Ubuntu
openldap package

Merge openldap from Debian unstable for 22.04

Bug #1946883 reported by Bryce Harrington
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
openldap (Ubuntu)
Fix Released
Undecided
Sergio Durigan Junior
Ubuntu ubuntu-22.02

Bug Description

Upstream: 2.5.8
Debian: 2.4.59+dfsg-1 2.5.8+dfsg-1~exp1
Ubuntu: 2.5.6+dfsg-1~exp1ubuntu1

Debian experimental has 2.5.8+dfsg-1~exp1

### New Debian Changes ###

openldap (2.4.59+dfsg-1) unstable; urgency=medium

  * New upstream release.
  * Fix FTBFS with autoconf 2.71 (Closes: #993032):
    - Backport upstream changes to support Autoconf 2.69 instead of simply
      disabling automake in debian/rules. Fixes FTBFS due to autoreconf
      thinking files required by Automake are missing, even though Automake is
      not actually used.
    - Stop running autoreconf in contrib/ldapc++ since we don't build it.
    - Drop custom config.{guess,sub} handling. dh_update_autotools_config does
      the right thing for us.
  * Update Standards-Version to 4.6.0; no changes required.
  * Add a superficial autopkgtest for smbk5pwd.
  * Stop disabling test060-mt-hot on ppc64el. The underlying kernel bug
    (#866122) is fixed in all relevant suites by now.

 -- Ryan Tandy <email address hidden> Fri, 27 Aug 2021 09:42:31 -0700

openldap (2.4.57+dfsg-3) unstable; urgency=medium

  * Link smbk5pwd with -lkrb5. (Closes: #988565)

 -- Ryan Tandy <email address hidden> Sat, 15 May 2021 16:03:34 -0700

openldap (2.4.57+dfsg-2) unstable; urgency=medium

  * Fix slapd assertion failure in Certificate List Exact Assertion validation
    (ITS#9454) (CVE-2021-27212)

 -- Ryan Tandy <email address hidden> Sun, 14 Feb 2021 09:26:41 -0800

openldap (2.4.57+dfsg-1) unstable; urgency=medium

  * New upstream release.
    - Fixed slapd crashes in Certificate Exact Assertion processing
      (ITS#9404, ITS#9424) (CVE-2020-36221)
    - Fixed slapd assertion failures in saslAuthzTo validation
      (ITS#9406, ITS#9407) (CVE-2020-36222)
    - Fixed slapd crash in Values Return Filter control handling
      (ITS#9408) (CVE-2020-36223)
    - Fixed slapd crashes in saslAuthzTo processing
      (ITS#9409, ITS#9412, ITS#9413)
      (CVE-2020-36224, CVE-2020-36225, CVE-2020-36226)
    - Fixed slapd assertion failure in X.509 DN parsing
      (ITS#9423) (CVE-2020-36230)
    - Fixed slapd crash in X.509 DN parsing (ITS#9425) (CVE-2020-36229)
    - Fixed slapd crash in Certificate List Exact Assertion processing
      (ITS#9427) (CVE-2020-36228)
    - Fixed slapd infinite loop with Cancel operation
      (ITS#9428) (CVE-2020-36227)

 -- Ryan Tandy <email address hidden> Sat, 23 Jan 2021 08:57:07 -0800

openldap (2.4.56+dfsg-1) unstable; urgency=medium

  * New upstream release.
    - Fixed slapd abort due to assertion failure in Certificate List syntax
      validation (ITS#9383) (CVE-2020-25709)
    - Fixed slapd abort due to assertion failure in CSN normalization with
      invalid input (ITS#9384) (CVE-2020-25710)

 -- Ryan Tandy <email address hidden> Wed, 11 Nov 2020 09:13:56 -0800

openldap (2.4.55+dfsg-1) unstable; urgency=medium

  * New upstream release.
    - Fixed slapd normalization handling with modrdn
      (ITS#9370) (CVE-2020-25692)

 -- Ryan Tandy <email address hidden> Tue, 27 Oct 2020 21:07:29 -0700

openldap (2.4.54+dfsg-1) unstable; urgency=medium

  * New upstream release.
  * Change upstream Homepage and get-orig-source URLs to HTTPS.
  * Create debian/gbp.conf.

 -- Ryan Tandy <email address hidden> Sun, 18 Oct 2020 16:03:46 +0000

openldap (2.4.53+dfsg-1) unstable; urgency=medium

  * New upstream release.

 -- Ryan Tandy <email address hidden> Mon, 07 Sep 2020 09:47:28 -0700

openldap (2.4.51+dfsg-1) unstable; urgency=medium

  * New upstream release.
    - Add ldap_parse_password_expiring_control to libldap-2.4-2.symbols.
  * Merge some changes from Ubuntu:
    - slapd.default, slapd.README.Debian: update to refer to slapd.d instead
      of slapd.conf.
    - debian/slapd.scripts-common: dump_databases: make slapcat_opts a local
      variable.
  * Drop paragraph about patch gnutls-altname-nulterminated (#465197) from
    slapd.README.Debian. The patch referred to was dropped in 2.4.7-6.
  * debian/patches/set-maintainer-name: Extract maintainer address dynamically
    from debian/control. (Closes: #960448)
  * Fix Torsten's email address in a historic debian/changelog entry to
    resolve a Lintian error (bogus-mail-host-in-debian-changelog).

### Old Ubuntu Delta ###

openldap (2.5.6+dfsg-1~exp1ubuntu1) impish; urgency=medium

  * Merge with Debian unstable. Remaining changes:
    - Enable AppArmor support:
      + d/apparmor-profile: add AppArmor profile
      + d/rules: use dh_apparmor
      + d/control: Build-Depends on dh-apparmor
      + d/slapd.README.Debian: add note about AppArmor
    - Enable ufw support:
      + d/control: suggest ufw.
      + d/rules: install ufw profile.
      + d/slapd.ufw.profile: add ufw profile.
    - d/{rules,slapd.py}: Add apport hook.
    - d/rules: better regexp to match the Maintainer tag in d/control,
      needed in the Ubuntu case because of XSBC-Original-Maintainer
      (Closes #960448, LP #1875697)

 -- Sergio Durigan Junior <email address hidden> Tue, 17 Aug 2021 14:06:00 -0400

See original description
Tags: needs-merge
Sergio Durigan Junior (sergiodj)
Changed in openldap (Ubuntu):
assignee: nobody → Sergio Durigan Junior (sergiodj)
Revision history for this message
Ryan Tandy (rtandy) wrote : Re: [Bug 1946883] [NEW] Merge openldap from Debian unstable for 22.04

FYI:

2.5.8 has just been released. I intend to package and upload it to experimental soon (time/spoons permitting).

2.6.0 should be released quite soon (currently in release candidate phase). If possible I would like to target this for the LTS. It includes another library transition (libldap-2.5-0 to libldap2).

Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

Absolutely, Ryan. The transition is something that I'm also planning to happen during the LTS cycle; I've even put January 20 as a tentative date to start the transition:

https://discourse.ubuntu.com/t/jj-release-schedule/23906

Let's see how this goes. Thanks for the heads up, though; much appreciated.

Bryce Harrington (bryce)
description: updated
Changed in openldap (Ubuntu):
milestone: none → ubuntu-21.12
Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

OpenLDAP 2.6.0 has been released 2 weeks ago.

FWIW, I talked to Ryan today and he told me that unfortunately there are some important regressions in this new release. This is the reason he hasn't uploaded 2.6 to experimental yet. There should be a new upstream release containing the fixes for these regressions soon (before EOY), and we should be able to upload it to Debian experimental by then.

Although we're going to have to go through a new transition, I'm not expecting major problems to arise because the list of changes introduce in 2.6.x is relatively small:

https://www.openldap.org/doc/admin26/guide.html#Changes%20Since%20Previous%20Release

Changed in openldap (Ubuntu):
milestone: ubuntu-21.12 → ubuntu-22.01
Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

Upstream has announced a test call for OpenLDAP 2.6.1:

https://<email address hidden>/thread/GT7JBMIC2EBBJACXTR2VANASZWIC25QE/

This means that the release is close. I've adjusted this bug's milestone to reflect the fact that I'm expecting the merge to happen next month.

Changed in openldap (Ubuntu):
milestone: ubuntu-22.01 → ubuntu-22.02
Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

Today, the OpenLDAP project announced that they're changing their release process in order to have LTS and Feature releases:

https://<email address hidden>/thread/2QQNVWPUUG54JM7FGQHMMF3H4KS2PPKQ/

They've also announced that OpenLDAP 2.5 will be their first LTS release (5 years of support).

With this in mind, Andreas and I briefly discussed and determined that, for Ubuntu Jammy (an LTS release), it makes sense to stick with OpenLDAP 2.5.x. Incidentally, OpenLDAP 2.5.11 has just been released and Ryan said he will work on updating the Debian OpenLDAP package soon.

This means that I will be merging OpenLDAP 2.5.11 from Debian, instead of 2.6.1. There won't be a transition involved.

Sergio Durigan Junior (sergiodj)
Changed in openldap (Ubuntu):
status: New → In Progress
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openldap - 2.5.11+dfsg-1~exp1ubuntu1

---------------
openldap (2.5.11+dfsg-1~exp1ubuntu1) jammy; urgency=medium

  * Merge with Debian unstable (LP: #1946883). Remaining changes:
    - Enable AppArmor support:
      + d/apparmor-profile: add AppArmor profile
      + d/rules: use dh_apparmor
      + d/control: Build-Depends on dh-apparmor
      + d/slapd.README.Debian: add note about AppArmor
    - Enable ufw support:
      + d/control: suggest ufw.
      + d/rules: install ufw profile.
      + d/slapd.ufw.profile: add ufw profile.
    - d/{rules,slapd.py}: Add apport hook.
    - d/rules: better regexp to match the Maintainer tag in d/control,
      needed in the Ubuntu case because of XSBC-Original-Maintainer
      (Closes #960448, LP #1875697)

 -- Sergio Durigan Junior <email address hidden> Tue, 25 Jan 2022 17:06:12 -0500

Changed in openldap (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.