Format: 1.8
Date: Sat, 06 Jun 2020 19:58:09 +0000
Source: openldap
Architecture: source
Version: 2.4.50+dfsg-1ubuntu1~ubuntu20.04.1~ppa1
Distribution: focal
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Changed-By: Ryan Tandy <ryan@nardis.ca>
Closes: 861838 864637 920283 955977 955993 958869 960448
Launchpad-Bugs-Fixed: 1875697
Changes:
 openldap (2.4.50+dfsg-1ubuntu1~ubuntu20.04.1~ppa1) focal; urgency=medium
 .
   * No-change backport to focal
 .
 openldap (2.4.50+dfsg-1ubuntu1) groovy; urgency=medium
 .
   * Merge with Debian unstable. Remaining changes:
     - Enable AppArmor support:
       + d/apparmor-profile: add AppArmor profile
       + d/rules: use dh_apparmor
       + d/control: Build-Depends on dh-apparmor
       + d/slapd.README.Debian: add note about AppArmor
     - Enable GSSAPI support (first added in 2.4.18-0ubuntu2):
       + d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
         - Add --with-gssapi support
         - Make guess_service_principal() more robust when determining
           principal
       + d/configure.options: Configure with --with-gssapi
       + d/control: Added heimdal-dev as a build depend
       + d/rules:
         - Explicitly add -I/usr/include/heimdal to CFLAGS.
         - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
       + d/libldap-2.4-2.symbols: add symbols for GSSAPI support
       This should be dropped when the soname changes.
     - Enable ufw support:
       + d/control: suggest ufw.
       + d/rules: install ufw profile.
       + d/slapd.ufw.profile: add ufw profile.
     - Enable nss overlay:
       + d/rules:
         - add nssov to CONTRIB_MODULES
         - add sysconfdir to CONTRIB_MAKEVARS
       + d/slapd.install:
         - install nssov overlay
       + d/slapd.manpages:
         - install slapo-nssov(5) man page
       + d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
         Debian bug #919136, we also have to patch the nssov makefile
         accordingly and thus update this patch.
     - d/{rules,slapd.py}: Add apport hook.
     - d/slapd.scripts-common:
       + add slapcat_opts to local variables.
       + Fix backup directory naming for multiple reconfiguration.
     - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
     - Add support for CLDAP (UDP) support, back then required by
       likewise-open (first enabled in 2.4.17-1ubuntu2):
       + d/rules: Enable -DLDAP_CONNECTIONLESS
       + d/libldap-2.4-2.symbols: add symbols for CLDAP (UDP)
       This should be dropped when the soname changes.
     - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because
       of test timing issue.
   * Dropped:
     - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
       either the default DIT nor via an Authn mapping.
       [Not worth keeping a delta for, as having olcRootDN doesn't hurt]
     - Show distribution in version:
       - d/control: added lsb-release
       - d/patches/fix-ldap-distribution.patch: show distribution in version
       [Debian now shows the full package version]
     - SECURITY UPDATE: denial of service via nested search filters
       + debian/patches/CVE-2020-12243.patch: limit depth of nested
         filters in servers/slapd/filter.c.
       [Fixed upstream]
   * Added:
     - d/rules, debian/patches/set-maintainer-name: Extract maintainer
       address dynamically from debian/control. Thanks to Ryan Tandy
       <ryan@nardis.ca> (Closes: #960448, LP: #1875697)
 .
 openldap (2.4.50+dfsg-1) unstable; urgency=medium
 .
   * New upstream release.
     - Fixed slapd to limit depth of nested filters
       (ITS#9202) (CVE-2020-12243)
     - Drop patches included upstream: argon2.patch, ITS#9171, ITS#8650.
   * Update Spanish debconf translation.
     Thanks to Camaleón. (Closes: #958869)
 .
 openldap (2.4.49+dfsg-4) unstable; urgency=medium
 .
   * Annotate libsodium-dev dependency with <!pkg.openldap.noslapd>.
     Thanks to Helmut Grohne. (Closes: #955993)
   * Add the man page for the Argon2 password module.
     Thanks to Peter Marschall. (Closes: #955977)
   * Build the Argon2 password module with libargon2-dev instead of
     libsodium-dev. Rationale:
     - libargon2 contains the specific functionality needed; libsodium is a
       larger library and contains many features not used here
     - libsodium does not support configuring the p= (parallelism) parameter
   * Import upstream patch to properly retry gnutls_handshake() after it
     returns GNUTLS_E_AGAIN. (ITS#8650) (Closes: #861838)
   * Update the Argon2 password module to upstream commit feb6f21d2e.
 .
 openldap (2.4.49+dfsg-3) unstable; urgency=medium
 .
   * Drop patch no-AM_INIT_AUTOMAKE. Instead, configure dh_autoreconf to skip
     automake by setting AUTOMAKE=/bin/true. (Closes: #864637)
   * debian/patches/debian-version: Show Debian version, instead of upstream
     version, in version strings.
   * Add ${perl:Depends} to slapd Depends to silence a dpkg-gencontrol warning.
     This is practically a no-op since slapd explicitly Depends on perl because
     of the maintainer scripts.
   * Import the Argon2 password module from upstream git and install it in
     slapd-contrib. New Build-Depends: libsodium-dev. (Closes: #920283)
 .
 openldap (2.4.49+dfsg-2ubuntu2) groovy; urgency=medium
 .
   * SECURITY UPDATE: denial of service via nested search filters
     - debian/patches/CVE-2020-12243.patch: limit depth of nested filters in
       servers/slapd/filter.c.
     - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because of
       test timing issue.
     - CVE-2020-12243
Checksums-Sha1:
 64a9303f585affdbb2ab2a5c7768dbc92532ca39 3251 openldap_2.4.50+dfsg-1ubuntu1~ubuntu20.04.1~ppa1.dsc
 8fc7858712f66891f59bb5ae8b8a85a291a5b369 4891077 openldap_2.4.50+dfsg.orig.tar.gz
 e5407a6d642ed939912f78d37e738024225b2484 181104 openldap_2.4.50+dfsg-1ubuntu1~ubuntu20.04.1~ppa1.debian.tar.xz
 d8e62a668405df152832817d40fd7a124af78e66 4905 openldap_2.4.50+dfsg-1ubuntu1~ubuntu20.04.1~ppa1_source.buildinfo
Checksums-Sha256:
 a70d9700bd24aa455c50e66ac1f1ec9f32c9677ea1b4adf4f999d1e6031c42fc 3251 openldap_2.4.50+dfsg-1ubuntu1~ubuntu20.04.1~ppa1.dsc
 77e5be35661d2fb51c4425fc5985c668fa0e53cbc83a6c0962470fd240fd7655 4891077 openldap_2.4.50+dfsg.orig.tar.gz
 d2b09276212e1defa76023ed45917781a6eb071458a653d292d46f1971d09967 181104 openldap_2.4.50+dfsg-1ubuntu1~ubuntu20.04.1~ppa1.debian.tar.xz
 c456a079a4b7cf3480ca321b8b68560d0fe786fb50f2fb9c8bb7d301bdc9aa6d 4905 openldap_2.4.50+dfsg-1ubuntu1~ubuntu20.04.1~ppa1_source.buildinfo
Files:
 6b7be9fba257aee1dd7d3f53c6a9d72b 3251 net optional openldap_2.4.50+dfsg-1ubuntu1~ubuntu20.04.1~ppa1.dsc
 7330a5bb1ae8c995b04f2c8fbaaef0f6 4891077 net optional openldap_2.4.50+dfsg.orig.tar.gz
 b7d51ce9ea87c971ac48ba5f020d7eb1 181104 net optional openldap_2.4.50+dfsg-1ubuntu1~ubuntu20.04.1~ppa1.debian.tar.xz
 c4c21173c629ece3281204fa6c382088 4905 net optional openldap_2.4.50+dfsg-1ubuntu1~ubuntu20.04.1~ppa1_source.buildinfo
Original-Maintainer: Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>