[ubuntu/precise] openldap 2.4.25-4ubuntu1 (Accepted)
Chuck Short
zulcss at ubuntu.com
Mon Nov 28 15:05:20 UTC 2011
openldap (2.4.25-4ubuntu1) precise; urgency=low
* Merge from Debian testing. Remaining changes:
- Install a default DIT (LP: #442498).
- Document cn=config in README file (LP: #370784).
- remaining changes:
+ AppArmor support:
- debian/apparmor-profile: add AppArmor profile
- use dh_apparmor:
- debian/rules: use dh_apparmor
- debian/control: Build-Depends on debhelper 7.4.20ubuntu5
- updated debian/slapd.README.Debian for note on AppArmor
- debian/slapd.dirs: add etc/apparmor.d/force-complain
+ Enable GSSAPI support (LP: #495418):
- debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
- Add --with-gssapi support
- Make guess_service_principal() more robust when determining
principal
- debian/patches/series: apply gssapi.diff patch.
- debian/configure.options: Configure with --with-gssapi
- debian/control: Added libkrb5-dev as a build depend
+ debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
in the openldap library, as required by Likewise-Open (LP: #390579)
+ Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
- debian/control:
- remove build-dependency on heimdal-dev.
- remove slapd-smbk5pwd binary package.
- debian/rules: don't build smbk5pwd slapd module.
+ debian/{control,rules}: enable PIE hardening
+ ufw support (LP: #423246):
- debian/control: suggest ufw.
- debian/rules: install ufw profile.
- debian/slapd.ufw.profile: add ufw profile.
+ Enable nssoverlay:
- debian/patches/nssov-build, debian/series, debian/rules:
Apply, build and package the nss overlay.
- debian/schema/extra/misc.ldif: add ldif file for the misc schema
which defines rfc822MailMember (required by the nss overlay).
+ debian/rules, debian/schema/extra/:
Fix configure rule to supports extra schemas shipped as part
of the debian/schema/ directory.
+ debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
+ debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
neither the default DIT nor via an Authn mapping.
+ debian/slapd.scripts-common: adjust minimum version that triggers a
database upgrade. Upgrade from maverick shouldn't trigger database
upgrade (which would happen with the version used in Debian).
+ debian/slapd.scripts-common: add slapcat_opts to local variables.
Remove unused variable new_conf.
+ debian/slapd.script-common: Fix package reconfiguration.
- Fix backup directory naming for multiple reconfiguration.
+ debian/slapd.default, debian/slapd.README.Debian:
use the new configuration style.
+ Install nss overlay (LP: #675391):
- debian/rules: run install target for nssov module.
- debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema
+ debian/patches/gssapi.diff:
- Update patch so that likewise-open is usuable again. (LP: #661547)
+ debian/patches/service-operational-before-detach: New patch replacing old one
of the same name as previous could cause database corruption based on upstream commits.
(LP: #727973)
+ debian/patches/CVE-2011-4079: fix off by one error in postalAddressNormalize()
(CVE-2011-4079)
openldap (2.4.25-4) unstable; urgency=low
* Drop explicit depends on libdb4.8, since we're now linking against
libdb5.1. Thanks to Peter Marschall for catching. Closes: #621403
again.
* Rebuild against cyrus-sasl2 2.1.25. Closes: #628237.
* Use dh_autoreconf instead of a locally-patched autogen.sh.
* debian/patches/no-AM_INIT_AUTOMAKE: don't use AM_INIT_AUTOMAKE macro
when we aren't using automake.
* Convert debian/rules to dh(1).
* use DEB_CFLAGS_MAINT_APPEND with appropriate versioned dependency on
debhelper and dpkg-dev, so we can pick up dpkg-buildflags for our
policy-mandated flags - as well as our security-enhancing ones!
Closes: #644427.
* Also set hardening=+pie,+bindnow buildflags options for maximum
security, since this is a security-sensitive daemon dealing with
untrusted input. Ubuntu has been building with these flags for a
while via hardening-wrappers, so the change is presumed safe.
* Drop debian/check_config. The upstream configure script now enforces
--with-cyrus-sasl, so there's no need for a second check.
* debian/po/es.po: tweak an ambiguous string in the Spanish debconf
translation, noticed in response to a submitted Catalan translation
* debian/patches/switch-to-lt_dlopenadvise-to-get-RTLD_GLOBAL-set.diff:
Switch to lt_dlopenadvise() so back_perl can be opened with RTLD_GLOBAL.
Thanks to Jan-Marek Glogowski <jan-marek.glogowski at muenchen.de> for the
patch. Closes: #327585.
[ Updated debconf translations ]
* Catalan, thanks to Innocent De Marchi <tangram.peces at gmail.com>.
Closes: #644274.
Date: Tue, 22 Nov 2011 06:17:49 +0000
Changed-By: Chuck Short <zulcss at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/precise/+source/openldap/2.4.25-4ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Tue, 22 Nov 2011 06:17:49 +0000
Source: openldap
Binary: slapd ldap-utils libldap-2.4-2 libldap-2.4-2-dbg libldap2-dev slapd-dbg
Architecture: source
Version: 2.4.25-4ubuntu1
Distribution: precise
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Chuck Short <zulcss at ubuntu.com>
Description:
ldap-utils - OpenLDAP utilities
libldap-2.4-2 - OpenLDAP libraries
libldap-2.4-2-dbg - Debugging information for OpenLDAP libraries
libldap2-dev - OpenLDAP development libraries
slapd - OpenLDAP server (slapd)
slapd-dbg - Debugging information for the OpenLDAP server (slapd)
Closes: 327585 621403 628237 644274 644427
Launchpad-Bugs-Fixed: 370784 390579 423246 442498 495418 610544 661547 675391 727973
Changes:
openldap (2.4.25-4ubuntu1) precise; urgency=low
.
* Merge from Debian testing. Remaining changes:
- Install a default DIT (LP: #442498).
- Document cn=config in README file (LP: #370784).
- remaining changes:
+ AppArmor support:
- debian/apparmor-profile: add AppArmor profile
- use dh_apparmor:
- debian/rules: use dh_apparmor
- debian/control: Build-Depends on debhelper 7.4.20ubuntu5
- updated debian/slapd.README.Debian for note on AppArmor
- debian/slapd.dirs: add etc/apparmor.d/force-complain
+ Enable GSSAPI support (LP: #495418):
- debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
- Add --with-gssapi support
- Make guess_service_principal() more robust when determining
principal
- debian/patches/series: apply gssapi.diff patch.
- debian/configure.options: Configure with --with-gssapi
- debian/control: Added libkrb5-dev as a build depend
+ debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
in the openldap library, as required by Likewise-Open (LP: #390579)
+ Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
- debian/control:
- remove build-dependency on heimdal-dev.
- remove slapd-smbk5pwd binary package.
- debian/rules: don't build smbk5pwd slapd module.
+ debian/{control,rules}: enable PIE hardening
+ ufw support (LP: #423246):
- debian/control: suggest ufw.
- debian/rules: install ufw profile.
- debian/slapd.ufw.profile: add ufw profile.
+ Enable nssoverlay:
- debian/patches/nssov-build, debian/series, debian/rules:
Apply, build and package the nss overlay.
- debian/schema/extra/misc.ldif: add ldif file for the misc schema
which defines rfc822MailMember (required by the nss overlay).
+ debian/rules, debian/schema/extra/:
Fix configure rule to supports extra schemas shipped as part
of the debian/schema/ directory.
+ debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
+ debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
neither the default DIT nor via an Authn mapping.
+ debian/slapd.scripts-common: adjust minimum version that triggers a
database upgrade. Upgrade from maverick shouldn't trigger database
upgrade (which would happen with the version used in Debian).
+ debian/slapd.scripts-common: add slapcat_opts to local variables.
Remove unused variable new_conf.
+ debian/slapd.script-common: Fix package reconfiguration.
- Fix backup directory naming for multiple reconfiguration.
+ debian/slapd.default, debian/slapd.README.Debian:
use the new configuration style.
+ Install nss overlay (LP: #675391):
- debian/rules: run install target for nssov module.
- debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema
+ debian/patches/gssapi.diff:
- Update patch so that likewise-open is usuable again. (LP: #661547)
+ debian/patches/service-operational-before-detach: New patch replacing old one
of the same name as previous could cause database corruption based on upstream commits.
(LP: #727973)
+ debian/patches/CVE-2011-4079: fix off by one error in postalAddressNormalize()
(CVE-2011-4079)
.
openldap (2.4.25-4) unstable; urgency=low
.
* Drop explicit depends on libdb4.8, since we're now linking against
libdb5.1. Thanks to Peter Marschall for catching. Closes: #621403
again.
* Rebuild against cyrus-sasl2 2.1.25. Closes: #628237.
* Use dh_autoreconf instead of a locally-patched autogen.sh.
* debian/patches/no-AM_INIT_AUTOMAKE: don't use AM_INIT_AUTOMAKE macro
when we aren't using automake.
* Convert debian/rules to dh(1).
* use DEB_CFLAGS_MAINT_APPEND with appropriate versioned dependency on
debhelper and dpkg-dev, so we can pick up dpkg-buildflags for our
policy-mandated flags - as well as our security-enhancing ones!
Closes: #644427.
* Also set hardening=+pie,+bindnow buildflags options for maximum
security, since this is a security-sensitive daemon dealing with
untrusted input. Ubuntu has been building with these flags for a
while via hardening-wrappers, so the change is presumed safe.
* Drop debian/check_config. The upstream configure script now enforces
--with-cyrus-sasl, so there's no need for a second check.
* debian/po/es.po: tweak an ambiguous string in the Spanish debconf
translation, noticed in response to a submitted Catalan translation
* debian/patches/switch-to-lt_dlopenadvise-to-get-RTLD_GLOBAL-set.diff:
Switch to lt_dlopenadvise() so back_perl can be opened with RTLD_GLOBAL.
Thanks to Jan-Marek Glogowski <jan-marek.glogowski at muenchen.de> for the
patch. Closes: #327585.
.
[ Updated debconf translations ]
* Catalan, thanks to Innocent De Marchi <tangram.peces at gmail.com>.
Closes: #644274.
Checksums-Sha1:
57fbe5c393f84411931be643ded41f12d72782ec 2153 openldap_2.4.25-4ubuntu1.dsc
75cfad3845a9b69dae9a2e39e022a0241e6fc6ba 174004 openldap_2.4.25-4ubuntu1.diff.gz
Checksums-Sha256:
5ff3de4f18b59d412cc99f4f00a73e55d5f2c20519a422e9c0c7b86f5c36388a 2153 openldap_2.4.25-4ubuntu1.dsc
af765fd2fa496a99d44e6d10687f626a952f73ab02fa3f43f83fb9a99749a1a8 174004 openldap_2.4.25-4ubuntu1.diff.gz
Files:
0bc4ccae26bccaa897970d010da79578 2153 net optional openldap_2.4.25-4ubuntu1.dsc
5ded4fed098d7fffbe4fa7d2328e4609 174004 net optional openldap_2.4.25-4ubuntu1.diff.gz
Original-Maintainer: Debian OpenLDAP Maintainers <pkg-openldap-devel at lists.alioth.debian.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk7SzAEACgkQIHZ33voUATutKQCfR9+aKqhfb1GZI36JMoIiLC+n
khYAn00XozrhhViQVjQHoISTROhKHogF
=srB/
-----END PGP SIGNATURE-----
More information about the Precise-changes
mailing list