Merge ~sergiodj/ubuntu/+source/openldap:merge-2.6.6-dfsg-1-mantic into ubuntu/+source/openldap:debian/experimental
- Git
- lp:~sergiodj/ubuntu/+source/openldap
- merge-2.6.6-dfsg-1-mantic
- Merge into debian/experimental
Status: | Merged | ||||
---|---|---|---|---|---|
Merge reported by: | Sergio Durigan Junior | ||||
Merged at revision: | e67fe169e961d770845e914e22b7dda6d7b9d6c6 | ||||
Proposed branch: | ~sergiodj/ubuntu/+source/openldap:merge-2.6.6-dfsg-1-mantic | ||||
Merge into: | ubuntu/+source/openldap:debian/experimental | ||||
Diff against target: |
3643 lines (+3232/-3) 8 files modified
debian/apparmor-profile (+61/-0) debian/changelog (+3065/-0) debian/control (+4/-2) debian/rules (+17/-1) debian/slapd.README.Debian (+11/-0) debian/slapd.py (+51/-0) debian/slapd.ufw.profile (+9/-0) debian/tests/smbk5pwd (+14/-0) |
||||
Related bugs: |
|
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Andreas Hasenack | Approve | ||
Canonical Server Reporter | Pending | ||
Review via email: mp+448302@code.launchpad.net |
Commit message
Description of the change
This is the merge of OpenLDAP 2.6.6 from Debian experimental.
It's a trivial merge that fixes a regression introduced by 2.6.5. No deltas were dropped this time.
PPA: https:/
dep8 results will be posted later.
Sergio Durigan Junior (sergiodj) wrote : | # |
Sergio Durigan Junior (sergiodj) wrote : | # |
It seems that I'm having a bad luck when doing merges lately... You will find that OpenLDAP is FTBFSing in the PPA. I tracked down this problem to a recent change in cyrus-sasl2. I filed a Debian bug and will work with the maintainer to get things working again. Feel free to review the MP, though. Thanks.
Sergio Durigan Junior (sergiodj) wrote : | # |
The cyrus-sasl2 bug has been fixed in Debian/Ubuntu and the openldap builds are passing now. This MP is ready for review.
Sergio Durigan Junior (sergiodj) wrote : | # |
Results: (from http://
openldap @ amd64:
04.08.23 18:45:32 Log 🗒️ ✅ Triggers: openldap/
openldap @ armhf:
04.08.23 18:44:40 Log 🗒️ ✅ Triggers: openldap/
openldap @ ppc64el:
04.08.23 18:41:51 Log 🗒️ ✅ Triggers: openldap/
openldap @ s390x:
04.08.23 18:41:36 Log 🗒️ ✅ Triggers: openldap/
The arm64 test is stuck updating the kernel, which is unrelated to openldap.
Andreas Hasenack (ahasenack) wrote : | # |
range-diff is clean, no delta change
new upstream 2.6.6 CHANGES file is ok
+1
Sergio Durigan Junior (sergiodj) wrote : | # |
On Friday, August 04 2023, Andreas Hasenack wrote:
> range-diff is clean, no delta change
>
> new upstream 2.6.6 CHANGES file is ok
>
> +1
Thanks. Uploaded:
$ dput openldap_
Trying to upload package to ubuntu
Checking signature on .changes
gpg: /home/sergio/
Checking signature on .dsc
gpg: /home/sergio/
Uploading to ubuntu (via ftp to upload.ubuntu.com):
Uploading openldap_
Uploading openldap_
Uploading openldap_
Uploading openldap_
Uploading openldap_
Successfully uploaded packages.
--
Sergio
GPG key ID: E92F D0B3 6B14 F1F4 D8E0 EB2F 106D A1C8 C3CB BF14
Preview Diff
1 | diff --git a/debian/apparmor-profile b/debian/apparmor-profile | |||
2 | 0 | new file mode 100644 | 0 | new file mode 100644 |
3 | index 0000000..6a247aa | |||
4 | --- /dev/null | |||
5 | +++ b/debian/apparmor-profile | |||
6 | @@ -0,0 +1,61 @@ | |||
7 | 1 | # vim:syntax=apparmor | ||
8 | 2 | # Last Modified: Fri Jun 6 13:51:00 2020 | ||
9 | 3 | # Author: Jamie Strandboge <jamie@ubuntu.com> | ||
10 | 4 | |||
11 | 5 | #include <tunables/global> | ||
12 | 6 | |||
13 | 7 | /usr/sbin/slapd { | ||
14 | 8 | #include <abstractions/base> | ||
15 | 9 | #include <abstractions/nameservice> | ||
16 | 10 | #include <abstractions/p11-kit> | ||
17 | 11 | |||
18 | 12 | #include <abstractions/ssl_keys> | ||
19 | 13 | #include <abstractions/ssl_certs> | ||
20 | 14 | |||
21 | 15 | /etc/sasldb2 r, | ||
22 | 16 | |||
23 | 17 | capability dac_override, | ||
24 | 18 | capability net_bind_service, | ||
25 | 19 | capability setgid, | ||
26 | 20 | capability setuid, | ||
27 | 21 | |||
28 | 22 | /etc/gai.conf r, | ||
29 | 23 | /etc/hosts.allow r, | ||
30 | 24 | /etc/hosts.deny r, | ||
31 | 25 | |||
32 | 26 | # ldap files | ||
33 | 27 | /etc/ldap/** kr, | ||
34 | 28 | /etc/ldap/slapd.d/** rw, | ||
35 | 29 | |||
36 | 30 | # kerberos/gssapi | ||
37 | 31 | /dev/tty rw, | ||
38 | 32 | /etc/gss/mech.d/ r, | ||
39 | 33 | /etc/gss/mech.d/* kr, | ||
40 | 34 | /etc/krb5.keytab kr, | ||
41 | 35 | /etc/krb5/user/*/client.keytab kr, | ||
42 | 36 | owner /tmp/krb5cc_* rwk, | ||
43 | 37 | owner /var/tmp/krb5_*.rcache2 rwk, | ||
44 | 38 | /var/tmp/ rw, | ||
45 | 39 | /var/tmp/** rw, | ||
46 | 40 | |||
47 | 41 | # the databases and logs | ||
48 | 42 | /var/lib/ldap/ r, | ||
49 | 43 | /var/lib/ldap/** rwk, | ||
50 | 44 | |||
51 | 45 | # lock file | ||
52 | 46 | /var/lib/ldap/alock kw, | ||
53 | 47 | |||
54 | 48 | # pid files and sockets | ||
55 | 49 | /{,var/}run/slapd/* w, | ||
56 | 50 | /{,var/}run/slapd/ldapi rw, | ||
57 | 51 | /{,var/}run/nslcd/socket rw, | ||
58 | 52 | /{,var/}run/saslauthd/mux rw, | ||
59 | 53 | |||
60 | 54 | /usr/lib/ldap/ r, | ||
61 | 55 | /usr/lib/ldap/* mr, | ||
62 | 56 | |||
63 | 57 | /usr/sbin/slapd mr, | ||
64 | 58 | |||
65 | 59 | # Site-specific additions and overrides. See local/README for details. | ||
66 | 60 | #include <local/usr.sbin.slapd> | ||
67 | 61 | } | ||
68 | diff --git a/debian/changelog b/debian/changelog | |||
69 | index b654a02..8945ee5 100644 | |||
70 | --- a/debian/changelog | |||
71 | +++ b/debian/changelog | |||
72 | @@ -1,9 +1,62 @@ | |||
73 | 1 | openldap (2.6.6+dfsg-1~exp1ubuntu1) mantic; urgency=medium | ||
74 | 2 | |||
75 | 3 | * Merge with Debian unstable (LP: #2028721). Remaining changes: | ||
76 | 4 | - Enable AppArmor support: | ||
77 | 5 | + d/apparmor-profile: add AppArmor profile | ||
78 | 6 | + d/rules: use dh_apparmor | ||
79 | 7 | + d/control: Build-Depends on dh-apparmor | ||
80 | 8 | + d/slapd.README.Debian: add note about AppArmor | ||
81 | 9 | - Enable ufw support: | ||
82 | 10 | + d/control: suggest ufw. | ||
83 | 11 | + d/rules: install ufw profile. | ||
84 | 12 | + d/slapd.ufw.profile: add ufw profile. | ||
85 | 13 | - d/{rules,slapd.py}: Add apport hook. | ||
86 | 14 | - d/rules: better regexp to match the Maintainer tag in d/control, | ||
87 | 15 | needed in the Ubuntu case because of XSBC-Original-Maintainer | ||
88 | 16 | (Closes #960448, LP #1875697) | ||
89 | 17 | - d/t/smbk5pwd: Allow the openldap user to read the Heimdal master key in the | ||
90 | 18 | smbk5pwd DEP8 test (LP #2004560) | ||
91 | 19 | [ Partially incorporated by Debian. ] | ||
92 | 20 | |||
93 | 21 | -- Sergio Durigan Junior <sergio.durigan@canonical.com> Wed, 02 Aug 2023 19:53:17 -0400 | ||
94 | 22 | |||
95 | 1 | openldap (2.6.6+dfsg-1~exp1) experimental; urgency=medium | 23 | openldap (2.6.6+dfsg-1~exp1) experimental; urgency=medium |
96 | 2 | 24 | ||
97 | 3 | * New upstream version 2.6.6+dfsg | 25 | * New upstream version 2.6.6+dfsg |
98 | 4 | 26 | ||
99 | 5 | -- Sergio Durigan Junior <sergiodj@debian.org> Mon, 31 Jul 2023 18:24:38 -0400 | 27 | -- Sergio Durigan Junior <sergiodj@debian.org> Mon, 31 Jul 2023 18:24:38 -0400 |
100 | 6 | 28 | ||
101 | 29 | openldap (2.6.5+dfsg-1~exp1ubuntu1) mantic; urgency=medium | ||
102 | 30 | |||
103 | 31 | * Merge with Debian unstable (LP: #2028721). Remaining changes: | ||
104 | 32 | - Enable AppArmor support: | ||
105 | 33 | + d/apparmor-profile: add AppArmor profile | ||
106 | 34 | + d/rules: use dh_apparmor | ||
107 | 35 | + d/control: Build-Depends on dh-apparmor | ||
108 | 36 | + d/slapd.README.Debian: add note about AppArmor | ||
109 | 37 | - Enable ufw support: | ||
110 | 38 | + d/control: suggest ufw. | ||
111 | 39 | + d/rules: install ufw profile. | ||
112 | 40 | + d/slapd.ufw.profile: add ufw profile. | ||
113 | 41 | - d/{rules,slapd.py}: Add apport hook. | ||
114 | 42 | - d/rules: better regexp to match the Maintainer tag in d/control, | ||
115 | 43 | needed in the Ubuntu case because of XSBC-Original-Maintainer | ||
116 | 44 | (Closes #960448, LP #1875697) | ||
117 | 45 | - d/t/smbk5pwd: Allow the openldap user to read the Heimdal master key in the | ||
118 | 46 | smbk5pwd DEP8 test (LP #2004560) | ||
119 | 47 | [ Partially incorporated by Debian. ] | ||
120 | 48 | * Drop changes: | ||
121 | 49 | - Build the passwd/sha2 contrib module with -fno-strict-aliasing to | ||
122 | 50 | avoid computing an incorrect SHA256 hash with some versions of the | ||
123 | 51 | compiler (LP: #2000817): | ||
124 | 52 | + d/t/{control,sha2-contrib}: test to verify the SHA256 hash | ||
125 | 53 | produced by passwd/sha2 | ||
126 | 54 | + d/rules: set -fno-strict-aliasing only when building the | ||
127 | 55 | passwd/sha2 contrib module | ||
128 | 56 | [ Incorporated by Debian. ] | ||
129 | 57 | |||
130 | 58 | -- Sergio Durigan Junior <sergio.durigan@canonical.com> Thu, 27 Jul 2023 13:18:18 -0400 | ||
131 | 59 | |||
132 | 7 | openldap (2.6.5+dfsg-1~exp1) experimental; urgency=medium | 60 | openldap (2.6.5+dfsg-1~exp1) experimental; urgency=medium |
133 | 8 | 61 | ||
134 | 9 | [ Sergio Durigan Junior ] | 62 | [ Sergio Durigan Junior ] |
135 | @@ -39,12 +92,79 @@ openldap (2.6.5+dfsg-1~exp1) experimental; urgency=medium | |||
136 | 39 | 92 | ||
137 | 40 | -- Sergio Durigan Junior <sergiodj@debian.org> Mon, 24 Jul 2023 19:26:16 -0400 | 93 | -- Sergio Durigan Junior <sergiodj@debian.org> Mon, 24 Jul 2023 19:26:16 -0400 |
138 | 41 | 94 | ||
139 | 95 | openldap (2.6.4+dfsg-1~exp1ubuntu1) mantic; urgency=medium | ||
140 | 96 | |||
141 | 97 | * Merge with Debian unstable (LP: #2018093). Remaining changes: | ||
142 | 98 | - Enable AppArmor support: | ||
143 | 99 | + d/apparmor-profile: add AppArmor profile | ||
144 | 100 | + d/rules: use dh_apparmor | ||
145 | 101 | + d/control: Build-Depends on dh-apparmor | ||
146 | 102 | + d/slapd.README.Debian: add note about AppArmor | ||
147 | 103 | - Enable ufw support: | ||
148 | 104 | + d/control: suggest ufw. | ||
149 | 105 | + d/rules: install ufw profile. | ||
150 | 106 | + d/slapd.ufw.profile: add ufw profile. | ||
151 | 107 | - d/{rules,slapd.py}: Add apport hook. | ||
152 | 108 | - d/rules: better regexp to match the Maintainer tag in d/control, | ||
153 | 109 | needed in the Ubuntu case because of XSBC-Original-Maintainer | ||
154 | 110 | (Closes #960448, LP #1875697) | ||
155 | 111 | - Build the passwd/sha2 contrib module with -fno-strict-aliasing to | ||
156 | 112 | avoid computing an incorrect SHA256 hash with some versions of the | ||
157 | 113 | compiler (LP #2000817): | ||
158 | 114 | + d/t/{control,sha2-contrib}: test to verify the SHA256 hash | ||
159 | 115 | produced by passwd/sha2 | ||
160 | 116 | + d/rules: set -fno-strict-aliasing only when building the | ||
161 | 117 | passwd/sha2 contrib module | ||
162 | 118 | - d/t/smbk5pwd: Allow the openldap user to read the Heimdal master key in the | ||
163 | 119 | smbk5pwd DEP8 test (LP #2004560) | ||
164 | 120 | |||
165 | 121 | -- Sergio Durigan Junior <sergio.durigan@canonical.com> Wed, 21 Jun 2023 14:48:31 -0400 | ||
166 | 122 | |||
167 | 42 | openldap (2.6.4+dfsg-1~exp1) experimental; urgency=medium | 123 | openldap (2.6.4+dfsg-1~exp1) experimental; urgency=medium |
168 | 43 | 124 | ||
169 | 44 | * New upstream version 2.6.4+dfsg. | 125 | * New upstream version 2.6.4+dfsg. |
170 | 45 | 126 | ||
171 | 46 | -- Sergio Durigan Junior <sergiodj@debian.org> Sat, 04 Mar 2023 16:35:10 -0500 | 127 | -- Sergio Durigan Junior <sergiodj@debian.org> Sat, 04 Mar 2023 16:35:10 -0500 |
172 | 47 | 128 | ||
173 | 129 | openldap (2.6.3+dfsg-1~exp1ubuntu2) lunar; urgency=medium | ||
174 | 130 | |||
175 | 131 | * Build the passwd/sha2 contrib module with -fno-strict-aliasing to | ||
176 | 132 | avoid computing an incorrect SHA256 hash with some versions of the | ||
177 | 133 | compiler (LP: #2000817): | ||
178 | 134 | - d/t/{control,sha2-contrib}: test to verify the SHA256 hash | ||
179 | 135 | produced by passwd/sha2 | ||
180 | 136 | - d/rules: set -fno-strict-aliasing only when building the | ||
181 | 137 | passwd/sha2 contrib module | ||
182 | 138 | * d/t/smbk5pwd: Allow the openldap user to read the Heimdal master key in the | ||
183 | 139 | smbk5pwd DEP8 test (LP: #2004560) | ||
184 | 140 | |||
185 | 141 | -- Andreas Hasenack <andreas@canonical.com> Fri, 03 Feb 2023 09:33:14 -0300 | ||
186 | 142 | |||
187 | 143 | openldap (2.6.3+dfsg-1~exp1ubuntu1) lunar; urgency=medium | ||
188 | 144 | |||
189 | 145 | * Merge with Debian unstable (LP: #1993426). Remaining changes: | ||
190 | 146 | - Enable AppArmor support: | ||
191 | 147 | + d/apparmor-profile: add AppArmor profile | ||
192 | 148 | + d/rules: use dh_apparmor | ||
193 | 149 | + d/control: Build-Depends on dh-apparmor | ||
194 | 150 | + d/slapd.README.Debian: add note about AppArmor | ||
195 | 151 | - Enable ufw support: | ||
196 | 152 | + d/control: suggest ufw. | ||
197 | 153 | + d/rules: install ufw profile. | ||
198 | 154 | + d/slapd.ufw.profile: add ufw profile. | ||
199 | 155 | - d/{rules,slapd.py}: Add apport hook. | ||
200 | 156 | - d/rules: better regexp to match the Maintainer tag in d/control, | ||
201 | 157 | needed in the Ubuntu case because of XSBC-Original-Maintainer | ||
202 | 158 | (Closes #960448, LP #1875697) | ||
203 | 159 | * Drop changes: | ||
204 | 160 | - Enable SASL/GSSAPI tests. (LP #1976508) | ||
205 | 161 | + d/control: Update B-D to include required dependencies needed to run | ||
206 | 162 | SASL/GSSAPI tests during build time, and mark them "!nocheck". | ||
207 | 163 | Thanks: Andreas Hasenack <andreas.hasenack@canonical.com> | ||
208 | 164 | [ Incorporated by Debian. ] | ||
209 | 165 | |||
210 | 166 | -- Sergio Durigan Junior <sergio.durigan@canonical.com> Fri, 18 Nov 2022 16:07:45 -0500 | ||
211 | 167 | |||
212 | 48 | openldap (2.6.3+dfsg-1~exp1) experimental; urgency=medium | 168 | openldap (2.6.3+dfsg-1~exp1) experimental; urgency=medium |
213 | 49 | 169 | ||
214 | 50 | * d/rules: Remove get-orig-source, now unnecessary. | 170 | * d/rules: Remove get-orig-source, now unnecessary. |
215 | @@ -94,6 +214,94 @@ openldap (2.6.2+dfsg-1~exp1) experimental; urgency=medium | |||
216 | 94 | 214 | ||
217 | 95 | -- Sergio Durigan Junior <sergiodj@debian.org> Fri, 20 May 2022 17:41:04 -0400 | 215 | -- Sergio Durigan Junior <sergiodj@debian.org> Fri, 20 May 2022 17:41:04 -0400 |
218 | 96 | 216 | ||
219 | 217 | openldap (2.5.13+dfsg-1ubuntu2) lunar; urgency=medium | ||
220 | 218 | |||
221 | 219 | * Rebuild against new perlapi-5.36. | ||
222 | 220 | |||
223 | 221 | -- Gianfranco Costamagna <locutusofborg@debian.org> Fri, 04 Nov 2022 16:50:13 +0100 | ||
224 | 222 | |||
225 | 223 | openldap (2.5.13+dfsg-1ubuntu1) kinetic; urgency=medium | ||
226 | 224 | |||
227 | 225 | * Merge with Debian unstable (LP: #1983618). Remaining changes: | ||
228 | 226 | - Enable AppArmor support: | ||
229 | 227 | + d/apparmor-profile: add AppArmor profile | ||
230 | 228 | + d/rules: use dh_apparmor | ||
231 | 229 | + d/control: Build-Depends on dh-apparmor | ||
232 | 230 | + d/slapd.README.Debian: add note about AppArmor | ||
233 | 231 | - Enable ufw support: | ||
234 | 232 | + d/control: suggest ufw. | ||
235 | 233 | + d/rules: install ufw profile. | ||
236 | 234 | + d/slapd.ufw.profile: add ufw profile. | ||
237 | 235 | - d/{rules,slapd.py}: Add apport hook. | ||
238 | 236 | - d/rules: better regexp to match the Maintainer tag in d/control, | ||
239 | 237 | needed in the Ubuntu case because of XSBC-Original-Maintainer | ||
240 | 238 | (Closes #960448, LP #1875697) | ||
241 | 239 | - Enable SASL/GSSAPI tests. (LP #1976508) | ||
242 | 240 | + d/control: Update B-D to include required dependencies needed to run | ||
243 | 241 | SASL/GSSAPI tests during build time, and mark them "!nocheck". | ||
244 | 242 | Thanks: Andreas Hasenack <andreas.hasenack@canonical.com> | ||
245 | 243 | |||
246 | 244 | -- Sergio Durigan Junior <sergio.durigan@canonical.com> Tue, 20 Sep 2022 15:30:47 -0400 | ||
247 | 245 | |||
248 | 246 | openldap (2.5.12+dfsg-2ubuntu2) kinetic; urgency=medium | ||
249 | 247 | |||
250 | 248 | * Enable SASL/GSSAPI tests. (LP: #1976508) | ||
251 | 249 | - d/control: Update B-D to include required dependencies needed to run | ||
252 | 250 | SASL/GSSAPI tests during build time, and mark them "!nocheck". | ||
253 | 251 | Thanks: Andreas Hasenack <andreas.hasenack@canonical.com> | ||
254 | 252 | |||
255 | 253 | -- Sergio Durigan Junior <sergio.durigan@canonical.com> Thu, 25 Aug 2022 16:20:08 -0400 | ||
256 | 254 | |||
257 | 255 | openldap (2.5.12+dfsg-2ubuntu1) kinetic; urgency=medium | ||
258 | 256 | |||
259 | 257 | * Merge with Debian unstable (LP: #1971305). Remaining changes: | ||
260 | 258 | - Enable AppArmor support: | ||
261 | 259 | + d/apparmor-profile: add AppArmor profile | ||
262 | 260 | + d/rules: use dh_apparmor | ||
263 | 261 | + d/control: Build-Depends on dh-apparmor | ||
264 | 262 | + d/slapd.README.Debian: add note about AppArmor | ||
265 | 263 | - Enable ufw support: | ||
266 | 264 | + d/control: suggest ufw. | ||
267 | 265 | + d/rules: install ufw profile. | ||
268 | 266 | + d/slapd.ufw.profile: add ufw profile. | ||
269 | 267 | - d/{rules,slapd.py}: Add apport hook. | ||
270 | 268 | - d/rules: better regexp to match the Maintainer tag in d/control, | ||
271 | 269 | needed in the Ubuntu case because of XSBC-Original-Maintainer | ||
272 | 270 | (Closes #960448, LP #1875697) | ||
273 | 271 | |||
274 | 272 | -- Sergio Durigan Junior <sergio.durigan@canonical.com> Mon, 06 Jun 2022 15:34:48 -0400 | ||
275 | 273 | |||
276 | 274 | openldap (2.5.11+dfsg-1~exp1ubuntu3) jammy; urgency=medium | ||
277 | 275 | |||
278 | 276 | * No-change rebuild to update maintainer scripts, see LP: 1959054 | ||
279 | 277 | |||
280 | 278 | -- Dave Jones <dave.jones@canonical.com> Wed, 16 Feb 2022 17:15:26 +0000 | ||
281 | 279 | |||
282 | 280 | openldap (2.5.11+dfsg-1~exp1ubuntu2) jammy; urgency=medium | ||
283 | 281 | |||
284 | 282 | * No-change rebuild for the perl update. | ||
285 | 283 | |||
286 | 284 | -- Matthias Klose <doko@ubuntu.com> Mon, 07 Feb 2022 07:51:42 +0100 | ||
287 | 285 | |||
288 | 286 | openldap (2.5.11+dfsg-1~exp1ubuntu1) jammy; urgency=medium | ||
289 | 287 | |||
290 | 288 | * Merge with Debian unstable (LP: #1946883). Remaining changes: | ||
291 | 289 | - Enable AppArmor support: | ||
292 | 290 | + d/apparmor-profile: add AppArmor profile | ||
293 | 291 | + d/rules: use dh_apparmor | ||
294 | 292 | + d/control: Build-Depends on dh-apparmor | ||
295 | 293 | + d/slapd.README.Debian: add note about AppArmor | ||
296 | 294 | - Enable ufw support: | ||
297 | 295 | + d/control: suggest ufw. | ||
298 | 296 | + d/rules: install ufw profile. | ||
299 | 297 | + d/slapd.ufw.profile: add ufw profile. | ||
300 | 298 | - d/{rules,slapd.py}: Add apport hook. | ||
301 | 299 | - d/rules: better regexp to match the Maintainer tag in d/control, | ||
302 | 300 | needed in the Ubuntu case because of XSBC-Original-Maintainer | ||
303 | 301 | (Closes #960448, LP #1875697) | ||
304 | 302 | |||
305 | 303 | -- Sergio Durigan Junior <sergio.durigan@canonical.com> Tue, 25 Jan 2022 17:06:12 -0500 | ||
306 | 304 | |||
307 | 97 | openldap (2.5.11+dfsg-1~exp1) experimental; urgency=medium | 305 | openldap (2.5.11+dfsg-1~exp1) experimental; urgency=medium |
308 | 98 | 306 | ||
309 | 99 | * New upstream release. | 307 | * New upstream release. |
310 | @@ -125,6 +333,25 @@ openldap (2.5.7+dfsg-1~exp1) experimental; urgency=medium | |||
311 | 125 | 333 | ||
312 | 126 | -- Ryan Tandy <ryan@nardis.ca> Mon, 30 Aug 2021 18:54:25 -0700 | 334 | -- Ryan Tandy <ryan@nardis.ca> Mon, 30 Aug 2021 18:54:25 -0700 |
313 | 127 | 335 | ||
314 | 336 | openldap (2.5.6+dfsg-1~exp1ubuntu1) impish; urgency=medium | ||
315 | 337 | |||
316 | 338 | * Merge with Debian unstable. Remaining changes: | ||
317 | 339 | - Enable AppArmor support: | ||
318 | 340 | + d/apparmor-profile: add AppArmor profile | ||
319 | 341 | + d/rules: use dh_apparmor | ||
320 | 342 | + d/control: Build-Depends on dh-apparmor | ||
321 | 343 | + d/slapd.README.Debian: add note about AppArmor | ||
322 | 344 | - Enable ufw support: | ||
323 | 345 | + d/control: suggest ufw. | ||
324 | 346 | + d/rules: install ufw profile. | ||
325 | 347 | + d/slapd.ufw.profile: add ufw profile. | ||
326 | 348 | - d/{rules,slapd.py}: Add apport hook. | ||
327 | 349 | - d/rules: better regexp to match the Maintainer tag in d/control, | ||
328 | 350 | needed in the Ubuntu case because of XSBC-Original-Maintainer | ||
329 | 351 | (Closes #960448, LP #1875697) | ||
330 | 352 | |||
331 | 353 | -- Sergio Durigan Junior <sergio.durigan@canonical.com> Tue, 17 Aug 2021 14:06:00 -0400 | ||
332 | 354 | |||
333 | 128 | openldap (2.5.6+dfsg-1~exp1) experimental; urgency=medium | 355 | openldap (2.5.6+dfsg-1~exp1) experimental; urgency=medium |
334 | 129 | 356 | ||
335 | 130 | [ Ryan Tandy ] | 357 | [ Ryan Tandy ] |
336 | @@ -159,6 +386,59 @@ openldap (2.5.6+dfsg-1~exp1) experimental; urgency=medium | |||
337 | 159 | 386 | ||
338 | 160 | -- Ryan Tandy <ryan@nardis.ca> Mon, 16 Aug 2021 18:32:29 -0700 | 387 | -- Ryan Tandy <ryan@nardis.ca> Mon, 16 Aug 2021 18:32:29 -0700 |
339 | 161 | 388 | ||
340 | 389 | openldap (2.5.5+dfsg-1~exp1ubuntu1) impish; urgency=medium | ||
341 | 390 | |||
342 | 391 | * Merge with Debian unstable. Remaining changes: | ||
343 | 392 | - Enable AppArmor support: | ||
344 | 393 | + d/apparmor-profile: add AppArmor profile | ||
345 | 394 | + d/rules: use dh_apparmor | ||
346 | 395 | + d/control: Build-Depends on dh-apparmor | ||
347 | 396 | + d/slapd.README.Debian: add note about AppArmor | ||
348 | 397 | - Enable ufw support: | ||
349 | 398 | + d/control: suggest ufw. | ||
350 | 399 | + d/rules: install ufw profile. | ||
351 | 400 | + d/slapd.ufw.profile: add ufw profile. | ||
352 | 401 | - d/{rules,slapd.py}: Add apport hook. | ||
353 | 402 | - d/rules: better regexp to match the Maintainer tag in d/control, | ||
354 | 403 | needed in the Ubuntu case because of XSBC-Original-Maintainer | ||
355 | 404 | (Closes #960448, LP #1875697) | ||
356 | 405 | * Dropped changes: | ||
357 | 406 | - Enable GSSAPI support (first added in 2.4.18-0ubuntu2): | ||
358 | 407 | + d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): | ||
359 | 408 | - Add --with-gssapi support | ||
360 | 409 | - Make guess_service_principal() more robust when determining | ||
361 | 410 | principal | ||
362 | 411 | + d/configure.options: Configure with --with-gssapi | ||
363 | 412 | + d/control: Added heimdal-dev as a build depend | ||
364 | 413 | + d/rules: | ||
365 | 414 | - Explicitly add -I/usr/include/heimdal to CFLAGS. | ||
366 | 415 | - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS. | ||
367 | 416 | + d/libldap-2.4-2.symbols: add symbols for GSSAPI support | ||
368 | 417 | This should be dropped when the soname changes. | ||
369 | 418 | [ Dropped as planned after soname bump due to 2.5.5 update. ] | ||
370 | 419 | - Enable nss overlay: | ||
371 | 420 | + d/rules: | ||
372 | 421 | - add nssov to CONTRIB_MODULES | ||
373 | 422 | - add sysconfdir to CONTRIB_MAKEVARS | ||
374 | 423 | + d/slapd.install: install nssov overlay | ||
375 | 424 | + d/slapd.manpages: install slapo-nssov(5) man page | ||
376 | 425 | + d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding | ||
377 | 426 | Debian bug #919136, we also have to patch the nssov makefile | ||
378 | 427 | accordingly and thus update this patch. | ||
379 | 428 | [ Dropped as planned after soname bump due to 2.5.5 update. ] | ||
380 | 429 | - Add support for CLDAP (UDP) support, back then required by | ||
381 | 430 | likewise-open (first enabled in 2.4.17-1ubuntu2): | ||
382 | 431 | + d/rules: Enable -DLDAP_CONNECTIONLESS | ||
383 | 432 | + d/libldap-2.4-2.symbols: add symbols for CLDAP (UDP) | ||
384 | 433 | This should be dropped when the soname changes. | ||
385 | 434 | [ Dropped as planned after soname bump due to 2.5.5 update. ] | ||
386 | 435 | - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because | ||
387 | 436 | of test timing issue. | ||
388 | 437 | [ Dropped because the latest update improved the testcase and | ||
389 | 438 | there is no FTBFS on riscv64 anymore. ] | ||
390 | 439 | |||
391 | 440 | -- Sergio Durigan Junior <sergio.durigan@canonical.com> Tue, 15 Jun 2021 17:20:34 -0400 | ||
392 | 441 | |||
393 | 162 | openldap (2.5.5+dfsg-1~exp1) experimental; urgency=medium | 442 | openldap (2.5.5+dfsg-1~exp1) experimental; urgency=medium |
394 | 163 | 443 | ||
395 | 164 | * New upstream release. | 444 | * New upstream release. |
396 | @@ -264,6 +544,53 @@ openldap (2.4.57+dfsg-3) unstable; urgency=medium | |||
397 | 264 | 544 | ||
398 | 265 | -- Ryan Tandy <ryan@nardis.ca> Sat, 15 May 2021 16:03:34 -0700 | 545 | -- Ryan Tandy <ryan@nardis.ca> Sat, 15 May 2021 16:03:34 -0700 |
399 | 266 | 546 | ||
400 | 547 | openldap (2.4.57+dfsg-2ubuntu1) hirsute; urgency=medium | ||
401 | 548 | |||
402 | 549 | * Merge with Debian unstable. Remaining changes: | ||
403 | 550 | - Enable AppArmor support: | ||
404 | 551 | + d/apparmor-profile: add AppArmor profile | ||
405 | 552 | + d/rules: use dh_apparmor | ||
406 | 553 | + d/control: Build-Depends on dh-apparmor | ||
407 | 554 | + d/slapd.README.Debian: add note about AppArmor | ||
408 | 555 | - Enable GSSAPI support (first added in 2.4.18-0ubuntu2): | ||
409 | 556 | + d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): | ||
410 | 557 | - Add --with-gssapi support | ||
411 | 558 | - Make guess_service_principal() more robust when determining | ||
412 | 559 | principal | ||
413 | 560 | + d/configure.options: Configure with --with-gssapi | ||
414 | 561 | + d/control: Added heimdal-dev as a build depend | ||
415 | 562 | + d/rules: | ||
416 | 563 | - Explicitly add -I/usr/include/heimdal to CFLAGS. | ||
417 | 564 | - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS. | ||
418 | 565 | + d/libldap-2.4-2.symbols: add symbols for GSSAPI support | ||
419 | 566 | This should be dropped when the soname changes. | ||
420 | 567 | - Enable ufw support: | ||
421 | 568 | + d/control: suggest ufw. | ||
422 | 569 | + d/rules: install ufw profile. | ||
423 | 570 | + d/slapd.ufw.profile: add ufw profile. | ||
424 | 571 | - Enable nss overlay: | ||
425 | 572 | + d/rules: | ||
426 | 573 | - add nssov to CONTRIB_MODULES | ||
427 | 574 | - add sysconfdir to CONTRIB_MAKEVARS | ||
428 | 575 | + d/slapd.install: install nssov overlay | ||
429 | 576 | + d/slapd.manpages: install slapo-nssov(5) man page | ||
430 | 577 | + d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding | ||
431 | 578 | Debian bug #919136, we also have to patch the nssov makefile | ||
432 | 579 | accordingly and thus update this patch. | ||
433 | 580 | - d/{rules,slapd.py}: Add apport hook. | ||
434 | 581 | - Add support for CLDAP (UDP) support, back then required by | ||
435 | 582 | likewise-open (first enabled in 2.4.17-1ubuntu2): | ||
436 | 583 | + d/rules: Enable -DLDAP_CONNECTIONLESS | ||
437 | 584 | + d/libldap-2.4-2.symbols: add symbols for CLDAP (UDP) | ||
438 | 585 | This should be dropped when the soname changes. | ||
439 | 586 | - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because | ||
440 | 587 | of test timing issue. | ||
441 | 588 | - d/rules: better regexp to match the Maintainer tag in d/control, | ||
442 | 589 | needed in the Ubuntu case because of XSBC-Original-Maintainer | ||
443 | 590 | (Closes #960448, LP #1875697) | ||
444 | 591 | |||
445 | 592 | -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 18 Feb 2021 10:15:38 -0500 | ||
446 | 593 | |||
447 | 267 | openldap (2.4.57+dfsg-2) unstable; urgency=medium | 594 | openldap (2.4.57+dfsg-2) unstable; urgency=medium |
448 | 268 | 595 | ||
449 | 269 | * Fix slapd assertion failure in Certificate List Exact Assertion validation | 596 | * Fix slapd assertion failure in Certificate List Exact Assertion validation |
450 | @@ -293,6 +620,65 @@ openldap (2.4.57+dfsg-1) unstable; urgency=medium | |||
451 | 293 | 620 | ||
452 | 294 | -- Ryan Tandy <ryan@nardis.ca> Sat, 23 Jan 2021 08:57:07 -0800 | 621 | -- Ryan Tandy <ryan@nardis.ca> Sat, 23 Jan 2021 08:57:07 -0800 |
453 | 295 | 622 | ||
454 | 623 | openldap (2.4.56+dfsg-1ubuntu2) hirsute; urgency=medium | ||
455 | 624 | |||
456 | 625 | * debian/apparmor-profile: add AppArmor rule for locking replay cache. | ||
457 | 626 | In Hirsute, a change (presumably in src:krb5) has caused slapd to be | ||
458 | 627 | denied by AppArmor for locking /var/tmp/krb5_*.rcache2. This is | ||
459 | 628 | acceptable, so add it to the AppArmor profile. This fixes the dep8 | ||
460 | 629 | test in src:krb5 that uses slapd for testing. | ||
461 | 630 | |||
462 | 631 | -- Robie Basak <robie.basak@ubuntu.com> Tue, 26 Jan 2021 13:02:40 +0000 | ||
463 | 632 | |||
464 | 633 | openldap (2.4.56+dfsg-1ubuntu1) hirsute; urgency=medium | ||
465 | 634 | |||
466 | 635 | * Merge with Debian unstable. Remaining changes: | ||
467 | 636 | - Enable AppArmor support: | ||
468 | 637 | + d/apparmor-profile: add AppArmor profile | ||
469 | 638 | + d/rules: use dh_apparmor | ||
470 | 639 | + d/control: Build-Depends on dh-apparmor | ||
471 | 640 | + d/slapd.README.Debian: add note about AppArmor | ||
472 | 641 | - Enable GSSAPI support (first added in 2.4.18-0ubuntu2): | ||
473 | 642 | + d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): | ||
474 | 643 | - Add --with-gssapi support | ||
475 | 644 | - Make guess_service_principal() more robust when determining | ||
476 | 645 | principal | ||
477 | 646 | + d/configure.options: Configure with --with-gssapi | ||
478 | 647 | + d/control: Added heimdal-dev as a build depend | ||
479 | 648 | + d/rules: | ||
480 | 649 | - Explicitly add -I/usr/include/heimdal to CFLAGS. | ||
481 | 650 | - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS. | ||
482 | 651 | + d/libldap-2.4-2.symbols: add symbols for GSSAPI support | ||
483 | 652 | This should be dropped when the soname changes. | ||
484 | 653 | - Enable ufw support: | ||
485 | 654 | + d/control: suggest ufw. | ||
486 | 655 | + d/rules: install ufw profile. | ||
487 | 656 | + d/slapd.ufw.profile: add ufw profile. | ||
488 | 657 | - Enable nss overlay: | ||
489 | 658 | + d/rules: | ||
490 | 659 | - add nssov to CONTRIB_MODULES | ||
491 | 660 | - add sysconfdir to CONTRIB_MAKEVARS | ||
492 | 661 | + d/slapd.install: install nssov overlay | ||
493 | 662 | + d/slapd.manpages: install slapo-nssov(5) man page | ||
494 | 663 | + d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding | ||
495 | 664 | Debian bug #919136, we also have to patch the nssov makefile | ||
496 | 665 | accordingly and thus update this patch. | ||
497 | 666 | - d/{rules,slapd.py}: Add apport hook. | ||
498 | 667 | - Add support for CLDAP (UDP) support, back then required by | ||
499 | 668 | likewise-open (first enabled in 2.4.17-1ubuntu2): | ||
500 | 669 | + d/rules: Enable -DLDAP_CONNECTIONLESS | ||
501 | 670 | + d/libldap-2.4-2.symbols: add symbols for CLDAP (UDP) | ||
502 | 671 | This should be dropped when the soname changes. | ||
503 | 672 | - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because | ||
504 | 673 | of test timing issue. | ||
505 | 674 | - d/rules: better regexp to match the Maintainer tag in d/control, | ||
506 | 675 | needed in the Ubuntu case because of XSBC-Original-Maintainer | ||
507 | 676 | (Closes #960448, LP #1875697) | ||
508 | 677 | * d/apparmor-profile: use abstractions/ssl_keys instead of manual rules, | ||
509 | 678 | allows letsencrypt to work. Thanks to Paul McEnery (LP: #1909748) | ||
510 | 679 | |||
511 | 680 | -- Paride Legovini <paride.legovini@canonical.com> Mon, 04 Jan 2021 16:18:57 +0100 | ||
512 | 681 | |||
513 | 296 | openldap (2.4.56+dfsg-1) unstable; urgency=medium | 682 | openldap (2.4.56+dfsg-1) unstable; urgency=medium |
514 | 297 | 683 | ||
515 | 298 | * New upstream release. | 684 | * New upstream release. |
516 | @@ -319,12 +705,151 @@ openldap (2.4.54+dfsg-1) unstable; urgency=medium | |||
517 | 319 | 705 | ||
518 | 320 | -- Ryan Tandy <ryan@nardis.ca> Sun, 18 Oct 2020 16:03:46 +0000 | 706 | -- Ryan Tandy <ryan@nardis.ca> Sun, 18 Oct 2020 16:03:46 +0000 |
519 | 321 | 707 | ||
520 | 708 | openldap (2.4.53+dfsg-1ubuntu5) hirsute; urgency=medium | ||
521 | 709 | |||
522 | 710 | * SECURITY UPDATE: assertion failure in Certificate List syntax | ||
523 | 711 | validation | ||
524 | 712 | - debian/patches/CVE-2020-25709.patch: properly handle error in | ||
525 | 713 | servers/slapd/schema_init.c. | ||
526 | 714 | - CVE-2020-25709 | ||
527 | 715 | * SECURITY UPDATE: assertion failure in CSN normalization with invalid | ||
528 | 716 | input | ||
529 | 717 | - debian/patches/CVE-2020-25710.patch: properly handle error in | ||
530 | 718 | servers/slapd/schema_init.c. | ||
531 | 719 | - CVE-2020-25710 | ||
532 | 720 | |||
533 | 721 | -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 17 Nov 2020 09:41:47 -0500 | ||
534 | 722 | |||
535 | 723 | openldap (2.4.53+dfsg-1ubuntu4) hirsute; urgency=medium | ||
536 | 724 | |||
537 | 725 | * SECURITY UPDATE: DoS via NULL pointer dereference | ||
538 | 726 | - debian/patches/CVE-2020-25692.patch: skip normalization if there's no | ||
539 | 727 | equality rule in servers/slapd/modrdn.c. | ||
540 | 728 | - CVE-2020-25692 | ||
541 | 729 | |||
542 | 730 | -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 09 Nov 2020 14:02:02 -0500 | ||
543 | 731 | |||
544 | 732 | openldap (2.4.53+dfsg-1ubuntu3) hirsute; urgency=medium | ||
545 | 733 | |||
546 | 734 | * No-change rebuild for the perl update. | ||
547 | 735 | |||
548 | 736 | -- Matthias Klose <doko@ubuntu.com> Mon, 09 Nov 2020 12:53:38 +0100 | ||
549 | 737 | |||
550 | 738 | openldap (2.4.53+dfsg-1ubuntu2) hirsute; urgency=medium | ||
551 | 739 | |||
552 | 740 | * No-change rebuild for the perl update. | ||
553 | 741 | |||
554 | 742 | -- Matthias Klose <doko@ubuntu.com> Mon, 09 Nov 2020 10:51:32 +0100 | ||
555 | 743 | |||
556 | 744 | openldap (2.4.53+dfsg-1ubuntu1) groovy; urgency=medium | ||
557 | 745 | |||
558 | 746 | * Merge with Debian unstable (LP: #1894838). Remaining changes: | ||
559 | 747 | - Enable AppArmor support: | ||
560 | 748 | + d/apparmor-profile: add AppArmor profile | ||
561 | 749 | + d/rules: use dh_apparmor | ||
562 | 750 | + d/control: Build-Depends on dh-apparmor | ||
563 | 751 | + d/slapd.README.Debian: add note about AppArmor | ||
564 | 752 | - Enable GSSAPI support (first added in 2.4.18-0ubuntu2): | ||
565 | 753 | + d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): | ||
566 | 754 | - Add --with-gssapi support | ||
567 | 755 | - Make guess_service_principal() more robust when determining | ||
568 | 756 | principal | ||
569 | 757 | + d/configure.options: Configure with --with-gssapi | ||
570 | 758 | + d/control: Added heimdal-dev as a build depend | ||
571 | 759 | + d/rules: | ||
572 | 760 | - Explicitly add -I/usr/include/heimdal to CFLAGS. | ||
573 | 761 | - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS. | ||
574 | 762 | + d/libldap-2.4-2.symbols: add symbols for GSSAPI support | ||
575 | 763 | This should be dropped when the soname changes. | ||
576 | 764 | - Enable ufw support: | ||
577 | 765 | + d/control: suggest ufw. | ||
578 | 766 | + d/rules: install ufw profile. | ||
579 | 767 | + d/slapd.ufw.profile: add ufw profile. | ||
580 | 768 | - Enable nss overlay: | ||
581 | 769 | + d/rules: | ||
582 | 770 | - add nssov to CONTRIB_MODULES | ||
583 | 771 | - add sysconfdir to CONTRIB_MAKEVARS | ||
584 | 772 | + d/slapd.install: install nssov overlay | ||
585 | 773 | + d/slapd.manpages: install slapo-nssov(5) man page | ||
586 | 774 | + d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding | ||
587 | 775 | Debian bug #919136, we also have to patch the nssov makefile | ||
588 | 776 | accordingly and thus update this patch. | ||
589 | 777 | - d/{rules,slapd.py}: Add apport hook. | ||
590 | 778 | - Add support for CLDAP (UDP) support, back then required by | ||
591 | 779 | likewise-open (first enabled in 2.4.17-1ubuntu2): | ||
592 | 780 | + d/rules: Enable -DLDAP_CONNECTIONLESS | ||
593 | 781 | + d/libldap-2.4-2.symbols: add symbols for CLDAP (UDP) | ||
594 | 782 | This should be dropped when the soname changes. | ||
595 | 783 | - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because | ||
596 | 784 | of test timing issue. | ||
597 | 785 | - d/rules: better regexp to match the Maintainer tag in d/control, | ||
598 | 786 | needed in the Ubuntu case because of XSBC-Original-Maintainer | ||
599 | 787 | (Closes #960448, LP #1875697) | ||
600 | 788 | |||
601 | 789 | -- Andreas Hasenack <andreas@canonical.com> Tue, 08 Sep 2020 09:36:58 -0300 | ||
602 | 790 | |||
603 | 322 | openldap (2.4.53+dfsg-1) unstable; urgency=medium | 791 | openldap (2.4.53+dfsg-1) unstable; urgency=medium |
604 | 323 | 792 | ||
605 | 324 | * New upstream release. | 793 | * New upstream release. |
606 | 325 | 794 | ||
607 | 326 | -- Ryan Tandy <ryan@nardis.ca> Mon, 07 Sep 2020 09:47:28 -0700 | 795 | -- Ryan Tandy <ryan@nardis.ca> Mon, 07 Sep 2020 09:47:28 -0700 |
608 | 327 | 796 | ||
609 | 797 | openldap (2.4.51+dfsg-1ubuntu1) groovy; urgency=medium | ||
610 | 798 | |||
611 | 799 | * Merge with Debian unstable. Remaining changes: | ||
612 | 800 | - Enable AppArmor support: | ||
613 | 801 | + d/apparmor-profile: add AppArmor profile | ||
614 | 802 | + d/rules: use dh_apparmor | ||
615 | 803 | + d/control: Build-Depends on dh-apparmor | ||
616 | 804 | + d/slapd.README.Debian: add note about AppArmor | ||
617 | 805 | - Enable GSSAPI support (first added in 2.4.18-0ubuntu2): | ||
618 | 806 | + d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): | ||
619 | 807 | - Add --with-gssapi support | ||
620 | 808 | - Make guess_service_principal() more robust when determining | ||
621 | 809 | principal | ||
622 | 810 | + d/configure.options: Configure with --with-gssapi | ||
623 | 811 | + d/control: Added heimdal-dev as a build depend | ||
624 | 812 | + d/rules: | ||
625 | 813 | - Explicitly add -I/usr/include/heimdal to CFLAGS. | ||
626 | 814 | - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS. | ||
627 | 815 | + d/libldap-2.4-2.symbols: add symbols for GSSAPI support | ||
628 | 816 | This should be dropped when the soname changes. | ||
629 | 817 | - Enable ufw support: | ||
630 | 818 | + d/control: suggest ufw. | ||
631 | 819 | + d/rules: install ufw profile. | ||
632 | 820 | + d/slapd.ufw.profile: add ufw profile. | ||
633 | 821 | - Enable nss overlay: | ||
634 | 822 | + d/rules: | ||
635 | 823 | - add nssov to CONTRIB_MODULES | ||
636 | 824 | - add sysconfdir to CONTRIB_MAKEVARS | ||
637 | 825 | + d/slapd.install: install nssov overlay | ||
638 | 826 | + d/slapd.manpages: install slapo-nssov(5) man page | ||
639 | 827 | + d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding | ||
640 | 828 | Debian bug #919136, we also have to patch the nssov makefile | ||
641 | 829 | accordingly and thus update this patch. | ||
642 | 830 | - d/{rules,slapd.py}: Add apport hook. | ||
643 | 831 | - Add support for CLDAP (UDP) support, back then required by | ||
644 | 832 | likewise-open (first enabled in 2.4.17-1ubuntu2): | ||
645 | 833 | + d/rules: Enable -DLDAP_CONNECTIONLESS | ||
646 | 834 | + d/libldap-2.4-2.symbols: add symbols for CLDAP (UDP) | ||
647 | 835 | This should be dropped when the soname changes. | ||
648 | 836 | - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because | ||
649 | 837 | of test timing issue. | ||
650 | 838 | - d/rules: better regexp to match the Maintainer tag in d/control, | ||
651 | 839 | needed in the Ubuntu case because of XSBC-Original-Maintainer | ||
652 | 840 | (Closes #960448, LP #1875697) | ||
653 | 841 | * Dropped: | ||
654 | 842 | - d/{slapd.default,slapd.README.Debian}: use the new configuration style. | ||
655 | 843 | [In 2.4.51+dfsg-1] | ||
656 | 844 | - d/slapd.scripts-common: | ||
657 | 845 | + add slapcat_opts to local variables. | ||
658 | 846 | + Fix backup directory naming for multiple reconfiguration. | ||
659 | 847 | [In 2.4.51+dfsg-1] | ||
660 | 848 | - debian/patches/set-maintainer-name: our d/rules change needs to | ||
661 | 849 | be kept, but this patch is in 2.4.51+dfsg-1. | ||
662 | 850 | |||
663 | 851 | -- Andreas Hasenack <andreas@canonical.com> Wed, 26 Aug 2020 11:03:24 -0300 | ||
664 | 852 | |||
665 | 328 | openldap (2.4.51+dfsg-1) unstable; urgency=medium | 853 | openldap (2.4.51+dfsg-1) unstable; urgency=medium |
666 | 329 | 854 | ||
667 | 330 | * New upstream release. | 855 | * New upstream release. |
668 | @@ -370,6 +895,85 @@ openldap (2.4.51+dfsg-1) unstable; urgency=medium | |||
669 | 370 | 895 | ||
670 | 371 | -- Ryan Tandy <ryan@nardis.ca> Sun, 23 Aug 2020 11:09:57 -0700 | 896 | -- Ryan Tandy <ryan@nardis.ca> Sun, 23 Aug 2020 11:09:57 -0700 |
671 | 372 | 897 | ||
672 | 898 | openldap (2.4.50+dfsg-1ubuntu3) groovy; urgency=medium | ||
673 | 899 | |||
674 | 900 | * No change rebuild against new libnettle8 and libhogweed6 ABI. | ||
675 | 901 | |||
676 | 902 | -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 29 Jun 2020 22:31:30 +0100 | ||
677 | 903 | |||
678 | 904 | openldap (2.4.50+dfsg-1ubuntu2) groovy; urgency=medium | ||
679 | 905 | |||
680 | 906 | * d/apparmor-profile: Update apparmor profile to grant access to | ||
681 | 907 | the saslauthd socket, so that SASL authentication works. (LP: #1557157) | ||
682 | 908 | |||
683 | 909 | -- Sergio Durigan Junior <sergio.durigan@canonical.com> Fri, 12 Jun 2020 18:20:42 -0400 | ||
684 | 910 | |||
685 | 911 | openldap (2.4.50+dfsg-1ubuntu1) groovy; urgency=medium | ||
686 | 912 | |||
687 | 913 | * Merge with Debian unstable. Remaining changes: | ||
688 | 914 | - Enable AppArmor support: | ||
689 | 915 | + d/apparmor-profile: add AppArmor profile | ||
690 | 916 | + d/rules: use dh_apparmor | ||
691 | 917 | + d/control: Build-Depends on dh-apparmor | ||
692 | 918 | + d/slapd.README.Debian: add note about AppArmor | ||
693 | 919 | - Enable GSSAPI support (first added in 2.4.18-0ubuntu2): | ||
694 | 920 | + d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): | ||
695 | 921 | - Add --with-gssapi support | ||
696 | 922 | - Make guess_service_principal() more robust when determining | ||
697 | 923 | principal | ||
698 | 924 | + d/configure.options: Configure with --with-gssapi | ||
699 | 925 | + d/control: Added heimdal-dev as a build depend | ||
700 | 926 | + d/rules: | ||
701 | 927 | - Explicitly add -I/usr/include/heimdal to CFLAGS. | ||
702 | 928 | - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS. | ||
703 | 929 | + d/libldap-2.4-2.symbols: add symbols for GSSAPI support | ||
704 | 930 | This should be dropped when the soname changes. | ||
705 | 931 | - Enable ufw support: | ||
706 | 932 | + d/control: suggest ufw. | ||
707 | 933 | + d/rules: install ufw profile. | ||
708 | 934 | + d/slapd.ufw.profile: add ufw profile. | ||
709 | 935 | - Enable nss overlay: | ||
710 | 936 | + d/rules: | ||
711 | 937 | - add nssov to CONTRIB_MODULES | ||
712 | 938 | - add sysconfdir to CONTRIB_MAKEVARS | ||
713 | 939 | + d/slapd.install: | ||
714 | 940 | - install nssov overlay | ||
715 | 941 | + d/slapd.manpages: | ||
716 | 942 | - install slapo-nssov(5) man page | ||
717 | 943 | + d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding | ||
718 | 944 | Debian bug #919136, we also have to patch the nssov makefile | ||
719 | 945 | accordingly and thus update this patch. | ||
720 | 946 | - d/{rules,slapd.py}: Add apport hook. | ||
721 | 947 | - d/slapd.scripts-common: | ||
722 | 948 | + add slapcat_opts to local variables. | ||
723 | 949 | + Fix backup directory naming for multiple reconfiguration. | ||
724 | 950 | - d/{slapd.default,slapd.README.Debian}: use the new configuration style. | ||
725 | 951 | - Add support for CLDAP (UDP) support, back then required by | ||
726 | 952 | likewise-open (first enabled in 2.4.17-1ubuntu2): | ||
727 | 953 | + d/rules: Enable -DLDAP_CONNECTIONLESS | ||
728 | 954 | + d/libldap-2.4-2.symbols: add symbols for CLDAP (UDP) | ||
729 | 955 | This should be dropped when the soname changes. | ||
730 | 956 | - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because | ||
731 | 957 | of test timing issue. | ||
732 | 958 | * Dropped: | ||
733 | 959 | - d/slapd.init.ldif: don't set olcRootDN since it's not defined in | ||
734 | 960 | either the default DIT nor via an Authn mapping. | ||
735 | 961 | [Not worth keeping a delta for, as having olcRootDN doesn't hurt] | ||
736 | 962 | - Show distribution in version: | ||
737 | 963 | - d/control: added lsb-release | ||
738 | 964 | - d/patches/fix-ldap-distribution.patch: show distribution in version | ||
739 | 965 | [Debian now shows the full package version] | ||
740 | 966 | - SECURITY UPDATE: denial of service via nested search filters | ||
741 | 967 | + debian/patches/CVE-2020-12243.patch: limit depth of nested | ||
742 | 968 | filters in servers/slapd/filter.c. | ||
743 | 969 | [Fixed upstream] | ||
744 | 970 | * Added: | ||
745 | 971 | - d/rules, debian/patches/set-maintainer-name: Extract maintainer | ||
746 | 972 | address dynamically from debian/control. Thanks to Ryan Tandy | ||
747 | 973 | <ryan@nardis.ca> (Closes: #960448, LP: #1875697) | ||
748 | 974 | |||
749 | 975 | -- Andreas Hasenack <andreas@canonical.com> Mon, 01 Jun 2020 09:19:58 -0300 | ||
750 | 976 | |||
751 | 373 | openldap (2.4.50+dfsg-1) unstable; urgency=medium | 977 | openldap (2.4.50+dfsg-1) unstable; urgency=medium |
752 | 374 | 978 | ||
753 | 375 | * New upstream release. | 979 | * New upstream release. |
754 | @@ -412,6 +1016,69 @@ openldap (2.4.49+dfsg-3) unstable; urgency=medium | |||
755 | 412 | 1016 | ||
756 | 413 | -- Ryan Tandy <ryan@nardis.ca> Sat, 04 Apr 2020 10:43:56 -0700 | 1017 | -- Ryan Tandy <ryan@nardis.ca> Sat, 04 Apr 2020 10:43:56 -0700 |
757 | 414 | 1018 | ||
758 | 1019 | openldap (2.4.49+dfsg-2ubuntu2) groovy; urgency=medium | ||
759 | 1020 | |||
760 | 1021 | * SECURITY UPDATE: denial of service via nested search filters | ||
761 | 1022 | - debian/patches/CVE-2020-12243.patch: limit depth of nested filters in | ||
762 | 1023 | servers/slapd/filter.c. | ||
763 | 1024 | - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because of | ||
764 | 1025 | test timing issue. | ||
765 | 1026 | - CVE-2020-12243 | ||
766 | 1027 | |||
767 | 1028 | -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 01 May 2020 13:09:12 -0400 | ||
768 | 1029 | |||
769 | 1030 | openldap (2.4.49+dfsg-2ubuntu1) focal; urgency=medium | ||
770 | 1031 | |||
771 | 1032 | * Merge with Debian unstable (LP: #1866303). Remaining changes: | ||
772 | 1033 | - Enable AppArmor support: | ||
773 | 1034 | - d/apparmor-profile: add AppArmor profile | ||
774 | 1035 | - d/rules: use dh_apparmor | ||
775 | 1036 | - d/control: Build-Depends on dh-apparmor | ||
776 | 1037 | - d/slapd.README.Debian: add note about AppArmor | ||
777 | 1038 | - Enable GSSAPI support: | ||
778 | 1039 | - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): | ||
779 | 1040 | - Add --with-gssapi support | ||
780 | 1041 | - Make guess_service_principal() more robust when determining | ||
781 | 1042 | principal | ||
782 | 1043 | [Dropped the ldap_gssapi_bind_s() hunk as that is already | ||
783 | 1044 | - d/configure.options: Configure with --with-gssapi | ||
784 | 1045 | - d/control: Added heimdal-dev as a build depend | ||
785 | 1046 | - d/rules: | ||
786 | 1047 | - Explicitly add -I/usr/include/heimdal to CFLAGS. | ||
787 | 1048 | - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS. | ||
788 | 1049 | - Enable ufw support: | ||
789 | 1050 | - d/control: suggest ufw. | ||
790 | 1051 | - d/rules: install ufw profile. | ||
791 | 1052 | - d/slapd.ufw.profile: add ufw profile. | ||
792 | 1053 | - Enable nss overlay: | ||
793 | 1054 | - d/rules: | ||
794 | 1055 | - add nssov to CONTRIB_MODULES | ||
795 | 1056 | - add sysconfdir to CONTRIB_MAKEVARS | ||
796 | 1057 | - d/slapd.install: | ||
797 | 1058 | - install nssov overlay | ||
798 | 1059 | - d/slapd.manpages: | ||
799 | 1060 | - install slapo-nssov(5) man page | ||
800 | 1061 | - d/{rules,slapd.py}: Add apport hook. | ||
801 | 1062 | - d/slapd.init.ldif: don't set olcRootDN since it's not defined in | ||
802 | 1063 | either the default DIT nor via an Authn mapping. | ||
803 | 1064 | - d/slapd.scripts-common: | ||
804 | 1065 | - add slapcat_opts to local variables. | ||
805 | 1066 | - Fix backup directory naming for multiple reconfiguration. | ||
806 | 1067 | - d/{slapd.default,slapd.README.Debian}: use the new configuration style. | ||
807 | 1068 | - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support | ||
808 | 1069 | in the openldap library, as required by Likewise-Open | ||
809 | 1070 | - Show distribution in version: | ||
810 | 1071 | - d/control: added lsb-release | ||
811 | 1072 | - d/patches/fix-ldap-distribution.patch: show distribution in version | ||
812 | 1073 | - d/libldap-2.4-2.symbols: Add symbols not present in Debian. | ||
813 | 1074 | - CLDAP (UDP) was added in 2.4.17-1ubuntu2 | ||
814 | 1075 | - GSSAPI support was enabled in 2.4.18-0ubuntu2 | ||
815 | 1076 | - d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding | ||
816 | 1077 | Debian bug #919136, we also have to patch the nssov makefile | ||
817 | 1078 | accordingly and thus update this patch. | ||
818 | 1079 | |||
819 | 1080 | -- Andreas Hasenack <andreas@canonical.com> Fri, 06 Mar 2020 11:39:12 -0300 | ||
820 | 1081 | |||
821 | 415 | openldap (2.4.49+dfsg-2) unstable; urgency=medium | 1082 | openldap (2.4.49+dfsg-2) unstable; urgency=medium |
822 | 416 | 1083 | ||
823 | 417 | * slapd.README.Debian: Document the initial setup performed by slapd's | 1084 | * slapd.README.Debian: Document the initial setup performed by slapd's |
824 | @@ -423,6 +1090,62 @@ openldap (2.4.49+dfsg-2) unstable; urgency=medium | |||
825 | 423 | 1090 | ||
826 | 424 | -- Ryan Tandy <ryan@nardis.ca> Thu, 05 Mar 2020 12:59:46 -0800 | 1091 | -- Ryan Tandy <ryan@nardis.ca> Thu, 05 Mar 2020 12:59:46 -0800 |
827 | 425 | 1092 | ||
828 | 1093 | openldap (2.4.49+dfsg-1ubuntu1) focal; urgency=medium | ||
829 | 1094 | |||
830 | 1095 | * Merge with Debian unstable. Remaining changes: | ||
831 | 1096 | - Enable AppArmor support: | ||
832 | 1097 | - d/apparmor-profile: add AppArmor profile | ||
833 | 1098 | - d/rules: use dh_apparmor | ||
834 | 1099 | - d/control: Build-Depends on dh-apparmor | ||
835 | 1100 | - d/slapd.README.Debian: add note about AppArmor | ||
836 | 1101 | - Enable GSSAPI support: | ||
837 | 1102 | - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): | ||
838 | 1103 | - Add --with-gssapi support | ||
839 | 1104 | - Make guess_service_principal() more robust when determining | ||
840 | 1105 | principal | ||
841 | 1106 | [Dropped the ldap_gssapi_bind_s() hunk as that is already | ||
842 | 1107 | - d/configure.options: Configure with --with-gssapi | ||
843 | 1108 | - d/control: Added heimdal-dev as a build depend | ||
844 | 1109 | - d/rules: | ||
845 | 1110 | - Explicitly add -I/usr/include/heimdal to CFLAGS. | ||
846 | 1111 | - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS. | ||
847 | 1112 | - Enable ufw support: | ||
848 | 1113 | - d/control: suggest ufw. | ||
849 | 1114 | - d/rules: install ufw profile. | ||
850 | 1115 | - d/slapd.ufw.profile: add ufw profile. | ||
851 | 1116 | - Enable nss overlay: | ||
852 | 1117 | - d/rules: | ||
853 | 1118 | - add nssov to CONTRIB_MODULES | ||
854 | 1119 | - add sysconfdir to CONTRIB_MAKEVARS | ||
855 | 1120 | - d/slapd.install: | ||
856 | 1121 | - install nssov overlay | ||
857 | 1122 | - d/slapd.manpages: | ||
858 | 1123 | - install slapo-nssov(5) man page | ||
859 | 1124 | - d/{rules,slapd.py}: Add apport hook. | ||
860 | 1125 | - d/slapd.init.ldif: don't set olcRootDN since it's not defined in | ||
861 | 1126 | either the default DIT nor via an Authn mapping. | ||
862 | 1127 | - d/slapd.scripts-common: | ||
863 | 1128 | - add slapcat_opts to local variables. | ||
864 | 1129 | - Fix backup directory naming for multiple reconfiguration. | ||
865 | 1130 | - d/{slapd.default,slapd.README.Debian}: use the new configuration style. | ||
866 | 1131 | - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support | ||
867 | 1132 | in the openldap library, as required by Likewise-Open | ||
868 | 1133 | - Show distribution in version: | ||
869 | 1134 | - d/control: added lsb-release | ||
870 | 1135 | - d/patches/fix-ldap-distribution.patch: show distribution in version | ||
871 | 1136 | - d/libldap-2.4-2.symbols: Add symbols not present in Debian. | ||
872 | 1137 | - CLDAP (UDP) was added in 2.4.17-1ubuntu2 | ||
873 | 1138 | - GSSAPI support was enabled in 2.4.18-0ubuntu2 | ||
874 | 1139 | - d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding | ||
875 | 1140 | Debian bug #919136, we also have to patch the nssov makefile | ||
876 | 1141 | accordingly and thus update this patch. | ||
877 | 1142 | * Dropped: | ||
878 | 1143 | - d/control: slapd can depend on perl:any since it only uses perl for | ||
879 | 1144 | some maintainer and helper scripts. | ||
880 | 1145 | [In 2.4.49+dfsg-1] | ||
881 | 1146 | |||
882 | 1147 | -- Andreas Hasenack <andreas@canonical.com> Mon, 10 Feb 2020 12:13:47 -0300 | ||
883 | 1148 | |||
884 | 426 | openldap (2.4.49+dfsg-1) unstable; urgency=medium | 1149 | openldap (2.4.49+dfsg-1) unstable; urgency=medium |
885 | 427 | 1150 | ||
886 | 428 | * New upstream release. | 1151 | * New upstream release. |
887 | @@ -451,6 +1174,102 @@ openldap (2.4.49+dfsg-1) unstable; urgency=medium | |||
888 | 451 | 1174 | ||
889 | 452 | -- Ryan Tandy <ryan@nardis.ca> Thu, 06 Feb 2020 10:08:12 -0800 | 1175 | -- Ryan Tandy <ryan@nardis.ca> Thu, 06 Feb 2020 10:08:12 -0800 |
890 | 453 | 1176 | ||
891 | 1177 | openldap (2.4.48+dfsg-1ubuntu4) focal; urgency=medium | ||
892 | 1178 | |||
893 | 1179 | * d/control: slapd can depend on perl:any since it only uses perl for | ||
894 | 1180 | some maintainer and helper scripts. The perl backend links against | ||
895 | 1181 | the correct architecture perl libraries already. Can be dropped | ||
896 | 1182 | after https://salsa.debian.org/openldap-team/openldap/commit/794c736 | ||
897 | 1183 | is in a Debian upload. | ||
898 | 1184 | |||
899 | 1185 | -- Andreas Hasenack <andreas@canonical.com> Mon, 06 Jan 2020 16:46:11 -0300 | ||
900 | 1186 | |||
901 | 1187 | openldap (2.4.48+dfsg-1ubuntu3) focal; urgency=medium | ||
902 | 1188 | |||
903 | 1189 | * No-change rebuild against libnettle7 | ||
904 | 1190 | |||
905 | 1191 | -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 31 Oct 2019 22:13:44 +0000 | ||
906 | 1192 | |||
907 | 1193 | openldap (2.4.48+dfsg-1ubuntu2) focal; urgency=medium | ||
908 | 1194 | |||
909 | 1195 | * No-change rebuild for the perl update. | ||
910 | 1196 | |||
911 | 1197 | -- Matthias Klose <doko@ubuntu.com> Fri, 18 Oct 2019 19:37:23 +0000 | ||
912 | 1198 | |||
913 | 1199 | openldap (2.4.48+dfsg-1ubuntu1) eoan; urgency=medium | ||
914 | 1200 | |||
915 | 1201 | * Merge with Debian unstable. Remaining changes: | ||
916 | 1202 | - Enable AppArmor support: | ||
917 | 1203 | - d/apparmor-profile: add AppArmor profile | ||
918 | 1204 | - d/rules: use dh_apparmor | ||
919 | 1205 | - d/control: Build-Depends on dh-apparmor | ||
920 | 1206 | - d/slapd.README.Debian: add note about AppArmor | ||
921 | 1207 | - Enable GSSAPI support: | ||
922 | 1208 | - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): | ||
923 | 1209 | - Add --with-gssapi support | ||
924 | 1210 | - Make guess_service_principal() more robust when determining | ||
925 | 1211 | principal | ||
926 | 1212 | - d/configure.options: Configure with --with-gssapi | ||
927 | 1213 | - d/control: Added heimdal-dev as a build depend | ||
928 | 1214 | - d/rules: | ||
929 | 1215 | - Explicitly add -I/usr/include/heimdal to CFLAGS. | ||
930 | 1216 | - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS. | ||
931 | 1217 | - Enable ufw support: | ||
932 | 1218 | - d/control: suggest ufw. | ||
933 | 1219 | - d/rules: install ufw profile. | ||
934 | 1220 | - d/slapd.ufw.profile: add ufw profile. | ||
935 | 1221 | - Enable nss overlay: | ||
936 | 1222 | - d/rules: | ||
937 | 1223 | - add nssov to CONTRIB_MODULES | ||
938 | 1224 | - add sysconfdir to CONTRIB_MAKEVARS | ||
939 | 1225 | - d/slapd.install: | ||
940 | 1226 | - install nssov overlay | ||
941 | 1227 | - d/slapd.manpages: | ||
942 | 1228 | - install slapo-nssov(5) man page | ||
943 | 1229 | - d/{rules,slapd.py}: Add apport hook. | ||
944 | 1230 | - d/slapd.init.ldif: don't set olcRootDN since it's not defined in | ||
945 | 1231 | either the default DIT nor via an Authn mapping. | ||
946 | 1232 | - d/slapd.scripts-common: | ||
947 | 1233 | - add slapcat_opts to local variables. | ||
948 | 1234 | - Fix backup directory naming for multiple reconfiguration. | ||
949 | 1235 | - d/{slapd.default,slapd.README.Debian}: use the new configuration style. | ||
950 | 1236 | - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support | ||
951 | 1237 | in the openldap library, as required by Likewise-Open | ||
952 | 1238 | - Show distribution in version: | ||
953 | 1239 | - d/control: added lsb-release | ||
954 | 1240 | - d/patches/fix-ldap-distribution.patch: show distribution in version | ||
955 | 1241 | - d/libldap-2.4-2.symbols: Add symbols not present in Debian. | ||
956 | 1242 | - CLDAP (UDP) was added in 2.4.17-1ubuntu2 | ||
957 | 1243 | - GSSAPI support was enabled in 2.4.18-0ubuntu2 | ||
958 | 1244 | - d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding | ||
959 | 1245 | Debian bug #919136, we also have to patch the nssov makefile | ||
960 | 1246 | accordingly and thus update this patch. | ||
961 | 1247 | * Dropped: | ||
962 | 1248 | - Fix sysv-generator unit file by customizing parameters (LP #1821343) | ||
963 | 1249 | + d/slapd-remain-after-exit.conf: Override RemainAfterExit to allow | ||
964 | 1250 | correct systemctl status for slapd daemon. | ||
965 | 1251 | + d/slapd.install: place override file in correct location. | ||
966 | 1252 | [Included in 2.4.48+dfsg-1] | ||
967 | 1253 | - SECURITY UPDATE: rootDN proxyauthz not restricted to its own databases | ||
968 | 1254 | + debian/patches/CVE-2019-13057-1.patch: add restriction to | ||
969 | 1255 | servers/slapd/saslauthz.c. | ||
970 | 1256 | + debian/patches/CVE-2019-13057-2.patch: add tests to | ||
971 | 1257 | tests/data/idassert.out, tests/data/slapd-idassert.conf, | ||
972 | 1258 | tests/data/test-idassert1.ldif, tests/scripts/test028-idassert. | ||
973 | 1259 | + debian/patches/CVE-2019-13057-3.patch: fix typo in | ||
974 | 1260 | tests/scripts/test028-idassert. | ||
975 | 1261 | + debian/patches/CVE-2019-13057-4.patch: fix typo in | ||
976 | 1262 | tests/scripts/test028-idassert. | ||
977 | 1263 | + CVE-2019-13057 | ||
978 | 1264 | [Fixed upstream] | ||
979 | 1265 | - SECURITY UPDATE: SASL SSF not initialized per connection | ||
980 | 1266 | + debian/patches/CVE-2019-13565.patch: zero out sasl_ssf in | ||
981 | 1267 | connection_init in servers/slapd/connection.c. | ||
982 | 1268 | + CVE-2019-13565 | ||
983 | 1269 | [Fixed upstream] | ||
984 | 1270 | |||
985 | 1271 | -- Andreas Hasenack <andreas@canonical.com> Wed, 31 Jul 2019 18:01:14 -0300 | ||
986 | 1272 | |||
987 | 454 | openldap (2.4.48+dfsg-1) unstable; urgency=medium | 1273 | openldap (2.4.48+dfsg-1) unstable; urgency=medium |
988 | 455 | 1274 | ||
989 | 456 | * New upstream release. | 1275 | * New upstream release. |
990 | @@ -478,6 +1297,87 @@ openldap (2.4.48+dfsg-1) unstable; urgency=medium | |||
991 | 478 | 1297 | ||
992 | 479 | -- Ryan Tandy <ryan@nardis.ca> Thu, 25 Jul 2019 08:32:00 -0700 | 1298 | -- Ryan Tandy <ryan@nardis.ca> Thu, 25 Jul 2019 08:32:00 -0700 |
993 | 480 | 1299 | ||
994 | 1300 | openldap (2.4.47+dfsg-3ubuntu3) eoan; urgency=medium | ||
995 | 1301 | |||
996 | 1302 | * SECURITY UPDATE: rootDN proxyauthz not restricted to its own databases | ||
997 | 1303 | - debian/patches/CVE-2019-13057-1.patch: add restriction to | ||
998 | 1304 | servers/slapd/saslauthz.c. | ||
999 | 1305 | - debian/patches/CVE-2019-13057-2.patch: add tests to | ||
1000 | 1306 | tests/data/idassert.out, tests/data/slapd-idassert.conf, | ||
1001 | 1307 | tests/data/test-idassert1.ldif, tests/scripts/test028-idassert. | ||
1002 | 1308 | - debian/patches/CVE-2019-13057-3.patch: fix typo in | ||
1003 | 1309 | tests/scripts/test028-idassert. | ||
1004 | 1310 | - debian/patches/CVE-2019-13057-4.patch: fix typo in | ||
1005 | 1311 | tests/scripts/test028-idassert. | ||
1006 | 1312 | - CVE-2019-13057 | ||
1007 | 1313 | * SECURITY UPDATE: SASL SSF not initialized per connection | ||
1008 | 1314 | - debian/patches/CVE-2019-13565.patch: zero out sasl_ssf in | ||
1009 | 1315 | connection_init in servers/slapd/connection.c. | ||
1010 | 1316 | - CVE-2019-13565 | ||
1011 | 1317 | |||
1012 | 1318 | -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 26 Jul 2019 13:21:00 -0400 | ||
1013 | 1319 | |||
1014 | 1320 | openldap (2.4.47+dfsg-3ubuntu2) disco; urgency=medium | ||
1015 | 1321 | |||
1016 | 1322 | * Fix sysv-generator unit file by customizing parameters (LP: #1821343) | ||
1017 | 1323 | - d/slapd-remain-after-exit.conf: Override RemainAfterExit to allow | ||
1018 | 1324 | correct systemctl status for slapd daemon. | ||
1019 | 1325 | - d/slapd.install: place override file in correct location. | ||
1020 | 1326 | |||
1021 | 1327 | -- Heitor Alves de Siqueira <halves@canonical.com> Mon, 08 Apr 2019 12:39:12 -0300 | ||
1022 | 1328 | |||
1023 | 1329 | openldap (2.4.47+dfsg-3ubuntu1) disco; urgency=medium | ||
1024 | 1330 | |||
1025 | 1331 | * Merge with Debian unstable. Remaining changes: | ||
1026 | 1332 | - Enable AppArmor support: | ||
1027 | 1333 | - d/apparmor-profile: add AppArmor profile | ||
1028 | 1334 | - d/rules: use dh_apparmor | ||
1029 | 1335 | - d/control: Build-Depends on dh-apparmor | ||
1030 | 1336 | - d/slapd.README.Debian: add note about AppArmor | ||
1031 | 1337 | - Enable GSSAPI support: | ||
1032 | 1338 | - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): | ||
1033 | 1339 | - Add --with-gssapi support | ||
1034 | 1340 | - Make guess_service_principal() more robust when determining | ||
1035 | 1341 | principal | ||
1036 | 1342 | - d/configure.options: Configure with --with-gssapi | ||
1037 | 1343 | - d/control: Added heimdal-dev as a build depend | ||
1038 | 1344 | - d/rules: | ||
1039 | 1345 | - Explicitly add -I/usr/include/heimdal to CFLAGS. | ||
1040 | 1346 | - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS. | ||
1041 | 1347 | - Enable ufw support: | ||
1042 | 1348 | - d/control: suggest ufw. | ||
1043 | 1349 | - d/rules: install ufw profile. | ||
1044 | 1350 | - d/slapd.ufw.profile: add ufw profile. | ||
1045 | 1351 | - Enable nss overlay: | ||
1046 | 1352 | - d/rules: | ||
1047 | 1353 | - add nssov to CONTRIB_MODULES | ||
1048 | 1354 | - add sysconfdir to CONTRIB_MAKEVARS | ||
1049 | 1355 | - d/slapd.install: | ||
1050 | 1356 | - install nssov overlay | ||
1051 | 1357 | - d/slapd.manpages: | ||
1052 | 1358 | - install slapo-nssov(5) man page | ||
1053 | 1359 | - d/{rules,slapd.py}: Add apport hook. | ||
1054 | 1360 | - d/slapd.init.ldif: don't set olcRootDN since it's not defined in | ||
1055 | 1361 | either the default DIT nor via an Authn mapping. | ||
1056 | 1362 | - d/slapd.scripts-common: | ||
1057 | 1363 | - add slapcat_opts to local variables. | ||
1058 | 1364 | - Fix backup directory naming for multiple reconfiguration. | ||
1059 | 1365 | - d/{slapd.default,slapd.README.Debian}: use the new configuration style. | ||
1060 | 1366 | - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support | ||
1061 | 1367 | in the openldap library, as required by Likewise-Open | ||
1062 | 1368 | - Show distribution in version: | ||
1063 | 1369 | - d/control: added lsb-release | ||
1064 | 1370 | - d/patches/fix-ldap-distribution.patch: show distribution in version | ||
1065 | 1371 | - d/libldap-2.4-2.symbols: Add symbols not present in Debian. | ||
1066 | 1372 | - CLDAP (UDP) was added in 2.4.17-1ubuntu2 | ||
1067 | 1373 | - GSSAPI support was enabled in 2.4.18-0ubuntu2 | ||
1068 | 1374 | * Added changes: | ||
1069 | 1375 | - d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding | ||
1070 | 1376 | Debian bug #919136, we also have to patch the nssov makefile | ||
1071 | 1377 | accordingly and thus update this patch. | ||
1072 | 1378 | |||
1073 | 1379 | -- Andreas Hasenack <andreas@canonical.com> Mon, 11 Feb 2019 09:20:47 -0200 | ||
1074 | 1380 | |||
1075 | 481 | openldap (2.4.47+dfsg-3) unstable; urgency=medium | 1381 | openldap (2.4.47+dfsg-3) unstable; urgency=medium |
1076 | 482 | 1382 | ||
1077 | 483 | * Restore patches to contrib Makefiles to set CFLAGS, CPPFLAGS, and LDFLAGS | 1383 | * Restore patches to contrib Makefiles to set CFLAGS, CPPFLAGS, and LDFLAGS |
1078 | @@ -493,6 +1393,63 @@ openldap (2.4.47+dfsg-3) unstable; urgency=medium | |||
1079 | 493 | 1393 | ||
1080 | 494 | -- Ryan Tandy <ryan@nardis.ca> Sat, 02 Feb 2019 10:30:10 -0800 | 1394 | -- Ryan Tandy <ryan@nardis.ca> Sat, 02 Feb 2019 10:30:10 -0800 |
1081 | 495 | 1395 | ||
1082 | 1396 | openldap (2.4.47+dfsg-2ubuntu1) disco; urgency=medium | ||
1083 | 1397 | |||
1084 | 1398 | * Merge from Debian unstable (LP: #1811630). Remaining changes: | ||
1085 | 1399 | - Enable AppArmor support: | ||
1086 | 1400 | - d/apparmor-profile: add AppArmor profile | ||
1087 | 1401 | - d/rules: use dh_apparmor | ||
1088 | 1402 | - d/control: Build-Depends on dh-apparmor | ||
1089 | 1403 | - d/slapd.README.Debian: add note about AppArmor | ||
1090 | 1404 | - Enable GSSAPI support: | ||
1091 | 1405 | - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): | ||
1092 | 1406 | - Add --with-gssapi support | ||
1093 | 1407 | - Make guess_service_principal() more robust when determining | ||
1094 | 1408 | principal | ||
1095 | 1409 | - d/configure.options: Configure with --with-gssapi | ||
1096 | 1410 | - d/control: Added heimdal-dev as a build depend | ||
1097 | 1411 | - d/rules: | ||
1098 | 1412 | - Explicitly add -I/usr/include/heimdal to CFLAGS. | ||
1099 | 1413 | - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS. | ||
1100 | 1414 | - Enable ufw support: | ||
1101 | 1415 | - d/control: suggest ufw. | ||
1102 | 1416 | - d/rules: install ufw profile. | ||
1103 | 1417 | - d/slapd.ufw.profile: add ufw profile. | ||
1104 | 1418 | - Enable nss overlay: | ||
1105 | 1419 | - d/rules: | ||
1106 | 1420 | - add nssov to CONTRIB_MODULES | ||
1107 | 1421 | - add sysconfdir to CONTRIB_MAKEVARS | ||
1108 | 1422 | - d/slapd.install: | ||
1109 | 1423 | - install nssov overlay | ||
1110 | 1424 | - d/slapd.manpages: | ||
1111 | 1425 | - install slapo-nssov(5) man page | ||
1112 | 1426 | - d/{rules,slapd.py}: Add apport hook. | ||
1113 | 1427 | - d/slapd.init.ldif: don't set olcRootDN since it's not defined in | ||
1114 | 1428 | either the default DIT nor via an Authn mapping. | ||
1115 | 1429 | - d/slapd.scripts-common: | ||
1116 | 1430 | - add slapcat_opts to local variables. | ||
1117 | 1431 | - Fix backup directory naming for multiple reconfiguration. | ||
1118 | 1432 | - d/{slapd.default,slapd.README.Debian}: use the new configuration style. | ||
1119 | 1433 | - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support | ||
1120 | 1434 | in the openldap library, as required by Likewise-Open | ||
1121 | 1435 | - Show distribution in version: | ||
1122 | 1436 | - d/control: added lsb-release | ||
1123 | 1437 | - d/patches/fix-ldap-distribution.patch: show distribution in version | ||
1124 | 1438 | - d/libldap-2.4-2.symbols: Add symbols not present in Debian. | ||
1125 | 1439 | - CLDAP (UDP) was added in 2.4.17-1ubuntu2 | ||
1126 | 1440 | - GSSAPI support was enabled in 2.4.18-0ubuntu2 | ||
1127 | 1441 | * Update nssov build and packaging for Debian changes: | ||
1128 | 1442 | - Drop patch nssov-build | ||
1129 | 1443 | - d/rules: | ||
1130 | 1444 | - add nssov to CONTRIB_MODULES | ||
1131 | 1445 | - add sysconfdir to CONTRIB_MAKEVARS | ||
1132 | 1446 | - d/slapd.install: | ||
1133 | 1447 | - install nssov overlay | ||
1134 | 1448 | - d/slapd.manpages: | ||
1135 | 1449 | - install slapo-nssov(5) man page | ||
1136 | 1450 | |||
1137 | 1451 | -- Ryan Tandy <ryan@nardis.ca> Sun, 13 Jan 2019 04:47:09 +0000 | ||
1138 | 1452 | |||
1139 | 496 | openldap (2.4.47+dfsg-2) unstable; urgency=medium | 1453 | openldap (2.4.47+dfsg-2) unstable; urgency=medium |
1140 | 497 | 1454 | ||
1141 | 498 | * Reintroduce slapi-dev binary package. (Closes: #711469) | 1455 | * Reintroduce slapi-dev binary package. (Closes: #711469) |
1142 | @@ -530,6 +1487,63 @@ openldap (2.4.47+dfsg-1) unstable; urgency=medium | |||
1143 | 530 | 1487 | ||
1144 | 531 | -- Ryan Tandy <ryan@nardis.ca> Sun, 23 Dec 2018 12:50:40 -0800 | 1488 | -- Ryan Tandy <ryan@nardis.ca> Sun, 23 Dec 2018 12:50:40 -0800 |
1145 | 532 | 1489 | ||
1146 | 1490 | openldap (2.4.46+dfsg-5ubuntu3) disco; urgency=medium | ||
1147 | 1491 | |||
1148 | 1492 | * d/apparmor-profile: update apparmor profile to allow reading of | ||
1149 | 1493 | files needed when slapd is behaving as a kerberos/gssapi client | ||
1150 | 1494 | and acquiring its own ticket. (LP: #1783183) | ||
1151 | 1495 | |||
1152 | 1496 | -- Andreas Hasenack <andreas@canonical.com> Fri, 09 Nov 2018 21:29:51 -0200 | ||
1153 | 1497 | |||
1154 | 1498 | openldap (2.4.46+dfsg-5ubuntu2) disco; urgency=medium | ||
1155 | 1499 | |||
1156 | 1500 | * No-change rebuild for the perl 5.28 transition. | ||
1157 | 1501 | |||
1158 | 1502 | -- Adam Conrad <adconrad@ubuntu.com> Fri, 02 Nov 2018 18:14:37 -0600 | ||
1159 | 1503 | |||
1160 | 1504 | openldap (2.4.46+dfsg-5ubuntu1) cosmic; urgency=medium | ||
1161 | 1505 | |||
1162 | 1506 | * Merge from Debian unstable. Remaining changes: | ||
1163 | 1507 | - Enable AppArmor support: | ||
1164 | 1508 | - d/apparmor-profile: add AppArmor profile | ||
1165 | 1509 | - d/rules: use dh_apparmor | ||
1166 | 1510 | - d/control: Build-Depends on dh-apparmor | ||
1167 | 1511 | - d/slapd.README.Debian: add note about AppArmor | ||
1168 | 1512 | - Enable GSSAPI support: | ||
1169 | 1513 | - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): | ||
1170 | 1514 | - Add --with-gssapi support | ||
1171 | 1515 | - Make guess_service_principal() more robust when determining | ||
1172 | 1516 | principal | ||
1173 | 1517 | - d/configure.options: Configure with --with-gssapi | ||
1174 | 1518 | - d/control: Added heimdal-dev as a build depend | ||
1175 | 1519 | - d/rules: | ||
1176 | 1520 | - Explicitly add -I/usr/include/heimdal to CFLAGS. | ||
1177 | 1521 | - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS. | ||
1178 | 1522 | - Enable ufw support: | ||
1179 | 1523 | - d/control: suggest ufw. | ||
1180 | 1524 | - d/rules: install ufw profile. | ||
1181 | 1525 | - d/slapd.ufw.profile: add ufw profile. | ||
1182 | 1526 | - Enable nss overlay: | ||
1183 | 1527 | - d/{patches/nssov-build,rules}: Apply, build and package the | ||
1184 | 1528 | nss overlay. | ||
1185 | 1529 | - d/{rules,slapd.py}: Add apport hook. | ||
1186 | 1530 | - d/slapd.init.ldif: don't set olcRootDN since it's not defined in | ||
1187 | 1531 | either the default DIT nor via an Authn mapping. | ||
1188 | 1532 | - d/slapd.scripts-common: | ||
1189 | 1533 | - add slapcat_opts to local variables. | ||
1190 | 1534 | - Fix backup directory naming for multiple reconfiguration. | ||
1191 | 1535 | - d/{slapd.default,slapd.README.Debian}: use the new configuration style. | ||
1192 | 1536 | - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support | ||
1193 | 1537 | in the openldap library, as required by Likewise-Open | ||
1194 | 1538 | - Show distribution in version: | ||
1195 | 1539 | - d/control: added lsb-release | ||
1196 | 1540 | - d/patches/fix-ldap-distribution.patch: show distribution in version | ||
1197 | 1541 | - d/libldap-2.4-2.symbols: Add symbols not present in Debian. | ||
1198 | 1542 | - CLDAP (UDP) was added in 2.4.17-1ubuntu2 | ||
1199 | 1543 | - GSSAPI support was enabled in 2.4.18-0ubuntu2 | ||
1200 | 1544 | |||
1201 | 1545 | -- Gianfranco Costamagna <locutusofborg@debian.org> Wed, 09 May 2018 13:44:37 +0200 | ||
1202 | 1546 | |||
1203 | 533 | openldap (2.4.46+dfsg-5) unstable; urgency=medium | 1547 | openldap (2.4.46+dfsg-5) unstable; urgency=medium |
1204 | 534 | 1548 | ||
1205 | 535 | * Restore slapd-smbk5pwd now that libldap is installable in unstable. | 1549 | * Restore slapd-smbk5pwd now that libldap is installable in unstable. |
1206 | @@ -549,6 +1563,49 @@ openldap (2.4.46+dfsg-3) unstable; urgency=medium | |||
1207 | 549 | 1563 | ||
1208 | 550 | -- Ryan Tandy <ryan@nardis.ca> Fri, 04 May 2018 07:36:58 -0700 | 1564 | -- Ryan Tandy <ryan@nardis.ca> Fri, 04 May 2018 07:36:58 -0700 |
1209 | 551 | 1565 | ||
1210 | 1566 | openldap (2.4.46+dfsg-2ubuntu1) cosmic; urgency=low | ||
1211 | 1567 | |||
1212 | 1568 | * Merge from Debian unstable. Remaining changes: | ||
1213 | 1569 | - Enable AppArmor support: | ||
1214 | 1570 | - d/apparmor-profile: add AppArmor profile | ||
1215 | 1571 | - d/rules: use dh_apparmor | ||
1216 | 1572 | - d/control: Build-Depends on dh-apparmor | ||
1217 | 1573 | - d/slapd.README.Debian: add note about AppArmor | ||
1218 | 1574 | - Enable GSSAPI support: | ||
1219 | 1575 | - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): | ||
1220 | 1576 | - Add --with-gssapi support | ||
1221 | 1577 | - Make guess_service_principal() more robust when determining | ||
1222 | 1578 | principal | ||
1223 | 1579 | - d/configure.options: Configure with --with-gssapi | ||
1224 | 1580 | - d/control: Added heimdal-dev as a build depend | ||
1225 | 1581 | - d/rules: | ||
1226 | 1582 | - Explicitly add -I/usr/include/heimdal to CFLAGS. | ||
1227 | 1583 | - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS. | ||
1228 | 1584 | - Enable ufw support: | ||
1229 | 1585 | - d/control: suggest ufw. | ||
1230 | 1586 | - d/rules: install ufw profile. | ||
1231 | 1587 | - d/slapd.ufw.profile: add ufw profile. | ||
1232 | 1588 | - Enable nss overlay: | ||
1233 | 1589 | - d/{patches/nssov-build,rules}: Apply, build and package the | ||
1234 | 1590 | nss overlay. | ||
1235 | 1591 | - d/{rules,slapd.py}: Add apport hook. | ||
1236 | 1592 | - d/slapd.init.ldif: don't set olcRootDN since it's not defined in | ||
1237 | 1593 | either the default DIT nor via an Authn mapping. | ||
1238 | 1594 | - d/slapd.scripts-common: | ||
1239 | 1595 | - add slapcat_opts to local variables. | ||
1240 | 1596 | - Fix backup directory naming for multiple reconfiguration. | ||
1241 | 1597 | - d/{slapd.default,slapd.README.Debian}: use the new configuration style. | ||
1242 | 1598 | - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support | ||
1243 | 1599 | in the openldap library, as required by Likewise-Open | ||
1244 | 1600 | - Show distribution in version: | ||
1245 | 1601 | - d/control: added lsb-release | ||
1246 | 1602 | - d/patches/fix-ldap-distribution.patch: show distribution in version | ||
1247 | 1603 | - d/libldap-2.4-2.symbols: Add symbols not present in Debian. | ||
1248 | 1604 | - CLDAP (UDP) was added in 2.4.17-1ubuntu2 | ||
1249 | 1605 | - GSSAPI support was enabled in 2.4.18-0ubuntu2 | ||
1250 | 1606 | |||
1251 | 1607 | -- Gianfranco Costamagna <locutusofborg@debian.org> Fri, 04 May 2018 10:19:24 +0200 | ||
1252 | 1608 | |||
1253 | 552 | openldap (2.4.46+dfsg-2) unstable; urgency=medium | 1609 | openldap (2.4.46+dfsg-2) unstable; urgency=medium |
1254 | 553 | 1610 | ||
1255 | 554 | * Remove version constraint from libldap-2.4-2 dependency on libldap-common. | 1611 | * Remove version constraint from libldap-2.4-2 dependency on libldap-common. |
1256 | @@ -578,6 +1635,49 @@ openldap (2.4.46+dfsg-1) unstable; urgency=medium | |||
1257 | 578 | 1635 | ||
1258 | 579 | -- Ryan Tandy <ryan@nardis.ca> Thu, 03 May 2018 07:03:30 -0700 | 1636 | -- Ryan Tandy <ryan@nardis.ca> Thu, 03 May 2018 07:03:30 -0700 |
1259 | 580 | 1637 | ||
1260 | 1638 | openldap (2.4.45+dfsg-1ubuntu1) artful; urgency=low | ||
1261 | 1639 | |||
1262 | 1640 | * Merge from Debian unstable. Remaining changes: | ||
1263 | 1641 | - Enable AppArmor support: | ||
1264 | 1642 | - d/apparmor-profile: add AppArmor profile | ||
1265 | 1643 | - d/rules: use dh_apparmor | ||
1266 | 1644 | - d/control: Build-Depends on dh-apparmor | ||
1267 | 1645 | - d/slapd.README.Debian: add note about AppArmor | ||
1268 | 1646 | - Enable GSSAPI support: | ||
1269 | 1647 | - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): | ||
1270 | 1648 | - Add --with-gssapi support | ||
1271 | 1649 | - Make guess_service_principal() more robust when determining | ||
1272 | 1650 | principal | ||
1273 | 1651 | - d/configure.options: Configure with --with-gssapi | ||
1274 | 1652 | - d/control: Added heimdal-dev as a build depend | ||
1275 | 1653 | - d/rules: | ||
1276 | 1654 | - Explicitly add -I/usr/include/heimdal to CFLAGS. | ||
1277 | 1655 | - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS. | ||
1278 | 1656 | - Enable ufw support: | ||
1279 | 1657 | - d/control: suggest ufw. | ||
1280 | 1658 | - d/rules: install ufw profile. | ||
1281 | 1659 | - d/slapd.ufw.profile: add ufw profile. | ||
1282 | 1660 | - Enable nss overlay: | ||
1283 | 1661 | - d/{patches/nssov-build,rules}: Apply, build and package the | ||
1284 | 1662 | nss overlay. | ||
1285 | 1663 | - d/{rules,slapd.py}: Add apport hook. | ||
1286 | 1664 | - d/slapd.init.ldif: don't set olcRootDN since it's not defined in | ||
1287 | 1665 | either the default DIT nor via an Authn mapping. | ||
1288 | 1666 | - d/slapd.scripts-common: | ||
1289 | 1667 | - add slapcat_opts to local variables. | ||
1290 | 1668 | - Fix backup directory naming for multiple reconfiguration. | ||
1291 | 1669 | - d/{slapd.default,slapd.README.Debian}: use the new configuration style. | ||
1292 | 1670 | - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support | ||
1293 | 1671 | in the openldap library, as required by Likewise-Open | ||
1294 | 1672 | - Show distribution in version: | ||
1295 | 1673 | - d/control: added lsb-release | ||
1296 | 1674 | - d/patches/fix-ldap-distribution.patch: show distribution in version | ||
1297 | 1675 | - d/libldap-2.4-2.symbols: Add symbols not present in Debian. | ||
1298 | 1676 | - CLDAP (UDP) was added in 2.4.17-1ubuntu2 | ||
1299 | 1677 | - GSSAPI support was enabled in 2.4.18-0ubuntu2 | ||
1300 | 1678 | |||
1301 | 1679 | -- Gianfranco Costamagna <locutusofborg@debian.org> Fri, 28 Jul 2017 14:49:07 +0200 | ||
1302 | 1680 | |||
1303 | 581 | openldap (2.4.45+dfsg-1) unstable; urgency=medium | 1681 | openldap (2.4.45+dfsg-1) unstable; urgency=medium |
1304 | 582 | 1682 | ||
1305 | 583 | * New upstream release. | 1683 | * New upstream release. |
1306 | @@ -619,6 +1719,49 @@ openldap (2.4.45+dfsg-1) unstable; urgency=medium | |||
1307 | 619 | 1719 | ||
1308 | 620 | -- Ryan Tandy <ryan@nardis.ca> Thu, 27 Jul 2017 18:04:41 -0700 | 1720 | -- Ryan Tandy <ryan@nardis.ca> Thu, 27 Jul 2017 18:04:41 -0700 |
1309 | 621 | 1721 | ||
1310 | 1722 | openldap (2.4.44+dfsg-8ubuntu1) artful; urgency=low | ||
1311 | 1723 | |||
1312 | 1724 | * Merge from Debian unstable. Remaining changes: | ||
1313 | 1725 | - Enable AppArmor support: | ||
1314 | 1726 | - d/apparmor-profile: add AppArmor profile | ||
1315 | 1727 | - d/rules: use dh_apparmor | ||
1316 | 1728 | - d/control: Build-Depends on dh-apparmor | ||
1317 | 1729 | - d/slapd.README.Debian: add note about AppArmor | ||
1318 | 1730 | - Enable GSSAPI support: | ||
1319 | 1731 | - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): | ||
1320 | 1732 | - Add --with-gssapi support | ||
1321 | 1733 | - Make guess_service_principal() more robust when determining | ||
1322 | 1734 | principal | ||
1323 | 1735 | - d/configure.options: Configure with --with-gssapi | ||
1324 | 1736 | - d/control: Added heimdal-dev as a build depend | ||
1325 | 1737 | - d/rules: | ||
1326 | 1738 | - Explicitly add -I/usr/include/heimdal to CFLAGS. | ||
1327 | 1739 | - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS. | ||
1328 | 1740 | - Enable ufw support: | ||
1329 | 1741 | - d/control: suggest ufw. | ||
1330 | 1742 | - d/rules: install ufw profile. | ||
1331 | 1743 | - d/slapd.ufw.profile: add ufw profile. | ||
1332 | 1744 | - Enable nss overlay: | ||
1333 | 1745 | - d/{patches/nssov-build,rules}: Apply, build and package the | ||
1334 | 1746 | nss overlay. | ||
1335 | 1747 | - d/{rules,slapd.py}: Add apport hook. | ||
1336 | 1748 | - d/slapd.init.ldif: don't set olcRootDN since it's not defined in | ||
1337 | 1749 | either the default DIT nor via an Authn mapping. | ||
1338 | 1750 | - d/slapd.scripts-common: | ||
1339 | 1751 | - add slapcat_opts to local variables. | ||
1340 | 1752 | - Fix backup directory naming for multiple reconfiguration. | ||
1341 | 1753 | - d/{slapd.default,slapd.README.Debian}: use the new configuration style. | ||
1342 | 1754 | - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support | ||
1343 | 1755 | in the openldap library, as required by Likewise-Open | ||
1344 | 1756 | - Show distribution in version: | ||
1345 | 1757 | - d/control: added lsb-release | ||
1346 | 1758 | - d/patches/fix-ldap-distribution.patch: show distribution in version | ||
1347 | 1759 | - d/libldap-2.4-2.symbols: Add symbols not present in Debian. | ||
1348 | 1760 | - CLDAP (UDP) was added in 2.4.17-1ubuntu2 | ||
1349 | 1761 | - GSSAPI support was enabled in 2.4.18-0ubuntu2 | ||
1350 | 1762 | |||
1351 | 1763 | -- Gianfranco Costamagna <locutusofborg@debian.org> Mon, 17 Jul 2017 10:58:24 +0200 | ||
1352 | 1764 | |||
1353 | 622 | openldap (2.4.44+dfsg-8) unstable; urgency=medium | 1765 | openldap (2.4.44+dfsg-8) unstable; urgency=medium |
1354 | 623 | 1766 | ||
1355 | 624 | * Disable test060-mt-hot on ppc64el temporarily to avoid failing tests until | 1767 | * Disable test060-mt-hot on ppc64el temporarily to avoid failing tests until |
1356 | @@ -629,6 +1772,52 @@ openldap (2.4.44+dfsg-8) unstable; urgency=medium | |||
1357 | 629 | 1772 | ||
1358 | 630 | -- Ryan Tandy <ryan@nardis.ca> Sun, 16 Jul 2017 12:57:41 -0700 | 1773 | -- Ryan Tandy <ryan@nardis.ca> Sun, 16 Jul 2017 12:57:41 -0700 |
1359 | 631 | 1774 | ||
1360 | 1775 | openldap (2.4.44+dfsg-7ubuntu1) artful; urgency=medium | ||
1361 | 1776 | |||
1362 | 1777 | * Merge from Debian unstable. Remaining changes: | ||
1363 | 1778 | - Enable AppArmor support: | ||
1364 | 1779 | - d/apparmor-profile: add AppArmor profile | ||
1365 | 1780 | - d/rules: use dh_apparmor | ||
1366 | 1781 | - d/control: Build-Depends on dh-apparmor | ||
1367 | 1782 | - d/slapd.README.Debian: add note about AppArmor | ||
1368 | 1783 | - Enable GSSAPI support: | ||
1369 | 1784 | - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): | ||
1370 | 1785 | - Add --with-gssapi support | ||
1371 | 1786 | - Make guess_service_principal() more robust when determining | ||
1372 | 1787 | principal | ||
1373 | 1788 | - d/configure.options: Configure with --with-gssapi | ||
1374 | 1789 | - d/control: Added heimdal-dev as a build depend | ||
1375 | 1790 | - d/rules: | ||
1376 | 1791 | - Explicitly add -I/usr/include/heimdal to CFLAGS. | ||
1377 | 1792 | - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS. | ||
1378 | 1793 | - Enable ufw support: | ||
1379 | 1794 | - d/control: suggest ufw. | ||
1380 | 1795 | - d/rules: install ufw profile. | ||
1381 | 1796 | - d/slapd.ufw.profile: add ufw profile. | ||
1382 | 1797 | - Enable nss overlay: | ||
1383 | 1798 | - d/{patches/nssov-build,rules}: Apply, build and package the | ||
1384 | 1799 | nss overlay. | ||
1385 | 1800 | - d/{rules,slapd.py}: Add apport hook. | ||
1386 | 1801 | [ d/rules modification mentioned above was dropped in | ||
1387 | 1802 | 2.4.23-6ubuntu1, re-adding it ] | ||
1388 | 1803 | - d/slapd.init.ldif: don't set olcRootDN since it's not defined in | ||
1389 | 1804 | either the default DIT nor via an Authn mapping. | ||
1390 | 1805 | - d/slapd.scripts-common: | ||
1391 | 1806 | - add slapcat_opts to local variables. | ||
1392 | 1807 | - Fix backup directory naming for multiple reconfiguration. | ||
1393 | 1808 | - d/{slapd.default,slapd.README.Debian}: use the new configuration style. | ||
1394 | 1809 | - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support | ||
1395 | 1810 | in the openldap library, as required by Likewise-Open | ||
1396 | 1811 | - Show distribution in version: | ||
1397 | 1812 | - d/control: added lsb-release | ||
1398 | 1813 | - d/patches/fix-ldap-distribution.patch: show distribution in version | ||
1399 | 1814 | [ Refreshed patch ] | ||
1400 | 1815 | - d/libldap-2.4-2.symbols: Add symbols not present in Debian. | ||
1401 | 1816 | - CLDAP (UDP) was added in 2.4.17-1ubuntu2 | ||
1402 | 1817 | - GSSAPI support was enabled in 2.4.18-0ubuntu2 | ||
1403 | 1818 | |||
1404 | 1819 | -- Gianfranco Costamagna <locutusofborg@debian.org> Tue, 27 Jun 2017 10:21:41 +0200 | ||
1405 | 1820 | |||
1406 | 632 | openldap (2.4.44+dfsg-7) unstable; urgency=medium | 1821 | openldap (2.4.44+dfsg-7) unstable; urgency=medium |
1407 | 633 | 1822 | ||
1408 | 634 | * Relax the dependency of libldap-2.4-2 on libldap-common to also permit | 1823 | * Relax the dependency of libldap-2.4-2 on libldap-common to also permit |
1409 | @@ -636,6 +1825,52 @@ openldap (2.4.44+dfsg-7) unstable; urgency=medium | |||
1410 | 636 | 1825 | ||
1411 | 637 | -- Ryan Tandy <ryan@nardis.ca> Tue, 27 Jun 2017 18:53:12 -0700 | 1826 | -- Ryan Tandy <ryan@nardis.ca> Tue, 27 Jun 2017 18:53:12 -0700 |
1412 | 638 | 1827 | ||
1413 | 1828 | openldap (2.4.44+dfsg-6ubuntu1) artful; urgency=medium | ||
1414 | 1829 | |||
1415 | 1830 | * Merge from Debian unstable. Remaining changes: | ||
1416 | 1831 | - Enable AppArmor support: | ||
1417 | 1832 | - d/apparmor-profile: add AppArmor profile | ||
1418 | 1833 | - d/rules: use dh_apparmor | ||
1419 | 1834 | - d/control: Build-Depends on dh-apparmor | ||
1420 | 1835 | - d/slapd.README.Debian: add note about AppArmor | ||
1421 | 1836 | - Enable GSSAPI support: | ||
1422 | 1837 | - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): | ||
1423 | 1838 | - Add --with-gssapi support | ||
1424 | 1839 | - Make guess_service_principal() more robust when determining | ||
1425 | 1840 | principal | ||
1426 | 1841 | - d/configure.options: Configure with --with-gssapi | ||
1427 | 1842 | - d/control: Added heimdal-dev as a build depend | ||
1428 | 1843 | - d/rules: | ||
1429 | 1844 | - Explicitly add -I/usr/include/heimdal to CFLAGS. | ||
1430 | 1845 | - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS. | ||
1431 | 1846 | - Enable ufw support: | ||
1432 | 1847 | - d/control: suggest ufw. | ||
1433 | 1848 | - d/rules: install ufw profile. | ||
1434 | 1849 | - d/slapd.ufw.profile: add ufw profile. | ||
1435 | 1850 | - Enable nss overlay: | ||
1436 | 1851 | - d/{patches/nssov-build,rules}: Apply, build and package the | ||
1437 | 1852 | nss overlay. | ||
1438 | 1853 | - d/{rules,slapd.py}: Add apport hook. | ||
1439 | 1854 | [ d/rules modification mentioned above was dropped in | ||
1440 | 1855 | 2.4.23-6ubuntu1, re-adding it ] | ||
1441 | 1856 | - d/slapd.init.ldif: don't set olcRootDN since it's not defined in | ||
1442 | 1857 | either the default DIT nor via an Authn mapping. | ||
1443 | 1858 | - d/slapd.scripts-common: | ||
1444 | 1859 | - add slapcat_opts to local variables. | ||
1445 | 1860 | - Fix backup directory naming for multiple reconfiguration. | ||
1446 | 1861 | - d/{slapd.default,slapd.README.Debian}: use the new configuration style. | ||
1447 | 1862 | - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support | ||
1448 | 1863 | in the openldap library, as required by Likewise-Open | ||
1449 | 1864 | - Show distribution in version: | ||
1450 | 1865 | - d/control: added lsb-release | ||
1451 | 1866 | - d/patches/fix-ldap-distribution.patch: show distribution in version | ||
1452 | 1867 | [ Refreshed patch ] | ||
1453 | 1868 | - d/libldap-2.4-2.symbols: Add symbols not present in Debian. | ||
1454 | 1869 | - CLDAP (UDP) was added in 2.4.17-1ubuntu2 | ||
1455 | 1870 | - GSSAPI support was enabled in 2.4.18-0ubuntu2 | ||
1456 | 1871 | |||
1457 | 1872 | -- Gianfranco Costamagna <locutusofborg@debian.org> Tue, 27 Jun 2017 10:21:41 +0200 | ||
1458 | 1873 | |||
1459 | 639 | openldap (2.4.44+dfsg-6) unstable; urgency=medium | 1874 | openldap (2.4.44+dfsg-6) unstable; urgency=medium |
1460 | 640 | 1875 | ||
1461 | 641 | * Update the list of non-translatable strings for the | 1876 | * Update the list of non-translatable strings for the |
1462 | @@ -644,6 +1879,54 @@ openldap (2.4.44+dfsg-6) unstable; urgency=medium | |||
1463 | 644 | 1879 | ||
1464 | 645 | -- Ryan Tandy <ryan@nardis.ca> Mon, 26 Jun 2017 19:42:02 -0700 | 1880 | -- Ryan Tandy <ryan@nardis.ca> Mon, 26 Jun 2017 19:42:02 -0700 |
1465 | 646 | 1881 | ||
1466 | 1882 | openldap (2.4.44+dfsg-5ubuntu1) artful; urgency=medium | ||
1467 | 1883 | |||
1468 | 1884 | * Merge from Debian unstable. Remaining changes: | ||
1469 | 1885 | - Enable AppArmor support: | ||
1470 | 1886 | - d/apparmor-profile: add AppArmor profile | ||
1471 | 1887 | - d/rules: use dh_apparmor | ||
1472 | 1888 | - d/control: Build-Depends on dh-apparmor | ||
1473 | 1889 | - d/slapd.README.Debian: add note about AppArmor | ||
1474 | 1890 | - Enable GSSAPI support: | ||
1475 | 1891 | - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): | ||
1476 | 1892 | - Add --with-gssapi support | ||
1477 | 1893 | - Make guess_service_principal() more robust when determining | ||
1478 | 1894 | principal | ||
1479 | 1895 | - d/configure.options: Configure with --with-gssapi | ||
1480 | 1896 | - d/control: Added heimdal-dev as a build depend | ||
1481 | 1897 | - d/rules: | ||
1482 | 1898 | - Explicitly add -I/usr/include/heimdal to CFLAGS. | ||
1483 | 1899 | - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS. | ||
1484 | 1900 | - Enable ufw support: | ||
1485 | 1901 | - d/control: suggest ufw. | ||
1486 | 1902 | - d/rules: install ufw profile. | ||
1487 | 1903 | - d/slapd.ufw.profile: add ufw profile. | ||
1488 | 1904 | - Enable nss overlay: | ||
1489 | 1905 | - d/{patches/nssov-build,rules}: Apply, build and package the | ||
1490 | 1906 | nss overlay. | ||
1491 | 1907 | - d/{rules,slapd.py}: Add apport hook. | ||
1492 | 1908 | [ d/rules modification mentioned above was dropped in | ||
1493 | 1909 | 2.4.23-6ubuntu1, re-adding it ] | ||
1494 | 1910 | - d/slapd.init.ldif: don't set olcRootDN since it's not defined in | ||
1495 | 1911 | either the default DIT nor via an Authn mapping. | ||
1496 | 1912 | - d/slapd.scripts-common: | ||
1497 | 1913 | - add slapcat_opts to local variables. | ||
1498 | 1914 | - Fix backup directory naming for multiple reconfiguration. | ||
1499 | 1915 | - d/{slapd.default,slapd.README.Debian}: use the new configuration style. | ||
1500 | 1916 | - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support | ||
1501 | 1917 | in the openldap library, as required by Likewise-Open | ||
1502 | 1918 | - Show distribution in version: | ||
1503 | 1919 | - d/control: added lsb-release | ||
1504 | 1920 | - d/patches/fix-ldap-distribution.patch: show distribution in version | ||
1505 | 1921 | [ Refreshed patch ] | ||
1506 | 1922 | - d/libldap-2.4-2.symbols: Add symbols not present in Debian. | ||
1507 | 1923 | - CLDAP (UDP) was added in 2.4.17-1ubuntu2 | ||
1508 | 1924 | - GSSAPI support was enabled in 2.4.18-0ubuntu2 | ||
1509 | 1925 | [ undocumented in prior merge, added in 2.4.41+dfsg-1ubuntu1 ] | ||
1510 | 1926 | - Fix use after free with GnuTLS. (LP #1557248) | ||
1511 | 1927 | |||
1512 | 1928 | -- Gianfranco Costamagna <locutusofborg@debian.org> Sun, 28 May 2017 22:43:50 +0200 | ||
1513 | 1929 | |||
1514 | 647 | openldap (2.4.44+dfsg-5) unstable; urgency=medium | 1930 | openldap (2.4.44+dfsg-5) unstable; urgency=medium |
1515 | 648 | 1931 | ||
1516 | 649 | * debian/patches/ITS-8644-wait-for-slapd-to-start-in-test064.patch: Fix an | 1932 | * debian/patches/ITS-8644-wait-for-slapd-to-start-in-test064.patch: Fix an |
1517 | @@ -655,6 +1938,54 @@ openldap (2.4.44+dfsg-5) unstable; urgency=medium | |||
1518 | 655 | 1938 | ||
1519 | 656 | -- Ryan Tandy <ryan@nardis.ca> Sun, 28 May 2017 09:59:46 -0700 | 1939 | -- Ryan Tandy <ryan@nardis.ca> Sun, 28 May 2017 09:59:46 -0700 |
1520 | 657 | 1940 | ||
1521 | 1941 | openldap (2.4.44+dfsg-4ubuntu1) artful; urgency=low | ||
1522 | 1942 | |||
1523 | 1943 | * Merge from Debian unstable. Remaining changes: | ||
1524 | 1944 | - Enable AppArmor support: | ||
1525 | 1945 | - d/apparmor-profile: add AppArmor profile | ||
1526 | 1946 | - d/rules: use dh_apparmor | ||
1527 | 1947 | - d/control: Build-Depends on dh-apparmor | ||
1528 | 1948 | - d/slapd.README.Debian: add note about AppArmor | ||
1529 | 1949 | - Enable GSSAPI support: | ||
1530 | 1950 | - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): | ||
1531 | 1951 | - Add --with-gssapi support | ||
1532 | 1952 | - Make guess_service_principal() more robust when determining | ||
1533 | 1953 | principal | ||
1534 | 1954 | - d/configure.options: Configure with --with-gssapi | ||
1535 | 1955 | - d/control: Added heimdal-dev as a build depend | ||
1536 | 1956 | - d/rules: | ||
1537 | 1957 | - Explicitly add -I/usr/include/heimdal to CFLAGS. | ||
1538 | 1958 | - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS. | ||
1539 | 1959 | - Enable ufw support: | ||
1540 | 1960 | - d/control: suggest ufw. | ||
1541 | 1961 | - d/rules: install ufw profile. | ||
1542 | 1962 | - d/slapd.ufw.profile: add ufw profile. | ||
1543 | 1963 | - Enable nss overlay: | ||
1544 | 1964 | - d/{patches/nssov-build,rules}: Apply, build and package the | ||
1545 | 1965 | nss overlay. | ||
1546 | 1966 | - d/{rules,slapd.py}: Add apport hook. | ||
1547 | 1967 | [ d/rules modification mentioned above was dropped in | ||
1548 | 1968 | 2.4.23-6ubuntu1, re-adding it ] | ||
1549 | 1969 | - d/slapd.init.ldif: don't set olcRootDN since it's not defined in | ||
1550 | 1970 | either the default DIT nor via an Authn mapping. | ||
1551 | 1971 | - d/slapd.scripts-common: | ||
1552 | 1972 | - add slapcat_opts to local variables. | ||
1553 | 1973 | - Fix backup directory naming for multiple reconfiguration. | ||
1554 | 1974 | - d/{slapd.default,slapd.README.Debian}: use the new configuration style. | ||
1555 | 1975 | - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support | ||
1556 | 1976 | in the openldap library, as required by Likewise-Open | ||
1557 | 1977 | - Show distribution in version: | ||
1558 | 1978 | - d/control: added lsb-release | ||
1559 | 1979 | - d/patches/fix-ldap-distribution.patch: show distribution in version | ||
1560 | 1980 | [ Refreshed patch ] | ||
1561 | 1981 | - d/libldap-2.4-2.symbols: Add symbols not present in Debian. | ||
1562 | 1982 | - CLDAP (UDP) was added in 2.4.17-1ubuntu2 | ||
1563 | 1983 | - GSSAPI support was enabled in 2.4.18-0ubuntu2 | ||
1564 | 1984 | [ undocumented in prior merge, added in 2.4.41+dfsg-1ubuntu1 ] | ||
1565 | 1985 | - Fix use after free with GnuTLS. (LP #1557248) | ||
1566 | 1986 | |||
1567 | 1987 | -- Gianfranco Costamagna <locutusofborg@debian.org> Sat, 22 Apr 2017 14:28:54 +0200 | ||
1568 | 1988 | |||
1569 | 658 | openldap (2.4.44+dfsg-4) unstable; urgency=medium | 1989 | openldap (2.4.44+dfsg-4) unstable; urgency=medium |
1570 | 659 | 1990 | ||
1571 | 660 | * Improve the slapd/ppolicy_schema_needs_update debconf template. Thanks to | 1991 | * Improve the slapd/ppolicy_schema_needs_update debconf template. Thanks to |
1572 | @@ -701,6 +2032,67 @@ openldap (2.4.44+dfsg-4) unstable; urgency=medium | |||
1573 | 701 | 2032 | ||
1574 | 702 | -- Ryan Tandy <ryan@nardis.ca> Sun, 16 Apr 2017 20:10:43 -0700 | 2033 | -- Ryan Tandy <ryan@nardis.ca> Sun, 16 Apr 2017 20:10:43 -0700 |
1575 | 703 | 2034 | ||
1576 | 2035 | openldap (2.4.44+dfsg-3ubuntu2) zesty; urgency=medium | ||
1577 | 2036 | |||
1578 | 2037 | * d/rules: Fix typo in previous upload. | ||
1579 | 2038 | |||
1580 | 2039 | -- Nishanth Aravamudan <nish.aravamudan@canonical.com> Fri, 10 Feb 2017 12:17:02 -0800 | ||
1581 | 2040 | |||
1582 | 2041 | openldap (2.4.44+dfsg-3ubuntu1) zesty; urgency=medium | ||
1583 | 2042 | |||
1584 | 2043 | * Merge with Debian unstable (LP: #1663702, LP: #1654416). Remaining | ||
1585 | 2044 | changes | ||
1586 | 2045 | - Enable AppArmor support: | ||
1587 | 2046 | - d/apparmor-profile: add AppArmor profile | ||
1588 | 2047 | - d/rules: use dh_apparmor | ||
1589 | 2048 | - d/control: Build-Depends on dh-apparmor | ||
1590 | 2049 | - d/slapd.README.Debian: add note about AppArmor | ||
1591 | 2050 | - Enable GSSAPI support: | ||
1592 | 2051 | - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): | ||
1593 | 2052 | - Add --with-gssapi support | ||
1594 | 2053 | - Make guess_service_principal() more robust when determining | ||
1595 | 2054 | principal | ||
1596 | 2055 | - d/configure.options: Configure with --with-gssapi | ||
1597 | 2056 | - d/control: Added heimdal-dev as a build depend | ||
1598 | 2057 | - d/rules: | ||
1599 | 2058 | - Explicitly add -I/usr/include/heimdal to CFLAGS. | ||
1600 | 2059 | - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS. | ||
1601 | 2060 | - Enable ufw support: | ||
1602 | 2061 | - d/control: suggest ufw. | ||
1603 | 2062 | - d/rules: install ufw profile. | ||
1604 | 2063 | - d/slapd.ufw.profile: add ufw profile. | ||
1605 | 2064 | - Enable nss overlay: | ||
1606 | 2065 | - d/{patches/nssov-build,rules}: Apply, build and package the | ||
1607 | 2066 | nss overlay. | ||
1608 | 2067 | - d/{rules,slapd.py}: Add apport hook. | ||
1609 | 2068 | [ d/rules modification mentioned above was dropped in | ||
1610 | 2069 | 2.4.23-6ubuntu1, re-adding it ] | ||
1611 | 2070 | - d/slapd.init.ldif: don't set olcRootDN since it's not defined in | ||
1612 | 2071 | either the default DIT nor via an Authn mapping. | ||
1613 | 2072 | - d/slapd.scripts-common: | ||
1614 | 2073 | - add slapcat_opts to local variables. | ||
1615 | 2074 | - Fix backup directory naming for multiple reconfiguration. | ||
1616 | 2075 | - d/{slapd.default,slapd.README.Debian}: use the new configuration style. | ||
1617 | 2076 | - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support | ||
1618 | 2077 | in the openldap library, as required by Likewise-Open | ||
1619 | 2078 | - Show distribution in version: | ||
1620 | 2079 | - d/control: added lsb-release | ||
1621 | 2080 | - d/patches/fix-ldap-distribution.patch: show distribution in version | ||
1622 | 2081 | [ Refreshed patch ] | ||
1623 | 2082 | - d/libldap-2.4-2.symbols: Add symbols not present in Debian. | ||
1624 | 2083 | - CLDAP (UDP) was added in 2.4.17-1ubuntu2 | ||
1625 | 2084 | - GSSAPI support was enabled in 2.4.18-0ubuntu2 | ||
1626 | 2085 | [ undocumented in prior merge, added in 2.4.41+dfsg-1ubuntu1 ] | ||
1627 | 2086 | - Fix use after free with GnuTLS. (LP #1557248) | ||
1628 | 2087 | * Drop: | ||
1629 | 2088 | - d/slapd.scripts-common: | ||
1630 | 2089 | + Remove unused variable new_conf. | ||
1631 | 2090 | [ configure_v2_protocol_support function removed in 2.4.44+dfsg-1 ] | ||
1632 | 2091 | - d/b/config.log: add config.log | ||
1633 | 2092 | [ previously undocumented, stray change ] | ||
1634 | 2093 | |||
1635 | 2094 | -- Nishanth Aravamudan <nish.aravamudan@canonical.com> Fri, 10 Feb 2017 11:38:57 -0800 | ||
1636 | 2095 | |||
1637 | 704 | openldap (2.4.44+dfsg-3) unstable; urgency=medium | 2096 | openldap (2.4.44+dfsg-3) unstable; urgency=medium |
1638 | 705 | 2097 | ||
1639 | 706 | * Apply upstream patch to fix FTBFS on kFreeBSD. (Closes: #845394) | 2098 | * Apply upstream patch to fix FTBFS on kFreeBSD. (Closes: #845394) |
1640 | @@ -773,6 +2165,73 @@ openldap (2.4.44+dfsg-1) unstable; urgency=medium | |||
1641 | 773 | 2165 | ||
1642 | 774 | -- Ryan Tandy <ryan@nardis.ca> Mon, 14 Nov 2016 18:59:30 -0800 | 2166 | -- Ryan Tandy <ryan@nardis.ca> Mon, 14 Nov 2016 18:59:30 -0800 |
1643 | 775 | 2167 | ||
1644 | 2168 | openldap (2.4.42+dfsg-2ubuntu5) zesty; urgency=medium | ||
1645 | 2169 | |||
1646 | 2170 | * No-change rebuild for perl 5.24 transition | ||
1647 | 2171 | |||
1648 | 2172 | -- Iain Lane <iain@orangesquash.org.uk> Mon, 24 Oct 2016 10:37:13 +0100 | ||
1649 | 2173 | |||
1650 | 2174 | openldap (2.4.42+dfsg-2ubuntu4) yakkety; urgency=medium | ||
1651 | 2175 | |||
1652 | 2176 | * Fix use after free with GnuTLS. (LP: #1557248) | ||
1653 | 2177 | |||
1654 | 2178 | -- Maciej Puzio <maciej@work.swmed.edu> Fri, 25 Mar 2016 15:24:25 -0500 | ||
1655 | 2179 | |||
1656 | 2180 | openldap (2.4.42+dfsg-2ubuntu3) xenial; urgency=medium | ||
1657 | 2181 | |||
1658 | 2182 | * Fix building with gssapi suppport: | ||
1659 | 2183 | - Explicitly add -I/usr/include/heimdal to CFLAGS. | ||
1660 | 2184 | - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS. | ||
1661 | 2185 | |||
1662 | 2186 | -- Matthias Klose <doko@ubuntu.com> Thu, 18 Feb 2016 09:17:27 +0100 | ||
1663 | 2187 | |||
1664 | 2188 | openldap (2.4.42+dfsg-2ubuntu2) xenial; urgency=medium | ||
1665 | 2189 | |||
1666 | 2190 | * No-change rebuild for gnutls transition. | ||
1667 | 2191 | |||
1668 | 2192 | -- Matthias Klose <doko@ubuntu.com> Wed, 17 Feb 2016 22:27:04 +0000 | ||
1669 | 2193 | |||
1670 | 2194 | openldap (2.4.42+dfsg-2ubuntu1) xenial; urgency=medium | ||
1671 | 2195 | |||
1672 | 2196 | * Merge from Debian testing (LP: #1532648). Remaining changes: | ||
1673 | 2197 | - Enable AppArmor support: | ||
1674 | 2198 | - d/apparmor-profile: add AppArmor profile | ||
1675 | 2199 | - d/rules: use dh_apparmor | ||
1676 | 2200 | - d/control: Build-Depends on dh-apparmor | ||
1677 | 2201 | - d/slapd.README.Debian: add note about AppArmor | ||
1678 | 2202 | - Enable GSSAPI support: | ||
1679 | 2203 | - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): | ||
1680 | 2204 | - Add --with-gssapi support | ||
1681 | 2205 | - Make guess_service_principal() more robust when determining | ||
1682 | 2206 | principal | ||
1683 | 2207 | - d/configure.options: Configure with --with-gssapi | ||
1684 | 2208 | - d/control: Added heimdal-dev as a build depend | ||
1685 | 2209 | - Enable ufw support: | ||
1686 | 2210 | - d/control: suggest ufw. | ||
1687 | 2211 | - d/rules: install ufw profile. | ||
1688 | 2212 | - d/slapd.ufw.profile: add ufw profile. | ||
1689 | 2213 | - Enable nss overlay: | ||
1690 | 2214 | - d/{patches/nssov-build,rules}: Apply, build and package the | ||
1691 | 2215 | nss overlay. | ||
1692 | 2216 | - d/{rules,slapd.py}: Add apport hook. | ||
1693 | 2217 | - d/slapd.init.ldif: don't set olcRootDN since it's not defined in | ||
1694 | 2218 | either the default DIT nor via an Authn mapping. | ||
1695 | 2219 | - d/slapd.scripts-common: | ||
1696 | 2220 | - add slapcat_opts to local variables. | ||
1697 | 2221 | - Remove unused variable new_conf. | ||
1698 | 2222 | - Fix backup directory naming for multiple reconfiguration. | ||
1699 | 2223 | - d/{slapd.default,slapd.README.Debian}: use the new configuration style. | ||
1700 | 2224 | - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support | ||
1701 | 2225 | in the openldap library, as required by Likewise-Open | ||
1702 | 2226 | - Show distribution in version: | ||
1703 | 2227 | - d/control: added lsb-release | ||
1704 | 2228 | - d/patches/fix-ldap-distribution.patch: show distribution in version | ||
1705 | 2229 | * Drop CVE-2015-6908.patch, included in Debian. | ||
1706 | 2230 | * Remove DEB_HOST_ARCH from debian/rules: left over from when mdb was | ||
1707 | 2231 | disabled on ppc64el, no longer used, and missed in the previous merge. | ||
1708 | 2232 | |||
1709 | 2233 | -- Ryan Tandy <ryan@nardis.ca> Sun, 10 Jan 2016 15:50:53 -0800 | ||
1710 | 2234 | |||
1711 | 776 | openldap (2.4.42+dfsg-2) unstable; urgency=medium | 2235 | openldap (2.4.42+dfsg-2) unstable; urgency=medium |
1712 | 777 | 2236 | ||
1713 | 778 | [ Ryan Tandy ] | 2237 | [ Ryan Tandy ] |
1714 | @@ -840,6 +2299,71 @@ openldap (2.4.42+dfsg-1) unstable; urgency=medium | |||
1715 | 840 | 2299 | ||
1716 | 841 | -- Ryan Tandy <ryan@nardis.ca> Fri, 21 Aug 2015 13:07:51 -0700 | 2300 | -- Ryan Tandy <ryan@nardis.ca> Fri, 21 Aug 2015 13:07:51 -0700 |
1717 | 842 | 2301 | ||
1718 | 2302 | openldap (2.4.41+dfsg-1ubuntu3) xenial; urgency=medium | ||
1719 | 2303 | |||
1720 | 2304 | * Rebuild for Perl 5.22.1. | ||
1721 | 2305 | |||
1722 | 2306 | -- Colin Watson <cjwatson@ubuntu.com> Fri, 18 Dec 2015 15:10:17 +0000 | ||
1723 | 2307 | |||
1724 | 2308 | openldap (2.4.41+dfsg-1ubuntu2) wily; urgency=medium | ||
1725 | 2309 | |||
1726 | 2310 | * SECURITY UPDATE: denial of service via crafted BER data | ||
1727 | 2311 | - debian/patches/CVE-2015-6908.patch: remove obsolete assert in | ||
1728 | 2312 | libraries/liblber/io.c. | ||
1729 | 2313 | - CVE-2015-6908 | ||
1730 | 2314 | |||
1731 | 2315 | -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 14 Sep 2015 10:25:04 -0400 | ||
1732 | 2316 | |||
1733 | 2317 | openldap (2.4.41+dfsg-1ubuntu1) wily; urgency=medium | ||
1734 | 2318 | |||
1735 | 2319 | * Merge from Debian testing (LP: #1471831). Remaining changes: | ||
1736 | 2320 | - Enable AppArmor support: | ||
1737 | 2321 | - d/apparmor-profile: add AppArmor profile | ||
1738 | 2322 | - d/rules: use dh_apparmor | ||
1739 | 2323 | - d/control: Build-Depends on dh-apparmor | ||
1740 | 2324 | - d/slapd.README.Debian: add note about AppArmor | ||
1741 | 2325 | - Enable GSSAPI support: | ||
1742 | 2326 | - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): | ||
1743 | 2327 | - Add --with-gssapi support | ||
1744 | 2328 | - Make guess_service_principal() more robust when determining | ||
1745 | 2329 | principal | ||
1746 | 2330 | - d/configure.options: Configure with --with-gssapi | ||
1747 | 2331 | - d/control: Added heimdal-dev as a build depend | ||
1748 | 2332 | - Enable ufw support: | ||
1749 | 2333 | - d/control: suggest ufw. | ||
1750 | 2334 | - d/rules: install ufw profile. | ||
1751 | 2335 | - d/slapd.ufw.profile: add ufw profile. | ||
1752 | 2336 | - Enable nss overlay: | ||
1753 | 2337 | - d/{patches/nssov-build,rules}: Apply, build and package the | ||
1754 | 2338 | nss overlay. | ||
1755 | 2339 | - d/{rules,slapd.py}: Add apport hook. | ||
1756 | 2340 | - d/slapd.init.ldif: don't set olcRootDN since it's not defined in | ||
1757 | 2341 | either the default DIT nor via an Authn mapping. | ||
1758 | 2342 | - d/slapd.scripts-common: | ||
1759 | 2343 | - add slapcat_opts to local variables. | ||
1760 | 2344 | - Remove unused variable new_conf. | ||
1761 | 2345 | - Fix backup directory naming for multiple reconfiguration. | ||
1762 | 2346 | - d/{slapd.default,slapd.README.Debian}: use the new configuration style. | ||
1763 | 2347 | - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support | ||
1764 | 2348 | in the openldap library, as required by Likewise-Open | ||
1765 | 2349 | - Show distribution in version: | ||
1766 | 2350 | - d/control: added lsb-release | ||
1767 | 2351 | - d/patches/fix-ldap-distribution.patch: show distribution in version | ||
1768 | 2352 | * Dropped changes: | ||
1769 | 2353 | - Fix cpp calls for GCC 5: fixed upstream (ITS#8056) | ||
1770 | 2354 | * Upstream fixes: | ||
1771 | 2355 | - slapd crash with auditlog overlay and large (~27KB) attribute values | ||
1772 | 2356 | (ITS#8003) (LP: #1461276) | ||
1773 | 2357 | - nssov updated to support recent nss-pam-ldapd client libraries | ||
1774 | 2358 | (ITS#8097) (LP: #1393306) | ||
1775 | 2359 | * Update d/patches/nssov-build for upstream changes. | ||
1776 | 2360 | * Tweak d/patches/gssapi.diff to apply without fuzz. | ||
1777 | 2361 | * d/libldap-2.4-2.symbols: Add symbols not present in Debian. | ||
1778 | 2362 | - CLDAP (UDP) was added in 2.4.17-1ubuntu2 | ||
1779 | 2363 | - GSSAPI support was enabled in 2.4.18-0ubuntu2 | ||
1780 | 2364 | |||
1781 | 2365 | -- Ryan Tandy <ryan@nardis.ca> Fri, 24 Jul 2015 14:12:06 -0700 | ||
1782 | 2366 | |||
1783 | 843 | openldap (2.4.41+dfsg-1) unstable; urgency=medium | 2367 | openldap (2.4.41+dfsg-1) unstable; urgency=medium |
1784 | 844 | 2368 | ||
1785 | 845 | * New upstream release. | 2369 | * New upstream release. |
1786 | @@ -859,6 +2383,62 @@ openldap (2.4.40+dfsg-2) unstable; urgency=medium | |||
1787 | 859 | 2383 | ||
1788 | 860 | -- Ryan Tandy <ryan@nardis.ca> Sun, 28 Jun 2015 20:40:37 -0700 | 2384 | -- Ryan Tandy <ryan@nardis.ca> Sun, 28 Jun 2015 20:40:37 -0700 |
1789 | 861 | 2385 | ||
1790 | 2386 | openldap (2.4.40+dfsg-1ubuntu2) wily; urgency=medium | ||
1791 | 2387 | |||
1792 | 2388 | * No-change rebuild for the libnettle6 transition. | ||
1793 | 2389 | |||
1794 | 2390 | -- Adam Conrad <adconrad@ubuntu.com> Sun, 14 Jun 2015 03:58:30 -0600 | ||
1795 | 2391 | |||
1796 | 2392 | openldap (2.4.40+dfsg-1ubuntu1) wily; urgency=low | ||
1797 | 2393 | |||
1798 | 2394 | * Merge from Debian testing (LP: #1395098, LP: #1316124). Remaining changes: | ||
1799 | 2395 | - Enable AppArmor support: | ||
1800 | 2396 | - d/apparmor-profile: add AppArmor profile | ||
1801 | 2397 | - d/rules: use dh_apparmor | ||
1802 | 2398 | - d/control: Build-Depends on dh-apparmor | ||
1803 | 2399 | - d/slapd.README.Debian: add note about AppArmor | ||
1804 | 2400 | - Enable GSSAPI support: | ||
1805 | 2401 | - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): | ||
1806 | 2402 | - Add --with-gssapi support | ||
1807 | 2403 | - Make guess_service_principal() more robust when determining | ||
1808 | 2404 | principal | ||
1809 | 2405 | - d/configure.options: Configure with --with-gssapi | ||
1810 | 2406 | - d/control: Added heimdal-dev as a build depend | ||
1811 | 2407 | - Enable ufw support: | ||
1812 | 2408 | - d/control: suggest ufw. | ||
1813 | 2409 | - d/rules: install ufw profile. | ||
1814 | 2410 | - d/slapd.ufw.profile: add ufw profile. | ||
1815 | 2411 | - Enable nss overlay: | ||
1816 | 2412 | - d/{patches/nssov-build,rules}: Apply, build and package the | ||
1817 | 2413 | nss overlay. | ||
1818 | 2414 | - d/{rules,slapd.py}: Add apport hook. | ||
1819 | 2415 | - d/slapd.init.ldif: don't set olcRootDN since it's not defined in | ||
1820 | 2416 | either the default DIT nor via an Authn mapping. | ||
1821 | 2417 | - d/slapd.scripts-common: | ||
1822 | 2418 | - add slapcat_opts to local variables. | ||
1823 | 2419 | - Remove unused variable new_conf. | ||
1824 | 2420 | - Fix backup directory naming for multiple reconfiguration. | ||
1825 | 2421 | - d/{slapd.default,slapd.README.Debian}: use the new configuration style. | ||
1826 | 2422 | - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support | ||
1827 | 2423 | in the openldap library, as required by Likewise-Open | ||
1828 | 2424 | - Show distribution in version: | ||
1829 | 2425 | - d/control: added lsb-release | ||
1830 | 2426 | - d/patches/fix-ldap-distribution.patch: show distribution in version | ||
1831 | 2427 | * Drop patches included upstream: | ||
1832 | 2428 | - d/patches/0001-ITS-7430-GnuTLS-Avoid-use-of-deprecated-function.patch | ||
1833 | 2429 | - d/patches/bdb-deadlock.patch | ||
1834 | 2430 | - d/patches/its-7354-fix-delta-sync-mmr.diff | ||
1835 | 2431 | * Drop hardening-wrapper as Debian now sets PIE and bindnow flags. | ||
1836 | 2432 | * debian/patches/nssov-build: Adjust for upstream changes. | ||
1837 | 2433 | * debian/apparmor-profile: | ||
1838 | 2434 | - Change 'r' to 'rw' for ldapi and nslcd sockets, required for apparmor | ||
1839 | 2435 | kernel ABI v7 (utopic and later). (LP: #1392018) | ||
1840 | 2436 | - Reduce permissions on /run/nslcd to just the nslcd socket. | ||
1841 | 2437 | * Enable the mdb backend again on ppc64el, fixed upstream in ITS#7713. | ||
1842 | 2438 | (LP: #1293250) | ||
1843 | 2439 | |||
1844 | 2440 | -- Ryan Tandy <ryan@nardis.ca> Mon, 25 May 2015 19:49:21 -0700 | ||
1845 | 2441 | |||
1846 | 862 | openldap (2.4.40+dfsg-1) unstable; urgency=medium | 2442 | openldap (2.4.40+dfsg-1) unstable; urgency=medium |
1847 | 863 | 2443 | ||
1848 | 864 | * Remove inetorgperson.schema from the upstream source. Replace it with a | 2444 | * Remove inetorgperson.schema from the upstream source. Replace it with a |
1849 | @@ -1047,6 +2627,187 @@ openldap (2.4.39-1) unstable; urgency=low | |||
1850 | 1047 | 2627 | ||
1851 | 1048 | -- Steve Langasek <vorlon@debian.org> Mon, 17 Mar 2014 15:27:31 -0700 | 2628 | -- Steve Langasek <vorlon@debian.org> Mon, 17 Mar 2014 15:27:31 -0700 |
1852 | 1049 | 2629 | ||
1853 | 2630 | openldap (2.4.31-1+nmu2ubuntu12) vivid; urgency=medium | ||
1854 | 2631 | |||
1855 | 2632 | * Fix cpp calls for GCC 5. | ||
1856 | 2633 | |||
1857 | 2634 | -- Matthias Klose <doko@ubuntu.com> Fri, 06 Mar 2015 13:23:29 +0100 | ||
1858 | 2635 | |||
1859 | 2636 | openldap (2.4.31-1+nmu2ubuntu11) utopic; urgency=medium | ||
1860 | 2637 | |||
1861 | 2638 | * debian/apparmor-profile: | ||
1862 | 2639 | - allow p11-kit abstraction | ||
1863 | 2640 | - allow read of /etc/gss/mech.d/* | ||
1864 | 2641 | |||
1865 | 2642 | -- Jamie Strandboge <jamie@ubuntu.com> Tue, 02 Sep 2014 15:29:05 -0500 | ||
1866 | 2643 | |||
1867 | 2644 | openldap (2.4.31-1+nmu2ubuntu10) utopic; urgency=medium | ||
1868 | 2645 | |||
1869 | 2646 | * Rebuild for Perl 5.20.0. | ||
1870 | 2647 | |||
1871 | 2648 | -- Colin Watson <cjwatson@ubuntu.com> Thu, 21 Aug 2014 13:29:20 +0100 | ||
1872 | 2649 | |||
1873 | 2650 | openldap (2.4.31-1+nmu2ubuntu9) utopic; urgency=medium | ||
1874 | 2651 | |||
1875 | 2652 | * Cherry-pick upstream patch for compat with recent GNUTLS. | ||
1876 | 2653 | * Build-depend on libgnutls28-dev. | ||
1877 | 2654 | * Build-depend on libgcrypt20-dev. | ||
1878 | 2655 | |||
1879 | 2656 | -- Dimitri John Ledkov <xnox@ubuntu.com> Fri, 08 Aug 2014 11:01:56 +0100 | ||
1880 | 2657 | |||
1881 | 2658 | openldap (2.4.31-1+nmu2ubuntu8) trusty; urgency=medium | ||
1882 | 2659 | |||
1883 | 2660 | * Bump database_format_changed value to 2.4.31-1+nmu2ubuntu5 for db5.3. | ||
1884 | 2661 | |||
1885 | 2662 | -- Adam Conrad <adconrad@ubuntu.com> Mon, 17 Mar 2014 12:50:18 -0600 | ||
1886 | 2663 | |||
1887 | 2664 | openldap (2.4.31-1+nmu2ubuntu7) trusty; urgency=medium | ||
1888 | 2665 | |||
1889 | 2666 | * Disable mdb backend on ppc64el due to test-suite failures. | ||
1890 | 2667 | |||
1891 | 2668 | -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 17 Mar 2014 16:32:29 +0000 | ||
1892 | 2669 | |||
1893 | 2670 | openldap (2.4.31-1+nmu2ubuntu6) trusty; urgency=low | ||
1894 | 2671 | |||
1895 | 2672 | * Fix segfault issue with master-master syncrepl (LP: #1287730): | ||
1896 | 2673 | - d/patches/its-7354-fix-delta-sync-mmr.diff: Cherry picked | ||
1897 | 2674 | patch from upstream VCS. | ||
1898 | 2675 | |||
1899 | 2676 | -- Pierre Fersing <pfersing@sierrawireless.com> Tue, 04 Mar 2014 16:04:57 +0100 | ||
1900 | 2677 | |||
1901 | 2678 | openldap (2.4.31-1+nmu2ubuntu5) trusty; urgency=low | ||
1902 | 2679 | |||
1903 | 2680 | * Build-depend on libdb5.3-dev, instead of libdb5.1-dev. | ||
1904 | 2681 | |||
1905 | 2682 | -- Dmitrijs Ledkovs <xnox@ubuntu.com> Mon, 04 Nov 2013 08:04:30 +0000 | ||
1906 | 2683 | |||
1907 | 2684 | openldap (2.4.31-1+nmu2ubuntu4) trusty; urgency=low | ||
1908 | 2685 | |||
1909 | 2686 | * Rebuild for Perl 5.18. | ||
1910 | 2687 | |||
1911 | 2688 | -- Colin Watson <cjwatson@ubuntu.com> Tue, 22 Oct 2013 12:16:39 +0100 | ||
1912 | 2689 | |||
1913 | 2690 | openldap (2.4.31-1+nmu2ubuntu3) saucy; urgency=low | ||
1914 | 2691 | |||
1915 | 2692 | * Update build/config.guess and build/config.sub at build time; this was | ||
1916 | 2693 | not done automatically because the top-level configure.in does not use | ||
1917 | 2694 | Automake. | ||
1918 | 2695 | |||
1919 | 2696 | -- Colin Watson <cjwatson@ubuntu.com> Tue, 08 Oct 2013 17:24:59 +0100 | ||
1920 | 2697 | |||
1921 | 2698 | openldap (2.4.31-1+nmu2ubuntu2) saucy; urgency=low | ||
1922 | 2699 | |||
1923 | 2700 | * debian/control: added lsb-release | ||
1924 | 2701 | * debian/patches/fix-ldap-distribution.patch: show distribution in version | ||
1925 | 2702 | |||
1926 | 2703 | -- Yolanda Robla <yolanda.robla@canonical.com> Mon, 08 Jul 2013 16:53:09 +0200 | ||
1927 | 2704 | |||
1928 | 2705 | openldap (2.4.31-1+nmu2ubuntu1) saucy; urgency=low | ||
1929 | 2706 | |||
1930 | 2707 | * Merge from Debian unstable. Remaining changes: | ||
1931 | 2708 | - Enable AppArmor support: | ||
1932 | 2709 | - d/apparmor-profile: add AppArmor profile | ||
1933 | 2710 | - d/rules: use dh_apparmor | ||
1934 | 2711 | - d/control: Build-Depends on dh-apparmor | ||
1935 | 2712 | - d/slapd.README.Debian: add note about AppArmor | ||
1936 | 2713 | - d/slapd.dirs: add etc/apparmor.d/force-complain | ||
1937 | 2714 | - Enable GSSAPI support: | ||
1938 | 2715 | - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): | ||
1939 | 2716 | - Add --with-gssapi support | ||
1940 | 2717 | - Make guess_service_principal() more robust when determining | ||
1941 | 2718 | principal | ||
1942 | 2719 | - d/configure.options: Configure with --with-gssapi | ||
1943 | 2720 | - d/control: Added libkrb5-dev as a build depend | ||
1944 | 2721 | - Enable ufw support: | ||
1945 | 2722 | - d/control: suggest ufw. | ||
1946 | 2723 | - d/rules: install ufw profile. | ||
1947 | 2724 | - d/slapd.ufw.profile: add ufw profile. | ||
1948 | 2725 | - Enable nss overlay: | ||
1949 | 2726 | - d/{patches/nssov-build,/rules}: Apply, build and package the | ||
1950 | 2727 | nss overlay. | ||
1951 | 2728 | - d/{rules,slapd.py}: Add apport hook. | ||
1952 | 2729 | - d/slapd.init.ldif: don't set olcRootDN since it's not defined in | ||
1953 | 2730 | either the default DIT nor via an Authn mapping. | ||
1954 | 2731 | - d/slapd.scripts-common: | ||
1955 | 2732 | - add slapcat_opts to local variables. | ||
1956 | 2733 | - Remove unused variable new_conf. | ||
1957 | 2734 | - Fix backup directory naming for multiple reconfiguration. | ||
1958 | 2735 | - d/{slapd.default,slapd.README.Debian}: use the new configuration style. | ||
1959 | 2736 | - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support | ||
1960 | 2737 | in the openldap library, as required by Likewise-Open | ||
1961 | 2738 | - d/{control,rules}: enable PIE hardening | ||
1962 | 2739 | |||
1963 | 2740 | -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 30 May 2013 13:03:25 -0400 | ||
1964 | 2741 | |||
1965 | 2742 | openldap (2.4.31-1+nmu2) unstable; urgency=high | ||
1966 | 2743 | |||
1967 | 2744 | * Non-maintainer upload. | ||
1968 | 2745 | * No-change rebuild in a clean environment | ||
1969 | 2746 | |||
1970 | 2747 | -- Jonathan Wiltshire <jmw@debian.org> Tue, 23 Apr 2013 13:10:00 +0100 | ||
1971 | 2748 | |||
1972 | 2749 | openldap (2.4.31-1+nmu1) unstable; urgency=medium | ||
1973 | 2750 | |||
1974 | 2751 | * Non-maintainer upload. | ||
1975 | 2752 | * Avoid deadlocks in back-bdb that truncate slapcat output (closes: #673038). | ||
1976 | 2753 | |||
1977 | 2754 | -- Michael Gilbert <mgilbert@debian.org> Tue, 16 Apr 2013 03:35:31 +0000 | ||
1978 | 2755 | |||
1979 | 2756 | openldap (2.4.31-1ubuntu2) quantal-proposed; urgency=low | ||
1980 | 2757 | |||
1981 | 2758 | * debian/slapd.py: Add AppArmor info and logs to apport hook. | ||
1982 | 2759 | |||
1983 | 2760 | -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 20 Aug 2012 08:46:02 -0400 | ||
1984 | 2761 | |||
1985 | 2762 | openldap (2.4.31-1ubuntu1) quantal; urgency=low | ||
1986 | 2763 | |||
1987 | 2764 | * Merge from Debian unstable. Remaining changes: | ||
1988 | 2765 | - Enable AppArmor support: | ||
1989 | 2766 | - d/apparmor-profile: add AppArmor profile | ||
1990 | 2767 | - d/rules: use dh_apparmor | ||
1991 | 2768 | - d/control: Build-Depends on dh-apparmor | ||
1992 | 2769 | - d/slapd.README.Debian: add note about AppArmor | ||
1993 | 2770 | - d/slapd.dirs: add etc/apparmor.d/force-complain | ||
1994 | 2771 | - Enable GSSAPI support (LP: #495418): | ||
1995 | 2772 | - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): | ||
1996 | 2773 | - Add --with-gssapi support | ||
1997 | 2774 | - Make guess_service_principal() more robust when determining | ||
1998 | 2775 | principal | ||
1999 | 2776 | - d/configure.options: Configure with --with-gssapi | ||
2000 | 2777 | - d/control: Added libkrb5-dev as a build depend | ||
2001 | 2778 | - Enable ufw support (LP: #423246): | ||
2002 | 2779 | - d/control: suggest ufw. | ||
2003 | 2780 | - d/rules: install ufw profile. | ||
2004 | 2781 | - d/slapd.ufw.profile: add ufw profile. | ||
2005 | 2782 | - Enable nss overlay (LP: #675391): | ||
2006 | 2783 | - d/{patches/nssov-build,/rules}: Apply, build and package the | ||
2007 | 2784 | nss overlay. | ||
2008 | 2785 | - d/{rules,slapd.py}: Add apport hook. (LP: #610544) | ||
2009 | 2786 | - d/slapd.init.ldif: don't set olcRootDN since it's not defined in | ||
2010 | 2787 | either the default DIT nor via an Authn mapping. | ||
2011 | 2788 | - d/slapd.scripts-common: | ||
2012 | 2789 | - add slapcat_opts to local variables. | ||
2013 | 2790 | - Remove unused variable new_conf. | ||
2014 | 2791 | - Fix backup directory naming for multiple reconfiguration. | ||
2015 | 2792 | - d/{slapd.default,slapd.README.Debian}: use the new configuration style. | ||
2016 | 2793 | - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support | ||
2017 | 2794 | in the openldap library, as required by Likewise-Open (LP: #390579) | ||
2018 | 2795 | - d/{control,rules}: enable PIE hardening | ||
2019 | 2796 | * Dropped changes: | ||
2020 | 2797 | - d/patches/its-7107-fix-Operation-init-on-reuse.diff: Included in upstream release. | ||
2021 | 2798 | - d/patches/CVE-2011-4079: Included in upstream release. | ||
2022 | 2799 | - d/patches/service-operational-before-detach: Included in upstream release. | ||
2023 | 2800 | - d/schema/extra/misc.ldif: Included upstream. | ||
2024 | 2801 | - d/{rules,schema/extra}: Fix configure and clean rules to support | ||
2025 | 2802 | extra schemas shipped as part of the debian/schema/ directory; no longer required. | ||
2026 | 2803 | - Included in Debian: | ||
2027 | 2804 | + Document cn=config in README file. | ||
2028 | 2805 | + Install a default DIT; actually a minimal configuration. | ||
2029 | 2806 | + d/patches/heimdal-fix. | ||
2030 | 2807 | * General tidy of d/patches to remove obsolete patches being held in Ubuntu delta. | ||
2031 | 2808 | |||
2032 | 2809 | -- James Page <james.page@ubuntu.com> Fri, 20 Jul 2012 13:48:32 +0100 | ||
2033 | 2810 | |||
2034 | 1050 | openldap (2.4.31-1) unstable; urgency=low | 2811 | openldap (2.4.31-1) unstable; urgency=low |
2035 | 1051 | 2812 | ||
2036 | 1052 | * New upstream release. | 2813 | * New upstream release. |
2037 | @@ -1073,6 +2834,121 @@ openldap (2.4.31-1) unstable; urgency=low | |||
2038 | 1073 | 2834 | ||
2039 | 1074 | -- Steve Langasek <vorlon@debian.org> Wed, 27 Jun 2012 03:27:34 +0000 | 2835 | -- Steve Langasek <vorlon@debian.org> Wed, 27 Jun 2012 03:27:34 +0000 |
2040 | 1075 | 2836 | ||
2041 | 2837 | openldap (2.4.28-1.1ubuntu6) quantal; urgency=low | ||
2042 | 2838 | |||
2043 | 2839 | * Fix issue with intermittent connection issues when using LDAPv3 | ||
2044 | 2840 | protocol (LP: #1023025): | ||
2045 | 2841 | - d/patches/its-7107-fix-Operation-init-on-reuse.diff: Cherry picked | ||
2046 | 2842 | patch from upstream VCS which ensures objects are initialized before | ||
2047 | 2843 | re-use. | ||
2048 | 2844 | |||
2049 | 2845 | -- Pierre Fersing <pfersing@sierrawireless.com> Thu, 19 Jul 2012 14:05:09 +0100 | ||
2050 | 2846 | |||
2051 | 2847 | openldap (2.4.28-1.1ubuntu5) quantal; urgency=low | ||
2052 | 2848 | |||
2053 | 2849 | * debian/rules: Add smbk5pwd build. | ||
2054 | 2850 | * debian/control: Add slapd-smbk5pwd binary package. | ||
2055 | 2851 | * debian/patches/heimdal-fix: adapt parameters of | ||
2056 | 2852 | hdb_generate_key_set_password() to heimdal 1.6~git20120311 | ||
2057 | 2853 | (patch from Debian #664930). | ||
2058 | 2854 | |||
2059 | 2855 | -- Jorge Salamero Sanz <bencer@debian.org> Wed, 18 Jul 2012 09:30:28 -0400 | ||
2060 | 2856 | |||
2061 | 2857 | openldap (2.4.28-1.1ubuntu4) precise; urgency=low | ||
2062 | 2858 | |||
2063 | 2859 | * debian/control: Build-Depends on dh-apparmor (LP: #948481) | ||
2064 | 2860 | |||
2065 | 2861 | -- Jamie Strandboge <jamie@ubuntu.com> Thu, 05 Apr 2012 09:34:37 -0500 | ||
2066 | 2862 | |||
2067 | 2863 | openldap (2.4.28-1.1ubuntu3) precise; urgency=low | ||
2068 | 2864 | |||
2069 | 2865 | * Add its-7176-only-poll-sockets-for-write-as-needed.diff | ||
2070 | 2866 | (LP: #932823). | ||
2071 | 2867 | |||
2072 | 2868 | -- Timo Aaltonen <tjaalton@ubuntu.com> Tue, 21 Feb 2012 15:36:29 +0200 | ||
2073 | 2869 | |||
2074 | 2870 | openldap (2.4.28-1.1ubuntu2) precise; urgency=low | ||
2075 | 2871 | |||
2076 | 2872 | * Remove debian/patches/CVE-2011-4079; it's already in this upstream | ||
2077 | 2873 | version. Fixes FTBFS. | ||
2078 | 2874 | |||
2079 | 2875 | -- Daniel T Chen <crimsun@ubuntu.com> Wed, 25 Jan 2012 17:26:17 -0500 | ||
2080 | 2876 | |||
2081 | 2877 | openldap (2.4.28-1.1ubuntu1) precise; urgency=low | ||
2082 | 2878 | |||
2083 | 2879 | * Merge from Debian testing. Remaining changes: | ||
2084 | 2880 | - Install a default DIT (LP: #442498). | ||
2085 | 2881 | - Document cn=config in README file (LP: #370784). | ||
2086 | 2882 | - remaining changes: | ||
2087 | 2883 | + AppArmor support: | ||
2088 | 2884 | - debian/apparmor-profile: add AppArmor profile | ||
2089 | 2885 | - use dh_apparmor: | ||
2090 | 2886 | - debian/rules: use dh_apparmor | ||
2091 | 2887 | - debian/control: Build-Depends on debhelper 7.4.20ubuntu5 | ||
2092 | 2888 | - updated debian/slapd.README.Debian for note on AppArmor | ||
2093 | 2889 | - debian/slapd.dirs: add etc/apparmor.d/force-complain | ||
2094 | 2890 | + Enable GSSAPI support (LP: #495418): | ||
2095 | 2891 | - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise): | ||
2096 | 2892 | - Add --with-gssapi support | ||
2097 | 2893 | - Make guess_service_principal() more robust when determining | ||
2098 | 2894 | principal | ||
2099 | 2895 | - debian/patches/series: apply gssapi.diff patch. | ||
2100 | 2896 | - debian/configure.options: Configure with --with-gssapi | ||
2101 | 2897 | - debian/control: Added libkrb5-dev as a build depend | ||
2102 | 2898 | + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support | ||
2103 | 2899 | in the openldap library, as required by Likewise-Open (LP: #390579) | ||
2104 | 2900 | + Don't build smbk5pwd overlay since it uses heimdal instead of krb5: | ||
2105 | 2901 | - debian/control: | ||
2106 | 2902 | - remove build-dependency on heimdal-dev. | ||
2107 | 2903 | - remove slapd-smbk5pwd binary package. | ||
2108 | 2904 | - debian/rules: don't build smbk5pwd slapd module. | ||
2109 | 2905 | + debian/{control,rules}: enable PIE hardening | ||
2110 | 2906 | + ufw support (LP: #423246): | ||
2111 | 2907 | - debian/control: suggest ufw. | ||
2112 | 2908 | - debian/rules: install ufw profile. | ||
2113 | 2909 | - debian/slapd.ufw.profile: add ufw profile. | ||
2114 | 2910 | + Enable nssoverlay: | ||
2115 | 2911 | - debian/patches/nssov-build, debian/series, debian/rules: | ||
2116 | 2912 | Apply, build and package the nss overlay. | ||
2117 | 2913 | - debian/schema/extra/misc.ldif: add ldif file for the misc schema | ||
2118 | 2914 | which defines rfc822MailMember (required by the nss overlay). | ||
2119 | 2915 | + debian/rules, debian/schema/extra/: | ||
2120 | 2916 | Fix configure rule to supports extra schemas shipped as part | ||
2121 | 2917 | of the debian/schema/ directory. | ||
2122 | 2918 | + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544) | ||
2123 | 2919 | + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in | ||
2124 | 2920 | neither the default DIT nor via an Authn mapping. | ||
2125 | 2921 | + debian/slapd.scripts-common: adjust minimum version that triggers a | ||
2126 | 2922 | database upgrade. Upgrade from maverick shouldn't trigger database | ||
2127 | 2923 | upgrade (which would happen with the version used in Debian). | ||
2128 | 2924 | + debian/slapd.scripts-common: add slapcat_opts to local variables. | ||
2129 | 2925 | Remove unused variable new_conf. | ||
2130 | 2926 | + debian/slapd.script-common: Fix package reconfiguration. | ||
2131 | 2927 | - Fix backup directory naming for multiple reconfiguration. | ||
2132 | 2928 | + debian/slapd.default, debian/slapd.README.Debian: | ||
2133 | 2929 | use the new configuration style. | ||
2134 | 2930 | + Install nss overlay (LP: #675391): | ||
2135 | 2931 | - debian/rules: run install target for nssov module. | ||
2136 | 2932 | - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema | ||
2137 | 2933 | + debian/patches/gssapi.diff: | ||
2138 | 2934 | - Update patch so that likewise-open is usuable again. (LP: #661547) | ||
2139 | 2935 | + debian/patches/service-operational-before-detach: New patch replacing old one | ||
2140 | 2936 | of the same name as previous could cause database corruption based on upstream commits. | ||
2141 | 2937 | (LP: #727973) | ||
2142 | 2938 | + debian/patches/CVE-2011-4079: fix off by one error in postalAddressNormalize() | ||
2143 | 2939 | (CVE-2011-4079) | ||
2144 | 2940 | |||
2145 | 2941 | |||
2146 | 2942 | -- Chuck Short <zulcss@ubuntu.com> Mon, 23 Jan 2012 10:01:13 -0500 | ||
2147 | 2943 | |||
2148 | 2944 | openldap (2.4.28-1.1) unstable; urgency=low | ||
2149 | 2945 | |||
2150 | 2946 | * Non-maintainer upload. | ||
2151 | 2947 | * Disable the mdb backend on non-Linux, it looks like it doesn't work with | ||
2152 | 2948 | linuxthreads (closes: #654824). | ||
2153 | 2949 | |||
2154 | 2950 | -- Julien Cristau <jcristau@debian.org> Mon, 16 Jan 2012 19:45:42 +0100 | ||
2155 | 2951 | |||
2156 | 1076 | openldap (2.4.28-1) unstable; urgency=low | 2952 | openldap (2.4.28-1) unstable; urgency=low |
2157 | 1077 | 2953 | ||
2158 | 1078 | * New upstream release. | 2954 | * New upstream release. |
2159 | @@ -1100,6 +2976,72 @@ openldap (2.4.28-1) unstable; urgency=low | |||
2160 | 1100 | 2976 | ||
2161 | 1101 | -- Steve Langasek <vorlon@debian.org> Thu, 05 Jan 2012 06:07:11 +0000 | 2977 | -- Steve Langasek <vorlon@debian.org> Thu, 05 Jan 2012 06:07:11 +0000 |
2162 | 1102 | 2978 | ||
2163 | 2979 | openldap (2.4.25-4ubuntu1) precise; urgency=low | ||
2164 | 2980 | |||
2165 | 2981 | * Merge from Debian testing. Remaining changes: | ||
2166 | 2982 | - Install a default DIT (LP: #442498). | ||
2167 | 2983 | - Document cn=config in README file (LP: #370784). | ||
2168 | 2984 | - remaining changes: | ||
2169 | 2985 | + AppArmor support: | ||
2170 | 2986 | - debian/apparmor-profile: add AppArmor profile | ||
2171 | 2987 | - use dh_apparmor: | ||
2172 | 2988 | - debian/rules: use dh_apparmor | ||
2173 | 2989 | - debian/control: Build-Depends on debhelper 7.4.20ubuntu5 | ||
2174 | 2990 | - updated debian/slapd.README.Debian for note on AppArmor | ||
2175 | 2991 | - debian/slapd.dirs: add etc/apparmor.d/force-complain | ||
2176 | 2992 | + Enable GSSAPI support (LP: #495418): | ||
2177 | 2993 | - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise): | ||
2178 | 2994 | - Add --with-gssapi support | ||
2179 | 2995 | - Make guess_service_principal() more robust when determining | ||
2180 | 2996 | principal | ||
2181 | 2997 | - debian/patches/series: apply gssapi.diff patch. | ||
2182 | 2998 | - debian/configure.options: Configure with --with-gssapi | ||
2183 | 2999 | - debian/control: Added libkrb5-dev as a build depend | ||
2184 | 3000 | + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support | ||
2185 | 3001 | in the openldap library, as required by Likewise-Open (LP: #390579) | ||
2186 | 3002 | + Don't build smbk5pwd overlay since it uses heimdal instead of krb5: | ||
2187 | 3003 | - debian/control: | ||
2188 | 3004 | - remove build-dependency on heimdal-dev. | ||
2189 | 3005 | - remove slapd-smbk5pwd binary package. | ||
2190 | 3006 | - debian/rules: don't build smbk5pwd slapd module. | ||
2191 | 3007 | + debian/{control,rules}: enable PIE hardening | ||
2192 | 3008 | + ufw support (LP: #423246): | ||
2193 | 3009 | - debian/control: suggest ufw. | ||
2194 | 3010 | - debian/rules: install ufw profile. | ||
2195 | 3011 | - debian/slapd.ufw.profile: add ufw profile. | ||
2196 | 3012 | + Enable nssoverlay: | ||
2197 | 3013 | - debian/patches/nssov-build, debian/series, debian/rules: | ||
2198 | 3014 | Apply, build and package the nss overlay. | ||
2199 | 3015 | - debian/schema/extra/misc.ldif: add ldif file for the misc schema | ||
2200 | 3016 | which defines rfc822MailMember (required by the nss overlay). | ||
2201 | 3017 | + debian/rules, debian/schema/extra/: | ||
2202 | 3018 | Fix configure rule to supports extra schemas shipped as part | ||
2203 | 3019 | of the debian/schema/ directory. | ||
2204 | 3020 | + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544) | ||
2205 | 3021 | + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in | ||
2206 | 3022 | neither the default DIT nor via an Authn mapping. | ||
2207 | 3023 | + debian/slapd.scripts-common: adjust minimum version that triggers a | ||
2208 | 3024 | database upgrade. Upgrade from maverick shouldn't trigger database | ||
2209 | 3025 | upgrade (which would happen with the version used in Debian). | ||
2210 | 3026 | + debian/slapd.scripts-common: add slapcat_opts to local variables. | ||
2211 | 3027 | Remove unused variable new_conf. | ||
2212 | 3028 | + debian/slapd.script-common: Fix package reconfiguration. | ||
2213 | 3029 | - Fix backup directory naming for multiple reconfiguration. | ||
2214 | 3030 | + debian/slapd.default, debian/slapd.README.Debian: | ||
2215 | 3031 | use the new configuration style. | ||
2216 | 3032 | + Install nss overlay (LP: #675391): | ||
2217 | 3033 | - debian/rules: run install target for nssov module. | ||
2218 | 3034 | - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema | ||
2219 | 3035 | + debian/patches/gssapi.diff: | ||
2220 | 3036 | - Update patch so that likewise-open is usuable again. (LP: #661547) | ||
2221 | 3037 | + debian/patches/service-operational-before-detach: New patch replacing old one | ||
2222 | 3038 | of the same name as previous could cause database corruption based on upstream commits. | ||
2223 | 3039 | (LP: #727973) | ||
2224 | 3040 | + debian/patches/CVE-2011-4079: fix off by one error in postalAddressNormalize() | ||
2225 | 3041 | (CVE-2011-4079) | ||
2226 | 3042 | |||
2227 | 3043 | -- Chuck Short <zulcss@ubuntu.com> Tue, 22 Nov 2011 06:17:49 +0000 | ||
2228 | 3044 | |||
2229 | 1103 | openldap (2.4.25-4) unstable; urgency=low | 3045 | openldap (2.4.25-4) unstable; urgency=low |
2230 | 1104 | 3046 | ||
2231 | 1105 | * Drop explicit depends on libdb4.8, since we're now linking against | 3047 | * Drop explicit depends on libdb4.8, since we're now linking against |
2232 | @@ -1133,6 +3075,85 @@ openldap (2.4.25-4) unstable; urgency=low | |||
2233 | 1133 | 3075 | ||
2234 | 1134 | -- Steve Langasek <vorlon@debian.org> Tue, 18 Oct 2011 01:08:34 +0000 | 3076 | -- Steve Langasek <vorlon@debian.org> Tue, 18 Oct 2011 01:08:34 +0000 |
2235 | 1135 | 3077 | ||
2236 | 3078 | openldap (2.4.25-3ubuntu3) precise; urgency=low | ||
2237 | 3079 | |||
2238 | 3080 | * Rebuild for Perl 5.14. | ||
2239 | 3081 | |||
2240 | 3082 | -- Colin Watson <cjwatson@ubuntu.com> Tue, 15 Nov 2011 20:50:09 +0000 | ||
2241 | 3083 | |||
2242 | 3084 | openldap (2.4.25-3ubuntu2) precise; urgency=low | ||
2243 | 3085 | |||
2244 | 3086 | * SECURITY UPDATE: potential denial of service (LP: #884163) | ||
2245 | 3087 | - debian/patches/CVE-2011-4079: fix off by one error in | ||
2246 | 3088 | postalAddressNormalize() | ||
2247 | 3089 | - CVE-2011-4079 | ||
2248 | 3090 | |||
2249 | 3091 | -- Jamie Strandboge <jamie@ubuntu.com> Mon, 14 Nov 2011 13:59:56 -0600 | ||
2250 | 3092 | |||
2251 | 3093 | openldap (2.4.25-3ubuntu1) precise; urgency=low | ||
2252 | 3094 | |||
2253 | 3095 | * Merge from debian unstable. Remaining changes: | ||
2254 | 3096 | - Install a default DIT (LP: #442498). | ||
2255 | 3097 | - Document cn=config in README file (LP: #370784). | ||
2256 | 3098 | - remaining changes: | ||
2257 | 3099 | + AppArmor support: | ||
2258 | 3100 | - debian/apparmor-profile: add AppArmor profile | ||
2259 | 3101 | - use dh_apparmor: | ||
2260 | 3102 | - debian/rules: use dh_apparmor | ||
2261 | 3103 | - debian/control: Build-Depends on debhelper 7.4.20ubuntu5 | ||
2262 | 3104 | - updated debian/slapd.README.Debian for note on AppArmor | ||
2263 | 3105 | - debian/slapd.dirs: add etc/apparmor.d/force-complain | ||
2264 | 3106 | + Enable GSSAPI support (LP: #495418): | ||
2265 | 3107 | - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise): | ||
2266 | 3108 | - Add --with-gssapi support | ||
2267 | 3109 | - Make guess_service_principal() more robust when determining | ||
2268 | 3110 | principal | ||
2269 | 3111 | - debian/patches/series: apply gssapi.diff patch. | ||
2270 | 3112 | - debian/configure.options: Configure with --with-gssapi | ||
2271 | 3113 | - debian/control: Added libkrb5-dev as a build depend | ||
2272 | 3114 | + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support | ||
2273 | 3115 | in the openldap library, as required by Likewise-Open (LP: #390579) | ||
2274 | 3116 | + Don't build smbk5pwd overlay since it uses heimdal instead of krb5: | ||
2275 | 3117 | - debian/control: | ||
2276 | 3118 | - remove build-dependency on heimdal-dev. | ||
2277 | 3119 | - remove slapd-smbk5pwd binary package. | ||
2278 | 3120 | - debian/rules: don't build smbk5pwd slapd module. | ||
2279 | 3121 | + debian/{control,rules}: enable PIE hardening | ||
2280 | 3122 | + ufw support (LP: #423246): | ||
2281 | 3123 | - debian/control: suggest ufw. | ||
2282 | 3124 | - debian/rules: install ufw profile. | ||
2283 | 3125 | - debian/slapd.ufw.profile: add ufw profile. | ||
2284 | 3126 | + Enable nssoverlay: | ||
2285 | 3127 | - debian/patches/nssov-build, debian/series, debian/rules: | ||
2286 | 3128 | Apply, build and package the nss overlay. | ||
2287 | 3129 | - debian/schema/extra/misc.ldif: add ldif file for the misc schema | ||
2288 | 3130 | which defines rfc822MailMember (required by the nss overlay). | ||
2289 | 3131 | + debian/rules, debian/schema/extra/: | ||
2290 | 3132 | Fix configure rule to supports extra schemas shipped as part | ||
2291 | 3133 | of the debian/schema/ directory. | ||
2292 | 3134 | + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544) | ||
2293 | 3135 | + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in | ||
2294 | 3136 | neither the default DIT nor via an Authn mapping. | ||
2295 | 3137 | + debian/slapd.scripts-common: adjust minimum version that triggers a | ||
2296 | 3138 | database upgrade. Upgrade from maverick shouldn't trigger database | ||
2297 | 3139 | upgrade (which would happen with the version used in Debian). | ||
2298 | 3140 | + debian/slapd.scripts-common: add slapcat_opts to local variables. | ||
2299 | 3141 | Remove unused variable new_conf. | ||
2300 | 3142 | + debian/slapd.script-common: Fix package reconfiguration. | ||
2301 | 3143 | - Fix backup directory naming for multiple reconfiguration. | ||
2302 | 3144 | + debian/slapd.default, debian/slapd.README.Debian: | ||
2303 | 3145 | use the new configuration style. | ||
2304 | 3146 | + Install nss overlay (LP: #675391): | ||
2305 | 3147 | - debian/rules: run install target for nssov module. | ||
2306 | 3148 | - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema | ||
2307 | 3149 | + debian/patches/gssapi.diff: | ||
2308 | 3150 | - Update patch so that likewise-open is usuable again. (LP: #661547) | ||
2309 | 3151 | + debian/patches/service-operational-before-detach: New patch replacing old one | ||
2310 | 3152 | of the same name as previous could cause database corruption based on upstream commits. | ||
2311 | 3153 | (LP: #727973) | ||
2312 | 3154 | |||
2313 | 3155 | -- Chuck Short <zulcss@ubuntu.com> Wed, 19 Oct 2011 20:53:08 +0000 | ||
2314 | 3156 | |||
2315 | 1136 | openldap (2.4.25-3) unstable; urgency=low | 3157 | openldap (2.4.25-3) unstable; urgency=low |
2316 | 1137 | 3158 | ||
2317 | 1138 | * Brown paper bag: really fix the .links.in handling, so we don't generate | 3159 | * Brown paper bag: really fix the .links.in handling, so we don't generate |
2318 | @@ -1155,6 +3176,92 @@ openldap (2.4.25-2) unstable; urgency=low | |||
2319 | 1155 | 3176 | ||
2320 | 1156 | -- Steve Langasek <vorlon@debian.org> Sun, 14 Aug 2011 23:17:09 -0700 | 3177 | -- Steve Langasek <vorlon@debian.org> Sun, 14 Aug 2011 23:17:09 -0700 |
2321 | 1157 | 3178 | ||
2322 | 3179 | openldap (2.4.25-1.1ubuntu4) oneiric; urgency=low | ||
2323 | 3180 | |||
2324 | 3181 | * Brown paper bag: really fix the .links.in handling, so we don't generate | ||
2325 | 3182 | broken /usr/lib/${DEB_HOST_MULTIARCH} dirs. | ||
2326 | 3183 | |||
2327 | 3184 | -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 15 Aug 2011 09:43:29 +0000 | ||
2328 | 3185 | |||
2329 | 3186 | openldap (2.4.25-1.1ubuntu3) oneiric; urgency=low | ||
2330 | 3187 | |||
2331 | 3188 | * Cherry-pick multiarch support from Debian (LP: #826601): | ||
2332 | 3189 | - Bump to compat level 7, so we don't have to spell out debian/tmp in | ||
2333 | 3190 | every single .install file | ||
2334 | 3191 | - Build for multiarch. | ||
2335 | 3192 | |||
2336 | 3193 | -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 15 Aug 2011 02:23:43 -0700 | ||
2337 | 3194 | |||
2338 | 3195 | openldap (2.4.25-1.1ubuntu2) oneiric; urgency=low | ||
2339 | 3196 | |||
2340 | 3197 | * debian/apparmor-profile: Allow /var/run and /run. (LP: #810270) | ||
2341 | 3198 | |||
2342 | 3199 | -- Martin Pitt <martin.pitt@ubuntu.com> Thu, 14 Jul 2011 15:18:02 +0200 | ||
2343 | 3200 | |||
2344 | 3201 | openldap (2.4.25-1.1ubuntu1) oneiric; urgency=low | ||
2345 | 3202 | |||
2346 | 3203 | * Merge from debian unstable. Remaining changes: | ||
2347 | 3204 | - Install a default DIT (LP: #442498). | ||
2348 | 3205 | - Document cn=config in README file (LP: #370784). | ||
2349 | 3206 | - remaining changes: | ||
2350 | 3207 | + AppArmor support: | ||
2351 | 3208 | - debian/apparmor-profile: add AppArmor profile | ||
2352 | 3209 | - use dh_apparmor: | ||
2353 | 3210 | - debian/rules: use dh_apparmor | ||
2354 | 3211 | - debian/control: Build-Depends on debhelper 7.4.20ubuntu5 | ||
2355 | 3212 | - updated debian/slapd.README.Debian for note on AppArmor | ||
2356 | 3213 | - debian/slapd.dirs: add etc/apparmor.d/force-complain | ||
2357 | 3214 | + Enable GSSAPI support (LP: #495418): | ||
2358 | 3215 | - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise): | ||
2359 | 3216 | - Add --with-gssapi support | ||
2360 | 3217 | - Make guess_service_principal() more robust when determining | ||
2361 | 3218 | principal | ||
2362 | 3219 | - debian/patches/series: apply gssapi.diff patch. | ||
2363 | 3220 | - debian/configure.options: Configure with --with-gssapi | ||
2364 | 3221 | - debian/control: Added libkrb5-dev as a build depend | ||
2365 | 3222 | + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support | ||
2366 | 3223 | in the openldap library, as required by Likewise-Open (LP: #390579) | ||
2367 | 3224 | + Don't build smbk5pwd overlay since it uses heimdal instead of krb5: | ||
2368 | 3225 | - debian/control: | ||
2369 | 3226 | - remove build-dependency on heimdal-dev. | ||
2370 | 3227 | - remove slapd-smbk5pwd binary package. | ||
2371 | 3228 | - debian/rules: don't build smbk5pwd slapd module. | ||
2372 | 3229 | + debian/{control,rules}: enable PIE hardening | ||
2373 | 3230 | + ufw support (LP: #423246): | ||
2374 | 3231 | - debian/control: suggest ufw. | ||
2375 | 3232 | - debian/rules: install ufw profile. | ||
2376 | 3233 | - debian/slapd.ufw.profile: add ufw profile. | ||
2377 | 3234 | + Enable nssoverlay: | ||
2378 | 3235 | - debian/patches/nssov-build, debian/series, debian/rules: | ||
2379 | 3236 | Apply, build and package the nss overlay. | ||
2380 | 3237 | - debian/schema/extra/misc.ldif: add ldif file for the misc schema | ||
2381 | 3238 | which defines rfc822MailMember (required by the nss overlay). | ||
2382 | 3239 | + debian/rules, debian/schema/extra/: | ||
2383 | 3240 | Fix configure rule to supports extra schemas shipped as part | ||
2384 | 3241 | of the debian/schema/ directory. | ||
2385 | 3242 | + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544) | ||
2386 | 3243 | + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in | ||
2387 | 3244 | neither the default DIT nor via an Authn mapping. | ||
2388 | 3245 | + debian/slapd.scripts-common: adjust minimum version that triggers a | ||
2389 | 3246 | database upgrade. Upgrade from maverick shouldn't trigger database | ||
2390 | 3247 | upgrade (which would happen with the version used in Debian). | ||
2391 | 3248 | + debian/slapd.scripts-common: add slapcat_opts to local variables. | ||
2392 | 3249 | Remove unused variable new_conf. | ||
2393 | 3250 | + debian/slapd.script-common: Fix package reconfiguration. | ||
2394 | 3251 | - Fix backup directory naming for multiple reconfiguration. | ||
2395 | 3252 | + debian/slapd.default, debian/slapd.README.Debian: | ||
2396 | 3253 | use the new configuration style. | ||
2397 | 3254 | + Install nss overlay (LP: #675391): | ||
2398 | 3255 | - debian/rules: run install target for nssov module. | ||
2399 | 3256 | - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema | ||
2400 | 3257 | + debian/patches/gssapi.diff: | ||
2401 | 3258 | - Update patch so that likewise-open is usuable again. (LP: #661547) | ||
2402 | 3259 | + debian/patches/service-operational-before-detach: New patch replacing old one | ||
2403 | 3260 | of the same name as previous could cause database corruption based on upstream commits. | ||
2404 | 3261 | (LP: #727973) | ||
2405 | 3262 | |||
2406 | 3263 | -- Chuck Short <zulcss@ubuntu.com> Sun, 05 Jun 2011 17:38:40 +0100 | ||
2407 | 3264 | |||
2408 | 1158 | openldap (2.4.25-1.1) unstable; urgency=low | 3265 | openldap (2.4.25-1.1) unstable; urgency=low |
2409 | 1159 | 3266 | ||
2410 | 1160 | * Non-maintainer upload to fix RC bug. | 3267 | * Non-maintainer upload to fix RC bug. |
2411 | @@ -1162,6 +3269,75 @@ openldap (2.4.25-1.1) unstable; urgency=low | |||
2412 | 1162 | 3269 | ||
2413 | 1163 | -- Thijs Kinkhorst <thijs@debian.org> Tue, 31 May 2011 11:57:29 +0200 | 3270 | -- Thijs Kinkhorst <thijs@debian.org> Tue, 31 May 2011 11:57:29 +0200 |
2414 | 1164 | 3271 | ||
2415 | 3272 | openldap (2.4.25-1ubuntu1) oneiric; urgency=low | ||
2416 | 3273 | |||
2417 | 3274 | * Merge from debian unstable. Remaining changes: | ||
2418 | 3275 | - Install a default DIT (LP: #442498). | ||
2419 | 3276 | - Document cn=config in README file (LP: #370784). | ||
2420 | 3277 | - remaining changes: | ||
2421 | 3278 | + AppArmor support: | ||
2422 | 3279 | - debian/apparmor-profile: add AppArmor profile | ||
2423 | 3280 | - use dh_apparmor: | ||
2424 | 3281 | - debian/rules: use dh_apparmor | ||
2425 | 3282 | - debian/control: Build-Depends on debhelper 7.4.20ubuntu5 | ||
2426 | 3283 | - updated debian/slapd.README.Debian for note on AppArmor | ||
2427 | 3284 | - debian/slapd.dirs: add etc/apparmor.d/force-complain | ||
2428 | 3285 | + Enable GSSAPI support (LP: #495418): | ||
2429 | 3286 | - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise): | ||
2430 | 3287 | - Add --with-gssapi support | ||
2431 | 3288 | - Make guess_service_principal() more robust when determining | ||
2432 | 3289 | principal | ||
2433 | 3290 | - debian/patches/series: apply gssapi.diff patch. | ||
2434 | 3291 | - debian/configure.options: Configure with --with-gssapi | ||
2435 | 3292 | - debian/control: Added libkrb5-dev as a build depend | ||
2436 | 3293 | + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support | ||
2437 | 3294 | in the openldap library, as required by Likewise-Open (LP: #390579) | ||
2438 | 3295 | + Don't build smbk5pwd overlay since it uses heimdal instead of krb5: | ||
2439 | 3296 | - debian/control: | ||
2440 | 3297 | - remove build-dependency on heimdal-dev. | ||
2441 | 3298 | - remove slapd-smbk5pwd binary package. | ||
2442 | 3299 | - debian/rules: don't build smbk5pwd slapd module. | ||
2443 | 3300 | + debian/{control,rules}: enable PIE hardening | ||
2444 | 3301 | + ufw support (LP: #423246): | ||
2445 | 3302 | - debian/control: suggest ufw. | ||
2446 | 3303 | - debian/rules: install ufw profile. | ||
2447 | 3304 | - debian/slapd.ufw.profile: add ufw profile. | ||
2448 | 3305 | + Enable nssoverlay: | ||
2449 | 3306 | - debian/patches/nssov-build, debian/series, debian/rules: | ||
2450 | 3307 | Apply, build and package the nss overlay. | ||
2451 | 3308 | - debian/schema/extra/misc.ldif: add ldif file for the misc schema | ||
2452 | 3309 | which defines rfc822MailMember (required by the nss overlay). | ||
2453 | 3310 | + debian/rules, debian/schema/extra/: | ||
2454 | 3311 | Fix configure rule to supports extra schemas shipped as part | ||
2455 | 3312 | of the debian/schema/ directory. | ||
2456 | 3313 | + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544) | ||
2457 | 3314 | + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in | ||
2458 | 3315 | neither the default DIT nor via an Authn mapping. | ||
2459 | 3316 | + debian/slapd.scripts-common: adjust minimum version that triggers a | ||
2460 | 3317 | database upgrade. Upgrade from maverick shouldn't trigger database | ||
2461 | 3318 | upgrade (which would happen with the version used in Debian). | ||
2462 | 3319 | + debian/slapd.scripts-common: add slapcat_opts to local variables. | ||
2463 | 3320 | Remove unused variable new_conf. | ||
2464 | 3321 | + debian/slapd.script-common: Fix package reconfiguration. | ||
2465 | 3322 | - Fix backup directory naming for multiple reconfiguration. | ||
2466 | 3323 | + debian/slapd.default, debian/slapd.README.Debian: | ||
2467 | 3324 | use the new configuration style. | ||
2468 | 3325 | + Install nss overlay (LP: #675391): | ||
2469 | 3326 | - debian/rules: run install target for nssov module. | ||
2470 | 3327 | - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema | ||
2471 | 3328 | + debian/patches/gssapi.diff: | ||
2472 | 3329 | - Update patch so that likewise-open is usuable again. (LP: #661547) | ||
2473 | 3330 | + debian/patches/service-operational-before-detach: New patch replacing old one | ||
2474 | 3331 | of the same name as previous could cause database corruption based on upstream commits. | ||
2475 | 3332 | (LP: #727973) | ||
2476 | 3333 | + Dropped: | ||
2477 | 3334 | - debian/patches/gold: Use the debian version instead | ||
2478 | 3335 | - debian/patches/CVE-2011-1024: Fixed upstream | ||
2479 | 3336 | - debian/patches/CVE-2011-1025: Fixed upstream | ||
2480 | 3337 | - debian/patches/CVE-2011-1081: Fixed upstream | ||
2481 | 3338 | |||
2482 | 3339 | -- Chuck Short <zulcss@ubuntu.com> Sun, 08 May 2011 16:34:09 +0100 | ||
2483 | 3340 | |||
2484 | 1165 | openldap (2.4.25-1) unstable; urgency=low | 3341 | openldap (2.4.25-1) unstable; urgency=low |
2485 | 1166 | 3342 | ||
2486 | 1167 | * New upstream version (Closes: #617606, #618904, #606815, #608813) | 3343 | * New upstream version (Closes: #617606, #618904, #606815, #608813) |
2487 | @@ -1193,6 +3369,116 @@ openldap (2.4.23-7) unstable; urgency=low | |||
2488 | 1193 | 3369 | ||
2489 | 1194 | -- Matthijs Mohlmann <matthijs@cacholong.nl> Sat, 06 Nov 2010 12:13:01 +0100 | 3370 | -- Matthijs Mohlmann <matthijs@cacholong.nl> Sat, 06 Nov 2010 12:13:01 +0100 |
2490 | 1195 | 3371 | ||
2491 | 3372 | openldap (2.4.23-6ubuntu7) oneiric; urgency=low | ||
2492 | 3373 | |||
2493 | 3374 | * Rebuild for Perl 5.12. | ||
2494 | 3375 | |||
2495 | 3376 | -- Colin Watson <cjwatson@ubuntu.com> Sun, 08 May 2011 13:40:28 +0100 | ||
2496 | 3377 | |||
2497 | 3378 | openldap (2.4.23-6ubuntu6) natty; urgency=low | ||
2498 | 3379 | |||
2499 | 3380 | * SECURITY UPDATE: fix successful anonymous bind via chain overlay when | ||
2500 | 3381 | using forwarded authentication failures | ||
2501 | 3382 | - debian/patches/CVE-2011-1024 | ||
2502 | 3383 | - CVE-2011-1024 | ||
2503 | 3384 | * SECURITY UPDATE: verify password when authenticating to rootdn and using ndb | ||
2504 | 3385 | backend. Note: Ubuntu is not compiled with --enable-ndb by default | ||
2505 | 3386 | - debian/patches/CVE-2011-1025 | ||
2506 | 3387 | - CVE-2011-1025 | ||
2507 | 3388 | * SECURITY UPDATE: fix DoS when processing unauthenticated modrdn requests | ||
2508 | 3389 | and requestDN is empty | ||
2509 | 3390 | - debian/patches/CVE-2011-1081 | ||
2510 | 3391 | - CVE-2011-1081 | ||
2511 | 3392 | - LP: #742104 | ||
2512 | 3393 | |||
2513 | 3394 | -- Jamie Strandboge <jamie@ubuntu.com> Thu, 07 Apr 2011 11:36:53 -0500 | ||
2514 | 3395 | |||
2515 | 3396 | openldap (2.4.23-6ubuntu5) natty; urgency=low | ||
2516 | 3397 | |||
2517 | 3398 | * debian/patches/service-operational-before-detach: New patch replacing | ||
2518 | 3399 | old one of same name as previous could cause database corruption, | ||
2519 | 3400 | based on upstream commits. (LP: #727973) | ||
2520 | 3401 | |||
2521 | 3402 | -- Dave Walker (Daviey) <DaveWalker@ubuntu.com> Wed, 02 Mar 2011 20:33:08 +0000 | ||
2522 | 3403 | |||
2523 | 3404 | openldap (2.4.23-6ubuntu4) natty; urgency=low | ||
2524 | 3405 | |||
2525 | 3406 | * Fix FTBFS with ld.gold. | ||
2526 | 3407 | |||
2527 | 3408 | -- Matthias Klose <doko@ubuntu.com> Wed, 19 Jan 2011 07:39:49 +0100 | ||
2528 | 3409 | |||
2529 | 3410 | openldap (2.4.23-6ubuntu3) natty; urgency=low | ||
2530 | 3411 | |||
2531 | 3412 | * debian/patches/gssapi.diff: | ||
2532 | 3413 | Update patch so that likewise-open is usable again (LP: #661547) | ||
2533 | 3414 | |||
2534 | 3415 | -- Thierry Carrez (ttx) <thierry.carrez@ubuntu.com> Fri, 26 Nov 2010 15:50:11 +0100 | ||
2535 | 3416 | |||
2536 | 3417 | openldap (2.4.23-6ubuntu2) natty; urgency=low | ||
2537 | 3418 | |||
2538 | 3419 | * Install nss overlay (LP: #675391): | ||
2539 | 3420 | - debian/rules: run install target for nssov module. | ||
2540 | 3421 | - debian/patches/nssov-build: fix patch to install schema in | ||
2541 | 3422 | /etc/ldap/schema. | ||
2542 | 3423 | |||
2543 | 3424 | -- Mathias Gug <mathiaz@ubuntu.com> Wed, 17 Nov 2010 18:16:42 -0500 | ||
2544 | 3425 | |||
2545 | 3426 | openldap (2.4.23-6ubuntu1) natty; urgency=low | ||
2546 | 3427 | |||
2547 | 3428 | * Merge from Debian unstable: | ||
2548 | 3429 | - Install a default DIT (LP: #442498). | ||
2549 | 3430 | - Document cn=config in README file (LP: #370784). | ||
2550 | 3431 | - remaining changes: | ||
2551 | 3432 | + AppArmor support: | ||
2552 | 3433 | - debian/apparmor-profile: add AppArmor profile | ||
2553 | 3434 | - use dh_apparmor: | ||
2554 | 3435 | - debian/rules: use dh_apparmor | ||
2555 | 3436 | - debian/control: Build-Depends on debhelper 7.4.20ubuntu5 | ||
2556 | 3437 | - updated debian/slapd.README.Debian for note on AppArmor | ||
2557 | 3438 | - debian/slapd.dirs: add etc/apparmor.d/force-complain | ||
2558 | 3439 | + Enable GSSAPI support (LP: #495418): | ||
2559 | 3440 | - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise): | ||
2560 | 3441 | - Add --with-gssapi support | ||
2561 | 3442 | - Make guess_service_principal() more robust when determining | ||
2562 | 3443 | principal | ||
2563 | 3444 | - debian/patches/series: apply gssapi.diff patch. | ||
2564 | 3445 | - debian/configure.options: Configure with --with-gssapi | ||
2565 | 3446 | - debian/control: Added libkrb5-dev as a build depend | ||
2566 | 3447 | + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support | ||
2567 | 3448 | in the openldap library, as required by Likewise-Open (LP: #390579) | ||
2568 | 3449 | + Don't build smbk5pwd overlay since it uses heimdal instead of krb5: | ||
2569 | 3450 | - debian/control: | ||
2570 | 3451 | - remove build-dependency on heimdal-dev. | ||
2571 | 3452 | - remove slapd-smbk5pwd binary package. | ||
2572 | 3453 | - debian/rules: don't build smbk5pwd slapd module. | ||
2573 | 3454 | + debian/{control,rules}: enable PIE hardening | ||
2574 | 3455 | + ufw support (LP: #423246): | ||
2575 | 3456 | - debian/control: suggest ufw. | ||
2576 | 3457 | - debian/rules: install ufw profile. | ||
2577 | 3458 | - debian/slapd.ufw.profile: add ufw profile. | ||
2578 | 3459 | + Enable nssoverlay: | ||
2579 | 3460 | - debian/patches/nssov-build, debian/series, debian/rules: | ||
2580 | 3461 | Apply, build and package the nss overlay. | ||
2581 | 3462 | - debian/schema/extra/misc.ldif: add ldif file for the misc schema | ||
2582 | 3463 | which defines rfc822MailMember (required by the nss overlay). | ||
2583 | 3464 | + debian/rules, debian/schema/extra/: | ||
2584 | 3465 | Fix configure rule to supports extra schemas shipped as part | ||
2585 | 3466 | of the debian/schema/ directory. | ||
2586 | 3467 | + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544) | ||
2587 | 3468 | + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in | ||
2588 | 3469 | neither the default DIT nor via an Authn mapping. | ||
2589 | 3470 | + debian/slapd.scripts-common: adjust minimum version that triggers a | ||
2590 | 3471 | database upgrade. Upgrade from maverick shouldn't trigger database | ||
2591 | 3472 | upgrade (which would happen with the version used in Debian). | ||
2592 | 3473 | + debian/slapd.scripts-common: add slapcat_opts to local variables. | ||
2593 | 3474 | Remove unused variable new_conf. | ||
2594 | 3475 | + debian/slapd.script-common: Fix package reconfiguration. | ||
2595 | 3476 | - Fix backup directory naming for multiple reconfiguration. | ||
2596 | 3477 | + debian/slapd.default, debian/slapd.README.Debian: | ||
2597 | 3478 | use the new configuration style. | ||
2598 | 3479 | |||
2599 | 3480 | -- Mathias Gug <mathiaz@ubuntu.com> Fri, 12 Nov 2010 15:19:07 -0500 | ||
2600 | 3481 | |||
2601 | 1196 | openldap (2.4.23-6) unstable; urgency=high | 3482 | openldap (2.4.23-6) unstable; urgency=high |
2602 | 1197 | 3483 | ||
2603 | 1198 | * Check for an empty directory to prevent an rm -f /*. (Closes: #597704) | 3484 | * Check for an empty directory to prevent an rm -f /*. (Closes: #597704) |
2604 | @@ -1315,6 +3601,80 @@ openldap (2.4.23-1) unstable; urgency=low | |||
2605 | 1315 | 3601 | ||
2606 | 1316 | -- Matthijs Mohlmann <matthijs@cacholong.nl> Mon, 12 Jul 2010 13:25:00 +0200 | 3602 | -- Matthijs Mohlmann <matthijs@cacholong.nl> Mon, 12 Jul 2010 13:25:00 +0200 |
2607 | 1317 | 3603 | ||
2608 | 3604 | openldap (2.4.23-0ubuntu4) natty; urgency=low | ||
2609 | 3605 | |||
2610 | 3606 | * debian/slapd.templates: amended typo in slapd/move_old_database | ||
2611 | 3607 | (LP: #666028) | ||
2612 | 3608 | |||
2613 | 3609 | -- James Page <james.page@canonical.com> Mon, 08 Nov 2010 10:00:58 +0000 | ||
2614 | 3610 | |||
2615 | 3611 | openldap (2.4.23-0ubuntu3.2) maverick-proposed; urgency=low | ||
2616 | 3612 | |||
2617 | 3613 | * debian/slapd.templates: re-add slapd/move_old_database template as it's | ||
2618 | 3614 | used during the package upgrade. Thanks to James Page for pointing it. | ||
2619 | 3615 | * debian/slapd.config: restore debconf question slapd/move_old_database. | ||
2620 | 3616 | |||
2621 | 3617 | -- Mathias Gug <mathiaz@ubuntu.com> Thu, 14 Oct 2010 16:56:38 -0400 | ||
2622 | 3618 | |||
2623 | 3619 | openldap (2.4.23-0ubuntu3.1) maverick-proposed; urgency=low | ||
2624 | 3620 | |||
2625 | 3621 | [ James Page ] | ||
2626 | 3622 | * Fixed install/upgrade process to dump/restore databases due | ||
2627 | 3623 | to uplift to libdb4.8-dev (LP: #658227) | ||
2628 | 3624 | |||
2629 | 3625 | -- Mathias Gug <mathiaz@ubuntu.com> Thu, 14 Oct 2010 14:50:49 -0400 | ||
2630 | 3626 | |||
2631 | 3627 | openldap (2.4.23-0ubuntu3) maverick; urgency=low | ||
2632 | 3628 | |||
2633 | 3629 | * debian/rules: move dh_apparmor before dh_installinit | ||
2634 | 3630 | |||
2635 | 3631 | -- Jamie Strandboge <jamie@ubuntu.com> Fri, 06 Aug 2010 17:34:21 -0500 | ||
2636 | 3632 | |||
2637 | 3633 | openldap (2.4.23-0ubuntu2) maverick; urgency=low | ||
2638 | 3634 | |||
2639 | 3635 | * convert to using dh_apparmor: | ||
2640 | 3636 | - debian/rules, debian/slapd.post{inst,rm}: use dh_apparmor | ||
2641 | 3637 | - debian/control: Build-Depends on debhelper 7.4.20ubuntu5 | ||
2642 | 3638 | * debian/apparmor-profile: use local include | ||
2643 | 3639 | |||
2644 | 3640 | -- Jamie Strandboge <jamie@ubuntu.com> Fri, 06 Aug 2010 15:08:55 -0500 | ||
2645 | 3641 | |||
2646 | 3642 | openldap (2.4.23-0ubuntu1) maverick; urgency=low | ||
2647 | 3643 | |||
2648 | 3644 | * New release, features include: | ||
2649 | 3645 | + Fixed libldap to return server's error code (ITS#6569) | ||
2650 | 3646 | + Fixed libldap memleaks (ITS#6568) | ||
2651 | 3647 | + Fixed liblutil off-by-one with delta (ITS#6541) | ||
2652 | 3648 | + Fixed slapd acls with glued databases (ITS#6468) | ||
2653 | 3649 | + Fixed slapd syncrepl rid logging (ITS#6533) | ||
2654 | 3650 | + Fixed slapd modrdn handling of invalid values (ITS#6570) | ||
2655 | 3651 | + Fixed slapd-bdb hasSubordinates computation (ITS#6549) | ||
2656 | 3652 | + Fixed slapd-bdb to use memcpy instead for strcpy (ITS#6474) | ||
2657 | 3653 | + Fixed slapd-bdb entry cache delete failure (ITS#6577) | ||
2658 | 3654 | + Fixed slapd-ldap to return control responses (ITS#6530) | ||
2659 | 3655 | + Fixed slapo-ppolicy to use Debug (ITS#6566) | ||
2660 | 3656 | + Fixed slapo-refint to zero out freed DN vals (ITS#6572) | ||
2661 | 3657 | + Fixed slapo-rwm to use Debug (ITS#6566) | ||
2662 | 3658 | + Fixed slapo-sssvlv to use Debug (ITS#6566) | ||
2663 | 3659 | + Fixed slapo-syncprov lost deletes in refresh phase (ITS#6555) | ||
2664 | 3660 | + Fixed slapo-valsort to use Debug (ITS#6566) | ||
2665 | 3661 | + Fixed contrib/nssov network.c missing patch (ITS#6562) | ||
2666 | 3662 | + Fixed test043 attribute sorting (ITS#6553) | ||
2667 | 3663 | + slapd-config(5) note default rootdn (ITS#6546) | ||
2668 | 3664 | * Rebased patches debian/patches/dropped nssov-build | ||
2669 | 3665 | * Resynchronize with Debian: | ||
2670 | 3666 | + debian/control: | ||
2671 | 3667 | - Bump standards-version to 3.9.0 | ||
2672 | 3668 | - Use libdb4.8-dev (LP: #572489) | ||
2673 | 3669 | + Added debian/patches/issue-6534-patch | ||
2674 | 3670 | + Added debian/patches/ldap-conf-tls-cacertdir | ||
2675 | 3671 | * Add ufw support, thanks to PatRiehecky (LP: #423246) | ||
2676 | 3672 | |||
2677 | 3673 | [Adam Sommer] | ||
2678 | 3674 | * debian/rules, debian/slapd.py: Add apport hook. (LP: #610544) | ||
2679 | 3675 | |||
2680 | 3676 | -- Chuck Short <zulcss@ubuntu.com> Wed, 28 Jul 2010 11:35:16 -0400 | ||
2681 | 3677 | |||
2682 | 1318 | openldap (2.4.21-1) unstable; urgency=low | 3678 | openldap (2.4.21-1) unstable; urgency=low |
2683 | 1319 | 3679 | ||
2684 | 1320 | [ Steve Langasek ] | 3680 | [ Steve Langasek ] |
2685 | @@ -1346,6 +3706,79 @@ openldap (2.4.21-1) unstable; urgency=low | |||
2686 | 1346 | 3706 | ||
2687 | 1347 | -- Matthijs Mohlmann <matthijs@cacholong.nl> Thu, 22 Apr 2010 23:40:30 +0200 | 3707 | -- Matthijs Mohlmann <matthijs@cacholong.nl> Thu, 22 Apr 2010 23:40:30 +0200 |
2688 | 1348 | 3708 | ||
2689 | 3709 | openldap (2.4.21-0ubuntu5) lucid; urgency=low | ||
2690 | 3710 | |||
2691 | 3711 | * Fix local root connection access: replace olcAuthzRegexp mapping to | ||
2692 | 3712 | cn=localroot,cn=config with using the SASL dn directly in olcAccess. | ||
2693 | 3713 | Makes upgrades much simpler and robust (LP: #563829). | ||
2694 | 3714 | |||
2695 | 3715 | -- Mathias Gug <mathiaz@ubuntu.com> Fri, 23 Apr 2010 00:23:31 -0400 | ||
2696 | 3716 | |||
2697 | 3717 | openldap (2.4.21-0ubuntu4) lucid; urgency=low | ||
2698 | 3718 | |||
2699 | 3719 | [ Simon Olofsson ] | ||
2700 | 3720 | * debian/slapd.postinst: | ||
2701 | 3721 | - Show a message after successful migration (LP: #538848) | ||
2702 | 3722 | |||
2703 | 3723 | [ Jorgen Rosink ] | ||
2704 | 3724 | * debian/slapd.init: add simple status checking with LSB compatible exit | ||
2705 | 3725 | codes (LP: #562377) | ||
2706 | 3726 | * debian/slapd.init.ldif: | ||
2707 | 3727 | - remove admin user in default config database (LP: #556176) | ||
2708 | 3728 | - in default config, add olcAccess entries giving access to controls | ||
2709 | 3729 | available and cn=subschema (LP: #427842) | ||
2710 | 3730 | |||
2711 | 3731 | [ Scott Moser ] | ||
2712 | 3732 | * debian/slapd.scripts-common: Do not create /nonexistent directory | ||
2713 | 3733 | for openldap user's home (LP: #556176) | ||
2714 | 3734 | * debian/slapd.postinst: fix cn=config olcAccess migration (LP: #559070) | ||
2715 | 3735 | |||
2716 | 3736 | -- Scott Moser <smoser@ubuntu.com> Mon, 12 Apr 2010 16:16:47 -0400 | ||
2717 | 3737 | |||
2718 | 3738 | openldap (2.4.21-0ubuntu3) lucid; urgency=low | ||
2719 | 3739 | |||
2720 | 3740 | * debian/slapd.postinst, debian/slapd.scripts-common: Upgrade databases | ||
2721 | 3741 | before trying to convert to slapd.d, to avoid upgrade failure from hardy | ||
2722 | 3742 | (LP: #536958) | ||
2723 | 3743 | * debian/slapd.postinst: Add a {1} numeric index to olcAccess entry in | ||
2724 | 3744 | olcDatabase={0}config.ldif to avoid upgrade failures (LP: #538516, #526230) | ||
2725 | 3745 | |||
2726 | 3746 | -- Thierry Carrez <thierry.carrez@ubuntu.com> Mon, 29 Mar 2010 13:31:47 +0200 | ||
2727 | 3747 | |||
2728 | 3748 | openldap (2.4.21-0ubuntu2) lucid; urgency=low | ||
2729 | 3749 | |||
2730 | 3750 | * debian/apparmor-profile: Update apparmor profile. (LP: #508190) | ||
2731 | 3751 | |||
2732 | 3752 | -- Chuck Short <zulcss@ubuntu.com> Tue, 09 Mar 2010 13:33:35 -0500 | ||
2733 | 3753 | |||
2734 | 3754 | openldap (2.4.21-0ubuntu1) lucid; urgency=low | ||
2735 | 3755 | |||
2736 | 3756 | * New upstream release. | ||
2737 | 3757 | * debian/rules, debian/schema/extra/: | ||
2738 | 3758 | Fix get-orig-source rule to supports extra schemas shipped as part of the | ||
2739 | 3759 | debian/schema/ directory. | ||
2740 | 3760 | |||
2741 | 3761 | -- Mathias Gug <mathiaz@ubuntu.com> Thu, 18 Feb 2010 00:58:13 -0500 | ||
2742 | 3762 | |||
2743 | 3763 | openldap (2.4.18-0ubuntu2) lucid; urgency=low | ||
2744 | 3764 | |||
2745 | 3765 | * debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise): | ||
2746 | 3766 | - Add --with-gssapi support | ||
2747 | 3767 | - Make guess_service_principal() more robust when determining principal | ||
2748 | 3768 | * Enable GSSAPI support (LP: #495418): | ||
2749 | 3769 | - debian/configure.options: Configure with --with-gssapi | ||
2750 | 3770 | - debian/control: Added libkrb5-dev as a build depend | ||
2751 | 3771 | |||
2752 | 3772 | -- Thierry Carrez <thierry.carrez@ubuntu.com> Fri, 11 Dec 2009 11:31:11 +0100 | ||
2753 | 3773 | |||
2754 | 3774 | openldap (2.4.18-0ubuntu1) karmic; urgency=low | ||
2755 | 3775 | |||
2756 | 3776 | * New upstream release: (LP: #419515): | ||
2757 | 3777 | + pcache overlay supports disconnected mode. | ||
2758 | 3778 | * Fix nss overlay load (LP: #417163). | ||
2759 | 3779 | |||
2760 | 3780 | -- Mathias Gug <mathiaz@ubuntu.com> Mon, 07 Sep 2009 13:41:10 -0400 | ||
2761 | 3781 | |||
2762 | 1349 | openldap (2.4.17-2.1) unstable; urgency=high | 3782 | openldap (2.4.17-2.1) unstable; urgency=high |
2763 | 1350 | 3783 | ||
2764 | 1351 | * Non-maintainer upload by the Security Team. | 3784 | * Non-maintainer upload by the Security Team. |
2765 | @@ -1372,6 +3805,108 @@ openldap (2.4.17-2) unstable; urgency=low | |||
2766 | 1372 | 3805 | ||
2767 | 1373 | -- Steve Langasek <vorlon@debian.org> Tue, 22 Sep 2009 20:06:34 -0700 | 3806 | -- Steve Langasek <vorlon@debian.org> Tue, 22 Sep 2009 20:06:34 -0700 |
2768 | 1374 | 3807 | ||
2769 | 3808 | openldap (2.4.17-1ubuntu3) karmic; urgency=low | ||
2770 | 3809 | |||
2771 | 3810 | * Install a minimal slapd configuration instead of creating a default | ||
2772 | 3811 | database with a default DIT: | ||
2773 | 3812 | + Move openldap user home from /var/lib/ldap to /nonexistent. | ||
2774 | 3813 | + Remove all code and templates dealing with the default database and DIT | ||
2775 | 3814 | creation. | ||
2776 | 3815 | + Add an Authz map from root user (UID=0) to cn=localroot,cn=config and | ||
2777 | 3816 | grant all access to the latter in the cn=config database as well as the | ||
2778 | 3817 | default backend configuration. | ||
2779 | 3818 | * Add cn=localroot,cn=config authz mapping on upgrades. | ||
2780 | 3819 | |||
2781 | 3820 | -- Mathias Gug <mathiaz@ubuntu.com> Tue, 11 Aug 2009 14:48:56 -0400 | ||
2782 | 3821 | |||
2783 | 3822 | openldap (2.4.17-1ubuntu2) karmic; urgency=low | ||
2784 | 3823 | |||
2785 | 3824 | [ Thierry Carrez ] | ||
2786 | 3825 | * debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support | ||
2787 | 3826 | in the openldap library, as required by Likewise-Open (LP: #390579) | ||
2788 | 3827 | |||
2789 | 3828 | [ Mathias Gug ] | ||
2790 | 3829 | * debian/patches/its6077-uniqueness-overlay: fixes some issues with the | ||
2791 | 3830 | uniqueness overlay. | ||
2792 | 3831 | * debian/patches/its6220-writetimeout-directive: fixes a problem with the | ||
2793 | 3832 | writetimeout directive being in effect even if it wasn't set, | ||
2794 | 3833 | closing connections incorrectly. | ||
2795 | 3834 | * debian/patches/its6222-dncachesize-parameter: fixes the behavior of the | ||
2796 | 3835 | dncachesize parameter that was added in RE24, so that if it is set to | ||
2797 | 3836 | "0" (now the default), it has an unlimited DN cache (RE23 always | ||
2798 | 3837 | had an unlimited DN cache). | ||
2799 | 3838 | |||
2800 | 3839 | -- Mathias Gug <mathiaz@ubuntu.com> Fri, 31 Jul 2009 13:43:46 -0400 | ||
2801 | 3840 | |||
2802 | 3841 | openldap (2.4.17-1ubuntu1) karmic; urgency=low | ||
2803 | 3842 | |||
2804 | 3843 | [ Steve Langasek ] | ||
2805 | 3844 | * Fix up the lintian warnings: | ||
2806 | 3845 | - add missing misc-depends on all packages | ||
2807 | 3846 | - slapd, libldap-2.4-2-dbg sections changed to 'debug' to match archive | ||
2808 | 3847 | overrides | ||
2809 | 3848 | - bump Standards-Version to 3.8.2, no changes required. | ||
2810 | 3849 | |||
2811 | 3850 | [ Mathias Gug ] | ||
2812 | 3851 | * Resynchronise with Debian. Remaining changes: | ||
2813 | 3852 | - AppArmor support: | ||
2814 | 3853 | - debian/apparmor-profile: add AppArmor profile | ||
2815 | 3854 | - updated debian/slapd.README.Debian for note on AppArmor | ||
2816 | 3855 | - debian/slapd.dirs: add etc/apparmor.d/force-complain | ||
2817 | 3856 | - debian/slapd.postrm: remove symlink in force-complain/ on purge | ||
2818 | 3857 | - debian/rules: install apparmor profile. | ||
2819 | 3858 | - Don't use local statement in config script as it fails if /bin/sh | ||
2820 | 3859 | points to bash. | ||
2821 | 3860 | - debian/slapd.postinst, debian/slapd.script-common: set correct | ||
2822 | 3861 | ownership and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group | ||
2823 | 3862 | readable) and /var/run/slapd (world readable). | ||
2824 | 3863 | - Enable nssoverlay: | ||
2825 | 3864 | - debian/patches/nssov-build, debian/rules: Build and package the nss | ||
2826 | 3865 | overlay. | ||
2827 | 3866 | - debian/schema/misc.ldif: add ldif file for the misc schema which | ||
2828 | 3867 | defines rfc822MailMember (required by the nss overlay). | ||
2829 | 3868 | - debian/{control,rules}: enable PIE hardening | ||
2830 | 3869 | - Use cn=config as the default configuration backend instead of | ||
2831 | 3870 | slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade | ||
2832 | 3871 | asking the end user to enter a new password to control the access to | ||
2833 | 3872 | the cn=config tree. | ||
2834 | 3873 | - debian/slapd.postinst: create /var/run/slapd before updating its | ||
2835 | 3874 | permissions. | ||
2836 | 3875 | - debian/slapd.init: Correctly set slapd config backend option even if | ||
2837 | 3876 | the pidfile is configured in slapd default file. | ||
2838 | 3877 | * Dropped: | ||
2839 | 3878 | - Merged in Debian: | ||
2840 | 3879 | - Update priority of libldap-2.4-2 to match the archive override. | ||
2841 | 3880 | - Add the missing ldapexop and ldapurl tools to ldap-utils, as well as | ||
2842 | 3881 | the ldapurl(1) manpage. | ||
2843 | 3882 | - Bump build-dependency on debhelper to 6 instead of 5, since that's | ||
2844 | 3883 | what we're using. | ||
2845 | 3884 | - Set the default SLAPD_SERVICES to ldap:/// ldapi:///, instead of using | ||
2846 | 3885 | the built-in default of ldap:/// only. | ||
2847 | 3886 | - Fixed in upstream release: | ||
2848 | 3887 | - debian/patches/fix-ldap_back_entry_get_rwa.patch: fix test-0034 | ||
2849 | 3888 | failure when built with PIE. | ||
2850 | 3889 | - debian/patches/gnutls-enable-v1-ca-certs: Enable V1 CA certs to be | ||
2851 | 3890 | trusted. | ||
2852 | 3891 | - Update Apparmor profile support: don't support upgrade from pre-hardy | ||
2853 | 3892 | systems: | ||
2854 | 3893 | - debian/slapd.postinst: Reload AA profile on configuration | ||
2855 | 3894 | - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6 | ||
2856 | 3895 | - debian/control: Conflicts with apparmor-profiles << | ||
2857 | 3896 | 2.1+1075-0ubuntu4 to make sure that if earlier version of | ||
2858 | 3897 | apparmor-profiles gets installed it won't overwrite our profile. | ||
2859 | 3898 | - follow ApparmorProfileMigration and force apparmor complain mode on | ||
2860 | 3899 | some upgrades | ||
2861 | 3900 | - debian/slapd.preinst: create symlink for force-complain on | ||
2862 | 3901 | pre-feisty upgrades, upgrades where apparmor-profiles profile is | ||
2863 | 3902 | unchanged (ie non-enforcing) and upgrades where apparmor profile | ||
2864 | 3903 | does not exist. | ||
2865 | 3904 | - debian/patches/autogen.sh: no longer needed with karmic libtool. | ||
2866 | 3905 | - Call libtoolize with the --install option to install | ||
2867 | 3906 | config.{guess,sub} files. | ||
2868 | 3907 | |||
2869 | 3908 | -- Mathias Gug <mathiaz@ubuntu.com> Thu, 30 Jul 2009 16:42:58 -0400 | ||
2870 | 3909 | |||
2871 | 1375 | openldap (2.4.17-1) unstable; urgency=low | 3910 | openldap (2.4.17-1) unstable; urgency=low |
2872 | 1376 | 3911 | ||
2873 | 1377 | * New upstream version. | 3912 | * New upstream version. |
2874 | @@ -1394,6 +3929,153 @@ openldap (2.4.17-1) unstable; urgency=low | |||
2875 | 1394 | 3929 | ||
2876 | 1395 | -- Steve Langasek <vorlon@debian.org> Tue, 28 Jul 2009 10:17:15 -0700 | 3930 | -- Steve Langasek <vorlon@debian.org> Tue, 28 Jul 2009 10:17:15 -0700 |
2877 | 1396 | 3931 | ||
2878 | 3932 | openldap (2.4.15-1.1ubuntu1) karmic; urgency=low | ||
2879 | 3933 | |||
2880 | 3934 | * Resynchronise with Debian. Remaining changes: | ||
2881 | 3935 | - AppArmor support: | ||
2882 | 3936 | - debian/apparmor-profile: add AppArmor profile | ||
2883 | 3937 | - debian/slapd.postinst: Reload AA profile on configuration | ||
2884 | 3938 | - updated debian/slapd.README.Debian for note on AppArmor | ||
2885 | 3939 | - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6 | ||
2886 | 3940 | - debian/control: Conflicts with apparmor-profiles << | ||
2887 | 3941 | 2.1+1075-0ubuntu4 to make sure that if earlier version of | ||
2888 | 3942 | apparmor-profiles gets installed it won't overwrite our profile. | ||
2889 | 3943 | - follow ApparmorProfileMigration and force apparmor complain mode on | ||
2890 | 3944 | some upgrades | ||
2891 | 3945 | - debian/slapd.dirs: add etc/apparmor.d/force-complain | ||
2892 | 3946 | - debian/slapd.preinst: create symlink for force-complain on | ||
2893 | 3947 | pre-feisty upgrades, upgrades where apparmor-profiles profile is | ||
2894 | 3948 | unchanged (ie non-enforcing) and upgrades where apparmor profile | ||
2895 | 3949 | does not exist. | ||
2896 | 3950 | - debian/slapd.postrm: remove symlink in force-complain/ on purge | ||
2897 | 3951 | - debian/patches/autogen.sh: | ||
2898 | 3952 | - Call libtoolize with the --install option to install | ||
2899 | 3953 | config.{guess,sub} files. | ||
2900 | 3954 | - Don't use local statement in config script as it fails if /bin/sh | ||
2901 | 3955 | points to bash. | ||
2902 | 3956 | - debian/slapd.postinst, debian/slapd.script-common: set correct | ||
2903 | 3957 | ownership and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group | ||
2904 | 3958 | readable) and /var/run/slapd (world readable). | ||
2905 | 3959 | - Enable nssoverlay: | ||
2906 | 3960 | - debian/patches/nssov-build, debian/rules: Build and package the nss | ||
2907 | 3961 | overlay. | ||
2908 | 3962 | - debian/schema/misc.ldif: add ldif file for the misc schema which | ||
2909 | 3963 | defines rfc822MailMember (required by the nss overlay). | ||
2910 | 3964 | - debian/{control,rules}: enable PIE hardening | ||
2911 | 3965 | - Use cn=config as the default configuration backend instead of | ||
2912 | 3966 | slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade | ||
2913 | 3967 | asking the end user to enter a new password to control the access to | ||
2914 | 3968 | the cn=config tree. | ||
2915 | 3969 | - Update priority of libldap-2.4-2 to match the archive override. | ||
2916 | 3970 | - Add the missing ldapexop and ldapurl tools to ldap-utils, as well as | ||
2917 | 3971 | the ldapurl(1) manpage. | ||
2918 | 3972 | - Bump build-dependency on debhelper to 6 instead of 5, since that's | ||
2919 | 3973 | what we're using. | ||
2920 | 3974 | - Set the default SLAPD_SERVICES to ldap:/// ldapi:///, instead of using | ||
2921 | 3975 | the built-in default of ldap:/// only. | ||
2922 | 3976 | - debian/patches/fix-ldap_back_entry_get_rwa.patch: fix test-0034 | ||
2923 | 3977 | failure when built with PIE. | ||
2924 | 3978 | - debian/patches/gnutls-enable-v1-ca-certs: Enable V1 CA certs to be | ||
2925 | 3979 | trusted. | ||
2926 | 3980 | - debian/slapd.postinst: create /var/run/slapd before updating its | ||
2927 | 3981 | permissions. | ||
2928 | 3982 | - debian/slapd.init: Correctly set slapd config backend option even if | ||
2929 | 3983 | the pidfile is configured in slapd default file. | ||
2930 | 3984 | * Drop patch to avoid the test suite on hppa, as hppa is EOL. | ||
2931 | 3985 | |||
2932 | 3986 | -- Colin Watson <cjwatson@ubuntu.com> Wed, 24 Jun 2009 10:45:20 +0100 | ||
2933 | 3987 | |||
2934 | 3988 | openldap (2.4.15-1.1) unstable; urgency=low | ||
2935 | 3989 | |||
2936 | 3990 | * Non-maintainer upload. | ||
2937 | 3991 | * Change libltdl3-dev Build-Depends to libltdl-dev | libltdl3-dev | ||
2938 | 3992 | (Closes: #522965) | ||
2939 | 3993 | |||
2940 | 3994 | -- Kurt Roeckx <kurt@roeckx.be> Sun, 19 Apr 2009 18:24:32 +0200 | ||
2941 | 3995 | |||
2942 | 3996 | openldap (2.4.15-1ubuntu3) jaunty; urgency=low | ||
2943 | 3997 | |||
2944 | 3998 | * No-change rebuild to fix lpia shared library dependencies. | ||
2945 | 3999 | |||
2946 | 4000 | -- Colin Watson <cjwatson@ubuntu.com> Thu, 19 Mar 2009 09:52:40 +0000 | ||
2947 | 4001 | |||
2948 | 4002 | openldap (2.4.15-1ubuntu2) jaunty; urgency=low | ||
2949 | 4003 | |||
2950 | 4004 | * debian/slapd.postinst: create /var/run/slapd before updating its | ||
2951 | 4005 | permissions (LP: #298928). | ||
2952 | 4006 | * debian/slapd.init: Correclty set slapd config backend option even if the | ||
2953 | 4007 | pidfile is configured in slapd default file (LP: #292364). | ||
2954 | 4008 | * debian/apparmor-profile: support multiple databases to be stored under | ||
2955 | 4009 | /var/lib/ldap/. (LP: #286614). | ||
2956 | 4010 | |||
2957 | 4011 | -- Mathias Gug <mathiaz@ubuntu.com> Fri, 13 Mar 2009 13:56:12 -0400 | ||
2958 | 4012 | |||
2959 | 4013 | openldap (2.4.15-1ubuntu1) jaunty; urgency=low | ||
2960 | 4014 | |||
2961 | 4015 | [ Steve Langasek ] | ||
2962 | 4016 | * Update priority of libldap-2.4-2 to match the archive override. | ||
2963 | 4017 | * Add the missing ldapexop and ldapurl tools to ldap-utils, as well as the | ||
2964 | 4018 | ldapurl(1) manpage. Thanks to Peter Marschall for the patch. | ||
2965 | 4019 | Closes: #496749. | ||
2966 | 4020 | * Bump build-dependency on debhelper to 6 instead of 5, since that's | ||
2967 | 4021 | what we're using. Closes: #498116. | ||
2968 | 4022 | * Set the default SLAPD_SERVICES to ldap:/// ldapi:///, instead of using | ||
2969 | 4023 | the built-in default of ldap:/// only. | ||
2970 | 4024 | |||
2971 | 4025 | [ Mathias Gug ] | ||
2972 | 4026 | * Merge from debian unstable, remaining changes: | ||
2973 | 4027 | - Modify Maintainer value to match the DebianMaintainerField | ||
2974 | 4028 | speficication. | ||
2975 | 4029 | - AppArmor support: | ||
2976 | 4030 | - debian/apparmor-profile: add AppArmor profile | ||
2977 | 4031 | - debian/slapd.postinst: Reload AA profile on configuration | ||
2978 | 4032 | - updated debian/slapd.README.Debian for note on AppArmor | ||
2979 | 4033 | - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6 | ||
2980 | 4034 | - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4 | ||
2981 | 4035 | to make sure that if earlier version of apparmour-profiles gets | ||
2982 | 4036 | installed it won't overwrite our profile. | ||
2983 | 4037 | - follow ApparmorProfileMigration and force apparmor compalin mode on | ||
2984 | 4038 | some upgrades (LP: #203529) | ||
2985 | 4039 | - debian/slapd.dirs: add etc/apparmor.d/force-complain | ||
2986 | 4040 | - debian/slapd.preinst: create symlink for force-complain on pre-feisty | ||
2987 | 4041 | upgrades, upgrades where apparmor-profiles profile is unchanged (ie | ||
2988 | 4042 | non-enforcing) and upgrades where apparmor profile does not exist. | ||
2989 | 4043 | - debian/slapd.postrm: remove symlink in force-complain/ on purge | ||
2990 | 4044 | - debian/control: | ||
2991 | 4045 | - Build-depend on libltdl7-dev rather then libltdl3-dev. | ||
2992 | 4046 | - debian/patches/autogen.sh: | ||
2993 | 4047 | - Call libtoolize with the --install option to install config.{guess,sub} | ||
2994 | 4048 | files. | ||
2995 | 4049 | - Don't use local statement in config script as it fails if /bin/sh | ||
2996 | 4050 | points to bash (LP: #286063). | ||
2997 | 4051 | - Disable the testsuite on hppa. Allows building of packages on this | ||
2998 | 4052 | architecture again, once this package is in the archive. | ||
2999 | 4053 | LP: #288908. | ||
3000 | 4054 | - debian/slapd.postinst, debian/slapd.script-common: set correct ownership | ||
3001 | 4055 | and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group readable) and | ||
3002 | 4056 | /var/run/slapd (world readable). (LP: #257667). | ||
3003 | 4057 | - Enable nssoverlay: | ||
3004 | 4058 | - debian/patches/nssov-build, debian/rules: Build and package | ||
3005 | 4059 | the nss overlay. | ||
3006 | 4060 | - debian/schema/misc.ldif: add ldif file for the misc schema | ||
3007 | 4061 | which defines rfc822MailMember (required by the nss overlay). | ||
3008 | 4062 | - debian/{control,rules}: enable PIE hardening | ||
3009 | 4063 | - Use cn=config as the default configuration backend instead of | ||
3010 | 4064 | slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade | ||
3011 | 4065 | asking the end user to enter a new password to control the access to the | ||
3012 | 4066 | cn=config tree. | ||
3013 | 4067 | * Dropped: | ||
3014 | 4068 | - debian/patches/corrupt-contextCSN: The contextCSN can get corrupted at | ||
3015 | 4069 | times. (ITS: #5947) Fixed in new upstream version 2.4.15. | ||
3016 | 4070 | - debian/patches/fix-ucred-libc due to changes how newer glibc handle | ||
3017 | 4071 | the ucred struct now. Implemented in Debian. | ||
3018 | 4072 | * debian/patches/fix-ldap_back_entry_get_rwa.patch: fix test-0034 failure | ||
3019 | 4073 | when built with PIE. | ||
3020 | 4074 | * debian/patches/gnutls-enable-v1-ca-certs: Enable V1 CA certs to be | ||
3021 | 4075 | trusted (LP: #305264). | ||
3022 | 4076 | |||
3023 | 4077 | -- Mathias Gug <mathiaz@ubuntu.com> Fri, 06 Mar 2009 17:34:21 -0500 | ||
3024 | 4078 | |||
3025 | 1397 | openldap (2.4.15-1) unstable; urgency=low | 4079 | openldap (2.4.15-1) unstable; urgency=low |
3026 | 1398 | 4080 | ||
3027 | 1399 | * New upstream version | 4081 | * New upstream version |
3028 | @@ -1411,6 +4093,69 @@ openldap (2.4.15-1) unstable; urgency=low | |||
3029 | 1411 | 4093 | ||
3030 | 1412 | -- Steve Langasek <vorlon@debian.org> Tue, 24 Feb 2009 14:27:35 -0800 | 4094 | -- Steve Langasek <vorlon@debian.org> Tue, 24 Feb 2009 14:27:35 -0800 |
3031 | 1413 | 4095 | ||
3032 | 4096 | openldap (2.4.14-0ubuntu1) jaunty; urgency=low | ||
3033 | 4097 | |||
3034 | 4098 | [ Steve Langasek ] | ||
3035 | 4099 | * New upstream version | ||
3036 | 4100 | - Fixes a bug with the pcache overlay not returning cached entries | ||
3037 | 4101 | (closes: #497697) | ||
3038 | 4102 | - Update evolution-ntlm patch to apply to current Makefiles. | ||
3039 | 4103 | - (tentatively) drop gnutls-ciphers, since this bug was reported to be | ||
3040 | 4104 | fixed upstream in 2.4.8. The fix applied in 2.4.8 didn't match the | ||
3041 | 4105 | patch from the bug report, so this should be watched for regressions. | ||
3042 | 4106 | * Build against db4.7 instead of db4.2 at last! Closes: #421946. | ||
3043 | 4107 | * Build with --disable-ndb, to avoid a misbuild when libmysqlclient is | ||
3044 | 4108 | installed in the build environment. | ||
3045 | 4109 | * New patch, no-crlcheck-for-gnutls, to fix a build failure when using | ||
3046 | 4110 | --with-tls=gnutls. | ||
3047 | 4111 | |||
3048 | 4112 | [ Mathias Gug ] | ||
3049 | 4113 | * Merge from debian unstable, remaining changes: | ||
3050 | 4114 | - debian/apparmor-profile: add AppArmor profile | ||
3051 | 4115 | - debian/slapd.postinst: Reload AA profile on configuration | ||
3052 | 4116 | - updated debian/slapd.README.Debian for note on AppArmor | ||
3053 | 4117 | - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6 | ||
3054 | 4118 | - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4 | ||
3055 | 4119 | to make sure that if earlier version of apparmour-profiles gets | ||
3056 | 4120 | installed it won't overwrite our profile. | ||
3057 | 4121 | - Modify Maintainer value to match the DebianMaintainerField | ||
3058 | 4122 | speficication. | ||
3059 | 4123 | - follow ApparmorProfileMigration and force apparmor compalin mode on | ||
3060 | 4124 | some upgrades (LP: #203529) | ||
3061 | 4125 | - debian/slapd.dirs: add etc/apparmor.d/force-complain | ||
3062 | 4126 | - debian/slapd.preinst: create symlink for force-complain on pre-feisty | ||
3063 | 4127 | upgrades, upgrades where apparmor-profiles profile is unchanged (ie | ||
3064 | 4128 | non-enforcing) and upgrades where apparmor profile does not exist. | ||
3065 | 4129 | - debian/slapd.postrm: remove symlink in force-complain/ on purge | ||
3066 | 4130 | - debian/patches/fix-ucred-libc due to changes how newer glibc handle | ||
3067 | 4131 | the ucred struct now. | ||
3068 | 4132 | - debian/control: | ||
3069 | 4133 | - Build-depend on libltdl7-dev rather then libltdl3-dev. | ||
3070 | 4134 | - debian/patches/autogen.sh: | ||
3071 | 4135 | - Call libtoolize with the --install option to install config.{guess,sub} | ||
3072 | 4136 | files. | ||
3073 | 4137 | - Don't use local statement in config script as it fails if /bin/sh | ||
3074 | 4138 | points to bash (LP: #286063). | ||
3075 | 4139 | - Disable the testsuite on hppa. Allows building of packages on this | ||
3076 | 4140 | architecture again, once this package is in the archive. | ||
3077 | 4141 | LP: #288908. | ||
3078 | 4142 | - debian/slapd.postinst, debian/slapd.script-common: set correct ownership | ||
3079 | 4143 | and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group readable) and | ||
3080 | 4144 | /var/run/slapd (world readable). (LP: #257667). | ||
3081 | 4145 | - debian/patches/nssov-build, debian/rules: | ||
3082 | 4146 | Build and package the nss overlay. | ||
3083 | 4147 | debian/schema/misc.ldif: add ldif file for the misc schema, which defines | ||
3084 | 4148 | rfc822MailMember (required by the nss overlay). | ||
3085 | 4149 | - debian/{control,rules}: enable PIE hardening | ||
3086 | 4150 | - Use cn=config as the default configuration backend instead of | ||
3087 | 4151 | slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade | ||
3088 | 4152 | asking the end user to enter a new password to control the access to the | ||
3089 | 4153 | cn=config tree. | ||
3090 | 4154 | * debian/patches/corrupt-contextCSN: The contextCSN can get corrupted at | ||
3091 | 4155 | times. (ITS: #5947) | ||
3092 | 4156 | |||
3093 | 4157 | -- Mathias Gug <mathiaz@ubuntu.com> Wed, 18 Feb 2009 18:44:00 -0500 | ||
3094 | 4158 | |||
3095 | 1414 | openldap (2.4.11-1) unstable; urgency=low | 4159 | openldap (2.4.11-1) unstable; urgency=low |
3096 | 1415 | 4160 | ||
3097 | 1416 | * New upstream version (closes: #499560). | 4161 | * New upstream version (closes: #499560). |
3098 | @@ -1433,6 +4178,110 @@ openldap (2.4.11-1) unstable; urgency=low | |||
3099 | 1433 | 4178 | ||
3100 | 1434 | -- Steve Langasek <vorlon@debian.org> Sat, 11 Oct 2008 01:53:55 -0700 | 4179 | -- Steve Langasek <vorlon@debian.org> Sat, 11 Oct 2008 01:53:55 -0700 |
3101 | 1435 | 4180 | ||
3102 | 4181 | openldap (2.4.11-0ubuntu7) jaunty; urgency=low | ||
3103 | 4182 | |||
3104 | 4183 | * Don't use local statement in config script as it fails if /bin/sh | ||
3105 | 4184 | points to bash (LP: #286063). | ||
3106 | 4185 | |||
3107 | 4186 | -- Mathias Gug <mathiaz@ubuntu.com> Tue, 04 Nov 2008 20:03:46 -0500 | ||
3108 | 4187 | |||
3109 | 4188 | openldap (2.4.11-0ubuntu6) intrepid; urgency=low | ||
3110 | 4189 | |||
3111 | 4190 | * Disable the testsuite on hppa. Allows building of packages on this | ||
3112 | 4191 | architecture again, once this package is in the archive. | ||
3113 | 4192 | LP: #288908. | ||
3114 | 4193 | |||
3115 | 4194 | -- Matthias Klose <doko@ubuntu.com> Fri, 24 Oct 2008 23:22:33 +0200 | ||
3116 | 4195 | |||
3117 | 4196 | openldap (2.4.11-0ubuntu5) intrepid; urgency=low | ||
3118 | 4197 | |||
3119 | 4198 | * Don't set admin passwords in ldif files if adminpw is empty. | ||
3120 | 4199 | (LP: #273988 - LP: #276606). | ||
3121 | 4200 | |||
3122 | 4201 | -- Mathias Gug <mathiaz@ubuntu.com> Mon, 13 Oct 2008 19:31:15 -0400 | ||
3123 | 4202 | |||
3124 | 4203 | openldap (2.4.11-0ubuntu4) intrepid; urgency=low | ||
3125 | 4204 | |||
3126 | 4205 | * debian/slapd.postinst, debian/slapd.script-common: set correct ownership | ||
3127 | 4206 | and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group readable) and | ||
3128 | 4207 | /var/run/slapd (world readable). (LP: #257667). | ||
3129 | 4208 | * debian/slapd.script-common: | ||
3130 | 4209 | - Fix package reconfiguration: | ||
3131 | 4210 | + Remove slapd.d/ directory if it already exists when creating a new | ||
3132 | 4211 | configuration. | ||
3133 | 4212 | + Fix backup directory naming for multiple reconfiguration. | ||
3134 | 4213 | |||
3135 | 4214 | -- Mathias Gug <mathiaz@ubuntu.com> Wed, 24 Sep 2008 21:01:42 -0400 | ||
3136 | 4215 | |||
3137 | 4216 | openldap (2.4.11-0ubuntu3) intrepid; urgency=low | ||
3138 | 4217 | |||
3139 | 4218 | * debian/patches/nssov-build, debian/rules: | ||
3140 | 4219 | Build and package the nss overlay. | ||
3141 | 4220 | * debian/schema/misc.ldif: add ldif file for the misc schema, which defines | ||
3142 | 4221 | rfc822MailMember (required by the nss overlay). | ||
3143 | 4222 | |||
3144 | 4223 | -- Mathias Gug <mathiaz@ubuntu.com> Tue, 26 Aug 2008 18:42:54 -0400 | ||
3145 | 4224 | |||
3146 | 4225 | openldap (2.4.11-0ubuntu2) intrepid; urgency=low | ||
3147 | 4226 | |||
3148 | 4227 | * debian/{control,rules}: enable PIE hardening | ||
3149 | 4228 | |||
3150 | 4229 | -- Kees Cook <kees@ubuntu.com> Wed, 20 Aug 2008 15:47:01 -0700 | ||
3151 | 4230 | |||
3152 | 4231 | openldap (2.4.11-0ubuntu1) intrepid; urgency=low | ||
3153 | 4232 | |||
3154 | 4233 | * New upstream version: | ||
3155 | 4234 | - Mainly bug fixes. | ||
3156 | 4235 | - New nss slapd overlay (not compiled by default). | ||
3157 | 4236 | * Use cn=config as the default configuration backend instead of | ||
3158 | 4237 | slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade | ||
3159 | 4238 | asking the end user to enter a new password to control the access to the | ||
3160 | 4239 | cn=config tree. | ||
3161 | 4240 | |||
3162 | 4241 | -- Mathias Gug <mathiaz@ubuntu.com> Mon, 11 Aug 2008 20:26:05 -0400 | ||
3163 | 4242 | |||
3164 | 4243 | openldap (2.4.10-3ubuntu1) intrepid; urgency=low | ||
3165 | 4244 | |||
3166 | 4245 | [ Mathias Gug ] | ||
3167 | 4246 | * Merge from debian unstable, remaining changes: | ||
3168 | 4247 | - debian/apparmor-profile: add AppArmor profile | ||
3169 | 4248 | - debian/slapd.postinst: Reload AA profile on configuration | ||
3170 | 4249 | - updated debian/slapd.README.Debian for note on AppArmor | ||
3171 | 4250 | - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6 | ||
3172 | 4251 | - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4 | ||
3173 | 4252 | to make sure that if earlier version of apparmour-profiles gets | ||
3174 | 4253 | installed it won't overwrite our profile. | ||
3175 | 4254 | - Modify Maintainer value to match the DebianMaintainerField | ||
3176 | 4255 | speficication. | ||
3177 | 4256 | - follow ApparmorProfileMigration and force apparmor compalin mode on | ||
3178 | 4257 | some upgrades (LP: #203529) | ||
3179 | 4258 | - debian/slapd.dirs: add etc/apparmor.d/force-complain | ||
3180 | 4259 | - debian/slapd.preinst: create symlink for force-complain on pre-feisty | ||
3181 | 4260 | upgrades, upgrades where apparmor-profiles profile is unchanged (ie | ||
3182 | 4261 | non-enforcing) and upgrades where apparmor profile does not exist. | ||
3183 | 4262 | - debian/slapd.postrm: remove symlink in force-complain/ on purge | ||
3184 | 4263 | - debian/patches/fix-ucred-libc due to changes how newer glibc handle | ||
3185 | 4264 | the ucred struct now. | ||
3186 | 4265 | - debian/patches/fix-unique-overlay-assertion.patch: | ||
3187 | 4266 | Fix another assertion error in unique overlay (LP: #243337). | ||
3188 | 4267 | Backport from head. | ||
3189 | 4268 | * Dropped - implemented in Debian: | ||
3190 | 4269 | - debian/patches/fix-gnutls-key-strength.patch: | ||
3191 | 4270 | Fix slapd handling of ssf using gnutls. (LP: #244925). | ||
3192 | 4271 | - debian/control: | ||
3193 | 4272 | Add time as build dependency: needed by make test. | ||
3194 | 4273 | * debian/control: | ||
3195 | 4274 | - Build-depend on libltdl7-dev rather then libltdl3-dev. | ||
3196 | 4275 | * debian/patches/autogen.sh: | ||
3197 | 4276 | - Call libtoolize with the --install option to install config.{guess,sub} | ||
3198 | 4277 | files. | ||
3199 | 4278 | |||
3200 | 4279 | [ Jamie Strandboge ] | ||
3201 | 4280 | * adjust apparmor profile to allow gssapi (LP: #229252) | ||
3202 | 4281 | * adjust apparmor profile to allow cnconfig (LP: #243525) | ||
3203 | 4282 | |||
3204 | 4283 | -- Mathias Gug <mathiaz@ubuntu.com> Wed, 30 Jul 2008 19:46:02 -0400 | ||
3205 | 4284 | |||
3206 | 1436 | openldap (2.4.10-3) unstable; urgency=low | 4285 | openldap (2.4.10-3) unstable; urgency=low |
3207 | 1437 | 4286 | ||
3208 | 1438 | [ Steve Langasek ] | 4287 | [ Steve Langasek ] |
3209 | @@ -1466,6 +4315,40 @@ openldap (2.4.10-3) unstable; urgency=low | |||
3210 | 1466 | 4315 | ||
3211 | 1467 | -- Steve Langasek <vorlon@debian.org> Mon, 28 Jul 2008 15:26:06 -0700 | 4316 | -- Steve Langasek <vorlon@debian.org> Mon, 28 Jul 2008 15:26:06 -0700 |
3212 | 1468 | 4317 | ||
3213 | 4318 | openldap (2.4.10-2ubuntu1) intrepid; urgency=low | ||
3214 | 4319 | |||
3215 | 4320 | * Merge from debian unstable, remaining changes: | ||
3216 | 4321 | - debian/apparmor-profile: add AppArmor profile | ||
3217 | 4322 | - debian/slapd.postinst: Reload AA profile on configuration | ||
3218 | 4323 | - updated debian/slapd.README.Debian for note on AppArmor | ||
3219 | 4324 | - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6 | ||
3220 | 4325 | - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4 | ||
3221 | 4326 | to make sure that if earlier version of apparmour-profiles gets | ||
3222 | 4327 | installed it won't overwrite our profile. | ||
3223 | 4328 | - Modify Maintainer value to match the DebianMaintainerField | ||
3224 | 4329 | speficication. | ||
3225 | 4330 | - follow ApparmorProfileMigration and force apparmor compalin mode on | ||
3226 | 4331 | some upgrades (LP: #203529) | ||
3227 | 4332 | - debian/slapd.dirs: add etc/apparmor.d/force-complain | ||
3228 | 4333 | - debian/slapd.preinst: create symlink for force-complain on pre-feisty | ||
3229 | 4334 | upgrades, upgrades where apparmor-profiles profile is unchanged (ie | ||
3230 | 4335 | non-enforcing) and upgrades where apparmor profile does not exist. | ||
3231 | 4336 | - debian/slapd.postrm: remove symlink in force-complain/ on purge | ||
3232 | 4337 | - debian/patches/fix-ucred-libc due to changes how newer glibc handle | ||
3233 | 4338 | the ucred struct now. | ||
3234 | 4339 | - debian/patches/fix-unique-overlay-assertion.patch: | ||
3235 | 4340 | Fix another assertion error in unique overlay (LP: #243337). | ||
3236 | 4341 | Backport from head. | ||
3237 | 4342 | - debian/patches/fix-gnutls-key-strength.patch: | ||
3238 | 4343 | Fix slapd handling of ssf using gnutls. (LP: #244925). | ||
3239 | 4344 | - debian/control: | ||
3240 | 4345 | Add time as build dependency: needed by make test. | ||
3241 | 4346 | * Dropped - implemented in Debian: | ||
3242 | 4347 | - debian/rules: | ||
3243 | 4348 | Support debuild nocheck option: don't run tests if nocheck is set. | ||
3244 | 4349 | |||
3245 | 4350 | -- Mathias Gug <mathiaz@ubuntu.com> Thu, 10 Jul 2008 14:45:49 -0400 | ||
3246 | 4351 | |||
3247 | 1469 | openldap (2.4.10-2) unstable; urgency=low | 4352 | openldap (2.4.10-2) unstable; urgency=low |
3248 | 1470 | 4353 | ||
3249 | 1471 | * Support DEB_BUILD_OPTIONS=nocheck to disable running the test suite at | 4354 | * Support DEB_BUILD_OPTIONS=nocheck to disable running the test suite at |
3250 | @@ -1480,6 +4363,54 @@ openldap (2.4.10-2) unstable; urgency=low | |||
3251 | 1480 | 4363 | ||
3252 | 1481 | -- Steve Langasek <vorlon@debian.org> Sun, 06 Jul 2008 22:03:32 -0700 | 4364 | -- Steve Langasek <vorlon@debian.org> Sun, 06 Jul 2008 22:03:32 -0700 |
3253 | 1482 | 4365 | ||
3254 | 4366 | openldap2.3 (2.4.10-1ubuntu1) intrepid; urgency=low | ||
3255 | 4367 | |||
3256 | 4368 | * Merge from debian unstable, remaining changes: | ||
3257 | 4369 | - debian/apparmor-profile: add AppArmor profile | ||
3258 | 4370 | - debian/slapd.postinst: Reload AA profile on configuration | ||
3259 | 4371 | - updated debian/slapd.README.Debian for note on AppArmor | ||
3260 | 4372 | - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6 | ||
3261 | 4373 | - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4 | ||
3262 | 4374 | to make sure that if earlier version of apparmour-profiles gets | ||
3263 | 4375 | installed it won't overwrite our profile. | ||
3264 | 4376 | - Modify Maintainer value to match the DebianMaintainerField | ||
3265 | 4377 | speficication. | ||
3266 | 4378 | - follow ApparmorProfileMigration and force apparmor compalin mode on | ||
3267 | 4379 | some upgrades (LP: #203529) | ||
3268 | 4380 | - debian/slapd.dirs: add etc/apparmor.d/force-complain | ||
3269 | 4381 | - debian/slapd.preinst: create symlink for force-complain on pre-feisty | ||
3270 | 4382 | upgrades, upgrades where apparmor-profiles profile is unchanged (ie | ||
3271 | 4383 | non-enforcing) and upgrades where apparmor profile does not exist. | ||
3272 | 4384 | - debian/slapd.postrm: remove symlink in force-complain/ on purge | ||
3273 | 4385 | - debian/patches/fix-ucred-libc due to changes how newer glibc handle | ||
3274 | 4386 | the ucred struct now. | ||
3275 | 4387 | - debian/patches/fix-unique-overlay-assertion.patch: | ||
3276 | 4388 | Fix another assertion error in unique overlay (LP: #243337). | ||
3277 | 4389 | Backport from head. | ||
3278 | 4390 | * debian/control: | ||
3279 | 4391 | - add time as build dependency: needed by make test. | ||
3280 | 4392 | * debian/rules: | ||
3281 | 4393 | - support debuild nocheck option: don't run tests if nocheck is set. | ||
3282 | 4394 | * debian/patches/fix-gnutls-key-strength.patch: | ||
3283 | 4395 | - fix slapd handling of ssf using gnutls. (LP: #244925). | ||
3284 | 4396 | * Dropped - accepted in Debian: | ||
3285 | 4397 | - debian/rules, debian/slapd.links: use hard links to slapd instead of | ||
3286 | 4398 | symlinks for slap* so these applications aren't confined by apparmor | ||
3287 | 4399 | (LP: #203898) | ||
3288 | 4400 | * Dropped - fixed in new upstream release: | ||
3289 | 4401 | - debian/patches/fix-assertion-io.patch: Fixes ber_flush2 assertion. | ||
3290 | 4402 | (LP: #215904) | ||
3291 | 4403 | - debian/patches/fix-dnpretty-assertion.patch: Fix dnPrettyNormal assertion | ||
3292 | 4404 | error. (LP: #234196) | ||
3293 | 4405 | - dropped debian/patches/fix-notify-crasher.patch: Fix modify timestamp crashes. | ||
3294 | 4406 | (LP: #220724) | ||
3295 | 4407 | - debian/patches/fix-syncrepl-oops: Fixes segmentation fault when using | ||
3296 | 4408 | syncrepl. (LP: #227178) | ||
3297 | 4409 | - dropped debian/patches/SECURITY_CVE-2008-0658.patch. Already applied | ||
3298 | 4410 | upstream. | ||
3299 | 4411 | |||
3300 | 4412 | -- Mathias Gug <mathiaz@ubuntu.com> Thu, 03 Jul 2008 14:15:08 -0400 | ||
3301 | 4413 | |||
3302 | 1483 | openldap2.3 (2.4.10-1) unstable; urgency=low | 4414 | openldap2.3 (2.4.10-1) unstable; urgency=low |
3303 | 1484 | 4415 | ||
3304 | 1485 | [ Steve Langasek ] | 4416 | [ Steve Langasek ] |
3305 | @@ -1504,6 +4435,64 @@ openldap2.3 (2.4.10-1) unstable; urgency=low | |||
3306 | 1504 | 4435 | ||
3307 | 1505 | -- Steve Langasek <vorlon@debian.org> Mon, 30 Jun 2008 04:28:34 -0700 | 4436 | -- Steve Langasek <vorlon@debian.org> Mon, 30 Jun 2008 04:28:34 -0700 |
3308 | 1506 | 4437 | ||
3309 | 4438 | openldap2.3 (2.4.9-1ubuntu4) intrepid; urgency=low | ||
3310 | 4439 | |||
3311 | 4440 | * debian/patches/fix-unique-overlay-assertion.patch: | ||
3312 | 4441 | - Fix another assertion error in unique overlay, backported from head. | ||
3313 | 4442 | (LP: #243337) Note: This patch will still be needed when moved to 2.4.10 | ||
3314 | 4443 | |||
3315 | 4444 | -- Chuck Short <zulcss@ubuntu.com> Mon, 30 Jun 2008 18:49:52 +0000 | ||
3316 | 4445 | |||
3317 | 4446 | openldap2.3 (2.4.9-1ubuntu3) intrepid; urgency=low | ||
3318 | 4447 | |||
3319 | 4448 | * Drop spurious dependency on hiemdal-dev. Caused by an aborted attempt to | ||
3320 | 4449 | include the smbk5pwd overlay. | ||
3321 | 4450 | |||
3322 | 4451 | -- Chuck Short <zulcss@ubuntu.com> Wed, 11 Jun 2008 21:25:40 +0000 | ||
3323 | 4452 | |||
3324 | 4453 | openldap2.3 (2.4.9-1ubuntu2) intrepid; urgency=low | ||
3325 | 4454 | |||
3326 | 4455 | * Rebuild for perl 5.10 transition (LP: #230016) | ||
3327 | 4456 | * debian/patches/fix-syncrepl-oops: Fixes segmentation fault when using | ||
3328 | 4457 | syncrepl. (LP: #227178) | ||
3329 | 4458 | |||
3330 | 4459 | -- Chuck Short <zulcss@ubuntu.com> Mon, 09 Jun 2008 14:56:40 +0000 | ||
3331 | 4460 | |||
3332 | 4461 | openldap2.3 (2.4.9-1ubuntu1) intrepid; urgency=low | ||
3333 | 4462 | |||
3334 | 4463 | * Merge from debian unstable, remaining changes: | ||
3335 | 4464 | - debian/apparmor-profile: add AppArmor profile | ||
3336 | 4465 | - debian/slapd.postinst: Reload AA profile on configuration | ||
3337 | 4466 | - updated debian/slapd.README.Debian for note on AppArmor | ||
3338 | 4467 | - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6 | ||
3339 | 4468 | - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4 | ||
3340 | 4469 | to make sure that if earlier version of apparmour-profiles gets | ||
3341 | 4470 | installed it won't overwrite our profile. | ||
3342 | 4471 | - Modify Maintainer value to match the DebianMaintainerField | ||
3343 | 4472 | speficication. | ||
3344 | 4473 | - follow ApparmorProfileMigration and force apparmor compalin mode on | ||
3345 | 4474 | some upgrades (LP: #203529) | ||
3346 | 4475 | - debian/slapd.dirs: add etc/apparmor.d/force-complain | ||
3347 | 4476 | - debian/slapd.preinst: create symlink for force-complain on pre-feisty | ||
3348 | 4477 | upgrades, upgrades where apparmor-profiles profile is unchanged (ie | ||
3349 | 4478 | non-enforcing) and upgrades where apparmor profile does not exist. | ||
3350 | 4479 | - debian/slapd.postrm: remove symlink in force-complain/ on purge | ||
3351 | 4480 | - debian/rules, debian/slapd.links: use hard links to slapd instead of | ||
3352 | 4481 | symlinks for slap* so these applications aren't confined by apparmor | ||
3353 | 4482 | (LP: #203898) | ||
3354 | 4483 | - debian/patches/fix-assertion-io.patch: Fixes ber_flush2 assertion. | ||
3355 | 4484 | (LP: #215904) | ||
3356 | 4485 | - debian/patches/fix-dnpretty-assertion.patch: Fix dnPrettyNormal assertion | ||
3357 | 4486 | error. (LP: #234196) | ||
3358 | 4487 | - dropped debian/patches/fix-notify-crasher.patch: Fix modify timestamp crashes. | ||
3359 | 4488 | (LP: #220724) | ||
3360 | 4489 | - dropped debian/patches/SECURITY_CVE-2008-0658.patch. Already applied | ||
3361 | 4490 | upstream. | ||
3362 | 4491 | * Added debian/patches/fix-ucred-libc due to changes how newer glibc handle | ||
3363 | 4492 | the ucred struct now. | ||
3364 | 4493 | |||
3365 | 4494 | -- Chuck Short <zulcss@ubuntu.com> Fri, 30 May 2008 17:09:53 +0100 | ||
3366 | 4495 | |||
3367 | 1507 | openldap2.3 (2.4.9-1) unstable; urgency=low | 4496 | openldap2.3 (2.4.9-1) unstable; urgency=low |
3368 | 1508 | 4497 | ||
3369 | 1509 | [ Updated debconf translations ] | 4498 | [ Updated debconf translations ] |
3370 | @@ -1574,6 +4563,51 @@ openldap2.3 (2.4.7-6.1) unstable; urgency=high | |||
3371 | 1574 | 4563 | ||
3372 | 1575 | -- Nico Golde <nion@debian.org> Tue, 04 Mar 2008 14:34:44 +0100 | 4564 | -- Nico Golde <nion@debian.org> Tue, 04 Mar 2008 14:34:44 +0100 |
3373 | 1576 | 4565 | ||
3374 | 4566 | openldap2.3 (2.4.7-6ubuntu3) hardy; urgency=low | ||
3375 | 4567 | |||
3376 | 4568 | * remove apparmor-profile workaround for Launchpad #202161 (it's now fixed | ||
3377 | 4569 | in klibc) | ||
3378 | 4570 | |||
3379 | 4571 | -- Jamie Strandboge <jamie@ubuntu.com> Mon, 07 Apr 2008 16:09:38 -0400 | ||
3380 | 4572 | |||
3381 | 4573 | openldap2.3 (2.4.7-6ubuntu2) hardy; urgency=low | ||
3382 | 4574 | |||
3383 | 4575 | * apparmor-profile workaround for Launchpad #202161 | ||
3384 | 4576 | * follow ApparmorProfileMigration and force apparmor complain mode on some | ||
3385 | 4577 | upgrades (LP: #203529) | ||
3386 | 4578 | - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6 | ||
3387 | 4579 | - debian/slapd.dirs: add etc/apparmor.d/force-complain | ||
3388 | 4580 | - debian/slapd.preinst: create symlink for force-complain/ on pre-feisty | ||
3389 | 4581 | upgrades, upgrades where apparmor-profiles profile is unchanged (ie | ||
3390 | 4582 | non-enforcing) and upgrades where apparmor profile does not exist | ||
3391 | 4583 | - debian/slapd.postrm: remove symlink in force-complain/ on purge | ||
3392 | 4584 | * debian/rules, debian/slapd.links: use hard links to slapd instead of | ||
3393 | 4585 | symlinks for slap* so these applications aren't confined by apparmor | ||
3394 | 4586 | (LP: #203898) | ||
3395 | 4587 | |||
3396 | 4588 | -- Jamie Strandboge <jamie@ubuntu.com> Tue, 18 Mar 2008 13:53:23 -0400 | ||
3397 | 4589 | |||
3398 | 4590 | openldap2.3 (2.4.7-6ubuntu1) hardy; urgency=low | ||
3399 | 4591 | |||
3400 | 4592 | * Merge from Debian unstable, remaining changes: | ||
3401 | 4593 | + debian/patches/SECURITY_CVE-2008-0658.patch (LP: #197077) | ||
3402 | 4594 | slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39 | ||
3403 | 4595 | allows remote authenticated users to cause a denial of service (daemon | ||
3404 | 4596 | crash) via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION) | ||
3405 | 4597 | control, a related issue to CVE-2007-6698. | ||
3406 | 4598 | + debian/apparmor-profile: add AppArmor profile | ||
3407 | 4599 | + debian/slapd.postinst: Reload AA profile on configuration | ||
3408 | 4600 | + updated debian/slapd.README.Debian for note on AppArmor | ||
3409 | 4601 | + debian/control: Replaces apparmor-profiles << 2.1+1075-0ubuntu4 as we | ||
3410 | 4602 | should now take control | ||
3411 | 4603 | + debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4 | ||
3412 | 4604 | to make sure that if earlier version of apparmor-profiles gets | ||
3413 | 4605 | installed it won't overwrite our profile | ||
3414 | 4606 | + Modify Maintainer value to match the DebianMaintainerField | ||
3415 | 4607 | specification. | ||
3416 | 4608 | |||
3417 | 4609 | -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 04 Mar 2008 01:59:51 +0000 | ||
3418 | 4610 | |||
3419 | 1577 | openldap2.3 (2.4.7-6) unstable; urgency=low | 4611 | openldap2.3 (2.4.7-6) unstable; urgency=low |
3420 | 1578 | 4612 | ||
3421 | 1579 | [ Updated debconf translations ] | 4613 | [ Updated debconf translations ] |
3422 | @@ -1619,6 +4653,37 @@ openldap2.3 (2.4.7-6) unstable; urgency=low | |||
3423 | 1619 | 4653 | ||
3424 | 1620 | -- Steve Langasek <vorlon@debian.org> Thu, 28 Feb 2008 22:15:17 -0800 | 4654 | -- Steve Langasek <vorlon@debian.org> Thu, 28 Feb 2008 22:15:17 -0800 |
3425 | 1621 | 4655 | ||
3426 | 4656 | openldap2.3 (2.4.7-5ubuntu2) hardy; urgency=low | ||
3427 | 4657 | |||
3428 | 4658 | * SECURITY UPDATE: | ||
3429 | 4659 | + debian/patches/SECURITY_CVE-2008-0658.patch (LP: #197077) | ||
3430 | 4660 | slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39 | ||
3431 | 4661 | allows remote authenticated users to cause a denial of service (daemon crash) | ||
3432 | 4662 | via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION) control, a related | ||
3433 | 4663 | issue to CVE-2007-6698. | ||
3434 | 4664 | |||
3435 | 4665 | * References | ||
3436 | 4666 | - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-0658 | ||
3437 | 4667 | - http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5358 | ||
3438 | 4668 | |||
3439 | 4669 | -- Emanuele Gentili <emgent@emanuele-gentili.com> Sun, 02 Mar 2008 16:34:30 +0100 | ||
3440 | 4670 | |||
3441 | 4671 | openldap2.3 (2.4.7-5ubuntu1) hardy; urgency=low | ||
3442 | 4672 | |||
3443 | 4673 | * add AppArmor profile | ||
3444 | 4674 | + debian/apparmor-profile | ||
3445 | 4675 | + debian/slapd.postinst: Reload AA profile on configuration | ||
3446 | 4676 | * updated debian/slapd.README.Debian for note on AppArmor | ||
3447 | 4677 | * debian/control: Replaces apparmor-profiles << 2.1+1075-0ubuntu4 as we | ||
3448 | 4678 | should now take control | ||
3449 | 4679 | * debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4 | ||
3450 | 4680 | to make sure that if earlier version of apparmor-profiles gets installed | ||
3451 | 4681 | it won't overwrite our profile | ||
3452 | 4682 | * Modify Maintainer value to match the DebianMaintainerField | ||
3453 | 4683 | specification. | ||
3454 | 4684 | |||
3455 | 4685 | -- Jamie Strandboge <jamie@ubuntu.com> Wed, 13 Feb 2008 17:15:41 +0000 | ||
3456 | 4686 | |||
3457 | 1622 | openldap2.3 (2.4.7-5) unstable; urgency=low | 4687 | openldap2.3 (2.4.7-5) unstable; urgency=low |
3458 | 1623 | 4688 | ||
3459 | 1624 | [ Updated debconf translations ] | 4689 | [ Updated debconf translations ] |
3460 | diff --git a/debian/control b/debian/control | |||
3461 | index 961e6de..5215f21 100644 | |||
3462 | --- a/debian/control | |||
3463 | +++ b/debian/control | |||
3464 | @@ -1,12 +1,14 @@ | |||
3465 | 1 | Source: openldap | 1 | Source: openldap |
3466 | 2 | Section: net | 2 | Section: net |
3467 | 3 | Priority: optional | 3 | Priority: optional |
3469 | 4 | Maintainer: Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org> | 4 | Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com> |
3470 | 5 | XSBC-Original-Maintainer: Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org> | ||
3471 | 5 | Uploaders: Steve Langasek <vorlon@debian.org>, | 6 | Uploaders: Steve Langasek <vorlon@debian.org>, |
3472 | 6 | Torsten Landschoff <torsten@debian.org>, | 7 | Torsten Landschoff <torsten@debian.org>, |
3473 | 7 | Ryan Tandy <ryan@nardis.ca>, | 8 | Ryan Tandy <ryan@nardis.ca>, |
3474 | 8 | Sergio Durigan Junior <sergiodj@debian.org> | 9 | Sergio Durigan Junior <sergiodj@debian.org> |
3475 | 9 | Build-Depends: debhelper-compat (= 13), | 10 | Build-Depends: debhelper-compat (= 13), |
3476 | 11 | dh-apparmor, | ||
3477 | 10 | dpkg-dev (>= 1.17.14), | 12 | dpkg-dev (>= 1.17.14), |
3478 | 11 | groff-base, | 13 | groff-base, |
3479 | 12 | heimdal-multidev (>= 7.4.0.dfsg.1-1~) <!pkg.openldap.noslapd>, | 14 | heimdal-multidev (>= 7.4.0.dfsg.1-1~) <!pkg.openldap.noslapd>, |
3480 | @@ -43,7 +45,7 @@ Depends: ${shlibs:Depends}, libldap2 (= ${binary:Version}), | |||
3481 | 43 | coreutils (>= 4.5.1-1), psmisc, perl:any (>> 5.8.0) | libmime-base64-perl, | 45 | coreutils (>= 4.5.1-1), psmisc, perl:any (>> 5.8.0) | libmime-base64-perl, |
3482 | 44 | adduser, ${perl:Depends}, ${misc:Depends} | 46 | adduser, ${perl:Depends}, ${misc:Depends} |
3483 | 45 | Recommends: ldap-utils | 47 | Recommends: ldap-utils |
3485 | 46 | Suggests: libsasl2-modules, | 48 | Suggests: libsasl2-modules, ufw, |
3486 | 47 | libsasl2-modules-gssapi-mit | libsasl2-modules-gssapi-heimdal | 49 | libsasl2-modules-gssapi-mit | libsasl2-modules-gssapi-heimdal |
3487 | 48 | Conflicts: umich-ldapd, ldap-server, libltdl3 (= 1.5.4-1) | 50 | Conflicts: umich-ldapd, ldap-server, libltdl3 (= 1.5.4-1) |
3488 | 49 | Replaces: ldap-utils (<< 2.2.23-3) | 51 | Replaces: ldap-utils (<< 2.2.23-3) |
3489 | diff --git a/debian/rules b/debian/rules | |||
3490 | index 3fab06f..8039111 100755 | |||
3491 | --- a/debian/rules | |||
3492 | +++ b/debian/rules | |||
3493 | @@ -11,7 +11,7 @@ export DEB_CFLAGS_MAINT_APPEND := -Wall -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE | |||
3494 | 11 | export DEB_BUILD_MAINT_OPTIONS := hardening=+all | 11 | export DEB_BUILD_MAINT_OPTIONS := hardening=+all |
3495 | 12 | 12 | ||
3496 | 13 | # Expose maintainer address to build/mkversion (see debian/patches/set-maintainer-name) | 13 | # Expose maintainer address to build/mkversion (see debian/patches/set-maintainer-name) |
3498 | 14 | export DEB_MAINTAINER := $(shell sed -ne 's/Maintainer:\s\+//p' debian/control) | 14 | export DEB_MAINTAINER := $(shell sed -ne 's/^Maintainer:\s\+//p' debian/control) |
3499 | 15 | 15 | ||
3500 | 16 | # Expose DEB_VERSION to build/version.sh (see debian/patches/debian-version) | 16 | # Expose DEB_VERSION to build/version.sh (see debian/patches/debian-version) |
3501 | 17 | export DEB_VERSION | 17 | export DEB_VERSION |
3502 | @@ -124,6 +124,22 @@ endif | |||
3503 | 124 | find $(installdir)/usr/share/man -name \*.8 \ | 124 | find $(installdir)/usr/share/man -name \*.8 \ |
3504 | 125 | | xargs perl -pi -e 's#(\.TH \w+ 8)C#$$1#' | 125 | | xargs perl -pi -e 's#(\.TH \w+ 8)C#$$1#' |
3505 | 126 | 126 | ||
3506 | 127 | ifeq ($(filter stage1,$(DEB_BUILD_PROFILES)),) | ||
3507 | 128 | override_dh_install-arch: | ||
3508 | 129 | dh_install | ||
3509 | 130 | |||
3510 | 131 | # install AppArmor profile | ||
3511 | 132 | install -D -m 644 $(CURDIR)/debian/apparmor-profile $(CURDIR)/debian/slapd/etc/apparmor.d/usr.sbin.slapd | ||
3512 | 133 | |||
3513 | 134 | # install Apport hook | ||
3514 | 135 | install -D -m 644 $(CURDIR)/debian/slapd.py $(CURDIR)/debian/slapd/usr/share/apport/package-hooks/slapd.py | ||
3515 | 136 | |||
3516 | 137 | # install ufw profile | ||
3517 | 138 | install -D -m 644 $(CURDIR)/debian/slapd.ufw.profile $(CURDIR)/debian/slapd/etc/ufw/applications.d/slapd | ||
3518 | 139 | |||
3519 | 140 | dh_apparmor -pslapd --profile-name=usr.sbin.slapd | ||
3520 | 141 | endif | ||
3521 | 142 | |||
3522 | 127 | override_dh_installinit: | 143 | override_dh_installinit: |
3523 | 128 | dh_installinit --no-restart-after-upgrade --error-handler=ignore_init_failure -- "defaults 19 80" | 144 | dh_installinit --no-restart-after-upgrade --error-handler=ignore_init_failure -- "defaults 19 80" |
3524 | 129 | 145 | ||
3525 | diff --git a/debian/slapd.README.Debian b/debian/slapd.README.Debian | |||
3526 | index ff7d66b..a4f3f55 100644 | |||
3527 | --- a/debian/slapd.README.Debian | |||
3528 | +++ b/debian/slapd.README.Debian | |||
3529 | @@ -252,6 +252,17 @@ Modifications Compared to Upstream | |||
3530 | 252 | 252 | ||
3531 | 253 | -- Russ Allbery <rra@debian.org>, Thu, 14 Feb 2008 18:47:07 -0800 | 253 | -- Russ Allbery <rra@debian.org>, Thu, 14 Feb 2008 18:47:07 -0800 |
3532 | 254 | 254 | ||
3533 | 255 | Apparmor Profile | ||
3534 | 256 | ---------------- | ||
3535 | 257 | |||
3536 | 258 | If your system uses AppArmor, please note that the shipped enforcing profile | ||
3537 | 259 | works with the default installation, and changes in your configuration may | ||
3538 | 260 | require changes to the installed apparmor profile. Please see | ||
3539 | 261 | https://wiki.ubuntu.com/DebuggingApparmor before filing a bug against this | ||
3540 | 262 | software. | ||
3541 | 263 | |||
3542 | 264 | -- Jamie Strandboge <jamie@ubuntu.com>, Mon, 4 Feb 2008 21:18:21 -0500 | ||
3543 | 265 | |||
3544 | 255 | Migrating your installation to OpenLDAP 2.5.x | 266 | Migrating your installation to OpenLDAP 2.5.x |
3545 | 256 | 267 | ||
3546 | 257 | OpenLDAP 2.5 is a major new release and includes several incompatible | 268 | OpenLDAP 2.5 is a major new release and includes several incompatible |
3547 | diff --git a/debian/slapd.py b/debian/slapd.py | |||
3548 | 258 | new file mode 100644 | 269 | new file mode 100644 |
3549 | index 0000000..b1aed25 | |||
3550 | --- /dev/null | |||
3551 | +++ b/debian/slapd.py | |||
3552 | @@ -0,0 +1,51 @@ | |||
3553 | 1 | #!/usr/bin/python3 | ||
3554 | 2 | |||
3555 | 3 | '''apport hook for slapd | ||
3556 | 4 | |||
3557 | 5 | (c) 2010 Adam Sommer. | ||
3558 | 6 | Author: Adam Sommer <asommer@ubuntu.com> | ||
3559 | 7 | |||
3560 | 8 | This program is free software; you can redistribute it and/or modify it | ||
3561 | 9 | under the terms of the GNU General Public License as published by the | ||
3562 | 10 | Free Software Foundation; either version 2 of the License, or (at your | ||
3563 | 11 | option) any later version. See http://www.gnu.org/copyleft/gpl.html for | ||
3564 | 12 | the full text of the license. | ||
3565 | 13 | ''' | ||
3566 | 14 | |||
3567 | 15 | from apport.hookutils import * | ||
3568 | 16 | import os | ||
3569 | 17 | |||
3570 | 18 | # Scrub olcRootPW attribute and credentials strings if necessary. | ||
3571 | 19 | def scrub_pass_strings(config): | ||
3572 | 20 | olcrootpw_regex = re.compile('olcRootPW:.*') | ||
3573 | 21 | olcrootpw_string = olcrootpw_regex.search(config) | ||
3574 | 22 | if olcrootpw_string: | ||
3575 | 23 | config = config.replace(olcrootpw_string.group(0), 'olcRootPW: @@APPORTREPLACED@@') | ||
3576 | 24 | |||
3577 | 25 | credentials_regex = re.compile('credentials=.* ') | ||
3578 | 26 | credentials_string = credentials_regex.search(config) | ||
3579 | 27 | if credentials_string: | ||
3580 | 28 | config = config.replace(credentials_string.group(0), 'credentials=@@APPORTREPLACED@@ ') | ||
3581 | 29 | |||
3582 | 30 | return config | ||
3583 | 31 | |||
3584 | 32 | def add_info(report, ui): | ||
3585 | 33 | response = ui.yesno("The contents of your /etc/ldap/slapd.d directory " | ||
3586 | 34 | "may help developers diagnose your bug more " | ||
3587 | 35 | "quickly. However, it may contain sensitive " | ||
3588 | 36 | "information. Do you want to include it in your " | ||
3589 | 37 | "bug report?") | ||
3590 | 38 | |||
3591 | 39 | if response == None: # user cancelled | ||
3592 | 40 | raise StopIteration | ||
3593 | 41 | |||
3594 | 42 | elif response == True: | ||
3595 | 43 | # Get the cn=config tree. | ||
3596 | 44 | cn_config = root_command_output(['/usr/bin/ldapsearch', '-Q', '-LLL', '-Y EXTERNAL', '-H ldapi:///', '-b cn=config']) | ||
3597 | 45 | report['CNConfig'] = scrub_pass_strings(cn_config) | ||
3598 | 46 | |||
3599 | 47 | # Get slapd messages from /var/log/syslog | ||
3600 | 48 | slapd_re = re.compile('slapd', re.IGNORECASE) | ||
3601 | 49 | report['SysLog'] = recent_syslog(slapd_re) | ||
3602 | 50 | |||
3603 | 51 | attach_mac_events(report, '/usr/sbin/slapd') | ||
3604 | diff --git a/debian/slapd.ufw.profile b/debian/slapd.ufw.profile | |||
3605 | 0 | new file mode 100644 | 52 | new file mode 100644 |
3606 | index 0000000..3c4f676 | |||
3607 | --- /dev/null | |||
3608 | +++ b/debian/slapd.ufw.profile | |||
3609 | @@ -0,0 +1,9 @@ | |||
3610 | 1 | [OpenLDAP LDAP] | ||
3611 | 2 | title=OpenLDAP with TLS | ||
3612 | 3 | description=OpenLDAP is a free, fast, lightweight LDAP server | ||
3613 | 4 | ports=389/tcp | ||
3614 | 5 | |||
3615 | 6 | [OpenLDAP LDAPS] | ||
3616 | 7 | title=OpenLDAP over SSL | ||
3617 | 8 | description=OpenLDAP is a free, fast, lightweight LDAP server | ||
3618 | 9 | ports=636/tcp | ||
3619 | diff --git a/debian/tests/smbk5pwd b/debian/tests/smbk5pwd | |||
3620 | index aeb5f81..aaafdbe 100755 | |||
3621 | --- a/debian/tests/smbk5pwd | |||
3622 | +++ b/debian/tests/smbk5pwd | |||
3623 | @@ -9,6 +9,20 @@ schema2ldif /etc/ldap/schema/hdb.schema | ldapadd -H ldapi:// -Y EXTERNAL | |||
3624 | 9 | chgrp openldap /var/lib/heimdal-kdc /var/lib/heimdal-kdc/*key | 9 | chgrp openldap /var/lib/heimdal-kdc /var/lib/heimdal-kdc/*key |
3625 | 10 | chmod g+rX /var/lib/heimdal-kdc /var/lib/heimdal-kdc/*key | 10 | chmod g+rX /var/lib/heimdal-kdc /var/lib/heimdal-kdc/*key |
3626 | 11 | 11 | ||
3627 | 12 | apparmor_profile="/etc/apparmor.d/usr.sbin.slapd" | ||
3628 | 13 | if [ -f "${apparmor_profile}" ]; then | ||
3629 | 14 | if aa-status --enabled 2>/dev/null; then | ||
3630 | 15 | # Adjust apparmor so slapd can read the heimdal master key | ||
3631 | 16 | cat >> /etc/apparmor.d/local/usr.sbin.slapd <<EOF | ||
3632 | 17 | /var/lib/heimdal-kdc/m-key rk, | ||
3633 | 18 | EOF | ||
3634 | 19 | apparmor_parser -r -W -T "${apparmor_profile}" || { | ||
3635 | 20 | # this failure may happen on armhf in Canonical infrastructure, see #1991141 | ||
3636 | 21 | echo "Failed to reload the ${apparmor_profile} apparmor profile, continuing anyway." | ||
3637 | 22 | } | ||
3638 | 23 | fi | ||
3639 | 24 | fi | ||
3640 | 25 | |||
3641 | 12 | # Instantiate the smbk5pwd overlay | 26 | # Instantiate the smbk5pwd overlay |
3642 | 13 | ldapmodify -H ldapi:// -Y EXTERNAL << eof | 27 | ldapmodify -H ldapi:// -Y EXTERNAL << eof |
3643 | 14 | dn: cn=module{0},cn=config | 28 | dn: cn=module{0},cn=config |
FWIW, the regression being fixed is this one:
https:/ /bugs.openldap. org/show_ bug.cgi? id=10045
It can cause slapd to abruptly terminate in certain occasions.