enterprise-support team mailing list archive

Thread
Date

[Bug 1909748] Re: Apparmor profile improvements for letsencrypt

To: enterprise-support@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1909748@xxxxxxxxxxxxxxxxxx>
Date: Wed, 06 Jan 2021 07:35:41 -0000
Reply-to: Bug 1909748 <1909748@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This bug was fixed in the package openldap - 2.4.56+dfsg-1ubuntu1

---------------
openldap (2.4.56+dfsg-1ubuntu1) hirsute; urgency=medium

  * Merge with Debian unstable. Remaining changes:
    - Enable AppArmor support:
      + d/apparmor-profile: add AppArmor profile
      + d/rules: use dh_apparmor
      + d/control: Build-Depends on dh-apparmor
      + d/slapd.README.Debian: add note about AppArmor
    - Enable GSSAPI support (first added in 2.4.18-0ubuntu2):
      + d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
        - Add --with-gssapi support
        - Make guess_service_principal() more robust when determining
          principal
      + d/configure.options: Configure with --with-gssapi
      + d/control: Added heimdal-dev as a build depend
      + d/rules:
        - Explicitly add -I/usr/include/heimdal to CFLAGS.
        - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
      + d/libldap-2.4-2.symbols: add symbols for GSSAPI support
      This should be dropped when the soname changes.
    - Enable ufw support:
      + d/control: suggest ufw.
      + d/rules: install ufw profile.
      + d/slapd.ufw.profile: add ufw profile.
    - Enable nss overlay:
      + d/rules:
        - add nssov to CONTRIB_MODULES
        - add sysconfdir to CONTRIB_MAKEVARS
      + d/slapd.install: install nssov overlay
      + d/slapd.manpages: install slapo-nssov(5) man page
      + d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
        Debian bug #919136, we also have to patch the nssov makefile
        accordingly and thus update this patch.
    - d/{rules,slapd.py}: Add apport hook.
    - Add support for CLDAP (UDP) support, back then required by
      likewise-open (first enabled in 2.4.17-1ubuntu2):
      + d/rules: Enable -DLDAP_CONNECTIONLESS
      + d/libldap-2.4-2.symbols: add symbols for CLDAP (UDP)
      This should be dropped when the soname changes.
    - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because
      of test timing issue.
    - d/rules: better regexp to match the Maintainer tag in d/control,
      needed in the Ubuntu case because of XSBC-Original-Maintainer
      (Closes #960448, LP #1875697)
  * d/apparmor-profile: use abstractions/ssl_keys instead of manual rules,
    allows letsencrypt to work. Thanks to Paul McEnery (LP: #1909748)

 -- Paride Legovini <paride.legovini@xxxxxxxxxxxxx>  Mon, 04 Jan 2021
16:18:57 +0100

** Changed in: openldap (Ubuntu)
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Server/Client Support Team, which is subscribed to openldap in Ubuntu.
Matching subscriptions: Ubuntu Server/Client Support Team
https://bugs.launchpad.net/bugs/1909748

Title:
  Apparmor profile improvements for letsencrypt

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1909748/+subscriptions

References

[Bug 1909748] [NEW] Apparmor profile improvements for letsencrypt
From: Paul McEnery, 2020-12-31