Bug#933507: RFS: openldap/2.4.48+dfsg-1~bpo10+1
Dear mentors and backporters,
I am looking for a sponsor to perform the initial upload of openldap to
buster-backports, since it will be NEW. I am DM for the package and can
take care of future uploads myself.
Rationale for backporting: while the client library (libldap) is mature
and stable, the OpenLDAP server (slapd) is more actively developed, so
advanced slapd users often prefer to run the latest upstream version.
The backport is a simple rebuild; no changes are needed to build in
buster at this time.
The package can be found on mentors.debian.net:
The changes since stable are:
openldap (2.4.48+dfsg-1~bpo10+1) buster-backports; urgency=medium
* Rebuild for buster-backports.
openldap (2.4.48+dfsg-1) unstable; urgency=medium
* New upstream release.
- fixed slapd to restrict rootDN proxyauthz to its own databases
(CVE-2019-13057) (ITS#9038) (Closes: #932997)
- fixed slapd to enforce sasl_ssf ACL statement on every connection
(CVE-2019-13565) (ITS#9052) (Closes: #932998)
- added new openldap.h header with OpenLDAP specific libldap interfaces
- updated lastbind overlay to support forwarding authTimestamp updates
(ITS#7721) (Closes: #880656)
* Update Standards-Version to 4.4.0.
* Add a systemd drop-in to set RemainAfterExit=no on the slapd service, so
that systemd marks the service as dead after it crashes or is killed.
Thanks to Heitor Alves de Siqueira. (Closes: #926657, LP: #1821343)
* Use more entropy for generating a random admin password, if none was set
during initial configuration. Thanks to Judicael Courant.
* Replace debian/rules calls to dpkg-architecture and dpkg-parsechangelog
with variables provided by dpkg-dev includes.
* Declare R³: no.
* Create a simple autopkgtest that tests installing slapd and connecting to
it with an ldap tool.
* Install the new openldap.h header in libldap2-dev.