[Pkg-openldap-devel] [openldap] 01/01: Merge tag '2.4.42+dfsg-2' into ubuntu/master
Ryan Tandy
rtandy-guest at moszumanska.debian.org
Mon Jan 11 07:20:46 UTC 2016
This is an automated email from the git hooks/post-receive script.
rtandy-guest pushed a commit to branch ubuntu/master
in repository openldap.
commit cfa51ba85a3772316ff72f17fe92ea598f7cb1d0
Merge: 138cdc8 2896bb4
Author: Ryan Tandy <ryan at nardis.ca>
Date: Sun Jan 10 18:17:42 2016 -0800
Merge tag '2.4.42+dfsg-2' into ubuntu/master
CHANGES | 11 +-
build/version.var | 8 +-
configure | 4 +-
contrib/slapd-modules/lastbind/lastbind.c | 4 +-
debian/changelog | 108 +++++++++
debian/control | 32 ++-
debian/libldap-2.4-2.lintian-overrides | 3 +
....patch => ITS8240-remove-obsolete-assert.patch} | 4 +-
debian/patches/lastbind-makefile-manpage | 46 ++++
debian/patches/series | 4 +-
debian/patches/smbk5pwd-makefile-manpage | 251 +++++++++++++++++++++
debian/rules | 38 +++-
debian/slapd-smbk5pwd.manpages | 1 +
debian/slapd.init.ldif | 25 +-
debian/slapd.scripts-common | 15 +-
doc/guide/admin/guide.html | 2 +-
libraries/liblber/debug.c | 14 +-
libraries/liblber/sockbuf.c | 10 +-
libraries/libldap/dnssrv.c | 2 +-
libraries/liblmdb/CHANGES | 5 +
libraries/liblmdb/lmdb.h | 18 +-
libraries/liblmdb/mdb.c | 33 ++-
libraries/liblmdb/midl.c | 4 +-
libraries/liblmdb/midl.h | 3 +-
servers/slapd/at.c | 4 +
servers/slapd/back-mdb/dn2id.c | 43 ++++
servers/slapd/back-mdb/proto-mdb.h | 4 +
servers/slapd/back-mdb/search.c | 34 +--
servers/slapd/overlays/ppolicy.c | 89 +++++---
servers/slapd/overlays/rwm.c | 7 +-
tests/data/slapd-proxycache.conf | 3 +
31 files changed, 716 insertions(+), 113 deletions(-)
diff --cc debian/changelog
index e8497a1,75f0350..c96af16
--- a/debian/changelog
+++ b/debian/changelog
@@@ -1,68 -1,70 +1,176 @@@
++openldap (2.4.42+dfsg-2ubuntu1) xenial; urgency=medium
++
++ * Merge from Debian testing (LP: #1532648). Remaining changes:
++ - Enable AppArmor support:
++ - d/apparmor-profile: add AppArmor profile
++ - d/rules: use dh_apparmor
++ - d/control: Build-Depends on dh-apparmor
++ - d/slapd.README.Debian: add note about AppArmor
++ - Enable GSSAPI support:
++ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
++ - Add --with-gssapi support
++ - Make guess_service_principal() more robust when determining
++ principal
++ - d/configure.options: Configure with --with-gssapi
++ - d/control: Added heimdal-dev as a build depend
++ - Enable ufw support:
++ - d/control: suggest ufw.
++ - d/rules: install ufw profile.
++ - d/slapd.ufw.profile: add ufw profile.
++ - Enable nss overlay:
++ - d/{patches/nssov-build,rules}: Apply, build and package the
++ nss overlay.
++ - d/{rules,slapd.py}: Add apport hook.
++ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
++ either the default DIT nor via an Authn mapping.
++ - d/slapd.scripts-common:
++ - add slapcat_opts to local variables.
++ - Remove unused variable new_conf.
++ - Fix backup directory naming for multiple reconfiguration.
++ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
++ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
++ in the openldap library, as required by Likewise-Open
++ - Show distribution in version:
++ - d/control: added lsb-release
++ - d/patches/fix-ldap-distribution.patch: show distribution in version
++ * Drop CVE-2015-6908.patch, included in Debian.
++ * Remove DEB_HOST_ARCH from debian/rules: left over from when mdb was
++ disabled on ppc64el, no longer used, and missed in the previous merge.
++
++ -- Ryan Tandy <ryan at nardis.ca> Sun, 10 Jan 2016 15:50:53 -0800
++
+ openldap (2.4.42+dfsg-2) unstable; urgency=medium
+
+ [ Ryan Tandy ]
+ * Change explicit Pre-Depends: multiarch-support to ${misc:Pre-Depends}, as
+ recommended by lintian.
+ * Omit slapd, slapd-dbg, and slapd-smbk5pwd from the stage1 build profile.
+ This allows the dependency loop with heimdal to be broken for
+ bootstrapping, and the dependency on libperl-dev to be avoided for
+ cross-building. Thanks Daniel Schepler and Helmut Grohne.
+ (Closes: #724518)
+ * Apply wrap-and-sort to the Build-Depends field.
+ * Drop libncurses5-dev from Build-Depends, no longer needed since the ud
+ tool was removed in OpenLDAP 2.1.4.
+ * Drop libltdl3-dev as an alternate Build-Depends, since that package was
+ removed after lenny.
+ * Annotate Build-Depends on perl with :any to allow running the system perl
+ interpreter during cross builds.
+ * Ensure CC is set correctly for cross builds. Thanks Helmut Grohne.
+ * Build-Depend on dpkg-dev (>= 1.17.14) and debhelper (>= 9.20141010) for
+ restriction formula support.
+ * Override the 'dev-pkg-without-shlib-symlink' lintian tag. The symlink is
+ actually in the form libldap_r.so -> libldap_r-2.4.so.xyz and the tag is a
+ false positive; see #687022.
+ * Include the smbk5pwd man page in the slapd-smbk5pwd package.
+ * Allow anonymous read access to the shadowLastChange attribute by default,
+ allowing nss-ldap/nss-ldapd to handle password expiry correctly even when
+ bound anonymously. This was the only restricted shadow attribute, the
+ others were already world-readable. (Closes: #669235)
+ * Drop the redundant default ACL for dn.base="" from the database entry.
+ It's already covered by the fallback case below.
+ * Copy more comments from the slapd.conf template to slapd.init.ldif. Also
+ comment the shadowLastChange access rule.
+ * Import upstream patch to remove an unnecessary assert(0) that could be
+ triggered remotely by an unauthenticated user by sending a malformed BER
+ element. (ITS#8240)
+
+ [ Peter Marschall ]
+ * Add a manual page slapo-smbk5pwd.5 and update smbk5pwd's Makefile to
+ install the new manual page. (Closes: #794998)
+
+ -- Ryan Tandy <ryan at nardis.ca> Thu, 10 Sep 2015 20:13:17 -0700
+
+ openldap (2.4.42+dfsg-1) unstable; urgency=medium
+
+ [ Peter Marschall ]
+ * slapd.scripts-common:
+ - Use update_permissions instead of direct calls to chown and chgrp.
+ - Make variables only used within a function local to that function.
+ - Restore databases ordered by increasing suffix path length.
+ This should help configurations with databases glued together using the
+ 'subordinate' keyword / 'olcSubordinate' attribute in slapd's
+ configuration.
+ (Closes: #794996)
+ * Install slapo-lastbind.5 man page. (Closes: #794997)
+
+ [ Ryan Tandy ]
+ * slapd.scripts-common: Delete an outdated comment.
+ * New upstream release.
+ * Enable the MDB backend again on GNU/kFreeBSD. The new pthread library
+ provides all the required interfaces, and the test suite now passes.
+ Leave it disabled on the Hurd. LMDB requires POSIX semaphores, which have
+ not yet been implemented.
+ * Disable the BDB/HDB backends on the Hurd. BDB requires record locks
+ (F_SETLK), which have not yet been implemented; see #693971.
+
+ -- Ryan Tandy <ryan at nardis.ca> Fri, 21 Aug 2015 13:07:51 -0700
+
+openldap (2.4.41+dfsg-1ubuntu3) xenial; urgency=medium
+
+ * Rebuild for Perl 5.22.1.
+
+ -- Colin Watson <cjwatson at ubuntu.com> Fri, 18 Dec 2015 15:10:17 +0000
+
+openldap (2.4.41+dfsg-1ubuntu2) wily; urgency=medium
+
+ * SECURITY UPDATE: denial of service via crafted BER data
+ - debian/patches/CVE-2015-6908.patch: remove obsolete assert in
+ libraries/liblber/io.c.
+ - CVE-2015-6908
+
+ -- Marc Deslauriers <marc.deslauriers at ubuntu.com> Mon, 14 Sep 2015 10:25:04 -0400
+
+openldap (2.4.41+dfsg-1ubuntu1) wily; urgency=medium
+
+ * Merge from Debian testing (LP: #1471831). Remaining changes:
+ - Enable AppArmor support:
+ - d/apparmor-profile: add AppArmor profile
+ - d/rules: use dh_apparmor
+ - d/control: Build-Depends on dh-apparmor
+ - d/slapd.README.Debian: add note about AppArmor
+ - Enable GSSAPI support:
+ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
+ - Add --with-gssapi support
+ - Make guess_service_principal() more robust when determining
+ principal
+ - d/configure.options: Configure with --with-gssapi
+ - d/control: Added heimdal-dev as a build depend
+ - Enable ufw support:
+ - d/control: suggest ufw.
+ - d/rules: install ufw profile.
+ - d/slapd.ufw.profile: add ufw profile.
+ - Enable nss overlay:
+ - d/{patches/nssov-build,rules}: Apply, build and package the
+ nss overlay.
+ - d/{rules,slapd.py}: Add apport hook.
+ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
+ either the default DIT nor via an Authn mapping.
+ - d/slapd.scripts-common:
+ - add slapcat_opts to local variables.
+ - Remove unused variable new_conf.
+ - Fix backup directory naming for multiple reconfiguration.
+ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
+ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
+ in the openldap library, as required by Likewise-Open
+ - Show distribution in version:
+ - d/control: added lsb-release
+ - d/patches/fix-ldap-distribution.patch: show distribution in version
+ * Dropped changes:
+ - Fix cpp calls for GCC 5: fixed upstream (ITS#8056)
+ * Upstream fixes:
+ - slapd crash with auditlog overlay and large (~27KB) attribute values
+ (ITS#8003) (LP: #1461276)
+ - nssov updated to support recent nss-pam-ldapd client libraries
+ (ITS#8097) (LP: #1393306)
+ * Update d/patches/nssov-build for upstream changes.
+ * Tweak d/patches/gssapi.diff to apply without fuzz.
+ * d/libldap-2.4-2.symbols: Add symbols not present in Debian.
+ - CLDAP (UDP) was added in 2.4.17-1ubuntu2
+ - GSSAPI support was enabled in 2.4.18-0ubuntu2
+
+ -- Ryan Tandy <ryan at nardis.ca> Fri, 24 Jul 2015 14:12:06 -0700
+
openldap (2.4.41+dfsg-1) unstable; urgency=medium
* New upstream release.
diff --cc debian/control
index 7032576,033da2d..24233ed
--- a/debian/control
+++ b/debian/control
@@@ -9,14 -8,23 +9,25 @@@ Uploaders: Roland Bauerschmidt <rb at debi
Matthijs Möhlmann <matthijs at cacholong.nl>,
Timo Aaltonen <tjaalton at ubuntu.com>,
Ryan Tandy <ryan at nardis.ca>
- Build-Depends: debhelper (>= 9),
- dpkg-dev (>= 1.16.1),
- libdb5.3-dev, nettle-dev,
- libgnutls28-dev, unixodbc-dev, libncurses5-dev, libperl-dev (>= 5.8.0),
- libsasl2-dev, libslp-dev, libltdl-dev | libltdl3-dev (>= 1.4.3),
- libwrap0-dev, perl, po-debconf,
- groff-base, time, heimdal-dev,
- dh-autoreconf, dh-apparmor, lsb-release
+ Build-Depends: debhelper (>= 9.20141010),
++ dh-apparmor,
+ dh-autoreconf,
+ dpkg-dev (>= 1.17.14),
+ groff-base,
- heimdal-multidev <!stage1>,
++ heimdal-dev <!stage1>,
+ libdb5.3-dev <!stage1>,
+ libgnutls28-dev,
+ libltdl-dev <!stage1>,
+ libperl-dev (>= 5.8.0) <!stage1>,
+ libsasl2-dev,
+ libslp-dev <!stage1>,
+ libwrap0-dev <!stage1>,
++ lsb-release,
+ nettle-dev <!stage1>,
+ perl:any,
+ po-debconf,
+ time <!stage1>,
+ unixodbc-dev <!stage1>
Build-Conflicts: libbind-dev, bind-dev, libicu-dev, autoconf2.13
Standards-Version: 3.9.6
Homepage: http://www.openldap.org/
diff --cc debian/patches/series
index 945a184,0a2027e..31e6523
--- a/debian/patches/series
+++ b/debian/patches/series
@@@ -23,5 -23,4 +25,5 @@@ switch-to-lt_dlopenadvise-to-get-RTLD_G
no-bdb-ABI-second-guessing
heimdal-fix
ITS6035-olcauthzregex-needs-restart.patch
+ ITS8240-remove-obsolete-assert.patch
+fix-ldap-distribution.patch
- CVE-2015-6908.patch
diff --cc debian/rules
index a438cb0,7864c9c..b06aabf
--- a/debian/rules
+++ b/debian/rules
@@@ -88,8 -98,8 +98,9 @@@ override_dh_auto_configure
override_dh_auto_build:
dh_auto_build -- $(MAKEVARS)
+ ifeq ($(filter stage1,$(DEB_BUILD_PROFILES)),)
$(MAKE) -C contrib/slapd-modules/smbk5pwd
+ $(MAKE) -C contrib/slapd-modules/nssov/ $(MAKEVARS) nssov.la
$(MAKE) -C contrib/slapd-modules/autogroup
$(MAKE) -C contrib/slapd-modules/lastbind
$(MAKE) -C contrib/slapd-modules/passwd/sha2
@@@ -96,8 -107,8 +108,9 @@@ endi
override_dh_auto_install:
dh_auto_install -- $(MAKEVARS)
+ ifeq ($(filter stage1,$(DEB_BUILD_PROFILES)),)
$(MAKE) -C contrib/slapd-modules/smbk5pwd install DESTDIR=$(installdir)
+ $(MAKE) -C contrib/slapd-modules/nssov install DESTDIR=$(installdir)
$(MAKE) -C contrib/slapd-modules/autogroup install DESTDIR=$(installdir)
$(MAKE) -C contrib/slapd-modules/lastbind install DESTDIR=$(installdir)
$(MAKE) -C contrib/slapd-modules/passwd/sha2 install DESTDIR=$(installdir)
@@@ -132,15 -145,8 +147,16 @@@ override_dh_install
dh_install
rm -rf $(CURDIR)/debian/slapd/usr/lib/ldap/smbk5pwd*
chmod 0755 $(CURDIR)/debian/slapd/usr/share/slapd/ldiftopasswd
+ endif
+ # install AppArmor profile
+ install -D -m 644 $(CURDIR)/debian/apparmor-profile $(CURDIR)/debian/slapd/etc/apparmor.d/usr.sbin.slapd
+
+ # install ufw profile
+ install -D -m 644 $(CURDIR)/debian/slapd.ufw.profile $(CURDIR)/debian/slapd/etc/ufw/applications.d/slapd
+
+ dh_apparmor -pslapd --profile-name=usr.sbin.slapd
+
override_dh_installinit:
dh_installinit -- "defaults 19 80"
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-openldap/openldap.git
More information about the Pkg-openldap-devel
mailing list