian/schema/misc.ldif: add ldif file for the misc schema which
3220 defines rfc822MailMember (required by the nss overlay).
3221 - debian/{control,rules}: enable PIE hardening
3222 - Use cn=config as the default configuration backend instead of
3223 slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade
3224 asking the end user to enter a new password to control the access to
3225 the cn=config tree.
3226 - Update priority of libldap-2.4-2 to match the archive override.
3227 - Add the missing ldapexop and ldapurl tools to ldap-utils, as well as
3228 the ldapurl(1) manpage.
3229 - Bump build-dependency on debhelper to 6 instead of 5, since that's
3230 what we're using.
3231 - Set the default SLAPD_SERVICES to ldap:/// ldapi:///, instead of using
3232 the built-in default of ldap:/// only.
3233 - debian/patches/fix-ldap_back_entry_get_rwa.patch: fix test-0034
3234 failure when built with PIE.
3235 - debian/patches/gnutls-enable-v1-ca-certs: Enable V1 CA certs to be
3236 trusted.
3237 - debian/slapd.postinst: create /var/run/slapd before updating its
3238 permissions.
3239 - debian/slapd.init: Correctly set slapd config backend option even if
3240 the pidfile is configured in slapd default file.
3241 * Drop patch to avoid the test suite on hppa, as hppa is EOL.
3242
3243 -- Colin Watson <cjwatson@ubuntu.com> Wed, 24 Jun 2009 10:45:20 +0100
3244
3245openldap (2.4.15-1.1) unstable; urgency=low
3246
3247 * Non-maintainer upload.
3248 * Change libltdl3-dev Build-Depends to libltdl-dev | libltdl3-dev
3249 (Closes: #522965)
3250
3251 -- Kurt Roeckx <kurt@roeckx.be> Sun, 19 Apr 2009 18:24:32 +0200
3252
3253openldap (2.4.15-1ubuntu3) jaunty; urgency=low
3254
3255 * No-change rebuild to fix lpia shared library dependencies.
3256
3257 -- Colin Watson <cjwatson@ubuntu.com> Thu, 19 Mar 2009 09:52:40 +0000
3258
3259openldap (2.4.15-1ubuntu2) jaunty; urgency=low
3260
3261 * debian/slapd.postinst: create /var/run/slapd before updating its
3262 permissions (LP: #298928).
3263 * debian/slapd.init: Correclty set slapd config backend option even if the
3264 pidfile is configured in slapd default file (LP: #292364).
3265 * debian/apparmor-profile: support multiple databases to be stored under
3266 /var/lib/ldap/. (LP: #286614).
3267
3268 -- Mathias Gug <mathiaz@ubuntu.com> Fri, 13 Mar 2009 13:56:12 -0400
3269
3270openldap (2.4.15-1ubuntu1) jaunty; urgency=low
3271
3272 [ Steve Langasek ]
3273 * Update priority of libldap-2.4-2 to match the archive override.
3274 * Add the missing ldapexop and ldapurl tools to ldap-utils, as well as the
3275 ldapurl(1) manpage. Thanks to Peter Marschall for the patch.
3276 Closes: #496749.
3277 * Bump build-dependency on debhelper to 6 instead of 5, since that's
3278 what we're using. Closes: #498116.
3279 * Set the default SLAPD_SERVICES to ldap:/// ldapi:///, instead of using
3280 the built-in default of ldap:/// only.
3281
3282 [ Mathias Gug ]
3283 * Merge from debian unstable, remaining changes:
3284 - Modify Maintainer value to match the DebianMaintainerField
3285 speficication.
3286 - AppArmor support:
3287 - debian/apparmor-profile: add AppArmor profile
3288 - debian/slapd.postinst: Reload AA profile on configuration
3289 - updated debian/slapd.README.Debian for note on AppArmor
3290 - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
3291 - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
3292 to make sure that if earlier version of apparmour-profiles gets
3293 installed it won't overwrite our profile.
3294 - follow ApparmorProfileMigration and force apparmor compalin mode on
3295 some upgrades (LP: #203529)
3296 - debian/slapd.dirs: add etc/apparmor.d/force-complain
3297 - debian/slapd.preinst: create symlink for force-complain on pre-feisty
3298 upgrades, upgrades where apparmor-profiles profile is unchanged (ie
3299 non-enforcing) and upgrades where apparmor profile does not exist.
3300 - debian/slapd.postrm: remove symlink in force-complain/ on purge
3301 - debian/control:
3302 - Build-depend on libltdl7-dev rather then libltdl3-dev.
3303 - debian/patches/autogen.sh:
3304 - Call libtoolize with the --install option to install config.{guess,sub}
3305 files.
3306 - Don't use local statement in config script as it fails if /bin/sh
3307 points to bash (LP: #286063).
3308 - Disable the testsuite on hppa. Allows building of packages on this
3309 architecture again, once this package is in the archive.
3310 LP: #288908.
3311 - debian/slapd.postinst, debian/slapd.script-common: set correct ownership
3312 and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group readable) and
3313 /var/run/slapd (world readable). (LP: #257667).
3314 - Enable nssoverlay:
3315 - debian/patches/nssov-build, debian/rules: Build and package
3316 the nss overlay.
3317 - debian/schema/misc.ldif: add ldif file for the misc schema
3318 which defines rfc822MailMember (required by the nss overlay).
3319 - debian/{control,rules}: enable PIE hardening
3320 - Use cn=config as the default configuration backend instead of
3321 slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade
3322 asking the end user to enter a new password to control the access to the
3323 cn=config tree.
3324 * Dropped:
3325 - debian/patches/corrupt-contextCSN: The contextCSN can get corrupted at
3326 times. (ITS: #5947) Fixed in new upstream version 2.4.15.
3327 - debian/patches/fix-ucred-libc due to changes how newer glibc handle
3328 the ucred struct now. Implemented in Debian.
3329 * debian/patches/fix-ldap_back_entry_get_rwa.patch: fix test-0034 failure
3330 when built with PIE.
3331 * debian/patches/gnutls-enable-v1-ca-certs: Enable V1 CA certs to be
3332 trusted (LP: #305264).
3333
3334 -- Mathias Gug <mathiaz@ubuntu.com> Fri, 06 Mar 2009 17:34:21 -0500
3335
1076openldap (2.4.15-1) unstable; urgency=low3336openldap (2.4.15-1) unstable; urgency=low
10773337
1078 * New upstream version3338 * New upstream version
@@ -1090,6 +3350,69 @@ openldap (2.4.15-1) unstable; urgency=low
10903350
1091 -- Steve Langasek <vorlon@debian.org> Tue, 24 Feb 2009 14:27:35 -08003351 -- Steve Langasek <vorlon@debian.org> Tue, 24 Feb 2009 14:27:35 -0800
10923352
3353openldap (2.4.14-0ubuntu1) jaunty; urgency=low
3354
3355 [ Steve Langasek ]
3356 * New upstream version
3357 - Fixes a bug with the pcache overlay not returning cached entries
3358 (closes: #497697)
3359 - Update evolution-ntlm patch to apply to current Makefiles.
3360 - (tentatively) drop gnutls-ciphers, since this bug was reported to be
3361 fixed upstream in 2.4.8. The fix applied in 2.4.8 didn't match the
3362 patch from the bug report, so this should be watched for regressions.
3363 * Build against db4.7 instead of db4.2 at last! Closes: #421946.
3364 * Build with --disable-ndb, to avoid a misbuild when libmysqlclient is
3365 installed in the build environment.
3366 * New patch, no-crlcheck-for-gnutls, to fix a build failure when using
3367 --with-tls=gnutls.
3368
3369 [ Mathias Gug ]
3370 * Merge from debian unstable, remaining changes:
3371 - debian/apparmor-profile: add AppArmor profile
3372 - debian/slapd.postinst: Reload AA profile on configuration
3373 - updated debian/slapd.README.Debian for note on AppArmor
3374 - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
3375 - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
3376 to make sure that if earlier version of apparmour-profiles gets
3377 installed it won't overwrite our profile.
3378 - Modify Maintainer value to match the DebianMaintainerField
3379 speficication.
3380 - follow ApparmorProfileMigration and force apparmor compalin mode on
3381 some upgrades (LP: #203529)
3382 - debian/slapd.dirs: add etc/apparmor.d/force-complain
3383 - debian/slapd.preinst: create symlink for force-complain on pre-feisty
3384 upgrades, upgrades where apparmor-profiles profile is unchanged (ie
3385 non-enforcing) and upgrades where apparmor profile does not exist.
3386 - debian/slapd.postrm: remove symlink in force-complain/ on purge
3387 - debian/patches/fix-ucred-libc due to changes how newer glibc handle
3388 the ucred struct now.
3389 - debian/control:
3390 - Build-depend on libltdl7-dev rather then libltdl3-dev.
3391 - debian/patches/autogen.sh:
3392 - Call libtoolize with the --install option to install config.{guess,sub}
3393 files.
3394 - Don't use local statement in config script as it fails if /bin/sh
3395 points to bash (LP: #286063).
3396 - Disable the testsuite on hppa. Allows building of packages on this
3397 architecture again, once this package is in the archive.
3398 LP: #288908.
3399 - debian/slapd.postinst, debian/slapd.script-common: set correct ownership
3400 and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group readable) and
3401 /var/run/slapd (world readable). (LP: #257667).
3402 - debian/patches/nssov-build, debian/rules:
3403 Build and package the nss overlay.
3404 debian/schema/misc.ldif: add ldif file for the misc schema, which defines
3405 rfc822MailMember (required by the nss overlay).
3406 - debian/{control,rules}: enable PIE hardening
3407 - Use cn=config as the default configuration backend instead of
3408 slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade
3409 asking the end user to enter a new password to control the access to the
3410 cn=config tree.
3411 * debian/patches/corrupt-contextCSN: The contextCSN can get corrupted at
3412 times. (ITS: #5947)
3413
3414 -- Mathias Gug <mathiaz@ubuntu.com> Wed, 18 Feb 2009 18:44:00 -0500
3415
1093openldap (2.4.11-1) unstable; urgency=low3416openldap (2.4.11-1) unstable; urgency=low
10943417
1095 * New upstream version (closes: #499560).3418 * New upstream version (closes: #499560).
@@ -1112,6 +3435,110 @@ openldap (2.4.11-1) unstable; urgency=low
11123435
1113 -- Steve Langasek <vorlon@debian.org> Sat, 11 Oct 2008 01:53:55 -07003436 -- Steve Langasek <vorlon@debian.org> Sat, 11 Oct 2008 01:53:55 -0700
11143437
3438openldap (2.4.11-0ubuntu7) jaunty; urgency=low
3439
3440 * Don't use local statement in config script as it fails if /bin/sh
3441 points to bash (LP: #286063).
3442
3443 -- Mathias Gug <mathiaz@ubuntu.com> Tue, 04 Nov 2008 20:03:46 -0500
3444
3445openldap (2.4.11-0ubuntu6) intrepid; urgency=low
3446
3447 * Disable the testsuite on hppa. Allows building of packages on this
3448 architecture again, once this package is in the archive.
3449 LP: #288908.
3450
3451 -- Matthias Klose <doko@ubuntu.com> Fri, 24 Oct 2008 23:22:33 +0200
3452
3453openldap (2.4.11-0ubuntu5) intrepid; urgency=low
3454
3455 * Don't set admin passwords in ldif files if adminpw is empty.
3456 (LP: #273988 - LP: #276606).
3457
3458 -- Mathias Gug <mathiaz@ubuntu.com> Mon, 13 Oct 2008 19:31:15 -0400
3459
3460openldap (2.4.11-0ubuntu4) intrepid; urgency=low
3461
3462 * debian/slapd.postinst, debian/slapd.script-common: set correct ownership
3463 and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group readable) and
3464 /var/run/slapd (world readable). (LP: #257667).
3465 * debian/slapd.script-common:
3466 - Fix package reconfiguration:
3467 + Remove slapd.d/ directory if it already exists when creating a new
3468 configuration.
3469 + Fix backup directory naming for multiple reconfiguration.
3470
3471 -- Mathias Gug <mathiaz@ubuntu.com> Wed, 24 Sep 2008 21:01:42 -0400
3472
3473openldap (2.4.11-0ubuntu3) intrepid; urgency=low
3474
3475 * debian/patches/nssov-build, debian/rules:
3476 Build and package the nss overlay.
3477 * debian/schema/misc.ldif: add ldif file for the misc schema, which defines
3478 rfc822MailMember (required by the nss overlay).
3479
3480 -- Mathias Gug <mathiaz@ubuntu.com> Tue, 26 Aug 2008 18:42:54 -0400
3481
3482openldap (2.4.11-0ubuntu2) intrepid; urgency=low
3483
3484 * debian/{control,rules}: enable PIE hardening
3485
3486 -- Kees Cook <kees@ubuntu.com> Wed, 20 Aug 2008 15:47:01 -0700
3487
3488openldap (2.4.11-0ubuntu1) intrepid; urgency=low
3489
3490 * New upstream version:
3491 - Mainly bug fixes.
3492 - New nss slapd overlay (not compiled by default).
3493 * Use cn=config as the default configuration backend instead of
3494 slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade
3495 asking the end user to enter a new password to control the access to the
3496 cn=config tree.
3497
3498 -- Mathias Gug <mathiaz@ubuntu.com> Mon, 11 Aug 2008 20:26:05 -0400
3499
3500openldap (2.4.10-3ubuntu1) intrepid; urgency=low
3501
3502 [ Mathias Gug ]
3503 * Merge from debian unstable, remaining changes:
3504 - debian/apparmor-profile: add AppArmor profile
3505 - debian/slapd.postinst: Reload AA profile on configuration
3506 - updated debian/slapd.README.Debian for note on AppArmor
3507 - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
3508 - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
3509 to make sure that if earlier version of apparmour-profiles gets
3510 installed it won't overwrite our profile.
3511 - Modify Maintainer value to match the DebianMaintainerField
3512 speficication.
3513 - follow ApparmorProfileMigration and force apparmor compalin mode on
3514 some upgrades (LP: #203529)
3515 - debian/slapd.dirs: add etc/apparmor.d/force-complain
3516 - debian/slapd.preinst: create symlink for force-complain on pre-feisty
3517 upgrades, upgrades where apparmor-profiles profile is unchanged (ie
3518 non-enforcing) and upgrades where apparmor profile does not exist.
3519 - debian/slapd.postrm: remove symlink in force-complain/ on purge
3520 - debian/patches/fix-ucred-libc due to changes how newer glibc handle
3521 the ucred struct now.
3522 - debian/patches/fix-unique-overlay-assertion.patch:
3523 Fix another assertion error in unique overlay (LP: #243337).
3524 Backport from head.
3525 * Dropped - implemented in Debian:
3526 - debian/patches/fix-gnutls-key-strength.patch:
3527 Fix slapd handling of ssf using gnutls. (LP: #244925).
3528 - debian/control:
3529 Add time as build dependency: needed by make test.
3530 * debian/control:
3531 - Build-depend on libltdl7-dev rather then libltdl3-dev.
3532 * debian/patches/autogen.sh:
3533 - Call libtoolize with the --install option to install config.{guess,sub}
3534 files.
3535
3536 [ Jamie Strandboge ]
3537 * adjust apparmor profile to allow gssapi (LP: #229252)
3538 * adjust apparmor profile to allow cnconfig (LP: #243525)
3539
3540 -- Mathias Gug <mathiaz@ubuntu.com> Wed, 30 Jul 2008 19:46:02 -0400
3541
1115openldap (2.4.10-3) unstable; urgency=low3542openldap (2.4.10-3) unstable; urgency=low
11163543
1117 [ Steve Langasek ]3544 [ Steve Langasek ]
@@ -1145,6 +3572,40 @@ openldap (2.4.10-3) unstable; urgency=low
11453572
1146 -- Steve Langasek <vorlon@debian.org> Mon, 28 Jul 2008 15:26:06 -07003573 -- Steve Langasek <vorlon@debian.org> Mon, 28 Jul 2008 15:26:06 -0700
11473574
3575openldap (2.4.10-2ubuntu1) intrepid; urgency=low
3576
3577 * Merge from debian unstable, remaining changes:
3578 - debian/apparmor-profile: add AppArmor profile
3579 - debian/slapd.postinst: Reload AA profile on configuration
3580 - updated debian/slapd.README.Debian for note on AppArmor
3581 - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
3582 - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
3583 to make sure that if earlier version of apparmour-profiles gets
3584 installed it won't overwrite our profile.
3585 - Modify Maintainer value to match the DebianMaintainerField
3586 speficication.
3587 - follow ApparmorProfileMigration and force apparmor compalin mode on
3588 some upgrades (LP: #203529)
3589 - debian/slapd.dirs: add etc/apparmor.d/force-complain
3590 - debian/slapd.preinst: create symlink for force-complain on pre-feisty
3591 upgrades, upgrades where apparmor-profiles profile is unchanged (ie
3592 non-enforcing) and upgrades where apparmor profile does not exist.
3593 - debian/slapd.postrm: remove symlink in force-complain/ on purge
3594 - debian/patches/fix-ucred-libc due to changes how newer glibc handle
3595 the ucred struct now.
3596 - debian/patches/fix-unique-overlay-assertion.patch:
3597 Fix another assertion error in unique overlay (LP: #243337).
3598 Backport from head.
3599 - debian/patches/fix-gnutls-key-strength.patch:
3600 Fix slapd handling of ssf using gnutls. (LP: #244925).
3601 - debian/control:
3602 Add time as build dependency: needed by make test.
3603 * Dropped - implemented in Debian:
3604 - debian/rules:
3605 Support debuild nocheck option: don't run tests if nocheck is set.
3606
3607 -- Mathias Gug <mathiaz@ubuntu.com> Thu, 10 Jul 2008 14:45:49 -0400
3608
1148openldap (2.4.10-2) unstable; urgency=low3609openldap (2.4.10-2) unstable; urgency=low
11493610
1150 * Support DEB_BUILD_OPTIONS=nocheck to disable running the test suite at3611 * Support DEB_BUILD_OPTIONS=nocheck to disable running the test suite at
@@ -1159,6 +3620,54 @@ openldap (2.4.10-2) unstable; urgency=low
11593620
1160 -- Steve Langasek <vorlon@debian.org> Sun, 06 Jul 2008 22:03:32 -07003621 -- Steve Langasek <vorlon@debian.org> Sun, 06 Jul 2008 22:03:32 -0700
11613622
3623openldap2.3 (2.4.10-1ubuntu1) intrepid; urgency=low
3624
3625 * Merge from debian unstable, remaining changes:
3626 - debian/apparmor-profile: add AppArmor profile
3627 - debian/slapd.postinst: Reload AA profile on configuration
3628 - updated debian/slapd.README.Debian for note on AppArmor
3629 - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
3630 - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
3631 to make sure that if earlier version of apparmour-profiles gets
3632 installed it won't overwrite our profile.
3633 - Modify Maintainer value to match the DebianMaintainerField
3634 speficication.
3635 - follow ApparmorProfileMigration and force apparmor compalin mode on
3636 some upgrades (LP: #203529)
3637 - debian/slapd.dirs: add etc/apparmor.d/force-complain
3638 - debian/slapd.preinst: create symlink for force-complain on pre-feisty
3639 upgrades, upgrades where apparmor-profiles profile is unchanged (ie
3640 non-enforcing) and upgrades where apparmor profile does not exist.
3641 - debian/slapd.postrm: remove symlink in force-complain/ on purge
3642 - debian/patches/fix-ucred-libc due to changes how newer glibc handle
3643 the ucred struct now.
3644 - debian/patches/fix-unique-overlay-assertion.patch:
3645 Fix another assertion error in unique overlay (LP: #243337).
3646 Backport from head.
3647 * debian/control:
3648 - add time as build dependency: needed by make test.
3649 * debian/rules:
3650 - support debuild nocheck option: don't run tests if nocheck is set.
3651 * debian/patches/fix-gnutls-key-strength.patch:
3652 - fix slapd handling of ssf using gnutls. (LP: #244925).
3653 * Dropped - accepted in Debian:
3654 - debian/rules, debian/slapd.links: use hard links to slapd instead of
3655 symlinks for slap* so these applications aren't confined by apparmor
3656 (LP: #203898)
3657 * Dropped - fixed in new upstream release:
3658 - debian/patches/fix-assertion-io.patch: Fixes ber_flush2 assertion.
3659 (LP: #215904)
3660 - debian/patches/fix-dnpretty-assertion.patch: Fix dnPrettyNormal assertion
3661 error. (LP: #234196)
3662 - dropped debian/patches/fix-notify-crasher.patch: Fix modify timestamp crashes.
3663 (LP: #220724)
3664 - debian/patches/fix-syncrepl-oops: Fixes segmentation fault when using
3665 syncrepl. (LP: #227178)
3666 - dropped debian/patches/SECURITY_CVE-2008-0658.patch. Already applied
3667 upstream.
3668
3669 -- Mathias Gug <mathiaz@ubuntu.com> Thu, 03 Jul 2008 14:15:08 -0400
3670
1162openldap2.3 (2.4.10-1) unstable; urgency=low3671openldap2.3 (2.4.10-1) unstable; urgency=low
11633672
1164 [ Steve Langasek ]3673 [ Steve Langasek ]
@@ -1183,6 +3692,64 @@ openldap2.3 (2.4.10-1) unstable; urgency=low
11833692
1184 -- Steve Langasek <vorlon@debian.org> Mon, 30 Jun 2008 04:28:34 -07003693 -- Steve Langasek <vorlon@debian.org> Mon, 30 Jun 2008 04:28:34 -0700
11853694
3695openldap2.3 (2.4.9-1ubuntu4) intrepid; urgency=low
3696
3697 * debian/patches/fix-unique-overlay-assertion.patch:
3698 - Fix another assertion error in unique overlay, backported from head.
3699 (LP: #243337) Note: This patch will still be needed when moved to 2.4.10
3700
3701 -- Chuck Short <zulcss@ubuntu.com> Mon, 30 Jun 2008 18:49:52 +0000
3702
3703openldap2.3 (2.4.9-1ubuntu3) intrepid; urgency=low
3704
3705 * Drop spurious dependency on hiemdal-dev. Caused by an aborted attempt to
3706 include the smbk5pwd overlay.
3707
3708 -- Chuck Short <zulcss@ubuntu.com> Wed, 11 Jun 2008 21:25:40 +0000
3709
3710openldap2.3 (2.4.9-1ubuntu2) intrepid; urgency=low
3711
3712 * Rebuild for perl 5.10 transition (LP: #230016)
3713 * debian/patches/fix-syncrepl-oops: Fixes segmentation fault when using
3714 syncrepl. (LP: #227178)
3715
3716 -- Chuck Short <zulcss@ubuntu.com> Mon, 09 Jun 2008 14:56:40 +0000
3717
3718openldap2.3 (2.4.9-1ubuntu1) intrepid; urgency=low
3719
3720 * Merge from debian unstable, remaining changes:
3721 - debian/apparmor-profile: add AppArmor profile
3722 - debian/slapd.postinst: Reload AA profile on configuration
3723 - updated debian/slapd.README.Debian for note on AppArmor
3724 - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
3725 - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
3726 to make sure that if earlier version of apparmour-profiles gets
3727 installed it won't overwrite our profile.
3728 - Modify Maintainer value to match the DebianMaintainerField
3729 speficication.
3730 - follow ApparmorProfileMigration and force apparmor compalin mode on
3731 some upgrades (LP: #203529)
3732 - debian/slapd.dirs: add etc/apparmor.d/force-complain
3733 - debian/slapd.preinst: create symlink for force-complain on pre-feisty
3734 upgrades, upgrades where apparmor-profiles profile is unchanged (ie
3735 non-enforcing) and upgrades where apparmor profile does not exist.
3736 - debian/slapd.postrm: remove symlink in force-complain/ on purge
3737 - debian/rules, debian/slapd.links: use hard links to slapd instead of
3738 symlinks for slap* so these applications aren't confined by apparmor
3739 (LP: #203898)
3740 - debian/patches/fix-assertion-io.patch: Fixes ber_flush2 assertion.
3741 (LP: #215904)
3742 - debian/patches/fix-dnpretty-assertion.patch: Fix dnPrettyNormal assertion
3743 error. (LP: #234196)
3744 - dropped debian/patches/fix-notify-crasher.patch: Fix modify timestamp crashes.
3745 (LP: #220724)
3746 - dropped debian/patches/SECURITY_CVE-2008-0658.patch. Already applied
3747 upstream.
3748 * Added debian/patches/fix-ucred-libc due to changes how newer glibc handle
3749 the ucred struct now.
3750
3751 -- Chuck Short <zulcss@ubuntu.com> Fri, 30 May 2008 17:09:53 +0100
3752
1186openldap2.3 (2.4.9-1) unstable; urgency=low3753openldap2.3 (2.4.9-1) unstable; urgency=low
11873754
1188 [ Updated debconf translations ]3755 [ Updated debconf translations ]
@@ -1253,6 +3820,51 @@ openldap2.3 (2.4.7-6.1) unstable; urgency=high
12533820
1254 -- Nico Golde <nion@debian.org> Tue, 04 Mar 2008 14:34:44 +01003821 -- Nico Golde <nion@debian.org> Tue, 04 Mar 2008 14:34:44 +0100
12553822
3823openldap2.3 (2.4.7-6ubuntu3) hardy; urgency=low
3824
3825 * remove apparmor-profile workaround for Launchpad #202161 (it's now fixed
3826 in klibc)
3827
3828 -- Jamie Strandboge <jamie@ubuntu.com> Mon, 07 Apr 2008 16:09:38 -0400
3829
3830openldap2.3 (2.4.7-6ubuntu2) hardy; urgency=low
3831
3832 * apparmor-profile workaround for Launchpad #202161
3833 * follow ApparmorProfileMigration and force apparmor complain mode on some
3834 upgrades (LP: #203529)
3835 - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
3836 - debian/slapd.dirs: add etc/apparmor.d/force-complain
3837 - debian/slapd.preinst: create symlink for force-complain/ on pre-feisty
3838 upgrades, upgrades where apparmor-profiles profile is unchanged (ie
3839 non-enforcing) and upgrades where apparmor profile does not exist
3840 - debian/slapd.postrm: remove symlink in force-complain/ on purge
3841 * debian/rules, debian/slapd.links: use hard links to slapd instead of
3842 symlinks for slap* so these applications aren't confined by apparmor
3843 (LP: #203898)
3844
3845 -- Jamie Strandboge <jamie@ubuntu.com> Tue, 18 Mar 2008 13:53:23 -0400
3846
3847openldap2.3 (2.4.7-6ubuntu1) hardy; urgency=low
3848
3849 * Merge from Debian unstable, remaining changes:
3850 + debian/patches/SECURITY_CVE-2008-0658.patch (LP: #197077)
3851 slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39
3852 allows remote authenticated users to cause a denial of service (daemon
3853 crash) via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION)
3854 control, a related issue to CVE-2007-6698.
3855 + debian/apparmor-profile: add AppArmor profile
3856 + debian/slapd.postinst: Reload AA profile on configuration
3857 + updated debian/slapd.README.Debian for note on AppArmor
3858 + debian/control: Replaces apparmor-profiles << 2.1+1075-0ubuntu4 as we
3859 should now take control
3860 + debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
3861 to make sure that if earlier version of apparmor-profiles gets
3862 installed it won't overwrite our profile
3863 + Modify Maintainer value to match the DebianMaintainerField
3864 specification.
3865
3866 -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 04 Mar 2008 01:59:51 +0000
3867
1256openldap2.3 (2.4.7-6) unstable; urgency=low3868openldap2.3 (2.4.7-6) unstable; urgency=low
12573869
1258 [ Updated debconf translations ]3870 [ Updated debconf translations ]
@@ -1298,6 +3910,37 @@ openldap2.3 (2.4.7-6) unstable; urgency=low
12983910
1299 -- Steve Langasek <vorlon@debian.org> Thu, 28 Feb 2008 22:15:17 -08003911 -- Steve Langasek <vorlon@debian.org> Thu, 28 Feb 2008 22:15:17 -0800
13003912
3913openldap2.3 (2.4.7-5ubuntu2) hardy; urgency=low
3914
3915 * SECURITY UPDATE:
3916 + debian/patches/SECURITY_CVE-2008-0658.patch (LP: #197077)
3917 slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39
3918 allows remote authenticated users to cause a denial of service (daemon crash)
3919 via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION) control, a related
3920 issue to CVE-2007-6698.
3921
3922 * References
3923 - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-0658
3924 - http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5358
3925
3926 -- Emanuele Gentili <emgent@emanuele-gentili.com> Sun, 02 Mar 2008 16:34:30 +0100
3927
3928openldap2.3 (2.4.7-5ubuntu1) hardy; urgency=low
3929
3930 * add AppArmor profile
3931 + debian/apparmor-profile
3932 + debian/slapd.postinst: Reload AA profile on configuration
3933 * updated debian/slapd.README.Debian for note on AppArmor
3934 * debian/control: Replaces apparmor-profiles << 2.1+1075-0ubuntu4 as we
3935 should now take control
3936 * debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
3937 to make sure that if earlier version of apparmor-profiles gets installed
3938 it won't overwrite our profile
3939 * Modify Maintainer value to match the DebianMaintainerField
3940 specification.
3941
3942 -- Jamie Strandboge <jamie@ubuntu.com> Wed, 13 Feb 2008 17:15:41 +0000
3943
1301openldap2.3 (2.4.7-5) unstable; urgency=low3944openldap2.3 (2.4.7-5) unstable; urgency=low
13023945
1303 [ Updated debconf translations ]3946 [ Updated debconf translations ]
diff --git a/debian/configure.options b/debian/configure.options
index 08a55e0..9d3704e 100644
--- a/debian/configure.options
+++ b/debian/configure.options
@@ -175,6 +175,7 @@
175# --with-fetch with fetch(3) URL support [auto]175# --with-fetch with fetch(3) URL support [auto]
176# --with-threads with threads [auto]176# --with-threads with threads [auto]
177--with-threads177--with-threads
178--with-gssapi
178# --with-tls with TLS/SSL support auto|openssl|gnutls|moznss [auto]179# --with-tls with TLS/SSL support auto|openssl|gnutls|moznss [auto]
179--with-tls=gnutls180--with-tls=gnutls
180# --with-yielding-select with implicitly yielding select [auto]181# --with-yielding-select with implicitly yielding select [auto]
diff --git a/debian/control b/debian/control
index 6daf556..d9d7774 100644
--- a/debian/control
+++ b/debian/control
@@ -1,14 +1,16 @@
1Source: openldap1Source: openldap
2Section: net2Section: net
3Priority: optional3Priority: optional
4Maintainer: Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>4Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
5XSBC-Original-Maintainer: Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>
5Uploaders: Steve Langasek <vorlon@debian.org>,6Uploaders: Steve Langasek <vorlon@debian.org>,
6 Torsten Landschoff <torsten@debian.org>,7 Torsten Landschoff <torsten@debian.org>,
7 Ryan Tandy <ryan@nardis.ca>8 Ryan Tandy <ryan@nardis.ca>
8Build-Depends: debhelper (>= 10),9Build-Depends: debhelper (>= 10),
10 dh-apparmor,
9 dpkg-dev (>= 1.17.14),11 dpkg-dev (>= 1.17.14),
10 groff-base,12 groff-base,
11 heimdal-multidev (>= 7.4.0.dfsg.1-1~) <!pkg.openldap.noslapd>,13 heimdal-dev (>= 7.4.0.dfsg.1-1~) <!pkg.openldap.noslapd>,
12 libargon2-dev <!pkg.openldap.noslapd>,14 libargon2-dev <!pkg.openldap.noslapd>,
13 libdb5.3-dev <!pkg.openldap.noslapd>,15 libdb5.3-dev <!pkg.openldap.noslapd>,
14 libgnutls28-dev,16 libgnutls28-dev,
@@ -35,7 +37,7 @@ Depends: ${shlibs:Depends}, libldap-2.4-2 (= ${binary:Version}),
35 coreutils (>= 4.5.1-1), psmisc, perl:any (>> 5.8.0) | libmime-base64-perl,37 coreutils (>= 4.5.1-1), psmisc, perl:any (>> 5.8.0) | libmime-base64-perl,
36 adduser, lsb-base (>= 3.2-13), ${perl:Depends}, ${misc:Depends}38 adduser, lsb-base (>= 3.2-13), ${perl:Depends}, ${misc:Depends}
37Recommends: ldap-utils39Recommends: ldap-utils
38Suggests: libsasl2-modules,40Suggests: libsasl2-modules, ufw,
39 libsasl2-modules-gssapi-mit | libsasl2-modules-gssapi-heimdal41 libsasl2-modules-gssapi-mit | libsasl2-modules-gssapi-heimdal
40Conflicts: umich-ldapd, ldap-server, libltdl3 (= 1.5.4-1)42Conflicts: umich-ldapd, ldap-server, libltdl3 (= 1.5.4-1)
41Replaces: libldap2, ldap-utils (<< 2.2.23-3)43Replaces: libldap2, ldap-utils (<< 2.2.23-3)
diff --git a/debian/libldap-2.4-2.symbols b/debian/libldap-2.4-2.symbols
index 1c89a2e..3214a35 100644
--- a/debian/libldap-2.4-2.symbols
+++ b/debian/libldap-2.4-2.symbols
@@ -118,6 +118,7 @@ liblber-2.4.so.2 libldap-2.4-2 #MINVER#
118 ber_sockbuf_io_fd@OPENLDAP_2.4_2 2.4.7118 ber_sockbuf_io_fd@OPENLDAP_2.4_2 2.4.7
119 ber_sockbuf_io_readahead@OPENLDAP_2.4_2 2.4.7119 ber_sockbuf_io_readahead@OPENLDAP_2.4_2 2.4.7
120 ber_sockbuf_io_tcp@OPENLDAP_2.4_2 2.4.7120 ber_sockbuf_io_tcp@OPENLDAP_2.4_2 2.4.7
121 ber_sockbuf_io_udp@OPENLDAP_2.4_2 2.4.17-1ubuntu2
121 ber_sockbuf_remove_io@OPENLDAP_2.4_2 2.4.7122 ber_sockbuf_remove_io@OPENLDAP_2.4_2 2.4.7
122 ber_sos_dump@OPENLDAP_2.4_2 2.4.7123 ber_sos_dump@OPENLDAP_2.4_2 2.4.7
123 ber_start@OPENLDAP_2.4_2 2.4.7124 ber_start@OPENLDAP_2.4_2 2.4.7
@@ -280,6 +281,11 @@ libldap_r-2.4.so.2 libldap-2.4-2 #MINVER#
280 ldap_int_flush_request@OPENLDAP_2.4_2 2.4.7281 ldap_int_flush_request@OPENLDAP_2.4_2 2.4.7
281 ldap_int_global_options@OPENLDAP_2.4_2 2.4.7282 ldap_int_global_options@OPENLDAP_2.4_2 2.4.7
282 ldap_int_gmtime_mutex@OPENLDAP_2.4_2 2.4.23283 ldap_int_gmtime_mutex@OPENLDAP_2.4_2 2.4.23
284 ldap_int_gssapi_close@OPENLDAP_2.4_2 2.4.18-0ubuntu2
285 ldap_int_gssapi_config@OPENLDAP_2.4_2 2.4.18-0ubuntu2
286 ldap_int_gssapi_get_option@OPENLDAP_2.4_2 2.4.18-0ubuntu2
287 ldap_int_gssapi_mutex@OPENLDAP_2.4_2 2.4.18-0ubuntu2
288 ldap_int_gssapi_set_option@OPENLDAP_2.4_2 2.4.18-0ubuntu2
283 ldap_int_hostname@OPENLDAP_2.4_2 2.4.7289 ldap_int_hostname@OPENLDAP_2.4_2 2.4.7
284 ldap_int_hostname_mutex@OPENLDAP_2.4_2 2.4.39290 ldap_int_hostname_mutex@OPENLDAP_2.4_2 2.4.39
285 ldap_int_inet4or6@OPENLDAP_2.4_2 2.4.7291 ldap_int_inet4or6@OPENLDAP_2.4_2 2.4.7
@@ -312,6 +318,7 @@ libldap_r-2.4.so.2 libldap-2.4-2 #MINVER#
312 ldap_int_tls_start@OPENLDAP_2.4_2 2.4.7318 ldap_int_tls_start@OPENLDAP_2.4_2 2.4.7
313 ldap_int_utils_init@OPENLDAP_2.4_2 2.4.7319 ldap_int_utils_init@OPENLDAP_2.4_2 2.4.7
314 ldap_is_ldap_url@OPENLDAP_2.4_2 2.4.7320 ldap_is_ldap_url@OPENLDAP_2.4_2 2.4.7
321 ldap_is_ldapc_url@OPENLDAP_2.4_2 2.4.17-1ubuntu2
315 ldap_is_ldapi_url@OPENLDAP_2.4_2 2.4.7322 ldap_is_ldapi_url@OPENLDAP_2.4_2 2.4.7
316 ldap_is_ldaps_url@OPENLDAP_2.4_2 2.4.7323 ldap_is_ldaps_url@OPENLDAP_2.4_2 2.4.7
317 ldap_is_read_ready@OPENLDAP_2.4_2 2.4.7324 ldap_is_read_ready@OPENLDAP_2.4_2 2.4.7
diff --git a/debian/patches/contrib-makefiles b/debian/patches/contrib-makefiles
index 0aea4c3..bf04e60 100644
--- a/debian/patches/contrib-makefiles
+++ b/debian/patches/contrib-makefiles
@@ -183,3 +183,24 @@
183 -rpath $(moduledir) -module -o $@ $? $(LIBS)183 -rpath $(moduledir) -module -o $@ $? $(LIBS)
184 184
185 clean:185 clean:
186--- a/contrib/slapd-modules/nssov/Makefile
187+++ b/contrib/slapd-modules/nssov/Makefile
188@@ -52,15 +52,15 @@
189 .SUFFIXES: .c .o .lo
190
191 .c.lo:
192- $(LIBTOOL) --mode=compile $(CC) $(OPT) $(DEFS) $(INCS) -c $<
193+ $(LIBTOOL) --mode=compile $(CC) $(CFLAGS) $(CPPFLAGS) $(DEFS) $(INCS) -c $<
194
195 tio.lo: nss-pam-ldapd/tio.c
196- $(LIBTOOL) --mode=compile $(CC) $(OPT) $(DEFS) $(INCS) -c $?
197+ $(LIBTOOL) --mode=compile $(CC) $(CFLAGS) $(CPPFLAGS) $(DEFS) $(INCS) -c $?
198
199 $(OBJS): nssov.h
200
201 nssov.la: $(OBJS) $(XOBJS)
202- $(LIBTOOL) --mode=link $(CC) $(OPT) -version-info 0:0:0 \
203+ $(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -version-info 0:0:0 \
204 -rpath $(moduledir) -module -o $@ $(OBJS) $(XOBJS) $(LIBS)
205
206 install: nssov.la
diff --git a/debian/patches/fix_test_timing.patch b/debian/patches/fix_test_timing.patch
186new file mode 100644207new file mode 100644
index 0000000..bc57140
--- /dev/null
+++ b/debian/patches/fix_test_timing.patch
@@ -0,0 +1,27 @@
1Description: fix test timing on slow builders such as riscv64
2Author: Marc Deslauriers <marc.deslauriers@canonical.com>
3
4--- a/tests/data/ppolicy.ldif
5+++ b/tests/data/ppolicy.ldif
6@@ -25,7 +25,7 @@ pwdLockoutDuration: 15
7 pwdInHistory: 6
8 pwdCheckQuality: 2
9 pwdExpireWarning: 10
10-pwdMaxAge: 30
11+pwdMaxAge: 40
12 pwdMinLength: 5
13 pwdGraceAuthnLimit: 3
14 pwdAllowUserChange: TRUE
15--- a/tests/scripts/test022-ppolicy
16+++ b/tests/scripts/test022-ppolicy
17@@ -100,8 +100,8 @@ if test $RC != 0 ; then
18 fi
19
20 echo "Testing password expiration"
21-echo "Waiting 20 seconds for password to expire..."
22-sleep 20
23+echo "Waiting 40 seconds for password to expire..."
24+sleep 40
25
26 $LDAPSEARCH -e ppolicy -h $LOCALHOST -p $PORT1 -D "$USER" -w $PASS \
27 -b "$BASEDN" -s base > $SEARCHOUT 2>&1
diff --git a/debian/patches/gssapi.diff b/debian/patches/gssapi.diff
0new file mode 10064428new file mode 100644
index 0000000..5bcf266
--- /dev/null
+++ b/debian/patches/gssapi.diff
@@ -0,0 +1,140 @@
1--- a/configure.in
2+++ b/configure.in
3@@ -244,6 +244,8 @@
4 auto, [auto yes no] )
5 OL_ARG_WITH(fetch,[ --with-fetch with fetch(3) URL support],
6 auto, [auto yes no] )
7+OL_ARG_WITH(gssapi,[ --with-gssapi with GSSAPI support],
8+ auto, [auto yes no] )
9 OL_ARG_WITH(threads,[ --with-threads with threads],
10 auto, [auto nt posix mach pth lwp yes no manual] )
11 OL_ARG_WITH(tls,[ --with-tls with TLS/SSL support auto|openssl|gnutls|moznss],
12@@ -591,6 +593,7 @@
13 KRB4_LIBS=
14 KRB5_LIBS=
15 SASL_LIBS=
16+GSSAPI_LIBS=
17 TLS_LIBS=
18 MODULES_LIBS=
19 SLAPI_LIBS=
20@@ -1153,6 +1156,63 @@
21 fi
22
23 dnl ----------------------------------------------------------------
24+dnl GSSAPI
25+ol_link_gssapi=no
26+
27+case $ol_with_gssapi in yes | auto)
28+
29+ ol_header_gssapi=no
30+ AC_CHECK_HEADERS(gssapi/gssapi.h)
31+ if test $ac_cv_header_gssapi_gssapi_h = yes ; then
32+ ol_header_gssapi=yes
33+ else
34+ AC_CHECK_HEADERS(gssapi.h)
35+ if test $ac_cv_header_gssapi_h = yes ; then
36+ ol_header_gssapi=yes
37+ fi
38+
39+ dnl## not every gssapi has gss_oid_to_str()
40+ dnl## as it's not defined in the GSSAPI V2 API
41+ dnl## anymore
42+ saveLIBS="$LIBS"
43+ LIBS="$LIBS $GSSAPI_LIBS"
44+ AC_CHECK_FUNCS(gss_oid_to_str)
45+ LIBS="$saveLIBS"
46+ fi
47+
48+ if test $ol_header_gssapi = yes ; then
49+ dnl## we check for gss_wrap
50+ dnl## as it's new to the GSSAPI V2 API
51+ AC_CHECK_LIB(gssapi, gss_wrap,
52+ [ol_link_gssapi=yes;GSSAPI_LIBS="-lgssapi"],
53+ [ol_link_gssapi=no])
54+ if test $ol_link_gssapi != yes ; then
55+ AC_CHECK_LIB(gssapi_krb5, gss_wrap,
56+ [ol_link_gssapi=yes;GSSAPI_LIBS="-lgssapi_krb5"],
57+ [ol_link_gssapi=no])
58+ fi
59+ if test $ol_link_gssapi != yes ; then
60+ AC_CHECK_LIB(gss, gss_wrap,
61+ [ol_link_gssapi=yes;GSSAPI_LIBS="-lgss"],
62+ [ol_link_gssapi=no])
63+ fi
64+ fi
65+
66+ ;;
67+esac
68+
69+WITH_GSSAPI=no
70+if test $ol_link_gssapi = yes; then
71+ AC_DEFINE(HAVE_GSSAPI, 1, [define if you have GSSAPI])
72+ WITH_GSSAPI=yes
73+elif test $ol_with_gssapi = auto ; then
74+ AC_MSG_WARN([Could not locate GSSAPI package])
75+ AC_MSG_WARN([GSSAPI authentication not supported!])
76+elif test $ol_with_gssapi = yes ; then
77+ AC_MSG_ERROR([GSSAPI detection failed])
78+fi
79+
80+dnl ----------------------------------------------------------------
81 dnl TLS/SSL
82
83 if test $ol_with_tls = yes ; then
84@@ -1928,6 +1988,13 @@
85 fi
86 AC_SUBST(VERSION_OPTION)
87
88+VERSION_OPTION=""
89+OL_SYMBOL_VERSIONING
90+if test $ol_cv_ld_version_script_option = yes ; then
91+ VERSION_OPTION="-Wl,--version-script="
92+fi
93+AC_SUBST(VERSION_OPTION)
94+
95 dnl ----------------------------------------------------------------
96 if test $ol_enable_wrappers != no ; then
97 AC_CHECK_HEADERS(tcpd.h,[
98@@ -3159,6 +3226,7 @@
99 AC_SUBST(KRB4_LIBS)
100 AC_SUBST(KRB5_LIBS)
101 AC_SUBST(SASL_LIBS)
102+AC_SUBST(GSSAPI_LIBS)
103 AC_SUBST(TLS_LIBS)
104 AC_SUBST(MODULES_LIBS)
105 AC_SUBST(SLAPI_LIBS)
106--- a/include/portable.hin
107+++ b/include/portable.hin
108@@ -253,6 +253,18 @@
109 /* Define to 1 if you have the <grp.h> header file. */
110 #undef HAVE_GRP_H
111
112+/* define if you have GSSAPI */
113+#undef HAVE_GSSAPI
114+
115+/* Define to 1 if you have the <gssapi/gssapi.h> header file. */
116+#undef HAVE_GSSAPI_GSSAPI_H
117+
118+/* Define to 1 if you have the <gssapi.h> header file. */
119+#undef HAVE_GSSAPI_H
120+
121+/* Define to 1 if you have the `gss_oid_to_str' function. */
122+#undef HAVE_GSS_OID_TO_STR
123+
124 /* Define to 1 if you have the `hstrerror' function. */
125 #undef HAVE_HSTRERROR
126
127--- a/build/top.mk
128+++ b/build/top.mk
129@@ -190,9 +190,10 @@
130 KRB5_LIBS = @KRB5_LIBS@
131 KRB_LIBS = @KRB4_LIBS@ @KRB5_LIBS@
132 SASL_LIBS = @SASL_LIBS@
133+GSSAPI_LIBS = @GSSAPI_LIBS@
134 TLS_LIBS = @TLS_LIBS@
135 AUTH_LIBS = @AUTH_LIBS@
136-SECURITY_LIBS = $(SASL_LIBS) $(KRB_LIBS) $(TLS_LIBS) $(AUTH_LIBS)
137+SECURITY_LIBS = $(SASL_LIBS) $(KRB_LIBS) $(GSSAPI_LIBS) $(TLS_LIBS) $(AUTH_LIBS)
138
139 MODULES_CPPFLAGS = @SLAPD_MODULES_CPPFLAGS@
140 MODULES_LDFLAGS = @SLAPD_MODULES_LDFLAGS@
diff --git a/debian/patches/series b/debian/patches/series
index 6181d9b..c93db6f 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -8,6 +8,7 @@ index-files-created-as-root
8sasl-default-path 8sasl-default-path
9libldap-symbol-versions9libldap-symbol-versions
10getaddrinfo-is-threadsafe10getaddrinfo-is-threadsafe
11gssapi.diff
11do-not-second-guess-sonames12do-not-second-guess-sonames
12contrib-makefiles13contrib-makefiles
13smbk5pwd-makefile-manpage14smbk5pwd-makefile-manpage
@@ -20,3 +21,4 @@ no-bdb-ABI-second-guessing
20ITS6035-olcauthzregex-needs-restart.patch21ITS6035-olcauthzregex-needs-restart.patch
21set-maintainer-name22set-maintainer-name
22ITS-9086-Add-debug-logging-for-more-GnuTLS-errors.patch23ITS-9086-Add-debug-logging-for-more-GnuTLS-errors.patch
24fix_test_timing.patch
diff --git a/debian/rules b/debian/rules
index b0fbd54..f01e77b 100755
--- a/debian/rules
+++ b/debian/rules
@@ -7,7 +7,8 @@ include /usr/share/dpkg/pkg-info.mk
7# want the checks for DFSG-freeness.7# want the checks for DFSG-freeness.
8#DFSG_NONFREE = 18#DFSG_NONFREE = 1
99
10export DEB_CFLAGS_MAINT_APPEND := -Wall -Wno-format-extra-args -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE10export DEB_CFLAGS_MAINT_APPEND := -Wall -Wno-format-extra-args -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE -DLDAP_CONNECTIONLESS -I/usr/include/heimdal
11export DEB_LDFLAGS_MAINT_APPEND := -L/usr/lib/$(DEB_HOST_MULTIARCH)/heimdal
11export DEB_BUILD_MAINT_OPTIONS := hardening=+pie,+bindnow12export DEB_BUILD_MAINT_OPTIONS := hardening=+pie,+bindnow
1213
13# Configure calls AM_INIT_AUTOMAKE, but Automake fails as there is no Makefile.am.14# Configure calls AM_INIT_AUTOMAKE, but Automake fails as there is no Makefile.am.
@@ -15,7 +16,7 @@ export DEB_BUILD_MAINT_OPTIONS := hardening=+pie,+bindnow
15export AUTOMAKE = true16export AUTOMAKE = true
1617
17# Expose maintainer address to build/mkversion (see debian/patches/set-maintainer-name)18# Expose maintainer address to build/mkversion (see debian/patches/set-maintainer-name)
18export DEB_MAINTAINER := $(shell sed -ne 's/Maintainer:\s\+//p' debian/control)19export DEB_MAINTAINER := $(shell sed -ne 's/^Maintainer:\s\+//p' debian/control)
1920
20# Expose DEB_VERSION to build/version.sh (see debian/patches/debian-version)21# Expose DEB_VERSION to build/version.sh (see debian/patches/debian-version)
21export DEB_VERSION22export DEB_VERSION
@@ -31,7 +32,7 @@ ifneq ($(filter pkg.openldap.noslapd,$(DEB_BUILD_PROFILES)),)
31 CONFIG += --disable-slapd32 CONFIG += --disable-slapd
32endif33endif
3334
34CONTRIB_MODULES = autogroup lastbind passwd passwd/argon2 passwd/pbkdf2 passwd/sha2 smbk5pwd35CONTRIB_MODULES = autogroup lastbind nssov passwd passwd/argon2 passwd/pbkdf2 passwd/sha2 smbk5pwd
3536
36# Ensure CC is set correctly for cross builds, unless it has already37# Ensure CC is set correctly for cross builds, unless it has already
37# been set explicitly.38# been set explicitly.
@@ -51,7 +52,8 @@ CONTRIB_MAKEVARS := \
51 LDAP_BUILD='$(builddir)' \52 LDAP_BUILD='$(builddir)' \
52 prefix=/usr \53 prefix=/usr \
53 ldap_subdir=/ldap \54 ldap_subdir=/ldap \
54 moduledir='$$(libdir)$$(ldap_subdir)'55 moduledir='$$(libdir)$$(ldap_subdir)' \
56 sysconfdir='/etc$$(ldap_subdir)'
5557
56# These variables are used only by get-orig-source, which will normally only58# These variables are used only by get-orig-source, which will normally only
57# be run by maintainers.59# be run by maintainers.
@@ -165,6 +167,22 @@ endif
165 find $(installdir)/usr/share/man -name \*.8 \167 find $(installdir)/usr/share/man -name \*.8 \
166 | xargs perl -pi -e 's#(\.TH \w+ 8)C#$$1#'168 | xargs perl -pi -e 's#(\.TH \w+ 8)C#$$1#'
167169
170ifeq ($(filter stage1,$(DEB_BUILD_PROFILES)),)
171override_dh_install-arch:
172 dh_install
173
174 # install AppArmor profile
175 install -D -m 644 $(CURDIR)/debian/apparmor-profile $(CURDIR)/debian/slapd/etc/apparmor.d/usr.sbin.slapd
176
177 # install Apport hook
178 install -D -m 644 $(CURDIR)/debian/slapd.py $(CURDIR)/debian/slapd/usr/share/apport/package-hooks/slapd.py
179
180 # install ufw profile
181 install -D -m 644 $(CURDIR)/debian/slapd.ufw.profile $(CURDIR)/debian/slapd/etc/ufw/applications.d/slapd
182
183 dh_apparmor -pslapd --profile-name=usr.sbin.slapd
184endif
185
168override_dh_installinit:186override_dh_installinit:
169 dh_installinit -- "defaults 19 80"187 dh_installinit -- "defaults 19 80"
170188
@@ -225,6 +243,8 @@ ifeq ($(filter pkg.openldap.noslapd,$(DEB_BUILD_PROFILES)),)
225 done; \243 done; \
226 fi244 fi
227245
246 rm -f contrib/slapd-modules/nssov/nss-pam-ldapd/config.sub contrib/slapd-modules/nssov/nss-pam-ldapd/config.guess
247
228 # Clean the contrib directory248 # Clean the contrib directory
229 for mod in $(CONTRIB_MODULES); do \249 for mod in $(CONTRIB_MODULES); do \
230 dh_auto_clean -Dcontrib/slapd-modules/$$mod -Bcontrib/slapd-modules/$$mod || exit $?; \250 dh_auto_clean -Dcontrib/slapd-modules/$$mod -Bcontrib/slapd-modules/$$mod || exit $?; \
diff --git a/debian/slapd.README.Debian b/debian/slapd.README.Debian
index ecec104..084d19c 100644
--- a/debian/slapd.README.Debian
+++ b/debian/slapd.README.Debian
@@ -331,3 +331,14 @@ Unsafe access control rule installed by default in previous versions
331 slapd.access(5) man page.331 slapd.access(5) man page.
332332
333 -- Ryan Tandy <ryan@nardis.ca>, Mon, 20 Oct 2014 11:45:20 -0700333 -- Ryan Tandy <ryan@nardis.ca>, Mon, 20 Oct 2014 11:45:20 -0700
334
335Apparmor Profile
336----------------
337
338 If your system uses AppArmor, please note that the shipped enforcing profile
339 works with the default installation, and changes in your configuration may
340 require changes to the installed apparmor profile. Please see
341 https://wiki.ubuntu.com/DebuggingApparmor before filing a bug against this
342 software.
343
344 -- Jamie Strandboge <jamie@ubuntu.com>, Mon, 4 Feb 2008 21:18:21 -0500
diff --git a/debian/slapd.install b/debian/slapd.install
index 0987dad..206a208 100644
--- a/debian/slapd.install
+++ b/debian/slapd.install
@@ -54,5 +54,7 @@ usr/lib/ldap/autogroup.so*
54usr/lib/ldap/autogroup.la54usr/lib/ldap/autogroup.la
55usr/lib/ldap/lastbind.so*55usr/lib/ldap/lastbind.so*
56usr/lib/ldap/lastbind.la56usr/lib/ldap/lastbind.la
57usr/lib/ldap/nssov.so*
58usr/lib/ldap/nssov.la
57usr/lib/ldap/pw-sha2.so*59usr/lib/ldap/pw-sha2.so*
58usr/lib/ldap/pw-sha2.la60usr/lib/ldap/pw-sha2.la
diff --git a/debian/slapd.manpages b/debian/slapd.manpages
index ffd3243..25f6d43 100644
--- a/debian/slapd.manpages
+++ b/debian/slapd.manpages
@@ -43,3 +43,4 @@ debian/tmp/usr/share/man/man5/slapo-valsort.5
4343
44# contrib modules installed in main package44# contrib modules installed in main package
45debian/tmp/usr/share/man/man5/slapo-lastbind.545debian/tmp/usr/share/man/man5/slapo-lastbind.5
46contrib/slapd-modules/nssov/slapo-nssov.5
diff --git a/debian/slapd.py b/debian/slapd.py
46new file mode 10064447new file mode 100644
index 0000000..7d78699
--- /dev/null
+++ b/debian/slapd.py
@@ -0,0 +1,51 @@
1#!/usr/bin/python
2
3'''apport hook for slapd
4
5(c) 2010 Adam Sommer.
6Author: Adam Sommer <asommer@ubuntu.com>
7
8This program is free software; you can redistribute it and/or modify it
9under the terms of the GNU General Public License as published by the
10Free Software Foundation; either version 2 of the License, or (at your
11option) any later version. See http://www.gnu.org/copyleft/gpl.html for
12the full text of the license.
13'''
14
15from apport.hookutils import *
16import os
17
18# Scrub olcRootPW attribute and credentials strings if necessary.
19def scrub_pass_strings(config):
20 olcrootpw_regex = re.compile('olcRootPW:.*')
21 olcrootpw_string = olcrootpw_regex.search(config)
22 if olcrootpw_string:
23 config = config.replace(olcrootpw_string.group(0), 'olcRootPW: @@APPORTREPLACED@@')
24
25 credentials_regex = re.compile('credentials=.* ')
26 credentials_string = credentials_regex.search(config)
27 if credentials_string:
28 config = config.replace(credentials_string.group(0), 'credentials=@@APPORTREPLACED@@ ')
29
30 return config
31
32def add_info(report, ui):
33 response = ui.yesno("The contents of your /etc/ldap/slapd.d directory "
34 "may help developers diagnose your bug more "
35 "quickly. However, it may contain sensitive "
36 "information. Do you want to include it in your "
37 "bug report?")
38
39 if response == None: # user cancelled
40 raise StopIteration
41
42 elif response == True:
43 # Get the cn=config tree.
44 cn_config = root_command_output(['/usr/bin/ldapsearch', '-Q', '-LLL', '-Y EXTERNAL', '-H ldapi:///', '-b cn=config'])
45 report['CNConfig'] = scrub_pass_strings(cn_config)
46
47 # Get slapd messages from /var/log/syslog
48 slapd_re = re.compile('slapd', re.IGNORECASE)
49 report['SysLog'] = recent_syslog(slapd_re)
50
51 attach_mac_events(report, '/usr/sbin/slapd')
diff --git a/debian/slapd.ufw.profile b/debian/slapd.ufw.profile
0new file mode 10064452new file mode 100644
index 0000000..3c4f676
--- /dev/null
+++ b/debian/slapd.ufw.profile
@@ -0,0 +1,9 @@
1[OpenLDAP LDAP]
2title=OpenLDAP with TLS
3description=OpenLDAP is a free, fast, lightweight LDAP server
4ports=389/tcp
5
6[OpenLDAP LDAPS]
7title=OpenLDAP over SSL
8description=OpenLDAP is a free, fast, lightweight LDAP server
9ports=636/tcp

Subscribers

People subscribed via source and target branches