Change logs for openldap source package in Jaunty

openldap (2.4.15-1ubuntu3.1) jaunty-security; urgency=low

  * SECURITY UPDATE: null ptr deref, free uninitialized data in modrdn calls
    - openldap-2.4.22-CVE-2010-0211-modrdn_check_error.patch:
      - check return for errors and clean up uninitialized data
    - openldap-2.4.22-CVE-2010-0212-modrdn_null_deref.patch:
      - return error on 0-length or binary RDNs
    - CVE-2010-0211, CVE-2010-0212
 -- Steve Beattie <email address hidden>   Wed, 28 Jul 2010 23:28:31 -0700

openldap (2.4.15-1ubuntu3) jaunty; urgency=low

  * No-change rebuild to fix lpia shared library dependencies.

 -- Colin Watson <email address hidden>   Thu, 19 Mar 2009 09:52:40 +0000

openldap (2.4.15-1ubuntu2) jaunty; urgency=low

  * debian/slapd.postinst: create /var/run/slapd before updating its
    permissions (LP: #298928).
  * debian/slapd.init: Correclty set slapd config backend option even if the
    pidfile is configured in slapd default file (LP: #292364).
  * debian/apparmor-profile: support multiple databases to be stored under
    /var/lib/ldap/. (LP: #286614).

 -- Mathias Gug <email address hidden>   Fri, 13 Mar 2009 13:56:12 -0400

openldap (2.4.15-1ubuntu1) jaunty; urgency=low

  [ Steve Langasek ]
  * Update priority of libldap-2.4-2 to match the archive override.
  * Add the missing ldapexop and ldapurl tools to ldap-utils, as well as the
    ldapurl(1) manpage.  Thanks to Peter Marschall for the patch.
    Closes: #496749.
  * Bump build-dependency on debhelper to 6 instead of 5, since that's
    what we're using.  Closes: #498116.
  * Set the default SLAPD_SERVICES to ldap:/// ldapi:///, instead of using
    the built-in default of ldap:/// only.

  [ Mathias Gug ]
  * Merge from debian unstable, remaining changes:
    - Modify Maintainer value to match the DebianMaintainerField
      speficication.
    - AppArmor support:
      - debian/apparmor-profile: add AppArmor profile
      - debian/slapd.postinst: Reload AA profile on configuration
      - updated debian/slapd.README.Debian for note on AppArmor
      - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
      - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
        to make sure that if earlier version of apparmour-profiles gets
        installed it won't overwrite our profile.
      - follow ApparmorProfileMigration and force apparmor compalin mode on
        some upgrades (LP: #203529)
      - debian/slapd.dirs: add etc/apparmor.d/force-complain
      - debian/slapd.preinst: create symlink for force-complain on pre-feisty
        upgrades, upgrades where apparmor-profiles profile is unchanged (ie
        non-enforcing) and upgrades where apparmor profile does not exist.
      - debian/slapd.postrm: remove symlink in force-complain/ on purge
    - debian/control:
      - Build-depend on libltdl7-dev rather then libltdl3-dev.
    - debian/patches/autogen.sh:
      - Call libtoolize with the --install option to install config.{guess,sub}
        files.
    - Don't use local statement in config script as it fails if /bin/sh
      points to bash (LP: #286063).
    - Disable the testsuite on hppa. Allows building of packages on this
      architecture again, once this package is in the archive.
      LP: #288908.
    - debian/slapd.postinst, debian/slapd.script-common: set correct ownership
      and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group readable) and
      /var/run/slapd (world readable). (LP: #257667).
    - Enable nssoverlay:
      - debian/patches/nssov-build, debian/rules: Build and package
        the nss overlay.
      - debian/schema/misc.ldif: add ldif file for the misc schema
        which defines rfc822MailMember (required by the nss overlay).
    - debian/{control,rules}: enable PIE hardening
    - Use cn=config as the default configuration backend instead of
      slapd.conf. Migrate slapd.conf  file to /etc/ldap/slapd.d/ on upgrade
      asking the end user to enter a new password to control the access to the
      cn=config tree.
  * Dropped:
    - debian/patches/corrupt-contextCSN: The contextCSN can get corrupted at
      times. (ITS: #5947) Fixed in new upstream version 2.4.15.
    - debian/patches/fix-ucred-libc due to changes how newer glibc handle
      the ucred struct now. Implemented in Debian.
  * debian/patches/fix-ldap_back_entry_get_rwa.patch: fix test-0034 failure
    when built with PIE.
  * debian/patches/gnutls-enable-v1-ca-certs: Enable V1 CA certs to be
    trusted (LP: #305264).

openldap (2.4.15-1) unstable; urgency=low

  [ Steve Langasek ]
  * New upstream version
    - Fixes a bug with the pcache overlay not returning cached entries
      (closes: #497697)
    - Update evolution-ntlm patch to apply to current Makefiles.
    - (tentatively) drop gnutls-ciphers, since this bug was reported to be
      fixed upstream in 2.4.8.  The fix applied in 2.4.8 didn't match the
      patch from the bug report, so this should be watched for regressions.
  * Build against db4.7 instead of db4.2 at last!  Closes: #421946.
  * Build with --disable-ndb, to avoid a misbuild when libmysqlclient is
    installed in the build environment.
  * Add -D_GNU_SOURCE to CFLAGS, apparently required for building with
    current headers in unstable

 -- Mathias Gug <email address hidden>   Fri, 06 Mar 2009 17:34:21 -0500

openldap (2.4.14-0ubuntu1) jaunty; urgency=low

  [ Steve Langasek ]
  * New upstream version
    - Fixes a bug with the pcache overlay not returning cached entries
      (closes: #497697)
    - Update evolution-ntlm patch to apply to current Makefiles.
    - (tentatively) drop gnutls-ciphers, since this bug was reported to be
      fixed upstream in 2.4.8.  The fix applied in 2.4.8 didn't match the
      patch from the bug report, so this should be watched for regressions.
  * Build against db4.7 instead of db4.2 at last!  Closes: #421946.
  * Build with --disable-ndb, to avoid a misbuild when libmysqlclient is
    installed in the build environment.
  * New patch, no-crlcheck-for-gnutls, to fix a build failure when using
    --with-tls=gnutls.

  [ Mathias Gug ]
  * Merge from debian unstable, remaining changes:
    - debian/apparmor-profile: add AppArmor profile
    - debian/slapd.postinst: Reload AA profile on configuration
    - updated debian/slapd.README.Debian for note on AppArmor
    - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
    - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
      to make sure that if earlier version of apparmour-profiles gets
      installed it won't overwrite our profile.
    - Modify Maintainer value to match the DebianMaintainerField
      speficication.
    - follow ApparmorProfileMigration and force apparmor compalin mode on
      some upgrades (LP: #203529)
    - debian/slapd.dirs: add etc/apparmor.d/force-complain
    - debian/slapd.preinst: create symlink for force-complain on pre-feisty
      upgrades, upgrades where apparmor-profiles profile is unchanged (ie
      non-enforcing) and upgrades where apparmor profile does not exist.
    - debian/slapd.postrm: remove symlink in force-complain/ on purge
    - debian/patches/fix-ucred-libc due to changes how newer glibc handle
      the ucred struct now.
    - debian/control:
      - Build-depend on libltdl7-dev rather then libltdl3-dev.
    - debian/patches/autogen.sh:
      - Call libtoolize with the --install option to install config.{guess,sub}
        files.
    - Don't use local statement in config script as it fails if /bin/sh
      points to bash (LP: #286063).
    - Disable the testsuite on hppa. Allows building of packages on this
      architecture again, once this package is in the archive.
      LP: #288908.
    - debian/slapd.postinst, debian/slapd.script-common: set correct ownership
      and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group readable) and
      /var/run/slapd (world readable). (LP: #257667).
    - debian/patches/nssov-build, debian/rules:
      Build and package the nss overlay.
      debian/schema/misc.ldif: add ldif file for the misc schema, which defines
      rfc822MailMember (required by the nss overlay).
    - debian/{control,rules}: enable PIE hardening
    - Use cn=config as the default configuration backend instead of
      slapd.conf. Migrate slapd.conf  file to /etc/ldap/slapd.d/ on upgrade
      asking the end user to enter a new password to control the access to the
      cn=config tree.
  * debian/patches/corrupt-contextCSN: The contextCSN can get corrupted at
    times. (ITS: #5947)

openldap (2.4.11-1) unstable; urgency=low

  * New upstream version (closes: #499560).
    - Fixes a crash with syncrepl and delcsn (closes: #491066).
    - Fix CRL handling with GnuTLS (closes: #498410).
    - Drop patches no_backend_inter-linking,
      CVE-2008-2952_BER-decoding-assertion, and gnutls-ssf, applied
      upstream.

  [ Russ Allbery ]
  * New patch, back-perl-init, which updates the calling conventions
    around initialization and shutdown of the Perl interpreter to match
    the current perlembed recommendations.  Fixes probable hangs on HPPA
    in back-perl.  Thanks, Niko Tyni.  (Closes: #495069)

  [ Steve Langasek ]
  * Drop the conflict with libldap2, which is not the standard means of
    handling symbol conflicts in Debian and which causes serious upgrade
    problems from etch.  Closes: #487211.

 -- Mathias Gug <email address hidden>   Wed, 18 Feb 2009 18:44:00 -0500

openldap (2.4.11-0ubuntu7) jaunty; urgency=low

  * Don't use local statement in config script as it fails if /bin/sh
    points to bash (LP: #286063).

 -- Mathias Gug <email address hidden>   Tue, 04 Nov 2008 20:03:46 -0500

openldap (2.4.11-0ubuntu6) intrepid; urgency=low

  * Disable the testsuite on hppa. Allows building of packages on this
    architecture again, once this package is in the archive.
    LP: #288908.

 -- Matthias Klose <email address hidden>   Fri, 24 Oct 2008 23:22:33 +0200