Ubuntu
openldap2.3 package

lp://staging/ubuntu/gutsy-security/openldap2.3

  1. Gutsy (7.10)
  2. gutsy-security
Created by James Westby and last modified
Get this branch:
bzr branch lp://staging/ubuntu/gutsy-security/openldap2.3
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Status:
Development

Recent revisions

9. By Kees Cook

* SECURITY UPDATE: denial of service via broken BER decoding.
* Added debian/patches/security-ber-decoding.patch: upstream fixes.
* References
  CVE-2008-2952

8. By Jamie Strandboge

* SECURITY UPDATE: slapd crash when using the bdb backend and processing
  crafted modrdn requests
* debian/patches/SECURITY_CVE-2008-0658.patch: patch to back-bdb/modrdn.c to
  properly check for NOOP option
* References:
  CVE-2008-0658
  LP: #197077

7. By Jamie Strandboge

* SECURITY UPDATE: slapd crash when processing crafted modify requests
* debian/patches/SECURITY_CVE-2007-5707.patch: properly reset slap_mod_list
  when normalization fails in servers/slapd/modify.c
* SECURITY UPDATE: crash in slapd when running as a proxy-caching server
  using slapo-pcache
* debian/patches/SECURITY_CVE-2007-5708.patch: properly terminate array in
  servers/slapd/overlays/pcache.c
* References
  CVE-2007-5707
  CVE-2007-5708
  Fixes LP #162162
* Modify Maintainer value to match the DebianMaintainerField
  specification.

6. By Russ Allbery

* New upstream release with many bug fixes.
  - Allow syncprov to follow aliases. (Closes: #422087)
* Apply upstream patches:
  - ITS#4924: client crash on incorrectly tagged result from server.
  - ITS#4925: NOOP modify with BDB backend crashed slapd.
  - ITS#4966: Delete of valsort-controlled entries crashed slapd.
* Enable SLAPI support. (Closes: #390954)
* Re-enable use of the epoll system call since Debian no longer supports
  2.4 kernels. This means that the OpenLDAP packages will not work on
  pre-2.6 kernels.
* Remove schema files that contain text from IETF RFCs from the upstream
  source since that text is not DFSG-free. Instead, install stripped
  versions of those schema files containing only the functional
  interface specifications, a comment explaining why this is needed, and
  a pointer to the relevant RFC. (Closes: #361846)
* Document the repackaging of the upstream source in debian/copyright.
* Update config.guess and config.sub during the build instead of in the
  clean target and remove them in the clean target for a clean diff.
  Build-depend on autotools-dev so that we can unconditionally copy over
  the latest versions.
* Added commentary and upstream ITS numbers for several patches
  applicable upstream.
* Use debian/compat rather than the deprecated DH_COMPAT rules setting.
* Update to debhelper compatibility level V5 (no changes required).

5. By Russ Allbery

[ Steve Langasek ]
* Add Portuguese debconf translation; thanks to Tiago Fernandes.
  Closes: #409632.
* Re-add .la files to the slapd package, for greater compatibility
  with upstream documentation.

[ Russ Allbery ]
* When starting slapd, create a symlink from /var/run/ldapi to
  /var/run/slapd/ldapi for compatibility with 2.1 client libraries.
  Closes: #385809.
* Apply upstream patch to prevent a race condition in slapd when
  shutting down connections.
* Update the Brazilian Portuguese debconf translation; thanks to Felipe
  Augusto van de Wiel.

4. By Matthijs Mohlmann

Make sure that the pidfile directory doesn't exist in the init script.
(Closes: #402705)

3. By Matthijs Mohlmann

* New upstream release.
  - Fixed authzTo/authzFrom URL matching.
  - Fixed syncrepl consumer memory leaks.
  - Fixed slapd-hdb livelock.
  - Fixed slapo-ppolicy external quality check.
  - Fixed ldapsearch(1) man page acknowledgement.
* Added patch to make sure that the pidfile directory exists.
  (Closes: #390337)
* Do not ask the question allow ldap v2 logins when user wants manual
  configuration. (Closes: #401003)
* Add patch to look also in /etc/ldap/sasl2 for sasl configuration.
  (Closes: #398657)
* Removed db4.2-util recommend, the slapd binary includes checking code to
  fix DB errors.
* Updated README in schema directory. It doesn't list collective.schema
  anymore. (Closes: #287358)
* Updated manpages to point to right paths. (Closes: #398790)

2. By Matthijs Mohlmann

[ Matthijs Mohlmann ]
* New upstream release.
  - Fixes Denial of Service through a certain combination of LDAP BIND
    requests (CVE-2006-5779) (Closes: #397673)
* LSB section added to the init script.
* Updated README.Debian about running as non-root user (Closes: #389369)
* Updated de translation (Closes: #396096)
* Added some documentation / warning when running slapindex as root.
* Remove drafts and rfc from the tarball. (Closes: #393404)

1. By Matthijs Mohlmann

Import upstream version 2.3.29

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
This branch contains Public information 
Everyone can see this information.

Subscribers