lp:ubuntu/hardy/openldap2.3

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

16. By Jamie Strandboge on 2008-04-07

remove apparmor-profile workaround for Launchpad #202161 (it's now fixed
in klibc)

15. By Jamie Strandboge on 2008-03-18

* apparmor-profile workaround for Launchpad #202161
* follow ApparmorProfileMigration and force apparmor complain mode on some
  upgrades (LP: #203529)
  - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
  - debian/slapd.dirs: add etc/apparmor.d/force-complain
  - debian/slapd.preinst: create symlink for force-complain/ on pre-feisty
    upgrades, upgrades where apparmor-profiles profile is unchanged (ie
    non-enforcing) and upgrades where apparmor profile does not exist
  - debian/slapd.postrm: remove symlink in force-complain/ on purge
* debian/rules, debian/slapd.links: use hard links to slapd instead of
  symlinks for slap* so these applications aren't confined by apparmor
  (LP: #203898)

14. By Steve Langasek on 2008-03-04

* Merge from Debian unstable, remaining changes:
  + debian/patches/SECURITY_CVE-2008-0658.patch (LP: #197077)
    slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39
    allows remote authenticated users to cause a denial of service (daemon
    crash) via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION)
    control, a related issue to CVE-2007-6698.
  + debian/apparmor-profile: add AppArmor profile
  + debian/slapd.postinst: Reload AA profile on configuration
  + updated debian/slapd.README.Debian for note on AppArmor
  + debian/control: Replaces apparmor-profiles << 2.1+1075-0ubuntu4 as we
    should now take control
  + debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
    to make sure that if earlier version of apparmor-profiles gets
    installed it won't overwrite our profile
  + Modify Maintainer value to match the DebianMaintainerField
    specification.

13. By Emanuele Gentili on 2008-03-02

* SECURITY UPDATE:
 + debian/patches/SECURITY_CVE-2008-0658.patch (LP: #197077)
   slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39
   allows remote authenticated users to cause a denial of service (daemon crash)
   via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION) control, a related
   issue to CVE-2007-6698.

* References
 - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-0658
 - http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5358

12. By Jamie Strandboge on 2008-02-13

* add AppArmor profile
  + debian/apparmor-profile
  + debian/slapd.postinst: Reload AA profile on configuration
* updated debian/slapd.README.Debian for note on AppArmor
* debian/control: Replaces apparmor-profiles << 2.1+1075-0ubuntu4 as we
  should now take control
* debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
  to make sure that if earlier version of apparmor-profiles gets installed
  it won't overwrite our profile
* Modify Maintainer value to match the DebianMaintainerField
  specification.

11. By Steve Langasek on 2008-02-09

[ Updated debconf translations ]
* Finnish, thanks to Esko Arajärvi <email address hidden>. Closes: #462688.
* Galician, thanks to Jacobo Tarrio <email address hidden>. Closes: #462987.
* French, thanks to Christian Perrier <email address hidden>.
  Closes: #463149.
* Russian, thanks to Yuri Kozlov <email address hidden>. Closes: #463442.
* Czech, thanks to Miroslav Kure <email address hidden>. Closes: #463472.
* German, thanks to Helge Kreutzmann <email address hidden>.
  Closes: #464718.

[ Steve Langasek ]
* Fix various regressions related to the introduction of GnuTLS:
  - Add new patch, gnutls-ciphers, to fix support for specifying multiple
    ciphers with TLSCipherSuite option in slapd.conf. Thanks to Kyle
    Moffett <email address hidden> for the patch. Closes LP: #188200.
  - Add new patch, slapd-tlsverifyclient-default, to set the intended
    default value of "TLSVerifyClient never" in the right place.
  - Add new patch, gnutls-altname-nulterminated, to account for differences
    in how the "length" is returned for commonName vs. subjectAltName.
  - Comment out TLSCipherSuite settings on upgrade from all versions prior
    to 2.4.7-5, and throw a debconf error to the user notifying them of
    this, since all OpenSSL cipher suite values are incompatible with
    GnuTLS.
  Closes: #462588.
* Add new patch from upstream, entryCSN-backwards-compatibility, to support
  auto-converting entryCSN attributes in a previously supported old format,
  fixing an upgrade failure. Closes: #462099.
* Use --retry TERM/10 instead of --retry 10 when stopping slapd, since the
  latter resorts to a SIGKILL and may corrupt backend data; whereas the
  former will exit non-zero if slapd is still running but won't directly
  cause data-loss. Thanks to Mark McDonald for the patch. LP: #92139.
* Fix manpage symlinks in libldap2-dev; thanks to Reuben Thomas for
  reporting. Closes: #463971.
* Fix a superfluous space in the debconf templates, due to a trailing space
  in the templates. Closes: #464719.

10. By Steve Langasek on 2008-01-25

[ Steve Langasek ]
* Build-conflict with libicu-dev, for consistent dependencies in all
  build environments.
* Fix an oversight in the checkpoint migration, which caused the checkpoint
  option to not be moved far enough down. Closes: #462304, LP: #185257.
* Build-depend on unixodbc instead of iODBC.

[ Updated debconf translations ]
* Japanese, thanks to Kenshi Muto <email address hidden>. Closes: #462191.

9. By Steve Langasek on 2008-01-21

Add missing build-dependency on groff-base, to allow use of soelim during
build.

8. By Russ Allbery on 2007-11-12

* Medium severity due to denial of service fix.
* New upstream release.
  - CVE-2007-5708: Fix remote denial of service attack in slapo-pcache
    (the overlay for proxy caching). (Closes: #448644)
  - Multiple additional more minor bug fixes.
* Document in the default slapd.conf that dbconfig options only generate
  the DB_CONFIG file on first slapd start and have no effect afterwards
  unless DB_CONFIG is removed. (Closes: #442191)
* Inline the checkpoint and BerkeleyDB backend settings in the default
  slapd.conf rather than generating them dynamically in postinst. All
  the allowable default database choices are now BerekelyDB variants and
  will probably continue to be so for the forseeable future, and this is
  easier to maintain.
* Drop debconf questions, warnings, and maintainer script functions
  dealing with upgrades from OpenLDAP 2.1, which is now too hold for
  supported direct upgrades. (Closes: #444806)
* Add a watch file. Thanks, Fernando Ribeiro. (Closes: #435290)
* Add Homepage, Vcs-Svn, and Vcs-Browser control fields.

7. By Matthijs Mohlmann on 2007-09-17

[ Steve Langasek ]
* Drop debian/patches/use-lpthread, which is no longer needed on mips*
  because gcc has been fixed.
* Drop debian/patches/add-autogen-sh, also no longer needed now that
  the above patch is gone.

[ Matthijs Mohlmann ]
* Fix bashism in initscript. (Closes: #428883)
* Drop upstream patches ITS4924, ITS4925 and ITS4966.
* Add patch for objectClasses which causes slapd to crash. (Closes: #440632)
  - Upstream bug ITS5119.
* Change default loglevel to none, to log high priority messages.
  (Closes: #442000)
* Tighten up the build dependencies, now that autogen patch is removed.