Merge openldap from Debian unstable for kinetic

Upstream: tbd
Debian: 2.5.11+dfsg-1
Ubuntu: 2.5.11+dfsg-1~exp1ubuntu3

Debian does new releases regularly, so it's likely there will be newer versions available before FF that we can pick up if this merge is done later in the cycle.

### New Debian Changes ###

openldap (2.5.11+dfsg-1) unstable; urgency=medium

  * Upload to unstable.

 -- Ryan Tandy <email address hidden> Fri, 11 Mar 2022 19:38:02 -0800

openldap (2.5.11+dfsg-1~exp1) experimental; urgency=medium

  * New upstream release.
  * Add openssl to Build-Depends to enable more checks in test067-tls.
  * Update slapd-contrib's custom-library-search-path override to work with
    current Lintian.

 -- Ryan Tandy <email address hidden> Sun, 23 Jan 2022 17:16:05 -0800

openldap (2.5.8+dfsg-1~exp1) experimental; urgency=medium

  * New upstream release.
  * Update slapd-contrib's custom-library-search-path override to work with
    Lintian 2.108.0.

 -- Ryan Tandy <email address hidden> Wed, 13 Oct 2021 18:42:55 -0700

openldap (2.5.7+dfsg-1~exp1) experimental; urgency=medium

  * New upstream release.
  * Don't run autoreconf in contrib/ldapc++. We don't build it, and it is not
    yet compatible with autoconf 2.71. (Closes: #993032)
  * Stop disabling automake in debian/rules now that upstream removed the
    AM_INIT_AUTOMAKE invocation.
  * Drop custom config.{guess,sub} handling. dh_update_autotools_config does
    the right thing for us.
  * Update Standards-Version to 4.6.0; no changes required.
  * debian/not-installed: Add the ldapvc.1 man page.

 -- Ryan Tandy <email address hidden> Mon, 30 Aug 2021 18:54:25 -0700

openldap (2.5.6+dfsg-1~exp1) experimental; urgency=medium

  [ Ryan Tandy ]
  * New upstream release.
  * Export the cn=config database to LDIF format before upgrading from 2.4.
  * slapd.README.Debian:
    - Remove text about the dropped evolution-ntlm patch.
    - Add guidance for recovering from upgrade failures.
  * Remove the debconf warning and README text about the unsafe ACL configured
    by default in versions before jessie.
  * Remove upgrade code for adding the pwdMaxRecordedFailure attribute to the
    ppolicy schema. It's obsolete since the schema has been internalized.

  [ Sergio Durigan Junior ]
  * Implement the 'escape hatch' mechanism.
    - d/po/*.po: Update PO files given the new template note.
    - d/po/templates.pot: Update file.
    - d/slapd.templates: Add note warning user about a postinst failure,
      its possible cause and what to do.
    - d/slapd.postinst: Make certain upgrade functions return failure
      instead of exiting, which allows the postinst script to gracefully
      fail when applicable. Also, when the general configuration upgrade
      fails, display a critical warning to the user. Implement
      ignore_init_failure function.
    - d/slapd.prerm: Implement ignore_init_failure function.
    - d/slapd.scripts-common: Make certain functions return failure
      instead of exiting.
    - d/rules: Use dh_installinit's --error-handler to instruct it on how
      to handle possible errors with the init script.
    - d/slapd.NEWS: Add excerpt mentioning that the postinst script might
      error out if it can't migrate the existing (old) database backend.

 -- Ryan Tandy <email address hidden> Mon, 16 Aug 2021 18:32:29 -0700

openldap (2.5.5+dfsg-1~exp1) experimental; urgency=medium

  * New upstream release.
    - Drop patches applied upstream: ITS#9544, ITS#9548.
  * Mark slapd-contrib as breaking the old version of slapd to reduce the
    chance of upgrade failure due to slapd-contrib being unpacked first.

 -- Ryan Tandy <email address hidden> Fri, 11 Jun 2021 11:43:15 -0700

openldap (2.5.4+dfsg-1~exp1) experimental; urgency=medium

  * New upstream release.
    - Changing olcAuthzRegexp dynamically is supported. (Closes: #761407)
    - Support for LANMAN password hashes has been removed. (Closes: #988033)
    - Added pkg-config files for liblber and libldap. (Closes: #670824)
    - libldap_r has been merged into libldap. The Debian package will continue
      to install a libldap_r.so symlink for backwards compatibility with
      applications that still link with -lldap_r.
    - The Berkeley DB backends, slapd-bdb(5) and slapd-hdb(5), have been
      removed.
    - The shell backend, slapd-shell(5), has been removed.
    - New backend: slapd-asyncmeta(5).
    - New core overlays: slapd-homedir(5), slapd-otp(5), and
      slapd-remoteauth(5).
    - The ppolicy schema has been merged into the slapo-ppolicy(5) module.
    - The argon2 password module has been promoted from contrib to core.
  * Add a superficial autopkgtest for smbk5pwd.
  * Update Standards-Version to 4.5.1; no changes needed.
  * Upgrade to debhelper compat level 12.

### Old Ubuntu Delta ###

openldap (2.5.11+dfsg-1~exp1ubuntu3) jammy; urgency=medium

  * No-change rebuild to update maintainer scripts, see LP: 1959054

 -- Dave Jones <email address hidden> Wed, 16 Feb 2022 17:15:26 +0000

openldap (2.5.11+dfsg-1~exp1ubuntu2) jammy; urgency=medium

  * No-change rebuild for the perl update.

 -- Matthias Klose <email address hidden> Mon, 07 Feb 2022 07:51:42 +0100

openldap (2.5.11+dfsg-1~exp1ubuntu1) jammy; urgency=medium

  * Merge with Debian unstable (LP: #1946883). Remaining changes:
    - Enable AppArmor support:
      + d/apparmor-profile: add AppArmor profile
      + d/rules: use dh_apparmor
      + d/control: Build-Depends on dh-apparmor
      + d/slapd.README.Debian: add note about AppArmor
    - Enable ufw support:
      + d/control: suggest ufw.
      + d/rules: install ufw profile.
      + d/slapd.ufw.profile: add ufw profile.
    - d/{rules,slapd.py}: Add apport hook.
    - d/rules: better regexp to match the Maintainer tag in d/control,
      needed in the Ubuntu case because of XSBC-Original-Maintainer
      (Closes #960448, LP #1875697)

 -- Sergio Durigan Junior <email address hidden> Tue, 25 Jan 2022 17:06:12 -0500