openldap 2.4.48+dfsg-1ubuntu1 source package in Ubuntu


openldap (2.4.48+dfsg-1ubuntu1) eoan; urgency=medium

  * Merge with Debian unstable. Remaining changes:
    - Enable AppArmor support:
      - d/apparmor-profile: add AppArmor profile
      - d/rules: use dh_apparmor
      - d/control: Build-Depends on dh-apparmor
      - d/slapd.README.Debian: add note about AppArmor
    - Enable GSSAPI support:
      - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
        - Add --with-gssapi support
        - Make guess_service_principal() more robust when determining
      - d/configure.options: Configure with --with-gssapi
      - d/control: Added heimdal-dev as a build depend
      - d/rules:
        - Explicitly add -I/usr/include/heimdal to CFLAGS.
        - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
    - Enable ufw support:
      - d/control: suggest ufw.
      - d/rules: install ufw profile.
      - d/slapd.ufw.profile: add ufw profile.
    - Enable nss overlay:
      - d/rules:
        - add nssov to CONTRIB_MODULES
        - add sysconfdir to CONTRIB_MAKEVARS
      - d/slapd.install:
        - install nssov overlay
      - d/slapd.manpages:
        - install slapo-nssov(5) man page
    - d/{rules,}: Add apport hook.
    - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
      either the default DIT nor via an Authn mapping.
    - d/slapd.scripts-common:
      - add slapcat_opts to local variables.
      - Fix backup directory naming for multiple reconfiguration.
    - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
    - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
      in the openldap library, as required by Likewise-Open
    - Show distribution in version:
      - d/control: added lsb-release
      - d/patches/fix-ldap-distribution.patch: show distribution in version
    - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
      - CLDAP (UDP) was added in 2.4.17-1ubuntu2
      - GSSAPI support was enabled in 2.4.18-0ubuntu2
    - d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
      Debian bug #919136, we also have to patch the nssov makefile
      accordingly and thus update this patch.
  * Dropped:
    - Fix sysv-generator unit file by customizing parameters (LP #1821343)
      + d/slapd-remain-after-exit.conf: Override RemainAfterExit to allow
        correct systemctl status for slapd daemon.
      + d/slapd.install: place override file in correct location.
      [Included in 2.4.48+dfsg-1]
    - SECURITY UPDATE: rootDN proxyauthz not restricted to its own databases
      + debian/patches/CVE-2019-13057-1.patch: add restriction to
      + debian/patches/CVE-2019-13057-2.patch: add tests to
        tests/data/idassert.out, tests/data/slapd-idassert.conf,
        tests/data/test-idassert1.ldif, tests/scripts/test028-idassert.
      + debian/patches/CVE-2019-13057-3.patch: fix typo in
      + debian/patches/CVE-2019-13057-4.patch: fix typo in
      + CVE-2019-13057
      [Fixed upstream]
    - SECURITY UPDATE: SASL SSF not initialized per connection
      + debian/patches/CVE-2019-13565.patch: zero out sasl_ssf in
        connection_init in servers/slapd/connection.c.
      + CVE-2019-13565
      [Fixed upstream]

openldap (2.4.48+dfsg-1) unstable; urgency=medium

  * New upstream release.
    - fixed slapd to restrict rootDN proxyauthz to its own databases
      (CVE-2019-13057) (ITS#9038) (Closes: #932997)
    - fixed slapd to enforce sasl_ssf ACL statement on every connection
      (CVE-2019-13565) (ITS#9052) (Closes: #932998)
    - added new openldap.h header with OpenLDAP specific libldap interfaces
    - updated lastbind overlay to support forwarding authTimestamp updates
      (ITS#7721) (Closes: #880656)
  * Update Standards-Version to 4.4.0.
  * Add a systemd drop-in to set RemainAfterExit=no on the slapd service, so
    that systemd marks the service as dead after it crashes or is killed.
    Thanks to Heitor Alves de Siqueira. (Closes: #926657, LP: #1821343)
  * Use more entropy for generating a random admin password, if none was set
    during initial configuration. Thanks to Judicael Courant.
    (Closes: #932270)
  * Replace debian/rules calls to dpkg-architecture and dpkg-parsechangelog
    with variables provided by dpkg-dev includes.
  * Declare R³: no.
  * Create a simple autopkgtest that tests installing slapd and connecting to
    it with an ldap tool.
  * Install the new openldap.h header in libldap2-dev.

 -- Andreas Hasenack <email address hidden>  Wed, 31 Jul 2019 18:01:14 -0300

Upload details

Uploaded by:
Andreas Hasenack on 2019-08-01
Uploaded to:
Original maintainer:
Ubuntu Developers
any all
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Focal release on 2019-10-18 main net
Eoan release on 2019-08-02 main net


File Size SHA-256 Checksum
openldap_2.4.48+dfsg.orig.tar.gz 4.6 MiB 8645601c28f094b01baed02a604479b175a45ba010e407212d214313bc6a80ba
openldap_2.4.48+dfsg-1ubuntu1.debian.tar.xz 174.9 KiB ead23f7be35e1c9e29842b6cdd05f9109c152a48d05d6d25b338d7489b747604
openldap_2.4.48+dfsg-1ubuntu1.dsc 2.9 KiB 55f8393e57088acd89438cfa66e19af919edc867c8ee462d4c6132cb597a2916

View changes file

Binary packages built by this source

ldap-utils: OpenLDAP utilities

 This package provides utilities from the OpenLDAP (Lightweight
 Directory Access Protocol) package. These utilities can access a
 local or remote LDAP server and contain all the client programs
 required to access LDAP servers.

ldap-utils-dbgsym: debug symbols for ldap-utils
libldap-2.4-2: OpenLDAP libraries

 These are the run-time libraries for the OpenLDAP (Lightweight Directory
 Access Protocol) servers and clients.

libldap-2.4-2-dbgsym: debug symbols for libldap-2.4-2
libldap-common: OpenLDAP common files for libraries

 These are common files for the run-time libraries for the OpenLDAP
 (Lightweight Directory Access Protocol) servers and clients.

libldap2-dev: OpenLDAP development libraries

 This package allows development of LDAP applications using the OpenLDAP
 libraries. It includes headers, libraries and links to allow static and
 dynamic linking.

slapd: OpenLDAP server (slapd)

 This is the OpenLDAP (Lightweight Directory Access Protocol) server
 (slapd). The server can be used to provide a standalone directory

slapd-contrib: contributed plugins for OpenLDAP slapd

 This package contains a number of slapd overlays and plugins contributed by
 the OpenLDAP community. While distributed as part of OpenLDAP Software, they
 are not necessarily supported by the OpenLDAP Project.

slapd-contrib-dbgsym: debug symbols for slapd-contrib
slapd-dbgsym: debug symbols for slapd
slapd-smbk5pwd: transitional package for slapd-contrib

 This is a transitional package from slapd-smbk5pwd to slapd-contrib. It can be
 safely removed.

slapi-dev: development libraries for OpenLDAP SLAPI plugin interface

 This package allows development of plugins for the OpenLDAP slapd server
 using the SLAPI interface. It includes the headers and libraries needed
 to build such plugins.