Debian Bug report logs - #505191
slapd: TLS connection won't work with GnuTLS

version graph

Package: slapd; Maintainer for slapd is Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>; Source for slapd is src:openldap.

Reported by: LEVAI Daniel <leva@ecentrum.hu>

Date: Mon, 10 Nov 2008 12:33:01 UTC

Severity: important

Tags: fixed-upstream, patch, pending, upstream

Found in version openldap/2.4.11-1

Fixed in version openldap/2.4.17-1

Done: Steve Langasek <vorlon@debian.org>

Bug is archived. No further changes may be made.

Forwarded to http://www.OpenLDAP.org/its/index.cgi?findid=5981

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>:
Bug#505191; Package slapd. (Mon, 10 Nov 2008 12:33:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to LEVAI Daniel <leva@ecentrum.hu> :
New Bug report received and forwarded. Copy sent to Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>. (Mon, 10 Nov 2008 12:33:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: LEVAI Daniel <leva@ecentrum.hu>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: slapd: TLS connection won't work with GnuTLS
Date: Mon, 10 Nov 2008 11:02:02 +0100
Package: slapd
Version: 2.4.11-1
Severity: important

I'm using Debian testing, and installed slapd along with ldap-utils.
I've configured my slapd, with settings:                            
[...]                                                               
TLSCACertificateFile    /etc/ssl/certs/fileserver.digiszfv.pem      
TLSCertificateFile      /etc/ssl/openldap_cert.pem                  
TLSCertificateKeyFile   /etc/ssl/private/openldap_key.pem           
TLSVerifyClient         try                                         
[...]                                                               

The server is running with these parameters:
$ pgrep -lf slapd                           
29104 /usr/sbin/slapd -h ldap://fileserver.digiszfv:389/ ldaps://fileserver.digiszfv/ -g openldap -u openldap -f /etc/ldap/slapd.conf                                                                                                 

When trying to reach it:
$ ldapsearch -d 1 -Wx '(objectclass=*)' -H ldaps://fileserver.digiszfv
ldap_url_parse_ext(ldaps://fileserver.digiszfv)                       
ldap_create                                                           
ldap_url_parse_ext(ldaps://fileserver.digiszfv:636/??base)            
Enter LDAP Password:                                                  
ldap_sasl_bind                                                        
ldap_send_initial_request                                             
ldap_new_connection 1 1 0                                             
ldap_int_open_connection                                              
ldap_connect_to_host: TCP fileserver.digiszfv:636                     
ldap_new_socket: 3                                                    
ldap_prepare_socket: 3                                                
ldap_connect_to_host: Trying 192.168.1.3:636                          
ldap_pvt_connect: fd: 3 tm: -1 async: 0                               
ldap_open_defconn: successful                                         
ldap_send_server_request                                              
ber_scanf fmt ({it) ber:                                              
ber_scanf fmt ({i) ber:                                               
ber_flush2: 14 bytes to sd 3                                          
ldap_result ld 0x6120b0 msgid 1                                       
wait4msg ld 0x6120b0 msgid 1 (infinite timeout)                       
wait4msg continue ld 0x6120b0 msgid 1 all 1                           
** ld 0x6120b0 Connections:                                           
* host: fileserver.digiszfv  port: 636  (default)                     
  refcnt: 2  status: Connected                                        
  last used: Mon Nov 10 10:51:02 2008                                 


** ld 0x6120b0 Outstanding Requests:
 * msgid 1,  origid 1, status InProgress
   outstanding referrals 0, parent count 0
  ld 0x6120b0 request count 1 (abandoned 0)
** ld 0x6120b0 Response Queue:             
   Empty                                   
  ld 0x6120b0 response count 0             
ldap_chkResponseList ld 0x6120b0 msgid 1 all 1
ldap_chkResponseList returns ld 0x6120b0 NULL 
ldap_int_select                               
read1msg: ld 0x6120b0 msgid 1 all 1           
ber_get_next                                  
ldap_free_connection 1 0                      
ldap_free_connection: actually freed          
ldap_err2string                               
ldap_result: Can't contact LDAP server (-1)   

Meanwhile in the syslog:
slapd[29104]: slap_listener_activate(9):
slapd[29104]: >>> slap_listener(ldaps://fileserver.digiszfv/)
slapd[29104]: connection_get(14): got connid=1               
slapd[29104]: connection_read(14): checking for input on id=1
slapd[29104]: connection_get(14): got connid=1               
slapd[29104]: connection_read(14): checking for input on id=1
slapd[29104]: connection_get(14): got connid=1               
slapd[29104]: connection_read(14): checking for input on id=1
slapd[29104]: connection_get(14): got connid=1               
slapd[29104]: connection_read(14): checking for input on id=1
slapd[29104]: connection_get(14): got connid=1               
slapd[29104]: connection_read(14): checking for input on id=1
slapd[29104]: connection_read(14): TLS accept failure error=-1 id=1, closing
slapd[29104]: connection_closing: readying conn=1 sd=14 for close           
slapd[29104]: connection_close: conn=1 sd=14                                

The situation is the same when connecting to port 389, with the option -ZZ passed to ldapsearch.

What is working, is the connection without TLS:
$ ldapsearch -Wx '(objectclass=*)' -H ldap://fileserver.digiszfv
Enter LDAP Password:                                            
# extended LDIF                                                 
#                                                               
# LDAPv3                                                        
# base <> (default) with scope subtree                          
# filter: (objectclass=*)                                       
# requesting: ALL                                               
#                                                               

# search result
search: 2      
result: 32 No such object

# numResponses: 1

( Yes, it is an empty database )

I've downloaded the source package, modified the configure option; changed the --with-tls=gnutls to
--with-tls=openssl, and debuilt it. It is working with openssl, excluding the fact, that           
I can not connect to it with an ldapsearch linked against GnuTLS, only with an ldapsearch compiled with
OpenSSL, but I think this will (or will not) be another bug report. Let's focus on the problem with slapd
compiled against GnuTLS, which is not accepting TLS connections.                                         

Connecting to slapd with GnuTLS, using openssl as client:
$ openssl s_client -CAfile /etc/ssl/certs/fileserver.digiszfv.pem -connect fileserver.digiszfv:636 < /dev/null
[...]                                                                                                         
---                                                                                                           
SSL handshake has read 1122 bytes and written 328 bytes                                                       
---                                                                                                           
New, TLSv1/SSLv3, Cipher is AES256-SHA                                                                        
Server public key is 1024 bit                                                                                 
Compression: NONE                                                                                             
Expansion: NONE                                                                                               
SSL-Session:                                                                                                  
    Protocol  : TLSv1                                                                                         
    Cipher    : AES256-SHA                                                                                    
    Session-ID: AFB219E271AE35919C806F924A240E6E3790DF73F1A01FBA99A07CDB7DF3AEBB                              
    Session-ID-ctx:                                                                                           
    Master-Key: 16308E65B369B3BD4CA36168B7C9AC824049B3BB924A0FF8462EA87FB0B0F1374B133AC2D89122D446E20375AD50E93D
    Key-Arg   : None                                                                                            
    Start Time: 1226311045                                                                                      
    Timeout   : 300 (sec)                                                                                       
    Verify return code: 0 (ok)                                                                                  
---                                                                                                             
closed                                                                                                          

-- 
Daniel


-- System Information:
Debian Release: lenny/sid
  APT prefers testing    
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)  

Kernel: Linux 2.6.24-etchnhalf.1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=hu_HU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash                            

Versions of packages slapd depends on:
ii  adduser                  3.110           add and remove users and groups
ii  coreutils                6.10-6          The GNU core utilities         
ii  debconf [debconf-2.0]    1.5.22          Debian configuration management sy
ii  libc6                    2.7-15          GNU C Library: Shared libraries   
ii  libdb4.2                 4.2.52+dfsg-5   Berkeley v4.2 Database Libraries [
ii  libgnutls26              2.4.2-1         the GNU TLS library - runtime libr
ii  libldap-2.4-2            2.4.11-1        OpenLDAP libraries
ii  libltdl3                 1.5.26-4        A system independent dlopen wrappe
ii  libperl5.10              5.10.0-16       Shared Perl library
ii  libsasl2-2               2.1.22.dfsg1-23 Cyrus SASL - authentication abstra
ii  libslp1                  1.2.1-7.4       OpenSLP libraries
ii  libwrap0                 7.6.q-16        Wietse Venema's TCP wrappers libra
ii  perl [libmime-base64-per 5.10.0-16       Larry Wall's Practical Extraction
ii  psmisc                   22.6-1          Utilities that use the proc filesy
ii  unixodbc                 2.2.11-16       ODBC tools libraries

Versions of packages slapd recommends:
ii  libsasl2-modules         2.1.22.dfsg1-23 Cyrus SASL - pluggable authenticat

Versions of packages slapd suggests:
ii  ldap-utils                    2.4.11-1   OpenLDAP utilities

-- debconf-show failed




Information forwarded to debian-bugs-dist@lists.debian.org, Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>:
Bug#505191; Package slapd. (Sat, 28 Feb 2009 22:48:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Peter Marschall <peter@adpm.de>:
Extra info received and forwarded to list. Copy sent to Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>. (Sat, 28 Feb 2009 22:48:02 GMT) Full text and rfc822 format available.

Message #10 received at 505191@bugs.debian.org (full text, mbox):

From: Peter Marschall <peter@adpm.de>
To: Debian Bug Tracking System <505191@bugs.debian.org>
Subject: slapd: [patch] fix TLSVerifyClient try
Date: Sat, 28 Feb 2009 23:43:14 +0100
[Message part 1 (text/plain, inline)]
Package: slapd
Version: 2.4.15-1p
Followup-For: Bug #505191

The attached patch fixes the
	 TLSVerifyclient try
issue for me.
It also fixes a few compiler warnings.

-- System Information:
Debian Release: 5.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.26-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages slapd depends on:
ii  adduser                  3.110           add and remove users and groups
ii  coreutils                6.10-6          The GNU core utilities
ii  debconf [debconf-2.0]    1.5.24          Debian configuration management sy
ii  libc6                    2.7-18          GNU C Library: Shared libraries
ii  libdb4.7                 4.7.25-6        Berkeley v4.7 Database Libraries [
ii  libgnutls26              2.6.4-2         the GNU TLS library - runtime libr
ii  libgssapi2-heimdal       1.2.dfsg.1-2.1  Heimdal Kerberos - GSSAPI support 
ii  libldap-2.4-2            2.4.15-1pm1     OpenLDAP libraries
ii  libltdl3                 1.5.26-4        A system independent dlopen wrappe
ii  libperl5.10              5.10.0-19       Shared Perl library
ii  libsasl2-2               2.1.22.dfsg1-23 Cyrus SASL - authentication abstra
ii  libslp1                  1.2.1-7.5       OpenSLP libraries
ii  libwrap0                 7.6.q-16        Wietse Venema's TCP wrappers libra
ii  perl [libmime-base64-per 5.10.0-19       Larry Wall's Practical Extraction 
ii  psmisc                   22.6-1          Utilities that use the proc filesy
ii  unixodbc                 2.2.11-16       ODBC tools libraries

Versions of packages slapd recommends:
ii  libsasl2-modules         2.1.22.dfsg1-23 Cyrus SASL - pluggable authenticat

Versions of packages slapd suggests:
ii  ldap-utils                   2.4.15-1pm1 OpenLDAP utilities

-- debconf information excluded
[openldap-2.4.15-debian505191.patch (text/x-c, attachment)]

Tags added: patch Request was from Peter Marschall <peter@adpm.de> to control@bugs.debian.org. (Sun, 01 Mar 2009 12:27:07 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>:
Bug#505191; Package slapd. (Sun, 01 Mar 2009 12:36:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Peter Marschall <peter@adpm.de>:
Extra info received and forwarded to list. Copy sent to Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>. (Sun, 01 Mar 2009 12:36:05 GMT) Full text and rfc822 format available.

Message #17 received at 505191@bugs.debian.org (full text, mbox):

From: Peter Marschall <peter@adpm.de>
To: 505191@bugs.debian.org
Subject: reported upstream
Date: Sun, 1 Mar 2009 13:32:52 +0100
Hi,

I have reported it upstream too: OpenLDAP ITS#5981.

The upstream report contains a slightly extended version of the patch,
that fixes more compiler warnings.

Regards
Peter
-- 
Peter Marschall
peter@adpm.de




Tags added: upstream Request was from Peter Marschall <peter.marschall@adpm.de> to control@bugs.debian.org. (Sun, 01 Mar 2009 13:54:07 GMT) Full text and rfc822 format available.

Noted your statement that Bug has been forwarded to http://www.OpenLDAP.org/its/index.cgi?findid=5981. Request was from Steve Langasek <vorlon@debian.org> to control@bugs.debian.org. (Sun, 01 Mar 2009 20:09:05 GMT) Full text and rfc822 format available.

Bug no longer marked as found in version 2.4.15-1p. Request was from Steve Langasek <vorlon@debian.org> to control@bugs.debian.org. (Sun, 01 Mar 2009 23:03:09 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>:
Bug#505191; Package slapd. (Mon, 02 Mar 2009 01:27:07 GMT) Full text and rfc822 format available.

Acknowledgement sent to Steve Langasek <vorlon@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>. (Mon, 02 Mar 2009 01:27:07 GMT) Full text and rfc822 format available.

Message #28 received at 505191@bugs.debian.org (full text, mbox):

From: Steve Langasek <vorlon@debian.org>
To: Peter Marschall <peter@adpm.de>, 505191@bugs.debian.org
Subject: Re: [Pkg-openldap-devel] Bug#505191: slapd: [patch] fix TLSVerifyClient try
Date: Sun, 1 Mar 2009 17:24:06 -0800
On Sat, Feb 28, 2009 at 11:43:14PM +0100, Peter Marschall wrote:
> Package: slapd
> Version: 2.4.15-1p
> Followup-For: Bug #505191

> The attached patch fixes the
> 	 TLSVerifyclient try
> issue for me.
> It also fixes a few compiler warnings.

The patch looks reasonable to me, but I'm going to wait for upstream
confirmation before applying it to the package.

I think it would also be better if you didn't intermingle fixes for compiler
warnings with the functional changes needed to fix this bug.

-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                    http://www.debian.org/
slangasek@ubuntu.com                                     vorlon@debian.org




Information forwarded to debian-bugs-dist@lists.debian.org, Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>:
Bug#505191; Package slapd. (Sat, 07 Mar 2009 11:45:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Peter Marschall <peter@adpm.de>:
Extra info received and forwarded to list. Copy sent to Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>. (Sat, 07 Mar 2009 11:45:06 GMT) Full text and rfc822 format available.

Message #33 received at 505191@bugs.debian.org (full text, mbox):

From: Peter Marschall <peter@adpm.de>
To: Steve Langasek <vorlon@debian.org>
Cc: 505191@bugs.debian.org
Subject: Re: [Pkg-openldap-devel] Bug#505191: slapd: [patch] fix TLSVerifyClient try
Date: Sat, 7 Mar 2009 12:42:45 +0100
Hi,

On Monday, 2. March 2009, Steve Langasek wrote:
> On Sat, Feb 28, 2009 at 11:43:14PM +0100, Peter Marschall wrote:
> > Package: slapd
> > Version: 2.4.15-1p
> > Followup-For: Bug #505191
> >
> > The attached patch fixes the
> > 	 TLSVerifyclient try
> > issue for me.
> > It also fixes a few compiler warnings.
>
> The patch looks reasonable to me, but I'm going to wait for upstream
> confirmation before applying it to the package.

It's applied upstream.

> I think it would also be better if you didn't intermingle fixes for
> compiler warnings with the functional changes needed to fix this bug.

You're right.
Next time, I'll do.

Regards
Peter

-- 
Peter Marschall
peter@adpm.de




Information forwarded to debian-bugs-dist@lists.debian.org, Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>:
Bug#505191; Package slapd. (Sun, 08 Mar 2009 22:33:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Steve Langasek <vorlon@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>. (Sun, 08 Mar 2009 22:33:02 GMT) Full text and rfc822 format available.

Message #38 received at 505191@bugs.debian.org (full text, mbox):

From: Steve Langasek <vorlon@debian.org>
To: Peter Marschall <peter@adpm.de>, 505191@bugs.debian.org
Subject: Re: Bug#505191: slapd: [patch] fix TLSVerifyClient try
Date: Sun, 8 Mar 2009 15:31:17 -0700
tags 505191 fixed-upstream
thanks

On Sat, Mar 07, 2009 at 12:42:45PM +0100, Peter Marschall wrote:

> > The patch looks reasonable to me, but I'm going to wait for upstream
> > confirmation before applying it to the package.

> It's applied upstream.

Ok, great!  It looks like there are a number of other important fixes
pending for 2.4.16 which we'll want to grab - I think rather than
cherry-picking this one fix (CVS == hate), I'll wait for 2.4.16 to be
released so we can get it that way.

-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                    http://www.debian.org/
slangasek@ubuntu.com                                     vorlon@debian.org




Tags added: fixed-upstream Request was from Steve Langasek <vorlon@debian.org> to control@bugs.debian.org. (Sun, 08 Mar 2009 22:33:04 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>:
Bug#505191; Package slapd. (Sun, 08 Mar 2009 23:39:08 GMT) Full text and rfc822 format available.

Acknowledgement sent to Quanah Gibson-Mount <quanah@zimbra.com>:
Extra info received and forwarded to list. Copy sent to Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>. (Sun, 08 Mar 2009 23:39:08 GMT) Full text and rfc822 format available.

Message #45 received at 505191@bugs.debian.org (full text, mbox):

From: Quanah Gibson-Mount <quanah@zimbra.com>
To: Steve Langasek <vorlon@debian.org>, 505191@bugs.debian.org, Peter Marschall <peter@adpm.de>
Subject: Re: [Pkg-openldap-devel] Bug#505191: slapd: [patch] fix TLSVerifyClient try
Date: Sun, 08 Mar 2009 16:36:35 -0700
--On Sunday, March 08, 2009 3:31 PM -0700 Steve Langasek 
<vorlon@debian.org> wrote:

> tags 505191 fixed-upstream
> thanks
>
> On Sat, Mar 07, 2009 at 12:42:45PM +0100, Peter Marschall wrote:
>
>> > The patch looks reasonable to me, but I'm going to wait for upstream
>> > confirmation before applying it to the package.
>
>> It's applied upstream.
>
> Ok, great!  It looks like there are a number of other important fixes
> pending for 2.4.16 which we'll want to grab - I think rather than
> cherry-picking this one fix (CVS == hate), I'll wait for 2.4.16 to be
> released so we can get it that way.

Hopefully that'll be out in the next week or two.  I have a few pending 
fixes to pull in, and I'm looking to see if there's one residual issue that 
may need fixing.

Before we do a release, I'll be calling for a round of testing on 
openldap-devel@openldap.org.  We had major breakage for GnuTLS in 2.4.14 
because so far, we have zero testers who test against it that actually use 
GnuTLS rather than OpenSSL.  Peter, I'm hoping you'd be willing to take 
that up when I do the testing call. :)

--Quanah

--

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration




Added tag(s) pending. Request was from vorlon@alioth.debian.org to control@bugs.debian.org. (Tue, 28 Jul 2009 17:21:02 GMT) Full text and rfc822 format available.

Reply sent to Steve Langasek <vorlon@debian.org>:
You have taken responsibility. (Wed, 29 Jul 2009 01:15:06 GMT) Full text and rfc822 format available.

Notification sent to LEVAI Daniel <leva@ecentrum.hu> :
Bug acknowledged by developer. (Wed, 29 Jul 2009 01:15:06 GMT) Full text and rfc822 format available.

Message #52 received at 505191-close@bugs.debian.org (full text, mbox):

From: Steve Langasek <vorlon@debian.org>
To: 505191-close@bugs.debian.org
Subject: Bug#505191: fixed in openldap 2.4.17-1
Date: Wed, 29 Jul 2009 00:47:07 +0000
Source: openldap
Source-Version: 2.4.17-1

We believe that the bug you reported is fixed in the latest version of
openldap, which is due to be installed in the Debian FTP archive:

ldap-utils_2.4.17-1_amd64.deb
  to pool/main/o/openldap/ldap-utils_2.4.17-1_amd64.deb
libldap-2.4-2-dbg_2.4.17-1_amd64.deb
  to pool/main/o/openldap/libldap-2.4-2-dbg_2.4.17-1_amd64.deb
libldap-2.4-2_2.4.17-1_amd64.deb
  to pool/main/o/openldap/libldap-2.4-2_2.4.17-1_amd64.deb
libldap2-dev_2.4.17-1_amd64.deb
  to pool/main/o/openldap/libldap2-dev_2.4.17-1_amd64.deb
openldap_2.4.17-1.diff.gz
  to pool/main/o/openldap/openldap_2.4.17-1.diff.gz
openldap_2.4.17-1.dsc
  to pool/main/o/openldap/openldap_2.4.17-1.dsc
openldap_2.4.17.orig.tar.gz
  to pool/main/o/openldap/openldap_2.4.17.orig.tar.gz
slapd-dbg_2.4.17-1_amd64.deb
  to pool/main/o/openldap/slapd-dbg_2.4.17-1_amd64.deb
slapd_2.4.17-1_amd64.deb
  to pool/main/o/openldap/slapd_2.4.17-1_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 505191@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Steve Langasek <vorlon@debian.org> (supplier of updated openldap package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 28 Jul 2009 10:17:15 -0700
Source: openldap
Binary: slapd ldap-utils libldap-2.4-2 libldap-2.4-2-dbg libldap2-dev slapd-dbg
Architecture: source amd64
Version: 2.4.17-1
Distribution: unstable
Urgency: low
Maintainer: Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>
Changed-By: Steve Langasek <vorlon@debian.org>
Description: 
 ldap-utils - OpenLDAP utilities
 libldap-2.4-2 - OpenLDAP libraries
 libldap-2.4-2-dbg - Debugging information for OpenLDAP libraries
 libldap2-dev - OpenLDAP development libraries
 slapd      - OpenLDAP server (slapd)
 slapd-dbg  - Debugging information for the OpenLDAP server (slapd)
Closes: 496749 498116 505191 521804 522965 524770
Changes: 
 openldap (2.4.17-1) unstable; urgency=low
 .
   * New upstream version.
     - Fixes FTBFS on ia64 with -fPIE. Closes: #524770.
     - Fixes some TLS issues with GnuTLS.  Closes: #505191.
   * Update priority of libldap-2.4-2 to match the archive override.
   * Add the missing ldapexop and ldapurl tools to ldap-utils, as well as the
     ldapurl(1) manpage.  Thanks to Peter Marschall for the patch.
     Closes: #496749.
   * Bump build-dependency on debhelper to 6 instead of 5, since that's
     what we're using.  Closes: #498116.
   * Set the default SLAPD_SERVICES to ldap:/// ldapi:///, instead of using
     the built-in default of ldap:/// only.
   * Build-depend on libltdl-dev | libltdl3-dev (>= 1.4.3), for the package
     name change.  Closes: #522965.
 .
   [ Updated debconf translations ]
   * Spanish, thanks to Francisco Javier Cuadrado <fcocuadrado@gmail.com>.
     Closes: #521804.
Checksums-Sha1: 
 772bcabafabf9e87a51e924398ef44a873825cb1 1808 openldap_2.4.17-1.dsc
 33c44d1ebc759e8baddb6fe9a0a7338577d3e453 4665057 openldap_2.4.17.orig.tar.gz
 08c44221a92ed1de4858829d5fbdb5174f27a7ea 146101 openldap_2.4.17-1.diff.gz
 593e3d7fbf0d784a34e9c2f81df854f091018c96 1557606 slapd_2.4.17-1_amd64.deb
 563bf3724a10d827e0f8374364a79821d877638e 313072 ldap-utils_2.4.17-1_amd64.deb
 cfebd9a6335f13a278c6af690f393e77e89e43cb 207364 libldap-2.4-2_2.4.17-1_amd64.deb
 69bb2249c714c183f42b8fbef2d2afe1b79832f3 315904 libldap-2.4-2-dbg_2.4.17-1_amd64.deb
 504dc190d33482f9c218733ceb0af4a3de3ecbb7 919300 libldap2-dev_2.4.17-1_amd64.deb
 8f9b268f69ae6852856c09ce89af3965e1c022d9 3930750 slapd-dbg_2.4.17-1_amd64.deb
Checksums-Sha256: 
 50a37c2f5120ef8220bbcde88a7cf6a69521f759515c938d1ba27b835b326d7f 1808 openldap_2.4.17-1.dsc
 e5d0b414e5546160dd054998a1e4224f069a97596854288c71a3b70ce579214e 4665057 openldap_2.4.17.orig.tar.gz
 7651d2d8e28b035a36baf19c9a9b7f8ea356a52eb657067f41471bb8a10b259a 146101 openldap_2.4.17-1.diff.gz
 98877ca5f4a5837f60169b419236b59ec57ad678d65594d26b64ff1aa16ee6d6 1557606 slapd_2.4.17-1_amd64.deb
 7dea28d5bba1b9c2038607586cd9dd0d4f83406cbd6bc8fb3e711cdd5a36b349 313072 ldap-utils_2.4.17-1_amd64.deb
 69cd802999850e076c6eed9a6b8a55c2399052c9ca5042043b5e6c7e9704d7b8 207364 libldap-2.4-2_2.4.17-1_amd64.deb
 ea9fd340d8275df4ded3f4be11f377c8fbb565128ff49e24ee661658cbf98b05 315904 libldap-2.4-2-dbg_2.4.17-1_amd64.deb
 1a173e93edda79e58276e6ef8e96298e83670ade77a2e55a30f8d1cf7109b5d4 919300 libldap2-dev_2.4.17-1_amd64.deb
 a82b69f8553297ffc5f1de92b4b1dd50ab879c5fa3b4c773993d59b53ae7afdd 3930750 slapd-dbg_2.4.17-1_amd64.deb
Files: 
 4d743cdbe9078e423308ac6a4ccdfb54 1808 net optional openldap_2.4.17-1.dsc
 b1380c3ec9e8c4def473dd8aef9ce352 4665057 net optional openldap_2.4.17.orig.tar.gz
 4af03e488d0505429c53c339883a92ff 146101 net optional openldap_2.4.17-1.diff.gz
 a770e70390fc5d034b77f85a1aabbfa3 1557606 net optional slapd_2.4.17-1_amd64.deb
 8243648504735391d66f2c6eb1950e3d 313072 net optional ldap-utils_2.4.17-1_amd64.deb
 b89a7224f728696372ca184e1b844227 207364 libs standard libldap-2.4-2_2.4.17-1_amd64.deb
 88988523a5b090a864f0db5293dcb597 315904 libdevel extra libldap-2.4-2-dbg_2.4.17-1_amd64.deb
 e105061e5a5c27a702e997a059f35ce1 919300 libdevel extra libldap2-dev_2.4.17-1_amd64.deb
 d3433476d2b43e8888175625d8e0ec8b 3930750 net extra slapd-dbg_2.4.17-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFKb5bLKN6ufymYLloRAjZdAJ0fddYjgpOTvMsuvSWpu48wxofTfACgs7EQ
X81oWQarci0s/551seZ1jD0=
=dMv4
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Fri, 18 Sep 2009 07:51:14 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Apr 19 00:39:47 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.