-
Committer:
Bazaar Package Importer
-
Author(s):
Mathias Gug, Steve Langasek, Mathias Gug
-
Date:
2009-07-30 16:42:58 UTC
-
mfrom:
(0.2.4 sid)
-
Revision ID:
james.westby@ubuntu.com-20090730164258-r282hhchgzytxm00
Tags: 2.4.17-1ubuntu1
[ Steve Langasek ]
* Fix up the lintian warnings:
- add missing misc-depends on all packages
- slapd, libldap-2.4-2-dbg sections changed to 'debug' to match archive
overrides
- bump Standards-Version to 3.8.2, no changes required.
[ Mathias Gug ]
* Resynchronise with Debian. Remaining changes:
- AppArmor support:
- debian/apparmor-profile: add AppArmor profile
- updated debian/slapd.README.Debian for note on AppArmor
- debian/slapd.dirs: add etc/apparmor.d/force-complain
- debian/slapd.postrm: remove symlink in force-complain/ on purge
- debian/rules: install apparmor profile.
- Don't use local statement in config script as it fails if /bin/sh
points to bash.
- debian/slapd.postinst, debian/slapd.script-common: set correct
ownership and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group
readable) and /var/run/slapd (world readable).
- Enable nssoverlay:
- debian/patches/nssov-build, debian/rules: Build and package the nss
overlay.
- debian/schema/misc.ldif: add ldif file for the misc schema which
defines rfc822MailMember (required by the nss overlay).
- debian/{control,rules}: enable PIE hardening
- Use cn=config as the default configuration backend instead of
slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade
asking the end user to enter a new password to control the access to
the cn=config tree.
- debian/slapd.postinst: create /var/run/slapd before updating its
permissions.
- debian/slapd.init: Correctly set slapd config backend option even if
the pidfile is configured in slapd default file.
* Dropped:
- Merged in Debian:
- Update priority of libldap-2.4-2 to match the archive override.
- Add the missing ldapexop and ldapurl tools to ldap-utils, as well as
the ldapurl(1) manpage.
- Bump build-dependency on debhelper to 6 instead of 5, since that's
what we're using.
- Set the default SLAPD_SERVICES to ldap:/// ldapi:///, instead of using
the built-in default of ldap:/// only.
- Fixed in upstream release:
- debian/patches/fix-ldap_back_entry_get_rwa.patch: fix test-0034
failure when built with PIE.
- debian/patches/gnutls-enable-v1-ca-certs: Enable V1 CA certs to be
trusted.
- Update Apparmor profile support: don't support upgrade from pre-hardy
systems:
- debian/slapd.postinst: Reload AA profile on configuration
- debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
- debian/control: Conflicts with apparmor-profiles <<
2.1+1075-0ubuntu4 to make sure that if earlier version of
apparmor-profiles gets installed it won't overwrite our profile.
- follow ApparmorProfileMigration and force apparmor complain mode on
some upgrades
- debian/slapd.preinst: create symlink for force-complain on
pre-feisty upgrades, upgrades where apparmor-profiles profile is
unchanged (ie non-enforcing) and upgrades where apparmor profile
does not exist.
- debian/patches/autogen.sh: no longer needed with karmic libtool.
- Call libtoolize with the --install option to install
config.{guess,sub} files.