Merge ~sergiodj/ubuntu/+source/openldap:merge-2.6.6-dfsg-1-mantic into ubuntu/+source/openldap:debian/experimental
- Git
- lp:~sergiodj/ubuntu/+source/openldap
- merge-2.6.6-dfsg-1-mantic
- Merge into debian/experimental
Status: | Merged | ||||
---|---|---|---|---|---|
Merge reported by: | Sergio Durigan Junior | ||||
Merged at revision: | e67fe169e961d770845e914e22b7dda6d7b9d6c6 | ||||
Proposed branch: | ~sergiodj/ubuntu/+source/openldap:merge-2.6.6-dfsg-1-mantic | ||||
Merge into: | ubuntu/+source/openldap:debian/experimental | ||||
Diff against target: |
3643 lines (+3232/-3) 8 files modified
debian/apparmor-profile (+61/-0) debian/changelog (+3065/-0) debian/control (+4/-2) debian/rules (+17/-1) debian/slapd.README.Debian (+11/-0) debian/slapd.py (+51/-0) debian/slapd.ufw.profile (+9/-0) debian/tests/smbk5pwd (+14/-0) |
||||
Related bugs: |
|
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Andreas Hasenack | Approve | ||
Canonical Server Reporter | Pending | ||
Review via email: mp+448302@code.launchpad.net |
Commit message
Description of the change
This is the merge of OpenLDAP 2.6.6 from Debian experimental.
It's a trivial merge that fixes a regression introduced by 2.6.5. No deltas were dropped this time.
PPA: https:/
dep8 results will be posted later.
Sergio Durigan Junior (sergiodj) wrote : | # |
Sergio Durigan Junior (sergiodj) wrote : | # |
It seems that I'm having a bad luck when doing merges lately... You will find that OpenLDAP is FTBFSing in the PPA. I tracked down this problem to a recent change in cyrus-sasl2. I filed a Debian bug and will work with the maintainer to get things working again. Feel free to review the MP, though. Thanks.
Sergio Durigan Junior (sergiodj) wrote : | # |
The cyrus-sasl2 bug has been fixed in Debian/Ubuntu and the openldap builds are passing now. This MP is ready for review.
Sergio Durigan Junior (sergiodj) wrote : | # |
Results: (from http://
openldap @ amd64:
04.08.23 18:45:32 Log 🗒️ ✅ Triggers: openldap/
openldap @ armhf:
04.08.23 18:44:40 Log 🗒️ ✅ Triggers: openldap/
openldap @ ppc64el:
04.08.23 18:41:51 Log 🗒️ ✅ Triggers: openldap/
openldap @ s390x:
04.08.23 18:41:36 Log 🗒️ ✅ Triggers: openldap/
The arm64 test is stuck updating the kernel, which is unrelated to openldap.
Andreas Hasenack (ahasenack) wrote : | # |
range-diff is clean, no delta change
new upstream 2.6.6 CHANGES file is ok
+1
Sergio Durigan Junior (sergiodj) wrote : | # |
On Friday, August 04 2023, Andreas Hasenack wrote:
> range-diff is clean, no delta change
>
> new upstream 2.6.6 CHANGES file is ok
>
> +1
Thanks. Uploaded:
$ dput openldap_
Trying to upload package to ubuntu
Checking signature on .changes
gpg: /home/sergio/
Checking signature on .dsc
gpg: /home/sergio/
Uploading to ubuntu (via ftp to upload.ubuntu.com):
Uploading openldap_
Uploading openldap_
Uploading openldap_
Uploading openldap_
Uploading openldap_
Successfully uploaded packages.
--
Sergio
GPG key ID: E92F D0B3 6B14 F1F4 D8E0 EB2F 106D A1C8 C3CB BF14
Preview Diff
1 | diff --git a/debian/apparmor-profile b/debian/apparmor-profile |
2 | new file mode 100644 |
3 | index 0000000..6a247aa |
4 | --- /dev/null |
5 | +++ b/debian/apparmor-profile |
6 | @@ -0,0 +1,61 @@ |
7 | +# vim:syntax=apparmor |
8 | +# Last Modified: Fri Jun 6 13:51:00 2020 |
9 | +# Author: Jamie Strandboge <jamie@ubuntu.com> |
10 | + |
11 | +#include <tunables/global> |
12 | + |
13 | +/usr/sbin/slapd { |
14 | + #include <abstractions/base> |
15 | + #include <abstractions/nameservice> |
16 | + #include <abstractions/p11-kit> |
17 | + |
18 | + #include <abstractions/ssl_keys> |
19 | + #include <abstractions/ssl_certs> |
20 | + |
21 | + /etc/sasldb2 r, |
22 | + |
23 | + capability dac_override, |
24 | + capability net_bind_service, |
25 | + capability setgid, |
26 | + capability setuid, |
27 | + |
28 | + /etc/gai.conf r, |
29 | + /etc/hosts.allow r, |
30 | + /etc/hosts.deny r, |
31 | + |
32 | + # ldap files |
33 | + /etc/ldap/** kr, |
34 | + /etc/ldap/slapd.d/** rw, |
35 | + |
36 | + # kerberos/gssapi |
37 | + /dev/tty rw, |
38 | + /etc/gss/mech.d/ r, |
39 | + /etc/gss/mech.d/* kr, |
40 | + /etc/krb5.keytab kr, |
41 | + /etc/krb5/user/*/client.keytab kr, |
42 | + owner /tmp/krb5cc_* rwk, |
43 | + owner /var/tmp/krb5_*.rcache2 rwk, |
44 | + /var/tmp/ rw, |
45 | + /var/tmp/** rw, |
46 | + |
47 | + # the databases and logs |
48 | + /var/lib/ldap/ r, |
49 | + /var/lib/ldap/** rwk, |
50 | + |
51 | + # lock file |
52 | + /var/lib/ldap/alock kw, |
53 | + |
54 | + # pid files and sockets |
55 | + /{,var/}run/slapd/* w, |
56 | + /{,var/}run/slapd/ldapi rw, |
57 | + /{,var/}run/nslcd/socket rw, |
58 | + /{,var/}run/saslauthd/mux rw, |
59 | + |
60 | + /usr/lib/ldap/ r, |
61 | + /usr/lib/ldap/* mr, |
62 | + |
63 | + /usr/sbin/slapd mr, |
64 | + |
65 | + # Site-specific additions and overrides. See local/README for details. |
66 | + #include <local/usr.sbin.slapd> |
67 | +} |
68 | diff --git a/debian/changelog b/debian/changelog |
69 | index b654a02..8945ee5 100644 |
70 | --- a/debian/changelog |
71 | +++ b/debian/changelog |
72 | @@ -1,9 +1,62 @@ |
73 | +openldap (2.6.6+dfsg-1~exp1ubuntu1) mantic; urgency=medium |
74 | + |
75 | + * Merge with Debian unstable (LP: #2028721). Remaining changes: |
76 | + - Enable AppArmor support: |
77 | + + d/apparmor-profile: add AppArmor profile |
78 | + + d/rules: use dh_apparmor |
79 | + + d/control: Build-Depends on dh-apparmor |
80 | + + d/slapd.README.Debian: add note about AppArmor |
81 | + - Enable ufw support: |
82 | + + d/control: suggest ufw. |
83 | + + d/rules: install ufw profile. |
84 | + + d/slapd.ufw.profile: add ufw profile. |
85 | + - d/{rules,slapd.py}: Add apport hook. |
86 | + - d/rules: better regexp to match the Maintainer tag in d/control, |
87 | + needed in the Ubuntu case because of XSBC-Original-Maintainer |
88 | + (Closes #960448, LP #1875697) |
89 | + - d/t/smbk5pwd: Allow the openldap user to read the Heimdal master key in the |
90 | + smbk5pwd DEP8 test (LP #2004560) |
91 | + [ Partially incorporated by Debian. ] |
92 | + |
93 | + -- Sergio Durigan Junior <sergio.durigan@canonical.com> Wed, 02 Aug 2023 19:53:17 -0400 |
94 | + |
95 | openldap (2.6.6+dfsg-1~exp1) experimental; urgency=medium |
96 | |
97 | * New upstream version 2.6.6+dfsg |
98 | |
99 | -- Sergio Durigan Junior <sergiodj@debian.org> Mon, 31 Jul 2023 18:24:38 -0400 |
100 | |
101 | +openldap (2.6.5+dfsg-1~exp1ubuntu1) mantic; urgency=medium |
102 | + |
103 | + * Merge with Debian unstable (LP: #2028721). Remaining changes: |
104 | + - Enable AppArmor support: |
105 | + + d/apparmor-profile: add AppArmor profile |
106 | + + d/rules: use dh_apparmor |
107 | + + d/control: Build-Depends on dh-apparmor |
108 | + + d/slapd.README.Debian: add note about AppArmor |
109 | + - Enable ufw support: |
110 | + + d/control: suggest ufw. |
111 | + + d/rules: install ufw profile. |
112 | + + d/slapd.ufw.profile: add ufw profile. |
113 | + - d/{rules,slapd.py}: Add apport hook. |
114 | + - d/rules: better regexp to match the Maintainer tag in d/control, |
115 | + needed in the Ubuntu case because of XSBC-Original-Maintainer |
116 | + (Closes #960448, LP #1875697) |
117 | + - d/t/smbk5pwd: Allow the openldap user to read the Heimdal master key in the |
118 | + smbk5pwd DEP8 test (LP #2004560) |
119 | + [ Partially incorporated by Debian. ] |
120 | + * Drop changes: |
121 | + - Build the passwd/sha2 contrib module with -fno-strict-aliasing to |
122 | + avoid computing an incorrect SHA256 hash with some versions of the |
123 | + compiler (LP: #2000817): |
124 | + + d/t/{control,sha2-contrib}: test to verify the SHA256 hash |
125 | + produced by passwd/sha2 |
126 | + + d/rules: set -fno-strict-aliasing only when building the |
127 | + passwd/sha2 contrib module |
128 | + [ Incorporated by Debian. ] |
129 | + |
130 | + -- Sergio Durigan Junior <sergio.durigan@canonical.com> Thu, 27 Jul 2023 13:18:18 -0400 |
131 | + |
132 | openldap (2.6.5+dfsg-1~exp1) experimental; urgency=medium |
133 | |
134 | [ Sergio Durigan Junior ] |
135 | @@ -39,12 +92,79 @@ openldap (2.6.5+dfsg-1~exp1) experimental; urgency=medium |
136 | |
137 | -- Sergio Durigan Junior <sergiodj@debian.org> Mon, 24 Jul 2023 19:26:16 -0400 |
138 | |
139 | +openldap (2.6.4+dfsg-1~exp1ubuntu1) mantic; urgency=medium |
140 | + |
141 | + * Merge with Debian unstable (LP: #2018093). Remaining changes: |
142 | + - Enable AppArmor support: |
143 | + + d/apparmor-profile: add AppArmor profile |
144 | + + d/rules: use dh_apparmor |
145 | + + d/control: Build-Depends on dh-apparmor |
146 | + + d/slapd.README.Debian: add note about AppArmor |
147 | + - Enable ufw support: |
148 | + + d/control: suggest ufw. |
149 | + + d/rules: install ufw profile. |
150 | + + d/slapd.ufw.profile: add ufw profile. |
151 | + - d/{rules,slapd.py}: Add apport hook. |
152 | + - d/rules: better regexp to match the Maintainer tag in d/control, |
153 | + needed in the Ubuntu case because of XSBC-Original-Maintainer |
154 | + (Closes #960448, LP #1875697) |
155 | + - Build the passwd/sha2 contrib module with -fno-strict-aliasing to |
156 | + avoid computing an incorrect SHA256 hash with some versions of the |
157 | + compiler (LP #2000817): |
158 | + + d/t/{control,sha2-contrib}: test to verify the SHA256 hash |
159 | + produced by passwd/sha2 |
160 | + + d/rules: set -fno-strict-aliasing only when building the |
161 | + passwd/sha2 contrib module |
162 | + - d/t/smbk5pwd: Allow the openldap user to read the Heimdal master key in the |
163 | + smbk5pwd DEP8 test (LP #2004560) |
164 | + |
165 | + -- Sergio Durigan Junior <sergio.durigan@canonical.com> Wed, 21 Jun 2023 14:48:31 -0400 |
166 | + |
167 | openldap (2.6.4+dfsg-1~exp1) experimental; urgency=medium |
168 | |
169 | * New upstream version 2.6.4+dfsg. |
170 | |
171 | -- Sergio Durigan Junior <sergiodj@debian.org> Sat, 04 Mar 2023 16:35:10 -0500 |
172 | |
173 | +openldap (2.6.3+dfsg-1~exp1ubuntu2) lunar; urgency=medium |
174 | + |
175 | + * Build the passwd/sha2 contrib module with -fno-strict-aliasing to |
176 | + avoid computing an incorrect SHA256 hash with some versions of the |
177 | + compiler (LP: #2000817): |
178 | + - d/t/{control,sha2-contrib}: test to verify the SHA256 hash |
179 | + produced by passwd/sha2 |
180 | + - d/rules: set -fno-strict-aliasing only when building the |
181 | + passwd/sha2 contrib module |
182 | + * d/t/smbk5pwd: Allow the openldap user to read the Heimdal master key in the |
183 | + smbk5pwd DEP8 test (LP: #2004560) |
184 | + |
185 | + -- Andreas Hasenack <andreas@canonical.com> Fri, 03 Feb 2023 09:33:14 -0300 |
186 | + |
187 | +openldap (2.6.3+dfsg-1~exp1ubuntu1) lunar; urgency=medium |
188 | + |
189 | + * Merge with Debian unstable (LP: #1993426). Remaining changes: |
190 | + - Enable AppArmor support: |
191 | + + d/apparmor-profile: add AppArmor profile |
192 | + + d/rules: use dh_apparmor |
193 | + + d/control: Build-Depends on dh-apparmor |
194 | + + d/slapd.README.Debian: add note about AppArmor |
195 | + - Enable ufw support: |
196 | + + d/control: suggest ufw. |
197 | + + d/rules: install ufw profile. |
198 | + + d/slapd.ufw.profile: add ufw profile. |
199 | + - d/{rules,slapd.py}: Add apport hook. |
200 | + - d/rules: better regexp to match the Maintainer tag in d/control, |
201 | + needed in the Ubuntu case because of XSBC-Original-Maintainer |
202 | + (Closes #960448, LP #1875697) |
203 | + * Drop changes: |
204 | + - Enable SASL/GSSAPI tests. (LP #1976508) |
205 | + + d/control: Update B-D to include required dependencies needed to run |
206 | + SASL/GSSAPI tests during build time, and mark them "!nocheck". |
207 | + Thanks: Andreas Hasenack <andreas.hasenack@canonical.com> |
208 | + [ Incorporated by Debian. ] |
209 | + |
210 | + -- Sergio Durigan Junior <sergio.durigan@canonical.com> Fri, 18 Nov 2022 16:07:45 -0500 |
211 | + |
212 | openldap (2.6.3+dfsg-1~exp1) experimental; urgency=medium |
213 | |
214 | * d/rules: Remove get-orig-source, now unnecessary. |
215 | @@ -94,6 +214,94 @@ openldap (2.6.2+dfsg-1~exp1) experimental; urgency=medium |
216 | |
217 | -- Sergio Durigan Junior <sergiodj@debian.org> Fri, 20 May 2022 17:41:04 -0400 |
218 | |
219 | +openldap (2.5.13+dfsg-1ubuntu2) lunar; urgency=medium |
220 | + |
221 | + * Rebuild against new perlapi-5.36. |
222 | + |
223 | + -- Gianfranco Costamagna <locutusofborg@debian.org> Fri, 04 Nov 2022 16:50:13 +0100 |
224 | + |
225 | +openldap (2.5.13+dfsg-1ubuntu1) kinetic; urgency=medium |
226 | + |
227 | + * Merge with Debian unstable (LP: #1983618). Remaining changes: |
228 | + - Enable AppArmor support: |
229 | + + d/apparmor-profile: add AppArmor profile |
230 | + + d/rules: use dh_apparmor |
231 | + + d/control: Build-Depends on dh-apparmor |
232 | + + d/slapd.README.Debian: add note about AppArmor |
233 | + - Enable ufw support: |
234 | + + d/control: suggest ufw. |
235 | + + d/rules: install ufw profile. |
236 | + + d/slapd.ufw.profile: add ufw profile. |
237 | + - d/{rules,slapd.py}: Add apport hook. |
238 | + - d/rules: better regexp to match the Maintainer tag in d/control, |
239 | + needed in the Ubuntu case because of XSBC-Original-Maintainer |
240 | + (Closes #960448, LP #1875697) |
241 | + - Enable SASL/GSSAPI tests. (LP #1976508) |
242 | + + d/control: Update B-D to include required dependencies needed to run |
243 | + SASL/GSSAPI tests during build time, and mark them "!nocheck". |
244 | + Thanks: Andreas Hasenack <andreas.hasenack@canonical.com> |
245 | + |
246 | + -- Sergio Durigan Junior <sergio.durigan@canonical.com> Tue, 20 Sep 2022 15:30:47 -0400 |
247 | + |
248 | +openldap (2.5.12+dfsg-2ubuntu2) kinetic; urgency=medium |
249 | + |
250 | + * Enable SASL/GSSAPI tests. (LP: #1976508) |
251 | + - d/control: Update B-D to include required dependencies needed to run |
252 | + SASL/GSSAPI tests during build time, and mark them "!nocheck". |
253 | + Thanks: Andreas Hasenack <andreas.hasenack@canonical.com> |
254 | + |
255 | + -- Sergio Durigan Junior <sergio.durigan@canonical.com> Thu, 25 Aug 2022 16:20:08 -0400 |
256 | + |
257 | +openldap (2.5.12+dfsg-2ubuntu1) kinetic; urgency=medium |
258 | + |
259 | + * Merge with Debian unstable (LP: #1971305). Remaining changes: |
260 | + - Enable AppArmor support: |
261 | + + d/apparmor-profile: add AppArmor profile |
262 | + + d/rules: use dh_apparmor |
263 | + + d/control: Build-Depends on dh-apparmor |
264 | + + d/slapd.README.Debian: add note about AppArmor |
265 | + - Enable ufw support: |
266 | + + d/control: suggest ufw. |
267 | + + d/rules: install ufw profile. |
268 | + + d/slapd.ufw.profile: add ufw profile. |
269 | + - d/{rules,slapd.py}: Add apport hook. |
270 | + - d/rules: better regexp to match the Maintainer tag in d/control, |
271 | + needed in the Ubuntu case because of XSBC-Original-Maintainer |
272 | + (Closes #960448, LP #1875697) |
273 | + |
274 | + -- Sergio Durigan Junior <sergio.durigan@canonical.com> Mon, 06 Jun 2022 15:34:48 -0400 |
275 | + |
276 | +openldap (2.5.11+dfsg-1~exp1ubuntu3) jammy; urgency=medium |
277 | + |
278 | + * No-change rebuild to update maintainer scripts, see LP: 1959054 |
279 | + |
280 | + -- Dave Jones <dave.jones@canonical.com> Wed, 16 Feb 2022 17:15:26 +0000 |
281 | + |
282 | +openldap (2.5.11+dfsg-1~exp1ubuntu2) jammy; urgency=medium |
283 | + |
284 | + * No-change rebuild for the perl update. |
285 | + |
286 | + -- Matthias Klose <doko@ubuntu.com> Mon, 07 Feb 2022 07:51:42 +0100 |
287 | + |
288 | +openldap (2.5.11+dfsg-1~exp1ubuntu1) jammy; urgency=medium |
289 | + |
290 | + * Merge with Debian unstable (LP: #1946883). Remaining changes: |
291 | + - Enable AppArmor support: |
292 | + + d/apparmor-profile: add AppArmor profile |
293 | + + d/rules: use dh_apparmor |
294 | + + d/control: Build-Depends on dh-apparmor |
295 | + + d/slapd.README.Debian: add note about AppArmor |
296 | + - Enable ufw support: |
297 | + + d/control: suggest ufw. |
298 | + + d/rules: install ufw profile. |
299 | + + d/slapd.ufw.profile: add ufw profile. |
300 | + - d/{rules,slapd.py}: Add apport hook. |
301 | + - d/rules: better regexp to match the Maintainer tag in d/control, |
302 | + needed in the Ubuntu case because of XSBC-Original-Maintainer |
303 | + (Closes #960448, LP #1875697) |
304 | + |
305 | + -- Sergio Durigan Junior <sergio.durigan@canonical.com> Tue, 25 Jan 2022 17:06:12 -0500 |
306 | + |
307 | openldap (2.5.11+dfsg-1~exp1) experimental; urgency=medium |
308 | |
309 | * New upstream release. |
310 | @@ -125,6 +333,25 @@ openldap (2.5.7+dfsg-1~exp1) experimental; urgency=medium |
311 | |
312 | -- Ryan Tandy <ryan@nardis.ca> Mon, 30 Aug 2021 18:54:25 -0700 |
313 | |
314 | +openldap (2.5.6+dfsg-1~exp1ubuntu1) impish; urgency=medium |
315 | + |
316 | + * Merge with Debian unstable. Remaining changes: |
317 | + - Enable AppArmor support: |
318 | + + d/apparmor-profile: add AppArmor profile |
319 | + + d/rules: use dh_apparmor |
320 | + + d/control: Build-Depends on dh-apparmor |
321 | + + d/slapd.README.Debian: add note about AppArmor |
322 | + - Enable ufw support: |
323 | + + d/control: suggest ufw. |
324 | + + d/rules: install ufw profile. |
325 | + + d/slapd.ufw.profile: add ufw profile. |
326 | + - d/{rules,slapd.py}: Add apport hook. |
327 | + - d/rules: better regexp to match the Maintainer tag in d/control, |
328 | + needed in the Ubuntu case because of XSBC-Original-Maintainer |
329 | + (Closes #960448, LP #1875697) |
330 | + |
331 | + -- Sergio Durigan Junior <sergio.durigan@canonical.com> Tue, 17 Aug 2021 14:06:00 -0400 |
332 | + |
333 | openldap (2.5.6+dfsg-1~exp1) experimental; urgency=medium |
334 | |
335 | [ Ryan Tandy ] |
336 | @@ -159,6 +386,59 @@ openldap (2.5.6+dfsg-1~exp1) experimental; urgency=medium |
337 | |
338 | -- Ryan Tandy <ryan@nardis.ca> Mon, 16 Aug 2021 18:32:29 -0700 |
339 | |
340 | +openldap (2.5.5+dfsg-1~exp1ubuntu1) impish; urgency=medium |
341 | + |
342 | + * Merge with Debian unstable. Remaining changes: |
343 | + - Enable AppArmor support: |
344 | + + d/apparmor-profile: add AppArmor profile |
345 | + + d/rules: use dh_apparmor |
346 | + + d/control: Build-Depends on dh-apparmor |
347 | + + d/slapd.README.Debian: add note about AppArmor |
348 | + - Enable ufw support: |
349 | + + d/control: suggest ufw. |
350 | + + d/rules: install ufw profile. |
351 | + + d/slapd.ufw.profile: add ufw profile. |
352 | + - d/{rules,slapd.py}: Add apport hook. |
353 | + - d/rules: better regexp to match the Maintainer tag in d/control, |
354 | + needed in the Ubuntu case because of XSBC-Original-Maintainer |
355 | + (Closes #960448, LP #1875697) |
356 | + * Dropped changes: |
357 | + - Enable GSSAPI support (first added in 2.4.18-0ubuntu2): |
358 | + + d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): |
359 | + - Add --with-gssapi support |
360 | + - Make guess_service_principal() more robust when determining |
361 | + principal |
362 | + + d/configure.options: Configure with --with-gssapi |
363 | + + d/control: Added heimdal-dev as a build depend |
364 | + + d/rules: |
365 | + - Explicitly add -I/usr/include/heimdal to CFLAGS. |
366 | + - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS. |
367 | + + d/libldap-2.4-2.symbols: add symbols for GSSAPI support |
368 | + This should be dropped when the soname changes. |
369 | + [ Dropped as planned after soname bump due to 2.5.5 update. ] |
370 | + - Enable nss overlay: |
371 | + + d/rules: |
372 | + - add nssov to CONTRIB_MODULES |
373 | + - add sysconfdir to CONTRIB_MAKEVARS |
374 | + + d/slapd.install: install nssov overlay |
375 | + + d/slapd.manpages: install slapo-nssov(5) man page |
376 | + + d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding |
377 | + Debian bug #919136, we also have to patch the nssov makefile |
378 | + accordingly and thus update this patch. |
379 | + [ Dropped as planned after soname bump due to 2.5.5 update. ] |
380 | + - Add support for CLDAP (UDP) support, back then required by |
381 | + likewise-open (first enabled in 2.4.17-1ubuntu2): |
382 | + + d/rules: Enable -DLDAP_CONNECTIONLESS |
383 | + + d/libldap-2.4-2.symbols: add symbols for CLDAP (UDP) |
384 | + This should be dropped when the soname changes. |
385 | + [ Dropped as planned after soname bump due to 2.5.5 update. ] |
386 | + - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because |
387 | + of test timing issue. |
388 | + [ Dropped because the latest update improved the testcase and |
389 | + there is no FTBFS on riscv64 anymore. ] |
390 | + |
391 | + -- Sergio Durigan Junior <sergio.durigan@canonical.com> Tue, 15 Jun 2021 17:20:34 -0400 |
392 | + |
393 | openldap (2.5.5+dfsg-1~exp1) experimental; urgency=medium |
394 | |
395 | * New upstream release. |
396 | @@ -264,6 +544,53 @@ openldap (2.4.57+dfsg-3) unstable; urgency=medium |
397 | |
398 | -- Ryan Tandy <ryan@nardis.ca> Sat, 15 May 2021 16:03:34 -0700 |
399 | |
400 | +openldap (2.4.57+dfsg-2ubuntu1) hirsute; urgency=medium |
401 | + |
402 | + * Merge with Debian unstable. Remaining changes: |
403 | + - Enable AppArmor support: |
404 | + + d/apparmor-profile: add AppArmor profile |
405 | + + d/rules: use dh_apparmor |
406 | + + d/control: Build-Depends on dh-apparmor |
407 | + + d/slapd.README.Debian: add note about AppArmor |
408 | + - Enable GSSAPI support (first added in 2.4.18-0ubuntu2): |
409 | + + d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): |
410 | + - Add --with-gssapi support |
411 | + - Make guess_service_principal() more robust when determining |
412 | + principal |
413 | + + d/configure.options: Configure with --with-gssapi |
414 | + + d/control: Added heimdal-dev as a build depend |
415 | + + d/rules: |
416 | + - Explicitly add -I/usr/include/heimdal to CFLAGS. |
417 | + - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS. |
418 | + + d/libldap-2.4-2.symbols: add symbols for GSSAPI support |
419 | + This should be dropped when the soname changes. |
420 | + - Enable ufw support: |
421 | + + d/control: suggest ufw. |
422 | + + d/rules: install ufw profile. |
423 | + + d/slapd.ufw.profile: add ufw profile. |
424 | + - Enable nss overlay: |
425 | + + d/rules: |
426 | + - add nssov to CONTRIB_MODULES |
427 | + - add sysconfdir to CONTRIB_MAKEVARS |
428 | + + d/slapd.install: install nssov overlay |
429 | + + d/slapd.manpages: install slapo-nssov(5) man page |
430 | + + d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding |
431 | + Debian bug #919136, we also have to patch the nssov makefile |
432 | + accordingly and thus update this patch. |
433 | + - d/{rules,slapd.py}: Add apport hook. |
434 | + - Add support for CLDAP (UDP) support, back then required by |
435 | + likewise-open (first enabled in 2.4.17-1ubuntu2): |
436 | + + d/rules: Enable -DLDAP_CONNECTIONLESS |
437 | + + d/libldap-2.4-2.symbols: add symbols for CLDAP (UDP) |
438 | + This should be dropped when the soname changes. |
439 | + - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because |
440 | + of test timing issue. |
441 | + - d/rules: better regexp to match the Maintainer tag in d/control, |
442 | + needed in the Ubuntu case because of XSBC-Original-Maintainer |
443 | + (Closes #960448, LP #1875697) |
444 | + |
445 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 18 Feb 2021 10:15:38 -0500 |
446 | + |
447 | openldap (2.4.57+dfsg-2) unstable; urgency=medium |
448 | |
449 | * Fix slapd assertion failure in Certificate List Exact Assertion validation |
450 | @@ -293,6 +620,65 @@ openldap (2.4.57+dfsg-1) unstable; urgency=medium |
451 | |
452 | -- Ryan Tandy <ryan@nardis.ca> Sat, 23 Jan 2021 08:57:07 -0800 |
453 | |
454 | +openldap (2.4.56+dfsg-1ubuntu2) hirsute; urgency=medium |
455 | + |
456 | + * debian/apparmor-profile: add AppArmor rule for locking replay cache. |
457 | + In Hirsute, a change (presumably in src:krb5) has caused slapd to be |
458 | + denied by AppArmor for locking /var/tmp/krb5_*.rcache2. This is |
459 | + acceptable, so add it to the AppArmor profile. This fixes the dep8 |
460 | + test in src:krb5 that uses slapd for testing. |
461 | + |
462 | + -- Robie Basak <robie.basak@ubuntu.com> Tue, 26 Jan 2021 13:02:40 +0000 |
463 | + |
464 | +openldap (2.4.56+dfsg-1ubuntu1) hirsute; urgency=medium |
465 | + |
466 | + * Merge with Debian unstable. Remaining changes: |
467 | + - Enable AppArmor support: |
468 | + + d/apparmor-profile: add AppArmor profile |
469 | + + d/rules: use dh_apparmor |
470 | + + d/control: Build-Depends on dh-apparmor |
471 | + + d/slapd.README.Debian: add note about AppArmor |
472 | + - Enable GSSAPI support (first added in 2.4.18-0ubuntu2): |
473 | + + d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): |
474 | + - Add --with-gssapi support |
475 | + - Make guess_service_principal() more robust when determining |
476 | + principal |
477 | + + d/configure.options: Configure with --with-gssapi |
478 | + + d/control: Added heimdal-dev as a build depend |
479 | + + d/rules: |
480 | + - Explicitly add -I/usr/include/heimdal to CFLAGS. |
481 | + - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS. |
482 | + + d/libldap-2.4-2.symbols: add symbols for GSSAPI support |
483 | + This should be dropped when the soname changes. |
484 | + - Enable ufw support: |
485 | + + d/control: suggest ufw. |
486 | + + d/rules: install ufw profile. |
487 | + + d/slapd.ufw.profile: add ufw profile. |
488 | + - Enable nss overlay: |
489 | + + d/rules: |
490 | + - add nssov to CONTRIB_MODULES |
491 | + - add sysconfdir to CONTRIB_MAKEVARS |
492 | + + d/slapd.install: install nssov overlay |
493 | + + d/slapd.manpages: install slapo-nssov(5) man page |
494 | + + d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding |
495 | + Debian bug #919136, we also have to patch the nssov makefile |
496 | + accordingly and thus update this patch. |
497 | + - d/{rules,slapd.py}: Add apport hook. |
498 | + - Add support for CLDAP (UDP) support, back then required by |
499 | + likewise-open (first enabled in 2.4.17-1ubuntu2): |
500 | + + d/rules: Enable -DLDAP_CONNECTIONLESS |
501 | + + d/libldap-2.4-2.symbols: add symbols for CLDAP (UDP) |
502 | + This should be dropped when the soname changes. |
503 | + - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because |
504 | + of test timing issue. |
505 | + - d/rules: better regexp to match the Maintainer tag in d/control, |
506 | + needed in the Ubuntu case because of XSBC-Original-Maintainer |
507 | + (Closes #960448, LP #1875697) |
508 | + * d/apparmor-profile: use abstractions/ssl_keys instead of manual rules, |
509 | + allows letsencrypt to work. Thanks to Paul McEnery (LP: #1909748) |
510 | + |
511 | + -- Paride Legovini <paride.legovini@canonical.com> Mon, 04 Jan 2021 16:18:57 +0100 |
512 | + |
513 | openldap (2.4.56+dfsg-1) unstable; urgency=medium |
514 | |
515 | * New upstream release. |
516 | @@ -319,12 +705,151 @@ openldap (2.4.54+dfsg-1) unstable; urgency=medium |
517 | |
518 | -- Ryan Tandy <ryan@nardis.ca> Sun, 18 Oct 2020 16:03:46 +0000 |
519 | |
520 | +openldap (2.4.53+dfsg-1ubuntu5) hirsute; urgency=medium |
521 | + |
522 | + * SECURITY UPDATE: assertion failure in Certificate List syntax |
523 | + validation |
524 | + - debian/patches/CVE-2020-25709.patch: properly handle error in |
525 | + servers/slapd/schema_init.c. |
526 | + - CVE-2020-25709 |
527 | + * SECURITY UPDATE: assertion failure in CSN normalization with invalid |
528 | + input |
529 | + - debian/patches/CVE-2020-25710.patch: properly handle error in |
530 | + servers/slapd/schema_init.c. |
531 | + - CVE-2020-25710 |
532 | + |
533 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 17 Nov 2020 09:41:47 -0500 |
534 | + |
535 | +openldap (2.4.53+dfsg-1ubuntu4) hirsute; urgency=medium |
536 | + |
537 | + * SECURITY UPDATE: DoS via NULL pointer dereference |
538 | + - debian/patches/CVE-2020-25692.patch: skip normalization if there's no |
539 | + equality rule in servers/slapd/modrdn.c. |
540 | + - CVE-2020-25692 |
541 | + |
542 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 09 Nov 2020 14:02:02 -0500 |
543 | + |
544 | +openldap (2.4.53+dfsg-1ubuntu3) hirsute; urgency=medium |
545 | + |
546 | + * No-change rebuild for the perl update. |
547 | + |
548 | + -- Matthias Klose <doko@ubuntu.com> Mon, 09 Nov 2020 12:53:38 +0100 |
549 | + |
550 | +openldap (2.4.53+dfsg-1ubuntu2) hirsute; urgency=medium |
551 | + |
552 | + * No-change rebuild for the perl update. |
553 | + |
554 | + -- Matthias Klose <doko@ubuntu.com> Mon, 09 Nov 2020 10:51:32 +0100 |
555 | + |
556 | +openldap (2.4.53+dfsg-1ubuntu1) groovy; urgency=medium |
557 | + |
558 | + * Merge with Debian unstable (LP: #1894838). Remaining changes: |
559 | + - Enable AppArmor support: |
560 | + + d/apparmor-profile: add AppArmor profile |
561 | + + d/rules: use dh_apparmor |
562 | + + d/control: Build-Depends on dh-apparmor |
563 | + + d/slapd.README.Debian: add note about AppArmor |
564 | + - Enable GSSAPI support (first added in 2.4.18-0ubuntu2): |
565 | + + d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): |
566 | + - Add --with-gssapi support |
567 | + - Make guess_service_principal() more robust when determining |
568 | + principal |
569 | + + d/configure.options: Configure with --with-gssapi |
570 | + + d/control: Added heimdal-dev as a build depend |
571 | + + d/rules: |
572 | + - Explicitly add -I/usr/include/heimdal to CFLAGS. |
573 | + - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS. |
574 | + + d/libldap-2.4-2.symbols: add symbols for GSSAPI support |
575 | + This should be dropped when the soname changes. |
576 | + - Enable ufw support: |
577 | + + d/control: suggest ufw. |
578 | + + d/rules: install ufw profile. |
579 | + + d/slapd.ufw.profile: add ufw profile. |
580 | + - Enable nss overlay: |
581 | + + d/rules: |
582 | + - add nssov to CONTRIB_MODULES |
583 | + - add sysconfdir to CONTRIB_MAKEVARS |
584 | + + d/slapd.install: install nssov overlay |
585 | + + d/slapd.manpages: install slapo-nssov(5) man page |
586 | + + d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding |
587 | + Debian bug #919136, we also have to patch the nssov makefile |
588 | + accordingly and thus update this patch. |
589 | + - d/{rules,slapd.py}: Add apport hook. |
590 | + - Add support for CLDAP (UDP) support, back then required by |
591 | + likewise-open (first enabled in 2.4.17-1ubuntu2): |
592 | + + d/rules: Enable -DLDAP_CONNECTIONLESS |
593 | + + d/libldap-2.4-2.symbols: add symbols for CLDAP (UDP) |
594 | + This should be dropped when the soname changes. |
595 | + - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because |
596 | + of test timing issue. |
597 | + - d/rules: better regexp to match the Maintainer tag in d/control, |
598 | + needed in the Ubuntu case because of XSBC-Original-Maintainer |
599 | + (Closes #960448, LP #1875697) |
600 | + |
601 | + -- Andreas Hasenack <andreas@canonical.com> Tue, 08 Sep 2020 09:36:58 -0300 |
602 | + |
603 | openldap (2.4.53+dfsg-1) unstable; urgency=medium |
604 | |
605 | * New upstream release. |
606 | |
607 | -- Ryan Tandy <ryan@nardis.ca> Mon, 07 Sep 2020 09:47:28 -0700 |
608 | |
609 | +openldap (2.4.51+dfsg-1ubuntu1) groovy; urgency=medium |
610 | + |
611 | + * Merge with Debian unstable. Remaining changes: |
612 | + - Enable AppArmor support: |
613 | + + d/apparmor-profile: add AppArmor profile |
614 | + + d/rules: use dh_apparmor |
615 | + + d/control: Build-Depends on dh-apparmor |
616 | + + d/slapd.README.Debian: add note about AppArmor |
617 | + - Enable GSSAPI support (first added in 2.4.18-0ubuntu2): |
618 | + + d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): |
619 | + - Add --with-gssapi support |
620 | + - Make guess_service_principal() more robust when determining |
621 | + principal |
622 | + + d/configure.options: Configure with --with-gssapi |
623 | + + d/control: Added heimdal-dev as a build depend |
624 | + + d/rules: |
625 | + - Explicitly add -I/usr/include/heimdal to CFLAGS. |
626 | + - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS. |
627 | + + d/libldap-2.4-2.symbols: add symbols for GSSAPI support |
628 | + This should be dropped when the soname changes. |
629 | + - Enable ufw support: |
630 | + + d/control: suggest ufw. |
631 | + + d/rules: install ufw profile. |
632 | + + d/slapd.ufw.profile: add ufw profile. |
633 | + - Enable nss overlay: |
634 | + + d/rules: |
635 | + - add nssov to CONTRIB_MODULES |
636 | + - add sysconfdir to CONTRIB_MAKEVARS |
637 | + + d/slapd.install: install nssov overlay |
638 | + + d/slapd.manpages: install slapo-nssov(5) man page |
639 | + + d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding |
640 | + Debian bug #919136, we also have to patch the nssov makefile |
641 | + accordingly and thus update this patch. |
642 | + - d/{rules,slapd.py}: Add apport hook. |
643 | + - Add support for CLDAP (UDP) support, back then required by |
644 | + likewise-open (first enabled in 2.4.17-1ubuntu2): |
645 | + + d/rules: Enable -DLDAP_CONNECTIONLESS |
646 | + + d/libldap-2.4-2.symbols: add symbols for CLDAP (UDP) |
647 | + This should be dropped when the soname changes. |
648 | + - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because |
649 | + of test timing issue. |
650 | + - d/rules: better regexp to match the Maintainer tag in d/control, |
651 | + needed in the Ubuntu case because of XSBC-Original-Maintainer |
652 | + (Closes #960448, LP #1875697) |
653 | + * Dropped: |
654 | + - d/{slapd.default,slapd.README.Debian}: use the new configuration style. |
655 | + [In 2.4.51+dfsg-1] |
656 | + - d/slapd.scripts-common: |
657 | + + add slapcat_opts to local variables. |
658 | + + Fix backup directory naming for multiple reconfiguration. |
659 | + [In 2.4.51+dfsg-1] |
660 | + - debian/patches/set-maintainer-name: our d/rules change needs to |
661 | + be kept, but this patch is in 2.4.51+dfsg-1. |
662 | + |
663 | + -- Andreas Hasenack <andreas@canonical.com> Wed, 26 Aug 2020 11:03:24 -0300 |
664 | + |
665 | openldap (2.4.51+dfsg-1) unstable; urgency=medium |
666 | |
667 | * New upstream release. |
668 | @@ -370,6 +895,85 @@ openldap (2.4.51+dfsg-1) unstable; urgency=medium |
669 | |
670 | -- Ryan Tandy <ryan@nardis.ca> Sun, 23 Aug 2020 11:09:57 -0700 |
671 | |
672 | +openldap (2.4.50+dfsg-1ubuntu3) groovy; urgency=medium |
673 | + |
674 | + * No change rebuild against new libnettle8 and libhogweed6 ABI. |
675 | + |
676 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 29 Jun 2020 22:31:30 +0100 |
677 | + |
678 | +openldap (2.4.50+dfsg-1ubuntu2) groovy; urgency=medium |
679 | + |
680 | + * d/apparmor-profile: Update apparmor profile to grant access to |
681 | + the saslauthd socket, so that SASL authentication works. (LP: #1557157) |
682 | + |
683 | + -- Sergio Durigan Junior <sergio.durigan@canonical.com> Fri, 12 Jun 2020 18:20:42 -0400 |
684 | + |
685 | +openldap (2.4.50+dfsg-1ubuntu1) groovy; urgency=medium |
686 | + |
687 | + * Merge with Debian unstable. Remaining changes: |
688 | + - Enable AppArmor support: |
689 | + + d/apparmor-profile: add AppArmor profile |
690 | + + d/rules: use dh_apparmor |
691 | + + d/control: Build-Depends on dh-apparmor |
692 | + + d/slapd.README.Debian: add note about AppArmor |
693 | + - Enable GSSAPI support (first added in 2.4.18-0ubuntu2): |
694 | + + d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): |
695 | + - Add --with-gssapi support |
696 | + - Make guess_service_principal() more robust when determining |
697 | + principal |
698 | + + d/configure.options: Configure with --with-gssapi |
699 | + + d/control: Added heimdal-dev as a build depend |
700 | + + d/rules: |
701 | + - Explicitly add -I/usr/include/heimdal to CFLAGS. |
702 | + - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS. |
703 | + + d/libldap-2.4-2.symbols: add symbols for GSSAPI support |
704 | + This should be dropped when the soname changes. |
705 | + - Enable ufw support: |
706 | + + d/control: suggest ufw. |
707 | + + d/rules: install ufw profile. |
708 | + + d/slapd.ufw.profile: add ufw profile. |
709 | + - Enable nss overlay: |
710 | + + d/rules: |
711 | + - add nssov to CONTRIB_MODULES |
712 | + - add sysconfdir to CONTRIB_MAKEVARS |
713 | + + d/slapd.install: |
714 | + - install nssov overlay |
715 | + + d/slapd.manpages: |
716 | + - install slapo-nssov(5) man page |
717 | + + d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding |
718 | + Debian bug #919136, we also have to patch the nssov makefile |
719 | + accordingly and thus update this patch. |
720 | + - d/{rules,slapd.py}: Add apport hook. |
721 | + - d/slapd.scripts-common: |
722 | + + add slapcat_opts to local variables. |
723 | + + Fix backup directory naming for multiple reconfiguration. |
724 | + - d/{slapd.default,slapd.README.Debian}: use the new configuration style. |
725 | + - Add support for CLDAP (UDP) support, back then required by |
726 | + likewise-open (first enabled in 2.4.17-1ubuntu2): |
727 | + + d/rules: Enable -DLDAP_CONNECTIONLESS |
728 | + + d/libldap-2.4-2.symbols: add symbols for CLDAP (UDP) |
729 | + This should be dropped when the soname changes. |
730 | + - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because |
731 | + of test timing issue. |
732 | + * Dropped: |
733 | + - d/slapd.init.ldif: don't set olcRootDN since it's not defined in |
734 | + either the default DIT nor via an Authn mapping. |
735 | + [Not worth keeping a delta for, as having olcRootDN doesn't hurt] |
736 | + - Show distribution in version: |
737 | + - d/control: added lsb-release |
738 | + - d/patches/fix-ldap-distribution.patch: show distribution in version |
739 | + [Debian now shows the full package version] |
740 | + - SECURITY UPDATE: denial of service via nested search filters |
741 | + + debian/patches/CVE-2020-12243.patch: limit depth of nested |
742 | + filters in servers/slapd/filter.c. |
743 | + [Fixed upstream] |
744 | + * Added: |
745 | + - d/rules, debian/patches/set-maintainer-name: Extract maintainer |
746 | + address dynamically from debian/control. Thanks to Ryan Tandy |
747 | + <ryan@nardis.ca> (Closes: #960448, LP: #1875697) |
748 | + |
749 | + -- Andreas Hasenack <andreas@canonical.com> Mon, 01 Jun 2020 09:19:58 -0300 |
750 | + |
751 | openldap (2.4.50+dfsg-1) unstable; urgency=medium |
752 | |
753 | * New upstream release. |
754 | @@ -412,6 +1016,69 @@ openldap (2.4.49+dfsg-3) unstable; urgency=medium |
755 | |
756 | -- Ryan Tandy <ryan@nardis.ca> Sat, 04 Apr 2020 10:43:56 -0700 |
757 | |
758 | +openldap (2.4.49+dfsg-2ubuntu2) groovy; urgency=medium |
759 | + |
760 | + * SECURITY UPDATE: denial of service via nested search filters |
761 | + - debian/patches/CVE-2020-12243.patch: limit depth of nested filters in |
762 | + servers/slapd/filter.c. |
763 | + - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because of |
764 | + test timing issue. |
765 | + - CVE-2020-12243 |
766 | + |
767 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 01 May 2020 13:09:12 -0400 |
768 | + |
769 | +openldap (2.4.49+dfsg-2ubuntu1) focal; urgency=medium |
770 | + |
771 | + * Merge with Debian unstable (LP: #1866303). Remaining changes: |
772 | + - Enable AppArmor support: |
773 | + - d/apparmor-profile: add AppArmor profile |
774 | + - d/rules: use dh_apparmor |
775 | + - d/control: Build-Depends on dh-apparmor |
776 | + - d/slapd.README.Debian: add note about AppArmor |
777 | + - Enable GSSAPI support: |
778 | + - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): |
779 | + - Add --with-gssapi support |
780 | + - Make guess_service_principal() more robust when determining |
781 | + principal |
782 | + [Dropped the ldap_gssapi_bind_s() hunk as that is already |
783 | + - d/configure.options: Configure with --with-gssapi |
784 | + - d/control: Added heimdal-dev as a build depend |
785 | + - d/rules: |
786 | + - Explicitly add -I/usr/include/heimdal to CFLAGS. |
787 | + - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS. |
788 | + - Enable ufw support: |
789 | + - d/control: suggest ufw. |
790 | + - d/rules: install ufw profile. |
791 | + - d/slapd.ufw.profile: add ufw profile. |
792 | + - Enable nss overlay: |
793 | + - d/rules: |
794 | + - add nssov to CONTRIB_MODULES |
795 | + - add sysconfdir to CONTRIB_MAKEVARS |
796 | + - d/slapd.install: |
797 | + - install nssov overlay |
798 | + - d/slapd.manpages: |
799 | + - install slapo-nssov(5) man page |
800 | + - d/{rules,slapd.py}: Add apport hook. |
801 | + - d/slapd.init.ldif: don't set olcRootDN since it's not defined in |
802 | + either the default DIT nor via an Authn mapping. |
803 | + - d/slapd.scripts-common: |
804 | + - add slapcat_opts to local variables. |
805 | + - Fix backup directory naming for multiple reconfiguration. |
806 | + - d/{slapd.default,slapd.README.Debian}: use the new configuration style. |
807 | + - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support |
808 | + in the openldap library, as required by Likewise-Open |
809 | + - Show distribution in version: |
810 | + - d/control: added lsb-release |
811 | + - d/patches/fix-ldap-distribution.patch: show distribution in version |
812 | + - d/libldap-2.4-2.symbols: Add symbols not present in Debian. |
813 | + - CLDAP (UDP) was added in 2.4.17-1ubuntu2 |
814 | + - GSSAPI support was enabled in 2.4.18-0ubuntu2 |
815 | + - d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding |
816 | + Debian bug #919136, we also have to patch the nssov makefile |
817 | + accordingly and thus update this patch. |
818 | + |
819 | + -- Andreas Hasenack <andreas@canonical.com> Fri, 06 Mar 2020 11:39:12 -0300 |
820 | + |
821 | openldap (2.4.49+dfsg-2) unstable; urgency=medium |
822 | |
823 | * slapd.README.Debian: Document the initial setup performed by slapd's |
824 | @@ -423,6 +1090,62 @@ openldap (2.4.49+dfsg-2) unstable; urgency=medium |
825 | |
826 | -- Ryan Tandy <ryan@nardis.ca> Thu, 05 Mar 2020 12:59:46 -0800 |
827 | |
828 | +openldap (2.4.49+dfsg-1ubuntu1) focal; urgency=medium |
829 | + |
830 | + * Merge with Debian unstable. Remaining changes: |
831 | + - Enable AppArmor support: |
832 | + - d/apparmor-profile: add AppArmor profile |
833 | + - d/rules: use dh_apparmor |
834 | + - d/control: Build-Depends on dh-apparmor |
835 | + - d/slapd.README.Debian: add note about AppArmor |
836 | + - Enable GSSAPI support: |
837 | + - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): |
838 | + - Add --with-gssapi support |
839 | + - Make guess_service_principal() more robust when determining |
840 | + principal |
841 | + [Dropped the ldap_gssapi_bind_s() hunk as that is already |
842 | + - d/configure.options: Configure with --with-gssapi |
843 | + - d/control: Added heimdal-dev as a build depend |
844 | + - d/rules: |
845 | + - Explicitly add -I/usr/include/heimdal to CFLAGS. |
846 | + - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS. |
847 | + - Enable ufw support: |
848 | + - d/control: suggest ufw. |
849 | + - d/rules: install ufw profile. |
850 | + - d/slapd.ufw.profile: add ufw profile. |
851 | + - Enable nss overlay: |
852 | + - d/rules: |
853 | + - add nssov to CONTRIB_MODULES |
854 | + - add sysconfdir to CONTRIB_MAKEVARS |
855 | + - d/slapd.install: |
856 | + - install nssov overlay |
857 | + - d/slapd.manpages: |
858 | + - install slapo-nssov(5) man page |
859 | + - d/{rules,slapd.py}: Add apport hook. |
860 | + - d/slapd.init.ldif: don't set olcRootDN since it's not defined in |
861 | + either the default DIT nor via an Authn mapping. |
862 | + - d/slapd.scripts-common: |
863 | + - add slapcat_opts to local variables. |
864 | + - Fix backup directory naming for multiple reconfiguration. |
865 | + - d/{slapd.default,slapd.README.Debian}: use the new configuration style. |
866 | + - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support |
867 | + in the openldap library, as required by Likewise-Open |
868 | + - Show distribution in version: |
869 | + - d/control: added lsb-release |
870 | + - d/patches/fix-ldap-distribution.patch: show distribution in version |
871 | + - d/libldap-2.4-2.symbols: Add symbols not present in Debian. |
872 | + - CLDAP (UDP) was added in 2.4.17-1ubuntu2 |
873 | + - GSSAPI support was enabled in 2.4.18-0ubuntu2 |
874 | + - d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding |
875 | + Debian bug #919136, we also have to patch the nssov makefile |
876 | + accordingly and thus update this patch. |
877 | + * Dropped: |
878 | + - d/control: slapd can depend on perl:any since it only uses perl for |
879 | + some maintainer and helper scripts. |
880 | + [In 2.4.49+dfsg-1] |
881 | + |
882 | + -- Andreas Hasenack <andreas@canonical.com> Mon, 10 Feb 2020 12:13:47 -0300 |
883 | + |
884 | openldap (2.4.49+dfsg-1) unstable; urgency=medium |
885 | |
886 | * New upstream release. |
887 | @@ -451,6 +1174,102 @@ openldap (2.4.49+dfsg-1) unstable; urgency=medium |
888 | |
889 | -- Ryan Tandy <ryan@nardis.ca> Thu, 06 Feb 2020 10:08:12 -0800 |
890 | |
891 | +openldap (2.4.48+dfsg-1ubuntu4) focal; urgency=medium |
892 | + |
893 | + * d/control: slapd can depend on perl:any since it only uses perl for |
894 | + some maintainer and helper scripts. The perl backend links against |
895 | + the correct architecture perl libraries already. Can be dropped |
896 | + after https://salsa.debian.org/openldap-team/openldap/commit/794c736 |
897 | + is in a Debian upload. |
898 | + |
899 | + -- Andreas Hasenack <andreas@canonical.com> Mon, 06 Jan 2020 16:46:11 -0300 |
900 | + |
901 | +openldap (2.4.48+dfsg-1ubuntu3) focal; urgency=medium |
902 | + |
903 | + * No-change rebuild against libnettle7 |
904 | + |
905 | + -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 31 Oct 2019 22:13:44 +0000 |
906 | + |
907 | +openldap (2.4.48+dfsg-1ubuntu2) focal; urgency=medium |
908 | + |
909 | + * No-change rebuild for the perl update. |
910 | + |
911 | + -- Matthias Klose <doko@ubuntu.com> Fri, 18 Oct 2019 19:37:23 +0000 |
912 | + |
913 | +openldap (2.4.48+dfsg-1ubuntu1) eoan; urgency=medium |
914 | + |
915 | + * Merge with Debian unstable. Remaining changes: |
916 | + - Enable AppArmor support: |
917 | + - d/apparmor-profile: add AppArmor profile |
918 | + - d/rules: use dh_apparmor |
919 | + - d/control: Build-Depends on dh-apparmor |
920 | + - d/slapd.README.Debian: add note about AppArmor |
921 | + - Enable GSSAPI support: |
922 | + - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): |
923 | + - Add --with-gssapi support |
924 | + - Make guess_service_principal() more robust when determining |
925 | + principal |
926 | + - d/configure.options: Configure with --with-gssapi |
927 | + - d/control: Added heimdal-dev as a build depend |
928 | + - d/rules: |
929 | + - Explicitly add -I/usr/include/heimdal to CFLAGS. |
930 | + - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS. |
931 | + - Enable ufw support: |
932 | + - d/control: suggest ufw. |
933 | + - d/rules: install ufw profile. |
934 | + - d/slapd.ufw.profile: add ufw profile. |
935 | + - Enable nss overlay: |
936 | + - d/rules: |
937 | + - add nssov to CONTRIB_MODULES |
938 | + - add sysconfdir to CONTRIB_MAKEVARS |
939 | + - d/slapd.install: |
940 | + - install nssov overlay |
941 | + - d/slapd.manpages: |
942 | + - install slapo-nssov(5) man page |
943 | + - d/{rules,slapd.py}: Add apport hook. |
944 | + - d/slapd.init.ldif: don't set olcRootDN since it's not defined in |
945 | + either the default DIT nor via an Authn mapping. |
946 | + - d/slapd.scripts-common: |
947 | + - add slapcat_opts to local variables. |
948 | + - Fix backup directory naming for multiple reconfiguration. |
949 | + - d/{slapd.default,slapd.README.Debian}: use the new configuration style. |
950 | + - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support |
951 | + in the openldap library, as required by Likewise-Open |
952 | + - Show distribution in version: |
953 | + - d/control: added lsb-release |
954 | + - d/patches/fix-ldap-distribution.patch: show distribution in version |
955 | + - d/libldap-2.4-2.symbols: Add symbols not present in Debian. |
956 | + - CLDAP (UDP) was added in 2.4.17-1ubuntu2 |
957 | + - GSSAPI support was enabled in 2.4.18-0ubuntu2 |
958 | + - d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding |
959 | + Debian bug #919136, we also have to patch the nssov makefile |
960 | + accordingly and thus update this patch. |
961 | + * Dropped: |
962 | + - Fix sysv-generator unit file by customizing parameters (LP #1821343) |
963 | + + d/slapd-remain-after-exit.conf: Override RemainAfterExit to allow |
964 | + correct systemctl status for slapd daemon. |
965 | + + d/slapd.install: place override file in correct location. |
966 | + [Included in 2.4.48+dfsg-1] |
967 | + - SECURITY UPDATE: rootDN proxyauthz not restricted to its own databases |
968 | + + debian/patches/CVE-2019-13057-1.patch: add restriction to |
969 | + servers/slapd/saslauthz.c. |
970 | + + debian/patches/CVE-2019-13057-2.patch: add tests to |
971 | + tests/data/idassert.out, tests/data/slapd-idassert.conf, |
972 | + tests/data/test-idassert1.ldif, tests/scripts/test028-idassert. |
973 | + + debian/patches/CVE-2019-13057-3.patch: fix typo in |
974 | + tests/scripts/test028-idassert. |
975 | + + debian/patches/CVE-2019-13057-4.patch: fix typo in |
976 | + tests/scripts/test028-idassert. |
977 | + + CVE-2019-13057 |
978 | + [Fixed upstream] |
979 | + - SECURITY UPDATE: SASL SSF not initialized per connection |
980 | + + debian/patches/CVE-2019-13565.patch: zero out sasl_ssf in |
981 | + connection_init in servers/slapd/connection.c. |
982 | + + CVE-2019-13565 |
983 | + [Fixed upstream] |
984 | + |
985 | + -- Andreas Hasenack <andreas@canonical.com> Wed, 31 Jul 2019 18:01:14 -0300 |
986 | + |
987 | openldap (2.4.48+dfsg-1) unstable; urgency=medium |
988 | |
989 | * New upstream release. |
990 | @@ -478,6 +1297,87 @@ openldap (2.4.48+dfsg-1) unstable; urgency=medium |
991 | |
992 | -- Ryan Tandy <ryan@nardis.ca> Thu, 25 Jul 2019 08:32:00 -0700 |
993 | |
994 | +openldap (2.4.47+dfsg-3ubuntu3) eoan; urgency=medium |
995 | + |
996 | + * SECURITY UPDATE: rootDN proxyauthz not restricted to its own databases |
997 | + - debian/patches/CVE-2019-13057-1.patch: add restriction to |
998 | + servers/slapd/saslauthz.c. |
999 | + - debian/patches/CVE-2019-13057-2.patch: add tests to |
1000 | + tests/data/idassert.out, tests/data/slapd-idassert.conf, |
1001 | + tests/data/test-idassert1.ldif, tests/scripts/test028-idassert. |
1002 | + - debian/patches/CVE-2019-13057-3.patch: fix typo in |
1003 | + tests/scripts/test028-idassert. |
1004 | + - debian/patches/CVE-2019-13057-4.patch: fix typo in |
1005 | + tests/scripts/test028-idassert. |
1006 | + - CVE-2019-13057 |
1007 | + * SECURITY UPDATE: SASL SSF not initialized per connection |
1008 | + - debian/patches/CVE-2019-13565.patch: zero out sasl_ssf in |
1009 | + connection_init in servers/slapd/connection.c. |
1010 | + - CVE-2019-13565 |
1011 | + |
1012 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 26 Jul 2019 13:21:00 -0400 |
1013 | + |
1014 | +openldap (2.4.47+dfsg-3ubuntu2) disco; urgency=medium |
1015 | + |
1016 | + * Fix sysv-generator unit file by customizing parameters (LP: #1821343) |
1017 | + - d/slapd-remain-after-exit.conf: Override RemainAfterExit to allow |
1018 | + correct systemctl status for slapd daemon. |
1019 | + - d/slapd.install: place override file in correct location. |
1020 | + |
1021 | + -- Heitor Alves de Siqueira <halves@canonical.com> Mon, 08 Apr 2019 12:39:12 -0300 |
1022 | + |
1023 | +openldap (2.4.47+dfsg-3ubuntu1) disco; urgency=medium |
1024 | + |
1025 | + * Merge with Debian unstable. Remaining changes: |
1026 | + - Enable AppArmor support: |
1027 | + - d/apparmor-profile: add AppArmor profile |
1028 | + - d/rules: use dh_apparmor |
1029 | + - d/control: Build-Depends on dh-apparmor |
1030 | + - d/slapd.README.Debian: add note about AppArmor |
1031 | + - Enable GSSAPI support: |
1032 | + - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): |
1033 | + - Add --with-gssapi support |
1034 | + - Make guess_service_principal() more robust when determining |
1035 | + principal |
1036 | + - d/configure.options: Configure with --with-gssapi |
1037 | + - d/control: Added heimdal-dev as a build depend |
1038 | + - d/rules: |
1039 | + - Explicitly add -I/usr/include/heimdal to CFLAGS. |
1040 | + - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS. |
1041 | + - Enable ufw support: |
1042 | + - d/control: suggest ufw. |
1043 | + - d/rules: install ufw profile. |
1044 | + - d/slapd.ufw.profile: add ufw profile. |
1045 | + - Enable nss overlay: |
1046 | + - d/rules: |
1047 | + - add nssov to CONTRIB_MODULES |
1048 | + - add sysconfdir to CONTRIB_MAKEVARS |
1049 | + - d/slapd.install: |
1050 | + - install nssov overlay |
1051 | + - d/slapd.manpages: |
1052 | + - install slapo-nssov(5) man page |
1053 | + - d/{rules,slapd.py}: Add apport hook. |
1054 | + - d/slapd.init.ldif: don't set olcRootDN since it's not defined in |
1055 | + either the default DIT nor via an Authn mapping. |
1056 | + - d/slapd.scripts-common: |
1057 | + - add slapcat_opts to local variables. |
1058 | + - Fix backup directory naming for multiple reconfiguration. |
1059 | + - d/{slapd.default,slapd.README.Debian}: use the new configuration style. |
1060 | + - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support |
1061 | + in the openldap library, as required by Likewise-Open |
1062 | + - Show distribution in version: |
1063 | + - d/control: added lsb-release |
1064 | + - d/patches/fix-ldap-distribution.patch: show distribution in version |
1065 | + - d/libldap-2.4-2.symbols: Add symbols not present in Debian. |
1066 | + - CLDAP (UDP) was added in 2.4.17-1ubuntu2 |
1067 | + - GSSAPI support was enabled in 2.4.18-0ubuntu2 |
1068 | + * Added changes: |
1069 | + - d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding |
1070 | + Debian bug #919136, we also have to patch the nssov makefile |
1071 | + accordingly and thus update this patch. |
1072 | + |
1073 | + -- Andreas Hasenack <andreas@canonical.com> Mon, 11 Feb 2019 09:20:47 -0200 |
1074 | + |
1075 | openldap (2.4.47+dfsg-3) unstable; urgency=medium |
1076 | |
1077 | * Restore patches to contrib Makefiles to set CFLAGS, CPPFLAGS, and LDFLAGS |
1078 | @@ -493,6 +1393,63 @@ openldap (2.4.47+dfsg-3) unstable; urgency=medium |
1079 | |
1080 | -- Ryan Tandy <ryan@nardis.ca> Sat, 02 Feb 2019 10:30:10 -0800 |
1081 | |
1082 | +openldap (2.4.47+dfsg-2ubuntu1) disco; urgency=medium |
1083 | + |
1084 | + * Merge from Debian unstable (LP: #1811630). Remaining changes: |
1085 | + - Enable AppArmor support: |
1086 | + - d/apparmor-profile: add AppArmor profile |
1087 | + - d/rules: use dh_apparmor |
1088 | + - d/control: Build-Depends on dh-apparmor |
1089 | + - d/slapd.README.Debian: add note about AppArmor |
1090 | + - Enable GSSAPI support: |
1091 | + - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): |
1092 | + - Add --with-gssapi support |
1093 | + - Make guess_service_principal() more robust when determining |
1094 | + principal |
1095 | + - d/configure.options: Configure with --with-gssapi |
1096 | + - d/control: Added heimdal-dev as a build depend |
1097 | + - d/rules: |
1098 | + - Explicitly add -I/usr/include/heimdal to CFLAGS. |
1099 | + - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS. |
1100 | + - Enable ufw support: |
1101 | + - d/control: suggest ufw. |
1102 | + - d/rules: install ufw profile. |
1103 | + - d/slapd.ufw.profile: add ufw profile. |
1104 | + - Enable nss overlay: |
1105 | + - d/rules: |
1106 | + - add nssov to CONTRIB_MODULES |
1107 | + - add sysconfdir to CONTRIB_MAKEVARS |
1108 | + - d/slapd.install: |
1109 | + - install nssov overlay |
1110 | + - d/slapd.manpages: |
1111 | + - install slapo-nssov(5) man page |
1112 | + - d/{rules,slapd.py}: Add apport hook. |
1113 | + - d/slapd.init.ldif: don't set olcRootDN since it's not defined in |
1114 | + either the default DIT nor via an Authn mapping. |
1115 | + - d/slapd.scripts-common: |
1116 | + - add slapcat_opts to local variables. |
1117 | + - Fix backup directory naming for multiple reconfiguration. |
1118 | + - d/{slapd.default,slapd.README.Debian}: use the new configuration style. |
1119 | + - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support |
1120 | + in the openldap library, as required by Likewise-Open |
1121 | + - Show distribution in version: |
1122 | + - d/control: added lsb-release |
1123 | + - d/patches/fix-ldap-distribution.patch: show distribution in version |
1124 | + - d/libldap-2.4-2.symbols: Add symbols not present in Debian. |
1125 | + - CLDAP (UDP) was added in 2.4.17-1ubuntu2 |
1126 | + - GSSAPI support was enabled in 2.4.18-0ubuntu2 |
1127 | + * Update nssov build and packaging for Debian changes: |
1128 | + - Drop patch nssov-build |
1129 | + - d/rules: |
1130 | + - add nssov to CONTRIB_MODULES |
1131 | + - add sysconfdir to CONTRIB_MAKEVARS |
1132 | + - d/slapd.install: |
1133 | + - install nssov overlay |
1134 | + - d/slapd.manpages: |
1135 | + - install slapo-nssov(5) man page |
1136 | + |
1137 | + -- Ryan Tandy <ryan@nardis.ca> Sun, 13 Jan 2019 04:47:09 +0000 |
1138 | + |
1139 | openldap (2.4.47+dfsg-2) unstable; urgency=medium |
1140 | |
1141 | * Reintroduce slapi-dev binary package. (Closes: #711469) |
1142 | @@ -530,6 +1487,63 @@ openldap (2.4.47+dfsg-1) unstable; urgency=medium |
1143 | |
1144 | -- Ryan Tandy <ryan@nardis.ca> Sun, 23 Dec 2018 12:50:40 -0800 |
1145 | |
1146 | +openldap (2.4.46+dfsg-5ubuntu3) disco; urgency=medium |
1147 | + |
1148 | + * d/apparmor-profile: update apparmor profile to allow reading of |
1149 | + files needed when slapd is behaving as a kerberos/gssapi client |
1150 | + and acquiring its own ticket. (LP: #1783183) |
1151 | + |
1152 | + -- Andreas Hasenack <andreas@canonical.com> Fri, 09 Nov 2018 21:29:51 -0200 |
1153 | + |
1154 | +openldap (2.4.46+dfsg-5ubuntu2) disco; urgency=medium |
1155 | + |
1156 | + * No-change rebuild for the perl 5.28 transition. |
1157 | + |
1158 | + -- Adam Conrad <adconrad@ubuntu.com> Fri, 02 Nov 2018 18:14:37 -0600 |
1159 | + |
1160 | +openldap (2.4.46+dfsg-5ubuntu1) cosmic; urgency=medium |
1161 | + |
1162 | + * Merge from Debian unstable. Remaining changes: |
1163 | + - Enable AppArmor support: |
1164 | + - d/apparmor-profile: add AppArmor profile |
1165 | + - d/rules: use dh_apparmor |
1166 | + - d/control: Build-Depends on dh-apparmor |
1167 | + - d/slapd.README.Debian: add note about AppArmor |
1168 | + - Enable GSSAPI support: |
1169 | + - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): |
1170 | + - Add --with-gssapi support |
1171 | + - Make guess_service_principal() more robust when determining |
1172 | + principal |
1173 | + - d/configure.options: Configure with --with-gssapi |
1174 | + - d/control: Added heimdal-dev as a build depend |
1175 | + - d/rules: |
1176 | + - Explicitly add -I/usr/include/heimdal to CFLAGS. |
1177 | + - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS. |
1178 | + - Enable ufw support: |
1179 | + - d/control: suggest ufw. |
1180 | + - d/rules: install ufw profile. |
1181 | + - d/slapd.ufw.profile: add ufw profile. |
1182 | + - Enable nss overlay: |
1183 | + - d/{patches/nssov-build,rules}: Apply, build and package the |
1184 | + nss overlay. |
1185 | + - d/{rules,slapd.py}: Add apport hook. |
1186 | + - d/slapd.init.ldif: don't set olcRootDN since it's not defined in |
1187 | + either the default DIT nor via an Authn mapping. |
1188 | + - d/slapd.scripts-common: |
1189 | + - add slapcat_opts to local variables. |
1190 | + - Fix backup directory naming for multiple reconfiguration. |
1191 | + - d/{slapd.default,slapd.README.Debian}: use the new configuration style. |
1192 | + - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support |
1193 | + in the openldap library, as required by Likewise-Open |
1194 | + - Show distribution in version: |
1195 | + - d/control: added lsb-release |
1196 | + - d/patches/fix-ldap-distribution.patch: show distribution in version |
1197 | + - d/libldap-2.4-2.symbols: Add symbols not present in Debian. |
1198 | + - CLDAP (UDP) was added in 2.4.17-1ubuntu2 |
1199 | + - GSSAPI support was enabled in 2.4.18-0ubuntu2 |
1200 | + |
1201 | + -- Gianfranco Costamagna <locutusofborg@debian.org> Wed, 09 May 2018 13:44:37 +0200 |
1202 | + |
1203 | openldap (2.4.46+dfsg-5) unstable; urgency=medium |
1204 | |
1205 | * Restore slapd-smbk5pwd now that libldap is installable in unstable. |
1206 | @@ -549,6 +1563,49 @@ openldap (2.4.46+dfsg-3) unstable; urgency=medium |
1207 | |
1208 | -- Ryan Tandy <ryan@nardis.ca> Fri, 04 May 2018 07:36:58 -0700 |
1209 | |
1210 | +openldap (2.4.46+dfsg-2ubuntu1) cosmic; urgency=low |
1211 | + |
1212 | + * Merge from Debian unstable. Remaining changes: |
1213 | + - Enable AppArmor support: |
1214 | + - d/apparmor-profile: add AppArmor profile |
1215 | + - d/rules: use dh_apparmor |
1216 | + - d/control: Build-Depends on dh-apparmor |
1217 | + - d/slapd.README.Debian: add note about AppArmor |
1218 | + - Enable GSSAPI support: |
1219 | + - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): |
1220 | + - Add --with-gssapi support |
1221 | + - Make guess_service_principal() more robust when determining |
1222 | + principal |
1223 | + - d/configure.options: Configure with --with-gssapi |
1224 | + - d/control: Added heimdal-dev as a build depend |
1225 | + - d/rules: |
1226 | + - Explicitly add -I/usr/include/heimdal to CFLAGS. |
1227 | + - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS. |
1228 | + - Enable ufw support: |
1229 | + - d/control: suggest ufw. |
1230 | + - d/rules: install ufw profile. |
1231 | + - d/slapd.ufw.profile: add ufw profile. |
1232 | + - Enable nss overlay: |
1233 | + - d/{patches/nssov-build,rules}: Apply, build and package the |
1234 | + nss overlay. |
1235 | + - d/{rules,slapd.py}: Add apport hook. |
1236 | + - d/slapd.init.ldif: don't set olcRootDN since it's not defined in |
1237 | + either the default DIT nor via an Authn mapping. |
1238 | + - d/slapd.scripts-common: |
1239 | + - add slapcat_opts to local variables. |
1240 | + - Fix backup directory naming for multiple reconfiguration. |
1241 | + - d/{slapd.default,slapd.README.Debian}: use the new configuration style. |
1242 | + - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support |
1243 | + in the openldap library, as required by Likewise-Open |
1244 | + - Show distribution in version: |
1245 | + - d/control: added lsb-release |
1246 | + - d/patches/fix-ldap-distribution.patch: show distribution in version |
1247 | + - d/libldap-2.4-2.symbols: Add symbols not present in Debian. |
1248 | + - CLDAP (UDP) was added in 2.4.17-1ubuntu2 |
1249 | + - GSSAPI support was enabled in 2.4.18-0ubuntu2 |
1250 | + |
1251 | + -- Gianfranco Costamagna <locutusofborg@debian.org> Fri, 04 May 2018 10:19:24 +0200 |
1252 | + |
1253 | openldap (2.4.46+dfsg-2) unstable; urgency=medium |
1254 | |
1255 | * Remove version constraint from libldap-2.4-2 dependency on libldap-common. |
1256 | @@ -578,6 +1635,49 @@ openldap (2.4.46+dfsg-1) unstable; urgency=medium |
1257 | |
1258 | -- Ryan Tandy <ryan@nardis.ca> Thu, 03 May 2018 07:03:30 -0700 |
1259 | |
1260 | +openldap (2.4.45+dfsg-1ubuntu1) artful; urgency=low |
1261 | + |
1262 | + * Merge from Debian unstable. Remaining changes: |
1263 | + - Enable AppArmor support: |
1264 | + - d/apparmor-profile: add AppArmor profile |
1265 | + - d/rules: use dh_apparmor |
1266 | + - d/control: Build-Depends on dh-apparmor |
1267 | + - d/slapd.README.Debian: add note about AppArmor |
1268 | + - Enable GSSAPI support: |
1269 | + - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): |
1270 | + - Add --with-gssapi support |
1271 | + - Make guess_service_principal() more robust when determining |
1272 | + principal |
1273 | + - d/configure.options: Configure with --with-gssapi |
1274 | + - d/control: Added heimdal-dev as a build depend |
1275 | + - d/rules: |
1276 | + - Explicitly add -I/usr/include/heimdal to CFLAGS. |
1277 | + - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS. |
1278 | + - Enable ufw support: |
1279 | + - d/control: suggest ufw. |
1280 | + - d/rules: install ufw profile. |
1281 | + - d/slapd.ufw.profile: add ufw profile. |
1282 | + - Enable nss overlay: |
1283 | + - d/{patches/nssov-build,rules}: Apply, build and package the |
1284 | + nss overlay. |
1285 | + - d/{rules,slapd.py}: Add apport hook. |
1286 | + - d/slapd.init.ldif: don't set olcRootDN since it's not defined in |
1287 | + either the default DIT nor via an Authn mapping. |
1288 | + - d/slapd.scripts-common: |
1289 | + - add slapcat_opts to local variables. |
1290 | + - Fix backup directory naming for multiple reconfiguration. |
1291 | + - d/{slapd.default,slapd.README.Debian}: use the new configuration style. |
1292 | + - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support |
1293 | + in the openldap library, as required by Likewise-Open |
1294 | + - Show distribution in version: |
1295 | + - d/control: added lsb-release |
1296 | + - d/patches/fix-ldap-distribution.patch: show distribution in version |
1297 | + - d/libldap-2.4-2.symbols: Add symbols not present in Debian. |
1298 | + - CLDAP (UDP) was added in 2.4.17-1ubuntu2 |
1299 | + - GSSAPI support was enabled in 2.4.18-0ubuntu2 |
1300 | + |
1301 | + -- Gianfranco Costamagna <locutusofborg@debian.org> Fri, 28 Jul 2017 14:49:07 +0200 |
1302 | + |
1303 | openldap (2.4.45+dfsg-1) unstable; urgency=medium |
1304 | |
1305 | * New upstream release. |
1306 | @@ -619,6 +1719,49 @@ openldap (2.4.45+dfsg-1) unstable; urgency=medium |
1307 | |
1308 | -- Ryan Tandy <ryan@nardis.ca> Thu, 27 Jul 2017 18:04:41 -0700 |
1309 | |
1310 | +openldap (2.4.44+dfsg-8ubuntu1) artful; urgency=low |
1311 | + |
1312 | + * Merge from Debian unstable. Remaining changes: |
1313 | + - Enable AppArmor support: |
1314 | + - d/apparmor-profile: add AppArmor profile |
1315 | + - d/rules: use dh_apparmor |
1316 | + - d/control: Build-Depends on dh-apparmor |
1317 | + - d/slapd.README.Debian: add note about AppArmor |
1318 | + - Enable GSSAPI support: |
1319 | + - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): |
1320 | + - Add --with-gssapi support |
1321 | + - Make guess_service_principal() more robust when determining |
1322 | + principal |
1323 | + - d/configure.options: Configure with --with-gssapi |
1324 | + - d/control: Added heimdal-dev as a build depend |
1325 | + - d/rules: |
1326 | + - Explicitly add -I/usr/include/heimdal to CFLAGS. |
1327 | + - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS. |
1328 | + - Enable ufw support: |
1329 | + - d/control: suggest ufw. |
1330 | + - d/rules: install ufw profile. |
1331 | + - d/slapd.ufw.profile: add ufw profile. |
1332 | + - Enable nss overlay: |
1333 | + - d/{patches/nssov-build,rules}: Apply, build and package the |
1334 | + nss overlay. |
1335 | + - d/{rules,slapd.py}: Add apport hook. |
1336 | + - d/slapd.init.ldif: don't set olcRootDN since it's not defined in |
1337 | + either the default DIT nor via an Authn mapping. |
1338 | + - d/slapd.scripts-common: |
1339 | + - add slapcat_opts to local variables. |
1340 | + - Fix backup directory naming for multiple reconfiguration. |
1341 | + - d/{slapd.default,slapd.README.Debian}: use the new configuration style. |
1342 | + - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support |
1343 | + in the openldap library, as required by Likewise-Open |
1344 | + - Show distribution in version: |
1345 | + - d/control: added lsb-release |
1346 | + - d/patches/fix-ldap-distribution.patch: show distribution in version |
1347 | + - d/libldap-2.4-2.symbols: Add symbols not present in Debian. |
1348 | + - CLDAP (UDP) was added in 2.4.17-1ubuntu2 |
1349 | + - GSSAPI support was enabled in 2.4.18-0ubuntu2 |
1350 | + |
1351 | + -- Gianfranco Costamagna <locutusofborg@debian.org> Mon, 17 Jul 2017 10:58:24 +0200 |
1352 | + |
1353 | openldap (2.4.44+dfsg-8) unstable; urgency=medium |
1354 | |
1355 | * Disable test060-mt-hot on ppc64el temporarily to avoid failing tests until |
1356 | @@ -629,6 +1772,52 @@ openldap (2.4.44+dfsg-8) unstable; urgency=medium |
1357 | |
1358 | -- Ryan Tandy <ryan@nardis.ca> Sun, 16 Jul 2017 12:57:41 -0700 |
1359 | |
1360 | +openldap (2.4.44+dfsg-7ubuntu1) artful; urgency=medium |
1361 | + |
1362 | + * Merge from Debian unstable. Remaining changes: |
1363 | + - Enable AppArmor support: |
1364 | + - d/apparmor-profile: add AppArmor profile |
1365 | + - d/rules: use dh_apparmor |
1366 | + - d/control: Build-Depends on dh-apparmor |
1367 | + - d/slapd.README.Debian: add note about AppArmor |
1368 | + - Enable GSSAPI support: |
1369 | + - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): |
1370 | + - Add --with-gssapi support |
1371 | + - Make guess_service_principal() more robust when determining |
1372 | + principal |
1373 | + - d/configure.options: Configure with --with-gssapi |
1374 | + - d/control: Added heimdal-dev as a build depend |
1375 | + - d/rules: |
1376 | + - Explicitly add -I/usr/include/heimdal to CFLAGS. |
1377 | + - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS. |
1378 | + - Enable ufw support: |
1379 | + - d/control: suggest ufw. |
1380 | + - d/rules: install ufw profile. |
1381 | + - d/slapd.ufw.profile: add ufw profile. |
1382 | + - Enable nss overlay: |
1383 | + - d/{patches/nssov-build,rules}: Apply, build and package the |
1384 | + nss overlay. |
1385 | + - d/{rules,slapd.py}: Add apport hook. |
1386 | + [ d/rules modification mentioned above was dropped in |
1387 | + 2.4.23-6ubuntu1, re-adding it ] |
1388 | + - d/slapd.init.ldif: don't set olcRootDN since it's not defined in |
1389 | + either the default DIT nor via an Authn mapping. |
1390 | + - d/slapd.scripts-common: |
1391 | + - add slapcat_opts to local variables. |
1392 | + - Fix backup directory naming for multiple reconfiguration. |
1393 | + - d/{slapd.default,slapd.README.Debian}: use the new configuration style. |
1394 | + - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support |
1395 | + in the openldap library, as required by Likewise-Open |
1396 | + - Show distribution in version: |
1397 | + - d/control: added lsb-release |
1398 | + - d/patches/fix-ldap-distribution.patch: show distribution in version |
1399 | + [ Refreshed patch ] |
1400 | + - d/libldap-2.4-2.symbols: Add symbols not present in Debian. |
1401 | + - CLDAP (UDP) was added in 2.4.17-1ubuntu2 |
1402 | + - GSSAPI support was enabled in 2.4.18-0ubuntu2 |
1403 | + |
1404 | + -- Gianfranco Costamagna <locutusofborg@debian.org> Tue, 27 Jun 2017 10:21:41 +0200 |
1405 | + |
1406 | openldap (2.4.44+dfsg-7) unstable; urgency=medium |
1407 | |
1408 | * Relax the dependency of libldap-2.4-2 on libldap-common to also permit |
1409 | @@ -636,6 +1825,52 @@ openldap (2.4.44+dfsg-7) unstable; urgency=medium |
1410 | |
1411 | -- Ryan Tandy <ryan@nardis.ca> Tue, 27 Jun 2017 18:53:12 -0700 |
1412 | |
1413 | +openldap (2.4.44+dfsg-6ubuntu1) artful; urgency=medium |
1414 | + |
1415 | + * Merge from Debian unstable. Remaining changes: |
1416 | + - Enable AppArmor support: |
1417 | + - d/apparmor-profile: add AppArmor profile |
1418 | + - d/rules: use dh_apparmor |
1419 | + - d/control: Build-Depends on dh-apparmor |
1420 | + - d/slapd.README.Debian: add note about AppArmor |
1421 | + - Enable GSSAPI support: |
1422 | + - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): |
1423 | + - Add --with-gssapi support |
1424 | + - Make guess_service_principal() more robust when determining |
1425 | + principal |
1426 | + - d/configure.options: Configure with --with-gssapi |
1427 | + - d/control: Added heimdal-dev as a build depend |
1428 | + - d/rules: |
1429 | + - Explicitly add -I/usr/include/heimdal to CFLAGS. |
1430 | + - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS. |
1431 | + - Enable ufw support: |
1432 | + - d/control: suggest ufw. |
1433 | + - d/rules: install ufw profile. |
1434 | + - d/slapd.ufw.profile: add ufw profile. |
1435 | + - Enable nss overlay: |
1436 | + - d/{patches/nssov-build,rules}: Apply, build and package the |
1437 | + nss overlay. |
1438 | + - d/{rules,slapd.py}: Add apport hook. |
1439 | + [ d/rules modification mentioned above was dropped in |
1440 | + 2.4.23-6ubuntu1, re-adding it ] |
1441 | + - d/slapd.init.ldif: don't set olcRootDN since it's not defined in |
1442 | + either the default DIT nor via an Authn mapping. |
1443 | + - d/slapd.scripts-common: |
1444 | + - add slapcat_opts to local variables. |
1445 | + - Fix backup directory naming for multiple reconfiguration. |
1446 | + - d/{slapd.default,slapd.README.Debian}: use the new configuration style. |
1447 | + - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support |
1448 | + in the openldap library, as required by Likewise-Open |
1449 | + - Show distribution in version: |
1450 | + - d/control: added lsb-release |
1451 | + - d/patches/fix-ldap-distribution.patch: show distribution in version |
1452 | + [ Refreshed patch ] |
1453 | + - d/libldap-2.4-2.symbols: Add symbols not present in Debian. |
1454 | + - CLDAP (UDP) was added in 2.4.17-1ubuntu2 |
1455 | + - GSSAPI support was enabled in 2.4.18-0ubuntu2 |
1456 | + |
1457 | + -- Gianfranco Costamagna <locutusofborg@debian.org> Tue, 27 Jun 2017 10:21:41 +0200 |
1458 | + |
1459 | openldap (2.4.44+dfsg-6) unstable; urgency=medium |
1460 | |
1461 | * Update the list of non-translatable strings for the |
1462 | @@ -644,6 +1879,54 @@ openldap (2.4.44+dfsg-6) unstable; urgency=medium |
1463 | |
1464 | -- Ryan Tandy <ryan@nardis.ca> Mon, 26 Jun 2017 19:42:02 -0700 |
1465 | |
1466 | +openldap (2.4.44+dfsg-5ubuntu1) artful; urgency=medium |
1467 | + |
1468 | + * Merge from Debian unstable. Remaining changes: |
1469 | + - Enable AppArmor support: |
1470 | + - d/apparmor-profile: add AppArmor profile |
1471 | + - d/rules: use dh_apparmor |
1472 | + - d/control: Build-Depends on dh-apparmor |
1473 | + - d/slapd.README.Debian: add note about AppArmor |
1474 | + - Enable GSSAPI support: |
1475 | + - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): |
1476 | + - Add --with-gssapi support |
1477 | + - Make guess_service_principal() more robust when determining |
1478 | + principal |
1479 | + - d/configure.options: Configure with --with-gssapi |
1480 | + - d/control: Added heimdal-dev as a build depend |
1481 | + - d/rules: |
1482 | + - Explicitly add -I/usr/include/heimdal to CFLAGS. |
1483 | + - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS. |
1484 | + - Enable ufw support: |
1485 | + - d/control: suggest ufw. |
1486 | + - d/rules: install ufw profile. |
1487 | + - d/slapd.ufw.profile: add ufw profile. |
1488 | + - Enable nss overlay: |
1489 | + - d/{patches/nssov-build,rules}: Apply, build and package the |
1490 | + nss overlay. |
1491 | + - d/{rules,slapd.py}: Add apport hook. |
1492 | + [ d/rules modification mentioned above was dropped in |
1493 | + 2.4.23-6ubuntu1, re-adding it ] |
1494 | + - d/slapd.init.ldif: don't set olcRootDN since it's not defined in |
1495 | + either the default DIT nor via an Authn mapping. |
1496 | + - d/slapd.scripts-common: |
1497 | + - add slapcat_opts to local variables. |
1498 | + - Fix backup directory naming for multiple reconfiguration. |
1499 | + - d/{slapd.default,slapd.README.Debian}: use the new configuration style. |
1500 | + - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support |
1501 | + in the openldap library, as required by Likewise-Open |
1502 | + - Show distribution in version: |
1503 | + - d/control: added lsb-release |
1504 | + - d/patches/fix-ldap-distribution.patch: show distribution in version |
1505 | + [ Refreshed patch ] |
1506 | + - d/libldap-2.4-2.symbols: Add symbols not present in Debian. |
1507 | + - CLDAP (UDP) was added in 2.4.17-1ubuntu2 |
1508 | + - GSSAPI support was enabled in 2.4.18-0ubuntu2 |
1509 | + [ undocumented in prior merge, added in 2.4.41+dfsg-1ubuntu1 ] |
1510 | + - Fix use after free with GnuTLS. (LP #1557248) |
1511 | + |
1512 | + -- Gianfranco Costamagna <locutusofborg@debian.org> Sun, 28 May 2017 22:43:50 +0200 |
1513 | + |
1514 | openldap (2.4.44+dfsg-5) unstable; urgency=medium |
1515 | |
1516 | * debian/patches/ITS-8644-wait-for-slapd-to-start-in-test064.patch: Fix an |
1517 | @@ -655,6 +1938,54 @@ openldap (2.4.44+dfsg-5) unstable; urgency=medium |
1518 | |
1519 | -- Ryan Tandy <ryan@nardis.ca> Sun, 28 May 2017 09:59:46 -0700 |
1520 | |
1521 | +openldap (2.4.44+dfsg-4ubuntu1) artful; urgency=low |
1522 | + |
1523 | + * Merge from Debian unstable. Remaining changes: |
1524 | + - Enable AppArmor support: |
1525 | + - d/apparmor-profile: add AppArmor profile |
1526 | + - d/rules: use dh_apparmor |
1527 | + - d/control: Build-Depends on dh-apparmor |
1528 | + - d/slapd.README.Debian: add note about AppArmor |
1529 | + - Enable GSSAPI support: |
1530 | + - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): |
1531 | + - Add --with-gssapi support |
1532 | + - Make guess_service_principal() more robust when determining |
1533 | + principal |
1534 | + - d/configure.options: Configure with --with-gssapi |
1535 | + - d/control: Added heimdal-dev as a build depend |
1536 | + - d/rules: |
1537 | + - Explicitly add -I/usr/include/heimdal to CFLAGS. |
1538 | + - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS. |
1539 | + - Enable ufw support: |
1540 | + - d/control: suggest ufw. |
1541 | + - d/rules: install ufw profile. |
1542 | + - d/slapd.ufw.profile: add ufw profile. |
1543 | + - Enable nss overlay: |
1544 | + - d/{patches/nssov-build,rules}: Apply, build and package the |
1545 | + nss overlay. |
1546 | + - d/{rules,slapd.py}: Add apport hook. |
1547 | + [ d/rules modification mentioned above was dropped in |
1548 | + 2.4.23-6ubuntu1, re-adding it ] |
1549 | + - d/slapd.init.ldif: don't set olcRootDN since it's not defined in |
1550 | + either the default DIT nor via an Authn mapping. |
1551 | + - d/slapd.scripts-common: |
1552 | + - add slapcat_opts to local variables. |
1553 | + - Fix backup directory naming for multiple reconfiguration. |
1554 | + - d/{slapd.default,slapd.README.Debian}: use the new configuration style. |
1555 | + - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support |
1556 | + in the openldap library, as required by Likewise-Open |
1557 | + - Show distribution in version: |
1558 | + - d/control: added lsb-release |
1559 | + - d/patches/fix-ldap-distribution.patch: show distribution in version |
1560 | + [ Refreshed patch ] |
1561 | + - d/libldap-2.4-2.symbols: Add symbols not present in Debian. |
1562 | + - CLDAP (UDP) was added in 2.4.17-1ubuntu2 |
1563 | + - GSSAPI support was enabled in 2.4.18-0ubuntu2 |
1564 | + [ undocumented in prior merge, added in 2.4.41+dfsg-1ubuntu1 ] |
1565 | + - Fix use after free with GnuTLS. (LP #1557248) |
1566 | + |
1567 | + -- Gianfranco Costamagna <locutusofborg@debian.org> Sat, 22 Apr 2017 14:28:54 +0200 |
1568 | + |
1569 | openldap (2.4.44+dfsg-4) unstable; urgency=medium |
1570 | |
1571 | * Improve the slapd/ppolicy_schema_needs_update debconf template. Thanks to |
1572 | @@ -701,6 +2032,67 @@ openldap (2.4.44+dfsg-4) unstable; urgency=medium |
1573 | |
1574 | -- Ryan Tandy <ryan@nardis.ca> Sun, 16 Apr 2017 20:10:43 -0700 |
1575 | |
1576 | +openldap (2.4.44+dfsg-3ubuntu2) zesty; urgency=medium |
1577 | + |
1578 | + * d/rules: Fix typo in previous upload. |
1579 | + |
1580 | + -- Nishanth Aravamudan <nish.aravamudan@canonical.com> Fri, 10 Feb 2017 12:17:02 -0800 |
1581 | + |
1582 | +openldap (2.4.44+dfsg-3ubuntu1) zesty; urgency=medium |
1583 | + |
1584 | + * Merge with Debian unstable (LP: #1663702, LP: #1654416). Remaining |
1585 | + changes |
1586 | + - Enable AppArmor support: |
1587 | + - d/apparmor-profile: add AppArmor profile |
1588 | + - d/rules: use dh_apparmor |
1589 | + - d/control: Build-Depends on dh-apparmor |
1590 | + - d/slapd.README.Debian: add note about AppArmor |
1591 | + - Enable GSSAPI support: |
1592 | + - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): |
1593 | + - Add --with-gssapi support |
1594 | + - Make guess_service_principal() more robust when determining |
1595 | + principal |
1596 | + - d/configure.options: Configure with --with-gssapi |
1597 | + - d/control: Added heimdal-dev as a build depend |
1598 | + - d/rules: |
1599 | + - Explicitly add -I/usr/include/heimdal to CFLAGS. |
1600 | + - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS. |
1601 | + - Enable ufw support: |
1602 | + - d/control: suggest ufw. |
1603 | + - d/rules: install ufw profile. |
1604 | + - d/slapd.ufw.profile: add ufw profile. |
1605 | + - Enable nss overlay: |
1606 | + - d/{patches/nssov-build,rules}: Apply, build and package the |
1607 | + nss overlay. |
1608 | + - d/{rules,slapd.py}: Add apport hook. |
1609 | + [ d/rules modification mentioned above was dropped in |
1610 | + 2.4.23-6ubuntu1, re-adding it ] |
1611 | + - d/slapd.init.ldif: don't set olcRootDN since it's not defined in |
1612 | + either the default DIT nor via an Authn mapping. |
1613 | + - d/slapd.scripts-common: |
1614 | + - add slapcat_opts to local variables. |
1615 | + - Fix backup directory naming for multiple reconfiguration. |
1616 | + - d/{slapd.default,slapd.README.Debian}: use the new configuration style. |
1617 | + - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support |
1618 | + in the openldap library, as required by Likewise-Open |
1619 | + - Show distribution in version: |
1620 | + - d/control: added lsb-release |
1621 | + - d/patches/fix-ldap-distribution.patch: show distribution in version |
1622 | + [ Refreshed patch ] |
1623 | + - d/libldap-2.4-2.symbols: Add symbols not present in Debian. |
1624 | + - CLDAP (UDP) was added in 2.4.17-1ubuntu2 |
1625 | + - GSSAPI support was enabled in 2.4.18-0ubuntu2 |
1626 | + [ undocumented in prior merge, added in 2.4.41+dfsg-1ubuntu1 ] |
1627 | + - Fix use after free with GnuTLS. (LP #1557248) |
1628 | + * Drop: |
1629 | + - d/slapd.scripts-common: |
1630 | + + Remove unused variable new_conf. |
1631 | + [ configure_v2_protocol_support function removed in 2.4.44+dfsg-1 ] |
1632 | + - d/b/config.log: add config.log |
1633 | + [ previously undocumented, stray change ] |
1634 | + |
1635 | + -- Nishanth Aravamudan <nish.aravamudan@canonical.com> Fri, 10 Feb 2017 11:38:57 -0800 |
1636 | + |
1637 | openldap (2.4.44+dfsg-3) unstable; urgency=medium |
1638 | |
1639 | * Apply upstream patch to fix FTBFS on kFreeBSD. (Closes: #845394) |
1640 | @@ -773,6 +2165,73 @@ openldap (2.4.44+dfsg-1) unstable; urgency=medium |
1641 | |
1642 | -- Ryan Tandy <ryan@nardis.ca> Mon, 14 Nov 2016 18:59:30 -0800 |
1643 | |
1644 | +openldap (2.4.42+dfsg-2ubuntu5) zesty; urgency=medium |
1645 | + |
1646 | + * No-change rebuild for perl 5.24 transition |
1647 | + |
1648 | + -- Iain Lane <iain@orangesquash.org.uk> Mon, 24 Oct 2016 10:37:13 +0100 |
1649 | + |
1650 | +openldap (2.4.42+dfsg-2ubuntu4) yakkety; urgency=medium |
1651 | + |
1652 | + * Fix use after free with GnuTLS. (LP: #1557248) |
1653 | + |
1654 | + -- Maciej Puzio <maciej@work.swmed.edu> Fri, 25 Mar 2016 15:24:25 -0500 |
1655 | + |
1656 | +openldap (2.4.42+dfsg-2ubuntu3) xenial; urgency=medium |
1657 | + |
1658 | + * Fix building with gssapi suppport: |
1659 | + - Explicitly add -I/usr/include/heimdal to CFLAGS. |
1660 | + - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS. |
1661 | + |
1662 | + -- Matthias Klose <doko@ubuntu.com> Thu, 18 Feb 2016 09:17:27 +0100 |
1663 | + |
1664 | +openldap (2.4.42+dfsg-2ubuntu2) xenial; urgency=medium |
1665 | + |
1666 | + * No-change rebuild for gnutls transition. |
1667 | + |
1668 | + -- Matthias Klose <doko@ubuntu.com> Wed, 17 Feb 2016 22:27:04 +0000 |
1669 | + |
1670 | +openldap (2.4.42+dfsg-2ubuntu1) xenial; urgency=medium |
1671 | + |
1672 | + * Merge from Debian testing (LP: #1532648). Remaining changes: |
1673 | + - Enable AppArmor support: |
1674 | + - d/apparmor-profile: add AppArmor profile |
1675 | + - d/rules: use dh_apparmor |
1676 | + - d/control: Build-Depends on dh-apparmor |
1677 | + - d/slapd.README.Debian: add note about AppArmor |
1678 | + - Enable GSSAPI support: |
1679 | + - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): |
1680 | + - Add --with-gssapi support |
1681 | + - Make guess_service_principal() more robust when determining |
1682 | + principal |
1683 | + - d/configure.options: Configure with --with-gssapi |
1684 | + - d/control: Added heimdal-dev as a build depend |
1685 | + - Enable ufw support: |
1686 | + - d/control: suggest ufw. |
1687 | + - d/rules: install ufw profile. |
1688 | + - d/slapd.ufw.profile: add ufw profile. |
1689 | + - Enable nss overlay: |
1690 | + - d/{patches/nssov-build,rules}: Apply, build and package the |
1691 | + nss overlay. |
1692 | + - d/{rules,slapd.py}: Add apport hook. |
1693 | + - d/slapd.init.ldif: don't set olcRootDN since it's not defined in |
1694 | + either the default DIT nor via an Authn mapping. |
1695 | + - d/slapd.scripts-common: |
1696 | + - add slapcat_opts to local variables. |
1697 | + - Remove unused variable new_conf. |
1698 | + - Fix backup directory naming for multiple reconfiguration. |
1699 | + - d/{slapd.default,slapd.README.Debian}: use the new configuration style. |
1700 | + - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support |
1701 | + in the openldap library, as required by Likewise-Open |
1702 | + - Show distribution in version: |
1703 | + - d/control: added lsb-release |
1704 | + - d/patches/fix-ldap-distribution.patch: show distribution in version |
1705 | + * Drop CVE-2015-6908.patch, included in Debian. |
1706 | + * Remove DEB_HOST_ARCH from debian/rules: left over from when mdb was |
1707 | + disabled on ppc64el, no longer used, and missed in the previous merge. |
1708 | + |
1709 | + -- Ryan Tandy <ryan@nardis.ca> Sun, 10 Jan 2016 15:50:53 -0800 |
1710 | + |
1711 | openldap (2.4.42+dfsg-2) unstable; urgency=medium |
1712 | |
1713 | [ Ryan Tandy ] |
1714 | @@ -840,6 +2299,71 @@ openldap (2.4.42+dfsg-1) unstable; urgency=medium |
1715 | |
1716 | -- Ryan Tandy <ryan@nardis.ca> Fri, 21 Aug 2015 13:07:51 -0700 |
1717 | |
1718 | +openldap (2.4.41+dfsg-1ubuntu3) xenial; urgency=medium |
1719 | + |
1720 | + * Rebuild for Perl 5.22.1. |
1721 | + |
1722 | + -- Colin Watson <cjwatson@ubuntu.com> Fri, 18 Dec 2015 15:10:17 +0000 |
1723 | + |
1724 | +openldap (2.4.41+dfsg-1ubuntu2) wily; urgency=medium |
1725 | + |
1726 | + * SECURITY UPDATE: denial of service via crafted BER data |
1727 | + - debian/patches/CVE-2015-6908.patch: remove obsolete assert in |
1728 | + libraries/liblber/io.c. |
1729 | + - CVE-2015-6908 |
1730 | + |
1731 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 14 Sep 2015 10:25:04 -0400 |
1732 | + |
1733 | +openldap (2.4.41+dfsg-1ubuntu1) wily; urgency=medium |
1734 | + |
1735 | + * Merge from Debian testing (LP: #1471831). Remaining changes: |
1736 | + - Enable AppArmor support: |
1737 | + - d/apparmor-profile: add AppArmor profile |
1738 | + - d/rules: use dh_apparmor |
1739 | + - d/control: Build-Depends on dh-apparmor |
1740 | + - d/slapd.README.Debian: add note about AppArmor |
1741 | + - Enable GSSAPI support: |
1742 | + - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): |
1743 | + - Add --with-gssapi support |
1744 | + - Make guess_service_principal() more robust when determining |
1745 | + principal |
1746 | + - d/configure.options: Configure with --with-gssapi |
1747 | + - d/control: Added heimdal-dev as a build depend |
1748 | + - Enable ufw support: |
1749 | + - d/control: suggest ufw. |
1750 | + - d/rules: install ufw profile. |
1751 | + - d/slapd.ufw.profile: add ufw profile. |
1752 | + - Enable nss overlay: |
1753 | + - d/{patches/nssov-build,rules}: Apply, build and package the |
1754 | + nss overlay. |
1755 | + - d/{rules,slapd.py}: Add apport hook. |
1756 | + - d/slapd.init.ldif: don't set olcRootDN since it's not defined in |
1757 | + either the default DIT nor via an Authn mapping. |
1758 | + - d/slapd.scripts-common: |
1759 | + - add slapcat_opts to local variables. |
1760 | + - Remove unused variable new_conf. |
1761 | + - Fix backup directory naming for multiple reconfiguration. |
1762 | + - d/{slapd.default,slapd.README.Debian}: use the new configuration style. |
1763 | + - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support |
1764 | + in the openldap library, as required by Likewise-Open |
1765 | + - Show distribution in version: |
1766 | + - d/control: added lsb-release |
1767 | + - d/patches/fix-ldap-distribution.patch: show distribution in version |
1768 | + * Dropped changes: |
1769 | + - Fix cpp calls for GCC 5: fixed upstream (ITS#8056) |
1770 | + * Upstream fixes: |
1771 | + - slapd crash with auditlog overlay and large (~27KB) attribute values |
1772 | + (ITS#8003) (LP: #1461276) |
1773 | + - nssov updated to support recent nss-pam-ldapd client libraries |
1774 | + (ITS#8097) (LP: #1393306) |
1775 | + * Update d/patches/nssov-build for upstream changes. |
1776 | + * Tweak d/patches/gssapi.diff to apply without fuzz. |
1777 | + * d/libldap-2.4-2.symbols: Add symbols not present in Debian. |
1778 | + - CLDAP (UDP) was added in 2.4.17-1ubuntu2 |
1779 | + - GSSAPI support was enabled in 2.4.18-0ubuntu2 |
1780 | + |
1781 | + -- Ryan Tandy <ryan@nardis.ca> Fri, 24 Jul 2015 14:12:06 -0700 |
1782 | + |
1783 | openldap (2.4.41+dfsg-1) unstable; urgency=medium |
1784 | |
1785 | * New upstream release. |
1786 | @@ -859,6 +2383,62 @@ openldap (2.4.40+dfsg-2) unstable; urgency=medium |
1787 | |
1788 | -- Ryan Tandy <ryan@nardis.ca> Sun, 28 Jun 2015 20:40:37 -0700 |
1789 | |
1790 | +openldap (2.4.40+dfsg-1ubuntu2) wily; urgency=medium |
1791 | + |
1792 | + * No-change rebuild for the libnettle6 transition. |
1793 | + |
1794 | + -- Adam Conrad <adconrad@ubuntu.com> Sun, 14 Jun 2015 03:58:30 -0600 |
1795 | + |
1796 | +openldap (2.4.40+dfsg-1ubuntu1) wily; urgency=low |
1797 | + |
1798 | + * Merge from Debian testing (LP: #1395098, LP: #1316124). Remaining changes: |
1799 | + - Enable AppArmor support: |
1800 | + - d/apparmor-profile: add AppArmor profile |
1801 | + - d/rules: use dh_apparmor |
1802 | + - d/control: Build-Depends on dh-apparmor |
1803 | + - d/slapd.README.Debian: add note about AppArmor |
1804 | + - Enable GSSAPI support: |
1805 | + - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): |
1806 | + - Add --with-gssapi support |
1807 | + - Make guess_service_principal() more robust when determining |
1808 | + principal |
1809 | + - d/configure.options: Configure with --with-gssapi |
1810 | + - d/control: Added heimdal-dev as a build depend |
1811 | + - Enable ufw support: |
1812 | + - d/control: suggest ufw. |
1813 | + - d/rules: install ufw profile. |
1814 | + - d/slapd.ufw.profile: add ufw profile. |
1815 | + - Enable nss overlay: |
1816 | + - d/{patches/nssov-build,rules}: Apply, build and package the |
1817 | + nss overlay. |
1818 | + - d/{rules,slapd.py}: Add apport hook. |
1819 | + - d/slapd.init.ldif: don't set olcRootDN since it's not defined in |
1820 | + either the default DIT nor via an Authn mapping. |
1821 | + - d/slapd.scripts-common: |
1822 | + - add slapcat_opts to local variables. |
1823 | + - Remove unused variable new_conf. |
1824 | + - Fix backup directory naming for multiple reconfiguration. |
1825 | + - d/{slapd.default,slapd.README.Debian}: use the new configuration style. |
1826 | + - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support |
1827 | + in the openldap library, as required by Likewise-Open |
1828 | + - Show distribution in version: |
1829 | + - d/control: added lsb-release |
1830 | + - d/patches/fix-ldap-distribution.patch: show distribution in version |
1831 | + * Drop patches included upstream: |
1832 | + - d/patches/0001-ITS-7430-GnuTLS-Avoid-use-of-deprecated-function.patch |
1833 | + - d/patches/bdb-deadlock.patch |
1834 | + - d/patches/its-7354-fix-delta-sync-mmr.diff |
1835 | + * Drop hardening-wrapper as Debian now sets PIE and bindnow flags. |
1836 | + * debian/patches/nssov-build: Adjust for upstream changes. |
1837 | + * debian/apparmor-profile: |
1838 | + - Change 'r' to 'rw' for ldapi and nslcd sockets, required for apparmor |
1839 | + kernel ABI v7 (utopic and later). (LP: #1392018) |
1840 | + - Reduce permissions on /run/nslcd to just the nslcd socket. |
1841 | + * Enable the mdb backend again on ppc64el, fixed upstream in ITS#7713. |
1842 | + (LP: #1293250) |
1843 | + |
1844 | + -- Ryan Tandy <ryan@nardis.ca> Mon, 25 May 2015 19:49:21 -0700 |
1845 | + |
1846 | openldap (2.4.40+dfsg-1) unstable; urgency=medium |
1847 | |
1848 | * Remove inetorgperson.schema from the upstream source. Replace it with a |
1849 | @@ -1047,6 +2627,187 @@ openldap (2.4.39-1) unstable; urgency=low |
1850 | |
1851 | -- Steve Langasek <vorlon@debian.org> Mon, 17 Mar 2014 15:27:31 -0700 |
1852 | |
1853 | +openldap (2.4.31-1+nmu2ubuntu12) vivid; urgency=medium |
1854 | + |
1855 | + * Fix cpp calls for GCC 5. |
1856 | + |
1857 | + -- Matthias Klose <doko@ubuntu.com> Fri, 06 Mar 2015 13:23:29 +0100 |
1858 | + |
1859 | +openldap (2.4.31-1+nmu2ubuntu11) utopic; urgency=medium |
1860 | + |
1861 | + * debian/apparmor-profile: |
1862 | + - allow p11-kit abstraction |
1863 | + - allow read of /etc/gss/mech.d/* |
1864 | + |
1865 | + -- Jamie Strandboge <jamie@ubuntu.com> Tue, 02 Sep 2014 15:29:05 -0500 |
1866 | + |
1867 | +openldap (2.4.31-1+nmu2ubuntu10) utopic; urgency=medium |
1868 | + |
1869 | + * Rebuild for Perl 5.20.0. |
1870 | + |
1871 | + -- Colin Watson <cjwatson@ubuntu.com> Thu, 21 Aug 2014 13:29:20 +0100 |
1872 | + |
1873 | +openldap (2.4.31-1+nmu2ubuntu9) utopic; urgency=medium |
1874 | + |
1875 | + * Cherry-pick upstream patch for compat with recent GNUTLS. |
1876 | + * Build-depend on libgnutls28-dev. |
1877 | + * Build-depend on libgcrypt20-dev. |
1878 | + |
1879 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Fri, 08 Aug 2014 11:01:56 +0100 |
1880 | + |
1881 | +openldap (2.4.31-1+nmu2ubuntu8) trusty; urgency=medium |
1882 | + |
1883 | + * Bump database_format_changed value to 2.4.31-1+nmu2ubuntu5 for db5.3. |
1884 | + |
1885 | + -- Adam Conrad <adconrad@ubuntu.com> Mon, 17 Mar 2014 12:50:18 -0600 |
1886 | + |
1887 | +openldap (2.4.31-1+nmu2ubuntu7) trusty; urgency=medium |
1888 | + |
1889 | + * Disable mdb backend on ppc64el due to test-suite failures. |
1890 | + |
1891 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 17 Mar 2014 16:32:29 +0000 |
1892 | + |
1893 | +openldap (2.4.31-1+nmu2ubuntu6) trusty; urgency=low |
1894 | + |
1895 | + * Fix segfault issue with master-master syncrepl (LP: #1287730): |
1896 | + - d/patches/its-7354-fix-delta-sync-mmr.diff: Cherry picked |
1897 | + patch from upstream VCS. |
1898 | + |
1899 | + -- Pierre Fersing <pfersing@sierrawireless.com> Tue, 04 Mar 2014 16:04:57 +0100 |
1900 | + |
1901 | +openldap (2.4.31-1+nmu2ubuntu5) trusty; urgency=low |
1902 | + |
1903 | + * Build-depend on libdb5.3-dev, instead of libdb5.1-dev. |
1904 | + |
1905 | + -- Dmitrijs Ledkovs <xnox@ubuntu.com> Mon, 04 Nov 2013 08:04:30 +0000 |
1906 | + |
1907 | +openldap (2.4.31-1+nmu2ubuntu4) trusty; urgency=low |
1908 | + |
1909 | + * Rebuild for Perl 5.18. |
1910 | + |
1911 | + -- Colin Watson <cjwatson@ubuntu.com> Tue, 22 Oct 2013 12:16:39 +0100 |
1912 | + |
1913 | +openldap (2.4.31-1+nmu2ubuntu3) saucy; urgency=low |
1914 | + |
1915 | + * Update build/config.guess and build/config.sub at build time; this was |
1916 | + not done automatically because the top-level configure.in does not use |
1917 | + Automake. |
1918 | + |
1919 | + -- Colin Watson <cjwatson@ubuntu.com> Tue, 08 Oct 2013 17:24:59 +0100 |
1920 | + |
1921 | +openldap (2.4.31-1+nmu2ubuntu2) saucy; urgency=low |
1922 | + |
1923 | + * debian/control: added lsb-release |
1924 | + * debian/patches/fix-ldap-distribution.patch: show distribution in version |
1925 | + |
1926 | + -- Yolanda Robla <yolanda.robla@canonical.com> Mon, 08 Jul 2013 16:53:09 +0200 |
1927 | + |
1928 | +openldap (2.4.31-1+nmu2ubuntu1) saucy; urgency=low |
1929 | + |
1930 | + * Merge from Debian unstable. Remaining changes: |
1931 | + - Enable AppArmor support: |
1932 | + - d/apparmor-profile: add AppArmor profile |
1933 | + - d/rules: use dh_apparmor |
1934 | + - d/control: Build-Depends on dh-apparmor |
1935 | + - d/slapd.README.Debian: add note about AppArmor |
1936 | + - d/slapd.dirs: add etc/apparmor.d/force-complain |
1937 | + - Enable GSSAPI support: |
1938 | + - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): |
1939 | + - Add --with-gssapi support |
1940 | + - Make guess_service_principal() more robust when determining |
1941 | + principal |
1942 | + - d/configure.options: Configure with --with-gssapi |
1943 | + - d/control: Added libkrb5-dev as a build depend |
1944 | + - Enable ufw support: |
1945 | + - d/control: suggest ufw. |
1946 | + - d/rules: install ufw profile. |
1947 | + - d/slapd.ufw.profile: add ufw profile. |
1948 | + - Enable nss overlay: |
1949 | + - d/{patches/nssov-build,/rules}: Apply, build and package the |
1950 | + nss overlay. |
1951 | + - d/{rules,slapd.py}: Add apport hook. |
1952 | + - d/slapd.init.ldif: don't set olcRootDN since it's not defined in |
1953 | + either the default DIT nor via an Authn mapping. |
1954 | + - d/slapd.scripts-common: |
1955 | + - add slapcat_opts to local variables. |
1956 | + - Remove unused variable new_conf. |
1957 | + - Fix backup directory naming for multiple reconfiguration. |
1958 | + - d/{slapd.default,slapd.README.Debian}: use the new configuration style. |
1959 | + - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support |
1960 | + in the openldap library, as required by Likewise-Open |
1961 | + - d/{control,rules}: enable PIE hardening |
1962 | + |
1963 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 30 May 2013 13:03:25 -0400 |
1964 | + |
1965 | +openldap (2.4.31-1+nmu2) unstable; urgency=high |
1966 | + |
1967 | + * Non-maintainer upload. |
1968 | + * No-change rebuild in a clean environment |
1969 | + |
1970 | + -- Jonathan Wiltshire <jmw@debian.org> Tue, 23 Apr 2013 13:10:00 +0100 |
1971 | + |
1972 | +openldap (2.4.31-1+nmu1) unstable; urgency=medium |
1973 | + |
1974 | + * Non-maintainer upload. |
1975 | + * Avoid deadlocks in back-bdb that truncate slapcat output (closes: #673038). |
1976 | + |
1977 | + -- Michael Gilbert <mgilbert@debian.org> Tue, 16 Apr 2013 03:35:31 +0000 |
1978 | + |
1979 | +openldap (2.4.31-1ubuntu2) quantal-proposed; urgency=low |
1980 | + |
1981 | + * debian/slapd.py: Add AppArmor info and logs to apport hook. |
1982 | + |
1983 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 20 Aug 2012 08:46:02 -0400 |
1984 | + |
1985 | +openldap (2.4.31-1ubuntu1) quantal; urgency=low |
1986 | + |
1987 | + * Merge from Debian unstable. Remaining changes: |
1988 | + - Enable AppArmor support: |
1989 | + - d/apparmor-profile: add AppArmor profile |
1990 | + - d/rules: use dh_apparmor |
1991 | + - d/control: Build-Depends on dh-apparmor |
1992 | + - d/slapd.README.Debian: add note about AppArmor |
1993 | + - d/slapd.dirs: add etc/apparmor.d/force-complain |
1994 | + - Enable GSSAPI support (LP: #495418): |
1995 | + - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): |
1996 | + - Add --with-gssapi support |
1997 | + - Make guess_service_principal() more robust when determining |
1998 | + principal |
1999 | + - d/configure.options: Configure with --with-gssapi |
2000 | + - d/control: Added libkrb5-dev as a build depend |
2001 | + - Enable ufw support (LP: #423246): |
2002 | + - d/control: suggest ufw. |
2003 | + - d/rules: install ufw profile. |
2004 | + - d/slapd.ufw.profile: add ufw profile. |
2005 | + - Enable nss overlay (LP: #675391): |
2006 | + - d/{patches/nssov-build,/rules}: Apply, build and package the |
2007 | + nss overlay. |
2008 | + - d/{rules,slapd.py}: Add apport hook. (LP: #610544) |
2009 | + - d/slapd.init.ldif: don't set olcRootDN since it's not defined in |
2010 | + either the default DIT nor via an Authn mapping. |
2011 | + - d/slapd.scripts-common: |
2012 | + - add slapcat_opts to local variables. |
2013 | + - Remove unused variable new_conf. |
2014 | + - Fix backup directory naming for multiple reconfiguration. |
2015 | + - d/{slapd.default,slapd.README.Debian}: use the new configuration style. |
2016 | + - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support |
2017 | + in the openldap library, as required by Likewise-Open (LP: #390579) |
2018 | + - d/{control,rules}: enable PIE hardening |
2019 | + * Dropped changes: |
2020 | + - d/patches/its-7107-fix-Operation-init-on-reuse.diff: Included in upstream release. |
2021 | + - d/patches/CVE-2011-4079: Included in upstream release. |
2022 | + - d/patches/service-operational-before-detach: Included in upstream release. |
2023 | + - d/schema/extra/misc.ldif: Included upstream. |
2024 | + - d/{rules,schema/extra}: Fix configure and clean rules to support |
2025 | + extra schemas shipped as part of the debian/schema/ directory; no longer required. |
2026 | + - Included in Debian: |
2027 | + + Document cn=config in README file. |
2028 | + + Install a default DIT; actually a minimal configuration. |
2029 | + + d/patches/heimdal-fix. |
2030 | + * General tidy of d/patches to remove obsolete patches being held in Ubuntu delta. |
2031 | + |
2032 | + -- James Page <james.page@ubuntu.com> Fri, 20 Jul 2012 13:48:32 +0100 |
2033 | + |
2034 | openldap (2.4.31-1) unstable; urgency=low |
2035 | |
2036 | * New upstream release. |
2037 | @@ -1073,6 +2834,121 @@ openldap (2.4.31-1) unstable; urgency=low |
2038 | |
2039 | -- Steve Langasek <vorlon@debian.org> Wed, 27 Jun 2012 03:27:34 +0000 |
2040 | |
2041 | +openldap (2.4.28-1.1ubuntu6) quantal; urgency=low |
2042 | + |
2043 | + * Fix issue with intermittent connection issues when using LDAPv3 |
2044 | + protocol (LP: #1023025): |
2045 | + - d/patches/its-7107-fix-Operation-init-on-reuse.diff: Cherry picked |
2046 | + patch from upstream VCS which ensures objects are initialized before |
2047 | + re-use. |
2048 | + |
2049 | + -- Pierre Fersing <pfersing@sierrawireless.com> Thu, 19 Jul 2012 14:05:09 +0100 |
2050 | + |
2051 | +openldap (2.4.28-1.1ubuntu5) quantal; urgency=low |
2052 | + |
2053 | + * debian/rules: Add smbk5pwd build. |
2054 | + * debian/control: Add slapd-smbk5pwd binary package. |
2055 | + * debian/patches/heimdal-fix: adapt parameters of |
2056 | + hdb_generate_key_set_password() to heimdal 1.6~git20120311 |
2057 | + (patch from Debian #664930). |
2058 | + |
2059 | + -- Jorge Salamero Sanz <bencer@debian.org> Wed, 18 Jul 2012 09:30:28 -0400 |
2060 | + |
2061 | +openldap (2.4.28-1.1ubuntu4) precise; urgency=low |
2062 | + |
2063 | + * debian/control: Build-Depends on dh-apparmor (LP: #948481) |
2064 | + |
2065 | + -- Jamie Strandboge <jamie@ubuntu.com> Thu, 05 Apr 2012 09:34:37 -0500 |
2066 | + |
2067 | +openldap (2.4.28-1.1ubuntu3) precise; urgency=low |
2068 | + |
2069 | + * Add its-7176-only-poll-sockets-for-write-as-needed.diff |
2070 | + (LP: #932823). |
2071 | + |
2072 | + -- Timo Aaltonen <tjaalton@ubuntu.com> Tue, 21 Feb 2012 15:36:29 +0200 |
2073 | + |
2074 | +openldap (2.4.28-1.1ubuntu2) precise; urgency=low |
2075 | + |
2076 | + * Remove debian/patches/CVE-2011-4079; it's already in this upstream |
2077 | + version. Fixes FTBFS. |
2078 | + |
2079 | + -- Daniel T Chen <crimsun@ubuntu.com> Wed, 25 Jan 2012 17:26:17 -0500 |
2080 | + |
2081 | +openldap (2.4.28-1.1ubuntu1) precise; urgency=low |
2082 | + |
2083 | + * Merge from Debian testing. Remaining changes: |
2084 | + - Install a default DIT (LP: #442498). |
2085 | + - Document cn=config in README file (LP: #370784). |
2086 | + - remaining changes: |
2087 | + + AppArmor support: |
2088 | + - debian/apparmor-profile: add AppArmor profile |
2089 | + - use dh_apparmor: |
2090 | + - debian/rules: use dh_apparmor |
2091 | + - debian/control: Build-Depends on debhelper 7.4.20ubuntu5 |
2092 | + - updated debian/slapd.README.Debian for note on AppArmor |
2093 | + - debian/slapd.dirs: add etc/apparmor.d/force-complain |
2094 | + + Enable GSSAPI support (LP: #495418): |
2095 | + - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise): |
2096 | + - Add --with-gssapi support |
2097 | + - Make guess_service_principal() more robust when determining |
2098 | + principal |
2099 | + - debian/patches/series: apply gssapi.diff patch. |
2100 | + - debian/configure.options: Configure with --with-gssapi |
2101 | + - debian/control: Added libkrb5-dev as a build depend |
2102 | + + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support |
2103 | + in the openldap library, as required by Likewise-Open (LP: #390579) |
2104 | + + Don't build smbk5pwd overlay since it uses heimdal instead of krb5: |
2105 | + - debian/control: |
2106 | + - remove build-dependency on heimdal-dev. |
2107 | + - remove slapd-smbk5pwd binary package. |
2108 | + - debian/rules: don't build smbk5pwd slapd module. |
2109 | + + debian/{control,rules}: enable PIE hardening |
2110 | + + ufw support (LP: #423246): |
2111 | + - debian/control: suggest ufw. |
2112 | + - debian/rules: install ufw profile. |
2113 | + - debian/slapd.ufw.profile: add ufw profile. |
2114 | + + Enable nssoverlay: |
2115 | + - debian/patches/nssov-build, debian/series, debian/rules: |
2116 | + Apply, build and package the nss overlay. |
2117 | + - debian/schema/extra/misc.ldif: add ldif file for the misc schema |
2118 | + which defines rfc822MailMember (required by the nss overlay). |
2119 | + + debian/rules, debian/schema/extra/: |
2120 | + Fix configure rule to supports extra schemas shipped as part |
2121 | + of the debian/schema/ directory. |
2122 | + + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544) |
2123 | + + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in |
2124 | + neither the default DIT nor via an Authn mapping. |
2125 | + + debian/slapd.scripts-common: adjust minimum version that triggers a |
2126 | + database upgrade. Upgrade from maverick shouldn't trigger database |
2127 | + upgrade (which would happen with the version used in Debian). |
2128 | + + debian/slapd.scripts-common: add slapcat_opts to local variables. |
2129 | + Remove unused variable new_conf. |
2130 | + + debian/slapd.script-common: Fix package reconfiguration. |
2131 | + - Fix backup directory naming for multiple reconfiguration. |
2132 | + + debian/slapd.default, debian/slapd.README.Debian: |
2133 | + use the new configuration style. |
2134 | + + Install nss overlay (LP: #675391): |
2135 | + - debian/rules: run install target for nssov module. |
2136 | + - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema |
2137 | + + debian/patches/gssapi.diff: |
2138 | + - Update patch so that likewise-open is usuable again. (LP: #661547) |
2139 | + + debian/patches/service-operational-before-detach: New patch replacing old one |
2140 | + of the same name as previous could cause database corruption based on upstream commits. |
2141 | + (LP: #727973) |
2142 | + + debian/patches/CVE-2011-4079: fix off by one error in postalAddressNormalize() |
2143 | + (CVE-2011-4079) |
2144 | + |
2145 | + |
2146 | + -- Chuck Short <zulcss@ubuntu.com> Mon, 23 Jan 2012 10:01:13 -0500 |
2147 | + |
2148 | +openldap (2.4.28-1.1) unstable; urgency=low |
2149 | + |
2150 | + * Non-maintainer upload. |
2151 | + * Disable the mdb backend on non-Linux, it looks like it doesn't work with |
2152 | + linuxthreads (closes: #654824). |
2153 | + |
2154 | + -- Julien Cristau <jcristau@debian.org> Mon, 16 Jan 2012 19:45:42 +0100 |
2155 | + |
2156 | openldap (2.4.28-1) unstable; urgency=low |
2157 | |
2158 | * New upstream release. |
2159 | @@ -1100,6 +2976,72 @@ openldap (2.4.28-1) unstable; urgency=low |
2160 | |
2161 | -- Steve Langasek <vorlon@debian.org> Thu, 05 Jan 2012 06:07:11 +0000 |
2162 | |
2163 | +openldap (2.4.25-4ubuntu1) precise; urgency=low |
2164 | + |
2165 | + * Merge from Debian testing. Remaining changes: |
2166 | + - Install a default DIT (LP: #442498). |
2167 | + - Document cn=config in README file (LP: #370784). |
2168 | + - remaining changes: |
2169 | + + AppArmor support: |
2170 | + - debian/apparmor-profile: add AppArmor profile |
2171 | + - use dh_apparmor: |
2172 | + - debian/rules: use dh_apparmor |
2173 | + - debian/control: Build-Depends on debhelper 7.4.20ubuntu5 |
2174 | + - updated debian/slapd.README.Debian for note on AppArmor |
2175 | + - debian/slapd.dirs: add etc/apparmor.d/force-complain |
2176 | + + Enable GSSAPI support (LP: #495418): |
2177 | + - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise): |
2178 | + - Add --with-gssapi support |
2179 | + - Make guess_service_principal() more robust when determining |
2180 | + principal |
2181 | + - debian/patches/series: apply gssapi.diff patch. |
2182 | + - debian/configure.options: Configure with --with-gssapi |
2183 | + - debian/control: Added libkrb5-dev as a build depend |
2184 | + + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support |
2185 | + in the openldap library, as required by Likewise-Open (LP: #390579) |
2186 | + + Don't build smbk5pwd overlay since it uses heimdal instead of krb5: |
2187 | + - debian/control: |
2188 | + - remove build-dependency on heimdal-dev. |
2189 | + - remove slapd-smbk5pwd binary package. |
2190 | + - debian/rules: don't build smbk5pwd slapd module. |
2191 | + + debian/{control,rules}: enable PIE hardening |
2192 | + + ufw support (LP: #423246): |
2193 | + - debian/control: suggest ufw. |
2194 | + - debian/rules: install ufw profile. |
2195 | + - debian/slapd.ufw.profile: add ufw profile. |
2196 | + + Enable nssoverlay: |
2197 | + - debian/patches/nssov-build, debian/series, debian/rules: |
2198 | + Apply, build and package the nss overlay. |
2199 | + - debian/schema/extra/misc.ldif: add ldif file for the misc schema |
2200 | + which defines rfc822MailMember (required by the nss overlay). |
2201 | + + debian/rules, debian/schema/extra/: |
2202 | + Fix configure rule to supports extra schemas shipped as part |
2203 | + of the debian/schema/ directory. |
2204 | + + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544) |
2205 | + + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in |
2206 | + neither the default DIT nor via an Authn mapping. |
2207 | + + debian/slapd.scripts-common: adjust minimum version that triggers a |
2208 | + database upgrade. Upgrade from maverick shouldn't trigger database |
2209 | + upgrade (which would happen with the version used in Debian). |
2210 | + + debian/slapd.scripts-common: add slapcat_opts to local variables. |
2211 | + Remove unused variable new_conf. |
2212 | + + debian/slapd.script-common: Fix package reconfiguration. |
2213 | + - Fix backup directory naming for multiple reconfiguration. |
2214 | + + debian/slapd.default, debian/slapd.README.Debian: |
2215 | + use the new configuration style. |
2216 | + + Install nss overlay (LP: #675391): |
2217 | + - debian/rules: run install target for nssov module. |
2218 | + - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema |
2219 | + + debian/patches/gssapi.diff: |
2220 | + - Update patch so that likewise-open is usuable again. (LP: #661547) |
2221 | + + debian/patches/service-operational-before-detach: New patch replacing old one |
2222 | + of the same name as previous could cause database corruption based on upstream commits. |
2223 | + (LP: #727973) |
2224 | + + debian/patches/CVE-2011-4079: fix off by one error in postalAddressNormalize() |
2225 | + (CVE-2011-4079) |
2226 | + |
2227 | + -- Chuck Short <zulcss@ubuntu.com> Tue, 22 Nov 2011 06:17:49 +0000 |
2228 | + |
2229 | openldap (2.4.25-4) unstable; urgency=low |
2230 | |
2231 | * Drop explicit depends on libdb4.8, since we're now linking against |
2232 | @@ -1133,6 +3075,85 @@ openldap (2.4.25-4) unstable; urgency=low |
2233 | |
2234 | -- Steve Langasek <vorlon@debian.org> Tue, 18 Oct 2011 01:08:34 +0000 |
2235 | |
2236 | +openldap (2.4.25-3ubuntu3) precise; urgency=low |
2237 | + |
2238 | + * Rebuild for Perl 5.14. |
2239 | + |
2240 | + -- Colin Watson <cjwatson@ubuntu.com> Tue, 15 Nov 2011 20:50:09 +0000 |
2241 | + |
2242 | +openldap (2.4.25-3ubuntu2) precise; urgency=low |
2243 | + |
2244 | + * SECURITY UPDATE: potential denial of service (LP: #884163) |
2245 | + - debian/patches/CVE-2011-4079: fix off by one error in |
2246 | + postalAddressNormalize() |
2247 | + - CVE-2011-4079 |
2248 | + |
2249 | + -- Jamie Strandboge <jamie@ubuntu.com> Mon, 14 Nov 2011 13:59:56 -0600 |
2250 | + |
2251 | +openldap (2.4.25-3ubuntu1) precise; urgency=low |
2252 | + |
2253 | + * Merge from debian unstable. Remaining changes: |
2254 | + - Install a default DIT (LP: #442498). |
2255 | + - Document cn=config in README file (LP: #370784). |
2256 | + - remaining changes: |
2257 | + + AppArmor support: |
2258 | + - debian/apparmor-profile: add AppArmor profile |
2259 | + - use dh_apparmor: |
2260 | + - debian/rules: use dh_apparmor |
2261 | + - debian/control: Build-Depends on debhelper 7.4.20ubuntu5 |
2262 | + - updated debian/slapd.README.Debian for note on AppArmor |
2263 | + - debian/slapd.dirs: add etc/apparmor.d/force-complain |
2264 | + + Enable GSSAPI support (LP: #495418): |
2265 | + - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise): |
2266 | + - Add --with-gssapi support |
2267 | + - Make guess_service_principal() more robust when determining |
2268 | + principal |
2269 | + - debian/patches/series: apply gssapi.diff patch. |
2270 | + - debian/configure.options: Configure with --with-gssapi |
2271 | + - debian/control: Added libkrb5-dev as a build depend |
2272 | + + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support |
2273 | + in the openldap library, as required by Likewise-Open (LP: #390579) |
2274 | + + Don't build smbk5pwd overlay since it uses heimdal instead of krb5: |
2275 | + - debian/control: |
2276 | + - remove build-dependency on heimdal-dev. |
2277 | + - remove slapd-smbk5pwd binary package. |
2278 | + - debian/rules: don't build smbk5pwd slapd module. |
2279 | + + debian/{control,rules}: enable PIE hardening |
2280 | + + ufw support (LP: #423246): |
2281 | + - debian/control: suggest ufw. |
2282 | + - debian/rules: install ufw profile. |
2283 | + - debian/slapd.ufw.profile: add ufw profile. |
2284 | + + Enable nssoverlay: |
2285 | + - debian/patches/nssov-build, debian/series, debian/rules: |
2286 | + Apply, build and package the nss overlay. |
2287 | + - debian/schema/extra/misc.ldif: add ldif file for the misc schema |
2288 | + which defines rfc822MailMember (required by the nss overlay). |
2289 | + + debian/rules, debian/schema/extra/: |
2290 | + Fix configure rule to supports extra schemas shipped as part |
2291 | + of the debian/schema/ directory. |
2292 | + + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544) |
2293 | + + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in |
2294 | + neither the default DIT nor via an Authn mapping. |
2295 | + + debian/slapd.scripts-common: adjust minimum version that triggers a |
2296 | + database upgrade. Upgrade from maverick shouldn't trigger database |
2297 | + upgrade (which would happen with the version used in Debian). |
2298 | + + debian/slapd.scripts-common: add slapcat_opts to local variables. |
2299 | + Remove unused variable new_conf. |
2300 | + + debian/slapd.script-common: Fix package reconfiguration. |
2301 | + - Fix backup directory naming for multiple reconfiguration. |
2302 | + + debian/slapd.default, debian/slapd.README.Debian: |
2303 | + use the new configuration style. |
2304 | + + Install nss overlay (LP: #675391): |
2305 | + - debian/rules: run install target for nssov module. |
2306 | + - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema |
2307 | + + debian/patches/gssapi.diff: |
2308 | + - Update patch so that likewise-open is usuable again. (LP: #661547) |
2309 | + + debian/patches/service-operational-before-detach: New patch replacing old one |
2310 | + of the same name as previous could cause database corruption based on upstream commits. |
2311 | + (LP: #727973) |
2312 | + |
2313 | + -- Chuck Short <zulcss@ubuntu.com> Wed, 19 Oct 2011 20:53:08 +0000 |
2314 | + |
2315 | openldap (2.4.25-3) unstable; urgency=low |
2316 | |
2317 | * Brown paper bag: really fix the .links.in handling, so we don't generate |
2318 | @@ -1155,6 +3176,92 @@ openldap (2.4.25-2) unstable; urgency=low |
2319 | |
2320 | -- Steve Langasek <vorlon@debian.org> Sun, 14 Aug 2011 23:17:09 -0700 |
2321 | |
2322 | +openldap (2.4.25-1.1ubuntu4) oneiric; urgency=low |
2323 | + |
2324 | + * Brown paper bag: really fix the .links.in handling, so we don't generate |
2325 | + broken /usr/lib/${DEB_HOST_MULTIARCH} dirs. |
2326 | + |
2327 | + -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 15 Aug 2011 09:43:29 +0000 |
2328 | + |
2329 | +openldap (2.4.25-1.1ubuntu3) oneiric; urgency=low |
2330 | + |
2331 | + * Cherry-pick multiarch support from Debian (LP: #826601): |
2332 | + - Bump to compat level 7, so we don't have to spell out debian/tmp in |
2333 | + every single .install file |
2334 | + - Build for multiarch. |
2335 | + |
2336 | + -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 15 Aug 2011 02:23:43 -0700 |
2337 | + |
2338 | +openldap (2.4.25-1.1ubuntu2) oneiric; urgency=low |
2339 | + |
2340 | + * debian/apparmor-profile: Allow /var/run and /run. (LP: #810270) |
2341 | + |
2342 | + -- Martin Pitt <martin.pitt@ubuntu.com> Thu, 14 Jul 2011 15:18:02 +0200 |
2343 | + |
2344 | +openldap (2.4.25-1.1ubuntu1) oneiric; urgency=low |
2345 | + |
2346 | + * Merge from debian unstable. Remaining changes: |
2347 | + - Install a default DIT (LP: #442498). |
2348 | + - Document cn=config in README file (LP: #370784). |
2349 | + - remaining changes: |
2350 | + + AppArmor support: |
2351 | + - debian/apparmor-profile: add AppArmor profile |
2352 | + - use dh_apparmor: |
2353 | + - debian/rules: use dh_apparmor |
2354 | + - debian/control: Build-Depends on debhelper 7.4.20ubuntu5 |
2355 | + - updated debian/slapd.README.Debian for note on AppArmor |
2356 | + - debian/slapd.dirs: add etc/apparmor.d/force-complain |
2357 | + + Enable GSSAPI support (LP: #495418): |
2358 | + - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise): |
2359 | + - Add --with-gssapi support |
2360 | + - Make guess_service_principal() more robust when determining |
2361 | + principal |
2362 | + - debian/patches/series: apply gssapi.diff patch. |
2363 | + - debian/configure.options: Configure with --with-gssapi |
2364 | + - debian/control: Added libkrb5-dev as a build depend |
2365 | + + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support |
2366 | + in the openldap library, as required by Likewise-Open (LP: #390579) |
2367 | + + Don't build smbk5pwd overlay since it uses heimdal instead of krb5: |
2368 | + - debian/control: |
2369 | + - remove build-dependency on heimdal-dev. |
2370 | + - remove slapd-smbk5pwd binary package. |
2371 | + - debian/rules: don't build smbk5pwd slapd module. |
2372 | + + debian/{control,rules}: enable PIE hardening |
2373 | + + ufw support (LP: #423246): |
2374 | + - debian/control: suggest ufw. |
2375 | + - debian/rules: install ufw profile. |
2376 | + - debian/slapd.ufw.profile: add ufw profile. |
2377 | + + Enable nssoverlay: |
2378 | + - debian/patches/nssov-build, debian/series, debian/rules: |
2379 | + Apply, build and package the nss overlay. |
2380 | + - debian/schema/extra/misc.ldif: add ldif file for the misc schema |
2381 | + which defines rfc822MailMember (required by the nss overlay). |
2382 | + + debian/rules, debian/schema/extra/: |
2383 | + Fix configure rule to supports extra schemas shipped as part |
2384 | + of the debian/schema/ directory. |
2385 | + + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544) |
2386 | + + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in |
2387 | + neither the default DIT nor via an Authn mapping. |
2388 | + + debian/slapd.scripts-common: adjust minimum version that triggers a |
2389 | + database upgrade. Upgrade from maverick shouldn't trigger database |
2390 | + upgrade (which would happen with the version used in Debian). |
2391 | + + debian/slapd.scripts-common: add slapcat_opts to local variables. |
2392 | + Remove unused variable new_conf. |
2393 | + + debian/slapd.script-common: Fix package reconfiguration. |
2394 | + - Fix backup directory naming for multiple reconfiguration. |
2395 | + + debian/slapd.default, debian/slapd.README.Debian: |
2396 | + use the new configuration style. |
2397 | + + Install nss overlay (LP: #675391): |
2398 | + - debian/rules: run install target for nssov module. |
2399 | + - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema |
2400 | + + debian/patches/gssapi.diff: |
2401 | + - Update patch so that likewise-open is usuable again. (LP: #661547) |
2402 | + + debian/patches/service-operational-before-detach: New patch replacing old one |
2403 | + of the same name as previous could cause database corruption based on upstream commits. |
2404 | + (LP: #727973) |
2405 | + |
2406 | + -- Chuck Short <zulcss@ubuntu.com> Sun, 05 Jun 2011 17:38:40 +0100 |
2407 | + |
2408 | openldap (2.4.25-1.1) unstable; urgency=low |
2409 | |
2410 | * Non-maintainer upload to fix RC bug. |
2411 | @@ -1162,6 +3269,75 @@ openldap (2.4.25-1.1) unstable; urgency=low |
2412 | |
2413 | -- Thijs Kinkhorst <thijs@debian.org> Tue, 31 May 2011 11:57:29 +0200 |
2414 | |
2415 | +openldap (2.4.25-1ubuntu1) oneiric; urgency=low |
2416 | + |
2417 | + * Merge from debian unstable. Remaining changes: |
2418 | + - Install a default DIT (LP: #442498). |
2419 | + - Document cn=config in README file (LP: #370784). |
2420 | + - remaining changes: |
2421 | + + AppArmor support: |
2422 | + - debian/apparmor-profile: add AppArmor profile |
2423 | + - use dh_apparmor: |
2424 | + - debian/rules: use dh_apparmor |
2425 | + - debian/control: Build-Depends on debhelper 7.4.20ubuntu5 |
2426 | + - updated debian/slapd.README.Debian for note on AppArmor |
2427 | + - debian/slapd.dirs: add etc/apparmor.d/force-complain |
2428 | + + Enable GSSAPI support (LP: #495418): |
2429 | + - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise): |
2430 | + - Add --with-gssapi support |
2431 | + - Make guess_service_principal() more robust when determining |
2432 | + principal |
2433 | + - debian/patches/series: apply gssapi.diff patch. |
2434 | + - debian/configure.options: Configure with --with-gssapi |
2435 | + - debian/control: Added libkrb5-dev as a build depend |
2436 | + + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support |
2437 | + in the openldap library, as required by Likewise-Open (LP: #390579) |
2438 | + + Don't build smbk5pwd overlay since it uses heimdal instead of krb5: |
2439 | + - debian/control: |
2440 | + - remove build-dependency on heimdal-dev. |
2441 | + - remove slapd-smbk5pwd binary package. |
2442 | + - debian/rules: don't build smbk5pwd slapd module. |
2443 | + + debian/{control,rules}: enable PIE hardening |
2444 | + + ufw support (LP: #423246): |
2445 | + - debian/control: suggest ufw. |
2446 | + - debian/rules: install ufw profile. |
2447 | + - debian/slapd.ufw.profile: add ufw profile. |
2448 | + + Enable nssoverlay: |
2449 | + - debian/patches/nssov-build, debian/series, debian/rules: |
2450 | + Apply, build and package the nss overlay. |
2451 | + - debian/schema/extra/misc.ldif: add ldif file for the misc schema |
2452 | + which defines rfc822MailMember (required by the nss overlay). |
2453 | + + debian/rules, debian/schema/extra/: |
2454 | + Fix configure rule to supports extra schemas shipped as part |
2455 | + of the debian/schema/ directory. |
2456 | + + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544) |
2457 | + + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in |
2458 | + neither the default DIT nor via an Authn mapping. |
2459 | + + debian/slapd.scripts-common: adjust minimum version that triggers a |
2460 | + database upgrade. Upgrade from maverick shouldn't trigger database |
2461 | + upgrade (which would happen with the version used in Debian). |
2462 | + + debian/slapd.scripts-common: add slapcat_opts to local variables. |
2463 | + Remove unused variable new_conf. |
2464 | + + debian/slapd.script-common: Fix package reconfiguration. |
2465 | + - Fix backup directory naming for multiple reconfiguration. |
2466 | + + debian/slapd.default, debian/slapd.README.Debian: |
2467 | + use the new configuration style. |
2468 | + + Install nss overlay (LP: #675391): |
2469 | + - debian/rules: run install target for nssov module. |
2470 | + - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema |
2471 | + + debian/patches/gssapi.diff: |
2472 | + - Update patch so that likewise-open is usuable again. (LP: #661547) |
2473 | + + debian/patches/service-operational-before-detach: New patch replacing old one |
2474 | + of the same name as previous could cause database corruption based on upstream commits. |
2475 | + (LP: #727973) |
2476 | + + Dropped: |
2477 | + - debian/patches/gold: Use the debian version instead |
2478 | + - debian/patches/CVE-2011-1024: Fixed upstream |
2479 | + - debian/patches/CVE-2011-1025: Fixed upstream |
2480 | + - debian/patches/CVE-2011-1081: Fixed upstream |
2481 | + |
2482 | + -- Chuck Short <zulcss@ubuntu.com> Sun, 08 May 2011 16:34:09 +0100 |
2483 | + |
2484 | openldap (2.4.25-1) unstable; urgency=low |
2485 | |
2486 | * New upstream version (Closes: #617606, #618904, #606815, #608813) |
2487 | @@ -1193,6 +3369,116 @@ openldap (2.4.23-7) unstable; urgency=low |
2488 | |
2489 | -- Matthijs Mohlmann <matthijs@cacholong.nl> Sat, 06 Nov 2010 12:13:01 +0100 |
2490 | |
2491 | +openldap (2.4.23-6ubuntu7) oneiric; urgency=low |
2492 | + |
2493 | + * Rebuild for Perl 5.12. |
2494 | + |
2495 | + -- Colin Watson <cjwatson@ubuntu.com> Sun, 08 May 2011 13:40:28 +0100 |
2496 | + |
2497 | +openldap (2.4.23-6ubuntu6) natty; urgency=low |
2498 | + |
2499 | + * SECURITY UPDATE: fix successful anonymous bind via chain overlay when |
2500 | + using forwarded authentication failures |
2501 | + - debian/patches/CVE-2011-1024 |
2502 | + - CVE-2011-1024 |
2503 | + * SECURITY UPDATE: verify password when authenticating to rootdn and using ndb |
2504 | + backend. Note: Ubuntu is not compiled with --enable-ndb by default |
2505 | + - debian/patches/CVE-2011-1025 |
2506 | + - CVE-2011-1025 |
2507 | + * SECURITY UPDATE: fix DoS when processing unauthenticated modrdn requests |
2508 | + and requestDN is empty |
2509 | + - debian/patches/CVE-2011-1081 |
2510 | + - CVE-2011-1081 |
2511 | + - LP: #742104 |
2512 | + |
2513 | + -- Jamie Strandboge <jamie@ubuntu.com> Thu, 07 Apr 2011 11:36:53 -0500 |
2514 | + |
2515 | +openldap (2.4.23-6ubuntu5) natty; urgency=low |
2516 | + |
2517 | + * debian/patches/service-operational-before-detach: New patch replacing |
2518 | + old one of same name as previous could cause database corruption, |
2519 | + based on upstream commits. (LP: #727973) |
2520 | + |
2521 | + -- Dave Walker (Daviey) <DaveWalker@ubuntu.com> Wed, 02 Mar 2011 20:33:08 +0000 |
2522 | + |
2523 | +openldap (2.4.23-6ubuntu4) natty; urgency=low |
2524 | + |
2525 | + * Fix FTBFS with ld.gold. |
2526 | + |
2527 | + -- Matthias Klose <doko@ubuntu.com> Wed, 19 Jan 2011 07:39:49 +0100 |
2528 | + |
2529 | +openldap (2.4.23-6ubuntu3) natty; urgency=low |
2530 | + |
2531 | + * debian/patches/gssapi.diff: |
2532 | + Update patch so that likewise-open is usable again (LP: #661547) |
2533 | + |
2534 | + -- Thierry Carrez (ttx) <thierry.carrez@ubuntu.com> Fri, 26 Nov 2010 15:50:11 +0100 |
2535 | + |
2536 | +openldap (2.4.23-6ubuntu2) natty; urgency=low |
2537 | + |
2538 | + * Install nss overlay (LP: #675391): |
2539 | + - debian/rules: run install target for nssov module. |
2540 | + - debian/patches/nssov-build: fix patch to install schema in |
2541 | + /etc/ldap/schema. |
2542 | + |
2543 | + -- Mathias Gug <mathiaz@ubuntu.com> Wed, 17 Nov 2010 18:16:42 -0500 |
2544 | + |
2545 | +openldap (2.4.23-6ubuntu1) natty; urgency=low |
2546 | + |
2547 | + * Merge from Debian unstable: |
2548 | + - Install a default DIT (LP: #442498). |
2549 | + - Document cn=config in README file (LP: #370784). |
2550 | + - remaining changes: |
2551 | + + AppArmor support: |
2552 | + - debian/apparmor-profile: add AppArmor profile |
2553 | + - use dh_apparmor: |
2554 | + - debian/rules: use dh_apparmor |
2555 | + - debian/control: Build-Depends on debhelper 7.4.20ubuntu5 |
2556 | + - updated debian/slapd.README.Debian for note on AppArmor |
2557 | + - debian/slapd.dirs: add etc/apparmor.d/force-complain |
2558 | + + Enable GSSAPI support (LP: #495418): |
2559 | + - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise): |
2560 | + - Add --with-gssapi support |
2561 | + - Make guess_service_principal() more robust when determining |
2562 | + principal |
2563 | + - debian/patches/series: apply gssapi.diff patch. |
2564 | + - debian/configure.options: Configure with --with-gssapi |
2565 | + - debian/control: Added libkrb5-dev as a build depend |
2566 | + + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support |
2567 | + in the openldap library, as required by Likewise-Open (LP: #390579) |
2568 | + + Don't build smbk5pwd overlay since it uses heimdal instead of krb5: |
2569 | + - debian/control: |
2570 | + - remove build-dependency on heimdal-dev. |
2571 | + - remove slapd-smbk5pwd binary package. |
2572 | + - debian/rules: don't build smbk5pwd slapd module. |
2573 | + + debian/{control,rules}: enable PIE hardening |
2574 | + + ufw support (LP: #423246): |
2575 | + - debian/control: suggest ufw. |
2576 | + - debian/rules: install ufw profile. |
2577 | + - debian/slapd.ufw.profile: add ufw profile. |
2578 | + + Enable nssoverlay: |
2579 | + - debian/patches/nssov-build, debian/series, debian/rules: |
2580 | + Apply, build and package the nss overlay. |
2581 | + - debian/schema/extra/misc.ldif: add ldif file for the misc schema |
2582 | + which defines rfc822MailMember (required by the nss overlay). |
2583 | + + debian/rules, debian/schema/extra/: |
2584 | + Fix configure rule to supports extra schemas shipped as part |
2585 | + of the debian/schema/ directory. |
2586 | + + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544) |
2587 | + + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in |
2588 | + neither the default DIT nor via an Authn mapping. |
2589 | + + debian/slapd.scripts-common: adjust minimum version that triggers a |
2590 | + database upgrade. Upgrade from maverick shouldn't trigger database |
2591 | + upgrade (which would happen with the version used in Debian). |
2592 | + + debian/slapd.scripts-common: add slapcat_opts to local variables. |
2593 | + Remove unused variable new_conf. |
2594 | + + debian/slapd.script-common: Fix package reconfiguration. |
2595 | + - Fix backup directory naming for multiple reconfiguration. |
2596 | + + debian/slapd.default, debian/slapd.README.Debian: |
2597 | + use the new configuration style. |
2598 | + |
2599 | + -- Mathias Gug <mathiaz@ubuntu.com> Fri, 12 Nov 2010 15:19:07 -0500 |
2600 | + |
2601 | openldap (2.4.23-6) unstable; urgency=high |
2602 | |
2603 | * Check for an empty directory to prevent an rm -f /*. (Closes: #597704) |
2604 | @@ -1315,6 +3601,80 @@ openldap (2.4.23-1) unstable; urgency=low |
2605 | |
2606 | -- Matthijs Mohlmann <matthijs@cacholong.nl> Mon, 12 Jul 2010 13:25:00 +0200 |
2607 | |
2608 | +openldap (2.4.23-0ubuntu4) natty; urgency=low |
2609 | + |
2610 | + * debian/slapd.templates: amended typo in slapd/move_old_database |
2611 | + (LP: #666028) |
2612 | + |
2613 | + -- James Page <james.page@canonical.com> Mon, 08 Nov 2010 10:00:58 +0000 |
2614 | + |
2615 | +openldap (2.4.23-0ubuntu3.2) maverick-proposed; urgency=low |
2616 | + |
2617 | + * debian/slapd.templates: re-add slapd/move_old_database template as it's |
2618 | + used during the package upgrade. Thanks to James Page for pointing it. |
2619 | + * debian/slapd.config: restore debconf question slapd/move_old_database. |
2620 | + |
2621 | + -- Mathias Gug <mathiaz@ubuntu.com> Thu, 14 Oct 2010 16:56:38 -0400 |
2622 | + |
2623 | +openldap (2.4.23-0ubuntu3.1) maverick-proposed; urgency=low |
2624 | + |
2625 | + [ James Page ] |
2626 | + * Fixed install/upgrade process to dump/restore databases due |
2627 | + to uplift to libdb4.8-dev (LP: #658227) |
2628 | + |
2629 | + -- Mathias Gug <mathiaz@ubuntu.com> Thu, 14 Oct 2010 14:50:49 -0400 |
2630 | + |
2631 | +openldap (2.4.23-0ubuntu3) maverick; urgency=low |
2632 | + |
2633 | + * debian/rules: move dh_apparmor before dh_installinit |
2634 | + |
2635 | + -- Jamie Strandboge <jamie@ubuntu.com> Fri, 06 Aug 2010 17:34:21 -0500 |
2636 | + |
2637 | +openldap (2.4.23-0ubuntu2) maverick; urgency=low |
2638 | + |
2639 | + * convert to using dh_apparmor: |
2640 | + - debian/rules, debian/slapd.post{inst,rm}: use dh_apparmor |
2641 | + - debian/control: Build-Depends on debhelper 7.4.20ubuntu5 |
2642 | + * debian/apparmor-profile: use local include |
2643 | + |
2644 | + -- Jamie Strandboge <jamie@ubuntu.com> Fri, 06 Aug 2010 15:08:55 -0500 |
2645 | + |
2646 | +openldap (2.4.23-0ubuntu1) maverick; urgency=low |
2647 | + |
2648 | + * New release, features include: |
2649 | + + Fixed libldap to return server's error code (ITS#6569) |
2650 | + + Fixed libldap memleaks (ITS#6568) |
2651 | + + Fixed liblutil off-by-one with delta (ITS#6541) |
2652 | + + Fixed slapd acls with glued databases (ITS#6468) |
2653 | + + Fixed slapd syncrepl rid logging (ITS#6533) |
2654 | + + Fixed slapd modrdn handling of invalid values (ITS#6570) |
2655 | + + Fixed slapd-bdb hasSubordinates computation (ITS#6549) |
2656 | + + Fixed slapd-bdb to use memcpy instead for strcpy (ITS#6474) |
2657 | + + Fixed slapd-bdb entry cache delete failure (ITS#6577) |
2658 | + + Fixed slapd-ldap to return control responses (ITS#6530) |
2659 | + + Fixed slapo-ppolicy to use Debug (ITS#6566) |
2660 | + + Fixed slapo-refint to zero out freed DN vals (ITS#6572) |
2661 | + + Fixed slapo-rwm to use Debug (ITS#6566) |
2662 | + + Fixed slapo-sssvlv to use Debug (ITS#6566) |
2663 | + + Fixed slapo-syncprov lost deletes in refresh phase (ITS#6555) |
2664 | + + Fixed slapo-valsort to use Debug (ITS#6566) |
2665 | + + Fixed contrib/nssov network.c missing patch (ITS#6562) |
2666 | + + Fixed test043 attribute sorting (ITS#6553) |
2667 | + + slapd-config(5) note default rootdn (ITS#6546) |
2668 | + * Rebased patches debian/patches/dropped nssov-build |
2669 | + * Resynchronize with Debian: |
2670 | + + debian/control: |
2671 | + - Bump standards-version to 3.9.0 |
2672 | + - Use libdb4.8-dev (LP: #572489) |
2673 | + + Added debian/patches/issue-6534-patch |
2674 | + + Added debian/patches/ldap-conf-tls-cacertdir |
2675 | + * Add ufw support, thanks to PatRiehecky (LP: #423246) |
2676 | + |
2677 | + [Adam Sommer] |
2678 | + * debian/rules, debian/slapd.py: Add apport hook. (LP: #610544) |
2679 | + |
2680 | + -- Chuck Short <zulcss@ubuntu.com> Wed, 28 Jul 2010 11:35:16 -0400 |
2681 | + |
2682 | openldap (2.4.21-1) unstable; urgency=low |
2683 | |
2684 | [ Steve Langasek ] |
2685 | @@ -1346,6 +3706,79 @@ openldap (2.4.21-1) unstable; urgency=low |
2686 | |
2687 | -- Matthijs Mohlmann <matthijs@cacholong.nl> Thu, 22 Apr 2010 23:40:30 +0200 |
2688 | |
2689 | +openldap (2.4.21-0ubuntu5) lucid; urgency=low |
2690 | + |
2691 | + * Fix local root connection access: replace olcAuthzRegexp mapping to |
2692 | + cn=localroot,cn=config with using the SASL dn directly in olcAccess. |
2693 | + Makes upgrades much simpler and robust (LP: #563829). |
2694 | + |
2695 | + -- Mathias Gug <mathiaz@ubuntu.com> Fri, 23 Apr 2010 00:23:31 -0400 |
2696 | + |
2697 | +openldap (2.4.21-0ubuntu4) lucid; urgency=low |
2698 | + |
2699 | + [ Simon Olofsson ] |
2700 | + * debian/slapd.postinst: |
2701 | + - Show a message after successful migration (LP: #538848) |
2702 | + |
2703 | + [ Jorgen Rosink ] |
2704 | + * debian/slapd.init: add simple status checking with LSB compatible exit |
2705 | + codes (LP: #562377) |
2706 | + * debian/slapd.init.ldif: |
2707 | + - remove admin user in default config database (LP: #556176) |
2708 | + - in default config, add olcAccess entries giving access to controls |
2709 | + available and cn=subschema (LP: #427842) |
2710 | + |
2711 | + [ Scott Moser ] |
2712 | + * debian/slapd.scripts-common: Do not create /nonexistent directory |
2713 | + for openldap user's home (LP: #556176) |
2714 | + * debian/slapd.postinst: fix cn=config olcAccess migration (LP: #559070) |
2715 | + |
2716 | + -- Scott Moser <smoser@ubuntu.com> Mon, 12 Apr 2010 16:16:47 -0400 |
2717 | + |
2718 | +openldap (2.4.21-0ubuntu3) lucid; urgency=low |
2719 | + |
2720 | + * debian/slapd.postinst, debian/slapd.scripts-common: Upgrade databases |
2721 | + before trying to convert to slapd.d, to avoid upgrade failure from hardy |
2722 | + (LP: #536958) |
2723 | + * debian/slapd.postinst: Add a {1} numeric index to olcAccess entry in |
2724 | + olcDatabase={0}config.ldif to avoid upgrade failures (LP: #538516, #526230) |
2725 | + |
2726 | + -- Thierry Carrez <thierry.carrez@ubuntu.com> Mon, 29 Mar 2010 13:31:47 +0200 |
2727 | + |
2728 | +openldap (2.4.21-0ubuntu2) lucid; urgency=low |
2729 | + |
2730 | + * debian/apparmor-profile: Update apparmor profile. (LP: #508190) |
2731 | + |
2732 | + -- Chuck Short <zulcss@ubuntu.com> Tue, 09 Mar 2010 13:33:35 -0500 |
2733 | + |
2734 | +openldap (2.4.21-0ubuntu1) lucid; urgency=low |
2735 | + |
2736 | + * New upstream release. |
2737 | + * debian/rules, debian/schema/extra/: |
2738 | + Fix get-orig-source rule to supports extra schemas shipped as part of the |
2739 | + debian/schema/ directory. |
2740 | + |
2741 | + -- Mathias Gug <mathiaz@ubuntu.com> Thu, 18 Feb 2010 00:58:13 -0500 |
2742 | + |
2743 | +openldap (2.4.18-0ubuntu2) lucid; urgency=low |
2744 | + |
2745 | + * debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise): |
2746 | + - Add --with-gssapi support |
2747 | + - Make guess_service_principal() more robust when determining principal |
2748 | + * Enable GSSAPI support (LP: #495418): |
2749 | + - debian/configure.options: Configure with --with-gssapi |
2750 | + - debian/control: Added libkrb5-dev as a build depend |
2751 | + |
2752 | + -- Thierry Carrez <thierry.carrez@ubuntu.com> Fri, 11 Dec 2009 11:31:11 +0100 |
2753 | + |
2754 | +openldap (2.4.18-0ubuntu1) karmic; urgency=low |
2755 | + |
2756 | + * New upstream release: (LP: #419515): |
2757 | + + pcache overlay supports disconnected mode. |
2758 | + * Fix nss overlay load (LP: #417163). |
2759 | + |
2760 | + -- Mathias Gug <mathiaz@ubuntu.com> Mon, 07 Sep 2009 13:41:10 -0400 |
2761 | + |
2762 | openldap (2.4.17-2.1) unstable; urgency=high |
2763 | |
2764 | * Non-maintainer upload by the Security Team. |
2765 | @@ -1372,6 +3805,108 @@ openldap (2.4.17-2) unstable; urgency=low |
2766 | |
2767 | -- Steve Langasek <vorlon@debian.org> Tue, 22 Sep 2009 20:06:34 -0700 |
2768 | |
2769 | +openldap (2.4.17-1ubuntu3) karmic; urgency=low |
2770 | + |
2771 | + * Install a minimal slapd configuration instead of creating a default |
2772 | + database with a default DIT: |
2773 | + + Move openldap user home from /var/lib/ldap to /nonexistent. |
2774 | + + Remove all code and templates dealing with the default database and DIT |
2775 | + creation. |
2776 | + + Add an Authz map from root user (UID=0) to cn=localroot,cn=config and |
2777 | + grant all access to the latter in the cn=config database as well as the |
2778 | + default backend configuration. |
2779 | + * Add cn=localroot,cn=config authz mapping on upgrades. |
2780 | + |
2781 | + -- Mathias Gug <mathiaz@ubuntu.com> Tue, 11 Aug 2009 14:48:56 -0400 |
2782 | + |
2783 | +openldap (2.4.17-1ubuntu2) karmic; urgency=low |
2784 | + |
2785 | + [ Thierry Carrez ] |
2786 | + * debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support |
2787 | + in the openldap library, as required by Likewise-Open (LP: #390579) |
2788 | + |
2789 | + [ Mathias Gug ] |
2790 | + * debian/patches/its6077-uniqueness-overlay: fixes some issues with the |
2791 | + uniqueness overlay. |
2792 | + * debian/patches/its6220-writetimeout-directive: fixes a problem with the |
2793 | + writetimeout directive being in effect even if it wasn't set, |
2794 | + closing connections incorrectly. |
2795 | + * debian/patches/its6222-dncachesize-parameter: fixes the behavior of the |
2796 | + dncachesize parameter that was added in RE24, so that if it is set to |
2797 | + "0" (now the default), it has an unlimited DN cache (RE23 always |
2798 | + had an unlimited DN cache). |
2799 | + |
2800 | + -- Mathias Gug <mathiaz@ubuntu.com> Fri, 31 Jul 2009 13:43:46 -0400 |
2801 | + |
2802 | +openldap (2.4.17-1ubuntu1) karmic; urgency=low |
2803 | + |
2804 | + [ Steve Langasek ] |
2805 | + * Fix up the lintian warnings: |
2806 | + - add missing misc-depends on all packages |
2807 | + - slapd, libldap-2.4-2-dbg sections changed to 'debug' to match archive |
2808 | + overrides |
2809 | + - bump Standards-Version to 3.8.2, no changes required. |
2810 | + |
2811 | + [ Mathias Gug ] |
2812 | + * Resynchronise with Debian. Remaining changes: |
2813 | + - AppArmor support: |
2814 | + - debian/apparmor-profile: add AppArmor profile |
2815 | + - updated debian/slapd.README.Debian for note on AppArmor |
2816 | + - debian/slapd.dirs: add etc/apparmor.d/force-complain |
2817 | + - debian/slapd.postrm: remove symlink in force-complain/ on purge |
2818 | + - debian/rules: install apparmor profile. |
2819 | + - Don't use local statement in config script as it fails if /bin/sh |
2820 | + points to bash. |
2821 | + - debian/slapd.postinst, debian/slapd.script-common: set correct |
2822 | + ownership and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group |
2823 | + readable) and /var/run/slapd (world readable). |
2824 | + - Enable nssoverlay: |
2825 | + - debian/patches/nssov-build, debian/rules: Build and package the nss |
2826 | + overlay. |
2827 | + - debian/schema/misc.ldif: add ldif file for the misc schema which |
2828 | + defines rfc822MailMember (required by the nss overlay). |
2829 | + - debian/{control,rules}: enable PIE hardening |
2830 | + - Use cn=config as the default configuration backend instead of |
2831 | + slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade |
2832 | + asking the end user to enter a new password to control the access to |
2833 | + the cn=config tree. |
2834 | + - debian/slapd.postinst: create /var/run/slapd before updating its |
2835 | + permissions. |
2836 | + - debian/slapd.init: Correctly set slapd config backend option even if |
2837 | + the pidfile is configured in slapd default file. |
2838 | + * Dropped: |
2839 | + - Merged in Debian: |
2840 | + - Update priority of libldap-2.4-2 to match the archive override. |
2841 | + - Add the missing ldapexop and ldapurl tools to ldap-utils, as well as |
2842 | + the ldapurl(1) manpage. |
2843 | + - Bump build-dependency on debhelper to 6 instead of 5, since that's |
2844 | + what we're using. |
2845 | + - Set the default SLAPD_SERVICES to ldap:/// ldapi:///, instead of using |
2846 | + the built-in default of ldap:/// only. |
2847 | + - Fixed in upstream release: |
2848 | + - debian/patches/fix-ldap_back_entry_get_rwa.patch: fix test-0034 |
2849 | + failure when built with PIE. |
2850 | + - debian/patches/gnutls-enable-v1-ca-certs: Enable V1 CA certs to be |
2851 | + trusted. |
2852 | + - Update Apparmor profile support: don't support upgrade from pre-hardy |
2853 | + systems: |
2854 | + - debian/slapd.postinst: Reload AA profile on configuration |
2855 | + - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6 |
2856 | + - debian/control: Conflicts with apparmor-profiles << |
2857 | + 2.1+1075-0ubuntu4 to make sure that if earlier version of |
2858 | + apparmor-profiles gets installed it won't overwrite our profile. |
2859 | + - follow ApparmorProfileMigration and force apparmor complain mode on |
2860 | + some upgrades |
2861 | + - debian/slapd.preinst: create symlink for force-complain on |
2862 | + pre-feisty upgrades, upgrades where apparmor-profiles profile is |
2863 | + unchanged (ie non-enforcing) and upgrades where apparmor profile |
2864 | + does not exist. |
2865 | + - debian/patches/autogen.sh: no longer needed with karmic libtool. |
2866 | + - Call libtoolize with the --install option to install |
2867 | + config.{guess,sub} files. |
2868 | + |
2869 | + -- Mathias Gug <mathiaz@ubuntu.com> Thu, 30 Jul 2009 16:42:58 -0400 |
2870 | + |
2871 | openldap (2.4.17-1) unstable; urgency=low |
2872 | |
2873 | * New upstream version. |
2874 | @@ -1394,6 +3929,153 @@ openldap (2.4.17-1) unstable; urgency=low |
2875 | |
2876 | -- Steve Langasek <vorlon@debian.org> Tue, 28 Jul 2009 10:17:15 -0700 |
2877 | |
2878 | +openldap (2.4.15-1.1ubuntu1) karmic; urgency=low |
2879 | + |
2880 | + * Resynchronise with Debian. Remaining changes: |
2881 | + - AppArmor support: |
2882 | + - debian/apparmor-profile: add AppArmor profile |
2883 | + - debian/slapd.postinst: Reload AA profile on configuration |
2884 | + - updated debian/slapd.README.Debian for note on AppArmor |
2885 | + - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6 |
2886 | + - debian/control: Conflicts with apparmor-profiles << |
2887 | + 2.1+1075-0ubuntu4 to make sure that if earlier version of |
2888 | + apparmor-profiles gets installed it won't overwrite our profile. |
2889 | + - follow ApparmorProfileMigration and force apparmor complain mode on |
2890 | + some upgrades |
2891 | + - debian/slapd.dirs: add etc/apparmor.d/force-complain |
2892 | + - debian/slapd.preinst: create symlink for force-complain on |
2893 | + pre-feisty upgrades, upgrades where apparmor-profiles profile is |
2894 | + unchanged (ie non-enforcing) and upgrades where apparmor profile |
2895 | + does not exist. |
2896 | + - debian/slapd.postrm: remove symlink in force-complain/ on purge |
2897 | + - debian/patches/autogen.sh: |
2898 | + - Call libtoolize with the --install option to install |
2899 | + config.{guess,sub} files. |
2900 | + - Don't use local statement in config script as it fails if /bin/sh |
2901 | + points to bash. |
2902 | + - debian/slapd.postinst, debian/slapd.script-common: set correct |
2903 | + ownership and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group |
2904 | + readable) and /var/run/slapd (world readable). |
2905 | + - Enable nssoverlay: |
2906 | + - debian/patches/nssov-build, debian/rules: Build and package the nss |
2907 | + overlay. |
2908 | + - debian/schema/misc.ldif: add ldif file for the misc schema which |
2909 | + defines rfc822MailMember (required by the nss overlay). |
2910 | + - debian/{control,rules}: enable PIE hardening |
2911 | + - Use cn=config as the default configuration backend instead of |
2912 | + slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade |
2913 | + asking the end user to enter a new password to control the access to |
2914 | + the cn=config tree. |
2915 | + - Update priority of libldap-2.4-2 to match the archive override. |
2916 | + - Add the missing ldapexop and ldapurl tools to ldap-utils, as well as |
2917 | + the ldapurl(1) manpage. |
2918 | + - Bump build-dependency on debhelper to 6 instead of 5, since that's |
2919 | + what we're using. |
2920 | + - Set the default SLAPD_SERVICES to ldap:/// ldapi:///, instead of using |
2921 | + the built-in default of ldap:/// only. |
2922 | + - debian/patches/fix-ldap_back_entry_get_rwa.patch: fix test-0034 |
2923 | + failure when built with PIE. |
2924 | + - debian/patches/gnutls-enable-v1-ca-certs: Enable V1 CA certs to be |
2925 | + trusted. |
2926 | + - debian/slapd.postinst: create /var/run/slapd before updating its |
2927 | + permissions. |
2928 | + - debian/slapd.init: Correctly set slapd config backend option even if |
2929 | + the pidfile is configured in slapd default file. |
2930 | + * Drop patch to avoid the test suite on hppa, as hppa is EOL. |
2931 | + |
2932 | + -- Colin Watson <cjwatson@ubuntu.com> Wed, 24 Jun 2009 10:45:20 +0100 |
2933 | + |
2934 | +openldap (2.4.15-1.1) unstable; urgency=low |
2935 | + |
2936 | + * Non-maintainer upload. |
2937 | + * Change libltdl3-dev Build-Depends to libltdl-dev | libltdl3-dev |
2938 | + (Closes: #522965) |
2939 | + |
2940 | + -- Kurt Roeckx <kurt@roeckx.be> Sun, 19 Apr 2009 18:24:32 +0200 |
2941 | + |
2942 | +openldap (2.4.15-1ubuntu3) jaunty; urgency=low |
2943 | + |
2944 | + * No-change rebuild to fix lpia shared library dependencies. |
2945 | + |
2946 | + -- Colin Watson <cjwatson@ubuntu.com> Thu, 19 Mar 2009 09:52:40 +0000 |
2947 | + |
2948 | +openldap (2.4.15-1ubuntu2) jaunty; urgency=low |
2949 | + |
2950 | + * debian/slapd.postinst: create /var/run/slapd before updating its |
2951 | + permissions (LP: #298928). |
2952 | + * debian/slapd.init: Correclty set slapd config backend option even if the |
2953 | + pidfile is configured in slapd default file (LP: #292364). |
2954 | + * debian/apparmor-profile: support multiple databases to be stored under |
2955 | + /var/lib/ldap/. (LP: #286614). |
2956 | + |
2957 | + -- Mathias Gug <mathiaz@ubuntu.com> Fri, 13 Mar 2009 13:56:12 -0400 |
2958 | + |
2959 | +openldap (2.4.15-1ubuntu1) jaunty; urgency=low |
2960 | + |
2961 | + [ Steve Langasek ] |
2962 | + * Update priority of libldap-2.4-2 to match the archive override. |
2963 | + * Add the missing ldapexop and ldapurl tools to ldap-utils, as well as the |
2964 | + ldapurl(1) manpage. Thanks to Peter Marschall for the patch. |
2965 | + Closes: #496749. |
2966 | + * Bump build-dependency on debhelper to 6 instead of 5, since that's |
2967 | + what we're using. Closes: #498116. |
2968 | + * Set the default SLAPD_SERVICES to ldap:/// ldapi:///, instead of using |
2969 | + the built-in default of ldap:/// only. |
2970 | + |
2971 | + [ Mathias Gug ] |
2972 | + * Merge from debian unstable, remaining changes: |
2973 | + - Modify Maintainer value to match the DebianMaintainerField |
2974 | + speficication. |
2975 | + - AppArmor support: |
2976 | + - debian/apparmor-profile: add AppArmor profile |
2977 | + - debian/slapd.postinst: Reload AA profile on configuration |
2978 | + - updated debian/slapd.README.Debian for note on AppArmor |
2979 | + - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6 |
2980 | + - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4 |
2981 | + to make sure that if earlier version of apparmour-profiles gets |
2982 | + installed it won't overwrite our profile. |
2983 | + - follow ApparmorProfileMigration and force apparmor compalin mode on |
2984 | + some upgrades (LP: #203529) |
2985 | + - debian/slapd.dirs: add etc/apparmor.d/force-complain |
2986 | + - debian/slapd.preinst: create symlink for force-complain on pre-feisty |
2987 | + upgrades, upgrades where apparmor-profiles profile is unchanged (ie |
2988 | + non-enforcing) and upgrades where apparmor profile does not exist. |
2989 | + - debian/slapd.postrm: remove symlink in force-complain/ on purge |
2990 | + - debian/control: |
2991 | + - Build-depend on libltdl7-dev rather then libltdl3-dev. |
2992 | + - debian/patches/autogen.sh: |
2993 | + - Call libtoolize with the --install option to install config.{guess,sub} |
2994 | + files. |
2995 | + - Don't use local statement in config script as it fails if /bin/sh |
2996 | + points to bash (LP: #286063). |
2997 | + - Disable the testsuite on hppa. Allows building of packages on this |
2998 | + architecture again, once this package is in the archive. |
2999 | + LP: #288908. |
3000 | + - debian/slapd.postinst, debian/slapd.script-common: set correct ownership |
3001 | + and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group readable) and |
3002 | + /var/run/slapd (world readable). (LP: #257667). |
3003 | + - Enable nssoverlay: |
3004 | + - debian/patches/nssov-build, debian/rules: Build and package |
3005 | + the nss overlay. |
3006 | + - debian/schema/misc.ldif: add ldif file for the misc schema |
3007 | + which defines rfc822MailMember (required by the nss overlay). |
3008 | + - debian/{control,rules}: enable PIE hardening |
3009 | + - Use cn=config as the default configuration backend instead of |
3010 | + slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade |
3011 | + asking the end user to enter a new password to control the access to the |
3012 | + cn=config tree. |
3013 | + * Dropped: |
3014 | + - debian/patches/corrupt-contextCSN: The contextCSN can get corrupted at |
3015 | + times. (ITS: #5947) Fixed in new upstream version 2.4.15. |
3016 | + - debian/patches/fix-ucred-libc due to changes how newer glibc handle |
3017 | + the ucred struct now. Implemented in Debian. |
3018 | + * debian/patches/fix-ldap_back_entry_get_rwa.patch: fix test-0034 failure |
3019 | + when built with PIE. |
3020 | + * debian/patches/gnutls-enable-v1-ca-certs: Enable V1 CA certs to be |
3021 | + trusted (LP: #305264). |
3022 | + |
3023 | + -- Mathias Gug <mathiaz@ubuntu.com> Fri, 06 Mar 2009 17:34:21 -0500 |
3024 | + |
3025 | openldap (2.4.15-1) unstable; urgency=low |
3026 | |
3027 | * New upstream version |
3028 | @@ -1411,6 +4093,69 @@ openldap (2.4.15-1) unstable; urgency=low |
3029 | |
3030 | -- Steve Langasek <vorlon@debian.org> Tue, 24 Feb 2009 14:27:35 -0800 |
3031 | |
3032 | +openldap (2.4.14-0ubuntu1) jaunty; urgency=low |
3033 | + |
3034 | + [ Steve Langasek ] |
3035 | + * New upstream version |
3036 | + - Fixes a bug with the pcache overlay not returning cached entries |
3037 | + (closes: #497697) |
3038 | + - Update evolution-ntlm patch to apply to current Makefiles. |
3039 | + - (tentatively) drop gnutls-ciphers, since this bug was reported to be |
3040 | + fixed upstream in 2.4.8. The fix applied in 2.4.8 didn't match the |
3041 | + patch from the bug report, so this should be watched for regressions. |
3042 | + * Build against db4.7 instead of db4.2 at last! Closes: #421946. |
3043 | + * Build with --disable-ndb, to avoid a misbuild when libmysqlclient is |
3044 | + installed in the build environment. |
3045 | + * New patch, no-crlcheck-for-gnutls, to fix a build failure when using |
3046 | + --with-tls=gnutls. |
3047 | + |
3048 | + [ Mathias Gug ] |
3049 | + * Merge from debian unstable, remaining changes: |
3050 | + - debian/apparmor-profile: add AppArmor profile |
3051 | + - debian/slapd.postinst: Reload AA profile on configuration |
3052 | + - updated debian/slapd.README.Debian for note on AppArmor |
3053 | + - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6 |
3054 | + - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4 |
3055 | + to make sure that if earlier version of apparmour-profiles gets |
3056 | + installed it won't overwrite our profile. |
3057 | + - Modify Maintainer value to match the DebianMaintainerField |
3058 | + speficication. |
3059 | + - follow ApparmorProfileMigration and force apparmor compalin mode on |
3060 | + some upgrades (LP: #203529) |
3061 | + - debian/slapd.dirs: add etc/apparmor.d/force-complain |
3062 | + - debian/slapd.preinst: create symlink for force-complain on pre-feisty |
3063 | + upgrades, upgrades where apparmor-profiles profile is unchanged (ie |
3064 | + non-enforcing) and upgrades where apparmor profile does not exist. |
3065 | + - debian/slapd.postrm: remove symlink in force-complain/ on purge |
3066 | + - debian/patches/fix-ucred-libc due to changes how newer glibc handle |
3067 | + the ucred struct now. |
3068 | + - debian/control: |
3069 | + - Build-depend on libltdl7-dev rather then libltdl3-dev. |
3070 | + - debian/patches/autogen.sh: |
3071 | + - Call libtoolize with the --install option to install config.{guess,sub} |
3072 | + files. |
3073 | + - Don't use local statement in config script as it fails if /bin/sh |
3074 | + points to bash (LP: #286063). |
3075 | + - Disable the testsuite on hppa. Allows building of packages on this |
3076 | + architecture again, once this package is in the archive. |
3077 | + LP: #288908. |
3078 | + - debian/slapd.postinst, debian/slapd.script-common: set correct ownership |
3079 | + and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group readable) and |
3080 | + /var/run/slapd (world readable). (LP: #257667). |
3081 | + - debian/patches/nssov-build, debian/rules: |
3082 | + Build and package the nss overlay. |
3083 | + debian/schema/misc.ldif: add ldif file for the misc schema, which defines |
3084 | + rfc822MailMember (required by the nss overlay). |
3085 | + - debian/{control,rules}: enable PIE hardening |
3086 | + - Use cn=config as the default configuration backend instead of |
3087 | + slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade |
3088 | + asking the end user to enter a new password to control the access to the |
3089 | + cn=config tree. |
3090 | + * debian/patches/corrupt-contextCSN: The contextCSN can get corrupted at |
3091 | + times. (ITS: #5947) |
3092 | + |
3093 | + -- Mathias Gug <mathiaz@ubuntu.com> Wed, 18 Feb 2009 18:44:00 -0500 |
3094 | + |
3095 | openldap (2.4.11-1) unstable; urgency=low |
3096 | |
3097 | * New upstream version (closes: #499560). |
3098 | @@ -1433,6 +4178,110 @@ openldap (2.4.11-1) unstable; urgency=low |
3099 | |
3100 | -- Steve Langasek <vorlon@debian.org> Sat, 11 Oct 2008 01:53:55 -0700 |
3101 | |
3102 | +openldap (2.4.11-0ubuntu7) jaunty; urgency=low |
3103 | + |
3104 | + * Don't use local statement in config script as it fails if /bin/sh |
3105 | + points to bash (LP: #286063). |
3106 | + |
3107 | + -- Mathias Gug <mathiaz@ubuntu.com> Tue, 04 Nov 2008 20:03:46 -0500 |
3108 | + |
3109 | +openldap (2.4.11-0ubuntu6) intrepid; urgency=low |
3110 | + |
3111 | + * Disable the testsuite on hppa. Allows building of packages on this |
3112 | + architecture again, once this package is in the archive. |
3113 | + LP: #288908. |
3114 | + |
3115 | + -- Matthias Klose <doko@ubuntu.com> Fri, 24 Oct 2008 23:22:33 +0200 |
3116 | + |
3117 | +openldap (2.4.11-0ubuntu5) intrepid; urgency=low |
3118 | + |
3119 | + * Don't set admin passwords in ldif files if adminpw is empty. |
3120 | + (LP: #273988 - LP: #276606). |
3121 | + |
3122 | + -- Mathias Gug <mathiaz@ubuntu.com> Mon, 13 Oct 2008 19:31:15 -0400 |
3123 | + |
3124 | +openldap (2.4.11-0ubuntu4) intrepid; urgency=low |
3125 | + |
3126 | + * debian/slapd.postinst, debian/slapd.script-common: set correct ownership |
3127 | + and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group readable) and |
3128 | + /var/run/slapd (world readable). (LP: #257667). |
3129 | + * debian/slapd.script-common: |
3130 | + - Fix package reconfiguration: |
3131 | + + Remove slapd.d/ directory if it already exists when creating a new |
3132 | + configuration. |
3133 | + + Fix backup directory naming for multiple reconfiguration. |
3134 | + |
3135 | + -- Mathias Gug <mathiaz@ubuntu.com> Wed, 24 Sep 2008 21:01:42 -0400 |
3136 | + |
3137 | +openldap (2.4.11-0ubuntu3) intrepid; urgency=low |
3138 | + |
3139 | + * debian/patches/nssov-build, debian/rules: |
3140 | + Build and package the nss overlay. |
3141 | + * debian/schema/misc.ldif: add ldif file for the misc schema, which defines |
3142 | + rfc822MailMember (required by the nss overlay). |
3143 | + |
3144 | + -- Mathias Gug <mathiaz@ubuntu.com> Tue, 26 Aug 2008 18:42:54 -0400 |
3145 | + |
3146 | +openldap (2.4.11-0ubuntu2) intrepid; urgency=low |
3147 | + |
3148 | + * debian/{control,rules}: enable PIE hardening |
3149 | + |
3150 | + -- Kees Cook <kees@ubuntu.com> Wed, 20 Aug 2008 15:47:01 -0700 |
3151 | + |
3152 | +openldap (2.4.11-0ubuntu1) intrepid; urgency=low |
3153 | + |
3154 | + * New upstream version: |
3155 | + - Mainly bug fixes. |
3156 | + - New nss slapd overlay (not compiled by default). |
3157 | + * Use cn=config as the default configuration backend instead of |
3158 | + slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade |
3159 | + asking the end user to enter a new password to control the access to the |
3160 | + cn=config tree. |
3161 | + |
3162 | + -- Mathias Gug <mathiaz@ubuntu.com> Mon, 11 Aug 2008 20:26:05 -0400 |
3163 | + |
3164 | +openldap (2.4.10-3ubuntu1) intrepid; urgency=low |
3165 | + |
3166 | + [ Mathias Gug ] |
3167 | + * Merge from debian unstable, remaining changes: |
3168 | + - debian/apparmor-profile: add AppArmor profile |
3169 | + - debian/slapd.postinst: Reload AA profile on configuration |
3170 | + - updated debian/slapd.README.Debian for note on AppArmor |
3171 | + - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6 |
3172 | + - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4 |
3173 | + to make sure that if earlier version of apparmour-profiles gets |
3174 | + installed it won't overwrite our profile. |
3175 | + - Modify Maintainer value to match the DebianMaintainerField |
3176 | + speficication. |
3177 | + - follow ApparmorProfileMigration and force apparmor compalin mode on |
3178 | + some upgrades (LP: #203529) |
3179 | + - debian/slapd.dirs: add etc/apparmor.d/force-complain |
3180 | + - debian/slapd.preinst: create symlink for force-complain on pre-feisty |
3181 | + upgrades, upgrades where apparmor-profiles profile is unchanged (ie |
3182 | + non-enforcing) and upgrades where apparmor profile does not exist. |
3183 | + - debian/slapd.postrm: remove symlink in force-complain/ on purge |
3184 | + - debian/patches/fix-ucred-libc due to changes how newer glibc handle |
3185 | + the ucred struct now. |
3186 | + - debian/patches/fix-unique-overlay-assertion.patch: |
3187 | + Fix another assertion error in unique overlay (LP: #243337). |
3188 | + Backport from head. |
3189 | + * Dropped - implemented in Debian: |
3190 | + - debian/patches/fix-gnutls-key-strength.patch: |
3191 | + Fix slapd handling of ssf using gnutls. (LP: #244925). |
3192 | + - debian/control: |
3193 | + Add time as build dependency: needed by make test. |
3194 | + * debian/control: |
3195 | + - Build-depend on libltdl7-dev rather then libltdl3-dev. |
3196 | + * debian/patches/autogen.sh: |
3197 | + - Call libtoolize with the --install option to install config.{guess,sub} |
3198 | + files. |
3199 | + |
3200 | + [ Jamie Strandboge ] |
3201 | + * adjust apparmor profile to allow gssapi (LP: #229252) |
3202 | + * adjust apparmor profile to allow cnconfig (LP: #243525) |
3203 | + |
3204 | + -- Mathias Gug <mathiaz@ubuntu.com> Wed, 30 Jul 2008 19:46:02 -0400 |
3205 | + |
3206 | openldap (2.4.10-3) unstable; urgency=low |
3207 | |
3208 | [ Steve Langasek ] |
3209 | @@ -1466,6 +4315,40 @@ openldap (2.4.10-3) unstable; urgency=low |
3210 | |
3211 | -- Steve Langasek <vorlon@debian.org> Mon, 28 Jul 2008 15:26:06 -0700 |
3212 | |
3213 | +openldap (2.4.10-2ubuntu1) intrepid; urgency=low |
3214 | + |
3215 | + * Merge from debian unstable, remaining changes: |
3216 | + - debian/apparmor-profile: add AppArmor profile |
3217 | + - debian/slapd.postinst: Reload AA profile on configuration |
3218 | + - updated debian/slapd.README.Debian for note on AppArmor |
3219 | + - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6 |
3220 | + - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4 |
3221 | + to make sure that if earlier version of apparmour-profiles gets |
3222 | + installed it won't overwrite our profile. |
3223 | + - Modify Maintainer value to match the DebianMaintainerField |
3224 | + speficication. |
3225 | + - follow ApparmorProfileMigration and force apparmor compalin mode on |
3226 | + some upgrades (LP: #203529) |
3227 | + - debian/slapd.dirs: add etc/apparmor.d/force-complain |
3228 | + - debian/slapd.preinst: create symlink for force-complain on pre-feisty |
3229 | + upgrades, upgrades where apparmor-profiles profile is unchanged (ie |
3230 | + non-enforcing) and upgrades where apparmor profile does not exist. |
3231 | + - debian/slapd.postrm: remove symlink in force-complain/ on purge |
3232 | + - debian/patches/fix-ucred-libc due to changes how newer glibc handle |
3233 | + the ucred struct now. |
3234 | + - debian/patches/fix-unique-overlay-assertion.patch: |
3235 | + Fix another assertion error in unique overlay (LP: #243337). |
3236 | + Backport from head. |
3237 | + - debian/patches/fix-gnutls-key-strength.patch: |
3238 | + Fix slapd handling of ssf using gnutls. (LP: #244925). |
3239 | + - debian/control: |
3240 | + Add time as build dependency: needed by make test. |
3241 | + * Dropped - implemented in Debian: |
3242 | + - debian/rules: |
3243 | + Support debuild nocheck option: don't run tests if nocheck is set. |
3244 | + |
3245 | + -- Mathias Gug <mathiaz@ubuntu.com> Thu, 10 Jul 2008 14:45:49 -0400 |
3246 | + |
3247 | openldap (2.4.10-2) unstable; urgency=low |
3248 | |
3249 | * Support DEB_BUILD_OPTIONS=nocheck to disable running the test suite at |
3250 | @@ -1480,6 +4363,54 @@ openldap (2.4.10-2) unstable; urgency=low |
3251 | |
3252 | -- Steve Langasek <vorlon@debian.org> Sun, 06 Jul 2008 22:03:32 -0700 |
3253 | |
3254 | +openldap2.3 (2.4.10-1ubuntu1) intrepid; urgency=low |
3255 | + |
3256 | + * Merge from debian unstable, remaining changes: |
3257 | + - debian/apparmor-profile: add AppArmor profile |
3258 | + - debian/slapd.postinst: Reload AA profile on configuration |
3259 | + - updated debian/slapd.README.Debian for note on AppArmor |
3260 | + - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6 |
3261 | + - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4 |
3262 | + to make sure that if earlier version of apparmour-profiles gets |
3263 | + installed it won't overwrite our profile. |
3264 | + - Modify Maintainer value to match the DebianMaintainerField |
3265 | + speficication. |
3266 | + - follow ApparmorProfileMigration and force apparmor compalin mode on |
3267 | + some upgrades (LP: #203529) |
3268 | + - debian/slapd.dirs: add etc/apparmor.d/force-complain |
3269 | + - debian/slapd.preinst: create symlink for force-complain on pre-feisty |
3270 | + upgrades, upgrades where apparmor-profiles profile is unchanged (ie |
3271 | + non-enforcing) and upgrades where apparmor profile does not exist. |
3272 | + - debian/slapd.postrm: remove symlink in force-complain/ on purge |
3273 | + - debian/patches/fix-ucred-libc due to changes how newer glibc handle |
3274 | + the ucred struct now. |
3275 | + - debian/patches/fix-unique-overlay-assertion.patch: |
3276 | + Fix another assertion error in unique overlay (LP: #243337). |
3277 | + Backport from head. |
3278 | + * debian/control: |
3279 | + - add time as build dependency: needed by make test. |
3280 | + * debian/rules: |
3281 | + - support debuild nocheck option: don't run tests if nocheck is set. |
3282 | + * debian/patches/fix-gnutls-key-strength.patch: |
3283 | + - fix slapd handling of ssf using gnutls. (LP: #244925). |
3284 | + * Dropped - accepted in Debian: |
3285 | + - debian/rules, debian/slapd.links: use hard links to slapd instead of |
3286 | + symlinks for slap* so these applications aren't confined by apparmor |
3287 | + (LP: #203898) |
3288 | + * Dropped - fixed in new upstream release: |
3289 | + - debian/patches/fix-assertion-io.patch: Fixes ber_flush2 assertion. |
3290 | + (LP: #215904) |
3291 | + - debian/patches/fix-dnpretty-assertion.patch: Fix dnPrettyNormal assertion |
3292 | + error. (LP: #234196) |
3293 | + - dropped debian/patches/fix-notify-crasher.patch: Fix modify timestamp crashes. |
3294 | + (LP: #220724) |
3295 | + - debian/patches/fix-syncrepl-oops: Fixes segmentation fault when using |
3296 | + syncrepl. (LP: #227178) |
3297 | + - dropped debian/patches/SECURITY_CVE-2008-0658.patch. Already applied |
3298 | + upstream. |
3299 | + |
3300 | + -- Mathias Gug <mathiaz@ubuntu.com> Thu, 03 Jul 2008 14:15:08 -0400 |
3301 | + |
3302 | openldap2.3 (2.4.10-1) unstable; urgency=low |
3303 | |
3304 | [ Steve Langasek ] |
3305 | @@ -1504,6 +4435,64 @@ openldap2.3 (2.4.10-1) unstable; urgency=low |
3306 | |
3307 | -- Steve Langasek <vorlon@debian.org> Mon, 30 Jun 2008 04:28:34 -0700 |
3308 | |
3309 | +openldap2.3 (2.4.9-1ubuntu4) intrepid; urgency=low |
3310 | + |
3311 | + * debian/patches/fix-unique-overlay-assertion.patch: |
3312 | + - Fix another assertion error in unique overlay, backported from head. |
3313 | + (LP: #243337) Note: This patch will still be needed when moved to 2.4.10 |
3314 | + |
3315 | + -- Chuck Short <zulcss@ubuntu.com> Mon, 30 Jun 2008 18:49:52 +0000 |
3316 | + |
3317 | +openldap2.3 (2.4.9-1ubuntu3) intrepid; urgency=low |
3318 | + |
3319 | + * Drop spurious dependency on hiemdal-dev. Caused by an aborted attempt to |
3320 | + include the smbk5pwd overlay. |
3321 | + |
3322 | + -- Chuck Short <zulcss@ubuntu.com> Wed, 11 Jun 2008 21:25:40 +0000 |
3323 | + |
3324 | +openldap2.3 (2.4.9-1ubuntu2) intrepid; urgency=low |
3325 | + |
3326 | + * Rebuild for perl 5.10 transition (LP: #230016) |
3327 | + * debian/patches/fix-syncrepl-oops: Fixes segmentation fault when using |
3328 | + syncrepl. (LP: #227178) |
3329 | + |
3330 | + -- Chuck Short <zulcss@ubuntu.com> Mon, 09 Jun 2008 14:56:40 +0000 |
3331 | + |
3332 | +openldap2.3 (2.4.9-1ubuntu1) intrepid; urgency=low |
3333 | + |
3334 | + * Merge from debian unstable, remaining changes: |
3335 | + - debian/apparmor-profile: add AppArmor profile |
3336 | + - debian/slapd.postinst: Reload AA profile on configuration |
3337 | + - updated debian/slapd.README.Debian for note on AppArmor |
3338 | + - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6 |
3339 | + - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4 |
3340 | + to make sure that if earlier version of apparmour-profiles gets |
3341 | + installed it won't overwrite our profile. |
3342 | + - Modify Maintainer value to match the DebianMaintainerField |
3343 | + speficication. |
3344 | + - follow ApparmorProfileMigration and force apparmor compalin mode on |
3345 | + some upgrades (LP: #203529) |
3346 | + - debian/slapd.dirs: add etc/apparmor.d/force-complain |
3347 | + - debian/slapd.preinst: create symlink for force-complain on pre-feisty |
3348 | + upgrades, upgrades where apparmor-profiles profile is unchanged (ie |
3349 | + non-enforcing) and upgrades where apparmor profile does not exist. |
3350 | + - debian/slapd.postrm: remove symlink in force-complain/ on purge |
3351 | + - debian/rules, debian/slapd.links: use hard links to slapd instead of |
3352 | + symlinks for slap* so these applications aren't confined by apparmor |
3353 | + (LP: #203898) |
3354 | + - debian/patches/fix-assertion-io.patch: Fixes ber_flush2 assertion. |
3355 | + (LP: #215904) |
3356 | + - debian/patches/fix-dnpretty-assertion.patch: Fix dnPrettyNormal assertion |
3357 | + error. (LP: #234196) |
3358 | + - dropped debian/patches/fix-notify-crasher.patch: Fix modify timestamp crashes. |
3359 | + (LP: #220724) |
3360 | + - dropped debian/patches/SECURITY_CVE-2008-0658.patch. Already applied |
3361 | + upstream. |
3362 | + * Added debian/patches/fix-ucred-libc due to changes how newer glibc handle |
3363 | + the ucred struct now. |
3364 | + |
3365 | + -- Chuck Short <zulcss@ubuntu.com> Fri, 30 May 2008 17:09:53 +0100 |
3366 | + |
3367 | openldap2.3 (2.4.9-1) unstable; urgency=low |
3368 | |
3369 | [ Updated debconf translations ] |
3370 | @@ -1574,6 +4563,51 @@ openldap2.3 (2.4.7-6.1) unstable; urgency=high |
3371 | |
3372 | -- Nico Golde <nion@debian.org> Tue, 04 Mar 2008 14:34:44 +0100 |
3373 | |
3374 | +openldap2.3 (2.4.7-6ubuntu3) hardy; urgency=low |
3375 | + |
3376 | + * remove apparmor-profile workaround for Launchpad #202161 (it's now fixed |
3377 | + in klibc) |
3378 | + |
3379 | + -- Jamie Strandboge <jamie@ubuntu.com> Mon, 07 Apr 2008 16:09:38 -0400 |
3380 | + |
3381 | +openldap2.3 (2.4.7-6ubuntu2) hardy; urgency=low |
3382 | + |
3383 | + * apparmor-profile workaround for Launchpad #202161 |
3384 | + * follow ApparmorProfileMigration and force apparmor complain mode on some |
3385 | + upgrades (LP: #203529) |
3386 | + - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6 |
3387 | + - debian/slapd.dirs: add etc/apparmor.d/force-complain |
3388 | + - debian/slapd.preinst: create symlink for force-complain/ on pre-feisty |
3389 | + upgrades, upgrades where apparmor-profiles profile is unchanged (ie |
3390 | + non-enforcing) and upgrades where apparmor profile does not exist |
3391 | + - debian/slapd.postrm: remove symlink in force-complain/ on purge |
3392 | + * debian/rules, debian/slapd.links: use hard links to slapd instead of |
3393 | + symlinks for slap* so these applications aren't confined by apparmor |
3394 | + (LP: #203898) |
3395 | + |
3396 | + -- Jamie Strandboge <jamie@ubuntu.com> Tue, 18 Mar 2008 13:53:23 -0400 |
3397 | + |
3398 | +openldap2.3 (2.4.7-6ubuntu1) hardy; urgency=low |
3399 | + |
3400 | + * Merge from Debian unstable, remaining changes: |
3401 | + + debian/patches/SECURITY_CVE-2008-0658.patch (LP: #197077) |
3402 | + slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39 |
3403 | + allows remote authenticated users to cause a denial of service (daemon |
3404 | + crash) via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION) |
3405 | + control, a related issue to CVE-2007-6698. |
3406 | + + debian/apparmor-profile: add AppArmor profile |
3407 | + + debian/slapd.postinst: Reload AA profile on configuration |
3408 | + + updated debian/slapd.README.Debian for note on AppArmor |
3409 | + + debian/control: Replaces apparmor-profiles << 2.1+1075-0ubuntu4 as we |
3410 | + should now take control |
3411 | + + debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4 |
3412 | + to make sure that if earlier version of apparmor-profiles gets |
3413 | + installed it won't overwrite our profile |
3414 | + + Modify Maintainer value to match the DebianMaintainerField |
3415 | + specification. |
3416 | + |
3417 | + -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 04 Mar 2008 01:59:51 +0000 |
3418 | + |
3419 | openldap2.3 (2.4.7-6) unstable; urgency=low |
3420 | |
3421 | [ Updated debconf translations ] |
3422 | @@ -1619,6 +4653,37 @@ openldap2.3 (2.4.7-6) unstable; urgency=low |
3423 | |
3424 | -- Steve Langasek <vorlon@debian.org> Thu, 28 Feb 2008 22:15:17 -0800 |
3425 | |
3426 | +openldap2.3 (2.4.7-5ubuntu2) hardy; urgency=low |
3427 | + |
3428 | + * SECURITY UPDATE: |
3429 | + + debian/patches/SECURITY_CVE-2008-0658.patch (LP: #197077) |
3430 | + slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39 |
3431 | + allows remote authenticated users to cause a denial of service (daemon crash) |
3432 | + via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION) control, a related |
3433 | + issue to CVE-2007-6698. |
3434 | + |
3435 | + * References |
3436 | + - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-0658 |
3437 | + - http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5358 |
3438 | + |
3439 | + -- Emanuele Gentili <emgent@emanuele-gentili.com> Sun, 02 Mar 2008 16:34:30 +0100 |
3440 | + |
3441 | +openldap2.3 (2.4.7-5ubuntu1) hardy; urgency=low |
3442 | + |
3443 | + * add AppArmor profile |
3444 | + + debian/apparmor-profile |
3445 | + + debian/slapd.postinst: Reload AA profile on configuration |
3446 | + * updated debian/slapd.README.Debian for note on AppArmor |
3447 | + * debian/control: Replaces apparmor-profiles << 2.1+1075-0ubuntu4 as we |
3448 | + should now take control |
3449 | + * debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4 |
3450 | + to make sure that if earlier version of apparmor-profiles gets installed |
3451 | + it won't overwrite our profile |
3452 | + * Modify Maintainer value to match the DebianMaintainerField |
3453 | + specification. |
3454 | + |
3455 | + -- Jamie Strandboge <jamie@ubuntu.com> Wed, 13 Feb 2008 17:15:41 +0000 |
3456 | + |
3457 | openldap2.3 (2.4.7-5) unstable; urgency=low |
3458 | |
3459 | [ Updated debconf translations ] |
3460 | diff --git a/debian/control b/debian/control |
3461 | index 961e6de..5215f21 100644 |
3462 | --- a/debian/control |
3463 | +++ b/debian/control |
3464 | @@ -1,12 +1,14 @@ |
3465 | Source: openldap |
3466 | Section: net |
3467 | Priority: optional |
3468 | -Maintainer: Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org> |
3469 | +Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com> |
3470 | +XSBC-Original-Maintainer: Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org> |
3471 | Uploaders: Steve Langasek <vorlon@debian.org>, |
3472 | Torsten Landschoff <torsten@debian.org>, |
3473 | Ryan Tandy <ryan@nardis.ca>, |
3474 | Sergio Durigan Junior <sergiodj@debian.org> |
3475 | Build-Depends: debhelper-compat (= 13), |
3476 | + dh-apparmor, |
3477 | dpkg-dev (>= 1.17.14), |
3478 | groff-base, |
3479 | heimdal-multidev (>= 7.4.0.dfsg.1-1~) <!pkg.openldap.noslapd>, |
3480 | @@ -43,7 +45,7 @@ Depends: ${shlibs:Depends}, libldap2 (= ${binary:Version}), |
3481 | coreutils (>= 4.5.1-1), psmisc, perl:any (>> 5.8.0) | libmime-base64-perl, |
3482 | adduser, ${perl:Depends}, ${misc:Depends} |
3483 | Recommends: ldap-utils |
3484 | -Suggests: libsasl2-modules, |
3485 | +Suggests: libsasl2-modules, ufw, |
3486 | libsasl2-modules-gssapi-mit | libsasl2-modules-gssapi-heimdal |
3487 | Conflicts: umich-ldapd, ldap-server, libltdl3 (= 1.5.4-1) |
3488 | Replaces: ldap-utils (<< 2.2.23-3) |
3489 | diff --git a/debian/rules b/debian/rules |
3490 | index 3fab06f..8039111 100755 |
3491 | --- a/debian/rules |
3492 | +++ b/debian/rules |
3493 | @@ -11,7 +11,7 @@ export DEB_CFLAGS_MAINT_APPEND := -Wall -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE |
3494 | export DEB_BUILD_MAINT_OPTIONS := hardening=+all |
3495 | |
3496 | # Expose maintainer address to build/mkversion (see debian/patches/set-maintainer-name) |
3497 | -export DEB_MAINTAINER := $(shell sed -ne 's/Maintainer:\s\+//p' debian/control) |
3498 | +export DEB_MAINTAINER := $(shell sed -ne 's/^Maintainer:\s\+//p' debian/control) |
3499 | |
3500 | # Expose DEB_VERSION to build/version.sh (see debian/patches/debian-version) |
3501 | export DEB_VERSION |
3502 | @@ -124,6 +124,22 @@ endif |
3503 | find $(installdir)/usr/share/man -name \*.8 \ |
3504 | | xargs perl -pi -e 's#(\.TH \w+ 8)C#$$1#' |
3505 | |
3506 | +ifeq ($(filter stage1,$(DEB_BUILD_PROFILES)),) |
3507 | +override_dh_install-arch: |
3508 | + dh_install |
3509 | + |
3510 | + # install AppArmor profile |
3511 | + install -D -m 644 $(CURDIR)/debian/apparmor-profile $(CURDIR)/debian/slapd/etc/apparmor.d/usr.sbin.slapd |
3512 | + |
3513 | + # install Apport hook |
3514 | + install -D -m 644 $(CURDIR)/debian/slapd.py $(CURDIR)/debian/slapd/usr/share/apport/package-hooks/slapd.py |
3515 | + |
3516 | + # install ufw profile |
3517 | + install -D -m 644 $(CURDIR)/debian/slapd.ufw.profile $(CURDIR)/debian/slapd/etc/ufw/applications.d/slapd |
3518 | + |
3519 | + dh_apparmor -pslapd --profile-name=usr.sbin.slapd |
3520 | +endif |
3521 | + |
3522 | override_dh_installinit: |
3523 | dh_installinit --no-restart-after-upgrade --error-handler=ignore_init_failure -- "defaults 19 80" |
3524 | |
3525 | diff --git a/debian/slapd.README.Debian b/debian/slapd.README.Debian |
3526 | index ff7d66b..a4f3f55 100644 |
3527 | --- a/debian/slapd.README.Debian |
3528 | +++ b/debian/slapd.README.Debian |
3529 | @@ -252,6 +252,17 @@ Modifications Compared to Upstream |
3530 | |
3531 | -- Russ Allbery <rra@debian.org>, Thu, 14 Feb 2008 18:47:07 -0800 |
3532 | |
3533 | +Apparmor Profile |
3534 | +---------------- |
3535 | + |
3536 | + If your system uses AppArmor, please note that the shipped enforcing profile |
3537 | + works with the default installation, and changes in your configuration may |
3538 | + require changes to the installed apparmor profile. Please see |
3539 | + https://wiki.ubuntu.com/DebuggingApparmor before filing a bug against this |
3540 | + software. |
3541 | + |
3542 | + -- Jamie Strandboge <jamie@ubuntu.com>, Mon, 4 Feb 2008 21:18:21 -0500 |
3543 | + |
3544 | Migrating your installation to OpenLDAP 2.5.x |
3545 | |
3546 | OpenLDAP 2.5 is a major new release and includes several incompatible |
3547 | diff --git a/debian/slapd.py b/debian/slapd.py |
3548 | new file mode 100644 |
3549 | index 0000000..b1aed25 |
3550 | --- /dev/null |
3551 | +++ b/debian/slapd.py |
3552 | @@ -0,0 +1,51 @@ |
3553 | +#!/usr/bin/python3 |
3554 | + |
3555 | +'''apport hook for slapd |
3556 | + |
3557 | +(c) 2010 Adam Sommer. |
3558 | +Author: Adam Sommer <asommer@ubuntu.com> |
3559 | + |
3560 | +This program is free software; you can redistribute it and/or modify it |
3561 | +under the terms of the GNU General Public License as published by the |
3562 | +Free Software Foundation; either version 2 of the License, or (at your |
3563 | +option) any later version. See http://www.gnu.org/copyleft/gpl.html for |
3564 | +the full text of the license. |
3565 | +''' |
3566 | + |
3567 | +from apport.hookutils import * |
3568 | +import os |
3569 | + |
3570 | +# Scrub olcRootPW attribute and credentials strings if necessary. |
3571 | +def scrub_pass_strings(config): |
3572 | + olcrootpw_regex = re.compile('olcRootPW:.*') |
3573 | + olcrootpw_string = olcrootpw_regex.search(config) |
3574 | + if olcrootpw_string: |
3575 | + config = config.replace(olcrootpw_string.group(0), 'olcRootPW: @@APPORTREPLACED@@') |
3576 | + |
3577 | + credentials_regex = re.compile('credentials=.* ') |
3578 | + credentials_string = credentials_regex.search(config) |
3579 | + if credentials_string: |
3580 | + config = config.replace(credentials_string.group(0), 'credentials=@@APPORTREPLACED@@ ') |
3581 | + |
3582 | + return config |
3583 | + |
3584 | +def add_info(report, ui): |
3585 | + response = ui.yesno("The contents of your /etc/ldap/slapd.d directory " |
3586 | + "may help developers diagnose your bug more " |
3587 | + "quickly. However, it may contain sensitive " |
3588 | + "information. Do you want to include it in your " |
3589 | + "bug report?") |
3590 | + |
3591 | + if response == None: # user cancelled |
3592 | + raise StopIteration |
3593 | + |
3594 | + elif response == True: |
3595 | + # Get the cn=config tree. |
3596 | + cn_config = root_command_output(['/usr/bin/ldapsearch', '-Q', '-LLL', '-Y EXTERNAL', '-H ldapi:///', '-b cn=config']) |
3597 | + report['CNConfig'] = scrub_pass_strings(cn_config) |
3598 | + |
3599 | + # Get slapd messages from /var/log/syslog |
3600 | + slapd_re = re.compile('slapd', re.IGNORECASE) |
3601 | + report['SysLog'] = recent_syslog(slapd_re) |
3602 | + |
3603 | + attach_mac_events(report, '/usr/sbin/slapd') |
3604 | diff --git a/debian/slapd.ufw.profile b/debian/slapd.ufw.profile |
3605 | new file mode 100644 |
3606 | index 0000000..3c4f676 |
3607 | --- /dev/null |
3608 | +++ b/debian/slapd.ufw.profile |
3609 | @@ -0,0 +1,9 @@ |
3610 | +[OpenLDAP LDAP] |
3611 | +title=OpenLDAP with TLS |
3612 | +description=OpenLDAP is a free, fast, lightweight LDAP server |
3613 | +ports=389/tcp |
3614 | + |
3615 | +[OpenLDAP LDAPS] |
3616 | +title=OpenLDAP over SSL |
3617 | +description=OpenLDAP is a free, fast, lightweight LDAP server |
3618 | +ports=636/tcp |
3619 | diff --git a/debian/tests/smbk5pwd b/debian/tests/smbk5pwd |
3620 | index aeb5f81..aaafdbe 100755 |
3621 | --- a/debian/tests/smbk5pwd |
3622 | +++ b/debian/tests/smbk5pwd |
3623 | @@ -9,6 +9,20 @@ schema2ldif /etc/ldap/schema/hdb.schema | ldapadd -H ldapi:// -Y EXTERNAL |
3624 | chgrp openldap /var/lib/heimdal-kdc /var/lib/heimdal-kdc/*key |
3625 | chmod g+rX /var/lib/heimdal-kdc /var/lib/heimdal-kdc/*key |
3626 | |
3627 | +apparmor_profile="/etc/apparmor.d/usr.sbin.slapd" |
3628 | +if [ -f "${apparmor_profile}" ]; then |
3629 | + if aa-status --enabled 2>/dev/null; then |
3630 | + # Adjust apparmor so slapd can read the heimdal master key |
3631 | + cat >> /etc/apparmor.d/local/usr.sbin.slapd <<EOF |
3632 | + /var/lib/heimdal-kdc/m-key rk, |
3633 | +EOF |
3634 | + apparmor_parser -r -W -T "${apparmor_profile}" || { |
3635 | + # this failure may happen on armhf in Canonical infrastructure, see #1991141 |
3636 | + echo "Failed to reload the ${apparmor_profile} apparmor profile, continuing anyway." |
3637 | + } |
3638 | + fi |
3639 | +fi |
3640 | + |
3641 | # Instantiate the smbk5pwd overlay |
3642 | ldapmodify -H ldapi:// -Y EXTERNAL << eof |
3643 | dn: cn=module{0},cn=config |
FWIW, the regression being fixed is this one:
https:/ /bugs.openldap. org/show_ bug.cgi? id=10045
It can cause slapd to abruptly terminate in certain occasions.