lp://staging/ubuntu/precise-security/openldap
- Get this branch:
- bzr branch lp://staging/ubuntu/precise-security/openldap
Branch merges
Branch information
Recent revisions
- 51. By Felipe Reyes
-
* SECURITY UPDATE: denial of service via an LDAP search query
with attrsOnly set to true. (LP: #1446809)
- debian/patches/ CVE-2012- 1164.1. patch: don't leave empty slots in
normalized attr values
- debian/patches/ CVE-2012- 1164.2. patch: add FIXME comment, note that
current patch is not ideal
- debian/patches/ CVE-2012- 1164.3. patch: fix attr_dup2 when no values are
present (attrsOnly = TRUE)
- CVE-2012-1164
* SECURITY UPDATE: fix rwm overlay reference counting
- debian/patches/ CVE-2013- 4449.patch: fix reference counting
- CVE-2013-4449
* SECURITY UPDATE: fix NULL pointer dereference in deref_parseCtrl()
- debian/patches/ CVE-2015- 1545.patch: require non-empty AttributeList
- CVE-2015-1545 - 48. By Daniel T Chen
-
Remove debian/
patches/ CVE-2011- 4079; it's already in this upstream
version. Fixes FTBFS. - 47. By Chuck Short
-
* Merge from Debian testing. Remaining changes:
- Install a default DIT (LP: #442498).
- Document cn=config in README file (LP: #370784).
- remaining changes:
+ AppArmor support:
- debian/apparmor- profile: add AppArmor profile
- use dh_apparmor:
- debian/rules: use dh_apparmor
- debian/control: Build-Depends on debhelper 7.4.20ubuntu5
- updated debian/slapd.README. Debian for note on AppArmor
- debian/slapd.dirs: add etc/apparmor.d/force- complain
+ Enable GSSAPI support (LP: #495418):
- debian/patches/ gssapi. diff, thanks to Jerry Carter (Likewise):
- Add --with-gssapi support
- Make guess_service_principal( ) more robust when determining
principal
- debian/patches/ series: apply gssapi.diff patch.
- debian/configure. options: Configure with --with-gssapi
- debian/control: Added libkrb5-dev as a build depend
+ debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
in the openldap library, as required by Likewise-Open (LP: #390579)
+ Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
- debian/control:
- remove build-dependency on heimdal-dev.
- remove slapd-smbk5pwd binary package.
- debian/rules: don't build smbk5pwd slapd module.
+ debian/{control, rules}: enable PIE hardening
+ ufw support (LP: #423246):
- debian/control: suggest ufw.
- debian/rules: install ufw profile.
- debian/slapd.ufw. profile: add ufw profile.
+ Enable nssoverlay:
- debian/patches/ nssov-build, debian/series, debian/rules:
Apply, build and package the nss overlay.
- debian/schema/ extra/misc. ldif: add ldif file for the misc schema
which defines rfc822MailMember (required by the nss overlay).
+ debian/rules, debian/schema/ extra/:
Fix configure rule to supports extra schemas shipped as part
of the debian/schema/ directory.
+ debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
+ debian/slapd.init. ldif: don't set olcRootDN since it's not defined in
neither the default DIT nor via an Authn mapping.
+ debian/slapd.scripts- common: adjust minimum version that triggers a
database upgrade. Upgrade from maverick shouldn't trigger database
upgrade (which would happen with the version used in Debian).
+ debian/slapd.scripts- common: add slapcat_opts to local variables.
Remove unused variable new_conf.
+ debian/slapd.script- common: Fix package reconfiguration.
- Fix backup directory naming for multiple reconfiguration.
+ debian/slapd.default, debian/ slapd.README. Debian:
use the new configuration style.
+ Install nss overlay (LP: #675391):
- debian/rules: run install target for nssov module.
- debian/patches/ nssov-build: fix patch to install schema in /etc/ldap/schema
+ debian/patches/ gssapi. diff:
- Update patch so that likewise-open is usuable again. (LP: #661547)
+ debian/patches/ service- operational- before- detach: New patch replacing old one
of the same name as previous could cause database corruption based on upstream commits.
(LP: #727973)
+ debian/patches/ CVE-2011- 4079: fix off by one error in postalAddressNo rmalize( )
(CVE-2011- 4079) - 46. By Chuck Short
-
* Merge from Debian testing. Remaining changes:
- Install a default DIT (LP: #442498).
- Document cn=config in README file (LP: #370784).
- remaining changes:
+ AppArmor support:
- debian/apparmor- profile: add AppArmor profile
- use dh_apparmor:
- debian/rules: use dh_apparmor
- debian/control: Build-Depends on debhelper 7.4.20ubuntu5
- updated debian/slapd.README. Debian for note on AppArmor
- debian/slapd.dirs: add etc/apparmor.d/force- complain
+ Enable GSSAPI support (LP: #495418):
- debian/patches/ gssapi. diff, thanks to Jerry Carter (Likewise):
- Add --with-gssapi support
- Make guess_service_principal( ) more robust when determining
principal
- debian/patches/ series: apply gssapi.diff patch.
- debian/configure. options: Configure with --with-gssapi
- debian/control: Added libkrb5-dev as a build depend
+ debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
in the openldap library, as required by Likewise-Open (LP: #390579)
+ Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
- debian/control:
- remove build-dependency on heimdal-dev.
- remove slapd-smbk5pwd binary package.
- debian/rules: don't build smbk5pwd slapd module.
+ debian/{control, rules}: enable PIE hardening
+ ufw support (LP: #423246):
- debian/control: suggest ufw.
- debian/rules: install ufw profile.
- debian/slapd.ufw. profile: add ufw profile.
+ Enable nssoverlay:
- debian/patches/ nssov-build, debian/series, debian/rules:
Apply, build and package the nss overlay.
- debian/schema/ extra/misc. ldif: add ldif file for the misc schema
which defines rfc822MailMember (required by the nss overlay).
+ debian/rules, debian/schema/ extra/:
Fix configure rule to supports extra schemas shipped as part
of the debian/schema/ directory.
+ debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
+ debian/slapd.init. ldif: don't set olcRootDN since it's not defined in
neither the default DIT nor via an Authn mapping.
+ debian/slapd.scripts- common: adjust minimum version that triggers a
database upgrade. Upgrade from maverick shouldn't trigger database
upgrade (which would happen with the version used in Debian).
+ debian/slapd.scripts- common: add slapcat_opts to local variables.
Remove unused variable new_conf.
+ debian/slapd.script- common: Fix package reconfiguration.
- Fix backup directory naming for multiple reconfiguration.
+ debian/slapd.default, debian/ slapd.README. Debian:
use the new configuration style.
+ Install nss overlay (LP: #675391):
- debian/rules: run install target for nssov module.
- debian/patches/ nssov-build: fix patch to install schema in /etc/ldap/schema
+ debian/patches/ gssapi. diff:
- Update patch so that likewise-open is usuable again. (LP: #661547)
+ debian/patches/ service- operational- before- detach: New patch replacing old one
of the same name as previous could cause database corruption based on upstream commits.
(LP: #727973)
+ debian/patches/ CVE-2011- 4079: fix off by one error in postalAddressNo rmalize( )
(CVE-2011- 4079) - 44. By Jamie Strandboge
-
* SECURITY UPDATE: potential denial of service (LP: #884163)
- debian/patches/ CVE-2011- 4079: fix off by one error in
postalAddressNormalize( )
- CVE-2011-4079 - 43. By Chuck Short
-
* Merge from debian unstable. Remaining changes:
- Install a default DIT (LP: #442498).
- Document cn=config in README file (LP: #370784).
- remaining changes:
+ AppArmor support:
- debian/apparmor- profile: add AppArmor profile
- use dh_apparmor:
- debian/rules: use dh_apparmor
- debian/control: Build-Depends on debhelper 7.4.20ubuntu5
- updated debian/slapd.README. Debian for note on AppArmor
- debian/slapd.dirs: add etc/apparmor.d/force- complain
+ Enable GSSAPI support (LP: #495418):
- debian/patches/ gssapi. diff, thanks to Jerry Carter (Likewise):
- Add --with-gssapi support
- Make guess_service_principal( ) more robust when determining
principal
- debian/patches/ series: apply gssapi.diff patch.
- debian/configure. options: Configure with --with-gssapi
- debian/control: Added libkrb5-dev as a build depend
+ debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
in the openldap library, as required by Likewise-Open (LP: #390579)
+ Don't build smbk5pwd overlay since it uses heimdal instead of krb5:
- debian/control:
- remove build-dependency on heimdal-dev.
- remove slapd-smbk5pwd binary package.
- debian/rules: don't build smbk5pwd slapd module.
+ debian/{control, rules}: enable PIE hardening
+ ufw support (LP: #423246):
- debian/control: suggest ufw.
- debian/rules: install ufw profile.
- debian/slapd.ufw. profile: add ufw profile.
+ Enable nssoverlay:
- debian/patches/ nssov-build, debian/series, debian/rules:
Apply, build and package the nss overlay.
- debian/schema/ extra/misc. ldif: add ldif file for the misc schema
which defines rfc822MailMember (required by the nss overlay).
+ debian/rules, debian/schema/ extra/:
Fix configure rule to supports extra schemas shipped as part
of the debian/schema/ directory.
+ debian/rules, debian/slapd.py: Add apport hook. (LP: #610544)
+ debian/slapd.init. ldif: don't set olcRootDN since it's not defined in
neither the default DIT nor via an Authn mapping.
+ debian/slapd.scripts- common: adjust minimum version that triggers a
database upgrade. Upgrade from maverick shouldn't trigger database
upgrade (which would happen with the version used in Debian).
+ debian/slapd.scripts- common: add slapcat_opts to local variables.
Remove unused variable new_conf.
+ debian/slapd.script- common: Fix package reconfiguration.
- Fix backup directory naming for multiple reconfiguration.
+ debian/slapd.default, debian/ slapd.README. Debian:
use the new configuration style.
+ Install nss overlay (LP: #675391):
- debian/rules: run install target for nssov module.
- debian/patches/ nssov-build: fix patch to install schema in /etc/ldap/schema
+ debian/patches/ gssapi. diff:
- Update patch so that likewise-open is usuable again. (LP: #661547)
+ debian/patches/ service- operational- before- detach: New patch replacing old one
of the same name as previous could cause database corruption based on upstream commits.
(LP: #727973) - 42. By Steve Langasek
-
Brown paper bag: really fix the .links.in handling, so we don't generate
broken /usr/lib/${DEB_HOST_ MULTIARCH} dirs.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp://staging/ubuntu/wily/openldap