openldap (2.4.42+dfsg-2ubuntu1) xenial; urgency=medium * Merge from Debian testing (LP: #1532648). Remaining changes: - Enable AppArmor support: - d/apparmor-profile: add AppArmor profile - d/rules: use dh_apparmor - d/control: Build-Depends on dh-apparmor - d/slapd.README.Debian: add note about AppArmor - Enable GSSAPI support: - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): - Add --with-gssapi support - Make guess_service_principal() more robust when determining principal - d/configure.options: Configure with --with-gssapi - d/control: Added heimdal-dev as a build depend - Enable ufw support: - d/control: suggest ufw. - d/rules: install ufw profile. - d/slapd.ufw.profile: add ufw profile. - Enable nss overlay: - d/{patches/nssov-build,rules}: Apply, build and package the nss overlay. - d/{rules,slapd.py}: Add apport hook. - d/slapd.init.ldif: don't set olcRootDN since it's not defined in either the default DIT nor via an Authn mapping. - d/slapd.scripts-common: - add slapcat_opts to local variables. - Remove unused variable new_conf. - Fix backup directory naming for multiple reconfiguration. - d/{slapd.default,slapd.README.Debian}: use the new configuration style. - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support in the openldap library, as required by Likewise-Open - Show distribution in version: - d/control: added lsb-release - d/patches/fix-ldap-distribution.patch: show distribution in version * Drop CVE-2015-6908.patch, included in Debian. * Remove DEB_HOST_ARCH from debian/rules: left over from when mdb was disabled on ppc64el, no longer used, and missed in the previous merge.
openldap (2.4.42+dfsg-2) unstable; urgency=medium [ Ryan Tandy ] * Change explicit Pre-Depends: multiarch-support to ${misc:Pre-Depends}, as recommended by lintian. * Omit slapd, slapd-dbg, and slapd-smbk5pwd from the stage1 build profile. This allows the dependency loop with heimdal to be broken for bootstrapping, and the dependency on libperl-dev to be avoided for cross-building. Thanks Daniel Schepler and Helmut Grohne. (Closes: #724518) * Apply wrap-and-sort to the Build-Depends field. * Drop libncurses5-dev from Build-Depends, no longer needed since the ud tool was removed in OpenLDAP 2.1.4. * Drop libltdl3-dev as an alternate Build-Depends, since that package was removed after lenny. * Annotate Build-Depends on perl with :any to allow running the system perl interpreter during cross builds. * Ensure CC is set correctly for cross builds. Thanks Helmut Grohne. * Build-Depend on dpkg-dev (>= 1.17.14) and debhelper (>= 9.20141010) for restriction formula support. * Override the 'dev-pkg-without-shlib-symlink' lintian tag. The symlink is actually in the form libldap_r.so -> libldap_r-2.4.so.xyz and the tag is a false positive; see #687022. * Include the smbk5pwd man page in the slapd-smbk5pwd package. * Allow anonymous read access to the shadowLastChange attribute by default, allowing nss-ldap/nss-ldapd to handle password expiry correctly even when bound anonymously. This was the only restricted shadow attribute, the others were already world-readable. (Closes: #669235) * Drop the redundant default ACL for dn.base="" from the database entry. It's already covered by the fallback case below. * Copy more comments from the slapd.conf template to slapd.init.ldif. Also comment the shadowLastChange access rule. * Import upstream patch to remove an unnecessary assert(0) that could be triggered remotely by an unauthenticated user by sending a malformed BER element. (ITS#8240) [ Peter Marschall ] * Add a manual page slapo-smbk5pwd.5 and update smbk5pwd's Makefile to install the new manual page. (Closes: #794998) openldap (2.4.42+dfsg-1) unstable; urgency=medium [ Peter Marschall ] * slapd.scripts-common: - Use update_permissions instead of direct calls to chown and chgrp. - Make variables only used within a function local to that function. - Restore databases ordered by increasing suffix path length. This should help configurations with databases glued together using the 'subordinate' keyword / 'olcSubordinate' attribute in slapd's configuration. (Closes: #794996) * Install slapo-lastbind.5 man page. (Closes: #794997) [ Ryan Tandy ] * slapd.scripts-common: Delete an outdated comment. * New upstream release. * Enable the MDB backend again on GNU/kFreeBSD. The new pthread library provides all the required interfaces, and the test suite now passes. Leave it disabled on the Hurd. LMDB requires POSIX semaphores, which have not yet been implemented. * Disable the BDB/HDB backends on the Hurd. BDB requires record locks (F_SETLK), which have not yet been implemented; see #693971. Date: Sun, 10 Jan 2016 15:50:53 -0800 Changed-By: Ryan Tandy <r...@nardis.ca> Maintainer: Ubuntu Developers <ubuntu-devel-disc...@lists.ubuntu.com> Signed-By: Marc Deslauriers <marc.deslauri...@canonical.com> https://launchpad.net/ubuntu/+source/openldap/2.4.42+dfsg-2ubuntu1
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 10 Jan 2016 15:50:53 -0800 Source: openldap Binary: slapd slapd-smbk5pwd ldap-utils libldap-2.4-2 libldap-2.4-2-dbg libldap2-dev slapd-dbg Architecture: source Version: 2.4.42+dfsg-2ubuntu1 Distribution: xenial Urgency: medium Maintainer: Ubuntu Developers <ubuntu-devel-disc...@lists.ubuntu.com> Changed-By: Ryan Tandy <r...@nardis.ca> Description: ldap-utils - OpenLDAP utilities libldap-2.4-2 - OpenLDAP libraries libldap-2.4-2-dbg - Debugging information for OpenLDAP libraries libldap2-dev - OpenLDAP development libraries slapd - OpenLDAP server (slapd) slapd-dbg - Debugging information for the OpenLDAP server (slapd) slapd-smbk5pwd - Keeps Samba and Kerberos passwords in sync within slapd. Closes: 669235 724518 794996 794997 794998 Launchpad-Bugs-Fixed: 1532648 Changes: openldap (2.4.42+dfsg-2ubuntu1) xenial; urgency=medium . * Merge from Debian testing (LP: #1532648). Remaining changes: - Enable AppArmor support: - d/apparmor-profile: add AppArmor profile - d/rules: use dh_apparmor - d/control: Build-Depends on dh-apparmor - d/slapd.README.Debian: add note about AppArmor - Enable GSSAPI support: - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): - Add --with-gssapi support - Make guess_service_principal() more robust when determining principal - d/configure.options: Configure with --with-gssapi - d/control: Added heimdal-dev as a build depend - Enable ufw support: - d/control: suggest ufw. - d/rules: install ufw profile. - d/slapd.ufw.profile: add ufw profile. - Enable nss overlay: - d/{patches/nssov-build,rules}: Apply, build and package the nss overlay. - d/{rules,slapd.py}: Add apport hook. - d/slapd.init.ldif: don't set olcRootDN since it's not defined in either the default DIT nor via an Authn mapping. - d/slapd.scripts-common: - add slapcat_opts to local variables. - Remove unused variable new_conf. - Fix backup directory naming for multiple reconfiguration. - d/{slapd.default,slapd.README.Debian}: use the new configuration style. - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support in the openldap library, as required by Likewise-Open - Show distribution in version: - d/control: added lsb-release - d/patches/fix-ldap-distribution.patch: show distribution in version * Drop CVE-2015-6908.patch, included in Debian. * Remove DEB_HOST_ARCH from debian/rules: left over from when mdb was disabled on ppc64el, no longer used, and missed in the previous merge. . openldap (2.4.42+dfsg-2) unstable; urgency=medium . [ Ryan Tandy ] * Change explicit Pre-Depends: multiarch-support to ${misc:Pre-Depends}, as recommended by lintian. * Omit slapd, slapd-dbg, and slapd-smbk5pwd from the stage1 build profile. This allows the dependency loop with heimdal to be broken for bootstrapping, and the dependency on libperl-dev to be avoided for cross-building. Thanks Daniel Schepler and Helmut Grohne. (Closes: #724518) * Apply wrap-and-sort to the Build-Depends field. * Drop libncurses5-dev from Build-Depends, no longer needed since the ud tool was removed in OpenLDAP 2.1.4. * Drop libltdl3-dev as an alternate Build-Depends, since that package was removed after lenny. * Annotate Build-Depends on perl with :any to allow running the system perl interpreter during cross builds. * Ensure CC is set correctly for cross builds. Thanks Helmut Grohne. * Build-Depend on dpkg-dev (>= 1.17.14) and debhelper (>= 9.20141010) for restriction formula support. * Override the 'dev-pkg-without-shlib-symlink' lintian tag. The symlink is actually in the form libldap_r.so -> libldap_r-2.4.so.xyz and the tag is a false positive; see #687022. * Include the smbk5pwd man page in the slapd-smbk5pwd package. * Allow anonymous read access to the shadowLastChange attribute by default, allowing nss-ldap/nss-ldapd to handle password expiry correctly even when bound anonymously. This was the only restricted shadow attribute, the others were already world-readable. (Closes: #669235) * Drop the redundant default ACL for dn.base="" from the database entry. It's already covered by the fallback case below. * Copy more comments from the slapd.conf template to slapd.init.ldif. Also comment the shadowLastChange access rule. * Import upstream patch to remove an unnecessary assert(0) that could be triggered remotely by an unauthenticated user by sending a malformed BER element. (ITS#8240) . [ Peter Marschall ] * Add a manual page slapo-smbk5pwd.5 and update smbk5pwd's Makefile to install the new manual page. (Closes: #794998) . openldap (2.4.42+dfsg-1) unstable; urgency=medium . [ Peter Marschall ] * slapd.scripts-common: - Use update_permissions instead of direct calls to chown and chgrp. - Make variables only used within a function local to that function. - Restore databases ordered by increasing suffix path length. This should help configurations with databases glued together using the 'subordinate' keyword / 'olcSubordinate' attribute in slapd's configuration. (Closes: #794996) * Install slapo-lastbind.5 man page. (Closes: #794997) . [ Ryan Tandy ] * slapd.scripts-common: Delete an outdated comment. * New upstream release. * Enable the MDB backend again on GNU/kFreeBSD. The new pthread library provides all the required interfaces, and the test suite now passes. Leave it disabled on the Hurd. LMDB requires POSIX semaphores, which have not yet been implemented. * Disable the BDB/HDB backends on the Hurd. BDB requires record locks (F_SETLK), which have not yet been implemented; see #693971. Checksums-Sha1: 3f349da2a2c021adad777550a7d76d67e20cc0c5 3032 openldap_2.4.42+dfsg-2ubuntu1.dsc 56c6132344ecdf83ae38a917087424697f59e587 4813173 openldap_2.4.42+dfsg.orig.tar.gz 9e2ea7df4d98058d7afae1a4f862a712062daf68 164136 openldap_2.4.42+dfsg-2ubuntu1.debian.tar.xz Checksums-Sha256: ad89be5e1ddceec709dd115b6f29a75ec4799fca5646b4965eda020d1e9ba837 3032 openldap_2.4.42+dfsg-2ubuntu1.dsc 5f56e4e3584f7a4b4c8437a2c985b2f519836946be77ef1aa43a5d20c02ea97b 4813173 openldap_2.4.42+dfsg.orig.tar.gz 0da852b4c6173f8467a7301e6c2b101505ffe71636c9c1678525438b3c030a12 164136 openldap_2.4.42+dfsg-2ubuntu1.debian.tar.xz Files: 6a280a1a6b0ce8e0fe9ce5817262d218 3032 net optional openldap_2.4.42+dfsg-2ubuntu1.dsc e1e8907dcd6e33dc3250773432b142fc 4813173 net optional openldap_2.4.42+dfsg.orig.tar.gz 0801d27faae46a99eee94f1b89e0d9ca 164136 net optional openldap_2.4.42+dfsg-2ubuntu1.debian.tar.xz Original-Maintainer: Debian OpenLDAP Maintainers <pkg-openldap-de...@lists.alioth.debian.org> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJWnkt4AAoJEGVp2FWnRL6TBn0P/1zZhStDCLycq5XnDiInE355 haLtEFfImocymEuP3pEvZc+SRTiPIt4spBq9BH/GKDxIHfJbbK/MQAKCNa1iEdd/ asoiYsk3MhtqUAW4McakGArWx8/lwS2i9AKV7g0rQT7wfMITl5TCnD2RhXpoEghN znoSKNsC7AF2eEQqNXpyXHkT0YlURgK7B0C6Bh7dA7zkKBl31QqkAONLcSODVnjb 17+F3VRWcnChxGGokAAV5t81CDqa1KvqLeDTLcDFvv58vlduX7Jgg0OSBt7aOUw4 /HAKgAbmir8LASo8t6HFb+kLhkS+DDT8o6Ixm72sk9T5XhqD30CFxYP348B8Sg8e SOn08ArptytTPttm4W2ux/zpfT3WCsTIs7zIu3vaPLlarDGv5NKp27zpZJ78DJZW JF0fPFB8m2hwwXLhFPmQ88dOGE3194HHFfBb8glfBSBuPYE5gFUSer4B9SRW0nBe ehPNXfJsLq6BQxMjvEU3nRljl5sBwAbXrG01fyhsLLNrHWZzSgT3lhXKPNvKIDNw lMm7cO+H46JztNmRASoEgvpeJAbEydhdaw2dIQPvFyp6qu6zJT4thQ7AeXqwr5eK 1ifBdhh+rkhmGJVbYv7QZwztBCx8qULYbl3Gitk7W8uxV6cTMAaNlVvPodhHr2PC Ycja4lql7KOPlOOu2kDX =LFHL -----END PGP SIGNATURE-----
-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes