** Description changed: [ Impact ] * MRE for the latest stable OpenLDAP 2.5.x release, 2.5.12. This update includes bugfixes only following the SRU policy exception defined at https://wiki.ubuntu.com/StableReleaseUpdates/OpenLDAPUpdates. [ Major Changes ] * See the list of bugs fixed in this release here: https://lists.openldap.org/hyperkitty/list/openldap- annou...@openldap.org/thread/LSEQKADYZFFMZJGPEVBRR3OVOY4IOGRA/ * In particular, this release includes the fix for CVE-2022-29155, but since the CVE has already been addressed by the currently OpenLDAP version in Jammy (2.5.11+dfsg-1~exp1ubuntu3.1), this does not classify as a security upload. [ Test Plan ] * Upstream gitlab pipeline results: https://git.openldap.org/openldap/openldap/-/pipelines/4298 * Upstream "call for testing": https://lists.openldap.org/hyperkitty/list/openldap- techni...@openldap.org/thread/5ZJEOQSVFQBG5TRLAAF6S5M3VRJH5IAV/ * As described in the MRE wiki page for OpenLDAP, the test plan is to build the package in bileto and make sure that (1) all build-time tests pass and (2) all autopkgtest runs (from reverse dependencies) also pass. * Build log (amd64) confirming that the build-time testsuite has been performed and completed successfully: - https://launchpadlibrarian.net/606268441/buildlog_ubuntu-jammy- - amd64.openldap_2.5.12+dfsg-1ubuntu0.22.04.1_BUILDING.txt.gz + https://launchpadlibrarian.net/606922528/buildlog_ubuntu-jammy- + amd64.openldap_2.5.12+dfsg-0ubuntu0.22.04.1_BUILDING.txt.gz + + * Bileto ticket: https://bileto.ubuntu.com/#/ticket/4868 [ Where problems could occur ] * Upstream tests are always executed during build-time. There are many reverse dependencies whose dep8 tests depend on OpenLDAP so the coverage is good. Nevertheless, there is always a risk for something to break since we are dealing with a microrelease upgrade. Whenever a test failure is detected, we will be on top of it and make sure it doesn't affect existing users. [ Other Info ] - * This is a reoccurring MRE. See below for previous MRE's links. + * This is a reoccurring MRE. See below for links to previous OpenLDAP + MREs. + * CVEs fixed by this release: - - CVE-2022-29155, which has already been addressed in Jammy + - CVE-2022-29155, which has already been addressed in Jammy. Current versions in supported releases that got updates: openldap | 2.5.11+dfsg-1~exp1ubuntu3.1 | jammy-updates | source Special cases: - None. Previous MREs for OpenLDAP: - None so far. As usual we test and prep from the PPA and then push through SRU/Security as applicable.
-- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1977627 Title: New upstream microrelease 2.5.12 Status in openldap package in Ubuntu: New Status in openldap source package in Jammy: In Progress Bug description: [ Impact ] * MRE for the latest stable OpenLDAP 2.5.x release, 2.5.12. This update includes bugfixes only following the SRU policy exception defined at https://wiki.ubuntu.com/StableReleaseUpdates/OpenLDAPUpdates. [ Major Changes ] * See the list of bugs fixed in this release here: https://lists.openldap.org/hyperkitty/list/openldap- annou...@openldap.org/thread/LSEQKADYZFFMZJGPEVBRR3OVOY4IOGRA/ * In particular, this release includes the fix for CVE-2022-29155, but since the CVE has already been addressed by the currently OpenLDAP version in Jammy (2.5.11+dfsg-1~exp1ubuntu3.1), this does not classify as a security upload. [ Test Plan ] * Upstream gitlab pipeline results: https://git.openldap.org/openldap/openldap/-/pipelines/4298 * Upstream "call for testing": https://lists.openldap.org/hyperkitty/list/openldap- techni...@openldap.org/thread/5ZJEOQSVFQBG5TRLAAF6S5M3VRJH5IAV/ * As described in the MRE wiki page for OpenLDAP, the test plan is to build the package in bileto and make sure that (1) all build-time tests pass and (2) all autopkgtest runs (from reverse dependencies) also pass. * Build log (amd64) confirming that the build-time testsuite has been performed and completed successfully: https://launchpadlibrarian.net/606922528/buildlog_ubuntu-jammy- amd64.openldap_2.5.12+dfsg-0ubuntu0.22.04.1_BUILDING.txt.gz * Bileto ticket: https://bileto.ubuntu.com/#/ticket/4868 [ Where problems could occur ] * Upstream tests are always executed during build-time. There are many reverse dependencies whose dep8 tests depend on OpenLDAP so the coverage is good. Nevertheless, there is always a risk for something to break since we are dealing with a microrelease upgrade. Whenever a test failure is detected, we will be on top of it and make sure it doesn't affect existing users. [ Other Info ] * This is a reoccurring MRE. See below for links to previous OpenLDAP MREs. * CVEs fixed by this release: - CVE-2022-29155, which has already been addressed in Jammy. Current versions in supported releases that got updates: openldap | 2.5.11+dfsg-1~exp1ubuntu3.1 | jammy-updates | source Special cases: - None. Previous MREs for OpenLDAP: - None so far. As usual we test and prep from the PPA and then push through SRU/Security as applicable. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1977627/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
