[ Steve Langasek ] * Fix up the lintian warnings: - add missing misc-depends on all packages - slapd, libldap-2.4-2-dbg sections changed to 'debug' to match archive overrides - bump Standards-Version to 3.8.2, no changes required.
[ Mathias Gug ] * Resynchronise with Debian. Remaining changes: - AppArmor support: - debian/apparmor-profile: add AppArmor profile - updated debian/slapd.README.Debian for note on AppArmor - debian/slapd.dirs: add etc/apparmor.d/force-complain - debian/slapd.postrm: remove symlink in force-complain/ on purge - debian/rules: install apparmor profile. - Don't use local statement in config script as it fails if /bin/sh points to bash. - debian/slapd.postinst, debian/slapd.script-common: set correct ownership and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group readable) and /var/run/slapd (world readable). - Enable nssoverlay: - debian/patches/nssov-build, debian/rules: Build and package the nss overlay. - debian/schema/misc.ldif: add ldif file for the misc schema which defines rfc822MailMember (required by the nss overlay). - debian/{control,rules}: enable PIE hardening - Use cn=config as the default configuration backend instead of slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade asking the end user to enter a new password to control the access to the cn=config tree. - debian/slapd.postinst: create /var/run/slapd before updating its permissions. - debian/slapd.init: Correctly set slapd config backend option even if the pidfile is configured in slapd default file. * Dropped: - Merged in Debian: - Update priority of libldap-2.4-2 to match the archive override. - Add the missing ldapexop and ldapurl tools to ldap-utils, as well as the ldapurl(1) manpage. - Bump build-dependency on debhelper to 6 instead of 5, since that's what we're using. - Set the default SLAPD_SERVICES to ldap:/// ldapi:///, instead of using the built-in default of ldap:/// only. - Fixed in upstream release: - debian/patches/fix-ldap_back_entry_get_rwa.patch: fix test-0034 failure when built with PIE. - debian/patches/gnutls-enable-v1-ca-certs: Enable V1 CA certs to be trusted. - Update Apparmor profile support: don't support upgrade from pre-hardy systems: - debian/slapd.postinst: Reload AA profile on configuration - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6 - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4 to make sure that if earlier version of apparmor-profiles gets installed it won't overwrite our profile. - follow ApparmorProfileMigration and force apparmor complain mode on some upgrades - debian/slapd.preinst: create symlink for force-complain on pre-feisty upgrades, upgrades where apparmor-profiles profile is unchanged (ie non-enforcing) and upgrades where apparmor profile does not exist. - debian/patches/autogen.sh: no longer needed with karmic libtool. - Call libtoolize with the --install option to install config.{guess,sub} files.