Merge ~sergiodj/ubuntu/+source/openldap:merge-2.6.3-lunar into ubuntu/+source/openldap:debian/experimental

Proposed by Sergio Durigan Junior
Status: Merged
Merge reported by: Sergio Durigan Junior
Merged at revision: 5033e053d08335570f2d7264253205aa881a1c89
Proposed branch: ~sergiodj/ubuntu/+source/openldap:merge-2.6.3-lunar
Merge into: ubuntu/+source/openldap:debian/experimental
Diff against target: 3504 lines (+3123/-3)
7 files modified
debian/apparmor-profile (+61/-0)
debian/changelog (+2970/-0)
debian/control (+4/-2)
debian/rules (+17/-1)
debian/slapd.README.Debian (+11/-0)
debian/slapd.py (+51/-0)
debian/slapd.ufw.profile (+9/-0)
Reviewer Review Type Date Requested Status
Bryce Harrington (community) Approve
Canonical Server Reporter Pending
Review via email: mp+433313@code.launchpad.net

Description of the change

This is the merge of OpenLDAP 2.6.3 from Debian experimental. This merge will kick-off the OpenLDAP transition as well.

I've been maintaining OpenLDAP 2.6.x on Debian for a while now, so the only extra delta that we've been carrying (the addition of certain B-Ds needed for testing SASL/GSSAPI) had also been incorporated in Debian and therefore could be removed with this merge.

There's a bileto ticket with its corresponding PPA here:

https://bileto.ubuntu.com/#/ticket/4959
https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/4959/+packages

The package is currently building as I write this, and I intend to mass-upload its reverse dependencies to the same PPA in order to test the transition beforehand. I will also update this MP with the dep8 test results once I have them.

Upstream OpenLDAP is going to release 2.6.4 soon-ish, but I'd like to start the transition ASAP so I'm going ahead with 2.6.3. I can always merge 2.6.4 when it comes out.

To post a comment you must log in.
Revision history for this message
Bryce Harrington (bryce) wrote :

Looks good. Packaging changes correct; delta carried forward looks ok; logical split is good.

The Maintainer fix looks like it could go to Debian, and was suggested in debb #960448, but was omitted from the fix for some reason that's not clear. Perhaps it would be worth re-opening that bug, or filing a new one, to get clarification? Not a biggie and shouldn't hold this MP up from landing, guessing it just slipped through the cracks and would be good to get resolved some time.

I didn't verify the autopkgtests, but presumably since you're using bileto you're already checking them.

review: Approve
Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

Thanks, Bryce.

Indeed, the maintainer fix is a bit confusing: it's marked as fixed in Debian but for some reason it isn't there. I will double check what happened; if all goes well, it's one less delta for us.

There are a few FTBFSes that happened during the mass revdep rebuild, but they're all unrelated to openldap. Nevertheless, I'm taking a closer look at them and making sure they won't cause any unforeseen problems.

I will go ahead and upload the package to -proposed soon, in order to start the transition.

Thanks again.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/apparmor-profile b/debian/apparmor-profile
2new file mode 100644
3index 0000000..6a247aa
4--- /dev/null
5+++ b/debian/apparmor-profile
6@@ -0,0 +1,61 @@
7+# vim:syntax=apparmor
8+# Last Modified: Fri Jun 6 13:51:00 2020
9+# Author: Jamie Strandboge <jamie@ubuntu.com>
10+
11+#include <tunables/global>
12+
13+/usr/sbin/slapd {
14+ #include <abstractions/base>
15+ #include <abstractions/nameservice>
16+ #include <abstractions/p11-kit>
17+
18+ #include <abstractions/ssl_keys>
19+ #include <abstractions/ssl_certs>
20+
21+ /etc/sasldb2 r,
22+
23+ capability dac_override,
24+ capability net_bind_service,
25+ capability setgid,
26+ capability setuid,
27+
28+ /etc/gai.conf r,
29+ /etc/hosts.allow r,
30+ /etc/hosts.deny r,
31+
32+ # ldap files
33+ /etc/ldap/** kr,
34+ /etc/ldap/slapd.d/** rw,
35+
36+ # kerberos/gssapi
37+ /dev/tty rw,
38+ /etc/gss/mech.d/ r,
39+ /etc/gss/mech.d/* kr,
40+ /etc/krb5.keytab kr,
41+ /etc/krb5/user/*/client.keytab kr,
42+ owner /tmp/krb5cc_* rwk,
43+ owner /var/tmp/krb5_*.rcache2 rwk,
44+ /var/tmp/ rw,
45+ /var/tmp/** rw,
46+
47+ # the databases and logs
48+ /var/lib/ldap/ r,
49+ /var/lib/ldap/** rwk,
50+
51+ # lock file
52+ /var/lib/ldap/alock kw,
53+
54+ # pid files and sockets
55+ /{,var/}run/slapd/* w,
56+ /{,var/}run/slapd/ldapi rw,
57+ /{,var/}run/nslcd/socket rw,
58+ /{,var/}run/saslauthd/mux rw,
59+
60+ /usr/lib/ldap/ r,
61+ /usr/lib/ldap/* mr,
62+
63+ /usr/sbin/slapd mr,
64+
65+ # Site-specific additions and overrides. See local/README for details.
66+ #include <local/usr.sbin.slapd>
67+}
68diff --git a/debian/changelog b/debian/changelog
69index b17e37b..8c309b7 100644
70--- a/debian/changelog
71+++ b/debian/changelog
72@@ -1,3 +1,28 @@
73+openldap (2.6.3+dfsg-1~exp1ubuntu1) lunar; urgency=medium
74+
75+ * Merge with Debian unstable (LP: #1993426). Remaining changes:
76+ - Enable AppArmor support:
77+ + d/apparmor-profile: add AppArmor profile
78+ + d/rules: use dh_apparmor
79+ + d/control: Build-Depends on dh-apparmor
80+ + d/slapd.README.Debian: add note about AppArmor
81+ - Enable ufw support:
82+ + d/control: suggest ufw.
83+ + d/rules: install ufw profile.
84+ + d/slapd.ufw.profile: add ufw profile.
85+ - d/{rules,slapd.py}: Add apport hook.
86+ - d/rules: better regexp to match the Maintainer tag in d/control,
87+ needed in the Ubuntu case because of XSBC-Original-Maintainer
88+ (Closes #960448, LP #1875697)
89+ * Drop changes:
90+ - Enable SASL/GSSAPI tests. (LP #1976508)
91+ + d/control: Update B-D to include required dependencies needed to run
92+ SASL/GSSAPI tests during build time, and mark them "!nocheck".
93+ Thanks: Andreas Hasenack <andreas.hasenack@canonical.com>
94+ [ Incorporated by Debian. ]
95+
96+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Fri, 18 Nov 2022 16:07:45 -0500
97+
98 openldap (2.6.3+dfsg-1~exp1) experimental; urgency=medium
99
100 * d/rules: Remove get-orig-source, now unnecessary.
101@@ -47,6 +72,94 @@ openldap (2.6.2+dfsg-1~exp1) experimental; urgency=medium
102
103 -- Sergio Durigan Junior <sergiodj@debian.org> Fri, 20 May 2022 17:41:04 -0400
104
105+openldap (2.5.13+dfsg-1ubuntu2) lunar; urgency=medium
106+
107+ * Rebuild against new perlapi-5.36.
108+
109+ -- Gianfranco Costamagna <locutusofborg@debian.org> Fri, 04 Nov 2022 16:50:13 +0100
110+
111+openldap (2.5.13+dfsg-1ubuntu1) kinetic; urgency=medium
112+
113+ * Merge with Debian unstable (LP: #1983618). Remaining changes:
114+ - Enable AppArmor support:
115+ + d/apparmor-profile: add AppArmor profile
116+ + d/rules: use dh_apparmor
117+ + d/control: Build-Depends on dh-apparmor
118+ + d/slapd.README.Debian: add note about AppArmor
119+ - Enable ufw support:
120+ + d/control: suggest ufw.
121+ + d/rules: install ufw profile.
122+ + d/slapd.ufw.profile: add ufw profile.
123+ - d/{rules,slapd.py}: Add apport hook.
124+ - d/rules: better regexp to match the Maintainer tag in d/control,
125+ needed in the Ubuntu case because of XSBC-Original-Maintainer
126+ (Closes #960448, LP #1875697)
127+ - Enable SASL/GSSAPI tests. (LP #1976508)
128+ + d/control: Update B-D to include required dependencies needed to run
129+ SASL/GSSAPI tests during build time, and mark them "!nocheck".
130+ Thanks: Andreas Hasenack <andreas.hasenack@canonical.com>
131+
132+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Tue, 20 Sep 2022 15:30:47 -0400
133+
134+openldap (2.5.12+dfsg-2ubuntu2) kinetic; urgency=medium
135+
136+ * Enable SASL/GSSAPI tests. (LP: #1976508)
137+ - d/control: Update B-D to include required dependencies needed to run
138+ SASL/GSSAPI tests during build time, and mark them "!nocheck".
139+ Thanks: Andreas Hasenack <andreas.hasenack@canonical.com>
140+
141+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Thu, 25 Aug 2022 16:20:08 -0400
142+
143+openldap (2.5.12+dfsg-2ubuntu1) kinetic; urgency=medium
144+
145+ * Merge with Debian unstable (LP: #1971305). Remaining changes:
146+ - Enable AppArmor support:
147+ + d/apparmor-profile: add AppArmor profile
148+ + d/rules: use dh_apparmor
149+ + d/control: Build-Depends on dh-apparmor
150+ + d/slapd.README.Debian: add note about AppArmor
151+ - Enable ufw support:
152+ + d/control: suggest ufw.
153+ + d/rules: install ufw profile.
154+ + d/slapd.ufw.profile: add ufw profile.
155+ - d/{rules,slapd.py}: Add apport hook.
156+ - d/rules: better regexp to match the Maintainer tag in d/control,
157+ needed in the Ubuntu case because of XSBC-Original-Maintainer
158+ (Closes #960448, LP #1875697)
159+
160+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Mon, 06 Jun 2022 15:34:48 -0400
161+
162+openldap (2.5.11+dfsg-1~exp1ubuntu3) jammy; urgency=medium
163+
164+ * No-change rebuild to update maintainer scripts, see LP: 1959054
165+
166+ -- Dave Jones <dave.jones@canonical.com> Wed, 16 Feb 2022 17:15:26 +0000
167+
168+openldap (2.5.11+dfsg-1~exp1ubuntu2) jammy; urgency=medium
169+
170+ * No-change rebuild for the perl update.
171+
172+ -- Matthias Klose <doko@ubuntu.com> Mon, 07 Feb 2022 07:51:42 +0100
173+
174+openldap (2.5.11+dfsg-1~exp1ubuntu1) jammy; urgency=medium
175+
176+ * Merge with Debian unstable (LP: #1946883). Remaining changes:
177+ - Enable AppArmor support:
178+ + d/apparmor-profile: add AppArmor profile
179+ + d/rules: use dh_apparmor
180+ + d/control: Build-Depends on dh-apparmor
181+ + d/slapd.README.Debian: add note about AppArmor
182+ - Enable ufw support:
183+ + d/control: suggest ufw.
184+ + d/rules: install ufw profile.
185+ + d/slapd.ufw.profile: add ufw profile.
186+ - d/{rules,slapd.py}: Add apport hook.
187+ - d/rules: better regexp to match the Maintainer tag in d/control,
188+ needed in the Ubuntu case because of XSBC-Original-Maintainer
189+ (Closes #960448, LP #1875697)
190+
191+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Tue, 25 Jan 2022 17:06:12 -0500
192+
193 openldap (2.5.11+dfsg-1~exp1) experimental; urgency=medium
194
195 * New upstream release.
196@@ -78,6 +191,25 @@ openldap (2.5.7+dfsg-1~exp1) experimental; urgency=medium
197
198 -- Ryan Tandy <ryan@nardis.ca> Mon, 30 Aug 2021 18:54:25 -0700
199
200+openldap (2.5.6+dfsg-1~exp1ubuntu1) impish; urgency=medium
201+
202+ * Merge with Debian unstable. Remaining changes:
203+ - Enable AppArmor support:
204+ + d/apparmor-profile: add AppArmor profile
205+ + d/rules: use dh_apparmor
206+ + d/control: Build-Depends on dh-apparmor
207+ + d/slapd.README.Debian: add note about AppArmor
208+ - Enable ufw support:
209+ + d/control: suggest ufw.
210+ + d/rules: install ufw profile.
211+ + d/slapd.ufw.profile: add ufw profile.
212+ - d/{rules,slapd.py}: Add apport hook.
213+ - d/rules: better regexp to match the Maintainer tag in d/control,
214+ needed in the Ubuntu case because of XSBC-Original-Maintainer
215+ (Closes #960448, LP #1875697)
216+
217+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Tue, 17 Aug 2021 14:06:00 -0400
218+
219 openldap (2.5.6+dfsg-1~exp1) experimental; urgency=medium
220
221 [ Ryan Tandy ]
222@@ -112,6 +244,59 @@ openldap (2.5.6+dfsg-1~exp1) experimental; urgency=medium
223
224 -- Ryan Tandy <ryan@nardis.ca> Mon, 16 Aug 2021 18:32:29 -0700
225
226+openldap (2.5.5+dfsg-1~exp1ubuntu1) impish; urgency=medium
227+
228+ * Merge with Debian unstable. Remaining changes:
229+ - Enable AppArmor support:
230+ + d/apparmor-profile: add AppArmor profile
231+ + d/rules: use dh_apparmor
232+ + d/control: Build-Depends on dh-apparmor
233+ + d/slapd.README.Debian: add note about AppArmor
234+ - Enable ufw support:
235+ + d/control: suggest ufw.
236+ + d/rules: install ufw profile.
237+ + d/slapd.ufw.profile: add ufw profile.
238+ - d/{rules,slapd.py}: Add apport hook.
239+ - d/rules: better regexp to match the Maintainer tag in d/control,
240+ needed in the Ubuntu case because of XSBC-Original-Maintainer
241+ (Closes #960448, LP #1875697)
242+ * Dropped changes:
243+ - Enable GSSAPI support (first added in 2.4.18-0ubuntu2):
244+ + d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
245+ - Add --with-gssapi support
246+ - Make guess_service_principal() more robust when determining
247+ principal
248+ + d/configure.options: Configure with --with-gssapi
249+ + d/control: Added heimdal-dev as a build depend
250+ + d/rules:
251+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
252+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
253+ + d/libldap-2.4-2.symbols: add symbols for GSSAPI support
254+ This should be dropped when the soname changes.
255+ [ Dropped as planned after soname bump due to 2.5.5 update. ]
256+ - Enable nss overlay:
257+ + d/rules:
258+ - add nssov to CONTRIB_MODULES
259+ - add sysconfdir to CONTRIB_MAKEVARS
260+ + d/slapd.install: install nssov overlay
261+ + d/slapd.manpages: install slapo-nssov(5) man page
262+ + d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
263+ Debian bug #919136, we also have to patch the nssov makefile
264+ accordingly and thus update this patch.
265+ [ Dropped as planned after soname bump due to 2.5.5 update. ]
266+ - Add support for CLDAP (UDP) support, back then required by
267+ likewise-open (first enabled in 2.4.17-1ubuntu2):
268+ + d/rules: Enable -DLDAP_CONNECTIONLESS
269+ + d/libldap-2.4-2.symbols: add symbols for CLDAP (UDP)
270+ This should be dropped when the soname changes.
271+ [ Dropped as planned after soname bump due to 2.5.5 update. ]
272+ - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because
273+ of test timing issue.
274+ [ Dropped because the latest update improved the testcase and
275+ there is no FTBFS on riscv64 anymore. ]
276+
277+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Tue, 15 Jun 2021 17:20:34 -0400
278+
279 openldap (2.5.5+dfsg-1~exp1) experimental; urgency=medium
280
281 * New upstream release.
282@@ -217,6 +402,53 @@ openldap (2.4.57+dfsg-3) unstable; urgency=medium
283
284 -- Ryan Tandy <ryan@nardis.ca> Sat, 15 May 2021 16:03:34 -0700
285
286+openldap (2.4.57+dfsg-2ubuntu1) hirsute; urgency=medium
287+
288+ * Merge with Debian unstable. Remaining changes:
289+ - Enable AppArmor support:
290+ + d/apparmor-profile: add AppArmor profile
291+ + d/rules: use dh_apparmor
292+ + d/control: Build-Depends on dh-apparmor
293+ + d/slapd.README.Debian: add note about AppArmor
294+ - Enable GSSAPI support (first added in 2.4.18-0ubuntu2):
295+ + d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
296+ - Add --with-gssapi support
297+ - Make guess_service_principal() more robust when determining
298+ principal
299+ + d/configure.options: Configure with --with-gssapi
300+ + d/control: Added heimdal-dev as a build depend
301+ + d/rules:
302+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
303+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
304+ + d/libldap-2.4-2.symbols: add symbols for GSSAPI support
305+ This should be dropped when the soname changes.
306+ - Enable ufw support:
307+ + d/control: suggest ufw.
308+ + d/rules: install ufw profile.
309+ + d/slapd.ufw.profile: add ufw profile.
310+ - Enable nss overlay:
311+ + d/rules:
312+ - add nssov to CONTRIB_MODULES
313+ - add sysconfdir to CONTRIB_MAKEVARS
314+ + d/slapd.install: install nssov overlay
315+ + d/slapd.manpages: install slapo-nssov(5) man page
316+ + d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
317+ Debian bug #919136, we also have to patch the nssov makefile
318+ accordingly and thus update this patch.
319+ - d/{rules,slapd.py}: Add apport hook.
320+ - Add support for CLDAP (UDP) support, back then required by
321+ likewise-open (first enabled in 2.4.17-1ubuntu2):
322+ + d/rules: Enable -DLDAP_CONNECTIONLESS
323+ + d/libldap-2.4-2.symbols: add symbols for CLDAP (UDP)
324+ This should be dropped when the soname changes.
325+ - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because
326+ of test timing issue.
327+ - d/rules: better regexp to match the Maintainer tag in d/control,
328+ needed in the Ubuntu case because of XSBC-Original-Maintainer
329+ (Closes #960448, LP #1875697)
330+
331+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 18 Feb 2021 10:15:38 -0500
332+
333 openldap (2.4.57+dfsg-2) unstable; urgency=medium
334
335 * Fix slapd assertion failure in Certificate List Exact Assertion validation
336@@ -246,6 +478,65 @@ openldap (2.4.57+dfsg-1) unstable; urgency=medium
337
338 -- Ryan Tandy <ryan@nardis.ca> Sat, 23 Jan 2021 08:57:07 -0800
339
340+openldap (2.4.56+dfsg-1ubuntu2) hirsute; urgency=medium
341+
342+ * debian/apparmor-profile: add AppArmor rule for locking replay cache.
343+ In Hirsute, a change (presumably in src:krb5) has caused slapd to be
344+ denied by AppArmor for locking /var/tmp/krb5_*.rcache2. This is
345+ acceptable, so add it to the AppArmor profile. This fixes the dep8
346+ test in src:krb5 that uses slapd for testing.
347+
348+ -- Robie Basak <robie.basak@ubuntu.com> Tue, 26 Jan 2021 13:02:40 +0000
349+
350+openldap (2.4.56+dfsg-1ubuntu1) hirsute; urgency=medium
351+
352+ * Merge with Debian unstable. Remaining changes:
353+ - Enable AppArmor support:
354+ + d/apparmor-profile: add AppArmor profile
355+ + d/rules: use dh_apparmor
356+ + d/control: Build-Depends on dh-apparmor
357+ + d/slapd.README.Debian: add note about AppArmor
358+ - Enable GSSAPI support (first added in 2.4.18-0ubuntu2):
359+ + d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
360+ - Add --with-gssapi support
361+ - Make guess_service_principal() more robust when determining
362+ principal
363+ + d/configure.options: Configure with --with-gssapi
364+ + d/control: Added heimdal-dev as a build depend
365+ + d/rules:
366+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
367+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
368+ + d/libldap-2.4-2.symbols: add symbols for GSSAPI support
369+ This should be dropped when the soname changes.
370+ - Enable ufw support:
371+ + d/control: suggest ufw.
372+ + d/rules: install ufw profile.
373+ + d/slapd.ufw.profile: add ufw profile.
374+ - Enable nss overlay:
375+ + d/rules:
376+ - add nssov to CONTRIB_MODULES
377+ - add sysconfdir to CONTRIB_MAKEVARS
378+ + d/slapd.install: install nssov overlay
379+ + d/slapd.manpages: install slapo-nssov(5) man page
380+ + d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
381+ Debian bug #919136, we also have to patch the nssov makefile
382+ accordingly and thus update this patch.
383+ - d/{rules,slapd.py}: Add apport hook.
384+ - Add support for CLDAP (UDP) support, back then required by
385+ likewise-open (first enabled in 2.4.17-1ubuntu2):
386+ + d/rules: Enable -DLDAP_CONNECTIONLESS
387+ + d/libldap-2.4-2.symbols: add symbols for CLDAP (UDP)
388+ This should be dropped when the soname changes.
389+ - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because
390+ of test timing issue.
391+ - d/rules: better regexp to match the Maintainer tag in d/control,
392+ needed in the Ubuntu case because of XSBC-Original-Maintainer
393+ (Closes #960448, LP #1875697)
394+ * d/apparmor-profile: use abstractions/ssl_keys instead of manual rules,
395+ allows letsencrypt to work. Thanks to Paul McEnery (LP: #1909748)
396+
397+ -- Paride Legovini <paride.legovini@canonical.com> Mon, 04 Jan 2021 16:18:57 +0100
398+
399 openldap (2.4.56+dfsg-1) unstable; urgency=medium
400
401 * New upstream release.
402@@ -272,12 +563,151 @@ openldap (2.4.54+dfsg-1) unstable; urgency=medium
403
404 -- Ryan Tandy <ryan@nardis.ca> Sun, 18 Oct 2020 16:03:46 +0000
405
406+openldap (2.4.53+dfsg-1ubuntu5) hirsute; urgency=medium
407+
408+ * SECURITY UPDATE: assertion failure in Certificate List syntax
409+ validation
410+ - debian/patches/CVE-2020-25709.patch: properly handle error in
411+ servers/slapd/schema_init.c.
412+ - CVE-2020-25709
413+ * SECURITY UPDATE: assertion failure in CSN normalization with invalid
414+ input
415+ - debian/patches/CVE-2020-25710.patch: properly handle error in
416+ servers/slapd/schema_init.c.
417+ - CVE-2020-25710
418+
419+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 17 Nov 2020 09:41:47 -0500
420+
421+openldap (2.4.53+dfsg-1ubuntu4) hirsute; urgency=medium
422+
423+ * SECURITY UPDATE: DoS via NULL pointer dereference
424+ - debian/patches/CVE-2020-25692.patch: skip normalization if there's no
425+ equality rule in servers/slapd/modrdn.c.
426+ - CVE-2020-25692
427+
428+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 09 Nov 2020 14:02:02 -0500
429+
430+openldap (2.4.53+dfsg-1ubuntu3) hirsute; urgency=medium
431+
432+ * No-change rebuild for the perl update.
433+
434+ -- Matthias Klose <doko@ubuntu.com> Mon, 09 Nov 2020 12:53:38 +0100
435+
436+openldap (2.4.53+dfsg-1ubuntu2) hirsute; urgency=medium
437+
438+ * No-change rebuild for the perl update.
439+
440+ -- Matthias Klose <doko@ubuntu.com> Mon, 09 Nov 2020 10:51:32 +0100
441+
442+openldap (2.4.53+dfsg-1ubuntu1) groovy; urgency=medium
443+
444+ * Merge with Debian unstable (LP: #1894838). Remaining changes:
445+ - Enable AppArmor support:
446+ + d/apparmor-profile: add AppArmor profile
447+ + d/rules: use dh_apparmor
448+ + d/control: Build-Depends on dh-apparmor
449+ + d/slapd.README.Debian: add note about AppArmor
450+ - Enable GSSAPI support (first added in 2.4.18-0ubuntu2):
451+ + d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
452+ - Add --with-gssapi support
453+ - Make guess_service_principal() more robust when determining
454+ principal
455+ + d/configure.options: Configure with --with-gssapi
456+ + d/control: Added heimdal-dev as a build depend
457+ + d/rules:
458+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
459+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
460+ + d/libldap-2.4-2.symbols: add symbols for GSSAPI support
461+ This should be dropped when the soname changes.
462+ - Enable ufw support:
463+ + d/control: suggest ufw.
464+ + d/rules: install ufw profile.
465+ + d/slapd.ufw.profile: add ufw profile.
466+ - Enable nss overlay:
467+ + d/rules:
468+ - add nssov to CONTRIB_MODULES
469+ - add sysconfdir to CONTRIB_MAKEVARS
470+ + d/slapd.install: install nssov overlay
471+ + d/slapd.manpages: install slapo-nssov(5) man page
472+ + d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
473+ Debian bug #919136, we also have to patch the nssov makefile
474+ accordingly and thus update this patch.
475+ - d/{rules,slapd.py}: Add apport hook.
476+ - Add support for CLDAP (UDP) support, back then required by
477+ likewise-open (first enabled in 2.4.17-1ubuntu2):
478+ + d/rules: Enable -DLDAP_CONNECTIONLESS
479+ + d/libldap-2.4-2.symbols: add symbols for CLDAP (UDP)
480+ This should be dropped when the soname changes.
481+ - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because
482+ of test timing issue.
483+ - d/rules: better regexp to match the Maintainer tag in d/control,
484+ needed in the Ubuntu case because of XSBC-Original-Maintainer
485+ (Closes #960448, LP #1875697)
486+
487+ -- Andreas Hasenack <andreas@canonical.com> Tue, 08 Sep 2020 09:36:58 -0300
488+
489 openldap (2.4.53+dfsg-1) unstable; urgency=medium
490
491 * New upstream release.
492
493 -- Ryan Tandy <ryan@nardis.ca> Mon, 07 Sep 2020 09:47:28 -0700
494
495+openldap (2.4.51+dfsg-1ubuntu1) groovy; urgency=medium
496+
497+ * Merge with Debian unstable. Remaining changes:
498+ - Enable AppArmor support:
499+ + d/apparmor-profile: add AppArmor profile
500+ + d/rules: use dh_apparmor
501+ + d/control: Build-Depends on dh-apparmor
502+ + d/slapd.README.Debian: add note about AppArmor
503+ - Enable GSSAPI support (first added in 2.4.18-0ubuntu2):
504+ + d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
505+ - Add --with-gssapi support
506+ - Make guess_service_principal() more robust when determining
507+ principal
508+ + d/configure.options: Configure with --with-gssapi
509+ + d/control: Added heimdal-dev as a build depend
510+ + d/rules:
511+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
512+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
513+ + d/libldap-2.4-2.symbols: add symbols for GSSAPI support
514+ This should be dropped when the soname changes.
515+ - Enable ufw support:
516+ + d/control: suggest ufw.
517+ + d/rules: install ufw profile.
518+ + d/slapd.ufw.profile: add ufw profile.
519+ - Enable nss overlay:
520+ + d/rules:
521+ - add nssov to CONTRIB_MODULES
522+ - add sysconfdir to CONTRIB_MAKEVARS
523+ + d/slapd.install: install nssov overlay
524+ + d/slapd.manpages: install slapo-nssov(5) man page
525+ + d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
526+ Debian bug #919136, we also have to patch the nssov makefile
527+ accordingly and thus update this patch.
528+ - d/{rules,slapd.py}: Add apport hook.
529+ - Add support for CLDAP (UDP) support, back then required by
530+ likewise-open (first enabled in 2.4.17-1ubuntu2):
531+ + d/rules: Enable -DLDAP_CONNECTIONLESS
532+ + d/libldap-2.4-2.symbols: add symbols for CLDAP (UDP)
533+ This should be dropped when the soname changes.
534+ - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because
535+ of test timing issue.
536+ - d/rules: better regexp to match the Maintainer tag in d/control,
537+ needed in the Ubuntu case because of XSBC-Original-Maintainer
538+ (Closes #960448, LP #1875697)
539+ * Dropped:
540+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
541+ [In 2.4.51+dfsg-1]
542+ - d/slapd.scripts-common:
543+ + add slapcat_opts to local variables.
544+ + Fix backup directory naming for multiple reconfiguration.
545+ [In 2.4.51+dfsg-1]
546+ - debian/patches/set-maintainer-name: our d/rules change needs to
547+ be kept, but this patch is in 2.4.51+dfsg-1.
548+
549+ -- Andreas Hasenack <andreas@canonical.com> Wed, 26 Aug 2020 11:03:24 -0300
550+
551 openldap (2.4.51+dfsg-1) unstable; urgency=medium
552
553 * New upstream release.
554@@ -323,6 +753,85 @@ openldap (2.4.51+dfsg-1) unstable; urgency=medium
555
556 -- Ryan Tandy <ryan@nardis.ca> Sun, 23 Aug 2020 11:09:57 -0700
557
558+openldap (2.4.50+dfsg-1ubuntu3) groovy; urgency=medium
559+
560+ * No change rebuild against new libnettle8 and libhogweed6 ABI.
561+
562+ -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 29 Jun 2020 22:31:30 +0100
563+
564+openldap (2.4.50+dfsg-1ubuntu2) groovy; urgency=medium
565+
566+ * d/apparmor-profile: Update apparmor profile to grant access to
567+ the saslauthd socket, so that SASL authentication works. (LP: #1557157)
568+
569+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Fri, 12 Jun 2020 18:20:42 -0400
570+
571+openldap (2.4.50+dfsg-1ubuntu1) groovy; urgency=medium
572+
573+ * Merge with Debian unstable. Remaining changes:
574+ - Enable AppArmor support:
575+ + d/apparmor-profile: add AppArmor profile
576+ + d/rules: use dh_apparmor
577+ + d/control: Build-Depends on dh-apparmor
578+ + d/slapd.README.Debian: add note about AppArmor
579+ - Enable GSSAPI support (first added in 2.4.18-0ubuntu2):
580+ + d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
581+ - Add --with-gssapi support
582+ - Make guess_service_principal() more robust when determining
583+ principal
584+ + d/configure.options: Configure with --with-gssapi
585+ + d/control: Added heimdal-dev as a build depend
586+ + d/rules:
587+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
588+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
589+ + d/libldap-2.4-2.symbols: add symbols for GSSAPI support
590+ This should be dropped when the soname changes.
591+ - Enable ufw support:
592+ + d/control: suggest ufw.
593+ + d/rules: install ufw profile.
594+ + d/slapd.ufw.profile: add ufw profile.
595+ - Enable nss overlay:
596+ + d/rules:
597+ - add nssov to CONTRIB_MODULES
598+ - add sysconfdir to CONTRIB_MAKEVARS
599+ + d/slapd.install:
600+ - install nssov overlay
601+ + d/slapd.manpages:
602+ - install slapo-nssov(5) man page
603+ + d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
604+ Debian bug #919136, we also have to patch the nssov makefile
605+ accordingly and thus update this patch.
606+ - d/{rules,slapd.py}: Add apport hook.
607+ - d/slapd.scripts-common:
608+ + add slapcat_opts to local variables.
609+ + Fix backup directory naming for multiple reconfiguration.
610+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
611+ - Add support for CLDAP (UDP) support, back then required by
612+ likewise-open (first enabled in 2.4.17-1ubuntu2):
613+ + d/rules: Enable -DLDAP_CONNECTIONLESS
614+ + d/libldap-2.4-2.symbols: add symbols for CLDAP (UDP)
615+ This should be dropped when the soname changes.
616+ - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because
617+ of test timing issue.
618+ * Dropped:
619+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
620+ either the default DIT nor via an Authn mapping.
621+ [Not worth keeping a delta for, as having olcRootDN doesn't hurt]
622+ - Show distribution in version:
623+ - d/control: added lsb-release
624+ - d/patches/fix-ldap-distribution.patch: show distribution in version
625+ [Debian now shows the full package version]
626+ - SECURITY UPDATE: denial of service via nested search filters
627+ + debian/patches/CVE-2020-12243.patch: limit depth of nested
628+ filters in servers/slapd/filter.c.
629+ [Fixed upstream]
630+ * Added:
631+ - d/rules, debian/patches/set-maintainer-name: Extract maintainer
632+ address dynamically from debian/control. Thanks to Ryan Tandy
633+ <ryan@nardis.ca> (Closes: #960448, LP: #1875697)
634+
635+ -- Andreas Hasenack <andreas@canonical.com> Mon, 01 Jun 2020 09:19:58 -0300
636+
637 openldap (2.4.50+dfsg-1) unstable; urgency=medium
638
639 * New upstream release.
640@@ -365,6 +874,69 @@ openldap (2.4.49+dfsg-3) unstable; urgency=medium
641
642 -- Ryan Tandy <ryan@nardis.ca> Sat, 04 Apr 2020 10:43:56 -0700
643
644+openldap (2.4.49+dfsg-2ubuntu2) groovy; urgency=medium
645+
646+ * SECURITY UPDATE: denial of service via nested search filters
647+ - debian/patches/CVE-2020-12243.patch: limit depth of nested filters in
648+ servers/slapd/filter.c.
649+ - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because of
650+ test timing issue.
651+ - CVE-2020-12243
652+
653+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 01 May 2020 13:09:12 -0400
654+
655+openldap (2.4.49+dfsg-2ubuntu1) focal; urgency=medium
656+
657+ * Merge with Debian unstable (LP: #1866303). Remaining changes:
658+ - Enable AppArmor support:
659+ - d/apparmor-profile: add AppArmor profile
660+ - d/rules: use dh_apparmor
661+ - d/control: Build-Depends on dh-apparmor
662+ - d/slapd.README.Debian: add note about AppArmor
663+ - Enable GSSAPI support:
664+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
665+ - Add --with-gssapi support
666+ - Make guess_service_principal() more robust when determining
667+ principal
668+ [Dropped the ldap_gssapi_bind_s() hunk as that is already
669+ - d/configure.options: Configure with --with-gssapi
670+ - d/control: Added heimdal-dev as a build depend
671+ - d/rules:
672+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
673+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
674+ - Enable ufw support:
675+ - d/control: suggest ufw.
676+ - d/rules: install ufw profile.
677+ - d/slapd.ufw.profile: add ufw profile.
678+ - Enable nss overlay:
679+ - d/rules:
680+ - add nssov to CONTRIB_MODULES
681+ - add sysconfdir to CONTRIB_MAKEVARS
682+ - d/slapd.install:
683+ - install nssov overlay
684+ - d/slapd.manpages:
685+ - install slapo-nssov(5) man page
686+ - d/{rules,slapd.py}: Add apport hook.
687+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
688+ either the default DIT nor via an Authn mapping.
689+ - d/slapd.scripts-common:
690+ - add slapcat_opts to local variables.
691+ - Fix backup directory naming for multiple reconfiguration.
692+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
693+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
694+ in the openldap library, as required by Likewise-Open
695+ - Show distribution in version:
696+ - d/control: added lsb-release
697+ - d/patches/fix-ldap-distribution.patch: show distribution in version
698+ - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
699+ - CLDAP (UDP) was added in 2.4.17-1ubuntu2
700+ - GSSAPI support was enabled in 2.4.18-0ubuntu2
701+ - d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
702+ Debian bug #919136, we also have to patch the nssov makefile
703+ accordingly and thus update this patch.
704+
705+ -- Andreas Hasenack <andreas@canonical.com> Fri, 06 Mar 2020 11:39:12 -0300
706+
707 openldap (2.4.49+dfsg-2) unstable; urgency=medium
708
709 * slapd.README.Debian: Document the initial setup performed by slapd's
710@@ -376,6 +948,62 @@ openldap (2.4.49+dfsg-2) unstable; urgency=medium
711
712 -- Ryan Tandy <ryan@nardis.ca> Thu, 05 Mar 2020 12:59:46 -0800
713
714+openldap (2.4.49+dfsg-1ubuntu1) focal; urgency=medium
715+
716+ * Merge with Debian unstable. Remaining changes:
717+ - Enable AppArmor support:
718+ - d/apparmor-profile: add AppArmor profile
719+ - d/rules: use dh_apparmor
720+ - d/control: Build-Depends on dh-apparmor
721+ - d/slapd.README.Debian: add note about AppArmor
722+ - Enable GSSAPI support:
723+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
724+ - Add --with-gssapi support
725+ - Make guess_service_principal() more robust when determining
726+ principal
727+ [Dropped the ldap_gssapi_bind_s() hunk as that is already
728+ - d/configure.options: Configure with --with-gssapi
729+ - d/control: Added heimdal-dev as a build depend
730+ - d/rules:
731+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
732+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
733+ - Enable ufw support:
734+ - d/control: suggest ufw.
735+ - d/rules: install ufw profile.
736+ - d/slapd.ufw.profile: add ufw profile.
737+ - Enable nss overlay:
738+ - d/rules:
739+ - add nssov to CONTRIB_MODULES
740+ - add sysconfdir to CONTRIB_MAKEVARS
741+ - d/slapd.install:
742+ - install nssov overlay
743+ - d/slapd.manpages:
744+ - install slapo-nssov(5) man page
745+ - d/{rules,slapd.py}: Add apport hook.
746+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
747+ either the default DIT nor via an Authn mapping.
748+ - d/slapd.scripts-common:
749+ - add slapcat_opts to local variables.
750+ - Fix backup directory naming for multiple reconfiguration.
751+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
752+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
753+ in the openldap library, as required by Likewise-Open
754+ - Show distribution in version:
755+ - d/control: added lsb-release
756+ - d/patches/fix-ldap-distribution.patch: show distribution in version
757+ - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
758+ - CLDAP (UDP) was added in 2.4.17-1ubuntu2
759+ - GSSAPI support was enabled in 2.4.18-0ubuntu2
760+ - d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
761+ Debian bug #919136, we also have to patch the nssov makefile
762+ accordingly and thus update this patch.
763+ * Dropped:
764+ - d/control: slapd can depend on perl:any since it only uses perl for
765+ some maintainer and helper scripts.
766+ [In 2.4.49+dfsg-1]
767+
768+ -- Andreas Hasenack <andreas@canonical.com> Mon, 10 Feb 2020 12:13:47 -0300
769+
770 openldap (2.4.49+dfsg-1) unstable; urgency=medium
771
772 * New upstream release.
773@@ -404,6 +1032,102 @@ openldap (2.4.49+dfsg-1) unstable; urgency=medium
774
775 -- Ryan Tandy <ryan@nardis.ca> Thu, 06 Feb 2020 10:08:12 -0800
776
777+openldap (2.4.48+dfsg-1ubuntu4) focal; urgency=medium
778+
779+ * d/control: slapd can depend on perl:any since it only uses perl for
780+ some maintainer and helper scripts. The perl backend links against
781+ the correct architecture perl libraries already. Can be dropped
782+ after https://salsa.debian.org/openldap-team/openldap/commit/794c736
783+ is in a Debian upload.
784+
785+ -- Andreas Hasenack <andreas@canonical.com> Mon, 06 Jan 2020 16:46:11 -0300
786+
787+openldap (2.4.48+dfsg-1ubuntu3) focal; urgency=medium
788+
789+ * No-change rebuild against libnettle7
790+
791+ -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 31 Oct 2019 22:13:44 +0000
792+
793+openldap (2.4.48+dfsg-1ubuntu2) focal; urgency=medium
794+
795+ * No-change rebuild for the perl update.
796+
797+ -- Matthias Klose <doko@ubuntu.com> Fri, 18 Oct 2019 19:37:23 +0000
798+
799+openldap (2.4.48+dfsg-1ubuntu1) eoan; urgency=medium
800+
801+ * Merge with Debian unstable. Remaining changes:
802+ - Enable AppArmor support:
803+ - d/apparmor-profile: add AppArmor profile
804+ - d/rules: use dh_apparmor
805+ - d/control: Build-Depends on dh-apparmor
806+ - d/slapd.README.Debian: add note about AppArmor
807+ - Enable GSSAPI support:
808+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
809+ - Add --with-gssapi support
810+ - Make guess_service_principal() more robust when determining
811+ principal
812+ - d/configure.options: Configure with --with-gssapi
813+ - d/control: Added heimdal-dev as a build depend
814+ - d/rules:
815+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
816+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
817+ - Enable ufw support:
818+ - d/control: suggest ufw.
819+ - d/rules: install ufw profile.
820+ - d/slapd.ufw.profile: add ufw profile.
821+ - Enable nss overlay:
822+ - d/rules:
823+ - add nssov to CONTRIB_MODULES
824+ - add sysconfdir to CONTRIB_MAKEVARS
825+ - d/slapd.install:
826+ - install nssov overlay
827+ - d/slapd.manpages:
828+ - install slapo-nssov(5) man page
829+ - d/{rules,slapd.py}: Add apport hook.
830+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
831+ either the default DIT nor via an Authn mapping.
832+ - d/slapd.scripts-common:
833+ - add slapcat_opts to local variables.
834+ - Fix backup directory naming for multiple reconfiguration.
835+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
836+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
837+ in the openldap library, as required by Likewise-Open
838+ - Show distribution in version:
839+ - d/control: added lsb-release
840+ - d/patches/fix-ldap-distribution.patch: show distribution in version
841+ - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
842+ - CLDAP (UDP) was added in 2.4.17-1ubuntu2
843+ - GSSAPI support was enabled in 2.4.18-0ubuntu2
844+ - d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
845+ Debian bug #919136, we also have to patch the nssov makefile
846+ accordingly and thus update this patch.
847+ * Dropped:
848+ - Fix sysv-generator unit file by customizing parameters (LP #1821343)
849+ + d/slapd-remain-after-exit.conf: Override RemainAfterExit to allow
850+ correct systemctl status for slapd daemon.
851+ + d/slapd.install: place override file in correct location.
852+ [Included in 2.4.48+dfsg-1]
853+ - SECURITY UPDATE: rootDN proxyauthz not restricted to its own databases
854+ + debian/patches/CVE-2019-13057-1.patch: add restriction to
855+ servers/slapd/saslauthz.c.
856+ + debian/patches/CVE-2019-13057-2.patch: add tests to
857+ tests/data/idassert.out, tests/data/slapd-idassert.conf,
858+ tests/data/test-idassert1.ldif, tests/scripts/test028-idassert.
859+ + debian/patches/CVE-2019-13057-3.patch: fix typo in
860+ tests/scripts/test028-idassert.
861+ + debian/patches/CVE-2019-13057-4.patch: fix typo in
862+ tests/scripts/test028-idassert.
863+ + CVE-2019-13057
864+ [Fixed upstream]
865+ - SECURITY UPDATE: SASL SSF not initialized per connection
866+ + debian/patches/CVE-2019-13565.patch: zero out sasl_ssf in
867+ connection_init in servers/slapd/connection.c.
868+ + CVE-2019-13565
869+ [Fixed upstream]
870+
871+ -- Andreas Hasenack <andreas@canonical.com> Wed, 31 Jul 2019 18:01:14 -0300
872+
873 openldap (2.4.48+dfsg-1) unstable; urgency=medium
874
875 * New upstream release.
876@@ -431,6 +1155,87 @@ openldap (2.4.48+dfsg-1) unstable; urgency=medium
877
878 -- Ryan Tandy <ryan@nardis.ca> Thu, 25 Jul 2019 08:32:00 -0700
879
880+openldap (2.4.47+dfsg-3ubuntu3) eoan; urgency=medium
881+
882+ * SECURITY UPDATE: rootDN proxyauthz not restricted to its own databases
883+ - debian/patches/CVE-2019-13057-1.patch: add restriction to
884+ servers/slapd/saslauthz.c.
885+ - debian/patches/CVE-2019-13057-2.patch: add tests to
886+ tests/data/idassert.out, tests/data/slapd-idassert.conf,
887+ tests/data/test-idassert1.ldif, tests/scripts/test028-idassert.
888+ - debian/patches/CVE-2019-13057-3.patch: fix typo in
889+ tests/scripts/test028-idassert.
890+ - debian/patches/CVE-2019-13057-4.patch: fix typo in
891+ tests/scripts/test028-idassert.
892+ - CVE-2019-13057
893+ * SECURITY UPDATE: SASL SSF not initialized per connection
894+ - debian/patches/CVE-2019-13565.patch: zero out sasl_ssf in
895+ connection_init in servers/slapd/connection.c.
896+ - CVE-2019-13565
897+
898+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 26 Jul 2019 13:21:00 -0400
899+
900+openldap (2.4.47+dfsg-3ubuntu2) disco; urgency=medium
901+
902+ * Fix sysv-generator unit file by customizing parameters (LP: #1821343)
903+ - d/slapd-remain-after-exit.conf: Override RemainAfterExit to allow
904+ correct systemctl status for slapd daemon.
905+ - d/slapd.install: place override file in correct location.
906+
907+ -- Heitor Alves de Siqueira <halves@canonical.com> Mon, 08 Apr 2019 12:39:12 -0300
908+
909+openldap (2.4.47+dfsg-3ubuntu1) disco; urgency=medium
910+
911+ * Merge with Debian unstable. Remaining changes:
912+ - Enable AppArmor support:
913+ - d/apparmor-profile: add AppArmor profile
914+ - d/rules: use dh_apparmor
915+ - d/control: Build-Depends on dh-apparmor
916+ - d/slapd.README.Debian: add note about AppArmor
917+ - Enable GSSAPI support:
918+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
919+ - Add --with-gssapi support
920+ - Make guess_service_principal() more robust when determining
921+ principal
922+ - d/configure.options: Configure with --with-gssapi
923+ - d/control: Added heimdal-dev as a build depend
924+ - d/rules:
925+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
926+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
927+ - Enable ufw support:
928+ - d/control: suggest ufw.
929+ - d/rules: install ufw profile.
930+ - d/slapd.ufw.profile: add ufw profile.
931+ - Enable nss overlay:
932+ - d/rules:
933+ - add nssov to CONTRIB_MODULES
934+ - add sysconfdir to CONTRIB_MAKEVARS
935+ - d/slapd.install:
936+ - install nssov overlay
937+ - d/slapd.manpages:
938+ - install slapo-nssov(5) man page
939+ - d/{rules,slapd.py}: Add apport hook.
940+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
941+ either the default DIT nor via an Authn mapping.
942+ - d/slapd.scripts-common:
943+ - add slapcat_opts to local variables.
944+ - Fix backup directory naming for multiple reconfiguration.
945+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
946+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
947+ in the openldap library, as required by Likewise-Open
948+ - Show distribution in version:
949+ - d/control: added lsb-release
950+ - d/patches/fix-ldap-distribution.patch: show distribution in version
951+ - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
952+ - CLDAP (UDP) was added in 2.4.17-1ubuntu2
953+ - GSSAPI support was enabled in 2.4.18-0ubuntu2
954+ * Added changes:
955+ - d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
956+ Debian bug #919136, we also have to patch the nssov makefile
957+ accordingly and thus update this patch.
958+
959+ -- Andreas Hasenack <andreas@canonical.com> Mon, 11 Feb 2019 09:20:47 -0200
960+
961 openldap (2.4.47+dfsg-3) unstable; urgency=medium
962
963 * Restore patches to contrib Makefiles to set CFLAGS, CPPFLAGS, and LDFLAGS
964@@ -446,6 +1251,63 @@ openldap (2.4.47+dfsg-3) unstable; urgency=medium
965
966 -- Ryan Tandy <ryan@nardis.ca> Sat, 02 Feb 2019 10:30:10 -0800
967
968+openldap (2.4.47+dfsg-2ubuntu1) disco; urgency=medium
969+
970+ * Merge from Debian unstable (LP: #1811630). Remaining changes:
971+ - Enable AppArmor support:
972+ - d/apparmor-profile: add AppArmor profile
973+ - d/rules: use dh_apparmor
974+ - d/control: Build-Depends on dh-apparmor
975+ - d/slapd.README.Debian: add note about AppArmor
976+ - Enable GSSAPI support:
977+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
978+ - Add --with-gssapi support
979+ - Make guess_service_principal() more robust when determining
980+ principal
981+ - d/configure.options: Configure with --with-gssapi
982+ - d/control: Added heimdal-dev as a build depend
983+ - d/rules:
984+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
985+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
986+ - Enable ufw support:
987+ - d/control: suggest ufw.
988+ - d/rules: install ufw profile.
989+ - d/slapd.ufw.profile: add ufw profile.
990+ - Enable nss overlay:
991+ - d/rules:
992+ - add nssov to CONTRIB_MODULES
993+ - add sysconfdir to CONTRIB_MAKEVARS
994+ - d/slapd.install:
995+ - install nssov overlay
996+ - d/slapd.manpages:
997+ - install slapo-nssov(5) man page
998+ - d/{rules,slapd.py}: Add apport hook.
999+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1000+ either the default DIT nor via an Authn mapping.
1001+ - d/slapd.scripts-common:
1002+ - add slapcat_opts to local variables.
1003+ - Fix backup directory naming for multiple reconfiguration.
1004+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1005+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1006+ in the openldap library, as required by Likewise-Open
1007+ - Show distribution in version:
1008+ - d/control: added lsb-release
1009+ - d/patches/fix-ldap-distribution.patch: show distribution in version
1010+ - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1011+ - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1012+ - GSSAPI support was enabled in 2.4.18-0ubuntu2
1013+ * Update nssov build and packaging for Debian changes:
1014+ - Drop patch nssov-build
1015+ - d/rules:
1016+ - add nssov to CONTRIB_MODULES
1017+ - add sysconfdir to CONTRIB_MAKEVARS
1018+ - d/slapd.install:
1019+ - install nssov overlay
1020+ - d/slapd.manpages:
1021+ - install slapo-nssov(5) man page
1022+
1023+ -- Ryan Tandy <ryan@nardis.ca> Sun, 13 Jan 2019 04:47:09 +0000
1024+
1025 openldap (2.4.47+dfsg-2) unstable; urgency=medium
1026
1027 * Reintroduce slapi-dev binary package. (Closes: #711469)
1028@@ -483,6 +1345,63 @@ openldap (2.4.47+dfsg-1) unstable; urgency=medium
1029
1030 -- Ryan Tandy <ryan@nardis.ca> Sun, 23 Dec 2018 12:50:40 -0800
1031
1032+openldap (2.4.46+dfsg-5ubuntu3) disco; urgency=medium
1033+
1034+ * d/apparmor-profile: update apparmor profile to allow reading of
1035+ files needed when slapd is behaving as a kerberos/gssapi client
1036+ and acquiring its own ticket. (LP: #1783183)
1037+
1038+ -- Andreas Hasenack <andreas@canonical.com> Fri, 09 Nov 2018 21:29:51 -0200
1039+
1040+openldap (2.4.46+dfsg-5ubuntu2) disco; urgency=medium
1041+
1042+ * No-change rebuild for the perl 5.28 transition.
1043+
1044+ -- Adam Conrad <adconrad@ubuntu.com> Fri, 02 Nov 2018 18:14:37 -0600
1045+
1046+openldap (2.4.46+dfsg-5ubuntu1) cosmic; urgency=medium
1047+
1048+ * Merge from Debian unstable. Remaining changes:
1049+ - Enable AppArmor support:
1050+ - d/apparmor-profile: add AppArmor profile
1051+ - d/rules: use dh_apparmor
1052+ - d/control: Build-Depends on dh-apparmor
1053+ - d/slapd.README.Debian: add note about AppArmor
1054+ - Enable GSSAPI support:
1055+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1056+ - Add --with-gssapi support
1057+ - Make guess_service_principal() more robust when determining
1058+ principal
1059+ - d/configure.options: Configure with --with-gssapi
1060+ - d/control: Added heimdal-dev as a build depend
1061+ - d/rules:
1062+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
1063+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1064+ - Enable ufw support:
1065+ - d/control: suggest ufw.
1066+ - d/rules: install ufw profile.
1067+ - d/slapd.ufw.profile: add ufw profile.
1068+ - Enable nss overlay:
1069+ - d/{patches/nssov-build,rules}: Apply, build and package the
1070+ nss overlay.
1071+ - d/{rules,slapd.py}: Add apport hook.
1072+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1073+ either the default DIT nor via an Authn mapping.
1074+ - d/slapd.scripts-common:
1075+ - add slapcat_opts to local variables.
1076+ - Fix backup directory naming for multiple reconfiguration.
1077+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1078+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1079+ in the openldap library, as required by Likewise-Open
1080+ - Show distribution in version:
1081+ - d/control: added lsb-release
1082+ - d/patches/fix-ldap-distribution.patch: show distribution in version
1083+ - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1084+ - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1085+ - GSSAPI support was enabled in 2.4.18-0ubuntu2
1086+
1087+ -- Gianfranco Costamagna <locutusofborg@debian.org> Wed, 09 May 2018 13:44:37 +0200
1088+
1089 openldap (2.4.46+dfsg-5) unstable; urgency=medium
1090
1091 * Restore slapd-smbk5pwd now that libldap is installable in unstable.
1092@@ -502,6 +1421,49 @@ openldap (2.4.46+dfsg-3) unstable; urgency=medium
1093
1094 -- Ryan Tandy <ryan@nardis.ca> Fri, 04 May 2018 07:36:58 -0700
1095
1096+openldap (2.4.46+dfsg-2ubuntu1) cosmic; urgency=low
1097+
1098+ * Merge from Debian unstable. Remaining changes:
1099+ - Enable AppArmor support:
1100+ - d/apparmor-profile: add AppArmor profile
1101+ - d/rules: use dh_apparmor
1102+ - d/control: Build-Depends on dh-apparmor
1103+ - d/slapd.README.Debian: add note about AppArmor
1104+ - Enable GSSAPI support:
1105+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1106+ - Add --with-gssapi support
1107+ - Make guess_service_principal() more robust when determining
1108+ principal
1109+ - d/configure.options: Configure with --with-gssapi
1110+ - d/control: Added heimdal-dev as a build depend
1111+ - d/rules:
1112+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
1113+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1114+ - Enable ufw support:
1115+ - d/control: suggest ufw.
1116+ - d/rules: install ufw profile.
1117+ - d/slapd.ufw.profile: add ufw profile.
1118+ - Enable nss overlay:
1119+ - d/{patches/nssov-build,rules}: Apply, build and package the
1120+ nss overlay.
1121+ - d/{rules,slapd.py}: Add apport hook.
1122+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1123+ either the default DIT nor via an Authn mapping.
1124+ - d/slapd.scripts-common:
1125+ - add slapcat_opts to local variables.
1126+ - Fix backup directory naming for multiple reconfiguration.
1127+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1128+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1129+ in the openldap library, as required by Likewise-Open
1130+ - Show distribution in version:
1131+ - d/control: added lsb-release
1132+ - d/patches/fix-ldap-distribution.patch: show distribution in version
1133+ - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1134+ - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1135+ - GSSAPI support was enabled in 2.4.18-0ubuntu2
1136+
1137+ -- Gianfranco Costamagna <locutusofborg@debian.org> Fri, 04 May 2018 10:19:24 +0200
1138+
1139 openldap (2.4.46+dfsg-2) unstable; urgency=medium
1140
1141 * Remove version constraint from libldap-2.4-2 dependency on libldap-common.
1142@@ -531,6 +1493,49 @@ openldap (2.4.46+dfsg-1) unstable; urgency=medium
1143
1144 -- Ryan Tandy <ryan@nardis.ca> Thu, 03 May 2018 07:03:30 -0700
1145
1146+openldap (2.4.45+dfsg-1ubuntu1) artful; urgency=low
1147+
1148+ * Merge from Debian unstable. Remaining changes:
1149+ - Enable AppArmor support:
1150+ - d/apparmor-profile: add AppArmor profile
1151+ - d/rules: use dh_apparmor
1152+ - d/control: Build-Depends on dh-apparmor
1153+ - d/slapd.README.Debian: add note about AppArmor
1154+ - Enable GSSAPI support:
1155+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1156+ - Add --with-gssapi support
1157+ - Make guess_service_principal() more robust when determining
1158+ principal
1159+ - d/configure.options: Configure with --with-gssapi
1160+ - d/control: Added heimdal-dev as a build depend
1161+ - d/rules:
1162+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
1163+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1164+ - Enable ufw support:
1165+ - d/control: suggest ufw.
1166+ - d/rules: install ufw profile.
1167+ - d/slapd.ufw.profile: add ufw profile.
1168+ - Enable nss overlay:
1169+ - d/{patches/nssov-build,rules}: Apply, build and package the
1170+ nss overlay.
1171+ - d/{rules,slapd.py}: Add apport hook.
1172+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1173+ either the default DIT nor via an Authn mapping.
1174+ - d/slapd.scripts-common:
1175+ - add slapcat_opts to local variables.
1176+ - Fix backup directory naming for multiple reconfiguration.
1177+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1178+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1179+ in the openldap library, as required by Likewise-Open
1180+ - Show distribution in version:
1181+ - d/control: added lsb-release
1182+ - d/patches/fix-ldap-distribution.patch: show distribution in version
1183+ - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1184+ - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1185+ - GSSAPI support was enabled in 2.4.18-0ubuntu2
1186+
1187+ -- Gianfranco Costamagna <locutusofborg@debian.org> Fri, 28 Jul 2017 14:49:07 +0200
1188+
1189 openldap (2.4.45+dfsg-1) unstable; urgency=medium
1190
1191 * New upstream release.
1192@@ -572,6 +1577,49 @@ openldap (2.4.45+dfsg-1) unstable; urgency=medium
1193
1194 -- Ryan Tandy <ryan@nardis.ca> Thu, 27 Jul 2017 18:04:41 -0700
1195
1196+openldap (2.4.44+dfsg-8ubuntu1) artful; urgency=low
1197+
1198+ * Merge from Debian unstable. Remaining changes:
1199+ - Enable AppArmor support:
1200+ - d/apparmor-profile: add AppArmor profile
1201+ - d/rules: use dh_apparmor
1202+ - d/control: Build-Depends on dh-apparmor
1203+ - d/slapd.README.Debian: add note about AppArmor
1204+ - Enable GSSAPI support:
1205+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1206+ - Add --with-gssapi support
1207+ - Make guess_service_principal() more robust when determining
1208+ principal
1209+ - d/configure.options: Configure with --with-gssapi
1210+ - d/control: Added heimdal-dev as a build depend
1211+ - d/rules:
1212+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
1213+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1214+ - Enable ufw support:
1215+ - d/control: suggest ufw.
1216+ - d/rules: install ufw profile.
1217+ - d/slapd.ufw.profile: add ufw profile.
1218+ - Enable nss overlay:
1219+ - d/{patches/nssov-build,rules}: Apply, build and package the
1220+ nss overlay.
1221+ - d/{rules,slapd.py}: Add apport hook.
1222+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1223+ either the default DIT nor via an Authn mapping.
1224+ - d/slapd.scripts-common:
1225+ - add slapcat_opts to local variables.
1226+ - Fix backup directory naming for multiple reconfiguration.
1227+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1228+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1229+ in the openldap library, as required by Likewise-Open
1230+ - Show distribution in version:
1231+ - d/control: added lsb-release
1232+ - d/patches/fix-ldap-distribution.patch: show distribution in version
1233+ - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1234+ - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1235+ - GSSAPI support was enabled in 2.4.18-0ubuntu2
1236+
1237+ -- Gianfranco Costamagna <locutusofborg@debian.org> Mon, 17 Jul 2017 10:58:24 +0200
1238+
1239 openldap (2.4.44+dfsg-8) unstable; urgency=medium
1240
1241 * Disable test060-mt-hot on ppc64el temporarily to avoid failing tests until
1242@@ -582,6 +1630,52 @@ openldap (2.4.44+dfsg-8) unstable; urgency=medium
1243
1244 -- Ryan Tandy <ryan@nardis.ca> Sun, 16 Jul 2017 12:57:41 -0700
1245
1246+openldap (2.4.44+dfsg-7ubuntu1) artful; urgency=medium
1247+
1248+ * Merge from Debian unstable. Remaining changes:
1249+ - Enable AppArmor support:
1250+ - d/apparmor-profile: add AppArmor profile
1251+ - d/rules: use dh_apparmor
1252+ - d/control: Build-Depends on dh-apparmor
1253+ - d/slapd.README.Debian: add note about AppArmor
1254+ - Enable GSSAPI support:
1255+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1256+ - Add --with-gssapi support
1257+ - Make guess_service_principal() more robust when determining
1258+ principal
1259+ - d/configure.options: Configure with --with-gssapi
1260+ - d/control: Added heimdal-dev as a build depend
1261+ - d/rules:
1262+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
1263+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1264+ - Enable ufw support:
1265+ - d/control: suggest ufw.
1266+ - d/rules: install ufw profile.
1267+ - d/slapd.ufw.profile: add ufw profile.
1268+ - Enable nss overlay:
1269+ - d/{patches/nssov-build,rules}: Apply, build and package the
1270+ nss overlay.
1271+ - d/{rules,slapd.py}: Add apport hook.
1272+ [ d/rules modification mentioned above was dropped in
1273+ 2.4.23-6ubuntu1, re-adding it ]
1274+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1275+ either the default DIT nor via an Authn mapping.
1276+ - d/slapd.scripts-common:
1277+ - add slapcat_opts to local variables.
1278+ - Fix backup directory naming for multiple reconfiguration.
1279+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1280+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1281+ in the openldap library, as required by Likewise-Open
1282+ - Show distribution in version:
1283+ - d/control: added lsb-release
1284+ - d/patches/fix-ldap-distribution.patch: show distribution in version
1285+ [ Refreshed patch ]
1286+ - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1287+ - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1288+ - GSSAPI support was enabled in 2.4.18-0ubuntu2
1289+
1290+ -- Gianfranco Costamagna <locutusofborg@debian.org> Tue, 27 Jun 2017 10:21:41 +0200
1291+
1292 openldap (2.4.44+dfsg-7) unstable; urgency=medium
1293
1294 * Relax the dependency of libldap-2.4-2 on libldap-common to also permit
1295@@ -589,6 +1683,52 @@ openldap (2.4.44+dfsg-7) unstable; urgency=medium
1296
1297 -- Ryan Tandy <ryan@nardis.ca> Tue, 27 Jun 2017 18:53:12 -0700
1298
1299+openldap (2.4.44+dfsg-6ubuntu1) artful; urgency=medium
1300+
1301+ * Merge from Debian unstable. Remaining changes:
1302+ - Enable AppArmor support:
1303+ - d/apparmor-profile: add AppArmor profile
1304+ - d/rules: use dh_apparmor
1305+ - d/control: Build-Depends on dh-apparmor
1306+ - d/slapd.README.Debian: add note about AppArmor
1307+ - Enable GSSAPI support:
1308+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1309+ - Add --with-gssapi support
1310+ - Make guess_service_principal() more robust when determining
1311+ principal
1312+ - d/configure.options: Configure with --with-gssapi
1313+ - d/control: Added heimdal-dev as a build depend
1314+ - d/rules:
1315+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
1316+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1317+ - Enable ufw support:
1318+ - d/control: suggest ufw.
1319+ - d/rules: install ufw profile.
1320+ - d/slapd.ufw.profile: add ufw profile.
1321+ - Enable nss overlay:
1322+ - d/{patches/nssov-build,rules}: Apply, build and package the
1323+ nss overlay.
1324+ - d/{rules,slapd.py}: Add apport hook.
1325+ [ d/rules modification mentioned above was dropped in
1326+ 2.4.23-6ubuntu1, re-adding it ]
1327+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1328+ either the default DIT nor via an Authn mapping.
1329+ - d/slapd.scripts-common:
1330+ - add slapcat_opts to local variables.
1331+ - Fix backup directory naming for multiple reconfiguration.
1332+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1333+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1334+ in the openldap library, as required by Likewise-Open
1335+ - Show distribution in version:
1336+ - d/control: added lsb-release
1337+ - d/patches/fix-ldap-distribution.patch: show distribution in version
1338+ [ Refreshed patch ]
1339+ - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1340+ - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1341+ - GSSAPI support was enabled in 2.4.18-0ubuntu2
1342+
1343+ -- Gianfranco Costamagna <locutusofborg@debian.org> Tue, 27 Jun 2017 10:21:41 +0200
1344+
1345 openldap (2.4.44+dfsg-6) unstable; urgency=medium
1346
1347 * Update the list of non-translatable strings for the
1348@@ -597,6 +1737,54 @@ openldap (2.4.44+dfsg-6) unstable; urgency=medium
1349
1350 -- Ryan Tandy <ryan@nardis.ca> Mon, 26 Jun 2017 19:42:02 -0700
1351
1352+openldap (2.4.44+dfsg-5ubuntu1) artful; urgency=medium
1353+
1354+ * Merge from Debian unstable. Remaining changes:
1355+ - Enable AppArmor support:
1356+ - d/apparmor-profile: add AppArmor profile
1357+ - d/rules: use dh_apparmor
1358+ - d/control: Build-Depends on dh-apparmor
1359+ - d/slapd.README.Debian: add note about AppArmor
1360+ - Enable GSSAPI support:
1361+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1362+ - Add --with-gssapi support
1363+ - Make guess_service_principal() more robust when determining
1364+ principal
1365+ - d/configure.options: Configure with --with-gssapi
1366+ - d/control: Added heimdal-dev as a build depend
1367+ - d/rules:
1368+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
1369+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1370+ - Enable ufw support:
1371+ - d/control: suggest ufw.
1372+ - d/rules: install ufw profile.
1373+ - d/slapd.ufw.profile: add ufw profile.
1374+ - Enable nss overlay:
1375+ - d/{patches/nssov-build,rules}: Apply, build and package the
1376+ nss overlay.
1377+ - d/{rules,slapd.py}: Add apport hook.
1378+ [ d/rules modification mentioned above was dropped in
1379+ 2.4.23-6ubuntu1, re-adding it ]
1380+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1381+ either the default DIT nor via an Authn mapping.
1382+ - d/slapd.scripts-common:
1383+ - add slapcat_opts to local variables.
1384+ - Fix backup directory naming for multiple reconfiguration.
1385+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1386+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1387+ in the openldap library, as required by Likewise-Open
1388+ - Show distribution in version:
1389+ - d/control: added lsb-release
1390+ - d/patches/fix-ldap-distribution.patch: show distribution in version
1391+ [ Refreshed patch ]
1392+ - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1393+ - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1394+ - GSSAPI support was enabled in 2.4.18-0ubuntu2
1395+ [ undocumented in prior merge, added in 2.4.41+dfsg-1ubuntu1 ]
1396+ - Fix use after free with GnuTLS. (LP #1557248)
1397+
1398+ -- Gianfranco Costamagna <locutusofborg@debian.org> Sun, 28 May 2017 22:43:50 +0200
1399+
1400 openldap (2.4.44+dfsg-5) unstable; urgency=medium
1401
1402 * debian/patches/ITS-8644-wait-for-slapd-to-start-in-test064.patch: Fix an
1403@@ -608,6 +1796,54 @@ openldap (2.4.44+dfsg-5) unstable; urgency=medium
1404
1405 -- Ryan Tandy <ryan@nardis.ca> Sun, 28 May 2017 09:59:46 -0700
1406
1407+openldap (2.4.44+dfsg-4ubuntu1) artful; urgency=low
1408+
1409+ * Merge from Debian unstable. Remaining changes:
1410+ - Enable AppArmor support:
1411+ - d/apparmor-profile: add AppArmor profile
1412+ - d/rules: use dh_apparmor
1413+ - d/control: Build-Depends on dh-apparmor
1414+ - d/slapd.README.Debian: add note about AppArmor
1415+ - Enable GSSAPI support:
1416+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1417+ - Add --with-gssapi support
1418+ - Make guess_service_principal() more robust when determining
1419+ principal
1420+ - d/configure.options: Configure with --with-gssapi
1421+ - d/control: Added heimdal-dev as a build depend
1422+ - d/rules:
1423+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
1424+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1425+ - Enable ufw support:
1426+ - d/control: suggest ufw.
1427+ - d/rules: install ufw profile.
1428+ - d/slapd.ufw.profile: add ufw profile.
1429+ - Enable nss overlay:
1430+ - d/{patches/nssov-build,rules}: Apply, build and package the
1431+ nss overlay.
1432+ - d/{rules,slapd.py}: Add apport hook.
1433+ [ d/rules modification mentioned above was dropped in
1434+ 2.4.23-6ubuntu1, re-adding it ]
1435+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1436+ either the default DIT nor via an Authn mapping.
1437+ - d/slapd.scripts-common:
1438+ - add slapcat_opts to local variables.
1439+ - Fix backup directory naming for multiple reconfiguration.
1440+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1441+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1442+ in the openldap library, as required by Likewise-Open
1443+ - Show distribution in version:
1444+ - d/control: added lsb-release
1445+ - d/patches/fix-ldap-distribution.patch: show distribution in version
1446+ [ Refreshed patch ]
1447+ - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1448+ - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1449+ - GSSAPI support was enabled in 2.4.18-0ubuntu2
1450+ [ undocumented in prior merge, added in 2.4.41+dfsg-1ubuntu1 ]
1451+ - Fix use after free with GnuTLS. (LP #1557248)
1452+
1453+ -- Gianfranco Costamagna <locutusofborg@debian.org> Sat, 22 Apr 2017 14:28:54 +0200
1454+
1455 openldap (2.4.44+dfsg-4) unstable; urgency=medium
1456
1457 * Improve the slapd/ppolicy_schema_needs_update debconf template. Thanks to
1458@@ -654,6 +1890,67 @@ openldap (2.4.44+dfsg-4) unstable; urgency=medium
1459
1460 -- Ryan Tandy <ryan@nardis.ca> Sun, 16 Apr 2017 20:10:43 -0700
1461
1462+openldap (2.4.44+dfsg-3ubuntu2) zesty; urgency=medium
1463+
1464+ * d/rules: Fix typo in previous upload.
1465+
1466+ -- Nishanth Aravamudan <nish.aravamudan@canonical.com> Fri, 10 Feb 2017 12:17:02 -0800
1467+
1468+openldap (2.4.44+dfsg-3ubuntu1) zesty; urgency=medium
1469+
1470+ * Merge with Debian unstable (LP: #1663702, LP: #1654416). Remaining
1471+ changes
1472+ - Enable AppArmor support:
1473+ - d/apparmor-profile: add AppArmor profile
1474+ - d/rules: use dh_apparmor
1475+ - d/control: Build-Depends on dh-apparmor
1476+ - d/slapd.README.Debian: add note about AppArmor
1477+ - Enable GSSAPI support:
1478+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1479+ - Add --with-gssapi support
1480+ - Make guess_service_principal() more robust when determining
1481+ principal
1482+ - d/configure.options: Configure with --with-gssapi
1483+ - d/control: Added heimdal-dev as a build depend
1484+ - d/rules:
1485+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
1486+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1487+ - Enable ufw support:
1488+ - d/control: suggest ufw.
1489+ - d/rules: install ufw profile.
1490+ - d/slapd.ufw.profile: add ufw profile.
1491+ - Enable nss overlay:
1492+ - d/{patches/nssov-build,rules}: Apply, build and package the
1493+ nss overlay.
1494+ - d/{rules,slapd.py}: Add apport hook.
1495+ [ d/rules modification mentioned above was dropped in
1496+ 2.4.23-6ubuntu1, re-adding it ]
1497+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1498+ either the default DIT nor via an Authn mapping.
1499+ - d/slapd.scripts-common:
1500+ - add slapcat_opts to local variables.
1501+ - Fix backup directory naming for multiple reconfiguration.
1502+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1503+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1504+ in the openldap library, as required by Likewise-Open
1505+ - Show distribution in version:
1506+ - d/control: added lsb-release
1507+ - d/patches/fix-ldap-distribution.patch: show distribution in version
1508+ [ Refreshed patch ]
1509+ - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1510+ - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1511+ - GSSAPI support was enabled in 2.4.18-0ubuntu2
1512+ [ undocumented in prior merge, added in 2.4.41+dfsg-1ubuntu1 ]
1513+ - Fix use after free with GnuTLS. (LP #1557248)
1514+ * Drop:
1515+ - d/slapd.scripts-common:
1516+ + Remove unused variable new_conf.
1517+ [ configure_v2_protocol_support function removed in 2.4.44+dfsg-1 ]
1518+ - d/b/config.log: add config.log
1519+ [ previously undocumented, stray change ]
1520+
1521+ -- Nishanth Aravamudan <nish.aravamudan@canonical.com> Fri, 10 Feb 2017 11:38:57 -0800
1522+
1523 openldap (2.4.44+dfsg-3) unstable; urgency=medium
1524
1525 * Apply upstream patch to fix FTBFS on kFreeBSD. (Closes: #845394)
1526@@ -726,6 +2023,73 @@ openldap (2.4.44+dfsg-1) unstable; urgency=medium
1527
1528 -- Ryan Tandy <ryan@nardis.ca> Mon, 14 Nov 2016 18:59:30 -0800
1529
1530+openldap (2.4.42+dfsg-2ubuntu5) zesty; urgency=medium
1531+
1532+ * No-change rebuild for perl 5.24 transition
1533+
1534+ -- Iain Lane <iain@orangesquash.org.uk> Mon, 24 Oct 2016 10:37:13 +0100
1535+
1536+openldap (2.4.42+dfsg-2ubuntu4) yakkety; urgency=medium
1537+
1538+ * Fix use after free with GnuTLS. (LP: #1557248)
1539+
1540+ -- Maciej Puzio <maciej@work.swmed.edu> Fri, 25 Mar 2016 15:24:25 -0500
1541+
1542+openldap (2.4.42+dfsg-2ubuntu3) xenial; urgency=medium
1543+
1544+ * Fix building with gssapi suppport:
1545+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
1546+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1547+
1548+ -- Matthias Klose <doko@ubuntu.com> Thu, 18 Feb 2016 09:17:27 +0100
1549+
1550+openldap (2.4.42+dfsg-2ubuntu2) xenial; urgency=medium
1551+
1552+ * No-change rebuild for gnutls transition.
1553+
1554+ -- Matthias Klose <doko@ubuntu.com> Wed, 17 Feb 2016 22:27:04 +0000
1555+
1556+openldap (2.4.42+dfsg-2ubuntu1) xenial; urgency=medium
1557+
1558+ * Merge from Debian testing (LP: #1532648). Remaining changes:
1559+ - Enable AppArmor support:
1560+ - d/apparmor-profile: add AppArmor profile
1561+ - d/rules: use dh_apparmor
1562+ - d/control: Build-Depends on dh-apparmor
1563+ - d/slapd.README.Debian: add note about AppArmor
1564+ - Enable GSSAPI support:
1565+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1566+ - Add --with-gssapi support
1567+ - Make guess_service_principal() more robust when determining
1568+ principal
1569+ - d/configure.options: Configure with --with-gssapi
1570+ - d/control: Added heimdal-dev as a build depend
1571+ - Enable ufw support:
1572+ - d/control: suggest ufw.
1573+ - d/rules: install ufw profile.
1574+ - d/slapd.ufw.profile: add ufw profile.
1575+ - Enable nss overlay:
1576+ - d/{patches/nssov-build,rules}: Apply, build and package the
1577+ nss overlay.
1578+ - d/{rules,slapd.py}: Add apport hook.
1579+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1580+ either the default DIT nor via an Authn mapping.
1581+ - d/slapd.scripts-common:
1582+ - add slapcat_opts to local variables.
1583+ - Remove unused variable new_conf.
1584+ - Fix backup directory naming for multiple reconfiguration.
1585+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1586+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1587+ in the openldap library, as required by Likewise-Open
1588+ - Show distribution in version:
1589+ - d/control: added lsb-release
1590+ - d/patches/fix-ldap-distribution.patch: show distribution in version
1591+ * Drop CVE-2015-6908.patch, included in Debian.
1592+ * Remove DEB_HOST_ARCH from debian/rules: left over from when mdb was
1593+ disabled on ppc64el, no longer used, and missed in the previous merge.
1594+
1595+ -- Ryan Tandy <ryan@nardis.ca> Sun, 10 Jan 2016 15:50:53 -0800
1596+
1597 openldap (2.4.42+dfsg-2) unstable; urgency=medium
1598
1599 [ Ryan Tandy ]
1600@@ -793,6 +2157,71 @@ openldap (2.4.42+dfsg-1) unstable; urgency=medium
1601
1602 -- Ryan Tandy <ryan@nardis.ca> Fri, 21 Aug 2015 13:07:51 -0700
1603
1604+openldap (2.4.41+dfsg-1ubuntu3) xenial; urgency=medium
1605+
1606+ * Rebuild for Perl 5.22.1.
1607+
1608+ -- Colin Watson <cjwatson@ubuntu.com> Fri, 18 Dec 2015 15:10:17 +0000
1609+
1610+openldap (2.4.41+dfsg-1ubuntu2) wily; urgency=medium
1611+
1612+ * SECURITY UPDATE: denial of service via crafted BER data
1613+ - debian/patches/CVE-2015-6908.patch: remove obsolete assert in
1614+ libraries/liblber/io.c.
1615+ - CVE-2015-6908
1616+
1617+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 14 Sep 2015 10:25:04 -0400
1618+
1619+openldap (2.4.41+dfsg-1ubuntu1) wily; urgency=medium
1620+
1621+ * Merge from Debian testing (LP: #1471831). Remaining changes:
1622+ - Enable AppArmor support:
1623+ - d/apparmor-profile: add AppArmor profile
1624+ - d/rules: use dh_apparmor
1625+ - d/control: Build-Depends on dh-apparmor
1626+ - d/slapd.README.Debian: add note about AppArmor
1627+ - Enable GSSAPI support:
1628+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1629+ - Add --with-gssapi support
1630+ - Make guess_service_principal() more robust when determining
1631+ principal
1632+ - d/configure.options: Configure with --with-gssapi
1633+ - d/control: Added heimdal-dev as a build depend
1634+ - Enable ufw support:
1635+ - d/control: suggest ufw.
1636+ - d/rules: install ufw profile.
1637+ - d/slapd.ufw.profile: add ufw profile.
1638+ - Enable nss overlay:
1639+ - d/{patches/nssov-build,rules}: Apply, build and package the
1640+ nss overlay.
1641+ - d/{rules,slapd.py}: Add apport hook.
1642+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1643+ either the default DIT nor via an Authn mapping.
1644+ - d/slapd.scripts-common:
1645+ - add slapcat_opts to local variables.
1646+ - Remove unused variable new_conf.
1647+ - Fix backup directory naming for multiple reconfiguration.
1648+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1649+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1650+ in the openldap library, as required by Likewise-Open
1651+ - Show distribution in version:
1652+ - d/control: added lsb-release
1653+ - d/patches/fix-ldap-distribution.patch: show distribution in version
1654+ * Dropped changes:
1655+ - Fix cpp calls for GCC 5: fixed upstream (ITS#8056)
1656+ * Upstream fixes:
1657+ - slapd crash with auditlog overlay and large (~27KB) attribute values
1658+ (ITS#8003) (LP: #1461276)
1659+ - nssov updated to support recent nss-pam-ldapd client libraries
1660+ (ITS#8097) (LP: #1393306)
1661+ * Update d/patches/nssov-build for upstream changes.
1662+ * Tweak d/patches/gssapi.diff to apply without fuzz.
1663+ * d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1664+ - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1665+ - GSSAPI support was enabled in 2.4.18-0ubuntu2
1666+
1667+ -- Ryan Tandy <ryan@nardis.ca> Fri, 24 Jul 2015 14:12:06 -0700
1668+
1669 openldap (2.4.41+dfsg-1) unstable; urgency=medium
1670
1671 * New upstream release.
1672@@ -812,6 +2241,62 @@ openldap (2.4.40+dfsg-2) unstable; urgency=medium
1673
1674 -- Ryan Tandy <ryan@nardis.ca> Sun, 28 Jun 2015 20:40:37 -0700
1675
1676+openldap (2.4.40+dfsg-1ubuntu2) wily; urgency=medium
1677+
1678+ * No-change rebuild for the libnettle6 transition.
1679+
1680+ -- Adam Conrad <adconrad@ubuntu.com> Sun, 14 Jun 2015 03:58:30 -0600
1681+
1682+openldap (2.4.40+dfsg-1ubuntu1) wily; urgency=low
1683+
1684+ * Merge from Debian testing (LP: #1395098, LP: #1316124). Remaining changes:
1685+ - Enable AppArmor support:
1686+ - d/apparmor-profile: add AppArmor profile
1687+ - d/rules: use dh_apparmor
1688+ - d/control: Build-Depends on dh-apparmor
1689+ - d/slapd.README.Debian: add note about AppArmor
1690+ - Enable GSSAPI support:
1691+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1692+ - Add --with-gssapi support
1693+ - Make guess_service_principal() more robust when determining
1694+ principal
1695+ - d/configure.options: Configure with --with-gssapi
1696+ - d/control: Added heimdal-dev as a build depend
1697+ - Enable ufw support:
1698+ - d/control: suggest ufw.
1699+ - d/rules: install ufw profile.
1700+ - d/slapd.ufw.profile: add ufw profile.
1701+ - Enable nss overlay:
1702+ - d/{patches/nssov-build,rules}: Apply, build and package the
1703+ nss overlay.
1704+ - d/{rules,slapd.py}: Add apport hook.
1705+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1706+ either the default DIT nor via an Authn mapping.
1707+ - d/slapd.scripts-common:
1708+ - add slapcat_opts to local variables.
1709+ - Remove unused variable new_conf.
1710+ - Fix backup directory naming for multiple reconfiguration.
1711+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1712+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1713+ in the openldap library, as required by Likewise-Open
1714+ - Show distribution in version:
1715+ - d/control: added lsb-release
1716+ - d/patches/fix-ldap-distribution.patch: show distribution in version
1717+ * Drop patches included upstream:
1718+ - d/patches/0001-ITS-7430-GnuTLS-Avoid-use-of-deprecated-function.patch
1719+ - d/patches/bdb-deadlock.patch
1720+ - d/patches/its-7354-fix-delta-sync-mmr.diff
1721+ * Drop hardening-wrapper as Debian now sets PIE and bindnow flags.
1722+ * debian/patches/nssov-build: Adjust for upstream changes.
1723+ * debian/apparmor-profile:
1724+ - Change 'r' to 'rw' for ldapi and nslcd sockets, required for apparmor
1725+ kernel ABI v7 (utopic and later). (LP: #1392018)
1726+ - Reduce permissions on /run/nslcd to just the nslcd socket.
1727+ * Enable the mdb backend again on ppc64el, fixed upstream in ITS#7713.
1728+ (LP: #1293250)
1729+
1730+ -- Ryan Tandy <ryan@nardis.ca> Mon, 25 May 2015 19:49:21 -0700
1731+
1732 openldap (2.4.40+dfsg-1) unstable; urgency=medium
1733
1734 * Remove inetorgperson.schema from the upstream source. Replace it with a
1735@@ -1000,6 +2485,187 @@ openldap (2.4.39-1) unstable; urgency=low
1736
1737 -- Steve Langasek <vorlon@debian.org> Mon, 17 Mar 2014 15:27:31 -0700
1738
1739+openldap (2.4.31-1+nmu2ubuntu12) vivid; urgency=medium
1740+
1741+ * Fix cpp calls for GCC 5.
1742+
1743+ -- Matthias Klose <doko@ubuntu.com> Fri, 06 Mar 2015 13:23:29 +0100
1744+
1745+openldap (2.4.31-1+nmu2ubuntu11) utopic; urgency=medium
1746+
1747+ * debian/apparmor-profile:
1748+ - allow p11-kit abstraction
1749+ - allow read of /etc/gss/mech.d/*
1750+
1751+ -- Jamie Strandboge <jamie@ubuntu.com> Tue, 02 Sep 2014 15:29:05 -0500
1752+
1753+openldap (2.4.31-1+nmu2ubuntu10) utopic; urgency=medium
1754+
1755+ * Rebuild for Perl 5.20.0.
1756+
1757+ -- Colin Watson <cjwatson@ubuntu.com> Thu, 21 Aug 2014 13:29:20 +0100
1758+
1759+openldap (2.4.31-1+nmu2ubuntu9) utopic; urgency=medium
1760+
1761+ * Cherry-pick upstream patch for compat with recent GNUTLS.
1762+ * Build-depend on libgnutls28-dev.
1763+ * Build-depend on libgcrypt20-dev.
1764+
1765+ -- Dimitri John Ledkov <xnox@ubuntu.com> Fri, 08 Aug 2014 11:01:56 +0100
1766+
1767+openldap (2.4.31-1+nmu2ubuntu8) trusty; urgency=medium
1768+
1769+ * Bump database_format_changed value to 2.4.31-1+nmu2ubuntu5 for db5.3.
1770+
1771+ -- Adam Conrad <adconrad@ubuntu.com> Mon, 17 Mar 2014 12:50:18 -0600
1772+
1773+openldap (2.4.31-1+nmu2ubuntu7) trusty; urgency=medium
1774+
1775+ * Disable mdb backend on ppc64el due to test-suite failures.
1776+
1777+ -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 17 Mar 2014 16:32:29 +0000
1778+
1779+openldap (2.4.31-1+nmu2ubuntu6) trusty; urgency=low
1780+
1781+ * Fix segfault issue with master-master syncrepl (LP: #1287730):
1782+ - d/patches/its-7354-fix-delta-sync-mmr.diff: Cherry picked
1783+ patch from upstream VCS.
1784+
1785+ -- Pierre Fersing <pfersing@sierrawireless.com> Tue, 04 Mar 2014 16:04:57 +0100
1786+
1787+openldap (2.4.31-1+nmu2ubuntu5) trusty; urgency=low
1788+
1789+ * Build-depend on libdb5.3-dev, instead of libdb5.1-dev.
1790+
1791+ -- Dmitrijs Ledkovs <xnox@ubuntu.com> Mon, 04 Nov 2013 08:04:30 +0000
1792+
1793+openldap (2.4.31-1+nmu2ubuntu4) trusty; urgency=low
1794+
1795+ * Rebuild for Perl 5.18.
1796+
1797+ -- Colin Watson <cjwatson@ubuntu.com> Tue, 22 Oct 2013 12:16:39 +0100
1798+
1799+openldap (2.4.31-1+nmu2ubuntu3) saucy; urgency=low
1800+
1801+ * Update build/config.guess and build/config.sub at build time; this was
1802+ not done automatically because the top-level configure.in does not use
1803+ Automake.
1804+
1805+ -- Colin Watson <cjwatson@ubuntu.com> Tue, 08 Oct 2013 17:24:59 +0100
1806+
1807+openldap (2.4.31-1+nmu2ubuntu2) saucy; urgency=low
1808+
1809+ * debian/control: added lsb-release
1810+ * debian/patches/fix-ldap-distribution.patch: show distribution in version
1811+
1812+ -- Yolanda Robla <yolanda.robla@canonical.com> Mon, 08 Jul 2013 16:53:09 +0200
1813+
1814+openldap (2.4.31-1+nmu2ubuntu1) saucy; urgency=low
1815+
1816+ * Merge from Debian unstable. Remaining changes:
1817+ - Enable AppArmor support:
1818+ - d/apparmor-profile: add AppArmor profile
1819+ - d/rules: use dh_apparmor
1820+ - d/control: Build-Depends on dh-apparmor
1821+ - d/slapd.README.Debian: add note about AppArmor
1822+ - d/slapd.dirs: add etc/apparmor.d/force-complain
1823+ - Enable GSSAPI support:
1824+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1825+ - Add --with-gssapi support
1826+ - Make guess_service_principal() more robust when determining
1827+ principal
1828+ - d/configure.options: Configure with --with-gssapi
1829+ - d/control: Added libkrb5-dev as a build depend
1830+ - Enable ufw support:
1831+ - d/control: suggest ufw.
1832+ - d/rules: install ufw profile.
1833+ - d/slapd.ufw.profile: add ufw profile.
1834+ - Enable nss overlay:
1835+ - d/{patches/nssov-build,/rules}: Apply, build and package the
1836+ nss overlay.
1837+ - d/{rules,slapd.py}: Add apport hook.
1838+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1839+ either the default DIT nor via an Authn mapping.
1840+ - d/slapd.scripts-common:
1841+ - add slapcat_opts to local variables.
1842+ - Remove unused variable new_conf.
1843+ - Fix backup directory naming for multiple reconfiguration.
1844+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1845+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1846+ in the openldap library, as required by Likewise-Open
1847+ - d/{control,rules}: enable PIE hardening
1848+
1849+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 30 May 2013 13:03:25 -0400
1850+
1851+openldap (2.4.31-1+nmu2) unstable; urgency=high
1852+
1853+ * Non-maintainer upload.
1854+ * No-change rebuild in a clean environment
1855+
1856+ -- Jonathan Wiltshire <jmw@debian.org> Tue, 23 Apr 2013 13:10:00 +0100
1857+
1858+openldap (2.4.31-1+nmu1) unstable; urgency=medium
1859+
1860+ * Non-maintainer upload.
1861+ * Avoid deadlocks in back-bdb that truncate slapcat output (closes: #673038).
1862+
1863+ -- Michael Gilbert <mgilbert@debian.org> Tue, 16 Apr 2013 03:35:31 +0000
1864+
1865+openldap (2.4.31-1ubuntu2) quantal-proposed; urgency=low
1866+
1867+ * debian/slapd.py: Add AppArmor info and logs to apport hook.
1868+
1869+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 20 Aug 2012 08:46:02 -0400
1870+
1871+openldap (2.4.31-1ubuntu1) quantal; urgency=low
1872+
1873+ * Merge from Debian unstable. Remaining changes:
1874+ - Enable AppArmor support:
1875+ - d/apparmor-profile: add AppArmor profile
1876+ - d/rules: use dh_apparmor
1877+ - d/control: Build-Depends on dh-apparmor
1878+ - d/slapd.README.Debian: add note about AppArmor
1879+ - d/slapd.dirs: add etc/apparmor.d/force-complain
1880+ - Enable GSSAPI support (LP: #495418):
1881+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1882+ - Add --with-gssapi support
1883+ - Make guess_service_principal() more robust when determining
1884+ principal
1885+ - d/configure.options: Configure with --with-gssapi
1886+ - d/control: Added libkrb5-dev as a build depend
1887+ - Enable ufw support (LP: #423246):
1888+ - d/control: suggest ufw.
1889+ - d/rules: install ufw profile.
1890+ - d/slapd.ufw.profile: add ufw profile.
1891+ - Enable nss overlay (LP: #675391):
1892+ - d/{patches/nssov-build,/rules}: Apply, build and package the
1893+ nss overlay.
1894+ - d/{rules,slapd.py}: Add apport hook. (LP: #610544)
1895+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1896+ either the default DIT nor via an Authn mapping.
1897+ - d/slapd.scripts-common:
1898+ - add slapcat_opts to local variables.
1899+ - Remove unused variable new_conf.
1900+ - Fix backup directory naming for multiple reconfiguration.
1901+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1902+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1903+ in the openldap library, as required by Likewise-Open (LP: #390579)
1904+ - d/{control,rules}: enable PIE hardening
1905+ * Dropped changes:
1906+ - d/patches/its-7107-fix-Operation-init-on-reuse.diff: Included in upstream release.
1907+ - d/patches/CVE-2011-4079: Included in upstream release.
1908+ - d/patches/service-operational-before-detach: Included in upstream release.
1909+ - d/schema/extra/misc.ldif: Included upstream.
1910+ - d/{rules,schema/extra}: Fix configure and clean rules to support
1911+ extra schemas shipped as part of the debian/schema/ directory; no longer required.
1912+ - Included in Debian:
1913+ + Document cn=config in README file.
1914+ + Install a default DIT; actually a minimal configuration.
1915+ + d/patches/heimdal-fix.
1916+ * General tidy of d/patches to remove obsolete patches being held in Ubuntu delta.
1917+
1918+ -- James Page <james.page@ubuntu.com> Fri, 20 Jul 2012 13:48:32 +0100
1919+
1920 openldap (2.4.31-1) unstable; urgency=low
1921
1922 * New upstream release.
1923@@ -1026,6 +2692,121 @@ openldap (2.4.31-1) unstable; urgency=low
1924
1925 -- Steve Langasek <vorlon@debian.org> Wed, 27 Jun 2012 03:27:34 +0000
1926
1927+openldap (2.4.28-1.1ubuntu6) quantal; urgency=low
1928+
1929+ * Fix issue with intermittent connection issues when using LDAPv3
1930+ protocol (LP: #1023025):
1931+ - d/patches/its-7107-fix-Operation-init-on-reuse.diff: Cherry picked
1932+ patch from upstream VCS which ensures objects are initialized before
1933+ re-use.
1934+
1935+ -- Pierre Fersing <pfersing@sierrawireless.com> Thu, 19 Jul 2012 14:05:09 +0100
1936+
1937+openldap (2.4.28-1.1ubuntu5) quantal; urgency=low
1938+
1939+ * debian/rules: Add smbk5pwd build.
1940+ * debian/control: Add slapd-smbk5pwd binary package.
1941+ * debian/patches/heimdal-fix: adapt parameters of
1942+ hdb_generate_key_set_password() to heimdal 1.6~git20120311
1943+ (patch from Debian #664930).
1944+
1945+ -- Jorge Salamero Sanz <bencer@debian.org> Wed, 18 Jul 2012 09:30:28 -0400
1946+
1947+openldap (2.4.28-1.1ubuntu4) precise; urgency=low
1948+
1949+ * debian/control: Build-Depends on dh-apparmor (LP: #948481)
1950+
1951+ -- Jamie Strandboge <jamie@ubuntu.com> Thu, 05 Apr 2012 09:34:37 -0500
1952+
1953+openldap (2.4.28-1.1ubuntu3) precise; urgency=low
1954+
1955+ * Add its-7176-only-poll-sockets-for-write-as-needed.diff
1956+ (LP: #932823).
1957+
1958+ -- Timo Aaltonen <tjaalton@ubuntu.com> Tue, 21 Feb 2012 15:36:29 +0200
1959+
1960+openldap (2.4.28-1.1ubuntu2) precise; urgency=low
1961+
1962+ * Remove debian/patches/CVE-2011-4079; it's already in this upstream
1963+ version. Fixes FTBFS.
1964+
1965+ -- Daniel T Chen <crimsun@ubuntu.com> Wed, 25 Jan 2012 17:26:17 -0500
1966+
1967+openldap (2.4.28-1.1ubuntu1) precise; urgency=low
1968+
1969+ * Merge from Debian testing. Remaining changes:
1970+ - Install a default DIT (LP: #442498).
1971+ - Document cn=config in README file (LP: #370784).
1972+ - remaining changes:
1973+ + AppArmor support:
1974+ - debian/apparmor-profile: add AppArmor profile
1975+ - use dh_apparmor:
1976+ - debian/rules: use dh_apparmor
1977+ - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
1978+ - updated debian/slapd.README.Debian for note on AppArmor
1979+ - debian/slapd.dirs: add etc/apparmor.d/force-complain
1980+ + Enable GSSAPI support (LP: #495418):
1981+ - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1982+ - Add --with-gssapi support
1983+ - Make guess_service_principal() more robust when determining
1984+ principal
1985+ - debian/patches/series: apply gssapi.diff patch.
1986+ - debian/configure.options: Configure with --with-gssapi
1987+ - debian/control: Added libkrb5-dev as a build depend
1988+ + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1989+ in the openldap library, as required by Likewise-Open (LP: #390579)
1990+ + Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
1991+ - debian/control:
1992+ - remove build-dependency on heimdal-dev.
1993+ - remove slapd-smbk5pwd binary package.
1994+ - debian/rules: don't build smbk5pwd slapd module.
1995+ + debian/{control,rules}: enable PIE hardening
1996+ + ufw support (LP: #423246):
1997+ - debian/control: suggest ufw.
1998+ - debian/rules: install ufw profile.
1999+ - debian/slapd.ufw.profile: add ufw profile.
2000+ + Enable nssoverlay:
2001+ - debian/patches/nssov-build, debian/series, debian/rules:
2002+ Apply, build and package the nss overlay.
2003+ - debian/schema/extra/misc.ldif: add ldif file for the misc schema
2004+ which defines rfc822MailMember (required by the nss overlay).
2005+ + debian/rules, debian/schema/extra/:
2006+ Fix configure rule to supports extra schemas shipped as part
2007+ of the debian/schema/ directory.
2008+ + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
2009+ + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
2010+ neither the default DIT nor via an Authn mapping.
2011+ + debian/slapd.scripts-common: adjust minimum version that triggers a
2012+ database upgrade. Upgrade from maverick shouldn't trigger database
2013+ upgrade (which would happen with the version used in Debian).
2014+ + debian/slapd.scripts-common: add slapcat_opts to local variables.
2015+ Remove unused variable new_conf.
2016+ + debian/slapd.script-common: Fix package reconfiguration.
2017+ - Fix backup directory naming for multiple reconfiguration.
2018+ + debian/slapd.default, debian/slapd.README.Debian:
2019+ use the new configuration style.
2020+ + Install nss overlay (LP: #675391):
2021+ - debian/rules: run install target for nssov module.
2022+ - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema
2023+ + debian/patches/gssapi.diff:
2024+ - Update patch so that likewise-open is usuable again. (LP: #661547)
2025+ + debian/patches/service-operational-before-detach: New patch replacing old one
2026+ of the same name as previous could cause database corruption based on upstream commits.
2027+ (LP: #727973)
2028+ + debian/patches/CVE-2011-4079: fix off by one error in postalAddressNormalize()
2029+ (CVE-2011-4079)
2030+
2031+
2032+ -- Chuck Short <zulcss@ubuntu.com> Mon, 23 Jan 2012 10:01:13 -0500
2033+
2034+openldap (2.4.28-1.1) unstable; urgency=low
2035+
2036+ * Non-maintainer upload.
2037+ * Disable the mdb backend on non-Linux, it looks like it doesn't work with
2038+ linuxthreads (closes: #654824).
2039+
2040+ -- Julien Cristau <jcristau@debian.org> Mon, 16 Jan 2012 19:45:42 +0100
2041+
2042 openldap (2.4.28-1) unstable; urgency=low
2043
2044 * New upstream release.
2045@@ -1053,6 +2834,72 @@ openldap (2.4.28-1) unstable; urgency=low
2046
2047 -- Steve Langasek <vorlon@debian.org> Thu, 05 Jan 2012 06:07:11 +0000
2048
2049+openldap (2.4.25-4ubuntu1) precise; urgency=low
2050+
2051+ * Merge from Debian testing. Remaining changes:
2052+ - Install a default DIT (LP: #442498).
2053+ - Document cn=config in README file (LP: #370784).
2054+ - remaining changes:
2055+ + AppArmor support:
2056+ - debian/apparmor-profile: add AppArmor profile
2057+ - use dh_apparmor:
2058+ - debian/rules: use dh_apparmor
2059+ - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
2060+ - updated debian/slapd.README.Debian for note on AppArmor
2061+ - debian/slapd.dirs: add etc/apparmor.d/force-complain
2062+ + Enable GSSAPI support (LP: #495418):
2063+ - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
2064+ - Add --with-gssapi support
2065+ - Make guess_service_principal() more robust when determining
2066+ principal
2067+ - debian/patches/series: apply gssapi.diff patch.
2068+ - debian/configure.options: Configure with --with-gssapi
2069+ - debian/control: Added libkrb5-dev as a build depend
2070+ + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
2071+ in the openldap library, as required by Likewise-Open (LP: #390579)
2072+ + Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
2073+ - debian/control:
2074+ - remove build-dependency on heimdal-dev.
2075+ - remove slapd-smbk5pwd binary package.
2076+ - debian/rules: don't build smbk5pwd slapd module.
2077+ + debian/{control,rules}: enable PIE hardening
2078+ + ufw support (LP: #423246):
2079+ - debian/control: suggest ufw.
2080+ - debian/rules: install ufw profile.
2081+ - debian/slapd.ufw.profile: add ufw profile.
2082+ + Enable nssoverlay:
2083+ - debian/patches/nssov-build, debian/series, debian/rules:
2084+ Apply, build and package the nss overlay.
2085+ - debian/schema/extra/misc.ldif: add ldif file for the misc schema
2086+ which defines rfc822MailMember (required by the nss overlay).
2087+ + debian/rules, debian/schema/extra/:
2088+ Fix configure rule to supports extra schemas shipped as part
2089+ of the debian/schema/ directory.
2090+ + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
2091+ + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
2092+ neither the default DIT nor via an Authn mapping.
2093+ + debian/slapd.scripts-common: adjust minimum version that triggers a
2094+ database upgrade. Upgrade from maverick shouldn't trigger database
2095+ upgrade (which would happen with the version used in Debian).
2096+ + debian/slapd.scripts-common: add slapcat_opts to local variables.
2097+ Remove unused variable new_conf.
2098+ + debian/slapd.script-common: Fix package reconfiguration.
2099+ - Fix backup directory naming for multiple reconfiguration.
2100+ + debian/slapd.default, debian/slapd.README.Debian:
2101+ use the new configuration style.
2102+ + Install nss overlay (LP: #675391):
2103+ - debian/rules: run install target for nssov module.
2104+ - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema
2105+ + debian/patches/gssapi.diff:
2106+ - Update patch so that likewise-open is usuable again. (LP: #661547)
2107+ + debian/patches/service-operational-before-detach: New patch replacing old one
2108+ of the same name as previous could cause database corruption based on upstream commits.
2109+ (LP: #727973)
2110+ + debian/patches/CVE-2011-4079: fix off by one error in postalAddressNormalize()
2111+ (CVE-2011-4079)
2112+
2113+ -- Chuck Short <zulcss@ubuntu.com> Tue, 22 Nov 2011 06:17:49 +0000
2114+
2115 openldap (2.4.25-4) unstable; urgency=low
2116
2117 * Drop explicit depends on libdb4.8, since we're now linking against
2118@@ -1086,6 +2933,85 @@ openldap (2.4.25-4) unstable; urgency=low
2119
2120 -- Steve Langasek <vorlon@debian.org> Tue, 18 Oct 2011 01:08:34 +0000
2121
2122+openldap (2.4.25-3ubuntu3) precise; urgency=low
2123+
2124+ * Rebuild for Perl 5.14.
2125+
2126+ -- Colin Watson <cjwatson@ubuntu.com> Tue, 15 Nov 2011 20:50:09 +0000
2127+
2128+openldap (2.4.25-3ubuntu2) precise; urgency=low
2129+
2130+ * SECURITY UPDATE: potential denial of service (LP: #884163)
2131+ - debian/patches/CVE-2011-4079: fix off by one error in
2132+ postalAddressNormalize()
2133+ - CVE-2011-4079
2134+
2135+ -- Jamie Strandboge <jamie@ubuntu.com> Mon, 14 Nov 2011 13:59:56 -0600
2136+
2137+openldap (2.4.25-3ubuntu1) precise; urgency=low
2138+
2139+ * Merge from debian unstable. Remaining changes:
2140+ - Install a default DIT (LP: #442498).
2141+ - Document cn=config in README file (LP: #370784).
2142+ - remaining changes:
2143+ + AppArmor support:
2144+ - debian/apparmor-profile: add AppArmor profile
2145+ - use dh_apparmor:
2146+ - debian/rules: use dh_apparmor
2147+ - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
2148+ - updated debian/slapd.README.Debian for note on AppArmor
2149+ - debian/slapd.dirs: add etc/apparmor.d/force-complain
2150+ + Enable GSSAPI support (LP: #495418):
2151+ - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
2152+ - Add --with-gssapi support
2153+ - Make guess_service_principal() more robust when determining
2154+ principal
2155+ - debian/patches/series: apply gssapi.diff patch.
2156+ - debian/configure.options: Configure with --with-gssapi
2157+ - debian/control: Added libkrb5-dev as a build depend
2158+ + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
2159+ in the openldap library, as required by Likewise-Open (LP: #390579)
2160+ + Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
2161+ - debian/control:
2162+ - remove build-dependency on heimdal-dev.
2163+ - remove slapd-smbk5pwd binary package.
2164+ - debian/rules: don't build smbk5pwd slapd module.
2165+ + debian/{control,rules}: enable PIE hardening
2166+ + ufw support (LP: #423246):
2167+ - debian/control: suggest ufw.
2168+ - debian/rules: install ufw profile.
2169+ - debian/slapd.ufw.profile: add ufw profile.
2170+ + Enable nssoverlay:
2171+ - debian/patches/nssov-build, debian/series, debian/rules:
2172+ Apply, build and package the nss overlay.
2173+ - debian/schema/extra/misc.ldif: add ldif file for the misc schema
2174+ which defines rfc822MailMember (required by the nss overlay).
2175+ + debian/rules, debian/schema/extra/:
2176+ Fix configure rule to supports extra schemas shipped as part
2177+ of the debian/schema/ directory.
2178+ + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
2179+ + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
2180+ neither the default DIT nor via an Authn mapping.
2181+ + debian/slapd.scripts-common: adjust minimum version that triggers a
2182+ database upgrade. Upgrade from maverick shouldn't trigger database
2183+ upgrade (which would happen with the version used in Debian).
2184+ + debian/slapd.scripts-common: add slapcat_opts to local variables.
2185+ Remove unused variable new_conf.
2186+ + debian/slapd.script-common: Fix package reconfiguration.
2187+ - Fix backup directory naming for multiple reconfiguration.
2188+ + debian/slapd.default, debian/slapd.README.Debian:
2189+ use the new configuration style.
2190+ + Install nss overlay (LP: #675391):
2191+ - debian/rules: run install target for nssov module.
2192+ - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema
2193+ + debian/patches/gssapi.diff:
2194+ - Update patch so that likewise-open is usuable again. (LP: #661547)
2195+ + debian/patches/service-operational-before-detach: New patch replacing old one
2196+ of the same name as previous could cause database corruption based on upstream commits.
2197+ (LP: #727973)
2198+
2199+ -- Chuck Short <zulcss@ubuntu.com> Wed, 19 Oct 2011 20:53:08 +0000
2200+
2201 openldap (2.4.25-3) unstable; urgency=low
2202
2203 * Brown paper bag: really fix the .links.in handling, so we don't generate
2204@@ -1108,6 +3034,92 @@ openldap (2.4.25-2) unstable; urgency=low
2205
2206 -- Steve Langasek <vorlon@debian.org> Sun, 14 Aug 2011 23:17:09 -0700
2207
2208+openldap (2.4.25-1.1ubuntu4) oneiric; urgency=low
2209+
2210+ * Brown paper bag: really fix the .links.in handling, so we don't generate
2211+ broken /usr/lib/${DEB_HOST_MULTIARCH} dirs.
2212+
2213+ -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 15 Aug 2011 09:43:29 +0000
2214+
2215+openldap (2.4.25-1.1ubuntu3) oneiric; urgency=low
2216+
2217+ * Cherry-pick multiarch support from Debian (LP: #826601):
2218+ - Bump to compat level 7, so we don't have to spell out debian/tmp in
2219+ every single .install file
2220+ - Build for multiarch.
2221+
2222+ -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 15 Aug 2011 02:23:43 -0700
2223+
2224+openldap (2.4.25-1.1ubuntu2) oneiric; urgency=low
2225+
2226+ * debian/apparmor-profile: Allow /var/run and /run. (LP: #810270)
2227+
2228+ -- Martin Pitt <martin.pitt@ubuntu.com> Thu, 14 Jul 2011 15:18:02 +0200
2229+
2230+openldap (2.4.25-1.1ubuntu1) oneiric; urgency=low
2231+
2232+ * Merge from debian unstable. Remaining changes:
2233+ - Install a default DIT (LP: #442498).
2234+ - Document cn=config in README file (LP: #370784).
2235+ - remaining changes:
2236+ + AppArmor support:
2237+ - debian/apparmor-profile: add AppArmor profile
2238+ - use dh_apparmor:
2239+ - debian/rules: use dh_apparmor
2240+ - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
2241+ - updated debian/slapd.README.Debian for note on AppArmor
2242+ - debian/slapd.dirs: add etc/apparmor.d/force-complain
2243+ + Enable GSSAPI support (LP: #495418):
2244+ - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
2245+ - Add --with-gssapi support
2246+ - Make guess_service_principal() more robust when determining
2247+ principal
2248+ - debian/patches/series: apply gssapi.diff patch.
2249+ - debian/configure.options: Configure with --with-gssapi
2250+ - debian/control: Added libkrb5-dev as a build depend
2251+ + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
2252+ in the openldap library, as required by Likewise-Open (LP: #390579)
2253+ + Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
2254+ - debian/control:
2255+ - remove build-dependency on heimdal-dev.
2256+ - remove slapd-smbk5pwd binary package.
2257+ - debian/rules: don't build smbk5pwd slapd module.
2258+ + debian/{control,rules}: enable PIE hardening
2259+ + ufw support (LP: #423246):
2260+ - debian/control: suggest ufw.
2261+ - debian/rules: install ufw profile.
2262+ - debian/slapd.ufw.profile: add ufw profile.
2263+ + Enable nssoverlay:
2264+ - debian/patches/nssov-build, debian/series, debian/rules:
2265+ Apply, build and package the nss overlay.
2266+ - debian/schema/extra/misc.ldif: add ldif file for the misc schema
2267+ which defines rfc822MailMember (required by the nss overlay).
2268+ + debian/rules, debian/schema/extra/:
2269+ Fix configure rule to supports extra schemas shipped as part
2270+ of the debian/schema/ directory.
2271+ + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
2272+ + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
2273+ neither the default DIT nor via an Authn mapping.
2274+ + debian/slapd.scripts-common: adjust minimum version that triggers a
2275+ database upgrade. Upgrade from maverick shouldn't trigger database
2276+ upgrade (which would happen with the version used in Debian).
2277+ + debian/slapd.scripts-common: add slapcat_opts to local variables.
2278+ Remove unused variable new_conf.
2279+ + debian/slapd.script-common: Fix package reconfiguration.
2280+ - Fix backup directory naming for multiple reconfiguration.
2281+ + debian/slapd.default, debian/slapd.README.Debian:
2282+ use the new configuration style.
2283+ + Install nss overlay (LP: #675391):
2284+ - debian/rules: run install target for nssov module.
2285+ - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema
2286+ + debian/patches/gssapi.diff:
2287+ - Update patch so that likewise-open is usuable again. (LP: #661547)
2288+ + debian/patches/service-operational-before-detach: New patch replacing old one
2289+ of the same name as previous could cause database corruption based on upstream commits.
2290+ (LP: #727973)
2291+
2292+ -- Chuck Short <zulcss@ubuntu.com> Sun, 05 Jun 2011 17:38:40 +0100
2293+
2294 openldap (2.4.25-1.1) unstable; urgency=low
2295
2296 * Non-maintainer upload to fix RC bug.
2297@@ -1115,6 +3127,75 @@ openldap (2.4.25-1.1) unstable; urgency=low
2298
2299 -- Thijs Kinkhorst <thijs@debian.org> Tue, 31 May 2011 11:57:29 +0200
2300
2301+openldap (2.4.25-1ubuntu1) oneiric; urgency=low
2302+
2303+ * Merge from debian unstable. Remaining changes:
2304+ - Install a default DIT (LP: #442498).
2305+ - Document cn=config in README file (LP: #370784).
2306+ - remaining changes:
2307+ + AppArmor support:
2308+ - debian/apparmor-profile: add AppArmor profile
2309+ - use dh_apparmor:
2310+ - debian/rules: use dh_apparmor
2311+ - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
2312+ - updated debian/slapd.README.Debian for note on AppArmor
2313+ - debian/slapd.dirs: add etc/apparmor.d/force-complain
2314+ + Enable GSSAPI support (LP: #495418):
2315+ - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
2316+ - Add --with-gssapi support
2317+ - Make guess_service_principal() more robust when determining
2318+ principal
2319+ - debian/patches/series: apply gssapi.diff patch.
2320+ - debian/configure.options: Configure with --with-gssapi
2321+ - debian/control: Added libkrb5-dev as a build depend
2322+ + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
2323+ in the openldap library, as required by Likewise-Open (LP: #390579)
2324+ + Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
2325+ - debian/control:
2326+ - remove build-dependency on heimdal-dev.
2327+ - remove slapd-smbk5pwd binary package.
2328+ - debian/rules: don't build smbk5pwd slapd module.
2329+ + debian/{control,rules}: enable PIE hardening
2330+ + ufw support (LP: #423246):
2331+ - debian/control: suggest ufw.
2332+ - debian/rules: install ufw profile.
2333+ - debian/slapd.ufw.profile: add ufw profile.
2334+ + Enable nssoverlay:
2335+ - debian/patches/nssov-build, debian/series, debian/rules:
2336+ Apply, build and package the nss overlay.
2337+ - debian/schema/extra/misc.ldif: add ldif file for the misc schema
2338+ which defines rfc822MailMember (required by the nss overlay).
2339+ + debian/rules, debian/schema/extra/:
2340+ Fix configure rule to supports extra schemas shipped as part
2341+ of the debian/schema/ directory.
2342+ + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
2343+ + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
2344+ neither the default DIT nor via an Authn mapping.
2345+ + debian/slapd.scripts-common: adjust minimum version that triggers a
2346+ database upgrade. Upgrade from maverick shouldn't trigger database
2347+ upgrade (which would happen with the version used in Debian).
2348+ + debian/slapd.scripts-common: add slapcat_opts to local variables.
2349+ Remove unused variable new_conf.
2350+ + debian/slapd.script-common: Fix package reconfiguration.
2351+ - Fix backup directory naming for multiple reconfiguration.
2352+ + debian/slapd.default, debian/slapd.README.Debian:
2353+ use the new configuration style.
2354+ + Install nss overlay (LP: #675391):
2355+ - debian/rules: run install target for nssov module.
2356+ - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema
2357+ + debian/patches/gssapi.diff:
2358+ - Update patch so that likewise-open is usuable again. (LP: #661547)
2359+ + debian/patches/service-operational-before-detach: New patch replacing old one
2360+ of the same name as previous could cause database corruption based on upstream commits.
2361+ (LP: #727973)
2362+ + Dropped:
2363+ - debian/patches/gold: Use the debian version instead
2364+ - debian/patches/CVE-2011-1024: Fixed upstream
2365+ - debian/patches/CVE-2011-1025: Fixed upstream
2366+ - debian/patches/CVE-2011-1081: Fixed upstream
2367+
2368+ -- Chuck Short <zulcss@ubuntu.com> Sun, 08 May 2011 16:34:09 +0100
2369+
2370 openldap (2.4.25-1) unstable; urgency=low
2371
2372 * New upstream version (Closes: #617606, #618904, #606815, #608813)
2373@@ -1146,6 +3227,116 @@ openldap (2.4.23-7) unstable; urgency=low
2374
2375 -- Matthijs Mohlmann <matthijs@cacholong.nl> Sat, 06 Nov 2010 12:13:01 +0100
2376
2377+openldap (2.4.23-6ubuntu7) oneiric; urgency=low
2378+
2379+ * Rebuild for Perl 5.12.
2380+
2381+ -- Colin Watson <cjwatson@ubuntu.com> Sun, 08 May 2011 13:40:28 +0100
2382+
2383+openldap (2.4.23-6ubuntu6) natty; urgency=low
2384+
2385+ * SECURITY UPDATE: fix successful anonymous bind via chain overlay when
2386+ using forwarded authentication failures
2387+ - debian/patches/CVE-2011-1024
2388+ - CVE-2011-1024
2389+ * SECURITY UPDATE: verify password when authenticating to rootdn and using ndb
2390+ backend. Note: Ubuntu is not compiled with --enable-ndb by default
2391+ - debian/patches/CVE-2011-1025
2392+ - CVE-2011-1025
2393+ * SECURITY UPDATE: fix DoS when processing unauthenticated modrdn requests
2394+ and requestDN is empty
2395+ - debian/patches/CVE-2011-1081
2396+ - CVE-2011-1081
2397+ - LP: #742104
2398+
2399+ -- Jamie Strandboge <jamie@ubuntu.com> Thu, 07 Apr 2011 11:36:53 -0500
2400+
2401+openldap (2.4.23-6ubuntu5) natty; urgency=low
2402+
2403+ * debian/patches/service-operational-before-detach: New patch replacing
2404+ old one of same name as previous could cause database corruption,
2405+ based on upstream commits. (LP: #727973)
2406+
2407+ -- Dave Walker (Daviey) <DaveWalker@ubuntu.com> Wed, 02 Mar 2011 20:33:08 +0000
2408+
2409+openldap (2.4.23-6ubuntu4) natty; urgency=low
2410+
2411+ * Fix FTBFS with ld.gold.
2412+
2413+ -- Matthias Klose <doko@ubuntu.com> Wed, 19 Jan 2011 07:39:49 +0100
2414+
2415+openldap (2.4.23-6ubuntu3) natty; urgency=low
2416+
2417+ * debian/patches/gssapi.diff:
2418+ Update patch so that likewise-open is usable again (LP: #661547)
2419+
2420+ -- Thierry Carrez (ttx) <thierry.carrez@ubuntu.com> Fri, 26 Nov 2010 15:50:11 +0100
2421+
2422+openldap (2.4.23-6ubuntu2) natty; urgency=low
2423+
2424+ * Install nss overlay (LP: #675391):
2425+ - debian/rules: run install target for nssov module.
2426+ - debian/patches/nssov-build: fix patch to install schema in
2427+ /etc/ldap/schema.
2428+
2429+ -- Mathias Gug <mathiaz@ubuntu.com> Wed, 17 Nov 2010 18:16:42 -0500
2430+
2431+openldap (2.4.23-6ubuntu1) natty; urgency=low
2432+
2433+ * Merge from Debian unstable:
2434+ - Install a default DIT (LP: #442498).
2435+ - Document cn=config in README file (LP: #370784).
2436+ - remaining changes:
2437+ + AppArmor support:
2438+ - debian/apparmor-profile: add AppArmor profile
2439+ - use dh_apparmor:
2440+ - debian/rules: use dh_apparmor
2441+ - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
2442+ - updated debian/slapd.README.Debian for note on AppArmor
2443+ - debian/slapd.dirs: add etc/apparmor.d/force-complain
2444+ + Enable GSSAPI support (LP: #495418):
2445+ - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
2446+ - Add --with-gssapi support
2447+ - Make guess_service_principal() more robust when determining
2448+ principal
2449+ - debian/patches/series: apply gssapi.diff patch.
2450+ - debian/configure.options: Configure with --with-gssapi
2451+ - debian/control: Added libkrb5-dev as a build depend
2452+ + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
2453+ in the openldap library, as required by Likewise-Open (LP: #390579)
2454+ + Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
2455+ - debian/control:
2456+ - remove build-dependency on heimdal-dev.
2457+ - remove slapd-smbk5pwd binary package.
2458+ - debian/rules: don't build smbk5pwd slapd module.
2459+ + debian/{control,rules}: enable PIE hardening
2460+ + ufw support (LP: #423246):
2461+ - debian/control: suggest ufw.
2462+ - debian/rules: install ufw profile.
2463+ - debian/slapd.ufw.profile: add ufw profile.
2464+ + Enable nssoverlay:
2465+ - debian/patches/nssov-build, debian/series, debian/rules:
2466+ Apply, build and package the nss overlay.
2467+ - debian/schema/extra/misc.ldif: add ldif file for the misc schema
2468+ which defines rfc822MailMember (required by the nss overlay).
2469+ + debian/rules, debian/schema/extra/:
2470+ Fix configure rule to supports extra schemas shipped as part
2471+ of the debian/schema/ directory.
2472+ + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
2473+ + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
2474+ neither the default DIT nor via an Authn mapping.
2475+ + debian/slapd.scripts-common: adjust minimum version that triggers a
2476+ database upgrade. Upgrade from maverick shouldn't trigger database
2477+ upgrade (which would happen with the version used in Debian).
2478+ + debian/slapd.scripts-common: add slapcat_opts to local variables.
2479+ Remove unused variable new_conf.
2480+ + debian/slapd.script-common: Fix package reconfiguration.
2481+ - Fix backup directory naming for multiple reconfiguration.
2482+ + debian/slapd.default, debian/slapd.README.Debian:
2483+ use the new configuration style.
2484+
2485+ -- Mathias Gug <mathiaz@ubuntu.com> Fri, 12 Nov 2010 15:19:07 -0500
2486+
2487 openldap (2.4.23-6) unstable; urgency=high
2488
2489 * Check for an empty directory to prevent an rm -f /*. (Closes: #597704)
2490@@ -1268,6 +3459,80 @@ openldap (2.4.23-1) unstable; urgency=low
2491
2492 -- Matthijs Mohlmann <matthijs@cacholong.nl> Mon, 12 Jul 2010 13:25:00 +0200
2493
2494+openldap (2.4.23-0ubuntu4) natty; urgency=low
2495+
2496+ * debian/slapd.templates: amended typo in slapd/move_old_database
2497+ (LP: #666028)
2498+
2499+ -- James Page <james.page@canonical.com> Mon, 08 Nov 2010 10:00:58 +0000
2500+
2501+openldap (2.4.23-0ubuntu3.2) maverick-proposed; urgency=low
2502+
2503+ * debian/slapd.templates: re-add slapd/move_old_database template as it's
2504+ used during the package upgrade. Thanks to James Page for pointing it.
2505+ * debian/slapd.config: restore debconf question slapd/move_old_database.
2506+
2507+ -- Mathias Gug <mathiaz@ubuntu.com> Thu, 14 Oct 2010 16:56:38 -0400
2508+
2509+openldap (2.4.23-0ubuntu3.1) maverick-proposed; urgency=low
2510+
2511+ [ James Page ]
2512+ * Fixed install/upgrade process to dump/restore databases due
2513+ to uplift to libdb4.8-dev (LP: #658227)
2514+
2515+ -- Mathias Gug <mathiaz@ubuntu.com> Thu, 14 Oct 2010 14:50:49 -0400
2516+
2517+openldap (2.4.23-0ubuntu3) maverick; urgency=low
2518+
2519+ * debian/rules: move dh_apparmor before dh_installinit
2520+
2521+ -- Jamie Strandboge <jamie@ubuntu.com> Fri, 06 Aug 2010 17:34:21 -0500
2522+
2523+openldap (2.4.23-0ubuntu2) maverick; urgency=low
2524+
2525+ * convert to using dh_apparmor:
2526+ - debian/rules, debian/slapd.post{inst,rm}: use dh_apparmor
2527+ - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
2528+ * debian/apparmor-profile: use local include
2529+
2530+ -- Jamie Strandboge <jamie@ubuntu.com> Fri, 06 Aug 2010 15:08:55 -0500
2531+
2532+openldap (2.4.23-0ubuntu1) maverick; urgency=low
2533+
2534+ * New release, features include:
2535+ + Fixed libldap to return server's error code (ITS#6569)
2536+ + Fixed libldap memleaks (ITS#6568)
2537+ + Fixed liblutil off-by-one with delta (ITS#6541)
2538+ + Fixed slapd acls with glued databases (ITS#6468)
2539+ + Fixed slapd syncrepl rid logging (ITS#6533)
2540+ + Fixed slapd modrdn handling of invalid values (ITS#6570)
2541+ + Fixed slapd-bdb hasSubordinates computation (ITS#6549)
2542+ + Fixed slapd-bdb to use memcpy instead for strcpy (ITS#6474)
2543+ + Fixed slapd-bdb entry cache delete failure (ITS#6577)
2544+ + Fixed slapd-ldap to return control responses (ITS#6530)
2545+ + Fixed slapo-ppolicy to use Debug (ITS#6566)
2546+ + Fixed slapo-refint to zero out freed DN vals (ITS#6572)
2547+ + Fixed slapo-rwm to use Debug (ITS#6566)
2548+ + Fixed slapo-sssvlv to use Debug (ITS#6566)
2549+ + Fixed slapo-syncprov lost deletes in refresh phase (ITS#6555)
2550+ + Fixed slapo-valsort to use Debug (ITS#6566)
2551+ + Fixed contrib/nssov network.c missing patch (ITS#6562)
2552+ + Fixed test043 attribute sorting (ITS#6553)
2553+ + slapd-config(5) note default rootdn (ITS#6546)
2554+ * Rebased patches debian/patches/dropped nssov-build
2555+ * Resynchronize with Debian:
2556+ + debian/control:
2557+ - Bump standards-version to 3.9.0
2558+ - Use libdb4.8-dev (LP: #572489)
2559+ + Added debian/patches/issue-6534-patch
2560+ + Added debian/patches/ldap-conf-tls-cacertdir
2561+ * Add ufw support, thanks to PatRiehecky (LP: #423246)
2562+
2563+ [Adam Sommer]
2564+ * debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
2565+
2566+ -- Chuck Short <zulcss@ubuntu.com> Wed, 28 Jul 2010 11:35:16 -0400
2567+
2568 openldap (2.4.21-1) unstable; urgency=low
2569
2570 [ Steve Langasek ]
2571@@ -1299,6 +3564,79 @@ openldap (2.4.21-1) unstable; urgency=low
2572
2573 -- Matthijs Mohlmann <matthijs@cacholong.nl> Thu, 22 Apr 2010 23:40:30 +0200
2574
2575+openldap (2.4.21-0ubuntu5) lucid; urgency=low
2576+
2577+ * Fix local root connection access: replace olcAuthzRegexp mapping to
2578+ cn=localroot,cn=config with using the SASL dn directly in olcAccess.
2579+ Makes upgrades much simpler and robust (LP: #563829).
2580+
2581+ -- Mathias Gug <mathiaz@ubuntu.com> Fri, 23 Apr 2010 00:23:31 -0400
2582+
2583+openldap (2.4.21-0ubuntu4) lucid; urgency=low
2584+
2585+ [ Simon Olofsson ]
2586+ * debian/slapd.postinst:
2587+ - Show a message after successful migration (LP: #538848)
2588+
2589+ [ Jorgen Rosink ]
2590+ * debian/slapd.init: add simple status checking with LSB compatible exit
2591+ codes (LP: #562377)
2592+ * debian/slapd.init.ldif:
2593+ - remove admin user in default config database (LP: #556176)
2594+ - in default config, add olcAccess entries giving access to controls
2595+ available and cn=subschema (LP: #427842)
2596+
2597+ [ Scott Moser ]
2598+ * debian/slapd.scripts-common: Do not create /nonexistent directory
2599+ for openldap user's home (LP: #556176)
2600+ * debian/slapd.postinst: fix cn=config olcAccess migration (LP: #559070)
2601+
2602+ -- Scott Moser <smoser@ubuntu.com> Mon, 12 Apr 2010 16:16:47 -0400
2603+
2604+openldap (2.4.21-0ubuntu3) lucid; urgency=low
2605+
2606+ * debian/slapd.postinst, debian/slapd.scripts-common: Upgrade databases
2607+ before trying to convert to slapd.d, to avoid upgrade failure from hardy
2608+ (LP: #536958)
2609+ * debian/slapd.postinst: Add a {1} numeric index to olcAccess entry in
2610+ olcDatabase={0}config.ldif to avoid upgrade failures (LP: #538516, #526230)
2611+
2612+ -- Thierry Carrez <thierry.carrez@ubuntu.com> Mon, 29 Mar 2010 13:31:47 +0200
2613+
2614+openldap (2.4.21-0ubuntu2) lucid; urgency=low
2615+
2616+ * debian/apparmor-profile: Update apparmor profile. (LP: #508190)
2617+
2618+ -- Chuck Short <zulcss@ubuntu.com> Tue, 09 Mar 2010 13:33:35 -0500
2619+
2620+openldap (2.4.21-0ubuntu1) lucid; urgency=low
2621+
2622+ * New upstream release.
2623+ * debian/rules, debian/schema/extra/:
2624+ Fix get-orig-source rule to supports extra schemas shipped as part of the
2625+ debian/schema/ directory.
2626+
2627+ -- Mathias Gug <mathiaz@ubuntu.com> Thu, 18 Feb 2010 00:58:13 -0500
2628+
2629+openldap (2.4.18-0ubuntu2) lucid; urgency=low
2630+
2631+ * debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
2632+ - Add --with-gssapi support
2633+ - Make guess_service_principal() more robust when determining principal
2634+ * Enable GSSAPI support (LP: #495418):
2635+ - debian/configure.options: Configure with --with-gssapi
2636+ - debian/control: Added libkrb5-dev as a build depend
2637+
2638+ -- Thierry Carrez <thierry.carrez@ubuntu.com> Fri, 11 Dec 2009 11:31:11 +0100
2639+
2640+openldap (2.4.18-0ubuntu1) karmic; urgency=low
2641+
2642+ * New upstream release: (LP: #419515):
2643+ + pcache overlay supports disconnected mode.
2644+ * Fix nss overlay load (LP: #417163).
2645+
2646+ -- Mathias Gug <mathiaz@ubuntu.com> Mon, 07 Sep 2009 13:41:10 -0400
2647+
2648 openldap (2.4.17-2.1) unstable; urgency=high
2649
2650 * Non-maintainer upload by the Security Team.
2651@@ -1325,6 +3663,108 @@ openldap (2.4.17-2) unstable; urgency=low
2652
2653 -- Steve Langasek <vorlon@debian.org> Tue, 22 Sep 2009 20:06:34 -0700
2654
2655+openldap (2.4.17-1ubuntu3) karmic; urgency=low
2656+
2657+ * Install a minimal slapd configuration instead of creating a default
2658+ database with a default DIT:
2659+ + Move openldap user home from /var/lib/ldap to /nonexistent.
2660+ + Remove all code and templates dealing with the default database and DIT
2661+ creation.
2662+ + Add an Authz map from root user (UID=0) to cn=localroot,cn=config and
2663+ grant all access to the latter in the cn=config database as well as the
2664+ default backend configuration.
2665+ * Add cn=localroot,cn=config authz mapping on upgrades.
2666+
2667+ -- Mathias Gug <mathiaz@ubuntu.com> Tue, 11 Aug 2009 14:48:56 -0400
2668+
2669+openldap (2.4.17-1ubuntu2) karmic; urgency=low
2670+
2671+ [ Thierry Carrez ]
2672+ * debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
2673+ in the openldap library, as required by Likewise-Open (LP: #390579)
2674+
2675+ [ Mathias Gug ]
2676+ * debian/patches/its6077-uniqueness-overlay: fixes some issues with the
2677+ uniqueness overlay.
2678+ * debian/patches/its6220-writetimeout-directive: fixes a problem with the
2679+ writetimeout directive being in effect even if it wasn't set,
2680+ closing connections incorrectly.
2681+ * debian/patches/its6222-dncachesize-parameter: fixes the behavior of the
2682+ dncachesize parameter that was added in RE24, so that if it is set to
2683+ "0" (now the default), it has an unlimited DN cache (RE23 always
2684+ had an unlimited DN cache).
2685+
2686+ -- Mathias Gug <mathiaz@ubuntu.com> Fri, 31 Jul 2009 13:43:46 -0400
2687+
2688+openldap (2.4.17-1ubuntu1) karmic; urgency=low
2689+
2690+ [ Steve Langasek ]
2691+ * Fix up the lintian warnings:
2692+ - add missing misc-depends on all packages
2693+ - slapd, libldap-2.4-2-dbg sections changed to 'debug' to match archive
2694+ overrides
2695+ - bump Standards-Version to 3.8.2, no changes required.
2696+
2697+ [ Mathias Gug ]
2698+ * Resynchronise with Debian. Remaining changes:
2699+ - AppArmor support:
2700+ - debian/apparmor-profile: add AppArmor profile
2701+ - updated debian/slapd.README.Debian for note on AppArmor
2702+ - debian/slapd.dirs: add etc/apparmor.d/force-complain
2703+ - debian/slapd.postrm: remove symlink in force-complain/ on purge
2704+ - debian/rules: install apparmor profile.
2705+ - Don't use local statement in config script as it fails if /bin/sh
2706+ points to bash.
2707+ - debian/slapd.postinst, debian/slapd.script-common: set correct
2708+ ownership and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group
2709+ readable) and /var/run/slapd (world readable).
2710+ - Enable nssoverlay:
2711+ - debian/patches/nssov-build, debian/rules: Build and package the nss
2712+ overlay.
2713+ - debian/schema/misc.ldif: add ldif file for the misc schema which
2714+ defines rfc822MailMember (required by the nss overlay).
2715+ - debian/{control,rules}: enable PIE hardening
2716+ - Use cn=config as the default configuration backend instead of
2717+ slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade
2718+ asking the end user to enter a new password to control the access to
2719+ the cn=config tree.
2720+ - debian/slapd.postinst: create /var/run/slapd before updating its
2721+ permissions.
2722+ - debian/slapd.init: Correctly set slapd config backend option even if
2723+ the pidfile is configured in slapd default file.
2724+ * Dropped:
2725+ - Merged in Debian:
2726+ - Update priority of libldap-2.4-2 to match the archive override.
2727+ - Add the missing ldapexop and ldapurl tools to ldap-utils, as well as
2728+ the ldapurl(1) manpage.
2729+ - Bump build-dependency on debhelper to 6 instead of 5, since that's
2730+ what we're using.
2731+ - Set the default SLAPD_SERVICES to ldap:/// ldapi:///, instead of using
2732+ the built-in default of ldap:/// only.
2733+ - Fixed in upstream release:
2734+ - debian/patches/fix-ldap_back_entry_get_rwa.patch: fix test-0034
2735+ failure when built with PIE.
2736+ - debian/patches/gnutls-enable-v1-ca-certs: Enable V1 CA certs to be
2737+ trusted.
2738+ - Update Apparmor profile support: don't support upgrade from pre-hardy
2739+ systems:
2740+ - debian/slapd.postinst: Reload AA profile on configuration
2741+ - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
2742+ - debian/control: Conflicts with apparmor-profiles <<
2743+ 2.1+1075-0ubuntu4 to make sure that if earlier version of
2744+ apparmor-profiles gets installed it won't overwrite our profile.
2745+ - follow ApparmorProfileMigration and force apparmor complain mode on
2746+ some upgrades
2747+ - debian/slapd.preinst: create symlink for force-complain on
2748+ pre-feisty upgrades, upgrades where apparmor-profiles profile is
2749+ unchanged (ie non-enforcing) and upgrades where apparmor profile
2750+ does not exist.
2751+ - debian/patches/autogen.sh: no longer needed with karmic libtool.
2752+ - Call libtoolize with the --install option to install
2753+ config.{guess,sub} files.
2754+
2755+ -- Mathias Gug <mathiaz@ubuntu.com> Thu, 30 Jul 2009 16:42:58 -0400
2756+
2757 openldap (2.4.17-1) unstable; urgency=low
2758
2759 * New upstream version.
2760@@ -1347,6 +3787,153 @@ openldap (2.4.17-1) unstable; urgency=low
2761
2762 -- Steve Langasek <vorlon@debian.org> Tue, 28 Jul 2009 10:17:15 -0700
2763
2764+openldap (2.4.15-1.1ubuntu1) karmic; urgency=low
2765+
2766+ * Resynchronise with Debian. Remaining changes:
2767+ - AppArmor support:
2768+ - debian/apparmor-profile: add AppArmor profile
2769+ - debian/slapd.postinst: Reload AA profile on configuration
2770+ - updated debian/slapd.README.Debian for note on AppArmor
2771+ - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
2772+ - debian/control: Conflicts with apparmor-profiles <<
2773+ 2.1+1075-0ubuntu4 to make sure that if earlier version of
2774+ apparmor-profiles gets installed it won't overwrite our profile.
2775+ - follow ApparmorProfileMigration and force apparmor complain mode on
2776+ some upgrades
2777+ - debian/slapd.dirs: add etc/apparmor.d/force-complain
2778+ - debian/slapd.preinst: create symlink for force-complain on
2779+ pre-feisty upgrades, upgrades where apparmor-profiles profile is
2780+ unchanged (ie non-enforcing) and upgrades where apparmor profile
2781+ does not exist.
2782+ - debian/slapd.postrm: remove symlink in force-complain/ on purge
2783+ - debian/patches/autogen.sh:
2784+ - Call libtoolize with the --install option to install
2785+ config.{guess,sub} files.
2786+ - Don't use local statement in config script as it fails if /bin/sh
2787+ points to bash.
2788+ - debian/slapd.postinst, debian/slapd.script-common: set correct
2789+ ownership and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group
2790+ readable) and /var/run/slapd (world readable).
2791+ - Enable nssoverlay:
2792+ - debian/patches/nssov-build, debian/rules: Build and package the nss
2793+ overlay.
2794+ - debian/schema/misc.ldif: add ldif file for the misc schema which
2795+ defines rfc822MailMember (required by the nss overlay).
2796+ - debian/{control,rules}: enable PIE hardening
2797+ - Use cn=config as the default configuration backend instead of
2798+ slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade
2799+ asking the end user to enter a new password to control the access to
2800+ the cn=config tree.
2801+ - Update priority of libldap-2.4-2 to match the archive override.
2802+ - Add the missing ldapexop and ldapurl tools to ldap-utils, as well as
2803+ the ldapurl(1) manpage.
2804+ - Bump build-dependency on debhelper to 6 instead of 5, since that's
2805+ what we're using.
2806+ - Set the default SLAPD_SERVICES to ldap:/// ldapi:///, instead of using
2807+ the built-in default of ldap:/// only.
2808+ - debian/patches/fix-ldap_back_entry_get_rwa.patch: fix test-0034
2809+ failure when built with PIE.
2810+ - debian/patches/gnutls-enable-v1-ca-certs: Enable V1 CA certs to be
2811+ trusted.
2812+ - debian/slapd.postinst: create /var/run/slapd before updating its
2813+ permissions.
2814+ - debian/slapd.init: Correctly set slapd config backend option even if
2815+ the pidfile is configured in slapd default file.
2816+ * Drop patch to avoid the test suite on hppa, as hppa is EOL.
2817+
2818+ -- Colin Watson <cjwatson@ubuntu.com> Wed, 24 Jun 2009 10:45:20 +0100
2819+
2820+openldap (2.4.15-1.1) unstable; urgency=low
2821+
2822+ * Non-maintainer upload.
2823+ * Change libltdl3-dev Build-Depends to libltdl-dev | libltdl3-dev
2824+ (Closes: #522965)
2825+
2826+ -- Kurt Roeckx <kurt@roeckx.be> Sun, 19 Apr 2009 18:24:32 +0200
2827+
2828+openldap (2.4.15-1ubuntu3) jaunty; urgency=low
2829+
2830+ * No-change rebuild to fix lpia shared library dependencies.
2831+
2832+ -- Colin Watson <cjwatson@ubuntu.com> Thu, 19 Mar 2009 09:52:40 +0000
2833+
2834+openldap (2.4.15-1ubuntu2) jaunty; urgency=low
2835+
2836+ * debian/slapd.postinst: create /var/run/slapd before updating its
2837+ permissions (LP: #298928).
2838+ * debian/slapd.init: Correclty set slapd config backend option even if the
2839+ pidfile is configured in slapd default file (LP: #292364).
2840+ * debian/apparmor-profile: support multiple databases to be stored under
2841+ /var/lib/ldap/. (LP: #286614).
2842+
2843+ -- Mathias Gug <mathiaz@ubuntu.com> Fri, 13 Mar 2009 13:56:12 -0400
2844+
2845+openldap (2.4.15-1ubuntu1) jaunty; urgency=low
2846+
2847+ [ Steve Langasek ]
2848+ * Update priority of libldap-2.4-2 to match the archive override.
2849+ * Add the missing ldapexop and ldapurl tools to ldap-utils, as well as the
2850+ ldapurl(1) manpage. Thanks to Peter Marschall for the patch.
2851+ Closes: #496749.
2852+ * Bump build-dependency on debhelper to 6 instead of 5, since that's
2853+ what we're using. Closes: #498116.
2854+ * Set the default SLAPD_SERVICES to ldap:/// ldapi:///, instead of using
2855+ the built-in default of ldap:/// only.
2856+
2857+ [ Mathias Gug ]
2858+ * Merge from debian unstable, remaining changes:
2859+ - Modify Maintainer value to match the DebianMaintainerField
2860+ speficication.
2861+ - AppArmor support:
2862+ - debian/apparmor-profile: add AppArmor profile
2863+ - debian/slapd.postinst: Reload AA profile on configuration
2864+ - updated debian/slapd.README.Debian for note on AppArmor
2865+ - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
2866+ - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
2867+ to make sure that if earlier version of apparmour-profiles gets
2868+ installed it won't overwrite our profile.
2869+ - follow ApparmorProfileMigration and force apparmor compalin mode on
2870+ some upgrades (LP: #203529)
2871+ - debian/slapd.dirs: add etc/apparmor.d/force-complain
2872+ - debian/slapd.preinst: create symlink for force-complain on pre-feisty
2873+ upgrades, upgrades where apparmor-profiles profile is unchanged (ie
2874+ non-enforcing) and upgrades where apparmor profile does not exist.
2875+ - debian/slapd.postrm: remove symlink in force-complain/ on purge
2876+ - debian/control:
2877+ - Build-depend on libltdl7-dev rather then libltdl3-dev.
2878+ - debian/patches/autogen.sh:
2879+ - Call libtoolize with the --install option to install config.{guess,sub}
2880+ files.
2881+ - Don't use local statement in config script as it fails if /bin/sh
2882+ points to bash (LP: #286063).
2883+ - Disable the testsuite on hppa. Allows building of packages on this
2884+ architecture again, once this package is in the archive.
2885+ LP: #288908.
2886+ - debian/slapd.postinst, debian/slapd.script-common: set correct ownership
2887+ and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group readable) and
2888+ /var/run/slapd (world readable). (LP: #257667).
2889+ - Enable nssoverlay:
2890+ - debian/patches/nssov-build, debian/rules: Build and package
2891+ the nss overlay.
2892+ - debian/schema/misc.ldif: add ldif file for the misc schema
2893+ which defines rfc822MailMember (required by the nss overlay).
2894+ - debian/{control,rules}: enable PIE hardening
2895+ - Use cn=config as the default configuration backend instead of
2896+ slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade
2897+ asking the end user to enter a new password to control the access to the
2898+ cn=config tree.
2899+ * Dropped:
2900+ - debian/patches/corrupt-contextCSN: The contextCSN can get corrupted at
2901+ times. (ITS: #5947) Fixed in new upstream version 2.4.15.
2902+ - debian/patches/fix-ucred-libc due to changes how newer glibc handle
2903+ the ucred struct now. Implemented in Debian.
2904+ * debian/patches/fix-ldap_back_entry_get_rwa.patch: fix test-0034 failure
2905+ when built with PIE.
2906+ * debian/patches/gnutls-enable-v1-ca-certs: Enable V1 CA certs to be
2907+ trusted (LP: #305264).
2908+
2909+ -- Mathias Gug <mathiaz@ubuntu.com> Fri, 06 Mar 2009 17:34:21 -0500
2910+
2911 openldap (2.4.15-1) unstable; urgency=low
2912
2913 * New upstream version
2914@@ -1364,6 +3951,69 @@ openldap (2.4.15-1) unstable; urgency=low
2915
2916 -- Steve Langasek <vorlon@debian.org> Tue, 24 Feb 2009 14:27:35 -0800
2917
2918+openldap (2.4.14-0ubuntu1) jaunty; urgency=low
2919+
2920+ [ Steve Langasek ]
2921+ * New upstream version
2922+ - Fixes a bug with the pcache overlay not returning cached entries
2923+ (closes: #497697)
2924+ - Update evolution-ntlm patch to apply to current Makefiles.
2925+ - (tentatively) drop gnutls-ciphers, since this bug was reported to be
2926+ fixed upstream in 2.4.8. The fix applied in 2.4.8 didn't match the
2927+ patch from the bug report, so this should be watched for regressions.
2928+ * Build against db4.7 instead of db4.2 at last! Closes: #421946.
2929+ * Build with --disable-ndb, to avoid a misbuild when libmysqlclient is
2930+ installed in the build environment.
2931+ * New patch, no-crlcheck-for-gnutls, to fix a build failure when using
2932+ --with-tls=gnutls.
2933+
2934+ [ Mathias Gug ]
2935+ * Merge from debian unstable, remaining changes:
2936+ - debian/apparmor-profile: add AppArmor profile
2937+ - debian/slapd.postinst: Reload AA profile on configuration
2938+ - updated debian/slapd.README.Debian for note on AppArmor
2939+ - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
2940+ - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
2941+ to make sure that if earlier version of apparmour-profiles gets
2942+ installed it won't overwrite our profile.
2943+ - Modify Maintainer value to match the DebianMaintainerField
2944+ speficication.
2945+ - follow ApparmorProfileMigration and force apparmor compalin mode on
2946+ some upgrades (LP: #203529)
2947+ - debian/slapd.dirs: add etc/apparmor.d/force-complain
2948+ - debian/slapd.preinst: create symlink for force-complain on pre-feisty
2949+ upgrades, upgrades where apparmor-profiles profile is unchanged (ie
2950+ non-enforcing) and upgrades where apparmor profile does not exist.
2951+ - debian/slapd.postrm: remove symlink in force-complain/ on purge
2952+ - debian/patches/fix-ucred-libc due to changes how newer glibc handle
2953+ the ucred struct now.
2954+ - debian/control:
2955+ - Build-depend on libltdl7-dev rather then libltdl3-dev.
2956+ - debian/patches/autogen.sh:
2957+ - Call libtoolize with the --install option to install config.{guess,sub}
2958+ files.
2959+ - Don't use local statement in config script as it fails if /bin/sh
2960+ points to bash (LP: #286063).
2961+ - Disable the testsuite on hppa. Allows building of packages on this
2962+ architecture again, once this package is in the archive.
2963+ LP: #288908.
2964+ - debian/slapd.postinst, debian/slapd.script-common: set correct ownership
2965+ and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group readable) and
2966+ /var/run/slapd (world readable). (LP: #257667).
2967+ - debian/patches/nssov-build, debian/rules:
2968+ Build and package the nss overlay.
2969+ debian/schema/misc.ldif: add ldif file for the misc schema, which defines
2970+ rfc822MailMember (required by the nss overlay).
2971+ - debian/{control,rules}: enable PIE hardening
2972+ - Use cn=config as the default configuration backend instead of
2973+ slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade
2974+ asking the end user to enter a new password to control the access to the
2975+ cn=config tree.
2976+ * debian/patches/corrupt-contextCSN: The contextCSN can get corrupted at
2977+ times. (ITS: #5947)
2978+
2979+ -- Mathias Gug <mathiaz@ubuntu.com> Wed, 18 Feb 2009 18:44:00 -0500
2980+
2981 openldap (2.4.11-1) unstable; urgency=low
2982
2983 * New upstream version (closes: #499560).
2984@@ -1386,6 +4036,110 @@ openldap (2.4.11-1) unstable; urgency=low
2985
2986 -- Steve Langasek <vorlon@debian.org> Sat, 11 Oct 2008 01:53:55 -0700
2987
2988+openldap (2.4.11-0ubuntu7) jaunty; urgency=low
2989+
2990+ * Don't use local statement in config script as it fails if /bin/sh
2991+ points to bash (LP: #286063).
2992+
2993+ -- Mathias Gug <mathiaz@ubuntu.com> Tue, 04 Nov 2008 20:03:46 -0500
2994+
2995+openldap (2.4.11-0ubuntu6) intrepid; urgency=low
2996+
2997+ * Disable the testsuite on hppa. Allows building of packages on this
2998+ architecture again, once this package is in the archive.
2999+ LP: #288908.
3000+
3001+ -- Matthias Klose <doko@ubuntu.com> Fri, 24 Oct 2008 23:22:33 +0200
3002+
3003+openldap (2.4.11-0ubuntu5) intrepid; urgency=low
3004+
3005+ * Don't set admin passwords in ldif files if adminpw is empty.
3006+ (LP: #273988 - LP: #276606).
3007+
3008+ -- Mathias Gug <mathiaz@ubuntu.com> Mon, 13 Oct 2008 19:31:15 -0400
3009+
3010+openldap (2.4.11-0ubuntu4) intrepid; urgency=low
3011+
3012+ * debian/slapd.postinst, debian/slapd.script-common: set correct ownership
3013+ and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group readable) and
3014+ /var/run/slapd (world readable). (LP: #257667).
3015+ * debian/slapd.script-common:
3016+ - Fix package reconfiguration:
3017+ + Remove slapd.d/ directory if it already exists when creating a new
3018+ configuration.
3019+ + Fix backup directory naming for multiple reconfiguration.
3020+
3021+ -- Mathias Gug <mathiaz@ubuntu.com> Wed, 24 Sep 2008 21:01:42 -0400
3022+
3023+openldap (2.4.11-0ubuntu3) intrepid; urgency=low
3024+
3025+ * debian/patches/nssov-build, debian/rules:
3026+ Build and package the nss overlay.
3027+ * debian/schema/misc.ldif: add ldif file for the misc schema, which defines
3028+ rfc822MailMember (required by the nss overlay).
3029+
3030+ -- Mathias Gug <mathiaz@ubuntu.com> Tue, 26 Aug 2008 18:42:54 -0400
3031+
3032+openldap (2.4.11-0ubuntu2) intrepid; urgency=low
3033+
3034+ * debian/{control,rules}: enable PIE hardening
3035+
3036+ -- Kees Cook <kees@ubuntu.com> Wed, 20 Aug 2008 15:47:01 -0700
3037+
3038+openldap (2.4.11-0ubuntu1) intrepid; urgency=low
3039+
3040+ * New upstream version:
3041+ - Mainly bug fixes.
3042+ - New nss slapd overlay (not compiled by default).
3043+ * Use cn=config as the default configuration backend instead of
3044+ slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade
3045+ asking the end user to enter a new password to control the access to the
3046+ cn=config tree.
3047+
3048+ -- Mathias Gug <mathiaz@ubuntu.com> Mon, 11 Aug 2008 20:26:05 -0400
3049+
3050+openldap (2.4.10-3ubuntu1) intrepid; urgency=low
3051+
3052+ [ Mathias Gug ]
3053+ * Merge from debian unstable, remaining changes:
3054+ - debian/apparmor-profile: add AppArmor profile
3055+ - debian/slapd.postinst: Reload AA profile on configuration
3056+ - updated debian/slapd.README.Debian for note on AppArmor
3057+ - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
3058+ - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
3059+ to make sure that if earlier version of apparmour-profiles gets
3060+ installed it won't overwrite our profile.
3061+ - Modify Maintainer value to match the DebianMaintainerField
3062+ speficication.
3063+ - follow ApparmorProfileMigration and force apparmor compalin mode on
3064+ some upgrades (LP: #203529)
3065+ - debian/slapd.dirs: add etc/apparmor.d/force-complain
3066+ - debian/slapd.preinst: create symlink for force-complain on pre-feisty
3067+ upgrades, upgrades where apparmor-profiles profile is unchanged (ie
3068+ non-enforcing) and upgrades where apparmor profile does not exist.
3069+ - debian/slapd.postrm: remove symlink in force-complain/ on purge
3070+ - debian/patches/fix-ucred-libc due to changes how newer glibc handle
3071+ the ucred struct now.
3072+ - debian/patches/fix-unique-overlay-assertion.patch:
3073+ Fix another assertion error in unique overlay (LP: #243337).
3074+ Backport from head.
3075+ * Dropped - implemented in Debian:
3076+ - debian/patches/fix-gnutls-key-strength.patch:
3077+ Fix slapd handling of ssf using gnutls. (LP: #244925).
3078+ - debian/control:
3079+ Add time as build dependency: needed by make test.
3080+ * debian/control:
3081+ - Build-depend on libltdl7-dev rather then libltdl3-dev.
3082+ * debian/patches/autogen.sh:
3083+ - Call libtoolize with the --install option to install config.{guess,sub}
3084+ files.
3085+
3086+ [ Jamie Strandboge ]
3087+ * adjust apparmor profile to allow gssapi (LP: #229252)
3088+ * adjust apparmor profile to allow cnconfig (LP: #243525)
3089+
3090+ -- Mathias Gug <mathiaz@ubuntu.com> Wed, 30 Jul 2008 19:46:02 -0400
3091+
3092 openldap (2.4.10-3) unstable; urgency=low
3093
3094 [ Steve Langasek ]
3095@@ -1419,6 +4173,40 @@ openldap (2.4.10-3) unstable; urgency=low
3096
3097 -- Steve Langasek <vorlon@debian.org> Mon, 28 Jul 2008 15:26:06 -0700
3098
3099+openldap (2.4.10-2ubuntu1) intrepid; urgency=low
3100+
3101+ * Merge from debian unstable, remaining changes:
3102+ - debian/apparmor-profile: add AppArmor profile
3103+ - debian/slapd.postinst: Reload AA profile on configuration
3104+ - updated debian/slapd.README.Debian for note on AppArmor
3105+ - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
3106+ - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
3107+ to make sure that if earlier version of apparmour-profiles gets
3108+ installed it won't overwrite our profile.
3109+ - Modify Maintainer value to match the DebianMaintainerField
3110+ speficication.
3111+ - follow ApparmorProfileMigration and force apparmor compalin mode on
3112+ some upgrades (LP: #203529)
3113+ - debian/slapd.dirs: add etc/apparmor.d/force-complain
3114+ - debian/slapd.preinst: create symlink for force-complain on pre-feisty
3115+ upgrades, upgrades where apparmor-profiles profile is unchanged (ie
3116+ non-enforcing) and upgrades where apparmor profile does not exist.
3117+ - debian/slapd.postrm: remove symlink in force-complain/ on purge
3118+ - debian/patches/fix-ucred-libc due to changes how newer glibc handle
3119+ the ucred struct now.
3120+ - debian/patches/fix-unique-overlay-assertion.patch:
3121+ Fix another assertion error in unique overlay (LP: #243337).
3122+ Backport from head.
3123+ - debian/patches/fix-gnutls-key-strength.patch:
3124+ Fix slapd handling of ssf using gnutls. (LP: #244925).
3125+ - debian/control:
3126+ Add time as build dependency: needed by make test.
3127+ * Dropped - implemented in Debian:
3128+ - debian/rules:
3129+ Support debuild nocheck option: don't run tests if nocheck is set.
3130+
3131+ -- Mathias Gug <mathiaz@ubuntu.com> Thu, 10 Jul 2008 14:45:49 -0400
3132+
3133 openldap (2.4.10-2) unstable; urgency=low
3134
3135 * Support DEB_BUILD_OPTIONS=nocheck to disable running the test suite at
3136@@ -1433,6 +4221,54 @@ openldap (2.4.10-2) unstable; urgency=low
3137
3138 -- Steve Langasek <vorlon@debian.org> Sun, 06 Jul 2008 22:03:32 -0700
3139
3140+openldap2.3 (2.4.10-1ubuntu1) intrepid; urgency=low
3141+
3142+ * Merge from debian unstable, remaining changes:
3143+ - debian/apparmor-profile: add AppArmor profile
3144+ - debian/slapd.postinst: Reload AA profile on configuration
3145+ - updated debian/slapd.README.Debian for note on AppArmor
3146+ - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
3147+ - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
3148+ to make sure that if earlier version of apparmour-profiles gets
3149+ installed it won't overwrite our profile.
3150+ - Modify Maintainer value to match the DebianMaintainerField
3151+ speficication.
3152+ - follow ApparmorProfileMigration and force apparmor compalin mode on
3153+ some upgrades (LP: #203529)
3154+ - debian/slapd.dirs: add etc/apparmor.d/force-complain
3155+ - debian/slapd.preinst: create symlink for force-complain on pre-feisty
3156+ upgrades, upgrades where apparmor-profiles profile is unchanged (ie
3157+ non-enforcing) and upgrades where apparmor profile does not exist.
3158+ - debian/slapd.postrm: remove symlink in force-complain/ on purge
3159+ - debian/patches/fix-ucred-libc due to changes how newer glibc handle
3160+ the ucred struct now.
3161+ - debian/patches/fix-unique-overlay-assertion.patch:
3162+ Fix another assertion error in unique overlay (LP: #243337).
3163+ Backport from head.
3164+ * debian/control:
3165+ - add time as build dependency: needed by make test.
3166+ * debian/rules:
3167+ - support debuild nocheck option: don't run tests if nocheck is set.
3168+ * debian/patches/fix-gnutls-key-strength.patch:
3169+ - fix slapd handling of ssf using gnutls. (LP: #244925).
3170+ * Dropped - accepted in Debian:
3171+ - debian/rules, debian/slapd.links: use hard links to slapd instead of
3172+ symlinks for slap* so these applications aren't confined by apparmor
3173+ (LP: #203898)
3174+ * Dropped - fixed in new upstream release:
3175+ - debian/patches/fix-assertion-io.patch: Fixes ber_flush2 assertion.
3176+ (LP: #215904)
3177+ - debian/patches/fix-dnpretty-assertion.patch: Fix dnPrettyNormal assertion
3178+ error. (LP: #234196)
3179+ - dropped debian/patches/fix-notify-crasher.patch: Fix modify timestamp crashes.
3180+ (LP: #220724)
3181+ - debian/patches/fix-syncrepl-oops: Fixes segmentation fault when using
3182+ syncrepl. (LP: #227178)
3183+ - dropped debian/patches/SECURITY_CVE-2008-0658.patch. Already applied
3184+ upstream.
3185+
3186+ -- Mathias Gug <mathiaz@ubuntu.com> Thu, 03 Jul 2008 14:15:08 -0400
3187+
3188 openldap2.3 (2.4.10-1) unstable; urgency=low
3189
3190 [ Steve Langasek ]
3191@@ -1457,6 +4293,64 @@ openldap2.3 (2.4.10-1) unstable; urgency=low
3192
3193 -- Steve Langasek <vorlon@debian.org> Mon, 30 Jun 2008 04:28:34 -0700
3194
3195+openldap2.3 (2.4.9-1ubuntu4) intrepid; urgency=low
3196+
3197+ * debian/patches/fix-unique-overlay-assertion.patch:
3198+ - Fix another assertion error in unique overlay, backported from head.
3199+ (LP: #243337) Note: This patch will still be needed when moved to 2.4.10
3200+
3201+ -- Chuck Short <zulcss@ubuntu.com> Mon, 30 Jun 2008 18:49:52 +0000
3202+
3203+openldap2.3 (2.4.9-1ubuntu3) intrepid; urgency=low
3204+
3205+ * Drop spurious dependency on hiemdal-dev. Caused by an aborted attempt to
3206+ include the smbk5pwd overlay.
3207+
3208+ -- Chuck Short <zulcss@ubuntu.com> Wed, 11 Jun 2008 21:25:40 +0000
3209+
3210+openldap2.3 (2.4.9-1ubuntu2) intrepid; urgency=low
3211+
3212+ * Rebuild for perl 5.10 transition (LP: #230016)
3213+ * debian/patches/fix-syncrepl-oops: Fixes segmentation fault when using
3214+ syncrepl. (LP: #227178)
3215+
3216+ -- Chuck Short <zulcss@ubuntu.com> Mon, 09 Jun 2008 14:56:40 +0000
3217+
3218+openldap2.3 (2.4.9-1ubuntu1) intrepid; urgency=low
3219+
3220+ * Merge from debian unstable, remaining changes:
3221+ - debian/apparmor-profile: add AppArmor profile
3222+ - debian/slapd.postinst: Reload AA profile on configuration
3223+ - updated debian/slapd.README.Debian for note on AppArmor
3224+ - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
3225+ - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
3226+ to make sure that if earlier version of apparmour-profiles gets
3227+ installed it won't overwrite our profile.
3228+ - Modify Maintainer value to match the DebianMaintainerField
3229+ speficication.
3230+ - follow ApparmorProfileMigration and force apparmor compalin mode on
3231+ some upgrades (LP: #203529)
3232+ - debian/slapd.dirs: add etc/apparmor.d/force-complain
3233+ - debian/slapd.preinst: create symlink for force-complain on pre-feisty
3234+ upgrades, upgrades where apparmor-profiles profile is unchanged (ie
3235+ non-enforcing) and upgrades where apparmor profile does not exist.
3236+ - debian/slapd.postrm: remove symlink in force-complain/ on purge
3237+ - debian/rules, debian/slapd.links: use hard links to slapd instead of
3238+ symlinks for slap* so these applications aren't confined by apparmor
3239+ (LP: #203898)
3240+ - debian/patches/fix-assertion-io.patch: Fixes ber_flush2 assertion.
3241+ (LP: #215904)
3242+ - debian/patches/fix-dnpretty-assertion.patch: Fix dnPrettyNormal assertion
3243+ error. (LP: #234196)
3244+ - dropped debian/patches/fix-notify-crasher.patch: Fix modify timestamp crashes.
3245+ (LP: #220724)
3246+ - dropped debian/patches/SECURITY_CVE-2008-0658.patch. Already applied
3247+ upstream.
3248+ * Added debian/patches/fix-ucred-libc due to changes how newer glibc handle
3249+ the ucred struct now.
3250+
3251+ -- Chuck Short <zulcss@ubuntu.com> Fri, 30 May 2008 17:09:53 +0100
3252+
3253 openldap2.3 (2.4.9-1) unstable; urgency=low
3254
3255 [ Updated debconf translations ]
3256@@ -1527,6 +4421,51 @@ openldap2.3 (2.4.7-6.1) unstable; urgency=high
3257
3258 -- Nico Golde <nion@debian.org> Tue, 04 Mar 2008 14:34:44 +0100
3259
3260+openldap2.3 (2.4.7-6ubuntu3) hardy; urgency=low
3261+
3262+ * remove apparmor-profile workaround for Launchpad #202161 (it's now fixed
3263+ in klibc)
3264+
3265+ -- Jamie Strandboge <jamie@ubuntu.com> Mon, 07 Apr 2008 16:09:38 -0400
3266+
3267+openldap2.3 (2.4.7-6ubuntu2) hardy; urgency=low
3268+
3269+ * apparmor-profile workaround for Launchpad #202161
3270+ * follow ApparmorProfileMigration and force apparmor complain mode on some
3271+ upgrades (LP: #203529)
3272+ - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
3273+ - debian/slapd.dirs: add etc/apparmor.d/force-complain
3274+ - debian/slapd.preinst: create symlink for force-complain/ on pre-feisty
3275+ upgrades, upgrades where apparmor-profiles profile is unchanged (ie
3276+ non-enforcing) and upgrades where apparmor profile does not exist
3277+ - debian/slapd.postrm: remove symlink in force-complain/ on purge
3278+ * debian/rules, debian/slapd.links: use hard links to slapd instead of
3279+ symlinks for slap* so these applications aren't confined by apparmor
3280+ (LP: #203898)
3281+
3282+ -- Jamie Strandboge <jamie@ubuntu.com> Tue, 18 Mar 2008 13:53:23 -0400
3283+
3284+openldap2.3 (2.4.7-6ubuntu1) hardy; urgency=low
3285+
3286+ * Merge from Debian unstable, remaining changes:
3287+ + debian/patches/SECURITY_CVE-2008-0658.patch (LP: #197077)
3288+ slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39
3289+ allows remote authenticated users to cause a denial of service (daemon
3290+ crash) via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION)
3291+ control, a related issue to CVE-2007-6698.
3292+ + debian/apparmor-profile: add AppArmor profile
3293+ + debian/slapd.postinst: Reload AA profile on configuration
3294+ + updated debian/slapd.README.Debian for note on AppArmor
3295+ + debian/control: Replaces apparmor-profiles << 2.1+1075-0ubuntu4 as we
3296+ should now take control
3297+ + debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
3298+ to make sure that if earlier version of apparmor-profiles gets
3299+ installed it won't overwrite our profile
3300+ + Modify Maintainer value to match the DebianMaintainerField
3301+ specification.
3302+
3303+ -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 04 Mar 2008 01:59:51 +0000
3304+
3305 openldap2.3 (2.4.7-6) unstable; urgency=low
3306
3307 [ Updated debconf translations ]
3308@@ -1572,6 +4511,37 @@ openldap2.3 (2.4.7-6) unstable; urgency=low
3309
3310 -- Steve Langasek <vorlon@debian.org> Thu, 28 Feb 2008 22:15:17 -0800
3311
3312+openldap2.3 (2.4.7-5ubuntu2) hardy; urgency=low
3313+
3314+ * SECURITY UPDATE:
3315+ + debian/patches/SECURITY_CVE-2008-0658.patch (LP: #197077)
3316+ slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39
3317+ allows remote authenticated users to cause a denial of service (daemon crash)
3318+ via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION) control, a related
3319+ issue to CVE-2007-6698.
3320+
3321+ * References
3322+ - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-0658
3323+ - http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5358
3324+
3325+ -- Emanuele Gentili <emgent@emanuele-gentili.com> Sun, 02 Mar 2008 16:34:30 +0100
3326+
3327+openldap2.3 (2.4.7-5ubuntu1) hardy; urgency=low
3328+
3329+ * add AppArmor profile
3330+ + debian/apparmor-profile
3331+ + debian/slapd.postinst: Reload AA profile on configuration
3332+ * updated debian/slapd.README.Debian for note on AppArmor
3333+ * debian/control: Replaces apparmor-profiles << 2.1+1075-0ubuntu4 as we
3334+ should now take control
3335+ * debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
3336+ to make sure that if earlier version of apparmor-profiles gets installed
3337+ it won't overwrite our profile
3338+ * Modify Maintainer value to match the DebianMaintainerField
3339+ specification.
3340+
3341+ -- Jamie Strandboge <jamie@ubuntu.com> Wed, 13 Feb 2008 17:15:41 +0000
3342+
3343 openldap2.3 (2.4.7-5) unstable; urgency=low
3344
3345 [ Updated debconf translations ]
3346diff --git a/debian/control b/debian/control
3347index 72c2fdf..877d42b 100644
3348--- a/debian/control
3349+++ b/debian/control
3350@@ -1,12 +1,14 @@
3351 Source: openldap
3352 Section: net
3353 Priority: optional
3354-Maintainer: Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>
3355+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
3356+XSBC-Original-Maintainer: Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>
3357 Uploaders: Steve Langasek <vorlon@debian.org>,
3358 Torsten Landschoff <torsten@debian.org>,
3359 Ryan Tandy <ryan@nardis.ca>,
3360 Sergio Durigan Junior <sergiodj@debian.org>
3361 Build-Depends: debhelper-compat (= 12),
3362+ dh-apparmor,
3363 dpkg-dev (>= 1.17.14),
3364 groff-base,
3365 heimdal-multidev (>= 7.4.0.dfsg.1-1~) <!pkg.openldap.noslapd>,
3366@@ -43,7 +45,7 @@ Depends: ${shlibs:Depends}, libldap2 (= ${binary:Version}),
3367 coreutils (>= 4.5.1-1), psmisc, perl:any (>> 5.8.0) | libmime-base64-perl,
3368 adduser, lsb-base (>= 3.2-13), ${perl:Depends}, ${misc:Depends}
3369 Recommends: ldap-utils
3370-Suggests: libsasl2-modules,
3371+Suggests: libsasl2-modules, ufw,
3372 libsasl2-modules-gssapi-mit | libsasl2-modules-gssapi-heimdal
3373 Conflicts: umich-ldapd, ldap-server, libltdl3 (= 1.5.4-1)
3374 Replaces: ldap-utils (<< 2.2.23-3)
3375diff --git a/debian/rules b/debian/rules
3376index dec3a84..24f1691 100755
3377--- a/debian/rules
3378+++ b/debian/rules
3379@@ -11,7 +11,7 @@ export DEB_CFLAGS_MAINT_APPEND := -Wall -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE
3380 export DEB_BUILD_MAINT_OPTIONS := hardening=+all
3381
3382 # Expose maintainer address to build/mkversion (see debian/patches/set-maintainer-name)
3383-export DEB_MAINTAINER := $(shell sed -ne 's/Maintainer:\s\+//p' debian/control)
3384+export DEB_MAINTAINER := $(shell sed -ne 's/^Maintainer:\s\+//p' debian/control)
3385
3386 # Expose DEB_VERSION to build/version.sh (see debian/patches/debian-version)
3387 export DEB_VERSION
3388@@ -118,6 +118,22 @@ endif
3389 find $(installdir)/usr/share/man -name \*.8 \
3390 | xargs perl -pi -e 's#(\.TH \w+ 8)C#$$1#'
3391
3392+ifeq ($(filter stage1,$(DEB_BUILD_PROFILES)),)
3393+override_dh_install-arch:
3394+ dh_install
3395+
3396+ # install AppArmor profile
3397+ install -D -m 644 $(CURDIR)/debian/apparmor-profile $(CURDIR)/debian/slapd/etc/apparmor.d/usr.sbin.slapd
3398+
3399+ # install Apport hook
3400+ install -D -m 644 $(CURDIR)/debian/slapd.py $(CURDIR)/debian/slapd/usr/share/apport/package-hooks/slapd.py
3401+
3402+ # install ufw profile
3403+ install -D -m 644 $(CURDIR)/debian/slapd.ufw.profile $(CURDIR)/debian/slapd/etc/ufw/applications.d/slapd
3404+
3405+ dh_apparmor -pslapd --profile-name=usr.sbin.slapd
3406+endif
3407+
3408 override_dh_installinit:
3409 dh_installinit --no-restart-after-upgrade --error-handler=ignore_init_failure -- "defaults 19 80"
3410
3411diff --git a/debian/slapd.README.Debian b/debian/slapd.README.Debian
3412index ff7d66b..a4f3f55 100644
3413--- a/debian/slapd.README.Debian
3414+++ b/debian/slapd.README.Debian
3415@@ -252,6 +252,17 @@ Modifications Compared to Upstream
3416
3417 -- Russ Allbery <rra@debian.org>, Thu, 14 Feb 2008 18:47:07 -0800
3418
3419+Apparmor Profile
3420+----------------
3421+
3422+ If your system uses AppArmor, please note that the shipped enforcing profile
3423+ works with the default installation, and changes in your configuration may
3424+ require changes to the installed apparmor profile. Please see
3425+ https://wiki.ubuntu.com/DebuggingApparmor before filing a bug against this
3426+ software.
3427+
3428+ -- Jamie Strandboge <jamie@ubuntu.com>, Mon, 4 Feb 2008 21:18:21 -0500
3429+
3430 Migrating your installation to OpenLDAP 2.5.x
3431
3432 OpenLDAP 2.5 is a major new release and includes several incompatible
3433diff --git a/debian/slapd.py b/debian/slapd.py
3434new file mode 100644
3435index 0000000..b1aed25
3436--- /dev/null
3437+++ b/debian/slapd.py
3438@@ -0,0 +1,51 @@
3439+#!/usr/bin/python3
3440+
3441+'''apport hook for slapd
3442+
3443+(c) 2010 Adam Sommer.
3444+Author: Adam Sommer <asommer@ubuntu.com>
3445+
3446+This program is free software; you can redistribute it and/or modify it
3447+under the terms of the GNU General Public License as published by the
3448+Free Software Foundation; either version 2 of the License, or (at your
3449+option) any later version. See http://www.gnu.org/copyleft/gpl.html for
3450+the full text of the license.
3451+'''
3452+
3453+from apport.hookutils import *
3454+import os
3455+
3456+# Scrub olcRootPW attribute and credentials strings if necessary.
3457+def scrub_pass_strings(config):
3458+ olcrootpw_regex = re.compile('olcRootPW:.*')
3459+ olcrootpw_string = olcrootpw_regex.search(config)
3460+ if olcrootpw_string:
3461+ config = config.replace(olcrootpw_string.group(0), 'olcRootPW: @@APPORTREPLACED@@')
3462+
3463+ credentials_regex = re.compile('credentials=.* ')
3464+ credentials_string = credentials_regex.search(config)
3465+ if credentials_string:
3466+ config = config.replace(credentials_string.group(0), 'credentials=@@APPORTREPLACED@@ ')
3467+
3468+ return config
3469+
3470+def add_info(report, ui):
3471+ response = ui.yesno("The contents of your /etc/ldap/slapd.d directory "
3472+ "may help developers diagnose your bug more "
3473+ "quickly. However, it may contain sensitive "
3474+ "information. Do you want to include it in your "
3475+ "bug report?")
3476+
3477+ if response == None: # user cancelled
3478+ raise StopIteration
3479+
3480+ elif response == True:
3481+ # Get the cn=config tree.
3482+ cn_config = root_command_output(['/usr/bin/ldapsearch', '-Q', '-LLL', '-Y EXTERNAL', '-H ldapi:///', '-b cn=config'])
3483+ report['CNConfig'] = scrub_pass_strings(cn_config)
3484+
3485+ # Get slapd messages from /var/log/syslog
3486+ slapd_re = re.compile('slapd', re.IGNORECASE)
3487+ report['SysLog'] = recent_syslog(slapd_re)
3488+
3489+ attach_mac_events(report, '/usr/sbin/slapd')
3490diff --git a/debian/slapd.ufw.profile b/debian/slapd.ufw.profile
3491new file mode 100644
3492index 0000000..3c4f676
3493--- /dev/null
3494+++ b/debian/slapd.ufw.profile
3495@@ -0,0 +1,9 @@
3496+[OpenLDAP LDAP]
3497+title=OpenLDAP with TLS
3498+description=OpenLDAP is a free, fast, lightweight LDAP server
3499+ports=389/tcp
3500+
3501+[OpenLDAP LDAPS]
3502+title=OpenLDAP over SSL
3503+description=OpenLDAP is a free, fast, lightweight LDAP server
3504+ports=636/tcp

Subscribers

People subscribed via source and target branches