Ubuntu
openldap package

Merge ~sergiodj/ubuntu/+source/openldap:merge-2.6.6-dfsg-1-mantic into ubuntu/+source/openldap:debian/experimental

  1. Git
  2. lp:~sergiodj/ubuntu/+source/openldap
  3. merge-2.6.6-dfsg-1-mantic
  4. Merge into debian/experimental
Proposed by Sergio Durigan Junior
Status: Merged
Merge reported by: Sergio Durigan Junior
Merged at revision: e67fe169e961d770845e914e22b7dda6d7b9d6c6
Proposed branch: ~sergiodj/ubuntu/+source/openldap:merge-2.6.6-dfsg-1-mantic
Merge into: ubuntu/+source/openldap:debian/experimental
Diff against target: 3643 lines (+3232/-3)
8 files modified
debian/apparmor-profile (+61/-0)
debian/changelog (+3065/-0)
debian/control (+4/-2)
debian/rules (+17/-1)
debian/slapd.README.Debian (+11/-0)
debian/slapd.py (+51/-0)
debian/slapd.ufw.profile (+9/-0)
debian/tests/smbk5pwd (+14/-0)
Reviewer Review Type Date Requested Status
Andreas Hasenack Approve
Canonical Server Reporter Pending
Review via email: mp+448302@code.launchpad.net

Description of the change

This is the merge of OpenLDAP 2.6.6 from Debian experimental.

It's a trivial merge that fixes a regression introduced by 2.6.5. No deltas were dropped this time.

PPA: https://launchpad.net/~sergiodj/+archive/ubuntu/openldap

dep8 results will be posted later.

To post a comment you must log in.
Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

FWIW, the regression being fixed is this one:

https://bugs.openldap.org/show_bug.cgi?id=10045

It can cause slapd to abruptly terminate in certain occasions.

Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

It seems that I'm having a bad luck when doing merges lately... You will find that OpenLDAP is FTBFSing in the PPA. I tracked down this problem to a recent change in cyrus-sasl2. I filed a Debian bug and will work with the maintainer to get things working again. Feel free to review the MP, though. Thanks.

Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

The cyrus-sasl2 bug has been fixed in Debian/Ubuntu and the openldap builds are passing now. This MP is ready for review.

Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

Results: (from http://autopkgtest.ubuntu.com/results/autopkgtest-mantic-sergiodj-openldap/?format=plain)
  openldap @ amd64:
    04.08.23 18:45:32 Log 🗒️ ✅ Triggers: openldap/2.6.6+dfsg-1~exp1ubuntu1~ppa1
  openldap @ armhf:
    04.08.23 18:44:40 Log 🗒️ ✅ Triggers: openldap/2.6.6+dfsg-1~exp1ubuntu1~ppa1
  openldap @ ppc64el:
    04.08.23 18:41:51 Log 🗒️ ✅ Triggers: openldap/2.6.6+dfsg-1~exp1ubuntu1~ppa1
  openldap @ s390x:
    04.08.23 18:41:36 Log 🗒️ ✅ Triggers: openldap/2.6.6+dfsg-1~exp1ubuntu1~ppa1

The arm64 test is stuck updating the kernel, which is unrelated to openldap.

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

range-diff is clean, no delta change

new upstream 2.6.6 CHANGES file is ok

+1

review: Approve
Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

On Friday, August 04 2023, Andreas Hasenack wrote:

> range-diff is clean, no delta change
>
> new upstream 2.6.6 CHANGES file is ok
>
> +1

Thanks. Uploaded:

$ dput openldap_2.6.6+dfsg-1~exp1ubuntu1_source.changes
Trying to upload package to ubuntu
Checking signature on .changes
gpg: /home/sergio/work/openldap/openldap_2.6.6+dfsg-1~exp1ubuntu1_source.changes: Valid signature from 106DA1C8C3CBBF14
Checking signature on .dsc
gpg: /home/sergio/work/openldap/openldap_2.6.6+dfsg-1~exp1ubuntu1.dsc: Valid signature from 106DA1C8C3CBBF14
Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading openldap_2.6.6+dfsg-1~exp1ubuntu1.dsc: done.
  Uploading openldap_2.6.6+dfsg.orig.tar.xz: done.
  Uploading openldap_2.6.6+dfsg-1~exp1ubuntu1.debian.tar.xz: done.
  Uploading openldap_2.6.6+dfsg-1~exp1ubuntu1_source.buildinfo: done.
  Uploading openldap_2.6.6+dfsg-1~exp1ubuntu1_source.changes: done.
Successfully uploaded packages.

--
Sergio
GPG key ID: E92F D0B3 6B14 F1F4 D8E0 EB2F 106D A1C8 C3CB BF14

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/apparmor-profile b/debian/apparmor-profile
2new file mode 100644
3index 0000000..6a247aa
4--- /dev/null
5+++ b/debian/apparmor-profile
6@@ -0,0 +1,61 @@
7+# vim:syntax=apparmor
8+# Last Modified: Fri Jun 6 13:51:00 2020
9+# Author: Jamie Strandboge <jamie@ubuntu.com>
10+
11+#include <tunables/global>
12+
13+/usr/sbin/slapd {
14+ #include <abstractions/base>
15+ #include <abstractions/nameservice>
16+ #include <abstractions/p11-kit>
17+
18+ #include <abstractions/ssl_keys>
19+ #include <abstractions/ssl_certs>
20+
21+ /etc/sasldb2 r,
22+
23+ capability dac_override,
24+ capability net_bind_service,
25+ capability setgid,
26+ capability setuid,
27+
28+ /etc/gai.conf r,
29+ /etc/hosts.allow r,
30+ /etc/hosts.deny r,
31+
32+ # ldap files
33+ /etc/ldap/** kr,
34+ /etc/ldap/slapd.d/** rw,
35+
36+ # kerberos/gssapi
37+ /dev/tty rw,
38+ /etc/gss/mech.d/ r,
39+ /etc/gss/mech.d/* kr,
40+ /etc/krb5.keytab kr,
41+ /etc/krb5/user/*/client.keytab kr,
42+ owner /tmp/krb5cc_* rwk,
43+ owner /var/tmp/krb5_*.rcache2 rwk,
44+ /var/tmp/ rw,
45+ /var/tmp/** rw,
46+
47+ # the databases and logs
48+ /var/lib/ldap/ r,
49+ /var/lib/ldap/** rwk,
50+
51+ # lock file
52+ /var/lib/ldap/alock kw,
53+
54+ # pid files and sockets
55+ /{,var/}run/slapd/* w,
56+ /{,var/}run/slapd/ldapi rw,
57+ /{,var/}run/nslcd/socket rw,
58+ /{,var/}run/saslauthd/mux rw,
59+
60+ /usr/lib/ldap/ r,
61+ /usr/lib/ldap/* mr,
62+
63+ /usr/sbin/slapd mr,
64+
65+ # Site-specific additions and overrides. See local/README for details.
66+ #include <local/usr.sbin.slapd>
67+}
68diff --git a/debian/changelog b/debian/changelog
69index b654a02..8945ee5 100644
70--- a/debian/changelog
71+++ b/debian/changelog
72@@ -1,9 +1,62 @@
73+openldap (2.6.6+dfsg-1~exp1ubuntu1) mantic; urgency=medium
74+
75+ * Merge with Debian unstable (LP: #2028721). Remaining changes:
76+ - Enable AppArmor support:
77+ + d/apparmor-profile: add AppArmor profile
78+ + d/rules: use dh_apparmor
79+ + d/control: Build-Depends on dh-apparmor
80+ + d/slapd.README.Debian: add note about AppArmor
81+ - Enable ufw support:
82+ + d/control: suggest ufw.
83+ + d/rules: install ufw profile.
84+ + d/slapd.ufw.profile: add ufw profile.
85+ - d/{rules,slapd.py}: Add apport hook.
86+ - d/rules: better regexp to match the Maintainer tag in d/control,
87+ needed in the Ubuntu case because of XSBC-Original-Maintainer
88+ (Closes #960448, LP #1875697)
89+ - d/t/smbk5pwd: Allow the openldap user to read the Heimdal master key in the
90+ smbk5pwd DEP8 test (LP #2004560)
91+ [ Partially incorporated by Debian. ]
92+
93+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Wed, 02 Aug 2023 19:53:17 -0400
94+
95 openldap (2.6.6+dfsg-1~exp1) experimental; urgency=medium
96
97 * New upstream version 2.6.6+dfsg
98
99 -- Sergio Durigan Junior <sergiodj@debian.org> Mon, 31 Jul 2023 18:24:38 -0400
100
101+openldap (2.6.5+dfsg-1~exp1ubuntu1) mantic; urgency=medium
102+
103+ * Merge with Debian unstable (LP: #2028721). Remaining changes:
104+ - Enable AppArmor support:
105+ + d/apparmor-profile: add AppArmor profile
106+ + d/rules: use dh_apparmor
107+ + d/control: Build-Depends on dh-apparmor
108+ + d/slapd.README.Debian: add note about AppArmor
109+ - Enable ufw support:
110+ + d/control: suggest ufw.
111+ + d/rules: install ufw profile.
112+ + d/slapd.ufw.profile: add ufw profile.
113+ - d/{rules,slapd.py}: Add apport hook.
114+ - d/rules: better regexp to match the Maintainer tag in d/control,
115+ needed in the Ubuntu case because of XSBC-Original-Maintainer
116+ (Closes #960448, LP #1875697)
117+ - d/t/smbk5pwd: Allow the openldap user to read the Heimdal master key in the
118+ smbk5pwd DEP8 test (LP #2004560)
119+ [ Partially incorporated by Debian. ]
120+ * Drop changes:
121+ - Build the passwd/sha2 contrib module with -fno-strict-aliasing to
122+ avoid computing an incorrect SHA256 hash with some versions of the
123+ compiler (LP: #2000817):
124+ + d/t/{control,sha2-contrib}: test to verify the SHA256 hash
125+ produced by passwd/sha2
126+ + d/rules: set -fno-strict-aliasing only when building the
127+ passwd/sha2 contrib module
128+ [ Incorporated by Debian. ]
129+
130+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Thu, 27 Jul 2023 13:18:18 -0400
131+
132 openldap (2.6.5+dfsg-1~exp1) experimental; urgency=medium
133
134 [ Sergio Durigan Junior ]
135@@ -39,12 +92,79 @@ openldap (2.6.5+dfsg-1~exp1) experimental; urgency=medium
136
137 -- Sergio Durigan Junior <sergiodj@debian.org> Mon, 24 Jul 2023 19:26:16 -0400
138
139+openldap (2.6.4+dfsg-1~exp1ubuntu1) mantic; urgency=medium
140+
141+ * Merge with Debian unstable (LP: #2018093). Remaining changes:
142+ - Enable AppArmor support:
143+ + d/apparmor-profile: add AppArmor profile
144+ + d/rules: use dh_apparmor
145+ + d/control: Build-Depends on dh-apparmor
146+ + d/slapd.README.Debian: add note about AppArmor
147+ - Enable ufw support:
148+ + d/control: suggest ufw.
149+ + d/rules: install ufw profile.
150+ + d/slapd.ufw.profile: add ufw profile.
151+ - d/{rules,slapd.py}: Add apport hook.
152+ - d/rules: better regexp to match the Maintainer tag in d/control,
153+ needed in the Ubuntu case because of XSBC-Original-Maintainer
154+ (Closes #960448, LP #1875697)
155+ - Build the passwd/sha2 contrib module with -fno-strict-aliasing to
156+ avoid computing an incorrect SHA256 hash with some versions of the
157+ compiler (LP #2000817):
158+ + d/t/{control,sha2-contrib}: test to verify the SHA256 hash
159+ produced by passwd/sha2
160+ + d/rules: set -fno-strict-aliasing only when building the
161+ passwd/sha2 contrib module
162+ - d/t/smbk5pwd: Allow the openldap user to read the Heimdal master key in the
163+ smbk5pwd DEP8 test (LP #2004560)
164+
165+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Wed, 21 Jun 2023 14:48:31 -0400
166+
167 openldap (2.6.4+dfsg-1~exp1) experimental; urgency=medium
168
169 * New upstream version 2.6.4+dfsg.
170
171 -- Sergio Durigan Junior <sergiodj@debian.org> Sat, 04 Mar 2023 16:35:10 -0500
172
173+openldap (2.6.3+dfsg-1~exp1ubuntu2) lunar; urgency=medium
174+
175+ * Build the passwd/sha2 contrib module with -fno-strict-aliasing to
176+ avoid computing an incorrect SHA256 hash with some versions of the
177+ compiler (LP: #2000817):
178+ - d/t/{control,sha2-contrib}: test to verify the SHA256 hash
179+ produced by passwd/sha2
180+ - d/rules: set -fno-strict-aliasing only when building the
181+ passwd/sha2 contrib module
182+ * d/t/smbk5pwd: Allow the openldap user to read the Heimdal master key in the
183+ smbk5pwd DEP8 test (LP: #2004560)
184+
185+ -- Andreas Hasenack <andreas@canonical.com> Fri, 03 Feb 2023 09:33:14 -0300
186+
187+openldap (2.6.3+dfsg-1~exp1ubuntu1) lunar; urgency=medium
188+
189+ * Merge with Debian unstable (LP: #1993426). Remaining changes:
190+ - Enable AppArmor support:
191+ + d/apparmor-profile: add AppArmor profile
192+ + d/rules: use dh_apparmor
193+ + d/control: Build-Depends on dh-apparmor
194+ + d/slapd.README.Debian: add note about AppArmor
195+ - Enable ufw support:
196+ + d/control: suggest ufw.
197+ + d/rules: install ufw profile.
198+ + d/slapd.ufw.profile: add ufw profile.
199+ - d/{rules,slapd.py}: Add apport hook.
200+ - d/rules: better regexp to match the Maintainer tag in d/control,
201+ needed in the Ubuntu case because of XSBC-Original-Maintainer
202+ (Closes #960448, LP #1875697)
203+ * Drop changes:
204+ - Enable SASL/GSSAPI tests. (LP #1976508)
205+ + d/control: Update B-D to include required dependencies needed to run
206+ SASL/GSSAPI tests during build time, and mark them "!nocheck".
207+ Thanks: Andreas Hasenack <andreas.hasenack@canonical.com>
208+ [ Incorporated by Debian. ]
209+
210+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Fri, 18 Nov 2022 16:07:45 -0500
211+
212 openldap (2.6.3+dfsg-1~exp1) experimental; urgency=medium
213
214 * d/rules: Remove get-orig-source, now unnecessary.
215@@ -94,6 +214,94 @@ openldap (2.6.2+dfsg-1~exp1) experimental; urgency=medium
216
217 -- Sergio Durigan Junior <sergiodj@debian.org> Fri, 20 May 2022 17:41:04 -0400
218
219+openldap (2.5.13+dfsg-1ubuntu2) lunar; urgency=medium
220+
221+ * Rebuild against new perlapi-5.36.
222+
223+ -- Gianfranco Costamagna <locutusofborg@debian.org> Fri, 04 Nov 2022 16:50:13 +0100
224+
225+openldap (2.5.13+dfsg-1ubuntu1) kinetic; urgency=medium
226+
227+ * Merge with Debian unstable (LP: #1983618). Remaining changes:
228+ - Enable AppArmor support:
229+ + d/apparmor-profile: add AppArmor profile
230+ + d/rules: use dh_apparmor
231+ + d/control: Build-Depends on dh-apparmor
232+ + d/slapd.README.Debian: add note about AppArmor
233+ - Enable ufw support:
234+ + d/control: suggest ufw.
235+ + d/rules: install ufw profile.
236+ + d/slapd.ufw.profile: add ufw profile.
237+ - d/{rules,slapd.py}: Add apport hook.
238+ - d/rules: better regexp to match the Maintainer tag in d/control,
239+ needed in the Ubuntu case because of XSBC-Original-Maintainer
240+ (Closes #960448, LP #1875697)
241+ - Enable SASL/GSSAPI tests. (LP #1976508)
242+ + d/control: Update B-D to include required dependencies needed to run
243+ SASL/GSSAPI tests during build time, and mark them "!nocheck".
244+ Thanks: Andreas Hasenack <andreas.hasenack@canonical.com>
245+
246+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Tue, 20 Sep 2022 15:30:47 -0400
247+
248+openldap (2.5.12+dfsg-2ubuntu2) kinetic; urgency=medium
249+
250+ * Enable SASL/GSSAPI tests. (LP: #1976508)
251+ - d/control: Update B-D to include required dependencies needed to run
252+ SASL/GSSAPI tests during build time, and mark them "!nocheck".
253+ Thanks: Andreas Hasenack <andreas.hasenack@canonical.com>
254+
255+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Thu, 25 Aug 2022 16:20:08 -0400
256+
257+openldap (2.5.12+dfsg-2ubuntu1) kinetic; urgency=medium
258+
259+ * Merge with Debian unstable (LP: #1971305). Remaining changes:
260+ - Enable AppArmor support:
261+ + d/apparmor-profile: add AppArmor profile
262+ + d/rules: use dh_apparmor
263+ + d/control: Build-Depends on dh-apparmor
264+ + d/slapd.README.Debian: add note about AppArmor
265+ - Enable ufw support:
266+ + d/control: suggest ufw.
267+ + d/rules: install ufw profile.
268+ + d/slapd.ufw.profile: add ufw profile.
269+ - d/{rules,slapd.py}: Add apport hook.
270+ - d/rules: better regexp to match the Maintainer tag in d/control,
271+ needed in the Ubuntu case because of XSBC-Original-Maintainer
272+ (Closes #960448, LP #1875697)
273+
274+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Mon, 06 Jun 2022 15:34:48 -0400
275+
276+openldap (2.5.11+dfsg-1~exp1ubuntu3) jammy; urgency=medium
277+
278+ * No-change rebuild to update maintainer scripts, see LP: 1959054
279+
280+ -- Dave Jones <dave.jones@canonical.com> Wed, 16 Feb 2022 17:15:26 +0000
281+
282+openldap (2.5.11+dfsg-1~exp1ubuntu2) jammy; urgency=medium
283+
284+ * No-change rebuild for the perl update.
285+
286+ -- Matthias Klose <doko@ubuntu.com> Mon, 07 Feb 2022 07:51:42 +0100
287+
288+openldap (2.5.11+dfsg-1~exp1ubuntu1) jammy; urgency=medium
289+
290+ * Merge with Debian unstable (LP: #1946883). Remaining changes:
291+ - Enable AppArmor support:
292+ + d/apparmor-profile: add AppArmor profile
293+ + d/rules: use dh_apparmor
294+ + d/control: Build-Depends on dh-apparmor
295+ + d/slapd.README.Debian: add note about AppArmor
296+ - Enable ufw support:
297+ + d/control: suggest ufw.
298+ + d/rules: install ufw profile.
299+ + d/slapd.ufw.profile: add ufw profile.
300+ - d/{rules,slapd.py}: Add apport hook.
301+ - d/rules: better regexp to match the Maintainer tag in d/control,
302+ needed in the Ubuntu case because of XSBC-Original-Maintainer
303+ (Closes #960448, LP #1875697)
304+
305+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Tue, 25 Jan 2022 17:06:12 -0500
306+
307 openldap (2.5.11+dfsg-1~exp1) experimental; urgency=medium
308
309 * New upstream release.
310@@ -125,6 +333,25 @@ openldap (2.5.7+dfsg-1~exp1) experimental; urgency=medium
311
312 -- Ryan Tandy <ryan@nardis.ca> Mon, 30 Aug 2021 18:54:25 -0700
313
314+openldap (2.5.6+dfsg-1~exp1ubuntu1) impish; urgency=medium
315+
316+ * Merge with Debian unstable. Remaining changes:
317+ - Enable AppArmor support:
318+ + d/apparmor-profile: add AppArmor profile
319+ + d/rules: use dh_apparmor
320+ + d/control: Build-Depends on dh-apparmor
321+ + d/slapd.README.Debian: add note about AppArmor
322+ - Enable ufw support:
323+ + d/control: suggest ufw.
324+ + d/rules: install ufw profile.
325+ + d/slapd.ufw.profile: add ufw profile.
326+ - d/{rules,slapd.py}: Add apport hook.
327+ - d/rules: better regexp to match the Maintainer tag in d/control,
328+ needed in the Ubuntu case because of XSBC-Original-Maintainer
329+ (Closes #960448, LP #1875697)
330+
331+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Tue, 17 Aug 2021 14:06:00 -0400
332+
333 openldap (2.5.6+dfsg-1~exp1) experimental; urgency=medium
334
335 [ Ryan Tandy ]
336@@ -159,6 +386,59 @@ openldap (2.5.6+dfsg-1~exp1) experimental; urgency=medium
337
338 -- Ryan Tandy <ryan@nardis.ca> Mon, 16 Aug 2021 18:32:29 -0700
339
340+openldap (2.5.5+dfsg-1~exp1ubuntu1) impish; urgency=medium
341+
342+ * Merge with Debian unstable. Remaining changes:
343+ - Enable AppArmor support:
344+ + d/apparmor-profile: add AppArmor profile
345+ + d/rules: use dh_apparmor
346+ + d/control: Build-Depends on dh-apparmor
347+ + d/slapd.README.Debian: add note about AppArmor
348+ - Enable ufw support:
349+ + d/control: suggest ufw.
350+ + d/rules: install ufw profile.
351+ + d/slapd.ufw.profile: add ufw profile.
352+ - d/{rules,slapd.py}: Add apport hook.
353+ - d/rules: better regexp to match the Maintainer tag in d/control,
354+ needed in the Ubuntu case because of XSBC-Original-Maintainer
355+ (Closes #960448, LP #1875697)
356+ * Dropped changes:
357+ - Enable GSSAPI support (first added in 2.4.18-0ubuntu2):
358+ + d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
359+ - Add --with-gssapi support
360+ - Make guess_service_principal() more robust when determining
361+ principal
362+ + d/configure.options: Configure with --with-gssapi
363+ + d/control: Added heimdal-dev as a build depend
364+ + d/rules:
365+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
366+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
367+ + d/libldap-2.4-2.symbols: add symbols for GSSAPI support
368+ This should be dropped when the soname changes.
369+ [ Dropped as planned after soname bump due to 2.5.5 update. ]
370+ - Enable nss overlay:
371+ + d/rules:
372+ - add nssov to CONTRIB_MODULES
373+ - add sysconfdir to CONTRIB_MAKEVARS
374+ + d/slapd.install: install nssov overlay
375+ + d/slapd.manpages: install slapo-nssov(5) man page
376+ + d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
377+ Debian bug #919136, we also have to patch the nssov makefile
378+ accordingly and thus update this patch.
379+ [ Dropped as planned after soname bump due to 2.5.5 update. ]
380+ - Add support for CLDAP (UDP) support, back then required by
381+ likewise-open (first enabled in 2.4.17-1ubuntu2):
382+ + d/rules: Enable -DLDAP_CONNECTIONLESS
383+ + d/libldap-2.4-2.symbols: add symbols for CLDAP (UDP)
384+ This should be dropped when the soname changes.
385+ [ Dropped as planned after soname bump due to 2.5.5 update. ]
386+ - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because
387+ of test timing issue.
388+ [ Dropped because the latest update improved the testcase and
389+ there is no FTBFS on riscv64 anymore. ]
390+
391+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Tue, 15 Jun 2021 17:20:34 -0400
392+
393 openldap (2.5.5+dfsg-1~exp1) experimental; urgency=medium
394
395 * New upstream release.
396@@ -264,6 +544,53 @@ openldap (2.4.57+dfsg-3) unstable; urgency=medium
397
398 -- Ryan Tandy <ryan@nardis.ca> Sat, 15 May 2021 16:03:34 -0700
399
400+openldap (2.4.57+dfsg-2ubuntu1) hirsute; urgency=medium
401+
402+ * Merge with Debian unstable. Remaining changes:
403+ - Enable AppArmor support:
404+ + d/apparmor-profile: add AppArmor profile
405+ + d/rules: use dh_apparmor
406+ + d/control: Build-Depends on dh-apparmor
407+ + d/slapd.README.Debian: add note about AppArmor
408+ - Enable GSSAPI support (first added in 2.4.18-0ubuntu2):
409+ + d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
410+ - Add --with-gssapi support
411+ - Make guess_service_principal() more robust when determining
412+ principal
413+ + d/configure.options: Configure with --with-gssapi
414+ + d/control: Added heimdal-dev as a build depend
415+ + d/rules:
416+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
417+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
418+ + d/libldap-2.4-2.symbols: add symbols for GSSAPI support
419+ This should be dropped when the soname changes.
420+ - Enable ufw support:
421+ + d/control: suggest ufw.
422+ + d/rules: install ufw profile.
423+ + d/slapd.ufw.profile: add ufw profile.
424+ - Enable nss overlay:
425+ + d/rules:
426+ - add nssov to CONTRIB_MODULES
427+ - add sysconfdir to CONTRIB_MAKEVARS
428+ + d/slapd.install: install nssov overlay
429+ + d/slapd.manpages: install slapo-nssov(5) man page
430+ + d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
431+ Debian bug #919136, we also have to patch the nssov makefile
432+ accordingly and thus update this patch.
433+ - d/{rules,slapd.py}: Add apport hook.
434+ - Add support for CLDAP (UDP) support, back then required by
435+ likewise-open (first enabled in 2.4.17-1ubuntu2):
436+ + d/rules: Enable -DLDAP_CONNECTIONLESS
437+ + d/libldap-2.4-2.symbols: add symbols for CLDAP (UDP)
438+ This should be dropped when the soname changes.
439+ - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because
440+ of test timing issue.
441+ - d/rules: better regexp to match the Maintainer tag in d/control,
442+ needed in the Ubuntu case because of XSBC-Original-Maintainer
443+ (Closes #960448, LP #1875697)
444+
445+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 18 Feb 2021 10:15:38 -0500
446+
447 openldap (2.4.57+dfsg-2) unstable; urgency=medium
448
449 * Fix slapd assertion failure in Certificate List Exact Assertion validation
450@@ -293,6 +620,65 @@ openldap (2.4.57+dfsg-1) unstable; urgency=medium
451
452 -- Ryan Tandy <ryan@nardis.ca> Sat, 23 Jan 2021 08:57:07 -0800
453
454+openldap (2.4.56+dfsg-1ubuntu2) hirsute; urgency=medium
455+
456+ * debian/apparmor-profile: add AppArmor rule for locking replay cache.
457+ In Hirsute, a change (presumably in src:krb5) has caused slapd to be
458+ denied by AppArmor for locking /var/tmp/krb5_*.rcache2. This is
459+ acceptable, so add it to the AppArmor profile. This fixes the dep8
460+ test in src:krb5 that uses slapd for testing.
461+
462+ -- Robie Basak <robie.basak@ubuntu.com> Tue, 26 Jan 2021 13:02:40 +0000
463+
464+openldap (2.4.56+dfsg-1ubuntu1) hirsute; urgency=medium
465+
466+ * Merge with Debian unstable. Remaining changes:
467+ - Enable AppArmor support:
468+ + d/apparmor-profile: add AppArmor profile
469+ + d/rules: use dh_apparmor
470+ + d/control: Build-Depends on dh-apparmor
471+ + d/slapd.README.Debian: add note about AppArmor
472+ - Enable GSSAPI support (first added in 2.4.18-0ubuntu2):
473+ + d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
474+ - Add --with-gssapi support
475+ - Make guess_service_principal() more robust when determining
476+ principal
477+ + d/configure.options: Configure with --with-gssapi
478+ + d/control: Added heimdal-dev as a build depend
479+ + d/rules:
480+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
481+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
482+ + d/libldap-2.4-2.symbols: add symbols for GSSAPI support
483+ This should be dropped when the soname changes.
484+ - Enable ufw support:
485+ + d/control: suggest ufw.
486+ + d/rules: install ufw profile.
487+ + d/slapd.ufw.profile: add ufw profile.
488+ - Enable nss overlay:
489+ + d/rules:
490+ - add nssov to CONTRIB_MODULES
491+ - add sysconfdir to CONTRIB_MAKEVARS
492+ + d/slapd.install: install nssov overlay
493+ + d/slapd.manpages: install slapo-nssov(5) man page
494+ + d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
495+ Debian bug #919136, we also have to patch the nssov makefile
496+ accordingly and thus update this patch.
497+ - d/{rules,slapd.py}: Add apport hook.
498+ - Add support for CLDAP (UDP) support, back then required by
499+ likewise-open (first enabled in 2.4.17-1ubuntu2):
500+ + d/rules: Enable -DLDAP_CONNECTIONLESS
501+ + d/libldap-2.4-2.symbols: add symbols for CLDAP (UDP)
502+ This should be dropped when the soname changes.
503+ - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because
504+ of test timing issue.
505+ - d/rules: better regexp to match the Maintainer tag in d/control,
506+ needed in the Ubuntu case because of XSBC-Original-Maintainer
507+ (Closes #960448, LP #1875697)
508+ * d/apparmor-profile: use abstractions/ssl_keys instead of manual rules,
509+ allows letsencrypt to work. Thanks to Paul McEnery (LP: #1909748)
510+
511+ -- Paride Legovini <paride.legovini@canonical.com> Mon, 04 Jan 2021 16:18:57 +0100
512+
513 openldap (2.4.56+dfsg-1) unstable; urgency=medium
514
515 * New upstream release.
516@@ -319,12 +705,151 @@ openldap (2.4.54+dfsg-1) unstable; urgency=medium
517
518 -- Ryan Tandy <ryan@nardis.ca> Sun, 18 Oct 2020 16:03:46 +0000
519
520+openldap (2.4.53+dfsg-1ubuntu5) hirsute; urgency=medium
521+
522+ * SECURITY UPDATE: assertion failure in Certificate List syntax
523+ validation
524+ - debian/patches/CVE-2020-25709.patch: properly handle error in
525+ servers/slapd/schema_init.c.
526+ - CVE-2020-25709
527+ * SECURITY UPDATE: assertion failure in CSN normalization with invalid
528+ input
529+ - debian/patches/CVE-2020-25710.patch: properly handle error in
530+ servers/slapd/schema_init.c.
531+ - CVE-2020-25710
532+
533+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 17 Nov 2020 09:41:47 -0500
534+
535+openldap (2.4.53+dfsg-1ubuntu4) hirsute; urgency=medium
536+
537+ * SECURITY UPDATE: DoS via NULL pointer dereference
538+ - debian/patches/CVE-2020-25692.patch: skip normalization if there's no
539+ equality rule in servers/slapd/modrdn.c.
540+ - CVE-2020-25692
541+
542+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 09 Nov 2020 14:02:02 -0500
543+
544+openldap (2.4.53+dfsg-1ubuntu3) hirsute; urgency=medium
545+
546+ * No-change rebuild for the perl update.
547+
548+ -- Matthias Klose <doko@ubuntu.com> Mon, 09 Nov 2020 12:53:38 +0100
549+
550+openldap (2.4.53+dfsg-1ubuntu2) hirsute; urgency=medium
551+
552+ * No-change rebuild for the perl update.
553+
554+ -- Matthias Klose <doko@ubuntu.com> Mon, 09 Nov 2020 10:51:32 +0100
555+
556+openldap (2.4.53+dfsg-1ubuntu1) groovy; urgency=medium
557+
558+ * Merge with Debian unstable (LP: #1894838). Remaining changes:
559+ - Enable AppArmor support:
560+ + d/apparmor-profile: add AppArmor profile
561+ + d/rules: use dh_apparmor
562+ + d/control: Build-Depends on dh-apparmor
563+ + d/slapd.README.Debian: add note about AppArmor
564+ - Enable GSSAPI support (first added in 2.4.18-0ubuntu2):
565+ + d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
566+ - Add --with-gssapi support
567+ - Make guess_service_principal() more robust when determining
568+ principal
569+ + d/configure.options: Configure with --with-gssapi
570+ + d/control: Added heimdal-dev as a build depend
571+ + d/rules:
572+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
573+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
574+ + d/libldap-2.4-2.symbols: add symbols for GSSAPI support
575+ This should be dropped when the soname changes.
576+ - Enable ufw support:
577+ + d/control: suggest ufw.
578+ + d/rules: install ufw profile.
579+ + d/slapd.ufw.profile: add ufw profile.
580+ - Enable nss overlay:
581+ + d/rules:
582+ - add nssov to CONTRIB_MODULES
583+ - add sysconfdir to CONTRIB_MAKEVARS
584+ + d/slapd.install: install nssov overlay
585+ + d/slapd.manpages: install slapo-nssov(5) man page
586+ + d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
587+ Debian bug #919136, we also have to patch the nssov makefile
588+ accordingly and thus update this patch.
589+ - d/{rules,slapd.py}: Add apport hook.
590+ - Add support for CLDAP (UDP) support, back then required by
591+ likewise-open (first enabled in 2.4.17-1ubuntu2):
592+ + d/rules: Enable -DLDAP_CONNECTIONLESS
593+ + d/libldap-2.4-2.symbols: add symbols for CLDAP (UDP)
594+ This should be dropped when the soname changes.
595+ - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because
596+ of test timing issue.
597+ - d/rules: better regexp to match the Maintainer tag in d/control,
598+ needed in the Ubuntu case because of XSBC-Original-Maintainer
599+ (Closes #960448, LP #1875697)
600+
601+ -- Andreas Hasenack <andreas@canonical.com> Tue, 08 Sep 2020 09:36:58 -0300
602+
603 openldap (2.4.53+dfsg-1) unstable; urgency=medium
604
605 * New upstream release.
606
607 -- Ryan Tandy <ryan@nardis.ca> Mon, 07 Sep 2020 09:47:28 -0700
608
609+openldap (2.4.51+dfsg-1ubuntu1) groovy; urgency=medium
610+
611+ * Merge with Debian unstable. Remaining changes:
612+ - Enable AppArmor support:
613+ + d/apparmor-profile: add AppArmor profile
614+ + d/rules: use dh_apparmor
615+ + d/control: Build-Depends on dh-apparmor
616+ + d/slapd.README.Debian: add note about AppArmor
617+ - Enable GSSAPI support (first added in 2.4.18-0ubuntu2):
618+ + d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
619+ - Add --with-gssapi support
620+ - Make guess_service_principal() more robust when determining
621+ principal
622+ + d/configure.options: Configure with --with-gssapi
623+ + d/control: Added heimdal-dev as a build depend
624+ + d/rules:
625+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
626+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
627+ + d/libldap-2.4-2.symbols: add symbols for GSSAPI support
628+ This should be dropped when the soname changes.
629+ - Enable ufw support:
630+ + d/control: suggest ufw.
631+ + d/rules: install ufw profile.
632+ + d/slapd.ufw.profile: add ufw profile.
633+ - Enable nss overlay:
634+ + d/rules:
635+ - add nssov to CONTRIB_MODULES
636+ - add sysconfdir to CONTRIB_MAKEVARS
637+ + d/slapd.install: install nssov overlay
638+ + d/slapd.manpages: install slapo-nssov(5) man page
639+ + d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
640+ Debian bug #919136, we also have to patch the nssov makefile
641+ accordingly and thus update this patch.
642+ - d/{rules,slapd.py}: Add apport hook.
643+ - Add support for CLDAP (UDP) support, back then required by
644+ likewise-open (first enabled in 2.4.17-1ubuntu2):
645+ + d/rules: Enable -DLDAP_CONNECTIONLESS
646+ + d/libldap-2.4-2.symbols: add symbols for CLDAP (UDP)
647+ This should be dropped when the soname changes.
648+ - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because
649+ of test timing issue.
650+ - d/rules: better regexp to match the Maintainer tag in d/control,
651+ needed in the Ubuntu case because of XSBC-Original-Maintainer
652+ (Closes #960448, LP #1875697)
653+ * Dropped:
654+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
655+ [In 2.4.51+dfsg-1]
656+ - d/slapd.scripts-common:
657+ + add slapcat_opts to local variables.
658+ + Fix backup directory naming for multiple reconfiguration.
659+ [In 2.4.51+dfsg-1]
660+ - debian/patches/set-maintainer-name: our d/rules change needs to
661+ be kept, but this patch is in 2.4.51+dfsg-1.
662+
663+ -- Andreas Hasenack <andreas@canonical.com> Wed, 26 Aug 2020 11:03:24 -0300
664+
665 openldap (2.4.51+dfsg-1) unstable; urgency=medium
666
667 * New upstream release.
668@@ -370,6 +895,85 @@ openldap (2.4.51+dfsg-1) unstable; urgency=medium
669
670 -- Ryan Tandy <ryan@nardis.ca> Sun, 23 Aug 2020 11:09:57 -0700
671
672+openldap (2.4.50+dfsg-1ubuntu3) groovy; urgency=medium
673+
674+ * No change rebuild against new libnettle8 and libhogweed6 ABI.
675+
676+ -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 29 Jun 2020 22:31:30 +0100
677+
678+openldap (2.4.50+dfsg-1ubuntu2) groovy; urgency=medium
679+
680+ * d/apparmor-profile: Update apparmor profile to grant access to
681+ the saslauthd socket, so that SASL authentication works. (LP: #1557157)
682+
683+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Fri, 12 Jun 2020 18:20:42 -0400
684+
685+openldap (2.4.50+dfsg-1ubuntu1) groovy; urgency=medium
686+
687+ * Merge with Debian unstable. Remaining changes:
688+ - Enable AppArmor support:
689+ + d/apparmor-profile: add AppArmor profile
690+ + d/rules: use dh_apparmor
691+ + d/control: Build-Depends on dh-apparmor
692+ + d/slapd.README.Debian: add note about AppArmor
693+ - Enable GSSAPI support (first added in 2.4.18-0ubuntu2):
694+ + d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
695+ - Add --with-gssapi support
696+ - Make guess_service_principal() more robust when determining
697+ principal
698+ + d/configure.options: Configure with --with-gssapi
699+ + d/control: Added heimdal-dev as a build depend
700+ + d/rules:
701+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
702+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
703+ + d/libldap-2.4-2.symbols: add symbols for GSSAPI support
704+ This should be dropped when the soname changes.
705+ - Enable ufw support:
706+ + d/control: suggest ufw.
707+ + d/rules: install ufw profile.
708+ + d/slapd.ufw.profile: add ufw profile.
709+ - Enable nss overlay:
710+ + d/rules:
711+ - add nssov to CONTRIB_MODULES
712+ - add sysconfdir to CONTRIB_MAKEVARS
713+ + d/slapd.install:
714+ - install nssov overlay
715+ + d/slapd.manpages:
716+ - install slapo-nssov(5) man page
717+ + d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
718+ Debian bug #919136, we also have to patch the nssov makefile
719+ accordingly and thus update this patch.
720+ - d/{rules,slapd.py}: Add apport hook.
721+ - d/slapd.scripts-common:
722+ + add slapcat_opts to local variables.
723+ + Fix backup directory naming for multiple reconfiguration.
724+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
725+ - Add support for CLDAP (UDP) support, back then required by
726+ likewise-open (first enabled in 2.4.17-1ubuntu2):
727+ + d/rules: Enable -DLDAP_CONNECTIONLESS
728+ + d/libldap-2.4-2.symbols: add symbols for CLDAP (UDP)
729+ This should be dropped when the soname changes.
730+ - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because
731+ of test timing issue.
732+ * Dropped:
733+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
734+ either the default DIT nor via an Authn mapping.
735+ [Not worth keeping a delta for, as having olcRootDN doesn't hurt]
736+ - Show distribution in version:
737+ - d/control: added lsb-release
738+ - d/patches/fix-ldap-distribution.patch: show distribution in version
739+ [Debian now shows the full package version]
740+ - SECURITY UPDATE: denial of service via nested search filters
741+ + debian/patches/CVE-2020-12243.patch: limit depth of nested
742+ filters in servers/slapd/filter.c.
743+ [Fixed upstream]
744+ * Added:
745+ - d/rules, debian/patches/set-maintainer-name: Extract maintainer
746+ address dynamically from debian/control. Thanks to Ryan Tandy
747+ <ryan@nardis.ca> (Closes: #960448, LP: #1875697)
748+
749+ -- Andreas Hasenack <andreas@canonical.com> Mon, 01 Jun 2020 09:19:58 -0300
750+
751 openldap (2.4.50+dfsg-1) unstable; urgency=medium
752
753 * New upstream release.
754@@ -412,6 +1016,69 @@ openldap (2.4.49+dfsg-3) unstable; urgency=medium
755
756 -- Ryan Tandy <ryan@nardis.ca> Sat, 04 Apr 2020 10:43:56 -0700
757
758+openldap (2.4.49+dfsg-2ubuntu2) groovy; urgency=medium
759+
760+ * SECURITY UPDATE: denial of service via nested search filters
761+ - debian/patches/CVE-2020-12243.patch: limit depth of nested filters in
762+ servers/slapd/filter.c.
763+ - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because of
764+ test timing issue.
765+ - CVE-2020-12243
766+
767+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 01 May 2020 13:09:12 -0400
768+
769+openldap (2.4.49+dfsg-2ubuntu1) focal; urgency=medium
770+
771+ * Merge with Debian unstable (LP: #1866303). Remaining changes:
772+ - Enable AppArmor support:
773+ - d/apparmor-profile: add AppArmor profile
774+ - d/rules: use dh_apparmor
775+ - d/control: Build-Depends on dh-apparmor
776+ - d/slapd.README.Debian: add note about AppArmor
777+ - Enable GSSAPI support:
778+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
779+ - Add --with-gssapi support
780+ - Make guess_service_principal() more robust when determining
781+ principal
782+ [Dropped the ldap_gssapi_bind_s() hunk as that is already
783+ - d/configure.options: Configure with --with-gssapi
784+ - d/control: Added heimdal-dev as a build depend
785+ - d/rules:
786+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
787+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
788+ - Enable ufw support:
789+ - d/control: suggest ufw.
790+ - d/rules: install ufw profile.
791+ - d/slapd.ufw.profile: add ufw profile.
792+ - Enable nss overlay:
793+ - d/rules:
794+ - add nssov to CONTRIB_MODULES
795+ - add sysconfdir to CONTRIB_MAKEVARS
796+ - d/slapd.install:
797+ - install nssov overlay
798+ - d/slapd.manpages:
799+ - install slapo-nssov(5) man page
800+ - d/{rules,slapd.py}: Add apport hook.
801+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
802+ either the default DIT nor via an Authn mapping.
803+ - d/slapd.scripts-common:
804+ - add slapcat_opts to local variables.
805+ - Fix backup directory naming for multiple reconfiguration.
806+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
807+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
808+ in the openldap library, as required by Likewise-Open
809+ - Show distribution in version:
810+ - d/control: added lsb-release
811+ - d/patches/fix-ldap-distribution.patch: show distribution in version
812+ - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
813+ - CLDAP (UDP) was added in 2.4.17-1ubuntu2
814+ - GSSAPI support was enabled in 2.4.18-0ubuntu2
815+ - d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
816+ Debian bug #919136, we also have to patch the nssov makefile
817+ accordingly and thus update this patch.
818+
819+ -- Andreas Hasenack <andreas@canonical.com> Fri, 06 Mar 2020 11:39:12 -0300
820+
821 openldap (2.4.49+dfsg-2) unstable; urgency=medium
822
823 * slapd.README.Debian: Document the initial setup performed by slapd's
824@@ -423,6 +1090,62 @@ openldap (2.4.49+dfsg-2) unstable; urgency=medium
825
826 -- Ryan Tandy <ryan@nardis.ca> Thu, 05 Mar 2020 12:59:46 -0800
827
828+openldap (2.4.49+dfsg-1ubuntu1) focal; urgency=medium
829+
830+ * Merge with Debian unstable. Remaining changes:
831+ - Enable AppArmor support:
832+ - d/apparmor-profile: add AppArmor profile
833+ - d/rules: use dh_apparmor
834+ - d/control: Build-Depends on dh-apparmor
835+ - d/slapd.README.Debian: add note about AppArmor
836+ - Enable GSSAPI support:
837+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
838+ - Add --with-gssapi support
839+ - Make guess_service_principal() more robust when determining
840+ principal
841+ [Dropped the ldap_gssapi_bind_s() hunk as that is already
842+ - d/configure.options: Configure with --with-gssapi
843+ - d/control: Added heimdal-dev as a build depend
844+ - d/rules:
845+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
846+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
847+ - Enable ufw support:
848+ - d/control: suggest ufw.
849+ - d/rules: install ufw profile.
850+ - d/slapd.ufw.profile: add ufw profile.
851+ - Enable nss overlay:
852+ - d/rules:
853+ - add nssov to CONTRIB_MODULES
854+ - add sysconfdir to CONTRIB_MAKEVARS
855+ - d/slapd.install:
856+ - install nssov overlay
857+ - d/slapd.manpages:
858+ - install slapo-nssov(5) man page
859+ - d/{rules,slapd.py}: Add apport hook.
860+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
861+ either the default DIT nor via an Authn mapping.
862+ - d/slapd.scripts-common:
863+ - add slapcat_opts to local variables.
864+ - Fix backup directory naming for multiple reconfiguration.
865+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
866+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
867+ in the openldap library, as required by Likewise-Open
868+ - Show distribution in version:
869+ - d/control: added lsb-release
870+ - d/patches/fix-ldap-distribution.patch: show distribution in version
871+ - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
872+ - CLDAP (UDP) was added in 2.4.17-1ubuntu2
873+ - GSSAPI support was enabled in 2.4.18-0ubuntu2
874+ - d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
875+ Debian bug #919136, we also have to patch the nssov makefile
876+ accordingly and thus update this patch.
877+ * Dropped:
878+ - d/control: slapd can depend on perl:any since it only uses perl for
879+ some maintainer and helper scripts.
880+ [In 2.4.49+dfsg-1]
881+
882+ -- Andreas Hasenack <andreas@canonical.com> Mon, 10 Feb 2020 12:13:47 -0300
883+
884 openldap (2.4.49+dfsg-1) unstable; urgency=medium
885
886 * New upstream release.
887@@ -451,6 +1174,102 @@ openldap (2.4.49+dfsg-1) unstable; urgency=medium
888
889 -- Ryan Tandy <ryan@nardis.ca> Thu, 06 Feb 2020 10:08:12 -0800
890
891+openldap (2.4.48+dfsg-1ubuntu4) focal; urgency=medium
892+
893+ * d/control: slapd can depend on perl:any since it only uses perl for
894+ some maintainer and helper scripts. The perl backend links against
895+ the correct architecture perl libraries already. Can be dropped
896+ after https://salsa.debian.org/openldap-team/openldap/commit/794c736
897+ is in a Debian upload.
898+
899+ -- Andreas Hasenack <andreas@canonical.com> Mon, 06 Jan 2020 16:46:11 -0300
900+
901+openldap (2.4.48+dfsg-1ubuntu3) focal; urgency=medium
902+
903+ * No-change rebuild against libnettle7
904+
905+ -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 31 Oct 2019 22:13:44 +0000
906+
907+openldap (2.4.48+dfsg-1ubuntu2) focal; urgency=medium
908+
909+ * No-change rebuild for the perl update.
910+
911+ -- Matthias Klose <doko@ubuntu.com> Fri, 18 Oct 2019 19:37:23 +0000
912+
913+openldap (2.4.48+dfsg-1ubuntu1) eoan; urgency=medium
914+
915+ * Merge with Debian unstable. Remaining changes:
916+ - Enable AppArmor support:
917+ - d/apparmor-profile: add AppArmor profile
918+ - d/rules: use dh_apparmor
919+ - d/control: Build-Depends on dh-apparmor
920+ - d/slapd.README.Debian: add note about AppArmor
921+ - Enable GSSAPI support:
922+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
923+ - Add --with-gssapi support
924+ - Make guess_service_principal() more robust when determining
925+ principal
926+ - d/configure.options: Configure with --with-gssapi
927+ - d/control: Added heimdal-dev as a build depend
928+ - d/rules:
929+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
930+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
931+ - Enable ufw support:
932+ - d/control: suggest ufw.
933+ - d/rules: install ufw profile.
934+ - d/slapd.ufw.profile: add ufw profile.
935+ - Enable nss overlay:
936+ - d/rules:
937+ - add nssov to CONTRIB_MODULES
938+ - add sysconfdir to CONTRIB_MAKEVARS
939+ - d/slapd.install:
940+ - install nssov overlay
941+ - d/slapd.manpages:
942+ - install slapo-nssov(5) man page
943+ - d/{rules,slapd.py}: Add apport hook.
944+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
945+ either the default DIT nor via an Authn mapping.
946+ - d/slapd.scripts-common:
947+ - add slapcat_opts to local variables.
948+ - Fix backup directory naming for multiple reconfiguration.
949+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
950+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
951+ in the openldap library, as required by Likewise-Open
952+ - Show distribution in version:
953+ - d/control: added lsb-release
954+ - d/patches/fix-ldap-distribution.patch: show distribution in version
955+ - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
956+ - CLDAP (UDP) was added in 2.4.17-1ubuntu2
957+ - GSSAPI support was enabled in 2.4.18-0ubuntu2
958+ - d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
959+ Debian bug #919136, we also have to patch the nssov makefile
960+ accordingly and thus update this patch.
961+ * Dropped:
962+ - Fix sysv-generator unit file by customizing parameters (LP #1821343)
963+ + d/slapd-remain-after-exit.conf: Override RemainAfterExit to allow
964+ correct systemctl status for slapd daemon.
965+ + d/slapd.install: place override file in correct location.
966+ [Included in 2.4.48+dfsg-1]
967+ - SECURITY UPDATE: rootDN proxyauthz not restricted to its own databases
968+ + debian/patches/CVE-2019-13057-1.patch: add restriction to
969+ servers/slapd/saslauthz.c.
970+ + debian/patches/CVE-2019-13057-2.patch: add tests to
971+ tests/data/idassert.out, tests/data/slapd-idassert.conf,
972+ tests/data/test-idassert1.ldif, tests/scripts/test028-idassert.
973+ + debian/patches/CVE-2019-13057-3.patch: fix typo in
974+ tests/scripts/test028-idassert.
975+ + debian/patches/CVE-2019-13057-4.patch: fix typo in
976+ tests/scripts/test028-idassert.
977+ + CVE-2019-13057
978+ [Fixed upstream]
979+ - SECURITY UPDATE: SASL SSF not initialized per connection
980+ + debian/patches/CVE-2019-13565.patch: zero out sasl_ssf in
981+ connection_init in servers/slapd/connection.c.
982+ + CVE-2019-13565
983+ [Fixed upstream]
984+
985+ -- Andreas Hasenack <andreas@canonical.com> Wed, 31 Jul 2019 18:01:14 -0300
986+
987 openldap (2.4.48+dfsg-1) unstable; urgency=medium
988
989 * New upstream release.
990@@ -478,6 +1297,87 @@ openldap (2.4.48+dfsg-1) unstable; urgency=medium
991
992 -- Ryan Tandy <ryan@nardis.ca> Thu, 25 Jul 2019 08:32:00 -0700
993
994+openldap (2.4.47+dfsg-3ubuntu3) eoan; urgency=medium
995+
996+ * SECURITY UPDATE: rootDN proxyauthz not restricted to its own databases
997+ - debian/patches/CVE-2019-13057-1.patch: add restriction to
998+ servers/slapd/saslauthz.c.
999+ - debian/patches/CVE-2019-13057-2.patch: add tests to
1000+ tests/data/idassert.out, tests/data/slapd-idassert.conf,
1001+ tests/data/test-idassert1.ldif, tests/scripts/test028-idassert.
1002+ - debian/patches/CVE-2019-13057-3.patch: fix typo in
1003+ tests/scripts/test028-idassert.
1004+ - debian/patches/CVE-2019-13057-4.patch: fix typo in
1005+ tests/scripts/test028-idassert.
1006+ - CVE-2019-13057
1007+ * SECURITY UPDATE: SASL SSF not initialized per connection
1008+ - debian/patches/CVE-2019-13565.patch: zero out sasl_ssf in
1009+ connection_init in servers/slapd/connection.c.
1010+ - CVE-2019-13565
1011+
1012+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 26 Jul 2019 13:21:00 -0400
1013+
1014+openldap (2.4.47+dfsg-3ubuntu2) disco; urgency=medium
1015+
1016+ * Fix sysv-generator unit file by customizing parameters (LP: #1821343)
1017+ - d/slapd-remain-after-exit.conf: Override RemainAfterExit to allow
1018+ correct systemctl status for slapd daemon.
1019+ - d/slapd.install: place override file in correct location.
1020+
1021+ -- Heitor Alves de Siqueira <halves@canonical.com> Mon, 08 Apr 2019 12:39:12 -0300
1022+
1023+openldap (2.4.47+dfsg-3ubuntu1) disco; urgency=medium
1024+
1025+ * Merge with Debian unstable. Remaining changes:
1026+ - Enable AppArmor support:
1027+ - d/apparmor-profile: add AppArmor profile
1028+ - d/rules: use dh_apparmor
1029+ - d/control: Build-Depends on dh-apparmor
1030+ - d/slapd.README.Debian: add note about AppArmor
1031+ - Enable GSSAPI support:
1032+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1033+ - Add --with-gssapi support
1034+ - Make guess_service_principal() more robust when determining
1035+ principal
1036+ - d/configure.options: Configure with --with-gssapi
1037+ - d/control: Added heimdal-dev as a build depend
1038+ - d/rules:
1039+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
1040+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1041+ - Enable ufw support:
1042+ - d/control: suggest ufw.
1043+ - d/rules: install ufw profile.
1044+ - d/slapd.ufw.profile: add ufw profile.
1045+ - Enable nss overlay:
1046+ - d/rules:
1047+ - add nssov to CONTRIB_MODULES
1048+ - add sysconfdir to CONTRIB_MAKEVARS
1049+ - d/slapd.install:
1050+ - install nssov overlay
1051+ - d/slapd.manpages:
1052+ - install slapo-nssov(5) man page
1053+ - d/{rules,slapd.py}: Add apport hook.
1054+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1055+ either the default DIT nor via an Authn mapping.
1056+ - d/slapd.scripts-common:
1057+ - add slapcat_opts to local variables.
1058+ - Fix backup directory naming for multiple reconfiguration.
1059+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1060+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1061+ in the openldap library, as required by Likewise-Open
1062+ - Show distribution in version:
1063+ - d/control: added lsb-release
1064+ - d/patches/fix-ldap-distribution.patch: show distribution in version
1065+ - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1066+ - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1067+ - GSSAPI support was enabled in 2.4.18-0ubuntu2
1068+ * Added changes:
1069+ - d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
1070+ Debian bug #919136, we also have to patch the nssov makefile
1071+ accordingly and thus update this patch.
1072+
1073+ -- Andreas Hasenack <andreas@canonical.com> Mon, 11 Feb 2019 09:20:47 -0200
1074+
1075 openldap (2.4.47+dfsg-3) unstable; urgency=medium
1076
1077 * Restore patches to contrib Makefiles to set CFLAGS, CPPFLAGS, and LDFLAGS
1078@@ -493,6 +1393,63 @@ openldap (2.4.47+dfsg-3) unstable; urgency=medium
1079
1080 -- Ryan Tandy <ryan@nardis.ca> Sat, 02 Feb 2019 10:30:10 -0800
1081
1082+openldap (2.4.47+dfsg-2ubuntu1) disco; urgency=medium
1083+
1084+ * Merge from Debian unstable (LP: #1811630). Remaining changes:
1085+ - Enable AppArmor support:
1086+ - d/apparmor-profile: add AppArmor profile
1087+ - d/rules: use dh_apparmor
1088+ - d/control: Build-Depends on dh-apparmor
1089+ - d/slapd.README.Debian: add note about AppArmor
1090+ - Enable GSSAPI support:
1091+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1092+ - Add --with-gssapi support
1093+ - Make guess_service_principal() more robust when determining
1094+ principal
1095+ - d/configure.options: Configure with --with-gssapi
1096+ - d/control: Added heimdal-dev as a build depend
1097+ - d/rules:
1098+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
1099+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1100+ - Enable ufw support:
1101+ - d/control: suggest ufw.
1102+ - d/rules: install ufw profile.
1103+ - d/slapd.ufw.profile: add ufw profile.
1104+ - Enable nss overlay:
1105+ - d/rules:
1106+ - add nssov to CONTRIB_MODULES
1107+ - add sysconfdir to CONTRIB_MAKEVARS
1108+ - d/slapd.install:
1109+ - install nssov overlay
1110+ - d/slapd.manpages:
1111+ - install slapo-nssov(5) man page
1112+ - d/{rules,slapd.py}: Add apport hook.
1113+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1114+ either the default DIT nor via an Authn mapping.
1115+ - d/slapd.scripts-common:
1116+ - add slapcat_opts to local variables.
1117+ - Fix backup directory naming for multiple reconfiguration.
1118+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1119+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1120+ in the openldap library, as required by Likewise-Open
1121+ - Show distribution in version:
1122+ - d/control: added lsb-release
1123+ - d/patches/fix-ldap-distribution.patch: show distribution in version
1124+ - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1125+ - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1126+ - GSSAPI support was enabled in 2.4.18-0ubuntu2
1127+ * Update nssov build and packaging for Debian changes:
1128+ - Drop patch nssov-build
1129+ - d/rules:
1130+ - add nssov to CONTRIB_MODULES
1131+ - add sysconfdir to CONTRIB_MAKEVARS
1132+ - d/slapd.install:
1133+ - install nssov overlay
1134+ - d/slapd.manpages:
1135+ - install slapo-nssov(5) man page
1136+
1137+ -- Ryan Tandy <ryan@nardis.ca> Sun, 13 Jan 2019 04:47:09 +0000
1138+
1139 openldap (2.4.47+dfsg-2) unstable; urgency=medium
1140
1141 * Reintroduce slapi-dev binary package. (Closes: #711469)
1142@@ -530,6 +1487,63 @@ openldap (2.4.47+dfsg-1) unstable; urgency=medium
1143
1144 -- Ryan Tandy <ryan@nardis.ca> Sun, 23 Dec 2018 12:50:40 -0800
1145
1146+openldap (2.4.46+dfsg-5ubuntu3) disco; urgency=medium
1147+
1148+ * d/apparmor-profile: update apparmor profile to allow reading of
1149+ files needed when slapd is behaving as a kerberos/gssapi client
1150+ and acquiring its own ticket. (LP: #1783183)
1151+
1152+ -- Andreas Hasenack <andreas@canonical.com> Fri, 09 Nov 2018 21:29:51 -0200
1153+
1154+openldap (2.4.46+dfsg-5ubuntu2) disco; urgency=medium
1155+
1156+ * No-change rebuild for the perl 5.28 transition.
1157+
1158+ -- Adam Conrad <adconrad@ubuntu.com> Fri, 02 Nov 2018 18:14:37 -0600
1159+
1160+openldap (2.4.46+dfsg-5ubuntu1) cosmic; urgency=medium
1161+
1162+ * Merge from Debian unstable. Remaining changes:
1163+ - Enable AppArmor support:
1164+ - d/apparmor-profile: add AppArmor profile
1165+ - d/rules: use dh_apparmor
1166+ - d/control: Build-Depends on dh-apparmor
1167+ - d/slapd.README.Debian: add note about AppArmor
1168+ - Enable GSSAPI support:
1169+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1170+ - Add --with-gssapi support
1171+ - Make guess_service_principal() more robust when determining
1172+ principal
1173+ - d/configure.options: Configure with --with-gssapi
1174+ - d/control: Added heimdal-dev as a build depend
1175+ - d/rules:
1176+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
1177+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1178+ - Enable ufw support:
1179+ - d/control: suggest ufw.
1180+ - d/rules: install ufw profile.
1181+ - d/slapd.ufw.profile: add ufw profile.
1182+ - Enable nss overlay:
1183+ - d/{patches/nssov-build,rules}: Apply, build and package the
1184+ nss overlay.
1185+ - d/{rules,slapd.py}: Add apport hook.
1186+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1187+ either the default DIT nor via an Authn mapping.
1188+ - d/slapd.scripts-common:
1189+ - add slapcat_opts to local variables.
1190+ - Fix backup directory naming for multiple reconfiguration.
1191+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1192+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1193+ in the openldap library, as required by Likewise-Open
1194+ - Show distribution in version:
1195+ - d/control: added lsb-release
1196+ - d/patches/fix-ldap-distribution.patch: show distribution in version
1197+ - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1198+ - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1199+ - GSSAPI support was enabled in 2.4.18-0ubuntu2
1200+
1201+ -- Gianfranco Costamagna <locutusofborg@debian.org> Wed, 09 May 2018 13:44:37 +0200
1202+
1203 openldap (2.4.46+dfsg-5) unstable; urgency=medium
1204
1205 * Restore slapd-smbk5pwd now that libldap is installable in unstable.
1206@@ -549,6 +1563,49 @@ openldap (2.4.46+dfsg-3) unstable; urgency=medium
1207
1208 -- Ryan Tandy <ryan@nardis.ca> Fri, 04 May 2018 07:36:58 -0700
1209
1210+openldap (2.4.46+dfsg-2ubuntu1) cosmic; urgency=low
1211+
1212+ * Merge from Debian unstable. Remaining changes:
1213+ - Enable AppArmor support:
1214+ - d/apparmor-profile: add AppArmor profile
1215+ - d/rules: use dh_apparmor
1216+ - d/control: Build-Depends on dh-apparmor
1217+ - d/slapd.README.Debian: add note about AppArmor
1218+ - Enable GSSAPI support:
1219+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1220+ - Add --with-gssapi support
1221+ - Make guess_service_principal() more robust when determining
1222+ principal
1223+ - d/configure.options: Configure with --with-gssapi
1224+ - d/control: Added heimdal-dev as a build depend
1225+ - d/rules:
1226+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
1227+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1228+ - Enable ufw support:
1229+ - d/control: suggest ufw.
1230+ - d/rules: install ufw profile.
1231+ - d/slapd.ufw.profile: add ufw profile.
1232+ - Enable nss overlay:
1233+ - d/{patches/nssov-build,rules}: Apply, build and package the
1234+ nss overlay.
1235+ - d/{rules,slapd.py}: Add apport hook.
1236+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1237+ either the default DIT nor via an Authn mapping.
1238+ - d/slapd.scripts-common:
1239+ - add slapcat_opts to local variables.
1240+ - Fix backup directory naming for multiple reconfiguration.
1241+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1242+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1243+ in the openldap library, as required by Likewise-Open
1244+ - Show distribution in version:
1245+ - d/control: added lsb-release
1246+ - d/patches/fix-ldap-distribution.patch: show distribution in version
1247+ - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1248+ - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1249+ - GSSAPI support was enabled in 2.4.18-0ubuntu2
1250+
1251+ -- Gianfranco Costamagna <locutusofborg@debian.org> Fri, 04 May 2018 10:19:24 +0200
1252+
1253 openldap (2.4.46+dfsg-2) unstable; urgency=medium
1254
1255 * Remove version constraint from libldap-2.4-2 dependency on libldap-common.
1256@@ -578,6 +1635,49 @@ openldap (2.4.46+dfsg-1) unstable; urgency=medium
1257
1258 -- Ryan Tandy <ryan@nardis.ca> Thu, 03 May 2018 07:03:30 -0700
1259
1260+openldap (2.4.45+dfsg-1ubuntu1) artful; urgency=low
1261+
1262+ * Merge from Debian unstable. Remaining changes:
1263+ - Enable AppArmor support:
1264+ - d/apparmor-profile: add AppArmor profile
1265+ - d/rules: use dh_apparmor
1266+ - d/control: Build-Depends on dh-apparmor
1267+ - d/slapd.README.Debian: add note about AppArmor
1268+ - Enable GSSAPI support:
1269+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1270+ - Add --with-gssapi support
1271+ - Make guess_service_principal() more robust when determining
1272+ principal
1273+ - d/configure.options: Configure with --with-gssapi
1274+ - d/control: Added heimdal-dev as a build depend
1275+ - d/rules:
1276+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
1277+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1278+ - Enable ufw support:
1279+ - d/control: suggest ufw.
1280+ - d/rules: install ufw profile.
1281+ - d/slapd.ufw.profile: add ufw profile.
1282+ - Enable nss overlay:
1283+ - d/{patches/nssov-build,rules}: Apply, build and package the
1284+ nss overlay.
1285+ - d/{rules,slapd.py}: Add apport hook.
1286+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1287+ either the default DIT nor via an Authn mapping.
1288+ - d/slapd.scripts-common:
1289+ - add slapcat_opts to local variables.
1290+ - Fix backup directory naming for multiple reconfiguration.
1291+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1292+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1293+ in the openldap library, as required by Likewise-Open
1294+ - Show distribution in version:
1295+ - d/control: added lsb-release
1296+ - d/patches/fix-ldap-distribution.patch: show distribution in version
1297+ - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1298+ - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1299+ - GSSAPI support was enabled in 2.4.18-0ubuntu2
1300+
1301+ -- Gianfranco Costamagna <locutusofborg@debian.org> Fri, 28 Jul 2017 14:49:07 +0200
1302+
1303 openldap (2.4.45+dfsg-1) unstable; urgency=medium
1304
1305 * New upstream release.
1306@@ -619,6 +1719,49 @@ openldap (2.4.45+dfsg-1) unstable; urgency=medium
1307
1308 -- Ryan Tandy <ryan@nardis.ca> Thu, 27 Jul 2017 18:04:41 -0700
1309
1310+openldap (2.4.44+dfsg-8ubuntu1) artful; urgency=low
1311+
1312+ * Merge from Debian unstable. Remaining changes:
1313+ - Enable AppArmor support:
1314+ - d/apparmor-profile: add AppArmor profile
1315+ - d/rules: use dh_apparmor
1316+ - d/control: Build-Depends on dh-apparmor
1317+ - d/slapd.README.Debian: add note about AppArmor
1318+ - Enable GSSAPI support:
1319+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1320+ - Add --with-gssapi support
1321+ - Make guess_service_principal() more robust when determining
1322+ principal
1323+ - d/configure.options: Configure with --with-gssapi
1324+ - d/control: Added heimdal-dev as a build depend
1325+ - d/rules:
1326+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
1327+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1328+ - Enable ufw support:
1329+ - d/control: suggest ufw.
1330+ - d/rules: install ufw profile.
1331+ - d/slapd.ufw.profile: add ufw profile.
1332+ - Enable nss overlay:
1333+ - d/{patches/nssov-build,rules}: Apply, build and package the
1334+ nss overlay.
1335+ - d/{rules,slapd.py}: Add apport hook.
1336+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1337+ either the default DIT nor via an Authn mapping.
1338+ - d/slapd.scripts-common:
1339+ - add slapcat_opts to local variables.
1340+ - Fix backup directory naming for multiple reconfiguration.
1341+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1342+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1343+ in the openldap library, as required by Likewise-Open
1344+ - Show distribution in version:
1345+ - d/control: added lsb-release
1346+ - d/patches/fix-ldap-distribution.patch: show distribution in version
1347+ - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1348+ - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1349+ - GSSAPI support was enabled in 2.4.18-0ubuntu2
1350+
1351+ -- Gianfranco Costamagna <locutusofborg@debian.org> Mon, 17 Jul 2017 10:58:24 +0200
1352+
1353 openldap (2.4.44+dfsg-8) unstable; urgency=medium
1354
1355 * Disable test060-mt-hot on ppc64el temporarily to avoid failing tests until
1356@@ -629,6 +1772,52 @@ openldap (2.4.44+dfsg-8) unstable; urgency=medium
1357
1358 -- Ryan Tandy <ryan@nardis.ca> Sun, 16 Jul 2017 12:57:41 -0700
1359
1360+openldap (2.4.44+dfsg-7ubuntu1) artful; urgency=medium
1361+
1362+ * Merge from Debian unstable. Remaining changes:
1363+ - Enable AppArmor support:
1364+ - d/apparmor-profile: add AppArmor profile
1365+ - d/rules: use dh_apparmor
1366+ - d/control: Build-Depends on dh-apparmor
1367+ - d/slapd.README.Debian: add note about AppArmor
1368+ - Enable GSSAPI support:
1369+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1370+ - Add --with-gssapi support
1371+ - Make guess_service_principal() more robust when determining
1372+ principal
1373+ - d/configure.options: Configure with --with-gssapi
1374+ - d/control: Added heimdal-dev as a build depend
1375+ - d/rules:
1376+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
1377+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1378+ - Enable ufw support:
1379+ - d/control: suggest ufw.
1380+ - d/rules: install ufw profile.
1381+ - d/slapd.ufw.profile: add ufw profile.
1382+ - Enable nss overlay:
1383+ - d/{patches/nssov-build,rules}: Apply, build and package the
1384+ nss overlay.
1385+ - d/{rules,slapd.py}: Add apport hook.
1386+ [ d/rules modification mentioned above was dropped in
1387+ 2.4.23-6ubuntu1, re-adding it ]
1388+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1389+ either the default DIT nor via an Authn mapping.
1390+ - d/slapd.scripts-common:
1391+ - add slapcat_opts to local variables.
1392+ - Fix backup directory naming for multiple reconfiguration.
1393+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1394+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1395+ in the openldap library, as required by Likewise-Open
1396+ - Show distribution in version:
1397+ - d/control: added lsb-release
1398+ - d/patches/fix-ldap-distribution.patch: show distribution in version
1399+ [ Refreshed patch ]
1400+ - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1401+ - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1402+ - GSSAPI support was enabled in 2.4.18-0ubuntu2
1403+
1404+ -- Gianfranco Costamagna <locutusofborg@debian.org> Tue, 27 Jun 2017 10:21:41 +0200
1405+
1406 openldap (2.4.44+dfsg-7) unstable; urgency=medium
1407
1408 * Relax the dependency of libldap-2.4-2 on libldap-common to also permit
1409@@ -636,6 +1825,52 @@ openldap (2.4.44+dfsg-7) unstable; urgency=medium
1410
1411 -- Ryan Tandy <ryan@nardis.ca> Tue, 27 Jun 2017 18:53:12 -0700
1412
1413+openldap (2.4.44+dfsg-6ubuntu1) artful; urgency=medium
1414+
1415+ * Merge from Debian unstable. Remaining changes:
1416+ - Enable AppArmor support:
1417+ - d/apparmor-profile: add AppArmor profile
1418+ - d/rules: use dh_apparmor
1419+ - d/control: Build-Depends on dh-apparmor
1420+ - d/slapd.README.Debian: add note about AppArmor
1421+ - Enable GSSAPI support:
1422+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1423+ - Add --with-gssapi support
1424+ - Make guess_service_principal() more robust when determining
1425+ principal
1426+ - d/configure.options: Configure with --with-gssapi
1427+ - d/control: Added heimdal-dev as a build depend
1428+ - d/rules:
1429+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
1430+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1431+ - Enable ufw support:
1432+ - d/control: suggest ufw.
1433+ - d/rules: install ufw profile.
1434+ - d/slapd.ufw.profile: add ufw profile.
1435+ - Enable nss overlay:
1436+ - d/{patches/nssov-build,rules}: Apply, build and package the
1437+ nss overlay.
1438+ - d/{rules,slapd.py}: Add apport hook.
1439+ [ d/rules modification mentioned above was dropped in
1440+ 2.4.23-6ubuntu1, re-adding it ]
1441+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1442+ either the default DIT nor via an Authn mapping.
1443+ - d/slapd.scripts-common:
1444+ - add slapcat_opts to local variables.
1445+ - Fix backup directory naming for multiple reconfiguration.
1446+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1447+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1448+ in the openldap library, as required by Likewise-Open
1449+ - Show distribution in version:
1450+ - d/control: added lsb-release
1451+ - d/patches/fix-ldap-distribution.patch: show distribution in version
1452+ [ Refreshed patch ]
1453+ - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1454+ - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1455+ - GSSAPI support was enabled in 2.4.18-0ubuntu2
1456+
1457+ -- Gianfranco Costamagna <locutusofborg@debian.org> Tue, 27 Jun 2017 10:21:41 +0200
1458+
1459 openldap (2.4.44+dfsg-6) unstable; urgency=medium
1460
1461 * Update the list of non-translatable strings for the
1462@@ -644,6 +1879,54 @@ openldap (2.4.44+dfsg-6) unstable; urgency=medium
1463
1464 -- Ryan Tandy <ryan@nardis.ca> Mon, 26 Jun 2017 19:42:02 -0700
1465
1466+openldap (2.4.44+dfsg-5ubuntu1) artful; urgency=medium
1467+
1468+ * Merge from Debian unstable. Remaining changes:
1469+ - Enable AppArmor support:
1470+ - d/apparmor-profile: add AppArmor profile
1471+ - d/rules: use dh_apparmor
1472+ - d/control: Build-Depends on dh-apparmor
1473+ - d/slapd.README.Debian: add note about AppArmor
1474+ - Enable GSSAPI support:
1475+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1476+ - Add --with-gssapi support
1477+ - Make guess_service_principal() more robust when determining
1478+ principal
1479+ - d/configure.options: Configure with --with-gssapi
1480+ - d/control: Added heimdal-dev as a build depend
1481+ - d/rules:
1482+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
1483+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1484+ - Enable ufw support:
1485+ - d/control: suggest ufw.
1486+ - d/rules: install ufw profile.
1487+ - d/slapd.ufw.profile: add ufw profile.
1488+ - Enable nss overlay:
1489+ - d/{patches/nssov-build,rules}: Apply, build and package the
1490+ nss overlay.
1491+ - d/{rules,slapd.py}: Add apport hook.
1492+ [ d/rules modification mentioned above was dropped in
1493+ 2.4.23-6ubuntu1, re-adding it ]
1494+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1495+ either the default DIT nor via an Authn mapping.
1496+ - d/slapd.scripts-common:
1497+ - add slapcat_opts to local variables.
1498+ - Fix backup directory naming for multiple reconfiguration.
1499+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1500+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1501+ in the openldap library, as required by Likewise-Open
1502+ - Show distribution in version:
1503+ - d/control: added lsb-release
1504+ - d/patches/fix-ldap-distribution.patch: show distribution in version
1505+ [ Refreshed patch ]
1506+ - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1507+ - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1508+ - GSSAPI support was enabled in 2.4.18-0ubuntu2
1509+ [ undocumented in prior merge, added in 2.4.41+dfsg-1ubuntu1 ]
1510+ - Fix use after free with GnuTLS. (LP #1557248)
1511+
1512+ -- Gianfranco Costamagna <locutusofborg@debian.org> Sun, 28 May 2017 22:43:50 +0200
1513+
1514 openldap (2.4.44+dfsg-5) unstable; urgency=medium
1515
1516 * debian/patches/ITS-8644-wait-for-slapd-to-start-in-test064.patch: Fix an
1517@@ -655,6 +1938,54 @@ openldap (2.4.44+dfsg-5) unstable; urgency=medium
1518
1519 -- Ryan Tandy <ryan@nardis.ca> Sun, 28 May 2017 09:59:46 -0700
1520
1521+openldap (2.4.44+dfsg-4ubuntu1) artful; urgency=low
1522+
1523+ * Merge from Debian unstable. Remaining changes:
1524+ - Enable AppArmor support:
1525+ - d/apparmor-profile: add AppArmor profile
1526+ - d/rules: use dh_apparmor
1527+ - d/control: Build-Depends on dh-apparmor
1528+ - d/slapd.README.Debian: add note about AppArmor
1529+ - Enable GSSAPI support:
1530+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1531+ - Add --with-gssapi support
1532+ - Make guess_service_principal() more robust when determining
1533+ principal
1534+ - d/configure.options: Configure with --with-gssapi
1535+ - d/control: Added heimdal-dev as a build depend
1536+ - d/rules:
1537+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
1538+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1539+ - Enable ufw support:
1540+ - d/control: suggest ufw.
1541+ - d/rules: install ufw profile.
1542+ - d/slapd.ufw.profile: add ufw profile.
1543+ - Enable nss overlay:
1544+ - d/{patches/nssov-build,rules}: Apply, build and package the
1545+ nss overlay.
1546+ - d/{rules,slapd.py}: Add apport hook.
1547+ [ d/rules modification mentioned above was dropped in
1548+ 2.4.23-6ubuntu1, re-adding it ]
1549+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1550+ either the default DIT nor via an Authn mapping.
1551+ - d/slapd.scripts-common:
1552+ - add slapcat_opts to local variables.
1553+ - Fix backup directory naming for multiple reconfiguration.
1554+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1555+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1556+ in the openldap library, as required by Likewise-Open
1557+ - Show distribution in version:
1558+ - d/control: added lsb-release
1559+ - d/patches/fix-ldap-distribution.patch: show distribution in version
1560+ [ Refreshed patch ]
1561+ - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1562+ - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1563+ - GSSAPI support was enabled in 2.4.18-0ubuntu2
1564+ [ undocumented in prior merge, added in 2.4.41+dfsg-1ubuntu1 ]
1565+ - Fix use after free with GnuTLS. (LP #1557248)
1566+
1567+ -- Gianfranco Costamagna <locutusofborg@debian.org> Sat, 22 Apr 2017 14:28:54 +0200
1568+
1569 openldap (2.4.44+dfsg-4) unstable; urgency=medium
1570
1571 * Improve the slapd/ppolicy_schema_needs_update debconf template. Thanks to
1572@@ -701,6 +2032,67 @@ openldap (2.4.44+dfsg-4) unstable; urgency=medium
1573
1574 -- Ryan Tandy <ryan@nardis.ca> Sun, 16 Apr 2017 20:10:43 -0700
1575
1576+openldap (2.4.44+dfsg-3ubuntu2) zesty; urgency=medium
1577+
1578+ * d/rules: Fix typo in previous upload.
1579+
1580+ -- Nishanth Aravamudan <nish.aravamudan@canonical.com> Fri, 10 Feb 2017 12:17:02 -0800
1581+
1582+openldap (2.4.44+dfsg-3ubuntu1) zesty; urgency=medium
1583+
1584+ * Merge with Debian unstable (LP: #1663702, LP: #1654416). Remaining
1585+ changes
1586+ - Enable AppArmor support:
1587+ - d/apparmor-profile: add AppArmor profile
1588+ - d/rules: use dh_apparmor
1589+ - d/control: Build-Depends on dh-apparmor
1590+ - d/slapd.README.Debian: add note about AppArmor
1591+ - Enable GSSAPI support:
1592+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1593+ - Add --with-gssapi support
1594+ - Make guess_service_principal() more robust when determining
1595+ principal
1596+ - d/configure.options: Configure with --with-gssapi
1597+ - d/control: Added heimdal-dev as a build depend
1598+ - d/rules:
1599+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
1600+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1601+ - Enable ufw support:
1602+ - d/control: suggest ufw.
1603+ - d/rules: install ufw profile.
1604+ - d/slapd.ufw.profile: add ufw profile.
1605+ - Enable nss overlay:
1606+ - d/{patches/nssov-build,rules}: Apply, build and package the
1607+ nss overlay.
1608+ - d/{rules,slapd.py}: Add apport hook.
1609+ [ d/rules modification mentioned above was dropped in
1610+ 2.4.23-6ubuntu1, re-adding it ]
1611+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1612+ either the default DIT nor via an Authn mapping.
1613+ - d/slapd.scripts-common:
1614+ - add slapcat_opts to local variables.
1615+ - Fix backup directory naming for multiple reconfiguration.
1616+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1617+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1618+ in the openldap library, as required by Likewise-Open
1619+ - Show distribution in version:
1620+ - d/control: added lsb-release
1621+ - d/patches/fix-ldap-distribution.patch: show distribution in version
1622+ [ Refreshed patch ]
1623+ - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1624+ - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1625+ - GSSAPI support was enabled in 2.4.18-0ubuntu2
1626+ [ undocumented in prior merge, added in 2.4.41+dfsg-1ubuntu1 ]
1627+ - Fix use after free with GnuTLS. (LP #1557248)
1628+ * Drop:
1629+ - d/slapd.scripts-common:
1630+ + Remove unused variable new_conf.
1631+ [ configure_v2_protocol_support function removed in 2.4.44+dfsg-1 ]
1632+ - d/b/config.log: add config.log
1633+ [ previously undocumented, stray change ]
1634+
1635+ -- Nishanth Aravamudan <nish.aravamudan@canonical.com> Fri, 10 Feb 2017 11:38:57 -0800
1636+
1637 openldap (2.4.44+dfsg-3) unstable; urgency=medium
1638
1639 * Apply upstream patch to fix FTBFS on kFreeBSD. (Closes: #845394)
1640@@ -773,6 +2165,73 @@ openldap (2.4.44+dfsg-1) unstable; urgency=medium
1641
1642 -- Ryan Tandy <ryan@nardis.ca> Mon, 14 Nov 2016 18:59:30 -0800
1643
1644+openldap (2.4.42+dfsg-2ubuntu5) zesty; urgency=medium
1645+
1646+ * No-change rebuild for perl 5.24 transition
1647+
1648+ -- Iain Lane <iain@orangesquash.org.uk> Mon, 24 Oct 2016 10:37:13 +0100
1649+
1650+openldap (2.4.42+dfsg-2ubuntu4) yakkety; urgency=medium
1651+
1652+ * Fix use after free with GnuTLS. (LP: #1557248)
1653+
1654+ -- Maciej Puzio <maciej@work.swmed.edu> Fri, 25 Mar 2016 15:24:25 -0500
1655+
1656+openldap (2.4.42+dfsg-2ubuntu3) xenial; urgency=medium
1657+
1658+ * Fix building with gssapi suppport:
1659+ - Explicitly add -I/usr/include/heimdal to CFLAGS.
1660+ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1661+
1662+ -- Matthias Klose <doko@ubuntu.com> Thu, 18 Feb 2016 09:17:27 +0100
1663+
1664+openldap (2.4.42+dfsg-2ubuntu2) xenial; urgency=medium
1665+
1666+ * No-change rebuild for gnutls transition.
1667+
1668+ -- Matthias Klose <doko@ubuntu.com> Wed, 17 Feb 2016 22:27:04 +0000
1669+
1670+openldap (2.4.42+dfsg-2ubuntu1) xenial; urgency=medium
1671+
1672+ * Merge from Debian testing (LP: #1532648). Remaining changes:
1673+ - Enable AppArmor support:
1674+ - d/apparmor-profile: add AppArmor profile
1675+ - d/rules: use dh_apparmor
1676+ - d/control: Build-Depends on dh-apparmor
1677+ - d/slapd.README.Debian: add note about AppArmor
1678+ - Enable GSSAPI support:
1679+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1680+ - Add --with-gssapi support
1681+ - Make guess_service_principal() more robust when determining
1682+ principal
1683+ - d/configure.options: Configure with --with-gssapi
1684+ - d/control: Added heimdal-dev as a build depend
1685+ - Enable ufw support:
1686+ - d/control: suggest ufw.
1687+ - d/rules: install ufw profile.
1688+ - d/slapd.ufw.profile: add ufw profile.
1689+ - Enable nss overlay:
1690+ - d/{patches/nssov-build,rules}: Apply, build and package the
1691+ nss overlay.
1692+ - d/{rules,slapd.py}: Add apport hook.
1693+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1694+ either the default DIT nor via an Authn mapping.
1695+ - d/slapd.scripts-common:
1696+ - add slapcat_opts to local variables.
1697+ - Remove unused variable new_conf.
1698+ - Fix backup directory naming for multiple reconfiguration.
1699+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1700+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1701+ in the openldap library, as required by Likewise-Open
1702+ - Show distribution in version:
1703+ - d/control: added lsb-release
1704+ - d/patches/fix-ldap-distribution.patch: show distribution in version
1705+ * Drop CVE-2015-6908.patch, included in Debian.
1706+ * Remove DEB_HOST_ARCH from debian/rules: left over from when mdb was
1707+ disabled on ppc64el, no longer used, and missed in the previous merge.
1708+
1709+ -- Ryan Tandy <ryan@nardis.ca> Sun, 10 Jan 2016 15:50:53 -0800
1710+
1711 openldap (2.4.42+dfsg-2) unstable; urgency=medium
1712
1713 [ Ryan Tandy ]
1714@@ -840,6 +2299,71 @@ openldap (2.4.42+dfsg-1) unstable; urgency=medium
1715
1716 -- Ryan Tandy <ryan@nardis.ca> Fri, 21 Aug 2015 13:07:51 -0700
1717
1718+openldap (2.4.41+dfsg-1ubuntu3) xenial; urgency=medium
1719+
1720+ * Rebuild for Perl 5.22.1.
1721+
1722+ -- Colin Watson <cjwatson@ubuntu.com> Fri, 18 Dec 2015 15:10:17 +0000
1723+
1724+openldap (2.4.41+dfsg-1ubuntu2) wily; urgency=medium
1725+
1726+ * SECURITY UPDATE: denial of service via crafted BER data
1727+ - debian/patches/CVE-2015-6908.patch: remove obsolete assert in
1728+ libraries/liblber/io.c.
1729+ - CVE-2015-6908
1730+
1731+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 14 Sep 2015 10:25:04 -0400
1732+
1733+openldap (2.4.41+dfsg-1ubuntu1) wily; urgency=medium
1734+
1735+ * Merge from Debian testing (LP: #1471831). Remaining changes:
1736+ - Enable AppArmor support:
1737+ - d/apparmor-profile: add AppArmor profile
1738+ - d/rules: use dh_apparmor
1739+ - d/control: Build-Depends on dh-apparmor
1740+ - d/slapd.README.Debian: add note about AppArmor
1741+ - Enable GSSAPI support:
1742+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1743+ - Add --with-gssapi support
1744+ - Make guess_service_principal() more robust when determining
1745+ principal
1746+ - d/configure.options: Configure with --with-gssapi
1747+ - d/control: Added heimdal-dev as a build depend
1748+ - Enable ufw support:
1749+ - d/control: suggest ufw.
1750+ - d/rules: install ufw profile.
1751+ - d/slapd.ufw.profile: add ufw profile.
1752+ - Enable nss overlay:
1753+ - d/{patches/nssov-build,rules}: Apply, build and package the
1754+ nss overlay.
1755+ - d/{rules,slapd.py}: Add apport hook.
1756+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1757+ either the default DIT nor via an Authn mapping.
1758+ - d/slapd.scripts-common:
1759+ - add slapcat_opts to local variables.
1760+ - Remove unused variable new_conf.
1761+ - Fix backup directory naming for multiple reconfiguration.
1762+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1763+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1764+ in the openldap library, as required by Likewise-Open
1765+ - Show distribution in version:
1766+ - d/control: added lsb-release
1767+ - d/patches/fix-ldap-distribution.patch: show distribution in version
1768+ * Dropped changes:
1769+ - Fix cpp calls for GCC 5: fixed upstream (ITS#8056)
1770+ * Upstream fixes:
1771+ - slapd crash with auditlog overlay and large (~27KB) attribute values
1772+ (ITS#8003) (LP: #1461276)
1773+ - nssov updated to support recent nss-pam-ldapd client libraries
1774+ (ITS#8097) (LP: #1393306)
1775+ * Update d/patches/nssov-build for upstream changes.
1776+ * Tweak d/patches/gssapi.diff to apply without fuzz.
1777+ * d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1778+ - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1779+ - GSSAPI support was enabled in 2.4.18-0ubuntu2
1780+
1781+ -- Ryan Tandy <ryan@nardis.ca> Fri, 24 Jul 2015 14:12:06 -0700
1782+
1783 openldap (2.4.41+dfsg-1) unstable; urgency=medium
1784
1785 * New upstream release.
1786@@ -859,6 +2383,62 @@ openldap (2.4.40+dfsg-2) unstable; urgency=medium
1787
1788 -- Ryan Tandy <ryan@nardis.ca> Sun, 28 Jun 2015 20:40:37 -0700
1789
1790+openldap (2.4.40+dfsg-1ubuntu2) wily; urgency=medium
1791+
1792+ * No-change rebuild for the libnettle6 transition.
1793+
1794+ -- Adam Conrad <adconrad@ubuntu.com> Sun, 14 Jun 2015 03:58:30 -0600
1795+
1796+openldap (2.4.40+dfsg-1ubuntu1) wily; urgency=low
1797+
1798+ * Merge from Debian testing (LP: #1395098, LP: #1316124). Remaining changes:
1799+ - Enable AppArmor support:
1800+ - d/apparmor-profile: add AppArmor profile
1801+ - d/rules: use dh_apparmor
1802+ - d/control: Build-Depends on dh-apparmor
1803+ - d/slapd.README.Debian: add note about AppArmor
1804+ - Enable GSSAPI support:
1805+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1806+ - Add --with-gssapi support
1807+ - Make guess_service_principal() more robust when determining
1808+ principal
1809+ - d/configure.options: Configure with --with-gssapi
1810+ - d/control: Added heimdal-dev as a build depend
1811+ - Enable ufw support:
1812+ - d/control: suggest ufw.
1813+ - d/rules: install ufw profile.
1814+ - d/slapd.ufw.profile: add ufw profile.
1815+ - Enable nss overlay:
1816+ - d/{patches/nssov-build,rules}: Apply, build and package the
1817+ nss overlay.
1818+ - d/{rules,slapd.py}: Add apport hook.
1819+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1820+ either the default DIT nor via an Authn mapping.
1821+ - d/slapd.scripts-common:
1822+ - add slapcat_opts to local variables.
1823+ - Remove unused variable new_conf.
1824+ - Fix backup directory naming for multiple reconfiguration.
1825+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1826+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1827+ in the openldap library, as required by Likewise-Open
1828+ - Show distribution in version:
1829+ - d/control: added lsb-release
1830+ - d/patches/fix-ldap-distribution.patch: show distribution in version
1831+ * Drop patches included upstream:
1832+ - d/patches/0001-ITS-7430-GnuTLS-Avoid-use-of-deprecated-function.patch
1833+ - d/patches/bdb-deadlock.patch
1834+ - d/patches/its-7354-fix-delta-sync-mmr.diff
1835+ * Drop hardening-wrapper as Debian now sets PIE and bindnow flags.
1836+ * debian/patches/nssov-build: Adjust for upstream changes.
1837+ * debian/apparmor-profile:
1838+ - Change 'r' to 'rw' for ldapi and nslcd sockets, required for apparmor
1839+ kernel ABI v7 (utopic and later). (LP: #1392018)
1840+ - Reduce permissions on /run/nslcd to just the nslcd socket.
1841+ * Enable the mdb backend again on ppc64el, fixed upstream in ITS#7713.
1842+ (LP: #1293250)
1843+
1844+ -- Ryan Tandy <ryan@nardis.ca> Mon, 25 May 2015 19:49:21 -0700
1845+
1846 openldap (2.4.40+dfsg-1) unstable; urgency=medium
1847
1848 * Remove inetorgperson.schema from the upstream source. Replace it with a
1849@@ -1047,6 +2627,187 @@ openldap (2.4.39-1) unstable; urgency=low
1850
1851 -- Steve Langasek <vorlon@debian.org> Mon, 17 Mar 2014 15:27:31 -0700
1852
1853+openldap (2.4.31-1+nmu2ubuntu12) vivid; urgency=medium
1854+
1855+ * Fix cpp calls for GCC 5.
1856+
1857+ -- Matthias Klose <doko@ubuntu.com> Fri, 06 Mar 2015 13:23:29 +0100
1858+
1859+openldap (2.4.31-1+nmu2ubuntu11) utopic; urgency=medium
1860+
1861+ * debian/apparmor-profile:
1862+ - allow p11-kit abstraction
1863+ - allow read of /etc/gss/mech.d/*
1864+
1865+ -- Jamie Strandboge <jamie@ubuntu.com> Tue, 02 Sep 2014 15:29:05 -0500
1866+
1867+openldap (2.4.31-1+nmu2ubuntu10) utopic; urgency=medium
1868+
1869+ * Rebuild for Perl 5.20.0.
1870+
1871+ -- Colin Watson <cjwatson@ubuntu.com> Thu, 21 Aug 2014 13:29:20 +0100
1872+
1873+openldap (2.4.31-1+nmu2ubuntu9) utopic; urgency=medium
1874+
1875+ * Cherry-pick upstream patch for compat with recent GNUTLS.
1876+ * Build-depend on libgnutls28-dev.
1877+ * Build-depend on libgcrypt20-dev.
1878+
1879+ -- Dimitri John Ledkov <xnox@ubuntu.com> Fri, 08 Aug 2014 11:01:56 +0100
1880+
1881+openldap (2.4.31-1+nmu2ubuntu8) trusty; urgency=medium
1882+
1883+ * Bump database_format_changed value to 2.4.31-1+nmu2ubuntu5 for db5.3.
1884+
1885+ -- Adam Conrad <adconrad@ubuntu.com> Mon, 17 Mar 2014 12:50:18 -0600
1886+
1887+openldap (2.4.31-1+nmu2ubuntu7) trusty; urgency=medium
1888+
1889+ * Disable mdb backend on ppc64el due to test-suite failures.
1890+
1891+ -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 17 Mar 2014 16:32:29 +0000
1892+
1893+openldap (2.4.31-1+nmu2ubuntu6) trusty; urgency=low
1894+
1895+ * Fix segfault issue with master-master syncrepl (LP: #1287730):
1896+ - d/patches/its-7354-fix-delta-sync-mmr.diff: Cherry picked
1897+ patch from upstream VCS.
1898+
1899+ -- Pierre Fersing <pfersing@sierrawireless.com> Tue, 04 Mar 2014 16:04:57 +0100
1900+
1901+openldap (2.4.31-1+nmu2ubuntu5) trusty; urgency=low
1902+
1903+ * Build-depend on libdb5.3-dev, instead of libdb5.1-dev.
1904+
1905+ -- Dmitrijs Ledkovs <xnox@ubuntu.com> Mon, 04 Nov 2013 08:04:30 +0000
1906+
1907+openldap (2.4.31-1+nmu2ubuntu4) trusty; urgency=low
1908+
1909+ * Rebuild for Perl 5.18.
1910+
1911+ -- Colin Watson <cjwatson@ubuntu.com> Tue, 22 Oct 2013 12:16:39 +0100
1912+
1913+openldap (2.4.31-1+nmu2ubuntu3) saucy; urgency=low
1914+
1915+ * Update build/config.guess and build/config.sub at build time; this was
1916+ not done automatically because the top-level configure.in does not use
1917+ Automake.
1918+
1919+ -- Colin Watson <cjwatson@ubuntu.com> Tue, 08 Oct 2013 17:24:59 +0100
1920+
1921+openldap (2.4.31-1+nmu2ubuntu2) saucy; urgency=low
1922+
1923+ * debian/control: added lsb-release
1924+ * debian/patches/fix-ldap-distribution.patch: show distribution in version
1925+
1926+ -- Yolanda Robla <yolanda.robla@canonical.com> Mon, 08 Jul 2013 16:53:09 +0200
1927+
1928+openldap (2.4.31-1+nmu2ubuntu1) saucy; urgency=low
1929+
1930+ * Merge from Debian unstable. Remaining changes:
1931+ - Enable AppArmor support:
1932+ - d/apparmor-profile: add AppArmor profile
1933+ - d/rules: use dh_apparmor
1934+ - d/control: Build-Depends on dh-apparmor
1935+ - d/slapd.README.Debian: add note about AppArmor
1936+ - d/slapd.dirs: add etc/apparmor.d/force-complain
1937+ - Enable GSSAPI support:
1938+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1939+ - Add --with-gssapi support
1940+ - Make guess_service_principal() more robust when determining
1941+ principal
1942+ - d/configure.options: Configure with --with-gssapi
1943+ - d/control: Added libkrb5-dev as a build depend
1944+ - Enable ufw support:
1945+ - d/control: suggest ufw.
1946+ - d/rules: install ufw profile.
1947+ - d/slapd.ufw.profile: add ufw profile.
1948+ - Enable nss overlay:
1949+ - d/{patches/nssov-build,/rules}: Apply, build and package the
1950+ nss overlay.
1951+ - d/{rules,slapd.py}: Add apport hook.
1952+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1953+ either the default DIT nor via an Authn mapping.
1954+ - d/slapd.scripts-common:
1955+ - add slapcat_opts to local variables.
1956+ - Remove unused variable new_conf.
1957+ - Fix backup directory naming for multiple reconfiguration.
1958+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1959+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1960+ in the openldap library, as required by Likewise-Open
1961+ - d/{control,rules}: enable PIE hardening
1962+
1963+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 30 May 2013 13:03:25 -0400
1964+
1965+openldap (2.4.31-1+nmu2) unstable; urgency=high
1966+
1967+ * Non-maintainer upload.
1968+ * No-change rebuild in a clean environment
1969+
1970+ -- Jonathan Wiltshire <jmw@debian.org> Tue, 23 Apr 2013 13:10:00 +0100
1971+
1972+openldap (2.4.31-1+nmu1) unstable; urgency=medium
1973+
1974+ * Non-maintainer upload.
1975+ * Avoid deadlocks in back-bdb that truncate slapcat output (closes: #673038).
1976+
1977+ -- Michael Gilbert <mgilbert@debian.org> Tue, 16 Apr 2013 03:35:31 +0000
1978+
1979+openldap (2.4.31-1ubuntu2) quantal-proposed; urgency=low
1980+
1981+ * debian/slapd.py: Add AppArmor info and logs to apport hook.
1982+
1983+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 20 Aug 2012 08:46:02 -0400
1984+
1985+openldap (2.4.31-1ubuntu1) quantal; urgency=low
1986+
1987+ * Merge from Debian unstable. Remaining changes:
1988+ - Enable AppArmor support:
1989+ - d/apparmor-profile: add AppArmor profile
1990+ - d/rules: use dh_apparmor
1991+ - d/control: Build-Depends on dh-apparmor
1992+ - d/slapd.README.Debian: add note about AppArmor
1993+ - d/slapd.dirs: add etc/apparmor.d/force-complain
1994+ - Enable GSSAPI support (LP: #495418):
1995+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1996+ - Add --with-gssapi support
1997+ - Make guess_service_principal() more robust when determining
1998+ principal
1999+ - d/configure.options: Configure with --with-gssapi
2000+ - d/control: Added libkrb5-dev as a build depend
2001+ - Enable ufw support (LP: #423246):
2002+ - d/control: suggest ufw.
2003+ - d/rules: install ufw profile.
2004+ - d/slapd.ufw.profile: add ufw profile.
2005+ - Enable nss overlay (LP: #675391):
2006+ - d/{patches/nssov-build,/rules}: Apply, build and package the
2007+ nss overlay.
2008+ - d/{rules,slapd.py}: Add apport hook. (LP: #610544)
2009+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
2010+ either the default DIT nor via an Authn mapping.
2011+ - d/slapd.scripts-common:
2012+ - add slapcat_opts to local variables.
2013+ - Remove unused variable new_conf.
2014+ - Fix backup directory naming for multiple reconfiguration.
2015+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
2016+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
2017+ in the openldap library, as required by Likewise-Open (LP: #390579)
2018+ - d/{control,rules}: enable PIE hardening
2019+ * Dropped changes:
2020+ - d/patches/its-7107-fix-Operation-init-on-reuse.diff: Included in upstream release.
2021+ - d/patches/CVE-2011-4079: Included in upstream release.
2022+ - d/patches/service-operational-before-detach: Included in upstream release.
2023+ - d/schema/extra/misc.ldif: Included upstream.
2024+ - d/{rules,schema/extra}: Fix configure and clean rules to support
2025+ extra schemas shipped as part of the debian/schema/ directory; no longer required.
2026+ - Included in Debian:
2027+ + Document cn=config in README file.
2028+ + Install a default DIT; actually a minimal configuration.
2029+ + d/patches/heimdal-fix.
2030+ * General tidy of d/patches to remove obsolete patches being held in Ubuntu delta.
2031+
2032+ -- James Page <james.page@ubuntu.com> Fri, 20 Jul 2012 13:48:32 +0100
2033+
2034 openldap (2.4.31-1) unstable; urgency=low
2035
2036 * New upstream release.
2037@@ -1073,6 +2834,121 @@ openldap (2.4.31-1) unstable; urgency=low
2038
2039 -- Steve Langasek <vorlon@debian.org> Wed, 27 Jun 2012 03:27:34 +0000
2040
2041+openldap (2.4.28-1.1ubuntu6) quantal; urgency=low
2042+
2043+ * Fix issue with intermittent connection issues when using LDAPv3
2044+ protocol (LP: #1023025):
2045+ - d/patches/its-7107-fix-Operation-init-on-reuse.diff: Cherry picked
2046+ patch from upstream VCS which ensures objects are initialized before
2047+ re-use.
2048+
2049+ -- Pierre Fersing <pfersing@sierrawireless.com> Thu, 19 Jul 2012 14:05:09 +0100
2050+
2051+openldap (2.4.28-1.1ubuntu5) quantal; urgency=low
2052+
2053+ * debian/rules: Add smbk5pwd build.
2054+ * debian/control: Add slapd-smbk5pwd binary package.
2055+ * debian/patches/heimdal-fix: adapt parameters of
2056+ hdb_generate_key_set_password() to heimdal 1.6~git20120311
2057+ (patch from Debian #664930).
2058+
2059+ -- Jorge Salamero Sanz <bencer@debian.org> Wed, 18 Jul 2012 09:30:28 -0400
2060+
2061+openldap (2.4.28-1.1ubuntu4) precise; urgency=low
2062+
2063+ * debian/control: Build-Depends on dh-apparmor (LP: #948481)
2064+
2065+ -- Jamie Strandboge <jamie@ubuntu.com> Thu, 05 Apr 2012 09:34:37 -0500
2066+
2067+openldap (2.4.28-1.1ubuntu3) precise; urgency=low
2068+
2069+ * Add its-7176-only-poll-sockets-for-write-as-needed.diff
2070+ (LP: #932823).
2071+
2072+ -- Timo Aaltonen <tjaalton@ubuntu.com> Tue, 21 Feb 2012 15:36:29 +0200
2073+
2074+openldap (2.4.28-1.1ubuntu2) precise; urgency=low
2075+
2076+ * Remove debian/patches/CVE-2011-4079; it's already in this upstream
2077+ version. Fixes FTBFS.
2078+
2079+ -- Daniel T Chen <crimsun@ubuntu.com> Wed, 25 Jan 2012 17:26:17 -0500
2080+
2081+openldap (2.4.28-1.1ubuntu1) precise; urgency=low
2082+
2083+ * Merge from Debian testing. Remaining changes:
2084+ - Install a default DIT (LP: #442498).
2085+ - Document cn=config in README file (LP: #370784).
2086+ - remaining changes:
2087+ + AppArmor support:
2088+ - debian/apparmor-profile: add AppArmor profile
2089+ - use dh_apparmor:
2090+ - debian/rules: use dh_apparmor
2091+ - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
2092+ - updated debian/slapd.README.Debian for note on AppArmor
2093+ - debian/slapd.dirs: add etc/apparmor.d/force-complain
2094+ + Enable GSSAPI support (LP: #495418):
2095+ - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
2096+ - Add --with-gssapi support
2097+ - Make guess_service_principal() more robust when determining
2098+ principal
2099+ - debian/patches/series: apply gssapi.diff patch.
2100+ - debian/configure.options: Configure with --with-gssapi
2101+ - debian/control: Added libkrb5-dev as a build depend
2102+ + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
2103+ in the openldap library, as required by Likewise-Open (LP: #390579)
2104+ + Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
2105+ - debian/control:
2106+ - remove build-dependency on heimdal-dev.
2107+ - remove slapd-smbk5pwd binary package.
2108+ - debian/rules: don't build smbk5pwd slapd module.
2109+ + debian/{control,rules}: enable PIE hardening
2110+ + ufw support (LP: #423246):
2111+ - debian/control: suggest ufw.
2112+ - debian/rules: install ufw profile.
2113+ - debian/slapd.ufw.profile: add ufw profile.
2114+ + Enable nssoverlay:
2115+ - debian/patches/nssov-build, debian/series, debian/rules:
2116+ Apply, build and package the nss overlay.
2117+ - debian/schema/extra/misc.ldif: add ldif file for the misc schema
2118+ which defines rfc822MailMember (required by the nss overlay).
2119+ + debian/rules, debian/schema/extra/:
2120+ Fix configure rule to supports extra schemas shipped as part
2121+ of the debian/schema/ directory.
2122+ + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
2123+ + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
2124+ neither the default DIT nor via an Authn mapping.
2125+ + debian/slapd.scripts-common: adjust minimum version that triggers a
2126+ database upgrade. Upgrade from maverick shouldn't trigger database
2127+ upgrade (which would happen with the version used in Debian).
2128+ + debian/slapd.scripts-common: add slapcat_opts to local variables.
2129+ Remove unused variable new_conf.
2130+ + debian/slapd.script-common: Fix package reconfiguration.
2131+ - Fix backup directory naming for multiple reconfiguration.
2132+ + debian/slapd.default, debian/slapd.README.Debian:
2133+ use the new configuration style.
2134+ + Install nss overlay (LP: #675391):
2135+ - debian/rules: run install target for nssov module.
2136+ - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema
2137+ + debian/patches/gssapi.diff:
2138+ - Update patch so that likewise-open is usuable again. (LP: #661547)
2139+ + debian/patches/service-operational-before-detach: New patch replacing old one
2140+ of the same name as previous could cause database corruption based on upstream commits.
2141+ (LP: #727973)
2142+ + debian/patches/CVE-2011-4079: fix off by one error in postalAddressNormalize()
2143+ (CVE-2011-4079)
2144+
2145+
2146+ -- Chuck Short <zulcss@ubuntu.com> Mon, 23 Jan 2012 10:01:13 -0500
2147+
2148+openldap (2.4.28-1.1) unstable; urgency=low
2149+
2150+ * Non-maintainer upload.
2151+ * Disable the mdb backend on non-Linux, it looks like it doesn't work with
2152+ linuxthreads (closes: #654824).
2153+
2154+ -- Julien Cristau <jcristau@debian.org> Mon, 16 Jan 2012 19:45:42 +0100
2155+
2156 openldap (2.4.28-1) unstable; urgency=low
2157
2158 * New upstream release.
2159@@ -1100,6 +2976,72 @@ openldap (2.4.28-1) unstable; urgency=low
2160
2161 -- Steve Langasek <vorlon@debian.org> Thu, 05 Jan 2012 06:07:11 +0000
2162
2163+openldap (2.4.25-4ubuntu1) precise; urgency=low
2164+
2165+ * Merge from Debian testing. Remaining changes:
2166+ - Install a default DIT (LP: #442498).
2167+ - Document cn=config in README file (LP: #370784).
2168+ - remaining changes:
2169+ + AppArmor support:
2170+ - debian/apparmor-profile: add AppArmor profile
2171+ - use dh_apparmor:
2172+ - debian/rules: use dh_apparmor
2173+ - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
2174+ - updated debian/slapd.README.Debian for note on AppArmor
2175+ - debian/slapd.dirs: add etc/apparmor.d/force-complain
2176+ + Enable GSSAPI support (LP: #495418):
2177+ - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
2178+ - Add --with-gssapi support
2179+ - Make guess_service_principal() more robust when determining
2180+ principal
2181+ - debian/patches/series: apply gssapi.diff patch.
2182+ - debian/configure.options: Configure with --with-gssapi
2183+ - debian/control: Added libkrb5-dev as a build depend
2184+ + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
2185+ in the openldap library, as required by Likewise-Open (LP: #390579)
2186+ + Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
2187+ - debian/control:
2188+ - remove build-dependency on heimdal-dev.
2189+ - remove slapd-smbk5pwd binary package.
2190+ - debian/rules: don't build smbk5pwd slapd module.
2191+ + debian/{control,rules}: enable PIE hardening
2192+ + ufw support (LP: #423246):
2193+ - debian/control: suggest ufw.
2194+ - debian/rules: install ufw profile.
2195+ - debian/slapd.ufw.profile: add ufw profile.
2196+ + Enable nssoverlay:
2197+ - debian/patches/nssov-build, debian/series, debian/rules:
2198+ Apply, build and package the nss overlay.
2199+ - debian/schema/extra/misc.ldif: add ldif file for the misc schema
2200+ which defines rfc822MailMember (required by the nss overlay).
2201+ + debian/rules, debian/schema/extra/:
2202+ Fix configure rule to supports extra schemas shipped as part
2203+ of the debian/schema/ directory.
2204+ + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
2205+ + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
2206+ neither the default DIT nor via an Authn mapping.
2207+ + debian/slapd.scripts-common: adjust minimum version that triggers a
2208+ database upgrade. Upgrade from maverick shouldn't trigger database
2209+ upgrade (which would happen with the version used in Debian).
2210+ + debian/slapd.scripts-common: add slapcat_opts to local variables.
2211+ Remove unused variable new_conf.
2212+ + debian/slapd.script-common: Fix package reconfiguration.
2213+ - Fix backup directory naming for multiple reconfiguration.
2214+ + debian/slapd.default, debian/slapd.README.Debian:
2215+ use the new configuration style.
2216+ + Install nss overlay (LP: #675391):
2217+ - debian/rules: run install target for nssov module.
2218+ - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema
2219+ + debian/patches/gssapi.diff:
2220+ - Update patch so that likewise-open is usuable again. (LP: #661547)
2221+ + debian/patches/service-operational-before-detach: New patch replacing old one
2222+ of the same name as previous could cause database corruption based on upstream commits.
2223+ (LP: #727973)
2224+ + debian/patches/CVE-2011-4079: fix off by one error in postalAddressNormalize()
2225+ (CVE-2011-4079)
2226+
2227+ -- Chuck Short <zulcss@ubuntu.com> Tue, 22 Nov 2011 06:17:49 +0000
2228+
2229 openldap (2.4.25-4) unstable; urgency=low
2230
2231 * Drop explicit depends on libdb4.8, since we're now linking against
2232@@ -1133,6 +3075,85 @@ openldap (2.4.25-4) unstable; urgency=low
2233
2234 -- Steve Langasek <vorlon@debian.org> Tue, 18 Oct 2011 01:08:34 +0000
2235
2236+openldap (2.4.25-3ubuntu3) precise; urgency=low
2237+
2238+ * Rebuild for Perl 5.14.
2239+
2240+ -- Colin Watson <cjwatson@ubuntu.com> Tue, 15 Nov 2011 20:50:09 +0000
2241+
2242+openldap (2.4.25-3ubuntu2) precise; urgency=low
2243+
2244+ * SECURITY UPDATE: potential denial of service (LP: #884163)
2245+ - debian/patches/CVE-2011-4079: fix off by one error in
2246+ postalAddressNormalize()
2247+ - CVE-2011-4079
2248+
2249+ -- Jamie Strandboge <jamie@ubuntu.com> Mon, 14 Nov 2011 13:59:56 -0600
2250+
2251+openldap (2.4.25-3ubuntu1) precise; urgency=low
2252+
2253+ * Merge from debian unstable. Remaining changes:
2254+ - Install a default DIT (LP: #442498).
2255+ - Document cn=config in README file (LP: #370784).
2256+ - remaining changes:
2257+ + AppArmor support:
2258+ - debian/apparmor-profile: add AppArmor profile
2259+ - use dh_apparmor:
2260+ - debian/rules: use dh_apparmor
2261+ - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
2262+ - updated debian/slapd.README.Debian for note on AppArmor
2263+ - debian/slapd.dirs: add etc/apparmor.d/force-complain
2264+ + Enable GSSAPI support (LP: #495418):
2265+ - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
2266+ - Add --with-gssapi support
2267+ - Make guess_service_principal() more robust when determining
2268+ principal
2269+ - debian/patches/series: apply gssapi.diff patch.
2270+ - debian/configure.options: Configure with --with-gssapi
2271+ - debian/control: Added libkrb5-dev as a build depend
2272+ + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
2273+ in the openldap library, as required by Likewise-Open (LP: #390579)
2274+ + Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
2275+ - debian/control:
2276+ - remove build-dependency on heimdal-dev.
2277+ - remove slapd-smbk5pwd binary package.
2278+ - debian/rules: don't build smbk5pwd slapd module.
2279+ + debian/{control,rules}: enable PIE hardening
2280+ + ufw support (LP: #423246):
2281+ - debian/control: suggest ufw.
2282+ - debian/rules: install ufw profile.
2283+ - debian/slapd.ufw.profile: add ufw profile.
2284+ + Enable nssoverlay:
2285+ - debian/patches/nssov-build, debian/series, debian/rules:
2286+ Apply, build and package the nss overlay.
2287+ - debian/schema/extra/misc.ldif: add ldif file for the misc schema
2288+ which defines rfc822MailMember (required by the nss overlay).
2289+ + debian/rules, debian/schema/extra/:
2290+ Fix configure rule to supports extra schemas shipped as part
2291+ of the debian/schema/ directory.
2292+ + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
2293+ + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
2294+ neither the default DIT nor via an Authn mapping.
2295+ + debian/slapd.scripts-common: adjust minimum version that triggers a
2296+ database upgrade. Upgrade from maverick shouldn't trigger database
2297+ upgrade (which would happen with the version used in Debian).
2298+ + debian/slapd.scripts-common: add slapcat_opts to local variables.
2299+ Remove unused variable new_conf.
2300+ + debian/slapd.script-common: Fix package reconfiguration.
2301+ - Fix backup directory naming for multiple reconfiguration.
2302+ + debian/slapd.default, debian/slapd.README.Debian:
2303+ use the new configuration style.
2304+ + Install nss overlay (LP: #675391):
2305+ - debian/rules: run install target for nssov module.
2306+ - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema
2307+ + debian/patches/gssapi.diff:
2308+ - Update patch so that likewise-open is usuable again. (LP: #661547)
2309+ + debian/patches/service-operational-before-detach: New patch replacing old one
2310+ of the same name as previous could cause database corruption based on upstream commits.
2311+ (LP: #727973)
2312+
2313+ -- Chuck Short <zulcss@ubuntu.com> Wed, 19 Oct 2011 20:53:08 +0000
2314+
2315 openldap (2.4.25-3) unstable; urgency=low
2316
2317 * Brown paper bag: really fix the .links.in handling, so we don't generate
2318@@ -1155,6 +3176,92 @@ openldap (2.4.25-2) unstable; urgency=low
2319
2320 -- Steve Langasek <vorlon@debian.org> Sun, 14 Aug 2011 23:17:09 -0700
2321
2322+openldap (2.4.25-1.1ubuntu4) oneiric; urgency=low
2323+
2324+ * Brown paper bag: really fix the .links.in handling, so we don't generate
2325+ broken /usr/lib/${DEB_HOST_MULTIARCH} dirs.
2326+
2327+ -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 15 Aug 2011 09:43:29 +0000
2328+
2329+openldap (2.4.25-1.1ubuntu3) oneiric; urgency=low
2330+
2331+ * Cherry-pick multiarch support from Debian (LP: #826601):
2332+ - Bump to compat level 7, so we don't have to spell out debian/tmp in
2333+ every single .install file
2334+ - Build for multiarch.
2335+
2336+ -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 15 Aug 2011 02:23:43 -0700
2337+
2338+openldap (2.4.25-1.1ubuntu2) oneiric; urgency=low
2339+
2340+ * debian/apparmor-profile: Allow /var/run and /run. (LP: #810270)
2341+
2342+ -- Martin Pitt <martin.pitt@ubuntu.com> Thu, 14 Jul 2011 15:18:02 +0200
2343+
2344+openldap (2.4.25-1.1ubuntu1) oneiric; urgency=low
2345+
2346+ * Merge from debian unstable. Remaining changes:
2347+ - Install a default DIT (LP: #442498).
2348+ - Document cn=config in README file (LP: #370784).
2349+ - remaining changes:
2350+ + AppArmor support:
2351+ - debian/apparmor-profile: add AppArmor profile
2352+ - use dh_apparmor:
2353+ - debian/rules: use dh_apparmor
2354+ - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
2355+ - updated debian/slapd.README.Debian for note on AppArmor
2356+ - debian/slapd.dirs: add etc/apparmor.d/force-complain
2357+ + Enable GSSAPI support (LP: #495418):
2358+ - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
2359+ - Add --with-gssapi support
2360+ - Make guess_service_principal() more robust when determining
2361+ principal
2362+ - debian/patches/series: apply gssapi.diff patch.
2363+ - debian/configure.options: Configure with --with-gssapi
2364+ - debian/control: Added libkrb5-dev as a build depend
2365+ + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
2366+ in the openldap library, as required by Likewise-Open (LP: #390579)
2367+ + Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
2368+ - debian/control:
2369+ - remove build-dependency on heimdal-dev.
2370+ - remove slapd-smbk5pwd binary package.
2371+ - debian/rules: don't build smbk5pwd slapd module.
2372+ + debian/{control,rules}: enable PIE hardening
2373+ + ufw support (LP: #423246):
2374+ - debian/control: suggest ufw.
2375+ - debian/rules: install ufw profile.
2376+ - debian/slapd.ufw.profile: add ufw profile.
2377+ + Enable nssoverlay:
2378+ - debian/patches/nssov-build, debian/series, debian/rules:
2379+ Apply, build and package the nss overlay.
2380+ - debian/schema/extra/misc.ldif: add ldif file for the misc schema
2381+ which defines rfc822MailMember (required by the nss overlay).
2382+ + debian/rules, debian/schema/extra/:
2383+ Fix configure rule to supports extra schemas shipped as part
2384+ of the debian/schema/ directory.
2385+ + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
2386+ + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
2387+ neither the default DIT nor via an Authn mapping.
2388+ + debian/slapd.scripts-common: adjust minimum version that triggers a
2389+ database upgrade. Upgrade from maverick shouldn't trigger database
2390+ upgrade (which would happen with the version used in Debian).
2391+ + debian/slapd.scripts-common: add slapcat_opts to local variables.
2392+ Remove unused variable new_conf.
2393+ + debian/slapd.script-common: Fix package reconfiguration.
2394+ - Fix backup directory naming for multiple reconfiguration.
2395+ + debian/slapd.default, debian/slapd.README.Debian:
2396+ use the new configuration style.
2397+ + Install nss overlay (LP: #675391):
2398+ - debian/rules: run install target for nssov module.
2399+ - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema
2400+ + debian/patches/gssapi.diff:
2401+ - Update patch so that likewise-open is usuable again. (LP: #661547)
2402+ + debian/patches/service-operational-before-detach: New patch replacing old one
2403+ of the same name as previous could cause database corruption based on upstream commits.
2404+ (LP: #727973)
2405+
2406+ -- Chuck Short <zulcss@ubuntu.com> Sun, 05 Jun 2011 17:38:40 +0100
2407+
2408 openldap (2.4.25-1.1) unstable; urgency=low
2409
2410 * Non-maintainer upload to fix RC bug.
2411@@ -1162,6 +3269,75 @@ openldap (2.4.25-1.1) unstable; urgency=low
2412
2413 -- Thijs Kinkhorst <thijs@debian.org> Tue, 31 May 2011 11:57:29 +0200
2414
2415+openldap (2.4.25-1ubuntu1) oneiric; urgency=low
2416+
2417+ * Merge from debian unstable. Remaining changes:
2418+ - Install a default DIT (LP: #442498).
2419+ - Document cn=config in README file (LP: #370784).
2420+ - remaining changes:
2421+ + AppArmor support:
2422+ - debian/apparmor-profile: add AppArmor profile
2423+ - use dh_apparmor:
2424+ - debian/rules: use dh_apparmor
2425+ - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
2426+ - updated debian/slapd.README.Debian for note on AppArmor
2427+ - debian/slapd.dirs: add etc/apparmor.d/force-complain
2428+ + Enable GSSAPI support (LP: #495418):
2429+ - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
2430+ - Add --with-gssapi support
2431+ - Make guess_service_principal() more robust when determining
2432+ principal
2433+ - debian/patches/series: apply gssapi.diff patch.
2434+ - debian/configure.options: Configure with --with-gssapi
2435+ - debian/control: Added libkrb5-dev as a build depend
2436+ + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
2437+ in the openldap library, as required by Likewise-Open (LP: #390579)
2438+ + Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
2439+ - debian/control:
2440+ - remove build-dependency on heimdal-dev.
2441+ - remove slapd-smbk5pwd binary package.
2442+ - debian/rules: don't build smbk5pwd slapd module.
2443+ + debian/{control,rules}: enable PIE hardening
2444+ + ufw support (LP: #423246):
2445+ - debian/control: suggest ufw.
2446+ - debian/rules: install ufw profile.
2447+ - debian/slapd.ufw.profile: add ufw profile.
2448+ + Enable nssoverlay:
2449+ - debian/patches/nssov-build, debian/series, debian/rules:
2450+ Apply, build and package the nss overlay.
2451+ - debian/schema/extra/misc.ldif: add ldif file for the misc schema
2452+ which defines rfc822MailMember (required by the nss overlay).
2453+ + debian/rules, debian/schema/extra/:
2454+ Fix configure rule to supports extra schemas shipped as part
2455+ of the debian/schema/ directory.
2456+ + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
2457+ + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
2458+ neither the default DIT nor via an Authn mapping.
2459+ + debian/slapd.scripts-common: adjust minimum version that triggers a
2460+ database upgrade. Upgrade from maverick shouldn't trigger database
2461+ upgrade (which would happen with the version used in Debian).
2462+ + debian/slapd.scripts-common: add slapcat_opts to local variables.
2463+ Remove unused variable new_conf.
2464+ + debian/slapd.script-common: Fix package reconfiguration.
2465+ - Fix backup directory naming for multiple reconfiguration.
2466+ + debian/slapd.default, debian/slapd.README.Debian:
2467+ use the new configuration style.
2468+ + Install nss overlay (LP: #675391):
2469+ - debian/rules: run install target for nssov module.
2470+ - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema
2471+ + debian/patches/gssapi.diff:
2472+ - Update patch so that likewise-open is usuable again. (LP: #661547)
2473+ + debian/patches/service-operational-before-detach: New patch replacing old one
2474+ of the same name as previous could cause database corruption based on upstream commits.
2475+ (LP: #727973)
2476+ + Dropped:
2477+ - debian/patches/gold: Use the debian version instead
2478+ - debian/patches/CVE-2011-1024: Fixed upstream
2479+ - debian/patches/CVE-2011-1025: Fixed upstream
2480+ - debian/patches/CVE-2011-1081: Fixed upstream
2481+
2482+ -- Chuck Short <zulcss@ubuntu.com> Sun, 08 May 2011 16:34:09 +0100
2483+
2484 openldap (2.4.25-1) unstable; urgency=low
2485
2486 * New upstream version (Closes: #617606, #618904, #606815, #608813)
2487@@ -1193,6 +3369,116 @@ openldap (2.4.23-7) unstable; urgency=low
2488
2489 -- Matthijs Mohlmann <matthijs@cacholong.nl> Sat, 06 Nov 2010 12:13:01 +0100
2490
2491+openldap (2.4.23-6ubuntu7) oneiric; urgency=low
2492+
2493+ * Rebuild for Perl 5.12.
2494+
2495+ -- Colin Watson <cjwatson@ubuntu.com> Sun, 08 May 2011 13:40:28 +0100
2496+
2497+openldap (2.4.23-6ubuntu6) natty; urgency=low
2498+
2499+ * SECURITY UPDATE: fix successful anonymous bind via chain overlay when
2500+ using forwarded authentication failures
2501+ - debian/patches/CVE-2011-1024
2502+ - CVE-2011-1024
2503+ * SECURITY UPDATE: verify password when authenticating to rootdn and using ndb
2504+ backend. Note: Ubuntu is not compiled with --enable-ndb by default
2505+ - debian/patches/CVE-2011-1025
2506+ - CVE-2011-1025
2507+ * SECURITY UPDATE: fix DoS when processing unauthenticated modrdn requests
2508+ and requestDN is empty
2509+ - debian/patches/CVE-2011-1081
2510+ - CVE-2011-1081
2511+ - LP: #742104
2512+
2513+ -- Jamie Strandboge <jamie@ubuntu.com> Thu, 07 Apr 2011 11:36:53 -0500
2514+
2515+openldap (2.4.23-6ubuntu5) natty; urgency=low
2516+
2517+ * debian/patches/service-operational-before-detach: New patch replacing
2518+ old one of same name as previous could cause database corruption,
2519+ based on upstream commits. (LP: #727973)
2520+
2521+ -- Dave Walker (Daviey) <DaveWalker@ubuntu.com> Wed, 02 Mar 2011 20:33:08 +0000
2522+
2523+openldap (2.4.23-6ubuntu4) natty; urgency=low
2524+
2525+ * Fix FTBFS with ld.gold.
2526+
2527+ -- Matthias Klose <doko@ubuntu.com> Wed, 19 Jan 2011 07:39:49 +0100
2528+
2529+openldap (2.4.23-6ubuntu3) natty; urgency=low
2530+
2531+ * debian/patches/gssapi.diff:
2532+ Update patch so that likewise-open is usable again (LP: #661547)
2533+
2534+ -- Thierry Carrez (ttx) <thierry.carrez@ubuntu.com> Fri, 26 Nov 2010 15:50:11 +0100
2535+
2536+openldap (2.4.23-6ubuntu2) natty; urgency=low
2537+
2538+ * Install nss overlay (LP: #675391):
2539+ - debian/rules: run install target for nssov module.
2540+ - debian/patches/nssov-build: fix patch to install schema in
2541+ /etc/ldap/schema.
2542+
2543+ -- Mathias Gug <mathiaz@ubuntu.com> Wed, 17 Nov 2010 18:16:42 -0500
2544+
2545+openldap (2.4.23-6ubuntu1) natty; urgency=low
2546+
2547+ * Merge from Debian unstable:
2548+ - Install a default DIT (LP: #442498).
2549+ - Document cn=config in README file (LP: #370784).
2550+ - remaining changes:
2551+ + AppArmor support:
2552+ - debian/apparmor-profile: add AppArmor profile
2553+ - use dh_apparmor:
2554+ - debian/rules: use dh_apparmor
2555+ - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
2556+ - updated debian/slapd.README.Debian for note on AppArmor
2557+ - debian/slapd.dirs: add etc/apparmor.d/force-complain
2558+ + Enable GSSAPI support (LP: #495418):
2559+ - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
2560+ - Add --with-gssapi support
2561+ - Make guess_service_principal() more robust when determining
2562+ principal
2563+ - debian/patches/series: apply gssapi.diff patch.
2564+ - debian/configure.options: Configure with --with-gssapi
2565+ - debian/control: Added libkrb5-dev as a build depend
2566+ + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
2567+ in the openldap library, as required by Likewise-Open (LP: #390579)
2568+ + Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
2569+ - debian/control:
2570+ - remove build-dependency on heimdal-dev.
2571+ - remove slapd-smbk5pwd binary package.
2572+ - debian/rules: don't build smbk5pwd slapd module.
2573+ + debian/{control,rules}: enable PIE hardening
2574+ + ufw support (LP: #423246):
2575+ - debian/control: suggest ufw.
2576+ - debian/rules: install ufw profile.
2577+ - debian/slapd.ufw.profile: add ufw profile.
2578+ + Enable nssoverlay:
2579+ - debian/patches/nssov-build, debian/series, debian/rules:
2580+ Apply, build and package the nss overlay.
2581+ - debian/schema/extra/misc.ldif: add ldif file for the misc schema
2582+ which defines rfc822MailMember (required by the nss overlay).
2583+ + debian/rules, debian/schema/extra/:
2584+ Fix configure rule to supports extra schemas shipped as part
2585+ of the debian/schema/ directory.
2586+ + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
2587+ + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
2588+ neither the default DIT nor via an Authn mapping.
2589+ + debian/slapd.scripts-common: adjust minimum version that triggers a
2590+ database upgrade. Upgrade from maverick shouldn't trigger database
2591+ upgrade (which would happen with the version used in Debian).
2592+ + debian/slapd.scripts-common: add slapcat_opts to local variables.
2593+ Remove unused variable new_conf.
2594+ + debian/slapd.script-common: Fix package reconfiguration.
2595+ - Fix backup directory naming for multiple reconfiguration.
2596+ + debian/slapd.default, debian/slapd.README.Debian:
2597+ use the new configuration style.
2598+
2599+ -- Mathias Gug <mathiaz@ubuntu.com> Fri, 12 Nov 2010 15:19:07 -0500
2600+
2601 openldap (2.4.23-6) unstable; urgency=high
2602
2603 * Check for an empty directory to prevent an rm -f /*. (Closes: #597704)
2604@@ -1315,6 +3601,80 @@ openldap (2.4.23-1) unstable; urgency=low
2605
2606 -- Matthijs Mohlmann <matthijs@cacholong.nl> Mon, 12 Jul 2010 13:25:00 +0200
2607
2608+openldap (2.4.23-0ubuntu4) natty; urgency=low
2609+
2610+ * debian/slapd.templates: amended typo in slapd/move_old_database
2611+ (LP: #666028)
2612+
2613+ -- James Page <james.page@canonical.com> Mon, 08 Nov 2010 10:00:58 +0000
2614+
2615+openldap (2.4.23-0ubuntu3.2) maverick-proposed; urgency=low
2616+
2617+ * debian/slapd.templates: re-add slapd/move_old_database template as it's
2618+ used during the package upgrade. Thanks to James Page for pointing it.
2619+ * debian/slapd.config: restore debconf question slapd/move_old_database.
2620+
2621+ -- Mathias Gug <mathiaz@ubuntu.com> Thu, 14 Oct 2010 16:56:38 -0400
2622+
2623+openldap (2.4.23-0ubuntu3.1) maverick-proposed; urgency=low
2624+
2625+ [ James Page ]
2626+ * Fixed install/upgrade process to dump/restore databases due
2627+ to uplift to libdb4.8-dev (LP: #658227)
2628+
2629+ -- Mathias Gug <mathiaz@ubuntu.com> Thu, 14 Oct 2010 14:50:49 -0400
2630+
2631+openldap (2.4.23-0ubuntu3) maverick; urgency=low
2632+
2633+ * debian/rules: move dh_apparmor before dh_installinit
2634+
2635+ -- Jamie Strandboge <jamie@ubuntu.com> Fri, 06 Aug 2010 17:34:21 -0500
2636+
2637+openldap (2.4.23-0ubuntu2) maverick; urgency=low
2638+
2639+ * convert to using dh_apparmor:
2640+ - debian/rules, debian/slapd.post{inst,rm}: use dh_apparmor
2641+ - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
2642+ * debian/apparmor-profile: use local include
2643+
2644+ -- Jamie Strandboge <jamie@ubuntu.com> Fri, 06 Aug 2010 15:08:55 -0500
2645+
2646+openldap (2.4.23-0ubuntu1) maverick; urgency=low
2647+
2648+ * New release, features include:
2649+ + Fixed libldap to return server's error code (ITS#6569)
2650+ + Fixed libldap memleaks (ITS#6568)
2651+ + Fixed liblutil off-by-one with delta (ITS#6541)
2652+ + Fixed slapd acls with glued databases (ITS#6468)
2653+ + Fixed slapd syncrepl rid logging (ITS#6533)
2654+ + Fixed slapd modrdn handling of invalid values (ITS#6570)
2655+ + Fixed slapd-bdb hasSubordinates computation (ITS#6549)
2656+ + Fixed slapd-bdb to use memcpy instead for strcpy (ITS#6474)
2657+ + Fixed slapd-bdb entry cache delete failure (ITS#6577)
2658+ + Fixed slapd-ldap to return control responses (ITS#6530)
2659+ + Fixed slapo-ppolicy to use Debug (ITS#6566)
2660+ + Fixed slapo-refint to zero out freed DN vals (ITS#6572)
2661+ + Fixed slapo-rwm to use Debug (ITS#6566)
2662+ + Fixed slapo-sssvlv to use Debug (ITS#6566)
2663+ + Fixed slapo-syncprov lost deletes in refresh phase (ITS#6555)
2664+ + Fixed slapo-valsort to use Debug (ITS#6566)
2665+ + Fixed contrib/nssov network.c missing patch (ITS#6562)
2666+ + Fixed test043 attribute sorting (ITS#6553)
2667+ + slapd-config(5) note default rootdn (ITS#6546)
2668+ * Rebased patches debian/patches/dropped nssov-build
2669+ * Resynchronize with Debian:
2670+ + debian/control:
2671+ - Bump standards-version to 3.9.0
2672+ - Use libdb4.8-dev (LP: #572489)
2673+ + Added debian/patches/issue-6534-patch
2674+ + Added debian/patches/ldap-conf-tls-cacertdir
2675+ * Add ufw support, thanks to PatRiehecky (LP: #423246)
2676+
2677+ [Adam Sommer]
2678+ * debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
2679+
2680+ -- Chuck Short <zulcss@ubuntu.com> Wed, 28 Jul 2010 11:35:16 -0400
2681+
2682 openldap (2.4.21-1) unstable; urgency=low
2683
2684 [ Steve Langasek ]
2685@@ -1346,6 +3706,79 @@ openldap (2.4.21-1) unstable; urgency=low
2686
2687 -- Matthijs Mohlmann <matthijs@cacholong.nl> Thu, 22 Apr 2010 23:40:30 +0200
2688
2689+openldap (2.4.21-0ubuntu5) lucid; urgency=low
2690+
2691+ * Fix local root connection access: replace olcAuthzRegexp mapping to
2692+ cn=localroot,cn=config with using the SASL dn directly in olcAccess.
2693+ Makes upgrades much simpler and robust (LP: #563829).
2694+
2695+ -- Mathias Gug <mathiaz@ubuntu.com> Fri, 23 Apr 2010 00:23:31 -0400
2696+
2697+openldap (2.4.21-0ubuntu4) lucid; urgency=low
2698+
2699+ [ Simon Olofsson ]
2700+ * debian/slapd.postinst:
2701+ - Show a message after successful migration (LP: #538848)
2702+
2703+ [ Jorgen Rosink ]
2704+ * debian/slapd.init: add simple status checking with LSB compatible exit
2705+ codes (LP: #562377)
2706+ * debian/slapd.init.ldif:
2707+ - remove admin user in default config database (LP: #556176)
2708+ - in default config, add olcAccess entries giving access to controls
2709+ available and cn=subschema (LP: #427842)
2710+
2711+ [ Scott Moser ]
2712+ * debian/slapd.scripts-common: Do not create /nonexistent directory
2713+ for openldap user's home (LP: #556176)
2714+ * debian/slapd.postinst: fix cn=config olcAccess migration (LP: #559070)
2715+
2716+ -- Scott Moser <smoser@ubuntu.com> Mon, 12 Apr 2010 16:16:47 -0400
2717+
2718+openldap (2.4.21-0ubuntu3) lucid; urgency=low
2719+
2720+ * debian/slapd.postinst, debian/slapd.scripts-common: Upgrade databases
2721+ before trying to convert to slapd.d, to avoid upgrade failure from hardy
2722+ (LP: #536958)
2723+ * debian/slapd.postinst: Add a {1} numeric index to olcAccess entry in
2724+ olcDatabase={0}config.ldif to avoid upgrade failures (LP: #538516, #526230)
2725+
2726+ -- Thierry Carrez <thierry.carrez@ubuntu.com> Mon, 29 Mar 2010 13:31:47 +0200
2727+
2728+openldap (2.4.21-0ubuntu2) lucid; urgency=low
2729+
2730+ * debian/apparmor-profile: Update apparmor profile. (LP: #508190)
2731+
2732+ -- Chuck Short <zulcss@ubuntu.com> Tue, 09 Mar 2010 13:33:35 -0500
2733+
2734+openldap (2.4.21-0ubuntu1) lucid; urgency=low
2735+
2736+ * New upstream release.
2737+ * debian/rules, debian/schema/extra/:
2738+ Fix get-orig-source rule to supports extra schemas shipped as part of the
2739+ debian/schema/ directory.
2740+
2741+ -- Mathias Gug <mathiaz@ubuntu.com> Thu, 18 Feb 2010 00:58:13 -0500
2742+
2743+openldap (2.4.18-0ubuntu2) lucid; urgency=low
2744+
2745+ * debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
2746+ - Add --with-gssapi support
2747+ - Make guess_service_principal() more robust when determining principal
2748+ * Enable GSSAPI support (LP: #495418):
2749+ - debian/configure.options: Configure with --with-gssapi
2750+ - debian/control: Added libkrb5-dev as a build depend
2751+
2752+ -- Thierry Carrez <thierry.carrez@ubuntu.com> Fri, 11 Dec 2009 11:31:11 +0100
2753+
2754+openldap (2.4.18-0ubuntu1) karmic; urgency=low
2755+
2756+ * New upstream release: (LP: #419515):
2757+ + pcache overlay supports disconnected mode.
2758+ * Fix nss overlay load (LP: #417163).
2759+
2760+ -- Mathias Gug <mathiaz@ubuntu.com> Mon, 07 Sep 2009 13:41:10 -0400
2761+
2762 openldap (2.4.17-2.1) unstable; urgency=high
2763
2764 * Non-maintainer upload by the Security Team.
2765@@ -1372,6 +3805,108 @@ openldap (2.4.17-2) unstable; urgency=low
2766
2767 -- Steve Langasek <vorlon@debian.org> Tue, 22 Sep 2009 20:06:34 -0700
2768
2769+openldap (2.4.17-1ubuntu3) karmic; urgency=low
2770+
2771+ * Install a minimal slapd configuration instead of creating a default
2772+ database with a default DIT:
2773+ + Move openldap user home from /var/lib/ldap to /nonexistent.
2774+ + Remove all code and templates dealing with the default database and DIT
2775+ creation.
2776+ + Add an Authz map from root user (UID=0) to cn=localroot,cn=config and
2777+ grant all access to the latter in the cn=config database as well as the
2778+ default backend configuration.
2779+ * Add cn=localroot,cn=config authz mapping on upgrades.
2780+
2781+ -- Mathias Gug <mathiaz@ubuntu.com> Tue, 11 Aug 2009 14:48:56 -0400
2782+
2783+openldap (2.4.17-1ubuntu2) karmic; urgency=low
2784+
2785+ [ Thierry Carrez ]
2786+ * debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
2787+ in the openldap library, as required by Likewise-Open (LP: #390579)
2788+
2789+ [ Mathias Gug ]
2790+ * debian/patches/its6077-uniqueness-overlay: fixes some issues with the
2791+ uniqueness overlay.
2792+ * debian/patches/its6220-writetimeout-directive: fixes a problem with the
2793+ writetimeout directive being in effect even if it wasn't set,
2794+ closing connections incorrectly.
2795+ * debian/patches/its6222-dncachesize-parameter: fixes the behavior of the
2796+ dncachesize parameter that was added in RE24, so that if it is set to
2797+ "0" (now the default), it has an unlimited DN cache (RE23 always
2798+ had an unlimited DN cache).
2799+
2800+ -- Mathias Gug <mathiaz@ubuntu.com> Fri, 31 Jul 2009 13:43:46 -0400
2801+
2802+openldap (2.4.17-1ubuntu1) karmic; urgency=low
2803+
2804+ [ Steve Langasek ]
2805+ * Fix up the lintian warnings:
2806+ - add missing misc-depends on all packages
2807+ - slapd, libldap-2.4-2-dbg sections changed to 'debug' to match archive
2808+ overrides
2809+ - bump Standards-Version to 3.8.2, no changes required.
2810+
2811+ [ Mathias Gug ]
2812+ * Resynchronise with Debian. Remaining changes:
2813+ - AppArmor support:
2814+ - debian/apparmor-profile: add AppArmor profile
2815+ - updated debian/slapd.README.Debian for note on AppArmor
2816+ - debian/slapd.dirs: add etc/apparmor.d/force-complain
2817+ - debian/slapd.postrm: remove symlink in force-complain/ on purge
2818+ - debian/rules: install apparmor profile.
2819+ - Don't use local statement in config script as it fails if /bin/sh
2820+ points to bash.
2821+ - debian/slapd.postinst, debian/slapd.script-common: set correct
2822+ ownership and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group
2823+ readable) and /var/run/slapd (world readable).
2824+ - Enable nssoverlay:
2825+ - debian/patches/nssov-build, debian/rules: Build and package the nss
2826+ overlay.
2827+ - debian/schema/misc.ldif: add ldif file for the misc schema which
2828+ defines rfc822MailMember (required by the nss overlay).
2829+ - debian/{control,rules}: enable PIE hardening
2830+ - Use cn=config as the default configuration backend instead of
2831+ slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade
2832+ asking the end user to enter a new password to control the access to
2833+ the cn=config tree.
2834+ - debian/slapd.postinst: create /var/run/slapd before updating its
2835+ permissions.
2836+ - debian/slapd.init: Correctly set slapd config backend option even if
2837+ the pidfile is configured in slapd default file.
2838+ * Dropped:
2839+ - Merged in Debian:
2840+ - Update priority of libldap-2.4-2 to match the archive override.
2841+ - Add the missing ldapexop and ldapurl tools to ldap-utils, as well as
2842+ the ldapurl(1) manpage.
2843+ - Bump build-dependency on debhelper to 6 instead of 5, since that's
2844+ what we're using.
2845+ - Set the default SLAPD_SERVICES to ldap:/// ldapi:///, instead of using
2846+ the built-in default of ldap:/// only.
2847+ - Fixed in upstream release:
2848+ - debian/patches/fix-ldap_back_entry_get_rwa.patch: fix test-0034
2849+ failure when built with PIE.
2850+ - debian/patches/gnutls-enable-v1-ca-certs: Enable V1 CA certs to be
2851+ trusted.
2852+ - Update Apparmor profile support: don't support upgrade from pre-hardy
2853+ systems:
2854+ - debian/slapd.postinst: Reload AA profile on configuration
2855+ - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
2856+ - debian/control: Conflicts with apparmor-profiles <<
2857+ 2.1+1075-0ubuntu4 to make sure that if earlier version of
2858+ apparmor-profiles gets installed it won't overwrite our profile.
2859+ - follow ApparmorProfileMigration and force apparmor complain mode on
2860+ some upgrades
2861+ - debian/slapd.preinst: create symlink for force-complain on
2862+ pre-feisty upgrades, upgrades where apparmor-profiles profile is
2863+ unchanged (ie non-enforcing) and upgrades where apparmor profile
2864+ does not exist.
2865+ - debian/patches/autogen.sh: no longer needed with karmic libtool.
2866+ - Call libtoolize with the --install option to install
2867+ config.{guess,sub} files.
2868+
2869+ -- Mathias Gug <mathiaz@ubuntu.com> Thu, 30 Jul 2009 16:42:58 -0400
2870+
2871 openldap (2.4.17-1) unstable; urgency=low
2872
2873 * New upstream version.
2874@@ -1394,6 +3929,153 @@ openldap (2.4.17-1) unstable; urgency=low
2875
2876 -- Steve Langasek <vorlon@debian.org> Tue, 28 Jul 2009 10:17:15 -0700
2877
2878+openldap (2.4.15-1.1ubuntu1) karmic; urgency=low
2879+
2880+ * Resynchronise with Debian. Remaining changes:
2881+ - AppArmor support:
2882+ - debian/apparmor-profile: add AppArmor profile
2883+ - debian/slapd.postinst: Reload AA profile on configuration
2884+ - updated debian/slapd.README.Debian for note on AppArmor
2885+ - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
2886+ - debian/control: Conflicts with apparmor-profiles <<
2887+ 2.1+1075-0ubuntu4 to make sure that if earlier version of
2888+ apparmor-profiles gets installed it won't overwrite our profile.
2889+ - follow ApparmorProfileMigration and force apparmor complain mode on
2890+ some upgrades
2891+ - debian/slapd.dirs: add etc/apparmor.d/force-complain
2892+ - debian/slapd.preinst: create symlink for force-complain on
2893+ pre-feisty upgrades, upgrades where apparmor-profiles profile is
2894+ unchanged (ie non-enforcing) and upgrades where apparmor profile
2895+ does not exist.
2896+ - debian/slapd.postrm: remove symlink in force-complain/ on purge
2897+ - debian/patches/autogen.sh:
2898+ - Call libtoolize with the --install option to install
2899+ config.{guess,sub} files.
2900+ - Don't use local statement in config script as it fails if /bin/sh
2901+ points to bash.
2902+ - debian/slapd.postinst, debian/slapd.script-common: set correct
2903+ ownership and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group
2904+ readable) and /var/run/slapd (world readable).
2905+ - Enable nssoverlay:
2906+ - debian/patches/nssov-build, debian/rules: Build and package the nss
2907+ overlay.
2908+ - debian/schema/misc.ldif: add ldif file for the misc schema which
2909+ defines rfc822MailMember (required by the nss overlay).
2910+ - debian/{control,rules}: enable PIE hardening
2911+ - Use cn=config as the default configuration backend instead of
2912+ slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade
2913+ asking the end user to enter a new password to control the access to
2914+ the cn=config tree.
2915+ - Update priority of libldap-2.4-2 to match the archive override.
2916+ - Add the missing ldapexop and ldapurl tools to ldap-utils, as well as
2917+ the ldapurl(1) manpage.
2918+ - Bump build-dependency on debhelper to 6 instead of 5, since that's
2919+ what we're using.
2920+ - Set the default SLAPD_SERVICES to ldap:/// ldapi:///, instead of using
2921+ the built-in default of ldap:/// only.
2922+ - debian/patches/fix-ldap_back_entry_get_rwa.patch: fix test-0034
2923+ failure when built with PIE.
2924+ - debian/patches/gnutls-enable-v1-ca-certs: Enable V1 CA certs to be
2925+ trusted.
2926+ - debian/slapd.postinst: create /var/run/slapd before updating its
2927+ permissions.
2928+ - debian/slapd.init: Correctly set slapd config backend option even if
2929+ the pidfile is configured in slapd default file.
2930+ * Drop patch to avoid the test suite on hppa, as hppa is EOL.
2931+
2932+ -- Colin Watson <cjwatson@ubuntu.com> Wed, 24 Jun 2009 10:45:20 +0100
2933+
2934+openldap (2.4.15-1.1) unstable; urgency=low
2935+
2936+ * Non-maintainer upload.
2937+ * Change libltdl3-dev Build-Depends to libltdl-dev | libltdl3-dev
2938+ (Closes: #522965)
2939+
2940+ -- Kurt Roeckx <kurt@roeckx.be> Sun, 19 Apr 2009 18:24:32 +0200
2941+
2942+openldap (2.4.15-1ubuntu3) jaunty; urgency=low
2943+
2944+ * No-change rebuild to fix lpia shared library dependencies.
2945+
2946+ -- Colin Watson <cjwatson@ubuntu.com> Thu, 19 Mar 2009 09:52:40 +0000
2947+
2948+openldap (2.4.15-1ubuntu2) jaunty; urgency=low
2949+
2950+ * debian/slapd.postinst: create /var/run/slapd before updating its
2951+ permissions (LP: #298928).
2952+ * debian/slapd.init: Correclty set slapd config backend option even if the
2953+ pidfile is configured in slapd default file (LP: #292364).
2954+ * debian/apparmor-profile: support multiple databases to be stored under
2955+ /var/lib/ldap/. (LP: #286614).
2956+
2957+ -- Mathias Gug <mathiaz@ubuntu.com> Fri, 13 Mar 2009 13:56:12 -0400
2958+
2959+openldap (2.4.15-1ubuntu1) jaunty; urgency=low
2960+
2961+ [ Steve Langasek ]
2962+ * Update priority of libldap-2.4-2 to match the archive override.
2963+ * Add the missing ldapexop and ldapurl tools to ldap-utils, as well as the
2964+ ldapurl(1) manpage. Thanks to Peter Marschall for the patch.
2965+ Closes: #496749.
2966+ * Bump build-dependency on debhelper to 6 instead of 5, since that's
2967+ what we're using. Closes: #498116.
2968+ * Set the default SLAPD_SERVICES to ldap:/// ldapi:///, instead of using
2969+ the built-in default of ldap:/// only.
2970+
2971+ [ Mathias Gug ]
2972+ * Merge from debian unstable, remaining changes:
2973+ - Modify Maintainer value to match the DebianMaintainerField
2974+ speficication.
2975+ - AppArmor support:
2976+ - debian/apparmor-profile: add AppArmor profile
2977+ - debian/slapd.postinst: Reload AA profile on configuration
2978+ - updated debian/slapd.README.Debian for note on AppArmor
2979+ - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
2980+ - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
2981+ to make sure that if earlier version of apparmour-profiles gets
2982+ installed it won't overwrite our profile.
2983+ - follow ApparmorProfileMigration and force apparmor compalin mode on
2984+ some upgrades (LP: #203529)
2985+ - debian/slapd.dirs: add etc/apparmor.d/force-complain
2986+ - debian/slapd.preinst: create symlink for force-complain on pre-feisty
2987+ upgrades, upgrades where apparmor-profiles profile is unchanged (ie
2988+ non-enforcing) and upgrades where apparmor profile does not exist.
2989+ - debian/slapd.postrm: remove symlink in force-complain/ on purge
2990+ - debian/control:
2991+ - Build-depend on libltdl7-dev rather then libltdl3-dev.
2992+ - debian/patches/autogen.sh:
2993+ - Call libtoolize with the --install option to install config.{guess,sub}
2994+ files.
2995+ - Don't use local statement in config script as it fails if /bin/sh
2996+ points to bash (LP: #286063).
2997+ - Disable the testsuite on hppa. Allows building of packages on this
2998+ architecture again, once this package is in the archive.
2999+ LP: #288908.
3000+ - debian/slapd.postinst, debian/slapd.script-common: set correct ownership
3001+ and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group readable) and
3002+ /var/run/slapd (world readable). (LP: #257667).
3003+ - Enable nssoverlay:
3004+ - debian/patches/nssov-build, debian/rules: Build and package
3005+ the nss overlay.
3006+ - debian/schema/misc.ldif: add ldif file for the misc schema
3007+ which defines rfc822MailMember (required by the nss overlay).
3008+ - debian/{control,rules}: enable PIE hardening
3009+ - Use cn=config as the default configuration backend instead of
3010+ slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade
3011+ asking the end user to enter a new password to control the access to the
3012+ cn=config tree.
3013+ * Dropped:
3014+ - debian/patches/corrupt-contextCSN: The contextCSN can get corrupted at
3015+ times. (ITS: #5947) Fixed in new upstream version 2.4.15.
3016+ - debian/patches/fix-ucred-libc due to changes how newer glibc handle
3017+ the ucred struct now. Implemented in Debian.
3018+ * debian/patches/fix-ldap_back_entry_get_rwa.patch: fix test-0034 failure
3019+ when built with PIE.
3020+ * debian/patches/gnutls-enable-v1-ca-certs: Enable V1 CA certs to be
3021+ trusted (LP: #305264).
3022+
3023+ -- Mathias Gug <mathiaz@ubuntu.com> Fri, 06 Mar 2009 17:34:21 -0500
3024+
3025 openldap (2.4.15-1) unstable; urgency=low
3026
3027 * New upstream version
3028@@ -1411,6 +4093,69 @@ openldap (2.4.15-1) unstable; urgency=low
3029
3030 -- Steve Langasek <vorlon@debian.org> Tue, 24 Feb 2009 14:27:35 -0800
3031
3032+openldap (2.4.14-0ubuntu1) jaunty; urgency=low
3033+
3034+ [ Steve Langasek ]
3035+ * New upstream version
3036+ - Fixes a bug with the pcache overlay not returning cached entries
3037+ (closes: #497697)
3038+ - Update evolution-ntlm patch to apply to current Makefiles.
3039+ - (tentatively) drop gnutls-ciphers, since this bug was reported to be
3040+ fixed upstream in 2.4.8. The fix applied in 2.4.8 didn't match the
3041+ patch from the bug report, so this should be watched for regressions.
3042+ * Build against db4.7 instead of db4.2 at last! Closes: #421946.
3043+ * Build with --disable-ndb, to avoid a misbuild when libmysqlclient is
3044+ installed in the build environment.
3045+ * New patch, no-crlcheck-for-gnutls, to fix a build failure when using
3046+ --with-tls=gnutls.
3047+
3048+ [ Mathias Gug ]
3049+ * Merge from debian unstable, remaining changes:
3050+ - debian/apparmor-profile: add AppArmor profile
3051+ - debian/slapd.postinst: Reload AA profile on configuration
3052+ - updated debian/slapd.README.Debian for note on AppArmor
3053+ - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
3054+ - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
3055+ to make sure that if earlier version of apparmour-profiles gets
3056+ installed it won't overwrite our profile.
3057+ - Modify Maintainer value to match the DebianMaintainerField
3058+ speficication.
3059+ - follow ApparmorProfileMigration and force apparmor compalin mode on
3060+ some upgrades (LP: #203529)
3061+ - debian/slapd.dirs: add etc/apparmor.d/force-complain
3062+ - debian/slapd.preinst: create symlink for force-complain on pre-feisty
3063+ upgrades, upgrades where apparmor-profiles profile is unchanged (ie
3064+ non-enforcing) and upgrades where apparmor profile does not exist.
3065+ - debian/slapd.postrm: remove symlink in force-complain/ on purge
3066+ - debian/patches/fix-ucred-libc due to changes how newer glibc handle
3067+ the ucred struct now.
3068+ - debian/control:
3069+ - Build-depend on libltdl7-dev rather then libltdl3-dev.
3070+ - debian/patches/autogen.sh:
3071+ - Call libtoolize with the --install option to install config.{guess,sub}
3072+ files.
3073+ - Don't use local statement in config script as it fails if /bin/sh
3074+ points to bash (LP: #286063).
3075+ - Disable the testsuite on hppa. Allows building of packages on this
3076+ architecture again, once this package is in the archive.
3077+ LP: #288908.
3078+ - debian/slapd.postinst, debian/slapd.script-common: set correct ownership
3079+ and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group readable) and
3080+ /var/run/slapd (world readable). (LP: #257667).
3081+ - debian/patches/nssov-build, debian/rules:
3082+ Build and package the nss overlay.
3083+ debian/schema/misc.ldif: add ldif file for the misc schema, which defines
3084+ rfc822MailMember (required by the nss overlay).
3085+ - debian/{control,rules}: enable PIE hardening
3086+ - Use cn=config as the default configuration backend instead of
3087+ slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade
3088+ asking the end user to enter a new password to control the access to the
3089+ cn=config tree.
3090+ * debian/patches/corrupt-contextCSN: The contextCSN can get corrupted at
3091+ times. (ITS: #5947)
3092+
3093+ -- Mathias Gug <mathiaz@ubuntu.com> Wed, 18 Feb 2009 18:44:00 -0500
3094+
3095 openldap (2.4.11-1) unstable; urgency=low
3096
3097 * New upstream version (closes: #499560).
3098@@ -1433,6 +4178,110 @@ openldap (2.4.11-1) unstable; urgency=low
3099
3100 -- Steve Langasek <vorlon@debian.org> Sat, 11 Oct 2008 01:53:55 -0700
3101
3102+openldap (2.4.11-0ubuntu7) jaunty; urgency=low
3103+
3104+ * Don't use local statement in config script as it fails if /bin/sh
3105+ points to bash (LP: #286063).
3106+
3107+ -- Mathias Gug <mathiaz@ubuntu.com> Tue, 04 Nov 2008 20:03:46 -0500
3108+
3109+openldap (2.4.11-0ubuntu6) intrepid; urgency=low
3110+
3111+ * Disable the testsuite on hppa. Allows building of packages on this
3112+ architecture again, once this package is in the archive.
3113+ LP: #288908.
3114+
3115+ -- Matthias Klose <doko@ubuntu.com> Fri, 24 Oct 2008 23:22:33 +0200
3116+
3117+openldap (2.4.11-0ubuntu5) intrepid; urgency=low
3118+
3119+ * Don't set admin passwords in ldif files if adminpw is empty.
3120+ (LP: #273988 - LP: #276606).
3121+
3122+ -- Mathias Gug <mathiaz@ubuntu.com> Mon, 13 Oct 2008 19:31:15 -0400
3123+
3124+openldap (2.4.11-0ubuntu4) intrepid; urgency=low
3125+
3126+ * debian/slapd.postinst, debian/slapd.script-common: set correct ownership
3127+ and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group readable) and
3128+ /var/run/slapd (world readable). (LP: #257667).
3129+ * debian/slapd.script-common:
3130+ - Fix package reconfiguration:
3131+ + Remove slapd.d/ directory if it already exists when creating a new
3132+ configuration.
3133+ + Fix backup directory naming for multiple reconfiguration.
3134+
3135+ -- Mathias Gug <mathiaz@ubuntu.com> Wed, 24 Sep 2008 21:01:42 -0400
3136+
3137+openldap (2.4.11-0ubuntu3) intrepid; urgency=low
3138+
3139+ * debian/patches/nssov-build, debian/rules:
3140+ Build and package the nss overlay.
3141+ * debian/schema/misc.ldif: add ldif file for the misc schema, which defines
3142+ rfc822MailMember (required by the nss overlay).
3143+
3144+ -- Mathias Gug <mathiaz@ubuntu.com> Tue, 26 Aug 2008 18:42:54 -0400
3145+
3146+openldap (2.4.11-0ubuntu2) intrepid; urgency=low
3147+
3148+ * debian/{control,rules}: enable PIE hardening
3149+
3150+ -- Kees Cook <kees@ubuntu.com> Wed, 20 Aug 2008 15:47:01 -0700
3151+
3152+openldap (2.4.11-0ubuntu1) intrepid; urgency=low
3153+
3154+ * New upstream version:
3155+ - Mainly bug fixes.
3156+ - New nss slapd overlay (not compiled by default).
3157+ * Use cn=config as the default configuration backend instead of
3158+ slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade
3159+ asking the end user to enter a new password to control the access to the
3160+ cn=config tree.
3161+
3162+ -- Mathias Gug <mathiaz@ubuntu.com> Mon, 11 Aug 2008 20:26:05 -0400
3163+
3164+openldap (2.4.10-3ubuntu1) intrepid; urgency=low
3165+
3166+ [ Mathias Gug ]
3167+ * Merge from debian unstable, remaining changes:
3168+ - debian/apparmor-profile: add AppArmor profile
3169+ - debian/slapd.postinst: Reload AA profile on configuration
3170+ - updated debian/slapd.README.Debian for note on AppArmor
3171+ - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
3172+ - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
3173+ to make sure that if earlier version of apparmour-profiles gets
3174+ installed it won't overwrite our profile.
3175+ - Modify Maintainer value to match the DebianMaintainerField
3176+ speficication.
3177+ - follow ApparmorProfileMigration and force apparmor compalin mode on
3178+ some upgrades (LP: #203529)
3179+ - debian/slapd.dirs: add etc/apparmor.d/force-complain
3180+ - debian/slapd.preinst: create symlink for force-complain on pre-feisty
3181+ upgrades, upgrades where apparmor-profiles profile is unchanged (ie
3182+ non-enforcing) and upgrades where apparmor profile does not exist.
3183+ - debian/slapd.postrm: remove symlink in force-complain/ on purge
3184+ - debian/patches/fix-ucred-libc due to changes how newer glibc handle
3185+ the ucred struct now.
3186+ - debian/patches/fix-unique-overlay-assertion.patch:
3187+ Fix another assertion error in unique overlay (LP: #243337).
3188+ Backport from head.
3189+ * Dropped - implemented in Debian:
3190+ - debian/patches/fix-gnutls-key-strength.patch:
3191+ Fix slapd handling of ssf using gnutls. (LP: #244925).
3192+ - debian/control:
3193+ Add time as build dependency: needed by make test.
3194+ * debian/control:
3195+ - Build-depend on libltdl7-dev rather then libltdl3-dev.
3196+ * debian/patches/autogen.sh:
3197+ - Call libtoolize with the --install option to install config.{guess,sub}
3198+ files.
3199+
3200+ [ Jamie Strandboge ]
3201+ * adjust apparmor profile to allow gssapi (LP: #229252)
3202+ * adjust apparmor profile to allow cnconfig (LP: #243525)
3203+
3204+ -- Mathias Gug <mathiaz@ubuntu.com> Wed, 30 Jul 2008 19:46:02 -0400
3205+
3206 openldap (2.4.10-3) unstable; urgency=low
3207
3208 [ Steve Langasek ]
3209@@ -1466,6 +4315,40 @@ openldap (2.4.10-3) unstable; urgency=low
3210
3211 -- Steve Langasek <vorlon@debian.org> Mon, 28 Jul 2008 15:26:06 -0700
3212
3213+openldap (2.4.10-2ubuntu1) intrepid; urgency=low
3214+
3215+ * Merge from debian unstable, remaining changes:
3216+ - debian/apparmor-profile: add AppArmor profile
3217+ - debian/slapd.postinst: Reload AA profile on configuration
3218+ - updated debian/slapd.README.Debian for note on AppArmor
3219+ - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
3220+ - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
3221+ to make sure that if earlier version of apparmour-profiles gets
3222+ installed it won't overwrite our profile.
3223+ - Modify Maintainer value to match the DebianMaintainerField
3224+ speficication.
3225+ - follow ApparmorProfileMigration and force apparmor compalin mode on
3226+ some upgrades (LP: #203529)
3227+ - debian/slapd.dirs: add etc/apparmor.d/force-complain
3228+ - debian/slapd.preinst: create symlink for force-complain on pre-feisty
3229+ upgrades, upgrades where apparmor-profiles profile is unchanged (ie
3230+ non-enforcing) and upgrades where apparmor profile does not exist.
3231+ - debian/slapd.postrm: remove symlink in force-complain/ on purge
3232+ - debian/patches/fix-ucred-libc due to changes how newer glibc handle
3233+ the ucred struct now.
3234+ - debian/patches/fix-unique-overlay-assertion.patch:
3235+ Fix another assertion error in unique overlay (LP: #243337).
3236+ Backport from head.
3237+ - debian/patches/fix-gnutls-key-strength.patch:
3238+ Fix slapd handling of ssf using gnutls. (LP: #244925).
3239+ - debian/control:
3240+ Add time as build dependency: needed by make test.
3241+ * Dropped - implemented in Debian:
3242+ - debian/rules:
3243+ Support debuild nocheck option: don't run tests if nocheck is set.
3244+
3245+ -- Mathias Gug <mathiaz@ubuntu.com> Thu, 10 Jul 2008 14:45:49 -0400
3246+
3247 openldap (2.4.10-2) unstable; urgency=low
3248
3249 * Support DEB_BUILD_OPTIONS=nocheck to disable running the test suite at
3250@@ -1480,6 +4363,54 @@ openldap (2.4.10-2) unstable; urgency=low
3251
3252 -- Steve Langasek <vorlon@debian.org> Sun, 06 Jul 2008 22:03:32 -0700
3253
3254+openldap2.3 (2.4.10-1ubuntu1) intrepid; urgency=low
3255+
3256+ * Merge from debian unstable, remaining changes:
3257+ - debian/apparmor-profile: add AppArmor profile
3258+ - debian/slapd.postinst: Reload AA profile on configuration
3259+ - updated debian/slapd.README.Debian for note on AppArmor
3260+ - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
3261+ - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
3262+ to make sure that if earlier version of apparmour-profiles gets
3263+ installed it won't overwrite our profile.
3264+ - Modify Maintainer value to match the DebianMaintainerField
3265+ speficication.
3266+ - follow ApparmorProfileMigration and force apparmor compalin mode on
3267+ some upgrades (LP: #203529)
3268+ - debian/slapd.dirs: add etc/apparmor.d/force-complain
3269+ - debian/slapd.preinst: create symlink for force-complain on pre-feisty
3270+ upgrades, upgrades where apparmor-profiles profile is unchanged (ie
3271+ non-enforcing) and upgrades where apparmor profile does not exist.
3272+ - debian/slapd.postrm: remove symlink in force-complain/ on purge
3273+ - debian/patches/fix-ucred-libc due to changes how newer glibc handle
3274+ the ucred struct now.
3275+ - debian/patches/fix-unique-overlay-assertion.patch:
3276+ Fix another assertion error in unique overlay (LP: #243337).
3277+ Backport from head.
3278+ * debian/control:
3279+ - add time as build dependency: needed by make test.
3280+ * debian/rules:
3281+ - support debuild nocheck option: don't run tests if nocheck is set.
3282+ * debian/patches/fix-gnutls-key-strength.patch:
3283+ - fix slapd handling of ssf using gnutls. (LP: #244925).
3284+ * Dropped - accepted in Debian:
3285+ - debian/rules, debian/slapd.links: use hard links to slapd instead of
3286+ symlinks for slap* so these applications aren't confined by apparmor
3287+ (LP: #203898)
3288+ * Dropped - fixed in new upstream release:
3289+ - debian/patches/fix-assertion-io.patch: Fixes ber_flush2 assertion.
3290+ (LP: #215904)
3291+ - debian/patches/fix-dnpretty-assertion.patch: Fix dnPrettyNormal assertion
3292+ error. (LP: #234196)
3293+ - dropped debian/patches/fix-notify-crasher.patch: Fix modify timestamp crashes.
3294+ (LP: #220724)
3295+ - debian/patches/fix-syncrepl-oops: Fixes segmentation fault when using
3296+ syncrepl. (LP: #227178)
3297+ - dropped debian/patches/SECURITY_CVE-2008-0658.patch. Already applied
3298+ upstream.
3299+
3300+ -- Mathias Gug <mathiaz@ubuntu.com> Thu, 03 Jul 2008 14:15:08 -0400
3301+
3302 openldap2.3 (2.4.10-1) unstable; urgency=low
3303
3304 [ Steve Langasek ]
3305@@ -1504,6 +4435,64 @@ openldap2.3 (2.4.10-1) unstable; urgency=low
3306
3307 -- Steve Langasek <vorlon@debian.org> Mon, 30 Jun 2008 04:28:34 -0700
3308
3309+openldap2.3 (2.4.9-1ubuntu4) intrepid; urgency=low
3310+
3311+ * debian/patches/fix-unique-overlay-assertion.patch:
3312+ - Fix another assertion error in unique overlay, backported from head.
3313+ (LP: #243337) Note: This patch will still be needed when moved to 2.4.10
3314+
3315+ -- Chuck Short <zulcss@ubuntu.com> Mon, 30 Jun 2008 18:49:52 +0000
3316+
3317+openldap2.3 (2.4.9-1ubuntu3) intrepid; urgency=low
3318+
3319+ * Drop spurious dependency on hiemdal-dev. Caused by an aborted attempt to
3320+ include the smbk5pwd overlay.
3321+
3322+ -- Chuck Short <zulcss@ubuntu.com> Wed, 11 Jun 2008 21:25:40 +0000
3323+
3324+openldap2.3 (2.4.9-1ubuntu2) intrepid; urgency=low
3325+
3326+ * Rebuild for perl 5.10 transition (LP: #230016)
3327+ * debian/patches/fix-syncrepl-oops: Fixes segmentation fault when using
3328+ syncrepl. (LP: #227178)
3329+
3330+ -- Chuck Short <zulcss@ubuntu.com> Mon, 09 Jun 2008 14:56:40 +0000
3331+
3332+openldap2.3 (2.4.9-1ubuntu1) intrepid; urgency=low
3333+
3334+ * Merge from debian unstable, remaining changes:
3335+ - debian/apparmor-profile: add AppArmor profile
3336+ - debian/slapd.postinst: Reload AA profile on configuration
3337+ - updated debian/slapd.README.Debian for note on AppArmor
3338+ - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
3339+ - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
3340+ to make sure that if earlier version of apparmour-profiles gets
3341+ installed it won't overwrite our profile.
3342+ - Modify Maintainer value to match the DebianMaintainerField
3343+ speficication.
3344+ - follow ApparmorProfileMigration and force apparmor compalin mode on
3345+ some upgrades (LP: #203529)
3346+ - debian/slapd.dirs: add etc/apparmor.d/force-complain
3347+ - debian/slapd.preinst: create symlink for force-complain on pre-feisty
3348+ upgrades, upgrades where apparmor-profiles profile is unchanged (ie
3349+ non-enforcing) and upgrades where apparmor profile does not exist.
3350+ - debian/slapd.postrm: remove symlink in force-complain/ on purge
3351+ - debian/rules, debian/slapd.links: use hard links to slapd instead of
3352+ symlinks for slap* so these applications aren't confined by apparmor
3353+ (LP: #203898)
3354+ - debian/patches/fix-assertion-io.patch: Fixes ber_flush2 assertion.
3355+ (LP: #215904)
3356+ - debian/patches/fix-dnpretty-assertion.patch: Fix dnPrettyNormal assertion
3357+ error. (LP: #234196)
3358+ - dropped debian/patches/fix-notify-crasher.patch: Fix modify timestamp crashes.
3359+ (LP: #220724)
3360+ - dropped debian/patches/SECURITY_CVE-2008-0658.patch. Already applied
3361+ upstream.
3362+ * Added debian/patches/fix-ucred-libc due to changes how newer glibc handle
3363+ the ucred struct now.
3364+
3365+ -- Chuck Short <zulcss@ubuntu.com> Fri, 30 May 2008 17:09:53 +0100
3366+
3367 openldap2.3 (2.4.9-1) unstable; urgency=low
3368
3369 [ Updated debconf translations ]
3370@@ -1574,6 +4563,51 @@ openldap2.3 (2.4.7-6.1) unstable; urgency=high
3371
3372 -- Nico Golde <nion@debian.org> Tue, 04 Mar 2008 14:34:44 +0100
3373
3374+openldap2.3 (2.4.7-6ubuntu3) hardy; urgency=low
3375+
3376+ * remove apparmor-profile workaround for Launchpad #202161 (it's now fixed
3377+ in klibc)
3378+
3379+ -- Jamie Strandboge <jamie@ubuntu.com> Mon, 07 Apr 2008 16:09:38 -0400
3380+
3381+openldap2.3 (2.4.7-6ubuntu2) hardy; urgency=low
3382+
3383+ * apparmor-profile workaround for Launchpad #202161
3384+ * follow ApparmorProfileMigration and force apparmor complain mode on some
3385+ upgrades (LP: #203529)
3386+ - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
3387+ - debian/slapd.dirs: add etc/apparmor.d/force-complain
3388+ - debian/slapd.preinst: create symlink for force-complain/ on pre-feisty
3389+ upgrades, upgrades where apparmor-profiles profile is unchanged (ie
3390+ non-enforcing) and upgrades where apparmor profile does not exist
3391+ - debian/slapd.postrm: remove symlink in force-complain/ on purge
3392+ * debian/rules, debian/slapd.links: use hard links to slapd instead of
3393+ symlinks for slap* so these applications aren't confined by apparmor
3394+ (LP: #203898)
3395+
3396+ -- Jamie Strandboge <jamie@ubuntu.com> Tue, 18 Mar 2008 13:53:23 -0400
3397+
3398+openldap2.3 (2.4.7-6ubuntu1) hardy; urgency=low
3399+
3400+ * Merge from Debian unstable, remaining changes:
3401+ + debian/patches/SECURITY_CVE-2008-0658.patch (LP: #197077)
3402+ slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39
3403+ allows remote authenticated users to cause a denial of service (daemon
3404+ crash) via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION)
3405+ control, a related issue to CVE-2007-6698.
3406+ + debian/apparmor-profile: add AppArmor profile
3407+ + debian/slapd.postinst: Reload AA profile on configuration
3408+ + updated debian/slapd.README.Debian for note on AppArmor
3409+ + debian/control: Replaces apparmor-profiles << 2.1+1075-0ubuntu4 as we
3410+ should now take control
3411+ + debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
3412+ to make sure that if earlier version of apparmor-profiles gets
3413+ installed it won't overwrite our profile
3414+ + Modify Maintainer value to match the DebianMaintainerField
3415+ specification.
3416+
3417+ -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 04 Mar 2008 01:59:51 +0000
3418+
3419 openldap2.3 (2.4.7-6) unstable; urgency=low
3420
3421 [ Updated debconf translations ]
3422@@ -1619,6 +4653,37 @@ openldap2.3 (2.4.7-6) unstable; urgency=low
3423
3424 -- Steve Langasek <vorlon@debian.org> Thu, 28 Feb 2008 22:15:17 -0800
3425
3426+openldap2.3 (2.4.7-5ubuntu2) hardy; urgency=low
3427+
3428+ * SECURITY UPDATE:
3429+ + debian/patches/SECURITY_CVE-2008-0658.patch (LP: #197077)
3430+ slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39
3431+ allows remote authenticated users to cause a denial of service (daemon crash)
3432+ via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION) control, a related
3433+ issue to CVE-2007-6698.
3434+
3435+ * References
3436+ - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-0658
3437+ - http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5358
3438+
3439+ -- Emanuele Gentili <emgent@emanuele-gentili.com> Sun, 02 Mar 2008 16:34:30 +0100
3440+
3441+openldap2.3 (2.4.7-5ubuntu1) hardy; urgency=low
3442+
3443+ * add AppArmor profile
3444+ + debian/apparmor-profile
3445+ + debian/slapd.postinst: Reload AA profile on configuration
3446+ * updated debian/slapd.README.Debian for note on AppArmor
3447+ * debian/control: Replaces apparmor-profiles << 2.1+1075-0ubuntu4 as we
3448+ should now take control
3449+ * debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
3450+ to make sure that if earlier version of apparmor-profiles gets installed
3451+ it won't overwrite our profile
3452+ * Modify Maintainer value to match the DebianMaintainerField
3453+ specification.
3454+
3455+ -- Jamie Strandboge <jamie@ubuntu.com> Wed, 13 Feb 2008 17:15:41 +0000
3456+
3457 openldap2.3 (2.4.7-5) unstable; urgency=low
3458
3459 [ Updated debconf translations ]
3460diff --git a/debian/control b/debian/control
3461index 961e6de..5215f21 100644
3462--- a/debian/control
3463+++ b/debian/control
3464@@ -1,12 +1,14 @@
3465 Source: openldap
3466 Section: net
3467 Priority: optional
3468-Maintainer: Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>
3469+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
3470+XSBC-Original-Maintainer: Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>
3471 Uploaders: Steve Langasek <vorlon@debian.org>,
3472 Torsten Landschoff <torsten@debian.org>,
3473 Ryan Tandy <ryan@nardis.ca>,
3474 Sergio Durigan Junior <sergiodj@debian.org>
3475 Build-Depends: debhelper-compat (= 13),
3476+ dh-apparmor,
3477 dpkg-dev (>= 1.17.14),
3478 groff-base,
3479 heimdal-multidev (>= 7.4.0.dfsg.1-1~) <!pkg.openldap.noslapd>,
3480@@ -43,7 +45,7 @@ Depends: ${shlibs:Depends}, libldap2 (= ${binary:Version}),
3481 coreutils (>= 4.5.1-1), psmisc, perl:any (>> 5.8.0) | libmime-base64-perl,
3482 adduser, ${perl:Depends}, ${misc:Depends}
3483 Recommends: ldap-utils
3484-Suggests: libsasl2-modules,
3485+Suggests: libsasl2-modules, ufw,
3486 libsasl2-modules-gssapi-mit | libsasl2-modules-gssapi-heimdal
3487 Conflicts: umich-ldapd, ldap-server, libltdl3 (= 1.5.4-1)
3488 Replaces: ldap-utils (<< 2.2.23-3)
3489diff --git a/debian/rules b/debian/rules
3490index 3fab06f..8039111 100755
3491--- a/debian/rules
3492+++ b/debian/rules
3493@@ -11,7 +11,7 @@ export DEB_CFLAGS_MAINT_APPEND := -Wall -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE
3494 export DEB_BUILD_MAINT_OPTIONS := hardening=+all
3495
3496 # Expose maintainer address to build/mkversion (see debian/patches/set-maintainer-name)
3497-export DEB_MAINTAINER := $(shell sed -ne 's/Maintainer:\s\+//p' debian/control)
3498+export DEB_MAINTAINER := $(shell sed -ne 's/^Maintainer:\s\+//p' debian/control)
3499
3500 # Expose DEB_VERSION to build/version.sh (see debian/patches/debian-version)
3501 export DEB_VERSION
3502@@ -124,6 +124,22 @@ endif
3503 find $(installdir)/usr/share/man -name \*.8 \
3504 | xargs perl -pi -e 's#(\.TH \w+ 8)C#$$1#'
3505
3506+ifeq ($(filter stage1,$(DEB_BUILD_PROFILES)),)
3507+override_dh_install-arch:
3508+ dh_install
3509+
3510+ # install AppArmor profile
3511+ install -D -m 644 $(CURDIR)/debian/apparmor-profile $(CURDIR)/debian/slapd/etc/apparmor.d/usr.sbin.slapd
3512+
3513+ # install Apport hook
3514+ install -D -m 644 $(CURDIR)/debian/slapd.py $(CURDIR)/debian/slapd/usr/share/apport/package-hooks/slapd.py
3515+
3516+ # install ufw profile
3517+ install -D -m 644 $(CURDIR)/debian/slapd.ufw.profile $(CURDIR)/debian/slapd/etc/ufw/applications.d/slapd
3518+
3519+ dh_apparmor -pslapd --profile-name=usr.sbin.slapd
3520+endif
3521+
3522 override_dh_installinit:
3523 dh_installinit --no-restart-after-upgrade --error-handler=ignore_init_failure -- "defaults 19 80"
3524
3525diff --git a/debian/slapd.README.Debian b/debian/slapd.README.Debian
3526index ff7d66b..a4f3f55 100644
3527--- a/debian/slapd.README.Debian
3528+++ b/debian/slapd.README.Debian
3529@@ -252,6 +252,17 @@ Modifications Compared to Upstream
3530
3531 -- Russ Allbery <rra@debian.org>, Thu, 14 Feb 2008 18:47:07 -0800
3532
3533+Apparmor Profile
3534+----------------
3535+
3536+ If your system uses AppArmor, please note that the shipped enforcing profile
3537+ works with the default installation, and changes in your configuration may
3538+ require changes to the installed apparmor profile. Please see
3539+ https://wiki.ubuntu.com/DebuggingApparmor before filing a bug against this
3540+ software.
3541+
3542+ -- Jamie Strandboge <jamie@ubuntu.com>, Mon, 4 Feb 2008 21:18:21 -0500
3543+
3544 Migrating your installation to OpenLDAP 2.5.x
3545
3546 OpenLDAP 2.5 is a major new release and includes several incompatible
3547diff --git a/debian/slapd.py b/debian/slapd.py
3548new file mode 100644
3549index 0000000..b1aed25
3550--- /dev/null
3551+++ b/debian/slapd.py
3552@@ -0,0 +1,51 @@
3553+#!/usr/bin/python3
3554+
3555+'''apport hook for slapd
3556+
3557+(c) 2010 Adam Sommer.
3558+Author: Adam Sommer <asommer@ubuntu.com>
3559+
3560+This program is free software; you can redistribute it and/or modify it
3561+under the terms of the GNU General Public License as published by the
3562+Free Software Foundation; either version 2 of the License, or (at your
3563+option) any later version. See http://www.gnu.org/copyleft/gpl.html for
3564+the full text of the license.
3565+'''
3566+
3567+from apport.hookutils import *
3568+import os
3569+
3570+# Scrub olcRootPW attribute and credentials strings if necessary.
3571+def scrub_pass_strings(config):
3572+ olcrootpw_regex = re.compile('olcRootPW:.*')
3573+ olcrootpw_string = olcrootpw_regex.search(config)
3574+ if olcrootpw_string:
3575+ config = config.replace(olcrootpw_string.group(0), 'olcRootPW: @@APPORTREPLACED@@')
3576+
3577+ credentials_regex = re.compile('credentials=.* ')
3578+ credentials_string = credentials_regex.search(config)
3579+ if credentials_string:
3580+ config = config.replace(credentials_string.group(0), 'credentials=@@APPORTREPLACED@@ ')
3581+
3582+ return config
3583+
3584+def add_info(report, ui):
3585+ response = ui.yesno("The contents of your /etc/ldap/slapd.d directory "
3586+ "may help developers diagnose your bug more "
3587+ "quickly. However, it may contain sensitive "
3588+ "information. Do you want to include it in your "
3589+ "bug report?")
3590+
3591+ if response == None: # user cancelled
3592+ raise StopIteration
3593+
3594+ elif response == True:
3595+ # Get the cn=config tree.
3596+ cn_config = root_command_output(['/usr/bin/ldapsearch', '-Q', '-LLL', '-Y EXTERNAL', '-H ldapi:///', '-b cn=config'])
3597+ report['CNConfig'] = scrub_pass_strings(cn_config)
3598+
3599+ # Get slapd messages from /var/log/syslog
3600+ slapd_re = re.compile('slapd', re.IGNORECASE)
3601+ report['SysLog'] = recent_syslog(slapd_re)
3602+
3603+ attach_mac_events(report, '/usr/sbin/slapd')
3604diff --git a/debian/slapd.ufw.profile b/debian/slapd.ufw.profile
3605new file mode 100644
3606index 0000000..3c4f676
3607--- /dev/null
3608+++ b/debian/slapd.ufw.profile
3609@@ -0,0 +1,9 @@
3610+[OpenLDAP LDAP]
3611+title=OpenLDAP with TLS
3612+description=OpenLDAP is a free, fast, lightweight LDAP server
3613+ports=389/tcp
3614+
3615+[OpenLDAP LDAPS]
3616+title=OpenLDAP over SSL
3617+description=OpenLDAP is a free, fast, lightweight LDAP server
3618+ports=636/tcp
3619diff --git a/debian/tests/smbk5pwd b/debian/tests/smbk5pwd
3620index aeb5f81..aaafdbe 100755
3621--- a/debian/tests/smbk5pwd
3622+++ b/debian/tests/smbk5pwd
3623@@ -9,6 +9,20 @@ schema2ldif /etc/ldap/schema/hdb.schema | ldapadd -H ldapi:// -Y EXTERNAL
3624 chgrp openldap /var/lib/heimdal-kdc /var/lib/heimdal-kdc/*key
3625 chmod g+rX /var/lib/heimdal-kdc /var/lib/heimdal-kdc/*key
3626
3627+apparmor_profile="/etc/apparmor.d/usr.sbin.slapd"
3628+if [ -f "${apparmor_profile}" ]; then
3629+ if aa-status --enabled 2>/dev/null; then
3630+ # Adjust apparmor so slapd can read the heimdal master key
3631+ cat >> /etc/apparmor.d/local/usr.sbin.slapd <<EOF
3632+ /var/lib/heimdal-kdc/m-key rk,
3633+EOF
3634+ apparmor_parser -r -W -T "${apparmor_profile}" || {
3635+ # this failure may happen on armhf in Canonical infrastructure, see #1991141
3636+ echo "Failed to reload the ${apparmor_profile} apparmor profile, continuing anyway."
3637+ }
3638+ fi
3639+fi
3640+
3641 # Instantiate the smbk5pwd overlay
3642 ldapmodify -H ldapi:// -Y EXTERNAL << eof
3643 dn: cn=module{0},cn=config

Subscribers

People subscribed via source and target branches