Please merge openldap 2.4.40-4 (main) from Debian unstable (main)

Bug #1395098 reported by Peter Matulis on 2014-11-21
This bug affects 3 people
Affects Status Importance Assigned to Milestone
openldap (Ubuntu)

Bug Description

Debian unstable has openldap at version 2.4.40 but the version in the latest stable Ubuntu release (14.10) is 2.4.31 (released upstream in April 2012). A lot of bugs have been fixed since then [1].

Please put version 2.4.40 into the next release of Ubuntu (15.04).


summary: - [Utopic] OpenLDAP is outdated
+ [Utopic] OpenLDAP version is outdated

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in openldap (Ubuntu):
status: New → Confirmed
Robie Basak (racb) on 2014-12-01
tags: added: upgrade-software-version
Ryan Tandy (rtandy) on 2014-12-21
Changed in openldap (Ubuntu):
status: Confirmed → In Progress
assignee: nobody → Ryan Tandy (rtandy)
Ryan Tandy (rtandy) wrote :

Hello server team, hello sponsors,

Please consider reviewing and sponsoring the attached openldap merge.

Build/test results:

I would be happy to answer questions or address any comments.

Thank you!

tags: added: patch
Ryan Tandy (rtandy) wrote :


We are going to do another Debian upload to fix two bugs described here:

I'll rebase this merge on top of that once it's finalized.

Ryan Tandy (rtandy) wrote :

Rebased, sorry it took me a while to get to this.

I guess this has missed freeze for 15.04 now, but I'd still welcome reviews in case changes are needed before getting it merged next cycle.

Packages for testing are in ppa:rtandy/lp1395098.

summary: - [Utopic] OpenLDAP version is outdated
+ Please merge openldap 2.4.40-4 (main) from Debian unstable (main)
Changed in openldap (Ubuntu):
assignee: Ryan Tandy (rtandy) → nobody
status: In Progress → Confirmed
Ryan Tandy (rtandy) wrote :

Unsubscribed sponsors for now. Needs rebasing again for Ubuntu changes, and there will probably be another Debian upload too. I'll try again for W.

Changed in openldap (Ubuntu):
assignee: nobody → Ryan Tandy (rtandy)
status: Confirmed → In Progress
Ryan Tandy (rtandy) wrote :

Hello sponsors, hello server team,

(OK, let's try this again...)

Here is an updated rebase of openldap on to current Debian unstable.

A test build can be seen in my PPA:

orig.tar.gz can be downloaded from there too:

Please consider reviewing and uploading this. Thank you!

Ryan Tandy (rtandy) wrote :
Ryan Tandy (rtandy) wrote :
Ryan Tandy (rtandy) wrote :
Changed in openldap (Ubuntu):
assignee: Ryan Tandy (rtandy) → nobody
status: In Progress → Confirmed
Ryan Tandy (rtandy) wrote :

oh, for crying out loud. I added "* Enable the mdb backend again on ppc64el ...", but didn't drop " * Disable mdb backend ..." from the "Remaining changes" section... :)

leaving it alone for now, anyway, in case a reviewer spots something else I need to fix.

Marc Deslauriers (mdeslaur) wrote :

ACK on the merge. Thanks!

I've uploaded it to wily with a couple of changes:
- removed the extra "Disable mdb backend..." from changelog
- removed "d/slapd.dirs: add etc/apparmor.d/force-complain" from changelog, as it looks like that hasn't actually been done in a long time.


Changed in openldap (Ubuntu):
status: Confirmed → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (10.3 KiB)

This bug was fixed in the package openldap - 2.4.40+dfsg-1ubuntu1

openldap (2.4.40+dfsg-1ubuntu1) wily; urgency=low

  * Merge from Debian testing (LP: #1395098, LP: #1316124). Remaining changes:
    - Enable AppArmor support:
      - d/apparmor-profile: add AppArmor profile
      - d/rules: use dh_apparmor
      - d/control: Build-Depends on dh-apparmor
      - d/slapd.README.Debian: add note about AppArmor
    - Enable GSSAPI support:
      - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
        - Add --with-gssapi support
        - Make guess_service_principal() more robust when determining
      - d/configure.options: Configure with --with-gssapi
      - d/control: Added heimdal-dev as a build depend
    - Enable ufw support:
      - d/control: suggest ufw.
      - d/rules: install ufw profile.
      - d/slapd.ufw.profile: add ufw profile.
    - Enable nss overlay:
      - d/{patches/nssov-build,rules}: Apply, build and package the
        nss overlay.
    - d/{rules,}: Add apport hook.
    - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
      either the default DIT nor via an Authn mapping.
    - d/slapd.scripts-common:
      - add slapcat_opts to local variables.
      - Remove unused variable new_conf.
      - Fix backup directory naming for multiple reconfiguration.
    - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
    - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
      in the openldap library, as required by Likewise-Open
    - Show distribution in version:
      - d/control: added lsb-release
      - d/patches/fix-ldap-distribution.patch: show distribution in version
  * Drop patches included upstream:
    - d/patches/0001-ITS-7430-GnuTLS-Avoid-use-of-deprecated-function.patch
    - d/patches/bdb-deadlock.patch
    - d/patches/its-7354-fix-delta-sync-mmr.diff
  * Drop hardening-wrapper as Debian now sets PIE and bindnow flags.
  * debian/patches/nssov-build: Adjust for upstream changes.
  * debian/apparmor-profile:
    - Change 'r' to 'rw' for ldapi and nslcd sockets, required for apparmor
      kernel ABI v7 (utopic and later). (LP: #1392018)
    - Reduce permissions on /run/nslcd to just the nslcd socket.
  * Enable the mdb backend again on ppc64el, fixed upstream in ITS#7713.
    (LP: #1293250)

openldap (2.4.40+dfsg-1) unstable; urgency=medium

  * Remove inetorgperson.schema from the upstream source. Replace it with a
    copy stripped of RFC text. (Closes: #780283)
  * Adjust debian/watch for +dfsg versioning.
  * debian/patches/ITS7975-fix-mdb-onelevel-search.patch: Import upstream
    patch to fix scope=onelevel searches wrongly including the search base in
    results under the MDB backend. (ITS#7975) (Closes: #782212)

openldap (2.4.40-4) unstable; urgency=medium

  * debian/patches/ITS8027-deref-reject-empty-attr-list.patch: Import upstream
    patch to fix a crash when a search includes the Deref control with an
    empty attribute list. (ITS#8027) (CVE-2015-1545, Closes: #776988)
  * debian/patches/ITS8046-fix-vrFilter_free-crash.patch: Import upstream
    patch to fix a double free triggered by...

Changed in openldap (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Related questions