[ Mathias Gug ]
* Merge from debian unstable, remaining changes:
- debian/apparmor-profile: add AppArmor profile
- debian/slapd.postinst: Reload AA profile on configuration
- updated debian/slapd.README.Debian for note on AppArmor
- debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
- debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
to make sure that if earlier version of apparmour-profiles gets
installed it won't overwrite our profile.
- Modify Maintainer value to match the DebianMaintainerField
speficication.
- follow ApparmorProfileMigration and force apparmor compalin mode on
some upgrades (LP: #203529)
- debian/slapd.dirs: add etc/apparmor.d/force-complain
- debian/slapd.preinst: create symlink for force-complain on pre-feisty
upgrades, upgrades where apparmor-profiles profile is unchanged (ie
non-enforcing) and upgrades where apparmor profile does not exist.
- debian/slapd.postrm: remove symlink in force-complain/ on purge
- debian/patches/fix-ucred-libc due to changes how newer glibc handle
the ucred struct now.
- debian/patches/fix-unique-overlay-assertion.patch:
Fix another assertion error in unique overlay (LP: #243337).
Backport from head.
* Dropped - implemented in Debian:
- debian/patches/fix-gnutls-key-strength.patch:
Fix slapd handling of ssf using gnutls. (LP: #244925).
- debian/control:
Add time as build dependency: needed by make test.
* debian/control:
- Build-depend on libltdl7-dev rather then libltdl3-dev.
* debian/patches/autogen.sh:
- Call libtoolize with the --install option to install config.{guess,sub}
files.
[ Steve Langasek ]
* New patch, CVE-2008-2952_BER-decoding-assertion, to fix a remote DoS
vulnerability in the BER decoder. Addresses CVE-2008-2952,
closes: #488710.
* debian/slapd.scripts-common, debian/slapd.postinst: drop
update_path_argsfile_pidfile function, not needed for updates from etch
or newer.
* Drop the code to check for and upgrade ldbm databases. The etch
release of slapd had already dropped support for them and direct
upgrades from sarge are not supported.
[ Russ Allbery ]
* Apply upstream patch to convert GnuTLS cipher strength from bytes to
bits, as expected by OpenLDAP. (Closes: #473796)
* Add Build-Depends on time, used by the test suite and only a shell
built-in with bash. Thanks, Daniel Schepler. (Closes: #490754)
* Refresh all patches, convert all patches to -p1, and remove extraneous
Index: lines. (Closes: #485263)
* Unless DFSG_NONFREE is set, also check whether the upstream schemas
with RFC comments are included.
* Update standards version to 3.8.0.
- Include debian/README.source pointing to the quilt README.source.
- Wrap Uploaders for readability.
* Wrap slapd's Depends for readability.
[ Updated debconf translations ]
* Swedish, thanks to Martin Ågren <email address hidden>.
Closes: #492748.
This bug was fixed in the package openldap - 2.4.10-3ubuntu1
---------------
openldap (2.4.10-3ubuntu1) intrepid; urgency=low
[ Mathias Gug ] apparmor- profile: add AppArmor profile slapd.postinst: Reload AA profile on configuration slapd.README. Debian for note on AppArmor rField tion. Migration and force apparmor compalin mode on d/force- complain slapd.preinst: create symlink for force-complain on pre-feisty enforcing) and upgrades where apparmor profile does not exist. slapd.postrm: remove symlink in force-complain/ on purge patches/ fix-ucred- libc due to changes how newer glibc handle patches/ fix-unique- overlay- assertion. patch: patches/ fix-gnutls- key-strength. patch: patches/ autogen. sh:
* Merge from debian unstable, remaining changes:
- debian/
- debian/
- updated debian/
- debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
- debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
to make sure that if earlier version of apparmour-profiles gets
installed it won't overwrite our profile.
- Modify Maintainer value to match the DebianMaintaine
speficica
- follow ApparmorProfile
some upgrades (LP: #203529)
- debian/slapd.dirs: add etc/apparmor.
- debian/
upgrades, upgrades where apparmor-profiles profile is unchanged (ie
non-
- debian/
- debian/
the ucred struct now.
- debian/
Fix another assertion error in unique overlay (LP: #243337).
Backport from head.
* Dropped - implemented in Debian:
- debian/
Fix slapd handling of ssf using gnutls. (LP: #244925).
- debian/control:
Add time as build dependency: needed by make test.
* debian/control:
- Build-depend on libltdl7-dev rather then libltdl3-dev.
* debian/
- Call libtoolize with the --install option to install config.{guess,sub}
files.
[ Jamie Strandboge ]
* adjust apparmor profile to allow gssapi (LP: #229252)
* adjust apparmor profile to allow cnconfig (LP: #243525)
openldap (2.4.10-3) unstable; urgency=low
[ Steve Langasek ] 2952_BER- decoding- assertion, to fix a remote DoS slapd.scripts- common, debian/ slapd.postinst: drop path_argsfile_ pidfile function, not needed for updates from etch
* New patch, CVE-2008-
vulnerability in the BER decoder. Addresses CVE-2008-2952,
closes: #488710.
* debian/
update_
or newer.
* Drop the code to check for and upgrade ldbm databases. The etch
release of slapd had already dropped support for them and direct
upgrades from sarge are not supported.
[ Russ Allbery ] README. source pointing to the quilt README.source.
* Apply upstream patch to convert GnuTLS cipher strength from bytes to
bits, as expected by OpenLDAP. (Closes: #473796)
* Add Build-Depends on time, used by the test suite and only a shell
built-in with bash. Thanks, Daniel Schepler. (Closes: #490754)
* Refresh all patches, convert all patches to -p1, and remove extraneous
Index: lines. (Closes: #485263)
* Unless DFSG_NONFREE is set, also check whether the upstream schemas
with RFC comments are included.
* Update standards version to 3.8.0.
- Include debian/
- Wrap Uploaders for readability.
* Wrap slapd's Depends for readability.
[ Updated debconf translations ]
* Swedish, thanks to Martin Ågren <email address hidden>.
Closes: #492748.
-- Mathias Gug <email address hidden> Wed, 30 Jul 2008 19:46:02 -0400