Merge openldap from Debian unstable for mantic

Upstream: tbd
Debian: 2.5.13+dfsg-5 2.6.4+dfsg-1~exp1
Ubuntu: 2.6.3+dfsg-1~exp1ubuntu2

Debian new has 2.6.4+dfsg-1~exp1, which may be available for merge soon.

If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired.

### New Debian Changes ###

openldap (2.5.13+dfsg-5) unstable; urgency=medium

  * Fix sha2-contrib autopkgtest failure. Call slappasswd using its full path.
    (Closes: #1030814)
  * Disable flaky test test069-delta-multiprovider-starttls.

 -- Ryan Tandy <email address hidden> Tue, 07 Feb 2023 17:56:12 -0800

openldap (2.5.13+dfsg-4) unstable; urgency=medium

  [ Andreas Hasenack ]
  * d/rules: Fix passwd/sha2 build (Closes: #1030716, LP: #2000817)
  * d/t/sha2-contrib: add test for sha2 module

 -- Ryan Tandy <email address hidden> Mon, 06 Feb 2023 19:21:05 -0800

openldap (2.5.13+dfsg-3) unstable; urgency=medium

  [ Ryan Tandy ]
  * Disable flaky test test063-delta-multiprovider. Mitigates #1010608.

  [ Gioele Barabucci ]
  * slapd.scripts-common: Avoid double-UTF8-encoding org name (Closes: #1016185)
  * d/slapd.scripts-common: Remove outdated `migrate_to_slapd_d_style`
  * d/slapd.postinst: Remove test for ancient version
  * slapd.scripts-common: Remove unused `normalize_ldif`
  * d/slapd.scripts-common: Use sed instead of perl in `release_diagnostics`

 -- Ryan Tandy <email address hidden> Fri, 13 Jan 2023 16:29:59 -0800

openldap (2.5.13+dfsg-2) unstable; urgency=medium

  * d/tests/smbk5pwd: Grant slapd access to /var/lib/heimdal-kdc. Fixes the
    autopkgtest failure due to heimdal setting mode 700 on this directory.
    (Closes: #1020442)
  * d/source/lintian-overrides: Add wildcards to make overrides compatible
    with both older and newer versions of lintian.
  * d/slapd-contrib.lintian-overrides: Remove unused
    custom-library-search-path override now that krb5-config no longer sets
    -rpath.

 -- Ryan Tandy <email address hidden> Sat, 24 Sep 2022 12:40:21 -0700

openldap (2.5.13+dfsg-1) unstable; urgency=medium

  * d/rules: Remove get-orig-source, now unnecessary.
  * Check PGP signature when running uscan.
  * d/watch: Modernize watch file; use repacksuffix.
  * d/copyright: Update according to DEP-5.
  * d/control: Add myself to Uploaders.
  * New upstream release.

 -- Sergio Durigan Junior <email address hidden> Sun, 18 Sep 2022 18:29:46 -0400

openldap (2.5.12+dfsg-2) unstable; urgency=medium

  * Stop slapd explicitly in prerm as a workaround for #1006147, which caused
    dpkg-reconfigure to not restart the service, so the new configuration was
    not applied. See also #994204. (Closes: #1010971)

 -- Ryan Tandy <email address hidden> Mon, 23 May 2022 10:14:53 -0700

openldap (2.5.12+dfsg-1) unstable; urgency=medium

  * New upstream release.
    - Fixed SQL injection in back-sql (ITS#9815) (CVE-2022-29155)
  * Update debconf translations:
    - German, thanks to Helge Kreutzmann. (Closes: #1007728)
    - Spanish, thanks to Camaleón. (Closes: #1008529)
    - Dutch, thanks to Frans Spiesschaert. (Closes: #1010034)

 -- Ryan Tandy <email address hidden> Wed, 04 May 2022 18:00:16 -0700

openldap (2.5.11+dfsg-1) unstable; urgency=medium

  * Upload to unstable.

 -- Ryan Tandy <email address hidden> Fri, 11 Mar 2022 19:38:02 -0800

openldap (2.5.11+dfsg-1~exp1) experimental; urgency=medium

  * New upstream release.
  * Add openssl to Build-Depends to enable more checks in test067-tls.
  * Update slapd-contrib's custom-library-search-path override to work with
    current Lintian.

 -- Ryan Tandy <email address hidden> Sun, 23 Jan 2022 17:16:05 -0800

openldap (2.5.8+dfsg-1~exp1) experimental; urgency=medium

  * New upstream release.
  * Update slapd-contrib's custom-library-search-path override to work with
    Lintian 2.108.0.

 -- Ryan Tandy <email address hidden> Wed, 13 Oct 2021 18:42:55 -0700

openldap (2.5.7+dfsg-1~exp1) experimental; urgency=medium

  * New upstream release.
  * Don't run autoreconf in contrib/ldapc++. We don't build it, and it is not

### Old Ubuntu Delta ###

openldap (2.6.3+dfsg-1~exp1ubuntu2) lunar; urgency=medium

  * Build the passwd/sha2 contrib module with -fno-strict-aliasing to
    avoid computing an incorrect SHA256 hash with some versions of the
    compiler (LP: #2000817):
    - d/t/{control,sha2-contrib}: test to verify the SHA256 hash
      produced by passwd/sha2
    - d/rules: set -fno-strict-aliasing only when building the
      passwd/sha2 contrib module
  * d/t/smbk5pwd: Allow the openldap user to read the Heimdal master key in the
    smbk5pwd DEP8 test (LP: #2004560)

 -- Andreas Hasenack <email address hidden> Fri, 03 Feb 2023 09:33:14 -0300

openldap (2.6.3+dfsg-1~exp1ubuntu1) lunar; urgency=medium

  * Merge with Debian unstable (LP: #1993426). Remaining changes:
    - Enable AppArmor support:
      + d/apparmor-profile: add AppArmor profile
      + d/rules: use dh_apparmor
      + d/control: Build-Depends on dh-apparmor
      + d/slapd.README.Debian: add note about AppArmor
    - Enable ufw support:
      + d/control: suggest ufw.
      + d/rules: install ufw profile.
      + d/slapd.ufw.profile: add ufw profile.
    - d/{rules,slapd.py}: Add apport hook.
    - d/rules: better regexp to match the Maintainer tag in d/control,
      needed in the Ubuntu case because of XSBC-Original-Maintainer
      (Closes #960448, LP #1875697)
  * Drop changes:
    - Enable SASL/GSSAPI tests. (LP #1976508)
      + d/control: Update B-D to include required dependencies needed to run
        SASL/GSSAPI tests during build time, and mark them '!nocheck'.
      Thanks: Andreas Hasenack <email address hidden>
      [ Incorporated by Debian. ]

 -- Sergio Durigan Junior <email address hidden> Fri, 18 Nov 2022 16:07:45 -0500