Merge ~sergiodj/ubuntu/+source/openldap:merge-2.6.3-lunar into ubuntu/+source/openldap:debian/experimental
- Git
- lp:~sergiodj/ubuntu/+source/openldap
- merge-2.6.3-lunar
- Merge into debian/experimental
Status: | Merged | ||||||||
---|---|---|---|---|---|---|---|---|---|
Merge reported by: | Sergio Durigan Junior | ||||||||
Merged at revision: | 5033e053d08335570f2d7264253205aa881a1c89 | ||||||||
Proposed branch: | ~sergiodj/ubuntu/+source/openldap:merge-2.6.3-lunar | ||||||||
Merge into: | ubuntu/+source/openldap:debian/experimental | ||||||||
Diff against target: |
3504 lines (+3123/-3) 7 files modified
debian/apparmor-profile (+61/-0) debian/changelog (+2970/-0) debian/control (+4/-2) debian/rules (+17/-1) debian/slapd.README.Debian (+11/-0) debian/slapd.py (+51/-0) debian/slapd.ufw.profile (+9/-0) |
||||||||
Related bugs: |
|
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Bryce Harrington (community) | Approve | ||
Canonical Server Reporter | Pending | ||
Review via email: mp+433313@code.launchpad.net |
Commit message
Description of the change
This is the merge of OpenLDAP 2.6.3 from Debian experimental. This merge will kick-off the OpenLDAP transition as well.
I've been maintaining OpenLDAP 2.6.x on Debian for a while now, so the only extra delta that we've been carrying (the addition of certain B-Ds needed for testing SASL/GSSAPI) had also been incorporated in Debian and therefore could be removed with this merge.
There's a bileto ticket with its corresponding PPA here:
https:/
https:/
The package is currently building as I write this, and I intend to mass-upload its reverse dependencies to the same PPA in order to test the transition beforehand. I will also update this MP with the dep8 test results once I have them.
Upstream OpenLDAP is going to release 2.6.4 soon-ish, but I'd like to start the transition ASAP so I'm going ahead with 2.6.3. I can always merge 2.6.4 when it comes out.
Sergio Durigan Junior (sergiodj) wrote : | # |
Thanks, Bryce.
Indeed, the maintainer fix is a bit confusing: it's marked as fixed in Debian but for some reason it isn't there. I will double check what happened; if all goes well, it's one less delta for us.
There are a few FTBFSes that happened during the mass revdep rebuild, but they're all unrelated to openldap. Nevertheless, I'm taking a closer look at them and making sure they won't cause any unforeseen problems.
I will go ahead and upload the package to -proposed soon, in order to start the transition.
Thanks again.
Preview Diff
1 | diff --git a/debian/apparmor-profile b/debian/apparmor-profile |
2 | new file mode 100644 |
3 | index 0000000..6a247aa |
4 | --- /dev/null |
5 | +++ b/debian/apparmor-profile |
6 | @@ -0,0 +1,61 @@ |
7 | +# vim:syntax=apparmor |
8 | +# Last Modified: Fri Jun 6 13:51:00 2020 |
9 | +# Author: Jamie Strandboge <jamie@ubuntu.com> |
10 | + |
11 | +#include <tunables/global> |
12 | + |
13 | +/usr/sbin/slapd { |
14 | + #include <abstractions/base> |
15 | + #include <abstractions/nameservice> |
16 | + #include <abstractions/p11-kit> |
17 | + |
18 | + #include <abstractions/ssl_keys> |
19 | + #include <abstractions/ssl_certs> |
20 | + |
21 | + /etc/sasldb2 r, |
22 | + |
23 | + capability dac_override, |
24 | + capability net_bind_service, |
25 | + capability setgid, |
26 | + capability setuid, |
27 | + |
28 | + /etc/gai.conf r, |
29 | + /etc/hosts.allow r, |
30 | + /etc/hosts.deny r, |
31 | + |
32 | + # ldap files |
33 | + /etc/ldap/** kr, |
34 | + /etc/ldap/slapd.d/** rw, |
35 | + |
36 | + # kerberos/gssapi |
37 | + /dev/tty rw, |
38 | + /etc/gss/mech.d/ r, |
39 | + /etc/gss/mech.d/* kr, |
40 | + /etc/krb5.keytab kr, |
41 | + /etc/krb5/user/*/client.keytab kr, |
42 | + owner /tmp/krb5cc_* rwk, |
43 | + owner /var/tmp/krb5_*.rcache2 rwk, |
44 | + /var/tmp/ rw, |
45 | + /var/tmp/** rw, |
46 | + |
47 | + # the databases and logs |
48 | + /var/lib/ldap/ r, |
49 | + /var/lib/ldap/** rwk, |
50 | + |
51 | + # lock file |
52 | + /var/lib/ldap/alock kw, |
53 | + |
54 | + # pid files and sockets |
55 | + /{,var/}run/slapd/* w, |
56 | + /{,var/}run/slapd/ldapi rw, |
57 | + /{,var/}run/nslcd/socket rw, |
58 | + /{,var/}run/saslauthd/mux rw, |
59 | + |
60 | + /usr/lib/ldap/ r, |
61 | + /usr/lib/ldap/* mr, |
62 | + |
63 | + /usr/sbin/slapd mr, |
64 | + |
65 | + # Site-specific additions and overrides. See local/README for details. |
66 | + #include <local/usr.sbin.slapd> |
67 | +} |
68 | diff --git a/debian/changelog b/debian/changelog |
69 | index b17e37b..8c309b7 100644 |
70 | --- a/debian/changelog |
71 | +++ b/debian/changelog |
72 | @@ -1,3 +1,28 @@ |
73 | +openldap (2.6.3+dfsg-1~exp1ubuntu1) lunar; urgency=medium |
74 | + |
75 | + * Merge with Debian unstable (LP: #1993426). Remaining changes: |
76 | + - Enable AppArmor support: |
77 | + + d/apparmor-profile: add AppArmor profile |
78 | + + d/rules: use dh_apparmor |
79 | + + d/control: Build-Depends on dh-apparmor |
80 | + + d/slapd.README.Debian: add note about AppArmor |
81 | + - Enable ufw support: |
82 | + + d/control: suggest ufw. |
83 | + + d/rules: install ufw profile. |
84 | + + d/slapd.ufw.profile: add ufw profile. |
85 | + - d/{rules,slapd.py}: Add apport hook. |
86 | + - d/rules: better regexp to match the Maintainer tag in d/control, |
87 | + needed in the Ubuntu case because of XSBC-Original-Maintainer |
88 | + (Closes #960448, LP #1875697) |
89 | + * Drop changes: |
90 | + - Enable SASL/GSSAPI tests. (LP #1976508) |
91 | + + d/control: Update B-D to include required dependencies needed to run |
92 | + SASL/GSSAPI tests during build time, and mark them "!nocheck". |
93 | + Thanks: Andreas Hasenack <andreas.hasenack@canonical.com> |
94 | + [ Incorporated by Debian. ] |
95 | + |
96 | + -- Sergio Durigan Junior <sergio.durigan@canonical.com> Fri, 18 Nov 2022 16:07:45 -0500 |
97 | + |
98 | openldap (2.6.3+dfsg-1~exp1) experimental; urgency=medium |
99 | |
100 | * d/rules: Remove get-orig-source, now unnecessary. |
101 | @@ -47,6 +72,94 @@ openldap (2.6.2+dfsg-1~exp1) experimental; urgency=medium |
102 | |
103 | -- Sergio Durigan Junior <sergiodj@debian.org> Fri, 20 May 2022 17:41:04 -0400 |
104 | |
105 | +openldap (2.5.13+dfsg-1ubuntu2) lunar; urgency=medium |
106 | + |
107 | + * Rebuild against new perlapi-5.36. |
108 | + |
109 | + -- Gianfranco Costamagna <locutusofborg@debian.org> Fri, 04 Nov 2022 16:50:13 +0100 |
110 | + |
111 | +openldap (2.5.13+dfsg-1ubuntu1) kinetic; urgency=medium |
112 | + |
113 | + * Merge with Debian unstable (LP: #1983618). Remaining changes: |
114 | + - Enable AppArmor support: |
115 | + + d/apparmor-profile: add AppArmor profile |
116 | + + d/rules: use dh_apparmor |
117 | + + d/control: Build-Depends on dh-apparmor |
118 | + + d/slapd.README.Debian: add note about AppArmor |
119 | + - Enable ufw support: |
120 | + + d/control: suggest ufw. |
121 | + + d/rules: install ufw profile. |
122 | + + d/slapd.ufw.profile: add ufw profile. |
123 | + - d/{rules,slapd.py}: Add apport hook. |
124 | + - d/rules: better regexp to match the Maintainer tag in d/control, |
125 | + needed in the Ubuntu case because of XSBC-Original-Maintainer |
126 | + (Closes #960448, LP #1875697) |
127 | + - Enable SASL/GSSAPI tests. (LP #1976508) |
128 | + + d/control: Update B-D to include required dependencies needed to run |
129 | + SASL/GSSAPI tests during build time, and mark them "!nocheck". |
130 | + Thanks: Andreas Hasenack <andreas.hasenack@canonical.com> |
131 | + |
132 | + -- Sergio Durigan Junior <sergio.durigan@canonical.com> Tue, 20 Sep 2022 15:30:47 -0400 |
133 | + |
134 | +openldap (2.5.12+dfsg-2ubuntu2) kinetic; urgency=medium |
135 | + |
136 | + * Enable SASL/GSSAPI tests. (LP: #1976508) |
137 | + - d/control: Update B-D to include required dependencies needed to run |
138 | + SASL/GSSAPI tests during build time, and mark them "!nocheck". |
139 | + Thanks: Andreas Hasenack <andreas.hasenack@canonical.com> |
140 | + |
141 | + -- Sergio Durigan Junior <sergio.durigan@canonical.com> Thu, 25 Aug 2022 16:20:08 -0400 |
142 | + |
143 | +openldap (2.5.12+dfsg-2ubuntu1) kinetic; urgency=medium |
144 | + |
145 | + * Merge with Debian unstable (LP: #1971305). Remaining changes: |
146 | + - Enable AppArmor support: |
147 | + + d/apparmor-profile: add AppArmor profile |
148 | + + d/rules: use dh_apparmor |
149 | + + d/control: Build-Depends on dh-apparmor |
150 | + + d/slapd.README.Debian: add note about AppArmor |
151 | + - Enable ufw support: |
152 | + + d/control: suggest ufw. |
153 | + + d/rules: install ufw profile. |
154 | + + d/slapd.ufw.profile: add ufw profile. |
155 | + - d/{rules,slapd.py}: Add apport hook. |
156 | + - d/rules: better regexp to match the Maintainer tag in d/control, |
157 | + needed in the Ubuntu case because of XSBC-Original-Maintainer |
158 | + (Closes #960448, LP #1875697) |
159 | + |
160 | + -- Sergio Durigan Junior <sergio.durigan@canonical.com> Mon, 06 Jun 2022 15:34:48 -0400 |
161 | + |
162 | +openldap (2.5.11+dfsg-1~exp1ubuntu3) jammy; urgency=medium |
163 | + |
164 | + * No-change rebuild to update maintainer scripts, see LP: 1959054 |
165 | + |
166 | + -- Dave Jones <dave.jones@canonical.com> Wed, 16 Feb 2022 17:15:26 +0000 |
167 | + |
168 | +openldap (2.5.11+dfsg-1~exp1ubuntu2) jammy; urgency=medium |
169 | + |
170 | + * No-change rebuild for the perl update. |
171 | + |
172 | + -- Matthias Klose <doko@ubuntu.com> Mon, 07 Feb 2022 07:51:42 +0100 |
173 | + |
174 | +openldap (2.5.11+dfsg-1~exp1ubuntu1) jammy; urgency=medium |
175 | + |
176 | + * Merge with Debian unstable (LP: #1946883). Remaining changes: |
177 | + - Enable AppArmor support: |
178 | + + d/apparmor-profile: add AppArmor profile |
179 | + + d/rules: use dh_apparmor |
180 | + + d/control: Build-Depends on dh-apparmor |
181 | + + d/slapd.README.Debian: add note about AppArmor |
182 | + - Enable ufw support: |
183 | + + d/control: suggest ufw. |
184 | + + d/rules: install ufw profile. |
185 | + + d/slapd.ufw.profile: add ufw profile. |
186 | + - d/{rules,slapd.py}: Add apport hook. |
187 | + - d/rules: better regexp to match the Maintainer tag in d/control, |
188 | + needed in the Ubuntu case because of XSBC-Original-Maintainer |
189 | + (Closes #960448, LP #1875697) |
190 | + |
191 | + -- Sergio Durigan Junior <sergio.durigan@canonical.com> Tue, 25 Jan 2022 17:06:12 -0500 |
192 | + |
193 | openldap (2.5.11+dfsg-1~exp1) experimental; urgency=medium |
194 | |
195 | * New upstream release. |
196 | @@ -78,6 +191,25 @@ openldap (2.5.7+dfsg-1~exp1) experimental; urgency=medium |
197 | |
198 | -- Ryan Tandy <ryan@nardis.ca> Mon, 30 Aug 2021 18:54:25 -0700 |
199 | |
200 | +openldap (2.5.6+dfsg-1~exp1ubuntu1) impish; urgency=medium |
201 | + |
202 | + * Merge with Debian unstable. Remaining changes: |
203 | + - Enable AppArmor support: |
204 | + + d/apparmor-profile: add AppArmor profile |
205 | + + d/rules: use dh_apparmor |
206 | + + d/control: Build-Depends on dh-apparmor |
207 | + + d/slapd.README.Debian: add note about AppArmor |
208 | + - Enable ufw support: |
209 | + + d/control: suggest ufw. |
210 | + + d/rules: install ufw profile. |
211 | + + d/slapd.ufw.profile: add ufw profile. |
212 | + - d/{rules,slapd.py}: Add apport hook. |
213 | + - d/rules: better regexp to match the Maintainer tag in d/control, |
214 | + needed in the Ubuntu case because of XSBC-Original-Maintainer |
215 | + (Closes #960448, LP #1875697) |
216 | + |
217 | + -- Sergio Durigan Junior <sergio.durigan@canonical.com> Tue, 17 Aug 2021 14:06:00 -0400 |
218 | + |
219 | openldap (2.5.6+dfsg-1~exp1) experimental; urgency=medium |
220 | |
221 | [ Ryan Tandy ] |
222 | @@ -112,6 +244,59 @@ openldap (2.5.6+dfsg-1~exp1) experimental; urgency=medium |
223 | |
224 | -- Ryan Tandy <ryan@nardis.ca> Mon, 16 Aug 2021 18:32:29 -0700 |
225 | |
226 | +openldap (2.5.5+dfsg-1~exp1ubuntu1) impish; urgency=medium |
227 | + |
228 | + * Merge with Debian unstable. Remaining changes: |
229 | + - Enable AppArmor support: |
230 | + + d/apparmor-profile: add AppArmor profile |
231 | + + d/rules: use dh_apparmor |
232 | + + d/control: Build-Depends on dh-apparmor |
233 | + + d/slapd.README.Debian: add note about AppArmor |
234 | + - Enable ufw support: |
235 | + + d/control: suggest ufw. |
236 | + + d/rules: install ufw profile. |
237 | + + d/slapd.ufw.profile: add ufw profile. |
238 | + - d/{rules,slapd.py}: Add apport hook. |
239 | + - d/rules: better regexp to match the Maintainer tag in d/control, |
240 | + needed in the Ubuntu case because of XSBC-Original-Maintainer |
241 | + (Closes #960448, LP #1875697) |
242 | + * Dropped changes: |
243 | + - Enable GSSAPI support (first added in 2.4.18-0ubuntu2): |
244 | + + d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): |
245 | + - Add --with-gssapi support |
246 | + - Make guess_service_principal() more robust when determining |
247 | + principal |
248 | + + d/configure.options: Configure with --with-gssapi |
249 | + + d/control: Added heimdal-dev as a build depend |
250 | + + d/rules: |
251 | + - Explicitly add -I/usr/include/heimdal to CFLAGS. |
252 | + - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS. |
253 | + + d/libldap-2.4-2.symbols: add symbols for GSSAPI support |
254 | + This should be dropped when the soname changes. |
255 | + [ Dropped as planned after soname bump due to 2.5.5 update. ] |
256 | + - Enable nss overlay: |
257 | + + d/rules: |
258 | + - add nssov to CONTRIB_MODULES |
259 | + - add sysconfdir to CONTRIB_MAKEVARS |
260 | + + d/slapd.install: install nssov overlay |
261 | + + d/slapd.manpages: install slapo-nssov(5) man page |
262 | + + d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding |
263 | + Debian bug #919136, we also have to patch the nssov makefile |
264 | + accordingly and thus update this patch. |
265 | + [ Dropped as planned after soname bump due to 2.5.5 update. ] |
266 | + - Add support for CLDAP (UDP) support, back then required by |
267 | + likewise-open (first enabled in 2.4.17-1ubuntu2): |
268 | + + d/rules: Enable -DLDAP_CONNECTIONLESS |
269 | + + d/libldap-2.4-2.symbols: add symbols for CLDAP (UDP) |
270 | + This should be dropped when the soname changes. |
271 | + [ Dropped as planned after soname bump due to 2.5.5 update. ] |
272 | + - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because |
273 | + of test timing issue. |
274 | + [ Dropped because the latest update improved the testcase and |
275 | + there is no FTBFS on riscv64 anymore. ] |
276 | + |
277 | + -- Sergio Durigan Junior <sergio.durigan@canonical.com> Tue, 15 Jun 2021 17:20:34 -0400 |
278 | + |
279 | openldap (2.5.5+dfsg-1~exp1) experimental; urgency=medium |
280 | |
281 | * New upstream release. |
282 | @@ -217,6 +402,53 @@ openldap (2.4.57+dfsg-3) unstable; urgency=medium |
283 | |
284 | -- Ryan Tandy <ryan@nardis.ca> Sat, 15 May 2021 16:03:34 -0700 |
285 | |
286 | +openldap (2.4.57+dfsg-2ubuntu1) hirsute; urgency=medium |
287 | + |
288 | + * Merge with Debian unstable. Remaining changes: |
289 | + - Enable AppArmor support: |
290 | + + d/apparmor-profile: add AppArmor profile |
291 | + + d/rules: use dh_apparmor |
292 | + + d/control: Build-Depends on dh-apparmor |
293 | + + d/slapd.README.Debian: add note about AppArmor |
294 | + - Enable GSSAPI support (first added in 2.4.18-0ubuntu2): |
295 | + + d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): |
296 | + - Add --with-gssapi support |
297 | + - Make guess_service_principal() more robust when determining |
298 | + principal |
299 | + + d/configure.options: Configure with --with-gssapi |
300 | + + d/control: Added heimdal-dev as a build depend |
301 | + + d/rules: |
302 | + - Explicitly add -I/usr/include/heimdal to CFLAGS. |
303 | + - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS. |
304 | + + d/libldap-2.4-2.symbols: add symbols for GSSAPI support |
305 | + This should be dropped when the soname changes. |
306 | + - Enable ufw support: |
307 | + + d/control: suggest ufw. |
308 | + + d/rules: install ufw profile. |
309 | + + d/slapd.ufw.profile: add ufw profile. |
310 | + - Enable nss overlay: |
311 | + + d/rules: |
312 | + - add nssov to CONTRIB_MODULES |
313 | + - add sysconfdir to CONTRIB_MAKEVARS |
314 | + + d/slapd.install: install nssov overlay |
315 | + + d/slapd.manpages: install slapo-nssov(5) man page |
316 | + + d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding |
317 | + Debian bug #919136, we also have to patch the nssov makefile |
318 | + accordingly and thus update this patch. |
319 | + - d/{rules,slapd.py}: Add apport hook. |
320 | + - Add support for CLDAP (UDP) support, back then required by |
321 | + likewise-open (first enabled in 2.4.17-1ubuntu2): |
322 | + + d/rules: Enable -DLDAP_CONNECTIONLESS |
323 | + + d/libldap-2.4-2.symbols: add symbols for CLDAP (UDP) |
324 | + This should be dropped when the soname changes. |
325 | + - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because |
326 | + of test timing issue. |
327 | + - d/rules: better regexp to match the Maintainer tag in d/control, |
328 | + needed in the Ubuntu case because of XSBC-Original-Maintainer |
329 | + (Closes #960448, LP #1875697) |
330 | + |
331 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 18 Feb 2021 10:15:38 -0500 |
332 | + |
333 | openldap (2.4.57+dfsg-2) unstable; urgency=medium |
334 | |
335 | * Fix slapd assertion failure in Certificate List Exact Assertion validation |
336 | @@ -246,6 +478,65 @@ openldap (2.4.57+dfsg-1) unstable; urgency=medium |
337 | |
338 | -- Ryan Tandy <ryan@nardis.ca> Sat, 23 Jan 2021 08:57:07 -0800 |
339 | |
340 | +openldap (2.4.56+dfsg-1ubuntu2) hirsute; urgency=medium |
341 | + |
342 | + * debian/apparmor-profile: add AppArmor rule for locking replay cache. |
343 | + In Hirsute, a change (presumably in src:krb5) has caused slapd to be |
344 | + denied by AppArmor for locking /var/tmp/krb5_*.rcache2. This is |
345 | + acceptable, so add it to the AppArmor profile. This fixes the dep8 |
346 | + test in src:krb5 that uses slapd for testing. |
347 | + |
348 | + -- Robie Basak <robie.basak@ubuntu.com> Tue, 26 Jan 2021 13:02:40 +0000 |
349 | + |
350 | +openldap (2.4.56+dfsg-1ubuntu1) hirsute; urgency=medium |
351 | + |
352 | + * Merge with Debian unstable. Remaining changes: |
353 | + - Enable AppArmor support: |
354 | + + d/apparmor-profile: add AppArmor profile |
355 | + + d/rules: use dh_apparmor |
356 | + + d/control: Build-Depends on dh-apparmor |
357 | + + d/slapd.README.Debian: add note about AppArmor |
358 | + - Enable GSSAPI support (first added in 2.4.18-0ubuntu2): |
359 | + + d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): |
360 | + - Add --with-gssapi support |
361 | + - Make guess_service_principal() more robust when determining |
362 | + principal |
363 | + + d/configure.options: Configure with --with-gssapi |
364 | + + d/control: Added heimdal-dev as a build depend |
365 | + + d/rules: |
366 | + - Explicitly add -I/usr/include/heimdal to CFLAGS. |
367 | + - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS. |
368 | + + d/libldap-2.4-2.symbols: add symbols for GSSAPI support |
369 | + This should be dropped when the soname changes. |
370 | + - Enable ufw support: |
371 | + + d/control: suggest ufw. |
372 | + + d/rules: install ufw profile. |
373 | + + d/slapd.ufw.profile: add ufw profile. |
374 | + - Enable nss overlay: |
375 | + + d/rules: |
376 | + - add nssov to CONTRIB_MODULES |
377 | + - add sysconfdir to CONTRIB_MAKEVARS |
378 | + + d/slapd.install: install nssov overlay |
379 | + + d/slapd.manpages: install slapo-nssov(5) man page |
380 | + + d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding |
381 | + Debian bug #919136, we also have to patch the nssov makefile |
382 | + accordingly and thus update this patch. |
383 | + - d/{rules,slapd.py}: Add apport hook. |
384 | + - Add support for CLDAP (UDP) support, back then required by |
385 | + likewise-open (first enabled in 2.4.17-1ubuntu2): |
386 | + + d/rules: Enable -DLDAP_CONNECTIONLESS |
387 | + + d/libldap-2.4-2.symbols: add symbols for CLDAP (UDP) |
388 | + This should be dropped when the soname changes. |
389 | + - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because |
390 | + of test timing issue. |
391 | + - d/rules: better regexp to match the Maintainer tag in d/control, |
392 | + needed in the Ubuntu case because of XSBC-Original-Maintainer |
393 | + (Closes #960448, LP #1875697) |
394 | + * d/apparmor-profile: use abstractions/ssl_keys instead of manual rules, |
395 | + allows letsencrypt to work. Thanks to Paul McEnery (LP: #1909748) |
396 | + |
397 | + -- Paride Legovini <paride.legovini@canonical.com> Mon, 04 Jan 2021 16:18:57 +0100 |
398 | + |
399 | openldap (2.4.56+dfsg-1) unstable; urgency=medium |
400 | |
401 | * New upstream release. |
402 | @@ -272,12 +563,151 @@ openldap (2.4.54+dfsg-1) unstable; urgency=medium |
403 | |
404 | -- Ryan Tandy <ryan@nardis.ca> Sun, 18 Oct 2020 16:03:46 +0000 |
405 | |
406 | +openldap (2.4.53+dfsg-1ubuntu5) hirsute; urgency=medium |
407 | + |
408 | + * SECURITY UPDATE: assertion failure in Certificate List syntax |
409 | + validation |
410 | + - debian/patches/CVE-2020-25709.patch: properly handle error in |
411 | + servers/slapd/schema_init.c. |
412 | + - CVE-2020-25709 |
413 | + * SECURITY UPDATE: assertion failure in CSN normalization with invalid |
414 | + input |
415 | + - debian/patches/CVE-2020-25710.patch: properly handle error in |
416 | + servers/slapd/schema_init.c. |
417 | + - CVE-2020-25710 |
418 | + |
419 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 17 Nov 2020 09:41:47 -0500 |
420 | + |
421 | +openldap (2.4.53+dfsg-1ubuntu4) hirsute; urgency=medium |
422 | + |
423 | + * SECURITY UPDATE: DoS via NULL pointer dereference |
424 | + - debian/patches/CVE-2020-25692.patch: skip normalization if there's no |
425 | + equality rule in servers/slapd/modrdn.c. |
426 | + - CVE-2020-25692 |
427 | + |
428 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 09 Nov 2020 14:02:02 -0500 |
429 | + |
430 | +openldap (2.4.53+dfsg-1ubuntu3) hirsute; urgency=medium |
431 | + |
432 | + * No-change rebuild for the perl update. |
433 | + |
434 | + -- Matthias Klose <doko@ubuntu.com> Mon, 09 Nov 2020 12:53:38 +0100 |
435 | + |
436 | +openldap (2.4.53+dfsg-1ubuntu2) hirsute; urgency=medium |
437 | + |
438 | + * No-change rebuild for the perl update. |
439 | + |
440 | + -- Matthias Klose <doko@ubuntu.com> Mon, 09 Nov 2020 10:51:32 +0100 |
441 | + |
442 | +openldap (2.4.53+dfsg-1ubuntu1) groovy; urgency=medium |
443 | + |
444 | + * Merge with Debian unstable (LP: #1894838). Remaining changes: |
445 | + - Enable AppArmor support: |
446 | + + d/apparmor-profile: add AppArmor profile |
447 | + + d/rules: use dh_apparmor |
448 | + + d/control: Build-Depends on dh-apparmor |
449 | + + d/slapd.README.Debian: add note about AppArmor |
450 | + - Enable GSSAPI support (first added in 2.4.18-0ubuntu2): |
451 | + + d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): |
452 | + - Add --with-gssapi support |
453 | + - Make guess_service_principal() more robust when determining |
454 | + principal |
455 | + + d/configure.options: Configure with --with-gssapi |
456 | + + d/control: Added heimdal-dev as a build depend |
457 | + + d/rules: |
458 | + - Explicitly add -I/usr/include/heimdal to CFLAGS. |
459 | + - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS. |
460 | + + d/libldap-2.4-2.symbols: add symbols for GSSAPI support |
461 | + This should be dropped when the soname changes. |
462 | + - Enable ufw support: |
463 | + + d/control: suggest ufw. |
464 | + + d/rules: install ufw profile. |
465 | + + d/slapd.ufw.profile: add ufw profile. |
466 | + - Enable nss overlay: |
467 | + + d/rules: |
468 | + - add nssov to CONTRIB_MODULES |
469 | + - add sysconfdir to CONTRIB_MAKEVARS |
470 | + + d/slapd.install: install nssov overlay |
471 | + + d/slapd.manpages: install slapo-nssov(5) man page |
472 | + + d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding |
473 | + Debian bug #919136, we also have to patch the nssov makefile |
474 | + accordingly and thus update this patch. |
475 | + - d/{rules,slapd.py}: Add apport hook. |
476 | + - Add support for CLDAP (UDP) support, back then required by |
477 | + likewise-open (first enabled in 2.4.17-1ubuntu2): |
478 | + + d/rules: Enable -DLDAP_CONNECTIONLESS |
479 | + + d/libldap-2.4-2.symbols: add symbols for CLDAP (UDP) |
480 | + This should be dropped when the soname changes. |
481 | + - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because |
482 | + of test timing issue. |
483 | + - d/rules: better regexp to match the Maintainer tag in d/control, |
484 | + needed in the Ubuntu case because of XSBC-Original-Maintainer |
485 | + (Closes #960448, LP #1875697) |
486 | + |
487 | + -- Andreas Hasenack <andreas@canonical.com> Tue, 08 Sep 2020 09:36:58 -0300 |
488 | + |
489 | openldap (2.4.53+dfsg-1) unstable; urgency=medium |
490 | |
491 | * New upstream release. |
492 | |
493 | -- Ryan Tandy <ryan@nardis.ca> Mon, 07 Sep 2020 09:47:28 -0700 |
494 | |
495 | +openldap (2.4.51+dfsg-1ubuntu1) groovy; urgency=medium |
496 | + |
497 | + * Merge with Debian unstable. Remaining changes: |
498 | + - Enable AppArmor support: |
499 | + + d/apparmor-profile: add AppArmor profile |
500 | + + d/rules: use dh_apparmor |
501 | + + d/control: Build-Depends on dh-apparmor |
502 | + + d/slapd.README.Debian: add note about AppArmor |
503 | + - Enable GSSAPI support (first added in 2.4.18-0ubuntu2): |
504 | + + d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): |
505 | + - Add --with-gssapi support |
506 | + - Make guess_service_principal() more robust when determining |
507 | + principal |
508 | + + d/configure.options: Configure with --with-gssapi |
509 | + + d/control: Added heimdal-dev as a build depend |
510 | + + d/rules: |
511 | + - Explicitly add -I/usr/include/heimdal to CFLAGS. |
512 | + - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS. |
513 | + + d/libldap-2.4-2.symbols: add symbols for GSSAPI support |
514 | + This should be dropped when the soname changes. |
515 | + - Enable ufw support: |
516 | + + d/control: suggest ufw. |
517 | + + d/rules: install ufw profile. |
518 | + + d/slapd.ufw.profile: add ufw profile. |
519 | + - Enable nss overlay: |
520 | + + d/rules: |
521 | + - add nssov to CONTRIB_MODULES |
522 | + - add sysconfdir to CONTRIB_MAKEVARS |
523 | + + d/slapd.install: install nssov overlay |
524 | + + d/slapd.manpages: install slapo-nssov(5) man page |
525 | + + d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding |
526 | + Debian bug #919136, we also have to patch the nssov makefile |
527 | + accordingly and thus update this patch. |
528 | + - d/{rules,slapd.py}: Add apport hook. |
529 | + - Add support for CLDAP (UDP) support, back then required by |
530 | + likewise-open (first enabled in 2.4.17-1ubuntu2): |
531 | + + d/rules: Enable -DLDAP_CONNECTIONLESS |
532 | + + d/libldap-2.4-2.symbols: add symbols for CLDAP (UDP) |
533 | + This should be dropped when the soname changes. |
534 | + - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because |
535 | + of test timing issue. |
536 | + - d/rules: better regexp to match the Maintainer tag in d/control, |
537 | + needed in the Ubuntu case because of XSBC-Original-Maintainer |
538 | + (Closes #960448, LP #1875697) |
539 | + * Dropped: |
540 | + - d/{slapd.default,slapd.README.Debian}: use the new configuration style. |
541 | + [In 2.4.51+dfsg-1] |
542 | + - d/slapd.scripts-common: |
543 | + + add slapcat_opts to local variables. |
544 | + + Fix backup directory naming for multiple reconfiguration. |
545 | + [In 2.4.51+dfsg-1] |
546 | + - debian/patches/set-maintainer-name: our d/rules change needs to |
547 | + be kept, but this patch is in 2.4.51+dfsg-1. |
548 | + |
549 | + -- Andreas Hasenack <andreas@canonical.com> Wed, 26 Aug 2020 11:03:24 -0300 |
550 | + |
551 | openldap (2.4.51+dfsg-1) unstable; urgency=medium |
552 | |
553 | * New upstream release. |
554 | @@ -323,6 +753,85 @@ openldap (2.4.51+dfsg-1) unstable; urgency=medium |
555 | |
556 | -- Ryan Tandy <ryan@nardis.ca> Sun, 23 Aug 2020 11:09:57 -0700 |
557 | |
558 | +openldap (2.4.50+dfsg-1ubuntu3) groovy; urgency=medium |
559 | + |
560 | + * No change rebuild against new libnettle8 and libhogweed6 ABI. |
561 | + |
562 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 29 Jun 2020 22:31:30 +0100 |
563 | + |
564 | +openldap (2.4.50+dfsg-1ubuntu2) groovy; urgency=medium |
565 | + |
566 | + * d/apparmor-profile: Update apparmor profile to grant access to |
567 | + the saslauthd socket, so that SASL authentication works. (LP: #1557157) |
568 | + |
569 | + -- Sergio Durigan Junior <sergio.durigan@canonical.com> Fri, 12 Jun 2020 18:20:42 -0400 |
570 | + |
571 | +openldap (2.4.50+dfsg-1ubuntu1) groovy; urgency=medium |
572 | + |
573 | + * Merge with Debian unstable. Remaining changes: |
574 | + - Enable AppArmor support: |
575 | + + d/apparmor-profile: add AppArmor profile |
576 | + + d/rules: use dh_apparmor |
577 | + + d/control: Build-Depends on dh-apparmor |
578 | + + d/slapd.README.Debian: add note about AppArmor |
579 | + - Enable GSSAPI support (first added in 2.4.18-0ubuntu2): |
580 | + + d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): |
581 | + - Add --with-gssapi support |
582 | + - Make guess_service_principal() more robust when determining |
583 | + principal |
584 | + + d/configure.options: Configure with --with-gssapi |
585 | + + d/control: Added heimdal-dev as a build depend |
586 | + + d/rules: |
587 | + - Explicitly add -I/usr/include/heimdal to CFLAGS. |
588 | + - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS. |
589 | + + d/libldap-2.4-2.symbols: add symbols for GSSAPI support |
590 | + This should be dropped when the soname changes. |
591 | + - Enable ufw support: |
592 | + + d/control: suggest ufw. |
593 | + + d/rules: install ufw profile. |
594 | + + d/slapd.ufw.profile: add ufw profile. |
595 | + - Enable nss overlay: |
596 | + + d/rules: |
597 | + - add nssov to CONTRIB_MODULES |
598 | + - add sysconfdir to CONTRIB_MAKEVARS |
599 | + + d/slapd.install: |
600 | + - install nssov overlay |
601 | + + d/slapd.manpages: |
602 | + - install slapo-nssov(5) man page |
603 | + + d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding |
604 | + Debian bug #919136, we also have to patch the nssov makefile |
605 | + accordingly and thus update this patch. |
606 | + - d/{rules,slapd.py}: Add apport hook. |
607 | + - d/slapd.scripts-common: |
608 | + + add slapcat_opts to local variables. |
609 | + + Fix backup directory naming for multiple reconfiguration. |
610 | + - d/{slapd.default,slapd.README.Debian}: use the new configuration style. |
611 | + - Add support for CLDAP (UDP) support, back then required by |
612 | + likewise-open (first enabled in 2.4.17-1ubuntu2): |
613 | + + d/rules: Enable -DLDAP_CONNECTIONLESS |
614 | + + d/libldap-2.4-2.symbols: add symbols for CLDAP (UDP) |
615 | + This should be dropped when the soname changes. |
616 | + - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because |
617 | + of test timing issue. |
618 | + * Dropped: |
619 | + - d/slapd.init.ldif: don't set olcRootDN since it's not defined in |
620 | + either the default DIT nor via an Authn mapping. |
621 | + [Not worth keeping a delta for, as having olcRootDN doesn't hurt] |
622 | + - Show distribution in version: |
623 | + - d/control: added lsb-release |
624 | + - d/patches/fix-ldap-distribution.patch: show distribution in version |
625 | + [Debian now shows the full package version] |
626 | + - SECURITY UPDATE: denial of service via nested search filters |
627 | + + debian/patches/CVE-2020-12243.patch: limit depth of nested |
628 | + filters in servers/slapd/filter.c. |
629 | + [Fixed upstream] |
630 | + * Added: |
631 | + - d/rules, debian/patches/set-maintainer-name: Extract maintainer |
632 | + address dynamically from debian/control. Thanks to Ryan Tandy |
633 | + <ryan@nardis.ca> (Closes: #960448, LP: #1875697) |
634 | + |
635 | + -- Andreas Hasenack <andreas@canonical.com> Mon, 01 Jun 2020 09:19:58 -0300 |
636 | + |
637 | openldap (2.4.50+dfsg-1) unstable; urgency=medium |
638 | |
639 | * New upstream release. |
640 | @@ -365,6 +874,69 @@ openldap (2.4.49+dfsg-3) unstable; urgency=medium |
641 | |
642 | -- Ryan Tandy <ryan@nardis.ca> Sat, 04 Apr 2020 10:43:56 -0700 |
643 | |
644 | +openldap (2.4.49+dfsg-2ubuntu2) groovy; urgency=medium |
645 | + |
646 | + * SECURITY UPDATE: denial of service via nested search filters |
647 | + - debian/patches/CVE-2020-12243.patch: limit depth of nested filters in |
648 | + servers/slapd/filter.c. |
649 | + - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because of |
650 | + test timing issue. |
651 | + - CVE-2020-12243 |
652 | + |
653 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 01 May 2020 13:09:12 -0400 |
654 | + |
655 | +openldap (2.4.49+dfsg-2ubuntu1) focal; urgency=medium |
656 | + |
657 | + * Merge with Debian unstable (LP: #1866303). Remaining changes: |
658 | + - Enable AppArmor support: |
659 | + - d/apparmor-profile: add AppArmor profile |
660 | + - d/rules: use dh_apparmor |
661 | + - d/control: Build-Depends on dh-apparmor |
662 | + - d/slapd.README.Debian: add note about AppArmor |
663 | + - Enable GSSAPI support: |
664 | + - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): |
665 | + - Add --with-gssapi support |
666 | + - Make guess_service_principal() more robust when determining |
667 | + principal |
668 | + [Dropped the ldap_gssapi_bind_s() hunk as that is already |
669 | + - d/configure.options: Configure with --with-gssapi |
670 | + - d/control: Added heimdal-dev as a build depend |
671 | + - d/rules: |
672 | + - Explicitly add -I/usr/include/heimdal to CFLAGS. |
673 | + - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS. |
674 | + - Enable ufw support: |
675 | + - d/control: suggest ufw. |
676 | + - d/rules: install ufw profile. |
677 | + - d/slapd.ufw.profile: add ufw profile. |
678 | + - Enable nss overlay: |
679 | + - d/rules: |
680 | + - add nssov to CONTRIB_MODULES |
681 | + - add sysconfdir to CONTRIB_MAKEVARS |
682 | + - d/slapd.install: |
683 | + - install nssov overlay |
684 | + - d/slapd.manpages: |
685 | + - install slapo-nssov(5) man page |
686 | + - d/{rules,slapd.py}: Add apport hook. |
687 | + - d/slapd.init.ldif: don't set olcRootDN since it's not defined in |
688 | + either the default DIT nor via an Authn mapping. |
689 | + - d/slapd.scripts-common: |
690 | + - add slapcat_opts to local variables. |
691 | + - Fix backup directory naming for multiple reconfiguration. |
692 | + - d/{slapd.default,slapd.README.Debian}: use the new configuration style. |
693 | + - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support |
694 | + in the openldap library, as required by Likewise-Open |
695 | + - Show distribution in version: |
696 | + - d/control: added lsb-release |
697 | + - d/patches/fix-ldap-distribution.patch: show distribution in version |
698 | + - d/libldap-2.4-2.symbols: Add symbols not present in Debian. |
699 | + - CLDAP (UDP) was added in 2.4.17-1ubuntu2 |
700 | + - GSSAPI support was enabled in 2.4.18-0ubuntu2 |
701 | + - d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding |
702 | + Debian bug #919136, we also have to patch the nssov makefile |
703 | + accordingly and thus update this patch. |
704 | + |
705 | + -- Andreas Hasenack <andreas@canonical.com> Fri, 06 Mar 2020 11:39:12 -0300 |
706 | + |
707 | openldap (2.4.49+dfsg-2) unstable; urgency=medium |
708 | |
709 | * slapd.README.Debian: Document the initial setup performed by slapd's |
710 | @@ -376,6 +948,62 @@ openldap (2.4.49+dfsg-2) unstable; urgency=medium |
711 | |
712 | -- Ryan Tandy <ryan@nardis.ca> Thu, 05 Mar 2020 12:59:46 -0800 |
713 | |
714 | +openldap (2.4.49+dfsg-1ubuntu1) focal; urgency=medium |
715 | + |
716 | + * Merge with Debian unstable. Remaining changes: |
717 | + - Enable AppArmor support: |
718 | + - d/apparmor-profile: add AppArmor profile |
719 | + - d/rules: use dh_apparmor |
720 | + - d/control: Build-Depends on dh-apparmor |
721 | + - d/slapd.README.Debian: add note about AppArmor |
722 | + - Enable GSSAPI support: |
723 | + - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): |
724 | + - Add --with-gssapi support |
725 | + - Make guess_service_principal() more robust when determining |
726 | + principal |
727 | + [Dropped the ldap_gssapi_bind_s() hunk as that is already |
728 | + - d/configure.options: Configure with --with-gssapi |
729 | + - d/control: Added heimdal-dev as a build depend |
730 | + - d/rules: |
731 | + - Explicitly add -I/usr/include/heimdal to CFLAGS. |
732 | + - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS. |
733 | + - Enable ufw support: |
734 | + - d/control: suggest ufw. |
735 | + - d/rules: install ufw profile. |
736 | + - d/slapd.ufw.profile: add ufw profile. |
737 | + - Enable nss overlay: |
738 | + - d/rules: |
739 | + - add nssov to CONTRIB_MODULES |
740 | + - add sysconfdir to CONTRIB_MAKEVARS |
741 | + - d/slapd.install: |
742 | + - install nssov overlay |
743 | + - d/slapd.manpages: |
744 | + - install slapo-nssov(5) man page |
745 | + - d/{rules,slapd.py}: Add apport hook. |
746 | + - d/slapd.init.ldif: don't set olcRootDN since it's not defined in |
747 | + either the default DIT nor via an Authn mapping. |
748 | + - d/slapd.scripts-common: |
749 | + - add slapcat_opts to local variables. |
750 | + - Fix backup directory naming for multiple reconfiguration. |
751 | + - d/{slapd.default,slapd.README.Debian}: use the new configuration style. |
752 | + - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support |
753 | + in the openldap library, as required by Likewise-Open |
754 | + - Show distribution in version: |
755 | + - d/control: added lsb-release |
756 | + - d/patches/fix-ldap-distribution.patch: show distribution in version |
757 | + - d/libldap-2.4-2.symbols: Add symbols not present in Debian. |
758 | + - CLDAP (UDP) was added in 2.4.17-1ubuntu2 |
759 | + - GSSAPI support was enabled in 2.4.18-0ubuntu2 |
760 | + - d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding |
761 | + Debian bug #919136, we also have to patch the nssov makefile |
762 | + accordingly and thus update this patch. |
763 | + * Dropped: |
764 | + - d/control: slapd can depend on perl:any since it only uses perl for |
765 | + some maintainer and helper scripts. |
766 | + [In 2.4.49+dfsg-1] |
767 | + |
768 | + -- Andreas Hasenack <andreas@canonical.com> Mon, 10 Feb 2020 12:13:47 -0300 |
769 | + |
770 | openldap (2.4.49+dfsg-1) unstable; urgency=medium |
771 | |
772 | * New upstream release. |
773 | @@ -404,6 +1032,102 @@ openldap (2.4.49+dfsg-1) unstable; urgency=medium |
774 | |
775 | -- Ryan Tandy <ryan@nardis.ca> Thu, 06 Feb 2020 10:08:12 -0800 |
776 | |
777 | +openldap (2.4.48+dfsg-1ubuntu4) focal; urgency=medium |
778 | + |
779 | + * d/control: slapd can depend on perl:any since it only uses perl for |
780 | + some maintainer and helper scripts. The perl backend links against |
781 | + the correct architecture perl libraries already. Can be dropped |
782 | + after https://salsa.debian.org/openldap-team/openldap/commit/794c736 |
783 | + is in a Debian upload. |
784 | + |
785 | + -- Andreas Hasenack <andreas@canonical.com> Mon, 06 Jan 2020 16:46:11 -0300 |
786 | + |
787 | +openldap (2.4.48+dfsg-1ubuntu3) focal; urgency=medium |
788 | + |
789 | + * No-change rebuild against libnettle7 |
790 | + |
791 | + -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 31 Oct 2019 22:13:44 +0000 |
792 | + |
793 | +openldap (2.4.48+dfsg-1ubuntu2) focal; urgency=medium |
794 | + |
795 | + * No-change rebuild for the perl update. |
796 | + |
797 | + -- Matthias Klose <doko@ubuntu.com> Fri, 18 Oct 2019 19:37:23 +0000 |
798 | + |
799 | +openldap (2.4.48+dfsg-1ubuntu1) eoan; urgency=medium |
800 | + |
801 | + * Merge with Debian unstable. Remaining changes: |
802 | + - Enable AppArmor support: |
803 | + - d/apparmor-profile: add AppArmor profile |
804 | + - d/rules: use dh_apparmor |
805 | + - d/control: Build-Depends on dh-apparmor |
806 | + - d/slapd.README.Debian: add note about AppArmor |
807 | + - Enable GSSAPI support: |
808 | + - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): |
809 | + - Add --with-gssapi support |
810 | + - Make guess_service_principal() more robust when determining |
811 | + principal |
812 | + - d/configure.options: Configure with --with-gssapi |
813 | + - d/control: Added heimdal-dev as a build depend |
814 | + - d/rules: |
815 | + - Explicitly add -I/usr/include/heimdal to CFLAGS. |
816 | + - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS. |
817 | + - Enable ufw support: |
818 | + - d/control: suggest ufw. |
819 | + - d/rules: install ufw profile. |
820 | + - d/slapd.ufw.profile: add ufw profile. |
821 | + - Enable nss overlay: |
822 | + - d/rules: |
823 | + - add nssov to CONTRIB_MODULES |
824 | + - add sysconfdir to CONTRIB_MAKEVARS |
825 | + - d/slapd.install: |
826 | + - install nssov overlay |
827 | + - d/slapd.manpages: |
828 | + - install slapo-nssov(5) man page |
829 | + - d/{rules,slapd.py}: Add apport hook. |
830 | + - d/slapd.init.ldif: don't set olcRootDN since it's not defined in |
831 | + either the default DIT nor via an Authn mapping. |
832 | + - d/slapd.scripts-common: |
833 | + - add slapcat_opts to local variables. |
834 | + - Fix backup directory naming for multiple reconfiguration. |
835 | + - d/{slapd.default,slapd.README.Debian}: use the new configuration style. |
836 | + - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support |
837 | + in the openldap library, as required by Likewise-Open |
838 | + - Show distribution in version: |
839 | + - d/control: added lsb-release |
840 | + - d/patches/fix-ldap-distribution.patch: show distribution in version |
841 | + - d/libldap-2.4-2.symbols: Add symbols not present in Debian. |
842 | + - CLDAP (UDP) was added in 2.4.17-1ubuntu2 |
843 | + - GSSAPI support was enabled in 2.4.18-0ubuntu2 |
844 | + - d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding |
845 | + Debian bug #919136, we also have to patch the nssov makefile |
846 | + accordingly and thus update this patch. |
847 | + * Dropped: |
848 | + - Fix sysv-generator unit file by customizing parameters (LP #1821343) |
849 | + + d/slapd-remain-after-exit.conf: Override RemainAfterExit to allow |
850 | + correct systemctl status for slapd daemon. |
851 | + + d/slapd.install: place override file in correct location. |
852 | + [Included in 2.4.48+dfsg-1] |
853 | + - SECURITY UPDATE: rootDN proxyauthz not restricted to its own databases |
854 | + + debian/patches/CVE-2019-13057-1.patch: add restriction to |
855 | + servers/slapd/saslauthz.c. |
856 | + + debian/patches/CVE-2019-13057-2.patch: add tests to |
857 | + tests/data/idassert.out, tests/data/slapd-idassert.conf, |
858 | + tests/data/test-idassert1.ldif, tests/scripts/test028-idassert. |
859 | + + debian/patches/CVE-2019-13057-3.patch: fix typo in |
860 | + tests/scripts/test028-idassert. |
861 | + + debian/patches/CVE-2019-13057-4.patch: fix typo in |
862 | + tests/scripts/test028-idassert. |
863 | + + CVE-2019-13057 |
864 | + [Fixed upstream] |
865 | + - SECURITY UPDATE: SASL SSF not initialized per connection |
866 | + + debian/patches/CVE-2019-13565.patch: zero out sasl_ssf in |
867 | + connection_init in servers/slapd/connection.c. |
868 | + + CVE-2019-13565 |
869 | + [Fixed upstream] |
870 | + |
871 | + -- Andreas Hasenack <andreas@canonical.com> Wed, 31 Jul 2019 18:01:14 -0300 |
872 | + |
873 | openldap (2.4.48+dfsg-1) unstable; urgency=medium |
874 | |
875 | * New upstream release. |
876 | @@ -431,6 +1155,87 @@ openldap (2.4.48+dfsg-1) unstable; urgency=medium |
877 | |
878 | -- Ryan Tandy <ryan@nardis.ca> Thu, 25 Jul 2019 08:32:00 -0700 |
879 | |
880 | +openldap (2.4.47+dfsg-3ubuntu3) eoan; urgency=medium |
881 | + |
882 | + * SECURITY UPDATE: rootDN proxyauthz not restricted to its own databases |
883 | + - debian/patches/CVE-2019-13057-1.patch: add restriction to |
884 | + servers/slapd/saslauthz.c. |
885 | + - debian/patches/CVE-2019-13057-2.patch: add tests to |
886 | + tests/data/idassert.out, tests/data/slapd-idassert.conf, |
887 | + tests/data/test-idassert1.ldif, tests/scripts/test028-idassert. |
888 | + - debian/patches/CVE-2019-13057-3.patch: fix typo in |
889 | + tests/scripts/test028-idassert. |
890 | + - debian/patches/CVE-2019-13057-4.patch: fix typo in |
891 | + tests/scripts/test028-idassert. |
892 | + - CVE-2019-13057 |
893 | + * SECURITY UPDATE: SASL SSF not initialized per connection |
894 | + - debian/patches/CVE-2019-13565.patch: zero out sasl_ssf in |
895 | + connection_init in servers/slapd/connection.c. |
896 | + - CVE-2019-13565 |
897 | + |
898 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 26 Jul 2019 13:21:00 -0400 |
899 | + |
900 | +openldap (2.4.47+dfsg-3ubuntu2) disco; urgency=medium |
901 | + |
902 | + * Fix sysv-generator unit file by customizing parameters (LP: #1821343) |
903 | + - d/slapd-remain-after-exit.conf: Override RemainAfterExit to allow |
904 | + correct systemctl status for slapd daemon. |
905 | + - d/slapd.install: place override file in correct location. |
906 | + |
907 | + -- Heitor Alves de Siqueira <halves@canonical.com> Mon, 08 Apr 2019 12:39:12 -0300 |
908 | + |
909 | +openldap (2.4.47+dfsg-3ubuntu1) disco; urgency=medium |
910 | + |
911 | + * Merge with Debian unstable. Remaining changes: |
912 | + - Enable AppArmor support: |
913 | + - d/apparmor-profile: add AppArmor profile |
914 | + - d/rules: use dh_apparmor |
915 | + - d/control: Build-Depends on dh-apparmor |
916 | + - d/slapd.README.Debian: add note about AppArmor |
917 | + - Enable GSSAPI support: |
918 | + - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): |
919 | + - Add --with-gssapi support |
920 | + - Make guess_service_principal() more robust when determining |
921 | + principal |
922 | + - d/configure.options: Configure with --with-gssapi |
923 | + - d/control: Added heimdal-dev as a build depend |
924 | + - d/rules: |
925 | + - Explicitly add -I/usr/include/heimdal to CFLAGS. |
926 | + - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS. |
927 | + - Enable ufw support: |
928 | + - d/control: suggest ufw. |
929 | + - d/rules: install ufw profile. |
930 | + - d/slapd.ufw.profile: add ufw profile. |
931 | + - Enable nss overlay: |
932 | + - d/rules: |
933 | + - add nssov to CONTRIB_MODULES |
934 | + - add sysconfdir to CONTRIB_MAKEVARS |
935 | + - d/slapd.install: |
936 | + - install nssov overlay |
937 | + - d/slapd.manpages: |
938 | + - install slapo-nssov(5) man page |
939 | + - d/{rules,slapd.py}: Add apport hook. |
940 | + - d/slapd.init.ldif: don't set olcRootDN since it's not defined in |
941 | + either the default DIT nor via an Authn mapping. |
942 | + - d/slapd.scripts-common: |
943 | + - add slapcat_opts to local variables. |
944 | + - Fix backup directory naming for multiple reconfiguration. |
945 | + - d/{slapd.default,slapd.README.Debian}: use the new configuration style. |
946 | + - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support |
947 | + in the openldap library, as required by Likewise-Open |
948 | + - Show distribution in version: |
949 | + - d/control: added lsb-release |
950 | + - d/patches/fix-ldap-distribution.patch: show distribution in version |
951 | + - d/libldap-2.4-2.symbols: Add symbols not present in Debian. |
952 | + - CLDAP (UDP) was added in 2.4.17-1ubuntu2 |
953 | + - GSSAPI support was enabled in 2.4.18-0ubuntu2 |
954 | + * Added changes: |
955 | + - d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding |
956 | + Debian bug #919136, we also have to patch the nssov makefile |
957 | + accordingly and thus update this patch. |
958 | + |
959 | + -- Andreas Hasenack <andreas@canonical.com> Mon, 11 Feb 2019 09:20:47 -0200 |
960 | + |
961 | openldap (2.4.47+dfsg-3) unstable; urgency=medium |
962 | |
963 | * Restore patches to contrib Makefiles to set CFLAGS, CPPFLAGS, and LDFLAGS |
964 | @@ -446,6 +1251,63 @@ openldap (2.4.47+dfsg-3) unstable; urgency=medium |
965 | |
966 | -- Ryan Tandy <ryan@nardis.ca> Sat, 02 Feb 2019 10:30:10 -0800 |
967 | |
968 | +openldap (2.4.47+dfsg-2ubuntu1) disco; urgency=medium |
969 | + |
970 | + * Merge from Debian unstable (LP: #1811630). Remaining changes: |
971 | + - Enable AppArmor support: |
972 | + - d/apparmor-profile: add AppArmor profile |
973 | + - d/rules: use dh_apparmor |
974 | + - d/control: Build-Depends on dh-apparmor |
975 | + - d/slapd.README.Debian: add note about AppArmor |
976 | + - Enable GSSAPI support: |
977 | + - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): |
978 | + - Add --with-gssapi support |
979 | + - Make guess_service_principal() more robust when determining |
980 | + principal |
981 | + - d/configure.options: Configure with --with-gssapi |
982 | + - d/control: Added heimdal-dev as a build depend |
983 | + - d/rules: |
984 | + - Explicitly add -I/usr/include/heimdal to CFLAGS. |
985 | + - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS. |
986 | + - Enable ufw support: |
987 | + - d/control: suggest ufw. |
988 | + - d/rules: install ufw profile. |
989 | + - d/slapd.ufw.profile: add ufw profile. |
990 | + - Enable nss overlay: |
991 | + - d/rules: |
992 | + - add nssov to CONTRIB_MODULES |
993 | + - add sysconfdir to CONTRIB_MAKEVARS |
994 | + - d/slapd.install: |
995 | + - install nssov overlay |
996 | + - d/slapd.manpages: |
997 | + - install slapo-nssov(5) man page |
998 | + - d/{rules,slapd.py}: Add apport hook. |
999 | + - d/slapd.init.ldif: don't set olcRootDN since it's not defined in |
1000 | + either the default DIT nor via an Authn mapping. |
1001 | + - d/slapd.scripts-common: |
1002 | + - add slapcat_opts to local variables. |
1003 | + - Fix backup directory naming for multiple reconfiguration. |
1004 | + - d/{slapd.default,slapd.README.Debian}: use the new configuration style. |
1005 | + - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support |
1006 | + in the openldap library, as required by Likewise-Open |
1007 | + - Show distribution in version: |
1008 | + - d/control: added lsb-release |
1009 | + - d/patches/fix-ldap-distribution.patch: show distribution in version |
1010 | + - d/libldap-2.4-2.symbols: Add symbols not present in Debian. |
1011 | + - CLDAP (UDP) was added in 2.4.17-1ubuntu2 |
1012 | + - GSSAPI support was enabled in 2.4.18-0ubuntu2 |
1013 | + * Update nssov build and packaging for Debian changes: |
1014 | + - Drop patch nssov-build |
1015 | + - d/rules: |
1016 | + - add nssov to CONTRIB_MODULES |
1017 | + - add sysconfdir to CONTRIB_MAKEVARS |
1018 | + - d/slapd.install: |
1019 | + - install nssov overlay |
1020 | + - d/slapd.manpages: |
1021 | + - install slapo-nssov(5) man page |
1022 | + |
1023 | + -- Ryan Tandy <ryan@nardis.ca> Sun, 13 Jan 2019 04:47:09 +0000 |
1024 | + |
1025 | openldap (2.4.47+dfsg-2) unstable; urgency=medium |
1026 | |
1027 | * Reintroduce slapi-dev binary package. (Closes: #711469) |
1028 | @@ -483,6 +1345,63 @@ openldap (2.4.47+dfsg-1) unstable; urgency=medium |
1029 | |
1030 | -- Ryan Tandy <ryan@nardis.ca> Sun, 23 Dec 2018 12:50:40 -0800 |
1031 | |
1032 | +openldap (2.4.46+dfsg-5ubuntu3) disco; urgency=medium |
1033 | + |
1034 | + * d/apparmor-profile: update apparmor profile to allow reading of |
1035 | + files needed when slapd is behaving as a kerberos/gssapi client |
1036 | + and acquiring its own ticket. (LP: #1783183) |
1037 | + |
1038 | + -- Andreas Hasenack <andreas@canonical.com> Fri, 09 Nov 2018 21:29:51 -0200 |
1039 | + |
1040 | +openldap (2.4.46+dfsg-5ubuntu2) disco; urgency=medium |
1041 | + |
1042 | + * No-change rebuild for the perl 5.28 transition. |
1043 | + |
1044 | + -- Adam Conrad <adconrad@ubuntu.com> Fri, 02 Nov 2018 18:14:37 -0600 |
1045 | + |
1046 | +openldap (2.4.46+dfsg-5ubuntu1) cosmic; urgency=medium |
1047 | + |
1048 | + * Merge from Debian unstable. Remaining changes: |
1049 | + - Enable AppArmor support: |
1050 | + - d/apparmor-profile: add AppArmor profile |
1051 | + - d/rules: use dh_apparmor |
1052 | + - d/control: Build-Depends on dh-apparmor |
1053 | + - d/slapd.README.Debian: add note about AppArmor |
1054 | + - Enable GSSAPI support: |
1055 | + - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): |
1056 | + - Add --with-gssapi support |
1057 | + - Make guess_service_principal() more robust when determining |
1058 | + principal |
1059 | + - d/configure.options: Configure with --with-gssapi |
1060 | + - d/control: Added heimdal-dev as a build depend |
1061 | + - d/rules: |
1062 | + - Explicitly add -I/usr/include/heimdal to CFLAGS. |
1063 | + - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS. |
1064 | + - Enable ufw support: |
1065 | + - d/control: suggest ufw. |
1066 | + - d/rules: install ufw profile. |
1067 | + - d/slapd.ufw.profile: add ufw profile. |
1068 | + - Enable nss overlay: |
1069 | + - d/{patches/nssov-build,rules}: Apply, build and package the |
1070 | + nss overlay. |
1071 | + - d/{rules,slapd.py}: Add apport hook. |
1072 | + - d/slapd.init.ldif: don't set olcRootDN since it's not defined in |
1073 | + either the default DIT nor via an Authn mapping. |
1074 | + - d/slapd.scripts-common: |
1075 | + - add slapcat_opts to local variables. |
1076 | + - Fix backup directory naming for multiple reconfiguration. |
1077 | + - d/{slapd.default,slapd.README.Debian}: use the new configuration style. |
1078 | + - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support |
1079 | + in the openldap library, as required by Likewise-Open |
1080 | + - Show distribution in version: |
1081 | + - d/control: added lsb-release |
1082 | + - d/patches/fix-ldap-distribution.patch: show distribution in version |
1083 | + - d/libldap-2.4-2.symbols: Add symbols not present in Debian. |
1084 | + - CLDAP (UDP) was added in 2.4.17-1ubuntu2 |
1085 | + - GSSAPI support was enabled in 2.4.18-0ubuntu2 |
1086 | + |
1087 | + -- Gianfranco Costamagna <locutusofborg@debian.org> Wed, 09 May 2018 13:44:37 +0200 |
1088 | + |
1089 | openldap (2.4.46+dfsg-5) unstable; urgency=medium |
1090 | |
1091 | * Restore slapd-smbk5pwd now that libldap is installable in unstable. |
1092 | @@ -502,6 +1421,49 @@ openldap (2.4.46+dfsg-3) unstable; urgency=medium |
1093 | |
1094 | -- Ryan Tandy <ryan@nardis.ca> Fri, 04 May 2018 07:36:58 -0700 |
1095 | |
1096 | +openldap (2.4.46+dfsg-2ubuntu1) cosmic; urgency=low |
1097 | + |
1098 | + * Merge from Debian unstable. Remaining changes: |
1099 | + - Enable AppArmor support: |
1100 | + - d/apparmor-profile: add AppArmor profile |
1101 | + - d/rules: use dh_apparmor |
1102 | + - d/control: Build-Depends on dh-apparmor |
1103 | + - d/slapd.README.Debian: add note about AppArmor |
1104 | + - Enable GSSAPI support: |
1105 | + - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): |
1106 | + - Add --with-gssapi support |
1107 | + - Make guess_service_principal() more robust when determining |
1108 | + principal |
1109 | + - d/configure.options: Configure with --with-gssapi |
1110 | + - d/control: Added heimdal-dev as a build depend |
1111 | + - d/rules: |
1112 | + - Explicitly add -I/usr/include/heimdal to CFLAGS. |
1113 | + - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS. |
1114 | + - Enable ufw support: |
1115 | + - d/control: suggest ufw. |
1116 | + - d/rules: install ufw profile. |
1117 | + - d/slapd.ufw.profile: add ufw profile. |
1118 | + - Enable nss overlay: |
1119 | + - d/{patches/nssov-build,rules}: Apply, build and package the |
1120 | + nss overlay. |
1121 | + - d/{rules,slapd.py}: Add apport hook. |
1122 | + - d/slapd.init.ldif: don't set olcRootDN since it's not defined in |
1123 | + either the default DIT nor via an Authn mapping. |
1124 | + - d/slapd.scripts-common: |
1125 | + - add slapcat_opts to local variables. |
1126 | + - Fix backup directory naming for multiple reconfiguration. |
1127 | + - d/{slapd.default,slapd.README.Debian}: use the new configuration style. |
1128 | + - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support |
1129 | + in the openldap library, as required by Likewise-Open |
1130 | + - Show distribution in version: |
1131 | + - d/control: added lsb-release |
1132 | + - d/patches/fix-ldap-distribution.patch: show distribution in version |
1133 | + - d/libldap-2.4-2.symbols: Add symbols not present in Debian. |
1134 | + - CLDAP (UDP) was added in 2.4.17-1ubuntu2 |
1135 | + - GSSAPI support was enabled in 2.4.18-0ubuntu2 |
1136 | + |
1137 | + -- Gianfranco Costamagna <locutusofborg@debian.org> Fri, 04 May 2018 10:19:24 +0200 |
1138 | + |
1139 | openldap (2.4.46+dfsg-2) unstable; urgency=medium |
1140 | |
1141 | * Remove version constraint from libldap-2.4-2 dependency on libldap-common. |
1142 | @@ -531,6 +1493,49 @@ openldap (2.4.46+dfsg-1) unstable; urgency=medium |
1143 | |
1144 | -- Ryan Tandy <ryan@nardis.ca> Thu, 03 May 2018 07:03:30 -0700 |
1145 | |
1146 | +openldap (2.4.45+dfsg-1ubuntu1) artful; urgency=low |
1147 | + |
1148 | + * Merge from Debian unstable. Remaining changes: |
1149 | + - Enable AppArmor support: |
1150 | + - d/apparmor-profile: add AppArmor profile |
1151 | + - d/rules: use dh_apparmor |
1152 | + - d/control: Build-Depends on dh-apparmor |
1153 | + - d/slapd.README.Debian: add note about AppArmor |
1154 | + - Enable GSSAPI support: |
1155 | + - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): |
1156 | + - Add --with-gssapi support |
1157 | + - Make guess_service_principal() more robust when determining |
1158 | + principal |
1159 | + - d/configure.options: Configure with --with-gssapi |
1160 | + - d/control: Added heimdal-dev as a build depend |
1161 | + - d/rules: |
1162 | + - Explicitly add -I/usr/include/heimdal to CFLAGS. |
1163 | + - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS. |
1164 | + - Enable ufw support: |
1165 | + - d/control: suggest ufw. |
1166 | + - d/rules: install ufw profile. |
1167 | + - d/slapd.ufw.profile: add ufw profile. |
1168 | + - Enable nss overlay: |
1169 | + - d/{patches/nssov-build,rules}: Apply, build and package the |
1170 | + nss overlay. |
1171 | + - d/{rules,slapd.py}: Add apport hook. |
1172 | + - d/slapd.init.ldif: don't set olcRootDN since it's not defined in |
1173 | + either the default DIT nor via an Authn mapping. |
1174 | + - d/slapd.scripts-common: |
1175 | + - add slapcat_opts to local variables. |
1176 | + - Fix backup directory naming for multiple reconfiguration. |
1177 | + - d/{slapd.default,slapd.README.Debian}: use the new configuration style. |
1178 | + - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support |
1179 | + in the openldap library, as required by Likewise-Open |
1180 | + - Show distribution in version: |
1181 | + - d/control: added lsb-release |
1182 | + - d/patches/fix-ldap-distribution.patch: show distribution in version |
1183 | + - d/libldap-2.4-2.symbols: Add symbols not present in Debian. |
1184 | + - CLDAP (UDP) was added in 2.4.17-1ubuntu2 |
1185 | + - GSSAPI support was enabled in 2.4.18-0ubuntu2 |
1186 | + |
1187 | + -- Gianfranco Costamagna <locutusofborg@debian.org> Fri, 28 Jul 2017 14:49:07 +0200 |
1188 | + |
1189 | openldap (2.4.45+dfsg-1) unstable; urgency=medium |
1190 | |
1191 | * New upstream release. |
1192 | @@ -572,6 +1577,49 @@ openldap (2.4.45+dfsg-1) unstable; urgency=medium |
1193 | |
1194 | -- Ryan Tandy <ryan@nardis.ca> Thu, 27 Jul 2017 18:04:41 -0700 |
1195 | |
1196 | +openldap (2.4.44+dfsg-8ubuntu1) artful; urgency=low |
1197 | + |
1198 | + * Merge from Debian unstable. Remaining changes: |
1199 | + - Enable AppArmor support: |
1200 | + - d/apparmor-profile: add AppArmor profile |
1201 | + - d/rules: use dh_apparmor |
1202 | + - d/control: Build-Depends on dh-apparmor |
1203 | + - d/slapd.README.Debian: add note about AppArmor |
1204 | + - Enable GSSAPI support: |
1205 | + - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): |
1206 | + - Add --with-gssapi support |
1207 | + - Make guess_service_principal() more robust when determining |
1208 | + principal |
1209 | + - d/configure.options: Configure with --with-gssapi |
1210 | + - d/control: Added heimdal-dev as a build depend |
1211 | + - d/rules: |
1212 | + - Explicitly add -I/usr/include/heimdal to CFLAGS. |
1213 | + - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS. |
1214 | + - Enable ufw support: |
1215 | + - d/control: suggest ufw. |
1216 | + - d/rules: install ufw profile. |
1217 | + - d/slapd.ufw.profile: add ufw profile. |
1218 | + - Enable nss overlay: |
1219 | + - d/{patches/nssov-build,rules}: Apply, build and package the |
1220 | + nss overlay. |
1221 | + - d/{rules,slapd.py}: Add apport hook. |
1222 | + - d/slapd.init.ldif: don't set olcRootDN since it's not defined in |
1223 | + either the default DIT nor via an Authn mapping. |
1224 | + - d/slapd.scripts-common: |
1225 | + - add slapcat_opts to local variables. |
1226 | + - Fix backup directory naming for multiple reconfiguration. |
1227 | + - d/{slapd.default,slapd.README.Debian}: use the new configuration style. |
1228 | + - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support |
1229 | + in the openldap library, as required by Likewise-Open |
1230 | + - Show distribution in version: |
1231 | + - d/control: added lsb-release |
1232 | + - d/patches/fix-ldap-distribution.patch: show distribution in version |
1233 | + - d/libldap-2.4-2.symbols: Add symbols not present in Debian. |
1234 | + - CLDAP (UDP) was added in 2.4.17-1ubuntu2 |
1235 | + - GSSAPI support was enabled in 2.4.18-0ubuntu2 |
1236 | + |
1237 | + -- Gianfranco Costamagna <locutusofborg@debian.org> Mon, 17 Jul 2017 10:58:24 +0200 |
1238 | + |
1239 | openldap (2.4.44+dfsg-8) unstable; urgency=medium |
1240 | |
1241 | * Disable test060-mt-hot on ppc64el temporarily to avoid failing tests until |
1242 | @@ -582,6 +1630,52 @@ openldap (2.4.44+dfsg-8) unstable; urgency=medium |
1243 | |
1244 | -- Ryan Tandy <ryan@nardis.ca> Sun, 16 Jul 2017 12:57:41 -0700 |
1245 | |
1246 | +openldap (2.4.44+dfsg-7ubuntu1) artful; urgency=medium |
1247 | + |
1248 | + * Merge from Debian unstable. Remaining changes: |
1249 | + - Enable AppArmor support: |
1250 | + - d/apparmor-profile: add AppArmor profile |
1251 | + - d/rules: use dh_apparmor |
1252 | + - d/control: Build-Depends on dh-apparmor |
1253 | + - d/slapd.README.Debian: add note about AppArmor |
1254 | + - Enable GSSAPI support: |
1255 | + - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): |
1256 | + - Add --with-gssapi support |
1257 | + - Make guess_service_principal() more robust when determining |
1258 | + principal |
1259 | + - d/configure.options: Configure with --with-gssapi |
1260 | + - d/control: Added heimdal-dev as a build depend |
1261 | + - d/rules: |
1262 | + - Explicitly add -I/usr/include/heimdal to CFLAGS. |
1263 | + - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS. |
1264 | + - Enable ufw support: |
1265 | + - d/control: suggest ufw. |
1266 | + - d/rules: install ufw profile. |
1267 | + - d/slapd.ufw.profile: add ufw profile. |
1268 | + - Enable nss overlay: |
1269 | + - d/{patches/nssov-build,rules}: Apply, build and package the |
1270 | + nss overlay. |
1271 | + - d/{rules,slapd.py}: Add apport hook. |
1272 | + [ d/rules modification mentioned above was dropped in |
1273 | + 2.4.23-6ubuntu1, re-adding it ] |
1274 | + - d/slapd.init.ldif: don't set olcRootDN since it's not defined in |
1275 | + either the default DIT nor via an Authn mapping. |
1276 | + - d/slapd.scripts-common: |
1277 | + - add slapcat_opts to local variables. |
1278 | + - Fix backup directory naming for multiple reconfiguration. |
1279 | + - d/{slapd.default,slapd.README.Debian}: use the new configuration style. |
1280 | + - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support |
1281 | + in the openldap library, as required by Likewise-Open |
1282 | + - Show distribution in version: |
1283 | + - d/control: added lsb-release |
1284 | + - d/patches/fix-ldap-distribution.patch: show distribution in version |
1285 | + [ Refreshed patch ] |
1286 | + - d/libldap-2.4-2.symbols: Add symbols not present in Debian. |
1287 | + - CLDAP (UDP) was added in 2.4.17-1ubuntu2 |
1288 | + - GSSAPI support was enabled in 2.4.18-0ubuntu2 |
1289 | + |
1290 | + -- Gianfranco Costamagna <locutusofborg@debian.org> Tue, 27 Jun 2017 10:21:41 +0200 |
1291 | + |
1292 | openldap (2.4.44+dfsg-7) unstable; urgency=medium |
1293 | |
1294 | * Relax the dependency of libldap-2.4-2 on libldap-common to also permit |
1295 | @@ -589,6 +1683,52 @@ openldap (2.4.44+dfsg-7) unstable; urgency=medium |
1296 | |
1297 | -- Ryan Tandy <ryan@nardis.ca> Tue, 27 Jun 2017 18:53:12 -0700 |
1298 | |
1299 | +openldap (2.4.44+dfsg-6ubuntu1) artful; urgency=medium |
1300 | + |
1301 | + * Merge from Debian unstable. Remaining changes: |
1302 | + - Enable AppArmor support: |
1303 | + - d/apparmor-profile: add AppArmor profile |
1304 | + - d/rules: use dh_apparmor |
1305 | + - d/control: Build-Depends on dh-apparmor |
1306 | + - d/slapd.README.Debian: add note about AppArmor |
1307 | + - Enable GSSAPI support: |
1308 | + - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): |
1309 | + - Add --with-gssapi support |
1310 | + - Make guess_service_principal() more robust when determining |
1311 | + principal |
1312 | + - d/configure.options: Configure with --with-gssapi |
1313 | + - d/control: Added heimdal-dev as a build depend |
1314 | + - d/rules: |
1315 | + - Explicitly add -I/usr/include/heimdal to CFLAGS. |
1316 | + - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS. |
1317 | + - Enable ufw support: |
1318 | + - d/control: suggest ufw. |
1319 | + - d/rules: install ufw profile. |
1320 | + - d/slapd.ufw.profile: add ufw profile. |
1321 | + - Enable nss overlay: |
1322 | + - d/{patches/nssov-build,rules}: Apply, build and package the |
1323 | + nss overlay. |
1324 | + - d/{rules,slapd.py}: Add apport hook. |
1325 | + [ d/rules modification mentioned above was dropped in |
1326 | + 2.4.23-6ubuntu1, re-adding it ] |
1327 | + - d/slapd.init.ldif: don't set olcRootDN since it's not defined in |
1328 | + either the default DIT nor via an Authn mapping. |
1329 | + - d/slapd.scripts-common: |
1330 | + - add slapcat_opts to local variables. |
1331 | + - Fix backup directory naming for multiple reconfiguration. |
1332 | + - d/{slapd.default,slapd.README.Debian}: use the new configuration style. |
1333 | + - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support |
1334 | + in the openldap library, as required by Likewise-Open |
1335 | + - Show distribution in version: |
1336 | + - d/control: added lsb-release |
1337 | + - d/patches/fix-ldap-distribution.patch: show distribution in version |
1338 | + [ Refreshed patch ] |
1339 | + - d/libldap-2.4-2.symbols: Add symbols not present in Debian. |
1340 | + - CLDAP (UDP) was added in 2.4.17-1ubuntu2 |
1341 | + - GSSAPI support was enabled in 2.4.18-0ubuntu2 |
1342 | + |
1343 | + -- Gianfranco Costamagna <locutusofborg@debian.org> Tue, 27 Jun 2017 10:21:41 +0200 |
1344 | + |
1345 | openldap (2.4.44+dfsg-6) unstable; urgency=medium |
1346 | |
1347 | * Update the list of non-translatable strings for the |
1348 | @@ -597,6 +1737,54 @@ openldap (2.4.44+dfsg-6) unstable; urgency=medium |
1349 | |
1350 | -- Ryan Tandy <ryan@nardis.ca> Mon, 26 Jun 2017 19:42:02 -0700 |
1351 | |
1352 | +openldap (2.4.44+dfsg-5ubuntu1) artful; urgency=medium |
1353 | + |
1354 | + * Merge from Debian unstable. Remaining changes: |
1355 | + - Enable AppArmor support: |
1356 | + - d/apparmor-profile: add AppArmor profile |
1357 | + - d/rules: use dh_apparmor |
1358 | + - d/control: Build-Depends on dh-apparmor |
1359 | + - d/slapd.README.Debian: add note about AppArmor |
1360 | + - Enable GSSAPI support: |
1361 | + - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): |
1362 | + - Add --with-gssapi support |
1363 | + - Make guess_service_principal() more robust when determining |
1364 | + principal |
1365 | + - d/configure.options: Configure with --with-gssapi |
1366 | + - d/control: Added heimdal-dev as a build depend |
1367 | + - d/rules: |
1368 | + - Explicitly add -I/usr/include/heimdal to CFLAGS. |
1369 | + - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS. |
1370 | + - Enable ufw support: |
1371 | + - d/control: suggest ufw. |
1372 | + - d/rules: install ufw profile. |
1373 | + - d/slapd.ufw.profile: add ufw profile. |
1374 | + - Enable nss overlay: |
1375 | + - d/{patches/nssov-build,rules}: Apply, build and package the |
1376 | + nss overlay. |
1377 | + - d/{rules,slapd.py}: Add apport hook. |
1378 | + [ d/rules modification mentioned above was dropped in |
1379 | + 2.4.23-6ubuntu1, re-adding it ] |
1380 | + - d/slapd.init.ldif: don't set olcRootDN since it's not defined in |
1381 | + either the default DIT nor via an Authn mapping. |
1382 | + - d/slapd.scripts-common: |
1383 | + - add slapcat_opts to local variables. |
1384 | + - Fix backup directory naming for multiple reconfiguration. |
1385 | + - d/{slapd.default,slapd.README.Debian}: use the new configuration style. |
1386 | + - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support |
1387 | + in the openldap library, as required by Likewise-Open |
1388 | + - Show distribution in version: |
1389 | + - d/control: added lsb-release |
1390 | + - d/patches/fix-ldap-distribution.patch: show distribution in version |
1391 | + [ Refreshed patch ] |
1392 | + - d/libldap-2.4-2.symbols: Add symbols not present in Debian. |
1393 | + - CLDAP (UDP) was added in 2.4.17-1ubuntu2 |
1394 | + - GSSAPI support was enabled in 2.4.18-0ubuntu2 |
1395 | + [ undocumented in prior merge, added in 2.4.41+dfsg-1ubuntu1 ] |
1396 | + - Fix use after free with GnuTLS. (LP #1557248) |
1397 | + |
1398 | + -- Gianfranco Costamagna <locutusofborg@debian.org> Sun, 28 May 2017 22:43:50 +0200 |
1399 | + |
1400 | openldap (2.4.44+dfsg-5) unstable; urgency=medium |
1401 | |
1402 | * debian/patches/ITS-8644-wait-for-slapd-to-start-in-test064.patch: Fix an |
1403 | @@ -608,6 +1796,54 @@ openldap (2.4.44+dfsg-5) unstable; urgency=medium |
1404 | |
1405 | -- Ryan Tandy <ryan@nardis.ca> Sun, 28 May 2017 09:59:46 -0700 |
1406 | |
1407 | +openldap (2.4.44+dfsg-4ubuntu1) artful; urgency=low |
1408 | + |
1409 | + * Merge from Debian unstable. Remaining changes: |
1410 | + - Enable AppArmor support: |
1411 | + - d/apparmor-profile: add AppArmor profile |
1412 | + - d/rules: use dh_apparmor |
1413 | + - d/control: Build-Depends on dh-apparmor |
1414 | + - d/slapd.README.Debian: add note about AppArmor |
1415 | + - Enable GSSAPI support: |
1416 | + - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): |
1417 | + - Add --with-gssapi support |
1418 | + - Make guess_service_principal() more robust when determining |
1419 | + principal |
1420 | + - d/configure.options: Configure with --with-gssapi |
1421 | + - d/control: Added heimdal-dev as a build depend |
1422 | + - d/rules: |
1423 | + - Explicitly add -I/usr/include/heimdal to CFLAGS. |
1424 | + - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS. |
1425 | + - Enable ufw support: |
1426 | + - d/control: suggest ufw. |
1427 | + - d/rules: install ufw profile. |
1428 | + - d/slapd.ufw.profile: add ufw profile. |
1429 | + - Enable nss overlay: |
1430 | + - d/{patches/nssov-build,rules}: Apply, build and package the |
1431 | + nss overlay. |
1432 | + - d/{rules,slapd.py}: Add apport hook. |
1433 | + [ d/rules modification mentioned above was dropped in |
1434 | + 2.4.23-6ubuntu1, re-adding it ] |
1435 | + - d/slapd.init.ldif: don't set olcRootDN since it's not defined in |
1436 | + either the default DIT nor via an Authn mapping. |
1437 | + - d/slapd.scripts-common: |
1438 | + - add slapcat_opts to local variables. |
1439 | + - Fix backup directory naming for multiple reconfiguration. |
1440 | + - d/{slapd.default,slapd.README.Debian}: use the new configuration style. |
1441 | + - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support |
1442 | + in the openldap library, as required by Likewise-Open |
1443 | + - Show distribution in version: |
1444 | + - d/control: added lsb-release |
1445 | + - d/patches/fix-ldap-distribution.patch: show distribution in version |
1446 | + [ Refreshed patch ] |
1447 | + - d/libldap-2.4-2.symbols: Add symbols not present in Debian. |
1448 | + - CLDAP (UDP) was added in 2.4.17-1ubuntu2 |
1449 | + - GSSAPI support was enabled in 2.4.18-0ubuntu2 |
1450 | + [ undocumented in prior merge, added in 2.4.41+dfsg-1ubuntu1 ] |
1451 | + - Fix use after free with GnuTLS. (LP #1557248) |
1452 | + |
1453 | + -- Gianfranco Costamagna <locutusofborg@debian.org> Sat, 22 Apr 2017 14:28:54 +0200 |
1454 | + |
1455 | openldap (2.4.44+dfsg-4) unstable; urgency=medium |
1456 | |
1457 | * Improve the slapd/ppolicy_schema_needs_update debconf template. Thanks to |
1458 | @@ -654,6 +1890,67 @@ openldap (2.4.44+dfsg-4) unstable; urgency=medium |
1459 | |
1460 | -- Ryan Tandy <ryan@nardis.ca> Sun, 16 Apr 2017 20:10:43 -0700 |
1461 | |
1462 | +openldap (2.4.44+dfsg-3ubuntu2) zesty; urgency=medium |
1463 | + |
1464 | + * d/rules: Fix typo in previous upload. |
1465 | + |
1466 | + -- Nishanth Aravamudan <nish.aravamudan@canonical.com> Fri, 10 Feb 2017 12:17:02 -0800 |
1467 | + |
1468 | +openldap (2.4.44+dfsg-3ubuntu1) zesty; urgency=medium |
1469 | + |
1470 | + * Merge with Debian unstable (LP: #1663702, LP: #1654416). Remaining |
1471 | + changes |
1472 | + - Enable AppArmor support: |
1473 | + - d/apparmor-profile: add AppArmor profile |
1474 | + - d/rules: use dh_apparmor |
1475 | + - d/control: Build-Depends on dh-apparmor |
1476 | + - d/slapd.README.Debian: add note about AppArmor |
1477 | + - Enable GSSAPI support: |
1478 | + - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): |
1479 | + - Add --with-gssapi support |
1480 | + - Make guess_service_principal() more robust when determining |
1481 | + principal |
1482 | + - d/configure.options: Configure with --with-gssapi |
1483 | + - d/control: Added heimdal-dev as a build depend |
1484 | + - d/rules: |
1485 | + - Explicitly add -I/usr/include/heimdal to CFLAGS. |
1486 | + - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS. |
1487 | + - Enable ufw support: |
1488 | + - d/control: suggest ufw. |
1489 | + - d/rules: install ufw profile. |
1490 | + - d/slapd.ufw.profile: add ufw profile. |
1491 | + - Enable nss overlay: |
1492 | + - d/{patches/nssov-build,rules}: Apply, build and package the |
1493 | + nss overlay. |
1494 | + - d/{rules,slapd.py}: Add apport hook. |
1495 | + [ d/rules modification mentioned above was dropped in |
1496 | + 2.4.23-6ubuntu1, re-adding it ] |
1497 | + - d/slapd.init.ldif: don't set olcRootDN since it's not defined in |
1498 | + either the default DIT nor via an Authn mapping. |
1499 | + - d/slapd.scripts-common: |
1500 | + - add slapcat_opts to local variables. |
1501 | + - Fix backup directory naming for multiple reconfiguration. |
1502 | + - d/{slapd.default,slapd.README.Debian}: use the new configuration style. |
1503 | + - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support |
1504 | + in the openldap library, as required by Likewise-Open |
1505 | + - Show distribution in version: |
1506 | + - d/control: added lsb-release |
1507 | + - d/patches/fix-ldap-distribution.patch: show distribution in version |
1508 | + [ Refreshed patch ] |
1509 | + - d/libldap-2.4-2.symbols: Add symbols not present in Debian. |
1510 | + - CLDAP (UDP) was added in 2.4.17-1ubuntu2 |
1511 | + - GSSAPI support was enabled in 2.4.18-0ubuntu2 |
1512 | + [ undocumented in prior merge, added in 2.4.41+dfsg-1ubuntu1 ] |
1513 | + - Fix use after free with GnuTLS. (LP #1557248) |
1514 | + * Drop: |
1515 | + - d/slapd.scripts-common: |
1516 | + + Remove unused variable new_conf. |
1517 | + [ configure_v2_protocol_support function removed in 2.4.44+dfsg-1 ] |
1518 | + - d/b/config.log: add config.log |
1519 | + [ previously undocumented, stray change ] |
1520 | + |
1521 | + -- Nishanth Aravamudan <nish.aravamudan@canonical.com> Fri, 10 Feb 2017 11:38:57 -0800 |
1522 | + |
1523 | openldap (2.4.44+dfsg-3) unstable; urgency=medium |
1524 | |
1525 | * Apply upstream patch to fix FTBFS on kFreeBSD. (Closes: #845394) |
1526 | @@ -726,6 +2023,73 @@ openldap (2.4.44+dfsg-1) unstable; urgency=medium |
1527 | |
1528 | -- Ryan Tandy <ryan@nardis.ca> Mon, 14 Nov 2016 18:59:30 -0800 |
1529 | |
1530 | +openldap (2.4.42+dfsg-2ubuntu5) zesty; urgency=medium |
1531 | + |
1532 | + * No-change rebuild for perl 5.24 transition |
1533 | + |
1534 | + -- Iain Lane <iain@orangesquash.org.uk> Mon, 24 Oct 2016 10:37:13 +0100 |
1535 | + |
1536 | +openldap (2.4.42+dfsg-2ubuntu4) yakkety; urgency=medium |
1537 | + |
1538 | + * Fix use after free with GnuTLS. (LP: #1557248) |
1539 | + |
1540 | + -- Maciej Puzio <maciej@work.swmed.edu> Fri, 25 Mar 2016 15:24:25 -0500 |
1541 | + |
1542 | +openldap (2.4.42+dfsg-2ubuntu3) xenial; urgency=medium |
1543 | + |
1544 | + * Fix building with gssapi suppport: |
1545 | + - Explicitly add -I/usr/include/heimdal to CFLAGS. |
1546 | + - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS. |
1547 | + |
1548 | + -- Matthias Klose <doko@ubuntu.com> Thu, 18 Feb 2016 09:17:27 +0100 |
1549 | + |
1550 | +openldap (2.4.42+dfsg-2ubuntu2) xenial; urgency=medium |
1551 | + |
1552 | + * No-change rebuild for gnutls transition. |
1553 | + |
1554 | + -- Matthias Klose <doko@ubuntu.com> Wed, 17 Feb 2016 22:27:04 +0000 |
1555 | + |
1556 | +openldap (2.4.42+dfsg-2ubuntu1) xenial; urgency=medium |
1557 | + |
1558 | + * Merge from Debian testing (LP: #1532648). Remaining changes: |
1559 | + - Enable AppArmor support: |
1560 | + - d/apparmor-profile: add AppArmor profile |
1561 | + - d/rules: use dh_apparmor |
1562 | + - d/control: Build-Depends on dh-apparmor |
1563 | + - d/slapd.README.Debian: add note about AppArmor |
1564 | + - Enable GSSAPI support: |
1565 | + - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): |
1566 | + - Add --with-gssapi support |
1567 | + - Make guess_service_principal() more robust when determining |
1568 | + principal |
1569 | + - d/configure.options: Configure with --with-gssapi |
1570 | + - d/control: Added heimdal-dev as a build depend |
1571 | + - Enable ufw support: |
1572 | + - d/control: suggest ufw. |
1573 | + - d/rules: install ufw profile. |
1574 | + - d/slapd.ufw.profile: add ufw profile. |
1575 | + - Enable nss overlay: |
1576 | + - d/{patches/nssov-build,rules}: Apply, build and package the |
1577 | + nss overlay. |
1578 | + - d/{rules,slapd.py}: Add apport hook. |
1579 | + - d/slapd.init.ldif: don't set olcRootDN since it's not defined in |
1580 | + either the default DIT nor via an Authn mapping. |
1581 | + - d/slapd.scripts-common: |
1582 | + - add slapcat_opts to local variables. |
1583 | + - Remove unused variable new_conf. |
1584 | + - Fix backup directory naming for multiple reconfiguration. |
1585 | + - d/{slapd.default,slapd.README.Debian}: use the new configuration style. |
1586 | + - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support |
1587 | + in the openldap library, as required by Likewise-Open |
1588 | + - Show distribution in version: |
1589 | + - d/control: added lsb-release |
1590 | + - d/patches/fix-ldap-distribution.patch: show distribution in version |
1591 | + * Drop CVE-2015-6908.patch, included in Debian. |
1592 | + * Remove DEB_HOST_ARCH from debian/rules: left over from when mdb was |
1593 | + disabled on ppc64el, no longer used, and missed in the previous merge. |
1594 | + |
1595 | + -- Ryan Tandy <ryan@nardis.ca> Sun, 10 Jan 2016 15:50:53 -0800 |
1596 | + |
1597 | openldap (2.4.42+dfsg-2) unstable; urgency=medium |
1598 | |
1599 | [ Ryan Tandy ] |
1600 | @@ -793,6 +2157,71 @@ openldap (2.4.42+dfsg-1) unstable; urgency=medium |
1601 | |
1602 | -- Ryan Tandy <ryan@nardis.ca> Fri, 21 Aug 2015 13:07:51 -0700 |
1603 | |
1604 | +openldap (2.4.41+dfsg-1ubuntu3) xenial; urgency=medium |
1605 | + |
1606 | + * Rebuild for Perl 5.22.1. |
1607 | + |
1608 | + -- Colin Watson <cjwatson@ubuntu.com> Fri, 18 Dec 2015 15:10:17 +0000 |
1609 | + |
1610 | +openldap (2.4.41+dfsg-1ubuntu2) wily; urgency=medium |
1611 | + |
1612 | + * SECURITY UPDATE: denial of service via crafted BER data |
1613 | + - debian/patches/CVE-2015-6908.patch: remove obsolete assert in |
1614 | + libraries/liblber/io.c. |
1615 | + - CVE-2015-6908 |
1616 | + |
1617 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 14 Sep 2015 10:25:04 -0400 |
1618 | + |
1619 | +openldap (2.4.41+dfsg-1ubuntu1) wily; urgency=medium |
1620 | + |
1621 | + * Merge from Debian testing (LP: #1471831). Remaining changes: |
1622 | + - Enable AppArmor support: |
1623 | + - d/apparmor-profile: add AppArmor profile |
1624 | + - d/rules: use dh_apparmor |
1625 | + - d/control: Build-Depends on dh-apparmor |
1626 | + - d/slapd.README.Debian: add note about AppArmor |
1627 | + - Enable GSSAPI support: |
1628 | + - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): |
1629 | + - Add --with-gssapi support |
1630 | + - Make guess_service_principal() more robust when determining |
1631 | + principal |
1632 | + - d/configure.options: Configure with --with-gssapi |
1633 | + - d/control: Added heimdal-dev as a build depend |
1634 | + - Enable ufw support: |
1635 | + - d/control: suggest ufw. |
1636 | + - d/rules: install ufw profile. |
1637 | + - d/slapd.ufw.profile: add ufw profile. |
1638 | + - Enable nss overlay: |
1639 | + - d/{patches/nssov-build,rules}: Apply, build and package the |
1640 | + nss overlay. |
1641 | + - d/{rules,slapd.py}: Add apport hook. |
1642 | + - d/slapd.init.ldif: don't set olcRootDN since it's not defined in |
1643 | + either the default DIT nor via an Authn mapping. |
1644 | + - d/slapd.scripts-common: |
1645 | + - add slapcat_opts to local variables. |
1646 | + - Remove unused variable new_conf. |
1647 | + - Fix backup directory naming for multiple reconfiguration. |
1648 | + - d/{slapd.default,slapd.README.Debian}: use the new configuration style. |
1649 | + - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support |
1650 | + in the openldap library, as required by Likewise-Open |
1651 | + - Show distribution in version: |
1652 | + - d/control: added lsb-release |
1653 | + - d/patches/fix-ldap-distribution.patch: show distribution in version |
1654 | + * Dropped changes: |
1655 | + - Fix cpp calls for GCC 5: fixed upstream (ITS#8056) |
1656 | + * Upstream fixes: |
1657 | + - slapd crash with auditlog overlay and large (~27KB) attribute values |
1658 | + (ITS#8003) (LP: #1461276) |
1659 | + - nssov updated to support recent nss-pam-ldapd client libraries |
1660 | + (ITS#8097) (LP: #1393306) |
1661 | + * Update d/patches/nssov-build for upstream changes. |
1662 | + * Tweak d/patches/gssapi.diff to apply without fuzz. |
1663 | + * d/libldap-2.4-2.symbols: Add symbols not present in Debian. |
1664 | + - CLDAP (UDP) was added in 2.4.17-1ubuntu2 |
1665 | + - GSSAPI support was enabled in 2.4.18-0ubuntu2 |
1666 | + |
1667 | + -- Ryan Tandy <ryan@nardis.ca> Fri, 24 Jul 2015 14:12:06 -0700 |
1668 | + |
1669 | openldap (2.4.41+dfsg-1) unstable; urgency=medium |
1670 | |
1671 | * New upstream release. |
1672 | @@ -812,6 +2241,62 @@ openldap (2.4.40+dfsg-2) unstable; urgency=medium |
1673 | |
1674 | -- Ryan Tandy <ryan@nardis.ca> Sun, 28 Jun 2015 20:40:37 -0700 |
1675 | |
1676 | +openldap (2.4.40+dfsg-1ubuntu2) wily; urgency=medium |
1677 | + |
1678 | + * No-change rebuild for the libnettle6 transition. |
1679 | + |
1680 | + -- Adam Conrad <adconrad@ubuntu.com> Sun, 14 Jun 2015 03:58:30 -0600 |
1681 | + |
1682 | +openldap (2.4.40+dfsg-1ubuntu1) wily; urgency=low |
1683 | + |
1684 | + * Merge from Debian testing (LP: #1395098, LP: #1316124). Remaining changes: |
1685 | + - Enable AppArmor support: |
1686 | + - d/apparmor-profile: add AppArmor profile |
1687 | + - d/rules: use dh_apparmor |
1688 | + - d/control: Build-Depends on dh-apparmor |
1689 | + - d/slapd.README.Debian: add note about AppArmor |
1690 | + - Enable GSSAPI support: |
1691 | + - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): |
1692 | + - Add --with-gssapi support |
1693 | + - Make guess_service_principal() more robust when determining |
1694 | + principal |
1695 | + - d/configure.options: Configure with --with-gssapi |
1696 | + - d/control: Added heimdal-dev as a build depend |
1697 | + - Enable ufw support: |
1698 | + - d/control: suggest ufw. |
1699 | + - d/rules: install ufw profile. |
1700 | + - d/slapd.ufw.profile: add ufw profile. |
1701 | + - Enable nss overlay: |
1702 | + - d/{patches/nssov-build,rules}: Apply, build and package the |
1703 | + nss overlay. |
1704 | + - d/{rules,slapd.py}: Add apport hook. |
1705 | + - d/slapd.init.ldif: don't set olcRootDN since it's not defined in |
1706 | + either the default DIT nor via an Authn mapping. |
1707 | + - d/slapd.scripts-common: |
1708 | + - add slapcat_opts to local variables. |
1709 | + - Remove unused variable new_conf. |
1710 | + - Fix backup directory naming for multiple reconfiguration. |
1711 | + - d/{slapd.default,slapd.README.Debian}: use the new configuration style. |
1712 | + - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support |
1713 | + in the openldap library, as required by Likewise-Open |
1714 | + - Show distribution in version: |
1715 | + - d/control: added lsb-release |
1716 | + - d/patches/fix-ldap-distribution.patch: show distribution in version |
1717 | + * Drop patches included upstream: |
1718 | + - d/patches/0001-ITS-7430-GnuTLS-Avoid-use-of-deprecated-function.patch |
1719 | + - d/patches/bdb-deadlock.patch |
1720 | + - d/patches/its-7354-fix-delta-sync-mmr.diff |
1721 | + * Drop hardening-wrapper as Debian now sets PIE and bindnow flags. |
1722 | + * debian/patches/nssov-build: Adjust for upstream changes. |
1723 | + * debian/apparmor-profile: |
1724 | + - Change 'r' to 'rw' for ldapi and nslcd sockets, required for apparmor |
1725 | + kernel ABI v7 (utopic and later). (LP: #1392018) |
1726 | + - Reduce permissions on /run/nslcd to just the nslcd socket. |
1727 | + * Enable the mdb backend again on ppc64el, fixed upstream in ITS#7713. |
1728 | + (LP: #1293250) |
1729 | + |
1730 | + -- Ryan Tandy <ryan@nardis.ca> Mon, 25 May 2015 19:49:21 -0700 |
1731 | + |
1732 | openldap (2.4.40+dfsg-1) unstable; urgency=medium |
1733 | |
1734 | * Remove inetorgperson.schema from the upstream source. Replace it with a |
1735 | @@ -1000,6 +2485,187 @@ openldap (2.4.39-1) unstable; urgency=low |
1736 | |
1737 | -- Steve Langasek <vorlon@debian.org> Mon, 17 Mar 2014 15:27:31 -0700 |
1738 | |
1739 | +openldap (2.4.31-1+nmu2ubuntu12) vivid; urgency=medium |
1740 | + |
1741 | + * Fix cpp calls for GCC 5. |
1742 | + |
1743 | + -- Matthias Klose <doko@ubuntu.com> Fri, 06 Mar 2015 13:23:29 +0100 |
1744 | + |
1745 | +openldap (2.4.31-1+nmu2ubuntu11) utopic; urgency=medium |
1746 | + |
1747 | + * debian/apparmor-profile: |
1748 | + - allow p11-kit abstraction |
1749 | + - allow read of /etc/gss/mech.d/* |
1750 | + |
1751 | + -- Jamie Strandboge <jamie@ubuntu.com> Tue, 02 Sep 2014 15:29:05 -0500 |
1752 | + |
1753 | +openldap (2.4.31-1+nmu2ubuntu10) utopic; urgency=medium |
1754 | + |
1755 | + * Rebuild for Perl 5.20.0. |
1756 | + |
1757 | + -- Colin Watson <cjwatson@ubuntu.com> Thu, 21 Aug 2014 13:29:20 +0100 |
1758 | + |
1759 | +openldap (2.4.31-1+nmu2ubuntu9) utopic; urgency=medium |
1760 | + |
1761 | + * Cherry-pick upstream patch for compat with recent GNUTLS. |
1762 | + * Build-depend on libgnutls28-dev. |
1763 | + * Build-depend on libgcrypt20-dev. |
1764 | + |
1765 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Fri, 08 Aug 2014 11:01:56 +0100 |
1766 | + |
1767 | +openldap (2.4.31-1+nmu2ubuntu8) trusty; urgency=medium |
1768 | + |
1769 | + * Bump database_format_changed value to 2.4.31-1+nmu2ubuntu5 for db5.3. |
1770 | + |
1771 | + -- Adam Conrad <adconrad@ubuntu.com> Mon, 17 Mar 2014 12:50:18 -0600 |
1772 | + |
1773 | +openldap (2.4.31-1+nmu2ubuntu7) trusty; urgency=medium |
1774 | + |
1775 | + * Disable mdb backend on ppc64el due to test-suite failures. |
1776 | + |
1777 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 17 Mar 2014 16:32:29 +0000 |
1778 | + |
1779 | +openldap (2.4.31-1+nmu2ubuntu6) trusty; urgency=low |
1780 | + |
1781 | + * Fix segfault issue with master-master syncrepl (LP: #1287730): |
1782 | + - d/patches/its-7354-fix-delta-sync-mmr.diff: Cherry picked |
1783 | + patch from upstream VCS. |
1784 | + |
1785 | + -- Pierre Fersing <pfersing@sierrawireless.com> Tue, 04 Mar 2014 16:04:57 +0100 |
1786 | + |
1787 | +openldap (2.4.31-1+nmu2ubuntu5) trusty; urgency=low |
1788 | + |
1789 | + * Build-depend on libdb5.3-dev, instead of libdb5.1-dev. |
1790 | + |
1791 | + -- Dmitrijs Ledkovs <xnox@ubuntu.com> Mon, 04 Nov 2013 08:04:30 +0000 |
1792 | + |
1793 | +openldap (2.4.31-1+nmu2ubuntu4) trusty; urgency=low |
1794 | + |
1795 | + * Rebuild for Perl 5.18. |
1796 | + |
1797 | + -- Colin Watson <cjwatson@ubuntu.com> Tue, 22 Oct 2013 12:16:39 +0100 |
1798 | + |
1799 | +openldap (2.4.31-1+nmu2ubuntu3) saucy; urgency=low |
1800 | + |
1801 | + * Update build/config.guess and build/config.sub at build time; this was |
1802 | + not done automatically because the top-level configure.in does not use |
1803 | + Automake. |
1804 | + |
1805 | + -- Colin Watson <cjwatson@ubuntu.com> Tue, 08 Oct 2013 17:24:59 +0100 |
1806 | + |
1807 | +openldap (2.4.31-1+nmu2ubuntu2) saucy; urgency=low |
1808 | + |
1809 | + * debian/control: added lsb-release |
1810 | + * debian/patches/fix-ldap-distribution.patch: show distribution in version |
1811 | + |
1812 | + -- Yolanda Robla <yolanda.robla@canonical.com> Mon, 08 Jul 2013 16:53:09 +0200 |
1813 | + |
1814 | +openldap (2.4.31-1+nmu2ubuntu1) saucy; urgency=low |
1815 | + |
1816 | + * Merge from Debian unstable. Remaining changes: |
1817 | + - Enable AppArmor support: |
1818 | + - d/apparmor-profile: add AppArmor profile |
1819 | + - d/rules: use dh_apparmor |
1820 | + - d/control: Build-Depends on dh-apparmor |
1821 | + - d/slapd.README.Debian: add note about AppArmor |
1822 | + - d/slapd.dirs: add etc/apparmor.d/force-complain |
1823 | + - Enable GSSAPI support: |
1824 | + - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): |
1825 | + - Add --with-gssapi support |
1826 | + - Make guess_service_principal() more robust when determining |
1827 | + principal |
1828 | + - d/configure.options: Configure with --with-gssapi |
1829 | + - d/control: Added libkrb5-dev as a build depend |
1830 | + - Enable ufw support: |
1831 | + - d/control: suggest ufw. |
1832 | + - d/rules: install ufw profile. |
1833 | + - d/slapd.ufw.profile: add ufw profile. |
1834 | + - Enable nss overlay: |
1835 | + - d/{patches/nssov-build,/rules}: Apply, build and package the |
1836 | + nss overlay. |
1837 | + - d/{rules,slapd.py}: Add apport hook. |
1838 | + - d/slapd.init.ldif: don't set olcRootDN since it's not defined in |
1839 | + either the default DIT nor via an Authn mapping. |
1840 | + - d/slapd.scripts-common: |
1841 | + - add slapcat_opts to local variables. |
1842 | + - Remove unused variable new_conf. |
1843 | + - Fix backup directory naming for multiple reconfiguration. |
1844 | + - d/{slapd.default,slapd.README.Debian}: use the new configuration style. |
1845 | + - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support |
1846 | + in the openldap library, as required by Likewise-Open |
1847 | + - d/{control,rules}: enable PIE hardening |
1848 | + |
1849 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 30 May 2013 13:03:25 -0400 |
1850 | + |
1851 | +openldap (2.4.31-1+nmu2) unstable; urgency=high |
1852 | + |
1853 | + * Non-maintainer upload. |
1854 | + * No-change rebuild in a clean environment |
1855 | + |
1856 | + -- Jonathan Wiltshire <jmw@debian.org> Tue, 23 Apr 2013 13:10:00 +0100 |
1857 | + |
1858 | +openldap (2.4.31-1+nmu1) unstable; urgency=medium |
1859 | + |
1860 | + * Non-maintainer upload. |
1861 | + * Avoid deadlocks in back-bdb that truncate slapcat output (closes: #673038). |
1862 | + |
1863 | + -- Michael Gilbert <mgilbert@debian.org> Tue, 16 Apr 2013 03:35:31 +0000 |
1864 | + |
1865 | +openldap (2.4.31-1ubuntu2) quantal-proposed; urgency=low |
1866 | + |
1867 | + * debian/slapd.py: Add AppArmor info and logs to apport hook. |
1868 | + |
1869 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 20 Aug 2012 08:46:02 -0400 |
1870 | + |
1871 | +openldap (2.4.31-1ubuntu1) quantal; urgency=low |
1872 | + |
1873 | + * Merge from Debian unstable. Remaining changes: |
1874 | + - Enable AppArmor support: |
1875 | + - d/apparmor-profile: add AppArmor profile |
1876 | + - d/rules: use dh_apparmor |
1877 | + - d/control: Build-Depends on dh-apparmor |
1878 | + - d/slapd.README.Debian: add note about AppArmor |
1879 | + - d/slapd.dirs: add etc/apparmor.d/force-complain |
1880 | + - Enable GSSAPI support (LP: #495418): |
1881 | + - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): |
1882 | + - Add --with-gssapi support |
1883 | + - Make guess_service_principal() more robust when determining |
1884 | + principal |
1885 | + - d/configure.options: Configure with --with-gssapi |
1886 | + - d/control: Added libkrb5-dev as a build depend |
1887 | + - Enable ufw support (LP: #423246): |
1888 | + - d/control: suggest ufw. |
1889 | + - d/rules: install ufw profile. |
1890 | + - d/slapd.ufw.profile: add ufw profile. |
1891 | + - Enable nss overlay (LP: #675391): |
1892 | + - d/{patches/nssov-build,/rules}: Apply, build and package the |
1893 | + nss overlay. |
1894 | + - d/{rules,slapd.py}: Add apport hook. (LP: #610544) |
1895 | + - d/slapd.init.ldif: don't set olcRootDN since it's not defined in |
1896 | + either the default DIT nor via an Authn mapping. |
1897 | + - d/slapd.scripts-common: |
1898 | + - add slapcat_opts to local variables. |
1899 | + - Remove unused variable new_conf. |
1900 | + - Fix backup directory naming for multiple reconfiguration. |
1901 | + - d/{slapd.default,slapd.README.Debian}: use the new configuration style. |
1902 | + - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support |
1903 | + in the openldap library, as required by Likewise-Open (LP: #390579) |
1904 | + - d/{control,rules}: enable PIE hardening |
1905 | + * Dropped changes: |
1906 | + - d/patches/its-7107-fix-Operation-init-on-reuse.diff: Included in upstream release. |
1907 | + - d/patches/CVE-2011-4079: Included in upstream release. |
1908 | + - d/patches/service-operational-before-detach: Included in upstream release. |
1909 | + - d/schema/extra/misc.ldif: Included upstream. |
1910 | + - d/{rules,schema/extra}: Fix configure and clean rules to support |
1911 | + extra schemas shipped as part of the debian/schema/ directory; no longer required. |
1912 | + - Included in Debian: |
1913 | + + Document cn=config in README file. |
1914 | + + Install a default DIT; actually a minimal configuration. |
1915 | + + d/patches/heimdal-fix. |
1916 | + * General tidy of d/patches to remove obsolete patches being held in Ubuntu delta. |
1917 | + |
1918 | + -- James Page <james.page@ubuntu.com> Fri, 20 Jul 2012 13:48:32 +0100 |
1919 | + |
1920 | openldap (2.4.31-1) unstable; urgency=low |
1921 | |
1922 | * New upstream release. |
1923 | @@ -1026,6 +2692,121 @@ openldap (2.4.31-1) unstable; urgency=low |
1924 | |
1925 | -- Steve Langasek <vorlon@debian.org> Wed, 27 Jun 2012 03:27:34 +0000 |
1926 | |
1927 | +openldap (2.4.28-1.1ubuntu6) quantal; urgency=low |
1928 | + |
1929 | + * Fix issue with intermittent connection issues when using LDAPv3 |
1930 | + protocol (LP: #1023025): |
1931 | + - d/patches/its-7107-fix-Operation-init-on-reuse.diff: Cherry picked |
1932 | + patch from upstream VCS which ensures objects are initialized before |
1933 | + re-use. |
1934 | + |
1935 | + -- Pierre Fersing <pfersing@sierrawireless.com> Thu, 19 Jul 2012 14:05:09 +0100 |
1936 | + |
1937 | +openldap (2.4.28-1.1ubuntu5) quantal; urgency=low |
1938 | + |
1939 | + * debian/rules: Add smbk5pwd build. |
1940 | + * debian/control: Add slapd-smbk5pwd binary package. |
1941 | + * debian/patches/heimdal-fix: adapt parameters of |
1942 | + hdb_generate_key_set_password() to heimdal 1.6~git20120311 |
1943 | + (patch from Debian #664930). |
1944 | + |
1945 | + -- Jorge Salamero Sanz <bencer@debian.org> Wed, 18 Jul 2012 09:30:28 -0400 |
1946 | + |
1947 | +openldap (2.4.28-1.1ubuntu4) precise; urgency=low |
1948 | + |
1949 | + * debian/control: Build-Depends on dh-apparmor (LP: #948481) |
1950 | + |
1951 | + -- Jamie Strandboge <jamie@ubuntu.com> Thu, 05 Apr 2012 09:34:37 -0500 |
1952 | + |
1953 | +openldap (2.4.28-1.1ubuntu3) precise; urgency=low |
1954 | + |
1955 | + * Add its-7176-only-poll-sockets-for-write-as-needed.diff |
1956 | + (LP: #932823). |
1957 | + |
1958 | + -- Timo Aaltonen <tjaalton@ubuntu.com> Tue, 21 Feb 2012 15:36:29 +0200 |
1959 | + |
1960 | +openldap (2.4.28-1.1ubuntu2) precise; urgency=low |
1961 | + |
1962 | + * Remove debian/patches/CVE-2011-4079; it's already in this upstream |
1963 | + version. Fixes FTBFS. |
1964 | + |
1965 | + -- Daniel T Chen <crimsun@ubuntu.com> Wed, 25 Jan 2012 17:26:17 -0500 |
1966 | + |
1967 | +openldap (2.4.28-1.1ubuntu1) precise; urgency=low |
1968 | + |
1969 | + * Merge from Debian testing. Remaining changes: |
1970 | + - Install a default DIT (LP: #442498). |
1971 | + - Document cn=config in README file (LP: #370784). |
1972 | + - remaining changes: |
1973 | + + AppArmor support: |
1974 | + - debian/apparmor-profile: add AppArmor profile |
1975 | + - use dh_apparmor: |
1976 | + - debian/rules: use dh_apparmor |
1977 | + - debian/control: Build-Depends on debhelper 7.4.20ubuntu5 |
1978 | + - updated debian/slapd.README.Debian for note on AppArmor |
1979 | + - debian/slapd.dirs: add etc/apparmor.d/force-complain |
1980 | + + Enable GSSAPI support (LP: #495418): |
1981 | + - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise): |
1982 | + - Add --with-gssapi support |
1983 | + - Make guess_service_principal() more robust when determining |
1984 | + principal |
1985 | + - debian/patches/series: apply gssapi.diff patch. |
1986 | + - debian/configure.options: Configure with --with-gssapi |
1987 | + - debian/control: Added libkrb5-dev as a build depend |
1988 | + + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support |
1989 | + in the openldap library, as required by Likewise-Open (LP: #390579) |
1990 | + + Don't build smbk5pwd overlay since it uses heimdal instead of krb5: |
1991 | + - debian/control: |
1992 | + - remove build-dependency on heimdal-dev. |
1993 | + - remove slapd-smbk5pwd binary package. |
1994 | + - debian/rules: don't build smbk5pwd slapd module. |
1995 | + + debian/{control,rules}: enable PIE hardening |
1996 | + + ufw support (LP: #423246): |
1997 | + - debian/control: suggest ufw. |
1998 | + - debian/rules: install ufw profile. |
1999 | + - debian/slapd.ufw.profile: add ufw profile. |
2000 | + + Enable nssoverlay: |
2001 | + - debian/patches/nssov-build, debian/series, debian/rules: |
2002 | + Apply, build and package the nss overlay. |
2003 | + - debian/schema/extra/misc.ldif: add ldif file for the misc schema |
2004 | + which defines rfc822MailMember (required by the nss overlay). |
2005 | + + debian/rules, debian/schema/extra/: |
2006 | + Fix configure rule to supports extra schemas shipped as part |
2007 | + of the debian/schema/ directory. |
2008 | + + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544) |
2009 | + + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in |
2010 | + neither the default DIT nor via an Authn mapping. |
2011 | + + debian/slapd.scripts-common: adjust minimum version that triggers a |
2012 | + database upgrade. Upgrade from maverick shouldn't trigger database |
2013 | + upgrade (which would happen with the version used in Debian). |
2014 | + + debian/slapd.scripts-common: add slapcat_opts to local variables. |
2015 | + Remove unused variable new_conf. |
2016 | + + debian/slapd.script-common: Fix package reconfiguration. |
2017 | + - Fix backup directory naming for multiple reconfiguration. |
2018 | + + debian/slapd.default, debian/slapd.README.Debian: |
2019 | + use the new configuration style. |
2020 | + + Install nss overlay (LP: #675391): |
2021 | + - debian/rules: run install target for nssov module. |
2022 | + - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema |
2023 | + + debian/patches/gssapi.diff: |
2024 | + - Update patch so that likewise-open is usuable again. (LP: #661547) |
2025 | + + debian/patches/service-operational-before-detach: New patch replacing old one |
2026 | + of the same name as previous could cause database corruption based on upstream commits. |
2027 | + (LP: #727973) |
2028 | + + debian/patches/CVE-2011-4079: fix off by one error in postalAddressNormalize() |
2029 | + (CVE-2011-4079) |
2030 | + |
2031 | + |
2032 | + -- Chuck Short <zulcss@ubuntu.com> Mon, 23 Jan 2012 10:01:13 -0500 |
2033 | + |
2034 | +openldap (2.4.28-1.1) unstable; urgency=low |
2035 | + |
2036 | + * Non-maintainer upload. |
2037 | + * Disable the mdb backend on non-Linux, it looks like it doesn't work with |
2038 | + linuxthreads (closes: #654824). |
2039 | + |
2040 | + -- Julien Cristau <jcristau@debian.org> Mon, 16 Jan 2012 19:45:42 +0100 |
2041 | + |
2042 | openldap (2.4.28-1) unstable; urgency=low |
2043 | |
2044 | * New upstream release. |
2045 | @@ -1053,6 +2834,72 @@ openldap (2.4.28-1) unstable; urgency=low |
2046 | |
2047 | -- Steve Langasek <vorlon@debian.org> Thu, 05 Jan 2012 06:07:11 +0000 |
2048 | |
2049 | +openldap (2.4.25-4ubuntu1) precise; urgency=low |
2050 | + |
2051 | + * Merge from Debian testing. Remaining changes: |
2052 | + - Install a default DIT (LP: #442498). |
2053 | + - Document cn=config in README file (LP: #370784). |
2054 | + - remaining changes: |
2055 | + + AppArmor support: |
2056 | + - debian/apparmor-profile: add AppArmor profile |
2057 | + - use dh_apparmor: |
2058 | + - debian/rules: use dh_apparmor |
2059 | + - debian/control: Build-Depends on debhelper 7.4.20ubuntu5 |
2060 | + - updated debian/slapd.README.Debian for note on AppArmor |
2061 | + - debian/slapd.dirs: add etc/apparmor.d/force-complain |
2062 | + + Enable GSSAPI support (LP: #495418): |
2063 | + - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise): |
2064 | + - Add --with-gssapi support |
2065 | + - Make guess_service_principal() more robust when determining |
2066 | + principal |
2067 | + - debian/patches/series: apply gssapi.diff patch. |
2068 | + - debian/configure.options: Configure with --with-gssapi |
2069 | + - debian/control: Added libkrb5-dev as a build depend |
2070 | + + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support |
2071 | + in the openldap library, as required by Likewise-Open (LP: #390579) |
2072 | + + Don't build smbk5pwd overlay since it uses heimdal instead of krb5: |
2073 | + - debian/control: |
2074 | + - remove build-dependency on heimdal-dev. |
2075 | + - remove slapd-smbk5pwd binary package. |
2076 | + - debian/rules: don't build smbk5pwd slapd module. |
2077 | + + debian/{control,rules}: enable PIE hardening |
2078 | + + ufw support (LP: #423246): |
2079 | + - debian/control: suggest ufw. |
2080 | + - debian/rules: install ufw profile. |
2081 | + - debian/slapd.ufw.profile: add ufw profile. |
2082 | + + Enable nssoverlay: |
2083 | + - debian/patches/nssov-build, debian/series, debian/rules: |
2084 | + Apply, build and package the nss overlay. |
2085 | + - debian/schema/extra/misc.ldif: add ldif file for the misc schema |
2086 | + which defines rfc822MailMember (required by the nss overlay). |
2087 | + + debian/rules, debian/schema/extra/: |
2088 | + Fix configure rule to supports extra schemas shipped as part |
2089 | + of the debian/schema/ directory. |
2090 | + + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544) |
2091 | + + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in |
2092 | + neither the default DIT nor via an Authn mapping. |
2093 | + + debian/slapd.scripts-common: adjust minimum version that triggers a |
2094 | + database upgrade. Upgrade from maverick shouldn't trigger database |
2095 | + upgrade (which would happen with the version used in Debian). |
2096 | + + debian/slapd.scripts-common: add slapcat_opts to local variables. |
2097 | + Remove unused variable new_conf. |
2098 | + + debian/slapd.script-common: Fix package reconfiguration. |
2099 | + - Fix backup directory naming for multiple reconfiguration. |
2100 | + + debian/slapd.default, debian/slapd.README.Debian: |
2101 | + use the new configuration style. |
2102 | + + Install nss overlay (LP: #675391): |
2103 | + - debian/rules: run install target for nssov module. |
2104 | + - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema |
2105 | + + debian/patches/gssapi.diff: |
2106 | + - Update patch so that likewise-open is usuable again. (LP: #661547) |
2107 | + + debian/patches/service-operational-before-detach: New patch replacing old one |
2108 | + of the same name as previous could cause database corruption based on upstream commits. |
2109 | + (LP: #727973) |
2110 | + + debian/patches/CVE-2011-4079: fix off by one error in postalAddressNormalize() |
2111 | + (CVE-2011-4079) |
2112 | + |
2113 | + -- Chuck Short <zulcss@ubuntu.com> Tue, 22 Nov 2011 06:17:49 +0000 |
2114 | + |
2115 | openldap (2.4.25-4) unstable; urgency=low |
2116 | |
2117 | * Drop explicit depends on libdb4.8, since we're now linking against |
2118 | @@ -1086,6 +2933,85 @@ openldap (2.4.25-4) unstable; urgency=low |
2119 | |
2120 | -- Steve Langasek <vorlon@debian.org> Tue, 18 Oct 2011 01:08:34 +0000 |
2121 | |
2122 | +openldap (2.4.25-3ubuntu3) precise; urgency=low |
2123 | + |
2124 | + * Rebuild for Perl 5.14. |
2125 | + |
2126 | + -- Colin Watson <cjwatson@ubuntu.com> Tue, 15 Nov 2011 20:50:09 +0000 |
2127 | + |
2128 | +openldap (2.4.25-3ubuntu2) precise; urgency=low |
2129 | + |
2130 | + * SECURITY UPDATE: potential denial of service (LP: #884163) |
2131 | + - debian/patches/CVE-2011-4079: fix off by one error in |
2132 | + postalAddressNormalize() |
2133 | + - CVE-2011-4079 |
2134 | + |
2135 | + -- Jamie Strandboge <jamie@ubuntu.com> Mon, 14 Nov 2011 13:59:56 -0600 |
2136 | + |
2137 | +openldap (2.4.25-3ubuntu1) precise; urgency=low |
2138 | + |
2139 | + * Merge from debian unstable. Remaining changes: |
2140 | + - Install a default DIT (LP: #442498). |
2141 | + - Document cn=config in README file (LP: #370784). |
2142 | + - remaining changes: |
2143 | + + AppArmor support: |
2144 | + - debian/apparmor-profile: add AppArmor profile |
2145 | + - use dh_apparmor: |
2146 | + - debian/rules: use dh_apparmor |
2147 | + - debian/control: Build-Depends on debhelper 7.4.20ubuntu5 |
2148 | + - updated debian/slapd.README.Debian for note on AppArmor |
2149 | + - debian/slapd.dirs: add etc/apparmor.d/force-complain |
2150 | + + Enable GSSAPI support (LP: #495418): |
2151 | + - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise): |
2152 | + - Add --with-gssapi support |
2153 | + - Make guess_service_principal() more robust when determining |
2154 | + principal |
2155 | + - debian/patches/series: apply gssapi.diff patch. |
2156 | + - debian/configure.options: Configure with --with-gssapi |
2157 | + - debian/control: Added libkrb5-dev as a build depend |
2158 | + + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support |
2159 | + in the openldap library, as required by Likewise-Open (LP: #390579) |
2160 | + + Don't build smbk5pwd overlay since it uses heimdal instead of krb5: |
2161 | + - debian/control: |
2162 | + - remove build-dependency on heimdal-dev. |
2163 | + - remove slapd-smbk5pwd binary package. |
2164 | + - debian/rules: don't build smbk5pwd slapd module. |
2165 | + + debian/{control,rules}: enable PIE hardening |
2166 | + + ufw support (LP: #423246): |
2167 | + - debian/control: suggest ufw. |
2168 | + - debian/rules: install ufw profile. |
2169 | + - debian/slapd.ufw.profile: add ufw profile. |
2170 | + + Enable nssoverlay: |
2171 | + - debian/patches/nssov-build, debian/series, debian/rules: |
2172 | + Apply, build and package the nss overlay. |
2173 | + - debian/schema/extra/misc.ldif: add ldif file for the misc schema |
2174 | + which defines rfc822MailMember (required by the nss overlay). |
2175 | + + debian/rules, debian/schema/extra/: |
2176 | + Fix configure rule to supports extra schemas shipped as part |
2177 | + of the debian/schema/ directory. |
2178 | + + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544) |
2179 | + + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in |
2180 | + neither the default DIT nor via an Authn mapping. |
2181 | + + debian/slapd.scripts-common: adjust minimum version that triggers a |
2182 | + database upgrade. Upgrade from maverick shouldn't trigger database |
2183 | + upgrade (which would happen with the version used in Debian). |
2184 | + + debian/slapd.scripts-common: add slapcat_opts to local variables. |
2185 | + Remove unused variable new_conf. |
2186 | + + debian/slapd.script-common: Fix package reconfiguration. |
2187 | + - Fix backup directory naming for multiple reconfiguration. |
2188 | + + debian/slapd.default, debian/slapd.README.Debian: |
2189 | + use the new configuration style. |
2190 | + + Install nss overlay (LP: #675391): |
2191 | + - debian/rules: run install target for nssov module. |
2192 | + - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema |
2193 | + + debian/patches/gssapi.diff: |
2194 | + - Update patch so that likewise-open is usuable again. (LP: #661547) |
2195 | + + debian/patches/service-operational-before-detach: New patch replacing old one |
2196 | + of the same name as previous could cause database corruption based on upstream commits. |
2197 | + (LP: #727973) |
2198 | + |
2199 | + -- Chuck Short <zulcss@ubuntu.com> Wed, 19 Oct 2011 20:53:08 +0000 |
2200 | + |
2201 | openldap (2.4.25-3) unstable; urgency=low |
2202 | |
2203 | * Brown paper bag: really fix the .links.in handling, so we don't generate |
2204 | @@ -1108,6 +3034,92 @@ openldap (2.4.25-2) unstable; urgency=low |
2205 | |
2206 | -- Steve Langasek <vorlon@debian.org> Sun, 14 Aug 2011 23:17:09 -0700 |
2207 | |
2208 | +openldap (2.4.25-1.1ubuntu4) oneiric; urgency=low |
2209 | + |
2210 | + * Brown paper bag: really fix the .links.in handling, so we don't generate |
2211 | + broken /usr/lib/${DEB_HOST_MULTIARCH} dirs. |
2212 | + |
2213 | + -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 15 Aug 2011 09:43:29 +0000 |
2214 | + |
2215 | +openldap (2.4.25-1.1ubuntu3) oneiric; urgency=low |
2216 | + |
2217 | + * Cherry-pick multiarch support from Debian (LP: #826601): |
2218 | + - Bump to compat level 7, so we don't have to spell out debian/tmp in |
2219 | + every single .install file |
2220 | + - Build for multiarch. |
2221 | + |
2222 | + -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 15 Aug 2011 02:23:43 -0700 |
2223 | + |
2224 | +openldap (2.4.25-1.1ubuntu2) oneiric; urgency=low |
2225 | + |
2226 | + * debian/apparmor-profile: Allow /var/run and /run. (LP: #810270) |
2227 | + |
2228 | + -- Martin Pitt <martin.pitt@ubuntu.com> Thu, 14 Jul 2011 15:18:02 +0200 |
2229 | + |
2230 | +openldap (2.4.25-1.1ubuntu1) oneiric; urgency=low |
2231 | + |
2232 | + * Merge from debian unstable. Remaining changes: |
2233 | + - Install a default DIT (LP: #442498). |
2234 | + - Document cn=config in README file (LP: #370784). |
2235 | + - remaining changes: |
2236 | + + AppArmor support: |
2237 | + - debian/apparmor-profile: add AppArmor profile |
2238 | + - use dh_apparmor: |
2239 | + - debian/rules: use dh_apparmor |
2240 | + - debian/control: Build-Depends on debhelper 7.4.20ubuntu5 |
2241 | + - updated debian/slapd.README.Debian for note on AppArmor |
2242 | + - debian/slapd.dirs: add etc/apparmor.d/force-complain |
2243 | + + Enable GSSAPI support (LP: #495418): |
2244 | + - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise): |
2245 | + - Add --with-gssapi support |
2246 | + - Make guess_service_principal() more robust when determining |
2247 | + principal |
2248 | + - debian/patches/series: apply gssapi.diff patch. |
2249 | + - debian/configure.options: Configure with --with-gssapi |
2250 | + - debian/control: Added libkrb5-dev as a build depend |
2251 | + + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support |
2252 | + in the openldap library, as required by Likewise-Open (LP: #390579) |
2253 | + + Don't build smbk5pwd overlay since it uses heimdal instead of krb5: |
2254 | + - debian/control: |
2255 | + - remove build-dependency on heimdal-dev. |
2256 | + - remove slapd-smbk5pwd binary package. |
2257 | + - debian/rules: don't build smbk5pwd slapd module. |
2258 | + + debian/{control,rules}: enable PIE hardening |
2259 | + + ufw support (LP: #423246): |
2260 | + - debian/control: suggest ufw. |
2261 | + - debian/rules: install ufw profile. |
2262 | + - debian/slapd.ufw.profile: add ufw profile. |
2263 | + + Enable nssoverlay: |
2264 | + - debian/patches/nssov-build, debian/series, debian/rules: |
2265 | + Apply, build and package the nss overlay. |
2266 | + - debian/schema/extra/misc.ldif: add ldif file for the misc schema |
2267 | + which defines rfc822MailMember (required by the nss overlay). |
2268 | + + debian/rules, debian/schema/extra/: |
2269 | + Fix configure rule to supports extra schemas shipped as part |
2270 | + of the debian/schema/ directory. |
2271 | + + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544) |
2272 | + + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in |
2273 | + neither the default DIT nor via an Authn mapping. |
2274 | + + debian/slapd.scripts-common: adjust minimum version that triggers a |
2275 | + database upgrade. Upgrade from maverick shouldn't trigger database |
2276 | + upgrade (which would happen with the version used in Debian). |
2277 | + + debian/slapd.scripts-common: add slapcat_opts to local variables. |
2278 | + Remove unused variable new_conf. |
2279 | + + debian/slapd.script-common: Fix package reconfiguration. |
2280 | + - Fix backup directory naming for multiple reconfiguration. |
2281 | + + debian/slapd.default, debian/slapd.README.Debian: |
2282 | + use the new configuration style. |
2283 | + + Install nss overlay (LP: #675391): |
2284 | + - debian/rules: run install target for nssov module. |
2285 | + - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema |
2286 | + + debian/patches/gssapi.diff: |
2287 | + - Update patch so that likewise-open is usuable again. (LP: #661547) |
2288 | + + debian/patches/service-operational-before-detach: New patch replacing old one |
2289 | + of the same name as previous could cause database corruption based on upstream commits. |
2290 | + (LP: #727973) |
2291 | + |
2292 | + -- Chuck Short <zulcss@ubuntu.com> Sun, 05 Jun 2011 17:38:40 +0100 |
2293 | + |
2294 | openldap (2.4.25-1.1) unstable; urgency=low |
2295 | |
2296 | * Non-maintainer upload to fix RC bug. |
2297 | @@ -1115,6 +3127,75 @@ openldap (2.4.25-1.1) unstable; urgency=low |
2298 | |
2299 | -- Thijs Kinkhorst <thijs@debian.org> Tue, 31 May 2011 11:57:29 +0200 |
2300 | |
2301 | +openldap (2.4.25-1ubuntu1) oneiric; urgency=low |
2302 | + |
2303 | + * Merge from debian unstable. Remaining changes: |
2304 | + - Install a default DIT (LP: #442498). |
2305 | + - Document cn=config in README file (LP: #370784). |
2306 | + - remaining changes: |
2307 | + + AppArmor support: |
2308 | + - debian/apparmor-profile: add AppArmor profile |
2309 | + - use dh_apparmor: |
2310 | + - debian/rules: use dh_apparmor |
2311 | + - debian/control: Build-Depends on debhelper 7.4.20ubuntu5 |
2312 | + - updated debian/slapd.README.Debian for note on AppArmor |
2313 | + - debian/slapd.dirs: add etc/apparmor.d/force-complain |
2314 | + + Enable GSSAPI support (LP: #495418): |
2315 | + - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise): |
2316 | + - Add --with-gssapi support |
2317 | + - Make guess_service_principal() more robust when determining |
2318 | + principal |
2319 | + - debian/patches/series: apply gssapi.diff patch. |
2320 | + - debian/configure.options: Configure with --with-gssapi |
2321 | + - debian/control: Added libkrb5-dev as a build depend |
2322 | + + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support |
2323 | + in the openldap library, as required by Likewise-Open (LP: #390579) |
2324 | + + Don't build smbk5pwd overlay since it uses heimdal instead of krb5: |
2325 | + - debian/control: |
2326 | + - remove build-dependency on heimdal-dev. |
2327 | + - remove slapd-smbk5pwd binary package. |
2328 | + - debian/rules: don't build smbk5pwd slapd module. |
2329 | + + debian/{control,rules}: enable PIE hardening |
2330 | + + ufw support (LP: #423246): |
2331 | + - debian/control: suggest ufw. |
2332 | + - debian/rules: install ufw profile. |
2333 | + - debian/slapd.ufw.profile: add ufw profile. |
2334 | + + Enable nssoverlay: |
2335 | + - debian/patches/nssov-build, debian/series, debian/rules: |
2336 | + Apply, build and package the nss overlay. |
2337 | + - debian/schema/extra/misc.ldif: add ldif file for the misc schema |
2338 | + which defines rfc822MailMember (required by the nss overlay). |
2339 | + + debian/rules, debian/schema/extra/: |
2340 | + Fix configure rule to supports extra schemas shipped as part |
2341 | + of the debian/schema/ directory. |
2342 | + + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544) |
2343 | + + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in |
2344 | + neither the default DIT nor via an Authn mapping. |
2345 | + + debian/slapd.scripts-common: adjust minimum version that triggers a |
2346 | + database upgrade. Upgrade from maverick shouldn't trigger database |
2347 | + upgrade (which would happen with the version used in Debian). |
2348 | + + debian/slapd.scripts-common: add slapcat_opts to local variables. |
2349 | + Remove unused variable new_conf. |
2350 | + + debian/slapd.script-common: Fix package reconfiguration. |
2351 | + - Fix backup directory naming for multiple reconfiguration. |
2352 | + + debian/slapd.default, debian/slapd.README.Debian: |
2353 | + use the new configuration style. |
2354 | + + Install nss overlay (LP: #675391): |
2355 | + - debian/rules: run install target for nssov module. |
2356 | + - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema |
2357 | + + debian/patches/gssapi.diff: |
2358 | + - Update patch so that likewise-open is usuable again. (LP: #661547) |
2359 | + + debian/patches/service-operational-before-detach: New patch replacing old one |
2360 | + of the same name as previous could cause database corruption based on upstream commits. |
2361 | + (LP: #727973) |
2362 | + + Dropped: |
2363 | + - debian/patches/gold: Use the debian version instead |
2364 | + - debian/patches/CVE-2011-1024: Fixed upstream |
2365 | + - debian/patches/CVE-2011-1025: Fixed upstream |
2366 | + - debian/patches/CVE-2011-1081: Fixed upstream |
2367 | + |
2368 | + -- Chuck Short <zulcss@ubuntu.com> Sun, 08 May 2011 16:34:09 +0100 |
2369 | + |
2370 | openldap (2.4.25-1) unstable; urgency=low |
2371 | |
2372 | * New upstream version (Closes: #617606, #618904, #606815, #608813) |
2373 | @@ -1146,6 +3227,116 @@ openldap (2.4.23-7) unstable; urgency=low |
2374 | |
2375 | -- Matthijs Mohlmann <matthijs@cacholong.nl> Sat, 06 Nov 2010 12:13:01 +0100 |
2376 | |
2377 | +openldap (2.4.23-6ubuntu7) oneiric; urgency=low |
2378 | + |
2379 | + * Rebuild for Perl 5.12. |
2380 | + |
2381 | + -- Colin Watson <cjwatson@ubuntu.com> Sun, 08 May 2011 13:40:28 +0100 |
2382 | + |
2383 | +openldap (2.4.23-6ubuntu6) natty; urgency=low |
2384 | + |
2385 | + * SECURITY UPDATE: fix successful anonymous bind via chain overlay when |
2386 | + using forwarded authentication failures |
2387 | + - debian/patches/CVE-2011-1024 |
2388 | + - CVE-2011-1024 |
2389 | + * SECURITY UPDATE: verify password when authenticating to rootdn and using ndb |
2390 | + backend. Note: Ubuntu is not compiled with --enable-ndb by default |
2391 | + - debian/patches/CVE-2011-1025 |
2392 | + - CVE-2011-1025 |
2393 | + * SECURITY UPDATE: fix DoS when processing unauthenticated modrdn requests |
2394 | + and requestDN is empty |
2395 | + - debian/patches/CVE-2011-1081 |
2396 | + - CVE-2011-1081 |
2397 | + - LP: #742104 |
2398 | + |
2399 | + -- Jamie Strandboge <jamie@ubuntu.com> Thu, 07 Apr 2011 11:36:53 -0500 |
2400 | + |
2401 | +openldap (2.4.23-6ubuntu5) natty; urgency=low |
2402 | + |
2403 | + * debian/patches/service-operational-before-detach: New patch replacing |
2404 | + old one of same name as previous could cause database corruption, |
2405 | + based on upstream commits. (LP: #727973) |
2406 | + |
2407 | + -- Dave Walker (Daviey) <DaveWalker@ubuntu.com> Wed, 02 Mar 2011 20:33:08 +0000 |
2408 | + |
2409 | +openldap (2.4.23-6ubuntu4) natty; urgency=low |
2410 | + |
2411 | + * Fix FTBFS with ld.gold. |
2412 | + |
2413 | + -- Matthias Klose <doko@ubuntu.com> Wed, 19 Jan 2011 07:39:49 +0100 |
2414 | + |
2415 | +openldap (2.4.23-6ubuntu3) natty; urgency=low |
2416 | + |
2417 | + * debian/patches/gssapi.diff: |
2418 | + Update patch so that likewise-open is usable again (LP: #661547) |
2419 | + |
2420 | + -- Thierry Carrez (ttx) <thierry.carrez@ubuntu.com> Fri, 26 Nov 2010 15:50:11 +0100 |
2421 | + |
2422 | +openldap (2.4.23-6ubuntu2) natty; urgency=low |
2423 | + |
2424 | + * Install nss overlay (LP: #675391): |
2425 | + - debian/rules: run install target for nssov module. |
2426 | + - debian/patches/nssov-build: fix patch to install schema in |
2427 | + /etc/ldap/schema. |
2428 | + |
2429 | + -- Mathias Gug <mathiaz@ubuntu.com> Wed, 17 Nov 2010 18:16:42 -0500 |
2430 | + |
2431 | +openldap (2.4.23-6ubuntu1) natty; urgency=low |
2432 | + |
2433 | + * Merge from Debian unstable: |
2434 | + - Install a default DIT (LP: #442498). |
2435 | + - Document cn=config in README file (LP: #370784). |
2436 | + - remaining changes: |
2437 | + + AppArmor support: |
2438 | + - debian/apparmor-profile: add AppArmor profile |
2439 | + - use dh_apparmor: |
2440 | + - debian/rules: use dh_apparmor |
2441 | + - debian/control: Build-Depends on debhelper 7.4.20ubuntu5 |
2442 | + - updated debian/slapd.README.Debian for note on AppArmor |
2443 | + - debian/slapd.dirs: add etc/apparmor.d/force-complain |
2444 | + + Enable GSSAPI support (LP: #495418): |
2445 | + - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise): |
2446 | + - Add --with-gssapi support |
2447 | + - Make guess_service_principal() more robust when determining |
2448 | + principal |
2449 | + - debian/patches/series: apply gssapi.diff patch. |
2450 | + - debian/configure.options: Configure with --with-gssapi |
2451 | + - debian/control: Added libkrb5-dev as a build depend |
2452 | + + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support |
2453 | + in the openldap library, as required by Likewise-Open (LP: #390579) |
2454 | + + Don't build smbk5pwd overlay since it uses heimdal instead of krb5: |
2455 | + - debian/control: |
2456 | + - remove build-dependency on heimdal-dev. |
2457 | + - remove slapd-smbk5pwd binary package. |
2458 | + - debian/rules: don't build smbk5pwd slapd module. |
2459 | + + debian/{control,rules}: enable PIE hardening |
2460 | + + ufw support (LP: #423246): |
2461 | + - debian/control: suggest ufw. |
2462 | + - debian/rules: install ufw profile. |
2463 | + - debian/slapd.ufw.profile: add ufw profile. |
2464 | + + Enable nssoverlay: |
2465 | + - debian/patches/nssov-build, debian/series, debian/rules: |
2466 | + Apply, build and package the nss overlay. |
2467 | + - debian/schema/extra/misc.ldif: add ldif file for the misc schema |
2468 | + which defines rfc822MailMember (required by the nss overlay). |
2469 | + + debian/rules, debian/schema/extra/: |
2470 | + Fix configure rule to supports extra schemas shipped as part |
2471 | + of the debian/schema/ directory. |
2472 | + + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544) |
2473 | + + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in |
2474 | + neither the default DIT nor via an Authn mapping. |
2475 | + + debian/slapd.scripts-common: adjust minimum version that triggers a |
2476 | + database upgrade. Upgrade from maverick shouldn't trigger database |
2477 | + upgrade (which would happen with the version used in Debian). |
2478 | + + debian/slapd.scripts-common: add slapcat_opts to local variables. |
2479 | + Remove unused variable new_conf. |
2480 | + + debian/slapd.script-common: Fix package reconfiguration. |
2481 | + - Fix backup directory naming for multiple reconfiguration. |
2482 | + + debian/slapd.default, debian/slapd.README.Debian: |
2483 | + use the new configuration style. |
2484 | + |
2485 | + -- Mathias Gug <mathiaz@ubuntu.com> Fri, 12 Nov 2010 15:19:07 -0500 |
2486 | + |
2487 | openldap (2.4.23-6) unstable; urgency=high |
2488 | |
2489 | * Check for an empty directory to prevent an rm -f /*. (Closes: #597704) |
2490 | @@ -1268,6 +3459,80 @@ openldap (2.4.23-1) unstable; urgency=low |
2491 | |
2492 | -- Matthijs Mohlmann <matthijs@cacholong.nl> Mon, 12 Jul 2010 13:25:00 +0200 |
2493 | |
2494 | +openldap (2.4.23-0ubuntu4) natty; urgency=low |
2495 | + |
2496 | + * debian/slapd.templates: amended typo in slapd/move_old_database |
2497 | + (LP: #666028) |
2498 | + |
2499 | + -- James Page <james.page@canonical.com> Mon, 08 Nov 2010 10:00:58 +0000 |
2500 | + |
2501 | +openldap (2.4.23-0ubuntu3.2) maverick-proposed; urgency=low |
2502 | + |
2503 | + * debian/slapd.templates: re-add slapd/move_old_database template as it's |
2504 | + used during the package upgrade. Thanks to James Page for pointing it. |
2505 | + * debian/slapd.config: restore debconf question slapd/move_old_database. |
2506 | + |
2507 | + -- Mathias Gug <mathiaz@ubuntu.com> Thu, 14 Oct 2010 16:56:38 -0400 |
2508 | + |
2509 | +openldap (2.4.23-0ubuntu3.1) maverick-proposed; urgency=low |
2510 | + |
2511 | + [ James Page ] |
2512 | + * Fixed install/upgrade process to dump/restore databases due |
2513 | + to uplift to libdb4.8-dev (LP: #658227) |
2514 | + |
2515 | + -- Mathias Gug <mathiaz@ubuntu.com> Thu, 14 Oct 2010 14:50:49 -0400 |
2516 | + |
2517 | +openldap (2.4.23-0ubuntu3) maverick; urgency=low |
2518 | + |
2519 | + * debian/rules: move dh_apparmor before dh_installinit |
2520 | + |
2521 | + -- Jamie Strandboge <jamie@ubuntu.com> Fri, 06 Aug 2010 17:34:21 -0500 |
2522 | + |
2523 | +openldap (2.4.23-0ubuntu2) maverick; urgency=low |
2524 | + |
2525 | + * convert to using dh_apparmor: |
2526 | + - debian/rules, debian/slapd.post{inst,rm}: use dh_apparmor |
2527 | + - debian/control: Build-Depends on debhelper 7.4.20ubuntu5 |
2528 | + * debian/apparmor-profile: use local include |
2529 | + |
2530 | + -- Jamie Strandboge <jamie@ubuntu.com> Fri, 06 Aug 2010 15:08:55 -0500 |
2531 | + |
2532 | +openldap (2.4.23-0ubuntu1) maverick; urgency=low |
2533 | + |
2534 | + * New release, features include: |
2535 | + + Fixed libldap to return server's error code (ITS#6569) |
2536 | + + Fixed libldap memleaks (ITS#6568) |
2537 | + + Fixed liblutil off-by-one with delta (ITS#6541) |
2538 | + + Fixed slapd acls with glued databases (ITS#6468) |
2539 | + + Fixed slapd syncrepl rid logging (ITS#6533) |
2540 | + + Fixed slapd modrdn handling of invalid values (ITS#6570) |
2541 | + + Fixed slapd-bdb hasSubordinates computation (ITS#6549) |
2542 | + + Fixed slapd-bdb to use memcpy instead for strcpy (ITS#6474) |
2543 | + + Fixed slapd-bdb entry cache delete failure (ITS#6577) |
2544 | + + Fixed slapd-ldap to return control responses (ITS#6530) |
2545 | + + Fixed slapo-ppolicy to use Debug (ITS#6566) |
2546 | + + Fixed slapo-refint to zero out freed DN vals (ITS#6572) |
2547 | + + Fixed slapo-rwm to use Debug (ITS#6566) |
2548 | + + Fixed slapo-sssvlv to use Debug (ITS#6566) |
2549 | + + Fixed slapo-syncprov lost deletes in refresh phase (ITS#6555) |
2550 | + + Fixed slapo-valsort to use Debug (ITS#6566) |
2551 | + + Fixed contrib/nssov network.c missing patch (ITS#6562) |
2552 | + + Fixed test043 attribute sorting (ITS#6553) |
2553 | + + slapd-config(5) note default rootdn (ITS#6546) |
2554 | + * Rebased patches debian/patches/dropped nssov-build |
2555 | + * Resynchronize with Debian: |
2556 | + + debian/control: |
2557 | + - Bump standards-version to 3.9.0 |
2558 | + - Use libdb4.8-dev (LP: #572489) |
2559 | + + Added debian/patches/issue-6534-patch |
2560 | + + Added debian/patches/ldap-conf-tls-cacertdir |
2561 | + * Add ufw support, thanks to PatRiehecky (LP: #423246) |
2562 | + |
2563 | + [Adam Sommer] |
2564 | + * debian/rules, debian/slapd.py: Add apport hook. (LP: #610544) |
2565 | + |
2566 | + -- Chuck Short <zulcss@ubuntu.com> Wed, 28 Jul 2010 11:35:16 -0400 |
2567 | + |
2568 | openldap (2.4.21-1) unstable; urgency=low |
2569 | |
2570 | [ Steve Langasek ] |
2571 | @@ -1299,6 +3564,79 @@ openldap (2.4.21-1) unstable; urgency=low |
2572 | |
2573 | -- Matthijs Mohlmann <matthijs@cacholong.nl> Thu, 22 Apr 2010 23:40:30 +0200 |
2574 | |
2575 | +openldap (2.4.21-0ubuntu5) lucid; urgency=low |
2576 | + |
2577 | + * Fix local root connection access: replace olcAuthzRegexp mapping to |
2578 | + cn=localroot,cn=config with using the SASL dn directly in olcAccess. |
2579 | + Makes upgrades much simpler and robust (LP: #563829). |
2580 | + |
2581 | + -- Mathias Gug <mathiaz@ubuntu.com> Fri, 23 Apr 2010 00:23:31 -0400 |
2582 | + |
2583 | +openldap (2.4.21-0ubuntu4) lucid; urgency=low |
2584 | + |
2585 | + [ Simon Olofsson ] |
2586 | + * debian/slapd.postinst: |
2587 | + - Show a message after successful migration (LP: #538848) |
2588 | + |
2589 | + [ Jorgen Rosink ] |
2590 | + * debian/slapd.init: add simple status checking with LSB compatible exit |
2591 | + codes (LP: #562377) |
2592 | + * debian/slapd.init.ldif: |
2593 | + - remove admin user in default config database (LP: #556176) |
2594 | + - in default config, add olcAccess entries giving access to controls |
2595 | + available and cn=subschema (LP: #427842) |
2596 | + |
2597 | + [ Scott Moser ] |
2598 | + * debian/slapd.scripts-common: Do not create /nonexistent directory |
2599 | + for openldap user's home (LP: #556176) |
2600 | + * debian/slapd.postinst: fix cn=config olcAccess migration (LP: #559070) |
2601 | + |
2602 | + -- Scott Moser <smoser@ubuntu.com> Mon, 12 Apr 2010 16:16:47 -0400 |
2603 | + |
2604 | +openldap (2.4.21-0ubuntu3) lucid; urgency=low |
2605 | + |
2606 | + * debian/slapd.postinst, debian/slapd.scripts-common: Upgrade databases |
2607 | + before trying to convert to slapd.d, to avoid upgrade failure from hardy |
2608 | + (LP: #536958) |
2609 | + * debian/slapd.postinst: Add a {1} numeric index to olcAccess entry in |
2610 | + olcDatabase={0}config.ldif to avoid upgrade failures (LP: #538516, #526230) |
2611 | + |
2612 | + -- Thierry Carrez <thierry.carrez@ubuntu.com> Mon, 29 Mar 2010 13:31:47 +0200 |
2613 | + |
2614 | +openldap (2.4.21-0ubuntu2) lucid; urgency=low |
2615 | + |
2616 | + * debian/apparmor-profile: Update apparmor profile. (LP: #508190) |
2617 | + |
2618 | + -- Chuck Short <zulcss@ubuntu.com> Tue, 09 Mar 2010 13:33:35 -0500 |
2619 | + |
2620 | +openldap (2.4.21-0ubuntu1) lucid; urgency=low |
2621 | + |
2622 | + * New upstream release. |
2623 | + * debian/rules, debian/schema/extra/: |
2624 | + Fix get-orig-source rule to supports extra schemas shipped as part of the |
2625 | + debian/schema/ directory. |
2626 | + |
2627 | + -- Mathias Gug <mathiaz@ubuntu.com> Thu, 18 Feb 2010 00:58:13 -0500 |
2628 | + |
2629 | +openldap (2.4.18-0ubuntu2) lucid; urgency=low |
2630 | + |
2631 | + * debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise): |
2632 | + - Add --with-gssapi support |
2633 | + - Make guess_service_principal() more robust when determining principal |
2634 | + * Enable GSSAPI support (LP: #495418): |
2635 | + - debian/configure.options: Configure with --with-gssapi |
2636 | + - debian/control: Added libkrb5-dev as a build depend |
2637 | + |
2638 | + -- Thierry Carrez <thierry.carrez@ubuntu.com> Fri, 11 Dec 2009 11:31:11 +0100 |
2639 | + |
2640 | +openldap (2.4.18-0ubuntu1) karmic; urgency=low |
2641 | + |
2642 | + * New upstream release: (LP: #419515): |
2643 | + + pcache overlay supports disconnected mode. |
2644 | + * Fix nss overlay load (LP: #417163). |
2645 | + |
2646 | + -- Mathias Gug <mathiaz@ubuntu.com> Mon, 07 Sep 2009 13:41:10 -0400 |
2647 | + |
2648 | openldap (2.4.17-2.1) unstable; urgency=high |
2649 | |
2650 | * Non-maintainer upload by the Security Team. |
2651 | @@ -1325,6 +3663,108 @@ openldap (2.4.17-2) unstable; urgency=low |
2652 | |
2653 | -- Steve Langasek <vorlon@debian.org> Tue, 22 Sep 2009 20:06:34 -0700 |
2654 | |
2655 | +openldap (2.4.17-1ubuntu3) karmic; urgency=low |
2656 | + |
2657 | + * Install a minimal slapd configuration instead of creating a default |
2658 | + database with a default DIT: |
2659 | + + Move openldap user home from /var/lib/ldap to /nonexistent. |
2660 | + + Remove all code and templates dealing with the default database and DIT |
2661 | + creation. |
2662 | + + Add an Authz map from root user (UID=0) to cn=localroot,cn=config and |
2663 | + grant all access to the latter in the cn=config database as well as the |
2664 | + default backend configuration. |
2665 | + * Add cn=localroot,cn=config authz mapping on upgrades. |
2666 | + |
2667 | + -- Mathias Gug <mathiaz@ubuntu.com> Tue, 11 Aug 2009 14:48:56 -0400 |
2668 | + |
2669 | +openldap (2.4.17-1ubuntu2) karmic; urgency=low |
2670 | + |
2671 | + [ Thierry Carrez ] |
2672 | + * debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support |
2673 | + in the openldap library, as required by Likewise-Open (LP: #390579) |
2674 | + |
2675 | + [ Mathias Gug ] |
2676 | + * debian/patches/its6077-uniqueness-overlay: fixes some issues with the |
2677 | + uniqueness overlay. |
2678 | + * debian/patches/its6220-writetimeout-directive: fixes a problem with the |
2679 | + writetimeout directive being in effect even if it wasn't set, |
2680 | + closing connections incorrectly. |
2681 | + * debian/patches/its6222-dncachesize-parameter: fixes the behavior of the |
2682 | + dncachesize parameter that was added in RE24, so that if it is set to |
2683 | + "0" (now the default), it has an unlimited DN cache (RE23 always |
2684 | + had an unlimited DN cache). |
2685 | + |
2686 | + -- Mathias Gug <mathiaz@ubuntu.com> Fri, 31 Jul 2009 13:43:46 -0400 |
2687 | + |
2688 | +openldap (2.4.17-1ubuntu1) karmic; urgency=low |
2689 | + |
2690 | + [ Steve Langasek ] |
2691 | + * Fix up the lintian warnings: |
2692 | + - add missing misc-depends on all packages |
2693 | + - slapd, libldap-2.4-2-dbg sections changed to 'debug' to match archive |
2694 | + overrides |
2695 | + - bump Standards-Version to 3.8.2, no changes required. |
2696 | + |
2697 | + [ Mathias Gug ] |
2698 | + * Resynchronise with Debian. Remaining changes: |
2699 | + - AppArmor support: |
2700 | + - debian/apparmor-profile: add AppArmor profile |
2701 | + - updated debian/slapd.README.Debian for note on AppArmor |
2702 | + - debian/slapd.dirs: add etc/apparmor.d/force-complain |
2703 | + - debian/slapd.postrm: remove symlink in force-complain/ on purge |
2704 | + - debian/rules: install apparmor profile. |
2705 | + - Don't use local statement in config script as it fails if /bin/sh |
2706 | + points to bash. |
2707 | + - debian/slapd.postinst, debian/slapd.script-common: set correct |
2708 | + ownership and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group |
2709 | + readable) and /var/run/slapd (world readable). |
2710 | + - Enable nssoverlay: |
2711 | + - debian/patches/nssov-build, debian/rules: Build and package the nss |
2712 | + overlay. |
2713 | + - debian/schema/misc.ldif: add ldif file for the misc schema which |
2714 | + defines rfc822MailMember (required by the nss overlay). |
2715 | + - debian/{control,rules}: enable PIE hardening |
2716 | + - Use cn=config as the default configuration backend instead of |
2717 | + slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade |
2718 | + asking the end user to enter a new password to control the access to |
2719 | + the cn=config tree. |
2720 | + - debian/slapd.postinst: create /var/run/slapd before updating its |
2721 | + permissions. |
2722 | + - debian/slapd.init: Correctly set slapd config backend option even if |
2723 | + the pidfile is configured in slapd default file. |
2724 | + * Dropped: |
2725 | + - Merged in Debian: |
2726 | + - Update priority of libldap-2.4-2 to match the archive override. |
2727 | + - Add the missing ldapexop and ldapurl tools to ldap-utils, as well as |
2728 | + the ldapurl(1) manpage. |
2729 | + - Bump build-dependency on debhelper to 6 instead of 5, since that's |
2730 | + what we're using. |
2731 | + - Set the default SLAPD_SERVICES to ldap:/// ldapi:///, instead of using |
2732 | + the built-in default of ldap:/// only. |
2733 | + - Fixed in upstream release: |
2734 | + - debian/patches/fix-ldap_back_entry_get_rwa.patch: fix test-0034 |
2735 | + failure when built with PIE. |
2736 | + - debian/patches/gnutls-enable-v1-ca-certs: Enable V1 CA certs to be |
2737 | + trusted. |
2738 | + - Update Apparmor profile support: don't support upgrade from pre-hardy |
2739 | + systems: |
2740 | + - debian/slapd.postinst: Reload AA profile on configuration |
2741 | + - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6 |
2742 | + - debian/control: Conflicts with apparmor-profiles << |
2743 | + 2.1+1075-0ubuntu4 to make sure that if earlier version of |
2744 | + apparmor-profiles gets installed it won't overwrite our profile. |
2745 | + - follow ApparmorProfileMigration and force apparmor complain mode on |
2746 | + some upgrades |
2747 | + - debian/slapd.preinst: create symlink for force-complain on |
2748 | + pre-feisty upgrades, upgrades where apparmor-profiles profile is |
2749 | + unchanged (ie non-enforcing) and upgrades where apparmor profile |
2750 | + does not exist. |
2751 | + - debian/patches/autogen.sh: no longer needed with karmic libtool. |
2752 | + - Call libtoolize with the --install option to install |
2753 | + config.{guess,sub} files. |
2754 | + |
2755 | + -- Mathias Gug <mathiaz@ubuntu.com> Thu, 30 Jul 2009 16:42:58 -0400 |
2756 | + |
2757 | openldap (2.4.17-1) unstable; urgency=low |
2758 | |
2759 | * New upstream version. |
2760 | @@ -1347,6 +3787,153 @@ openldap (2.4.17-1) unstable; urgency=low |
2761 | |
2762 | -- Steve Langasek <vorlon@debian.org> Tue, 28 Jul 2009 10:17:15 -0700 |
2763 | |
2764 | +openldap (2.4.15-1.1ubuntu1) karmic; urgency=low |
2765 | + |
2766 | + * Resynchronise with Debian. Remaining changes: |
2767 | + - AppArmor support: |
2768 | + - debian/apparmor-profile: add AppArmor profile |
2769 | + - debian/slapd.postinst: Reload AA profile on configuration |
2770 | + - updated debian/slapd.README.Debian for note on AppArmor |
2771 | + - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6 |
2772 | + - debian/control: Conflicts with apparmor-profiles << |
2773 | + 2.1+1075-0ubuntu4 to make sure that if earlier version of |
2774 | + apparmor-profiles gets installed it won't overwrite our profile. |
2775 | + - follow ApparmorProfileMigration and force apparmor complain mode on |
2776 | + some upgrades |
2777 | + - debian/slapd.dirs: add etc/apparmor.d/force-complain |
2778 | + - debian/slapd.preinst: create symlink for force-complain on |
2779 | + pre-feisty upgrades, upgrades where apparmor-profiles profile is |
2780 | + unchanged (ie non-enforcing) and upgrades where apparmor profile |
2781 | + does not exist. |
2782 | + - debian/slapd.postrm: remove symlink in force-complain/ on purge |
2783 | + - debian/patches/autogen.sh: |
2784 | + - Call libtoolize with the --install option to install |
2785 | + config.{guess,sub} files. |
2786 | + - Don't use local statement in config script as it fails if /bin/sh |
2787 | + points to bash. |
2788 | + - debian/slapd.postinst, debian/slapd.script-common: set correct |
2789 | + ownership and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group |
2790 | + readable) and /var/run/slapd (world readable). |
2791 | + - Enable nssoverlay: |
2792 | + - debian/patches/nssov-build, debian/rules: Build and package the nss |
2793 | + overlay. |
2794 | + - debian/schema/misc.ldif: add ldif file for the misc schema which |
2795 | + defines rfc822MailMember (required by the nss overlay). |
2796 | + - debian/{control,rules}: enable PIE hardening |
2797 | + - Use cn=config as the default configuration backend instead of |
2798 | + slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade |
2799 | + asking the end user to enter a new password to control the access to |
2800 | + the cn=config tree. |
2801 | + - Update priority of libldap-2.4-2 to match the archive override. |
2802 | + - Add the missing ldapexop and ldapurl tools to ldap-utils, as well as |
2803 | + the ldapurl(1) manpage. |
2804 | + - Bump build-dependency on debhelper to 6 instead of 5, since that's |
2805 | + what we're using. |
2806 | + - Set the default SLAPD_SERVICES to ldap:/// ldapi:///, instead of using |
2807 | + the built-in default of ldap:/// only. |
2808 | + - debian/patches/fix-ldap_back_entry_get_rwa.patch: fix test-0034 |
2809 | + failure when built with PIE. |
2810 | + - debian/patches/gnutls-enable-v1-ca-certs: Enable V1 CA certs to be |
2811 | + trusted. |
2812 | + - debian/slapd.postinst: create /var/run/slapd before updating its |
2813 | + permissions. |
2814 | + - debian/slapd.init: Correctly set slapd config backend option even if |
2815 | + the pidfile is configured in slapd default file. |
2816 | + * Drop patch to avoid the test suite on hppa, as hppa is EOL. |
2817 | + |
2818 | + -- Colin Watson <cjwatson@ubuntu.com> Wed, 24 Jun 2009 10:45:20 +0100 |
2819 | + |
2820 | +openldap (2.4.15-1.1) unstable; urgency=low |
2821 | + |
2822 | + * Non-maintainer upload. |
2823 | + * Change libltdl3-dev Build-Depends to libltdl-dev | libltdl3-dev |
2824 | + (Closes: #522965) |
2825 | + |
2826 | + -- Kurt Roeckx <kurt@roeckx.be> Sun, 19 Apr 2009 18:24:32 +0200 |
2827 | + |
2828 | +openldap (2.4.15-1ubuntu3) jaunty; urgency=low |
2829 | + |
2830 | + * No-change rebuild to fix lpia shared library dependencies. |
2831 | + |
2832 | + -- Colin Watson <cjwatson@ubuntu.com> Thu, 19 Mar 2009 09:52:40 +0000 |
2833 | + |
2834 | +openldap (2.4.15-1ubuntu2) jaunty; urgency=low |
2835 | + |
2836 | + * debian/slapd.postinst: create /var/run/slapd before updating its |
2837 | + permissions (LP: #298928). |
2838 | + * debian/slapd.init: Correclty set slapd config backend option even if the |
2839 | + pidfile is configured in slapd default file (LP: #292364). |
2840 | + * debian/apparmor-profile: support multiple databases to be stored under |
2841 | + /var/lib/ldap/. (LP: #286614). |
2842 | + |
2843 | + -- Mathias Gug <mathiaz@ubuntu.com> Fri, 13 Mar 2009 13:56:12 -0400 |
2844 | + |
2845 | +openldap (2.4.15-1ubuntu1) jaunty; urgency=low |
2846 | + |
2847 | + [ Steve Langasek ] |
2848 | + * Update priority of libldap-2.4-2 to match the archive override. |
2849 | + * Add the missing ldapexop and ldapurl tools to ldap-utils, as well as the |
2850 | + ldapurl(1) manpage. Thanks to Peter Marschall for the patch. |
2851 | + Closes: #496749. |
2852 | + * Bump build-dependency on debhelper to 6 instead of 5, since that's |
2853 | + what we're using. Closes: #498116. |
2854 | + * Set the default SLAPD_SERVICES to ldap:/// ldapi:///, instead of using |
2855 | + the built-in default of ldap:/// only. |
2856 | + |
2857 | + [ Mathias Gug ] |
2858 | + * Merge from debian unstable, remaining changes: |
2859 | + - Modify Maintainer value to match the DebianMaintainerField |
2860 | + speficication. |
2861 | + - AppArmor support: |
2862 | + - debian/apparmor-profile: add AppArmor profile |
2863 | + - debian/slapd.postinst: Reload AA profile on configuration |
2864 | + - updated debian/slapd.README.Debian for note on AppArmor |
2865 | + - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6 |
2866 | + - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4 |
2867 | + to make sure that if earlier version of apparmour-profiles gets |
2868 | + installed it won't overwrite our profile. |
2869 | + - follow ApparmorProfileMigration and force apparmor compalin mode on |
2870 | + some upgrades (LP: #203529) |
2871 | + - debian/slapd.dirs: add etc/apparmor.d/force-complain |
2872 | + - debian/slapd.preinst: create symlink for force-complain on pre-feisty |
2873 | + upgrades, upgrades where apparmor-profiles profile is unchanged (ie |
2874 | + non-enforcing) and upgrades where apparmor profile does not exist. |
2875 | + - debian/slapd.postrm: remove symlink in force-complain/ on purge |
2876 | + - debian/control: |
2877 | + - Build-depend on libltdl7-dev rather then libltdl3-dev. |
2878 | + - debian/patches/autogen.sh: |
2879 | + - Call libtoolize with the --install option to install config.{guess,sub} |
2880 | + files. |
2881 | + - Don't use local statement in config script as it fails if /bin/sh |
2882 | + points to bash (LP: #286063). |
2883 | + - Disable the testsuite on hppa. Allows building of packages on this |
2884 | + architecture again, once this package is in the archive. |
2885 | + LP: #288908. |
2886 | + - debian/slapd.postinst, debian/slapd.script-common: set correct ownership |
2887 | + and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group readable) and |
2888 | + /var/run/slapd (world readable). (LP: #257667). |
2889 | + - Enable nssoverlay: |
2890 | + - debian/patches/nssov-build, debian/rules: Build and package |
2891 | + the nss overlay. |
2892 | + - debian/schema/misc.ldif: add ldif file for the misc schema |
2893 | + which defines rfc822MailMember (required by the nss overlay). |
2894 | + - debian/{control,rules}: enable PIE hardening |
2895 | + - Use cn=config as the default configuration backend instead of |
2896 | + slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade |
2897 | + asking the end user to enter a new password to control the access to the |
2898 | + cn=config tree. |
2899 | + * Dropped: |
2900 | + - debian/patches/corrupt-contextCSN: The contextCSN can get corrupted at |
2901 | + times. (ITS: #5947) Fixed in new upstream version 2.4.15. |
2902 | + - debian/patches/fix-ucred-libc due to changes how newer glibc handle |
2903 | + the ucred struct now. Implemented in Debian. |
2904 | + * debian/patches/fix-ldap_back_entry_get_rwa.patch: fix test-0034 failure |
2905 | + when built with PIE. |
2906 | + * debian/patches/gnutls-enable-v1-ca-certs: Enable V1 CA certs to be |
2907 | + trusted (LP: #305264). |
2908 | + |
2909 | + -- Mathias Gug <mathiaz@ubuntu.com> Fri, 06 Mar 2009 17:34:21 -0500 |
2910 | + |
2911 | openldap (2.4.15-1) unstable; urgency=low |
2912 | |
2913 | * New upstream version |
2914 | @@ -1364,6 +3951,69 @@ openldap (2.4.15-1) unstable; urgency=low |
2915 | |
2916 | -- Steve Langasek <vorlon@debian.org> Tue, 24 Feb 2009 14:27:35 -0800 |
2917 | |
2918 | +openldap (2.4.14-0ubuntu1) jaunty; urgency=low |
2919 | + |
2920 | + [ Steve Langasek ] |
2921 | + * New upstream version |
2922 | + - Fixes a bug with the pcache overlay not returning cached entries |
2923 | + (closes: #497697) |
2924 | + - Update evolution-ntlm patch to apply to current Makefiles. |
2925 | + - (tentatively) drop gnutls-ciphers, since this bug was reported to be |
2926 | + fixed upstream in 2.4.8. The fix applied in 2.4.8 didn't match the |
2927 | + patch from the bug report, so this should be watched for regressions. |
2928 | + * Build against db4.7 instead of db4.2 at last! Closes: #421946. |
2929 | + * Build with --disable-ndb, to avoid a misbuild when libmysqlclient is |
2930 | + installed in the build environment. |
2931 | + * New patch, no-crlcheck-for-gnutls, to fix a build failure when using |
2932 | + --with-tls=gnutls. |
2933 | + |
2934 | + [ Mathias Gug ] |
2935 | + * Merge from debian unstable, remaining changes: |
2936 | + - debian/apparmor-profile: add AppArmor profile |
2937 | + - debian/slapd.postinst: Reload AA profile on configuration |
2938 | + - updated debian/slapd.README.Debian for note on AppArmor |
2939 | + - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6 |
2940 | + - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4 |
2941 | + to make sure that if earlier version of apparmour-profiles gets |
2942 | + installed it won't overwrite our profile. |
2943 | + - Modify Maintainer value to match the DebianMaintainerField |
2944 | + speficication. |
2945 | + - follow ApparmorProfileMigration and force apparmor compalin mode on |
2946 | + some upgrades (LP: #203529) |
2947 | + - debian/slapd.dirs: add etc/apparmor.d/force-complain |
2948 | + - debian/slapd.preinst: create symlink for force-complain on pre-feisty |
2949 | + upgrades, upgrades where apparmor-profiles profile is unchanged (ie |
2950 | + non-enforcing) and upgrades where apparmor profile does not exist. |
2951 | + - debian/slapd.postrm: remove symlink in force-complain/ on purge |
2952 | + - debian/patches/fix-ucred-libc due to changes how newer glibc handle |
2953 | + the ucred struct now. |
2954 | + - debian/control: |
2955 | + - Build-depend on libltdl7-dev rather then libltdl3-dev. |
2956 | + - debian/patches/autogen.sh: |
2957 | + - Call libtoolize with the --install option to install config.{guess,sub} |
2958 | + files. |
2959 | + - Don't use local statement in config script as it fails if /bin/sh |
2960 | + points to bash (LP: #286063). |
2961 | + - Disable the testsuite on hppa. Allows building of packages on this |
2962 | + architecture again, once this package is in the archive. |
2963 | + LP: #288908. |
2964 | + - debian/slapd.postinst, debian/slapd.script-common: set correct ownership |
2965 | + and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group readable) and |
2966 | + /var/run/slapd (world readable). (LP: #257667). |
2967 | + - debian/patches/nssov-build, debian/rules: |
2968 | + Build and package the nss overlay. |
2969 | + debian/schema/misc.ldif: add ldif file for the misc schema, which defines |
2970 | + rfc822MailMember (required by the nss overlay). |
2971 | + - debian/{control,rules}: enable PIE hardening |
2972 | + - Use cn=config as the default configuration backend instead of |
2973 | + slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade |
2974 | + asking the end user to enter a new password to control the access to the |
2975 | + cn=config tree. |
2976 | + * debian/patches/corrupt-contextCSN: The contextCSN can get corrupted at |
2977 | + times. (ITS: #5947) |
2978 | + |
2979 | + -- Mathias Gug <mathiaz@ubuntu.com> Wed, 18 Feb 2009 18:44:00 -0500 |
2980 | + |
2981 | openldap (2.4.11-1) unstable; urgency=low |
2982 | |
2983 | * New upstream version (closes: #499560). |
2984 | @@ -1386,6 +4036,110 @@ openldap (2.4.11-1) unstable; urgency=low |
2985 | |
2986 | -- Steve Langasek <vorlon@debian.org> Sat, 11 Oct 2008 01:53:55 -0700 |
2987 | |
2988 | +openldap (2.4.11-0ubuntu7) jaunty; urgency=low |
2989 | + |
2990 | + * Don't use local statement in config script as it fails if /bin/sh |
2991 | + points to bash (LP: #286063). |
2992 | + |
2993 | + -- Mathias Gug <mathiaz@ubuntu.com> Tue, 04 Nov 2008 20:03:46 -0500 |
2994 | + |
2995 | +openldap (2.4.11-0ubuntu6) intrepid; urgency=low |
2996 | + |
2997 | + * Disable the testsuite on hppa. Allows building of packages on this |
2998 | + architecture again, once this package is in the archive. |
2999 | + LP: #288908. |
3000 | + |
3001 | + -- Matthias Klose <doko@ubuntu.com> Fri, 24 Oct 2008 23:22:33 +0200 |
3002 | + |
3003 | +openldap (2.4.11-0ubuntu5) intrepid; urgency=low |
3004 | + |
3005 | + * Don't set admin passwords in ldif files if adminpw is empty. |
3006 | + (LP: #273988 - LP: #276606). |
3007 | + |
3008 | + -- Mathias Gug <mathiaz@ubuntu.com> Mon, 13 Oct 2008 19:31:15 -0400 |
3009 | + |
3010 | +openldap (2.4.11-0ubuntu4) intrepid; urgency=low |
3011 | + |
3012 | + * debian/slapd.postinst, debian/slapd.script-common: set correct ownership |
3013 | + and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group readable) and |
3014 | + /var/run/slapd (world readable). (LP: #257667). |
3015 | + * debian/slapd.script-common: |
3016 | + - Fix package reconfiguration: |
3017 | + + Remove slapd.d/ directory if it already exists when creating a new |
3018 | + configuration. |
3019 | + + Fix backup directory naming for multiple reconfiguration. |
3020 | + |
3021 | + -- Mathias Gug <mathiaz@ubuntu.com> Wed, 24 Sep 2008 21:01:42 -0400 |
3022 | + |
3023 | +openldap (2.4.11-0ubuntu3) intrepid; urgency=low |
3024 | + |
3025 | + * debian/patches/nssov-build, debian/rules: |
3026 | + Build and package the nss overlay. |
3027 | + * debian/schema/misc.ldif: add ldif file for the misc schema, which defines |
3028 | + rfc822MailMember (required by the nss overlay). |
3029 | + |
3030 | + -- Mathias Gug <mathiaz@ubuntu.com> Tue, 26 Aug 2008 18:42:54 -0400 |
3031 | + |
3032 | +openldap (2.4.11-0ubuntu2) intrepid; urgency=low |
3033 | + |
3034 | + * debian/{control,rules}: enable PIE hardening |
3035 | + |
3036 | + -- Kees Cook <kees@ubuntu.com> Wed, 20 Aug 2008 15:47:01 -0700 |
3037 | + |
3038 | +openldap (2.4.11-0ubuntu1) intrepid; urgency=low |
3039 | + |
3040 | + * New upstream version: |
3041 | + - Mainly bug fixes. |
3042 | + - New nss slapd overlay (not compiled by default). |
3043 | + * Use cn=config as the default configuration backend instead of |
3044 | + slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade |
3045 | + asking the end user to enter a new password to control the access to the |
3046 | + cn=config tree. |
3047 | + |
3048 | + -- Mathias Gug <mathiaz@ubuntu.com> Mon, 11 Aug 2008 20:26:05 -0400 |
3049 | + |
3050 | +openldap (2.4.10-3ubuntu1) intrepid; urgency=low |
3051 | + |
3052 | + [ Mathias Gug ] |
3053 | + * Merge from debian unstable, remaining changes: |
3054 | + - debian/apparmor-profile: add AppArmor profile |
3055 | + - debian/slapd.postinst: Reload AA profile on configuration |
3056 | + - updated debian/slapd.README.Debian for note on AppArmor |
3057 | + - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6 |
3058 | + - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4 |
3059 | + to make sure that if earlier version of apparmour-profiles gets |
3060 | + installed it won't overwrite our profile. |
3061 | + - Modify Maintainer value to match the DebianMaintainerField |
3062 | + speficication. |
3063 | + - follow ApparmorProfileMigration and force apparmor compalin mode on |
3064 | + some upgrades (LP: #203529) |
3065 | + - debian/slapd.dirs: add etc/apparmor.d/force-complain |
3066 | + - debian/slapd.preinst: create symlink for force-complain on pre-feisty |
3067 | + upgrades, upgrades where apparmor-profiles profile is unchanged (ie |
3068 | + non-enforcing) and upgrades where apparmor profile does not exist. |
3069 | + - debian/slapd.postrm: remove symlink in force-complain/ on purge |
3070 | + - debian/patches/fix-ucred-libc due to changes how newer glibc handle |
3071 | + the ucred struct now. |
3072 | + - debian/patches/fix-unique-overlay-assertion.patch: |
3073 | + Fix another assertion error in unique overlay (LP: #243337). |
3074 | + Backport from head. |
3075 | + * Dropped - implemented in Debian: |
3076 | + - debian/patches/fix-gnutls-key-strength.patch: |
3077 | + Fix slapd handling of ssf using gnutls. (LP: #244925). |
3078 | + - debian/control: |
3079 | + Add time as build dependency: needed by make test. |
3080 | + * debian/control: |
3081 | + - Build-depend on libltdl7-dev rather then libltdl3-dev. |
3082 | + * debian/patches/autogen.sh: |
3083 | + - Call libtoolize with the --install option to install config.{guess,sub} |
3084 | + files. |
3085 | + |
3086 | + [ Jamie Strandboge ] |
3087 | + * adjust apparmor profile to allow gssapi (LP: #229252) |
3088 | + * adjust apparmor profile to allow cnconfig (LP: #243525) |
3089 | + |
3090 | + -- Mathias Gug <mathiaz@ubuntu.com> Wed, 30 Jul 2008 19:46:02 -0400 |
3091 | + |
3092 | openldap (2.4.10-3) unstable; urgency=low |
3093 | |
3094 | [ Steve Langasek ] |
3095 | @@ -1419,6 +4173,40 @@ openldap (2.4.10-3) unstable; urgency=low |
3096 | |
3097 | -- Steve Langasek <vorlon@debian.org> Mon, 28 Jul 2008 15:26:06 -0700 |
3098 | |
3099 | +openldap (2.4.10-2ubuntu1) intrepid; urgency=low |
3100 | + |
3101 | + * Merge from debian unstable, remaining changes: |
3102 | + - debian/apparmor-profile: add AppArmor profile |
3103 | + - debian/slapd.postinst: Reload AA profile on configuration |
3104 | + - updated debian/slapd.README.Debian for note on AppArmor |
3105 | + - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6 |
3106 | + - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4 |
3107 | + to make sure that if earlier version of apparmour-profiles gets |
3108 | + installed it won't overwrite our profile. |
3109 | + - Modify Maintainer value to match the DebianMaintainerField |
3110 | + speficication. |
3111 | + - follow ApparmorProfileMigration and force apparmor compalin mode on |
3112 | + some upgrades (LP: #203529) |
3113 | + - debian/slapd.dirs: add etc/apparmor.d/force-complain |
3114 | + - debian/slapd.preinst: create symlink for force-complain on pre-feisty |
3115 | + upgrades, upgrades where apparmor-profiles profile is unchanged (ie |
3116 | + non-enforcing) and upgrades where apparmor profile does not exist. |
3117 | + - debian/slapd.postrm: remove symlink in force-complain/ on purge |
3118 | + - debian/patches/fix-ucred-libc due to changes how newer glibc handle |
3119 | + the ucred struct now. |
3120 | + - debian/patches/fix-unique-overlay-assertion.patch: |
3121 | + Fix another assertion error in unique overlay (LP: #243337). |
3122 | + Backport from head. |
3123 | + - debian/patches/fix-gnutls-key-strength.patch: |
3124 | + Fix slapd handling of ssf using gnutls. (LP: #244925). |
3125 | + - debian/control: |
3126 | + Add time as build dependency: needed by make test. |
3127 | + * Dropped - implemented in Debian: |
3128 | + - debian/rules: |
3129 | + Support debuild nocheck option: don't run tests if nocheck is set. |
3130 | + |
3131 | + -- Mathias Gug <mathiaz@ubuntu.com> Thu, 10 Jul 2008 14:45:49 -0400 |
3132 | + |
3133 | openldap (2.4.10-2) unstable; urgency=low |
3134 | |
3135 | * Support DEB_BUILD_OPTIONS=nocheck to disable running the test suite at |
3136 | @@ -1433,6 +4221,54 @@ openldap (2.4.10-2) unstable; urgency=low |
3137 | |
3138 | -- Steve Langasek <vorlon@debian.org> Sun, 06 Jul 2008 22:03:32 -0700 |
3139 | |
3140 | +openldap2.3 (2.4.10-1ubuntu1) intrepid; urgency=low |
3141 | + |
3142 | + * Merge from debian unstable, remaining changes: |
3143 | + - debian/apparmor-profile: add AppArmor profile |
3144 | + - debian/slapd.postinst: Reload AA profile on configuration |
3145 | + - updated debian/slapd.README.Debian for note on AppArmor |
3146 | + - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6 |
3147 | + - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4 |
3148 | + to make sure that if earlier version of apparmour-profiles gets |
3149 | + installed it won't overwrite our profile. |
3150 | + - Modify Maintainer value to match the DebianMaintainerField |
3151 | + speficication. |
3152 | + - follow ApparmorProfileMigration and force apparmor compalin mode on |
3153 | + some upgrades (LP: #203529) |
3154 | + - debian/slapd.dirs: add etc/apparmor.d/force-complain |
3155 | + - debian/slapd.preinst: create symlink for force-complain on pre-feisty |
3156 | + upgrades, upgrades where apparmor-profiles profile is unchanged (ie |
3157 | + non-enforcing) and upgrades where apparmor profile does not exist. |
3158 | + - debian/slapd.postrm: remove symlink in force-complain/ on purge |
3159 | + - debian/patches/fix-ucred-libc due to changes how newer glibc handle |
3160 | + the ucred struct now. |
3161 | + - debian/patches/fix-unique-overlay-assertion.patch: |
3162 | + Fix another assertion error in unique overlay (LP: #243337). |
3163 | + Backport from head. |
3164 | + * debian/control: |
3165 | + - add time as build dependency: needed by make test. |
3166 | + * debian/rules: |
3167 | + - support debuild nocheck option: don't run tests if nocheck is set. |
3168 | + * debian/patches/fix-gnutls-key-strength.patch: |
3169 | + - fix slapd handling of ssf using gnutls. (LP: #244925). |
3170 | + * Dropped - accepted in Debian: |
3171 | + - debian/rules, debian/slapd.links: use hard links to slapd instead of |
3172 | + symlinks for slap* so these applications aren't confined by apparmor |
3173 | + (LP: #203898) |
3174 | + * Dropped - fixed in new upstream release: |
3175 | + - debian/patches/fix-assertion-io.patch: Fixes ber_flush2 assertion. |
3176 | + (LP: #215904) |
3177 | + - debian/patches/fix-dnpretty-assertion.patch: Fix dnPrettyNormal assertion |
3178 | + error. (LP: #234196) |
3179 | + - dropped debian/patches/fix-notify-crasher.patch: Fix modify timestamp crashes. |
3180 | + (LP: #220724) |
3181 | + - debian/patches/fix-syncrepl-oops: Fixes segmentation fault when using |
3182 | + syncrepl. (LP: #227178) |
3183 | + - dropped debian/patches/SECURITY_CVE-2008-0658.patch. Already applied |
3184 | + upstream. |
3185 | + |
3186 | + -- Mathias Gug <mathiaz@ubuntu.com> Thu, 03 Jul 2008 14:15:08 -0400 |
3187 | + |
3188 | openldap2.3 (2.4.10-1) unstable; urgency=low |
3189 | |
3190 | [ Steve Langasek ] |
3191 | @@ -1457,6 +4293,64 @@ openldap2.3 (2.4.10-1) unstable; urgency=low |
3192 | |
3193 | -- Steve Langasek <vorlon@debian.org> Mon, 30 Jun 2008 04:28:34 -0700 |
3194 | |
3195 | +openldap2.3 (2.4.9-1ubuntu4) intrepid; urgency=low |
3196 | + |
3197 | + * debian/patches/fix-unique-overlay-assertion.patch: |
3198 | + - Fix another assertion error in unique overlay, backported from head. |
3199 | + (LP: #243337) Note: This patch will still be needed when moved to 2.4.10 |
3200 | + |
3201 | + -- Chuck Short <zulcss@ubuntu.com> Mon, 30 Jun 2008 18:49:52 +0000 |
3202 | + |
3203 | +openldap2.3 (2.4.9-1ubuntu3) intrepid; urgency=low |
3204 | + |
3205 | + * Drop spurious dependency on hiemdal-dev. Caused by an aborted attempt to |
3206 | + include the smbk5pwd overlay. |
3207 | + |
3208 | + -- Chuck Short <zulcss@ubuntu.com> Wed, 11 Jun 2008 21:25:40 +0000 |
3209 | + |
3210 | +openldap2.3 (2.4.9-1ubuntu2) intrepid; urgency=low |
3211 | + |
3212 | + * Rebuild for perl 5.10 transition (LP: #230016) |
3213 | + * debian/patches/fix-syncrepl-oops: Fixes segmentation fault when using |
3214 | + syncrepl. (LP: #227178) |
3215 | + |
3216 | + -- Chuck Short <zulcss@ubuntu.com> Mon, 09 Jun 2008 14:56:40 +0000 |
3217 | + |
3218 | +openldap2.3 (2.4.9-1ubuntu1) intrepid; urgency=low |
3219 | + |
3220 | + * Merge from debian unstable, remaining changes: |
3221 | + - debian/apparmor-profile: add AppArmor profile |
3222 | + - debian/slapd.postinst: Reload AA profile on configuration |
3223 | + - updated debian/slapd.README.Debian for note on AppArmor |
3224 | + - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6 |
3225 | + - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4 |
3226 | + to make sure that if earlier version of apparmour-profiles gets |
3227 | + installed it won't overwrite our profile. |
3228 | + - Modify Maintainer value to match the DebianMaintainerField |
3229 | + speficication. |
3230 | + - follow ApparmorProfileMigration and force apparmor compalin mode on |
3231 | + some upgrades (LP: #203529) |
3232 | + - debian/slapd.dirs: add etc/apparmor.d/force-complain |
3233 | + - debian/slapd.preinst: create symlink for force-complain on pre-feisty |
3234 | + upgrades, upgrades where apparmor-profiles profile is unchanged (ie |
3235 | + non-enforcing) and upgrades where apparmor profile does not exist. |
3236 | + - debian/slapd.postrm: remove symlink in force-complain/ on purge |
3237 | + - debian/rules, debian/slapd.links: use hard links to slapd instead of |
3238 | + symlinks for slap* so these applications aren't confined by apparmor |
3239 | + (LP: #203898) |
3240 | + - debian/patches/fix-assertion-io.patch: Fixes ber_flush2 assertion. |
3241 | + (LP: #215904) |
3242 | + - debian/patches/fix-dnpretty-assertion.patch: Fix dnPrettyNormal assertion |
3243 | + error. (LP: #234196) |
3244 | + - dropped debian/patches/fix-notify-crasher.patch: Fix modify timestamp crashes. |
3245 | + (LP: #220724) |
3246 | + - dropped debian/patches/SECURITY_CVE-2008-0658.patch. Already applied |
3247 | + upstream. |
3248 | + * Added debian/patches/fix-ucred-libc due to changes how newer glibc handle |
3249 | + the ucred struct now. |
3250 | + |
3251 | + -- Chuck Short <zulcss@ubuntu.com> Fri, 30 May 2008 17:09:53 +0100 |
3252 | + |
3253 | openldap2.3 (2.4.9-1) unstable; urgency=low |
3254 | |
3255 | [ Updated debconf translations ] |
3256 | @@ -1527,6 +4421,51 @@ openldap2.3 (2.4.7-6.1) unstable; urgency=high |
3257 | |
3258 | -- Nico Golde <nion@debian.org> Tue, 04 Mar 2008 14:34:44 +0100 |
3259 | |
3260 | +openldap2.3 (2.4.7-6ubuntu3) hardy; urgency=low |
3261 | + |
3262 | + * remove apparmor-profile workaround for Launchpad #202161 (it's now fixed |
3263 | + in klibc) |
3264 | + |
3265 | + -- Jamie Strandboge <jamie@ubuntu.com> Mon, 07 Apr 2008 16:09:38 -0400 |
3266 | + |
3267 | +openldap2.3 (2.4.7-6ubuntu2) hardy; urgency=low |
3268 | + |
3269 | + * apparmor-profile workaround for Launchpad #202161 |
3270 | + * follow ApparmorProfileMigration and force apparmor complain mode on some |
3271 | + upgrades (LP: #203529) |
3272 | + - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6 |
3273 | + - debian/slapd.dirs: add etc/apparmor.d/force-complain |
3274 | + - debian/slapd.preinst: create symlink for force-complain/ on pre-feisty |
3275 | + upgrades, upgrades where apparmor-profiles profile is unchanged (ie |
3276 | + non-enforcing) and upgrades where apparmor profile does not exist |
3277 | + - debian/slapd.postrm: remove symlink in force-complain/ on purge |
3278 | + * debian/rules, debian/slapd.links: use hard links to slapd instead of |
3279 | + symlinks for slap* so these applications aren't confined by apparmor |
3280 | + (LP: #203898) |
3281 | + |
3282 | + -- Jamie Strandboge <jamie@ubuntu.com> Tue, 18 Mar 2008 13:53:23 -0400 |
3283 | + |
3284 | +openldap2.3 (2.4.7-6ubuntu1) hardy; urgency=low |
3285 | + |
3286 | + * Merge from Debian unstable, remaining changes: |
3287 | + + debian/patches/SECURITY_CVE-2008-0658.patch (LP: #197077) |
3288 | + slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39 |
3289 | + allows remote authenticated users to cause a denial of service (daemon |
3290 | + crash) via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION) |
3291 | + control, a related issue to CVE-2007-6698. |
3292 | + + debian/apparmor-profile: add AppArmor profile |
3293 | + + debian/slapd.postinst: Reload AA profile on configuration |
3294 | + + updated debian/slapd.README.Debian for note on AppArmor |
3295 | + + debian/control: Replaces apparmor-profiles << 2.1+1075-0ubuntu4 as we |
3296 | + should now take control |
3297 | + + debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4 |
3298 | + to make sure that if earlier version of apparmor-profiles gets |
3299 | + installed it won't overwrite our profile |
3300 | + + Modify Maintainer value to match the DebianMaintainerField |
3301 | + specification. |
3302 | + |
3303 | + -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 04 Mar 2008 01:59:51 +0000 |
3304 | + |
3305 | openldap2.3 (2.4.7-6) unstable; urgency=low |
3306 | |
3307 | [ Updated debconf translations ] |
3308 | @@ -1572,6 +4511,37 @@ openldap2.3 (2.4.7-6) unstable; urgency=low |
3309 | |
3310 | -- Steve Langasek <vorlon@debian.org> Thu, 28 Feb 2008 22:15:17 -0800 |
3311 | |
3312 | +openldap2.3 (2.4.7-5ubuntu2) hardy; urgency=low |
3313 | + |
3314 | + * SECURITY UPDATE: |
3315 | + + debian/patches/SECURITY_CVE-2008-0658.patch (LP: #197077) |
3316 | + slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39 |
3317 | + allows remote authenticated users to cause a denial of service (daemon crash) |
3318 | + via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION) control, a related |
3319 | + issue to CVE-2007-6698. |
3320 | + |
3321 | + * References |
3322 | + - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-0658 |
3323 | + - http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5358 |
3324 | + |
3325 | + -- Emanuele Gentili <emgent@emanuele-gentili.com> Sun, 02 Mar 2008 16:34:30 +0100 |
3326 | + |
3327 | +openldap2.3 (2.4.7-5ubuntu1) hardy; urgency=low |
3328 | + |
3329 | + * add AppArmor profile |
3330 | + + debian/apparmor-profile |
3331 | + + debian/slapd.postinst: Reload AA profile on configuration |
3332 | + * updated debian/slapd.README.Debian for note on AppArmor |
3333 | + * debian/control: Replaces apparmor-profiles << 2.1+1075-0ubuntu4 as we |
3334 | + should now take control |
3335 | + * debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4 |
3336 | + to make sure that if earlier version of apparmor-profiles gets installed |
3337 | + it won't overwrite our profile |
3338 | + * Modify Maintainer value to match the DebianMaintainerField |
3339 | + specification. |
3340 | + |
3341 | + -- Jamie Strandboge <jamie@ubuntu.com> Wed, 13 Feb 2008 17:15:41 +0000 |
3342 | + |
3343 | openldap2.3 (2.4.7-5) unstable; urgency=low |
3344 | |
3345 | [ Updated debconf translations ] |
3346 | diff --git a/debian/control b/debian/control |
3347 | index 72c2fdf..877d42b 100644 |
3348 | --- a/debian/control |
3349 | +++ b/debian/control |
3350 | @@ -1,12 +1,14 @@ |
3351 | Source: openldap |
3352 | Section: net |
3353 | Priority: optional |
3354 | -Maintainer: Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org> |
3355 | +Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com> |
3356 | +XSBC-Original-Maintainer: Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org> |
3357 | Uploaders: Steve Langasek <vorlon@debian.org>, |
3358 | Torsten Landschoff <torsten@debian.org>, |
3359 | Ryan Tandy <ryan@nardis.ca>, |
3360 | Sergio Durigan Junior <sergiodj@debian.org> |
3361 | Build-Depends: debhelper-compat (= 12), |
3362 | + dh-apparmor, |
3363 | dpkg-dev (>= 1.17.14), |
3364 | groff-base, |
3365 | heimdal-multidev (>= 7.4.0.dfsg.1-1~) <!pkg.openldap.noslapd>, |
3366 | @@ -43,7 +45,7 @@ Depends: ${shlibs:Depends}, libldap2 (= ${binary:Version}), |
3367 | coreutils (>= 4.5.1-1), psmisc, perl:any (>> 5.8.0) | libmime-base64-perl, |
3368 | adduser, lsb-base (>= 3.2-13), ${perl:Depends}, ${misc:Depends} |
3369 | Recommends: ldap-utils |
3370 | -Suggests: libsasl2-modules, |
3371 | +Suggests: libsasl2-modules, ufw, |
3372 | libsasl2-modules-gssapi-mit | libsasl2-modules-gssapi-heimdal |
3373 | Conflicts: umich-ldapd, ldap-server, libltdl3 (= 1.5.4-1) |
3374 | Replaces: ldap-utils (<< 2.2.23-3) |
3375 | diff --git a/debian/rules b/debian/rules |
3376 | index dec3a84..24f1691 100755 |
3377 | --- a/debian/rules |
3378 | +++ b/debian/rules |
3379 | @@ -11,7 +11,7 @@ export DEB_CFLAGS_MAINT_APPEND := -Wall -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE |
3380 | export DEB_BUILD_MAINT_OPTIONS := hardening=+all |
3381 | |
3382 | # Expose maintainer address to build/mkversion (see debian/patches/set-maintainer-name) |
3383 | -export DEB_MAINTAINER := $(shell sed -ne 's/Maintainer:\s\+//p' debian/control) |
3384 | +export DEB_MAINTAINER := $(shell sed -ne 's/^Maintainer:\s\+//p' debian/control) |
3385 | |
3386 | # Expose DEB_VERSION to build/version.sh (see debian/patches/debian-version) |
3387 | export DEB_VERSION |
3388 | @@ -118,6 +118,22 @@ endif |
3389 | find $(installdir)/usr/share/man -name \*.8 \ |
3390 | | xargs perl -pi -e 's#(\.TH \w+ 8)C#$$1#' |
3391 | |
3392 | +ifeq ($(filter stage1,$(DEB_BUILD_PROFILES)),) |
3393 | +override_dh_install-arch: |
3394 | + dh_install |
3395 | + |
3396 | + # install AppArmor profile |
3397 | + install -D -m 644 $(CURDIR)/debian/apparmor-profile $(CURDIR)/debian/slapd/etc/apparmor.d/usr.sbin.slapd |
3398 | + |
3399 | + # install Apport hook |
3400 | + install -D -m 644 $(CURDIR)/debian/slapd.py $(CURDIR)/debian/slapd/usr/share/apport/package-hooks/slapd.py |
3401 | + |
3402 | + # install ufw profile |
3403 | + install -D -m 644 $(CURDIR)/debian/slapd.ufw.profile $(CURDIR)/debian/slapd/etc/ufw/applications.d/slapd |
3404 | + |
3405 | + dh_apparmor -pslapd --profile-name=usr.sbin.slapd |
3406 | +endif |
3407 | + |
3408 | override_dh_installinit: |
3409 | dh_installinit --no-restart-after-upgrade --error-handler=ignore_init_failure -- "defaults 19 80" |
3410 | |
3411 | diff --git a/debian/slapd.README.Debian b/debian/slapd.README.Debian |
3412 | index ff7d66b..a4f3f55 100644 |
3413 | --- a/debian/slapd.README.Debian |
3414 | +++ b/debian/slapd.README.Debian |
3415 | @@ -252,6 +252,17 @@ Modifications Compared to Upstream |
3416 | |
3417 | -- Russ Allbery <rra@debian.org>, Thu, 14 Feb 2008 18:47:07 -0800 |
3418 | |
3419 | +Apparmor Profile |
3420 | +---------------- |
3421 | + |
3422 | + If your system uses AppArmor, please note that the shipped enforcing profile |
3423 | + works with the default installation, and changes in your configuration may |
3424 | + require changes to the installed apparmor profile. Please see |
3425 | + https://wiki.ubuntu.com/DebuggingApparmor before filing a bug against this |
3426 | + software. |
3427 | + |
3428 | + -- Jamie Strandboge <jamie@ubuntu.com>, Mon, 4 Feb 2008 21:18:21 -0500 |
3429 | + |
3430 | Migrating your installation to OpenLDAP 2.5.x |
3431 | |
3432 | OpenLDAP 2.5 is a major new release and includes several incompatible |
3433 | diff --git a/debian/slapd.py b/debian/slapd.py |
3434 | new file mode 100644 |
3435 | index 0000000..b1aed25 |
3436 | --- /dev/null |
3437 | +++ b/debian/slapd.py |
3438 | @@ -0,0 +1,51 @@ |
3439 | +#!/usr/bin/python3 |
3440 | + |
3441 | +'''apport hook for slapd |
3442 | + |
3443 | +(c) 2010 Adam Sommer. |
3444 | +Author: Adam Sommer <asommer@ubuntu.com> |
3445 | + |
3446 | +This program is free software; you can redistribute it and/or modify it |
3447 | +under the terms of the GNU General Public License as published by the |
3448 | +Free Software Foundation; either version 2 of the License, or (at your |
3449 | +option) any later version. See http://www.gnu.org/copyleft/gpl.html for |
3450 | +the full text of the license. |
3451 | +''' |
3452 | + |
3453 | +from apport.hookutils import * |
3454 | +import os |
3455 | + |
3456 | +# Scrub olcRootPW attribute and credentials strings if necessary. |
3457 | +def scrub_pass_strings(config): |
3458 | + olcrootpw_regex = re.compile('olcRootPW:.*') |
3459 | + olcrootpw_string = olcrootpw_regex.search(config) |
3460 | + if olcrootpw_string: |
3461 | + config = config.replace(olcrootpw_string.group(0), 'olcRootPW: @@APPORTREPLACED@@') |
3462 | + |
3463 | + credentials_regex = re.compile('credentials=.* ') |
3464 | + credentials_string = credentials_regex.search(config) |
3465 | + if credentials_string: |
3466 | + config = config.replace(credentials_string.group(0), 'credentials=@@APPORTREPLACED@@ ') |
3467 | + |
3468 | + return config |
3469 | + |
3470 | +def add_info(report, ui): |
3471 | + response = ui.yesno("The contents of your /etc/ldap/slapd.d directory " |
3472 | + "may help developers diagnose your bug more " |
3473 | + "quickly. However, it may contain sensitive " |
3474 | + "information. Do you want to include it in your " |
3475 | + "bug report?") |
3476 | + |
3477 | + if response == None: # user cancelled |
3478 | + raise StopIteration |
3479 | + |
3480 | + elif response == True: |
3481 | + # Get the cn=config tree. |
3482 | + cn_config = root_command_output(['/usr/bin/ldapsearch', '-Q', '-LLL', '-Y EXTERNAL', '-H ldapi:///', '-b cn=config']) |
3483 | + report['CNConfig'] = scrub_pass_strings(cn_config) |
3484 | + |
3485 | + # Get slapd messages from /var/log/syslog |
3486 | + slapd_re = re.compile('slapd', re.IGNORECASE) |
3487 | + report['SysLog'] = recent_syslog(slapd_re) |
3488 | + |
3489 | + attach_mac_events(report, '/usr/sbin/slapd') |
3490 | diff --git a/debian/slapd.ufw.profile b/debian/slapd.ufw.profile |
3491 | new file mode 100644 |
3492 | index 0000000..3c4f676 |
3493 | --- /dev/null |
3494 | +++ b/debian/slapd.ufw.profile |
3495 | @@ -0,0 +1,9 @@ |
3496 | +[OpenLDAP LDAP] |
3497 | +title=OpenLDAP with TLS |
3498 | +description=OpenLDAP is a free, fast, lightweight LDAP server |
3499 | +ports=389/tcp |
3500 | + |
3501 | +[OpenLDAP LDAPS] |
3502 | +title=OpenLDAP over SSL |
3503 | +description=OpenLDAP is a free, fast, lightweight LDAP server |
3504 | +ports=636/tcp |
Looks good. Packaging changes correct; delta carried forward looks ok; logical split is good.
The Maintainer fix looks like it could go to Debian, and was suggested in debb #960448, but was omitted from the fix for some reason that's not clear. Perhaps it would be worth re-opening that bug, or filing a new one, to get clarification? Not a biggie and shouldn't hold this MP up from landing, guessing it just slipped through the cracks and would be good to get resolved some time.
I didn't verify the autopkgtests, but presumably since you're using bileto you're already checking them.