[ubuntu/hirsute-proposed] openldap 2.4.57+dfsg-2ubuntu1 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Thu Feb 18 19:16:13 UTC 2021
openldap (2.4.57+dfsg-2ubuntu1) hirsute; urgency=medium
* Merge with Debian unstable. Remaining changes:
- Enable AppArmor support:
+ d/apparmor-profile: add AppArmor profile
+ d/rules: use dh_apparmor
+ d/control: Build-Depends on dh-apparmor
+ d/slapd.README.Debian: add note about AppArmor
- Enable GSSAPI support (first added in 2.4.18-0ubuntu2):
+ d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
- Add --with-gssapi support
- Make guess_service_principal() more robust when determining
principal
+ d/configure.options: Configure with --with-gssapi
+ d/control: Added heimdal-dev as a build depend
+ d/rules:
- Explicitly add -I/usr/include/heimdal to CFLAGS.
- Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
+ d/libldap-2.4-2.symbols: add symbols for GSSAPI support
This should be dropped when the soname changes.
- Enable ufw support:
+ d/control: suggest ufw.
+ d/rules: install ufw profile.
+ d/slapd.ufw.profile: add ufw profile.
- Enable nss overlay:
+ d/rules:
- add nssov to CONTRIB_MODULES
- add sysconfdir to CONTRIB_MAKEVARS
+ d/slapd.install: install nssov overlay
+ d/slapd.manpages: install slapo-nssov(5) man page
+ d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
Debian bug #919136, we also have to patch the nssov makefile
accordingly and thus update this patch.
- d/{rules,slapd.py}: Add apport hook.
- Add support for CLDAP (UDP) support, back then required by
likewise-open (first enabled in 2.4.17-1ubuntu2):
+ d/rules: Enable -DLDAP_CONNECTIONLESS
+ d/libldap-2.4-2.symbols: add symbols for CLDAP (UDP)
This should be dropped when the soname changes.
- debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because
of test timing issue.
- d/rules: better regexp to match the Maintainer tag in d/control,
needed in the Ubuntu case because of XSBC-Original-Maintainer
(Closes #960448, LP #1875697)
openldap (2.4.57+dfsg-2) unstable; urgency=medium
* Fix slapd assertion failure in Certificate List Exact Assertion validation
(ITS#9454) (CVE-2021-27212)
openldap (2.4.57+dfsg-1) unstable; urgency=medium
* New upstream release.
- Fixed slapd crashes in Certificate Exact Assertion processing
(ITS#9404, ITS#9424) (CVE-2020-36221)
- Fixed slapd assertion failures in saslAuthzTo validation
(ITS#9406, ITS#9407) (CVE-2020-36222)
- Fixed slapd crash in Values Return Filter control handling
(ITS#9408) (CVE-2020-36223)
- Fixed slapd crashes in saslAuthzTo processing
(ITS#9409, ITS#9412, ITS#9413)
(CVE-2020-36224, CVE-2020-36225, CVE-2020-36226)
- Fixed slapd assertion failure in X.509 DN parsing
(ITS#9423) (CVE-2020-36230)
- Fixed slapd crash in X.509 DN parsing (ITS#9425) (CVE-2020-36229)
- Fixed slapd crash in Certificate List Exact Assertion processing
(ITS#9427) (CVE-2020-36228)
- Fixed slapd infinite loop with Cancel operation
(ITS#9428) (CVE-2020-36227)
Date: Thu, 18 Feb 2021 10:15:38 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/openldap/2.4.57+dfsg-2ubuntu1
-------------- next part --------------
Format: 1.8
Date: Thu, 18 Feb 2021 10:15:38 -0500
Source: openldap
Architecture: source
Version: 2.4.57+dfsg-2ubuntu1
Distribution: hirsute
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
openldap (2.4.57+dfsg-2ubuntu1) hirsute; urgency=medium
.
* Merge with Debian unstable. Remaining changes:
- Enable AppArmor support:
+ d/apparmor-profile: add AppArmor profile
+ d/rules: use dh_apparmor
+ d/control: Build-Depends on dh-apparmor
+ d/slapd.README.Debian: add note about AppArmor
- Enable GSSAPI support (first added in 2.4.18-0ubuntu2):
+ d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
- Add --with-gssapi support
- Make guess_service_principal() more robust when determining
principal
+ d/configure.options: Configure with --with-gssapi
+ d/control: Added heimdal-dev as a build depend
+ d/rules:
- Explicitly add -I/usr/include/heimdal to CFLAGS.
- Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
+ d/libldap-2.4-2.symbols: add symbols for GSSAPI support
This should be dropped when the soname changes.
- Enable ufw support:
+ d/control: suggest ufw.
+ d/rules: install ufw profile.
+ d/slapd.ufw.profile: add ufw profile.
- Enable nss overlay:
+ d/rules:
- add nssov to CONTRIB_MODULES
- add sysconfdir to CONTRIB_MAKEVARS
+ d/slapd.install: install nssov overlay
+ d/slapd.manpages: install slapo-nssov(5) man page
+ d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
Debian bug #919136, we also have to patch the nssov makefile
accordingly and thus update this patch.
- d/{rules,slapd.py}: Add apport hook.
- Add support for CLDAP (UDP) support, back then required by
likewise-open (first enabled in 2.4.17-1ubuntu2):
+ d/rules: Enable -DLDAP_CONNECTIONLESS
+ d/libldap-2.4-2.symbols: add symbols for CLDAP (UDP)
This should be dropped when the soname changes.
- debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because
of test timing issue.
- d/rules: better regexp to match the Maintainer tag in d/control,
needed in the Ubuntu case because of XSBC-Original-Maintainer
(Closes #960448, LP #1875697)
.
openldap (2.4.57+dfsg-2) unstable; urgency=medium
.
* Fix slapd assertion failure in Certificate List Exact Assertion validation
(ITS#9454) (CVE-2021-27212)
.
openldap (2.4.57+dfsg-1) unstable; urgency=medium
.
* New upstream release.
- Fixed slapd crashes in Certificate Exact Assertion processing
(ITS#9404, ITS#9424) (CVE-2020-36221)
- Fixed slapd assertion failures in saslAuthzTo validation
(ITS#9406, ITS#9407) (CVE-2020-36222)
- Fixed slapd crash in Values Return Filter control handling
(ITS#9408) (CVE-2020-36223)
- Fixed slapd crashes in saslAuthzTo processing
(ITS#9409, ITS#9412, ITS#9413)
(CVE-2020-36224, CVE-2020-36225, CVE-2020-36226)
- Fixed slapd assertion failure in X.509 DN parsing
(ITS#9423) (CVE-2020-36230)
- Fixed slapd crash in X.509 DN parsing (ITS#9425) (CVE-2020-36229)
- Fixed slapd crash in Certificate List Exact Assertion processing
(ITS#9427) (CVE-2020-36228)
- Fixed slapd infinite loop with Cancel operation
(ITS#9428) (CVE-2020-36227)
Checksums-Sha1:
a751e5013458ea0d891da532f0db48b2e5ecb47f 3155 openldap_2.4.57+dfsg-2ubuntu1.dsc
c7c27b4b187e0ce627fb1750c28ecf0842d5f6af 5054318 openldap_2.4.57+dfsg.orig.tar.gz
324deffb7dd2c800035ef82a95800275ef4c1a72 182804 openldap_2.4.57+dfsg-2ubuntu1.debian.tar.xz
7a8f88e7cf76afa3c18b68f3f5fbb4eac4768b13 8138 openldap_2.4.57+dfsg-2ubuntu1_source.buildinfo
Checksums-Sha256:
ba9cc88967802dcb279302cc5be845196e3fd6a79d1fb0b8a76d415bf2c29ac5 3155 openldap_2.4.57+dfsg-2ubuntu1.dsc
009cc88733eaf41a21607e073a19bce53d7d6ed90a5c280e80880978c4e91db7 5054318 openldap_2.4.57+dfsg.orig.tar.gz
799898213edf4a4e7ae1522be4efc58eb0eeb1fcf44f104b9cd43c2e421c4ffa 182804 openldap_2.4.57+dfsg-2ubuntu1.debian.tar.xz
e3d0e14bf9b3b7ab4063930a8530a8c9bab9b449baac886d72fbd4d99ee3e9b8 8138 openldap_2.4.57+dfsg-2ubuntu1_source.buildinfo
Files:
7e4be6c121ceb59ab5c0ce2878ed7bb8 3155 net optional openldap_2.4.57+dfsg-2ubuntu1.dsc
3d2f24e84664e373b095ca84aebc95ae 5054318 net optional openldap_2.4.57+dfsg.orig.tar.gz
d39b12e70c155e36055ab16fc41f313f 182804 net optional openldap_2.4.57+dfsg-2ubuntu1.debian.tar.xz
6b12e3fcd562a28f9dd4032d307685e5 8138 net optional openldap_2.4.57+dfsg-2ubuntu1_source.buildinfo
Original-Maintainer: Debian OpenLDAP Maintainers <pkg-openldap-devel at lists.alioth.debian.org>
More information about the Hirsute-changes
mailing list