[ Steve Langasek ] * Update priority of libldap-2.4-2 to match the archive override. * Add the missing ldapexop and ldapurl tools to ldap-utils, as well as the ldapurl(1) manpage. Thanks to Peter Marschall for the patch. Closes: #496749. * Bump build-dependency on debhelper to 6 instead of 5, since that's what we're using. Closes: #498116. * Set the default SLAPD_SERVICES to ldap:/// ldapi:///, instead of using the built-in default of ldap:/// only.
[ Mathias Gug ] * Merge from debian unstable, remaining changes: - Modify Maintainer value to match the DebianMaintainerField speficication. - AppArmor support: - debian/apparmor-profile: add AppArmor profile - debian/slapd.postinst: Reload AA profile on configuration - updated debian/slapd.README.Debian for note on AppArmor - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6 - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4 to make sure that if earlier version of apparmour-profiles gets installed it won't overwrite our profile. - follow ApparmorProfileMigration and force apparmor compalin mode on some upgrades (LP: #203529) - debian/slapd.dirs: add etc/apparmor.d/force-complain - debian/slapd.preinst: create symlink for force-complain on pre-feisty upgrades, upgrades where apparmor-profiles profile is unchanged (ie non-enforcing) and upgrades where apparmor profile does not exist. - debian/slapd.postrm: remove symlink in force-complain/ on purge - debian/control: - Build-depend on libltdl7-dev rather then libltdl3-dev. - debian/patches/autogen.sh: - Call libtoolize with the --install option to install config.{guess,sub} files. - Don't use local statement in config script as it fails if /bin/sh points to bash (LP: #286063). - Disable the testsuite on hppa. Allows building of packages on this architecture again, once this package is in the archive. LP: #288908. - debian/slapd.postinst, debian/slapd.script-common: set correct ownership and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group readable) and /var/run/slapd (world readable). (LP: #257667). - Enable nssoverlay: - debian/patches/nssov-build, debian/rules: Build and package the nss overlay. - debian/schema/misc.ldif: add ldif file for the misc schema which defines rfc822MailMember (required by the nss overlay). - debian/{control,rules}: enable PIE hardening - Use cn=config as the default configuration backend instead of slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade asking the end user to enter a new password to control the access to the cn=config tree. * Dropped: - debian/patches/corrupt-contextCSN: The contextCSN can get corrupted at times. (ITS: #5947) Fixed in new upstream version 2.4.15. - debian/patches/fix-ucred-libc due to changes how newer glibc handle the ucred struct now. Implemented in Debian. * debian/patches/fix-ldap_back_entry_get_rwa.patch: fix test-0034 failure when built with PIE. * debian/patches/gnutls-enable-v1-ca-certs: Enable V1 CA certs to be trusted (LP: #305264).