openldap (2.4.42+dfsg-2ubuntu3) xenial; urgency=medium * Fix building with gssapi suppport: - Explicitly add -I/usr/include/heimdal to CFLAGS. - Explicitly add -I/usr/lib//heimdal to LDFLAGS. -- Matthias Klose Thu, 18 Feb 2016 09:17:27 +0100 openldap (2.4.42+dfsg-2ubuntu2) xenial; urgency=medium * No-change rebuild for gnutls transition. -- Matthias Klose Wed, 17 Feb 2016 22:27:04 +0000 openldap (2.4.42+dfsg-2ubuntu1) xenial; urgency=medium * Merge from Debian testing (LP: #1532648). Remaining changes: - Enable AppArmor support: - d/apparmor-profile: add AppArmor profile - d/rules: use dh_apparmor - d/control: Build-Depends on dh-apparmor - d/slapd.README.Debian: add note about AppArmor - Enable GSSAPI support: - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): - Add --with-gssapi support - Make guess_service_principal() more robust when determining principal - d/configure.options: Configure with --with-gssapi - d/control: Added heimdal-dev as a build depend - Enable ufw support: - d/control: suggest ufw. - d/rules: install ufw profile. - d/slapd.ufw.profile: add ufw profile. - Enable nss overlay: - d/{patches/nssov-build,rules}: Apply, build and package the nss overlay. - d/{rules,slapd.py}: Add apport hook. - d/slapd.init.ldif: don't set olcRootDN since it's not defined in either the default DIT nor via an Authn mapping. - d/slapd.scripts-common: - add slapcat_opts to local variables. - Remove unused variable new_conf. - Fix backup directory naming for multiple reconfiguration. - d/{slapd.default,slapd.README.Debian}: use the new configuration style. - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support in the openldap library, as required by Likewise-Open - Show distribution in version: - d/control: added lsb-release - d/patches/fix-ldap-distribution.patch: show distribution in version * Drop CVE-2015-6908.patch, included in Debian. * Remove DEB_HOST_ARCH from debian/rules: left over from when mdb was disabled on ppc64el, no longer used, and missed in the previous merge. -- Ryan Tandy Sun, 10 Jan 2016 15:50:53 -0800 openldap (2.4.42+dfsg-2) unstable; urgency=medium [ Ryan Tandy ] * Change explicit Pre-Depends: multiarch-support to ${misc:Pre-Depends}, as recommended by lintian. * Omit slapd, slapd-dbg, and slapd-smbk5pwd from the stage1 build profile. This allows the dependency loop with heimdal to be broken for bootstrapping, and the dependency on libperl-dev to be avoided for cross-building. Thanks Daniel Schepler and Helmut Grohne. (Closes: #724518) * Apply wrap-and-sort to the Build-Depends field. * Drop libncurses5-dev from Build-Depends, no longer needed since the ud tool was removed in OpenLDAP 2.1.4. * Drop libltdl3-dev as an alternate Build-Depends, since that package was removed after lenny. * Annotate Build-Depends on perl with :any to allow running the system perl interpreter during cross builds. * Ensure CC is set correctly for cross builds. Thanks Helmut Grohne. * Build-Depend on dpkg-dev (>= 1.17.14) and debhelper (>= 9.20141010) for restriction formula support. * Override the 'dev-pkg-without-shlib-symlink' lintian tag. The symlink is actually in the form libldap_r.so -> libldap_r-2.4.so.xyz and the tag is a false positive; see #687022. * Include the smbk5pwd man page in the slapd-smbk5pwd package. * Allow anonymous read access to the shadowLastChange attribute by default, allowing nss-ldap/nss-ldapd to handle password expiry correctly even when bound anonymously. This was the only restricted shadow attribute, the others were already world-readable. (Closes: #669235) * Drop the redundant default ACL for dn.base="" from the database entry. It's already covered by the fallback case below. * Copy more comments from the slapd.conf template to slapd.init.ldif. Also comment the shadowLastChange access rule. * Import upstream patch to remove an unnecessary assert(0) that could be triggered remotely by an unauthenticated user by sending a malformed BER element. (ITS#8240) [ Peter Marschall ] * Add a manual page slapo-smbk5pwd.5 and update smbk5pwd's Makefile to install the new manual page. (Closes: #794998) -- Ryan Tandy Thu, 10 Sep 2015 20:13:17 -0700 openldap (2.4.42+dfsg-1) unstable; urgency=medium [ Peter Marschall ] * slapd.scripts-common: - Use update_permissions instead of direct calls to chown and chgrp. - Make variables only used within a function local to that function. - Restore databases ordered by increasing suffix path length. This should help configurations with databases glued together using the 'subordinate' keyword / 'olcSubordinate' attribute in slapd's configuration. (Closes: #794996) * Install slapo-lastbind.5 man page. (Closes: #794997) [ Ryan Tandy ] * slapd.scripts-common: Delete an outdated comment. * New upstream release. * Enable the MDB backend again on GNU/kFreeBSD. The new pthread library provides all the required interfaces, and the test suite now passes. Leave it disabled on the Hurd. LMDB requires POSIX semaphores, which have not yet been implemented. * Disable the BDB/HDB backends on the Hurd. BDB requires record locks (F_SETLK), which have not yet been implemented; see #693971. -- Ryan Tandy Fri, 21 Aug 2015 13:07:51 -0700 openldap (2.4.41+dfsg-1ubuntu3) xenial; urgency=medium * Rebuild for Perl 5.22.1. -- Colin Watson Fri, 18 Dec 2015 15:10:17 +0000 openldap (2.4.41+dfsg-1ubuntu2) wily; urgency=medium * SECURITY UPDATE: denial of service via crafted BER data - debian/patches/CVE-2015-6908.patch: remove obsolete assert in libraries/liblber/io.c. - CVE-2015-6908 -- Marc Deslauriers Mon, 14 Sep 2015 10:25:04 -0400 openldap (2.4.41+dfsg-1ubuntu1) wily; urgency=medium * Merge from Debian testing (LP: #1471831). Remaining changes: - Enable AppArmor support: - d/apparmor-profile: add AppArmor profile - d/rules: use dh_apparmor - d/control: Build-Depends on dh-apparmor - d/slapd.README.Debian: add note about AppArmor - Enable GSSAPI support: - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): - Add --with-gssapi support - Make guess_service_principal() more robust when determining principal - d/configure.options: Configure with --with-gssapi - d/control: Added heimdal-dev as a build depend - Enable ufw support: - d/control: suggest ufw. - d/rules: install ufw profile. - d/slapd.ufw.profile: add ufw profile. - Enable nss overlay: - d/{patches/nssov-build,rules}: Apply, build and package the nss overlay. - d/{rules,slapd.py}: Add apport hook. - d/slapd.init.ldif: don't set olcRootDN since it's not defined in either the default DIT nor via an Authn mapping. - d/slapd.scripts-common: - add slapcat_opts to local variables. - Remove unused variable new_conf. - Fix backup directory naming for multiple reconfiguration. - d/{slapd.default,slapd.README.Debian}: use the new configuration style. - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support in the openldap library, as required by Likewise-Open - Show distribution in version: - d/control: added lsb-release - d/patches/fix-ldap-distribution.patch: show distribution in version * Dropped changes: - Fix cpp calls for GCC 5: fixed upstream (ITS#8056) * Upstream fixes: - slapd crash with auditlog overlay and large (~27KB) attribute values (ITS#8003) (LP: #1461276) - nssov updated to support recent nss-pam-ldapd client libraries (ITS#8097) (LP: #1393306) * Update d/patches/nssov-build for upstream changes. * Tweak d/patches/gssapi.diff to apply without fuzz. * d/libldap-2.4-2.symbols: Add symbols not present in Debian. - CLDAP (UDP) was added in 2.4.17-1ubuntu2 - GSSAPI support was enabled in 2.4.18-0ubuntu2 -- Ryan Tandy Fri, 24 Jul 2015 14:12:06 -0700 openldap (2.4.41+dfsg-1) unstable; urgency=medium * New upstream release. * Update patches for upstream changes, drop patches included upstream. * debian/rules: Adjust get-orig-source target to add +dfsg to version. * Convert to source format 3.0 (quilt). * debian/slapd.scripts-common: Fix nesting of fold markers. -- Ryan Tandy Wed, 08 Jul 2015 21:07:24 -0700 openldap (2.4.40+dfsg-2) unstable; urgency=medium * Actually install libldap-2.4-2.symbols. * Update Standards-Version to 3.9.6. * Build-Depend on debhelper (>= 9) to fix a Lintian warning. * Import upstream patch to fix FTBFS with gcc-5. (Addresses #778045) -- Ryan Tandy Sun, 28 Jun 2015 20:40:37 -0700 # For older changelog entries, run 'apt-get changelog libldap-2.4-2'