Change log for openldap2.3 package in Ubuntu
1 → 34 of 34 results | First • Previous • Next • Last |
openldap2.3 (2.4.9-0ubuntu0.8.04.5) hardy-security; urgency=low * SECURITY UPDATE: fix successful anonymous bind via chain overlay when using forwarded authentication failures - debian/patches/CVE-2011-1024 - CVE-2011-1024 * SECURITY UPDATE: fix DoS when processing unauthenticated modrdn requests and requestDN is empty - debian/patches/CVE-2011-1081 - CVE-2011-1081 -- Jamie Strandboge <email address hidden> Wed, 16 Mar 2011 10:22:57 -0500
Available diffs
openldap2.3 (2.4.9-0ubuntu0.8.04.4) hardy-security; urgency=low * SECURITY UPDATE: null ptr deref, free uninitialized data in modrdn calls - openldap-2.4.22-CVE-2010-0211-modrdn_check_error.patch: - check return for errors and clean up uninitialized data - openldap-2.4.22-CVE-2010-0212-modrdn_null_deref.patch: - return error on 0-length or binary RDNs - CVE-2010-0211, CVE-2010-0212 -- Steve Beattie <email address hidden> Thu, 29 Jul 2010 13:40:10 -0700
Available diffs
openldap2.3 (2.4.9-0ubuntu0.8.04.3) hardy-proposed; urgency=low * debian/patches/gnutls-enable-v1-ca-certs: Enable V1 CA certs to be trusted (LP: #305264). -- Mathias Gug <email address hidden> Wed, 25 Mar 2009 14:30:35 -0400
Available diffs
openldap2.3 (2.4.9-0ubuntu0.8.04.2) hardy-proposed; urgency=low [Chuck Short] * debian/patches/fix-gnutls-key-strength.patch: fixes ssf matching key strength with gnutls 2.3. (LP: #244925) [Jamie Strandboge] * adjust apparmor profile to allow gssapi (LP: #229252) * adjust apparmor profile to allow cnconfig (LP: #243525) -- Chuck Short <email address hidden> Tue, 05 Aug 2008 14:37:01 +0000
Available diffs
openldap2.3 (2.4.9-0ubuntu0.8.04.1) hardy-security; urgency=high * SECURITY UPDATE: denial of service via broken BER decoding. * Added debian/patches/security-ber-decoding.patch: upstream fixes. * References CVE-2008-2952 -- Kees Cook <email address hidden> Thu, 31 Jul 2008 16:06:53 -0700
Available diffs
openldap2.3 (2.3.35-1ubuntu0.3) gutsy-security; urgency=high * SECURITY UPDATE: denial of service via broken BER decoding. * Added debian/patches/security-ber-decoding.patch: upstream fixes. * References CVE-2008-2952 -- Kees Cook <email address hidden> Thu, 31 Jul 2008 16:06:53 -0700
Available diffs
openldap2.3 (2.3.30-2ubuntu0.3) feisty-security; urgency=high * SECURITY UPDATE: denial of service via broken BER decoding. * Added debian/patches/security-ber-decoding.patch: upstream fixes. * References CVE-2008-2952 -- Kees Cook <email address hidden> Thu, 31 Jul 2008 16:06:53 -0700
Available diffs
Deleted in intrepid-release (Reason: (From Debian) [auto-cruft] obsolete source package ) |
openldap2.3 (2.4.10-1ubuntu1) intrepid; urgency=low * Merge from debian unstable, remaining changes: - debian/apparmor-profile: add AppArmor profile - debian/slapd.postinst: Reload AA profile on configuration - updated debian/slapd.README.Debian for note on AppArmor - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6 - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4 to make sure that if earlier version of apparmour-profiles gets installed it won't overwrite our profile. - Modify Maintainer value to match the DebianMaintainerField speficication. - follow ApparmorProfileMigration and force apparmor compalin mode on some upgrades (LP: #203529) - debian/slapd.dirs: add etc/apparmor.d/force-complain - debian/slapd.preinst: create symlink for force-complain on pre-feisty upgrades, upgrades where apparmor-profiles profile is unchanged (ie non-enforcing) and upgrades where apparmor profile does not exist. - debian/slapd.postrm: remove symlink in force-complain/ on purge - debian/patches/fix-ucred-libc due to changes how newer glibc handle the ucred struct now. - debian/patches/fix-unique-overlay-assertion.patch: Fix another assertion error in unique overlay (LP: #243337). Backport from head. * debian/control: - add time as build dependency: needed by make test. * debian/rules: - support debuild nocheck option: don't run tests if nocheck is set. * debian/patches/fix-gnutls-key-strength.patch: - fix slapd handling of ssf using gnutls. (LP: #244925). * Dropped - accepted in Debian: - debian/rules, debian/slapd.links: use hard links to slapd instead of symlinks for slap* so these applications aren't confined by apparmor (LP: #203898) * Dropped - fixed in new upstream release: - debian/patches/fix-assertion-io.patch: Fixes ber_flush2 assertion. (LP: #215904) - debian/patches/fix-dnpretty-assertion.patch: Fix dnPrettyNormal assertion error. (LP: #234196) - dropped debian/patches/fix-notify-crasher.patch: Fix modify timestamp crashes. (LP: #220724) - debian/patches/fix-syncrepl-oops: Fixes segmentation fault when using syncrepl. (LP: #227178) - dropped debian/patches/SECURITY_CVE-2008-0658.patch. Already applied upstream.
Available diffs
- diff from 2.4.9-1ubuntu4 to 2.4.10-1ubuntu1 (74.3 KiB)
Superseded in intrepid-release |
openldap2.3 (2.4.9-1ubuntu4) intrepid; urgency=low * debian/patches/fix-unique-overlay-assertion.patch: - Fix another assertion error in unique overlay, backported from head. (LP: #243337) Note: This patch will still be needed when moved to 2.4.10 -- Chuck Short <email address hidden> Mon, 30 Jun 2008 18:49:52 +0000
Available diffs
- diff from 2.4.9-1ubuntu3 to 2.4.9-1ubuntu4 (820 bytes)
openldap2.3 (2.4.9-0ubuntu0.8.04) hardy-proposed; urgency=low * New upstream version: (LP: #237688) This verison fixes a number of bugs including syncrepl issues, assertion errors, and segmentation faults found in previous versions of openldap: http://www.openldap.org/software/release/changes.html. Dropped patches (included in the new upstream version): - debian/patches/entryCSN-backwards-compatibility (ITS #5348). - debian/patches/fix-notify-crasher.patch (ITS #5450). - debian/patches/libldap_r-link (ITS #4982). - debian/patches/sasl-cleartext-strncasecmp (ITS #5368). - debian/patches/slapd-tlsverifyclient-default (ITS #5360). - debian/patches/gnutls-ciphers patch (ITS #5341). - debian/patches/SECURITY_CVE-2008-0658.patch (#ITS 5358). * debian/patches/fix-syncrepl-oops: Fixes assertion when using syncrepl. (LP: #227178) * debian/patches/fix-assertion-io.patch, debian/patches/fix-dnpretty-assertion.patch: Add information about the related bugs these patches fix. -- Mathias Gug <email address hidden> Thu, 12 Jun 2008 19:33:42 -0400
Available diffs
Superseded in intrepid-release |
openldap2.3 (2.4.9-1ubuntu3) intrepid; urgency=low * Drop spurious dependency on hiemdal-dev. Caused by an aborted attempt to include the smbk5pwd overlay. -- Chuck Short <email address hidden> Wed, 11 Jun 2008 21:25:40 +0000
Available diffs
Superseded in intrepid-release |
openldap2.3 (2.4.9-1ubuntu2) intrepid; urgency=low * Rebuild for perl 5.10 transition (LP: #230016) * debian/patches/fix-syncrepl-oops: Fixes segmentation fault when using syncrepl. (LP: #227178) -- Chuck Short <email address hidden> Mon, 09 Jun 2008 14:56:40 +0000
Available diffs
- diff from 2.4.9-1ubuntu1 to 2.4.9-1ubuntu2 (369 bytes)
Superseded in intrepid-release |
openldap2.3 (2.4.9-1ubuntu1) intrepid; urgency=low * Merge from debian unstable, remaining changes: - debian/apparmor-profile: add AppArmor profile - debian/slapd.postinst: Reload AA profile on configuration - updated debian/slapd.README.Debian for note on AppArmor - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6 - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4 to make sure that if earlier version of apparmour-profiles gets installed it won't overwrite our profile. - Modify Maintainer value to match the DebianMaintainerField speficication. - follow ApparmorProfileMigration and force apparmor compalin mode on some upgrades (LP: #203529) - debian/slapd.dirs: add etc/apparmor.d/force-complain - debian/slapd.preinst: create symlink for force-complain on pre-feisty upgrades, upgrades where apparmor-profiles profile is unchanged (ie non-enforcing) and upgrades where apparmor profile does not exist. - debian/slapd.postrm: remove symlink in force-complain/ on purge - debian/rules, debian/slapd.links: use hard links to slapd instead of symlinks for slap* so these applications aren't confined by apparmor (LP: #203898) - debian/patches/fix-assertion-io.patch: Fixes ber_flush2 assertion. (LP: #215904) - debian/patches/fix-dnpretty-assertion.patch: Fix dnPrettyNormal assertion error. (LP: #234196) - dropped debian/patches/fix-notify-crasher.patch: Fix modify timestamp crashes. (LP: #220724) - dropped debian/patches/SECURITY_CVE-2008-0658.patch. Already applied upstream. * Added debian/patches/fix-ucred-libc due to changes how newer glibc handle the ucred struct now.
Available diffs
- diff from 2.4.7-6ubuntu3 to 2.4.9-1ubuntu1 (427.5 KiB)
openldap2.3 (2.4.7-6ubuntu4.2) hardy-proposed; urgency=low * debian/patches/fix-assertion-io.patch - Fix ber_flush2 assertion error. (LP: #215904) * debian/patches/fix-dnpretty-assertion.patch - Fix dnPrettyNormal assertion error. (LP: #234196) -- Chuck Short <email address hidden> Tue, 27 May 2008 08:16:44 -0400
openldap2.3 (2.4.7-6ubuntu4.1) hardy-proposed; urgency=low * debian/patches/fix-notify-crasher.patch - Fix modify timestamp crashes. (LP: #220724) -- Chuck Short <email address hidden> Thu, 24 Apr 2008 10:38:10 -0400
openldap2.3 (2.4.7-6ubuntu3) hardy; urgency=low * remove apparmor-profile workaround for Launchpad #202161 (it's now fixed in klibc) -- Jamie Strandboge <email address hidden> Mon, 07 Apr 2008 16:09:38 -0400
Superseded in hardy-release |
openldap2.3 (2.4.7-6ubuntu2) hardy; urgency=low * apparmor-profile workaround for Launchpad #202161 * follow ApparmorProfileMigration and force apparmor complain mode on some upgrades (LP: #203529) - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6 - debian/slapd.dirs: add etc/apparmor.d/force-complain - debian/slapd.preinst: create symlink for force-complain/ on pre-feisty upgrades, upgrades where apparmor-profiles profile is unchanged (ie non-enforcing) and upgrades where apparmor profile does not exist - debian/slapd.postrm: remove symlink in force-complain/ on purge * debian/rules, debian/slapd.links: use hard links to slapd instead of symlinks for slap* so these applications aren't confined by apparmor (LP: #203898) -- Jamie Strandboge <email address hidden> Tue, 18 Mar 2008 13:53:23 -0400
openldap2.3 (2.3.35-1ubuntu0.2) gutsy-security; urgency=low * SECURITY UPDATE: slapd crash when using the bdb backend and processing crafted modrdn requests * debian/patches/SECURITY_CVE-2008-0658.patch: patch to back-bdb/modrdn.c to properly check for NOOP option * References: CVE-2008-0658 LP: #197077 -- Jamie Strandboge <email address hidden> Tue, 04 Mar 2008 10:15:59 -0500
openldap2.3 (2.3.30-2ubuntu0.2) feisty-security; urgency=low * SECURITY UPDATE: slapd crash when using the bdb backend and processing crafted modify and modrdn requests * debian/patches/SECURITY_CVE-2007-6698+CVE-2008-0658.patch: patch to back-bdb/add.c, back-bdb/ctxcsn.c, back-bdb/delete.c, back-bdb/modify.c, back-bdb/modrdn.c to properly check for NOOP option * References: CVE-2007-6698 CVE-2008-0658 LP: #197077 -- Jamie Strandboge <email address hidden> Tue, 04 Mar 2008 10:11:59 -0500
Superseded in hardy-release |
openldap2.3 (2.4.7-6ubuntu1) hardy; urgency=low * Merge from Debian unstable, remaining changes: + debian/patches/SECURITY_CVE-2008-0658.patch (LP: #197077) slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39 allows remote authenticated users to cause a denial of service (daemon crash) via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION) control, a related issue to CVE-2007-6698. + debian/apparmor-profile: add AppArmor profile + debian/slapd.postinst: Reload AA profile on configuration + updated debian/slapd.README.Debian for note on AppArmor + debian/control: Replaces apparmor-profiles << 2.1+1075-0ubuntu4 as we should now take control + debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4 to make sure that if earlier version of apparmor-profiles gets installed it won't overwrite our profile + Modify Maintainer value to match the DebianMaintainerField specification.
Superseded in hardy-release |
openldap2.3 (2.4.7-5ubuntu2) hardy; urgency=low * SECURITY UPDATE: + debian/patches/SECURITY_CVE-2008-0658.patch (LP: #197077) slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39 allows remote authenticated users to cause a denial of service (daemon crash) via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION) control, a related issue to CVE-2007-6698. * References - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-0658 - http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5358 -- Emanuele Gentili <email address hidden> Sun, 02 Mar 2008 16:34:30 +0100
Superseded in hardy-release |
openldap2.3 (2.4.7-5ubuntu1) hardy; urgency=low * add AppArmor profile + debian/apparmor-profile + debian/slapd.postinst: Reload AA profile on configuration * updated debian/slapd.README.Debian for note on AppArmor * debian/control: Replaces apparmor-profiles << 2.1+1075-0ubuntu4 as we should now take control * debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4 to make sure that if earlier version of apparmor-profiles gets installed it won't overwrite our profile * Modify Maintainer value to match the DebianMaintainerField specification. -- Jamie Strandboge <email address hidden> Wed, 13 Feb 2008 17:15:41 +0000
openldap2.3 (2.4.7-5) unstable; urgency=low [ Updated debconf translations ] * Finnish, thanks to Esko Arajärvi <email address hidden>. Closes: #462688. * Galician, thanks to Jacobo Tarrio <email address hidden>. Closes: #462987. * French, thanks to Christian Perrier <email address hidden>. Closes: #463149. * Russian, thanks to Yuri Kozlov <email address hidden>. Closes: #463442. * Czech, thanks to Miroslav Kure <email address hidden>. Closes: #463472. * German, thanks to Helge Kreutzmann <email address hidden>. Closes: #464718. [ Steve Langasek ] * Fix various regressions related to the introduction of GnuTLS: - Add new patch, gnutls-ciphers, to fix support for specifying multiple ciphers with TLSCipherSuite option in slapd.conf. Thanks to Kyle Moffett <email address hidden> for the patch. Closes LP: #188200. - Add new patch, slapd-tlsverifyclient-default, to set the intended default value of "TLSVerifyClient never" in the right place. - Add new patch, gnutls-altname-nulterminated, to account for differences in how the "length" is returned for commonName vs. subjectAltName. - Comment out TLSCipherSuite settings on upgrade from all versions prior to 2.4.7-5, and throw a debconf error to the user notifying them of this, since all OpenSSL cipher suite values are incompatible with GnuTLS. Closes: #462588. * Add new patch from upstream, entryCSN-backwards-compatibility, to support auto-converting entryCSN attributes in a previously supported old format, fixing an upgrade failure. Closes: #462099. * Use --retry TERM/10 instead of --retry 10 when stopping slapd, since the latter resorts to a SIGKILL and may corrupt backend data; whereas the former will exit non-zero if slapd is still running but won't directly cause data-loss. Thanks to Mark McDonald for the patch. LP: #92139. * Fix manpage symlinks in libldap2-dev; thanks to Reuben Thomas for reporting. Closes: #463971. * Fix a superfluous space in the debconf templates, due to a trailing space in the templates. Closes: #464719. -- Steve Langasek <email address hidden> Mon, 11 Feb 2008 18:09:24 +0000
openldap2.3 (2.4.7-4) unstable; urgency=high [ Steve Langasek ] * Build-conflict with libicu-dev, for consistent dependencies in all build environments. * Fix an oversight in the checkpoint migration, which caused the checkpoint option to not be moved far enough down. Closes: #462304, LP: #185257. * Build-depend on unixodbc instead of iODBC. [ Updated debconf translations ] * Japanese, thanks to Kenshi Muto <email address hidden>. Closes: #462191. -- Steve Langasek <email address hidden> Fri, 25 Jan 2008 10:54:41 +0000
openldap2.3 (2.4.7-3) unstable; urgency=low * Add missing build-dependency on groff-base, to allow use of soelim during build.
openldap2.3 (2.3.35-1ubuntu0.1) gutsy-security; urgency=low * SECURITY UPDATE: slapd crash when processing crafted modify requests * debian/patches/SECURITY_CVE-2007-5707.patch: properly reset slap_mod_list when normalization fails in servers/slapd/modify.c * SECURITY UPDATE: crash in slapd when running as a proxy-caching server using slapo-pcache * debian/patches/SECURITY_CVE-2007-5708.patch: properly terminate array in servers/slapd/overlays/pcache.c * References CVE-2007-5707 CVE-2007-5708 Fixes LP #162162 * Modify Maintainer value to match the DebianMaintainerField specification. -- Jamie Strandboge <email address hidden> Fri, 30 Nov 2007 20:54:36 +0000
openldap2.3 (2.3.30-2ubuntu0.1) feisty-security; urgency=low * SECURITY UPDATE: slapd crash when processing crafted modify requests * debian/patches/SECURITY_CVE-2007-5707.patch: properly reset slap_mod_list when normalization fails in servers/slapd/modify.c * SECURITY UPDATE: crash in slapd when running as a proxy-caching server using slapo-pcache * debian/patches/SECURITY_CVE-2007-5708.patch: properly terminate array in servers/slapd/overlays/pcache.c * References CVE-2007-5707 CVE-2007-5708 Fixes LP #162162 * Modify Maintainer value to match the DebianMaintainerField specification. -- Jamie Strandboge <email address hidden> Fri, 30 Nov 2007 16:07:06 -0500
openldap2.3 (2.3.39-1) unstable; urgency=medium * Medium severity due to denial of service fix. * New upstream release. - CVE-2007-5708: Fix remote denial of service attack in slapo-pcache (the overlay for proxy caching). (Closes: #448644) - Multiple additional more minor bug fixes. * Document in the default slapd.conf that dbconfig options only generate the DB_CONFIG file on first slapd start and have no effect afterwards unless DB_CONFIG is removed. (Closes: #442191) * Inline the checkpoint and BerkeleyDB backend settings in the default slapd.conf rather than generating them dynamically in postinst. All the allowable default database choices are now BerekelyDB variants and will probably continue to be so for the forseeable future, and this is easier to maintain. * Drop debconf questions, warnings, and maintainer script functions dealing with upgrades from OpenLDAP 2.1, which is now too hold for supported direct upgrades. (Closes: #444806) * Add a watch file. Thanks, Fernando Ribeiro. (Closes: #435290) * Add Homepage, Vcs-Svn, and Vcs-Browser control fields. -- Ubuntu Archive Auto-Sync <email address hidden> Thu, 15 Nov 2007 14:07:03 +0000
openldap2.3 (2.3.38-1) unstable; urgency=low [ Steve Langasek ] * Drop debian/patches/use-lpthread, which is no longer needed on mips* because gcc has been fixed. * Drop debian/patches/add-autogen-sh, also no longer needed now that the above patch is gone. [ Matthijs Mohlmann ] * Fix bashism in initscript. (Closes: #428883) * Drop upstream patches ITS4924, ITS4925 and ITS4966. * Add patch for objectClasses which causes slapd to crash. (Closes: #440632) - Upstream bug ITS5119. * Change default loglevel to none, to log high priority messages. (Closes: #442000) * Tighten up the build dependencies, now that autogen patch is removed.
openldap2.3 (2.3.35-1) unstable; urgency=low * New upstream release with many bug fixes. - Allow syncprov to follow aliases. (Closes: #422087) * Apply upstream patches: - ITS#4924: client crash on incorrectly tagged result from server. - ITS#4925: NOOP modify with BDB backend crashed slapd. - ITS#4966: Delete of valsort-controlled entries crashed slapd. * Enable SLAPI support. (Closes: #390954) * Re-enable use of the epoll system call since Debian no longer supports 2.4 kernels. This means that the OpenLDAP packages will not work on pre-2.6 kernels. * Remove schema files that contain text from IETF RFCs from the upstream source since that text is not DFSG-free. Instead, install stripped versions of those schema files containing only the functional interface specifications, a comment explaining why this is needed, and a pointer to the relevant RFC. (Closes: #361846) * Document the repackaging of the upstream source in debian/copyright. * Update config.guess and config.sub during the build instead of in the clean target and remove them in the clean target for a clean diff. Build-depend on autotools-dev so that we can unconditionally copy over the latest versions. * Added commentary and upstream ITS numbers for several patches applicable upstream. * Use debian/compat rather than the deprecated DH_COMPAT rules setting. * Update to debhelper compatibility level V5 (no changes required). -- Ubuntu Archive Auto-Sync <email address hidden> Thu, 31 May 2007 14:42:01 +0100
openldap2.3 (2.3.30-5) unstable; urgency=low [ Steve Langasek ] * Add Portuguese debconf translation; thanks to Tiago Fernandes. Closes: #409632. * Re-add .la files to the slapd package, for greater compatibility with upstream documentation. [ Russ Allbery ] * When starting slapd, create a symlink from /var/run/ldapi to /var/run/slapd/ldapi for compatibility with 2.1 client libraries. Closes: #385809. * Apply upstream patch to prevent a race condition in slapd when shutting down connections. * Update the Brazilian Portuguese debconf translation; thanks to Felipe Augusto van de Wiel.
openldap2.3 (2.3.30-2) unstable; urgency=low * Make sure that the pidfile directory doesn't exist in the init script. (Closes: #402705) -- Ubuntu Archive Auto-Sync <email address hidden> Wed, 13 Dec 2006 12:45:38 +0000
openldap2.3 (2.3.30-1) unstable; urgency=low * New upstream release. - Fixed authzTo/authzFrom URL matching. - Fixed syncrepl consumer memory leaks. - Fixed slapd-hdb livelock. - Fixed slapo-ppolicy external quality check. - Fixed ldapsearch(1) man page acknowledgement. * Added patch to make sure that the pidfile directory exists. (Closes: #390337) * Do not ask the question allow ldap v2 logins when user wants manual configuration. (Closes: #401003) * Add patch to look also in /etc/ldap/sasl2 for sasl configuration. (Closes: #398657) * Removed db4.2-util recommend, the slapd binary includes checking code to fix DB errors. * Updated README in schema directory. It doesn't list collective.schema anymore. (Closes: #287358) * Updated manpages to point to right paths. (Closes: #398790) -- Ubuntu Archive Auto-Sync <email address hidden> Tue, 12 Dec 2006 11:01:46 +0000
openldap2.3 (2.3.29-1) unstable; urgency=medium [ Matthijs Mohlmann ] * New upstream release. - Fixes Denial of Service through a certain combination of LDAP BIND requests (CVE-2006-5779) (Closes: #397673) * LSB section added to the init script. * Updated README.Debian about running as non-root user (Closes: #389369) * Updated de translation (Closes: #396096) * Added some documentation / warning when running slapindex as root. * Remove drafts and rfc from the tarball. (Closes: #393404)
1 → 34 of 34 results | First • Previous • Next • Last |