-
openldap (2.4.23-6ubuntu6.1) natty-security; urgency=low
* SECURITY UPDATE: potential denial of service (LP: #884163)
- debian/patches/CVE-2011-4079: fix off by one error in
postalAddressNormalize()
- CVE-2011-4079
-- Jamie Strandboge <email address hidden> Mon, 14 Nov 2011 13:29:39 -0600
-
openldap (2.4.23-6ubuntu6) natty; urgency=low
* SECURITY UPDATE: fix successful anonymous bind via chain overlay when
using forwarded authentication failures
- debian/patches/CVE-2011-1024
- CVE-2011-1024
* SECURITY UPDATE: verify password when authenticating to rootdn and using ndb
backend. Note: Ubuntu is not compiled with --enable-ndb by default
- debian/patches/CVE-2011-1025
- CVE-2011-1025
* SECURITY UPDATE: fix DoS when processing unauthenticated modrdn requests
and requestDN is empty
- debian/patches/CVE-2011-1081
- CVE-2011-1081
- LP: #742104
-- Jamie Strandboge <email address hidden> Thu, 07 Apr 2011 11:36:53 -0500
-
openldap (2.4.23-6ubuntu5) natty; urgency=low
* debian/patches/service-operational-before-detach: New patch replacing
old one of same name as previous could cause database corruption,
based on upstream commits. (LP: #727973)
-- Dave Walker (Daviey) <email address hidden> Wed, 02 Mar 2011 20:33:08 +0000
-
openldap (2.4.23-6ubuntu4) natty; urgency=low
* Fix FTBFS with ld.gold.
-- Matthias Klose <email address hidden> Wed, 19 Jan 2011 07:39:49 +0100
-
openldap (2.4.23-6ubuntu3) natty; urgency=low
* debian/patches/gssapi.diff:
Update patch so that likewise-open is usable again (LP: #661547)
-- Thierry Carrez (ttx) <email address hidden> Fri, 26 Nov 2010 15:50:11 +0100
-
openldap (2.4.23-6ubuntu2) natty; urgency=low
* Install nss overlay (LP: #675391):
- debian/rules: run install target for nssov module.
- debian/patches/nssov-build: fix patch to install schema in
/etc/ldap/schema.
-- Mathias Gug <email address hidden> Wed, 17 Nov 2010 18:16:42 -0500
-
openldap (2.4.23-6ubuntu1) natty; urgency=low
* Merge from Debian unstable:
- Install a default DIT (LP: #442498).
- Document cn=config in README file (LP: #370784).
- remaining changes:
+ AppArmor support:
- debian/apparmor-profile: add AppArmor profile
- use dh_apparmor:
- debian/rules: use dh_apparmor
- debian/control: Build-Depends on debhelper 7.4.20ubuntu5
- updated debian/slapd.README.Debian for note on AppArmor
- debian/slapd.dirs: add etc/apparmor.d/force-complain
+ Enable GSSAPI support (LP: #495418):
- debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
- Add --with-gssapi support
- Make guess_service_principal() more robust when determining
principal
- debian/patches/series: apply gssapi.diff patch.
- debian/configure.options: Configure with --with-gssapi
- debian/control: Added libkrb5-dev as a build depend
+ debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
in the openldap library, as required by Likewise-Open (LP: #390579)
+ Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
- debian/control:
- remove build-dependency on heimdal-dev.
- remove slapd-smbk5pwd binary package.
- debian/rules: don't build smbk5pwd slapd module.
+ debian/{control,rules}: enable PIE hardening
+ ufw support (LP: #423246):
- debian/control: suggest ufw.
- debian/rules: install ufw profile.
- debian/slapd.ufw.profile: add ufw profile.
+ Enable nssoverlay:
- debian/patches/nssov-build, debian/series, debian/rules:
Apply, build and package the nss overlay.
- debian/schema/extra/misc.ldif: add ldif file for the misc schema
which defines rfc822MailMember (required by the nss overlay).
+ debian/rules, debian/schema/extra/:
Fix configure rule to supports extra schemas shipped as part
of the debian/schema/ directory.
+ debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
+ debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
neither the default DIT nor via an Authn mapping.
+ debian/slapd.scripts-common: adjust minimum version that triggers a
database upgrade. Upgrade from maverick shouldn't trigger database
upgrade (which would happen with the version used in Debian).
+ debian/slapd.scripts-common: add slapcat_opts to local variables.
Remove unused variable new_conf.
+ debian/slapd.script-common: Fix package reconfiguration.
- Fix backup directory naming for multiple reconfiguration.
+ debian/slapd.default, debian/slapd.README.Debian:
use the new configuration style.
openldap (2.4.23-6) unstable; urgency=high
* Check for an empty directory to prevent an rm -f /*. (Closes: #597704)
openldap (2.4.23-5) unstable; urgency=high
[ Steve Langasek ]
* High-urgency upload for RC bugfix.
* debian/slapd.scripts-common: fix gratuitous (and wrong) use of grep in
get_suffix(), which causes us to incorrectly parse any slapd.conf that
uses tabs instead of spaces. Closes: #595672.
* debian/slapd.init, debian/slapd.scripts-common: when $SLAPD_CONF is not
set in /etc/default/slapd, we should always set a default value, giving
precedence to slapd.d and falling back to slapd.conf. Users who don't
want to use an existing slapd.d should point at slapd.conf explicitly.
Closes: #594714, #596343.
* debian/slapd.init: 'invoke-rc.d slapd stop' should not fail due to the
absence of a slapd configuration; we should still exit 0 so that the
package can be removed gracefully. Closes: #596100.
* drop build-conflicts with libssl-dev; we explicitly pass
--with-tls=gnutls to configure, so there's no risk of a misbuild here.
* debian/slapd.default: now that we have a sensible default behavior in
both slapd.init and the maintainer scripts, leave SLAPD_CONF empty to
save pain later.
* debian/slapd.scripts-common: ... and do the same in
migrate_to_slapd_d_style, we just need to comment out the user's
previous entry instead of blowing it away.
* debian/slapd.scripts-common: call get_suffix in a way that lets us
separate responses by newlines, to properly handle the case when a
DN has embedded spaces. Introduces a few more stupid fd tricks to work
around possible problems with debconf. Closes: #595466.
* debian/slapd.scripts-common: when parsing the names of includes, handle
double-quotes and escape characters as described in slapd.conf(5).
Closes: #595784.
* debian/slapd.scripts-common, debian/slapd.postinst: on upgrade from
versions <= 2.4.23-4, explicitly grant access to cn=Subschema, which
otherwise is blocked by our added olcAccess settings. Closes: #596326.
* debian/slapd.init.ldif: set the acl in the default LDIF for new installs,
too.
* Likewise, grant access to dn.exact="" so that base dn autodiscovery
works as intended. Closes: #596049.
* debian/slapd.init.ldif: synchronize our behavior on new installs with
that on upgrades, avoiding the non-standard cn=localroot,cn=config.
* debian/slapd.scripts-common: don't run the migration code if slapd.d
already exists. Closes: #593965.
[ Matthijs Mohlmann ]
* Remove upgrade_supported_from_backend, implemented patch from
Peter Marschall <email address hidden> to automatically detect if an upgrade is
supported. (Closes: #594712)
[ Peter Marschall ]
* debian/slapd.init: correctly set the slapd.conf argument even when
SLAPD_PIDFILE is non-empty in /etc/default/slapd. Closes: #593880.
* debian/slapd.scripts-common: pass -g to slapadd/slapcat, so that
subordinate databases aren't incorrectly included in the dump/restore of
the parent database. Closes: #594821.
openldap (2.4.23-4) unstable; urgency=low
[ Steve Langasek ]
* Bump the database upgrade version check to 2.4.23-4; should have been
set to 2.4.23-1 when we switched to db4.8, but was missed so we need to
clean up. Closes: #593550.
[ Matthijs Mohlmann ]
* Fix root access to cn=config on upgrades from configuration style slapd.conf
Thanks to Mathias Gug (Closes: #593566, #593878)
openldap (2.4.23-3) unstable; urgency=low
* Configure the newly installed openldap package using slapd.d instead of
slapd.conf, merged from ubuntu. (Closes: #562723, #494155, #333428)
* Update the debconf templates by running debconf-updatepo.
* We do not support upgrades from older releases then lenny, so removed some
upgrade functions from slapd.scripts-common.
* Updated japanese translation, thanks Kenshi Muto (Closes: #589508)
* Updated czech translation, thanks Miroslav Kure (Closes: #589569)
* Update slapd.README.Debian and slapd.NEWS and note the new configuration
style.
* Fixes CVE-2010-0211 and CVE-2010-0212 (Closes: #589852)
* Update italian translation, thanks Luca Monducci (Closes: #590154)
* Update spanish translation, thanks Francisco Javier Cuadrado
(Closes: #590829)
* Update basque translation, thanks Iñaki Larrañaga Murgoitio
* Bump Standards-Version to 3.9.1
* Added debian specific patch to wait until slapd is operational before
detaching to the terminal (Closes: #589915)
* Add a lintian overrides for libldap.
* Empty dependency_libs line in .la files. (Closes: #591550)
* Update galician translation, thanks Jorge Barreiro (Closes: #592815)
openldap (2.4.23-2) unstable; urgency=medium
* Depend on libdb4.8 >= 4.8.30 (Closes: #588969)
* Urgency previous as previous version fixes a RC bug.
openldap (2.4.23-1) unstable; urgency=low
* New upstream version
* Change to build dependency libdb4.8-dev instead of libdb4.7-dev
* Updated french translation thanks Christian Perrier (Closes: #579192)
* Updated swedish translation thanks Martin Bagge (Closes: #580145)
* Updated german translation thanks Helge Kreutzmann (Closes: #579582)
* Updated russian translation thanks Yuri Kozlov (Closes: #585688)
* Fix bashisms in debian/rules (Closes: #581454)
* Add documentation patch (Closes: #513270)
* Refreshed all quilt patches.
* Bump Standards-Version to 3.9.0
-- Mathias Gug <email address hidden> Fri, 12 Nov 2010 15:19:07 -0500
-
openldap (2.4.23-0ubuntu4) natty; urgency=low
* debian/slapd.templates: amended typo in slapd/move_old_database
(LP: #666028)
-- James Page <email address hidden> Mon, 08 Nov 2010 10:00:58 +0000
-
openldap (2.4.23-0ubuntu3.2) maverick-proposed; urgency=low
* debian/slapd.templates: re-add slapd/move_old_database template as it's
used during the package upgrade. Thanks to James Page for pointing it.
* debian/slapd.config: restore debconf question slapd/move_old_database.
openldap (2.4.23-0ubuntu3.1) maverick-proposed; urgency=low
[ James Page ]
* Fixed install/upgrade process to dump/restore databases due
to uplift to libdb4.8-dev (LP: #658227)
-- Mathias Gug <email address hidden> Thu, 14 Oct 2010 16:56:38 -0400
-
openldap (2.4.23-0ubuntu3) maverick; urgency=low
* debian/rules: move dh_apparmor before dh_installinit
-- Jamie Strandboge <email address hidden> Fri, 06 Aug 2010 17:34:21 -0500
