Ubuntu
openldap package

openldap 2.4.48+dfsg-1ubuntu1 source package in Ubuntu

Changelog

openldap (2.4.48+dfsg-1ubuntu1) eoan; urgency=medium

  * Merge with Debian unstable. Remaining changes:
    - Enable AppArmor support:
      - d/apparmor-profile: add AppArmor profile
      - d/rules: use dh_apparmor
      - d/control: Build-Depends on dh-apparmor
      - d/slapd.README.Debian: add note about AppArmor
    - Enable GSSAPI support:
      - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
        - Add --with-gssapi support
        - Make guess_service_principal() more robust when determining
          principal
      - d/configure.options: Configure with --with-gssapi
      - d/control: Added heimdal-dev as a build depend
      - d/rules:
        - Explicitly add -I/usr/include/heimdal to CFLAGS.
        - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
    - Enable ufw support:
      - d/control: suggest ufw.
      - d/rules: install ufw profile.
      - d/slapd.ufw.profile: add ufw profile.
    - Enable nss overlay:
      - d/rules:
        - add nssov to CONTRIB_MODULES
        - add sysconfdir to CONTRIB_MAKEVARS
      - d/slapd.install:
        - install nssov overlay
      - d/slapd.manpages:
        - install slapo-nssov(5) man page
    - d/{rules,slapd.py}: Add apport hook.
    - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
      either the default DIT nor via an Authn mapping.
    - d/slapd.scripts-common:
      - add slapcat_opts to local variables.
      - Fix backup directory naming for multiple reconfiguration.
    - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
    - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
      in the openldap library, as required by Likewise-Open
    - Show distribution in version:
      - d/control: added lsb-release
      - d/patches/fix-ldap-distribution.patch: show distribution in version
    - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
      - CLDAP (UDP) was added in 2.4.17-1ubuntu2
      - GSSAPI support was enabled in 2.4.18-0ubuntu2
    - d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
      Debian bug #919136, we also have to patch the nssov makefile
      accordingly and thus update this patch.
  * Dropped:
    - Fix sysv-generator unit file by customizing parameters (LP #1821343)
      + d/slapd-remain-after-exit.conf: Override RemainAfterExit to allow
        correct systemctl status for slapd daemon.
      + d/slapd.install: place override file in correct location.
      [Included in 2.4.48+dfsg-1]
    - SECURITY UPDATE: rootDN proxyauthz not restricted to its own databases
      + debian/patches/CVE-2019-13057-1.patch: add restriction to
        servers/slapd/saslauthz.c.
      + debian/patches/CVE-2019-13057-2.patch: add tests to
        tests/data/idassert.out, tests/data/slapd-idassert.conf,
        tests/data/test-idassert1.ldif, tests/scripts/test028-idassert.
      + debian/patches/CVE-2019-13057-3.patch: fix typo in
        tests/scripts/test028-idassert.
      + debian/patches/CVE-2019-13057-4.patch: fix typo in
        tests/scripts/test028-idassert.
      + CVE-2019-13057
      [Fixed upstream]
    - SECURITY UPDATE: SASL SSF not initialized per connection
      + debian/patches/CVE-2019-13565.patch: zero out sasl_ssf in
        connection_init in servers/slapd/connection.c.
      + CVE-2019-13565
      [Fixed upstream]

openldap (2.4.48+dfsg-1) unstable; urgency=medium

  * New upstream release.
    - fixed slapd to restrict rootDN proxyauthz to its own databases
      (CVE-2019-13057) (ITS#9038) (Closes: #932997)
    - fixed slapd to enforce sasl_ssf ACL statement on every connection
      (CVE-2019-13565) (ITS#9052) (Closes: #932998)
    - added new openldap.h header with OpenLDAP specific libldap interfaces
      (ITS#8671)
    - updated lastbind overlay to support forwarding authTimestamp updates
      (ITS#7721) (Closes: #880656)
  * Update Standards-Version to 4.4.0.
  * Add a systemd drop-in to set RemainAfterExit=no on the slapd service, so
    that systemd marks the service as dead after it crashes or is killed.
    Thanks to Heitor Alves de Siqueira. (Closes: #926657, LP: #1821343)
  * Use more entropy for generating a random admin password, if none was set
    during initial configuration. Thanks to Judicael Courant.
    (Closes: #932270)
  * Replace debian/rules calls to dpkg-architecture and dpkg-parsechangelog
    with variables provided by dpkg-dev includes.
  * Declare R³: no.
  * Create a simple autopkgtest that tests installing slapd and connecting to
    it with an ldap tool.
  * Install the new openldap.h header in libldap2-dev.

 -- Andreas Hasenack <email address hidden>  Wed, 31 Jul 2019 18:01:14 -0300

Upload details

Uploaded by:
Andreas Hasenack
Uploaded to:
Eoan
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
net
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
openldap_2.4.48+dfsg.orig.tar.gz 4.6 MiB 8645601c28f094b01baed02a604479b175a45ba010e407212d214313bc6a80ba
openldap_2.4.48+dfsg-1ubuntu1.debian.tar.xz 174.9 KiB ead23f7be35e1c9e29842b6cdd05f9109c152a48d05d6d25b338d7489b747604
openldap_2.4.48+dfsg-1ubuntu1.dsc 2.9 KiB 55f8393e57088acd89438cfa66e19af919edc867c8ee462d4c6132cb597a2916

View changes file

Binary packages built by this source

ldap-utils: No summary available for ldap-utils in ubuntu eoan.

No description available for ldap-utils in ubuntu eoan.

ldap-utils-dbgsym: No summary available for ldap-utils-dbgsym in ubuntu eoan.

No description available for ldap-utils-dbgsym in ubuntu eoan.

libldap-2.4-2: OpenLDAP libraries

 These are the run-time libraries for the OpenLDAP (Lightweight Directory
 Access Protocol) servers and clients.

libldap-2.4-2-dbgsym: debug symbols for libldap-2.4-2
libldap-common: OpenLDAP common files for libraries

 These are common files for the run-time libraries for the OpenLDAP
 (Lightweight Directory Access Protocol) servers and clients.

libldap2-dev: No summary available for libldap2-dev in ubuntu eoan.

No description available for libldap2-dev in ubuntu eoan.

slapd: No summary available for slapd in ubuntu eoan.

No description available for slapd in ubuntu eoan.

slapd-contrib: contributed plugins for OpenLDAP slapd

 This package contains a number of slapd overlays and plugins contributed by
 the OpenLDAP community. While distributed as part of OpenLDAP Software, they
 are not necessarily supported by the OpenLDAP Project.

slapd-contrib-dbgsym: debug symbols for slapd-contrib
slapd-dbgsym: No summary available for slapd-dbgsym in ubuntu eoan.

No description available for slapd-dbgsym in ubuntu eoan.

slapd-smbk5pwd: No summary available for slapd-smbk5pwd in ubuntu eoan.

No description available for slapd-smbk5pwd in ubuntu eoan.

slapi-dev: No summary available for slapi-dev in ubuntu eoan.

No description available for slapi-dev in ubuntu eoan.