[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#933507: RFS: openldap/2.4.48+dfsg-1~bpo10+1

Package: sponsorship-requests
Severity: normal

Dear mentors and backporters,

I am looking for a sponsor to perform the initial upload of openldap to buster-backports, since it will be NEW. I am DM for the package and can take care of future uploads myself.

Rationale for backporting: while the client library (libldap) is mature and stable, the OpenLDAP server (slapd) is more actively developed, so advanced slapd users often prefer to run the latest upstream version.

The backport is a simple rebuild; no changes are needed to build in buster at this time.

The package can be found on mentors.debian.net:


The changes since stable are:

openldap (2.4.48+dfsg-1~bpo10+1) buster-backports; urgency=medium
  * Rebuild for buster-backports.
openldap (2.4.48+dfsg-1) unstable; urgency=medium
  * New upstream release.
    - fixed slapd to restrict rootDN proxyauthz to its own databases
      (CVE-2019-13057) (ITS#9038) (Closes: #932997)
    - fixed slapd to enforce sasl_ssf ACL statement on every connection
      (CVE-2019-13565) (ITS#9052) (Closes: #932998)
    - added new openldap.h header with OpenLDAP specific libldap interfaces
    - updated lastbind overlay to support forwarding authTimestamp updates
      (ITS#7721) (Closes: #880656)
  * Update Standards-Version to 4.4.0.
  * Add a systemd drop-in to set RemainAfterExit=no on the slapd service, so
    that systemd marks the service as dead after it crashes or is killed.
    Thanks to Heitor Alves de Siqueira. (Closes: #926657, LP: #1821343)
  * Use more entropy for generating a random admin password, if none was set
    during initial configuration. Thanks to Judicael Courant.
    (Closes: #932270)
  * Replace debian/rules calls to dpkg-architecture and dpkg-parsechangelog
    with variables provided by dpkg-dev includes.
  * Declare R³: no.
  * Create a simple autopkgtest that tests installing slapd and connecting to
    it with an ldap tool.
  * Install the new openldap.h header in libldap2-dev.

Thank you,

Reply to: