lp:ubuntu/jaunty-updates/openldap
- Get this branch:
- bzr branch lp:ubuntu/jaunty-updates/openldap
Branch merges
Branch information
Recent revisions
- 15. By Steve Beattie
-
* SECURITY UPDATE: null ptr deref, free uninitialized data in modrdn calls
- openldap-2.4.22- CVE-2010- 0211-modrdn_ check_error. patch:
- check return for errors and clean up uninitialized data
- openldap-2.4.22- CVE-2010- 0212-modrdn_ null_deref. patch:
- return error on 0-length or binary RDNs
- CVE-2010-0211, CVE-2010-0212 - 13. By Mathias Gug
-
* debian/
slapd.postinst: create /var/run/slapd before updating its
permissions (LP: #298928).
* debian/slapd.init: Correclty set slapd config backend option even if the
pidfile is configured in slapd default file (LP: #292364).
* debian/apparmor- profile: support multiple databases to be stored under
/var/lib/ldap/. (LP: #286614). - 12. By Mathias Gug
-
[ Steve Langasek ]
* Update priority of libldap-2.4-2 to match the archive override.
* Add the missing ldapexop and ldapurl tools to ldap-utils, as well as the
ldapurl(1) manpage. Thanks to Peter Marschall for the patch.
Closes: #496749.
* Bump build-dependency on debhelper to 6 instead of 5, since that's
what we're using. Closes: #498116.
* Set the default SLAPD_SERVICES to ldap:/// ldapi:///, instead of using
the built-in default of ldap:/// only.[ Mathias Gug ]
* Merge from debian unstable, remaining changes:
- Modify Maintainer value to match the DebianMaintainerField
speficication.
- AppArmor support:
- debian/apparmor- profile: add AppArmor profile
- debian/slapd.postinst: Reload AA profile on configuration
- updated debian/slapd.README. Debian for note on AppArmor
- debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
- debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
to make sure that if earlier version of apparmour-profiles gets
installed it won't overwrite our profile.
- follow ApparmorProfileMigration and force apparmor compalin mode on
some upgrades (LP: #203529)
- debian/slapd.dirs: add etc/apparmor.d/force- complain
- debian/slapd.preinst: create symlink for force-complain on pre-feisty
upgrades, upgrades where apparmor-profiles profile is unchanged (ie
non-enforcing) and upgrades where apparmor profile does not exist.
- debian/slapd.postrm: remove symlink in force-complain/ on purge
- debian/control:
- Build-depend on libltdl7-dev rather then libltdl3-dev.
- debian/patches/ autogen. sh:
- Call libtoolize with the --install option to install config.{guess,sub}
files.
- Don't use local statement in config script as it fails if /bin/sh
points to bash (LP: #286063).
- Disable the testsuite on hppa. Allows building of packages on this
architecture again, once this package is in the archive.
LP: #288908.
- debian/slapd.postinst, debian/ slapd.script- common: set correct ownership
and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group readable) and
/var/run/slapd (world readable). (LP: #257667).
- Enable nssoverlay:
- debian/patches/ nssov-build, debian/rules: Build and package
the nss overlay.
- debian/schema/ misc.ldif: add ldif file for the misc schema
which defines rfc822MailMember (required by the nss overlay).
- debian/{control, rules}: enable PIE hardening
- Use cn=config as the default configuration backend instead of
slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade
asking the end user to enter a new password to control the access to the
cn=config tree.
* Dropped:
- debian/patches/ corrupt- contextCSN: The contextCSN can get corrupted at
times. (ITS: #5947) Fixed in new upstream version 2.4.15.
- debian/patches/ fix-ucred- libc due to changes how newer glibc handle
the ucred struct now. Implemented in Debian.
* debian/patches/ fix-ldap_ back_entry_ get_rwa. patch: fix test-0034 failure
when built with PIE.
* debian/patches/ gnutls- enable- v1-ca-certs: Enable V1 CA certs to be
trusted (LP: #305264). - 11. By Mathias Gug
-
[ Steve Langasek ]
* New upstream version
- Fixes a bug with the pcache overlay not returning cached entries
(closes: #497697)
- Update evolution-ntlm patch to apply to current Makefiles.
- (tentatively) drop gnutls-ciphers, since this bug was reported to be
fixed upstream in 2.4.8. The fix applied in 2.4.8 didn't match the
patch from the bug report, so this should be watched for regressions.
* Build against db4.7 instead of db4.2 at last! Closes: #421946.
* Build with --disable-ndb, to avoid a misbuild when libmysqlclient is
installed in the build environment.
* New patch, no-crlcheck-for-gnutls, to fix a build failure when using
--with-tls=gnutls. [ Mathias Gug ]
* Merge from debian unstable, remaining changes:
- debian/apparmor- profile: add AppArmor profile
- debian/slapd.postinst: Reload AA profile on configuration
- updated debian/slapd.README. Debian for note on AppArmor
- debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
- debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
to make sure that if earlier version of apparmour-profiles gets
installed it won't overwrite our profile.
- Modify Maintainer value to match the DebianMaintainerField
speficication.
- follow ApparmorProfileMigration and force apparmor compalin mode on
some upgrades (LP: #203529)
- debian/slapd.dirs: add etc/apparmor.d/force- complain
- debian/slapd.preinst: create symlink for force-complain on pre-feisty
upgrades, upgrades where apparmor-profiles profile is unchanged (ie
non-enforcing) and upgrades where apparmor profile does not exist.
- debian/slapd.postrm: remove symlink in force-complain/ on purge
- debian/patches/ fix-ucred- libc due to changes how newer glibc handle
the ucred struct now.
- debian/control:
- Build-depend on libltdl7-dev rather then libltdl3-dev.
- debian/patches/ autogen. sh:
- Call libtoolize with the --install option to install config.{guess,sub}
files.
- Don't use local statement in config script as it fails if /bin/sh
points to bash (LP: #286063).
- Disable the testsuite on hppa. Allows building of packages on this
architecture again, once this package is in the archive.
LP: #288908.
- debian/slapd.postinst, debian/ slapd.script- common: set correct ownership
and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group readable) and
/var/run/slapd (world readable). (LP: #257667).
- debian/patches/ nssov-build, debian/rules:
Build and package the nss overlay.
debian/schema/ misc.ldif: add ldif file for the misc schema, which defines
rfc822MailMember (required by the nss overlay).
- debian/{control, rules}: enable PIE hardening
- Use cn=config as the default configuration backend instead of
slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade
asking the end user to enter a new password to control the access to the
cn=config tree.
* debian/patches/ corrupt- contextCSN: The contextCSN can get corrupted at
times. (ITS: #5947) - 10. By Mathias Gug
-
Don't use local statement in config script as it fails if /bin/sh
points to bash (LP: #286063). - 9. By Matthias Klose
-
Disable the testsuite on hppa. Allows building of packages on this
architecture again, once this package is in the archive.
LP: #288908. - 8. By Mathias Gug
-
Don't set admin passwords in ldif files if adminpw is empty.
(LP: #273988LP: #276606). - 7. By Mathias Gug
-
* debian/
slapd.postinst, debian/ slapd.script- common: set correct ownership
and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group readable) and
/var/run/slapd (world readable). (LP: #257667).
* debian/slapd.script- common:
- Fix package reconfiguration:
+ Remove slapd.d/ directory if it already exists when creating a new
configuration.
+ Fix backup directory naming for multiple reconfiguration. - 6. By Mathias Gug
-
* debian/
patches/ nssov-build, debian/rules:
Build and package the nss overlay.
* debian/schema/ misc.ldif: add ldif file for the misc schema, which defines
rfc822MailMember (required by the nss overlay).
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/maverick/openldap