openldap (2.4.21-0ubuntu5.4+lliurex2) UNRELEASED; urgency=low * NOT RELEASED YET -- Ignacio Vidal Hurtado Tue, 23 Nov 2010 13:31:41 +0100 openldap (2.4.21-0ubuntu5.4+lliurex1) lucid; urgency=low * Fix FD_SIZE for Lliurex 10.09 -- Ignacio Vidal Hurtado Tue, 23 Nov 2010 11:56:18 +0100 openldap (2.4.21-0ubuntu5.3) lucid-proposed; urgency=low * debian/slapd.postinst: Properly index cn=localroot,cn=config olcAccess line on upgrade from karmic. (LP: #571057) -- Mathias Gug Tue, 10 Aug 2010 12:36:27 -0400 openldap (2.4.21-0ubuntu5.2) lucid-security; urgency=low * SECURITY UPDATE: null ptr deref, free uninitialized data in modrdn calls - openldap-2.4.22-CVE-2010-0211-modrdn_check_error.patch: - check return for errors and clean up uninitialized data - openldap-2.4.22-CVE-2010-0212-modrdn_null_deref.patch: - return error on 0-length or binary RDNs - CVE-2010-0211, CVE-2010-0212 -- Steve Beattie Wed, 28 Jul 2010 16:36:36 -0700 openldap (2.4.21-0ubuntu5) lucid; urgency=low * Fix local root connection access: replace olcAuthzRegexp mapping to cn=localroot,cn=config with using the SASL dn directly in olcAccess. Makes upgrades much simpler and robust (LP: #563829). -- Mathias Gug Fri, 23 Apr 2010 00:23:31 -0400 openldap (2.4.21-0ubuntu4) lucid; urgency=low [ Simon Olofsson ] * debian/slapd.postinst: - Show a message after successful migration (LP: #538848) [ Jorgen Rosink ] * debian/slapd.init: add simple status checking with LSB compatible exit codes (LP: #562377) * debian/slapd.init.ldif: - remove admin user in default config database (LP: #556176) - in default config, add olcAccess entries giving access to controls available and cn=subschema (LP: #427842) [ Scott Moser ] * debian/slapd.scripts-common: Do not create /nonexistent directory for openldap user's home (LP: #556176) * debian/slapd.postinst: fix cn=config olcAccess migration (LP: #559070) -- Scott Moser Mon, 12 Apr 2010 16:16:47 -0400 openldap (2.4.21-0ubuntu3) lucid; urgency=low * debian/slapd.postinst, debian/slapd.scripts-common: Upgrade databases before trying to convert to slapd.d, to avoid upgrade failure from hardy (LP: #536958) * debian/slapd.postinst: Add a {1} numeric index to olcAccess entry in olcDatabase={0}config.ldif to avoid upgrade failures (LP: #538516, #526230) -- Thierry Carrez Mon, 29 Mar 2010 13:31:47 +0200 openldap (2.4.21-0ubuntu2) lucid; urgency=low * debian/apparmor-profile: Update apparmor profile. (LP: #508190) -- Chuck Short Tue, 09 Mar 2010 13:33:35 -0500 openldap (2.4.21-0ubuntu1) lucid; urgency=low * New upstream release. * debian/rules, debian/schema/extra/: Fix get-orig-source rule to supports extra schemas shipped as part of the debian/schema/ directory. -- Mathias Gug Thu, 18 Feb 2010 00:58:13 -0500 openldap (2.4.18-0ubuntu2) lucid; urgency=low * debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise): - Add --with-gssapi support - Make guess_service_principal() more robust when determining principal * Enable GSSAPI support (LP: #495418): - debian/configure.options: Configure with --with-gssapi - debian/control: Added libkrb5-dev as a build depend -- Thierry Carrez Fri, 11 Dec 2009 11:31:11 +0100 openldap (2.4.18-0ubuntu1) karmic; urgency=low * New upstream release: (LP: #419515): + pcache overlay supports disconnected mode. * Fix nss overlay load (LP: #417163). -- Mathias Gug Mon, 07 Sep 2009 13:41:10 -0400 openldap (2.4.17-1ubuntu3) karmic; urgency=low * Install a minimal slapd configuration instead of creating a default database with a default DIT: + Move openldap user home from /var/lib/ldap to /nonexistent. + Remove all code and templates dealing with the default database and DIT creation. + Add an Authz map from root user (UID=0) to cn=localroot,cn=config and grant all access to the latter in the cn=config database as well as the default backend configuration. * Add cn=localroot,cn=config authz mapping on upgrades. -- Mathias Gug Tue, 11 Aug 2009 14:48:56 -0400 openldap (2.4.17-1ubuntu2) karmic; urgency=low [ Thierry Carrez ] * debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support in the openldap library, as required by Likewise-Open (LP: #390579) [ Mathias Gug ] * debian/patches/its6077-uniqueness-overlay: fixes some issues with the uniqueness overlay. * debian/patches/its6220-writetimeout-directive: fixes a problem with the writetimeout directive being in effect even if it wasn't set, closing connections incorrectly. * debian/patches/its6222-dncachesize-parameter: fixes the behavior of the dncachesize parameter that was added in RE24, so that if it is set to "0" (now the default), it has an unlimited DN cache (RE23 always had an unlimited DN cache). -- Mathias Gug Fri, 31 Jul 2009 13:43:46 -0400 openldap (2.4.17-1ubuntu1) karmic; urgency=low [ Steve Langasek ] * Fix up the lintian warnings: - add missing misc-depends on all packages - slapd, libldap-2.4-2-dbg sections changed to 'debug' to match archive overrides - bump Standards-Version to 3.8.2, no changes required. [ Mathias Gug ] * Resynchronise with Debian. Remaining changes: - AppArmor support: - debian/apparmor-profile: add AppArmor profile - updated debian/slapd.README.Debian for note on AppArmor - debian/slapd.dirs: add etc/apparmor.d/force-complain - debian/slapd.postrm: remove symlink in force-complain/ on purge - debian/rules: install apparmor profile. - Don't use local statement in config script as it fails if /bin/sh points to bash. - debian/slapd.postinst, debian/slapd.script-common: set correct ownership and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group readable) and /var/run/slapd (world readable). - Enable nssoverlay: - debian/patches/nssov-build, debian/rules: Build and package the nss overlay. - debian/schema/misc.ldif: add ldif file for the misc schema which defines rfc822MailMember (required by the nss overlay). - debian/{control,rules}: enable PIE hardening - Use cn=config as the default configuration backend instead of slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade asking the end user to enter a new password to control the access to the cn=config tree. - debian/slapd.postinst: create /var/run/slapd before updating its permissions. - debian/slapd.init: Correctly set slapd config backend option even if the pidfile is configured in slapd default file. * Dropped: - Merged in Debian: - Update priority of libldap-2.4-2 to match the archive override. - Add the missing ldapexop and ldapurl tools to ldap-utils, as well as the ldapurl(1) manpage. - Bump build-dependency on debhelper to 6 instead of 5, since that's what we're using. - Set the default SLAPD_SERVICES to ldap:/// ldapi:///, instead of using the built-in default of ldap:/// only. - Fixed in upstream release: - debian/patches/fix-ldap_back_entry_get_rwa.patch: fix test-0034 failure when built with PIE. - debian/patches/gnutls-enable-v1-ca-certs: Enable V1 CA certs to be trusted. - Update Apparmor profile support: don't support upgrade from pre-hardy systems: - debian/slapd.postinst: Reload AA profile on configuration - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6 - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4 to make sure that if earlier version of apparmor-profiles gets installed it won't overwrite our profile. - follow ApparmorProfileMigration and force apparmor complain mode on some upgrades - debian/slapd.preinst: create symlink for force-complain on pre-feisty upgrades, upgrades where apparmor-profiles profile is unchanged (ie non-enforcing) and upgrades where apparmor profile does not exist. - debian/patches/autogen.sh: no longer needed with karmic libtool. - Call libtoolize with the --install option to install config.{guess,sub} files. -- Mathias Gug Thu, 30 Jul 2009 16:42:58 -0400 openldap (2.4.17-1) unstable; urgency=low * New upstream version. - Fixes FTBFS on ia64 with -fPIE. Closes: #524770. - Fixes some TLS issues with GnuTLS. Closes: #505191. * Update priority of libldap-2.4-2 to match the archive override. * Add the missing ldapexop and ldapurl tools to ldap-utils, as well as the ldapurl(1) manpage. Thanks to Peter Marschall for the patch. Closes: #496749. * Bump build-dependency on debhelper to 6 instead of 5, since that's what we're using. Closes: #498116. * Set the default SLAPD_SERVICES to ldap:/// ldapi:///, instead of using the built-in default of ldap:/// only. * Build-depend on libltdl-dev | libltdl3-dev (>= 1.4.3), for the package name change. Closes: #522965. [ Updated debconf translations ] * Spanish, thanks to Francisco Javier Cuadrado . Closes: #521804. -- Steve Langasek Tue, 28 Jul 2009 10:17:15 -0700 openldap (2.4.15-1.1ubuntu1) karmic; urgency=low * Resynchronise with Debian. Remaining changes: - AppArmor support: - debian/apparmor-profile: add AppArmor profile - debian/slapd.postinst: Reload AA profile on configuration - updated debian/slapd.README.Debian for note on AppArmor - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6 - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4 to make sure that if earlier version of apparmor-profiles gets installed it won't overwrite our profile. - follow ApparmorProfileMigration and force apparmor complain mode on some upgrades - debian/slapd.dirs: add etc/apparmor.d/force-complain - debian/slapd.preinst: create symlink for force-complain on pre-feisty upgrades, upgrades where apparmor-profiles profile is unchanged (ie non-enforcing) and upgrades where apparmor profile does not exist. - debian/slapd.postrm: remove symlink in force-complain/ on purge - debian/patches/autogen.sh: - Call libtoolize with the --install option to install config.{guess,sub} files. - Don't use local statement in config script as it fails if /bin/sh points to bash. - debian/slapd.postinst, debian/slapd.script-common: set correct ownership and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group readable) and /var/run/slapd (world readable). - Enable nssoverlay: - debian/patches/nssov-build, debian/rules: Build and package the nss overlay. - debian/schema/misc.ldif: add ldif file for the misc schema which defines rfc822MailMember (required by the nss overlay). - debian/{control,rules}: enable PIE hardening - Use cn=config as the default configuration backend instead of slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade asking the end user to enter a new password to control the access to the cn=config tree. - Update priority of libldap-2.4-2 to match the archive override. - Add the missing ldapexop and ldapurl tools to ldap-utils, as well as the ldapurl(1) manpage. - Bump build-dependency on debhelper to 6 instead of 5, since that's what we're using. - Set the default SLAPD_SERVICES to ldap:/// ldapi:///, instead of using the built-in default of ldap:/// only. - debian/patches/fix-ldap_back_entry_get_rwa.patch: fix test-0034 failure when built with PIE. - debian/patches/gnutls-enable-v1-ca-certs: Enable V1 CA certs to be trusted. - debian/slapd.postinst: create /var/run/slapd before updating its permissions. - debian/slapd.init: Correctly set slapd config backend option even if the pidfile is configured in slapd default file. * Drop patch to avoid the test suite on hppa, as hppa is EOL. -- Colin Watson Wed, 24 Jun 2009 10:45:20 +0100 openldap (2.4.15-1.1) unstable; urgency=low * Non-maintainer upload. * Change libltdl3-dev Build-Depends to libltdl-dev | libltdl3-dev (Closes: #522965) -- Kurt Roeckx Sun, 19 Apr 2009 18:24:32 +0200 openldap (2.4.15-1ubuntu3) jaunty; urgency=low * No-change rebuild to fix lpia shared library dependencies. -- Colin Watson Thu, 19 Mar 2009 09:52:40 +0000 openldap (2.4.15-1ubuntu2) jaunty; urgency=low * debian/slapd.postinst: create /var/run/slapd before updating its permissions (LP: #298928). * debian/slapd.init: Correclty set slapd config backend option even if the pidfile is configured in slapd default file (LP: #292364). * debian/apparmor-profile: support multiple databases to be stored under /var/lib/ldap/. (LP: #286614). -- Mathias Gug Fri, 13 Mar 2009 13:56:12 -0400 openldap (2.4.15-1ubuntu1) jaunty; urgency=low [ Steve Langasek ] * Update priority of libldap-2.4-2 to match the archive override. * Add the missing ldapexop and ldapurl tools to ldap-utils, as well as the ldapurl(1) manpage. Thanks to Peter Marschall for the patch. Closes: #496749. * Bump build-dependency on debhelper to 6 instead of 5, since that's what we're using. Closes: #498116. * Set the default SLAPD_SERVICES to ldap:/// ldapi:///, instead of using the built-in default of ldap:/// only. [ Mathias Gug ] * Merge from debian unstable, remaining changes: - Modify Maintainer value to match the DebianMaintainerField speficication. - AppArmor support: - debian/apparmor-profile: add AppArmor profile - debian/slapd.postinst: Reload AA profile on configuration - updated debian/slapd.README.Debian for note on AppArmor - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6 - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4 to make sure that if earlier version of apparmour-profiles gets installed it won't overwrite our profile. - follow ApparmorProfileMigration and force apparmor compalin mode on some upgrades (LP: #203529) - debian/slapd.dirs: add etc/apparmor.d/force-complain - debian/slapd.preinst: create symlink for force-complain on pre-feisty upgrades, upgrades where apparmor-profiles profile is unchanged (ie non-enforcing) and upgrades where apparmor profile does not exist. - debian/slapd.postrm: remove symlink in force-complain/ on purge - debian/control: - Build-depend on libltdl7-dev rather then libltdl3-dev. - debian/patches/autogen.sh: - Call libtoolize with the --install option to install config.{guess,sub} files. - Don't use local statement in config script as it fails if /bin/sh points to bash (LP: #286063). - Disable the testsuite on hppa. Allows building of packages on this architecture again, once this package is in the archive. LP: #288908. - debian/slapd.postinst, debian/slapd.script-common: set correct ownership and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group readable) and /var/run/slapd (world readable). (LP: #257667). - Enable nssoverlay: - debian/patches/nssov-build, debian/rules: Build and package the nss overlay. - debian/schema/misc.ldif: add ldif file for the misc schema which defines rfc822MailMember (required by the nss overlay). - debian/{control,rules}: enable PIE hardening - Use cn=config as the default configuration backend instead of slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade asking the end user to enter a new password to control the access to the cn=config tree. * Dropped: - debian/patches/corrupt-contextCSN: The contextCSN can get corrupted at times. (ITS: #5947) Fixed in new upstream version 2.4.15. - debian/patches/fix-ucred-libc due to changes how newer glibc handle the ucred struct now. Implemented in Debian. * debian/patches/fix-ldap_back_entry_get_rwa.patch: fix test-0034 failure when built with PIE. * debian/patches/gnutls-enable-v1-ca-certs: Enable V1 CA certs to be trusted (LP: #305264). -- Mathias Gug Fri, 06 Mar 2009 17:34:21 -0500 openldap (2.4.15-1) unstable; urgency=low * New upstream version - Fixes a bug with the pcache overlay not returning cached entries (closes: #497697) - Update evolution-ntlm patch to apply to current Makefiles. - (tentatively) drop gnutls-ciphers, since this bug was reported to be fixed upstream in 2.4.8. The fix applied in 2.4.8 didn't match the patch from the bug report, so this should be watched for regressions. * Build against db4.7 instead of db4.2 at last! Closes: #421946. * Build with --disable-ndb, to avoid a misbuild when libmysqlclient is installed in the build environment. * Add -D_GNU_SOURCE to CFLAGS, apparently required for building with current headers in unstable -- Steve Langasek Tue, 24 Feb 2009 14:27:35 -0800 openldap (2.4.14-0ubuntu1) jaunty; urgency=low [ Steve Langasek ] * New upstream version - Fixes a bug with the pcache overlay not returning cached entries (closes: #497697) - Update evolution-ntlm patch to apply to current Makefiles. - (tentatively) drop gnutls-ciphers, since this bug was reported to be fixed upstream in 2.4.8. The fix applied in 2.4.8 didn't match the patch from the bug report, so this should be watched for regressions. * Build against db4.7 instead of db4.2 at last! Closes: #421946. * Build with --disable-ndb, to avoid a misbuild when libmysqlclient is installed in the build environment. * New patch, no-crlcheck-for-gnutls, to fix a build failure when using --with-tls=gnutls. [ Mathias Gug ] * Merge from debian unstable, remaining changes: - debian/apparmor-profile: add AppArmor profile - debian/slapd.postinst: Reload AA profile on configuration - updated debian/slapd.README.Debian for note on AppArmor - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6 - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4 to make sure that if earlier version of apparmour-profiles gets installed it won't overwrite our profile. - Modify Maintainer value to match the DebianMaintainerField speficication. - follow ApparmorProfileMigration and force apparmor compalin mode on some upgrades (LP: #203529) - debian/slapd.dirs: add etc/apparmor.d/force-complain - debian/slapd.preinst: create symlink for force-complain on pre-feisty upgrades, upgrades where apparmor-profiles profile is unchanged (ie non-enforcing) and upgrades where apparmor profile does not exist. - debian/slapd.postrm: remove symlink in force-complain/ on purge - debian/patches/fix-ucred-libc due to changes how newer glibc handle the ucred struct now. - debian/control: - Build-depend on libltdl7-dev rather then libltdl3-dev. - debian/patches/autogen.sh: - Call libtoolize with the --install option to install config.{guess,sub} files. - Don't use local statement in config script as it fails if /bin/sh points to bash (LP: #286063). - Disable the testsuite on hppa. Allows building of packages on this architecture again, once this package is in the archive. LP: #288908. - debian/slapd.postinst, debian/slapd.script-common: set correct ownership and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group readable) and /var/run/slapd (world readable). (LP: #257667). - debian/patches/nssov-build, debian/rules: Build and package the nss overlay. debian/schema/misc.ldif: add ldif file for the misc schema, which defines rfc822MailMember (required by the nss overlay). - debian/{control,rules}: enable PIE hardening - Use cn=config as the default configuration backend instead of slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade asking the end user to enter a new password to control the access to the cn=config tree. * debian/patches/corrupt-contextCSN: The contextCSN can get corrupted at times. (ITS: #5947) -- Mathias Gug Wed, 18 Feb 2009 18:44:00 -0500 openldap (2.4.11-1) unstable; urgency=low * New upstream version (closes: #499560). - Fixes a crash with syncrepl and delcsn (closes: #491066). - Fix CRL handling with GnuTLS (closes: #498410). - Drop patches no_backend_inter-linking, CVE-2008-2952_BER-decoding-assertion, and gnutls-ssf, applied upstream. [ Russ Allbery ] * New patch, back-perl-init, which updates the calling conventions around initialization and shutdown of the Perl interpreter to match the current perlembed recommendations. Fixes probable hangs on HPPA in back-perl. Thanks, Niko Tyni. (Closes: #495069) [ Steve Langasek ] * Drop the conflict with libldap2, which is not the standard means of handling symbol conflicts in Debian and which causes serious upgrade problems from etch. Closes: #487211. -- Steve Langasek Sat, 11 Oct 2008 01:53:55 -0700 openldap (2.4.11-0ubuntu7) jaunty; urgency=low * Don't use local statement in config script as it fails if /bin/sh points to bash (LP: #286063). -- Mathias Gug Tue, 04 Nov 2008 20:03:46 -0500 openldap (2.4.11-0ubuntu6) intrepid; urgency=low * Disable the testsuite on hppa. Allows building of packages on this architecture again, once this package is in the archive. LP: #288908. -- Matthias Klose Fri, 24 Oct 2008 23:22:33 +0200 openldap (2.4.11-0ubuntu5) intrepid; urgency=low * Don't set admin passwords in ldif files if adminpw is empty. (LP: #273988 - LP: #276606). -- Mathias Gug Mon, 13 Oct 2008 19:31:15 -0400 openldap (2.4.11-0ubuntu4) intrepid; urgency=low * debian/slapd.postinst, debian/slapd.script-common: set correct ownership and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group readable) and /var/run/slapd (world readable). (LP: #257667). * debian/slapd.script-common: - Fix package reconfiguration: + Remove slapd.d/ directory if it already exists when creating a new configuration. + Fix backup directory naming for multiple reconfiguration. -- Mathias Gug Wed, 24 Sep 2008 21:01:42 -0400 openldap (2.4.11-0ubuntu3) intrepid; urgency=low * debian/patches/nssov-build, debian/rules: Build and package the nss overlay. * debian/schema/misc.ldif: add ldif file for the misc schema, which defines rfc822MailMember (required by the nss overlay). -- Mathias Gug Tue, 26 Aug 2008 18:42:54 -0400 openldap (2.4.11-0ubuntu2) intrepid; urgency=low * debian/{control,rules}: enable PIE hardening -- Kees Cook Wed, 20 Aug 2008 15:47:01 -0700 openldap (2.4.11-0ubuntu1) intrepid; urgency=low * New upstream version: - Mainly bug fixes. - New nss slapd overlay (not compiled by default). * Use cn=config as the default configuration backend instead of slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade asking the end user to enter a new password to control the access to the cn=config tree. -- Mathias Gug Mon, 11 Aug 2008 20:26:05 -0400 openldap (2.4.10-3ubuntu1) intrepid; urgency=low [ Mathias Gug ] * Merge from debian unstable, remaining changes: - debian/apparmor-profile: add AppArmor profile - debian/slapd.postinst: Reload AA profile on configuration - updated debian/slapd.README.Debian for note on AppArmor - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6 - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4 to make sure that if earlier version of apparmour-profiles gets installed it won't overwrite our profile. - Modify Maintainer value to match the DebianMaintainerField speficication. - follow ApparmorProfileMigration and force apparmor compalin mode on some upgrades (LP: #203529) - debian/slapd.dirs: add etc/apparmor.d/force-complain - debian/slapd.preinst: create symlink for force-complain on pre-feisty upgrades, upgrades where apparmor-profiles profile is unchanged (ie non-enforcing) and upgrades where apparmor profile does not exist. - debian/slapd.postrm: remove symlink in force-complain/ on purge - debian/patches/fix-ucred-libc due to changes how newer glibc handle the ucred struct now. - debian/patches/fix-unique-overlay-assertion.patch: Fix another assertion error in unique overlay (LP: #243337). Backport from head. * Dropped - implemented in Debian: - debian/patches/fix-gnutls-key-strength.patch: Fix slapd handling of ssf using gnutls. (LP: #244925). - debian/control: Add time as build dependency: needed by make test. * debian/control: - Build-depend on libltdl7-dev rather then libltdl3-dev. * debian/patches/autogen.sh: - Call libtoolize with the --install option to install config.{guess,sub} files. [ Jamie Strandboge ] * adjust apparmor profile to allow gssapi (LP: #229252) * adjust apparmor profile to allow cnconfig (LP: #243525) -- Mathias Gug Wed, 30 Jul 2008 19:46:02 -0400 openldap (2.4.10-3) unstable; urgency=low [ Steve Langasek ] * New patch, CVE-2008-2952_BER-decoding-assertion, to fix a remote DoS vulnerability in the BER decoder. Addresses CVE-2008-2952, closes: #488710. * debian/slapd.scripts-common, debian/slapd.postinst: drop update_path_argsfile_pidfile function, not needed for updates from etch or newer. * Drop the code to check for and upgrade ldbm databases. The etch release of slapd had already dropped support for them and direct upgrades from sarge are not supported. [ Russ Allbery ] * Apply upstream patch to convert GnuTLS cipher strength from bytes to bits, as expected by OpenLDAP. (Closes: #473796) * Add Build-Depends on time, used by the test suite and only a shell built-in with bash. Thanks, Daniel Schepler. (Closes: #490754) * Refresh all patches, convert all patches to -p1, and remove extraneous Index: lines. (Closes: #485263) * Unless DFSG_NONFREE is set, also check whether the upstream schemas with RFC comments are included. * Update standards version to 3.8.0. - Include debian/README.source pointing to the quilt README.source. - Wrap Uploaders for readability. * Wrap slapd's Depends for readability. [ Updated debconf translations ] * Swedish, thanks to Martin Ågren . Closes: #492748. -- Steve Langasek Mon, 28 Jul 2008 15:26:06 -0700 openldap (2.4.10-2ubuntu1) intrepid; urgency=low * Merge from debian unstable, remaining changes: - debian/apparmor-profile: add AppArmor profile - debian/slapd.postinst: Reload AA profile on configuration - updated debian/slapd.README.Debian for note on AppArmor - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6 - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4 to make sure that if earlier version of apparmour-profiles gets installed it won't overwrite our profile. - Modify Maintainer value to match the DebianMaintainerField speficication. - follow ApparmorProfileMigration and force apparmor compalin mode on some upgrades (LP: #203529) - debian/slapd.dirs: add etc/apparmor.d/force-complain - debian/slapd.preinst: create symlink for force-complain on pre-feisty upgrades, upgrades where apparmor-profiles profile is unchanged (ie non-enforcing) and upgrades where apparmor profile does not exist. - debian/slapd.postrm: remove symlink in force-complain/ on purge - debian/patches/fix-ucred-libc due to changes how newer glibc handle the ucred struct now. - debian/patches/fix-unique-overlay-assertion.patch: Fix another assertion error in unique overlay (LP: #243337). Backport from head. - debian/patches/fix-gnutls-key-strength.patch: Fix slapd handling of ssf using gnutls. (LP: #244925). - debian/control: Add time as build dependency: needed by make test. * Dropped - implemented in Debian: - debian/rules: Support debuild nocheck option: don't run tests if nocheck is set. -- Mathias Gug Thu, 10 Jul 2008 14:45:49 -0400 openldap (2.4.10-2) unstable; urgency=low * Support DEB_BUILD_OPTIONS=nocheck to disable running the test suite at build time * Hack around glibc behavior when resolving localhost, by exporting RESOLV_MULTI=off when invoking the test suite * Reclaim the 'openldap' source package name; openldap2.3 has been a misnomer for some time, causing undue confusion, so switch to a permanent source package name that we won't need to change again later. - Along the way, kill off non-DFSG-compliant schema files that snuck back into the archive due to my bad merge of 2.4.10. -- Steve Langasek Sun, 06 Jul 2008 22:03:32 -0700 openldap2.3 (2.4.10-1ubuntu1) intrepid; urgency=low * Merge from debian unstable, remaining changes: - debian/apparmor-profile: add AppArmor profile - debian/slapd.postinst: Reload AA profile on configuration - updated debian/slapd.README.Debian for note on AppArmor - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6 - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4 to make sure that if earlier version of apparmour-profiles gets installed it won't overwrite our profile. - Modify Maintainer value to match the DebianMaintainerField speficication. - follow ApparmorProfileMigration and force apparmor compalin mode on some upgrades (LP: #203529) - debian/slapd.dirs: add etc/apparmor.d/force-complain - debian/slapd.preinst: create symlink for force-complain on pre-feisty upgrades, upgrades where apparmor-profiles profile is unchanged (ie non-enforcing) and upgrades where apparmor profile does not exist. - debian/slapd.postrm: remove symlink in force-complain/ on purge - debian/patches/fix-ucred-libc due to changes how newer glibc handle the ucred struct now. - debian/patches/fix-unique-overlay-assertion.patch: Fix another assertion error in unique overlay (LP: #243337). Backport from head. * debian/control: - add time as build dependency: needed by make test. * debian/rules: - support debuild nocheck option: don't run tests if nocheck is set. * debian/patches/fix-gnutls-key-strength.patch: - fix slapd handling of ssf using gnutls. (LP: #244925). * Dropped - accepted in Debian: - debian/rules, debian/slapd.links: use hard links to slapd instead of symlinks for slap* so these applications aren't confined by apparmor (LP: #203898) * Dropped - fixed in new upstream release: - debian/patches/fix-assertion-io.patch: Fixes ber_flush2 assertion. (LP: #215904) - debian/patches/fix-dnpretty-assertion.patch: Fix dnPrettyNormal assertion error. (LP: #234196) - dropped debian/patches/fix-notify-crasher.patch: Fix modify timestamp crashes. (LP: #220724) - debian/patches/fix-syncrepl-oops: Fixes segmentation fault when using syncrepl. (LP: #227178) - dropped debian/patches/SECURITY_CVE-2008-0658.patch. Already applied upstream. -- Mathias Gug Thu, 03 Jul 2008 14:15:08 -0400 openldap2.3 (2.4.10-1) unstable; urgency=low [ Steve Langasek ] * New upstream release. - Clean up ld_defconn if it was freed, fixing an assertion failure in various clients. Closes: #469232. - Fixes slapd syncrepl hang on back-config. Closes: #471253. - Drop patch hurd-path-max, integrated upstream. * Drop spurious build-dependency on heimdal-dev, introduced accidentally as part of an aborted attempt to build the smbk5pwd overlay. * Use hardlinks instead of symlinks for the various slap* commands; this is functionally equivalent for us, and reduces divergence from derivatives such as Ubuntu that use apparmor. Closes: #488409. * New patch, no_backend_inter-linking, to fix the meta backend to not try to look up symbols in external objects (back_ldap) that it doesn't link against. * Turn on 'make test' during builds, now that back_meta is fixed. [ Matthijs Mohlmann ] * All manpages in category 5 were missing, wrong directory. (Closes: #474976, #483631, #483633) -- Steve Langasek Mon, 30 Jun 2008 04:28:34 -0700 openldap2.3 (2.4.9-1ubuntu4) intrepid; urgency=low * debian/patches/fix-unique-overlay-assertion.patch: - Fix another assertion error in unique overlay, backported from head. (LP: #243337) Note: This patch will still be needed when moved to 2.4.10 -- Chuck Short Mon, 30 Jun 2008 18:49:52 +0000 openldap2.3 (2.4.9-1ubuntu3) intrepid; urgency=low * Drop spurious dependency on hiemdal-dev. Caused by an aborted attempt to include the smbk5pwd overlay. -- Chuck Short Wed, 11 Jun 2008 21:25:40 +0000 openldap2.3 (2.4.9-1ubuntu2) intrepid; urgency=low * Rebuild for perl 5.10 transition (LP: #230016) * debian/patches/fix-syncrepl-oops: Fixes segmentation fault when using syncrepl. (LP: #227178) -- Chuck Short Mon, 09 Jun 2008 14:56:40 +0000 openldap2.3 (2.4.9-1ubuntu1) intrepid; urgency=low * Merge from debian unstable, remaining changes: - debian/apparmor-profile: add AppArmor profile - debian/slapd.postinst: Reload AA profile on configuration - updated debian/slapd.README.Debian for note on AppArmor - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6 - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4 to make sure that if earlier version of apparmour-profiles gets installed it won't overwrite our profile. - Modify Maintainer value to match the DebianMaintainerField speficication. - follow ApparmorProfileMigration and force apparmor compalin mode on some upgrades (LP: #203529) - debian/slapd.dirs: add etc/apparmor.d/force-complain - debian/slapd.preinst: create symlink for force-complain on pre-feisty upgrades, upgrades where apparmor-profiles profile is unchanged (ie non-enforcing) and upgrades where apparmor profile does not exist. - debian/slapd.postrm: remove symlink in force-complain/ on purge - debian/rules, debian/slapd.links: use hard links to slapd instead of symlinks for slap* so these applications aren't confined by apparmor (LP: #203898) - debian/patches/fix-assertion-io.patch: Fixes ber_flush2 assertion. (LP: #215904) - debian/patches/fix-dnpretty-assertion.patch: Fix dnPrettyNormal assertion error. (LP: #234196) - dropped debian/patches/fix-notify-crasher.patch: Fix modify timestamp crashes. (LP: #220724) - dropped debian/patches/SECURITY_CVE-2008-0658.patch. Already applied upstream. * Added debian/patches/fix-ucred-libc due to changes how newer glibc handle the ucred struct now. -- Chuck Short Fri, 30 May 2008 17:09:53 +0100 openldap2.3 (2.4.9-1) unstable; urgency=low [ Updated debconf translations ] * French, thanks to Christian Perrier . Closes: #471792. * Finnish, thanks to Esko Arajärvi . Closes: #475238. * Czech, thanks to Miroslav Kure . Closes: #480138. * Basque, thanks to Piarres Beobide . Closes: #480177. * Vietnamese, thanks to Clytie Siddall . Closes: #480181. * Galician, thanks to Jacobo Tarrio . Closes: #480218. * Japanese, thanks to Kenshi Muto . Closes: #480247. * Italian, thanks to Luca Monducci . (Closes: #477718) * Brazilian Portuguese, thanks to Eder L. Marques (Closes: #480172) * Portuguese, thanks to Tiago Fernandes (Closes: #481126) * Russian, thanks to Yuri Kozlov (Closes: #481214) * Dutch, thanks to "cobaco (aka Bart Cornelis)" . Closes: #483014. [ Matthijs Mohlmann ] * New upstream release. - Bad entryUUID no longer crashes slapd. (Closes: #471867) - Fix assertion failure in some modify operations. (Closes: #474161) - Mention index in slapd.conf's man page. (Closes: #414650) - Fixes to slapd include handling. (Closes: #457261) - Fix syncrepl cookie truncation. (Closes: #464024) - Fix memory allocation in ldap_parse_page_control. (Closes: #464877) - Fix slapd crash when accessed by multiple threads. (Closes: #479237) * Acknowledge NMU. (Closes: #474976, #471225, #475856, #474652, #465875) * Bump Standards-Version to 3.7.3 * Add versioned build dependency on libgnutls-dev (Closes: #466558) * Bump debhelper compat level to 6. [ Russ Allbery ] * Use MAXPATHLEN rather than PATH_MAX, since OpenLDAP defines the former and the latter isn't defined on GNU Hurd. Thanks, Samuel Thibault. (Closes: #475744) -- Matthijs Mohlmann Mon, 26 May 2008 22:34:16 +0200 openldap2.3 (2.4.7-6.3) unstable; urgency=low * Non-maintainer upload. * Install all slapd relevant manpages into slapd package. (closes: #474976) * Make libldap-2.4-2 conflict against libldap2. (closes: #475856) -- Bastian Blank Tue, 29 Apr 2008 18:00:23 +0200 openldap2.3 (2.4.7-6.2) unstable; urgency=low * Non-maintainer upload to solve release goal issues. * Add LSB dependency header to init.d scripts (Closes: #474652) -- Petter Reinholdtsen Wed, 16 Apr 2008 08:04:49 +0200 openldap2.3 (2.4.7-6.1) unstable; urgency=high * Non-maintainer upload by security team. * Fix possible remote denial of service vulnerability in the BDB backend via a modrdn operation with a NOOP control (CVE-2008-0658; Closes: #465875). -- Nico Golde Tue, 04 Mar 2008 14:34:44 +0100 openldap2.3 (2.4.7-6ubuntu3) hardy; urgency=low * remove apparmor-profile workaround for Launchpad #202161 (it's now fixed in klibc) -- Jamie Strandboge Mon, 07 Apr 2008 16:09:38 -0400 openldap2.3 (2.4.7-6ubuntu2) hardy; urgency=low * apparmor-profile workaround for Launchpad #202161 * follow ApparmorProfileMigration and force apparmor complain mode on some upgrades (LP: #203529) - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6 - debian/slapd.dirs: add etc/apparmor.d/force-complain - debian/slapd.preinst: create symlink for force-complain/ on pre-feisty upgrades, upgrades where apparmor-profiles profile is unchanged (ie non-enforcing) and upgrades where apparmor profile does not exist - debian/slapd.postrm: remove symlink in force-complain/ on purge * debian/rules, debian/slapd.links: use hard links to slapd instead of symlinks for slap* so these applications aren't confined by apparmor (LP: #203898) -- Jamie Strandboge Tue, 18 Mar 2008 13:53:23 -0400 openldap2.3 (2.4.7-6ubuntu1) hardy; urgency=low * Merge from Debian unstable, remaining changes: + debian/patches/SECURITY_CVE-2008-0658.patch (LP: #197077) slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39 allows remote authenticated users to cause a denial of service (daemon crash) via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION) control, a related issue to CVE-2007-6698. + debian/apparmor-profile: add AppArmor profile + debian/slapd.postinst: Reload AA profile on configuration + updated debian/slapd.README.Debian for note on AppArmor + debian/control: Replaces apparmor-profiles << 2.1+1075-0ubuntu4 as we should now take control + debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4 to make sure that if earlier version of apparmor-profiles gets installed it won't overwrite our profile + Modify Maintainer value to match the DebianMaintainerField specification. -- Steve Langasek Tue, 04 Mar 2008 01:59:51 +0000 openldap2.3 (2.4.7-6) unstable; urgency=low [ Updated debconf translations ] * Dutch, thanks to Bart Cornelis . Closes: #452950. * Brazilian Portuguese, thanks to Eder L. Marques . Closes: #463460. * German, thanks to Helge Kreutzmann . Closes: #465784. [ Steve Langasek ] * Relax build-dependency on libsasl2-dev now that the versioned dependency is satisfied by all extant versions (including in oldstable), fixing a lintian warning about versioned build-deps on Debian revisions. * Avoid using a mutex around getaddrinfo() and getnameinfo() calls, which are guaranteed by glibc to be threadsafe; this fixes a deadlock when using nss_ldap for host lookups. Closes: #340601. * debian/libldap2-dev.manpages: install all of man3/* instead of enumerating specific manpages to install. Closes: #320073. * Add new patch, sasl-cleartext-strncasecmp, to correct a regression that prevented the use of the {CLEARTEXT} password scheme with SASL. Closes LP: #191563. * drop LGPL from debian/copyright; there is no longer any code under this license in the package. * Drop patch gnutls-altname-nulterminated; it's been determined that the "length" discrepancy was a bug in gnutls, and fixed in that package. * debian/configure.options: explicitly pass --with-odbc=unixodbc, so that we depend on the right ODBC implementation when both happen to be installed at build time. [ Russ Allbery ] * Add a stamp file for the configure rule to avoid rerunning configure needlessly. Closes: #465588. * Don't create the openldap user if slapd has been configured to run as a different user. If slapd has been configured to run as openldap, do create the user on reconfigure. Closes: #452438. * Reformat, reorganize, and update slapd's README.Debian. - Include SASL configuration information. - Remove LDBM information, since upstream no longer even ships LDBM and the debconf prompting and maintainer scripts already take care of any lingering databases. - Document the differences between the Debian OpenLDAP packages and upstream. -- Steve Langasek Thu, 28 Feb 2008 22:15:17 -0800 openldap2.3 (2.4.7-5ubuntu2) hardy; urgency=low * SECURITY UPDATE: + debian/patches/SECURITY_CVE-2008-0658.patch (LP: #197077) slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39 allows remote authenticated users to cause a denial of service (daemon crash) via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION) control, a related issue to CVE-2007-6698. * References - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-0658 - http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5358 -- Emanuele Gentili Sun, 02 Mar 2008 16:34:30 +0100 openldap2.3 (2.4.7-5ubuntu1) hardy; urgency=low * add AppArmor profile + debian/apparmor-profile + debian/slapd.postinst: Reload AA profile on configuration * updated debian/slapd.README.Debian for note on AppArmor * debian/control: Replaces apparmor-profiles << 2.1+1075-0ubuntu4 as we should now take control * debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4 to make sure that if earlier version of apparmor-profiles gets installed it won't overwrite our profile * Modify Maintainer value to match the DebianMaintainerField specification. -- Jamie Strandboge Wed, 13 Feb 2008 17:15:41 +0000 openldap2.3 (2.4.7-5) unstable; urgency=low [ Updated debconf translations ] * Finnish, thanks to Esko Arajärvi . Closes: #462688. * Galician, thanks to Jacobo Tarrio . Closes: #462987. * French, thanks to Christian Perrier . Closes: #463149. * Russian, thanks to Yuri Kozlov . Closes: #463442. * Czech, thanks to Miroslav Kure . Closes: #463472. * German, thanks to Helge Kreutzmann . Closes: #464718. [ Steve Langasek ] * Fix various regressions related to the introduction of GnuTLS: - Add new patch, gnutls-ciphers, to fix support for specifying multiple ciphers with TLSCipherSuite option in slapd.conf. Thanks to Kyle Moffett for the patch. Closes LP: #188200. - Add new patch, slapd-tlsverifyclient-default, to set the intended default value of "TLSVerifyClient never" in the right place. - Add new patch, gnutls-altname-nulterminated, to account for differences in how the "length" is returned for commonName vs. subjectAltName. - Comment out TLSCipherSuite settings on upgrade from all versions prior to 2.4.7-5, and throw a debconf error to the user notifying them of this, since all OpenSSL cipher suite values are incompatible with GnuTLS. Closes: #462588. * Add new patch from upstream, entryCSN-backwards-compatibility, to support auto-converting entryCSN attributes in a previously supported old format, fixing an upgrade failure. Closes: #462099. * Use --retry TERM/10 instead of --retry 10 when stopping slapd, since the latter resorts to a SIGKILL and may corrupt backend data; whereas the former will exit non-zero if slapd is still running but won't directly cause data-loss. Thanks to Mark McDonald for the patch. LP: #92139. * Fix manpage symlinks in libldap2-dev; thanks to Reuben Thomas for reporting. Closes: #463971. * Fix a superfluous space in the debconf templates, due to a trailing space in the templates. Closes: #464719. -- Steve Langasek Sat, 09 Feb 2008 14:25:55 -0800 openldap2.3 (2.4.7-4) unstable; urgency=high [ Steve Langasek ] * Build-conflict with libicu-dev, for consistent dependencies in all build environments. * Fix an oversight in the checkpoint migration, which caused the checkpoint option to not be moved far enough down. Closes: #462304, LP: #185257. * Build-depend on unixodbc instead of iODBC. [ Updated debconf translations ] * Japanese, thanks to Kenshi Muto . Closes: #462191. -- Steve Langasek Fri, 25 Jan 2008 02:17:23 -0800 openldap2.3 (2.4.7-3) unstable; urgency=low * Add missing build-dependency on groff-base, to allow use of soelim during build. -- Steve Langasek Mon, 21 Jan 2008 15:18:27 -0800 openldap2.3 (2.4.7-2) unstable; urgency=low * Temporarily drop slapi-dev from the package to get through NEW; this functionality should be readded later, either by restoring the slapi-dev package or by moving it to libldap2-dev, depending on the outcome of discussion with the ftp-masters. -- Steve Langasek Mon, 21 Jan 2008 06:13:21 -0800 openldap2.3 (2.4.7-1) unstable; urgency=low [ Steve Langasek ] * New upstream version; closes: #449354. - remove another schema from upstream source, collective.schema, that contains text from the IETF RFCs and include a stripped copy in debian/schema. - drop patches slurpd-in-spool and man-slurpd, since slurpd is no longer provided upstream. - libldap2.3-0 is now libldap2.4-2 - build libldap2-dev from this source package now, superseding openldap2; closes: #428385, #260118, #262539, #391899, #393215. - lastmod and denyop have been moved to contrib upstream and are no longer shipped as supported overlays - drop dependency on libldap2 and take ownership of the /etc/ldap/ldap.conf conffile, since libldap2 is now obsolete - need to dump and reload databases again for the upgrade from 2.3.39. - ldap_init(3) no longer attempts to document the internals of the LDAP opaque type. Closes: #320072. - ldap-utils utilities find LDAP servers via SRV records when given a URL with -H and no host in the URL. Closes: #221173. - if the old slapd.conf included any replica commands, automatically enable syncprov for the corresponding database and print an error with debconf. * slapd.conf and DB_CONFIG are used in the postinst, they shouldn't be shipped under doc/examples because /usr/share/doc can't be depended on per policy; ship the files under /usr/share/slapd and symlink the /other/ way, which also spares us from dh_compress trying to gzip slapd.conf. Closes: #452749. * Drop libldap.so as was done for libldap2, making it a link to libldap_r.so to avoid unfortunate symbol collisions. * Add new patch, libldap-symbol-versions, to build libldap and liblber with symbol versions; needed to avoid segfaults when applications manage to pull both libldap2 and the new libldap-2.4-2 into the same process (as during a partial upgrade or the initial soname transition), and also when the library soname changes again in the future (as it's likely to do). * Reintroduce add-autogen-sh patch, with build deps on libtool, automake, and autoconf, required due to the previous patch; this time around, take care to clean up the autogenerated files in the clean target as well * Build-depend on libgnutls-dev instead of on libssl-dev, so that at long last we can build the server and lib from the same source package again without licensing problems. Closes: #457182, #407334, #428468, #381788. Closes: #412706. * slapd.prerm, slapd.postinst: drop no-longer-needed upgrade code for openldap < 2.1.22 * Ask about ldbm to bdb migration in the preinst, since there is no guarantee that the debconf config script will be run before the unpack phase. * Don't stop slapd in the preinst by hand, the prerm already stops the old slapd using the standard interfaces. * Don't build with LAN Manager password support; these passwords are more insecure than traditional Unix crypt, and only relevant when talking to Windows 98. * Move libslapi into the slapd package and provide a virtual package for library dependencies, since this is expected to stay lockstep with the server. * Split slapi dev support into a new libslapi-dev package, as this is unrelated to libldap; and drop libslapi.a since it would be insane to try to statically link a dynamically-loaded slapi plugin. * "checkpoint" directives are no longer supported as part of the backend config, only as part of the database config; move the lines around in slapd.conf on upgrade. * "schemacheck" directives are no longer supported; comment them out on upgrade since this option was set by default in sarge. * Package description updates; thanks to Christian Perrier and the Smith review project for these improvements. * Incorporate debconf template changes suggested by the debian-l10n-english team as part of the Smith review project. Closes: #447224. [ Russ Allbery ] * Removed fix_ldif and all remaining code to try running it on LDIF dumps. Schema checking has been imposed since 2.1 and it's highly unlikely that anyone still needs this. * Move the checkpoint directive in the default slapd.conf below the database and suffix directives for the primary database. This is now required for OpenLDAP 2.4. * Create /etc/ldap/slapd.conf owned by the openldap group and mode 640 by default so that slapindex and friends can read it when run as the openldap user. Fix permissions on upgrade if slapd.conf is owned by root and mode 600. Closes: #432662. * Drop slapd patch to read slapd.conf before dropping privileges, since slapd.conf should now be readable by SLAPD_GROUP. * If SLAPD_CONF is set to a directory in /etc/default/slapd, assume the cn=config backend is used and start slapd with the appropriate options. Based on a patch from Mike Burr. Closes: #411413. * Rework slapd's README.Debian: - Document the BerkeleyDB version. Closes: #438127. - Document how to direct slapd's logs to another file. Closes: #258931. - Remove obsolete information about TLS/SSL and OpenLDAP 2.0 upgrades. - Recommend HDB instead of BDB. - Generally reformat and reorganize. * Patch cleanup: - Combine the NTLM patches for Evolution into a single patch. - Add explanatory comments to every patch. - Refresh all patches to remove diff garbage and trailing whitespace. * debian/rules cleanup: - Fix patch dependencies for parallel build (hopefully). - Tell configure the system type. - Rewrite upstream_strip_nondfsg.sh as a get-orig-source target. - Remove stamp files as the first step of the clean target. - Add trivial build-arch and build-indep targets. - Remove dead code and unnecessary comments. * Remove postrm code to delete /var/lib/slapd/upgrade* flag files. We haven't used those since the 2.1 upgrade. * Update Vcs-* headers for new repository layout. * Remove versioned dependency on an ancient dpkg-dev. * Wrap and reorder Build-Depends for readability. [ Updated debconf translations ] * Czech, thanks to Miroslav Kure . Closes: #458215. * German, thanks to Helge Kreutzmann . Closes: #452833. * Spanish * Finnish, thanks to Esko Arajärvi . Closes: #448061. * French, thanks to Christian Perrier . Closes: #452632. * Galician, thanks to Jacobo Tarrio . Closes: #451158. * Italian, thanks to Luca Monducci . Closes: #449442. * Japanese, thanks to Kenshi Muto . Closes: #451325. * Dutch, thanks to Bart Cornelis . Closes: #448935. * Brazilian Portuguese * Portuguese, thanks to Tiago Fernandes . Closes: #453341. * Russian, thanks to Yuri Kozlov . Closes: #453318. * Vietnamese, thanks to Clytie Siddall . Closes: #453411. -- Steve Langasek Mon, 21 Jan 2008 04:58:24 -0800 openldap2.3 (2.3.39-1) unstable; urgency=medium * Medium severity due to denial of service fix. * New upstream release. - CVE-2007-5708: Fix remote denial of service attack in slapo-pcache (the overlay for proxy caching). (Closes: #448644) - Multiple additional more minor bug fixes. * Document in the default slapd.conf that dbconfig options only generate the DB_CONFIG file on first slapd start and have no effect afterwards unless DB_CONFIG is removed. (Closes: #442191) * Inline the checkpoint and BerkeleyDB backend settings in the default slapd.conf rather than generating them dynamically in postinst. All the allowable default database choices are now BerekelyDB variants and will probably continue to be so for the forseeable future, and this is easier to maintain. * Drop debconf questions, warnings, and maintainer script functions dealing with upgrades from OpenLDAP 2.1, which is now too hold for supported direct upgrades. (Closes: #444806) * Add a watch file. Thanks, Fernando Ribeiro. (Closes: #435290) * Add Homepage, Vcs-Svn, and Vcs-Browser control fields. -- Russ Allbery Mon, 12 Nov 2007 16:00:47 -0800 openldap2.3 (2.3.38-1) unstable; urgency=low [ Steve Langasek ] * Drop debian/patches/use-lpthread, which is no longer needed on mips* because gcc has been fixed. * Drop debian/patches/add-autogen-sh, also no longer needed now that the above patch is gone. [ Matthijs Mohlmann ] * Fix bashism in initscript. (Closes: #428883) * Drop upstream patches ITS4924, ITS4925 and ITS4966. * Add patch for objectClasses which causes slapd to crash. (Closes: #440632) - CVE-2007-5707. - Upstream bug ITS5119. * Change default loglevel to none, to log high priority messages. (Closes: #442000) * Tighten up the build dependencies, now that autogen patch is removed. -- Matthijs Mohlmann Mon, 17 Sep 2007 22:58:54 +0200 openldap2.3 (2.3.35-2) unstable; urgency=low * Enable LAN Manager password support in slapd. (Closes: #245341) * If automatic configuration is selected and slapd.conf doesn't exist during an upgrade, treat this as a fresh installation rather than aborting with an error. Also try to provide a better error message if the user has deleted /etc/ldap/schema but we just generated a new configuration that references it. These cases can occur if someone removes (rather than purges) the package, manually deletes /etc/ldap, and then reinstalls. (Closes: #205010) * Don't fail in slapd's postrm if /etc/ldap/schema has already been deleted. * Remove slapd conflicts with libbind-dev and bind-dev. There no longer appears to be anything in those packages that would break slapd's resolver. (Closes: #225896) * Add libldap-2.3-0-dbg and slapd-dbg packages with detached debugging information. * db_recover is no longer required after changing DB_CONFIG; slapd now detects changes itself and does the right thing. Also note in README.DB_CONFIG the existence of the dbconfig slapd.conf parameter and slapd's DB_CONFIG writing support. (Closes: #412575) * Add options to /etc/default/slapd to let the system administrator tell the init script to not start slapd on boot. (Closes: #254999) * Redirect fd 3 to /dev/null in the slapd init script for additional robustness when debconf is running. (Closes: #227482) * Add to /etc/default/slapd a commented-out example of how to change the keytab file used for GSSAPI authentication. (Closes: #412017) * Use variables in /etc/init.d/slapd for the paths to slapd and slurpd so that someone who really wants to can override them in /etc/default/slapd. (Closes: #403948) * Allow people building packages for outside Debian to skip the checks for non-DFSG-free material by setting a variable. Thanks, Peter Marschall. (Closes: #427245) * Remove duplicate libldap-2.3-0 dependencies. (Closes: #408987) * Use binary:Version instead of Source-Version for the tight dependencies between slapd and ldap-utils and libldap-2.3-0. -- Russ Allbery Mon, 11 Jun 2007 20:26:26 -0700 openldap2.3 (2.3.35-1) unstable; urgency=low * New upstream release with many bug fixes. - Allow syncprov to follow aliases. (Closes: #422087) * Apply upstream patches: - ITS#4924: client crash on incorrectly tagged result from server. - ITS#4925: NOOP modify with BDB backend crashed slapd. - ITS#4966: Delete of valsort-controlled entries crashed slapd. * Enable SLAPI support. (Closes: #390954) * Re-enable use of the epoll system call since Debian no longer supports 2.4 kernels. This means that the OpenLDAP packages will not work on pre-2.6 kernels. * Remove schema files that contain text from IETF RFCs from the upstream source since that text is not DFSG-free. Instead, install stripped versions of those schema files containing only the functional interface specifications, a comment explaining why this is needed, and a pointer to the relevant RFC. (Closes: #361846) * Document the repackaging of the upstream source in debian/copyright. * Update config.guess and config.sub during the build instead of in the clean target and remove them in the clean target for a clean diff. Build-depend on autotools-dev so that we can unconditionally copy over the latest versions. * Added commentary and upstream ITS numbers for several patches applicable upstream. * Use debian/compat rather than the deprecated DH_COMPAT rules setting. * Update to debhelper compatibility level V5 (no changes required). -- Russ Allbery Wed, 30 May 2007 22:42:28 -0700 openldap2.3 (2.3.30-5) unstable; urgency=low [ Steve Langasek ] * Add Portuguese debconf translation; thanks to Tiago Fernandes. Closes: #409632. * Re-add .la files to the slapd package, for greater compatibility with upstream documentation. [ Russ Allbery ] * When starting slapd, create a symlink from /var/run/ldapi to /var/run/slapd/ldapi for compatibility with 2.1 client libraries. Closes: #385809. * Apply upstream patch to prevent a race condition in slapd when shutting down connections. * Update the Brazilian Portuguese debconf translation; thanks to Felipe Augusto van de Wiel. -- Russ Allbery Thu, 8 Mar 2007 18:21:02 -0800 openldap2.3 (2.3.30-4) unstable; urgency=low * Ok, argh, it helps to check that the function being re-added to the preinst hasn't been removed again from the common include. Re-add break_on_ldbm_to_bdb_migration_disagree, because by all appearances we /should/ be using this in the preinst. Closes: #411474. -- Steve Langasek Mon, 19 Feb 2007 03:55:22 -0800 openldap2.3 (2.3.30-3) unstable; urgency=medium [ Matthijs Mohlmann ] * Added spanish translation. (Closes: #404250) * Documentation updates backported from upstream. * Fix a security bug in kerberos kbind code. (Only used when enabling with --enable-kbind option) But better safe then sorry. * Backported a mem leak fix on failed binds. * Added patch from upstream that fixes a memory leak in ACLs that use sets. [ Steve Langasek ] * *Really* abort in preinst if the user doesn't accept the upgrade from ldbm to bdb. Closes: #392747. * Set the name of debian/slapd.NEWS right so that it gets installed in the binary package. Closes: #409923. * Add Russian debconf translation; thanks to Yuri Kozlov. Closes: #405706. * Add Galician debconf translation; thanks to Jacobo Tarrio. Closes: #407267. -- Steve Langasek Sun, 18 Feb 2007 16:47:16 -0800 openldap2.3 (2.3.30-2) unstable; urgency=low * Make sure that the pidfile directory doesn't exist in the init script. (Closes: #402705) -- Matthijs Mohlmann Tue, 12 Dec 2006 21:34:44 +0100 openldap2.3 (2.3.30-1) unstable; urgency=low * New upstream release. - Fixed authzTo/authzFrom URL matching. - Fixed syncrepl consumer memory leaks. - Fixed slapd-hdb livelock. - Fixed slapo-ppolicy external quality check. - Fixed ldapsearch(1) man page acknowledgement. * Added patch to make sure that the pidfile directory exists. (Closes: #390337) * Do not ask the question allow ldap v2 logins when user wants manual configuration. (Closes: #401003) * Add patch to look also in /etc/ldap/sasl2 for sasl configuration. (Closes: #398657) * Removed db4.2-util recommend, the slapd binary includes checking code to fix DB errors. * Updated README in schema directory. It doesn't list collective.schema anymore. (Closes: #287358) * Updated manpages to point to right paths. (Closes: #398790) -- Matthijs Mohlmann Sat, 9 Dec 2006 20:50:58 +0100 openldap2.3 (2.3.29-1) unstable; urgency=medium [ Matthijs Mohlmann ] * New upstream release. - Fixes Denial of Service through a certain combination of LDAP BIND requests (CVE-2006-5779) (Closes: #397673) * LSB section added to the init script. * Updated README.Debian about running as non-root user (Closes: #389369) * Updated de translation (Closes: #396096) * Added some documentation / warning when running slapindex as root. * Remove drafts and rfc from the tarball. (Closes: #393404) -- Matthijs Mohlmann Sat, 11 Nov 2006 11:24:42 +0100 openldap2.3 (2.3.27-1) unstable; urgency=low [ Matthijs Mohlmann ] * New upstream release. * pidfile location is changed 3 years ago, when people are upgrading from back then they have a broken slapd because the openldap user is not able to write to /var/run. (Closes: #380687) * Patches by Quanah Gibson-Mount - Fix one time memleak on startup in the accesslog db. * Changed priority of libldap-2.3-0 to optional as it is only used by slapd. [ Torsten Landschoff ] * Remove RFC documents as they do not meet the DFSG. + debian/rules: Check that the RFCs are gone to make sure it does not get included again by accident. -- Matthijs Mohlmann Sat, 2 Sep 2006 00:33:44 +0200 openldap2.3 (2.3.25-1) unstable; urgency=low [ Matthijs Mohlmann ] * New upstream release: - Accepts 'require none' in slapd.conf (closes: #370023). - Added patch to fix a bold issue in the manpage ldapsearch. Thanks to Matt Kraai. (Closes: #355670) * Added commented out rootdn parameter in slapd.conf. (Closes: #303245) * Make the scripts output a bit more consistent. * Fix a regression in the slapd packages. Data directory is /var/lib/ldap and not /var/openldap-data, also adjust the manpages to reflect these change. Thanks to Peter Marschall. (Closes: #368891) * Removed script move_files, dh_install is used instead. (Closes: #368896) * Dutch translation already updated. Closes: #375101) * Documented that slapd is compiled with TCP wrappers (Closes: #351428) * dpkg-reconfigure slapd now just reinstalls slapd and moves old databases to /var/backups. Already done in previous version (Closes: #230366, #208056) [ Torsten Landschoff ] * debian/libldap-2.3-0.install: Ignore version information when installing libraries. This way it does not need updating for each new upstream release. -- Matthijs Mohlmann Wed, 26 Jul 2006 18:05:40 +0200 openldap2.3 (2.3.24-2) unstable; urgency=low * Switch slapd from running as root to running as user. (Closes: #292845, #261696) * Changing configuration in slapd.conf by the postinst will now also follow includes. (Closes: #304488) * Patches by Quanah Gibson-Mount - fix a lock bug with a virtual root entry in the BDB backend. - fix boolean logic in the overlays. - fix that slurpd can use ldaps. - fix initialization of auditdb. - fix TLS concurrency issues. - fix exop password change that didn't reset pwdMustChange. - fix syncrepl that fails when no rootdn is defined. * Add dependency on adduser. * Specify the PATH variable in the init script. (Closes: #367981) * Added patch to read config before dropping privileges. * epoll(4) system call is missing on kernels <2.6, this causes slapd to not work on 2.4 kernels. Added patch that remove the #define in portable.in (Closes: #369352, #372194, #373233) * In 2.3.24 slapd won't segfault if the moduleload directive appears somewhere else. (Closes: #349011) * Removed fileutils dependency, it's superseeded in Sarge already. (Closes: #370013) * Use find in combination with mv to move an old directory away. (Closes: #306435) * Updated Dutch debconf translation (Closes: #365172) * Added an example backup script that can be put into cron (Closes: #319477) * Make the db directories 0700. On new installations this is the default. (Closes: #354450) * Get rid of a '.' in front of a domain. (Closes: #318143) * Added shadowLastChange to the ACL in the default slapd.conf (Closes: #370550) * Updated Japanese translation (Closes: #378565) -- Matthijs Mohlmann Mon, 17 Jul 2006 18:22:45 +0200 openldap2.3 (2.3.24-1) unstable; urgency=low [ Matthijs Mohlmann ] * New upstream version. (Closes: #369544) * Update patch slurpd-in-spool. (Closes: #368586, #368709, #368889) * Added slapi-errorlog-file to be into /var/log (Closes: #368895) * Removed patch configure.in-fix, incorporated upstream. * Move debian/configure.options.new to debian/configure.options. * Added patch to put ldapi socket in /var/run/slapd. * Removed bdb recovery from the init.d script. This was introduced to fix bug #255276. Now that slapd has the ability to check and recover from bdb failures, this function is not needed anymore. (Closes: #369484, #369093) * Updated the lintian overrides. [ Torsten Landschoff ] * Include man pages for accesslog and auditlog overlays, patch by Peter Marschall (closes: #368888). -- Matthijs Mohlmann Thu, 1 Jun 2006 08:16:02 +0200 openldap2.3 (2.3.23-1) unstable; urgency=low [ Matthijs Mohlmann ] * New upstream release. (Closes: #308906, #310282, #353877, #335618, #315158) (Closes: #310282, #319155) * OpenLDAP checks database before starting up. (Closes: #190165, #195079, #294701, #308416) * move_old_database_away isn't called in a while loop anymore (which would kill debconf interaction) (Closes: #299100) * BDB_CONFIG file will be installed on new installations (Closes: #301292) * Move to dh_install. * Move to quilt patch system. * Fix manpage. * Make ldiftopasswd and fix_ldif executable. (fixes lintian warnings) * Wipe passwords after we created the initial configuration. * The config scripts is runned twice, this causes the password in slapd/internal/adminpw to be empty. This fixes the issue with having an empty password in the ldap database. (Closes: #343113, #347725) * Added #DEBHELPER# token to fix a lintian warning. * bdb has changed between major versions, so dump the database and import it again for versions before 2.3.19. * Remove comments from debian/control (The out commented control information is actually in debian/control.dev) * Enable all backends and overlays with: --enable-backends=mod and --enable-overlays=mod * Add | debconf-2.0 to unblock cdebconf transition (Closes: #332053) * Added Danish debconf translation (Closes: #353897) * Updated French debconf translation (Closes: #320739) * Updated Vietnamese debconf translation (Closes: #319706) * Updated Czech debconf translation (Closes: #356554) * Encode the organization to utf8 (Closes: #236097) * Disabled the LDBM backend. Break in preinstallation if user doesn't want to migrate to BDB backend. * Removed choice for LDBM backend from slapd templates. And some explanation in that question about the LDBM backend. * Add sizelimit and tool-threads and some documentation to slapd.conf (Closes: #327808) * slapd.scripts-common had two functions with the same name. * Don't return a error message if hostname fails. * Backup the config only once on upgrade. * For new installations do not install a DB_CONFIG file but use the slapd.conf as file for BDB/HDB configuration parameters. See: slapd-bdb(5) * Added various "exit 0" to the installation scripts. * Add configure.in patch to fix C comparison what should be bash (ITS#4416) * Raise debconf configuration level from low to medium for slapd/no_configuration. * Updated Standards-Version to 3.7.2.0 * Added build-dependency on perl which is used in the debian/rules file. Considered by lintian. * Added lintian override for too-long-extended-description-in-templates, it is an explanation about the backends. [ Steve Langasek ] * debian/slapd.templates: Fix typo durin -> during; re-run debconf-updatepo, fixing up the fuzzies (closes: #319596). [ Torsten Landschoff ] * debian/slapd.scripts-common: Rename backend_supported to upgrade_supported_from_backend for more clarity. -- Matthijs Mohlmann Sat, 13 May 2006 00:28:11 +0200 openldap2.2 (2.2.26-4) unstable; urgency=low * [l10n] Vietnamese translations by Clytie Siddall (closes: #316623). * debian/slapd.templates: Fix typos occured -> occurred (closes: #316624). * libraries/libldap/url.c: Apply patch from upstream CVS to fix URI parsing (closes: #317100). -- Torsten Landschoff Tue, 19 Jul 2005 20:52:17 +0200 openldap2.2 (2.2.26-3) unstable; urgency=low * [SECURITY] Applied the patch available at http://bugzilla.padl.com/show_bug.cgi?id=210 to force libldap to really use TLS when requested in /etc/ldap/ldap.conf (cf. CAN-2005-2069). Clients still will use libldap2 from openldap2 source package so this is only to prepare unleashing the libraries of OpenLDAP 2.2 for unstable... -- Torsten Landschoff Sun, 3 Jul 2005 10:41:37 +0200 openldap2.2 (2.2.26-2) unstable; urgency=low * Assembled changes from patches supplied by Peter Marschall (thanks, Peter): | debian/move_files: Move slapd and slurpd to /usr/sbin and adjust symlinks (closes: #316354). + debian/slapd.links: Remove symlinks from /usr/sbin to /usr/lib. | debian/rules: Don't install cron jobs needed for GnuTLS as long as we are using OpenSSL. | debian/control: Remove build-dependencies needed for GnuTLS (closes: #316355). + Require libsasl >= 2.1.18 as recommended by OpenLDAP project. | Update quicktool patch from Quanah Gibson-Mount (closes: #316361). | debian/slapd.init: Use /bin/sh as shell when running db_recover (closes: #316350). | debian/configure.options: Enabled dynlist and proxycache overlays (closes: #316351). * debian/po/de.po: Apply typo correction patch (closes: #313809). * debian/po/fr.po: Apply updates by Christian Perrier (closes: #315122). -- Torsten Landschoff Fri, 1 Jul 2005 12:53:18 +0200 openldap2.2 (2.2.26-1) unstable; urgency=low * New upstream release. * debian/slapd.init: Run db_recover as the user configured for slapd (closes: #311331). * debian/po/cs.po: Add Czech translation by Miroslav Kure (closes: #312064). * Run debconf-updatepo, oh my :( * Update configure via libtoolize -cf; aclocal-1.4; autoconf2.50. * configure.in: Try to fix memcmp check (probably does not work anymore, but we should have a working memcmp on all Debian systems anyway). * debian/rules: Remove config.{sub,guess} before installing new versions (just in case there were symlinks for them...). -- Torsten Landschoff Tue, 21 Jun 2005 12:06:40 +0200 openldap2.2 (2.2.23-8) unstable; urgency=low * debian/DB_CONFIG: Fixed the log cache configuration (used the wrong command so there was about no effect). -- Torsten Landschoff Mon, 30 May 2005 08:48:10 +0200 openldap2.2 (2.2.23-7) unstable; urgency=low * debian/slapd.scripts-common: Install the default DB_CONFIG for each database loaded from LDIF which didn't have a DB_CONFIG before. * (automatic) Updated config.sub and config.guess from autotools-dev. -- Torsten Landschoff Mon, 30 May 2005 08:08:37 +0200 openldap2.2 (2.2.23-6) unstable; urgency=low Torsten Landschoff : * debian/po/ja.po: Merge updates from Kenshi Muto (closes: #303505). * debian/po/fr.po: Merge updates from Christian Perrier (closes: #306229). * debian/slapd.scripts-common: If the user enters the empty value for the database dumping directory use the default value. Seems like the readline interface does not care about the default value (closes: #308234). * debian/slapd.postinst: Make sure the debhelper commands are executed in all cases (closes: #310422). * Merged suggested changes by Eugene Konev to automatically run db_recover before starting slapd (closes: #255276). + debian/slapd.init: Run db_recover if enabled and available and no slapd process running. + debian/slapd.default: Add configuration option to disable it. * Applied and improved patch by Matthijs Mohlmann to support migration from ldbm to bdb backend. + debian/slapd.config: Ask if migration is wanted. + debian/slapd.postinst: Update configuration from ldbm to bdb if yes. + debian/slapd.scripts-common: Implemented some parts in their own functions. * Add a README.DB_CONFIG.gz and reference it where referring to BDB configuration. * Update default DB_CONFIG with some senseful values. Steve Langasek : * libraries/libldap_r/Makefile.in: make sure the ximian-connector ntlm patch is applied to libldap_r, not just to libldap * debian/move_files: make libldap a symlink to libldap_r, as carrying two versions of this library around is more trouble than it's worth, and can cause glorious segfaults down the line -- Torsten Landschoff Mon, 30 May 2005 08:07:49 +0200 openldap2.2 (2.2.23-5) unstable; urgency=low Torsten Landschoff : * debian/lintian-overrides: Add. Contains lintian warnings/errors to override for each package (plus comments). + debian/move_files: Automatically install applying overrides into each package. Steve Langasek : * configure.in: reinstate the remainder of the fix for 195990 from 2.1.22-2: give preference to -lpthread over -pthread in configure.in, because some archs (mipsel, at least) don't like -pthread. -- Steve Langasek Sun, 24 Apr 2005 05:01:02 -0700 openldap2.2 (2.2.23-4) unstable; urgency=low Torsten Landschoff : * debian/control: Make the requirement for debconf a pre-dependency as we are using it from the maintainer scripts. * debian/slapd.preinst: Always use debconf (don't check for availability). * debian/slapd.scripts-common: Remove the alert_user function which was there to output an error message in case debconf is not available. Steve Langasek : * debian/fix_ldif: Add code to fix up oddly formatted integer attribs; limited use because it only fixes those attributes that we have prior knowledge of (i.e., those in the default schemas we ship), but it's something at least. Closes: #302629. * debian/fix_ldif: Also change fix_ldif to not chew up everything that has a # in the line: treat lines beginning with # as comments, but # is a valid character in an attribute value. * debian/rules: Fix the check for missing lib symbols to use LD_LIBRARY_PATH, so the package builds on systems that don't already have libldap-2.2-7 installed. Closes: #305785. * debian/po/ja.po: Use the partial translation provided by Kenshi Muto. Stephen Frost : * debian/slapd.scripts-common: Make sure - ends up at the end of the bracket expression given to grep so it's not treated as a range (closes: #302743). -- Steve Langasek Sat, 23 Apr 2005 22:01:20 -0700 openldap2.2 (2.2.23-3) unstable; urgency=low Steve Langasek * libraries/libldap_r/Makefile.in: Code that uses pthreads *must* be linked with -pthread, even if it's a library; without this, the libldap_r library ends up with dangling unversioned reference to pthread_create() which gets resolved to a wrong version that causes segfaults on 64-bit platforms. Closes: #304549. * debian/rules: error out on build if an installed library has undefined symbols; future-proofing against a repeat of #304549. * debian/slapd.postinst: don't dump and reload directories unless we know we're upgrading from an incompatible version! Closes: #304840. * debian/slapd.scripts-common: don't use merge_logical_lines for functions that will be writing back to the config; the code is not as pretty now, but the output is much less ugly. Closes: #303243. * debian/slapd.examples, debian/slapd.scripts-common, debian/slapd.links, debian/move_files: install DB_CONFIG in /usr/share/slapd/ instead of /usr/share/doc/slapd/examples/; this simplifies the code, and ensures users who don't install /usr/share/doc aren't penalized. Create links for the DB_CONFIG and slapd.confg templates to /usr/share/doc/slapd/examples, since these are worthwhile examples as well. * Updated maintainer scripts to keep DB_CONFIG for LDAP databases over upgrades (closes: #265860). * Move slappasswd to the slapd package, since it's now a symlink and isn't actually useful without the slapd binary (closes: #304339). -- Torsten Landschoff Thu, 21 Apr 2005 01:29:57 +0200 openldap2.2 (2.2.23-2) unstable; urgency=low * debian/configure.options: Change localstatedir to /var from /var/run as the current upstream version adds /run to that during runtime for slapi sockets etc. Problem: The database location is specified relative to localstatedir/openldap-data. Another thing to fix... (closes: #298271, #304491). * debian/slapd.scripts-common (load_databases): Reimplement automatic fixing of LDIF data via the fix_ldif script. Only tried if an initial slapadd using the original LDIF data fails. With this change upgrading from woody for some simple cases does work again. * Disabled the version check for Berkeley DB in upstream code. Any libdb4.2 package should work but of course using the latest will give you the best results (closes: #300851). * debian/slapd.scripts-common (import_database): Removed, no longer used. * debian/slapd.scripts-common: Store the diagnostic output from slapadd and output it before aborting if the command failed. * debian/po/fr.po: Use the translations provided by Christian Perrier (closes: #304141). * debian/slapd.scripts-common: Use the -q option during slapadd to improve performance. * debian/slapd.templates (slapd/dump_database_destdir): Apply rewording changes from Thomas Prokosch. Gives the user more information about the usage of that directory. + Run debconf-updatepo to update the translation templates. * debian/slapd.templates: Clean up the debconf templates of the slapd packages by merging the changes suggested by Christian Perrier (closes: #302829). Thanks, Christian! + Changed the wording of some of the templates. + Adapt to the DTSG (Debconf Templates Style Guide). + Removed item slapd/admin which is not used anymore. + Run debconf-updatepo and send new fr.po to Christian Perrier. * debian/slapd.postinst: Make a backup copy of slapd.conf before changing anything (closes: #304485). * Trivial improvements: + Don't ask to move contents of /var/lib/ldap if it does not even exist (but also is not an empty directory...) in initial config. + Move check for current installation status out of configure_dumping. -- Torsten Landschoff Thu, 14 Apr 2005 19:57:11 +0200 openldap2.2 (2.2.23-1) unstable; urgency=low * debian/slapd.scripts-common: Move all shell functions of the maintainer scripts here to have it all in one place. * Another pass over the maintainer scripts to remove cruft and tidy up the code a bit. Fixed some bugs on the way. * Test upgrade and installation revealed some bugs, mostly typos: + return in shell actually is "return $?", not "return 0" as I though + Referenced $src where $srcdir was meant. + Only load old directories on upgrade and not during initial installation. -- Torsten Landschoff Fri, 1 Apr 2005 18:50:21 +0200 openldap2.2 (2.2.23-0.pre6) experimental; urgency=low Torsten Landschoff : * debian/slapd.postinst: Add a testing interface to test the helper functions. * debian/slapd.postinst: Make sure that debconf actually displays the error message even if the user has already seen it before. * debian/slapd.postinst (compute_backup_path): Make function more robust in case we don't know the old version or the suffix of the database. Converted the backup dir to a more simple scheme which should be save against accidental overwriting. * Rewrote part of the maintainer scripts for correct handling of directory dumps in preinst. New debconf questions etc. * Move the manpage of slappasswd to ldap-utils where slappasswd itself is included (closes: #300212). + debian/control: Add Replaces: slapd << 2.2.23-0.pre6 to ldap-utils. + debian/move_files: Move slappasswd manpage into ldap-utils. * debian/slapd.config: Don't fail if hostname is unset (pulled from Ubuntu, thanks to Jeff Bailey). * Applied patch by Quanah Gibson-Mount (directory administrator of Stanford) to add -q option to some tools for quick operation without updating logs. This is mostly for importing directories from LDIF backups. * Go back to libdb4.2 as OpenLDAP is known to have problems with BDB 4.3. + debian/control: Update dependencies for BDB 4.2. + debian/slapd.scripts-common: Mark all databases before this version as incompatible. * Fix some bashisms in maintainer scripts. * debian/slapd.postinst: Include the version of the backup in the backup of a database directory. Carlo Contavalli : * debian/slapd.init: Print command line if starting a daemon failed. * debian/slapd.postinst: Handle hdb backend just as if it was bdb. * debian/README.Debian: Add some notes about DB_CONFIG and how to run slapd under a different uid/gid. * Install an example DB_CONFIG file during initial configuration + slapd.postinst: Add a function to implement this and hook it into create_new_configuration. + debian/DB_CONFIG: Example DB_CONFIG that is installed. + debian/slapd.examples: Mark DB_CONFIG as an example. * servers/slapd/daemon.c: Actually change the permissions of the unix socket if requested using an ldapi url with x-mod. * debian/slapd.scripts-common: change privileges of upgraded databases as indicated by SLAPD_USER and SLAPD_GROUP variables. * debian/slapd.scripts-common,slapd.postinst: corrected some minor typos. -- Torsten Landschoff Fri, 1 Apr 2005 12:26:35 +0200 openldap2.2 (2.2.23-0.pre5) experimental; urgency=low * Apply NTLM patch from ximian-connector source package. * debian/slapd.postinst: Fix small typo leading to upgrade failures. Added some notes while wading through maintainer scripts. * debian/slapd.postinst: Make slapadd more noisy, writing the new directory to stderr if something goes wrong (should help for bug #236097). * Make slapd.init idempotent by adding --oknodo to start-stop-daemon invocations (closes: #298741). Kudos to Bill Allombert for this patch. * slapd.postinst: Try to fix slapd.conf for syntactic and semantic changes introduced upstream into 2.2.x. * slapd.scripts-common: Make sure directories before 2.2.23 are dumped and reloaded on upgrade. -- Torsten Landschoff Fri, 11 Mar 2005 18:54:57 +0100 openldap2.2 (2.2.23-0.pre4) experimental; urgency=low * Rename libldap2.2 to libldap-2.2-7 to match soname. Updated debian/{control,rules,...}. * Checked the usage of the ucdata files shipped with libldap2 before. Actually they stem from liblunicode which is only linked to slapd. Therefore those files are shipped with slapd now. This change is relevant so that multiple libldap-2.2-x packages can coexist later. * debian/control: Updated for slapd replacing files from libldap2. * debian/control: Recommend db4.3-util instead of db4.2-util as we are using the former version now for slapd. * debian/control: Add Build-Depends for libperl-dev, this time for real. I wonder what went wrong last time as it built correctly with pdebuild (closes: #297123). -- Torsten Landschoff Mon, 28 Feb 2005 15:17:52 +0100 openldap2.2 (2.2.23-0.pre3) experimental; urgency=low * debian/slapd.prerm: Reformat and fix double stopping of slapd. Find out which bug we are working around and document it. * debian/configure.options: Enable ACI support (closes: #101602). Looked through the source code and it seems to be properly insulated to not make a difference when not used. * .../Makefile.in: Remove -s option from install invocations and let dh_strip handle stripping binaries (closes: #264448). * debian/slapd.postinst: Code cleanup and reading, unused and duplicate code removed. Main body still needs fixing. * debian/slapd.postinst: Fixed chmod --reference calls to keep the permissions of slapd.conf. Putting data into the file using shell redirection recreates the file with default umask and owner, killing the permissions we applied using chod --reference after creating the file. Instead we change the permissions directly before renaming the file now. Wrapped it into a function and update the owner as well. How do we do this correctly for ACLs etc.!? Thanks to Carlo Contavalli for pointing this out. * servers/slapd/main.c: Log a warning if writing the pidfile or writing the arguments file fails (closes: #261696). * debian/control: Add missing build dependency for perl development library (closes: #297123). -- Torsten Landschoff Sun, 27 Feb 2005 17:44:03 +0100 openldap2.2 (2.2.23-0.pre2) experimental; urgency=low * servers/slurpd/slurp.h: Relocate the default spool directory to /var/spool/slurpd again. * Merged some changes done by Fabio M. Di Nitto for the ubuntu distribution (thanks, Fabio!): + debian/slapd.{postinst,conf}: Checkpoint BDB databases every 512kb or 30 minutes by default. + debian/slapd.scripts-common: Make is_empty_dir less noisy on first install (cosmetic). * Applied some changes suggested by Ondrej Sury: + debian/rules: Add MAKEVARS variable and set datadir = /usr/share/libldap2.2/ucdata instead of changing build/top.mk as suggested. + debian/move_files: Install /usr/share/libldap2.2 into libldap2.2 and remove duplicate ldap.conf manpage. + debian/control: Let libldap2.2 dependon libldap2 for config files. * Also in Ondrej's patch: + doc/man/man8/slapd.8: Refer to slapd.conf instead of ldap.h for loglevel documentation. Changed by ubuntu? I don't know... * debian/slapd.README.Debian: Update TLS/SSL information. -- Torsten Landschoff Fri, 25 Feb 2005 14:44:59 +0100 openldap2.2 (2.2.23-0.pre1) experimental; urgency=low * Merge new upstream release 2.2.23. * Change name of source package to openldap2.2. * configure.in: Fix AC_LIBOBJ for configure2.50. * Run libtoolize, aclocal-1.4 and autoconf2.50 to get a working configure script. * debian/slapd.init: Output failure reasons using "$failure" so that no glob substitution is done. Had a hard time grokking why slapd would mention the contents of the current directory in its error message... * debian/rules: Disable building -dev packages as we don't want other packages to link against the new libraries before sarge. Remove the binary-indep target from the binary dependends list. * debian/control: Move packages that are no longer build into control-dev. * debian/configure.options: Build against OpenSSL with --with-tls (this can only be done for slapd itself, we need GnuTLS support before enabling this for libldap2.2-dev). * debian/control: Update build dependencies for libdb4.3 and OpenSSL. -- Torsten Landschoff Wed, 23 Feb 2005 19:29:38 +0100 openldap2 (2.2.18-0.pre2) experimental; urgency=low * debian/check_config: Make sasl2 check more robust against file format changes in config.status. * debian/libldap2.shlibs: Remove. * Update configure script using libtoolize, aclocal-1.4 and autoconf2.50 to fix wrong shared library dependency in libldap2.2 (depended on libldap2 by linking against the system's liblber). * debian/libldap2.README.Debian: Move to libldap2.2.README.Debian. * Lintian cleanup: + Run debconf-updatepo for debian/rules clean and manually as requested. + Update config.guess and config.sub in debian/rules clean as well. First update done. + debian/rules (install): Fix the manpage section of the admin commands from 8C to 8. + debian/rules (binary-arch): Run dh_fixperms to fix the permissions on shared libraries. -- Torsten Landschoff Thu, 13 Jan 2005 11:53:28 +0100 openldap2 (2.2.18-0.pre1) experimental; urgency=low * New upstream release. * Disable TLS for now. * debian/rules: Don't run autoheader and autoconf. * debian/configure.options: Recreated and updated for new setup. * debian/rules: Move slapd, slurpd from /usr/lib to /usr/sbin. * Rename library packages to include the OpenLDAP version. * Remove /etc/ldap/ldap*.conf from libldap2.2 to avoid clash with libldap2. Also add Replaces entry for libldap2 to allow overwriting for now. Needs fixing... * Instead of moving slapd from /usr/lib to /usr/sbin create a symlink. Seems like slapadd etc. are now all included in the slapd binary and all link to its binary. * debian/rules: Run dh_link for arch dependend packages. * configure: Fix broken libdb checking which forced static building of back-bdb. * debian/slapd.conf: Fix access directive to use "attrs=" instead of "attribute=" which wasn't officially supported anyway. -- Torsten Landschoff Wed, 3 Nov 2004 09:57:14 +0100 openldap2 (2.1.30-3) unstable; urgency=high * Urgeny high since previous releases were hardly usable (at least with TLS). * Roland Bauerschmidt + libraries/libldap/gnutls.c, libraries/libldap/tls.c, include/ldap_pvt_gnutls.h: Use callback with gnutls_certificate_set_params_function to generate dh_params and rsa_params (this is also the way, it's done with OpenSSL). We need GNUTLS 1.0.9 for this. With the new version of libgcrypt, we also need to initialize threading explicitly. The previous segmentation faults resulted from the *global* param structure being recreated and freed for every session. Many thanks to Matthias Urlichs who helped debugging a lot and also packaged GNUTLS 1.0.16 very quickly... Closes: #244827. + debian/control: Add build dependency to libgcrypt11-dev (we're initializing it directly now) and change libgnutls10-dev to libgnutls11-dev. + libraries/libldap/gnutls.c: in tls_gnutls_need_{dh,rsa}_params (formerly ldap_gnutls_need_...), create temp files more securely, doing unlink before opening and opening them with O_EXCL. This is necessary because under Linux 2.6 all threads have the same PID. Thanks to Andrew Suffield for pointing this out. + debian/slapd.cron.daily: cron job to remove GNUTLS rsa_export and dh param cache files every day. + debian/slapd.README.Debian: add note that we use GNUTLS rather than OpenSSL. -- Roland Bauerschmidt Mon, 26 Jul 2004 18:41:23 +0200 openldap2 (2.1.30-2) unstable; urgency=low * Roland Bauerschmidt + debian/slapd.scripts-common: add missing space before ! Closes: #251036, #253633, #257513. * Torsten Landschoff + Applied patch by Ralf Hack to support non-standard config file location in /etc/default/slapd (closes: #229195). + Applied patch to fix handling of abandoned commands (closes: #254183). Thanks to Peter Marschall for submitting it. + Applied patch to fix memory leak after search (closes: #254184). Thanks again, Peter! + Applied trivial patch to support logging to DAEMON facility as well as LOCAL* (closes: #254186). Here you are, Peter ;) -- Roland Bauerschmidt Fri, 09 Jul 2004 15:56:06 +0200 openldap2 (2.1.30-1) unstable; urgency=low * Torsten Landschoff : + debian/control: Have slapd conflict with libltdl3 version 1.5.4-1 as with that version loading of .so files is broken which breaks slapd (closes: #249152). + Applied patch to fix Perl backend (closes: #245347). Kudos to Peter Marschall. + debian/configure.options: Enable building of Perl backend. * Roland Bauerschmidt + debian/slapd.templates: replace 'domain' with 'DNS domain name' which is little more specific + debian/slapd.config: check if the domain has a valid syntax to prevent slapadd from failing. Closes: #235749. + New upstream version with fix for NS-MTA-MD5 hash length checking. Closes: #226583. -- Torsten Landschoff Mon, 24 May 2004 23:33:21 +0200 openldap2 (2.1.29-2) unstable; urgency=low * Roland Bauerschmidt + debian/rules: Revert change to install ldapadd as symlink. Somehow, with that change, ldapadd didn't get installed at all. Closes: #243537. -- Roland Bauerschmidt Tue, 13 Apr 2004 19:49:55 +0200 openldap2 (2.1.29-1) unstable; urgency=low * Stephen Frost + libraries/gnutls.c: Generate and store RSA/DH parameters, based off a patch by Petr Vandrovec (though changed alot). Closes: #234639, #234593 * Roland Bauerschmidt + Merged new upstream release. + debian/slapd.prerm: add #DEBHELPER# token. + debian/control: have slapd depend on debconf (>= 0.5) to ensure it supports the seen flag. + debian/rules: ldapadd is installed as a hardlink to ldapmodify; use a symlink instead. + debian/slapd.{scripts-common,postinst,preinst,config}: Add new function read_slapd_conf that evaluates include statements. -- Torsten Landschoff Mon, 12 Apr 2004 15:27:55 +0200 openldap2 (2.1.26-1) unstable; urgency=low * Torsten Landschoff : + Merged new upstream release. + debian/slapd.templates (slapd/purge_database): Set default value to false. + debian/slapd.config (manual_configuration_wanted): Don't exit from the script directly if the user wants to configure slapd manually (exit 0 -> return 0). + Build-depend on libgnutls10-dev instead of libgnutls7-dev and rebuild (closes: #233833). + Move previous content of /var/lib/ldap away during creation of an initial directory (closes: #228886, #233512). + debian/slapd.postrm: Remove flag files in /var/lib/slapd on purge. + Removed functionality (verbose error messages) from gnutls.c until it compiled with libgnutls10-dev :-(( + debian/slapd.postinst: Overwrite existing /etc/ldap/slapd.conf (only reached during initial installation/dpkg-reconfigure). -- Torsten Landschoff Mon, 23 Feb 2004 09:36:32 +0100 openldap2 (2.1.25-1) unstable; urgency=low * Roland Bauerschmidt : + New upstream version. - Build against libdb4.2. Hopefully, this resolves the BDB lock ups when configured improperly. + debian/control: Have ldap-utils depend on the same version of libldap2, and libldap2 conflict with ldap-utils (<= 2.1.23-1). Closes: #216661. + debian/slapd.{templates,config}: Check if there are slave databases in slapd.conf lacking an updateref option, and warn about it. Closes: #216797. + debian/slapd.{templates,config,postinst,conf}: Ask which database backend to use (BDB or LDBM). + debian/slapd.README.Debian: cleanup + servers/slapd/back-bdb/dbcache.c: Turn off subdatabases. This is an incompatible database format change, but according to Howard Chu "using them (subdatabases) is known to cause deadlocks on multiprocessor machines, among other issues." + debian/control: add Recommends: db4.2-util to slapd + debian/control: add Recommends: libsasl2-modules to slapd and ldap-utils. Closes: #224058. + debian/slapd.{scripts-common,preinst,postinst}: Extended dump and restore code to deal with different versions for different backends. + debian/control: Geez, centipede seems to have vanished a long time ago. So don't claim it's included in the slapd package. + debian/slapd.docs: created with servers/slapd/back-sql/ rdbms_depends. Closes: #225807. * Torsten Landschoff : + debian/move_files: Install slappasswd into ldap-utils instead of slapd as it's useful without slapd as well (closes: #228705). + debian/control: Make ldap-utils Replaces: slapd < 2.1.25 because of that change. + debian/control: Use libdb4.2-dev instead of libdb4.1-dev as a number of problems seem to be related to DB 4.1. -- Torsten Landschoff Fri, 6 Feb 2004 20:48:22 +0100 openldap2 (2.1.23-1) unstable; urgency=low * Roland Bauerschmidt : + New upstream version. + Applied fix for admin password breakage from Michael Beattie . Closes: #214270. + Added Dutch Debconf template translation by cobaco@linux.be. Closes: #215373. + Bumped Standards-Version (no changes needed). * Torsten Landschoff : + debian/move_files: Install slappasswd into ldap-utils instead of slapd (closes: #228705). -- Roland Bauerschmidt Sat, 18 Oct 2003 19:56:54 +0200 openldap2 (2.1.22-3) unstable; urgency=low * Call perl -w to run debian/dh_installscripts-common. Closes: #214054. -- Roland Bauerschmidt Sat, 4 Oct 2003 14:22:11 +0200 openldap2 (2.1.22-2) unstable; urgency=high * Stephen Frost + servers/slapd/daemon.c: Apply patch from head for select handling. + debian/rules: Fix build options to optimize correctly and to use DEB_BUILD_OPTIONS (Policy, 10.1). Closes: #202306 + debian/slapd.conf: Add in ACL for root DSE explicitly. + debian/slapd.init: Add --oknodo in stop_slurpd. Closes: #202592 + debian/rules: Need quotes around $(CFLAGS) on configure line. + debian/slapd.init: Remove \'s before quotes around pidfile. + debian/slapd.init: Add support for -h slapd flag. Closes: #201991 + debian/slapd.default: Add variable $SLAPD_SERVICES for slapd -h. + libraries/libldap/tls.c: Apply patch from asuffield in #202741 to fix subjectAltName usage. Closes: #202741 * Torsten Landschoff : + Fix invocation of "head" in maintainer scripts and replace usage of [ foo -a bar ] by [ foo ] && [ bar ] (closes: #203292). + debian/slapd.postrm: Small cleanup, only remove the directory, not the backups, on purge. + debian/rules: Don't run the upstream install target if we did not rebuild the whole tree. Makes debugging maintainer script much more tolerable. + debian/slapd.config: Cleaned up and restructured for readability. + debian/slapd.templates: Replaced the invalid_suffix template with invalid_config which is more general and can be used for any inconsistency in the initial configuration. + debian/slapd.postinst: Rewritten to eliminate all that spaghetti. Did not yet implement all old features again... - Now the #DEBHELPER# part is always reached so that the daemon will be restarted even if no automatic configuration is wanted (closes: #204008). + Fixed the undefined symbols in libldap_r.so.2 (closes: #195990). | configure.in: Try -lpthread before -pthread to link the thread library. libtool does not pass -pthread through, -lpthread seems to work though. | libraries/libldap_r/Makefile.in: Add $(LTHREAD_LIBS) to UNIX_LINK_LIBS so that pthread is linked when creating a shared library as well. * Roland Bauerschmidt : + debian/configure.options: change --localstatedir=/var/lib to --localstatedir=/var/run. Since localstatedir isn't used anywhere in the code, except for the ldapi socket (and examples in the manpages which are correct at the moment anyway), all this change does should be changing the default location of the ldapi socket from /var/lib/ldapi to /var/run/ldapi. Closes: #160965. + libraries/libldap/tls.c: In get_ca_list, walk through CACERTDIR manually if building against GNUTLS (since there is no equivalent to SSL_add_dir_cert_subjects_to_stack). Closes: #205609. + debian/slapd.preinst: create /var/backups/ldap/$oldver with permissions 0700. Also change permissions for /var/backups/ldap to 0700 if it already exists. Closes: #209019. + Added Japanese translation of Debconf templates by Kenshi Muto . Closes: #210731. + debian/slapd.{postinst,preinst,config}: Replaced duplicate implementations of the same functions with one version and moved those into debian/slapd.scripts-common which will be included by debian/dh_installscripts-common. + debian/slapd.preinst: before dumping the database, check if the backend is supported + debian/slapd.postinst: - add -q to grep call for allow bind_v2 - readded pre-2.1 (woody) upgrade path (that is, dumping, fixing and reimporting the database) -- Roland Bauerschmidt Fri, 3 Oct 2003 15:35:29 +0200 openldap2 (2.1.22-1) unstable; urgency=low * Stephen Frost : + New upstream version (minor changes). + debian/control: Change build-deps to autoconf2.13, Closes: #201482 + debian/rules: Add dh_compress -i for binary-indep. + debian/slapd.postinst: Give variable for read (avoids bashism). + configure/.in: Use upstream's version of back-meta/back-ldap fix. -- Stephen Frost Wed, 16 Jul 2003 08:42:23 -0400 openldap2 (2.1.21-2) unstable; urgency=low * Stephen Frost : + debian/slapd.preinst: slapcat here if possible, if slapcat not available then slapcat in postinst. Also remove old unused function. + debian/slapd.postinst: Check if slapcat in preinst worked and use those results in preference. Also moved to using /var/backups/ldap. + servers/slapd/daemon.c: Provide more information on socket/bind failures. Patch submitted upstream. Closes: #94967. + ./configure, ./configure.in: Fix check for back_ldap in back_meta. back_ldap now included as module. back_ldap and back_meta appear to load fine, though order may matter. Closes: #196995. + debian/control: Add versioned Depends on perl, need recent version for migration script. + debian/slapd.{pre,post}inst: Allow for whitespace in postinst before database definitions + debian/control: Drop the libldap2-dev Depends that aren't actually necessary. + debian/slapd.preinst: Add create_sed_script to create the script to deal with multi-line commands in slapd.conf. Modify things to use sed script to preprocess slapd.conf before using it. Remove support for whitespace preceeding commands. + debian/slapd.postinst: Add create_sed_script here too and modify everything to use it as necessary. Also change everything to reference $SLAPD_CONF instead of /etc/ldap/slapd.conf everywhere. Remove support for whitespace preceeding commands. + debian/slapd.postinst: Removed all tabs. Changed all sed scripts to used [:space:] instead of [space tab]. + debian/slapd.postinst: Removed debugging statements from ldap_v2 support handling code. + debian/slapd.preinst: Changed to use mktemp for sed script. + debian/slapd.postinst: Changed to use mktemp for sed script. + debian/slapd.config: If no hostname set just use debian.org. + contrib/ldapc++/config.{sub,guess}: Resync back to upstream, no reason not to, we don't even build this stuff... + debian/control: Change build-depends to libgnutls7-dev instead of libssl-dev. + debian/rules: Now run autoconf && autoheader to pick up on the configure.in changes needed for GNU TLS. + debian/copyright: Added Steve Langasek (SL) copyright statement. + Patch from Steve Langasek for GNU TLS support, Closes: #198553 | include/ldap_pvt_gnutls.h: Added for GNU TLS | configure.in: Now uses GNU TLS where available. | servers/slapd/schema_init.c: Modified for GNU TLS- some functions removed because GNU TLS layer does not support them yet. | build/install-sh: Added for new autoconf. | libraries/libldap/Makefile.in: Changed to compile GNU TLS portions. | libraries/libldap/getdn.c: Stub function added, GNU TLS layer does not support TLS certificates for authentication yet. | libraries/libldap/tls.c: Now calls GNU TLS functions instead of OpenSSL. | libraries/libldap/gnutls.c: Added to support GNU TLS in place of OpenSSL for TLS connections. | libraries/libldap_r/Makefile.in: Changed to compile GNU TLS portions. + debian/slapd.postinst: remove temp file if upgrading or doing a reconfigure but the OLDSUFFIX and basedn match so that we do not move an empty file overtop of slapd.conf. Closes: #190797. + debian/slapd.init: Inform user when not starting slapd due to no configuration file found. Deals with users who select to not configure slapd during installation. + debian/slapd.init: Removed cat <<-EOF and got rid of associated tabs; best to not depend on tab vs. space distinction. + debian/slapd.config: Change debconf question names to be fully qualified in the $var from the for loop- organization is under shared/ and domain is under slapd/, not both under slapd/. + debian/slapd.postrm: Can not depend on debconf being around in postrm so check before attempting to source it. Also protect against failure from db_get. + debian/slapd.postinst: Check for old directory and move it out of the way if it exists on new configure or reconfigure. + debian/slapd.postinst: Fix db_input's for error messages, should be high priority and need to || true them. + debian/slapd.postinst: Do not error exit once we've told the user about the problem, if there was one, with slapcat/slapadd. + debian/slapd.postinst: Make sure we get the organization before we attempt to fix_ldif on old slapcat output. Default to unknown if the organization is not set. + debian/slapd.postinst: Be sure that slapd has been stopped before attempting to fix and slapadd old slapcat. + debian/slapd.postinst: Do not use --exec with s-s-d in postinst. + debian/slapd.postinst: grep calls need to be || true'd when no matching lines found is possible (this case is handled). + debian/slapd.postinst: Be very sure slapd has stopped before attempting to upgrade database. + debian/slapd.preinst: Use either the pidfile or exec if pidfile is not available when stopping. Do not put \"\" around pidfile. Use $oldver instead of $2. + debian/slapd.config: Reask questions on a reconfigure. Use the same logic as slapd.postinst for when to ask questions regarding the db. Be sure to db_go after db_input's. + debian/slapd.templates: Fix allow_bind_v2 short description to make more sense since the default is off. + debian/slapd.preinst: Use perl instead of sed for handling conf. + debian/slapd.postinst: Use perl instead of sed for handling conf, use old sed method to insert \n's, user invoke-rc.d when slapd needs to be stopped. Assume preinst shuts slapd down for upgrade. + debian/slapd.postinst: Only stop slapd on reconfigure. * Torsten Landschoff : + doc/man/man8/slapd.8: Refer to slapd.conf(5) for a description of the debugging level (closes: #176980). + debian/move_files: Kill of the static archives of our backend modules as they are of absolutely no use. * Steve Langasek : + debian/slapd.postinst: Add a new function, get_database_list, that prints out the list of configured databases from slapd.conf one row at a time. Move all of the upgrade handling into a loop, and iterate through the configured databases. Since the while loop is in fact a subshell, be sure to handle errors correctly. We also have to look at the configured directory for each database, instead of assuming /var/lib/ldap. Closes: #190155, #190156. + debian/slapd.preinst: Simplify the handling of error status: if the slapcat fails, just remove the ldif file. Also, add the suffix to the name of the output file, and add the get_database_list function here as well. * Roland Bauerschmidt : + debian/rules: call dh_makeshlibs with -plibldap2 rather than just with libldap2 + debian/slapd.postinst: Add question about no configuration. + debian/slapd.templates: Add template for no config question. + debian/slapd.templates: Add template for invalid suffix. + debian/slapd.config: Add no configuration option. Closes: #87986 + debian/slapd.config: Complain to the user on invalid domain/org. -- Stephen Frost Tue, 15 Jul 2003 12:37:05 -0400 openldap2 (2.1.21-1) unstable; urgency=low * Torsten Landschoff : + Merged new upstream release. * Stephen Frost : + debian/control: Add libbind-dev and bind-dev to the conflicts for slapd, the libs in them can end up being used even when not compiled against causing getaddrinfo() to fail. Closes: #166777 + debian/copyright: Flush out the copyright file to include all found copyrights and updates to those. + debian/copyright: Add clarification of MA license + debian/copyright: Add clarification of JC license + debian/slapd.templates: More clearly inform users of important config change. Closes: #194192. + debian/control: Remove patch from build-depends (dpkg-dev depends on it) + debian/fix_ldif: Correctly handle base64-encoded DNs. Closes: #197014. + debian/slapd.templates: Added templates for asking about LDAPv2 support and telling the user of slapcat/slapadd failures during upgrade. + debian/slapd.postinst: Added support for adding LDAPv2 support + debian/slapd.postinst: Modified to handle slapcat/slapadd failure. In the event of an upgrade failure the database will be left untouched and the user notified. Closes: #192431 + debian/slapd.postinst: Use ldif_dump_location in more places... + debian/slapd.prerm: Check if upgrade failed and assume bad old init.d script was used and attempt to shut down slapd with --oknodo in case slapd isn't running. Closes: #193854. (Again) + debian/slapd.conf: Add commented out allow line + debian/rules: Tell dh_installinit to not touch slapd.prerm now. + debian/slapd.postinst: Do a dry-run with slapadd first and check if that worked or not. If it did not work then tell the user, otherwise do a real slapadd which should work. + debian/slapd.postinst: Make sure slapd is stopped before doing slapadd/slapcat's and the like. (Note: The woody version does not stop slapd). Closes: #189777. + debian/slapd.postinst: Check if directories exist before attempting to mkdir them. Closes: #189947 + debian/slapd.README.debian: Add note about runlevel issue. Closes: #175736 + debian/move_files: Copy ldiftopasswd into /usr/share/slapd for users to use, if they find it useful. Closes: #94963. + debian/slapd.README.Debian: Added note about ldiftopasswd. * Roland Bauerschmidt : + debian/slapd.postinst: fixed typos and check for the existence of slapd.conf before reading it. -- Torsten Landschoff Thu, 19 Jun 2003 17:35:32 +0200 openldap2 (2.1.17-3) unstable; urgency=low * Stephen Frost : + debian/slapd.init: Add --oknodo for stopping slapd. Closes: #192423, #193854. + debian/slapd.init: Change START_SLURPD to SLURPD_START. Closes: #190724. + debian/libldap2.shlibs: Bump to 2.1.17- 2.1.12 never hit the archive. These should only be bumped when new symbols are added so we should figure out a way to handle checking that. + debian/slapd.dirs: Added /var/run/slapd for pidfile + debian/slapd.conf: Moved pidfile to /var/run/slapd; Needed if running non-root. + debian/slapd.conf: Clean up config file, be more explicit about what directives are 'general', 'backend', and 'database'. Moved and commented out 'replogfile' since it is database specific, wasn't doing anything where it was and use of it depends on slurpd usage. I consider this solving #151511 since we don't ask if you want to use replication anymore anyway. Closes: #151511 + debian/copy_slapd_dev_files: Added to copy the include files for building slapd back-ends. + debian/control: Add warning about libslapd2-dev + debian/control: Add build-depend on po-debconf for dh_installdebconf + debian/slapd.default: Add option for settings SLAPD_CONF file + debian/slapd.init: Changed to use SLAPD_CONF, setting it to /etc/ldap/slapd.conf if it is not specified. Closes: #91318 + debian/control: Added libslapd2-dev to control file. Closes: #192163. + debian/rules: Added binary-indep to the binary: build line and flushed it out to build the libslapd2-dev deb. Added -k to dh_clean since we're building arch and indep debs now. + Maintainer upload, acknowledge NMU. Closes: #98039. + Add debian/po/fr.po from 194740. Closes: #194740 + Add space before ']' on line 113 of postinst. Closes: #194192, #194943 * Torsten Landschoff : + debian/control: Enforce libldap2 to be the same version as slapd as slapd (legitimately) uses internal functions of that library (closes: #190164). + debian/slapd.postinst: Fix the regexp for finding the database definitions. * Steve Langasek : + debian/slapd.preinst: don't use debconf or ldapsearch in the preinst, as this is a policy violation (even if a previous version was installed, it could've been removed-but-not-purged). Closes: #189811, #195029. + debian/slapd.{pre,post}inst: dump & fix up the directory in the postinst, not in the preinst -- using slapcat/slapadd, not ldapmodify. This ensures that the dump will succeed whenever the database is present, rather than depending on access to an admin dn. Closes: #190085. + debian/fix_ldif, debian/move_files, debian/copyright: add Dave Horsfall's dn-fixing script, to handle objectClass upgrading + debian/slapd.postinst: Skip the duplicate prompting for the organization name; we're guaranteed to always have one. -- Torsten Landschoff Fri, 6 Jun 2003 16:56:16 +0200 openldap2 (2.1.17-2) unstable; urgency=low * The who-says-slavery-is-dead upload. * Steve Langasek : + debian/slapd.postinst: Fix the database regexp. + debian/slapd.postinst: Only add moduleload lines *once* on upgrade from 2.0. Wrap the backup code with a check for /var/lib/slapd/upgrade_2.0, to guarantee idempotency. Closes: #190401. + debian/slapd.{config,templates,postinst}: On dpkg-reconfigure, don't wipe out an existing config; only merge in any requested changes. Also, prompt before wiping out the existing db. Closes: #190799. + debian/slapd.{postinst,examples},debian/rules: Move slapd.conf from doc/slapd/examples to /usr/share/slapd, per policy. + debian/slapd.postinst: make sure slapd.conf is always created atomically. + debian/slapd.postrm: If removing databases on package purge, remove any database backups as well. * Torsten Landschoff : + debian/configure.options: Disable ACIs because they are still experimental. + debian/control: Change section and priority of libldap2-dev to libdevel and extra respectively (dinstall message). + debian/slapd.preinst: Only query the object classes of the root dn if there was no error parsing the config. + Update templates for po-debconf using the patch submitted by Andre Luis Lopes (closes: #189933). + Use [[:space:]] instead of [\t ] in sed invocations since the latter does not seem to work (reported by Daniel Lutz). + debian/control: Add Replaces: entry for openldapd since ldif.5.gz was included in the potato package of that name (closes: #190660). + debian/control: Tighten the build dependency on libtldl3-dev as versions before 1.4.3 required the .la file for dynamic binding (thanks to Josip Rodin for pointing this out). -- Torsten Landschoff Sat, 19 Apr 2003 02:28:32 +0200 openldap2 (2.1.17-1) unstable; urgency=low * New upstream release. * Torsten Landschoff : + debian/slapd.init: Improve the error reporting. If nothing is output by the failing command don't leave the user alone but print a hint to look into the logfile etc. + debian/control: Require at least version 2.1.3 of libsasl2-dev as this is what the configure script checks for. Pointed out by Norbert Tretkowski. + debian/slapd.{pre,post}inst: Small cleanups, added some comments, adapted for the removal of the .la files in slapd package. -- Torsten Landschoff Sat, 19 Apr 2003 01:59:26 +0200 openldap2.1 (2.1.16-1) unstable; urgency=low * New upstream release. + build/top.mk: Remove patch to omit "-static" at linking time. Upstream now respects the --enable-shared flag used at configuration time. + debian/slapd.postinst: Automagically add the module load directives after upgrade as needed. + debian/slapd.config: - Only ask questions to create a new directory on fresh install. - Ask wether the right modules should automatically be loaded in slapd.conf. + debian/slapd.templates: Add the templates for autoloading modules and fixing the directory. + debian/slapd.preinst: New script to support upgrading from 2.0. The old prerm did not stop the daemon so we have to do it here. Also a first attempt to fix broken LDAP directories not acceptable to 2.1. - Conditionally load debconf when upgrading as it only has to be available in that case. + debian/slapd.preinst: Dump database before upgrade. + debian/slapd.postinst: Recreate database from dump after upgrade. Move old database out of the way. * Roland Bauerschmidt + debian/slapd.README.Debian: mention that backend database modules are now compiled as shared objects * Stephen Frost + debian/slapd.conf: Drop the '.la' file extension + debian/move_files: Drop and rm the .la files, they aren't necessary. + debian/slapd.README.Debian: Dropped the .la from the module_load line. + servers/slapd/daemon.c: check slapd_srvurls is not NULL before deref; included in upstream CVS. + servers/slapd/back-*/init.c: Change the munged symbol names to init_module, they do not need to be munged, and cause problems when they are and not using .la files (which cause other problems) + servers/slapd/module.c: Change to use lt_dlopenext() so we don't need the .la files -- Torsten Landschoff Wed, 26 Mar 2003 20:34:35 +0100 openldap2.1 (2.1.12-1) experimental; urgency=low * Initial release of OpenLDAP 2.1 packages. Closes: #167566, #178014. - this includes support for the >= and <= operators. Closes: #159078. - fixes various upstream bugs. Closes: #171008. * Torsten Landschoff - debian/check_config: Added script to check if OpenLDAP was configured the way we want it. - Don't build special TLS packages anymore - SSL is enabled in the stock ldap library. Everything else will just give me more headaches. - Build against libsasl2 instead of libsasl1. Closes: #176462. - debian/control: - Build-depend on debhelper 4.0 as debian/rules uses DH_COMPAT=4. - Depend on coreutils | fileutils. Closes: #175704, #185676. - Make libldap2 conflict with libldap2-tls which is obsolete now. - debian/rules: Move the long list of configure options to a new file debian/configure.options and read $(CONFIG) from that file. - configure with --enable-aci. Closes: #101602. - debian/slapd.init: Rewrite and add comments. - Add support for running as non-root (closes: #111765, #157037). - servers/slapd/main.c (main): Remove pid file on exit (closes: #162284). - servers/slurpd/slurp.h: Change the default spool directory to /var/spool/slurpd (avoids passing it via -t in init.d). - servers/{slapd,slurpd}/Makefile.in: Install binaries into sbindir instead of libexecdir. - debian/control: Add Stephen Frost to the Uploaders field. Thanks for your help, Stephen! - contrib/ldapc++/config.{guess,sub}: Replaced with current files from autotools-dev (lintian). Not actually neccessary since this part of the package is not currently built but I think this is the best way to shut up lintian :) - build/mod.mk: Use -m 644 instead of -m 755 in installing shared libraries. Shared libraries should not be marked as executable (lintian). - debian/libldap2.conffiles: Remove, since we are using version 4 of debhelper which tags everything in /etc as conffile by default. - debian/rules: Change the mode of everything upstream installed into /etc to 0644 as required by policy (lintian). - debian/rules: Call dh_installdeb later in the binary target so that the conffiles are already there for listing. Without this nothing in /etc gets tagged as conffile... (lintian). - debian/rules: Pass the start and stop priority of slapd to dh_installinit in preparation for a postinst supported by debhelper. - debian/rules: Call dh_installdirs again. - Rewrite slapd.config, slapd.postinst, slapd.templates - a first try in getting slapd to configure itself. Way to go. * Roland Bauerschmidt - debian/control: - build-depend on libdb4.1-dev instead of libdb4.0-dev - conflict, replace, and provide libldap2-tls (libldap2) - removed ldap-gateways binary package - drop suggestion to obsolete openldap-guide. Closes: #171894, #146968. - debian/rules: - build with BDB backend - run dh_installdeb - only run dh_makeshlibs for libldap2 - debian/slapd.dirs: added to create /var/lib/ldap and /var/spool/slurpd - debian/slapd.postinst: - properly remove temporary files on errors. Closes: #160412. - install init.d link if slapd.conf already exists. Closes: #159542. - run db_stop even if package isn't configured for the first time. This prevents hanging during upgrades. - added debian/slapd.default and use it from debian/slapd.init. Closes: #160964, #176832. - added debian/slapd.README.Debian - added versioned dependency on coreutils to make lintian quiet. - added debian/slapd.postrm - remove slapd.conf when package is purged - remove /var/lib/ldap when slapd/purge_database is true - remove /etc/ldap/schema if empty. Closes: #185173. - debian/templates: added slapd/purge_database template - build/top.mk: link against libcrypt before other SECURITY_LIBS - debian/libldap2.shlibs: tighten dependencies. Closes: #181168. * Stephen Frost - debian/control: added libltdl2-dev and libslp-dev to the build-depends - Correct typo for back-sql init routine; already in OpenLDAP upstream CVS - Correct free of SASL interact results; already in OpenLDAP upstream CVS - Duplicate the DN from SASL to ensure '\0' termination; already in OpenLDAP upstream CVS - debian/control: added Replaces: slapd (<< 2.1) for ldap-utils due to ldif.5 move. - Add modulepath /usr/lib/ldap to default slapd config - Add moduleload back_bdb to default slapd config - Changed libexecdir to ${prefix}/lib - Add usr/lib/ldap to slapd portion of move_files - Modified backend types to be built as modules for dynamic loading - Fixed pt_BR translation -- Roland Bauerschmidt Sat, 15 Mar 2003 21:35:24 +0100 openldap2 (2.0.27-3) unstable; urgency=high * [SECURITY]: Apply the patch used by SuSE in SuSE-SA:2002:047 (or rather the parts of it not yet included upstream). -- Torsten Landschoff Fri, 20 Dec 2002 04:47:15 +0100 openldap2 (2.0.27-2) unstable; urgency=low * debian/control: Make libldap2-dev depend on libssl-dev and libsasl-dev, since those libs are pulled via the libldap.la file (closes: #164791). * debian/control: Add shlibs:Depends to libldap2-tls as well. Most of those depends are pulled via libldap2 but of course libssl is not among those. (closes: #169950). * debian/libldap2-tls: Remove old divertions on "configure" and not on "upgrade" - the latter is not really called. -- Torsten Landschoff Fri, 22 Nov 2002 00:35:29 +0100 openldap2 (2.0.27-1) unstable; urgency=low * New upstream release. -- Torsten Landschoff Wed, 6 Nov 2002 01:12:06 +0100 openldap2 (2.0.23-14) unstable; urgency=low * debian/rules: Remove search paths from .la files using some perl trickery (closes: #110479). * debian/libldap2.README.debian: Document the NSS problem which stops /usr from being unmounted cleanly when using libnss-ldap (for more info see bug#159771). * Started cleaning up the maintainer scripts: - Remove creation of the /usr/doc symlinks (lintian). - Don't run ldconfig in prerm scripts (lintian). -- Torsten Landschoff Mon, 30 Sep 2002 12:10:05 +0200 openldap2 (2.0.23-13) unstable; urgency=low * As Ashley Clark found out the preinst of libldap-tls fails for a new install. My fault - I did not check that (removing ldap is cumbersome if you are using it... :) and the scripts were only checked without "set -e" in effect. + debian/libldap2-tls.preinst: Apply Ashley's patch (thanks a lot, Ashley. closes: #162123). + Coincidently the other installation scripts seem to be okay, the failing command is in the middle of a pipe and therefore ignored. -- Torsten Landschoff Tue, 24 Sep 2002 12:56:18 +0200 openldap2 (2.0.23-12) unstable; urgency=low * Apply the patch from upstream ITS#2012 to support MD5 hashes. Problem is that OpenSSL comes with its own version of the crypt() function which is linked in instead of the system's version from libcrypt. The patch changes the link order so that slapd takes the system's implementation. * debian/rules: Pass --enable-crypt-first to configure to enable the patch (closes: #160763). * Fix the diversion handling of libldap2-tls: - preinst: Only install diversions that are not there. - postrm: Remove this package's diversions. - postinst: Remove obsolete diversions after upgrade. - Removal of diversions is done in reverted order of the installation. * Enable DNSSRV support as requested by Turbo. No Kerberos for now, sorry. * debian/control: Updates Standards-Version to 3.5.7 and fix running of ldconfig in maintainer scripts. -- Torsten Landschoff Mon, 23 Sep 2002 12:18:40 +0200 openldap2 (2.0.23-11) unstable; urgency=low * debian/rules: Build with --with-tls (closes: #80591, #155937). * debian/control: + Add build dependency on libssl-dev. + Specify Roland Bauerschmidt as co maintainer. * Added the trickery to have libldap2 without TLS and libldap2-tls with the TLS stuff. Otherwise we have to change the base system, and god knows how long that would take. Most of the changes done by Roland Bauerschmidt. We now build the source two times - with and without ssl. We mostly use the ssl enabled stuff with the exception of a libldap2 package which does not have support for that. If you need TLS support you have to install libldap2-tls, which diverts the libraries from libldap2 out of the way and replaces them with the TLS enabled version. -- Torsten Landschoff Thu, 29 Aug 2002 13:35:39 +0200 openldap2 (2.0.23-10) unstable; urgency=low * debian/control: Build depend on libdb4.0-dev instead of libdb3-dev. This should fix the index corruption problems (closes: #152959). -- Torsten Landschoff Sun, 18 Aug 2002 19:47:02 +0200 openldap2 (2.0.23-9) unstable; urgency=low * debian/slapd.init: Wait for the daemons to actually terminate for the stop action (which is used for restart) and trap all errors (closes: #148033). * debian/rules: Build with -D_FILE_OFFSET_BITS=64 to support files bigger than 2GB on all architectures (closes: #155197). As off_t is about never used in the source that should not create any problems. * debian/control: Make libldap2-dev depend on libsasl-dev (closes: #135223, #96957). * doc/man/man1/ldapmodify.1: Fix typo (closes: #105905). * debian/rules: Create symlinks for some manpages (closes: #99547). * Fix spelling error in description of ldap-gateways (closes: #124859). * debian/copyright: Include the full content of the LICENSE file (closes: #151222). -- Torsten Landschoff Thu, 8 Aug 2002 15:54:46 +0200 openldap2 (2.0.23-8) unstable; urgency=low * New maintainer. * debian/control: Build-Conflict with libbind-dev to use the right resolver library everywhere (closes: #112459). Of course, the real solution must be to fix the configure script to not detect libbind-dev and use the right resolver all the time. But a work around is better than nothing I would say... -- Torsten Landschoff Wed, 7 Aug 2002 14:53:39 +0200 openldap2 (2.0.23-7) unstable; urgency=low * Add Brazilian translation for debconf templates. Closes: Bug#114021 * Fix hostless LDAP URLs, patch from Lamont Jones. Closes: Bug#140387 -- Wichert Akkerman Sat, 4 May 2002 20:05:32 +0200 openldap2 (2.0.23-6) unstable; urgency=high * Make slapd.config idempotent, so that calling it once (during preconfiguration) and again (during postinst) doesn't break things. Patch from Anthony Towns. Closes: Bug#137552). -- Wichert Akkerman Sun, 14 Apr 2002 19:10:50 +0200 openldap2 (2.0.23-5) unstable; urgency=high * Fix slurpd invocation in slapd.init. Closes: Bug#141959 * Ask for admin DN when using LDIF initialization as well. Lets hope this finally Closes: Bug#137552 * Merge German translation for debconf templates. Closes: Bug#141712 * Add Build-Depends on debconf-utils since we use debconf-mergetemplate * Remove bogus error from slapd.init. Closes: Bug#137718 -- Wichert Akkerman Tue, 9 Apr 2002 14:49:27 +0200 openldap2 (2.0.23-4) unstable; urgency=high * Only show already-configured note on initial installs. Closes: Bug#137100 * Supply -t option to slurpd when starting it, not when stopping it. Closes: Bug#136240 * Use db_input instead of db_get for notes in the slapd postinst. * Only fetch password from debconf when not using ldif initialization. Closes: Bug#138558,#137552 * Check if slapd.conf exists in slapd postinst. Closes: Bug#138136 -- Wichert Akkerman Sat, 6 Apr 2002 23:02:42 +0200 openldap2 (2.0.23-3) unstable; urgency=high * If can not get a password for the admin entry when installing slapd generate one randomly. Closes: Bug#134774 * Bump shlibs dependency to 2.0.23 -- Wichert Akkerman Thu, 21 Feb 2002 23:23:57 +0100 openldap2 (2.0.23-2) unstable; urgency=high * Create /var/spool/slurpd and tell slurpd to use that as temporary directory. Closes: Bug#134564 * Improve debconf prompts a bit. Closes: Bug#134945 * Properly set default value for domain * Clear crypted password from debconf after creating the LDAP directory -- Wichert Akkerman Sun, 17 Feb 2002 16:07:18 +0100 openldap2 (2.0.23-1) unstable; urgency=high * Upstream updated config.{guess,sub} so we are back to zero patches again. * Apply fix from Klaus Duscher for the missing password problem: the config script did not check if it was run twice without slapd.conf being generated in between and would abort with a missing password error. Closes: Bug#132566 * Change slapd priority for boot sequence to start earlier and stop later so people can use LDAP for NSS purposes. Closes: Bug#130277 -- Wichert Akkerman Sun, 17 Feb 2002 16:07:18 +0100 openldap2 (2.0.22-2) unstable; urgency=low * Update config.{guess,sub} again. Closes: Bug#131469 -- Wichert Akkerman Thu, 7 Feb 2002 22:33:01 +0100 openldap2 (2.0.22-1) unstable; urgency=low * New upstream version * Build properly as non-native package -- Wichert Akkerman Wed, 6 Feb 2002 00:17:20 +0100 openldap2 (2.0.21-3) unstable; urgency=high * Add logic to config and postinst to configure replication as well * Don't fail in slapd postinst if we can't stop slapd. Closes: Bug#131617 * Change localstatedir to /var/lib * Remove /var/lib/ldap when purging slapd * Don't remove user-supplied ldif file after creating the directory * Set default replogfile * Fix typo in severity for no_password note * Encrypt admin password and remove it from the debconf database -- Wichert Akkerman Thu, 31 Jan 2002 17:03:36 +0100 openldap2 (2.0.21-2) unstable; urgency=medium * Update config.{guess,sub} and forwarded upstream (ITS#1567). Closes: Bug#131469 * Remove -x from slapd postinst. Closes: Bug#131502 -- Wichert Akkerman Wed, 30 Jan 2002 10:53:45 +0100 openldap2 (2.0.21-1) unstable; urgency=high * New upstream version, * Update copyright * Update config.guess and config.sub * Redone packaging, no more dbs or debhelper * Drop all patches, they are either unnecessary or alternatives have been made upstream -- Wichert Akkerman Tue, 29 Jan 2002 17:04:10 +0100 openldap2 (2.0.14-1) unstable; urgency=high * New upstream version, which includes a billion second bug. Closes: Bug#111833 * Drop 005_libldbm_dbopen, upgrading the database in place no longer works with the new db-env code. * Redo 008_porting_maxpathlen -- Wichert Akkerman Sat, 15 Sep 2001 13:39:46 +0200 openldap2 (2.0.11-2) unstable; urgency=low * Test if /etc/init.d/slapd is executable when purging slapd. Closes: Bug#100938 * Update 008_porting_maxpathlen. Closes: Bug#100584 * Don't use four11 as referral example anymore. Closes: Bug#99998 * Fix synopsis of slapindex manpage. Added to 002_man_fixes. Closes: Bug#98805 * Removed stray backup file from 002_man_fixes -- Wichert Akkerman Tue, 19 Jun 2001 01:01:17 +0200 openldap2 (2.0.11-1) unstable; urgency=low * New upstream version * Add autoconf to Build-Depends. Closes: Bug#99440 * Fix new db upgrade patch. Closes: Bug#98853 -- Wichert Akkerman Sun, 3 Jun 2001 00:25:47 +0200 openldap2 (2.0.10-2) unstable; urgency=low * Tighten shlibs dependency to >= 2.0.1-1. Closes: Bug#98683 -- Wichert Akkerman Fri, 25 May 2001 16:32:35 +0200 openldap2 (2.0.10-1) unstable; urgency=low * New upstream version * New maintainer * Remove useless LINE_WIDTH bit from patch 000_clients * Patch 004_ssl_fix has been merged upstream, removed * Redo 005_db3_upgrade * Rediff all other patches -- Wichert Akkerman Thu, 24 May 2001 14:56:02 +0200 openldap2 (2.0.7-6) unstable; urgency=low * Make sure autoconf is run if configure.in is changed (for Hurd patch), closes: #96145 * Fix slapd.postinst in the case of using an ldif file, closes: #95600 * Use a var for slapd.conf in slapd init script. Partially fixes bug 91318. * Fixed hurd patch for strrchr in replog.c, closes: #93605 -- Ben Collins Mon, 7 May 2001 23:00:27 -0400 openldap2 (2.0.7-5) unstable; urgency=low * Fixed db3 upgrade code, closes: #92331, #92916 * m68k should compile fine with db3 now, closes: #90165 * Included provided patch for Hurd compilation, closes: #88079 -- Ben Collins Wed, 4 Apr 2001 17:46:47 -0400 openldap2 (2.0.7-4) unstable; urgency=low * slapd.conf is no longer a conffile, and not provided by the package. Instead, it is only generated. closes: #81359 * Fixed by previous upload, closes: #71852, #78950, #82491 * Actually install the netscape schema, closes: #90323 * Add comment to README.Debian about being compiled with libwrap, closes: #84954 * Provide example sasl config file, closes: #90855 * Conflict replace openldap-utils (ldap-utils), and libopenldap-dev (libldap2-dev), closes: #71471 * Revert to using some code to upgrade previous db's. Remove slapd's dep on db3-util, and remove postinst code that upgrades the db's. -- Ben Collins Sat, 24 Mar 2001 21:59:20 -0500 openldap2 (2.0.7-3) unstable; urgency=low * netscape-profile.schema: new schema for old roaming support * 004_ssl_fix.diff: Fix for SSL support (not compiled in, but some people use it). * slapd.config: FINALLY fix the "dc=" base bug. * Build-Depend on libdb3-dev now that it is available. * Now that we use db3, make sure we upgrade existing databases to the db3 format with db3_upgrade. -- Ben Collins Sun, 11 Mar 2001 23:36:34 -0500 openldap2 (2.0.7-2) unstable; urgency=low * slapd.postinst: fix debhelper wraper so it gets the right @argv, closes: #71854 * sendmail appears to be compiled against glibc2.2/libdb2 now, closes: #71602 * %strace ldapsearch cn=admin | & grep /etc | grep ldap open("/etc/ldap/ldap.conf", O_RDONLY) = 3 closes: #71716 * ldap_first_attribute.3: s/ber_free(3)/ber_free/. closes: #76719 * init.d/slapd: fix reference to pidfile, and also remove the pidfile after killing the daemon, closes: #77633, #77635 * Fix fgets buffer size thinko in slurpd. closes: #78003 * slapd.8: s/ldap.h/slapd.conf(5)/. closes: #80457 -- Ben Collins Sun, 31 Dec 2000 00:02:46 -0500 openldap2 (2.0.7-1) unstable; urgency=low * New upstream * Removed hack for shlibs now that dpkg 1.7 is available, added dpkg-dev 1.7.1 to build-depends. * start using DH_COMPAT=2 -- Ben Collins Fri, 10 Nov 2000 18:53:25 -0500 openldap2 (2.0.2-2) unstable; urgency=low * Recompile against libdb2/glibc 2.1.94/sasl -- Ben Collins Wed, 27 Sep 2000 11:31:59 -0400 openldap2 (2.0.2-1) unstable; urgency=low * New upstream version, includes some patches from me that fix some stability issues * debian/control:Build-Depends: change libwrap-dev to libwrap0-dev for clarity, closes: #71366 * debian/rules: make sure mail500 docs do not get installed under bogus subdirs, closes: #71473 * debian/README.build,debian/scripts/dbs-build.mk: Fix and document build system better, closes: #71584 * debian/local/slapd.conf: Setup default ACL's to work with openldap2 correctly, closes: #71127, #71131 * debian/README: document how to access OpenLDAP 1 servers via ldap-utils, closes: #71469 * debian/rules:CFLAGS: add -I/usr/include/db2 to make sure we get the right header, closes: #71470 * I cannot reproduce this. In debian/rules I have done exactly what is needed to keep it from happening, and sparc, i386 and powerpc builds do not show it, closes: #71472 -- Ben Collins Wed, 13 Sep 2000 22:32:35 -0400 openldap2 (2.0.1-2) unstable; urgency=low * Fixed up depend for libldap2 on itself -- Ben Collins Wed, 6 Sep 2000 13:24:06 -0400 openldap2 (2.0.1-1) unstable; urgency=low * New upstream version * Added libsasl-dev to build-deps, closes: #70923 -- Ben Collins Tue, 5 Sep 2000 06:49:05 -0400 openldap2 (2.0-1) unstable; urgency=low * Initial release of OpenLDAP 2 test code -- Ben Collins Tue, 29 Aug 2000 14:28:39 -0400