Ubuntu
openldap package

Merge ~sergiodj/ubuntu/+source/openldap:merge-2.6.4-dfsg-1-mantic into ubuntu/+source/openldap:debian/experimental

  1. Git
  2. lp:~sergiodj/ubuntu/+source/openldap
  3. merge-2.6.4-dfsg-1-mantic
  4. Merge into debian/experimental
Proposed by Sergio Durigan Junior
Status: Merged
Merge reported by: Sergio Durigan Junior
Merged at revision: 7c5a554056315de8aee919f5978bdd994f84905c
Proposed branch: ~sergiodj/ubuntu/+source/openldap:merge-2.6.4-dfsg-1-mantic
Merge into: ubuntu/+source/openldap:debian/experimental
Diff against target: 3628 lines (+3207/-4)
10 files modified
debian/apparmor-profile (+61/-0)
debian/changelog (+3012/-0)
debian/control (+4/-2)
debian/rules (+24/-2)
debian/slapd.README.Debian (+11/-0)
debian/slapd.py (+51/-0)
debian/slapd.ufw.profile (+9/-0)
debian/tests/control (+3/-0)
debian/tests/sha2-contrib (+16/-0)
debian/tests/smbk5pwd (+16/-0)
Reviewer Review Type Date Requested Status
Andreas Hasenack Approve
Canonical Server Reporter Pending
Review via email: mp+445156@code.launchpad.net

Description of the change

This is the merge of OpenLDAP 2.6.4 from Debian experimental.

Very trivial merge. We're carrying all of our delta forward for now. Maybe we'll be able to submit some of our delta to Debian this cycle, but I'll talk to Andreas later about this.

PPA: https://launchpad.net/~sergiodj/+archive/ubuntu/openldap/+packages

I'll post the dep8 results once I have them.

To post a comment you must log in.
Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

Results: (from http://autopkgtest.ubuntu.com/results/autopkgtest-mantic-sergiodj-openldap/?format=plain)
  openldap @ amd64:
    21.06.23 20:30:37 Log 🗒️ ✅ Triggers: openldap/2.6.4+dfsg-1~exp1ubuntu1~ppa1
  openldap @ arm64:
    21.06.23 20:26:48 Log 🗒️ ✅ Triggers: openldap/2.6.4+dfsg-1~exp1ubuntu1~ppa1
  openldap @ armhf:
    21.06.23 20:23:50 Log 🗒️ ✅ Triggers: openldap/2.6.4+dfsg-1~exp1ubuntu1~ppa1
  openldap @ ppc64el:
    21.06.23 20:25:32 Log 🗒️ ✅ Triggers: openldap/2.6.4+dfsg-1~exp1ubuntu1~ppa1
  openldap @ s390x:
    21.06.23 20:38:08 Log 🗒️ ✅ Triggers: openldap/2.6.4+dfsg-1~exp1ubuntu1~ppa1

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

+1

I see squashed commits, that's ok. Delta carried forward. Interesting that the package in debian unstable has some of these fixes, but experimental does not.

review: Approve
Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

On Monday, June 26 2023, Andreas Hasenack wrote:

> +1
>
> I see squashed commits, that's ok. Delta carried forward. Interesting that the package in debian unstable has some of these fixes, but experimental does not.

Thanks, Andreas.

You're correct in pointing out the differences between the
unstable/experimental packages in Debian. I'll backport your patches to
the experimental package there and do an upload.

Meanwhile, uploaded in Ubuntu.

--
Sergio
GPG key ID: E92F D0B3 6B14 F1F4 D8E0 EB2F 106D A1C8 C3CB BF14

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/debian/apparmor-profile b/debian/apparmor-profile
0new file mode 1006440new file mode 100644
index 0000000..6a247aa
--- /dev/null
+++ b/debian/apparmor-profile
@@ -0,0 +1,61 @@
1# vim:syntax=apparmor
2# Last Modified: Fri Jun 6 13:51:00 2020
3# Author: Jamie Strandboge <jamie@ubuntu.com>
4
5#include <tunables/global>
6
7/usr/sbin/slapd {
8 #include <abstractions/base>
9 #include <abstractions/nameservice>
10 #include <abstractions/p11-kit>
11
12 #include <abstractions/ssl_keys>
13 #include <abstractions/ssl_certs>
14
15 /etc/sasldb2 r,
16
17 capability dac_override,
18 capability net_bind_service,
19 capability setgid,
20 capability setuid,
21
22 /etc/gai.conf r,
23 /etc/hosts.allow r,
24 /etc/hosts.deny r,
25
26 # ldap files
27 /etc/ldap/** kr,
28 /etc/ldap/slapd.d/** rw,
29
30 # kerberos/gssapi
31 /dev/tty rw,
32 /etc/gss/mech.d/ r,
33 /etc/gss/mech.d/* kr,
34 /etc/krb5.keytab kr,
35 /etc/krb5/user/*/client.keytab kr,
36 owner /tmp/krb5cc_* rwk,
37 owner /var/tmp/krb5_*.rcache2 rwk,
38 /var/tmp/ rw,
39 /var/tmp/** rw,
40
41 # the databases and logs
42 /var/lib/ldap/ r,
43 /var/lib/ldap/** rwk,
44
45 # lock file
46 /var/lib/ldap/alock kw,
47
48 # pid files and sockets
49 /{,var/}run/slapd/* w,
50 /{,var/}run/slapd/ldapi rw,
51 /{,var/}run/nslcd/socket rw,
52 /{,var/}run/saslauthd/mux rw,
53
54 /usr/lib/ldap/ r,
55 /usr/lib/ldap/* mr,
56
57 /usr/sbin/slapd mr,
58
59 # Site-specific additions and overrides. See local/README for details.
60 #include <local/usr.sbin.slapd>
61}
diff --git a/debian/changelog b/debian/changelog
index 9dfc249..5a4dea2 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,9 +1,76 @@
1openldap (2.6.4+dfsg-1~exp1ubuntu1) mantic; urgency=medium
2
3 * Merge with Debian unstable (LP: #2018093). Remaining changes:
4 - Enable AppArmor support:
5 + d/apparmor-profile: add AppArmor profile
6 + d/rules: use dh_apparmor
7 + d/control: Build-Depends on dh-apparmor
8 + d/slapd.README.Debian: add note about AppArmor
9 - Enable ufw support:
10 + d/control: suggest ufw.
11 + d/rules: install ufw profile.
12 + d/slapd.ufw.profile: add ufw profile.
13 - d/{rules,slapd.py}: Add apport hook.
14 - d/rules: better regexp to match the Maintainer tag in d/control,
15 needed in the Ubuntu case because of XSBC-Original-Maintainer
16 (Closes #960448, LP #1875697)
17 - Build the passwd/sha2 contrib module with -fno-strict-aliasing to
18 avoid computing an incorrect SHA256 hash with some versions of the
19 compiler (LP #2000817):
20 + d/t/{control,sha2-contrib}: test to verify the SHA256 hash
21 produced by passwd/sha2
22 + d/rules: set -fno-strict-aliasing only when building the
23 passwd/sha2 contrib module
24 - d/t/smbk5pwd: Allow the openldap user to read the Heimdal master key in the
25 smbk5pwd DEP8 test (LP #2004560)
26
27 -- Sergio Durigan Junior <sergio.durigan@canonical.com> Wed, 21 Jun 2023 14:48:31 -0400
28
1openldap (2.6.4+dfsg-1~exp1) experimental; urgency=medium29openldap (2.6.4+dfsg-1~exp1) experimental; urgency=medium
230
3 * New upstream version 2.6.4+dfsg.31 * New upstream version 2.6.4+dfsg.
432
5 -- Sergio Durigan Junior <sergiodj@debian.org> Sat, 04 Mar 2023 16:35:10 -050033 -- Sergio Durigan Junior <sergiodj@debian.org> Sat, 04 Mar 2023 16:35:10 -0500
634
35openldap (2.6.3+dfsg-1~exp1ubuntu2) lunar; urgency=medium
36
37 * Build the passwd/sha2 contrib module with -fno-strict-aliasing to
38 avoid computing an incorrect SHA256 hash with some versions of the
39 compiler (LP: #2000817):
40 - d/t/{control,sha2-contrib}: test to verify the SHA256 hash
41 produced by passwd/sha2
42 - d/rules: set -fno-strict-aliasing only when building the
43 passwd/sha2 contrib module
44 * d/t/smbk5pwd: Allow the openldap user to read the Heimdal master key in the
45 smbk5pwd DEP8 test (LP: #2004560)
46
47 -- Andreas Hasenack <andreas@canonical.com> Fri, 03 Feb 2023 09:33:14 -0300
48
49openldap (2.6.3+dfsg-1~exp1ubuntu1) lunar; urgency=medium
50
51 * Merge with Debian unstable (LP: #1993426). Remaining changes:
52 - Enable AppArmor support:
53 + d/apparmor-profile: add AppArmor profile
54 + d/rules: use dh_apparmor
55 + d/control: Build-Depends on dh-apparmor
56 + d/slapd.README.Debian: add note about AppArmor
57 - Enable ufw support:
58 + d/control: suggest ufw.
59 + d/rules: install ufw profile.
60 + d/slapd.ufw.profile: add ufw profile.
61 - d/{rules,slapd.py}: Add apport hook.
62 - d/rules: better regexp to match the Maintainer tag in d/control,
63 needed in the Ubuntu case because of XSBC-Original-Maintainer
64 (Closes #960448, LP #1875697)
65 * Drop changes:
66 - Enable SASL/GSSAPI tests. (LP #1976508)
67 + d/control: Update B-D to include required dependencies needed to run
68 SASL/GSSAPI tests during build time, and mark them "!nocheck".
69 Thanks: Andreas Hasenack <andreas.hasenack@canonical.com>
70 [ Incorporated by Debian. ]
71
72 -- Sergio Durigan Junior <sergio.durigan@canonical.com> Fri, 18 Nov 2022 16:07:45 -0500
73
7openldap (2.6.3+dfsg-1~exp1) experimental; urgency=medium74openldap (2.6.3+dfsg-1~exp1) experimental; urgency=medium
875
9 * d/rules: Remove get-orig-source, now unnecessary.76 * d/rules: Remove get-orig-source, now unnecessary.
@@ -53,6 +120,94 @@ openldap (2.6.2+dfsg-1~exp1) experimental; urgency=medium
53120
54 -- Sergio Durigan Junior <sergiodj@debian.org> Fri, 20 May 2022 17:41:04 -0400121 -- Sergio Durigan Junior <sergiodj@debian.org> Fri, 20 May 2022 17:41:04 -0400
55122
123openldap (2.5.13+dfsg-1ubuntu2) lunar; urgency=medium
124
125 * Rebuild against new perlapi-5.36.
126
127 -- Gianfranco Costamagna <locutusofborg@debian.org> Fri, 04 Nov 2022 16:50:13 +0100
128
129openldap (2.5.13+dfsg-1ubuntu1) kinetic; urgency=medium
130
131 * Merge with Debian unstable (LP: #1983618). Remaining changes:
132 - Enable AppArmor support:
133 + d/apparmor-profile: add AppArmor profile
134 + d/rules: use dh_apparmor
135 + d/control: Build-Depends on dh-apparmor
136 + d/slapd.README.Debian: add note about AppArmor
137 - Enable ufw support:
138 + d/control: suggest ufw.
139 + d/rules: install ufw profile.
140 + d/slapd.ufw.profile: add ufw profile.
141 - d/{rules,slapd.py}: Add apport hook.
142 - d/rules: better regexp to match the Maintainer tag in d/control,
143 needed in the Ubuntu case because of XSBC-Original-Maintainer
144 (Closes #960448, LP #1875697)
145 - Enable SASL/GSSAPI tests. (LP #1976508)
146 + d/control: Update B-D to include required dependencies needed to run
147 SASL/GSSAPI tests during build time, and mark them "!nocheck".
148 Thanks: Andreas Hasenack <andreas.hasenack@canonical.com>
149
150 -- Sergio Durigan Junior <sergio.durigan@canonical.com> Tue, 20 Sep 2022 15:30:47 -0400
151
152openldap (2.5.12+dfsg-2ubuntu2) kinetic; urgency=medium
153
154 * Enable SASL/GSSAPI tests. (LP: #1976508)
155 - d/control: Update B-D to include required dependencies needed to run
156 SASL/GSSAPI tests during build time, and mark them "!nocheck".
157 Thanks: Andreas Hasenack <andreas.hasenack@canonical.com>
158
159 -- Sergio Durigan Junior <sergio.durigan@canonical.com> Thu, 25 Aug 2022 16:20:08 -0400
160
161openldap (2.5.12+dfsg-2ubuntu1) kinetic; urgency=medium
162
163 * Merge with Debian unstable (LP: #1971305). Remaining changes:
164 - Enable AppArmor support:
165 + d/apparmor-profile: add AppArmor profile
166 + d/rules: use dh_apparmor
167 + d/control: Build-Depends on dh-apparmor
168 + d/slapd.README.Debian: add note about AppArmor
169 - Enable ufw support:
170 + d/control: suggest ufw.
171 + d/rules: install ufw profile.
172 + d/slapd.ufw.profile: add ufw profile.
173 - d/{rules,slapd.py}: Add apport hook.
174 - d/rules: better regexp to match the Maintainer tag in d/control,
175 needed in the Ubuntu case because of XSBC-Original-Maintainer
176 (Closes #960448, LP #1875697)
177
178 -- Sergio Durigan Junior <sergio.durigan@canonical.com> Mon, 06 Jun 2022 15:34:48 -0400
179
180openldap (2.5.11+dfsg-1~exp1ubuntu3) jammy; urgency=medium
181
182 * No-change rebuild to update maintainer scripts, see LP: 1959054
183
184 -- Dave Jones <dave.jones@canonical.com> Wed, 16 Feb 2022 17:15:26 +0000
185
186openldap (2.5.11+dfsg-1~exp1ubuntu2) jammy; urgency=medium
187
188 * No-change rebuild for the perl update.
189
190 -- Matthias Klose <doko@ubuntu.com> Mon, 07 Feb 2022 07:51:42 +0100
191
192openldap (2.5.11+dfsg-1~exp1ubuntu1) jammy; urgency=medium
193
194 * Merge with Debian unstable (LP: #1946883). Remaining changes:
195 - Enable AppArmor support:
196 + d/apparmor-profile: add AppArmor profile
197 + d/rules: use dh_apparmor
198 + d/control: Build-Depends on dh-apparmor
199 + d/slapd.README.Debian: add note about AppArmor
200 - Enable ufw support:
201 + d/control: suggest ufw.
202 + d/rules: install ufw profile.
203 + d/slapd.ufw.profile: add ufw profile.
204 - d/{rules,slapd.py}: Add apport hook.
205 - d/rules: better regexp to match the Maintainer tag in d/control,
206 needed in the Ubuntu case because of XSBC-Original-Maintainer
207 (Closes #960448, LP #1875697)
208
209 -- Sergio Durigan Junior <sergio.durigan@canonical.com> Tue, 25 Jan 2022 17:06:12 -0500
210
56openldap (2.5.11+dfsg-1~exp1) experimental; urgency=medium211openldap (2.5.11+dfsg-1~exp1) experimental; urgency=medium
57212
58 * New upstream release.213 * New upstream release.
@@ -84,6 +239,25 @@ openldap (2.5.7+dfsg-1~exp1) experimental; urgency=medium
84239
85 -- Ryan Tandy <ryan@nardis.ca> Mon, 30 Aug 2021 18:54:25 -0700240 -- Ryan Tandy <ryan@nardis.ca> Mon, 30 Aug 2021 18:54:25 -0700
86241
242openldap (2.5.6+dfsg-1~exp1ubuntu1) impish; urgency=medium
243
244 * Merge with Debian unstable. Remaining changes:
245 - Enable AppArmor support:
246 + d/apparmor-profile: add AppArmor profile
247 + d/rules: use dh_apparmor
248 + d/control: Build-Depends on dh-apparmor
249 + d/slapd.README.Debian: add note about AppArmor
250 - Enable ufw support:
251 + d/control: suggest ufw.
252 + d/rules: install ufw profile.
253 + d/slapd.ufw.profile: add ufw profile.
254 - d/{rules,slapd.py}: Add apport hook.
255 - d/rules: better regexp to match the Maintainer tag in d/control,
256 needed in the Ubuntu case because of XSBC-Original-Maintainer
257 (Closes #960448, LP #1875697)
258
259 -- Sergio Durigan Junior <sergio.durigan@canonical.com> Tue, 17 Aug 2021 14:06:00 -0400
260
87openldap (2.5.6+dfsg-1~exp1) experimental; urgency=medium261openldap (2.5.6+dfsg-1~exp1) experimental; urgency=medium
88262
89 [ Ryan Tandy ]263 [ Ryan Tandy ]
@@ -118,6 +292,59 @@ openldap (2.5.6+dfsg-1~exp1) experimental; urgency=medium
118292
119 -- Ryan Tandy <ryan@nardis.ca> Mon, 16 Aug 2021 18:32:29 -0700293 -- Ryan Tandy <ryan@nardis.ca> Mon, 16 Aug 2021 18:32:29 -0700
120294
295openldap (2.5.5+dfsg-1~exp1ubuntu1) impish; urgency=medium
296
297 * Merge with Debian unstable. Remaining changes:
298 - Enable AppArmor support:
299 + d/apparmor-profile: add AppArmor profile
300 + d/rules: use dh_apparmor
301 + d/control: Build-Depends on dh-apparmor
302 + d/slapd.README.Debian: add note about AppArmor
303 - Enable ufw support:
304 + d/control: suggest ufw.
305 + d/rules: install ufw profile.
306 + d/slapd.ufw.profile: add ufw profile.
307 - d/{rules,slapd.py}: Add apport hook.
308 - d/rules: better regexp to match the Maintainer tag in d/control,
309 needed in the Ubuntu case because of XSBC-Original-Maintainer
310 (Closes #960448, LP #1875697)
311 * Dropped changes:
312 - Enable GSSAPI support (first added in 2.4.18-0ubuntu2):
313 + d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
314 - Add --with-gssapi support
315 - Make guess_service_principal() more robust when determining
316 principal
317 + d/configure.options: Configure with --with-gssapi
318 + d/control: Added heimdal-dev as a build depend
319 + d/rules:
320 - Explicitly add -I/usr/include/heimdal to CFLAGS.
321 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
322 + d/libldap-2.4-2.symbols: add symbols for GSSAPI support
323 This should be dropped when the soname changes.
324 [ Dropped as planned after soname bump due to 2.5.5 update. ]
325 - Enable nss overlay:
326 + d/rules:
327 - add nssov to CONTRIB_MODULES
328 - add sysconfdir to CONTRIB_MAKEVARS
329 + d/slapd.install: install nssov overlay
330 + d/slapd.manpages: install slapo-nssov(5) man page
331 + d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
332 Debian bug #919136, we also have to patch the nssov makefile
333 accordingly and thus update this patch.
334 [ Dropped as planned after soname bump due to 2.5.5 update. ]
335 - Add support for CLDAP (UDP) support, back then required by
336 likewise-open (first enabled in 2.4.17-1ubuntu2):
337 + d/rules: Enable -DLDAP_CONNECTIONLESS
338 + d/libldap-2.4-2.symbols: add symbols for CLDAP (UDP)
339 This should be dropped when the soname changes.
340 [ Dropped as planned after soname bump due to 2.5.5 update. ]
341 - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because
342 of test timing issue.
343 [ Dropped because the latest update improved the testcase and
344 there is no FTBFS on riscv64 anymore. ]
345
346 -- Sergio Durigan Junior <sergio.durigan@canonical.com> Tue, 15 Jun 2021 17:20:34 -0400
347
121openldap (2.5.5+dfsg-1~exp1) experimental; urgency=medium348openldap (2.5.5+dfsg-1~exp1) experimental; urgency=medium
122349
123 * New upstream release.350 * New upstream release.
@@ -223,6 +450,53 @@ openldap (2.4.57+dfsg-3) unstable; urgency=medium
223450
224 -- Ryan Tandy <ryan@nardis.ca> Sat, 15 May 2021 16:03:34 -0700451 -- Ryan Tandy <ryan@nardis.ca> Sat, 15 May 2021 16:03:34 -0700
225452
453openldap (2.4.57+dfsg-2ubuntu1) hirsute; urgency=medium
454
455 * Merge with Debian unstable. Remaining changes:
456 - Enable AppArmor support:
457 + d/apparmor-profile: add AppArmor profile
458 + d/rules: use dh_apparmor
459 + d/control: Build-Depends on dh-apparmor
460 + d/slapd.README.Debian: add note about AppArmor
461 - Enable GSSAPI support (first added in 2.4.18-0ubuntu2):
462 + d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
463 - Add --with-gssapi support
464 - Make guess_service_principal() more robust when determining
465 principal
466 + d/configure.options: Configure with --with-gssapi
467 + d/control: Added heimdal-dev as a build depend
468 + d/rules:
469 - Explicitly add -I/usr/include/heimdal to CFLAGS.
470 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
471 + d/libldap-2.4-2.symbols: add symbols for GSSAPI support
472 This should be dropped when the soname changes.
473 - Enable ufw support:
474 + d/control: suggest ufw.
475 + d/rules: install ufw profile.
476 + d/slapd.ufw.profile: add ufw profile.
477 - Enable nss overlay:
478 + d/rules:
479 - add nssov to CONTRIB_MODULES
480 - add sysconfdir to CONTRIB_MAKEVARS
481 + d/slapd.install: install nssov overlay
482 + d/slapd.manpages: install slapo-nssov(5) man page
483 + d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
484 Debian bug #919136, we also have to patch the nssov makefile
485 accordingly and thus update this patch.
486 - d/{rules,slapd.py}: Add apport hook.
487 - Add support for CLDAP (UDP) support, back then required by
488 likewise-open (first enabled in 2.4.17-1ubuntu2):
489 + d/rules: Enable -DLDAP_CONNECTIONLESS
490 + d/libldap-2.4-2.symbols: add symbols for CLDAP (UDP)
491 This should be dropped when the soname changes.
492 - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because
493 of test timing issue.
494 - d/rules: better regexp to match the Maintainer tag in d/control,
495 needed in the Ubuntu case because of XSBC-Original-Maintainer
496 (Closes #960448, LP #1875697)
497
498 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 18 Feb 2021 10:15:38 -0500
499
226openldap (2.4.57+dfsg-2) unstable; urgency=medium500openldap (2.4.57+dfsg-2) unstable; urgency=medium
227501
228 * Fix slapd assertion failure in Certificate List Exact Assertion validation502 * Fix slapd assertion failure in Certificate List Exact Assertion validation
@@ -252,6 +526,65 @@ openldap (2.4.57+dfsg-1) unstable; urgency=medium
252526
253 -- Ryan Tandy <ryan@nardis.ca> Sat, 23 Jan 2021 08:57:07 -0800527 -- Ryan Tandy <ryan@nardis.ca> Sat, 23 Jan 2021 08:57:07 -0800
254528
529openldap (2.4.56+dfsg-1ubuntu2) hirsute; urgency=medium
530
531 * debian/apparmor-profile: add AppArmor rule for locking replay cache.
532 In Hirsute, a change (presumably in src:krb5) has caused slapd to be
533 denied by AppArmor for locking /var/tmp/krb5_*.rcache2. This is
534 acceptable, so add it to the AppArmor profile. This fixes the dep8
535 test in src:krb5 that uses slapd for testing.
536
537 -- Robie Basak <robie.basak@ubuntu.com> Tue, 26 Jan 2021 13:02:40 +0000
538
539openldap (2.4.56+dfsg-1ubuntu1) hirsute; urgency=medium
540
541 * Merge with Debian unstable. Remaining changes:
542 - Enable AppArmor support:
543 + d/apparmor-profile: add AppArmor profile
544 + d/rules: use dh_apparmor
545 + d/control: Build-Depends on dh-apparmor
546 + d/slapd.README.Debian: add note about AppArmor
547 - Enable GSSAPI support (first added in 2.4.18-0ubuntu2):
548 + d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
549 - Add --with-gssapi support
550 - Make guess_service_principal() more robust when determining
551 principal
552 + d/configure.options: Configure with --with-gssapi
553 + d/control: Added heimdal-dev as a build depend
554 + d/rules:
555 - Explicitly add -I/usr/include/heimdal to CFLAGS.
556 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
557 + d/libldap-2.4-2.symbols: add symbols for GSSAPI support
558 This should be dropped when the soname changes.
559 - Enable ufw support:
560 + d/control: suggest ufw.
561 + d/rules: install ufw profile.
562 + d/slapd.ufw.profile: add ufw profile.
563 - Enable nss overlay:
564 + d/rules:
565 - add nssov to CONTRIB_MODULES
566 - add sysconfdir to CONTRIB_MAKEVARS
567 + d/slapd.install: install nssov overlay
568 + d/slapd.manpages: install slapo-nssov(5) man page
569 + d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
570 Debian bug #919136, we also have to patch the nssov makefile
571 accordingly and thus update this patch.
572 - d/{rules,slapd.py}: Add apport hook.
573 - Add support for CLDAP (UDP) support, back then required by
574 likewise-open (first enabled in 2.4.17-1ubuntu2):
575 + d/rules: Enable -DLDAP_CONNECTIONLESS
576 + d/libldap-2.4-2.symbols: add symbols for CLDAP (UDP)
577 This should be dropped when the soname changes.
578 - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because
579 of test timing issue.
580 - d/rules: better regexp to match the Maintainer tag in d/control,
581 needed in the Ubuntu case because of XSBC-Original-Maintainer
582 (Closes #960448, LP #1875697)
583 * d/apparmor-profile: use abstractions/ssl_keys instead of manual rules,
584 allows letsencrypt to work. Thanks to Paul McEnery (LP: #1909748)
585
586 -- Paride Legovini <paride.legovini@canonical.com> Mon, 04 Jan 2021 16:18:57 +0100
587
255openldap (2.4.56+dfsg-1) unstable; urgency=medium588openldap (2.4.56+dfsg-1) unstable; urgency=medium
256589
257 * New upstream release.590 * New upstream release.
@@ -278,12 +611,151 @@ openldap (2.4.54+dfsg-1) unstable; urgency=medium
278611
279 -- Ryan Tandy <ryan@nardis.ca> Sun, 18 Oct 2020 16:03:46 +0000612 -- Ryan Tandy <ryan@nardis.ca> Sun, 18 Oct 2020 16:03:46 +0000
280613
614openldap (2.4.53+dfsg-1ubuntu5) hirsute; urgency=medium
615
616 * SECURITY UPDATE: assertion failure in Certificate List syntax
617 validation
618 - debian/patches/CVE-2020-25709.patch: properly handle error in
619 servers/slapd/schema_init.c.
620 - CVE-2020-25709
621 * SECURITY UPDATE: assertion failure in CSN normalization with invalid
622 input
623 - debian/patches/CVE-2020-25710.patch: properly handle error in
624 servers/slapd/schema_init.c.
625 - CVE-2020-25710
626
627 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 17 Nov 2020 09:41:47 -0500
628
629openldap (2.4.53+dfsg-1ubuntu4) hirsute; urgency=medium
630
631 * SECURITY UPDATE: DoS via NULL pointer dereference
632 - debian/patches/CVE-2020-25692.patch: skip normalization if there's no
633 equality rule in servers/slapd/modrdn.c.
634 - CVE-2020-25692
635
636 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 09 Nov 2020 14:02:02 -0500
637
638openldap (2.4.53+dfsg-1ubuntu3) hirsute; urgency=medium
639
640 * No-change rebuild for the perl update.
641
642 -- Matthias Klose <doko@ubuntu.com> Mon, 09 Nov 2020 12:53:38 +0100
643
644openldap (2.4.53+dfsg-1ubuntu2) hirsute; urgency=medium
645
646 * No-change rebuild for the perl update.
647
648 -- Matthias Klose <doko@ubuntu.com> Mon, 09 Nov 2020 10:51:32 +0100
649
650openldap (2.4.53+dfsg-1ubuntu1) groovy; urgency=medium
651
652 * Merge with Debian unstable (LP: #1894838). Remaining changes:
653 - Enable AppArmor support:
654 + d/apparmor-profile: add AppArmor profile
655 + d/rules: use dh_apparmor
656 + d/control: Build-Depends on dh-apparmor
657 + d/slapd.README.Debian: add note about AppArmor
658 - Enable GSSAPI support (first added in 2.4.18-0ubuntu2):
659 + d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
660 - Add --with-gssapi support
661 - Make guess_service_principal() more robust when determining
662 principal
663 + d/configure.options: Configure with --with-gssapi
664 + d/control: Added heimdal-dev as a build depend
665 + d/rules:
666 - Explicitly add -I/usr/include/heimdal to CFLAGS.
667 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
668 + d/libldap-2.4-2.symbols: add symbols for GSSAPI support
669 This should be dropped when the soname changes.
670 - Enable ufw support:
671 + d/control: suggest ufw.
672 + d/rules: install ufw profile.
673 + d/slapd.ufw.profile: add ufw profile.
674 - Enable nss overlay:
675 + d/rules:
676 - add nssov to CONTRIB_MODULES
677 - add sysconfdir to CONTRIB_MAKEVARS
678 + d/slapd.install: install nssov overlay
679 + d/slapd.manpages: install slapo-nssov(5) man page
680 + d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
681 Debian bug #919136, we also have to patch the nssov makefile
682 accordingly and thus update this patch.
683 - d/{rules,slapd.py}: Add apport hook.
684 - Add support for CLDAP (UDP) support, back then required by
685 likewise-open (first enabled in 2.4.17-1ubuntu2):
686 + d/rules: Enable -DLDAP_CONNECTIONLESS
687 + d/libldap-2.4-2.symbols: add symbols for CLDAP (UDP)
688 This should be dropped when the soname changes.
689 - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because
690 of test timing issue.
691 - d/rules: better regexp to match the Maintainer tag in d/control,
692 needed in the Ubuntu case because of XSBC-Original-Maintainer
693 (Closes #960448, LP #1875697)
694
695 -- Andreas Hasenack <andreas@canonical.com> Tue, 08 Sep 2020 09:36:58 -0300
696
281openldap (2.4.53+dfsg-1) unstable; urgency=medium697openldap (2.4.53+dfsg-1) unstable; urgency=medium
282698
283 * New upstream release.699 * New upstream release.
284700
285 -- Ryan Tandy <ryan@nardis.ca> Mon, 07 Sep 2020 09:47:28 -0700701 -- Ryan Tandy <ryan@nardis.ca> Mon, 07 Sep 2020 09:47:28 -0700
286702
703openldap (2.4.51+dfsg-1ubuntu1) groovy; urgency=medium
704
705 * Merge with Debian unstable. Remaining changes:
706 - Enable AppArmor support:
707 + d/apparmor-profile: add AppArmor profile
708 + d/rules: use dh_apparmor
709 + d/control: Build-Depends on dh-apparmor
710 + d/slapd.README.Debian: add note about AppArmor
711 - Enable GSSAPI support (first added in 2.4.18-0ubuntu2):
712 + d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
713 - Add --with-gssapi support
714 - Make guess_service_principal() more robust when determining
715 principal
716 + d/configure.options: Configure with --with-gssapi
717 + d/control: Added heimdal-dev as a build depend
718 + d/rules:
719 - Explicitly add -I/usr/include/heimdal to CFLAGS.
720 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
721 + d/libldap-2.4-2.symbols: add symbols for GSSAPI support
722 This should be dropped when the soname changes.
723 - Enable ufw support:
724 + d/control: suggest ufw.
725 + d/rules: install ufw profile.
726 + d/slapd.ufw.profile: add ufw profile.
727 - Enable nss overlay:
728 + d/rules:
729 - add nssov to CONTRIB_MODULES
730 - add sysconfdir to CONTRIB_MAKEVARS
731 + d/slapd.install: install nssov overlay
732 + d/slapd.manpages: install slapo-nssov(5) man page
733 + d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
734 Debian bug #919136, we also have to patch the nssov makefile
735 accordingly and thus update this patch.
736 - d/{rules,slapd.py}: Add apport hook.
737 - Add support for CLDAP (UDP) support, back then required by
738 likewise-open (first enabled in 2.4.17-1ubuntu2):
739 + d/rules: Enable -DLDAP_CONNECTIONLESS
740 + d/libldap-2.4-2.symbols: add symbols for CLDAP (UDP)
741 This should be dropped when the soname changes.
742 - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because
743 of test timing issue.
744 - d/rules: better regexp to match the Maintainer tag in d/control,
745 needed in the Ubuntu case because of XSBC-Original-Maintainer
746 (Closes #960448, LP #1875697)
747 * Dropped:
748 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
749 [In 2.4.51+dfsg-1]
750 - d/slapd.scripts-common:
751 + add slapcat_opts to local variables.
752 + Fix backup directory naming for multiple reconfiguration.
753 [In 2.4.51+dfsg-1]
754 - debian/patches/set-maintainer-name: our d/rules change needs to
755 be kept, but this patch is in 2.4.51+dfsg-1.
756
757 -- Andreas Hasenack <andreas@canonical.com> Wed, 26 Aug 2020 11:03:24 -0300
758
287openldap (2.4.51+dfsg-1) unstable; urgency=medium759openldap (2.4.51+dfsg-1) unstable; urgency=medium
288760
289 * New upstream release.761 * New upstream release.
@@ -329,6 +801,85 @@ openldap (2.4.51+dfsg-1) unstable; urgency=medium
329801
330 -- Ryan Tandy <ryan@nardis.ca> Sun, 23 Aug 2020 11:09:57 -0700802 -- Ryan Tandy <ryan@nardis.ca> Sun, 23 Aug 2020 11:09:57 -0700
331803
804openldap (2.4.50+dfsg-1ubuntu3) groovy; urgency=medium
805
806 * No change rebuild against new libnettle8 and libhogweed6 ABI.
807
808 -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 29 Jun 2020 22:31:30 +0100
809
810openldap (2.4.50+dfsg-1ubuntu2) groovy; urgency=medium
811
812 * d/apparmor-profile: Update apparmor profile to grant access to
813 the saslauthd socket, so that SASL authentication works. (LP: #1557157)
814
815 -- Sergio Durigan Junior <sergio.durigan@canonical.com> Fri, 12 Jun 2020 18:20:42 -0400
816
817openldap (2.4.50+dfsg-1ubuntu1) groovy; urgency=medium
818
819 * Merge with Debian unstable. Remaining changes:
820 - Enable AppArmor support:
821 + d/apparmor-profile: add AppArmor profile
822 + d/rules: use dh_apparmor
823 + d/control: Build-Depends on dh-apparmor
824 + d/slapd.README.Debian: add note about AppArmor
825 - Enable GSSAPI support (first added in 2.4.18-0ubuntu2):
826 + d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
827 - Add --with-gssapi support
828 - Make guess_service_principal() more robust when determining
829 principal
830 + d/configure.options: Configure with --with-gssapi
831 + d/control: Added heimdal-dev as a build depend
832 + d/rules:
833 - Explicitly add -I/usr/include/heimdal to CFLAGS.
834 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
835 + d/libldap-2.4-2.symbols: add symbols for GSSAPI support
836 This should be dropped when the soname changes.
837 - Enable ufw support:
838 + d/control: suggest ufw.
839 + d/rules: install ufw profile.
840 + d/slapd.ufw.profile: add ufw profile.
841 - Enable nss overlay:
842 + d/rules:
843 - add nssov to CONTRIB_MODULES
844 - add sysconfdir to CONTRIB_MAKEVARS
845 + d/slapd.install:
846 - install nssov overlay
847 + d/slapd.manpages:
848 - install slapo-nssov(5) man page
849 + d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
850 Debian bug #919136, we also have to patch the nssov makefile
851 accordingly and thus update this patch.
852 - d/{rules,slapd.py}: Add apport hook.
853 - d/slapd.scripts-common:
854 + add slapcat_opts to local variables.
855 + Fix backup directory naming for multiple reconfiguration.
856 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
857 - Add support for CLDAP (UDP) support, back then required by
858 likewise-open (first enabled in 2.4.17-1ubuntu2):
859 + d/rules: Enable -DLDAP_CONNECTIONLESS
860 + d/libldap-2.4-2.symbols: add symbols for CLDAP (UDP)
861 This should be dropped when the soname changes.
862 - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because
863 of test timing issue.
864 * Dropped:
865 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
866 either the default DIT nor via an Authn mapping.
867 [Not worth keeping a delta for, as having olcRootDN doesn't hurt]
868 - Show distribution in version:
869 - d/control: added lsb-release
870 - d/patches/fix-ldap-distribution.patch: show distribution in version
871 [Debian now shows the full package version]
872 - SECURITY UPDATE: denial of service via nested search filters
873 + debian/patches/CVE-2020-12243.patch: limit depth of nested
874 filters in servers/slapd/filter.c.
875 [Fixed upstream]
876 * Added:
877 - d/rules, debian/patches/set-maintainer-name: Extract maintainer
878 address dynamically from debian/control. Thanks to Ryan Tandy
879 <ryan@nardis.ca> (Closes: #960448, LP: #1875697)
880
881 -- Andreas Hasenack <andreas@canonical.com> Mon, 01 Jun 2020 09:19:58 -0300
882
332openldap (2.4.50+dfsg-1) unstable; urgency=medium883openldap (2.4.50+dfsg-1) unstable; urgency=medium
333884
334 * New upstream release.885 * New upstream release.
@@ -371,6 +922,69 @@ openldap (2.4.49+dfsg-3) unstable; urgency=medium
371922
372 -- Ryan Tandy <ryan@nardis.ca> Sat, 04 Apr 2020 10:43:56 -0700923 -- Ryan Tandy <ryan@nardis.ca> Sat, 04 Apr 2020 10:43:56 -0700
373924
925openldap (2.4.49+dfsg-2ubuntu2) groovy; urgency=medium
926
927 * SECURITY UPDATE: denial of service via nested search filters
928 - debian/patches/CVE-2020-12243.patch: limit depth of nested filters in
929 servers/slapd/filter.c.
930 - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because of
931 test timing issue.
932 - CVE-2020-12243
933
934 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 01 May 2020 13:09:12 -0400
935
936openldap (2.4.49+dfsg-2ubuntu1) focal; urgency=medium
937
938 * Merge with Debian unstable (LP: #1866303). Remaining changes:
939 - Enable AppArmor support:
940 - d/apparmor-profile: add AppArmor profile
941 - d/rules: use dh_apparmor
942 - d/control: Build-Depends on dh-apparmor
943 - d/slapd.README.Debian: add note about AppArmor
944 - Enable GSSAPI support:
945 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
946 - Add --with-gssapi support
947 - Make guess_service_principal() more robust when determining
948 principal
949 [Dropped the ldap_gssapi_bind_s() hunk as that is already
950 - d/configure.options: Configure with --with-gssapi
951 - d/control: Added heimdal-dev as a build depend
952 - d/rules:
953 - Explicitly add -I/usr/include/heimdal to CFLAGS.
954 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
955 - Enable ufw support:
956 - d/control: suggest ufw.
957 - d/rules: install ufw profile.
958 - d/slapd.ufw.profile: add ufw profile.
959 - Enable nss overlay:
960 - d/rules:
961 - add nssov to CONTRIB_MODULES
962 - add sysconfdir to CONTRIB_MAKEVARS
963 - d/slapd.install:
964 - install nssov overlay
965 - d/slapd.manpages:
966 - install slapo-nssov(5) man page
967 - d/{rules,slapd.py}: Add apport hook.
968 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
969 either the default DIT nor via an Authn mapping.
970 - d/slapd.scripts-common:
971 - add slapcat_opts to local variables.
972 - Fix backup directory naming for multiple reconfiguration.
973 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
974 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
975 in the openldap library, as required by Likewise-Open
976 - Show distribution in version:
977 - d/control: added lsb-release
978 - d/patches/fix-ldap-distribution.patch: show distribution in version
979 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
980 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
981 - GSSAPI support was enabled in 2.4.18-0ubuntu2
982 - d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
983 Debian bug #919136, we also have to patch the nssov makefile
984 accordingly and thus update this patch.
985
986 -- Andreas Hasenack <andreas@canonical.com> Fri, 06 Mar 2020 11:39:12 -0300
987
374openldap (2.4.49+dfsg-2) unstable; urgency=medium988openldap (2.4.49+dfsg-2) unstable; urgency=medium
375989
376 * slapd.README.Debian: Document the initial setup performed by slapd's990 * slapd.README.Debian: Document the initial setup performed by slapd's
@@ -382,6 +996,62 @@ openldap (2.4.49+dfsg-2) unstable; urgency=medium
382996
383 -- Ryan Tandy <ryan@nardis.ca> Thu, 05 Mar 2020 12:59:46 -0800997 -- Ryan Tandy <ryan@nardis.ca> Thu, 05 Mar 2020 12:59:46 -0800
384998
999openldap (2.4.49+dfsg-1ubuntu1) focal; urgency=medium
1000
1001 * Merge with Debian unstable. Remaining changes:
1002 - Enable AppArmor support:
1003 - d/apparmor-profile: add AppArmor profile
1004 - d/rules: use dh_apparmor
1005 - d/control: Build-Depends on dh-apparmor
1006 - d/slapd.README.Debian: add note about AppArmor
1007 - Enable GSSAPI support:
1008 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1009 - Add --with-gssapi support
1010 - Make guess_service_principal() more robust when determining
1011 principal
1012 [Dropped the ldap_gssapi_bind_s() hunk as that is already
1013 - d/configure.options: Configure with --with-gssapi
1014 - d/control: Added heimdal-dev as a build depend
1015 - d/rules:
1016 - Explicitly add -I/usr/include/heimdal to CFLAGS.
1017 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1018 - Enable ufw support:
1019 - d/control: suggest ufw.
1020 - d/rules: install ufw profile.
1021 - d/slapd.ufw.profile: add ufw profile.
1022 - Enable nss overlay:
1023 - d/rules:
1024 - add nssov to CONTRIB_MODULES
1025 - add sysconfdir to CONTRIB_MAKEVARS
1026 - d/slapd.install:
1027 - install nssov overlay
1028 - d/slapd.manpages:
1029 - install slapo-nssov(5) man page
1030 - d/{rules,slapd.py}: Add apport hook.
1031 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1032 either the default DIT nor via an Authn mapping.
1033 - d/slapd.scripts-common:
1034 - add slapcat_opts to local variables.
1035 - Fix backup directory naming for multiple reconfiguration.
1036 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1037 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1038 in the openldap library, as required by Likewise-Open
1039 - Show distribution in version:
1040 - d/control: added lsb-release
1041 - d/patches/fix-ldap-distribution.patch: show distribution in version
1042 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1043 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1044 - GSSAPI support was enabled in 2.4.18-0ubuntu2
1045 - d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
1046 Debian bug #919136, we also have to patch the nssov makefile
1047 accordingly and thus update this patch.
1048 * Dropped:
1049 - d/control: slapd can depend on perl:any since it only uses perl for
1050 some maintainer and helper scripts.
1051 [In 2.4.49+dfsg-1]
1052
1053 -- Andreas Hasenack <andreas@canonical.com> Mon, 10 Feb 2020 12:13:47 -0300
1054
385openldap (2.4.49+dfsg-1) unstable; urgency=medium1055openldap (2.4.49+dfsg-1) unstable; urgency=medium
3861056
387 * New upstream release.1057 * New upstream release.
@@ -410,6 +1080,102 @@ openldap (2.4.49+dfsg-1) unstable; urgency=medium
4101080
411 -- Ryan Tandy <ryan@nardis.ca> Thu, 06 Feb 2020 10:08:12 -08001081 -- Ryan Tandy <ryan@nardis.ca> Thu, 06 Feb 2020 10:08:12 -0800
4121082
1083openldap (2.4.48+dfsg-1ubuntu4) focal; urgency=medium
1084
1085 * d/control: slapd can depend on perl:any since it only uses perl for
1086 some maintainer and helper scripts. The perl backend links against
1087 the correct architecture perl libraries already. Can be dropped
1088 after https://salsa.debian.org/openldap-team/openldap/commit/794c736
1089 is in a Debian upload.
1090
1091 -- Andreas Hasenack <andreas@canonical.com> Mon, 06 Jan 2020 16:46:11 -0300
1092
1093openldap (2.4.48+dfsg-1ubuntu3) focal; urgency=medium
1094
1095 * No-change rebuild against libnettle7
1096
1097 -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 31 Oct 2019 22:13:44 +0000
1098
1099openldap (2.4.48+dfsg-1ubuntu2) focal; urgency=medium
1100
1101 * No-change rebuild for the perl update.
1102
1103 -- Matthias Klose <doko@ubuntu.com> Fri, 18 Oct 2019 19:37:23 +0000
1104
1105openldap (2.4.48+dfsg-1ubuntu1) eoan; urgency=medium
1106
1107 * Merge with Debian unstable. Remaining changes:
1108 - Enable AppArmor support:
1109 - d/apparmor-profile: add AppArmor profile
1110 - d/rules: use dh_apparmor
1111 - d/control: Build-Depends on dh-apparmor
1112 - d/slapd.README.Debian: add note about AppArmor
1113 - Enable GSSAPI support:
1114 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1115 - Add --with-gssapi support
1116 - Make guess_service_principal() more robust when determining
1117 principal
1118 - d/configure.options: Configure with --with-gssapi
1119 - d/control: Added heimdal-dev as a build depend
1120 - d/rules:
1121 - Explicitly add -I/usr/include/heimdal to CFLAGS.
1122 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1123 - Enable ufw support:
1124 - d/control: suggest ufw.
1125 - d/rules: install ufw profile.
1126 - d/slapd.ufw.profile: add ufw profile.
1127 - Enable nss overlay:
1128 - d/rules:
1129 - add nssov to CONTRIB_MODULES
1130 - add sysconfdir to CONTRIB_MAKEVARS
1131 - d/slapd.install:
1132 - install nssov overlay
1133 - d/slapd.manpages:
1134 - install slapo-nssov(5) man page
1135 - d/{rules,slapd.py}: Add apport hook.
1136 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1137 either the default DIT nor via an Authn mapping.
1138 - d/slapd.scripts-common:
1139 - add slapcat_opts to local variables.
1140 - Fix backup directory naming for multiple reconfiguration.
1141 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1142 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1143 in the openldap library, as required by Likewise-Open
1144 - Show distribution in version:
1145 - d/control: added lsb-release
1146 - d/patches/fix-ldap-distribution.patch: show distribution in version
1147 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1148 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1149 - GSSAPI support was enabled in 2.4.18-0ubuntu2
1150 - d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
1151 Debian bug #919136, we also have to patch the nssov makefile
1152 accordingly and thus update this patch.
1153 * Dropped:
1154 - Fix sysv-generator unit file by customizing parameters (LP #1821343)
1155 + d/slapd-remain-after-exit.conf: Override RemainAfterExit to allow
1156 correct systemctl status for slapd daemon.
1157 + d/slapd.install: place override file in correct location.
1158 [Included in 2.4.48+dfsg-1]
1159 - SECURITY UPDATE: rootDN proxyauthz not restricted to its own databases
1160 + debian/patches/CVE-2019-13057-1.patch: add restriction to
1161 servers/slapd/saslauthz.c.
1162 + debian/patches/CVE-2019-13057-2.patch: add tests to
1163 tests/data/idassert.out, tests/data/slapd-idassert.conf,
1164 tests/data/test-idassert1.ldif, tests/scripts/test028-idassert.
1165 + debian/patches/CVE-2019-13057-3.patch: fix typo in
1166 tests/scripts/test028-idassert.
1167 + debian/patches/CVE-2019-13057-4.patch: fix typo in
1168 tests/scripts/test028-idassert.
1169 + CVE-2019-13057
1170 [Fixed upstream]
1171 - SECURITY UPDATE: SASL SSF not initialized per connection
1172 + debian/patches/CVE-2019-13565.patch: zero out sasl_ssf in
1173 connection_init in servers/slapd/connection.c.
1174 + CVE-2019-13565
1175 [Fixed upstream]
1176
1177 -- Andreas Hasenack <andreas@canonical.com> Wed, 31 Jul 2019 18:01:14 -0300
1178
413openldap (2.4.48+dfsg-1) unstable; urgency=medium1179openldap (2.4.48+dfsg-1) unstable; urgency=medium
4141180
415 * New upstream release.1181 * New upstream release.
@@ -437,6 +1203,87 @@ openldap (2.4.48+dfsg-1) unstable; urgency=medium
4371203
438 -- Ryan Tandy <ryan@nardis.ca> Thu, 25 Jul 2019 08:32:00 -07001204 -- Ryan Tandy <ryan@nardis.ca> Thu, 25 Jul 2019 08:32:00 -0700
4391205
1206openldap (2.4.47+dfsg-3ubuntu3) eoan; urgency=medium
1207
1208 * SECURITY UPDATE: rootDN proxyauthz not restricted to its own databases
1209 - debian/patches/CVE-2019-13057-1.patch: add restriction to
1210 servers/slapd/saslauthz.c.
1211 - debian/patches/CVE-2019-13057-2.patch: add tests to
1212 tests/data/idassert.out, tests/data/slapd-idassert.conf,
1213 tests/data/test-idassert1.ldif, tests/scripts/test028-idassert.
1214 - debian/patches/CVE-2019-13057-3.patch: fix typo in
1215 tests/scripts/test028-idassert.
1216 - debian/patches/CVE-2019-13057-4.patch: fix typo in
1217 tests/scripts/test028-idassert.
1218 - CVE-2019-13057
1219 * SECURITY UPDATE: SASL SSF not initialized per connection
1220 - debian/patches/CVE-2019-13565.patch: zero out sasl_ssf in
1221 connection_init in servers/slapd/connection.c.
1222 - CVE-2019-13565
1223
1224 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 26 Jul 2019 13:21:00 -0400
1225
1226openldap (2.4.47+dfsg-3ubuntu2) disco; urgency=medium
1227
1228 * Fix sysv-generator unit file by customizing parameters (LP: #1821343)
1229 - d/slapd-remain-after-exit.conf: Override RemainAfterExit to allow
1230 correct systemctl status for slapd daemon.
1231 - d/slapd.install: place override file in correct location.
1232
1233 -- Heitor Alves de Siqueira <halves@canonical.com> Mon, 08 Apr 2019 12:39:12 -0300
1234
1235openldap (2.4.47+dfsg-3ubuntu1) disco; urgency=medium
1236
1237 * Merge with Debian unstable. Remaining changes:
1238 - Enable AppArmor support:
1239 - d/apparmor-profile: add AppArmor profile
1240 - d/rules: use dh_apparmor
1241 - d/control: Build-Depends on dh-apparmor
1242 - d/slapd.README.Debian: add note about AppArmor
1243 - Enable GSSAPI support:
1244 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1245 - Add --with-gssapi support
1246 - Make guess_service_principal() more robust when determining
1247 principal
1248 - d/configure.options: Configure with --with-gssapi
1249 - d/control: Added heimdal-dev as a build depend
1250 - d/rules:
1251 - Explicitly add -I/usr/include/heimdal to CFLAGS.
1252 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1253 - Enable ufw support:
1254 - d/control: suggest ufw.
1255 - d/rules: install ufw profile.
1256 - d/slapd.ufw.profile: add ufw profile.
1257 - Enable nss overlay:
1258 - d/rules:
1259 - add nssov to CONTRIB_MODULES
1260 - add sysconfdir to CONTRIB_MAKEVARS
1261 - d/slapd.install:
1262 - install nssov overlay
1263 - d/slapd.manpages:
1264 - install slapo-nssov(5) man page
1265 - d/{rules,slapd.py}: Add apport hook.
1266 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1267 either the default DIT nor via an Authn mapping.
1268 - d/slapd.scripts-common:
1269 - add slapcat_opts to local variables.
1270 - Fix backup directory naming for multiple reconfiguration.
1271 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1272 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1273 in the openldap library, as required by Likewise-Open
1274 - Show distribution in version:
1275 - d/control: added lsb-release
1276 - d/patches/fix-ldap-distribution.patch: show distribution in version
1277 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1278 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1279 - GSSAPI support was enabled in 2.4.18-0ubuntu2
1280 * Added changes:
1281 - d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
1282 Debian bug #919136, we also have to patch the nssov makefile
1283 accordingly and thus update this patch.
1284
1285 -- Andreas Hasenack <andreas@canonical.com> Mon, 11 Feb 2019 09:20:47 -0200
1286
440openldap (2.4.47+dfsg-3) unstable; urgency=medium1287openldap (2.4.47+dfsg-3) unstable; urgency=medium
4411288
442 * Restore patches to contrib Makefiles to set CFLAGS, CPPFLAGS, and LDFLAGS1289 * Restore patches to contrib Makefiles to set CFLAGS, CPPFLAGS, and LDFLAGS
@@ -452,6 +1299,63 @@ openldap (2.4.47+dfsg-3) unstable; urgency=medium
4521299
453 -- Ryan Tandy <ryan@nardis.ca> Sat, 02 Feb 2019 10:30:10 -08001300 -- Ryan Tandy <ryan@nardis.ca> Sat, 02 Feb 2019 10:30:10 -0800
4541301
1302openldap (2.4.47+dfsg-2ubuntu1) disco; urgency=medium
1303
1304 * Merge from Debian unstable (LP: #1811630). Remaining changes:
1305 - Enable AppArmor support:
1306 - d/apparmor-profile: add AppArmor profile
1307 - d/rules: use dh_apparmor
1308 - d/control: Build-Depends on dh-apparmor
1309 - d/slapd.README.Debian: add note about AppArmor
1310 - Enable GSSAPI support:
1311 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1312 - Add --with-gssapi support
1313 - Make guess_service_principal() more robust when determining
1314 principal
1315 - d/configure.options: Configure with --with-gssapi
1316 - d/control: Added heimdal-dev as a build depend
1317 - d/rules:
1318 - Explicitly add -I/usr/include/heimdal to CFLAGS.
1319 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1320 - Enable ufw support:
1321 - d/control: suggest ufw.
1322 - d/rules: install ufw profile.
1323 - d/slapd.ufw.profile: add ufw profile.
1324 - Enable nss overlay:
1325 - d/rules:
1326 - add nssov to CONTRIB_MODULES
1327 - add sysconfdir to CONTRIB_MAKEVARS
1328 - d/slapd.install:
1329 - install nssov overlay
1330 - d/slapd.manpages:
1331 - install slapo-nssov(5) man page
1332 - d/{rules,slapd.py}: Add apport hook.
1333 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1334 either the default DIT nor via an Authn mapping.
1335 - d/slapd.scripts-common:
1336 - add slapcat_opts to local variables.
1337 - Fix backup directory naming for multiple reconfiguration.
1338 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1339 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1340 in the openldap library, as required by Likewise-Open
1341 - Show distribution in version:
1342 - d/control: added lsb-release
1343 - d/patches/fix-ldap-distribution.patch: show distribution in version
1344 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1345 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1346 - GSSAPI support was enabled in 2.4.18-0ubuntu2
1347 * Update nssov build and packaging for Debian changes:
1348 - Drop patch nssov-build
1349 - d/rules:
1350 - add nssov to CONTRIB_MODULES
1351 - add sysconfdir to CONTRIB_MAKEVARS
1352 - d/slapd.install:
1353 - install nssov overlay
1354 - d/slapd.manpages:
1355 - install slapo-nssov(5) man page
1356
1357 -- Ryan Tandy <ryan@nardis.ca> Sun, 13 Jan 2019 04:47:09 +0000
1358
455openldap (2.4.47+dfsg-2) unstable; urgency=medium1359openldap (2.4.47+dfsg-2) unstable; urgency=medium
4561360
457 * Reintroduce slapi-dev binary package. (Closes: #711469)1361 * Reintroduce slapi-dev binary package. (Closes: #711469)
@@ -489,6 +1393,63 @@ openldap (2.4.47+dfsg-1) unstable; urgency=medium
4891393
490 -- Ryan Tandy <ryan@nardis.ca> Sun, 23 Dec 2018 12:50:40 -08001394 -- Ryan Tandy <ryan@nardis.ca> Sun, 23 Dec 2018 12:50:40 -0800
4911395
1396openldap (2.4.46+dfsg-5ubuntu3) disco; urgency=medium
1397
1398 * d/apparmor-profile: update apparmor profile to allow reading of
1399 files needed when slapd is behaving as a kerberos/gssapi client
1400 and acquiring its own ticket. (LP: #1783183)
1401
1402 -- Andreas Hasenack <andreas@canonical.com> Fri, 09 Nov 2018 21:29:51 -0200
1403
1404openldap (2.4.46+dfsg-5ubuntu2) disco; urgency=medium
1405
1406 * No-change rebuild for the perl 5.28 transition.
1407
1408 -- Adam Conrad <adconrad@ubuntu.com> Fri, 02 Nov 2018 18:14:37 -0600
1409
1410openldap (2.4.46+dfsg-5ubuntu1) cosmic; urgency=medium
1411
1412 * Merge from Debian unstable. Remaining changes:
1413 - Enable AppArmor support:
1414 - d/apparmor-profile: add AppArmor profile
1415 - d/rules: use dh_apparmor
1416 - d/control: Build-Depends on dh-apparmor
1417 - d/slapd.README.Debian: add note about AppArmor
1418 - Enable GSSAPI support:
1419 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1420 - Add --with-gssapi support
1421 - Make guess_service_principal() more robust when determining
1422 principal
1423 - d/configure.options: Configure with --with-gssapi
1424 - d/control: Added heimdal-dev as a build depend
1425 - d/rules:
1426 - Explicitly add -I/usr/include/heimdal to CFLAGS.
1427 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1428 - Enable ufw support:
1429 - d/control: suggest ufw.
1430 - d/rules: install ufw profile.
1431 - d/slapd.ufw.profile: add ufw profile.
1432 - Enable nss overlay:
1433 - d/{patches/nssov-build,rules}: Apply, build and package the
1434 nss overlay.
1435 - d/{rules,slapd.py}: Add apport hook.
1436 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1437 either the default DIT nor via an Authn mapping.
1438 - d/slapd.scripts-common:
1439 - add slapcat_opts to local variables.
1440 - Fix backup directory naming for multiple reconfiguration.
1441 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1442 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1443 in the openldap library, as required by Likewise-Open
1444 - Show distribution in version:
1445 - d/control: added lsb-release
1446 - d/patches/fix-ldap-distribution.patch: show distribution in version
1447 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1448 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1449 - GSSAPI support was enabled in 2.4.18-0ubuntu2
1450
1451 -- Gianfranco Costamagna <locutusofborg@debian.org> Wed, 09 May 2018 13:44:37 +0200
1452
492openldap (2.4.46+dfsg-5) unstable; urgency=medium1453openldap (2.4.46+dfsg-5) unstable; urgency=medium
4931454
494 * Restore slapd-smbk5pwd now that libldap is installable in unstable.1455 * Restore slapd-smbk5pwd now that libldap is installable in unstable.
@@ -508,6 +1469,49 @@ openldap (2.4.46+dfsg-3) unstable; urgency=medium
5081469
509 -- Ryan Tandy <ryan@nardis.ca> Fri, 04 May 2018 07:36:58 -07001470 -- Ryan Tandy <ryan@nardis.ca> Fri, 04 May 2018 07:36:58 -0700
5101471
1472openldap (2.4.46+dfsg-2ubuntu1) cosmic; urgency=low
1473
1474 * Merge from Debian unstable. Remaining changes:
1475 - Enable AppArmor support:
1476 - d/apparmor-profile: add AppArmor profile
1477 - d/rules: use dh_apparmor
1478 - d/control: Build-Depends on dh-apparmor
1479 - d/slapd.README.Debian: add note about AppArmor
1480 - Enable GSSAPI support:
1481 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1482 - Add --with-gssapi support
1483 - Make guess_service_principal() more robust when determining
1484 principal
1485 - d/configure.options: Configure with --with-gssapi
1486 - d/control: Added heimdal-dev as a build depend
1487 - d/rules:
1488 - Explicitly add -I/usr/include/heimdal to CFLAGS.
1489 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1490 - Enable ufw support:
1491 - d/control: suggest ufw.
1492 - d/rules: install ufw profile.
1493 - d/slapd.ufw.profile: add ufw profile.
1494 - Enable nss overlay:
1495 - d/{patches/nssov-build,rules}: Apply, build and package the
1496 nss overlay.
1497 - d/{rules,slapd.py}: Add apport hook.
1498 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1499 either the default DIT nor via an Authn mapping.
1500 - d/slapd.scripts-common:
1501 - add slapcat_opts to local variables.
1502 - Fix backup directory naming for multiple reconfiguration.
1503 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1504 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1505 in the openldap library, as required by Likewise-Open
1506 - Show distribution in version:
1507 - d/control: added lsb-release
1508 - d/patches/fix-ldap-distribution.patch: show distribution in version
1509 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1510 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1511 - GSSAPI support was enabled in 2.4.18-0ubuntu2
1512
1513 -- Gianfranco Costamagna <locutusofborg@debian.org> Fri, 04 May 2018 10:19:24 +0200
1514
511openldap (2.4.46+dfsg-2) unstable; urgency=medium1515openldap (2.4.46+dfsg-2) unstable; urgency=medium
5121516
513 * Remove version constraint from libldap-2.4-2 dependency on libldap-common.1517 * Remove version constraint from libldap-2.4-2 dependency on libldap-common.
@@ -537,6 +1541,49 @@ openldap (2.4.46+dfsg-1) unstable; urgency=medium
5371541
538 -- Ryan Tandy <ryan@nardis.ca> Thu, 03 May 2018 07:03:30 -07001542 -- Ryan Tandy <ryan@nardis.ca> Thu, 03 May 2018 07:03:30 -0700
5391543
1544openldap (2.4.45+dfsg-1ubuntu1) artful; urgency=low
1545
1546 * Merge from Debian unstable. Remaining changes:
1547 - Enable AppArmor support:
1548 - d/apparmor-profile: add AppArmor profile
1549 - d/rules: use dh_apparmor
1550 - d/control: Build-Depends on dh-apparmor
1551 - d/slapd.README.Debian: add note about AppArmor
1552 - Enable GSSAPI support:
1553 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1554 - Add --with-gssapi support
1555 - Make guess_service_principal() more robust when determining
1556 principal
1557 - d/configure.options: Configure with --with-gssapi
1558 - d/control: Added heimdal-dev as a build depend
1559 - d/rules:
1560 - Explicitly add -I/usr/include/heimdal to CFLAGS.
1561 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1562 - Enable ufw support:
1563 - d/control: suggest ufw.
1564 - d/rules: install ufw profile.
1565 - d/slapd.ufw.profile: add ufw profile.
1566 - Enable nss overlay:
1567 - d/{patches/nssov-build,rules}: Apply, build and package the
1568 nss overlay.
1569 - d/{rules,slapd.py}: Add apport hook.
1570 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1571 either the default DIT nor via an Authn mapping.
1572 - d/slapd.scripts-common:
1573 - add slapcat_opts to local variables.
1574 - Fix backup directory naming for multiple reconfiguration.
1575 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1576 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1577 in the openldap library, as required by Likewise-Open
1578 - Show distribution in version:
1579 - d/control: added lsb-release
1580 - d/patches/fix-ldap-distribution.patch: show distribution in version
1581 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1582 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1583 - GSSAPI support was enabled in 2.4.18-0ubuntu2
1584
1585 -- Gianfranco Costamagna <locutusofborg@debian.org> Fri, 28 Jul 2017 14:49:07 +0200
1586
540openldap (2.4.45+dfsg-1) unstable; urgency=medium1587openldap (2.4.45+dfsg-1) unstable; urgency=medium
5411588
542 * New upstream release.1589 * New upstream release.
@@ -578,6 +1625,49 @@ openldap (2.4.45+dfsg-1) unstable; urgency=medium
5781625
579 -- Ryan Tandy <ryan@nardis.ca> Thu, 27 Jul 2017 18:04:41 -07001626 -- Ryan Tandy <ryan@nardis.ca> Thu, 27 Jul 2017 18:04:41 -0700
5801627
1628openldap (2.4.44+dfsg-8ubuntu1) artful; urgency=low
1629
1630 * Merge from Debian unstable. Remaining changes:
1631 - Enable AppArmor support:
1632 - d/apparmor-profile: add AppArmor profile
1633 - d/rules: use dh_apparmor
1634 - d/control: Build-Depends on dh-apparmor
1635 - d/slapd.README.Debian: add note about AppArmor
1636 - Enable GSSAPI support:
1637 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1638 - Add --with-gssapi support
1639 - Make guess_service_principal() more robust when determining
1640 principal
1641 - d/configure.options: Configure with --with-gssapi
1642 - d/control: Added heimdal-dev as a build depend
1643 - d/rules:
1644 - Explicitly add -I/usr/include/heimdal to CFLAGS.
1645 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1646 - Enable ufw support:
1647 - d/control: suggest ufw.
1648 - d/rules: install ufw profile.
1649 - d/slapd.ufw.profile: add ufw profile.
1650 - Enable nss overlay:
1651 - d/{patches/nssov-build,rules}: Apply, build and package the
1652 nss overlay.
1653 - d/{rules,slapd.py}: Add apport hook.
1654 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1655 either the default DIT nor via an Authn mapping.
1656 - d/slapd.scripts-common:
1657 - add slapcat_opts to local variables.
1658 - Fix backup directory naming for multiple reconfiguration.
1659 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1660 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1661 in the openldap library, as required by Likewise-Open
1662 - Show distribution in version:
1663 - d/control: added lsb-release
1664 - d/patches/fix-ldap-distribution.patch: show distribution in version
1665 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1666 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1667 - GSSAPI support was enabled in 2.4.18-0ubuntu2
1668
1669 -- Gianfranco Costamagna <locutusofborg@debian.org> Mon, 17 Jul 2017 10:58:24 +0200
1670
581openldap (2.4.44+dfsg-8) unstable; urgency=medium1671openldap (2.4.44+dfsg-8) unstable; urgency=medium
5821672
583 * Disable test060-mt-hot on ppc64el temporarily to avoid failing tests until1673 * Disable test060-mt-hot on ppc64el temporarily to avoid failing tests until
@@ -588,6 +1678,52 @@ openldap (2.4.44+dfsg-8) unstable; urgency=medium
5881678
589 -- Ryan Tandy <ryan@nardis.ca> Sun, 16 Jul 2017 12:57:41 -07001679 -- Ryan Tandy <ryan@nardis.ca> Sun, 16 Jul 2017 12:57:41 -0700
5901680
1681openldap (2.4.44+dfsg-7ubuntu1) artful; urgency=medium
1682
1683 * Merge from Debian unstable. Remaining changes:
1684 - Enable AppArmor support:
1685 - d/apparmor-profile: add AppArmor profile
1686 - d/rules: use dh_apparmor
1687 - d/control: Build-Depends on dh-apparmor
1688 - d/slapd.README.Debian: add note about AppArmor
1689 - Enable GSSAPI support:
1690 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1691 - Add --with-gssapi support
1692 - Make guess_service_principal() more robust when determining
1693 principal
1694 - d/configure.options: Configure with --with-gssapi
1695 - d/control: Added heimdal-dev as a build depend
1696 - d/rules:
1697 - Explicitly add -I/usr/include/heimdal to CFLAGS.
1698 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1699 - Enable ufw support:
1700 - d/control: suggest ufw.
1701 - d/rules: install ufw profile.
1702 - d/slapd.ufw.profile: add ufw profile.
1703 - Enable nss overlay:
1704 - d/{patches/nssov-build,rules}: Apply, build and package the
1705 nss overlay.
1706 - d/{rules,slapd.py}: Add apport hook.
1707 [ d/rules modification mentioned above was dropped in
1708 2.4.23-6ubuntu1, re-adding it ]
1709 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1710 either the default DIT nor via an Authn mapping.
1711 - d/slapd.scripts-common:
1712 - add slapcat_opts to local variables.
1713 - Fix backup directory naming for multiple reconfiguration.
1714 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1715 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1716 in the openldap library, as required by Likewise-Open
1717 - Show distribution in version:
1718 - d/control: added lsb-release
1719 - d/patches/fix-ldap-distribution.patch: show distribution in version
1720 [ Refreshed patch ]
1721 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1722 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1723 - GSSAPI support was enabled in 2.4.18-0ubuntu2
1724
1725 -- Gianfranco Costamagna <locutusofborg@debian.org> Tue, 27 Jun 2017 10:21:41 +0200
1726
591openldap (2.4.44+dfsg-7) unstable; urgency=medium1727openldap (2.4.44+dfsg-7) unstable; urgency=medium
5921728
593 * Relax the dependency of libldap-2.4-2 on libldap-common to also permit1729 * Relax the dependency of libldap-2.4-2 on libldap-common to also permit
@@ -595,6 +1731,52 @@ openldap (2.4.44+dfsg-7) unstable; urgency=medium
5951731
596 -- Ryan Tandy <ryan@nardis.ca> Tue, 27 Jun 2017 18:53:12 -07001732 -- Ryan Tandy <ryan@nardis.ca> Tue, 27 Jun 2017 18:53:12 -0700
5971733
1734openldap (2.4.44+dfsg-6ubuntu1) artful; urgency=medium
1735
1736 * Merge from Debian unstable. Remaining changes:
1737 - Enable AppArmor support:
1738 - d/apparmor-profile: add AppArmor profile
1739 - d/rules: use dh_apparmor
1740 - d/control: Build-Depends on dh-apparmor
1741 - d/slapd.README.Debian: add note about AppArmor
1742 - Enable GSSAPI support:
1743 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1744 - Add --with-gssapi support
1745 - Make guess_service_principal() more robust when determining
1746 principal
1747 - d/configure.options: Configure with --with-gssapi
1748 - d/control: Added heimdal-dev as a build depend
1749 - d/rules:
1750 - Explicitly add -I/usr/include/heimdal to CFLAGS.
1751 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1752 - Enable ufw support:
1753 - d/control: suggest ufw.
1754 - d/rules: install ufw profile.
1755 - d/slapd.ufw.profile: add ufw profile.
1756 - Enable nss overlay:
1757 - d/{patches/nssov-build,rules}: Apply, build and package the
1758 nss overlay.
1759 - d/{rules,slapd.py}: Add apport hook.
1760 [ d/rules modification mentioned above was dropped in
1761 2.4.23-6ubuntu1, re-adding it ]
1762 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1763 either the default DIT nor via an Authn mapping.
1764 - d/slapd.scripts-common:
1765 - add slapcat_opts to local variables.
1766 - Fix backup directory naming for multiple reconfiguration.
1767 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1768 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1769 in the openldap library, as required by Likewise-Open
1770 - Show distribution in version:
1771 - d/control: added lsb-release
1772 - d/patches/fix-ldap-distribution.patch: show distribution in version
1773 [ Refreshed patch ]
1774 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1775 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1776 - GSSAPI support was enabled in 2.4.18-0ubuntu2
1777
1778 -- Gianfranco Costamagna <locutusofborg@debian.org> Tue, 27 Jun 2017 10:21:41 +0200
1779
598openldap (2.4.44+dfsg-6) unstable; urgency=medium1780openldap (2.4.44+dfsg-6) unstable; urgency=medium
5991781
600 * Update the list of non-translatable strings for the1782 * Update the list of non-translatable strings for the
@@ -603,6 +1785,54 @@ openldap (2.4.44+dfsg-6) unstable; urgency=medium
6031785
604 -- Ryan Tandy <ryan@nardis.ca> Mon, 26 Jun 2017 19:42:02 -07001786 -- Ryan Tandy <ryan@nardis.ca> Mon, 26 Jun 2017 19:42:02 -0700
6051787
1788openldap (2.4.44+dfsg-5ubuntu1) artful; urgency=medium
1789
1790 * Merge from Debian unstable. Remaining changes:
1791 - Enable AppArmor support:
1792 - d/apparmor-profile: add AppArmor profile
1793 - d/rules: use dh_apparmor
1794 - d/control: Build-Depends on dh-apparmor
1795 - d/slapd.README.Debian: add note about AppArmor
1796 - Enable GSSAPI support:
1797 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1798 - Add --with-gssapi support
1799 - Make guess_service_principal() more robust when determining
1800 principal
1801 - d/configure.options: Configure with --with-gssapi
1802 - d/control: Added heimdal-dev as a build depend
1803 - d/rules:
1804 - Explicitly add -I/usr/include/heimdal to CFLAGS.
1805 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1806 - Enable ufw support:
1807 - d/control: suggest ufw.
1808 - d/rules: install ufw profile.
1809 - d/slapd.ufw.profile: add ufw profile.
1810 - Enable nss overlay:
1811 - d/{patches/nssov-build,rules}: Apply, build and package the
1812 nss overlay.
1813 - d/{rules,slapd.py}: Add apport hook.
1814 [ d/rules modification mentioned above was dropped in
1815 2.4.23-6ubuntu1, re-adding it ]
1816 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1817 either the default DIT nor via an Authn mapping.
1818 - d/slapd.scripts-common:
1819 - add slapcat_opts to local variables.
1820 - Fix backup directory naming for multiple reconfiguration.
1821 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1822 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1823 in the openldap library, as required by Likewise-Open
1824 - Show distribution in version:
1825 - d/control: added lsb-release
1826 - d/patches/fix-ldap-distribution.patch: show distribution in version
1827 [ Refreshed patch ]
1828 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1829 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1830 - GSSAPI support was enabled in 2.4.18-0ubuntu2
1831 [ undocumented in prior merge, added in 2.4.41+dfsg-1ubuntu1 ]
1832 - Fix use after free with GnuTLS. (LP #1557248)
1833
1834 -- Gianfranco Costamagna <locutusofborg@debian.org> Sun, 28 May 2017 22:43:50 +0200
1835
606openldap (2.4.44+dfsg-5) unstable; urgency=medium1836openldap (2.4.44+dfsg-5) unstable; urgency=medium
6071837
608 * debian/patches/ITS-8644-wait-for-slapd-to-start-in-test064.patch: Fix an1838 * debian/patches/ITS-8644-wait-for-slapd-to-start-in-test064.patch: Fix an
@@ -614,6 +1844,54 @@ openldap (2.4.44+dfsg-5) unstable; urgency=medium
6141844
615 -- Ryan Tandy <ryan@nardis.ca> Sun, 28 May 2017 09:59:46 -07001845 -- Ryan Tandy <ryan@nardis.ca> Sun, 28 May 2017 09:59:46 -0700
6161846
1847openldap (2.4.44+dfsg-4ubuntu1) artful; urgency=low
1848
1849 * Merge from Debian unstable. Remaining changes:
1850 - Enable AppArmor support:
1851 - d/apparmor-profile: add AppArmor profile
1852 - d/rules: use dh_apparmor
1853 - d/control: Build-Depends on dh-apparmor
1854 - d/slapd.README.Debian: add note about AppArmor
1855 - Enable GSSAPI support:
1856 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1857 - Add --with-gssapi support
1858 - Make guess_service_principal() more robust when determining
1859 principal
1860 - d/configure.options: Configure with --with-gssapi
1861 - d/control: Added heimdal-dev as a build depend
1862 - d/rules:
1863 - Explicitly add -I/usr/include/heimdal to CFLAGS.
1864 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1865 - Enable ufw support:
1866 - d/control: suggest ufw.
1867 - d/rules: install ufw profile.
1868 - d/slapd.ufw.profile: add ufw profile.
1869 - Enable nss overlay:
1870 - d/{patches/nssov-build,rules}: Apply, build and package the
1871 nss overlay.
1872 - d/{rules,slapd.py}: Add apport hook.
1873 [ d/rules modification mentioned above was dropped in
1874 2.4.23-6ubuntu1, re-adding it ]
1875 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1876 either the default DIT nor via an Authn mapping.
1877 - d/slapd.scripts-common:
1878 - add slapcat_opts to local variables.
1879 - Fix backup directory naming for multiple reconfiguration.
1880 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1881 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1882 in the openldap library, as required by Likewise-Open
1883 - Show distribution in version:
1884 - d/control: added lsb-release
1885 - d/patches/fix-ldap-distribution.patch: show distribution in version
1886 [ Refreshed patch ]
1887 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1888 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1889 - GSSAPI support was enabled in 2.4.18-0ubuntu2
1890 [ undocumented in prior merge, added in 2.4.41+dfsg-1ubuntu1 ]
1891 - Fix use after free with GnuTLS. (LP #1557248)
1892
1893 -- Gianfranco Costamagna <locutusofborg@debian.org> Sat, 22 Apr 2017 14:28:54 +0200
1894
617openldap (2.4.44+dfsg-4) unstable; urgency=medium1895openldap (2.4.44+dfsg-4) unstable; urgency=medium
6181896
619 * Improve the slapd/ppolicy_schema_needs_update debconf template. Thanks to1897 * Improve the slapd/ppolicy_schema_needs_update debconf template. Thanks to
@@ -660,6 +1938,67 @@ openldap (2.4.44+dfsg-4) unstable; urgency=medium
6601938
661 -- Ryan Tandy <ryan@nardis.ca> Sun, 16 Apr 2017 20:10:43 -07001939 -- Ryan Tandy <ryan@nardis.ca> Sun, 16 Apr 2017 20:10:43 -0700
6621940
1941openldap (2.4.44+dfsg-3ubuntu2) zesty; urgency=medium
1942
1943 * d/rules: Fix typo in previous upload.
1944
1945 -- Nishanth Aravamudan <nish.aravamudan@canonical.com> Fri, 10 Feb 2017 12:17:02 -0800
1946
1947openldap (2.4.44+dfsg-3ubuntu1) zesty; urgency=medium
1948
1949 * Merge with Debian unstable (LP: #1663702, LP: #1654416). Remaining
1950 changes
1951 - Enable AppArmor support:
1952 - d/apparmor-profile: add AppArmor profile
1953 - d/rules: use dh_apparmor
1954 - d/control: Build-Depends on dh-apparmor
1955 - d/slapd.README.Debian: add note about AppArmor
1956 - Enable GSSAPI support:
1957 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1958 - Add --with-gssapi support
1959 - Make guess_service_principal() more robust when determining
1960 principal
1961 - d/configure.options: Configure with --with-gssapi
1962 - d/control: Added heimdal-dev as a build depend
1963 - d/rules:
1964 - Explicitly add -I/usr/include/heimdal to CFLAGS.
1965 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1966 - Enable ufw support:
1967 - d/control: suggest ufw.
1968 - d/rules: install ufw profile.
1969 - d/slapd.ufw.profile: add ufw profile.
1970 - Enable nss overlay:
1971 - d/{patches/nssov-build,rules}: Apply, build and package the
1972 nss overlay.
1973 - d/{rules,slapd.py}: Add apport hook.
1974 [ d/rules modification mentioned above was dropped in
1975 2.4.23-6ubuntu1, re-adding it ]
1976 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1977 either the default DIT nor via an Authn mapping.
1978 - d/slapd.scripts-common:
1979 - add slapcat_opts to local variables.
1980 - Fix backup directory naming for multiple reconfiguration.
1981 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1982 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1983 in the openldap library, as required by Likewise-Open
1984 - Show distribution in version:
1985 - d/control: added lsb-release
1986 - d/patches/fix-ldap-distribution.patch: show distribution in version
1987 [ Refreshed patch ]
1988 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1989 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1990 - GSSAPI support was enabled in 2.4.18-0ubuntu2
1991 [ undocumented in prior merge, added in 2.4.41+dfsg-1ubuntu1 ]
1992 - Fix use after free with GnuTLS. (LP #1557248)
1993 * Drop:
1994 - d/slapd.scripts-common:
1995 + Remove unused variable new_conf.
1996 [ configure_v2_protocol_support function removed in 2.4.44+dfsg-1 ]
1997 - d/b/config.log: add config.log
1998 [ previously undocumented, stray change ]
1999
2000 -- Nishanth Aravamudan <nish.aravamudan@canonical.com> Fri, 10 Feb 2017 11:38:57 -0800
2001
663openldap (2.4.44+dfsg-3) unstable; urgency=medium2002openldap (2.4.44+dfsg-3) unstable; urgency=medium
6642003
665 * Apply upstream patch to fix FTBFS on kFreeBSD. (Closes: #845394)2004 * Apply upstream patch to fix FTBFS on kFreeBSD. (Closes: #845394)
@@ -732,6 +2071,73 @@ openldap (2.4.44+dfsg-1) unstable; urgency=medium
7322071
733 -- Ryan Tandy <ryan@nardis.ca> Mon, 14 Nov 2016 18:59:30 -08002072 -- Ryan Tandy <ryan@nardis.ca> Mon, 14 Nov 2016 18:59:30 -0800
7342073
2074openldap (2.4.42+dfsg-2ubuntu5) zesty; urgency=medium
2075
2076 * No-change rebuild for perl 5.24 transition
2077
2078 -- Iain Lane <iain@orangesquash.org.uk> Mon, 24 Oct 2016 10:37:13 +0100
2079
2080openldap (2.4.42+dfsg-2ubuntu4) yakkety; urgency=medium
2081
2082 * Fix use after free with GnuTLS. (LP: #1557248)
2083
2084 -- Maciej Puzio <maciej@work.swmed.edu> Fri, 25 Mar 2016 15:24:25 -0500
2085
2086openldap (2.4.42+dfsg-2ubuntu3) xenial; urgency=medium
2087
2088 * Fix building with gssapi suppport:
2089 - Explicitly add -I/usr/include/heimdal to CFLAGS.
2090 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
2091
2092 -- Matthias Klose <doko@ubuntu.com> Thu, 18 Feb 2016 09:17:27 +0100
2093
2094openldap (2.4.42+dfsg-2ubuntu2) xenial; urgency=medium
2095
2096 * No-change rebuild for gnutls transition.
2097
2098 -- Matthias Klose <doko@ubuntu.com> Wed, 17 Feb 2016 22:27:04 +0000
2099
2100openldap (2.4.42+dfsg-2ubuntu1) xenial; urgency=medium
2101
2102 * Merge from Debian testing (LP: #1532648). Remaining changes:
2103 - Enable AppArmor support:
2104 - d/apparmor-profile: add AppArmor profile
2105 - d/rules: use dh_apparmor
2106 - d/control: Build-Depends on dh-apparmor
2107 - d/slapd.README.Debian: add note about AppArmor
2108 - Enable GSSAPI support:
2109 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
2110 - Add --with-gssapi support
2111 - Make guess_service_principal() more robust when determining
2112 principal
2113 - d/configure.options: Configure with --with-gssapi
2114 - d/control: Added heimdal-dev as a build depend
2115 - Enable ufw support:
2116 - d/control: suggest ufw.
2117 - d/rules: install ufw profile.
2118 - d/slapd.ufw.profile: add ufw profile.
2119 - Enable nss overlay:
2120 - d/{patches/nssov-build,rules}: Apply, build and package the
2121 nss overlay.
2122 - d/{rules,slapd.py}: Add apport hook.
2123 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
2124 either the default DIT nor via an Authn mapping.
2125 - d/slapd.scripts-common:
2126 - add slapcat_opts to local variables.
2127 - Remove unused variable new_conf.
2128 - Fix backup directory naming for multiple reconfiguration.
2129 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
2130 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
2131 in the openldap library, as required by Likewise-Open
2132 - Show distribution in version:
2133 - d/control: added lsb-release
2134 - d/patches/fix-ldap-distribution.patch: show distribution in version
2135 * Drop CVE-2015-6908.patch, included in Debian.
2136 * Remove DEB_HOST_ARCH from debian/rules: left over from when mdb was
2137 disabled on ppc64el, no longer used, and missed in the previous merge.
2138
2139 -- Ryan Tandy <ryan@nardis.ca> Sun, 10 Jan 2016 15:50:53 -0800
2140
735openldap (2.4.42+dfsg-2) unstable; urgency=medium2141openldap (2.4.42+dfsg-2) unstable; urgency=medium
7362142
737 [ Ryan Tandy ]2143 [ Ryan Tandy ]
@@ -799,6 +2205,71 @@ openldap (2.4.42+dfsg-1) unstable; urgency=medium
7992205
800 -- Ryan Tandy <ryan@nardis.ca> Fri, 21 Aug 2015 13:07:51 -07002206 -- Ryan Tandy <ryan@nardis.ca> Fri, 21 Aug 2015 13:07:51 -0700
8012207
2208openldap (2.4.41+dfsg-1ubuntu3) xenial; urgency=medium
2209
2210 * Rebuild for Perl 5.22.1.
2211
2212 -- Colin Watson <cjwatson@ubuntu.com> Fri, 18 Dec 2015 15:10:17 +0000
2213
2214openldap (2.4.41+dfsg-1ubuntu2) wily; urgency=medium
2215
2216 * SECURITY UPDATE: denial of service via crafted BER data
2217 - debian/patches/CVE-2015-6908.patch: remove obsolete assert in
2218 libraries/liblber/io.c.
2219 - CVE-2015-6908
2220
2221 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 14 Sep 2015 10:25:04 -0400
2222
2223openldap (2.4.41+dfsg-1ubuntu1) wily; urgency=medium
2224
2225 * Merge from Debian testing (LP: #1471831). Remaining changes:
2226 - Enable AppArmor support:
2227 - d/apparmor-profile: add AppArmor profile
2228 - d/rules: use dh_apparmor
2229 - d/control: Build-Depends on dh-apparmor
2230 - d/slapd.README.Debian: add note about AppArmor
2231 - Enable GSSAPI support:
2232 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
2233 - Add --with-gssapi support
2234 - Make guess_service_principal() more robust when determining
2235 principal
2236 - d/configure.options: Configure with --with-gssapi
2237 - d/control: Added heimdal-dev as a build depend
2238 - Enable ufw support:
2239 - d/control: suggest ufw.
2240 - d/rules: install ufw profile.
2241 - d/slapd.ufw.profile: add ufw profile.
2242 - Enable nss overlay:
2243 - d/{patches/nssov-build,rules}: Apply, build and package the
2244 nss overlay.
2245 - d/{rules,slapd.py}: Add apport hook.
2246 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
2247 either the default DIT nor via an Authn mapping.
2248 - d/slapd.scripts-common:
2249 - add slapcat_opts to local variables.
2250 - Remove unused variable new_conf.
2251 - Fix backup directory naming for multiple reconfiguration.
2252 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
2253 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
2254 in the openldap library, as required by Likewise-Open
2255 - Show distribution in version:
2256 - d/control: added lsb-release
2257 - d/patches/fix-ldap-distribution.patch: show distribution in version
2258 * Dropped changes:
2259 - Fix cpp calls for GCC 5: fixed upstream (ITS#8056)
2260 * Upstream fixes:
2261 - slapd crash with auditlog overlay and large (~27KB) attribute values
2262 (ITS#8003) (LP: #1461276)
2263 - nssov updated to support recent nss-pam-ldapd client libraries
2264 (ITS#8097) (LP: #1393306)
2265 * Update d/patches/nssov-build for upstream changes.
2266 * Tweak d/patches/gssapi.diff to apply without fuzz.
2267 * d/libldap-2.4-2.symbols: Add symbols not present in Debian.
2268 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
2269 - GSSAPI support was enabled in 2.4.18-0ubuntu2
2270
2271 -- Ryan Tandy <ryan@nardis.ca> Fri, 24 Jul 2015 14:12:06 -0700
2272
802openldap (2.4.41+dfsg-1) unstable; urgency=medium2273openldap (2.4.41+dfsg-1) unstable; urgency=medium
8032274
804 * New upstream release.2275 * New upstream release.
@@ -818,6 +2289,62 @@ openldap (2.4.40+dfsg-2) unstable; urgency=medium
8182289
819 -- Ryan Tandy <ryan@nardis.ca> Sun, 28 Jun 2015 20:40:37 -07002290 -- Ryan Tandy <ryan@nardis.ca> Sun, 28 Jun 2015 20:40:37 -0700
8202291
2292openldap (2.4.40+dfsg-1ubuntu2) wily; urgency=medium
2293
2294 * No-change rebuild for the libnettle6 transition.
2295
2296 -- Adam Conrad <adconrad@ubuntu.com> Sun, 14 Jun 2015 03:58:30 -0600
2297
2298openldap (2.4.40+dfsg-1ubuntu1) wily; urgency=low
2299
2300 * Merge from Debian testing (LP: #1395098, LP: #1316124). Remaining changes:
2301 - Enable AppArmor support:
2302 - d/apparmor-profile: add AppArmor profile
2303 - d/rules: use dh_apparmor
2304 - d/control: Build-Depends on dh-apparmor
2305 - d/slapd.README.Debian: add note about AppArmor
2306 - Enable GSSAPI support:
2307 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
2308 - Add --with-gssapi support
2309 - Make guess_service_principal() more robust when determining
2310 principal
2311 - d/configure.options: Configure with --with-gssapi
2312 - d/control: Added heimdal-dev as a build depend
2313 - Enable ufw support:
2314 - d/control: suggest ufw.
2315 - d/rules: install ufw profile.
2316 - d/slapd.ufw.profile: add ufw profile.
2317 - Enable nss overlay:
2318 - d/{patches/nssov-build,rules}: Apply, build and package the
2319 nss overlay.
2320 - d/{rules,slapd.py}: Add apport hook.
2321 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
2322 either the default DIT nor via an Authn mapping.
2323 - d/slapd.scripts-common:
2324 - add slapcat_opts to local variables.
2325 - Remove unused variable new_conf.
2326 - Fix backup directory naming for multiple reconfiguration.
2327 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
2328 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
2329 in the openldap library, as required by Likewise-Open
2330 - Show distribution in version:
2331 - d/control: added lsb-release
2332 - d/patches/fix-ldap-distribution.patch: show distribution in version
2333 * Drop patches included upstream:
2334 - d/patches/0001-ITS-7430-GnuTLS-Avoid-use-of-deprecated-function.patch
2335 - d/patches/bdb-deadlock.patch
2336 - d/patches/its-7354-fix-delta-sync-mmr.diff
2337 * Drop hardening-wrapper as Debian now sets PIE and bindnow flags.
2338 * debian/patches/nssov-build: Adjust for upstream changes.
2339 * debian/apparmor-profile:
2340 - Change 'r' to 'rw' for ldapi and nslcd sockets, required for apparmor
2341 kernel ABI v7 (utopic and later). (LP: #1392018)
2342 - Reduce permissions on /run/nslcd to just the nslcd socket.
2343 * Enable the mdb backend again on ppc64el, fixed upstream in ITS#7713.
2344 (LP: #1293250)
2345
2346 -- Ryan Tandy <ryan@nardis.ca> Mon, 25 May 2015 19:49:21 -0700
2347
821openldap (2.4.40+dfsg-1) unstable; urgency=medium2348openldap (2.4.40+dfsg-1) unstable; urgency=medium
8222349
823 * Remove inetorgperson.schema from the upstream source. Replace it with a2350 * Remove inetorgperson.schema from the upstream source. Replace it with a
@@ -1006,6 +2533,187 @@ openldap (2.4.39-1) unstable; urgency=low
10062533
1007 -- Steve Langasek <vorlon@debian.org> Mon, 17 Mar 2014 15:27:31 -07002534 -- Steve Langasek <vorlon@debian.org> Mon, 17 Mar 2014 15:27:31 -0700
10082535
2536openldap (2.4.31-1+nmu2ubuntu12) vivid; urgency=medium
2537
2538 * Fix cpp calls for GCC 5.
2539
2540 -- Matthias Klose <doko@ubuntu.com> Fri, 06 Mar 2015 13:23:29 +0100
2541
2542openldap (2.4.31-1+nmu2ubuntu11) utopic; urgency=medium
2543
2544 * debian/apparmor-profile:
2545 - allow p11-kit abstraction
2546 - allow read of /etc/gss/mech.d/*
2547
2548 -- Jamie Strandboge <jamie@ubuntu.com> Tue, 02 Sep 2014 15:29:05 -0500
2549
2550openldap (2.4.31-1+nmu2ubuntu10) utopic; urgency=medium
2551
2552 * Rebuild for Perl 5.20.0.
2553
2554 -- Colin Watson <cjwatson@ubuntu.com> Thu, 21 Aug 2014 13:29:20 +0100
2555
2556openldap (2.4.31-1+nmu2ubuntu9) utopic; urgency=medium
2557
2558 * Cherry-pick upstream patch for compat with recent GNUTLS.
2559 * Build-depend on libgnutls28-dev.
2560 * Build-depend on libgcrypt20-dev.
2561
2562 -- Dimitri John Ledkov <xnox@ubuntu.com> Fri, 08 Aug 2014 11:01:56 +0100
2563
2564openldap (2.4.31-1+nmu2ubuntu8) trusty; urgency=medium
2565
2566 * Bump database_format_changed value to 2.4.31-1+nmu2ubuntu5 for db5.3.
2567
2568 -- Adam Conrad <adconrad@ubuntu.com> Mon, 17 Mar 2014 12:50:18 -0600
2569
2570openldap (2.4.31-1+nmu2ubuntu7) trusty; urgency=medium
2571
2572 * Disable mdb backend on ppc64el due to test-suite failures.
2573
2574 -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 17 Mar 2014 16:32:29 +0000
2575
2576openldap (2.4.31-1+nmu2ubuntu6) trusty; urgency=low
2577
2578 * Fix segfault issue with master-master syncrepl (LP: #1287730):
2579 - d/patches/its-7354-fix-delta-sync-mmr.diff: Cherry picked
2580 patch from upstream VCS.
2581
2582 -- Pierre Fersing <pfersing@sierrawireless.com> Tue, 04 Mar 2014 16:04:57 +0100
2583
2584openldap (2.4.31-1+nmu2ubuntu5) trusty; urgency=low
2585
2586 * Build-depend on libdb5.3-dev, instead of libdb5.1-dev.
2587
2588 -- Dmitrijs Ledkovs <xnox@ubuntu.com> Mon, 04 Nov 2013 08:04:30 +0000
2589
2590openldap (2.4.31-1+nmu2ubuntu4) trusty; urgency=low
2591
2592 * Rebuild for Perl 5.18.
2593
2594 -- Colin Watson <cjwatson@ubuntu.com> Tue, 22 Oct 2013 12:16:39 +0100
2595
2596openldap (2.4.31-1+nmu2ubuntu3) saucy; urgency=low
2597
2598 * Update build/config.guess and build/config.sub at build time; this was
2599 not done automatically because the top-level configure.in does not use
2600 Automake.
2601
2602 -- Colin Watson <cjwatson@ubuntu.com> Tue, 08 Oct 2013 17:24:59 +0100
2603
2604openldap (2.4.31-1+nmu2ubuntu2) saucy; urgency=low
2605
2606 * debian/control: added lsb-release
2607 * debian/patches/fix-ldap-distribution.patch: show distribution in version
2608
2609 -- Yolanda Robla <yolanda.robla@canonical.com> Mon, 08 Jul 2013 16:53:09 +0200
2610
2611openldap (2.4.31-1+nmu2ubuntu1) saucy; urgency=low
2612
2613 * Merge from Debian unstable. Remaining changes:
2614 - Enable AppArmor support:
2615 - d/apparmor-profile: add AppArmor profile
2616 - d/rules: use dh_apparmor
2617 - d/control: Build-Depends on dh-apparmor
2618 - d/slapd.README.Debian: add note about AppArmor
2619 - d/slapd.dirs: add etc/apparmor.d/force-complain
2620 - Enable GSSAPI support:
2621 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
2622 - Add --with-gssapi support
2623 - Make guess_service_principal() more robust when determining
2624 principal
2625 - d/configure.options: Configure with --with-gssapi
2626 - d/control: Added libkrb5-dev as a build depend
2627 - Enable ufw support:
2628 - d/control: suggest ufw.
2629 - d/rules: install ufw profile.
2630 - d/slapd.ufw.profile: add ufw profile.
2631 - Enable nss overlay:
2632 - d/{patches/nssov-build,/rules}: Apply, build and package the
2633 nss overlay.
2634 - d/{rules,slapd.py}: Add apport hook.
2635 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
2636 either the default DIT nor via an Authn mapping.
2637 - d/slapd.scripts-common:
2638 - add slapcat_opts to local variables.
2639 - Remove unused variable new_conf.
2640 - Fix backup directory naming for multiple reconfiguration.
2641 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
2642 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
2643 in the openldap library, as required by Likewise-Open
2644 - d/{control,rules}: enable PIE hardening
2645
2646 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 30 May 2013 13:03:25 -0400
2647
2648openldap (2.4.31-1+nmu2) unstable; urgency=high
2649
2650 * Non-maintainer upload.
2651 * No-change rebuild in a clean environment
2652
2653 -- Jonathan Wiltshire <jmw@debian.org> Tue, 23 Apr 2013 13:10:00 +0100
2654
2655openldap (2.4.31-1+nmu1) unstable; urgency=medium
2656
2657 * Non-maintainer upload.
2658 * Avoid deadlocks in back-bdb that truncate slapcat output (closes: #673038).
2659
2660 -- Michael Gilbert <mgilbert@debian.org> Tue, 16 Apr 2013 03:35:31 +0000
2661
2662openldap (2.4.31-1ubuntu2) quantal-proposed; urgency=low
2663
2664 * debian/slapd.py: Add AppArmor info and logs to apport hook.
2665
2666 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 20 Aug 2012 08:46:02 -0400
2667
2668openldap (2.4.31-1ubuntu1) quantal; urgency=low
2669
2670 * Merge from Debian unstable. Remaining changes:
2671 - Enable AppArmor support:
2672 - d/apparmor-profile: add AppArmor profile
2673 - d/rules: use dh_apparmor
2674 - d/control: Build-Depends on dh-apparmor
2675 - d/slapd.README.Debian: add note about AppArmor
2676 - d/slapd.dirs: add etc/apparmor.d/force-complain
2677 - Enable GSSAPI support (LP: #495418):
2678 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
2679 - Add --with-gssapi support
2680 - Make guess_service_principal() more robust when determining
2681 principal
2682 - d/configure.options: Configure with --with-gssapi
2683 - d/control: Added libkrb5-dev as a build depend
2684 - Enable ufw support (LP: #423246):
2685 - d/control: suggest ufw.
2686 - d/rules: install ufw profile.
2687 - d/slapd.ufw.profile: add ufw profile.
2688 - Enable nss overlay (LP: #675391):
2689 - d/{patches/nssov-build,/rules}: Apply, build and package the
2690 nss overlay.
2691 - d/{rules,slapd.py}: Add apport hook. (LP: #610544)
2692 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
2693 either the default DIT nor via an Authn mapping.
2694 - d/slapd.scripts-common:
2695 - add slapcat_opts to local variables.
2696 - Remove unused variable new_conf.
2697 - Fix backup directory naming for multiple reconfiguration.
2698 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
2699 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
2700 in the openldap library, as required by Likewise-Open (LP: #390579)
2701 - d/{control,rules}: enable PIE hardening
2702 * Dropped changes:
2703 - d/patches/its-7107-fix-Operation-init-on-reuse.diff: Included in upstream release.
2704 - d/patches/CVE-2011-4079: Included in upstream release.
2705 - d/patches/service-operational-before-detach: Included in upstream release.
2706 - d/schema/extra/misc.ldif: Included upstream.
2707 - d/{rules,schema/extra}: Fix configure and clean rules to support
2708 extra schemas shipped as part of the debian/schema/ directory; no longer required.
2709 - Included in Debian:
2710 + Document cn=config in README file.
2711 + Install a default DIT; actually a minimal configuration.
2712 + d/patches/heimdal-fix.
2713 * General tidy of d/patches to remove obsolete patches being held in Ubuntu delta.
2714
2715 -- James Page <james.page@ubuntu.com> Fri, 20 Jul 2012 13:48:32 +0100
2716
1009openldap (2.4.31-1) unstable; urgency=low2717openldap (2.4.31-1) unstable; urgency=low
10102718
1011 * New upstream release.2719 * New upstream release.
@@ -1032,6 +2740,121 @@ openldap (2.4.31-1) unstable; urgency=low
10322740
1033 -- Steve Langasek <vorlon@debian.org> Wed, 27 Jun 2012 03:27:34 +00002741 -- Steve Langasek <vorlon@debian.org> Wed, 27 Jun 2012 03:27:34 +0000
10342742
2743openldap (2.4.28-1.1ubuntu6) quantal; urgency=low
2744
2745 * Fix issue with intermittent connection issues when using LDAPv3
2746 protocol (LP: #1023025):
2747 - d/patches/its-7107-fix-Operation-init-on-reuse.diff: Cherry picked
2748 patch from upstream VCS which ensures objects are initialized before
2749 re-use.
2750
2751 -- Pierre Fersing <pfersing@sierrawireless.com> Thu, 19 Jul 2012 14:05:09 +0100
2752
2753openldap (2.4.28-1.1ubuntu5) quantal; urgency=low
2754
2755 * debian/rules: Add smbk5pwd build.
2756 * debian/control: Add slapd-smbk5pwd binary package.
2757 * debian/patches/heimdal-fix: adapt parameters of
2758 hdb_generate_key_set_password() to heimdal 1.6~git20120311
2759 (patch from Debian #664930).
2760
2761 -- Jorge Salamero Sanz <bencer@debian.org> Wed, 18 Jul 2012 09:30:28 -0400
2762
2763openldap (2.4.28-1.1ubuntu4) precise; urgency=low
2764
2765 * debian/control: Build-Depends on dh-apparmor (LP: #948481)
2766
2767 -- Jamie Strandboge <jamie@ubuntu.com> Thu, 05 Apr 2012 09:34:37 -0500
2768
2769openldap (2.4.28-1.1ubuntu3) precise; urgency=low
2770
2771 * Add its-7176-only-poll-sockets-for-write-as-needed.diff
2772 (LP: #932823).
2773
2774 -- Timo Aaltonen <tjaalton@ubuntu.com> Tue, 21 Feb 2012 15:36:29 +0200
2775
2776openldap (2.4.28-1.1ubuntu2) precise; urgency=low
2777
2778 * Remove debian/patches/CVE-2011-4079; it's already in this upstream
2779 version. Fixes FTBFS.
2780
2781 -- Daniel T Chen <crimsun@ubuntu.com> Wed, 25 Jan 2012 17:26:17 -0500
2782
2783openldap (2.4.28-1.1ubuntu1) precise; urgency=low
2784
2785 * Merge from Debian testing. Remaining changes:
2786 - Install a default DIT (LP: #442498).
2787 - Document cn=config in README file (LP: #370784).
2788 - remaining changes:
2789 + AppArmor support:
2790 - debian/apparmor-profile: add AppArmor profile
2791 - use dh_apparmor:
2792 - debian/rules: use dh_apparmor
2793 - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
2794 - updated debian/slapd.README.Debian for note on AppArmor
2795 - debian/slapd.dirs: add etc/apparmor.d/force-complain
2796 + Enable GSSAPI support (LP: #495418):
2797 - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
2798 - Add --with-gssapi support
2799 - Make guess_service_principal() more robust when determining
2800 principal
2801 - debian/patches/series: apply gssapi.diff patch.
2802 - debian/configure.options: Configure with --with-gssapi
2803 - debian/control: Added libkrb5-dev as a build depend
2804 + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
2805 in the openldap library, as required by Likewise-Open (LP: #390579)
2806 + Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
2807 - debian/control:
2808 - remove build-dependency on heimdal-dev.
2809 - remove slapd-smbk5pwd binary package.
2810 - debian/rules: don't build smbk5pwd slapd module.
2811 + debian/{control,rules}: enable PIE hardening
2812 + ufw support (LP: #423246):
2813 - debian/control: suggest ufw.
2814 - debian/rules: install ufw profile.
2815 - debian/slapd.ufw.profile: add ufw profile.
2816 + Enable nssoverlay:
2817 - debian/patches/nssov-build, debian/series, debian/rules:
2818 Apply, build and package the nss overlay.
2819 - debian/schema/extra/misc.ldif: add ldif file for the misc schema
2820 which defines rfc822MailMember (required by the nss overlay).
2821 + debian/rules, debian/schema/extra/:
2822 Fix configure rule to supports extra schemas shipped as part
2823 of the debian/schema/ directory.
2824 + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
2825 + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
2826 neither the default DIT nor via an Authn mapping.
2827 + debian/slapd.scripts-common: adjust minimum version that triggers a
2828 database upgrade. Upgrade from maverick shouldn't trigger database
2829 upgrade (which would happen with the version used in Debian).
2830 + debian/slapd.scripts-common: add slapcat_opts to local variables.
2831 Remove unused variable new_conf.
2832 + debian/slapd.script-common: Fix package reconfiguration.
2833 - Fix backup directory naming for multiple reconfiguration.
2834 + debian/slapd.default, debian/slapd.README.Debian:
2835 use the new configuration style.
2836 + Install nss overlay (LP: #675391):
2837 - debian/rules: run install target for nssov module.
2838 - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema
2839 + debian/patches/gssapi.diff:
2840 - Update patch so that likewise-open is usuable again. (LP: #661547)
2841 + debian/patches/service-operational-before-detach: New patch replacing old one
2842 of the same name as previous could cause database corruption based on upstream commits.
2843 (LP: #727973)
2844 + debian/patches/CVE-2011-4079: fix off by one error in postalAddressNormalize()
2845 (CVE-2011-4079)
2846
2847
2848 -- Chuck Short <zulcss@ubuntu.com> Mon, 23 Jan 2012 10:01:13 -0500
2849
2850openldap (2.4.28-1.1) unstable; urgency=low
2851
2852 * Non-maintainer upload.
2853 * Disable the mdb backend on non-Linux, it looks like it doesn't work with
2854 linuxthreads (closes: #654824).
2855
2856 -- Julien Cristau <jcristau@debian.org> Mon, 16 Jan 2012 19:45:42 +0100
2857
1035openldap (2.4.28-1) unstable; urgency=low2858openldap (2.4.28-1) unstable; urgency=low
10362859
1037 * New upstream release.2860 * New upstream release.
@@ -1059,6 +2882,72 @@ openldap (2.4.28-1) unstable; urgency=low
10592882
1060 -- Steve Langasek <vorlon@debian.org> Thu, 05 Jan 2012 06:07:11 +00002883 -- Steve Langasek <vorlon@debian.org> Thu, 05 Jan 2012 06:07:11 +0000
10612884
2885openldap (2.4.25-4ubuntu1) precise; urgency=low
2886
2887 * Merge from Debian testing. Remaining changes:
2888 - Install a default DIT (LP: #442498).
2889 - Document cn=config in README file (LP: #370784).
2890 - remaining changes:
2891 + AppArmor support:
2892 - debian/apparmor-profile: add AppArmor profile
2893 - use dh_apparmor:
2894 - debian/rules: use dh_apparmor
2895 - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
2896 - updated debian/slapd.README.Debian for note on AppArmor
2897 - debian/slapd.dirs: add etc/apparmor.d/force-complain
2898 + Enable GSSAPI support (LP: #495418):
2899 - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
2900 - Add --with-gssapi support
2901 - Make guess_service_principal() more robust when determining
2902 principal
2903 - debian/patches/series: apply gssapi.diff patch.
2904 - debian/configure.options: Configure with --with-gssapi
2905 - debian/control: Added libkrb5-dev as a build depend
2906 + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
2907 in the openldap library, as required by Likewise-Open (LP: #390579)
2908 + Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
2909 - debian/control:
2910 - remove build-dependency on heimdal-dev.
2911 - remove slapd-smbk5pwd binary package.
2912 - debian/rules: don't build smbk5pwd slapd module.
2913 + debian/{control,rules}: enable PIE hardening
2914 + ufw support (LP: #423246):
2915 - debian/control: suggest ufw.
2916 - debian/rules: install ufw profile.
2917 - debian/slapd.ufw.profile: add ufw profile.
2918 + Enable nssoverlay:
2919 - debian/patches/nssov-build, debian/series, debian/rules:
2920 Apply, build and package the nss overlay.
2921 - debian/schema/extra/misc.ldif: add ldif file for the misc schema
2922 which defines rfc822MailMember (required by the nss overlay).
2923 + debian/rules, debian/schema/extra/:
2924 Fix configure rule to supports extra schemas shipped as part
2925 of the debian/schema/ directory.
2926 + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
2927 + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
2928 neither the default DIT nor via an Authn mapping.
2929 + debian/slapd.scripts-common: adjust minimum version that triggers a
2930 database upgrade. Upgrade from maverick shouldn't trigger database
2931 upgrade (which would happen with the version used in Debian).
2932 + debian/slapd.scripts-common: add slapcat_opts to local variables.
2933 Remove unused variable new_conf.
2934 + debian/slapd.script-common: Fix package reconfiguration.
2935 - Fix backup directory naming for multiple reconfiguration.
2936 + debian/slapd.default, debian/slapd.README.Debian:
2937 use the new configuration style.
2938 + Install nss overlay (LP: #675391):
2939 - debian/rules: run install target for nssov module.
2940 - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema
2941 + debian/patches/gssapi.diff:
2942 - Update patch so that likewise-open is usuable again. (LP: #661547)
2943 + debian/patches/service-operational-before-detach: New patch replacing old one
2944 of the same name as previous could cause database corruption based on upstream commits.
2945 (LP: #727973)
2946 + debian/patches/CVE-2011-4079: fix off by one error in postalAddressNormalize()
2947 (CVE-2011-4079)
2948
2949 -- Chuck Short <zulcss@ubuntu.com> Tue, 22 Nov 2011 06:17:49 +0000
2950
1062openldap (2.4.25-4) unstable; urgency=low2951openldap (2.4.25-4) unstable; urgency=low
10632952
1064 * Drop explicit depends on libdb4.8, since we're now linking against2953 * Drop explicit depends on libdb4.8, since we're now linking against
@@ -1092,6 +2981,85 @@ openldap (2.4.25-4) unstable; urgency=low
10922981
1093 -- Steve Langasek <vorlon@debian.org> Tue, 18 Oct 2011 01:08:34 +00002982 -- Steve Langasek <vorlon@debian.org> Tue, 18 Oct 2011 01:08:34 +0000
10942983
2984openldap (2.4.25-3ubuntu3) precise; urgency=low
2985
2986 * Rebuild for Perl 5.14.
2987
2988 -- Colin Watson <cjwatson@ubuntu.com> Tue, 15 Nov 2011 20:50:09 +0000
2989
2990openldap (2.4.25-3ubuntu2) precise; urgency=low
2991
2992 * SECURITY UPDATE: potential denial of service (LP: #884163)
2993 - debian/patches/CVE-2011-4079: fix off by one error in
2994 postalAddressNormalize()
2995 - CVE-2011-4079
2996
2997 -- Jamie Strandboge <jamie@ubuntu.com> Mon, 14 Nov 2011 13:59:56 -0600
2998
2999openldap (2.4.25-3ubuntu1) precise; urgency=low
3000
3001 * Merge from debian unstable. Remaining changes:
3002 - Install a default DIT (LP: #442498).
3003 - Document cn=config in README file (LP: #370784).
3004 - remaining changes:
3005 + AppArmor support:
3006 - debian/apparmor-profile: add AppArmor profile
3007 - use dh_apparmor:
3008 - debian/rules: use dh_apparmor
3009 - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
3010 - updated debian/slapd.README.Debian for note on AppArmor
3011 - debian/slapd.dirs: add etc/apparmor.d/force-complain
3012 + Enable GSSAPI support (LP: #495418):
3013 - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
3014 - Add --with-gssapi support
3015 - Make guess_service_principal() more robust when determining
3016 principal
3017 - debian/patches/series: apply gssapi.diff patch.
3018 - debian/configure.options: Configure with --with-gssapi
3019 - debian/control: Added libkrb5-dev as a build depend
3020 + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
3021 in the openldap library, as required by Likewise-Open (LP: #390579)
3022 + Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
3023 - debian/control:
3024 - remove build-dependency on heimdal-dev.
3025 - remove slapd-smbk5pwd binary package.
3026 - debian/rules: don't build smbk5pwd slapd module.
3027 + debian/{control,rules}: enable PIE hardening
3028 + ufw support (LP: #423246):
3029 - debian/control: suggest ufw.
3030 - debian/rules: install ufw profile.
3031 - debian/slapd.ufw.profile: add ufw profile.
3032 + Enable nssoverlay:
3033 - debian/patches/nssov-build, debian/series, debian/rules:
3034 Apply, build and package the nss overlay.
3035 - debian/schema/extra/misc.ldif: add ldif file for the misc schema
3036 which defines rfc822MailMember (required by the nss overlay).
3037 + debian/rules, debian/schema/extra/:
3038 Fix configure rule to supports extra schemas shipped as part
3039 of the debian/schema/ directory.
3040 + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
3041 + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
3042 neither the default DIT nor via an Authn mapping.
3043 + debian/slapd.scripts-common: adjust minimum version that triggers a
3044 database upgrade. Upgrade from maverick shouldn't trigger database
3045 upgrade (which would happen with the version used in Debian).
3046 + debian/slapd.scripts-common: add slapcat_opts to local variables.
3047 Remove unused variable new_conf.
3048 + debian/slapd.script-common: Fix package reconfiguration.
3049 - Fix backup directory naming for multiple reconfiguration.
3050 + debian/slapd.default, debian/slapd.README.Debian:
3051 use the new configuration style.
3052 + Install nss overlay (LP: #675391):
3053 - debian/rules: run install target for nssov module.
3054 - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema
3055 + debian/patches/gssapi.diff:
3056 - Update patch so that likewise-open is usuable again. (LP: #661547)
3057 + debian/patches/service-operational-before-detach: New patch replacing old one
3058 of the same name as previous could cause database corruption based on upstream commits.
3059 (LP: #727973)
3060
3061 -- Chuck Short <zulcss@ubuntu.com> Wed, 19 Oct 2011 20:53:08 +0000
3062
1095openldap (2.4.25-3) unstable; urgency=low3063openldap (2.4.25-3) unstable; urgency=low
10963064
1097 * Brown paper bag: really fix the .links.in handling, so we don't generate3065 * Brown paper bag: really fix the .links.in handling, so we don't generate
@@ -1114,6 +3082,92 @@ openldap (2.4.25-2) unstable; urgency=low
11143082
1115 -- Steve Langasek <vorlon@debian.org> Sun, 14 Aug 2011 23:17:09 -07003083 -- Steve Langasek <vorlon@debian.org> Sun, 14 Aug 2011 23:17:09 -0700
11163084
3085openldap (2.4.25-1.1ubuntu4) oneiric; urgency=low
3086
3087 * Brown paper bag: really fix the .links.in handling, so we don't generate
3088 broken /usr/lib/${DEB_HOST_MULTIARCH} dirs.
3089
3090 -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 15 Aug 2011 09:43:29 +0000
3091
3092openldap (2.4.25-1.1ubuntu3) oneiric; urgency=low
3093
3094 * Cherry-pick multiarch support from Debian (LP: #826601):
3095 - Bump to compat level 7, so we don't have to spell out debian/tmp in
3096 every single .install file
3097 - Build for multiarch.
3098
3099 -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 15 Aug 2011 02:23:43 -0700
3100
3101openldap (2.4.25-1.1ubuntu2) oneiric; urgency=low
3102
3103 * debian/apparmor-profile: Allow /var/run and /run. (LP: #810270)
3104
3105 -- Martin Pitt <martin.pitt@ubuntu.com> Thu, 14 Jul 2011 15:18:02 +0200
3106
3107openldap (2.4.25-1.1ubuntu1) oneiric; urgency=low
3108
3109 * Merge from debian unstable. Remaining changes:
3110 - Install a default DIT (LP: #442498).
3111 - Document cn=config in README file (LP: #370784).
3112 - remaining changes:
3113 + AppArmor support:
3114 - debian/apparmor-profile: add AppArmor profile
3115 - use dh_apparmor:
3116 - debian/rules: use dh_apparmor
3117 - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
3118 - updated debian/slapd.README.Debian for note on AppArmor
3119 - debian/slapd.dirs: add etc/apparmor.d/force-complain
3120 + Enable GSSAPI support (LP: #495418):
3121 - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
3122 - Add --with-gssapi support
3123 - Make guess_service_principal() more robust when determining
3124 principal
3125 - debian/patches/series: apply gssapi.diff patch.
3126 - debian/configure.options: Configure with --with-gssapi
3127 - debian/control: Added libkrb5-dev as a build depend
3128 + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
3129 in the openldap library, as required by Likewise-Open (LP: #390579)
3130 + Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
3131 - debian/control:
3132 - remove build-dependency on heimdal-dev.
3133 - remove slapd-smbk5pwd binary package.
3134 - debian/rules: don't build smbk5pwd slapd module.
3135 + debian/{control,rules}: enable PIE hardening
3136 + ufw support (LP: #423246):
3137 - debian/control: suggest ufw.
3138 - debian/rules: install ufw profile.
3139 - debian/slapd.ufw.profile: add ufw profile.
3140 + Enable nssoverlay:
3141 - debian/patches/nssov-build, debian/series, debian/rules:
3142 Apply, build and package the nss overlay.
3143 - debian/schema/extra/misc.ldif: add ldif file for the misc schema
3144 which defines rfc822MailMember (required by the nss overlay).
3145 + debian/rules, debian/schema/extra/:
3146 Fix configure rule to supports extra schemas shipped as part
3147 of the debian/schema/ directory.
3148 + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
3149 + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
3150 neither the default DIT nor via an Authn mapping.
3151 + debian/slapd.scripts-common: adjust minimum version that triggers a
3152 database upgrade. Upgrade from maverick shouldn't trigger database
3153 upgrade (which would happen with the version used in Debian).
3154 + debian/slapd.scripts-common: add slapcat_opts to local variables.
3155 Remove unused variable new_conf.
3156 + debian/slapd.script-common: Fix package reconfiguration.
3157 - Fix backup directory naming for multiple reconfiguration.
3158 + debian/slapd.default, debian/slapd.README.Debian:
3159 use the new configuration style.
3160 + Install nss overlay (LP: #675391):
3161 - debian/rules: run install target for nssov module.
3162 - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema
3163 + debian/patches/gssapi.diff:
3164 - Update patch so that likewise-open is usuable again. (LP: #661547)
3165 + debian/patches/service-operational-before-detach: New patch replacing old one
3166 of the same name as previous could cause database corruption based on upstream commits.
3167 (LP: #727973)
3168
3169 -- Chuck Short <zulcss@ubuntu.com> Sun, 05 Jun 2011 17:38:40 +0100
3170
1117openldap (2.4.25-1.1) unstable; urgency=low3171openldap (2.4.25-1.1) unstable; urgency=low
11183172
1119 * Non-maintainer upload to fix RC bug.3173 * Non-maintainer upload to fix RC bug.
@@ -1121,6 +3175,75 @@ openldap (2.4.25-1.1) unstable; urgency=low
11213175
1122 -- Thijs Kinkhorst <thijs@debian.org> Tue, 31 May 2011 11:57:29 +02003176 -- Thijs Kinkhorst <thijs@debian.org> Tue, 31 May 2011 11:57:29 +0200
11233177
3178openldap (2.4.25-1ubuntu1) oneiric; urgency=low
3179
3180 * Merge from debian unstable. Remaining changes:
3181 - Install a default DIT (LP: #442498).
3182 - Document cn=config in README file (LP: #370784).
3183 - remaining changes:
3184 + AppArmor support:
3185 - debian/apparmor-profile: add AppArmor profile
3186 - use dh_apparmor:
3187 - debian/rules: use dh_apparmor
3188 - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
3189 - updated debian/slapd.README.Debian for note on AppArmor
3190 - debian/slapd.dirs: add etc/apparmor.d/force-complain
3191 + Enable GSSAPI support (LP: #495418):
3192 - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
3193 - Add --with-gssapi support
3194 - Make guess_service_principal() more robust when determining
3195 principal
3196 - debian/patches/series: apply gssapi.diff patch.
3197 - debian/configure.options: Configure with --with-gssapi
3198 - debian/control: Added libkrb5-dev as a build depend
3199 + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
3200 in the openldap library, as required by Likewise-Open (LP: #390579)
3201 + Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
3202 - debian/control:
3203 - remove build-dependency on heimdal-dev.
3204 - remove slapd-smbk5pwd binary package.
3205 - debian/rules: don't build smbk5pwd slapd module.
3206 + debian/{control,rules}: enable PIE hardening
3207 + ufw support (LP: #423246):
3208 - debian/control: suggest ufw.
3209 - debian/rules: install ufw profile.
3210 - debian/slapd.ufw.profile: add ufw profile.
3211 + Enable nssoverlay:
3212 - debian/patches/nssov-build, debian/series, debian/rules:
3213 Apply, build and package the nss overlay.
3214 - debian/schema/extra/misc.ldif: add ldif file for the misc schema
3215 which defines rfc822MailMember (required by the nss overlay).
3216 + debian/rules, debian/schema/extra/:
3217 Fix configure rule to supports extra schemas shipped as part
3218 of the debian/schema/ directory.
3219 + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
3220 + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
3221 neither the default DIT nor via an Authn mapping.
3222 + debian/slapd.scripts-common: adjust minimum version that triggers a
3223 database upgrade. Upgrade from maverick shouldn't trigger database
3224 upgrade (which would happen with the version used in Debian).
3225 + debian/slapd.scripts-common: add slapcat_opts to local variables.
3226 Remove unused variable new_conf.
3227 + debian/slapd.script-common: Fix package reconfiguration.
3228 - Fix backup directory naming for multiple reconfiguration.
3229 + debian/slapd.default, debian/slapd.README.Debian:
3230 use the new configuration style.
3231 + Install nss overlay (LP: #675391):
3232 - debian/rules: run install target for nssov module.
3233 - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema
3234 + debian/patches/gssapi.diff:
3235 - Update patch so that likewise-open is usuable again. (LP: #661547)
3236 + debian/patches/service-operational-before-detach: New patch replacing old one
3237 of the same name as previous could cause database corruption based on upstream commits.
3238 (LP: #727973)
3239 + Dropped:
3240 - debian/patches/gold: Use the debian version instead
3241 - debian/patches/CVE-2011-1024: Fixed upstream
3242 - debian/patches/CVE-2011-1025: Fixed upstream
3243 - debian/patches/CVE-2011-1081: Fixed upstream
3244
3245 -- Chuck Short <zulcss@ubuntu.com> Sun, 08 May 2011 16:34:09 +0100
3246
1124openldap (2.4.25-1) unstable; urgency=low3247openldap (2.4.25-1) unstable; urgency=low
11253248
1126 * New upstream version (Closes: #617606, #618904, #606815, #608813)3249 * New upstream version (Closes: #617606, #618904, #606815, #608813)
@@ -1152,6 +3275,116 @@ openldap (2.4.23-7) unstable; urgency=low
11523275
1153 -- Matthijs Mohlmann <matthijs@cacholong.nl> Sat, 06 Nov 2010 12:13:01 +01003276 -- Matthijs Mohlmann <matthijs@cacholong.nl> Sat, 06 Nov 2010 12:13:01 +0100
11543277
3278openldap (2.4.23-6ubuntu7) oneiric; urgency=low
3279
3280 * Rebuild for Perl 5.12.
3281
3282 -- Colin Watson <cjwatson@ubuntu.com> Sun, 08 May 2011 13:40:28 +0100
3283
3284openldap (2.4.23-6ubuntu6) natty; urgency=low
3285
3286 * SECURITY UPDATE: fix successful anonymous bind via chain overlay when
3287 using forwarded authentication failures
3288 - debian/patches/CVE-2011-1024
3289 - CVE-2011-1024
3290 * SECURITY UPDATE: verify password when authenticating to rootdn and using ndb
3291 backend. Note: Ubuntu is not compiled with --enable-ndb by default
3292 - debian/patches/CVE-2011-1025
3293 - CVE-2011-1025
3294 * SECURITY UPDATE: fix DoS when processing unauthenticated modrdn requests
3295 and requestDN is empty
3296 - debian/patches/CVE-2011-1081
3297 - CVE-2011-1081
3298 - LP: #742104
3299
3300 -- Jamie Strandboge <jamie@ubuntu.com> Thu, 07 Apr 2011 11:36:53 -0500
3301
3302openldap (2.4.23-6ubuntu5) natty; urgency=low
3303
3304 * debian/patches/service-operational-before-detach: New patch replacing
3305 old one of same name as previous could cause database corruption,
3306 based on upstream commits. (LP: #727973)
3307
3308 -- Dave Walker (Daviey) <DaveWalker@ubuntu.com> Wed, 02 Mar 2011 20:33:08 +0000
3309
3310openldap (2.4.23-6ubuntu4) natty; urgency=low
3311
3312 * Fix FTBFS with ld.gold.
3313
3314 -- Matthias Klose <doko@ubuntu.com> Wed, 19 Jan 2011 07:39:49 +0100
3315
3316openldap (2.4.23-6ubuntu3) natty; urgency=low
3317
3318 * debian/patches/gssapi.diff:
3319 Update patch so that likewise-open is usable again (LP: #661547)
3320
3321 -- Thierry Carrez (ttx) <thierry.carrez@ubuntu.com> Fri, 26 Nov 2010 15:50:11 +0100
3322
3323openldap (2.4.23-6ubuntu2) natty; urgency=low
3324
3325 * Install nss overlay (LP: #675391):
3326 - debian/rules: run install target for nssov module.
3327 - debian/patches/nssov-build: fix patch to install schema in
3328 /etc/ldap/schema.
3329
3330 -- Mathias Gug <mathiaz@ubuntu.com> Wed, 17 Nov 2010 18:16:42 -0500
3331
3332openldap (2.4.23-6ubuntu1) natty; urgency=low
3333
3334 * Merge from Debian unstable:
3335 - Install a default DIT (LP: #442498).
3336 - Document cn=config in README file (LP: #370784).
3337 - remaining changes:
3338 + AppArmor support:
3339 - debian/apparmor-profile: add AppArmor profile
3340 - use dh_apparmor:
3341 - debian/rules: use dh_apparmor
3342 - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
3343 - updated debian/slapd.README.Debian for note on AppArmor
3344 - debian/slapd.dirs: add etc/apparmor.d/force-complain
3345 + Enable GSSAPI support (LP: #495418):
3346 - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
3347 - Add --with-gssapi support
3348 - Make guess_service_principal() more robust when determining
3349 principal
3350 - debian/patches/series: apply gssapi.diff patch.
3351 - debian/configure.options: Configure with --with-gssapi
3352 - debian/control: Added libkrb5-dev as a build depend
3353 + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
3354 in the openldap library, as required by Likewise-Open (LP: #390579)
3355 + Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
3356 - debian/control:
3357 - remove build-dependency on heimdal-dev.
3358 - remove slapd-smbk5pwd binary package.
3359 - debian/rules: don't build smbk5pwd slapd module.
3360 + debian/{control,rules}: enable PIE hardening
3361 + ufw support (LP: #423246):
3362 - debian/control: suggest ufw.
3363 - debian/rules: install ufw profile.
3364 - debian/slapd.ufw.profile: add ufw profile.
3365 + Enable nssoverlay:
3366 - debian/patches/nssov-build, debian/series, debian/rules:
3367 Apply, build and package the nss overlay.
3368 - debian/schema/extra/misc.ldif: add ldif file for the misc schema
3369 which defines rfc822MailMember (required by the nss overlay).
3370 + debian/rules, debian/schema/extra/:
3371 Fix configure rule to supports extra schemas shipped as part
3372 of the debian/schema/ directory.
3373 + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
3374 + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
3375 neither the default DIT nor via an Authn mapping.
3376 + debian/slapd.scripts-common: adjust minimum version that triggers a
3377 database upgrade. Upgrade from maverick shouldn't trigger database
3378 upgrade (which would happen with the version used in Debian).
3379 + debian/slapd.scripts-common: add slapcat_opts to local variables.
3380 Remove unused variable new_conf.
3381 + debian/slapd.script-common: Fix package reconfiguration.
3382 - Fix backup directory naming for multiple reconfiguration.
3383 + debian/slapd.default, debian/slapd.README.Debian:
3384 use the new configuration style.
3385
3386 -- Mathias Gug <mathiaz@ubuntu.com> Fri, 12 Nov 2010 15:19:07 -0500
3387
1155openldap (2.4.23-6) unstable; urgency=high3388openldap (2.4.23-6) unstable; urgency=high
11563389
1157 * Check for an empty directory to prevent an rm -f /*. (Closes: #597704)3390 * Check for an empty directory to prevent an rm -f /*. (Closes: #597704)
@@ -1274,6 +3507,80 @@ openldap (2.4.23-1) unstable; urgency=low
12743507
1275 -- Matthijs Mohlmann <matthijs@cacholong.nl> Mon, 12 Jul 2010 13:25:00 +02003508 -- Matthijs Mohlmann <matthijs@cacholong.nl> Mon, 12 Jul 2010 13:25:00 +0200
12763509
3510openldap (2.4.23-0ubuntu4) natty; urgency=low
3511
3512 * debian/slapd.templates: amended typo in slapd/move_old_database
3513 (LP: #666028)
3514
3515 -- James Page <james.page@canonical.com> Mon, 08 Nov 2010 10:00:58 +0000
3516
3517openldap (2.4.23-0ubuntu3.2) maverick-proposed; urgency=low
3518
3519 * debian/slapd.templates: re-add slapd/move_old_database template as it's
3520 used during the package upgrade. Thanks to James Page for pointing it.
3521 * debian/slapd.config: restore debconf question slapd/move_old_database.
3522
3523 -- Mathias Gug <mathiaz@ubuntu.com> Thu, 14 Oct 2010 16:56:38 -0400
3524
3525openldap (2.4.23-0ubuntu3.1) maverick-proposed; urgency=low
3526
3527 [ James Page ]
3528 * Fixed install/upgrade process to dump/restore databases due
3529 to uplift to libdb4.8-dev (LP: #658227)
3530
3531 -- Mathias Gug <mathiaz@ubuntu.com> Thu, 14 Oct 2010 14:50:49 -0400
3532
3533openldap (2.4.23-0ubuntu3) maverick; urgency=low
3534
3535 * debian/rules: move dh_apparmor before dh_installinit
3536
3537 -- Jamie Strandboge <jamie@ubuntu.com> Fri, 06 Aug 2010 17:34:21 -0500
3538
3539openldap (2.4.23-0ubuntu2) maverick; urgency=low
3540
3541 * convert to using dh_apparmor:
3542 - debian/rules, debian/slapd.post{inst,rm}: use dh_apparmor
3543 - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
3544 * debian/apparmor-profile: use local include
3545
3546 -- Jamie Strandboge <jamie@ubuntu.com> Fri, 06 Aug 2010 15:08:55 -0500
3547
3548openldap (2.4.23-0ubuntu1) maverick; urgency=low
3549
3550 * New release, features include:
3551 + Fixed libldap to return server's error code (ITS#6569)
3552 + Fixed libldap memleaks (ITS#6568)
3553 + Fixed liblutil off-by-one with delta (ITS#6541)
3554 + Fixed slapd acls with glued databases (ITS#6468)
3555 + Fixed slapd syncrepl rid logging (ITS#6533)
3556 + Fixed slapd modrdn handling of invalid values (ITS#6570)
3557 + Fixed slapd-bdb hasSubordinates computation (ITS#6549)
3558 + Fixed slapd-bdb to use memcpy instead for strcpy (ITS#6474)
3559 + Fixed slapd-bdb entry cache delete failure (ITS#6577)
3560 + Fixed slapd-ldap to return control responses (ITS#6530)
3561 + Fixed slapo-ppolicy to use Debug (ITS#6566)
3562 + Fixed slapo-refint to zero out freed DN vals (ITS#6572)
3563 + Fixed slapo-rwm to use Debug (ITS#6566)
3564 + Fixed slapo-sssvlv to use Debug (ITS#6566)
3565 + Fixed slapo-syncprov lost deletes in refresh phase (ITS#6555)
3566 + Fixed slapo-valsort to use Debug (ITS#6566)
3567 + Fixed contrib/nssov network.c missing patch (ITS#6562)
3568 + Fixed test043 attribute sorting (ITS#6553)
3569 + slapd-config(5) note default rootdn (ITS#6546)
3570 * Rebased patches debian/patches/dropped nssov-build
3571 * Resynchronize with Debian:
3572 + debian/control:
3573 - Bump standards-version to 3.9.0
3574 - Use libdb4.8-dev (LP: #572489)
3575 + Added debian/patches/issue-6534-patch
3576 + Added debian/patches/ldap-conf-tls-cacertdir
3577 * Add ufw support, thanks to PatRiehecky (LP: #423246)
3578
3579 [Adam Sommer]
3580 * debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
3581
3582 -- Chuck Short <zulcss@ubuntu.com> Wed, 28 Jul 2010 11:35:16 -0400
3583
1277openldap (2.4.21-1) unstable; urgency=low3584openldap (2.4.21-1) unstable; urgency=low
12783585
1279 [ Steve Langasek ]3586 [ Steve Langasek ]
@@ -1305,6 +3612,79 @@ openldap (2.4.21-1) unstable; urgency=low
13053612
1306 -- Matthijs Mohlmann <matthijs@cacholong.nl> Thu, 22 Apr 2010 23:40:30 +02003613 -- Matthijs Mohlmann <matthijs@cacholong.nl> Thu, 22 Apr 2010 23:40:30 +0200
13073614
3615openldap (2.4.21-0ubuntu5) lucid; urgency=low
3616
3617 * Fix local root connection access: replace olcAuthzRegexp mapping to
3618 cn=localroot,cn=config with using the SASL dn directly in olcAccess.
3619 Makes upgrades much simpler and robust (LP: #563829).
3620
3621 -- Mathias Gug <mathiaz@ubuntu.com> Fri, 23 Apr 2010 00:23:31 -0400
3622
3623openldap (2.4.21-0ubuntu4) lucid; urgency=low
3624
3625 [ Simon Olofsson ]
3626 * debian/slapd.postinst:
3627 - Show a message after successful migration (LP: #538848)
3628
3629 [ Jorgen Rosink ]
3630 * debian/slapd.init: add simple status checking with LSB compatible exit
3631 codes (LP: #562377)
3632 * debian/slapd.init.ldif:
3633 - remove admin user in default config database (LP: #556176)
3634 - in default config, add olcAccess entries giving access to controls
3635 available and cn=subschema (LP: #427842)
3636
3637 [ Scott Moser ]
3638 * debian/slapd.scripts-common: Do not create /nonexistent directory
3639 for openldap user's home (LP: #556176)
3640 * debian/slapd.postinst: fix cn=config olcAccess migration (LP: #559070)
3641
3642 -- Scott Moser <smoser@ubuntu.com> Mon, 12 Apr 2010 16:16:47 -0400
3643
3644openldap (2.4.21-0ubuntu3) lucid; urgency=low
3645
3646 * debian/slapd.postinst, debian/slapd.scripts-common: Upgrade databases
3647 before trying to convert to slapd.d, to avoid upgrade failure from hardy
3648 (LP: #536958)
3649 * debian/slapd.postinst: Add a {1} numeric index to olcAccess entry in
3650 olcDatabase={0}config.ldif to avoid upgrade failures (LP: #538516, #526230)
3651
3652 -- Thierry Carrez <thierry.carrez@ubuntu.com> Mon, 29 Mar 2010 13:31:47 +0200
3653
3654openldap (2.4.21-0ubuntu2) lucid; urgency=low
3655
3656 * debian/apparmor-profile: Update apparmor profile. (LP: #508190)
3657
3658 -- Chuck Short <zulcss@ubuntu.com> Tue, 09 Mar 2010 13:33:35 -0500
3659
3660openldap (2.4.21-0ubuntu1) lucid; urgency=low
3661
3662 * New upstream release.
3663 * debian/rules, debian/schema/extra/:
3664 Fix get-orig-source rule to supports extra schemas shipped as part of the
3665 debian/schema/ directory.
3666
3667 -- Mathias Gug <mathiaz@ubuntu.com> Thu, 18 Feb 2010 00:58:13 -0500
3668
3669openldap (2.4.18-0ubuntu2) lucid; urgency=low
3670
3671 * debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
3672 - Add --with-gssapi support
3673 - Make guess_service_principal() more robust when determining principal
3674 * Enable GSSAPI support (LP: #495418):
3675 - debian/configure.options: Configure with --with-gssapi
3676 - debian/control: Added libkrb5-dev as a build depend
3677
3678 -- Thierry Carrez <thierry.carrez@ubuntu.com> Fri, 11 Dec 2009 11:31:11 +0100
3679
3680openldap (2.4.18-0ubuntu1) karmic; urgency=low
3681
3682 * New upstream release: (LP: #419515):
3683 + pcache overlay supports disconnected mode.
3684 * Fix nss overlay load (LP: #417163).
3685
3686 -- Mathias Gug <mathiaz@ubuntu.com> Mon, 07 Sep 2009 13:41:10 -0400
3687
1308openldap (2.4.17-2.1) unstable; urgency=high3688openldap (2.4.17-2.1) unstable; urgency=high
13093689
1310 * Non-maintainer upload by the Security Team.3690 * Non-maintainer upload by the Security Team.
@@ -1331,6 +3711,108 @@ openldap (2.4.17-2) unstable; urgency=low
13313711
1332 -- Steve Langasek <vorlon@debian.org> Tue, 22 Sep 2009 20:06:34 -07003712 -- Steve Langasek <vorlon@debian.org> Tue, 22 Sep 2009 20:06:34 -0700
13333713
3714openldap (2.4.17-1ubuntu3) karmic; urgency=low
3715
3716 * Install a minimal slapd configuration instead of creating a default
3717 database with a default DIT:
3718 + Move openldap user home from /var/lib/ldap to /nonexistent.
3719 + Remove all code and templates dealing with the default database and DIT
3720 creation.
3721 + Add an Authz map from root user (UID=0) to cn=localroot,cn=config and
3722 grant all access to the latter in the cn=config database as well as the
3723 default backend configuration.
3724 * Add cn=localroot,cn=config authz mapping on upgrades.
3725
3726 -- Mathias Gug <mathiaz@ubuntu.com> Tue, 11 Aug 2009 14:48:56 -0400
3727
3728openldap (2.4.17-1ubuntu2) karmic; urgency=low
3729
3730 [ Thierry Carrez ]
3731 * debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
3732 in the openldap library, as required by Likewise-Open (LP: #390579)
3733
3734 [ Mathias Gug ]
3735 * debian/patches/its6077-uniqueness-overlay: fixes some issues with the
3736 uniqueness overlay.
3737 * debian/patches/its6220-writetimeout-directive: fixes a problem with the
3738 writetimeout directive being in effect even if it wasn't set,
3739 closing connections incorrectly.
3740 * debian/patches/its6222-dncachesize-parameter: fixes the behavior of the
3741 dncachesize parameter that was added in RE24, so that if it is set to
3742 "0" (now the default), it has an unlimited DN cache (RE23 always
3743 had an unlimited DN cache).
3744
3745 -- Mathias Gug <mathiaz@ubuntu.com> Fri, 31 Jul 2009 13:43:46 -0400
3746
3747openldap (2.4.17-1ubuntu1) karmic; urgency=low
3748
3749 [ Steve Langasek ]
3750 * Fix up the lintian warnings:
3751 - add missing misc-depends on all packages
3752 - slapd, libldap-2.4-2-dbg sections changed to 'debug' to match archive
3753 overrides
3754 - bump Standards-Version to 3.8.2, no changes required.
3755
3756 [ Mathias Gug ]
3757 * Resynchronise with Debian. Remaining changes:
3758 - AppArmor support:
3759 - debian/apparmor-profile: add AppArmor profile
3760 - updated debian/slapd.README.Debian for note on AppArmor
3761 - debian/slapd.dirs: add etc/apparmor.d/force-complain
3762 - debian/slapd.postrm: remove symlink in force-complain/ on purge
3763 - debian/rules: install apparmor profile.
3764 - Don't use local statement in config script as it fails if /bin/sh
3765 points to bash.
3766 - debian/slapd.postinst, debian/slapd.script-common: set correct
3767 ownership and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group
3768 readable) and /var/run/slapd (world readable).
3769 - Enable nssoverlay:
3770 - debian/patches/nssov-build, debian/rules: Build and package the nss
3771 overlay.
3772 - debian/schema/misc.ldif: add ldif file for the misc schema which
3773 defines rfc822MailMember (required by the nss overlay).
3774 - debian/{control,rules}: enable PIE hardening
3775 - Use cn=config as the default configuration backend instead of
3776 slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade
3777 asking the end user to enter a new password to control the access to
3778 the cn=config tree.
3779 - debian/slapd.postinst: create /var/run/slapd before updating its
3780 permissions.
3781 - debian/slapd.init: Correctly set slapd config backend option even if
3782 the pidfile is configured in slapd default file.
3783 * Dropped:
3784 - Merged in Debian:
3785 - Update priority of libldap-2.4-2 to match the archive override.
3786 - Add the missing ldapexop and ldapurl tools to ldap-utils, as well as
3787 the ldapurl(1) manpage.
3788 - Bump build-dependency on debhelper to 6 instead of 5, since that's
3789 what we're using.
3790 - Set the default SLAPD_SERVICES to ldap:/// ldapi:///, instead of using
3791 the built-in default of ldap:/// only.
3792 - Fixed in upstream release:
3793 - debian/patches/fix-ldap_back_entry_get_rwa.patch: fix test-0034
3794 failure when built with PIE.
3795 - debian/patches/gnutls-enable-v1-ca-certs: Enable V1 CA certs to be
3796 trusted.
3797 - Update Apparmor profile support: don't support upgrade from pre-hardy
3798 systems:
3799 - debian/slapd.postinst: Reload AA profile on configuration
3800 - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
3801 - debian/control: Conflicts with apparmor-profiles <<
3802 2.1+1075-0ubuntu4 to make sure that if earlier version of
3803 apparmor-profiles gets installed it won't overwrite our profile.
3804 - follow ApparmorProfileMigration and force apparmor complain mode on
3805 some upgrades
3806 - debian/slapd.preinst: create symlink for force-complain on
3807 pre-feisty upgrades, upgrades where apparmor-profiles profile is
3808 unchanged (ie non-enforcing) and upgrades where apparmor profile
3809 does not exist.
3810 - debian/patches/autogen.sh: no longer needed with karmic libtool.
3811 - Call libtoolize with the --install option to install
3812 config.{guess,sub} files.
3813
3814 -- Mathias Gug <mathiaz@ubuntu.com> Thu, 30 Jul 2009 16:42:58 -0400
3815
1334openldap (2.4.17-1) unstable; urgency=low3816openldap (2.4.17-1) unstable; urgency=low
13353817
1336 * New upstream version.3818 * New upstream version.
@@ -1353,6 +3835,153 @@ openldap (2.4.17-1) unstable; urgency=low
13533835
1354 -- Steve Langasek <vorlon@debian.org> Tue, 28 Jul 2009 10:17:15 -07003836 -- Steve Langasek <vorlon@debian.org> Tue, 28 Jul 2009 10:17:15 -0700
13553837
3838openldap (2.4.15-1.1ubuntu1) karmic; urgency=low
3839
3840 * Resynchronise with Debian. Remaining changes:
3841 - AppArmor support:
3842 - debian/apparmor-profile: add AppArmor profile
3843 - debian/slapd.postinst: Reload AA profile on configuration
3844 - updated debian/slapd.README.Debian for note on AppArmor
3845 - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
3846 - debian/control: Conflicts with apparmor-profiles <<
3847 2.1+1075-0ubuntu4 to make sure that if earlier version of
3848 apparmor-profiles gets installed it won't overwrite our profile.
3849 - follow ApparmorProfileMigration and force apparmor complain mode on
3850 some upgrades
3851 - debian/slapd.dirs: add etc/apparmor.d/force-complain
3852 - debian/slapd.preinst: create symlink for force-complain on
3853 pre-feisty upgrades, upgrades where apparmor-profiles profile is
3854 unchanged (ie non-enforcing) and upgrades where apparmor profile
3855 does not exist.
3856 - debian/slapd.postrm: remove symlink in force-complain/ on purge
3857 - debian/patches/autogen.sh:
3858 - Call libtoolize with the --install option to install
3859 config.{guess,sub} files.
3860 - Don't use local statement in config script as it fails if /bin/sh
3861 points to bash.
3862 - debian/slapd.postinst, debian/slapd.script-common: set correct
3863 ownership and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group
3864 readable) and /var/run/slapd (world readable).
3865 - Enable nssoverlay:
3866 - debian/patches/nssov-build, debian/rules: Build and package the nss
3867 overlay.
3868 - debian/schema/misc.ldif: add ldif file for the misc schema which
3869 defines rfc822MailMember (required by the nss overlay).
3870 - debian/{control,rules}: enable PIE hardening
3871 - Use cn=config as the default configuration backend instead of
3872 slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade
3873 asking the end user to enter a new password to control the access to
3874 the cn=config tree.
3875 - Update priority of libldap-2.4-2 to match the archive override.
3876 - Add the missing ldapexop and ldapurl tools to ldap-utils, as well as
3877 the ldapurl(1) manpage.
3878 - Bump build-dependency on debhelper to 6 instead of 5, since that's
3879 what we're using.
3880 - Set the default SLAPD_SERVICES to ldap:/// ldapi:///, instead of using
3881 the built-in default of ldap:/// only.
3882 - debian/patches/fix-ldap_back_entry_get_rwa.patch: fix test-0034
3883 failure when built with PIE.
3884 - debian/patches/gnutls-enable-v1-ca-certs: Enable V1 CA certs to be
3885 trusted.
3886 - debian/slapd.postinst: create /var/run/slapd before updating its
3887 permissions.
3888 - debian/slapd.init: Correctly set slapd config backend option even if
3889 the pidfile is configured in slapd default file.
3890 * Drop patch to avoid the test suite on hppa, as hppa is EOL.
3891
3892 -- Colin Watson <cjwatson@ubuntu.com> Wed, 24 Jun 2009 10:45:20 +0100
3893
3894openldap (2.4.15-1.1) unstable; urgency=low
3895
3896 * Non-maintainer upload.
3897 * Change libltdl3-dev Build-Depends to libltdl-dev | libltdl3-dev
3898 (Closes: #522965)
3899
3900 -- Kurt Roeckx <kurt@roeckx.be> Sun, 19 Apr 2009 18:24:32 +0200
3901
3902openldap (2.4.15-1ubuntu3) jaunty; urgency=low
3903
3904 * No-change rebuild to fix lpia shared library dependencies.
3905
3906 -- Colin Watson <cjwatson@ubuntu.com> Thu, 19 Mar 2009 09:52:40 +0000
3907
3908openldap (2.4.15-1ubuntu2) jaunty; urgency=low
3909
3910 * debian/slapd.postinst: create /var/run/slapd before updating its
3911 permissions (LP: #298928).
3912 * debian/slapd.init: Correclty set slapd config backend option even if the
3913 pidfile is configured in slapd default file (LP: #292364).
3914 * debian/apparmor-profile: support multiple databases to be stored under
3915 /var/lib/ldap/. (LP: #286614).
3916
3917 -- Mathias Gug <mathiaz@ubuntu.com> Fri, 13 Mar 2009 13:56:12 -0400
3918
3919openldap (2.4.15-1ubuntu1) jaunty; urgency=low
3920
3921 [ Steve Langasek ]
3922 * Update priority of libldap-2.4-2 to match the archive override.
3923 * Add the missing ldapexop and ldapurl tools to ldap-utils, as well as the
3924 ldapurl(1) manpage. Thanks to Peter Marschall for the patch.
3925 Closes: #496749.
3926 * Bump build-dependency on debhelper to 6 instead of 5, since that's
3927 what we're using. Closes: #498116.
3928 * Set the default SLAPD_SERVICES to ldap:/// ldapi:///, instead of using
3929 the built-in default of ldap:/// only.
3930
3931 [ Mathias Gug ]
3932 * Merge from debian unstable, remaining changes:
3933 - Modify Maintainer value to match the DebianMaintainerField
3934 speficication.
3935 - AppArmor support:
3936 - debian/apparmor-profile: add AppArmor profile
3937 - debian/slapd.postinst: Reload AA profile on configuration
3938 - updated debian/slapd.README.Debian for note on AppArmor
3939 - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
3940 - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
3941 to make sure that if earlier version of apparmour-profiles gets
3942 installed it won't overwrite our profile.
3943 - follow ApparmorProfileMigration and force apparmor compalin mode on
3944 some upgrades (LP: #203529)
3945 - debian/slapd.dirs: add etc/apparmor.d/force-complain
3946 - debian/slapd.preinst: create symlink for force-complain on pre-feisty
3947 upgrades, upgrades where apparmor-profiles profile is unchanged (ie
3948 non-enforcing) and upgrades where apparmor profile does not exist.
3949 - debian/slapd.postrm: remove symlink in force-complain/ on purge
3950 - debian/control:
3951 - Build-depend on libltdl7-dev rather then libltdl3-dev.
3952 - debian/patches/autogen.sh:
3953 - Call libtoolize with the --install option to install config.{guess,sub}
3954 files.
3955 - Don't use local statement in config script as it fails if /bin/sh
3956 points to bash (LP: #286063).
3957 - Disable the testsuite on hppa. Allows building of packages on this
3958 architecture again, once this package is in the archive.
3959 LP: #288908.
3960 - debian/slapd.postinst, debian/slapd.script-common: set correct ownership
3961 and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group readable) and
3962 /var/run/slapd (world readable). (LP: #257667).
3963 - Enable nssoverlay:
3964 - debian/patches/nssov-build, debian/rules: Build and package
3965 the nss overlay.
3966 - debian/schema/misc.ldif: add ldif file for the misc schema
3967 which defines rfc822MailMember (required by the nss overlay).
3968 - debian/{control,rules}: enable PIE hardening
3969 - Use cn=config as the default configuration backend instead of
3970 slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade
3971 asking the end user to enter a new password to control the access to the
3972 cn=config tree.
3973 * Dropped:
3974 - debian/patches/corrupt-contextCSN: The contextCSN can get corrupted at
3975 times. (ITS: #5947) Fixed in new upstream version 2.4.15.
3976 - debian/patches/fix-ucred-libc due to changes how newer glibc handle
3977 the ucred struct now. Implemented in Debian.
3978 * debian/patches/fix-ldap_back_entry_get_rwa.patch: fix test-0034 failure
3979 when built with PIE.
3980 * debian/patches/gnutls-enable-v1-ca-certs: Enable V1 CA certs to be
3981 trusted (LP: #305264).
3982
3983 -- Mathias Gug <mathiaz@ubuntu.com> Fri, 06 Mar 2009 17:34:21 -0500
3984
1356openldap (2.4.15-1) unstable; urgency=low3985openldap (2.4.15-1) unstable; urgency=low
13573986
1358 * New upstream version3987 * New upstream version
@@ -1370,6 +3999,69 @@ openldap (2.4.15-1) unstable; urgency=low
13703999
1371 -- Steve Langasek <vorlon@debian.org> Tue, 24 Feb 2009 14:27:35 -08004000 -- Steve Langasek <vorlon@debian.org> Tue, 24 Feb 2009 14:27:35 -0800
13724001
4002openldap (2.4.14-0ubuntu1) jaunty; urgency=low
4003
4004 [ Steve Langasek ]
4005 * New upstream version
4006 - Fixes a bug with the pcache overlay not returning cached entries
4007 (closes: #497697)
4008 - Update evolution-ntlm patch to apply to current Makefiles.
4009 - (tentatively) drop gnutls-ciphers, since this bug was reported to be
4010 fixed upstream in 2.4.8. The fix applied in 2.4.8 didn't match the
4011 patch from the bug report, so this should be watched for regressions.
4012 * Build against db4.7 instead of db4.2 at last! Closes: #421946.
4013 * Build with --disable-ndb, to avoid a misbuild when libmysqlclient is
4014 installed in the build environment.
4015 * New patch, no-crlcheck-for-gnutls, to fix a build failure when using
4016 --with-tls=gnutls.
4017
4018 [ Mathias Gug ]
4019 * Merge from debian unstable, remaining changes:
4020 - debian/apparmor-profile: add AppArmor profile
4021 - debian/slapd.postinst: Reload AA profile on configuration
4022 - updated debian/slapd.README.Debian for note on AppArmor
4023 - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
4024 - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
4025 to make sure that if earlier version of apparmour-profiles gets
4026 installed it won't overwrite our profile.
4027 - Modify Maintainer value to match the DebianMaintainerField
4028 speficication.
4029 - follow ApparmorProfileMigration and force apparmor compalin mode on
4030 some upgrades (LP: #203529)
4031 - debian/slapd.dirs: add etc/apparmor.d/force-complain
4032 - debian/slapd.preinst: create symlink for force-complain on pre-feisty
4033 upgrades, upgrades where apparmor-profiles profile is unchanged (ie
4034 non-enforcing) and upgrades where apparmor profile does not exist.
4035 - debian/slapd.postrm: remove symlink in force-complain/ on purge
4036 - debian/patches/fix-ucred-libc due to changes how newer glibc handle
4037 the ucred struct now.
4038 - debian/control:
4039 - Build-depend on libltdl7-dev rather then libltdl3-dev.
4040 - debian/patches/autogen.sh:
4041 - Call libtoolize with the --install option to install config.{guess,sub}
4042 files.
4043 - Don't use local statement in config script as it fails if /bin/sh
4044 points to bash (LP: #286063).
4045 - Disable the testsuite on hppa. Allows building of packages on this
4046 architecture again, once this package is in the archive.
4047 LP: #288908.
4048 - debian/slapd.postinst, debian/slapd.script-common: set correct ownership
4049 and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group readable) and
4050 /var/run/slapd (world readable). (LP: #257667).
4051 - debian/patches/nssov-build, debian/rules:
4052 Build and package the nss overlay.
4053 debian/schema/misc.ldif: add ldif file for the misc schema, which defines
4054 rfc822MailMember (required by the nss overlay).
4055 - debian/{control,rules}: enable PIE hardening
4056 - Use cn=config as the default configuration backend instead of
4057 slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade
4058 asking the end user to enter a new password to control the access to the
4059 cn=config tree.
4060 * debian/patches/corrupt-contextCSN: The contextCSN can get corrupted at
4061 times. (ITS: #5947)
4062
4063 -- Mathias Gug <mathiaz@ubuntu.com> Wed, 18 Feb 2009 18:44:00 -0500
4064
1373openldap (2.4.11-1) unstable; urgency=low4065openldap (2.4.11-1) unstable; urgency=low
13744066
1375 * New upstream version (closes: #499560).4067 * New upstream version (closes: #499560).
@@ -1392,6 +4084,110 @@ openldap (2.4.11-1) unstable; urgency=low
13924084
1393 -- Steve Langasek <vorlon@debian.org> Sat, 11 Oct 2008 01:53:55 -07004085 -- Steve Langasek <vorlon@debian.org> Sat, 11 Oct 2008 01:53:55 -0700
13944086
4087openldap (2.4.11-0ubuntu7) jaunty; urgency=low
4088
4089 * Don't use local statement in config script as it fails if /bin/sh
4090 points to bash (LP: #286063).
4091
4092 -- Mathias Gug <mathiaz@ubuntu.com> Tue, 04 Nov 2008 20:03:46 -0500
4093
4094openldap (2.4.11-0ubuntu6) intrepid; urgency=low
4095
4096 * Disable the testsuite on hppa. Allows building of packages on this
4097 architecture again, once this package is in the archive.
4098 LP: #288908.
4099
4100 -- Matthias Klose <doko@ubuntu.com> Fri, 24 Oct 2008 23:22:33 +0200
4101
4102openldap (2.4.11-0ubuntu5) intrepid; urgency=low
4103
4104 * Don't set admin passwords in ldif files if adminpw is empty.
4105 (LP: #273988 - LP: #276606).
4106
4107 -- Mathias Gug <mathiaz@ubuntu.com> Mon, 13 Oct 2008 19:31:15 -0400
4108
4109openldap (2.4.11-0ubuntu4) intrepid; urgency=low
4110
4111 * debian/slapd.postinst, debian/slapd.script-common: set correct ownership
4112 and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group readable) and
4113 /var/run/slapd (world readable). (LP: #257667).
4114 * debian/slapd.script-common:
4115 - Fix package reconfiguration:
4116 + Remove slapd.d/ directory if it already exists when creating a new
4117 configuration.
4118 + Fix backup directory naming for multiple reconfiguration.
4119
4120 -- Mathias Gug <mathiaz@ubuntu.com> Wed, 24 Sep 2008 21:01:42 -0400
4121
4122openldap (2.4.11-0ubuntu3) intrepid; urgency=low
4123
4124 * debian/patches/nssov-build, debian/rules:
4125 Build and package the nss overlay.
4126 * debian/schema/misc.ldif: add ldif file for the misc schema, which defines
4127 rfc822MailMember (required by the nss overlay).
4128
4129 -- Mathias Gug <mathiaz@ubuntu.com> Tue, 26 Aug 2008 18:42:54 -0400
4130
4131openldap (2.4.11-0ubuntu2) intrepid; urgency=low
4132
4133 * debian/{control,rules}: enable PIE hardening
4134
4135 -- Kees Cook <kees@ubuntu.com> Wed, 20 Aug 2008 15:47:01 -0700
4136
4137openldap (2.4.11-0ubuntu1) intrepid; urgency=low
4138
4139 * New upstream version:
4140 - Mainly bug fixes.
4141 - New nss slapd overlay (not compiled by default).
4142 * Use cn=config as the default configuration backend instead of
4143 slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade
4144 asking the end user to enter a new password to control the access to the
4145 cn=config tree.
4146
4147 -- Mathias Gug <mathiaz@ubuntu.com> Mon, 11 Aug 2008 20:26:05 -0400
4148
4149openldap (2.4.10-3ubuntu1) intrepid; urgency=low
4150
4151 [ Mathias Gug ]
4152 * Merge from debian unstable, remaining changes:
4153 - debian/apparmor-profile: add AppArmor profile
4154 - debian/slapd.postinst: Reload AA profile on configuration
4155 - updated debian/slapd.README.Debian for note on AppArmor
4156 - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
4157 - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
4158 to make sure that if earlier version of apparmour-profiles gets
4159 installed it won't overwrite our profile.
4160 - Modify Maintainer value to match the DebianMaintainerField
4161 speficication.
4162 - follow ApparmorProfileMigration and force apparmor compalin mode on
4163 some upgrades (LP: #203529)
4164 - debian/slapd.dirs: add etc/apparmor.d/force-complain
4165 - debian/slapd.preinst: create symlink for force-complain on pre-feisty
4166 upgrades, upgrades where apparmor-profiles profile is unchanged (ie
4167 non-enforcing) and upgrades where apparmor profile does not exist.
4168 - debian/slapd.postrm: remove symlink in force-complain/ on purge
4169 - debian/patches/fix-ucred-libc due to changes how newer glibc handle
4170 the ucred struct now.
4171 - debian/patches/fix-unique-overlay-assertion.patch:
4172 Fix another assertion error in unique overlay (LP: #243337).
4173 Backport from head.
4174 * Dropped - implemented in Debian:
4175 - debian/patches/fix-gnutls-key-strength.patch:
4176 Fix slapd handling of ssf using gnutls. (LP: #244925).
4177 - debian/control:
4178 Add time as build dependency: needed by make test.
4179 * debian/control:
4180 - Build-depend on libltdl7-dev rather then libltdl3-dev.
4181 * debian/patches/autogen.sh:
4182 - Call libtoolize with the --install option to install config.{guess,sub}
4183 files.
4184
4185 [ Jamie Strandboge ]
4186 * adjust apparmor profile to allow gssapi (LP: #229252)
4187 * adjust apparmor profile to allow cnconfig (LP: #243525)
4188
4189 -- Mathias Gug <mathiaz@ubuntu.com> Wed, 30 Jul 2008 19:46:02 -0400
4190
1395openldap (2.4.10-3) unstable; urgency=low4191openldap (2.4.10-3) unstable; urgency=low
13964192
1397 [ Steve Langasek ]4193 [ Steve Langasek ]
@@ -1425,6 +4221,40 @@ openldap (2.4.10-3) unstable; urgency=low
14254221
1426 -- Steve Langasek <vorlon@debian.org> Mon, 28 Jul 2008 15:26:06 -07004222 -- Steve Langasek <vorlon@debian.org> Mon, 28 Jul 2008 15:26:06 -0700
14274223
4224openldap (2.4.10-2ubuntu1) intrepid; urgency=low
4225
4226 * Merge from debian unstable, remaining changes:
4227 - debian/apparmor-profile: add AppArmor profile
4228 - debian/slapd.postinst: Reload AA profile on configuration
4229 - updated debian/slapd.README.Debian for note on AppArmor
4230 - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
4231 - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
4232 to make sure that if earlier version of apparmour-profiles gets
4233 installed it won't overwrite our profile.
4234 - Modify Maintainer value to match the DebianMaintainerField
4235 speficication.
4236 - follow ApparmorProfileMigration and force apparmor compalin mode on
4237 some upgrades (LP: #203529)
4238 - debian/slapd.dirs: add etc/apparmor.d/force-complain
4239 - debian/slapd.preinst: create symlink for force-complain on pre-feisty
4240 upgrades, upgrades where apparmor-profiles profile is unchanged (ie
4241 non-enforcing) and upgrades where apparmor profile does not exist.
4242 - debian/slapd.postrm: remove symlink in force-complain/ on purge
4243 - debian/patches/fix-ucred-libc due to changes how newer glibc handle
4244 the ucred struct now.
4245 - debian/patches/fix-unique-overlay-assertion.patch:
4246 Fix another assertion error in unique overlay (LP: #243337).
4247 Backport from head.
4248 - debian/patches/fix-gnutls-key-strength.patch:
4249 Fix slapd handling of ssf using gnutls. (LP: #244925).
4250 - debian/control:
4251 Add time as build dependency: needed by make test.
4252 * Dropped - implemented in Debian:
4253 - debian/rules:
4254 Support debuild nocheck option: don't run tests if nocheck is set.
4255
4256 -- Mathias Gug <mathiaz@ubuntu.com> Thu, 10 Jul 2008 14:45:49 -0400
4257
1428openldap (2.4.10-2) unstable; urgency=low4258openldap (2.4.10-2) unstable; urgency=low
14294259
1430 * Support DEB_BUILD_OPTIONS=nocheck to disable running the test suite at4260 * Support DEB_BUILD_OPTIONS=nocheck to disable running the test suite at
@@ -1439,6 +4269,54 @@ openldap (2.4.10-2) unstable; urgency=low
14394269
1440 -- Steve Langasek <vorlon@debian.org> Sun, 06 Jul 2008 22:03:32 -07004270 -- Steve Langasek <vorlon@debian.org> Sun, 06 Jul 2008 22:03:32 -0700
14414271
4272openldap2.3 (2.4.10-1ubuntu1) intrepid; urgency=low
4273
4274 * Merge from debian unstable, remaining changes:
4275 - debian/apparmor-profile: add AppArmor profile
4276 - debian/slapd.postinst: Reload AA profile on configuration
4277 - updated debian/slapd.README.Debian for note on AppArmor
4278 - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
4279 - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
4280 to make sure that if earlier version of apparmour-profiles gets
4281 installed it won't overwrite our profile.
4282 - Modify Maintainer value to match the DebianMaintainerField
4283 speficication.
4284 - follow ApparmorProfileMigration and force apparmor compalin mode on
4285 some upgrades (LP: #203529)
4286 - debian/slapd.dirs: add etc/apparmor.d/force-complain
4287 - debian/slapd.preinst: create symlink for force-complain on pre-feisty
4288 upgrades, upgrades where apparmor-profiles profile is unchanged (ie
4289 non-enforcing) and upgrades where apparmor profile does not exist.
4290 - debian/slapd.postrm: remove symlink in force-complain/ on purge
4291 - debian/patches/fix-ucred-libc due to changes how newer glibc handle
4292 the ucred struct now.
4293 - debian/patches/fix-unique-overlay-assertion.patch:
4294 Fix another assertion error in unique overlay (LP: #243337).
4295 Backport from head.
4296 * debian/control:
4297 - add time as build dependency: needed by make test.
4298 * debian/rules:
4299 - support debuild nocheck option: don't run tests if nocheck is set.
4300 * debian/patches/fix-gnutls-key-strength.patch:
4301 - fix slapd handling of ssf using gnutls. (LP: #244925).
4302 * Dropped - accepted in Debian:
4303 - debian/rules, debian/slapd.links: use hard links to slapd instead of
4304 symlinks for slap* so these applications aren't confined by apparmor
4305 (LP: #203898)
4306 * Dropped - fixed in new upstream release:
4307 - debian/patches/fix-assertion-io.patch: Fixes ber_flush2 assertion.
4308 (LP: #215904)
4309 - debian/patches/fix-dnpretty-assertion.patch: Fix dnPrettyNormal assertion
4310 error. (LP: #234196)
4311 - dropped debian/patches/fix-notify-crasher.patch: Fix modify timestamp crashes.
4312 (LP: #220724)
4313 - debian/patches/fix-syncrepl-oops: Fixes segmentation fault when using
4314 syncrepl. (LP: #227178)
4315 - dropped debian/patches/SECURITY_CVE-2008-0658.patch. Already applied
4316 upstream.
4317
4318 -- Mathias Gug <mathiaz@ubuntu.com> Thu, 03 Jul 2008 14:15:08 -0400
4319
1442openldap2.3 (2.4.10-1) unstable; urgency=low4320openldap2.3 (2.4.10-1) unstable; urgency=low
14434321
1444 [ Steve Langasek ]4322 [ Steve Langasek ]
@@ -1463,6 +4341,64 @@ openldap2.3 (2.4.10-1) unstable; urgency=low
14634341
1464 -- Steve Langasek <vorlon@debian.org> Mon, 30 Jun 2008 04:28:34 -07004342 -- Steve Langasek <vorlon@debian.org> Mon, 30 Jun 2008 04:28:34 -0700
14654343
4344openldap2.3 (2.4.9-1ubuntu4) intrepid; urgency=low
4345
4346 * debian/patches/fix-unique-overlay-assertion.patch:
4347 - Fix another assertion error in unique overlay, backported from head.
4348 (LP: #243337) Note: This patch will still be needed when moved to 2.4.10
4349
4350 -- Chuck Short <zulcss@ubuntu.com> Mon, 30 Jun 2008 18:49:52 +0000
4351
4352openldap2.3 (2.4.9-1ubuntu3) intrepid; urgency=low
4353
4354 * Drop spurious dependency on hiemdal-dev. Caused by an aborted attempt to
4355 include the smbk5pwd overlay.
4356
4357 -- Chuck Short <zulcss@ubuntu.com> Wed, 11 Jun 2008 21:25:40 +0000
4358
4359openldap2.3 (2.4.9-1ubuntu2) intrepid; urgency=low
4360
4361 * Rebuild for perl 5.10 transition (LP: #230016)
4362 * debian/patches/fix-syncrepl-oops: Fixes segmentation fault when using
4363 syncrepl. (LP: #227178)
4364
4365 -- Chuck Short <zulcss@ubuntu.com> Mon, 09 Jun 2008 14:56:40 +0000
4366
4367openldap2.3 (2.4.9-1ubuntu1) intrepid; urgency=low
4368
4369 * Merge from debian unstable, remaining changes:
4370 - debian/apparmor-profile: add AppArmor profile
4371 - debian/slapd.postinst: Reload AA profile on configuration
4372 - updated debian/slapd.README.Debian for note on AppArmor
4373 - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
4374 - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
4375 to make sure that if earlier version of apparmour-profiles gets
4376 installed it won't overwrite our profile.
4377 - Modify Maintainer value to match the DebianMaintainerField
4378 speficication.
4379 - follow ApparmorProfileMigration and force apparmor compalin mode on
4380 some upgrades (LP: #203529)
4381 - debian/slapd.dirs: add etc/apparmor.d/force-complain
4382 - debian/slapd.preinst: create symlink for force-complain on pre-feisty
4383 upgrades, upgrades where apparmor-profiles profile is unchanged (ie
4384 non-enforcing) and upgrades where apparmor profile does not exist.
4385 - debian/slapd.postrm: remove symlink in force-complain/ on purge
4386 - debian/rules, debian/slapd.links: use hard links to slapd instead of
4387 symlinks for slap* so these applications aren't confined by apparmor
4388 (LP: #203898)
4389 - debian/patches/fix-assertion-io.patch: Fixes ber_flush2 assertion.
4390 (LP: #215904)
4391 - debian/patches/fix-dnpretty-assertion.patch: Fix dnPrettyNormal assertion
4392 error. (LP: #234196)
4393 - dropped debian/patches/fix-notify-crasher.patch: Fix modify timestamp crashes.
4394 (LP: #220724)
4395 - dropped debian/patches/SECURITY_CVE-2008-0658.patch. Already applied
4396 upstream.
4397 * Added debian/patches/fix-ucred-libc due to changes how newer glibc handle
4398 the ucred struct now.
4399
4400 -- Chuck Short <zulcss@ubuntu.com> Fri, 30 May 2008 17:09:53 +0100
4401
1466openldap2.3 (2.4.9-1) unstable; urgency=low4402openldap2.3 (2.4.9-1) unstable; urgency=low
14674403
1468 [ Updated debconf translations ]4404 [ Updated debconf translations ]
@@ -1533,6 +4469,51 @@ openldap2.3 (2.4.7-6.1) unstable; urgency=high
15334469
1534 -- Nico Golde <nion@debian.org> Tue, 04 Mar 2008 14:34:44 +01004470 -- Nico Golde <nion@debian.org> Tue, 04 Mar 2008 14:34:44 +0100
15354471
4472openldap2.3 (2.4.7-6ubuntu3) hardy; urgency=low
4473
4474 * remove apparmor-profile workaround for Launchpad #202161 (it's now fixed
4475 in klibc)
4476
4477 -- Jamie Strandboge <jamie@ubuntu.com> Mon, 07 Apr 2008 16:09:38 -0400
4478
4479openldap2.3 (2.4.7-6ubuntu2) hardy; urgency=low
4480
4481 * apparmor-profile workaround for Launchpad #202161
4482 * follow ApparmorProfileMigration and force apparmor complain mode on some
4483 upgrades (LP: #203529)
4484 - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
4485 - debian/slapd.dirs: add etc/apparmor.d/force-complain
4486 - debian/slapd.preinst: create symlink for force-complain/ on pre-feisty
4487 upgrades, upgrades where apparmor-profiles profile is unchanged (ie
4488 non-enforcing) and upgrades where apparmor profile does not exist
4489 - debian/slapd.postrm: remove symlink in force-complain/ on purge
4490 * debian/rules, debian/slapd.links: use hard links to slapd instead of
4491 symlinks for slap* so these applications aren't confined by apparmor
4492 (LP: #203898)
4493
4494 -- Jamie Strandboge <jamie@ubuntu.com> Tue, 18 Mar 2008 13:53:23 -0400
4495
4496openldap2.3 (2.4.7-6ubuntu1) hardy; urgency=low
4497
4498 * Merge from Debian unstable, remaining changes:
4499 + debian/patches/SECURITY_CVE-2008-0658.patch (LP: #197077)
4500 slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39
4501 allows remote authenticated users to cause a denial of service (daemon
4502 crash) via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION)
4503 control, a related issue to CVE-2007-6698.
4504 + debian/apparmor-profile: add AppArmor profile
4505 + debian/slapd.postinst: Reload AA profile on configuration
4506 + updated debian/slapd.README.Debian for note on AppArmor
4507 + debian/control: Replaces apparmor-profiles << 2.1+1075-0ubuntu4 as we
4508 should now take control
4509 + debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
4510 to make sure that if earlier version of apparmor-profiles gets
4511 installed it won't overwrite our profile
4512 + Modify Maintainer value to match the DebianMaintainerField
4513 specification.
4514
4515 -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 04 Mar 2008 01:59:51 +0000
4516
1536openldap2.3 (2.4.7-6) unstable; urgency=low4517openldap2.3 (2.4.7-6) unstable; urgency=low
15374518
1538 [ Updated debconf translations ]4519 [ Updated debconf translations ]
@@ -1578,6 +4559,37 @@ openldap2.3 (2.4.7-6) unstable; urgency=low
15784559
1579 -- Steve Langasek <vorlon@debian.org> Thu, 28 Feb 2008 22:15:17 -08004560 -- Steve Langasek <vorlon@debian.org> Thu, 28 Feb 2008 22:15:17 -0800
15804561
4562openldap2.3 (2.4.7-5ubuntu2) hardy; urgency=low
4563
4564 * SECURITY UPDATE:
4565 + debian/patches/SECURITY_CVE-2008-0658.patch (LP: #197077)
4566 slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39
4567 allows remote authenticated users to cause a denial of service (daemon crash)
4568 via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION) control, a related
4569 issue to CVE-2007-6698.
4570
4571 * References
4572 - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-0658
4573 - http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5358
4574
4575 -- Emanuele Gentili <emgent@emanuele-gentili.com> Sun, 02 Mar 2008 16:34:30 +0100
4576
4577openldap2.3 (2.4.7-5ubuntu1) hardy; urgency=low
4578
4579 * add AppArmor profile
4580 + debian/apparmor-profile
4581 + debian/slapd.postinst: Reload AA profile on configuration
4582 * updated debian/slapd.README.Debian for note on AppArmor
4583 * debian/control: Replaces apparmor-profiles << 2.1+1075-0ubuntu4 as we
4584 should now take control
4585 * debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
4586 to make sure that if earlier version of apparmor-profiles gets installed
4587 it won't overwrite our profile
4588 * Modify Maintainer value to match the DebianMaintainerField
4589 specification.
4590
4591 -- Jamie Strandboge <jamie@ubuntu.com> Wed, 13 Feb 2008 17:15:41 +0000
4592
1581openldap2.3 (2.4.7-5) unstable; urgency=low4593openldap2.3 (2.4.7-5) unstable; urgency=low
15824594
1583 [ Updated debconf translations ]4595 [ Updated debconf translations ]
diff --git a/debian/control b/debian/control
index 72c2fdf..877d42b 100644
--- a/debian/control
+++ b/debian/control
@@ -1,12 +1,14 @@
1Source: openldap1Source: openldap
2Section: net2Section: net
3Priority: optional3Priority: optional
4Maintainer: Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>4Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
5XSBC-Original-Maintainer: Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>
5Uploaders: Steve Langasek <vorlon@debian.org>,6Uploaders: Steve Langasek <vorlon@debian.org>,
6 Torsten Landschoff <torsten@debian.org>,7 Torsten Landschoff <torsten@debian.org>,
7 Ryan Tandy <ryan@nardis.ca>,8 Ryan Tandy <ryan@nardis.ca>,
8 Sergio Durigan Junior <sergiodj@debian.org>9 Sergio Durigan Junior <sergiodj@debian.org>
9Build-Depends: debhelper-compat (= 12),10Build-Depends: debhelper-compat (= 12),
11 dh-apparmor,
10 dpkg-dev (>= 1.17.14),12 dpkg-dev (>= 1.17.14),
11 groff-base,13 groff-base,
12 heimdal-multidev (>= 7.4.0.dfsg.1-1~) <!pkg.openldap.noslapd>,14 heimdal-multidev (>= 7.4.0.dfsg.1-1~) <!pkg.openldap.noslapd>,
@@ -43,7 +45,7 @@ Depends: ${shlibs:Depends}, libldap2 (= ${binary:Version}),
43 coreutils (>= 4.5.1-1), psmisc, perl:any (>> 5.8.0) | libmime-base64-perl,45 coreutils (>= 4.5.1-1), psmisc, perl:any (>> 5.8.0) | libmime-base64-perl,
44 adduser, lsb-base (>= 3.2-13), ${perl:Depends}, ${misc:Depends}46 adduser, lsb-base (>= 3.2-13), ${perl:Depends}, ${misc:Depends}
45Recommends: ldap-utils47Recommends: ldap-utils
46Suggests: libsasl2-modules,48Suggests: libsasl2-modules, ufw,
47 libsasl2-modules-gssapi-mit | libsasl2-modules-gssapi-heimdal49 libsasl2-modules-gssapi-mit | libsasl2-modules-gssapi-heimdal
48Conflicts: umich-ldapd, ldap-server, libltdl3 (= 1.5.4-1)50Conflicts: umich-ldapd, ldap-server, libltdl3 (= 1.5.4-1)
49Replaces: ldap-utils (<< 2.2.23-3)51Replaces: ldap-utils (<< 2.2.23-3)
diff --git a/debian/rules b/debian/rules
index dec3a84..bb3cd83 100755
--- a/debian/rules
+++ b/debian/rules
@@ -11,7 +11,7 @@ export DEB_CFLAGS_MAINT_APPEND := -Wall -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE
11export DEB_BUILD_MAINT_OPTIONS := hardening=+all11export DEB_BUILD_MAINT_OPTIONS := hardening=+all
1212
13# Expose maintainer address to build/mkversion (see debian/patches/set-maintainer-name)13# Expose maintainer address to build/mkversion (see debian/patches/set-maintainer-name)
14export DEB_MAINTAINER := $(shell sed -ne 's/Maintainer:\s\+//p' debian/control)14export DEB_MAINTAINER := $(shell sed -ne 's/^Maintainer:\s\+//p' debian/control)
1515
16# Expose DEB_VERSION to build/version.sh (see debian/patches/debian-version)16# Expose DEB_VERSION to build/version.sh (see debian/patches/debian-version)
17export DEB_VERSION17export DEB_VERSION
@@ -81,8 +81,14 @@ override_dh_auto_configure:
81override_dh_auto_build:81override_dh_auto_build:
82 dh_auto_build82 dh_auto_build
83ifeq ($(filter pkg.openldap.noslapd,$(DEB_BUILD_PROFILES)),)83ifeq ($(filter pkg.openldap.noslapd,$(DEB_BUILD_PROFILES)),)
84 # passwd/sha2 needs special handling, see #2000817
84 for mod in $(CONTRIB_MODULES); do \85 for mod in $(CONTRIB_MODULES); do \
85 dh_auto_build -Dcontrib/slapd-modules/$$mod -Bcontrib/slapd-modules/$$mod -- $(CONTRIB_MAKEVARS) || exit $$?; \86 if [ "$$mod" = "passwd/sha2" ]; then \
87 EXTRA_OPT="-fno-strict-aliasing"; \
88 else \
89 EXTRA_OPT=""; \
90 fi; \
91 dh_auto_build -Dcontrib/slapd-modules/$$mod -Bcontrib/slapd-modules/$$mod -- $(CONTRIB_MAKEVARS) OPT+=$$EXTRA_OPT || exit $$?; \
86 done92 done
87endif93endif
8894
@@ -118,6 +124,22 @@ endif
118 find $(installdir)/usr/share/man -name \*.8 \124 find $(installdir)/usr/share/man -name \*.8 \
119 | xargs perl -pi -e 's#(\.TH \w+ 8)C#$$1#'125 | xargs perl -pi -e 's#(\.TH \w+ 8)C#$$1#'
120126
127ifeq ($(filter stage1,$(DEB_BUILD_PROFILES)),)
128override_dh_install-arch:
129 dh_install
130
131 # install AppArmor profile
132 install -D -m 644 $(CURDIR)/debian/apparmor-profile $(CURDIR)/debian/slapd/etc/apparmor.d/usr.sbin.slapd
133
134 # install Apport hook
135 install -D -m 644 $(CURDIR)/debian/slapd.py $(CURDIR)/debian/slapd/usr/share/apport/package-hooks/slapd.py
136
137 # install ufw profile
138 install -D -m 644 $(CURDIR)/debian/slapd.ufw.profile $(CURDIR)/debian/slapd/etc/ufw/applications.d/slapd
139
140 dh_apparmor -pslapd --profile-name=usr.sbin.slapd
141endif
142
121override_dh_installinit:143override_dh_installinit:
122 dh_installinit --no-restart-after-upgrade --error-handler=ignore_init_failure -- "defaults 19 80"144 dh_installinit --no-restart-after-upgrade --error-handler=ignore_init_failure -- "defaults 19 80"
123145
diff --git a/debian/slapd.README.Debian b/debian/slapd.README.Debian
index ff7d66b..a4f3f55 100644
--- a/debian/slapd.README.Debian
+++ b/debian/slapd.README.Debian
@@ -252,6 +252,17 @@ Modifications Compared to Upstream
252252
253 -- Russ Allbery <rra@debian.org>, Thu, 14 Feb 2008 18:47:07 -0800253 -- Russ Allbery <rra@debian.org>, Thu, 14 Feb 2008 18:47:07 -0800
254254
255Apparmor Profile
256----------------
257
258 If your system uses AppArmor, please note that the shipped enforcing profile
259 works with the default installation, and changes in your configuration may
260 require changes to the installed apparmor profile. Please see
261 https://wiki.ubuntu.com/DebuggingApparmor before filing a bug against this
262 software.
263
264 -- Jamie Strandboge <jamie@ubuntu.com>, Mon, 4 Feb 2008 21:18:21 -0500
265
255Migrating your installation to OpenLDAP 2.5.x266Migrating your installation to OpenLDAP 2.5.x
256267
257 OpenLDAP 2.5 is a major new release and includes several incompatible268 OpenLDAP 2.5 is a major new release and includes several incompatible
diff --git a/debian/slapd.py b/debian/slapd.py
258new file mode 100644269new file mode 100644
index 0000000..b1aed25
--- /dev/null
+++ b/debian/slapd.py
@@ -0,0 +1,51 @@
1#!/usr/bin/python3
2
3'''apport hook for slapd
4
5(c) 2010 Adam Sommer.
6Author: Adam Sommer <asommer@ubuntu.com>
7
8This program is free software; you can redistribute it and/or modify it
9under the terms of the GNU General Public License as published by the
10Free Software Foundation; either version 2 of the License, or (at your
11option) any later version. See http://www.gnu.org/copyleft/gpl.html for
12the full text of the license.
13'''
14
15from apport.hookutils import *
16import os
17
18# Scrub olcRootPW attribute and credentials strings if necessary.
19def scrub_pass_strings(config):
20 olcrootpw_regex = re.compile('olcRootPW:.*')
21 olcrootpw_string = olcrootpw_regex.search(config)
22 if olcrootpw_string:
23 config = config.replace(olcrootpw_string.group(0), 'olcRootPW: @@APPORTREPLACED@@')
24
25 credentials_regex = re.compile('credentials=.* ')
26 credentials_string = credentials_regex.search(config)
27 if credentials_string:
28 config = config.replace(credentials_string.group(0), 'credentials=@@APPORTREPLACED@@ ')
29
30 return config
31
32def add_info(report, ui):
33 response = ui.yesno("The contents of your /etc/ldap/slapd.d directory "
34 "may help developers diagnose your bug more "
35 "quickly. However, it may contain sensitive "
36 "information. Do you want to include it in your "
37 "bug report?")
38
39 if response == None: # user cancelled
40 raise StopIteration
41
42 elif response == True:
43 # Get the cn=config tree.
44 cn_config = root_command_output(['/usr/bin/ldapsearch', '-Q', '-LLL', '-Y EXTERNAL', '-H ldapi:///', '-b cn=config'])
45 report['CNConfig'] = scrub_pass_strings(cn_config)
46
47 # Get slapd messages from /var/log/syslog
48 slapd_re = re.compile('slapd', re.IGNORECASE)
49 report['SysLog'] = recent_syslog(slapd_re)
50
51 attach_mac_events(report, '/usr/sbin/slapd')
diff --git a/debian/slapd.ufw.profile b/debian/slapd.ufw.profile
0new file mode 10064452new file mode 100644
index 0000000..3c4f676
--- /dev/null
+++ b/debian/slapd.ufw.profile
@@ -0,0 +1,9 @@
1[OpenLDAP LDAP]
2title=OpenLDAP with TLS
3description=OpenLDAP is a free, fast, lightweight LDAP server
4ports=389/tcp
5
6[OpenLDAP LDAPS]
7title=OpenLDAP over SSL
8description=OpenLDAP is a free, fast, lightweight LDAP server
9ports=636/tcp
diff --git a/debian/tests/control b/debian/tests/control
index b8ebcd9..2ac95ca 100644
--- a/debian/tests/control
+++ b/debian/tests/control
@@ -5,3 +5,6 @@ Restrictions: allow-stderr, isolation-container, needs-root, superficial
5Tests: smbk5pwd5Tests: smbk5pwd
6Depends: ldap-utils, slapd, slapd-contrib, heimdal-kdc, samba, schema2ldif6Depends: ldap-utils, slapd, slapd-contrib, heimdal-kdc, samba, schema2ldif
7Restrictions: allow-stderr, isolation-container, needs-root, superficial7Restrictions: allow-stderr, isolation-container, needs-root, superficial
8
9Tests: sha2-contrib
10Depends: slapd, openssl
diff --git a/debian/tests/sha2-contrib b/debian/tests/sha2-contrib
8new file mode 10075511new file mode 100755
index 0000000..2a1e625
--- /dev/null
+++ b/debian/tests/sha2-contrib
@@ -0,0 +1,16 @@
1#!/bin/bash
2
3set -e
4
5reference_hash="{SHA256}$(echo -n secret | openssl dgst -sha256 -binary | openssl enc -base64)"
6test_hash=$(slappasswd -s secret -h '{SHA256}' -o module-load=pw-sha2)
7
8echo "Reference hash of \"secret\" (openssl): ${reference_hash}"
9echo "slapd's pw-sha2 hash: ${test_hash}"
10
11if [ "${reference_hash}" != "${test_hash}" ]; then
12 echo "ERROR: hashes differ"
13 exit 1
14else
15 echo "PASS: hashes are identical"
16fi
diff --git a/debian/tests/smbk5pwd b/debian/tests/smbk5pwd
index 8ccc3c5..5247850 100755
--- a/debian/tests/smbk5pwd
+++ b/debian/tests/smbk5pwd
@@ -8,6 +8,22 @@ schema2ldif /etc/ldap/schema/hdb.schema | ldapadd -H ldapi:// -Y EXTERNAL
8# Grant slapd access to the Heimdal master key8# Grant slapd access to the Heimdal master key
9chgrp openldap /var/lib/heimdal-kdc/*key9chgrp openldap /var/lib/heimdal-kdc/*key
10chmod g+r /var/lib/heimdal-kdc/*key10chmod g+r /var/lib/heimdal-kdc/*key
11chgrp openldap /var/lib/heimdal-kdc
12chmod g+x /var/lib/heimdal-kdc
13
14apparmor_profile="/etc/apparmor.d/usr.sbin.slapd"
15if [ -f "${apparmor_profile}" ]; then
16 if aa-status --enabled 2>/dev/null; then
17 # Adjust apparmor so slapd can read the heimdal master key
18 cat >> /etc/apparmor.d/local/usr.sbin.slapd <<EOF
19 /var/lib/heimdal-kdc/m-key rk,
20EOF
21 apparmor_parser -r -W -T "${apparmor_profile}" || {
22 # this failure may happen on armhf in Canonical infrastructure, see #1991141
23 echo "Failed to reload the ${apparmor_profile} apparmor profile, continuing anyway."
24 }
25 fi
26fi
1127
12# Instantiate the smbk5pwd overlay28# Instantiate the smbk5pwd overlay
13ldapmodify -H ldapi:// -Y EXTERNAL << eof29ldapmodify -H ldapi:// -Y EXTERNAL << eof

Subscribers

People subscribed via source and target branches