[ubuntu/groovy-proposed] openldap 2.4.50+dfsg-1ubuntu1 (Accepted)
Andreas Hasenack
andreas at canonical.com
Tue Jun 2 12:48:12 UTC 2020
openldap (2.4.50+dfsg-1ubuntu1) groovy; urgency=medium
* Merge with Debian unstable. Remaining changes:
- Enable AppArmor support:
+ d/apparmor-profile: add AppArmor profile
+ d/rules: use dh_apparmor
+ d/control: Build-Depends on dh-apparmor
+ d/slapd.README.Debian: add note about AppArmor
- Enable GSSAPI support (first added in 2.4.18-0ubuntu2):
+ d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
- Add --with-gssapi support
- Make guess_service_principal() more robust when determining
principal
+ d/configure.options: Configure with --with-gssapi
+ d/control: Added heimdal-dev as a build depend
+ d/rules:
- Explicitly add -I/usr/include/heimdal to CFLAGS.
- Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
+ d/libldap-2.4-2.symbols: add symbols for GSSAPI support
This should be dropped when the soname changes.
- Enable ufw support:
+ d/control: suggest ufw.
+ d/rules: install ufw profile.
+ d/slapd.ufw.profile: add ufw profile.
- Enable nss overlay:
+ d/rules:
- add nssov to CONTRIB_MODULES
- add sysconfdir to CONTRIB_MAKEVARS
+ d/slapd.install:
- install nssov overlay
+ d/slapd.manpages:
- install slapo-nssov(5) man page
+ d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
Debian bug #919136, we also have to patch the nssov makefile
accordingly and thus update this patch.
- d/{rules,slapd.py}: Add apport hook.
- d/slapd.scripts-common:
+ add slapcat_opts to local variables.
+ Fix backup directory naming for multiple reconfiguration.
- d/{slapd.default,slapd.README.Debian}: use the new configuration style.
- Add support for CLDAP (UDP) support, back then required by
likewise-open (first enabled in 2.4.17-1ubuntu2):
+ d/rules: Enable -DLDAP_CONNECTIONLESS
+ d/libldap-2.4-2.symbols: add symbols for CLDAP (UDP)
This should be dropped when the soname changes.
- debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because
of test timing issue.
* Dropped:
- d/slapd.init.ldif: don't set olcRootDN since it's not defined in
either the default DIT nor via an Authn mapping.
[Not worth keeping a delta for, as having olcRootDN doesn't hurt]
- Show distribution in version:
- d/control: added lsb-release
- d/patches/fix-ldap-distribution.patch: show distribution in version
[Debian now shows the full package version]
- SECURITY UPDATE: denial of service via nested search filters
+ debian/patches/CVE-2020-12243.patch: limit depth of nested
filters in servers/slapd/filter.c.
[Fixed upstream]
* Added:
- d/rules, debian/patches/set-maintainer-name: Extract maintainer
address dynamically from debian/control. Thanks to Ryan Tandy
<ryan at nardis.ca> (Closes: #960448, LP: #1875697)
openldap (2.4.50+dfsg-1) unstable; urgency=medium
* New upstream release.
- Fixed slapd to limit depth of nested filters
(ITS#9202) (CVE-2020-12243)
- Drop patches included upstream: argon2.patch, ITS#9171, ITS#8650.
* Update Spanish debconf translation.
Thanks to Camaleón. (Closes: #958869)
openldap (2.4.49+dfsg-4) unstable; urgency=medium
* Annotate libsodium-dev dependency with <!pkg.openldap.noslapd>.
Thanks to Helmut Grohne. (Closes: #955993)
* Add the man page for the Argon2 password module.
Thanks to Peter Marschall. (Closes: #955977)
* Build the Argon2 password module with libargon2-dev instead of
libsodium-dev. Rationale:
- libargon2 contains the specific functionality needed; libsodium is a
larger library and contains many features not used here
- libsodium does not support configuring the p= (parallelism) parameter
* Import upstream patch to properly retry gnutls_handshake() after it
returns GNUTLS_E_AGAIN. (ITS#8650) (Closes: #861838)
* Update the Argon2 password module to upstream commit feb6f21d2e.
openldap (2.4.49+dfsg-3) unstable; urgency=medium
* Drop patch no-AM_INIT_AUTOMAKE. Instead, configure dh_autoreconf to skip
automake by setting AUTOMAKE=/bin/true. (Closes: #864637)
* debian/patches/debian-version: Show Debian version, instead of upstream
version, in version strings.
* Add ${perl:Depends} to slapd Depends to silence a dpkg-gencontrol warning.
This is practically a no-op since slapd explicitly Depends on perl because
of the maintainer scripts.
* Import the Argon2 password module from upstream git and install it in
slapd-contrib. New Build-Depends: libsodium-dev. (Closes: #920283)
Date: Mon, 01 Jun 2020 09:19:58 -0300
Changed-By: Andreas Hasenack <andreas at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/openldap/2.4.50+dfsg-1ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 01 Jun 2020 09:19:58 -0300
Source: openldap
Architecture: source
Version: 2.4.50+dfsg-1ubuntu1
Distribution: groovy
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Andreas Hasenack <andreas at canonical.com>
Closes: 861838 864637 920283 955977 955993 958869 960448
Launchpad-Bugs-Fixed: 1875697
Changes:
openldap (2.4.50+dfsg-1ubuntu1) groovy; urgency=medium
.
* Merge with Debian unstable. Remaining changes:
- Enable AppArmor support:
+ d/apparmor-profile: add AppArmor profile
+ d/rules: use dh_apparmor
+ d/control: Build-Depends on dh-apparmor
+ d/slapd.README.Debian: add note about AppArmor
- Enable GSSAPI support (first added in 2.4.18-0ubuntu2):
+ d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
- Add --with-gssapi support
- Make guess_service_principal() more robust when determining
principal
+ d/configure.options: Configure with --with-gssapi
+ d/control: Added heimdal-dev as a build depend
+ d/rules:
- Explicitly add -I/usr/include/heimdal to CFLAGS.
- Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
+ d/libldap-2.4-2.symbols: add symbols for GSSAPI support
This should be dropped when the soname changes.
- Enable ufw support:
+ d/control: suggest ufw.
+ d/rules: install ufw profile.
+ d/slapd.ufw.profile: add ufw profile.
- Enable nss overlay:
+ d/rules:
- add nssov to CONTRIB_MODULES
- add sysconfdir to CONTRIB_MAKEVARS
+ d/slapd.install:
- install nssov overlay
+ d/slapd.manpages:
- install slapo-nssov(5) man page
+ d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
Debian bug #919136, we also have to patch the nssov makefile
accordingly and thus update this patch.
- d/{rules,slapd.py}: Add apport hook.
- d/slapd.scripts-common:
+ add slapcat_opts to local variables.
+ Fix backup directory naming for multiple reconfiguration.
- d/{slapd.default,slapd.README.Debian}: use the new configuration style.
- Add support for CLDAP (UDP) support, back then required by
likewise-open (first enabled in 2.4.17-1ubuntu2):
+ d/rules: Enable -DLDAP_CONNECTIONLESS
+ d/libldap-2.4-2.symbols: add symbols for CLDAP (UDP)
This should be dropped when the soname changes.
- debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because
of test timing issue.
* Dropped:
- d/slapd.init.ldif: don't set olcRootDN since it's not defined in
either the default DIT nor via an Authn mapping.
[Not worth keeping a delta for, as having olcRootDN doesn't hurt]
- Show distribution in version:
- d/control: added lsb-release
- d/patches/fix-ldap-distribution.patch: show distribution in version
[Debian now shows the full package version]
- SECURITY UPDATE: denial of service via nested search filters
+ debian/patches/CVE-2020-12243.patch: limit depth of nested
filters in servers/slapd/filter.c.
[Fixed upstream]
* Added:
- d/rules, debian/patches/set-maintainer-name: Extract maintainer
address dynamically from debian/control. Thanks to Ryan Tandy
<ryan at nardis.ca> (Closes: #960448, LP: #1875697)
.
openldap (2.4.50+dfsg-1) unstable; urgency=medium
.
* New upstream release.
- Fixed slapd to limit depth of nested filters
(ITS#9202) (CVE-2020-12243)
- Drop patches included upstream: argon2.patch, ITS#9171, ITS#8650.
* Update Spanish debconf translation.
Thanks to Camaleón. (Closes: #958869)
.
openldap (2.4.49+dfsg-4) unstable; urgency=medium
.
* Annotate libsodium-dev dependency with <!pkg.openldap.noslapd>.
Thanks to Helmut Grohne. (Closes: #955993)
* Add the man page for the Argon2 password module.
Thanks to Peter Marschall. (Closes: #955977)
* Build the Argon2 password module with libargon2-dev instead of
libsodium-dev. Rationale:
- libargon2 contains the specific functionality needed; libsodium is a
larger library and contains many features not used here
- libsodium does not support configuring the p= (parallelism) parameter
* Import upstream patch to properly retry gnutls_handshake() after it
returns GNUTLS_E_AGAIN. (ITS#8650) (Closes: #861838)
* Update the Argon2 password module to upstream commit feb6f21d2e.
.
openldap (2.4.49+dfsg-3) unstable; urgency=medium
.
* Drop patch no-AM_INIT_AUTOMAKE. Instead, configure dh_autoreconf to skip
automake by setting AUTOMAKE=/bin/true. (Closes: #864637)
* debian/patches/debian-version: Show Debian version, instead of upstream
version, in version strings.
* Add ${perl:Depends} to slapd Depends to silence a dpkg-gencontrol warning.
This is practically a no-op since slapd explicitly Depends on perl because
of the maintainer scripts.
* Import the Argon2 password module from upstream git and install it in
slapd-contrib. New Build-Depends: libsodium-dev. (Closes: #920283)
Checksums-Sha1:
3bda572eb67520d46181b2b65e7b64c8f70ab39d 3154 openldap_2.4.50+dfsg-1ubuntu1.dsc
8fc7858712f66891f59bb5ae8b8a85a291a5b369 4891077 openldap_2.4.50+dfsg.orig.tar.gz
68fbdb160f15a6be6fdbbdfdcb2828ea6e959568 181008 openldap_2.4.50+dfsg-1ubuntu1.debian.tar.xz
d756d74e00093978676e20ddbfb92b95cbd28e2d 6341 openldap_2.4.50+dfsg-1ubuntu1_source.buildinfo
Checksums-Sha256:
f2d066a448a3f8b9c8cc59c626416f6a9536b4d17c5b78ca01ec56169204a652 3154 openldap_2.4.50+dfsg-1ubuntu1.dsc
77e5be35661d2fb51c4425fc5985c668fa0e53cbc83a6c0962470fd240fd7655 4891077 openldap_2.4.50+dfsg.orig.tar.gz
529215000113332cfbd70079fd1c15a126bde4c179e147f20d182f02887e0112 181008 openldap_2.4.50+dfsg-1ubuntu1.debian.tar.xz
219530b820d5c70f4cb3adabea12614e20bcc7038b49f40200ea79cf44527aa9 6341 openldap_2.4.50+dfsg-1ubuntu1_source.buildinfo
Files:
153af3f0d35a39f4330d59269665216e 3154 net optional openldap_2.4.50+dfsg-1ubuntu1.dsc
7330a5bb1ae8c995b04f2c8fbaaef0f6 4891077 net optional openldap_2.4.50+dfsg.orig.tar.gz
2bef780774996c07d2bca50470f7826a 181008 net optional openldap_2.4.50+dfsg-1ubuntu1.debian.tar.xz
28247864c9e5b5e15a6559420855ee6f 6341 net optional openldap_2.4.50+dfsg-1ubuntu1_source.buildinfo
Original-Maintainer: Debian OpenLDAP Maintainers <pkg-openldap-devel at lists.alioth.debian.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEiGZB1jWM2kalbBxyrJg+tb9ry6kFAl7WSjEACgkQrJg+tb9r
y6m1sg/6A0yIu/o+QYZlN6u0bCntJS41C4dm/zt+1QwEy5yoCd+gK1MjhgnQ95CY
DeK8dMKHxaZ6ZjeSfpGNLPvZE4pjyMpE+tCEZYNAoPHxZocDNfNL0aFM34Xk0D8F
luV8XUQuNPhsxzxqOYkZBp8Omi45ljh6BEU+j3Yk4BH/A788BpB0k11vnb43o3Am
Iv65tfklBmOGhhzDUsLs17AMZaMBxiX4fEZGv2otpcy8FUoxOsHnG80n2bIq9pZw
QPhmunZqHL3ZrS6Aa5PRFTPYC2na7oTH40ka2uah3we7cXjuGyeFyp58KjCSqL8u
JFz2JwOmjJAKjoS1/7QJwg9Mqfymib8359eAjrvGRxHuR28Z+GyUn4KTfWPH6J32
zioPM7RRub01twjjF97EeZjWvbpHzuTRyQfDVOpNKSLMgxWy9C3HK6k0SxS1U9xN
1DW36ba1d7sRC/JBDJCchtFc/43pyLxnRgCDm3Ra19/diczhWG7Lo+lWZNxSM8ml
AmKYUcH9kufMnP/JDQA/VYiGd52uctb40tmCg25vW3qHSAOQmanXVvQldErvCtr3
uq5qL2/3V3qp0FswKHx8RlbV7XzB8/nSPIP5b+8SFYw446Jn7JqFLN/5osIOttPP
HmSQ8JUVsF9AGKsYo7AOe1w81LauXYUVH6ruP5w6qh5xk9DXnHQ=
=PraQ
-----END PGP SIGNATURE-----
More information about the Groovy-changes
mailing list