summaryrefslogtreecommitdiffstats
path: root/debian/changelog
diff options
context:
space:
mode:
Diffstat (limited to 'debian/changelog')
-rw-r--r--debian/changelog3715
1 files changed, 3715 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog
new file mode 100644
index 0000000..39782e0
--- /dev/null
+++ b/debian/changelog
@@ -0,0 +1,3715 @@
+openldap (2.5.13+dfsg-5) unstable; urgency=medium
+
+ * Fix sha2-contrib autopkgtest failure. Call slappasswd using its full path.
+ (Closes: #1030814)
+ * Disable flaky test test069-delta-multiprovider-starttls.
+
+ -- Ryan Tandy <ryan@nardis.ca> Tue, 07 Feb 2023 17:56:12 -0800
+
+openldap (2.5.13+dfsg-4) unstable; urgency=medium
+
+ [ Andreas Hasenack ]
+ * d/rules: Fix passwd/sha2 build (Closes: #1030716, LP: #2000817)
+ * d/t/sha2-contrib: add test for sha2 module
+
+ -- Ryan Tandy <ryan@nardis.ca> Mon, 06 Feb 2023 19:21:05 -0800
+
+openldap (2.5.13+dfsg-3) unstable; urgency=medium
+
+ [ Ryan Tandy ]
+ * Disable flaky test test063-delta-multiprovider. Mitigates #1010608.
+
+ [ Gioele Barabucci ]
+ * slapd.scripts-common: Avoid double-UTF8-encoding org name (Closes: #1016185)
+ * d/slapd.scripts-common: Remove outdated `migrate_to_slapd_d_style`
+ * d/slapd.postinst: Remove test for ancient version
+ * slapd.scripts-common: Remove unused `normalize_ldif`
+ * d/slapd.scripts-common: Use sed instead of perl in `release_diagnostics`
+
+ -- Ryan Tandy <ryan@nardis.ca> Fri, 13 Jan 2023 16:29:59 -0800
+
+openldap (2.5.13+dfsg-2) unstable; urgency=medium
+
+ * d/tests/smbk5pwd: Grant slapd access to /var/lib/heimdal-kdc. Fixes the
+ autopkgtest failure due to heimdal setting mode 700 on this directory.
+ (Closes: #1020442)
+ * d/source/lintian-overrides: Add wildcards to make overrides compatible
+ with both older and newer versions of lintian.
+ * d/slapd-contrib.lintian-overrides: Remove unused
+ custom-library-search-path override now that krb5-config no longer sets
+ -rpath.
+
+ -- Ryan Tandy <ryan@nardis.ca> Sat, 24 Sep 2022 12:40:21 -0700
+
+openldap (2.5.13+dfsg-1) unstable; urgency=medium
+
+ * d/rules: Remove get-orig-source, now unnecessary.
+ * Check PGP signature when running uscan.
+ * d/watch: Modernize watch file; use repacksuffix.
+ * d/copyright: Update according to DEP-5.
+ * d/control: Add myself to Uploaders.
+ * New upstream release.
+
+ -- Sergio Durigan Junior <sergiodj@debian.org> Sun, 18 Sep 2022 18:29:46 -0400
+
+openldap (2.5.12+dfsg-2) unstable; urgency=medium
+
+ * Stop slapd explicitly in prerm as a workaround for #1006147, which caused
+ dpkg-reconfigure to not restart the service, so the new configuration was
+ not applied. See also #994204. (Closes: #1010971)
+
+ -- Ryan Tandy <ryan@nardis.ca> Mon, 23 May 2022 10:14:53 -0700
+
+openldap (2.5.12+dfsg-1) unstable; urgency=medium
+
+ * New upstream release.
+ - Fixed SQL injection in back-sql (ITS#9815) (CVE-2022-29155)
+ * Update debconf translations:
+ - German, thanks to Helge Kreutzmann. (Closes: #1007728)
+ - Spanish, thanks to Camaleón. (Closes: #1008529)
+ - Dutch, thanks to Frans Spiesschaert. (Closes: #1010034)
+
+ -- Ryan Tandy <ryan@nardis.ca> Wed, 04 May 2022 18:00:16 -0700
+
+openldap (2.5.11+dfsg-1) unstable; urgency=medium
+
+ * Upload to unstable.
+
+ -- Ryan Tandy <ryan@nardis.ca> Fri, 11 Mar 2022 19:38:02 -0800
+
+openldap (2.5.11+dfsg-1~exp1) experimental; urgency=medium
+
+ * New upstream release.
+ * Add openssl to Build-Depends to enable more checks in test067-tls.
+ * Update slapd-contrib's custom-library-search-path override to work with
+ current Lintian.
+
+ -- Ryan Tandy <ryan@nardis.ca> Sun, 23 Jan 2022 17:16:05 -0800
+
+openldap (2.5.8+dfsg-1~exp1) experimental; urgency=medium
+
+ * New upstream release.
+ * Update slapd-contrib's custom-library-search-path override to work with
+ Lintian 2.108.0.
+
+ -- Ryan Tandy <ryan@nardis.ca> Wed, 13 Oct 2021 18:42:55 -0700
+
+openldap (2.5.7+dfsg-1~exp1) experimental; urgency=medium
+
+ * New upstream release.
+ * Don't run autoreconf in contrib/ldapc++. We don't build it, and it is not
+ yet compatible with autoconf 2.71. (Closes: #993032)
+ * Stop disabling automake in debian/rules now that upstream removed the
+ AM_INIT_AUTOMAKE invocation.
+ * Drop custom config.{guess,sub} handling. dh_update_autotools_config does
+ the right thing for us.
+ * Update Standards-Version to 4.6.0; no changes required.
+ * debian/not-installed: Add the ldapvc.1 man page.
+
+ -- Ryan Tandy <ryan@nardis.ca> Mon, 30 Aug 2021 18:54:25 -0700
+
+openldap (2.5.6+dfsg-1~exp1) experimental; urgency=medium
+
+ [ Ryan Tandy ]
+ * New upstream release.
+ * Export the cn=config database to LDIF format before upgrading from 2.4.
+ * slapd.README.Debian:
+ - Remove text about the dropped evolution-ntlm patch.
+ - Add guidance for recovering from upgrade failures.
+ * Remove the debconf warning and README text about the unsafe ACL configured
+ by default in versions before jessie.
+ * Remove upgrade code for adding the pwdMaxRecordedFailure attribute to the
+ ppolicy schema. It's obsolete since the schema has been internalized.
+
+ [ Sergio Durigan Junior ]
+ * Implement the "escape hatch" mechanism.
+ - d/po/*.po: Update PO files given the new template note.
+ - d/po/templates.pot: Update file.
+ - d/slapd.templates: Add note warning user about a postinst failure,
+ its possible cause and what to do.
+ - d/slapd.postinst: Make certain upgrade functions return failure
+ instead of exiting, which allows the postinst script to gracefully
+ fail when applicable. Also, when the general configuration upgrade
+ fails, display a critical warning to the user. Implement
+ ignore_init_failure function.
+ - d/slapd.prerm: Implement ignore_init_failure function.
+ - d/slapd.scripts-common: Make certain functions return failure
+ instead of exiting.
+ - d/rules: Use dh_installinit's --error-handler to instruct it on how
+ to handle possible errors with the init script.
+ - d/slapd.NEWS: Add excerpt mentioning that the postinst script might
+ error out if it can't migrate the existing (old) database backend.
+
+ -- Ryan Tandy <ryan@nardis.ca> Mon, 16 Aug 2021 18:32:29 -0700
+
+openldap (2.5.5+dfsg-1~exp1) experimental; urgency=medium
+
+ * New upstream release.
+ - Drop patches applied upstream: ITS#9544, ITS#9548.
+ * Mark slapd-contrib as breaking the old version of slapd to reduce the
+ chance of upgrade failure due to slapd-contrib being unpacked first.
+
+ -- Ryan Tandy <ryan@nardis.ca> Fri, 11 Jun 2021 11:43:15 -0700
+
+openldap (2.5.4+dfsg-1~exp1) experimental; urgency=medium
+
+ * New upstream release.
+ - Changing olcAuthzRegexp dynamically is supported. (Closes: #761407)
+ - Support for LANMAN password hashes has been removed. (Closes: #988033)
+ - Added pkg-config files for liblber and libldap. (Closes: #670824)
+ - libldap_r has been merged into libldap. The Debian package will continue
+ to install a libldap_r.so symlink for backwards compatibility with
+ applications that still link with -lldap_r.
+ - The Berkeley DB backends, slapd-bdb(5) and slapd-hdb(5), have been
+ removed.
+ - The shell backend, slapd-shell(5), has been removed.
+ - New backend: slapd-asyncmeta(5).
+ - New core overlays: slapd-homedir(5), slapd-otp(5), and
+ slapd-remoteauth(5).
+ - The ppolicy schema has been merged into the slapo-ppolicy(5) module.
+ - The argon2 password module has been promoted from contrib to core.
+ * Add a superficial autopkgtest for smbk5pwd.
+ * Update Standards-Version to 4.5.1; no changes needed.
+ * Upgrade to debhelper compat level 12.
+ - Remove debian/compat, add Build-Depends: debhelper-compat.
+ * Run dh_missing --fail-missing during build.
+ - Add debian/not-installed.
+ * Drop debian/tmp/ prefix from paths in *.install and *.manpages.
+ * Override Lintian false positives:
+ * slapd: lacks-unversioned-link-to-shared-library. See #687022.
+ * libldap-2.4-2: shared-library-not-shipped.
+ * Follow renamed Lintian tags:
+ - dev-pkg-without-shlib-symlink => lacks-unversioned-link-to-shared-library
+ - binary-or-shlib-defines-rpath => custom-library-search-path
+ * Rename libldap2-dev to libldap-dev (Policy 8.4). Keep libldap2-dev as a
+ transitional package for now.
+ - Drop ancient Conflicts/Replaces: libopenldap-dev.
+ * Prune implied or unneeded directories from debian/*.dirs.
+ - Stop installing empty /var/lib/slapd directory. (Closes: #714174)
+ * Stop disabling test060-mt-hot on ppc64el. The underlying kernel bug
+ (#866122) is fixed in all relevant suites by now.
+ * Drop evolution-ntlm patch. (Closes: #457374)
+ * Drop patches applied or superseded upstream.
+ * Update or refresh remaining patches as needed.
+ * debian/configure.options:
+ - Refresh with new `./configure --help' output.
+ - Drop directory options set automatically by debhelper: --prefix,
+ --sysconfdir, --localstatedir, and --mandir.
+ - Enable the perl and sql backends explicitly. They are deprecated and
+ --enable-backends= no longer includes them.
+ - Disable the experimental wiredtiger backend.
+ - Disable the autoca overlay. It does not support GnuTLS yet.
+ - Enable the argon2 password hashing module.
+ - Disable the new load balancer daemon (lloadd) for now.
+ - Disable systemd service notification support for now.
+ * debian/rules:
+ - Enable all current and future hardening flags.
+ - Use the new STRIP_OPTS variable to disable stripping.
+ - Drop -Wno-format-extra-args from DEB_CFLAGS_MAINT_APPEND.
+ The Debug macro has been changed upstream to use variadic args.
+ - Override OPT variable to empty for contrib modules.
+ * debian/schema: Sync with upstream.
+ - core.{schema,ldif}: Update description of deltaCRL.
+ - cosine.schema, pmi.schema: spelling fixes.
+ - namedobject.schema: Added.
+ - ppolicy.schema: Removed upstream, dropped.
+ * Add Build-Depends: pkg-config, required for autoreconf.
+ * Add upstream patch to fix SLAPI compilation. (ITS#9544)
+ * Move the argon2 password module from slapd-contrib to slapd.
+ - Add upstream patch to fix argon2 installation.
+ * Transition libldap-2.4-2 to libldap-2.5-0.
+ - Install the real libldap instead of a symlink to libldap_r.
+ - Symlink libldap_r.{a,so} to libldap for backwards compatibility.
+ - Drop the shlibs file, no longer needed.
+ * Remove references to removed BDB backends.
+ - Drop Build-Depends: libdb5.3-dev.
+ - Drop arch-specific configure options to disable those backends on Hurd.
+ - Delete example DB_CONFIG file and README.DB_CONFIG.
+ - Remove information about Berkeley DB from slapd README.
+ * Install new slapmodify(8) tool as a hard link to slapd(8).
+ * Install new man pages: slapo-deref(5), slapo-pw-pbkdf2(5), and
+ slapo-pw-sha2(5).
+ - Drop debian/slapo-pw-pbkdf2.5, included upstream.
+ * Add unpackaged files to debian/not-installed:
+ - ldapvc(1): undocumented tool supporting the vc overlay (contrib)
+ - lloadd(8) and lloadd.conf(5) man pages
+ - slapd-wt(5) and slapo-autoca(5) man pages
+ * Delete obsolete ppolicy.schema and ppolicy.ldif conffiles on upgrade.
+ * Dump and reload slapd-mdb(5) databases on upgrade from 2.4.
+ - Call dh_installinit with --no-restart-after-upgrade to ensure slapd is
+ stopped before dumping the old database.
+
+ -- Ryan Tandy <ryan@nardis.ca> Sun, 30 May 2021 08:41:25 -0700
+
+openldap (2.4.59+dfsg-1) unstable; urgency=medium
+
+ * New upstream release.
+ * Fix FTBFS with autoconf 2.71 (Closes: #993032):
+ - Backport upstream changes to support Autoconf 2.69 instead of simply
+ disabling automake in debian/rules. Fixes FTBFS due to autoreconf
+ thinking files required by Automake are missing, even though Automake is
+ not actually used.
+ - Stop running autoreconf in contrib/ldapc++ since we don't build it.
+ - Drop custom config.{guess,sub} handling. dh_update_autotools_config does
+ the right thing for us.
+ * Update Standards-Version to 4.6.0; no changes required.
+ * Add a superficial autopkgtest for smbk5pwd.
+ * Stop disabling test060-mt-hot on ppc64el. The underlying kernel bug
+ (#866122) is fixed in all relevant suites by now.
+
+ -- Ryan Tandy <ryan@nardis.ca> Fri, 27 Aug 2021 09:42:31 -0700
+
+openldap (2.4.57+dfsg-3) unstable; urgency=medium
+
+ * Link smbk5pwd with -lkrb5. (Closes: #988565)
+
+ -- Ryan Tandy <ryan@nardis.ca> Sat, 15 May 2021 16:03:34 -0700
+
+openldap (2.4.57+dfsg-2) unstable; urgency=medium
+
+ * Fix slapd assertion failure in Certificate List Exact Assertion validation
+ (ITS#9454) (CVE-2021-27212)
+
+ -- Ryan Tandy <ryan@nardis.ca> Sun, 14 Feb 2021 09:26:41 -0800
+
+openldap (2.4.57+dfsg-1) unstable; urgency=medium
+
+ * New upstream release.
+ - Fixed slapd crashes in Certificate Exact Assertion processing
+ (ITS#9404, ITS#9424) (CVE-2020-36221)
+ - Fixed slapd assertion failures in saslAuthzTo validation
+ (ITS#9406, ITS#9407) (CVE-2020-36222)
+ - Fixed slapd crash in Values Return Filter control handling
+ (ITS#9408) (CVE-2020-36223)
+ - Fixed slapd crashes in saslAuthzTo processing
+ (ITS#9409, ITS#9412, ITS#9413)
+ (CVE-2020-36224, CVE-2020-36225, CVE-2020-36226)
+ - Fixed slapd assertion failure in X.509 DN parsing
+ (ITS#9423) (CVE-2020-36230)
+ - Fixed slapd crash in X.509 DN parsing (ITS#9425) (CVE-2020-36229)
+ - Fixed slapd crash in Certificate List Exact Assertion processing
+ (ITS#9427) (CVE-2020-36228)
+ - Fixed slapd infinite loop with Cancel operation
+ (ITS#9428) (CVE-2020-36227)
+
+ -- Ryan Tandy <ryan@nardis.ca> Sat, 23 Jan 2021 08:57:07 -0800
+
+openldap (2.4.56+dfsg-1) unstable; urgency=medium
+
+ * New upstream release.
+ - Fixed slapd abort due to assertion failure in Certificate List syntax
+ validation (ITS#9383) (CVE-2020-25709)
+ - Fixed slapd abort due to assertion failure in CSN normalization with
+ invalid input (ITS#9384) (CVE-2020-25710)
+
+ -- Ryan Tandy <ryan@nardis.ca> Wed, 11 Nov 2020 09:13:56 -0800
+
+openldap (2.4.55+dfsg-1) unstable; urgency=medium
+
+ * New upstream release.
+ - Fixed slapd normalization handling with modrdn
+ (ITS#9370) (CVE-2020-25692)
+
+ -- Ryan Tandy <ryan@nardis.ca> Tue, 27 Oct 2020 21:07:29 -0700
+
+openldap (2.4.54+dfsg-1) unstable; urgency=medium
+
+ * New upstream release.
+ * Change upstream Homepage and get-orig-source URLs to HTTPS.
+ * Create debian/gbp.conf.
+
+ -- Ryan Tandy <ryan@nardis.ca> Sun, 18 Oct 2020 16:03:46 +0000
+
+openldap (2.4.53+dfsg-1) unstable; urgency=medium
+
+ * New upstream release.
+
+ -- Ryan Tandy <ryan@nardis.ca> Mon, 07 Sep 2020 09:47:28 -0700
+
+openldap (2.4.51+dfsg-1) unstable; urgency=medium
+
+ * New upstream release.
+ - Add ldap_parse_password_expiring_control to libldap-2.4-2.symbols.
+ * Merge some changes from Ubuntu:
+ - slapd.default, slapd.README.Debian: update to refer to slapd.d instead
+ of slapd.conf.
+ - debian/slapd.scripts-common: dump_databases: make slapcat_opts a local
+ variable.
+ * Drop paragraph about patch gnutls-altname-nulterminated (#465197) from
+ slapd.README.Debian. The patch referred to was dropped in 2.4.7-6.
+ * debian/patches/set-maintainer-name: Extract maintainer address dynamically
+ from debian/control. (Closes: #960448)
+ * Fix Torsten's email address in a historic debian/changelog entry to
+ resolve a Lintian error (bogus-mail-host-in-debian-changelog).
+ * Rename debian/source.lintian-overrides to debian/source/lintian-overrides.
+ Fixes a Lintian pedantic tag (old-source-override-location).
+ * Override Lintian pedantic tag maintainer-manual-page for
+ slapo-pw-pbkdf2.5, which will be included upstream in a future release.
+ * Remove the trailing whitespaces from debian/changelog, debian/control, and
+ debian/rules. Fixes a Lintian pedantic tag (trailing-whitespace).
+ * Convert debian/po/de.po to UTF-8. Fixes a Lintian warning
+ (national-encoding).
+ * Relax libldap's dependency on libldap-common to Recommends.
+ This is intended to mitigate the impact of bug #915948 in the case where
+ the arch:all build is delayed for so long that the old libldap-common
+ disappears. Previously, a delayed arch:all build could become
+ BD-Uninstallable if new amd64 binaries were published before the arch:all
+ build starts, due to the transitive build-dependency on libldap.
+ Although libldap works fine without libldap-common, in normal
+ installations it is still recommended to install libldap-common.
+ * Append a timestamp to the backup directory created by dpkg-reconfigure.
+ (Closes: #599585, #960449)
+ * Remove the redundant cn=admin,<suffix> entry from the default DIT for new
+ installs. For new installs going forward, the root credentials will be
+ stored in olcRootDN/olcRootPW only. (Closes: #821331)
+ * Change slapd's Suggests: ldap-utils to Recommends. While any LDAP client
+ suffices, ldap-utils contains the standard tools recommended by upstream
+ for basic administration and management.
+ * Relax Recommends: libsasl2-modules to Suggests on slapd and ldap-utils.
+ Many deployments do not use SASL at all, and therefore SASL mechanisms are
+ not needed "in all but unusual installations".
+
+ -- Ryan Tandy <ryan@nardis.ca> Sun, 23 Aug 2020 11:09:57 -0700
+
+openldap (2.4.50+dfsg-1) unstable; urgency=medium
+
+ * New upstream release.
+ - Fixed slapd to limit depth of nested filters
+ (ITS#9202) (CVE-2020-12243)
+ - Drop patches included upstream: argon2.patch, ITS#9171, ITS#8650.
+ * Update Spanish debconf translation.
+ Thanks to Camaleón. (Closes: #958869)
+
+ -- Ryan Tandy <ryan@nardis.ca> Tue, 28 Apr 2020 10:18:12 -0700
+
+openldap (2.4.49+dfsg-4) unstable; urgency=medium
+
+ * Annotate libsodium-dev dependency with <!pkg.openldap.noslapd>.
+ Thanks to Helmut Grohne. (Closes: #955993)
+ * Add the man page for the Argon2 password module.
+ Thanks to Peter Marschall. (Closes: #955977)
+ * Build the Argon2 password module with libargon2-dev instead of
+ libsodium-dev. Rationale:
+ - libargon2 contains the specific functionality needed; libsodium is a
+ larger library and contains many features not used here
+ - libsodium does not support configuring the p= (parallelism) parameter
+ * Import upstream patch to properly retry gnutls_handshake() after it
+ returns GNUTLS_E_AGAIN. (ITS#8650) (Closes: #861838)
+ * Update the Argon2 password module to upstream commit feb6f21d2e.
+
+ -- Ryan Tandy <ryan@nardis.ca> Tue, 14 Apr 2020 21:33:16 -0700
+
+openldap (2.4.49+dfsg-3) unstable; urgency=medium
+
+ * Drop patch no-AM_INIT_AUTOMAKE. Instead, configure dh_autoreconf to skip
+ automake by setting AUTOMAKE=/bin/true. (Closes: #864637)
+ * debian/patches/debian-version: Show Debian version, instead of upstream
+ version, in version strings.
+ * Add ${perl:Depends} to slapd Depends to silence a dpkg-gencontrol warning.
+ This is practically a no-op since slapd explicitly Depends on perl because
+ of the maintainer scripts.
+ * Import the Argon2 password module from upstream git and install it in
+ slapd-contrib. New Build-Depends: libsodium-dev. (Closes: #920283)
+
+ -- Ryan Tandy <ryan@nardis.ca> Sat, 04 Apr 2020 10:43:56 -0700
+
+openldap (2.4.49+dfsg-2) unstable; urgency=medium
+
+ * slapd.README.Debian: Document the initial setup performed by slapd's
+ maintainer scripts in more detail. Thanks to Karl O. Pinc.
+ (Closes: #952501)
+ * Import upstream patch to fix slapd crashing in certain configurations when
+ a client attempts a login to a locked account.
+ (ITS#9171) (Closes: #953150)
+
+ -- Ryan Tandy <ryan@nardis.ca> Thu, 05 Mar 2020 12:59:46 -0800
+
+openldap (2.4.49+dfsg-1) unstable; urgency=medium
+
+ * New upstream release.
+ - Drop patch no-gnutls_global_set_mutex, applied upstream.
+ * When validating the DNS domain chosen for slapd's default suffix, set
+ LC_COLLATE explicitly for grep to ensure character ranges behave as
+ expected. Thanks to Fredrik Roubert. (Closes: #940908)
+ * Backport proposed upstream patch to emit detailed messages about errors in
+ the TLS configuration. (ITS#9086) (Closes: #837341)
+ * slapd.scripts-common: Delete unused copy_example_DB_CONFIG function.
+ * Remove debconf support for choosing a database backend. Always use the
+ LMDB backend for new installs, as recommended by upstream.
+ * Remove the empty olcBackend section from the default configuration.
+ * Remove the unused slapd.conf template from /usr/share/slapd. Continue
+ shipping it as an example in /usr/share/doc/slapd.
+ * Fix a typo in index-files-created-as-root patch.
+ Thanks to Quanah Gibson-Mount.
+ * Annotate slapd's Depends on perl with :any. Fixes installation of
+ foreign-arch slapd. Thanks to Andreas Hasenack.
+ * Rename 'stage1' build profile to 'pkg.openldap.noslapd'.
+ Thanks to Helmut Grohne. (Closes: #949722)
+ * Drop Build-Conflicts: libicu-dev as upstream's configure no longer tests
+ for or links with libicu.
+ * Note ITS#9126 recommendation in slapd.NEWS.
+ * Update Standards-Version to 4.5.0; no changes required.
+
+ -- Ryan Tandy <ryan@nardis.ca> Thu, 06 Feb 2020 10:08:12 -0800
+
+openldap (2.4.48+dfsg-1) unstable; urgency=medium
+
+ * New upstream release.
+ - fixed slapd to restrict rootDN proxyauthz to its own databases
+ (CVE-2019-13057) (ITS#9038) (Closes: #932997)
+ - fixed slapd to enforce sasl_ssf ACL statement on every connection
+ (CVE-2019-13565) (ITS#9052) (Closes: #932998)
+ - added new openldap.h header with OpenLDAP specific libldap interfaces
+ (ITS#8671)
+ - updated lastbind overlay to support forwarding authTimestamp updates
+ (ITS#7721) (Closes: #880656)
+ * Update Standards-Version to 4.4.0.
+ * Add a systemd drop-in to set RemainAfterExit=no on the slapd service, so
+ that systemd marks the service as dead after it crashes or is killed.
+ Thanks to Heitor Alves de Siqueira. (Closes: #926657, LP: #1821343)
+ * Use more entropy for generating a random admin password, if none was set
+ during initial configuration. Thanks to Judicael Courant.
+ (Closes: #932270)
+ * Replace debian/rules calls to dpkg-architecture and dpkg-parsechangelog
+ with variables provided by dpkg-dev includes.
+ * Declare R³: no.
+ * Create a simple autopkgtest that tests installing slapd and connecting to
+ it with an ldap tool.
+ * Install the new openldap.h header in libldap2-dev.
+
+ -- Ryan Tandy <ryan@nardis.ca> Thu, 25 Jul 2019 08:32:00 -0700
+
+openldap (2.4.47+dfsg-3) unstable; urgency=medium
+
+ * Restore patches to contrib Makefiles to set CFLAGS, CPPFLAGS, and LDFLAGS
+ individually in the relevant command lines instead of overriding OPT. The
+ change to use OPT caused FTBFS on some ports arches where PIE enablement
+ uses spec files, by mixing compile-time and link-time flags.
+ (Closes: #919136)
+ * Fix architecture-specific path in smbk5pwd's binary-or-shlib-defines-rpath
+ Lintian override.
+ * Skip exporting cn=config to LDIF in preinst for upgrades where nothing
+ needs to be checked in it.
+ * Update Standards-Version to 4.3.0.
+
+ -- Ryan Tandy <ryan@nardis.ca> Sat, 02 Feb 2019 10:30:10 -0800
+
+openldap (2.4.47+dfsg-2) unstable; urgency=medium
+
+ * Reintroduce slapi-dev binary package. (Closes: #711469)
+ Thanks to Florian Schlichting.
+ * Do not call gnutls_global_set_mutex(). (Closes: #803197)
+ * Use dh_auto_* to build and install contrib modules.
+ - Stop patching the clean rule in smbk5pwd's Makefile.
+ * Explicitly list overlays and man pages installed by slapd package in
+ slapd.install and slapd.manpages files.
+ * Set common variables for contrib Makefiles by make(1) command line instead
+ of patching every Makefile.
+ * Build and install more contrib plugins in a new slapd-contrib package:
+ - pw-apr1 and pw-netscape (Closes: #592362)
+ - pw-pbkdf2 (Closes: #794999)
+ * Import the slapo-pw-pbkdf2 man page from upstream git master and install
+ it with the slapd-contrib package.
+ * Add smbk5pwd to slapd-contrib and turn slapd-smbk5pwd into a transitional
+ package. Drop smbk5pwd README since it now has a man page which is a
+ better resource for users.
+ - Use Breaks to ensure that slapd is not upgraded in between removing the
+ old smbk5pwd module and installing the new one.
+ * Include the apr1-atol.pl and apr1-lota.pl helper scripts in the
+ slapd-contrib package as examples.
+ * Merge remaining contrib Makefile patches into a single contrib-makefiles
+ patch.
+
+ -- Ryan Tandy <ryan@nardis.ca> Sat, 12 Jan 2019 11:18:03 -0800
+
+openldap (2.4.47+dfsg-1) unstable; urgency=medium
+
+ * New upstream release.
+ - reverted GnuTLS handshake change in libldap as it regressed slapd
+ (Reopens: #861838)
+ * Update Standards-Version to 4.2.1.
+
+ -- Ryan Tandy <ryan@nardis.ca> Sun, 23 Dec 2018 12:50:40 -0800
+
+openldap (2.4.46+dfsg-5) unstable; urgency=medium
+
+ * Restore slapd-smbk5pwd now that libldap is installable in unstable.
+ This reverts the changes from -3 and -4.
+
+ -- Ryan Tandy <ryan@nardis.ca> Fri, 04 May 2018 16:12:27 -0700
+
+openldap (2.4.46+dfsg-4) unstable; urgency=medium
+
+ * Disable building the smbk5pwd plugin temporarily.
+
+ -- Ryan Tandy <ryan@nardis.ca> Fri, 04 May 2018 08:06:58 -0700
+
+openldap (2.4.46+dfsg-3) unstable; urgency=medium
+
+ * Build without heimdal temporarily to resolve BD-Uninstallable loop.
+
+ -- Ryan Tandy <ryan@nardis.ca> Fri, 04 May 2018 07:36:58 -0700
+
+openldap (2.4.46+dfsg-2) unstable; urgency=medium
+
+ * Remove version constraint from libldap-2.4-2 dependency on libldap-common.
+
+ -- Ryan Tandy <ryan@nardis.ca> Thu, 03 May 2018 14:16:49 -0700
+
+openldap (2.4.46+dfsg-1) unstable; urgency=medium
+
+ * Move the repository to Salsa.
+ Update debian/control Vcs-* fields.
+ * Remove Matthijs Möhlmann from Uploaders. (Closes: #891308)
+ Thank you Matthijs for your past contributions.
+ * New upstream release.
+ - fixed slapd out-of-sync issue with delta-MMR and memberof overlay
+ (ITS#8444) (Closes: #877166)
+ * Rebase patch no-AM_INIT_AUTOMAKE to apply cleanly.
+ * Drop patch ITS8650-retry-gnutls_handshake-after-GNUTLS_E_AGAIN, applied
+ upstream.
+ * Really fix upgrades when the config contains backslash-escaped special
+ characters. The previous fix was incomplete and didn't fully fix upgrades
+ involving a database reload. (Closes: #864719)
+ * Update Standards-Version to 4.1.4.
+ - Change the Priority of libldap-2.4-2 and libldap-common to optional.
+ * Change download URL in debian/watch to https. Fixes a Lintian info.
+ * Override the binary-or-shlib-defines-rpath Lintian tag for slapd-smbk5pwd.
+ The rpath is set by krb5-config.heimdal; see bug #868840.
+
+ -- Ryan Tandy <ryan@nardis.ca> Thu, 03 May 2018 07:03:30 -0700
+
+openldap (2.4.45+dfsg-1) unstable; urgency=medium
+
+ * New upstream release.
+ - fixed a use-after-free in GnuTLS options handling
+ (ITS#8385) (Closes: #820244) (LP: #1557248)
+ - fixed unsafe concurrent SASL calls causing memory corruption
+ (ITS#8648) (Closes: #860947) (LP: #1688575)
+ - fixed syncrepl infinite looping with multi-master delta-syncrepl
+ (ITS#8432) (Closes: #868753)
+ * Rebase patches to apply cleanly:
+ - do-not-second-guess-sonames
+ - no-AM_INIT_AUTOMAKE
+ * Drop patches applied upstream:
+ - ITS-8554-kFreeBSD-is-like-BSD.patch
+ - ITS-8644-wait-for-slapd-to-start-in-test064.patch
+ - ITS-8655-paged-results-double-free.patch
+ * Upgrade to debhelper compat level 10.
+ - Depend on debhelper 10.
+ - Stop enabling parallel and autoreconf explicitly. They are now enabled
+ by default.
+ - Drop dh-autoreconf from build-depends since debhelper requires it.
+ * Add -Wno-format-extra-args to CFLAGS to reduce the noise in the build
+ logs, as this warning is emitted on each use of the Debug() macro.
+ * Drop libldap-2.4-4-dbg and slapd-dbg binary packages in favour of
+ automatic dbgsym packages.
+ * Update Standards-Version to 4.0.0; no changes required.
+ * Drop Priority and Section from binary package stanzas when they only
+ duplicate information from the source stanza.
+ * Update Priority of slapd-smbk5pwd and libldap2-dev to optional to match
+ the archive.
+ * Remove retired developer, Roland Bauerschmidt, from Uploaders.
+ (Closes: #856422)
+ * Remove Timo Aaltonen from Uploaders, with his agreement.
+ * debian/patches/ITS8650-retry-gnutls_handshake-after-GNUTLS_E_AGAIN.patch:
+ If gnutls_handshake() returns EAGAIN, call it again. Fixes TLS handshake
+ failures when the ServerHello message exceeds 16K.
+ (ITS#8650) (Closes: #861838)
+ * Drop time from Build-Depends. The upstream testsuite no longer calls it.
+
+ -- Ryan Tandy <ryan@nardis.ca> Thu, 27 Jul 2017 18:04:41 -0700
+
+openldap (2.4.44+dfsg-8) unstable; urgency=medium
+
+ * Disable test060-mt-hot on ppc64el temporarily to avoid failing tests until
+ the underlying kernel bug #866122 is fixed.
+ * Fix FTBFS with Heimdal 7.2.0: Drop patch heimdal-fix as the
+ hdb_generate_key_set_password change was reverted in heimdal. Depend on an
+ appropriate minimum version of heimdal.
+
+ -- Ryan Tandy <ryan@nardis.ca> Sun, 16 Jul 2017 12:57:41 -0700
+
+openldap (2.4.44+dfsg-7) unstable; urgency=medium
+
+ * Relax the dependency of libldap-2.4-2 on libldap-common to also permit
+ later versions. (Closes: #860774)
+
+ -- Ryan Tandy <ryan@nardis.ca> Tue, 27 Jun 2017 18:53:12 -0700
+
+openldap (2.4.44+dfsg-6) unstable; urgency=medium
+
+ * Update the list of non-translatable strings for the
+ slapd/ppolicy_schema_needs_update template. Thanks Ferenc Wágner.
+ * Fix upgrade failure when olcSuffix contains a backslash. (Closes: #864719)
+
+ -- Ryan Tandy <ryan@nardis.ca> Mon, 26 Jun 2017 19:42:02 -0700
+
+openldap (2.4.44+dfsg-5) unstable; urgency=medium
+
+ * debian/patches/ITS-8644-wait-for-slapd-to-start-in-test064.patch: Fix an
+ intermittently failing test by waiting for slapd to start before running
+ tests. (ITS#8644) (Closes: #770890)
+ * debian/patches/ITS-8655-paged-results-double-free.patch: Fix a double free
+ in the MDB backend on a search including the Paged Results control with a
+ page size of 0. (ITS#8655) (CVE-2017-9287) (Closes: #863563)
+
+ -- Ryan Tandy <ryan@nardis.ca> Sun, 28 May 2017 09:59:46 -0700
+
+openldap (2.4.44+dfsg-4) unstable; urgency=medium
+
+ * Improve the slapd/ppolicy_schema_needs_update debconf template. Thanks to
+ Justin B Rye for the review.
+ * Update Catalan debconf translation. (Closes: #851905)
+ Thanks to Innocent De Marchi.
+ * Update Czech debconf translation. (Closes: #852190)
+ Thanks to Miroslav Kure.
+ * Update Danish debconf translation. (Closes: #850859)
+ Thanks to Joe Dalton.
+ * Update German debconf translation. (Closes: #851480)
+ Thanks to Helge Kreutzmann.
+ * Update Basque debconf translation. (Closes: #850812)
+ Thanks to Iñaki Larrañaga Murgoitio.
+ * Update French debconf translation. (Closes: #852459)
+ Thanks to Jean-Pierre Giraud.
+ * Update Italian debconf translation. (Closes: #852074)
+ Thanks to Luca Monducci.
+ * Update Japanese debconf translation. (Closes: #851457)
+ Thanks to Kenshi Muto.
+ * Update Dutch debconf translation. (Closes: #852405)
+ Thanks to Frans Spiesschaert.
+ * Update Brazilian Portuguese debconf translation. (Closes: #852443)
+ Thanks to Adriano Rafael Gomes.
+ * Update Russian debconf translation. (Closes: #850833)
+ Thanks to Yuri Kozlov.
+ * Update Slovak debconf translation. (Closes: #850796)
+ Thanks to Ivan Masár.
+ * Update Swedish debconf translation. (Closes: #851168)
+ Thanks to Martin Bagge.
+ * Update Turkish debconf translation. (Closes: #851470)
+ Thanks to Atila KOÇ.
+ * Update Vietnamese debconf translation.
+ Thanks to Trần Ngọc Quân.
+ * Update Build-Depends on debhelper to ensure shlibs files are installed at
+ the expected time during build. (Closes: #854158)
+ * Update Portuguese debconf translation. (Closes: #859943)
+ Thanks to Rui Branco and DebianPT.
+ * Dump the configuration and databases to LDIF before removing slapd, so
+ that they are available if a newer version requiring migration is
+ installed later. (Closes: #665199)
+ * When creating a new configuration with dpkg-reconfigure, back up the old
+ configuration before overwriting it.
+
+ -- Ryan Tandy <ryan@nardis.ca> Sun, 16 Apr 2017 20:10:43 -0700
+
+openldap (2.4.44+dfsg-3) unstable; urgency=medium
+
+ * Apply upstream patch to fix FTBFS on kFreeBSD. (Closes: #845394)
+ * Restore heimdal support to the smbk5pwd overlay.
+
+ -- Ryan Tandy <ryan@nardis.ca> Sun, 01 Jan 2017 19:47:36 -0800
+
+openldap (2.4.44+dfsg-2) unstable; urgency=medium
+
+ [ Ryan Tandy ]
+ * Update Standards-Version to 3.9.8; no changes required.
+ * Enable dh_makeshlibs for libldap-2.4-2. Remove libldap-2.4-2.postinst, now
+ replaced by the automatic ldconfig trigger.
+ * Don't execute slapd's override_dh_install when building only
+ arch-independent packages. (Closes: #845506)
+ * Override lintian false positives on slapd.README.Debian,
+ slapd-smbk5pwd.postinst, and slapd-smbk5pwd triggering ldconfig.
+ * Perform permissions changes in override_dh_fixperms instead of in
+ override_dh_install.
+ * Remove manual chmod of schema files since dh_fixperms sets correct
+ permissions automatically.
+ * Fix slapd-smbk5pwd failing to upgrade when there are no instances of the
+ overlay configured.
+
+ [ Helmut Grohne ]
+ * Fix FTCBFS: Pass CC to make explicitly. (Closes: #839251)
+
+ -- Ryan Tandy <ryan@nardis.ca> Thu, 01 Dec 2016 19:40:20 -0800
+
+openldap (2.4.44+dfsg-1) unstable; urgency=medium
+
+ [ Ryan Tandy ]
+ * New upstream release.
+ - Fixed ppolicy not unlocking policy entry after initialization failure
+ (ITS#7537) (Closes: #702414)
+ * Drop ITS8240-remove-obsolete-assert.patch, included upstream.
+ * Update debian/schema/ppolicy.schema to add the pwdMaxRecordedFailure
+ attribute.
+ * Update libldap-2.4-2.symbols with new ldap_build_*_req symbols.
+ * Mark the build target in debian/rules as phony, since the upstream source
+ includes a build/ directory.
+ * Correct the list of files to be cleaned for the pw-sha2 contrib module.
+ * Fix a typo (slpad -> slapd) in the Catalan debconf translation.
+ * Disable OpenSLP support and remove libslp-dev from Build-Depends.
+ (Closes: #815364)
+ * Ensure /var/run/slapd exists when starting slapd, even if the pid file is
+ somewhere else. Thanks to Dave Beach for the report. (Closes: #815571)
+ * Create the pidfile directory when starting slapd, but not when running the
+ init script in other modes.
+ * Remove support for enabling the obsolete LDAPv2 protocol via debconf.
+ * debian/copyright: Update the OpenLDAP copyright and license.
+ * debian/control: Update VCS URIs to the modern canonical form.
+ * Override Lintian errors about schema files derived from RFC documents.
+ Copyrightable content has been removed from these files; however, the
+ copyright notices have been retained to preserve attribution.
+ * On upgrade, if the cn=config database contains the ppolicy schema, add the
+ new pwdMaxRecordedFailure attribute to it.
+ * Add debian/patches/set-maintainer-name to omit the builder's username and
+ working directory from version strings and thereby make the build
+ reproducible. Thanks to Daniel Shahaf for the patch. (Closes: #833179)
+ * Build smbk5pwd without Kerberos support and drop the build-dependency on
+ heimdal. (Closes: #836885)
+ * On upgrade, comment the krb5 setting on any instances of the smbk5pwd
+ overlay in slapd.conf. Require cn=config users to disable krb5 manually
+ before upgrading.
+
+ [ Helmut Grohne ]
+ * Fix policy 8.2 violation (Closes: #330695)
+ + Move /etc/ldap/ldap.conf and manpage to new package libldap-common.
+
+ -- Ryan Tandy <ryan@nardis.ca> Mon, 14 Nov 2016 18:59:30 -0800
+
+openldap (2.4.42+dfsg-2) unstable; urgency=medium
+
+ [ Ryan Tandy ]
+ * Change explicit Pre-Depends: multiarch-support to ${misc:Pre-Depends}, as
+ recommended by lintian.
+ * Omit slapd, slapd-dbg, and slapd-smbk5pwd from the stage1 build profile.
+ This allows the dependency loop with heimdal to be broken for
+ bootstrapping, and the dependency on libperl-dev to be avoided for
+ cross-building. Thanks Daniel Schepler and Helmut Grohne.
+ (Closes: #724518)
+ * Apply wrap-and-sort to the Build-Depends field.
+ * Drop libncurses5-dev from Build-Depends, no longer needed since the ud
+ tool was removed in OpenLDAP 2.1.4.
+ * Drop libltdl3-dev as an alternate Build-Depends, since that package was
+ removed after lenny.
+ * Annotate Build-Depends on perl with :any to allow running the system perl
+ interpreter during cross builds.
+ * Ensure CC is set correctly for cross builds. Thanks Helmut Grohne.
+ * Build-Depend on dpkg-dev (>= 1.17.14) and debhelper (>= 9.20141010) for
+ restriction formula support.
+ * Override the 'dev-pkg-without-shlib-symlink' lintian tag. The symlink is
+ actually in the form libldap_r.so -> libldap_r-2.4.so.xyz and the tag is a
+ false positive; see #687022.
+ * Include the smbk5pwd man page in the slapd-smbk5pwd package.
+ * Allow anonymous read access to the shadowLastChange attribute by default,
+ allowing nss-ldap/nss-ldapd to handle password expiry correctly even when
+ bound anonymously. This was the only restricted shadow attribute, the
+ others were already world-readable. (Closes: #669235)
+ * Drop the redundant default ACL for dn.base="" from the database entry.
+ It's already covered by the fallback case below.
+ * Copy more comments from the slapd.conf template to slapd.init.ldif. Also
+ comment the shadowLastChange access rule.
+ * Import upstream patch to remove an unnecessary assert(0) that could be
+ triggered remotely by an unauthenticated user by sending a malformed BER
+ element. (ITS#8240) (CVE-2015-6908) (Closes: #798622)
+
+ [ Peter Marschall ]
+ * Add a manual page slapo-smbk5pwd.5 and update smbk5pwd's Makefile to
+ install the new manual page. (Closes: #794998)
+
+ -- Ryan Tandy <ryan@nardis.ca> Thu, 10 Sep 2015 20:13:17 -0700
+
+openldap (2.4.42+dfsg-1) unstable; urgency=medium
+
+ [ Peter Marschall ]
+ * slapd.scripts-common:
+ - Use update_permissions instead of direct calls to chown and chgrp.
+ - Make variables only used within a function local to that function.
+ - Restore databases ordered by increasing suffix path length.
+ This should help configurations with databases glued together using the
+ 'subordinate' keyword / 'olcSubordinate' attribute in slapd's
+ configuration.
+ (Closes: #794996)
+ * Install slapo-lastbind.5 man page. (Closes: #794997)
+
+ [ Ryan Tandy ]
+ * slapd.scripts-common: Delete an outdated comment.
+ * New upstream release.
+ * Enable the MDB backend again on GNU/kFreeBSD. The new pthread library
+ provides all the required interfaces, and the test suite now passes.
+ Leave it disabled on the Hurd. LMDB requires POSIX semaphores, which have
+ not yet been implemented.
+ * Disable the BDB/HDB backends on the Hurd. BDB requires record locks
+ (F_SETLK), which have not yet been implemented; see #693971.
+
+ -- Ryan Tandy <ryan@nardis.ca> Fri, 21 Aug 2015 13:07:51 -0700
+
+openldap (2.4.41+dfsg-1) unstable; urgency=medium
+
+ * New upstream release.
+ * Update patches for upstream changes, drop patches included upstream.
+ * debian/rules: Adjust get-orig-source target to add +dfsg to version.
+ * Convert to source format 3.0 (quilt).
+ * debian/slapd.scripts-common: Fix nesting of fold markers.
+
+ -- Ryan Tandy <ryan@nardis.ca> Wed, 08 Jul 2015 21:07:24 -0700
+
+openldap (2.4.40+dfsg-2) unstable; urgency=medium
+
+ * Actually install libldap-2.4-2.symbols.
+ * Update Standards-Version to 3.9.6.
+ * Build-Depend on debhelper (>= 9) to fix a Lintian warning.
+ * Import upstream patch to fix FTBFS with gcc-5. (Addresses #778045)
+
+ -- Ryan Tandy <ryan@nardis.ca> Sun, 28 Jun 2015 20:40:37 -0700
+
+openldap (2.4.40+dfsg-1) unstable; urgency=medium
+
+ * Remove inetorgperson.schema from the upstream source. Replace it with a
+ copy stripped of RFC text. (Closes: #780283)
+ * Adjust debian/watch for +dfsg versioning.
+ * debian/patches/ITS7975-fix-mdb-onelevel-search.patch: Import upstream
+ patch to fix scope=onelevel searches wrongly including the search base in
+ results under the MDB backend. (ITS#7975) (Closes: #782212)
+
+ -- Ryan Tandy <ryan@nardis.ca> Thu, 09 Apr 2015 08:38:38 -0700
+
+openldap (2.4.40-4) unstable; urgency=medium
+
+ * debian/patches/ITS8027-deref-reject-empty-attr-list.patch: Import upstream
+ patch to fix a crash when a search includes the Deref control with an
+ empty attribute list. (ITS#8027) (CVE-2015-1545, Closes: #776988)
+ * debian/patches/ITS8046-fix-vrFilter_free-crash.patch: Import upstream
+ patch to fix a double free triggered by certain search queries using the
+ Matched Values control. (ITS#8046) (CVE-2015-1546, Closes: #776991)
+
+ -- Ryan Tandy <ryan@nardis.ca> Sun, 08 Feb 2015 20:19:11 +0000
+
+openldap (2.4.40-3) unstable; urgency=medium
+
+ * Remove trailing spaces from slapd.templates.
+ * Update Vietnamese debconf translation.
+ Thanks to Trần Ngọc Quân.
+ * Update Danish debconf translation.
+ Thanks to Joe Hansen. (Closes: #766848)
+ * Update Japanese debconf translation.
+ Thanks to Kenshi Muto. (Closes: #766824)
+ * Update Russian debconf translation.
+ Thanks to Yuri Kozlov. (Closes: #766825)
+ * Update Basque translation.
+ Thanks to Iñaki Larrañaga Murgoitio. (Closes: #767070)
+ * Update French debconf translation.
+ Thanks to Christian Perrier. (Closes: #767634)
+ * Update German debconf translation.
+ Thanks to Helge Kreutzmann. (Closes: #767686)
+ * Update Portuguese debconf translation.
+ Thanks to Ricardo Silva. (Closes: #768085)
+ * Update Italian debconf translation.
+ Thanks to Luca Monducci. (Closes: #768195)
+ * Update Turkish debconf translation.
+ Thanks to Atila KOÇ. (Closes: #768409)
+ * Update Czech debconf translation.
+ Thanks to Miroslav Kure. (Closes: #768591)
+ * Update Catalan debconf translation.
+ Thanks to Innocent De Marchi. (Closes: #768605)
+ * Update Dutch debconf translation.
+ Thanks to Frans Spiesschaert. (Closes: #769024)
+ * Update Brazilian Portuguese debconf translation.
+ Thanks to Adriano Rafael Gomes. (Closes: #769717)
+ * Update Galician debconf translation.
+ Thanks to Jorge Barreiro.
+ * Update Swedish debconf translation.
+ Thanks to Martin Bagge / brother. (Closes: #769867)
+ * Update Spanish debconf translation.
+ Thanks to Camaleón. (Closes: #770715)
+ * Fix doubled spaces in po files, caused by trailing spaces in the templates
+ file.
+ * Run debconf-updatepo to refresh PO files.
+
+ -- Ryan Tandy <ryan@nardis.ca> Sun, 23 Nov 2014 10:33:10 -0800
+
+openldap (2.4.40-2) unstable; urgency=medium
+
+ * Fix typo (chmod/chgrp) in previous changelog, spotted by Ferenc Wagner.
+ * debian/patches/contrib-modules-use-dpkg-buildflags: Also use CPPFLAGS from
+ dpkg-buildflags. Spotted by Lintian.
+ * debian/slapd.init.ldif: Don't bother explicitly granting rights to the
+ rootdn, since it already has unlimited privileges. Thanks Ferenc Wagner.
+ * Recommend MDB for new installations, per upstream's recommendation.
+ * Don't re-create the default DB_CONFIG if there wasn't one in the backup,
+ for example if the active backend doesn't use it. Thanks Ferenc Wagner.
+ * On upgrade, if an access rule begins with "to * by self write", show a
+ debconf note warning that it should be changed. (Closes: #761406)
+ * Build and install the lastbind contrib module. (Closes: #701111)
+ * Build and install the passwd/sha2 contrib module. (Closes: #746727)
+
+ -- Ryan Tandy <ryan@nardis.ca> Mon, 20 Oct 2014 22:19:24 -0700
+
+openldap (2.4.40-1) unstable; urgency=low
+
+ [ Ryan Tandy ]
+ * New upstream release.
+ - fixed ldap_get_dn(3) ldap_ava definition (ITS#7860) (Closes: #465024)
+ - fixed slapcat with external schema (ITS#7895) (Closes: #599235)
+ - fixed double free with invalid ciphersuite (ITS#7500) (Closes: #640384)
+ - fixed modrdn crash on naming attr with no matching rule (ITS#7850)
+ (Closes: #666515)
+ - fixed slapacl causing unclean database (ITS#7827) (Closes: #741248)
+ * slapd.scripts-common:
+ - Anchor grep patterns to avoid matching commented lines in ldif files
+ under cn=config. (Closes: #723957)
+ - Don't silently ignore nonexistent directories that should be dumped.
+ - Invoke find, chown, and chgrp with -H in case /var/lib/ldap is a
+ symlink. (Closes: #742862)
+ - When upgrading a database, ignore extra nested directories as they might
+ contain other databases. Patch from Kenny Millington. (LP: #1003854)
+ - Fix dumping and reloading when multiple databases hold the same suffix,
+ thanks Peder Stray. (Closes: #759596, LP: #1362481)
+ - Remove trailing dot from slapd/domain. (Closes: #637996)
+ * debian/rules:
+ - Enable parallel building.
+ - Copy libldap-2.4-2.shlibs into place manually, as a workaround for
+ #676168. (Closes: #742841)
+ * debian/slapd.README.Debian: Add a note about database format upgrades and
+ the consequences of missing one. (Closes: #594711)
+ * Build with GnuTLS 3 (Closes: #745231, #760559).
+ * Drop debian/patches/fix-ftbfs-binutils-gold, no longer needed.
+ * Drop debconf-utils from Build-Depends, no longer used (replaced by
+ po-debconf). Thanks Johannes Schauer.
+ * Acknowledge NMU fixing #729367, thanks to Michael Gilbert.
+ * Offer the MDB backend as a choice during initial configuration. (Closes:
+ #750022)
+ * debian/slapd.init.ldif:
+ - Disallow modifying one's own entry by default, except specific
+ attributes. (Closes: #761406)
+ - Index some more common search attributes by default. (Closes: #762111)
+ * Introduce a symbols file for libldap-2.4-2.
+ * debian/schema/pmi.schema: Add a copyright clarification. There does not
+ appear to be any copyrighted text in this file, only ASN.1 assignments and
+ LDAP schema definitions. Fixes a Lintian error on the original.
+ * debian/schema/duaconf.schema: Strip Internet-Draft text from
+ duaconf.schema.
+ * Drop debian/patches/CVE-2013-4449.patch, applied upstream.
+ * Update debian/patches/no-AM_INIT_AUTOMAKE with upstream changes.
+ * debian/schema/ppolicy.schema: Update with ordering rules added in
+ draft-behera-ldap-password-policy-11.
+ * Suggest GSSAPI SASL modules. (Closes: #762424)
+ * debian/patches/ITS6035-olcauthzregex-needs-restart.patch: Document in
+ slapd-config.5 the fact that changes to olcAuthzRegexp only take effect
+ after the server is restarted. (Closes: #761407)
+ * Add myself to Uploaders.
+
+ [ Jelmer Vernooij ]
+ * Depend on heimdal-multidev rather than heimdal-dev. (Closes: #745356,
+ #706123)
+
+ [ Updated debconf translations ]
+ * Turkish, thanks to Atila KOÇ <akoc@artielektronik.com.tr>.
+ (Closes: #661641)
+
+ -- Ryan Tandy <ryan@nardis.ca> Fri, 17 Oct 2014 08:19:28 -0700
+
+openldap (2.4.39-1.1) unstable; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * Fix CVE-2013-4449: reference counting logic issue (closes: #729367).
+
+ -- Michael Gilbert <mgilbert@debian.org> Sat, 09 Aug 2014 09:26:51 +0000
+
+openldap (2.4.39-1) unstable; urgency=low
+
+ [ Peter Marschall ]
+ * debian/patches/wrong-database-location: fix database location in
+ doc/man/man5/slapd-mdb.5
+ * debian/configure.options: add info on --enable-mdb
+
+ [ Russ Allbery ]
+ * Remove myself from Uploaders.
+
+ [ Steve Langasek ]
+ * Remove Stephen Frost from Uploaders, per discussion with him. Thanks for
+ your contributions, Stephen!
+ * Adjust dh_autoreconf usage to update all config.sub/config.guess
+ instances in the source, so that we can be forwards-compatible with new
+ ports. Thanks to Colin Watson <cjwatson@ubuntu.com> for the patch.
+ Closes: #725824.
+ * Add Timo to Uploaders.
+ * Update Vcs-* fields to point at the new git repo; thanks to Timo for
+ driving this migration!
+ * Rebuild against db5.3, with a corresponding dump/restore of the database
+ on upgrade. Closes: #738641.
+
+ [ Timo Aaltonen ]
+ * contrib-modules-use-dpkg-buildflags, autogroup-makefile,
+ smbk5pwd-makefile:
+ - Updated for current upstream.
+ * Refresh patches to apply cleanly.
+ * rules: Use dpkg-parsechangelog to determine the upstream version for
+ get-orig-source.
+ * source: Add lintian overrides for non-transatable internal
+ templates.
+
+ -- Steve Langasek <vorlon@debian.org> Mon, 17 Mar 2014 15:27:31 -0700
+
+openldap (2.4.31-1) unstable; urgency=low
+
+ * New upstream release.
+ - Fixes a denial of service attack, CVE-2012-1164, when using the rwm
+ overlay. Closes: #663644.
+ - Fixes a bug with ldap_result always returning -1 when called from
+ sssd. Closes: #666230.
+ - Fix a build failure on armel due to unaligned memory access.
+ Closes: #677158.
+ * Incorporate NMU (thanks, Julien Cristau, Mattias Ellert):
+ - Disable the mdb backend on non-Linux, it looks like it doesn't work
+ with linuxthreads (closes: #654824).
+ - Backport fix for shell backend configuration. Closes: #662940.
+
+ [ Peter Marschall ]
+ * debian/slapd.scripts-common: avoid grep warnings
+ * debian/patches/heimdal-fix: fix arguments of
+ hdb_generate_key_set_password(). Closes: #664930
+
+ [ Steve Langasek ]
+ * debian/patches/contrib-modules-use-dpkg-buildflags: pass CFLAGS to
+ contrib builds. Thanks to Simon Ruderich <simon@ruderich.org>.
+ Closes: #663724.
+
+ -- Steve Langasek <vorlon@debian.org> Wed, 27 Jun 2012 03:27:34 +0000
+
+openldap (2.4.28-1) unstable; urgency=low
+
+ * New upstream release.
+ - Fixes CVE-2011-4079. Closes: #647610.
+ - Fixes support for proxy authorization with SASL-GSSAPI.
+ Closes: #608815.
+ - Drop patch service-operational-before-detach, which came from upstream.
+ - Drop patch fix-its6898-locking-issue, included upstream.
+ - Refresh other patches as needed.
+ * debian/slapd.scripts-common: quote the argument to slappasswd, to cope
+ with shell characters in the string. Thanks to Nicolai Ehemann
+ <en@englightened.de> for the patch. Closes: #635931.
+ * Install ldif.h in libldap2-dev, now that it's been blessed upstream.
+ Closes: #644985.
+ * debian/patches/no-bdb-ABI-second-guessing: don't force an exact match on
+ the upstream version of libdb; this is redundant with our packaging
+ system, and causes spurious errors when there's a non-ABI-breaking
+ BDB upstream release. Closes: #651333.
+ * Build-conflict with the ancient autoconf2.13, which is incompatible with
+ dh-autoreconf. (Maybe dh-autoreconf itself should conflict with it?)
+ Closes: #651598.
+
+ [ Updated debconf translations ]
+ * Dutch, thanks to Jeroen Schot <schot@A-Eskwadraat.nl>. Closes: #651400.
+
+ -- Steve Langasek <vorlon@debian.org> Thu, 05 Jan 2012 06:07:11 +0000
+
+openldap (2.4.25-4) unstable; urgency=low
+
+ * Drop explicit depends on libdb4.8, since we're now linking against
+ libdb5.1. Thanks to Peter Marschall for catching. Closes: #621403
+ again.
+ * Rebuild against cyrus-sasl2 2.1.25. Closes: #628237.
+ * Use dh_autoreconf instead of a locally-patched autogen.sh.
+ * debian/patches/no-AM_INIT_AUTOMAKE: don't use AM_INIT_AUTOMAKE macro
+ when we aren't using automake.
+ * Convert debian/rules to dh(1).
+ * use DEB_CFLAGS_MAINT_APPEND with appropriate versioned dependency on
+ debhelper and dpkg-dev, so we can pick up dpkg-buildflags for our
+ policy-mandated flags - as well as our security-enhancing ones!
+ Closes: #644427.
+ * Also set hardening=+pie,+bindnow buildflags options for maximum
+ security, since this is a security-sensitive daemon dealing with
+ untrusted input. Ubuntu has been building with these flags for a
+ while via hardening-wrappers, so the change is presumed safe.
+ * Drop debian/check_config. The upstream configure script now enforces
+ --with-cyrus-sasl, so there's no need for a second check.
+ * debian/po/es.po: tweak an ambiguous string in the Spanish debconf
+ translation, noticed in response to a submitted Catalan translation
+ * debian/patches/switch-to-lt_dlopenadvise-to-get-RTLD_GLOBAL-set.diff:
+ Switch to lt_dlopenadvise() so back_perl can be opened with RTLD_GLOBAL.
+ Thanks to Jan-Marek Glogowski <jan-marek.glogowski@muenchen.de> for the
+ patch. Closes: #327585.
+
+ [ Updated debconf translations ]
+ * Catalan, thanks to Innocent De Marchi <tangram.peces@gmail.com>.
+ Closes: #644274.
+
+ -- Steve Langasek <vorlon@debian.org> Tue, 18 Oct 2011 01:08:34 +0000
+
+openldap (2.4.25-3) unstable; urgency=low
+
+ * Brown paper bag: really fix the .links.in handling, so we don't generate
+ broken /usr/lib/${DEB_HOST_MULTIARCH} dirs.
+
+ -- Steve Langasek <vorlon@debian.org> Mon, 15 Aug 2011 09:50:37 +0000
+
+openldap (2.4.25-2) unstable; urgency=low
+
+ [ Matthijs Möhlmann ]
+ * Change to bdb 5.1 (Closes: #621403)
+ * Add note to ldap-utils package how to unfold lines. (Closes: #530519)
+ (Thanks to Peter Marschall and Javier Barroso)
+
+ [ Steve Langasek ]
+ * Acknowledge NMU for bug #596343; thanks to Thijs Kinkhorst for the fix!
+ * Bump to compat level 7, so we don't have to spell out debian/tmp in
+ every single .install file
+ * Build for multiarch.
+
+ -- Steve Langasek <vorlon@debian.org> Sun, 14 Aug 2011 23:17:09 -0700
+
+openldap (2.4.25-1.1) unstable; urgency=low
+
+ * Non-maintainer upload to fix RC bug.
+ * Fix "dpkg-reconfigure slapd". Closes: #596343
+
+ -- Thijs Kinkhorst <thijs@debian.org> Tue, 31 May 2011 11:57:29 +0200
+
+openldap (2.4.25-1) unstable; urgency=low
+
+ * New upstream version (Closes: #617606, #618904, #606815, #608813)
+ - Fixes CVE-2011-1024, CVE-2011-1025, CVE-2011-1081
+ - slapd server process frequently hangs during everyday usage is fixed in
+ newer versions of openldap according to the bug submitter
+ * Refresh all patches
+ * Remove manpage-tlscyphersuite-additions, applied upstream
+ * Remove issue-6534-patch, applied upstream
+ * Add Slovak translation, thanks Slavko <linux@slavino.sk> (Closes: #608699)
+ * Add debian specific patch for ldap.conf. Add TLS_CACERT option and set it
+ by default to /etc/ssl/certs/ca-certificates.crt (Closes: #555409, #616703)
+ * Add patch to fix a FTBFS with binutils-gold (Closes: #555867)
+ * Add slapschema, just hardlink it (Closes: #601569)
+ * Update patch service-operational-before-detach (Closes: #616164, #598361)
+ * Add ldif_* symbols to libldap-2.4-2
+ * Add upstream patch for a locking issue in libldap_r
+ * Fix build failure, use @SHELL@ instead of hardcoded /bin/sh (build/top.mk)
+ (Closes: #621925)
+
+ -- Matthijs Möhlmann <matthijs@cacholong.nl> Mon, 11 Apr 2011 22:10:14 +0200
+
+openldap (2.4.23-7) unstable; urgency=low
+
+ * Updated vietnamese translation, thanks Clytie Siddall
+ (Closes: #601537, #598575)
+ * Updated portuguese translation, thanks Traduz (Closes: #599760)
+ * Updated danish translation, thanks Joe Dalton (Closes: #599835)
+
+ -- Matthijs Mohlmann <matthijs@cacholong.nl> Sat, 06 Nov 2010 12:13:01 +0100
+
+openldap (2.4.23-6) unstable; urgency=high
+
+ * Check for an empty directory to prevent an rm -f /*. (Closes: #597704)
+
+ -- Matthijs Mohlmann <matthijs@cacholong.nl> Thu, 23 Sep 2010 10:17:50 +0200
+
+openldap (2.4.23-5) unstable; urgency=high
+
+ [ Steve Langasek ]
+ * High-urgency upload for RC bugfix.
+ * debian/slapd.scripts-common: fix gratuitous (and wrong) use of grep in
+ get_suffix(), which causes us to incorrectly parse any slapd.conf that
+ uses tabs instead of spaces. Closes: #595672.
+ * debian/slapd.init, debian/slapd.scripts-common: when $SLAPD_CONF is not
+ set in /etc/default/slapd, we should always set a default value, giving
+ precedence to slapd.d and falling back to slapd.conf. Users who don't
+ want to use an existing slapd.d should point at slapd.conf explicitly.
+ Closes: #594714, #596343.
+ * debian/slapd.init: 'invoke-rc.d slapd stop' should not fail due to the
+ absence of a slapd configuration; we should still exit 0 so that the
+ package can be removed gracefully. Closes: #596100.
+ * drop build-conflicts with libssl-dev; we explicitly pass
+ --with-tls=gnutls to configure, so there's no risk of a misbuild here.
+ * debian/slapd.default: now that we have a sensible default behavior in
+ both slapd.init and the maintainer scripts, leave SLAPD_CONF empty to
+ save pain later.
+ * debian/slapd.scripts-common: ... and do the same in
+ migrate_to_slapd_d_style, we just need to comment out the user's
+ previous entry instead of blowing it away.
+ * debian/slapd.scripts-common: call get_suffix in a way that lets us
+ separate responses by newlines, to properly handle the case when a
+ DN has embedded spaces. Introduces a few more stupid fd tricks to work
+ around possible problems with debconf. Closes: #595466.
+ * debian/slapd.scripts-common: when parsing the names of includes, handle
+ double-quotes and escape characters as described in slapd.conf(5).
+ Closes: #595784.
+ * debian/slapd.scripts-common, debian/slapd.postinst: on upgrade from
+ versions <= 2.4.23-4, explicitly grant access to cn=Subschema, which
+ otherwise is blocked by our added olcAccess settings. Closes: #596326.
+ * debian/slapd.init.ldif: set the acl in the default LDIF for new installs,
+ too.
+ * Likewise, grant access to dn.exact="" so that base dn autodiscovery
+ works as intended. Closes: #596049.
+ * debian/slapd.init.ldif: synchronize our behavior on new installs with
+ that on upgrades, avoiding the non-standard cn=localroot,cn=config.
+ * debian/slapd.scripts-common: don't run the migration code if slapd.d
+ already exists. Closes: #593965.
+
+ [ Matthijs Mohlmann ]
+ * Remove upgrade_supported_from_backend, implemented patch from
+ Peter Marschall <peter@adpm.de> to automatically detect if an upgrade is
+ supported. (Closes: #594712)
+
+ [ Peter Marschall ]
+ * debian/slapd.init: correctly set the slapd.conf argument even when
+ SLAPD_PIDFILE is non-empty in /etc/default/slapd. Closes: #593880.
+ * debian/slapd.scripts-common: pass -g to slapadd/slapcat, so that
+ subordinate databases aren't incorrectly included in the dump/restore of
+ the parent database. Closes: #594821.
+
+ -- Steve Langasek <vorlon@debian.org> Mon, 13 Sep 2010 06:59:11 +0000
+
+openldap (2.4.23-4) unstable; urgency=low
+
+ [ Steve Langasek ]
+ * Bump the database upgrade version check to 2.4.23-4; should have been
+ set to 2.4.23-1 when we switched to db4.8, but was missed so we need to
+ clean up. Closes: #593550.
+
+ [ Matthijs Mohlmann ]
+ * Fix root access to cn=config on upgrades from configuration style slapd.conf
+ Thanks to Mathias Gug (Closes: #593566, #593878)
+
+ -- Matthijs Mohlmann <matthijs@cacholong.nl> Thu, 26 Aug 2010 20:30:51 +0200
+
+openldap (2.4.23-3) unstable; urgency=low
+
+ * Configure the newly installed openldap package using slapd.d instead of
+ slapd.conf, merged from ubuntu. (Closes: #562723, #494155, #333428)
+ * Update the debconf templates by running debconf-updatepo.
+ * We do not support upgrades from older releases then lenny, so removed some
+ upgrade functions from slapd.scripts-common.
+ * Updated japanese translation, thanks Kenshi Muto (Closes: #589508)
+ * Updated czech translation, thanks Miroslav Kure (Closes: #589569)
+ * Update slapd.README.Debian and slapd.NEWS and note the new configuration
+ style.
+ * Fixes CVE-2010-0211 and CVE-2010-0212 (Closes: #589852)
+ * Update italian translation, thanks Luca Monducci (Closes: #590154)
+ * Update spanish translation, thanks Francisco Javier Cuadrado
+ (Closes: #590829)
+ * Update basque translation, thanks Iñaki Larrañaga Murgoitio
+ * Bump Standards-Version to 3.9.1
+ * Added debian specific patch to wait until slapd is operational before
+ detaching to the terminal (Closes: #589915)
+ * Add a lintian overrides for libldap.
+ * Empty dependency_libs line in .la files. (Closes: #591550)
+ * Update galician translation, thanks Jorge Barreiro (Closes: #592815)
+
+ -- Matthijs Mohlmann <matthijs@cacholong.nl> Tue, 17 Aug 2010 22:00:16 +0200
+
+openldap (2.4.23-2) unstable; urgency=medium
+
+ * Depend on libdb4.8 >= 4.8.30 (Closes: #588969)
+ * Urgency previous as previous version fixes a RC bug.
+
+ -- Matthijs Mohlmann <matthijs@cacholong.nl> Wed, 14 Jul 2010 10:17:27 +0200
+
+openldap (2.4.23-1) unstable; urgency=low
+
+ * New upstream version
+ * Change to build dependency libdb4.8-dev instead of libdb4.7-dev
+ * Updated french translation thanks Christian Perrier (Closes: #579192)
+ * Updated swedish translation thanks Martin Bagge (Closes: #580145)
+ * Updated german translation thanks Helge Kreutzmann (Closes: #579582)
+ * Updated russian translation thanks Yuri Kozlov (Closes: #585688)
+ * Fix bashisms in debian/rules (Closes: #581454)
+ * Add documentation patch (Closes: #513270)
+ * Refreshed all quilt patches.
+ * Bump Standards-Version to 3.9.0
+
+ -- Matthijs Mohlmann <matthijs@cacholong.nl> Mon, 12 Jul 2010 13:25:00 +0200
+
+openldap (2.4.21-1) unstable; urgency=low
+
+ [ Steve Langasek ]
+ * New upstream version
+ (Closes: #561144, #465024, #502769, #528695, #564686, #504728)
+ * Add upstream manpage for ldapexop; thanks to Peter Marschall
+ <peter@adpm.de>. Closes: #549291.
+
+ [ Matthijs Mohlmann ]
+ * Ack NMU (Closes: #553432)
+ * Update Standards-Version to 3.8.4
+ * Fix NEWS entry to have the correct version number
+ * Improve the wording for the slapd/invalid_config question (Closes: #452834)
+ * Make lintian a bit more happy (Closes: #518660)
+ * Fix bashism (Closes: #518657)
+ * Refresh all patches
+ * Add patch from upstream (Closes: #549642)
+ * Reworked the configure.options a bit to include some more options
+ * Enable dynamic acls
+ * Use slappasswd to create a secure password (Closes: #490930)
+ * Set a rootdn and rootpw if no password is given by debconf (Closes: #231950)
+ * Better document the TLSCipherSuite in slapd.conf manpage (Closes: #563113)
+ * Better document the TLS_CIPHER_SUITE in ldap.conf manpage (Closes: #510346)
+ * Add smbk5pwd slapd module, used patch from Mark Hymers (Closes: #443073)
+ * Add autogroup slapd module, used patch from Mathieu Parent (Closes: #575900)
+ * Add lsb logging, used patch from David Härdeman (Closes: #385898)
+ * Use dh_lintian to install the lintian-overrides
+ * Added critical error report when slapcat fails (Closes: #226090)
+
+ -- Matthijs Mohlmann <matthijs@cacholong.nl> Thu, 22 Apr 2010 23:40:30 +0200
+
+openldap (2.4.17-2.1) unstable; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * Fixed CVE-2009-3767: libraries/libldap/tls_o.c doesn't properly handle NULL
+ character in subject Common Name (Closes: #553432)
+
+ -- Giuseppe Iuculano <iuculano@debian.org> Tue, 10 Nov 2009 19:09:45 +0100
+
+openldap (2.4.17-2) unstable; urgency=low
+
+ * Fix up the lintian warnings:
+ - add missing misc-depends on all packages
+ - slapd, libldap-2.4-2-dbg sections changed to 'debug' to match archive
+ overrides
+ - bump Standards-Version to 3.8.2, no changes required.
+ * slapd.scripts-common: fix upgrade to correctly handle multiple database
+ declarations; thanks, Peter Marschall <peter@adpm.de>! Closes: #517556
+ * Add 'status' argument to init script; thanks to Peter Eisentraut
+ <petere@debian.org>. Closes: #545898.
+ * New patch, do-not-second-guess-sonames, to remove an incorrect check for
+ the Cyrus SASL version number at runtime. If there's any reason this is
+ needed, it needs to be addressed in the cyrus-sasl soname and Debian
+ shlibs, not here. Closes: #546885.
+
+ -- Steve Langasek <vorlon@debian.org> Tue, 22 Sep 2009 20:06:34 -0700
+
+openldap (2.4.17-1) unstable; urgency=low
+
+ * New upstream version.
+ - Fixes FTBFS on ia64 with -fPIE. Closes: #524770.
+ - Fixes some TLS issues with GnuTLS. Closes: #505191.
+ * Update priority of libldap-2.4-2 to match the archive override.
+ * Add the missing ldapexop and ldapurl tools to ldap-utils, as well as the
+ ldapurl(1) manpage. Thanks to Peter Marschall for the patch.
+ Closes: #496749.
+ * Bump build-dependency on debhelper to 6 instead of 5, since that's
+ what we're using. Closes: #498116.
+ * Set the default SLAPD_SERVICES to ldap:/// ldapi:///, instead of using
+ the built-in default of ldap:/// only.
+ * Build-depend on libltdl-dev | libltdl3-dev (>= 1.4.3), for the package
+ name change. Closes: #522965.
+
+ [ Updated debconf translations ]
+ * Spanish, thanks to Francisco Javier Cuadrado <fcocuadrado@gmail.com>.
+ Closes: #521804.
+
+ -- Steve Langasek <vorlon@debian.org> Tue, 28 Jul 2009 10:17:15 -0700
+
+openldap (2.4.15-1) unstable; urgency=low
+
+ * New upstream version
+ - Fixes a bug with the pcache overlay not returning cached entries
+ (closes: #497697)
+ - Update evolution-ntlm patch to apply to current Makefiles.
+ - (tentatively) drop gnutls-ciphers, since this bug was reported to be
+ fixed upstream in 2.4.8. The fix applied in 2.4.8 didn't match the
+ patch from the bug report, so this should be watched for regressions.
+ * Build against db4.7 instead of db4.2 at last! Closes: #421946.
+ * Build with --disable-ndb, to avoid a misbuild when libmysqlclient is
+ installed in the build environment.
+ * Add -D_GNU_SOURCE to CFLAGS, apparently required for building with
+ current headers in unstable
+
+ -- Steve Langasek <vorlon@debian.org> Tue, 24 Feb 2009 14:27:35 -0800
+
+openldap (2.4.11-1) unstable; urgency=low
+
+ * New upstream version (closes: #499560).
+ - Fixes a crash with syncrepl and delcsn (closes: #491066).
+ - Fix CRL handling with GnuTLS (closes: #498410).
+ - Drop patches no_backend_inter-linking,
+ CVE-2008-2952_BER-decoding-assertion, and gnutls-ssf, applied
+ upstream.
+
+ [ Russ Allbery ]
+ * New patch, back-perl-init, which updates the calling conventions
+ around initialization and shutdown of the Perl interpreter to match
+ the current perlembed recommendations. Fixes probable hangs on HPPA
+ in back-perl. Thanks, Niko Tyni. (Closes: #495069)
+
+ [ Steve Langasek ]
+ * Drop the conflict with libldap2, which is not the standard means of
+ handling symbol conflicts in Debian and which causes serious upgrade
+ problems from etch. Closes: #487211.
+
+ -- Steve Langasek <vorlon@debian.org> Sat, 11 Oct 2008 01:53:55 -0700
+
+openldap (2.4.10-3) unstable; urgency=low
+
+ [ Steve Langasek ]
+ * New patch, CVE-2008-2952_BER-decoding-assertion, to fix a remote DoS
+ vulnerability in the BER decoder. Addresses CVE-2008-2952,
+ closes: #488710.
+ * debian/slapd.scripts-common, debian/slapd.postinst: drop
+ update_path_argsfile_pidfile function, not needed for updates from etch
+ or newer.
+ * Drop the code to check for and upgrade ldbm databases. The etch
+ release of slapd had already dropped support for them and direct
+ upgrades from sarge are not supported.
+
+ [ Russ Allbery ]
+ * Apply upstream patch to convert GnuTLS cipher strength from bytes to
+ bits, as expected by OpenLDAP. (Closes: #473796)
+ * Add Build-Depends on time, used by the test suite and only a shell
+ built-in with bash. Thanks, Daniel Schepler. (Closes: #490754)
+ * Refresh all patches, convert all patches to -p1, and remove extraneous
+ Index: lines. (Closes: #485263)
+ * Unless DFSG_NONFREE is set, also check whether the upstream schemas
+ with RFC comments are included.
+ * Update standards version to 3.8.0.
+ - Include debian/README.source pointing to the quilt README.source.
+ - Wrap Uploaders for readability.
+ * Wrap slapd's Depends for readability.
+
+ [ Updated debconf translations ]
+ * Swedish, thanks to Martin Ågren <martin.agren@gmail.com>.
+ Closes: #492748.
+
+ -- Steve Langasek <vorlon@debian.org> Mon, 28 Jul 2008 15:26:06 -0700
+
+openldap (2.4.10-2) unstable; urgency=low
+
+ * Support DEB_BUILD_OPTIONS=nocheck to disable running the test suite at
+ build time
+ * Hack around glibc behavior when resolving localhost, by exporting
+ RESOLV_MULTI=off when invoking the test suite
+ * Reclaim the 'openldap' source package name; openldap2.3 has been a
+ misnomer for some time, causing undue confusion, so switch to a
+ permanent source package name that we won't need to change again later.
+ - Along the way, kill off non-DFSG-compliant schema files that snuck
+ back into the archive due to my bad merge of 2.4.10.
+
+ -- Steve Langasek <vorlon@debian.org> Sun, 06 Jul 2008 22:03:32 -0700
+
+openldap2.3 (2.4.10-1) unstable; urgency=low
+
+ [ Steve Langasek ]
+ * New upstream release.
+ - Clean up ld_defconn if it was freed, fixing an assertion failure in
+ various clients. Closes: #469232.
+ - Fixes slapd syncrepl hang on back-config. Closes: #471253.
+ - Drop patch hurd-path-max, integrated upstream.
+ * Drop spurious build-dependency on heimdal-dev, introduced accidentally
+ as part of an aborted attempt to build the smbk5pwd overlay.
+ * Use hardlinks instead of symlinks for the various slap* commands; this
+ is functionally equivalent for us, and reduces divergence from
+ derivatives such as Ubuntu that use apparmor. Closes: #488409.
+ * New patch, no_backend_inter-linking, to fix the meta backend to not
+ try to look up symbols in external objects (back_ldap) that it
+ doesn't link against.
+ * Turn on 'make test' during builds, now that back_meta is fixed.
+
+ [ Matthijs Mohlmann ]
+ * All manpages in category 5 were missing, wrong directory.
+ (Closes: #474976, #483631, #483633)
+
+ -- Steve Langasek <vorlon@debian.org> Mon, 30 Jun 2008 04:28:34 -0700
+
+openldap2.3 (2.4.9-1) unstable; urgency=low
+
+ [ Updated debconf translations ]
+ * French, thanks to Christian Perrier <bubulle@debian.org>.
+ Closes: #471792.
+ * Finnish, thanks to Esko Arajärvi <edu@iki.fi>. Closes: #475238.
+ * Czech, thanks to Miroslav Kure <kurem@upcase.info.upol.cz>.
+ Closes: #480138.
+ * Basque, thanks to Piarres Beobide <pi+debian@beobide.net>.
+ Closes: #480177.
+ * Vietnamese, thanks to Clytie Siddall <clytie@riverland.net.au>.
+ Closes: #480181.
+ * Galician, thanks to Jacobo Tarrio <jtarrio@trasno.net>. Closes: #480218.
+ * Japanese, thanks to Kenshi Muto <kmuto@debian.org>. Closes: #480247.
+ * Italian, thanks to Luca Monducci <luca.mo@tiscali.it>. (Closes: #477718)
+ * Brazilian Portuguese, thanks to Eder L. Marques <eder@edermarques.net>
+ (Closes: #480172)
+ * Portuguese, thanks to Tiago Fernandes <tjg.fernandes@gmail.com>
+ (Closes: #481126)
+ * Russian, thanks to Yuri Kozlov <kozlov.y@gmail.com> (Closes: #481214)
+ * Dutch, thanks to "cobaco (aka Bart Cornelis)" <cobaco@skolelinux.no>.
+ Closes: #483014.
+
+ [ Matthijs Mohlmann ]
+ * New upstream release.
+ - Bad entryUUID no longer crashes slapd. (Closes: #471867)
+ - Fix assertion failure in some modify operations. (Closes: #474161)
+ - Mention index in slapd.conf's man page. (Closes: #414650)
+ - Fixes to slapd include handling. (Closes: #457261)
+ - Fix syncrepl cookie truncation. (Closes: #464024)
+ - Fix memory allocation in ldap_parse_page_control. (Closes: #464877)
+ - Fix slapd crash when accessed by multiple threads. (Closes: #479237)
+ * Acknowledge NMU.
+ (Closes: #474976, #471225, #475856, #474652, #465875)
+ * Bump Standards-Version to 3.7.3
+ * Add versioned build dependency on libgnutls-dev (Closes: #466558)
+ * Bump debhelper compat level to 6.
+
+ [ Russ Allbery ]
+ * Use MAXPATHLEN rather than PATH_MAX, since OpenLDAP defines the
+ former and the latter isn't defined on GNU Hurd. Thanks, Samuel
+ Thibault. (Closes: #475744)
+
+ -- Matthijs Mohlmann <matthijs@cacholong.nl> Mon, 26 May 2008 22:34:16 +0200
+
+openldap2.3 (2.4.7-6.3) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Install all slapd relevant manpages into slapd package.
+ (closes: #474976)
+ * Make libldap-2.4-2 conflict against libldap2. (closes: #475856)
+
+ -- Bastian Blank <waldi@debian.org> Tue, 29 Apr 2008 18:00:23 +0200
+
+openldap2.3 (2.4.7-6.2) unstable; urgency=low
+
+ * Non-maintainer upload to solve release goal issues.
+ * Add LSB dependency header to init.d scripts (Closes: #474652)
+
+ -- Petter Reinholdtsen <pere@debian.org> Wed, 16 Apr 2008 08:04:49 +0200
+
+openldap2.3 (2.4.7-6.1) unstable; urgency=high
+
+ * Non-maintainer upload by security team.
+ * Fix possible remote denial of service vulnerability in the BDB backend
+ via a modrdn operation with a NOOP control
+ (CVE-2008-0658; Closes: #465875).
+
+ -- Nico Golde <nion@debian.org> Tue, 04 Mar 2008 14:34:44 +0100
+
+openldap2.3 (2.4.7-6) unstable; urgency=low
+
+ [ Updated debconf translations ]
+ * Dutch, thanks to Bart Cornelis <cobaco@skolelinux.no>. Closes: #452950.
+ * Brazilian Portuguese, thanks to Eder L. Marques <frolic@debian-ce.org>.
+ Closes: #463460.
+ * German, thanks to Helge Kreutzmann <debian@helgefjell.de>.
+ Closes: #465784.
+
+ [ Steve Langasek ]
+ * Relax build-dependency on libsasl2-dev now that the versioned dependency
+ is satisfied by all extant versions (including in oldstable), fixing a
+ lintian warning about versioned build-deps on Debian revisions.
+ * Avoid using a mutex around getaddrinfo() and getnameinfo() calls, which
+ are guaranteed by glibc to be threadsafe; this fixes a deadlock when
+ using nss_ldap for host lookups. Closes: #340601.
+ * debian/libldap2-dev.manpages: install all of man3/* instead of
+ enumerating specific manpages to install. Closes: #320073.
+ * Add new patch, sasl-cleartext-strncasecmp, to correct a regression that
+ prevented the use of the {CLEARTEXT} password scheme with SASL.
+ Closes LP: #191563.
+ * drop LGPL from debian/copyright; there is no longer any code under this
+ license in the package.
+ * Drop patch gnutls-altname-nulterminated; it's been determined that the
+ "length" discrepancy was a bug in gnutls, and fixed in that package.
+ * debian/configure.options: explicitly pass --with-odbc=unixodbc, so
+ that we depend on the right ODBC implementation when both happen to
+ be installed at build time.
+
+ [ Russ Allbery ]
+ * Add a stamp file for the configure rule to avoid rerunning configure
+ needlessly. Closes: #465588.
+ * Don't create the openldap user if slapd has been configured to run as
+ a different user. If slapd has been configured to run as openldap, do
+ create the user on reconfigure. Closes: #452438.
+ * Reformat, reorganize, and update slapd's README.Debian.
+ - Include SASL configuration information.
+ - Remove LDBM information, since upstream no longer even ships LDBM
+ and the debconf prompting and maintainer scripts already take care
+ of any lingering databases.
+ - Document the differences between the Debian OpenLDAP packages and
+ upstream.
+
+ -- Steve Langasek <vorlon@debian.org> Thu, 28 Feb 2008 22:15:17 -0800
+
+openldap2.3 (2.4.7-5) unstable; urgency=low
+
+ [ Updated debconf translations ]
+ * Finnish, thanks to Esko Arajärvi <edu@iki.fi>. Closes: #462688.
+ * Galician, thanks to Jacobo Tarrio <jtarrio@trasno.net>. Closes: #462987.
+ * French, thanks to Christian Perrier <bubulle@debian.org>.
+ Closes: #463149.
+ * Russian, thanks to Yuri Kozlov <kozlov.y@gmail.com>. Closes: #463442.
+ * Czech, thanks to Miroslav Kure <kurem@debian.cz>. Closes: #463472.
+ * German, thanks to Helge Kreutzmann <debian@helgefjell.de>.
+ Closes: #464718.
+
+ [ Steve Langasek ]
+ * Fix various regressions related to the introduction of GnuTLS:
+ - Add new patch, gnutls-ciphers, to fix support for specifying multiple
+ ciphers with TLSCipherSuite option in slapd.conf. Thanks to Kyle
+ Moffett <kyle@moffetthome.net> for the patch. Closes LP: #188200.
+ - Add new patch, slapd-tlsverifyclient-default, to set the intended
+ default value of "TLSVerifyClient never" in the right place.
+ - Add new patch, gnutls-altname-nulterminated, to account for differences
+ in how the "length" is returned for commonName vs. subjectAltName.
+ - Comment out TLSCipherSuite settings on upgrade from all versions prior
+ to 2.4.7-5, and throw a debconf error to the user notifying them of
+ this, since all OpenSSL cipher suite values are incompatible with
+ GnuTLS.
+ Closes: #462588.
+ * Add new patch from upstream, entryCSN-backwards-compatibility, to support
+ auto-converting entryCSN attributes in a previously supported old format,
+ fixing an upgrade failure. Closes: #462099.
+ * Use --retry TERM/10 instead of --retry 10 when stopping slapd, since the
+ latter resorts to a SIGKILL and may corrupt backend data; whereas the
+ former will exit non-zero if slapd is still running but won't directly
+ cause data-loss. Thanks to Mark McDonald for the patch. LP: #92139.
+ * Fix manpage symlinks in libldap2-dev; thanks to Reuben Thomas for
+ reporting. Closes: #463971.
+ * Fix a superfluous space in the debconf templates, due to a trailing space
+ in the templates. Closes: #464719.
+
+ -- Steve Langasek <vorlon@debian.org> Sat, 09 Feb 2008 14:25:55 -0800
+
+openldap2.3 (2.4.7-4) unstable; urgency=high
+
+ [ Steve Langasek ]
+ * Build-conflict with libicu-dev, for consistent dependencies in all
+ build environments.
+ * Fix an oversight in the checkpoint migration, which caused the checkpoint
+ option to not be moved far enough down. Closes: #462304, LP: #185257.
+ * Build-depend on unixodbc instead of iODBC.
+
+ [ Updated debconf translations ]
+ * Japanese, thanks to Kenshi Muto <kmuto@debian.org>. Closes: #462191.
+
+ -- Steve Langasek <vorlon@debian.org> Fri, 25 Jan 2008 02:17:23 -0800
+
+openldap2.3 (2.4.7-3) unstable; urgency=low
+
+ * Add missing build-dependency on groff-base, to allow use of soelim during
+ build.
+
+ -- Steve Langasek <vorlon@debian.org> Mon, 21 Jan 2008 15:18:27 -0800
+
+openldap2.3 (2.4.7-2) unstable; urgency=low
+
+ * Temporarily drop slapi-dev from the package to get through NEW; this
+ functionality should be readded later, either by restoring the slapi-dev
+ package or by moving it to libldap2-dev, depending on the outcome of
+ discussion with the ftp-masters.
+
+ -- Steve Langasek <vorlon@debian.org> Mon, 21 Jan 2008 06:13:21 -0800
+
+openldap2.3 (2.4.7-1) unstable; urgency=low
+
+ [ Steve Langasek ]
+ * New upstream version; closes: #449354.
+ - remove another schema from upstream source, collective.schema,
+ that contains text from the IETF RFCs and include a stripped copy
+ in debian/schema.
+ - drop patches slurpd-in-spool and man-slurpd, since slurpd is no
+ longer provided upstream.
+ - libldap2.3-0 is now libldap2.4-2
+ - build libldap2-dev from this source package now, superseding
+ openldap2; closes: #428385, #260118, #262539, #391899, #393215.
+ - lastmod and denyop have been moved to contrib upstream and are no
+ longer shipped as supported overlays
+ - drop dependency on libldap2 and take ownership of the
+ /etc/ldap/ldap.conf conffile, since libldap2 is now obsolete
+ - need to dump and reload databases again for the upgrade from 2.3.39.
+ - ldap_init(3) no longer attempts to document the internals of the
+ LDAP opaque type. Closes: #320072.
+ - ldap-utils utilities find LDAP servers via SRV records when given a
+ URL with -H and no host in the URL. Closes: #221173.
+ - if the old slapd.conf included any replica commands, automatically
+ enable syncprov for the corresponding database and print an error
+ with debconf.
+ * slapd.conf and DB_CONFIG are used in the postinst, they shouldn't be
+ shipped under doc/examples because /usr/share/doc can't be depended
+ on per policy; ship the files under /usr/share/slapd and symlink the
+ /other/ way, which also spares us from dh_compress trying to gzip
+ slapd.conf. Closes: #452749.
+ * Drop libldap.so as was done for libldap2, making it a link to
+ libldap_r.so to avoid unfortunate symbol collisions.
+ * Add new patch, libldap-symbol-versions, to build libldap and liblber
+ with symbol versions; needed to avoid segfaults when applications
+ manage to pull both libldap2 and the new libldap-2.4-2 into the same
+ process (as during a partial upgrade or the initial soname
+ transition), and also when the library soname changes again in the
+ future (as it's likely to do).
+ * Reintroduce add-autogen-sh patch, with build deps on libtool, automake,
+ and autoconf, required due to the previous patch; this time around, take
+ care to clean up the autogenerated files in the clean target as well
+ * Build-depend on libgnutls-dev instead of on libssl-dev, so that at long
+ last we can build the server and lib from the same source package again
+ without licensing problems. Closes: #457182, #407334, #428468, #381788.
+ Closes: #412706.
+ * slapd.prerm, slapd.postinst: drop no-longer-needed upgrade code for
+ openldap < 2.1.22
+ * Ask about ldbm to bdb migration in the preinst, since there is no
+ guarantee that the debconf config script will be run before the unpack
+ phase.
+ * Don't stop slapd in the preinst by hand, the prerm already stops the
+ old slapd using the standard interfaces.
+ * Don't build with LAN Manager password support; these passwords are more
+ insecure than traditional Unix crypt, and only relevant when talking to
+ Windows 98.
+ * Move libslapi into the slapd package and provide a virtual package for
+ library dependencies, since this is expected to stay lockstep with the
+ server.
+ * Split slapi dev support into a new libslapi-dev package, as this is
+ unrelated to libldap; and drop libslapi.a since it would be insane to try
+ to statically link a dynamically-loaded slapi plugin.
+ * "checkpoint" directives are no longer supported as part of the backend
+ config, only as part of the database config; move the lines around in
+ slapd.conf on upgrade.
+ * "schemacheck" directives are no longer supported; comment them out
+ on upgrade since this option was set by default in sarge.
+ * Package description updates; thanks to Christian Perrier
+ <bubulle@debian.org> and the Smith review project for these
+ improvements.
+ * Incorporate debconf template changes suggested by the debian-l10n-english
+ team as part of the Smith review project. Closes: #447224.
+
+ [ Russ Allbery ]
+ * Removed fix_ldif and all remaining code to try running it on LDIF
+ dumps. Schema checking has been imposed since 2.1 and it's highly
+ unlikely that anyone still needs this.
+ * Move the checkpoint directive in the default slapd.conf below the
+ database and suffix directives for the primary database. This is now
+ required for OpenLDAP 2.4.
+ * Create /etc/ldap/slapd.conf owned by the openldap group and mode 640
+ by default so that slapindex and friends can read it when run as the
+ openldap user. Fix permissions on upgrade if slapd.conf is owned by
+ root and mode 600. Closes: #432662.
+ * Drop slapd patch to read slapd.conf before dropping privileges, since
+ slapd.conf should now be readable by SLAPD_GROUP.
+ * If SLAPD_CONF is set to a directory in /etc/default/slapd, assume
+ the cn=config backend is used and start slapd with the appropriate
+ options. Based on a patch from Mike Burr. Closes: #411413.
+ * Rework slapd's README.Debian:
+ - Document the BerkeleyDB version. Closes: #438127.
+ - Document how to direct slapd's logs to another file. Closes: #258931.
+ - Remove obsolete information about TLS/SSL and OpenLDAP 2.0 upgrades.
+ - Recommend HDB instead of BDB.
+ - Generally reformat and reorganize.
+ * Patch cleanup:
+ - Combine the NTLM patches for Evolution into a single patch.
+ - Add explanatory comments to every patch.
+ - Refresh all patches to remove diff garbage and trailing whitespace.
+ * debian/rules cleanup:
+ - Fix patch dependencies for parallel build (hopefully).
+ - Tell configure the system type.
+ - Rewrite upstream_strip_nondfsg.sh as a get-orig-source target.
+ - Remove stamp files as the first step of the clean target.
+ - Add trivial build-arch and build-indep targets.
+ - Remove dead code and unnecessary comments.
+ * Remove postrm code to delete /var/lib/slapd/upgrade* flag files. We
+ haven't used those since the 2.1 upgrade.
+ * Update Vcs-* headers for new repository layout.
+ * Remove versioned dependency on an ancient dpkg-dev.
+ * Wrap and reorder Build-Depends for readability.
+
+ [ Updated debconf translations ]
+ * Czech, thanks to Miroslav Kure <kurem@debian.cz>. Closes: #458215.
+ * German, thanks to Helge Kreutzmann <debian@helgefjell.de>.
+ Closes: #452833.
+ * Spanish
+ * Finnish, thanks to Esko Arajärvi <edu@iki.fi>. Closes: #448061.
+ * French, thanks to Christian Perrier <bubulle@debian.org>.
+ Closes: #452632.
+ * Galician, thanks to Jacobo Tarrio <jtarrio@trasno.net>.
+ Closes: #451158.
+ * Italian, thanks to Luca Monducci <luca.mo@tiscali.it>. Closes: #449442.
+ * Japanese, thanks to Kenshi Muto <kmuto@debian.org>. Closes: #451325.
+ * Dutch, thanks to Bart Cornelis <cobaco@skolelinux.no>. Closes: #448935.
+ * Brazilian Portuguese
+ * Portuguese, thanks to Tiago Fernandes <tjg.fernandes@gmail.com>.
+ Closes: #453341.
+ * Russian, thanks to Yuri Kozlov <kozlov.y@gmail.com>. Closes: #453318.
+ * Vietnamese, thanks to Clytie Siddall <clytie@riverland.net.au>.
+ Closes: #453411.
+
+ -- Steve Langasek <vorlon@debian.org> Mon, 21 Jan 2008 04:58:24 -0800
+
+openldap2.3 (2.3.39-1) unstable; urgency=medium
+
+ * Medium severity due to denial of service fix.
+ * New upstream release.
+ - CVE-2007-5708: Fix remote denial of service attack in slapo-pcache
+ (the overlay for proxy caching). (Closes: #448644)
+ - Multiple additional more minor bug fixes.
+ * Document in the default slapd.conf that dbconfig options only generate
+ the DB_CONFIG file on first slapd start and have no effect afterwards
+ unless DB_CONFIG is removed. (Closes: #442191)
+ * Inline the checkpoint and BerkeleyDB backend settings in the default
+ slapd.conf rather than generating them dynamically in postinst. All
+ the allowable default database choices are now BerekelyDB variants and
+ will probably continue to be so for the forseeable future, and this is
+ easier to maintain.
+ * Drop debconf questions, warnings, and maintainer script functions
+ dealing with upgrades from OpenLDAP 2.1, which is now too hold for
+ supported direct upgrades. (Closes: #444806)
+ * Add a watch file. Thanks, Fernando Ribeiro. (Closes: #435290)
+ * Add Homepage, Vcs-Svn, and Vcs-Browser control fields.
+
+ -- Russ Allbery <rra@debian.org> Mon, 12 Nov 2007 16:00:47 -0800
+
+openldap2.3 (2.3.38-1) unstable; urgency=low
+
+ [ Steve Langasek ]
+ * Drop debian/patches/use-lpthread, which is no longer needed on mips*
+ because gcc has been fixed.
+ * Drop debian/patches/add-autogen-sh, also no longer needed now that
+ the above patch is gone.
+
+ [ Matthijs Mohlmann ]
+ * Fix bashism in initscript. (Closes: #428883)
+ * Drop upstream patches ITS4924, ITS4925 and ITS4966.
+ * Add patch for objectClasses which causes slapd to crash. (Closes: #440632)
+ - CVE-2007-5707.
+ - Upstream bug ITS5119.
+ * Change default loglevel to none, to log high priority messages.
+ (Closes: #442000)
+ * Tighten up the build dependencies, now that autogen patch is removed.
+
+ -- Matthijs Mohlmann <matthijs@cacholong.nl> Mon, 17 Sep 2007 22:58:54 +0200
+
+openldap2.3 (2.3.35-2) unstable; urgency=low
+
+ * Enable LAN Manager password support in slapd. (Closes: #245341)
+ * If automatic configuration is selected and slapd.conf doesn't exist
+ during an upgrade, treat this as a fresh installation rather than
+ aborting with an error. Also try to provide a better error message if
+ the user has deleted /etc/ldap/schema but we just generated a new
+ configuration that references it. These cases can occur if someone
+ removes (rather than purges) the package, manually deletes /etc/ldap,
+ and then reinstalls. (Closes: #205010)
+ * Don't fail in slapd's postrm if /etc/ldap/schema has already been
+ deleted.
+ * Remove slapd conflicts with libbind-dev and bind-dev. There no longer
+ appears to be anything in those packages that would break slapd's
+ resolver. (Closes: #225896)
+ * Add libldap-2.3-0-dbg and slapd-dbg packages with detached debugging
+ information.
+ * db_recover is no longer required after changing DB_CONFIG; slapd now
+ detects changes itself and does the right thing. Also note in
+ README.DB_CONFIG the existence of the dbconfig slapd.conf parameter
+ and slapd's DB_CONFIG writing support. (Closes: #412575)
+ * Add options to /etc/default/slapd to let the system administrator tell
+ the init script to not start slapd on boot. (Closes: #254999)
+ * Redirect fd 3 to /dev/null in the slapd init script for additional
+ robustness when debconf is running. (Closes: #227482)
+ * Add to /etc/default/slapd a commented-out example of how to change the
+ keytab file used for GSSAPI authentication. (Closes: #412017)
+ * Use variables in /etc/init.d/slapd for the paths to slapd and slurpd
+ so that someone who really wants to can override them in
+ /etc/default/slapd. (Closes: #403948)
+ * Allow people building packages for outside Debian to skip the checks
+ for non-DFSG-free material by setting a variable. Thanks, Peter
+ Marschall. (Closes: #427245)
+ * Remove duplicate libldap-2.3-0 dependencies. (Closes: #408987)
+ * Use binary:Version instead of Source-Version for the tight
+ dependencies between slapd and ldap-utils and libldap-2.3-0.
+
+ -- Russ Allbery <rra@debian.org> Mon, 11 Jun 2007 20:26:26 -0700
+
+openldap2.3 (2.3.35-1) unstable; urgency=low
+
+ * New upstream release with many bug fixes.
+ - Allow syncprov to follow aliases. (Closes: #422087)
+ * Apply upstream patches:
+ - ITS#4924: client crash on incorrectly tagged result from server.
+ - ITS#4925: NOOP modify with BDB backend crashed slapd.
+ - ITS#4966: Delete of valsort-controlled entries crashed slapd.
+ * Enable SLAPI support. (Closes: #390954)
+ * Re-enable use of the epoll system call since Debian no longer supports
+ 2.4 kernels. This means that the OpenLDAP packages will not work on
+ pre-2.6 kernels.
+ * Remove schema files that contain text from IETF RFCs from the upstream
+ source since that text is not DFSG-free. Instead, install stripped
+ versions of those schema files containing only the functional
+ interface specifications, a comment explaining why this is needed, and
+ a pointer to the relevant RFC. (Closes: #361846)
+ * Document the repackaging of the upstream source in debian/copyright.
+ * Update config.guess and config.sub during the build instead of in the
+ clean target and remove them in the clean target for a clean diff.
+ Build-depend on autotools-dev so that we can unconditionally copy over
+ the latest versions.
+ * Added commentary and upstream ITS numbers for several patches
+ applicable upstream.
+ * Use debian/compat rather than the deprecated DH_COMPAT rules setting.
+ * Update to debhelper compatibility level V5 (no changes required).
+
+ -- Russ Allbery <rra@debian.org> Wed, 30 May 2007 22:42:28 -0700
+
+openldap2.3 (2.3.30-5) unstable; urgency=low
+
+ [ Steve Langasek ]
+ * Add Portuguese debconf translation; thanks to Tiago Fernandes.
+ Closes: #409632.
+ * Re-add .la files to the slapd package, for greater compatibility
+ with upstream documentation.
+
+ [ Russ Allbery ]
+ * When starting slapd, create a symlink from /var/run/ldapi to
+ /var/run/slapd/ldapi for compatibility with 2.1 client libraries.
+ Closes: #385809.
+ * Apply upstream patch to prevent a race condition in slapd when
+ shutting down connections.
+ * Update the Brazilian Portuguese debconf translation; thanks to Felipe
+ Augusto van de Wiel.
+
+ -- Russ Allbery <rra@debian.org> Thu, 8 Mar 2007 18:21:02 -0800
+
+openldap2.3 (2.3.30-4) unstable; urgency=low
+
+ * Ok, argh, it helps to check that the function being re-added to the
+ preinst hasn't been removed again from the common include. Re-add
+ break_on_ldbm_to_bdb_migration_disagree, because by all appearances
+ we /should/ be using this in the preinst. Closes: #411474.
+
+ -- Steve Langasek <vorlon@debian.org> Mon, 19 Feb 2007 03:55:22 -0800
+
+openldap2.3 (2.3.30-3) unstable; urgency=medium
+
+ [ Matthijs Mohlmann ]
+ * Added spanish translation. (Closes: #404250)
+ * Documentation updates backported from upstream.
+ * Fix a security bug in kerberos kbind code. (Only used when enabling with
+ --enable-kbind option) But better safe then sorry.
+ * Backported a mem leak fix on failed binds.
+ * Added patch from upstream that fixes a memory leak in ACLs that use sets.
+
+ [ Steve Langasek ]
+ * *Really* abort in preinst if the user doesn't accept the upgrade
+ from ldbm to bdb. Closes: #392747.
+ * Set the name of debian/slapd.NEWS right so that it gets
+ installed in the binary package. Closes: #409923.
+ * Add Russian debconf translation; thanks to Yuri Kozlov.
+ Closes: #405706.
+ * Add Galician debconf translation; thanks to Jacobo Tarrio.
+ Closes: #407267.
+
+ -- Steve Langasek <vorlon@debian.org> Sun, 18 Feb 2007 16:47:16 -0800
+
+openldap2.3 (2.3.30-2) unstable; urgency=low
+
+ * Make sure that the pidfile directory doesn't exist in the init script.
+ (Closes: #402705)
+
+ -- Matthijs Mohlmann <matthijs@cacholong.nl> Tue, 12 Dec 2006 21:34:44 +0100
+
+openldap2.3 (2.3.30-1) unstable; urgency=low
+
+ * New upstream release.
+ - Fixed authzTo/authzFrom URL matching.
+ - Fixed syncrepl consumer memory leaks.
+ - Fixed slapd-hdb livelock.
+ - Fixed slapo-ppolicy external quality check.
+ - Fixed ldapsearch(1) man page acknowledgement.
+ * Added patch to make sure that the pidfile directory exists.
+ (Closes: #390337)
+ * Do not ask the question allow ldap v2 logins when user wants manual
+ configuration. (Closes: #401003)
+ * Add patch to look also in /etc/ldap/sasl2 for sasl configuration.
+ (Closes: #398657)
+ * Removed db4.2-util recommend, the slapd binary includes checking code to
+ fix DB errors.
+ * Updated README in schema directory. It doesn't list collective.schema
+ anymore. (Closes: #287358)
+ * Updated manpages to point to right paths. (Closes: #398790)
+
+ -- Matthijs Mohlmann <matthijs@cacholong.nl> Sat, 9 Dec 2006 20:50:58 +0100
+
+openldap2.3 (2.3.29-1) unstable; urgency=medium
+
+ [ Matthijs Mohlmann ]
+ * New upstream release.
+ - Fixes Denial of Service through a certain combination of LDAP BIND
+ requests (CVE-2006-5779) (Closes: #397673)
+ * LSB section added to the init script.
+ * Updated README.Debian about running as non-root user (Closes: #389369)
+ * Updated de translation (Closes: #396096)
+ * Added some documentation / warning when running slapindex as root.
+ * Remove drafts and rfc from the tarball. (Closes: #393404)
+
+ -- Matthijs Mohlmann <matthijs@cacholong.nl> Sat, 11 Nov 2006 11:24:42 +0100
+
+openldap2.3 (2.3.27-1) unstable; urgency=low
+
+ [ Matthijs Mohlmann ]
+ * New upstream release.
+ * pidfile location is changed 3 years ago, when people are upgrading from
+ back then they have a broken slapd because the openldap user is not able
+ to write to /var/run. (Closes: #380687)
+ * Patches by Quanah Gibson-Mount <quanah@stanford.edu>
+ - Fix one time memleak on startup in the accesslog db.
+ * Changed priority of libldap-2.3-0 to optional as it is only used by slapd.
+
+ [ Torsten Landschoff ]
+ * Remove RFC documents as they do not meet the DFSG.
+ + debian/rules: Check that the RFCs are gone to make sure it does not
+ get included again by accident.
+
+ -- Matthijs Mohlmann <matthijs@cacholong.nl> Sat, 2 Sep 2006 00:33:44 +0200
+
+openldap2.3 (2.3.25-1) unstable; urgency=low
+
+ [ Matthijs Mohlmann ]
+ * New upstream release:
+ - Accepts 'require none' in slapd.conf (closes: #370023).
+ - Added patch to fix a bold issue in the manpage ldapsearch. Thanks to
+ Matt Kraai. (Closes: #355670)
+ * Added commented out rootdn parameter in slapd.conf. (Closes: #303245)
+ * Make the scripts output a bit more consistent.
+ * Fix a regression in the slapd packages. Data directory is /var/lib/ldap
+ and not /var/openldap-data, also adjust the manpages to reflect these
+ change. Thanks to Peter Marschall. (Closes: #368891)
+ * Removed script move_files, dh_install is used instead. (Closes: #368896)
+ * Dutch translation already updated. Closes: #375101)
+ * Documented that slapd is compiled with TCP wrappers (Closes: #351428)
+ * dpkg-reconfigure slapd now just reinstalls slapd and moves old databases
+ to /var/backups. Already done in previous version (Closes: #230366, #208056)
+
+ [ Torsten Landschoff ]
+ * debian/libldap-2.3-0.install: Ignore version information when installing
+ libraries. This way it does not need updating for each new upstream
+ release.
+
+ -- Matthijs Mohlmann <matthijs@cacholong.nl> Wed, 26 Jul 2006 18:05:40 +0200
+
+openldap2.3 (2.3.24-2) unstable; urgency=low
+
+ * Switch slapd from running as root to running as user.
+ (Closes: #292845, #261696)
+ * Changing configuration in slapd.conf by the postinst will now also follow
+ includes. (Closes: #304488)
+ * Patches by Quanah Gibson-Mount <quanah@stanford.edu>
+ - fix a lock bug with a virtual root entry in the BDB backend.
+ - fix boolean logic in the overlays.
+ - fix that slurpd can use ldaps.
+ - fix initialization of auditdb.
+ - fix TLS concurrency issues.
+ - fix exop password change that didn't reset pwdMustChange.
+ - fix syncrepl that fails when no rootdn is defined.
+ * Add dependency on adduser.
+ * Specify the PATH variable in the init script. (Closes: #367981)
+ * Added patch to read config before dropping privileges.
+ * epoll(4) system call is missing on kernels <2.6, this causes slapd to
+ not work on 2.4 kernels. Added patch that remove the #define in
+ portable.in (Closes: #369352, #372194, #373233)
+ * In 2.3.24 slapd won't segfault if the moduleload directive appears
+ somewhere else. (Closes: #349011)
+ * Removed fileutils dependency, it's superseeded in Sarge already.
+ (Closes: #370013)
+ * Use find in combination with mv to move an old directory away.
+ (Closes: #306435)
+ * Updated Dutch debconf translation (Closes: #365172)
+ * Added an example backup script that can be put into cron (Closes: #319477)
+ * Make the db directories 0700. On new installations this is the default.
+ (Closes: #354450)
+ * Get rid of a '.' in front of a domain. (Closes: #318143)
+ * Added shadowLastChange to the ACL in the default slapd.conf
+ (Closes: #370550)
+ * Updated Japanese translation (Closes: #378565)
+
+ -- Matthijs Mohlmann <matthijs@cacholong.nl> Mon, 17 Jul 2006 18:22:45 +0200
+
+openldap2.3 (2.3.24-1) unstable; urgency=low
+
+ [ Matthijs Mohlmann ]
+ * New upstream version. (Closes: #369544)
+ * Update patch slurpd-in-spool. (Closes: #368586, #368709, #368889)
+ * Added slapi-errorlog-file to be into /var/log (Closes: #368895)
+ * Removed patch configure.in-fix, incorporated upstream.
+ * Move debian/configure.options.new to debian/configure.options.
+ * Added patch to put ldapi socket in /var/run/slapd.
+ * Removed bdb recovery from the init.d script. This was introduced to fix
+ bug #255276. Now that slapd has the ability to check and recover from bdb
+ failures, this function is not needed anymore. (Closes: #369484, #369093)
+ * Updated the lintian overrides.
+
+ [ Torsten Landschoff ]
+ * Include man pages for accesslog and auditlog overlays, patch by
+ Peter Marschall (closes: #368888).
+
+ -- Matthijs Mohlmann <matthijs@cacholong.nl> Thu, 1 Jun 2006 08:16:02 +0200
+
+openldap2.3 (2.3.23-1) unstable; urgency=low
+
+ [ Matthijs Mohlmann ]
+ * New upstream release. (Closes: #308906, #310282, #353877, #335618, #315158)
+ (Closes: #310282, #319155)
+ * OpenLDAP checks database before starting up.
+ (Closes: #190165, #195079, #294701, #308416)
+ * move_old_database_away isn't called in a while loop anymore (which would
+ kill debconf interaction) (Closes: #299100)
+ * BDB_CONFIG file will be installed on new installations (Closes: #301292)
+ * Move to dh_install.
+ * Move to quilt patch system.
+ * Fix manpage.
+ * Make ldiftopasswd and fix_ldif executable. (fixes lintian warnings)
+ * Wipe passwords after we created the initial configuration.
+ * The config scripts is runned twice, this causes the password in
+ slapd/internal/adminpw to be empty. This fixes the issue with having an
+ empty password in the ldap database. (Closes: #343113, #347725)
+ * Added #DEBHELPER# token to fix a lintian warning.
+ * bdb has changed between major versions, so dump the database and import it
+ again for versions before 2.3.19.
+ * Remove comments from debian/control (The out commented control information
+ is actually in debian/control.dev)
+ * Enable all backends and overlays with: --enable-backends=mod and
+ --enable-overlays=mod
+ * Add | debconf-2.0 to unblock cdebconf transition (Closes: #332053)
+ * Added Danish debconf translation (Closes: #353897)
+ * Updated French debconf translation (Closes: #320739)
+ * Updated Vietnamese debconf translation (Closes: #319706)
+ * Updated Czech debconf translation (Closes: #356554)
+ * Encode the organization to utf8 (Closes: #236097)
+ * Disabled the LDBM backend. Break in preinstallation if user doesn't want
+ to migrate to BDB backend.
+ * Removed choice for LDBM backend from slapd templates. And some explanation
+ in that question about the LDBM backend.
+ * Add sizelimit and tool-threads and some documentation to slapd.conf
+ (Closes: #327808)
+ * slapd.scripts-common had two functions with the same name.
+ * Don't return a error message if hostname fails.
+ * Backup the config only once on upgrade.
+ * For new installations do not install a DB_CONFIG file but use the
+ slapd.conf as file for BDB/HDB configuration parameters. See: slapd-bdb(5)
+ * Added various "exit 0" to the installation scripts.
+ * Add configure.in patch to fix C comparison what should be bash (ITS#4416)
+ * Raise debconf configuration level from low to medium for
+ slapd/no_configuration.
+ * Updated Standards-Version to 3.7.2.0
+ * Added build-dependency on perl which is used in the debian/rules file.
+ Considered by lintian.
+ * Added lintian override for too-long-extended-description-in-templates, it
+ is an explanation about the backends.
+
+ [ Steve Langasek ]
+ * debian/slapd.templates: Fix typo durin -> during; re-run
+ debconf-updatepo, fixing up the fuzzies (closes: #319596).
+
+ [ Torsten Landschoff ]
+ * debian/slapd.scripts-common: Rename backend_supported to
+ upgrade_supported_from_backend for more clarity.
+
+ -- Matthijs Mohlmann <matthijs@cacholong.nl> Sat, 13 May 2006 00:28:11 +0200
+
+openldap2.2 (2.2.26-4) unstable; urgency=low
+
+ * [l10n] Vietnamese translations by Clytie Siddall (closes: #316623).
+ * debian/slapd.templates: Fix typos occured -> occurred (closes: #316624).
+ * libraries/libldap/url.c: Apply patch from upstream CVS to fix URI
+ parsing (closes: #317100).
+
+ -- Torsten Landschoff <torsten@debian.org> Tue, 19 Jul 2005 20:52:17 +0200
+
+openldap2.2 (2.2.26-3) unstable; urgency=low
+
+ * [SECURITY] Applied the patch available at
+ http://bugzilla.padl.com/show_bug.cgi?id=210
+ to force libldap to really use TLS when requested in /etc/ldap/ldap.conf
+ (cf. CAN-2005-2069). Clients still will use libldap2 from openldap2
+ source package so this is only to prepare unleashing the libraries of
+ OpenLDAP 2.2 for unstable...
+
+ -- Torsten Landschoff <torsten@debian.org> Sun, 3 Jul 2005 10:41:37 +0200
+
+openldap2.2 (2.2.26-2) unstable; urgency=low
+
+ * Assembled changes from patches supplied by Peter Marschall (thanks,
+ Peter):
+ | debian/move_files: Move slapd and slurpd to /usr/sbin and adjust symlinks
+ (closes: #316354).
+ + debian/slapd.links: Remove symlinks from /usr/sbin to /usr/lib.
+ | debian/rules: Don't install cron jobs needed for GnuTLS as long as we are
+ using OpenSSL.
+ | debian/control: Remove build-dependencies needed for GnuTLS
+ (closes: #316355).
+ + Require libsasl >= 2.1.18 as recommended by OpenLDAP project.
+ | Update quicktool patch from Quanah Gibson-Mount (closes: #316361).
+ | debian/slapd.init: Use /bin/sh as shell when running db_recover
+ (closes: #316350).
+ | debian/configure.options: Enabled dynlist and proxycache overlays
+ (closes: #316351).
+
+ * debian/po/de.po: Apply typo correction patch (closes: #313809).
+ * debian/po/fr.po: Apply updates by Christian Perrier (closes: #315122).
+
+ -- Torsten Landschoff <torsten@debian.org> Fri, 1 Jul 2005 12:53:18 +0200
+
+openldap2.2 (2.2.26-1) unstable; urgency=low
+
+ * New upstream release.
+ * debian/slapd.init: Run db_recover as the user configured for slapd
+ (closes: #311331).
+ * debian/po/cs.po: Add Czech translation by Miroslav Kure (closes: #312064).
+ * Run debconf-updatepo, oh my :(
+ * Update configure via libtoolize -cf; aclocal-1.4; autoconf2.50.
+ * configure.in: Try to fix memcmp check (probably does not work anymore, but
+ we should have a working memcmp on all Debian systems anyway).
+ * debian/rules: Remove config.{sub,guess} before installing new versions
+ (just in case there were symlinks for them...).
+
+ -- Torsten Landschoff <torsten@debian.org> Tue, 21 Jun 2005 12:06:40 +0200
+
+openldap2.2 (2.2.23-8) unstable; urgency=low
+
+ * debian/DB_CONFIG: Fixed the log cache configuration (used the wrong
+ command so there was about no effect).
+
+ -- Torsten Landschoff <torsten@debian.org> Mon, 30 May 2005 08:48:10 +0200
+
+openldap2.2 (2.2.23-7) unstable; urgency=low
+
+ * debian/slapd.scripts-common: Install the default DB_CONFIG for each
+ database loaded from LDIF which didn't have a DB_CONFIG before.
+ * (automatic) Updated config.sub and config.guess from autotools-dev.
+
+ -- Torsten Landschoff <torsten@debian.org> Mon, 30 May 2005 08:08:37 +0200
+
+openldap2.2 (2.2.23-6) unstable; urgency=low
+
+ Torsten Landschoff <torsten@debian.org>:
+ * debian/po/ja.po: Merge updates from Kenshi Muto (closes: #303505).
+ * debian/po/fr.po: Merge updates from Christian Perrier (closes: #306229).
+ * debian/slapd.scripts-common: If the user enters the empty value for
+ the database dumping directory use the default value. Seems like the
+ readline interface does not care about the default value
+ (closes: #308234).
+ * debian/slapd.postinst: Make sure the debhelper commands are executed
+ in all cases (closes: #310422).
+ * Merged suggested changes by Eugene Konev to automatically run
+ db_recover before starting slapd (closes: #255276).
+ + debian/slapd.init: Run db_recover if enabled and available and no
+ slapd process running.
+ + debian/slapd.default: Add configuration option to disable it.
+ * Applied and improved patch by Matthijs Mohlmann to support migration
+ from ldbm to bdb backend.
+ + debian/slapd.config: Ask if migration is wanted.
+ + debian/slapd.postinst: Update configuration from ldbm to bdb if yes.
+ + debian/slapd.scripts-common: Implemented some parts in their own
+ functions.
+ * Add a README.DB_CONFIG.gz and reference it where referring to BDB
+ configuration.
+ * Update default DB_CONFIG with some senseful values.
+
+ Steve Langasek <vorlon@debian.org>:
+ * libraries/libldap_r/Makefile.in: make sure the ximian-connector ntlm
+ patch is applied to libldap_r, not just to libldap
+ * debian/move_files: make libldap a symlink to libldap_r, as carrying
+ two versions of this library around is more trouble than it's worth,
+ and can cause glorious segfaults down the line
+
+ -- Torsten Landschoff <torsten@debian.org> Mon, 30 May 2005 08:07:49 +0200
+
+openldap2.2 (2.2.23-5) unstable; urgency=low
+
+ Torsten Landschoff <torsten@debian.org>:
+ * debian/lintian-overrides: Add. Contains lintian warnings/errors to
+ override for each package (plus comments).
+ + debian/move_files: Automatically install applying overrides into
+ each package.
+
+ Steve Langasek <vorlon@debian.org>:
+ * configure.in: reinstate the remainder of the fix for 195990 from
+ 2.1.22-2: give preference to -lpthread over -pthread in configure.in,
+ because some archs (mipsel, at least) don't like -pthread.
+
+ -- Steve Langasek <vorlon@debian.org> Sun, 24 Apr 2005 05:01:02 -0700
+
+openldap2.2 (2.2.23-4) unstable; urgency=low
+
+ Torsten Landschoff <torsten@debian.org>:
+ * debian/control: Make the requirement for debconf a pre-dependency as
+ we are using it from the maintainer scripts.
+ * debian/slapd.preinst: Always use debconf (don't check for availability).
+ * debian/slapd.scripts-common: Remove the alert_user function which
+ was there to output an error message in case debconf is not available.
+
+ Steve Langasek <vorlon@debian.org>:
+ * debian/fix_ldif: Add code to fix up oddly formatted integer attribs;
+ limited use because it only fixes those attributes that we have
+ prior knowledge of (i.e., those in the default schemas we ship), but
+ it's something at least. Closes: #302629.
+ * debian/fix_ldif: Also change fix_ldif to not chew up everything that
+ has a # in the line: treat lines beginning with # as comments, but #
+ is a valid character in an attribute value.
+ * debian/rules: Fix the check for missing lib symbols to use
+ LD_LIBRARY_PATH, so the package builds on systems that don't already
+ have libldap-2.2-7 installed. Closes: #305785.
+ * debian/po/ja.po: Use the partial translation provided by Kenshi Muto.
+
+ Stephen Frost <sfrost@debian.org>:
+ * debian/slapd.scripts-common: Make sure - ends up at the end of the
+ bracket expression given to grep so it's not treated as a range
+ (closes: #302743).
+
+ -- Steve Langasek <vorlon@debian.org> Sat, 23 Apr 2005 22:01:20 -0700
+
+openldap2.2 (2.2.23-3) unstable; urgency=low
+
+ Steve Langasek <vorlon@debian.org>
+ * libraries/libldap_r/Makefile.in: Code that uses pthreads *must* be
+ linked with -pthread, even if it's a library; without this, the
+ libldap_r library ends up with dangling unversioned reference to
+ pthread_create() which gets resolved to a wrong version that causes
+ segfaults on 64-bit platforms. Closes: #304549.
+ * debian/rules: error out on build if an installed library has
+ undefined symbols; future-proofing against a repeat of #304549.
+ * debian/slapd.postinst: don't dump and reload directories unless we
+ know we're upgrading from an incompatible version! Closes: #304840.
+ * debian/slapd.scripts-common: don't use merge_logical_lines for
+ functions that will be writing back to the config; the code is not
+ as pretty now, but the output is much less ugly. Closes: #303243.
+ * debian/slapd.examples, debian/slapd.scripts-common,
+ debian/slapd.links, debian/move_files: install DB_CONFIG in
+ /usr/share/slapd/ instead of /usr/share/doc/slapd/examples/; this
+ simplifies the code, and ensures users who don't install
+ /usr/share/doc aren't penalized. Create links for the DB_CONFIG and
+ slapd.confg templates to /usr/share/doc/slapd/examples, since these
+ are worthwhile examples as well.
+ * Updated maintainer scripts to keep DB_CONFIG for LDAP databases over
+ upgrades (closes: #265860).
+ * Move slappasswd to the slapd package, since it's now a symlink and
+ isn't actually useful without the slapd binary (closes: #304339).
+
+ -- Torsten Landschoff <torsten@debian.org> Thu, 21 Apr 2005 01:29:57 +0200
+
+openldap2.2 (2.2.23-2) unstable; urgency=low
+
+ * debian/configure.options: Change localstatedir to /var from /var/run
+ as the current upstream version adds /run to that during runtime for
+ slapi sockets etc. Problem: The database location is specified relative
+ to localstatedir/openldap-data. Another thing to fix...
+ (closes: #298271, #304491).
+ * debian/slapd.scripts-common (load_databases): Reimplement automatic
+ fixing of LDIF data via the fix_ldif script. Only tried if an
+ initial slapadd using the original LDIF data fails. With this change
+ upgrading from woody for some simple cases does work again.
+ * Disabled the version check for Berkeley DB in upstream code. Any
+ libdb4.2 package should work but of course using the latest will give
+ you the best results (closes: #300851).
+ * debian/slapd.scripts-common (import_database): Removed, no longer used.
+ * debian/slapd.scripts-common: Store the diagnostic output from
+ slapadd and output it before aborting if the command failed.
+ * debian/po/fr.po: Use the translations provided by Christian Perrier
+ (closes: #304141).
+ * debian/slapd.scripts-common: Use the -q option during slapadd to
+ improve performance.
+ * debian/slapd.templates (slapd/dump_database_destdir): Apply rewording
+ changes from Thomas Prokosch. Gives the user more information about
+ the usage of that directory.
+ + Run debconf-updatepo to update the translation templates.
+ * debian/slapd.templates: Clean up the debconf templates of the slapd
+ packages by merging the changes suggested by Christian Perrier
+ (closes: #302829). Thanks, Christian!
+ + Changed the wording of some of the templates.
+ + Adapt to the DTSG (Debconf Templates Style Guide).
+ + Removed item slapd/admin which is not used anymore.
+ + Run debconf-updatepo and send new fr.po to Christian Perrier.
+ * debian/slapd.postinst: Make a backup copy of slapd.conf before changing
+ anything (closes: #304485).
+ * Trivial improvements:
+ + Don't ask to move contents of /var/lib/ldap if it does not even
+ exist (but also is not an empty directory...) in initial config.
+ + Move check for current installation status out of configure_dumping.
+
+ -- Torsten Landschoff <torsten@debian.org> Thu, 14 Apr 2005 19:57:11 +0200
+
+openldap2.2 (2.2.23-1) unstable; urgency=low
+
+ * debian/slapd.scripts-common: Move all shell functions of the maintainer
+ scripts here to have it all in one place.
+ * Another pass over the maintainer scripts to remove cruft and tidy up
+ the code a bit. Fixed some bugs on the way.
+ * Test upgrade and installation revealed some bugs, mostly typos:
+ + return in shell actually is "return $?", not "return 0" as I though
+ + Referenced $src where $srcdir was meant.
+ + Only load old directories on upgrade and not during initial
+ installation.
+
+ -- Torsten Landschoff <torsten@debian.org> Fri, 1 Apr 2005 18:50:21 +0200
+
+openldap2.2 (2.2.23-0.pre6) experimental; urgency=low
+
+ Torsten Landschoff <torsten@debian.org>:
+ * debian/slapd.postinst: Add a testing interface to test the helper
+ functions.
+ * debian/slapd.postinst: Make sure that debconf actually displays the
+ error message even if the user has already seen it before.
+ * debian/slapd.postinst (compute_backup_path): Make function more robust
+ in case we don't know the old version or the suffix of the database.
+ Converted the backup dir to a more simple scheme which should be save
+ against accidental overwriting.
+ * Rewrote part of the maintainer scripts for correct handling of
+ directory dumps in preinst. New debconf questions etc.
+ * Move the manpage of slappasswd to ldap-utils where slappasswd itself
+ is included (closes: #300212).
+ + debian/control: Add Replaces: slapd << 2.2.23-0.pre6 to ldap-utils.
+ + debian/move_files: Move slappasswd manpage into ldap-utils.
+ * debian/slapd.config: Don't fail if hostname is unset (pulled from
+ Ubuntu, thanks to Jeff Bailey).
+ * Applied patch by Quanah Gibson-Mount (directory administrator of Stanford)
+ to add -q option to some tools for quick operation without updating
+ logs. This is mostly for importing directories from LDIF backups.
+ * Go back to libdb4.2 as OpenLDAP is known to have problems with BDB 4.3.
+ + debian/control: Update dependencies for BDB 4.2.
+ + debian/slapd.scripts-common: Mark all databases before this version
+ as incompatible.
+ * Fix some bashisms in maintainer scripts.
+ * debian/slapd.postinst: Include the version of the backup in the
+ backup of a database directory.
+
+ Carlo Contavalli <ccontavalli@debian.org>:
+ * debian/slapd.init: Print command line if starting a daemon failed.
+ * debian/slapd.postinst: Handle hdb backend just as if it was bdb.
+ * debian/README.Debian: Add some notes about DB_CONFIG and how to run
+ slapd under a different uid/gid.
+ * Install an example DB_CONFIG file during initial configuration
+ + slapd.postinst: Add a function to implement this and hook it into
+ create_new_configuration.
+ + debian/DB_CONFIG: Example DB_CONFIG that is installed.
+ + debian/slapd.examples: Mark DB_CONFIG as an example.
+ * servers/slapd/daemon.c: Actually change the permissions of the
+ unix socket if requested using an ldapi url with x-mod.
+ * debian/slapd.scripts-common: change privileges of upgraded databases
+ as indicated by SLAPD_USER and SLAPD_GROUP variables.
+ * debian/slapd.scripts-common,slapd.postinst: corrected some minor
+ typos.
+
+ -- Torsten Landschoff <torsten@debian.org> Fri, 1 Apr 2005 12:26:35 +0200
+
+openldap2.2 (2.2.23-0.pre5) experimental; urgency=low
+
+ * Apply NTLM patch from ximian-connector source package.
+ * debian/slapd.postinst: Fix small typo leading to upgrade failures.
+ Added some notes while wading through maintainer scripts.
+ * debian/slapd.postinst: Make slapadd more noisy, writing the new
+ directory to stderr if something goes wrong (should help for
+ bug #236097).
+ * Make slapd.init idempotent by adding --oknodo to start-stop-daemon
+ invocations (closes: #298741). Kudos to Bill Allombert for this
+ patch.
+ * slapd.postinst: Try to fix slapd.conf for syntactic and semantic changes
+ introduced upstream into 2.2.x.
+ * slapd.scripts-common: Make sure directories before 2.2.23 are dumped
+ and reloaded on upgrade.
+
+ -- Torsten Landschoff <torsten@debian.org> Fri, 11 Mar 2005 18:54:57 +0100
+
+openldap2.2 (2.2.23-0.pre4) experimental; urgency=low
+
+ * Rename libldap2.2 to libldap-2.2-7 to match soname. Updated
+ debian/{control,rules,...}.
+ * Checked the usage of the ucdata files shipped with libldap2 before.
+ Actually they stem from liblunicode which is only linked to slapd.
+ Therefore those files are shipped with slapd now. This change is
+ relevant so that multiple libldap-2.2-x packages can coexist later.
+ * debian/control: Updated for slapd replacing files from libldap2.
+ * debian/control: Recommend db4.3-util instead of db4.2-util as we are
+ using the former version now for slapd.
+ * debian/control: Add Build-Depends for libperl-dev, this time for
+ real. I wonder what went wrong last time as it built correctly with
+ pdebuild (closes: #297123).
+
+ -- Torsten Landschoff <torsten@debian.org> Mon, 28 Feb 2005 15:17:52 +0100
+
+openldap2.2 (2.2.23-0.pre3) experimental; urgency=low
+
+ * debian/slapd.prerm: Reformat and fix double stopping of slapd. Find
+ out which bug we are working around and document it.
+ * debian/configure.options: Enable ACI support (closes: #101602).
+ Looked through the source code and it seems to be properly
+ insulated to not make a difference when not used.
+ * .../Makefile.in: Remove -s option from install invocations and let
+ dh_strip handle stripping binaries (closes: #264448).
+ * debian/slapd.postinst: Code cleanup and reading, unused and duplicate
+ code removed. Main body still needs fixing.
+ * debian/slapd.postinst: Fixed chmod --reference calls to keep the
+ permissions of slapd.conf. Putting data into the file using shell
+ redirection recreates the file with default umask and owner, killing
+ the permissions we applied using chod --reference after creating the
+ file. Instead we change the permissions directly before renaming the
+ file now. Wrapped it into a function and update the owner as well.
+ How do we do this correctly for ACLs etc.!? Thanks to Carlo Contavalli
+ for pointing this out.
+ * servers/slapd/main.c: Log a warning if writing the pidfile or writing
+ the arguments file fails (closes: #261696).
+ * debian/control: Add missing build dependency for perl development
+ library (closes: #297123).
+
+ -- Torsten Landschoff <torsten@debian.org> Sun, 27 Feb 2005 17:44:03 +0100
+
+openldap2.2 (2.2.23-0.pre2) experimental; urgency=low
+
+ * servers/slurpd/slurp.h: Relocate the default spool directory to
+ /var/spool/slurpd again.
+ * Merged some changes done by Fabio M. Di Nitto for the ubuntu
+ distribution (thanks, Fabio!):
+ + debian/slapd.{postinst,conf}: Checkpoint BDB databases every 512kb
+ or 30 minutes by default.
+ + debian/slapd.scripts-common: Make is_empty_dir less noisy on first
+ install (cosmetic).
+ * Applied some changes suggested by Ondrej Sury:
+ + debian/rules: Add MAKEVARS variable and set datadir =
+ /usr/share/libldap2.2/ucdata instead of changing build/top.mk as
+ suggested.
+ + debian/move_files: Install /usr/share/libldap2.2 into libldap2.2
+ and remove duplicate ldap.conf manpage.
+ + debian/control: Let libldap2.2 dependon libldap2 for config files.
+ * Also in Ondrej's patch:
+ + doc/man/man8/slapd.8: Refer to slapd.conf instead of ldap.h for
+ loglevel documentation. Changed by ubuntu? I don't know...
+ * debian/slapd.README.Debian: Update TLS/SSL information.
+
+ -- Torsten Landschoff <torsten@debian.org> Fri, 25 Feb 2005 14:44:59 +0100
+
+openldap2.2 (2.2.23-0.pre1) experimental; urgency=low
+
+ * Merge new upstream release 2.2.23.
+ * Change name of source package to openldap2.2.
+ * configure.in: Fix AC_LIBOBJ for configure2.50.
+ * Run libtoolize, aclocal-1.4 and autoconf2.50 to get a working
+ configure script.
+ * debian/slapd.init: Output failure reasons using "$failure" so that
+ no glob substitution is done. Had a hard time grokking why slapd
+ would mention the contents of the current directory in its error
+ message...
+ * debian/rules: Disable building -dev packages as we don't want
+ other packages to link against the new libraries before sarge.
+ Remove the binary-indep target from the binary dependends list.
+ * debian/control: Move packages that are no longer build into control-dev.
+ * debian/configure.options: Build against OpenSSL with --with-tls
+ (this can only be done for slapd itself, we need GnuTLS support
+ before enabling this for libldap2.2-dev).
+ * debian/control: Update build dependencies for libdb4.3 and OpenSSL.
+
+ -- Torsten Landschoff <torsten@debian.org> Wed, 23 Feb 2005 19:29:38 +0100
+
+openldap2 (2.2.18-0.pre2) experimental; urgency=low
+
+ * debian/check_config: Make sasl2 check more robust against file
+ format changes in config.status.
+ * debian/libldap2.shlibs: Remove.
+ * Update configure script using libtoolize, aclocal-1.4 and autoconf2.50
+ to fix wrong shared library dependency in libldap2.2 (depended on
+ libldap2 by linking against the system's liblber).
+ * debian/libldap2.README.Debian: Move to libldap2.2.README.Debian.
+ * Lintian cleanup:
+ + Run debconf-updatepo for debian/rules clean and manually as
+ requested.
+ + Update config.guess and config.sub in debian/rules clean as well.
+ First update done.
+ + debian/rules (install): Fix the manpage section of the admin commands
+ from 8C to 8.
+ + debian/rules (binary-arch): Run dh_fixperms to fix the permissions
+ on shared libraries.
+
+ -- Torsten Landschoff <torsten@debian.org> Thu, 13 Jan 2005 11:53:28 +0100
+
+openldap2 (2.2.18-0.pre1) experimental; urgency=low
+
+ * New upstream release.
+ * Disable TLS for now.
+ * debian/rules: Don't run autoheader and autoconf.
+ * debian/configure.options: Recreated and updated for new setup.
+ * debian/rules: Move slapd, slurpd from /usr/lib to /usr/sbin.
+ * Rename library packages to include the OpenLDAP version.
+ * Remove /etc/ldap/ldap*.conf from libldap2.2 to avoid clash with
+ libldap2. Also add Replaces entry for libldap2 to allow overwriting
+ for now. Needs fixing...
+ * Instead of moving slapd from /usr/lib to /usr/sbin create a symlink.
+ Seems like slapadd etc. are now all included in the slapd binary
+ and all link to its binary.
+ * debian/rules: Run dh_link for arch dependend packages.
+ * configure: Fix broken libdb checking which forced static building of
+ back-bdb.
+ * debian/slapd.conf: Fix access directive to use "attrs=" instead of
+ "attribute=" which wasn't officially supported anyway.
+
+ -- Torsten Landschoff <torsten@debian.org> Wed, 3 Nov 2004 09:57:14 +0100
+
+openldap2 (2.1.30-3) unstable; urgency=high
+
+ * Urgeny high since previous releases were hardly usable (at least
+ with TLS).
+ * Roland Bauerschmidt <rb@debian.org>
+ + libraries/libldap/gnutls.c, libraries/libldap/tls.c,
+ include/ldap_pvt_gnutls.h: Use callback with
+ gnutls_certificate_set_params_function to generate dh_params and
+ rsa_params (this is also the way, it's done with OpenSSL). We need
+ GNUTLS 1.0.9 for this. With the new version of libgcrypt, we also
+ need to initialize threading explicitly. The previous
+ segmentation faults resulted from the *global* param structure
+ being recreated and freed for every session. Many thanks to
+ Matthias Urlichs who helped debugging a lot and also packaged
+ GNUTLS 1.0.16 very quickly... Closes: #244827.
+ + debian/control: Add build dependency to libgcrypt11-dev (we're
+ initializing it directly now) and change libgnutls10-dev to
+ libgnutls11-dev.
+ + libraries/libldap/gnutls.c: in tls_gnutls_need_{dh,rsa}_params
+ (formerly ldap_gnutls_need_...), create temp files more securely,
+ doing unlink before opening and opening them with O_EXCL. This is
+ necessary because under Linux 2.6 all threads have the same PID.
+ Thanks to Andrew Suffield for pointing this out.
+ + debian/slapd.cron.daily: cron job to remove GNUTLS rsa_export and
+ dh param cache files every day.
+ + debian/slapd.README.Debian: add note that we use GNUTLS rather
+ than OpenSSL.
+
+ -- Roland Bauerschmidt <rb@debian.org> Mon, 26 Jul 2004 18:41:23 +0200
+
+openldap2 (2.1.30-2) unstable; urgency=low
+
+ * Roland Bauerschmidt <rb@debian.org>
+ + debian/slapd.scripts-common: add missing space before !
+ Closes: #251036, #253633, #257513.
+ * Torsten Landschoff <torsten@debian.org>
+ + Applied patch by Ralf Hack to support non-standard config file
+ location in /etc/default/slapd (closes: #229195).
+ + Applied patch to fix handling of abandoned commands
+ (closes: #254183). Thanks to Peter Marschall for submitting it.
+ + Applied patch to fix memory leak after search (closes: #254184).
+ Thanks again, Peter!
+ + Applied trivial patch to support logging to DAEMON facility
+ as well as LOCAL* (closes: #254186). Here you are, Peter ;)
+
+ -- Roland Bauerschmidt <rb@debian.org> Fri, 09 Jul 2004 15:56:06 +0200
+
+openldap2 (2.1.30-1) unstable; urgency=low
+
+ * Torsten Landschoff <torsten@debian.org>:
+ + debian/control: Have slapd conflict with libltdl3 version 1.5.4-1
+ as with that version loading of .so files is broken which breaks
+ slapd (closes: #249152).
+ + Applied patch to fix Perl backend (closes: #245347). Kudos
+ to Peter Marschall.
+ + debian/configure.options: Enable building of Perl backend.
+
+ * Roland Bauerschmidt <rb@debian.org>
+ + debian/slapd.templates: replace 'domain' with 'DNS domain name'
+ which is little more specific
+ + debian/slapd.config: check if the domain has a valid syntax to
+ prevent slapadd from failing. Closes: #235749.
+ + New upstream version with fix for NS-MTA-MD5 hash length
+ checking. Closes: #226583.
+
+ -- Torsten Landschoff <torsten@debian.org> Mon, 24 May 2004 23:33:21 +0200
+
+openldap2 (2.1.29-2) unstable; urgency=low
+
+ * Roland Bauerschmidt <rb@debian.org>
+ + debian/rules: Revert change to install ldapadd as symlink.
+ Somehow, with that change, ldapadd didn't get installed at all.
+ Closes: #243537.
+
+ -- Roland Bauerschmidt <rb@debian.org> Tue, 13 Apr 2004 19:49:55 +0200
+
+openldap2 (2.1.29-1) unstable; urgency=low
+
+ * Stephen Frost <sfrost@debian.org>
+ + libraries/gnutls.c: Generate and store RSA/DH parameters,
+ based off a patch by Petr Vandrovec (though changed alot).
+ Closes: #234639, #234593
+
+ * Roland Bauerschmidt <rb@debian.org>
+ + Merged new upstream release.
+ + debian/slapd.prerm: add #DEBHELPER# token.
+ + debian/control: have slapd depend on debconf (>= 0.5) to ensure
+ it supports the seen flag.
+ + debian/rules: ldapadd is installed as a hardlink to ldapmodify;
+ use a symlink instead.
+ + debian/slapd.{scripts-common,postinst,preinst,config}: Add new
+ function read_slapd_conf that evaluates include statements.
+
+ -- Torsten Landschoff <torsten@debian.org> Mon, 12 Apr 2004 15:27:55 +0200
+
+openldap2 (2.1.26-1) unstable; urgency=low
+
+ * Torsten Landschoff <torsten@debian.org>:
+ + Merged new upstream release.
+ + debian/slapd.templates (slapd/purge_database): Set default value to
+ false.
+ + debian/slapd.config (manual_configuration_wanted): Don't exit
+ from the script directly if the user wants to configure
+ slapd manually (exit 0 -> return 0).
+ + Build-depend on libgnutls10-dev instead of libgnutls7-dev and
+ rebuild (closes: #233833).
+ + Move previous content of /var/lib/ldap away during creation of
+ an initial directory (closes: #228886, #233512).
+ + debian/slapd.postrm: Remove flag files in /var/lib/slapd on purge.
+ + Removed functionality (verbose error messages) from gnutls.c until
+ it compiled with libgnutls10-dev :-((
+ + debian/slapd.postinst: Overwrite existing /etc/ldap/slapd.conf (only
+ reached during initial installation/dpkg-reconfigure).
+
+ -- Torsten Landschoff <torsten@debian.org> Mon, 23 Feb 2004 09:36:32 +0100
+
+openldap2 (2.1.25-1) unstable; urgency=low
+
+ * Roland Bauerschmidt <rb@debian.org>:
+ + New upstream version.
+ - Build against libdb4.2. Hopefully, this resolves the BDB
+ lock ups when configured improperly.
+ + debian/control: Have ldap-utils depend on the same version of
+ libldap2, and libldap2 conflict with ldap-utils (<= 2.1.23-1).
+ Closes: #216661.
+ + debian/slapd.{templates,config}: Check if there are slave
+ databases in slapd.conf lacking an updateref option, and warn
+ about it. Closes: #216797.
+ + debian/slapd.{templates,config,postinst,conf}: Ask which
+ database backend to use (BDB or LDBM).
+ + debian/slapd.README.Debian: cleanup
+ + servers/slapd/back-bdb/dbcache.c: Turn off subdatabases. This
+ is an incompatible database format change, but according to
+ Howard Chu "using them (subdatabases) is known to cause deadlocks
+ on multiprocessor machines, among other issues."
+ + debian/control: add Recommends: db4.2-util to slapd
+ + debian/control: add Recommends: libsasl2-modules to slapd and
+ ldap-utils. Closes: #224058.
+ + debian/slapd.{scripts-common,preinst,postinst}: Extended dump
+ and restore code to deal with different versions for different
+ backends.
+ + debian/control: Geez, centipede seems to have vanished a long
+ time ago. So don't claim it's included in the slapd package.
+ + debian/slapd.docs: created with servers/slapd/back-sql/
+ rdbms_depends. Closes: #225807.
+
+ * Torsten Landschoff <torsten@debian.org>:
+ + debian/move_files: Install slappasswd into ldap-utils instead
+ of slapd as it's useful without slapd as well (closes: #228705).
+ + debian/control: Make ldap-utils Replaces: slapd < 2.1.25 because
+ of that change.
+ + debian/control: Use libdb4.2-dev instead of libdb4.1-dev as a
+ number of problems seem to be related to DB 4.1.
+
+ -- Torsten Landschoff <torsten@debian.org> Fri, 6 Feb 2004 20:48:22 +0100
+
+openldap2 (2.1.23-1) unstable; urgency=low
+
+ * Roland Bauerschmidt <rb@debian.org>:
+ + New upstream version.
+ + Applied fix for admin password breakage from Michael Beattie
+ <mjb@debian.org>. Closes: #214270.
+ + Added Dutch Debconf template translation by cobaco@linux.be.
+ Closes: #215373.
+ + Bumped Standards-Version (no changes needed).
+
+ * Torsten Landschoff <torsten@debian.org>:
+ + debian/move_files: Install slappasswd into ldap-utils instead
+ of slapd (closes: #228705).
+
+ -- Roland Bauerschmidt <rb@debian.org> Sat, 18 Oct 2003 19:56:54 +0200
+
+openldap2 (2.1.22-3) unstable; urgency=low
+
+ * Call perl -w to run debian/dh_installscripts-common. Closes: #214054.
+
+ -- Roland Bauerschmidt <rb@debian.org> Sat, 4 Oct 2003 14:22:11 +0200
+
+openldap2 (2.1.22-2) unstable; urgency=high
+
+ * Stephen Frost <sfrost@debian.org>
+ + servers/slapd/daemon.c: Apply patch from head for select handling.
+ + debian/rules: Fix build options to optimize correctly and to use
+ DEB_BUILD_OPTIONS (Policy, 10.1). Closes: #202306
+ + debian/slapd.conf: Add in ACL for root DSE explicitly.
+ + debian/slapd.init: Add --oknodo in stop_slurpd. Closes: #202592
+ + debian/rules: Need quotes around $(CFLAGS) on configure line.
+ + debian/slapd.init: Remove \'s before quotes around pidfile.
+ + debian/slapd.init: Add support for -h slapd flag. Closes: #201991
+ + debian/slapd.default: Add variable $SLAPD_SERVICES for slapd -h.
+ + libraries/libldap/tls.c: Apply patch from asuffield in #202741 to
+ fix subjectAltName usage. Closes: #202741
+
+ * Torsten Landschoff <torsten@debian.org>:
+ + Fix invocation of "head" in maintainer scripts and replace usage of
+ [ foo -a bar ] by [ foo ] && [ bar ] (closes: #203292).
+ + debian/slapd.postrm: Small cleanup, only remove the directory, not
+ the backups, on purge.
+ + debian/rules: Don't run the upstream install target if we did not
+ rebuild the whole tree. Makes debugging maintainer script much more
+ tolerable.
+ + debian/slapd.config: Cleaned up and restructured for readability.
+ + debian/slapd.templates: Replaced the invalid_suffix template with
+ invalid_config which is more general and can be used for any
+ inconsistency in the initial configuration.
+ + debian/slapd.postinst: Rewritten to eliminate all that spaghetti.
+ Did not yet implement all old features again...
+ - Now the #DEBHELPER# part is always reached so that the daemon
+ will be restarted even if no automatic configuration is wanted
+ (closes: #204008).
+ + Fixed the undefined symbols in libldap_r.so.2 (closes: #195990).
+ | configure.in: Try -lpthread before -pthread to link the thread
+ library. libtool does not pass -pthread through, -lpthread seems
+ to work though.
+ | libraries/libldap_r/Makefile.in: Add $(LTHREAD_LIBS) to
+ UNIX_LINK_LIBS so that pthread is linked when creating a shared library
+ as well.
+
+ * Roland Bauerschmidt <rb@debian.org>:
+ + debian/configure.options: change --localstatedir=/var/lib to
+ --localstatedir=/var/run. Since localstatedir isn't used anywhere
+ in the code, except for the ldapi socket (and examples in the
+ manpages which are correct at the moment anyway), all this change
+ does should be changing the default location of the ldapi socket
+ from /var/lib/ldapi to /var/run/ldapi. Closes: #160965.
+ + libraries/libldap/tls.c: In get_ca_list, walk through CACERTDIR
+ manually if building against GNUTLS (since there is no equivalent
+ to SSL_add_dir_cert_subjects_to_stack). Closes: #205609.
+ + debian/slapd.preinst: create /var/backups/ldap/$oldver with
+ permissions 0700. Also change permissions for /var/backups/ldap
+ to 0700 if it already exists. Closes: #209019.
+ + Added Japanese translation of Debconf templates by Kenshi Muto
+ <kmuto@debian.org>. Closes: #210731.
+ + debian/slapd.{postinst,preinst,config}: Replaced duplicate
+ implementations of the same functions with one version and moved
+ those into debian/slapd.scripts-common which will be included by
+ debian/dh_installscripts-common.
+ + debian/slapd.preinst: before dumping the database, check if the
+ backend is supported
+ + debian/slapd.postinst:
+ - add -q to grep call for allow bind_v2
+ - readded pre-2.1 (woody) upgrade path (that is, dumping, fixing
+ and reimporting the database)
+
+ -- Roland Bauerschmidt <rb@debian.org> Fri, 3 Oct 2003 15:35:29 +0200
+
+openldap2 (2.1.22-1) unstable; urgency=low
+
+ * Stephen Frost <sfrost@debian.org>:
+ + New upstream version (minor changes).
+ + debian/control: Change build-deps to autoconf2.13, Closes: #201482
+ + debian/rules: Add dh_compress -i for binary-indep.
+ + debian/slapd.postinst: Give variable for read (avoids bashism).
+ + configure/.in: Use upstream's version of back-meta/back-ldap fix.
+
+ -- Stephen Frost <sfrost@debian.org> Wed, 16 Jul 2003 08:42:23 -0400
+
+openldap2 (2.1.21-2) unstable; urgency=low
+
+ * Stephen Frost <sfrost@debian.org>:
+ + debian/slapd.preinst: slapcat here if possible, if slapcat not
+ available then slapcat in postinst. Also remove old unused
+ function.
+ + debian/slapd.postinst: Check if slapcat in preinst worked and use
+ those results in preference. Also moved to using /var/backups/ldap.
+ + servers/slapd/daemon.c: Provide more information on socket/bind
+ failures. Patch submitted upstream. Closes: #94967.
+ + ./configure, ./configure.in: Fix check for back_ldap in back_meta.
+ back_ldap now included as module. back_ldap and back_meta appear
+ to load fine, though order may matter. Closes: #196995.
+ + debian/control: Add versioned Depends on perl, need recent version
+ for migration script.
+ + debian/slapd.{pre,post}inst: Allow for whitespace in postinst
+ before database definitions
+ + debian/control: Drop the libldap2-dev Depends that aren't actually
+ necessary.
+ + debian/slapd.preinst: Add create_sed_script to create the script to
+ deal with multi-line commands in slapd.conf. Modify things to use
+ sed script to preprocess slapd.conf before using it. Remove
+ support for whitespace preceeding commands.
+ + debian/slapd.postinst: Add create_sed_script here too and modify
+ everything to use it as necessary. Also change everything to
+ reference $SLAPD_CONF instead of /etc/ldap/slapd.conf everywhere.
+ Remove support for whitespace preceeding commands.
+ + debian/slapd.postinst: Removed all tabs. Changed all sed scripts
+ to used [:space:] instead of [space tab].
+ + debian/slapd.postinst: Removed debugging statements from ldap_v2
+ support handling code.
+ + debian/slapd.preinst: Changed to use mktemp for sed script.
+ + debian/slapd.postinst: Changed to use mktemp for sed script.
+ + debian/slapd.config: If no hostname set just use debian.org.
+ + contrib/ldapc++/config.{sub,guess}: Resync back to upstream, no
+ reason not to, we don't even build this stuff...
+ + debian/control: Change build-depends to libgnutls7-dev instead of
+ libssl-dev.
+ + debian/rules: Now run autoconf && autoheader to pick up on the
+ configure.in changes needed for GNU TLS.
+ + debian/copyright: Added Steve Langasek (SL) copyright statement.
+ + Patch from Steve Langasek for GNU TLS support, Closes: #198553
+ | include/ldap_pvt_gnutls.h: Added for GNU TLS
+ | configure.in: Now uses GNU TLS where available.
+ | servers/slapd/schema_init.c: Modified for GNU TLS- some functions
+ removed because GNU TLS layer does not support them yet.
+ | build/install-sh: Added for new autoconf.
+ | libraries/libldap/Makefile.in: Changed to compile GNU TLS portions.
+ | libraries/libldap/getdn.c: Stub function added, GNU TLS layer does
+ not support TLS certificates for authentication yet.
+ | libraries/libldap/tls.c: Now calls GNU TLS functions instead of
+ OpenSSL.
+ | libraries/libldap/gnutls.c: Added to support GNU TLS in place of
+ OpenSSL for TLS connections.
+ | libraries/libldap_r/Makefile.in: Changed to compile GNU TLS portions.
+ + debian/slapd.postinst: remove temp file if upgrading or doing a
+ reconfigure but the OLDSUFFIX and basedn match so that we do not
+ move an empty file overtop of slapd.conf. Closes: #190797.
+ + debian/slapd.init: Inform user when not starting slapd due to
+ no configuration file found. Deals with users who select to not
+ configure slapd during installation.
+ + debian/slapd.init: Removed cat <<-EOF and got rid of associated
+ tabs; best to not depend on tab vs. space distinction.
+ + debian/slapd.config: Change debconf question names to be fully
+ qualified in the $var from the for loop- organization is under
+ shared/ and domain is under slapd/, not both under slapd/.
+ + debian/slapd.postrm: Can not depend on debconf being around in
+ postrm so check before attempting to source it. Also protect
+ against failure from db_get.
+ + debian/slapd.postinst: Check for old directory and move it out
+ of the way if it exists on new configure or reconfigure.
+ + debian/slapd.postinst: Fix db_input's for error messages,
+ should be high priority and need to || true them.
+ + debian/slapd.postinst: Do not error exit once we've told the
+ user about the problem, if there was one, with slapcat/slapadd.
+ + debian/slapd.postinst: Make sure we get the organization before
+ we attempt to fix_ldif on old slapcat output. Default to unknown
+ if the organization is not set.
+ + debian/slapd.postinst: Be sure that slapd has been stopped before
+ attempting to fix and slapadd old slapcat.
+ + debian/slapd.postinst: Do not use --exec with s-s-d in postinst.
+ + debian/slapd.postinst: grep calls need to be || true'd when no
+ matching lines found is possible (this case is handled).
+ + debian/slapd.postinst: Be very sure slapd has stopped before
+ attempting to upgrade database.
+ + debian/slapd.preinst: Use either the pidfile or exec if pidfile
+ is not available when stopping. Do not put \"\" around pidfile.
+ Use $oldver instead of $2.
+ + debian/slapd.config: Reask questions on a reconfigure. Use the
+ same logic as slapd.postinst for when to ask questions regarding
+ the db. Be sure to db_go after db_input's.
+ + debian/slapd.templates: Fix allow_bind_v2 short description to
+ make more sense since the default is off.
+ + debian/slapd.preinst: Use perl instead of sed for handling conf.
+ + debian/slapd.postinst: Use perl instead of sed for handling conf,
+ use old sed method to insert \n's, user invoke-rc.d when slapd
+ needs to be stopped. Assume preinst shuts slapd down for upgrade.
+ + debian/slapd.postinst: Only stop slapd on reconfigure.
+
+ * Torsten Landschoff <torsten@debian.org>:
+ + doc/man/man8/slapd.8: Refer to slapd.conf(5) for a description of
+ the debugging level (closes: #176980).
+ + debian/move_files: Kill of the static archives of our backend
+ modules as they are of absolutely no use.
+
+ * Steve Langasek <vorlon@debian.org>:
+ + debian/slapd.postinst: Add a new function, get_database_list, that
+ prints out the list of configured databases from slapd.conf
+ one row at a time. Move all of the upgrade handling into a
+ loop, and iterate through the configured databases. Since the
+ while loop is in fact a subshell, be sure to handle errors
+ correctly. We also have to look at the configured directory
+ for each database, instead of assuming /var/lib/ldap.
+ Closes: #190155, #190156.
+ + debian/slapd.preinst: Simplify the handling of error status: if
+ the slapcat fails, just remove the ldif file. Also, add the
+ suffix to the name of the output file, and add the
+ get_database_list function here as well.
+
+ * Roland Bauerschmidt <rb@debian.org>:
+ + debian/rules: call dh_makeshlibs with -plibldap2 rather than just
+ with libldap2
+ + debian/slapd.postinst: Add question about no configuration.
+ + debian/slapd.templates: Add template for no config question.
+ + debian/slapd.templates: Add template for invalid suffix.
+ + debian/slapd.config: Add no configuration option. Closes: #87986
+ + debian/slapd.config: Complain to the user on invalid domain/org.
+
+ -- Stephen Frost <sfrost@debian.org> Tue, 15 Jul 2003 12:37:05 -0400
+
+openldap2 (2.1.21-1) unstable; urgency=low
+
+ * Torsten Landschoff <torsten@debian.org>:
+ + Merged new upstream release.
+
+ * Stephen Frost <sfrost@debian.org>:
+ + debian/control: Add libbind-dev and bind-dev to the conflicts for
+ slapd, the libs in them can end up being used even when not
+ compiled against causing getaddrinfo() to fail. Closes: #166777
+ + debian/copyright: Flush out the copyright file to include all found
+ copyrights and updates to those.
+ + debian/copyright: Add clarification of MA license
+ + debian/copyright: Add clarification of JC license
+ + debian/slapd.templates: More clearly inform users of important
+ config change. Closes: #194192.
+ + debian/control: Remove patch from build-depends (dpkg-dev depends on it)
+ + debian/fix_ldif: Correctly handle base64-encoded DNs. Closes: #197014.
+ + debian/slapd.templates: Added templates for asking about LDAPv2 support
+ and telling the user of slapcat/slapadd failures during upgrade.
+ + debian/slapd.postinst: Added support for adding LDAPv2 support
+ + debian/slapd.postinst: Modified to handle slapcat/slapadd failure.
+ In the event of an upgrade failure the database will be left untouched
+ and the user notified. Closes: #192431
+ + debian/slapd.postinst: Use ldif_dump_location in more places...
+ + debian/slapd.prerm: Check if upgrade failed and assume bad old init.d
+ script was used and attempt to shut down slapd with --oknodo in case
+ slapd isn't running. Closes: #193854. (Again)
+ + debian/slapd.conf: Add commented out allow line
+ + debian/rules: Tell dh_installinit to not touch slapd.prerm now.
+ + debian/slapd.postinst: Do a dry-run with slapadd first and check if
+ that worked or not. If it did not work then tell the user, otherwise
+ do a real slapadd which should work.
+ + debian/slapd.postinst: Make sure slapd is stopped before doing
+ slapadd/slapcat's and the like. (Note: The woody version does not
+ stop slapd). Closes: #189777.
+ + debian/slapd.postinst: Check if directories exist before attempting
+ to mkdir them. Closes: #189947
+ + debian/slapd.README.debian: Add note about runlevel issue.
+ Closes: #175736
+ + debian/move_files: Copy ldiftopasswd into /usr/share/slapd for users
+ to use, if they find it useful. Closes: #94963.
+ + debian/slapd.README.Debian: Added note about ldiftopasswd.
+
+ * Roland Bauerschmidt <rb@debian.org>:
+ + debian/slapd.postinst: fixed typos and check for the existence of
+ slapd.conf before reading it.
+
+ -- Torsten Landschoff <torsten@debian.org> Thu, 19 Jun 2003 17:35:32 +0200
+
+openldap2 (2.1.17-3) unstable; urgency=low
+
+ * Stephen Frost <sfrost@debian.org>:
+ + debian/slapd.init: Add --oknodo for stopping slapd. Closes: #192423, #193854.
+ + debian/slapd.init: Change START_SLURPD to SLURPD_START. Closes: #190724.
+ + debian/libldap2.shlibs: Bump to 2.1.17- 2.1.12 never hit the archive.
+ These should only be bumped when new symbols are added so we should
+ figure out a way to handle checking that.
+ + debian/slapd.dirs: Added /var/run/slapd for pidfile
+ + debian/slapd.conf: Moved pidfile to /var/run/slapd; Needed if running
+ non-root.
+ + debian/slapd.conf: Clean up config file, be more explicit about what
+ directives are 'general', 'backend', and 'database'. Moved and
+ commented out 'replogfile' since it is database specific, wasn't doing
+ anything where it was and use of it depends on slurpd usage.
+ I consider this solving #151511 since we don't ask if you want to use
+ replication anymore anyway. Closes: #151511
+ + debian/copy_slapd_dev_files: Added to copy the include files for
+ building slapd back-ends.
+ + debian/control: Add warning about libslapd2-dev
+ + debian/control: Add build-depend on po-debconf for dh_installdebconf
+ + debian/slapd.default: Add option for settings SLAPD_CONF file
+ + debian/slapd.init: Changed to use SLAPD_CONF, setting it to
+ /etc/ldap/slapd.conf if it is not specified. Closes: #91318
+ + debian/control: Added libslapd2-dev to control file. Closes: #192163.
+ + debian/rules: Added binary-indep to the binary: build line and flushed
+ it out to build the libslapd2-dev deb. Added -k to dh_clean since we're
+ building arch and indep debs now.
+ + Maintainer upload, acknowledge NMU. Closes: #98039.
+ + Add debian/po/fr.po from 194740. Closes: #194740
+ + Add space before ']' on line 113 of postinst. Closes: #194192, #194943
+
+ * Torsten Landschoff <torsten@debian.org>:
+ + debian/control: Enforce libldap2 to be the same version as slapd
+ as slapd (legitimately) uses internal functions of that library
+ (closes: #190164).
+ + debian/slapd.postinst: Fix the regexp for finding the database
+ definitions.
+
+ * Steve Langasek <vorlon@debian.org>:
+ + debian/slapd.preinst: don't use debconf or ldapsearch in the
+ preinst, as this is a policy violation (even if a previous
+ version was installed, it could've been removed-but-not-purged).
+ Closes: #189811, #195029.
+ + debian/slapd.{pre,post}inst: dump & fix up the directory in the
+ postinst, not in the preinst -- using slapcat/slapadd, not
+ ldapmodify. This ensures that the dump will succeed whenever the
+ database is present, rather than depending on access to an admin
+ dn. Closes: #190085.
+ + debian/fix_ldif, debian/move_files, debian/copyright: add Dave
+ Horsfall's dn-fixing script, to handle objectClass upgrading
+ + debian/slapd.postinst: Skip the duplicate prompting for the
+ organization name; we're guaranteed to always have one.
+
+ -- Torsten Landschoff <torsten@debian.org> Fri, 6 Jun 2003 16:56:16 +0200
+
+openldap2 (2.1.17-2) unstable; urgency=low
+
+ * The who-says-slavery-is-dead upload.
+ * Steve Langasek <vorlon@debian.org>:
+ + debian/slapd.postinst: Fix the database regexp.
+ + debian/slapd.postinst: Only add moduleload lines *once* on upgrade
+ from 2.0. Wrap the backup code with a check for
+ /var/lib/slapd/upgrade_2.0, to guarantee idempotency.
+ Closes: #190401.
+ + debian/slapd.{config,templates,postinst}: On dpkg-reconfigure,
+ don't wipe out an existing config; only merge in any requested
+ changes. Also, prompt before wiping out the existing db.
+ Closes: #190799.
+ + debian/slapd.{postinst,examples},debian/rules: Move slapd.conf
+ from doc/slapd/examples to /usr/share/slapd, per policy.
+ + debian/slapd.postinst: make sure slapd.conf is always created
+ atomically.
+ + debian/slapd.postrm: If removing databases on package purge,
+ remove any database backups as well.
+
+ * Torsten Landschoff <torsten@debian.org>:
+ + debian/configure.options: Disable ACIs because they are still
+ experimental.
+ + debian/control: Change section and priority of libldap2-dev to
+ libdevel and extra respectively (dinstall message).
+ + debian/slapd.preinst: Only query the object classes of the root
+ dn if there was no error parsing the config.
+ + Update templates for po-debconf using the patch submitted by
+ Andre Luis Lopes (closes: #189933).
+ + Use [[:space:]] instead of [\t ] in sed invocations since the
+ latter does not seem to work (reported by Daniel Lutz).
+ + debian/control: Add Replaces: entry for openldapd since ldif.5.gz
+ was included in the potato package of that name (closes: #190660).
+ + debian/control: Tighten the build dependency on libtldl3-dev as
+ versions before 1.4.3 required the .la file for dynamic binding
+ (thanks to Josip Rodin for pointing this out).
+
+ -- Torsten Landschoff <torsten@debian.org> Sat, 19 Apr 2003 02:28:32 +0200
+
+openldap2 (2.1.17-1) unstable; urgency=low
+
+ * New upstream release.
+ * Torsten Landschoff <torsten@debian.org>:
+ + debian/slapd.init: Improve the error reporting. If nothing is output
+ by the failing command don't leave the user alone but print a hint
+ to look into the logfile etc.
+ + debian/control: Require at least version 2.1.3 of libsasl2-dev
+ as this is what the configure script checks for. Pointed out by
+ Norbert Tretkowski.
+ + debian/slapd.{pre,post}inst: Small cleanups, added some comments,
+ adapted for the removal of the .la files in slapd package.
+
+ -- Torsten Landschoff <torsten@debian.org> Sat, 19 Apr 2003 01:59:26 +0200
+
+openldap2.1 (2.1.16-1) unstable; urgency=low
+
+ * New upstream release.
+ + build/top.mk: Remove patch to omit "-static" at linking time. Upstream
+ now respects the --enable-shared flag used at configuration time.
+ + debian/slapd.postinst: Automagically add the module load directives
+ after upgrade as needed.
+ + debian/slapd.config:
+ - Only ask questions to create a new directory on fresh install.
+ - Ask wether the right modules should automatically be loaded in
+ slapd.conf.
+ + debian/slapd.templates: Add the templates for autoloading modules
+ and fixing the directory.
+ + debian/slapd.preinst: New script to support upgrading from 2.0.
+ The old prerm did not stop the daemon so we have to do it here.
+ Also a first attempt to fix broken LDAP directories not acceptable
+ to 2.1.
+ - Conditionally load debconf when upgrading as it only has to
+ be available in that case.
+ + debian/slapd.preinst: Dump database before upgrade.
+ + debian/slapd.postinst: Recreate database from dump after upgrade.
+ Move old database out of the way.
+
+ * Roland Bauerschmidt <rb@debian.org>
+ + debian/slapd.README.Debian: mention that backend database modules are
+ now compiled as shared objects
+
+ * Stephen Frost <sfrost@debian.org>
+ + debian/slapd.conf: Drop the '.la' file extension
+ + debian/move_files: Drop and rm the .la files, they aren't necessary.
+ + debian/slapd.README.Debian: Dropped the .la from the module_load line.
+ + servers/slapd/daemon.c: check slapd_srvurls is not NULL before
+ deref; included in upstream CVS.
+ + servers/slapd/back-*/init.c: Change the munged symbol names to
+ init_module, they do not need to be munged, and cause problems when
+ they are and not using .la files (which cause other problems)
+ + servers/slapd/module.c: Change to use lt_dlopenext() so we don't
+ need the .la files
+
+ -- Torsten Landschoff <torsten@debian.org> Wed, 26 Mar 2003 20:34:35 +0100
+
+openldap2.1 (2.1.12-1) experimental; urgency=low
+
+ * Initial release of OpenLDAP 2.1 packages. Closes: #167566, #178014.
+ - this includes support for the >= and <= operators. Closes: #159078.
+ - fixes various upstream bugs. Closes: #171008.
+
+ * Torsten Landschoff <torsten@debian.org>
+ - debian/check_config: Added script to check if OpenLDAP was configured
+ the way we want it.
+ - Don't build special TLS packages anymore - SSL is enabled in the
+ stock ldap library. Everything else will just give me more headaches.
+ - Build against libsasl2 instead of libsasl1. Closes: #176462.
+ - debian/control:
+ - Build-depend on debhelper 4.0 as debian/rules uses DH_COMPAT=4.
+ - Depend on coreutils | fileutils. Closes: #175704, #185676.
+ - Make libldap2 conflict with libldap2-tls which is obsolete now.
+ - debian/rules: Move the long list of configure options to a new
+ file debian/configure.options and read $(CONFIG) from that file.
+ - configure with --enable-aci. Closes: #101602.
+ - debian/slapd.init: Rewrite and add comments.
+ - Add support for running as non-root (closes: #111765, #157037).
+ - servers/slapd/main.c (main): Remove pid file on exit (closes: #162284).
+ - servers/slurpd/slurp.h: Change the default spool directory to
+ /var/spool/slurpd (avoids passing it via -t in init.d).
+ - servers/{slapd,slurpd}/Makefile.in: Install binaries into sbindir
+ instead of libexecdir.
+ - debian/control: Add Stephen Frost to the Uploaders field. Thanks
+ for your help, Stephen!
+ - contrib/ldapc++/config.{guess,sub}: Replaced with current files from
+ autotools-dev (lintian). Not actually neccessary since this part of
+ the package is not currently built but I think this is the best way
+ to shut up lintian :)
+ - build/mod.mk: Use -m 644 instead of -m 755 in installing shared
+ libraries. Shared libraries should not be marked as executable
+ (lintian).
+ - debian/libldap2.conffiles: Remove, since we are using version 4
+ of debhelper which tags everything in /etc as conffile by default.
+ - debian/rules: Change the mode of everything upstream installed into
+ /etc to 0644 as required by policy (lintian).
+ - debian/rules: Call dh_installdeb later in the binary target so that
+ the conffiles are already there for listing. Without this nothing in
+ /etc gets tagged as conffile... (lintian).
+ - debian/rules: Pass the start and stop priority of slapd to
+ dh_installinit in preparation for a postinst supported by debhelper.
+ - debian/rules: Call dh_installdirs again.
+ - Rewrite slapd.config, slapd.postinst, slapd.templates - a first try
+ in getting slapd to configure itself. Way to go.
+
+ * Roland Bauerschmidt <rb@debian.org>
+ - debian/control:
+ - build-depend on libdb4.1-dev instead of libdb4.0-dev
+ - conflict, replace, and provide libldap2-tls (libldap2)
+ - removed ldap-gateways binary package
+ - drop suggestion to obsolete openldap-guide. Closes: #171894, #146968.
+ - debian/rules:
+ - build with BDB backend
+ - run dh_installdeb
+ - only run dh_makeshlibs for libldap2
+ - debian/slapd.dirs: added to create /var/lib/ldap and /var/spool/slurpd
+ - debian/slapd.postinst:
+ - properly remove temporary files on errors. Closes: #160412.
+ - install init.d link if slapd.conf already exists. Closes: #159542.
+ - run db_stop even if package isn't configured for the first time. This
+ prevents hanging during upgrades.
+ - added debian/slapd.default and use it from debian/slapd.init.
+ Closes: #160964, #176832.
+ - added debian/slapd.README.Debian
+ - added versioned dependency on coreutils to make lintian quiet.
+ - added debian/slapd.postrm
+ - remove slapd.conf when package is purged
+ - remove /var/lib/ldap when slapd/purge_database is true
+ - remove /etc/ldap/schema if empty. Closes: #185173.
+ - debian/templates: added slapd/purge_database template
+ - build/top.mk: link against libcrypt before other SECURITY_LIBS
+ - debian/libldap2.shlibs: tighten dependencies. Closes: #181168.
+
+ * Stephen Frost <sfrost@debian.org>
+ - debian/control: added libltdl2-dev and libslp-dev to the build-depends
+ - Correct typo for back-sql init routine; already in OpenLDAP upstream
+ CVS
+ - Correct free of SASL interact results; already in OpenLDAP upstream CVS
+ - Duplicate the DN from SASL to ensure '\0' termination; already in
+ OpenLDAP upstream CVS
+ - debian/control: added Replaces: slapd (<< 2.1) for ldap-utils due to
+ ldif.5 move.
+ - Add modulepath /usr/lib/ldap to default slapd config
+ - Add moduleload back_bdb to default slapd config
+ - Changed libexecdir to ${prefix}/lib
+ - Add usr/lib/ldap to slapd portion of move_files
+ - Modified backend types to be built as modules for dynamic loading
+ - Fixed pt_BR translation
+
+ -- Roland Bauerschmidt <rb@debian.org> Sat, 15 Mar 2003 21:35:24 +0100
+
+openldap2 (2.0.27-3) unstable; urgency=high
+
+ * [SECURITY]: Apply the patch used by SuSE in SuSE-SA:2002:047
+ (or rather the parts of it not yet included upstream).
+
+ -- Torsten Landschoff <torsten@debian.org> Fri, 20 Dec 2002 04:47:15 +0100
+
+openldap2 (2.0.27-2) unstable; urgency=low
+
+ * debian/control: Make libldap2-dev depend on libssl-dev and
+ libsasl-dev, since those libs are pulled via the libldap.la file
+ (closes: #164791).
+ * debian/control: Add shlibs:Depends to libldap2-tls as well. Most
+ of those depends are pulled via libldap2 but of course libssl
+ is not among those. (closes: #169950).
+ * debian/libldap2-tls: Remove old divertions on "configure" and not
+ on "upgrade" - the latter is not really called.
+
+ -- Torsten Landschoff <torsten@debian.org> Fri, 22 Nov 2002 00:35:29 +0100
+
+openldap2 (2.0.27-1) unstable; urgency=low
+
+ * New upstream release.
+
+ -- Torsten Landschoff <torsten@debian.org> Wed, 6 Nov 2002 01:12:06 +0100
+
+openldap2 (2.0.23-14) unstable; urgency=low
+
+ * debian/rules: Remove search paths from .la files using some perl
+ trickery (closes: #110479).
+ * debian/libldap2.README.debian: Document the NSS problem which stops /usr
+ from being unmounted cleanly when using libnss-ldap (for more info
+ see bug#159771).
+
+ * Started cleaning up the maintainer scripts:
+ - Remove creation of the /usr/doc symlinks (lintian).
+ - Don't run ldconfig in prerm scripts (lintian).
+
+ -- Torsten Landschoff <torsten@debian.org> Mon, 30 Sep 2002 12:10:05 +0200
+
+openldap2 (2.0.23-13) unstable; urgency=low
+
+ * As Ashley Clark found out the preinst of libldap-tls fails for a new
+ install. My fault - I did not check that (removing ldap is cumbersome
+ if you are using it... :) and the scripts were only checked without
+ "set -e" in effect.
+ + debian/libldap2-tls.preinst: Apply Ashley's patch (thanks a lot,
+ Ashley. closes: #162123).
+ + Coincidently the other installation scripts seem to be okay, the
+ failing command is in the middle of a pipe and therefore ignored.
+
+ -- Torsten Landschoff <torsten@debian.org> Tue, 24 Sep 2002 12:56:18 +0200
+
+openldap2 (2.0.23-12) unstable; urgency=low
+
+ * Apply the patch from upstream ITS#2012 to support MD5 hashes. Problem
+ is that OpenSSL comes with its own version of the crypt() function
+ which is linked in instead of the system's version from libcrypt.
+ The patch changes the link order so that slapd takes the system's
+ implementation.
+ * debian/rules: Pass --enable-crypt-first to configure to enable the
+ patch (closes: #160763).
+ * Fix the diversion handling of libldap2-tls:
+ - preinst: Only install diversions that are not there.
+ - postrm: Remove this package's diversions.
+ - postinst: Remove obsolete diversions after upgrade.
+ - Removal of diversions is done in reverted order of the installation.
+
+ * Enable DNSSRV support as requested by Turbo. No Kerberos for now, sorry.
+ * debian/control: Updates Standards-Version to 3.5.7 and fix running
+ of ldconfig in maintainer scripts.
+
+ -- Torsten Landschoff <torsten@debian.org> Mon, 23 Sep 2002 12:18:40 +0200
+
+openldap2 (2.0.23-11) unstable; urgency=low
+
+ * debian/rules: Build with --with-tls (closes: #80591, #155937).
+ * debian/control:
+ + Add build dependency on libssl-dev.
+ + Specify Roland Bauerschmidt as co maintainer.
+ * Added the trickery to have libldap2 without TLS and libldap2-tls
+ with the TLS stuff. Otherwise we have to change the base system,
+ and god knows how long that would take.
+
+ Most of the changes done by Roland Bauerschmidt. We now build the
+ source two times - with and without ssl. We mostly use the ssl enabled
+ stuff with the exception of a libldap2 package which does not have
+ support for that. If you need TLS support you have to install
+ libldap2-tls, which diverts the libraries from libldap2 out of the
+ way and replaces them with the TLS enabled version.
+
+ -- Torsten Landschoff <torsten@debian.org> Thu, 29 Aug 2002 13:35:39 +0200
+
+openldap2 (2.0.23-10) unstable; urgency=low
+
+ * debian/control: Build depend on libdb4.0-dev instead of libdb3-dev.
+ This should fix the index corruption problems (closes: #152959).
+
+ -- Torsten Landschoff <torsten@debian.org> Sun, 18 Aug 2002 19:47:02 +0200
+
+openldap2 (2.0.23-9) unstable; urgency=low
+
+ * debian/slapd.init: Wait for the daemons to actually terminate for
+ the stop action (which is used for restart) and trap all errors
+ (closes: #148033).
+ * debian/rules: Build with -D_FILE_OFFSET_BITS=64 to support files
+ bigger than 2GB on all architectures (closes: #155197). As off_t is
+ about never used in the source that should not create any problems.
+ * debian/control: Make libldap2-dev depend on libsasl-dev
+ (closes: #135223, #96957).
+ * doc/man/man1/ldapmodify.1: Fix typo (closes: #105905).
+ * debian/rules: Create symlinks for some manpages (closes: #99547).
+ * Fix spelling error in description of ldap-gateways (closes: #124859).
+ * debian/copyright: Include the full content of the LICENSE file
+ (closes: #151222).
+
+ -- Torsten Landschoff <torsten@debian.org> Thu, 8 Aug 2002 15:54:46 +0200
+
+openldap2 (2.0.23-8) unstable; urgency=low
+
+ * New maintainer.
+ * debian/control: Build-Conflict with libbind-dev to use the right
+ resolver library everywhere (closes: #112459). Of course, the
+ real solution must be to fix the configure script to not detect
+ libbind-dev and use the right resolver all the time. But a work around
+ is better than nothing I would say...
+
+ -- Torsten Landschoff <torsten@debian.org> Wed, 7 Aug 2002 14:53:39 +0200
+
+openldap2 (2.0.23-7) unstable; urgency=low
+
+ * Add Brazilian translation for debconf templates. Closes: Bug#114021
+ * Fix hostless LDAP URLs, patch from Lamont Jones. Closes: Bug#140387
+
+ -- Wichert Akkerman <wakkerma@debian.org> Sat, 4 May 2002 20:05:32 +0200
+
+openldap2 (2.0.23-6) unstable; urgency=high
+
+ * Make slapd.config idempotent, so that calling it once (during
+ preconfiguration) and again (during postinst) doesn't break things.
+ Patch from Anthony Towns. Closes: Bug#137552).
+
+ -- Wichert Akkerman <wakkerma@debian.org> Sun, 14 Apr 2002 19:10:50 +0200
+
+openldap2 (2.0.23-5) unstable; urgency=high
+
+ * Fix slurpd invocation in slapd.init. Closes: Bug#141959
+ * Ask for admin DN when using LDIF initialization as well.
+ Lets hope this finally Closes: Bug#137552
+ * Merge German translation for debconf templates. Closes: Bug#141712
+ * Add Build-Depends on debconf-utils since we use debconf-mergetemplate
+ * Remove bogus error from slapd.init. Closes: Bug#137718
+
+ -- Wichert Akkerman <wakkerma@debian.org> Tue, 9 Apr 2002 14:49:27 +0200
+
+openldap2 (2.0.23-4) unstable; urgency=high
+
+ * Only show already-configured note on initial installs. Closes: Bug#137100
+ * Supply -t option to slurpd when starting it, not when stopping it.
+ Closes: Bug#136240
+ * Use db_input instead of db_get for notes in the slapd postinst.
+ * Only fetch password from debconf when not using ldif initialization.
+ Closes: Bug#138558,#137552
+ * Check if slapd.conf exists in slapd postinst. Closes: Bug#138136
+
+ -- Wichert Akkerman <wakkerma@debian.org> Sat, 6 Apr 2002 23:02:42 +0200
+
+openldap2 (2.0.23-3) unstable; urgency=high
+
+ * If can not get a password for the admin entry when installing slapd
+ generate one randomly. Closes: Bug#134774
+ * Bump shlibs dependency to 2.0.23
+
+ -- Wichert Akkerman <wakkerma@debian.org> Thu, 21 Feb 2002 23:23:57 +0100
+
+openldap2 (2.0.23-2) unstable; urgency=high
+
+ * Create /var/spool/slurpd and tell slurpd to use that as temporary
+ directory. Closes: Bug#134564
+ * Improve debconf prompts a bit. Closes: Bug#134945
+ * Properly set default value for domain
+ * Clear crypted password from debconf after creating the LDAP directory
+
+ -- Wichert Akkerman <wakkerma@debian.org> Sun, 17 Feb 2002 16:07:18 +0100
+
+openldap2 (2.0.23-1) unstable; urgency=high
+
+ * Upstream updated config.{guess,sub} so we are back to zero patches
+ again.
+ * Apply fix from Klaus Duscher for the missing password problem: the
+ config script did not check if it was run twice without slapd.conf
+ being generated in between and would abort with a missing password
+ error. Closes: Bug#132566
+ * Change slapd priority for boot sequence to start earlier and stop
+ later so people can use LDAP for NSS purposes. Closes: Bug#130277
+
+ -- Wichert Akkerman <wakkerma@debian.org> Sun, 17 Feb 2002 16:07:18 +0100
+
+openldap2 (2.0.22-2) unstable; urgency=low
+
+ * Update config.{guess,sub} again. Closes: Bug#131469
+
+ -- Wichert Akkerman <wakkerma@debian.org> Thu, 7 Feb 2002 22:33:01 +0100
+
+openldap2 (2.0.22-1) unstable; urgency=low
+
+ * New upstream version
+ * Build properly as non-native package
+
+ -- Wichert Akkerman <wakkerma@debian.org> Wed, 6 Feb 2002 00:17:20 +0100
+
+openldap2 (2.0.21-3) unstable; urgency=high
+
+ * Add logic to config and postinst to configure replication as well
+ * Don't fail in slapd postinst if we can't stop slapd. Closes: Bug#131617
+ * Change localstatedir to /var/lib
+ * Remove /var/lib/ldap when purging slapd
+ * Don't remove user-supplied ldif file after creating the directory
+ * Set default replogfile
+ * Fix typo in severity for no_password note
+ * Encrypt admin password and remove it from the debconf database
+
+ -- Wichert Akkerman <wakkerma@debian.org> Thu, 31 Jan 2002 17:03:36 +0100
+
+openldap2 (2.0.21-2) unstable; urgency=medium
+
+ * Update config.{guess,sub} and forwarded upstream (ITS#1567).
+ Closes: Bug#131469
+ * Remove -x from slapd postinst. Closes: Bug#131502
+
+ -- Wichert Akkerman <wakkerma@debian.org> Wed, 30 Jan 2002 10:53:45 +0100
+
+openldap2 (2.0.21-1) unstable; urgency=high
+
+ * New upstream version,
+ * Update copyright
+ * Update config.guess and config.sub
+ * Redone packaging, no more dbs or debhelper
+ * Drop all patches, they are either unnecessary or alternatives have
+ been made upstream
+
+ -- Wichert Akkerman <wakkerma@debian.org> Tue, 29 Jan 2002 17:04:10 +0100
+
+openldap2 (2.0.14-1) unstable; urgency=high
+
+ * New upstream version, which includes a billion second bug.
+ Closes: Bug#111833
+ * Drop 005_libldbm_dbopen, upgrading the database in place no longer works
+ with the new db-env code.
+ * Redo 008_porting_maxpathlen
+
+ -- Wichert Akkerman <wakkerma@debian.org> Sat, 15 Sep 2001 13:39:46 +0200
+
+openldap2 (2.0.11-2) unstable; urgency=low
+
+ * Test if /etc/init.d/slapd is executable when purging slapd.
+ Closes: Bug#100938
+ * Update 008_porting_maxpathlen. Closes: Bug#100584
+ * Don't use four11 as referral example anymore. Closes: Bug#99998
+ * Fix synopsis of slapindex manpage. Added to 002_man_fixes.
+ Closes: Bug#98805
+ * Removed stray backup file from 002_man_fixes
+
+ -- Wichert Akkerman <wakkerma@debian.org> Tue, 19 Jun 2001 01:01:17 +0200
+
+openldap2 (2.0.11-1) unstable; urgency=low
+
+ * New upstream version
+ * Add autoconf to Build-Depends. Closes: Bug#99440
+ * Fix new db upgrade patch. Closes: Bug#98853
+
+ -- Wichert Akkerman <wakkerma@debian.org> Sun, 3 Jun 2001 00:25:47 +0200
+
+openldap2 (2.0.10-2) unstable; urgency=low
+
+ * Tighten shlibs dependency to >= 2.0.1-1. Closes: Bug#98683
+
+ -- Wichert Akkerman <wakkerma@debian.org> Fri, 25 May 2001 16:32:35 +0200
+
+openldap2 (2.0.10-1) unstable; urgency=low
+
+ * New upstream version
+ * New maintainer
+ * Remove useless LINE_WIDTH bit from patch 000_clients
+ * Patch 004_ssl_fix has been merged upstream, removed
+ * Redo 005_db3_upgrade
+ * Rediff all other patches
+
+ -- Wichert Akkerman <wakkerma@debian.org> Thu, 24 May 2001 14:56:02 +0200
+
+openldap2 (2.0.7-6) unstable; urgency=low
+
+ * Make sure autoconf is run if configure.in is changed (for Hurd patch),
+ closes: #96145
+ * Fix slapd.postinst in the case of using an ldif file, closes: #95600
+ * Use a var for slapd.conf in slapd init script. Partially fixes bug
+ 91318.
+ * Fixed hurd patch for strrchr in replog.c, closes: #93605
+
+ -- Ben Collins <bcollins@debian.org> Mon, 7 May 2001 23:00:27 -0400
+
+openldap2 (2.0.7-5) unstable; urgency=low
+
+ * Fixed db3 upgrade code, closes: #92331, #92916
+ * m68k should compile fine with db3 now, closes: #90165
+ * Included provided patch for Hurd compilation, closes: #88079
+
+ -- Ben Collins <bcollins@debian.org> Wed, 4 Apr 2001 17:46:47 -0400
+
+openldap2 (2.0.7-4) unstable; urgency=low
+
+ * slapd.conf is no longer a conffile, and not provided by the package.
+ Instead, it is only generated. closes: #81359
+ * Fixed by previous upload, closes: #71852, #78950, #82491
+ * Actually install the netscape schema, closes: #90323
+ * Add comment to README.Debian about being compiled with libwrap,
+ closes: #84954
+ * Provide example sasl config file, closes: #90855
+ * Conflict replace openldap-utils (ldap-utils), and libopenldap-dev
+ (libldap2-dev), closes: #71471
+ * Revert to using some code to upgrade previous db's. Remove slapd's dep
+ on db3-util, and remove postinst code that upgrades the db's.
+
+ -- Ben Collins <bcollins@debian.org> Sat, 24 Mar 2001 21:59:20 -0500
+
+openldap2 (2.0.7-3) unstable; urgency=low
+
+ * netscape-profile.schema: new schema for old roaming support
+ * 004_ssl_fix.diff: Fix for SSL support (not compiled in, but some
+ people use it).
+ * slapd.config: FINALLY fix the "dc=" base bug.
+ * Build-Depend on libdb3-dev now that it is available.
+ * Now that we use db3, make sure we upgrade existing databases to the
+ db3 format with db3_upgrade.
+
+ -- Ben Collins <bcollins@debian.org> Sun, 11 Mar 2001 23:36:34 -0500
+
+openldap2 (2.0.7-2) unstable; urgency=low
+
+ * slapd.postinst: fix debhelper wraper so it gets the right @argv,
+ closes: #71854
+ * sendmail appears to be compiled against glibc2.2/libdb2 now,
+ closes: #71602
+ * %strace ldapsearch cn=admin | & grep /etc | grep ldap
+ open("/etc/ldap/ldap.conf", O_RDONLY) = 3
+ closes: #71716
+ * ldap_first_attribute.3: s/ber_free(3)/ber_free/. closes: #76719
+ * init.d/slapd: fix reference to pidfile, and also remove the pidfile
+ after killing the daemon, closes: #77633, #77635
+ * Fix fgets buffer size thinko in slurpd. closes: #78003
+ * slapd.8: s/ldap.h/slapd.conf(5)/. closes: #80457
+
+ -- Ben Collins <bcollins@debian.org> Sun, 31 Dec 2000 00:02:46 -0500
+
+openldap2 (2.0.7-1) unstable; urgency=low
+
+ * New upstream
+ * Removed hack for shlibs now that dpkg 1.7 is available, added dpkg-dev
+ 1.7.1 to build-depends.
+ * start using DH_COMPAT=2
+
+ -- Ben Collins <bcollins@debian.org> Fri, 10 Nov 2000 18:53:25 -0500
+
+openldap2 (2.0.2-2) unstable; urgency=low
+
+ * Recompile against libdb2/glibc 2.1.94/sasl
+
+ -- Ben Collins <bcollins@debian.org> Wed, 27 Sep 2000 11:31:59 -0400
+
+openldap2 (2.0.2-1) unstable; urgency=low
+
+ * New upstream version, includes some patches from me that fix some
+ stability issues
+ * debian/control:Build-Depends: change libwrap-dev to libwrap0-dev for
+ clarity, closes: #71366
+ * debian/rules: make sure mail500 docs do not get installed under bogus
+ subdirs, closes: #71473
+ * debian/README.build,debian/scripts/dbs-build.mk: Fix and document
+ build system better, closes: #71584
+ * debian/local/slapd.conf: Setup default ACL's to work with openldap2
+ correctly, closes: #71127, #71131
+ * debian/README: document how to access OpenLDAP 1 servers via
+ ldap-utils, closes: #71469
+ * debian/rules:CFLAGS: add -I/usr/include/db2 to make sure we get the
+ right <db.h> header, closes: #71470
+ * I cannot reproduce this. In debian/rules I have done exactly what is
+ needed to keep it from happening, and sparc, i386 and powerpc builds
+ do not show it, closes: #71472
+
+ -- Ben Collins <bcollins@debian.org> Wed, 13 Sep 2000 22:32:35 -0400
+
+openldap2 (2.0.1-2) unstable; urgency=low
+
+ * Fixed up depend for libldap2 on itself
+
+ -- Ben Collins <bcollins@debian.org> Wed, 6 Sep 2000 13:24:06 -0400
+
+openldap2 (2.0.1-1) unstable; urgency=low
+
+ * New upstream version
+ * Added libsasl-dev to build-deps, closes: #70923
+
+ -- Ben Collins <bcollins@debian.org> Tue, 5 Sep 2000 06:49:05 -0400
+
+openldap2 (2.0-1) unstable; urgency=low
+
+ * Initial release of OpenLDAP 2 test code
+
+ -- Ben Collins <bcollins@debian.org> Tue, 29 Aug 2000 14:28:39 -0400