lp://staging/ubuntu/precise-security/openldap

Created by Ubuntu Package Importer and last modified
Get this branch:
bzr branch lp://staging/ubuntu/precise-security/openldap
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

51. By Felipe Reyes

* SECURITY UPDATE: denial of service via an LDAP search query
  with attrsOnly set to true. (LP: #1446809)
  - debian/patches/CVE-2012-1164.1.patch: don't leave empty slots in
    normalized attr values
  - debian/patches/CVE-2012-1164.2.patch: add FIXME comment, note that
    current patch is not ideal
  - debian/patches/CVE-2012-1164.3.patch: fix attr_dup2 when no values are
    present (attrsOnly = TRUE)
  - CVE-2012-1164
* SECURITY UPDATE: fix rwm overlay reference counting
  - debian/patches/CVE-2013-4449.patch: fix reference counting
  - CVE-2013-4449
* SECURITY UPDATE: fix NULL pointer dereference in deref_parseCtrl()
  - debian/patches/CVE-2015-1545.patch: require non-empty AttributeList
  - CVE-2015-1545

50. By Jamie Strandboge

debian/control: Build-Depends on dh-apparmor (LP: #948481)

49. By Timo Aaltonen

Add its-7176-only-poll-sockets-for-write-as-needed.diff
(LP: #932823).

48. By Daniel T Chen

Remove debian/patches/CVE-2011-4079; it's already in this upstream
version. Fixes FTBFS.

47. By Chuck Short

* Merge from Debian testing. Remaining changes:
  - Install a default DIT (LP: #442498).
  - Document cn=config in README file (LP: #370784).
  - remaining changes:
    + AppArmor support:
      - debian/apparmor-profile: add AppArmor profile
      - use dh_apparmor:
        - debian/rules: use dh_apparmor
        - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
      - updated debian/slapd.README.Debian for note on AppArmor
      - debian/slapd.dirs: add etc/apparmor.d/force-complain
    + Enable GSSAPI support (LP: #495418):
      - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
        - Add --with-gssapi support
        - Make guess_service_principal() more robust when determining
          principal
      - debian/patches/series: apply gssapi.diff patch.
      - debian/configure.options: Configure with --with-gssapi
      - debian/control: Added libkrb5-dev as a build depend
    + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
      in the openldap library, as required by Likewise-Open (LP: #390579)
   + Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
      - debian/control:
        - remove build-dependency on heimdal-dev.
        - remove slapd-smbk5pwd binary package.
      - debian/rules: don't build smbk5pwd slapd module.
    + debian/{control,rules}: enable PIE hardening
    + ufw support (LP: #423246):
      - debian/control: suggest ufw.
      - debian/rules: install ufw profile.
      - debian/slapd.ufw.profile: add ufw profile.
    + Enable nssoverlay:
      - debian/patches/nssov-build, debian/series, debian/rules:
        Apply, build and package the nss overlay.
      - debian/schema/extra/misc.ldif: add ldif file for the misc schema
        which defines rfc822MailMember (required by the nss overlay).
    + debian/rules, debian/schema/extra/:
      Fix configure rule to supports extra schemas shipped as part
      of the debian/schema/ directory.
    + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
    + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
     neither the default DIT nor via an Authn mapping.
    + debian/slapd.scripts-common: adjust minimum version that triggers a
      database upgrade. Upgrade from maverick shouldn't trigger database
      upgrade (which would happen with the version used in Debian).
    + debian/slapd.scripts-common: add slapcat_opts to local variables.
      Remove unused variable new_conf.
    + debian/slapd.script-common: Fix package reconfiguration.
      - Fix backup directory naming for multiple reconfiguration.
    + debian/slapd.default, debian/slapd.README.Debian:
      use the new configuration style.
    + Install nss overlay (LP: #675391):
      - debian/rules: run install target for nssov module.
      - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema
    + debian/patches/gssapi.diff:
      - Update patch so that likewise-open is usuable again. (LP: #661547)
    + debian/patches/service-operational-before-detach: New patch replacing old one
      of the same name as previous could cause database corruption based on upstream commits.
      (LP: #727973)
    + debian/patches/CVE-2011-4079: fix off by one error in postalAddressNormalize()
      (CVE-2011-4079)

46. By Chuck Short

* Merge from Debian testing. Remaining changes:
  - Install a default DIT (LP: #442498).
  - Document cn=config in README file (LP: #370784).
  - remaining changes:
    + AppArmor support:
      - debian/apparmor-profile: add AppArmor profile
      - use dh_apparmor:
        - debian/rules: use dh_apparmor
        - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
      - updated debian/slapd.README.Debian for note on AppArmor
      - debian/slapd.dirs: add etc/apparmor.d/force-complain
    + Enable GSSAPI support (LP: #495418):
      - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
        - Add --with-gssapi support
        - Make guess_service_principal() more robust when determining
          principal
      - debian/patches/series: apply gssapi.diff patch.
      - debian/configure.options: Configure with --with-gssapi
      - debian/control: Added libkrb5-dev as a build depend
    + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
      in the openldap library, as required by Likewise-Open (LP: #390579)
   + Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
      - debian/control:
        - remove build-dependency on heimdal-dev.
        - remove slapd-smbk5pwd binary package.
      - debian/rules: don't build smbk5pwd slapd module.
    + debian/{control,rules}: enable PIE hardening
    + ufw support (LP: #423246):
      - debian/control: suggest ufw.
      - debian/rules: install ufw profile.
      - debian/slapd.ufw.profile: add ufw profile.
    + Enable nssoverlay:
      - debian/patches/nssov-build, debian/series, debian/rules:
        Apply, build and package the nss overlay.
      - debian/schema/extra/misc.ldif: add ldif file for the misc schema
        which defines rfc822MailMember (required by the nss overlay).
    + debian/rules, debian/schema/extra/:
      Fix configure rule to supports extra schemas shipped as part
      of the debian/schema/ directory.
    + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
    + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
     neither the default DIT nor via an Authn mapping.
    + debian/slapd.scripts-common: adjust minimum version that triggers a
      database upgrade. Upgrade from maverick shouldn't trigger database
      upgrade (which would happen with the version used in Debian).
    + debian/slapd.scripts-common: add slapcat_opts to local variables.
      Remove unused variable new_conf.
    + debian/slapd.script-common: Fix package reconfiguration.
      - Fix backup directory naming for multiple reconfiguration.
    + debian/slapd.default, debian/slapd.README.Debian:
      use the new configuration style.
    + Install nss overlay (LP: #675391):
      - debian/rules: run install target for nssov module.
      - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema
    + debian/patches/gssapi.diff:
      - Update patch so that likewise-open is usuable again. (LP: #661547)
    + debian/patches/service-operational-before-detach: New patch replacing old one
      of the same name as previous could cause database corruption based on upstream commits.
      (LP: #727973)
    + debian/patches/CVE-2011-4079: fix off by one error in postalAddressNormalize()
      (CVE-2011-4079)

45. By Colin Watson

Rebuild for Perl 5.14.

44. By Jamie Strandboge

* SECURITY UPDATE: potential denial of service (LP: #884163)
  - debian/patches/CVE-2011-4079: fix off by one error in
    postalAddressNormalize()
  - CVE-2011-4079

43. By Chuck Short

* Merge from debian unstable. Remaining changes:
  - Install a default DIT (LP: #442498).
  - Document cn=config in README file (LP: #370784).
  - remaining changes:
    + AppArmor support:
      - debian/apparmor-profile: add AppArmor profile
      - use dh_apparmor:
        - debian/rules: use dh_apparmor
        - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
      - updated debian/slapd.README.Debian for note on AppArmor
      - debian/slapd.dirs: add etc/apparmor.d/force-complain
    + Enable GSSAPI support (LP: #495418):
      - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
        - Add --with-gssapi support
        - Make guess_service_principal() more robust when determining
          principal
      - debian/patches/series: apply gssapi.diff patch.
      - debian/configure.options: Configure with --with-gssapi
      - debian/control: Added libkrb5-dev as a build depend
    + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
      in the openldap library, as required by Likewise-Open (LP: #390579)
   + Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
      - debian/control:
        - remove build-dependency on heimdal-dev.
        - remove slapd-smbk5pwd binary package.
      - debian/rules: don't build smbk5pwd slapd module.
    + debian/{control,rules}: enable PIE hardening
    + ufw support (LP: #423246):
      - debian/control: suggest ufw.
      - debian/rules: install ufw profile.
      - debian/slapd.ufw.profile: add ufw profile.
    + Enable nssoverlay:
      - debian/patches/nssov-build, debian/series, debian/rules:
        Apply, build and package the nss overlay.
      - debian/schema/extra/misc.ldif: add ldif file for the misc schema
        which defines rfc822MailMember (required by the nss overlay).
    + debian/rules, debian/schema/extra/:
      Fix configure rule to supports extra schemas shipped as part
      of the debian/schema/ directory.
    + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
    + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in
     neither the default DIT nor via an Authn mapping.
    + debian/slapd.scripts-common: adjust minimum version that triggers a
      database upgrade. Upgrade from maverick shouldn't trigger database
      upgrade (which would happen with the version used in Debian).
    + debian/slapd.scripts-common: add slapcat_opts to local variables.
      Remove unused variable new_conf.
    + debian/slapd.script-common: Fix package reconfiguration.
      - Fix backup directory naming for multiple reconfiguration.
    + debian/slapd.default, debian/slapd.README.Debian:
      use the new configuration style.
    + Install nss overlay (LP: #675391):
      - debian/rules: run install target for nssov module.
      - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema
    + debian/patches/gssapi.diff:
      - Update patch so that likewise-open is usuable again. (LP: #661547)
    + debian/patches/service-operational-before-detach: New patch replacing old one
      of the same name as previous could cause database corruption based on upstream commits.
      (LP: #727973)

42. By Steve Langasek

Brown paper bag: really fix the .links.in handling, so we don't generate
broken /usr/lib/${DEB_HOST_MULTIARCH} dirs.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp://staging/ubuntu/wily/openldap
This branch contains Public information 
Everyone can see this information.

Subscribers