Ubuntu
openldap package

Merge ~sergiodj/ubuntu/+source/openldap:merge-2.5.6-exp1 into ubuntu/+source/openldap:debian/experimental

  1. Git
  2. lp:~sergiodj/ubuntu/+source/openldap
  3. merge-2.5.6-exp1
  4. Merge into debian/experimental
Proposed by Sergio Durigan Junior
Status: Merged
Approved by: Sergio Durigan Junior
Approved revision: 57499a903715d983fd2f2ce82f093ed6cbe7ea49
Merge reported by: Bryce Harrington
Merged at revision: 57499a903715d983fd2f2ce82f093ed6cbe7ea49
Proposed branch: ~sergiodj/ubuntu/+source/openldap:merge-2.5.6-exp1
Merge into: ubuntu/+source/openldap:debian/experimental
Diff against target: 3376 lines (+3010/-3)
7 files modified
debian/apparmor-profile (+61/-0)
debian/changelog (+2857/-0)
debian/control (+4/-2)
debian/rules (+17/-1)
debian/slapd.README.Debian (+11/-0)
debian/slapd.py (+51/-0)
debian/slapd.ufw.profile (+9/-0)
Reviewer Review Type Date Requested Status
Canonical Server packageset reviewers Pending
Andreas Hasenack Pending
Canonical Server Pending
Review via email: mp+407279@code.launchpad.net

Description of the change

This is the merge of openldap 2.5.6+dfsg-1~exp1 from Debian experimental.

It is a relatively trivial merge; no patches have been dropped nor added to the Ubuntu package. Nevertheless, this is an important merge because it brings the new maint script code that is responsible to deal with scenarios where the upgrade from a 2.4.x version of openldap is not possible (most likely due to some old backends being removed in 2.5.x). This is something that Ryan (the Debian openldap maintainer) and I have been working for the last weeks. If you'd like more details, please refer to:

https://salsa.debian.org/openldap-team/openldap/-/merge_requests/2

Another important addition here are the upgrade instructions written in the slapd.README.Debian file. These instructions are important because the user will most likely refer to them if the package upgrade fails. If you'd like more details, please refer to:

https://salsa.debian.org/openldap-team/openldap/-/commit/8943a217c2b0064f9650b28269d3326ef90453c4

You can find a PPA with the proposed package here:

https://launchpad.net/~sergiodj/+archive/ubuntu/openldap-merge/+packages

autopkgtest is still passing:

autopkgtest [15:09:19]: @@@@@@@@@@@@@@@@@@@@ summary
slapd PASS (superficial)
smbk5pwd PASS (superficial)

To post a comment you must log in.
Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

Thanks for the review, Athos.

Uploaded:

$ git push pkg upload/2.5.6+dfsg-1_exp1ubuntu1
Enumerating objects: 41, done.
Counting objects: 100% (41/41), done.
Delta compression using up to 8 threads
Compressing objects: 100% (35/35), done.
Writing objects: 100% (35/35), 22.40 KiB | 1.60 MiB/s, done.
Total 35 (delta 24), reused 2 (delta 0)
To ssh://git.launchpad.net/ubuntu/+source/openldap
 * [new tag] upload/2.5.6+dfsg-1_exp1ubuntu1 -> upload/2.5.6+dfsg-1_exp1ubuntu1

$ dput openldap_2.5.6+dfsg-1~exp1ubuntu1_source.changes
Trying to upload package to ubuntu
Checking signature on .changes
gpg: /home/sergio/work/openldap/openldap_2.5.6+dfsg-1~exp1ubuntu1_source.changes: Valid signature from 106DA1C8C3CBBF14
Checking signature on .dsc
gpg: /home/sergio/work/openldap/openldap_2.5.6+dfsg-1~exp1ubuntu1.dsc: Valid signature from 106DA1C8C3CBBF14
Package includes an .orig.tar.gz file although the debian revision suggests
that it might not be required. Multiple uploads of the .orig.tar.gz may be
rejected by the upload queue management software.
Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading openldap_2.5.6+dfsg-1~exp1ubuntu1.dsc: done.
  Uploading openldap_2.5.6+dfsg.orig.tar.gz: done.
  Uploading openldap_2.5.6+dfsg-1~exp1ubuntu1.debian.tar.xz: done.
  Uploading openldap_2.5.6+dfsg-1~exp1ubuntu1_source.buildinfo: done.
  Uploading openldap_2.5.6+dfsg-1~exp1ubuntu1_source.changes: done.
Successfully uploaded packages.

Revision history for this message
Bryce Harrington (bryce) wrote :

This has migrated successfully.

  - Source Package: openldap
  - Current Version: 2.5.6+dfsg-1~exp1ubuntu1
  - New Version: 2.5.6+dfsg-1~exp1ubuntu1
  - Migrated: True

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/debian/apparmor-profile b/debian/apparmor-profile
0new file mode 1006440new file mode 100644
index 0000000..6a247aa
--- /dev/null
+++ b/debian/apparmor-profile
@@ -0,0 +1,61 @@
1# vim:syntax=apparmor
2# Last Modified: Fri Jun 6 13:51:00 2020
3# Author: Jamie Strandboge <jamie@ubuntu.com>
4
5#include <tunables/global>
6
7/usr/sbin/slapd {
8 #include <abstractions/base>
9 #include <abstractions/nameservice>
10 #include <abstractions/p11-kit>
11
12 #include <abstractions/ssl_keys>
13 #include <abstractions/ssl_certs>
14
15 /etc/sasldb2 r,
16
17 capability dac_override,
18 capability net_bind_service,
19 capability setgid,
20 capability setuid,
21
22 /etc/gai.conf r,
23 /etc/hosts.allow r,
24 /etc/hosts.deny r,
25
26 # ldap files
27 /etc/ldap/** kr,
28 /etc/ldap/slapd.d/** rw,
29
30 # kerberos/gssapi
31 /dev/tty rw,
32 /etc/gss/mech.d/ r,
33 /etc/gss/mech.d/* kr,
34 /etc/krb5.keytab kr,
35 /etc/krb5/user/*/client.keytab kr,
36 owner /tmp/krb5cc_* rwk,
37 owner /var/tmp/krb5_*.rcache2 rwk,
38 /var/tmp/ rw,
39 /var/tmp/** rw,
40
41 # the databases and logs
42 /var/lib/ldap/ r,
43 /var/lib/ldap/** rwk,
44
45 # lock file
46 /var/lib/ldap/alock kw,
47
48 # pid files and sockets
49 /{,var/}run/slapd/* w,
50 /{,var/}run/slapd/ldapi rw,
51 /{,var/}run/nslcd/socket rw,
52 /{,var/}run/saslauthd/mux rw,
53
54 /usr/lib/ldap/ r,
55 /usr/lib/ldap/* mr,
56
57 /usr/sbin/slapd mr,
58
59 # Site-specific additions and overrides. See local/README for details.
60 #include <local/usr.sbin.slapd>
61}
diff --git a/debian/changelog b/debian/changelog
index 99e4a40..3507a62 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,22 @@
1openldap (2.5.6+dfsg-1~exp1ubuntu1) impish; urgency=medium
2
3 * Merge with Debian unstable. Remaining changes:
4 - Enable AppArmor support:
5 + d/apparmor-profile: add AppArmor profile
6 + d/rules: use dh_apparmor
7 + d/control: Build-Depends on dh-apparmor
8 + d/slapd.README.Debian: add note about AppArmor
9 - Enable ufw support:
10 + d/control: suggest ufw.
11 + d/rules: install ufw profile.
12 + d/slapd.ufw.profile: add ufw profile.
13 - d/{rules,slapd.py}: Add apport hook.
14 - d/rules: better regexp to match the Maintainer tag in d/control,
15 needed in the Ubuntu case because of XSBC-Original-Maintainer
16 (Closes #960448, LP #1875697)
17
18 -- Sergio Durigan Junior <sergio.durigan@canonical.com> Tue, 17 Aug 2021 14:06:00 -0400
19
1openldap (2.5.6+dfsg-1~exp1) experimental; urgency=medium20openldap (2.5.6+dfsg-1~exp1) experimental; urgency=medium
221
3 [ Ryan Tandy ]22 [ Ryan Tandy ]
@@ -32,6 +51,59 @@ openldap (2.5.6+dfsg-1~exp1) experimental; urgency=medium
3251
33 -- Ryan Tandy <ryan@nardis.ca> Mon, 16 Aug 2021 18:32:29 -070052 -- Ryan Tandy <ryan@nardis.ca> Mon, 16 Aug 2021 18:32:29 -0700
3453
54openldap (2.5.5+dfsg-1~exp1ubuntu1) impish; urgency=medium
55
56 * Merge with Debian unstable. Remaining changes:
57 - Enable AppArmor support:
58 + d/apparmor-profile: add AppArmor profile
59 + d/rules: use dh_apparmor
60 + d/control: Build-Depends on dh-apparmor
61 + d/slapd.README.Debian: add note about AppArmor
62 - Enable ufw support:
63 + d/control: suggest ufw.
64 + d/rules: install ufw profile.
65 + d/slapd.ufw.profile: add ufw profile.
66 - d/{rules,slapd.py}: Add apport hook.
67 - d/rules: better regexp to match the Maintainer tag in d/control,
68 needed in the Ubuntu case because of XSBC-Original-Maintainer
69 (Closes #960448, LP #1875697)
70 * Dropped changes:
71 - Enable GSSAPI support (first added in 2.4.18-0ubuntu2):
72 + d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
73 - Add --with-gssapi support
74 - Make guess_service_principal() more robust when determining
75 principal
76 + d/configure.options: Configure with --with-gssapi
77 + d/control: Added heimdal-dev as a build depend
78 + d/rules:
79 - Explicitly add -I/usr/include/heimdal to CFLAGS.
80 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
81 + d/libldap-2.4-2.symbols: add symbols for GSSAPI support
82 This should be dropped when the soname changes.
83 [ Dropped as planned after soname bump due to 2.5.5 update. ]
84 - Enable nss overlay:
85 + d/rules:
86 - add nssov to CONTRIB_MODULES
87 - add sysconfdir to CONTRIB_MAKEVARS
88 + d/slapd.install: install nssov overlay
89 + d/slapd.manpages: install slapo-nssov(5) man page
90 + d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
91 Debian bug #919136, we also have to patch the nssov makefile
92 accordingly and thus update this patch.
93 [ Dropped as planned after soname bump due to 2.5.5 update. ]
94 - Add support for CLDAP (UDP) support, back then required by
95 likewise-open (first enabled in 2.4.17-1ubuntu2):
96 + d/rules: Enable -DLDAP_CONNECTIONLESS
97 + d/libldap-2.4-2.symbols: add symbols for CLDAP (UDP)
98 This should be dropped when the soname changes.
99 [ Dropped as planned after soname bump due to 2.5.5 update. ]
100 - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because
101 of test timing issue.
102 [ Dropped because the latest update improved the testcase and
103 there is no FTBFS on riscv64 anymore. ]
104
105 -- Sergio Durigan Junior <sergio.durigan@canonical.com> Tue, 15 Jun 2021 17:20:34 -0400
106
35openldap (2.5.5+dfsg-1~exp1) experimental; urgency=medium107openldap (2.5.5+dfsg-1~exp1) experimental; urgency=medium
36108
37 * New upstream release.109 * New upstream release.
@@ -137,6 +209,53 @@ openldap (2.4.57+dfsg-3) unstable; urgency=medium
137209
138 -- Ryan Tandy <ryan@nardis.ca> Sat, 15 May 2021 16:03:34 -0700210 -- Ryan Tandy <ryan@nardis.ca> Sat, 15 May 2021 16:03:34 -0700
139211
212openldap (2.4.57+dfsg-2ubuntu1) hirsute; urgency=medium
213
214 * Merge with Debian unstable. Remaining changes:
215 - Enable AppArmor support:
216 + d/apparmor-profile: add AppArmor profile
217 + d/rules: use dh_apparmor
218 + d/control: Build-Depends on dh-apparmor
219 + d/slapd.README.Debian: add note about AppArmor
220 - Enable GSSAPI support (first added in 2.4.18-0ubuntu2):
221 + d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
222 - Add --with-gssapi support
223 - Make guess_service_principal() more robust when determining
224 principal
225 + d/configure.options: Configure with --with-gssapi
226 + d/control: Added heimdal-dev as a build depend
227 + d/rules:
228 - Explicitly add -I/usr/include/heimdal to CFLAGS.
229 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
230 + d/libldap-2.4-2.symbols: add symbols for GSSAPI support
231 This should be dropped when the soname changes.
232 - Enable ufw support:
233 + d/control: suggest ufw.
234 + d/rules: install ufw profile.
235 + d/slapd.ufw.profile: add ufw profile.
236 - Enable nss overlay:
237 + d/rules:
238 - add nssov to CONTRIB_MODULES
239 - add sysconfdir to CONTRIB_MAKEVARS
240 + d/slapd.install: install nssov overlay
241 + d/slapd.manpages: install slapo-nssov(5) man page
242 + d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
243 Debian bug #919136, we also have to patch the nssov makefile
244 accordingly and thus update this patch.
245 - d/{rules,slapd.py}: Add apport hook.
246 - Add support for CLDAP (UDP) support, back then required by
247 likewise-open (first enabled in 2.4.17-1ubuntu2):
248 + d/rules: Enable -DLDAP_CONNECTIONLESS
249 + d/libldap-2.4-2.symbols: add symbols for CLDAP (UDP)
250 This should be dropped when the soname changes.
251 - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because
252 of test timing issue.
253 - d/rules: better regexp to match the Maintainer tag in d/control,
254 needed in the Ubuntu case because of XSBC-Original-Maintainer
255 (Closes #960448, LP #1875697)
256
257 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 18 Feb 2021 10:15:38 -0500
258
140openldap (2.4.57+dfsg-2) unstable; urgency=medium259openldap (2.4.57+dfsg-2) unstable; urgency=medium
141260
142 * Fix slapd assertion failure in Certificate List Exact Assertion validation261 * Fix slapd assertion failure in Certificate List Exact Assertion validation
@@ -166,6 +285,65 @@ openldap (2.4.57+dfsg-1) unstable; urgency=medium
166285
167 -- Ryan Tandy <ryan@nardis.ca> Sat, 23 Jan 2021 08:57:07 -0800286 -- Ryan Tandy <ryan@nardis.ca> Sat, 23 Jan 2021 08:57:07 -0800
168287
288openldap (2.4.56+dfsg-1ubuntu2) hirsute; urgency=medium
289
290 * debian/apparmor-profile: add AppArmor rule for locking replay cache.
291 In Hirsute, a change (presumably in src:krb5) has caused slapd to be
292 denied by AppArmor for locking /var/tmp/krb5_*.rcache2. This is
293 acceptable, so add it to the AppArmor profile. This fixes the dep8
294 test in src:krb5 that uses slapd for testing.
295
296 -- Robie Basak <robie.basak@ubuntu.com> Tue, 26 Jan 2021 13:02:40 +0000
297
298openldap (2.4.56+dfsg-1ubuntu1) hirsute; urgency=medium
299
300 * Merge with Debian unstable. Remaining changes:
301 - Enable AppArmor support:
302 + d/apparmor-profile: add AppArmor profile
303 + d/rules: use dh_apparmor
304 + d/control: Build-Depends on dh-apparmor
305 + d/slapd.README.Debian: add note about AppArmor
306 - Enable GSSAPI support (first added in 2.4.18-0ubuntu2):
307 + d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
308 - Add --with-gssapi support
309 - Make guess_service_principal() more robust when determining
310 principal
311 + d/configure.options: Configure with --with-gssapi
312 + d/control: Added heimdal-dev as a build depend
313 + d/rules:
314 - Explicitly add -I/usr/include/heimdal to CFLAGS.
315 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
316 + d/libldap-2.4-2.symbols: add symbols for GSSAPI support
317 This should be dropped when the soname changes.
318 - Enable ufw support:
319 + d/control: suggest ufw.
320 + d/rules: install ufw profile.
321 + d/slapd.ufw.profile: add ufw profile.
322 - Enable nss overlay:
323 + d/rules:
324 - add nssov to CONTRIB_MODULES
325 - add sysconfdir to CONTRIB_MAKEVARS
326 + d/slapd.install: install nssov overlay
327 + d/slapd.manpages: install slapo-nssov(5) man page
328 + d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
329 Debian bug #919136, we also have to patch the nssov makefile
330 accordingly and thus update this patch.
331 - d/{rules,slapd.py}: Add apport hook.
332 - Add support for CLDAP (UDP) support, back then required by
333 likewise-open (first enabled in 2.4.17-1ubuntu2):
334 + d/rules: Enable -DLDAP_CONNECTIONLESS
335 + d/libldap-2.4-2.symbols: add symbols for CLDAP (UDP)
336 This should be dropped when the soname changes.
337 - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because
338 of test timing issue.
339 - d/rules: better regexp to match the Maintainer tag in d/control,
340 needed in the Ubuntu case because of XSBC-Original-Maintainer
341 (Closes #960448, LP #1875697)
342 * d/apparmor-profile: use abstractions/ssl_keys instead of manual rules,
343 allows letsencrypt to work. Thanks to Paul McEnery (LP: #1909748)
344
345 -- Paride Legovini <paride.legovini@canonical.com> Mon, 04 Jan 2021 16:18:57 +0100
346
169openldap (2.4.56+dfsg-1) unstable; urgency=medium347openldap (2.4.56+dfsg-1) unstable; urgency=medium
170348
171 * New upstream release.349 * New upstream release.
@@ -192,12 +370,151 @@ openldap (2.4.54+dfsg-1) unstable; urgency=medium
192370
193 -- Ryan Tandy <ryan@nardis.ca> Sun, 18 Oct 2020 16:03:46 +0000371 -- Ryan Tandy <ryan@nardis.ca> Sun, 18 Oct 2020 16:03:46 +0000
194372
373openldap (2.4.53+dfsg-1ubuntu5) hirsute; urgency=medium
374
375 * SECURITY UPDATE: assertion failure in Certificate List syntax
376 validation
377 - debian/patches/CVE-2020-25709.patch: properly handle error in
378 servers/slapd/schema_init.c.
379 - CVE-2020-25709
380 * SECURITY UPDATE: assertion failure in CSN normalization with invalid
381 input
382 - debian/patches/CVE-2020-25710.patch: properly handle error in
383 servers/slapd/schema_init.c.
384 - CVE-2020-25710
385
386 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 17 Nov 2020 09:41:47 -0500
387
388openldap (2.4.53+dfsg-1ubuntu4) hirsute; urgency=medium
389
390 * SECURITY UPDATE: DoS via NULL pointer dereference
391 - debian/patches/CVE-2020-25692.patch: skip normalization if there's no
392 equality rule in servers/slapd/modrdn.c.
393 - CVE-2020-25692
394
395 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 09 Nov 2020 14:02:02 -0500
396
397openldap (2.4.53+dfsg-1ubuntu3) hirsute; urgency=medium
398
399 * No-change rebuild for the perl update.
400
401 -- Matthias Klose <doko@ubuntu.com> Mon, 09 Nov 2020 12:53:38 +0100
402
403openldap (2.4.53+dfsg-1ubuntu2) hirsute; urgency=medium
404
405 * No-change rebuild for the perl update.
406
407 -- Matthias Klose <doko@ubuntu.com> Mon, 09 Nov 2020 10:51:32 +0100
408
409openldap (2.4.53+dfsg-1ubuntu1) groovy; urgency=medium
410
411 * Merge with Debian unstable (LP: #1894838). Remaining changes:
412 - Enable AppArmor support:
413 + d/apparmor-profile: add AppArmor profile
414 + d/rules: use dh_apparmor
415 + d/control: Build-Depends on dh-apparmor
416 + d/slapd.README.Debian: add note about AppArmor
417 - Enable GSSAPI support (first added in 2.4.18-0ubuntu2):
418 + d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
419 - Add --with-gssapi support
420 - Make guess_service_principal() more robust when determining
421 principal
422 + d/configure.options: Configure with --with-gssapi
423 + d/control: Added heimdal-dev as a build depend
424 + d/rules:
425 - Explicitly add -I/usr/include/heimdal to CFLAGS.
426 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
427 + d/libldap-2.4-2.symbols: add symbols for GSSAPI support
428 This should be dropped when the soname changes.
429 - Enable ufw support:
430 + d/control: suggest ufw.
431 + d/rules: install ufw profile.
432 + d/slapd.ufw.profile: add ufw profile.
433 - Enable nss overlay:
434 + d/rules:
435 - add nssov to CONTRIB_MODULES
436 - add sysconfdir to CONTRIB_MAKEVARS
437 + d/slapd.install: install nssov overlay
438 + d/slapd.manpages: install slapo-nssov(5) man page
439 + d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
440 Debian bug #919136, we also have to patch the nssov makefile
441 accordingly and thus update this patch.
442 - d/{rules,slapd.py}: Add apport hook.
443 - Add support for CLDAP (UDP) support, back then required by
444 likewise-open (first enabled in 2.4.17-1ubuntu2):
445 + d/rules: Enable -DLDAP_CONNECTIONLESS
446 + d/libldap-2.4-2.symbols: add symbols for CLDAP (UDP)
447 This should be dropped when the soname changes.
448 - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because
449 of test timing issue.
450 - d/rules: better regexp to match the Maintainer tag in d/control,
451 needed in the Ubuntu case because of XSBC-Original-Maintainer
452 (Closes #960448, LP #1875697)
453
454 -- Andreas Hasenack <andreas@canonical.com> Tue, 08 Sep 2020 09:36:58 -0300
455
195openldap (2.4.53+dfsg-1) unstable; urgency=medium456openldap (2.4.53+dfsg-1) unstable; urgency=medium
196457
197 * New upstream release.458 * New upstream release.
198459
199 -- Ryan Tandy <ryan@nardis.ca> Mon, 07 Sep 2020 09:47:28 -0700460 -- Ryan Tandy <ryan@nardis.ca> Mon, 07 Sep 2020 09:47:28 -0700
200461
462openldap (2.4.51+dfsg-1ubuntu1) groovy; urgency=medium
463
464 * Merge with Debian unstable. Remaining changes:
465 - Enable AppArmor support:
466 + d/apparmor-profile: add AppArmor profile
467 + d/rules: use dh_apparmor
468 + d/control: Build-Depends on dh-apparmor
469 + d/slapd.README.Debian: add note about AppArmor
470 - Enable GSSAPI support (first added in 2.4.18-0ubuntu2):
471 + d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
472 - Add --with-gssapi support
473 - Make guess_service_principal() more robust when determining
474 principal
475 + d/configure.options: Configure with --with-gssapi
476 + d/control: Added heimdal-dev as a build depend
477 + d/rules:
478 - Explicitly add -I/usr/include/heimdal to CFLAGS.
479 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
480 + d/libldap-2.4-2.symbols: add symbols for GSSAPI support
481 This should be dropped when the soname changes.
482 - Enable ufw support:
483 + d/control: suggest ufw.
484 + d/rules: install ufw profile.
485 + d/slapd.ufw.profile: add ufw profile.
486 - Enable nss overlay:
487 + d/rules:
488 - add nssov to CONTRIB_MODULES
489 - add sysconfdir to CONTRIB_MAKEVARS
490 + d/slapd.install: install nssov overlay
491 + d/slapd.manpages: install slapo-nssov(5) man page
492 + d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
493 Debian bug #919136, we also have to patch the nssov makefile
494 accordingly and thus update this patch.
495 - d/{rules,slapd.py}: Add apport hook.
496 - Add support for CLDAP (UDP) support, back then required by
497 likewise-open (first enabled in 2.4.17-1ubuntu2):
498 + d/rules: Enable -DLDAP_CONNECTIONLESS
499 + d/libldap-2.4-2.symbols: add symbols for CLDAP (UDP)
500 This should be dropped when the soname changes.
501 - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because
502 of test timing issue.
503 - d/rules: better regexp to match the Maintainer tag in d/control,
504 needed in the Ubuntu case because of XSBC-Original-Maintainer
505 (Closes #960448, LP #1875697)
506 * Dropped:
507 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
508 [In 2.4.51+dfsg-1]
509 - d/slapd.scripts-common:
510 + add slapcat_opts to local variables.
511 + Fix backup directory naming for multiple reconfiguration.
512 [In 2.4.51+dfsg-1]
513 - debian/patches/set-maintainer-name: our d/rules change needs to
514 be kept, but this patch is in 2.4.51+dfsg-1.
515
516 -- Andreas Hasenack <andreas@canonical.com> Wed, 26 Aug 2020 11:03:24 -0300
517
201openldap (2.4.51+dfsg-1) unstable; urgency=medium518openldap (2.4.51+dfsg-1) unstable; urgency=medium
202519
203 * New upstream release.520 * New upstream release.
@@ -243,6 +560,85 @@ openldap (2.4.51+dfsg-1) unstable; urgency=medium
243560
244 -- Ryan Tandy <ryan@nardis.ca> Sun, 23 Aug 2020 11:09:57 -0700561 -- Ryan Tandy <ryan@nardis.ca> Sun, 23 Aug 2020 11:09:57 -0700
245562
563openldap (2.4.50+dfsg-1ubuntu3) groovy; urgency=medium
564
565 * No change rebuild against new libnettle8 and libhogweed6 ABI.
566
567 -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 29 Jun 2020 22:31:30 +0100
568
569openldap (2.4.50+dfsg-1ubuntu2) groovy; urgency=medium
570
571 * d/apparmor-profile: Update apparmor profile to grant access to
572 the saslauthd socket, so that SASL authentication works. (LP: #1557157)
573
574 -- Sergio Durigan Junior <sergio.durigan@canonical.com> Fri, 12 Jun 2020 18:20:42 -0400
575
576openldap (2.4.50+dfsg-1ubuntu1) groovy; urgency=medium
577
578 * Merge with Debian unstable. Remaining changes:
579 - Enable AppArmor support:
580 + d/apparmor-profile: add AppArmor profile
581 + d/rules: use dh_apparmor
582 + d/control: Build-Depends on dh-apparmor
583 + d/slapd.README.Debian: add note about AppArmor
584 - Enable GSSAPI support (first added in 2.4.18-0ubuntu2):
585 + d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
586 - Add --with-gssapi support
587 - Make guess_service_principal() more robust when determining
588 principal
589 + d/configure.options: Configure with --with-gssapi
590 + d/control: Added heimdal-dev as a build depend
591 + d/rules:
592 - Explicitly add -I/usr/include/heimdal to CFLAGS.
593 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
594 + d/libldap-2.4-2.symbols: add symbols for GSSAPI support
595 This should be dropped when the soname changes.
596 - Enable ufw support:
597 + d/control: suggest ufw.
598 + d/rules: install ufw profile.
599 + d/slapd.ufw.profile: add ufw profile.
600 - Enable nss overlay:
601 + d/rules:
602 - add nssov to CONTRIB_MODULES
603 - add sysconfdir to CONTRIB_MAKEVARS
604 + d/slapd.install:
605 - install nssov overlay
606 + d/slapd.manpages:
607 - install slapo-nssov(5) man page
608 + d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
609 Debian bug #919136, we also have to patch the nssov makefile
610 accordingly and thus update this patch.
611 - d/{rules,slapd.py}: Add apport hook.
612 - d/slapd.scripts-common:
613 + add slapcat_opts to local variables.
614 + Fix backup directory naming for multiple reconfiguration.
615 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
616 - Add support for CLDAP (UDP) support, back then required by
617 likewise-open (first enabled in 2.4.17-1ubuntu2):
618 + d/rules: Enable -DLDAP_CONNECTIONLESS
619 + d/libldap-2.4-2.symbols: add symbols for CLDAP (UDP)
620 This should be dropped when the soname changes.
621 - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because
622 of test timing issue.
623 * Dropped:
624 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
625 either the default DIT nor via an Authn mapping.
626 [Not worth keeping a delta for, as having olcRootDN doesn't hurt]
627 - Show distribution in version:
628 - d/control: added lsb-release
629 - d/patches/fix-ldap-distribution.patch: show distribution in version
630 [Debian now shows the full package version]
631 - SECURITY UPDATE: denial of service via nested search filters
632 + debian/patches/CVE-2020-12243.patch: limit depth of nested
633 filters in servers/slapd/filter.c.
634 [Fixed upstream]
635 * Added:
636 - d/rules, debian/patches/set-maintainer-name: Extract maintainer
637 address dynamically from debian/control. Thanks to Ryan Tandy
638 <ryan@nardis.ca> (Closes: #960448, LP: #1875697)
639
640 -- Andreas Hasenack <andreas@canonical.com> Mon, 01 Jun 2020 09:19:58 -0300
641
246openldap (2.4.50+dfsg-1) unstable; urgency=medium642openldap (2.4.50+dfsg-1) unstable; urgency=medium
247643
248 * New upstream release.644 * New upstream release.
@@ -285,6 +681,69 @@ openldap (2.4.49+dfsg-3) unstable; urgency=medium
285681
286 -- Ryan Tandy <ryan@nardis.ca> Sat, 04 Apr 2020 10:43:56 -0700682 -- Ryan Tandy <ryan@nardis.ca> Sat, 04 Apr 2020 10:43:56 -0700
287683
684openldap (2.4.49+dfsg-2ubuntu2) groovy; urgency=medium
685
686 * SECURITY UPDATE: denial of service via nested search filters
687 - debian/patches/CVE-2020-12243.patch: limit depth of nested filters in
688 servers/slapd/filter.c.
689 - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because of
690 test timing issue.
691 - CVE-2020-12243
692
693 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 01 May 2020 13:09:12 -0400
694
695openldap (2.4.49+dfsg-2ubuntu1) focal; urgency=medium
696
697 * Merge with Debian unstable (LP: #1866303). Remaining changes:
698 - Enable AppArmor support:
699 - d/apparmor-profile: add AppArmor profile
700 - d/rules: use dh_apparmor
701 - d/control: Build-Depends on dh-apparmor
702 - d/slapd.README.Debian: add note about AppArmor
703 - Enable GSSAPI support:
704 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
705 - Add --with-gssapi support
706 - Make guess_service_principal() more robust when determining
707 principal
708 [Dropped the ldap_gssapi_bind_s() hunk as that is already
709 - d/configure.options: Configure with --with-gssapi
710 - d/control: Added heimdal-dev as a build depend
711 - d/rules:
712 - Explicitly add -I/usr/include/heimdal to CFLAGS.
713 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
714 - Enable ufw support:
715 - d/control: suggest ufw.
716 - d/rules: install ufw profile.
717 - d/slapd.ufw.profile: add ufw profile.
718 - Enable nss overlay:
719 - d/rules:
720 - add nssov to CONTRIB_MODULES
721 - add sysconfdir to CONTRIB_MAKEVARS
722 - d/slapd.install:
723 - install nssov overlay
724 - d/slapd.manpages:
725 - install slapo-nssov(5) man page
726 - d/{rules,slapd.py}: Add apport hook.
727 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
728 either the default DIT nor via an Authn mapping.
729 - d/slapd.scripts-common:
730 - add slapcat_opts to local variables.
731 - Fix backup directory naming for multiple reconfiguration.
732 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
733 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
734 in the openldap library, as required by Likewise-Open
735 - Show distribution in version:
736 - d/control: added lsb-release
737 - d/patches/fix-ldap-distribution.patch: show distribution in version
738 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
739 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
740 - GSSAPI support was enabled in 2.4.18-0ubuntu2
741 - d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
742 Debian bug #919136, we also have to patch the nssov makefile
743 accordingly and thus update this patch.
744
745 -- Andreas Hasenack <andreas@canonical.com> Fri, 06 Mar 2020 11:39:12 -0300
746
288openldap (2.4.49+dfsg-2) unstable; urgency=medium747openldap (2.4.49+dfsg-2) unstable; urgency=medium
289748
290 * slapd.README.Debian: Document the initial setup performed by slapd's749 * slapd.README.Debian: Document the initial setup performed by slapd's
@@ -296,6 +755,62 @@ openldap (2.4.49+dfsg-2) unstable; urgency=medium
296755
297 -- Ryan Tandy <ryan@nardis.ca> Thu, 05 Mar 2020 12:59:46 -0800756 -- Ryan Tandy <ryan@nardis.ca> Thu, 05 Mar 2020 12:59:46 -0800
298757
758openldap (2.4.49+dfsg-1ubuntu1) focal; urgency=medium
759
760 * Merge with Debian unstable. Remaining changes:
761 - Enable AppArmor support:
762 - d/apparmor-profile: add AppArmor profile
763 - d/rules: use dh_apparmor
764 - d/control: Build-Depends on dh-apparmor
765 - d/slapd.README.Debian: add note about AppArmor
766 - Enable GSSAPI support:
767 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
768 - Add --with-gssapi support
769 - Make guess_service_principal() more robust when determining
770 principal
771 [Dropped the ldap_gssapi_bind_s() hunk as that is already
772 - d/configure.options: Configure with --with-gssapi
773 - d/control: Added heimdal-dev as a build depend
774 - d/rules:
775 - Explicitly add -I/usr/include/heimdal to CFLAGS.
776 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
777 - Enable ufw support:
778 - d/control: suggest ufw.
779 - d/rules: install ufw profile.
780 - d/slapd.ufw.profile: add ufw profile.
781 - Enable nss overlay:
782 - d/rules:
783 - add nssov to CONTRIB_MODULES
784 - add sysconfdir to CONTRIB_MAKEVARS
785 - d/slapd.install:
786 - install nssov overlay
787 - d/slapd.manpages:
788 - install slapo-nssov(5) man page
789 - d/{rules,slapd.py}: Add apport hook.
790 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
791 either the default DIT nor via an Authn mapping.
792 - d/slapd.scripts-common:
793 - add slapcat_opts to local variables.
794 - Fix backup directory naming for multiple reconfiguration.
795 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
796 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
797 in the openldap library, as required by Likewise-Open
798 - Show distribution in version:
799 - d/control: added lsb-release
800 - d/patches/fix-ldap-distribution.patch: show distribution in version
801 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
802 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
803 - GSSAPI support was enabled in 2.4.18-0ubuntu2
804 - d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
805 Debian bug #919136, we also have to patch the nssov makefile
806 accordingly and thus update this patch.
807 * Dropped:
808 - d/control: slapd can depend on perl:any since it only uses perl for
809 some maintainer and helper scripts.
810 [In 2.4.49+dfsg-1]
811
812 -- Andreas Hasenack <andreas@canonical.com> Mon, 10 Feb 2020 12:13:47 -0300
813
299openldap (2.4.49+dfsg-1) unstable; urgency=medium814openldap (2.4.49+dfsg-1) unstable; urgency=medium
300815
301 * New upstream release.816 * New upstream release.
@@ -324,6 +839,102 @@ openldap (2.4.49+dfsg-1) unstable; urgency=medium
324839
325 -- Ryan Tandy <ryan@nardis.ca> Thu, 06 Feb 2020 10:08:12 -0800840 -- Ryan Tandy <ryan@nardis.ca> Thu, 06 Feb 2020 10:08:12 -0800
326841
842openldap (2.4.48+dfsg-1ubuntu4) focal; urgency=medium
843
844 * d/control: slapd can depend on perl:any since it only uses perl for
845 some maintainer and helper scripts. The perl backend links against
846 the correct architecture perl libraries already. Can be dropped
847 after https://salsa.debian.org/openldap-team/openldap/commit/794c736
848 is in a Debian upload.
849
850 -- Andreas Hasenack <andreas@canonical.com> Mon, 06 Jan 2020 16:46:11 -0300
851
852openldap (2.4.48+dfsg-1ubuntu3) focal; urgency=medium
853
854 * No-change rebuild against libnettle7
855
856 -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 31 Oct 2019 22:13:44 +0000
857
858openldap (2.4.48+dfsg-1ubuntu2) focal; urgency=medium
859
860 * No-change rebuild for the perl update.
861
862 -- Matthias Klose <doko@ubuntu.com> Fri, 18 Oct 2019 19:37:23 +0000
863
864openldap (2.4.48+dfsg-1ubuntu1) eoan; urgency=medium
865
866 * Merge with Debian unstable. Remaining changes:
867 - Enable AppArmor support:
868 - d/apparmor-profile: add AppArmor profile
869 - d/rules: use dh_apparmor
870 - d/control: Build-Depends on dh-apparmor
871 - d/slapd.README.Debian: add note about AppArmor
872 - Enable GSSAPI support:
873 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
874 - Add --with-gssapi support
875 - Make guess_service_principal() more robust when determining
876 principal
877 - d/configure.options: Configure with --with-gssapi
878 - d/control: Added heimdal-dev as a build depend
879 - d/rules:
880 - Explicitly add -I/usr/include/heimdal to CFLAGS.
881 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
882 - Enable ufw support:
883 - d/control: suggest ufw.
884 - d/rules: install ufw profile.
885 - d/slapd.ufw.profile: add ufw profile.
886 - Enable nss overlay:
887 - d/rules:
888 - add nssov to CONTRIB_MODULES
889 - add sysconfdir to CONTRIB_MAKEVARS
890 - d/slapd.install:
891 - install nssov overlay
892 - d/slapd.manpages:
893 - install slapo-nssov(5) man page
894 - d/{rules,slapd.py}: Add apport hook.
895 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
896 either the default DIT nor via an Authn mapping.
897 - d/slapd.scripts-common:
898 - add slapcat_opts to local variables.
899 - Fix backup directory naming for multiple reconfiguration.
900 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
901 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
902 in the openldap library, as required by Likewise-Open
903 - Show distribution in version:
904 - d/control: added lsb-release
905 - d/patches/fix-ldap-distribution.patch: show distribution in version
906 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
907 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
908 - GSSAPI support was enabled in 2.4.18-0ubuntu2
909 - d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
910 Debian bug #919136, we also have to patch the nssov makefile
911 accordingly and thus update this patch.
912 * Dropped:
913 - Fix sysv-generator unit file by customizing parameters (LP #1821343)
914 + d/slapd-remain-after-exit.conf: Override RemainAfterExit to allow
915 correct systemctl status for slapd daemon.
916 + d/slapd.install: place override file in correct location.
917 [Included in 2.4.48+dfsg-1]
918 - SECURITY UPDATE: rootDN proxyauthz not restricted to its own databases
919 + debian/patches/CVE-2019-13057-1.patch: add restriction to
920 servers/slapd/saslauthz.c.
921 + debian/patches/CVE-2019-13057-2.patch: add tests to
922 tests/data/idassert.out, tests/data/slapd-idassert.conf,
923 tests/data/test-idassert1.ldif, tests/scripts/test028-idassert.
924 + debian/patches/CVE-2019-13057-3.patch: fix typo in
925 tests/scripts/test028-idassert.
926 + debian/patches/CVE-2019-13057-4.patch: fix typo in
927 tests/scripts/test028-idassert.
928 + CVE-2019-13057
929 [Fixed upstream]
930 - SECURITY UPDATE: SASL SSF not initialized per connection
931 + debian/patches/CVE-2019-13565.patch: zero out sasl_ssf in
932 connection_init in servers/slapd/connection.c.
933 + CVE-2019-13565
934 [Fixed upstream]
935
936 -- Andreas Hasenack <andreas@canonical.com> Wed, 31 Jul 2019 18:01:14 -0300
937
327openldap (2.4.48+dfsg-1) unstable; urgency=medium938openldap (2.4.48+dfsg-1) unstable; urgency=medium
328939
329 * New upstream release.940 * New upstream release.
@@ -351,6 +962,87 @@ openldap (2.4.48+dfsg-1) unstable; urgency=medium
351962
352 -- Ryan Tandy <ryan@nardis.ca> Thu, 25 Jul 2019 08:32:00 -0700963 -- Ryan Tandy <ryan@nardis.ca> Thu, 25 Jul 2019 08:32:00 -0700
353964
965openldap (2.4.47+dfsg-3ubuntu3) eoan; urgency=medium
966
967 * SECURITY UPDATE: rootDN proxyauthz not restricted to its own databases
968 - debian/patches/CVE-2019-13057-1.patch: add restriction to
969 servers/slapd/saslauthz.c.
970 - debian/patches/CVE-2019-13057-2.patch: add tests to
971 tests/data/idassert.out, tests/data/slapd-idassert.conf,
972 tests/data/test-idassert1.ldif, tests/scripts/test028-idassert.
973 - debian/patches/CVE-2019-13057-3.patch: fix typo in
974 tests/scripts/test028-idassert.
975 - debian/patches/CVE-2019-13057-4.patch: fix typo in
976 tests/scripts/test028-idassert.
977 - CVE-2019-13057
978 * SECURITY UPDATE: SASL SSF not initialized per connection
979 - debian/patches/CVE-2019-13565.patch: zero out sasl_ssf in
980 connection_init in servers/slapd/connection.c.
981 - CVE-2019-13565
982
983 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 26 Jul 2019 13:21:00 -0400
984
985openldap (2.4.47+dfsg-3ubuntu2) disco; urgency=medium
986
987 * Fix sysv-generator unit file by customizing parameters (LP: #1821343)
988 - d/slapd-remain-after-exit.conf: Override RemainAfterExit to allow
989 correct systemctl status for slapd daemon.
990 - d/slapd.install: place override file in correct location.
991
992 -- Heitor Alves de Siqueira <halves@canonical.com> Mon, 08 Apr 2019 12:39:12 -0300
993
994openldap (2.4.47+dfsg-3ubuntu1) disco; urgency=medium
995
996 * Merge with Debian unstable. Remaining changes:
997 - Enable AppArmor support:
998 - d/apparmor-profile: add AppArmor profile
999 - d/rules: use dh_apparmor
1000 - d/control: Build-Depends on dh-apparmor
1001 - d/slapd.README.Debian: add note about AppArmor
1002 - Enable GSSAPI support:
1003 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1004 - Add --with-gssapi support
1005 - Make guess_service_principal() more robust when determining
1006 principal
1007 - d/configure.options: Configure with --with-gssapi
1008 - d/control: Added heimdal-dev as a build depend
1009 - d/rules:
1010 - Explicitly add -I/usr/include/heimdal to CFLAGS.
1011 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1012 - Enable ufw support:
1013 - d/control: suggest ufw.
1014 - d/rules: install ufw profile.
1015 - d/slapd.ufw.profile: add ufw profile.
1016 - Enable nss overlay:
1017 - d/rules:
1018 - add nssov to CONTRIB_MODULES
1019 - add sysconfdir to CONTRIB_MAKEVARS
1020 - d/slapd.install:
1021 - install nssov overlay
1022 - d/slapd.manpages:
1023 - install slapo-nssov(5) man page
1024 - d/{rules,slapd.py}: Add apport hook.
1025 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1026 either the default DIT nor via an Authn mapping.
1027 - d/slapd.scripts-common:
1028 - add slapcat_opts to local variables.
1029 - Fix backup directory naming for multiple reconfiguration.
1030 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1031 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1032 in the openldap library, as required by Likewise-Open
1033 - Show distribution in version:
1034 - d/control: added lsb-release
1035 - d/patches/fix-ldap-distribution.patch: show distribution in version
1036 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1037 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1038 - GSSAPI support was enabled in 2.4.18-0ubuntu2
1039 * Added changes:
1040 - d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
1041 Debian bug #919136, we also have to patch the nssov makefile
1042 accordingly and thus update this patch.
1043
1044 -- Andreas Hasenack <andreas@canonical.com> Mon, 11 Feb 2019 09:20:47 -0200
1045
354openldap (2.4.47+dfsg-3) unstable; urgency=medium1046openldap (2.4.47+dfsg-3) unstable; urgency=medium
3551047
356 * Restore patches to contrib Makefiles to set CFLAGS, CPPFLAGS, and LDFLAGS1048 * Restore patches to contrib Makefiles to set CFLAGS, CPPFLAGS, and LDFLAGS
@@ -366,6 +1058,63 @@ openldap (2.4.47+dfsg-3) unstable; urgency=medium
3661058
367 -- Ryan Tandy <ryan@nardis.ca> Sat, 02 Feb 2019 10:30:10 -08001059 -- Ryan Tandy <ryan@nardis.ca> Sat, 02 Feb 2019 10:30:10 -0800
3681060
1061openldap (2.4.47+dfsg-2ubuntu1) disco; urgency=medium
1062
1063 * Merge from Debian unstable (LP: #1811630). Remaining changes:
1064 - Enable AppArmor support:
1065 - d/apparmor-profile: add AppArmor profile
1066 - d/rules: use dh_apparmor
1067 - d/control: Build-Depends on dh-apparmor
1068 - d/slapd.README.Debian: add note about AppArmor
1069 - Enable GSSAPI support:
1070 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1071 - Add --with-gssapi support
1072 - Make guess_service_principal() more robust when determining
1073 principal
1074 - d/configure.options: Configure with --with-gssapi
1075 - d/control: Added heimdal-dev as a build depend
1076 - d/rules:
1077 - Explicitly add -I/usr/include/heimdal to CFLAGS.
1078 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1079 - Enable ufw support:
1080 - d/control: suggest ufw.
1081 - d/rules: install ufw profile.
1082 - d/slapd.ufw.profile: add ufw profile.
1083 - Enable nss overlay:
1084 - d/rules:
1085 - add nssov to CONTRIB_MODULES
1086 - add sysconfdir to CONTRIB_MAKEVARS
1087 - d/slapd.install:
1088 - install nssov overlay
1089 - d/slapd.manpages:
1090 - install slapo-nssov(5) man page
1091 - d/{rules,slapd.py}: Add apport hook.
1092 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1093 either the default DIT nor via an Authn mapping.
1094 - d/slapd.scripts-common:
1095 - add slapcat_opts to local variables.
1096 - Fix backup directory naming for multiple reconfiguration.
1097 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1098 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1099 in the openldap library, as required by Likewise-Open
1100 - Show distribution in version:
1101 - d/control: added lsb-release
1102 - d/patches/fix-ldap-distribution.patch: show distribution in version
1103 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1104 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1105 - GSSAPI support was enabled in 2.4.18-0ubuntu2
1106 * Update nssov build and packaging for Debian changes:
1107 - Drop patch nssov-build
1108 - d/rules:
1109 - add nssov to CONTRIB_MODULES
1110 - add sysconfdir to CONTRIB_MAKEVARS
1111 - d/slapd.install:
1112 - install nssov overlay
1113 - d/slapd.manpages:
1114 - install slapo-nssov(5) man page
1115
1116 -- Ryan Tandy <ryan@nardis.ca> Sun, 13 Jan 2019 04:47:09 +0000
1117
369openldap (2.4.47+dfsg-2) unstable; urgency=medium1118openldap (2.4.47+dfsg-2) unstable; urgency=medium
3701119
371 * Reintroduce slapi-dev binary package. (Closes: #711469)1120 * Reintroduce slapi-dev binary package. (Closes: #711469)
@@ -403,6 +1152,63 @@ openldap (2.4.47+dfsg-1) unstable; urgency=medium
4031152
404 -- Ryan Tandy <ryan@nardis.ca> Sun, 23 Dec 2018 12:50:40 -08001153 -- Ryan Tandy <ryan@nardis.ca> Sun, 23 Dec 2018 12:50:40 -0800
4051154
1155openldap (2.4.46+dfsg-5ubuntu3) disco; urgency=medium
1156
1157 * d/apparmor-profile: update apparmor profile to allow reading of
1158 files needed when slapd is behaving as a kerberos/gssapi client
1159 and acquiring its own ticket. (LP: #1783183)
1160
1161 -- Andreas Hasenack <andreas@canonical.com> Fri, 09 Nov 2018 21:29:51 -0200
1162
1163openldap (2.4.46+dfsg-5ubuntu2) disco; urgency=medium
1164
1165 * No-change rebuild for the perl 5.28 transition.
1166
1167 -- Adam Conrad <adconrad@ubuntu.com> Fri, 02 Nov 2018 18:14:37 -0600
1168
1169openldap (2.4.46+dfsg-5ubuntu1) cosmic; urgency=medium
1170
1171 * Merge from Debian unstable. Remaining changes:
1172 - Enable AppArmor support:
1173 - d/apparmor-profile: add AppArmor profile
1174 - d/rules: use dh_apparmor
1175 - d/control: Build-Depends on dh-apparmor
1176 - d/slapd.README.Debian: add note about AppArmor
1177 - Enable GSSAPI support:
1178 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1179 - Add --with-gssapi support
1180 - Make guess_service_principal() more robust when determining
1181 principal
1182 - d/configure.options: Configure with --with-gssapi
1183 - d/control: Added heimdal-dev as a build depend
1184 - d/rules:
1185 - Explicitly add -I/usr/include/heimdal to CFLAGS.
1186 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1187 - Enable ufw support:
1188 - d/control: suggest ufw.
1189 - d/rules: install ufw profile.
1190 - d/slapd.ufw.profile: add ufw profile.
1191 - Enable nss overlay:
1192 - d/{patches/nssov-build,rules}: Apply, build and package the
1193 nss overlay.
1194 - d/{rules,slapd.py}: Add apport hook.
1195 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1196 either the default DIT nor via an Authn mapping.
1197 - d/slapd.scripts-common:
1198 - add slapcat_opts to local variables.
1199 - Fix backup directory naming for multiple reconfiguration.
1200 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1201 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1202 in the openldap library, as required by Likewise-Open
1203 - Show distribution in version:
1204 - d/control: added lsb-release
1205 - d/patches/fix-ldap-distribution.patch: show distribution in version
1206 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1207 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1208 - GSSAPI support was enabled in 2.4.18-0ubuntu2
1209
1210 -- Gianfranco Costamagna <locutusofborg@debian.org> Wed, 09 May 2018 13:44:37 +0200
1211
406openldap (2.4.46+dfsg-5) unstable; urgency=medium1212openldap (2.4.46+dfsg-5) unstable; urgency=medium
4071213
408 * Restore slapd-smbk5pwd now that libldap is installable in unstable.1214 * Restore slapd-smbk5pwd now that libldap is installable in unstable.
@@ -422,6 +1228,49 @@ openldap (2.4.46+dfsg-3) unstable; urgency=medium
4221228
423 -- Ryan Tandy <ryan@nardis.ca> Fri, 04 May 2018 07:36:58 -07001229 -- Ryan Tandy <ryan@nardis.ca> Fri, 04 May 2018 07:36:58 -0700
4241230
1231openldap (2.4.46+dfsg-2ubuntu1) cosmic; urgency=low
1232
1233 * Merge from Debian unstable. Remaining changes:
1234 - Enable AppArmor support:
1235 - d/apparmor-profile: add AppArmor profile
1236 - d/rules: use dh_apparmor
1237 - d/control: Build-Depends on dh-apparmor
1238 - d/slapd.README.Debian: add note about AppArmor
1239 - Enable GSSAPI support:
1240 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1241 - Add --with-gssapi support
1242 - Make guess_service_principal() more robust when determining
1243 principal
1244 - d/configure.options: Configure with --with-gssapi
1245 - d/control: Added heimdal-dev as a build depend
1246 - d/rules:
1247 - Explicitly add -I/usr/include/heimdal to CFLAGS.
1248 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1249 - Enable ufw support:
1250 - d/control: suggest ufw.
1251 - d/rules: install ufw profile.
1252 - d/slapd.ufw.profile: add ufw profile.
1253 - Enable nss overlay:
1254 - d/{patches/nssov-build,rules}: Apply, build and package the
1255 nss overlay.
1256 - d/{rules,slapd.py}: Add apport hook.
1257 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1258 either the default DIT nor via an Authn mapping.
1259 - d/slapd.scripts-common:
1260 - add slapcat_opts to local variables.
1261 - Fix backup directory naming for multiple reconfiguration.
1262 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1263 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1264 in the openldap library, as required by Likewise-Open
1265 - Show distribution in version:
1266 - d/control: added lsb-release
1267 - d/patches/fix-ldap-distribution.patch: show distribution in version
1268 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1269 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1270 - GSSAPI support was enabled in 2.4.18-0ubuntu2
1271
1272 -- Gianfranco Costamagna <locutusofborg@debian.org> Fri, 04 May 2018 10:19:24 +0200
1273
425openldap (2.4.46+dfsg-2) unstable; urgency=medium1274openldap (2.4.46+dfsg-2) unstable; urgency=medium
4261275
427 * Remove version constraint from libldap-2.4-2 dependency on libldap-common.1276 * Remove version constraint from libldap-2.4-2 dependency on libldap-common.
@@ -451,6 +1300,49 @@ openldap (2.4.46+dfsg-1) unstable; urgency=medium
4511300
452 -- Ryan Tandy <ryan@nardis.ca> Thu, 03 May 2018 07:03:30 -07001301 -- Ryan Tandy <ryan@nardis.ca> Thu, 03 May 2018 07:03:30 -0700
4531302
1303openldap (2.4.45+dfsg-1ubuntu1) artful; urgency=low
1304
1305 * Merge from Debian unstable. Remaining changes:
1306 - Enable AppArmor support:
1307 - d/apparmor-profile: add AppArmor profile
1308 - d/rules: use dh_apparmor
1309 - d/control: Build-Depends on dh-apparmor
1310 - d/slapd.README.Debian: add note about AppArmor
1311 - Enable GSSAPI support:
1312 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1313 - Add --with-gssapi support
1314 - Make guess_service_principal() more robust when determining
1315 principal
1316 - d/configure.options: Configure with --with-gssapi
1317 - d/control: Added heimdal-dev as a build depend
1318 - d/rules:
1319 - Explicitly add -I/usr/include/heimdal to CFLAGS.
1320 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1321 - Enable ufw support:
1322 - d/control: suggest ufw.
1323 - d/rules: install ufw profile.
1324 - d/slapd.ufw.profile: add ufw profile.
1325 - Enable nss overlay:
1326 - d/{patches/nssov-build,rules}: Apply, build and package the
1327 nss overlay.
1328 - d/{rules,slapd.py}: Add apport hook.
1329 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1330 either the default DIT nor via an Authn mapping.
1331 - d/slapd.scripts-common:
1332 - add slapcat_opts to local variables.
1333 - Fix backup directory naming for multiple reconfiguration.
1334 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1335 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1336 in the openldap library, as required by Likewise-Open
1337 - Show distribution in version:
1338 - d/control: added lsb-release
1339 - d/patches/fix-ldap-distribution.patch: show distribution in version
1340 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1341 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1342 - GSSAPI support was enabled in 2.4.18-0ubuntu2
1343
1344 -- Gianfranco Costamagna <locutusofborg@debian.org> Fri, 28 Jul 2017 14:49:07 +0200
1345
454openldap (2.4.45+dfsg-1) unstable; urgency=medium1346openldap (2.4.45+dfsg-1) unstable; urgency=medium
4551347
456 * New upstream release.1348 * New upstream release.
@@ -492,6 +1384,49 @@ openldap (2.4.45+dfsg-1) unstable; urgency=medium
4921384
493 -- Ryan Tandy <ryan@nardis.ca> Thu, 27 Jul 2017 18:04:41 -07001385 -- Ryan Tandy <ryan@nardis.ca> Thu, 27 Jul 2017 18:04:41 -0700
4941386
1387openldap (2.4.44+dfsg-8ubuntu1) artful; urgency=low
1388
1389 * Merge from Debian unstable. Remaining changes:
1390 - Enable AppArmor support:
1391 - d/apparmor-profile: add AppArmor profile
1392 - d/rules: use dh_apparmor
1393 - d/control: Build-Depends on dh-apparmor
1394 - d/slapd.README.Debian: add note about AppArmor
1395 - Enable GSSAPI support:
1396 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1397 - Add --with-gssapi support
1398 - Make guess_service_principal() more robust when determining
1399 principal
1400 - d/configure.options: Configure with --with-gssapi
1401 - d/control: Added heimdal-dev as a build depend
1402 - d/rules:
1403 - Explicitly add -I/usr/include/heimdal to CFLAGS.
1404 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1405 - Enable ufw support:
1406 - d/control: suggest ufw.
1407 - d/rules: install ufw profile.
1408 - d/slapd.ufw.profile: add ufw profile.
1409 - Enable nss overlay:
1410 - d/{patches/nssov-build,rules}: Apply, build and package the
1411 nss overlay.
1412 - d/{rules,slapd.py}: Add apport hook.
1413 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1414 either the default DIT nor via an Authn mapping.
1415 - d/slapd.scripts-common:
1416 - add slapcat_opts to local variables.
1417 - Fix backup directory naming for multiple reconfiguration.
1418 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1419 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1420 in the openldap library, as required by Likewise-Open
1421 - Show distribution in version:
1422 - d/control: added lsb-release
1423 - d/patches/fix-ldap-distribution.patch: show distribution in version
1424 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1425 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1426 - GSSAPI support was enabled in 2.4.18-0ubuntu2
1427
1428 -- Gianfranco Costamagna <locutusofborg@debian.org> Mon, 17 Jul 2017 10:58:24 +0200
1429
495openldap (2.4.44+dfsg-8) unstable; urgency=medium1430openldap (2.4.44+dfsg-8) unstable; urgency=medium
4961431
497 * Disable test060-mt-hot on ppc64el temporarily to avoid failing tests until1432 * Disable test060-mt-hot on ppc64el temporarily to avoid failing tests until
@@ -502,6 +1437,52 @@ openldap (2.4.44+dfsg-8) unstable; urgency=medium
5021437
503 -- Ryan Tandy <ryan@nardis.ca> Sun, 16 Jul 2017 12:57:41 -07001438 -- Ryan Tandy <ryan@nardis.ca> Sun, 16 Jul 2017 12:57:41 -0700
5041439
1440openldap (2.4.44+dfsg-7ubuntu1) artful; urgency=medium
1441
1442 * Merge from Debian unstable. Remaining changes:
1443 - Enable AppArmor support:
1444 - d/apparmor-profile: add AppArmor profile
1445 - d/rules: use dh_apparmor
1446 - d/control: Build-Depends on dh-apparmor
1447 - d/slapd.README.Debian: add note about AppArmor
1448 - Enable GSSAPI support:
1449 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1450 - Add --with-gssapi support
1451 - Make guess_service_principal() more robust when determining
1452 principal
1453 - d/configure.options: Configure with --with-gssapi
1454 - d/control: Added heimdal-dev as a build depend
1455 - d/rules:
1456 - Explicitly add -I/usr/include/heimdal to CFLAGS.
1457 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1458 - Enable ufw support:
1459 - d/control: suggest ufw.
1460 - d/rules: install ufw profile.
1461 - d/slapd.ufw.profile: add ufw profile.
1462 - Enable nss overlay:
1463 - d/{patches/nssov-build,rules}: Apply, build and package the
1464 nss overlay.
1465 - d/{rules,slapd.py}: Add apport hook.
1466 [ d/rules modification mentioned above was dropped in
1467 2.4.23-6ubuntu1, re-adding it ]
1468 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1469 either the default DIT nor via an Authn mapping.
1470 - d/slapd.scripts-common:
1471 - add slapcat_opts to local variables.
1472 - Fix backup directory naming for multiple reconfiguration.
1473 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1474 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1475 in the openldap library, as required by Likewise-Open
1476 - Show distribution in version:
1477 - d/control: added lsb-release
1478 - d/patches/fix-ldap-distribution.patch: show distribution in version
1479 [ Refreshed patch ]
1480 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1481 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1482 - GSSAPI support was enabled in 2.4.18-0ubuntu2
1483
1484 -- Gianfranco Costamagna <locutusofborg@debian.org> Tue, 27 Jun 2017 10:21:41 +0200
1485
505openldap (2.4.44+dfsg-7) unstable; urgency=medium1486openldap (2.4.44+dfsg-7) unstable; urgency=medium
5061487
507 * Relax the dependency of libldap-2.4-2 on libldap-common to also permit1488 * Relax the dependency of libldap-2.4-2 on libldap-common to also permit
@@ -509,6 +1490,52 @@ openldap (2.4.44+dfsg-7) unstable; urgency=medium
5091490
510 -- Ryan Tandy <ryan@nardis.ca> Tue, 27 Jun 2017 18:53:12 -07001491 -- Ryan Tandy <ryan@nardis.ca> Tue, 27 Jun 2017 18:53:12 -0700
5111492
1493openldap (2.4.44+dfsg-6ubuntu1) artful; urgency=medium
1494
1495 * Merge from Debian unstable. Remaining changes:
1496 - Enable AppArmor support:
1497 - d/apparmor-profile: add AppArmor profile
1498 - d/rules: use dh_apparmor
1499 - d/control: Build-Depends on dh-apparmor
1500 - d/slapd.README.Debian: add note about AppArmor
1501 - Enable GSSAPI support:
1502 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1503 - Add --with-gssapi support
1504 - Make guess_service_principal() more robust when determining
1505 principal
1506 - d/configure.options: Configure with --with-gssapi
1507 - d/control: Added heimdal-dev as a build depend
1508 - d/rules:
1509 - Explicitly add -I/usr/include/heimdal to CFLAGS.
1510 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1511 - Enable ufw support:
1512 - d/control: suggest ufw.
1513 - d/rules: install ufw profile.
1514 - d/slapd.ufw.profile: add ufw profile.
1515 - Enable nss overlay:
1516 - d/{patches/nssov-build,rules}: Apply, build and package the
1517 nss overlay.
1518 - d/{rules,slapd.py}: Add apport hook.
1519 [ d/rules modification mentioned above was dropped in
1520 2.4.23-6ubuntu1, re-adding it ]
1521 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1522 either the default DIT nor via an Authn mapping.
1523 - d/slapd.scripts-common:
1524 - add slapcat_opts to local variables.
1525 - Fix backup directory naming for multiple reconfiguration.
1526 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1527 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1528 in the openldap library, as required by Likewise-Open
1529 - Show distribution in version:
1530 - d/control: added lsb-release
1531 - d/patches/fix-ldap-distribution.patch: show distribution in version
1532 [ Refreshed patch ]
1533 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1534 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1535 - GSSAPI support was enabled in 2.4.18-0ubuntu2
1536
1537 -- Gianfranco Costamagna <locutusofborg@debian.org> Tue, 27 Jun 2017 10:21:41 +0200
1538
512openldap (2.4.44+dfsg-6) unstable; urgency=medium1539openldap (2.4.44+dfsg-6) unstable; urgency=medium
5131540
514 * Update the list of non-translatable strings for the1541 * Update the list of non-translatable strings for the
@@ -517,6 +1544,54 @@ openldap (2.4.44+dfsg-6) unstable; urgency=medium
5171544
518 -- Ryan Tandy <ryan@nardis.ca> Mon, 26 Jun 2017 19:42:02 -07001545 -- Ryan Tandy <ryan@nardis.ca> Mon, 26 Jun 2017 19:42:02 -0700
5191546
1547openldap (2.4.44+dfsg-5ubuntu1) artful; urgency=medium
1548
1549 * Merge from Debian unstable. Remaining changes:
1550 - Enable AppArmor support:
1551 - d/apparmor-profile: add AppArmor profile
1552 - d/rules: use dh_apparmor
1553 - d/control: Build-Depends on dh-apparmor
1554 - d/slapd.README.Debian: add note about AppArmor
1555 - Enable GSSAPI support:
1556 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1557 - Add --with-gssapi support
1558 - Make guess_service_principal() more robust when determining
1559 principal
1560 - d/configure.options: Configure with --with-gssapi
1561 - d/control: Added heimdal-dev as a build depend
1562 - d/rules:
1563 - Explicitly add -I/usr/include/heimdal to CFLAGS.
1564 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1565 - Enable ufw support:
1566 - d/control: suggest ufw.
1567 - d/rules: install ufw profile.
1568 - d/slapd.ufw.profile: add ufw profile.
1569 - Enable nss overlay:
1570 - d/{patches/nssov-build,rules}: Apply, build and package the
1571 nss overlay.
1572 - d/{rules,slapd.py}: Add apport hook.
1573 [ d/rules modification mentioned above was dropped in
1574 2.4.23-6ubuntu1, re-adding it ]
1575 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1576 either the default DIT nor via an Authn mapping.
1577 - d/slapd.scripts-common:
1578 - add slapcat_opts to local variables.
1579 - Fix backup directory naming for multiple reconfiguration.
1580 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1581 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1582 in the openldap library, as required by Likewise-Open
1583 - Show distribution in version:
1584 - d/control: added lsb-release
1585 - d/patches/fix-ldap-distribution.patch: show distribution in version
1586 [ Refreshed patch ]
1587 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1588 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1589 - GSSAPI support was enabled in 2.4.18-0ubuntu2
1590 [ undocumented in prior merge, added in 2.4.41+dfsg-1ubuntu1 ]
1591 - Fix use after free with GnuTLS. (LP #1557248)
1592
1593 -- Gianfranco Costamagna <locutusofborg@debian.org> Sun, 28 May 2017 22:43:50 +0200
1594
520openldap (2.4.44+dfsg-5) unstable; urgency=medium1595openldap (2.4.44+dfsg-5) unstable; urgency=medium
5211596
522 * debian/patches/ITS-8644-wait-for-slapd-to-start-in-test064.patch: Fix an1597 * debian/patches/ITS-8644-wait-for-slapd-to-start-in-test064.patch: Fix an
@@ -528,6 +1603,54 @@ openldap (2.4.44+dfsg-5) unstable; urgency=medium
5281603
529 -- Ryan Tandy <ryan@nardis.ca> Sun, 28 May 2017 09:59:46 -07001604 -- Ryan Tandy <ryan@nardis.ca> Sun, 28 May 2017 09:59:46 -0700
5301605
1606openldap (2.4.44+dfsg-4ubuntu1) artful; urgency=low
1607
1608 * Merge from Debian unstable. Remaining changes:
1609 - Enable AppArmor support:
1610 - d/apparmor-profile: add AppArmor profile
1611 - d/rules: use dh_apparmor
1612 - d/control: Build-Depends on dh-apparmor
1613 - d/slapd.README.Debian: add note about AppArmor
1614 - Enable GSSAPI support:
1615 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1616 - Add --with-gssapi support
1617 - Make guess_service_principal() more robust when determining
1618 principal
1619 - d/configure.options: Configure with --with-gssapi
1620 - d/control: Added heimdal-dev as a build depend
1621 - d/rules:
1622 - Explicitly add -I/usr/include/heimdal to CFLAGS.
1623 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1624 - Enable ufw support:
1625 - d/control: suggest ufw.
1626 - d/rules: install ufw profile.
1627 - d/slapd.ufw.profile: add ufw profile.
1628 - Enable nss overlay:
1629 - d/{patches/nssov-build,rules}: Apply, build and package the
1630 nss overlay.
1631 - d/{rules,slapd.py}: Add apport hook.
1632 [ d/rules modification mentioned above was dropped in
1633 2.4.23-6ubuntu1, re-adding it ]
1634 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1635 either the default DIT nor via an Authn mapping.
1636 - d/slapd.scripts-common:
1637 - add slapcat_opts to local variables.
1638 - Fix backup directory naming for multiple reconfiguration.
1639 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1640 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1641 in the openldap library, as required by Likewise-Open
1642 - Show distribution in version:
1643 - d/control: added lsb-release
1644 - d/patches/fix-ldap-distribution.patch: show distribution in version
1645 [ Refreshed patch ]
1646 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1647 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1648 - GSSAPI support was enabled in 2.4.18-0ubuntu2
1649 [ undocumented in prior merge, added in 2.4.41+dfsg-1ubuntu1 ]
1650 - Fix use after free with GnuTLS. (LP #1557248)
1651
1652 -- Gianfranco Costamagna <locutusofborg@debian.org> Sat, 22 Apr 2017 14:28:54 +0200
1653
531openldap (2.4.44+dfsg-4) unstable; urgency=medium1654openldap (2.4.44+dfsg-4) unstable; urgency=medium
5321655
533 * Improve the slapd/ppolicy_schema_needs_update debconf template. Thanks to1656 * Improve the slapd/ppolicy_schema_needs_update debconf template. Thanks to
@@ -574,6 +1697,67 @@ openldap (2.4.44+dfsg-4) unstable; urgency=medium
5741697
575 -- Ryan Tandy <ryan@nardis.ca> Sun, 16 Apr 2017 20:10:43 -07001698 -- Ryan Tandy <ryan@nardis.ca> Sun, 16 Apr 2017 20:10:43 -0700
5761699
1700openldap (2.4.44+dfsg-3ubuntu2) zesty; urgency=medium
1701
1702 * d/rules: Fix typo in previous upload.
1703
1704 -- Nishanth Aravamudan <nish.aravamudan@canonical.com> Fri, 10 Feb 2017 12:17:02 -0800
1705
1706openldap (2.4.44+dfsg-3ubuntu1) zesty; urgency=medium
1707
1708 * Merge with Debian unstable (LP: #1663702, LP: #1654416). Remaining
1709 changes
1710 - Enable AppArmor support:
1711 - d/apparmor-profile: add AppArmor profile
1712 - d/rules: use dh_apparmor
1713 - d/control: Build-Depends on dh-apparmor
1714 - d/slapd.README.Debian: add note about AppArmor
1715 - Enable GSSAPI support:
1716 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1717 - Add --with-gssapi support
1718 - Make guess_service_principal() more robust when determining
1719 principal
1720 - d/configure.options: Configure with --with-gssapi
1721 - d/control: Added heimdal-dev as a build depend
1722 - d/rules:
1723 - Explicitly add -I/usr/include/heimdal to CFLAGS.
1724 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1725 - Enable ufw support:
1726 - d/control: suggest ufw.
1727 - d/rules: install ufw profile.
1728 - d/slapd.ufw.profile: add ufw profile.
1729 - Enable nss overlay:
1730 - d/{patches/nssov-build,rules}: Apply, build and package the
1731 nss overlay.
1732 - d/{rules,slapd.py}: Add apport hook.
1733 [ d/rules modification mentioned above was dropped in
1734 2.4.23-6ubuntu1, re-adding it ]
1735 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1736 either the default DIT nor via an Authn mapping.
1737 - d/slapd.scripts-common:
1738 - add slapcat_opts to local variables.
1739 - Fix backup directory naming for multiple reconfiguration.
1740 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1741 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1742 in the openldap library, as required by Likewise-Open
1743 - Show distribution in version:
1744 - d/control: added lsb-release
1745 - d/patches/fix-ldap-distribution.patch: show distribution in version
1746 [ Refreshed patch ]
1747 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1748 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1749 - GSSAPI support was enabled in 2.4.18-0ubuntu2
1750 [ undocumented in prior merge, added in 2.4.41+dfsg-1ubuntu1 ]
1751 - Fix use after free with GnuTLS. (LP #1557248)
1752 * Drop:
1753 - d/slapd.scripts-common:
1754 + Remove unused variable new_conf.
1755 [ configure_v2_protocol_support function removed in 2.4.44+dfsg-1 ]
1756 - d/b/config.log: add config.log
1757 [ previously undocumented, stray change ]
1758
1759 -- Nishanth Aravamudan <nish.aravamudan@canonical.com> Fri, 10 Feb 2017 11:38:57 -0800
1760
577openldap (2.4.44+dfsg-3) unstable; urgency=medium1761openldap (2.4.44+dfsg-3) unstable; urgency=medium
5781762
579 * Apply upstream patch to fix FTBFS on kFreeBSD. (Closes: #845394)1763 * Apply upstream patch to fix FTBFS on kFreeBSD. (Closes: #845394)
@@ -646,6 +1830,73 @@ openldap (2.4.44+dfsg-1) unstable; urgency=medium
6461830
647 -- Ryan Tandy <ryan@nardis.ca> Mon, 14 Nov 2016 18:59:30 -08001831 -- Ryan Tandy <ryan@nardis.ca> Mon, 14 Nov 2016 18:59:30 -0800
6481832
1833openldap (2.4.42+dfsg-2ubuntu5) zesty; urgency=medium
1834
1835 * No-change rebuild for perl 5.24 transition
1836
1837 -- Iain Lane <iain@orangesquash.org.uk> Mon, 24 Oct 2016 10:37:13 +0100
1838
1839openldap (2.4.42+dfsg-2ubuntu4) yakkety; urgency=medium
1840
1841 * Fix use after free with GnuTLS. (LP: #1557248)
1842
1843 -- Maciej Puzio <maciej@work.swmed.edu> Fri, 25 Mar 2016 15:24:25 -0500
1844
1845openldap (2.4.42+dfsg-2ubuntu3) xenial; urgency=medium
1846
1847 * Fix building with gssapi suppport:
1848 - Explicitly add -I/usr/include/heimdal to CFLAGS.
1849 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1850
1851 -- Matthias Klose <doko@ubuntu.com> Thu, 18 Feb 2016 09:17:27 +0100
1852
1853openldap (2.4.42+dfsg-2ubuntu2) xenial; urgency=medium
1854
1855 * No-change rebuild for gnutls transition.
1856
1857 -- Matthias Klose <doko@ubuntu.com> Wed, 17 Feb 2016 22:27:04 +0000
1858
1859openldap (2.4.42+dfsg-2ubuntu1) xenial; urgency=medium
1860
1861 * Merge from Debian testing (LP: #1532648). Remaining changes:
1862 - Enable AppArmor support:
1863 - d/apparmor-profile: add AppArmor profile
1864 - d/rules: use dh_apparmor
1865 - d/control: Build-Depends on dh-apparmor
1866 - d/slapd.README.Debian: add note about AppArmor
1867 - Enable GSSAPI support:
1868 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1869 - Add --with-gssapi support
1870 - Make guess_service_principal() more robust when determining
1871 principal
1872 - d/configure.options: Configure with --with-gssapi
1873 - d/control: Added heimdal-dev as a build depend
1874 - Enable ufw support:
1875 - d/control: suggest ufw.
1876 - d/rules: install ufw profile.
1877 - d/slapd.ufw.profile: add ufw profile.
1878 - Enable nss overlay:
1879 - d/{patches/nssov-build,rules}: Apply, build and package the
1880 nss overlay.
1881 - d/{rules,slapd.py}: Add apport hook.
1882 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1883 either the default DIT nor via an Authn mapping.
1884 - d/slapd.scripts-common:
1885 - add slapcat_opts to local variables.
1886 - Remove unused variable new_conf.
1887 - Fix backup directory naming for multiple reconfiguration.
1888 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1889 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1890 in the openldap library, as required by Likewise-Open
1891 - Show distribution in version:
1892 - d/control: added lsb-release
1893 - d/patches/fix-ldap-distribution.patch: show distribution in version
1894 * Drop CVE-2015-6908.patch, included in Debian.
1895 * Remove DEB_HOST_ARCH from debian/rules: left over from when mdb was
1896 disabled on ppc64el, no longer used, and missed in the previous merge.
1897
1898 -- Ryan Tandy <ryan@nardis.ca> Sun, 10 Jan 2016 15:50:53 -0800
1899
649openldap (2.4.42+dfsg-2) unstable; urgency=medium1900openldap (2.4.42+dfsg-2) unstable; urgency=medium
6501901
651 [ Ryan Tandy ]1902 [ Ryan Tandy ]
@@ -713,6 +1964,71 @@ openldap (2.4.42+dfsg-1) unstable; urgency=medium
7131964
714 -- Ryan Tandy <ryan@nardis.ca> Fri, 21 Aug 2015 13:07:51 -07001965 -- Ryan Tandy <ryan@nardis.ca> Fri, 21 Aug 2015 13:07:51 -0700
7151966
1967openldap (2.4.41+dfsg-1ubuntu3) xenial; urgency=medium
1968
1969 * Rebuild for Perl 5.22.1.
1970
1971 -- Colin Watson <cjwatson@ubuntu.com> Fri, 18 Dec 2015 15:10:17 +0000
1972
1973openldap (2.4.41+dfsg-1ubuntu2) wily; urgency=medium
1974
1975 * SECURITY UPDATE: denial of service via crafted BER data
1976 - debian/patches/CVE-2015-6908.patch: remove obsolete assert in
1977 libraries/liblber/io.c.
1978 - CVE-2015-6908
1979
1980 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 14 Sep 2015 10:25:04 -0400
1981
1982openldap (2.4.41+dfsg-1ubuntu1) wily; urgency=medium
1983
1984 * Merge from Debian testing (LP: #1471831). Remaining changes:
1985 - Enable AppArmor support:
1986 - d/apparmor-profile: add AppArmor profile
1987 - d/rules: use dh_apparmor
1988 - d/control: Build-Depends on dh-apparmor
1989 - d/slapd.README.Debian: add note about AppArmor
1990 - Enable GSSAPI support:
1991 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1992 - Add --with-gssapi support
1993 - Make guess_service_principal() more robust when determining
1994 principal
1995 - d/configure.options: Configure with --with-gssapi
1996 - d/control: Added heimdal-dev as a build depend
1997 - Enable ufw support:
1998 - d/control: suggest ufw.
1999 - d/rules: install ufw profile.
2000 - d/slapd.ufw.profile: add ufw profile.
2001 - Enable nss overlay:
2002 - d/{patches/nssov-build,rules}: Apply, build and package the
2003 nss overlay.
2004 - d/{rules,slapd.py}: Add apport hook.
2005 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
2006 either the default DIT nor via an Authn mapping.
2007 - d/slapd.scripts-common:
2008 - add slapcat_opts to local variables.
2009 - Remove unused variable new_conf.
2010 - Fix backup directory naming for multiple reconfiguration.
2011 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
2012 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
2013 in the openldap library, as required by Likewise-Open
2014 - Show distribution in version:
2015 - d/control: added lsb-release
2016 - d/patches/fix-ldap-distribution.patch: show distribution in version
2017 * Dropped changes:
2018 - Fix cpp calls for GCC 5: fixed upstream (ITS#8056)
2019 * Upstream fixes:
2020 - slapd crash with auditlog overlay and large (~27KB) attribute values
2021 (ITS#8003) (LP: #1461276)
2022 - nssov updated to support recent nss-pam-ldapd client libraries
2023 (ITS#8097) (LP: #1393306)
2024 * Update d/patches/nssov-build for upstream changes.
2025 * Tweak d/patches/gssapi.diff to apply without fuzz.
2026 * d/libldap-2.4-2.symbols: Add symbols not present in Debian.
2027 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
2028 - GSSAPI support was enabled in 2.4.18-0ubuntu2
2029
2030 -- Ryan Tandy <ryan@nardis.ca> Fri, 24 Jul 2015 14:12:06 -0700
2031
716openldap (2.4.41+dfsg-1) unstable; urgency=medium2032openldap (2.4.41+dfsg-1) unstable; urgency=medium
7172033
718 * New upstream release.2034 * New upstream release.
@@ -732,6 +2048,62 @@ openldap (2.4.40+dfsg-2) unstable; urgency=medium
7322048
733 -- Ryan Tandy <ryan@nardis.ca> Sun, 28 Jun 2015 20:40:37 -07002049 -- Ryan Tandy <ryan@nardis.ca> Sun, 28 Jun 2015 20:40:37 -0700
7342050
2051openldap (2.4.40+dfsg-1ubuntu2) wily; urgency=medium
2052
2053 * No-change rebuild for the libnettle6 transition.
2054
2055 -- Adam Conrad <adconrad@ubuntu.com> Sun, 14 Jun 2015 03:58:30 -0600
2056
2057openldap (2.4.40+dfsg-1ubuntu1) wily; urgency=low
2058
2059 * Merge from Debian testing (LP: #1395098, LP: #1316124). Remaining changes:
2060 - Enable AppArmor support:
2061 - d/apparmor-profile: add AppArmor profile
2062 - d/rules: use dh_apparmor
2063 - d/control: Build-Depends on dh-apparmor
2064 - d/slapd.README.Debian: add note about AppArmor
2065 - Enable GSSAPI support:
2066 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
2067 - Add --with-gssapi support
2068 - Make guess_service_principal() more robust when determining
2069 principal
2070 - d/configure.options: Configure with --with-gssapi
2071 - d/control: Added heimdal-dev as a build depend
2072 - Enable ufw support:
2073 - d/control: suggest ufw.
2074 - d/rules: install ufw profile.
2075 - d/slapd.ufw.profile: add ufw profile.
2076 - Enable nss overlay:
2077 - d/{patches/nssov-build,rules}: Apply, build and package the
2078 nss overlay.
2079 - d/{rules,slapd.py}: Add apport hook.
2080 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
2081 either the default DIT nor via an Authn mapping.
2082 - d/slapd.scripts-common:
2083 - add slapcat_opts to local variables.
2084 - Remove unused variable new_conf.
2085 - Fix backup directory naming for multiple reconfiguration.
2086 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
2087 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
2088 in the openldap library, as required by Likewise-Open
2089 - Show distribution in version:
2090 - d/control: added lsb-release
2091 - d/patches/fix-ldap-distribution.patch: show distribution in version
2092 * Drop patches included upstream:
2093 - d/patches/0001-ITS-7430-GnuTLS-Avoid-use-of-deprecated-function.patch
2094 - d/patches/bdb-deadlock.patch
2095 - d/patches/its-7354-fix-delta-sync-mmr.diff
2096 * Drop hardening-wrapper as Debian now sets PIE and bindnow flags.
2097 * debian/patches/nssov-build: Adjust for upstream changes.
2098 * debian/apparmor-profile:
2099 - Change 'r' to 'rw' for ldapi and nslcd sockets, required for apparmor
2100 kernel ABI v7 (utopic and later). (LP: #1392018)
2101 - Reduce permissions on /run/nslcd to just the nslcd socket.
2102 * Enable the mdb backend again on ppc64el, fixed upstream in ITS#7713.
2103 (LP: #1293250)
2104
2105 -- Ryan Tandy <ryan@nardis.ca> Mon, 25 May 2015 19:49:21 -0700
2106
735openldap (2.4.40+dfsg-1) unstable; urgency=medium2107openldap (2.4.40+dfsg-1) unstable; urgency=medium
7362108
737 * Remove inetorgperson.schema from the upstream source. Replace it with a2109 * Remove inetorgperson.schema from the upstream source. Replace it with a
@@ -920,6 +2292,187 @@ openldap (2.4.39-1) unstable; urgency=low
9202292
921 -- Steve Langasek <vorlon@debian.org> Mon, 17 Mar 2014 15:27:31 -07002293 -- Steve Langasek <vorlon@debian.org> Mon, 17 Mar 2014 15:27:31 -0700
9222294
2295openldap (2.4.31-1+nmu2ubuntu12) vivid; urgency=medium
2296
2297 * Fix cpp calls for GCC 5.
2298
2299 -- Matthias Klose <doko@ubuntu.com> Fri, 06 Mar 2015 13:23:29 +0100
2300
2301openldap (2.4.31-1+nmu2ubuntu11) utopic; urgency=medium
2302
2303 * debian/apparmor-profile:
2304 - allow p11-kit abstraction
2305 - allow read of /etc/gss/mech.d/*
2306
2307 -- Jamie Strandboge <jamie@ubuntu.com> Tue, 02 Sep 2014 15:29:05 -0500
2308
2309openldap (2.4.31-1+nmu2ubuntu10) utopic; urgency=medium
2310
2311 * Rebuild for Perl 5.20.0.
2312
2313 -- Colin Watson <cjwatson@ubuntu.com> Thu, 21 Aug 2014 13:29:20 +0100
2314
2315openldap (2.4.31-1+nmu2ubuntu9) utopic; urgency=medium
2316
2317 * Cherry-pick upstream patch for compat with recent GNUTLS.
2318 * Build-depend on libgnutls28-dev.
2319 * Build-depend on libgcrypt20-dev.
2320
2321 -- Dimitri John Ledkov <xnox@ubuntu.com> Fri, 08 Aug 2014 11:01:56 +0100
2322
2323openldap (2.4.31-1+nmu2ubuntu8) trusty; urgency=medium
2324
2325 * Bump database_format_changed value to 2.4.31-1+nmu2ubuntu5 for db5.3.
2326
2327 -- Adam Conrad <adconrad@ubuntu.com> Mon, 17 Mar 2014 12:50:18 -0600
2328
2329openldap (2.4.31-1+nmu2ubuntu7) trusty; urgency=medium
2330
2331 * Disable mdb backend on ppc64el due to test-suite failures.
2332
2333 -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 17 Mar 2014 16:32:29 +0000
2334
2335openldap (2.4.31-1+nmu2ubuntu6) trusty; urgency=low
2336
2337 * Fix segfault issue with master-master syncrepl (LP: #1287730):
2338 - d/patches/its-7354-fix-delta-sync-mmr.diff: Cherry picked
2339 patch from upstream VCS.
2340
2341 -- Pierre Fersing <pfersing@sierrawireless.com> Tue, 04 Mar 2014 16:04:57 +0100
2342
2343openldap (2.4.31-1+nmu2ubuntu5) trusty; urgency=low
2344
2345 * Build-depend on libdb5.3-dev, instead of libdb5.1-dev.
2346
2347 -- Dmitrijs Ledkovs <xnox@ubuntu.com> Mon, 04 Nov 2013 08:04:30 +0000
2348
2349openldap (2.4.31-1+nmu2ubuntu4) trusty; urgency=low
2350
2351 * Rebuild for Perl 5.18.
2352
2353 -- Colin Watson <cjwatson@ubuntu.com> Tue, 22 Oct 2013 12:16:39 +0100
2354
2355openldap (2.4.31-1+nmu2ubuntu3) saucy; urgency=low
2356
2357 * Update build/config.guess and build/config.sub at build time; this was
2358 not done automatically because the top-level configure.in does not use
2359 Automake.
2360
2361 -- Colin Watson <cjwatson@ubuntu.com> Tue, 08 Oct 2013 17:24:59 +0100
2362
2363openldap (2.4.31-1+nmu2ubuntu2) saucy; urgency=low
2364
2365 * debian/control: added lsb-release
2366 * debian/patches/fix-ldap-distribution.patch: show distribution in version
2367
2368 -- Yolanda Robla <yolanda.robla@canonical.com> Mon, 08 Jul 2013 16:53:09 +0200
2369
2370openldap (2.4.31-1+nmu2ubuntu1) saucy; urgency=low
2371
2372 * Merge from Debian unstable. Remaining changes:
2373 - Enable AppArmor support:
2374 - d/apparmor-profile: add AppArmor profile
2375 - d/rules: use dh_apparmor
2376 - d/control: Build-Depends on dh-apparmor
2377 - d/slapd.README.Debian: add note about AppArmor
2378 - d/slapd.dirs: add etc/apparmor.d/force-complain
2379 - Enable GSSAPI support:
2380 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
2381 - Add --with-gssapi support
2382 - Make guess_service_principal() more robust when determining
2383 principal
2384 - d/configure.options: Configure with --with-gssapi
2385 - d/control: Added libkrb5-dev as a build depend
2386 - Enable ufw support:
2387 - d/control: suggest ufw.
2388 - d/rules: install ufw profile.
2389 - d/slapd.ufw.profile: add ufw profile.
2390 - Enable nss overlay:
2391 - d/{patches/nssov-build,/rules}: Apply, build and package the
2392 nss overlay.
2393 - d/{rules,slapd.py}: Add apport hook.
2394 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
2395 either the default DIT nor via an Authn mapping.
2396 - d/slapd.scripts-common:
2397 - add slapcat_opts to local variables.
2398 - Remove unused variable new_conf.
2399 - Fix backup directory naming for multiple reconfiguration.
2400 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
2401 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
2402 in the openldap library, as required by Likewise-Open
2403 - d/{control,rules}: enable PIE hardening
2404
2405 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 30 May 2013 13:03:25 -0400
2406
2407openldap (2.4.31-1+nmu2) unstable; urgency=high
2408
2409 * Non-maintainer upload.
2410 * No-change rebuild in a clean environment
2411
2412 -- Jonathan Wiltshire <jmw@debian.org> Tue, 23 Apr 2013 13:10:00 +0100
2413
2414openldap (2.4.31-1+nmu1) unstable; urgency=medium
2415
2416 * Non-maintainer upload.
2417 * Avoid deadlocks in back-bdb that truncate slapcat output (closes: #673038).
2418
2419 -- Michael Gilbert <mgilbert@debian.org> Tue, 16 Apr 2013 03:35:31 +0000
2420
2421openldap (2.4.31-1ubuntu2) quantal-proposed; urgency=low
2422
2423 * debian/slapd.py: Add AppArmor info and logs to apport hook.
2424
2425 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 20 Aug 2012 08:46:02 -0400
2426
2427openldap (2.4.31-1ubuntu1) quantal; urgency=low
2428
2429 * Merge from Debian unstable. Remaining changes:
2430 - Enable AppArmor support:
2431 - d/apparmor-profile: add AppArmor profile
2432 - d/rules: use dh_apparmor
2433 - d/control: Build-Depends on dh-apparmor
2434 - d/slapd.README.Debian: add note about AppArmor
2435 - d/slapd.dirs: add etc/apparmor.d/force-complain
2436 - Enable GSSAPI support (LP: #495418):
2437 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
2438 - Add --with-gssapi support
2439 - Make guess_service_principal() more robust when determining
2440 principal
2441 - d/configure.options: Configure with --with-gssapi
2442 - d/control: Added libkrb5-dev as a build depend
2443 - Enable ufw support (LP: #423246):
2444 - d/control: suggest ufw.
2445 - d/rules: install ufw profile.
2446 - d/slapd.ufw.profile: add ufw profile.
2447 - Enable nss overlay (LP: #675391):
2448 - d/{patches/nssov-build,/rules}: Apply, build and package the
2449 nss overlay.
2450 - d/{rules,slapd.py}: Add apport hook. (LP: #610544)
2451 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
2452 either the default DIT nor via an Authn mapping.
2453 - d/slapd.scripts-common:
2454 - add slapcat_opts to local variables.
2455 - Remove unused variable new_conf.
2456 - Fix backup directory naming for multiple reconfiguration.
2457 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
2458 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
2459 in the openldap library, as required by Likewise-Open (LP: #390579)
2460 - d/{control,rules}: enable PIE hardening
2461 * Dropped changes:
2462 - d/patches/its-7107-fix-Operation-init-on-reuse.diff: Included in upstream release.
2463 - d/patches/CVE-2011-4079: Included in upstream release.
2464 - d/patches/service-operational-before-detach: Included in upstream release.
2465 - d/schema/extra/misc.ldif: Included upstream.
2466 - d/{rules,schema/extra}: Fix configure and clean rules to support
2467 extra schemas shipped as part of the debian/schema/ directory; no longer required.
2468 - Included in Debian:
2469 + Document cn=config in README file.
2470 + Install a default DIT; actually a minimal configuration.
2471 + d/patches/heimdal-fix.
2472 * General tidy of d/patches to remove obsolete patches being held in Ubuntu delta.
2473
2474 -- James Page <james.page@ubuntu.com> Fri, 20 Jul 2012 13:48:32 +0100
2475
923openldap (2.4.31-1) unstable; urgency=low2476openldap (2.4.31-1) unstable; urgency=low
9242477
925 * New upstream release.2478 * New upstream release.
@@ -946,6 +2499,121 @@ openldap (2.4.31-1) unstable; urgency=low
9462499
947 -- Steve Langasek <vorlon@debian.org> Wed, 27 Jun 2012 03:27:34 +00002500 -- Steve Langasek <vorlon@debian.org> Wed, 27 Jun 2012 03:27:34 +0000
9482501
2502openldap (2.4.28-1.1ubuntu6) quantal; urgency=low
2503
2504 * Fix issue with intermittent connection issues when using LDAPv3
2505 protocol (LP: #1023025):
2506 - d/patches/its-7107-fix-Operation-init-on-reuse.diff: Cherry picked
2507 patch from upstream VCS which ensures objects are initialized before
2508 re-use.
2509
2510 -- Pierre Fersing <pfersing@sierrawireless.com> Thu, 19 Jul 2012 14:05:09 +0100
2511
2512openldap (2.4.28-1.1ubuntu5) quantal; urgency=low
2513
2514 * debian/rules: Add smbk5pwd build.
2515 * debian/control: Add slapd-smbk5pwd binary package.
2516 * debian/patches/heimdal-fix: adapt parameters of
2517 hdb_generate_key_set_password() to heimdal 1.6~git20120311
2518 (patch from Debian #664930).
2519
2520 -- Jorge Salamero Sanz <bencer@debian.org> Wed, 18 Jul 2012 09:30:28 -0400
2521
2522openldap (2.4.28-1.1ubuntu4) precise; urgency=low
2523
2524 * debian/control: Build-Depends on dh-apparmor (LP: #948481)
2525
2526 -- Jamie Strandboge <jamie@ubuntu.com> Thu, 05 Apr 2012 09:34:37 -0500
2527
2528openldap (2.4.28-1.1ubuntu3) precise; urgency=low
2529
2530 * Add its-7176-only-poll-sockets-for-write-as-needed.diff
2531 (LP: #932823).
2532
2533 -- Timo Aaltonen <tjaalton@ubuntu.com> Tue, 21 Feb 2012 15:36:29 +0200
2534
2535openldap (2.4.28-1.1ubuntu2) precise; urgency=low
2536
2537 * Remove debian/patches/CVE-2011-4079; it's already in this upstream
2538 version. Fixes FTBFS.
2539
2540 -- Daniel T Chen <crimsun@ubuntu.com> Wed, 25 Jan 2012 17:26:17 -0500
2541
2542openldap (2.4.28-1.1ubuntu1) precise; urgency=low
2543
2544 * Merge from Debian testing. Remaining changes:
2545 - Install a default DIT (LP: #442498).
2546 - Document cn=config in README file (LP: #370784).
2547 - remaining changes:
2548 + AppArmor support:
2549 - debian/apparmor-profile: add AppArmor profile
2550 - use dh_apparmor:
2551 - debian/rules: use dh_apparmor
2552 - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
2553 - updated debian/slapd.README.Debian for note on AppArmor
2554 - debian/slapd.dirs: add etc/apparmor.d/force-complain
2555 + Enable GSSAPI support (LP: #495418):
2556 - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
2557 - Add --with-gssapi support
2558 - Make guess_service_principal() more robust when determining
2559 principal
2560 - debian/patches/series: apply gssapi.diff patch.
2561 - debian/configure.options: Configure with --with-gssapi
2562 - debian/control: Added libkrb5-dev as a build depend
2563 + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
2564 in the openldap library, as required by Likewise-Open (LP: #390579)
2565 + Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
2566 - debian/control:
2567 - remove build-dependency on heimdal-dev.
2568 - remove slapd-smbk5pwd binary package.
2569 - debian/rules: don't build smbk5pwd slapd module.
2570 + debian/{control,rules}: enable PIE hardening
2571 + ufw support (LP: #423246):
2572 - debian/control: suggest ufw.
2573 - debian/rules: install ufw profile.
2574 - debian/slapd.ufw.profile: add ufw profile.
2575 + Enable nssoverlay:
2576 - debian/patches/nssov-build, debian/series, debian/rules:
2577 Apply, build and package the nss overlay.
2578 - debian/schema/extra/misc.ldif: add ldif file for the misc schema
2579 which defines rfc822MailMember (required by the nss overlay).
2580 + debian/rules, debian/schema/extra/:
2581 Fix configure rule to supports extra schemas shipped as part
2582 of the debian/schema/ directory.
2583 + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
2584 + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
2585 neither the default DIT nor via an Authn mapping.
2586 + debian/slapd.scripts-common: adjust minimum version that triggers a
2587 database upgrade. Upgrade from maverick shouldn't trigger database
2588 upgrade (which would happen with the version used in Debian).
2589 + debian/slapd.scripts-common: add slapcat_opts to local variables.
2590 Remove unused variable new_conf.
2591 + debian/slapd.script-common: Fix package reconfiguration.
2592 - Fix backup directory naming for multiple reconfiguration.
2593 + debian/slapd.default, debian/slapd.README.Debian:
2594 use the new configuration style.
2595 + Install nss overlay (LP: #675391):
2596 - debian/rules: run install target for nssov module.
2597 - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema
2598 + debian/patches/gssapi.diff:
2599 - Update patch so that likewise-open is usuable again. (LP: #661547)
2600 + debian/patches/service-operational-before-detach: New patch replacing old one
2601 of the same name as previous could cause database corruption based on upstream commits.
2602 (LP: #727973)
2603 + debian/patches/CVE-2011-4079: fix off by one error in postalAddressNormalize()
2604 (CVE-2011-4079)
2605
2606
2607 -- Chuck Short <zulcss@ubuntu.com> Mon, 23 Jan 2012 10:01:13 -0500
2608
2609openldap (2.4.28-1.1) unstable; urgency=low
2610
2611 * Non-maintainer upload.
2612 * Disable the mdb backend on non-Linux, it looks like it doesn't work with
2613 linuxthreads (closes: #654824).
2614
2615 -- Julien Cristau <jcristau@debian.org> Mon, 16 Jan 2012 19:45:42 +0100
2616
949openldap (2.4.28-1) unstable; urgency=low2617openldap (2.4.28-1) unstable; urgency=low
9502618
951 * New upstream release.2619 * New upstream release.
@@ -973,6 +2641,72 @@ openldap (2.4.28-1) unstable; urgency=low
9732641
974 -- Steve Langasek <vorlon@debian.org> Thu, 05 Jan 2012 06:07:11 +00002642 -- Steve Langasek <vorlon@debian.org> Thu, 05 Jan 2012 06:07:11 +0000
9752643
2644openldap (2.4.25-4ubuntu1) precise; urgency=low
2645
2646 * Merge from Debian testing. Remaining changes:
2647 - Install a default DIT (LP: #442498).
2648 - Document cn=config in README file (LP: #370784).
2649 - remaining changes:
2650 + AppArmor support:
2651 - debian/apparmor-profile: add AppArmor profile
2652 - use dh_apparmor:
2653 - debian/rules: use dh_apparmor
2654 - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
2655 - updated debian/slapd.README.Debian for note on AppArmor
2656 - debian/slapd.dirs: add etc/apparmor.d/force-complain
2657 + Enable GSSAPI support (LP: #495418):
2658 - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
2659 - Add --with-gssapi support
2660 - Make guess_service_principal() more robust when determining
2661 principal
2662 - debian/patches/series: apply gssapi.diff patch.
2663 - debian/configure.options: Configure with --with-gssapi
2664 - debian/control: Added libkrb5-dev as a build depend
2665 + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
2666 in the openldap library, as required by Likewise-Open (LP: #390579)
2667 + Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
2668 - debian/control:
2669 - remove build-dependency on heimdal-dev.
2670 - remove slapd-smbk5pwd binary package.
2671 - debian/rules: don't build smbk5pwd slapd module.
2672 + debian/{control,rules}: enable PIE hardening
2673 + ufw support (LP: #423246):
2674 - debian/control: suggest ufw.
2675 - debian/rules: install ufw profile.
2676 - debian/slapd.ufw.profile: add ufw profile.
2677 + Enable nssoverlay:
2678 - debian/patches/nssov-build, debian/series, debian/rules:
2679 Apply, build and package the nss overlay.
2680 - debian/schema/extra/misc.ldif: add ldif file for the misc schema
2681 which defines rfc822MailMember (required by the nss overlay).
2682 + debian/rules, debian/schema/extra/:
2683 Fix configure rule to supports extra schemas shipped as part
2684 of the debian/schema/ directory.
2685 + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
2686 + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
2687 neither the default DIT nor via an Authn mapping.
2688 + debian/slapd.scripts-common: adjust minimum version that triggers a
2689 database upgrade. Upgrade from maverick shouldn't trigger database
2690 upgrade (which would happen with the version used in Debian).
2691 + debian/slapd.scripts-common: add slapcat_opts to local variables.
2692 Remove unused variable new_conf.
2693 + debian/slapd.script-common: Fix package reconfiguration.
2694 - Fix backup directory naming for multiple reconfiguration.
2695 + debian/slapd.default, debian/slapd.README.Debian:
2696 use the new configuration style.
2697 + Install nss overlay (LP: #675391):
2698 - debian/rules: run install target for nssov module.
2699 - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema
2700 + debian/patches/gssapi.diff:
2701 - Update patch so that likewise-open is usuable again. (LP: #661547)
2702 + debian/patches/service-operational-before-detach: New patch replacing old one
2703 of the same name as previous could cause database corruption based on upstream commits.
2704 (LP: #727973)
2705 + debian/patches/CVE-2011-4079: fix off by one error in postalAddressNormalize()
2706 (CVE-2011-4079)
2707
2708 -- Chuck Short <zulcss@ubuntu.com> Tue, 22 Nov 2011 06:17:49 +0000
2709
976openldap (2.4.25-4) unstable; urgency=low2710openldap (2.4.25-4) unstable; urgency=low
9772711
978 * Drop explicit depends on libdb4.8, since we're now linking against2712 * Drop explicit depends on libdb4.8, since we're now linking against
@@ -1006,6 +2740,85 @@ openldap (2.4.25-4) unstable; urgency=low
10062740
1007 -- Steve Langasek <vorlon@debian.org> Tue, 18 Oct 2011 01:08:34 +00002741 -- Steve Langasek <vorlon@debian.org> Tue, 18 Oct 2011 01:08:34 +0000
10082742
2743openldap (2.4.25-3ubuntu3) precise; urgency=low
2744
2745 * Rebuild for Perl 5.14.
2746
2747 -- Colin Watson <cjwatson@ubuntu.com> Tue, 15 Nov 2011 20:50:09 +0000
2748
2749openldap (2.4.25-3ubuntu2) precise; urgency=low
2750
2751 * SECURITY UPDATE: potential denial of service (LP: #884163)
2752 - debian/patches/CVE-2011-4079: fix off by one error in
2753 postalAddressNormalize()
2754 - CVE-2011-4079
2755
2756 -- Jamie Strandboge <jamie@ubuntu.com> Mon, 14 Nov 2011 13:59:56 -0600
2757
2758openldap (2.4.25-3ubuntu1) precise; urgency=low
2759
2760 * Merge from debian unstable. Remaining changes:
2761 - Install a default DIT (LP: #442498).
2762 - Document cn=config in README file (LP: #370784).
2763 - remaining changes:
2764 + AppArmor support:
2765 - debian/apparmor-profile: add AppArmor profile
2766 - use dh_apparmor:
2767 - debian/rules: use dh_apparmor
2768 - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
2769 - updated debian/slapd.README.Debian for note on AppArmor
2770 - debian/slapd.dirs: add etc/apparmor.d/force-complain
2771 + Enable GSSAPI support (LP: #495418):
2772 - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
2773 - Add --with-gssapi support
2774 - Make guess_service_principal() more robust when determining
2775 principal
2776 - debian/patches/series: apply gssapi.diff patch.
2777 - debian/configure.options: Configure with --with-gssapi
2778 - debian/control: Added libkrb5-dev as a build depend
2779 + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
2780 in the openldap library, as required by Likewise-Open (LP: #390579)
2781 + Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
2782 - debian/control:
2783 - remove build-dependency on heimdal-dev.
2784 - remove slapd-smbk5pwd binary package.
2785 - debian/rules: don't build smbk5pwd slapd module.
2786 + debian/{control,rules}: enable PIE hardening
2787 + ufw support (LP: #423246):
2788 - debian/control: suggest ufw.
2789 - debian/rules: install ufw profile.
2790 - debian/slapd.ufw.profile: add ufw profile.
2791 + Enable nssoverlay:
2792 - debian/patches/nssov-build, debian/series, debian/rules:
2793 Apply, build and package the nss overlay.
2794 - debian/schema/extra/misc.ldif: add ldif file for the misc schema
2795 which defines rfc822MailMember (required by the nss overlay).
2796 + debian/rules, debian/schema/extra/:
2797 Fix configure rule to supports extra schemas shipped as part
2798 of the debian/schema/ directory.
2799 + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
2800 + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
2801 neither the default DIT nor via an Authn mapping.
2802 + debian/slapd.scripts-common: adjust minimum version that triggers a
2803 database upgrade. Upgrade from maverick shouldn't trigger database
2804 upgrade (which would happen with the version used in Debian).
2805 + debian/slapd.scripts-common: add slapcat_opts to local variables.
2806 Remove unused variable new_conf.
2807 + debian/slapd.script-common: Fix package reconfiguration.
2808 - Fix backup directory naming for multiple reconfiguration.
2809 + debian/slapd.default, debian/slapd.README.Debian:
2810 use the new configuration style.
2811 + Install nss overlay (LP: #675391):
2812 - debian/rules: run install target for nssov module.
2813 - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema
2814 + debian/patches/gssapi.diff:
2815 - Update patch so that likewise-open is usuable again. (LP: #661547)
2816 + debian/patches/service-operational-before-detach: New patch replacing old one
2817 of the same name as previous could cause database corruption based on upstream commits.
2818 (LP: #727973)
2819
2820 -- Chuck Short <zulcss@ubuntu.com> Wed, 19 Oct 2011 20:53:08 +0000
2821
1009openldap (2.4.25-3) unstable; urgency=low2822openldap (2.4.25-3) unstable; urgency=low
10102823
1011 * Brown paper bag: really fix the .links.in handling, so we don't generate2824 * Brown paper bag: really fix the .links.in handling, so we don't generate
@@ -1028,6 +2841,92 @@ openldap (2.4.25-2) unstable; urgency=low
10282841
1029 -- Steve Langasek <vorlon@debian.org> Sun, 14 Aug 2011 23:17:09 -07002842 -- Steve Langasek <vorlon@debian.org> Sun, 14 Aug 2011 23:17:09 -0700
10302843
2844openldap (2.4.25-1.1ubuntu4) oneiric; urgency=low
2845
2846 * Brown paper bag: really fix the .links.in handling, so we don't generate
2847 broken /usr/lib/${DEB_HOST_MULTIARCH} dirs.
2848
2849 -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 15 Aug 2011 09:43:29 +0000
2850
2851openldap (2.4.25-1.1ubuntu3) oneiric; urgency=low
2852
2853 * Cherry-pick multiarch support from Debian (LP: #826601):
2854 - Bump to compat level 7, so we don't have to spell out debian/tmp in
2855 every single .install file
2856 - Build for multiarch.
2857
2858 -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 15 Aug 2011 02:23:43 -0700
2859
2860openldap (2.4.25-1.1ubuntu2) oneiric; urgency=low
2861
2862 * debian/apparmor-profile: Allow /var/run and /run. (LP: #810270)
2863
2864 -- Martin Pitt <martin.pitt@ubuntu.com> Thu, 14 Jul 2011 15:18:02 +0200
2865
2866openldap (2.4.25-1.1ubuntu1) oneiric; urgency=low
2867
2868 * Merge from debian unstable. Remaining changes:
2869 - Install a default DIT (LP: #442498).
2870 - Document cn=config in README file (LP: #370784).
2871 - remaining changes:
2872 + AppArmor support:
2873 - debian/apparmor-profile: add AppArmor profile
2874 - use dh_apparmor:
2875 - debian/rules: use dh_apparmor
2876 - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
2877 - updated debian/slapd.README.Debian for note on AppArmor
2878 - debian/slapd.dirs: add etc/apparmor.d/force-complain
2879 + Enable GSSAPI support (LP: #495418):
2880 - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
2881 - Add --with-gssapi support
2882 - Make guess_service_principal() more robust when determining
2883 principal
2884 - debian/patches/series: apply gssapi.diff patch.
2885 - debian/configure.options: Configure with --with-gssapi
2886 - debian/control: Added libkrb5-dev as a build depend
2887 + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
2888 in the openldap library, as required by Likewise-Open (LP: #390579)
2889 + Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
2890 - debian/control:
2891 - remove build-dependency on heimdal-dev.
2892 - remove slapd-smbk5pwd binary package.
2893 - debian/rules: don't build smbk5pwd slapd module.
2894 + debian/{control,rules}: enable PIE hardening
2895 + ufw support (LP: #423246):
2896 - debian/control: suggest ufw.
2897 - debian/rules: install ufw profile.
2898 - debian/slapd.ufw.profile: add ufw profile.
2899 + Enable nssoverlay:
2900 - debian/patches/nssov-build, debian/series, debian/rules:
2901 Apply, build and package the nss overlay.
2902 - debian/schema/extra/misc.ldif: add ldif file for the misc schema
2903 which defines rfc822MailMember (required by the nss overlay).
2904 + debian/rules, debian/schema/extra/:
2905 Fix configure rule to supports extra schemas shipped as part
2906 of the debian/schema/ directory.
2907 + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
2908 + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
2909 neither the default DIT nor via an Authn mapping.
2910 + debian/slapd.scripts-common: adjust minimum version that triggers a
2911 database upgrade. Upgrade from maverick shouldn't trigger database
2912 upgrade (which would happen with the version used in Debian).
2913 + debian/slapd.scripts-common: add slapcat_opts to local variables.
2914 Remove unused variable new_conf.
2915 + debian/slapd.script-common: Fix package reconfiguration.
2916 - Fix backup directory naming for multiple reconfiguration.
2917 + debian/slapd.default, debian/slapd.README.Debian:
2918 use the new configuration style.
2919 + Install nss overlay (LP: #675391):
2920 - debian/rules: run install target for nssov module.
2921 - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema
2922 + debian/patches/gssapi.diff:
2923 - Update patch so that likewise-open is usuable again. (LP: #661547)
2924 + debian/patches/service-operational-before-detach: New patch replacing old one
2925 of the same name as previous could cause database corruption based on upstream commits.
2926 (LP: #727973)
2927
2928 -- Chuck Short <zulcss@ubuntu.com> Sun, 05 Jun 2011 17:38:40 +0100
2929
1031openldap (2.4.25-1.1) unstable; urgency=low2930openldap (2.4.25-1.1) unstable; urgency=low
10322931
1033 * Non-maintainer upload to fix RC bug.2932 * Non-maintainer upload to fix RC bug.
@@ -1035,6 +2934,75 @@ openldap (2.4.25-1.1) unstable; urgency=low
10352934
1036 -- Thijs Kinkhorst <thijs@debian.org> Tue, 31 May 2011 11:57:29 +02002935 -- Thijs Kinkhorst <thijs@debian.org> Tue, 31 May 2011 11:57:29 +0200
10372936
2937openldap (2.4.25-1ubuntu1) oneiric; urgency=low
2938
2939 * Merge from debian unstable. Remaining changes:
2940 - Install a default DIT (LP: #442498).
2941 - Document cn=config in README file (LP: #370784).
2942 - remaining changes:
2943 + AppArmor support:
2944 - debian/apparmor-profile: add AppArmor profile
2945 - use dh_apparmor:
2946 - debian/rules: use dh_apparmor
2947 - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
2948 - updated debian/slapd.README.Debian for note on AppArmor
2949 - debian/slapd.dirs: add etc/apparmor.d/force-complain
2950 + Enable GSSAPI support (LP: #495418):
2951 - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
2952 - Add --with-gssapi support
2953 - Make guess_service_principal() more robust when determining
2954 principal
2955 - debian/patches/series: apply gssapi.diff patch.
2956 - debian/configure.options: Configure with --with-gssapi
2957 - debian/control: Added libkrb5-dev as a build depend
2958 + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
2959 in the openldap library, as required by Likewise-Open (LP: #390579)
2960 + Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
2961 - debian/control:
2962 - remove build-dependency on heimdal-dev.
2963 - remove slapd-smbk5pwd binary package.
2964 - debian/rules: don't build smbk5pwd slapd module.
2965 + debian/{control,rules}: enable PIE hardening
2966 + ufw support (LP: #423246):
2967 - debian/control: suggest ufw.
2968 - debian/rules: install ufw profile.
2969 - debian/slapd.ufw.profile: add ufw profile.
2970 + Enable nssoverlay:
2971 - debian/patches/nssov-build, debian/series, debian/rules:
2972 Apply, build and package the nss overlay.
2973 - debian/schema/extra/misc.ldif: add ldif file for the misc schema
2974 which defines rfc822MailMember (required by the nss overlay).
2975 + debian/rules, debian/schema/extra/:
2976 Fix configure rule to supports extra schemas shipped as part
2977 of the debian/schema/ directory.
2978 + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
2979 + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
2980 neither the default DIT nor via an Authn mapping.
2981 + debian/slapd.scripts-common: adjust minimum version that triggers a
2982 database upgrade. Upgrade from maverick shouldn't trigger database
2983 upgrade (which would happen with the version used in Debian).
2984 + debian/slapd.scripts-common: add slapcat_opts to local variables.
2985 Remove unused variable new_conf.
2986 + debian/slapd.script-common: Fix package reconfiguration.
2987 - Fix backup directory naming for multiple reconfiguration.
2988 + debian/slapd.default, debian/slapd.README.Debian:
2989 use the new configuration style.
2990 + Install nss overlay (LP: #675391):
2991 - debian/rules: run install target for nssov module.
2992 - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema
2993 + debian/patches/gssapi.diff:
2994 - Update patch so that likewise-open is usuable again. (LP: #661547)
2995 + debian/patches/service-operational-before-detach: New patch replacing old one
2996 of the same name as previous could cause database corruption based on upstream commits.
2997 (LP: #727973)
2998 + Dropped:
2999 - debian/patches/gold: Use the debian version instead
3000 - debian/patches/CVE-2011-1024: Fixed upstream
3001 - debian/patches/CVE-2011-1025: Fixed upstream
3002 - debian/patches/CVE-2011-1081: Fixed upstream
3003
3004 -- Chuck Short <zulcss@ubuntu.com> Sun, 08 May 2011 16:34:09 +0100
3005
1038openldap (2.4.25-1) unstable; urgency=low3006openldap (2.4.25-1) unstable; urgency=low
10393007
1040 * New upstream version (Closes: #617606, #618904, #606815, #608813)3008 * New upstream version (Closes: #617606, #618904, #606815, #608813)
@@ -1066,6 +3034,116 @@ openldap (2.4.23-7) unstable; urgency=low
10663034
1067 -- Matthijs Mohlmann <matthijs@cacholong.nl> Sat, 06 Nov 2010 12:13:01 +01003035 -- Matthijs Mohlmann <matthijs@cacholong.nl> Sat, 06 Nov 2010 12:13:01 +0100
10683036
3037openldap (2.4.23-6ubuntu7) oneiric; urgency=low
3038
3039 * Rebuild for Perl 5.12.
3040
3041 -- Colin Watson <cjwatson@ubuntu.com> Sun, 08 May 2011 13:40:28 +0100
3042
3043openldap (2.4.23-6ubuntu6) natty; urgency=low
3044
3045 * SECURITY UPDATE: fix successful anonymous bind via chain overlay when
3046 using forwarded authentication failures
3047 - debian/patches/CVE-2011-1024
3048 - CVE-2011-1024
3049 * SECURITY UPDATE: verify password when authenticating to rootdn and using ndb
3050 backend. Note: Ubuntu is not compiled with --enable-ndb by default
3051 - debian/patches/CVE-2011-1025
3052 - CVE-2011-1025
3053 * SECURITY UPDATE: fix DoS when processing unauthenticated modrdn requests
3054 and requestDN is empty
3055 - debian/patches/CVE-2011-1081
3056 - CVE-2011-1081
3057 - LP: #742104
3058
3059 -- Jamie Strandboge <jamie@ubuntu.com> Thu, 07 Apr 2011 11:36:53 -0500
3060
3061openldap (2.4.23-6ubuntu5) natty; urgency=low
3062
3063 * debian/patches/service-operational-before-detach: New patch replacing
3064 old one of same name as previous could cause database corruption,
3065 based on upstream commits. (LP: #727973)
3066
3067 -- Dave Walker (Daviey) <DaveWalker@ubuntu.com> Wed, 02 Mar 2011 20:33:08 +0000
3068
3069openldap (2.4.23-6ubuntu4) natty; urgency=low
3070
3071 * Fix FTBFS with ld.gold.
3072
3073 -- Matthias Klose <doko@ubuntu.com> Wed, 19 Jan 2011 07:39:49 +0100
3074
3075openldap (2.4.23-6ubuntu3) natty; urgency=low
3076
3077 * debian/patches/gssapi.diff:
3078 Update patch so that likewise-open is usable again (LP: #661547)
3079
3080 -- Thierry Carrez (ttx) <thierry.carrez@ubuntu.com> Fri, 26 Nov 2010 15:50:11 +0100
3081
3082openldap (2.4.23-6ubuntu2) natty; urgency=low
3083
3084 * Install nss overlay (LP: #675391):
3085 - debian/rules: run install target for nssov module.
3086 - debian/patches/nssov-build: fix patch to install schema in
3087 /etc/ldap/schema.
3088
3089 -- Mathias Gug <mathiaz@ubuntu.com> Wed, 17 Nov 2010 18:16:42 -0500
3090
3091openldap (2.4.23-6ubuntu1) natty; urgency=low
3092
3093 * Merge from Debian unstable:
3094 - Install a default DIT (LP: #442498).
3095 - Document cn=config in README file (LP: #370784).
3096 - remaining changes:
3097 + AppArmor support:
3098 - debian/apparmor-profile: add AppArmor profile
3099 - use dh_apparmor:
3100 - debian/rules: use dh_apparmor
3101 - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
3102 - updated debian/slapd.README.Debian for note on AppArmor
3103 - debian/slapd.dirs: add etc/apparmor.d/force-complain
3104 + Enable GSSAPI support (LP: #495418):
3105 - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
3106 - Add --with-gssapi support
3107 - Make guess_service_principal() more robust when determining
3108 principal
3109 - debian/patches/series: apply gssapi.diff patch.
3110 - debian/configure.options: Configure with --with-gssapi
3111 - debian/control: Added libkrb5-dev as a build depend
3112 + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
3113 in the openldap library, as required by Likewise-Open (LP: #390579)
3114 + Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
3115 - debian/control:
3116 - remove build-dependency on heimdal-dev.
3117 - remove slapd-smbk5pwd binary package.
3118 - debian/rules: don't build smbk5pwd slapd module.
3119 + debian/{control,rules}: enable PIE hardening
3120 + ufw support (LP: #423246):
3121 - debian/control: suggest ufw.
3122 - debian/rules: install ufw profile.
3123 - debian/slapd.ufw.profile: add ufw profile.
3124 + Enable nssoverlay:
3125 - debian/patches/nssov-build, debian/series, debian/rules:
3126 Apply, build and package the nss overlay.
3127 - debian/schema/extra/misc.ldif: add ldif file for the misc schema
3128 which defines rfc822MailMember (required by the nss overlay).
3129 + debian/rules, debian/schema/extra/:
3130 Fix configure rule to supports extra schemas shipped as part
3131 of the debian/schema/ directory.
3132 + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
3133 + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
3134 neither the default DIT nor via an Authn mapping.
3135 + debian/slapd.scripts-common: adjust minimum version that triggers a
3136 database upgrade. Upgrade from maverick shouldn't trigger database
3137 upgrade (which would happen with the version used in Debian).
3138 + debian/slapd.scripts-common: add slapcat_opts to local variables.
3139 Remove unused variable new_conf.
3140 + debian/slapd.script-common: Fix package reconfiguration.
3141 - Fix backup directory naming for multiple reconfiguration.
3142 + debian/slapd.default, debian/slapd.README.Debian:
3143 use the new configuration style.
3144
3145 -- Mathias Gug <mathiaz@ubuntu.com> Fri, 12 Nov 2010 15:19:07 -0500
3146
1069openldap (2.4.23-6) unstable; urgency=high3147openldap (2.4.23-6) unstable; urgency=high
10703148
1071 * Check for an empty directory to prevent an rm -f /*. (Closes: #597704)3149 * Check for an empty directory to prevent an rm -f /*. (Closes: #597704)
@@ -1188,6 +3266,80 @@ openldap (2.4.23-1) unstable; urgency=low
11883266
1189 -- Matthijs Mohlmann <matthijs@cacholong.nl> Mon, 12 Jul 2010 13:25:00 +02003267 -- Matthijs Mohlmann <matthijs@cacholong.nl> Mon, 12 Jul 2010 13:25:00 +0200
11903268
3269openldap (2.4.23-0ubuntu4) natty; urgency=low
3270
3271 * debian/slapd.templates: amended typo in slapd/move_old_database
3272 (LP: #666028)
3273
3274 -- James Page <james.page@canonical.com> Mon, 08 Nov 2010 10:00:58 +0000
3275
3276openldap (2.4.23-0ubuntu3.2) maverick-proposed; urgency=low
3277
3278 * debian/slapd.templates: re-add slapd/move_old_database template as it's
3279 used during the package upgrade. Thanks to James Page for pointing it.
3280 * debian/slapd.config: restore debconf question slapd/move_old_database.
3281
3282 -- Mathias Gug <mathiaz@ubuntu.com> Thu, 14 Oct 2010 16:56:38 -0400
3283
3284openldap (2.4.23-0ubuntu3.1) maverick-proposed; urgency=low
3285
3286 [ James Page ]
3287 * Fixed install/upgrade process to dump/restore databases due
3288 to uplift to libdb4.8-dev (LP: #658227)
3289
3290 -- Mathias Gug <mathiaz@ubuntu.com> Thu, 14 Oct 2010 14:50:49 -0400
3291
3292openldap (2.4.23-0ubuntu3) maverick; urgency=low
3293
3294 * debian/rules: move dh_apparmor before dh_installinit
3295
3296 -- Jamie Strandboge <jamie@ubuntu.com> Fri, 06 Aug 2010 17:34:21 -0500
3297
3298openldap (2.4.23-0ubuntu2) maverick; urgency=low
3299
3300 * convert to using dh_apparmor:
3301 - debian/rules, debian/slapd.post{inst,rm}: use dh_apparmor
3302 - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
3303 * debian/apparmor-profile: use local include
3304
3305 -- Jamie Strandboge <jamie@ubuntu.com> Fri, 06 Aug 2010 15:08:55 -0500
3306
3307openldap (2.4.23-0ubuntu1) maverick; urgency=low
3308
3309 * New release, features include:
3310 + Fixed libldap to return server's error code (ITS#6569)
3311 + Fixed libldap memleaks (ITS#6568)
3312 + Fixed liblutil off-by-one with delta (ITS#6541)
3313 + Fixed slapd acls with glued databases (ITS#6468)
3314 + Fixed slapd syncrepl rid logging (ITS#6533)
3315 + Fixed slapd modrdn handling of invalid values (ITS#6570)
3316 + Fixed slapd-bdb hasSubordinates computation (ITS#6549)
3317 + Fixed slapd-bdb to use memcpy instead for strcpy (ITS#6474)
3318 + Fixed slapd-bdb entry cache delete failure (ITS#6577)
3319 + Fixed slapd-ldap to return control responses (ITS#6530)
3320 + Fixed slapo-ppolicy to use Debug (ITS#6566)
3321 + Fixed slapo-refint to zero out freed DN vals (ITS#6572)
3322 + Fixed slapo-rwm to use Debug (ITS#6566)
3323 + Fixed slapo-sssvlv to use Debug (ITS#6566)
3324 + Fixed slapo-syncprov lost deletes in refresh phase (ITS#6555)
3325 + Fixed slapo-valsort to use Debug (ITS#6566)
3326 + Fixed contrib/nssov network.c missing patch (ITS#6562)
3327 + Fixed test043 attribute sorting (ITS#6553)
3328 + slapd-config(5) note default rootdn (ITS#6546)
3329 * Rebased patches debian/patches/dropped nssov-build
3330 * Resynchronize with Debian:
3331 + debian/control:
3332 - Bump standards-version to 3.9.0
3333 - Use libdb4.8-dev (LP: #572489)
3334 + Added debian/patches/issue-6534-patch
3335 + Added debian/patches/ldap-conf-tls-cacertdir
3336 * Add ufw support, thanks to PatRiehecky (LP: #423246)
3337
3338 [Adam Sommer]
3339 * debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
3340
3341 -- Chuck Short <zulcss@ubuntu.com> Wed, 28 Jul 2010 11:35:16 -0400
3342
1191openldap (2.4.21-1) unstable; urgency=low3343openldap (2.4.21-1) unstable; urgency=low
11923344
1193 [ Steve Langasek ]3345 [ Steve Langasek ]
@@ -1219,6 +3371,79 @@ openldap (2.4.21-1) unstable; urgency=low
12193371
1220 -- Matthijs Mohlmann <matthijs@cacholong.nl> Thu, 22 Apr 2010 23:40:30 +02003372 -- Matthijs Mohlmann <matthijs@cacholong.nl> Thu, 22 Apr 2010 23:40:30 +0200
12213373
3374openldap (2.4.21-0ubuntu5) lucid; urgency=low
3375
3376 * Fix local root connection access: replace olcAuthzRegexp mapping to
3377 cn=localroot,cn=config with using the SASL dn directly in olcAccess.
3378 Makes upgrades much simpler and robust (LP: #563829).
3379
3380 -- Mathias Gug <mathiaz@ubuntu.com> Fri, 23 Apr 2010 00:23:31 -0400
3381
3382openldap (2.4.21-0ubuntu4) lucid; urgency=low
3383
3384 [ Simon Olofsson ]
3385 * debian/slapd.postinst:
3386 - Show a message after successful migration (LP: #538848)
3387
3388 [ Jorgen Rosink ]
3389 * debian/slapd.init: add simple status checking with LSB compatible exit
3390 codes (LP: #562377)
3391 * debian/slapd.init.ldif:
3392 - remove admin user in default config database (LP: #556176)
3393 - in default config, add olcAccess entries giving access to controls
3394 available and cn=subschema (LP: #427842)
3395
3396 [ Scott Moser ]
3397 * debian/slapd.scripts-common: Do not create /nonexistent directory
3398 for openldap user's home (LP: #556176)
3399 * debian/slapd.postinst: fix cn=config olcAccess migration (LP: #559070)
3400
3401 -- Scott Moser <smoser@ubuntu.com> Mon, 12 Apr 2010 16:16:47 -0400
3402
3403openldap (2.4.21-0ubuntu3) lucid; urgency=low
3404
3405 * debian/slapd.postinst, debian/slapd.scripts-common: Upgrade databases
3406 before trying to convert to slapd.d, to avoid upgrade failure from hardy
3407 (LP: #536958)
3408 * debian/slapd.postinst: Add a {1} numeric index to olcAccess entry in
3409 olcDatabase={0}config.ldif to avoid upgrade failures (LP: #538516, #526230)
3410
3411 -- Thierry Carrez <thierry.carrez@ubuntu.com> Mon, 29 Mar 2010 13:31:47 +0200
3412
3413openldap (2.4.21-0ubuntu2) lucid; urgency=low
3414
3415 * debian/apparmor-profile: Update apparmor profile. (LP: #508190)
3416
3417 -- Chuck Short <zulcss@ubuntu.com> Tue, 09 Mar 2010 13:33:35 -0500
3418
3419openldap (2.4.21-0ubuntu1) lucid; urgency=low
3420
3421 * New upstream release.
3422 * debian/rules, debian/schema/extra/:
3423 Fix get-orig-source rule to supports extra schemas shipped as part of the
3424 debian/schema/ directory.
3425
3426 -- Mathias Gug <mathiaz@ubuntu.com> Thu, 18 Feb 2010 00:58:13 -0500
3427
3428openldap (2.4.18-0ubuntu2) lucid; urgency=low
3429
3430 * debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
3431 - Add --with-gssapi support
3432 - Make guess_service_principal() more robust when determining principal
3433 * Enable GSSAPI support (LP: #495418):
3434 - debian/configure.options: Configure with --with-gssapi
3435 - debian/control: Added libkrb5-dev as a build depend
3436
3437 -- Thierry Carrez <thierry.carrez@ubuntu.com> Fri, 11 Dec 2009 11:31:11 +0100
3438
3439openldap (2.4.18-0ubuntu1) karmic; urgency=low
3440
3441 * New upstream release: (LP: #419515):
3442 + pcache overlay supports disconnected mode.
3443 * Fix nss overlay load (LP: #417163).
3444
3445 -- Mathias Gug <mathiaz@ubuntu.com> Mon, 07 Sep 2009 13:41:10 -0400
3446
1222openldap (2.4.17-2.1) unstable; urgency=high3447openldap (2.4.17-2.1) unstable; urgency=high
12233448
1224 * Non-maintainer upload by the Security Team.3449 * Non-maintainer upload by the Security Team.
@@ -1245,6 +3470,108 @@ openldap (2.4.17-2) unstable; urgency=low
12453470
1246 -- Steve Langasek <vorlon@debian.org> Tue, 22 Sep 2009 20:06:34 -07003471 -- Steve Langasek <vorlon@debian.org> Tue, 22 Sep 2009 20:06:34 -0700
12473472
3473openldap (2.4.17-1ubuntu3) karmic; urgency=low
3474
3475 * Install a minimal slapd configuration instead of creating a default
3476 database with a default DIT:
3477 + Move openldap user home from /var/lib/ldap to /nonexistent.
3478 + Remove all code and templates dealing with the default database and DIT
3479 creation.
3480 + Add an Authz map from root user (UID=0) to cn=localroot,cn=config and
3481 grant all access to the latter in the cn=config database as well as the
3482 default backend configuration.
3483 * Add cn=localroot,cn=config authz mapping on upgrades.
3484
3485 -- Mathias Gug <mathiaz@ubuntu.com> Tue, 11 Aug 2009 14:48:56 -0400
3486
3487openldap (2.4.17-1ubuntu2) karmic; urgency=low
3488
3489 [ Thierry Carrez ]
3490 * debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
3491 in the openldap library, as required by Likewise-Open (LP: #390579)
3492
3493 [ Mathias Gug ]
3494 * debian/patches/its6077-uniqueness-overlay: fixes some issues with the
3495 uniqueness overlay.
3496 * debian/patches/its6220-writetimeout-directive: fixes a problem with the
3497 writetimeout directive being in effect even if it wasn't set,
3498 closing connections incorrectly.
3499 * debian/patches/its6222-dncachesize-parameter: fixes the behavior of the
3500 dncachesize parameter that was added in RE24, so that if it is set to
3501 "0" (now the default), it has an unlimited DN cache (RE23 always
3502 had an unlimited DN cache).
3503
3504 -- Mathias Gug <mathiaz@ubuntu.com> Fri, 31 Jul 2009 13:43:46 -0400
3505
3506openldap (2.4.17-1ubuntu1) karmic; urgency=low
3507
3508 [ Steve Langasek ]
3509 * Fix up the lintian warnings:
3510 - add missing misc-depends on all packages
3511 - slapd, libldap-2.4-2-dbg sections changed to 'debug' to match archive
3512 overrides
3513 - bump Standards-Version to 3.8.2, no changes required.
3514
3515 [ Mathias Gug ]
3516 * Resynchronise with Debian. Remaining changes:
3517 - AppArmor support:
3518 - debian/apparmor-profile: add AppArmor profile
3519 - updated debian/slapd.README.Debian for note on AppArmor
3520 - debian/slapd.dirs: add etc/apparmor.d/force-complain
3521 - debian/slapd.postrm: remove symlink in force-complain/ on purge
3522 - debian/rules: install apparmor profile.
3523 - Don't use local statement in config script as it fails if /bin/sh
3524 points to bash.
3525 - debian/slapd.postinst, debian/slapd.script-common: set correct
3526 ownership and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group
3527 readable) and /var/run/slapd (world readable).
3528 - Enable nssoverlay:
3529 - debian/patches/nssov-build, debian/rules: Build and package the nss
3530 overlay.
3531 - debian/schema/misc.ldif: add ldif file for the misc schema which
3532 defines rfc822MailMember (required by the nss overlay).
3533 - debian/{control,rules}: enable PIE hardening
3534 - Use cn=config as the default configuration backend instead of
3535 slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade
3536 asking the end user to enter a new password to control the access to
3537 the cn=config tree.
3538 - debian/slapd.postinst: create /var/run/slapd before updating its
3539 permissions.
3540 - debian/slapd.init: Correctly set slapd config backend option even if
3541 the pidfile is configured in slapd default file.
3542 * Dropped:
3543 - Merged in Debian:
3544 - Update priority of libldap-2.4-2 to match the archive override.
3545 - Add the missing ldapexop and ldapurl tools to ldap-utils, as well as
3546 the ldapurl(1) manpage.
3547 - Bump build-dependency on debhelper to 6 instead of 5, since that's
3548 what we're using.
3549 - Set the default SLAPD_SERVICES to ldap:/// ldapi:///, instead of using
3550 the built-in default of ldap:/// only.
3551 - Fixed in upstream release:
3552 - debian/patches/fix-ldap_back_entry_get_rwa.patch: fix test-0034
3553 failure when built with PIE.
3554 - debian/patches/gnutls-enable-v1-ca-certs: Enable V1 CA certs to be
3555 trusted.
3556 - Update Apparmor profile support: don't support upgrade from pre-hardy
3557 systems:
3558 - debian/slapd.postinst: Reload AA profile on configuration
3559 - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
3560 - debian/control: Conflicts with apparmor-profiles <<
3561 2.1+1075-0ubuntu4 to make sure that if earlier version of
3562 apparmor-profiles gets installed it won't overwrite our profile.
3563 - follow ApparmorProfileMigration and force apparmor complain mode on
3564 some upgrades
3565 - debian/slapd.preinst: create symlink for force-complain on
3566 pre-feisty upgrades, upgrades where apparmor-profiles profile is
3567 unchanged (ie non-enforcing) and upgrades where apparmor profile
3568 does not exist.
3569 - debian/patches/autogen.sh: no longer needed with karmic libtool.
3570 - Call libtoolize with the --install option to install
3571 config.{guess,sub} files.
3572
3573 -- Mathias Gug <mathiaz@ubuntu.com> Thu, 30 Jul 2009 16:42:58 -0400
3574
1248openldap (2.4.17-1) unstable; urgency=low3575openldap (2.4.17-1) unstable; urgency=low
12493576
1250 * New upstream version.3577 * New upstream version.
@@ -1267,6 +3594,153 @@ openldap (2.4.17-1) unstable; urgency=low
12673594
1268 -- Steve Langasek <vorlon@debian.org> Tue, 28 Jul 2009 10:17:15 -07003595 -- Steve Langasek <vorlon@debian.org> Tue, 28 Jul 2009 10:17:15 -0700
12693596
3597openldap (2.4.15-1.1ubuntu1) karmic; urgency=low
3598
3599 * Resynchronise with Debian. Remaining changes:
3600 - AppArmor support:
3601 - debian/apparmor-profile: add AppArmor profile
3602 - debian/slapd.postinst: Reload AA profile on configuration
3603 - updated debian/slapd.README.Debian for note on AppArmor
3604 - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
3605 - debian/control: Conflicts with apparmor-profiles <<
3606 2.1+1075-0ubuntu4 to make sure that if earlier version of
3607 apparmor-profiles gets installed it won't overwrite our profile.
3608 - follow ApparmorProfileMigration and force apparmor complain mode on
3609 some upgrades
3610 - debian/slapd.dirs: add etc/apparmor.d/force-complain
3611 - debian/slapd.preinst: create symlink for force-complain on
3612 pre-feisty upgrades, upgrades where apparmor-profiles profile is
3613 unchanged (ie non-enforcing) and upgrades where apparmor profile
3614 does not exist.
3615 - debian/slapd.postrm: remove symlink in force-complain/ on purge
3616 - debian/patches/autogen.sh:
3617 - Call libtoolize with the --install option to install
3618 config.{guess,sub} files.
3619 - Don't use local statement in config script as it fails if /bin/sh
3620 points to bash.
3621 - debian/slapd.postinst, debian/slapd.script-common: set correct
3622 ownership and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group
3623 readable) and /var/run/slapd (world readable).
3624 - Enable nssoverlay:
3625 - debian/patches/nssov-build, debian/rules: Build and package the nss
3626 overlay.
3627 - debian/schema/misc.ldif: add ldif file for the misc schema which
3628 defines rfc822MailMember (required by the nss overlay).
3629 - debian/{control,rules}: enable PIE hardening
3630 - Use cn=config as the default configuration backend instead of
3631 slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade
3632 asking the end user to enter a new password to control the access to
3633 the cn=config tree.
3634 - Update priority of libldap-2.4-2 to match the archive override.
3635 - Add the missing ldapexop and ldapurl tools to ldap-utils, as well as
3636 the ldapurl(1) manpage.
3637 - Bump build-dependency on debhelper to 6 instead of 5, since that's
3638 what we're using.
3639 - Set the default SLAPD_SERVICES to ldap:/// ldapi:///, instead of using
3640 the built-in default of ldap:/// only.
3641 - debian/patches/fix-ldap_back_entry_get_rwa.patch: fix test-0034
3642 failure when built with PIE.
3643 - debian/patches/gnutls-enable-v1-ca-certs: Enable V1 CA certs to be
3644 trusted.
3645 - debian/slapd.postinst: create /var/run/slapd before updating its
3646 permissions.
3647 - debian/slapd.init: Correctly set slapd config backend option even if
3648 the pidfile is configured in slapd default file.
3649 * Drop patch to avoid the test suite on hppa, as hppa is EOL.
3650
3651 -- Colin Watson <cjwatson@ubuntu.com> Wed, 24 Jun 2009 10:45:20 +0100
3652
3653openldap (2.4.15-1.1) unstable; urgency=low
3654
3655 * Non-maintainer upload.
3656 * Change libltdl3-dev Build-Depends to libltdl-dev | libltdl3-dev
3657 (Closes: #522965)
3658
3659 -- Kurt Roeckx <kurt@roeckx.be> Sun, 19 Apr 2009 18:24:32 +0200
3660
3661openldap (2.4.15-1ubuntu3) jaunty; urgency=low
3662
3663 * No-change rebuild to fix lpia shared library dependencies.
3664
3665 -- Colin Watson <cjwatson@ubuntu.com> Thu, 19 Mar 2009 09:52:40 +0000
3666
3667openldap (2.4.15-1ubuntu2) jaunty; urgency=low
3668
3669 * debian/slapd.postinst: create /var/run/slapd before updating its
3670 permissions (LP: #298928).
3671 * debian/slapd.init: Correclty set slapd config backend option even if the
3672 pidfile is configured in slapd default file (LP: #292364).
3673 * debian/apparmor-profile: support multiple databases to be stored under
3674 /var/lib/ldap/. (LP: #286614).
3675
3676 -- Mathias Gug <mathiaz@ubuntu.com> Fri, 13 Mar 2009 13:56:12 -0400
3677
3678openldap (2.4.15-1ubuntu1) jaunty; urgency=low
3679
3680 [ Steve Langasek ]
3681 * Update priority of libldap-2.4-2 to match the archive override.
3682 * Add the missing ldapexop and ldapurl tools to ldap-utils, as well as the
3683 ldapurl(1) manpage. Thanks to Peter Marschall for the patch.
3684 Closes: #496749.
3685 * Bump build-dependency on debhelper to 6 instead of 5, since that's
3686 what we're using. Closes: #498116.
3687 * Set the default SLAPD_SERVICES to ldap:/// ldapi:///, instead of using
3688 the built-in default of ldap:/// only.
3689
3690 [ Mathias Gug ]
3691 * Merge from debian unstable, remaining changes:
3692 - Modify Maintainer value to match the DebianMaintainerField
3693 speficication.
3694 - AppArmor support:
3695 - debian/apparmor-profile: add AppArmor profile
3696 - debian/slapd.postinst: Reload AA profile on configuration
3697 - updated debian/slapd.README.Debian for note on AppArmor
3698 - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
3699 - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
3700 to make sure that if earlier version of apparmour-profiles gets
3701 installed it won't overwrite our profile.
3702 - follow ApparmorProfileMigration and force apparmor compalin mode on
3703 some upgrades (LP: #203529)
3704 - debian/slapd.dirs: add etc/apparmor.d/force-complain
3705 - debian/slapd.preinst: create symlink for force-complain on pre-feisty
3706 upgrades, upgrades where apparmor-profiles profile is unchanged (ie
3707 non-enforcing) and upgrades where apparmor profile does not exist.
3708 - debian/slapd.postrm: remove symlink in force-complain/ on purge
3709 - debian/control:
3710 - Build-depend on libltdl7-dev rather then libltdl3-dev.
3711 - debian/patches/autogen.sh:
3712 - Call libtoolize with the --install option to install config.{guess,sub}
3713 files.
3714 - Don't use local statement in config script as it fails if /bin/sh
3715 points to bash (LP: #286063).
3716 - Disable the testsuite on hppa. Allows building of packages on this
3717 architecture again, once this package is in the archive.
3718 LP: #288908.
3719 - debian/slapd.postinst, debian/slapd.script-common: set correct ownership
3720 and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group readable) and
3721 /var/run/slapd (world readable). (LP: #257667).
3722 - Enable nssoverlay:
3723 - debian/patches/nssov-build, debian/rules: Build and package
3724 the nss overlay.
3725 - debian/schema/misc.ldif: add ldif file for the misc schema
3726 which defines rfc822MailMember (required by the nss overlay).
3727 - debian/{control,rules}: enable PIE hardening
3728 - Use cn=config as the default configuration backend instead of
3729 slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade
3730 asking the end user to enter a new password to control the access to the
3731 cn=config tree.
3732 * Dropped:
3733 - debian/patches/corrupt-contextCSN: The contextCSN can get corrupted at
3734 times. (ITS: #5947) Fixed in new upstream version 2.4.15.
3735 - debian/patches/fix-ucred-libc due to changes how newer glibc handle
3736 the ucred struct now. Implemented in Debian.
3737 * debian/patches/fix-ldap_back_entry_get_rwa.patch: fix test-0034 failure
3738 when built with PIE.
3739 * debian/patches/gnutls-enable-v1-ca-certs: Enable V1 CA certs to be
3740 trusted (LP: #305264).
3741
3742 -- Mathias Gug <mathiaz@ubuntu.com> Fri, 06 Mar 2009 17:34:21 -0500
3743
1270openldap (2.4.15-1) unstable; urgency=low3744openldap (2.4.15-1) unstable; urgency=low
12713745
1272 * New upstream version3746 * New upstream version
@@ -1284,6 +3758,69 @@ openldap (2.4.15-1) unstable; urgency=low
12843758
1285 -- Steve Langasek <vorlon@debian.org> Tue, 24 Feb 2009 14:27:35 -08003759 -- Steve Langasek <vorlon@debian.org> Tue, 24 Feb 2009 14:27:35 -0800
12863760
3761openldap (2.4.14-0ubuntu1) jaunty; urgency=low
3762
3763 [ Steve Langasek ]
3764 * New upstream version
3765 - Fixes a bug with the pcache overlay not returning cached entries
3766 (closes: #497697)
3767 - Update evolution-ntlm patch to apply to current Makefiles.
3768 - (tentatively) drop gnutls-ciphers, since this bug was reported to be
3769 fixed upstream in 2.4.8. The fix applied in 2.4.8 didn't match the
3770 patch from the bug report, so this should be watched for regressions.
3771 * Build against db4.7 instead of db4.2 at last! Closes: #421946.
3772 * Build with --disable-ndb, to avoid a misbuild when libmysqlclient is
3773 installed in the build environment.
3774 * New patch, no-crlcheck-for-gnutls, to fix a build failure when using
3775 --with-tls=gnutls.
3776
3777 [ Mathias Gug ]
3778 * Merge from debian unstable, remaining changes:
3779 - debian/apparmor-profile: add AppArmor profile
3780 - debian/slapd.postinst: Reload AA profile on configuration
3781 - updated debian/slapd.README.Debian for note on AppArmor
3782 - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
3783 - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
3784 to make sure that if earlier version of apparmour-profiles gets
3785 installed it won't overwrite our profile.
3786 - Modify Maintainer value to match the DebianMaintainerField
3787 speficication.
3788 - follow ApparmorProfileMigration and force apparmor compalin mode on
3789 some upgrades (LP: #203529)
3790 - debian/slapd.dirs: add etc/apparmor.d/force-complain
3791 - debian/slapd.preinst: create symlink for force-complain on pre-feisty
3792 upgrades, upgrades where apparmor-profiles profile is unchanged (ie
3793 non-enforcing) and upgrades where apparmor profile does not exist.
3794 - debian/slapd.postrm: remove symlink in force-complain/ on purge
3795 - debian/patches/fix-ucred-libc due to changes how newer glibc handle
3796 the ucred struct now.
3797 - debian/control:
3798 - Build-depend on libltdl7-dev rather then libltdl3-dev.
3799 - debian/patches/autogen.sh:
3800 - Call libtoolize with the --install option to install config.{guess,sub}
3801 files.
3802 - Don't use local statement in config script as it fails if /bin/sh
3803 points to bash (LP: #286063).
3804 - Disable the testsuite on hppa. Allows building of packages on this
3805 architecture again, once this package is in the archive.
3806 LP: #288908.
3807 - debian/slapd.postinst, debian/slapd.script-common: set correct ownership
3808 and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group readable) and
3809 /var/run/slapd (world readable). (LP: #257667).
3810 - debian/patches/nssov-build, debian/rules:
3811 Build and package the nss overlay.
3812 debian/schema/misc.ldif: add ldif file for the misc schema, which defines
3813 rfc822MailMember (required by the nss overlay).
3814 - debian/{control,rules}: enable PIE hardening
3815 - Use cn=config as the default configuration backend instead of
3816 slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade
3817 asking the end user to enter a new password to control the access to the
3818 cn=config tree.
3819 * debian/patches/corrupt-contextCSN: The contextCSN can get corrupted at
3820 times. (ITS: #5947)
3821
3822 -- Mathias Gug <mathiaz@ubuntu.com> Wed, 18 Feb 2009 18:44:00 -0500
3823
1287openldap (2.4.11-1) unstable; urgency=low3824openldap (2.4.11-1) unstable; urgency=low
12883825
1289 * New upstream version (closes: #499560).3826 * New upstream version (closes: #499560).
@@ -1306,6 +3843,110 @@ openldap (2.4.11-1) unstable; urgency=low
13063843
1307 -- Steve Langasek <vorlon@debian.org> Sat, 11 Oct 2008 01:53:55 -07003844 -- Steve Langasek <vorlon@debian.org> Sat, 11 Oct 2008 01:53:55 -0700
13083845
3846openldap (2.4.11-0ubuntu7) jaunty; urgency=low
3847
3848 * Don't use local statement in config script as it fails if /bin/sh
3849 points to bash (LP: #286063).
3850
3851 -- Mathias Gug <mathiaz@ubuntu.com> Tue, 04 Nov 2008 20:03:46 -0500
3852
3853openldap (2.4.11-0ubuntu6) intrepid; urgency=low
3854
3855 * Disable the testsuite on hppa. Allows building of packages on this
3856 architecture again, once this package is in the archive.
3857 LP: #288908.
3858
3859 -- Matthias Klose <doko@ubuntu.com> Fri, 24 Oct 2008 23:22:33 +0200
3860
3861openldap (2.4.11-0ubuntu5) intrepid; urgency=low
3862
3863 * Don't set admin passwords in ldif files if adminpw is empty.
3864 (LP: #273988 - LP: #276606).
3865
3866 -- Mathias Gug <mathiaz@ubuntu.com> Mon, 13 Oct 2008 19:31:15 -0400
3867
3868openldap (2.4.11-0ubuntu4) intrepid; urgency=low
3869
3870 * debian/slapd.postinst, debian/slapd.script-common: set correct ownership
3871 and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group readable) and
3872 /var/run/slapd (world readable). (LP: #257667).
3873 * debian/slapd.script-common:
3874 - Fix package reconfiguration:
3875 + Remove slapd.d/ directory if it already exists when creating a new
3876 configuration.
3877 + Fix backup directory naming for multiple reconfiguration.
3878
3879 -- Mathias Gug <mathiaz@ubuntu.com> Wed, 24 Sep 2008 21:01:42 -0400
3880
3881openldap (2.4.11-0ubuntu3) intrepid; urgency=low
3882
3883 * debian/patches/nssov-build, debian/rules:
3884 Build and package the nss overlay.
3885 * debian/schema/misc.ldif: add ldif file for the misc schema, which defines
3886 rfc822MailMember (required by the nss overlay).
3887
3888 -- Mathias Gug <mathiaz@ubuntu.com> Tue, 26 Aug 2008 18:42:54 -0400
3889
3890openldap (2.4.11-0ubuntu2) intrepid; urgency=low
3891
3892 * debian/{control,rules}: enable PIE hardening
3893
3894 -- Kees Cook <kees@ubuntu.com> Wed, 20 Aug 2008 15:47:01 -0700
3895
3896openldap (2.4.11-0ubuntu1) intrepid; urgency=low
3897
3898 * New upstream version:
3899 - Mainly bug fixes.
3900 - New nss slapd overlay (not compiled by default).
3901 * Use cn=config as the default configuration backend instead of
3902 slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade
3903 asking the end user to enter a new password to control the access to the
3904 cn=config tree.
3905
3906 -- Mathias Gug <mathiaz@ubuntu.com> Mon, 11 Aug 2008 20:26:05 -0400
3907
3908openldap (2.4.10-3ubuntu1) intrepid; urgency=low
3909
3910 [ Mathias Gug ]
3911 * Merge from debian unstable, remaining changes:
3912 - debian/apparmor-profile: add AppArmor profile
3913 - debian/slapd.postinst: Reload AA profile on configuration
3914 - updated debian/slapd.README.Debian for note on AppArmor
3915 - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
3916 - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
3917 to make sure that if earlier version of apparmour-profiles gets
3918 installed it won't overwrite our profile.
3919 - Modify Maintainer value to match the DebianMaintainerField
3920 speficication.
3921 - follow ApparmorProfileMigration and force apparmor compalin mode on
3922 some upgrades (LP: #203529)
3923 - debian/slapd.dirs: add etc/apparmor.d/force-complain
3924 - debian/slapd.preinst: create symlink for force-complain on pre-feisty
3925 upgrades, upgrades where apparmor-profiles profile is unchanged (ie
3926 non-enforcing) and upgrades where apparmor profile does not exist.
3927 - debian/slapd.postrm: remove symlink in force-complain/ on purge
3928 - debian/patches/fix-ucred-libc due to changes how newer glibc handle
3929 the ucred struct now.
3930 - debian/patches/fix-unique-overlay-assertion.patch:
3931 Fix another assertion error in unique overlay (LP: #243337).
3932 Backport from head.
3933 * Dropped - implemented in Debian:
3934 - debian/patches/fix-gnutls-key-strength.patch:
3935 Fix slapd handling of ssf using gnutls. (LP: #244925).
3936 - debian/control:
3937 Add time as build dependency: needed by make test.
3938 * debian/control:
3939 - Build-depend on libltdl7-dev rather then libltdl3-dev.
3940 * debian/patches/autogen.sh:
3941 - Call libtoolize with the --install option to install config.{guess,sub}
3942 files.
3943
3944 [ Jamie Strandboge ]
3945 * adjust apparmor profile to allow gssapi (LP: #229252)
3946 * adjust apparmor profile to allow cnconfig (LP: #243525)
3947
3948 -- Mathias Gug <mathiaz@ubuntu.com> Wed, 30 Jul 2008 19:46:02 -0400
3949
1309openldap (2.4.10-3) unstable; urgency=low3950openldap (2.4.10-3) unstable; urgency=low
13103951
1311 [ Steve Langasek ]3952 [ Steve Langasek ]
@@ -1339,6 +3980,40 @@ openldap (2.4.10-3) unstable; urgency=low
13393980
1340 -- Steve Langasek <vorlon@debian.org> Mon, 28 Jul 2008 15:26:06 -07003981 -- Steve Langasek <vorlon@debian.org> Mon, 28 Jul 2008 15:26:06 -0700
13413982
3983openldap (2.4.10-2ubuntu1) intrepid; urgency=low
3984
3985 * Merge from debian unstable, remaining changes:
3986 - debian/apparmor-profile: add AppArmor profile
3987 - debian/slapd.postinst: Reload AA profile on configuration
3988 - updated debian/slapd.README.Debian for note on AppArmor
3989 - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
3990 - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
3991 to make sure that if earlier version of apparmour-profiles gets
3992 installed it won't overwrite our profile.
3993 - Modify Maintainer value to match the DebianMaintainerField
3994 speficication.
3995 - follow ApparmorProfileMigration and force apparmor compalin mode on
3996 some upgrades (LP: #203529)
3997 - debian/slapd.dirs: add etc/apparmor.d/force-complain
3998 - debian/slapd.preinst: create symlink for force-complain on pre-feisty
3999 upgrades, upgrades where apparmor-profiles profile is unchanged (ie
4000 non-enforcing) and upgrades where apparmor profile does not exist.
4001 - debian/slapd.postrm: remove symlink in force-complain/ on purge
4002 - debian/patches/fix-ucred-libc due to changes how newer glibc handle
4003 the ucred struct now.
4004 - debian/patches/fix-unique-overlay-assertion.patch:
4005 Fix another assertion error in unique overlay (LP: #243337).
4006 Backport from head.
4007 - debian/patches/fix-gnutls-key-strength.patch:
4008 Fix slapd handling of ssf using gnutls. (LP: #244925).
4009 - debian/control:
4010 Add time as build dependency: needed by make test.
4011 * Dropped - implemented in Debian:
4012 - debian/rules:
4013 Support debuild nocheck option: don't run tests if nocheck is set.
4014
4015 -- Mathias Gug <mathiaz@ubuntu.com> Thu, 10 Jul 2008 14:45:49 -0400
4016
1342openldap (2.4.10-2) unstable; urgency=low4017openldap (2.4.10-2) unstable; urgency=low
13434018
1344 * Support DEB_BUILD_OPTIONS=nocheck to disable running the test suite at4019 * Support DEB_BUILD_OPTIONS=nocheck to disable running the test suite at
@@ -1353,6 +4028,54 @@ openldap (2.4.10-2) unstable; urgency=low
13534028
1354 -- Steve Langasek <vorlon@debian.org> Sun, 06 Jul 2008 22:03:32 -07004029 -- Steve Langasek <vorlon@debian.org> Sun, 06 Jul 2008 22:03:32 -0700
13554030
4031openldap2.3 (2.4.10-1ubuntu1) intrepid; urgency=low
4032
4033 * Merge from debian unstable, remaining changes:
4034 - debian/apparmor-profile: add AppArmor profile
4035 - debian/slapd.postinst: Reload AA profile on configuration
4036 - updated debian/slapd.README.Debian for note on AppArmor
4037 - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
4038 - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
4039 to make sure that if earlier version of apparmour-profiles gets
4040 installed it won't overwrite our profile.
4041 - Modify Maintainer value to match the DebianMaintainerField
4042 speficication.
4043 - follow ApparmorProfileMigration and force apparmor compalin mode on
4044 some upgrades (LP: #203529)
4045 - debian/slapd.dirs: add etc/apparmor.d/force-complain
4046 - debian/slapd.preinst: create symlink for force-complain on pre-feisty
4047 upgrades, upgrades where apparmor-profiles profile is unchanged (ie
4048 non-enforcing) and upgrades where apparmor profile does not exist.
4049 - debian/slapd.postrm: remove symlink in force-complain/ on purge
4050 - debian/patches/fix-ucred-libc due to changes how newer glibc handle
4051 the ucred struct now.
4052 - debian/patches/fix-unique-overlay-assertion.patch:
4053 Fix another assertion error in unique overlay (LP: #243337).
4054 Backport from head.
4055 * debian/control:
4056 - add time as build dependency: needed by make test.
4057 * debian/rules:
4058 - support debuild nocheck option: don't run tests if nocheck is set.
4059 * debian/patches/fix-gnutls-key-strength.patch:
4060 - fix slapd handling of ssf using gnutls. (LP: #244925).
4061 * Dropped - accepted in Debian:
4062 - debian/rules, debian/slapd.links: use hard links to slapd instead of
4063 symlinks for slap* so these applications aren't confined by apparmor
4064 (LP: #203898)
4065 * Dropped - fixed in new upstream release:
4066 - debian/patches/fix-assertion-io.patch: Fixes ber_flush2 assertion.
4067 (LP: #215904)
4068 - debian/patches/fix-dnpretty-assertion.patch: Fix dnPrettyNormal assertion
4069 error. (LP: #234196)
4070 - dropped debian/patches/fix-notify-crasher.patch: Fix modify timestamp crashes.
4071 (LP: #220724)
4072 - debian/patches/fix-syncrepl-oops: Fixes segmentation fault when using
4073 syncrepl. (LP: #227178)
4074 - dropped debian/patches/SECURITY_CVE-2008-0658.patch. Already applied
4075 upstream.
4076
4077 -- Mathias Gug <mathiaz@ubuntu.com> Thu, 03 Jul 2008 14:15:08 -0400
4078
1356openldap2.3 (2.4.10-1) unstable; urgency=low4079openldap2.3 (2.4.10-1) unstable; urgency=low
13574080
1358 [ Steve Langasek ]4081 [ Steve Langasek ]
@@ -1377,6 +4100,64 @@ openldap2.3 (2.4.10-1) unstable; urgency=low
13774100
1378 -- Steve Langasek <vorlon@debian.org> Mon, 30 Jun 2008 04:28:34 -07004101 -- Steve Langasek <vorlon@debian.org> Mon, 30 Jun 2008 04:28:34 -0700
13794102
4103openldap2.3 (2.4.9-1ubuntu4) intrepid; urgency=low
4104
4105 * debian/patches/fix-unique-overlay-assertion.patch:
4106 - Fix another assertion error in unique overlay, backported from head.
4107 (LP: #243337) Note: This patch will still be needed when moved to 2.4.10
4108
4109 -- Chuck Short <zulcss@ubuntu.com> Mon, 30 Jun 2008 18:49:52 +0000
4110
4111openldap2.3 (2.4.9-1ubuntu3) intrepid; urgency=low
4112
4113 * Drop spurious dependency on hiemdal-dev. Caused by an aborted attempt to
4114 include the smbk5pwd overlay.
4115
4116 -- Chuck Short <zulcss@ubuntu.com> Wed, 11 Jun 2008 21:25:40 +0000
4117
4118openldap2.3 (2.4.9-1ubuntu2) intrepid; urgency=low
4119
4120 * Rebuild for perl 5.10 transition (LP: #230016)
4121 * debian/patches/fix-syncrepl-oops: Fixes segmentation fault when using
4122 syncrepl. (LP: #227178)
4123
4124 -- Chuck Short <zulcss@ubuntu.com> Mon, 09 Jun 2008 14:56:40 +0000
4125
4126openldap2.3 (2.4.9-1ubuntu1) intrepid; urgency=low
4127
4128 * Merge from debian unstable, remaining changes:
4129 - debian/apparmor-profile: add AppArmor profile
4130 - debian/slapd.postinst: Reload AA profile on configuration
4131 - updated debian/slapd.README.Debian for note on AppArmor
4132 - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
4133 - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
4134 to make sure that if earlier version of apparmour-profiles gets
4135 installed it won't overwrite our profile.
4136 - Modify Maintainer value to match the DebianMaintainerField
4137 speficication.
4138 - follow ApparmorProfileMigration and force apparmor compalin mode on
4139 some upgrades (LP: #203529)
4140 - debian/slapd.dirs: add etc/apparmor.d/force-complain
4141 - debian/slapd.preinst: create symlink for force-complain on pre-feisty
4142 upgrades, upgrades where apparmor-profiles profile is unchanged (ie
4143 non-enforcing) and upgrades where apparmor profile does not exist.
4144 - debian/slapd.postrm: remove symlink in force-complain/ on purge
4145 - debian/rules, debian/slapd.links: use hard links to slapd instead of
4146 symlinks for slap* so these applications aren't confined by apparmor
4147 (LP: #203898)
4148 - debian/patches/fix-assertion-io.patch: Fixes ber_flush2 assertion.
4149 (LP: #215904)
4150 - debian/patches/fix-dnpretty-assertion.patch: Fix dnPrettyNormal assertion
4151 error. (LP: #234196)
4152 - dropped debian/patches/fix-notify-crasher.patch: Fix modify timestamp crashes.
4153 (LP: #220724)
4154 - dropped debian/patches/SECURITY_CVE-2008-0658.patch. Already applied
4155 upstream.
4156 * Added debian/patches/fix-ucred-libc due to changes how newer glibc handle
4157 the ucred struct now.
4158
4159 -- Chuck Short <zulcss@ubuntu.com> Fri, 30 May 2008 17:09:53 +0100
4160
1380openldap2.3 (2.4.9-1) unstable; urgency=low4161openldap2.3 (2.4.9-1) unstable; urgency=low
13814162
1382 [ Updated debconf translations ]4163 [ Updated debconf translations ]
@@ -1447,6 +4228,51 @@ openldap2.3 (2.4.7-6.1) unstable; urgency=high
14474228
1448 -- Nico Golde <nion@debian.org> Tue, 04 Mar 2008 14:34:44 +01004229 -- Nico Golde <nion@debian.org> Tue, 04 Mar 2008 14:34:44 +0100
14494230
4231openldap2.3 (2.4.7-6ubuntu3) hardy; urgency=low
4232
4233 * remove apparmor-profile workaround for Launchpad #202161 (it's now fixed
4234 in klibc)
4235
4236 -- Jamie Strandboge <jamie@ubuntu.com> Mon, 07 Apr 2008 16:09:38 -0400
4237
4238openldap2.3 (2.4.7-6ubuntu2) hardy; urgency=low
4239
4240 * apparmor-profile workaround for Launchpad #202161
4241 * follow ApparmorProfileMigration and force apparmor complain mode on some
4242 upgrades (LP: #203529)
4243 - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
4244 - debian/slapd.dirs: add etc/apparmor.d/force-complain
4245 - debian/slapd.preinst: create symlink for force-complain/ on pre-feisty
4246 upgrades, upgrades where apparmor-profiles profile is unchanged (ie
4247 non-enforcing) and upgrades where apparmor profile does not exist
4248 - debian/slapd.postrm: remove symlink in force-complain/ on purge
4249 * debian/rules, debian/slapd.links: use hard links to slapd instead of
4250 symlinks for slap* so these applications aren't confined by apparmor
4251 (LP: #203898)
4252
4253 -- Jamie Strandboge <jamie@ubuntu.com> Tue, 18 Mar 2008 13:53:23 -0400
4254
4255openldap2.3 (2.4.7-6ubuntu1) hardy; urgency=low
4256
4257 * Merge from Debian unstable, remaining changes:
4258 + debian/patches/SECURITY_CVE-2008-0658.patch (LP: #197077)
4259 slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39
4260 allows remote authenticated users to cause a denial of service (daemon
4261 crash) via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION)
4262 control, a related issue to CVE-2007-6698.
4263 + debian/apparmor-profile: add AppArmor profile
4264 + debian/slapd.postinst: Reload AA profile on configuration
4265 + updated debian/slapd.README.Debian for note on AppArmor
4266 + debian/control: Replaces apparmor-profiles << 2.1+1075-0ubuntu4 as we
4267 should now take control
4268 + debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
4269 to make sure that if earlier version of apparmor-profiles gets
4270 installed it won't overwrite our profile
4271 + Modify Maintainer value to match the DebianMaintainerField
4272 specification.
4273
4274 -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 04 Mar 2008 01:59:51 +0000
4275
1450openldap2.3 (2.4.7-6) unstable; urgency=low4276openldap2.3 (2.4.7-6) unstable; urgency=low
14514277
1452 [ Updated debconf translations ]4278 [ Updated debconf translations ]
@@ -1492,6 +4318,37 @@ openldap2.3 (2.4.7-6) unstable; urgency=low
14924318
1493 -- Steve Langasek <vorlon@debian.org> Thu, 28 Feb 2008 22:15:17 -08004319 -- Steve Langasek <vorlon@debian.org> Thu, 28 Feb 2008 22:15:17 -0800
14944320
4321openldap2.3 (2.4.7-5ubuntu2) hardy; urgency=low
4322
4323 * SECURITY UPDATE:
4324 + debian/patches/SECURITY_CVE-2008-0658.patch (LP: #197077)
4325 slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39
4326 allows remote authenticated users to cause a denial of service (daemon crash)
4327 via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION) control, a related
4328 issue to CVE-2007-6698.
4329
4330 * References
4331 - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-0658
4332 - http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5358
4333
4334 -- Emanuele Gentili <emgent@emanuele-gentili.com> Sun, 02 Mar 2008 16:34:30 +0100
4335
4336openldap2.3 (2.4.7-5ubuntu1) hardy; urgency=low
4337
4338 * add AppArmor profile
4339 + debian/apparmor-profile
4340 + debian/slapd.postinst: Reload AA profile on configuration
4341 * updated debian/slapd.README.Debian for note on AppArmor
4342 * debian/control: Replaces apparmor-profiles << 2.1+1075-0ubuntu4 as we
4343 should now take control
4344 * debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
4345 to make sure that if earlier version of apparmor-profiles gets installed
4346 it won't overwrite our profile
4347 * Modify Maintainer value to match the DebianMaintainerField
4348 specification.
4349
4350 -- Jamie Strandboge <jamie@ubuntu.com> Wed, 13 Feb 2008 17:15:41 +0000
4351
1495openldap2.3 (2.4.7-5) unstable; urgency=low4352openldap2.3 (2.4.7-5) unstable; urgency=low
14964353
1497 [ Updated debconf translations ]4354 [ Updated debconf translations ]
diff --git a/debian/control b/debian/control
index 263cc9e..7a3b0c8 100644
--- a/debian/control
+++ b/debian/control
@@ -1,11 +1,13 @@
1Source: openldap1Source: openldap
2Section: net2Section: net
3Priority: optional3Priority: optional
4Maintainer: Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>4Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
5XSBC-Original-Maintainer: Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>
5Uploaders: Steve Langasek <vorlon@debian.org>,6Uploaders: Steve Langasek <vorlon@debian.org>,
6 Torsten Landschoff <torsten@debian.org>,7 Torsten Landschoff <torsten@debian.org>,
7 Ryan Tandy <ryan@nardis.ca>8 Ryan Tandy <ryan@nardis.ca>
8Build-Depends: debhelper-compat (= 12),9Build-Depends: debhelper-compat (= 12),
10 dh-apparmor,
9 dpkg-dev (>= 1.17.14),11 dpkg-dev (>= 1.17.14),
10 groff-base,12 groff-base,
11 heimdal-multidev (>= 7.4.0.dfsg.1-1~) <!pkg.openldap.noslapd>,13 heimdal-multidev (>= 7.4.0.dfsg.1-1~) <!pkg.openldap.noslapd>,
@@ -35,7 +37,7 @@ Depends: ${shlibs:Depends}, libldap-2.5-0 (= ${binary:Version}),
35 coreutils (>= 4.5.1-1), psmisc, perl:any (>> 5.8.0) | libmime-base64-perl,37 coreutils (>= 4.5.1-1), psmisc, perl:any (>> 5.8.0) | libmime-base64-perl,
36 adduser, lsb-base (>= 3.2-13), ${perl:Depends}, ${misc:Depends}38 adduser, lsb-base (>= 3.2-13), ${perl:Depends}, ${misc:Depends}
37Recommends: ldap-utils39Recommends: ldap-utils
38Suggests: libsasl2-modules,40Suggests: libsasl2-modules, ufw,
39 libsasl2-modules-gssapi-mit | libsasl2-modules-gssapi-heimdal41 libsasl2-modules-gssapi-mit | libsasl2-modules-gssapi-heimdal
40Conflicts: umich-ldapd, ldap-server, libltdl3 (= 1.5.4-1)42Conflicts: umich-ldapd, ldap-server, libltdl3 (= 1.5.4-1)
41Replaces: libldap2, ldap-utils (<< 2.2.23-3)43Replaces: libldap2, ldap-utils (<< 2.2.23-3)
diff --git a/debian/rules b/debian/rules
index cc0a583..3a80b0d 100755
--- a/debian/rules
+++ b/debian/rules
@@ -15,7 +15,7 @@ export DEB_BUILD_MAINT_OPTIONS := hardening=+all
15export AUTOMAKE = true15export AUTOMAKE = true
1616
17# Expose maintainer address to build/mkversion (see debian/patches/set-maintainer-name)17# Expose maintainer address to build/mkversion (see debian/patches/set-maintainer-name)
18export DEB_MAINTAINER := $(shell sed -ne 's/Maintainer:\s\+//p' debian/control)18export DEB_MAINTAINER := $(shell sed -ne 's/^Maintainer:\s\+//p' debian/control)
1919
20# Expose DEB_VERSION to build/version.sh (see debian/patches/debian-version)20# Expose DEB_VERSION to build/version.sh (see debian/patches/debian-version)
21export DEB_VERSION21export DEB_VERSION
@@ -157,6 +157,22 @@ endif
157 find $(installdir)/usr/share/man -name \*.8 \157 find $(installdir)/usr/share/man -name \*.8 \
158 | xargs perl -pi -e 's#(\.TH \w+ 8)C#$$1#'158 | xargs perl -pi -e 's#(\.TH \w+ 8)C#$$1#'
159159
160ifeq ($(filter stage1,$(DEB_BUILD_PROFILES)),)
161override_dh_install-arch:
162 dh_install
163
164 # install AppArmor profile
165 install -D -m 644 $(CURDIR)/debian/apparmor-profile $(CURDIR)/debian/slapd/etc/apparmor.d/usr.sbin.slapd
166
167 # install Apport hook
168 install -D -m 644 $(CURDIR)/debian/slapd.py $(CURDIR)/debian/slapd/usr/share/apport/package-hooks/slapd.py
169
170 # install ufw profile
171 install -D -m 644 $(CURDIR)/debian/slapd.ufw.profile $(CURDIR)/debian/slapd/etc/ufw/applications.d/slapd
172
173 dh_apparmor -pslapd --profile-name=usr.sbin.slapd
174endif
175
160override_dh_installinit:176override_dh_installinit:
161 dh_installinit --no-restart-after-upgrade --error-handler=ignore_init_failure -- "defaults 19 80"177 dh_installinit --no-restart-after-upgrade --error-handler=ignore_init_failure -- "defaults 19 80"
162178
diff --git a/debian/slapd.README.Debian b/debian/slapd.README.Debian
index ff7d66b..a4f3f55 100644
--- a/debian/slapd.README.Debian
+++ b/debian/slapd.README.Debian
@@ -252,6 +252,17 @@ Modifications Compared to Upstream
252252
253 -- Russ Allbery <rra@debian.org>, Thu, 14 Feb 2008 18:47:07 -0800253 -- Russ Allbery <rra@debian.org>, Thu, 14 Feb 2008 18:47:07 -0800
254254
255Apparmor Profile
256----------------
257
258 If your system uses AppArmor, please note that the shipped enforcing profile
259 works with the default installation, and changes in your configuration may
260 require changes to the installed apparmor profile. Please see
261 https://wiki.ubuntu.com/DebuggingApparmor before filing a bug against this
262 software.
263
264 -- Jamie Strandboge <jamie@ubuntu.com>, Mon, 4 Feb 2008 21:18:21 -0500
265
255Migrating your installation to OpenLDAP 2.5.x266Migrating your installation to OpenLDAP 2.5.x
256267
257 OpenLDAP 2.5 is a major new release and includes several incompatible268 OpenLDAP 2.5 is a major new release and includes several incompatible
diff --git a/debian/slapd.py b/debian/slapd.py
258new file mode 100644269new file mode 100644
index 0000000..b1aed25
--- /dev/null
+++ b/debian/slapd.py
@@ -0,0 +1,51 @@
1#!/usr/bin/python3
2
3'''apport hook for slapd
4
5(c) 2010 Adam Sommer.
6Author: Adam Sommer <asommer@ubuntu.com>
7
8This program is free software; you can redistribute it and/or modify it
9under the terms of the GNU General Public License as published by the
10Free Software Foundation; either version 2 of the License, or (at your
11option) any later version. See http://www.gnu.org/copyleft/gpl.html for
12the full text of the license.
13'''
14
15from apport.hookutils import *
16import os
17
18# Scrub olcRootPW attribute and credentials strings if necessary.
19def scrub_pass_strings(config):
20 olcrootpw_regex = re.compile('olcRootPW:.*')
21 olcrootpw_string = olcrootpw_regex.search(config)
22 if olcrootpw_string:
23 config = config.replace(olcrootpw_string.group(0), 'olcRootPW: @@APPORTREPLACED@@')
24
25 credentials_regex = re.compile('credentials=.* ')
26 credentials_string = credentials_regex.search(config)
27 if credentials_string:
28 config = config.replace(credentials_string.group(0), 'credentials=@@APPORTREPLACED@@ ')
29
30 return config
31
32def add_info(report, ui):
33 response = ui.yesno("The contents of your /etc/ldap/slapd.d directory "
34 "may help developers diagnose your bug more "
35 "quickly. However, it may contain sensitive "
36 "information. Do you want to include it in your "
37 "bug report?")
38
39 if response == None: # user cancelled
40 raise StopIteration
41
42 elif response == True:
43 # Get the cn=config tree.
44 cn_config = root_command_output(['/usr/bin/ldapsearch', '-Q', '-LLL', '-Y EXTERNAL', '-H ldapi:///', '-b cn=config'])
45 report['CNConfig'] = scrub_pass_strings(cn_config)
46
47 # Get slapd messages from /var/log/syslog
48 slapd_re = re.compile('slapd', re.IGNORECASE)
49 report['SysLog'] = recent_syslog(slapd_re)
50
51 attach_mac_events(report, '/usr/sbin/slapd')
diff --git a/debian/slapd.ufw.profile b/debian/slapd.ufw.profile
0new file mode 10064452new file mode 100644
index 0000000..3c4f676
--- /dev/null
+++ b/debian/slapd.ufw.profile
@@ -0,0 +1,9 @@
1[OpenLDAP LDAP]
2title=OpenLDAP with TLS
3description=OpenLDAP is a free, fast, lightweight LDAP server
4ports=389/tcp
5
6[OpenLDAP LDAPS]
7title=OpenLDAP over SSL
8description=OpenLDAP is a free, fast, lightweight LDAP server
9ports=636/tcp

Subscribers

People subscribed via source and target branches