lp:ubuntu/hardy/openldap2.3
- Get this branch:
- bzr branch lp:ubuntu/hardy/openldap2.3
Branch merges
Branch information
- Owner:
- Ubuntu branches
- Status:
- Mature
Recent revisions
- 16. By Jamie Strandboge
-
remove apparmor-profile workaround for Launchpad #202161 (it's now fixed
in klibc) - 15. By Jamie Strandboge
-
* apparmor-profile workaround for Launchpad #202161
* follow ApparmorProfileMigration and force apparmor complain mode on some
upgrades (LP: #203529)
- debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
- debian/slapd.dirs: add etc/apparmor.d/force- complain
- debian/slapd.preinst: create symlink for force-complain/ on pre-feisty
upgrades, upgrades where apparmor-profiles profile is unchanged (ie
non-enforcing) and upgrades where apparmor profile does not exist
- debian/slapd.postrm: remove symlink in force-complain/ on purge
* debian/rules, debian/slapd.links: use hard links to slapd instead of
symlinks for slap* so these applications aren't confined by apparmor
(LP: #203898) - 14. By Steve Langasek
-
* Merge from Debian unstable, remaining changes:
+ debian/patches/ SECURITY_ CVE-2008- 0658.patch (LP: #197077)
slapd/back-bdb/ modrdn. c in the BDB backend for slapd in OpenLDAP 2.3.39
allows remote authenticated users to cause a denial of service (daemon
crash) via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION)
control, a related issue to CVE-2007-6698.
+ debian/apparmor- profile: add AppArmor profile
+ debian/slapd.postinst: Reload AA profile on configuration
+ updated debian/slapd.README. Debian for note on AppArmor
+ debian/control: Replaces apparmor-profiles << 2.1+1075-0ubuntu4 as we
should now take control
+ debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
to make sure that if earlier version of apparmor-profiles gets
installed it won't overwrite our profile
+ Modify Maintainer value to match the DebianMaintainerField
specification. - 13. By Emanuele Gentili
-
* SECURITY UPDATE:
+ debian/patches/ SECURITY_ CVE-2008- 0658.patch (LP: #197077)
slapd/back-bdb/ modrdn. c in the BDB backend for slapd in OpenLDAP 2.3.39
allows remote authenticated users to cause a denial of service (daemon crash)
via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION) control, a related
issue to CVE-2007-6698.* References
- http://www.cve. mitre.org/ cgi-bin/ cvename. cgi?name= 2008-0658
- http://www.openldap. org/its/ index.cgi/ Software% 20Bugs? id=5358 - 12. By Jamie Strandboge
-
* add AppArmor profile
+ debian/apparmor- profile
+ debian/slapd.postinst: Reload AA profile on configuration
* updated debian/slapd.README. Debian for note on AppArmor
* debian/control: Replaces apparmor-profiles << 2.1+1075-0ubuntu4 as we
should now take control
* debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
to make sure that if earlier version of apparmor-profiles gets installed
it won't overwrite our profile
* Modify Maintainer value to match the DebianMaintainerField
specification. - 11. By Steve Langasek
-
[ Updated debconf translations ]
* Finnish, thanks to Esko Arajärvi <email address hidden>. Closes: #462688.
* Galician, thanks to Jacobo Tarrio <email address hidden>. Closes: #462987.
* French, thanks to Christian Perrier <email address hidden>.
Closes: #463149.
* Russian, thanks to Yuri Kozlov <email address hidden>. Closes: #463442.
* Czech, thanks to Miroslav Kure <email address hidden>. Closes: #463472.
* German, thanks to Helge Kreutzmann <email address hidden>.
Closes: #464718.[ Steve Langasek ]
* Fix various regressions related to the introduction of GnuTLS:
- Add new patch, gnutls-ciphers, to fix support for specifying multiple
ciphers with TLSCipherSuite option in slapd.conf. Thanks to Kyle
Moffett <email address hidden> for the patch. Closes LP: #188200.
- Add new patch, slapd-tlsverifyclient- default, to set the intended
default value of "TLSVerifyClient never" in the right place.
- Add new patch, gnutls-altname- nulterminated, to account for differences
in how the "length" is returned for commonName vs. subjectAltName.
- Comment out TLSCipherSuite settings on upgrade from all versions prior
to 2.4.7-5, and throw a debconf error to the user notifying them of
this, since all OpenSSL cipher suite values are incompatible with
GnuTLS.
Closes: #462588.
* Add new patch from upstream, entryCSN-backwards- compatibility, to support
auto-converting entryCSN attributes in a previously supported old format,
fixing an upgrade failure. Closes: #462099.
* Use --retry TERM/10 instead of --retry 10 when stopping slapd, since the
latter resorts to a SIGKILL and may corrupt backend data; whereas the
former will exit non-zero if slapd is still running but won't directly
cause data-loss. Thanks to Mark McDonald for the patch. LP: #92139.
* Fix manpage symlinks in libldap2-dev; thanks to Reuben Thomas for
reporting. Closes: #463971.
* Fix a superfluous space in the debconf templates, due to a trailing space
in the templates. Closes: #464719. - 10. By Steve Langasek
-
[ Steve Langasek ]
* Build-conflict with libicu-dev, for consistent dependencies in all
build environments.
* Fix an oversight in the checkpoint migration, which caused the checkpoint
option to not be moved far enough down. Closes: #462304, LP: #185257.
* Build-depend on unixodbc instead of iODBC.[ Updated debconf translations ]
* Japanese, thanks to Kenshi Muto <email address hidden>. Closes: #462191. - 9. By Steve Langasek
-
Add missing build-dependency on groff-base, to allow use of soelim during
build. - 8. By Russ Allbery
-
* Medium severity due to denial of service fix.
* New upstream release.
- CVE-2007-5708: Fix remote denial of service attack in slapo-pcache
(the overlay for proxy caching). (Closes: #448644)
- Multiple additional more minor bug fixes.
* Document in the default slapd.conf that dbconfig options only generate
the DB_CONFIG file on first slapd start and have no effect afterwards
unless DB_CONFIG is removed. (Closes: #442191)
* Inline the checkpoint and BerkeleyDB backend settings in the default
slapd.conf rather than generating them dynamically in postinst. All
the allowable default database choices are now BerekelyDB variants and
will probably continue to be so for the forseeable future, and this is
easier to maintain.
* Drop debconf questions, warnings, and maintainer script functions
dealing with upgrades from OpenLDAP 2.1, which is now too hold for
supported direct upgrades. (Closes: #444806)
* Add a watch file. Thanks, Fernando Ribeiro. (Closes: #435290)
* Add Homepage, Vcs-Svn, and Vcs-Browser control fields. - 7. By Matthijs Mohlmann
-
[ Steve Langasek ]
* Drop debian/patches/ use-lpthread, which is no longer needed on mips*
because gcc has been fixed.
* Drop debian/patches/ add-autogen- sh, also no longer needed now that
the above patch is gone.[ Matthijs Mohlmann ]
* Fix bashism in initscript. (Closes: #428883)
* Drop upstream patches ITS4924, ITS4925 and ITS4966.
* Add patch for objectClasses which causes slapd to crash. (Closes: #440632)
- Upstream bug ITS5119.
* Change default loglevel to none, to log high priority messages.
(Closes: #442000)
* Tighten up the build dependencies, now that autogen patch is removed.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)