Ubuntu
openldap package

Merge ~sergiodj/ubuntu/+source/openldap:merge-2.5.13+dfsg-1-kinetic into ubuntu/+source/openldap:debian/sid

  1. Git
  2. lp:~sergiodj/ubuntu/+source/openldap
  3. merge-2.5.13+dfsg-1-kinetic
  4. Merge into debian/sid
Proposed by Sergio Durigan Junior
Status: Merged
Approved by: git-ubuntu bot
Approved revision: not available
Merge reported by: git-ubuntu bot
Merged at revision: e3a1cdd0b6049a6b9e72239337ccc3e4ef343fa4
Proposed branch: ~sergiodj/ubuntu/+source/openldap:merge-2.5.13+dfsg-1-kinetic
Merge into: ubuntu/+source/openldap:debian/sid
Diff against target: 3494 lines (+3098/-4)
7 files modified
debian/apparmor-profile (+61/-0)
debian/changelog (+2939/-0)
debian/control (+10/-3)
debian/rules (+17/-1)
debian/slapd.README.Debian (+11/-0)
debian/slapd.py (+51/-0)
debian/slapd.ufw.profile (+9/-0)
Reviewer Review Type Date Requested Status
git-ubuntu bot Approve
Bryce Harrington (community) Approve
Canonical Server Reporter Pending
Review via email: mp+430175@code.launchpad.net

Description of the change

This is the merge of OpenLDAP 2.5.13+dfsg-1 from Debian unstable.

It's a trivial merge. We're keeping all of our delta, including the SASL/GSSAPI test enablement which will be dropped next cycle when we transition to OpenLDAP 2.6.x.

There's a PPA with the proposed changes here:

https://launchpad.net/~sergiodj/+archive/ubuntu/openldap

I will post the dep8 test results ASAP.

To post a comment you must log in.
Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

FWIW, this is a bugfix-only release and therefore we don't need an FFe for it.

Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

autopkgtest is OK:

Results: (from http://autopkgtest.ubuntu.com/results/autopkgtest-kinetic-sergiodj-openldap/?format=plain)
  openldap @ amd64:
    20.09.22 21:52:02 Log 🗒️ ✅ Triggers: openldap/2.5.13+dfsg-1ubuntu1~ppa1
  openldap @ arm64:
    20.09.22 21:42:22 Log 🗒️ ✅ Triggers: openldap/2.5.13+dfsg-1ubuntu1~ppa1
  openldap @ armhf:
    20.09.22 21:42:47 Log 🗒️ ✅ Triggers: openldap/2.5.13+dfsg-1ubuntu1~ppa1
  openldap @ ppc64el:
    20.09.22 21:39:53 Log 🗒️ ✅ Triggers: openldap/2.5.13+dfsg-1ubuntu1~ppa1
  openldap @ s390x:
    20.09.22 21:42:17 Log 🗒️ ✅ Triggers: openldap/2.5.13+dfsg-1ubuntu1~ppa1

Revision history for this message
Bryce Harrington (bryce) wrote :

Tests pass, logical changes are each correct, and changelog entry mentions all changes. The remaining delta does not look likely to be taken by Debian.

LGTM, +1

review: Approve
Revision history for this message
git-ubuntu bot (git-ubuntu-bot) wrote :

Approvers: sergiodj, bryce
Uploaders: sergiodj, bryce
MP auto-approved

review: Approve
Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

On Tuesday, September 20 2022, Bryce Harrington wrote:

> Tests pass, logical changes are each correct, and changelog entry mentions all changes. The remaining delta does not look likely to be taken by Debian.
>
> LGTM, +1

Thanks, Bryce. Uploaded:

$ dput openldap_2.5.13+dfsg-1ubuntu1_source.changes
Trying to upload package to ubuntu
Checking signature on .changes
gpg: /home/sergio/work/openldap/openldap_2.5.13+dfsg-1ubuntu1_source.changes: Valid signature from 106DA1C8C3CBBF14
Checking signature on .dsc
gpg: /home/sergio/work/openldap/openldap_2.5.13+dfsg-1ubuntu1.dsc: Valid signature from 106DA1C8C3CBBF14
Package includes an .orig.tar.gz file although the debian revision suggests
that it might not be required. Multiple uploads of the .orig.tar.gz may be
rejected by the upload queue management software.
Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading openldap_2.5.13+dfsg-1ubuntu1.dsc: done.
  Uploading openldap_2.5.13+dfsg.orig.tar.gz: done.
  Uploading openldap_2.5.13+dfsg-1ubuntu1.debian.tar.xz: done.
  Uploading openldap_2.5.13+dfsg-1ubuntu1_source.buildinfo: done.
  Uploading openldap_2.5.13+dfsg-1ubuntu1_source.changes: done.
Successfully uploaded packages.

--
Sergio
GPG key ID: E92F D0B3 6B14 F1F4 D8E0 EB2F 106D A1C8 C3CB BF14

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/apparmor-profile b/debian/apparmor-profile
2new file mode 100644
3index 0000000..6a247aa
4--- /dev/null
5+++ b/debian/apparmor-profile
6@@ -0,0 +1,61 @@
7+# vim:syntax=apparmor
8+# Last Modified: Fri Jun 6 13:51:00 2020
9+# Author: Jamie Strandboge <jamie@ubuntu.com>
10+
11+#include <tunables/global>
12+
13+/usr/sbin/slapd {
14+ #include <abstractions/base>
15+ #include <abstractions/nameservice>
16+ #include <abstractions/p11-kit>
17+
18+ #include <abstractions/ssl_keys>
19+ #include <abstractions/ssl_certs>
20+
21+ /etc/sasldb2 r,
22+
23+ capability dac_override,
24+ capability net_bind_service,
25+ capability setgid,
26+ capability setuid,
27+
28+ /etc/gai.conf r,
29+ /etc/hosts.allow r,
30+ /etc/hosts.deny r,
31+
32+ # ldap files
33+ /etc/ldap/** kr,
34+ /etc/ldap/slapd.d/** rw,
35+
36+ # kerberos/gssapi
37+ /dev/tty rw,
38+ /etc/gss/mech.d/ r,
39+ /etc/gss/mech.d/* kr,
40+ /etc/krb5.keytab kr,
41+ /etc/krb5/user/*/client.keytab kr,
42+ owner /tmp/krb5cc_* rwk,
43+ owner /var/tmp/krb5_*.rcache2 rwk,
44+ /var/tmp/ rw,
45+ /var/tmp/** rw,
46+
47+ # the databases and logs
48+ /var/lib/ldap/ r,
49+ /var/lib/ldap/** rwk,
50+
51+ # lock file
52+ /var/lib/ldap/alock kw,
53+
54+ # pid files and sockets
55+ /{,var/}run/slapd/* w,
56+ /{,var/}run/slapd/ldapi rw,
57+ /{,var/}run/nslcd/socket rw,
58+ /{,var/}run/saslauthd/mux rw,
59+
60+ /usr/lib/ldap/ r,
61+ /usr/lib/ldap/* mr,
62+
63+ /usr/sbin/slapd mr,
64+
65+ # Site-specific additions and overrides. See local/README for details.
66+ #include <local/usr.sbin.slapd>
67+}
68diff --git a/debian/changelog b/debian/changelog
69index f62e07a..68939d8 100644
70--- a/debian/changelog
71+++ b/debian/changelog
72@@ -1,3 +1,26 @@
73+openldap (2.5.13+dfsg-1ubuntu1) kinetic; urgency=medium
74+
75+ * Merge with Debian unstable (LP: #1983618). Remaining changes:
76+ - Enable AppArmor support:
77+ + d/apparmor-profile: add AppArmor profile
78+ + d/rules: use dh_apparmor
79+ + d/control: Build-Depends on dh-apparmor
80+ + d/slapd.README.Debian: add note about AppArmor
81+ - Enable ufw support:
82+ + d/control: suggest ufw.
83+ + d/rules: install ufw profile.
84+ + d/slapd.ufw.profile: add ufw profile.
85+ - d/{rules,slapd.py}: Add apport hook.
86+ - d/rules: better regexp to match the Maintainer tag in d/control,
87+ needed in the Ubuntu case because of XSBC-Original-Maintainer
88+ (Closes #960448, LP #1875697)
89+ - Enable SASL/GSSAPI tests. (LP #1976508)
90+ + d/control: Update B-D to include required dependencies needed to run
91+ SASL/GSSAPI tests during build time, and mark them "!nocheck".
92+ Thanks: Andreas Hasenack <andreas.hasenack@canonical.com>
93+
94+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Tue, 20 Sep 2022 15:30:47 -0400
95+
96 openldap (2.5.13+dfsg-1) unstable; urgency=medium
97
98 * d/rules: Remove get-orig-source, now unnecessary.
99@@ -9,6 +32,34 @@ openldap (2.5.13+dfsg-1) unstable; urgency=medium
100
101 -- Sergio Durigan Junior <sergiodj@debian.org> Sun, 18 Sep 2022 18:29:46 -0400
102
103+openldap (2.5.12+dfsg-2ubuntu2) kinetic; urgency=medium
104+
105+ * Enable SASL/GSSAPI tests. (LP: #1976508)
106+ - d/control: Update B-D to include required dependencies needed to run
107+ SASL/GSSAPI tests during build time, and mark them "!nocheck".
108+ Thanks: Andreas Hasenack <andreas.hasenack@canonical.com>
109+
110+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Thu, 25 Aug 2022 16:20:08 -0400
111+
112+openldap (2.5.12+dfsg-2ubuntu1) kinetic; urgency=medium
113+
114+ * Merge with Debian unstable (LP: #1971305). Remaining changes:
115+ - Enable AppArmor support:
116+ + d/apparmor-profile: add AppArmor profile
117+ + d/rules: use dh_apparmor
118+ + d/control: Build-Depends on dh-apparmor
119+ + d/slapd.README.Debian: add note about AppArmor
120+ - Enable ufw support:
121+ + d/control: suggest ufw.
122+ + d/rules: install ufw profile.
123+ + d/slapd.ufw.profile: add ufw profile.
124+ - d/{rules,slapd.py}: Add apport hook.
125+ - d/rules: better regexp to match the Maintainer tag in d/control,
126+ needed in the Ubuntu case because of XSBC-Original-Maintainer
127+ (Closes #960448, LP #1875697)
128+
129+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Mon, 06 Jun 2022 15:34:48 -0400
130+
131 openldap (2.5.12+dfsg-2) unstable; urgency=medium
132
133 * Stop slapd explicitly in prerm as a workaround for #1006147, which caused
134@@ -34,6 +85,37 @@ openldap (2.5.11+dfsg-1) unstable; urgency=medium
135
136 -- Ryan Tandy <ryan@nardis.ca> Fri, 11 Mar 2022 19:38:02 -0800
137
138+openldap (2.5.11+dfsg-1~exp1ubuntu3) jammy; urgency=medium
139+
140+ * No-change rebuild to update maintainer scripts, see LP: 1959054
141+
142+ -- Dave Jones <dave.jones@canonical.com> Wed, 16 Feb 2022 17:15:26 +0000
143+
144+openldap (2.5.11+dfsg-1~exp1ubuntu2) jammy; urgency=medium
145+
146+ * No-change rebuild for the perl update.
147+
148+ -- Matthias Klose <doko@ubuntu.com> Mon, 07 Feb 2022 07:51:42 +0100
149+
150+openldap (2.5.11+dfsg-1~exp1ubuntu1) jammy; urgency=medium
151+
152+ * Merge with Debian unstable (LP: #1946883). Remaining changes:
153+ - Enable AppArmor support:
154+ + d/apparmor-profile: add AppArmor profile
155+ + d/rules: use dh_apparmor
156+ + d/control: Build-Depends on dh-apparmor
157+ + d/slapd.README.Debian: add note about AppArmor
158+ - Enable ufw support:
159+ + d/control: suggest ufw.
160+ + d/rules: install ufw profile.
161+ + d/slapd.ufw.profile: add ufw profile.
162+ - d/{rules,slapd.py}: Add apport hook.
163+ - d/rules: better regexp to match the Maintainer tag in d/control,
164+ needed in the Ubuntu case because of XSBC-Original-Maintainer
165+ (Closes #960448, LP #1875697)
166+
167+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Tue, 25 Jan 2022 17:06:12 -0500
168+
169 openldap (2.5.11+dfsg-1~exp1) experimental; urgency=medium
170
171 * New upstream release.
172@@ -65,6 +147,25 @@ openldap (2.5.7+dfsg-1~exp1) experimental; urgency=medium
173
174 -- Ryan Tandy <ryan@nardis.ca> Mon, 30 Aug 2021 18:54:25 -0700
175
176+openldap (2.5.6+dfsg-1~exp1ubuntu1) impish; urgency=medium
177+
178+ * Merge with Debian unstable. Remaining changes:
179+ - Enable AppArmor support:
180+ + d/apparmor-profile: add AppArmor profile
181+ + d/rules: use dh_apparmor
182+ + d/control: Build-Depends on dh-apparmor
183+ + d/slapd.README.Debian: add note about AppArmor
184+ - Enable ufw support:
185+ + d/control: suggest ufw.
186+ + d/rules: install ufw profile.
187+ + d/slapd.ufw.profile: add ufw profile.
188+ - d/{rules,slapd.py}: Add apport hook.
189+ - d/rules: better regexp to match the Maintainer tag in d/control,
190+ needed in the Ubuntu case because of XSBC-Original-Maintainer
191+ (Closes #960448, LP #1875697)
192+
193+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Tue, 17 Aug 2021 14:06:00 -0400
194+
195 openldap (2.5.6+dfsg-1~exp1) experimental; urgency=medium
196
197 [ Ryan Tandy ]
198@@ -99,6 +200,59 @@ openldap (2.5.6+dfsg-1~exp1) experimental; urgency=medium
199
200 -- Ryan Tandy <ryan@nardis.ca> Mon, 16 Aug 2021 18:32:29 -0700
201
202+openldap (2.5.5+dfsg-1~exp1ubuntu1) impish; urgency=medium
203+
204+ * Merge with Debian unstable. Remaining changes:
205+ - Enable AppArmor support:
206+ + d/apparmor-profile: add AppArmor profile
207+ + d/rules: use dh_apparmor
208+ + d/control: Build-Depends on dh-apparmor
209+ + d/slapd.README.Debian: add note about AppArmor
210+ - Enable ufw support:
211+ + d/control: suggest ufw.
212+ + d/rules: install ufw profile.
213+ + d/slapd.ufw.profile: add ufw profile.
214+ - d/{rules,slapd.py}: Add apport hook.
215+ - d/rules: better regexp to match the Maintainer tag in d/control,
216+ needed in the Ubuntu case because of XSBC-Original-Maintainer
217+ (Closes #960448, LP #1875697)
218+ * Dropped changes:
219+ - Enable GSSAPI support (first added in 2.4.18-0ubuntu2):
220+ + d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
221+ - Add --with-gssapi support
222+ - Make guess_service_principal() more robust when determining
223+ principal
224+ + d/configure.options: Configure with --with-gssapi
225+ + d/control: Added heimdal-dev as a build depend
226+ + d/rules:
227+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
228+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
229+ + d/libldap-2.4-2.symbols: add symbols for GSSAPI support
230+ This should be dropped when the soname changes.
231+ [ Dropped as planned after soname bump due to 2.5.5 update. ]
232+ - Enable nss overlay:
233+ + d/rules:
234+ - add nssov to CONTRIB_MODULES
235+ - add sysconfdir to CONTRIB_MAKEVARS
236+ + d/slapd.install: install nssov overlay
237+ + d/slapd.manpages: install slapo-nssov(5) man page
238+ + d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
239+ Debian bug #919136, we also have to patch the nssov makefile
240+ accordingly and thus update this patch.
241+ [ Dropped as planned after soname bump due to 2.5.5 update. ]
242+ - Add support for CLDAP (UDP) support, back then required by
243+ likewise-open (first enabled in 2.4.17-1ubuntu2):
244+ + d/rules: Enable -DLDAP_CONNECTIONLESS
245+ + d/libldap-2.4-2.symbols: add symbols for CLDAP (UDP)
246+ This should be dropped when the soname changes.
247+ [ Dropped as planned after soname bump due to 2.5.5 update. ]
248+ - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because
249+ of test timing issue.
250+ [ Dropped because the latest update improved the testcase and
251+ there is no FTBFS on riscv64 anymore. ]
252+
253+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Tue, 15 Jun 2021 17:20:34 -0400
254+
255 openldap (2.5.5+dfsg-1~exp1) experimental; urgency=medium
256
257 * New upstream release.
258@@ -222,6 +376,53 @@ openldap (2.4.57+dfsg-3) unstable; urgency=medium
259
260 -- Ryan Tandy <ryan@nardis.ca> Sat, 15 May 2021 16:03:34 -0700
261
262+openldap (2.4.57+dfsg-2ubuntu1) hirsute; urgency=medium
263+
264+ * Merge with Debian unstable. Remaining changes:
265+ - Enable AppArmor support:
266+ + d/apparmor-profile: add AppArmor profile
267+ + d/rules: use dh_apparmor
268+ + d/control: Build-Depends on dh-apparmor
269+ + d/slapd.README.Debian: add note about AppArmor
270+ - Enable GSSAPI support (first added in 2.4.18-0ubuntu2):
271+ + d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
272+ - Add --with-gssapi support
273+ - Make guess_service_principal() more robust when determining
274+ principal
275+ + d/configure.options: Configure with --with-gssapi
276+ + d/control: Added heimdal-dev as a build depend
277+ + d/rules:
278+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
279+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
280+ + d/libldap-2.4-2.symbols: add symbols for GSSAPI support
281+ This should be dropped when the soname changes.
282+ - Enable ufw support:
283+ + d/control: suggest ufw.
284+ + d/rules: install ufw profile.
285+ + d/slapd.ufw.profile: add ufw profile.
286+ - Enable nss overlay:
287+ + d/rules:
288+ - add nssov to CONTRIB_MODULES
289+ - add sysconfdir to CONTRIB_MAKEVARS
290+ + d/slapd.install: install nssov overlay
291+ + d/slapd.manpages: install slapo-nssov(5) man page
292+ + d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
293+ Debian bug #919136, we also have to patch the nssov makefile
294+ accordingly and thus update this patch.
295+ - d/{rules,slapd.py}: Add apport hook.
296+ - Add support for CLDAP (UDP) support, back then required by
297+ likewise-open (first enabled in 2.4.17-1ubuntu2):
298+ + d/rules: Enable -DLDAP_CONNECTIONLESS
299+ + d/libldap-2.4-2.symbols: add symbols for CLDAP (UDP)
300+ This should be dropped when the soname changes.
301+ - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because
302+ of test timing issue.
303+ - d/rules: better regexp to match the Maintainer tag in d/control,
304+ needed in the Ubuntu case because of XSBC-Original-Maintainer
305+ (Closes #960448, LP #1875697)
306+
307+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 18 Feb 2021 10:15:38 -0500
308+
309 openldap (2.4.57+dfsg-2) unstable; urgency=medium
310
311 * Fix slapd assertion failure in Certificate List Exact Assertion validation
312@@ -251,6 +452,65 @@ openldap (2.4.57+dfsg-1) unstable; urgency=medium
313
314 -- Ryan Tandy <ryan@nardis.ca> Sat, 23 Jan 2021 08:57:07 -0800
315
316+openldap (2.4.56+dfsg-1ubuntu2) hirsute; urgency=medium
317+
318+ * debian/apparmor-profile: add AppArmor rule for locking replay cache.
319+ In Hirsute, a change (presumably in src:krb5) has caused slapd to be
320+ denied by AppArmor for locking /var/tmp/krb5_*.rcache2. This is
321+ acceptable, so add it to the AppArmor profile. This fixes the dep8
322+ test in src:krb5 that uses slapd for testing.
323+
324+ -- Robie Basak <robie.basak@ubuntu.com> Tue, 26 Jan 2021 13:02:40 +0000
325+
326+openldap (2.4.56+dfsg-1ubuntu1) hirsute; urgency=medium
327+
328+ * Merge with Debian unstable. Remaining changes:
329+ - Enable AppArmor support:
330+ + d/apparmor-profile: add AppArmor profile
331+ + d/rules: use dh_apparmor
332+ + d/control: Build-Depends on dh-apparmor
333+ + d/slapd.README.Debian: add note about AppArmor
334+ - Enable GSSAPI support (first added in 2.4.18-0ubuntu2):
335+ + d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
336+ - Add --with-gssapi support
337+ - Make guess_service_principal() more robust when determining
338+ principal
339+ + d/configure.options: Configure with --with-gssapi
340+ + d/control: Added heimdal-dev as a build depend
341+ + d/rules:
342+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
343+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
344+ + d/libldap-2.4-2.symbols: add symbols for GSSAPI support
345+ This should be dropped when the soname changes.
346+ - Enable ufw support:
347+ + d/control: suggest ufw.
348+ + d/rules: install ufw profile.
349+ + d/slapd.ufw.profile: add ufw profile.
350+ - Enable nss overlay:
351+ + d/rules:
352+ - add nssov to CONTRIB_MODULES
353+ - add sysconfdir to CONTRIB_MAKEVARS
354+ + d/slapd.install: install nssov overlay
355+ + d/slapd.manpages: install slapo-nssov(5) man page
356+ + d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
357+ Debian bug #919136, we also have to patch the nssov makefile
358+ accordingly and thus update this patch.
359+ - d/{rules,slapd.py}: Add apport hook.
360+ - Add support for CLDAP (UDP) support, back then required by
361+ likewise-open (first enabled in 2.4.17-1ubuntu2):
362+ + d/rules: Enable -DLDAP_CONNECTIONLESS
363+ + d/libldap-2.4-2.symbols: add symbols for CLDAP (UDP)
364+ This should be dropped when the soname changes.
365+ - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because
366+ of test timing issue.
367+ - d/rules: better regexp to match the Maintainer tag in d/control,
368+ needed in the Ubuntu case because of XSBC-Original-Maintainer
369+ (Closes #960448, LP #1875697)
370+ * d/apparmor-profile: use abstractions/ssl_keys instead of manual rules,
371+ allows letsencrypt to work. Thanks to Paul McEnery (LP: #1909748)
372+
373+ -- Paride Legovini <paride.legovini@canonical.com> Mon, 04 Jan 2021 16:18:57 +0100
374+
375 openldap (2.4.56+dfsg-1) unstable; urgency=medium
376
377 * New upstream release.
378@@ -277,12 +537,151 @@ openldap (2.4.54+dfsg-1) unstable; urgency=medium
379
380 -- Ryan Tandy <ryan@nardis.ca> Sun, 18 Oct 2020 16:03:46 +0000
381
382+openldap (2.4.53+dfsg-1ubuntu5) hirsute; urgency=medium
383+
384+ * SECURITY UPDATE: assertion failure in Certificate List syntax
385+ validation
386+ - debian/patches/CVE-2020-25709.patch: properly handle error in
387+ servers/slapd/schema_init.c.
388+ - CVE-2020-25709
389+ * SECURITY UPDATE: assertion failure in CSN normalization with invalid
390+ input
391+ - debian/patches/CVE-2020-25710.patch: properly handle error in
392+ servers/slapd/schema_init.c.
393+ - CVE-2020-25710
394+
395+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 17 Nov 2020 09:41:47 -0500
396+
397+openldap (2.4.53+dfsg-1ubuntu4) hirsute; urgency=medium
398+
399+ * SECURITY UPDATE: DoS via NULL pointer dereference
400+ - debian/patches/CVE-2020-25692.patch: skip normalization if there's no
401+ equality rule in servers/slapd/modrdn.c.
402+ - CVE-2020-25692
403+
404+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 09 Nov 2020 14:02:02 -0500
405+
406+openldap (2.4.53+dfsg-1ubuntu3) hirsute; urgency=medium
407+
408+ * No-change rebuild for the perl update.
409+
410+ -- Matthias Klose <doko@ubuntu.com> Mon, 09 Nov 2020 12:53:38 +0100
411+
412+openldap (2.4.53+dfsg-1ubuntu2) hirsute; urgency=medium
413+
414+ * No-change rebuild for the perl update.
415+
416+ -- Matthias Klose <doko@ubuntu.com> Mon, 09 Nov 2020 10:51:32 +0100
417+
418+openldap (2.4.53+dfsg-1ubuntu1) groovy; urgency=medium
419+
420+ * Merge with Debian unstable (LP: #1894838). Remaining changes:
421+ - Enable AppArmor support:
422+ + d/apparmor-profile: add AppArmor profile
423+ + d/rules: use dh_apparmor
424+ + d/control: Build-Depends on dh-apparmor
425+ + d/slapd.README.Debian: add note about AppArmor
426+ - Enable GSSAPI support (first added in 2.4.18-0ubuntu2):
427+ + d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
428+ - Add --with-gssapi support
429+ - Make guess_service_principal() more robust when determining
430+ principal
431+ + d/configure.options: Configure with --with-gssapi
432+ + d/control: Added heimdal-dev as a build depend
433+ + d/rules:
434+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
435+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
436+ + d/libldap-2.4-2.symbols: add symbols for GSSAPI support
437+ This should be dropped when the soname changes.
438+ - Enable ufw support:
439+ + d/control: suggest ufw.
440+ + d/rules: install ufw profile.
441+ + d/slapd.ufw.profile: add ufw profile.
442+ - Enable nss overlay:
443+ + d/rules:
444+ - add nssov to CONTRIB_MODULES
445+ - add sysconfdir to CONTRIB_MAKEVARS
446+ + d/slapd.install: install nssov overlay
447+ + d/slapd.manpages: install slapo-nssov(5) man page
448+ + d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
449+ Debian bug #919136, we also have to patch the nssov makefile
450+ accordingly and thus update this patch.
451+ - d/{rules,slapd.py}: Add apport hook.
452+ - Add support for CLDAP (UDP) support, back then required by
453+ likewise-open (first enabled in 2.4.17-1ubuntu2):
454+ + d/rules: Enable -DLDAP_CONNECTIONLESS
455+ + d/libldap-2.4-2.symbols: add symbols for CLDAP (UDP)
456+ This should be dropped when the soname changes.
457+ - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because
458+ of test timing issue.
459+ - d/rules: better regexp to match the Maintainer tag in d/control,
460+ needed in the Ubuntu case because of XSBC-Original-Maintainer
461+ (Closes #960448, LP #1875697)
462+
463+ -- Andreas Hasenack <andreas@canonical.com> Tue, 08 Sep 2020 09:36:58 -0300
464+
465 openldap (2.4.53+dfsg-1) unstable; urgency=medium
466
467 * New upstream release.
468
469 -- Ryan Tandy <ryan@nardis.ca> Mon, 07 Sep 2020 09:47:28 -0700
470
471+openldap (2.4.51+dfsg-1ubuntu1) groovy; urgency=medium
472+
473+ * Merge with Debian unstable. Remaining changes:
474+ - Enable AppArmor support:
475+ + d/apparmor-profile: add AppArmor profile
476+ + d/rules: use dh_apparmor
477+ + d/control: Build-Depends on dh-apparmor
478+ + d/slapd.README.Debian: add note about AppArmor
479+ - Enable GSSAPI support (first added in 2.4.18-0ubuntu2):
480+ + d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
481+ - Add --with-gssapi support
482+ - Make guess_service_principal() more robust when determining
483+ principal
484+ + d/configure.options: Configure with --with-gssapi
485+ + d/control: Added heimdal-dev as a build depend
486+ + d/rules:
487+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
488+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
489+ + d/libldap-2.4-2.symbols: add symbols for GSSAPI support
490+ This should be dropped when the soname changes.
491+ - Enable ufw support:
492+ + d/control: suggest ufw.
493+ + d/rules: install ufw profile.
494+ + d/slapd.ufw.profile: add ufw profile.
495+ - Enable nss overlay:
496+ + d/rules:
497+ - add nssov to CONTRIB_MODULES
498+ - add sysconfdir to CONTRIB_MAKEVARS
499+ + d/slapd.install: install nssov overlay
500+ + d/slapd.manpages: install slapo-nssov(5) man page
501+ + d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
502+ Debian bug #919136, we also have to patch the nssov makefile
503+ accordingly and thus update this patch.
504+ - d/{rules,slapd.py}: Add apport hook.
505+ - Add support for CLDAP (UDP) support, back then required by
506+ likewise-open (first enabled in 2.4.17-1ubuntu2):
507+ + d/rules: Enable -DLDAP_CONNECTIONLESS
508+ + d/libldap-2.4-2.symbols: add symbols for CLDAP (UDP)
509+ This should be dropped when the soname changes.
510+ - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because
511+ of test timing issue.
512+ - d/rules: better regexp to match the Maintainer tag in d/control,
513+ needed in the Ubuntu case because of XSBC-Original-Maintainer
514+ (Closes #960448, LP #1875697)
515+ * Dropped:
516+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
517+ [In 2.4.51+dfsg-1]
518+ - d/slapd.scripts-common:
519+ + add slapcat_opts to local variables.
520+ + Fix backup directory naming for multiple reconfiguration.
521+ [In 2.4.51+dfsg-1]
522+ - debian/patches/set-maintainer-name: our d/rules change needs to
523+ be kept, but this patch is in 2.4.51+dfsg-1.
524+
525+ -- Andreas Hasenack <andreas@canonical.com> Wed, 26 Aug 2020 11:03:24 -0300
526+
527 openldap (2.4.51+dfsg-1) unstable; urgency=medium
528
529 * New upstream release.
530@@ -328,6 +727,85 @@ openldap (2.4.51+dfsg-1) unstable; urgency=medium
531
532 -- Ryan Tandy <ryan@nardis.ca> Sun, 23 Aug 2020 11:09:57 -0700
533
534+openldap (2.4.50+dfsg-1ubuntu3) groovy; urgency=medium
535+
536+ * No change rebuild against new libnettle8 and libhogweed6 ABI.
537+
538+ -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 29 Jun 2020 22:31:30 +0100
539+
540+openldap (2.4.50+dfsg-1ubuntu2) groovy; urgency=medium
541+
542+ * d/apparmor-profile: Update apparmor profile to grant access to
543+ the saslauthd socket, so that SASL authentication works. (LP: #1557157)
544+
545+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Fri, 12 Jun 2020 18:20:42 -0400
546+
547+openldap (2.4.50+dfsg-1ubuntu1) groovy; urgency=medium
548+
549+ * Merge with Debian unstable. Remaining changes:
550+ - Enable AppArmor support:
551+ + d/apparmor-profile: add AppArmor profile
552+ + d/rules: use dh_apparmor
553+ + d/control: Build-Depends on dh-apparmor
554+ + d/slapd.README.Debian: add note about AppArmor
555+ - Enable GSSAPI support (first added in 2.4.18-0ubuntu2):
556+ + d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
557+ - Add --with-gssapi support
558+ - Make guess_service_principal() more robust when determining
559+ principal
560+ + d/configure.options: Configure with --with-gssapi
561+ + d/control: Added heimdal-dev as a build depend
562+ + d/rules:
563+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
564+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
565+ + d/libldap-2.4-2.symbols: add symbols for GSSAPI support
566+ This should be dropped when the soname changes.
567+ - Enable ufw support:
568+ + d/control: suggest ufw.
569+ + d/rules: install ufw profile.
570+ + d/slapd.ufw.profile: add ufw profile.
571+ - Enable nss overlay:
572+ + d/rules:
573+ - add nssov to CONTRIB_MODULES
574+ - add sysconfdir to CONTRIB_MAKEVARS
575+ + d/slapd.install:
576+ - install nssov overlay
577+ + d/slapd.manpages:
578+ - install slapo-nssov(5) man page
579+ + d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
580+ Debian bug #919136, we also have to patch the nssov makefile
581+ accordingly and thus update this patch.
582+ - d/{rules,slapd.py}: Add apport hook.
583+ - d/slapd.scripts-common:
584+ + add slapcat_opts to local variables.
585+ + Fix backup directory naming for multiple reconfiguration.
586+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
587+ - Add support for CLDAP (UDP) support, back then required by
588+ likewise-open (first enabled in 2.4.17-1ubuntu2):
589+ + d/rules: Enable -DLDAP_CONNECTIONLESS
590+ + d/libldap-2.4-2.symbols: add symbols for CLDAP (UDP)
591+ This should be dropped when the soname changes.
592+ - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because
593+ of test timing issue.
594+ * Dropped:
595+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
596+ either the default DIT nor via an Authn mapping.
597+ [Not worth keeping a delta for, as having olcRootDN doesn't hurt]
598+ - Show distribution in version:
599+ - d/control: added lsb-release
600+ - d/patches/fix-ldap-distribution.patch: show distribution in version
601+ [Debian now shows the full package version]
602+ - SECURITY UPDATE: denial of service via nested search filters
603+ + debian/patches/CVE-2020-12243.patch: limit depth of nested
604+ filters in servers/slapd/filter.c.
605+ [Fixed upstream]
606+ * Added:
607+ - d/rules, debian/patches/set-maintainer-name: Extract maintainer
608+ address dynamically from debian/control. Thanks to Ryan Tandy
609+ <ryan@nardis.ca> (Closes: #960448, LP: #1875697)
610+
611+ -- Andreas Hasenack <andreas@canonical.com> Mon, 01 Jun 2020 09:19:58 -0300
612+
613 openldap (2.4.50+dfsg-1) unstable; urgency=medium
614
615 * New upstream release.
616@@ -370,6 +848,69 @@ openldap (2.4.49+dfsg-3) unstable; urgency=medium
617
618 -- Ryan Tandy <ryan@nardis.ca> Sat, 04 Apr 2020 10:43:56 -0700
619
620+openldap (2.4.49+dfsg-2ubuntu2) groovy; urgency=medium
621+
622+ * SECURITY UPDATE: denial of service via nested search filters
623+ - debian/patches/CVE-2020-12243.patch: limit depth of nested filters in
624+ servers/slapd/filter.c.
625+ - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because of
626+ test timing issue.
627+ - CVE-2020-12243
628+
629+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 01 May 2020 13:09:12 -0400
630+
631+openldap (2.4.49+dfsg-2ubuntu1) focal; urgency=medium
632+
633+ * Merge with Debian unstable (LP: #1866303). Remaining changes:
634+ - Enable AppArmor support:
635+ - d/apparmor-profile: add AppArmor profile
636+ - d/rules: use dh_apparmor
637+ - d/control: Build-Depends on dh-apparmor
638+ - d/slapd.README.Debian: add note about AppArmor
639+ - Enable GSSAPI support:
640+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
641+ - Add --with-gssapi support
642+ - Make guess_service_principal() more robust when determining
643+ principal
644+ [Dropped the ldap_gssapi_bind_s() hunk as that is already
645+ - d/configure.options: Configure with --with-gssapi
646+ - d/control: Added heimdal-dev as a build depend
647+ - d/rules:
648+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
649+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
650+ - Enable ufw support:
651+ - d/control: suggest ufw.
652+ - d/rules: install ufw profile.
653+ - d/slapd.ufw.profile: add ufw profile.
654+ - Enable nss overlay:
655+ - d/rules:
656+ - add nssov to CONTRIB_MODULES
657+ - add sysconfdir to CONTRIB_MAKEVARS
658+ - d/slapd.install:
659+ - install nssov overlay
660+ - d/slapd.manpages:
661+ - install slapo-nssov(5) man page
662+ - d/{rules,slapd.py}: Add apport hook.
663+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
664+ either the default DIT nor via an Authn mapping.
665+ - d/slapd.scripts-common:
666+ - add slapcat_opts to local variables.
667+ - Fix backup directory naming for multiple reconfiguration.
668+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
669+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
670+ in the openldap library, as required by Likewise-Open
671+ - Show distribution in version:
672+ - d/control: added lsb-release
673+ - d/patches/fix-ldap-distribution.patch: show distribution in version
674+ - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
675+ - CLDAP (UDP) was added in 2.4.17-1ubuntu2
676+ - GSSAPI support was enabled in 2.4.18-0ubuntu2
677+ - d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
678+ Debian bug #919136, we also have to patch the nssov makefile
679+ accordingly and thus update this patch.
680+
681+ -- Andreas Hasenack <andreas@canonical.com> Fri, 06 Mar 2020 11:39:12 -0300
682+
683 openldap (2.4.49+dfsg-2) unstable; urgency=medium
684
685 * slapd.README.Debian: Document the initial setup performed by slapd's
686@@ -381,6 +922,62 @@ openldap (2.4.49+dfsg-2) unstable; urgency=medium
687
688 -- Ryan Tandy <ryan@nardis.ca> Thu, 05 Mar 2020 12:59:46 -0800
689
690+openldap (2.4.49+dfsg-1ubuntu1) focal; urgency=medium
691+
692+ * Merge with Debian unstable. Remaining changes:
693+ - Enable AppArmor support:
694+ - d/apparmor-profile: add AppArmor profile
695+ - d/rules: use dh_apparmor
696+ - d/control: Build-Depends on dh-apparmor
697+ - d/slapd.README.Debian: add note about AppArmor
698+ - Enable GSSAPI support:
699+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
700+ - Add --with-gssapi support
701+ - Make guess_service_principal() more robust when determining
702+ principal
703+ [Dropped the ldap_gssapi_bind_s() hunk as that is already
704+ - d/configure.options: Configure with --with-gssapi
705+ - d/control: Added heimdal-dev as a build depend
706+ - d/rules:
707+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
708+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
709+ - Enable ufw support:
710+ - d/control: suggest ufw.
711+ - d/rules: install ufw profile.
712+ - d/slapd.ufw.profile: add ufw profile.
713+ - Enable nss overlay:
714+ - d/rules:
715+ - add nssov to CONTRIB_MODULES
716+ - add sysconfdir to CONTRIB_MAKEVARS
717+ - d/slapd.install:
718+ - install nssov overlay
719+ - d/slapd.manpages:
720+ - install slapo-nssov(5) man page
721+ - d/{rules,slapd.py}: Add apport hook.
722+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
723+ either the default DIT nor via an Authn mapping.
724+ - d/slapd.scripts-common:
725+ - add slapcat_opts to local variables.
726+ - Fix backup directory naming for multiple reconfiguration.
727+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
728+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
729+ in the openldap library, as required by Likewise-Open
730+ - Show distribution in version:
731+ - d/control: added lsb-release
732+ - d/patches/fix-ldap-distribution.patch: show distribution in version
733+ - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
734+ - CLDAP (UDP) was added in 2.4.17-1ubuntu2
735+ - GSSAPI support was enabled in 2.4.18-0ubuntu2
736+ - d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
737+ Debian bug #919136, we also have to patch the nssov makefile
738+ accordingly and thus update this patch.
739+ * Dropped:
740+ - d/control: slapd can depend on perl:any since it only uses perl for
741+ some maintainer and helper scripts.
742+ [In 2.4.49+dfsg-1]
743+
744+ -- Andreas Hasenack <andreas@canonical.com> Mon, 10 Feb 2020 12:13:47 -0300
745+
746 openldap (2.4.49+dfsg-1) unstable; urgency=medium
747
748 * New upstream release.
749@@ -409,6 +1006,102 @@ openldap (2.4.49+dfsg-1) unstable; urgency=medium
750
751 -- Ryan Tandy <ryan@nardis.ca> Thu, 06 Feb 2020 10:08:12 -0800
752
753+openldap (2.4.48+dfsg-1ubuntu4) focal; urgency=medium
754+
755+ * d/control: slapd can depend on perl:any since it only uses perl for
756+ some maintainer and helper scripts. The perl backend links against
757+ the correct architecture perl libraries already. Can be dropped
758+ after https://salsa.debian.org/openldap-team/openldap/commit/794c736
759+ is in a Debian upload.
760+
761+ -- Andreas Hasenack <andreas@canonical.com> Mon, 06 Jan 2020 16:46:11 -0300
762+
763+openldap (2.4.48+dfsg-1ubuntu3) focal; urgency=medium
764+
765+ * No-change rebuild against libnettle7
766+
767+ -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 31 Oct 2019 22:13:44 +0000
768+
769+openldap (2.4.48+dfsg-1ubuntu2) focal; urgency=medium
770+
771+ * No-change rebuild for the perl update.
772+
773+ -- Matthias Klose <doko@ubuntu.com> Fri, 18 Oct 2019 19:37:23 +0000
774+
775+openldap (2.4.48+dfsg-1ubuntu1) eoan; urgency=medium
776+
777+ * Merge with Debian unstable. Remaining changes:
778+ - Enable AppArmor support:
779+ - d/apparmor-profile: add AppArmor profile
780+ - d/rules: use dh_apparmor
781+ - d/control: Build-Depends on dh-apparmor
782+ - d/slapd.README.Debian: add note about AppArmor
783+ - Enable GSSAPI support:
784+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
785+ - Add --with-gssapi support
786+ - Make guess_service_principal() more robust when determining
787+ principal
788+ - d/configure.options: Configure with --with-gssapi
789+ - d/control: Added heimdal-dev as a build depend
790+ - d/rules:
791+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
792+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
793+ - Enable ufw support:
794+ - d/control: suggest ufw.
795+ - d/rules: install ufw profile.
796+ - d/slapd.ufw.profile: add ufw profile.
797+ - Enable nss overlay:
798+ - d/rules:
799+ - add nssov to CONTRIB_MODULES
800+ - add sysconfdir to CONTRIB_MAKEVARS
801+ - d/slapd.install:
802+ - install nssov overlay
803+ - d/slapd.manpages:
804+ - install slapo-nssov(5) man page
805+ - d/{rules,slapd.py}: Add apport hook.
806+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
807+ either the default DIT nor via an Authn mapping.
808+ - d/slapd.scripts-common:
809+ - add slapcat_opts to local variables.
810+ - Fix backup directory naming for multiple reconfiguration.
811+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
812+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
813+ in the openldap library, as required by Likewise-Open
814+ - Show distribution in version:
815+ - d/control: added lsb-release
816+ - d/patches/fix-ldap-distribution.patch: show distribution in version
817+ - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
818+ - CLDAP (UDP) was added in 2.4.17-1ubuntu2
819+ - GSSAPI support was enabled in 2.4.18-0ubuntu2
820+ - d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
821+ Debian bug #919136, we also have to patch the nssov makefile
822+ accordingly and thus update this patch.
823+ * Dropped:
824+ - Fix sysv-generator unit file by customizing parameters (LP #1821343)
825+ + d/slapd-remain-after-exit.conf: Override RemainAfterExit to allow
826+ correct systemctl status for slapd daemon.
827+ + d/slapd.install: place override file in correct location.
828+ [Included in 2.4.48+dfsg-1]
829+ - SECURITY UPDATE: rootDN proxyauthz not restricted to its own databases
830+ + debian/patches/CVE-2019-13057-1.patch: add restriction to
831+ servers/slapd/saslauthz.c.
832+ + debian/patches/CVE-2019-13057-2.patch: add tests to
833+ tests/data/idassert.out, tests/data/slapd-idassert.conf,
834+ tests/data/test-idassert1.ldif, tests/scripts/test028-idassert.
835+ + debian/patches/CVE-2019-13057-3.patch: fix typo in
836+ tests/scripts/test028-idassert.
837+ + debian/patches/CVE-2019-13057-4.patch: fix typo in
838+ tests/scripts/test028-idassert.
839+ + CVE-2019-13057
840+ [Fixed upstream]
841+ - SECURITY UPDATE: SASL SSF not initialized per connection
842+ + debian/patches/CVE-2019-13565.patch: zero out sasl_ssf in
843+ connection_init in servers/slapd/connection.c.
844+ + CVE-2019-13565
845+ [Fixed upstream]
846+
847+ -- Andreas Hasenack <andreas@canonical.com> Wed, 31 Jul 2019 18:01:14 -0300
848+
849 openldap (2.4.48+dfsg-1) unstable; urgency=medium
850
851 * New upstream release.
852@@ -436,6 +1129,87 @@ openldap (2.4.48+dfsg-1) unstable; urgency=medium
853
854 -- Ryan Tandy <ryan@nardis.ca> Thu, 25 Jul 2019 08:32:00 -0700
855
856+openldap (2.4.47+dfsg-3ubuntu3) eoan; urgency=medium
857+
858+ * SECURITY UPDATE: rootDN proxyauthz not restricted to its own databases
859+ - debian/patches/CVE-2019-13057-1.patch: add restriction to
860+ servers/slapd/saslauthz.c.
861+ - debian/patches/CVE-2019-13057-2.patch: add tests to
862+ tests/data/idassert.out, tests/data/slapd-idassert.conf,
863+ tests/data/test-idassert1.ldif, tests/scripts/test028-idassert.
864+ - debian/patches/CVE-2019-13057-3.patch: fix typo in
865+ tests/scripts/test028-idassert.
866+ - debian/patches/CVE-2019-13057-4.patch: fix typo in
867+ tests/scripts/test028-idassert.
868+ - CVE-2019-13057
869+ * SECURITY UPDATE: SASL SSF not initialized per connection
870+ - debian/patches/CVE-2019-13565.patch: zero out sasl_ssf in
871+ connection_init in servers/slapd/connection.c.
872+ - CVE-2019-13565
873+
874+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 26 Jul 2019 13:21:00 -0400
875+
876+openldap (2.4.47+dfsg-3ubuntu2) disco; urgency=medium
877+
878+ * Fix sysv-generator unit file by customizing parameters (LP: #1821343)
879+ - d/slapd-remain-after-exit.conf: Override RemainAfterExit to allow
880+ correct systemctl status for slapd daemon.
881+ - d/slapd.install: place override file in correct location.
882+
883+ -- Heitor Alves de Siqueira <halves@canonical.com> Mon, 08 Apr 2019 12:39:12 -0300
884+
885+openldap (2.4.47+dfsg-3ubuntu1) disco; urgency=medium
886+
887+ * Merge with Debian unstable. Remaining changes:
888+ - Enable AppArmor support:
889+ - d/apparmor-profile: add AppArmor profile
890+ - d/rules: use dh_apparmor
891+ - d/control: Build-Depends on dh-apparmor
892+ - d/slapd.README.Debian: add note about AppArmor
893+ - Enable GSSAPI support:
894+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
895+ - Add --with-gssapi support
896+ - Make guess_service_principal() more robust when determining
897+ principal
898+ - d/configure.options: Configure with --with-gssapi
899+ - d/control: Added heimdal-dev as a build depend
900+ - d/rules:
901+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
902+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
903+ - Enable ufw support:
904+ - d/control: suggest ufw.
905+ - d/rules: install ufw profile.
906+ - d/slapd.ufw.profile: add ufw profile.
907+ - Enable nss overlay:
908+ - d/rules:
909+ - add nssov to CONTRIB_MODULES
910+ - add sysconfdir to CONTRIB_MAKEVARS
911+ - d/slapd.install:
912+ - install nssov overlay
913+ - d/slapd.manpages:
914+ - install slapo-nssov(5) man page
915+ - d/{rules,slapd.py}: Add apport hook.
916+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
917+ either the default DIT nor via an Authn mapping.
918+ - d/slapd.scripts-common:
919+ - add slapcat_opts to local variables.
920+ - Fix backup directory naming for multiple reconfiguration.
921+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
922+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
923+ in the openldap library, as required by Likewise-Open
924+ - Show distribution in version:
925+ - d/control: added lsb-release
926+ - d/patches/fix-ldap-distribution.patch: show distribution in version
927+ - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
928+ - CLDAP (UDP) was added in 2.4.17-1ubuntu2
929+ - GSSAPI support was enabled in 2.4.18-0ubuntu2
930+ * Added changes:
931+ - d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
932+ Debian bug #919136, we also have to patch the nssov makefile
933+ accordingly and thus update this patch.
934+
935+ -- Andreas Hasenack <andreas@canonical.com> Mon, 11 Feb 2019 09:20:47 -0200
936+
937 openldap (2.4.47+dfsg-3) unstable; urgency=medium
938
939 * Restore patches to contrib Makefiles to set CFLAGS, CPPFLAGS, and LDFLAGS
940@@ -451,6 +1225,63 @@ openldap (2.4.47+dfsg-3) unstable; urgency=medium
941
942 -- Ryan Tandy <ryan@nardis.ca> Sat, 02 Feb 2019 10:30:10 -0800
943
944+openldap (2.4.47+dfsg-2ubuntu1) disco; urgency=medium
945+
946+ * Merge from Debian unstable (LP: #1811630). Remaining changes:
947+ - Enable AppArmor support:
948+ - d/apparmor-profile: add AppArmor profile
949+ - d/rules: use dh_apparmor
950+ - d/control: Build-Depends on dh-apparmor
951+ - d/slapd.README.Debian: add note about AppArmor
952+ - Enable GSSAPI support:
953+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
954+ - Add --with-gssapi support
955+ - Make guess_service_principal() more robust when determining
956+ principal
957+ - d/configure.options: Configure with --with-gssapi
958+ - d/control: Added heimdal-dev as a build depend
959+ - d/rules:
960+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
961+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
962+ - Enable ufw support:
963+ - d/control: suggest ufw.
964+ - d/rules: install ufw profile.
965+ - d/slapd.ufw.profile: add ufw profile.
966+ - Enable nss overlay:
967+ - d/rules:
968+ - add nssov to CONTRIB_MODULES
969+ - add sysconfdir to CONTRIB_MAKEVARS
970+ - d/slapd.install:
971+ - install nssov overlay
972+ - d/slapd.manpages:
973+ - install slapo-nssov(5) man page
974+ - d/{rules,slapd.py}: Add apport hook.
975+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
976+ either the default DIT nor via an Authn mapping.
977+ - d/slapd.scripts-common:
978+ - add slapcat_opts to local variables.
979+ - Fix backup directory naming for multiple reconfiguration.
980+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
981+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
982+ in the openldap library, as required by Likewise-Open
983+ - Show distribution in version:
984+ - d/control: added lsb-release
985+ - d/patches/fix-ldap-distribution.patch: show distribution in version
986+ - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
987+ - CLDAP (UDP) was added in 2.4.17-1ubuntu2
988+ - GSSAPI support was enabled in 2.4.18-0ubuntu2
989+ * Update nssov build and packaging for Debian changes:
990+ - Drop patch nssov-build
991+ - d/rules:
992+ - add nssov to CONTRIB_MODULES
993+ - add sysconfdir to CONTRIB_MAKEVARS
994+ - d/slapd.install:
995+ - install nssov overlay
996+ - d/slapd.manpages:
997+ - install slapo-nssov(5) man page
998+
999+ -- Ryan Tandy <ryan@nardis.ca> Sun, 13 Jan 2019 04:47:09 +0000
1000+
1001 openldap (2.4.47+dfsg-2) unstable; urgency=medium
1002
1003 * Reintroduce slapi-dev binary package. (Closes: #711469)
1004@@ -488,6 +1319,63 @@ openldap (2.4.47+dfsg-1) unstable; urgency=medium
1005
1006 -- Ryan Tandy <ryan@nardis.ca> Sun, 23 Dec 2018 12:50:40 -0800
1007
1008+openldap (2.4.46+dfsg-5ubuntu3) disco; urgency=medium
1009+
1010+ * d/apparmor-profile: update apparmor profile to allow reading of
1011+ files needed when slapd is behaving as a kerberos/gssapi client
1012+ and acquiring its own ticket. (LP: #1783183)
1013+
1014+ -- Andreas Hasenack <andreas@canonical.com> Fri, 09 Nov 2018 21:29:51 -0200
1015+
1016+openldap (2.4.46+dfsg-5ubuntu2) disco; urgency=medium
1017+
1018+ * No-change rebuild for the perl 5.28 transition.
1019+
1020+ -- Adam Conrad <adconrad@ubuntu.com> Fri, 02 Nov 2018 18:14:37 -0600
1021+
1022+openldap (2.4.46+dfsg-5ubuntu1) cosmic; urgency=medium
1023+
1024+ * Merge from Debian unstable. Remaining changes:
1025+ - Enable AppArmor support:
1026+ - d/apparmor-profile: add AppArmor profile
1027+ - d/rules: use dh_apparmor
1028+ - d/control: Build-Depends on dh-apparmor
1029+ - d/slapd.README.Debian: add note about AppArmor
1030+ - Enable GSSAPI support:
1031+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1032+ - Add --with-gssapi support
1033+ - Make guess_service_principal() more robust when determining
1034+ principal
1035+ - d/configure.options: Configure with --with-gssapi
1036+ - d/control: Added heimdal-dev as a build depend
1037+ - d/rules:
1038+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
1039+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1040+ - Enable ufw support:
1041+ - d/control: suggest ufw.
1042+ - d/rules: install ufw profile.
1043+ - d/slapd.ufw.profile: add ufw profile.
1044+ - Enable nss overlay:
1045+ - d/{patches/nssov-build,rules}: Apply, build and package the
1046+ nss overlay.
1047+ - d/{rules,slapd.py}: Add apport hook.
1048+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1049+ either the default DIT nor via an Authn mapping.
1050+ - d/slapd.scripts-common:
1051+ - add slapcat_opts to local variables.
1052+ - Fix backup directory naming for multiple reconfiguration.
1053+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1054+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1055+ in the openldap library, as required by Likewise-Open
1056+ - Show distribution in version:
1057+ - d/control: added lsb-release
1058+ - d/patches/fix-ldap-distribution.patch: show distribution in version
1059+ - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1060+ - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1061+ - GSSAPI support was enabled in 2.4.18-0ubuntu2
1062+
1063+ -- Gianfranco Costamagna <locutusofborg@debian.org> Wed, 09 May 2018 13:44:37 +0200
1064+
1065 openldap (2.4.46+dfsg-5) unstable; urgency=medium
1066
1067 * Restore slapd-smbk5pwd now that libldap is installable in unstable.
1068@@ -507,6 +1395,49 @@ openldap (2.4.46+dfsg-3) unstable; urgency=medium
1069
1070 -- Ryan Tandy <ryan@nardis.ca> Fri, 04 May 2018 07:36:58 -0700
1071
1072+openldap (2.4.46+dfsg-2ubuntu1) cosmic; urgency=low
1073+
1074+ * Merge from Debian unstable. Remaining changes:
1075+ - Enable AppArmor support:
1076+ - d/apparmor-profile: add AppArmor profile
1077+ - d/rules: use dh_apparmor
1078+ - d/control: Build-Depends on dh-apparmor
1079+ - d/slapd.README.Debian: add note about AppArmor
1080+ - Enable GSSAPI support:
1081+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1082+ - Add --with-gssapi support
1083+ - Make guess_service_principal() more robust when determining
1084+ principal
1085+ - d/configure.options: Configure with --with-gssapi
1086+ - d/control: Added heimdal-dev as a build depend
1087+ - d/rules:
1088+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
1089+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1090+ - Enable ufw support:
1091+ - d/control: suggest ufw.
1092+ - d/rules: install ufw profile.
1093+ - d/slapd.ufw.profile: add ufw profile.
1094+ - Enable nss overlay:
1095+ - d/{patches/nssov-build,rules}: Apply, build and package the
1096+ nss overlay.
1097+ - d/{rules,slapd.py}: Add apport hook.
1098+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1099+ either the default DIT nor via an Authn mapping.
1100+ - d/slapd.scripts-common:
1101+ - add slapcat_opts to local variables.
1102+ - Fix backup directory naming for multiple reconfiguration.
1103+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1104+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1105+ in the openldap library, as required by Likewise-Open
1106+ - Show distribution in version:
1107+ - d/control: added lsb-release
1108+ - d/patches/fix-ldap-distribution.patch: show distribution in version
1109+ - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1110+ - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1111+ - GSSAPI support was enabled in 2.4.18-0ubuntu2
1112+
1113+ -- Gianfranco Costamagna <locutusofborg@debian.org> Fri, 04 May 2018 10:19:24 +0200
1114+
1115 openldap (2.4.46+dfsg-2) unstable; urgency=medium
1116
1117 * Remove version constraint from libldap-2.4-2 dependency on libldap-common.
1118@@ -536,6 +1467,49 @@ openldap (2.4.46+dfsg-1) unstable; urgency=medium
1119
1120 -- Ryan Tandy <ryan@nardis.ca> Thu, 03 May 2018 07:03:30 -0700
1121
1122+openldap (2.4.45+dfsg-1ubuntu1) artful; urgency=low
1123+
1124+ * Merge from Debian unstable. Remaining changes:
1125+ - Enable AppArmor support:
1126+ - d/apparmor-profile: add AppArmor profile
1127+ - d/rules: use dh_apparmor
1128+ - d/control: Build-Depends on dh-apparmor
1129+ - d/slapd.README.Debian: add note about AppArmor
1130+ - Enable GSSAPI support:
1131+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1132+ - Add --with-gssapi support
1133+ - Make guess_service_principal() more robust when determining
1134+ principal
1135+ - d/configure.options: Configure with --with-gssapi
1136+ - d/control: Added heimdal-dev as a build depend
1137+ - d/rules:
1138+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
1139+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1140+ - Enable ufw support:
1141+ - d/control: suggest ufw.
1142+ - d/rules: install ufw profile.
1143+ - d/slapd.ufw.profile: add ufw profile.
1144+ - Enable nss overlay:
1145+ - d/{patches/nssov-build,rules}: Apply, build and package the
1146+ nss overlay.
1147+ - d/{rules,slapd.py}: Add apport hook.
1148+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1149+ either the default DIT nor via an Authn mapping.
1150+ - d/slapd.scripts-common:
1151+ - add slapcat_opts to local variables.
1152+ - Fix backup directory naming for multiple reconfiguration.
1153+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1154+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1155+ in the openldap library, as required by Likewise-Open
1156+ - Show distribution in version:
1157+ - d/control: added lsb-release
1158+ - d/patches/fix-ldap-distribution.patch: show distribution in version
1159+ - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1160+ - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1161+ - GSSAPI support was enabled in 2.4.18-0ubuntu2
1162+
1163+ -- Gianfranco Costamagna <locutusofborg@debian.org> Fri, 28 Jul 2017 14:49:07 +0200
1164+
1165 openldap (2.4.45+dfsg-1) unstable; urgency=medium
1166
1167 * New upstream release.
1168@@ -577,6 +1551,49 @@ openldap (2.4.45+dfsg-1) unstable; urgency=medium
1169
1170 -- Ryan Tandy <ryan@nardis.ca> Thu, 27 Jul 2017 18:04:41 -0700
1171
1172+openldap (2.4.44+dfsg-8ubuntu1) artful; urgency=low
1173+
1174+ * Merge from Debian unstable. Remaining changes:
1175+ - Enable AppArmor support:
1176+ - d/apparmor-profile: add AppArmor profile
1177+ - d/rules: use dh_apparmor
1178+ - d/control: Build-Depends on dh-apparmor
1179+ - d/slapd.README.Debian: add note about AppArmor
1180+ - Enable GSSAPI support:
1181+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1182+ - Add --with-gssapi support
1183+ - Make guess_service_principal() more robust when determining
1184+ principal
1185+ - d/configure.options: Configure with --with-gssapi
1186+ - d/control: Added heimdal-dev as a build depend
1187+ - d/rules:
1188+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
1189+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1190+ - Enable ufw support:
1191+ - d/control: suggest ufw.
1192+ - d/rules: install ufw profile.
1193+ - d/slapd.ufw.profile: add ufw profile.
1194+ - Enable nss overlay:
1195+ - d/{patches/nssov-build,rules}: Apply, build and package the
1196+ nss overlay.
1197+ - d/{rules,slapd.py}: Add apport hook.
1198+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1199+ either the default DIT nor via an Authn mapping.
1200+ - d/slapd.scripts-common:
1201+ - add slapcat_opts to local variables.
1202+ - Fix backup directory naming for multiple reconfiguration.
1203+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1204+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1205+ in the openldap library, as required by Likewise-Open
1206+ - Show distribution in version:
1207+ - d/control: added lsb-release
1208+ - d/patches/fix-ldap-distribution.patch: show distribution in version
1209+ - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1210+ - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1211+ - GSSAPI support was enabled in 2.4.18-0ubuntu2
1212+
1213+ -- Gianfranco Costamagna <locutusofborg@debian.org> Mon, 17 Jul 2017 10:58:24 +0200
1214+
1215 openldap (2.4.44+dfsg-8) unstable; urgency=medium
1216
1217 * Disable test060-mt-hot on ppc64el temporarily to avoid failing tests until
1218@@ -587,6 +1604,52 @@ openldap (2.4.44+dfsg-8) unstable; urgency=medium
1219
1220 -- Ryan Tandy <ryan@nardis.ca> Sun, 16 Jul 2017 12:57:41 -0700
1221
1222+openldap (2.4.44+dfsg-7ubuntu1) artful; urgency=medium
1223+
1224+ * Merge from Debian unstable. Remaining changes:
1225+ - Enable AppArmor support:
1226+ - d/apparmor-profile: add AppArmor profile
1227+ - d/rules: use dh_apparmor
1228+ - d/control: Build-Depends on dh-apparmor
1229+ - d/slapd.README.Debian: add note about AppArmor
1230+ - Enable GSSAPI support:
1231+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1232+ - Add --with-gssapi support
1233+ - Make guess_service_principal() more robust when determining
1234+ principal
1235+ - d/configure.options: Configure with --with-gssapi
1236+ - d/control: Added heimdal-dev as a build depend
1237+ - d/rules:
1238+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
1239+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1240+ - Enable ufw support:
1241+ - d/control: suggest ufw.
1242+ - d/rules: install ufw profile.
1243+ - d/slapd.ufw.profile: add ufw profile.
1244+ - Enable nss overlay:
1245+ - d/{patches/nssov-build,rules}: Apply, build and package the
1246+ nss overlay.
1247+ - d/{rules,slapd.py}: Add apport hook.
1248+ [ d/rules modification mentioned above was dropped in
1249+ 2.4.23-6ubuntu1, re-adding it ]
1250+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1251+ either the default DIT nor via an Authn mapping.
1252+ - d/slapd.scripts-common:
1253+ - add slapcat_opts to local variables.
1254+ - Fix backup directory naming for multiple reconfiguration.
1255+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1256+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1257+ in the openldap library, as required by Likewise-Open
1258+ - Show distribution in version:
1259+ - d/control: added lsb-release
1260+ - d/patches/fix-ldap-distribution.patch: show distribution in version
1261+ [ Refreshed patch ]
1262+ - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1263+ - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1264+ - GSSAPI support was enabled in 2.4.18-0ubuntu2
1265+
1266+ -- Gianfranco Costamagna <locutusofborg@debian.org> Tue, 27 Jun 2017 10:21:41 +0200
1267+
1268 openldap (2.4.44+dfsg-7) unstable; urgency=medium
1269
1270 * Relax the dependency of libldap-2.4-2 on libldap-common to also permit
1271@@ -594,6 +1657,52 @@ openldap (2.4.44+dfsg-7) unstable; urgency=medium
1272
1273 -- Ryan Tandy <ryan@nardis.ca> Tue, 27 Jun 2017 18:53:12 -0700
1274
1275+openldap (2.4.44+dfsg-6ubuntu1) artful; urgency=medium
1276+
1277+ * Merge from Debian unstable. Remaining changes:
1278+ - Enable AppArmor support:
1279+ - d/apparmor-profile: add AppArmor profile
1280+ - d/rules: use dh_apparmor
1281+ - d/control: Build-Depends on dh-apparmor
1282+ - d/slapd.README.Debian: add note about AppArmor
1283+ - Enable GSSAPI support:
1284+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1285+ - Add --with-gssapi support
1286+ - Make guess_service_principal() more robust when determining
1287+ principal
1288+ - d/configure.options: Configure with --with-gssapi
1289+ - d/control: Added heimdal-dev as a build depend
1290+ - d/rules:
1291+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
1292+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1293+ - Enable ufw support:
1294+ - d/control: suggest ufw.
1295+ - d/rules: install ufw profile.
1296+ - d/slapd.ufw.profile: add ufw profile.
1297+ - Enable nss overlay:
1298+ - d/{patches/nssov-build,rules}: Apply, build and package the
1299+ nss overlay.
1300+ - d/{rules,slapd.py}: Add apport hook.
1301+ [ d/rules modification mentioned above was dropped in
1302+ 2.4.23-6ubuntu1, re-adding it ]
1303+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1304+ either the default DIT nor via an Authn mapping.
1305+ - d/slapd.scripts-common:
1306+ - add slapcat_opts to local variables.
1307+ - Fix backup directory naming for multiple reconfiguration.
1308+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1309+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1310+ in the openldap library, as required by Likewise-Open
1311+ - Show distribution in version:
1312+ - d/control: added lsb-release
1313+ - d/patches/fix-ldap-distribution.patch: show distribution in version
1314+ [ Refreshed patch ]
1315+ - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1316+ - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1317+ - GSSAPI support was enabled in 2.4.18-0ubuntu2
1318+
1319+ -- Gianfranco Costamagna <locutusofborg@debian.org> Tue, 27 Jun 2017 10:21:41 +0200
1320+
1321 openldap (2.4.44+dfsg-6) unstable; urgency=medium
1322
1323 * Update the list of non-translatable strings for the
1324@@ -602,6 +1711,54 @@ openldap (2.4.44+dfsg-6) unstable; urgency=medium
1325
1326 -- Ryan Tandy <ryan@nardis.ca> Mon, 26 Jun 2017 19:42:02 -0700
1327
1328+openldap (2.4.44+dfsg-5ubuntu1) artful; urgency=medium
1329+
1330+ * Merge from Debian unstable. Remaining changes:
1331+ - Enable AppArmor support:
1332+ - d/apparmor-profile: add AppArmor profile
1333+ - d/rules: use dh_apparmor
1334+ - d/control: Build-Depends on dh-apparmor
1335+ - d/slapd.README.Debian: add note about AppArmor
1336+ - Enable GSSAPI support:
1337+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1338+ - Add --with-gssapi support
1339+ - Make guess_service_principal() more robust when determining
1340+ principal
1341+ - d/configure.options: Configure with --with-gssapi
1342+ - d/control: Added heimdal-dev as a build depend
1343+ - d/rules:
1344+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
1345+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1346+ - Enable ufw support:
1347+ - d/control: suggest ufw.
1348+ - d/rules: install ufw profile.
1349+ - d/slapd.ufw.profile: add ufw profile.
1350+ - Enable nss overlay:
1351+ - d/{patches/nssov-build,rules}: Apply, build and package the
1352+ nss overlay.
1353+ - d/{rules,slapd.py}: Add apport hook.
1354+ [ d/rules modification mentioned above was dropped in
1355+ 2.4.23-6ubuntu1, re-adding it ]
1356+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1357+ either the default DIT nor via an Authn mapping.
1358+ - d/slapd.scripts-common:
1359+ - add slapcat_opts to local variables.
1360+ - Fix backup directory naming for multiple reconfiguration.
1361+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1362+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1363+ in the openldap library, as required by Likewise-Open
1364+ - Show distribution in version:
1365+ - d/control: added lsb-release
1366+ - d/patches/fix-ldap-distribution.patch: show distribution in version
1367+ [ Refreshed patch ]
1368+ - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1369+ - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1370+ - GSSAPI support was enabled in 2.4.18-0ubuntu2
1371+ [ undocumented in prior merge, added in 2.4.41+dfsg-1ubuntu1 ]
1372+ - Fix use after free with GnuTLS. (LP #1557248)
1373+
1374+ -- Gianfranco Costamagna <locutusofborg@debian.org> Sun, 28 May 2017 22:43:50 +0200
1375+
1376 openldap (2.4.44+dfsg-5) unstable; urgency=medium
1377
1378 * debian/patches/ITS-8644-wait-for-slapd-to-start-in-test064.patch: Fix an
1379@@ -613,6 +1770,54 @@ openldap (2.4.44+dfsg-5) unstable; urgency=medium
1380
1381 -- Ryan Tandy <ryan@nardis.ca> Sun, 28 May 2017 09:59:46 -0700
1382
1383+openldap (2.4.44+dfsg-4ubuntu1) artful; urgency=low
1384+
1385+ * Merge from Debian unstable. Remaining changes:
1386+ - Enable AppArmor support:
1387+ - d/apparmor-profile: add AppArmor profile
1388+ - d/rules: use dh_apparmor
1389+ - d/control: Build-Depends on dh-apparmor
1390+ - d/slapd.README.Debian: add note about AppArmor
1391+ - Enable GSSAPI support:
1392+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1393+ - Add --with-gssapi support
1394+ - Make guess_service_principal() more robust when determining
1395+ principal
1396+ - d/configure.options: Configure with --with-gssapi
1397+ - d/control: Added heimdal-dev as a build depend
1398+ - d/rules:
1399+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
1400+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1401+ - Enable ufw support:
1402+ - d/control: suggest ufw.
1403+ - d/rules: install ufw profile.
1404+ - d/slapd.ufw.profile: add ufw profile.
1405+ - Enable nss overlay:
1406+ - d/{patches/nssov-build,rules}: Apply, build and package the
1407+ nss overlay.
1408+ - d/{rules,slapd.py}: Add apport hook.
1409+ [ d/rules modification mentioned above was dropped in
1410+ 2.4.23-6ubuntu1, re-adding it ]
1411+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1412+ either the default DIT nor via an Authn mapping.
1413+ - d/slapd.scripts-common:
1414+ - add slapcat_opts to local variables.
1415+ - Fix backup directory naming for multiple reconfiguration.
1416+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1417+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1418+ in the openldap library, as required by Likewise-Open
1419+ - Show distribution in version:
1420+ - d/control: added lsb-release
1421+ - d/patches/fix-ldap-distribution.patch: show distribution in version
1422+ [ Refreshed patch ]
1423+ - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1424+ - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1425+ - GSSAPI support was enabled in 2.4.18-0ubuntu2
1426+ [ undocumented in prior merge, added in 2.4.41+dfsg-1ubuntu1 ]
1427+ - Fix use after free with GnuTLS. (LP #1557248)
1428+
1429+ -- Gianfranco Costamagna <locutusofborg@debian.org> Sat, 22 Apr 2017 14:28:54 +0200
1430+
1431 openldap (2.4.44+dfsg-4) unstable; urgency=medium
1432
1433 * Improve the slapd/ppolicy_schema_needs_update debconf template. Thanks to
1434@@ -659,6 +1864,67 @@ openldap (2.4.44+dfsg-4) unstable; urgency=medium
1435
1436 -- Ryan Tandy <ryan@nardis.ca> Sun, 16 Apr 2017 20:10:43 -0700
1437
1438+openldap (2.4.44+dfsg-3ubuntu2) zesty; urgency=medium
1439+
1440+ * d/rules: Fix typo in previous upload.
1441+
1442+ -- Nishanth Aravamudan <nish.aravamudan@canonical.com> Fri, 10 Feb 2017 12:17:02 -0800
1443+
1444+openldap (2.4.44+dfsg-3ubuntu1) zesty; urgency=medium
1445+
1446+ * Merge with Debian unstable (LP: #1663702, LP: #1654416). Remaining
1447+ changes
1448+ - Enable AppArmor support:
1449+ - d/apparmor-profile: add AppArmor profile
1450+ - d/rules: use dh_apparmor
1451+ - d/control: Build-Depends on dh-apparmor
1452+ - d/slapd.README.Debian: add note about AppArmor
1453+ - Enable GSSAPI support:
1454+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1455+ - Add --with-gssapi support
1456+ - Make guess_service_principal() more robust when determining
1457+ principal
1458+ - d/configure.options: Configure with --with-gssapi
1459+ - d/control: Added heimdal-dev as a build depend
1460+ - d/rules:
1461+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
1462+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1463+ - Enable ufw support:
1464+ - d/control: suggest ufw.
1465+ - d/rules: install ufw profile.
1466+ - d/slapd.ufw.profile: add ufw profile.
1467+ - Enable nss overlay:
1468+ - d/{patches/nssov-build,rules}: Apply, build and package the
1469+ nss overlay.
1470+ - d/{rules,slapd.py}: Add apport hook.
1471+ [ d/rules modification mentioned above was dropped in
1472+ 2.4.23-6ubuntu1, re-adding it ]
1473+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1474+ either the default DIT nor via an Authn mapping.
1475+ - d/slapd.scripts-common:
1476+ - add slapcat_opts to local variables.
1477+ - Fix backup directory naming for multiple reconfiguration.
1478+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1479+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1480+ in the openldap library, as required by Likewise-Open
1481+ - Show distribution in version:
1482+ - d/control: added lsb-release
1483+ - d/patches/fix-ldap-distribution.patch: show distribution in version
1484+ [ Refreshed patch ]
1485+ - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1486+ - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1487+ - GSSAPI support was enabled in 2.4.18-0ubuntu2
1488+ [ undocumented in prior merge, added in 2.4.41+dfsg-1ubuntu1 ]
1489+ - Fix use after free with GnuTLS. (LP #1557248)
1490+ * Drop:
1491+ - d/slapd.scripts-common:
1492+ + Remove unused variable new_conf.
1493+ [ configure_v2_protocol_support function removed in 2.4.44+dfsg-1 ]
1494+ - d/b/config.log: add config.log
1495+ [ previously undocumented, stray change ]
1496+
1497+ -- Nishanth Aravamudan <nish.aravamudan@canonical.com> Fri, 10 Feb 2017 11:38:57 -0800
1498+
1499 openldap (2.4.44+dfsg-3) unstable; urgency=medium
1500
1501 * Apply upstream patch to fix FTBFS on kFreeBSD. (Closes: #845394)
1502@@ -731,6 +1997,73 @@ openldap (2.4.44+dfsg-1) unstable; urgency=medium
1503
1504 -- Ryan Tandy <ryan@nardis.ca> Mon, 14 Nov 2016 18:59:30 -0800
1505
1506+openldap (2.4.42+dfsg-2ubuntu5) zesty; urgency=medium
1507+
1508+ * No-change rebuild for perl 5.24 transition
1509+
1510+ -- Iain Lane <iain@orangesquash.org.uk> Mon, 24 Oct 2016 10:37:13 +0100
1511+
1512+openldap (2.4.42+dfsg-2ubuntu4) yakkety; urgency=medium
1513+
1514+ * Fix use after free with GnuTLS. (LP: #1557248)
1515+
1516+ -- Maciej Puzio <maciej@work.swmed.edu> Fri, 25 Mar 2016 15:24:25 -0500
1517+
1518+openldap (2.4.42+dfsg-2ubuntu3) xenial; urgency=medium
1519+
1520+ * Fix building with gssapi suppport:
1521+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
1522+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1523+
1524+ -- Matthias Klose <doko@ubuntu.com> Thu, 18 Feb 2016 09:17:27 +0100
1525+
1526+openldap (2.4.42+dfsg-2ubuntu2) xenial; urgency=medium
1527+
1528+ * No-change rebuild for gnutls transition.
1529+
1530+ -- Matthias Klose <doko@ubuntu.com> Wed, 17 Feb 2016 22:27:04 +0000
1531+
1532+openldap (2.4.42+dfsg-2ubuntu1) xenial; urgency=medium
1533+
1534+ * Merge from Debian testing (LP: #1532648). Remaining changes:
1535+ - Enable AppArmor support:
1536+ - d/apparmor-profile: add AppArmor profile
1537+ - d/rules: use dh_apparmor
1538+ - d/control: Build-Depends on dh-apparmor
1539+ - d/slapd.README.Debian: add note about AppArmor
1540+ - Enable GSSAPI support:
1541+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1542+ - Add --with-gssapi support
1543+ - Make guess_service_principal() more robust when determining
1544+ principal
1545+ - d/configure.options: Configure with --with-gssapi
1546+ - d/control: Added heimdal-dev as a build depend
1547+ - Enable ufw support:
1548+ - d/control: suggest ufw.
1549+ - d/rules: install ufw profile.
1550+ - d/slapd.ufw.profile: add ufw profile.
1551+ - Enable nss overlay:
1552+ - d/{patches/nssov-build,rules}: Apply, build and package the
1553+ nss overlay.
1554+ - d/{rules,slapd.py}: Add apport hook.
1555+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1556+ either the default DIT nor via an Authn mapping.
1557+ - d/slapd.scripts-common:
1558+ - add slapcat_opts to local variables.
1559+ - Remove unused variable new_conf.
1560+ - Fix backup directory naming for multiple reconfiguration.
1561+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1562+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1563+ in the openldap library, as required by Likewise-Open
1564+ - Show distribution in version:
1565+ - d/control: added lsb-release
1566+ - d/patches/fix-ldap-distribution.patch: show distribution in version
1567+ * Drop CVE-2015-6908.patch, included in Debian.
1568+ * Remove DEB_HOST_ARCH from debian/rules: left over from when mdb was
1569+ disabled on ppc64el, no longer used, and missed in the previous merge.
1570+
1571+ -- Ryan Tandy <ryan@nardis.ca> Sun, 10 Jan 2016 15:50:53 -0800
1572+
1573 openldap (2.4.42+dfsg-2) unstable; urgency=medium
1574
1575 [ Ryan Tandy ]
1576@@ -798,6 +2131,71 @@ openldap (2.4.42+dfsg-1) unstable; urgency=medium
1577
1578 -- Ryan Tandy <ryan@nardis.ca> Fri, 21 Aug 2015 13:07:51 -0700
1579
1580+openldap (2.4.41+dfsg-1ubuntu3) xenial; urgency=medium
1581+
1582+ * Rebuild for Perl 5.22.1.
1583+
1584+ -- Colin Watson <cjwatson@ubuntu.com> Fri, 18 Dec 2015 15:10:17 +0000
1585+
1586+openldap (2.4.41+dfsg-1ubuntu2) wily; urgency=medium
1587+
1588+ * SECURITY UPDATE: denial of service via crafted BER data
1589+ - debian/patches/CVE-2015-6908.patch: remove obsolete assert in
1590+ libraries/liblber/io.c.
1591+ - CVE-2015-6908
1592+
1593+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 14 Sep 2015 10:25:04 -0400
1594+
1595+openldap (2.4.41+dfsg-1ubuntu1) wily; urgency=medium
1596+
1597+ * Merge from Debian testing (LP: #1471831). Remaining changes:
1598+ - Enable AppArmor support:
1599+ - d/apparmor-profile: add AppArmor profile
1600+ - d/rules: use dh_apparmor
1601+ - d/control: Build-Depends on dh-apparmor
1602+ - d/slapd.README.Debian: add note about AppArmor
1603+ - Enable GSSAPI support:
1604+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1605+ - Add --with-gssapi support
1606+ - Make guess_service_principal() more robust when determining
1607+ principal
1608+ - d/configure.options: Configure with --with-gssapi
1609+ - d/control: Added heimdal-dev as a build depend
1610+ - Enable ufw support:
1611+ - d/control: suggest ufw.
1612+ - d/rules: install ufw profile.
1613+ - d/slapd.ufw.profile: add ufw profile.
1614+ - Enable nss overlay:
1615+ - d/{patches/nssov-build,rules}: Apply, build and package the
1616+ nss overlay.
1617+ - d/{rules,slapd.py}: Add apport hook.
1618+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1619+ either the default DIT nor via an Authn mapping.
1620+ - d/slapd.scripts-common:
1621+ - add slapcat_opts to local variables.
1622+ - Remove unused variable new_conf.
1623+ - Fix backup directory naming for multiple reconfiguration.
1624+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1625+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1626+ in the openldap library, as required by Likewise-Open
1627+ - Show distribution in version:
1628+ - d/control: added lsb-release
1629+ - d/patches/fix-ldap-distribution.patch: show distribution in version
1630+ * Dropped changes:
1631+ - Fix cpp calls for GCC 5: fixed upstream (ITS#8056)
1632+ * Upstream fixes:
1633+ - slapd crash with auditlog overlay and large (~27KB) attribute values
1634+ (ITS#8003) (LP: #1461276)
1635+ - nssov updated to support recent nss-pam-ldapd client libraries
1636+ (ITS#8097) (LP: #1393306)
1637+ * Update d/patches/nssov-build for upstream changes.
1638+ * Tweak d/patches/gssapi.diff to apply without fuzz.
1639+ * d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1640+ - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1641+ - GSSAPI support was enabled in 2.4.18-0ubuntu2
1642+
1643+ -- Ryan Tandy <ryan@nardis.ca> Fri, 24 Jul 2015 14:12:06 -0700
1644+
1645 openldap (2.4.41+dfsg-1) unstable; urgency=medium
1646
1647 * New upstream release.
1648@@ -817,6 +2215,62 @@ openldap (2.4.40+dfsg-2) unstable; urgency=medium
1649
1650 -- Ryan Tandy <ryan@nardis.ca> Sun, 28 Jun 2015 20:40:37 -0700
1651
1652+openldap (2.4.40+dfsg-1ubuntu2) wily; urgency=medium
1653+
1654+ * No-change rebuild for the libnettle6 transition.
1655+
1656+ -- Adam Conrad <adconrad@ubuntu.com> Sun, 14 Jun 2015 03:58:30 -0600
1657+
1658+openldap (2.4.40+dfsg-1ubuntu1) wily; urgency=low
1659+
1660+ * Merge from Debian testing (LP: #1395098, LP: #1316124). Remaining changes:
1661+ - Enable AppArmor support:
1662+ - d/apparmor-profile: add AppArmor profile
1663+ - d/rules: use dh_apparmor
1664+ - d/control: Build-Depends on dh-apparmor
1665+ - d/slapd.README.Debian: add note about AppArmor
1666+ - Enable GSSAPI support:
1667+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1668+ - Add --with-gssapi support
1669+ - Make guess_service_principal() more robust when determining
1670+ principal
1671+ - d/configure.options: Configure with --with-gssapi
1672+ - d/control: Added heimdal-dev as a build depend
1673+ - Enable ufw support:
1674+ - d/control: suggest ufw.
1675+ - d/rules: install ufw profile.
1676+ - d/slapd.ufw.profile: add ufw profile.
1677+ - Enable nss overlay:
1678+ - d/{patches/nssov-build,rules}: Apply, build and package the
1679+ nss overlay.
1680+ - d/{rules,slapd.py}: Add apport hook.
1681+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1682+ either the default DIT nor via an Authn mapping.
1683+ - d/slapd.scripts-common:
1684+ - add slapcat_opts to local variables.
1685+ - Remove unused variable new_conf.
1686+ - Fix backup directory naming for multiple reconfiguration.
1687+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1688+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1689+ in the openldap library, as required by Likewise-Open
1690+ - Show distribution in version:
1691+ - d/control: added lsb-release
1692+ - d/patches/fix-ldap-distribution.patch: show distribution in version
1693+ * Drop patches included upstream:
1694+ - d/patches/0001-ITS-7430-GnuTLS-Avoid-use-of-deprecated-function.patch
1695+ - d/patches/bdb-deadlock.patch
1696+ - d/patches/its-7354-fix-delta-sync-mmr.diff
1697+ * Drop hardening-wrapper as Debian now sets PIE and bindnow flags.
1698+ * debian/patches/nssov-build: Adjust for upstream changes.
1699+ * debian/apparmor-profile:
1700+ - Change 'r' to 'rw' for ldapi and nslcd sockets, required for apparmor
1701+ kernel ABI v7 (utopic and later). (LP: #1392018)
1702+ - Reduce permissions on /run/nslcd to just the nslcd socket.
1703+ * Enable the mdb backend again on ppc64el, fixed upstream in ITS#7713.
1704+ (LP: #1293250)
1705+
1706+ -- Ryan Tandy <ryan@nardis.ca> Mon, 25 May 2015 19:49:21 -0700
1707+
1708 openldap (2.4.40+dfsg-1) unstable; urgency=medium
1709
1710 * Remove inetorgperson.schema from the upstream source. Replace it with a
1711@@ -1005,6 +2459,187 @@ openldap (2.4.39-1) unstable; urgency=low
1712
1713 -- Steve Langasek <vorlon@debian.org> Mon, 17 Mar 2014 15:27:31 -0700
1714
1715+openldap (2.4.31-1+nmu2ubuntu12) vivid; urgency=medium
1716+
1717+ * Fix cpp calls for GCC 5.
1718+
1719+ -- Matthias Klose <doko@ubuntu.com> Fri, 06 Mar 2015 13:23:29 +0100
1720+
1721+openldap (2.4.31-1+nmu2ubuntu11) utopic; urgency=medium
1722+
1723+ * debian/apparmor-profile:
1724+ - allow p11-kit abstraction
1725+ - allow read of /etc/gss/mech.d/*
1726+
1727+ -- Jamie Strandboge <jamie@ubuntu.com> Tue, 02 Sep 2014 15:29:05 -0500
1728+
1729+openldap (2.4.31-1+nmu2ubuntu10) utopic; urgency=medium
1730+
1731+ * Rebuild for Perl 5.20.0.
1732+
1733+ -- Colin Watson <cjwatson@ubuntu.com> Thu, 21 Aug 2014 13:29:20 +0100
1734+
1735+openldap (2.4.31-1+nmu2ubuntu9) utopic; urgency=medium
1736+
1737+ * Cherry-pick upstream patch for compat with recent GNUTLS.
1738+ * Build-depend on libgnutls28-dev.
1739+ * Build-depend on libgcrypt20-dev.
1740+
1741+ -- Dimitri John Ledkov <xnox@ubuntu.com> Fri, 08 Aug 2014 11:01:56 +0100
1742+
1743+openldap (2.4.31-1+nmu2ubuntu8) trusty; urgency=medium
1744+
1745+ * Bump database_format_changed value to 2.4.31-1+nmu2ubuntu5 for db5.3.
1746+
1747+ -- Adam Conrad <adconrad@ubuntu.com> Mon, 17 Mar 2014 12:50:18 -0600
1748+
1749+openldap (2.4.31-1+nmu2ubuntu7) trusty; urgency=medium
1750+
1751+ * Disable mdb backend on ppc64el due to test-suite failures.
1752+
1753+ -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 17 Mar 2014 16:32:29 +0000
1754+
1755+openldap (2.4.31-1+nmu2ubuntu6) trusty; urgency=low
1756+
1757+ * Fix segfault issue with master-master syncrepl (LP: #1287730):
1758+ - d/patches/its-7354-fix-delta-sync-mmr.diff: Cherry picked
1759+ patch from upstream VCS.
1760+
1761+ -- Pierre Fersing <pfersing@sierrawireless.com> Tue, 04 Mar 2014 16:04:57 +0100
1762+
1763+openldap (2.4.31-1+nmu2ubuntu5) trusty; urgency=low
1764+
1765+ * Build-depend on libdb5.3-dev, instead of libdb5.1-dev.
1766+
1767+ -- Dmitrijs Ledkovs <xnox@ubuntu.com> Mon, 04 Nov 2013 08:04:30 +0000
1768+
1769+openldap (2.4.31-1+nmu2ubuntu4) trusty; urgency=low
1770+
1771+ * Rebuild for Perl 5.18.
1772+
1773+ -- Colin Watson <cjwatson@ubuntu.com> Tue, 22 Oct 2013 12:16:39 +0100
1774+
1775+openldap (2.4.31-1+nmu2ubuntu3) saucy; urgency=low
1776+
1777+ * Update build/config.guess and build/config.sub at build time; this was
1778+ not done automatically because the top-level configure.in does not use
1779+ Automake.
1780+
1781+ -- Colin Watson <cjwatson@ubuntu.com> Tue, 08 Oct 2013 17:24:59 +0100
1782+
1783+openldap (2.4.31-1+nmu2ubuntu2) saucy; urgency=low
1784+
1785+ * debian/control: added lsb-release
1786+ * debian/patches/fix-ldap-distribution.patch: show distribution in version
1787+
1788+ -- Yolanda Robla <yolanda.robla@canonical.com> Mon, 08 Jul 2013 16:53:09 +0200
1789+
1790+openldap (2.4.31-1+nmu2ubuntu1) saucy; urgency=low
1791+
1792+ * Merge from Debian unstable. Remaining changes:
1793+ - Enable AppArmor support:
1794+ - d/apparmor-profile: add AppArmor profile
1795+ - d/rules: use dh_apparmor
1796+ - d/control: Build-Depends on dh-apparmor
1797+ - d/slapd.README.Debian: add note about AppArmor
1798+ - d/slapd.dirs: add etc/apparmor.d/force-complain
1799+ - Enable GSSAPI support:
1800+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1801+ - Add --with-gssapi support
1802+ - Make guess_service_principal() more robust when determining
1803+ principal
1804+ - d/configure.options: Configure with --with-gssapi
1805+ - d/control: Added libkrb5-dev as a build depend
1806+ - Enable ufw support:
1807+ - d/control: suggest ufw.
1808+ - d/rules: install ufw profile.
1809+ - d/slapd.ufw.profile: add ufw profile.
1810+ - Enable nss overlay:
1811+ - d/{patches/nssov-build,/rules}: Apply, build and package the
1812+ nss overlay.
1813+ - d/{rules,slapd.py}: Add apport hook.
1814+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1815+ either the default DIT nor via an Authn mapping.
1816+ - d/slapd.scripts-common:
1817+ - add slapcat_opts to local variables.
1818+ - Remove unused variable new_conf.
1819+ - Fix backup directory naming for multiple reconfiguration.
1820+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1821+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1822+ in the openldap library, as required by Likewise-Open
1823+ - d/{control,rules}: enable PIE hardening
1824+
1825+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 30 May 2013 13:03:25 -0400
1826+
1827+openldap (2.4.31-1+nmu2) unstable; urgency=high
1828+
1829+ * Non-maintainer upload.
1830+ * No-change rebuild in a clean environment
1831+
1832+ -- Jonathan Wiltshire <jmw@debian.org> Tue, 23 Apr 2013 13:10:00 +0100
1833+
1834+openldap (2.4.31-1+nmu1) unstable; urgency=medium
1835+
1836+ * Non-maintainer upload.
1837+ * Avoid deadlocks in back-bdb that truncate slapcat output (closes: #673038).
1838+
1839+ -- Michael Gilbert <mgilbert@debian.org> Tue, 16 Apr 2013 03:35:31 +0000
1840+
1841+openldap (2.4.31-1ubuntu2) quantal-proposed; urgency=low
1842+
1843+ * debian/slapd.py: Add AppArmor info and logs to apport hook.
1844+
1845+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 20 Aug 2012 08:46:02 -0400
1846+
1847+openldap (2.4.31-1ubuntu1) quantal; urgency=low
1848+
1849+ * Merge from Debian unstable. Remaining changes:
1850+ - Enable AppArmor support:
1851+ - d/apparmor-profile: add AppArmor profile
1852+ - d/rules: use dh_apparmor
1853+ - d/control: Build-Depends on dh-apparmor
1854+ - d/slapd.README.Debian: add note about AppArmor
1855+ - d/slapd.dirs: add etc/apparmor.d/force-complain
1856+ - Enable GSSAPI support (LP: #495418):
1857+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1858+ - Add --with-gssapi support
1859+ - Make guess_service_principal() more robust when determining
1860+ principal
1861+ - d/configure.options: Configure with --with-gssapi
1862+ - d/control: Added libkrb5-dev as a build depend
1863+ - Enable ufw support (LP: #423246):
1864+ - d/control: suggest ufw.
1865+ - d/rules: install ufw profile.
1866+ - d/slapd.ufw.profile: add ufw profile.
1867+ - Enable nss overlay (LP: #675391):
1868+ - d/{patches/nssov-build,/rules}: Apply, build and package the
1869+ nss overlay.
1870+ - d/{rules,slapd.py}: Add apport hook. (LP: #610544)
1871+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1872+ either the default DIT nor via an Authn mapping.
1873+ - d/slapd.scripts-common:
1874+ - add slapcat_opts to local variables.
1875+ - Remove unused variable new_conf.
1876+ - Fix backup directory naming for multiple reconfiguration.
1877+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1878+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1879+ in the openldap library, as required by Likewise-Open (LP: #390579)
1880+ - d/{control,rules}: enable PIE hardening
1881+ * Dropped changes:
1882+ - d/patches/its-7107-fix-Operation-init-on-reuse.diff: Included in upstream release.
1883+ - d/patches/CVE-2011-4079: Included in upstream release.
1884+ - d/patches/service-operational-before-detach: Included in upstream release.
1885+ - d/schema/extra/misc.ldif: Included upstream.
1886+ - d/{rules,schema/extra}: Fix configure and clean rules to support
1887+ extra schemas shipped as part of the debian/schema/ directory; no longer required.
1888+ - Included in Debian:
1889+ + Document cn=config in README file.
1890+ + Install a default DIT; actually a minimal configuration.
1891+ + d/patches/heimdal-fix.
1892+ * General tidy of d/patches to remove obsolete patches being held in Ubuntu delta.
1893+
1894+ -- James Page <james.page@ubuntu.com> Fri, 20 Jul 2012 13:48:32 +0100
1895+
1896 openldap (2.4.31-1) unstable; urgency=low
1897
1898 * New upstream release.
1899@@ -1031,6 +2666,121 @@ openldap (2.4.31-1) unstable; urgency=low
1900
1901 -- Steve Langasek <vorlon@debian.org> Wed, 27 Jun 2012 03:27:34 +0000
1902
1903+openldap (2.4.28-1.1ubuntu6) quantal; urgency=low
1904+
1905+ * Fix issue with intermittent connection issues when using LDAPv3
1906+ protocol (LP: #1023025):
1907+ - d/patches/its-7107-fix-Operation-init-on-reuse.diff: Cherry picked
1908+ patch from upstream VCS which ensures objects are initialized before
1909+ re-use.
1910+
1911+ -- Pierre Fersing <pfersing@sierrawireless.com> Thu, 19 Jul 2012 14:05:09 +0100
1912+
1913+openldap (2.4.28-1.1ubuntu5) quantal; urgency=low
1914+
1915+ * debian/rules: Add smbk5pwd build.
1916+ * debian/control: Add slapd-smbk5pwd binary package.
1917+ * debian/patches/heimdal-fix: adapt parameters of
1918+ hdb_generate_key_set_password() to heimdal 1.6~git20120311
1919+ (patch from Debian #664930).
1920+
1921+ -- Jorge Salamero Sanz <bencer@debian.org> Wed, 18 Jul 2012 09:30:28 -0400
1922+
1923+openldap (2.4.28-1.1ubuntu4) precise; urgency=low
1924+
1925+ * debian/control: Build-Depends on dh-apparmor (LP: #948481)
1926+
1927+ -- Jamie Strandboge <jamie@ubuntu.com> Thu, 05 Apr 2012 09:34:37 -0500
1928+
1929+openldap (2.4.28-1.1ubuntu3) precise; urgency=low
1930+
1931+ * Add its-7176-only-poll-sockets-for-write-as-needed.diff
1932+ (LP: #932823).
1933+
1934+ -- Timo Aaltonen <tjaalton@ubuntu.com> Tue, 21 Feb 2012 15:36:29 +0200
1935+
1936+openldap (2.4.28-1.1ubuntu2) precise; urgency=low
1937+
1938+ * Remove debian/patches/CVE-2011-4079; it's already in this upstream
1939+ version. Fixes FTBFS.
1940+
1941+ -- Daniel T Chen <crimsun@ubuntu.com> Wed, 25 Jan 2012 17:26:17 -0500
1942+
1943+openldap (2.4.28-1.1ubuntu1) precise; urgency=low
1944+
1945+ * Merge from Debian testing. Remaining changes:
1946+ - Install a default DIT (LP: #442498).
1947+ - Document cn=config in README file (LP: #370784).
1948+ - remaining changes:
1949+ + AppArmor support:
1950+ - debian/apparmor-profile: add AppArmor profile
1951+ - use dh_apparmor:
1952+ - debian/rules: use dh_apparmor
1953+ - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
1954+ - updated debian/slapd.README.Debian for note on AppArmor
1955+ - debian/slapd.dirs: add etc/apparmor.d/force-complain
1956+ + Enable GSSAPI support (LP: #495418):
1957+ - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1958+ - Add --with-gssapi support
1959+ - Make guess_service_principal() more robust when determining
1960+ principal
1961+ - debian/patches/series: apply gssapi.diff patch.
1962+ - debian/configure.options: Configure with --with-gssapi
1963+ - debian/control: Added libkrb5-dev as a build depend
1964+ + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1965+ in the openldap library, as required by Likewise-Open (LP: #390579)
1966+ + Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
1967+ - debian/control:
1968+ - remove build-dependency on heimdal-dev.
1969+ - remove slapd-smbk5pwd binary package.
1970+ - debian/rules: don't build smbk5pwd slapd module.
1971+ + debian/{control,rules}: enable PIE hardening
1972+ + ufw support (LP: #423246):
1973+ - debian/control: suggest ufw.
1974+ - debian/rules: install ufw profile.
1975+ - debian/slapd.ufw.profile: add ufw profile.
1976+ + Enable nssoverlay:
1977+ - debian/patches/nssov-build, debian/series, debian/rules:
1978+ Apply, build and package the nss overlay.
1979+ - debian/schema/extra/misc.ldif: add ldif file for the misc schema
1980+ which defines rfc822MailMember (required by the nss overlay).
1981+ + debian/rules, debian/schema/extra/:
1982+ Fix configure rule to supports extra schemas shipped as part
1983+ of the debian/schema/ directory.
1984+ + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
1985+ + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
1986+ neither the default DIT nor via an Authn mapping.
1987+ + debian/slapd.scripts-common: adjust minimum version that triggers a
1988+ database upgrade. Upgrade from maverick shouldn't trigger database
1989+ upgrade (which would happen with the version used in Debian).
1990+ + debian/slapd.scripts-common: add slapcat_opts to local variables.
1991+ Remove unused variable new_conf.
1992+ + debian/slapd.script-common: Fix package reconfiguration.
1993+ - Fix backup directory naming for multiple reconfiguration.
1994+ + debian/slapd.default, debian/slapd.README.Debian:
1995+ use the new configuration style.
1996+ + Install nss overlay (LP: #675391):
1997+ - debian/rules: run install target for nssov module.
1998+ - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema
1999+ + debian/patches/gssapi.diff:
2000+ - Update patch so that likewise-open is usuable again. (LP: #661547)
2001+ + debian/patches/service-operational-before-detach: New patch replacing old one
2002+ of the same name as previous could cause database corruption based on upstream commits.
2003+ (LP: #727973)
2004+ + debian/patches/CVE-2011-4079: fix off by one error in postalAddressNormalize()
2005+ (CVE-2011-4079)
2006+
2007+
2008+ -- Chuck Short <zulcss@ubuntu.com> Mon, 23 Jan 2012 10:01:13 -0500
2009+
2010+openldap (2.4.28-1.1) unstable; urgency=low
2011+
2012+ * Non-maintainer upload.
2013+ * Disable the mdb backend on non-Linux, it looks like it doesn't work with
2014+ linuxthreads (closes: #654824).
2015+
2016+ -- Julien Cristau <jcristau@debian.org> Mon, 16 Jan 2012 19:45:42 +0100
2017+
2018 openldap (2.4.28-1) unstable; urgency=low
2019
2020 * New upstream release.
2021@@ -1058,6 +2808,72 @@ openldap (2.4.28-1) unstable; urgency=low
2022
2023 -- Steve Langasek <vorlon@debian.org> Thu, 05 Jan 2012 06:07:11 +0000
2024
2025+openldap (2.4.25-4ubuntu1) precise; urgency=low
2026+
2027+ * Merge from Debian testing. Remaining changes:
2028+ - Install a default DIT (LP: #442498).
2029+ - Document cn=config in README file (LP: #370784).
2030+ - remaining changes:
2031+ + AppArmor support:
2032+ - debian/apparmor-profile: add AppArmor profile
2033+ - use dh_apparmor:
2034+ - debian/rules: use dh_apparmor
2035+ - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
2036+ - updated debian/slapd.README.Debian for note on AppArmor
2037+ - debian/slapd.dirs: add etc/apparmor.d/force-complain
2038+ + Enable GSSAPI support (LP: #495418):
2039+ - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
2040+ - Add --with-gssapi support
2041+ - Make guess_service_principal() more robust when determining
2042+ principal
2043+ - debian/patches/series: apply gssapi.diff patch.
2044+ - debian/configure.options: Configure with --with-gssapi
2045+ - debian/control: Added libkrb5-dev as a build depend
2046+ + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
2047+ in the openldap library, as required by Likewise-Open (LP: #390579)
2048+ + Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
2049+ - debian/control:
2050+ - remove build-dependency on heimdal-dev.
2051+ - remove slapd-smbk5pwd binary package.
2052+ - debian/rules: don't build smbk5pwd slapd module.
2053+ + debian/{control,rules}: enable PIE hardening
2054+ + ufw support (LP: #423246):
2055+ - debian/control: suggest ufw.
2056+ - debian/rules: install ufw profile.
2057+ - debian/slapd.ufw.profile: add ufw profile.
2058+ + Enable nssoverlay:
2059+ - debian/patches/nssov-build, debian/series, debian/rules:
2060+ Apply, build and package the nss overlay.
2061+ - debian/schema/extra/misc.ldif: add ldif file for the misc schema
2062+ which defines rfc822MailMember (required by the nss overlay).
2063+ + debian/rules, debian/schema/extra/:
2064+ Fix configure rule to supports extra schemas shipped as part
2065+ of the debian/schema/ directory.
2066+ + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
2067+ + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
2068+ neither the default DIT nor via an Authn mapping.
2069+ + debian/slapd.scripts-common: adjust minimum version that triggers a
2070+ database upgrade. Upgrade from maverick shouldn't trigger database
2071+ upgrade (which would happen with the version used in Debian).
2072+ + debian/slapd.scripts-common: add slapcat_opts to local variables.
2073+ Remove unused variable new_conf.
2074+ + debian/slapd.script-common: Fix package reconfiguration.
2075+ - Fix backup directory naming for multiple reconfiguration.
2076+ + debian/slapd.default, debian/slapd.README.Debian:
2077+ use the new configuration style.
2078+ + Install nss overlay (LP: #675391):
2079+ - debian/rules: run install target for nssov module.
2080+ - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema
2081+ + debian/patches/gssapi.diff:
2082+ - Update patch so that likewise-open is usuable again. (LP: #661547)
2083+ + debian/patches/service-operational-before-detach: New patch replacing old one
2084+ of the same name as previous could cause database corruption based on upstream commits.
2085+ (LP: #727973)
2086+ + debian/patches/CVE-2011-4079: fix off by one error in postalAddressNormalize()
2087+ (CVE-2011-4079)
2088+
2089+ -- Chuck Short <zulcss@ubuntu.com> Tue, 22 Nov 2011 06:17:49 +0000
2090+
2091 openldap (2.4.25-4) unstable; urgency=low
2092
2093 * Drop explicit depends on libdb4.8, since we're now linking against
2094@@ -1091,6 +2907,85 @@ openldap (2.4.25-4) unstable; urgency=low
2095
2096 -- Steve Langasek <vorlon@debian.org> Tue, 18 Oct 2011 01:08:34 +0000
2097
2098+openldap (2.4.25-3ubuntu3) precise; urgency=low
2099+
2100+ * Rebuild for Perl 5.14.
2101+
2102+ -- Colin Watson <cjwatson@ubuntu.com> Tue, 15 Nov 2011 20:50:09 +0000
2103+
2104+openldap (2.4.25-3ubuntu2) precise; urgency=low
2105+
2106+ * SECURITY UPDATE: potential denial of service (LP: #884163)
2107+ - debian/patches/CVE-2011-4079: fix off by one error in
2108+ postalAddressNormalize()
2109+ - CVE-2011-4079
2110+
2111+ -- Jamie Strandboge <jamie@ubuntu.com> Mon, 14 Nov 2011 13:59:56 -0600
2112+
2113+openldap (2.4.25-3ubuntu1) precise; urgency=low
2114+
2115+ * Merge from debian unstable. Remaining changes:
2116+ - Install a default DIT (LP: #442498).
2117+ - Document cn=config in README file (LP: #370784).
2118+ - remaining changes:
2119+ + AppArmor support:
2120+ - debian/apparmor-profile: add AppArmor profile
2121+ - use dh_apparmor:
2122+ - debian/rules: use dh_apparmor
2123+ - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
2124+ - updated debian/slapd.README.Debian for note on AppArmor
2125+ - debian/slapd.dirs: add etc/apparmor.d/force-complain
2126+ + Enable GSSAPI support (LP: #495418):
2127+ - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
2128+ - Add --with-gssapi support
2129+ - Make guess_service_principal() more robust when determining
2130+ principal
2131+ - debian/patches/series: apply gssapi.diff patch.
2132+ - debian/configure.options: Configure with --with-gssapi
2133+ - debian/control: Added libkrb5-dev as a build depend
2134+ + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
2135+ in the openldap library, as required by Likewise-Open (LP: #390579)
2136+ + Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
2137+ - debian/control:
2138+ - remove build-dependency on heimdal-dev.
2139+ - remove slapd-smbk5pwd binary package.
2140+ - debian/rules: don't build smbk5pwd slapd module.
2141+ + debian/{control,rules}: enable PIE hardening
2142+ + ufw support (LP: #423246):
2143+ - debian/control: suggest ufw.
2144+ - debian/rules: install ufw profile.
2145+ - debian/slapd.ufw.profile: add ufw profile.
2146+ + Enable nssoverlay:
2147+ - debian/patches/nssov-build, debian/series, debian/rules:
2148+ Apply, build and package the nss overlay.
2149+ - debian/schema/extra/misc.ldif: add ldif file for the misc schema
2150+ which defines rfc822MailMember (required by the nss overlay).
2151+ + debian/rules, debian/schema/extra/:
2152+ Fix configure rule to supports extra schemas shipped as part
2153+ of the debian/schema/ directory.
2154+ + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
2155+ + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
2156+ neither the default DIT nor via an Authn mapping.
2157+ + debian/slapd.scripts-common: adjust minimum version that triggers a
2158+ database upgrade. Upgrade from maverick shouldn't trigger database
2159+ upgrade (which would happen with the version used in Debian).
2160+ + debian/slapd.scripts-common: add slapcat_opts to local variables.
2161+ Remove unused variable new_conf.
2162+ + debian/slapd.script-common: Fix package reconfiguration.
2163+ - Fix backup directory naming for multiple reconfiguration.
2164+ + debian/slapd.default, debian/slapd.README.Debian:
2165+ use the new configuration style.
2166+ + Install nss overlay (LP: #675391):
2167+ - debian/rules: run install target for nssov module.
2168+ - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema
2169+ + debian/patches/gssapi.diff:
2170+ - Update patch so that likewise-open is usuable again. (LP: #661547)
2171+ + debian/patches/service-operational-before-detach: New patch replacing old one
2172+ of the same name as previous could cause database corruption based on upstream commits.
2173+ (LP: #727973)
2174+
2175+ -- Chuck Short <zulcss@ubuntu.com> Wed, 19 Oct 2011 20:53:08 +0000
2176+
2177 openldap (2.4.25-3) unstable; urgency=low
2178
2179 * Brown paper bag: really fix the .links.in handling, so we don't generate
2180@@ -1113,6 +3008,92 @@ openldap (2.4.25-2) unstable; urgency=low
2181
2182 -- Steve Langasek <vorlon@debian.org> Sun, 14 Aug 2011 23:17:09 -0700
2183
2184+openldap (2.4.25-1.1ubuntu4) oneiric; urgency=low
2185+
2186+ * Brown paper bag: really fix the .links.in handling, so we don't generate
2187+ broken /usr/lib/${DEB_HOST_MULTIARCH} dirs.
2188+
2189+ -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 15 Aug 2011 09:43:29 +0000
2190+
2191+openldap (2.4.25-1.1ubuntu3) oneiric; urgency=low
2192+
2193+ * Cherry-pick multiarch support from Debian (LP: #826601):
2194+ - Bump to compat level 7, so we don't have to spell out debian/tmp in
2195+ every single .install file
2196+ - Build for multiarch.
2197+
2198+ -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 15 Aug 2011 02:23:43 -0700
2199+
2200+openldap (2.4.25-1.1ubuntu2) oneiric; urgency=low
2201+
2202+ * debian/apparmor-profile: Allow /var/run and /run. (LP: #810270)
2203+
2204+ -- Martin Pitt <martin.pitt@ubuntu.com> Thu, 14 Jul 2011 15:18:02 +0200
2205+
2206+openldap (2.4.25-1.1ubuntu1) oneiric; urgency=low
2207+
2208+ * Merge from debian unstable. Remaining changes:
2209+ - Install a default DIT (LP: #442498).
2210+ - Document cn=config in README file (LP: #370784).
2211+ - remaining changes:
2212+ + AppArmor support:
2213+ - debian/apparmor-profile: add AppArmor profile
2214+ - use dh_apparmor:
2215+ - debian/rules: use dh_apparmor
2216+ - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
2217+ - updated debian/slapd.README.Debian for note on AppArmor
2218+ - debian/slapd.dirs: add etc/apparmor.d/force-complain
2219+ + Enable GSSAPI support (LP: #495418):
2220+ - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
2221+ - Add --with-gssapi support
2222+ - Make guess_service_principal() more robust when determining
2223+ principal
2224+ - debian/patches/series: apply gssapi.diff patch.
2225+ - debian/configure.options: Configure with --with-gssapi
2226+ - debian/control: Added libkrb5-dev as a build depend
2227+ + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
2228+ in the openldap library, as required by Likewise-Open (LP: #390579)
2229+ + Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
2230+ - debian/control:
2231+ - remove build-dependency on heimdal-dev.
2232+ - remove slapd-smbk5pwd binary package.
2233+ - debian/rules: don't build smbk5pwd slapd module.
2234+ + debian/{control,rules}: enable PIE hardening
2235+ + ufw support (LP: #423246):
2236+ - debian/control: suggest ufw.
2237+ - debian/rules: install ufw profile.
2238+ - debian/slapd.ufw.profile: add ufw profile.
2239+ + Enable nssoverlay:
2240+ - debian/patches/nssov-build, debian/series, debian/rules:
2241+ Apply, build and package the nss overlay.
2242+ - debian/schema/extra/misc.ldif: add ldif file for the misc schema
2243+ which defines rfc822MailMember (required by the nss overlay).
2244+ + debian/rules, debian/schema/extra/:
2245+ Fix configure rule to supports extra schemas shipped as part
2246+ of the debian/schema/ directory.
2247+ + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
2248+ + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
2249+ neither the default DIT nor via an Authn mapping.
2250+ + debian/slapd.scripts-common: adjust minimum version that triggers a
2251+ database upgrade. Upgrade from maverick shouldn't trigger database
2252+ upgrade (which would happen with the version used in Debian).
2253+ + debian/slapd.scripts-common: add slapcat_opts to local variables.
2254+ Remove unused variable new_conf.
2255+ + debian/slapd.script-common: Fix package reconfiguration.
2256+ - Fix backup directory naming for multiple reconfiguration.
2257+ + debian/slapd.default, debian/slapd.README.Debian:
2258+ use the new configuration style.
2259+ + Install nss overlay (LP: #675391):
2260+ - debian/rules: run install target for nssov module.
2261+ - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema
2262+ + debian/patches/gssapi.diff:
2263+ - Update patch so that likewise-open is usuable again. (LP: #661547)
2264+ + debian/patches/service-operational-before-detach: New patch replacing old one
2265+ of the same name as previous could cause database corruption based on upstream commits.
2266+ (LP: #727973)
2267+
2268+ -- Chuck Short <zulcss@ubuntu.com> Sun, 05 Jun 2011 17:38:40 +0100
2269+
2270 openldap (2.4.25-1.1) unstable; urgency=low
2271
2272 * Non-maintainer upload to fix RC bug.
2273@@ -1120,6 +3101,75 @@ openldap (2.4.25-1.1) unstable; urgency=low
2274
2275 -- Thijs Kinkhorst <thijs@debian.org> Tue, 31 May 2011 11:57:29 +0200
2276
2277+openldap (2.4.25-1ubuntu1) oneiric; urgency=low
2278+
2279+ * Merge from debian unstable. Remaining changes:
2280+ - Install a default DIT (LP: #442498).
2281+ - Document cn=config in README file (LP: #370784).
2282+ - remaining changes:
2283+ + AppArmor support:
2284+ - debian/apparmor-profile: add AppArmor profile
2285+ - use dh_apparmor:
2286+ - debian/rules: use dh_apparmor
2287+ - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
2288+ - updated debian/slapd.README.Debian for note on AppArmor
2289+ - debian/slapd.dirs: add etc/apparmor.d/force-complain
2290+ + Enable GSSAPI support (LP: #495418):
2291+ - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
2292+ - Add --with-gssapi support
2293+ - Make guess_service_principal() more robust when determining
2294+ principal
2295+ - debian/patches/series: apply gssapi.diff patch.
2296+ - debian/configure.options: Configure with --with-gssapi
2297+ - debian/control: Added libkrb5-dev as a build depend
2298+ + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
2299+ in the openldap library, as required by Likewise-Open (LP: #390579)
2300+ + Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
2301+ - debian/control:
2302+ - remove build-dependency on heimdal-dev.
2303+ - remove slapd-smbk5pwd binary package.
2304+ - debian/rules: don't build smbk5pwd slapd module.
2305+ + debian/{control,rules}: enable PIE hardening
2306+ + ufw support (LP: #423246):
2307+ - debian/control: suggest ufw.
2308+ - debian/rules: install ufw profile.
2309+ - debian/slapd.ufw.profile: add ufw profile.
2310+ + Enable nssoverlay:
2311+ - debian/patches/nssov-build, debian/series, debian/rules:
2312+ Apply, build and package the nss overlay.
2313+ - debian/schema/extra/misc.ldif: add ldif file for the misc schema
2314+ which defines rfc822MailMember (required by the nss overlay).
2315+ + debian/rules, debian/schema/extra/:
2316+ Fix configure rule to supports extra schemas shipped as part
2317+ of the debian/schema/ directory.
2318+ + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
2319+ + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
2320+ neither the default DIT nor via an Authn mapping.
2321+ + debian/slapd.scripts-common: adjust minimum version that triggers a
2322+ database upgrade. Upgrade from maverick shouldn't trigger database
2323+ upgrade (which would happen with the version used in Debian).
2324+ + debian/slapd.scripts-common: add slapcat_opts to local variables.
2325+ Remove unused variable new_conf.
2326+ + debian/slapd.script-common: Fix package reconfiguration.
2327+ - Fix backup directory naming for multiple reconfiguration.
2328+ + debian/slapd.default, debian/slapd.README.Debian:
2329+ use the new configuration style.
2330+ + Install nss overlay (LP: #675391):
2331+ - debian/rules: run install target for nssov module.
2332+ - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema
2333+ + debian/patches/gssapi.diff:
2334+ - Update patch so that likewise-open is usuable again. (LP: #661547)
2335+ + debian/patches/service-operational-before-detach: New patch replacing old one
2336+ of the same name as previous could cause database corruption based on upstream commits.
2337+ (LP: #727973)
2338+ + Dropped:
2339+ - debian/patches/gold: Use the debian version instead
2340+ - debian/patches/CVE-2011-1024: Fixed upstream
2341+ - debian/patches/CVE-2011-1025: Fixed upstream
2342+ - debian/patches/CVE-2011-1081: Fixed upstream
2343+
2344+ -- Chuck Short <zulcss@ubuntu.com> Sun, 08 May 2011 16:34:09 +0100
2345+
2346 openldap (2.4.25-1) unstable; urgency=low
2347
2348 * New upstream version (Closes: #617606, #618904, #606815, #608813)
2349@@ -1151,6 +3201,116 @@ openldap (2.4.23-7) unstable; urgency=low
2350
2351 -- Matthijs Mohlmann <matthijs@cacholong.nl> Sat, 06 Nov 2010 12:13:01 +0100
2352
2353+openldap (2.4.23-6ubuntu7) oneiric; urgency=low
2354+
2355+ * Rebuild for Perl 5.12.
2356+
2357+ -- Colin Watson <cjwatson@ubuntu.com> Sun, 08 May 2011 13:40:28 +0100
2358+
2359+openldap (2.4.23-6ubuntu6) natty; urgency=low
2360+
2361+ * SECURITY UPDATE: fix successful anonymous bind via chain overlay when
2362+ using forwarded authentication failures
2363+ - debian/patches/CVE-2011-1024
2364+ - CVE-2011-1024
2365+ * SECURITY UPDATE: verify password when authenticating to rootdn and using ndb
2366+ backend. Note: Ubuntu is not compiled with --enable-ndb by default
2367+ - debian/patches/CVE-2011-1025
2368+ - CVE-2011-1025
2369+ * SECURITY UPDATE: fix DoS when processing unauthenticated modrdn requests
2370+ and requestDN is empty
2371+ - debian/patches/CVE-2011-1081
2372+ - CVE-2011-1081
2373+ - LP: #742104
2374+
2375+ -- Jamie Strandboge <jamie@ubuntu.com> Thu, 07 Apr 2011 11:36:53 -0500
2376+
2377+openldap (2.4.23-6ubuntu5) natty; urgency=low
2378+
2379+ * debian/patches/service-operational-before-detach: New patch replacing
2380+ old one of same name as previous could cause database corruption,
2381+ based on upstream commits. (LP: #727973)
2382+
2383+ -- Dave Walker (Daviey) <DaveWalker@ubuntu.com> Wed, 02 Mar 2011 20:33:08 +0000
2384+
2385+openldap (2.4.23-6ubuntu4) natty; urgency=low
2386+
2387+ * Fix FTBFS with ld.gold.
2388+
2389+ -- Matthias Klose <doko@ubuntu.com> Wed, 19 Jan 2011 07:39:49 +0100
2390+
2391+openldap (2.4.23-6ubuntu3) natty; urgency=low
2392+
2393+ * debian/patches/gssapi.diff:
2394+ Update patch so that likewise-open is usable again (LP: #661547)
2395+
2396+ -- Thierry Carrez (ttx) <thierry.carrez@ubuntu.com> Fri, 26 Nov 2010 15:50:11 +0100
2397+
2398+openldap (2.4.23-6ubuntu2) natty; urgency=low
2399+
2400+ * Install nss overlay (LP: #675391):
2401+ - debian/rules: run install target for nssov module.
2402+ - debian/patches/nssov-build: fix patch to install schema in
2403+ /etc/ldap/schema.
2404+
2405+ -- Mathias Gug <mathiaz@ubuntu.com> Wed, 17 Nov 2010 18:16:42 -0500
2406+
2407+openldap (2.4.23-6ubuntu1) natty; urgency=low
2408+
2409+ * Merge from Debian unstable:
2410+ - Install a default DIT (LP: #442498).
2411+ - Document cn=config in README file (LP: #370784).
2412+ - remaining changes:
2413+ + AppArmor support:
2414+ - debian/apparmor-profile: add AppArmor profile
2415+ - use dh_apparmor:
2416+ - debian/rules: use dh_apparmor
2417+ - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
2418+ - updated debian/slapd.README.Debian for note on AppArmor
2419+ - debian/slapd.dirs: add etc/apparmor.d/force-complain
2420+ + Enable GSSAPI support (LP: #495418):
2421+ - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
2422+ - Add --with-gssapi support
2423+ - Make guess_service_principal() more robust when determining
2424+ principal
2425+ - debian/patches/series: apply gssapi.diff patch.
2426+ - debian/configure.options: Configure with --with-gssapi
2427+ - debian/control: Added libkrb5-dev as a build depend
2428+ + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
2429+ in the openldap library, as required by Likewise-Open (LP: #390579)
2430+ + Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
2431+ - debian/control:
2432+ - remove build-dependency on heimdal-dev.
2433+ - remove slapd-smbk5pwd binary package.
2434+ - debian/rules: don't build smbk5pwd slapd module.
2435+ + debian/{control,rules}: enable PIE hardening
2436+ + ufw support (LP: #423246):
2437+ - debian/control: suggest ufw.
2438+ - debian/rules: install ufw profile.
2439+ - debian/slapd.ufw.profile: add ufw profile.
2440+ + Enable nssoverlay:
2441+ - debian/patches/nssov-build, debian/series, debian/rules:
2442+ Apply, build and package the nss overlay.
2443+ - debian/schema/extra/misc.ldif: add ldif file for the misc schema
2444+ which defines rfc822MailMember (required by the nss overlay).
2445+ + debian/rules, debian/schema/extra/:
2446+ Fix configure rule to supports extra schemas shipped as part
2447+ of the debian/schema/ directory.
2448+ + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
2449+ + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
2450+ neither the default DIT nor via an Authn mapping.
2451+ + debian/slapd.scripts-common: adjust minimum version that triggers a
2452+ database upgrade. Upgrade from maverick shouldn't trigger database
2453+ upgrade (which would happen with the version used in Debian).
2454+ + debian/slapd.scripts-common: add slapcat_opts to local variables.
2455+ Remove unused variable new_conf.
2456+ + debian/slapd.script-common: Fix package reconfiguration.
2457+ - Fix backup directory naming for multiple reconfiguration.
2458+ + debian/slapd.default, debian/slapd.README.Debian:
2459+ use the new configuration style.
2460+
2461+ -- Mathias Gug <mathiaz@ubuntu.com> Fri, 12 Nov 2010 15:19:07 -0500
2462+
2463 openldap (2.4.23-6) unstable; urgency=high
2464
2465 * Check for an empty directory to prevent an rm -f /*. (Closes: #597704)
2466@@ -1273,6 +3433,80 @@ openldap (2.4.23-1) unstable; urgency=low
2467
2468 -- Matthijs Mohlmann <matthijs@cacholong.nl> Mon, 12 Jul 2010 13:25:00 +0200
2469
2470+openldap (2.4.23-0ubuntu4) natty; urgency=low
2471+
2472+ * debian/slapd.templates: amended typo in slapd/move_old_database
2473+ (LP: #666028)
2474+
2475+ -- James Page <james.page@canonical.com> Mon, 08 Nov 2010 10:00:58 +0000
2476+
2477+openldap (2.4.23-0ubuntu3.2) maverick-proposed; urgency=low
2478+
2479+ * debian/slapd.templates: re-add slapd/move_old_database template as it's
2480+ used during the package upgrade. Thanks to James Page for pointing it.
2481+ * debian/slapd.config: restore debconf question slapd/move_old_database.
2482+
2483+ -- Mathias Gug <mathiaz@ubuntu.com> Thu, 14 Oct 2010 16:56:38 -0400
2484+
2485+openldap (2.4.23-0ubuntu3.1) maverick-proposed; urgency=low
2486+
2487+ [ James Page ]
2488+ * Fixed install/upgrade process to dump/restore databases due
2489+ to uplift to libdb4.8-dev (LP: #658227)
2490+
2491+ -- Mathias Gug <mathiaz@ubuntu.com> Thu, 14 Oct 2010 14:50:49 -0400
2492+
2493+openldap (2.4.23-0ubuntu3) maverick; urgency=low
2494+
2495+ * debian/rules: move dh_apparmor before dh_installinit
2496+
2497+ -- Jamie Strandboge <jamie@ubuntu.com> Fri, 06 Aug 2010 17:34:21 -0500
2498+
2499+openldap (2.4.23-0ubuntu2) maverick; urgency=low
2500+
2501+ * convert to using dh_apparmor:
2502+ - debian/rules, debian/slapd.post{inst,rm}: use dh_apparmor
2503+ - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
2504+ * debian/apparmor-profile: use local include
2505+
2506+ -- Jamie Strandboge <jamie@ubuntu.com> Fri, 06 Aug 2010 15:08:55 -0500
2507+
2508+openldap (2.4.23-0ubuntu1) maverick; urgency=low
2509+
2510+ * New release, features include:
2511+ + Fixed libldap to return server's error code (ITS#6569)
2512+ + Fixed libldap memleaks (ITS#6568)
2513+ + Fixed liblutil off-by-one with delta (ITS#6541)
2514+ + Fixed slapd acls with glued databases (ITS#6468)
2515+ + Fixed slapd syncrepl rid logging (ITS#6533)
2516+ + Fixed slapd modrdn handling of invalid values (ITS#6570)
2517+ + Fixed slapd-bdb hasSubordinates computation (ITS#6549)
2518+ + Fixed slapd-bdb to use memcpy instead for strcpy (ITS#6474)
2519+ + Fixed slapd-bdb entry cache delete failure (ITS#6577)
2520+ + Fixed slapd-ldap to return control responses (ITS#6530)
2521+ + Fixed slapo-ppolicy to use Debug (ITS#6566)
2522+ + Fixed slapo-refint to zero out freed DN vals (ITS#6572)
2523+ + Fixed slapo-rwm to use Debug (ITS#6566)
2524+ + Fixed slapo-sssvlv to use Debug (ITS#6566)
2525+ + Fixed slapo-syncprov lost deletes in refresh phase (ITS#6555)
2526+ + Fixed slapo-valsort to use Debug (ITS#6566)
2527+ + Fixed contrib/nssov network.c missing patch (ITS#6562)
2528+ + Fixed test043 attribute sorting (ITS#6553)
2529+ + slapd-config(5) note default rootdn (ITS#6546)
2530+ * Rebased patches debian/patches/dropped nssov-build
2531+ * Resynchronize with Debian:
2532+ + debian/control:
2533+ - Bump standards-version to 3.9.0
2534+ - Use libdb4.8-dev (LP: #572489)
2535+ + Added debian/patches/issue-6534-patch
2536+ + Added debian/patches/ldap-conf-tls-cacertdir
2537+ * Add ufw support, thanks to PatRiehecky (LP: #423246)
2538+
2539+ [Adam Sommer]
2540+ * debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
2541+
2542+ -- Chuck Short <zulcss@ubuntu.com> Wed, 28 Jul 2010 11:35:16 -0400
2543+
2544 openldap (2.4.21-1) unstable; urgency=low
2545
2546 [ Steve Langasek ]
2547@@ -1304,6 +3538,79 @@ openldap (2.4.21-1) unstable; urgency=low
2548
2549 -- Matthijs Mohlmann <matthijs@cacholong.nl> Thu, 22 Apr 2010 23:40:30 +0200
2550
2551+openldap (2.4.21-0ubuntu5) lucid; urgency=low
2552+
2553+ * Fix local root connection access: replace olcAuthzRegexp mapping to
2554+ cn=localroot,cn=config with using the SASL dn directly in olcAccess.
2555+ Makes upgrades much simpler and robust (LP: #563829).
2556+
2557+ -- Mathias Gug <mathiaz@ubuntu.com> Fri, 23 Apr 2010 00:23:31 -0400
2558+
2559+openldap (2.4.21-0ubuntu4) lucid; urgency=low
2560+
2561+ [ Simon Olofsson ]
2562+ * debian/slapd.postinst:
2563+ - Show a message after successful migration (LP: #538848)
2564+
2565+ [ Jorgen Rosink ]
2566+ * debian/slapd.init: add simple status checking with LSB compatible exit
2567+ codes (LP: #562377)
2568+ * debian/slapd.init.ldif:
2569+ - remove admin user in default config database (LP: #556176)
2570+ - in default config, add olcAccess entries giving access to controls
2571+ available and cn=subschema (LP: #427842)
2572+
2573+ [ Scott Moser ]
2574+ * debian/slapd.scripts-common: Do not create /nonexistent directory
2575+ for openldap user's home (LP: #556176)
2576+ * debian/slapd.postinst: fix cn=config olcAccess migration (LP: #559070)
2577+
2578+ -- Scott Moser <smoser@ubuntu.com> Mon, 12 Apr 2010 16:16:47 -0400
2579+
2580+openldap (2.4.21-0ubuntu3) lucid; urgency=low
2581+
2582+ * debian/slapd.postinst, debian/slapd.scripts-common: Upgrade databases
2583+ before trying to convert to slapd.d, to avoid upgrade failure from hardy
2584+ (LP: #536958)
2585+ * debian/slapd.postinst: Add a {1} numeric index to olcAccess entry in
2586+ olcDatabase={0}config.ldif to avoid upgrade failures (LP: #538516, #526230)
2587+
2588+ -- Thierry Carrez <thierry.carrez@ubuntu.com> Mon, 29 Mar 2010 13:31:47 +0200
2589+
2590+openldap (2.4.21-0ubuntu2) lucid; urgency=low
2591+
2592+ * debian/apparmor-profile: Update apparmor profile. (LP: #508190)
2593+
2594+ -- Chuck Short <zulcss@ubuntu.com> Tue, 09 Mar 2010 13:33:35 -0500
2595+
2596+openldap (2.4.21-0ubuntu1) lucid; urgency=low
2597+
2598+ * New upstream release.
2599+ * debian/rules, debian/schema/extra/:
2600+ Fix get-orig-source rule to supports extra schemas shipped as part of the
2601+ debian/schema/ directory.
2602+
2603+ -- Mathias Gug <mathiaz@ubuntu.com> Thu, 18 Feb 2010 00:58:13 -0500
2604+
2605+openldap (2.4.18-0ubuntu2) lucid; urgency=low
2606+
2607+ * debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
2608+ - Add --with-gssapi support
2609+ - Make guess_service_principal() more robust when determining principal
2610+ * Enable GSSAPI support (LP: #495418):
2611+ - debian/configure.options: Configure with --with-gssapi
2612+ - debian/control: Added libkrb5-dev as a build depend
2613+
2614+ -- Thierry Carrez <thierry.carrez@ubuntu.com> Fri, 11 Dec 2009 11:31:11 +0100
2615+
2616+openldap (2.4.18-0ubuntu1) karmic; urgency=low
2617+
2618+ * New upstream release: (LP: #419515):
2619+ + pcache overlay supports disconnected mode.
2620+ * Fix nss overlay load (LP: #417163).
2621+
2622+ -- Mathias Gug <mathiaz@ubuntu.com> Mon, 07 Sep 2009 13:41:10 -0400
2623+
2624 openldap (2.4.17-2.1) unstable; urgency=high
2625
2626 * Non-maintainer upload by the Security Team.
2627@@ -1330,6 +3637,108 @@ openldap (2.4.17-2) unstable; urgency=low
2628
2629 -- Steve Langasek <vorlon@debian.org> Tue, 22 Sep 2009 20:06:34 -0700
2630
2631+openldap (2.4.17-1ubuntu3) karmic; urgency=low
2632+
2633+ * Install a minimal slapd configuration instead of creating a default
2634+ database with a default DIT:
2635+ + Move openldap user home from /var/lib/ldap to /nonexistent.
2636+ + Remove all code and templates dealing with the default database and DIT
2637+ creation.
2638+ + Add an Authz map from root user (UID=0) to cn=localroot,cn=config and
2639+ grant all access to the latter in the cn=config database as well as the
2640+ default backend configuration.
2641+ * Add cn=localroot,cn=config authz mapping on upgrades.
2642+
2643+ -- Mathias Gug <mathiaz@ubuntu.com> Tue, 11 Aug 2009 14:48:56 -0400
2644+
2645+openldap (2.4.17-1ubuntu2) karmic; urgency=low
2646+
2647+ [ Thierry Carrez ]
2648+ * debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
2649+ in the openldap library, as required by Likewise-Open (LP: #390579)
2650+
2651+ [ Mathias Gug ]
2652+ * debian/patches/its6077-uniqueness-overlay: fixes some issues with the
2653+ uniqueness overlay.
2654+ * debian/patches/its6220-writetimeout-directive: fixes a problem with the
2655+ writetimeout directive being in effect even if it wasn't set,
2656+ closing connections incorrectly.
2657+ * debian/patches/its6222-dncachesize-parameter: fixes the behavior of the
2658+ dncachesize parameter that was added in RE24, so that if it is set to
2659+ "0" (now the default), it has an unlimited DN cache (RE23 always
2660+ had an unlimited DN cache).
2661+
2662+ -- Mathias Gug <mathiaz@ubuntu.com> Fri, 31 Jul 2009 13:43:46 -0400
2663+
2664+openldap (2.4.17-1ubuntu1) karmic; urgency=low
2665+
2666+ [ Steve Langasek ]
2667+ * Fix up the lintian warnings:
2668+ - add missing misc-depends on all packages
2669+ - slapd, libldap-2.4-2-dbg sections changed to 'debug' to match archive
2670+ overrides
2671+ - bump Standards-Version to 3.8.2, no changes required.
2672+
2673+ [ Mathias Gug ]
2674+ * Resynchronise with Debian. Remaining changes:
2675+ - AppArmor support:
2676+ - debian/apparmor-profile: add AppArmor profile
2677+ - updated debian/slapd.README.Debian for note on AppArmor
2678+ - debian/slapd.dirs: add etc/apparmor.d/force-complain
2679+ - debian/slapd.postrm: remove symlink in force-complain/ on purge
2680+ - debian/rules: install apparmor profile.
2681+ - Don't use local statement in config script as it fails if /bin/sh
2682+ points to bash.
2683+ - debian/slapd.postinst, debian/slapd.script-common: set correct
2684+ ownership and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group
2685+ readable) and /var/run/slapd (world readable).
2686+ - Enable nssoverlay:
2687+ - debian/patches/nssov-build, debian/rules: Build and package the nss
2688+ overlay.
2689+ - debian/schema/misc.ldif: add ldif file for the misc schema which
2690+ defines rfc822MailMember (required by the nss overlay).
2691+ - debian/{control,rules}: enable PIE hardening
2692+ - Use cn=config as the default configuration backend instead of
2693+ slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade
2694+ asking the end user to enter a new password to control the access to
2695+ the cn=config tree.
2696+ - debian/slapd.postinst: create /var/run/slapd before updating its
2697+ permissions.
2698+ - debian/slapd.init: Correctly set slapd config backend option even if
2699+ the pidfile is configured in slapd default file.
2700+ * Dropped:
2701+ - Merged in Debian:
2702+ - Update priority of libldap-2.4-2 to match the archive override.
2703+ - Add the missing ldapexop and ldapurl tools to ldap-utils, as well as
2704+ the ldapurl(1) manpage.
2705+ - Bump build-dependency on debhelper to 6 instead of 5, since that's
2706+ what we're using.
2707+ - Set the default SLAPD_SERVICES to ldap:/// ldapi:///, instead of using
2708+ the built-in default of ldap:/// only.
2709+ - Fixed in upstream release:
2710+ - debian/patches/fix-ldap_back_entry_get_rwa.patch: fix test-0034
2711+ failure when built with PIE.
2712+ - debian/patches/gnutls-enable-v1-ca-certs: Enable V1 CA certs to be
2713+ trusted.
2714+ - Update Apparmor profile support: don't support upgrade from pre-hardy
2715+ systems:
2716+ - debian/slapd.postinst: Reload AA profile on configuration
2717+ - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
2718+ - debian/control: Conflicts with apparmor-profiles <<
2719+ 2.1+1075-0ubuntu4 to make sure that if earlier version of
2720+ apparmor-profiles gets installed it won't overwrite our profile.
2721+ - follow ApparmorProfileMigration and force apparmor complain mode on
2722+ some upgrades
2723+ - debian/slapd.preinst: create symlink for force-complain on
2724+ pre-feisty upgrades, upgrades where apparmor-profiles profile is
2725+ unchanged (ie non-enforcing) and upgrades where apparmor profile
2726+ does not exist.
2727+ - debian/patches/autogen.sh: no longer needed with karmic libtool.
2728+ - Call libtoolize with the --install option to install
2729+ config.{guess,sub} files.
2730+
2731+ -- Mathias Gug <mathiaz@ubuntu.com> Thu, 30 Jul 2009 16:42:58 -0400
2732+
2733 openldap (2.4.17-1) unstable; urgency=low
2734
2735 * New upstream version.
2736@@ -1352,6 +3761,153 @@ openldap (2.4.17-1) unstable; urgency=low
2737
2738 -- Steve Langasek <vorlon@debian.org> Tue, 28 Jul 2009 10:17:15 -0700
2739
2740+openldap (2.4.15-1.1ubuntu1) karmic; urgency=low
2741+
2742+ * Resynchronise with Debian. Remaining changes:
2743+ - AppArmor support:
2744+ - debian/apparmor-profile: add AppArmor profile
2745+ - debian/slapd.postinst: Reload AA profile on configuration
2746+ - updated debian/slapd.README.Debian for note on AppArmor
2747+ - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
2748+ - debian/control: Conflicts with apparmor-profiles <<
2749+ 2.1+1075-0ubuntu4 to make sure that if earlier version of
2750+ apparmor-profiles gets installed it won't overwrite our profile.
2751+ - follow ApparmorProfileMigration and force apparmor complain mode on
2752+ some upgrades
2753+ - debian/slapd.dirs: add etc/apparmor.d/force-complain
2754+ - debian/slapd.preinst: create symlink for force-complain on
2755+ pre-feisty upgrades, upgrades where apparmor-profiles profile is
2756+ unchanged (ie non-enforcing) and upgrades where apparmor profile
2757+ does not exist.
2758+ - debian/slapd.postrm: remove symlink in force-complain/ on purge
2759+ - debian/patches/autogen.sh:
2760+ - Call libtoolize with the --install option to install
2761+ config.{guess,sub} files.
2762+ - Don't use local statement in config script as it fails if /bin/sh
2763+ points to bash.
2764+ - debian/slapd.postinst, debian/slapd.script-common: set correct
2765+ ownership and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group
2766+ readable) and /var/run/slapd (world readable).
2767+ - Enable nssoverlay:
2768+ - debian/patches/nssov-build, debian/rules: Build and package the nss
2769+ overlay.
2770+ - debian/schema/misc.ldif: add ldif file for the misc schema which
2771+ defines rfc822MailMember (required by the nss overlay).
2772+ - debian/{control,rules}: enable PIE hardening
2773+ - Use cn=config as the default configuration backend instead of
2774+ slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade
2775+ asking the end user to enter a new password to control the access to
2776+ the cn=config tree.
2777+ - Update priority of libldap-2.4-2 to match the archive override.
2778+ - Add the missing ldapexop and ldapurl tools to ldap-utils, as well as
2779+ the ldapurl(1) manpage.
2780+ - Bump build-dependency on debhelper to 6 instead of 5, since that's
2781+ what we're using.
2782+ - Set the default SLAPD_SERVICES to ldap:/// ldapi:///, instead of using
2783+ the built-in default of ldap:/// only.
2784+ - debian/patches/fix-ldap_back_entry_get_rwa.patch: fix test-0034
2785+ failure when built with PIE.
2786+ - debian/patches/gnutls-enable-v1-ca-certs: Enable V1 CA certs to be
2787+ trusted.
2788+ - debian/slapd.postinst: create /var/run/slapd before updating its
2789+ permissions.
2790+ - debian/slapd.init: Correctly set slapd config backend option even if
2791+ the pidfile is configured in slapd default file.
2792+ * Drop patch to avoid the test suite on hppa, as hppa is EOL.
2793+
2794+ -- Colin Watson <cjwatson@ubuntu.com> Wed, 24 Jun 2009 10:45:20 +0100
2795+
2796+openldap (2.4.15-1.1) unstable; urgency=low
2797+
2798+ * Non-maintainer upload.
2799+ * Change libltdl3-dev Build-Depends to libltdl-dev | libltdl3-dev
2800+ (Closes: #522965)
2801+
2802+ -- Kurt Roeckx <kurt@roeckx.be> Sun, 19 Apr 2009 18:24:32 +0200
2803+
2804+openldap (2.4.15-1ubuntu3) jaunty; urgency=low
2805+
2806+ * No-change rebuild to fix lpia shared library dependencies.
2807+
2808+ -- Colin Watson <cjwatson@ubuntu.com> Thu, 19 Mar 2009 09:52:40 +0000
2809+
2810+openldap (2.4.15-1ubuntu2) jaunty; urgency=low
2811+
2812+ * debian/slapd.postinst: create /var/run/slapd before updating its
2813+ permissions (LP: #298928).
2814+ * debian/slapd.init: Correclty set slapd config backend option even if the
2815+ pidfile is configured in slapd default file (LP: #292364).
2816+ * debian/apparmor-profile: support multiple databases to be stored under
2817+ /var/lib/ldap/. (LP: #286614).
2818+
2819+ -- Mathias Gug <mathiaz@ubuntu.com> Fri, 13 Mar 2009 13:56:12 -0400
2820+
2821+openldap (2.4.15-1ubuntu1) jaunty; urgency=low
2822+
2823+ [ Steve Langasek ]
2824+ * Update priority of libldap-2.4-2 to match the archive override.
2825+ * Add the missing ldapexop and ldapurl tools to ldap-utils, as well as the
2826+ ldapurl(1) manpage. Thanks to Peter Marschall for the patch.
2827+ Closes: #496749.
2828+ * Bump build-dependency on debhelper to 6 instead of 5, since that's
2829+ what we're using. Closes: #498116.
2830+ * Set the default SLAPD_SERVICES to ldap:/// ldapi:///, instead of using
2831+ the built-in default of ldap:/// only.
2832+
2833+ [ Mathias Gug ]
2834+ * Merge from debian unstable, remaining changes:
2835+ - Modify Maintainer value to match the DebianMaintainerField
2836+ speficication.
2837+ - AppArmor support:
2838+ - debian/apparmor-profile: add AppArmor profile
2839+ - debian/slapd.postinst: Reload AA profile on configuration
2840+ - updated debian/slapd.README.Debian for note on AppArmor
2841+ - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
2842+ - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
2843+ to make sure that if earlier version of apparmour-profiles gets
2844+ installed it won't overwrite our profile.
2845+ - follow ApparmorProfileMigration and force apparmor compalin mode on
2846+ some upgrades (LP: #203529)
2847+ - debian/slapd.dirs: add etc/apparmor.d/force-complain
2848+ - debian/slapd.preinst: create symlink for force-complain on pre-feisty
2849+ upgrades, upgrades where apparmor-profiles profile is unchanged (ie
2850+ non-enforcing) and upgrades where apparmor profile does not exist.
2851+ - debian/slapd.postrm: remove symlink in force-complain/ on purge
2852+ - debian/control:
2853+ - Build-depend on libltdl7-dev rather then libltdl3-dev.
2854+ - debian/patches/autogen.sh:
2855+ - Call libtoolize with the --install option to install config.{guess,sub}
2856+ files.
2857+ - Don't use local statement in config script as it fails if /bin/sh
2858+ points to bash (LP: #286063).
2859+ - Disable the testsuite on hppa. Allows building of packages on this
2860+ architecture again, once this package is in the archive.
2861+ LP: #288908.
2862+ - debian/slapd.postinst, debian/slapd.script-common: set correct ownership
2863+ and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group readable) and
2864+ /var/run/slapd (world readable). (LP: #257667).
2865+ - Enable nssoverlay:
2866+ - debian/patches/nssov-build, debian/rules: Build and package
2867+ the nss overlay.
2868+ - debian/schema/misc.ldif: add ldif file for the misc schema
2869+ which defines rfc822MailMember (required by the nss overlay).
2870+ - debian/{control,rules}: enable PIE hardening
2871+ - Use cn=config as the default configuration backend instead of
2872+ slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade
2873+ asking the end user to enter a new password to control the access to the
2874+ cn=config tree.
2875+ * Dropped:
2876+ - debian/patches/corrupt-contextCSN: The contextCSN can get corrupted at
2877+ times. (ITS: #5947) Fixed in new upstream version 2.4.15.
2878+ - debian/patches/fix-ucred-libc due to changes how newer glibc handle
2879+ the ucred struct now. Implemented in Debian.
2880+ * debian/patches/fix-ldap_back_entry_get_rwa.patch: fix test-0034 failure
2881+ when built with PIE.
2882+ * debian/patches/gnutls-enable-v1-ca-certs: Enable V1 CA certs to be
2883+ trusted (LP: #305264).
2884+
2885+ -- Mathias Gug <mathiaz@ubuntu.com> Fri, 06 Mar 2009 17:34:21 -0500
2886+
2887 openldap (2.4.15-1) unstable; urgency=low
2888
2889 * New upstream version
2890@@ -1369,6 +3925,69 @@ openldap (2.4.15-1) unstable; urgency=low
2891
2892 -- Steve Langasek <vorlon@debian.org> Tue, 24 Feb 2009 14:27:35 -0800
2893
2894+openldap (2.4.14-0ubuntu1) jaunty; urgency=low
2895+
2896+ [ Steve Langasek ]
2897+ * New upstream version
2898+ - Fixes a bug with the pcache overlay not returning cached entries
2899+ (closes: #497697)
2900+ - Update evolution-ntlm patch to apply to current Makefiles.
2901+ - (tentatively) drop gnutls-ciphers, since this bug was reported to be
2902+ fixed upstream in 2.4.8. The fix applied in 2.4.8 didn't match the
2903+ patch from the bug report, so this should be watched for regressions.
2904+ * Build against db4.7 instead of db4.2 at last! Closes: #421946.
2905+ * Build with --disable-ndb, to avoid a misbuild when libmysqlclient is
2906+ installed in the build environment.
2907+ * New patch, no-crlcheck-for-gnutls, to fix a build failure when using
2908+ --with-tls=gnutls.
2909+
2910+ [ Mathias Gug ]
2911+ * Merge from debian unstable, remaining changes:
2912+ - debian/apparmor-profile: add AppArmor profile
2913+ - debian/slapd.postinst: Reload AA profile on configuration
2914+ - updated debian/slapd.README.Debian for note on AppArmor
2915+ - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
2916+ - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
2917+ to make sure that if earlier version of apparmour-profiles gets
2918+ installed it won't overwrite our profile.
2919+ - Modify Maintainer value to match the DebianMaintainerField
2920+ speficication.
2921+ - follow ApparmorProfileMigration and force apparmor compalin mode on
2922+ some upgrades (LP: #203529)
2923+ - debian/slapd.dirs: add etc/apparmor.d/force-complain
2924+ - debian/slapd.preinst: create symlink for force-complain on pre-feisty
2925+ upgrades, upgrades where apparmor-profiles profile is unchanged (ie
2926+ non-enforcing) and upgrades where apparmor profile does not exist.
2927+ - debian/slapd.postrm: remove symlink in force-complain/ on purge
2928+ - debian/patches/fix-ucred-libc due to changes how newer glibc handle
2929+ the ucred struct now.
2930+ - debian/control:
2931+ - Build-depend on libltdl7-dev rather then libltdl3-dev.
2932+ - debian/patches/autogen.sh:
2933+ - Call libtoolize with the --install option to install config.{guess,sub}
2934+ files.
2935+ - Don't use local statement in config script as it fails if /bin/sh
2936+ points to bash (LP: #286063).
2937+ - Disable the testsuite on hppa. Allows building of packages on this
2938+ architecture again, once this package is in the archive.
2939+ LP: #288908.
2940+ - debian/slapd.postinst, debian/slapd.script-common: set correct ownership
2941+ and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group readable) and
2942+ /var/run/slapd (world readable). (LP: #257667).
2943+ - debian/patches/nssov-build, debian/rules:
2944+ Build and package the nss overlay.
2945+ debian/schema/misc.ldif: add ldif file for the misc schema, which defines
2946+ rfc822MailMember (required by the nss overlay).
2947+ - debian/{control,rules}: enable PIE hardening
2948+ - Use cn=config as the default configuration backend instead of
2949+ slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade
2950+ asking the end user to enter a new password to control the access to the
2951+ cn=config tree.
2952+ * debian/patches/corrupt-contextCSN: The contextCSN can get corrupted at
2953+ times. (ITS: #5947)
2954+
2955+ -- Mathias Gug <mathiaz@ubuntu.com> Wed, 18 Feb 2009 18:44:00 -0500
2956+
2957 openldap (2.4.11-1) unstable; urgency=low
2958
2959 * New upstream version (closes: #499560).
2960@@ -1391,6 +4010,110 @@ openldap (2.4.11-1) unstable; urgency=low
2961
2962 -- Steve Langasek <vorlon@debian.org> Sat, 11 Oct 2008 01:53:55 -0700
2963
2964+openldap (2.4.11-0ubuntu7) jaunty; urgency=low
2965+
2966+ * Don't use local statement in config script as it fails if /bin/sh
2967+ points to bash (LP: #286063).
2968+
2969+ -- Mathias Gug <mathiaz@ubuntu.com> Tue, 04 Nov 2008 20:03:46 -0500
2970+
2971+openldap (2.4.11-0ubuntu6) intrepid; urgency=low
2972+
2973+ * Disable the testsuite on hppa. Allows building of packages on this
2974+ architecture again, once this package is in the archive.
2975+ LP: #288908.
2976+
2977+ -- Matthias Klose <doko@ubuntu.com> Fri, 24 Oct 2008 23:22:33 +0200
2978+
2979+openldap (2.4.11-0ubuntu5) intrepid; urgency=low
2980+
2981+ * Don't set admin passwords in ldif files if adminpw is empty.
2982+ (LP: #273988 - LP: #276606).
2983+
2984+ -- Mathias Gug <mathiaz@ubuntu.com> Mon, 13 Oct 2008 19:31:15 -0400
2985+
2986+openldap (2.4.11-0ubuntu4) intrepid; urgency=low
2987+
2988+ * debian/slapd.postinst, debian/slapd.script-common: set correct ownership
2989+ and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group readable) and
2990+ /var/run/slapd (world readable). (LP: #257667).
2991+ * debian/slapd.script-common:
2992+ - Fix package reconfiguration:
2993+ + Remove slapd.d/ directory if it already exists when creating a new
2994+ configuration.
2995+ + Fix backup directory naming for multiple reconfiguration.
2996+
2997+ -- Mathias Gug <mathiaz@ubuntu.com> Wed, 24 Sep 2008 21:01:42 -0400
2998+
2999+openldap (2.4.11-0ubuntu3) intrepid; urgency=low
3000+
3001+ * debian/patches/nssov-build, debian/rules:
3002+ Build and package the nss overlay.
3003+ * debian/schema/misc.ldif: add ldif file for the misc schema, which defines
3004+ rfc822MailMember (required by the nss overlay).
3005+
3006+ -- Mathias Gug <mathiaz@ubuntu.com> Tue, 26 Aug 2008 18:42:54 -0400
3007+
3008+openldap (2.4.11-0ubuntu2) intrepid; urgency=low
3009+
3010+ * debian/{control,rules}: enable PIE hardening
3011+
3012+ -- Kees Cook <kees@ubuntu.com> Wed, 20 Aug 2008 15:47:01 -0700
3013+
3014+openldap (2.4.11-0ubuntu1) intrepid; urgency=low
3015+
3016+ * New upstream version:
3017+ - Mainly bug fixes.
3018+ - New nss slapd overlay (not compiled by default).
3019+ * Use cn=config as the default configuration backend instead of
3020+ slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade
3021+ asking the end user to enter a new password to control the access to the
3022+ cn=config tree.
3023+
3024+ -- Mathias Gug <mathiaz@ubuntu.com> Mon, 11 Aug 2008 20:26:05 -0400
3025+
3026+openldap (2.4.10-3ubuntu1) intrepid; urgency=low
3027+
3028+ [ Mathias Gug ]
3029+ * Merge from debian unstable, remaining changes:
3030+ - debian/apparmor-profile: add AppArmor profile
3031+ - debian/slapd.postinst: Reload AA profile on configuration
3032+ - updated debian/slapd.README.Debian for note on AppArmor
3033+ - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
3034+ - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
3035+ to make sure that if earlier version of apparmour-profiles gets
3036+ installed it won't overwrite our profile.
3037+ - Modify Maintainer value to match the DebianMaintainerField
3038+ speficication.
3039+ - follow ApparmorProfileMigration and force apparmor compalin mode on
3040+ some upgrades (LP: #203529)
3041+ - debian/slapd.dirs: add etc/apparmor.d/force-complain
3042+ - debian/slapd.preinst: create symlink for force-complain on pre-feisty
3043+ upgrades, upgrades where apparmor-profiles profile is unchanged (ie
3044+ non-enforcing) and upgrades where apparmor profile does not exist.
3045+ - debian/slapd.postrm: remove symlink in force-complain/ on purge
3046+ - debian/patches/fix-ucred-libc due to changes how newer glibc handle
3047+ the ucred struct now.
3048+ - debian/patches/fix-unique-overlay-assertion.patch:
3049+ Fix another assertion error in unique overlay (LP: #243337).
3050+ Backport from head.
3051+ * Dropped - implemented in Debian:
3052+ - debian/patches/fix-gnutls-key-strength.patch:
3053+ Fix slapd handling of ssf using gnutls. (LP: #244925).
3054+ - debian/control:
3055+ Add time as build dependency: needed by make test.
3056+ * debian/control:
3057+ - Build-depend on libltdl7-dev rather then libltdl3-dev.
3058+ * debian/patches/autogen.sh:
3059+ - Call libtoolize with the --install option to install config.{guess,sub}
3060+ files.
3061+
3062+ [ Jamie Strandboge ]
3063+ * adjust apparmor profile to allow gssapi (LP: #229252)
3064+ * adjust apparmor profile to allow cnconfig (LP: #243525)
3065+
3066+ -- Mathias Gug <mathiaz@ubuntu.com> Wed, 30 Jul 2008 19:46:02 -0400
3067+
3068 openldap (2.4.10-3) unstable; urgency=low
3069
3070 [ Steve Langasek ]
3071@@ -1424,6 +4147,40 @@ openldap (2.4.10-3) unstable; urgency=low
3072
3073 -- Steve Langasek <vorlon@debian.org> Mon, 28 Jul 2008 15:26:06 -0700
3074
3075+openldap (2.4.10-2ubuntu1) intrepid; urgency=low
3076+
3077+ * Merge from debian unstable, remaining changes:
3078+ - debian/apparmor-profile: add AppArmor profile
3079+ - debian/slapd.postinst: Reload AA profile on configuration
3080+ - updated debian/slapd.README.Debian for note on AppArmor
3081+ - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
3082+ - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
3083+ to make sure that if earlier version of apparmour-profiles gets
3084+ installed it won't overwrite our profile.
3085+ - Modify Maintainer value to match the DebianMaintainerField
3086+ speficication.
3087+ - follow ApparmorProfileMigration and force apparmor compalin mode on
3088+ some upgrades (LP: #203529)
3089+ - debian/slapd.dirs: add etc/apparmor.d/force-complain
3090+ - debian/slapd.preinst: create symlink for force-complain on pre-feisty
3091+ upgrades, upgrades where apparmor-profiles profile is unchanged (ie
3092+ non-enforcing) and upgrades where apparmor profile does not exist.
3093+ - debian/slapd.postrm: remove symlink in force-complain/ on purge
3094+ - debian/patches/fix-ucred-libc due to changes how newer glibc handle
3095+ the ucred struct now.
3096+ - debian/patches/fix-unique-overlay-assertion.patch:
3097+ Fix another assertion error in unique overlay (LP: #243337).
3098+ Backport from head.
3099+ - debian/patches/fix-gnutls-key-strength.patch:
3100+ Fix slapd handling of ssf using gnutls. (LP: #244925).
3101+ - debian/control:
3102+ Add time as build dependency: needed by make test.
3103+ * Dropped - implemented in Debian:
3104+ - debian/rules:
3105+ Support debuild nocheck option: don't run tests if nocheck is set.
3106+
3107+ -- Mathias Gug <mathiaz@ubuntu.com> Thu, 10 Jul 2008 14:45:49 -0400
3108+
3109 openldap (2.4.10-2) unstable; urgency=low
3110
3111 * Support DEB_BUILD_OPTIONS=nocheck to disable running the test suite at
3112@@ -1438,6 +4195,54 @@ openldap (2.4.10-2) unstable; urgency=low
3113
3114 -- Steve Langasek <vorlon@debian.org> Sun, 06 Jul 2008 22:03:32 -0700
3115
3116+openldap2.3 (2.4.10-1ubuntu1) intrepid; urgency=low
3117+
3118+ * Merge from debian unstable, remaining changes:
3119+ - debian/apparmor-profile: add AppArmor profile
3120+ - debian/slapd.postinst: Reload AA profile on configuration
3121+ - updated debian/slapd.README.Debian for note on AppArmor
3122+ - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
3123+ - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
3124+ to make sure that if earlier version of apparmour-profiles gets
3125+ installed it won't overwrite our profile.
3126+ - Modify Maintainer value to match the DebianMaintainerField
3127+ speficication.
3128+ - follow ApparmorProfileMigration and force apparmor compalin mode on
3129+ some upgrades (LP: #203529)
3130+ - debian/slapd.dirs: add etc/apparmor.d/force-complain
3131+ - debian/slapd.preinst: create symlink for force-complain on pre-feisty
3132+ upgrades, upgrades where apparmor-profiles profile is unchanged (ie
3133+ non-enforcing) and upgrades where apparmor profile does not exist.
3134+ - debian/slapd.postrm: remove symlink in force-complain/ on purge
3135+ - debian/patches/fix-ucred-libc due to changes how newer glibc handle
3136+ the ucred struct now.
3137+ - debian/patches/fix-unique-overlay-assertion.patch:
3138+ Fix another assertion error in unique overlay (LP: #243337).
3139+ Backport from head.
3140+ * debian/control:
3141+ - add time as build dependency: needed by make test.
3142+ * debian/rules:
3143+ - support debuild nocheck option: don't run tests if nocheck is set.
3144+ * debian/patches/fix-gnutls-key-strength.patch:
3145+ - fix slapd handling of ssf using gnutls. (LP: #244925).
3146+ * Dropped - accepted in Debian:
3147+ - debian/rules, debian/slapd.links: use hard links to slapd instead of
3148+ symlinks for slap* so these applications aren't confined by apparmor
3149+ (LP: #203898)
3150+ * Dropped - fixed in new upstream release:
3151+ - debian/patches/fix-assertion-io.patch: Fixes ber_flush2 assertion.
3152+ (LP: #215904)
3153+ - debian/patches/fix-dnpretty-assertion.patch: Fix dnPrettyNormal assertion
3154+ error. (LP: #234196)
3155+ - dropped debian/patches/fix-notify-crasher.patch: Fix modify timestamp crashes.
3156+ (LP: #220724)
3157+ - debian/patches/fix-syncrepl-oops: Fixes segmentation fault when using
3158+ syncrepl. (LP: #227178)
3159+ - dropped debian/patches/SECURITY_CVE-2008-0658.patch. Already applied
3160+ upstream.
3161+
3162+ -- Mathias Gug <mathiaz@ubuntu.com> Thu, 03 Jul 2008 14:15:08 -0400
3163+
3164 openldap2.3 (2.4.10-1) unstable; urgency=low
3165
3166 [ Steve Langasek ]
3167@@ -1462,6 +4267,64 @@ openldap2.3 (2.4.10-1) unstable; urgency=low
3168
3169 -- Steve Langasek <vorlon@debian.org> Mon, 30 Jun 2008 04:28:34 -0700
3170
3171+openldap2.3 (2.4.9-1ubuntu4) intrepid; urgency=low
3172+
3173+ * debian/patches/fix-unique-overlay-assertion.patch:
3174+ - Fix another assertion error in unique overlay, backported from head.
3175+ (LP: #243337) Note: This patch will still be needed when moved to 2.4.10
3176+
3177+ -- Chuck Short <zulcss@ubuntu.com> Mon, 30 Jun 2008 18:49:52 +0000
3178+
3179+openldap2.3 (2.4.9-1ubuntu3) intrepid; urgency=low
3180+
3181+ * Drop spurious dependency on hiemdal-dev. Caused by an aborted attempt to
3182+ include the smbk5pwd overlay.
3183+
3184+ -- Chuck Short <zulcss@ubuntu.com> Wed, 11 Jun 2008 21:25:40 +0000
3185+
3186+openldap2.3 (2.4.9-1ubuntu2) intrepid; urgency=low
3187+
3188+ * Rebuild for perl 5.10 transition (LP: #230016)
3189+ * debian/patches/fix-syncrepl-oops: Fixes segmentation fault when using
3190+ syncrepl. (LP: #227178)
3191+
3192+ -- Chuck Short <zulcss@ubuntu.com> Mon, 09 Jun 2008 14:56:40 +0000
3193+
3194+openldap2.3 (2.4.9-1ubuntu1) intrepid; urgency=low
3195+
3196+ * Merge from debian unstable, remaining changes:
3197+ - debian/apparmor-profile: add AppArmor profile
3198+ - debian/slapd.postinst: Reload AA profile on configuration
3199+ - updated debian/slapd.README.Debian for note on AppArmor
3200+ - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
3201+ - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
3202+ to make sure that if earlier version of apparmour-profiles gets
3203+ installed it won't overwrite our profile.
3204+ - Modify Maintainer value to match the DebianMaintainerField
3205+ speficication.
3206+ - follow ApparmorProfileMigration and force apparmor compalin mode on
3207+ some upgrades (LP: #203529)
3208+ - debian/slapd.dirs: add etc/apparmor.d/force-complain
3209+ - debian/slapd.preinst: create symlink for force-complain on pre-feisty
3210+ upgrades, upgrades where apparmor-profiles profile is unchanged (ie
3211+ non-enforcing) and upgrades where apparmor profile does not exist.
3212+ - debian/slapd.postrm: remove symlink in force-complain/ on purge
3213+ - debian/rules, debian/slapd.links: use hard links to slapd instead of
3214+ symlinks for slap* so these applications aren't confined by apparmor
3215+ (LP: #203898)
3216+ - debian/patches/fix-assertion-io.patch: Fixes ber_flush2 assertion.
3217+ (LP: #215904)
3218+ - debian/patches/fix-dnpretty-assertion.patch: Fix dnPrettyNormal assertion
3219+ error. (LP: #234196)
3220+ - dropped debian/patches/fix-notify-crasher.patch: Fix modify timestamp crashes.
3221+ (LP: #220724)
3222+ - dropped debian/patches/SECURITY_CVE-2008-0658.patch. Already applied
3223+ upstream.
3224+ * Added debian/patches/fix-ucred-libc due to changes how newer glibc handle
3225+ the ucred struct now.
3226+
3227+ -- Chuck Short <zulcss@ubuntu.com> Fri, 30 May 2008 17:09:53 +0100
3228+
3229 openldap2.3 (2.4.9-1) unstable; urgency=low
3230
3231 [ Updated debconf translations ]
3232@@ -1532,6 +4395,51 @@ openldap2.3 (2.4.7-6.1) unstable; urgency=high
3233
3234 -- Nico Golde <nion@debian.org> Tue, 04 Mar 2008 14:34:44 +0100
3235
3236+openldap2.3 (2.4.7-6ubuntu3) hardy; urgency=low
3237+
3238+ * remove apparmor-profile workaround for Launchpad #202161 (it's now fixed
3239+ in klibc)
3240+
3241+ -- Jamie Strandboge <jamie@ubuntu.com> Mon, 07 Apr 2008 16:09:38 -0400
3242+
3243+openldap2.3 (2.4.7-6ubuntu2) hardy; urgency=low
3244+
3245+ * apparmor-profile workaround for Launchpad #202161
3246+ * follow ApparmorProfileMigration and force apparmor complain mode on some
3247+ upgrades (LP: #203529)
3248+ - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
3249+ - debian/slapd.dirs: add etc/apparmor.d/force-complain
3250+ - debian/slapd.preinst: create symlink for force-complain/ on pre-feisty
3251+ upgrades, upgrades where apparmor-profiles profile is unchanged (ie
3252+ non-enforcing) and upgrades where apparmor profile does not exist
3253+ - debian/slapd.postrm: remove symlink in force-complain/ on purge
3254+ * debian/rules, debian/slapd.links: use hard links to slapd instead of
3255+ symlinks for slap* so these applications aren't confined by apparmor
3256+ (LP: #203898)
3257+
3258+ -- Jamie Strandboge <jamie@ubuntu.com> Tue, 18 Mar 2008 13:53:23 -0400
3259+
3260+openldap2.3 (2.4.7-6ubuntu1) hardy; urgency=low
3261+
3262+ * Merge from Debian unstable, remaining changes:
3263+ + debian/patches/SECURITY_CVE-2008-0658.patch (LP: #197077)
3264+ slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39
3265+ allows remote authenticated users to cause a denial of service (daemon
3266+ crash) via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION)
3267+ control, a related issue to CVE-2007-6698.
3268+ + debian/apparmor-profile: add AppArmor profile
3269+ + debian/slapd.postinst: Reload AA profile on configuration
3270+ + updated debian/slapd.README.Debian for note on AppArmor
3271+ + debian/control: Replaces apparmor-profiles << 2.1+1075-0ubuntu4 as we
3272+ should now take control
3273+ + debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
3274+ to make sure that if earlier version of apparmor-profiles gets
3275+ installed it won't overwrite our profile
3276+ + Modify Maintainer value to match the DebianMaintainerField
3277+ specification.
3278+
3279+ -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 04 Mar 2008 01:59:51 +0000
3280+
3281 openldap2.3 (2.4.7-6) unstable; urgency=low
3282
3283 [ Updated debconf translations ]
3284@@ -1577,6 +4485,37 @@ openldap2.3 (2.4.7-6) unstable; urgency=low
3285
3286 -- Steve Langasek <vorlon@debian.org> Thu, 28 Feb 2008 22:15:17 -0800
3287
3288+openldap2.3 (2.4.7-5ubuntu2) hardy; urgency=low
3289+
3290+ * SECURITY UPDATE:
3291+ + debian/patches/SECURITY_CVE-2008-0658.patch (LP: #197077)
3292+ slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39
3293+ allows remote authenticated users to cause a denial of service (daemon crash)
3294+ via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION) control, a related
3295+ issue to CVE-2007-6698.
3296+
3297+ * References
3298+ - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-0658
3299+ - http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5358
3300+
3301+ -- Emanuele Gentili <emgent@emanuele-gentili.com> Sun, 02 Mar 2008 16:34:30 +0100
3302+
3303+openldap2.3 (2.4.7-5ubuntu1) hardy; urgency=low
3304+
3305+ * add AppArmor profile
3306+ + debian/apparmor-profile
3307+ + debian/slapd.postinst: Reload AA profile on configuration
3308+ * updated debian/slapd.README.Debian for note on AppArmor
3309+ * debian/control: Replaces apparmor-profiles << 2.1+1075-0ubuntu4 as we
3310+ should now take control
3311+ * debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
3312+ to make sure that if earlier version of apparmor-profiles gets installed
3313+ it won't overwrite our profile
3314+ * Modify Maintainer value to match the DebianMaintainerField
3315+ specification.
3316+
3317+ -- Jamie Strandboge <jamie@ubuntu.com> Wed, 13 Feb 2008 17:15:41 +0000
3318+
3319 openldap2.3 (2.4.7-5) unstable; urgency=low
3320
3321 [ Updated debconf translations ]
3322diff --git a/debian/control b/debian/control
3323index 9b27cf6..bbe56e6 100644
3324--- a/debian/control
3325+++ b/debian/control
3326@@ -1,12 +1,14 @@
3327 Source: openldap
3328 Section: net
3329 Priority: optional
3330-Maintainer: Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>
3331+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
3332+XSBC-Original-Maintainer: Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>
3333 Uploaders: Steve Langasek <vorlon@debian.org>,
3334 Torsten Landschoff <torsten@debian.org>,
3335 Ryan Tandy <ryan@nardis.ca>,
3336 Sergio Durigan Junior <sergiodj@debian.org>
3337 Build-Depends: debhelper-compat (= 12),
3338+ dh-apparmor,
3339 dpkg-dev (>= 1.17.14),
3340 groff-base,
3341 heimdal-multidev (>= 7.4.0.dfsg.1-1~) <!pkg.openldap.noslapd>,
3342@@ -21,7 +23,12 @@ Build-Depends: debhelper-compat (= 12),
3343 perl:any,
3344 pkg-config (>= 0.29),
3345 po-debconf,
3346- unixodbc-dev <!pkg.openldap.noslapd>
3347+ unixodbc-dev <!pkg.openldap.noslapd>,
3348+ krb5-admin-server <!nocheck>,
3349+ krb5-user <!nocheck>,
3350+ krb5-kdc <!nocheck>,
3351+ libsasl2-modules-gssapi-mit <!nocheck>,
3352+ sasl2-bin <!nocheck>,
3353 Build-Conflicts: libbind-dev, bind-dev, autoconf2.13
3354 Standards-Version: 4.6.0
3355 Homepage: https://www.openldap.org/
3356@@ -37,7 +44,7 @@ Depends: ${shlibs:Depends}, libldap-2.5-0 (= ${binary:Version}),
3357 coreutils (>= 4.5.1-1), psmisc, perl:any (>> 5.8.0) | libmime-base64-perl,
3358 adduser, lsb-base (>= 3.2-13), ${perl:Depends}, ${misc:Depends}
3359 Recommends: ldap-utils
3360-Suggests: libsasl2-modules,
3361+Suggests: libsasl2-modules, ufw,
3362 libsasl2-modules-gssapi-mit | libsasl2-modules-gssapi-heimdal
3363 Conflicts: umich-ldapd, ldap-server, libltdl3 (= 1.5.4-1)
3364 Replaces: libldap2, ldap-utils (<< 2.2.23-3)
3365diff --git a/debian/rules b/debian/rules
3366index dec3a84..24f1691 100755
3367--- a/debian/rules
3368+++ b/debian/rules
3369@@ -11,7 +11,7 @@ export DEB_CFLAGS_MAINT_APPEND := -Wall -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE
3370 export DEB_BUILD_MAINT_OPTIONS := hardening=+all
3371
3372 # Expose maintainer address to build/mkversion (see debian/patches/set-maintainer-name)
3373-export DEB_MAINTAINER := $(shell sed -ne 's/Maintainer:\s\+//p' debian/control)
3374+export DEB_MAINTAINER := $(shell sed -ne 's/^Maintainer:\s\+//p' debian/control)
3375
3376 # Expose DEB_VERSION to build/version.sh (see debian/patches/debian-version)
3377 export DEB_VERSION
3378@@ -118,6 +118,22 @@ endif
3379 find $(installdir)/usr/share/man -name \*.8 \
3380 | xargs perl -pi -e 's#(\.TH \w+ 8)C#$$1#'
3381
3382+ifeq ($(filter stage1,$(DEB_BUILD_PROFILES)),)
3383+override_dh_install-arch:
3384+ dh_install
3385+
3386+ # install AppArmor profile
3387+ install -D -m 644 $(CURDIR)/debian/apparmor-profile $(CURDIR)/debian/slapd/etc/apparmor.d/usr.sbin.slapd
3388+
3389+ # install Apport hook
3390+ install -D -m 644 $(CURDIR)/debian/slapd.py $(CURDIR)/debian/slapd/usr/share/apport/package-hooks/slapd.py
3391+
3392+ # install ufw profile
3393+ install -D -m 644 $(CURDIR)/debian/slapd.ufw.profile $(CURDIR)/debian/slapd/etc/ufw/applications.d/slapd
3394+
3395+ dh_apparmor -pslapd --profile-name=usr.sbin.slapd
3396+endif
3397+
3398 override_dh_installinit:
3399 dh_installinit --no-restart-after-upgrade --error-handler=ignore_init_failure -- "defaults 19 80"
3400
3401diff --git a/debian/slapd.README.Debian b/debian/slapd.README.Debian
3402index ff7d66b..a4f3f55 100644
3403--- a/debian/slapd.README.Debian
3404+++ b/debian/slapd.README.Debian
3405@@ -252,6 +252,17 @@ Modifications Compared to Upstream
3406
3407 -- Russ Allbery <rra@debian.org>, Thu, 14 Feb 2008 18:47:07 -0800
3408
3409+Apparmor Profile
3410+----------------
3411+
3412+ If your system uses AppArmor, please note that the shipped enforcing profile
3413+ works with the default installation, and changes in your configuration may
3414+ require changes to the installed apparmor profile. Please see
3415+ https://wiki.ubuntu.com/DebuggingApparmor before filing a bug against this
3416+ software.
3417+
3418+ -- Jamie Strandboge <jamie@ubuntu.com>, Mon, 4 Feb 2008 21:18:21 -0500
3419+
3420 Migrating your installation to OpenLDAP 2.5.x
3421
3422 OpenLDAP 2.5 is a major new release and includes several incompatible
3423diff --git a/debian/slapd.py b/debian/slapd.py
3424new file mode 100644
3425index 0000000..b1aed25
3426--- /dev/null
3427+++ b/debian/slapd.py
3428@@ -0,0 +1,51 @@
3429+#!/usr/bin/python3
3430+
3431+'''apport hook for slapd
3432+
3433+(c) 2010 Adam Sommer.
3434+Author: Adam Sommer <asommer@ubuntu.com>
3435+
3436+This program is free software; you can redistribute it and/or modify it
3437+under the terms of the GNU General Public License as published by the
3438+Free Software Foundation; either version 2 of the License, or (at your
3439+option) any later version. See http://www.gnu.org/copyleft/gpl.html for
3440+the full text of the license.
3441+'''
3442+
3443+from apport.hookutils import *
3444+import os
3445+
3446+# Scrub olcRootPW attribute and credentials strings if necessary.
3447+def scrub_pass_strings(config):
3448+ olcrootpw_regex = re.compile('olcRootPW:.*')
3449+ olcrootpw_string = olcrootpw_regex.search(config)
3450+ if olcrootpw_string:
3451+ config = config.replace(olcrootpw_string.group(0), 'olcRootPW: @@APPORTREPLACED@@')
3452+
3453+ credentials_regex = re.compile('credentials=.* ')
3454+ credentials_string = credentials_regex.search(config)
3455+ if credentials_string:
3456+ config = config.replace(credentials_string.group(0), 'credentials=@@APPORTREPLACED@@ ')
3457+
3458+ return config
3459+
3460+def add_info(report, ui):
3461+ response = ui.yesno("The contents of your /etc/ldap/slapd.d directory "
3462+ "may help developers diagnose your bug more "
3463+ "quickly. However, it may contain sensitive "
3464+ "information. Do you want to include it in your "
3465+ "bug report?")
3466+
3467+ if response == None: # user cancelled
3468+ raise StopIteration
3469+
3470+ elif response == True:
3471+ # Get the cn=config tree.
3472+ cn_config = root_command_output(['/usr/bin/ldapsearch', '-Q', '-LLL', '-Y EXTERNAL', '-H ldapi:///', '-b cn=config'])
3473+ report['CNConfig'] = scrub_pass_strings(cn_config)
3474+
3475+ # Get slapd messages from /var/log/syslog
3476+ slapd_re = re.compile('slapd', re.IGNORECASE)
3477+ report['SysLog'] = recent_syslog(slapd_re)
3478+
3479+ attach_mac_events(report, '/usr/sbin/slapd')
3480diff --git a/debian/slapd.ufw.profile b/debian/slapd.ufw.profile
3481new file mode 100644
3482index 0000000..3c4f676
3483--- /dev/null
3484+++ b/debian/slapd.ufw.profile
3485@@ -0,0 +1,9 @@
3486+[OpenLDAP LDAP]
3487+title=OpenLDAP with TLS
3488+description=OpenLDAP is a free, fast, lightweight LDAP server
3489+ports=389/tcp
3490+
3491+[OpenLDAP LDAPS]
3492+title=OpenLDAP over SSL
3493+description=OpenLDAP is a free, fast, lightweight LDAP server
3494+ports=636/tcp

Subscribers

People subscribed via source and target branches