rpms/openldap
7
0
Fork 0
Code Issues Pull Requests Releases Activity
549 Commits 7 Branches 35 Tags 2 MiB
0625ae77c6
Commit Graph

496 Commits

Author SHA1 Message Date
Fedora Release Engineering
3eaf4e4abf - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild 
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
 2019-07-25 23:29:39 +00:00
Jitka Plesnikova
1fb1d20a05 Perl 5.30 rebuild 2019-05-30 13:22:08 +02:00
Matúš Honěk
d91e3752b4 Rebase to upstream version 2.4.47 2019-02-13 17:55:21 +01:00
Fedora Release Engineering
f5aae857a3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild 
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
 2019-02-01 17:25:59 +00:00
Björn Esser
f6fb5e8a93
Rebuilt for libcrypt.so.2 (#1666033) 2019-01-14 19:10:54 +01:00
Matúš Honěk
8bd8644add Bump release version (to 2.4.46-11) 
Fixes previous commit.
 2018-12-17 17:11:26 +01:00
Matúš Honěk
3b59a4668d Reference default system-wide CA certificates in manpages 
Resolves: #1611591
 2018-12-17 16:56:07 +01:00
Matúš Honěk
939ce64f7f Revert "Fix: Cannot use SSL3 anymore" 
This reverts commit 53b870b7db.

Turns out the OpenSSL setting SSL_OP_NO_SSLv3 by default means we really should
not use the SSLv3 anymore, so removing the patch that tried hard.
 2018-10-16 11:05:03 +02:00
Matúš Honěk
b325dd4ca4 Backport upstream fixes for ITS 7595 - add OpenSSL EC support 
Resolves: #1623495
 2018-10-09 17:27:20 +02:00
Matúš Honěk
53b870b7db Fix: Cannot use SSL3 anymore 
Resolves: #1592431
 2018-08-14 16:11:47 +02:00
Fedora Release Engineering
7b3fb1195a - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild 
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
 2018-07-13 15:07:42 +00:00
Matúš Honěk
db6986970e Build with LDAP_USE_NON_BLOCKING_TLS 
The default bahviour should not change as the default timeout is
infinity.

Resolves: #1594928
 2018-07-06 19:27:37 +02:00
Matúš Honěk
8b7d2a395d Remove unused leftover MozNSS Compat. Layer references (cont.) 
A bit more for the before previous commmit 5411c84.

Related: #1557967
 2018-07-06 19:16:02 +02:00
Petr Písař
15e6edc515 Perl 5.28 rebuild 2018-07-06 09:36:41 +02:00
Matúš Honěk
5411c8463a Remove unused leftover MozNSS Compat. Layer references 
Related: #1557967
 2018-07-04 16:14:00 +02:00
Matúš Honěk
799c2121f4 Merge branch 'f28' into 'master' for linearity 2018-07-04 13:32:13 +02:00
Matúš Honěk
a9731a320b MozNSS Compat. Layer: Make log messages more clear 
Resolves: #1598103
 2018-07-04 13:07:08 +02:00
Jitka Plesnikova
b7ad18970b Perl 5.28 rebuild 2018-06-27 21:43:08 +02:00
Matúš Honěk
7150aca353 Rebase to version OpenLDAP 2.4.46 
Resolves: #1559652
 2018-03-27 18:46:56 +02:00
Matúš Honěk
81afb5768a Utilize system-wide crypto-policies 
Resolves: #1483979
 2018-03-05 09:48:07 +01:00
Matúš Honěk
6f8a4c6436 Drop superfluous back-sql linking patch 
This patch is not needed any more as we do not build with back-sql at
all.

Related: #1548676
 2018-03-01 10:18:33 +01:00
Matúš Honěk
cd7bdcf821 fix: openldap does not use Fedora build flags 
- %configure introduces the correct flags, however we need* to set our
  custom CFLAGS before the actual run of ./configure, thus we request
  the flags explicitly using %set_build_flags
- dropping %{optflags} which is just a legacy version of
  %{build_cflags} which is already included in $set_build_flags set

* ./configure plays with the flags, hence customizing the CFLAGS after
  %configure does not have a desired effect

Resolves: #1548676
 2018-03-01 10:13:54 +01:00
Matúš Honěk
54acca337f MozNSS Compat. Layer: CA certs extraction fail should be fatal 
Resolves: #1550110
 2018-02-28 19:24:21 +01:00
Matúš Honěk
cd6ded4588 Bump release number 
Related: #1270678, #1537259
 2018-02-21 17:36:13 +01:00
Matúš Honěk
44d9f0fe1b Complete change: Disable TLSMC in F29+ 
- completes commit 60f1a08
 2018-02-14 14:09:27 +01:00
Igor Gnatenko
ed8fb8d19b
systemd-units → systemd 
Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
 2018-02-10 18:52:08 +01:00
Igor Gnatenko
4d3fac9347
switch to %systemd_requires 
Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
 2018-02-10 18:51:55 +01:00
Igor Gnatenko
c358051be4
remove unneeded Requires(post) 
Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
 2018-02-10 18:51:00 +01:00
Igor Gnatenko
96650fcc56
Switch to %ldconfig_scriptlets 
Reference: https://fedoraproject.org/wiki/Changes/Removing_ldconfig_scriptlets
Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
 2018-02-10 18:45:53 +01:00
Igor Gnatenko
f08cb7ec48
don't call ldconfig in servers subacpakge 
servers subpkg installs everything into private libdir, so no need to
call ldconfig (since there is no ld.so.conf for it).

Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
 2018-02-10 18:44:53 +01:00
Igor Gnatenko
7472792967
remove obsolete Group tag 
Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
 2018-02-10 18:42:09 +01:00
Igor Gnatenko
60f1a0883e
disable TLSMC in F29+ 
It should not affect any active Fedora branches, but will save time in
future.

Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
 2018-02-10 11:18:21 +01:00
Igor Gnatenko
e3677af8bb
Escape macros in %changelog 
Reference: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/Y2ZUKK2B7T2IKXPMODNF6HB2O5T5TS6H/
Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
 2018-02-09 09:05:20 +01:00
Matúš Honěk
eff4749dd8 Drop TCP wrappers support 
Resolves: #1531487
 2018-02-07 18:24:53 +01:00
Matúš Honěk
7264811847 MozNSS Compat. Layer: fix incorrect parsing of CACertDir 
NSS DB type prefix was not taken into account at all. Due to this the
path might not have been stat-ed. Thus, last part of the path would
have been considered an NSS DB name prefix which would be incorrect.

(cherry picked from commit 7f41b4a1ffe61c03d65896d82fc6b72a2710c492)
(originally #1533955)

Related: #1400570
 2018-02-07 18:01:42 +01:00
Matúš Honěk
8c29eeec6a MozNSS Compat. Layer: fix PIN disclaimer not always shown 
- ad #1516409#c7 case 1

(cherry picked from commit 6e2bfcadc598ed202cc77e34d5bfdea3d6ed8fbe)
(orginally #1516409)

Related: #1400570
 2018-02-07 18:01:16 +01:00
Matúš Honěk
e6c4c72153 MozNSS Compat. Layer: fix recursive directory deletion 
- ad #1516409#c7 case 2

(cherry picked from commit c66191c12b1bf372204cf3bf0b31759e7b0bd133)
(originally #1516409)

Related: #1400570
 2018-02-07 17:53:30 +01:00
Matúš Honěk
716f3439ac MozNSS Compat. Layer: Ensure consistency of a PEM dir before usage 
+ Warn just before use of a PIN about key file extraction

(cherry picked from commit 856ec5d38c45ffe71774a4d86a36177d3c4ca372)
(originally #1516409)

Related: #1400570
 2018-02-07 17:36:46 +01:00
Matúš Honěk
68ef0e0238 MozNSS Compat. Layer: Enable usage of NSS DB with PEM cert/key 
+ Fix a possible invalid dereference (covscan)

(cherry picked from commit 7abf6fbae6df9bc7cfdd9d28cc52f7676a123d9b)
(originally #1525485)

Related: #1400570
 2018-02-07 17:28:16 +01:00
Björn Esser
1a23456530
Rebuilt for switch to libxcrypt 2018-01-20 23:07:22 +01:00
Matúš Honěk
d181b0472d Fix various MozNSS compatibility layer issues 
+ Force write file with fsync to avoid race conditions
+ Always filestamp both sql and dbm NSS DB variants to not rely on default DB type prefix
+ Allow missing cert and key which is a valid usecase
+ Create extraction folder only in /tmp to simplify selinux rules
+ Fix Covscan issues

Related: #1400570
 2017-12-06 15:13:49 +01:00
Matus Honek
d8e109406e Merge #2 Do not call deleted script from %post section 2017-11-14 14:24:32 +00:00
Matúš Honěk
a33df4e168 Build with OpenSSL with MozNSS compatibility layer 
Resolves: #1400570
 2017-11-03 20:43:25 +01:00
Guido Aulisi
031e2b95cc Do not call deleted script from %post section 
Commit b730f13ce0 deleted certificate
generation scripts, but create_certdb.sh was still called from
%post section.
 2017-10-31 23:21:05 +01:00
Fedora Release Engineering
671ba8f100 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild 2017-08-03 04:32:58 +00:00
Fedora Release Engineering
00533e64f8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild 2017-07-27 01:49:08 +00:00
Petr Písař
3a8a7258ab perl dependency renamed to perl-interpreter <https://fedoraproject.org/wiki/Changes/perl_Package_to_Install_Core_Modules> 2017-07-12 14:16:56 +02:00
Matúš Honěk
35246b7090 Merge branch 'f26' to 'master' 
- Rebase to version 2.4.45 (#1458081)
  * fixes CVE-2017-9287 (#1456712, #1456713)
- Update the 'sources' file with new SHA512 hashes

Related: #1458081
 2017-07-07 17:17:49 +02:00
Matúš Honěk
5c7cdc96e6 Rebase to version 2.4.45 
Resolves: #1458081
 2017-07-07 16:58:40 +02:00
Matúš Honěk
872ea264fa Change Requires to Recommends for nss-tools 
Resolves: #1415086
 2017-07-07 13:49:14 +02:00
Jitka Plesnikova
7a68ca8d9c Perl 5.26 rebuild 2017-06-04 14:18:11 +02:00
Matúš Honěk
af30ccf247 Merge branch 'f25' into f26 for linearity 
Related: #1435692
 2017-03-31 17:22:53 +02:00
Matúš Honěk
32c688fc27 NSS: Maximal TLS protocol version should be equal to NSS default 
Related: #1435689
 2017-03-31 17:08:11 +02:00
Matúš Honěk
8ba6f5c9b7 Merge branch 'f25' into f26 for linearity 
Conflicts:
	openldap.spec

Resolves: #1435692
 2017-03-30 14:55:47 +02:00
Matúš Honěk
54f6fd1feb NSS: Enhance OpenLDAP to support TLSv1.3 protocol with NSS 
Resolves: #1435689
 2017-03-24 20:23:40 +01:00
Matúš Honěk
d0828bee6c NSS: Rearrange ciphers-, parsing-, and protocol-related patches 
In addition, remove (or better, do not include anymore) unused
variables *variant* and *range* that were forgotten to be
removed when landing patch openldap-nss-protocol-version-new-api.patch
in commit 9e30b98.

Related: #1435689
 2017-03-24 20:02:46 +01:00
Fedora Release Engineering
8575fd0248 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild 2017-02-11 00:53:32 +00:00
Matúš Honěk
0cc5bf7254 NSS: Update list of ciphers 
Resolves: #1387868
 2017-01-31 15:58:28 +01:00
Matúš Honěk
22dbdbf78a NSS: Use what NSS considers default for DEFAULT cipher string. 
Related: #1387868
 2017-01-30 16:30:46 +01:00
Matúš Honěk
da1f719199 NSS: fix incorrect multi-keyword parsing and support new ones 
- add multi_mask, negative_mask, and multi_strength
  + some keywords may describe multiple cipher suite parameters at once
- fix masks decision tree
  + all masks have to fit the cipher suite to include it
- correct 'action' evaluation
  + plus sign means ordering (which NSS does not support)
  + no sign presence means adding implicitly
- extend keywords for new future ciphers

Backporting: #1372349
Resolves: #1243517
 2017-01-29 19:46:00 +01:00
Matúš Honěk
45704219c4 fix previous commit 
Related: #1375432
 2017-01-23 14:03:38 +01:00
Matúš Honěk
9e30b985ea Setting olcTLSProtocolMin does not change supported protocols 
Resolves: #1375432
 2017-01-20 14:41:25 +01:00
Petr Písař
31ea2073c9 Mandatory Perl build-requires added <https://fedoraproject.org/wiki/Changes/Build_Root_Without_Perl> 2016-06-24 09:22:43 +02:00
Jitka Plesnikova
0087c276cd Perl 5.24 rebuild 2016-05-15 06:06:55 +02:00
Matúš Honěk
ebc63b919d Update to 2.4.44 
Resolves: #1305191
 2016-05-11 18:29:31 +02:00
Matúš Honěk
a0c7cda8b5 Bring back *.la files in %{_libdir}/openldap/ 
Related: #1331484
 2016-05-03 19:12:27 +02:00
Matúš Honěk
ace19e3e36 Keep *.so libraries in %{_libdir}/openldap/ 
Resolves: #1331484
 2016-04-28 17:43:08 +02:00
Matúš Honěk
8291cbaa23 Include AllOp overlay 
Resolves: #1319782
 2016-04-27 09:58:29 +02:00
Peter Robinson
eb29790db6 Ensure all libtool archive files are removed (.la) 2016-04-10 23:43:12 +01:00
Fedora Release Engineering
65a5310ab6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild 2016-02-04 11:29:03 +00:00
Matúš Honěk
ab9a93cce4 New upstream release 2.4.43 
Resolves: #1253871
 2016-01-21 16:40:54 +01:00
Matúš Honěk
0f227076e4 New upstream release 2.4.41 
Resolves: #1238251
 2015-07-16 10:51:37 +02:00
Dennis Gilmore
58ea27bc6e - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild 2015-06-17 23:59:36 +00:00
Jitka Plesnikova
d22738532e Perl 5.22 rebuild 2015-06-03 14:49:21 +02:00
Jan Synacek
443ffdd194 fix: bring back tmpfiles config (#1215655) 
This reverts commit 521bbc2942.
 2015-04-27 15:20:45 +02:00
Jan Synacek
6e2cf23fa6 remove spurious ghosted file 2015-03-30 10:35:43 +02:00
Jan Synacek
592250ebfb link against moznss again (#1187742) 
Revert "link against openssl by default"

This reverts commit 72da77adb6.
 2015-02-20 11:06:24 +01:00
Jan Synacek
1fb41f2a59 fix: Unknown Berkeley DB major version in db.h (#1191098) 2015-02-11 10:52:43 +01:00
Jan Synacek
5a45ad5a72 CVE-2015-1545: slapd crashes on search with deref control (#1190645) 2015-02-10 09:33:10 +01:00
Jan Synacek
b730f13ce0 simplify package even more by removing certificate generation 
Creating self-signed certificates for localhost is pointless. If anyone
uses TLS, they probably have their own. Testers can generate their own
as well, the package does't have to be plagued by scripts just because
of that.
 2015-01-27 15:25:04 +01:00
Jan Synacek
72da77adb6 link against openssl by default 
This is not an enhancement, this is a bugfix.
 2015-01-27 15:19:00 +01:00
Jan Synacek
ee4af28583 simplify checking for missing server configuration 2015-01-26 14:24:55 +01:00
Jan Synacek
e143df31ee fix invalid ldif introduced in 9a79680 2015-01-26 13:33:14 +01:00
Jan Synacek
521bbc2942 remove tmpfiles config since it's no longer needed 2015-01-26 13:31:31 +01:00
Jan Synacek
0fc0a68e34 renumber patches and sources 2015-01-21 14:24:49 +01:00
Jan Synacek
9a796804cd remove pid file and args file 
We have systemd for that.
 2015-01-21 14:12:31 +01:00
Jan Synacek
b724454515 make mdb default after a new installation 2015-01-21 14:10:09 +01:00
Jan Synacek
7a8ba10b72 remove unneeded configure flags, disable sql backend and aci 
Both SQL backend and ACI are experimental. SQL is unsupported.
 2015-01-19 09:45:07 +01:00
Jan Synacek
41c84187a9 remove old F17 hack 2015-01-16 12:23:49 +01:00
Jan Synacek
c3de3dd938 remove openldap-syncrepl-unset-tls-options.patch 
Unaccepted upstream, not an issue, documented in the man pages.
 2015-01-16 10:28:54 +01:00
Jan Synacek
2594744e83 remove openldap-userconfig-setgid.patch 
Pointless Fedora specific patch.
 2015-01-16 10:27:49 +01:00
Jan Synacek
c1bd7d8503 remove openldap-ldaprc-currentdir.patch 
The upstream ITS has been fixed a long time ago and this patch is Fedora
specific and pointless.
 2015-01-16 10:08:38 +01:00
Jan Synacek
f1bc6682b9 remove openldap-fedora-systemd.patch 
We don't use env variables anymore.
 2015-01-16 09:08:08 +01:00
Jan Synacek
0625d0e501 provide an unversioned symlink to check_password.so.1.1 
So the users don't have to specify the exact version in their configuration.
 2014-12-17 15:32:22 +01:00
Jan Synacek
4840f8de8e improve check_password 
Fix Makefile to accept provided CFLAGS and LDFLAGS. Patch the code a bit.
 2014-12-17 15:27:30 +01:00
Jan Synacek
098f3b5fe6 harden the build 2014-12-17 09:21:38 +01:00
Jan Synacek
40aff41da5 fix changelog after the revert 2014-12-17 09:21:02 +01:00
Jan Synacek
48c6d060f6 Revert "enhancement: generate openldap.pc (#1171493)" 
This reverts commit 79a0b58108.
 2014-12-16 09:52:29 +01:00
Jan Synacek
79a0b58108 enhancement: generate openldap.pc (#1171493) 2014-12-09 12:34:25 +01:00
Jan Synacek
4b2abac9db enhancement: support TLSv1 and later (#1160466) 2014-11-14 09:54:11 +01:00