openldap 2.4.42+dfsg-2ubuntu1 source package in Ubuntu

Changelog

openldap (2.4.42+dfsg-2ubuntu1) xenial; urgency=medium

  * Merge from Debian testing (LP: #1532648). Remaining changes:
    - Enable AppArmor support:
      - d/apparmor-profile: add AppArmor profile
      - d/rules: use dh_apparmor
      - d/control: Build-Depends on dh-apparmor
      - d/slapd.README.Debian: add note about AppArmor
    - Enable GSSAPI support:
      - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
        - Add --with-gssapi support
        - Make guess_service_principal() more robust when determining
          principal
      - d/configure.options: Configure with --with-gssapi
      - d/control: Added heimdal-dev as a build depend
    - Enable ufw support:
      - d/control: suggest ufw.
      - d/rules: install ufw profile.
      - d/slapd.ufw.profile: add ufw profile.
    - Enable nss overlay:
      - d/{patches/nssov-build,rules}: Apply, build and package the
        nss overlay.
    - d/{rules,slapd.py}: Add apport hook.
    - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
      either the default DIT nor via an Authn mapping.
    - d/slapd.scripts-common:
      - add slapcat_opts to local variables.
      - Remove unused variable new_conf.
      - Fix backup directory naming for multiple reconfiguration.
    - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
    - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
      in the openldap library, as required by Likewise-Open
    - Show distribution in version:
      - d/control: added lsb-release
      - d/patches/fix-ldap-distribution.patch: show distribution in version
  * Drop CVE-2015-6908.patch, included in Debian.
  * Remove DEB_HOST_ARCH from debian/rules: left over from when mdb was
    disabled on ppc64el, no longer used, and missed in the previous merge.

openldap (2.4.42+dfsg-2) unstable; urgency=medium

  [ Ryan Tandy ]
  * Change explicit Pre-Depends: multiarch-support to ${misc:Pre-Depends}, as
    recommended by lintian.
  * Omit slapd, slapd-dbg, and slapd-smbk5pwd from the stage1 build profile.
    This allows the dependency loop with heimdal to be broken for
    bootstrapping, and the dependency on libperl-dev to be avoided for
    cross-building. Thanks Daniel Schepler and Helmut Grohne.
    (Closes: #724518)
  * Apply wrap-and-sort to the Build-Depends field.
  * Drop libncurses5-dev from Build-Depends, no longer needed since the ud
    tool was removed in OpenLDAP 2.1.4.
  * Drop libltdl3-dev as an alternate Build-Depends, since that package was
    removed after lenny.
  * Annotate Build-Depends on perl with :any to allow running the system perl
    interpreter during cross builds.
  * Ensure CC is set correctly for cross builds. Thanks Helmut Grohne.
  * Build-Depend on dpkg-dev (>= 1.17.14) and debhelper (>= 9.20141010) for
    restriction formula support.
  * Override the 'dev-pkg-without-shlib-symlink' lintian tag. The symlink is
    actually in the form libldap_r.so -> libldap_r-2.4.so.xyz and the tag is a
    false positive; see #687022.
  * Include the smbk5pwd man page in the slapd-smbk5pwd package.
  * Allow anonymous read access to the shadowLastChange attribute by default,
    allowing nss-ldap/nss-ldapd to handle password expiry correctly even when
    bound anonymously. This was the only restricted shadow attribute, the
    others were already world-readable. (Closes: #669235)
  * Drop the redundant default ACL for dn.base="" from the database entry.
    It's already covered by the fallback case below.
  * Copy more comments from the slapd.conf template to slapd.init.ldif. Also
    comment the shadowLastChange access rule.
  * Import upstream patch to remove an unnecessary assert(0) that could be
    triggered remotely by an unauthenticated user by sending a malformed BER
    element. (ITS#8240)

  [ Peter Marschall ]
  * Add a manual page slapo-smbk5pwd.5 and update smbk5pwd's Makefile to
    install the new manual page. (Closes: #794998)

openldap (2.4.42+dfsg-1) unstable; urgency=medium

  [ Peter Marschall ]
  * slapd.scripts-common:
    - Use update_permissions instead of direct calls to chown and chgrp.
    - Make variables only used within a function local to that function.
    - Restore databases ordered by increasing suffix path length.
      This should help configurations with databases glued together using the
      'subordinate' keyword / 'olcSubordinate' attribute in slapd's
      configuration.
    (Closes: #794996)
  * Install slapo-lastbind.5 man page. (Closes: #794997)

  [ Ryan Tandy ]
  * slapd.scripts-common: Delete an outdated comment.
  * New upstream release.
  * Enable the MDB backend again on GNU/kFreeBSD. The new pthread library
    provides all the required interfaces, and the test suite now passes.
    Leave it disabled on the Hurd. LMDB requires POSIX semaphores, which have
    not yet been implemented.
  * Disable the BDB/HDB backends on the Hurd. BDB requires record locks
    (F_SETLK), which have not yet been implemented; see #693971.

 -- Ryan Tandy <email address hidden>  Sun, 10 Jan 2016 15:50:53 -0800