Bug#870760: RFS: openldap/2.4.45+dfsg-1~bpo9+1
Dear mentors and backporters,
I am looking for a sponsor to upload openldap to stretch-backports. I
have built and tested the package in a clean stretch chroot.
While the libraries and tools are fairly stable, the server (slapd) is
more of a moving target, and users often request to be able to run the
latest upstream version on stable. I have maintained openldap backports
in wheezy-bpo and jessie-bpo for the same reason.
The source package can be found on mentors.d.n:
This upload will be NEW in stretch-backports. The changes since the
version in stretch are listed below.
Thanks for considering,
openldap (2.4.45+dfsg-1~bpo9+1) stretch-backports; urgency=medium
* Rebuild for stretch-backports.
* Revert "Fix build with Heimdal 7.2.0" as stretch contains a lower version
-- Ryan Tandy <firstname.lastname@example.org> Wed, 02 Aug 2017 09:05:55 -0700
openldap (2.4.45+dfsg-1) unstable; urgency=medium
* New upstream release.
- fixed a use-after-free in GnuTLS options handling
(ITS#8385) (Closes: #820244) (LP: #1557248)
- fixed unsafe concurrent SASL calls causing memory corruption
(ITS#8648) (Closes: #860947) (LP: #1688575)
- fixed syncrepl infinite looping with multi-master delta-syncrepl
(ITS#8432) (Closes: #868753)
* Rebase patches to apply cleanly:
* Drop patches applied upstream:
* Upgrade to debhelper compat level 10.
- Depend on debhelper 10.
- Stop enabling parallel and autoreconf explicitly. They are now enabled
- Drop dh-autoreconf from build-depends since debhelper requires it.
* Add -Wno-format-extra-args to CFLAGS to reduce the noise in the build
logs, as this warning is emitted on each use of the Debug() macro.
* Drop libldap-2.4-4-dbg and slapd-dbg binary packages in favour of
automatic dbgsym packages.
* Update Standards-Version to 4.0.0; no changes required.
* Drop Priority and Section from binary package stanzas when they only
duplicate information from the source stanza.
* Update Priority of slapd-smbk5pwd and libldap2-dev to optional to match
* Remove retired developer, Roland Bauerschmidt, from Uploaders.
* Remove Timo Aaltonen from Uploaders, with his agreement.
If gnutls_handshake() returns EAGAIN, call it again. Fixes TLS handshake
failures when the ServerHello message exceeds 16K.
(ITS#8650) (Closes: #861838)
* Drop time from Build-Depends. The upstream testsuite no longer calls it.
-- Ryan Tandy <email@example.com> Thu, 27 Jul 2017 18:04:41 -0700
openldap (2.4.44+dfsg-8) unstable; urgency=medium
* Disable test060-mt-hot on ppc64el temporarily to avoid failing tests until
the underlying kernel bug #866122 is fixed.
* Fix FTBFS with Heimdal 7.2.0: Drop patch heimdal-fix as the
hdb_generate_key_set_password change was reverted in heimdal. Depend on an
appropriate minimum version of heimdal.
-- Ryan Tandy <firstname.lastname@example.org> Sun, 16 Jul 2017 12:57:41 -0700
openldap (2.4.44+dfsg-7) unstable; urgency=medium
* Relax the dependency of libldap-2.4-2 on libldap-common to also permit
later versions. (Closes: #860774)
-- Ryan Tandy <email@example.com> Tue, 27 Jun 2017 18:53:12 -0700
openldap (2.4.44+dfsg-6) unstable; urgency=medium
* Update the list of non-translatable strings for the
slapd/ppolicy_schema_needs_update template. Thanks Ferenc Wágner.
* Fix upgrade failure when olcSuffix contains a backslash. (Closes: #864719)
-- Ryan Tandy <firstname.lastname@example.org> Mon, 26 Jun 2017 19:42:02 -0700