Changelog
openldap (2.4.23-5) unstable; urgency=high
[ Steve Langasek ]
* High-urgency upload for RC bugfix.
* debian/slapd.scripts-common: fix gratuitous (and wrong) use of grep in
get_suffix(), which causes us to incorrectly parse any slapd.conf that
uses tabs instead of spaces. Closes: #595672.
* debian/slapd.init, debian/slapd.scripts-common: when $SLAPD_CONF is not
set in /etc/default/slapd, we should always set a default value, giving
precedence to slapd.d and falling back to slapd.conf. Users who don't
want to use an existing slapd.d should point at slapd.conf explicitly.
Closes: #594714, #596343.
* debian/slapd.init: 'invoke-rc.d slapd stop' should not fail due to the
absence of a slapd configuration; we should still exit 0 so that the
package can be removed gracefully. Closes: #596100.
* drop build-conflicts with libssl-dev; we explicitly pass
--with-tls=gnutls to configure, so there's no risk of a misbuild here.
* debian/slapd.default: now that we have a sensible default behavior in
both slapd.init and the maintainer scripts, leave SLAPD_CONF empty to
save pain later.
* debian/slapd.scripts-common: ... and do the same in
migrate_to_slapd_d_style, we just need to comment out the user's
previous entry instead of blowing it away.
* debian/slapd.scripts-common: call get_suffix in a way that lets us
separate responses by newlines, to properly handle the case when a
DN has embedded spaces. Introduces a few more stupid fd tricks to work
around possible problems with debconf. Closes: #595466.
* debian/slapd.scripts-common: when parsing the names of includes, handle
double-quotes and escape characters as described in slapd.conf(5).
Closes: #595784.
* debian/slapd.scripts-common, debian/slapd.postinst: on upgrade from
versions <= 2.4.23-4, explicitly grant access to cn=Subschema, which
otherwise is blocked by our added olcAccess settings. Closes: #596326.
* debian/slapd.init.ldif: set the acl in the default LDIF for new installs,
too.
* Likewise, grant access to dn.exact="" so that base dn autodiscovery
works as intended. Closes: #596049.
* debian/slapd.init.ldif: synchronize our behavior on new installs with
that on upgrades, avoiding the non-standard cn=localroot,cn=config.
* debian/slapd.scripts-common: don't run the migration code if slapd.d
already exists. Closes: #593965.
[ Matthijs Mohlmann ]
* Remove upgrade_supported_from_backend, implemented patch from
Peter Marschall <email address hidden> to automatically detect if an upgrade is
supported. (Closes: #594712)
[ Peter Marschall ]
* debian/slapd.init: correctly set the slapd.conf argument even when
SLAPD_PIDFILE is non-empty in /etc/default/slapd. Closes: #593880.
* debian/slapd.scripts-common: pass -g to slapadd/slapcat, so that
subordinate databases aren't incorrectly included in the dump/restore of
the parent database. Closes: #594821.
-- Steve Langasek <email address hidden> Mon, 13 Sep 2010 06:59:11 +0000