Ubuntu
openldap package

Merge ~sergiodj/ubuntu/+source/openldap:merge-2.5.13+dfsg-1-kinetic into ubuntu/+source/openldap:debian/sid

  1. Git
  2. lp:~sergiodj/ubuntu/+source/openldap
  3. merge-2.5.13+dfsg-1-kinetic
  4. Merge into debian/sid
Proposed by Sergio Durigan Junior
Status: Merged
Approved by: git-ubuntu bot
Approved revision: not available
Merge reported by: git-ubuntu bot
Merged at revision: e3a1cdd0b6049a6b9e72239337ccc3e4ef343fa4
Proposed branch: ~sergiodj/ubuntu/+source/openldap:merge-2.5.13+dfsg-1-kinetic
Merge into: ubuntu/+source/openldap:debian/sid
Diff against target: 3494 lines (+3098/-4)
7 files modified
debian/apparmor-profile (+61/-0)
debian/changelog (+2939/-0)
debian/control (+10/-3)
debian/rules (+17/-1)
debian/slapd.README.Debian (+11/-0)
debian/slapd.py (+51/-0)
debian/slapd.ufw.profile (+9/-0)
Reviewer Review Type Date Requested Status
git-ubuntu bot Approve
Bryce Harrington (community) Approve
Canonical Server Reporter Pending
Review via email: mp+430175@code.launchpad.net

Description of the change

This is the merge of OpenLDAP 2.5.13+dfsg-1 from Debian unstable.

It's a trivial merge. We're keeping all of our delta, including the SASL/GSSAPI test enablement which will be dropped next cycle when we transition to OpenLDAP 2.6.x.

There's a PPA with the proposed changes here:

https://launchpad.net/~sergiodj/+archive/ubuntu/openldap

I will post the dep8 test results ASAP.

To post a comment you must log in.
Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

FWIW, this is a bugfix-only release and therefore we don't need an FFe for it.

Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

autopkgtest is OK:

Results: (from http://autopkgtest.ubuntu.com/results/autopkgtest-kinetic-sergiodj-openldap/?format=plain)
  openldap @ amd64:
    20.09.22 21:52:02 Log 🗒️ ✅ Triggers: openldap/2.5.13+dfsg-1ubuntu1~ppa1
  openldap @ arm64:
    20.09.22 21:42:22 Log 🗒️ ✅ Triggers: openldap/2.5.13+dfsg-1ubuntu1~ppa1
  openldap @ armhf:
    20.09.22 21:42:47 Log 🗒️ ✅ Triggers: openldap/2.5.13+dfsg-1ubuntu1~ppa1
  openldap @ ppc64el:
    20.09.22 21:39:53 Log 🗒️ ✅ Triggers: openldap/2.5.13+dfsg-1ubuntu1~ppa1
  openldap @ s390x:
    20.09.22 21:42:17 Log 🗒️ ✅ Triggers: openldap/2.5.13+dfsg-1ubuntu1~ppa1

Revision history for this message
Bryce Harrington (bryce) wrote :

Tests pass, logical changes are each correct, and changelog entry mentions all changes. The remaining delta does not look likely to be taken by Debian.

LGTM, +1

review: Approve
Revision history for this message
git-ubuntu bot (git-ubuntu-bot) wrote :

Approvers: sergiodj, bryce
Uploaders: sergiodj, bryce
MP auto-approved

review: Approve
Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

On Tuesday, September 20 2022, Bryce Harrington wrote:

> Tests pass, logical changes are each correct, and changelog entry mentions all changes. The remaining delta does not look likely to be taken by Debian.
>
> LGTM, +1

Thanks, Bryce. Uploaded:

$ dput openldap_2.5.13+dfsg-1ubuntu1_source.changes
Trying to upload package to ubuntu
Checking signature on .changes
gpg: /home/sergio/work/openldap/openldap_2.5.13+dfsg-1ubuntu1_source.changes: Valid signature from 106DA1C8C3CBBF14
Checking signature on .dsc
gpg: /home/sergio/work/openldap/openldap_2.5.13+dfsg-1ubuntu1.dsc: Valid signature from 106DA1C8C3CBBF14
Package includes an .orig.tar.gz file although the debian revision suggests
that it might not be required. Multiple uploads of the .orig.tar.gz may be
rejected by the upload queue management software.
Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading openldap_2.5.13+dfsg-1ubuntu1.dsc: done.
  Uploading openldap_2.5.13+dfsg.orig.tar.gz: done.
  Uploading openldap_2.5.13+dfsg-1ubuntu1.debian.tar.xz: done.
  Uploading openldap_2.5.13+dfsg-1ubuntu1_source.buildinfo: done.
  Uploading openldap_2.5.13+dfsg-1ubuntu1_source.changes: done.
Successfully uploaded packages.

--
Sergio
GPG key ID: E92F D0B3 6B14 F1F4 D8E0 EB2F 106D A1C8 C3CB BF14

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/debian/apparmor-profile b/debian/apparmor-profile
0new file mode 1006440new file mode 100644
index 0000000..6a247aa
--- /dev/null
+++ b/debian/apparmor-profile
@@ -0,0 +1,61 @@
1# vim:syntax=apparmor
2# Last Modified: Fri Jun 6 13:51:00 2020
3# Author: Jamie Strandboge <jamie@ubuntu.com>
4
5#include <tunables/global>
6
7/usr/sbin/slapd {
8 #include <abstractions/base>
9 #include <abstractions/nameservice>
10 #include <abstractions/p11-kit>
11
12 #include <abstractions/ssl_keys>
13 #include <abstractions/ssl_certs>
14
15 /etc/sasldb2 r,
16
17 capability dac_override,
18 capability net_bind_service,
19 capability setgid,
20 capability setuid,
21
22 /etc/gai.conf r,
23 /etc/hosts.allow r,
24 /etc/hosts.deny r,
25
26 # ldap files
27 /etc/ldap/** kr,
28 /etc/ldap/slapd.d/** rw,
29
30 # kerberos/gssapi
31 /dev/tty rw,
32 /etc/gss/mech.d/ r,
33 /etc/gss/mech.d/* kr,
34 /etc/krb5.keytab kr,
35 /etc/krb5/user/*/client.keytab kr,
36 owner /tmp/krb5cc_* rwk,
37 owner /var/tmp/krb5_*.rcache2 rwk,
38 /var/tmp/ rw,
39 /var/tmp/** rw,
40
41 # the databases and logs
42 /var/lib/ldap/ r,
43 /var/lib/ldap/** rwk,
44
45 # lock file
46 /var/lib/ldap/alock kw,
47
48 # pid files and sockets
49 /{,var/}run/slapd/* w,
50 /{,var/}run/slapd/ldapi rw,
51 /{,var/}run/nslcd/socket rw,
52 /{,var/}run/saslauthd/mux rw,
53
54 /usr/lib/ldap/ r,
55 /usr/lib/ldap/* mr,
56
57 /usr/sbin/slapd mr,
58
59 # Site-specific additions and overrides. See local/README for details.
60 #include <local/usr.sbin.slapd>
61}
diff --git a/debian/changelog b/debian/changelog
index f62e07a..68939d8 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,26 @@
1openldap (2.5.13+dfsg-1ubuntu1) kinetic; urgency=medium
2
3 * Merge with Debian unstable (LP: #1983618). Remaining changes:
4 - Enable AppArmor support:
5 + d/apparmor-profile: add AppArmor profile
6 + d/rules: use dh_apparmor
7 + d/control: Build-Depends on dh-apparmor
8 + d/slapd.README.Debian: add note about AppArmor
9 - Enable ufw support:
10 + d/control: suggest ufw.
11 + d/rules: install ufw profile.
12 + d/slapd.ufw.profile: add ufw profile.
13 - d/{rules,slapd.py}: Add apport hook.
14 - d/rules: better regexp to match the Maintainer tag in d/control,
15 needed in the Ubuntu case because of XSBC-Original-Maintainer
16 (Closes #960448, LP #1875697)
17 - Enable SASL/GSSAPI tests. (LP #1976508)
18 + d/control: Update B-D to include required dependencies needed to run
19 SASL/GSSAPI tests during build time, and mark them "!nocheck".
20 Thanks: Andreas Hasenack <andreas.hasenack@canonical.com>
21
22 -- Sergio Durigan Junior <sergio.durigan@canonical.com> Tue, 20 Sep 2022 15:30:47 -0400
23
1openldap (2.5.13+dfsg-1) unstable; urgency=medium24openldap (2.5.13+dfsg-1) unstable; urgency=medium
225
3 * d/rules: Remove get-orig-source, now unnecessary.26 * d/rules: Remove get-orig-source, now unnecessary.
@@ -9,6 +32,34 @@ openldap (2.5.13+dfsg-1) unstable; urgency=medium
932
10 -- Sergio Durigan Junior <sergiodj@debian.org> Sun, 18 Sep 2022 18:29:46 -040033 -- Sergio Durigan Junior <sergiodj@debian.org> Sun, 18 Sep 2022 18:29:46 -0400
1134
35openldap (2.5.12+dfsg-2ubuntu2) kinetic; urgency=medium
36
37 * Enable SASL/GSSAPI tests. (LP: #1976508)
38 - d/control: Update B-D to include required dependencies needed to run
39 SASL/GSSAPI tests during build time, and mark them "!nocheck".
40 Thanks: Andreas Hasenack <andreas.hasenack@canonical.com>
41
42 -- Sergio Durigan Junior <sergio.durigan@canonical.com> Thu, 25 Aug 2022 16:20:08 -0400
43
44openldap (2.5.12+dfsg-2ubuntu1) kinetic; urgency=medium
45
46 * Merge with Debian unstable (LP: #1971305). Remaining changes:
47 - Enable AppArmor support:
48 + d/apparmor-profile: add AppArmor profile
49 + d/rules: use dh_apparmor
50 + d/control: Build-Depends on dh-apparmor
51 + d/slapd.README.Debian: add note about AppArmor
52 - Enable ufw support:
53 + d/control: suggest ufw.
54 + d/rules: install ufw profile.
55 + d/slapd.ufw.profile: add ufw profile.
56 - d/{rules,slapd.py}: Add apport hook.
57 - d/rules: better regexp to match the Maintainer tag in d/control,
58 needed in the Ubuntu case because of XSBC-Original-Maintainer
59 (Closes #960448, LP #1875697)
60
61 -- Sergio Durigan Junior <sergio.durigan@canonical.com> Mon, 06 Jun 2022 15:34:48 -0400
62
12openldap (2.5.12+dfsg-2) unstable; urgency=medium63openldap (2.5.12+dfsg-2) unstable; urgency=medium
1364
14 * Stop slapd explicitly in prerm as a workaround for #1006147, which caused65 * Stop slapd explicitly in prerm as a workaround for #1006147, which caused
@@ -34,6 +85,37 @@ openldap (2.5.11+dfsg-1) unstable; urgency=medium
3485
35 -- Ryan Tandy <ryan@nardis.ca> Fri, 11 Mar 2022 19:38:02 -080086 -- Ryan Tandy <ryan@nardis.ca> Fri, 11 Mar 2022 19:38:02 -0800
3687
88openldap (2.5.11+dfsg-1~exp1ubuntu3) jammy; urgency=medium
89
90 * No-change rebuild to update maintainer scripts, see LP: 1959054
91
92 -- Dave Jones <dave.jones@canonical.com> Wed, 16 Feb 2022 17:15:26 +0000
93
94openldap (2.5.11+dfsg-1~exp1ubuntu2) jammy; urgency=medium
95
96 * No-change rebuild for the perl update.
97
98 -- Matthias Klose <doko@ubuntu.com> Mon, 07 Feb 2022 07:51:42 +0100
99
100openldap (2.5.11+dfsg-1~exp1ubuntu1) jammy; urgency=medium
101
102 * Merge with Debian unstable (LP: #1946883). Remaining changes:
103 - Enable AppArmor support:
104 + d/apparmor-profile: add AppArmor profile
105 + d/rules: use dh_apparmor
106 + d/control: Build-Depends on dh-apparmor
107 + d/slapd.README.Debian: add note about AppArmor
108 - Enable ufw support:
109 + d/control: suggest ufw.
110 + d/rules: install ufw profile.
111 + d/slapd.ufw.profile: add ufw profile.
112 - d/{rules,slapd.py}: Add apport hook.
113 - d/rules: better regexp to match the Maintainer tag in d/control,
114 needed in the Ubuntu case because of XSBC-Original-Maintainer
115 (Closes #960448, LP #1875697)
116
117 -- Sergio Durigan Junior <sergio.durigan@canonical.com> Tue, 25 Jan 2022 17:06:12 -0500
118
37openldap (2.5.11+dfsg-1~exp1) experimental; urgency=medium119openldap (2.5.11+dfsg-1~exp1) experimental; urgency=medium
38120
39 * New upstream release.121 * New upstream release.
@@ -65,6 +147,25 @@ openldap (2.5.7+dfsg-1~exp1) experimental; urgency=medium
65147
66 -- Ryan Tandy <ryan@nardis.ca> Mon, 30 Aug 2021 18:54:25 -0700148 -- Ryan Tandy <ryan@nardis.ca> Mon, 30 Aug 2021 18:54:25 -0700
67149
150openldap (2.5.6+dfsg-1~exp1ubuntu1) impish; urgency=medium
151
152 * Merge with Debian unstable. Remaining changes:
153 - Enable AppArmor support:
154 + d/apparmor-profile: add AppArmor profile
155 + d/rules: use dh_apparmor
156 + d/control: Build-Depends on dh-apparmor
157 + d/slapd.README.Debian: add note about AppArmor
158 - Enable ufw support:
159 + d/control: suggest ufw.
160 + d/rules: install ufw profile.
161 + d/slapd.ufw.profile: add ufw profile.
162 - d/{rules,slapd.py}: Add apport hook.
163 - d/rules: better regexp to match the Maintainer tag in d/control,
164 needed in the Ubuntu case because of XSBC-Original-Maintainer
165 (Closes #960448, LP #1875697)
166
167 -- Sergio Durigan Junior <sergio.durigan@canonical.com> Tue, 17 Aug 2021 14:06:00 -0400
168
68openldap (2.5.6+dfsg-1~exp1) experimental; urgency=medium169openldap (2.5.6+dfsg-1~exp1) experimental; urgency=medium
69170
70 [ Ryan Tandy ]171 [ Ryan Tandy ]
@@ -99,6 +200,59 @@ openldap (2.5.6+dfsg-1~exp1) experimental; urgency=medium
99200
100 -- Ryan Tandy <ryan@nardis.ca> Mon, 16 Aug 2021 18:32:29 -0700201 -- Ryan Tandy <ryan@nardis.ca> Mon, 16 Aug 2021 18:32:29 -0700
101202
203openldap (2.5.5+dfsg-1~exp1ubuntu1) impish; urgency=medium
204
205 * Merge with Debian unstable. Remaining changes:
206 - Enable AppArmor support:
207 + d/apparmor-profile: add AppArmor profile
208 + d/rules: use dh_apparmor
209 + d/control: Build-Depends on dh-apparmor
210 + d/slapd.README.Debian: add note about AppArmor
211 - Enable ufw support:
212 + d/control: suggest ufw.
213 + d/rules: install ufw profile.
214 + d/slapd.ufw.profile: add ufw profile.
215 - d/{rules,slapd.py}: Add apport hook.
216 - d/rules: better regexp to match the Maintainer tag in d/control,
217 needed in the Ubuntu case because of XSBC-Original-Maintainer
218 (Closes #960448, LP #1875697)
219 * Dropped changes:
220 - Enable GSSAPI support (first added in 2.4.18-0ubuntu2):
221 + d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
222 - Add --with-gssapi support
223 - Make guess_service_principal() more robust when determining
224 principal
225 + d/configure.options: Configure with --with-gssapi
226 + d/control: Added heimdal-dev as a build depend
227 + d/rules:
228 - Explicitly add -I/usr/include/heimdal to CFLAGS.
229 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
230 + d/libldap-2.4-2.symbols: add symbols for GSSAPI support
231 This should be dropped when the soname changes.
232 [ Dropped as planned after soname bump due to 2.5.5 update. ]
233 - Enable nss overlay:
234 + d/rules:
235 - add nssov to CONTRIB_MODULES
236 - add sysconfdir to CONTRIB_MAKEVARS
237 + d/slapd.install: install nssov overlay
238 + d/slapd.manpages: install slapo-nssov(5) man page
239 + d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
240 Debian bug #919136, we also have to patch the nssov makefile
241 accordingly and thus update this patch.
242 [ Dropped as planned after soname bump due to 2.5.5 update. ]
243 - Add support for CLDAP (UDP) support, back then required by
244 likewise-open (first enabled in 2.4.17-1ubuntu2):
245 + d/rules: Enable -DLDAP_CONNECTIONLESS
246 + d/libldap-2.4-2.symbols: add symbols for CLDAP (UDP)
247 This should be dropped when the soname changes.
248 [ Dropped as planned after soname bump due to 2.5.5 update. ]
249 - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because
250 of test timing issue.
251 [ Dropped because the latest update improved the testcase and
252 there is no FTBFS on riscv64 anymore. ]
253
254 -- Sergio Durigan Junior <sergio.durigan@canonical.com> Tue, 15 Jun 2021 17:20:34 -0400
255
102openldap (2.5.5+dfsg-1~exp1) experimental; urgency=medium256openldap (2.5.5+dfsg-1~exp1) experimental; urgency=medium
103257
104 * New upstream release.258 * New upstream release.
@@ -222,6 +376,53 @@ openldap (2.4.57+dfsg-3) unstable; urgency=medium
222376
223 -- Ryan Tandy <ryan@nardis.ca> Sat, 15 May 2021 16:03:34 -0700377 -- Ryan Tandy <ryan@nardis.ca> Sat, 15 May 2021 16:03:34 -0700
224378
379openldap (2.4.57+dfsg-2ubuntu1) hirsute; urgency=medium
380
381 * Merge with Debian unstable. Remaining changes:
382 - Enable AppArmor support:
383 + d/apparmor-profile: add AppArmor profile
384 + d/rules: use dh_apparmor
385 + d/control: Build-Depends on dh-apparmor
386 + d/slapd.README.Debian: add note about AppArmor
387 - Enable GSSAPI support (first added in 2.4.18-0ubuntu2):
388 + d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
389 - Add --with-gssapi support
390 - Make guess_service_principal() more robust when determining
391 principal
392 + d/configure.options: Configure with --with-gssapi
393 + d/control: Added heimdal-dev as a build depend
394 + d/rules:
395 - Explicitly add -I/usr/include/heimdal to CFLAGS.
396 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
397 + d/libldap-2.4-2.symbols: add symbols for GSSAPI support
398 This should be dropped when the soname changes.
399 - Enable ufw support:
400 + d/control: suggest ufw.
401 + d/rules: install ufw profile.
402 + d/slapd.ufw.profile: add ufw profile.
403 - Enable nss overlay:
404 + d/rules:
405 - add nssov to CONTRIB_MODULES
406 - add sysconfdir to CONTRIB_MAKEVARS
407 + d/slapd.install: install nssov overlay
408 + d/slapd.manpages: install slapo-nssov(5) man page
409 + d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
410 Debian bug #919136, we also have to patch the nssov makefile
411 accordingly and thus update this patch.
412 - d/{rules,slapd.py}: Add apport hook.
413 - Add support for CLDAP (UDP) support, back then required by
414 likewise-open (first enabled in 2.4.17-1ubuntu2):
415 + d/rules: Enable -DLDAP_CONNECTIONLESS
416 + d/libldap-2.4-2.symbols: add symbols for CLDAP (UDP)
417 This should be dropped when the soname changes.
418 - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because
419 of test timing issue.
420 - d/rules: better regexp to match the Maintainer tag in d/control,
421 needed in the Ubuntu case because of XSBC-Original-Maintainer
422 (Closes #960448, LP #1875697)
423
424 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 18 Feb 2021 10:15:38 -0500
425
225openldap (2.4.57+dfsg-2) unstable; urgency=medium426openldap (2.4.57+dfsg-2) unstable; urgency=medium
226427
227 * Fix slapd assertion failure in Certificate List Exact Assertion validation428 * Fix slapd assertion failure in Certificate List Exact Assertion validation
@@ -251,6 +452,65 @@ openldap (2.4.57+dfsg-1) unstable; urgency=medium
251452
252 -- Ryan Tandy <ryan@nardis.ca> Sat, 23 Jan 2021 08:57:07 -0800453 -- Ryan Tandy <ryan@nardis.ca> Sat, 23 Jan 2021 08:57:07 -0800
253454
455openldap (2.4.56+dfsg-1ubuntu2) hirsute; urgency=medium
456
457 * debian/apparmor-profile: add AppArmor rule for locking replay cache.
458 In Hirsute, a change (presumably in src:krb5) has caused slapd to be
459 denied by AppArmor for locking /var/tmp/krb5_*.rcache2. This is
460 acceptable, so add it to the AppArmor profile. This fixes the dep8
461 test in src:krb5 that uses slapd for testing.
462
463 -- Robie Basak <robie.basak@ubuntu.com> Tue, 26 Jan 2021 13:02:40 +0000
464
465openldap (2.4.56+dfsg-1ubuntu1) hirsute; urgency=medium
466
467 * Merge with Debian unstable. Remaining changes:
468 - Enable AppArmor support:
469 + d/apparmor-profile: add AppArmor profile
470 + d/rules: use dh_apparmor
471 + d/control: Build-Depends on dh-apparmor
472 + d/slapd.README.Debian: add note about AppArmor
473 - Enable GSSAPI support (first added in 2.4.18-0ubuntu2):
474 + d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
475 - Add --with-gssapi support
476 - Make guess_service_principal() more robust when determining
477 principal
478 + d/configure.options: Configure with --with-gssapi
479 + d/control: Added heimdal-dev as a build depend
480 + d/rules:
481 - Explicitly add -I/usr/include/heimdal to CFLAGS.
482 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
483 + d/libldap-2.4-2.symbols: add symbols for GSSAPI support
484 This should be dropped when the soname changes.
485 - Enable ufw support:
486 + d/control: suggest ufw.
487 + d/rules: install ufw profile.
488 + d/slapd.ufw.profile: add ufw profile.
489 - Enable nss overlay:
490 + d/rules:
491 - add nssov to CONTRIB_MODULES
492 - add sysconfdir to CONTRIB_MAKEVARS
493 + d/slapd.install: install nssov overlay
494 + d/slapd.manpages: install slapo-nssov(5) man page
495 + d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
496 Debian bug #919136, we also have to patch the nssov makefile
497 accordingly and thus update this patch.
498 - d/{rules,slapd.py}: Add apport hook.
499 - Add support for CLDAP (UDP) support, back then required by
500 likewise-open (first enabled in 2.4.17-1ubuntu2):
501 + d/rules: Enable -DLDAP_CONNECTIONLESS
502 + d/libldap-2.4-2.symbols: add symbols for CLDAP (UDP)
503 This should be dropped when the soname changes.
504 - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because
505 of test timing issue.
506 - d/rules: better regexp to match the Maintainer tag in d/control,
507 needed in the Ubuntu case because of XSBC-Original-Maintainer
508 (Closes #960448, LP #1875697)
509 * d/apparmor-profile: use abstractions/ssl_keys instead of manual rules,
510 allows letsencrypt to work. Thanks to Paul McEnery (LP: #1909748)
511
512 -- Paride Legovini <paride.legovini@canonical.com> Mon, 04 Jan 2021 16:18:57 +0100
513
254openldap (2.4.56+dfsg-1) unstable; urgency=medium514openldap (2.4.56+dfsg-1) unstable; urgency=medium
255515
256 * New upstream release.516 * New upstream release.
@@ -277,12 +537,151 @@ openldap (2.4.54+dfsg-1) unstable; urgency=medium
277537
278 -- Ryan Tandy <ryan@nardis.ca> Sun, 18 Oct 2020 16:03:46 +0000538 -- Ryan Tandy <ryan@nardis.ca> Sun, 18 Oct 2020 16:03:46 +0000
279539
540openldap (2.4.53+dfsg-1ubuntu5) hirsute; urgency=medium
541
542 * SECURITY UPDATE: assertion failure in Certificate List syntax
543 validation
544 - debian/patches/CVE-2020-25709.patch: properly handle error in
545 servers/slapd/schema_init.c.
546 - CVE-2020-25709
547 * SECURITY UPDATE: assertion failure in CSN normalization with invalid
548 input
549 - debian/patches/CVE-2020-25710.patch: properly handle error in
550 servers/slapd/schema_init.c.
551 - CVE-2020-25710
552
553 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 17 Nov 2020 09:41:47 -0500
554
555openldap (2.4.53+dfsg-1ubuntu4) hirsute; urgency=medium
556
557 * SECURITY UPDATE: DoS via NULL pointer dereference
558 - debian/patches/CVE-2020-25692.patch: skip normalization if there's no
559 equality rule in servers/slapd/modrdn.c.
560 - CVE-2020-25692
561
562 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 09 Nov 2020 14:02:02 -0500
563
564openldap (2.4.53+dfsg-1ubuntu3) hirsute; urgency=medium
565
566 * No-change rebuild for the perl update.
567
568 -- Matthias Klose <doko@ubuntu.com> Mon, 09 Nov 2020 12:53:38 +0100
569
570openldap (2.4.53+dfsg-1ubuntu2) hirsute; urgency=medium
571
572 * No-change rebuild for the perl update.
573
574 -- Matthias Klose <doko@ubuntu.com> Mon, 09 Nov 2020 10:51:32 +0100
575
576openldap (2.4.53+dfsg-1ubuntu1) groovy; urgency=medium
577
578 * Merge with Debian unstable (LP: #1894838). Remaining changes:
579 - Enable AppArmor support:
580 + d/apparmor-profile: add AppArmor profile
581 + d/rules: use dh_apparmor
582 + d/control: Build-Depends on dh-apparmor
583 + d/slapd.README.Debian: add note about AppArmor
584 - Enable GSSAPI support (first added in 2.4.18-0ubuntu2):
585 + d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
586 - Add --with-gssapi support
587 - Make guess_service_principal() more robust when determining
588 principal
589 + d/configure.options: Configure with --with-gssapi
590 + d/control: Added heimdal-dev as a build depend
591 + d/rules:
592 - Explicitly add -I/usr/include/heimdal to CFLAGS.
593 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
594 + d/libldap-2.4-2.symbols: add symbols for GSSAPI support
595 This should be dropped when the soname changes.
596 - Enable ufw support:
597 + d/control: suggest ufw.
598 + d/rules: install ufw profile.
599 + d/slapd.ufw.profile: add ufw profile.
600 - Enable nss overlay:
601 + d/rules:
602 - add nssov to CONTRIB_MODULES
603 - add sysconfdir to CONTRIB_MAKEVARS
604 + d/slapd.install: install nssov overlay
605 + d/slapd.manpages: install slapo-nssov(5) man page
606 + d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
607 Debian bug #919136, we also have to patch the nssov makefile
608 accordingly and thus update this patch.
609 - d/{rules,slapd.py}: Add apport hook.
610 - Add support for CLDAP (UDP) support, back then required by
611 likewise-open (first enabled in 2.4.17-1ubuntu2):
612 + d/rules: Enable -DLDAP_CONNECTIONLESS
613 + d/libldap-2.4-2.symbols: add symbols for CLDAP (UDP)
614 This should be dropped when the soname changes.
615 - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because
616 of test timing issue.
617 - d/rules: better regexp to match the Maintainer tag in d/control,
618 needed in the Ubuntu case because of XSBC-Original-Maintainer
619 (Closes #960448, LP #1875697)
620
621 -- Andreas Hasenack <andreas@canonical.com> Tue, 08 Sep 2020 09:36:58 -0300
622
280openldap (2.4.53+dfsg-1) unstable; urgency=medium623openldap (2.4.53+dfsg-1) unstable; urgency=medium
281624
282 * New upstream release.625 * New upstream release.
283626
284 -- Ryan Tandy <ryan@nardis.ca> Mon, 07 Sep 2020 09:47:28 -0700627 -- Ryan Tandy <ryan@nardis.ca> Mon, 07 Sep 2020 09:47:28 -0700
285628
629openldap (2.4.51+dfsg-1ubuntu1) groovy; urgency=medium
630
631 * Merge with Debian unstable. Remaining changes:
632 - Enable AppArmor support:
633 + d/apparmor-profile: add AppArmor profile
634 + d/rules: use dh_apparmor
635 + d/control: Build-Depends on dh-apparmor
636 + d/slapd.README.Debian: add note about AppArmor
637 - Enable GSSAPI support (first added in 2.4.18-0ubuntu2):
638 + d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
639 - Add --with-gssapi support
640 - Make guess_service_principal() more robust when determining
641 principal
642 + d/configure.options: Configure with --with-gssapi
643 + d/control: Added heimdal-dev as a build depend
644 + d/rules:
645 - Explicitly add -I/usr/include/heimdal to CFLAGS.
646 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
647 + d/libldap-2.4-2.symbols: add symbols for GSSAPI support
648 This should be dropped when the soname changes.
649 - Enable ufw support:
650 + d/control: suggest ufw.
651 + d/rules: install ufw profile.
652 + d/slapd.ufw.profile: add ufw profile.
653 - Enable nss overlay:
654 + d/rules:
655 - add nssov to CONTRIB_MODULES
656 - add sysconfdir to CONTRIB_MAKEVARS
657 + d/slapd.install: install nssov overlay
658 + d/slapd.manpages: install slapo-nssov(5) man page
659 + d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
660 Debian bug #919136, we also have to patch the nssov makefile
661 accordingly and thus update this patch.
662 - d/{rules,slapd.py}: Add apport hook.
663 - Add support for CLDAP (UDP) support, back then required by
664 likewise-open (first enabled in 2.4.17-1ubuntu2):
665 + d/rules: Enable -DLDAP_CONNECTIONLESS
666 + d/libldap-2.4-2.symbols: add symbols for CLDAP (UDP)
667 This should be dropped when the soname changes.
668 - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because
669 of test timing issue.
670 - d/rules: better regexp to match the Maintainer tag in d/control,
671 needed in the Ubuntu case because of XSBC-Original-Maintainer
672 (Closes #960448, LP #1875697)
673 * Dropped:
674 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
675 [In 2.4.51+dfsg-1]
676 - d/slapd.scripts-common:
677 + add slapcat_opts to local variables.
678 + Fix backup directory naming for multiple reconfiguration.
679 [In 2.4.51+dfsg-1]
680 - debian/patches/set-maintainer-name: our d/rules change needs to
681 be kept, but this patch is in 2.4.51+dfsg-1.
682
683 -- Andreas Hasenack <andreas@canonical.com> Wed, 26 Aug 2020 11:03:24 -0300
684
286openldap (2.4.51+dfsg-1) unstable; urgency=medium685openldap (2.4.51+dfsg-1) unstable; urgency=medium
287686
288 * New upstream release.687 * New upstream release.
@@ -328,6 +727,85 @@ openldap (2.4.51+dfsg-1) unstable; urgency=medium
328727
329 -- Ryan Tandy <ryan@nardis.ca> Sun, 23 Aug 2020 11:09:57 -0700728 -- Ryan Tandy <ryan@nardis.ca> Sun, 23 Aug 2020 11:09:57 -0700
330729
730openldap (2.4.50+dfsg-1ubuntu3) groovy; urgency=medium
731
732 * No change rebuild against new libnettle8 and libhogweed6 ABI.
733
734 -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 29 Jun 2020 22:31:30 +0100
735
736openldap (2.4.50+dfsg-1ubuntu2) groovy; urgency=medium
737
738 * d/apparmor-profile: Update apparmor profile to grant access to
739 the saslauthd socket, so that SASL authentication works. (LP: #1557157)
740
741 -- Sergio Durigan Junior <sergio.durigan@canonical.com> Fri, 12 Jun 2020 18:20:42 -0400
742
743openldap (2.4.50+dfsg-1ubuntu1) groovy; urgency=medium
744
745 * Merge with Debian unstable. Remaining changes:
746 - Enable AppArmor support:
747 + d/apparmor-profile: add AppArmor profile
748 + d/rules: use dh_apparmor
749 + d/control: Build-Depends on dh-apparmor
750 + d/slapd.README.Debian: add note about AppArmor
751 - Enable GSSAPI support (first added in 2.4.18-0ubuntu2):
752 + d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
753 - Add --with-gssapi support
754 - Make guess_service_principal() more robust when determining
755 principal
756 + d/configure.options: Configure with --with-gssapi
757 + d/control: Added heimdal-dev as a build depend
758 + d/rules:
759 - Explicitly add -I/usr/include/heimdal to CFLAGS.
760 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
761 + d/libldap-2.4-2.symbols: add symbols for GSSAPI support
762 This should be dropped when the soname changes.
763 - Enable ufw support:
764 + d/control: suggest ufw.
765 + d/rules: install ufw profile.
766 + d/slapd.ufw.profile: add ufw profile.
767 - Enable nss overlay:
768 + d/rules:
769 - add nssov to CONTRIB_MODULES
770 - add sysconfdir to CONTRIB_MAKEVARS
771 + d/slapd.install:
772 - install nssov overlay
773 + d/slapd.manpages:
774 - install slapo-nssov(5) man page
775 + d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
776 Debian bug #919136, we also have to patch the nssov makefile
777 accordingly and thus update this patch.
778 - d/{rules,slapd.py}: Add apport hook.
779 - d/slapd.scripts-common:
780 + add slapcat_opts to local variables.
781 + Fix backup directory naming for multiple reconfiguration.
782 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
783 - Add support for CLDAP (UDP) support, back then required by
784 likewise-open (first enabled in 2.4.17-1ubuntu2):
785 + d/rules: Enable -DLDAP_CONNECTIONLESS
786 + d/libldap-2.4-2.symbols: add symbols for CLDAP (UDP)
787 This should be dropped when the soname changes.
788 - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because
789 of test timing issue.
790 * Dropped:
791 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
792 either the default DIT nor via an Authn mapping.
793 [Not worth keeping a delta for, as having olcRootDN doesn't hurt]
794 - Show distribution in version:
795 - d/control: added lsb-release
796 - d/patches/fix-ldap-distribution.patch: show distribution in version
797 [Debian now shows the full package version]
798 - SECURITY UPDATE: denial of service via nested search filters
799 + debian/patches/CVE-2020-12243.patch: limit depth of nested
800 filters in servers/slapd/filter.c.
801 [Fixed upstream]
802 * Added:
803 - d/rules, debian/patches/set-maintainer-name: Extract maintainer
804 address dynamically from debian/control. Thanks to Ryan Tandy
805 <ryan@nardis.ca> (Closes: #960448, LP: #1875697)
806
807 -- Andreas Hasenack <andreas@canonical.com> Mon, 01 Jun 2020 09:19:58 -0300
808
331openldap (2.4.50+dfsg-1) unstable; urgency=medium809openldap (2.4.50+dfsg-1) unstable; urgency=medium
332810
333 * New upstream release.811 * New upstream release.
@@ -370,6 +848,69 @@ openldap (2.4.49+dfsg-3) unstable; urgency=medium
370848
371 -- Ryan Tandy <ryan@nardis.ca> Sat, 04 Apr 2020 10:43:56 -0700849 -- Ryan Tandy <ryan@nardis.ca> Sat, 04 Apr 2020 10:43:56 -0700
372850
851openldap (2.4.49+dfsg-2ubuntu2) groovy; urgency=medium
852
853 * SECURITY UPDATE: denial of service via nested search filters
854 - debian/patches/CVE-2020-12243.patch: limit depth of nested filters in
855 servers/slapd/filter.c.
856 - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because of
857 test timing issue.
858 - CVE-2020-12243
859
860 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 01 May 2020 13:09:12 -0400
861
862openldap (2.4.49+dfsg-2ubuntu1) focal; urgency=medium
863
864 * Merge with Debian unstable (LP: #1866303). Remaining changes:
865 - Enable AppArmor support:
866 - d/apparmor-profile: add AppArmor profile
867 - d/rules: use dh_apparmor
868 - d/control: Build-Depends on dh-apparmor
869 - d/slapd.README.Debian: add note about AppArmor
870 - Enable GSSAPI support:
871 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
872 - Add --with-gssapi support
873 - Make guess_service_principal() more robust when determining
874 principal
875 [Dropped the ldap_gssapi_bind_s() hunk as that is already
876 - d/configure.options: Configure with --with-gssapi
877 - d/control: Added heimdal-dev as a build depend
878 - d/rules:
879 - Explicitly add -I/usr/include/heimdal to CFLAGS.
880 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
881 - Enable ufw support:
882 - d/control: suggest ufw.
883 - d/rules: install ufw profile.
884 - d/slapd.ufw.profile: add ufw profile.
885 - Enable nss overlay:
886 - d/rules:
887 - add nssov to CONTRIB_MODULES
888 - add sysconfdir to CONTRIB_MAKEVARS
889 - d/slapd.install:
890 - install nssov overlay
891 - d/slapd.manpages:
892 - install slapo-nssov(5) man page
893 - d/{rules,slapd.py}: Add apport hook.
894 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
895 either the default DIT nor via an Authn mapping.
896 - d/slapd.scripts-common:
897 - add slapcat_opts to local variables.
898 - Fix backup directory naming for multiple reconfiguration.
899 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
900 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
901 in the openldap library, as required by Likewise-Open
902 - Show distribution in version:
903 - d/control: added lsb-release
904 - d/patches/fix-ldap-distribution.patch: show distribution in version
905 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
906 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
907 - GSSAPI support was enabled in 2.4.18-0ubuntu2
908 - d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
909 Debian bug #919136, we also have to patch the nssov makefile
910 accordingly and thus update this patch.
911
912 -- Andreas Hasenack <andreas@canonical.com> Fri, 06 Mar 2020 11:39:12 -0300
913
373openldap (2.4.49+dfsg-2) unstable; urgency=medium914openldap (2.4.49+dfsg-2) unstable; urgency=medium
374915
375 * slapd.README.Debian: Document the initial setup performed by slapd's916 * slapd.README.Debian: Document the initial setup performed by slapd's
@@ -381,6 +922,62 @@ openldap (2.4.49+dfsg-2) unstable; urgency=medium
381922
382 -- Ryan Tandy <ryan@nardis.ca> Thu, 05 Mar 2020 12:59:46 -0800923 -- Ryan Tandy <ryan@nardis.ca> Thu, 05 Mar 2020 12:59:46 -0800
383924
925openldap (2.4.49+dfsg-1ubuntu1) focal; urgency=medium
926
927 * Merge with Debian unstable. Remaining changes:
928 - Enable AppArmor support:
929 - d/apparmor-profile: add AppArmor profile
930 - d/rules: use dh_apparmor
931 - d/control: Build-Depends on dh-apparmor
932 - d/slapd.README.Debian: add note about AppArmor
933 - Enable GSSAPI support:
934 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
935 - Add --with-gssapi support
936 - Make guess_service_principal() more robust when determining
937 principal
938 [Dropped the ldap_gssapi_bind_s() hunk as that is already
939 - d/configure.options: Configure with --with-gssapi
940 - d/control: Added heimdal-dev as a build depend
941 - d/rules:
942 - Explicitly add -I/usr/include/heimdal to CFLAGS.
943 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
944 - Enable ufw support:
945 - d/control: suggest ufw.
946 - d/rules: install ufw profile.
947 - d/slapd.ufw.profile: add ufw profile.
948 - Enable nss overlay:
949 - d/rules:
950 - add nssov to CONTRIB_MODULES
951 - add sysconfdir to CONTRIB_MAKEVARS
952 - d/slapd.install:
953 - install nssov overlay
954 - d/slapd.manpages:
955 - install slapo-nssov(5) man page
956 - d/{rules,slapd.py}: Add apport hook.
957 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
958 either the default DIT nor via an Authn mapping.
959 - d/slapd.scripts-common:
960 - add slapcat_opts to local variables.
961 - Fix backup directory naming for multiple reconfiguration.
962 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
963 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
964 in the openldap library, as required by Likewise-Open
965 - Show distribution in version:
966 - d/control: added lsb-release
967 - d/patches/fix-ldap-distribution.patch: show distribution in version
968 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
969 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
970 - GSSAPI support was enabled in 2.4.18-0ubuntu2
971 - d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
972 Debian bug #919136, we also have to patch the nssov makefile
973 accordingly and thus update this patch.
974 * Dropped:
975 - d/control: slapd can depend on perl:any since it only uses perl for
976 some maintainer and helper scripts.
977 [In 2.4.49+dfsg-1]
978
979 -- Andreas Hasenack <andreas@canonical.com> Mon, 10 Feb 2020 12:13:47 -0300
980
384openldap (2.4.49+dfsg-1) unstable; urgency=medium981openldap (2.4.49+dfsg-1) unstable; urgency=medium
385982
386 * New upstream release.983 * New upstream release.
@@ -409,6 +1006,102 @@ openldap (2.4.49+dfsg-1) unstable; urgency=medium
4091006
410 -- Ryan Tandy <ryan@nardis.ca> Thu, 06 Feb 2020 10:08:12 -08001007 -- Ryan Tandy <ryan@nardis.ca> Thu, 06 Feb 2020 10:08:12 -0800
4111008
1009openldap (2.4.48+dfsg-1ubuntu4) focal; urgency=medium
1010
1011 * d/control: slapd can depend on perl:any since it only uses perl for
1012 some maintainer and helper scripts. The perl backend links against
1013 the correct architecture perl libraries already. Can be dropped
1014 after https://salsa.debian.org/openldap-team/openldap/commit/794c736
1015 is in a Debian upload.
1016
1017 -- Andreas Hasenack <andreas@canonical.com> Mon, 06 Jan 2020 16:46:11 -0300
1018
1019openldap (2.4.48+dfsg-1ubuntu3) focal; urgency=medium
1020
1021 * No-change rebuild against libnettle7
1022
1023 -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 31 Oct 2019 22:13:44 +0000
1024
1025openldap (2.4.48+dfsg-1ubuntu2) focal; urgency=medium
1026
1027 * No-change rebuild for the perl update.
1028
1029 -- Matthias Klose <doko@ubuntu.com> Fri, 18 Oct 2019 19:37:23 +0000
1030
1031openldap (2.4.48+dfsg-1ubuntu1) eoan; urgency=medium
1032
1033 * Merge with Debian unstable. Remaining changes:
1034 - Enable AppArmor support:
1035 - d/apparmor-profile: add AppArmor profile
1036 - d/rules: use dh_apparmor
1037 - d/control: Build-Depends on dh-apparmor
1038 - d/slapd.README.Debian: add note about AppArmor
1039 - Enable GSSAPI support:
1040 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1041 - Add --with-gssapi support
1042 - Make guess_service_principal() more robust when determining
1043 principal
1044 - d/configure.options: Configure with --with-gssapi
1045 - d/control: Added heimdal-dev as a build depend
1046 - d/rules:
1047 - Explicitly add -I/usr/include/heimdal to CFLAGS.
1048 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1049 - Enable ufw support:
1050 - d/control: suggest ufw.
1051 - d/rules: install ufw profile.
1052 - d/slapd.ufw.profile: add ufw profile.
1053 - Enable nss overlay:
1054 - d/rules:
1055 - add nssov to CONTRIB_MODULES
1056 - add sysconfdir to CONTRIB_MAKEVARS
1057 - d/slapd.install:
1058 - install nssov overlay
1059 - d/slapd.manpages:
1060 - install slapo-nssov(5) man page
1061 - d/{rules,slapd.py}: Add apport hook.
1062 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1063 either the default DIT nor via an Authn mapping.
1064 - d/slapd.scripts-common:
1065 - add slapcat_opts to local variables.
1066 - Fix backup directory naming for multiple reconfiguration.
1067 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1068 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1069 in the openldap library, as required by Likewise-Open
1070 - Show distribution in version:
1071 - d/control: added lsb-release
1072 - d/patches/fix-ldap-distribution.patch: show distribution in version
1073 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1074 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1075 - GSSAPI support was enabled in 2.4.18-0ubuntu2
1076 - d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
1077 Debian bug #919136, we also have to patch the nssov makefile
1078 accordingly and thus update this patch.
1079 * Dropped:
1080 - Fix sysv-generator unit file by customizing parameters (LP #1821343)
1081 + d/slapd-remain-after-exit.conf: Override RemainAfterExit to allow
1082 correct systemctl status for slapd daemon.
1083 + d/slapd.install: place override file in correct location.
1084 [Included in 2.4.48+dfsg-1]
1085 - SECURITY UPDATE: rootDN proxyauthz not restricted to its own databases
1086 + debian/patches/CVE-2019-13057-1.patch: add restriction to
1087 servers/slapd/saslauthz.c.
1088 + debian/patches/CVE-2019-13057-2.patch: add tests to
1089 tests/data/idassert.out, tests/data/slapd-idassert.conf,
1090 tests/data/test-idassert1.ldif, tests/scripts/test028-idassert.
1091 + debian/patches/CVE-2019-13057-3.patch: fix typo in
1092 tests/scripts/test028-idassert.
1093 + debian/patches/CVE-2019-13057-4.patch: fix typo in
1094 tests/scripts/test028-idassert.
1095 + CVE-2019-13057
1096 [Fixed upstream]
1097 - SECURITY UPDATE: SASL SSF not initialized per connection
1098 + debian/patches/CVE-2019-13565.patch: zero out sasl_ssf in
1099 connection_init in servers/slapd/connection.c.
1100 + CVE-2019-13565
1101 [Fixed upstream]
1102
1103 -- Andreas Hasenack <andreas@canonical.com> Wed, 31 Jul 2019 18:01:14 -0300
1104
412openldap (2.4.48+dfsg-1) unstable; urgency=medium1105openldap (2.4.48+dfsg-1) unstable; urgency=medium
4131106
414 * New upstream release.1107 * New upstream release.
@@ -436,6 +1129,87 @@ openldap (2.4.48+dfsg-1) unstable; urgency=medium
4361129
437 -- Ryan Tandy <ryan@nardis.ca> Thu, 25 Jul 2019 08:32:00 -07001130 -- Ryan Tandy <ryan@nardis.ca> Thu, 25 Jul 2019 08:32:00 -0700
4381131
1132openldap (2.4.47+dfsg-3ubuntu3) eoan; urgency=medium
1133
1134 * SECURITY UPDATE: rootDN proxyauthz not restricted to its own databases
1135 - debian/patches/CVE-2019-13057-1.patch: add restriction to
1136 servers/slapd/saslauthz.c.
1137 - debian/patches/CVE-2019-13057-2.patch: add tests to
1138 tests/data/idassert.out, tests/data/slapd-idassert.conf,
1139 tests/data/test-idassert1.ldif, tests/scripts/test028-idassert.
1140 - debian/patches/CVE-2019-13057-3.patch: fix typo in
1141 tests/scripts/test028-idassert.
1142 - debian/patches/CVE-2019-13057-4.patch: fix typo in
1143 tests/scripts/test028-idassert.
1144 - CVE-2019-13057
1145 * SECURITY UPDATE: SASL SSF not initialized per connection
1146 - debian/patches/CVE-2019-13565.patch: zero out sasl_ssf in
1147 connection_init in servers/slapd/connection.c.
1148 - CVE-2019-13565
1149
1150 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 26 Jul 2019 13:21:00 -0400
1151
1152openldap (2.4.47+dfsg-3ubuntu2) disco; urgency=medium
1153
1154 * Fix sysv-generator unit file by customizing parameters (LP: #1821343)
1155 - d/slapd-remain-after-exit.conf: Override RemainAfterExit to allow
1156 correct systemctl status for slapd daemon.
1157 - d/slapd.install: place override file in correct location.
1158
1159 -- Heitor Alves de Siqueira <halves@canonical.com> Mon, 08 Apr 2019 12:39:12 -0300
1160
1161openldap (2.4.47+dfsg-3ubuntu1) disco; urgency=medium
1162
1163 * Merge with Debian unstable. Remaining changes:
1164 - Enable AppArmor support:
1165 - d/apparmor-profile: add AppArmor profile
1166 - d/rules: use dh_apparmor
1167 - d/control: Build-Depends on dh-apparmor
1168 - d/slapd.README.Debian: add note about AppArmor
1169 - Enable GSSAPI support:
1170 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1171 - Add --with-gssapi support
1172 - Make guess_service_principal() more robust when determining
1173 principal
1174 - d/configure.options: Configure with --with-gssapi
1175 - d/control: Added heimdal-dev as a build depend
1176 - d/rules:
1177 - Explicitly add -I/usr/include/heimdal to CFLAGS.
1178 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1179 - Enable ufw support:
1180 - d/control: suggest ufw.
1181 - d/rules: install ufw profile.
1182 - d/slapd.ufw.profile: add ufw profile.
1183 - Enable nss overlay:
1184 - d/rules:
1185 - add nssov to CONTRIB_MODULES
1186 - add sysconfdir to CONTRIB_MAKEVARS
1187 - d/slapd.install:
1188 - install nssov overlay
1189 - d/slapd.manpages:
1190 - install slapo-nssov(5) man page
1191 - d/{rules,slapd.py}: Add apport hook.
1192 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1193 either the default DIT nor via an Authn mapping.
1194 - d/slapd.scripts-common:
1195 - add slapcat_opts to local variables.
1196 - Fix backup directory naming for multiple reconfiguration.
1197 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1198 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1199 in the openldap library, as required by Likewise-Open
1200 - Show distribution in version:
1201 - d/control: added lsb-release
1202 - d/patches/fix-ldap-distribution.patch: show distribution in version
1203 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1204 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1205 - GSSAPI support was enabled in 2.4.18-0ubuntu2
1206 * Added changes:
1207 - d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
1208 Debian bug #919136, we also have to patch the nssov makefile
1209 accordingly and thus update this patch.
1210
1211 -- Andreas Hasenack <andreas@canonical.com> Mon, 11 Feb 2019 09:20:47 -0200
1212
439openldap (2.4.47+dfsg-3) unstable; urgency=medium1213openldap (2.4.47+dfsg-3) unstable; urgency=medium
4401214
441 * Restore patches to contrib Makefiles to set CFLAGS, CPPFLAGS, and LDFLAGS1215 * Restore patches to contrib Makefiles to set CFLAGS, CPPFLAGS, and LDFLAGS
@@ -451,6 +1225,63 @@ openldap (2.4.47+dfsg-3) unstable; urgency=medium
4511225
452 -- Ryan Tandy <ryan@nardis.ca> Sat, 02 Feb 2019 10:30:10 -08001226 -- Ryan Tandy <ryan@nardis.ca> Sat, 02 Feb 2019 10:30:10 -0800
4531227
1228openldap (2.4.47+dfsg-2ubuntu1) disco; urgency=medium
1229
1230 * Merge from Debian unstable (LP: #1811630). Remaining changes:
1231 - Enable AppArmor support:
1232 - d/apparmor-profile: add AppArmor profile
1233 - d/rules: use dh_apparmor
1234 - d/control: Build-Depends on dh-apparmor
1235 - d/slapd.README.Debian: add note about AppArmor
1236 - Enable GSSAPI support:
1237 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1238 - Add --with-gssapi support
1239 - Make guess_service_principal() more robust when determining
1240 principal
1241 - d/configure.options: Configure with --with-gssapi
1242 - d/control: Added heimdal-dev as a build depend
1243 - d/rules:
1244 - Explicitly add -I/usr/include/heimdal to CFLAGS.
1245 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1246 - Enable ufw support:
1247 - d/control: suggest ufw.
1248 - d/rules: install ufw profile.
1249 - d/slapd.ufw.profile: add ufw profile.
1250 - Enable nss overlay:
1251 - d/rules:
1252 - add nssov to CONTRIB_MODULES
1253 - add sysconfdir to CONTRIB_MAKEVARS
1254 - d/slapd.install:
1255 - install nssov overlay
1256 - d/slapd.manpages:
1257 - install slapo-nssov(5) man page
1258 - d/{rules,slapd.py}: Add apport hook.
1259 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1260 either the default DIT nor via an Authn mapping.
1261 - d/slapd.scripts-common:
1262 - add slapcat_opts to local variables.
1263 - Fix backup directory naming for multiple reconfiguration.
1264 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1265 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1266 in the openldap library, as required by Likewise-Open
1267 - Show distribution in version:
1268 - d/control: added lsb-release
1269 - d/patches/fix-ldap-distribution.patch: show distribution in version
1270 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1271 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1272 - GSSAPI support was enabled in 2.4.18-0ubuntu2
1273 * Update nssov build and packaging for Debian changes:
1274 - Drop patch nssov-build
1275 - d/rules:
1276 - add nssov to CONTRIB_MODULES
1277 - add sysconfdir to CONTRIB_MAKEVARS
1278 - d/slapd.install:
1279 - install nssov overlay
1280 - d/slapd.manpages:
1281 - install slapo-nssov(5) man page
1282
1283 -- Ryan Tandy <ryan@nardis.ca> Sun, 13 Jan 2019 04:47:09 +0000
1284
454openldap (2.4.47+dfsg-2) unstable; urgency=medium1285openldap (2.4.47+dfsg-2) unstable; urgency=medium
4551286
456 * Reintroduce slapi-dev binary package. (Closes: #711469)1287 * Reintroduce slapi-dev binary package. (Closes: #711469)
@@ -488,6 +1319,63 @@ openldap (2.4.47+dfsg-1) unstable; urgency=medium
4881319
489 -- Ryan Tandy <ryan@nardis.ca> Sun, 23 Dec 2018 12:50:40 -08001320 -- Ryan Tandy <ryan@nardis.ca> Sun, 23 Dec 2018 12:50:40 -0800
4901321
1322openldap (2.4.46+dfsg-5ubuntu3) disco; urgency=medium
1323
1324 * d/apparmor-profile: update apparmor profile to allow reading of
1325 files needed when slapd is behaving as a kerberos/gssapi client
1326 and acquiring its own ticket. (LP: #1783183)
1327
1328 -- Andreas Hasenack <andreas@canonical.com> Fri, 09 Nov 2018 21:29:51 -0200
1329
1330openldap (2.4.46+dfsg-5ubuntu2) disco; urgency=medium
1331
1332 * No-change rebuild for the perl 5.28 transition.
1333
1334 -- Adam Conrad <adconrad@ubuntu.com> Fri, 02 Nov 2018 18:14:37 -0600
1335
1336openldap (2.4.46+dfsg-5ubuntu1) cosmic; urgency=medium
1337
1338 * Merge from Debian unstable. Remaining changes:
1339 - Enable AppArmor support:
1340 - d/apparmor-profile: add AppArmor profile
1341 - d/rules: use dh_apparmor
1342 - d/control: Build-Depends on dh-apparmor
1343 - d/slapd.README.Debian: add note about AppArmor
1344 - Enable GSSAPI support:
1345 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1346 - Add --with-gssapi support
1347 - Make guess_service_principal() more robust when determining
1348 principal
1349 - d/configure.options: Configure with --with-gssapi
1350 - d/control: Added heimdal-dev as a build depend
1351 - d/rules:
1352 - Explicitly add -I/usr/include/heimdal to CFLAGS.
1353 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1354 - Enable ufw support:
1355 - d/control: suggest ufw.
1356 - d/rules: install ufw profile.
1357 - d/slapd.ufw.profile: add ufw profile.
1358 - Enable nss overlay:
1359 - d/{patches/nssov-build,rules}: Apply, build and package the
1360 nss overlay.
1361 - d/{rules,slapd.py}: Add apport hook.
1362 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1363 either the default DIT nor via an Authn mapping.
1364 - d/slapd.scripts-common:
1365 - add slapcat_opts to local variables.
1366 - Fix backup directory naming for multiple reconfiguration.
1367 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1368 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1369 in the openldap library, as required by Likewise-Open
1370 - Show distribution in version:
1371 - d/control: added lsb-release
1372 - d/patches/fix-ldap-distribution.patch: show distribution in version
1373 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1374 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1375 - GSSAPI support was enabled in 2.4.18-0ubuntu2
1376
1377 -- Gianfranco Costamagna <locutusofborg@debian.org> Wed, 09 May 2018 13:44:37 +0200
1378
491openldap (2.4.46+dfsg-5) unstable; urgency=medium1379openldap (2.4.46+dfsg-5) unstable; urgency=medium
4921380
493 * Restore slapd-smbk5pwd now that libldap is installable in unstable.1381 * Restore slapd-smbk5pwd now that libldap is installable in unstable.
@@ -507,6 +1395,49 @@ openldap (2.4.46+dfsg-3) unstable; urgency=medium
5071395
508 -- Ryan Tandy <ryan@nardis.ca> Fri, 04 May 2018 07:36:58 -07001396 -- Ryan Tandy <ryan@nardis.ca> Fri, 04 May 2018 07:36:58 -0700
5091397
1398openldap (2.4.46+dfsg-2ubuntu1) cosmic; urgency=low
1399
1400 * Merge from Debian unstable. Remaining changes:
1401 - Enable AppArmor support:
1402 - d/apparmor-profile: add AppArmor profile
1403 - d/rules: use dh_apparmor
1404 - d/control: Build-Depends on dh-apparmor
1405 - d/slapd.README.Debian: add note about AppArmor
1406 - Enable GSSAPI support:
1407 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1408 - Add --with-gssapi support
1409 - Make guess_service_principal() more robust when determining
1410 principal
1411 - d/configure.options: Configure with --with-gssapi
1412 - d/control: Added heimdal-dev as a build depend
1413 - d/rules:
1414 - Explicitly add -I/usr/include/heimdal to CFLAGS.
1415 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1416 - Enable ufw support:
1417 - d/control: suggest ufw.
1418 - d/rules: install ufw profile.
1419 - d/slapd.ufw.profile: add ufw profile.
1420 - Enable nss overlay:
1421 - d/{patches/nssov-build,rules}: Apply, build and package the
1422 nss overlay.
1423 - d/{rules,slapd.py}: Add apport hook.
1424 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1425 either the default DIT nor via an Authn mapping.
1426 - d/slapd.scripts-common:
1427 - add slapcat_opts to local variables.
1428 - Fix backup directory naming for multiple reconfiguration.
1429 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1430 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1431 in the openldap library, as required by Likewise-Open
1432 - Show distribution in version:
1433 - d/control: added lsb-release
1434 - d/patches/fix-ldap-distribution.patch: show distribution in version
1435 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1436 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1437 - GSSAPI support was enabled in 2.4.18-0ubuntu2
1438
1439 -- Gianfranco Costamagna <locutusofborg@debian.org> Fri, 04 May 2018 10:19:24 +0200
1440
510openldap (2.4.46+dfsg-2) unstable; urgency=medium1441openldap (2.4.46+dfsg-2) unstable; urgency=medium
5111442
512 * Remove version constraint from libldap-2.4-2 dependency on libldap-common.1443 * Remove version constraint from libldap-2.4-2 dependency on libldap-common.
@@ -536,6 +1467,49 @@ openldap (2.4.46+dfsg-1) unstable; urgency=medium
5361467
537 -- Ryan Tandy <ryan@nardis.ca> Thu, 03 May 2018 07:03:30 -07001468 -- Ryan Tandy <ryan@nardis.ca> Thu, 03 May 2018 07:03:30 -0700
5381469
1470openldap (2.4.45+dfsg-1ubuntu1) artful; urgency=low
1471
1472 * Merge from Debian unstable. Remaining changes:
1473 - Enable AppArmor support:
1474 - d/apparmor-profile: add AppArmor profile
1475 - d/rules: use dh_apparmor
1476 - d/control: Build-Depends on dh-apparmor
1477 - d/slapd.README.Debian: add note about AppArmor
1478 - Enable GSSAPI support:
1479 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1480 - Add --with-gssapi support
1481 - Make guess_service_principal() more robust when determining
1482 principal
1483 - d/configure.options: Configure with --with-gssapi
1484 - d/control: Added heimdal-dev as a build depend
1485 - d/rules:
1486 - Explicitly add -I/usr/include/heimdal to CFLAGS.
1487 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1488 - Enable ufw support:
1489 - d/control: suggest ufw.
1490 - d/rules: install ufw profile.
1491 - d/slapd.ufw.profile: add ufw profile.
1492 - Enable nss overlay:
1493 - d/{patches/nssov-build,rules}: Apply, build and package the
1494 nss overlay.
1495 - d/{rules,slapd.py}: Add apport hook.
1496 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1497 either the default DIT nor via an Authn mapping.
1498 - d/slapd.scripts-common:
1499 - add slapcat_opts to local variables.
1500 - Fix backup directory naming for multiple reconfiguration.
1501 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1502 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1503 in the openldap library, as required by Likewise-Open
1504 - Show distribution in version:
1505 - d/control: added lsb-release
1506 - d/patches/fix-ldap-distribution.patch: show distribution in version
1507 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1508 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1509 - GSSAPI support was enabled in 2.4.18-0ubuntu2
1510
1511 -- Gianfranco Costamagna <locutusofborg@debian.org> Fri, 28 Jul 2017 14:49:07 +0200
1512
539openldap (2.4.45+dfsg-1) unstable; urgency=medium1513openldap (2.4.45+dfsg-1) unstable; urgency=medium
5401514
541 * New upstream release.1515 * New upstream release.
@@ -577,6 +1551,49 @@ openldap (2.4.45+dfsg-1) unstable; urgency=medium
5771551
578 -- Ryan Tandy <ryan@nardis.ca> Thu, 27 Jul 2017 18:04:41 -07001552 -- Ryan Tandy <ryan@nardis.ca> Thu, 27 Jul 2017 18:04:41 -0700
5791553
1554openldap (2.4.44+dfsg-8ubuntu1) artful; urgency=low
1555
1556 * Merge from Debian unstable. Remaining changes:
1557 - Enable AppArmor support:
1558 - d/apparmor-profile: add AppArmor profile
1559 - d/rules: use dh_apparmor
1560 - d/control: Build-Depends on dh-apparmor
1561 - d/slapd.README.Debian: add note about AppArmor
1562 - Enable GSSAPI support:
1563 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1564 - Add --with-gssapi support
1565 - Make guess_service_principal() more robust when determining
1566 principal
1567 - d/configure.options: Configure with --with-gssapi
1568 - d/control: Added heimdal-dev as a build depend
1569 - d/rules:
1570 - Explicitly add -I/usr/include/heimdal to CFLAGS.
1571 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1572 - Enable ufw support:
1573 - d/control: suggest ufw.
1574 - d/rules: install ufw profile.
1575 - d/slapd.ufw.profile: add ufw profile.
1576 - Enable nss overlay:
1577 - d/{patches/nssov-build,rules}: Apply, build and package the
1578 nss overlay.
1579 - d/{rules,slapd.py}: Add apport hook.
1580 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1581 either the default DIT nor via an Authn mapping.
1582 - d/slapd.scripts-common:
1583 - add slapcat_opts to local variables.
1584 - Fix backup directory naming for multiple reconfiguration.
1585 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1586 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1587 in the openldap library, as required by Likewise-Open
1588 - Show distribution in version:
1589 - d/control: added lsb-release
1590 - d/patches/fix-ldap-distribution.patch: show distribution in version
1591 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1592 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1593 - GSSAPI support was enabled in 2.4.18-0ubuntu2
1594
1595 -- Gianfranco Costamagna <locutusofborg@debian.org> Mon, 17 Jul 2017 10:58:24 +0200
1596
580openldap (2.4.44+dfsg-8) unstable; urgency=medium1597openldap (2.4.44+dfsg-8) unstable; urgency=medium
5811598
582 * Disable test060-mt-hot on ppc64el temporarily to avoid failing tests until1599 * Disable test060-mt-hot on ppc64el temporarily to avoid failing tests until
@@ -587,6 +1604,52 @@ openldap (2.4.44+dfsg-8) unstable; urgency=medium
5871604
588 -- Ryan Tandy <ryan@nardis.ca> Sun, 16 Jul 2017 12:57:41 -07001605 -- Ryan Tandy <ryan@nardis.ca> Sun, 16 Jul 2017 12:57:41 -0700
5891606
1607openldap (2.4.44+dfsg-7ubuntu1) artful; urgency=medium
1608
1609 * Merge from Debian unstable. Remaining changes:
1610 - Enable AppArmor support:
1611 - d/apparmor-profile: add AppArmor profile
1612 - d/rules: use dh_apparmor
1613 - d/control: Build-Depends on dh-apparmor
1614 - d/slapd.README.Debian: add note about AppArmor
1615 - Enable GSSAPI support:
1616 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1617 - Add --with-gssapi support
1618 - Make guess_service_principal() more robust when determining
1619 principal
1620 - d/configure.options: Configure with --with-gssapi
1621 - d/control: Added heimdal-dev as a build depend
1622 - d/rules:
1623 - Explicitly add -I/usr/include/heimdal to CFLAGS.
1624 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1625 - Enable ufw support:
1626 - d/control: suggest ufw.
1627 - d/rules: install ufw profile.
1628 - d/slapd.ufw.profile: add ufw profile.
1629 - Enable nss overlay:
1630 - d/{patches/nssov-build,rules}: Apply, build and package the
1631 nss overlay.
1632 - d/{rules,slapd.py}: Add apport hook.
1633 [ d/rules modification mentioned above was dropped in
1634 2.4.23-6ubuntu1, re-adding it ]
1635 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1636 either the default DIT nor via an Authn mapping.
1637 - d/slapd.scripts-common:
1638 - add slapcat_opts to local variables.
1639 - Fix backup directory naming for multiple reconfiguration.
1640 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1641 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1642 in the openldap library, as required by Likewise-Open
1643 - Show distribution in version:
1644 - d/control: added lsb-release
1645 - d/patches/fix-ldap-distribution.patch: show distribution in version
1646 [ Refreshed patch ]
1647 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1648 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1649 - GSSAPI support was enabled in 2.4.18-0ubuntu2
1650
1651 -- Gianfranco Costamagna <locutusofborg@debian.org> Tue, 27 Jun 2017 10:21:41 +0200
1652
590openldap (2.4.44+dfsg-7) unstable; urgency=medium1653openldap (2.4.44+dfsg-7) unstable; urgency=medium
5911654
592 * Relax the dependency of libldap-2.4-2 on libldap-common to also permit1655 * Relax the dependency of libldap-2.4-2 on libldap-common to also permit
@@ -594,6 +1657,52 @@ openldap (2.4.44+dfsg-7) unstable; urgency=medium
5941657
595 -- Ryan Tandy <ryan@nardis.ca> Tue, 27 Jun 2017 18:53:12 -07001658 -- Ryan Tandy <ryan@nardis.ca> Tue, 27 Jun 2017 18:53:12 -0700
5961659
1660openldap (2.4.44+dfsg-6ubuntu1) artful; urgency=medium
1661
1662 * Merge from Debian unstable. Remaining changes:
1663 - Enable AppArmor support:
1664 - d/apparmor-profile: add AppArmor profile
1665 - d/rules: use dh_apparmor
1666 - d/control: Build-Depends on dh-apparmor
1667 - d/slapd.README.Debian: add note about AppArmor
1668 - Enable GSSAPI support:
1669 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1670 - Add --with-gssapi support
1671 - Make guess_service_principal() more robust when determining
1672 principal
1673 - d/configure.options: Configure with --with-gssapi
1674 - d/control: Added heimdal-dev as a build depend
1675 - d/rules:
1676 - Explicitly add -I/usr/include/heimdal to CFLAGS.
1677 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1678 - Enable ufw support:
1679 - d/control: suggest ufw.
1680 - d/rules: install ufw profile.
1681 - d/slapd.ufw.profile: add ufw profile.
1682 - Enable nss overlay:
1683 - d/{patches/nssov-build,rules}: Apply, build and package the
1684 nss overlay.
1685 - d/{rules,slapd.py}: Add apport hook.
1686 [ d/rules modification mentioned above was dropped in
1687 2.4.23-6ubuntu1, re-adding it ]
1688 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1689 either the default DIT nor via an Authn mapping.
1690 - d/slapd.scripts-common:
1691 - add slapcat_opts to local variables.
1692 - Fix backup directory naming for multiple reconfiguration.
1693 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1694 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1695 in the openldap library, as required by Likewise-Open
1696 - Show distribution in version:
1697 - d/control: added lsb-release
1698 - d/patches/fix-ldap-distribution.patch: show distribution in version
1699 [ Refreshed patch ]
1700 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1701 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1702 - GSSAPI support was enabled in 2.4.18-0ubuntu2
1703
1704 -- Gianfranco Costamagna <locutusofborg@debian.org> Tue, 27 Jun 2017 10:21:41 +0200
1705
597openldap (2.4.44+dfsg-6) unstable; urgency=medium1706openldap (2.4.44+dfsg-6) unstable; urgency=medium
5981707
599 * Update the list of non-translatable strings for the1708 * Update the list of non-translatable strings for the
@@ -602,6 +1711,54 @@ openldap (2.4.44+dfsg-6) unstable; urgency=medium
6021711
603 -- Ryan Tandy <ryan@nardis.ca> Mon, 26 Jun 2017 19:42:02 -07001712 -- Ryan Tandy <ryan@nardis.ca> Mon, 26 Jun 2017 19:42:02 -0700
6041713
1714openldap (2.4.44+dfsg-5ubuntu1) artful; urgency=medium
1715
1716 * Merge from Debian unstable. Remaining changes:
1717 - Enable AppArmor support:
1718 - d/apparmor-profile: add AppArmor profile
1719 - d/rules: use dh_apparmor
1720 - d/control: Build-Depends on dh-apparmor
1721 - d/slapd.README.Debian: add note about AppArmor
1722 - Enable GSSAPI support:
1723 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1724 - Add --with-gssapi support
1725 - Make guess_service_principal() more robust when determining
1726 principal
1727 - d/configure.options: Configure with --with-gssapi
1728 - d/control: Added heimdal-dev as a build depend
1729 - d/rules:
1730 - Explicitly add -I/usr/include/heimdal to CFLAGS.
1731 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1732 - Enable ufw support:
1733 - d/control: suggest ufw.
1734 - d/rules: install ufw profile.
1735 - d/slapd.ufw.profile: add ufw profile.
1736 - Enable nss overlay:
1737 - d/{patches/nssov-build,rules}: Apply, build and package the
1738 nss overlay.
1739 - d/{rules,slapd.py}: Add apport hook.
1740 [ d/rules modification mentioned above was dropped in
1741 2.4.23-6ubuntu1, re-adding it ]
1742 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1743 either the default DIT nor via an Authn mapping.
1744 - d/slapd.scripts-common:
1745 - add slapcat_opts to local variables.
1746 - Fix backup directory naming for multiple reconfiguration.
1747 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1748 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1749 in the openldap library, as required by Likewise-Open
1750 - Show distribution in version:
1751 - d/control: added lsb-release
1752 - d/patches/fix-ldap-distribution.patch: show distribution in version
1753 [ Refreshed patch ]
1754 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1755 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1756 - GSSAPI support was enabled in 2.4.18-0ubuntu2
1757 [ undocumented in prior merge, added in 2.4.41+dfsg-1ubuntu1 ]
1758 - Fix use after free with GnuTLS. (LP #1557248)
1759
1760 -- Gianfranco Costamagna <locutusofborg@debian.org> Sun, 28 May 2017 22:43:50 +0200
1761
605openldap (2.4.44+dfsg-5) unstable; urgency=medium1762openldap (2.4.44+dfsg-5) unstable; urgency=medium
6061763
607 * debian/patches/ITS-8644-wait-for-slapd-to-start-in-test064.patch: Fix an1764 * debian/patches/ITS-8644-wait-for-slapd-to-start-in-test064.patch: Fix an
@@ -613,6 +1770,54 @@ openldap (2.4.44+dfsg-5) unstable; urgency=medium
6131770
614 -- Ryan Tandy <ryan@nardis.ca> Sun, 28 May 2017 09:59:46 -07001771 -- Ryan Tandy <ryan@nardis.ca> Sun, 28 May 2017 09:59:46 -0700
6151772
1773openldap (2.4.44+dfsg-4ubuntu1) artful; urgency=low
1774
1775 * Merge from Debian unstable. Remaining changes:
1776 - Enable AppArmor support:
1777 - d/apparmor-profile: add AppArmor profile
1778 - d/rules: use dh_apparmor
1779 - d/control: Build-Depends on dh-apparmor
1780 - d/slapd.README.Debian: add note about AppArmor
1781 - Enable GSSAPI support:
1782 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1783 - Add --with-gssapi support
1784 - Make guess_service_principal() more robust when determining
1785 principal
1786 - d/configure.options: Configure with --with-gssapi
1787 - d/control: Added heimdal-dev as a build depend
1788 - d/rules:
1789 - Explicitly add -I/usr/include/heimdal to CFLAGS.
1790 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1791 - Enable ufw support:
1792 - d/control: suggest ufw.
1793 - d/rules: install ufw profile.
1794 - d/slapd.ufw.profile: add ufw profile.
1795 - Enable nss overlay:
1796 - d/{patches/nssov-build,rules}: Apply, build and package the
1797 nss overlay.
1798 - d/{rules,slapd.py}: Add apport hook.
1799 [ d/rules modification mentioned above was dropped in
1800 2.4.23-6ubuntu1, re-adding it ]
1801 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1802 either the default DIT nor via an Authn mapping.
1803 - d/slapd.scripts-common:
1804 - add slapcat_opts to local variables.
1805 - Fix backup directory naming for multiple reconfiguration.
1806 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1807 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1808 in the openldap library, as required by Likewise-Open
1809 - Show distribution in version:
1810 - d/control: added lsb-release
1811 - d/patches/fix-ldap-distribution.patch: show distribution in version
1812 [ Refreshed patch ]
1813 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1814 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1815 - GSSAPI support was enabled in 2.4.18-0ubuntu2
1816 [ undocumented in prior merge, added in 2.4.41+dfsg-1ubuntu1 ]
1817 - Fix use after free with GnuTLS. (LP #1557248)
1818
1819 -- Gianfranco Costamagna <locutusofborg@debian.org> Sat, 22 Apr 2017 14:28:54 +0200
1820
616openldap (2.4.44+dfsg-4) unstable; urgency=medium1821openldap (2.4.44+dfsg-4) unstable; urgency=medium
6171822
618 * Improve the slapd/ppolicy_schema_needs_update debconf template. Thanks to1823 * Improve the slapd/ppolicy_schema_needs_update debconf template. Thanks to
@@ -659,6 +1864,67 @@ openldap (2.4.44+dfsg-4) unstable; urgency=medium
6591864
660 -- Ryan Tandy <ryan@nardis.ca> Sun, 16 Apr 2017 20:10:43 -07001865 -- Ryan Tandy <ryan@nardis.ca> Sun, 16 Apr 2017 20:10:43 -0700
6611866
1867openldap (2.4.44+dfsg-3ubuntu2) zesty; urgency=medium
1868
1869 * d/rules: Fix typo in previous upload.
1870
1871 -- Nishanth Aravamudan <nish.aravamudan@canonical.com> Fri, 10 Feb 2017 12:17:02 -0800
1872
1873openldap (2.4.44+dfsg-3ubuntu1) zesty; urgency=medium
1874
1875 * Merge with Debian unstable (LP: #1663702, LP: #1654416). Remaining
1876 changes
1877 - Enable AppArmor support:
1878 - d/apparmor-profile: add AppArmor profile
1879 - d/rules: use dh_apparmor
1880 - d/control: Build-Depends on dh-apparmor
1881 - d/slapd.README.Debian: add note about AppArmor
1882 - Enable GSSAPI support:
1883 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1884 - Add --with-gssapi support
1885 - Make guess_service_principal() more robust when determining
1886 principal
1887 - d/configure.options: Configure with --with-gssapi
1888 - d/control: Added heimdal-dev as a build depend
1889 - d/rules:
1890 - Explicitly add -I/usr/include/heimdal to CFLAGS.
1891 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1892 - Enable ufw support:
1893 - d/control: suggest ufw.
1894 - d/rules: install ufw profile.
1895 - d/slapd.ufw.profile: add ufw profile.
1896 - Enable nss overlay:
1897 - d/{patches/nssov-build,rules}: Apply, build and package the
1898 nss overlay.
1899 - d/{rules,slapd.py}: Add apport hook.
1900 [ d/rules modification mentioned above was dropped in
1901 2.4.23-6ubuntu1, re-adding it ]
1902 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1903 either the default DIT nor via an Authn mapping.
1904 - d/slapd.scripts-common:
1905 - add slapcat_opts to local variables.
1906 - Fix backup directory naming for multiple reconfiguration.
1907 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1908 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1909 in the openldap library, as required by Likewise-Open
1910 - Show distribution in version:
1911 - d/control: added lsb-release
1912 - d/patches/fix-ldap-distribution.patch: show distribution in version
1913 [ Refreshed patch ]
1914 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1915 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1916 - GSSAPI support was enabled in 2.4.18-0ubuntu2
1917 [ undocumented in prior merge, added in 2.4.41+dfsg-1ubuntu1 ]
1918 - Fix use after free with GnuTLS. (LP #1557248)
1919 * Drop:
1920 - d/slapd.scripts-common:
1921 + Remove unused variable new_conf.
1922 [ configure_v2_protocol_support function removed in 2.4.44+dfsg-1 ]
1923 - d/b/config.log: add config.log
1924 [ previously undocumented, stray change ]
1925
1926 -- Nishanth Aravamudan <nish.aravamudan@canonical.com> Fri, 10 Feb 2017 11:38:57 -0800
1927
662openldap (2.4.44+dfsg-3) unstable; urgency=medium1928openldap (2.4.44+dfsg-3) unstable; urgency=medium
6631929
664 * Apply upstream patch to fix FTBFS on kFreeBSD. (Closes: #845394)1930 * Apply upstream patch to fix FTBFS on kFreeBSD. (Closes: #845394)
@@ -731,6 +1997,73 @@ openldap (2.4.44+dfsg-1) unstable; urgency=medium
7311997
732 -- Ryan Tandy <ryan@nardis.ca> Mon, 14 Nov 2016 18:59:30 -08001998 -- Ryan Tandy <ryan@nardis.ca> Mon, 14 Nov 2016 18:59:30 -0800
7331999
2000openldap (2.4.42+dfsg-2ubuntu5) zesty; urgency=medium
2001
2002 * No-change rebuild for perl 5.24 transition
2003
2004 -- Iain Lane <iain@orangesquash.org.uk> Mon, 24 Oct 2016 10:37:13 +0100
2005
2006openldap (2.4.42+dfsg-2ubuntu4) yakkety; urgency=medium
2007
2008 * Fix use after free with GnuTLS. (LP: #1557248)
2009
2010 -- Maciej Puzio <maciej@work.swmed.edu> Fri, 25 Mar 2016 15:24:25 -0500
2011
2012openldap (2.4.42+dfsg-2ubuntu3) xenial; urgency=medium
2013
2014 * Fix building with gssapi suppport:
2015 - Explicitly add -I/usr/include/heimdal to CFLAGS.
2016 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
2017
2018 -- Matthias Klose <doko@ubuntu.com> Thu, 18 Feb 2016 09:17:27 +0100
2019
2020openldap (2.4.42+dfsg-2ubuntu2) xenial; urgency=medium
2021
2022 * No-change rebuild for gnutls transition.
2023
2024 -- Matthias Klose <doko@ubuntu.com> Wed, 17 Feb 2016 22:27:04 +0000
2025
2026openldap (2.4.42+dfsg-2ubuntu1) xenial; urgency=medium
2027
2028 * Merge from Debian testing (LP: #1532648). Remaining changes:
2029 - Enable AppArmor support:
2030 - d/apparmor-profile: add AppArmor profile
2031 - d/rules: use dh_apparmor
2032 - d/control: Build-Depends on dh-apparmor
2033 - d/slapd.README.Debian: add note about AppArmor
2034 - Enable GSSAPI support:
2035 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
2036 - Add --with-gssapi support
2037 - Make guess_service_principal() more robust when determining
2038 principal
2039 - d/configure.options: Configure with --with-gssapi
2040 - d/control: Added heimdal-dev as a build depend
2041 - Enable ufw support:
2042 - d/control: suggest ufw.
2043 - d/rules: install ufw profile.
2044 - d/slapd.ufw.profile: add ufw profile.
2045 - Enable nss overlay:
2046 - d/{patches/nssov-build,rules}: Apply, build and package the
2047 nss overlay.
2048 - d/{rules,slapd.py}: Add apport hook.
2049 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
2050 either the default DIT nor via an Authn mapping.
2051 - d/slapd.scripts-common:
2052 - add slapcat_opts to local variables.
2053 - Remove unused variable new_conf.
2054 - Fix backup directory naming for multiple reconfiguration.
2055 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
2056 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
2057 in the openldap library, as required by Likewise-Open
2058 - Show distribution in version:
2059 - d/control: added lsb-release
2060 - d/patches/fix-ldap-distribution.patch: show distribution in version
2061 * Drop CVE-2015-6908.patch, included in Debian.
2062 * Remove DEB_HOST_ARCH from debian/rules: left over from when mdb was
2063 disabled on ppc64el, no longer used, and missed in the previous merge.
2064
2065 -- Ryan Tandy <ryan@nardis.ca> Sun, 10 Jan 2016 15:50:53 -0800
2066
734openldap (2.4.42+dfsg-2) unstable; urgency=medium2067openldap (2.4.42+dfsg-2) unstable; urgency=medium
7352068
736 [ Ryan Tandy ]2069 [ Ryan Tandy ]
@@ -798,6 +2131,71 @@ openldap (2.4.42+dfsg-1) unstable; urgency=medium
7982131
799 -- Ryan Tandy <ryan@nardis.ca> Fri, 21 Aug 2015 13:07:51 -07002132 -- Ryan Tandy <ryan@nardis.ca> Fri, 21 Aug 2015 13:07:51 -0700
8002133
2134openldap (2.4.41+dfsg-1ubuntu3) xenial; urgency=medium
2135
2136 * Rebuild for Perl 5.22.1.
2137
2138 -- Colin Watson <cjwatson@ubuntu.com> Fri, 18 Dec 2015 15:10:17 +0000
2139
2140openldap (2.4.41+dfsg-1ubuntu2) wily; urgency=medium
2141
2142 * SECURITY UPDATE: denial of service via crafted BER data
2143 - debian/patches/CVE-2015-6908.patch: remove obsolete assert in
2144 libraries/liblber/io.c.
2145 - CVE-2015-6908
2146
2147 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 14 Sep 2015 10:25:04 -0400
2148
2149openldap (2.4.41+dfsg-1ubuntu1) wily; urgency=medium
2150
2151 * Merge from Debian testing (LP: #1471831). Remaining changes:
2152 - Enable AppArmor support:
2153 - d/apparmor-profile: add AppArmor profile
2154 - d/rules: use dh_apparmor
2155 - d/control: Build-Depends on dh-apparmor
2156 - d/slapd.README.Debian: add note about AppArmor
2157 - Enable GSSAPI support:
2158 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
2159 - Add --with-gssapi support
2160 - Make guess_service_principal() more robust when determining
2161 principal
2162 - d/configure.options: Configure with --with-gssapi
2163 - d/control: Added heimdal-dev as a build depend
2164 - Enable ufw support:
2165 - d/control: suggest ufw.
2166 - d/rules: install ufw profile.
2167 - d/slapd.ufw.profile: add ufw profile.
2168 - Enable nss overlay:
2169 - d/{patches/nssov-build,rules}: Apply, build and package the
2170 nss overlay.
2171 - d/{rules,slapd.py}: Add apport hook.
2172 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
2173 either the default DIT nor via an Authn mapping.
2174 - d/slapd.scripts-common:
2175 - add slapcat_opts to local variables.
2176 - Remove unused variable new_conf.
2177 - Fix backup directory naming for multiple reconfiguration.
2178 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
2179 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
2180 in the openldap library, as required by Likewise-Open
2181 - Show distribution in version:
2182 - d/control: added lsb-release
2183 - d/patches/fix-ldap-distribution.patch: show distribution in version
2184 * Dropped changes:
2185 - Fix cpp calls for GCC 5: fixed upstream (ITS#8056)
2186 * Upstream fixes:
2187 - slapd crash with auditlog overlay and large (~27KB) attribute values
2188 (ITS#8003) (LP: #1461276)
2189 - nssov updated to support recent nss-pam-ldapd client libraries
2190 (ITS#8097) (LP: #1393306)
2191 * Update d/patches/nssov-build for upstream changes.
2192 * Tweak d/patches/gssapi.diff to apply without fuzz.
2193 * d/libldap-2.4-2.symbols: Add symbols not present in Debian.
2194 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
2195 - GSSAPI support was enabled in 2.4.18-0ubuntu2
2196
2197 -- Ryan Tandy <ryan@nardis.ca> Fri, 24 Jul 2015 14:12:06 -0700
2198
801openldap (2.4.41+dfsg-1) unstable; urgency=medium2199openldap (2.4.41+dfsg-1) unstable; urgency=medium
8022200
803 * New upstream release.2201 * New upstream release.
@@ -817,6 +2215,62 @@ openldap (2.4.40+dfsg-2) unstable; urgency=medium
8172215
818 -- Ryan Tandy <ryan@nardis.ca> Sun, 28 Jun 2015 20:40:37 -07002216 -- Ryan Tandy <ryan@nardis.ca> Sun, 28 Jun 2015 20:40:37 -0700
8192217
2218openldap (2.4.40+dfsg-1ubuntu2) wily; urgency=medium
2219
2220 * No-change rebuild for the libnettle6 transition.
2221
2222 -- Adam Conrad <adconrad@ubuntu.com> Sun, 14 Jun 2015 03:58:30 -0600
2223
2224openldap (2.4.40+dfsg-1ubuntu1) wily; urgency=low
2225
2226 * Merge from Debian testing (LP: #1395098, LP: #1316124). Remaining changes:
2227 - Enable AppArmor support:
2228 - d/apparmor-profile: add AppArmor profile
2229 - d/rules: use dh_apparmor
2230 - d/control: Build-Depends on dh-apparmor
2231 - d/slapd.README.Debian: add note about AppArmor
2232 - Enable GSSAPI support:
2233 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
2234 - Add --with-gssapi support
2235 - Make guess_service_principal() more robust when determining
2236 principal
2237 - d/configure.options: Configure with --with-gssapi
2238 - d/control: Added heimdal-dev as a build depend
2239 - Enable ufw support:
2240 - d/control: suggest ufw.
2241 - d/rules: install ufw profile.
2242 - d/slapd.ufw.profile: add ufw profile.
2243 - Enable nss overlay:
2244 - d/{patches/nssov-build,rules}: Apply, build and package the
2245 nss overlay.
2246 - d/{rules,slapd.py}: Add apport hook.
2247 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
2248 either the default DIT nor via an Authn mapping.
2249 - d/slapd.scripts-common:
2250 - add slapcat_opts to local variables.
2251 - Remove unused variable new_conf.
2252 - Fix backup directory naming for multiple reconfiguration.
2253 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
2254 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
2255 in the openldap library, as required by Likewise-Open
2256 - Show distribution in version:
2257 - d/control: added lsb-release
2258 - d/patches/fix-ldap-distribution.patch: show distribution in version
2259 * Drop patches included upstream:
2260 - d/patches/0001-ITS-7430-GnuTLS-Avoid-use-of-deprecated-function.patch
2261 - d/patches/bdb-deadlock.patch
2262 - d/patches/its-7354-fix-delta-sync-mmr.diff
2263 * Drop hardening-wrapper as Debian now sets PIE and bindnow flags.
2264 * debian/patches/nssov-build: Adjust for upstream changes.
2265 * debian/apparmor-profile:
2266 - Change 'r' to 'rw' for ldapi and nslcd sockets, required for apparmor
2267 kernel ABI v7 (utopic and later). (LP: #1392018)
2268 - Reduce permissions on /run/nslcd to just the nslcd socket.
2269 * Enable the mdb backend again on ppc64el, fixed upstream in ITS#7713.
2270 (LP: #1293250)
2271
2272 -- Ryan Tandy <ryan@nardis.ca> Mon, 25 May 2015 19:49:21 -0700
2273
820openldap (2.4.40+dfsg-1) unstable; urgency=medium2274openldap (2.4.40+dfsg-1) unstable; urgency=medium
8212275
822 * Remove inetorgperson.schema from the upstream source. Replace it with a2276 * Remove inetorgperson.schema from the upstream source. Replace it with a
@@ -1005,6 +2459,187 @@ openldap (2.4.39-1) unstable; urgency=low
10052459
1006 -- Steve Langasek <vorlon@debian.org> Mon, 17 Mar 2014 15:27:31 -07002460 -- Steve Langasek <vorlon@debian.org> Mon, 17 Mar 2014 15:27:31 -0700
10072461
2462openldap (2.4.31-1+nmu2ubuntu12) vivid; urgency=medium
2463
2464 * Fix cpp calls for GCC 5.
2465
2466 -- Matthias Klose <doko@ubuntu.com> Fri, 06 Mar 2015 13:23:29 +0100
2467
2468openldap (2.4.31-1+nmu2ubuntu11) utopic; urgency=medium
2469
2470 * debian/apparmor-profile:
2471 - allow p11-kit abstraction
2472 - allow read of /etc/gss/mech.d/*
2473
2474 -- Jamie Strandboge <jamie@ubuntu.com> Tue, 02 Sep 2014 15:29:05 -0500
2475
2476openldap (2.4.31-1+nmu2ubuntu10) utopic; urgency=medium
2477
2478 * Rebuild for Perl 5.20.0.
2479
2480 -- Colin Watson <cjwatson@ubuntu.com> Thu, 21 Aug 2014 13:29:20 +0100
2481
2482openldap (2.4.31-1+nmu2ubuntu9) utopic; urgency=medium
2483
2484 * Cherry-pick upstream patch for compat with recent GNUTLS.
2485 * Build-depend on libgnutls28-dev.
2486 * Build-depend on libgcrypt20-dev.
2487
2488 -- Dimitri John Ledkov <xnox@ubuntu.com> Fri, 08 Aug 2014 11:01:56 +0100
2489
2490openldap (2.4.31-1+nmu2ubuntu8) trusty; urgency=medium
2491
2492 * Bump database_format_changed value to 2.4.31-1+nmu2ubuntu5 for db5.3.
2493
2494 -- Adam Conrad <adconrad@ubuntu.com> Mon, 17 Mar 2014 12:50:18 -0600
2495
2496openldap (2.4.31-1+nmu2ubuntu7) trusty; urgency=medium
2497
2498 * Disable mdb backend on ppc64el due to test-suite failures.
2499
2500 -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 17 Mar 2014 16:32:29 +0000
2501
2502openldap (2.4.31-1+nmu2ubuntu6) trusty; urgency=low
2503
2504 * Fix segfault issue with master-master syncrepl (LP: #1287730):
2505 - d/patches/its-7354-fix-delta-sync-mmr.diff: Cherry picked
2506 patch from upstream VCS.
2507
2508 -- Pierre Fersing <pfersing@sierrawireless.com> Tue, 04 Mar 2014 16:04:57 +0100
2509
2510openldap (2.4.31-1+nmu2ubuntu5) trusty; urgency=low
2511
2512 * Build-depend on libdb5.3-dev, instead of libdb5.1-dev.
2513
2514 -- Dmitrijs Ledkovs <xnox@ubuntu.com> Mon, 04 Nov 2013 08:04:30 +0000
2515
2516openldap (2.4.31-1+nmu2ubuntu4) trusty; urgency=low
2517
2518 * Rebuild for Perl 5.18.
2519
2520 -- Colin Watson <cjwatson@ubuntu.com> Tue, 22 Oct 2013 12:16:39 +0100
2521
2522openldap (2.4.31-1+nmu2ubuntu3) saucy; urgency=low
2523
2524 * Update build/config.guess and build/config.sub at build time; this was
2525 not done automatically because the top-level configure.in does not use
2526 Automake.
2527
2528 -- Colin Watson <cjwatson@ubuntu.com> Tue, 08 Oct 2013 17:24:59 +0100
2529
2530openldap (2.4.31-1+nmu2ubuntu2) saucy; urgency=low
2531
2532 * debian/control: added lsb-release
2533 * debian/patches/fix-ldap-distribution.patch: show distribution in version
2534
2535 -- Yolanda Robla <yolanda.robla@canonical.com> Mon, 08 Jul 2013 16:53:09 +0200
2536
2537openldap (2.4.31-1+nmu2ubuntu1) saucy; urgency=low
2538
2539 * Merge from Debian unstable. Remaining changes:
2540 - Enable AppArmor support:
2541 - d/apparmor-profile: add AppArmor profile
2542 - d/rules: use dh_apparmor
2543 - d/control: Build-Depends on dh-apparmor
2544 - d/slapd.README.Debian: add note about AppArmor
2545 - d/slapd.dirs: add etc/apparmor.d/force-complain
2546 - Enable GSSAPI support:
2547 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
2548 - Add --with-gssapi support
2549 - Make guess_service_principal() more robust when determining
2550 principal
2551 - d/configure.options: Configure with --with-gssapi
2552 - d/control: Added libkrb5-dev as a build depend
2553 - Enable ufw support:
2554 - d/control: suggest ufw.
2555 - d/rules: install ufw profile.
2556 - d/slapd.ufw.profile: add ufw profile.
2557 - Enable nss overlay:
2558 - d/{patches/nssov-build,/rules}: Apply, build and package the
2559 nss overlay.
2560 - d/{rules,slapd.py}: Add apport hook.
2561 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
2562 either the default DIT nor via an Authn mapping.
2563 - d/slapd.scripts-common:
2564 - add slapcat_opts to local variables.
2565 - Remove unused variable new_conf.
2566 - Fix backup directory naming for multiple reconfiguration.
2567 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
2568 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
2569 in the openldap library, as required by Likewise-Open
2570 - d/{control,rules}: enable PIE hardening
2571
2572 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 30 May 2013 13:03:25 -0400
2573
2574openldap (2.4.31-1+nmu2) unstable; urgency=high
2575
2576 * Non-maintainer upload.
2577 * No-change rebuild in a clean environment
2578
2579 -- Jonathan Wiltshire <jmw@debian.org> Tue, 23 Apr 2013 13:10:00 +0100
2580
2581openldap (2.4.31-1+nmu1) unstable; urgency=medium
2582
2583 * Non-maintainer upload.
2584 * Avoid deadlocks in back-bdb that truncate slapcat output (closes: #673038).
2585
2586 -- Michael Gilbert <mgilbert@debian.org> Tue, 16 Apr 2013 03:35:31 +0000
2587
2588openldap (2.4.31-1ubuntu2) quantal-proposed; urgency=low
2589
2590 * debian/slapd.py: Add AppArmor info and logs to apport hook.
2591
2592 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 20 Aug 2012 08:46:02 -0400
2593
2594openldap (2.4.31-1ubuntu1) quantal; urgency=low
2595
2596 * Merge from Debian unstable. Remaining changes:
2597 - Enable AppArmor support:
2598 - d/apparmor-profile: add AppArmor profile
2599 - d/rules: use dh_apparmor
2600 - d/control: Build-Depends on dh-apparmor
2601 - d/slapd.README.Debian: add note about AppArmor
2602 - d/slapd.dirs: add etc/apparmor.d/force-complain
2603 - Enable GSSAPI support (LP: #495418):
2604 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
2605 - Add --with-gssapi support
2606 - Make guess_service_principal() more robust when determining
2607 principal
2608 - d/configure.options: Configure with --with-gssapi
2609 - d/control: Added libkrb5-dev as a build depend
2610 - Enable ufw support (LP: #423246):
2611 - d/control: suggest ufw.
2612 - d/rules: install ufw profile.
2613 - d/slapd.ufw.profile: add ufw profile.
2614 - Enable nss overlay (LP: #675391):
2615 - d/{patches/nssov-build,/rules}: Apply, build and package the
2616 nss overlay.
2617 - d/{rules,slapd.py}: Add apport hook. (LP: #610544)
2618 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
2619 either the default DIT nor via an Authn mapping.
2620 - d/slapd.scripts-common:
2621 - add slapcat_opts to local variables.
2622 - Remove unused variable new_conf.
2623 - Fix backup directory naming for multiple reconfiguration.
2624 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
2625 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
2626 in the openldap library, as required by Likewise-Open (LP: #390579)
2627 - d/{control,rules}: enable PIE hardening
2628 * Dropped changes:
2629 - d/patches/its-7107-fix-Operation-init-on-reuse.diff: Included in upstream release.
2630 - d/patches/CVE-2011-4079: Included in upstream release.
2631 - d/patches/service-operational-before-detach: Included in upstream release.
2632 - d/schema/extra/misc.ldif: Included upstream.
2633 - d/{rules,schema/extra}: Fix configure and clean rules to support
2634 extra schemas shipped as part of the debian/schema/ directory; no longer required.
2635 - Included in Debian:
2636 + Document cn=config in README file.
2637 + Install a default DIT; actually a minimal configuration.
2638 + d/patches/heimdal-fix.
2639 * General tidy of d/patches to remove obsolete patches being held in Ubuntu delta.
2640
2641 -- James Page <james.page@ubuntu.com> Fri, 20 Jul 2012 13:48:32 +0100
2642
1008openldap (2.4.31-1) unstable; urgency=low2643openldap (2.4.31-1) unstable; urgency=low
10092644
1010 * New upstream release.2645 * New upstream release.
@@ -1031,6 +2666,121 @@ openldap (2.4.31-1) unstable; urgency=low
10312666
1032 -- Steve Langasek <vorlon@debian.org> Wed, 27 Jun 2012 03:27:34 +00002667 -- Steve Langasek <vorlon@debian.org> Wed, 27 Jun 2012 03:27:34 +0000
10332668
2669openldap (2.4.28-1.1ubuntu6) quantal; urgency=low
2670
2671 * Fix issue with intermittent connection issues when using LDAPv3
2672 protocol (LP: #1023025):
2673 - d/patches/its-7107-fix-Operation-init-on-reuse.diff: Cherry picked
2674 patch from upstream VCS which ensures objects are initialized before
2675 re-use.
2676
2677 -- Pierre Fersing <pfersing@sierrawireless.com> Thu, 19 Jul 2012 14:05:09 +0100
2678
2679openldap (2.4.28-1.1ubuntu5) quantal; urgency=low
2680
2681 * debian/rules: Add smbk5pwd build.
2682 * debian/control: Add slapd-smbk5pwd binary package.
2683 * debian/patches/heimdal-fix: adapt parameters of
2684 hdb_generate_key_set_password() to heimdal 1.6~git20120311
2685 (patch from Debian #664930).
2686
2687 -- Jorge Salamero Sanz <bencer@debian.org> Wed, 18 Jul 2012 09:30:28 -0400
2688
2689openldap (2.4.28-1.1ubuntu4) precise; urgency=low
2690
2691 * debian/control: Build-Depends on dh-apparmor (LP: #948481)
2692
2693 -- Jamie Strandboge <jamie@ubuntu.com> Thu, 05 Apr 2012 09:34:37 -0500
2694
2695openldap (2.4.28-1.1ubuntu3) precise; urgency=low
2696
2697 * Add its-7176-only-poll-sockets-for-write-as-needed.diff
2698 (LP: #932823).
2699
2700 -- Timo Aaltonen <tjaalton@ubuntu.com> Tue, 21 Feb 2012 15:36:29 +0200
2701
2702openldap (2.4.28-1.1ubuntu2) precise; urgency=low
2703
2704 * Remove debian/patches/CVE-2011-4079; it's already in this upstream
2705 version. Fixes FTBFS.
2706
2707 -- Daniel T Chen <crimsun@ubuntu.com> Wed, 25 Jan 2012 17:26:17 -0500
2708
2709openldap (2.4.28-1.1ubuntu1) precise; urgency=low
2710
2711 * Merge from Debian testing. Remaining changes:
2712 - Install a default DIT (LP: #442498).
2713 - Document cn=config in README file (LP: #370784).
2714 - remaining changes:
2715 + AppArmor support:
2716 - debian/apparmor-profile: add AppArmor profile
2717 - use dh_apparmor:
2718 - debian/rules: use dh_apparmor
2719 - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
2720 - updated debian/slapd.README.Debian for note on AppArmor
2721 - debian/slapd.dirs: add etc/apparmor.d/force-complain
2722 + Enable GSSAPI support (LP: #495418):
2723 - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
2724 - Add --with-gssapi support
2725 - Make guess_service_principal() more robust when determining
2726 principal
2727 - debian/patches/series: apply gssapi.diff patch.
2728 - debian/configure.options: Configure with --with-gssapi
2729 - debian/control: Added libkrb5-dev as a build depend
2730 + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
2731 in the openldap library, as required by Likewise-Open (LP: #390579)
2732 + Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
2733 - debian/control:
2734 - remove build-dependency on heimdal-dev.
2735 - remove slapd-smbk5pwd binary package.
2736 - debian/rules: don't build smbk5pwd slapd module.
2737 + debian/{control,rules}: enable PIE hardening
2738 + ufw support (LP: #423246):
2739 - debian/control: suggest ufw.
2740 - debian/rules: install ufw profile.
2741 - debian/slapd.ufw.profile: add ufw profile.
2742 + Enable nssoverlay:
2743 - debian/patches/nssov-build, debian/series, debian/rules:
2744 Apply, build and package the nss overlay.
2745 - debian/schema/extra/misc.ldif: add ldif file for the misc schema
2746 which defines rfc822MailMember (required by the nss overlay).
2747 + debian/rules, debian/schema/extra/:
2748 Fix configure rule to supports extra schemas shipped as part
2749 of the debian/schema/ directory.
2750 + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
2751 + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
2752 neither the default DIT nor via an Authn mapping.
2753 + debian/slapd.scripts-common: adjust minimum version that triggers a
2754 database upgrade. Upgrade from maverick shouldn't trigger database
2755 upgrade (which would happen with the version used in Debian).
2756 + debian/slapd.scripts-common: add slapcat_opts to local variables.
2757 Remove unused variable new_conf.
2758 + debian/slapd.script-common: Fix package reconfiguration.
2759 - Fix backup directory naming for multiple reconfiguration.
2760 + debian/slapd.default, debian/slapd.README.Debian:
2761 use the new configuration style.
2762 + Install nss overlay (LP: #675391):
2763 - debian/rules: run install target for nssov module.
2764 - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema
2765 + debian/patches/gssapi.diff:
2766 - Update patch so that likewise-open is usuable again. (LP: #661547)
2767 + debian/patches/service-operational-before-detach: New patch replacing old one
2768 of the same name as previous could cause database corruption based on upstream commits.
2769 (LP: #727973)
2770 + debian/patches/CVE-2011-4079: fix off by one error in postalAddressNormalize()
2771 (CVE-2011-4079)
2772
2773
2774 -- Chuck Short <zulcss@ubuntu.com> Mon, 23 Jan 2012 10:01:13 -0500
2775
2776openldap (2.4.28-1.1) unstable; urgency=low
2777
2778 * Non-maintainer upload.
2779 * Disable the mdb backend on non-Linux, it looks like it doesn't work with
2780 linuxthreads (closes: #654824).
2781
2782 -- Julien Cristau <jcristau@debian.org> Mon, 16 Jan 2012 19:45:42 +0100
2783
1034openldap (2.4.28-1) unstable; urgency=low2784openldap (2.4.28-1) unstable; urgency=low
10352785
1036 * New upstream release.2786 * New upstream release.
@@ -1058,6 +2808,72 @@ openldap (2.4.28-1) unstable; urgency=low
10582808
1059 -- Steve Langasek <vorlon@debian.org> Thu, 05 Jan 2012 06:07:11 +00002809 -- Steve Langasek <vorlon@debian.org> Thu, 05 Jan 2012 06:07:11 +0000
10602810
2811openldap (2.4.25-4ubuntu1) precise; urgency=low
2812
2813 * Merge from Debian testing. Remaining changes:
2814 - Install a default DIT (LP: #442498).
2815 - Document cn=config in README file (LP: #370784).
2816 - remaining changes:
2817 + AppArmor support:
2818 - debian/apparmor-profile: add AppArmor profile
2819 - use dh_apparmor:
2820 - debian/rules: use dh_apparmor
2821 - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
2822 - updated debian/slapd.README.Debian for note on AppArmor
2823 - debian/slapd.dirs: add etc/apparmor.d/force-complain
2824 + Enable GSSAPI support (LP: #495418):
2825 - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
2826 - Add --with-gssapi support
2827 - Make guess_service_principal() more robust when determining
2828 principal
2829 - debian/patches/series: apply gssapi.diff patch.
2830 - debian/configure.options: Configure with --with-gssapi
2831 - debian/control: Added libkrb5-dev as a build depend
2832 + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
2833 in the openldap library, as required by Likewise-Open (LP: #390579)
2834 + Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
2835 - debian/control:
2836 - remove build-dependency on heimdal-dev.
2837 - remove slapd-smbk5pwd binary package.
2838 - debian/rules: don't build smbk5pwd slapd module.
2839 + debian/{control,rules}: enable PIE hardening
2840 + ufw support (LP: #423246):
2841 - debian/control: suggest ufw.
2842 - debian/rules: install ufw profile.
2843 - debian/slapd.ufw.profile: add ufw profile.
2844 + Enable nssoverlay:
2845 - debian/patches/nssov-build, debian/series, debian/rules:
2846 Apply, build and package the nss overlay.
2847 - debian/schema/extra/misc.ldif: add ldif file for the misc schema
2848 which defines rfc822MailMember (required by the nss overlay).
2849 + debian/rules, debian/schema/extra/:
2850 Fix configure rule to supports extra schemas shipped as part
2851 of the debian/schema/ directory.
2852 + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
2853 + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
2854 neither the default DIT nor via an Authn mapping.
2855 + debian/slapd.scripts-common: adjust minimum version that triggers a
2856 database upgrade. Upgrade from maverick shouldn't trigger database
2857 upgrade (which would happen with the version used in Debian).
2858 + debian/slapd.scripts-common: add slapcat_opts to local variables.
2859 Remove unused variable new_conf.
2860 + debian/slapd.script-common: Fix package reconfiguration.
2861 - Fix backup directory naming for multiple reconfiguration.
2862 + debian/slapd.default, debian/slapd.README.Debian:
2863 use the new configuration style.
2864 + Install nss overlay (LP: #675391):
2865 - debian/rules: run install target for nssov module.
2866 - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema
2867 + debian/patches/gssapi.diff:
2868 - Update patch so that likewise-open is usuable again. (LP: #661547)
2869 + debian/patches/service-operational-before-detach: New patch replacing old one
2870 of the same name as previous could cause database corruption based on upstream commits.
2871 (LP: #727973)
2872 + debian/patches/CVE-2011-4079: fix off by one error in postalAddressNormalize()
2873 (CVE-2011-4079)
2874
2875 -- Chuck Short <zulcss@ubuntu.com> Tue, 22 Nov 2011 06:17:49 +0000
2876
1061openldap (2.4.25-4) unstable; urgency=low2877openldap (2.4.25-4) unstable; urgency=low
10622878
1063 * Drop explicit depends on libdb4.8, since we're now linking against2879 * Drop explicit depends on libdb4.8, since we're now linking against
@@ -1091,6 +2907,85 @@ openldap (2.4.25-4) unstable; urgency=low
10912907
1092 -- Steve Langasek <vorlon@debian.org> Tue, 18 Oct 2011 01:08:34 +00002908 -- Steve Langasek <vorlon@debian.org> Tue, 18 Oct 2011 01:08:34 +0000
10932909
2910openldap (2.4.25-3ubuntu3) precise; urgency=low
2911
2912 * Rebuild for Perl 5.14.
2913
2914 -- Colin Watson <cjwatson@ubuntu.com> Tue, 15 Nov 2011 20:50:09 +0000
2915
2916openldap (2.4.25-3ubuntu2) precise; urgency=low
2917
2918 * SECURITY UPDATE: potential denial of service (LP: #884163)
2919 - debian/patches/CVE-2011-4079: fix off by one error in
2920 postalAddressNormalize()
2921 - CVE-2011-4079
2922
2923 -- Jamie Strandboge <jamie@ubuntu.com> Mon, 14 Nov 2011 13:59:56 -0600
2924
2925openldap (2.4.25-3ubuntu1) precise; urgency=low
2926
2927 * Merge from debian unstable. Remaining changes:
2928 - Install a default DIT (LP: #442498).
2929 - Document cn=config in README file (LP: #370784).
2930 - remaining changes:
2931 + AppArmor support:
2932 - debian/apparmor-profile: add AppArmor profile
2933 - use dh_apparmor:
2934 - debian/rules: use dh_apparmor
2935 - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
2936 - updated debian/slapd.README.Debian for note on AppArmor
2937 - debian/slapd.dirs: add etc/apparmor.d/force-complain
2938 + Enable GSSAPI support (LP: #495418):
2939 - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
2940 - Add --with-gssapi support
2941 - Make guess_service_principal() more robust when determining
2942 principal
2943 - debian/patches/series: apply gssapi.diff patch.
2944 - debian/configure.options: Configure with --with-gssapi
2945 - debian/control: Added libkrb5-dev as a build depend
2946 + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
2947 in the openldap library, as required by Likewise-Open (LP: #390579)
2948 + Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
2949 - debian/control:
2950 - remove build-dependency on heimdal-dev.
2951 - remove slapd-smbk5pwd binary package.
2952 - debian/rules: don't build smbk5pwd slapd module.
2953 + debian/{control,rules}: enable PIE hardening
2954 + ufw support (LP: #423246):
2955 - debian/control: suggest ufw.
2956 - debian/rules: install ufw profile.
2957 - debian/slapd.ufw.profile: add ufw profile.
2958 + Enable nssoverlay:
2959 - debian/patches/nssov-build, debian/series, debian/rules:
2960 Apply, build and package the nss overlay.
2961 - debian/schema/extra/misc.ldif: add ldif file for the misc schema
2962 which defines rfc822MailMember (required by the nss overlay).
2963 + debian/rules, debian/schema/extra/:
2964 Fix configure rule to supports extra schemas shipped as part
2965 of the debian/schema/ directory.
2966 + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
2967 + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
2968 neither the default DIT nor via an Authn mapping.
2969 + debian/slapd.scripts-common: adjust minimum version that triggers a
2970 database upgrade. Upgrade from maverick shouldn't trigger database
2971 upgrade (which would happen with the version used in Debian).
2972 + debian/slapd.scripts-common: add slapcat_opts to local variables.
2973 Remove unused variable new_conf.
2974 + debian/slapd.script-common: Fix package reconfiguration.
2975 - Fix backup directory naming for multiple reconfiguration.
2976 + debian/slapd.default, debian/slapd.README.Debian:
2977 use the new configuration style.
2978 + Install nss overlay (LP: #675391):
2979 - debian/rules: run install target for nssov module.
2980 - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema
2981 + debian/patches/gssapi.diff:
2982 - Update patch so that likewise-open is usuable again. (LP: #661547)
2983 + debian/patches/service-operational-before-detach: New patch replacing old one
2984 of the same name as previous could cause database corruption based on upstream commits.
2985 (LP: #727973)
2986
2987 -- Chuck Short <zulcss@ubuntu.com> Wed, 19 Oct 2011 20:53:08 +0000
2988
1094openldap (2.4.25-3) unstable; urgency=low2989openldap (2.4.25-3) unstable; urgency=low
10952990
1096 * Brown paper bag: really fix the .links.in handling, so we don't generate2991 * Brown paper bag: really fix the .links.in handling, so we don't generate
@@ -1113,6 +3008,92 @@ openldap (2.4.25-2) unstable; urgency=low
11133008
1114 -- Steve Langasek <vorlon@debian.org> Sun, 14 Aug 2011 23:17:09 -07003009 -- Steve Langasek <vorlon@debian.org> Sun, 14 Aug 2011 23:17:09 -0700
11153010
3011openldap (2.4.25-1.1ubuntu4) oneiric; urgency=low
3012
3013 * Brown paper bag: really fix the .links.in handling, so we don't generate
3014 broken /usr/lib/${DEB_HOST_MULTIARCH} dirs.
3015
3016 -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 15 Aug 2011 09:43:29 +0000
3017
3018openldap (2.4.25-1.1ubuntu3) oneiric; urgency=low
3019
3020 * Cherry-pick multiarch support from Debian (LP: #826601):
3021 - Bump to compat level 7, so we don't have to spell out debian/tmp in
3022 every single .install file
3023 - Build for multiarch.
3024
3025 -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 15 Aug 2011 02:23:43 -0700
3026
3027openldap (2.4.25-1.1ubuntu2) oneiric; urgency=low
3028
3029 * debian/apparmor-profile: Allow /var/run and /run. (LP: #810270)
3030
3031 -- Martin Pitt <martin.pitt@ubuntu.com> Thu, 14 Jul 2011 15:18:02 +0200
3032
3033openldap (2.4.25-1.1ubuntu1) oneiric; urgency=low
3034
3035 * Merge from debian unstable. Remaining changes:
3036 - Install a default DIT (LP: #442498).
3037 - Document cn=config in README file (LP: #370784).
3038 - remaining changes:
3039 + AppArmor support:
3040 - debian/apparmor-profile: add AppArmor profile
3041 - use dh_apparmor:
3042 - debian/rules: use dh_apparmor
3043 - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
3044 - updated debian/slapd.README.Debian for note on AppArmor
3045 - debian/slapd.dirs: add etc/apparmor.d/force-complain
3046 + Enable GSSAPI support (LP: #495418):
3047 - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
3048 - Add --with-gssapi support
3049 - Make guess_service_principal() more robust when determining
3050 principal
3051 - debian/patches/series: apply gssapi.diff patch.
3052 - debian/configure.options: Configure with --with-gssapi
3053 - debian/control: Added libkrb5-dev as a build depend
3054 + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
3055 in the openldap library, as required by Likewise-Open (LP: #390579)
3056 + Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
3057 - debian/control:
3058 - remove build-dependency on heimdal-dev.
3059 - remove slapd-smbk5pwd binary package.
3060 - debian/rules: don't build smbk5pwd slapd module.
3061 + debian/{control,rules}: enable PIE hardening
3062 + ufw support (LP: #423246):
3063 - debian/control: suggest ufw.
3064 - debian/rules: install ufw profile.
3065 - debian/slapd.ufw.profile: add ufw profile.
3066 + Enable nssoverlay:
3067 - debian/patches/nssov-build, debian/series, debian/rules:
3068 Apply, build and package the nss overlay.
3069 - debian/schema/extra/misc.ldif: add ldif file for the misc schema
3070 which defines rfc822MailMember (required by the nss overlay).
3071 + debian/rules, debian/schema/extra/:
3072 Fix configure rule to supports extra schemas shipped as part
3073 of the debian/schema/ directory.
3074 + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
3075 + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
3076 neither the default DIT nor via an Authn mapping.
3077 + debian/slapd.scripts-common: adjust minimum version that triggers a
3078 database upgrade. Upgrade from maverick shouldn't trigger database
3079 upgrade (which would happen with the version used in Debian).
3080 + debian/slapd.scripts-common: add slapcat_opts to local variables.
3081 Remove unused variable new_conf.
3082 + debian/slapd.script-common: Fix package reconfiguration.
3083 - Fix backup directory naming for multiple reconfiguration.
3084 + debian/slapd.default, debian/slapd.README.Debian:
3085 use the new configuration style.
3086 + Install nss overlay (LP: #675391):
3087 - debian/rules: run install target for nssov module.
3088 - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema
3089 + debian/patches/gssapi.diff:
3090 - Update patch so that likewise-open is usuable again. (LP: #661547)
3091 + debian/patches/service-operational-before-detach: New patch replacing old one
3092 of the same name as previous could cause database corruption based on upstream commits.
3093 (LP: #727973)
3094
3095 -- Chuck Short <zulcss@ubuntu.com> Sun, 05 Jun 2011 17:38:40 +0100
3096
1116openldap (2.4.25-1.1) unstable; urgency=low3097openldap (2.4.25-1.1) unstable; urgency=low
11173098
1118 * Non-maintainer upload to fix RC bug.3099 * Non-maintainer upload to fix RC bug.
@@ -1120,6 +3101,75 @@ openldap (2.4.25-1.1) unstable; urgency=low
11203101
1121 -- Thijs Kinkhorst <thijs@debian.org> Tue, 31 May 2011 11:57:29 +02003102 -- Thijs Kinkhorst <thijs@debian.org> Tue, 31 May 2011 11:57:29 +0200
11223103
3104openldap (2.4.25-1ubuntu1) oneiric; urgency=low
3105
3106 * Merge from debian unstable. Remaining changes:
3107 - Install a default DIT (LP: #442498).
3108 - Document cn=config in README file (LP: #370784).
3109 - remaining changes:
3110 + AppArmor support:
3111 - debian/apparmor-profile: add AppArmor profile
3112 - use dh_apparmor:
3113 - debian/rules: use dh_apparmor
3114 - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
3115 - updated debian/slapd.README.Debian for note on AppArmor
3116 - debian/slapd.dirs: add etc/apparmor.d/force-complain
3117 + Enable GSSAPI support (LP: #495418):
3118 - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
3119 - Add --with-gssapi support
3120 - Make guess_service_principal() more robust when determining
3121 principal
3122 - debian/patches/series: apply gssapi.diff patch.
3123 - debian/configure.options: Configure with --with-gssapi
3124 - debian/control: Added libkrb5-dev as a build depend
3125 + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
3126 in the openldap library, as required by Likewise-Open (LP: #390579)
3127 + Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
3128 - debian/control:
3129 - remove build-dependency on heimdal-dev.
3130 - remove slapd-smbk5pwd binary package.
3131 - debian/rules: don't build smbk5pwd slapd module.
3132 + debian/{control,rules}: enable PIE hardening
3133 + ufw support (LP: #423246):
3134 - debian/control: suggest ufw.
3135 - debian/rules: install ufw profile.
3136 - debian/slapd.ufw.profile: add ufw profile.
3137 + Enable nssoverlay:
3138 - debian/patches/nssov-build, debian/series, debian/rules:
3139 Apply, build and package the nss overlay.
3140 - debian/schema/extra/misc.ldif: add ldif file for the misc schema
3141 which defines rfc822MailMember (required by the nss overlay).
3142 + debian/rules, debian/schema/extra/:
3143 Fix configure rule to supports extra schemas shipped as part
3144 of the debian/schema/ directory.
3145 + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
3146 + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
3147 neither the default DIT nor via an Authn mapping.
3148 + debian/slapd.scripts-common: adjust minimum version that triggers a
3149 database upgrade. Upgrade from maverick shouldn't trigger database
3150 upgrade (which would happen with the version used in Debian).
3151 + debian/slapd.scripts-common: add slapcat_opts to local variables.
3152 Remove unused variable new_conf.
3153 + debian/slapd.script-common: Fix package reconfiguration.
3154 - Fix backup directory naming for multiple reconfiguration.
3155 + debian/slapd.default, debian/slapd.README.Debian:
3156 use the new configuration style.
3157 + Install nss overlay (LP: #675391):
3158 - debian/rules: run install target for nssov module.
3159 - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema
3160 + debian/patches/gssapi.diff:
3161 - Update patch so that likewise-open is usuable again. (LP: #661547)
3162 + debian/patches/service-operational-before-detach: New patch replacing old one
3163 of the same name as previous could cause database corruption based on upstream commits.
3164 (LP: #727973)
3165 + Dropped:
3166 - debian/patches/gold: Use the debian version instead
3167 - debian/patches/CVE-2011-1024: Fixed upstream
3168 - debian/patches/CVE-2011-1025: Fixed upstream
3169 - debian/patches/CVE-2011-1081: Fixed upstream
3170
3171 -- Chuck Short <zulcss@ubuntu.com> Sun, 08 May 2011 16:34:09 +0100
3172
1123openldap (2.4.25-1) unstable; urgency=low3173openldap (2.4.25-1) unstable; urgency=low
11243174
1125 * New upstream version (Closes: #617606, #618904, #606815, #608813)3175 * New upstream version (Closes: #617606, #618904, #606815, #608813)
@@ -1151,6 +3201,116 @@ openldap (2.4.23-7) unstable; urgency=low
11513201
1152 -- Matthijs Mohlmann <matthijs@cacholong.nl> Sat, 06 Nov 2010 12:13:01 +01003202 -- Matthijs Mohlmann <matthijs@cacholong.nl> Sat, 06 Nov 2010 12:13:01 +0100
11533203
3204openldap (2.4.23-6ubuntu7) oneiric; urgency=low
3205
3206 * Rebuild for Perl 5.12.
3207
3208 -- Colin Watson <cjwatson@ubuntu.com> Sun, 08 May 2011 13:40:28 +0100
3209
3210openldap (2.4.23-6ubuntu6) natty; urgency=low
3211
3212 * SECURITY UPDATE: fix successful anonymous bind via chain overlay when
3213 using forwarded authentication failures
3214 - debian/patches/CVE-2011-1024
3215 - CVE-2011-1024
3216 * SECURITY UPDATE: verify password when authenticating to rootdn and using ndb
3217 backend. Note: Ubuntu is not compiled with --enable-ndb by default
3218 - debian/patches/CVE-2011-1025
3219 - CVE-2011-1025
3220 * SECURITY UPDATE: fix DoS when processing unauthenticated modrdn requests
3221 and requestDN is empty
3222 - debian/patches/CVE-2011-1081
3223 - CVE-2011-1081
3224 - LP: #742104
3225
3226 -- Jamie Strandboge <jamie@ubuntu.com> Thu, 07 Apr 2011 11:36:53 -0500
3227
3228openldap (2.4.23-6ubuntu5) natty; urgency=low
3229
3230 * debian/patches/service-operational-before-detach: New patch replacing
3231 old one of same name as previous could cause database corruption,
3232 based on upstream commits. (LP: #727973)
3233
3234 -- Dave Walker (Daviey) <DaveWalker@ubuntu.com> Wed, 02 Mar 2011 20:33:08 +0000
3235
3236openldap (2.4.23-6ubuntu4) natty; urgency=low
3237
3238 * Fix FTBFS with ld.gold.
3239
3240 -- Matthias Klose <doko@ubuntu.com> Wed, 19 Jan 2011 07:39:49 +0100
3241
3242openldap (2.4.23-6ubuntu3) natty; urgency=low
3243
3244 * debian/patches/gssapi.diff:
3245 Update patch so that likewise-open is usable again (LP: #661547)
3246
3247 -- Thierry Carrez (ttx) <thierry.carrez@ubuntu.com> Fri, 26 Nov 2010 15:50:11 +0100
3248
3249openldap (2.4.23-6ubuntu2) natty; urgency=low
3250
3251 * Install nss overlay (LP: #675391):
3252 - debian/rules: run install target for nssov module.
3253 - debian/patches/nssov-build: fix patch to install schema in
3254 /etc/ldap/schema.
3255
3256 -- Mathias Gug <mathiaz@ubuntu.com> Wed, 17 Nov 2010 18:16:42 -0500
3257
3258openldap (2.4.23-6ubuntu1) natty; urgency=low
3259
3260 * Merge from Debian unstable:
3261 - Install a default DIT (LP: #442498).
3262 - Document cn=config in README file (LP: #370784).
3263 - remaining changes:
3264 + AppArmor support:
3265 - debian/apparmor-profile: add AppArmor profile
3266 - use dh_apparmor:
3267 - debian/rules: use dh_apparmor
3268 - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
3269 - updated debian/slapd.README.Debian for note on AppArmor
3270 - debian/slapd.dirs: add etc/apparmor.d/force-complain
3271 + Enable GSSAPI support (LP: #495418):
3272 - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
3273 - Add --with-gssapi support
3274 - Make guess_service_principal() more robust when determining
3275 principal
3276 - debian/patches/series: apply gssapi.diff patch.
3277 - debian/configure.options: Configure with --with-gssapi
3278 - debian/control: Added libkrb5-dev as a build depend
3279 + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
3280 in the openldap library, as required by Likewise-Open (LP: #390579)
3281 + Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
3282 - debian/control:
3283 - remove build-dependency on heimdal-dev.
3284 - remove slapd-smbk5pwd binary package.
3285 - debian/rules: don't build smbk5pwd slapd module.
3286 + debian/{control,rules}: enable PIE hardening
3287 + ufw support (LP: #423246):
3288 - debian/control: suggest ufw.
3289 - debian/rules: install ufw profile.
3290 - debian/slapd.ufw.profile: add ufw profile.
3291 + Enable nssoverlay:
3292 - debian/patches/nssov-build, debian/series, debian/rules:
3293 Apply, build and package the nss overlay.
3294 - debian/schema/extra/misc.ldif: add ldif file for the misc schema
3295 which defines rfc822MailMember (required by the nss overlay).
3296 + debian/rules, debian/schema/extra/:
3297 Fix configure rule to supports extra schemas shipped as part
3298 of the debian/schema/ directory.
3299 + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
3300 + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
3301 neither the default DIT nor via an Authn mapping.
3302 + debian/slapd.scripts-common: adjust minimum version that triggers a
3303 database upgrade. Upgrade from maverick shouldn't trigger database
3304 upgrade (which would happen with the version used in Debian).
3305 + debian/slapd.scripts-common: add slapcat_opts to local variables.
3306 Remove unused variable new_conf.
3307 + debian/slapd.script-common: Fix package reconfiguration.
3308 - Fix backup directory naming for multiple reconfiguration.
3309 + debian/slapd.default, debian/slapd.README.Debian:
3310 use the new configuration style.
3311
3312 -- Mathias Gug <mathiaz@ubuntu.com> Fri, 12 Nov 2010 15:19:07 -0500
3313
1154openldap (2.4.23-6) unstable; urgency=high3314openldap (2.4.23-6) unstable; urgency=high
11553315
1156 * Check for an empty directory to prevent an rm -f /*. (Closes: #597704)3316 * Check for an empty directory to prevent an rm -f /*. (Closes: #597704)
@@ -1273,6 +3433,80 @@ openldap (2.4.23-1) unstable; urgency=low
12733433
1274 -- Matthijs Mohlmann <matthijs@cacholong.nl> Mon, 12 Jul 2010 13:25:00 +02003434 -- Matthijs Mohlmann <matthijs@cacholong.nl> Mon, 12 Jul 2010 13:25:00 +0200
12753435
3436openldap (2.4.23-0ubuntu4) natty; urgency=low
3437
3438 * debian/slapd.templates: amended typo in slapd/move_old_database
3439 (LP: #666028)
3440
3441 -- James Page <james.page@canonical.com> Mon, 08 Nov 2010 10:00:58 +0000
3442
3443openldap (2.4.23-0ubuntu3.2) maverick-proposed; urgency=low
3444
3445 * debian/slapd.templates: re-add slapd/move_old_database template as it's
3446 used during the package upgrade. Thanks to James Page for pointing it.
3447 * debian/slapd.config: restore debconf question slapd/move_old_database.
3448
3449 -- Mathias Gug <mathiaz@ubuntu.com> Thu, 14 Oct 2010 16:56:38 -0400
3450
3451openldap (2.4.23-0ubuntu3.1) maverick-proposed; urgency=low
3452
3453 [ James Page ]
3454 * Fixed install/upgrade process to dump/restore databases due
3455 to uplift to libdb4.8-dev (LP: #658227)
3456
3457 -- Mathias Gug <mathiaz@ubuntu.com> Thu, 14 Oct 2010 14:50:49 -0400
3458
3459openldap (2.4.23-0ubuntu3) maverick; urgency=low
3460
3461 * debian/rules: move dh_apparmor before dh_installinit
3462
3463 -- Jamie Strandboge <jamie@ubuntu.com> Fri, 06 Aug 2010 17:34:21 -0500
3464
3465openldap (2.4.23-0ubuntu2) maverick; urgency=low
3466
3467 * convert to using dh_apparmor:
3468 - debian/rules, debian/slapd.post{inst,rm}: use dh_apparmor
3469 - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
3470 * debian/apparmor-profile: use local include
3471
3472 -- Jamie Strandboge <jamie@ubuntu.com> Fri, 06 Aug 2010 15:08:55 -0500
3473
3474openldap (2.4.23-0ubuntu1) maverick; urgency=low
3475
3476 * New release, features include:
3477 + Fixed libldap to return server's error code (ITS#6569)
3478 + Fixed libldap memleaks (ITS#6568)
3479 + Fixed liblutil off-by-one with delta (ITS#6541)
3480 + Fixed slapd acls with glued databases (ITS#6468)
3481 + Fixed slapd syncrepl rid logging (ITS#6533)
3482 + Fixed slapd modrdn handling of invalid values (ITS#6570)
3483 + Fixed slapd-bdb hasSubordinates computation (ITS#6549)
3484 + Fixed slapd-bdb to use memcpy instead for strcpy (ITS#6474)
3485 + Fixed slapd-bdb entry cache delete failure (ITS#6577)
3486 + Fixed slapd-ldap to return control responses (ITS#6530)
3487 + Fixed slapo-ppolicy to use Debug (ITS#6566)
3488 + Fixed slapo-refint to zero out freed DN vals (ITS#6572)
3489 + Fixed slapo-rwm to use Debug (ITS#6566)
3490 + Fixed slapo-sssvlv to use Debug (ITS#6566)
3491 + Fixed slapo-syncprov lost deletes in refresh phase (ITS#6555)
3492 + Fixed slapo-valsort to use Debug (ITS#6566)
3493 + Fixed contrib/nssov network.c missing patch (ITS#6562)
3494 + Fixed test043 attribute sorting (ITS#6553)
3495 + slapd-config(5) note default rootdn (ITS#6546)
3496 * Rebased patches debian/patches/dropped nssov-build
3497 * Resynchronize with Debian:
3498 + debian/control:
3499 - Bump standards-version to 3.9.0
3500 - Use libdb4.8-dev (LP: #572489)
3501 + Added debian/patches/issue-6534-patch
3502 + Added debian/patches/ldap-conf-tls-cacertdir
3503 * Add ufw support, thanks to PatRiehecky (LP: #423246)
3504
3505 [Adam Sommer]
3506 * debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
3507
3508 -- Chuck Short <zulcss@ubuntu.com> Wed, 28 Jul 2010 11:35:16 -0400
3509
1276openldap (2.4.21-1) unstable; urgency=low3510openldap (2.4.21-1) unstable; urgency=low
12773511
1278 [ Steve Langasek ]3512 [ Steve Langasek ]
@@ -1304,6 +3538,79 @@ openldap (2.4.21-1) unstable; urgency=low
13043538
1305 -- Matthijs Mohlmann <matthijs@cacholong.nl> Thu, 22 Apr 2010 23:40:30 +02003539 -- Matthijs Mohlmann <matthijs@cacholong.nl> Thu, 22 Apr 2010 23:40:30 +0200
13063540
3541openldap (2.4.21-0ubuntu5) lucid; urgency=low
3542
3543 * Fix local root connection access: replace olcAuthzRegexp mapping to
3544 cn=localroot,cn=config with using the SASL dn directly in olcAccess.
3545 Makes upgrades much simpler and robust (LP: #563829).
3546
3547 -- Mathias Gug <mathiaz@ubuntu.com> Fri, 23 Apr 2010 00:23:31 -0400
3548
3549openldap (2.4.21-0ubuntu4) lucid; urgency=low
3550
3551 [ Simon Olofsson ]
3552 * debian/slapd.postinst:
3553 - Show a message after successful migration (LP: #538848)
3554
3555 [ Jorgen Rosink ]
3556 * debian/slapd.init: add simple status checking with LSB compatible exit
3557 codes (LP: #562377)
3558 * debian/slapd.init.ldif:
3559 - remove admin user in default config database (LP: #556176)
3560 - in default config, add olcAccess entries giving access to controls
3561 available and cn=subschema (LP: #427842)
3562
3563 [ Scott Moser ]
3564 * debian/slapd.scripts-common: Do not create /nonexistent directory
3565 for openldap user's home (LP: #556176)
3566 * debian/slapd.postinst: fix cn=config olcAccess migration (LP: #559070)
3567
3568 -- Scott Moser <smoser@ubuntu.com> Mon, 12 Apr 2010 16:16:47 -0400
3569
3570openldap (2.4.21-0ubuntu3) lucid; urgency=low
3571
3572 * debian/slapd.postinst, debian/slapd.scripts-common: Upgrade databases
3573 before trying to convert to slapd.d, to avoid upgrade failure from hardy
3574 (LP: #536958)
3575 * debian/slapd.postinst: Add a {1} numeric index to olcAccess entry in
3576 olcDatabase={0}config.ldif to avoid upgrade failures (LP: #538516, #526230)
3577
3578 -- Thierry Carrez <thierry.carrez@ubuntu.com> Mon, 29 Mar 2010 13:31:47 +0200
3579
3580openldap (2.4.21-0ubuntu2) lucid; urgency=low
3581
3582 * debian/apparmor-profile: Update apparmor profile. (LP: #508190)
3583
3584 -- Chuck Short <zulcss@ubuntu.com> Tue, 09 Mar 2010 13:33:35 -0500
3585
3586openldap (2.4.21-0ubuntu1) lucid; urgency=low
3587
3588 * New upstream release.
3589 * debian/rules, debian/schema/extra/:
3590 Fix get-orig-source rule to supports extra schemas shipped as part of the
3591 debian/schema/ directory.
3592
3593 -- Mathias Gug <mathiaz@ubuntu.com> Thu, 18 Feb 2010 00:58:13 -0500
3594
3595openldap (2.4.18-0ubuntu2) lucid; urgency=low
3596
3597 * debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
3598 - Add --with-gssapi support
3599 - Make guess_service_principal() more robust when determining principal
3600 * Enable GSSAPI support (LP: #495418):
3601 - debian/configure.options: Configure with --with-gssapi
3602 - debian/control: Added libkrb5-dev as a build depend
3603
3604 -- Thierry Carrez <thierry.carrez@ubuntu.com> Fri, 11 Dec 2009 11:31:11 +0100
3605
3606openldap (2.4.18-0ubuntu1) karmic; urgency=low
3607
3608 * New upstream release: (LP: #419515):
3609 + pcache overlay supports disconnected mode.
3610 * Fix nss overlay load (LP: #417163).
3611
3612 -- Mathias Gug <mathiaz@ubuntu.com> Mon, 07 Sep 2009 13:41:10 -0400
3613
1307openldap (2.4.17-2.1) unstable; urgency=high3614openldap (2.4.17-2.1) unstable; urgency=high
13083615
1309 * Non-maintainer upload by the Security Team.3616 * Non-maintainer upload by the Security Team.
@@ -1330,6 +3637,108 @@ openldap (2.4.17-2) unstable; urgency=low
13303637
1331 -- Steve Langasek <vorlon@debian.org> Tue, 22 Sep 2009 20:06:34 -07003638 -- Steve Langasek <vorlon@debian.org> Tue, 22 Sep 2009 20:06:34 -0700
13323639
3640openldap (2.4.17-1ubuntu3) karmic; urgency=low
3641
3642 * Install a minimal slapd configuration instead of creating a default
3643 database with a default DIT:
3644 + Move openldap user home from /var/lib/ldap to /nonexistent.
3645 + Remove all code and templates dealing with the default database and DIT
3646 creation.
3647 + Add an Authz map from root user (UID=0) to cn=localroot,cn=config and
3648 grant all access to the latter in the cn=config database as well as the
3649 default backend configuration.
3650 * Add cn=localroot,cn=config authz mapping on upgrades.
3651
3652 -- Mathias Gug <mathiaz@ubuntu.com> Tue, 11 Aug 2009 14:48:56 -0400
3653
3654openldap (2.4.17-1ubuntu2) karmic; urgency=low
3655
3656 [ Thierry Carrez ]
3657 * debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
3658 in the openldap library, as required by Likewise-Open (LP: #390579)
3659
3660 [ Mathias Gug ]
3661 * debian/patches/its6077-uniqueness-overlay: fixes some issues with the
3662 uniqueness overlay.
3663 * debian/patches/its6220-writetimeout-directive: fixes a problem with the
3664 writetimeout directive being in effect even if it wasn't set,
3665 closing connections incorrectly.
3666 * debian/patches/its6222-dncachesize-parameter: fixes the behavior of the
3667 dncachesize parameter that was added in RE24, so that if it is set to
3668 "0" (now the default), it has an unlimited DN cache (RE23 always
3669 had an unlimited DN cache).
3670
3671 -- Mathias Gug <mathiaz@ubuntu.com> Fri, 31 Jul 2009 13:43:46 -0400
3672
3673openldap (2.4.17-1ubuntu1) karmic; urgency=low
3674
3675 [ Steve Langasek ]
3676 * Fix up the lintian warnings:
3677 - add missing misc-depends on all packages
3678 - slapd, libldap-2.4-2-dbg sections changed to 'debug' to match archive
3679 overrides
3680 - bump Standards-Version to 3.8.2, no changes required.
3681
3682 [ Mathias Gug ]
3683 * Resynchronise with Debian. Remaining changes:
3684 - AppArmor support:
3685 - debian/apparmor-profile: add AppArmor profile
3686 - updated debian/slapd.README.Debian for note on AppArmor
3687 - debian/slapd.dirs: add etc/apparmor.d/force-complain
3688 - debian/slapd.postrm: remove symlink in force-complain/ on purge
3689 - debian/rules: install apparmor profile.
3690 - Don't use local statement in config script as it fails if /bin/sh
3691 points to bash.
3692 - debian/slapd.postinst, debian/slapd.script-common: set correct
3693 ownership and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group
3694 readable) and /var/run/slapd (world readable).
3695 - Enable nssoverlay:
3696 - debian/patches/nssov-build, debian/rules: Build and package the nss
3697 overlay.
3698 - debian/schema/misc.ldif: add ldif file for the misc schema which
3699 defines rfc822MailMember (required by the nss overlay).
3700 - debian/{control,rules}: enable PIE hardening
3701 - Use cn=config as the default configuration backend instead of
3702 slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade
3703 asking the end user to enter a new password to control the access to
3704 the cn=config tree.
3705 - debian/slapd.postinst: create /var/run/slapd before updating its
3706 permissions.
3707 - debian/slapd.init: Correctly set slapd config backend option even if
3708 the pidfile is configured in slapd default file.
3709 * Dropped:
3710 - Merged in Debian:
3711 - Update priority of libldap-2.4-2 to match the archive override.
3712 - Add the missing ldapexop and ldapurl tools to ldap-utils, as well as
3713 the ldapurl(1) manpage.
3714 - Bump build-dependency on debhelper to 6 instead of 5, since that's
3715 what we're using.
3716 - Set the default SLAPD_SERVICES to ldap:/// ldapi:///, instead of using
3717 the built-in default of ldap:/// only.
3718 - Fixed in upstream release:
3719 - debian/patches/fix-ldap_back_entry_get_rwa.patch: fix test-0034
3720 failure when built with PIE.
3721 - debian/patches/gnutls-enable-v1-ca-certs: Enable V1 CA certs to be
3722 trusted.
3723 - Update Apparmor profile support: don't support upgrade from pre-hardy
3724 systems:
3725 - debian/slapd.postinst: Reload AA profile on configuration
3726 - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
3727 - debian/control: Conflicts with apparmor-profiles <<
3728 2.1+1075-0ubuntu4 to make sure that if earlier version of
3729 apparmor-profiles gets installed it won't overwrite our profile.
3730 - follow ApparmorProfileMigration and force apparmor complain mode on
3731 some upgrades
3732 - debian/slapd.preinst: create symlink for force-complain on
3733 pre-feisty upgrades, upgrades where apparmor-profiles profile is
3734 unchanged (ie non-enforcing) and upgrades where apparmor profile
3735 does not exist.
3736 - debian/patches/autogen.sh: no longer needed with karmic libtool.
3737 - Call libtoolize with the --install option to install
3738 config.{guess,sub} files.
3739
3740 -- Mathias Gug <mathiaz@ubuntu.com> Thu, 30 Jul 2009 16:42:58 -0400
3741
1333openldap (2.4.17-1) unstable; urgency=low3742openldap (2.4.17-1) unstable; urgency=low
13343743
1335 * New upstream version.3744 * New upstream version.
@@ -1352,6 +3761,153 @@ openldap (2.4.17-1) unstable; urgency=low
13523761
1353 -- Steve Langasek <vorlon@debian.org> Tue, 28 Jul 2009 10:17:15 -07003762 -- Steve Langasek <vorlon@debian.org> Tue, 28 Jul 2009 10:17:15 -0700
13543763
3764openldap (2.4.15-1.1ubuntu1) karmic; urgency=low
3765
3766 * Resynchronise with Debian. Remaining changes:
3767 - AppArmor support:
3768 - debian/apparmor-profile: add AppArmor profile
3769 - debian/slapd.postinst: Reload AA profile on configuration
3770 - updated debian/slapd.README.Debian for note on AppArmor
3771 - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
3772 - debian/control: Conflicts with apparmor-profiles <<
3773 2.1+1075-0ubuntu4 to make sure that if earlier version of
3774 apparmor-profiles gets installed it won't overwrite our profile.
3775 - follow ApparmorProfileMigration and force apparmor complain mode on
3776 some upgrades
3777 - debian/slapd.dirs: add etc/apparmor.d/force-complain
3778 - debian/slapd.preinst: create symlink for force-complain on
3779 pre-feisty upgrades, upgrades where apparmor-profiles profile is
3780 unchanged (ie non-enforcing) and upgrades where apparmor profile
3781 does not exist.
3782 - debian/slapd.postrm: remove symlink in force-complain/ on purge
3783 - debian/patches/autogen.sh:
3784 - Call libtoolize with the --install option to install
3785 config.{guess,sub} files.
3786 - Don't use local statement in config script as it fails if /bin/sh
3787 points to bash.
3788 - debian/slapd.postinst, debian/slapd.script-common: set correct
3789 ownership and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group
3790 readable) and /var/run/slapd (world readable).
3791 - Enable nssoverlay:
3792 - debian/patches/nssov-build, debian/rules: Build and package the nss
3793 overlay.
3794 - debian/schema/misc.ldif: add ldif file for the misc schema which
3795 defines rfc822MailMember (required by the nss overlay).
3796 - debian/{control,rules}: enable PIE hardening
3797 - Use cn=config as the default configuration backend instead of
3798 slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade
3799 asking the end user to enter a new password to control the access to
3800 the cn=config tree.
3801 - Update priority of libldap-2.4-2 to match the archive override.
3802 - Add the missing ldapexop and ldapurl tools to ldap-utils, as well as
3803 the ldapurl(1) manpage.
3804 - Bump build-dependency on debhelper to 6 instead of 5, since that's
3805 what we're using.
3806 - Set the default SLAPD_SERVICES to ldap:/// ldapi:///, instead of using
3807 the built-in default of ldap:/// only.
3808 - debian/patches/fix-ldap_back_entry_get_rwa.patch: fix test-0034
3809 failure when built with PIE.
3810 - debian/patches/gnutls-enable-v1-ca-certs: Enable V1 CA certs to be
3811 trusted.
3812 - debian/slapd.postinst: create /var/run/slapd before updating its
3813 permissions.
3814 - debian/slapd.init: Correctly set slapd config backend option even if
3815 the pidfile is configured in slapd default file.
3816 * Drop patch to avoid the test suite on hppa, as hppa is EOL.
3817
3818 -- Colin Watson <cjwatson@ubuntu.com> Wed, 24 Jun 2009 10:45:20 +0100
3819
3820openldap (2.4.15-1.1) unstable; urgency=low
3821
3822 * Non-maintainer upload.
3823 * Change libltdl3-dev Build-Depends to libltdl-dev | libltdl3-dev
3824 (Closes: #522965)
3825
3826 -- Kurt Roeckx <kurt@roeckx.be> Sun, 19 Apr 2009 18:24:32 +0200
3827
3828openldap (2.4.15-1ubuntu3) jaunty; urgency=low
3829
3830 * No-change rebuild to fix lpia shared library dependencies.
3831
3832 -- Colin Watson <cjwatson@ubuntu.com> Thu, 19 Mar 2009 09:52:40 +0000
3833
3834openldap (2.4.15-1ubuntu2) jaunty; urgency=low
3835
3836 * debian/slapd.postinst: create /var/run/slapd before updating its
3837 permissions (LP: #298928).
3838 * debian/slapd.init: Correclty set slapd config backend option even if the
3839 pidfile is configured in slapd default file (LP: #292364).
3840 * debian/apparmor-profile: support multiple databases to be stored under
3841 /var/lib/ldap/. (LP: #286614).
3842
3843 -- Mathias Gug <mathiaz@ubuntu.com> Fri, 13 Mar 2009 13:56:12 -0400
3844
3845openldap (2.4.15-1ubuntu1) jaunty; urgency=low
3846
3847 [ Steve Langasek ]
3848 * Update priority of libldap-2.4-2 to match the archive override.
3849 * Add the missing ldapexop and ldapurl tools to ldap-utils, as well as the
3850 ldapurl(1) manpage. Thanks to Peter Marschall for the patch.
3851 Closes: #496749.
3852 * Bump build-dependency on debhelper to 6 instead of 5, since that's
3853 what we're using. Closes: #498116.
3854 * Set the default SLAPD_SERVICES to ldap:/// ldapi:///, instead of using
3855 the built-in default of ldap:/// only.
3856
3857 [ Mathias Gug ]
3858 * Merge from debian unstable, remaining changes:
3859 - Modify Maintainer value to match the DebianMaintainerField
3860 speficication.
3861 - AppArmor support:
3862 - debian/apparmor-profile: add AppArmor profile
3863 - debian/slapd.postinst: Reload AA profile on configuration
3864 - updated debian/slapd.README.Debian for note on AppArmor
3865 - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
3866 - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
3867 to make sure that if earlier version of apparmour-profiles gets
3868 installed it won't overwrite our profile.
3869 - follow ApparmorProfileMigration and force apparmor compalin mode on
3870 some upgrades (LP: #203529)
3871 - debian/slapd.dirs: add etc/apparmor.d/force-complain
3872 - debian/slapd.preinst: create symlink for force-complain on pre-feisty
3873 upgrades, upgrades where apparmor-profiles profile is unchanged (ie
3874 non-enforcing) and upgrades where apparmor profile does not exist.
3875 - debian/slapd.postrm: remove symlink in force-complain/ on purge
3876 - debian/control:
3877 - Build-depend on libltdl7-dev rather then libltdl3-dev.
3878 - debian/patches/autogen.sh:
3879 - Call libtoolize with the --install option to install config.{guess,sub}
3880 files.
3881 - Don't use local statement in config script as it fails if /bin/sh
3882 points to bash (LP: #286063).
3883 - Disable the testsuite on hppa. Allows building of packages on this
3884 architecture again, once this package is in the archive.
3885 LP: #288908.
3886 - debian/slapd.postinst, debian/slapd.script-common: set correct ownership
3887 and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group readable) and
3888 /var/run/slapd (world readable). (LP: #257667).
3889 - Enable nssoverlay:
3890 - debian/patches/nssov-build, debian/rules: Build and package
3891 the nss overlay.
3892 - debian/schema/misc.ldif: add ldif file for the misc schema
3893 which defines rfc822MailMember (required by the nss overlay).
3894 - debian/{control,rules}: enable PIE hardening
3895 - Use cn=config as the default configuration backend instead of
3896 slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade
3897 asking the end user to enter a new password to control the access to the
3898 cn=config tree.
3899 * Dropped:
3900 - debian/patches/corrupt-contextCSN: The contextCSN can get corrupted at
3901 times. (ITS: #5947) Fixed in new upstream version 2.4.15.
3902 - debian/patches/fix-ucred-libc due to changes how newer glibc handle
3903 the ucred struct now. Implemented in Debian.
3904 * debian/patches/fix-ldap_back_entry_get_rwa.patch: fix test-0034 failure
3905 when built with PIE.
3906 * debian/patches/gnutls-enable-v1-ca-certs: Enable V1 CA certs to be
3907 trusted (LP: #305264).
3908
3909 -- Mathias Gug <mathiaz@ubuntu.com> Fri, 06 Mar 2009 17:34:21 -0500
3910
1355openldap (2.4.15-1) unstable; urgency=low3911openldap (2.4.15-1) unstable; urgency=low
13563912
1357 * New upstream version3913 * New upstream version
@@ -1369,6 +3925,69 @@ openldap (2.4.15-1) unstable; urgency=low
13693925
1370 -- Steve Langasek <vorlon@debian.org> Tue, 24 Feb 2009 14:27:35 -08003926 -- Steve Langasek <vorlon@debian.org> Tue, 24 Feb 2009 14:27:35 -0800
13713927
3928openldap (2.4.14-0ubuntu1) jaunty; urgency=low
3929
3930 [ Steve Langasek ]
3931 * New upstream version
3932 - Fixes a bug with the pcache overlay not returning cached entries
3933 (closes: #497697)
3934 - Update evolution-ntlm patch to apply to current Makefiles.
3935 - (tentatively) drop gnutls-ciphers, since this bug was reported to be
3936 fixed upstream in 2.4.8. The fix applied in 2.4.8 didn't match the
3937 patch from the bug report, so this should be watched for regressions.
3938 * Build against db4.7 instead of db4.2 at last! Closes: #421946.
3939 * Build with --disable-ndb, to avoid a misbuild when libmysqlclient is
3940 installed in the build environment.
3941 * New patch, no-crlcheck-for-gnutls, to fix a build failure when using
3942 --with-tls=gnutls.
3943
3944 [ Mathias Gug ]
3945 * Merge from debian unstable, remaining changes:
3946 - debian/apparmor-profile: add AppArmor profile
3947 - debian/slapd.postinst: Reload AA profile on configuration
3948 - updated debian/slapd.README.Debian for note on AppArmor
3949 - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
3950 - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
3951 to make sure that if earlier version of apparmour-profiles gets
3952 installed it won't overwrite our profile.
3953 - Modify Maintainer value to match the DebianMaintainerField
3954 speficication.
3955 - follow ApparmorProfileMigration and force apparmor compalin mode on
3956 some upgrades (LP: #203529)
3957 - debian/slapd.dirs: add etc/apparmor.d/force-complain
3958 - debian/slapd.preinst: create symlink for force-complain on pre-feisty
3959 upgrades, upgrades where apparmor-profiles profile is unchanged (ie
3960 non-enforcing) and upgrades where apparmor profile does not exist.
3961 - debian/slapd.postrm: remove symlink in force-complain/ on purge
3962 - debian/patches/fix-ucred-libc due to changes how newer glibc handle
3963 the ucred struct now.
3964 - debian/control:
3965 - Build-depend on libltdl7-dev rather then libltdl3-dev.
3966 - debian/patches/autogen.sh:
3967 - Call libtoolize with the --install option to install config.{guess,sub}
3968 files.
3969 - Don't use local statement in config script as it fails if /bin/sh
3970 points to bash (LP: #286063).
3971 - Disable the testsuite on hppa. Allows building of packages on this
3972 architecture again, once this package is in the archive.
3973 LP: #288908.
3974 - debian/slapd.postinst, debian/slapd.script-common: set correct ownership
3975 and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group readable) and
3976 /var/run/slapd (world readable). (LP: #257667).
3977 - debian/patches/nssov-build, debian/rules:
3978 Build and package the nss overlay.
3979 debian/schema/misc.ldif: add ldif file for the misc schema, which defines
3980 rfc822MailMember (required by the nss overlay).
3981 - debian/{control,rules}: enable PIE hardening
3982 - Use cn=config as the default configuration backend instead of
3983 slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade
3984 asking the end user to enter a new password to control the access to the
3985 cn=config tree.
3986 * debian/patches/corrupt-contextCSN: The contextCSN can get corrupted at
3987 times. (ITS: #5947)
3988
3989 -- Mathias Gug <mathiaz@ubuntu.com> Wed, 18 Feb 2009 18:44:00 -0500
3990
1372openldap (2.4.11-1) unstable; urgency=low3991openldap (2.4.11-1) unstable; urgency=low
13733992
1374 * New upstream version (closes: #499560).3993 * New upstream version (closes: #499560).
@@ -1391,6 +4010,110 @@ openldap (2.4.11-1) unstable; urgency=low
13914010
1392 -- Steve Langasek <vorlon@debian.org> Sat, 11 Oct 2008 01:53:55 -07004011 -- Steve Langasek <vorlon@debian.org> Sat, 11 Oct 2008 01:53:55 -0700
13934012
4013openldap (2.4.11-0ubuntu7) jaunty; urgency=low
4014
4015 * Don't use local statement in config script as it fails if /bin/sh
4016 points to bash (LP: #286063).
4017
4018 -- Mathias Gug <mathiaz@ubuntu.com> Tue, 04 Nov 2008 20:03:46 -0500
4019
4020openldap (2.4.11-0ubuntu6) intrepid; urgency=low
4021
4022 * Disable the testsuite on hppa. Allows building of packages on this
4023 architecture again, once this package is in the archive.
4024 LP: #288908.
4025
4026 -- Matthias Klose <doko@ubuntu.com> Fri, 24 Oct 2008 23:22:33 +0200
4027
4028openldap (2.4.11-0ubuntu5) intrepid; urgency=low
4029
4030 * Don't set admin passwords in ldif files if adminpw is empty.
4031 (LP: #273988 - LP: #276606).
4032
4033 -- Mathias Gug <mathiaz@ubuntu.com> Mon, 13 Oct 2008 19:31:15 -0400
4034
4035openldap (2.4.11-0ubuntu4) intrepid; urgency=low
4036
4037 * debian/slapd.postinst, debian/slapd.script-common: set correct ownership
4038 and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group readable) and
4039 /var/run/slapd (world readable). (LP: #257667).
4040 * debian/slapd.script-common:
4041 - Fix package reconfiguration:
4042 + Remove slapd.d/ directory if it already exists when creating a new
4043 configuration.
4044 + Fix backup directory naming for multiple reconfiguration.
4045
4046 -- Mathias Gug <mathiaz@ubuntu.com> Wed, 24 Sep 2008 21:01:42 -0400
4047
4048openldap (2.4.11-0ubuntu3) intrepid; urgency=low
4049
4050 * debian/patches/nssov-build, debian/rules:
4051 Build and package the nss overlay.
4052 * debian/schema/misc.ldif: add ldif file for the misc schema, which defines
4053 rfc822MailMember (required by the nss overlay).
4054
4055 -- Mathias Gug <mathiaz@ubuntu.com> Tue, 26 Aug 2008 18:42:54 -0400
4056
4057openldap (2.4.11-0ubuntu2) intrepid; urgency=low
4058
4059 * debian/{control,rules}: enable PIE hardening
4060
4061 -- Kees Cook <kees@ubuntu.com> Wed, 20 Aug 2008 15:47:01 -0700
4062
4063openldap (2.4.11-0ubuntu1) intrepid; urgency=low
4064
4065 * New upstream version:
4066 - Mainly bug fixes.
4067 - New nss slapd overlay (not compiled by default).
4068 * Use cn=config as the default configuration backend instead of
4069 slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade
4070 asking the end user to enter a new password to control the access to the
4071 cn=config tree.
4072
4073 -- Mathias Gug <mathiaz@ubuntu.com> Mon, 11 Aug 2008 20:26:05 -0400
4074
4075openldap (2.4.10-3ubuntu1) intrepid; urgency=low
4076
4077 [ Mathias Gug ]
4078 * Merge from debian unstable, remaining changes:
4079 - debian/apparmor-profile: add AppArmor profile
4080 - debian/slapd.postinst: Reload AA profile on configuration
4081 - updated debian/slapd.README.Debian for note on AppArmor
4082 - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
4083 - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
4084 to make sure that if earlier version of apparmour-profiles gets
4085 installed it won't overwrite our profile.
4086 - Modify Maintainer value to match the DebianMaintainerField
4087 speficication.
4088 - follow ApparmorProfileMigration and force apparmor compalin mode on
4089 some upgrades (LP: #203529)
4090 - debian/slapd.dirs: add etc/apparmor.d/force-complain
4091 - debian/slapd.preinst: create symlink for force-complain on pre-feisty
4092 upgrades, upgrades where apparmor-profiles profile is unchanged (ie
4093 non-enforcing) and upgrades where apparmor profile does not exist.
4094 - debian/slapd.postrm: remove symlink in force-complain/ on purge
4095 - debian/patches/fix-ucred-libc due to changes how newer glibc handle
4096 the ucred struct now.
4097 - debian/patches/fix-unique-overlay-assertion.patch:
4098 Fix another assertion error in unique overlay (LP: #243337).
4099 Backport from head.
4100 * Dropped - implemented in Debian:
4101 - debian/patches/fix-gnutls-key-strength.patch:
4102 Fix slapd handling of ssf using gnutls. (LP: #244925).
4103 - debian/control:
4104 Add time as build dependency: needed by make test.
4105 * debian/control:
4106 - Build-depend on libltdl7-dev rather then libltdl3-dev.
4107 * debian/patches/autogen.sh:
4108 - Call libtoolize with the --install option to install config.{guess,sub}
4109 files.
4110
4111 [ Jamie Strandboge ]
4112 * adjust apparmor profile to allow gssapi (LP: #229252)
4113 * adjust apparmor profile to allow cnconfig (LP: #243525)
4114
4115 -- Mathias Gug <mathiaz@ubuntu.com> Wed, 30 Jul 2008 19:46:02 -0400
4116
1394openldap (2.4.10-3) unstable; urgency=low4117openldap (2.4.10-3) unstable; urgency=low
13954118
1396 [ Steve Langasek ]4119 [ Steve Langasek ]
@@ -1424,6 +4147,40 @@ openldap (2.4.10-3) unstable; urgency=low
14244147
1425 -- Steve Langasek <vorlon@debian.org> Mon, 28 Jul 2008 15:26:06 -07004148 -- Steve Langasek <vorlon@debian.org> Mon, 28 Jul 2008 15:26:06 -0700
14264149
4150openldap (2.4.10-2ubuntu1) intrepid; urgency=low
4151
4152 * Merge from debian unstable, remaining changes:
4153 - debian/apparmor-profile: add AppArmor profile
4154 - debian/slapd.postinst: Reload AA profile on configuration
4155 - updated debian/slapd.README.Debian for note on AppArmor
4156 - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
4157 - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
4158 to make sure that if earlier version of apparmour-profiles gets
4159 installed it won't overwrite our profile.
4160 - Modify Maintainer value to match the DebianMaintainerField
4161 speficication.
4162 - follow ApparmorProfileMigration and force apparmor compalin mode on
4163 some upgrades (LP: #203529)
4164 - debian/slapd.dirs: add etc/apparmor.d/force-complain
4165 - debian/slapd.preinst: create symlink for force-complain on pre-feisty
4166 upgrades, upgrades where apparmor-profiles profile is unchanged (ie
4167 non-enforcing) and upgrades where apparmor profile does not exist.
4168 - debian/slapd.postrm: remove symlink in force-complain/ on purge
4169 - debian/patches/fix-ucred-libc due to changes how newer glibc handle
4170 the ucred struct now.
4171 - debian/patches/fix-unique-overlay-assertion.patch:
4172 Fix another assertion error in unique overlay (LP: #243337).
4173 Backport from head.
4174 - debian/patches/fix-gnutls-key-strength.patch:
4175 Fix slapd handling of ssf using gnutls. (LP: #244925).
4176 - debian/control:
4177 Add time as build dependency: needed by make test.
4178 * Dropped - implemented in Debian:
4179 - debian/rules:
4180 Support debuild nocheck option: don't run tests if nocheck is set.
4181
4182 -- Mathias Gug <mathiaz@ubuntu.com> Thu, 10 Jul 2008 14:45:49 -0400
4183
1427openldap (2.4.10-2) unstable; urgency=low4184openldap (2.4.10-2) unstable; urgency=low
14284185
1429 * Support DEB_BUILD_OPTIONS=nocheck to disable running the test suite at4186 * Support DEB_BUILD_OPTIONS=nocheck to disable running the test suite at
@@ -1438,6 +4195,54 @@ openldap (2.4.10-2) unstable; urgency=low
14384195
1439 -- Steve Langasek <vorlon@debian.org> Sun, 06 Jul 2008 22:03:32 -07004196 -- Steve Langasek <vorlon@debian.org> Sun, 06 Jul 2008 22:03:32 -0700
14404197
4198openldap2.3 (2.4.10-1ubuntu1) intrepid; urgency=low
4199
4200 * Merge from debian unstable, remaining changes:
4201 - debian/apparmor-profile: add AppArmor profile
4202 - debian/slapd.postinst: Reload AA profile on configuration
4203 - updated debian/slapd.README.Debian for note on AppArmor
4204 - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
4205 - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
4206 to make sure that if earlier version of apparmour-profiles gets
4207 installed it won't overwrite our profile.
4208 - Modify Maintainer value to match the DebianMaintainerField
4209 speficication.
4210 - follow ApparmorProfileMigration and force apparmor compalin mode on
4211 some upgrades (LP: #203529)
4212 - debian/slapd.dirs: add etc/apparmor.d/force-complain
4213 - debian/slapd.preinst: create symlink for force-complain on pre-feisty
4214 upgrades, upgrades where apparmor-profiles profile is unchanged (ie
4215 non-enforcing) and upgrades where apparmor profile does not exist.
4216 - debian/slapd.postrm: remove symlink in force-complain/ on purge
4217 - debian/patches/fix-ucred-libc due to changes how newer glibc handle
4218 the ucred struct now.
4219 - debian/patches/fix-unique-overlay-assertion.patch:
4220 Fix another assertion error in unique overlay (LP: #243337).
4221 Backport from head.
4222 * debian/control:
4223 - add time as build dependency: needed by make test.
4224 * debian/rules:
4225 - support debuild nocheck option: don't run tests if nocheck is set.
4226 * debian/patches/fix-gnutls-key-strength.patch:
4227 - fix slapd handling of ssf using gnutls. (LP: #244925).
4228 * Dropped - accepted in Debian:
4229 - debian/rules, debian/slapd.links: use hard links to slapd instead of
4230 symlinks for slap* so these applications aren't confined by apparmor
4231 (LP: #203898)
4232 * Dropped - fixed in new upstream release:
4233 - debian/patches/fix-assertion-io.patch: Fixes ber_flush2 assertion.
4234 (LP: #215904)
4235 - debian/patches/fix-dnpretty-assertion.patch: Fix dnPrettyNormal assertion
4236 error. (LP: #234196)
4237 - dropped debian/patches/fix-notify-crasher.patch: Fix modify timestamp crashes.
4238 (LP: #220724)
4239 - debian/patches/fix-syncrepl-oops: Fixes segmentation fault when using
4240 syncrepl. (LP: #227178)
4241 - dropped debian/patches/SECURITY_CVE-2008-0658.patch. Already applied
4242 upstream.
4243
4244 -- Mathias Gug <mathiaz@ubuntu.com> Thu, 03 Jul 2008 14:15:08 -0400
4245
1441openldap2.3 (2.4.10-1) unstable; urgency=low4246openldap2.3 (2.4.10-1) unstable; urgency=low
14424247
1443 [ Steve Langasek ]4248 [ Steve Langasek ]
@@ -1462,6 +4267,64 @@ openldap2.3 (2.4.10-1) unstable; urgency=low
14624267
1463 -- Steve Langasek <vorlon@debian.org> Mon, 30 Jun 2008 04:28:34 -07004268 -- Steve Langasek <vorlon@debian.org> Mon, 30 Jun 2008 04:28:34 -0700
14644269
4270openldap2.3 (2.4.9-1ubuntu4) intrepid; urgency=low
4271
4272 * debian/patches/fix-unique-overlay-assertion.patch:
4273 - Fix another assertion error in unique overlay, backported from head.
4274 (LP: #243337) Note: This patch will still be needed when moved to 2.4.10
4275
4276 -- Chuck Short <zulcss@ubuntu.com> Mon, 30 Jun 2008 18:49:52 +0000
4277
4278openldap2.3 (2.4.9-1ubuntu3) intrepid; urgency=low
4279
4280 * Drop spurious dependency on hiemdal-dev. Caused by an aborted attempt to
4281 include the smbk5pwd overlay.
4282
4283 -- Chuck Short <zulcss@ubuntu.com> Wed, 11 Jun 2008 21:25:40 +0000
4284
4285openldap2.3 (2.4.9-1ubuntu2) intrepid; urgency=low
4286
4287 * Rebuild for perl 5.10 transition (LP: #230016)
4288 * debian/patches/fix-syncrepl-oops: Fixes segmentation fault when using
4289 syncrepl. (LP: #227178)
4290
4291 -- Chuck Short <zulcss@ubuntu.com> Mon, 09 Jun 2008 14:56:40 +0000
4292
4293openldap2.3 (2.4.9-1ubuntu1) intrepid; urgency=low
4294
4295 * Merge from debian unstable, remaining changes:
4296 - debian/apparmor-profile: add AppArmor profile
4297 - debian/slapd.postinst: Reload AA profile on configuration
4298 - updated debian/slapd.README.Debian for note on AppArmor
4299 - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
4300 - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
4301 to make sure that if earlier version of apparmour-profiles gets
4302 installed it won't overwrite our profile.
4303 - Modify Maintainer value to match the DebianMaintainerField
4304 speficication.
4305 - follow ApparmorProfileMigration and force apparmor compalin mode on
4306 some upgrades (LP: #203529)
4307 - debian/slapd.dirs: add etc/apparmor.d/force-complain
4308 - debian/slapd.preinst: create symlink for force-complain on pre-feisty
4309 upgrades, upgrades where apparmor-profiles profile is unchanged (ie
4310 non-enforcing) and upgrades where apparmor profile does not exist.
4311 - debian/slapd.postrm: remove symlink in force-complain/ on purge
4312 - debian/rules, debian/slapd.links: use hard links to slapd instead of
4313 symlinks for slap* so these applications aren't confined by apparmor
4314 (LP: #203898)
4315 - debian/patches/fix-assertion-io.patch: Fixes ber_flush2 assertion.
4316 (LP: #215904)
4317 - debian/patches/fix-dnpretty-assertion.patch: Fix dnPrettyNormal assertion
4318 error. (LP: #234196)
4319 - dropped debian/patches/fix-notify-crasher.patch: Fix modify timestamp crashes.
4320 (LP: #220724)
4321 - dropped debian/patches/SECURITY_CVE-2008-0658.patch. Already applied
4322 upstream.
4323 * Added debian/patches/fix-ucred-libc due to changes how newer glibc handle
4324 the ucred struct now.
4325
4326 -- Chuck Short <zulcss@ubuntu.com> Fri, 30 May 2008 17:09:53 +0100
4327
1465openldap2.3 (2.4.9-1) unstable; urgency=low4328openldap2.3 (2.4.9-1) unstable; urgency=low
14664329
1467 [ Updated debconf translations ]4330 [ Updated debconf translations ]
@@ -1532,6 +4395,51 @@ openldap2.3 (2.4.7-6.1) unstable; urgency=high
15324395
1533 -- Nico Golde <nion@debian.org> Tue, 04 Mar 2008 14:34:44 +01004396 -- Nico Golde <nion@debian.org> Tue, 04 Mar 2008 14:34:44 +0100
15344397
4398openldap2.3 (2.4.7-6ubuntu3) hardy; urgency=low
4399
4400 * remove apparmor-profile workaround for Launchpad #202161 (it's now fixed
4401 in klibc)
4402
4403 -- Jamie Strandboge <jamie@ubuntu.com> Mon, 07 Apr 2008 16:09:38 -0400
4404
4405openldap2.3 (2.4.7-6ubuntu2) hardy; urgency=low
4406
4407 * apparmor-profile workaround for Launchpad #202161
4408 * follow ApparmorProfileMigration and force apparmor complain mode on some
4409 upgrades (LP: #203529)
4410 - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
4411 - debian/slapd.dirs: add etc/apparmor.d/force-complain
4412 - debian/slapd.preinst: create symlink for force-complain/ on pre-feisty
4413 upgrades, upgrades where apparmor-profiles profile is unchanged (ie
4414 non-enforcing) and upgrades where apparmor profile does not exist
4415 - debian/slapd.postrm: remove symlink in force-complain/ on purge
4416 * debian/rules, debian/slapd.links: use hard links to slapd instead of
4417 symlinks for slap* so these applications aren't confined by apparmor
4418 (LP: #203898)
4419
4420 -- Jamie Strandboge <jamie@ubuntu.com> Tue, 18 Mar 2008 13:53:23 -0400
4421
4422openldap2.3 (2.4.7-6ubuntu1) hardy; urgency=low
4423
4424 * Merge from Debian unstable, remaining changes:
4425 + debian/patches/SECURITY_CVE-2008-0658.patch (LP: #197077)
4426 slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39
4427 allows remote authenticated users to cause a denial of service (daemon
4428 crash) via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION)
4429 control, a related issue to CVE-2007-6698.
4430 + debian/apparmor-profile: add AppArmor profile
4431 + debian/slapd.postinst: Reload AA profile on configuration
4432 + updated debian/slapd.README.Debian for note on AppArmor
4433 + debian/control: Replaces apparmor-profiles << 2.1+1075-0ubuntu4 as we
4434 should now take control
4435 + debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
4436 to make sure that if earlier version of apparmor-profiles gets
4437 installed it won't overwrite our profile
4438 + Modify Maintainer value to match the DebianMaintainerField
4439 specification.
4440
4441 -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 04 Mar 2008 01:59:51 +0000
4442
1535openldap2.3 (2.4.7-6) unstable; urgency=low4443openldap2.3 (2.4.7-6) unstable; urgency=low
15364444
1537 [ Updated debconf translations ]4445 [ Updated debconf translations ]
@@ -1577,6 +4485,37 @@ openldap2.3 (2.4.7-6) unstable; urgency=low
15774485
1578 -- Steve Langasek <vorlon@debian.org> Thu, 28 Feb 2008 22:15:17 -08004486 -- Steve Langasek <vorlon@debian.org> Thu, 28 Feb 2008 22:15:17 -0800
15794487
4488openldap2.3 (2.4.7-5ubuntu2) hardy; urgency=low
4489
4490 * SECURITY UPDATE:
4491 + debian/patches/SECURITY_CVE-2008-0658.patch (LP: #197077)
4492 slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39
4493 allows remote authenticated users to cause a denial of service (daemon crash)
4494 via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION) control, a related
4495 issue to CVE-2007-6698.
4496
4497 * References
4498 - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-0658
4499 - http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5358
4500
4501 -- Emanuele Gentili <emgent@emanuele-gentili.com> Sun, 02 Mar 2008 16:34:30 +0100
4502
4503openldap2.3 (2.4.7-5ubuntu1) hardy; urgency=low
4504
4505 * add AppArmor profile
4506 + debian/apparmor-profile
4507 + debian/slapd.postinst: Reload AA profile on configuration
4508 * updated debian/slapd.README.Debian for note on AppArmor
4509 * debian/control: Replaces apparmor-profiles << 2.1+1075-0ubuntu4 as we
4510 should now take control
4511 * debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
4512 to make sure that if earlier version of apparmor-profiles gets installed
4513 it won't overwrite our profile
4514 * Modify Maintainer value to match the DebianMaintainerField
4515 specification.
4516
4517 -- Jamie Strandboge <jamie@ubuntu.com> Wed, 13 Feb 2008 17:15:41 +0000
4518
1580openldap2.3 (2.4.7-5) unstable; urgency=low4519openldap2.3 (2.4.7-5) unstable; urgency=low
15814520
1582 [ Updated debconf translations ]4521 [ Updated debconf translations ]
diff --git a/debian/control b/debian/control
index 9b27cf6..bbe56e6 100644
--- a/debian/control
+++ b/debian/control
@@ -1,12 +1,14 @@
1Source: openldap1Source: openldap
2Section: net2Section: net
3Priority: optional3Priority: optional
4Maintainer: Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>4Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
5XSBC-Original-Maintainer: Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>
5Uploaders: Steve Langasek <vorlon@debian.org>,6Uploaders: Steve Langasek <vorlon@debian.org>,
6 Torsten Landschoff <torsten@debian.org>,7 Torsten Landschoff <torsten@debian.org>,
7 Ryan Tandy <ryan@nardis.ca>,8 Ryan Tandy <ryan@nardis.ca>,
8 Sergio Durigan Junior <sergiodj@debian.org>9 Sergio Durigan Junior <sergiodj@debian.org>
9Build-Depends: debhelper-compat (= 12),10Build-Depends: debhelper-compat (= 12),
11 dh-apparmor,
10 dpkg-dev (>= 1.17.14),12 dpkg-dev (>= 1.17.14),
11 groff-base,13 groff-base,
12 heimdal-multidev (>= 7.4.0.dfsg.1-1~) <!pkg.openldap.noslapd>,14 heimdal-multidev (>= 7.4.0.dfsg.1-1~) <!pkg.openldap.noslapd>,
@@ -21,7 +23,12 @@ Build-Depends: debhelper-compat (= 12),
21 perl:any,23 perl:any,
22 pkg-config (>= 0.29),24 pkg-config (>= 0.29),
23 po-debconf,25 po-debconf,
24 unixodbc-dev <!pkg.openldap.noslapd>26 unixodbc-dev <!pkg.openldap.noslapd>,
27 krb5-admin-server <!nocheck>,
28 krb5-user <!nocheck>,
29 krb5-kdc <!nocheck>,
30 libsasl2-modules-gssapi-mit <!nocheck>,
31 sasl2-bin <!nocheck>,
25Build-Conflicts: libbind-dev, bind-dev, autoconf2.1332Build-Conflicts: libbind-dev, bind-dev, autoconf2.13
26Standards-Version: 4.6.033Standards-Version: 4.6.0
27Homepage: https://www.openldap.org/34Homepage: https://www.openldap.org/
@@ -37,7 +44,7 @@ Depends: ${shlibs:Depends}, libldap-2.5-0 (= ${binary:Version}),
37 coreutils (>= 4.5.1-1), psmisc, perl:any (>> 5.8.0) | libmime-base64-perl,44 coreutils (>= 4.5.1-1), psmisc, perl:any (>> 5.8.0) | libmime-base64-perl,
38 adduser, lsb-base (>= 3.2-13), ${perl:Depends}, ${misc:Depends}45 adduser, lsb-base (>= 3.2-13), ${perl:Depends}, ${misc:Depends}
39Recommends: ldap-utils46Recommends: ldap-utils
40Suggests: libsasl2-modules,47Suggests: libsasl2-modules, ufw,
41 libsasl2-modules-gssapi-mit | libsasl2-modules-gssapi-heimdal48 libsasl2-modules-gssapi-mit | libsasl2-modules-gssapi-heimdal
42Conflicts: umich-ldapd, ldap-server, libltdl3 (= 1.5.4-1)49Conflicts: umich-ldapd, ldap-server, libltdl3 (= 1.5.4-1)
43Replaces: libldap2, ldap-utils (<< 2.2.23-3)50Replaces: libldap2, ldap-utils (<< 2.2.23-3)
diff --git a/debian/rules b/debian/rules
index dec3a84..24f1691 100755
--- a/debian/rules
+++ b/debian/rules
@@ -11,7 +11,7 @@ export DEB_CFLAGS_MAINT_APPEND := -Wall -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE
11export DEB_BUILD_MAINT_OPTIONS := hardening=+all11export DEB_BUILD_MAINT_OPTIONS := hardening=+all
1212
13# Expose maintainer address to build/mkversion (see debian/patches/set-maintainer-name)13# Expose maintainer address to build/mkversion (see debian/patches/set-maintainer-name)
14export DEB_MAINTAINER := $(shell sed -ne 's/Maintainer:\s\+//p' debian/control)14export DEB_MAINTAINER := $(shell sed -ne 's/^Maintainer:\s\+//p' debian/control)
1515
16# Expose DEB_VERSION to build/version.sh (see debian/patches/debian-version)16# Expose DEB_VERSION to build/version.sh (see debian/patches/debian-version)
17export DEB_VERSION17export DEB_VERSION
@@ -118,6 +118,22 @@ endif
118 find $(installdir)/usr/share/man -name \*.8 \118 find $(installdir)/usr/share/man -name \*.8 \
119 | xargs perl -pi -e 's#(\.TH \w+ 8)C#$$1#'119 | xargs perl -pi -e 's#(\.TH \w+ 8)C#$$1#'
120120
121ifeq ($(filter stage1,$(DEB_BUILD_PROFILES)),)
122override_dh_install-arch:
123 dh_install
124
125 # install AppArmor profile
126 install -D -m 644 $(CURDIR)/debian/apparmor-profile $(CURDIR)/debian/slapd/etc/apparmor.d/usr.sbin.slapd
127
128 # install Apport hook
129 install -D -m 644 $(CURDIR)/debian/slapd.py $(CURDIR)/debian/slapd/usr/share/apport/package-hooks/slapd.py
130
131 # install ufw profile
132 install -D -m 644 $(CURDIR)/debian/slapd.ufw.profile $(CURDIR)/debian/slapd/etc/ufw/applications.d/slapd
133
134 dh_apparmor -pslapd --profile-name=usr.sbin.slapd
135endif
136
121override_dh_installinit:137override_dh_installinit:
122 dh_installinit --no-restart-after-upgrade --error-handler=ignore_init_failure -- "defaults 19 80"138 dh_installinit --no-restart-after-upgrade --error-handler=ignore_init_failure -- "defaults 19 80"
123139
diff --git a/debian/slapd.README.Debian b/debian/slapd.README.Debian
index ff7d66b..a4f3f55 100644
--- a/debian/slapd.README.Debian
+++ b/debian/slapd.README.Debian
@@ -252,6 +252,17 @@ Modifications Compared to Upstream
252252
253 -- Russ Allbery <rra@debian.org>, Thu, 14 Feb 2008 18:47:07 -0800253 -- Russ Allbery <rra@debian.org>, Thu, 14 Feb 2008 18:47:07 -0800
254254
255Apparmor Profile
256----------------
257
258 If your system uses AppArmor, please note that the shipped enforcing profile
259 works with the default installation, and changes in your configuration may
260 require changes to the installed apparmor profile. Please see
261 https://wiki.ubuntu.com/DebuggingApparmor before filing a bug against this
262 software.
263
264 -- Jamie Strandboge <jamie@ubuntu.com>, Mon, 4 Feb 2008 21:18:21 -0500
265
255Migrating your installation to OpenLDAP 2.5.x266Migrating your installation to OpenLDAP 2.5.x
256267
257 OpenLDAP 2.5 is a major new release and includes several incompatible268 OpenLDAP 2.5 is a major new release and includes several incompatible
diff --git a/debian/slapd.py b/debian/slapd.py
258new file mode 100644269new file mode 100644
index 0000000..b1aed25
--- /dev/null
+++ b/debian/slapd.py
@@ -0,0 +1,51 @@
1#!/usr/bin/python3
2
3'''apport hook for slapd
4
5(c) 2010 Adam Sommer.
6Author: Adam Sommer <asommer@ubuntu.com>
7
8This program is free software; you can redistribute it and/or modify it
9under the terms of the GNU General Public License as published by the
10Free Software Foundation; either version 2 of the License, or (at your
11option) any later version. See http://www.gnu.org/copyleft/gpl.html for
12the full text of the license.
13'''
14
15from apport.hookutils import *
16import os
17
18# Scrub olcRootPW attribute and credentials strings if necessary.
19def scrub_pass_strings(config):
20 olcrootpw_regex = re.compile('olcRootPW:.*')
21 olcrootpw_string = olcrootpw_regex.search(config)
22 if olcrootpw_string:
23 config = config.replace(olcrootpw_string.group(0), 'olcRootPW: @@APPORTREPLACED@@')
24
25 credentials_regex = re.compile('credentials=.* ')
26 credentials_string = credentials_regex.search(config)
27 if credentials_string:
28 config = config.replace(credentials_string.group(0), 'credentials=@@APPORTREPLACED@@ ')
29
30 return config
31
32def add_info(report, ui):
33 response = ui.yesno("The contents of your /etc/ldap/slapd.d directory "
34 "may help developers diagnose your bug more "
35 "quickly. However, it may contain sensitive "
36 "information. Do you want to include it in your "
37 "bug report?")
38
39 if response == None: # user cancelled
40 raise StopIteration
41
42 elif response == True:
43 # Get the cn=config tree.
44 cn_config = root_command_output(['/usr/bin/ldapsearch', '-Q', '-LLL', '-Y EXTERNAL', '-H ldapi:///', '-b cn=config'])
45 report['CNConfig'] = scrub_pass_strings(cn_config)
46
47 # Get slapd messages from /var/log/syslog
48 slapd_re = re.compile('slapd', re.IGNORECASE)
49 report['SysLog'] = recent_syslog(slapd_re)
50
51 attach_mac_events(report, '/usr/sbin/slapd')
diff --git a/debian/slapd.ufw.profile b/debian/slapd.ufw.profile
0new file mode 10064452new file mode 100644
index 0000000..3c4f676
--- /dev/null
+++ b/debian/slapd.ufw.profile
@@ -0,0 +1,9 @@
1[OpenLDAP LDAP]
2title=OpenLDAP with TLS
3description=OpenLDAP is a free, fast, lightweight LDAP server
4ports=389/tcp
5
6[OpenLDAP LDAPS]
7title=OpenLDAP over SSL
8description=OpenLDAP is a free, fast, lightweight LDAP server
9ports=636/tcp

Subscribers

People subscribed via source and target branches