Ubuntu
openldap2.3 package

lp://staging/ubuntu/intrepid/openldap2.3

  1. Intrepid (8.10)
  2. intrepid
Created by James Westby and last modified
Get this branch:
bzr branch lp://staging/ubuntu/intrepid/openldap2.3
Members of Ubuntu branches can upload to this branch. Log in for directions.

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Status:
Mature

Recent revisions

21. By Mathias Gug

* Merge from debian unstable, remaining changes:
  - debian/apparmor-profile: add AppArmor profile
  - debian/slapd.postinst: Reload AA profile on configuration
  - updated debian/slapd.README.Debian for note on AppArmor
  - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
  - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
    to make sure that if earlier version of apparmour-profiles gets
    installed it won't overwrite our profile.
  - Modify Maintainer value to match the DebianMaintainerField
    speficication.
  - follow ApparmorProfileMigration and force apparmor compalin mode on
    some upgrades (LP: #203529)
  - debian/slapd.dirs: add etc/apparmor.d/force-complain
  - debian/slapd.preinst: create symlink for force-complain on pre-feisty
    upgrades, upgrades where apparmor-profiles profile is unchanged (ie
    non-enforcing) and upgrades where apparmor profile does not exist.
  - debian/slapd.postrm: remove symlink in force-complain/ on purge
  - debian/patches/fix-ucred-libc due to changes how newer glibc handle
    the ucred struct now.
  - debian/patches/fix-unique-overlay-assertion.patch:
    Fix another assertion error in unique overlay (LP: #243337).
    Backport from head.
* debian/control:
  - add time as build dependency: needed by make test.
* debian/rules:
  - support debuild nocheck option: don't run tests if nocheck is set.
* debian/patches/fix-gnutls-key-strength.patch:
  - fix slapd handling of ssf using gnutls. (LP: #244925).
* Dropped - accepted in Debian:
  - debian/rules, debian/slapd.links: use hard links to slapd instead of
    symlinks for slap* so these applications aren't confined by apparmor
    (LP: #203898)
* Dropped - fixed in new upstream release:
  - debian/patches/fix-assertion-io.patch: Fixes ber_flush2 assertion.
    (LP: #215904)
  - debian/patches/fix-dnpretty-assertion.patch: Fix dnPrettyNormal assertion
    error. (LP: #234196)
  - dropped debian/patches/fix-notify-crasher.patch: Fix modify timestamp crashes.
    (LP: #220724)
  - debian/patches/fix-syncrepl-oops: Fixes segmentation fault when using
    syncrepl. (LP: #227178)
  - dropped debian/patches/SECURITY_CVE-2008-0658.patch. Already applied
    upstream.

20. By Chuck Short

* debian/patches/fix-unique-overlay-assertion.patch:
  - Fix another assertion error in unique overlay, backported from head.
    (LP: #243337) Note: This patch will still be needed when moved to 2.4.10

19. By Chuck Short

Drop spurious dependency on hiemdal-dev. Caused by an aborted attempt to
include the smbk5pwd overlay.

18. By Chuck Short

* Rebuild for perl 5.10 transition (LP: #230016)
* debian/patches/fix-syncrepl-oops: Fixes segmentation fault when using
  syncrepl. (LP: #227178)

17. By Chuck Short

* Merge from debian unstable, remaining changes:
  - debian/apparmor-profile: add AppArmor profile
  - debian/slapd.postinst: Reload AA profile on configuration
  - updated debian/slapd.README.Debian for note on AppArmor
  - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
  - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
    to make sure that if earlier version of apparmour-profiles gets
    installed it won't overwrite our profile.
  - Modify Maintainer value to match the DebianMaintainerField
    speficication.
  - follow ApparmorProfileMigration and force apparmor compalin mode on
    some upgrades (LP: #203529)
  - debian/slapd.dirs: add etc/apparmor.d/force-complain
  - debian/slapd.preinst: create symlink for force-complain on pre-feisty
    upgrades, upgrades where apparmor-profiles profile is unchanged (ie
    non-enforcing) and upgrades where apparmor profile does not exist.
  - debian/slapd.postrm: remove symlink in force-complain/ on purge
  - debian/rules, debian/slapd.links: use hard links to slapd instead of
    symlinks for slap* so these applications aren't confined by apparmor
    (LP: #203898)
  - debian/patches/fix-assertion-io.patch: Fixes ber_flush2 assertion.
    (LP: #215904)
  - debian/patches/fix-dnpretty-assertion.patch: Fix dnPrettyNormal assertion
    error. (LP: #234196)
  - dropped debian/patches/fix-notify-crasher.patch: Fix modify timestamp crashes.
    (LP: #220724)
  - dropped debian/patches/SECURITY_CVE-2008-0658.patch. Already applied
    upstream.
 * Added debian/patches/fix-ucred-libc due to changes how newer glibc handle
   the ucred struct now.

16. By Jamie Strandboge

remove apparmor-profile workaround for Launchpad #202161 (it's now fixed
in klibc)

15. By Jamie Strandboge

* apparmor-profile workaround for Launchpad #202161
* follow ApparmorProfileMigration and force apparmor complain mode on some
  upgrades (LP: #203529)
  - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
  - debian/slapd.dirs: add etc/apparmor.d/force-complain
  - debian/slapd.preinst: create symlink for force-complain/ on pre-feisty
    upgrades, upgrades where apparmor-profiles profile is unchanged (ie
    non-enforcing) and upgrades where apparmor profile does not exist
  - debian/slapd.postrm: remove symlink in force-complain/ on purge
* debian/rules, debian/slapd.links: use hard links to slapd instead of
  symlinks for slap* so these applications aren't confined by apparmor
  (LP: #203898)

14. By Steve Langasek

* Merge from Debian unstable, remaining changes:
  + debian/patches/SECURITY_CVE-2008-0658.patch (LP: #197077)
    slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39
    allows remote authenticated users to cause a denial of service (daemon
    crash) via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION)
    control, a related issue to CVE-2007-6698.
  + debian/apparmor-profile: add AppArmor profile
  + debian/slapd.postinst: Reload AA profile on configuration
  + updated debian/slapd.README.Debian for note on AppArmor
  + debian/control: Replaces apparmor-profiles << 2.1+1075-0ubuntu4 as we
    should now take control
  + debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
    to make sure that if earlier version of apparmor-profiles gets
    installed it won't overwrite our profile
  + Modify Maintainer value to match the DebianMaintainerField
    specification.

13. By Emanuele Gentili

* SECURITY UPDATE:
 + debian/patches/SECURITY_CVE-2008-0658.patch (LP: #197077)
   slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39
   allows remote authenticated users to cause a denial of service (daemon crash)
   via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION) control, a related
   issue to CVE-2007-6698.

* References
 - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-0658
 - http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5358

12. By Jamie Strandboge

* add AppArmor profile
  + debian/apparmor-profile
  + debian/slapd.postinst: Reload AA profile on configuration
* updated debian/slapd.README.Debian for note on AppArmor
* debian/control: Replaces apparmor-profiles << 2.1+1075-0ubuntu4 as we
  should now take control
* debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
  to make sure that if earlier version of apparmor-profiles gets installed
  it won't overwrite our profile
* Modify Maintainer value to match the DebianMaintainerField
  specification.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
This branch contains Public information 
Everyone can see this information.

Subscribers