-
openldap (2.5.13+dfsg-5) unstable; urgency=medium
* Fix sha2-contrib autopkgtest failure. Call slappasswd using its full path.
(Closes: #1030814)
* Disable flaky test test069-delta-multiprovider-starttls.
-- Ryan Tandy <email address hidden> Tue, 07 Feb 2023 17:56:12 -0800
-
openldap (2.5.13+dfsg-4) unstable; urgency=medium
[ Andreas Hasenack ]
* d/rules: Fix passwd/sha2 build (Closes: #1030716, LP: #2000817)
* d/t/sha2-contrib: add test for sha2 module
-- Ryan Tandy <email address hidden> Mon, 06 Feb 2023 19:21:05 -0800
-
openldap (2.5.13+dfsg-3) unstable; urgency=medium
[ Ryan Tandy ]
* Disable flaky test test063-delta-multiprovider. Mitigates #1010608.
[ Gioele Barabucci ]
* slapd.scripts-common: Avoid double-UTF8-encoding org name (Closes: #1016185)
* d/slapd.scripts-common: Remove outdated `migrate_to_slapd_d_style`
* d/slapd.postinst: Remove test for ancient version
* slapd.scripts-common: Remove unused `normalize_ldif`
* d/slapd.scripts-common: Use sed instead of perl in `release_diagnostics`
-- Ryan Tandy <email address hidden> Fri, 13 Jan 2023 16:29:59 -0800
-
openldap (2.5.13+dfsg-2) unstable; urgency=medium
* d/tests/smbk5pwd: Grant slapd access to /var/lib/heimdal-kdc. Fixes the
autopkgtest failure due to heimdal setting mode 700 on this directory.
(Closes: #1020442)
* d/source/lintian-overrides: Add wildcards to make overrides compatible
with both older and newer versions of lintian.
* d/slapd-contrib.lintian-overrides: Remove unused
custom-library-search-path override now that krb5-config no longer sets
-rpath.
-- Ryan Tandy <email address hidden> Sat, 24 Sep 2022 12:40:21 -0700
-
openldap (2.5.13+dfsg-1) unstable; urgency=medium
* d/rules: Remove get-orig-source, now unnecessary.
* Check PGP signature when running uscan.
* d/watch: Modernize watch file; use repacksuffix.
* d/copyright: Update according to DEP-5.
* d/control: Add myself to Uploaders.
* New upstream release.
-- Sergio Durigan Junior <email address hidden> Sun, 18 Sep 2022 18:29:46 -0400
-
openldap (2.5.12+dfsg-2) unstable; urgency=medium
* Stop slapd explicitly in prerm as a workaround for #1006147, which caused
dpkg-reconfigure to not restart the service, so the new configuration was
not applied. See also #994204. (Closes: #1010971)
-- Ryan Tandy <email address hidden> Mon, 23 May 2022 10:14:53 -0700
-
openldap (2.5.12+dfsg-1) unstable; urgency=medium
* New upstream release.
- Fixed SQL injection in back-sql (ITS#9815) (CVE-2022-29155)
* Update debconf translations:
- German, thanks to Helge Kreutzmann. (Closes: #1007728)
- Spanish, thanks to Camaleón. (Closes: #1008529)
- Dutch, thanks to Frans Spiesschaert. (Closes: #1010034)
-- Ryan Tandy <email address hidden> Wed, 04 May 2022 18:00:16 -0700
-
openldap (2.5.11+dfsg-1) unstable; urgency=medium
* Upload to unstable.
-- Ryan Tandy <email address hidden> Fri, 11 Mar 2022 19:38:02 -0800
-
openldap (2.4.59+dfsg-1) unstable; urgency=medium
* New upstream release.
* Fix FTBFS with autoconf 2.71 (Closes: #993032):
- Backport upstream changes to support Autoconf 2.69 instead of simply
disabling automake in debian/rules. Fixes FTBFS due to autoreconf
thinking files required by Automake are missing, even though Automake is
not actually used.
- Stop running autoreconf in contrib/ldapc++ since we don't build it.
- Drop custom config.{guess,sub} handling. dh_update_autotools_config does
the right thing for us.
* Update Standards-Version to 4.6.0; no changes required.
* Add a superficial autopkgtest for smbk5pwd.
* Stop disabling test060-mt-hot on ppc64el. The underlying kernel bug
(#866122) is fixed in all relevant suites by now.
-- Ryan Tandy <email address hidden> Fri, 27 Aug 2021 09:42:31 -0700
-
openldap (2.4.57+dfsg-3) unstable; urgency=medium
* Link smbk5pwd with -lkrb5. (Closes: #988565)
-- Ryan Tandy <email address hidden> Sat, 15 May 2021 16:03:34 -0700
-
openldap (2.4.57+dfsg-2) unstable; urgency=medium
* Fix slapd assertion failure in Certificate List Exact Assertion validation
(ITS#9454) (CVE-2021-27212)
-- Ryan Tandy <email address hidden> Sun, 14 Feb 2021 09:26:41 -0800
-
openldap (2.4.57+dfsg-1) unstable; urgency=medium
* New upstream release.
-- Ryan Tandy <email address hidden> Sat, 23 Jan 2021 08:57:07 -0800
-
openldap (2.4.56+dfsg-1) unstable; urgency=medium
* New upstream release.
- Fixed slapd abort due to assertion failure in Certificate List syntax
validation (ITS#9383)
- Fixed slapd abort due to assertion failure in CSN normalization with
invalid input (ITS#9384)
-- Ryan Tandy <email address hidden> Wed, 11 Nov 2020 09:13:56 -0800
-
openldap (2.4.55+dfsg-1) unstable; urgency=medium
* New upstream release.
- Fixed slapd normalization handling with modrdn (ITS#9370)
-- Ryan Tandy <email address hidden> Tue, 27 Oct 2020 21:07:29 -0700
-
openldap (2.4.54+dfsg-1) unstable; urgency=medium
* New upstream release.
* Change upstream Homepage and get-orig-source URLs to HTTPS.
* Create debian/gbp.conf.
-- Ryan Tandy <email address hidden> Sun, 18 Oct 2020 16:03:46 +0000
-
openldap (2.4.53+dfsg-1) unstable; urgency=medium
* New upstream release.
-- Ryan Tandy <email address hidden> Mon, 07 Sep 2020 09:47:28 -0700
-
openldap (2.4.51+dfsg-1) unstable; urgency=medium
* New upstream release.
- Add ldap_parse_password_expiring_control to libldap-2.4-2.symbols.
* Merge some changes from Ubuntu:
- slapd.default, slapd.README.Debian: update to refer to slapd.d instead
of slapd.conf.
- debian/slapd.scripts-common: dump_databases: make slapcat_opts a local
variable.
* Drop paragraph about patch gnutls-altname-nulterminated (#465197) from
slapd.README.Debian. The patch referred to was dropped in 2.4.7-6.
* debian/patches/set-maintainer-name: Extract maintainer address dynamically
from debian/control. (Closes: #960448)
* Fix Torsten's email address in a historic debian/changelog entry to
resolve a Lintian error (bogus-mail-host-in-debian-changelog).
* Rename debian/source.lintian-overrides to debian/source/lintian-overrides.
Fixes a Lintian pedantic tag (old-source-override-location).
* Override Lintian pedantic tag maintainer-manual-page for
slapo-pw-pbkdf2.5, which will be included upstream in a future release.
* Remove the trailing whitespaces from debian/changelog, debian/control, and
debian/rules. Fixes a Lintian pedantic tag (trailing-whitespace).
* Convert debian/po/de.po to UTF-8. Fixes a Lintian warning
(national-encoding).
* Relax libldap's dependency on libldap-common to Recommends.
This is intended to mitigate the impact of bug #915948 in the case where
the arch:all build is delayed for so long that the old libldap-common
disappears. Previously, a delayed arch:all build could become
BD-Uninstallable if new amd64 binaries were published before the arch:all
build starts, due to the transitive build-dependency on libldap.
Although libldap works fine without libldap-common, in normal
installations it is still recommended to install libldap-common.
* Append a timestamp to the backup directory created by dpkg-reconfigure.
(Closes: #599585, #960449)
* Remove the redundant cn=admin,<suffix> entry from the default DIT for new
installs. For new installs going forward, the root credentials will be
stored in olcRootDN/olcRootPW only. (Closes: #821331)
* Change slapd's Suggests: ldap-utils to Recommends. While any LDAP client
suffices, ldap-utils contains the standard tools recommended by upstream
for basic administration and management.
* Relax Recommends: libsasl2-modules to Suggests on slapd and ldap-utils.
Many deployments do not use SASL at all, and therefore SASL mechanisms are
not needed "in all but unusual installations".
-- Ryan Tandy <email address hidden> Sun, 23 Aug 2020 11:09:57 -0700
-
openldap (2.4.50+dfsg-1) unstable; urgency=medium
* New upstream release.
- Fixed slapd to limit depth of nested filters
(ITS#9202) (CVE-2020-12243)
- Drop patches included upstream: argon2.patch, ITS#9171, ITS#8650.
* Update Spanish debconf translation.
Thanks to Camaleón. (Closes: #958869)
-- Ryan Tandy <email address hidden> Tue, 28 Apr 2020 10:18:12 -0700
-
openldap (2.4.49+dfsg-4) unstable; urgency=medium
* Annotate libsodium-dev dependency with <!pkg.openldap.noslapd>.
Thanks to Helmut Grohne. (Closes: #955993)
* Add the man page for the Argon2 password module.
Thanks to Peter Marschall. (Closes: #955977)
* Build the Argon2 password module with libargon2-dev instead of
libsodium-dev. Rationale:
- libargon2 contains the specific functionality needed; libsodium is a
larger library and contains many features not used here
- libsodium does not support configuring the p= (parallelism) parameter
* Import upstream patch to properly retry gnutls_handshake() after it
returns GNUTLS_E_AGAIN. (ITS#8650) (Closes: #861838)
* Update the Argon2 password module to upstream commit feb6f21d2e.
-- Ryan Tandy <email address hidden> Tue, 14 Apr 2020 21:33:16 -0700
-
openldap (2.4.49+dfsg-3) unstable; urgency=medium
* Drop patch no-AM_INIT_AUTOMAKE. Instead, configure dh_autoreconf to skip
automake by setting AUTOMAKE=/bin/true. (Closes: #864637)
* debian/patches/debian-version: Show Debian version, instead of upstream
version, in version strings.
* Add ${perl:Depends} to slapd Depends to silence a dpkg-gencontrol warning.
This is practically a no-op since slapd explicitly Depends on perl because
of the maintainer scripts.
* Import the Argon2 password module from upstream git and install it in
slapd-contrib. New Build-Depends: libsodium-dev. (Closes: #920283)
-- Ryan Tandy <email address hidden> Sat, 04 Apr 2020 10:43:56 -0700
-
openldap (2.4.49+dfsg-2) unstable; urgency=medium
* slapd.README.Debian: Document the initial setup performed by slapd's
maintainer scripts in more detail. Thanks to Karl O. Pinc.
(Closes: #952501)
* Import upstream patch to fix slapd crashing in certain configurations when
a client attempts a login to a locked account.
(ITS#9171) (Closes: #953150)
-- Ryan Tandy <email address hidden> Thu, 05 Mar 2020 12:59:46 -0800
-
openldap (2.4.49+dfsg-1) unstable; urgency=medium
* New upstream release.
- Drop patch no-gnutls_global_set_mutex, applied upstream.
* When validating the DNS domain chosen for slapd's default suffix, set
LC_COLLATE explicitly for grep to ensure character ranges behave as
expected. Thanks to Fredrik Roubert. (Closes: #940908)
* Backport proposed upstream patch to emit detailed messages about errors in
the TLS configuration. (ITS#9086) (Closes: #837341)
* slapd.scripts-common: Delete unused copy_example_DB_CONFIG function.
* Remove debconf support for choosing a database backend. Always use the
LMDB backend for new installs, as recommended by upstream.
* Remove the empty olcBackend section from the default configuration.
* Remove the unused slapd.conf template from /usr/share/slapd. Continue
shipping it as an example in /usr/share/doc/slapd.
* Fix a typo in index-files-created-as-root patch.
Thanks to Quanah Gibson-Mount.
* Annotate slapd's Depends on perl with :any. Fixes installation of
foreign-arch slapd. Thanks to Andreas Hasenack.
* Rename 'stage1' build profile to 'pkg.openldap.noslapd'.
Thanks to Helmut Grohne. (Closes: #949722)
* Drop Build-Conflicts: libicu-dev as upstream's configure no longer tests
for or links with libicu.
* Note ITS#9126 recommendation in slapd.NEWS.
* Update Standards-Version to 4.5.0; no changes required.
-- Ryan Tandy <email address hidden> Thu, 06 Feb 2020 10:08:12 -0800
-
openldap (2.4.48+dfsg-1) unstable; urgency=medium
* New upstream release.
- fixed slapd to restrict rootDN proxyauthz to its own databases
(CVE-2019-13057) (ITS#9038) (Closes: #932997)
- fixed slapd to enforce sasl_ssf ACL statement on every connection
(CVE-2019-13565) (ITS#9052) (Closes: #932998)
- added new openldap.h header with OpenLDAP specific libldap interfaces
(ITS#8671)
- updated lastbind overlay to support forwarding authTimestamp updates
(ITS#7721) (Closes: #880656)
* Update Standards-Version to 4.4.0.
* Add a systemd drop-in to set RemainAfterExit=no on the slapd service, so
that systemd marks the service as dead after it crashes or is killed.
Thanks to Heitor Alves de Siqueira. (Closes: #926657, LP: #1821343)
* Use more entropy for generating a random admin password, if none was set
during initial configuration. Thanks to Judicael Courant.
(Closes: #932270)
* Replace debian/rules calls to dpkg-architecture and dpkg-parsechangelog
with variables provided by dpkg-dev includes.
* Declare R³: no.
* Create a simple autopkgtest that tests installing slapd and connecting to
it with an ldap tool.
* Install the new openldap.h header in libldap2-dev.
-- Ryan Tandy <email address hidden> Thu, 25 Jul 2019 08:32:00 -0700
-
openldap (2.4.47+dfsg-3) unstable; urgency=medium
* Restore patches to contrib Makefiles to set CFLAGS, CPPFLAGS, and LDFLAGS
individually in the relevant command lines instead of overriding OPT. The
change to use OPT caused FTBFS on some ports arches where PIE enablement
uses spec files, by mixing compile-time and link-time flags.
(Closes: #919136)
* Fix architecture-specific path in smbk5pwd's binary-or-shlib-defines-rpath
Lintian override.
* Skip exporting cn=config to LDIF in preinst for upgrades where nothing
needs to be checked in it.
* Update Standards-Version to 4.3.0.
-- Ryan Tandy <email address hidden> Sat, 02 Feb 2019 10:30:10 -0800
-
openldap (2.4.47+dfsg-2) unstable; urgency=medium
* Reintroduce slapi-dev binary package. (Closes: #711469)
Thanks to Florian Schlichting.
* Do not call gnutls_global_set_mutex(). (Closes: #803197)
* Use dh_auto_* to build and install contrib modules.
- Stop patching the clean rule in smbk5pwd's Makefile.
* Explicitly list overlays and man pages installed by slapd package in
slapd.install and slapd.manpages files.
* Set common variables for contrib Makefiles by make(1) command line instead
of patching every Makefile.
* Build and install more contrib plugins in a new slapd-contrib package:
- pw-apr1 and pw-netscape (Closes: #592362)
- pw-pbkdf2 (Closes: #794999)
* Import the slapo-pw-pbkdf2 man page from upstream git master and install
it with the slapd-contrib package.
* Add smbk5pwd to slapd-contrib and turn slapd-smbk5pwd into a transitional
package. Drop smbk5pwd README since it now has a man page which is a
better resource for users.
- Use Breaks to ensure that slapd is not upgraded in between removing the
old smbk5pwd module and installing the new one.
* Include the apr1-atol.pl and apr1-lota.pl helper scripts in the
slapd-contrib package as examples.
* Merge remaining contrib Makefile patches into a single contrib-makefiles
patch.
-- Ryan Tandy <email address hidden> Sat, 12 Jan 2019 11:18:03 -0800
-
openldap (2.4.47+dfsg-1) unstable; urgency=medium
* New upstream release.
- reverted GnuTLS handshake change in libldap as it regressed slapd
(Reopens: #861838)
* Update Standards-Version to 4.2.1.
-- Ryan Tandy <email address hidden> Sun, 23 Dec 2018 12:50:40 -0800
-
openldap (2.4.46+dfsg-5) unstable; urgency=medium
* Restore slapd-smbk5pwd now that libldap is installable in unstable.
This reverts the changes from -3 and -4.
-- Ryan Tandy <email address hidden> Fri, 04 May 2018 16:12:27 -0700
-
openldap (2.4.46+dfsg-4) unstable; urgency=medium
* Disable building the smbk5pwd plugin temporarily.
-- Ryan Tandy <email address hidden> Fri, 04 May 2018 08:06:58 -0700
-
openldap (2.4.46+dfsg-2) unstable; urgency=medium
* Remove version constraint from libldap-2.4-2 dependency on libldap-common.
-- Ryan Tandy <email address hidden> Thu, 03 May 2018 14:16:49 -0700
-
openldap (2.4.46+dfsg-1) unstable; urgency=medium
* Move the repository to Salsa.
Update debian/control Vcs-* fields.
* Remove Matthijs Möhlmann from Uploaders. (Closes: #891308)
Thank you Matthijs for your past contributions.
* New upstream release.
- fixed slapd out-of-sync issue with delta-MMR and memberof overlay
(ITS#8444) (Closes: #877166)
* Rebase patch no-AM_INIT_AUTOMAKE to apply cleanly.
* Drop patch ITS8650-retry-gnutls_handshake-after-GNUTLS_E_AGAIN, applied
upstream.
* Really fix upgrades when the config contains backslash-escaped special
characters. The previous fix was incomplete and didn't fully fix upgrades
involving a database reload. (Closes: #864719)
* Update Standards-Version to 4.1.4.
- Change the Priority of libldap-2.4-2 and libldap-common to optional.
* Change download URL in debian/watch to https. Fixes a Lintian info.
* Override the binary-or-shlib-defines-rpath Lintian tag for slapd-smbk5pwd.
The rpath is set by krb5-config.heimdal; see bug #868840.
-- Ryan Tandy <email address hidden> Thu, 03 May 2018 07:03:30 -0700
-
openldap (2.4.45+dfsg-1) unstable; urgency=medium
* New upstream release.
- fixed a use-after-free in GnuTLS options handling
(ITS#8385) (Closes: #820244) (LP: #1557248)
- fixed unsafe concurrent SASL calls causing memory corruption
(ITS#8648) (Closes: #860947) (LP: #1688575)
- fixed syncrepl infinite looping with multi-master delta-syncrepl
(ITS#8432) (Closes: #868753)
* Rebase patches to apply cleanly:
- do-not-second-guess-sonames
- no-AM_INIT_AUTOMAKE
* Drop patches applied upstream:
- ITS-8554-kFreeBSD-is-like-BSD.patch
- ITS-8644-wait-for-slapd-to-start-in-test064.patch
- ITS-8655-paged-results-double-free.patch
* Upgrade to debhelper compat level 10.
- Depend on debhelper 10.
- Stop enabling parallel and autoreconf explicitly. They are now enabled
by default.
- Drop dh-autoreconf from build-depends since debhelper requires it.
* Add -Wno-format-extra-args to CFLAGS to reduce the noise in the build
logs, as this warning is emitted on each use of the Debug() macro.
* Drop libldap-2.4-4-dbg and slapd-dbg binary packages in favour of
automatic dbgsym packages.
* Update Standards-Version to 4.0.0; no changes required.
* Drop Priority and Section from binary package stanzas when they only
duplicate information from the source stanza.
* Update Priority of slapd-smbk5pwd and libldap2-dev to optional to match
the archive.
* Remove retired developer, Roland Bauerschmidt, from Uploaders.
(Closes: #856422)
* Remove Timo Aaltonen from Uploaders, with his agreement.
* debian/patches/ITS8650-retry-gnutls_handshake-after-GNUTLS_E_AGAIN.patch:
If gnutls_handshake() returns EAGAIN, call it again. Fixes TLS handshake
failures when the ServerHello message exceeds 16K.
(ITS#8650) (Closes: #861838)
* Drop time from Build-Depends. The upstream testsuite no longer calls it.
-- Ryan Tandy <email address hidden> Thu, 27 Jul 2017 18:04:41 -0700
-
openldap (2.4.44+dfsg-8) unstable; urgency=medium
* Disable test060-mt-hot on ppc64el temporarily to avoid failing tests until
the underlying kernel bug #866122 is fixed.
* Fix FTBFS with Heimdal 7.2.0: Drop patch heimdal-fix as the
hdb_generate_key_set_password change was reverted in heimdal. Depend on an
appropriate minimum version of heimdal.
-- Ryan Tandy <email address hidden> Sun, 16 Jul 2017 12:57:41 -0700
-
openldap (2.4.44+dfsg-7) unstable; urgency=medium
* Relax the dependency of libldap-2.4-2 on libldap-common to also permit
later versions. (Closes: #860774)
-- Ryan Tandy <email address hidden> Tue, 27 Jun 2017 18:53:12 -0700
-
openldap (2.4.44+dfsg-6) unstable; urgency=medium
* Update the list of non-translatable strings for the
slapd/ppolicy_schema_needs_update template. Thanks Ferenc Wágner.
* Fix upgrade failure when olcSuffix contains a backslash. (Closes: #864719)
-- Ryan Tandy <email address hidden> Mon, 26 Jun 2017 19:42:02 -0700
-
openldap (2.4.44+dfsg-5) unstable; urgency=medium
* debian/patches/ITS-8644-wait-for-slapd-to-start-in-test064.patch: Fix an
intermittently failing test by waiting for slapd to start before running
tests. (ITS#8644) (Closes: #770890)
* debian/patches/ITS-8655-paged-results-double-free.patch: Fix a double free
in the MDB backend on a search including the Paged Results control with a
page size of 0. (ITS#8655) (Closes: #863563)
-- Ryan Tandy <email address hidden> Sun, 28 May 2017 09:59:46 -0700
-
openldap (2.4.44+dfsg-4) unstable; urgency=medium
* Improve the slapd/ppolicy_schema_needs_update debconf template. Thanks to
Justin B Rye for the review.
* Update Catalan debconf translation. (Closes: #851905)
Thanks to Innocent De Marchi.
* Update Czech debconf translation. (Closes: #852190)
Thanks to Miroslav Kure.
* Update Danish debconf translation. (Closes: #850859)
Thanks to Joe Dalton.
* Update German debconf translation. (Closes: #851480)
Thanks to Helge Kreutzmann.
* Update Basque debconf translation. (Closes: #850812)
Thanks to Iñaki Larrañaga Murgoitio.
* Update French debconf translation. (Closes: #852459)
Thanks to Jean-Pierre Giraud.
* Update Italian debconf translation. (Closes: #852074)
Thanks to Luca Monducci.
* Update Japanese debconf translation. (Closes: #851457)
Thanks to Kenshi Muto.
* Update Dutch debconf translation. (Closes: #852405)
Thanks to Frans Spiesschaert.
* Update Brazilian Portuguese debconf translation. (Closes: #852443)
Thanks to Adriano Rafael Gomes.
* Update Russian debconf translation. (Closes: #850833)
Thanks to Yuri Kozlov.
* Update Slovak debconf translation. (Closes: #850796)
Thanks to Ivan Masár.
* Update Swedish debconf translation. (Closes: #851168)
Thanks to Martin Bagge.
* Update Turkish debconf translation. (Closes: #851470)
Thanks to Atila KOÇ.
* Update Vietnamese debconf translation.
Thanks to Trần Ngọc Quân.
* Update Build-Depends on debhelper to ensure shlibs files are installed at
the expected time during build. (Closes: #854158)
* Update Portuguese debconf translation. (Closes: #859943)
Thanks to Rui Branco and DebianPT.
* Dump the configuration and databases to LDIF before removing slapd, so
that they are available if a newer version requiring migration is
installed later. (Closes: #665199)
* When creating a new configuration with dpkg-reconfigure, back up the old
configuration before overwriting it.
-- Ryan Tandy <email address hidden> Sun, 16 Apr 2017 20:10:43 -0700
-
openldap (2.4.44+dfsg-3) unstable; urgency=medium
* Apply upstream patch to fix FTBFS on kFreeBSD. (Closes: #845394)
* Restore heimdal support to the smbk5pwd overlay.
-- Ryan Tandy <email address hidden> Sun, 01 Jan 2017 19:47:36 -0800
-
openldap (2.4.44+dfsg-2) unstable; urgency=medium
[ Ryan Tandy ]
* Update Standards-Version to 3.9.8; no changes required.
* Enable dh_makeshlibs for libldap-2.4-2. Remove libldap-2.4-2.postinst, now
replaced by the automatic ldconfig trigger.
* Don't execute slapd's override_dh_install when building only
arch-independent packages. (Closes: #845506)
* Override lintian false positives on slapd.README.Debian,
slapd-smbk5pwd.postinst, and slapd-smbk5pwd triggering ldconfig.
* Perform permissions changes in override_dh_fixperms instead of in
override_dh_install.
* Remove manual chmod of schema files since dh_fixperms sets correct
permissions automatically.
* Fix slapd-smbk5pwd failing to upgrade when there are no instances of the
overlay configured.
[ Helmut Grohne ]
* Fix FTCBFS: Pass CC to make explicitly. (Closes: #839251)
-- Ryan Tandy <email address hidden> Thu, 01 Dec 2016 19:40:20 -0800
-
openldap (2.4.44+dfsg-1) unstable; urgency=medium
[ Ryan Tandy ]
* New upstream release.
- Fixed ppolicy not unlocking policy entry after initialization failure
(ITS#7537) (Closes: #702414)
* Drop ITS8240-remove-obsolete-assert.patch, included upstream.
* Update debian/schema/ppolicy.schema to add the pwdMaxRecordedFailure
attribute.
* Update libldap-2.4-2.symbols with new ldap_build_*_req symbols.
* Mark the build target in debian/rules as phony, since the upstream source
includes a build/ directory.
* Correct the list of files to be cleaned for the pw-sha2 contrib module.
* Fix a typo (slpad -> slapd) in the Catalan debconf translation.
* Disable OpenSLP support and remove libslp-dev from Build-Depends.
(Closes: #815364)
* Ensure /var/run/slapd exists when starting slapd, even if the pid file is
somewhere else. Thanks to Dave Beach for the report. (Closes: #815571)
* Create the pidfile directory when starting slapd, but not when running the
init script in other modes.
* Remove support for enabling the obsolete LDAPv2 protocol via debconf.
* debian/copyright: Update the OpenLDAP copyright and license.
* debian/control: Update VCS URIs to the modern canonical form.
* Override Lintian errors about schema files derived from RFC documents.
Copyrightable content has been removed from these files; however, the
copyright notices have been retained to preserve attribution.
* On upgrade, if the cn=config database contains the ppolicy schema, add the
new pwdMaxRecordedFailure attribute to it.
* Add debian/patches/set-maintainer-name to omit the builder's username and
working directory from version strings and thereby make the build
reproducible. Thanks to Daniel Shahaf for the patch. (Closes: #833179)
* Build smbk5pwd without Kerberos support and drop the build-dependency on
heimdal. (Closes: #836885)
* On upgrade, comment the krb5 setting on any instances of the smbk5pwd
overlay in slapd.conf. Require cn=config users to disable krb5 manually
before upgrading.
[ Helmut Grohne ]
* Fix policy 8.2 violation (Closes: #330695)
+ Move /etc/ldap/ldap.conf and manpage to new package libldap-common.
-- Ryan Tandy <email address hidden> Mon, 14 Nov 2016 18:59:30 -0800
-
openldap (2.4.42+dfsg-2) unstable; urgency=medium
[ Ryan Tandy ]
* Change explicit Pre-Depends: multiarch-support to ${misc:Pre-Depends}, as
recommended by lintian.
* Omit slapd, slapd-dbg, and slapd-smbk5pwd from the stage1 build profile.
This allows the dependency loop with heimdal to be broken for
bootstrapping, and the dependency on libperl-dev to be avoided for
cross-building. Thanks Daniel Schepler and Helmut Grohne.
(Closes: #724518)
* Apply wrap-and-sort to the Build-Depends field.
* Drop libncurses5-dev from Build-Depends, no longer needed since the ud
tool was removed in OpenLDAP 2.1.4.
* Drop libltdl3-dev as an alternate Build-Depends, since that package was
removed after lenny.
* Annotate Build-Depends on perl with :any to allow running the system perl
interpreter during cross builds.
* Ensure CC is set correctly for cross builds. Thanks Helmut Grohne.
* Build-Depend on dpkg-dev (>= 1.17.14) and debhelper (>= 9.20141010) for
restriction formula support.
* Override the 'dev-pkg-without-shlib-symlink' lintian tag. The symlink is
actually in the form libldap_r.so -> libldap_r-2.4.so.xyz and the tag is a
false positive; see #687022.
* Include the smbk5pwd man page in the slapd-smbk5pwd package.
* Allow anonymous read access to the shadowLastChange attribute by default,
allowing nss-ldap/nss-ldapd to handle password expiry correctly even when
bound anonymously. This was the only restricted shadow attribute, the
others were already world-readable. (Closes: #669235)
* Drop the redundant default ACL for dn.base="" from the database entry.
It's already covered by the fallback case below.
* Copy more comments from the slapd.conf template to slapd.init.ldif. Also
comment the shadowLastChange access rule.
* Import upstream patch to remove an unnecessary assert(0) that could be
triggered remotely by an unauthenticated user by sending a malformed BER
element. (ITS#8240)
[ Peter Marschall ]
* Add a manual page slapo-smbk5pwd.5 and update smbk5pwd's Makefile to
install the new manual page. (Closes: #794998)
-- Ryan Tandy <email address hidden> Thu, 10 Sep 2015 20:13:17 -0700
-
openldap (2.4.42+dfsg-1) unstable; urgency=medium
[ Peter Marschall ]
* slapd.scripts-common:
- Use update_permissions instead of direct calls to chown and chgrp.
- Make variables only used within a function local to that function.
- Restore databases ordered by increasing suffix path length.
This should help configurations with databases glued together using the
'subordinate' keyword / 'olcSubordinate' attribute in slapd's
configuration.
(Closes: #794996)
* Install slapo-lastbind.5 man page. (Closes: #794997)
[ Ryan Tandy ]
* slapd.scripts-common: Delete an outdated comment.
* New upstream release.
* Enable the MDB backend again on GNU/kFreeBSD. The new pthread library
provides all the required interfaces, and the test suite now passes.
Leave it disabled on the Hurd. LMDB requires POSIX semaphores, which have
not yet been implemented.
* Disable the BDB/HDB backends on the Hurd. BDB requires record locks
(F_SETLK), which have not yet been implemented; see #693971.
-- Ryan Tandy <email address hidden> Fri, 21 Aug 2015 13:07:51 -0700
-
openldap (2.4.41+dfsg-1) unstable; urgency=medium
* New upstream release.
* Update patches for upstream changes, drop patches included upstream.
* debian/rules: Adjust get-orig-source target to add +dfsg to version.
* Convert to source format 3.0 (quilt).
* debian/slapd.scripts-common: Fix nesting of fold markers.
-- Ryan Tandy <email address hidden> Wed, 08 Jul 2015 21:07:24 -0700
-
openldap (2.4.40+dfsg-2) unstable; urgency=medium
* Actually install libldap-2.4-2.symbols.
* Update Standards-Version to 3.9.6.
* Build-Depend on debhelper (>= 9) to fix a Lintian warning.
* Import upstream patch to fix FTBFS with gcc-5. (Addresses #778045)
-- Ryan Tandy <email address hidden> Sun, 28 Jun 2015 20:40:37 -0700
-
openldap (2.4.40+dfsg-1) unstable; urgency=medium
* Remove inetorgperson.schema from the upstream source. Replace it with a
copy stripped of RFC text. (Closes: #780283)
* Adjust debian/watch for +dfsg versioning.
* debian/patches/ITS7975-fix-mdb-onelevel-search.patch: Import upstream
patch to fix scope=onelevel searches wrongly including the search base in
results under the MDB backend. (ITS#7975) (Closes: #782212)
-- Ryan Tandy <email address hidden> Thu, 09 Apr 2015 08:38:38 -0700
-
openldap (2.4.40-4) unstable; urgency=medium
* debian/patches/ITS8027-deref-reject-empty-attr-list.patch: Import upstream
patch to fix a crash when a search includes the Deref control with an
empty attribute list. (ITS#8027) (CVE-2015-1545, Closes: #776988)
* debian/patches/ITS8046-fix-vrFilter_free-crash.patch: Import upstream
patch to fix a double free triggered by certain search queries using the
Matched Values control. (ITS#8046) (CVE-2015-1546, Closes: #776991)
-- Ryan Tandy <email address hidden> Sun, 08 Feb 2015 20:19:11 +0000
-
openldap (2.4.40-3) unstable; urgency=medium
* Remove trailing spaces from slapd.templates.
* Update Vietnamese debconf translation.
Thanks to Trần Ngọc Quân.
* Update Danish debconf translation.
Thanks to Joe Hansen. (Closes: #766848)
* Update Japanese debconf translation.
Thanks to Kenshi Muto. (Closes: #766824)
* Update Russian debconf translation.
Thanks to Yuri Kozlov. (Closes: #766825)
* Update Basque translation.
Thanks to Iñaki Larrañaga Murgoitio. (Closes: #767070)
* Update French debconf translation.
Thanks to Christian Perrier. (Closes: #767634)
* Update German debconf translation.
Thanks to Helge Kreutzmann. (Closes: #767686)
* Update Portuguese debconf translation.
Thanks to Ricardo Silva. (Closes: #768085)
* Update Italian debconf translation.
Thanks to Luca Monducci. (Closes: #768195)
* Update Turkish debconf translation.
Thanks to Atila KOÇ. (Closes: #768409)
* Update Czech debconf translation.
Thanks to Miroslav Kure. (Closes: #768591)
* Update Catalan debconf translation.
Thanks to Innocent De Marchi. (Closes: #768605)
* Update Dutch debconf translation.
Thanks to Frans Spiesschaert. (Closes: #769024)
* Update Brazilian Portuguese debconf translation.
Thanks to Adriano Rafael Gomes. (Closes: #769717)
* Update Galician debconf translation.
Thanks to Jorge Barreiro.
* Update Swedish debconf translation.
Thanks to Martin Bagge / brother. (Closes: #769867)
* Update Spanish debconf translation.
Thanks to Camaleón. (Closes: #770715)
* Fix doubled spaces in po files, caused by trailing spaces in the templates
file.
* Run debconf-updatepo to refresh PO files.
-- Ryan Tandy <email address hidden> Sun, 23 Nov 2014 10:33:10 -0800
-
openldap (2.4.40-2) unstable; urgency=medium
* Fix typo (chmod/chgrp) in previous changelog, spotted by Ferenc Wagner.
* debian/patches/contrib-modules-use-dpkg-buildflags: Also use CPPFLAGS from
dpkg-buildflags. Spotted by Lintian.
* debian/slapd.init.ldif: Don't bother explicitly granting rights to the
rootdn, since it already has unlimited privileges. Thanks Ferenc Wagner.
* Recommend MDB for new installations, per upstream's recommendation.
* Don't re-create the default DB_CONFIG if there wasn't one in the backup,
for example if the active backend doesn't use it. Thanks Ferenc Wagner.
* On upgrade, if an access rule begins with "to * by self write", show a
debconf note warning that it should be changed. (Closes: #761406)
* Build and install the lastbind contrib module. (Closes: #701111)
* Build and install the passwd/sha2 contrib module. (Closes: #746727)
-- Ryan Tandy <email address hidden> Mon, 20 Oct 2014 22:19:24 -0700
-
openldap (2.4.40-1) unstable; urgency=low
[ Ryan Tandy ]
* New upstream release.
- fixed ldap_get_dn(3) ldap_ava definition (ITS#7860) (Closes: #465024)
- fixed slapcat with external schema (ITS#7895) (Closes: #599235)
- fixed double free with invalid ciphersuite (ITS#7500) (Closes: #640384)
- fixed modrdn crash on naming attr with no matching rule (ITS#7850)
(Closes: #666515)
- fixed slapacl causing unclean database (ITS#7827) (Closes: #741248)
* slapd.scripts-common:
- Anchor grep patterns to avoid matching commented lines in ldif files
under cn=config. (Closes: #723957)
- Don't silently ignore nonexistent directories that should be dumped.
- Invoke find, chmod, and chown with -H in case /var/lib/ldap is a
symlink. (Closes: #742862)
- When upgrading a database, ignore extra nested directories as they might
contain other databases. Patch from Kenny Millington. (LP: #1003854)
- Fix dumping and reloading when multiple databases hold the same suffix,
thanks Peder Stray. (Closes: #759596, LP: #1362481)
- Remove trailing dot from slapd/domain. (Closes: #637996)
* debian/rules:
- Enable parallel building.
- Copy libldap-2.4-2.shlibs into place manually, as a workaround for
#676168. (Closes: #742841)
* debian/slapd.README.Debian: Add a note about database format upgrades and
the consequences of missing one. (Closes: #594711)
* Build with GnuTLS 3 (Closes: #745231, #760559).
* Drop debian/patches/fix-ftbfs-binutils-gold, no longer needed.
* Drop debconf-utils from Build-Depends, no longer used (replaced by
po-debconf). Thanks Johannes Schauer.
* Acknowledge NMU fixing #729367, thanks to Michael Gilbert.
* Offer the MDB backend as a choice during initial configuration. (Closes:
#750022)
* debian/slapd.init.ldif:
- Disallow modifying one's own entry by default, except specific
attributes. (Closes: #761406)
- Index some more common search attributes by default. (Closes: #762111)
* Introduce a symbols file for libldap-2.4-2.
* debian/schema/pmi.schema: Add a copyright clarification. There does not
appear to be any copyrighted text in this file, only ASN.1 assignments and
LDAP schema definitions. Fixes a Lintian error on the original.
* debian/schema/duaconf.schema: Strip Internet-Draft text from
duaconf.schema.
* Drop debian/patches/CVE-2013-4449.patch, applied upstream.
* Update debian/patches/no-AM_INIT_AUTOMAKE with upstream changes.
* debian/schema/ppolicy.schema: Update with ordering rules added in
draft-behera-ldap-password-policy-11.
* Suggest GSSAPI SASL modules. (Closes: #762424)
* debian/patches/ITS6035-olcauthzregex-needs-restart.patch: Document in
slapd-config.5 the fact that changes to olcAuthzRegexp only take effect
after the server is restarted. (Closes: #761407)
* Add myself to Uploaders.
[ Jelmer Vernooij ]
* Depend on heimdal-multidev rather than heimdal-dev. (Closes: #745356,
#706123)
[ Updated debconf translations ]
* Turkish, thanks to Atila KOÇ <email address hidden>.
(Closes: #661641)
-- Ryan Tandy <email address hidden> Fri, 17 Oct 2014 08:19:28 -0700
-
openldap (2.4.39-1.1) unstable; urgency=high
* Non-maintainer upload by the Security Team.
* Fix CVE-2013-4449: reference counting logic issue (closes: #729367).
-- Michael Gilbert <email address hidden> Sat, 09 Aug 2014 09:26:51 +0000
-
openldap (2.4.39-1) unstable; urgency=low
[ Peter Marschall ]
* debian/patches/wrong-database-location: fix database location in
doc/man/man5/slapd-mdb.5
* debian/configure.options: add info on --enable-mdb
[ Russ Allbery ]
* Remove myself from Uploaders.
[ Steve Langasek ]
* Remove Stephen Frost from Uploaders, per discussion with him. Thanks for
your contributions, Stephen!
* Adjust dh_autoreconf usage to update all config.sub/config.guess
instances in the source, so that we can be forwards-compatible with new
ports. Thanks to Colin Watson <email address hidden> for the patch.
Closes: #725824.
* Add Timo to Uploaders.
* Update Vcs-* fields to point at the new git repo; thanks to Timo for
driving this migration!
* Rebuild against db5.3, with a corresponding dump/restore of the database
on upgrade. Closes: #738641.
[ Timo Aaltonen ]
* contrib-modules-use-dpkg-buildflags, autogroup-makefile,
smbk5pwd-makefile:
- Updated for current upstream.
* Refresh patches to apply cleanly.
* rules: Use dpkg-parsechangelog to determine the upstream version for
get-orig-source.
* source: Add lintian overrides for non-transatable internal
templates.
-- Steve Langasek <email address hidden> Mon, 17 Mar 2014 15:27:31 -0700
-
openldap (2.4.31-1+nmu2) unstable; urgency=high
* Non-maintainer upload.
* No-change rebuild in a clean environment
-- Jonathan Wiltshire <email address hidden> Tue, 23 Apr 2013 13:10:00 +0100
-
openldap (2.4.31-1+nmu1) unstable; urgency=medium
* Non-maintainer upload.
* Avoid deadlocks in back-bdb that truncate slapcat output (closes: #673038).
-- Michael Gilbert <email address hidden> Tue, 16 Apr 2013 03:35:31 +0000
-
openldap (2.4.31-1) unstable; urgency=low
* New upstream release.
- Fixes a denial of service attack, CVE-2012-1164, when using the rwm
overlay. Closes: #663644.
- Fixes a bug with ldap_result always returning -1 when called from
sssd. Closes: #666230.
- Fix a build failure on armel due to unaligned memory access.
Closes: #677158.
* Incorporate NMU (thanks, Julien Cristau, Mattias Ellert):
- Disable the mdb backend on non-Linux, it looks like it doesn't work
with linuxthreads (closes: #654824).
- Backport fix for shell backend configuration. Closes: #662940.
[ Peter Marschall ]
* debian/slapd.scripts-common: avoid grep warnings
* debian/patches/heimdal-fix: fix arguments of
hdb_generate_key_set_password(). Closes: #664930
[ Steve Langasek ]
* debian/patches/contrib-modules-use-dpkg-buildflags: pass CFLAGS to
contrib builds. Thanks to Simon Ruderich <email address hidden>.
Closes: #663724.
-- Steve Langasek <email address hidden> Wed, 27 Jun 2012 03:27:34 +0000
-
openldap (2.4.28-1.3) unstable; urgency=low
* Non-maintainer upload.
* Add patch for change in heimdal header. Closes: 664930.
-- Mattias Ellert <email address hidden> Sat, 07 Apr 2012 06:51:20 +0200
-
openldap (2.4.28-1.2) unstable; urgency=low
* Non-maintainer upload.
* Backport fix for shell backend configuration. Closes: #662940.
-- Mattias Ellert <email address hidden> Wed, 14 Mar 2012 21:31:21 +0100
-
openldap (2.4.28-1.1) unstable; urgency=low
* Non-maintainer upload.
* Disable the mdb backend on non-Linux, it looks like it doesn't work with
linuxthreads (closes: #654824).
-- Julien Cristau <email address hidden> Mon, 16 Jan 2012 19:45:42 +0100
-
openldap (2.4.28-1) unstable; urgency=low
* New upstream release.
- Fixes CVE-2011-4079. Closes: #647610.
- Fixes support for proxy authorization with SASL-GSSAPI.
Closes: #608815.
- Drop patch service-operational-before-detach, which came from upstream.
- Drop patch fix-its6898-locking-issue, included upstream.
- Refresh other patches as needed.
* debian/slapd.scripts-common: quote the argument to slappasswd, to cope
with shell characters in the string. Thanks to Nicolai Ehemann
<email address hidden> for the patch. Closes: #635931.
* Install ldif.h in libldap2-dev, now that it's been blessed upstream.
Closes: #644985.
* debian/patches/no-bdb-ABI-second-guessing: don't force an exact match on
the upstream version of libdb; this is redundant with our packaging
system, and causes spurious errors when there's a non-ABI-breaking
BDB upstream release. Closes: #651333.
* Build-conflict with the ancient autoconf2.13, which is incompatible with
dh-autoreconf. (Maybe dh-autoreconf itself should conflict with it?)
Closes: #651598.
[ Updated debconf translations ]
* Dutch, thanks to Jeroen Schot <email address hidden>. Closes: #651400.
-- Steve Langasek <email address hidden> Thu, 05 Jan 2012 06:07:11 +0000
-
openldap (2.4.25-4) unstable; urgency=low
* Drop explicit depends on libdb4.8, since we're now linking against
libdb5.1. Thanks to Peter Marschall for catching. Closes: #621403
again.
* Rebuild against cyrus-sasl2 2.1.25. Closes: #628237.
* Use dh_autoreconf instead of a locally-patched autogen.sh.
* debian/patches/no-AM_INIT_AUTOMAKE: don't use AM_INIT_AUTOMAKE macro
when we aren't using automake.
* Convert debian/rules to dh(1).
* use DEB_CFLAGS_MAINT_APPEND with appropriate versioned dependency on
debhelper and dpkg-dev, so we can pick up dpkg-buildflags for our
policy-mandated flags - as well as our security-enhancing ones!
Closes: #644427.
* Also set hardening=+pie,+bindnow buildflags options for maximum
security, since this is a security-sensitive daemon dealing with
untrusted input. Ubuntu has been building with these flags for a
while via hardening-wrappers, so the change is presumed safe.
* Drop debian/check_config. The upstream configure script now enforces
--with-cyrus-sasl, so there's no need for a second check.
* debian/po/es.po: tweak an ambiguous string in the Spanish debconf
translation, noticed in response to a submitted Catalan translation
* debian/patches/switch-to-lt_dlopenadvise-to-get-RTLD_GLOBAL-set.diff:
Switch to lt_dlopenadvise() so back_perl can be opened with RTLD_GLOBAL.
Thanks to Jan-Marek Glogowski <email address hidden> for the
patch. Closes: #327585.
[ Updated debconf translations ]
* Catalan, thanks to Innocent De Marchi <email address hidden>.
Closes: #644274.
-- Steve Langasek <email address hidden> Tue, 18 Oct 2011 01:08:34 +0000
-
openldap (2.4.25-3) unstable; urgency=low
* Brown paper bag: really fix the .links.in handling, so we don't generate
broken /usr/lib/${DEB_HOST_MULTIARCH} dirs.
-- Steve Langasek <email address hidden> Mon, 15 Aug 2011 09:50:37 +0000
-
openldap (2.4.25-2) unstable; urgency=low
[ Matthijs Möhlmann ]
* Change to bdb 5.1 (Closes: #621403)
* Add note to ldap-utils package how to unfold lines. (Closes: #530519)
(Thanks to Peter Marschall and Javier Barroso)
[ Steve Langasek ]
* Acknowledge NMU for bug #596343; thanks to Thijs Kinkhorst for the fix!
* Bump to compat level 7, so we don't have to spell out debian/tmp in
every single .install file
* Build for multiarch.
-- Steve Langasek <email address hidden> Sun, 14 Aug 2011 23:17:09 -0700
-
openldap (2.4.25-1.1) unstable; urgency=low
* Non-maintainer upload to fix RC bug. * Fix "dpkg-reconfigure slapd". Closes: #596343 -- Thijs Kinkhorst <email address hidden> Tue, 31 May 2011 11:57:29 +0200
-
openldap (2.4.25-1) unstable; urgency=low
* New upstream version (Closes: #617606, #618904, #606815, #608813) - Fixes CVE-2011-1024, CVE-2011-1025, CVE-2011-1081 - slapd server process frequently hangs during everyday usage is fixed in newer versions of openldap according to the bug submitter * Refresh all patches * Remove manpage-tlscyphersuite-additions, applied upstream * Remove issue-6534-patch, applied upstream * Add Slovak translation, thanks Slavko <email address hidden> (Closes: #608699) * Add debian specific patch for ldap.conf. Add TLS_CACERT option and set it by default to /etc/ssl/certs/ca-certificates.crt (Closes: #555409, #616703) * Add patch to fix a FTBFS with binutils-gold (Closes: #555867) * Add slapschema, just hardlink it (Closes: #601569) * Update patch service-operational-before-detach (Closes: #616164, #598361) * Add ldif_* symbols to libldap-2.4-2 * Add upstream patch for a locking issue in libldap_r * Fix build failure, use @SHELL@ instead of hardcoded /bin/sh (build/top.mk) (Closes: #621925) -- Matthijs Möhlmann <email address hidden> Mon, 11 Apr 2011 22:10:14 +0200
-
openldap (2.4.23-7) unstable; urgency=low
* Updated vietnamese translation, thanks Clytie Siddall
(Closes: #601537, #598575)
* Updated portuguese translation, thanks Traduz (Closes: #599760)
* Updated danish translation, thanks Joe Dalton (Closes: #599835)
-- Matthijs Mohlmann <email address hidden> Sat, 06 Nov 2010 12:13:01 +0100
-
openldap (2.4.23-6) unstable; urgency=high
* Check for an empty directory to prevent an rm -f /*. (Closes: #597704)
-- Matthijs Mohlmann <email address hidden> Thu, 23 Sep 2010 10:17:50 +0200
-
openldap (2.4.23-5) unstable; urgency=high
[ Steve Langasek ]
* High-urgency upload for RC bugfix.
* debian/slapd.scripts-common: fix gratuitous (and wrong) use of grep in
get_suffix(), which causes us to incorrectly parse any slapd.conf that
uses tabs instead of spaces. Closes: #595672.
* debian/slapd.init, debian/slapd.scripts-common: when $SLAPD_CONF is not
set in /etc/default/slapd, we should always set a default value, giving
precedence to slapd.d and falling back to slapd.conf. Users who don't
want to use an existing slapd.d should point at slapd.conf explicitly.
Closes: #594714, #596343.
* debian/slapd.init: 'invoke-rc.d slapd stop' should not fail due to the
absence of a slapd configuration; we should still exit 0 so that the
package can be removed gracefully. Closes: #596100.
* drop build-conflicts with libssl-dev; we explicitly pass
--with-tls=gnutls to configure, so there's no risk of a misbuild here.
* debian/slapd.default: now that we have a sensible default behavior in
both slapd.init and the maintainer scripts, leave SLAPD_CONF empty to
save pain later.
* debian/slapd.scripts-common: ... and do the same in
migrate_to_slapd_d_style, we just need to comment out the user's
previous entry instead of blowing it away.
* debian/slapd.scripts-common: call get_suffix in a way that lets us
separate responses by newlines, to properly handle the case when a
DN has embedded spaces. Introduces a few more stupid fd tricks to work
around possible problems with debconf. Closes: #595466.
* debian/slapd.scripts-common: when parsing the names of includes, handle
double-quotes and escape characters as described in slapd.conf(5).
Closes: #595784.
* debian/slapd.scripts-common, debian/slapd.postinst: on upgrade from
versions <= 2.4.23-4, explicitly grant access to cn=Subschema, which
otherwise is blocked by our added olcAccess settings. Closes: #596326.
* debian/slapd.init.ldif: set the acl in the default LDIF for new installs,
too.
* Likewise, grant access to dn.exact="" so that base dn autodiscovery
works as intended. Closes: #596049.
* debian/slapd.init.ldif: synchronize our behavior on new installs with
that on upgrades, avoiding the non-standard cn=localroot,cn=config.
* debian/slapd.scripts-common: don't run the migration code if slapd.d
already exists. Closes: #593965.
[ Matthijs Mohlmann ]
* Remove upgrade_supported_from_backend, implemented patch from
Peter Marschall <email address hidden> to automatically detect if an upgrade is
supported. (Closes: #594712)
[ Peter Marschall ]
* debian/slapd.init: correctly set the slapd.conf argument even when
SLAPD_PIDFILE is non-empty in /etc/default/slapd. Closes: #593880.
* debian/slapd.scripts-common: pass -g to slapadd/slapcat, so that
subordinate databases aren't incorrectly included in the dump/restore of
the parent database. Closes: #594821.
-- Steve Langasek <email address hidden> Mon, 13 Sep 2010 06:59:11 +0000
-
openldap (2.4.23-4) unstable; urgency=low
[ Steve Langasek ]
* Bump the database upgrade version check to 2.4.23-4; should have been
set to 2.4.23-1 when we switched to db4.8, but was missed so we need to
clean up. Closes: #593550.
[ Matthijs Mohlmann ]
* Fix root access to cn=config on upgrades from configuration style slapd.conf
Thanks to Mathias Gug (Closes: #593566, #593878)
-- Matthijs Mohlmann <email address hidden> Thu, 26 Aug 2010 20:30:51 +0200
-
openldap (2.4.23-3) unstable; urgency=low
* Configure the newly installed openldap package using slapd.d instead of
slapd.conf, merged from ubuntu. (Closes: #562723, #494155, #333428)
* Update the debconf templates by running debconf-updatepo.
* We do not support upgrades from older releases then lenny, so removed some
upgrade functions from slapd.scripts-common.
* Updated japanese translation, thanks Kenshi Muto (Closes: #589508)
* Updated czech translation, thanks Miroslav Kure (Closes: #589569)
* Update slapd.README.Debian and slapd.NEWS and note the new configuration
style.
* Fixes CVE-2010-0211 and CVE-2010-0212 (Closes: #589852)
* Update italian translation, thanks Luca Monducci (Closes: #590154)
* Update spanish translation, thanks Francisco Javier Cuadrado
(Closes: #590829)
* Update basque translation, thanks Iñaki Larrañaga Murgoitio
* Bump Standards-Version to 3.9.1
* Added debian specific patch to wait until slapd is operational before
detaching to the terminal (Closes: #589915)
* Add a lintian overrides for libldap.
* Empty dependency_libs line in .la files. (Closes: #591550)
* Update galician translation, thanks Jorge Barreiro (Closes: #592815)
-- Matthijs Mohlmann <email address hidden> Tue, 17 Aug 2010 22:00:16 +0200
-
openldap (2.4.23-2) unstable; urgency=medium
* Depend on libdb4.8 >= 4.8.30 (Closes: #588969)
* Urgency previous as previous version fixes a RC bug.
-- Matthijs Mohlmann <email address hidden> Wed, 14 Jul 2010 10:17:27 +0200
-
openldap (2.4.23-1) unstable; urgency=low
* New upstream version
* Change to build dependency libdb4.8-dev instead of libdb4.7-dev
* Updated french translation thanks Christian Perrier (Closes: #579192)
* Updated swedish translation thanks Martin Bagge (Closes: #580145)
* Updated german translation thanks Helge Kreutzmann (Closes: #579582)
* Updated russian translation thanks Yuri Kozlov (Closes: #585688)
* Fix bashisms in debian/rules (Closes: #581454)
* Add documentation patch (Closes: #513270)
* Refreshed all quilt patches.
* Bump Standards-Version to 3.9.0
-- Matthijs Mohlmann <email address hidden> Mon, 12 Jul 2010 13:25:00 +0200
-
openldap (2.4.21-1) unstable; urgency=low
[ Steve Langasek ]
* New upstream version
(Closes: #561144, #465024, #502769, #528695, #564686, #504728)
* Add upstream manpage for ldapexop; thanks to Peter Marschall
<email address hidden>. Closes: #549291.
[ Matthijs Mohlmann ]
* Ack NMU (Closes: #553432)
* Update Standards-Version to 3.8.4
* Fix NEWS entry to have the correct version number
* Improve the wording for the slapd/invalid_config question (Closes: #452834)
* Make lintian a bit more happy (Closes: #518660)
* Fix bashism (Closes: #518657)
* Refresh all patches
* Add patch from upstream (Closes: #549642)
* Reworked the configure.options a bit to include some more options
* Enable dynamic acls
* Use slappasswd to create a secure password (Closes: #490930)
* Set a rootdn and rootpw if no password is given by debconf (Closes: #231950)
* Better document the TLSCipherSuite in slapd.conf manpage (Closes: #563113)
* Better document the TLS_CIPHER_SUITE in ldap.conf manpage (Closes: #510346)
* Add smbk5pwd slapd module, used patch from Mark Hymers (Closes: #443073)
* Add autogroup slapd module, used patch from Mathieu Parent (Closes: #575900)
* Add lsb logging, used patch from David Härdeman (Closes: #385898)
* Use dh_lintian to install the lintian-overrides
* Added critical error report when slapcat fails (Closes: #226090)
-- Matthijs Mohlmann <email address hidden> Thu, 22 Apr 2010 23:40:30 +0200
-
openldap (2.4.17-2.1) unstable; urgency=high
* Non-maintainer upload by the Security Team.
* Fixed CVE-2009-3767: libraries/libldap/tls_o.c doesn't properly handle NULL
character in subject Common Name (Closes: #553432)
-- Giuseppe Iuculano <email address hidden> Tue, 10 Nov 2009 19:09:45 +0100
-
openldap (2.4.17-2) unstable; urgency=low
* Fix up the lintian warnings:
- add missing misc-depends on all packages
- slapd, libldap-2.4-2-dbg sections changed to 'debug' to match archive
overrides
- bump Standards-Version to 3.8.2, no changes required.
* slapd.scripts-common: fix upgrade to correctly handle multiple database
declarations; thanks, Peter Marschall <email address hidden>! Closes: #517556
* Add 'status' argument to init script; thanks to Peter Eisentraut
<email address hidden>. Closes: #545898.
* New patch, do-not-second-guess-sonames, to remove an incorrect check for
the Cyrus SASL version number at runtime. If there's any reason this is
needed, it needs to be addressed in the cyrus-sasl soname and Debian
shlibs, not here. Closes: #546885.
-- Steve Langasek <email address hidden> Tue, 22 Sep 2009 20:06:34 -0700
-
openldap (2.4.17-1) unstable; urgency=low
* New upstream version.
- Fixes FTBFS on ia64 with -fPIE. Closes: #524770.
- Fixes some TLS issues with GnuTLS. Closes: #505191.
* Update priority of libldap-2.4-2 to match the archive override.
* Add the missing ldapexop and ldapurl tools to ldap-utils, as well as the
ldapurl(1) manpage. Thanks to Peter Marschall for the patch.
Closes: #496749.
* Bump build-dependency on debhelper to 6 instead of 5, since that's
what we're using. Closes: #498116.
* Set the default SLAPD_SERVICES to ldap:/// ldapi:///, instead of using
the built-in default of ldap:/// only.
* Build-depend on libltdl-dev | libltdl3-dev (>= 1.4.3), for the package
name change. Closes: #522965.
[ Updated debconf translations ]
* Spanish, thanks to Francisco Javier Cuadrado <email address hidden>.
Closes: #521804.
-- Steve Langasek <email address hidden> Tue, 28 Jul 2009 10:17:15 -0700
-
openldap (2.4.15-1.1) unstable; urgency=low
* Non-maintainer upload.
* Change libltdl3-dev Build-Depends to libltdl-dev | libltdl3-dev
(Closes: #522965)
-- Kurt Roeckx <email address hidden> Sun, 19 Apr 2009 18:24:32 +0200
-
openldap (2.4.15-1) unstable; urgency=low
* New upstream version
- Fixes a bug with the pcache overlay not returning cached entries
(closes: #497697)
- Update evolution-ntlm patch to apply to current Makefiles.
- (tentatively) drop gnutls-ciphers, since this bug was reported to be
fixed upstream in 2.4.8. The fix applied in 2.4.8 didn't match the
patch from the bug report, so this should be watched for regressions.
* Build against db4.7 instead of db4.2 at last! Closes: #421946.
* Build with --disable-ndb, to avoid a misbuild when libmysqlclient is
installed in the build environment.
* Add -D_GNU_SOURCE to CFLAGS, apparently required for building with
current headers in unstable
-- Steve Langasek <email address hidden> Tue, 24 Feb 2009 14:27:35 -0800
-
openldap (2.4.11-1) unstable; urgency=low
* New upstream version (closes: #499560).
- Fixes a crash with syncrepl and delcsn (closes: #491066).
- Fix CRL handling with GnuTLS (closes: #498410).
- Drop patches no_backend_inter-linking,
CVE-2008-2952_BER-decoding-assertion, and gnutls-ssf, applied
upstream.
[ Russ Allbery ]
* New patch, back-perl-init, which updates the calling conventions
around initialization and shutdown of the Perl interpreter to match
the current perlembed recommendations. Fixes probable hangs on HPPA
in back-perl. Thanks, Niko Tyni. (Closes: #495069)
[ Steve Langasek ]
* Drop the conflict with libldap2, which is not the standard means of
handling symbol conflicts in Debian and which causes serious upgrade
problems from etch. Closes: #487211.
-- Steve Langasek <email address hidden> Sat, 11 Oct 2008 01:53:55 -0700
