Ubuntu
openldap package

Merge ~sergiodj/ubuntu/+source/openldap:merge-2.6.6-dfsg-1-mantic into ubuntu/+source/openldap:debian/experimental

  1. Git
  2. lp:~sergiodj/ubuntu/+source/openldap
  3. merge-2.6.6-dfsg-1-mantic
  4. Merge into debian/experimental
Proposed by Sergio Durigan Junior
Status: Merged
Merge reported by: Sergio Durigan Junior
Merged at revision: e67fe169e961d770845e914e22b7dda6d7b9d6c6
Proposed branch: ~sergiodj/ubuntu/+source/openldap:merge-2.6.6-dfsg-1-mantic
Merge into: ubuntu/+source/openldap:debian/experimental
Diff against target: 3643 lines (+3232/-3)
8 files modified
debian/apparmor-profile (+61/-0)
debian/changelog (+3065/-0)
debian/control (+4/-2)
debian/rules (+17/-1)
debian/slapd.README.Debian (+11/-0)
debian/slapd.py (+51/-0)
debian/slapd.ufw.profile (+9/-0)
debian/tests/smbk5pwd (+14/-0)
Reviewer Review Type Date Requested Status
Andreas Hasenack Approve
Canonical Server Reporter Pending
Review via email: mp+448302@code.launchpad.net

Description of the change

This is the merge of OpenLDAP 2.6.6 from Debian experimental.

It's a trivial merge that fixes a regression introduced by 2.6.5. No deltas were dropped this time.

PPA: https://launchpad.net/~sergiodj/+archive/ubuntu/openldap

dep8 results will be posted later.

To post a comment you must log in.
Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

FWIW, the regression being fixed is this one:

https://bugs.openldap.org/show_bug.cgi?id=10045

It can cause slapd to abruptly terminate in certain occasions.

Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

It seems that I'm having a bad luck when doing merges lately... You will find that OpenLDAP is FTBFSing in the PPA. I tracked down this problem to a recent change in cyrus-sasl2. I filed a Debian bug and will work with the maintainer to get things working again. Feel free to review the MP, though. Thanks.

Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

The cyrus-sasl2 bug has been fixed in Debian/Ubuntu and the openldap builds are passing now. This MP is ready for review.

Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

Results: (from http://autopkgtest.ubuntu.com/results/autopkgtest-mantic-sergiodj-openldap/?format=plain)
  openldap @ amd64:
    04.08.23 18:45:32 Log 🗒️ ✅ Triggers: openldap/2.6.6+dfsg-1~exp1ubuntu1~ppa1
  openldap @ armhf:
    04.08.23 18:44:40 Log 🗒️ ✅ Triggers: openldap/2.6.6+dfsg-1~exp1ubuntu1~ppa1
  openldap @ ppc64el:
    04.08.23 18:41:51 Log 🗒️ ✅ Triggers: openldap/2.6.6+dfsg-1~exp1ubuntu1~ppa1
  openldap @ s390x:
    04.08.23 18:41:36 Log 🗒️ ✅ Triggers: openldap/2.6.6+dfsg-1~exp1ubuntu1~ppa1

The arm64 test is stuck updating the kernel, which is unrelated to openldap.

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

range-diff is clean, no delta change

new upstream 2.6.6 CHANGES file is ok

+1

review: Approve
Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

On Friday, August 04 2023, Andreas Hasenack wrote:

> range-diff is clean, no delta change
>
> new upstream 2.6.6 CHANGES file is ok
>
> +1

Thanks. Uploaded:

$ dput openldap_2.6.6+dfsg-1~exp1ubuntu1_source.changes
Trying to upload package to ubuntu
Checking signature on .changes
gpg: /home/sergio/work/openldap/openldap_2.6.6+dfsg-1~exp1ubuntu1_source.changes: Valid signature from 106DA1C8C3CBBF14
Checking signature on .dsc
gpg: /home/sergio/work/openldap/openldap_2.6.6+dfsg-1~exp1ubuntu1.dsc: Valid signature from 106DA1C8C3CBBF14
Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading openldap_2.6.6+dfsg-1~exp1ubuntu1.dsc: done.
  Uploading openldap_2.6.6+dfsg.orig.tar.xz: done.
  Uploading openldap_2.6.6+dfsg-1~exp1ubuntu1.debian.tar.xz: done.
  Uploading openldap_2.6.6+dfsg-1~exp1ubuntu1_source.buildinfo: done.
  Uploading openldap_2.6.6+dfsg-1~exp1ubuntu1_source.changes: done.
Successfully uploaded packages.

--
Sergio
GPG key ID: E92F D0B3 6B14 F1F4 D8E0 EB2F 106D A1C8 C3CB BF14

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/debian/apparmor-profile b/debian/apparmor-profile
0new file mode 1006440new file mode 100644
index 0000000..6a247aa
--- /dev/null
+++ b/debian/apparmor-profile
@@ -0,0 +1,61 @@
1# vim:syntax=apparmor
2# Last Modified: Fri Jun 6 13:51:00 2020
3# Author: Jamie Strandboge <jamie@ubuntu.com>
4
5#include <tunables/global>
6
7/usr/sbin/slapd {
8 #include <abstractions/base>
9 #include <abstractions/nameservice>
10 #include <abstractions/p11-kit>
11
12 #include <abstractions/ssl_keys>
13 #include <abstractions/ssl_certs>
14
15 /etc/sasldb2 r,
16
17 capability dac_override,
18 capability net_bind_service,
19 capability setgid,
20 capability setuid,
21
22 /etc/gai.conf r,
23 /etc/hosts.allow r,
24 /etc/hosts.deny r,
25
26 # ldap files
27 /etc/ldap/** kr,
28 /etc/ldap/slapd.d/** rw,
29
30 # kerberos/gssapi
31 /dev/tty rw,
32 /etc/gss/mech.d/ r,
33 /etc/gss/mech.d/* kr,
34 /etc/krb5.keytab kr,
35 /etc/krb5/user/*/client.keytab kr,
36 owner /tmp/krb5cc_* rwk,
37 owner /var/tmp/krb5_*.rcache2 rwk,
38 /var/tmp/ rw,
39 /var/tmp/** rw,
40
41 # the databases and logs
42 /var/lib/ldap/ r,
43 /var/lib/ldap/** rwk,
44
45 # lock file
46 /var/lib/ldap/alock kw,
47
48 # pid files and sockets
49 /{,var/}run/slapd/* w,
50 /{,var/}run/slapd/ldapi rw,
51 /{,var/}run/nslcd/socket rw,
52 /{,var/}run/saslauthd/mux rw,
53
54 /usr/lib/ldap/ r,
55 /usr/lib/ldap/* mr,
56
57 /usr/sbin/slapd mr,
58
59 # Site-specific additions and overrides. See local/README for details.
60 #include <local/usr.sbin.slapd>
61}
diff --git a/debian/changelog b/debian/changelog
index b654a02..8945ee5 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,9 +1,62 @@
1openldap (2.6.6+dfsg-1~exp1ubuntu1) mantic; urgency=medium
2
3 * Merge with Debian unstable (LP: #2028721). Remaining changes:
4 - Enable AppArmor support:
5 + d/apparmor-profile: add AppArmor profile
6 + d/rules: use dh_apparmor
7 + d/control: Build-Depends on dh-apparmor
8 + d/slapd.README.Debian: add note about AppArmor
9 - Enable ufw support:
10 + d/control: suggest ufw.
11 + d/rules: install ufw profile.
12 + d/slapd.ufw.profile: add ufw profile.
13 - d/{rules,slapd.py}: Add apport hook.
14 - d/rules: better regexp to match the Maintainer tag in d/control,
15 needed in the Ubuntu case because of XSBC-Original-Maintainer
16 (Closes #960448, LP #1875697)
17 - d/t/smbk5pwd: Allow the openldap user to read the Heimdal master key in the
18 smbk5pwd DEP8 test (LP #2004560)
19 [ Partially incorporated by Debian. ]
20
21 -- Sergio Durigan Junior <sergio.durigan@canonical.com> Wed, 02 Aug 2023 19:53:17 -0400
22
1openldap (2.6.6+dfsg-1~exp1) experimental; urgency=medium23openldap (2.6.6+dfsg-1~exp1) experimental; urgency=medium
224
3 * New upstream version 2.6.6+dfsg25 * New upstream version 2.6.6+dfsg
426
5 -- Sergio Durigan Junior <sergiodj@debian.org> Mon, 31 Jul 2023 18:24:38 -040027 -- Sergio Durigan Junior <sergiodj@debian.org> Mon, 31 Jul 2023 18:24:38 -0400
628
29openldap (2.6.5+dfsg-1~exp1ubuntu1) mantic; urgency=medium
30
31 * Merge with Debian unstable (LP: #2028721). Remaining changes:
32 - Enable AppArmor support:
33 + d/apparmor-profile: add AppArmor profile
34 + d/rules: use dh_apparmor
35 + d/control: Build-Depends on dh-apparmor
36 + d/slapd.README.Debian: add note about AppArmor
37 - Enable ufw support:
38 + d/control: suggest ufw.
39 + d/rules: install ufw profile.
40 + d/slapd.ufw.profile: add ufw profile.
41 - d/{rules,slapd.py}: Add apport hook.
42 - d/rules: better regexp to match the Maintainer tag in d/control,
43 needed in the Ubuntu case because of XSBC-Original-Maintainer
44 (Closes #960448, LP #1875697)
45 - d/t/smbk5pwd: Allow the openldap user to read the Heimdal master key in the
46 smbk5pwd DEP8 test (LP #2004560)
47 [ Partially incorporated by Debian. ]
48 * Drop changes:
49 - Build the passwd/sha2 contrib module with -fno-strict-aliasing to
50 avoid computing an incorrect SHA256 hash with some versions of the
51 compiler (LP: #2000817):
52 + d/t/{control,sha2-contrib}: test to verify the SHA256 hash
53 produced by passwd/sha2
54 + d/rules: set -fno-strict-aliasing only when building the
55 passwd/sha2 contrib module
56 [ Incorporated by Debian. ]
57
58 -- Sergio Durigan Junior <sergio.durigan@canonical.com> Thu, 27 Jul 2023 13:18:18 -0400
59
7openldap (2.6.5+dfsg-1~exp1) experimental; urgency=medium60openldap (2.6.5+dfsg-1~exp1) experimental; urgency=medium
861
9 [ Sergio Durigan Junior ]62 [ Sergio Durigan Junior ]
@@ -39,12 +92,79 @@ openldap (2.6.5+dfsg-1~exp1) experimental; urgency=medium
3992
40 -- Sergio Durigan Junior <sergiodj@debian.org> Mon, 24 Jul 2023 19:26:16 -040093 -- Sergio Durigan Junior <sergiodj@debian.org> Mon, 24 Jul 2023 19:26:16 -0400
4194
95openldap (2.6.4+dfsg-1~exp1ubuntu1) mantic; urgency=medium
96
97 * Merge with Debian unstable (LP: #2018093). Remaining changes:
98 - Enable AppArmor support:
99 + d/apparmor-profile: add AppArmor profile
100 + d/rules: use dh_apparmor
101 + d/control: Build-Depends on dh-apparmor
102 + d/slapd.README.Debian: add note about AppArmor
103 - Enable ufw support:
104 + d/control: suggest ufw.
105 + d/rules: install ufw profile.
106 + d/slapd.ufw.profile: add ufw profile.
107 - d/{rules,slapd.py}: Add apport hook.
108 - d/rules: better regexp to match the Maintainer tag in d/control,
109 needed in the Ubuntu case because of XSBC-Original-Maintainer
110 (Closes #960448, LP #1875697)
111 - Build the passwd/sha2 contrib module with -fno-strict-aliasing to
112 avoid computing an incorrect SHA256 hash with some versions of the
113 compiler (LP #2000817):
114 + d/t/{control,sha2-contrib}: test to verify the SHA256 hash
115 produced by passwd/sha2
116 + d/rules: set -fno-strict-aliasing only when building the
117 passwd/sha2 contrib module
118 - d/t/smbk5pwd: Allow the openldap user to read the Heimdal master key in the
119 smbk5pwd DEP8 test (LP #2004560)
120
121 -- Sergio Durigan Junior <sergio.durigan@canonical.com> Wed, 21 Jun 2023 14:48:31 -0400
122
42openldap (2.6.4+dfsg-1~exp1) experimental; urgency=medium123openldap (2.6.4+dfsg-1~exp1) experimental; urgency=medium
43124
44 * New upstream version 2.6.4+dfsg.125 * New upstream version 2.6.4+dfsg.
45126
46 -- Sergio Durigan Junior <sergiodj@debian.org> Sat, 04 Mar 2023 16:35:10 -0500127 -- Sergio Durigan Junior <sergiodj@debian.org> Sat, 04 Mar 2023 16:35:10 -0500
47128
129openldap (2.6.3+dfsg-1~exp1ubuntu2) lunar; urgency=medium
130
131 * Build the passwd/sha2 contrib module with -fno-strict-aliasing to
132 avoid computing an incorrect SHA256 hash with some versions of the
133 compiler (LP: #2000817):
134 - d/t/{control,sha2-contrib}: test to verify the SHA256 hash
135 produced by passwd/sha2
136 - d/rules: set -fno-strict-aliasing only when building the
137 passwd/sha2 contrib module
138 * d/t/smbk5pwd: Allow the openldap user to read the Heimdal master key in the
139 smbk5pwd DEP8 test (LP: #2004560)
140
141 -- Andreas Hasenack <andreas@canonical.com> Fri, 03 Feb 2023 09:33:14 -0300
142
143openldap (2.6.3+dfsg-1~exp1ubuntu1) lunar; urgency=medium
144
145 * Merge with Debian unstable (LP: #1993426). Remaining changes:
146 - Enable AppArmor support:
147 + d/apparmor-profile: add AppArmor profile
148 + d/rules: use dh_apparmor
149 + d/control: Build-Depends on dh-apparmor
150 + d/slapd.README.Debian: add note about AppArmor
151 - Enable ufw support:
152 + d/control: suggest ufw.
153 + d/rules: install ufw profile.
154 + d/slapd.ufw.profile: add ufw profile.
155 - d/{rules,slapd.py}: Add apport hook.
156 - d/rules: better regexp to match the Maintainer tag in d/control,
157 needed in the Ubuntu case because of XSBC-Original-Maintainer
158 (Closes #960448, LP #1875697)
159 * Drop changes:
160 - Enable SASL/GSSAPI tests. (LP #1976508)
161 + d/control: Update B-D to include required dependencies needed to run
162 SASL/GSSAPI tests during build time, and mark them "!nocheck".
163 Thanks: Andreas Hasenack <andreas.hasenack@canonical.com>
164 [ Incorporated by Debian. ]
165
166 -- Sergio Durigan Junior <sergio.durigan@canonical.com> Fri, 18 Nov 2022 16:07:45 -0500
167
48openldap (2.6.3+dfsg-1~exp1) experimental; urgency=medium168openldap (2.6.3+dfsg-1~exp1) experimental; urgency=medium
49169
50 * d/rules: Remove get-orig-source, now unnecessary.170 * d/rules: Remove get-orig-source, now unnecessary.
@@ -94,6 +214,94 @@ openldap (2.6.2+dfsg-1~exp1) experimental; urgency=medium
94214
95 -- Sergio Durigan Junior <sergiodj@debian.org> Fri, 20 May 2022 17:41:04 -0400215 -- Sergio Durigan Junior <sergiodj@debian.org> Fri, 20 May 2022 17:41:04 -0400
96216
217openldap (2.5.13+dfsg-1ubuntu2) lunar; urgency=medium
218
219 * Rebuild against new perlapi-5.36.
220
221 -- Gianfranco Costamagna <locutusofborg@debian.org> Fri, 04 Nov 2022 16:50:13 +0100
222
223openldap (2.5.13+dfsg-1ubuntu1) kinetic; urgency=medium
224
225 * Merge with Debian unstable (LP: #1983618). Remaining changes:
226 - Enable AppArmor support:
227 + d/apparmor-profile: add AppArmor profile
228 + d/rules: use dh_apparmor
229 + d/control: Build-Depends on dh-apparmor
230 + d/slapd.README.Debian: add note about AppArmor
231 - Enable ufw support:
232 + d/control: suggest ufw.
233 + d/rules: install ufw profile.
234 + d/slapd.ufw.profile: add ufw profile.
235 - d/{rules,slapd.py}: Add apport hook.
236 - d/rules: better regexp to match the Maintainer tag in d/control,
237 needed in the Ubuntu case because of XSBC-Original-Maintainer
238 (Closes #960448, LP #1875697)
239 - Enable SASL/GSSAPI tests. (LP #1976508)
240 + d/control: Update B-D to include required dependencies needed to run
241 SASL/GSSAPI tests during build time, and mark them "!nocheck".
242 Thanks: Andreas Hasenack <andreas.hasenack@canonical.com>
243
244 -- Sergio Durigan Junior <sergio.durigan@canonical.com> Tue, 20 Sep 2022 15:30:47 -0400
245
246openldap (2.5.12+dfsg-2ubuntu2) kinetic; urgency=medium
247
248 * Enable SASL/GSSAPI tests. (LP: #1976508)
249 - d/control: Update B-D to include required dependencies needed to run
250 SASL/GSSAPI tests during build time, and mark them "!nocheck".
251 Thanks: Andreas Hasenack <andreas.hasenack@canonical.com>
252
253 -- Sergio Durigan Junior <sergio.durigan@canonical.com> Thu, 25 Aug 2022 16:20:08 -0400
254
255openldap (2.5.12+dfsg-2ubuntu1) kinetic; urgency=medium
256
257 * Merge with Debian unstable (LP: #1971305). Remaining changes:
258 - Enable AppArmor support:
259 + d/apparmor-profile: add AppArmor profile
260 + d/rules: use dh_apparmor
261 + d/control: Build-Depends on dh-apparmor
262 + d/slapd.README.Debian: add note about AppArmor
263 - Enable ufw support:
264 + d/control: suggest ufw.
265 + d/rules: install ufw profile.
266 + d/slapd.ufw.profile: add ufw profile.
267 - d/{rules,slapd.py}: Add apport hook.
268 - d/rules: better regexp to match the Maintainer tag in d/control,
269 needed in the Ubuntu case because of XSBC-Original-Maintainer
270 (Closes #960448, LP #1875697)
271
272 -- Sergio Durigan Junior <sergio.durigan@canonical.com> Mon, 06 Jun 2022 15:34:48 -0400
273
274openldap (2.5.11+dfsg-1~exp1ubuntu3) jammy; urgency=medium
275
276 * No-change rebuild to update maintainer scripts, see LP: 1959054
277
278 -- Dave Jones <dave.jones@canonical.com> Wed, 16 Feb 2022 17:15:26 +0000
279
280openldap (2.5.11+dfsg-1~exp1ubuntu2) jammy; urgency=medium
281
282 * No-change rebuild for the perl update.
283
284 -- Matthias Klose <doko@ubuntu.com> Mon, 07 Feb 2022 07:51:42 +0100
285
286openldap (2.5.11+dfsg-1~exp1ubuntu1) jammy; urgency=medium
287
288 * Merge with Debian unstable (LP: #1946883). Remaining changes:
289 - Enable AppArmor support:
290 + d/apparmor-profile: add AppArmor profile
291 + d/rules: use dh_apparmor
292 + d/control: Build-Depends on dh-apparmor
293 + d/slapd.README.Debian: add note about AppArmor
294 - Enable ufw support:
295 + d/control: suggest ufw.
296 + d/rules: install ufw profile.
297 + d/slapd.ufw.profile: add ufw profile.
298 - d/{rules,slapd.py}: Add apport hook.
299 - d/rules: better regexp to match the Maintainer tag in d/control,
300 needed in the Ubuntu case because of XSBC-Original-Maintainer
301 (Closes #960448, LP #1875697)
302
303 -- Sergio Durigan Junior <sergio.durigan@canonical.com> Tue, 25 Jan 2022 17:06:12 -0500
304
97openldap (2.5.11+dfsg-1~exp1) experimental; urgency=medium305openldap (2.5.11+dfsg-1~exp1) experimental; urgency=medium
98306
99 * New upstream release.307 * New upstream release.
@@ -125,6 +333,25 @@ openldap (2.5.7+dfsg-1~exp1) experimental; urgency=medium
125333
126 -- Ryan Tandy <ryan@nardis.ca> Mon, 30 Aug 2021 18:54:25 -0700334 -- Ryan Tandy <ryan@nardis.ca> Mon, 30 Aug 2021 18:54:25 -0700
127335
336openldap (2.5.6+dfsg-1~exp1ubuntu1) impish; urgency=medium
337
338 * Merge with Debian unstable. Remaining changes:
339 - Enable AppArmor support:
340 + d/apparmor-profile: add AppArmor profile
341 + d/rules: use dh_apparmor
342 + d/control: Build-Depends on dh-apparmor
343 + d/slapd.README.Debian: add note about AppArmor
344 - Enable ufw support:
345 + d/control: suggest ufw.
346 + d/rules: install ufw profile.
347 + d/slapd.ufw.profile: add ufw profile.
348 - d/{rules,slapd.py}: Add apport hook.
349 - d/rules: better regexp to match the Maintainer tag in d/control,
350 needed in the Ubuntu case because of XSBC-Original-Maintainer
351 (Closes #960448, LP #1875697)
352
353 -- Sergio Durigan Junior <sergio.durigan@canonical.com> Tue, 17 Aug 2021 14:06:00 -0400
354
128openldap (2.5.6+dfsg-1~exp1) experimental; urgency=medium355openldap (2.5.6+dfsg-1~exp1) experimental; urgency=medium
129356
130 [ Ryan Tandy ]357 [ Ryan Tandy ]
@@ -159,6 +386,59 @@ openldap (2.5.6+dfsg-1~exp1) experimental; urgency=medium
159386
160 -- Ryan Tandy <ryan@nardis.ca> Mon, 16 Aug 2021 18:32:29 -0700387 -- Ryan Tandy <ryan@nardis.ca> Mon, 16 Aug 2021 18:32:29 -0700
161388
389openldap (2.5.5+dfsg-1~exp1ubuntu1) impish; urgency=medium
390
391 * Merge with Debian unstable. Remaining changes:
392 - Enable AppArmor support:
393 + d/apparmor-profile: add AppArmor profile
394 + d/rules: use dh_apparmor
395 + d/control: Build-Depends on dh-apparmor
396 + d/slapd.README.Debian: add note about AppArmor
397 - Enable ufw support:
398 + d/control: suggest ufw.
399 + d/rules: install ufw profile.
400 + d/slapd.ufw.profile: add ufw profile.
401 - d/{rules,slapd.py}: Add apport hook.
402 - d/rules: better regexp to match the Maintainer tag in d/control,
403 needed in the Ubuntu case because of XSBC-Original-Maintainer
404 (Closes #960448, LP #1875697)
405 * Dropped changes:
406 - Enable GSSAPI support (first added in 2.4.18-0ubuntu2):
407 + d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
408 - Add --with-gssapi support
409 - Make guess_service_principal() more robust when determining
410 principal
411 + d/configure.options: Configure with --with-gssapi
412 + d/control: Added heimdal-dev as a build depend
413 + d/rules:
414 - Explicitly add -I/usr/include/heimdal to CFLAGS.
415 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
416 + d/libldap-2.4-2.symbols: add symbols for GSSAPI support
417 This should be dropped when the soname changes.
418 [ Dropped as planned after soname bump due to 2.5.5 update. ]
419 - Enable nss overlay:
420 + d/rules:
421 - add nssov to CONTRIB_MODULES
422 - add sysconfdir to CONTRIB_MAKEVARS
423 + d/slapd.install: install nssov overlay
424 + d/slapd.manpages: install slapo-nssov(5) man page
425 + d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
426 Debian bug #919136, we also have to patch the nssov makefile
427 accordingly and thus update this patch.
428 [ Dropped as planned after soname bump due to 2.5.5 update. ]
429 - Add support for CLDAP (UDP) support, back then required by
430 likewise-open (first enabled in 2.4.17-1ubuntu2):
431 + d/rules: Enable -DLDAP_CONNECTIONLESS
432 + d/libldap-2.4-2.symbols: add symbols for CLDAP (UDP)
433 This should be dropped when the soname changes.
434 [ Dropped as planned after soname bump due to 2.5.5 update. ]
435 - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because
436 of test timing issue.
437 [ Dropped because the latest update improved the testcase and
438 there is no FTBFS on riscv64 anymore. ]
439
440 -- Sergio Durigan Junior <sergio.durigan@canonical.com> Tue, 15 Jun 2021 17:20:34 -0400
441
162openldap (2.5.5+dfsg-1~exp1) experimental; urgency=medium442openldap (2.5.5+dfsg-1~exp1) experimental; urgency=medium
163443
164 * New upstream release.444 * New upstream release.
@@ -264,6 +544,53 @@ openldap (2.4.57+dfsg-3) unstable; urgency=medium
264544
265 -- Ryan Tandy <ryan@nardis.ca> Sat, 15 May 2021 16:03:34 -0700545 -- Ryan Tandy <ryan@nardis.ca> Sat, 15 May 2021 16:03:34 -0700
266546
547openldap (2.4.57+dfsg-2ubuntu1) hirsute; urgency=medium
548
549 * Merge with Debian unstable. Remaining changes:
550 - Enable AppArmor support:
551 + d/apparmor-profile: add AppArmor profile
552 + d/rules: use dh_apparmor
553 + d/control: Build-Depends on dh-apparmor
554 + d/slapd.README.Debian: add note about AppArmor
555 - Enable GSSAPI support (first added in 2.4.18-0ubuntu2):
556 + d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
557 - Add --with-gssapi support
558 - Make guess_service_principal() more robust when determining
559 principal
560 + d/configure.options: Configure with --with-gssapi
561 + d/control: Added heimdal-dev as a build depend
562 + d/rules:
563 - Explicitly add -I/usr/include/heimdal to CFLAGS.
564 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
565 + d/libldap-2.4-2.symbols: add symbols for GSSAPI support
566 This should be dropped when the soname changes.
567 - Enable ufw support:
568 + d/control: suggest ufw.
569 + d/rules: install ufw profile.
570 + d/slapd.ufw.profile: add ufw profile.
571 - Enable nss overlay:
572 + d/rules:
573 - add nssov to CONTRIB_MODULES
574 - add sysconfdir to CONTRIB_MAKEVARS
575 + d/slapd.install: install nssov overlay
576 + d/slapd.manpages: install slapo-nssov(5) man page
577 + d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
578 Debian bug #919136, we also have to patch the nssov makefile
579 accordingly and thus update this patch.
580 - d/{rules,slapd.py}: Add apport hook.
581 - Add support for CLDAP (UDP) support, back then required by
582 likewise-open (first enabled in 2.4.17-1ubuntu2):
583 + d/rules: Enable -DLDAP_CONNECTIONLESS
584 + d/libldap-2.4-2.symbols: add symbols for CLDAP (UDP)
585 This should be dropped when the soname changes.
586 - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because
587 of test timing issue.
588 - d/rules: better regexp to match the Maintainer tag in d/control,
589 needed in the Ubuntu case because of XSBC-Original-Maintainer
590 (Closes #960448, LP #1875697)
591
592 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 18 Feb 2021 10:15:38 -0500
593
267openldap (2.4.57+dfsg-2) unstable; urgency=medium594openldap (2.4.57+dfsg-2) unstable; urgency=medium
268595
269 * Fix slapd assertion failure in Certificate List Exact Assertion validation596 * Fix slapd assertion failure in Certificate List Exact Assertion validation
@@ -293,6 +620,65 @@ openldap (2.4.57+dfsg-1) unstable; urgency=medium
293620
294 -- Ryan Tandy <ryan@nardis.ca> Sat, 23 Jan 2021 08:57:07 -0800621 -- Ryan Tandy <ryan@nardis.ca> Sat, 23 Jan 2021 08:57:07 -0800
295622
623openldap (2.4.56+dfsg-1ubuntu2) hirsute; urgency=medium
624
625 * debian/apparmor-profile: add AppArmor rule for locking replay cache.
626 In Hirsute, a change (presumably in src:krb5) has caused slapd to be
627 denied by AppArmor for locking /var/tmp/krb5_*.rcache2. This is
628 acceptable, so add it to the AppArmor profile. This fixes the dep8
629 test in src:krb5 that uses slapd for testing.
630
631 -- Robie Basak <robie.basak@ubuntu.com> Tue, 26 Jan 2021 13:02:40 +0000
632
633openldap (2.4.56+dfsg-1ubuntu1) hirsute; urgency=medium
634
635 * Merge with Debian unstable. Remaining changes:
636 - Enable AppArmor support:
637 + d/apparmor-profile: add AppArmor profile
638 + d/rules: use dh_apparmor
639 + d/control: Build-Depends on dh-apparmor
640 + d/slapd.README.Debian: add note about AppArmor
641 - Enable GSSAPI support (first added in 2.4.18-0ubuntu2):
642 + d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
643 - Add --with-gssapi support
644 - Make guess_service_principal() more robust when determining
645 principal
646 + d/configure.options: Configure with --with-gssapi
647 + d/control: Added heimdal-dev as a build depend
648 + d/rules:
649 - Explicitly add -I/usr/include/heimdal to CFLAGS.
650 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
651 + d/libldap-2.4-2.symbols: add symbols for GSSAPI support
652 This should be dropped when the soname changes.
653 - Enable ufw support:
654 + d/control: suggest ufw.
655 + d/rules: install ufw profile.
656 + d/slapd.ufw.profile: add ufw profile.
657 - Enable nss overlay:
658 + d/rules:
659 - add nssov to CONTRIB_MODULES
660 - add sysconfdir to CONTRIB_MAKEVARS
661 + d/slapd.install: install nssov overlay
662 + d/slapd.manpages: install slapo-nssov(5) man page
663 + d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
664 Debian bug #919136, we also have to patch the nssov makefile
665 accordingly and thus update this patch.
666 - d/{rules,slapd.py}: Add apport hook.
667 - Add support for CLDAP (UDP) support, back then required by
668 likewise-open (first enabled in 2.4.17-1ubuntu2):
669 + d/rules: Enable -DLDAP_CONNECTIONLESS
670 + d/libldap-2.4-2.symbols: add symbols for CLDAP (UDP)
671 This should be dropped when the soname changes.
672 - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because
673 of test timing issue.
674 - d/rules: better regexp to match the Maintainer tag in d/control,
675 needed in the Ubuntu case because of XSBC-Original-Maintainer
676 (Closes #960448, LP #1875697)
677 * d/apparmor-profile: use abstractions/ssl_keys instead of manual rules,
678 allows letsencrypt to work. Thanks to Paul McEnery (LP: #1909748)
679
680 -- Paride Legovini <paride.legovini@canonical.com> Mon, 04 Jan 2021 16:18:57 +0100
681
296openldap (2.4.56+dfsg-1) unstable; urgency=medium682openldap (2.4.56+dfsg-1) unstable; urgency=medium
297683
298 * New upstream release.684 * New upstream release.
@@ -319,12 +705,151 @@ openldap (2.4.54+dfsg-1) unstable; urgency=medium
319705
320 -- Ryan Tandy <ryan@nardis.ca> Sun, 18 Oct 2020 16:03:46 +0000706 -- Ryan Tandy <ryan@nardis.ca> Sun, 18 Oct 2020 16:03:46 +0000
321707
708openldap (2.4.53+dfsg-1ubuntu5) hirsute; urgency=medium
709
710 * SECURITY UPDATE: assertion failure in Certificate List syntax
711 validation
712 - debian/patches/CVE-2020-25709.patch: properly handle error in
713 servers/slapd/schema_init.c.
714 - CVE-2020-25709
715 * SECURITY UPDATE: assertion failure in CSN normalization with invalid
716 input
717 - debian/patches/CVE-2020-25710.patch: properly handle error in
718 servers/slapd/schema_init.c.
719 - CVE-2020-25710
720
721 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 17 Nov 2020 09:41:47 -0500
722
723openldap (2.4.53+dfsg-1ubuntu4) hirsute; urgency=medium
724
725 * SECURITY UPDATE: DoS via NULL pointer dereference
726 - debian/patches/CVE-2020-25692.patch: skip normalization if there's no
727 equality rule in servers/slapd/modrdn.c.
728 - CVE-2020-25692
729
730 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 09 Nov 2020 14:02:02 -0500
731
732openldap (2.4.53+dfsg-1ubuntu3) hirsute; urgency=medium
733
734 * No-change rebuild for the perl update.
735
736 -- Matthias Klose <doko@ubuntu.com> Mon, 09 Nov 2020 12:53:38 +0100
737
738openldap (2.4.53+dfsg-1ubuntu2) hirsute; urgency=medium
739
740 * No-change rebuild for the perl update.
741
742 -- Matthias Klose <doko@ubuntu.com> Mon, 09 Nov 2020 10:51:32 +0100
743
744openldap (2.4.53+dfsg-1ubuntu1) groovy; urgency=medium
745
746 * Merge with Debian unstable (LP: #1894838). Remaining changes:
747 - Enable AppArmor support:
748 + d/apparmor-profile: add AppArmor profile
749 + d/rules: use dh_apparmor
750 + d/control: Build-Depends on dh-apparmor
751 + d/slapd.README.Debian: add note about AppArmor
752 - Enable GSSAPI support (first added in 2.4.18-0ubuntu2):
753 + d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
754 - Add --with-gssapi support
755 - Make guess_service_principal() more robust when determining
756 principal
757 + d/configure.options: Configure with --with-gssapi
758 + d/control: Added heimdal-dev as a build depend
759 + d/rules:
760 - Explicitly add -I/usr/include/heimdal to CFLAGS.
761 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
762 + d/libldap-2.4-2.symbols: add symbols for GSSAPI support
763 This should be dropped when the soname changes.
764 - Enable ufw support:
765 + d/control: suggest ufw.
766 + d/rules: install ufw profile.
767 + d/slapd.ufw.profile: add ufw profile.
768 - Enable nss overlay:
769 + d/rules:
770 - add nssov to CONTRIB_MODULES
771 - add sysconfdir to CONTRIB_MAKEVARS
772 + d/slapd.install: install nssov overlay
773 + d/slapd.manpages: install slapo-nssov(5) man page
774 + d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
775 Debian bug #919136, we also have to patch the nssov makefile
776 accordingly and thus update this patch.
777 - d/{rules,slapd.py}: Add apport hook.
778 - Add support for CLDAP (UDP) support, back then required by
779 likewise-open (first enabled in 2.4.17-1ubuntu2):
780 + d/rules: Enable -DLDAP_CONNECTIONLESS
781 + d/libldap-2.4-2.symbols: add symbols for CLDAP (UDP)
782 This should be dropped when the soname changes.
783 - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because
784 of test timing issue.
785 - d/rules: better regexp to match the Maintainer tag in d/control,
786 needed in the Ubuntu case because of XSBC-Original-Maintainer
787 (Closes #960448, LP #1875697)
788
789 -- Andreas Hasenack <andreas@canonical.com> Tue, 08 Sep 2020 09:36:58 -0300
790
322openldap (2.4.53+dfsg-1) unstable; urgency=medium791openldap (2.4.53+dfsg-1) unstable; urgency=medium
323792
324 * New upstream release.793 * New upstream release.
325794
326 -- Ryan Tandy <ryan@nardis.ca> Mon, 07 Sep 2020 09:47:28 -0700795 -- Ryan Tandy <ryan@nardis.ca> Mon, 07 Sep 2020 09:47:28 -0700
327796
797openldap (2.4.51+dfsg-1ubuntu1) groovy; urgency=medium
798
799 * Merge with Debian unstable. Remaining changes:
800 - Enable AppArmor support:
801 + d/apparmor-profile: add AppArmor profile
802 + d/rules: use dh_apparmor
803 + d/control: Build-Depends on dh-apparmor
804 + d/slapd.README.Debian: add note about AppArmor
805 - Enable GSSAPI support (first added in 2.4.18-0ubuntu2):
806 + d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
807 - Add --with-gssapi support
808 - Make guess_service_principal() more robust when determining
809 principal
810 + d/configure.options: Configure with --with-gssapi
811 + d/control: Added heimdal-dev as a build depend
812 + d/rules:
813 - Explicitly add -I/usr/include/heimdal to CFLAGS.
814 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
815 + d/libldap-2.4-2.symbols: add symbols for GSSAPI support
816 This should be dropped when the soname changes.
817 - Enable ufw support:
818 + d/control: suggest ufw.
819 + d/rules: install ufw profile.
820 + d/slapd.ufw.profile: add ufw profile.
821 - Enable nss overlay:
822 + d/rules:
823 - add nssov to CONTRIB_MODULES
824 - add sysconfdir to CONTRIB_MAKEVARS
825 + d/slapd.install: install nssov overlay
826 + d/slapd.manpages: install slapo-nssov(5) man page
827 + d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
828 Debian bug #919136, we also have to patch the nssov makefile
829 accordingly and thus update this patch.
830 - d/{rules,slapd.py}: Add apport hook.
831 - Add support for CLDAP (UDP) support, back then required by
832 likewise-open (first enabled in 2.4.17-1ubuntu2):
833 + d/rules: Enable -DLDAP_CONNECTIONLESS
834 + d/libldap-2.4-2.symbols: add symbols for CLDAP (UDP)
835 This should be dropped when the soname changes.
836 - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because
837 of test timing issue.
838 - d/rules: better regexp to match the Maintainer tag in d/control,
839 needed in the Ubuntu case because of XSBC-Original-Maintainer
840 (Closes #960448, LP #1875697)
841 * Dropped:
842 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
843 [In 2.4.51+dfsg-1]
844 - d/slapd.scripts-common:
845 + add slapcat_opts to local variables.
846 + Fix backup directory naming for multiple reconfiguration.
847 [In 2.4.51+dfsg-1]
848 - debian/patches/set-maintainer-name: our d/rules change needs to
849 be kept, but this patch is in 2.4.51+dfsg-1.
850
851 -- Andreas Hasenack <andreas@canonical.com> Wed, 26 Aug 2020 11:03:24 -0300
852
328openldap (2.4.51+dfsg-1) unstable; urgency=medium853openldap (2.4.51+dfsg-1) unstable; urgency=medium
329854
330 * New upstream release.855 * New upstream release.
@@ -370,6 +895,85 @@ openldap (2.4.51+dfsg-1) unstable; urgency=medium
370895
371 -- Ryan Tandy <ryan@nardis.ca> Sun, 23 Aug 2020 11:09:57 -0700896 -- Ryan Tandy <ryan@nardis.ca> Sun, 23 Aug 2020 11:09:57 -0700
372897
898openldap (2.4.50+dfsg-1ubuntu3) groovy; urgency=medium
899
900 * No change rebuild against new libnettle8 and libhogweed6 ABI.
901
902 -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 29 Jun 2020 22:31:30 +0100
903
904openldap (2.4.50+dfsg-1ubuntu2) groovy; urgency=medium
905
906 * d/apparmor-profile: Update apparmor profile to grant access to
907 the saslauthd socket, so that SASL authentication works. (LP: #1557157)
908
909 -- Sergio Durigan Junior <sergio.durigan@canonical.com> Fri, 12 Jun 2020 18:20:42 -0400
910
911openldap (2.4.50+dfsg-1ubuntu1) groovy; urgency=medium
912
913 * Merge with Debian unstable. Remaining changes:
914 - Enable AppArmor support:
915 + d/apparmor-profile: add AppArmor profile
916 + d/rules: use dh_apparmor
917 + d/control: Build-Depends on dh-apparmor
918 + d/slapd.README.Debian: add note about AppArmor
919 - Enable GSSAPI support (first added in 2.4.18-0ubuntu2):
920 + d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
921 - Add --with-gssapi support
922 - Make guess_service_principal() more robust when determining
923 principal
924 + d/configure.options: Configure with --with-gssapi
925 + d/control: Added heimdal-dev as a build depend
926 + d/rules:
927 - Explicitly add -I/usr/include/heimdal to CFLAGS.
928 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
929 + d/libldap-2.4-2.symbols: add symbols for GSSAPI support
930 This should be dropped when the soname changes.
931 - Enable ufw support:
932 + d/control: suggest ufw.
933 + d/rules: install ufw profile.
934 + d/slapd.ufw.profile: add ufw profile.
935 - Enable nss overlay:
936 + d/rules:
937 - add nssov to CONTRIB_MODULES
938 - add sysconfdir to CONTRIB_MAKEVARS
939 + d/slapd.install:
940 - install nssov overlay
941 + d/slapd.manpages:
942 - install slapo-nssov(5) man page
943 + d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
944 Debian bug #919136, we also have to patch the nssov makefile
945 accordingly and thus update this patch.
946 - d/{rules,slapd.py}: Add apport hook.
947 - d/slapd.scripts-common:
948 + add slapcat_opts to local variables.
949 + Fix backup directory naming for multiple reconfiguration.
950 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
951 - Add support for CLDAP (UDP) support, back then required by
952 likewise-open (first enabled in 2.4.17-1ubuntu2):
953 + d/rules: Enable -DLDAP_CONNECTIONLESS
954 + d/libldap-2.4-2.symbols: add symbols for CLDAP (UDP)
955 This should be dropped when the soname changes.
956 - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because
957 of test timing issue.
958 * Dropped:
959 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
960 either the default DIT nor via an Authn mapping.
961 [Not worth keeping a delta for, as having olcRootDN doesn't hurt]
962 - Show distribution in version:
963 - d/control: added lsb-release
964 - d/patches/fix-ldap-distribution.patch: show distribution in version
965 [Debian now shows the full package version]
966 - SECURITY UPDATE: denial of service via nested search filters
967 + debian/patches/CVE-2020-12243.patch: limit depth of nested
968 filters in servers/slapd/filter.c.
969 [Fixed upstream]
970 * Added:
971 - d/rules, debian/patches/set-maintainer-name: Extract maintainer
972 address dynamically from debian/control. Thanks to Ryan Tandy
973 <ryan@nardis.ca> (Closes: #960448, LP: #1875697)
974
975 -- Andreas Hasenack <andreas@canonical.com> Mon, 01 Jun 2020 09:19:58 -0300
976
373openldap (2.4.50+dfsg-1) unstable; urgency=medium977openldap (2.4.50+dfsg-1) unstable; urgency=medium
374978
375 * New upstream release.979 * New upstream release.
@@ -412,6 +1016,69 @@ openldap (2.4.49+dfsg-3) unstable; urgency=medium
4121016
413 -- Ryan Tandy <ryan@nardis.ca> Sat, 04 Apr 2020 10:43:56 -07001017 -- Ryan Tandy <ryan@nardis.ca> Sat, 04 Apr 2020 10:43:56 -0700
4141018
1019openldap (2.4.49+dfsg-2ubuntu2) groovy; urgency=medium
1020
1021 * SECURITY UPDATE: denial of service via nested search filters
1022 - debian/patches/CVE-2020-12243.patch: limit depth of nested filters in
1023 servers/slapd/filter.c.
1024 - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because of
1025 test timing issue.
1026 - CVE-2020-12243
1027
1028 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 01 May 2020 13:09:12 -0400
1029
1030openldap (2.4.49+dfsg-2ubuntu1) focal; urgency=medium
1031
1032 * Merge with Debian unstable (LP: #1866303). Remaining changes:
1033 - Enable AppArmor support:
1034 - d/apparmor-profile: add AppArmor profile
1035 - d/rules: use dh_apparmor
1036 - d/control: Build-Depends on dh-apparmor
1037 - d/slapd.README.Debian: add note about AppArmor
1038 - Enable GSSAPI support:
1039 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1040 - Add --with-gssapi support
1041 - Make guess_service_principal() more robust when determining
1042 principal
1043 [Dropped the ldap_gssapi_bind_s() hunk as that is already
1044 - d/configure.options: Configure with --with-gssapi
1045 - d/control: Added heimdal-dev as a build depend
1046 - d/rules:
1047 - Explicitly add -I/usr/include/heimdal to CFLAGS.
1048 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1049 - Enable ufw support:
1050 - d/control: suggest ufw.
1051 - d/rules: install ufw profile.
1052 - d/slapd.ufw.profile: add ufw profile.
1053 - Enable nss overlay:
1054 - d/rules:
1055 - add nssov to CONTRIB_MODULES
1056 - add sysconfdir to CONTRIB_MAKEVARS
1057 - d/slapd.install:
1058 - install nssov overlay
1059 - d/slapd.manpages:
1060 - install slapo-nssov(5) man page
1061 - d/{rules,slapd.py}: Add apport hook.
1062 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1063 either the default DIT nor via an Authn mapping.
1064 - d/slapd.scripts-common:
1065 - add slapcat_opts to local variables.
1066 - Fix backup directory naming for multiple reconfiguration.
1067 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1068 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1069 in the openldap library, as required by Likewise-Open
1070 - Show distribution in version:
1071 - d/control: added lsb-release
1072 - d/patches/fix-ldap-distribution.patch: show distribution in version
1073 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1074 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1075 - GSSAPI support was enabled in 2.4.18-0ubuntu2
1076 - d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
1077 Debian bug #919136, we also have to patch the nssov makefile
1078 accordingly and thus update this patch.
1079
1080 -- Andreas Hasenack <andreas@canonical.com> Fri, 06 Mar 2020 11:39:12 -0300
1081
415openldap (2.4.49+dfsg-2) unstable; urgency=medium1082openldap (2.4.49+dfsg-2) unstable; urgency=medium
4161083
417 * slapd.README.Debian: Document the initial setup performed by slapd's1084 * slapd.README.Debian: Document the initial setup performed by slapd's
@@ -423,6 +1090,62 @@ openldap (2.4.49+dfsg-2) unstable; urgency=medium
4231090
424 -- Ryan Tandy <ryan@nardis.ca> Thu, 05 Mar 2020 12:59:46 -08001091 -- Ryan Tandy <ryan@nardis.ca> Thu, 05 Mar 2020 12:59:46 -0800
4251092
1093openldap (2.4.49+dfsg-1ubuntu1) focal; urgency=medium
1094
1095 * Merge with Debian unstable. Remaining changes:
1096 - Enable AppArmor support:
1097 - d/apparmor-profile: add AppArmor profile
1098 - d/rules: use dh_apparmor
1099 - d/control: Build-Depends on dh-apparmor
1100 - d/slapd.README.Debian: add note about AppArmor
1101 - Enable GSSAPI support:
1102 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1103 - Add --with-gssapi support
1104 - Make guess_service_principal() more robust when determining
1105 principal
1106 [Dropped the ldap_gssapi_bind_s() hunk as that is already
1107 - d/configure.options: Configure with --with-gssapi
1108 - d/control: Added heimdal-dev as a build depend
1109 - d/rules:
1110 - Explicitly add -I/usr/include/heimdal to CFLAGS.
1111 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1112 - Enable ufw support:
1113 - d/control: suggest ufw.
1114 - d/rules: install ufw profile.
1115 - d/slapd.ufw.profile: add ufw profile.
1116 - Enable nss overlay:
1117 - d/rules:
1118 - add nssov to CONTRIB_MODULES
1119 - add sysconfdir to CONTRIB_MAKEVARS
1120 - d/slapd.install:
1121 - install nssov overlay
1122 - d/slapd.manpages:
1123 - install slapo-nssov(5) man page
1124 - d/{rules,slapd.py}: Add apport hook.
1125 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1126 either the default DIT nor via an Authn mapping.
1127 - d/slapd.scripts-common:
1128 - add slapcat_opts to local variables.
1129 - Fix backup directory naming for multiple reconfiguration.
1130 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1131 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1132 in the openldap library, as required by Likewise-Open
1133 - Show distribution in version:
1134 - d/control: added lsb-release
1135 - d/patches/fix-ldap-distribution.patch: show distribution in version
1136 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1137 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1138 - GSSAPI support was enabled in 2.4.18-0ubuntu2
1139 - d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
1140 Debian bug #919136, we also have to patch the nssov makefile
1141 accordingly and thus update this patch.
1142 * Dropped:
1143 - d/control: slapd can depend on perl:any since it only uses perl for
1144 some maintainer and helper scripts.
1145 [In 2.4.49+dfsg-1]
1146
1147 -- Andreas Hasenack <andreas@canonical.com> Mon, 10 Feb 2020 12:13:47 -0300
1148
426openldap (2.4.49+dfsg-1) unstable; urgency=medium1149openldap (2.4.49+dfsg-1) unstable; urgency=medium
4271150
428 * New upstream release.1151 * New upstream release.
@@ -451,6 +1174,102 @@ openldap (2.4.49+dfsg-1) unstable; urgency=medium
4511174
452 -- Ryan Tandy <ryan@nardis.ca> Thu, 06 Feb 2020 10:08:12 -08001175 -- Ryan Tandy <ryan@nardis.ca> Thu, 06 Feb 2020 10:08:12 -0800
4531176
1177openldap (2.4.48+dfsg-1ubuntu4) focal; urgency=medium
1178
1179 * d/control: slapd can depend on perl:any since it only uses perl for
1180 some maintainer and helper scripts. The perl backend links against
1181 the correct architecture perl libraries already. Can be dropped
1182 after https://salsa.debian.org/openldap-team/openldap/commit/794c736
1183 is in a Debian upload.
1184
1185 -- Andreas Hasenack <andreas@canonical.com> Mon, 06 Jan 2020 16:46:11 -0300
1186
1187openldap (2.4.48+dfsg-1ubuntu3) focal; urgency=medium
1188
1189 * No-change rebuild against libnettle7
1190
1191 -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 31 Oct 2019 22:13:44 +0000
1192
1193openldap (2.4.48+dfsg-1ubuntu2) focal; urgency=medium
1194
1195 * No-change rebuild for the perl update.
1196
1197 -- Matthias Klose <doko@ubuntu.com> Fri, 18 Oct 2019 19:37:23 +0000
1198
1199openldap (2.4.48+dfsg-1ubuntu1) eoan; urgency=medium
1200
1201 * Merge with Debian unstable. Remaining changes:
1202 - Enable AppArmor support:
1203 - d/apparmor-profile: add AppArmor profile
1204 - d/rules: use dh_apparmor
1205 - d/control: Build-Depends on dh-apparmor
1206 - d/slapd.README.Debian: add note about AppArmor
1207 - Enable GSSAPI support:
1208 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1209 - Add --with-gssapi support
1210 - Make guess_service_principal() more robust when determining
1211 principal
1212 - d/configure.options: Configure with --with-gssapi
1213 - d/control: Added heimdal-dev as a build depend
1214 - d/rules:
1215 - Explicitly add -I/usr/include/heimdal to CFLAGS.
1216 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1217 - Enable ufw support:
1218 - d/control: suggest ufw.
1219 - d/rules: install ufw profile.
1220 - d/slapd.ufw.profile: add ufw profile.
1221 - Enable nss overlay:
1222 - d/rules:
1223 - add nssov to CONTRIB_MODULES
1224 - add sysconfdir to CONTRIB_MAKEVARS
1225 - d/slapd.install:
1226 - install nssov overlay
1227 - d/slapd.manpages:
1228 - install slapo-nssov(5) man page
1229 - d/{rules,slapd.py}: Add apport hook.
1230 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1231 either the default DIT nor via an Authn mapping.
1232 - d/slapd.scripts-common:
1233 - add slapcat_opts to local variables.
1234 - Fix backup directory naming for multiple reconfiguration.
1235 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1236 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1237 in the openldap library, as required by Likewise-Open
1238 - Show distribution in version:
1239 - d/control: added lsb-release
1240 - d/patches/fix-ldap-distribution.patch: show distribution in version
1241 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1242 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1243 - GSSAPI support was enabled in 2.4.18-0ubuntu2
1244 - d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
1245 Debian bug #919136, we also have to patch the nssov makefile
1246 accordingly and thus update this patch.
1247 * Dropped:
1248 - Fix sysv-generator unit file by customizing parameters (LP #1821343)
1249 + d/slapd-remain-after-exit.conf: Override RemainAfterExit to allow
1250 correct systemctl status for slapd daemon.
1251 + d/slapd.install: place override file in correct location.
1252 [Included in 2.4.48+dfsg-1]
1253 - SECURITY UPDATE: rootDN proxyauthz not restricted to its own databases
1254 + debian/patches/CVE-2019-13057-1.patch: add restriction to
1255 servers/slapd/saslauthz.c.
1256 + debian/patches/CVE-2019-13057-2.patch: add tests to
1257 tests/data/idassert.out, tests/data/slapd-idassert.conf,
1258 tests/data/test-idassert1.ldif, tests/scripts/test028-idassert.
1259 + debian/patches/CVE-2019-13057-3.patch: fix typo in
1260 tests/scripts/test028-idassert.
1261 + debian/patches/CVE-2019-13057-4.patch: fix typo in
1262 tests/scripts/test028-idassert.
1263 + CVE-2019-13057
1264 [Fixed upstream]
1265 - SECURITY UPDATE: SASL SSF not initialized per connection
1266 + debian/patches/CVE-2019-13565.patch: zero out sasl_ssf in
1267 connection_init in servers/slapd/connection.c.
1268 + CVE-2019-13565
1269 [Fixed upstream]
1270
1271 -- Andreas Hasenack <andreas@canonical.com> Wed, 31 Jul 2019 18:01:14 -0300
1272
454openldap (2.4.48+dfsg-1) unstable; urgency=medium1273openldap (2.4.48+dfsg-1) unstable; urgency=medium
4551274
456 * New upstream release.1275 * New upstream release.
@@ -478,6 +1297,87 @@ openldap (2.4.48+dfsg-1) unstable; urgency=medium
4781297
479 -- Ryan Tandy <ryan@nardis.ca> Thu, 25 Jul 2019 08:32:00 -07001298 -- Ryan Tandy <ryan@nardis.ca> Thu, 25 Jul 2019 08:32:00 -0700
4801299
1300openldap (2.4.47+dfsg-3ubuntu3) eoan; urgency=medium
1301
1302 * SECURITY UPDATE: rootDN proxyauthz not restricted to its own databases
1303 - debian/patches/CVE-2019-13057-1.patch: add restriction to
1304 servers/slapd/saslauthz.c.
1305 - debian/patches/CVE-2019-13057-2.patch: add tests to
1306 tests/data/idassert.out, tests/data/slapd-idassert.conf,
1307 tests/data/test-idassert1.ldif, tests/scripts/test028-idassert.
1308 - debian/patches/CVE-2019-13057-3.patch: fix typo in
1309 tests/scripts/test028-idassert.
1310 - debian/patches/CVE-2019-13057-4.patch: fix typo in
1311 tests/scripts/test028-idassert.
1312 - CVE-2019-13057
1313 * SECURITY UPDATE: SASL SSF not initialized per connection
1314 - debian/patches/CVE-2019-13565.patch: zero out sasl_ssf in
1315 connection_init in servers/slapd/connection.c.
1316 - CVE-2019-13565
1317
1318 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 26 Jul 2019 13:21:00 -0400
1319
1320openldap (2.4.47+dfsg-3ubuntu2) disco; urgency=medium
1321
1322 * Fix sysv-generator unit file by customizing parameters (LP: #1821343)
1323 - d/slapd-remain-after-exit.conf: Override RemainAfterExit to allow
1324 correct systemctl status for slapd daemon.
1325 - d/slapd.install: place override file in correct location.
1326
1327 -- Heitor Alves de Siqueira <halves@canonical.com> Mon, 08 Apr 2019 12:39:12 -0300
1328
1329openldap (2.4.47+dfsg-3ubuntu1) disco; urgency=medium
1330
1331 * Merge with Debian unstable. Remaining changes:
1332 - Enable AppArmor support:
1333 - d/apparmor-profile: add AppArmor profile
1334 - d/rules: use dh_apparmor
1335 - d/control: Build-Depends on dh-apparmor
1336 - d/slapd.README.Debian: add note about AppArmor
1337 - Enable GSSAPI support:
1338 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1339 - Add --with-gssapi support
1340 - Make guess_service_principal() more robust when determining
1341 principal
1342 - d/configure.options: Configure with --with-gssapi
1343 - d/control: Added heimdal-dev as a build depend
1344 - d/rules:
1345 - Explicitly add -I/usr/include/heimdal to CFLAGS.
1346 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1347 - Enable ufw support:
1348 - d/control: suggest ufw.
1349 - d/rules: install ufw profile.
1350 - d/slapd.ufw.profile: add ufw profile.
1351 - Enable nss overlay:
1352 - d/rules:
1353 - add nssov to CONTRIB_MODULES
1354 - add sysconfdir to CONTRIB_MAKEVARS
1355 - d/slapd.install:
1356 - install nssov overlay
1357 - d/slapd.manpages:
1358 - install slapo-nssov(5) man page
1359 - d/{rules,slapd.py}: Add apport hook.
1360 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1361 either the default DIT nor via an Authn mapping.
1362 - d/slapd.scripts-common:
1363 - add slapcat_opts to local variables.
1364 - Fix backup directory naming for multiple reconfiguration.
1365 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1366 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1367 in the openldap library, as required by Likewise-Open
1368 - Show distribution in version:
1369 - d/control: added lsb-release
1370 - d/patches/fix-ldap-distribution.patch: show distribution in version
1371 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1372 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1373 - GSSAPI support was enabled in 2.4.18-0ubuntu2
1374 * Added changes:
1375 - d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
1376 Debian bug #919136, we also have to patch the nssov makefile
1377 accordingly and thus update this patch.
1378
1379 -- Andreas Hasenack <andreas@canonical.com> Mon, 11 Feb 2019 09:20:47 -0200
1380
481openldap (2.4.47+dfsg-3) unstable; urgency=medium1381openldap (2.4.47+dfsg-3) unstable; urgency=medium
4821382
483 * Restore patches to contrib Makefiles to set CFLAGS, CPPFLAGS, and LDFLAGS1383 * Restore patches to contrib Makefiles to set CFLAGS, CPPFLAGS, and LDFLAGS
@@ -493,6 +1393,63 @@ openldap (2.4.47+dfsg-3) unstable; urgency=medium
4931393
494 -- Ryan Tandy <ryan@nardis.ca> Sat, 02 Feb 2019 10:30:10 -08001394 -- Ryan Tandy <ryan@nardis.ca> Sat, 02 Feb 2019 10:30:10 -0800
4951395
1396openldap (2.4.47+dfsg-2ubuntu1) disco; urgency=medium
1397
1398 * Merge from Debian unstable (LP: #1811630). Remaining changes:
1399 - Enable AppArmor support:
1400 - d/apparmor-profile: add AppArmor profile
1401 - d/rules: use dh_apparmor
1402 - d/control: Build-Depends on dh-apparmor
1403 - d/slapd.README.Debian: add note about AppArmor
1404 - Enable GSSAPI support:
1405 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1406 - Add --with-gssapi support
1407 - Make guess_service_principal() more robust when determining
1408 principal
1409 - d/configure.options: Configure with --with-gssapi
1410 - d/control: Added heimdal-dev as a build depend
1411 - d/rules:
1412 - Explicitly add -I/usr/include/heimdal to CFLAGS.
1413 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1414 - Enable ufw support:
1415 - d/control: suggest ufw.
1416 - d/rules: install ufw profile.
1417 - d/slapd.ufw.profile: add ufw profile.
1418 - Enable nss overlay:
1419 - d/rules:
1420 - add nssov to CONTRIB_MODULES
1421 - add sysconfdir to CONTRIB_MAKEVARS
1422 - d/slapd.install:
1423 - install nssov overlay
1424 - d/slapd.manpages:
1425 - install slapo-nssov(5) man page
1426 - d/{rules,slapd.py}: Add apport hook.
1427 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1428 either the default DIT nor via an Authn mapping.
1429 - d/slapd.scripts-common:
1430 - add slapcat_opts to local variables.
1431 - Fix backup directory naming for multiple reconfiguration.
1432 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1433 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1434 in the openldap library, as required by Likewise-Open
1435 - Show distribution in version:
1436 - d/control: added lsb-release
1437 - d/patches/fix-ldap-distribution.patch: show distribution in version
1438 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1439 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1440 - GSSAPI support was enabled in 2.4.18-0ubuntu2
1441 * Update nssov build and packaging for Debian changes:
1442 - Drop patch nssov-build
1443 - d/rules:
1444 - add nssov to CONTRIB_MODULES
1445 - add sysconfdir to CONTRIB_MAKEVARS
1446 - d/slapd.install:
1447 - install nssov overlay
1448 - d/slapd.manpages:
1449 - install slapo-nssov(5) man page
1450
1451 -- Ryan Tandy <ryan@nardis.ca> Sun, 13 Jan 2019 04:47:09 +0000
1452
496openldap (2.4.47+dfsg-2) unstable; urgency=medium1453openldap (2.4.47+dfsg-2) unstable; urgency=medium
4971454
498 * Reintroduce slapi-dev binary package. (Closes: #711469)1455 * Reintroduce slapi-dev binary package. (Closes: #711469)
@@ -530,6 +1487,63 @@ openldap (2.4.47+dfsg-1) unstable; urgency=medium
5301487
531 -- Ryan Tandy <ryan@nardis.ca> Sun, 23 Dec 2018 12:50:40 -08001488 -- Ryan Tandy <ryan@nardis.ca> Sun, 23 Dec 2018 12:50:40 -0800
5321489
1490openldap (2.4.46+dfsg-5ubuntu3) disco; urgency=medium
1491
1492 * d/apparmor-profile: update apparmor profile to allow reading of
1493 files needed when slapd is behaving as a kerberos/gssapi client
1494 and acquiring its own ticket. (LP: #1783183)
1495
1496 -- Andreas Hasenack <andreas@canonical.com> Fri, 09 Nov 2018 21:29:51 -0200
1497
1498openldap (2.4.46+dfsg-5ubuntu2) disco; urgency=medium
1499
1500 * No-change rebuild for the perl 5.28 transition.
1501
1502 -- Adam Conrad <adconrad@ubuntu.com> Fri, 02 Nov 2018 18:14:37 -0600
1503
1504openldap (2.4.46+dfsg-5ubuntu1) cosmic; urgency=medium
1505
1506 * Merge from Debian unstable. Remaining changes:
1507 - Enable AppArmor support:
1508 - d/apparmor-profile: add AppArmor profile
1509 - d/rules: use dh_apparmor
1510 - d/control: Build-Depends on dh-apparmor
1511 - d/slapd.README.Debian: add note about AppArmor
1512 - Enable GSSAPI support:
1513 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1514 - Add --with-gssapi support
1515 - Make guess_service_principal() more robust when determining
1516 principal
1517 - d/configure.options: Configure with --with-gssapi
1518 - d/control: Added heimdal-dev as a build depend
1519 - d/rules:
1520 - Explicitly add -I/usr/include/heimdal to CFLAGS.
1521 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1522 - Enable ufw support:
1523 - d/control: suggest ufw.
1524 - d/rules: install ufw profile.
1525 - d/slapd.ufw.profile: add ufw profile.
1526 - Enable nss overlay:
1527 - d/{patches/nssov-build,rules}: Apply, build and package the
1528 nss overlay.
1529 - d/{rules,slapd.py}: Add apport hook.
1530 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1531 either the default DIT nor via an Authn mapping.
1532 - d/slapd.scripts-common:
1533 - add slapcat_opts to local variables.
1534 - Fix backup directory naming for multiple reconfiguration.
1535 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1536 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1537 in the openldap library, as required by Likewise-Open
1538 - Show distribution in version:
1539 - d/control: added lsb-release
1540 - d/patches/fix-ldap-distribution.patch: show distribution in version
1541 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1542 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1543 - GSSAPI support was enabled in 2.4.18-0ubuntu2
1544
1545 -- Gianfranco Costamagna <locutusofborg@debian.org> Wed, 09 May 2018 13:44:37 +0200
1546
533openldap (2.4.46+dfsg-5) unstable; urgency=medium1547openldap (2.4.46+dfsg-5) unstable; urgency=medium
5341548
535 * Restore slapd-smbk5pwd now that libldap is installable in unstable.1549 * Restore slapd-smbk5pwd now that libldap is installable in unstable.
@@ -549,6 +1563,49 @@ openldap (2.4.46+dfsg-3) unstable; urgency=medium
5491563
550 -- Ryan Tandy <ryan@nardis.ca> Fri, 04 May 2018 07:36:58 -07001564 -- Ryan Tandy <ryan@nardis.ca> Fri, 04 May 2018 07:36:58 -0700
5511565
1566openldap (2.4.46+dfsg-2ubuntu1) cosmic; urgency=low
1567
1568 * Merge from Debian unstable. Remaining changes:
1569 - Enable AppArmor support:
1570 - d/apparmor-profile: add AppArmor profile
1571 - d/rules: use dh_apparmor
1572 - d/control: Build-Depends on dh-apparmor
1573 - d/slapd.README.Debian: add note about AppArmor
1574 - Enable GSSAPI support:
1575 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1576 - Add --with-gssapi support
1577 - Make guess_service_principal() more robust when determining
1578 principal
1579 - d/configure.options: Configure with --with-gssapi
1580 - d/control: Added heimdal-dev as a build depend
1581 - d/rules:
1582 - Explicitly add -I/usr/include/heimdal to CFLAGS.
1583 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1584 - Enable ufw support:
1585 - d/control: suggest ufw.
1586 - d/rules: install ufw profile.
1587 - d/slapd.ufw.profile: add ufw profile.
1588 - Enable nss overlay:
1589 - d/{patches/nssov-build,rules}: Apply, build and package the
1590 nss overlay.
1591 - d/{rules,slapd.py}: Add apport hook.
1592 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1593 either the default DIT nor via an Authn mapping.
1594 - d/slapd.scripts-common:
1595 - add slapcat_opts to local variables.
1596 - Fix backup directory naming for multiple reconfiguration.
1597 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1598 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1599 in the openldap library, as required by Likewise-Open
1600 - Show distribution in version:
1601 - d/control: added lsb-release
1602 - d/patches/fix-ldap-distribution.patch: show distribution in version
1603 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1604 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1605 - GSSAPI support was enabled in 2.4.18-0ubuntu2
1606
1607 -- Gianfranco Costamagna <locutusofborg@debian.org> Fri, 04 May 2018 10:19:24 +0200
1608
552openldap (2.4.46+dfsg-2) unstable; urgency=medium1609openldap (2.4.46+dfsg-2) unstable; urgency=medium
5531610
554 * Remove version constraint from libldap-2.4-2 dependency on libldap-common.1611 * Remove version constraint from libldap-2.4-2 dependency on libldap-common.
@@ -578,6 +1635,49 @@ openldap (2.4.46+dfsg-1) unstable; urgency=medium
5781635
579 -- Ryan Tandy <ryan@nardis.ca> Thu, 03 May 2018 07:03:30 -07001636 -- Ryan Tandy <ryan@nardis.ca> Thu, 03 May 2018 07:03:30 -0700
5801637
1638openldap (2.4.45+dfsg-1ubuntu1) artful; urgency=low
1639
1640 * Merge from Debian unstable. Remaining changes:
1641 - Enable AppArmor support:
1642 - d/apparmor-profile: add AppArmor profile
1643 - d/rules: use dh_apparmor
1644 - d/control: Build-Depends on dh-apparmor
1645 - d/slapd.README.Debian: add note about AppArmor
1646 - Enable GSSAPI support:
1647 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1648 - Add --with-gssapi support
1649 - Make guess_service_principal() more robust when determining
1650 principal
1651 - d/configure.options: Configure with --with-gssapi
1652 - d/control: Added heimdal-dev as a build depend
1653 - d/rules:
1654 - Explicitly add -I/usr/include/heimdal to CFLAGS.
1655 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1656 - Enable ufw support:
1657 - d/control: suggest ufw.
1658 - d/rules: install ufw profile.
1659 - d/slapd.ufw.profile: add ufw profile.
1660 - Enable nss overlay:
1661 - d/{patches/nssov-build,rules}: Apply, build and package the
1662 nss overlay.
1663 - d/{rules,slapd.py}: Add apport hook.
1664 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1665 either the default DIT nor via an Authn mapping.
1666 - d/slapd.scripts-common:
1667 - add slapcat_opts to local variables.
1668 - Fix backup directory naming for multiple reconfiguration.
1669 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1670 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1671 in the openldap library, as required by Likewise-Open
1672 - Show distribution in version:
1673 - d/control: added lsb-release
1674 - d/patches/fix-ldap-distribution.patch: show distribution in version
1675 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1676 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1677 - GSSAPI support was enabled in 2.4.18-0ubuntu2
1678
1679 -- Gianfranco Costamagna <locutusofborg@debian.org> Fri, 28 Jul 2017 14:49:07 +0200
1680
581openldap (2.4.45+dfsg-1) unstable; urgency=medium1681openldap (2.4.45+dfsg-1) unstable; urgency=medium
5821682
583 * New upstream release.1683 * New upstream release.
@@ -619,6 +1719,49 @@ openldap (2.4.45+dfsg-1) unstable; urgency=medium
6191719
620 -- Ryan Tandy <ryan@nardis.ca> Thu, 27 Jul 2017 18:04:41 -07001720 -- Ryan Tandy <ryan@nardis.ca> Thu, 27 Jul 2017 18:04:41 -0700
6211721
1722openldap (2.4.44+dfsg-8ubuntu1) artful; urgency=low
1723
1724 * Merge from Debian unstable. Remaining changes:
1725 - Enable AppArmor support:
1726 - d/apparmor-profile: add AppArmor profile
1727 - d/rules: use dh_apparmor
1728 - d/control: Build-Depends on dh-apparmor
1729 - d/slapd.README.Debian: add note about AppArmor
1730 - Enable GSSAPI support:
1731 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1732 - Add --with-gssapi support
1733 - Make guess_service_principal() more robust when determining
1734 principal
1735 - d/configure.options: Configure with --with-gssapi
1736 - d/control: Added heimdal-dev as a build depend
1737 - d/rules:
1738 - Explicitly add -I/usr/include/heimdal to CFLAGS.
1739 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1740 - Enable ufw support:
1741 - d/control: suggest ufw.
1742 - d/rules: install ufw profile.
1743 - d/slapd.ufw.profile: add ufw profile.
1744 - Enable nss overlay:
1745 - d/{patches/nssov-build,rules}: Apply, build and package the
1746 nss overlay.
1747 - d/{rules,slapd.py}: Add apport hook.
1748 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1749 either the default DIT nor via an Authn mapping.
1750 - d/slapd.scripts-common:
1751 - add slapcat_opts to local variables.
1752 - Fix backup directory naming for multiple reconfiguration.
1753 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1754 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1755 in the openldap library, as required by Likewise-Open
1756 - Show distribution in version:
1757 - d/control: added lsb-release
1758 - d/patches/fix-ldap-distribution.patch: show distribution in version
1759 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1760 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1761 - GSSAPI support was enabled in 2.4.18-0ubuntu2
1762
1763 -- Gianfranco Costamagna <locutusofborg@debian.org> Mon, 17 Jul 2017 10:58:24 +0200
1764
622openldap (2.4.44+dfsg-8) unstable; urgency=medium1765openldap (2.4.44+dfsg-8) unstable; urgency=medium
6231766
624 * Disable test060-mt-hot on ppc64el temporarily to avoid failing tests until1767 * Disable test060-mt-hot on ppc64el temporarily to avoid failing tests until
@@ -629,6 +1772,52 @@ openldap (2.4.44+dfsg-8) unstable; urgency=medium
6291772
630 -- Ryan Tandy <ryan@nardis.ca> Sun, 16 Jul 2017 12:57:41 -07001773 -- Ryan Tandy <ryan@nardis.ca> Sun, 16 Jul 2017 12:57:41 -0700
6311774
1775openldap (2.4.44+dfsg-7ubuntu1) artful; urgency=medium
1776
1777 * Merge from Debian unstable. Remaining changes:
1778 - Enable AppArmor support:
1779 - d/apparmor-profile: add AppArmor profile
1780 - d/rules: use dh_apparmor
1781 - d/control: Build-Depends on dh-apparmor
1782 - d/slapd.README.Debian: add note about AppArmor
1783 - Enable GSSAPI support:
1784 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1785 - Add --with-gssapi support
1786 - Make guess_service_principal() more robust when determining
1787 principal
1788 - d/configure.options: Configure with --with-gssapi
1789 - d/control: Added heimdal-dev as a build depend
1790 - d/rules:
1791 - Explicitly add -I/usr/include/heimdal to CFLAGS.
1792 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1793 - Enable ufw support:
1794 - d/control: suggest ufw.
1795 - d/rules: install ufw profile.
1796 - d/slapd.ufw.profile: add ufw profile.
1797 - Enable nss overlay:
1798 - d/{patches/nssov-build,rules}: Apply, build and package the
1799 nss overlay.
1800 - d/{rules,slapd.py}: Add apport hook.
1801 [ d/rules modification mentioned above was dropped in
1802 2.4.23-6ubuntu1, re-adding it ]
1803 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1804 either the default DIT nor via an Authn mapping.
1805 - d/slapd.scripts-common:
1806 - add slapcat_opts to local variables.
1807 - Fix backup directory naming for multiple reconfiguration.
1808 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1809 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1810 in the openldap library, as required by Likewise-Open
1811 - Show distribution in version:
1812 - d/control: added lsb-release
1813 - d/patches/fix-ldap-distribution.patch: show distribution in version
1814 [ Refreshed patch ]
1815 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1816 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1817 - GSSAPI support was enabled in 2.4.18-0ubuntu2
1818
1819 -- Gianfranco Costamagna <locutusofborg@debian.org> Tue, 27 Jun 2017 10:21:41 +0200
1820
632openldap (2.4.44+dfsg-7) unstable; urgency=medium1821openldap (2.4.44+dfsg-7) unstable; urgency=medium
6331822
634 * Relax the dependency of libldap-2.4-2 on libldap-common to also permit1823 * Relax the dependency of libldap-2.4-2 on libldap-common to also permit
@@ -636,6 +1825,52 @@ openldap (2.4.44+dfsg-7) unstable; urgency=medium
6361825
637 -- Ryan Tandy <ryan@nardis.ca> Tue, 27 Jun 2017 18:53:12 -07001826 -- Ryan Tandy <ryan@nardis.ca> Tue, 27 Jun 2017 18:53:12 -0700
6381827
1828openldap (2.4.44+dfsg-6ubuntu1) artful; urgency=medium
1829
1830 * Merge from Debian unstable. Remaining changes:
1831 - Enable AppArmor support:
1832 - d/apparmor-profile: add AppArmor profile
1833 - d/rules: use dh_apparmor
1834 - d/control: Build-Depends on dh-apparmor
1835 - d/slapd.README.Debian: add note about AppArmor
1836 - Enable GSSAPI support:
1837 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1838 - Add --with-gssapi support
1839 - Make guess_service_principal() more robust when determining
1840 principal
1841 - d/configure.options: Configure with --with-gssapi
1842 - d/control: Added heimdal-dev as a build depend
1843 - d/rules:
1844 - Explicitly add -I/usr/include/heimdal to CFLAGS.
1845 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1846 - Enable ufw support:
1847 - d/control: suggest ufw.
1848 - d/rules: install ufw profile.
1849 - d/slapd.ufw.profile: add ufw profile.
1850 - Enable nss overlay:
1851 - d/{patches/nssov-build,rules}: Apply, build and package the
1852 nss overlay.
1853 - d/{rules,slapd.py}: Add apport hook.
1854 [ d/rules modification mentioned above was dropped in
1855 2.4.23-6ubuntu1, re-adding it ]
1856 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1857 either the default DIT nor via an Authn mapping.
1858 - d/slapd.scripts-common:
1859 - add slapcat_opts to local variables.
1860 - Fix backup directory naming for multiple reconfiguration.
1861 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1862 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1863 in the openldap library, as required by Likewise-Open
1864 - Show distribution in version:
1865 - d/control: added lsb-release
1866 - d/patches/fix-ldap-distribution.patch: show distribution in version
1867 [ Refreshed patch ]
1868 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1869 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1870 - GSSAPI support was enabled in 2.4.18-0ubuntu2
1871
1872 -- Gianfranco Costamagna <locutusofborg@debian.org> Tue, 27 Jun 2017 10:21:41 +0200
1873
639openldap (2.4.44+dfsg-6) unstable; urgency=medium1874openldap (2.4.44+dfsg-6) unstable; urgency=medium
6401875
641 * Update the list of non-translatable strings for the1876 * Update the list of non-translatable strings for the
@@ -644,6 +1879,54 @@ openldap (2.4.44+dfsg-6) unstable; urgency=medium
6441879
645 -- Ryan Tandy <ryan@nardis.ca> Mon, 26 Jun 2017 19:42:02 -07001880 -- Ryan Tandy <ryan@nardis.ca> Mon, 26 Jun 2017 19:42:02 -0700
6461881
1882openldap (2.4.44+dfsg-5ubuntu1) artful; urgency=medium
1883
1884 * Merge from Debian unstable. Remaining changes:
1885 - Enable AppArmor support:
1886 - d/apparmor-profile: add AppArmor profile
1887 - d/rules: use dh_apparmor
1888 - d/control: Build-Depends on dh-apparmor
1889 - d/slapd.README.Debian: add note about AppArmor
1890 - Enable GSSAPI support:
1891 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1892 - Add --with-gssapi support
1893 - Make guess_service_principal() more robust when determining
1894 principal
1895 - d/configure.options: Configure with --with-gssapi
1896 - d/control: Added heimdal-dev as a build depend
1897 - d/rules:
1898 - Explicitly add -I/usr/include/heimdal to CFLAGS.
1899 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1900 - Enable ufw support:
1901 - d/control: suggest ufw.
1902 - d/rules: install ufw profile.
1903 - d/slapd.ufw.profile: add ufw profile.
1904 - Enable nss overlay:
1905 - d/{patches/nssov-build,rules}: Apply, build and package the
1906 nss overlay.
1907 - d/{rules,slapd.py}: Add apport hook.
1908 [ d/rules modification mentioned above was dropped in
1909 2.4.23-6ubuntu1, re-adding it ]
1910 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1911 either the default DIT nor via an Authn mapping.
1912 - d/slapd.scripts-common:
1913 - add slapcat_opts to local variables.
1914 - Fix backup directory naming for multiple reconfiguration.
1915 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1916 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1917 in the openldap library, as required by Likewise-Open
1918 - Show distribution in version:
1919 - d/control: added lsb-release
1920 - d/patches/fix-ldap-distribution.patch: show distribution in version
1921 [ Refreshed patch ]
1922 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1923 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1924 - GSSAPI support was enabled in 2.4.18-0ubuntu2
1925 [ undocumented in prior merge, added in 2.4.41+dfsg-1ubuntu1 ]
1926 - Fix use after free with GnuTLS. (LP #1557248)
1927
1928 -- Gianfranco Costamagna <locutusofborg@debian.org> Sun, 28 May 2017 22:43:50 +0200
1929
647openldap (2.4.44+dfsg-5) unstable; urgency=medium1930openldap (2.4.44+dfsg-5) unstable; urgency=medium
6481931
649 * debian/patches/ITS-8644-wait-for-slapd-to-start-in-test064.patch: Fix an1932 * debian/patches/ITS-8644-wait-for-slapd-to-start-in-test064.patch: Fix an
@@ -655,6 +1938,54 @@ openldap (2.4.44+dfsg-5) unstable; urgency=medium
6551938
656 -- Ryan Tandy <ryan@nardis.ca> Sun, 28 May 2017 09:59:46 -07001939 -- Ryan Tandy <ryan@nardis.ca> Sun, 28 May 2017 09:59:46 -0700
6571940
1941openldap (2.4.44+dfsg-4ubuntu1) artful; urgency=low
1942
1943 * Merge from Debian unstable. Remaining changes:
1944 - Enable AppArmor support:
1945 - d/apparmor-profile: add AppArmor profile
1946 - d/rules: use dh_apparmor
1947 - d/control: Build-Depends on dh-apparmor
1948 - d/slapd.README.Debian: add note about AppArmor
1949 - Enable GSSAPI support:
1950 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
1951 - Add --with-gssapi support
1952 - Make guess_service_principal() more robust when determining
1953 principal
1954 - d/configure.options: Configure with --with-gssapi
1955 - d/control: Added heimdal-dev as a build depend
1956 - d/rules:
1957 - Explicitly add -I/usr/include/heimdal to CFLAGS.
1958 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
1959 - Enable ufw support:
1960 - d/control: suggest ufw.
1961 - d/rules: install ufw profile.
1962 - d/slapd.ufw.profile: add ufw profile.
1963 - Enable nss overlay:
1964 - d/{patches/nssov-build,rules}: Apply, build and package the
1965 nss overlay.
1966 - d/{rules,slapd.py}: Add apport hook.
1967 [ d/rules modification mentioned above was dropped in
1968 2.4.23-6ubuntu1, re-adding it ]
1969 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
1970 either the default DIT nor via an Authn mapping.
1971 - d/slapd.scripts-common:
1972 - add slapcat_opts to local variables.
1973 - Fix backup directory naming for multiple reconfiguration.
1974 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
1975 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
1976 in the openldap library, as required by Likewise-Open
1977 - Show distribution in version:
1978 - d/control: added lsb-release
1979 - d/patches/fix-ldap-distribution.patch: show distribution in version
1980 [ Refreshed patch ]
1981 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
1982 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
1983 - GSSAPI support was enabled in 2.4.18-0ubuntu2
1984 [ undocumented in prior merge, added in 2.4.41+dfsg-1ubuntu1 ]
1985 - Fix use after free with GnuTLS. (LP #1557248)
1986
1987 -- Gianfranco Costamagna <locutusofborg@debian.org> Sat, 22 Apr 2017 14:28:54 +0200
1988
658openldap (2.4.44+dfsg-4) unstable; urgency=medium1989openldap (2.4.44+dfsg-4) unstable; urgency=medium
6591990
660 * Improve the slapd/ppolicy_schema_needs_update debconf template. Thanks to1991 * Improve the slapd/ppolicy_schema_needs_update debconf template. Thanks to
@@ -701,6 +2032,67 @@ openldap (2.4.44+dfsg-4) unstable; urgency=medium
7012032
702 -- Ryan Tandy <ryan@nardis.ca> Sun, 16 Apr 2017 20:10:43 -07002033 -- Ryan Tandy <ryan@nardis.ca> Sun, 16 Apr 2017 20:10:43 -0700
7032034
2035openldap (2.4.44+dfsg-3ubuntu2) zesty; urgency=medium
2036
2037 * d/rules: Fix typo in previous upload.
2038
2039 -- Nishanth Aravamudan <nish.aravamudan@canonical.com> Fri, 10 Feb 2017 12:17:02 -0800
2040
2041openldap (2.4.44+dfsg-3ubuntu1) zesty; urgency=medium
2042
2043 * Merge with Debian unstable (LP: #1663702, LP: #1654416). Remaining
2044 changes
2045 - Enable AppArmor support:
2046 - d/apparmor-profile: add AppArmor profile
2047 - d/rules: use dh_apparmor
2048 - d/control: Build-Depends on dh-apparmor
2049 - d/slapd.README.Debian: add note about AppArmor
2050 - Enable GSSAPI support:
2051 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
2052 - Add --with-gssapi support
2053 - Make guess_service_principal() more robust when determining
2054 principal
2055 - d/configure.options: Configure with --with-gssapi
2056 - d/control: Added heimdal-dev as a build depend
2057 - d/rules:
2058 - Explicitly add -I/usr/include/heimdal to CFLAGS.
2059 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
2060 - Enable ufw support:
2061 - d/control: suggest ufw.
2062 - d/rules: install ufw profile.
2063 - d/slapd.ufw.profile: add ufw profile.
2064 - Enable nss overlay:
2065 - d/{patches/nssov-build,rules}: Apply, build and package the
2066 nss overlay.
2067 - d/{rules,slapd.py}: Add apport hook.
2068 [ d/rules modification mentioned above was dropped in
2069 2.4.23-6ubuntu1, re-adding it ]
2070 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
2071 either the default DIT nor via an Authn mapping.
2072 - d/slapd.scripts-common:
2073 - add slapcat_opts to local variables.
2074 - Fix backup directory naming for multiple reconfiguration.
2075 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
2076 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
2077 in the openldap library, as required by Likewise-Open
2078 - Show distribution in version:
2079 - d/control: added lsb-release
2080 - d/patches/fix-ldap-distribution.patch: show distribution in version
2081 [ Refreshed patch ]
2082 - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
2083 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
2084 - GSSAPI support was enabled in 2.4.18-0ubuntu2
2085 [ undocumented in prior merge, added in 2.4.41+dfsg-1ubuntu1 ]
2086 - Fix use after free with GnuTLS. (LP #1557248)
2087 * Drop:
2088 - d/slapd.scripts-common:
2089 + Remove unused variable new_conf.
2090 [ configure_v2_protocol_support function removed in 2.4.44+dfsg-1 ]
2091 - d/b/config.log: add config.log
2092 [ previously undocumented, stray change ]
2093
2094 -- Nishanth Aravamudan <nish.aravamudan@canonical.com> Fri, 10 Feb 2017 11:38:57 -0800
2095
704openldap (2.4.44+dfsg-3) unstable; urgency=medium2096openldap (2.4.44+dfsg-3) unstable; urgency=medium
7052097
706 * Apply upstream patch to fix FTBFS on kFreeBSD. (Closes: #845394)2098 * Apply upstream patch to fix FTBFS on kFreeBSD. (Closes: #845394)
@@ -773,6 +2165,73 @@ openldap (2.4.44+dfsg-1) unstable; urgency=medium
7732165
774 -- Ryan Tandy <ryan@nardis.ca> Mon, 14 Nov 2016 18:59:30 -08002166 -- Ryan Tandy <ryan@nardis.ca> Mon, 14 Nov 2016 18:59:30 -0800
7752167
2168openldap (2.4.42+dfsg-2ubuntu5) zesty; urgency=medium
2169
2170 * No-change rebuild for perl 5.24 transition
2171
2172 -- Iain Lane <iain@orangesquash.org.uk> Mon, 24 Oct 2016 10:37:13 +0100
2173
2174openldap (2.4.42+dfsg-2ubuntu4) yakkety; urgency=medium
2175
2176 * Fix use after free with GnuTLS. (LP: #1557248)
2177
2178 -- Maciej Puzio <maciej@work.swmed.edu> Fri, 25 Mar 2016 15:24:25 -0500
2179
2180openldap (2.4.42+dfsg-2ubuntu3) xenial; urgency=medium
2181
2182 * Fix building with gssapi suppport:
2183 - Explicitly add -I/usr/include/heimdal to CFLAGS.
2184 - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
2185
2186 -- Matthias Klose <doko@ubuntu.com> Thu, 18 Feb 2016 09:17:27 +0100
2187
2188openldap (2.4.42+dfsg-2ubuntu2) xenial; urgency=medium
2189
2190 * No-change rebuild for gnutls transition.
2191
2192 -- Matthias Klose <doko@ubuntu.com> Wed, 17 Feb 2016 22:27:04 +0000
2193
2194openldap (2.4.42+dfsg-2ubuntu1) xenial; urgency=medium
2195
2196 * Merge from Debian testing (LP: #1532648). Remaining changes:
2197 - Enable AppArmor support:
2198 - d/apparmor-profile: add AppArmor profile
2199 - d/rules: use dh_apparmor
2200 - d/control: Build-Depends on dh-apparmor
2201 - d/slapd.README.Debian: add note about AppArmor
2202 - Enable GSSAPI support:
2203 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
2204 - Add --with-gssapi support
2205 - Make guess_service_principal() more robust when determining
2206 principal
2207 - d/configure.options: Configure with --with-gssapi
2208 - d/control: Added heimdal-dev as a build depend
2209 - Enable ufw support:
2210 - d/control: suggest ufw.
2211 - d/rules: install ufw profile.
2212 - d/slapd.ufw.profile: add ufw profile.
2213 - Enable nss overlay:
2214 - d/{patches/nssov-build,rules}: Apply, build and package the
2215 nss overlay.
2216 - d/{rules,slapd.py}: Add apport hook.
2217 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
2218 either the default DIT nor via an Authn mapping.
2219 - d/slapd.scripts-common:
2220 - add slapcat_opts to local variables.
2221 - Remove unused variable new_conf.
2222 - Fix backup directory naming for multiple reconfiguration.
2223 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
2224 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
2225 in the openldap library, as required by Likewise-Open
2226 - Show distribution in version:
2227 - d/control: added lsb-release
2228 - d/patches/fix-ldap-distribution.patch: show distribution in version
2229 * Drop CVE-2015-6908.patch, included in Debian.
2230 * Remove DEB_HOST_ARCH from debian/rules: left over from when mdb was
2231 disabled on ppc64el, no longer used, and missed in the previous merge.
2232
2233 -- Ryan Tandy <ryan@nardis.ca> Sun, 10 Jan 2016 15:50:53 -0800
2234
776openldap (2.4.42+dfsg-2) unstable; urgency=medium2235openldap (2.4.42+dfsg-2) unstable; urgency=medium
7772236
778 [ Ryan Tandy ]2237 [ Ryan Tandy ]
@@ -840,6 +2299,71 @@ openldap (2.4.42+dfsg-1) unstable; urgency=medium
8402299
841 -- Ryan Tandy <ryan@nardis.ca> Fri, 21 Aug 2015 13:07:51 -07002300 -- Ryan Tandy <ryan@nardis.ca> Fri, 21 Aug 2015 13:07:51 -0700
8422301
2302openldap (2.4.41+dfsg-1ubuntu3) xenial; urgency=medium
2303
2304 * Rebuild for Perl 5.22.1.
2305
2306 -- Colin Watson <cjwatson@ubuntu.com> Fri, 18 Dec 2015 15:10:17 +0000
2307
2308openldap (2.4.41+dfsg-1ubuntu2) wily; urgency=medium
2309
2310 * SECURITY UPDATE: denial of service via crafted BER data
2311 - debian/patches/CVE-2015-6908.patch: remove obsolete assert in
2312 libraries/liblber/io.c.
2313 - CVE-2015-6908
2314
2315 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 14 Sep 2015 10:25:04 -0400
2316
2317openldap (2.4.41+dfsg-1ubuntu1) wily; urgency=medium
2318
2319 * Merge from Debian testing (LP: #1471831). Remaining changes:
2320 - Enable AppArmor support:
2321 - d/apparmor-profile: add AppArmor profile
2322 - d/rules: use dh_apparmor
2323 - d/control: Build-Depends on dh-apparmor
2324 - d/slapd.README.Debian: add note about AppArmor
2325 - Enable GSSAPI support:
2326 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
2327 - Add --with-gssapi support
2328 - Make guess_service_principal() more robust when determining
2329 principal
2330 - d/configure.options: Configure with --with-gssapi
2331 - d/control: Added heimdal-dev as a build depend
2332 - Enable ufw support:
2333 - d/control: suggest ufw.
2334 - d/rules: install ufw profile.
2335 - d/slapd.ufw.profile: add ufw profile.
2336 - Enable nss overlay:
2337 - d/{patches/nssov-build,rules}: Apply, build and package the
2338 nss overlay.
2339 - d/{rules,slapd.py}: Add apport hook.
2340 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
2341 either the default DIT nor via an Authn mapping.
2342 - d/slapd.scripts-common:
2343 - add slapcat_opts to local variables.
2344 - Remove unused variable new_conf.
2345 - Fix backup directory naming for multiple reconfiguration.
2346 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
2347 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
2348 in the openldap library, as required by Likewise-Open
2349 - Show distribution in version:
2350 - d/control: added lsb-release
2351 - d/patches/fix-ldap-distribution.patch: show distribution in version
2352 * Dropped changes:
2353 - Fix cpp calls for GCC 5: fixed upstream (ITS#8056)
2354 * Upstream fixes:
2355 - slapd crash with auditlog overlay and large (~27KB) attribute values
2356 (ITS#8003) (LP: #1461276)
2357 - nssov updated to support recent nss-pam-ldapd client libraries
2358 (ITS#8097) (LP: #1393306)
2359 * Update d/patches/nssov-build for upstream changes.
2360 * Tweak d/patches/gssapi.diff to apply without fuzz.
2361 * d/libldap-2.4-2.symbols: Add symbols not present in Debian.
2362 - CLDAP (UDP) was added in 2.4.17-1ubuntu2
2363 - GSSAPI support was enabled in 2.4.18-0ubuntu2
2364
2365 -- Ryan Tandy <ryan@nardis.ca> Fri, 24 Jul 2015 14:12:06 -0700
2366
843openldap (2.4.41+dfsg-1) unstable; urgency=medium2367openldap (2.4.41+dfsg-1) unstable; urgency=medium
8442368
845 * New upstream release.2369 * New upstream release.
@@ -859,6 +2383,62 @@ openldap (2.4.40+dfsg-2) unstable; urgency=medium
8592383
860 -- Ryan Tandy <ryan@nardis.ca> Sun, 28 Jun 2015 20:40:37 -07002384 -- Ryan Tandy <ryan@nardis.ca> Sun, 28 Jun 2015 20:40:37 -0700
8612385
2386openldap (2.4.40+dfsg-1ubuntu2) wily; urgency=medium
2387
2388 * No-change rebuild for the libnettle6 transition.
2389
2390 -- Adam Conrad <adconrad@ubuntu.com> Sun, 14 Jun 2015 03:58:30 -0600
2391
2392openldap (2.4.40+dfsg-1ubuntu1) wily; urgency=low
2393
2394 * Merge from Debian testing (LP: #1395098, LP: #1316124). Remaining changes:
2395 - Enable AppArmor support:
2396 - d/apparmor-profile: add AppArmor profile
2397 - d/rules: use dh_apparmor
2398 - d/control: Build-Depends on dh-apparmor
2399 - d/slapd.README.Debian: add note about AppArmor
2400 - Enable GSSAPI support:
2401 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
2402 - Add --with-gssapi support
2403 - Make guess_service_principal() more robust when determining
2404 principal
2405 - d/configure.options: Configure with --with-gssapi
2406 - d/control: Added heimdal-dev as a build depend
2407 - Enable ufw support:
2408 - d/control: suggest ufw.
2409 - d/rules: install ufw profile.
2410 - d/slapd.ufw.profile: add ufw profile.
2411 - Enable nss overlay:
2412 - d/{patches/nssov-build,rules}: Apply, build and package the
2413 nss overlay.
2414 - d/{rules,slapd.py}: Add apport hook.
2415 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
2416 either the default DIT nor via an Authn mapping.
2417 - d/slapd.scripts-common:
2418 - add slapcat_opts to local variables.
2419 - Remove unused variable new_conf.
2420 - Fix backup directory naming for multiple reconfiguration.
2421 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
2422 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
2423 in the openldap library, as required by Likewise-Open
2424 - Show distribution in version:
2425 - d/control: added lsb-release
2426 - d/patches/fix-ldap-distribution.patch: show distribution in version
2427 * Drop patches included upstream:
2428 - d/patches/0001-ITS-7430-GnuTLS-Avoid-use-of-deprecated-function.patch
2429 - d/patches/bdb-deadlock.patch
2430 - d/patches/its-7354-fix-delta-sync-mmr.diff
2431 * Drop hardening-wrapper as Debian now sets PIE and bindnow flags.
2432 * debian/patches/nssov-build: Adjust for upstream changes.
2433 * debian/apparmor-profile:
2434 - Change 'r' to 'rw' for ldapi and nslcd sockets, required for apparmor
2435 kernel ABI v7 (utopic and later). (LP: #1392018)
2436 - Reduce permissions on /run/nslcd to just the nslcd socket.
2437 * Enable the mdb backend again on ppc64el, fixed upstream in ITS#7713.
2438 (LP: #1293250)
2439
2440 -- Ryan Tandy <ryan@nardis.ca> Mon, 25 May 2015 19:49:21 -0700
2441
862openldap (2.4.40+dfsg-1) unstable; urgency=medium2442openldap (2.4.40+dfsg-1) unstable; urgency=medium
8632443
864 * Remove inetorgperson.schema from the upstream source. Replace it with a2444 * Remove inetorgperson.schema from the upstream source. Replace it with a
@@ -1047,6 +2627,187 @@ openldap (2.4.39-1) unstable; urgency=low
10472627
1048 -- Steve Langasek <vorlon@debian.org> Mon, 17 Mar 2014 15:27:31 -07002628 -- Steve Langasek <vorlon@debian.org> Mon, 17 Mar 2014 15:27:31 -0700
10492629
2630openldap (2.4.31-1+nmu2ubuntu12) vivid; urgency=medium
2631
2632 * Fix cpp calls for GCC 5.
2633
2634 -- Matthias Klose <doko@ubuntu.com> Fri, 06 Mar 2015 13:23:29 +0100
2635
2636openldap (2.4.31-1+nmu2ubuntu11) utopic; urgency=medium
2637
2638 * debian/apparmor-profile:
2639 - allow p11-kit abstraction
2640 - allow read of /etc/gss/mech.d/*
2641
2642 -- Jamie Strandboge <jamie@ubuntu.com> Tue, 02 Sep 2014 15:29:05 -0500
2643
2644openldap (2.4.31-1+nmu2ubuntu10) utopic; urgency=medium
2645
2646 * Rebuild for Perl 5.20.0.
2647
2648 -- Colin Watson <cjwatson@ubuntu.com> Thu, 21 Aug 2014 13:29:20 +0100
2649
2650openldap (2.4.31-1+nmu2ubuntu9) utopic; urgency=medium
2651
2652 * Cherry-pick upstream patch for compat with recent GNUTLS.
2653 * Build-depend on libgnutls28-dev.
2654 * Build-depend on libgcrypt20-dev.
2655
2656 -- Dimitri John Ledkov <xnox@ubuntu.com> Fri, 08 Aug 2014 11:01:56 +0100
2657
2658openldap (2.4.31-1+nmu2ubuntu8) trusty; urgency=medium
2659
2660 * Bump database_format_changed value to 2.4.31-1+nmu2ubuntu5 for db5.3.
2661
2662 -- Adam Conrad <adconrad@ubuntu.com> Mon, 17 Mar 2014 12:50:18 -0600
2663
2664openldap (2.4.31-1+nmu2ubuntu7) trusty; urgency=medium
2665
2666 * Disable mdb backend on ppc64el due to test-suite failures.
2667
2668 -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 17 Mar 2014 16:32:29 +0000
2669
2670openldap (2.4.31-1+nmu2ubuntu6) trusty; urgency=low
2671
2672 * Fix segfault issue with master-master syncrepl (LP: #1287730):
2673 - d/patches/its-7354-fix-delta-sync-mmr.diff: Cherry picked
2674 patch from upstream VCS.
2675
2676 -- Pierre Fersing <pfersing@sierrawireless.com> Tue, 04 Mar 2014 16:04:57 +0100
2677
2678openldap (2.4.31-1+nmu2ubuntu5) trusty; urgency=low
2679
2680 * Build-depend on libdb5.3-dev, instead of libdb5.1-dev.
2681
2682 -- Dmitrijs Ledkovs <xnox@ubuntu.com> Mon, 04 Nov 2013 08:04:30 +0000
2683
2684openldap (2.4.31-1+nmu2ubuntu4) trusty; urgency=low
2685
2686 * Rebuild for Perl 5.18.
2687
2688 -- Colin Watson <cjwatson@ubuntu.com> Tue, 22 Oct 2013 12:16:39 +0100
2689
2690openldap (2.4.31-1+nmu2ubuntu3) saucy; urgency=low
2691
2692 * Update build/config.guess and build/config.sub at build time; this was
2693 not done automatically because the top-level configure.in does not use
2694 Automake.
2695
2696 -- Colin Watson <cjwatson@ubuntu.com> Tue, 08 Oct 2013 17:24:59 +0100
2697
2698openldap (2.4.31-1+nmu2ubuntu2) saucy; urgency=low
2699
2700 * debian/control: added lsb-release
2701 * debian/patches/fix-ldap-distribution.patch: show distribution in version
2702
2703 -- Yolanda Robla <yolanda.robla@canonical.com> Mon, 08 Jul 2013 16:53:09 +0200
2704
2705openldap (2.4.31-1+nmu2ubuntu1) saucy; urgency=low
2706
2707 * Merge from Debian unstable. Remaining changes:
2708 - Enable AppArmor support:
2709 - d/apparmor-profile: add AppArmor profile
2710 - d/rules: use dh_apparmor
2711 - d/control: Build-Depends on dh-apparmor
2712 - d/slapd.README.Debian: add note about AppArmor
2713 - d/slapd.dirs: add etc/apparmor.d/force-complain
2714 - Enable GSSAPI support:
2715 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
2716 - Add --with-gssapi support
2717 - Make guess_service_principal() more robust when determining
2718 principal
2719 - d/configure.options: Configure with --with-gssapi
2720 - d/control: Added libkrb5-dev as a build depend
2721 - Enable ufw support:
2722 - d/control: suggest ufw.
2723 - d/rules: install ufw profile.
2724 - d/slapd.ufw.profile: add ufw profile.
2725 - Enable nss overlay:
2726 - d/{patches/nssov-build,/rules}: Apply, build and package the
2727 nss overlay.
2728 - d/{rules,slapd.py}: Add apport hook.
2729 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
2730 either the default DIT nor via an Authn mapping.
2731 - d/slapd.scripts-common:
2732 - add slapcat_opts to local variables.
2733 - Remove unused variable new_conf.
2734 - Fix backup directory naming for multiple reconfiguration.
2735 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
2736 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
2737 in the openldap library, as required by Likewise-Open
2738 - d/{control,rules}: enable PIE hardening
2739
2740 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 30 May 2013 13:03:25 -0400
2741
2742openldap (2.4.31-1+nmu2) unstable; urgency=high
2743
2744 * Non-maintainer upload.
2745 * No-change rebuild in a clean environment
2746
2747 -- Jonathan Wiltshire <jmw@debian.org> Tue, 23 Apr 2013 13:10:00 +0100
2748
2749openldap (2.4.31-1+nmu1) unstable; urgency=medium
2750
2751 * Non-maintainer upload.
2752 * Avoid deadlocks in back-bdb that truncate slapcat output (closes: #673038).
2753
2754 -- Michael Gilbert <mgilbert@debian.org> Tue, 16 Apr 2013 03:35:31 +0000
2755
2756openldap (2.4.31-1ubuntu2) quantal-proposed; urgency=low
2757
2758 * debian/slapd.py: Add AppArmor info and logs to apport hook.
2759
2760 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 20 Aug 2012 08:46:02 -0400
2761
2762openldap (2.4.31-1ubuntu1) quantal; urgency=low
2763
2764 * Merge from Debian unstable. Remaining changes:
2765 - Enable AppArmor support:
2766 - d/apparmor-profile: add AppArmor profile
2767 - d/rules: use dh_apparmor
2768 - d/control: Build-Depends on dh-apparmor
2769 - d/slapd.README.Debian: add note about AppArmor
2770 - d/slapd.dirs: add etc/apparmor.d/force-complain
2771 - Enable GSSAPI support (LP: #495418):
2772 - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
2773 - Add --with-gssapi support
2774 - Make guess_service_principal() more robust when determining
2775 principal
2776 - d/configure.options: Configure with --with-gssapi
2777 - d/control: Added libkrb5-dev as a build depend
2778 - Enable ufw support (LP: #423246):
2779 - d/control: suggest ufw.
2780 - d/rules: install ufw profile.
2781 - d/slapd.ufw.profile: add ufw profile.
2782 - Enable nss overlay (LP: #675391):
2783 - d/{patches/nssov-build,/rules}: Apply, build and package the
2784 nss overlay.
2785 - d/{rules,slapd.py}: Add apport hook. (LP: #610544)
2786 - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
2787 either the default DIT nor via an Authn mapping.
2788 - d/slapd.scripts-common:
2789 - add slapcat_opts to local variables.
2790 - Remove unused variable new_conf.
2791 - Fix backup directory naming for multiple reconfiguration.
2792 - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
2793 - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
2794 in the openldap library, as required by Likewise-Open (LP: #390579)
2795 - d/{control,rules}: enable PIE hardening
2796 * Dropped changes:
2797 - d/patches/its-7107-fix-Operation-init-on-reuse.diff: Included in upstream release.
2798 - d/patches/CVE-2011-4079: Included in upstream release.
2799 - d/patches/service-operational-before-detach: Included in upstream release.
2800 - d/schema/extra/misc.ldif: Included upstream.
2801 - d/{rules,schema/extra}: Fix configure and clean rules to support
2802 extra schemas shipped as part of the debian/schema/ directory; no longer required.
2803 - Included in Debian:
2804 + Document cn=config in README file.
2805 + Install a default DIT; actually a minimal configuration.
2806 + d/patches/heimdal-fix.
2807 * General tidy of d/patches to remove obsolete patches being held in Ubuntu delta.
2808
2809 -- James Page <james.page@ubuntu.com> Fri, 20 Jul 2012 13:48:32 +0100
2810
1050openldap (2.4.31-1) unstable; urgency=low2811openldap (2.4.31-1) unstable; urgency=low
10512812
1052 * New upstream release.2813 * New upstream release.
@@ -1073,6 +2834,121 @@ openldap (2.4.31-1) unstable; urgency=low
10732834
1074 -- Steve Langasek <vorlon@debian.org> Wed, 27 Jun 2012 03:27:34 +00002835 -- Steve Langasek <vorlon@debian.org> Wed, 27 Jun 2012 03:27:34 +0000
10752836
2837openldap (2.4.28-1.1ubuntu6) quantal; urgency=low
2838
2839 * Fix issue with intermittent connection issues when using LDAPv3
2840 protocol (LP: #1023025):
2841 - d/patches/its-7107-fix-Operation-init-on-reuse.diff: Cherry picked
2842 patch from upstream VCS which ensures objects are initialized before
2843 re-use.
2844
2845 -- Pierre Fersing <pfersing@sierrawireless.com> Thu, 19 Jul 2012 14:05:09 +0100
2846
2847openldap (2.4.28-1.1ubuntu5) quantal; urgency=low
2848
2849 * debian/rules: Add smbk5pwd build.
2850 * debian/control: Add slapd-smbk5pwd binary package.
2851 * debian/patches/heimdal-fix: adapt parameters of
2852 hdb_generate_key_set_password() to heimdal 1.6~git20120311
2853 (patch from Debian #664930).
2854
2855 -- Jorge Salamero Sanz <bencer@debian.org> Wed, 18 Jul 2012 09:30:28 -0400
2856
2857openldap (2.4.28-1.1ubuntu4) precise; urgency=low
2858
2859 * debian/control: Build-Depends on dh-apparmor (LP: #948481)
2860
2861 -- Jamie Strandboge <jamie@ubuntu.com> Thu, 05 Apr 2012 09:34:37 -0500
2862
2863openldap (2.4.28-1.1ubuntu3) precise; urgency=low
2864
2865 * Add its-7176-only-poll-sockets-for-write-as-needed.diff
2866 (LP: #932823).
2867
2868 -- Timo Aaltonen <tjaalton@ubuntu.com> Tue, 21 Feb 2012 15:36:29 +0200
2869
2870openldap (2.4.28-1.1ubuntu2) precise; urgency=low
2871
2872 * Remove debian/patches/CVE-2011-4079; it's already in this upstream
2873 version. Fixes FTBFS.
2874
2875 -- Daniel T Chen <crimsun@ubuntu.com> Wed, 25 Jan 2012 17:26:17 -0500
2876
2877openldap (2.4.28-1.1ubuntu1) precise; urgency=low
2878
2879 * Merge from Debian testing. Remaining changes:
2880 - Install a default DIT (LP: #442498).
2881 - Document cn=config in README file (LP: #370784).
2882 - remaining changes:
2883 + AppArmor support:
2884 - debian/apparmor-profile: add AppArmor profile
2885 - use dh_apparmor:
2886 - debian/rules: use dh_apparmor
2887 - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
2888 - updated debian/slapd.README.Debian for note on AppArmor
2889 - debian/slapd.dirs: add etc/apparmor.d/force-complain
2890 + Enable GSSAPI support (LP: #495418):
2891 - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
2892 - Add --with-gssapi support
2893 - Make guess_service_principal() more robust when determining
2894 principal
2895 - debian/patches/series: apply gssapi.diff patch.
2896 - debian/configure.options: Configure with --with-gssapi
2897 - debian/control: Added libkrb5-dev as a build depend
2898 + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
2899 in the openldap library, as required by Likewise-Open (LP: #390579)
2900 + Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
2901 - debian/control:
2902 - remove build-dependency on heimdal-dev.
2903 - remove slapd-smbk5pwd binary package.
2904 - debian/rules: don't build smbk5pwd slapd module.
2905 + debian/{control,rules}: enable PIE hardening
2906 + ufw support (LP: #423246):
2907 - debian/control: suggest ufw.
2908 - debian/rules: install ufw profile.
2909 - debian/slapd.ufw.profile: add ufw profile.
2910 + Enable nssoverlay:
2911 - debian/patches/nssov-build, debian/series, debian/rules:
2912 Apply, build and package the nss overlay.
2913 - debian/schema/extra/misc.ldif: add ldif file for the misc schema
2914 which defines rfc822MailMember (required by the nss overlay).
2915 + debian/rules, debian/schema/extra/:
2916 Fix configure rule to supports extra schemas shipped as part
2917 of the debian/schema/ directory.
2918 + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
2919 + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
2920 neither the default DIT nor via an Authn mapping.
2921 + debian/slapd.scripts-common: adjust minimum version that triggers a
2922 database upgrade. Upgrade from maverick shouldn't trigger database
2923 upgrade (which would happen with the version used in Debian).
2924 + debian/slapd.scripts-common: add slapcat_opts to local variables.
2925 Remove unused variable new_conf.
2926 + debian/slapd.script-common: Fix package reconfiguration.
2927 - Fix backup directory naming for multiple reconfiguration.
2928 + debian/slapd.default, debian/slapd.README.Debian:
2929 use the new configuration style.
2930 + Install nss overlay (LP: #675391):
2931 - debian/rules: run install target for nssov module.
2932 - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema
2933 + debian/patches/gssapi.diff:
2934 - Update patch so that likewise-open is usuable again. (LP: #661547)
2935 + debian/patches/service-operational-before-detach: New patch replacing old one
2936 of the same name as previous could cause database corruption based on upstream commits.
2937 (LP: #727973)
2938 + debian/patches/CVE-2011-4079: fix off by one error in postalAddressNormalize()
2939 (CVE-2011-4079)
2940
2941
2942 -- Chuck Short <zulcss@ubuntu.com> Mon, 23 Jan 2012 10:01:13 -0500
2943
2944openldap (2.4.28-1.1) unstable; urgency=low
2945
2946 * Non-maintainer upload.
2947 * Disable the mdb backend on non-Linux, it looks like it doesn't work with
2948 linuxthreads (closes: #654824).
2949
2950 -- Julien Cristau <jcristau@debian.org> Mon, 16 Jan 2012 19:45:42 +0100
2951
1076openldap (2.4.28-1) unstable; urgency=low2952openldap (2.4.28-1) unstable; urgency=low
10772953
1078 * New upstream release.2954 * New upstream release.
@@ -1100,6 +2976,72 @@ openldap (2.4.28-1) unstable; urgency=low
11002976
1101 -- Steve Langasek <vorlon@debian.org> Thu, 05 Jan 2012 06:07:11 +00002977 -- Steve Langasek <vorlon@debian.org> Thu, 05 Jan 2012 06:07:11 +0000
11022978
2979openldap (2.4.25-4ubuntu1) precise; urgency=low
2980
2981 * Merge from Debian testing. Remaining changes:
2982 - Install a default DIT (LP: #442498).
2983 - Document cn=config in README file (LP: #370784).
2984 - remaining changes:
2985 + AppArmor support:
2986 - debian/apparmor-profile: add AppArmor profile
2987 - use dh_apparmor:
2988 - debian/rules: use dh_apparmor
2989 - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
2990 - updated debian/slapd.README.Debian for note on AppArmor
2991 - debian/slapd.dirs: add etc/apparmor.d/force-complain
2992 + Enable GSSAPI support (LP: #495418):
2993 - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
2994 - Add --with-gssapi support
2995 - Make guess_service_principal() more robust when determining
2996 principal
2997 - debian/patches/series: apply gssapi.diff patch.
2998 - debian/configure.options: Configure with --with-gssapi
2999 - debian/control: Added libkrb5-dev as a build depend
3000 + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
3001 in the openldap library, as required by Likewise-Open (LP: #390579)
3002 + Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
3003 - debian/control:
3004 - remove build-dependency on heimdal-dev.
3005 - remove slapd-smbk5pwd binary package.
3006 - debian/rules: don't build smbk5pwd slapd module.
3007 + debian/{control,rules}: enable PIE hardening
3008 + ufw support (LP: #423246):
3009 - debian/control: suggest ufw.
3010 - debian/rules: install ufw profile.
3011 - debian/slapd.ufw.profile: add ufw profile.
3012 + Enable nssoverlay:
3013 - debian/patches/nssov-build, debian/series, debian/rules:
3014 Apply, build and package the nss overlay.
3015 - debian/schema/extra/misc.ldif: add ldif file for the misc schema
3016 which defines rfc822MailMember (required by the nss overlay).
3017 + debian/rules, debian/schema/extra/:
3018 Fix configure rule to supports extra schemas shipped as part
3019 of the debian/schema/ directory.
3020 + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
3021 + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
3022 neither the default DIT nor via an Authn mapping.
3023 + debian/slapd.scripts-common: adjust minimum version that triggers a
3024 database upgrade. Upgrade from maverick shouldn't trigger database
3025 upgrade (which would happen with the version used in Debian).
3026 + debian/slapd.scripts-common: add slapcat_opts to local variables.
3027 Remove unused variable new_conf.
3028 + debian/slapd.script-common: Fix package reconfiguration.
3029 - Fix backup directory naming for multiple reconfiguration.
3030 + debian/slapd.default, debian/slapd.README.Debian:
3031 use the new configuration style.
3032 + Install nss overlay (LP: #675391):
3033 - debian/rules: run install target for nssov module.
3034 - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema
3035 + debian/patches/gssapi.diff:
3036 - Update patch so that likewise-open is usuable again. (LP: #661547)
3037 + debian/patches/service-operational-before-detach: New patch replacing old one
3038 of the same name as previous could cause database corruption based on upstream commits.
3039 (LP: #727973)
3040 + debian/patches/CVE-2011-4079: fix off by one error in postalAddressNormalize()
3041 (CVE-2011-4079)
3042
3043 -- Chuck Short <zulcss@ubuntu.com> Tue, 22 Nov 2011 06:17:49 +0000
3044
1103openldap (2.4.25-4) unstable; urgency=low3045openldap (2.4.25-4) unstable; urgency=low
11043046
1105 * Drop explicit depends on libdb4.8, since we're now linking against3047 * Drop explicit depends on libdb4.8, since we're now linking against
@@ -1133,6 +3075,85 @@ openldap (2.4.25-4) unstable; urgency=low
11333075
1134 -- Steve Langasek <vorlon@debian.org> Tue, 18 Oct 2011 01:08:34 +00003076 -- Steve Langasek <vorlon@debian.org> Tue, 18 Oct 2011 01:08:34 +0000
11353077
3078openldap (2.4.25-3ubuntu3) precise; urgency=low
3079
3080 * Rebuild for Perl 5.14.
3081
3082 -- Colin Watson <cjwatson@ubuntu.com> Tue, 15 Nov 2011 20:50:09 +0000
3083
3084openldap (2.4.25-3ubuntu2) precise; urgency=low
3085
3086 * SECURITY UPDATE: potential denial of service (LP: #884163)
3087 - debian/patches/CVE-2011-4079: fix off by one error in
3088 postalAddressNormalize()
3089 - CVE-2011-4079
3090
3091 -- Jamie Strandboge <jamie@ubuntu.com> Mon, 14 Nov 2011 13:59:56 -0600
3092
3093openldap (2.4.25-3ubuntu1) precise; urgency=low
3094
3095 * Merge from debian unstable. Remaining changes:
3096 - Install a default DIT (LP: #442498).
3097 - Document cn=config in README file (LP: #370784).
3098 - remaining changes:
3099 + AppArmor support:
3100 - debian/apparmor-profile: add AppArmor profile
3101 - use dh_apparmor:
3102 - debian/rules: use dh_apparmor
3103 - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
3104 - updated debian/slapd.README.Debian for note on AppArmor
3105 - debian/slapd.dirs: add etc/apparmor.d/force-complain
3106 + Enable GSSAPI support (LP: #495418):
3107 - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
3108 - Add --with-gssapi support
3109 - Make guess_service_principal() more robust when determining
3110 principal
3111 - debian/patches/series: apply gssapi.diff patch.
3112 - debian/configure.options: Configure with --with-gssapi
3113 - debian/control: Added libkrb5-dev as a build depend
3114 + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
3115 in the openldap library, as required by Likewise-Open (LP: #390579)
3116 + Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
3117 - debian/control:
3118 - remove build-dependency on heimdal-dev.
3119 - remove slapd-smbk5pwd binary package.
3120 - debian/rules: don't build smbk5pwd slapd module.
3121 + debian/{control,rules}: enable PIE hardening
3122 + ufw support (LP: #423246):
3123 - debian/control: suggest ufw.
3124 - debian/rules: install ufw profile.
3125 - debian/slapd.ufw.profile: add ufw profile.
3126 + Enable nssoverlay:
3127 - debian/patches/nssov-build, debian/series, debian/rules:
3128 Apply, build and package the nss overlay.
3129 - debian/schema/extra/misc.ldif: add ldif file for the misc schema
3130 which defines rfc822MailMember (required by the nss overlay).
3131 + debian/rules, debian/schema/extra/:
3132 Fix configure rule to supports extra schemas shipped as part
3133 of the debian/schema/ directory.
3134 + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
3135 + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
3136 neither the default DIT nor via an Authn mapping.
3137 + debian/slapd.scripts-common: adjust minimum version that triggers a
3138 database upgrade. Upgrade from maverick shouldn't trigger database
3139 upgrade (which would happen with the version used in Debian).
3140 + debian/slapd.scripts-common: add slapcat_opts to local variables.
3141 Remove unused variable new_conf.
3142 + debian/slapd.script-common: Fix package reconfiguration.
3143 - Fix backup directory naming for multiple reconfiguration.
3144 + debian/slapd.default, debian/slapd.README.Debian:
3145 use the new configuration style.
3146 + Install nss overlay (LP: #675391):
3147 - debian/rules: run install target for nssov module.
3148 - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema
3149 + debian/patches/gssapi.diff:
3150 - Update patch so that likewise-open is usuable again. (LP: #661547)
3151 + debian/patches/service-operational-before-detach: New patch replacing old one
3152 of the same name as previous could cause database corruption based on upstream commits.
3153 (LP: #727973)
3154
3155 -- Chuck Short <zulcss@ubuntu.com> Wed, 19 Oct 2011 20:53:08 +0000
3156
1136openldap (2.4.25-3) unstable; urgency=low3157openldap (2.4.25-3) unstable; urgency=low
11373158
1138 * Brown paper bag: really fix the .links.in handling, so we don't generate3159 * Brown paper bag: really fix the .links.in handling, so we don't generate
@@ -1155,6 +3176,92 @@ openldap (2.4.25-2) unstable; urgency=low
11553176
1156 -- Steve Langasek <vorlon@debian.org> Sun, 14 Aug 2011 23:17:09 -07003177 -- Steve Langasek <vorlon@debian.org> Sun, 14 Aug 2011 23:17:09 -0700
11573178
3179openldap (2.4.25-1.1ubuntu4) oneiric; urgency=low
3180
3181 * Brown paper bag: really fix the .links.in handling, so we don't generate
3182 broken /usr/lib/${DEB_HOST_MULTIARCH} dirs.
3183
3184 -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 15 Aug 2011 09:43:29 +0000
3185
3186openldap (2.4.25-1.1ubuntu3) oneiric; urgency=low
3187
3188 * Cherry-pick multiarch support from Debian (LP: #826601):
3189 - Bump to compat level 7, so we don't have to spell out debian/tmp in
3190 every single .install file
3191 - Build for multiarch.
3192
3193 -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 15 Aug 2011 02:23:43 -0700
3194
3195openldap (2.4.25-1.1ubuntu2) oneiric; urgency=low
3196
3197 * debian/apparmor-profile: Allow /var/run and /run. (LP: #810270)
3198
3199 -- Martin Pitt <martin.pitt@ubuntu.com> Thu, 14 Jul 2011 15:18:02 +0200
3200
3201openldap (2.4.25-1.1ubuntu1) oneiric; urgency=low
3202
3203 * Merge from debian unstable. Remaining changes:
3204 - Install a default DIT (LP: #442498).
3205 - Document cn=config in README file (LP: #370784).
3206 - remaining changes:
3207 + AppArmor support:
3208 - debian/apparmor-profile: add AppArmor profile
3209 - use dh_apparmor:
3210 - debian/rules: use dh_apparmor
3211 - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
3212 - updated debian/slapd.README.Debian for note on AppArmor
3213 - debian/slapd.dirs: add etc/apparmor.d/force-complain
3214 + Enable GSSAPI support (LP: #495418):
3215 - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
3216 - Add --with-gssapi support
3217 - Make guess_service_principal() more robust when determining
3218 principal
3219 - debian/patches/series: apply gssapi.diff patch.
3220 - debian/configure.options: Configure with --with-gssapi
3221 - debian/control: Added libkrb5-dev as a build depend
3222 + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
3223 in the openldap library, as required by Likewise-Open (LP: #390579)
3224 + Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
3225 - debian/control:
3226 - remove build-dependency on heimdal-dev.
3227 - remove slapd-smbk5pwd binary package.
3228 - debian/rules: don't build smbk5pwd slapd module.
3229 + debian/{control,rules}: enable PIE hardening
3230 + ufw support (LP: #423246):
3231 - debian/control: suggest ufw.
3232 - debian/rules: install ufw profile.
3233 - debian/slapd.ufw.profile: add ufw profile.
3234 + Enable nssoverlay:
3235 - debian/patches/nssov-build, debian/series, debian/rules:
3236 Apply, build and package the nss overlay.
3237 - debian/schema/extra/misc.ldif: add ldif file for the misc schema
3238 which defines rfc822MailMember (required by the nss overlay).
3239 + debian/rules, debian/schema/extra/:
3240 Fix configure rule to supports extra schemas shipped as part
3241 of the debian/schema/ directory.
3242 + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
3243 + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
3244 neither the default DIT nor via an Authn mapping.
3245 + debian/slapd.scripts-common: adjust minimum version that triggers a
3246 database upgrade. Upgrade from maverick shouldn't trigger database
3247 upgrade (which would happen with the version used in Debian).
3248 + debian/slapd.scripts-common: add slapcat_opts to local variables.
3249 Remove unused variable new_conf.
3250 + debian/slapd.script-common: Fix package reconfiguration.
3251 - Fix backup directory naming for multiple reconfiguration.
3252 + debian/slapd.default, debian/slapd.README.Debian:
3253 use the new configuration style.
3254 + Install nss overlay (LP: #675391):
3255 - debian/rules: run install target for nssov module.
3256 - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema
3257 + debian/patches/gssapi.diff:
3258 - Update patch so that likewise-open is usuable again. (LP: #661547)
3259 + debian/patches/service-operational-before-detach: New patch replacing old one
3260 of the same name as previous could cause database corruption based on upstream commits.
3261 (LP: #727973)
3262
3263 -- Chuck Short <zulcss@ubuntu.com> Sun, 05 Jun 2011 17:38:40 +0100
3264
1158openldap (2.4.25-1.1) unstable; urgency=low3265openldap (2.4.25-1.1) unstable; urgency=low
11593266
1160 * Non-maintainer upload to fix RC bug.3267 * Non-maintainer upload to fix RC bug.
@@ -1162,6 +3269,75 @@ openldap (2.4.25-1.1) unstable; urgency=low
11623269
1163 -- Thijs Kinkhorst <thijs@debian.org> Tue, 31 May 2011 11:57:29 +02003270 -- Thijs Kinkhorst <thijs@debian.org> Tue, 31 May 2011 11:57:29 +0200
11643271
3272openldap (2.4.25-1ubuntu1) oneiric; urgency=low
3273
3274 * Merge from debian unstable. Remaining changes:
3275 - Install a default DIT (LP: #442498).
3276 - Document cn=config in README file (LP: #370784).
3277 - remaining changes:
3278 + AppArmor support:
3279 - debian/apparmor-profile: add AppArmor profile
3280 - use dh_apparmor:
3281 - debian/rules: use dh_apparmor
3282 - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
3283 - updated debian/slapd.README.Debian for note on AppArmor
3284 - debian/slapd.dirs: add etc/apparmor.d/force-complain
3285 + Enable GSSAPI support (LP: #495418):
3286 - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
3287 - Add --with-gssapi support
3288 - Make guess_service_principal() more robust when determining
3289 principal
3290 - debian/patches/series: apply gssapi.diff patch.
3291 - debian/configure.options: Configure with --with-gssapi
3292 - debian/control: Added libkrb5-dev as a build depend
3293 + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
3294 in the openldap library, as required by Likewise-Open (LP: #390579)
3295 + Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
3296 - debian/control:
3297 - remove build-dependency on heimdal-dev.
3298 - remove slapd-smbk5pwd binary package.
3299 - debian/rules: don't build smbk5pwd slapd module.
3300 + debian/{control,rules}: enable PIE hardening
3301 + ufw support (LP: #423246):
3302 - debian/control: suggest ufw.
3303 - debian/rules: install ufw profile.
3304 - debian/slapd.ufw.profile: add ufw profile.
3305 + Enable nssoverlay:
3306 - debian/patches/nssov-build, debian/series, debian/rules:
3307 Apply, build and package the nss overlay.
3308 - debian/schema/extra/misc.ldif: add ldif file for the misc schema
3309 which defines rfc822MailMember (required by the nss overlay).
3310 + debian/rules, debian/schema/extra/:
3311 Fix configure rule to supports extra schemas shipped as part
3312 of the debian/schema/ directory.
3313 + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
3314 + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
3315 neither the default DIT nor via an Authn mapping.
3316 + debian/slapd.scripts-common: adjust minimum version that triggers a
3317 database upgrade. Upgrade from maverick shouldn't trigger database
3318 upgrade (which would happen with the version used in Debian).
3319 + debian/slapd.scripts-common: add slapcat_opts to local variables.
3320 Remove unused variable new_conf.
3321 + debian/slapd.script-common: Fix package reconfiguration.
3322 - Fix backup directory naming for multiple reconfiguration.
3323 + debian/slapd.default, debian/slapd.README.Debian:
3324 use the new configuration style.
3325 + Install nss overlay (LP: #675391):
3326 - debian/rules: run install target for nssov module.
3327 - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema
3328 + debian/patches/gssapi.diff:
3329 - Update patch so that likewise-open is usuable again. (LP: #661547)
3330 + debian/patches/service-operational-before-detach: New patch replacing old one
3331 of the same name as previous could cause database corruption based on upstream commits.
3332 (LP: #727973)
3333 + Dropped:
3334 - debian/patches/gold: Use the debian version instead
3335 - debian/patches/CVE-2011-1024: Fixed upstream
3336 - debian/patches/CVE-2011-1025: Fixed upstream
3337 - debian/patches/CVE-2011-1081: Fixed upstream
3338
3339 -- Chuck Short <zulcss@ubuntu.com> Sun, 08 May 2011 16:34:09 +0100
3340
1165openldap (2.4.25-1) unstable; urgency=low3341openldap (2.4.25-1) unstable; urgency=low
11663342
1167 * New upstream version (Closes: #617606, #618904, #606815, #608813)3343 * New upstream version (Closes: #617606, #618904, #606815, #608813)
@@ -1193,6 +3369,116 @@ openldap (2.4.23-7) unstable; urgency=low
11933369
1194 -- Matthijs Mohlmann <matthijs@cacholong.nl> Sat, 06 Nov 2010 12:13:01 +01003370 -- Matthijs Mohlmann <matthijs@cacholong.nl> Sat, 06 Nov 2010 12:13:01 +0100
11953371
3372openldap (2.4.23-6ubuntu7) oneiric; urgency=low
3373
3374 * Rebuild for Perl 5.12.
3375
3376 -- Colin Watson <cjwatson@ubuntu.com> Sun, 08 May 2011 13:40:28 +0100
3377
3378openldap (2.4.23-6ubuntu6) natty; urgency=low
3379
3380 * SECURITY UPDATE: fix successful anonymous bind via chain overlay when
3381 using forwarded authentication failures
3382 - debian/patches/CVE-2011-1024
3383 - CVE-2011-1024
3384 * SECURITY UPDATE: verify password when authenticating to rootdn and using ndb
3385 backend. Note: Ubuntu is not compiled with --enable-ndb by default
3386 - debian/patches/CVE-2011-1025
3387 - CVE-2011-1025
3388 * SECURITY UPDATE: fix DoS when processing unauthenticated modrdn requests
3389 and requestDN is empty
3390 - debian/patches/CVE-2011-1081
3391 - CVE-2011-1081
3392 - LP: #742104
3393
3394 -- Jamie Strandboge <jamie@ubuntu.com> Thu, 07 Apr 2011 11:36:53 -0500
3395
3396openldap (2.4.23-6ubuntu5) natty; urgency=low
3397
3398 * debian/patches/service-operational-before-detach: New patch replacing
3399 old one of same name as previous could cause database corruption,
3400 based on upstream commits. (LP: #727973)
3401
3402 -- Dave Walker (Daviey) <DaveWalker@ubuntu.com> Wed, 02 Mar 2011 20:33:08 +0000
3403
3404openldap (2.4.23-6ubuntu4) natty; urgency=low
3405
3406 * Fix FTBFS with ld.gold.
3407
3408 -- Matthias Klose <doko@ubuntu.com> Wed, 19 Jan 2011 07:39:49 +0100
3409
3410openldap (2.4.23-6ubuntu3) natty; urgency=low
3411
3412 * debian/patches/gssapi.diff:
3413 Update patch so that likewise-open is usable again (LP: #661547)
3414
3415 -- Thierry Carrez (ttx) <thierry.carrez@ubuntu.com> Fri, 26 Nov 2010 15:50:11 +0100
3416
3417openldap (2.4.23-6ubuntu2) natty; urgency=low
3418
3419 * Install nss overlay (LP: #675391):
3420 - debian/rules: run install target for nssov module.
3421 - debian/patches/nssov-build: fix patch to install schema in
3422 /etc/ldap/schema.
3423
3424 -- Mathias Gug <mathiaz@ubuntu.com> Wed, 17 Nov 2010 18:16:42 -0500
3425
3426openldap (2.4.23-6ubuntu1) natty; urgency=low
3427
3428 * Merge from Debian unstable:
3429 - Install a default DIT (LP: #442498).
3430 - Document cn=config in README file (LP: #370784).
3431 - remaining changes:
3432 + AppArmor support:
3433 - debian/apparmor-profile: add AppArmor profile
3434 - use dh_apparmor:
3435 - debian/rules: use dh_apparmor
3436 - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
3437 - updated debian/slapd.README.Debian for note on AppArmor
3438 - debian/slapd.dirs: add etc/apparmor.d/force-complain
3439 + Enable GSSAPI support (LP: #495418):
3440 - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
3441 - Add --with-gssapi support
3442 - Make guess_service_principal() more robust when determining
3443 principal
3444 - debian/patches/series: apply gssapi.diff patch.
3445 - debian/configure.options: Configure with --with-gssapi
3446 - debian/control: Added libkrb5-dev as a build depend
3447 + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
3448 in the openldap library, as required by Likewise-Open (LP: #390579)
3449 + Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
3450 - debian/control:
3451 - remove build-dependency on heimdal-dev.
3452 - remove slapd-smbk5pwd binary package.
3453 - debian/rules: don't build smbk5pwd slapd module.
3454 + debian/{control,rules}: enable PIE hardening
3455 + ufw support (LP: #423246):
3456 - debian/control: suggest ufw.
3457 - debian/rules: install ufw profile.
3458 - debian/slapd.ufw.profile: add ufw profile.
3459 + Enable nssoverlay:
3460 - debian/patches/nssov-build, debian/series, debian/rules:
3461 Apply, build and package the nss overlay.
3462 - debian/schema/extra/misc.ldif: add ldif file for the misc schema
3463 which defines rfc822MailMember (required by the nss overlay).
3464 + debian/rules, debian/schema/extra/:
3465 Fix configure rule to supports extra schemas shipped as part
3466 of the debian/schema/ directory.
3467 + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
3468 + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
3469 neither the default DIT nor via an Authn mapping.
3470 + debian/slapd.scripts-common: adjust minimum version that triggers a
3471 database upgrade. Upgrade from maverick shouldn't trigger database
3472 upgrade (which would happen with the version used in Debian).
3473 + debian/slapd.scripts-common: add slapcat_opts to local variables.
3474 Remove unused variable new_conf.
3475 + debian/slapd.script-common: Fix package reconfiguration.
3476 - Fix backup directory naming for multiple reconfiguration.
3477 + debian/slapd.default, debian/slapd.README.Debian:
3478 use the new configuration style.
3479
3480 -- Mathias Gug <mathiaz@ubuntu.com> Fri, 12 Nov 2010 15:19:07 -0500
3481
1196openldap (2.4.23-6) unstable; urgency=high3482openldap (2.4.23-6) unstable; urgency=high
11973483
1198 * Check for an empty directory to prevent an rm -f /*. (Closes: #597704)3484 * Check for an empty directory to prevent an rm -f /*. (Closes: #597704)
@@ -1315,6 +3601,80 @@ openldap (2.4.23-1) unstable; urgency=low
13153601
1316 -- Matthijs Mohlmann <matthijs@cacholong.nl> Mon, 12 Jul 2010 13:25:00 +02003602 -- Matthijs Mohlmann <matthijs@cacholong.nl> Mon, 12 Jul 2010 13:25:00 +0200
13173603
3604openldap (2.4.23-0ubuntu4) natty; urgency=low
3605
3606 * debian/slapd.templates: amended typo in slapd/move_old_database
3607 (LP: #666028)
3608
3609 -- James Page <james.page@canonical.com> Mon, 08 Nov 2010 10:00:58 +0000
3610
3611openldap (2.4.23-0ubuntu3.2) maverick-proposed; urgency=low
3612
3613 * debian/slapd.templates: re-add slapd/move_old_database template as it's
3614 used during the package upgrade. Thanks to James Page for pointing it.
3615 * debian/slapd.config: restore debconf question slapd/move_old_database.
3616
3617 -- Mathias Gug <mathiaz@ubuntu.com> Thu, 14 Oct 2010 16:56:38 -0400
3618
3619openldap (2.4.23-0ubuntu3.1) maverick-proposed; urgency=low
3620
3621 [ James Page ]
3622 * Fixed install/upgrade process to dump/restore databases due
3623 to uplift to libdb4.8-dev (LP: #658227)
3624
3625 -- Mathias Gug <mathiaz@ubuntu.com> Thu, 14 Oct 2010 14:50:49 -0400
3626
3627openldap (2.4.23-0ubuntu3) maverick; urgency=low
3628
3629 * debian/rules: move dh_apparmor before dh_installinit
3630
3631 -- Jamie Strandboge <jamie@ubuntu.com> Fri, 06 Aug 2010 17:34:21 -0500
3632
3633openldap (2.4.23-0ubuntu2) maverick; urgency=low
3634
3635 * convert to using dh_apparmor:
3636 - debian/rules, debian/slapd.post{inst,rm}: use dh_apparmor
3637 - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
3638 * debian/apparmor-profile: use local include
3639
3640 -- Jamie Strandboge <jamie@ubuntu.com> Fri, 06 Aug 2010 15:08:55 -0500
3641
3642openldap (2.4.23-0ubuntu1) maverick; urgency=low
3643
3644 * New release, features include:
3645 + Fixed libldap to return server's error code (ITS#6569)
3646 + Fixed libldap memleaks (ITS#6568)
3647 + Fixed liblutil off-by-one with delta (ITS#6541)
3648 + Fixed slapd acls with glued databases (ITS#6468)
3649 + Fixed slapd syncrepl rid logging (ITS#6533)
3650 + Fixed slapd modrdn handling of invalid values (ITS#6570)
3651 + Fixed slapd-bdb hasSubordinates computation (ITS#6549)
3652 + Fixed slapd-bdb to use memcpy instead for strcpy (ITS#6474)
3653 + Fixed slapd-bdb entry cache delete failure (ITS#6577)
3654 + Fixed slapd-ldap to return control responses (ITS#6530)
3655 + Fixed slapo-ppolicy to use Debug (ITS#6566)
3656 + Fixed slapo-refint to zero out freed DN vals (ITS#6572)
3657 + Fixed slapo-rwm to use Debug (ITS#6566)
3658 + Fixed slapo-sssvlv to use Debug (ITS#6566)
3659 + Fixed slapo-syncprov lost deletes in refresh phase (ITS#6555)
3660 + Fixed slapo-valsort to use Debug (ITS#6566)
3661 + Fixed contrib/nssov network.c missing patch (ITS#6562)
3662 + Fixed test043 attribute sorting (ITS#6553)
3663 + slapd-config(5) note default rootdn (ITS#6546)
3664 * Rebased patches debian/patches/dropped nssov-build
3665 * Resynchronize with Debian:
3666 + debian/control:
3667 - Bump standards-version to 3.9.0
3668 - Use libdb4.8-dev (LP: #572489)
3669 + Added debian/patches/issue-6534-patch
3670 + Added debian/patches/ldap-conf-tls-cacertdir
3671 * Add ufw support, thanks to PatRiehecky (LP: #423246)
3672
3673 [Adam Sommer]
3674 * debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
3675
3676 -- Chuck Short <zulcss@ubuntu.com> Wed, 28 Jul 2010 11:35:16 -0400
3677
1318openldap (2.4.21-1) unstable; urgency=low3678openldap (2.4.21-1) unstable; urgency=low
13193679
1320 [ Steve Langasek ]3680 [ Steve Langasek ]
@@ -1346,6 +3706,79 @@ openldap (2.4.21-1) unstable; urgency=low
13463706
1347 -- Matthijs Mohlmann <matthijs@cacholong.nl> Thu, 22 Apr 2010 23:40:30 +02003707 -- Matthijs Mohlmann <matthijs@cacholong.nl> Thu, 22 Apr 2010 23:40:30 +0200
13483708
3709openldap (2.4.21-0ubuntu5) lucid; urgency=low
3710
3711 * Fix local root connection access: replace olcAuthzRegexp mapping to
3712 cn=localroot,cn=config with using the SASL dn directly in olcAccess.
3713 Makes upgrades much simpler and robust (LP: #563829).
3714
3715 -- Mathias Gug <mathiaz@ubuntu.com> Fri, 23 Apr 2010 00:23:31 -0400
3716
3717openldap (2.4.21-0ubuntu4) lucid; urgency=low
3718
3719 [ Simon Olofsson ]
3720 * debian/slapd.postinst:
3721 - Show a message after successful migration (LP: #538848)
3722
3723 [ Jorgen Rosink ]
3724 * debian/slapd.init: add simple status checking with LSB compatible exit
3725 codes (LP: #562377)
3726 * debian/slapd.init.ldif:
3727 - remove admin user in default config database (LP: #556176)
3728 - in default config, add olcAccess entries giving access to controls
3729 available and cn=subschema (LP: #427842)
3730
3731 [ Scott Moser ]
3732 * debian/slapd.scripts-common: Do not create /nonexistent directory
3733 for openldap user's home (LP: #556176)
3734 * debian/slapd.postinst: fix cn=config olcAccess migration (LP: #559070)
3735
3736 -- Scott Moser <smoser@ubuntu.com> Mon, 12 Apr 2010 16:16:47 -0400
3737
3738openldap (2.4.21-0ubuntu3) lucid; urgency=low
3739
3740 * debian/slapd.postinst, debian/slapd.scripts-common: Upgrade databases
3741 before trying to convert to slapd.d, to avoid upgrade failure from hardy
3742 (LP: #536958)
3743 * debian/slapd.postinst: Add a {1} numeric index to olcAccess entry in
3744 olcDatabase={0}config.ldif to avoid upgrade failures (LP: #538516, #526230)
3745
3746 -- Thierry Carrez <thierry.carrez@ubuntu.com> Mon, 29 Mar 2010 13:31:47 +0200
3747
3748openldap (2.4.21-0ubuntu2) lucid; urgency=low
3749
3750 * debian/apparmor-profile: Update apparmor profile. (LP: #508190)
3751
3752 -- Chuck Short <zulcss@ubuntu.com> Tue, 09 Mar 2010 13:33:35 -0500
3753
3754openldap (2.4.21-0ubuntu1) lucid; urgency=low
3755
3756 * New upstream release.
3757 * debian/rules, debian/schema/extra/:
3758 Fix get-orig-source rule to supports extra schemas shipped as part of the
3759 debian/schema/ directory.
3760
3761 -- Mathias Gug <mathiaz@ubuntu.com> Thu, 18 Feb 2010 00:58:13 -0500
3762
3763openldap (2.4.18-0ubuntu2) lucid; urgency=low
3764
3765 * debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
3766 - Add --with-gssapi support
3767 - Make guess_service_principal() more robust when determining principal
3768 * Enable GSSAPI support (LP: #495418):
3769 - debian/configure.options: Configure with --with-gssapi
3770 - debian/control: Added libkrb5-dev as a build depend
3771
3772 -- Thierry Carrez <thierry.carrez@ubuntu.com> Fri, 11 Dec 2009 11:31:11 +0100
3773
3774openldap (2.4.18-0ubuntu1) karmic; urgency=low
3775
3776 * New upstream release: (LP: #419515):
3777 + pcache overlay supports disconnected mode.
3778 * Fix nss overlay load (LP: #417163).
3779
3780 -- Mathias Gug <mathiaz@ubuntu.com> Mon, 07 Sep 2009 13:41:10 -0400
3781
1349openldap (2.4.17-2.1) unstable; urgency=high3782openldap (2.4.17-2.1) unstable; urgency=high
13503783
1351 * Non-maintainer upload by the Security Team.3784 * Non-maintainer upload by the Security Team.
@@ -1372,6 +3805,108 @@ openldap (2.4.17-2) unstable; urgency=low
13723805
1373 -- Steve Langasek <vorlon@debian.org> Tue, 22 Sep 2009 20:06:34 -07003806 -- Steve Langasek <vorlon@debian.org> Tue, 22 Sep 2009 20:06:34 -0700
13743807
3808openldap (2.4.17-1ubuntu3) karmic; urgency=low
3809
3810 * Install a minimal slapd configuration instead of creating a default
3811 database with a default DIT:
3812 + Move openldap user home from /var/lib/ldap to /nonexistent.
3813 + Remove all code and templates dealing with the default database and DIT
3814 creation.
3815 + Add an Authz map from root user (UID=0) to cn=localroot,cn=config and
3816 grant all access to the latter in the cn=config database as well as the
3817 default backend configuration.
3818 * Add cn=localroot,cn=config authz mapping on upgrades.
3819
3820 -- Mathias Gug <mathiaz@ubuntu.com> Tue, 11 Aug 2009 14:48:56 -0400
3821
3822openldap (2.4.17-1ubuntu2) karmic; urgency=low
3823
3824 [ Thierry Carrez ]
3825 * debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
3826 in the openldap library, as required by Likewise-Open (LP: #390579)
3827
3828 [ Mathias Gug ]
3829 * debian/patches/its6077-uniqueness-overlay: fixes some issues with the
3830 uniqueness overlay.
3831 * debian/patches/its6220-writetimeout-directive: fixes a problem with the
3832 writetimeout directive being in effect even if it wasn't set,
3833 closing connections incorrectly.
3834 * debian/patches/its6222-dncachesize-parameter: fixes the behavior of the
3835 dncachesize parameter that was added in RE24, so that if it is set to
3836 "0" (now the default), it has an unlimited DN cache (RE23 always
3837 had an unlimited DN cache).
3838
3839 -- Mathias Gug <mathiaz@ubuntu.com> Fri, 31 Jul 2009 13:43:46 -0400
3840
3841openldap (2.4.17-1ubuntu1) karmic; urgency=low
3842
3843 [ Steve Langasek ]
3844 * Fix up the lintian warnings:
3845 - add missing misc-depends on all packages
3846 - slapd, libldap-2.4-2-dbg sections changed to 'debug' to match archive
3847 overrides
3848 - bump Standards-Version to 3.8.2, no changes required.
3849
3850 [ Mathias Gug ]
3851 * Resynchronise with Debian. Remaining changes:
3852 - AppArmor support:
3853 - debian/apparmor-profile: add AppArmor profile
3854 - updated debian/slapd.README.Debian for note on AppArmor
3855 - debian/slapd.dirs: add etc/apparmor.d/force-complain
3856 - debian/slapd.postrm: remove symlink in force-complain/ on purge
3857 - debian/rules: install apparmor profile.
3858 - Don't use local statement in config script as it fails if /bin/sh
3859 points to bash.
3860 - debian/slapd.postinst, debian/slapd.script-common: set correct
3861 ownership and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group
3862 readable) and /var/run/slapd (world readable).
3863 - Enable nssoverlay:
3864 - debian/patches/nssov-build, debian/rules: Build and package the nss
3865 overlay.
3866 - debian/schema/misc.ldif: add ldif file for the misc schema which
3867 defines rfc822MailMember (required by the nss overlay).
3868 - debian/{control,rules}: enable PIE hardening
3869 - Use cn=config as the default configuration backend instead of
3870 slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade
3871 asking the end user to enter a new password to control the access to
3872 the cn=config tree.
3873 - debian/slapd.postinst: create /var/run/slapd before updating its
3874 permissions.
3875 - debian/slapd.init: Correctly set slapd config backend option even if
3876 the pidfile is configured in slapd default file.
3877 * Dropped:
3878 - Merged in Debian:
3879 - Update priority of libldap-2.4-2 to match the archive override.
3880 - Add the missing ldapexop and ldapurl tools to ldap-utils, as well as
3881 the ldapurl(1) manpage.
3882 - Bump build-dependency on debhelper to 6 instead of 5, since that's
3883 what we're using.
3884 - Set the default SLAPD_SERVICES to ldap:/// ldapi:///, instead of using
3885 the built-in default of ldap:/// only.
3886 - Fixed in upstream release:
3887 - debian/patches/fix-ldap_back_entry_get_rwa.patch: fix test-0034
3888 failure when built with PIE.
3889 - debian/patches/gnutls-enable-v1-ca-certs: Enable V1 CA certs to be
3890 trusted.
3891 - Update Apparmor profile support: don't support upgrade from pre-hardy
3892 systems:
3893 - debian/slapd.postinst: Reload AA profile on configuration
3894 - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
3895 - debian/control: Conflicts with apparmor-profiles <<
3896 2.1+1075-0ubuntu4 to make sure that if earlier version of
3897 apparmor-profiles gets installed it won't overwrite our profile.
3898 - follow ApparmorProfileMigration and force apparmor complain mode on
3899 some upgrades
3900 - debian/slapd.preinst: create symlink for force-complain on
3901 pre-feisty upgrades, upgrades where apparmor-profiles profile is
3902 unchanged (ie non-enforcing) and upgrades where apparmor profile
3903 does not exist.
3904 - debian/patches/autogen.sh: no longer needed with karmic libtool.
3905 - Call libtoolize with the --install option to install
3906 config.{guess,sub} files.
3907
3908 -- Mathias Gug <mathiaz@ubuntu.com> Thu, 30 Jul 2009 16:42:58 -0400
3909
1375openldap (2.4.17-1) unstable; urgency=low3910openldap (2.4.17-1) unstable; urgency=low
13763911
1377 * New upstream version.3912 * New upstream version.
@@ -1394,6 +3929,153 @@ openldap (2.4.17-1) unstable; urgency=low
13943929
1395 -- Steve Langasek <vorlon@debian.org> Tue, 28 Jul 2009 10:17:15 -07003930 -- Steve Langasek <vorlon@debian.org> Tue, 28 Jul 2009 10:17:15 -0700
13963931
3932openldap (2.4.15-1.1ubuntu1) karmic; urgency=low
3933
3934 * Resynchronise with Debian. Remaining changes:
3935 - AppArmor support:
3936 - debian/apparmor-profile: add AppArmor profile
3937 - debian/slapd.postinst: Reload AA profile on configuration
3938 - updated debian/slapd.README.Debian for note on AppArmor
3939 - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
3940 - debian/control: Conflicts with apparmor-profiles <<
3941 2.1+1075-0ubuntu4 to make sure that if earlier version of
3942 apparmor-profiles gets installed it won't overwrite our profile.
3943 - follow ApparmorProfileMigration and force apparmor complain mode on
3944 some upgrades
3945 - debian/slapd.dirs: add etc/apparmor.d/force-complain
3946 - debian/slapd.preinst: create symlink for force-complain on
3947 pre-feisty upgrades, upgrades where apparmor-profiles profile is
3948 unchanged (ie non-enforcing) and upgrades where apparmor profile
3949 does not exist.
3950 - debian/slapd.postrm: remove symlink in force-complain/ on purge
3951 - debian/patches/autogen.sh:
3952 - Call libtoolize with the --install option to install
3953 config.{guess,sub} files.
3954 - Don't use local statement in config script as it fails if /bin/sh
3955 points to bash.
3956 - debian/slapd.postinst, debian/slapd.script-common: set correct
3957 ownership and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group
3958 readable) and /var/run/slapd (world readable).
3959 - Enable nssoverlay:
3960 - debian/patches/nssov-build, debian/rules: Build and package the nss
3961 overlay.
3962 - debian/schema/misc.ldif: add ldif file for the misc schema which
3963 defines rfc822MailMember (required by the nss overlay).
3964 - debian/{control,rules}: enable PIE hardening
3965 - Use cn=config as the default configuration backend instead of
3966 slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade
3967 asking the end user to enter a new password to control the access to
3968 the cn=config tree.
3969 - Update priority of libldap-2.4-2 to match the archive override.
3970 - Add the missing ldapexop and ldapurl tools to ldap-utils, as well as
3971 the ldapurl(1) manpage.
3972 - Bump build-dependency on debhelper to 6 instead of 5, since that's
3973 what we're using.
3974 - Set the default SLAPD_SERVICES to ldap:/// ldapi:///, instead of using
3975 the built-in default of ldap:/// only.
3976 - debian/patches/fix-ldap_back_entry_get_rwa.patch: fix test-0034
3977 failure when built with PIE.
3978 - debian/patches/gnutls-enable-v1-ca-certs: Enable V1 CA certs to be
3979 trusted.
3980 - debian/slapd.postinst: create /var/run/slapd before updating its
3981 permissions.
3982 - debian/slapd.init: Correctly set slapd config backend option even if
3983 the pidfile is configured in slapd default file.
3984 * Drop patch to avoid the test suite on hppa, as hppa is EOL.
3985
3986 -- Colin Watson <cjwatson@ubuntu.com> Wed, 24 Jun 2009 10:45:20 +0100
3987
3988openldap (2.4.15-1.1) unstable; urgency=low
3989
3990 * Non-maintainer upload.
3991 * Change libltdl3-dev Build-Depends to libltdl-dev | libltdl3-dev
3992 (Closes: #522965)
3993
3994 -- Kurt Roeckx <kurt@roeckx.be> Sun, 19 Apr 2009 18:24:32 +0200
3995
3996openldap (2.4.15-1ubuntu3) jaunty; urgency=low
3997
3998 * No-change rebuild to fix lpia shared library dependencies.
3999
4000 -- Colin Watson <cjwatson@ubuntu.com> Thu, 19 Mar 2009 09:52:40 +0000
4001
4002openldap (2.4.15-1ubuntu2) jaunty; urgency=low
4003
4004 * debian/slapd.postinst: create /var/run/slapd before updating its
4005 permissions (LP: #298928).
4006 * debian/slapd.init: Correclty set slapd config backend option even if the
4007 pidfile is configured in slapd default file (LP: #292364).
4008 * debian/apparmor-profile: support multiple databases to be stored under
4009 /var/lib/ldap/. (LP: #286614).
4010
4011 -- Mathias Gug <mathiaz@ubuntu.com> Fri, 13 Mar 2009 13:56:12 -0400
4012
4013openldap (2.4.15-1ubuntu1) jaunty; urgency=low
4014
4015 [ Steve Langasek ]
4016 * Update priority of libldap-2.4-2 to match the archive override.
4017 * Add the missing ldapexop and ldapurl tools to ldap-utils, as well as the
4018 ldapurl(1) manpage. Thanks to Peter Marschall for the patch.
4019 Closes: #496749.
4020 * Bump build-dependency on debhelper to 6 instead of 5, since that's
4021 what we're using. Closes: #498116.
4022 * Set the default SLAPD_SERVICES to ldap:/// ldapi:///, instead of using
4023 the built-in default of ldap:/// only.
4024
4025 [ Mathias Gug ]
4026 * Merge from debian unstable, remaining changes:
4027 - Modify Maintainer value to match the DebianMaintainerField
4028 speficication.
4029 - AppArmor support:
4030 - debian/apparmor-profile: add AppArmor profile
4031 - debian/slapd.postinst: Reload AA profile on configuration
4032 - updated debian/slapd.README.Debian for note on AppArmor
4033 - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
4034 - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
4035 to make sure that if earlier version of apparmour-profiles gets
4036 installed it won't overwrite our profile.
4037 - follow ApparmorProfileMigration and force apparmor compalin mode on
4038 some upgrades (LP: #203529)
4039 - debian/slapd.dirs: add etc/apparmor.d/force-complain
4040 - debian/slapd.preinst: create symlink for force-complain on pre-feisty
4041 upgrades, upgrades where apparmor-profiles profile is unchanged (ie
4042 non-enforcing) and upgrades where apparmor profile does not exist.
4043 - debian/slapd.postrm: remove symlink in force-complain/ on purge
4044 - debian/control:
4045 - Build-depend on libltdl7-dev rather then libltdl3-dev.
4046 - debian/patches/autogen.sh:
4047 - Call libtoolize with the --install option to install config.{guess,sub}
4048 files.
4049 - Don't use local statement in config script as it fails if /bin/sh
4050 points to bash (LP: #286063).
4051 - Disable the testsuite on hppa. Allows building of packages on this
4052 architecture again, once this package is in the archive.
4053 LP: #288908.
4054 - debian/slapd.postinst, debian/slapd.script-common: set correct ownership
4055 and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group readable) and
4056 /var/run/slapd (world readable). (LP: #257667).
4057 - Enable nssoverlay:
4058 - debian/patches/nssov-build, debian/rules: Build and package
4059 the nss overlay.
4060 - debian/schema/misc.ldif: add ldif file for the misc schema
4061 which defines rfc822MailMember (required by the nss overlay).
4062 - debian/{control,rules}: enable PIE hardening
4063 - Use cn=config as the default configuration backend instead of
4064 slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade
4065 asking the end user to enter a new password to control the access to the
4066 cn=config tree.
4067 * Dropped:
4068 - debian/patches/corrupt-contextCSN: The contextCSN can get corrupted at
4069 times. (ITS: #5947) Fixed in new upstream version 2.4.15.
4070 - debian/patches/fix-ucred-libc due to changes how newer glibc handle
4071 the ucred struct now. Implemented in Debian.
4072 * debian/patches/fix-ldap_back_entry_get_rwa.patch: fix test-0034 failure
4073 when built with PIE.
4074 * debian/patches/gnutls-enable-v1-ca-certs: Enable V1 CA certs to be
4075 trusted (LP: #305264).
4076
4077 -- Mathias Gug <mathiaz@ubuntu.com> Fri, 06 Mar 2009 17:34:21 -0500
4078
1397openldap (2.4.15-1) unstable; urgency=low4079openldap (2.4.15-1) unstable; urgency=low
13984080
1399 * New upstream version4081 * New upstream version
@@ -1411,6 +4093,69 @@ openldap (2.4.15-1) unstable; urgency=low
14114093
1412 -- Steve Langasek <vorlon@debian.org> Tue, 24 Feb 2009 14:27:35 -08004094 -- Steve Langasek <vorlon@debian.org> Tue, 24 Feb 2009 14:27:35 -0800
14134095
4096openldap (2.4.14-0ubuntu1) jaunty; urgency=low
4097
4098 [ Steve Langasek ]
4099 * New upstream version
4100 - Fixes a bug with the pcache overlay not returning cached entries
4101 (closes: #497697)
4102 - Update evolution-ntlm patch to apply to current Makefiles.
4103 - (tentatively) drop gnutls-ciphers, since this bug was reported to be
4104 fixed upstream in 2.4.8. The fix applied in 2.4.8 didn't match the
4105 patch from the bug report, so this should be watched for regressions.
4106 * Build against db4.7 instead of db4.2 at last! Closes: #421946.
4107 * Build with --disable-ndb, to avoid a misbuild when libmysqlclient is
4108 installed in the build environment.
4109 * New patch, no-crlcheck-for-gnutls, to fix a build failure when using
4110 --with-tls=gnutls.
4111
4112 [ Mathias Gug ]
4113 * Merge from debian unstable, remaining changes:
4114 - debian/apparmor-profile: add AppArmor profile
4115 - debian/slapd.postinst: Reload AA profile on configuration
4116 - updated debian/slapd.README.Debian for note on AppArmor
4117 - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
4118 - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
4119 to make sure that if earlier version of apparmour-profiles gets
4120 installed it won't overwrite our profile.
4121 - Modify Maintainer value to match the DebianMaintainerField
4122 speficication.
4123 - follow ApparmorProfileMigration and force apparmor compalin mode on
4124 some upgrades (LP: #203529)
4125 - debian/slapd.dirs: add etc/apparmor.d/force-complain
4126 - debian/slapd.preinst: create symlink for force-complain on pre-feisty
4127 upgrades, upgrades where apparmor-profiles profile is unchanged (ie
4128 non-enforcing) and upgrades where apparmor profile does not exist.
4129 - debian/slapd.postrm: remove symlink in force-complain/ on purge
4130 - debian/patches/fix-ucred-libc due to changes how newer glibc handle
4131 the ucred struct now.
4132 - debian/control:
4133 - Build-depend on libltdl7-dev rather then libltdl3-dev.
4134 - debian/patches/autogen.sh:
4135 - Call libtoolize with the --install option to install config.{guess,sub}
4136 files.
4137 - Don't use local statement in config script as it fails if /bin/sh
4138 points to bash (LP: #286063).
4139 - Disable the testsuite on hppa. Allows building of packages on this
4140 architecture again, once this package is in the archive.
4141 LP: #288908.
4142 - debian/slapd.postinst, debian/slapd.script-common: set correct ownership
4143 and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group readable) and
4144 /var/run/slapd (world readable). (LP: #257667).
4145 - debian/patches/nssov-build, debian/rules:
4146 Build and package the nss overlay.
4147 debian/schema/misc.ldif: add ldif file for the misc schema, which defines
4148 rfc822MailMember (required by the nss overlay).
4149 - debian/{control,rules}: enable PIE hardening
4150 - Use cn=config as the default configuration backend instead of
4151 slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade
4152 asking the end user to enter a new password to control the access to the
4153 cn=config tree.
4154 * debian/patches/corrupt-contextCSN: The contextCSN can get corrupted at
4155 times. (ITS: #5947)
4156
4157 -- Mathias Gug <mathiaz@ubuntu.com> Wed, 18 Feb 2009 18:44:00 -0500
4158
1414openldap (2.4.11-1) unstable; urgency=low4159openldap (2.4.11-1) unstable; urgency=low
14154160
1416 * New upstream version (closes: #499560).4161 * New upstream version (closes: #499560).
@@ -1433,6 +4178,110 @@ openldap (2.4.11-1) unstable; urgency=low
14334178
1434 -- Steve Langasek <vorlon@debian.org> Sat, 11 Oct 2008 01:53:55 -07004179 -- Steve Langasek <vorlon@debian.org> Sat, 11 Oct 2008 01:53:55 -0700
14354180
4181openldap (2.4.11-0ubuntu7) jaunty; urgency=low
4182
4183 * Don't use local statement in config script as it fails if /bin/sh
4184 points to bash (LP: #286063).
4185
4186 -- Mathias Gug <mathiaz@ubuntu.com> Tue, 04 Nov 2008 20:03:46 -0500
4187
4188openldap (2.4.11-0ubuntu6) intrepid; urgency=low
4189
4190 * Disable the testsuite on hppa. Allows building of packages on this
4191 architecture again, once this package is in the archive.
4192 LP: #288908.
4193
4194 -- Matthias Klose <doko@ubuntu.com> Fri, 24 Oct 2008 23:22:33 +0200
4195
4196openldap (2.4.11-0ubuntu5) intrepid; urgency=low
4197
4198 * Don't set admin passwords in ldif files if adminpw is empty.
4199 (LP: #273988 - LP: #276606).
4200
4201 -- Mathias Gug <mathiaz@ubuntu.com> Mon, 13 Oct 2008 19:31:15 -0400
4202
4203openldap (2.4.11-0ubuntu4) intrepid; urgency=low
4204
4205 * debian/slapd.postinst, debian/slapd.script-common: set correct ownership
4206 and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group readable) and
4207 /var/run/slapd (world readable). (LP: #257667).
4208 * debian/slapd.script-common:
4209 - Fix package reconfiguration:
4210 + Remove slapd.d/ directory if it already exists when creating a new
4211 configuration.
4212 + Fix backup directory naming for multiple reconfiguration.
4213
4214 -- Mathias Gug <mathiaz@ubuntu.com> Wed, 24 Sep 2008 21:01:42 -0400
4215
4216openldap (2.4.11-0ubuntu3) intrepid; urgency=low
4217
4218 * debian/patches/nssov-build, debian/rules:
4219 Build and package the nss overlay.
4220 * debian/schema/misc.ldif: add ldif file for the misc schema, which defines
4221 rfc822MailMember (required by the nss overlay).
4222
4223 -- Mathias Gug <mathiaz@ubuntu.com> Tue, 26 Aug 2008 18:42:54 -0400
4224
4225openldap (2.4.11-0ubuntu2) intrepid; urgency=low
4226
4227 * debian/{control,rules}: enable PIE hardening
4228
4229 -- Kees Cook <kees@ubuntu.com> Wed, 20 Aug 2008 15:47:01 -0700
4230
4231openldap (2.4.11-0ubuntu1) intrepid; urgency=low
4232
4233 * New upstream version:
4234 - Mainly bug fixes.
4235 - New nss slapd overlay (not compiled by default).
4236 * Use cn=config as the default configuration backend instead of
4237 slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade
4238 asking the end user to enter a new password to control the access to the
4239 cn=config tree.
4240
4241 -- Mathias Gug <mathiaz@ubuntu.com> Mon, 11 Aug 2008 20:26:05 -0400
4242
4243openldap (2.4.10-3ubuntu1) intrepid; urgency=low
4244
4245 [ Mathias Gug ]
4246 * Merge from debian unstable, remaining changes:
4247 - debian/apparmor-profile: add AppArmor profile
4248 - debian/slapd.postinst: Reload AA profile on configuration
4249 - updated debian/slapd.README.Debian for note on AppArmor
4250 - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
4251 - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
4252 to make sure that if earlier version of apparmour-profiles gets
4253 installed it won't overwrite our profile.
4254 - Modify Maintainer value to match the DebianMaintainerField
4255 speficication.
4256 - follow ApparmorProfileMigration and force apparmor compalin mode on
4257 some upgrades (LP: #203529)
4258 - debian/slapd.dirs: add etc/apparmor.d/force-complain
4259 - debian/slapd.preinst: create symlink for force-complain on pre-feisty
4260 upgrades, upgrades where apparmor-profiles profile is unchanged (ie
4261 non-enforcing) and upgrades where apparmor profile does not exist.
4262 - debian/slapd.postrm: remove symlink in force-complain/ on purge
4263 - debian/patches/fix-ucred-libc due to changes how newer glibc handle
4264 the ucred struct now.
4265 - debian/patches/fix-unique-overlay-assertion.patch:
4266 Fix another assertion error in unique overlay (LP: #243337).
4267 Backport from head.
4268 * Dropped - implemented in Debian:
4269 - debian/patches/fix-gnutls-key-strength.patch:
4270 Fix slapd handling of ssf using gnutls. (LP: #244925).
4271 - debian/control:
4272 Add time as build dependency: needed by make test.
4273 * debian/control:
4274 - Build-depend on libltdl7-dev rather then libltdl3-dev.
4275 * debian/patches/autogen.sh:
4276 - Call libtoolize with the --install option to install config.{guess,sub}
4277 files.
4278
4279 [ Jamie Strandboge ]
4280 * adjust apparmor profile to allow gssapi (LP: #229252)
4281 * adjust apparmor profile to allow cnconfig (LP: #243525)
4282
4283 -- Mathias Gug <mathiaz@ubuntu.com> Wed, 30 Jul 2008 19:46:02 -0400
4284
1436openldap (2.4.10-3) unstable; urgency=low4285openldap (2.4.10-3) unstable; urgency=low
14374286
1438 [ Steve Langasek ]4287 [ Steve Langasek ]
@@ -1466,6 +4315,40 @@ openldap (2.4.10-3) unstable; urgency=low
14664315
1467 -- Steve Langasek <vorlon@debian.org> Mon, 28 Jul 2008 15:26:06 -07004316 -- Steve Langasek <vorlon@debian.org> Mon, 28 Jul 2008 15:26:06 -0700
14684317
4318openldap (2.4.10-2ubuntu1) intrepid; urgency=low
4319
4320 * Merge from debian unstable, remaining changes:
4321 - debian/apparmor-profile: add AppArmor profile
4322 - debian/slapd.postinst: Reload AA profile on configuration
4323 - updated debian/slapd.README.Debian for note on AppArmor
4324 - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
4325 - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
4326 to make sure that if earlier version of apparmour-profiles gets
4327 installed it won't overwrite our profile.
4328 - Modify Maintainer value to match the DebianMaintainerField
4329 speficication.
4330 - follow ApparmorProfileMigration and force apparmor compalin mode on
4331 some upgrades (LP: #203529)
4332 - debian/slapd.dirs: add etc/apparmor.d/force-complain
4333 - debian/slapd.preinst: create symlink for force-complain on pre-feisty
4334 upgrades, upgrades where apparmor-profiles profile is unchanged (ie
4335 non-enforcing) and upgrades where apparmor profile does not exist.
4336 - debian/slapd.postrm: remove symlink in force-complain/ on purge
4337 - debian/patches/fix-ucred-libc due to changes how newer glibc handle
4338 the ucred struct now.
4339 - debian/patches/fix-unique-overlay-assertion.patch:
4340 Fix another assertion error in unique overlay (LP: #243337).
4341 Backport from head.
4342 - debian/patches/fix-gnutls-key-strength.patch:
4343 Fix slapd handling of ssf using gnutls. (LP: #244925).
4344 - debian/control:
4345 Add time as build dependency: needed by make test.
4346 * Dropped - implemented in Debian:
4347 - debian/rules:
4348 Support debuild nocheck option: don't run tests if nocheck is set.
4349
4350 -- Mathias Gug <mathiaz@ubuntu.com> Thu, 10 Jul 2008 14:45:49 -0400
4351
1469openldap (2.4.10-2) unstable; urgency=low4352openldap (2.4.10-2) unstable; urgency=low
14704353
1471 * Support DEB_BUILD_OPTIONS=nocheck to disable running the test suite at4354 * Support DEB_BUILD_OPTIONS=nocheck to disable running the test suite at
@@ -1480,6 +4363,54 @@ openldap (2.4.10-2) unstable; urgency=low
14804363
1481 -- Steve Langasek <vorlon@debian.org> Sun, 06 Jul 2008 22:03:32 -07004364 -- Steve Langasek <vorlon@debian.org> Sun, 06 Jul 2008 22:03:32 -0700
14824365
4366openldap2.3 (2.4.10-1ubuntu1) intrepid; urgency=low
4367
4368 * Merge from debian unstable, remaining changes:
4369 - debian/apparmor-profile: add AppArmor profile
4370 - debian/slapd.postinst: Reload AA profile on configuration
4371 - updated debian/slapd.README.Debian for note on AppArmor
4372 - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
4373 - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
4374 to make sure that if earlier version of apparmour-profiles gets
4375 installed it won't overwrite our profile.
4376 - Modify Maintainer value to match the DebianMaintainerField
4377 speficication.
4378 - follow ApparmorProfileMigration and force apparmor compalin mode on
4379 some upgrades (LP: #203529)
4380 - debian/slapd.dirs: add etc/apparmor.d/force-complain
4381 - debian/slapd.preinst: create symlink for force-complain on pre-feisty
4382 upgrades, upgrades where apparmor-profiles profile is unchanged (ie
4383 non-enforcing) and upgrades where apparmor profile does not exist.
4384 - debian/slapd.postrm: remove symlink in force-complain/ on purge
4385 - debian/patches/fix-ucred-libc due to changes how newer glibc handle
4386 the ucred struct now.
4387 - debian/patches/fix-unique-overlay-assertion.patch:
4388 Fix another assertion error in unique overlay (LP: #243337).
4389 Backport from head.
4390 * debian/control:
4391 - add time as build dependency: needed by make test.
4392 * debian/rules:
4393 - support debuild nocheck option: don't run tests if nocheck is set.
4394 * debian/patches/fix-gnutls-key-strength.patch:
4395 - fix slapd handling of ssf using gnutls. (LP: #244925).
4396 * Dropped - accepted in Debian:
4397 - debian/rules, debian/slapd.links: use hard links to slapd instead of
4398 symlinks for slap* so these applications aren't confined by apparmor
4399 (LP: #203898)
4400 * Dropped - fixed in new upstream release:
4401 - debian/patches/fix-assertion-io.patch: Fixes ber_flush2 assertion.
4402 (LP: #215904)
4403 - debian/patches/fix-dnpretty-assertion.patch: Fix dnPrettyNormal assertion
4404 error. (LP: #234196)
4405 - dropped debian/patches/fix-notify-crasher.patch: Fix modify timestamp crashes.
4406 (LP: #220724)
4407 - debian/patches/fix-syncrepl-oops: Fixes segmentation fault when using
4408 syncrepl. (LP: #227178)
4409 - dropped debian/patches/SECURITY_CVE-2008-0658.patch. Already applied
4410 upstream.
4411
4412 -- Mathias Gug <mathiaz@ubuntu.com> Thu, 03 Jul 2008 14:15:08 -0400
4413
1483openldap2.3 (2.4.10-1) unstable; urgency=low4414openldap2.3 (2.4.10-1) unstable; urgency=low
14844415
1485 [ Steve Langasek ]4416 [ Steve Langasek ]
@@ -1504,6 +4435,64 @@ openldap2.3 (2.4.10-1) unstable; urgency=low
15044435
1505 -- Steve Langasek <vorlon@debian.org> Mon, 30 Jun 2008 04:28:34 -07004436 -- Steve Langasek <vorlon@debian.org> Mon, 30 Jun 2008 04:28:34 -0700
15064437
4438openldap2.3 (2.4.9-1ubuntu4) intrepid; urgency=low
4439
4440 * debian/patches/fix-unique-overlay-assertion.patch:
4441 - Fix another assertion error in unique overlay, backported from head.
4442 (LP: #243337) Note: This patch will still be needed when moved to 2.4.10
4443
4444 -- Chuck Short <zulcss@ubuntu.com> Mon, 30 Jun 2008 18:49:52 +0000
4445
4446openldap2.3 (2.4.9-1ubuntu3) intrepid; urgency=low
4447
4448 * Drop spurious dependency on hiemdal-dev. Caused by an aborted attempt to
4449 include the smbk5pwd overlay.
4450
4451 -- Chuck Short <zulcss@ubuntu.com> Wed, 11 Jun 2008 21:25:40 +0000
4452
4453openldap2.3 (2.4.9-1ubuntu2) intrepid; urgency=low
4454
4455 * Rebuild for perl 5.10 transition (LP: #230016)
4456 * debian/patches/fix-syncrepl-oops: Fixes segmentation fault when using
4457 syncrepl. (LP: #227178)
4458
4459 -- Chuck Short <zulcss@ubuntu.com> Mon, 09 Jun 2008 14:56:40 +0000
4460
4461openldap2.3 (2.4.9-1ubuntu1) intrepid; urgency=low
4462
4463 * Merge from debian unstable, remaining changes:
4464 - debian/apparmor-profile: add AppArmor profile
4465 - debian/slapd.postinst: Reload AA profile on configuration
4466 - updated debian/slapd.README.Debian for note on AppArmor
4467 - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
4468 - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
4469 to make sure that if earlier version of apparmour-profiles gets
4470 installed it won't overwrite our profile.
4471 - Modify Maintainer value to match the DebianMaintainerField
4472 speficication.
4473 - follow ApparmorProfileMigration and force apparmor compalin mode on
4474 some upgrades (LP: #203529)
4475 - debian/slapd.dirs: add etc/apparmor.d/force-complain
4476 - debian/slapd.preinst: create symlink for force-complain on pre-feisty
4477 upgrades, upgrades where apparmor-profiles profile is unchanged (ie
4478 non-enforcing) and upgrades where apparmor profile does not exist.
4479 - debian/slapd.postrm: remove symlink in force-complain/ on purge
4480 - debian/rules, debian/slapd.links: use hard links to slapd instead of
4481 symlinks for slap* so these applications aren't confined by apparmor
4482 (LP: #203898)
4483 - debian/patches/fix-assertion-io.patch: Fixes ber_flush2 assertion.
4484 (LP: #215904)
4485 - debian/patches/fix-dnpretty-assertion.patch: Fix dnPrettyNormal assertion
4486 error. (LP: #234196)
4487 - dropped debian/patches/fix-notify-crasher.patch: Fix modify timestamp crashes.
4488 (LP: #220724)
4489 - dropped debian/patches/SECURITY_CVE-2008-0658.patch. Already applied
4490 upstream.
4491 * Added debian/patches/fix-ucred-libc due to changes how newer glibc handle
4492 the ucred struct now.
4493
4494 -- Chuck Short <zulcss@ubuntu.com> Fri, 30 May 2008 17:09:53 +0100
4495
1507openldap2.3 (2.4.9-1) unstable; urgency=low4496openldap2.3 (2.4.9-1) unstable; urgency=low
15084497
1509 [ Updated debconf translations ]4498 [ Updated debconf translations ]
@@ -1574,6 +4563,51 @@ openldap2.3 (2.4.7-6.1) unstable; urgency=high
15744563
1575 -- Nico Golde <nion@debian.org> Tue, 04 Mar 2008 14:34:44 +01004564 -- Nico Golde <nion@debian.org> Tue, 04 Mar 2008 14:34:44 +0100
15764565
4566openldap2.3 (2.4.7-6ubuntu3) hardy; urgency=low
4567
4568 * remove apparmor-profile workaround for Launchpad #202161 (it's now fixed
4569 in klibc)
4570
4571 -- Jamie Strandboge <jamie@ubuntu.com> Mon, 07 Apr 2008 16:09:38 -0400
4572
4573openldap2.3 (2.4.7-6ubuntu2) hardy; urgency=low
4574
4575 * apparmor-profile workaround for Launchpad #202161
4576 * follow ApparmorProfileMigration and force apparmor complain mode on some
4577 upgrades (LP: #203529)
4578 - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
4579 - debian/slapd.dirs: add etc/apparmor.d/force-complain
4580 - debian/slapd.preinst: create symlink for force-complain/ on pre-feisty
4581 upgrades, upgrades where apparmor-profiles profile is unchanged (ie
4582 non-enforcing) and upgrades where apparmor profile does not exist
4583 - debian/slapd.postrm: remove symlink in force-complain/ on purge
4584 * debian/rules, debian/slapd.links: use hard links to slapd instead of
4585 symlinks for slap* so these applications aren't confined by apparmor
4586 (LP: #203898)
4587
4588 -- Jamie Strandboge <jamie@ubuntu.com> Tue, 18 Mar 2008 13:53:23 -0400
4589
4590openldap2.3 (2.4.7-6ubuntu1) hardy; urgency=low
4591
4592 * Merge from Debian unstable, remaining changes:
4593 + debian/patches/SECURITY_CVE-2008-0658.patch (LP: #197077)
4594 slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39
4595 allows remote authenticated users to cause a denial of service (daemon
4596 crash) via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION)
4597 control, a related issue to CVE-2007-6698.
4598 + debian/apparmor-profile: add AppArmor profile
4599 + debian/slapd.postinst: Reload AA profile on configuration
4600 + updated debian/slapd.README.Debian for note on AppArmor
4601 + debian/control: Replaces apparmor-profiles << 2.1+1075-0ubuntu4 as we
4602 should now take control
4603 + debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
4604 to make sure that if earlier version of apparmor-profiles gets
4605 installed it won't overwrite our profile
4606 + Modify Maintainer value to match the DebianMaintainerField
4607 specification.
4608
4609 -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 04 Mar 2008 01:59:51 +0000
4610
1577openldap2.3 (2.4.7-6) unstable; urgency=low4611openldap2.3 (2.4.7-6) unstable; urgency=low
15784612
1579 [ Updated debconf translations ]4613 [ Updated debconf translations ]
@@ -1619,6 +4653,37 @@ openldap2.3 (2.4.7-6) unstable; urgency=low
16194653
1620 -- Steve Langasek <vorlon@debian.org> Thu, 28 Feb 2008 22:15:17 -08004654 -- Steve Langasek <vorlon@debian.org> Thu, 28 Feb 2008 22:15:17 -0800
16214655
4656openldap2.3 (2.4.7-5ubuntu2) hardy; urgency=low
4657
4658 * SECURITY UPDATE:
4659 + debian/patches/SECURITY_CVE-2008-0658.patch (LP: #197077)
4660 slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39
4661 allows remote authenticated users to cause a denial of service (daemon crash)
4662 via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION) control, a related
4663 issue to CVE-2007-6698.
4664
4665 * References
4666 - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-0658
4667 - http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5358
4668
4669 -- Emanuele Gentili <emgent@emanuele-gentili.com> Sun, 02 Mar 2008 16:34:30 +0100
4670
4671openldap2.3 (2.4.7-5ubuntu1) hardy; urgency=low
4672
4673 * add AppArmor profile
4674 + debian/apparmor-profile
4675 + debian/slapd.postinst: Reload AA profile on configuration
4676 * updated debian/slapd.README.Debian for note on AppArmor
4677 * debian/control: Replaces apparmor-profiles << 2.1+1075-0ubuntu4 as we
4678 should now take control
4679 * debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
4680 to make sure that if earlier version of apparmor-profiles gets installed
4681 it won't overwrite our profile
4682 * Modify Maintainer value to match the DebianMaintainerField
4683 specification.
4684
4685 -- Jamie Strandboge <jamie@ubuntu.com> Wed, 13 Feb 2008 17:15:41 +0000
4686
1622openldap2.3 (2.4.7-5) unstable; urgency=low4687openldap2.3 (2.4.7-5) unstable; urgency=low
16234688
1624 [ Updated debconf translations ]4689 [ Updated debconf translations ]
diff --git a/debian/control b/debian/control
index 961e6de..5215f21 100644
--- a/debian/control
+++ b/debian/control
@@ -1,12 +1,14 @@
1Source: openldap1Source: openldap
2Section: net2Section: net
3Priority: optional3Priority: optional
4Maintainer: Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>4Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
5XSBC-Original-Maintainer: Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>
5Uploaders: Steve Langasek <vorlon@debian.org>,6Uploaders: Steve Langasek <vorlon@debian.org>,
6 Torsten Landschoff <torsten@debian.org>,7 Torsten Landschoff <torsten@debian.org>,
7 Ryan Tandy <ryan@nardis.ca>,8 Ryan Tandy <ryan@nardis.ca>,
8 Sergio Durigan Junior <sergiodj@debian.org>9 Sergio Durigan Junior <sergiodj@debian.org>
9Build-Depends: debhelper-compat (= 13),10Build-Depends: debhelper-compat (= 13),
11 dh-apparmor,
10 dpkg-dev (>= 1.17.14),12 dpkg-dev (>= 1.17.14),
11 groff-base,13 groff-base,
12 heimdal-multidev (>= 7.4.0.dfsg.1-1~) <!pkg.openldap.noslapd>,14 heimdal-multidev (>= 7.4.0.dfsg.1-1~) <!pkg.openldap.noslapd>,
@@ -43,7 +45,7 @@ Depends: ${shlibs:Depends}, libldap2 (= ${binary:Version}),
43 coreutils (>= 4.5.1-1), psmisc, perl:any (>> 5.8.0) | libmime-base64-perl,45 coreutils (>= 4.5.1-1), psmisc, perl:any (>> 5.8.0) | libmime-base64-perl,
44 adduser, ${perl:Depends}, ${misc:Depends}46 adduser, ${perl:Depends}, ${misc:Depends}
45Recommends: ldap-utils47Recommends: ldap-utils
46Suggests: libsasl2-modules,48Suggests: libsasl2-modules, ufw,
47 libsasl2-modules-gssapi-mit | libsasl2-modules-gssapi-heimdal49 libsasl2-modules-gssapi-mit | libsasl2-modules-gssapi-heimdal
48Conflicts: umich-ldapd, ldap-server, libltdl3 (= 1.5.4-1)50Conflicts: umich-ldapd, ldap-server, libltdl3 (= 1.5.4-1)
49Replaces: ldap-utils (<< 2.2.23-3)51Replaces: ldap-utils (<< 2.2.23-3)
diff --git a/debian/rules b/debian/rules
index 3fab06f..8039111 100755
--- a/debian/rules
+++ b/debian/rules
@@ -11,7 +11,7 @@ export DEB_CFLAGS_MAINT_APPEND := -Wall -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE
11export DEB_BUILD_MAINT_OPTIONS := hardening=+all11export DEB_BUILD_MAINT_OPTIONS := hardening=+all
1212
13# Expose maintainer address to build/mkversion (see debian/patches/set-maintainer-name)13# Expose maintainer address to build/mkversion (see debian/patches/set-maintainer-name)
14export DEB_MAINTAINER := $(shell sed -ne 's/Maintainer:\s\+//p' debian/control)14export DEB_MAINTAINER := $(shell sed -ne 's/^Maintainer:\s\+//p' debian/control)
1515
16# Expose DEB_VERSION to build/version.sh (see debian/patches/debian-version)16# Expose DEB_VERSION to build/version.sh (see debian/patches/debian-version)
17export DEB_VERSION17export DEB_VERSION
@@ -124,6 +124,22 @@ endif
124 find $(installdir)/usr/share/man -name \*.8 \124 find $(installdir)/usr/share/man -name \*.8 \
125 | xargs perl -pi -e 's#(\.TH \w+ 8)C#$$1#'125 | xargs perl -pi -e 's#(\.TH \w+ 8)C#$$1#'
126126
127ifeq ($(filter stage1,$(DEB_BUILD_PROFILES)),)
128override_dh_install-arch:
129 dh_install
130
131 # install AppArmor profile
132 install -D -m 644 $(CURDIR)/debian/apparmor-profile $(CURDIR)/debian/slapd/etc/apparmor.d/usr.sbin.slapd
133
134 # install Apport hook
135 install -D -m 644 $(CURDIR)/debian/slapd.py $(CURDIR)/debian/slapd/usr/share/apport/package-hooks/slapd.py
136
137 # install ufw profile
138 install -D -m 644 $(CURDIR)/debian/slapd.ufw.profile $(CURDIR)/debian/slapd/etc/ufw/applications.d/slapd
139
140 dh_apparmor -pslapd --profile-name=usr.sbin.slapd
141endif
142
127override_dh_installinit:143override_dh_installinit:
128 dh_installinit --no-restart-after-upgrade --error-handler=ignore_init_failure -- "defaults 19 80"144 dh_installinit --no-restart-after-upgrade --error-handler=ignore_init_failure -- "defaults 19 80"
129145
diff --git a/debian/slapd.README.Debian b/debian/slapd.README.Debian
index ff7d66b..a4f3f55 100644
--- a/debian/slapd.README.Debian
+++ b/debian/slapd.README.Debian
@@ -252,6 +252,17 @@ Modifications Compared to Upstream
252252
253 -- Russ Allbery <rra@debian.org>, Thu, 14 Feb 2008 18:47:07 -0800253 -- Russ Allbery <rra@debian.org>, Thu, 14 Feb 2008 18:47:07 -0800
254254
255Apparmor Profile
256----------------
257
258 If your system uses AppArmor, please note that the shipped enforcing profile
259 works with the default installation, and changes in your configuration may
260 require changes to the installed apparmor profile. Please see
261 https://wiki.ubuntu.com/DebuggingApparmor before filing a bug against this
262 software.
263
264 -- Jamie Strandboge <jamie@ubuntu.com>, Mon, 4 Feb 2008 21:18:21 -0500
265
255Migrating your installation to OpenLDAP 2.5.x266Migrating your installation to OpenLDAP 2.5.x
256267
257 OpenLDAP 2.5 is a major new release and includes several incompatible268 OpenLDAP 2.5 is a major new release and includes several incompatible
diff --git a/debian/slapd.py b/debian/slapd.py
258new file mode 100644269new file mode 100644
index 0000000..b1aed25
--- /dev/null
+++ b/debian/slapd.py
@@ -0,0 +1,51 @@
1#!/usr/bin/python3
2
3'''apport hook for slapd
4
5(c) 2010 Adam Sommer.
6Author: Adam Sommer <asommer@ubuntu.com>
7
8This program is free software; you can redistribute it and/or modify it
9under the terms of the GNU General Public License as published by the
10Free Software Foundation; either version 2 of the License, or (at your
11option) any later version. See http://www.gnu.org/copyleft/gpl.html for
12the full text of the license.
13'''
14
15from apport.hookutils import *
16import os
17
18# Scrub olcRootPW attribute and credentials strings if necessary.
19def scrub_pass_strings(config):
20 olcrootpw_regex = re.compile('olcRootPW:.*')
21 olcrootpw_string = olcrootpw_regex.search(config)
22 if olcrootpw_string:
23 config = config.replace(olcrootpw_string.group(0), 'olcRootPW: @@APPORTREPLACED@@')
24
25 credentials_regex = re.compile('credentials=.* ')
26 credentials_string = credentials_regex.search(config)
27 if credentials_string:
28 config = config.replace(credentials_string.group(0), 'credentials=@@APPORTREPLACED@@ ')
29
30 return config
31
32def add_info(report, ui):
33 response = ui.yesno("The contents of your /etc/ldap/slapd.d directory "
34 "may help developers diagnose your bug more "
35 "quickly. However, it may contain sensitive "
36 "information. Do you want to include it in your "
37 "bug report?")
38
39 if response == None: # user cancelled
40 raise StopIteration
41
42 elif response == True:
43 # Get the cn=config tree.
44 cn_config = root_command_output(['/usr/bin/ldapsearch', '-Q', '-LLL', '-Y EXTERNAL', '-H ldapi:///', '-b cn=config'])
45 report['CNConfig'] = scrub_pass_strings(cn_config)
46
47 # Get slapd messages from /var/log/syslog
48 slapd_re = re.compile('slapd', re.IGNORECASE)
49 report['SysLog'] = recent_syslog(slapd_re)
50
51 attach_mac_events(report, '/usr/sbin/slapd')
diff --git a/debian/slapd.ufw.profile b/debian/slapd.ufw.profile
0new file mode 10064452new file mode 100644
index 0000000..3c4f676
--- /dev/null
+++ b/debian/slapd.ufw.profile
@@ -0,0 +1,9 @@
1[OpenLDAP LDAP]
2title=OpenLDAP with TLS
3description=OpenLDAP is a free, fast, lightweight LDAP server
4ports=389/tcp
5
6[OpenLDAP LDAPS]
7title=OpenLDAP over SSL
8description=OpenLDAP is a free, fast, lightweight LDAP server
9ports=636/tcp
diff --git a/debian/tests/smbk5pwd b/debian/tests/smbk5pwd
index aeb5f81..aaafdbe 100755
--- a/debian/tests/smbk5pwd
+++ b/debian/tests/smbk5pwd
@@ -9,6 +9,20 @@ schema2ldif /etc/ldap/schema/hdb.schema | ldapadd -H ldapi:// -Y EXTERNAL
9chgrp openldap /var/lib/heimdal-kdc /var/lib/heimdal-kdc/*key9chgrp openldap /var/lib/heimdal-kdc /var/lib/heimdal-kdc/*key
10chmod g+rX /var/lib/heimdal-kdc /var/lib/heimdal-kdc/*key10chmod g+rX /var/lib/heimdal-kdc /var/lib/heimdal-kdc/*key
1111
12apparmor_profile="/etc/apparmor.d/usr.sbin.slapd"
13if [ -f "${apparmor_profile}" ]; then
14 if aa-status --enabled 2>/dev/null; then
15 # Adjust apparmor so slapd can read the heimdal master key
16 cat >> /etc/apparmor.d/local/usr.sbin.slapd <<EOF
17 /var/lib/heimdal-kdc/m-key rk,
18EOF
19 apparmor_parser -r -W -T "${apparmor_profile}" || {
20 # this failure may happen on armhf in Canonical infrastructure, see #1991141
21 echo "Failed to reload the ${apparmor_profile} apparmor profile, continuing anyway."
22 }
23 fi
24fi
25
12# Instantiate the smbk5pwd overlay26# Instantiate the smbk5pwd overlay
13ldapmodify -H ldapi:// -Y EXTERNAL << eof27ldapmodify -H ldapi:// -Y EXTERNAL << eof
14dn: cn=module{0},cn=config28dn: cn=module{0},cn=config

Subscribers

People subscribed via source and target branches