[Pkg-openldap-devel] [openldap] 02/04: Import Debian changes 2.4.44+dfsg-3ubuntu1
Ryan Tandy
rtandy-guest at moszumanska.debian.org
Sat Apr 22 20:07:18 UTC 2017
This is an automated email from the git hooks/post-receive script.
rtandy-guest pushed a commit to branch ubuntu/master
in repository openldap.
commit 57729e1469b28eeffcff2eec3ef32c0d1105c2c4
Merge: 5edeae0 0583405 a21fb02
Author: Nishanth Aravamudan <nish.aravamudan at canonical.com>
Date: Fri Feb 10 11:38:57 2017 -0800
Import Debian changes 2.4.44+dfsg-3ubuntu1
openldap (2.4.44+dfsg-3ubuntu1) zesty; urgency=medium
* Merge with Debian unstable (LP: #1663702, LP: #1654416). Remaining
changes
- Enable AppArmor support:
- d/apparmor-profile: add AppArmor profile
- d/rules: use dh_apparmor
- d/control: Build-Depends on dh-apparmor
- d/slapd.README.Debian: add note about AppArmor
- Enable GSSAPI support:
- d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
- Add --with-gssapi support
- Make guess_service_principal() more robust when determining
principal
- d/configure.options: Configure with --with-gssapi
- d/control: Added heimdal-dev as a build depend
- d/rules:
- Explicitly add -I/usr/include/heimdal to CFLAGS.
- Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
- Enable ufw support:
- d/control: suggest ufw.
- d/rules: install ufw profile.
- d/slapd.ufw.profile: add ufw profile.
- Enable nss overlay:
- d/{patches/nssov-build,rules}: Apply, build and package the
nss overlay.
- d/{rules,slapd.py}: Add apport hook.
[ d/rules modification mentioned above was dropped in
2.4.23-6ubuntu1, re-adding it ]
- d/slapd.init.ldif: don't set olcRootDN since it's not defined in
either the default DIT nor via an Authn mapping.
- d/slapd.scripts-common:
- add slapcat_opts to local variables.
- Fix backup directory naming for multiple reconfiguration.
- d/{slapd.default,slapd.README.Debian}: use the new configuration style.
- d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
in the openldap library, as required by Likewise-Open
- Show distribution in version:
- d/control: added lsb-release
- d/patches/fix-ldap-distribution.patch: show distribution in version
[ Refreshed patch ]
- d/libldap-2.4-2.symbols: Add symbols not present in Debian.
- CLDAP (UDP) was added in 2.4.17-1ubuntu2
- GSSAPI support was enabled in 2.4.18-0ubuntu2
[ undocumented in prior merge, added in 2.4.41+dfsg-1ubuntu1 ]
- Fix use after free with GnuTLS. (LP #1557248)
* Drop:
- d/slapd.scripts-common:
+ Remove unused variable new_conf.
[ configure_v2_protocol_support function removed in 2.4.44+dfsg-1 ]
- d/b/config.log: add config.log
[ previously undocumented, stray change ]
openldap (2.4.44+dfsg-3) unstable; urgency=medium
* Apply upstream patch to fix FTBFS on kFreeBSD. (Closes: #845394)
* Restore heimdal support to the smbk5pwd overlay.
openldap (2.4.44+dfsg-2) unstable; urgency=medium
[ Ryan Tandy ]
* Update Standards-Version to 3.9.8; no changes required.
* Enable dh_makeshlibs for libldap-2.4-2. Remove libldap-2.4-2.postinst, now
replaced by the automatic ldconfig trigger.
* Don't execute slapd's override_dh_install when building only
arch-independent packages. (Closes: #845506)
* Override lintian false positives on slapd.README.Debian,
slapd-smbk5pwd.postinst, and slapd-smbk5pwd triggering ldconfig.
* Perform permissions changes in override_dh_fixperms instead of in
override_dh_install.
* Remove manual chmod of schema files since dh_fixperms sets correct
permissions automatically.
* Fix slapd-smbk5pwd failing to upgrade when there are no instances of the
overlay configured.
[ Helmut Grohne ]
* Fix FTCBFS: Pass CC to make explicitly. (Closes: #839251)
openldap (2.4.44+dfsg-1) unstable; urgency=medium
[ Ryan Tandy ]
* New upstream release.
- Fixed ppolicy not unlocking policy entry after initialization failure
(ITS#7537) (Closes: #702414)
* Drop ITS8240-remove-obsolete-assert.patch, included upstream.
* Update debian/schema/ppolicy.schema to add the pwdMaxRecordedFailure
attribute.
* Update libldap-2.4-2.symbols with new ldap_build_*_req symbols.
* Mark the build target in debian/rules as phony, since the upstream source
includes a build/ directory.
* Correct the list of files to be cleaned for the pw-sha2 contrib module.
* Fix a typo (slpad -> slapd) in the Catalan debconf translation.
* Disable OpenSLP support and remove libslp-dev from Build-Depends.
(Closes: #815364)
* Ensure /var/run/slapd exists when starting slapd, even if the pid file is
somewhere else. Thanks to Dave Beach for the report. (Closes: #815571)
* Create the pidfile directory when starting slapd, but not when running the
init script in other modes.
* Remove support for enabling the obsolete LDAPv2 protocol via debconf.
* debian/copyright: Update the OpenLDAP copyright and license.
* debian/control: Update VCS URIs to the modern canonical form.
* Override Lintian errors about schema files derived from RFC documents.
Copyrightable content has been removed from these files; however, the
copyright notices have been retained to preserve attribution.
* On upgrade, if the cn=config database contains the ppolicy schema, add the
new pwdMaxRecordedFailure attribute to it.
* Add debian/patches/set-maintainer-name to omit the builder's username and
working directory from version strings and thereby make the build
reproducible. Thanks to Daniel Shahaf for the patch. (Closes: #833179)
* Build smbk5pwd without Kerberos support and drop the build-dependency on
heimdal. (Closes: #836885)
* On upgrade, comment the krb5 setting on any instances of the smbk5pwd
overlay in slapd.conf. Require cn=config users to disable krb5 manually
before upgrading.
[ Helmut Grohne ]
* Fix policy 8.2 violation (Closes: #330695)
+ Move /etc/ldap/ldap.conf and manpage to new package libldap-common.
ANNOUNCEMENT | 2 +-
CHANGES | 49 +
COPYRIGHT | 2 +-
INSTALL | 2 +-
Makefile.in | 2 +-
README | 2 +-
build/dir.mk | 2 +-
build/info.mk | 2 +-
build/lib-shared.mk | 2 +-
build/lib-static.mk | 2 +-
build/lib.mk | 2 +-
build/ltmain.sh | 2 +-
build/man.mk | 2 +-
build/missing | 2 +-
build/mkdep | 2 +-
build/mkdep.aix | 2 +-
build/mkrelease | 2 +-
build/mkvers.bat | 2 +-
build/mkversion | 6 +-
build/mod.mk | 2 +-
build/openldap.m4 | 2 +-
build/rules.mk | 2 +-
build/srv.mk | 2 +-
build/top.mk | 2 +-
build/version.h | 4 +-
build/version.sh | 2 +-
build/version.var | 10 +-
clients/Makefile.in | 2 +-
clients/tools/Makefile.in | 2 +-
clients/tools/common.c | 2 +-
clients/tools/common.h | 2 +-
clients/tools/ldapcompare.c | 2 +-
clients/tools/ldapdelete.c | 2 +-
clients/tools/ldapexop.c | 2 +-
clients/tools/ldapmodify.c | 2 +-
clients/tools/ldapmodrdn.c | 2 +-
clients/tools/ldappasswd.c | 2 +-
clients/tools/ldapsearch.c | 2 +-
clients/tools/ldapurl.c | 2 +-
clients/tools/ldapwhoami.c | 2 +-
configure | 8 +-
configure.in | 12 +-
contrib/ldapc++/COPYRIGHT | 2 +-
contrib/ldapc++/Makefile.am | 2 +-
contrib/ldapc++/Makefile.in | 2 +-
contrib/ldapc++/configure | 4 +-
contrib/ldapc++/configure.in | 6 +-
contrib/ldapc++/examples/Makefile.am | 2 +-
contrib/ldapc++/examples/Makefile.in | 2 +-
contrib/ldapc++/examples/main.cpp | 2 +-
contrib/ldapc++/examples/readSchema.cpp | 2 +-
contrib/ldapc++/examples/startTls.cpp | 2 +-
contrib/ldapc++/examples/urlTest.cpp | 2 +-
contrib/ldapc++/src/LDAPAddRequest.cpp | 2 +-
contrib/ldapc++/src/LDAPAddRequest.h | 2 +-
contrib/ldapc++/src/LDAPAsynConnection.cpp | 2 +-
contrib/ldapc++/src/LDAPAsynConnection.h | 2 +-
contrib/ldapc++/src/LDAPAttrType.cpp | 2 +-
contrib/ldapc++/src/LDAPAttrType.h | 2 +-
contrib/ldapc++/src/LDAPAttribute.cpp | 2 +-
contrib/ldapc++/src/LDAPAttribute.h | 2 +-
contrib/ldapc++/src/LDAPAttributeList.cpp | 2 +-
contrib/ldapc++/src/LDAPAttributeList.h | 2 +-
contrib/ldapc++/src/LDAPBindRequest.cpp | 2 +-
contrib/ldapc++/src/LDAPBindRequest.h | 2 +-
contrib/ldapc++/src/LDAPCompareRequest.cpp | 2 +-
contrib/ldapc++/src/LDAPCompareRequest.h | 2 +-
contrib/ldapc++/src/LDAPConnection.cpp | 2 +-
contrib/ldapc++/src/LDAPConnection.h | 2 +-
contrib/ldapc++/src/LDAPConstraints.cpp | 2 +-
contrib/ldapc++/src/LDAPConstraints.h | 2 +-
contrib/ldapc++/src/LDAPControl.cpp | 2 +-
contrib/ldapc++/src/LDAPControl.h | 2 +-
contrib/ldapc++/src/LDAPControlSet.cpp | 2 +-
contrib/ldapc++/src/LDAPControlSet.h | 2 +-
contrib/ldapc++/src/LDAPDeleteRequest.cpp | 2 +-
contrib/ldapc++/src/LDAPDeleteRequest.h | 2 +-
contrib/ldapc++/src/LDAPEntry.cpp | 2 +-
contrib/ldapc++/src/LDAPEntry.h | 2 +-
contrib/ldapc++/src/LDAPEntryList.cpp | 2 +-
contrib/ldapc++/src/LDAPEntryList.h | 2 +-
contrib/ldapc++/src/LDAPException.cpp | 2 +-
contrib/ldapc++/src/LDAPException.h | 2 +-
contrib/ldapc++/src/LDAPExtRequest.cpp | 2 +-
contrib/ldapc++/src/LDAPExtRequest.h | 2 +-
contrib/ldapc++/src/LDAPExtResult.cpp | 2 +-
contrib/ldapc++/src/LDAPExtResult.h | 2 +-
contrib/ldapc++/src/LDAPMessage.cpp | 2 +-
contrib/ldapc++/src/LDAPMessage.h | 2 +-
contrib/ldapc++/src/LDAPMessageQueue.cpp | 2 +-
contrib/ldapc++/src/LDAPMessageQueue.h | 2 +-
contrib/ldapc++/src/LDAPModDNRequest.cpp | 2 +-
contrib/ldapc++/src/LDAPModDNRequest.h | 2 +-
contrib/ldapc++/src/LDAPModList.cpp | 2 +-
contrib/ldapc++/src/LDAPModList.h | 2 +-
contrib/ldapc++/src/LDAPModification.cpp | 2 +-
contrib/ldapc++/src/LDAPModification.h | 2 +-
contrib/ldapc++/src/LDAPModifyRequest.cpp | 2 +-
contrib/ldapc++/src/LDAPModifyRequest.h | 2 +-
contrib/ldapc++/src/LDAPObjClass.cpp | 2 +-
contrib/ldapc++/src/LDAPObjClass.h | 2 +-
contrib/ldapc++/src/LDAPRebind.cpp | 2 +-
contrib/ldapc++/src/LDAPRebind.h | 2 +-
contrib/ldapc++/src/LDAPRebindAuth.cpp | 2 +-
contrib/ldapc++/src/LDAPRebindAuth.h | 2 +-
contrib/ldapc++/src/LDAPReferenceList.cpp | 2 +-
contrib/ldapc++/src/LDAPReferenceList.h | 2 +-
contrib/ldapc++/src/LDAPRequest.cpp | 2 +-
contrib/ldapc++/src/LDAPRequest.h | 2 +-
contrib/ldapc++/src/LDAPResult.cpp | 2 +-
contrib/ldapc++/src/LDAPResult.h | 2 +-
contrib/ldapc++/src/LDAPSaslBindResult.cpp | 2 +-
contrib/ldapc++/src/LDAPSaslBindResult.h | 2 +-
contrib/ldapc++/src/LDAPSchema.cpp | 2 +-
contrib/ldapc++/src/LDAPSchema.h | 2 +-
contrib/ldapc++/src/LDAPSearchReference.cpp | 2 +-
contrib/ldapc++/src/LDAPSearchReference.h | 2 +-
contrib/ldapc++/src/LDAPSearchRequest.cpp | 2 +-
contrib/ldapc++/src/LDAPSearchRequest.h | 2 +-
contrib/ldapc++/src/LDAPSearchResult.cpp | 2 +-
contrib/ldapc++/src/LDAPSearchResult.h | 2 +-
contrib/ldapc++/src/LDAPSearchResults.cpp | 2 +-
contrib/ldapc++/src/LDAPSearchResults.h | 2 +-
contrib/ldapc++/src/LDAPUrl.cpp | 2 +-
contrib/ldapc++/src/LDAPUrl.h | 2 +-
contrib/ldapc++/src/LDAPUrlList.cpp | 2 +-
contrib/ldapc++/src/LDAPUrlList.h | 2 +-
contrib/ldapc++/src/LdifReader.cpp | 2 +-
contrib/ldapc++/src/LdifReader.h | 2 +-
contrib/ldapc++/src/LdifWriter.cpp | 2 +-
contrib/ldapc++/src/LdifWriter.h | 2 +-
contrib/ldapc++/src/Makefile.am | 2 +-
contrib/ldapc++/src/Makefile.in | 2 +-
contrib/ldapc++/src/SaslInteraction.cpp | 2 +-
contrib/ldapc++/src/SaslInteraction.h | 2 +-
contrib/ldapc++/src/SaslInteractionHandler.cpp | 2 +-
contrib/ldapc++/src/SaslInteractionHandler.h | 2 +-
contrib/ldapc++/src/StringList.cpp | 2 +-
contrib/ldapc++/src/StringList.h | 2 +-
contrib/ldapc++/src/TlsOptions.cpp | 2 +-
contrib/ldapc++/src/TlsOptions.h | 2 +-
contrib/ldapc++/src/ac/time.h | 2 +-
contrib/ldapc++/src/debug.h | 2 +-
contrib/ldapc++/version.sh | 2 +-
contrib/ldapc++/version.var | 2 +-
contrib/ldaptcl/COPYRIGHT | 2 +-
contrib/slapd-modules/README | 2 +-
contrib/slapd-modules/acl/README.posixgroup | 2 +-
contrib/slapd-modules/acl/posixgroup.c | 2 +-
contrib/slapd-modules/addpartial/README | 2 +-
.../slapd-modules/addpartial/addpartial-overlay.c | 2 +-
contrib/slapd-modules/allop/README | 2 +-
contrib/slapd-modules/allop/allop.c | 2 +-
contrib/slapd-modules/allop/slapo-allop.5 | 2 +-
contrib/slapd-modules/allowed/Makefile | 2 +-
contrib/slapd-modules/allowed/README | 2 +-
contrib/slapd-modules/allowed/allowed.c | 2 +-
contrib/slapd-modules/autogroup/README | 2 +-
contrib/slapd-modules/autogroup/autogroup.c | 2 +-
contrib/slapd-modules/cloak/cloak.c | 2 +-
contrib/slapd-modules/cloak/slapo-cloak.5 | 2 +-
contrib/slapd-modules/comp_match/Makefile | 2 +-
contrib/slapd-modules/denyop/denyop.c | 2 +-
contrib/slapd-modules/dsaschema/README | 2 +-
contrib/slapd-modules/dsaschema/dsaschema.c | 2 +-
contrib/slapd-modules/dupent/Makefile | 2 +-
contrib/slapd-modules/dupent/dupent.c | 2 +-
contrib/slapd-modules/kinit/README | 2 +-
contrib/slapd-modules/kinit/kinit.c | 2 +-
contrib/slapd-modules/lastmod/lastmod.c | 2 +-
contrib/slapd-modules/lastmod/slapo-lastmod.5 | 2 +-
contrib/slapd-modules/noopsrch/Makefile | 2 +-
contrib/slapd-modules/noopsrch/noopsrch.c | 2 +-
contrib/slapd-modules/nops/nops.c | 2 +-
contrib/slapd-modules/nssov/Makefile | 2 +-
contrib/slapd-modules/nssov/README | 2 +-
contrib/slapd-modules/nssov/alias.c | 2 +-
contrib/slapd-modules/nssov/ether.c | 2 +-
contrib/slapd-modules/nssov/group.c | 2 +-
contrib/slapd-modules/nssov/host.c | 2 +-
contrib/slapd-modules/nssov/netgroup.c | 2 +-
contrib/slapd-modules/nssov/network.c | 2 +-
contrib/slapd-modules/nssov/nssov.c | 2 +-
contrib/slapd-modules/nssov/nssov.h | 2 +-
contrib/slapd-modules/nssov/pam.c | 2 +-
contrib/slapd-modules/nssov/passwd.c | 2 +-
contrib/slapd-modules/nssov/protocol.c | 2 +-
contrib/slapd-modules/nssov/rpc.c | 2 +-
contrib/slapd-modules/nssov/service.c | 2 +-
contrib/slapd-modules/nssov/shadow.c | 2 +-
contrib/slapd-modules/nssov/slapo-nssov.5 | 2 +-
contrib/slapd-modules/passwd/README | 2 +-
contrib/slapd-modules/passwd/kerberos.c | 2 +-
contrib/slapd-modules/passwd/netscape.c | 2 +-
contrib/slapd-modules/passwd/pbkdf2/README | 2 +-
contrib/slapd-modules/passwd/pbkdf2/pw-pbkdf2.c | 114 +-
contrib/slapd-modules/passwd/radius.c | 2 +-
contrib/slapd-modules/passwd/sha2/README | 2 +-
contrib/slapd-modules/passwd/sha2/sha2.c | 6 +-
contrib/slapd-modules/passwd/sha2/sha2.h | 19 +
contrib/slapd-modules/passwd/sha2/slapd-sha2.c | 2 +-
contrib/slapd-modules/proxyOld/Makefile | 2 +-
contrib/slapd-modules/proxyOld/README | 2 +-
contrib/slapd-modules/proxyOld/proxyOld.c | 2 +-
contrib/slapd-modules/samba4/Makefile | 2 +-
contrib/slapd-modules/samba4/README | 2 +-
contrib/slapd-modules/samba4/pguid.c | 2 +-
contrib/slapd-modules/samba4/rdnval.c | 2 +-
contrib/slapd-modules/samba4/vernum.c | 2 +-
contrib/slapd-modules/smbk5pwd/Makefile | 2 +-
contrib/slapd-modules/smbk5pwd/README | 2 +-
contrib/slapd-modules/smbk5pwd/smbk5pwd.c | 31 +-
contrib/slapd-modules/trace/trace.c | 2 +-
contrib/slapd-tools/README | 2 +-
contrib/slapd-tools/statslog | 2 +-
contrib/slapi-plugins/addrdnvalues/README | 2 +-
contrib/slapi-plugins/addrdnvalues/addrdnvalues.c | 2 +-
debian/build/config.log | 4784 --------------------
debian/changelog | 129 +-
debian/configure.options | 2 +-
debian/control | 20 +-
debian/copyright | 30 +-
debian/libldap-2.4-2.install | 1 -
debian/libldap-2.4-2.postinst | 15 -
debian/libldap-2.4-2.shlibs | 6 +
debian/libldap-2.4-2.symbols | 7 +
debian/libldap-common.install | 1 +
...ldap-2.4-2.manpages => libldap-common.manpages} | 0
debian/patches/ITS-8554-kFreeBSD-is-like-BSD.patch | 26 +
.../patches/ITS8240-remove-obsolete-assert.patch | 25 -
debian/patches/fix-ldap-distribution.patch | 6 +-
debian/patches/no-AM_INIT_AUTOMAKE | 4 +-
debian/patches/series | 3 +-
debian/patches/set-maintainer-name | 11 +
debian/po/ca.po | 131 +-
debian/po/cs.po | 130 +-
debian/po/da.po | 140 +-
debian/po/de.po | 149 +-
debian/po/es.po | 128 +-
debian/po/eu.po | 126 +-
debian/po/fi.po | 126 +-
debian/po/fr.po | 128 +-
debian/po/gl.po | 126 +-
debian/po/it.po | 145 +-
debian/po/ja.po | 151 +-
debian/po/nl.po | 126 +-
debian/po/pt.po | 126 +-
debian/po/pt_BR.po | 126 +-
debian/po/ru.po | 127 +-
debian/po/sk.po | 126 +-
debian/po/sv.po | 126 +-
debian/po/templates.pot | 110 +-
debian/po/tr.po | 128 +-
debian/po/vi.po | 126 +-
debian/rules | 47 +-
debian/schema/ppolicy.schema | 12 +-
debian/slapd-smbk5pwd.lintian-overrides | 2 +
debian/slapd.NEWS | 9 +
debian/slapd.conf | 3 -
debian/slapd.config | 14 +-
debian/slapd.init | 23 +-
debian/slapd.lintian-overrides | 2 +
debian/slapd.postinst | 94 +-
debian/slapd.preinst | 89 +
debian/slapd.scripts-common | 66 +-
debian/slapd.templates | 42 +-
debian/source.lintian-overrides | 8 +
doc/Makefile.in | 2 +-
doc/guide/admin/Makefile | 2 +-
doc/guide/admin/README.spellcheck | 2 +-
doc/guide/admin/abstract.sdf | 2 +-
doc/guide/admin/access-control.sdf | 2 +-
doc/guide/admin/admin.sdf | 2 +-
doc/guide/admin/appendix-changes.sdf | 2 +-
doc/guide/admin/appendix-common-errors.sdf | 2 +-
doc/guide/admin/appendix-configs.sdf | 2 +-
doc/guide/admin/appendix-contrib.sdf | 2 +-
doc/guide/admin/appendix-deployments.sdf | 2 +-
doc/guide/admin/appendix-ldap-result-codes.sdf | 2 +-
doc/guide/admin/appendix-recommended-versions.sdf | 4 +-
doc/guide/admin/appendix-upgrading.sdf | 2 +-
doc/guide/admin/aspell.en.pws | 5 +
doc/guide/admin/backends.sdf | 6 +-
doc/guide/admin/config.sdf | 2 +-
doc/guide/admin/dbtools.sdf | 2 +-
doc/guide/admin/glossary.sdf | 2 +-
doc/guide/admin/guide.html | 140 +-
doc/guide/admin/guide.sdf | 2 +-
doc/guide/admin/index.sdf | 2 +-
doc/guide/admin/install.sdf | 22 +-
doc/guide/admin/intro.sdf | 31 +-
doc/guide/admin/limits.sdf | 2 +-
doc/guide/admin/maintenance.sdf | 2 +-
doc/guide/admin/master.sdf | 2 +-
doc/guide/admin/monitoringslapd.sdf | 2 +-
doc/guide/admin/overlays.sdf | 2 +-
doc/guide/admin/preface.sdf | 2 +-
doc/guide/admin/quickstart.sdf | 71 +-
doc/guide/admin/referrals.sdf | 2 +-
doc/guide/admin/replication.sdf | 10 +-
doc/guide/admin/runningslapd.sdf | 2 +-
doc/guide/admin/sasl.sdf | 2 +-
doc/guide/admin/schema.sdf | 2 +-
doc/guide/admin/security.sdf | 2 +-
doc/guide/admin/slapdconf2.sdf | 8 +-
doc/guide/admin/slapdconfig.sdf | 12 +-
doc/guide/admin/title.sdf | 2 +-
doc/guide/admin/tls.sdf | 2 +-
doc/guide/admin/troubleshooting.sdf | 2 +-
doc/guide/admin/tuning.sdf | 2 +-
doc/guide/images/src/README.fonts | 2 +-
doc/guide/plain.sdf | 2 +-
doc/guide/preamble.sdf | 3 +-
doc/guide/release/copyright-plain.sdf | 2 +-
doc/guide/release/copyright.sdf | 2 +-
doc/guide/release/install.sdf | 2 +-
doc/guide/release/license-plain.sdf | 2 +-
doc/guide/release/license.sdf | 2 +-
doc/man/Makefile.in | 2 +-
doc/man/man1/Makefile.in | 2 +-
doc/man/man1/ldapcompare.1 | 2 +-
doc/man/man1/ldapdelete.1 | 2 +-
doc/man/man1/ldapmodify.1 | 2 +-
doc/man/man1/ldapmodrdn.1 | 2 +-
doc/man/man1/ldappasswd.1 | 2 +-
doc/man/man1/ldapsearch.1 | 2 +-
doc/man/man1/ldapurl.1 | 2 +-
doc/man/man1/ldapwhoami.1 | 2 +-
doc/man/man3/Makefile.in | 2 +-
doc/man/man3/lber-decode.3 | 2 +-
doc/man/man3/lber-encode.3 | 2 +-
doc/man/man3/lber-memory.3 | 2 +-
doc/man/man3/lber-sockbuf.3 | 2 +-
doc/man/man3/lber-types.3 | 2 +-
doc/man/man3/ldap.3 | 2 +-
doc/man/man3/ldap_abandon.3 | 2 +-
doc/man/man3/ldap_add.3 | 2 +-
doc/man/man3/ldap_bind.3 | 2 +-
doc/man/man3/ldap_compare.3 | 2 +-
doc/man/man3/ldap_controls.3 | 2 +-
doc/man/man3/ldap_delete.3 | 2 +-
doc/man/man3/ldap_dup.3 | 2 +-
doc/man/man3/ldap_error.3 | 2 +-
doc/man/man3/ldap_extended_operation.3 | 2 +-
doc/man/man3/ldap_first_attribute.3 | 2 +-
doc/man/man3/ldap_first_entry.3 | 2 +-
doc/man/man3/ldap_first_message.3 | 2 +-
doc/man/man3/ldap_first_reference.3 | 2 +-
doc/man/man3/ldap_get_dn.3 | 2 +-
doc/man/man3/ldap_get_option.3 | 2 +-
doc/man/man3/ldap_get_values.3 | 2 +-
doc/man/man3/ldap_memory.3 | 2 +-
doc/man/man3/ldap_modify.3 | 2 +-
doc/man/man3/ldap_modrdn.3 | 2 +-
doc/man/man3/ldap_open.3 | 2 +-
doc/man/man3/ldap_parse_reference.3 | 2 +-
doc/man/man3/ldap_parse_result.3 | 2 +-
doc/man/man3/ldap_parse_sort_control.3 | 2 +-
doc/man/man3/ldap_parse_vlv_control.3 | 2 +-
doc/man/man3/ldap_rename.3 | 2 +-
doc/man/man3/ldap_result.3 | 2 +-
doc/man/man3/ldap_schema.3 | 2 +-
doc/man/man3/ldap_search.3 | 2 +-
doc/man/man3/ldap_sort.3 | 2 +-
doc/man/man3/ldap_sync.3 | 2 +-
doc/man/man3/ldap_tls.3 | 2 +-
doc/man/man3/ldap_url.3 | 2 +-
doc/man/man5/Makefile.in | 2 +-
doc/man/man5/ldap.conf.5 | 2 +-
doc/man/man5/ldif.5 | 2 +-
doc/man/man5/slapd-bdb.5 | 2 +-
doc/man/man5/slapd-config.5 | 2 +-
doc/man/man5/slapd-dnssrv.5 | 2 +-
doc/man/man5/slapd-ldap.5 | 2 +-
doc/man/man5/slapd-ldbm.5 | 2 +-
doc/man/man5/slapd-ldif.5 | 2 +-
doc/man/man5/slapd-mdb.5 | 12 +-
doc/man/man5/slapd-meta.5 | 2 +-
doc/man/man5/slapd-monitor.5 | 2 +-
doc/man/man5/slapd-ndb.5 | 2 +-
doc/man/man5/slapd-null.5 | 7 +-
doc/man/man5/slapd-passwd.5 | 2 +-
doc/man/man5/slapd-relay.5 | 2 +-
doc/man/man5/slapd-shell.5 | 2 +-
doc/man/man5/slapd-sock.5 | 2 +-
doc/man/man5/slapd.access.5 | 2 +-
doc/man/man5/slapd.backends.5 | 2 +-
doc/man/man5/slapd.conf.5 | 2 +-
doc/man/man5/slapd.overlays.5 | 2 +-
doc/man/man5/slapd.plugin.5 | 2 +-
doc/man/man5/slapo-accesslog.5 | 2 +-
doc/man/man5/slapo-auditlog.5 | 2 +-
doc/man/man5/slapo-chain.5 | 2 +-
doc/man/man5/slapo-collect.5 | 2 +-
doc/man/man5/slapo-constraint.5 | 2 +-
doc/man/man5/slapo-dds.5 | 2 +-
doc/man/man5/slapo-dyngroup.5 | 2 +-
doc/man/man5/slapo-dynlist.5 | 2 +-
doc/man/man5/slapo-memberof.5 | 2 +-
doc/man/man5/slapo-pbind.5 | 2 +-
doc/man/man5/slapo-pcache.5 | 2 +-
doc/man/man5/slapo-ppolicy.5 | 25 +-
doc/man/man5/slapo-refint.5 | 2 +-
doc/man/man5/slapo-retcode.5 | 2 +-
doc/man/man5/slapo-rwm.5 | 2 +-
doc/man/man5/slapo-sssvlv.5 | 2 +-
doc/man/man5/slapo-syncprov.5 | 2 +-
doc/man/man5/slapo-translucent.5 | 2 +-
doc/man/man5/slapo-unique.5 | 2 +-
doc/man/man5/slapo-valsort.5 | 2 +-
doc/man/man8/Makefile.in | 2 +-
doc/man/man8/slapacl.8 | 2 +-
doc/man/man8/slapadd.8 | 2 +-
doc/man/man8/slapauth.8 | 2 +-
doc/man/man8/slapcat.8 | 2 +-
doc/man/man8/slapd.8 | 2 +-
doc/man/man8/slapdn.8 | 2 +-
doc/man/man8/slapindex.8 | 2 +-
doc/man/man8/slappasswd.8 | 2 +-
doc/man/man8/slapschema.8 | 2 +-
doc/man/man8/slaptest.8 | 2 +-
include/Makefile.in | 2 +-
include/ac/alloca.h | 2 +-
include/ac/assert.h | 2 +-
include/ac/bytes.h | 2 +-
include/ac/crypt.h | 2 +-
include/ac/ctype.h | 2 +-
include/ac/dirent.h | 2 +-
include/ac/errno.h | 2 +-
include/ac/fdset.h | 2 +-
include/ac/localize.h | 2 +-
include/ac/param.h | 2 +-
include/ac/regex.h | 2 +-
include/ac/setproctitle.h | 2 +-
include/ac/signal.h | 2 +-
include/ac/socket.h | 2 +-
include/ac/stdarg.h | 2 +-
include/ac/stdlib.h | 2 +-
include/ac/string.h | 2 +-
include/ac/sysexits.h | 2 +-
include/ac/syslog.h | 2 +-
include/ac/termios.h | 2 +-
include/ac/time.h | 2 +-
include/ac/unistd.h | 2 +-
include/ac/wait.h | 2 +-
include/avl.h | 2 +-
include/getopt-compat.h | 2 +-
include/lber.h | 2 +-
include/lber_pvt.h | 2 +-
include/lber_types.hin | 2 +-
include/ldap.h | 2 +-
include/ldap_cdefs.h | 2 +-
include/ldap_config.hin | 2 +-
include/ldap_defaults.h | 2 +-
include/ldap_features.hin | 2 +-
include/ldap_int_thread.h | 2 +-
include/ldap_log.h | 2 +-
include/ldap_pvt.h | 9 +-
include/ldap_pvt_thread.h | 2 +-
include/ldap_pvt_uc.h | 2 +-
include/ldap_queue.h | 2 +-
include/ldap_rq.h | 2 +-
include/ldap_schema.h | 2 +-
include/ldap_utf8.h | 2 +-
include/ldif.h | 2 +-
include/lutil.h | 2 +-
include/lutil_hash.h | 2 +-
include/lutil_ldap.h | 2 +-
include/lutil_lockf.h | 2 +-
include/lutil_md5.h | 2 +-
include/lutil_sha1.h | 2 +-
include/portable.hin | 2 +-
include/rewrite.h | 2 +-
include/slapi-plugin.h | 2 +-
include/sysexits-compat.h | 2 +-
libraries/Makefile.in | 2 +-
libraries/liblber/Makefile.in | 2 +-
libraries/liblber/assert.c | 2 +-
libraries/liblber/bprint.c | 2 +-
libraries/liblber/debug.c | 2 +-
libraries/liblber/decode.c | 2 +-
libraries/liblber/dtest.c | 2 +-
libraries/liblber/encode.c | 2 +-
libraries/liblber/etest.c | 2 +-
libraries/liblber/idtest.c | 2 +-
libraries/liblber/io.c | 7 +-
libraries/liblber/lber-int.h | 2 +-
libraries/liblber/memory.c | 2 +-
libraries/liblber/nt_err.c | 2 +-
libraries/liblber/options.c | 2 +-
libraries/liblber/sockbuf.c | 2 +-
libraries/liblber/stdio.c | 2 +-
libraries/libldap/Makefile.in | 2 +-
libraries/libldap/abandon.c | 2 +-
libraries/libldap/add.c | 122 +-
libraries/libldap/addentry.c | 2 +-
libraries/libldap/apitest.c | 2 +-
libraries/libldap/assertion.c | 2 +-
libraries/libldap/bind.c | 2 +-
libraries/libldap/cancel.c | 2 +-
libraries/libldap/charray.c | 2 +-
libraries/libldap/compare.c | 76 +-
libraries/libldap/controls.c | 2 +-
libraries/libldap/cyrus.c | 2 +-
libraries/libldap/dds.c | 2 +-
libraries/libldap/delete.c | 70 +-
libraries/libldap/deref.c | 2 +-
libraries/libldap/dnssrv.c | 2 +-
libraries/libldap/dntest.c | 2 +-
libraries/libldap/error.c | 2 +-
libraries/libldap/extended.c | 91 +-
libraries/libldap/fetch.c | 19 +-
libraries/libldap/filter.c | 2 +-
libraries/libldap/free.c | 2 +-
libraries/libldap/ftest.c | 2 +-
libraries/libldap/getattr.c | 2 +-
libraries/libldap/getdn.c | 2 +-
libraries/libldap/getentry.c | 2 +-
libraries/libldap/getvalues.c | 2 +-
libraries/libldap/gssapi.c | 2 +-
libraries/libldap/init.c | 2 +-
libraries/libldap/ldap-int.h | 87 +-
libraries/libldap/ldap-tls.h | 2 +-
libraries/libldap/ldap_sync.c | 2 +-
libraries/libldap/ldif.c | 2 +-
libraries/libldap/messages.c | 2 +-
libraries/libldap/modify.c | 108 +-
libraries/libldap/modrdn.c | 87 +-
libraries/libldap/open.c | 2 +-
libraries/libldap/options.c | 2 +-
libraries/libldap/os-ip.c | 2 +-
libraries/libldap/os-local.c | 2 +-
libraries/libldap/pagectrl.c | 2 +-
libraries/libldap/passwd.c | 2 +-
libraries/libldap/ppolicy.c | 2 +-
libraries/libldap/print.c | 2 +-
libraries/libldap/references.c | 2 +-
libraries/libldap/request.c | 2 +-
libraries/libldap/result.c | 2 +-
libraries/libldap/sasl.c | 92 +-
libraries/libldap/sbind.c | 2 +-
libraries/libldap/schema.c | 2 +-
libraries/libldap/search.c | 2 +-
libraries/libldap/sort.c | 2 +-
libraries/libldap/sortctrl.c | 2 +-
libraries/libldap/stctrl.c | 2 +-
libraries/libldap/string.c | 2 +-
libraries/libldap/t61.c | 2 +-
libraries/libldap/test.c | 2 +-
libraries/libldap/tls2.c | 2 +-
libraries/libldap/tls_g.c | 2 +-
libraries/libldap/tls_m.c | 2 +-
libraries/libldap/tls_o.c | 2 +-
libraries/libldap/turn.c | 2 +-
libraries/libldap/txn.c | 2 +-
libraries/libldap/unbind.c | 2 +-
libraries/libldap/url.c | 2 +-
libraries/libldap/urltest.c | 2 +-
libraries/libldap/utf-8-conv.c | 2 +-
libraries/libldap/utf-8.c | 2 +-
libraries/libldap/util-int.c | 189 +-
libraries/libldap/vlvctrl.c | 2 +-
libraries/libldap/whoami.c | 2 +-
libraries/libldap_r/Makefile.in | 2 +-
libraries/libldap_r/ldap_thr_debug.h | 2 +-
libraries/libldap_r/rdwr.c | 2 +-
libraries/libldap_r/rmutex.c | 2 +-
libraries/libldap_r/rq.c | 2 +-
libraries/libldap_r/thr_cthreads.c | 2 +-
libraries/libldap_r/thr_debug.c | 2 +-
libraries/libldap_r/thr_nt.c | 2 +-
libraries/libldap_r/thr_posix.c | 2 +-
libraries/libldap_r/thr_pth.c | 2 +-
libraries/libldap_r/thr_stub.c | 2 +-
libraries/libldap_r/thr_thr.c | 2 +-
libraries/libldap_r/threads.c | 2 +-
libraries/libldap_r/tpool.c | 2 +-
libraries/liblmdb/CHANGES | 53 +
libraries/liblmdb/COPYRIGHT | 2 +-
libraries/liblmdb/Doxyfile | 2 +-
libraries/liblmdb/Makefile | 22 +-
libraries/liblmdb/intro.doc | 192 +
libraries/liblmdb/lmdb.h | 54 +-
libraries/liblmdb/mdb.c | 1582 ++++---
libraries/liblmdb/mdb_copy.1 | 2 +-
libraries/liblmdb/mdb_copy.c | 2 +-
libraries/liblmdb/mdb_dump.1 | 4 +-
libraries/liblmdb/mdb_dump.c | 4 +-
libraries/liblmdb/mdb_load.1 | 4 +-
libraries/liblmdb/mdb_load.c | 20 +-
libraries/liblmdb/mdb_stat.1 | 4 +-
libraries/liblmdb/mdb_stat.c | 4 +-
libraries/liblmdb/midl.c | 4 +-
libraries/liblmdb/midl.h | 2 +-
libraries/liblmdb/mtest.c | 2 +-
libraries/liblmdb/mtest2.c | 2 +-
libraries/liblmdb/mtest3.c | 2 +-
libraries/liblmdb/mtest4.c | 2 +-
libraries/liblmdb/mtest5.c | 2 +-
libraries/liblmdb/mtest6.c | 2 +-
libraries/liblmdb/sample-bdb.txt | 2 +-
libraries/liblmdb/sample-mdb.txt | 2 +-
libraries/liblunicode/Makefile.in | 2 +-
libraries/liblunicode/ucdata/ucdata.c | 2 +-
libraries/liblunicode/ucdata/ucdata.h | 2 +-
libraries/liblunicode/ucdata/ucgendat.c | 2 +-
libraries/liblunicode/ucdata/ucpgba.c | 2 +-
libraries/liblunicode/ucdata/ucpgba.h | 2 +-
libraries/liblunicode/ucstr.c | 2 +-
libraries/liblunicode/ure/ure.c | 2 +-
libraries/liblunicode/ure/ure.h | 2 +-
libraries/liblunicode/ure/urestubs.c | 2 +-
libraries/liblunicode/utbm/utbm.c | 2 +-
libraries/liblunicode/utbm/utbm.h | 2 +-
libraries/liblunicode/utbm/utbmstub.c | 2 +-
libraries/liblutil/Makefile.in | 2 +-
libraries/liblutil/avl.c | 2 +-
libraries/liblutil/base64.c | 2 +-
libraries/liblutil/detach.c | 2 +-
libraries/liblutil/entropy.c | 2 +-
libraries/liblutil/getopt.c | 2 +-
libraries/liblutil/getpass.c | 2 +-
libraries/liblutil/getpeereid.c | 2 +-
libraries/liblutil/hash.c | 2 +-
libraries/liblutil/lockf.c | 2 +-
libraries/liblutil/md5.c | 2 +-
libraries/liblutil/memcmp.c | 2 +-
libraries/liblutil/ntservice.c | 2 +-
libraries/liblutil/passfile.c | 2 +-
libraries/liblutil/passwd.c | 2 +-
libraries/liblutil/ptest.c | 2 +-
libraries/liblutil/sasl.c | 2 +-
libraries/liblutil/setproctitle.c | 2 +-
libraries/liblutil/sha1.c | 2 +-
libraries/liblutil/signal.c | 2 +-
libraries/liblutil/sockpair.c | 2 +-
libraries/liblutil/tavl.c | 2 +-
libraries/liblutil/testavl.c | 2 +-
libraries/liblutil/testtavl.c | 2 +-
libraries/liblutil/utils.c | 2 +-
libraries/liblutil/uuid.c | 2 +-
libraries/librewrite/Makefile.in | 2 +-
libraries/librewrite/config.c | 2 +-
libraries/librewrite/context.c | 2 +-
libraries/librewrite/info.c | 2 +-
libraries/librewrite/ldapmap.c | 2 +-
libraries/librewrite/map.c | 2 +-
libraries/librewrite/params.c | 2 +-
libraries/librewrite/parse.c | 2 +-
libraries/librewrite/rewrite-int.h | 2 +-
libraries/librewrite/rewrite-map.h | 2 +-
libraries/librewrite/rewrite.c | 2 +-
libraries/librewrite/rule.c | 2 +-
libraries/librewrite/session.c | 2 +-
libraries/librewrite/subst.c | 2 +-
libraries/librewrite/var.c | 2 +-
libraries/librewrite/xmap.c | 2 +-
servers/Makefile.in | 2 +-
servers/slapd/Makefile.in | 2 +-
servers/slapd/abandon.c | 2 +-
servers/slapd/aci.c | 2 +-
servers/slapd/acl.c | 2 +-
servers/slapd/aclparse.c | 2 +-
servers/slapd/ad.c | 2 +-
servers/slapd/add.c | 2 +-
servers/slapd/alock.c | 2 +-
servers/slapd/alock.h | 2 +-
servers/slapd/at.c | 2 +-
servers/slapd/attr.c | 2 +-
servers/slapd/ava.c | 2 +-
servers/slapd/back-bdb/Makefile.in | 2 +-
servers/slapd/back-bdb/add.c | 2 +-
servers/slapd/back-bdb/attr.c | 2 +-
servers/slapd/back-bdb/back-bdb.h | 2 +-
servers/slapd/back-bdb/bind.c | 2 +-
servers/slapd/back-bdb/cache.c | 2 +-
servers/slapd/back-bdb/compare.c | 2 +-
servers/slapd/back-bdb/config.c | 6 +-
servers/slapd/back-bdb/dbcache.c | 2 +-
servers/slapd/back-bdb/delete.c | 2 +-
servers/slapd/back-bdb/dn2entry.c | 2 +-
servers/slapd/back-bdb/dn2id.c | 2 +-
servers/slapd/back-bdb/error.c | 2 +-
servers/slapd/back-bdb/extended.c | 2 +-
servers/slapd/back-bdb/filterindex.c | 2 +-
servers/slapd/back-bdb/id2entry.c | 2 +-
servers/slapd/back-bdb/idl.c | 2 +-
servers/slapd/back-bdb/idl.h | 2 +-
servers/slapd/back-bdb/index.c | 2 +-
servers/slapd/back-bdb/init.c | 2 +-
servers/slapd/back-bdb/key.c | 2 +-
servers/slapd/back-bdb/modify.c | 2 +-
servers/slapd/back-bdb/modrdn.c | 2 +-
servers/slapd/back-bdb/monitor.c | 2 +-
servers/slapd/back-bdb/nextid.c | 2 +-
servers/slapd/back-bdb/operational.c | 2 +-
servers/slapd/back-bdb/proto-bdb.h | 2 +-
servers/slapd/back-bdb/referral.c | 2 +-
servers/slapd/back-bdb/search.c | 2 +-
servers/slapd/back-bdb/tools.c | 2 +-
servers/slapd/back-bdb/trans.c | 2 +-
servers/slapd/back-dnssrv/Makefile.in | 2 +-
servers/slapd/back-dnssrv/bind.c | 2 +-
servers/slapd/back-dnssrv/compare.c | 2 +-
servers/slapd/back-dnssrv/config.c | 2 +-
servers/slapd/back-dnssrv/init.c | 2 +-
servers/slapd/back-dnssrv/proto-dnssrv.h | 2 +-
servers/slapd/back-dnssrv/referral.c | 2 +-
servers/slapd/back-dnssrv/search.c | 2 +-
servers/slapd/back-hdb/Makefile.in | 2 +-
servers/slapd/back-hdb/back-bdb.h | 2 +-
servers/slapd/back-ldap/Makefile.in | 2 +-
servers/slapd/back-ldap/add.c | 2 +-
servers/slapd/back-ldap/back-ldap.h | 2 +-
servers/slapd/back-ldap/bind.c | 4 +-
servers/slapd/back-ldap/chain.c | 2 +-
servers/slapd/back-ldap/compare.c | 2 +-
servers/slapd/back-ldap/config.c | 2 +-
servers/slapd/back-ldap/delete.c | 2 +-
servers/slapd/back-ldap/distproc.c | 2 +-
servers/slapd/back-ldap/extended.c | 2 +-
servers/slapd/back-ldap/init.c | 2 +-
servers/slapd/back-ldap/modify.c | 2 +-
servers/slapd/back-ldap/modrdn.c | 2 +-
servers/slapd/back-ldap/monitor.c | 2 +-
servers/slapd/back-ldap/pbind.c | 2 +-
servers/slapd/back-ldap/proto-ldap.h | 2 +-
servers/slapd/back-ldap/search.c | 32 +-
servers/slapd/back-ldap/unbind.c | 2 +-
servers/slapd/back-ldif/Makefile.in | 2 +-
servers/slapd/back-ldif/ldif.c | 2 +-
servers/slapd/back-mdb/Makefile.in | 2 +-
servers/slapd/back-mdb/add.c | 6 +-
servers/slapd/back-mdb/attr.c | 2 +-
servers/slapd/back-mdb/back-mdb.h | 6 +-
servers/slapd/back-mdb/bind.c | 2 +-
servers/slapd/back-mdb/compare.c | 2 +-
servers/slapd/back-mdb/config.c | 9 +-
servers/slapd/back-mdb/delete.c | 2 +-
servers/slapd/back-mdb/dn2entry.c | 2 +-
servers/slapd/back-mdb/dn2id.c | 2 +-
servers/slapd/back-mdb/extended.c | 2 +-
servers/slapd/back-mdb/filterindex.c | 2 +-
servers/slapd/back-mdb/id2entry.c | 2 +-
servers/slapd/back-mdb/idl.c | 2 +-
servers/slapd/back-mdb/idl.h | 2 +-
servers/slapd/back-mdb/index.c | 2 +-
servers/slapd/back-mdb/init.c | 3 +-
servers/slapd/back-mdb/key.c | 2 +-
servers/slapd/back-mdb/modify.c | 7 +-
servers/slapd/back-mdb/modrdn.c | 2 +-
servers/slapd/back-mdb/monitor.c | 2 +-
servers/slapd/back-mdb/nextid.c | 2 +-
servers/slapd/back-mdb/operational.c | 2 +-
servers/slapd/back-mdb/proto-mdb.h | 2 +-
servers/slapd/back-mdb/referral.c | 2 +-
servers/slapd/back-mdb/search.c | 60 +-
servers/slapd/back-mdb/tools.c | 4 +-
servers/slapd/back-meta/Makefile.in | 2 +-
servers/slapd/back-meta/add.c | 2 +-
servers/slapd/back-meta/back-meta.h | 2 +-
servers/slapd/back-meta/bind.c | 2 +-
servers/slapd/back-meta/candidates.c | 2 +-
servers/slapd/back-meta/compare.c | 2 +-
servers/slapd/back-meta/config.c | 2 +-
servers/slapd/back-meta/conn.c | 2 +-
servers/slapd/back-meta/delete.c | 2 +-
servers/slapd/back-meta/dncache.c | 2 +-
servers/slapd/back-meta/init.c | 2 +-
servers/slapd/back-meta/map.c | 2 +-
servers/slapd/back-meta/modify.c | 2 +-
servers/slapd/back-meta/modrdn.c | 2 +-
servers/slapd/back-meta/proto-meta.h | 2 +-
servers/slapd/back-meta/search.c | 2 +-
servers/slapd/back-meta/suffixmassage.c | 2 +-
servers/slapd/back-meta/unbind.c | 2 +-
servers/slapd/back-monitor/Makefile.in | 2 +-
servers/slapd/back-monitor/back-monitor.h | 2 +-
servers/slapd/back-monitor/backend.c | 2 +-
servers/slapd/back-monitor/bind.c | 2 +-
servers/slapd/back-monitor/cache.c | 2 +-
servers/slapd/back-monitor/compare.c | 2 +-
servers/slapd/back-monitor/conn.c | 2 +-
servers/slapd/back-monitor/database.c | 2 +-
servers/slapd/back-monitor/entry.c | 2 +-
servers/slapd/back-monitor/init.c | 2 +-
servers/slapd/back-monitor/listener.c | 2 +-
servers/slapd/back-monitor/log.c | 2 +-
servers/slapd/back-monitor/modify.c | 2 +-
servers/slapd/back-monitor/operation.c | 2 +-
servers/slapd/back-monitor/operational.c | 2 +-
servers/slapd/back-monitor/overlay.c | 2 +-
servers/slapd/back-monitor/proto-back-monitor.h | 2 +-
servers/slapd/back-monitor/rww.c | 2 +-
servers/slapd/back-monitor/search.c | 2 +-
servers/slapd/back-monitor/sent.c | 2 +-
servers/slapd/back-monitor/thread.c | 2 +-
servers/slapd/back-monitor/time.c | 2 +-
servers/slapd/back-ndb/Makefile.in | 2 +-
servers/slapd/back-ndb/add.cpp | 2 +-
servers/slapd/back-ndb/back-ndb.h | 2 +-
servers/slapd/back-ndb/bind.cpp | 2 +-
servers/slapd/back-ndb/compare.cpp | 2 +-
servers/slapd/back-ndb/config.cpp | 2 +-
servers/slapd/back-ndb/delete.cpp | 2 +-
servers/slapd/back-ndb/init.cpp | 2 +-
servers/slapd/back-ndb/modify.cpp | 2 +-
servers/slapd/back-ndb/modrdn.cpp | 2 +-
servers/slapd/back-ndb/ndbio.cpp | 2 +-
servers/slapd/back-ndb/proto-ndb.h | 2 +-
servers/slapd/back-ndb/search.cpp | 2 +-
servers/slapd/back-ndb/tools.cpp | 2 +-
servers/slapd/back-null/Makefile.in | 2 +-
servers/slapd/back-null/null.c | 102 +-
servers/slapd/back-passwd/Makefile.in | 2 +-
servers/slapd/back-passwd/back-passwd.h | 2 +-
servers/slapd/back-passwd/config.c | 2 +-
servers/slapd/back-passwd/init.c | 2 +-
servers/slapd/back-passwd/proto-passwd.h | 2 +-
servers/slapd/back-passwd/search.c | 2 +-
servers/slapd/back-perl/Makefile.in | 2 +-
servers/slapd/back-perl/SampleLDAP.pm | 2 +-
servers/slapd/back-perl/add.c | 2 +-
servers/slapd/back-perl/asperl_undefs.h | 2 +-
servers/slapd/back-perl/bind.c | 2 +-
servers/slapd/back-perl/close.c | 2 +-
servers/slapd/back-perl/compare.c | 2 +-
servers/slapd/back-perl/config.c | 2 +-
servers/slapd/back-perl/delete.c | 2 +-
servers/slapd/back-perl/init.c | 2 +-
servers/slapd/back-perl/modify.c | 2 +-
servers/slapd/back-perl/modrdn.c | 2 +-
servers/slapd/back-perl/perl_back.h | 2 +-
servers/slapd/back-perl/proto-perl.h | 2 +-
servers/slapd/back-perl/search.c | 2 +-
servers/slapd/back-relay/Makefile.in | 2 +-
servers/slapd/back-relay/back-relay.h | 2 +-
servers/slapd/back-relay/init.c | 4 +-
servers/slapd/back-relay/op.c | 2 +-
servers/slapd/back-relay/proto-back-relay.h | 2 +-
servers/slapd/back-shell/Makefile.in | 2 +-
servers/slapd/back-shell/add.c | 2 +-
servers/slapd/back-shell/bind.c | 2 +-
servers/slapd/back-shell/compare.c | 2 +-
servers/slapd/back-shell/config.c | 2 +-
servers/slapd/back-shell/delete.c | 2 +-
servers/slapd/back-shell/fork.c | 2 +-
servers/slapd/back-shell/init.c | 2 +-
servers/slapd/back-shell/modify.c | 2 +-
servers/slapd/back-shell/modrdn.c | 2 +-
servers/slapd/back-shell/proto-shell.h | 2 +-
servers/slapd/back-shell/result.c | 2 +-
servers/slapd/back-shell/search.c | 2 +-
servers/slapd/back-shell/searchexample.conf | 2 +-
servers/slapd/back-shell/searchexample.sh | 2 +-
servers/slapd/back-shell/shell.h | 2 +-
servers/slapd/back-shell/unbind.c | 2 +-
servers/slapd/back-sock/Makefile.in | 2 +-
servers/slapd/back-sock/add.c | 2 +-
servers/slapd/back-sock/back-sock.h | 2 +-
servers/slapd/back-sock/bind.c | 2 +-
servers/slapd/back-sock/compare.c | 2 +-
servers/slapd/back-sock/config.c | 2 +-
servers/slapd/back-sock/delete.c | 2 +-
servers/slapd/back-sock/init.c | 2 +-
servers/slapd/back-sock/modify.c | 2 +-
servers/slapd/back-sock/modrdn.c | 2 +-
servers/slapd/back-sock/opensock.c | 2 +-
servers/slapd/back-sock/proto-sock.h | 2 +-
servers/slapd/back-sock/result.c | 2 +-
servers/slapd/back-sock/search.c | 2 +-
servers/slapd/back-sock/searchexample.conf | 2 +-
servers/slapd/back-sock/searchexample.pl | 2 +-
servers/slapd/back-sock/unbind.c | 2 +-
servers/slapd/back-sql/Makefile.in | 2 +-
servers/slapd/back-sql/add.c | 2 +-
servers/slapd/back-sql/api.c | 2 +-
servers/slapd/back-sql/back-sql.h | 2 +-
servers/slapd/back-sql/bind.c | 2 +-
servers/slapd/back-sql/compare.c | 2 +-
servers/slapd/back-sql/config.c | 9 +-
servers/slapd/back-sql/delete.c | 2 +-
servers/slapd/back-sql/entry-id.c | 2 +-
servers/slapd/back-sql/init.c | 2 +-
servers/slapd/back-sql/modify.c | 2 +-
servers/slapd/back-sql/modrdn.c | 2 +-
servers/slapd/back-sql/operational.c | 2 +-
servers/slapd/back-sql/proto-sql.h | 2 +-
.../rdbms_depend/timesten/dnreverse/Makefile | 2 +-
.../rdbms_depend/timesten/dnreverse/dnreverse.cpp | 2 +-
servers/slapd/back-sql/schema-map.c | 2 +-
servers/slapd/back-sql/search.c | 2 +-
servers/slapd/back-sql/sql-wrap.c | 2 +-
servers/slapd/back-sql/util.c | 2 +-
servers/slapd/backend.c | 2 +-
servers/slapd/backglue.c | 2 +-
servers/slapd/backover.c | 2 +-
servers/slapd/bconfig.c | 2 +-
servers/slapd/bind.c | 2 +-
servers/slapd/cancel.c | 2 +-
servers/slapd/ch_malloc.c | 2 +-
servers/slapd/compare.c | 2 +-
servers/slapd/component.c | 2 +-
servers/slapd/component.h | 2 +-
servers/slapd/config.c | 30 +-
servers/slapd/config.h | 3 +-
servers/slapd/connection.c | 5 +-
servers/slapd/controls.c | 3 +-
servers/slapd/cr.c | 2 +-
servers/slapd/ctxcsn.c | 6 +-
servers/slapd/daemon.c | 2 +-
servers/slapd/delete.c | 2 +-
servers/slapd/dn.c | 2 +-
servers/slapd/entry.c | 2 +-
servers/slapd/extended.c | 2 +-
servers/slapd/filter.c | 2 +-
servers/slapd/filterentry.c | 2 +-
servers/slapd/frontend.c | 2 +-
servers/slapd/globals.c | 2 +-
servers/slapd/index.c | 2 +-
servers/slapd/init.c | 2 +-
servers/slapd/ldapsync.c | 2 +-
servers/slapd/limits.c | 2 +-
servers/slapd/lock.c | 2 +-
servers/slapd/main.c | 2 +-
servers/slapd/matchedValues.c | 2 +-
servers/slapd/modify.c | 2 +-
servers/slapd/modrdn.c | 2 +-
servers/slapd/mods.c | 8 +-
servers/slapd/module.c | 2 +-
servers/slapd/mr.c | 2 +-
servers/slapd/mra.c | 2 +-
servers/slapd/nt_svc.c | 2 +-
servers/slapd/oc.c | 2 +-
servers/slapd/oidm.c | 2 +-
servers/slapd/operation.c | 2 +-
servers/slapd/operational.c | 2 +-
servers/slapd/overlays/Makefile.in | 2 +-
servers/slapd/overlays/accesslog.c | 59 +-
servers/slapd/overlays/auditlog.c | 2 +-
servers/slapd/overlays/collect.c | 2 +-
servers/slapd/overlays/dds.c | 14 +-
servers/slapd/overlays/deref.c | 2 +-
servers/slapd/overlays/dyngroup.c | 2 +-
servers/slapd/overlays/dynlist.c | 2 +-
servers/slapd/overlays/overlays.c | 2 +-
servers/slapd/overlays/pcache.c | 2 +-
servers/slapd/overlays/ppolicy.c | 92 +-
servers/slapd/overlays/refint.c | 164 +-
servers/slapd/overlays/retcode.c | 2 +-
servers/slapd/overlays/rwm.c | 23 +-
servers/slapd/overlays/rwm.h | 2 +-
servers/slapd/overlays/rwmconf.c | 2 +-
servers/slapd/overlays/rwmdn.c | 2 +-
servers/slapd/overlays/rwmmap.c | 2 +-
servers/slapd/overlays/seqmod.c | 2 +-
servers/slapd/overlays/sssvlv.c | 2 +-
servers/slapd/overlays/syncprov.c | 37 +-
servers/slapd/overlays/translucent.c | 2 +-
servers/slapd/overlays/unique.c | 2 +-
servers/slapd/overlays/valsort.c | 2 +-
servers/slapd/passwd.c | 2 +-
servers/slapd/phonetic.c | 2 +-
servers/slapd/proto-slap.h | 4 +-
servers/slapd/referral.c | 2 +-
servers/slapd/result.c | 2 +-
servers/slapd/root_dse.c | 2 +-
servers/slapd/sasl.c | 2 +-
servers/slapd/saslauthz.c | 7 +-
servers/slapd/schema.c | 2 +-
servers/slapd/schema/README | 2 +-
servers/slapd/schema/collective.ldif | 2 +-
servers/slapd/schema/corba.ldif | 2 +-
servers/slapd/schema/cosine.ldif | 2 +-
servers/slapd/schema/duaconf.ldif | 2 +-
servers/slapd/schema/dyngroup.ldif | 2 +-
servers/slapd/schema/dyngroup.schema | 2 +-
servers/slapd/schema/inetorgperson.ldif | 2 +-
servers/slapd/schema/java.ldif | 2 +-
servers/slapd/schema/misc.ldif | 2 +-
servers/slapd/schema/misc.schema | 2 +-
servers/slapd/schema/nis.ldif | 2 +-
servers/slapd/schema/nis.schema | 2 +-
servers/slapd/schema/openldap.ldif | 2 +-
servers/slapd/schema/openldap.schema | 2 +-
servers/slapd/schema/pmi.ldif | 2 +-
servers/slapd/schema/ppolicy.ldif | 7 +-
servers/slapd/schema_check.c | 2 +-
servers/slapd/schema_init.c | 2 +-
servers/slapd/schema_prep.c | 2 +-
servers/slapd/schemaparse.c | 2 +-
servers/slapd/search.c | 2 +-
servers/slapd/sets.c | 2 +-
servers/slapd/sets.h | 2 +-
servers/slapd/shell-backends/Makefile.in | 2 +-
servers/slapd/shell-backends/passwd-shell.c | 2 +-
servers/slapd/shell-backends/shellutil.c | 2 +-
servers/slapd/shell-backends/shellutil.h | 2 +-
servers/slapd/sl_malloc.c | 9 +-
servers/slapd/slap.h | 2 +-
servers/slapd/slapacl.c | 2 +-
servers/slapd/slapadd.c | 2 +-
servers/slapd/slapauth.c | 2 +-
servers/slapd/slapcat.c | 2 +-
servers/slapd/slapcommon.c | 2 +-
servers/slapd/slapcommon.h | 2 +-
servers/slapd/slapd.conf | 8 +-
servers/slapd/slapdn.c | 2 +-
servers/slapd/slapi/Makefile.in | 2 +-
servers/slapd/slapi/plugin.c | 2 +-
servers/slapd/slapi/printmsg.c | 2 +-
servers/slapd/slapi/proto-slapi.h | 2 +-
servers/slapd/slapi/slapi.h | 2 +-
servers/slapd/slapi/slapi_dn.c | 2 +-
servers/slapd/slapi/slapi_ext.c | 2 +-
servers/slapd/slapi/slapi_ops.c | 2 +-
servers/slapd/slapi/slapi_overlay.c | 2 +-
servers/slapd/slapi/slapi_pblock.c | 2 +-
servers/slapd/slapi/slapi_utils.c | 2 +-
servers/slapd/slapindex.c | 2 +-
servers/slapd/slappasswd.c | 2 +-
servers/slapd/slapschema.c | 2 +-
servers/slapd/slaptest.c | 2 +-
servers/slapd/starttls.c | 2 +-
servers/slapd/str2filter.c | 2 +-
servers/slapd/syncrepl.c | 7 +-
servers/slapd/syntax.c | 2 +-
servers/slapd/txn.c | 2 +-
servers/slapd/unbind.c | 2 +-
servers/slapd/user.c | 2 +-
servers/slapd/value.c | 2 +-
servers/slapd/zn_malloc.c | 2 +-
tests/Makefile.in | 2 +-
tests/data/ditcontentrules.conf | 2 +-
tests/data/ndb.conf | 2 +-
tests/data/regressions/its4184/its4184 | 2 +-
tests/data/regressions/its4326/its4326 | 2 +-
tests/data/regressions/its4326/slapd.conf | 2 +-
tests/data/regressions/its4336/its4336 | 2 +-
tests/data/regressions/its4336/slapd.conf | 2 +-
tests/data/regressions/its4337/its4337 | 2 +-
tests/data/regressions/its4337/slapd.conf | 2 +-
tests/data/regressions/its4448/its4448 | 2 +-
tests/data/regressions/its4448/slapd-meta.conf | 2 +-
tests/data/regressions/its6794/its6794 | 2 +-
tests/data/regressions/its6794/slapd-glue.conf | 2 +-
tests/data/retcode.conf | 2 +-
tests/data/slapd-2db.conf | 2 +-
tests/data/slapd-aci.conf | 2 +-
tests/data/slapd-acl.conf | 2 +-
tests/data/slapd-cache-master.conf | 2 +-
tests/data/slapd-chain1.conf | 2 +-
tests/data/slapd-chain2.conf | 2 +-
tests/data/slapd-component.conf | 2 +-
tests/data/slapd-dds.conf | 2 +-
tests/data/slapd-deltasync-master.conf | 2 +-
tests/data/slapd-deltasync-slave.conf | 2 +-
tests/data/slapd-dn.conf | 2 +-
tests/data/slapd-dnssrv.conf | 2 +-
tests/data/slapd-dynlist.conf | 2 +-
tests/data/slapd-emptydn.conf | 2 +-
tests/data/slapd-glue-ldap.conf | 2 +-
tests/data/slapd-glue-syncrepl1.conf | 2 +-
tests/data/slapd-glue-syncrepl2.conf | 2 +-
tests/data/slapd-glue.conf | 2 +-
tests/data/slapd-idassert.conf | 2 +-
tests/data/slapd-ldapglue.conf | 2 +-
tests/data/slapd-ldapgluegroups.conf | 2 +-
tests/data/slapd-ldapgluepeople.conf | 2 +-
tests/data/slapd-limits.conf | 2 +-
tests/data/slapd-master.conf | 2 +-
tests/data/slapd-meta-target1.conf | 2 +-
tests/data/slapd-meta-target2.conf | 2 +-
tests/data/slapd-meta.conf | 2 +-
tests/data/slapd-nis-master.conf | 2 +-
tests/data/slapd-passwd.conf | 2 +-
tests/data/slapd-ppolicy.conf | 2 +-
tests/data/slapd-proxycache.conf | 2 +-
tests/data/slapd-pw.conf | 2 +-
tests/data/slapd-ref-slave.conf | 2 +-
tests/data/slapd-referrals.conf | 2 +-
tests/data/slapd-refint.conf | 2 +-
tests/data/slapd-relay.conf | 2 +-
tests/data/slapd-repl-slave-remote.conf | 2 +-
tests/data/slapd-retcode.conf | 2 +-
tests/data/slapd-schema.conf | 2 +-
tests/data/slapd-sql-syncrepl-master.conf | 2 +-
tests/data/slapd-sql.conf | 2 +-
tests/data/slapd-syncrepl-master.conf | 2 +-
tests/data/slapd-syncrepl-multiproxy.conf | 2 +-
tests/data/slapd-syncrepl-slave-persist-ldap.conf | 2 +-
tests/data/slapd-syncrepl-slave-persist1.conf | 2 +-
tests/data/slapd-syncrepl-slave-persist3.conf | 2 +-
tests/data/slapd-syncrepl-slave-refresh1.conf | 2 +-
tests/data/slapd-syncrepl-slave-refresh2.conf | 2 +-
tests/data/slapd-translucent-local.conf | 2 +-
tests/data/slapd-translucent-remote.conf | 2 +-
tests/data/slapd-unique.conf | 2 +-
tests/data/slapd-valregex.conf | 2 +-
tests/data/slapd-valsort.conf | 2 +-
tests/data/slapd-whoami.conf | 2 +-
tests/data/slapd.conf | 2 +-
tests/data/slapd2.conf | 2 +-
tests/data/test.schema | 2 +-
tests/progs/Makefile.in | 2 +-
tests/progs/ldif-filter.c | 24 +-
tests/progs/slapd-addel.c | 2 +-
tests/progs/slapd-bind.c | 2 +-
tests/progs/slapd-common.c | 2 +-
tests/progs/slapd-common.h | 2 +-
tests/progs/slapd-modify.c | 2 +-
tests/progs/slapd-modrdn.c | 2 +-
tests/progs/slapd-mtread.c | 2 +-
tests/progs/slapd-read.c | 2 +-
tests/progs/slapd-search.c | 2 +-
tests/progs/slapd-tester.c | 20 +-
tests/run.in | 2 +-
tests/scripts/all | 2 +-
tests/scripts/conf.sh | 2 +-
tests/scripts/defines.sh | 2 +-
tests/scripts/its-all | 2 +-
tests/scripts/monitor_data.sh | 2 +-
tests/scripts/passwd-search | 2 +-
tests/scripts/relay | 2 +-
tests/scripts/sql-all | 2 +-
tests/scripts/sql-test000-read | 2 +-
tests/scripts/sql-test001-concurrency | 2 +-
tests/scripts/sql-test900-write | 2 +-
tests/scripts/sql-test901-syncrepl | 2 +-
tests/scripts/start-server | 2 +-
tests/scripts/start-server-nolog | 2 +-
tests/scripts/start-server2 | 2 +-
tests/scripts/start-server2-nolog | 2 +-
tests/scripts/startup_nis_ldap_server.sh | 2 +-
tests/scripts/test000-rootdse | 2 +-
tests/scripts/test001-slapadd | 2 +-
tests/scripts/test002-populate | 2 +-
tests/scripts/test003-search | 2 +-
tests/scripts/test004-modify | 2 +-
tests/scripts/test005-modrdn | 2 +-
tests/scripts/test006-acls | 2 +-
tests/scripts/test008-concurrency | 2 +-
tests/scripts/test009-referral | 2 +-
tests/scripts/test010-passwd | 2 +-
tests/scripts/test011-glue-slapadd | 2 +-
tests/scripts/test012-glue-populate | 2 +-
tests/scripts/test013-language | 2 +-
tests/scripts/test014-whoami | 2 +-
tests/scripts/test015-xsearch | 2 +-
tests/scripts/test016-subref | 2 +-
tests/scripts/test017-syncreplication-refresh | 2 +-
tests/scripts/test018-syncreplication-persist | 2 +-
tests/scripts/test019-syncreplication-cascade | 2 +-
tests/scripts/test020-proxycache | 2 +-
tests/scripts/test021-certificate | 2 +-
tests/scripts/test022-ppolicy | 2 +-
tests/scripts/test023-refint | 2 +-
tests/scripts/test024-unique | 2 +-
tests/scripts/test025-limits | 2 +-
tests/scripts/test026-dn | 2 +-
tests/scripts/test027-emptydn | 2 +-
tests/scripts/test028-idassert | 2 +-
tests/scripts/test029-ldapglue | 2 +-
tests/scripts/test030-relay | 2 +-
tests/scripts/test031-component-filter | 2 +-
tests/scripts/test032-chain | 2 +-
tests/scripts/test033-glue-syncrepl | 2 +-
tests/scripts/test034-translucent | 2 +-
tests/scripts/test035-meta | 2 +-
tests/scripts/test036-meta-concurrency | 2 +-
tests/scripts/test037-manage | 2 +-
tests/scripts/test038-retcode | 2 +-
tests/scripts/test039-glue-ldap-concurrency | 2 +-
tests/scripts/test040-subtree-rename | 2 +-
tests/scripts/test041-aci | 2 +-
tests/scripts/test042-valsort | 2 +-
tests/scripts/test043-delta-syncrepl | 12 +-
tests/scripts/test044-dynlist | 2 +-
tests/scripts/test045-syncreplication-proxied | 2 +-
tests/scripts/test046-dds | 2 +-
tests/scripts/test047-ldap | 2 +-
tests/scripts/test048-syncrepl-multiproxy | 2 +-
tests/scripts/test049-sync-config | 2 +-
tests/scripts/test050-syncrepl-multimaster | 2 +-
tests/scripts/test051-config-undo | 2 +-
tests/scripts/test052-memberof | 2 +-
.../scripts/test054-syncreplication-parallel-load | 2 +-
tests/scripts/test055-valregex | 2 +-
tests/scripts/test056-monitor | 2 +-
tests/scripts/test057-memberof-refint | 2 +-
tests/scripts/test058-syncrepl-asymmetric | 2 +-
tests/scripts/test059-slave-config | 2 +-
tests/scripts/test060-mt-hot | 2 +-
tests/scripts/test061-syncreplication-initiation | 3 +-
tests/scripts/test063-delta-multimaster | 4 +-
1195 files changed, 6474 insertions(+), 8056 deletions(-)
diff --cc debian/changelog
index 0f3d917,00dd9f0,0000000..dcb974c
mode 100644,100644,000000..100644
--- a/debian/changelog
+++ b/debian/changelog
@@@@ -1,4612 -1,3011 -1,0 +1,4739 @@@@
+++openldap (2.4.44+dfsg-3ubuntu1) zesty; urgency=medium
+++
+++ * Merge with Debian unstable (LP: #1663702, LP: #1654416). Remaining
+++ changes
+++ - Enable AppArmor support:
+++ - d/apparmor-profile: add AppArmor profile
+++ - d/rules: use dh_apparmor
+++ - d/control: Build-Depends on dh-apparmor
+++ - d/slapd.README.Debian: add note about AppArmor
+++ - Enable GSSAPI support:
+++ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
+++ - Add --with-gssapi support
+++ - Make guess_service_principal() more robust when determining
+++ principal
+++ - d/configure.options: Configure with --with-gssapi
+++ - d/control: Added heimdal-dev as a build depend
+++ - d/rules:
+++ - Explicitly add -I/usr/include/heimdal to CFLAGS.
+++ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
+++ - Enable ufw support:
+++ - d/control: suggest ufw.
+++ - d/rules: install ufw profile.
+++ - d/slapd.ufw.profile: add ufw profile.
+++ - Enable nss overlay:
+++ - d/{patches/nssov-build,rules}: Apply, build and package the
+++ nss overlay.
+++ - d/{rules,slapd.py}: Add apport hook.
+++ [ d/rules modification mentioned above was dropped in
+++ 2.4.23-6ubuntu1, re-adding it ]
+++ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
+++ either the default DIT nor via an Authn mapping.
+++ - d/slapd.scripts-common:
+++ - add slapcat_opts to local variables.
+++ - Fix backup directory naming for multiple reconfiguration.
+++ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
+++ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
+++ in the openldap library, as required by Likewise-Open
+++ - Show distribution in version:
+++ - d/control: added lsb-release
+++ - d/patches/fix-ldap-distribution.patch: show distribution in version
+++ [ Refreshed patch ]
+++ - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
+++ - CLDAP (UDP) was added in 2.4.17-1ubuntu2
+++ - GSSAPI support was enabled in 2.4.18-0ubuntu2
+++ [ undocumented in prior merge, added in 2.4.41+dfsg-1ubuntu1 ]
+++ - Fix use after free with GnuTLS. (LP #1557248)
+++ * Drop:
+++ - d/slapd.scripts-common:
+++ + Remove unused variable new_conf.
+++ [ configure_v2_protocol_support function removed in 2.4.44+dfsg-1 ]
+++ - d/b/config.log: add config.log
+++ [ previously undocumented, stray change ]
+++
+++ -- Nishanth Aravamudan <nish.aravamudan at canonical.com> Fri, 10 Feb 2017 11:38:57 -0800
+++
+ +openldap (2.4.44+dfsg-3) unstable; urgency=medium
+ +
+ + * Apply upstream patch to fix FTBFS on kFreeBSD. (Closes: #845394)
+ + * Restore heimdal support to the smbk5pwd overlay.
+ +
+ + -- Ryan Tandy <ryan at nardis.ca> Sun, 01 Jan 2017 19:47:36 -0800
+ +
+ +openldap (2.4.44+dfsg-2) unstable; urgency=medium
+ +
+ + [ Ryan Tandy ]
+ + * Update Standards-Version to 3.9.8; no changes required.
+ + * Enable dh_makeshlibs for libldap-2.4-2. Remove libldap-2.4-2.postinst, now
+ + replaced by the automatic ldconfig trigger.
+ + * Don't execute slapd's override_dh_install when building only
+ + arch-independent packages. (Closes: #845506)
+ + * Override lintian false positives on slapd.README.Debian,
+ + slapd-smbk5pwd.postinst, and slapd-smbk5pwd triggering ldconfig.
+ + * Perform permissions changes in override_dh_fixperms instead of in
+ + override_dh_install.
+ + * Remove manual chmod of schema files since dh_fixperms sets correct
+ + permissions automatically.
+ + * Fix slapd-smbk5pwd failing to upgrade when there are no instances of the
+ + overlay configured.
+ +
+ + [ Helmut Grohne ]
+ + * Fix FTCBFS: Pass CC to make explicitly. (Closes: #839251)
+ +
+ + -- Ryan Tandy <ryan at nardis.ca> Thu, 01 Dec 2016 19:40:20 -0800
+ +
+ +openldap (2.4.44+dfsg-1) unstable; urgency=medium
+ +
+ + [ Ryan Tandy ]
+ + * New upstream release.
+ + - Fixed ppolicy not unlocking policy entry after initialization failure
+ + (ITS#7537) (Closes: #702414)
+ + * Drop ITS8240-remove-obsolete-assert.patch, included upstream.
+ + * Update debian/schema/ppolicy.schema to add the pwdMaxRecordedFailure
+ + attribute.
+ + * Update libldap-2.4-2.symbols with new ldap_build_*_req symbols.
+ + * Mark the build target in debian/rules as phony, since the upstream source
+ + includes a build/ directory.
+ + * Correct the list of files to be cleaned for the pw-sha2 contrib module.
+ + * Fix a typo (slpad -> slapd) in the Catalan debconf translation.
+ + * Disable OpenSLP support and remove libslp-dev from Build-Depends.
+ + (Closes: #815364)
+ + * Ensure /var/run/slapd exists when starting slapd, even if the pid file is
+ + somewhere else. Thanks to Dave Beach for the report. (Closes: #815571)
+ + * Create the pidfile directory when starting slapd, but not when running the
+ + init script in other modes.
+ + * Remove support for enabling the obsolete LDAPv2 protocol via debconf.
+ + * debian/copyright: Update the OpenLDAP copyright and license.
+ + * debian/control: Update VCS URIs to the modern canonical form.
+ + * Override Lintian errors about schema files derived from RFC documents.
+ + Copyrightable content has been removed from these files; however, the
+ + copyright notices have been retained to preserve attribution.
+ + * On upgrade, if the cn=config database contains the ppolicy schema, add the
+ + new pwdMaxRecordedFailure attribute to it.
+ + * Add debian/patches/set-maintainer-name to omit the builder's username and
+ + working directory from version strings and thereby make the build
+ + reproducible. Thanks to Daniel Shahaf for the patch. (Closes: #833179)
+ + * Build smbk5pwd without Kerberos support and drop the build-dependency on
+ + heimdal. (Closes: #836885)
+ + * On upgrade, comment the krb5 setting on any instances of the smbk5pwd
+ + overlay in slapd.conf. Require cn=config users to disable krb5 manually
+ + before upgrading.
+ +
+ + [ Helmut Grohne ]
+ + * Fix policy 8.2 violation (Closes: #330695)
+ + + Move /etc/ldap/ldap.conf and manpage to new package libldap-common.
+ +
+ + -- Ryan Tandy <ryan at nardis.ca> Mon, 14 Nov 2016 18:59:30 -0800
+ +
++openldap (2.4.42+dfsg-2ubuntu5) zesty; urgency=medium
++
++ * No-change rebuild for perl 5.24 transition
++
++ -- Iain Lane <iain at orangesquash.org.uk> Mon, 24 Oct 2016 10:37:13 +0100
++
++openldap (2.4.42+dfsg-2ubuntu4) yakkety; urgency=medium
++
++ * Fix use after free with GnuTLS. (LP: #1557248)
++
++ -- Maciej Puzio <maciej at work.swmed.edu> Fri, 25 Mar 2016 15:24:25 -0500
++
++openldap (2.4.42+dfsg-2ubuntu3) xenial; urgency=medium
++
++ * Fix building with gssapi suppport:
++ - Explicitly add -I/usr/include/heimdal to CFLAGS.
++ - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
++
++ -- Matthias Klose <doko at ubuntu.com> Thu, 18 Feb 2016 09:17:27 +0100
++
++openldap (2.4.42+dfsg-2ubuntu2) xenial; urgency=medium
++
++ * No-change rebuild for gnutls transition.
++
++ -- Matthias Klose <doko at ubuntu.com> Wed, 17 Feb 2016 22:27:04 +0000
++
++openldap (2.4.42+dfsg-2ubuntu1) xenial; urgency=medium
++
++ * Merge from Debian testing (LP: #1532648). Remaining changes:
++ - Enable AppArmor support:
++ - d/apparmor-profile: add AppArmor profile
++ - d/rules: use dh_apparmor
++ - d/control: Build-Depends on dh-apparmor
++ - d/slapd.README.Debian: add note about AppArmor
++ - Enable GSSAPI support:
++ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
++ - Add --with-gssapi support
++ - Make guess_service_principal() more robust when determining
++ principal
++ - d/configure.options: Configure with --with-gssapi
++ - d/control: Added heimdal-dev as a build depend
++ - Enable ufw support:
++ - d/control: suggest ufw.
++ - d/rules: install ufw profile.
++ - d/slapd.ufw.profile: add ufw profile.
++ - Enable nss overlay:
++ - d/{patches/nssov-build,rules}: Apply, build and package the
++ nss overlay.
++ - d/{rules,slapd.py}: Add apport hook.
++ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
++ either the default DIT nor via an Authn mapping.
++ - d/slapd.scripts-common:
++ - add slapcat_opts to local variables.
++ - Remove unused variable new_conf.
++ - Fix backup directory naming for multiple reconfiguration.
++ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
++ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
++ in the openldap library, as required by Likewise-Open
++ - Show distribution in version:
++ - d/control: added lsb-release
++ - d/patches/fix-ldap-distribution.patch: show distribution in version
++ * Drop CVE-2015-6908.patch, included in Debian.
++ * Remove DEB_HOST_ARCH from debian/rules: left over from when mdb was
++ disabled on ppc64el, no longer used, and missed in the previous merge.
++
++ -- Ryan Tandy <ryan at nardis.ca> Sun, 10 Jan 2016 15:50:53 -0800
++
+openldap (2.4.42+dfsg-2) unstable; urgency=medium
+
+ [ Ryan Tandy ]
+ * Change explicit Pre-Depends: multiarch-support to ${misc:Pre-Depends}, as
+ recommended by lintian.
+ * Omit slapd, slapd-dbg, and slapd-smbk5pwd from the stage1 build profile.
+ This allows the dependency loop with heimdal to be broken for
+ bootstrapping, and the dependency on libperl-dev to be avoided for
+ cross-building. Thanks Daniel Schepler and Helmut Grohne.
+ (Closes: #724518)
+ * Apply wrap-and-sort to the Build-Depends field.
+ * Drop libncurses5-dev from Build-Depends, no longer needed since the ud
+ tool was removed in OpenLDAP 2.1.4.
+ * Drop libltdl3-dev as an alternate Build-Depends, since that package was
+ removed after lenny.
+ * Annotate Build-Depends on perl with :any to allow running the system perl
+ interpreter during cross builds.
+ * Ensure CC is set correctly for cross builds. Thanks Helmut Grohne.
+ * Build-Depend on dpkg-dev (>= 1.17.14) and debhelper (>= 9.20141010) for
+ restriction formula support.
+ * Override the 'dev-pkg-without-shlib-symlink' lintian tag. The symlink is
+ actually in the form libldap_r.so -> libldap_r-2.4.so.xyz and the tag is a
+ false positive; see #687022.
+ * Include the smbk5pwd man page in the slapd-smbk5pwd package.
+ * Allow anonymous read access to the shadowLastChange attribute by default,
+ allowing nss-ldap/nss-ldapd to handle password expiry correctly even when
+ bound anonymously. This was the only restricted shadow attribute, the
+ others were already world-readable. (Closes: #669235)
+ * Drop the redundant default ACL for dn.base="" from the database entry.
+ It's already covered by the fallback case below.
+ * Copy more comments from the slapd.conf template to slapd.init.ldif. Also
+ comment the shadowLastChange access rule.
+ * Import upstream patch to remove an unnecessary assert(0) that could be
+ triggered remotely by an unauthenticated user by sending a malformed BER
- element. (ITS#8240)
+ + element. (ITS#8240) (CVE-2015-6908) (Closes: #798622)
+
+ [ Peter Marschall ]
+ * Add a manual page slapo-smbk5pwd.5 and update smbk5pwd's Makefile to
+ install the new manual page. (Closes: #794998)
+
+ -- Ryan Tandy <ryan at nardis.ca> Thu, 10 Sep 2015 20:13:17 -0700
+
+openldap (2.4.42+dfsg-1) unstable; urgency=medium
+
+ [ Peter Marschall ]
+ * slapd.scripts-common:
+ - Use update_permissions instead of direct calls to chown and chgrp.
+ - Make variables only used within a function local to that function.
+ - Restore databases ordered by increasing suffix path length.
+ This should help configurations with databases glued together using the
+ 'subordinate' keyword / 'olcSubordinate' attribute in slapd's
+ configuration.
+ (Closes: #794996)
+ * Install slapo-lastbind.5 man page. (Closes: #794997)
+
+ [ Ryan Tandy ]
+ * slapd.scripts-common: Delete an outdated comment.
+ * New upstream release.
+ * Enable the MDB backend again on GNU/kFreeBSD. The new pthread library
+ provides all the required interfaces, and the test suite now passes.
+ Leave it disabled on the Hurd. LMDB requires POSIX semaphores, which have
+ not yet been implemented.
+ * Disable the BDB/HDB backends on the Hurd. BDB requires record locks
+ (F_SETLK), which have not yet been implemented; see #693971.
+
+ -- Ryan Tandy <ryan at nardis.ca> Fri, 21 Aug 2015 13:07:51 -0700
+
++openldap (2.4.41+dfsg-1ubuntu3) xenial; urgency=medium
++
++ * Rebuild for Perl 5.22.1.
++
++ -- Colin Watson <cjwatson at ubuntu.com> Fri, 18 Dec 2015 15:10:17 +0000
++
++openldap (2.4.41+dfsg-1ubuntu2) wily; urgency=medium
++
++ * SECURITY UPDATE: denial of service via crafted BER data
++ - debian/patches/CVE-2015-6908.patch: remove obsolete assert in
++ libraries/liblber/io.c.
++ - CVE-2015-6908
++
++ -- Marc Deslauriers <marc.deslauriers at ubuntu.com> Mon, 14 Sep 2015 10:25:04 -0400
++
++openldap (2.4.41+dfsg-1ubuntu1) wily; urgency=medium
++
++ * Merge from Debian testing (LP: #1471831). Remaining changes:
++ - Enable AppArmor support:
++ - d/apparmor-profile: add AppArmor profile
++ - d/rules: use dh_apparmor
++ - d/control: Build-Depends on dh-apparmor
++ - d/slapd.README.Debian: add note about AppArmor
++ - Enable GSSAPI support:
++ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
++ - Add --with-gssapi support
++ - Make guess_service_principal() more robust when determining
++ principal
++ - d/configure.options: Configure with --with-gssapi
++ - d/control: Added heimdal-dev as a build depend
++ - Enable ufw support:
++ - d/control: suggest ufw.
++ - d/rules: install ufw profile.
++ - d/slapd.ufw.profile: add ufw profile.
++ - Enable nss overlay:
++ - d/{patches/nssov-build,rules}: Apply, build and package the
++ nss overlay.
++ - d/{rules,slapd.py}: Add apport hook.
++ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
++ either the default DIT nor via an Authn mapping.
++ - d/slapd.scripts-common:
++ - add slapcat_opts to local variables.
++ - Remove unused variable new_conf.
++ - Fix backup directory naming for multiple reconfiguration.
++ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
++ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
++ in the openldap library, as required by Likewise-Open
++ - Show distribution in version:
++ - d/control: added lsb-release
++ - d/patches/fix-ldap-distribution.patch: show distribution in version
++ * Dropped changes:
++ - Fix cpp calls for GCC 5: fixed upstream (ITS#8056)
++ * Upstream fixes:
++ - slapd crash with auditlog overlay and large (~27KB) attribute values
++ (ITS#8003) (LP: #1461276)
++ - nssov updated to support recent nss-pam-ldapd client libraries
++ (ITS#8097) (LP: #1393306)
++ * Update d/patches/nssov-build for upstream changes.
++ * Tweak d/patches/gssapi.diff to apply without fuzz.
++ * d/libldap-2.4-2.symbols: Add symbols not present in Debian.
++ - CLDAP (UDP) was added in 2.4.17-1ubuntu2
++ - GSSAPI support was enabled in 2.4.18-0ubuntu2
++
++ -- Ryan Tandy <ryan at nardis.ca> Fri, 24 Jul 2015 14:12:06 -0700
++
+openldap (2.4.41+dfsg-1) unstable; urgency=medium
+
+ * New upstream release.
+ * Update patches for upstream changes, drop patches included upstream.
+ * debian/rules: Adjust get-orig-source target to add +dfsg to version.
+ * Convert to source format 3.0 (quilt).
+ * debian/slapd.scripts-common: Fix nesting of fold markers.
+
+ -- Ryan Tandy <ryan at nardis.ca> Wed, 08 Jul 2015 21:07:24 -0700
+
+openldap (2.4.40+dfsg-2) unstable; urgency=medium
+
+ * Actually install libldap-2.4-2.symbols.
+ * Update Standards-Version to 3.9.6.
+ * Build-Depend on debhelper (>= 9) to fix a Lintian warning.
+ * Import upstream patch to fix FTBFS with gcc-5. (Addresses #778045)
+
+ -- Ryan Tandy <ryan at nardis.ca> Sun, 28 Jun 2015 20:40:37 -0700
+
++openldap (2.4.40+dfsg-1ubuntu2) wily; urgency=medium
++
++ * No-change rebuild for the libnettle6 transition.
++
++ -- Adam Conrad <adconrad at ubuntu.com> Sun, 14 Jun 2015 03:58:30 -0600
++
++openldap (2.4.40+dfsg-1ubuntu1) wily; urgency=low
++
++ * Merge from Debian testing (LP: #1395098, LP: #1316124). Remaining changes:
++ - Enable AppArmor support:
++ - d/apparmor-profile: add AppArmor profile
++ - d/rules: use dh_apparmor
++ - d/control: Build-Depends on dh-apparmor
++ - d/slapd.README.Debian: add note about AppArmor
++ - Enable GSSAPI support:
++ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
++ - Add --with-gssapi support
++ - Make guess_service_principal() more robust when determining
++ principal
++ - d/configure.options: Configure with --with-gssapi
++ - d/control: Added heimdal-dev as a build depend
++ - Enable ufw support:
++ - d/control: suggest ufw.
++ - d/rules: install ufw profile.
++ - d/slapd.ufw.profile: add ufw profile.
++ - Enable nss overlay:
++ - d/{patches/nssov-build,rules}: Apply, build and package the
++ nss overlay.
++ - d/{rules,slapd.py}: Add apport hook.
++ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
++ either the default DIT nor via an Authn mapping.
++ - d/slapd.scripts-common:
++ - add slapcat_opts to local variables.
++ - Remove unused variable new_conf.
++ - Fix backup directory naming for multiple reconfiguration.
++ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
++ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
++ in the openldap library, as required by Likewise-Open
++ - Show distribution in version:
++ - d/control: added lsb-release
++ - d/patches/fix-ldap-distribution.patch: show distribution in version
++ * Drop patches included upstream:
++ - d/patches/0001-ITS-7430-GnuTLS-Avoid-use-of-deprecated-function.patch
++ - d/patches/bdb-deadlock.patch
++ - d/patches/its-7354-fix-delta-sync-mmr.diff
++ * Drop hardening-wrapper as Debian now sets PIE and bindnow flags.
++ * debian/patches/nssov-build: Adjust for upstream changes.
++ * debian/apparmor-profile:
++ - Change 'r' to 'rw' for ldapi and nslcd sockets, required for apparmor
++ kernel ABI v7 (utopic and later). (LP: #1392018)
++ - Reduce permissions on /run/nslcd to just the nslcd socket.
++ * Enable the mdb backend again on ppc64el, fixed upstream in ITS#7713.
++ (LP: #1293250)
++
++ -- Ryan Tandy <ryan at nardis.ca> Mon, 25 May 2015 19:49:21 -0700
++
+openldap (2.4.40+dfsg-1) unstable; urgency=medium
+
+ * Remove inetorgperson.schema from the upstream source. Replace it with a
+ copy stripped of RFC text. (Closes: #780283)
+ * Adjust debian/watch for +dfsg versioning.
+ * debian/patches/ITS7975-fix-mdb-onelevel-search.patch: Import upstream
+ patch to fix scope=onelevel searches wrongly including the search base in
+ results under the MDB backend. (ITS#7975) (Closes: #782212)
+
+ -- Ryan Tandy <ryan at nardis.ca> Thu, 09 Apr 2015 08:38:38 -0700
+
+openldap (2.4.40-4) unstable; urgency=medium
+
+ * debian/patches/ITS8027-deref-reject-empty-attr-list.patch: Import upstream
+ patch to fix a crash when a search includes the Deref control with an
+ empty attribute list. (ITS#8027) (CVE-2015-1545, Closes: #776988)
+ * debian/patches/ITS8046-fix-vrFilter_free-crash.patch: Import upstream
+ patch to fix a double free triggered by certain search queries using the
+ Matched Values control. (ITS#8046) (CVE-2015-1546, Closes: #776991)
+
+ -- Ryan Tandy <ryan at nardis.ca> Sun, 08 Feb 2015 20:19:11 +0000
+
+openldap (2.4.40-3) unstable; urgency=medium
+
+ * Remove trailing spaces from slapd.templates.
+ * Update Vietnamese debconf translation.
+ Thanks to Trần Ngọc Quân.
+ * Update Danish debconf translation.
+ Thanks to Joe Hansen. (Closes: #766848)
+ * Update Japanese debconf translation.
+ Thanks to Kenshi Muto. (Closes: #766824)
+ * Update Russian debconf translation.
+ Thanks to Yuri Kozlov. (Closes: #766825)
+ * Update Basque translation.
+ Thanks to Iñaki Larrañaga Murgoitio. (Closes: #767070)
+ * Update French debconf translation.
+ Thanks to Christian Perrier. (Closes: #767634)
+ * Update German debconf translation.
+ Thanks to Helge Kreutzmann. (Closes: #767686)
+ * Update Portuguese debconf translation.
+ Thanks to Ricardo Silva. (Closes: #768085)
+ * Update Italian debconf translation.
+ Thanks to Luca Monducci. (Closes: #768195)
+ * Update Turkish debconf translation.
+ Thanks to Atila KOÇ. (Closes: #768409)
+ * Update Czech debconf translation.
+ Thanks to Miroslav Kure. (Closes: #768591)
+ * Update Catalan debconf translation.
+ Thanks to Innocent De Marchi. (Closes: #768605)
+ * Update Dutch debconf translation.
+ Thanks to Frans Spiesschaert. (Closes: #769024)
+ * Update Brazilian Portuguese debconf translation.
+ Thanks to Adriano Rafael Gomes. (Closes: #769717)
+ * Update Galician debconf translation.
+ Thanks to Jorge Barreiro.
+ * Update Swedish debconf translation.
+ Thanks to Martin Bagge / brother. (Closes: #769867)
+ * Update Spanish debconf translation.
+ Thanks to Camaleón. (Closes: #770715)
+ * Fix doubled spaces in po files, caused by trailing spaces in the templates
+ file.
+ * Run debconf-updatepo to refresh PO files.
+
+ -- Ryan Tandy <ryan at nardis.ca> Sun, 23 Nov 2014 10:33:10 -0800
+
+openldap (2.4.40-2) unstable; urgency=medium
+
+ * Fix typo (chmod/chgrp) in previous changelog, spotted by Ferenc Wagner.
+ * debian/patches/contrib-modules-use-dpkg-buildflags: Also use CPPFLAGS from
+ dpkg-buildflags. Spotted by Lintian.
+ * debian/slapd.init.ldif: Don't bother explicitly granting rights to the
+ rootdn, since it already has unlimited privileges. Thanks Ferenc Wagner.
+ * Recommend MDB for new installations, per upstream's recommendation.
+ * Don't re-create the default DB_CONFIG if there wasn't one in the backup,
+ for example if the active backend doesn't use it. Thanks Ferenc Wagner.
+ * On upgrade, if an access rule begins with "to * by self write", show a
+ debconf note warning that it should be changed. (Closes: #761406)
+ * Build and install the lastbind contrib module. (Closes: #701111)
+ * Build and install the passwd/sha2 contrib module. (Closes: #746727)
+
+ -- Ryan Tandy <ryan at nardis.ca> Mon, 20 Oct 2014 22:19:24 -0700
+
+openldap (2.4.40-1) unstable; urgency=low
+
+ [ Ryan Tandy ]
+ * New upstream release.
+ - fixed ldap_get_dn(3) ldap_ava definition (ITS#7860) (Closes: #465024)
+ - fixed slapcat with external schema (ITS#7895) (Closes: #599235)
+ - fixed double free with invalid ciphersuite (ITS#7500) (Closes: #640384)
+ - fixed modrdn crash on naming attr with no matching rule (ITS#7850)
+ (Closes: #666515)
+ - fixed slapacl causing unclean database (ITS#7827) (Closes: #741248)
+ * slapd.scripts-common:
+ - Anchor grep patterns to avoid matching commented lines in ldif files
+ under cn=config. (Closes: #723957)
+ - Don't silently ignore nonexistent directories that should be dumped.
+ - Invoke find, chown, and chgrp with -H in case /var/lib/ldap is a
+ symlink. (Closes: #742862)
+ - When upgrading a database, ignore extra nested directories as they might
+ contain other databases. Patch from Kenny Millington. (LP: #1003854)
+ - Fix dumping and reloading when multiple databases hold the same suffix,
+ thanks Peder Stray. (Closes: #759596, LP: #1362481)
+ - Remove trailing dot from slapd/domain. (Closes: #637996)
+ * debian/rules:
+ - Enable parallel building.
+ - Copy libldap-2.4-2.shlibs into place manually, as a workaround for
+ #676168. (Closes: #742841)
+ * debian/slapd.README.Debian: Add a note about database format upgrades and
+ the consequences of missing one. (Closes: #594711)
+ * Build with GnuTLS 3 (Closes: #745231, #760559).
+ * Drop debian/patches/fix-ftbfs-binutils-gold, no longer needed.
+ * Drop debconf-utils from Build-Depends, no longer used (replaced by
+ po-debconf). Thanks Johannes Schauer.
+ * Acknowledge NMU fixing #729367, thanks to Michael Gilbert.
+ * Offer the MDB backend as a choice during initial configuration. (Closes:
+ #750022)
+ * debian/slapd.init.ldif:
+ - Disallow modifying one's own entry by default, except specific
+ attributes. (Closes: #761406)
+ - Index some more common search attributes by default. (Closes: #762111)
+ * Introduce a symbols file for libldap-2.4-2.
+ * debian/schema/pmi.schema: Add a copyright clarification. There does not
+ appear to be any copyrighted text in this file, only ASN.1 assignments and
+ LDAP schema definitions. Fixes a Lintian error on the original.
+ * debian/schema/duaconf.schema: Strip Internet-Draft text from
+ duaconf.schema.
+ * Drop debian/patches/CVE-2013-4449.patch, applied upstream.
+ * Update debian/patches/no-AM_INIT_AUTOMAKE with upstream changes.
+ * debian/schema/ppolicy.schema: Update with ordering rules added in
+ draft-behera-ldap-password-policy-11.
+ * Suggest GSSAPI SASL modules. (Closes: #762424)
+ * debian/patches/ITS6035-olcauthzregex-needs-restart.patch: Document in
+ slapd-config.5 the fact that changes to olcAuthzRegexp only take effect
+ after the server is restarted. (Closes: #761407)
+ * Add myself to Uploaders.
+
+ [ Jelmer Vernooij ]
+ * Depend on heimdal-multidev rather than heimdal-dev. (Closes: #745356,
+ #706123)
+
+ [ Updated debconf translations ]
+ * Turkish, thanks to Atila KOÇ <akoc at artielektronik.com.tr>.
+ (Closes: #661641)
+
+ -- Ryan Tandy <ryan at nardis.ca> Fri, 17 Oct 2014 08:19:28 -0700
+
+openldap (2.4.39-1.1) unstable; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * Fix CVE-2013-4449: reference counting logic issue (closes: #729367).
+
+ -- Michael Gilbert <mgilbert at debian.org> Sat, 09 Aug 2014 09:26:51 +0000
+
+openldap (2.4.39-1) unstable; urgency=low
+
+ [ Peter Marschall ]
+ * debian/patches/wrong-database-location: fix database location in
+ doc/man/man5/slapd-mdb.5
+ * debian/configure.options: add info on --enable-mdb
+
+ [ Russ Allbery ]
+ * Remove myself from Uploaders.
+
+ [ Steve Langasek ]
+ * Remove Stephen Frost from Uploaders, per discussion with him. Thanks for
+ your contributions, Stephen!
+ * Adjust dh_autoreconf usage to update all config.sub/config.guess
+ instances in the source, so that we can be forwards-compatible with new
+ ports. Thanks to Colin Watson <cjwatson at ubuntu.com> for the patch.
+ Closes: #725824.
+ * Add Timo to Uploaders.
+ * Update Vcs-* fields to point at the new git repo; thanks to Timo for
+ driving this migration!
+ * Rebuild against db5.3, with a corresponding dump/restore of the database
+ on upgrade. Closes: #738641.
+
+ [ Timo Aaltonen ]
+ * contrib-modules-use-dpkg-buildflags, autogroup-makefile,
+ smbk5pwd-makefile:
+ - Updated for current upstream.
+ * Refresh patches to apply cleanly.
+ * rules: Use dpkg-parsechangelog to determine the upstream version for
+ get-orig-source.
+ * source: Add lintian overrides for non-transatable internal
+ templates.
+
+ -- Steve Langasek <vorlon at debian.org> Mon, 17 Mar 2014 15:27:31 -0700
+
++openldap (2.4.31-1+nmu2ubuntu12) vivid; urgency=medium
++
++ * Fix cpp calls for GCC 5.
++
++ -- Matthias Klose <doko at ubuntu.com> Fri, 06 Mar 2015 13:23:29 +0100
++
++openldap (2.4.31-1+nmu2ubuntu11) utopic; urgency=medium
++
++ * debian/apparmor-profile:
++ - allow p11-kit abstraction
++ - allow read of /etc/gss/mech.d/*
++
++ -- Jamie Strandboge <jamie at ubuntu.com> Tue, 02 Sep 2014 15:29:05 -0500
++
++openldap (2.4.31-1+nmu2ubuntu10) utopic; urgency=medium
++
++ * Rebuild for Perl 5.20.0.
++
++ -- Colin Watson <cjwatson at ubuntu.com> Thu, 21 Aug 2014 13:29:20 +0100
++
++openldap (2.4.31-1+nmu2ubuntu9) utopic; urgency=medium
++
++ * Cherry-pick upstream patch for compat with recent GNUTLS.
++ * Build-depend on libgnutls28-dev.
++ * Build-depend on libgcrypt20-dev.
++
++ -- Dimitri John Ledkov <xnox at ubuntu.com> Fri, 08 Aug 2014 11:01:56 +0100
++
++openldap (2.4.31-1+nmu2ubuntu8) trusty; urgency=medium
++
++ * Bump database_format_changed value to 2.4.31-1+nmu2ubuntu5 for db5.3.
++
++ -- Adam Conrad <adconrad at ubuntu.com> Mon, 17 Mar 2014 12:50:18 -0600
++
++openldap (2.4.31-1+nmu2ubuntu7) trusty; urgency=medium
++
++ * Disable mdb backend on ppc64el due to test-suite failures.
++
++ -- Dimitri John Ledkov <xnox at ubuntu.com> Mon, 17 Mar 2014 16:32:29 +0000
++
++openldap (2.4.31-1+nmu2ubuntu6) trusty; urgency=low
++
++ * Fix segfault issue with master-master syncrepl (LP: #1287730):
++ - d/patches/its-7354-fix-delta-sync-mmr.diff: Cherry picked
++ patch from upstream VCS.
++
++ -- Pierre Fersing <pfersing at sierrawireless.com> Tue, 04 Mar 2014 16:04:57 +0100
++
++openldap (2.4.31-1+nmu2ubuntu5) trusty; urgency=low
++
++ * Build-depend on libdb5.3-dev, instead of libdb5.1-dev.
++
++ -- Dmitrijs Ledkovs <xnox at ubuntu.com> Mon, 04 Nov 2013 08:04:30 +0000
++
++openldap (2.4.31-1+nmu2ubuntu4) trusty; urgency=low
++
++ * Rebuild for Perl 5.18.
++
++ -- Colin Watson <cjwatson at ubuntu.com> Tue, 22 Oct 2013 12:16:39 +0100
++
++openldap (2.4.31-1+nmu2ubuntu3) saucy; urgency=low
++
++ * Update build/config.guess and build/config.sub at build time; this was
++ not done automatically because the top-level configure.in does not use
++ Automake.
++
++ -- Colin Watson <cjwatson at ubuntu.com> Tue, 08 Oct 2013 17:24:59 +0100
++
++openldap (2.4.31-1+nmu2ubuntu2) saucy; urgency=low
++
++ * debian/control: added lsb-release
++ * debian/patches/fix-ldap-distribution.patch: show distribution in version
++
++ -- Yolanda Robla <yolanda.robla at canonical.com> Mon, 08 Jul 2013 16:53:09 +0200
++
++openldap (2.4.31-1+nmu2ubuntu1) saucy; urgency=low
++
++ * Merge from Debian unstable. Remaining changes:
++ - Enable AppArmor support:
++ - d/apparmor-profile: add AppArmor profile
++ - d/rules: use dh_apparmor
++ - d/control: Build-Depends on dh-apparmor
++ - d/slapd.README.Debian: add note about AppArmor
++ - d/slapd.dirs: add etc/apparmor.d/force-complain
++ - Enable GSSAPI support:
++ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
++ - Add --with-gssapi support
++ - Make guess_service_principal() more robust when determining
++ principal
++ - d/configure.options: Configure with --with-gssapi
++ - d/control: Added libkrb5-dev as a build depend
++ - Enable ufw support:
++ - d/control: suggest ufw.
++ - d/rules: install ufw profile.
++ - d/slapd.ufw.profile: add ufw profile.
++ - Enable nss overlay:
++ - d/{patches/nssov-build,/rules}: Apply, build and package the
++ nss overlay.
++ - d/{rules,slapd.py}: Add apport hook.
++ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
++ either the default DIT nor via an Authn mapping.
++ - d/slapd.scripts-common:
++ - add slapcat_opts to local variables.
++ - Remove unused variable new_conf.
++ - Fix backup directory naming for multiple reconfiguration.
++ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
++ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
++ in the openldap library, as required by Likewise-Open
++ - d/{control,rules}: enable PIE hardening
++
++ -- Marc Deslauriers <marc.deslauriers at ubuntu.com> Thu, 30 May 2013 13:03:25 -0400
++
++openldap (2.4.31-1+nmu2) unstable; urgency=high
++
++ * Non-maintainer upload.
++ * No-change rebuild in a clean environment
++
++ -- Jonathan Wiltshire <jmw at debian.org> Tue, 23 Apr 2013 13:10:00 +0100
++
++openldap (2.4.31-1+nmu1) unstable; urgency=medium
++
++ * Non-maintainer upload.
++ * Avoid deadlocks in back-bdb that truncate slapcat output (closes: #673038).
++
++ -- Michael Gilbert <mgilbert at debian.org> Tue, 16 Apr 2013 03:35:31 +0000
++
++openldap (2.4.31-1ubuntu2) quantal-proposed; urgency=low
++
++ * debian/slapd.py: Add AppArmor info and logs to apport hook.
++
++ -- Marc Deslauriers <marc.deslauriers at ubuntu.com> Mon, 20 Aug 2012 08:46:02 -0400
++
++openldap (2.4.31-1ubuntu1) quantal; urgency=low
++
++ * Merge from Debian unstable. Remaining changes:
++ - Enable AppArmor support:
++ - d/apparmor-profile: add AppArmor profile
++ - d/rules: use dh_apparmor
++ - d/control: Build-Depends on dh-apparmor
++ - d/slapd.README.Debian: add note about AppArmor
++ - d/slapd.dirs: add etc/apparmor.d/force-complain
++ - Enable GSSAPI support (LP: #495418):
++ - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
++ - Add --with-gssapi support
++ - Make guess_service_principal() more robust when determining
++ principal
++ - d/configure.options: Configure with --with-gssapi
++ - d/control: Added libkrb5-dev as a build depend
++ - Enable ufw support (LP: #423246):
++ - d/control: suggest ufw.
++ - d/rules: install ufw profile.
++ - d/slapd.ufw.profile: add ufw profile.
++ - Enable nss overlay (LP: #675391):
++ - d/{patches/nssov-build,/rules}: Apply, build and package the
++ nss overlay.
++ - d/{rules,slapd.py}: Add apport hook. (LP: #610544)
++ - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
++ either the default DIT nor via an Authn mapping.
++ - d/slapd.scripts-common:
++ - add slapcat_opts to local variables.
++ - Remove unused variable new_conf.
++ - Fix backup directory naming for multiple reconfiguration.
++ - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
++ - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
++ in the openldap library, as required by Likewise-Open (LP: #390579)
++ - d/{control,rules}: enable PIE hardening
++ * Dropped changes:
++ - d/patches/its-7107-fix-Operation-init-on-reuse.diff: Included in upstream release.
++ - d/patches/CVE-2011-4079: Included in upstream release.
++ - d/patches/service-operational-before-detach: Included in upstream release.
++ - d/schema/extra/misc.ldif: Included upstream.
++ - d/{rules,schema/extra}: Fix configure and clean rules to support
++ extra schemas shipped as part of the debian/schema/ directory; no longer required.
++ - Included in Debian:
++ + Document cn=config in README file.
++ + Install a default DIT; actually a minimal configuration.
++ + d/patches/heimdal-fix.
++ * General tidy of d/patches to remove obsolete patches being held in Ubuntu delta.
++
++ -- James Page <james.page at ubuntu.com> Fri, 20 Jul 2012 13:48:32 +0100
++
+openldap (2.4.31-1) unstable; urgency=low
+
+ * New upstream release.
+ - Fixes a denial of service attack, CVE-2012-1164, when using the rwm
+ overlay. Closes: #663644.
+ - Fixes a bug with ldap_result always returning -1 when called from
+ sssd. Closes: #666230.
+ - Fix a build failure on armel due to unaligned memory access.
+ Closes: #677158.
+ * Incorporate NMU (thanks, Julien Cristau, Mattias Ellert):
+ - Disable the mdb backend on non-Linux, it looks like it doesn't work
+ with linuxthreads (closes: #654824).
+ - Backport fix for shell backend configuration. Closes: #662940.
+
+ [ Peter Marschall ]
+ * debian/slapd.scripts-common: avoid grep warnings
+ * debian/patches/heimdal-fix: fix arguments of
+ hdb_generate_key_set_password(). Closes: #664930
+
+ [ Steve Langasek ]
+ * debian/patches/contrib-modules-use-dpkg-buildflags: pass CFLAGS to
+ contrib builds. Thanks to Simon Ruderich <simon at ruderich.org>.
+ Closes: #663724.
+
+ -- Steve Langasek <vorlon at debian.org> Wed, 27 Jun 2012 03:27:34 +0000
+
++openldap (2.4.28-1.1ubuntu6) quantal; urgency=low
++
++ * Fix issue with intermittent connection issues when using LDAPv3
++ protocol (LP: #1023025):
++ - d/patches/its-7107-fix-Operation-init-on-reuse.diff: Cherry picked
++ patch from upstream VCS which ensures objects are initialized before
++ re-use.
++
++ -- Pierre Fersing <pfersing at sierrawireless.com> Thu, 19 Jul 2012 14:05:09 +0100
++
++openldap (2.4.28-1.1ubuntu5) quantal; urgency=low
++
++ * debian/rules: Add smbk5pwd build.
++ * debian/control: Add slapd-smbk5pwd binary package.
++ * debian/patches/heimdal-fix: adapt parameters of
++ hdb_generate_key_set_password() to heimdal 1.6~git20120311
++ (patch from Debian #664930).
++
++ -- Jorge Salamero Sanz <bencer at debian.org> Wed, 18 Jul 2012 09:30:28 -0400
++
++openldap (2.4.28-1.1ubuntu4) precise; urgency=low
++
++ * debian/control: Build-Depends on dh-apparmor (LP: #948481)
++
++ -- Jamie Strandboge <jamie at ubuntu.com> Thu, 05 Apr 2012 09:34:37 -0500
++
++openldap (2.4.28-1.1ubuntu3) precise; urgency=low
++
++ * Add its-7176-only-poll-sockets-for-write-as-needed.diff
++ (LP: #932823).
++
++ -- Timo Aaltonen <tjaalton at ubuntu.com> Tue, 21 Feb 2012 15:36:29 +0200
++
++openldap (2.4.28-1.1ubuntu2) precise; urgency=low
++
++ * Remove debian/patches/CVE-2011-4079; it's already in this upstream
++ version. Fixes FTBFS.
++
++ -- Daniel T Chen <crimsun at ubuntu.com> Wed, 25 Jan 2012 17:26:17 -0500
++
++openldap (2.4.28-1.1ubuntu1) precise; urgency=low
++
++ * Merge from Debian testing. Remaining changes:
++ - Install a default DIT (LP: #442498).
++ - Document cn=config in README file (LP: #370784).
++ - remaining changes:
++ + AppArmor support:
++ - debian/apparmor-profile: add AppArmor profile
++ - use dh_apparmor:
++ - debian/rules: use dh_apparmor
++ - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
++ - updated debian/slapd.README.Debian for note on AppArmor
++ - debian/slapd.dirs: add etc/apparmor.d/force-complain
++ + Enable GSSAPI support (LP: #495418):
++ - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
++ - Add --with-gssapi support
++ - Make guess_service_principal() more robust when determining
++ principal
++ - debian/patches/series: apply gssapi.diff patch.
++ - debian/configure.options: Configure with --with-gssapi
++ - debian/control: Added libkrb5-dev as a build depend
++ + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
++ in the openldap library, as required by Likewise-Open (LP: #390579)
++ + Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
++ - debian/control:
++ - remove build-dependency on heimdal-dev.
++ - remove slapd-smbk5pwd binary package.
++ - debian/rules: don't build smbk5pwd slapd module.
++ + debian/{control,rules}: enable PIE hardening
++ + ufw support (LP: #423246):
++ - debian/control: suggest ufw.
++ - debian/rules: install ufw profile.
++ - debian/slapd.ufw.profile: add ufw profile.
++ + Enable nssoverlay:
++ - debian/patches/nssov-build, debian/series, debian/rules:
++ Apply, build and package the nss overlay.
++ - debian/schema/extra/misc.ldif: add ldif file for the misc schema
++ which defines rfc822MailMember (required by the nss overlay).
++ + debian/rules, debian/schema/extra/:
++ Fix configure rule to supports extra schemas shipped as part
++ of the debian/schema/ directory.
++ + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
++ + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
++ neither the default DIT nor via an Authn mapping.
++ + debian/slapd.scripts-common: adjust minimum version that triggers a
++ database upgrade. Upgrade from maverick shouldn't trigger database
++ upgrade (which would happen with the version used in Debian).
++ + debian/slapd.scripts-common: add slapcat_opts to local variables.
++ Remove unused variable new_conf.
++ + debian/slapd.script-common: Fix package reconfiguration.
++ - Fix backup directory naming for multiple reconfiguration.
++ + debian/slapd.default, debian/slapd.README.Debian:
++ use the new configuration style.
++ + Install nss overlay (LP: #675391):
++ - debian/rules: run install target for nssov module.
++ - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema
++ + debian/patches/gssapi.diff:
++ - Update patch so that likewise-open is usuable again. (LP: #661547)
++ + debian/patches/service-operational-before-detach: New patch replacing old one
++ of the same name as previous could cause database corruption based on upstream commits.
++ (LP: #727973)
++ + debian/patches/CVE-2011-4079: fix off by one error in postalAddressNormalize()
++ (CVE-2011-4079)
++
++
++ -- Chuck Short <zulcss at ubuntu.com> Mon, 23 Jan 2012 10:01:13 -0500
++
++openldap (2.4.28-1.1) unstable; urgency=low
++
++ * Non-maintainer upload.
++ * Disable the mdb backend on non-Linux, it looks like it doesn't work with
++ linuxthreads (closes: #654824).
++
++ -- Julien Cristau <jcristau at debian.org> Mon, 16 Jan 2012 19:45:42 +0100
++
+openldap (2.4.28-1) unstable; urgency=low
+
+ * New upstream release.
+ - Fixes CVE-2011-4079. Closes: #647610.
+ - Fixes support for proxy authorization with SASL-GSSAPI.
+ Closes: #608815.
+ - Drop patch service-operational-before-detach, which came from upstream.
+ - Drop patch fix-its6898-locking-issue, included upstream.
+ - Refresh other patches as needed.
+ * debian/slapd.scripts-common: quote the argument to slappasswd, to cope
+ with shell characters in the string. Thanks to Nicolai Ehemann
+ <en at englightened.de> for the patch. Closes: #635931.
+ * Install ldif.h in libldap2-dev, now that it's been blessed upstream.
+ Closes: #644985.
+ * debian/patches/no-bdb-ABI-second-guessing: don't force an exact match on
+ the upstream version of libdb; this is redundant with our packaging
+ system, and causes spurious errors when there's a non-ABI-breaking
+ BDB upstream release. Closes: #651333.
+ * Build-conflict with the ancient autoconf2.13, which is incompatible with
+ dh-autoreconf. (Maybe dh-autoreconf itself should conflict with it?)
+ Closes: #651598.
+
+ [ Updated debconf translations ]
+ * Dutch, thanks to Jeroen Schot <schot at A-Eskwadraat.nl>. Closes: #651400.
+
+ -- Steve Langasek <vorlon at debian.org> Thu, 05 Jan 2012 06:07:11 +0000
+
++openldap (2.4.25-4ubuntu1) precise; urgency=low
++
++ * Merge from Debian testing. Remaining changes:
++ - Install a default DIT (LP: #442498).
++ - Document cn=config in README file (LP: #370784).
++ - remaining changes:
++ + AppArmor support:
++ - debian/apparmor-profile: add AppArmor profile
++ - use dh_apparmor:
++ - debian/rules: use dh_apparmor
++ - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
++ - updated debian/slapd.README.Debian for note on AppArmor
++ - debian/slapd.dirs: add etc/apparmor.d/force-complain
++ + Enable GSSAPI support (LP: #495418):
++ - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
++ - Add --with-gssapi support
++ - Make guess_service_principal() more robust when determining
++ principal
++ - debian/patches/series: apply gssapi.diff patch.
++ - debian/configure.options: Configure with --with-gssapi
++ - debian/control: Added libkrb5-dev as a build depend
++ + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
++ in the openldap library, as required by Likewise-Open (LP: #390579)
++ + Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
++ - debian/control:
++ - remove build-dependency on heimdal-dev.
++ - remove slapd-smbk5pwd binary package.
++ - debian/rules: don't build smbk5pwd slapd module.
++ + debian/{control,rules}: enable PIE hardening
++ + ufw support (LP: #423246):
++ - debian/control: suggest ufw.
++ - debian/rules: install ufw profile.
++ - debian/slapd.ufw.profile: add ufw profile.
++ + Enable nssoverlay:
++ - debian/patches/nssov-build, debian/series, debian/rules:
++ Apply, build and package the nss overlay.
++ - debian/schema/extra/misc.ldif: add ldif file for the misc schema
++ which defines rfc822MailMember (required by the nss overlay).
++ + debian/rules, debian/schema/extra/:
++ Fix configure rule to supports extra schemas shipped as part
++ of the debian/schema/ directory.
++ + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
++ + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
++ neither the default DIT nor via an Authn mapping.
++ + debian/slapd.scripts-common: adjust minimum version that triggers a
++ database upgrade. Upgrade from maverick shouldn't trigger database
++ upgrade (which would happen with the version used in Debian).
++ + debian/slapd.scripts-common: add slapcat_opts to local variables.
++ Remove unused variable new_conf.
++ + debian/slapd.script-common: Fix package reconfiguration.
++ - Fix backup directory naming for multiple reconfiguration.
++ + debian/slapd.default, debian/slapd.README.Debian:
++ use the new configuration style.
++ + Install nss overlay (LP: #675391):
++ - debian/rules: run install target for nssov module.
++ - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema
++ + debian/patches/gssapi.diff:
++ - Update patch so that likewise-open is usuable again. (LP: #661547)
++ + debian/patches/service-operational-before-detach: New patch replacing old one
++ of the same name as previous could cause database corruption based on upstream commits.
++ (LP: #727973)
++ + debian/patches/CVE-2011-4079: fix off by one error in postalAddressNormalize()
++ (CVE-2011-4079)
++
++ -- Chuck Short <zulcss at ubuntu.com> Tue, 22 Nov 2011 06:17:49 +0000
++
+openldap (2.4.25-4) unstable; urgency=low
+
+ * Drop explicit depends on libdb4.8, since we're now linking against
+ libdb5.1. Thanks to Peter Marschall for catching. Closes: #621403
+ again.
+ * Rebuild against cyrus-sasl2 2.1.25. Closes: #628237.
+ * Use dh_autoreconf instead of a locally-patched autogen.sh.
+ * debian/patches/no-AM_INIT_AUTOMAKE: don't use AM_INIT_AUTOMAKE macro
+ when we aren't using automake.
+ * Convert debian/rules to dh(1).
+ * use DEB_CFLAGS_MAINT_APPEND with appropriate versioned dependency on
+ debhelper and dpkg-dev, so we can pick up dpkg-buildflags for our
+ policy-mandated flags - as well as our security-enhancing ones!
+ Closes: #644427.
+ * Also set hardening=+pie,+bindnow buildflags options for maximum
+ security, since this is a security-sensitive daemon dealing with
+ untrusted input. Ubuntu has been building with these flags for a
+ while via hardening-wrappers, so the change is presumed safe.
+ * Drop debian/check_config. The upstream configure script now enforces
+ --with-cyrus-sasl, so there's no need for a second check.
+ * debian/po/es.po: tweak an ambiguous string in the Spanish debconf
+ translation, noticed in response to a submitted Catalan translation
+ * debian/patches/switch-to-lt_dlopenadvise-to-get-RTLD_GLOBAL-set.diff:
+ Switch to lt_dlopenadvise() so back_perl can be opened with RTLD_GLOBAL.
+ Thanks to Jan-Marek Glogowski <jan-marek.glogowski at muenchen.de> for the
+ patch. Closes: #327585.
+
+ [ Updated debconf translations ]
+ * Catalan, thanks to Innocent De Marchi <tangram.peces at gmail.com>.
+ Closes: #644274.
+
+ -- Steve Langasek <vorlon at debian.org> Tue, 18 Oct 2011 01:08:34 +0000
+
++openldap (2.4.25-3ubuntu3) precise; urgency=low
++
++ * Rebuild for Perl 5.14.
++
++ -- Colin Watson <cjwatson at ubuntu.com> Tue, 15 Nov 2011 20:50:09 +0000
++
++openldap (2.4.25-3ubuntu2) precise; urgency=low
++
++ * SECURITY UPDATE: potential denial of service (LP: #884163)
++ - debian/patches/CVE-2011-4079: fix off by one error in
++ postalAddressNormalize()
++ - CVE-2011-4079
++
++ -- Jamie Strandboge <jamie at ubuntu.com> Mon, 14 Nov 2011 13:59:56 -0600
++
++openldap (2.4.25-3ubuntu1) precise; urgency=low
++
++ * Merge from debian unstable. Remaining changes:
++ - Install a default DIT (LP: #442498).
++ - Document cn=config in README file (LP: #370784).
++ - remaining changes:
++ + AppArmor support:
++ - debian/apparmor-profile: add AppArmor profile
++ - use dh_apparmor:
++ - debian/rules: use dh_apparmor
++ - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
++ - updated debian/slapd.README.Debian for note on AppArmor
++ - debian/slapd.dirs: add etc/apparmor.d/force-complain
++ + Enable GSSAPI support (LP: #495418):
++ - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
++ - Add --with-gssapi support
++ - Make guess_service_principal() more robust when determining
++ principal
++ - debian/patches/series: apply gssapi.diff patch.
++ - debian/configure.options: Configure with --with-gssapi
++ - debian/control: Added libkrb5-dev as a build depend
++ + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
++ in the openldap library, as required by Likewise-Open (LP: #390579)
++ + Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
++ - debian/control:
++ - remove build-dependency on heimdal-dev.
++ - remove slapd-smbk5pwd binary package.
++ - debian/rules: don't build smbk5pwd slapd module.
++ + debian/{control,rules}: enable PIE hardening
++ + ufw support (LP: #423246):
++ - debian/control: suggest ufw.
++ - debian/rules: install ufw profile.
++ - debian/slapd.ufw.profile: add ufw profile.
++ + Enable nssoverlay:
++ - debian/patches/nssov-build, debian/series, debian/rules:
++ Apply, build and package the nss overlay.
++ - debian/schema/extra/misc.ldif: add ldif file for the misc schema
++ which defines rfc822MailMember (required by the nss overlay).
++ + debian/rules, debian/schema/extra/:
++ Fix configure rule to supports extra schemas shipped as part
++ of the debian/schema/ directory.
++ + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
++ + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
++ neither the default DIT nor via an Authn mapping.
++ + debian/slapd.scripts-common: adjust minimum version that triggers a
++ database upgrade. Upgrade from maverick shouldn't trigger database
++ upgrade (which would happen with the version used in Debian).
++ + debian/slapd.scripts-common: add slapcat_opts to local variables.
++ Remove unused variable new_conf.
++ + debian/slapd.script-common: Fix package reconfiguration.
++ - Fix backup directory naming for multiple reconfiguration.
++ + debian/slapd.default, debian/slapd.README.Debian:
++ use the new configuration style.
++ + Install nss overlay (LP: #675391):
++ - debian/rules: run install target for nssov module.
++ - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema
++ + debian/patches/gssapi.diff:
++ - Update patch so that likewise-open is usuable again. (LP: #661547)
++ + debian/patches/service-operational-before-detach: New patch replacing old one
++ of the same name as previous could cause database corruption based on upstream commits.
++ (LP: #727973)
++
++ -- Chuck Short <zulcss at ubuntu.com> Wed, 19 Oct 2011 20:53:08 +0000
++
+openldap (2.4.25-3) unstable; urgency=low
+
+ * Brown paper bag: really fix the .links.in handling, so we don't generate
+ broken /usr/lib/${DEB_HOST_MULTIARCH} dirs.
+
+ -- Steve Langasek <vorlon at debian.org> Mon, 15 Aug 2011 09:50:37 +0000
+
+openldap (2.4.25-2) unstable; urgency=low
+
+ [ Matthijs Möhlmann ]
+ * Change to bdb 5.1 (Closes: #621403)
+ * Add note to ldap-utils package how to unfold lines. (Closes: #530519)
+ (Thanks to Peter Marschall and Javier Barroso)
+
+ [ Steve Langasek ]
+ * Acknowledge NMU for bug #596343; thanks to Thijs Kinkhorst for the fix!
+ * Bump to compat level 7, so we don't have to spell out debian/tmp in
+ every single .install file
+ * Build for multiarch.
+
+ -- Steve Langasek <vorlon at debian.org> Sun, 14 Aug 2011 23:17:09 -0700
+
++openldap (2.4.25-1.1ubuntu4) oneiric; urgency=low
++
++ * Brown paper bag: really fix the .links.in handling, so we don't generate
++ broken /usr/lib/${DEB_HOST_MULTIARCH} dirs.
++
++ -- Steve Langasek <steve.langasek at ubuntu.com> Mon, 15 Aug 2011 09:43:29 +0000
++
++openldap (2.4.25-1.1ubuntu3) oneiric; urgency=low
++
++ * Cherry-pick multiarch support from Debian (LP: #826601):
++ - Bump to compat level 7, so we don't have to spell out debian/tmp in
++ every single .install file
++ - Build for multiarch.
++
++ -- Steve Langasek <steve.langasek at ubuntu.com> Mon, 15 Aug 2011 02:23:43 -0700
++
++openldap (2.4.25-1.1ubuntu2) oneiric; urgency=low
++
++ * debian/apparmor-profile: Allow /var/run and /run. (LP: #810270)
++
++ -- Martin Pitt <martin.pitt at ubuntu.com> Thu, 14 Jul 2011 15:18:02 +0200
++
++openldap (2.4.25-1.1ubuntu1) oneiric; urgency=low
++
++ * Merge from debian unstable. Remaining changes:
++ - Install a default DIT (LP: #442498).
++ - Document cn=config in README file (LP: #370784).
++ - remaining changes:
++ + AppArmor support:
++ - debian/apparmor-profile: add AppArmor profile
++ - use dh_apparmor:
++ - debian/rules: use dh_apparmor
++ - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
++ - updated debian/slapd.README.Debian for note on AppArmor
++ - debian/slapd.dirs: add etc/apparmor.d/force-complain
++ + Enable GSSAPI support (LP: #495418):
++ - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
++ - Add --with-gssapi support
++ - Make guess_service_principal() more robust when determining
++ principal
++ - debian/patches/series: apply gssapi.diff patch.
++ - debian/configure.options: Configure with --with-gssapi
++ - debian/control: Added libkrb5-dev as a build depend
++ + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
++ in the openldap library, as required by Likewise-Open (LP: #390579)
++ + Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
++ - debian/control:
++ - remove build-dependency on heimdal-dev.
++ - remove slapd-smbk5pwd binary package.
++ - debian/rules: don't build smbk5pwd slapd module.
++ + debian/{control,rules}: enable PIE hardening
++ + ufw support (LP: #423246):
++ - debian/control: suggest ufw.
++ - debian/rules: install ufw profile.
++ - debian/slapd.ufw.profile: add ufw profile.
++ + Enable nssoverlay:
++ - debian/patches/nssov-build, debian/series, debian/rules:
++ Apply, build and package the nss overlay.
++ - debian/schema/extra/misc.ldif: add ldif file for the misc schema
++ which defines rfc822MailMember (required by the nss overlay).
++ + debian/rules, debian/schema/extra/:
++ Fix configure rule to supports extra schemas shipped as part
++ of the debian/schema/ directory.
++ + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
++ + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
++ neither the default DIT nor via an Authn mapping.
++ + debian/slapd.scripts-common: adjust minimum version that triggers a
++ database upgrade. Upgrade from maverick shouldn't trigger database
++ upgrade (which would happen with the version used in Debian).
++ + debian/slapd.scripts-common: add slapcat_opts to local variables.
++ Remove unused variable new_conf.
++ + debian/slapd.script-common: Fix package reconfiguration.
++ - Fix backup directory naming for multiple reconfiguration.
++ + debian/slapd.default, debian/slapd.README.Debian:
++ use the new configuration style.
++ + Install nss overlay (LP: #675391):
++ - debian/rules: run install target for nssov module.
++ - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema
++ + debian/patches/gssapi.diff:
++ - Update patch so that likewise-open is usuable again. (LP: #661547)
++ + debian/patches/service-operational-before-detach: New patch replacing old one
++ of the same name as previous could cause database corruption based on upstream commits.
++ (LP: #727973)
++
++ -- Chuck Short <zulcss at ubuntu.com> Sun, 05 Jun 2011 17:38:40 +0100
++
+openldap (2.4.25-1.1) unstable; urgency=low
+
+ * Non-maintainer upload to fix RC bug.
+ * Fix "dpkg-reconfigure slapd". Closes: #596343
+
+ -- Thijs Kinkhorst <thijs at debian.org> Tue, 31 May 2011 11:57:29 +0200
+
++openldap (2.4.25-1ubuntu1) oneiric; urgency=low
++
++ * Merge from debian unstable. Remaining changes:
++ - Install a default DIT (LP: #442498).
++ - Document cn=config in README file (LP: #370784).
++ - remaining changes:
++ + AppArmor support:
++ - debian/apparmor-profile: add AppArmor profile
++ - use dh_apparmor:
++ - debian/rules: use dh_apparmor
++ - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
++ - updated debian/slapd.README.Debian for note on AppArmor
++ - debian/slapd.dirs: add etc/apparmor.d/force-complain
++ + Enable GSSAPI support (LP: #495418):
++ - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
++ - Add --with-gssapi support
++ - Make guess_service_principal() more robust when determining
++ principal
++ - debian/patches/series: apply gssapi.diff patch.
++ - debian/configure.options: Configure with --with-gssapi
++ - debian/control: Added libkrb5-dev as a build depend
++ + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
++ in the openldap library, as required by Likewise-Open (LP: #390579)
++ + Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
++ - debian/control:
++ - remove build-dependency on heimdal-dev.
++ - remove slapd-smbk5pwd binary package.
++ - debian/rules: don't build smbk5pwd slapd module.
++ + debian/{control,rules}: enable PIE hardening
++ + ufw support (LP: #423246):
++ - debian/control: suggest ufw.
++ - debian/rules: install ufw profile.
++ - debian/slapd.ufw.profile: add ufw profile.
++ + Enable nssoverlay:
++ - debian/patches/nssov-build, debian/series, debian/rules:
++ Apply, build and package the nss overlay.
++ - debian/schema/extra/misc.ldif: add ldif file for the misc schema
++ which defines rfc822MailMember (required by the nss overlay).
++ + debian/rules, debian/schema/extra/:
++ Fix configure rule to supports extra schemas shipped as part
++ of the debian/schema/ directory.
++ + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
++ + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
++ neither the default DIT nor via an Authn mapping.
++ + debian/slapd.scripts-common: adjust minimum version that triggers a
++ database upgrade. Upgrade from maverick shouldn't trigger database
++ upgrade (which would happen with the version used in Debian).
++ + debian/slapd.scripts-common: add slapcat_opts to local variables.
++ Remove unused variable new_conf.
++ + debian/slapd.script-common: Fix package reconfiguration.
++ - Fix backup directory naming for multiple reconfiguration.
++ + debian/slapd.default, debian/slapd.README.Debian:
++ use the new configuration style.
++ + Install nss overlay (LP: #675391):
++ - debian/rules: run install target for nssov module.
++ - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema
++ + debian/patches/gssapi.diff:
++ - Update patch so that likewise-open is usuable again. (LP: #661547)
++ + debian/patches/service-operational-before-detach: New patch replacing old one
++ of the same name as previous could cause database corruption based on upstream commits.
++ (LP: #727973)
++ + Dropped:
++ - debian/patches/gold: Use the debian version instead
++ - debian/patches/CVE-2011-1024: Fixed upstream
++ - debian/patches/CVE-2011-1025: Fixed upstream
++ - debian/patches/CVE-2011-1081: Fixed upstream
++
++ -- Chuck Short <zulcss at ubuntu.com> Sun, 08 May 2011 16:34:09 +0100
++
+openldap (2.4.25-1) unstable; urgency=low
+
+ * New upstream version (Closes: #617606, #618904, #606815, #608813)
+ - Fixes CVE-2011-1024, CVE-2011-1025, CVE-2011-1081
+ - slapd server process frequently hangs during everyday usage is fixed in
+ newer versions of openldap according to the bug submitter
+ * Refresh all patches
+ * Remove manpage-tlscyphersuite-additions, applied upstream
+ * Remove issue-6534-patch, applied upstream
+ * Add Slovak translation, thanks Slavko <linux at slavino.sk> (Closes: #608699)
+ * Add debian specific patch for ldap.conf. Add TLS_CACERT option and set it
+ by default to /etc/ssl/certs/ca-certificates.crt (Closes: #555409, #616703)
+ * Add patch to fix a FTBFS with binutils-gold (Closes: #555867)
+ * Add slapschema, just hardlink it (Closes: #601569)
+ * Update patch service-operational-before-detach (Closes: #616164, #598361)
+ * Add ldif_* symbols to libldap-2.4-2
+ * Add upstream patch for a locking issue in libldap_r
+ * Fix build failure, use @SHELL@ instead of hardcoded /bin/sh (build/top.mk)
+ (Closes: #621925)
+
+ -- Matthijs Möhlmann <matthijs at cacholong.nl> Mon, 11 Apr 2011 22:10:14 +0200
+
+openldap (2.4.23-7) unstable; urgency=low
+
+ * Updated vietnamese translation, thanks Clytie Siddall
+ (Closes: #601537, #598575)
+ * Updated portuguese translation, thanks Traduz (Closes: #599760)
+ * Updated danish translation, thanks Joe Dalton (Closes: #599835)
+
+ -- Matthijs Mohlmann <matthijs at cacholong.nl> Sat, 06 Nov 2010 12:13:01 +0100
+
++openldap (2.4.23-6ubuntu7) oneiric; urgency=low
++
++ * Rebuild for Perl 5.12.
++
++ -- Colin Watson <cjwatson at ubuntu.com> Sun, 08 May 2011 13:40:28 +0100
++
++openldap (2.4.23-6ubuntu6) natty; urgency=low
++
++ * SECURITY UPDATE: fix successful anonymous bind via chain overlay when
++ using forwarded authentication failures
++ - debian/patches/CVE-2011-1024
++ - CVE-2011-1024
++ * SECURITY UPDATE: verify password when authenticating to rootdn and using ndb
++ backend. Note: Ubuntu is not compiled with --enable-ndb by default
++ - debian/patches/CVE-2011-1025
++ - CVE-2011-1025
++ * SECURITY UPDATE: fix DoS when processing unauthenticated modrdn requests
++ and requestDN is empty
++ - debian/patches/CVE-2011-1081
++ - CVE-2011-1081
++ - LP: #742104
++
++ -- Jamie Strandboge <jamie at ubuntu.com> Thu, 07 Apr 2011 11:36:53 -0500
++
++openldap (2.4.23-6ubuntu5) natty; urgency=low
++
++ * debian/patches/service-operational-before-detach: New patch replacing
++ old one of same name as previous could cause database corruption,
++ based on upstream commits. (LP: #727973)
++
++ -- Dave Walker (Daviey) <DaveWalker at ubuntu.com> Wed, 02 Mar 2011 20:33:08 +0000
++
++openldap (2.4.23-6ubuntu4) natty; urgency=low
++
++ * Fix FTBFS with ld.gold.
++
++ -- Matthias Klose <doko at ubuntu.com> Wed, 19 Jan 2011 07:39:49 +0100
++
++openldap (2.4.23-6ubuntu3) natty; urgency=low
++
++ * debian/patches/gssapi.diff:
++ Update patch so that likewise-open is usable again (LP: #661547)
++
++ -- Thierry Carrez (ttx) <thierry.carrez at ubuntu.com> Fri, 26 Nov 2010 15:50:11 +0100
++
++openldap (2.4.23-6ubuntu2) natty; urgency=low
++
++ * Install nss overlay (LP: #675391):
++ - debian/rules: run install target for nssov module.
++ - debian/patches/nssov-build: fix patch to install schema in
++ /etc/ldap/schema.
++
++ -- Mathias Gug <mathiaz at ubuntu.com> Wed, 17 Nov 2010 18:16:42 -0500
++
++openldap (2.4.23-6ubuntu1) natty; urgency=low
++
++ * Merge from Debian unstable:
++ - Install a default DIT (LP: #442498).
++ - Document cn=config in README file (LP: #370784).
++ - remaining changes:
++ + AppArmor support:
++ - debian/apparmor-profile: add AppArmor profile
++ - use dh_apparmor:
++ - debian/rules: use dh_apparmor
++ - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
++ - updated debian/slapd.README.Debian for note on AppArmor
++ - debian/slapd.dirs: add etc/apparmor.d/force-complain
++ + Enable GSSAPI support (LP: #495418):
++ - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
++ - Add --with-gssapi support
++ - Make guess_service_principal() more robust when determining
++ principal
++ - debian/patches/series: apply gssapi.diff patch.
++ - debian/configure.options: Configure with --with-gssapi
++ - debian/control: Added libkrb5-dev as a build depend
++ + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
++ in the openldap library, as required by Likewise-Open (LP: #390579)
++ + Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
++ - debian/control:
++ - remove build-dependency on heimdal-dev.
++ - remove slapd-smbk5pwd binary package.
++ - debian/rules: don't build smbk5pwd slapd module.
++ + debian/{control,rules}: enable PIE hardening
++ + ufw support (LP: #423246):
++ - debian/control: suggest ufw.
++ - debian/rules: install ufw profile.
++ - debian/slapd.ufw.profile: add ufw profile.
++ + Enable nssoverlay:
++ - debian/patches/nssov-build, debian/series, debian/rules:
++ Apply, build and package the nss overlay.
++ - debian/schema/extra/misc.ldif: add ldif file for the misc schema
++ which defines rfc822MailMember (required by the nss overlay).
++ + debian/rules, debian/schema/extra/:
++ Fix configure rule to supports extra schemas shipped as part
++ of the debian/schema/ directory.
++ + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
++ + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
++ neither the default DIT nor via an Authn mapping.
++ + debian/slapd.scripts-common: adjust minimum version that triggers a
++ database upgrade. Upgrade from maverick shouldn't trigger database
++ upgrade (which would happen with the version used in Debian).
++ + debian/slapd.scripts-common: add slapcat_opts to local variables.
++ Remove unused variable new_conf.
++ + debian/slapd.script-common: Fix package reconfiguration.
++ - Fix backup directory naming for multiple reconfiguration.
++ + debian/slapd.default, debian/slapd.README.Debian:
++ use the new configuration style.
++
++ -- Mathias Gug <mathiaz at ubuntu.com> Fri, 12 Nov 2010 15:19:07 -0500
++
+openldap (2.4.23-6) unstable; urgency=high
+
+ * Check for an empty directory to prevent an rm -f /*. (Closes: #597704)
+
+ -- Matthijs Mohlmann <matthijs at cacholong.nl> Thu, 23 Sep 2010 10:17:50 +0200
+
+openldap (2.4.23-5) unstable; urgency=high
+
+ [ Steve Langasek ]
+ * High-urgency upload for RC bugfix.
+ * debian/slapd.scripts-common: fix gratuitous (and wrong) use of grep in
+ get_suffix(), which causes us to incorrectly parse any slapd.conf that
+ uses tabs instead of spaces. Closes: #595672.
+ * debian/slapd.init, debian/slapd.scripts-common: when $SLAPD_CONF is not
+ set in /etc/default/slapd, we should always set a default value, giving
+ precedence to slapd.d and falling back to slapd.conf. Users who don't
+ want to use an existing slapd.d should point at slapd.conf explicitly.
+ Closes: #594714, #596343.
+ * debian/slapd.init: 'invoke-rc.d slapd stop' should not fail due to the
+ absence of a slapd configuration; we should still exit 0 so that the
+ package can be removed gracefully. Closes: #596100.
+ * drop build-conflicts with libssl-dev; we explicitly pass
+ --with-tls=gnutls to configure, so there's no risk of a misbuild here.
+ * debian/slapd.default: now that we have a sensible default behavior in
+ both slapd.init and the maintainer scripts, leave SLAPD_CONF empty to
+ save pain later.
+ * debian/slapd.scripts-common: ... and do the same in
+ migrate_to_slapd_d_style, we just need to comment out the user's
+ previous entry instead of blowing it away.
+ * debian/slapd.scripts-common: call get_suffix in a way that lets us
+ separate responses by newlines, to properly handle the case when a
+ DN has embedded spaces. Introduces a few more stupid fd tricks to work
+ around possible problems with debconf. Closes: #595466.
+ * debian/slapd.scripts-common: when parsing the names of includes, handle
+ double-quotes and escape characters as described in slapd.conf(5).
+ Closes: #595784.
+ * debian/slapd.scripts-common, debian/slapd.postinst: on upgrade from
+ versions <= 2.4.23-4, explicitly grant access to cn=Subschema, which
+ otherwise is blocked by our added olcAccess settings. Closes: #596326.
+ * debian/slapd.init.ldif: set the acl in the default LDIF for new installs,
+ too.
+ * Likewise, grant access to dn.exact="" so that base dn autodiscovery
+ works as intended. Closes: #596049.
+ * debian/slapd.init.ldif: synchronize our behavior on new installs with
+ that on upgrades, avoiding the non-standard cn=localroot,cn=config.
+ * debian/slapd.scripts-common: don't run the migration code if slapd.d
+ already exists. Closes: #593965.
+
+ [ Matthijs Mohlmann ]
+ * Remove upgrade_supported_from_backend, implemented patch from
+ Peter Marschall <peter at adpm.de> to automatically detect if an upgrade is
+ supported. (Closes: #594712)
+
+ [ Peter Marschall ]
+ * debian/slapd.init: correctly set the slapd.conf argument even when
+ SLAPD_PIDFILE is non-empty in /etc/default/slapd. Closes: #593880.
+ * debian/slapd.scripts-common: pass -g to slapadd/slapcat, so that
+ subordinate databases aren't incorrectly included in the dump/restore of
+ the parent database. Closes: #594821.
+
+ -- Steve Langasek <vorlon at debian.org> Mon, 13 Sep 2010 06:59:11 +0000
+
+openldap (2.4.23-4) unstable; urgency=low
+
+ [ Steve Langasek ]
+ * Bump the database upgrade version check to 2.4.23-4; should have been
+ set to 2.4.23-1 when we switched to db4.8, but was missed so we need to
+ clean up. Closes: #593550.
+
+ [ Matthijs Mohlmann ]
+ * Fix root access to cn=config on upgrades from configuration style slapd.conf
+ Thanks to Mathias Gug (Closes: #593566, #593878)
+
+ -- Matthijs Mohlmann <matthijs at cacholong.nl> Thu, 26 Aug 2010 20:30:51 +0200
+
+openldap (2.4.23-3) unstable; urgency=low
+
+ * Configure the newly installed openldap package using slapd.d instead of
+ slapd.conf, merged from ubuntu. (Closes: #562723, #494155, #333428)
+ * Update the debconf templates by running debconf-updatepo.
+ * We do not support upgrades from older releases then lenny, so removed some
+ upgrade functions from slapd.scripts-common.
+ * Updated japanese translation, thanks Kenshi Muto (Closes: #589508)
+ * Updated czech translation, thanks Miroslav Kure (Closes: #589569)
+ * Update slapd.README.Debian and slapd.NEWS and note the new configuration
+ style.
+ * Fixes CVE-2010-0211 and CVE-2010-0212 (Closes: #589852)
+ * Update italian translation, thanks Luca Monducci (Closes: #590154)
+ * Update spanish translation, thanks Francisco Javier Cuadrado
+ (Closes: #590829)
+ * Update basque translation, thanks Iñaki Larrañaga Murgoitio
+ * Bump Standards-Version to 3.9.1
+ * Added debian specific patch to wait until slapd is operational before
+ detaching to the terminal (Closes: #589915)
+ * Add a lintian overrides for libldap.
+ * Empty dependency_libs line in .la files. (Closes: #591550)
+ * Update galician translation, thanks Jorge Barreiro (Closes: #592815)
+
+ -- Matthijs Mohlmann <matthijs at cacholong.nl> Tue, 17 Aug 2010 22:00:16 +0200
+
+openldap (2.4.23-2) unstable; urgency=medium
+
+ * Depend on libdb4.8 >= 4.8.30 (Closes: #588969)
+ * Urgency previous as previous version fixes a RC bug.
+
+ -- Matthijs Mohlmann <matthijs at cacholong.nl> Wed, 14 Jul 2010 10:17:27 +0200
+
+openldap (2.4.23-1) unstable; urgency=low
+
+ * New upstream version
+ * Change to build dependency libdb4.8-dev instead of libdb4.7-dev
+ * Updated french translation thanks Christian Perrier (Closes: #579192)
+ * Updated swedish translation thanks Martin Bagge (Closes: #580145)
+ * Updated german translation thanks Helge Kreutzmann (Closes: #579582)
+ * Updated russian translation thanks Yuri Kozlov (Closes: #585688)
+ * Fix bashisms in debian/rules (Closes: #581454)
+ * Add documentation patch (Closes: #513270)
+ * Refreshed all quilt patches.
+ * Bump Standards-Version to 3.9.0
+
+ -- Matthijs Mohlmann <matthijs at cacholong.nl> Mon, 12 Jul 2010 13:25:00 +0200
+
++openldap (2.4.23-0ubuntu4) natty; urgency=low
++
++ * debian/slapd.templates: amended typo in slapd/move_old_database
++ (LP: #666028)
++
++ -- James Page <james.page at canonical.com> Mon, 08 Nov 2010 10:00:58 +0000
++
++openldap (2.4.23-0ubuntu3.2) maverick-proposed; urgency=low
++
++ * debian/slapd.templates: re-add slapd/move_old_database template as it's
++ used during the package upgrade. Thanks to James Page for pointing it.
++ * debian/slapd.config: restore debconf question slapd/move_old_database.
++
++ -- Mathias Gug <mathiaz at ubuntu.com> Thu, 14 Oct 2010 16:56:38 -0400
++
++openldap (2.4.23-0ubuntu3.1) maverick-proposed; urgency=low
++
++ [ James Page ]
++ * Fixed install/upgrade process to dump/restore databases due
++ to uplift to libdb4.8-dev (LP: #658227)
++
++ -- Mathias Gug <mathiaz at ubuntu.com> Thu, 14 Oct 2010 14:50:49 -0400
++
++openldap (2.4.23-0ubuntu3) maverick; urgency=low
++
++ * debian/rules: move dh_apparmor before dh_installinit
++
++ -- Jamie Strandboge <jamie at ubuntu.com> Fri, 06 Aug 2010 17:34:21 -0500
++
++openldap (2.4.23-0ubuntu2) maverick; urgency=low
++
++ * convert to using dh_apparmor:
++ - debian/rules, debian/slapd.post{inst,rm}: use dh_apparmor
++ - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
++ * debian/apparmor-profile: use local include
++
++ -- Jamie Strandboge <jamie at ubuntu.com> Fri, 06 Aug 2010 15:08:55 -0500
++
++openldap (2.4.23-0ubuntu1) maverick; urgency=low
++
++ * New release, features include:
++ + Fixed libldap to return server's error code (ITS#6569)
++ + Fixed libldap memleaks (ITS#6568)
++ + Fixed liblutil off-by-one with delta (ITS#6541)
++ + Fixed slapd acls with glued databases (ITS#6468)
++ + Fixed slapd syncrepl rid logging (ITS#6533)
++ + Fixed slapd modrdn handling of invalid values (ITS#6570)
++ + Fixed slapd-bdb hasSubordinates computation (ITS#6549)
++ + Fixed slapd-bdb to use memcpy instead for strcpy (ITS#6474)
++ + Fixed slapd-bdb entry cache delete failure (ITS#6577)
++ + Fixed slapd-ldap to return control responses (ITS#6530)
++ + Fixed slapo-ppolicy to use Debug (ITS#6566)
++ + Fixed slapo-refint to zero out freed DN vals (ITS#6572)
++ + Fixed slapo-rwm to use Debug (ITS#6566)
++ + Fixed slapo-sssvlv to use Debug (ITS#6566)
++ + Fixed slapo-syncprov lost deletes in refresh phase (ITS#6555)
++ + Fixed slapo-valsort to use Debug (ITS#6566)
++ + Fixed contrib/nssov network.c missing patch (ITS#6562)
++ + Fixed test043 attribute sorting (ITS#6553)
++ + slapd-config(5) note default rootdn (ITS#6546)
++ * Rebased patches debian/patches/dropped nssov-build
++ * Resynchronize with Debian:
++ + debian/control:
++ - Bump standards-version to 3.9.0
++ - Use libdb4.8-dev (LP: #572489)
++ + Added debian/patches/issue-6534-patch
++ + Added debian/patches/ldap-conf-tls-cacertdir
++ * Add ufw support, thanks to PatRiehecky (LP: #423246)
++
++ [Adam Sommer]
++ * debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
++
++ -- Chuck Short <zulcss at ubuntu.com> Wed, 28 Jul 2010 11:35:16 -0400
++
+openldap (2.4.21-1) unstable; urgency=low
+
+ [ Steve Langasek ]
+ * New upstream version
+ (Closes: #561144, #465024, #502769, #528695, #564686, #504728)
+ * Add upstream manpage for ldapexop; thanks to Peter Marschall
+ <peter at adpm.de>. Closes: #549291.
+
+ [ Matthijs Mohlmann ]
+ * Ack NMU (Closes: #553432)
+ * Update Standards-Version to 3.8.4
+ * Fix NEWS entry to have the correct version number
+ * Improve the wording for the slapd/invalid_config question (Closes: #452834)
+ * Make lintian a bit more happy (Closes: #518660)
+ * Fix bashism (Closes: #518657)
+ * Refresh all patches
+ * Add patch from upstream (Closes: #549642)
+ * Reworked the configure.options a bit to include some more options
+ * Enable dynamic acls
+ * Use slappasswd to create a secure password (Closes: #490930)
+ * Set a rootdn and rootpw if no password is given by debconf (Closes: #231950)
+ * Better document the TLSCipherSuite in slapd.conf manpage (Closes: #563113)
+ * Better document the TLS_CIPHER_SUITE in ldap.conf manpage (Closes: #510346)
+ * Add smbk5pwd slapd module, used patch from Mark Hymers (Closes: #443073)
+ * Add autogroup slapd module, used patch from Mathieu Parent (Closes: #575900)
+ * Add lsb logging, used patch from David Härdeman (Closes: #385898)
+ * Use dh_lintian to install the lintian-overrides
+ * Added critical error report when slapcat fails (Closes: #226090)
+
+ -- Matthijs Mohlmann <matthijs at cacholong.nl> Thu, 22 Apr 2010 23:40:30 +0200
+
++openldap (2.4.21-0ubuntu5) lucid; urgency=low
++
++ * Fix local root connection access: replace olcAuthzRegexp mapping to
++ cn=localroot,cn=config with using the SASL dn directly in olcAccess.
++ Makes upgrades much simpler and robust (LP: #563829).
++
++ -- Mathias Gug <mathiaz at ubuntu.com> Fri, 23 Apr 2010 00:23:31 -0400
++
++openldap (2.4.21-0ubuntu4) lucid; urgency=low
++
++ [ Simon Olofsson ]
++ * debian/slapd.postinst:
++ - Show a message after successful migration (LP: #538848)
++
++ [ Jorgen Rosink ]
++ * debian/slapd.init: add simple status checking with LSB compatible exit
++ codes (LP: #562377)
++ * debian/slapd.init.ldif:
++ - remove admin user in default config database (LP: #556176)
++ - in default config, add olcAccess entries giving access to controls
++ available and cn=subschema (LP: #427842)
++
++ [ Scott Moser ]
++ * debian/slapd.scripts-common: Do not create /nonexistent directory
++ for openldap user's home (LP: #556176)
++ * debian/slapd.postinst: fix cn=config olcAccess migration (LP: #559070)
++
++ -- Scott Moser <smoser at ubuntu.com> Mon, 12 Apr 2010 16:16:47 -0400
++
++openldap (2.4.21-0ubuntu3) lucid; urgency=low
++
++ * debian/slapd.postinst, debian/slapd.scripts-common: Upgrade databases
++ before trying to convert to slapd.d, to avoid upgrade failure from hardy
++ (LP: #536958)
++ * debian/slapd.postinst: Add a {1} numeric index to olcAccess entry in
++ olcDatabase={0}config.ldif to avoid upgrade failures (LP: #538516, #526230)
++
++ -- Thierry Carrez <thierry.carrez at ubuntu.com> Mon, 29 Mar 2010 13:31:47 +0200
++
++openldap (2.4.21-0ubuntu2) lucid; urgency=low
++
++ * debian/apparmor-profile: Update apparmor profile. (LP: #508190)
++
++ -- Chuck Short <zulcss at ubuntu.com> Tue, 09 Mar 2010 13:33:35 -0500
++
++openldap (2.4.21-0ubuntu1) lucid; urgency=low
++
++ * New upstream release.
++ * debian/rules, debian/schema/extra/:
++ Fix get-orig-source rule to supports extra schemas shipped as part of the
++ debian/schema/ directory.
++
++ -- Mathias Gug <mathiaz at ubuntu.com> Thu, 18 Feb 2010 00:58:13 -0500
++
++openldap (2.4.18-0ubuntu2) lucid; urgency=low
++
++ * debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
++ - Add --with-gssapi support
++ - Make guess_service_principal() more robust when determining principal
++ * Enable GSSAPI support (LP: #495418):
++ - debian/configure.options: Configure with --with-gssapi
++ - debian/control: Added libkrb5-dev as a build depend
++
++ -- Thierry Carrez <thierry.carrez at ubuntu.com> Fri, 11 Dec 2009 11:31:11 +0100
++
++openldap (2.4.18-0ubuntu1) karmic; urgency=low
++
++ * New upstream release: (LP: #419515):
++ + pcache overlay supports disconnected mode.
++ * Fix nss overlay load (LP: #417163).
++
++ -- Mathias Gug <mathiaz at ubuntu.com> Mon, 07 Sep 2009 13:41:10 -0400
++
+openldap (2.4.17-2.1) unstable; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * Fixed CVE-2009-3767: libraries/libldap/tls_o.c doesn't properly handle NULL
+ character in subject Common Name (Closes: #553432)
+
+ -- Giuseppe Iuculano <iuculano at debian.org> Tue, 10 Nov 2009 19:09:45 +0100
+
+openldap (2.4.17-2) unstable; urgency=low
+
+ * Fix up the lintian warnings:
+ - add missing misc-depends on all packages
+ - slapd, libldap-2.4-2-dbg sections changed to 'debug' to match archive
+ overrides
+ - bump Standards-Version to 3.8.2, no changes required.
+ * slapd.scripts-common: fix upgrade to correctly handle multiple database
+ declarations; thanks, Peter Marschall <peter at adpm.de>! Closes: #517556
+ * Add 'status' argument to init script; thanks to Peter Eisentraut
+ <petere at debian.org>. Closes: #545898.
+ * New patch, do-not-second-guess-sonames, to remove an incorrect check for
+ the Cyrus SASL version number at runtime. If there's any reason this is
+ needed, it needs to be addressed in the cyrus-sasl soname and Debian
+ shlibs, not here. Closes: #546885.
+
+ -- Steve Langasek <vorlon at debian.org> Tue, 22 Sep 2009 20:06:34 -0700
+
++openldap (2.4.17-1ubuntu3) karmic; urgency=low
++
++ * Install a minimal slapd configuration instead of creating a default
++ database with a default DIT:
++ + Move openldap user home from /var/lib/ldap to /nonexistent.
++ + Remove all code and templates dealing with the default database and DIT
++ creation.
++ + Add an Authz map from root user (UID=0) to cn=localroot,cn=config and
++ grant all access to the latter in the cn=config database as well as the
++ default backend configuration.
++ * Add cn=localroot,cn=config authz mapping on upgrades.
++
++ -- Mathias Gug <mathiaz at ubuntu.com> Tue, 11 Aug 2009 14:48:56 -0400
++
++openldap (2.4.17-1ubuntu2) karmic; urgency=low
++
++ [ Thierry Carrez ]
++ * debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
++ in the openldap library, as required by Likewise-Open (LP: #390579)
++
++ [ Mathias Gug ]
++ * debian/patches/its6077-uniqueness-overlay: fixes some issues with the
++ uniqueness overlay.
++ * debian/patches/its6220-writetimeout-directive: fixes a problem with the
++ writetimeout directive being in effect even if it wasn't set,
++ closing connections incorrectly.
++ * debian/patches/its6222-dncachesize-parameter: fixes the behavior of the
++ dncachesize parameter that was added in RE24, so that if it is set to
++ "0" (now the default), it has an unlimited DN cache (RE23 always
++ had an unlimited DN cache).
++
++ -- Mathias Gug <mathiaz at ubuntu.com> Fri, 31 Jul 2009 13:43:46 -0400
++
++openldap (2.4.17-1ubuntu1) karmic; urgency=low
++
++ [ Steve Langasek ]
++ * Fix up the lintian warnings:
++ - add missing misc-depends on all packages
++ - slapd, libldap-2.4-2-dbg sections changed to 'debug' to match archive
++ overrides
++ - bump Standards-Version to 3.8.2, no changes required.
++
++ [ Mathias Gug ]
++ * Resynchronise with Debian. Remaining changes:
++ - AppArmor support:
++ - debian/apparmor-profile: add AppArmor profile
++ - updated debian/slapd.README.Debian for note on AppArmor
++ - debian/slapd.dirs: add etc/apparmor.d/force-complain
++ - debian/slapd.postrm: remove symlink in force-complain/ on purge
++ - debian/rules: install apparmor profile.
++ - Don't use local statement in config script as it fails if /bin/sh
++ points to bash.
++ - debian/slapd.postinst, debian/slapd.script-common: set correct
++ ownership and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group
++ readable) and /var/run/slapd (world readable).
++ - Enable nssoverlay:
++ - debian/patches/nssov-build, debian/rules: Build and package the nss
++ overlay.
++ - debian/schema/misc.ldif: add ldif file for the misc schema which
++ defines rfc822MailMember (required by the nss overlay).
++ - debian/{control,rules}: enable PIE hardening
++ - Use cn=config as the default configuration backend instead of
++ slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade
++ asking the end user to enter a new password to control the access to
++ the cn=config tree.
++ - debian/slapd.postinst: create /var/run/slapd before updating its
++ permissions.
++ - debian/slapd.init: Correctly set slapd config backend option even if
++ the pidfile is configured in slapd default file.
++ * Dropped:
++ - Merged in Debian:
++ - Update priority of libldap-2.4-2 to match the archive override.
++ - Add the missing ldapexop and ldapurl tools to ldap-utils, as well as
++ the ldapurl(1) manpage.
++ - Bump build-dependency on debhelper to 6 instead of 5, since that's
++ what we're using.
++ - Set the default SLAPD_SERVICES to ldap:/// ldapi:///, instead of using
++ the built-in default of ldap:/// only.
++ - Fixed in upstream release:
++ - debian/patches/fix-ldap_back_entry_get_rwa.patch: fix test-0034
++ failure when built with PIE.
++ - debian/patches/gnutls-enable-v1-ca-certs: Enable V1 CA certs to be
++ trusted.
++ - Update Apparmor profile support: don't support upgrade from pre-hardy
++ systems:
++ - debian/slapd.postinst: Reload AA profile on configuration
++ - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
++ - debian/control: Conflicts with apparmor-profiles <<
++ 2.1+1075-0ubuntu4 to make sure that if earlier version of
++ apparmor-profiles gets installed it won't overwrite our profile.
++ - follow ApparmorProfileMigration and force apparmor complain mode on
++ some upgrades
++ - debian/slapd.preinst: create symlink for force-complain on
++ pre-feisty upgrades, upgrades where apparmor-profiles profile is
++ unchanged (ie non-enforcing) and upgrades where apparmor profile
++ does not exist.
++ - debian/patches/autogen.sh: no longer needed with karmic libtool.
++ - Call libtoolize with the --install option to install
++ config.{guess,sub} files.
++
++ -- Mathias Gug <mathiaz at ubuntu.com> Thu, 30 Jul 2009 16:42:58 -0400
++
+openldap (2.4.17-1) unstable; urgency=low
+
+ * New upstream version.
+ - Fixes FTBFS on ia64 with -fPIE. Closes: #524770.
+ - Fixes some TLS issues with GnuTLS. Closes: #505191.
+ * Update priority of libldap-2.4-2 to match the archive override.
+ * Add the missing ldapexop and ldapurl tools to ldap-utils, as well as the
+ ldapurl(1) manpage. Thanks to Peter Marschall for the patch.
+ Closes: #496749.
+ * Bump build-dependency on debhelper to 6 instead of 5, since that's
+ what we're using. Closes: #498116.
+ * Set the default SLAPD_SERVICES to ldap:/// ldapi:///, instead of using
+ the built-in default of ldap:/// only.
+ * Build-depend on libltdl-dev | libltdl3-dev (>= 1.4.3), for the package
+ name change. Closes: #522965.
+
+ [ Updated debconf translations ]
+ * Spanish, thanks to Francisco Javier Cuadrado <fcocuadrado at gmail.com>.
+ Closes: #521804.
+
+ -- Steve Langasek <vorlon at debian.org> Tue, 28 Jul 2009 10:17:15 -0700
+
++openldap (2.4.15-1.1ubuntu1) karmic; urgency=low
++
++ * Resynchronise with Debian. Remaining changes:
++ - AppArmor support:
++ - debian/apparmor-profile: add AppArmor profile
++ - debian/slapd.postinst: Reload AA profile on configuration
++ - updated debian/slapd.README.Debian for note on AppArmor
++ - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
++ - debian/control: Conflicts with apparmor-profiles <<
++ 2.1+1075-0ubuntu4 to make sure that if earlier version of
++ apparmor-profiles gets installed it won't overwrite our profile.
++ - follow ApparmorProfileMigration and force apparmor complain mode on
++ some upgrades
++ - debian/slapd.dirs: add etc/apparmor.d/force-complain
++ - debian/slapd.preinst: create symlink for force-complain on
++ pre-feisty upgrades, upgrades where apparmor-profiles profile is
++ unchanged (ie non-enforcing) and upgrades where apparmor profile
++ does not exist.
++ - debian/slapd.postrm: remove symlink in force-complain/ on purge
++ - debian/patches/autogen.sh:
++ - Call libtoolize with the --install option to install
++ config.{guess,sub} files.
++ - Don't use local statement in config script as it fails if /bin/sh
++ points to bash.
++ - debian/slapd.postinst, debian/slapd.script-common: set correct
++ ownership and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group
++ readable) and /var/run/slapd (world readable).
++ - Enable nssoverlay:
++ - debian/patches/nssov-build, debian/rules: Build and package the nss
++ overlay.
++ - debian/schema/misc.ldif: add ldif file for the misc schema which
++ defines rfc822MailMember (required by the nss overlay).
++ - debian/{control,rules}: enable PIE hardening
++ - Use cn=config as the default configuration backend instead of
++ slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade
++ asking the end user to enter a new password to control the access to
++ the cn=config tree.
++ - Update priority of libldap-2.4-2 to match the archive override.
++ - Add the missing ldapexop and ldapurl tools to ldap-utils, as well as
++ the ldapurl(1) manpage.
++ - Bump build-dependency on debhelper to 6 instead of 5, since that's
++ what we're using.
++ - Set the default SLAPD_SERVICES to ldap:/// ldapi:///, instead of using
++ the built-in default of ldap:/// only.
++ - debian/patches/fix-ldap_back_entry_get_rwa.patch: fix test-0034
++ failure when built with PIE.
++ - debian/patches/gnutls-enable-v1-ca-certs: Enable V1 CA certs to be
++ trusted.
++ - debian/slapd.postinst: create /var/run/slapd before updating its
++ permissions.
++ - debian/slapd.init: Correctly set slapd config backend option even if
++ the pidfile is configured in slapd default file.
++ * Drop patch to avoid the test suite on hppa, as hppa is EOL.
++
++ -- Colin Watson <cjwatson at ubuntu.com> Wed, 24 Jun 2009 10:45:20 +0100
++
++openldap (2.4.15-1.1) unstable; urgency=low
++
++ * Non-maintainer upload.
++ * Change libltdl3-dev Build-Depends to libltdl-dev | libltdl3-dev
++ (Closes: #522965)
++
++ -- Kurt Roeckx <kurt at roeckx.be> Sun, 19 Apr 2009 18:24:32 +0200
++
++openldap (2.4.15-1ubuntu3) jaunty; urgency=low
++
++ * No-change rebuild to fix lpia shared library dependencies.
++
++ -- Colin Watson <cjwatson at ubuntu.com> Thu, 19 Mar 2009 09:52:40 +0000
++
++openldap (2.4.15-1ubuntu2) jaunty; urgency=low
++
++ * debian/slapd.postinst: create /var/run/slapd before updating its
++ permissions (LP: #298928).
++ * debian/slapd.init: Correclty set slapd config backend option even if the
++ pidfile is configured in slapd default file (LP: #292364).
++ * debian/apparmor-profile: support multiple databases to be stored under
++ /var/lib/ldap/. (LP: #286614).
++
++ -- Mathias Gug <mathiaz at ubuntu.com> Fri, 13 Mar 2009 13:56:12 -0400
++
++openldap (2.4.15-1ubuntu1) jaunty; urgency=low
++
++ [ Steve Langasek ]
++ * Update priority of libldap-2.4-2 to match the archive override.
++ * Add the missing ldapexop and ldapurl tools to ldap-utils, as well as the
++ ldapurl(1) manpage. Thanks to Peter Marschall for the patch.
++ Closes: #496749.
++ * Bump build-dependency on debhelper to 6 instead of 5, since that's
++ what we're using. Closes: #498116.
++ * Set the default SLAPD_SERVICES to ldap:/// ldapi:///, instead of using
++ the built-in default of ldap:/// only.
++
++ [ Mathias Gug ]
++ * Merge from debian unstable, remaining changes:
++ - Modify Maintainer value to match the DebianMaintainerField
++ speficication.
++ - AppArmor support:
++ - debian/apparmor-profile: add AppArmor profile
++ - debian/slapd.postinst: Reload AA profile on configuration
++ - updated debian/slapd.README.Debian for note on AppArmor
++ - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
++ - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
++ to make sure that if earlier version of apparmour-profiles gets
++ installed it won't overwrite our profile.
++ - follow ApparmorProfileMigration and force apparmor compalin mode on
++ some upgrades (LP: #203529)
++ - debian/slapd.dirs: add etc/apparmor.d/force-complain
++ - debian/slapd.preinst: create symlink for force-complain on pre-feisty
++ upgrades, upgrades where apparmor-profiles profile is unchanged (ie
++ non-enforcing) and upgrades where apparmor profile does not exist.
++ - debian/slapd.postrm: remove symlink in force-complain/ on purge
++ - debian/control:
++ - Build-depend on libltdl7-dev rather then libltdl3-dev.
++ - debian/patches/autogen.sh:
++ - Call libtoolize with the --install option to install config.{guess,sub}
++ files.
++ - Don't use local statement in config script as it fails if /bin/sh
++ points to bash (LP: #286063).
++ - Disable the testsuite on hppa. Allows building of packages on this
++ architecture again, once this package is in the archive.
++ LP: #288908.
++ - debian/slapd.postinst, debian/slapd.script-common: set correct ownership
++ and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group readable) and
++ /var/run/slapd (world readable). (LP: #257667).
++ - Enable nssoverlay:
++ - debian/patches/nssov-build, debian/rules: Build and package
++ the nss overlay.
++ - debian/schema/misc.ldif: add ldif file for the misc schema
++ which defines rfc822MailMember (required by the nss overlay).
++ - debian/{control,rules}: enable PIE hardening
++ - Use cn=config as the default configuration backend instead of
++ slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade
++ asking the end user to enter a new password to control the access to the
++ cn=config tree.
++ * Dropped:
++ - debian/patches/corrupt-contextCSN: The contextCSN can get corrupted at
++ times. (ITS: #5947) Fixed in new upstream version 2.4.15.
++ - debian/patches/fix-ucred-libc due to changes how newer glibc handle
++ the ucred struct now. Implemented in Debian.
++ * debian/patches/fix-ldap_back_entry_get_rwa.patch: fix test-0034 failure
++ when built with PIE.
++ * debian/patches/gnutls-enable-v1-ca-certs: Enable V1 CA certs to be
++ trusted (LP: #305264).
++
++ -- Mathias Gug <mathiaz at ubuntu.com> Fri, 06 Mar 2009 17:34:21 -0500
++
+openldap (2.4.15-1) unstable; urgency=low
+
+ * New upstream version
+ - Fixes a bug with the pcache overlay not returning cached entries
+ (closes: #497697)
+ - Update evolution-ntlm patch to apply to current Makefiles.
+ - (tentatively) drop gnutls-ciphers, since this bug was reported to be
+ fixed upstream in 2.4.8. The fix applied in 2.4.8 didn't match the
+ patch from the bug report, so this should be watched for regressions.
+ * Build against db4.7 instead of db4.2 at last! Closes: #421946.
+ * Build with --disable-ndb, to avoid a misbuild when libmysqlclient is
+ installed in the build environment.
+ * Add -D_GNU_SOURCE to CFLAGS, apparently required for building with
+ current headers in unstable
+
+ -- Steve Langasek <vorlon at debian.org> Tue, 24 Feb 2009 14:27:35 -0800
+
++openldap (2.4.14-0ubuntu1) jaunty; urgency=low
++
++ [ Steve Langasek ]
++ * New upstream version
++ - Fixes a bug with the pcache overlay not returning cached entries
++ (closes: #497697)
++ - Update evolution-ntlm patch to apply to current Makefiles.
++ - (tentatively) drop gnutls-ciphers, since this bug was reported to be
++ fixed upstream in 2.4.8. The fix applied in 2.4.8 didn't match the
++ patch from the bug report, so this should be watched for regressions.
++ * Build against db4.7 instead of db4.2 at last! Closes: #421946.
++ * Build with --disable-ndb, to avoid a misbuild when libmysqlclient is
++ installed in the build environment.
++ * New patch, no-crlcheck-for-gnutls, to fix a build failure when using
++ --with-tls=gnutls.
++
++ [ Mathias Gug ]
++ * Merge from debian unstable, remaining changes:
++ - debian/apparmor-profile: add AppArmor profile
++ - debian/slapd.postinst: Reload AA profile on configuration
++ - updated debian/slapd.README.Debian for note on AppArmor
++ - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
++ - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
++ to make sure that if earlier version of apparmour-profiles gets
++ installed it won't overwrite our profile.
++ - Modify Maintainer value to match the DebianMaintainerField
++ speficication.
++ - follow ApparmorProfileMigration and force apparmor compalin mode on
++ some upgrades (LP: #203529)
++ - debian/slapd.dirs: add etc/apparmor.d/force-complain
++ - debian/slapd.preinst: create symlink for force-complain on pre-feisty
++ upgrades, upgrades where apparmor-profiles profile is unchanged (ie
++ non-enforcing) and upgrades where apparmor profile does not exist.
++ - debian/slapd.postrm: remove symlink in force-complain/ on purge
++ - debian/patches/fix-ucred-libc due to changes how newer glibc handle
++ the ucred struct now.
++ - debian/control:
++ - Build-depend on libltdl7-dev rather then libltdl3-dev.
++ - debian/patches/autogen.sh:
++ - Call libtoolize with the --install option to install config.{guess,sub}
++ files.
++ - Don't use local statement in config script as it fails if /bin/sh
++ points to bash (LP: #286063).
++ - Disable the testsuite on hppa. Allows building of packages on this
++ architecture again, once this package is in the archive.
++ LP: #288908.
++ - debian/slapd.postinst, debian/slapd.script-common: set correct ownership
++ and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group readable) and
++ /var/run/slapd (world readable). (LP: #257667).
++ - debian/patches/nssov-build, debian/rules:
++ Build and package the nss overlay.
++ debian/schema/misc.ldif: add ldif file for the misc schema, which defines
++ rfc822MailMember (required by the nss overlay).
++ - debian/{control,rules}: enable PIE hardening
++ - Use cn=config as the default configuration backend instead of
++ slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade
++ asking the end user to enter a new password to control the access to the
++ cn=config tree.
++ * debian/patches/corrupt-contextCSN: The contextCSN can get corrupted at
++ times. (ITS: #5947)
++
++ -- Mathias Gug <mathiaz at ubuntu.com> Wed, 18 Feb 2009 18:44:00 -0500
++
+openldap (2.4.11-1) unstable; urgency=low
+
+ * New upstream version (closes: #499560).
+ - Fixes a crash with syncrepl and delcsn (closes: #491066).
+ - Fix CRL handling with GnuTLS (closes: #498410).
+ - Drop patches no_backend_inter-linking,
+ CVE-2008-2952_BER-decoding-assertion, and gnutls-ssf, applied
+ upstream.
+
+ [ Russ Allbery ]
+ * New patch, back-perl-init, which updates the calling conventions
+ around initialization and shutdown of the Perl interpreter to match
+ the current perlembed recommendations. Fixes probable hangs on HPPA
+ in back-perl. Thanks, Niko Tyni. (Closes: #495069)
+
+ [ Steve Langasek ]
+ * Drop the conflict with libldap2, which is not the standard means of
+ handling symbol conflicts in Debian and which causes serious upgrade
+ problems from etch. Closes: #487211.
+
+ -- Steve Langasek <vorlon at debian.org> Sat, 11 Oct 2008 01:53:55 -0700
+
++openldap (2.4.11-0ubuntu7) jaunty; urgency=low
++
++ * Don't use local statement in config script as it fails if /bin/sh
++ points to bash (LP: #286063).
++
++ -- Mathias Gug <mathiaz at ubuntu.com> Tue, 04 Nov 2008 20:03:46 -0500
++
++openldap (2.4.11-0ubuntu6) intrepid; urgency=low
++
++ * Disable the testsuite on hppa. Allows building of packages on this
++ architecture again, once this package is in the archive.
++ LP: #288908.
++
++ -- Matthias Klose <doko at ubuntu.com> Fri, 24 Oct 2008 23:22:33 +0200
++
++openldap (2.4.11-0ubuntu5) intrepid; urgency=low
++
++ * Don't set admin passwords in ldif files if adminpw is empty.
++ (LP: #273988 - LP: #276606).
++
++ -- Mathias Gug <mathiaz at ubuntu.com> Mon, 13 Oct 2008 19:31:15 -0400
++
++openldap (2.4.11-0ubuntu4) intrepid; urgency=low
++
++ * debian/slapd.postinst, debian/slapd.script-common: set correct ownership
++ and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group readable) and
++ /var/run/slapd (world readable). (LP: #257667).
++ * debian/slapd.script-common:
++ - Fix package reconfiguration:
++ + Remove slapd.d/ directory if it already exists when creating a new
++ configuration.
++ + Fix backup directory naming for multiple reconfiguration.
++
++ -- Mathias Gug <mathiaz at ubuntu.com> Wed, 24 Sep 2008 21:01:42 -0400
++
++openldap (2.4.11-0ubuntu3) intrepid; urgency=low
++
++ * debian/patches/nssov-build, debian/rules:
++ Build and package the nss overlay.
++ * debian/schema/misc.ldif: add ldif file for the misc schema, which defines
++ rfc822MailMember (required by the nss overlay).
++
++ -- Mathias Gug <mathiaz at ubuntu.com> Tue, 26 Aug 2008 18:42:54 -0400
++
++openldap (2.4.11-0ubuntu2) intrepid; urgency=low
++
++ * debian/{control,rules}: enable PIE hardening
++
++ -- Kees Cook <kees at ubuntu.com> Wed, 20 Aug 2008 15:47:01 -0700
++
++openldap (2.4.11-0ubuntu1) intrepid; urgency=low
++
++ * New upstream version:
++ - Mainly bug fixes.
++ - New nss slapd overlay (not compiled by default).
++ * Use cn=config as the default configuration backend instead of
++ slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade
++ asking the end user to enter a new password to control the access to the
++ cn=config tree.
++
++ -- Mathias Gug <mathiaz at ubuntu.com> Mon, 11 Aug 2008 20:26:05 -0400
++
++openldap (2.4.10-3ubuntu1) intrepid; urgency=low
++
++ [ Mathias Gug ]
++ * Merge from debian unstable, remaining changes:
++ - debian/apparmor-profile: add AppArmor profile
++ - debian/slapd.postinst: Reload AA profile on configuration
++ - updated debian/slapd.README.Debian for note on AppArmor
++ - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
++ - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
++ to make sure that if earlier version of apparmour-profiles gets
++ installed it won't overwrite our profile.
++ - Modify Maintainer value to match the DebianMaintainerField
++ speficication.
++ - follow ApparmorProfileMigration and force apparmor compalin mode on
++ some upgrades (LP: #203529)
++ - debian/slapd.dirs: add etc/apparmor.d/force-complain
++ - debian/slapd.preinst: create symlink for force-complain on pre-feisty
++ upgrades, upgrades where apparmor-profiles profile is unchanged (ie
++ non-enforcing) and upgrades where apparmor profile does not exist.
++ - debian/slapd.postrm: remove symlink in force-complain/ on purge
++ - debian/patches/fix-ucred-libc due to changes how newer glibc handle
++ the ucred struct now.
++ - debian/patches/fix-unique-overlay-assertion.patch:
++ Fix another assertion error in unique overlay (LP: #243337).
++ Backport from head.
++ * Dropped - implemented in Debian:
++ - debian/patches/fix-gnutls-key-strength.patch:
++ Fix slapd handling of ssf using gnutls. (LP: #244925).
++ - debian/control:
++ Add time as build dependency: needed by make test.
++ * debian/control:
++ - Build-depend on libltdl7-dev rather then libltdl3-dev.
++ * debian/patches/autogen.sh:
++ - Call libtoolize with the --install option to install config.{guess,sub}
++ files.
++
++ [ Jamie Strandboge ]
++ * adjust apparmor profile to allow gssapi (LP: #229252)
++ * adjust apparmor profile to allow cnconfig (LP: #243525)
++
++ -- Mathias Gug <mathiaz at ubuntu.com> Wed, 30 Jul 2008 19:46:02 -0400
++
+openldap (2.4.10-3) unstable; urgency=low
+
+ [ Steve Langasek ]
+ * New patch, CVE-2008-2952_BER-decoding-assertion, to fix a remote DoS
+ vulnerability in the BER decoder. Addresses CVE-2008-2952,
+ closes: #488710.
+ * debian/slapd.scripts-common, debian/slapd.postinst: drop
+ update_path_argsfile_pidfile function, not needed for updates from etch
+ or newer.
+ * Drop the code to check for and upgrade ldbm databases. The etch
+ release of slapd had already dropped support for them and direct
+ upgrades from sarge are not supported.
+
+ [ Russ Allbery ]
+ * Apply upstream patch to convert GnuTLS cipher strength from bytes to
+ bits, as expected by OpenLDAP. (Closes: #473796)
+ * Add Build-Depends on time, used by the test suite and only a shell
+ built-in with bash. Thanks, Daniel Schepler. (Closes: #490754)
+ * Refresh all patches, convert all patches to -p1, and remove extraneous
+ Index: lines. (Closes: #485263)
+ * Unless DFSG_NONFREE is set, also check whether the upstream schemas
+ with RFC comments are included.
+ * Update standards version to 3.8.0.
+ - Include debian/README.source pointing to the quilt README.source.
+ - Wrap Uploaders for readability.
+ * Wrap slapd's Depends for readability.
+
+ [ Updated debconf translations ]
+ * Swedish, thanks to Martin Ågren <martin.agren at gmail.com>.
+ Closes: #492748.
+
+ -- Steve Langasek <vorlon at debian.org> Mon, 28 Jul 2008 15:26:06 -0700
+
++openldap (2.4.10-2ubuntu1) intrepid; urgency=low
++
++ * Merge from debian unstable, remaining changes:
++ - debian/apparmor-profile: add AppArmor profile
++ - debian/slapd.postinst: Reload AA profile on configuration
++ - updated debian/slapd.README.Debian for note on AppArmor
++ - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
++ - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
++ to make sure that if earlier version of apparmour-profiles gets
++ installed it won't overwrite our profile.
++ - Modify Maintainer value to match the DebianMaintainerField
++ speficication.
++ - follow ApparmorProfileMigration and force apparmor compalin mode on
++ some upgrades (LP: #203529)
++ - debian/slapd.dirs: add etc/apparmor.d/force-complain
++ - debian/slapd.preinst: create symlink for force-complain on pre-feisty
++ upgrades, upgrades where apparmor-profiles profile is unchanged (ie
++ non-enforcing) and upgrades where apparmor profile does not exist.
++ - debian/slapd.postrm: remove symlink in force-complain/ on purge
++ - debian/patches/fix-ucred-libc due to changes how newer glibc handle
++ the ucred struct now.
++ - debian/patches/fix-unique-overlay-assertion.patch:
++ Fix another assertion error in unique overlay (LP: #243337).
++ Backport from head.
++ - debian/patches/fix-gnutls-key-strength.patch:
++ Fix slapd handling of ssf using gnutls. (LP: #244925).
++ - debian/control:
++ Add time as build dependency: needed by make test.
++ * Dropped - implemented in Debian:
++ - debian/rules:
++ Support debuild nocheck option: don't run tests if nocheck is set.
++
++ -- Mathias Gug <mathiaz at ubuntu.com> Thu, 10 Jul 2008 14:45:49 -0400
++
+openldap (2.4.10-2) unstable; urgency=low
+
+ * Support DEB_BUILD_OPTIONS=nocheck to disable running the test suite at
+ build time
+ * Hack around glibc behavior when resolving localhost, by exporting
+ RESOLV_MULTI=off when invoking the test suite
+ * Reclaim the 'openldap' source package name; openldap2.3 has been a
+ misnomer for some time, causing undue confusion, so switch to a
+ permanent source package name that we won't need to change again later.
+ - Along the way, kill off non-DFSG-compliant schema files that snuck
+ back into the archive due to my bad merge of 2.4.10.
+
+ -- Steve Langasek <vorlon at debian.org> Sun, 06 Jul 2008 22:03:32 -0700
+
++openldap2.3 (2.4.10-1ubuntu1) intrepid; urgency=low
++
++ * Merge from debian unstable, remaining changes:
++ - debian/apparmor-profile: add AppArmor profile
++ - debian/slapd.postinst: Reload AA profile on configuration
++ - updated debian/slapd.README.Debian for note on AppArmor
++ - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
++ - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
++ to make sure that if earlier version of apparmour-profiles gets
++ installed it won't overwrite our profile.
++ - Modify Maintainer value to match the DebianMaintainerField
++ speficication.
++ - follow ApparmorProfileMigration and force apparmor compalin mode on
++ some upgrades (LP: #203529)
++ - debian/slapd.dirs: add etc/apparmor.d/force-complain
++ - debian/slapd.preinst: create symlink for force-complain on pre-feisty
++ upgrades, upgrades where apparmor-profiles profile is unchanged (ie
++ non-enforcing) and upgrades where apparmor profile does not exist.
++ - debian/slapd.postrm: remove symlink in force-complain/ on purge
++ - debian/patches/fix-ucred-libc due to changes how newer glibc handle
++ the ucred struct now.
++ - debian/patches/fix-unique-overlay-assertion.patch:
++ Fix another assertion error in unique overlay (LP: #243337).
++ Backport from head.
++ * debian/control:
++ - add time as build dependency: needed by make test.
++ * debian/rules:
++ - support debuild nocheck option: don't run tests if nocheck is set.
++ * debian/patches/fix-gnutls-key-strength.patch:
++ - fix slapd handling of ssf using gnutls. (LP: #244925).
++ * Dropped - accepted in Debian:
++ - debian/rules, debian/slapd.links: use hard links to slapd instead of
++ symlinks for slap* so these applications aren't confined by apparmor
++ (LP: #203898)
++ * Dropped - fixed in new upstream release:
++ - debian/patches/fix-assertion-io.patch: Fixes ber_flush2 assertion.
++ (LP: #215904)
++ - debian/patches/fix-dnpretty-assertion.patch: Fix dnPrettyNormal assertion
++ error. (LP: #234196)
++ - dropped debian/patches/fix-notify-crasher.patch: Fix modify timestamp crashes.
++ (LP: #220724)
++ - debian/patches/fix-syncrepl-oops: Fixes segmentation fault when using
++ syncrepl. (LP: #227178)
++ - dropped debian/patches/SECURITY_CVE-2008-0658.patch. Already applied
++ upstream.
++
++ -- Mathias Gug <mathiaz at ubuntu.com> Thu, 03 Jul 2008 14:15:08 -0400
++
+openldap2.3 (2.4.10-1) unstable; urgency=low
+
+ [ Steve Langasek ]
+ * New upstream release.
+ - Clean up ld_defconn if it was freed, fixing an assertion failure in
+ various clients. Closes: #469232.
+ - Fixes slapd syncrepl hang on back-config. Closes: #471253.
+ - Drop patch hurd-path-max, integrated upstream.
+ * Drop spurious build-dependency on heimdal-dev, introduced accidentally
+ as part of an aborted attempt to build the smbk5pwd overlay.
+ * Use hardlinks instead of symlinks for the various slap* commands; this
+ is functionally equivalent for us, and reduces divergence from
+ derivatives such as Ubuntu that use apparmor. Closes: #488409.
+ * New patch, no_backend_inter-linking, to fix the meta backend to not
+ try to look up symbols in external objects (back_ldap) that it
+ doesn't link against.
+ * Turn on 'make test' during builds, now that back_meta is fixed.
+
+ [ Matthijs Mohlmann ]
+ * All manpages in category 5 were missing, wrong directory.
+ (Closes: #474976, #483631, #483633)
+
+ -- Steve Langasek <vorlon at debian.org> Mon, 30 Jun 2008 04:28:34 -0700
+
++openldap2.3 (2.4.9-1ubuntu4) intrepid; urgency=low
++
++ * debian/patches/fix-unique-overlay-assertion.patch:
++ - Fix another assertion error in unique overlay, backported from head.
++ (LP: #243337) Note: This patch will still be needed when moved to 2.4.10
++
++ -- Chuck Short <zulcss at ubuntu.com> Mon, 30 Jun 2008 18:49:52 +0000
++
++openldap2.3 (2.4.9-1ubuntu3) intrepid; urgency=low
++
++ * Drop spurious dependency on hiemdal-dev. Caused by an aborted attempt to
++ include the smbk5pwd overlay.
++
++ -- Chuck Short <zulcss at ubuntu.com> Wed, 11 Jun 2008 21:25:40 +0000
++
++openldap2.3 (2.4.9-1ubuntu2) intrepid; urgency=low
++
++ * Rebuild for perl 5.10 transition (LP: #230016)
++ * debian/patches/fix-syncrepl-oops: Fixes segmentation fault when using
++ syncrepl. (LP: #227178)
++
++ -- Chuck Short <zulcss at ubuntu.com> Mon, 09 Jun 2008 14:56:40 +0000
++
++openldap2.3 (2.4.9-1ubuntu1) intrepid; urgency=low
++
++ * Merge from debian unstable, remaining changes:
++ - debian/apparmor-profile: add AppArmor profile
++ - debian/slapd.postinst: Reload AA profile on configuration
++ - updated debian/slapd.README.Debian for note on AppArmor
++ - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
++ - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
++ to make sure that if earlier version of apparmour-profiles gets
++ installed it won't overwrite our profile.
++ - Modify Maintainer value to match the DebianMaintainerField
++ speficication.
++ - follow ApparmorProfileMigration and force apparmor compalin mode on
++ some upgrades (LP: #203529)
++ - debian/slapd.dirs: add etc/apparmor.d/force-complain
++ - debian/slapd.preinst: create symlink for force-complain on pre-feisty
++ upgrades, upgrades where apparmor-profiles profile is unchanged (ie
++ non-enforcing) and upgrades where apparmor profile does not exist.
++ - debian/slapd.postrm: remove symlink in force-complain/ on purge
++ - debian/rules, debian/slapd.links: use hard links to slapd instead of
++ symlinks for slap* so these applications aren't confined by apparmor
++ (LP: #203898)
++ - debian/patches/fix-assertion-io.patch: Fixes ber_flush2 assertion.
++ (LP: #215904)
++ - debian/patches/fix-dnpretty-assertion.patch: Fix dnPrettyNormal assertion
++ error. (LP: #234196)
++ - dropped debian/patches/fix-notify-crasher.patch: Fix modify timestamp crashes.
++ (LP: #220724)
++ - dropped debian/patches/SECURITY_CVE-2008-0658.patch. Already applied
++ upstream.
++ * Added debian/patches/fix-ucred-libc due to changes how newer glibc handle
++ the ucred struct now.
++
++ -- Chuck Short <zulcss at ubuntu.com> Fri, 30 May 2008 17:09:53 +0100
++
+openldap2.3 (2.4.9-1) unstable; urgency=low
+
+ [ Updated debconf translations ]
+ * French, thanks to Christian Perrier <bubulle at debian.org>.
+ Closes: #471792.
+ * Finnish, thanks to Esko Arajärvi <edu at iki.fi>. Closes: #475238.
+ * Czech, thanks to Miroslav Kure <kurem at upcase.info.upol.cz>.
+ Closes: #480138.
+ * Basque, thanks to Piarres Beobide <pi+debian at beobide.net>.
+ Closes: #480177.
+ * Vietnamese, thanks to Clytie Siddall <clytie at riverland.net.au>.
+ Closes: #480181.
+ * Galician, thanks to Jacobo Tarrio <jtarrio at trasno.net>. Closes: #480218.
+ * Japanese, thanks to Kenshi Muto <kmuto at debian.org>. Closes: #480247.
+ * Italian, thanks to Luca Monducci <luca.mo at tiscali.it>. (Closes: #477718)
+ * Brazilian Portuguese, thanks to Eder L. Marques <eder at edermarques.net>
+ (Closes: #480172)
+ * Portuguese, thanks to Tiago Fernandes <tjg.fernandes at gmail.com>
+ (Closes: #481126)
+ * Russian, thanks to Yuri Kozlov <kozlov.y at gmail.com> (Closes: #481214)
+ * Dutch, thanks to "cobaco (aka Bart Cornelis)" <cobaco at skolelinux.no>.
+ Closes: #483014.
+
+ [ Matthijs Mohlmann ]
+ * New upstream release.
+ - Bad entryUUID no longer crashes slapd. (Closes: #471867)
+ - Fix assertion failure in some modify operations. (Closes: #474161)
+ - Mention index in slapd.conf's man page. (Closes: #414650)
+ - Fixes to slapd include handling. (Closes: #457261)
+ - Fix syncrepl cookie truncation. (Closes: #464024)
+ - Fix memory allocation in ldap_parse_page_control. (Closes: #464877)
+ - Fix slapd crash when accessed by multiple threads. (Closes: #479237)
+ * Acknowledge NMU.
+ (Closes: #474976, #471225, #475856, #474652, #465875)
+ * Bump Standards-Version to 3.7.3
+ * Add versioned build dependency on libgnutls-dev (Closes: #466558)
+ * Bump debhelper compat level to 6.
+
+ [ Russ Allbery ]
+ * Use MAXPATHLEN rather than PATH_MAX, since OpenLDAP defines the
+ former and the latter isn't defined on GNU Hurd. Thanks, Samuel
+ Thibault. (Closes: #475744)
+
+ -- Matthijs Mohlmann <matthijs at cacholong.nl> Mon, 26 May 2008 22:34:16 +0200
+
+openldap2.3 (2.4.7-6.3) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Install all slapd relevant manpages into slapd package.
+ (closes: #474976)
+ * Make libldap-2.4-2 conflict against libldap2. (closes: #475856)
+
+ -- Bastian Blank <waldi at debian.org> Tue, 29 Apr 2008 18:00:23 +0200
+
+openldap2.3 (2.4.7-6.2) unstable; urgency=low
+
+ * Non-maintainer upload to solve release goal issues.
+ * Add LSB dependency header to init.d scripts (Closes: #474652)
+
+ -- Petter Reinholdtsen <pere at debian.org> Wed, 16 Apr 2008 08:04:49 +0200
+
+openldap2.3 (2.4.7-6.1) unstable; urgency=high
+
+ * Non-maintainer upload by security team.
+ * Fix possible remote denial of service vulnerability in the BDB backend
+ via a modrdn operation with a NOOP control
+ (CVE-2008-0658; Closes: #465875).
+
+ -- Nico Golde <nion at debian.org> Tue, 04 Mar 2008 14:34:44 +0100
+
++openldap2.3 (2.4.7-6ubuntu3) hardy; urgency=low
++
++ * remove apparmor-profile workaround for Launchpad #202161 (it's now fixed
++ in klibc)
++
++ -- Jamie Strandboge <jamie at ubuntu.com> Mon, 07 Apr 2008 16:09:38 -0400
++
++openldap2.3 (2.4.7-6ubuntu2) hardy; urgency=low
++
++ * apparmor-profile workaround for Launchpad #202161
++ * follow ApparmorProfileMigration and force apparmor complain mode on some
++ upgrades (LP: #203529)
++ - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
++ - debian/slapd.dirs: add etc/apparmor.d/force-complain
++ - debian/slapd.preinst: create symlink for force-complain/ on pre-feisty
++ upgrades, upgrades where apparmor-profiles profile is unchanged (ie
++ non-enforcing) and upgrades where apparmor profile does not exist
++ - debian/slapd.postrm: remove symlink in force-complain/ on purge
++ * debian/rules, debian/slapd.links: use hard links to slapd instead of
++ symlinks for slap* so these applications aren't confined by apparmor
++ (LP: #203898)
++
++ -- Jamie Strandboge <jamie at ubuntu.com> Tue, 18 Mar 2008 13:53:23 -0400
++
++openldap2.3 (2.4.7-6ubuntu1) hardy; urgency=low
++
++ * Merge from Debian unstable, remaining changes:
++ + debian/patches/SECURITY_CVE-2008-0658.patch (LP: #197077)
++ slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39
++ allows remote authenticated users to cause a denial of service (daemon
++ crash) via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION)
++ control, a related issue to CVE-2007-6698.
++ + debian/apparmor-profile: add AppArmor profile
++ + debian/slapd.postinst: Reload AA profile on configuration
++ + updated debian/slapd.README.Debian for note on AppArmor
++ + debian/control: Replaces apparmor-profiles << 2.1+1075-0ubuntu4 as we
++ should now take control
++ + debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
++ to make sure that if earlier version of apparmor-profiles gets
++ installed it won't overwrite our profile
++ + Modify Maintainer value to match the DebianMaintainerField
++ specification.
++
++ -- Steve Langasek <steve.langasek at ubuntu.com> Tue, 04 Mar 2008 01:59:51 +0000
++
+openldap2.3 (2.4.7-6) unstable; urgency=low
+
+ [ Updated debconf translations ]
+ * Dutch, thanks to Bart Cornelis <cobaco at skolelinux.no>. Closes: #452950.
+ * Brazilian Portuguese, thanks to Eder L. Marques <frolic at debian-ce.org>.
+ Closes: #463460.
+ * German, thanks to Helge Kreutzmann <debian at helgefjell.de>.
+ Closes: #465784.
+
+ [ Steve Langasek ]
+ * Relax build-dependency on libsasl2-dev now that the versioned dependency
+ is satisfied by all extant versions (including in oldstable), fixing a
+ lintian warning about versioned build-deps on Debian revisions.
+ * Avoid using a mutex around getaddrinfo() and getnameinfo() calls, which
+ are guaranteed by glibc to be threadsafe; this fixes a deadlock when
+ using nss_ldap for host lookups. Closes: #340601.
+ * debian/libldap2-dev.manpages: install all of man3/* instead of
+ enumerating specific manpages to install. Closes: #320073.
+ * Add new patch, sasl-cleartext-strncasecmp, to correct a regression that
+ prevented the use of the {CLEARTEXT} password scheme with SASL.
+ Closes LP: #191563.
+ * drop LGPL from debian/copyright; there is no longer any code under this
+ license in the package.
+ * Drop patch gnutls-altname-nulterminated; it's been determined that the
+ "length" discrepancy was a bug in gnutls, and fixed in that package.
+ * debian/configure.options: explicitly pass --with-odbc=unixodbc, so
+ that we depend on the right ODBC implementation when both happen to
+ be installed at build time.
+
+ [ Russ Allbery ]
+ * Add a stamp file for the configure rule to avoid rerunning configure
+ needlessly. Closes: #465588.
+ * Don't create the openldap user if slapd has been configured to run as
+ a different user. If slapd has been configured to run as openldap, do
+ create the user on reconfigure. Closes: #452438.
+ * Reformat, reorganize, and update slapd's README.Debian.
+ - Include SASL configuration information.
+ - Remove LDBM information, since upstream no longer even ships LDBM
+ and the debconf prompting and maintainer scripts already take care
+ of any lingering databases.
+ - Document the differences between the Debian OpenLDAP packages and
+ upstream.
+
+ -- Steve Langasek <vorlon at debian.org> Thu, 28 Feb 2008 22:15:17 -0800
+
++openldap2.3 (2.4.7-5ubuntu2) hardy; urgency=low
++
++ * SECURITY UPDATE:
++ + debian/patches/SECURITY_CVE-2008-0658.patch (LP: #197077)
++ slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39
++ allows remote authenticated users to cause a denial of service (daemon crash)
++ via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION) control, a related
++ issue to CVE-2007-6698.
++
++ * References
++ - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-0658
++ - http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5358
++
++ -- Emanuele Gentili <emgent at emanuele-gentili.com> Sun, 02 Mar 2008 16:34:30 +0100
++
++openldap2.3 (2.4.7-5ubuntu1) hardy; urgency=low
++
++ * add AppArmor profile
++ + debian/apparmor-profile
++ + debian/slapd.postinst: Reload AA profile on configuration
++ * updated debian/slapd.README.Debian for note on AppArmor
++ * debian/control: Replaces apparmor-profiles << 2.1+1075-0ubuntu4 as we
++ should now take control
++ * debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
++ to make sure that if earlier version of apparmor-profiles gets installed
++ it won't overwrite our profile
++ * Modify Maintainer value to match the DebianMaintainerField
++ specification.
++
++ -- Jamie Strandboge <jamie at ubuntu.com> Wed, 13 Feb 2008 17:15:41 +0000
++
+openldap2.3 (2.4.7-5) unstable; urgency=low
+
+ [ Updated debconf translations ]
+ * Finnish, thanks to Esko Arajärvi <edu at iki.fi>. Closes: #462688.
+ * Galician, thanks to Jacobo Tarrio <jtarrio at trasno.net>. Closes: #462987.
+ * French, thanks to Christian Perrier <bubulle at debian.org>.
+ Closes: #463149.
+ * Russian, thanks to Yuri Kozlov <kozlov.y at gmail.com>. Closes: #463442.
+ * Czech, thanks to Miroslav Kure <kurem at debian.cz>. Closes: #463472.
+ * German, thanks to Helge Kreutzmann <debian at helgefjell.de>.
+ Closes: #464718.
+
+ [ Steve Langasek ]
+ * Fix various regressions related to the introduction of GnuTLS:
+ - Add new patch, gnutls-ciphers, to fix support for specifying multiple
+ ciphers with TLSCipherSuite option in slapd.conf. Thanks to Kyle
+ Moffett <kyle at moffetthome.net> for the patch. Closes LP: #188200.
+ - Add new patch, slapd-tlsverifyclient-default, to set the intended
+ default value of "TLSVerifyClient never" in the right place.
+ - Add new patch, gnutls-altname-nulterminated, to account for differences
+ in how the "length" is returned for commonName vs. subjectAltName.
+ - Comment out TLSCipherSuite settings on upgrade from all versions prior
+ to 2.4.7-5, and throw a debconf error to the user notifying them of
+ this, since all OpenSSL cipher suite values are incompatible with
+ GnuTLS.
+ Closes: #462588.
+ * Add new patch from upstream, entryCSN-backwards-compatibility, to support
+ auto-converting entryCSN attributes in a previously supported old format,
+ fixing an upgrade failure. Closes: #462099.
+ * Use --retry TERM/10 instead of --retry 10 when stopping slapd, since the
+ latter resorts to a SIGKILL and may corrupt backend data; whereas the
+ former will exit non-zero if slapd is still running but won't directly
+ cause data-loss. Thanks to Mark McDonald for the patch. LP: #92139.
+ * Fix manpage symlinks in libldap2-dev; thanks to Reuben Thomas for
+ reporting. Closes: #463971.
+ * Fix a superfluous space in the debconf templates, due to a trailing space
+ in the templates. Closes: #464719.
+
+ -- Steve Langasek <vorlon at debian.org> Sat, 09 Feb 2008 14:25:55 -0800
+
+openldap2.3 (2.4.7-4) unstable; urgency=high
+
+ [ Steve Langasek ]
+ * Build-conflict with libicu-dev, for consistent dependencies in all
+ build environments.
+ * Fix an oversight in the checkpoint migration, which caused the checkpoint
+ option to not be moved far enough down. Closes: #462304, LP: #185257.
+ * Build-depend on unixodbc instead of iODBC.
+
+ [ Updated debconf translations ]
+ * Japanese, thanks to Kenshi Muto <kmuto at debian.org>. Closes: #462191.
+
+ -- Steve Langasek <vorlon at debian.org> Fri, 25 Jan 2008 02:17:23 -0800
+
+openldap2.3 (2.4.7-3) unstable; urgency=low
+
+ * Add missing build-dependency on groff-base, to allow use of soelim during
+ build.
+
+ -- Steve Langasek <vorlon at debian.org> Mon, 21 Jan 2008 15:18:27 -0800
+
+openldap2.3 (2.4.7-2) unstable; urgency=low
+
+ * Temporarily drop slapi-dev from the package to get through NEW; this
+ functionality should be readded later, either by restoring the slapi-dev
+ package or by moving it to libldap2-dev, depending on the outcome of
+ discussion with the ftp-masters.
+
+ -- Steve Langasek <vorlon at debian.org> Mon, 21 Jan 2008 06:13:21 -0800
+
+openldap2.3 (2.4.7-1) unstable; urgency=low
+
+ [ Steve Langasek ]
+ * New upstream version; closes: #449354.
+ - remove another schema from upstream source, collective.schema,
+ that contains text from the IETF RFCs and include a stripped copy
+ in debian/schema.
+ - drop patches slurpd-in-spool and man-slurpd, since slurpd is no
+ longer provided upstream.
+ - libldap2.3-0 is now libldap2.4-2
+ - build libldap2-dev from this source package now, superseding
+ openldap2; closes: #428385, #260118, #262539, #391899, #393215.
+ - lastmod and denyop have been moved to contrib upstream and are no
+ longer shipped as supported overlays
+ - drop dependency on libldap2 and take ownership of the
+ /etc/ldap/ldap.conf conffile, since libldap2 is now obsolete
+ - need to dump and reload databases again for the upgrade from 2.3.39.
+ - ldap_init(3) no longer attempts to document the internals of the
+ LDAP opaque type. Closes: #320072.
+ - ldap-utils utilities find LDAP servers via SRV records when given a
+ URL with -H and no host in the URL. Closes: #221173.
+ - if the old slapd.conf included any replica commands, automatically
+ enable syncprov for the corresponding database and print an error
+ with debconf.
+ * slapd.conf and DB_CONFIG are used in the postinst, they shouldn't be
+ shipped under doc/examples because /usr/share/doc can't be depended
+ on per policy; ship the files under /usr/share/slapd and symlink the
+ /other/ way, which also spares us from dh_compress trying to gzip
+ slapd.conf. Closes: #452749.
+ * Drop libldap.so as was done for libldap2, making it a link to
+ libldap_r.so to avoid unfortunate symbol collisions.
+ * Add new patch, libldap-symbol-versions, to build libldap and liblber
+ with symbol versions; needed to avoid segfaults when applications
+ manage to pull both libldap2 and the new libldap-2.4-2 into the same
+ process (as during a partial upgrade or the initial soname
+ transition), and also when the library soname changes again in the
+ future (as it's likely to do).
+ * Reintroduce add-autogen-sh patch, with build deps on libtool, automake,
+ and autoconf, required due to the previous patch; this time around, take
+ care to clean up the autogenerated files in the clean target as well
+ * Build-depend on libgnutls-dev instead of on libssl-dev, so that at long
+ last we can build the server and lib from the same source package again
+ without licensing problems. Closes: #457182, #407334, #428468, #381788.
+ Closes: #412706.
+ * slapd.prerm, slapd.postinst: drop no-longer-needed upgrade code for
+ openldap < 2.1.22
+ * Ask about ldbm to bdb migration in the preinst, since there is no
+ guarantee that the debconf config script will be run before the unpack
+ phase.
+ * Don't stop slapd in the preinst by hand, the prerm already stops the
+ old slapd using the standard interfaces.
+ * Don't build with LAN Manager password support; these passwords are more
+ insecure than traditional Unix crypt, and only relevant when talking to
+ Windows 98.
+ * Move libslapi into the slapd package and provide a virtual package for
+ library dependencies, since this is expected to stay lockstep with the
+ server.
+ * Split slapi dev support into a new libslapi-dev package, as this is
+ unrelated to libldap; and drop libslapi.a since it would be insane to try
+ to statically link a dynamically-loaded slapi plugin.
+ * "checkpoint" directives are no longer supported as part of the backend
+ config, only as part of the database config; move the lines around in
+ slapd.conf on upgrade.
+ * "schemacheck" directives are no longer supported; comment them out
+ on upgrade since this option was set by default in sarge.
+ * Package description updates; thanks to Christian Perrier
+ <bubulle at debian.org> and the Smith review project for these
+ improvements.
+ * Incorporate debconf template changes suggested by the debian-l10n-english
+ team as part of the Smith review project. Closes: #447224.
+
+ [ Russ Allbery ]
+ * Removed fix_ldif and all remaining code to try running it on LDIF
+ dumps. Schema checking has been imposed since 2.1 and it's highly
+ unlikely that anyone still needs this.
+ * Move the checkpoint directive in the default slapd.conf below the
+ database and suffix directives for the primary database. This is now
+ required for OpenLDAP 2.4.
+ * Create /etc/ldap/slapd.conf owned by the openldap group and mode 640
+ by default so that slapindex and friends can read it when run as the
+ openldap user. Fix permissions on upgrade if slapd.conf is owned by
+ root and mode 600. Closes: #432662.
+ * Drop slapd patch to read slapd.conf before dropping privileges, since
+ slapd.conf should now be readable by SLAPD_GROUP.
+ * If SLAPD_CONF is set to a directory in /etc/default/slapd, assume
+ the cn=config backend is used and start slapd with the appropriate
+ options. Based on a patch from Mike Burr. Closes: #411413.
+ * Rework slapd's README.Debian:
+ - Document the BerkeleyDB version. Closes: #438127.
+ - Document how to direct slapd's logs to another file. Closes: #258931.
+ - Remove obsolete information about TLS/SSL and OpenLDAP 2.0 upgrades.
+ - Recommend HDB instead of BDB.
+ - Generally reformat and reorganize.
+ * Patch cleanup:
+ - Combine the NTLM patches for Evolution into a single patch.
+ - Add explanatory comments to every patch.
+ - Refresh all patches to remove diff garbage and trailing whitespace.
+ * debian/rules cleanup:
+ - Fix patch dependencies for parallel build (hopefully).
+ - Tell configure the system type.
+ - Rewrite upstream_strip_nondfsg.sh as a get-orig-source target.
+ - Remove stamp files as the first step of the clean target.
+ - Add trivial build-arch and build-indep targets.
+ - Remove dead code and unnecessary comments.
+ * Remove postrm code to delete /var/lib/slapd/upgrade* flag files. We
+ haven't used those since the 2.1 upgrade.
+ * Update Vcs-* headers for new repository layout.
+ * Remove versioned dependency on an ancient dpkg-dev.
+ * Wrap and reorder Build-Depends for readability.
+
+ [ Updated debconf translations ]
+ * Czech, thanks to Miroslav Kure <kurem at debian.cz>. Closes: #458215.
+ * German, thanks to Helge Kreutzmann <debian at helgefjell.de>.
+ Closes: #452833.
+ * Spanish
+ * Finnish, thanks to Esko Arajärvi <edu at iki.fi>. Closes: #448061.
+ * French, thanks to Christian Perrier <bubulle at debian.org>.
+ Closes: #452632.
+ * Galician, thanks to Jacobo Tarrio <jtarrio at trasno.net>.
+ Closes: #451158.
+ * Italian, thanks to Luca Monducci <luca.mo at tiscali.it>. Closes: #449442.
+ * Japanese, thanks to Kenshi Muto <kmuto at debian.org>. Closes: #451325.
+ * Dutch, thanks to Bart Cornelis <cobaco at skolelinux.no>. Closes: #448935.
+ * Brazilian Portuguese
+ * Portuguese, thanks to Tiago Fernandes <tjg.fernandes at gmail.com>.
+ Closes: #453341.
+ * Russian, thanks to Yuri Kozlov <kozlov.y at gmail.com>. Closes: #453318.
+ * Vietnamese, thanks to Clytie Siddall <clytie at riverland.net.au>.
+ Closes: #453411.
+
+ -- Steve Langasek <vorlon at debian.org> Mon, 21 Jan 2008 04:58:24 -0800
+
+openldap2.3 (2.3.39-1) unstable; urgency=medium
+
+ * Medium severity due to denial of service fix.
+ * New upstream release.
+ - CVE-2007-5708: Fix remote denial of service attack in slapo-pcache
+ (the overlay for proxy caching). (Closes: #448644)
+ - Multiple additional more minor bug fixes.
+ * Document in the default slapd.conf that dbconfig options only generate
+ the DB_CONFIG file on first slapd start and have no effect afterwards
+ unless DB_CONFIG is removed. (Closes: #442191)
+ * Inline the checkpoint and BerkeleyDB backend settings in the default
+ slapd.conf rather than generating them dynamically in postinst. All
+ the allowable default database choices are now BerekelyDB variants and
+ will probably continue to be so for the forseeable future, and this is
+ easier to maintain.
+ * Drop debconf questions, warnings, and maintainer script functions
+ dealing with upgrades from OpenLDAP 2.1, which is now too hold for
+ supported direct upgrades. (Closes: #444806)
+ * Add a watch file. Thanks, Fernando Ribeiro. (Closes: #435290)
+ * Add Homepage, Vcs-Svn, and Vcs-Browser control fields.
+
+ -- Russ Allbery <rra at debian.org> Mon, 12 Nov 2007 16:00:47 -0800
+
+openldap2.3 (2.3.38-1) unstable; urgency=low
+
+ [ Steve Langasek ]
+ * Drop debian/patches/use-lpthread, which is no longer needed on mips*
+ because gcc has been fixed.
+ * Drop debian/patches/add-autogen-sh, also no longer needed now that
+ the above patch is gone.
+
+ [ Matthijs Mohlmann ]
+ * Fix bashism in initscript. (Closes: #428883)
+ * Drop upstream patches ITS4924, ITS4925 and ITS4966.
+ * Add patch for objectClasses which causes slapd to crash. (Closes: #440632)
+ - CVE-2007-5707.
+ - Upstream bug ITS5119.
+ * Change default loglevel to none, to log high priority messages.
+ (Closes: #442000)
+ * Tighten up the build dependencies, now that autogen patch is removed.
+
+ -- Matthijs Mohlmann <matthijs at cacholong.nl> Mon, 17 Sep 2007 22:58:54 +0200
+
+openldap2.3 (2.3.35-2) unstable; urgency=low
+
+ * Enable LAN Manager password support in slapd. (Closes: #245341)
+ * If automatic configuration is selected and slapd.conf doesn't exist
+ during an upgrade, treat this as a fresh installation rather than
+ aborting with an error. Also try to provide a better error message if
+ the user has deleted /etc/ldap/schema but we just generated a new
+ configuration that references it. These cases can occur if someone
+ removes (rather than purges) the package, manually deletes /etc/ldap,
+ and then reinstalls. (Closes: #205010)
+ * Don't fail in slapd's postrm if /etc/ldap/schema has already been
+ deleted.
+ * Remove slapd conflicts with libbind-dev and bind-dev. There no longer
+ appears to be anything in those packages that would break slapd's
+ resolver. (Closes: #225896)
+ * Add libldap-2.3-0-dbg and slapd-dbg packages with detached debugging
+ information.
+ * db_recover is no longer required after changing DB_CONFIG; slapd now
+ detects changes itself and does the right thing. Also note in
+ README.DB_CONFIG the existence of the dbconfig slapd.conf parameter
+ and slapd's DB_CONFIG writing support. (Closes: #412575)
+ * Add options to /etc/default/slapd to let the system administrator tell
+ the init script to not start slapd on boot. (Closes: #254999)
+ * Redirect fd 3 to /dev/null in the slapd init script for additional
+ robustness when debconf is running. (Closes: #227482)
+ * Add to /etc/default/slapd a commented-out example of how to change the
+ keytab file used for GSSAPI authentication. (Closes: #412017)
+ * Use variables in /etc/init.d/slapd for the paths to slapd and slurpd
+ so that someone who really wants to can override them in
+ /etc/default/slapd. (Closes: #403948)
+ * Allow people building packages for outside Debian to skip the checks
+ for non-DFSG-free material by setting a variable. Thanks, Peter
+ Marschall. (Closes: #427245)
+ * Remove duplicate libldap-2.3-0 dependencies. (Closes: #408987)
+ * Use binary:Version instead of Source-Version for the tight
+ dependencies between slapd and ldap-utils and libldap-2.3-0.
+
+ -- Russ Allbery <rra at debian.org> Mon, 11 Jun 2007 20:26:26 -0700
+
+openldap2.3 (2.3.35-1) unstable; urgency=low
+
+ * New upstream release with many bug fixes.
+ - Allow syncprov to follow aliases. (Closes: #422087)
+ * Apply upstream patches:
+ - ITS#4924: client crash on incorrectly tagged result from server.
+ - ITS#4925: NOOP modify with BDB backend crashed slapd.
+ - ITS#4966: Delete of valsort-controlled entries crashed slapd.
+ * Enable SLAPI support. (Closes: #390954)
+ * Re-enable use of the epoll system call since Debian no longer supports
+ 2.4 kernels. This means that the OpenLDAP packages will not work on
+ pre-2.6 kernels.
+ * Remove schema files that contain text from IETF RFCs from the upstream
+ source since that text is not DFSG-free. Instead, install stripped
+ versions of those schema files containing only the functional
+ interface specifications, a comment explaining why this is needed, and
+ a pointer to the relevant RFC. (Closes: #361846)
+ * Document the repackaging of the upstream source in debian/copyright.
+ * Update config.guess and config.sub during the build instead of in the
+ clean target and remove them in the clean target for a clean diff.
+ Build-depend on autotools-dev so that we can unconditionally copy over
+ the latest versions.
+ * Added commentary and upstream ITS numbers for several patches
+ applicable upstream.
+ * Use debian/compat rather than the deprecated DH_COMPAT rules setting.
+ * Update to debhelper compatibility level V5 (no changes required).
+
+ -- Russ Allbery <rra at debian.org> Wed, 30 May 2007 22:42:28 -0700
+
+openldap2.3 (2.3.30-5) unstable; urgency=low
+
+ [ Steve Langasek ]
+ * Add Portuguese debconf translation; thanks to Tiago Fernandes.
+ Closes: #409632.
+ * Re-add .la files to the slapd package, for greater compatibility
+ with upstream documentation.
+
+ [ Russ Allbery ]
+ * When starting slapd, create a symlink from /var/run/ldapi to
+ /var/run/slapd/ldapi for compatibility with 2.1 client libraries.
+ Closes: #385809.
+ * Apply upstream patch to prevent a race condition in slapd when
+ shutting down connections.
+ * Update the Brazilian Portuguese debconf translation; thanks to Felipe
+ Augusto van de Wiel.
+
+ -- Russ Allbery <rra at debian.org> Thu, 8 Mar 2007 18:21:02 -0800
+
+openldap2.3 (2.3.30-4) unstable; urgency=low
+
+ * Ok, argh, it helps to check that the function being re-added to the
+ preinst hasn't been removed again from the common include. Re-add
+ break_on_ldbm_to_bdb_migration_disagree, because by all appearances
+ we /should/ be using this in the preinst. Closes: #411474.
+
+ -- Steve Langasek <vorlon at debian.org> Mon, 19 Feb 2007 03:55:22 -0800
+
+openldap2.3 (2.3.30-3) unstable; urgency=medium
+
+ [ Matthijs Mohlmann ]
+ * Added spanish translation. (Closes: #404250)
+ * Documentation updates backported from upstream.
+ * Fix a security bug in kerberos kbind code. (Only used when enabling with
+ --enable-kbind option) But better safe then sorry.
+ * Backported a mem leak fix on failed binds.
+ * Added patch from upstream that fixes a memory leak in ACLs that use sets.
+
+ [ Steve Langasek ]
+ * *Really* abort in preinst if the user doesn't accept the upgrade
+ from ldbm to bdb. Closes: #392747.
+ * Set the name of debian/slapd.NEWS right so that it gets
+ installed in the binary package. Closes: #409923.
+ * Add Russian debconf translation; thanks to Yuri Kozlov.
+ Closes: #405706.
+ * Add Galician debconf translation; thanks to Jacobo Tarrio.
+ Closes: #407267.
+
+ -- Steve Langasek <vorlon at debian.org> Sun, 18 Feb 2007 16:47:16 -0800
+
+openldap2.3 (2.3.30-2) unstable; urgency=low
+
+ * Make sure that the pidfile directory doesn't exist in the init script.
+ (Closes: #402705)
+
+ -- Matthijs Mohlmann <matthijs at cacholong.nl> Tue, 12 Dec 2006 21:34:44 +0100
+
+openldap2.3 (2.3.30-1) unstable; urgency=low
+
+ * New upstream release.
+ - Fixed authzTo/authzFrom URL matching.
+ - Fixed syncrepl consumer memory leaks.
+ - Fixed slapd-hdb livelock.
+ - Fixed slapo-ppolicy external quality check.
+ - Fixed ldapsearch(1) man page acknowledgement.
+ * Added patch to make sure that the pidfile directory exists.
+ (Closes: #390337)
+ * Do not ask the question allow ldap v2 logins when user wants manual
+ configuration. (Closes: #401003)
+ * Add patch to look also in /etc/ldap/sasl2 for sasl configuration.
+ (Closes: #398657)
+ * Removed db4.2-util recommend, the slapd binary includes checking code to
+ fix DB errors.
+ * Updated README in schema directory. It doesn't list collective.schema
+ anymore. (Closes: #287358)
+ * Updated manpages to point to right paths. (Closes: #398790)
+
+ -- Matthijs Mohlmann <matthijs at cacholong.nl> Sat, 9 Dec 2006 20:50:58 +0100
+
+openldap2.3 (2.3.29-1) unstable; urgency=medium
+
+ [ Matthijs Mohlmann ]
+ * New upstream release.
+ - Fixes Denial of Service through a certain combination of LDAP BIND
+ requests (CVE-2006-5779) (Closes: #397673)
+ * LSB section added to the init script.
+ * Updated README.Debian about running as non-root user (Closes: #389369)
+ * Updated de translation (Closes: #396096)
+ * Added some documentation / warning when running slapindex as root.
+ * Remove drafts and rfc from the tarball. (Closes: #393404)
+
+ -- Matthijs Mohlmann <matthijs at cacholong.nl> Sat, 11 Nov 2006 11:24:42 +0100
+
+openldap2.3 (2.3.27-1) unstable; urgency=low
+
+ [ Matthijs Mohlmann ]
+ * New upstream release.
+ * pidfile location is changed 3 years ago, when people are upgrading from
+ back then they have a broken slapd because the openldap user is not able
+ to write to /var/run. (Closes: #380687)
+ * Patches by Quanah Gibson-Mount <quanah at stanford.edu>
+ - Fix one time memleak on startup in the accesslog db.
+ * Changed priority of libldap-2.3-0 to optional as it is only used by slapd.
+
+ [ Torsten Landschoff ]
+ * Remove RFC documents as they do not meet the DFSG.
+ + debian/rules: Check that the RFCs are gone to make sure it does not
+ get included again by accident.
+
+ -- Matthijs Mohlmann <matthijs at cacholong.nl> Sat, 2 Sep 2006 00:33:44 +0200
+
+openldap2.3 (2.3.25-1) unstable; urgency=low
+
+ [ Matthijs Mohlmann ]
+ * New upstream release:
+ - Accepts 'require none' in slapd.conf (closes: #370023).
+ - Added patch to fix a bold issue in the manpage ldapsearch. Thanks to
+ Matt Kraai. (Closes: #355670)
+ * Added commented out rootdn parameter in slapd.conf. (Closes: #303245)
+ * Make the scripts output a bit more consistent.
+ * Fix a regression in the slapd packages. Data directory is /var/lib/ldap
+ and not /var/openldap-data, also adjust the manpages to reflect these
+ change. Thanks to Peter Marschall. (Closes: #368891)
+ * Removed script move_files, dh_install is used instead. (Closes: #368896)
+ * Dutch translation already updated. Closes: #375101)
+ * Documented that slapd is compiled with TCP wrappers (Closes: #351428)
+ * dpkg-reconfigure slapd now just reinstalls slapd and moves old databases
+ to /var/backups. Already done in previous version (Closes: #230366, #208056)
+
+ [ Torsten Landschoff ]
+ * debian/libldap-2.3-0.install: Ignore version information when installing
+ libraries. This way it does not need updating for each new upstream
+ release.
+
+ -- Matthijs Mohlmann <matthijs at cacholong.nl> Wed, 26 Jul 2006 18:05:40 +0200
+
+openldap2.3 (2.3.24-2) unstable; urgency=low
+
+ * Switch slapd from running as root to running as user.
+ (Closes: #292845, #261696)
+ * Changing configuration in slapd.conf by the postinst will now also follow
+ includes. (Closes: #304488)
+ * Patches by Quanah Gibson-Mount <quanah at stanford.edu>
+ - fix a lock bug with a virtual root entry in the BDB backend.
+ - fix boolean logic in the overlays.
+ - fix that slurpd can use ldaps.
+ - fix initialization of auditdb.
+ - fix TLS concurrency issues.
+ - fix exop password change that didn't reset pwdMustChange.
+ - fix syncrepl that fails when no rootdn is defined.
+ * Add dependency on adduser.
+ * Specify the PATH variable in the init script. (Closes: #367981)
+ * Added patch to read config before dropping privileges.
+ * epoll(4) system call is missing on kernels <2.6, this causes slapd to
+ not work on 2.4 kernels. Added patch that remove the #define in
+ portable.in (Closes: #369352, #372194, #373233)
+ * In 2.3.24 slapd won't segfault if the moduleload directive appears
+ somewhere else. (Closes: #349011)
+ * Removed fileutils dependency, it's superseeded in Sarge already.
+ (Closes: #370013)
+ * Use find in combination with mv to move an old directory away.
+ (Closes: #306435)
+ * Updated Dutch debconf translation (Closes: #365172)
+ * Added an example backup script that can be put into cron (Closes: #319477)
+ * Make the db directories 0700. On new installations this is the default.
+ (Closes: #354450)
+ * Get rid of a '.' in front of a domain. (Closes: #318143)
+ * Added shadowLastChange to the ACL in the default slapd.conf
+ (Closes: #370550)
+ * Updated Japanese translation (Closes: #378565)
+
+ -- Matthijs Mohlmann <matthijs at cacholong.nl> Mon, 17 Jul 2006 18:22:45 +0200
+
+openldap2.3 (2.3.24-1) unstable; urgency=low
+
+ [ Matthijs Mohlmann ]
+ * New upstream version. (Closes: #369544)
+ * Update patch slurpd-in-spool. (Closes: #368586, #368709, #368889)
+ * Added slapi-errorlog-file to be into /var/log (Closes: #368895)
+ * Removed patch configure.in-fix, incorporated upstream.
+ * Move debian/configure.options.new to debian/configure.options.
+ * Added patch to put ldapi socket in /var/run/slapd.
+ * Removed bdb recovery from the init.d script. This was introduced to fix
+ bug #255276. Now that slapd has the ability to check and recover from bdb
+ failures, this function is not needed anymore. (Closes: #369484, #369093)
+ * Updated the lintian overrides.
+
+ [ Torsten Landschoff ]
+ * Include man pages for accesslog and auditlog overlays, patch by
+ Peter Marschall (closes: #368888).
+
+ -- Matthijs Mohlmann <matthijs at cacholong.nl> Thu, 1 Jun 2006 08:16:02 +0200
+
+openldap2.3 (2.3.23-1) unstable; urgency=low
+
+ [ Matthijs Mohlmann ]
+ * New upstream release. (Closes: #308906, #310282, #353877, #335618, #315158)
+ (Closes: #310282, #319155)
+ * OpenLDAP checks database before starting up.
+ (Closes: #190165, #195079, #294701, #308416)
+ * move_old_database_away isn't called in a while loop anymore (which would
+ kill debconf interaction) (Closes: #299100)
+ * BDB_CONFIG file will be installed on new installations (Closes: #301292)
+ * Move to dh_install.
+ * Move to quilt patch system.
+ * Fix manpage.
+ * Make ldiftopasswd and fix_ldif executable. (fixes lintian warnings)
+ * Wipe passwords after we created the initial configuration.
+ * The config scripts is runned twice, this causes the password in
+ slapd/internal/adminpw to be empty. This fixes the issue with having an
+ empty password in the ldap database. (Closes: #343113, #347725)
+ * Added #DEBHELPER# token to fix a lintian warning.
+ * bdb has changed between major versions, so dump the database and import it
+ again for versions before 2.3.19.
+ * Remove comments from debian/control (The out commented control information
+ is actually in debian/control.dev)
+ * Enable all backends and overlays with: --enable-backends=mod and
+ --enable-overlays=mod
+ * Add | debconf-2.0 to unblock cdebconf transition (Closes: #332053)
+ * Added Danish debconf translation (Closes: #353897)
+ * Updated French debconf translation (Closes: #320739)
+ * Updated Vietnamese debconf translation (Closes: #319706)
+ * Updated Czech debconf translation (Closes: #356554)
+ * Encode the organization to utf8 (Closes: #236097)
+ * Disabled the LDBM backend. Break in preinstallation if user doesn't want
+ to migrate to BDB backend.
+ * Removed choice for LDBM backend from slapd templates. And some explanation
+ in that question about the LDBM backend.
+ * Add sizelimit and tool-threads and some documentation to slapd.conf
+ (Closes: #327808)
+ * slapd.scripts-common had two functions with the same name.
+ * Don't return a error message if hostname fails.
+ * Backup the config only once on upgrade.
+ * For new installations do not install a DB_CONFIG file but use the
+ slapd.conf as file for BDB/HDB configuration parameters. See: slapd-bdb(5)
+ * Added various "exit 0" to the installation scripts.
+ * Add configure.in patch to fix C comparison what should be bash (ITS#4416)
+ * Raise debconf configuration level from low to medium for
+ slapd/no_configuration.
+ * Updated Standards-Version to 3.7.2.0
+ * Added build-dependency on perl which is used in the debian/rules file.
+ Considered by lintian.
+ * Added lintian override for too-long-extended-description-in-templates, it
+ is an explanation about the backends.
+
+ [ Steve Langasek ]
+ * debian/slapd.templates: Fix typo durin -> during; re-run
+ debconf-updatepo, fixing up the fuzzies (closes: #319596).
+
+ [ Torsten Landschoff ]
+ * debian/slapd.scripts-common: Rename backend_supported to
+ upgrade_supported_from_backend for more clarity.
+
+ -- Matthijs Mohlmann <matthijs at cacholong.nl> Sat, 13 May 2006 00:28:11 +0200
+
+openldap2.2 (2.2.26-4) unstable; urgency=low
+
+ * [l10n] Vietnamese translations by Clytie Siddall (closes: #316623).
+ * debian/slapd.templates: Fix typos occured -> occurred (closes: #316624).
+ * libraries/libldap/url.c: Apply patch from upstream CVS to fix URI
+ parsing (closes: #317100).
+
+ -- Torsten Landschoff <torsten at debian.org> Tue, 19 Jul 2005 20:52:17 +0200
+
+openldap2.2 (2.2.26-3) unstable; urgency=low
+
+ * [SECURITY] Applied the patch available at
+ http://bugzilla.padl.com/show_bug.cgi?id=210
+ to force libldap to really use TLS when requested in /etc/ldap/ldap.conf
+ (cf. CAN-2005-2069). Clients still will use libldap2 from openldap2
+ source package so this is only to prepare unleashing the libraries of
+ OpenLDAP 2.2 for unstable...
+
+ -- Torsten Landschoff <torsten at debian.org> Sun, 3 Jul 2005 10:41:37 +0200
+
+openldap2.2 (2.2.26-2) unstable; urgency=low
+
+ * Assembled changes from patches supplied by Peter Marschall (thanks,
+ Peter):
+ | debian/move_files: Move slapd and slurpd to /usr/sbin and adjust symlinks
+ (closes: #316354).
+ + debian/slapd.links: Remove symlinks from /usr/sbin to /usr/lib.
+ | debian/rules: Don't install cron jobs needed for GnuTLS as long as we are
+ using OpenSSL.
+ | debian/control: Remove build-dependencies needed for GnuTLS
+ (closes: #316355).
+ + Require libsasl >= 2.1.18 as recommended by OpenLDAP project.
+ | Update quicktool patch from Quanah Gibson-Mount (closes: #316361).
+ | debian/slapd.init: Use /bin/sh as shell when running db_recover
+ (closes: #316350).
+ | debian/configure.options: Enabled dynlist and proxycache overlays
+ (closes: #316351).
+
+ * debian/po/de.po: Apply typo correction patch (closes: #313809).
+ * debian/po/fr.po: Apply updates by Christian Perrier (closes: #315122).
+
+ -- Torsten Landschoff <torsten at debian.org> Fri, 1 Jul 2005 12:53:18 +0200
+
+openldap2.2 (2.2.26-1) unstable; urgency=low
+
+ * New upstream release.
+ * debian/slapd.init: Run db_recover as the user configured for slapd
+ (closes: #311331).
+ * debian/po/cs.po: Add Czech translation by Miroslav Kure (closes: #312064).
+ * Run debconf-updatepo, oh my :(
+ * Update configure via libtoolize -cf; aclocal-1.4; autoconf2.50.
+ * configure.in: Try to fix memcmp check (probably does not work anymore, but
+ we should have a working memcmp on all Debian systems anyway).
+ * debian/rules: Remove config.{sub,guess} before installing new versions
+ (just in case there were symlinks for them...).
+
+ -- Torsten Landschoff <torsten at debian.org> Tue, 21 Jun 2005 12:06:40 +0200
+
+openldap2.2 (2.2.23-8) unstable; urgency=low
+
+ * debian/DB_CONFIG: Fixed the log cache configuration (used the wrong
+ command so there was about no effect).
+
+ -- Torsten Landschoff <torsten at debian.org> Mon, 30 May 2005 08:48:10 +0200
+
+openldap2.2 (2.2.23-7) unstable; urgency=low
+
+ * debian/slapd.scripts-common: Install the default DB_CONFIG for each
+ database loaded from LDIF which didn't have a DB_CONFIG before.
+ * (automatic) Updated config.sub and config.guess from autotools-dev.
+
+ -- Torsten Landschoff <torsten at debian.org> Mon, 30 May 2005 08:08:37 +0200
+
+openldap2.2 (2.2.23-6) unstable; urgency=low
+
+ Torsten Landschoff <torsten at debian.org>:
+ * debian/po/ja.po: Merge updates from Kenshi Muto (closes: #303505).
+ * debian/po/fr.po: Merge updates from Christian Perrier (closes: #306229).
+ * debian/slapd.scripts-common: If the user enters the empty value for
+ the database dumping directory use the default value. Seems like the
+ readline interface does not care about the default value
+ (closes: #308234).
+ * debian/slapd.postinst: Make sure the debhelper commands are executed
+ in all cases (closes: #310422).
+ * Merged suggested changes by Eugene Konev to automatically run
+ db_recover before starting slapd (closes: #255276).
+ + debian/slapd.init: Run db_recover if enabled and available and no
+ slapd process running.
+ + debian/slapd.default: Add configuration option to disable it.
+ * Applied and improved patch by Matthijs Mohlmann to support migration
+ from ldbm to bdb backend.
+ + debian/slapd.config: Ask if migration is wanted.
+ + debian/slapd.postinst: Update configuration from ldbm to bdb if yes.
+ + debian/slapd.scripts-common: Implemented some parts in their own
+ functions.
+ * Add a README.DB_CONFIG.gz and reference it where referring to BDB
+ configuration.
+ * Update default DB_CONFIG with some senseful values.
+
+ Steve Langasek <vorlon at debian.org>:
+ * libraries/libldap_r/Makefile.in: make sure the ximian-connector ntlm
+ patch is applied to libldap_r, not just to libldap
+ * debian/move_files: make libldap a symlink to libldap_r, as carrying
+ two versions of this library around is more trouble than it's worth,
+ and can cause glorious segfaults down the line
+
+ -- Torsten Landschoff <torsten at debian.org> Mon, 30 May 2005 08:07:49 +0200
+
+openldap2.2 (2.2.23-5) unstable; urgency=low
+
+ Torsten Landschoff <torsten at debian.org>:
+ * debian/lintian-overrides: Add. Contains lintian warnings/errors to
+ override for each package (plus comments).
+ + debian/move_files: Automatically install applying overrides into
+ each package.
+
+ Steve Langasek <vorlon at debian.org>:
+ * configure.in: reinstate the remainder of the fix for 195990 from
+ 2.1.22-2: give preference to -lpthread over -pthread in configure.in,
+ because some archs (mipsel, at least) don't like -pthread.
+
+ -- Steve Langasek <vorlon at debian.org> Sun, 24 Apr 2005 05:01:02 -0700
+
+openldap2.2 (2.2.23-4) unstable; urgency=low
+
+ Torsten Landschoff <torsten at debian.org>:
+ * debian/control: Make the requirement for debconf a pre-dependency as
+ we are using it from the maintainer scripts.
+ * debian/slapd.preinst: Always use debconf (don't check for availability).
+ * debian/slapd.scripts-common: Remove the alert_user function which
+ was there to output an error message in case debconf is not available.
+
+ Steve Langasek <vorlon at debian.org>:
+ * debian/fix_ldif: Add code to fix up oddly formatted integer attribs;
+ limited use because it only fixes those attributes that we have
+ prior knowledge of (i.e., those in the default schemas we ship), but
+ it's something at least. Closes: #302629.
+ * debian/fix_ldif: Also change fix_ldif to not chew up everything that
+ has a # in the line: treat lines beginning with # as comments, but #
+ is a valid character in an attribute value.
+ * debian/rules: Fix the check for missing lib symbols to use
+ LD_LIBRARY_PATH, so the package builds on systems that don't already
+ have libldap-2.2-7 installed. Closes: #305785.
+ * debian/po/ja.po: Use the partial translation provided by Kenshi Muto.
+
+ Stephen Frost <sfrost at debian.org>:
+ * debian/slapd.scripts-common: Make sure - ends up at the end of the
+ bracket expression given to grep so it's not treated as a range
+ (closes: #302743).
+
+ -- Steve Langasek <vorlon at debian.org> Sat, 23 Apr 2005 22:01:20 -0700
+
+openldap2.2 (2.2.23-3) unstable; urgency=low
+
+ Steve Langasek <vorlon at debian.org>
+ * libraries/libldap_r/Makefile.in: Code that uses pthreads *must* be
+ linked with -pthread, even if it's a library; without this, the
+ libldap_r library ends up with dangling unversioned reference to
+ pthread_create() which gets resolved to a wrong version that causes
+ segfaults on 64-bit platforms. Closes: #304549.
+ * debian/rules: error out on build if an installed library has
+ undefined symbols; future-proofing against a repeat of #304549.
+ * debian/slapd.postinst: don't dump and reload directories unless we
+ know we're upgrading from an incompatible version! Closes: #304840.
+ * debian/slapd.scripts-common: don't use merge_logical_lines for
+ functions that will be writing back to the config; the code is not
+ as pretty now, but the output is much less ugly. Closes: #303243.
+ * debian/slapd.examples, debian/slapd.scripts-common,
+ debian/slapd.links, debian/move_files: install DB_CONFIG in
+ /usr/share/slapd/ instead of /usr/share/doc/slapd/examples/; this
+ simplifies the code, and ensures users who don't install
+ /usr/share/doc aren't penalized. Create links for the DB_CONFIG and
+ slapd.confg templates to /usr/share/doc/slapd/examples, since these
+ are worthwhile examples as well.
+ * Updated maintainer scripts to keep DB_CONFIG for LDAP databases over
+ upgrades (closes: #265860).
+ * Move slappasswd to the slapd package, since it's now a symlink and
+ isn't actually useful without the slapd binary (closes: #304339).
+
+ -- Torsten Landschoff <torsten at debian.org> Thu, 21 Apr 2005 01:29:57 +0200
+
+openldap2.2 (2.2.23-2) unstable; urgency=low
+
+ * debian/configure.options: Change localstatedir to /var from /var/run
+ as the current upstream version adds /run to that during runtime for
+ slapi sockets etc. Problem: The database location is specified relative
+ to localstatedir/openldap-data. Another thing to fix...
+ (closes: #298271, #304491).
+ * debian/slapd.scripts-common (load_databases): Reimplement automatic
+ fixing of LDIF data via the fix_ldif script. Only tried if an
+ initial slapadd using the original LDIF data fails. With this change
+ upgrading from woody for some simple cases does work again.
+ * Disabled the version check for Berkeley DB in upstream code. Any
+ libdb4.2 package should work but of course using the latest will give
+ you the best results (closes: #300851).
+ * debian/slapd.scripts-common (import_database): Removed, no longer used.
+ * debian/slapd.scripts-common: Store the diagnostic output from
+ slapadd and output it before aborting if the command failed.
+ * debian/po/fr.po: Use the translations provided by Christian Perrier
+ (closes: #304141).
+ * debian/slapd.scripts-common: Use the -q option during slapadd to
+ improve performance.
+ * debian/slapd.templates (slapd/dump_database_destdir): Apply rewording
+ changes from Thomas Prokosch. Gives the user more information about
+ the usage of that directory.
+ + Run debconf-updatepo to update the translation templates.
+ * debian/slapd.templates: Clean up the debconf templates of the slapd
+ packages by merging the changes suggested by Christian Perrier
+ (closes: #302829). Thanks, Christian!
+ + Changed the wording of some of the templates.
+ + Adapt to the DTSG (Debconf Templates Style Guide).
+ + Removed item slapd/admin which is not used anymore.
+ + Run debconf-updatepo and send new fr.po to Christian Perrier.
+ * debian/slapd.postinst: Make a backup copy of slapd.conf before changing
+ anything (closes: #304485).
+ * Trivial improvements:
+ + Don't ask to move contents of /var/lib/ldap if it does not even
+ exist (but also is not an empty directory...) in initial config.
+ + Move check for current installation status out of configure_dumping.
+
+ -- Torsten Landschoff <torsten at debian.org> Thu, 14 Apr 2005 19:57:11 +0200
+
+openldap2.2 (2.2.23-1) unstable; urgency=low
+
+ * debian/slapd.scripts-common: Move all shell functions of the maintainer
+ scripts here to have it all in one place.
+ * Another pass over the maintainer scripts to remove cruft and tidy up
+ the code a bit. Fixed some bugs on the way.
+ * Test upgrade and installation revealed some bugs, mostly typos:
+ + return in shell actually is "return $?", not "return 0" as I though
+ + Referenced $src where $srcdir was meant.
+ + Only load old directories on upgrade and not during initial
+ installation.
+
+ -- Torsten Landschoff <torsten at debian.org> Fri, 1 Apr 2005 18:50:21 +0200
+
+openldap2.2 (2.2.23-0.pre6) experimental; urgency=low
+
+ Torsten Landschoff <torsten at debian.org>:
+ * debian/slapd.postinst: Add a testing interface to test the helper
+ functions.
+ * debian/slapd.postinst: Make sure that debconf actually displays the
+ error message even if the user has already seen it before.
+ * debian/slapd.postinst (compute_backup_path): Make function more robust
+ in case we don't know the old version or the suffix of the database.
+ Converted the backup dir to a more simple scheme which should be save
+ against accidental overwriting.
+ * Rewrote part of the maintainer scripts for correct handling of
+ directory dumps in preinst. New debconf questions etc.
+ * Move the manpage of slappasswd to ldap-utils where slappasswd itself
+ is included (closes: #300212).
+ + debian/control: Add Replaces: slapd << 2.2.23-0.pre6 to ldap-utils.
+ + debian/move_files: Move slappasswd manpage into ldap-utils.
+ * debian/slapd.config: Don't fail if hostname is unset (pulled from
+ Ubuntu, thanks to Jeff Bailey).
+ * Applied patch by Quanah Gibson-Mount (directory administrator of Stanford)
+ to add -q option to some tools for quick operation without updating
+ logs. This is mostly for importing directories from LDIF backups.
+ * Go back to libdb4.2 as OpenLDAP is known to have problems with BDB 4.3.
+ + debian/control: Update dependencies for BDB 4.2.
+ + debian/slapd.scripts-common: Mark all databases before this version
+ as incompatible.
+ * Fix some bashisms in maintainer scripts.
+ * debian/slapd.postinst: Include the version of the backup in the
+ backup of a database directory.
+
+ Carlo Contavalli <ccontavalli at debian.org>:
+ * debian/slapd.init: Print command line if starting a daemon failed.
+ * debian/slapd.postinst: Handle hdb backend just as if it was bdb.
+ * debian/README.Debian: Add some notes about DB_CONFIG and how to run
+ slapd under a different uid/gid.
+ * Install an example DB_CONFIG file during initial configuration
+ + slapd.postinst: Add a function to implement this and hook it into
+ create_new_configuration.
+ + debian/DB_CONFIG: Example DB_CONFIG that is installed.
+ + debian/slapd.examples: Mark DB_CONFIG as an example.
+ * servers/slapd/daemon.c: Actually change the permissions of the
+ unix socket if requested using an ldapi url with x-mod.
+ * debian/slapd.scripts-common: change privileges of upgraded databases
+ as indicated by SLAPD_USER and SLAPD_GROUP variables.
+ * debian/slapd.scripts-common,slapd.postinst: corrected some minor
+ typos.
+
+ -- Torsten Landschoff <torsten at debian.org> Fri, 1 Apr 2005 12:26:35 +0200
+
+openldap2.2 (2.2.23-0.pre5) experimental; urgency=low
+
+ * Apply NTLM patch from ximian-connector source package.
+ * debian/slapd.postinst: Fix small typo leading to upgrade failures.
+ Added some notes while wading through maintainer scripts.
+ * debian/slapd.postinst: Make slapadd more noisy, writing the new
+ directory to stderr if something goes wrong (should help for
+ bug #236097).
+ * Make slapd.init idempotent by adding --oknodo to start-stop-daemon
+ invocations (closes: #298741). Kudos to Bill Allombert for this
+ patch.
+ * slapd.postinst: Try to fix slapd.conf for syntactic and semantic changes
+ introduced upstream into 2.2.x.
+ * slapd.scripts-common: Make sure directories before 2.2.23 are dumped
+ and reloaded on upgrade.
+
+ -- Torsten Landschoff <torsten at debian.org> Fri, 11 Mar 2005 18:54:57 +0100
+
+openldap2.2 (2.2.23-0.pre4) experimental; urgency=low
+
+ * Rename libldap2.2 to libldap-2.2-7 to match soname. Updated
+ debian/{control,rules,...}.
+ * Checked the usage of the ucdata files shipped with libldap2 before.
+ Actually they stem from liblunicode which is only linked to slapd.
+ Therefore those files are shipped with slapd now. This change is
+ relevant so that multiple libldap-2.2-x packages can coexist later.
+ * debian/control: Updated for slapd replacing files from libldap2.
+ * debian/control: Recommend db4.3-util instead of db4.2-util as we are
+ using the former version now for slapd.
+ * debian/control: Add Build-Depends for libperl-dev, this time for
+ real. I wonder what went wrong last time as it built correctly with
+ pdebuild (closes: #297123).
+
+ -- Torsten Landschoff <torsten at debian.org> Mon, 28 Feb 2005 15:17:52 +0100
+
+openldap2.2 (2.2.23-0.pre3) experimental; urgency=low
+
+ * debian/slapd.prerm: Reformat and fix double stopping of slapd. Find
+ out which bug we are working around and document it.
+ * debian/configure.options: Enable ACI support (closes: #101602).
+ Looked through the source code and it seems to be properly
+ insulated to not make a difference when not used.
+ * .../Makefile.in: Remove -s option from install invocations and let
+ dh_strip handle stripping binaries (closes: #264448).
+ * debian/slapd.postinst: Code cleanup and reading, unused and duplicate
+ code removed. Main body still needs fixing.
+ * debian/slapd.postinst: Fixed chmod --reference calls to keep the
+ permissions of slapd.conf. Putting data into the file using shell
+ redirection recreates the file with default umask and owner, killing
+ the permissions we applied using chod --reference after creating the
+ file. Instead we change the permissions directly before renaming the
+ file now. Wrapped it into a function and update the owner as well.
+ How do we do this correctly for ACLs etc.!? Thanks to Carlo Contavalli
+ for pointing this out.
+ * servers/slapd/main.c: Log a warning if writing the pidfile or writing
+ the arguments file fails (closes: #261696).
+ * debian/control: Add missing build dependency for perl development
+ library (closes: #297123).
+
+ -- Torsten Landschoff <torsten at debian.org> Sun, 27 Feb 2005 17:44:03 +0100
+
+openldap2.2 (2.2.23-0.pre2) experimental; urgency=low
+
+ * servers/slurpd/slurp.h: Relocate the default spool directory to
+ /var/spool/slurpd again.
+ * Merged some changes done by Fabio M. Di Nitto for the ubuntu
+ distribution (thanks, Fabio!):
+ + debian/slapd.{postinst,conf}: Checkpoint BDB databases every 512kb
+ or 30 minutes by default.
+ + debian/slapd.scripts-common: Make is_empty_dir less noisy on first
+ install (cosmetic).
+ * Applied some changes suggested by Ondrej Sury:
+ + debian/rules: Add MAKEVARS variable and set datadir =
+ /usr/share/libldap2.2/ucdata instead of changing build/top.mk as
+ suggested.
+ + debian/move_files: Install /usr/share/libldap2.2 into libldap2.2
+ and remove duplicate ldap.conf manpage.
+ + debian/control: Let libldap2.2 dependon libldap2 for config files.
+ * Also in Ondrej's patch:
+ + doc/man/man8/slapd.8: Refer to slapd.conf instead of ldap.h for
+ loglevel documentation. Changed by ubuntu? I don't know...
+ * debian/slapd.README.Debian: Update TLS/SSL information.
+
+ -- Torsten Landschoff <torsten at debian.org> Fri, 25 Feb 2005 14:44:59 +0100
+
+openldap2.2 (2.2.23-0.pre1) experimental; urgency=low
+
+ * Merge new upstream release 2.2.23.
+ * Change name of source package to openldap2.2.
+ * configure.in: Fix AC_LIBOBJ for configure2.50.
+ * Run libtoolize, aclocal-1.4 and autoconf2.50 to get a working
+ configure script.
+ * debian/slapd.init: Output failure reasons using "$failure" so that
+ no glob substitution is done. Had a hard time grokking why slapd
+ would mention the contents of the current directory in its error
+ message...
+ * debian/rules: Disable building -dev packages as we don't want
+ other packages to link against the new libraries before sarge.
+ Remove the binary-indep target from the binary dependends list.
+ * debian/control: Move packages that are no longer build into control-dev.
+ * debian/configure.options: Build against OpenSSL with --with-tls
+ (this can only be done for slapd itself, we need GnuTLS support
+ before enabling this for libldap2.2-dev).
+ * debian/control: Update build dependencies for libdb4.3 and OpenSSL.
+
+ -- Torsten Landschoff <torsten at debian.org> Wed, 23 Feb 2005 19:29:38 +0100
+
+openldap2 (2.2.18-0.pre2) experimental; urgency=low
+
+ * debian/check_config: Make sasl2 check more robust against file
+ format changes in config.status.
+ * debian/libldap2.shlibs: Remove.
+ * Update configure script using libtoolize, aclocal-1.4 and autoconf2.50
+ to fix wrong shared library dependency in libldap2.2 (depended on
+ libldap2 by linking against the system's liblber).
+ * debian/libldap2.README.Debian: Move to libldap2.2.README.Debian.
+ * Lintian cleanup:
+ + Run debconf-updatepo for debian/rules clean and manually as
+ requested.
+ + Update config.guess and config.sub in debian/rules clean as well.
+ First update done.
+ + debian/rules (install): Fix the manpage section of the admin commands
+ from 8C to 8.
+ + debian/rules (binary-arch): Run dh_fixperms to fix the permissions
+ on shared libraries.
+
+ -- Torsten Landschoff <torsten at pulsar.galaxy> Thu, 13 Jan 2005 11:53:28 +0100
+
+openldap2 (2.2.18-0.pre1) experimental; urgency=low
+
+ * New upstream release.
+ * Disable TLS for now.
+ * debian/rules: Don't run autoheader and autoconf.
+ * debian/configure.options: Recreated and updated for new setup.
+ * debian/rules: Move slapd, slurpd from /usr/lib to /usr/sbin.
+ * Rename library packages to include the OpenLDAP version.
+ * Remove /etc/ldap/ldap*.conf from libldap2.2 to avoid clash with
+ libldap2. Also add Replaces entry for libldap2 to allow overwriting
+ for now. Needs fixing...
+ * Instead of moving slapd from /usr/lib to /usr/sbin create a symlink.
+ Seems like slapadd etc. are now all included in the slapd binary
+ and all link to its binary.
+ * debian/rules: Run dh_link for arch dependend packages.
+ * configure: Fix broken libdb checking which forced static building of
+ back-bdb.
+ * debian/slapd.conf: Fix access directive to use "attrs=" instead of
+ "attribute=" which wasn't officially supported anyway.
+
+ -- Torsten Landschoff <torsten at debian.org> Wed, 3 Nov 2004 09:57:14 +0100
+
+openldap2 (2.1.30-3) unstable; urgency=high
+
+ * Urgeny high since previous releases were hardly usable (at least
+ with TLS).
+ * Roland Bauerschmidt <rb at debian.org>
+ + libraries/libldap/gnutls.c, libraries/libldap/tls.c,
+ include/ldap_pvt_gnutls.h: Use callback with
+ gnutls_certificate_set_params_function to generate dh_params and
+ rsa_params (this is also the way, it's done with OpenSSL). We need
+ GNUTLS 1.0.9 for this. With the new version of libgcrypt, we also
+ need to initialize threading explicitly. The previous
+ segmentation faults resulted from the *global* param structure
+ being recreated and freed for every session. Many thanks to
+ Matthias Urlichs who helped debugging a lot and also packaged
+ GNUTLS 1.0.16 very quickly... Closes: #244827.
+ + debian/control: Add build dependency to libgcrypt11-dev (we're
+ initializing it directly now) and change libgnutls10-dev to
+ libgnutls11-dev.
+ + libraries/libldap/gnutls.c: in tls_gnutls_need_{dh,rsa}_params
+ (formerly ldap_gnutls_need_...), create temp files more securely,
+ doing unlink before opening and opening them with O_EXCL. This is
+ necessary because under Linux 2.6 all threads have the same PID.
+ Thanks to Andrew Suffield for pointing this out.
+ + debian/slapd.cron.daily: cron job to remove GNUTLS rsa_export and
+ dh param cache files every day.
+ + debian/slapd.README.Debian: add note that we use GNUTLS rather
+ than OpenSSL.
+
+ -- Roland Bauerschmidt <rb at debian.org> Mon, 26 Jul 2004 18:41:23 +0200
+
+openldap2 (2.1.30-2) unstable; urgency=low
+
+ * Roland Bauerschmidt <rb at debian.org>
+ + debian/slapd.scripts-common: add missing space before !
+ Closes: #251036, #253633, #257513.
+ * Torsten Landschoff <torsten at debian.org>
+ + Applied patch by Ralf Hack to support non-standard config file
+ location in /etc/default/slapd (closes: #229195).
+ + Applied patch to fix handling of abandoned commands
+ (closes: #254183). Thanks to Peter Marschall for submitting it.
+ + Applied patch to fix memory leak after search (closes: #254184).
+ Thanks again, Peter!
+ + Applied trivial patch to support logging to DAEMON facility
+ as well as LOCAL* (closes: #254186). Here you are, Peter ;)
+
+ -- Roland Bauerschmidt <rb at debian.org> Fri, 09 Jul 2004 15:56:06 +0200
+
+openldap2 (2.1.30-1) unstable; urgency=low
+
+ * Torsten Landschoff <torsten at debian.org>:
+ + debian/control: Have slapd conflict with libltdl3 version 1.5.4-1
+ as with that version loading of .so files is broken which breaks
+ slapd (closes: #249152).
+ + Applied patch to fix Perl backend (closes: #245347). Kudos
+ to Peter Marschall.
+ + debian/configure.options: Enable building of Perl backend.
+
+ * Roland Bauerschmidt <rb at debian.org>
+ + debian/slapd.templates: replace 'domain' with 'DNS domain name'
+ which is little more specific
+ + debian/slapd.config: check if the domain has a valid syntax to
+ prevent slapadd from failing. Closes: #235749.
+ + New upstream version with fix for NS-MTA-MD5 hash length
+ checking. Closes: #226583.
+
+ -- Torsten Landschoff <torsten at debian.org> Mon, 24 May 2004 23:33:21 +0200
+
+openldap2 (2.1.29-2) unstable; urgency=low
+
+ * Roland Bauerschmidt <rb at debian.org>
+ + debian/rules: Revert change to install ldapadd as symlink.
+ Somehow, with that change, ldapadd didn't get installed at all.
+ Closes: #243537.
+
+ -- Roland Bauerschmidt <rb at debian.org> Tue, 13 Apr 2004 19:49:55 +0200
+
+openldap2 (2.1.29-1) unstable; urgency=low
+
+ * Stephen Frost <sfrost at debian.org>
+ + libraries/gnutls.c: Generate and store RSA/DH parameters,
+ based off a patch by Petr Vandrovec (though changed alot).
+ Closes: #234639, #234593
+
+ * Roland Bauerschmidt <rb at debian.org>
+ + Merged new upstream release.
+ + debian/slapd.prerm: add #DEBHELPER# token.
+ + debian/control: have slapd depend on debconf (>= 0.5) to ensure
+ it supports the seen flag.
+ + debian/rules: ldapadd is installed as a hardlink to ldapmodify;
+ use a symlink instead.
+ + debian/slapd.{scripts-common,postinst,preinst,config}: Add new
+ function read_slapd_conf that evaluates include statements.
+
+ -- Torsten Landschoff <torsten at debian.org> Mon, 12 Apr 2004 15:27:55 +0200
+
+openldap2 (2.1.26-1) unstable; urgency=low
+
+ * Torsten Landschoff <torsten at debian.org>:
+ + Merged new upstream release.
+ + debian/slapd.templates (slapd/purge_database): Set default value to
+ false.
+ + debian/slapd.config (manual_configuration_wanted): Don't exit
+ from the script directly if the user wants to configure
+ slapd manually (exit 0 -> return 0).
+ + Build-depend on libgnutls10-dev instead of libgnutls7-dev and
+ rebuild (closes: #233833).
+ + Move previous content of /var/lib/ldap away during creation of
+ an initial directory (closes: #228886, #233512).
+ + debian/slapd.postrm: Remove flag files in /var/lib/slapd on purge.
+ + Removed functionality (verbose error messages) from gnutls.c until
+ it compiled with libgnutls10-dev :-((
+ + debian/slapd.postinst: Overwrite existing /etc/ldap/slapd.conf (only
+ reached during initial installation/dpkg-reconfigure).
+
+ -- Torsten Landschoff <torsten at debian.org> Mon, 23 Feb 2004 09:36:32 +0100
+
+openldap2 (2.1.25-1) unstable; urgency=low
+
+ * Roland Bauerschmidt <rb at debian.org>:
+ + New upstream version.
+ - Build against libdb4.2. Hopefully, this resolves the BDB
+ lock ups when configured improperly.
+ + debian/control: Have ldap-utils depend on the same version of
+ libldap2, and libldap2 conflict with ldap-utils (<= 2.1.23-1).
+ Closes: #216661.
+ + debian/slapd.{templates,config}: Check if there are slave
+ databases in slapd.conf lacking an updateref option, and warn
+ about it. Closes: #216797.
+ + debian/slapd.{templates,config,postinst,conf}: Ask which
+ database backend to use (BDB or LDBM).
+ + debian/slapd.README.Debian: cleanup
+ + servers/slapd/back-bdb/dbcache.c: Turn off subdatabases. This
+ is an incompatible database format change, but according to
+ Howard Chu "using them (subdatabases) is known to cause deadlocks
+ on multiprocessor machines, among other issues."
+ + debian/control: add Recommends: db4.2-util to slapd
+ + debian/control: add Recommends: libsasl2-modules to slapd and
+ ldap-utils. Closes: #224058.
+ + debian/slapd.{scripts-common,preinst,postinst}: Extended dump
+ and restore code to deal with different versions for different
+ backends.
+ + debian/control: Geez, centipede seems to have vanished a long
+ time ago. So don't claim it's included in the slapd package.
+ + debian/slapd.docs: created with servers/slapd/back-sql/
+ rdbms_depends. Closes: #225807.
+
+ * Torsten Landschoff <torsten at debian.org>:
+ + debian/move_files: Install slappasswd into ldap-utils instead
+ of slapd as it's useful without slapd as well (closes: #228705).
+ + debian/control: Make ldap-utils Replaces: slapd < 2.1.25 because
+ of that change.
+ + debian/control: Use libdb4.2-dev instead of libdb4.1-dev as a
+ number of problems seem to be related to DB 4.1.
+
+ -- Torsten Landschoff <torsten at debian.org> Fri, 6 Feb 2004 20:48:22 +0100
+
+openldap2 (2.1.23-1) unstable; urgency=low
+
+ * Roland Bauerschmidt <rb at debian.org>:
+ + New upstream version.
+ + Applied fix for admin password breakage from Michael Beattie
+ <mjb at debian.org>. Closes: #214270.
+ + Added Dutch Debconf template translation by cobaco at linux.be.
+ Closes: #215373.
+ + Bumped Standards-Version (no changes needed).
+
+ * Torsten Landschoff <torsten at debian.org>:
+ + debian/move_files: Install slappasswd into ldap-utils instead
+ of slapd (closes: #228705).
+
+ -- Roland Bauerschmidt <rb at debian.org> Sat, 18 Oct 2003 19:56:54 +0200
+
+openldap2 (2.1.22-3) unstable; urgency=low
+
+ * Call perl -w to run debian/dh_installscripts-common. Closes: #214054.
+
+ -- Roland Bauerschmidt <rb at debian.org> Sat, 4 Oct 2003 14:22:11 +0200
+
+openldap2 (2.1.22-2) unstable; urgency=high
+
+ * Stephen Frost <sfrost at debian.org>
+ + servers/slapd/daemon.c: Apply patch from head for select handling.
+ + debian/rules: Fix build options to optimize correctly and to use
+ DEB_BUILD_OPTIONS (Policy, 10.1). Closes: #202306
+ + debian/slapd.conf: Add in ACL for root DSE explicitly.
+ + debian/slapd.init: Add --oknodo in stop_slurpd. Closes: #202592
+ + debian/rules: Need quotes around $(CFLAGS) on configure line.
+ + debian/slapd.init: Remove \'s before quotes around pidfile.
+ + debian/slapd.init: Add support for -h slapd flag. Closes: #201991
+ + debian/slapd.default: Add variable $SLAPD_SERVICES for slapd -h.
+ + libraries/libldap/tls.c: Apply patch from asuffield in #202741 to
+ fix subjectAltName usage. Closes: #202741
+
+ * Torsten Landschoff <torsten at debian.org>:
+ + Fix invocation of "head" in maintainer scripts and replace usage of
+ [ foo -a bar ] by [ foo ] && [ bar ] (closes: #203292).
+ + debian/slapd.postrm: Small cleanup, only remove the directory, not
+ the backups, on purge.
+ + debian/rules: Don't run the upstream install target if we did not
+ rebuild the whole tree. Makes debugging maintainer script much more
+ tolerable.
+ + debian/slapd.config: Cleaned up and restructured for readability.
+ + debian/slapd.templates: Replaced the invalid_suffix template with
+ invalid_config which is more general and can be used for any
+ inconsistency in the initial configuration.
+ + debian/slapd.postinst: Rewritten to eliminate all that spaghetti.
+ Did not yet implement all old features again...
+ - Now the #DEBHELPER# part is always reached so that the daemon
+ will be restarted even if no automatic configuration is wanted
+ (closes: #204008).
+ + Fixed the undefined symbols in libldap_r.so.2 (closes: #195990).
+ | configure.in: Try -lpthread before -pthread to link the thread
+ library. libtool does not pass -pthread through, -lpthread seems
+ to work though.
+ | libraries/libldap_r/Makefile.in: Add $(LTHREAD_LIBS) to
+ UNIX_LINK_LIBS so that pthread is linked when creating a shared library
+ as well.
+
+ * Roland Bauerschmidt <rb at debian.org>:
+ + debian/configure.options: change --localstatedir=/var/lib to
+ --localstatedir=/var/run. Since localstatedir isn't used anywhere
+ in the code, except for the ldapi socket (and examples in the
+ manpages which are correct at the moment anyway), all this change
+ does should be changing the default location of the ldapi socket
+ from /var/lib/ldapi to /var/run/ldapi. Closes: #160965.
+ + libraries/libldap/tls.c: In get_ca_list, walk through CACERTDIR
+ manually if building against GNUTLS (since there is no equivalent
+ to SSL_add_dir_cert_subjects_to_stack). Closes: #205609.
+ + debian/slapd.preinst: create /var/backups/ldap/$oldver with
+ permissions 0700. Also change permissions for /var/backups/ldap
+ to 0700 if it already exists. Closes: #209019.
+ + Added Japanese translation of Debconf templates by Kenshi Muto
+ <kmuto at debian.org>. Closes: #210731.
+ + debian/slapd.{postinst,preinst,config}: Replaced duplicate
+ implementations of the same functions with one version and moved
+ those into debian/slapd.scripts-common which will be included by
+ debian/dh_installscripts-common.
+ + debian/slapd.preinst: before dumping the database, check if the
+ backend is supported
+ + debian/slapd.postinst:
+ - add -q to grep call for allow bind_v2
+ - readded pre-2.1 (woody) upgrade path (that is, dumping, fixing
+ and reimporting the database)
+
+ -- Roland Bauerschmidt <rb at debian.org> Fri, 3 Oct 2003 15:35:29 +0200
+
+openldap2 (2.1.22-1) unstable; urgency=low
+
+ * Stephen Frost <sfrost at debian.org>:
+ + New upstream version (minor changes).
+ + debian/control: Change build-deps to autoconf2.13, Closes: #201482
+ + debian/rules: Add dh_compress -i for binary-indep.
+ + debian/slapd.postinst: Give variable for read (avoids bashism).
+ + configure/.in: Use upstream's version of back-meta/back-ldap fix.
+
+ -- Stephen Frost <sfrost at debian.org> Wed, 16 Jul 2003 08:42:23 -0400
+
+openldap2 (2.1.21-2) unstable; urgency=low
+
+ * Stephen Frost <sfrost at debian.org>:
+ + debian/slapd.preinst: slapcat here if possible, if slapcat not
+ available then slapcat in postinst. Also remove old unused
+ function.
+ + debian/slapd.postinst: Check if slapcat in preinst worked and use
+ those results in preference. Also moved to using /var/backups/ldap.
+ + servers/slapd/daemon.c: Provide more information on socket/bind
+ failures. Patch submitted upstream. Closes: #94967.
+ + ./configure, ./configure.in: Fix check for back_ldap in back_meta.
+ back_ldap now included as module. back_ldap and back_meta appear
+ to load fine, though order may matter. Closes: #196995.
+ + debian/control: Add versioned Depends on perl, need recent version
+ for migration script.
+ + debian/slapd.{pre,post}inst: Allow for whitespace in postinst
+ before database definitions
+ + debian/control: Drop the libldap2-dev Depends that aren't actually
+ necessary.
+ + debian/slapd.preinst: Add create_sed_script to create the script to
+ deal with multi-line commands in slapd.conf. Modify things to use
+ sed script to preprocess slapd.conf before using it. Remove
+ support for whitespace preceeding commands.
+ + debian/slapd.postinst: Add create_sed_script here too and modify
+ everything to use it as necessary. Also change everything to
+ reference $SLAPD_CONF instead of /etc/ldap/slapd.conf everywhere.
+ Remove support for whitespace preceeding commands.
+ + debian/slapd.postinst: Removed all tabs. Changed all sed scripts
+ to used [:space:] instead of [space tab].
+ + debian/slapd.postinst: Removed debugging statements from ldap_v2
+ support handling code.
+ + debian/slapd.preinst: Changed to use mktemp for sed script.
+ + debian/slapd.postinst: Changed to use mktemp for sed script.
+ + debian/slapd.config: If no hostname set just use debian.org.
+ + contrib/ldapc++/config.{sub,guess}: Resync back to upstream, no
+ reason not to, we don't even build this stuff...
+ + debian/control: Change build-depends to libgnutls7-dev instead of
+ libssl-dev.
+ + debian/rules: Now run autoconf && autoheader to pick up on the
+ configure.in changes needed for GNU TLS.
+ + debian/copyright: Added Steve Langasek (SL) copyright statement.
+ + Patch from Steve Langasek for GNU TLS support, Closes: #198553
+ | include/ldap_pvt_gnutls.h: Added for GNU TLS
+ | configure.in: Now uses GNU TLS where available.
+ | servers/slapd/schema_init.c: Modified for GNU TLS- some functions
+ removed because GNU TLS layer does not support them yet.
+ | build/install-sh: Added for new autoconf.
+ | libraries/libldap/Makefile.in: Changed to compile GNU TLS portions.
+ | libraries/libldap/getdn.c: Stub function added, GNU TLS layer does
+ not support TLS certificates for authentication yet.
+ | libraries/libldap/tls.c: Now calls GNU TLS functions instead of
+ OpenSSL.
+ | libraries/libldap/gnutls.c: Added to support GNU TLS in place of
+ OpenSSL for TLS connections.
+ | libraries/libldap_r/Makefile.in: Changed to compile GNU TLS portions.
+ + debian/slapd.postinst: remove temp file if upgrading or doing a
+ reconfigure but the OLDSUFFIX and basedn match so that we do not
+ move an empty file overtop of slapd.conf. Closes: #190797.
+ + debian/slapd.init: Inform user when not starting slapd due to
+ no configuration file found. Deals with users who select to not
+ configure slapd during installation.
+ + debian/slapd.init: Removed cat <<-EOF and got rid of associated
+ tabs; best to not depend on tab vs. space distinction.
+ + debian/slapd.config: Change debconf question names to be fully
+ qualified in the $var from the for loop- organization is under
+ shared/ and domain is under slapd/, not both under slapd/.
+ + debian/slapd.postrm: Can not depend on debconf being around in
+ postrm so check before attempting to source it. Also protect
+ against failure from db_get.
+ + debian/slapd.postinst: Check for old directory and move it out
+ of the way if it exists on new configure or reconfigure.
+ + debian/slapd.postinst: Fix db_input's for error messages,
+ should be high priority and need to || true them.
+ + debian/slapd.postinst: Do not error exit once we've told the
+ user about the problem, if there was one, with slapcat/slapadd.
+ + debian/slapd.postinst: Make sure we get the organization before
+ we attempt to fix_ldif on old slapcat output. Default to unknown
+ if the organization is not set.
+ + debian/slapd.postinst: Be sure that slapd has been stopped before
+ attempting to fix and slapadd old slapcat.
+ + debian/slapd.postinst: Do not use --exec with s-s-d in postinst.
+ + debian/slapd.postinst: grep calls need to be || true'd when no
+ matching lines found is possible (this case is handled).
+ + debian/slapd.postinst: Be very sure slapd has stopped before
+ attempting to upgrade database.
+ + debian/slapd.preinst: Use either the pidfile or exec if pidfile
+ is not available when stopping. Do not put \"\" around pidfile.
+ Use $oldver instead of $2.
+ + debian/slapd.config: Reask questions on a reconfigure. Use the
+ same logic as slapd.postinst for when to ask questions regarding
+ the db. Be sure to db_go after db_input's.
+ + debian/slapd.templates: Fix allow_bind_v2 short description to
+ make more sense since the default is off.
+ + debian/slapd.preinst: Use perl instead of sed for handling conf.
+ + debian/slapd.postinst: Use perl instead of sed for handling conf,
+ use old sed method to insert \n's, user invoke-rc.d when slapd
+ needs to be stopped. Assume preinst shuts slapd down for upgrade.
+ + debian/slapd.postinst: Only stop slapd on reconfigure.
+
+ * Torsten Landschoff <torsten at debian.org>:
+ + doc/man/man8/slapd.8: Refer to slapd.conf(5) for a description of
+ the debugging level (closes: #176980).
+ + debian/move_files: Kill of the static archives of our backend
+ modules as they are of absolutely no use.
+
+ * Steve Langasek <vorlon at debian.org>:
+ + debian/slapd.postinst: Add a new function, get_database_list, that
+ prints out the list of configured databases from slapd.conf
+ one row at a time. Move all of the upgrade handling into a
+ loop, and iterate through the configured databases. Since the
+ while loop is in fact a subshell, be sure to handle errors
+ correctly. We also have to look at the configured directory
+ for each database, instead of assuming /var/lib/ldap.
+ Closes: #190155, #190156.
+ + debian/slapd.preinst: Simplify the handling of error status: if
+ the slapcat fails, just remove the ldif file. Also, add the
+ suffix to the name of the output file, and add the
+ get_database_list function here as well.
+
+ * Roland Bauerschmidt <rb at debian.org>:
+ + debian/rules: call dh_makeshlibs with -plibldap2 rather than just
+ with libldap2
+ + debian/slapd.postinst: Add question about no configuration.
+ + debian/slapd.templates: Add template for no config question.
+ + debian/slapd.templates: Add template for invalid suffix.
+ + debian/slapd.config: Add no configuration option. Closes: #87986
+ + debian/slapd.config: Complain to the user on invalid domain/org.
+
+ -- Stephen Frost <sfrost at debian.org> Tue, 15 Jul 2003 12:37:05 -0400
+
+openldap2 (2.1.21-1) unstable; urgency=low
+
+ * Torsten Landschoff <torsten at debian.org>:
+ + Merged new upstream release.
+
+ * Stephen Frost <sfrost at debian.org>:
+ + debian/control: Add libbind-dev and bind-dev to the conflicts for
+ slapd, the libs in them can end up being used even when not
+ compiled against causing getaddrinfo() to fail. Closes: #166777
+ + debian/copyright: Flush out the copyright file to include all found
+ copyrights and updates to those.
+ + debian/copyright: Add clarification of MA license
+ + debian/copyright: Add clarification of JC license
+ + debian/slapd.templates: More clearly inform users of important
+ config change. Closes: #194192.
+ + debian/control: Remove patch from build-depends (dpkg-dev depends on it)
+ + debian/fix_ldif: Correctly handle base64-encoded DNs. Closes: #197014.
+ + debian/slapd.templates: Added templates for asking about LDAPv2 support
+ and telling the user of slapcat/slapadd failures during upgrade.
+ + debian/slapd.postinst: Added support for adding LDAPv2 support
+ + debian/slapd.postinst: Modified to handle slapcat/slapadd failure.
+ In the event of an upgrade failure the database will be left untouched
+ and the user notified. Closes: #192431
+ + debian/slapd.postinst: Use ldif_dump_location in more places...
+ + debian/slapd.prerm: Check if upgrade failed and assume bad old init.d
+ script was used and attempt to shut down slapd with --oknodo in case
+ slapd isn't running. Closes: #193854. (Again)
+ + debian/slapd.conf: Add commented out allow line
+ + debian/rules: Tell dh_installinit to not touch slapd.prerm now.
+ + debian/slapd.postinst: Do a dry-run with slapadd first and check if
+ that worked or not. If it did not work then tell the user, otherwise
+ do a real slapadd which should work.
+ + debian/slapd.postinst: Make sure slapd is stopped before doing
+ slapadd/slapcat's and the like. (Note: The woody version does not
+ stop slapd). Closes: #189777.
+ + debian/slapd.postinst: Check if directories exist before attempting
+ to mkdir them. Closes: #189947
+ + debian/slapd.README.debian: Add note about runlevel issue.
+ Closes: #175736
+ + debian/move_files: Copy ldiftopasswd into /usr/share/slapd for users
+ to use, if they find it useful. Closes: #94963.
+ + debian/slapd.README.Debian: Added note about ldiftopasswd.
+
+ * Roland Bauerschmidt <rb at debian.org>:
+ + debian/slapd.postinst: fixed typos and check for the existence of
+ slapd.conf before reading it.
+
+ -- Torsten Landschoff <torsten at debian.org> Thu, 19 Jun 2003 17:35:32 +0200
+
+openldap2 (2.1.17-3) unstable; urgency=low
+
+ * Stephen Frost <sfrost at debian.org>:
+ + debian/slapd.init: Add --oknodo for stopping slapd. Closes: #192423, #193854.
+ + debian/slapd.init: Change START_SLURPD to SLURPD_START. Closes: #190724.
+ + debian/libldap2.shlibs: Bump to 2.1.17- 2.1.12 never hit the archive.
+ These should only be bumped when new symbols are added so we should
+ figure out a way to handle checking that.
+ + debian/slapd.dirs: Added /var/run/slapd for pidfile
+ + debian/slapd.conf: Moved pidfile to /var/run/slapd; Needed if running
+ non-root.
+ + debian/slapd.conf: Clean up config file, be more explicit about what
+ directives are 'general', 'backend', and 'database'. Moved and
+ commented out 'replogfile' since it is database specific, wasn't doing
+ anything where it was and use of it depends on slurpd usage.
+ I consider this solving #151511 since we don't ask if you want to use
+ replication anymore anyway. Closes: #151511
+ + debian/copy_slapd_dev_files: Added to copy the include files for
+ building slapd back-ends.
+ + debian/control: Add warning about libslapd2-dev
+ + debian/control: Add build-depend on po-debconf for dh_installdebconf
+ + debian/slapd.default: Add option for settings SLAPD_CONF file
+ + debian/slapd.init: Changed to use SLAPD_CONF, setting it to
+ /etc/ldap/slapd.conf if it is not specified. Closes: #91318
+ + debian/control: Added libslapd2-dev to control file. Closes: #192163.
+ + debian/rules: Added binary-indep to the binary: build line and flushed
+ it out to build the libslapd2-dev deb. Added -k to dh_clean since we're
+ building arch and indep debs now.
+ + Maintainer upload, acknowledge NMU. Closes: #98039.
+ + Add debian/po/fr.po from 194740. Closes: #194740
+ + Add space before ']' on line 113 of postinst. Closes: #194192, #194943
+
+ * Torsten Landschoff <torsten at debian.org>:
+ + debian/control: Enforce libldap2 to be the same version as slapd
+ as slapd (legitimately) uses internal functions of that library
+ (closes: #190164).
+ + debian/slapd.postinst: Fix the regexp for finding the database
+ definitions.
+
+ * Steve Langasek <vorlon at debian.org>:
+ + debian/slapd.preinst: don't use debconf or ldapsearch in the
+ preinst, as this is a policy violation (even if a previous
+ version was installed, it could've been removed-but-not-purged).
+ Closes: #189811, #195029.
+ + debian/slapd.{pre,post}inst: dump & fix up the directory in the
+ postinst, not in the preinst -- using slapcat/slapadd, not
+ ldapmodify. This ensures that the dump will succeed whenever the
+ database is present, rather than depending on access to an admin
+ dn. Closes: #190085.
+ + debian/fix_ldif, debian/move_files, debian/copyright: add Dave
+ Horsfall's dn-fixing script, to handle objectClass upgrading
+ + debian/slapd.postinst: Skip the duplicate prompting for the
+ organization name; we're guaranteed to always have one.
+
+ -- Torsten Landschoff <torsten at debian.org> Fri, 6 Jun 2003 16:56:16 +0200
+
+openldap2 (2.1.17-2) unstable; urgency=low
+
+ * The who-says-slavery-is-dead upload.
+ * Steve Langasek <vorlon at debian.org>:
+ + debian/slapd.postinst: Fix the database regexp.
+ + debian/slapd.postinst: Only add moduleload lines *once* on upgrade
+ from 2.0. Wrap the backup code with a check for
+ /var/lib/slapd/upgrade_2.0, to guarantee idempotency.
+ Closes: #190401.
+ + debian/slapd.{config,templates,postinst}: On dpkg-reconfigure,
+ don't wipe out an existing config; only merge in any requested
+ changes. Also, prompt before wiping out the existing db.
+ Closes: #190799.
+ + debian/slapd.{postinst,examples},debian/rules: Move slapd.conf
+ from doc/slapd/examples to /usr/share/slapd, per policy.
+ + debian/slapd.postinst: make sure slapd.conf is always created
+ atomically.
+ + debian/slapd.postrm: If removing databases on package purge,
+ remove any database backups as well.
+
+ * Torsten Landschoff <torsten at debian.org>:
+ + debian/configure.options: Disable ACIs because they are still
+ experimental.
+ + debian/control: Change section and priority of libldap2-dev to
+ libdevel and extra respectively (dinstall message).
+ + debian/slapd.preinst: Only query the object classes of the root
+ dn if there was no error parsing the config.
+ + Update templates for po-debconf using the patch submitted by
+ Andre Luis Lopes (closes: #189933).
+ + Use [[:space:]] instead of [\t ] in sed invocations since the
+ latter does not seem to work (reported by Daniel Lutz).
+ + debian/control: Add Replaces: entry for openldapd since ldif.5.gz
+ was included in the potato package of that name (closes: #190660).
+ + debian/control: Tighten the build dependency on libtldl3-dev as
+ versions before 1.4.3 required the .la file for dynamic binding
+ (thanks to Josip Rodin for pointing this out).
+
+ -- Torsten Landschoff <torsten at debian.org> Sat, 19 Apr 2003 02:28:32 +0200
+
+openldap2 (2.1.17-1) unstable; urgency=low
+
+ * New upstream release.
+ * Torsten Landschoff <torsten at debian.org>:
+ + debian/slapd.init: Improve the error reporting. If nothing is output
+ by the failing command don't leave the user alone but print a hint
+ to look into the logfile etc.
+ + debian/control: Require at least version 2.1.3 of libsasl2-dev
+ as this is what the configure script checks for. Pointed out by
+ Norbert Tretkowski.
+ + debian/slapd.{pre,post}inst: Small cleanups, added some comments,
+ adapted for the removal of the .la files in slapd package.
+
+ -- Torsten Landschoff <torsten at debian.org> Sat, 19 Apr 2003 01:59:26 +0200
+
+openldap2.1 (2.1.16-1) unstable; urgency=low
+
+ * New upstream release.
+ + build/top.mk: Remove patch to omit "-static" at linking time. Upstream
+ now respects the --enable-shared flag used at configuration time.
+ + debian/slapd.postinst: Automagically add the module load directives
+ after upgrade as needed.
+ + debian/slapd.config:
+ - Only ask questions to create a new directory on fresh install.
+ - Ask wether the right modules should automatically be loaded in
+ slapd.conf.
+ + debian/slapd.templates: Add the templates for autoloading modules
+ and fixing the directory.
+ + debian/slapd.preinst: New script to support upgrading from 2.0.
+ The old prerm did not stop the daemon so we have to do it here.
+ Also a first attempt to fix broken LDAP directories not acceptable
+ to 2.1.
+ - Conditionally load debconf when upgrading as it only has to
+ be available in that case.
+ + debian/slapd.preinst: Dump database before upgrade.
+ + debian/slapd.postinst: Recreate database from dump after upgrade.
+ Move old database out of the way.
+
+ * Roland Bauerschmidt <rb at debian.org>
+ + debian/slapd.README.Debian: mention that backend database modules are
+ now compiled as shared objects
+
+ * Stephen Frost <sfrost at debian.org>
+ + debian/slapd.conf: Drop the '.la' file extension
+ + debian/move_files: Drop and rm the .la files, they aren't necessary.
+ + debian/slapd.README.Debian: Dropped the .la from the module_load line.
+ + servers/slapd/daemon.c: check slapd_srvurls is not NULL before
+ deref; included in upstream CVS.
+ + servers/slapd/back-*/init.c: Change the munged symbol names to
+ init_module, they do not need to be munged, and cause problems when
+ they are and not using .la files (which cause other problems)
+ + servers/slapd/module.c: Change to use lt_dlopenext() so we don't
+ need the .la files
+
+ -- Torsten Landschoff <torsten at debian.org> Wed, 26 Mar 2003 20:34:35 +0100
+
+openldap2.1 (2.1.12-1) experimental; urgency=low
+
+ * Initial release of OpenLDAP 2.1 packages. Closes: #167566, #178014.
+ - this includes support for the >= and <= operators. Closes: #159078.
+ - fixes various upstream bugs. Closes: #171008.
+
+ * Torsten Landschoff <torsten at debian.org>
+ - debian/check_config: Added script to check if OpenLDAP was configured
+ the way we want it.
+ - Don't build special TLS packages anymore - SSL is enabled in the
+ stock ldap library. Everything else will just give me more headaches.
+ - Build against libsasl2 instead of libsasl1. Closes: #176462.
+ - debian/control:
+ - Build-depend on debhelper 4.0 as debian/rules uses DH_COMPAT=4.
+ - Depend on coreutils | fileutils. Closes: #175704, #185676.
+ - Make libldap2 conflict with libldap2-tls which is obsolete now.
+ - debian/rules: Move the long list of configure options to a new
+ file debian/configure.options and read $(CONFIG) from that file.
+ - configure with --enable-aci. Closes: #101602.
+ - debian/slapd.init: Rewrite and add comments.
+ - Add support for running as non-root (closes: #111765, #157037).
+ - servers/slapd/main.c (main): Remove pid file on exit (closes: #162284).
+ - servers/slurpd/slurp.h: Change the default spool directory to
+ /var/spool/slurpd (avoids passing it via -t in init.d).
+ - servers/{slapd,slurpd}/Makefile.in: Install binaries into sbindir
+ instead of libexecdir.
+ - debian/control: Add Stephen Frost to the Uploaders field. Thanks
+ for your help, Stephen!
+ - contrib/ldapc++/config.{guess,sub}: Replaced with current files from
+ autotools-dev (lintian). Not actually neccessary since this part of
+ the package is not currently built but I think this is the best way
+ to shut up lintian :)
+ - build/mod.mk: Use -m 644 instead of -m 755 in installing shared
+ libraries. Shared libraries should not be marked as executable
+ (lintian).
+ - debian/libldap2.conffiles: Remove, since we are using version 4
+ of debhelper which tags everything in /etc as conffile by default.
+ - debian/rules: Change the mode of everything upstream installed into
+ /etc to 0644 as required by policy (lintian).
+ - debian/rules: Call dh_installdeb later in the binary target so that
+ the conffiles are already there for listing. Without this nothing in
+ /etc gets tagged as conffile... (lintian).
+ - debian/rules: Pass the start and stop priority of slapd to
+ dh_installinit in preparation for a postinst supported by debhelper.
+ - debian/rules: Call dh_installdirs again.
+ - Rewrite slapd.config, slapd.postinst, slapd.templates - a first try
+ in getting slapd to configure itself. Way to go.
+
+ * Roland Bauerschmidt <rb at debian.org>
+ - debian/control:
+ - build-depend on libdb4.1-dev instead of libdb4.0-dev
+ - conflict, replace, and provide libldap2-tls (libldap2)
+ - removed ldap-gateways binary package
+ - drop suggestion to obsolete openldap-guide. Closes: #171894, #146968.
+ - debian/rules:
+ - build with BDB backend
+ - run dh_installdeb
+ - only run dh_makeshlibs for libldap2
+ - debian/slapd.dirs: added to create /var/lib/ldap and /var/spool/slurpd
+ - debian/slapd.postinst:
+ - properly remove temporary files on errors. Closes: #160412.
+ - install init.d link if slapd.conf already exists. Closes: #159542.
+ - run db_stop even if package isn't configured for the first time. This
+ prevents hanging during upgrades.
+ - added debian/slapd.default and use it from debian/slapd.init.
+ Closes: #160964, #176832.
+ - added debian/slapd.README.Debian
+ - added versioned dependency on coreutils to make lintian quiet.
+ - added debian/slapd.postrm
+ - remove slapd.conf when package is purged
+ - remove /var/lib/ldap when slapd/purge_database is true
+ - remove /etc/ldap/schema if empty. Closes: #185173.
+ - debian/templates: added slapd/purge_database template
+ - build/top.mk: link against libcrypt before other SECURITY_LIBS
+ - debian/libldap2.shlibs: tighten dependencies. Closes: #181168.
+
+ * Stephen Frost <sfrost at debian.org>
+ - debian/control: added libltdl2-dev and libslp-dev to the build-depends
+ - Correct typo for back-sql init routine; already in OpenLDAP upstream
+ CVS
+ - Correct free of SASL interact results; already in OpenLDAP upstream CVS
+ - Duplicate the DN from SASL to ensure '\0' termination; already in
+ OpenLDAP upstream CVS
+ - debian/control: added Replaces: slapd (<< 2.1) for ldap-utils due to
+ ldif.5 move.
+ - Add modulepath /usr/lib/ldap to default slapd config
+ - Add moduleload back_bdb to default slapd config
+ - Changed libexecdir to ${prefix}/lib
+ - Add usr/lib/ldap to slapd portion of move_files
+ - Modified backend types to be built as modules for dynamic loading
+ - Fixed pt_BR translation
+
+ -- Roland Bauerschmidt <rb at debian.org> Sat, 15 Mar 2003 21:35:24 +0100
+
+openldap2 (2.0.27-3) unstable; urgency=high
+
+ * [SECURITY]: Apply the patch used by SuSE in SuSE-SA:2002:047
+ (or rather the parts of it not yet included upstream).
+
+ -- Torsten Landschoff <torsten at debian.org> Fri, 20 Dec 2002 04:47:15 +0100
+
+openldap2 (2.0.27-2) unstable; urgency=low
+
+ * debian/control: Make libldap2-dev depend on libssl-dev and
+ libsasl-dev, since those libs are pulled via the libldap.la file
+ (closes: #164791).
+ * debian/control: Add shlibs:Depends to libldap2-tls as well. Most
+ of those depends are pulled via libldap2 but of course libssl
+ is not among those. (closes: #169950).
+ * debian/libldap2-tls: Remove old divertions on "configure" and not
+ on "upgrade" - the latter is not really called.
+
+ -- Torsten Landschoff <torsten at debian.org> Fri, 22 Nov 2002 00:35:29 +0100
+
+openldap2 (2.0.27-1) unstable; urgency=low
+
+ * New upstream release.
+
+ -- Torsten Landschoff <torsten at debian.org> Wed, 6 Nov 2002 01:12:06 +0100
+
+openldap2 (2.0.23-14) unstable; urgency=low
+
+ * debian/rules: Remove search paths from .la files using some perl
+ trickery (closes: #110479).
+ * debian/libldap2.README.debian: Document the NSS problem which stops /usr
+ from being unmounted cleanly when using libnss-ldap (for more info
+ see bug#159771).
+
+ * Started cleaning up the maintainer scripts:
+ - Remove creation of the /usr/doc symlinks (lintian).
+ - Don't run ldconfig in prerm scripts (lintian).
+
+ -- Torsten Landschoff <torsten at debian.org> Mon, 30 Sep 2002 12:10:05 +0200
+
+openldap2 (2.0.23-13) unstable; urgency=low
+
+ * As Ashley Clark found out the preinst of libldap-tls fails for a new
+ install. My fault - I did not check that (removing ldap is cumbersome
+ if you are using it... :) and the scripts were only checked without
+ "set -e" in effect.
+ + debian/libldap2-tls.preinst: Apply Ashley's patch (thanks a lot,
+ Ashley. closes: #162123).
+ + Coincidently the other installation scripts seem to be okay, the
+ failing command is in the middle of a pipe and therefore ignored.
+
+ -- Torsten Landschoff <torsten at debian.org> Tue, 24 Sep 2002 12:56:18 +0200
+
+openldap2 (2.0.23-12) unstable; urgency=low
+
+ * Apply the patch from upstream ITS#2012 to support MD5 hashes. Problem
+ is that OpenSSL comes with its own version of the crypt() function
+ which is linked in instead of the system's version from libcrypt.
+ The patch changes the link order so that slapd takes the system's
+ implementation.
+ * debian/rules: Pass --enable-crypt-first to configure to enable the
+ patch (closes: #160763).
+ * Fix the diversion handling of libldap2-tls:
+ - preinst: Only install diversions that are not there.
+ - postrm: Remove this package's diversions.
+ - postinst: Remove obsolete diversions after upgrade.
+ - Removal of diversions is done in reverted order of the installation.
+
+ * Enable DNSSRV support as requested by Turbo. No Kerberos for now, sorry.
+ * debian/control: Updates Standards-Version to 3.5.7 and fix running
+ of ldconfig in maintainer scripts.
+
+ -- Torsten Landschoff <torsten at debian.org> Mon, 23 Sep 2002 12:18:40 +0200
+
+openldap2 (2.0.23-11) unstable; urgency=low
+
+ * debian/rules: Build with --with-tls (closes: #80591, #155937).
+ * debian/control:
+ + Add build dependency on libssl-dev.
+ + Specify Roland Bauerschmidt as co maintainer.
+ * Added the trickery to have libldap2 without TLS and libldap2-tls
+ with the TLS stuff. Otherwise we have to change the base system,
+ and god knows how long that would take.
+
+ Most of the changes done by Roland Bauerschmidt. We now build the
+ source two times - with and without ssl. We mostly use the ssl enabled
+ stuff with the exception of a libldap2 package which does not have
+ support for that. If you need TLS support you have to install
+ libldap2-tls, which diverts the libraries from libldap2 out of the
+ way and replaces them with the TLS enabled version.
+
+ -- Torsten Landschoff <torsten at debian.org> Thu, 29 Aug 2002 13:35:39 +0200
+
+openldap2 (2.0.23-10) unstable; urgency=low
+
+ * debian/control: Build depend on libdb4.0-dev instead of libdb3-dev.
+ This should fix the index corruption problems (closes: #152959).
+
+ -- Torsten Landschoff <torsten at debian.org> Sun, 18 Aug 2002 19:47:02 +0200
+
+openldap2 (2.0.23-9) unstable; urgency=low
+
+ * debian/slapd.init: Wait for the daemons to actually terminate for
+ the stop action (which is used for restart) and trap all errors
+ (closes: #148033).
+ * debian/rules: Build with -D_FILE_OFFSET_BITS=64 to support files
+ bigger than 2GB on all architectures (closes: #155197). As off_t is
+ about never used in the source that should not create any problems.
+ * debian/control: Make libldap2-dev depend on libsasl-dev
+ (closes: #135223, #96957).
+ * doc/man/man1/ldapmodify.1: Fix typo (closes: #105905).
+ * debian/rules: Create symlinks for some manpages (closes: #99547).
+ * Fix spelling error in description of ldap-gateways (closes: #124859).
+ * debian/copyright: Include the full content of the LICENSE file
+ (closes: #151222).
+
+ -- Torsten Landschoff <torsten at debian.org> Thu, 8 Aug 2002 15:54:46 +0200
+
+openldap2 (2.0.23-8) unstable; urgency=low
+
+ * New maintainer.
+ * debian/control: Build-Conflict with libbind-dev to use the right
+ resolver library everywhere (closes: #112459). Of course, the
+ real solution must be to fix the configure script to not detect
+ libbind-dev and use the right resolver all the time. But a work around
+ is better than nothing I would say...
+
+ -- Torsten Landschoff <torsten at debian.org> Wed, 7 Aug 2002 14:53:39 +0200
+
+openldap2 (2.0.23-7) unstable; urgency=low
+
+ * Add Brazilian translation for debconf templates. Closes: Bug#114021
+ * Fix hostless LDAP URLs, patch from Lamont Jones. Closes: Bug#140387
+
+ -- Wichert Akkerman <wakkerma at debian.org> Sat, 4 May 2002 20:05:32 +0200
+
+openldap2 (2.0.23-6) unstable; urgency=high
+
+ * Make slapd.config idempotent, so that calling it once (during
+ preconfiguration) and again (during postinst) doesn't break things.
+ Patch from Anthony Towns. Closes: Bug#137552).
+
+ -- Wichert Akkerman <wakkerma at debian.org> Sun, 14 Apr 2002 19:10:50 +0200
+
+openldap2 (2.0.23-5) unstable; urgency=high
+
+ * Fix slurpd invocation in slapd.init. Closes: Bug#141959
+ * Ask for admin DN when using LDIF initialization as well.
+ Lets hope this finally Closes: Bug#137552
+ * Merge German translation for debconf templates. Closes: Bug#141712
+ * Add Build-Depends on debconf-utils since we use debconf-mergetemplate
+ * Remove bogus error from slapd.init. Closes: Bug#137718
+
+ -- Wichert Akkerman <wakkerma at debian.org> Tue, 9 Apr 2002 14:49:27 +0200
+
+openldap2 (2.0.23-4) unstable; urgency=high
+
+ * Only show already-configured note on initial installs. Closes: Bug#137100
+ * Supply -t option to slurpd when starting it, not when stopping it.
+ Closes: Bug#136240
+ * Use db_input instead of db_get for notes in the slapd postinst.
+ * Only fetch password from debconf when not using ldif initialization.
+ Closes: Bug#138558,#137552
+ * Check if slapd.conf exists in slapd postinst. Closes: Bug#138136
+
+ -- Wichert Akkerman <wakkerma at debian.org> Sat, 6 Apr 2002 23:02:42 +0200
+
+openldap2 (2.0.23-3) unstable; urgency=high
+
+ * If can not get a password for the admin entry when installing slapd
+ generate one randomly. Closes: Bug#134774
+ * Bump shlibs dependency to 2.0.23
+
+ -- Wichert Akkerman <wakkerma at debian.org> Thu, 21 Feb 2002 23:23:57 +0100
+
+openldap2 (2.0.23-2) unstable; urgency=high
+
+ * Create /var/spool/slurpd and tell slurpd to use that as temporary
+ directory. Closes: Bug#134564
+ * Improve debconf prompts a bit. Closes: Bug#134945
+ * Properly set default value for domain
+ * Clear crypted password from debconf after creating the LDAP directory
+
+ -- Wichert Akkerman <wakkerma at debian.org> Sun, 17 Feb 2002 16:07:18 +0100
+
+openldap2 (2.0.23-1) unstable; urgency=high
+
+ * Upstream updated config.{guess,sub} so we are back to zero patches
+ again.
+ * Apply fix from Klaus Duscher for the missing password problem: the
+ config script did not check if it was run twice without slapd.conf
+ being generated in between and would abort with a missing password
+ error. Closes: Bug#132566
+ * Change slapd priority for boot sequence to start earlier and stop
+ later so people can use LDAP for NSS purposes. Closes: Bug#130277
+
+ -- Wichert Akkerman <wakkerma at debian.org> Sun, 17 Feb 2002 16:07:18 +0100
+
+openldap2 (2.0.22-2) unstable; urgency=low
+
+ * Update config.{guess,sub} again. Closes: Bug#131469
+
+ -- Wichert Akkerman <wakkerma at debian.org> Thu, 7 Feb 2002 22:33:01 +0100
+
+openldap2 (2.0.22-1) unstable; urgency=low
+
+ * New upstream version
+ * Build properly as non-native package
+
+ -- Wichert Akkerman <wakkerma at debian.org> Wed, 6 Feb 2002 00:17:20 +0100
+
+openldap2 (2.0.21-3) unstable; urgency=high
+
+ * Add logic to config and postinst to configure replication as well
+ * Don't fail in slapd postinst if we can't stop slapd. Closes: Bug#131617
+ * Change localstatedir to /var/lib
+ * Remove /var/lib/ldap when purging slapd
+ * Don't remove user-supplied ldif file after creating the directory
+ * Set default replogfile
+ * Fix typo in severity for no_password note
+ * Encrypt admin password and remove it from the debconf database
+
+ -- Wichert Akkerman <wakkerma at debian.org> Thu, 31 Jan 2002 17:03:36 +0100
+
+openldap2 (2.0.21-2) unstable; urgency=medium
+
+ * Update config.{guess,sub} and forwarded upstream (ITS#1567).
+ Closes: Bug#131469
+ * Remove -x from slapd postinst. Closes: Bug#131502
+
+ -- Wichert Akkerman <wakkerma at debian.org> Wed, 30 Jan 2002 10:53:45 +0100
+
+openldap2 (2.0.21-1) unstable; urgency=high
+
+ * New upstream version,
+ * Update copyright
+ * Update config.guess and config.sub
+ * Redone packaging, no more dbs or debhelper
+ * Drop all patches, they are either unnecessary or alternatives have
+ been made upstream
+
+ -- Wichert Akkerman <wakkerma at debian.org> Tue, 29 Jan 2002 17:04:10 +0100
+
+openldap2 (2.0.14-1) unstable; urgency=high
+
+ * New upstream version, which includes a billion second bug.
+ Closes: Bug#111833
+ * Drop 005_libldbm_dbopen, upgrading the database in place no longer works
+ with the new db-env code.
+ * Redo 008_porting_maxpathlen
+
+ -- Wichert Akkerman <wakkerma at debian.org> Sat, 15 Sep 2001 13:39:46 +0200
+
+openldap2 (2.0.11-2) unstable; urgency=low
+
+ * Test if /etc/init.d/slapd is executable when purging slapd.
+ Closes: Bug#100938
+ * Update 008_porting_maxpathlen. Closes: Bug#100584
+ * Don't use four11 as referral example anymore. Closes: Bug#99998
+ * Fix synopsis of slapindex manpage. Added to 002_man_fixes.
+ Closes: Bug#98805
+ * Removed stray backup file from 002_man_fixes
+
+ -- Wichert Akkerman <wakkerma at debian.org> Tue, 19 Jun 2001 01:01:17 +0200
+
+openldap2 (2.0.11-1) unstable; urgency=low
+
+ * New upstream version
+ * Add autoconf to Build-Depends. Closes: Bug#99440
+ * Fix new db upgrade patch. Closes: Bug#98853
+
+ -- Wichert Akkerman <wakkerma at debian.org> Sun, 3 Jun 2001 00:25:47 +0200
+
+openldap2 (2.0.10-2) unstable; urgency=low
+
+ * Tighten shlibs dependency to >= 2.0.1-1. Closes: Bug#98683
+
+ -- Wichert Akkerman <wakkerma at debian.org> Fri, 25 May 2001 16:32:35 +0200
+
+openldap2 (2.0.10-1) unstable; urgency=low
+
+ * New upstream version
+ * New maintainer
+ * Remove useless LINE_WIDTH bit from patch 000_clients
+ * Patch 004_ssl_fix has been merged upstream, removed
+ * Redo 005_db3_upgrade
+ * Rediff all other patches
+
+ -- Wichert Akkerman <wakkerma at debian.org> Thu, 24 May 2001 14:56:02 +0200
+
+openldap2 (2.0.7-6) unstable; urgency=low
+
+ * Make sure autoconf is run if configure.in is changed (for Hurd patch),
+ closes: #96145
+ * Fix slapd.postinst in the case of using an ldif file, closes: #95600
+ * Use a var for slapd.conf in slapd init script. Partially fixes bug
+ 91318.
+ * Fixed hurd patch for strrchr in replog.c, closes: #93605
+
+ -- Ben Collins <bcollins at debian.org> Mon, 7 May 2001 23:00:27 -0400
+
+openldap2 (2.0.7-5) unstable; urgency=low
+
+ * Fixed db3 upgrade code, closes: #92331, #92916
+ * m68k should compile fine with db3 now, closes: #90165
+ * Included provided patch for Hurd compilation, closes: #88079
+
+ -- Ben Collins <bcollins at debian.org> Wed, 4 Apr 2001 17:46:47 -0400
+
+openldap2 (2.0.7-4) unstable; urgency=low
+
+ * slapd.conf is no longer a conffile, and not provided by the package.
+ Instead, it is only generated. closes: #81359
+ * Fixed by previous upload, closes: #71852, #78950, #82491
+ * Actually install the netscape schema, closes: #90323
+ * Add comment to README.Debian about being compiled with libwrap,
+ closes: #84954
+ * Provide example sasl config file, closes: #90855
+ * Conflict replace openldap-utils (ldap-utils), and libopenldap-dev
+ (libldap2-dev), closes: #71471
+ * Revert to using some code to upgrade previous db's. Remove slapd's dep
+ on db3-util, and remove postinst code that upgrades the db's.
+
+ -- Ben Collins <bcollins at debian.org> Sat, 24 Mar 2001 21:59:20 -0500
+
+openldap2 (2.0.7-3) unstable; urgency=low
+
+ * netscape-profile.schema: new schema for old roaming support
+ * 004_ssl_fix.diff: Fix for SSL support (not compiled in, but some
+ people use it).
+ * slapd.config: FINALLY fix the "dc=" base bug.
+ * Build-Depend on libdb3-dev now that it is available.
+ * Now that we use db3, make sure we upgrade existing databases to the
+ db3 format with db3_upgrade.
+
+ -- Ben Collins <bcollins at debian.org> Sun, 11 Mar 2001 23:36:34 -0500
+
+openldap2 (2.0.7-2) unstable; urgency=low
+
+ * slapd.postinst: fix debhelper wraper so it gets the right @argv,
+ closes: #71854
+ * sendmail appears to be compiled against glibc2.2/libdb2 now,
+ closes: #71602
+ * %strace ldapsearch cn=admin | & grep /etc | grep ldap
+ open("/etc/ldap/ldap.conf", O_RDONLY) = 3
+ closes: #71716
+ * ldap_first_attribute.3: s/ber_free(3)/ber_free/. closes: #76719
+ * init.d/slapd: fix reference to pidfile, and also remove the pidfile
+ after killing the daemon, closes: #77633, #77635
+ * Fix fgets buffer size thinko in slurpd. closes: #78003
+ * slapd.8: s/ldap.h/slapd.conf(5)/. closes: #80457
+
+ -- Ben Collins <bcollins at debian.org> Sun, 31 Dec 2000 00:02:46 -0500
+
+openldap2 (2.0.7-1) unstable; urgency=low
+
+ * New upstream
+ * Removed hack for shlibs now that dpkg 1.7 is available, added dpkg-dev
+ 1.7.1 to build-depends.
+ * start using DH_COMPAT=2
+
+ -- Ben Collins <bcollins at debian.org> Fri, 10 Nov 2000 18:53:25 -0500
+
+openldap2 (2.0.2-2) unstable; urgency=low
+
+ * Recompile against libdb2/glibc 2.1.94/sasl
+
+ -- Ben Collins <bcollins at debian.org> Wed, 27 Sep 2000 11:31:59 -0400
+
+openldap2 (2.0.2-1) unstable; urgency=low
+
+ * New upstream version, includes some patches from me that fix some
+ stability issues
+ * debian/control:Build-Depends: change libwrap-dev to libwrap0-dev for
+ clarity, closes: #71366
+ * debian/rules: make sure mail500 docs do not get installed under bogus
+ subdirs, closes: #71473
+ * debian/README.build,debian/scripts/dbs-build.mk: Fix and document
+ build system better, closes: #71584
+ * debian/local/slapd.conf: Setup default ACL's to work with openldap2
+ correctly, closes: #71127, #71131
+ * debian/README: document how to access OpenLDAP 1 servers via
+ ldap-utils, closes: #71469
+ * debian/rules:CFLAGS: add -I/usr/include/db2 to make sure we get the
+ right <db.h> header, closes: #71470
+ * I cannot reproduce this. In debian/rules I have done exactly what is
+ needed to keep it from happening, and sparc, i386 and powerpc builds
+ do not show it, closes: #71472
+
+ -- Ben Collins <bcollins at debian.org> Wed, 13 Sep 2000 22:32:35 -0400
+
+openldap2 (2.0.1-2) unstable; urgency=low
+
+ * Fixed up depend for libldap2 on itself
+
+ -- Ben Collins <bcollins at debian.org> Wed, 6 Sep 2000 13:24:06 -0400
+
+openldap2 (2.0.1-1) unstable; urgency=low
+
+ * New upstream version
+ * Added libsasl-dev to build-deps, closes: #70923
+
+ -- Ben Collins <bcollins at debian.org> Tue, 5 Sep 2000 06:49:05 -0400
+
+openldap2 (2.0-1) unstable; urgency=low
+
+ * Initial release of OpenLDAP 2 test code
+
+ -- Ben Collins <bcollins at debian.org> Tue, 29 Aug 2000 14:28:39 -0400
diff --cc debian/configure.options
index 789aeaf,08a55e0,0000000..9d3704e
mode 100644,100644,000000..100644
--- a/debian/configure.options
+++ b/debian/configure.options
@@@@ -1,205 -1,204 -1,0 +1,205 @@@@
+#`configure' configures this package to adapt to many kinds of systems.
+#
+#Usage: ./configure [OPTION]... [VAR=VALUE]...
+#
+#To assign environment variables (e.g., CC, CFLAGS...), specify them as
+#VAR=VALUE. See below for descriptions of some of the useful variables.
+#
+#Defaults for the options are specified in brackets.
+#
+#Configuration:
+# -h, --help display this help and exit
+# --help=short display options specific to this package
+# --help=recursive display the short help of all the included packages
+# -V, --version display version information and exit
+# -q, --quiet, --silent do not print `checking...' messages
+# --cache-file=FILE cache test results in FILE [disabled]
+# -C, --config-cache alias for `--cache-file=config.cache'
+# -n, --no-create do not create output files
+# --srcdir=DIR find the sources in DIR [configure dir or `..']
+#
+#Installation directories:
+# --prefix=PREFIX install architecture-independent files in PREFIX
+# [/usr/local]
+--prefix=/usr
+# --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX
+# [PREFIX]
+#
+#By default, `make install' will install all the files in
+#`/usr/local/bin', `/usr/local/lib' etc. You can specify
+#an installation prefix other than `/usr/local' using `--prefix',
+#for instance `--prefix=$HOME'.
+#
+#For better control, use the options below.
+#
+#Fine tuning of the installation directories:
+# --bindir=DIR user executables [EPREFIX/bin]
+# --sbindir=DIR system admin executables [EPREFIX/sbin]
+# --libexecdir=DIR program executables [EPREFIX/libexec]
+--libexecdir='${prefix}/lib'
+# --sysconfdir=DIR read-only single-machine data [PREFIX/etc]
+--sysconfdir=/etc
+# --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
+# --localstatedir=DIR modifiable single-machine data [PREFIX/var]
+--localstatedir=/var
+# --libdir=DIR object code libraries [EPREFIX/lib]
+# --includedir=DIR C header files [PREFIX/include]
+# --oldincludedir=DIR C header files for non-gcc [/usr/include]
+# --datarootdir=DIR read-only arch.-independent data root [PREFIX/share]
+# --datadir=DIR read-only architecture-independent data [DATAROOTDIR]
+# --infodir=DIR info documentation [DATAROOTDIR/info]
+# --localedir=DIR locale-dependent data [DATAROOTDIR/locale]
+# --mandir=DIR man documentation [DATAROOTDIR/man]
+--mandir='${prefix}/share/man'
+# --docdir=DIR documentation root [DATAROOTDIR/doc/PACKAGE]
+# --htmldir=DIR html documentation [DOCDIR]
+# --dvidir=DIR dvi documentation [DOCDIR]
+# --pdfdir=DIR pdf documentation [DOCDIR]
+# --psdir=DIR ps documentation [DOCDIR]
+#
+#Program names:
+# --program-prefix=PREFIX prepend PREFIX to installed program names
+# --program-suffix=SUFFIX append SUFFIX to installed program names
+# --program-transform-name=PROGRAM run sed PROGRAM on installed program names
+#
+#System types:
+# --build=BUILD configure for building on BUILD [guessed]
+# --host=HOST cross-compile to build programs to run on HOST [BUILD]
+# --target=TARGET configure for building compilers for TARGET [HOST]
+#
+#Optional Features:
+# --disable-option-checking ignore unrecognized --enable/--with options
+# --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no)
+# --enable-FEATURE[=ARG] include FEATURE [ARG=yes]
+# --enable-debug enable debugging no|yes|traditional [yes]
+--enable-debug
+# --enable-dynamic enable linking built binaries with dynamic libs [no]
+--enable-dynamic
+# --enable-syslog enable syslog support [auto]
+--enable-syslog
+# --enable-proctitle enable proctitle support [yes]
+--enable-proctitle
+# --enable-ipv6 enable IPv6 support [auto]
+--enable-ipv6
+# --enable-local enable AF_LOCAL (AF_UNIX) socket support [auto]
+--enable-local
+#
+#SLAPD (Standalone LDAP Daemon) Options:
+# --enable-slapd enable building slapd [yes]
+--enable-slapd
+# --enable-dynacl enable run-time loadable ACL support (experimental) [no]
+--enable-dynacl
+# --enable-aci enable per-object ACIs (experimental) no|yes|mod [no]
+--enable-aci
+# --enable-cleartext enable cleartext passwords [yes]
+--enable-cleartext
+# --enable-crypt enable crypt(3) passwords [no]
+--enable-crypt
+# --enable-lmpasswd enable LAN Manager passwords [no]
+--disable-lmpasswd
+# --enable-spasswd enable (Cyrus) SASL password verification [no]
+--enable-spasswd
+# --enable-modules enable dynamic module support [no]
+--enable-modules
+# --enable-rewrite enable DN rewriting in back-ldap and rwm overlay [auto]
+--enable-rewrite
+# --enable-rlookups enable reverse lookups of client hostnames [no]
+--enable-rlookups
+# --enable-slapi enable SLAPI support (experimental) [no]
+--enable-slapi
+# --enable-slp enable SLPv2 support [no]
- --enable-slp
+ +--disable-slp
+# --enable-wrappers enable tcp wrapper support [no]
+--enable-wrappers
+#
+#SLAPD Backend Options:
+# --enable-backends enable all available backends no|yes|mod
+--enable-backends=mod
+# --enable-bdb enable Berkeley DB backend no|yes|mod [yes]
+# --enable-dnssrv enable dnssrv backend no|yes|mod [no]
+# --enable-hdb enable Hierarchical DB backend no|yes|mod [yes]
+# --enable-ldap enable ldap backend no|yes|mod [no]
+# --enable-mdb enable mdb database backend no|yes|mod [yes]
+# --enable-meta enable metadirectory backend no|yes|mod [no]
+# --enable-monitor enable monitor backend no|yes|mod [yes]
+# --enable-ndb enable MySQL NDB Cluster backend no|yes|mod [no]
+--disable-ndb
+# --enable-null enable null backend no|yes|mod [no]
+# --enable-passwd enable passwd backend no|yes|mod [no]
+# --enable-perl enable perl backend no|yes|mod [no]
+# --enable-relay enable relay backend no|yes|mod [yes]
+# --enable-shell enable shell backend no|yes|mod [no]
+# --enable-sock enable sock backend no|yes|mod [no]
+# --enable-sql enable sql backend no|yes|mod [no]
+#
+#SLAPD Overlay Options:
+# --enable-overlays enable all available overlays no|yes|mod
+--enable-overlays=mod
+# --enable-accesslog In-Directory Access Logging overlay no|yes|mod [no]
+# --enable-auditlog Audit Logging overlay no|yes|mod [no]
+# --enable-collect Collect overlay no|yes|mod [no]
+# --enable-constraint Attribute Constraint overlay no|yes|mod [no]
+# --enable-dds Dynamic Directory Services overlay no|yes|mod [no]
+# --enable-deref Dereference overlay no|yes|mod [no]
+# --enable-dyngroup Dynamic Group overlay no|yes|mod [no]
+# --enable-dynlist Dynamic List overlay no|yes|mod [no]
+# --enable-memberof Reverse Group Membership overlay no|yes|mod [no]
+# --enable-ppolicy Password Policy overlay no|yes|mod [no]
+# --enable-proxycache Proxy Cache overlay no|yes|mod [no]
+# --enable-refint Referential Integrity overlay no|yes|mod [no]
+# --enable-retcode Return Code testing overlay no|yes|mod [no]
+# --enable-rwm Rewrite/Remap overlay no|yes|mod [no]
+# --enable-seqmod Sequential Modify overlay no|yes|mod [no]
+# --enable-sssvlv ServerSideSort/VLV overlay no|yes|mod [no]
+# --enable-syncprov Syncrepl Provider overlay no|yes|mod [yes]
+# --enable-translucent Translucent Proxy overlay no|yes|mod [no]
+# --enable-unique Attribute Uniqueness overlay no|yes|mod [no]
+# --enable-valsort Value Sorting overlay no|yes|mod [no]
+#
+#Library Generation & Linking Options
+# --enable-static[=PKGS] build static libraries [default=yes]
+# --enable-shared[=PKGS] build shared libraries [default=yes]
+# --enable-fast-install[=PKGS]
+# optimize for fast installation [default=yes]
+# --disable-dependency-tracking speeds up one-time build
+# --enable-dependency-tracking do not reject slow dependency extractors
+# --disable-libtool-lock avoid locking (might break parallel builds)
+#
+#Optional Packages:
+# --with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
+# --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no)
+# --with-subdir=DIR change default subdirectory used for installs
+--with-subdir=ldap
+# --with-cyrus-sasl with Cyrus SASL support [auto]
+--with-cyrus-sasl
+# --with-fetch with fetch(3) URL support [auto]
+# --with-threads with threads [auto]
+--with-threads
++--with-gssapi
+# --with-tls with TLS/SSL support auto|openssl|gnutls|moznss [auto]
+--with-tls=gnutls
+# --with-yielding-select with implicitly yielding select [auto]
+# --with-mp with multiple precision statistics auto|longlong|long|bignum|gmp [auto]
+# --with-odbc with specific ODBC support iodbc|unixodbc|odbc32|auto [auto]
+--with-odbc=unixodbc
+# --with-gnu-ld assume the C compiler uses GNU ld [default=no]
+# --with-pic try to use only PIC/non-PIC objects [default=use
+# both]
+# --with-tags[=TAGS] include additional configurations [automatic]
+#
+#See INSTALL file for further details.
+#
+#Some influential environment variables:
+# CC C compiler command
+# CFLAGS C compiler flags
+# LDFLAGS linker flags, e.g. -L<lib dir> if you have libraries in a
+# nonstandard directory <lib dir>
+# LIBS libraries to pass to the linker, e.g. -l<library>
+# CPPFLAGS (Objective) C/C++ preprocessor flags, e.g. -I<include dir> if
+# you have headers in a nonstandard directory <include dir>
+# CPP C preprocessor
+#
+#Use these variables to override the choices made by `configure' or to help
+#it to find libraries and programs with nonstandard names/locations.
+#
+#Report bugs to the package provider.
diff --cc debian/control
index 24233ed,a3b235d,0000000..5e6d12b
mode 100644,100644,000000..100644
--- a/debian/control
+++ b/debian/control
@@@@ -1,136 -1,143 -1,0 +1,146 @@@@
+Source: openldap
+Section: net
+Priority: optional
- Maintainer: Debian OpenLDAP Maintainers <pkg-openldap-devel at lists.alioth.debian.org>
++Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
++XSBC-Original-Maintainer: Debian OpenLDAP Maintainers <pkg-openldap-devel at lists.alioth.debian.org>
+Uploaders: Roland Bauerschmidt <rb at debian.org>,
+ Steve Langasek <vorlon at debian.org>,
+ Torsten Landschoff <torsten at debian.org>,
+ Matthijs Möhlmann <matthijs at cacholong.nl>,
+ Timo Aaltonen <tjaalton at ubuntu.com>,
+ Ryan Tandy <ryan at nardis.ca>
+Build-Depends: debhelper (>= 9.20141010),
++ dh-apparmor,
+ dh-autoreconf,
+ dpkg-dev (>= 1.17.14),
+ groff-base,
- heimdal-multidev <!stage1>,
++ heimdal-dev <!stage1>,
+ libdb5.3-dev <!stage1>,
+ libgnutls28-dev,
+ libltdl-dev <!stage1>,
+ libperl-dev (>= 5.8.0) <!stage1>,
+ libsasl2-dev,
- libslp-dev <!stage1>,
+ libwrap0-dev <!stage1>,
++ lsb-release,
+ nettle-dev <!stage1>,
+ perl:any,
+ po-debconf,
+ time <!stage1>,
+ unixodbc-dev <!stage1>
+Build-Conflicts: libbind-dev, bind-dev, libicu-dev, autoconf2.13
- Standards-Version: 3.9.6
+ +Standards-Version: 3.9.8
+Homepage: http://www.openldap.org/
- Vcs-Git: git://anonscm.debian.org/pkg-openldap/openldap.git
- Vcs-Browser: http://anonscm.debian.org/gitweb/?p=pkg-openldap/openldap.git
+ +Vcs-Git: https://anonscm.debian.org/git/pkg-openldap/openldap.git
+ +Vcs-Browser: https://anonscm.debian.org/git/pkg-openldap/openldap.git
+
+Package: slapd
+Section: net
+Priority: optional
+Architecture: any
+Build-Profiles: <!stage1>
+Pre-Depends: debconf (>= 0.5) | debconf-2.0, ${misc:Pre-Depends}
+Depends: ${shlibs:Depends}, libldap-2.4-2 (= ${binary:Version}),
+ coreutils (>= 4.5.1-1), psmisc, perl (>> 5.8.0) | libmime-base64-perl,
+ adduser, lsb-base (>= 3.2-13), ${misc:Depends}
+Recommends: libsasl2-modules
- Suggests: ldap-utils,
++Suggests: ldap-utils, ufw,
+ libsasl2-modules-gssapi-mit | libsasl2-modules-gssapi-heimdal
+Conflicts: umich-ldapd, ldap-server, libltdl3 (= 1.5.4-1)
+Replaces: libldap2, ldap-utils (<< 2.2.23-3)
+Provides: ldap-server, ${slapd:Provides}
+Description: OpenLDAP server (slapd)
+ This is the OpenLDAP (Lightweight Directory Access Protocol) server
+ (slapd). The server can be used to provide a standalone directory
+ service.
+
+Package: slapd-smbk5pwd
+Section: net
+Priority: extra
+Architecture: any
+Build-Profiles: <!stage1>
+Depends: slapd (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends}
+Description: Keeps Samba and Kerberos passwords in sync within slapd.
+ Extends the PasswordModify Extended Operation to update Kerberos keys
+ and Samba password hashes for an LDAP user. The Kerberos support is
+ written for Heimdal using its hdb-ldap backend. The Samba support is
+ written using the Samba 3.0 LDAP schema.
+
+Package: ldap-utils
+Section: net
+Priority: optional
+Architecture: any
+Depends: ${shlibs:Depends}, libldap-2.4-2 (= ${binary:Version}), ${misc:Depends}
+Recommends: libsasl2-modules
+Suggests: libsasl2-modules-gssapi-mit | libsasl2-modules-gssapi-heimdal
+Conflicts: umich-ldap-utils, openldap-utils, ldap-client
+Replaces: openldap-utils, slapd (<< 2.2.23-0.pre6), openldapd
+Provides: ldap-client, openldap-utils
+Description: OpenLDAP utilities
+ This package provides utilities from the OpenLDAP (Lightweight
+ Directory Access Protocol) package. These utilities can access a
+ local or remote LDAP server and contain all the client programs
+ required to access LDAP servers.
+
+Package: libldap-2.4-2
+Section: libs
+Priority: standard
+Architecture: any
+Multi-Arch: same
+Conflicts: ldap-utils (<= 2.1.23-1)
+Pre-Depends: ${misc:Pre-Depends}
- Depends: ${shlibs:Depends}, ${misc:Depends}
+ +Depends: ${shlibs:Depends}, ${misc:Depends}, libldap-common (= ${source:Version})
+Replaces: libldap2, libldap-2.3-0
+Description: OpenLDAP libraries
+ These are the run-time libraries for the OpenLDAP (Lightweight Directory
+ Access Protocol) servers and clients.
+
+ +Package: libldap-common
+ +Section: libs
+ +Priority: standard
+ +Architecture: all
+ +Multi-Arch: foreign
+ +Depends: ${misc:Depends}
+ +Replaces: libldap-2.4-2 (<< 2.4.44+dfsg-1)
+ +Description: OpenLDAP common files for libraries
+ + These are common files for the run-time libraries for the OpenLDAP
+ + (Lightweight Directory Access Protocol) servers and clients.
+ +
+Package: libldap-2.4-2-dbg
+Section: debug
+Priority: extra
+Architecture: any
+Multi-Arch: same
+Depends: libldap-2.4-2 (= ${binary:Version}), ${misc:Depends}
+Description: Debugging information for OpenLDAP libraries
+ This package provides detached debugging information for the OpenLDAP
+ (Lightweight Directory Access Protocol) libraries. It is useful
+ primarily to permit better backtraces and crash dump analysis after
+ problems with the libraries. GDB will find this debug information
+ automatically.
+
+Package: libldap2-dev
+Section: libdevel
+Priority: extra
+Architecture: any
+Multi-Arch: same
+Conflicts: libldap-dev, libopenldap-dev
+Replaces: libopenldap-dev
+Provides: libldap-dev
+Depends: libldap-2.4-2 (= ${binary:Version}), ${misc:Depends}
+Description: OpenLDAP development libraries
+ This package allows development of LDAP applications using the OpenLDAP
+ libraries. It includes headers, libraries and links to allow static and
+ dynamic linking.
+
+Package: slapd-dbg
+Section: debug
+Priority: extra
+Architecture: any
+Build-Profiles: <!stage1>
+Depends: slapd (= ${binary:Version}), ${misc:Depends}
+Description: Debugging information for the OpenLDAP server (slapd)
+ This package provides detached debugging information for the OpenLDAP
+ (Lightweight Directory Access Protocol) server (slapd). It is useful
+ primarily to permit better backtraces and crash dump analysis after
+ problems with the libraries. GDB will find this debug information
+ automatically.
diff --cc debian/libldap-2.4-2.symbols
index 3fe2cb4,d42ccec,0000000..55421bc
mode 100644,100644,000000..100644
--- a/debian/libldap-2.4-2.symbols
+++ b/debian/libldap-2.4-2.symbols
@@@@ -1,646 -1,646 -1,0 +1,653 @@@@
+liblber-2.4.so.2 libldap-2.4-2 #MINVER#
+ OPENLDAP_2.4_2 at OPENLDAP_2.4_2 2.4.7
+ ber_alloc at OPENLDAP_2.4_2 2.4.7
+ ber_alloc_t at OPENLDAP_2.4_2 2.4.7
+ ber_bprint at OPENLDAP_2.4_2 2.4.7
+ ber_bvarray_add at OPENLDAP_2.4_2 2.4.7
+ ber_bvarray_add_x at OPENLDAP_2.4_2 2.4.7
+ ber_bvarray_dup_x at OPENLDAP_2.4_2 2.4.7
+ ber_bvarray_free at OPENLDAP_2.4_2 2.4.7
+ ber_bvarray_free_x at OPENLDAP_2.4_2 2.4.7
+ ber_bvdup at OPENLDAP_2.4_2 2.4.7
+ ber_bvecadd at OPENLDAP_2.4_2 2.4.7
+ ber_bvecadd_x at OPENLDAP_2.4_2 2.4.7
+ ber_bvecfree at OPENLDAP_2.4_2 2.4.7
+ ber_bvecfree_x at OPENLDAP_2.4_2 2.4.7
+ ber_bvfree at OPENLDAP_2.4_2 2.4.7
+ ber_bvfree_x at OPENLDAP_2.4_2 2.4.7
+ ber_bvreplace at OPENLDAP_2.4_2 2.4.7
+ ber_bvreplace_x at OPENLDAP_2.4_2 2.4.7
+ ber_decode_oid at OPENLDAP_2.4_2 2.4.7
+ ber_dump at OPENLDAP_2.4_2 2.4.7
+ ber_dup at OPENLDAP_2.4_2 2.4.7
+ ber_dupbv at OPENLDAP_2.4_2 2.4.7
+ ber_dupbv_x at OPENLDAP_2.4_2 2.4.7
+ ber_encode_oid at OPENLDAP_2.4_2 2.4.7
+ ber_errno_addr at OPENLDAP_2.4_2 2.4.7
+ ber_error_print at OPENLDAP_2.4_2 2.4.7
+ ber_first_element at OPENLDAP_2.4_2 2.4.7
+ ber_flatten2 at OPENLDAP_2.4_2 2.4.7
+ ber_flatten at OPENLDAP_2.4_2 2.4.7
+ ber_flush2 at OPENLDAP_2.4_2 2.4.7
+ ber_flush at OPENLDAP_2.4_2 2.4.7
+ ber_free at OPENLDAP_2.4_2 2.4.7
+ ber_free_buf at OPENLDAP_2.4_2 2.4.7
+ ber_get_bitstringa at OPENLDAP_2.4_2 2.4.7
+ ber_get_boolean at OPENLDAP_2.4_2 2.4.7
+ ber_get_enum at OPENLDAP_2.4_2 2.4.7
+ ber_get_int at OPENLDAP_2.4_2 2.4.7
+ ber_get_next at OPENLDAP_2.4_2 2.4.7
+ ber_get_null at OPENLDAP_2.4_2 2.4.7
+ ber_get_option at OPENLDAP_2.4_2 2.4.7
+ ber_get_stringa at OPENLDAP_2.4_2 2.4.7
+ ber_get_stringa_null at OPENLDAP_2.4_2 2.4.7
+ ber_get_stringal at OPENLDAP_2.4_2 2.4.7
+ ber_get_stringb at OPENLDAP_2.4_2 2.4.7
+ ber_get_stringbv at OPENLDAP_2.4_2 2.4.7
+ ber_get_stringbv_null at OPENLDAP_2.4_2 2.4.7
+ ber_get_tag at OPENLDAP_2.4_2 2.4.7
+ ber_init2 at OPENLDAP_2.4_2 2.4.7
+ ber_init at OPENLDAP_2.4_2 2.4.7
+ ber_init_w_nullc at OPENLDAP_2.4_2 2.4.7
+ ber_int_errno_fn at OPENLDAP_2.4_2 2.4.7
+ ber_int_log_proc at OPENLDAP_2.4_2 2.4.7
+ ber_int_memory_fns at OPENLDAP_2.4_2 2.4.7
+ ber_int_options at OPENLDAP_2.4_2 2.4.7
+ ber_int_sb_close at OPENLDAP_2.4_2 2.4.7
+ ber_int_sb_destroy at OPENLDAP_2.4_2 2.4.7
+ ber_int_sb_init at OPENLDAP_2.4_2 2.4.7
+ ber_int_sb_read at OPENLDAP_2.4_2 2.4.7
+ ber_int_sb_write at OPENLDAP_2.4_2 2.4.7
+ ber_len at OPENLDAP_2.4_2 2.4.7
+ ber_log_bprint at OPENLDAP_2.4_2 2.4.7
+ ber_log_dump at OPENLDAP_2.4_2 2.4.7
+ ber_log_sos_dump at OPENLDAP_2.4_2 2.4.7
+ ber_mem2bv at OPENLDAP_2.4_2 2.4.7
+ ber_mem2bv_x at OPENLDAP_2.4_2 2.4.7
+ ber_memalloc at OPENLDAP_2.4_2 2.4.7
+ ber_memalloc_x at OPENLDAP_2.4_2 2.4.7
+ ber_memcalloc at OPENLDAP_2.4_2 2.4.7
+ ber_memcalloc_x at OPENLDAP_2.4_2 2.4.7
+ ber_memfree at OPENLDAP_2.4_2 2.4.7
+ ber_memfree_x at OPENLDAP_2.4_2 2.4.7
+ ber_memrealloc at OPENLDAP_2.4_2 2.4.7
+ ber_memrealloc_x at OPENLDAP_2.4_2 2.4.7
+ ber_memvfree at OPENLDAP_2.4_2 2.4.7
+ ber_memvfree_x at OPENLDAP_2.4_2 2.4.7
+ ber_next_element at OPENLDAP_2.4_2 2.4.7
+ ber_peek_element at OPENLDAP_2.4_2 2.4.21
+ ber_peek_tag at OPENLDAP_2.4_2 2.4.7
+ ber_printf at OPENLDAP_2.4_2 2.4.7
+ ber_ptrlen at OPENLDAP_2.4_2 2.4.7
+ ber_put_berval at OPENLDAP_2.4_2 2.4.7
+ ber_put_bitstring at OPENLDAP_2.4_2 2.4.7
+ ber_put_boolean at OPENLDAP_2.4_2 2.4.7
+ ber_put_enum at OPENLDAP_2.4_2 2.4.7
+ ber_put_int at OPENLDAP_2.4_2 2.4.7
+ ber_put_null at OPENLDAP_2.4_2 2.4.7
+ ber_put_ostring at OPENLDAP_2.4_2 2.4.7
+ ber_put_seq at OPENLDAP_2.4_2 2.4.7
+ ber_put_set at OPENLDAP_2.4_2 2.4.7
+ ber_put_string at OPENLDAP_2.4_2 2.4.7
+ ber_pvt_err_file at OPENLDAP_2.4_2 2.4.7
+ ber_pvt_log_output at OPENLDAP_2.4_2 2.4.7
+ ber_pvt_log_print at OPENLDAP_2.4_2 2.4.7
+ ber_pvt_log_printf at OPENLDAP_2.4_2 2.4.7
+ ber_pvt_opt_on at OPENLDAP_2.4_2 2.4.7
+ ber_pvt_sb_buf_destroy at OPENLDAP_2.4_2 2.4.7
+ ber_pvt_sb_buf_init at OPENLDAP_2.4_2 2.4.7
+ ber_pvt_sb_copy_out at OPENLDAP_2.4_2 2.4.7
+ ber_pvt_sb_do_write at OPENLDAP_2.4_2 2.4.7
+ ber_pvt_sb_grow_buffer at OPENLDAP_2.4_2 2.4.7
+ ber_pvt_socket_set_nonblock at OPENLDAP_2.4_2 2.4.7
+ ber_read at OPENLDAP_2.4_2 2.4.7
+ ber_realloc at OPENLDAP_2.4_2 2.4.7
+ ber_remaining at OPENLDAP_2.4_2 2.4.7
+ ber_reset at OPENLDAP_2.4_2 2.4.7
+ ber_rewind at OPENLDAP_2.4_2 2.4.7
+ ber_scanf at OPENLDAP_2.4_2 2.4.7
+ ber_set_option at OPENLDAP_2.4_2 2.4.7
+ ber_skip_data at OPENLDAP_2.4_2 2.4.7
+ ber_skip_element at OPENLDAP_2.4_2 2.4.21
+ ber_skip_tag at OPENLDAP_2.4_2 2.4.7
+ ber_sockbuf_add_io at OPENLDAP_2.4_2 2.4.7
+ ber_sockbuf_alloc at OPENLDAP_2.4_2 2.4.7
+ ber_sockbuf_ctrl at OPENLDAP_2.4_2 2.4.7
+ ber_sockbuf_free at OPENLDAP_2.4_2 2.4.7
+ ber_sockbuf_io_debug at OPENLDAP_2.4_2 2.4.7
+ ber_sockbuf_io_fd at OPENLDAP_2.4_2 2.4.7
+ ber_sockbuf_io_readahead at OPENLDAP_2.4_2 2.4.7
+ ber_sockbuf_io_tcp at OPENLDAP_2.4_2 2.4.7
++ ber_sockbuf_io_udp at OPENLDAP_2.4_2 2.4.17-1ubuntu2
+ ber_sockbuf_remove_io at OPENLDAP_2.4_2 2.4.7
+ ber_sos_dump at OPENLDAP_2.4_2 2.4.7
+ ber_start at OPENLDAP_2.4_2 2.4.7
+ ber_start_seq at OPENLDAP_2.4_2 2.4.7
+ ber_start_set at OPENLDAP_2.4_2 2.4.7
+ ber_str2bv at OPENLDAP_2.4_2 2.4.7
+ ber_str2bv_x at OPENLDAP_2.4_2 2.4.7
+ ber_strdup at OPENLDAP_2.4_2 2.4.7
+ ber_strdup_x at OPENLDAP_2.4_2 2.4.7
+ ber_strndup at OPENLDAP_2.4_2 2.4.7
+ ber_strndup_x at OPENLDAP_2.4_2 2.4.7
+ ber_strnlen at OPENLDAP_2.4_2 2.4.17
+ ber_write at OPENLDAP_2.4_2 2.4.7
+ der_alloc at OPENLDAP_2.4_2 2.4.7
+ lutil_debug at OPENLDAP_2.4_2 2.4.7
+ lutil_debug_file at OPENLDAP_2.4_2 2.4.7
+libldap_r-2.4.so.2 libldap-2.4-2 #MINVER#
+ OPENLDAP_2.4_2 at OPENLDAP_2.4_2 2.4.7
+ ldap_X509dn2bv at OPENLDAP_2.4_2 2.4.7
+ ldap_abandon at OPENLDAP_2.4_2 2.4.7
+ ldap_abandon_ext at OPENLDAP_2.4_2 2.4.7
+ ldap_add at OPENLDAP_2.4_2 2.4.7
+ ldap_add_ext at OPENLDAP_2.4_2 2.4.7
+ ldap_add_ext_s at OPENLDAP_2.4_2 2.4.7
+ ldap_add_result_entry at OPENLDAP_2.4_2 2.4.7
+ ldap_add_s at OPENLDAP_2.4_2 2.4.7
+ ldap_alloc_ber_with_options at OPENLDAP_2.4_2 2.4.7
+ ldap_append_referral at OPENLDAP_2.4_2 2.4.7
+ ldap_attributetype2bv at OPENLDAP_2.4_2 2.4.7
+ ldap_attributetype2name at OPENLDAP_2.4_2 2.4.7
+ ldap_attributetype2str at OPENLDAP_2.4_2 2.4.7
+ ldap_attributetype_free at OPENLDAP_2.4_2 2.4.7
+ ldap_bind at OPENLDAP_2.4_2 2.4.7
+ ldap_bind_s at OPENLDAP_2.4_2 2.4.7
+ + ldap_build_add_req at OPENLDAP_2.4_2 2.4.43
+ + ldap_build_bind_req at OPENLDAP_2.4_2 2.4.43
+ + ldap_build_compare_req at OPENLDAP_2.4_2 2.4.43
+ + ldap_build_delete_req at OPENLDAP_2.4_2 2.4.43
+ + ldap_build_extended_req at OPENLDAP_2.4_2 2.4.43
+ + ldap_build_moddn_req at OPENLDAP_2.4_2 2.4.43
+ + ldap_build_modify_req at OPENLDAP_2.4_2 2.4.43
+ ldap_build_search_req at OPENLDAP_2.4_2 2.4.7
+ ldap_bv2dn at OPENLDAP_2.4_2 2.4.7
+ ldap_bv2dn_x at OPENLDAP_2.4_2 2.4.7
+ ldap_bv2escaped_filter_value at OPENLDAP_2.4_2 2.4.7
+ ldap_bv2escaped_filter_value_len at OPENLDAP_2.4_2 2.4.7
+ ldap_bv2escaped_filter_value_x at OPENLDAP_2.4_2 2.4.7
+ ldap_bv2rdn at OPENLDAP_2.4_2 2.4.7
+ ldap_bv2rdn_x at OPENLDAP_2.4_2 2.4.7
+ ldap_cancel at OPENLDAP_2.4_2 2.4.7
+ ldap_cancel_s at OPENLDAP_2.4_2 2.4.7
+ ldap_charray2str at OPENLDAP_2.4_2 2.4.7
+ ldap_charray_add at OPENLDAP_2.4_2 2.4.7
+ ldap_charray_dup at OPENLDAP_2.4_2 2.4.7
+ ldap_charray_free at OPENLDAP_2.4_2 2.4.7
+ ldap_charray_inlist at OPENLDAP_2.4_2 2.4.7
+ ldap_charray_merge at OPENLDAP_2.4_2 2.4.7
+ ldap_chase_referrals at OPENLDAP_2.4_2 2.4.7
+ ldap_chase_v3referrals at OPENLDAP_2.4_2 2.4.7
+ ldap_clear_select_write at OPENLDAP_2.4_2 2.4.31
+ ldap_compare at OPENLDAP_2.4_2 2.4.7
+ ldap_compare_ext at OPENLDAP_2.4_2 2.4.7
+ ldap_compare_ext_s at OPENLDAP_2.4_2 2.4.7
+ ldap_compare_s at OPENLDAP_2.4_2 2.4.7
+ ldap_connect_to_host at OPENLDAP_2.4_2 2.4.7
+ ldap_connect_to_path at OPENLDAP_2.4_2 2.4.7
+ ldap_contentrule2bv at OPENLDAP_2.4_2 2.4.7
+ ldap_contentrule2name at OPENLDAP_2.4_2 2.4.7
+ ldap_contentrule2str at OPENLDAP_2.4_2 2.4.7
+ ldap_contentrule_free at OPENLDAP_2.4_2 2.4.7
+ ldap_control_create at OPENLDAP_2.4_2 2.4.7
+ ldap_control_dup at OPENLDAP_2.4_2 2.4.7
+ ldap_control_find at OPENLDAP_2.4_2 2.4.7
+ ldap_control_free at OPENLDAP_2.4_2 2.4.7
+ ldap_controls_dup at OPENLDAP_2.4_2 2.4.7
+ ldap_controls_free at OPENLDAP_2.4_2 2.4.7
+ ldap_count_entries at OPENLDAP_2.4_2 2.4.7
+ ldap_count_messages at OPENLDAP_2.4_2 2.4.7
+ ldap_count_references at OPENLDAP_2.4_2 2.4.7
+ ldap_count_values at OPENLDAP_2.4_2 2.4.7
+ ldap_count_values_len at OPENLDAP_2.4_2 2.4.7
+ ldap_create at OPENLDAP_2.4_2 2.4.7
+ ldap_create_assertion_control at OPENLDAP_2.4_2 2.4.11
+ ldap_create_assertion_control_value at OPENLDAP_2.4_2 2.4.11
+ ldap_create_control at OPENLDAP_2.4_2 2.4.7
+ ldap_create_deref_control at OPENLDAP_2.4_2 2.4.15
+ ldap_create_deref_control_value at OPENLDAP_2.4_2 2.4.15
+ ldap_create_page_control at OPENLDAP_2.4_2 2.4.7
+ ldap_create_page_control_value at OPENLDAP_2.4_2 2.4.7
+ ldap_create_passwordpolicy_control at OPENLDAP_2.4_2 2.4.7
+ ldap_create_session_tracking_control at OPENLDAP_2.4_2 2.4.28
+ ldap_create_session_tracking_value at OPENLDAP_2.4_2 2.4.28
+ ldap_create_sort_control at OPENLDAP_2.4_2 2.4.7
+ ldap_create_sort_control_value at OPENLDAP_2.4_2 2.4.7
+ ldap_create_sort_keylist at OPENLDAP_2.4_2 2.4.7
+ ldap_create_vlv_control at OPENLDAP_2.4_2 2.4.7
+ ldap_create_vlv_control_value at OPENLDAP_2.4_2 2.4.7
+ ldap_dcedn2dn at OPENLDAP_2.4_2 2.4.7
+ ldap_delete at OPENLDAP_2.4_2 2.4.7
+ ldap_delete_ext at OPENLDAP_2.4_2 2.4.7
+ ldap_delete_ext_s at OPENLDAP_2.4_2 2.4.7
+ ldap_delete_result_entry at OPENLDAP_2.4_2 2.4.7
+ ldap_delete_s at OPENLDAP_2.4_2 2.4.7
+ ldap_derefresponse_free at OPENLDAP_2.4_2 2.4.15
+ ldap_destroy at OPENLDAP_2.4_2 2.4.25
+ ldap_dn2ad_canonical at OPENLDAP_2.4_2 2.4.7
+ ldap_dn2bv at OPENLDAP_2.4_2 2.4.7
+ ldap_dn2bv_x at OPENLDAP_2.4_2 2.4.7
+ ldap_dn2dcedn at OPENLDAP_2.4_2 2.4.7
+ ldap_dn2domain at OPENLDAP_2.4_2 2.4.7
+ ldap_dn2str at OPENLDAP_2.4_2 2.4.7
+ ldap_dn2ufn at OPENLDAP_2.4_2 2.4.7
+ ldap_dn_normalize at OPENLDAP_2.4_2 2.4.7
+ ldap_dnfree at OPENLDAP_2.4_2 2.4.7
+ ldap_dnfree_x at OPENLDAP_2.4_2 2.4.7
+ ldap_domain2dn at OPENLDAP_2.4_2 2.4.7
+ ldap_domain2hostlist at OPENLDAP_2.4_2 2.4.7
+ ldap_dump_connection at OPENLDAP_2.4_2 2.4.7
+ ldap_dump_requests_and_responses at OPENLDAP_2.4_2 2.4.7
+ ldap_dup at OPENLDAP_2.4_2 2.4.25
+ ldap_err2string at OPENLDAP_2.4_2 2.4.7
+ ldap_explode_dn at OPENLDAP_2.4_2 2.4.7
+ ldap_explode_rdn at OPENLDAP_2.4_2 2.4.7
+ ldap_extended_operation at OPENLDAP_2.4_2 2.4.7
+ ldap_extended_operation_s at OPENLDAP_2.4_2 2.4.7
+ ldap_find_control at OPENLDAP_2.4_2 2.4.7
+ ldap_find_request_by_msgid at OPENLDAP_2.4_2 2.4.7
+ ldap_first_attribute at OPENLDAP_2.4_2 2.4.7
+ ldap_first_entry at OPENLDAP_2.4_2 2.4.7
+ ldap_first_message at OPENLDAP_2.4_2 2.4.7
+ ldap_first_reference at OPENLDAP_2.4_2 2.4.7
+ ldap_free_connection at OPENLDAP_2.4_2 2.4.7
+ ldap_free_request at OPENLDAP_2.4_2 2.4.7
+ ldap_free_select_info at OPENLDAP_2.4_2 2.4.7
+ ldap_free_sort_keylist at OPENLDAP_2.4_2 2.4.7
+ ldap_free_urldesc at OPENLDAP_2.4_2 2.4.7
+ ldap_free_urllist at OPENLDAP_2.4_2 2.4.7
+ ldap_get_attribute_ber at OPENLDAP_2.4_2 2.4.7
+ ldap_get_dn at OPENLDAP_2.4_2 2.4.7
+ ldap_get_dn_ber at OPENLDAP_2.4_2 2.4.7
+ ldap_get_entry_controls at OPENLDAP_2.4_2 2.4.7
+ ldap_get_message_ber at OPENLDAP_2.4_2 2.4.7
+ ldap_get_option at OPENLDAP_2.4_2 2.4.7
+ ldap_get_values at OPENLDAP_2.4_2 2.4.7
+ ldap_get_values_len at OPENLDAP_2.4_2 2.4.7
+ ldap_gssapi_bind at OPENLDAP_2.4_2 2.4.15
+ ldap_gssapi_bind_s at OPENLDAP_2.4_2 2.4.15
+ ldap_host_connected_to at OPENLDAP_2.4_2 2.4.7
+ ldap_init at OPENLDAP_2.4_2 2.4.7
+ ldap_init_fd at OPENLDAP_2.4_2 2.4.7
+ ldap_initialize at OPENLDAP_2.4_2 2.4.7
+ ldap_install_tls at OPENLDAP_2.4_2 2.4.7
+ ldap_int_bisect_delete at OPENLDAP_2.4_2 2.4.7
+ ldap_int_bisect_find at OPENLDAP_2.4_2 2.4.7
+ ldap_int_bisect_insert at OPENLDAP_2.4_2 2.4.7
+ ldap_int_check_async_open at OPENLDAP_2.4_2 2.4.28
+ ldap_int_client_controls at OPENLDAP_2.4_2 2.4.7
+ ldap_int_connect_cbs at OPENLDAP_2.4_2 2.4.15
+ ldap_int_error_init at OPENLDAP_2.4_2 2.4.7
+ ldap_int_flush_request at OPENLDAP_2.4_2 2.4.7
+ ldap_int_global_options at OPENLDAP_2.4_2 2.4.7
+ ldap_int_gmtime_mutex at OPENLDAP_2.4_2 2.4.23
++ ldap_int_gssapi_close at OPENLDAP_2.4_2 2.4.18-0ubuntu2
++ ldap_int_gssapi_config at OPENLDAP_2.4_2 2.4.18-0ubuntu2
++ ldap_int_gssapi_get_option at OPENLDAP_2.4_2 2.4.18-0ubuntu2
++ ldap_int_gssapi_mutex at OPENLDAP_2.4_2 2.4.18-0ubuntu2
++ ldap_int_gssapi_set_option at OPENLDAP_2.4_2 2.4.18-0ubuntu2
+ ldap_int_hostname at OPENLDAP_2.4_2 2.4.7
+ ldap_int_hostname_mutex at OPENLDAP_2.4_2 2.4.39
+ ldap_int_inet4or6 at OPENLDAP_2.4_2 2.4.7
+ ldap_int_initialize at OPENLDAP_2.4_2 2.4.7
+ ldap_int_initialize_global_options at OPENLDAP_2.4_2 2.4.7
+ ldap_int_msgtype2str at OPENLDAP_2.4_2 2.4.7
+ ldap_int_open_connection at OPENLDAP_2.4_2 2.4.7
+ ldap_int_parse_numericoid at OPENLDAP_2.4_2 2.4.7
+ ldap_int_parse_ruleid at OPENLDAP_2.4_2 2.4.7
+ ldap_int_poll at OPENLDAP_2.4_2 2.4.7
+ ldap_int_put_controls at OPENLDAP_2.4_2 2.4.7
+ ldap_int_resolv_mutex at OPENLDAP_2.4_2 2.4.7
+ ldap_int_sasl_bind at OPENLDAP_2.4_2 2.4.7
+ ldap_int_sasl_close at OPENLDAP_2.4_2 2.4.7
+ ldap_int_sasl_config at OPENLDAP_2.4_2 2.4.7
+ ldap_int_sasl_external at OPENLDAP_2.4_2 2.4.7
+ ldap_int_sasl_get_option at OPENLDAP_2.4_2 2.4.7
+ ldap_int_sasl_init at OPENLDAP_2.4_2 2.4.7
+ ldap_int_sasl_open at OPENLDAP_2.4_2 2.4.7
+ ldap_int_sasl_set_option at OPENLDAP_2.4_2 2.4.7
+ ldap_int_select at OPENLDAP_2.4_2 2.4.7
+ ldap_int_thread_destroy at OPENLDAP_2.4_2 2.4.7
+ ldap_int_thread_initialize at OPENLDAP_2.4_2 2.4.7
+ ldap_int_thread_pool_shutdown at OPENLDAP_2.4_2 2.4.7
+ ldap_int_thread_pool_startup at OPENLDAP_2.4_2 2.4.7
+ ldap_int_timeval_dup at OPENLDAP_2.4_2 2.4.7
+ ldap_int_tls_config at OPENLDAP_2.4_2 2.4.7
+ ldap_int_tls_destroy at OPENLDAP_2.4_2 2.4.7
+ ldap_int_tls_impl at OPENLDAP_2.4_2 2.4.15
+ ldap_int_tls_start at OPENLDAP_2.4_2 2.4.7
+ ldap_int_utils_init at OPENLDAP_2.4_2 2.4.7
+ ldap_is_ldap_url at OPENLDAP_2.4_2 2.4.7
++ ldap_is_ldapc_url at OPENLDAP_2.4_2 2.4.17-1ubuntu2
+ ldap_is_ldapi_url at OPENLDAP_2.4_2 2.4.7
+ ldap_is_ldaps_url at OPENLDAP_2.4_2 2.4.7
+ ldap_is_read_ready at OPENLDAP_2.4_2 2.4.7
+ ldap_is_write_ready at OPENLDAP_2.4_2 2.4.7
+ ldap_ld_free at OPENLDAP_2.4_2 2.4.7
+ ldap_log_printf at OPENLDAP_2.4_2 2.4.7
+ ldap_mark_select_clear at OPENLDAP_2.4_2 2.4.7
+ ldap_mark_select_read at OPENLDAP_2.4_2 2.4.7
+ ldap_mark_select_write at OPENLDAP_2.4_2 2.4.7
+ ldap_matchingrule2bv at OPENLDAP_2.4_2 2.4.7
+ ldap_matchingrule2name at OPENLDAP_2.4_2 2.4.7
+ ldap_matchingrule2str at OPENLDAP_2.4_2 2.4.7
+ ldap_matchingrule_free at OPENLDAP_2.4_2 2.4.7
+ ldap_matchingruleuse2bv at OPENLDAP_2.4_2 2.4.7
+ ldap_matchingruleuse2name at OPENLDAP_2.4_2 2.4.7
+ ldap_matchingruleuse2str at OPENLDAP_2.4_2 2.4.7
+ ldap_matchingruleuse_free at OPENLDAP_2.4_2 2.4.7
+ ldap_memalloc at OPENLDAP_2.4_2 2.4.7
+ ldap_memcalloc at OPENLDAP_2.4_2 2.4.7
+ ldap_memfree at OPENLDAP_2.4_2 2.4.7
+ ldap_memrealloc at OPENLDAP_2.4_2 2.4.7
+ ldap_memvfree at OPENLDAP_2.4_2 2.4.7
+ ldap_modify at OPENLDAP_2.4_2 2.4.7
+ ldap_modify_ext at OPENLDAP_2.4_2 2.4.7
+ ldap_modify_ext_s at OPENLDAP_2.4_2 2.4.7
+ ldap_modify_s at OPENLDAP_2.4_2 2.4.7
+ ldap_modrdn2 at OPENLDAP_2.4_2 2.4.7
+ ldap_modrdn2_s at OPENLDAP_2.4_2 2.4.7
+ ldap_modrdn at OPENLDAP_2.4_2 2.4.7
+ ldap_modrdn_s at OPENLDAP_2.4_2 2.4.7
+ ldap_mods_free at OPENLDAP_2.4_2 2.4.7
+ ldap_msgdelete at OPENLDAP_2.4_2 2.4.7
+ ldap_msgfree at OPENLDAP_2.4_2 2.4.7
+ ldap_msgid at OPENLDAP_2.4_2 2.4.7
+ ldap_msgtype at OPENLDAP_2.4_2 2.4.7
+ ldap_nameform2bv at OPENLDAP_2.4_2 2.4.7
+ ldap_nameform2name at OPENLDAP_2.4_2 2.4.7
+ ldap_nameform2str at OPENLDAP_2.4_2 2.4.7
+ ldap_nameform_free at OPENLDAP_2.4_2 2.4.7
+ ldap_new_connection at OPENLDAP_2.4_2 2.4.7
+ ldap_new_select_info at OPENLDAP_2.4_2 2.4.7
+ ldap_next_attribute at OPENLDAP_2.4_2 2.4.7
+ ldap_next_entry at OPENLDAP_2.4_2 2.4.7
+ ldap_next_message at OPENLDAP_2.4_2 2.4.7
+ ldap_next_reference at OPENLDAP_2.4_2 2.4.7
+ ldap_ntlm_bind at OPENLDAP_2.4_2 2.4.7
+ ldap_objectclass2bv at OPENLDAP_2.4_2 2.4.7
+ ldap_objectclass2name at OPENLDAP_2.4_2 2.4.7
+ ldap_objectclass2str at OPENLDAP_2.4_2 2.4.7
+ ldap_objectclass_free at OPENLDAP_2.4_2 2.4.7
+ ldap_open at OPENLDAP_2.4_2 2.4.7
+ ldap_open_defconn at OPENLDAP_2.4_2 2.4.7
+ ldap_open_internal_connection at OPENLDAP_2.4_2 2.4.7
+ ldap_parse_deref_control at OPENLDAP_2.4_2 2.4.15
+ ldap_parse_derefresponse_control at OPENLDAP_2.4_2 2.4.15
+ ldap_parse_extended_result at OPENLDAP_2.4_2 2.4.7
+ ldap_parse_intermediate at OPENLDAP_2.4_2 2.4.7
+ ldap_parse_ntlm_bind_result at OPENLDAP_2.4_2 2.4.7
+ ldap_parse_page_control at OPENLDAP_2.4_2 2.4.7
+ ldap_parse_pageresponse_control at OPENLDAP_2.4_2 2.4.7
+ ldap_parse_passwd at OPENLDAP_2.4_2 2.4.7
+ ldap_parse_passwordpolicy_control at OPENLDAP_2.4_2 2.4.7
+ ldap_parse_reference at OPENLDAP_2.4_2 2.4.7
+ ldap_parse_refresh at OPENLDAP_2.4_2 2.4.7
+ ldap_parse_result at OPENLDAP_2.4_2 2.4.7
+ ldap_parse_sasl_bind_result at OPENLDAP_2.4_2 2.4.7
+ ldap_parse_session_tracking_control at OPENLDAP_2.4_2 2.4.28
+ ldap_parse_sortresponse_control at OPENLDAP_2.4_2 2.4.7
+ ldap_parse_vlvresponse_control at OPENLDAP_2.4_2 2.4.7
+ ldap_parse_whoami at OPENLDAP_2.4_2 2.4.7
+ ldap_passwd at OPENLDAP_2.4_2 2.4.7
+ ldap_passwd_s at OPENLDAP_2.4_2 2.4.7
+ ldap_passwordpolicy_err2txt at OPENLDAP_2.4_2 2.4.7
+ ldap_perror at OPENLDAP_2.4_2 2.4.7
+ ldap_put_vrFilter at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_bv2scope at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_csnstr at OPENLDAP_2.4_2 2.4.23
+ ldap_pvt_ctime at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_discard at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_filter_value_unescape at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_find_wildcard at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_get_controls at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_get_fqdn at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_get_hname at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_gethostbyaddr_a at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_gethostbyname_a at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_gettime at OPENLDAP_2.4_2 2.4.23
+ ldap_pvt_hex_unescape at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_put_control at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_put_filter at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_runqueue_find at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_runqueue_insert at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_runqueue_isrunning at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_runqueue_next_sched at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_runqueue_persistent_backload at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_runqueue_remove at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_runqueue_resched at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_runqueue_runtask at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_runqueue_stoptask at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_sasl_generic_install at OPENLDAP_2.4_2 2.4.15
+ ldap_pvt_sasl_generic_remove at OPENLDAP_2.4_2 2.4.15
+ ldap_pvt_sasl_getmechs at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_sasl_install at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_sasl_mutex_dispose at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_sasl_mutex_lock at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_sasl_mutex_new at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_sasl_mutex_unlock at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_sasl_remove at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_sasl_secprops at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_sasl_secprops_unparse at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_scope2bv at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_scope2str at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_search at OPENLDAP_2.4_2 2.4.15
+ ldap_pvt_search_s at OPENLDAP_2.4_2 2.4.15
+ ldap_pvt_sockbuf_io_sasl_generic at OPENLDAP_2.4_2 2.4.15
+ ldap_pvt_str2lower at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_str2lowerbv at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_str2scope at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_str2upper at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_str2upperbv at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_strtok at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_cond_broadcast at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_cond_destroy at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_cond_init at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_cond_signal at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_cond_wait at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_create at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_destroy at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_exit at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_get_concurrency at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_initialize at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_join at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_key_create at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_key_destroy at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_key_getdata at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_key_setdata at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_kill at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_mutex_destroy at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_mutex_init at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_mutex_lock at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_mutex_trylock at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_mutex_unlock at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_pool_backload at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_pool_context at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_pool_context_reset at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_pool_destroy at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_pool_getkey at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_pool_idle at OPENLDAP_2.4_2 2.4.31
+ ldap_pvt_thread_pool_init at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_pool_maxthreads at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_pool_pause at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_pool_pausecheck at OPENLDAP_2.4_2 2.4.9
+ ldap_pvt_thread_pool_pausing at OPENLDAP_2.4_2 2.4.9
+ ldap_pvt_thread_pool_purgekey at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_pool_query at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_pool_resume at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_pool_retract at OPENLDAP_2.4_2 2.4.17
+ ldap_pvt_thread_pool_setkey at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_pool_submit at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_pool_tid at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_pool_unidle at OPENLDAP_2.4_2 2.4.31
+ ldap_pvt_thread_rdwr_destroy at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_rdwr_init at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_rdwr_rlock at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_rdwr_rtrylock at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_rdwr_runlock at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_rdwr_wlock at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_rdwr_wtrylock at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_rdwr_wunlock at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_rmutex_destroy at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_rmutex_init at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_rmutex_lock at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_rmutex_trylock at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_rmutex_unlock at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_self at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_set_concurrency at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_sleep at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_yield at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_tls_accept at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_tls_check_hostname at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_tls_ctx_free at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_tls_destroy at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_tls_get_my_dn at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_tls_get_option at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_tls_get_peer_dn at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_tls_get_strength at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_tls_init at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_tls_init_def_ctx at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_tls_inplace at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_tls_sb_ctx at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_tls_set_option at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_url_scheme2proto at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_url_scheme2tls at OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_url_scheme_port at OPENLDAP_2.4_2 2.4.7
+ ldap_rdn2bv at OPENLDAP_2.4_2 2.4.7
+ ldap_rdn2bv_x at OPENLDAP_2.4_2 2.4.7
+ ldap_rdn2str at OPENLDAP_2.4_2 2.4.7
+ ldap_rdnfree at OPENLDAP_2.4_2 2.4.7
+ ldap_rdnfree_x at OPENLDAP_2.4_2 2.4.7
+ ldap_refresh at OPENLDAP_2.4_2 2.4.7
+ ldap_refresh_s at OPENLDAP_2.4_2 2.4.7
+ ldap_rename2 at OPENLDAP_2.4_2 2.4.7
+ ldap_rename2_s at OPENLDAP_2.4_2 2.4.7
+ ldap_rename at OPENLDAP_2.4_2 2.4.7
+ ldap_rename_s at OPENLDAP_2.4_2 2.4.7
+ ldap_result2error at OPENLDAP_2.4_2 2.4.7
+ ldap_result at OPENLDAP_2.4_2 2.4.7
+ ldap_return_request at OPENLDAP_2.4_2 2.4.7
+ ldap_sasl_bind at OPENLDAP_2.4_2 2.4.7
+ ldap_sasl_bind_s at OPENLDAP_2.4_2 2.4.7
+ ldap_sasl_interactive_bind at OPENLDAP_2.4_2 2.4.25
+ ldap_sasl_interactive_bind_s at OPENLDAP_2.4_2 2.4.7
+ ldap_scherr2str at OPENLDAP_2.4_2 2.4.7
+ ldap_search at OPENLDAP_2.4_2 2.4.7
+ ldap_search_ext at OPENLDAP_2.4_2 2.4.7
+ ldap_search_ext_s at OPENLDAP_2.4_2 2.4.7
+ ldap_search_s at OPENLDAP_2.4_2 2.4.7
+ ldap_search_st at OPENLDAP_2.4_2 2.4.7
+ ldap_send_initial_request at OPENLDAP_2.4_2 2.4.7
+ ldap_send_server_request at OPENLDAP_2.4_2 2.4.7
+ ldap_send_unbind at OPENLDAP_2.4_2 2.4.7
+ ldap_set_ber_options at OPENLDAP_2.4_2 2.4.7
+ ldap_set_nextref_proc at OPENLDAP_2.4_2 2.4.7
+ ldap_set_option at OPENLDAP_2.4_2 2.4.7
+ ldap_set_rebind_proc at OPENLDAP_2.4_2 2.4.7
+ ldap_set_urllist_proc at OPENLDAP_2.4_2 2.4.7
+ ldap_simple_bind at OPENLDAP_2.4_2 2.4.7
+ ldap_simple_bind_s at OPENLDAP_2.4_2 2.4.7
+ ldap_sort_entries at OPENLDAP_2.4_2 2.4.7
+ ldap_sort_strcasecmp at OPENLDAP_2.4_2 2.4.7
+ ldap_sort_values at OPENLDAP_2.4_2 2.4.7
+ ldap_start_tls at OPENLDAP_2.4_2 2.4.7
+ ldap_start_tls_s at OPENLDAP_2.4_2 2.4.7
+ ldap_str2attributetype at OPENLDAP_2.4_2 2.4.7
+ ldap_str2charray at OPENLDAP_2.4_2 2.4.7
+ ldap_str2contentrule at OPENLDAP_2.4_2 2.4.7
+ ldap_str2dn at OPENLDAP_2.4_2 2.4.7
+ ldap_str2matchingrule at OPENLDAP_2.4_2 2.4.7
+ ldap_str2matchingruleuse at OPENLDAP_2.4_2 2.4.7
+ ldap_str2nameform at OPENLDAP_2.4_2 2.4.7
+ ldap_str2objectclass at OPENLDAP_2.4_2 2.4.7
+ ldap_str2rdn at OPENLDAP_2.4_2 2.4.7
+ ldap_str2structurerule at OPENLDAP_2.4_2 2.4.7
+ ldap_str2syntax at OPENLDAP_2.4_2 2.4.7
+ ldap_strdup at OPENLDAP_2.4_2 2.4.7
+ ldap_structurerule2bv at OPENLDAP_2.4_2 2.4.7
+ ldap_structurerule2name at OPENLDAP_2.4_2 2.4.7
+ ldap_structurerule2str at OPENLDAP_2.4_2 2.4.7
+ ldap_structurerule_free at OPENLDAP_2.4_2 2.4.7
+ ldap_sync_destroy at OPENLDAP_2.4_2 2.4.7
+ ldap_sync_init at OPENLDAP_2.4_2 2.4.7
+ ldap_sync_init_refresh_and_persist at OPENLDAP_2.4_2 2.4.7
+ ldap_sync_init_refresh_only at OPENLDAP_2.4_2 2.4.7
+ ldap_sync_initialize at OPENLDAP_2.4_2 2.4.7
+ ldap_sync_poll at OPENLDAP_2.4_2 2.4.7
+ ldap_syntax2bv at OPENLDAP_2.4_2 2.4.7
+ ldap_syntax2name at OPENLDAP_2.4_2 2.4.7
+ ldap_syntax2str at OPENLDAP_2.4_2 2.4.7
+ ldap_syntax_free at OPENLDAP_2.4_2 2.4.7
+ ldap_tls_inplace at OPENLDAP_2.4_2 2.4.7
+ ldap_turn at OPENLDAP_2.4_2 2.4.7
+ ldap_turn_s at OPENLDAP_2.4_2 2.4.7
+ ldap_ucs_to_utf8s at OPENLDAP_2.4_2 2.4.7
+ ldap_unbind at OPENLDAP_2.4_2 2.4.7
+ ldap_unbind_ext at OPENLDAP_2.4_2 2.4.7
+ ldap_unbind_ext_s at OPENLDAP_2.4_2 2.4.7
+ ldap_unbind_s at OPENLDAP_2.4_2 2.4.7
+ ldap_url_desc2str at OPENLDAP_2.4_2 2.4.7
+ ldap_url_dup at OPENLDAP_2.4_2 2.4.7
+ ldap_url_duplist at OPENLDAP_2.4_2 2.4.7
+ ldap_url_list2hosts at OPENLDAP_2.4_2 2.4.7
+ ldap_url_list2urls at OPENLDAP_2.4_2 2.4.7
+ ldap_url_parse at OPENLDAP_2.4_2 2.4.7
+ ldap_url_parse_ext at OPENLDAP_2.4_2 2.4.7
+ ldap_url_parsehosts at OPENLDAP_2.4_2 2.4.7
+ ldap_url_parselist at OPENLDAP_2.4_2 2.4.7
+ ldap_url_parselist_ext at OPENLDAP_2.4_2 2.4.7
+ ldap_utf8_bytes at OPENLDAP_2.4_2 2.4.7
+ ldap_utf8_charlen2 at OPENLDAP_2.4_2 2.4.7
+ ldap_utf8_charlen at OPENLDAP_2.4_2 2.4.7
+ ldap_utf8_chars at OPENLDAP_2.4_2 2.4.7
+ ldap_utf8_copy at OPENLDAP_2.4_2 2.4.7
+ ldap_utf8_isalnum at OPENLDAP_2.4_2 2.4.7
+ ldap_utf8_isalpha at OPENLDAP_2.4_2 2.4.7
+ ldap_utf8_isascii at OPENLDAP_2.4_2 2.4.7
+ ldap_utf8_isdigit at OPENLDAP_2.4_2 2.4.7
+ ldap_utf8_islower at OPENLDAP_2.4_2 2.4.7
+ ldap_utf8_isspace at OPENLDAP_2.4_2 2.4.7
+ ldap_utf8_isupper at OPENLDAP_2.4_2 2.4.7
+ ldap_utf8_isxdigit at OPENLDAP_2.4_2 2.4.7
+ ldap_utf8_lentab at OPENLDAP_2.4_2 2.4.7
+ ldap_utf8_mintab at OPENLDAP_2.4_2 2.4.7
+ ldap_utf8_next at OPENLDAP_2.4_2 2.4.7
+ ldap_utf8_offset at OPENLDAP_2.4_2 2.4.7
+ ldap_utf8_prev at OPENLDAP_2.4_2 2.4.7
+ ldap_utf8_strchr at OPENLDAP_2.4_2 2.4.7
+ ldap_utf8_strcspn at OPENLDAP_2.4_2 2.4.7
+ ldap_utf8_strpbrk at OPENLDAP_2.4_2 2.4.7
+ ldap_utf8_strspn at OPENLDAP_2.4_2 2.4.7
+ ldap_utf8_strtok at OPENLDAP_2.4_2 2.4.7
+ ldap_value_dup at OPENLDAP_2.4_2 2.4.7
+ ldap_value_free at OPENLDAP_2.4_2 2.4.7
+ ldap_value_free_len at OPENLDAP_2.4_2 2.4.7
+ ldap_whoami at OPENLDAP_2.4_2 2.4.7
+ ldap_whoami_s at OPENLDAP_2.4_2 2.4.7
+ ldap_x_mb_to_utf8 at OPENLDAP_2.4_2 2.4.7
+ ldap_x_mbs_to_utf8s at OPENLDAP_2.4_2 2.4.7
+ ldap_x_ucs4_to_utf8 at OPENLDAP_2.4_2 2.4.7
+ ldap_x_utf8_to_mb at OPENLDAP_2.4_2 2.4.7
+ ldap_x_utf8_to_ucs4 at OPENLDAP_2.4_2 2.4.7
+ ldap_x_utf8_to_wc at OPENLDAP_2.4_2 2.4.7
+ ldap_x_utf8s_to_mbs at OPENLDAP_2.4_2 2.4.7
+ ldap_x_utf8s_to_wcs at OPENLDAP_2.4_2 2.4.7
+ ldap_x_wc_to_utf8 at OPENLDAP_2.4_2 2.4.7
+ ldap_x_wcs_to_utf8s at OPENLDAP_2.4_2 2.4.7
+ ldif_close at OPENLDAP_2.4_2 2.4.25
+ ldif_countlines at OPENLDAP_2.4_2 2.4.25
+ ldif_debug at OPENLDAP_2.4_2 2.4.25
+ ldif_fetch_url at OPENLDAP_2.4_2 2.4.25
+ ldif_getline at OPENLDAP_2.4_2 2.4.25
+ ldif_is_not_printable at OPENLDAP_2.4_2 2.4.25
+ ldif_must_b64_encode_register at OPENLDAP_2.4_2 2.4.25
+ ldif_must_b64_encode_release at OPENLDAP_2.4_2 2.4.25
+ ldif_open at OPENLDAP_2.4_2 2.4.25
+ ldif_open_url at OPENLDAP_2.4_2 2.4.25
+ ldif_parse_line2 at OPENLDAP_2.4_2 2.4.25
+ ldif_parse_line at OPENLDAP_2.4_2 2.4.25
+ ldif_put at OPENLDAP_2.4_2 2.4.25
+ ldif_put_wrap at OPENLDAP_2.4_2 2.4.25
+ ldif_read_record at OPENLDAP_2.4_2 2.4.39
+ ldif_sput at OPENLDAP_2.4_2 2.4.25
+ ldif_sput_wrap at OPENLDAP_2.4_2 2.4.25
diff --cc debian/patches/fix-ldap-distribution.patch
index 471b948,0000000,0000000..17be364
mode 100644,000000,000000..100644
--- a/debian/patches/fix-ldap-distribution.patch
+++ b/debian/patches/fix-ldap-distribution.patch
@@@@ -1,24 -1,0 -1,0 +1,24 @@@@
- --- a/build/mkversion 2013-06-27 10:25:47.851083000 +0000
- +++ b/build/mkversion 2013-07-08 14:16:15.772912999 +0000
+++--- a/build/mkversion
++++++ b/build/mkversion
++@@ -52,6 +52,12 @@
++ APPLICATION=$1
- WHOWHERE="$USER@`uname -n`:`pwd`"
+++ WHOWHERE="Debian OpenLDAP Maintainers <pkg-openldap-devel at lists.alioth.debian.org>"
++
+++if test -x /usr/bin/lsb_release; then
+++ OPENLDAP_DISTRIBUTION=" ($(lsb_release -si))"
+++else
+++ OPENLDAP_DISTRIBUTION=""
+++fi
+++
++ cat << __EOF__
++ /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
++ *
++@@ -72,7 +78,7 @@
++ "COPYING RESTRICTIONS APPLY\n";
++
++ $static $const char $SYMBOL[] =
++-"@(#) \$$PACKAGE: $APPLICATION $VERSION (" __DATE__ " " __TIME__ ") \$\n"
+++"@(#) \$$PACKAGE: $APPLICATION $VERSION$OPENLDAP_DISTRIBUTION (" __DATE__ " " __TIME__ ") \$\n"
++ "\t$WHOWHERE\n";
++
++ __EOF__
diff --cc debian/patches/series
index 7648c2b,723457e,0000000..f2fb7de
mode 100644,100644,000000..100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@@@ -1,30 -1,27 -1,0 +1,31 @@@@
++nssov-build
+man-slapd
+evolution-ntlm
+slapi-errorlog-file
+ldapi-socket-place
+wrong-database-location
+index-files-created-as-root
+sasl-default-path
+libldap-symbol-versions
+getaddrinfo-is-threadsafe
++gssapi.diff
+do-not-second-guess-sonames
+contrib-modules-use-dpkg-buildflags
+smbk5pwd-makefile
+smbk5pwd-makefile-manpage
+autogroup-makefile
+lastbind-makefile
+lastbind-makefile-manpage
+pw-sha2-makefile
+ldap-conf-tls-cacertdir
+add-tlscacert-option-to-ldap-conf
+fix-build-top-mk
+no-AM_INIT_AUTOMAKE
+switch-to-lt_dlopenadvise-to-get-RTLD_GLOBAL-set.diff
+no-bdb-ABI-second-guessing
+heimdal-fix
+ITS6035-olcauthzregex-needs-restart.patch
- ITS8240-remove-obsolete-assert.patch
+ +set-maintainer-name
+ +ITS-8554-kFreeBSD-is-like-BSD.patch
++fix-ldap-distribution.patch
++ITS8385-fix-use-after-free-with-GnuTLS
diff --cc debian/rules
index dfb0d13,3d27741,0000000..eee26e3
mode 100755,100755,000000..100755
--- a/debian/rules
+++ b/debian/rules
@@@@ -1,244 -1,231 -1,0 +1,247 @@@@
+#!/usr/bin/make -f
+
+# Set this variable if you're building packages outside of Debian and don't
+# want the checks for DFSG-freeness.
+#DFSG_NONFREE = 1
+
- export DEB_CFLAGS_MAINT_APPEND := -Wall -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE -DLDAP_CONNECTIONLESS -I/usr/include/heimdal
- export DEB_CFLAGS_MAINT_APPEND := -Wall -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE
+++export DEB_CFLAGS_MAINT_APPEND := -Wall -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE -DLDAP_CONNECTIONLESS -I/usr/include/hemimdal
++export DEB_LDFLAGS_MAINT_APPEND := -L/usr/lib/$(DEB_HOST_MULTIARCH)/heimdal
+export DEB_BUILD_MAINT_OPTIONS := hardening=+pie,+bindnow
+
+# Workaround for bad glibc behavior when resolving localhost
+export RESOLV_MULTI = off
+
+DEB_HOST_MULTIARCH ?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH)
+DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE)
+DEB_HOST_ARCH_OS ?= $(shell dpkg-architecture -qDEB_HOST_ARCH_OS)
+
+CONFIG = $(shell grep -v "^\#" debian/configure.options)
+ifeq ($(DEB_HOST_ARCH_OS),hurd)
+ CONFIG += --disable-bdb --disable-hdb --disable-mdb
+endif
+ifneq ($(filter stage1,$(DEB_BUILD_PROFILES)),)
- # --disable-slapd should imply --disable-slp, ITS#8224
- CONFIG += --disable-slapd --disable-slp
+ + CONFIG += --disable-slapd
+endif
+
+# Ensure CC is set correctly for cross builds, unless it has already
+# been set explicitly.
+ifeq ($(origin CC),default)
+ export CC := $(DEB_HOST_GNU_TYPE)-gcc
+endif
+
+installdir := $(CURDIR)/debian/tmp
+builddir := $(CURDIR)/debian/build
+slapddir := $(CURDIR)/debian/slapd/usr/sbin
+
+MAKEVARS := STRIP=
+
+# These variables are used only by get-orig-source, which will normally only
+# be run by maintainers.
+VERSION = $(shell dpkg-parsechangelog |grep Version| sed 's/.*: //;s/\+dfsg//;s/-.*//')
+URL = http://www.openldap.org/software/download/OpenLDAP/openldap-release/
+
+# Download the upstream source and make changes as required for DFSG reasons.
+# Assumes wget is available, as this is generally only used by the package
+# maintainers.
+get-orig-source:
+ @if [ ! -d "debian/schema" ] ; then \
+ echo 'Run this from the top directory of the Debian source' >&2; \
+ exit 1; \
+ fi
+ wget $(URL)/openldap-$(VERSION).tgz
+ tar xzf openldap-$(VERSION).tgz
+ rm -r openldap-$(VERSION)/doc/drafts
+ rm -r openldap-$(VERSION)/doc/rfc
+ set -e; for schema in debian/schema/*.schema debian/schema/*.ldif ; do \
+ file=`basename "$$schema"`; \
+ rm openldap-$(VERSION)/servers/slapd/schema/$$file; \
+ done
+ mv openldap-$(VERSION) openldap-$(VERSION)+dfsg
+ tar cf openldap_$(VERSION)+dfsg.orig.tar openldap-$(VERSION)+dfsg
+ rm -r openldap-$(VERSION)+dfsg
+ gzip -9 openldap_$(VERSION)+dfsg.orig.tar
+
+ +DH = dh $@ --with autoreconf --builddirectory=$(builddir) --parallel
+ +.PHONY: build
+ +build:
+ + $(DH)
+%:
- dh $@ --with autoreconf --builddirectory=$(builddir) --parallel
+ + $(DH)
+
+# Only contrib/ldapc++ uses Automake, so special care is needed to update
+# config.guess and config.sub at the top level.
+autoreconf:
+ autoreconf -f -i . contrib/ldapc++
+ cp -f /usr/share/misc/config.guess /usr/share/misc/config.sub build/
+
+override_dh_autoreconf:
+ dh_autoreconf debian/rules -- autoreconf
+
+override_dh_auto_configure:
+ # Check if we include the RFCs, Internet-Drafts, or upstream schemas
+ # with RFC text (which are non DFSG-free). You can set DFSG_NONFREE
+ # to build the packages from the unchanged upstream sources but Debian
+ # can not ship the RFCs in main so this test is here to make sure it
+ # does not get in by accident again. -- Torsten
+ if [ -z "$(DFSG_NONFREE)" ]; then \
+ if [ -e doc/drafts ] || [ -e doc/rfc ]; then exit 1; fi; \
+ if [ -e servers/slapd/schema/core.schema ] \
+ && grep -q 'RFC 4519 definition' servers/slapd/schema/core.schema; \
+ then \
+ exit 1; \
+ fi; \
+ fi
+
+ # Copy our stripped schema versions into where upstream expects them.
+ if [ -z "$(DFSG_NONFREE)" ]; then \
+ cp debian/schema/*.schema debian/schema/*.ldif \
+ servers/slapd/schema/; \
+ fi
+
+ dh_auto_configure -- $(CONFIG)
+
+override_dh_auto_build:
+ dh_auto_build -- $(MAKEVARS)
+ifeq ($(filter stage1,$(DEB_BUILD_PROFILES)),)
- $(MAKE) -C contrib/slapd-modules/smbk5pwd
- $(MAKE) -C contrib/slapd-modules/nssov/ $(MAKEVARS) nssov.la
- $(MAKE) -C contrib/slapd-modules/autogroup
- $(MAKE) -C contrib/slapd-modules/lastbind
- $(MAKE) -C contrib/slapd-modules/passwd/sha2
+ + $(MAKE) -C contrib/slapd-modules/smbk5pwd CC=$(CC)
+++ $(MAKE) -C contrib/slapd-modules/nssov/ CC=$(CC) $(MAKEVARS) nssov.la
+ + $(MAKE) -C contrib/slapd-modules/autogroup CC=$(CC)
+ + $(MAKE) -C contrib/slapd-modules/lastbind CC=$(CC)
+ + $(MAKE) -C contrib/slapd-modules/passwd/sha2 CC=$(CC)
+endif
+
+override_dh_auto_install:
+ dh_auto_install -- $(MAKEVARS)
+ifeq ($(filter stage1,$(DEB_BUILD_PROFILES)),)
+ $(MAKE) -C contrib/slapd-modules/smbk5pwd install DESTDIR=$(installdir)
++ $(MAKE) -C contrib/slapd-modules/nssov install DESTDIR=$(installdir)
+ $(MAKE) -C contrib/slapd-modules/autogroup install DESTDIR=$(installdir)
+ $(MAKE) -C contrib/slapd-modules/lastbind install DESTDIR=$(installdir)
+ $(MAKE) -C contrib/slapd-modules/passwd/sha2 install DESTDIR=$(installdir)
+
+ # Empty the dependency_libs file in the .la files.
+ for F in $(installdir)/usr/lib/ldap/*.la; do \
+ sed -i "s/^dependency_libs=.*/dependency_libs=''/" $$F; \
+ done
+endif
+
+ # Check all built libraries for unresolved symbols except for the
+ # libslapi library. It is a special case since the SLAPI interface
+ # depends on symbols defined in slapd itself. Those symbols will
+ # remain unresolved until the plugin is loaded into slapd.
+ for F in $(installdir)/usr/lib/$(DEB_HOST_MULTIARCH)/*.so.*.*.*; do \
+ if echo "$$F" | grep -q libslapi ; then \
+ continue; \
+ fi; \
+ if LD_LIBRARY_PATH=$(installdir)/usr/lib/$(DEB_HOST_MULTIARCH) ldd -d -r $$F 2>&1 | grep '^undefined symbol:'; then \
+ echo; \
+ echo "library $$F has undefined references. Please fix this before continuing."; \
+ exit 1; \
+ fi; \
+ done
+
- # Upstream installs schema files in mode 0444 - policy wants 0644
- find $(installdir)/etc -type f|xargs chmod 0644
+ # Upstream manpages are section 8C but installed as section 8
+ find $(installdir)/usr/share/man -name \*.8 \
+ | xargs perl -pi -e 's#(\.TH \w+ 8)C#$$1#'
+
+ifeq ($(filter stage1,$(DEB_BUILD_PROFILES)),)
- override_dh_install:
+ +override_dh_install-arch:
+ dh_install
+ rm -rf $(CURDIR)/debian/slapd/usr/lib/ldap/smbk5pwd*
- chmod 0755 $(CURDIR)/debian/slapd/usr/share/slapd/ldiftopasswd
+endif
+
++ # install AppArmor profile
++ install -D -m 644 $(CURDIR)/debian/apparmor-profile $(CURDIR)/debian/slapd/etc/apparmor.d/usr.sbin.slapd
++
+++ # install Apport hook
+++ install -D -m 644 $(CURDIR)/debian/slapd.py $(CURDIR)/debian/slapd/usr/share/apport/package-hooks/slapd.py
+++
++ # install ufw profile
++ install -D -m 644 $(CURDIR)/debian/slapd.ufw.profile $(CURDIR)/debian/slapd/etc/ufw/applications.d/slapd
++
++ dh_apparmor -pslapd --profile-name=usr.sbin.slapd
++
+override_dh_installinit:
+ dh_installinit -- "defaults 19 80"
+
+ifeq ($(filter stage1,$(DEB_BUILD_PROFILES)),)
+override_dh_installman:
+ dh_installman
+ rm -f $(CURDIR)/debian/slapd/usr/share/man/man5/slapo-smbk5pwd.*
+ +
+ +override_dh_fixperms-arch:
+ + dh_fixperms
+ + chmod +x $(CURDIR)/debian/slapd/usr/share/slapd/ldiftopasswd
+endif
+
+override_dh_strip:
+ dh_strip -plibldap-2.4-2 --dbg-package=libldap-2.4-2-dbg
+ifeq ($(filter stage1,$(DEB_BUILD_PROFILES)),)
+ dh_strip -pslapd --dbg-package=slapd-dbg
+endif
+ dh_strip -Nlibldap-2.4-2 -Nslapd
+ifeq ($(filter stage1,$(DEB_BUILD_PROFILES)),)
+ # hardlink these so not confined by apparmor; do this here and not
+ # in dh_link so that dh_strip doesn't get confused and put the wrong
+ # binary in the debug package.
+ for f in slapacl slapadd slapauth slapcat slapdn slapindex slappasswd slaptest slapschema ; do \
+ ln -f $(slapddir)/slapd $(slapddir)/$$f ; \
+ done
+endif
+
+override_dh_link:
+ for pkg in libldap2-dev libldap-2.4-2; do \
+ sed -e"s/\$${DEB_HOST_MULTIARCH}/$(DEB_HOST_MULTIARCH)/g" < debian/$$pkg.links.in > debian/$$pkg.links; \
+ done
+ dh_link
+
+override_dh_makeshlibs:
- # ideally we would do this and not have any libldap-2.4.so.2 links
- # at all, but that requires adjusting the build scripts first to
- # link against libldap_r, otherwise dh_shlibdeps fails
- #dh_makeshlibs -plibldap-2.4-2 -V 'libldap-2.4-2 (>= 2.4.7)'
- mkdir -p debian/libldap-2.4-2/DEBIAN
- cp -p debian/libldap-2.4-2.shlibs debian/libldap-2.4-2/DEBIAN/shlibs
- dpkg-gensymbols -plibldap-2.4-2 -Pdebian/libldap-2.4-2
+ifeq ($(filter stage1,$(DEB_BUILD_PROFILES)),)
+ echo "slapd:Provides=$$(objdump -p debian/slapd/usr/lib/$(DEB_HOST_MULTIARCH)/libslapi-*.so.* \
+ | sed -ne '/SONAME/ { s/[[:space:]]*SONAME[[:space:]]*//; \
+ s/\.so\./-/; p; q }' \
+ )" >> debian/slapd.substvars
+ dh_makeshlibs -pslapd -X/usr/lib/ldap/ -V "$$(sed -ne's/slapd:Provides=//p' debian/slapd.substvars)"
+endif
+ + dh_makeshlibs --remaining-packages
+
+ifeq ($(filter stage1,$(DEB_BUILD_PROFILES)),)
+override_dh_installdeb:
+ dh_installdeb
+ perl -w debian/dh_installscripts-common -p slapd
+endif
+
+override_dh_auto_clean:
+ dh_auto_clean
+ # Update translation templates for debconf
+ debconf-updatepo
+ifeq ($(filter stage1,$(DEB_BUILD_PROFILES)),)
+ # Remove our stripped schema from the upstream source area.
+ if [ -z "$(DFSG_NONFREE)" ]; then \
+ set -e; for s in debian/schema/*.schema debian/schema/*.ldif; do \
+ rm -f servers/slapd/schema/`basename $$s`; \
+ done; \
+ fi
+
++ rm -f contrib/slapd-modules/nssov/nss-pam-ldapd/config.sub contrib/slapd-modules/nssov/nss-pam-ldapd/config.guess
++
+ # Clean the contrib directory
+ rm -rf contrib/slapd-modules/smbk5pwd/.libs \
+ contrib/slapd-modules/smbk5pwd/smbk5pwd.lo \
+ contrib/slapd-modules/smbk5pwd/smbk5pwd.la \
+ contrib/slapd-modules/smbk5pwd/smbk5pwd.o
+ rm -rf contrib/slapd-modules/autogroup/.libs \
+ contrib/slapd-modules/autogroup/autogroup.lo \
+ contrib/slapd-modules/autogroup/autogroup.la \
+ contrib/slapd-modules/autogroup/autogroup.o
+ rm -rf contrib/slapd-modules/lastbind/.libs \
+ contrib/slapd-modules/lastbind/lastbind.lo \
+ contrib/slapd-modules/lastbind/lastbind.la \
+ contrib/slapd-modules/lastbind/lastbind.o
+ rm -rf contrib/slapd-modules/passwd/sha2/.libs \
- contrib/slapd-modules/passwd/sha2/pw-sha2.lo \
+ contrib/slapd-modules/passwd/sha2/pw-sha2.la \
- contrib/slapd-modules/passwd/sha2/pw-sha2.o
+ + contrib/slapd-modules/passwd/sha2/sha2.lo \
+ + contrib/slapd-modules/passwd/sha2/sha2.o \
+ + contrib/slapd-modules/passwd/sha2/slapd-sha2.lo \
+ + contrib/slapd-modules/passwd/sha2/slapd-sha2.o
+endif
diff --cc debian/slapd.scripts-common
index 9f0a01d,7160d67,0000000..63b5359
mode 100644,100644,000000..100644
--- a/debian/slapd.scripts-common
+++ b/debian/slapd.scripts-common
@@@@ -1,817 -1,838 -1,0 +1,843 @@@@
+# -*- sh -*-
+# This file can be included with #SCRIPTSCOMMON#
+
+
+# ===== Dumping and reloading using LDIF files ========================= {{{
+#
+# If incompatible changes are done to the database underlying a LDAP
+# directory we need to dump the contents and reload the data into a newly
+# created database after the new server was installed. The following
+# functions deal with this functionality.
+
+
+# ----- Configuration of this component -------------------------------- {{{
+#
+# Dumping the database can have negative effects on the system we are
+# running on. If there is a lot of data dumping it might fill a partition
+# for example. Therefore we must give the user exact control over what we
+# are doing.
+
+database_dumping_enabled() { # {{{
+# Check if the user has enabled database dumping for the current situation.
+# Return success if yes.
+# Usage: if database_dumping_enabled; then ... fi
+
+ db_get slapd/dump_database
+ case "$RET" in
+ always)
+ ;;
+ "when needed")
+ database_format_changed || return 1
+ ;;
+ never)
+ return 1
+ ;;
+ *)
+ echo >&2 "Unknown value for slapd/dump_database: $RET"
+ echo >&2 "Please report!"
+ exit 1
+ ;;
+ esac
+}
+
+# }}}
+database_format_changed() { # {{{
+# Check if the database format has changed since the old installed version
+# Return success if yes.
+# Usage: if database_format_changed; then
+
+ if dpkg --compare-versions "$OLD_VERSION" lt-nl 2.4.39-1; then
+ return 0
+ else
+ return 1
+ fi
+}
+
+# }}}
+database_dumping_destdir() { # {{{
+# Figure out the directory we are dumping the database to and create it
+# if it does not exist.
+# Usage: destdir=`database_dumping_destdir`
+
+ local dir
+ db_get slapd/dump_database_destdir
+ dir=`echo "$RET"|sed -e "s/VERSION/$OLD_VERSION/"`
+ mkdir -p -m 700 "$dir"
+ echo $dir
+}
+
+# }}}
+create_new_user() { # {{{
+ if [ -z "`getent group openldap`" ]; then
+ addgroup --quiet --system openldap
+ fi
+ if [ -z "`getent passwd openldap`" ]; then
+ echo -n " Creating new user openldap... " >&2
+ adduser --quiet --system --home /var/lib/ldap --shell /bin/false \
+ --ingroup openldap --disabled-password --disabled-login \
+ --gecos "OpenLDAP Server Account" openldap
+ echo "done." >&2
+ fi
+}
+# }}}
+create_ldap_directories() { # {{{
+ if [ ! -d /var/lib/ldap ]; then
+ mkdir -m 0700 /var/lib/ldap
+ fi
+ if [ ! -d /var/run/slapd ]; then
+ mkdir -m 0755 /var/run/slapd
+ fi
+ update_permissions /var/lib/ldap
+ update_permissions /var/run/slapd
+}
+# }}}
+update_permissions() { # {{{
+ local dir
+ dir="$1"
+ if [ -d "$dir" ]; then
+ [ -z "$SLAPD_USER" ] || chown -R -H "$SLAPD_USER" "$dir"
+ [ -z "$SLAPD_GROUP" ] || chgrp -R -H "$SLAPD_GROUP" "$dir"
+ fi
+}
+# }}}
+update_databases_permissions() { # {{{
+ get_suffix | while read suffix; do
+ dbdir=`get_directory "$suffix"`
+ update_permissions "$dbdir"
+ done
+}
+# }}}
+# }}}
+# ----- Dumping and loading the data ------------------------------------ {{{
+
+migrate_to_slapd_d_style() { # {{{
+
+ # Check if we need to migrate to the new style.
+ if previous_version_older 2.4.23-3 && [ -f "${SLAPD_CONF}" ] \
+ && ! [ -d /etc/ldap/slapd.d ]
+ then
+
+ # Create the new configuration directory
+ mkdir /etc/ldap/slapd.d
+
+ echo -n " Migrating slapd.conf to slapd.d configuration style... " >&2
+ capture_diagnostics slaptest -f ${SLAPD_CONF} -F /etc/ldap/slapd.d || failed=1
+ if [ "$failed" ]; then
+
+ echo "failed." >&2
+ echo >&2
+ cat <<-EOF
+Migrating slapd.conf file (${SLAPD_CONF}) to slapd.d failed with the following
+error while running slaptest:
+EOF
+ release_diagnostics " "
+ rm -rf /etc/ldap/slapd.d
+ exit 1
+ fi
+
+ # Backup the old slapd.conf
+ mv ${SLAPD_CONF} ${SLAPD_CONF}.old
+ SLAPD_CONF=/etc/ldap/slapd.d
+
+ # Add olcAccess control to grant local root connections access
+ sed -i '/^olcDatabase: {-1}frontend/a\
+olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break\
+olcAccess: {1}to dn.exact="" by * read\
+olcAccess: {2}to dn.base="cn=Subschema" by * read' "${SLAPD_CONF}/cn=config/olcDatabase={-1}frontend.ldif"
+ sed -i '/^olcDatabase: {0}config/a\
+olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break' "${SLAPD_CONF}/cn=config/olcDatabase={0}config.ldif"
+
+ # TODO: Now we are doing something that is not allowed by policy but it
+ # has to be done.
+ sed -i -e "/^[[:space:]]*SLAPD_CONF=.*/ s/^/#/" /etc/default/slapd
+ echo "done." >&2
+ fi
+}
+
+ +# }}}
+ +dump_config() { # {{{
+ +# Dump the cn=config database to the backup directory.
+ +# This is not the same as backup_config_once, which copies the slapd.d
+ +# directory verbatim.
+ + local dir
+ +
+ + [ -d "$SLAPD_CONF" ] || return 0
+ +
+ + dir="$(database_dumping_destdir)"
+ + echo "Saving current slapd configuration to $dir..." >&2
+ + slapcat -F "$SLAPD_CONF" -n0 -l "$dir/cn=config.ldif"
+ +}
+ +# }}}
+dump_databases() { # {{{
+# If the user wants us to dump the databases they are dumped to the
+# configured directory.
-
- local db suffix file dir failed
++ local db suffix file dir failed slapcat_opts
+
+ database_dumping_enabled || return 0
+
+ dir=`database_dumping_destdir`
+ echo >&2 " Dumping to $dir: "
+ (get_suffix | while read suffix; do
+ dbdir=`get_directory "$suffix"`
+ if [ -n "$dbdir" ]; then
+ file="$dir/$suffix.ldif"
+ echo -n " - directory $suffix... " >&2
+ # Need to support slapd.d migration from preinst
+ if [ -f "${SLAPD_CONF}" ]; then
+ slapcat_opts="-g -f ${SLAPD_CONF}"
+ else
+ slapcat_opts="-g -F ${SLAPD_CONF}"
+ fi
+ slapcat ${slapcat_opts} -b "$suffix" > "$file" || failed=1
+ if [ "$failed" ]; then
+ rm -f "$file"
+ echo "failed." >&2
+ db_subst slapd/upgrade_slapcat_failure location "$dir" <&5
+ db_input critical slapd/upgrade_slapcat_failure <&5 || true
+ db_go <&5 || true
+ exit 1
+ fi
+ echo "done." >&2
+ fi
+ done) 5<&0 </dev/null
+}
+
+# }}}
+load_databases() { # {{{
+ local dir file db dbdir backupdir slapadd_opts
+
+ dir=`database_dumping_destdir`
+ echo >&2 " Loading from $dir: "
+ # restore by increasing suffix length due to possibly glued databases
+ get_suffix | awk '{ print length, $0 }' | sort -n | cut -d ' ' -f 2- \
+ | while read suffix; do
+ dbdir=`get_directory "$suffix"`
+ if [ -z "$dbdir" ]; then
+ continue
+ fi
+ if ! is_empty_dir "$dbdir"; then
+ echo >&2 \
+ " Directory $dbdir for $suffix not empty, aborting."
+ exit 1
+ fi
+
+ file="$dir/$suffix.ldif"
+ echo -n " - directory $suffix... " >&2
+
+ # If there is an old DB_CONFIG file, restore it before
+ # running slapadd
+ backupdir=`compute_backup_path -n "$dbdir" "$suffix"`
+ if [ -e "$backupdir"/DB_CONFIG ]; then
+ cp -a "$backupdir"/DB_CONFIG "$dbdir"/
+ fi
+
+ if [ -f "${SLAPD_CONF}" ]; then
+ slapadd_opts="-g -f ${SLAPD_CONF}"
+ else
+ slapadd_opts="-g -F ${SLAPD_CONF}"
+ fi
+ capture_diagnostics slapadd ${slapadd_opts} \
+ -q -b "$suffix" -l "$file" || failed=1
+ if [ "$failed" ]; then
+ rm -f "$dbdir"/*
+ echo "failed." >&2
+ echo >&2
+ cat <<-EOF
+ Loading the database from the LDIF dump failed with the following
+ error while running slapadd:
+EOF
+ release_diagnostics " "
+ exit 1
+ fi
+ echo "done." >&2
+
+ if [ -n "$SLAPD_USER" ] || [ -n "$SLAPD_GROUP" ]; then
+ echo -n " - chowning database directory ($SLAPD_USER:$SLAPD_GROUP)... "
+ update_permissions "$dbdir"
+ echo "done";
+ fi
+ done
+}
+
+# }}}
+move_incompatible_databases_away() { # {{{
+ echo >&2 " Moving old database directories to /var/backups:"
+ (get_suffix | while read suffix; do
+ dbdir=`get_directory "$suffix"`
+ move_old_database_away "$dbdir" "$suffix" <&5
+ done) 5<&0 </dev/null
+}
+# }}}
+# }}}
+# }}}
- # }}}
+
+# ===== Parsing the slapd configuration file ============================ {{{
+#
+# For some operations we have to know the slapd configuration. These
+# functions are for parsing the slapd configuration file.
+
+# The following two functions need to support slapd.conf installations
+# as long as upgrading from slapd.conf environment is supported.
+# They're used to dump database in preinst which may have a slapd.conf file.
+get_suffix() { # {{{
+ if [ -f "${SLAPD_CONF}" ]; then
+ for f in `get_all_slapd_conf_files`; do
+ sed -n -e's/^suffix[[:space:]]\+"*\([^"]\+\)"*/\1/p' $f
+ done
+ else
+ grep -h ^olcSuffix ${SLAPD_CONF}/cn\=config/olcDatabase*.ldif | cut -d: -f 2
+ fi | sort -u
+}
+# }}}
+get_directory() { # {{{
+# Returns the db directory for a given suffix
+ if [ -d "${SLAPD_CONF}" ] && get_suffix | grep -q "$1" ; then
+ sed -n 's/^olcDbDirectory: *//p' `grep -l "^olcSuffix: $1" ${SLAPD_CONF}/cn\=config/olcDatabase*.ldif`
+ elif [ -f "${SLAPD_CONF}" ]; then
+ # Extract the directory for the given suffix ($1)
+ for f in `get_all_slapd_conf_files`; do
+ awk ' BEGIN { DB=0; SUF=""; DIR="" } ;
+ /^database/ { DB=1; SUF=""; DIR="" } ;
+ DB==1 && /^suffix[ \t]+"?'"$1"'"?$/ { SUF=$2 ; } ;
+ DB==1 && /^directory/ { DIR=$2 ;} ;
+ DB==1 && SUF!="" && DIR!="" { sub(/^"/,"",DIR) ; sub(/"$/,"",DIR) ; print DIR; SUF=""; DIR="" }' "${f}" | \
+ sed -e's/\([^\\]\|^\)"/\1/g; s/\\"/"/g; s/\\\\/\\/g'
+
+ done
+ else
+ return 1
+ fi
+}
+# }}}
+get_all_slapd_conf_files() { # {{{
+# Returns the list of all the config files: slapd.conf and included files.
+ echo ${SLAPD_CONF}
+ awk '
+BEGIN { I=0 }
+/^include/ {
+ sub(/include/," ");
+ I=1;
+}
+I==1 && /^[ \t]+/ {
+ split($0,F) ;
+ for (f in F)
+ if (!match(F[f],/schema/)) {
+ print F[f]
+ } ;
+ next;
+}
+I==1 { I=0 }
+' ${SLAPD_CONF}
+}
+# }}}
+# }}}
+
+compute_backup_path() { # {{{
+# Compute the path to backup a database directory
+# Usage: compute_backup_path [-n] <dir> <basedn>
+
+# XXX: should ask the user via debconf
+
+ local dirname basedn ok_exists
+ if [ "$1" = "-n" ]; then
+ ok_exists=yes
+ shift
+ fi
+ dirname="$1"
+ basedn="$2"
+
+ # Computing the name of the backup directory from the old version,
+ # the suffix etc. all makes me feel worried. I'd rather have a
+ # directory name which is not going to exist. So the simple
+ # scheme we are using now is to compute the filename from the
+ # directory name and appending date and time. And we check if it
+ # exists to be really sure... -- Torsten
+
+ local target
+ local id
+ id="$OLD_VERSION"
+ [ -n "$id" ] || id=`date +%Y%m%d-%H%M%S`
+ target="/var/backups/$basedn-$id.ldapdb"
++ # Configuration via dpkg-reconfigure.
++ # The backup directory already exists when reconfigured
++ # twice or more: append a timestamp.
++ if [ -e "${target}" ] && ([ "$MODE" = reconfigure ] || [ "$DEBCONF_RECONFIGURE" ]); then
++ target="$target-`date +%Y%m%d-%H%M%S`"
++ fi
+ if [ -e "$target" ] && [ -z "$ok_exists" ]; then
+ echo >&2
+ echo >&2 " Backup path $target exists. Giving up..."
+ exit 1
+ fi
+
+ echo "$target"
+}
+
+# }}}
+move_old_database_away() { # {{{
+# Move the old database away if it is still there
+#
+# In fact this function makes sure that the database directory is empty
+# with the exception of any DB_CONFIG file
+# and can be populated with a new database. If something is in the way
+# it is moved to a backup directory if the user accepted the debconf
+# option slapd/move_old_database. Otherwise we output a warning and let
+# the user fix it himself.
+# Usage: move_old_database_away <dbdir> [<basedn>]
+
+ local databasedir backupdir
+ databasedir="$1"
+ suffix="${2:-unknown}"
+
+ if [ ! -e "$databasedir" ] || is_empty_dir "$databasedir"; then
+ return 0
+ fi
+
+ # Note that we can't just move the database dir as it might be
+ # a mount point. Instead me move the content which might
+ # include mount points as well anyway, but it's much less likely.
+ db_get slapd/move_old_database
+ if [ "$RET" = true ]; then
+ backupdir=`compute_backup_path "$databasedir" "$suffix"`
+ echo -n " - directory $suffix... " >&2
+ mkdir -p "$backupdir"
+ find -H "$databasedir" -mindepth 1 -maxdepth 1 -type f \
+ -exec mv {} "$backupdir" \;
+ echo done. >&2
+ else
+ cat >&2 <<EOF
+ There are leftover files in $databasedir. This will probably break
+ creating the initial directory. If that's the case please move away
+ stuff in there and retry the configuration.
+EOF
+ fi
+}
+# }}}
+manual_configuration_wanted() { # {{{
+# Check if the user wants to configure everything himself (queries debconf)
+# Returns success if yes.
+
+ db_get slapd/no_configuration
+ if [ "$RET" = "true" ]; then
+ return 0
+ else
+ return 1
+ fi
+}
+# }}}
+copy_example_DB_CONFIG() { # {{{
+# Copy an example DB_CONFIG file
+# copy_example_DB_CONFIG <directory>
+ local directory srcdir
+
+ directory="$1"
+ srcdir="/usr/share/slapd"
+
+ if ! [ -f "${directory}/DB_CONFIG" ] && [ -d "$directory" ]; then
+ cp $srcdir/DB_CONFIG "${directory}/DB_CONFIG"
+ fi
+}
+
+# }}}
+create_new_configuration() { # {{{
+# Create a new configuration and directory
+
+ local basedn dc backend
+
+ # For the domain really.argh.org we create the basedn
+ # dc=really,dc=argh,dc=org with the dc entry dc: really
+ db_get slapd/domain
+ basedn="dc=`echo $RET | sed 's/^\.//; s/\.$//; s/\./,dc=/g'`"
+ dc="`echo $RET | sed 's/^\.//; s/\..*$//'`"
+
+ db_get slapd/backend
+ backend="`echo $RET|tr A-Z a-z`"
+
+ if [ -e "/var/lib/ldap" ] && ! is_empty_dir /var/lib/ldap; then
+ echo >&2 " Moving old database directory to /var/backups:"
+ move_old_database_away /var/lib/ldap
+ fi
+ create_ldap_directories
+ create_new_slapd_conf "$basedn" "$backend"
+ create_new_directory "$basedn" "$dc"
+
+ # Put the right permissions on this directory.
+ update_permissions /var/lib/ldap
+
+ # Now that we created the new directory we don't need the passwords in the
+ # debconf database anymore. So wipe them.
+ wipe_admin_pass
+}
+# }}}
+create_new_slapd_conf() { # {{{
+# Create the new slapd.d directory (configuration)
+# Usage: create_new_slapd_conf <basedn> <backend>
+
+ local initldif failed basedn backend backendobjectclass backendoptions adminpass
+
+ # Fetch configuration
+ basedn="$1"
+ backend="$2"
+ if [ "$backend" = "mdb" ]; then
+ backendoptions="olcDbMaxSize: 1073741824"
+ backendobjectclass="olcMdbConfig"
+ else
+ backendoptions="olcDbConfig: set_cachesize 0 2097152 0\nolcDbConfig: set_lk_max_objects 1500\nolcDbConfig: set_lk_max_locks 1500\nolcDbConfig: set_lk_max_lockers 1500"
+ if [ "$backend" = "hdb" ]; then
+ backendobjectclass="olcHdbConfig"
+ else
+ backendobjectclass="olcBdbConfig"
+ fi
+ fi
+ db_get slapd/internal/adminpw
+ adminpass="$RET"
+
+ echo -n " Creating initial configuration... " >&2
+
+ # Create the slapd.d directory.
+ rm -rf ${SLAPD_CONF}/cn=config ${SLAPD_CONF}/cn=config.ldif
+ mkdir -p ${SLAPD_CONF}
+ initldif=`mktemp -t slapadd.XXXXXX`
+ cat /usr/share/slapd/slapd.init.ldif > ${initldif}
+
+ # Change some defaults
+ sed -i -e "s|@BACKEND@|$backend|g" ${initldif}
+ sed -i -e "s|@BACKENDOBJECTCLASS@|$backendobjectclass|g" ${initldif}
+ sed -i -e "s|@BACKENDOPTIONS@|$backendoptions|g" ${initldif}
+ sed -i -e "s|@SUFFIX@|$basedn|g" ${initldif}
+ sed -i -e "s|@PASSWORD@|$adminpass|g" ${initldif}
+
+ capture_diagnostics slapadd -F "${SLAPD_CONF}" -b "cn=config" \
+ -l "${initldif}" || failed=1
+ if [ "$failed" ]; then
+ cat <<-EOF
+Loading the initial configuration from the ldif file (${init_ldif}) failed with
+the following error while running slapadd:
+EOF
+ release_diagnostics " "
+ exit 1
+ fi
+
+ update_permissions "${SLAPD_CONF}"
+ rm -f "${initldif}"
+ echo "done." >&2
+}
+# }}}
+encode_utf8() { #{{{
+# Make the value utf8 encoded. Takes one argument and utf8 encode it.
+# Usage: val=`encode_utf8 <value>`
+ perl -e 'use Encode; print encode_utf8($ARGV[0]);' "$1"
+} #}}}
+create_new_directory() { # {{{
+# Create a new directory. Takes the basedn and the dc value of that entry.
+# Other information is extracted from debconf.
+# Usage: create_new_directory <basedn> <dc>
+
+ local basedn dc organization adminpass
+ basedn="$1"
+ dc="$2"
+
+ # Encode to utf8 and base64 encode the organization.
+ db_get shared/organization
+ organization=`encode_utf8 "$RET"`
+ db_get slapd/internal/adminpw
+ adminpass="$RET"
+
+ echo -n " Creating LDAP directory... " >&2
+
+ initldif=`mktemp -t slapadd.XXXXXX`
+ cat <<-EOF > "${initldif}"
+ dn: $basedn
+ objectClass: top
+ objectClass: dcObject
+ objectClass: organization
+ o: $organization
+ dc: $dc
+
+ dn: cn=admin,$basedn
+ objectClass: simpleSecurityObject
+ objectClass: organizationalRole
+ cn: admin
+ description: LDAP administrator
+ userPassword: $adminpass
+ EOF
+
+ capture_diagnostics slapadd -F "${SLAPD_CONF}" -b "${basedn}" \
+ -l "${initldif}" || failed=1
+ if [ "$failed" ]; then
+ rm -f ${initldif}
+ echo "failed." >&2
+ cat <<-EOF
+Loading the initial configuration from the ldif file (${init_ldif}) failed with
+the following error while running slapadd:
+EOF
+ release_diagnostics " "
+ exit 1
+ fi
+
+ rm -f ${initldif}
+ echo "done." >&2
+}
+# }}}
- configure_v2_protocol_support() { # {{{
- # Adds the "allow bind_v2" directive to the configuration if the user decided
- # he wants to have ldap v2 enabled.
-
- db_get slapd/allow_ldap_v2
- if [ "$RET" != "true" ]; then return 0; fi
-
- echo -n " Enabling LDAPv2 support... " >&2
-
- # cn=config enabled, try to update the cn=config.ldif
- if [ -d "$SLAPD_CONF" ]; then
- if ! grep -q -E "^olcAllows:[[:space:]]+bind_v2" "${SLAPD_CONF}/cn=config.ldif"; then
- echo "olcAllows: bind_v2" >> "${SLAPD_CONF}/cn=config.ldif"
- fi
- echo "done" >&2
- return 0
- fi
- }
- # }}}
+backup_config_once() { # {{{
+# Create a backup of the current configuration files.
+# Usage: backup_config_once
+
+ local backupdir
+
+ if [ -z "$FLAG_CONFIG_BACKED_UP" ]; then
+ backupdir=`database_dumping_destdir`
+ if [ -e "$SLAPD_CONF" ]; then
+ cp -a "$SLAPD_CONF" "$backupdir"
+ fi
+ FLAG_CONFIG_BACKED_UP=yes
+ fi
+}
+
+# }}}
+ +normalize_ldif() { # {{{
+ +# Unwrap LDIF lines and strip comments.
+ + perl -00 -pe 's/\n[ \t]//g; s/^#.*\n//mg' "$@"
+ +}
+ +# }}}
+
+
+set_defaults_for_unseen_entries() { # {{{
+# Set up the defaults for our templates
+ DOMAIN=`hostname -d 2>/dev/null` || true
+ if [ -z "$DOMAIN" ]; then DOMAIN='nodomain'; fi
+
+ db_fget slapd/domain seen
+ if [ "$RET" = false ]; then
+ db_set slapd/domain "$DOMAIN"
+ fi
+
+ db_fget shared/organization seen
+ if [ "$RET" = false ]; then
+ db_set shared/organization "$DOMAIN"
+ fi
+}
+# }}}
+crypt_admin_pass() { # {{{
+# Store the encrypted admin password into the debconf db
+# Usage: crypt_admin_pass
+
+ local adminpw;
+
+ db_get slapd/password1
+ if [ ! -z "$RET" ]; then
+ db_set slapd/internal/adminpw `create_password_hash "$RET"`
+ else
+
+ # Set the password.
+ adminpw=`generate_admin_pass`
+ db_set slapd/internal/generated_adminpw $adminpw
+ db_set slapd/internal/adminpw `create_password_hash "$adminpw"`
+ fi
+}
+
+generate_admin_pass() {
+# Generate a password, if no password given then generate one.
+# Usage: generate_admin_pass
+
+ perl << 'EOF'
+# --------
+sub generatePassword {
+ $length = shift;
+ $possible = 'abcdefghijklmnopqrstuvwxyz1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ';
+ $password = '';
+ while(length($password) < $length) {
+ $password.= substr($possible, (int(rand(length($possible)))), 1);
+ }
+ return $password;
+}
+print generatePassword(15);
+EOF
+# --------
+}
+
+wipe_admin_pass() {
+# Remove passwords after creating the initial ldap database.
+# Usage: wipe_admin_pass
+ db_set slapd/password1 ""
+ db_set slapd/password2 ""
+ db_set slapd/internal/adminpw ""
+ db_set slapd/internal/generated_adminpw ""
+}
+
+# }}}
+create_password_hash() { # {{{
+# Create the password hash for the given password
+# Usage: hash=`create_password_hash "$password"`
+
+ slappasswd -s "$1"
+}
+
+# }}}
+previous_version_older() { # {{{
+# Check if the previous version is newer than the reference version passed.
+# If we are not upgrading the previous version is assumed to be newer than
+# any reference version.
+# Usage: previous_version_older <package version>
+
+ if dpkg --compare-versions "$OLD_VERSION" lt-nl "$1"; then
+ return 0
+ else
+ return 1
+ fi
+}
+
+# }}}
+previous_version_newer() { # {{{
+# Check if the previous version is newer than the reference version passed.
+# If we are not upgrading the previous version is assumed to be newer than
+# any reference version.
+# Usage: previous_version_newer <package version>
+
+ if dpkg --compare-versions "$OLD_VERSION" gt-nl "$1"; then
+ return 0
+ else
+ return 1
+ fi
+} # }}}
+
+is_initial_configuration() { # {{{
+# Check if this is the initial configuration and not an upgrade of an
+# existing configuration
+# Usage: if is_initial_configuration "$@"; then ... fi from top level
+
+ # Plain installation
+ if [ "$1" = configure ] && [ -z "$2" ]; then
+ return 0
+ fi
+ # Configuration via dpkg-reconfigure
+ if [ "$1" = reconfigure ] || [ "$DEBCONF_RECONFIGURE" ]; then
+ return 0
+ fi
+ # Upgrade but slapd.conf doesn't exist. If the user is doing this
+ # intentionally because they want to put it somewhere else, they
+ # should select manual configuration in debconf.
+ if [ "$1" = configure ] && [ ! -e "${SLAPD_CONF}" ]; then
+ return 0
+ fi
+ return 1
+}
+
+# }}}
+is_empty_dir() { # {{{
+# Check if a path refers to a directory that is "empty" from the POV of slapd
+# (i.e., contains no files except for an optional DB_CONFIG).
+# Usage: if is_empty_dir "$dir"; then ... fi
+
+ output=`find -H "$1" -mindepth 1 -maxdepth 1 -type f \! -name DB_CONFIG 2>/dev/null`
+ if [ -n "$output" ]; then
+ return 1
+ else
+ return 0
+ fi
+}
+
+# }}}
+
+ +find_old_ppolicy_schema() { # {{{
+ +# Helper for the ppolicy schema update in 2.4.43. Checks whether the
+ +# exported config includes an old version of the ppolicy schema that
+ +# needs the new attribute added. If such a schema is found, echos its DN
+ +# to stdout. If the schema is not loaded or is already up-to-date,
+ +# returns nothing. The provided LDIF should have its lines unwrapped
+ +# already.
+ +# Usage: ppolicy_dn="$(find_old_ppolicy_schema "$exported_ldif")"
+ + local ppolicy_dn
+ +
+ + # Is the ppolicy schema loaded?
+ + if ! ppolicy_dn="$(grep '^dn: cn={[0-9]\+}ppolicy,cn=schema,cn=config$' "$1")"; then
+ + return
+ + fi
+ +
+ + # Has the pwdMaxRecordedFailure attribute already been added?
+ + # It might have been replicated from a newer server.
+ + if grep -q '^olcAttributeTypes: .*NAME '\''pwdMaxRecordedFailure'\' "$1"; then
+ + return
+ + fi
+ +
+ + # The schema is loaded and needs to be updated.
+ + ppolicy_dn="${ppolicy_dn#dn: }"
+ + echo "$ppolicy_dn"
+ +}
+ +# }}}
+ +
+# ===== Global variables ================================================ {{{
+#
+# At some points we need to know which version we are upgrading from if
+# any. More precisely we only care about the configuration and data we
+# might have laying around. Some parts also want to know which mode the
+# script is running in.
+
+MODE="$1" # install, upgrade, etc. - see debian-policy
+OLD_VERSION="$2"
+
+# Source the init script configuration
+# See example file debian/slapd.default for variables defined here
+if [ -f "/etc/default/slapd" ]; then
+ . /etc/default/slapd
+fi
+
+# Load the default location of the slapd config file
+if [ -z "$SLAPD_CONF" ]; then
+ if [ -f "/etc/ldap/slapd.conf" ] && \
+ [ ! -e "/etc/ldap/slapd.d" ]
+ then
+ SLAPD_CONF="/etc/ldap/slapd.conf"
+ else
+ SLAPD_CONF="/etc/ldap/slapd.d"
+ fi
+fi
+
+# }}}
+
+# ----- Handling diagnostic output ------------------------------------ {{{
+#
+# Often you want to run a program while you are showing progress
+# information to the user. If the program you are running outputs some
+# diagnostics it will mess up your screen.
+#
+# This is what the following functions are designed for. When running the
+# program, use capture_diagnostics to store what the program outputs to
+# stderr and use release_diagnostics to write out the captured output.
+
+
+capture_diagnostics() { # {{{
+# Run the command passed and capture the diagnostic output in a temporary
+# file. You can dump that file using release_diagnostics.
+
+ # Create the temporary file
+ local tmpfile
+ tmpfile=`mktemp`
+ exec 7<>"$tmpfile"
+ rm "$tmpfile"
+
+ # Run the program and capture stderr. If the program fails the
+ # function fails with the same status.
+ "$@" 2>&7 || return $?
+}
+
+# }}}
+release_diagnostics() { # {{{
+# Dump the diagnostic output captured via capture_diagnostics, optionally
+# prefixing each line.
+# Usage: release_diagnostics "prefix"
+
+ local script
+ script='
+ seek STDIN, 0, 0;
+ print "$ARGV[0]$_" while (<STDIN>);';
+ perl -e "$script" "$1" <&7
+}
+
+# }}}
+
+
+# }}}
+
+# vim: set sw=8 foldmethod=marker:
+
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-openldap/openldap.git
More information about the Pkg-openldap-devel
mailing list