[ubuntu/natty] openldap 2.4.23-6ubuntu1 (Accepted)
Mathias Gug
mathiaz at ubuntu.com
Fri Nov 12 20:25:30 GMT 2010
openldap (2.4.23-6ubuntu1) natty; urgency=low
* Merge from Debian unstable:
- Install a default DIT (LP: #442498).
- Document cn=config in README file (LP: #370784).
- remaining changes:
+ AppArmor support:
- debian/apparmor-profile: add AppArmor profile
- use dh_apparmor:
- debian/rules: use dh_apparmor
- debian/control: Build-Depends on debhelper 7.4.20ubuntu5
- updated debian/slapd.README.Debian for note on AppArmor
- debian/slapd.dirs: add etc/apparmor.d/force-complain
+ Enable GSSAPI support (LP: #495418):
- debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
- Add --with-gssapi support
- Make guess_service_principal() more robust when determining
principal
- debian/patches/series: apply gssapi.diff patch.
- debian/configure.options: Configure with --with-gssapi
- debian/control: Added libkrb5-dev as a build depend
+ debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
in the openldap library, as required by Likewise-Open (LP: #390579)
+ Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
- debian/control:
- remove build-dependency on heimdal-dev.
- remove slapd-smbk5pwd binary package.
- debian/rules: don't build smbk5pwd slapd module.
+ debian/{control,rules}: enable PIE hardening
+ ufw support (LP: #423246):
- debian/control: suggest ufw.
- debian/rules: install ufw profile.
- debian/slapd.ufw.profile: add ufw profile.
+ Enable nssoverlay:
- debian/patches/nssov-build, debian/series, debian/rules:
Apply, build and package the nss overlay.
- debian/schema/extra/misc.ldif: add ldif file for the misc schema
which defines rfc822MailMember (required by the nss overlay).
+ debian/rules, debian/schema/extra/:
Fix configure rule to supports extra schemas shipped as part
of the debian/schema/ directory.
+ debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
+ debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
neither the default DIT nor via an Authn mapping.
+ debian/slapd.scripts-common: adjust minimum version that triggers a
database upgrade. Upgrade from maverick shouldn't trigger database
upgrade (which would happen with the version used in Debian).
+ debian/slapd.scripts-common: add slapcat_opts to local variables.
Remove unused variable new_conf.
+ debian/slapd.script-common: Fix package reconfiguration.
- Fix backup directory naming for multiple reconfiguration.
+ debian/slapd.default, debian/slapd.README.Debian:
use the new configuration style.
openldap (2.4.23-6) unstable; urgency=high
* Check for an empty directory to prevent an rm -f /*. (Closes: #597704)
openldap (2.4.23-5) unstable; urgency=high
[ Steve Langasek ]
* High-urgency upload for RC bugfix.
* debian/slapd.scripts-common: fix gratuitous (and wrong) use of grep in
get_suffix(), which causes us to incorrectly parse any slapd.conf that
uses tabs instead of spaces. Closes: #595672.
* debian/slapd.init, debian/slapd.scripts-common: when $SLAPD_CONF is not
set in /etc/default/slapd, we should always set a default value, giving
precedence to slapd.d and falling back to slapd.conf. Users who don't
want to use an existing slapd.d should point at slapd.conf explicitly.
Closes: #594714, #596343.
* debian/slapd.init: 'invoke-rc.d slapd stop' should not fail due to the
absence of a slapd configuration; we should still exit 0 so that the
package can be removed gracefully. Closes: #596100.
* drop build-conflicts with libssl-dev; we explicitly pass
--with-tls=gnutls to configure, so there's no risk of a misbuild here.
* debian/slapd.default: now that we have a sensible default behavior in
both slapd.init and the maintainer scripts, leave SLAPD_CONF empty to
save pain later.
* debian/slapd.scripts-common: ... and do the same in
migrate_to_slapd_d_style, we just need to comment out the user's
previous entry instead of blowing it away.
* debian/slapd.scripts-common: call get_suffix in a way that lets us
separate responses by newlines, to properly handle the case when a
DN has embedded spaces. Introduces a few more stupid fd tricks to work
around possible problems with debconf. Closes: #595466.
* debian/slapd.scripts-common: when parsing the names of includes, handle
double-quotes and escape characters as described in slapd.conf(5).
Closes: #595784.
* debian/slapd.scripts-common, debian/slapd.postinst: on upgrade from
versions <= 2.4.23-4, explicitly grant access to cn=Subschema, which
otherwise is blocked by our added olcAccess settings. Closes: #596326.
* debian/slapd.init.ldif: set the acl in the default LDIF for new installs,
too.
* Likewise, grant access to dn.exact="" so that base dn autodiscovery
works as intended. Closes: #596049.
* debian/slapd.init.ldif: synchronize our behavior on new installs with
that on upgrades, avoiding the non-standard cn=localroot,cn=config.
* debian/slapd.scripts-common: don't run the migration code if slapd.d
already exists. Closes: #593965.
[ Matthijs Mohlmann ]
* Remove upgrade_supported_from_backend, implemented patch from
Peter Marschall <peter at adpm.de> to automatically detect if an upgrade is
supported. (Closes: #594712)
[ Peter Marschall ]
* debian/slapd.init: correctly set the slapd.conf argument even when
SLAPD_PIDFILE is non-empty in /etc/default/slapd. Closes: #593880.
* debian/slapd.scripts-common: pass -g to slapadd/slapcat, so that
subordinate databases aren't incorrectly included in the dump/restore of
the parent database. Closes: #594821.
openldap (2.4.23-4) unstable; urgency=low
[ Steve Langasek ]
* Bump the database upgrade version check to 2.4.23-4; should have been
set to 2.4.23-1 when we switched to db4.8, but was missed so we need to
clean up. Closes: #593550.
[ Matthijs Mohlmann ]
* Fix root access to cn=config on upgrades from configuration style slapd.conf
Thanks to Mathias Gug (Closes: #593566, #593878)
openldap (2.4.23-3) unstable; urgency=low
* Configure the newly installed openldap package using slapd.d instead of
slapd.conf, merged from ubuntu. (Closes: #562723, #494155, #333428)
* Update the debconf templates by running debconf-updatepo.
* We do not support upgrades from older releases then lenny, so removed some
upgrade functions from slapd.scripts-common.
* Updated japanese translation, thanks Kenshi Muto (Closes: #589508)
* Updated czech translation, thanks Miroslav Kure (Closes: #589569)
* Update slapd.README.Debian and slapd.NEWS and note the new configuration
style.
* Fixes CVE-2010-0211 and CVE-2010-0212 (Closes: #589852)
* Update italian translation, thanks Luca Monducci (Closes: #590154)
* Update spanish translation, thanks Francisco Javier Cuadrado
(Closes: #590829)
* Update basque translation, thanks Iñaki Larrañaga Murgoitio
* Bump Standards-Version to 3.9.1
* Added debian specific patch to wait until slapd is operational before
detaching to the terminal (Closes: #589915)
* Add a lintian overrides for libldap.
* Empty dependency_libs line in .la files. (Closes: #591550)
* Update galician translation, thanks Jorge Barreiro (Closes: #592815)
openldap (2.4.23-2) unstable; urgency=medium
* Depend on libdb4.8 >= 4.8.30 (Closes: #588969)
* Urgency previous as previous version fixes a RC bug.
openldap (2.4.23-1) unstable; urgency=low
* New upstream version
* Change to build dependency libdb4.8-dev instead of libdb4.7-dev
* Updated french translation thanks Christian Perrier (Closes: #579192)
* Updated swedish translation thanks Martin Bagge (Closes: #580145)
* Updated german translation thanks Helge Kreutzmann (Closes: #579582)
* Updated russian translation thanks Yuri Kozlov (Closes: #585688)
* Fix bashisms in debian/rules (Closes: #581454)
* Add documentation patch (Closes: #513270)
* Refreshed all quilt patches.
* Bump Standards-Version to 3.9.0
Date: Fri, 12 Nov 2010 15:19:07 -0500
Changed-By: Mathias Gug <mathiaz at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/natty/+source/openldap/2.4.23-6ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 12 Nov 2010 15:19:07 -0500
Source: openldap
Binary: slapd ldap-utils libldap-2.4-2 libldap-2.4-2-dbg libldap2-dev slapd-dbg
Architecture: source
Version: 2.4.23-6ubuntu1
Distribution: natty
Urgency: high
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Mathias Gug <mathiaz at ubuntu.com>
Description:
ldap-utils - OpenLDAP utilities
libldap-2.4-2 - OpenLDAP libraries
libldap-2.4-2-dbg - Debugging information for OpenLDAP libraries
libldap2-dev - OpenLDAP development libraries
slapd - OpenLDAP server (slapd)
slapd-dbg - Debugging information for the OpenLDAP server (slapd)
Closes: 333428 494155 513270 562723 579192 579582 580145 581454 585688 588969 589508 589569 589852 589915 590154 590829 591550 592815 593550 593566 593878 593880 593965 594712 594714 594821 595466 595672 595784 596049 596100 596326 596343 597704
Launchpad-Bugs-Fixed: 370784 390579 423246 442498 495418 610544
Changes:
openldap (2.4.23-6ubuntu1) natty; urgency=low
.
* Merge from Debian unstable:
- Install a default DIT (LP: #442498).
- Document cn=config in README file (LP: #370784).
- remaining changes:
+ AppArmor support:
- debian/apparmor-profile: add AppArmor profile
- use dh_apparmor:
- debian/rules: use dh_apparmor
- debian/control: Build-Depends on debhelper 7.4.20ubuntu5
- updated debian/slapd.README.Debian for note on AppArmor
- debian/slapd.dirs: add etc/apparmor.d/force-complain
+ Enable GSSAPI support (LP: #495418):
- debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
- Add --with-gssapi support
- Make guess_service_principal() more robust when determining
principal
- debian/patches/series: apply gssapi.diff patch.
- debian/configure.options: Configure with --with-gssapi
- debian/control: Added libkrb5-dev as a build depend
+ debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
in the openldap library, as required by Likewise-Open (LP: #390579)
+ Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
- debian/control:
- remove build-dependency on heimdal-dev.
- remove slapd-smbk5pwd binary package.
- debian/rules: don't build smbk5pwd slapd module.
+ debian/{control,rules}: enable PIE hardening
+ ufw support (LP: #423246):
- debian/control: suggest ufw.
- debian/rules: install ufw profile.
- debian/slapd.ufw.profile: add ufw profile.
+ Enable nssoverlay:
- debian/patches/nssov-build, debian/series, debian/rules:
Apply, build and package the nss overlay.
- debian/schema/extra/misc.ldif: add ldif file for the misc schema
which defines rfc822MailMember (required by the nss overlay).
+ debian/rules, debian/schema/extra/:
Fix configure rule to supports extra schemas shipped as part
of the debian/schema/ directory.
+ debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
+ debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
neither the default DIT nor via an Authn mapping.
+ debian/slapd.scripts-common: adjust minimum version that triggers a
database upgrade. Upgrade from maverick shouldn't trigger database
upgrade (which would happen with the version used in Debian).
+ debian/slapd.scripts-common: add slapcat_opts to local variables.
Remove unused variable new_conf.
+ debian/slapd.script-common: Fix package reconfiguration.
- Fix backup directory naming for multiple reconfiguration.
+ debian/slapd.default, debian/slapd.README.Debian:
use the new configuration style.
.
openldap (2.4.23-6) unstable; urgency=high
.
* Check for an empty directory to prevent an rm -f /*. (Closes: #597704)
.
openldap (2.4.23-5) unstable; urgency=high
.
[ Steve Langasek ]
* High-urgency upload for RC bugfix.
* debian/slapd.scripts-common: fix gratuitous (and wrong) use of grep in
get_suffix(), which causes us to incorrectly parse any slapd.conf that
uses tabs instead of spaces. Closes: #595672.
* debian/slapd.init, debian/slapd.scripts-common: when $SLAPD_CONF is not
set in /etc/default/slapd, we should always set a default value, giving
precedence to slapd.d and falling back to slapd.conf. Users who don't
want to use an existing slapd.d should point at slapd.conf explicitly.
Closes: #594714, #596343.
* debian/slapd.init: 'invoke-rc.d slapd stop' should not fail due to the
absence of a slapd configuration; we should still exit 0 so that the
package can be removed gracefully. Closes: #596100.
* drop build-conflicts with libssl-dev; we explicitly pass
--with-tls=gnutls to configure, so there's no risk of a misbuild here.
* debian/slapd.default: now that we have a sensible default behavior in
both slapd.init and the maintainer scripts, leave SLAPD_CONF empty to
save pain later.
* debian/slapd.scripts-common: ... and do the same in
migrate_to_slapd_d_style, we just need to comment out the user's
previous entry instead of blowing it away.
* debian/slapd.scripts-common: call get_suffix in a way that lets us
separate responses by newlines, to properly handle the case when a
DN has embedded spaces. Introduces a few more stupid fd tricks to work
around possible problems with debconf. Closes: #595466.
* debian/slapd.scripts-common: when parsing the names of includes, handle
double-quotes and escape characters as described in slapd.conf(5).
Closes: #595784.
* debian/slapd.scripts-common, debian/slapd.postinst: on upgrade from
versions <= 2.4.23-4, explicitly grant access to cn=Subschema, which
otherwise is blocked by our added olcAccess settings. Closes: #596326.
* debian/slapd.init.ldif: set the acl in the default LDIF for new installs,
too.
* Likewise, grant access to dn.exact="" so that base dn autodiscovery
works as intended. Closes: #596049.
* debian/slapd.init.ldif: synchronize our behavior on new installs with
that on upgrades, avoiding the non-standard cn=localroot,cn=config.
* debian/slapd.scripts-common: don't run the migration code if slapd.d
already exists. Closes: #593965.
.
[ Matthijs Mohlmann ]
* Remove upgrade_supported_from_backend, implemented patch from
Peter Marschall <peter at adpm.de> to automatically detect if an upgrade is
supported. (Closes: #594712)
.
[ Peter Marschall ]
* debian/slapd.init: correctly set the slapd.conf argument even when
SLAPD_PIDFILE is non-empty in /etc/default/slapd. Closes: #593880.
* debian/slapd.scripts-common: pass -g to slapadd/slapcat, so that
subordinate databases aren't incorrectly included in the dump/restore of
the parent database. Closes: #594821.
.
openldap (2.4.23-4) unstable; urgency=low
.
[ Steve Langasek ]
* Bump the database upgrade version check to 2.4.23-4; should have been
set to 2.4.23-1 when we switched to db4.8, but was missed so we need to
clean up. Closes: #593550.
.
[ Matthijs Mohlmann ]
* Fix root access to cn=config on upgrades from configuration style slapd.conf
Thanks to Mathias Gug (Closes: #593566, #593878)
.
openldap (2.4.23-3) unstable; urgency=low
.
* Configure the newly installed openldap package using slapd.d instead of
slapd.conf, merged from ubuntu. (Closes: #562723, #494155, #333428)
* Update the debconf templates by running debconf-updatepo.
* We do not support upgrades from older releases then lenny, so removed some
upgrade functions from slapd.scripts-common.
* Updated japanese translation, thanks Kenshi Muto (Closes: #589508)
* Updated czech translation, thanks Miroslav Kure (Closes: #589569)
* Update slapd.README.Debian and slapd.NEWS and note the new configuration
style.
* Fixes CVE-2010-0211 and CVE-2010-0212 (Closes: #589852)
* Update italian translation, thanks Luca Monducci (Closes: #590154)
* Update spanish translation, thanks Francisco Javier Cuadrado
(Closes: #590829)
* Update basque translation, thanks Iñaki Larrañaga Murgoitio
* Bump Standards-Version to 3.9.1
* Added debian specific patch to wait until slapd is operational before
detaching to the terminal (Closes: #589915)
* Add a lintian overrides for libldap.
* Empty dependency_libs line in .la files. (Closes: #591550)
* Update galician translation, thanks Jorge Barreiro (Closes: #592815)
.
openldap (2.4.23-2) unstable; urgency=medium
.
* Depend on libdb4.8 >= 4.8.30 (Closes: #588969)
* Urgency previous as previous version fixes a RC bug.
.
openldap (2.4.23-1) unstable; urgency=low
.
* New upstream version
* Change to build dependency libdb4.8-dev instead of libdb4.7-dev
* Updated french translation thanks Christian Perrier (Closes: #579192)
* Updated swedish translation thanks Martin Bagge (Closes: #580145)
* Updated german translation thanks Helge Kreutzmann (Closes: #579582)
* Updated russian translation thanks Yuri Kozlov (Closes: #585688)
* Fix bashisms in debian/rules (Closes: #581454)
* Add documentation patch (Closes: #513270)
* Refreshed all quilt patches.
* Bump Standards-Version to 3.9.0
Checksums-Sha1:
b6af01af289c33ea8dfc1e61c72fdcac36cb3a2e 1980 openldap_2.4.23-6ubuntu1.dsc
525a16d31810c8f7dc651cf07952ad0c84ce28f3 166390 openldap_2.4.23-6ubuntu1.diff.gz
Checksums-Sha256:
80b916c314f8eaeafc04ceaec09df162cf52fa5c51a571ce28d1ec6bb3a1552c 1980 openldap_2.4.23-6ubuntu1.dsc
b0c4744ccd68131fa80e5b54e8272f962ea77a5905a15c0016fcd51aaac8d799 166390 openldap_2.4.23-6ubuntu1.diff.gz
Files:
2078fa8e8396499bde367502235d7ccc 1980 net optional openldap_2.4.23-6ubuntu1.dsc
10cca29e82e8c210de431210bd20046f 166390 net optional openldap_2.4.23-6ubuntu1.diff.gz
Original-Maintainer: Debian OpenLDAP Maintainers <pkg-openldap-devel at lists.alioth.debian.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkzdoVkACgkQM0thG+z3pVj0nQCfQ5Jd8CoS9sPDksT3P9mmrfip
/OUAoMTX+Hrlwh0a6W2qWXDkbMg7itAH
=Buc+
-----END PGP SIGNATURE-----
More information about the Natty-changes
mailing list