lp:~ttx/openldap/lucid-gssapi-495418

Created by Thierry Carrez on 2009-12-11 and last modified on 2009-12-11
Get this branch:
bzr branch lp:~ttx/openldap/lucid-gssapi-495418
Only Thierry Carrez can upload to this branch. If you are Thierry Carrez please log in for upload directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Thierry Carrez
Project:
openldap
Status:
Development

Recent revisions

20. By Thierry Carrez on 2009-12-11

* debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
  - Add --with-gssapi support
  - Make guess_service_principal() more robust when determining principal
* Enable GSSAPI support (LP: #495418):
  - debian/configure.options: Configure with --with-gssapi
  - debian/control: Added libkrb5-dev as a build depend

19. By Mathias Gug on 2009-09-07

* New upstream release: (LP: #419515):
  + pcache overlay supports disconnected mode.
* Fix nss overlay load (LP: #417163).

18. By Mathias Gug on 2009-08-11

 * Install a minimal slapd configuration instead of creating a default
   database with a default DIT:
   + Move openldap user home from /var/lib/ldap to /nonexistent.
   + Remove all code and templates dealing with the default database and DIT
     creation.
   + Add an Authz map from root user (UID=0) to cn=localroot,cn=config and
     grant all access to the latter in the cn=config database as well as the
     default backend configuration.
 * Add cn=localroot,cn=config authz mapping on upgrades.

17. By Mathias Gug on 2009-07-31

[ Thierry Carrez ]
* debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
  in the openldap library, as required by Likewise-Open (LP: #390579)

[ Mathias Gug ]
* debian/patches/its6077-uniqueness-overlay: fixes some issues with the
  uniqueness overlay.
* debian/patches/its6220-writetimeout-directive: fixes a problem with the
  writetimeout directive being in effect even if it wasn't set,
  closing connections incorrectly.
* debian/patches/its6222-dncachesize-parameter: fixes the behavior of the
  dncachesize parameter that was added in RE24, so that if it is set to
  "0" (now the default), it has an unlimited DN cache (RE23 always
  had an unlimited DN cache).

16. By Mathias Gug on 2009-07-30

[ Steve Langasek ]
* Fix up the lintian warnings:
  - add missing misc-depends on all packages
  - slapd, libldap-2.4-2-dbg sections changed to 'debug' to match archive
    overrides
  - bump Standards-Version to 3.8.2, no changes required.

[ Mathias Gug ]
* Resynchronise with Debian. Remaining changes:
  - AppArmor support:
    - debian/apparmor-profile: add AppArmor profile
    - updated debian/slapd.README.Debian for note on AppArmor
    - debian/slapd.dirs: add etc/apparmor.d/force-complain
    - debian/slapd.postrm: remove symlink in force-complain/ on purge
    - debian/rules: install apparmor profile.
  - Don't use local statement in config script as it fails if /bin/sh
    points to bash.
  - debian/slapd.postinst, debian/slapd.script-common: set correct
    ownership and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group
    readable) and /var/run/slapd (world readable).
  - Enable nssoverlay:
    - debian/patches/nssov-build, debian/rules: Build and package the nss
      overlay.
    - debian/schema/misc.ldif: add ldif file for the misc schema which
      defines rfc822MailMember (required by the nss overlay).
  - debian/{control,rules}: enable PIE hardening
  - Use cn=config as the default configuration backend instead of
    slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade
    asking the end user to enter a new password to control the access to
    the cn=config tree.
  - debian/slapd.postinst: create /var/run/slapd before updating its
    permissions.
  - debian/slapd.init: Correctly set slapd config backend option even if
    the pidfile is configured in slapd default file.
* Dropped:
  - Merged in Debian:
    - Update priority of libldap-2.4-2 to match the archive override.
    - Add the missing ldapexop and ldapurl tools to ldap-utils, as well as
      the ldapurl(1) manpage.
    - Bump build-dependency on debhelper to 6 instead of 5, since that's
      what we're using.
    - Set the default SLAPD_SERVICES to ldap:/// ldapi:///, instead of using
      the built-in default of ldap:/// only.
  - Fixed in upstream release:
    - debian/patches/fix-ldap_back_entry_get_rwa.patch: fix test-0034
      failure when built with PIE.
    - debian/patches/gnutls-enable-v1-ca-certs: Enable V1 CA certs to be
      trusted.
  - Update Apparmor profile support: don't support upgrade from pre-hardy
    systems:
    - debian/slapd.postinst: Reload AA profile on configuration
    - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
    - debian/control: Conflicts with apparmor-profiles <<
      2.1+1075-0ubuntu4 to make sure that if earlier version of
      apparmor-profiles gets installed it won't overwrite our profile.
    - follow ApparmorProfileMigration and force apparmor complain mode on
      some upgrades
    - debian/slapd.preinst: create symlink for force-complain on
      pre-feisty upgrades, upgrades where apparmor-profiles profile is
      unchanged (ie non-enforcing) and upgrades where apparmor profile
      does not exist.
  - debian/patches/autogen.sh: no longer needed with karmic libtool.
    - Call libtoolize with the --install option to install
      config.{guess,sub} files.

15. By Colin Watson on 2009-06-24

* Resynchronise with Debian. Remaining changes:
  - AppArmor support:
    - debian/apparmor-profile: add AppArmor profile
    - debian/slapd.postinst: Reload AA profile on configuration
    - updated debian/slapd.README.Debian for note on AppArmor
    - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
    - debian/control: Conflicts with apparmor-profiles <<
      2.1+1075-0ubuntu4 to make sure that if earlier version of
      apparmor-profiles gets installed it won't overwrite our profile.
    - follow ApparmorProfileMigration and force apparmor complain mode on
      some upgrades
    - debian/slapd.dirs: add etc/apparmor.d/force-complain
    - debian/slapd.preinst: create symlink for force-complain on
      pre-feisty upgrades, upgrades where apparmor-profiles profile is
      unchanged (ie non-enforcing) and upgrades where apparmor profile
      does not exist.
    - debian/slapd.postrm: remove symlink in force-complain/ on purge
  - debian/patches/autogen.sh:
    - Call libtoolize with the --install option to install
      config.{guess,sub} files.
  - Don't use local statement in config script as it fails if /bin/sh
    points to bash.
  - debian/slapd.postinst, debian/slapd.script-common: set correct
    ownership and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group
    readable) and /var/run/slapd (world readable).
  - Enable nssoverlay:
    - debian/patches/nssov-build, debian/rules: Build and package the nss
      overlay.
    - debian/schema/misc.ldif: add ldif file for the misc schema which
      defines rfc822MailMember (required by the nss overlay).
  - debian/{control,rules}: enable PIE hardening
  - Use cn=config as the default configuration backend instead of
    slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade
    asking the end user to enter a new password to control the access to
    the cn=config tree.
  - Update priority of libldap-2.4-2 to match the archive override.
  - Add the missing ldapexop and ldapurl tools to ldap-utils, as well as
    the ldapurl(1) manpage.
  - Bump build-dependency on debhelper to 6 instead of 5, since that's
    what we're using.
  - Set the default SLAPD_SERVICES to ldap:/// ldapi:///, instead of using
    the built-in default of ldap:/// only.
  - debian/patches/fix-ldap_back_entry_get_rwa.patch: fix test-0034
    failure when built with PIE.
  - debian/patches/gnutls-enable-v1-ca-certs: Enable V1 CA certs to be
    trusted.
  - debian/slapd.postinst: create /var/run/slapd before updating its
    permissions.
  - debian/slapd.init: Correctly set slapd config backend option even if
    the pidfile is configured in slapd default file.
* Drop patch to avoid the test suite on hppa, as hppa is EOL.

14. By Colin Watson on 2009-03-19

No-change rebuild to fix lpia shared library dependencies.

13. By Mathias Gug on 2009-03-13

* debian/slapd.postinst: create /var/run/slapd before updating its
  permissions (LP: #298928).
* debian/slapd.init: Correclty set slapd config backend option even if the
  pidfile is configured in slapd default file (LP: #292364).
* debian/apparmor-profile: support multiple databases to be stored under
  /var/lib/ldap/. (LP: #286614).

12. By Mathias Gug on 2009-03-06

[ Steve Langasek ]
* Update priority of libldap-2.4-2 to match the archive override.
* Add the missing ldapexop and ldapurl tools to ldap-utils, as well as the
  ldapurl(1) manpage. Thanks to Peter Marschall for the patch.
  Closes: #496749.
* Bump build-dependency on debhelper to 6 instead of 5, since that's
  what we're using. Closes: #498116.
* Set the default SLAPD_SERVICES to ldap:/// ldapi:///, instead of using
  the built-in default of ldap:/// only.

[ Mathias Gug ]
* Merge from debian unstable, remaining changes:
  - Modify Maintainer value to match the DebianMaintainerField
    speficication.
  - AppArmor support:
    - debian/apparmor-profile: add AppArmor profile
    - debian/slapd.postinst: Reload AA profile on configuration
    - updated debian/slapd.README.Debian for note on AppArmor
    - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
    - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
      to make sure that if earlier version of apparmour-profiles gets
      installed it won't overwrite our profile.
    - follow ApparmorProfileMigration and force apparmor compalin mode on
      some upgrades (LP: #203529)
    - debian/slapd.dirs: add etc/apparmor.d/force-complain
    - debian/slapd.preinst: create symlink for force-complain on pre-feisty
      upgrades, upgrades where apparmor-profiles profile is unchanged (ie
      non-enforcing) and upgrades where apparmor profile does not exist.
    - debian/slapd.postrm: remove symlink in force-complain/ on purge
  - debian/control:
    - Build-depend on libltdl7-dev rather then libltdl3-dev.
  - debian/patches/autogen.sh:
    - Call libtoolize with the --install option to install config.{guess,sub}
      files.
  - Don't use local statement in config script as it fails if /bin/sh
    points to bash (LP: #286063).
  - Disable the testsuite on hppa. Allows building of packages on this
    architecture again, once this package is in the archive.
    LP: #288908.
  - debian/slapd.postinst, debian/slapd.script-common: set correct ownership
    and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group readable) and
    /var/run/slapd (world readable). (LP: #257667).
  - Enable nssoverlay:
    - debian/patches/nssov-build, debian/rules: Build and package
      the nss overlay.
    - debian/schema/misc.ldif: add ldif file for the misc schema
      which defines rfc822MailMember (required by the nss overlay).
  - debian/{control,rules}: enable PIE hardening
  - Use cn=config as the default configuration backend instead of
    slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade
    asking the end user to enter a new password to control the access to the
    cn=config tree.
* Dropped:
  - debian/patches/corrupt-contextCSN: The contextCSN can get corrupted at
    times. (ITS: #5947) Fixed in new upstream version 2.4.15.
  - debian/patches/fix-ucred-libc due to changes how newer glibc handle
    the ucred struct now. Implemented in Debian.
* debian/patches/fix-ldap_back_entry_get_rwa.patch: fix test-0034 failure
  when built with PIE.
* debian/patches/gnutls-enable-v1-ca-certs: Enable V1 CA certs to be
  trusted (LP: #305264).

11. By Mathias Gug on 2009-02-18

[ Steve Langasek ]
* New upstream version
  - Fixes a bug with the pcache overlay not returning cached entries
    (closes: #497697)
  - Update evolution-ntlm patch to apply to current Makefiles.
  - (tentatively) drop gnutls-ciphers, since this bug was reported to be
    fixed upstream in 2.4.8. The fix applied in 2.4.8 didn't match the
    patch from the bug report, so this should be watched for regressions.
* Build against db4.7 instead of db4.2 at last! Closes: #421946.
* Build with --disable-ndb, to avoid a misbuild when libmysqlclient is
  installed in the build environment.
* New patch, no-crlcheck-for-gnutls, to fix a build failure when using
  --with-tls=gnutls.

[ Mathias Gug ]
* Merge from debian unstable, remaining changes:
  - debian/apparmor-profile: add AppArmor profile
  - debian/slapd.postinst: Reload AA profile on configuration
  - updated debian/slapd.README.Debian for note on AppArmor
  - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
  - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
    to make sure that if earlier version of apparmour-profiles gets
    installed it won't overwrite our profile.
  - Modify Maintainer value to match the DebianMaintainerField
    speficication.
  - follow ApparmorProfileMigration and force apparmor compalin mode on
    some upgrades (LP: #203529)
  - debian/slapd.dirs: add etc/apparmor.d/force-complain
  - debian/slapd.preinst: create symlink for force-complain on pre-feisty
    upgrades, upgrades where apparmor-profiles profile is unchanged (ie
    non-enforcing) and upgrades where apparmor profile does not exist.
  - debian/slapd.postrm: remove symlink in force-complain/ on purge
  - debian/patches/fix-ucred-libc due to changes how newer glibc handle
    the ucred struct now.
  - debian/control:
    - Build-depend on libltdl7-dev rather then libltdl3-dev.
  - debian/patches/autogen.sh:
    - Call libtoolize with the --install option to install config.{guess,sub}
      files.
  - Don't use local statement in config script as it fails if /bin/sh
    points to bash (LP: #286063).
  - Disable the testsuite on hppa. Allows building of packages on this
    architecture again, once this package is in the archive.
    LP: #288908.
  - debian/slapd.postinst, debian/slapd.script-common: set correct ownership
    and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group readable) and
    /var/run/slapd (world readable). (LP: #257667).
  - debian/patches/nssov-build, debian/rules:
    Build and package the nss overlay.
    debian/schema/misc.ldif: add ldif file for the misc schema, which defines
    rfc822MailMember (required by the nss overlay).
  - debian/{control,rules}: enable PIE hardening
  - Use cn=config as the default configuration backend instead of
    slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade
    asking the end user to enter a new password to control the access to the
    cn=config tree.
* debian/patches/corrupt-contextCSN: The contextCSN can get corrupted at
  times. (ITS: #5947)

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
This branch contains Public information 
Everyone can see this information.

Subscribers