[Bug 229252] Re: slapd gssapi failure - apparmor profile doesn't support kerberos gssapi
Launchpad Bug Tracker
229252 at bugs.launchpad.net
Thu Jul 31 03:30:08 BST 2008
This bug was fixed in the package openldap - 2.4.10-3ubuntu1
---------------
openldap (2.4.10-3ubuntu1) intrepid; urgency=low
[ Mathias Gug ]
* Merge from debian unstable, remaining changes:
- debian/apparmor-profile: add AppArmor profile
- debian/slapd.postinst: Reload AA profile on configuration
- updated debian/slapd.README.Debian for note on AppArmor
- debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
- debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
to make sure that if earlier version of apparmour-profiles gets
installed it won't overwrite our profile.
- Modify Maintainer value to match the DebianMaintainerField
speficication.
- follow ApparmorProfileMigration and force apparmor compalin mode on
some upgrades (LP: #203529)
- debian/slapd.dirs: add etc/apparmor.d/force-complain
- debian/slapd.preinst: create symlink for force-complain on pre-feisty
upgrades, upgrades where apparmor-profiles profile is unchanged (ie
non-enforcing) and upgrades where apparmor profile does not exist.
- debian/slapd.postrm: remove symlink in force-complain/ on purge
- debian/patches/fix-ucred-libc due to changes how newer glibc handle
the ucred struct now.
- debian/patches/fix-unique-overlay-assertion.patch:
Fix another assertion error in unique overlay (LP: #243337).
Backport from head.
* Dropped - implemented in Debian:
- debian/patches/fix-gnutls-key-strength.patch:
Fix slapd handling of ssf using gnutls. (LP: #244925).
- debian/control:
Add time as build dependency: needed by make test.
* debian/control:
- Build-depend on libltdl7-dev rather then libltdl3-dev.
* debian/patches/autogen.sh:
- Call libtoolize with the --install option to install config.{guess,sub}
files.
[ Jamie Strandboge ]
* adjust apparmor profile to allow gssapi (LP: #229252)
* adjust apparmor profile to allow cnconfig (LP: #243525)
openldap (2.4.10-3) unstable; urgency=low
[ Steve Langasek ]
* New patch, CVE-2008-2952_BER-decoding-assertion, to fix a remote DoS
vulnerability in the BER decoder. Addresses CVE-2008-2952,
closes: #488710.
* debian/slapd.scripts-common, debian/slapd.postinst: drop
update_path_argsfile_pidfile function, not needed for updates from etch
or newer.
* Drop the code to check for and upgrade ldbm databases. The etch
release of slapd had already dropped support for them and direct
upgrades from sarge are not supported.
[ Russ Allbery ]
* Apply upstream patch to convert GnuTLS cipher strength from bytes to
bits, as expected by OpenLDAP. (Closes: #473796)
* Add Build-Depends on time, used by the test suite and only a shell
built-in with bash. Thanks, Daniel Schepler. (Closes: #490754)
* Refresh all patches, convert all patches to -p1, and remove extraneous
Index: lines. (Closes: #485263)
* Unless DFSG_NONFREE is set, also check whether the upstream schemas
with RFC comments are included.
* Update standards version to 3.8.0.
- Include debian/README.source pointing to the quilt README.source.
- Wrap Uploaders for readability.
* Wrap slapd's Depends for readability.
[ Updated debconf translations ]
* Swedish, thanks to Martin Ågren <martin.agren at gmail.com>.
Closes: #492748.
-- Mathias Gug <mathiaz at ubuntu.com> Wed, 30 Jul 2008 19:46:02 -0400
** Changed in: openldap (Ubuntu)
Status: In Progress => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-2952
--
slapd gssapi failure - apparmor profile doesn't support kerberos gssapi
https://bugs.launchpad.net/bugs/229252
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openldap in ubuntu.
More information about the Ubuntu-server-bugs
mailing list