rpms/openldap
7
0
Fork 0
Code Issues Pull Requests Releases Activity
549 Commits 7 Branches 35 Tags 2 MiB
0625ae77c6
Commit Graph

496 Commits

Author SHA1 Message Date
Jitka Plesnikova
7a68ca8d9c Perl 5.26 rebuild 2017-06-04 14:18:11 +02:00
Matúš Honěk
af30ccf247 Merge branch 'f25' into f26 for linearity 
Related: #1435692
 2017-03-31 17:22:53 +02:00
Matúš Honěk
32c688fc27 NSS: Maximal TLS protocol version should be equal to NSS default 
Related: #1435689
 2017-03-31 17:08:11 +02:00
Matúš Honěk
8ba6f5c9b7 Merge branch 'f25' into f26 for linearity 
Conflicts:
	openldap.spec

Resolves: #1435692
 2017-03-30 14:55:47 +02:00
Matúš Honěk
54f6fd1feb NSS: Enhance OpenLDAP to support TLSv1.3 protocol with NSS 
Resolves: #1435689
 2017-03-24 20:23:40 +01:00
Matúš Honěk
d0828bee6c NSS: Rearrange ciphers-, parsing-, and protocol-related patches 
In addition, remove (or better, do not include anymore) unused
variables *variant* and *range* that were forgotten to be
removed when landing patch openldap-nss-protocol-version-new-api.patch
in commit 9e30b98.

Related: #1435689
 2017-03-24 20:02:46 +01:00
Fedora Release Engineering
8575fd0248 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild 2017-02-11 00:53:32 +00:00
Matúš Honěk
0cc5bf7254 NSS: Update list of ciphers 
Resolves: #1387868
 2017-01-31 15:58:28 +01:00
Matúš Honěk
22dbdbf78a NSS: Use what NSS considers default for DEFAULT cipher string. 
Related: #1387868
 2017-01-30 16:30:46 +01:00
Matúš Honěk
da1f719199 NSS: fix incorrect multi-keyword parsing and support new ones 
- add multi_mask, negative_mask, and multi_strength
  + some keywords may describe multiple cipher suite parameters at once
- fix masks decision tree
  + all masks have to fit the cipher suite to include it
- correct 'action' evaluation
  + plus sign means ordering (which NSS does not support)
  + no sign presence means adding implicitly
- extend keywords for new future ciphers

Backporting: #1372349
Resolves: #1243517
 2017-01-29 19:46:00 +01:00
Matúš Honěk
45704219c4 fix previous commit 
Related: #1375432
 2017-01-23 14:03:38 +01:00
Matúš Honěk
9e30b985ea Setting olcTLSProtocolMin does not change supported protocols 
Resolves: #1375432
 2017-01-20 14:41:25 +01:00
Petr Písař
31ea2073c9 Mandatory Perl build-requires added <https://fedoraproject.org/wiki/Changes/Build_Root_Without_Perl> 2016-06-24 09:22:43 +02:00
Jitka Plesnikova
0087c276cd Perl 5.24 rebuild 2016-05-15 06:06:55 +02:00
Matúš Honěk
ebc63b919d Update to 2.4.44 
Resolves: #1305191
 2016-05-11 18:29:31 +02:00
Matúš Honěk
a0c7cda8b5 Bring back *.la files in %{_libdir}/openldap/ 
Related: #1331484
 2016-05-03 19:12:27 +02:00
Matúš Honěk
ace19e3e36 Keep *.so libraries in %{_libdir}/openldap/ 
Resolves: #1331484
 2016-04-28 17:43:08 +02:00
Matúš Honěk
8291cbaa23 Include AllOp overlay 
Resolves: #1319782
 2016-04-27 09:58:29 +02:00
Peter Robinson
eb29790db6 Ensure all libtool archive files are removed (.la) 2016-04-10 23:43:12 +01:00
Fedora Release Engineering
65a5310ab6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild 2016-02-04 11:29:03 +00:00
Matúš Honěk
ab9a93cce4 New upstream release 2.4.43 
Resolves: #1253871
 2016-01-21 16:40:54 +01:00
Matúš Honěk
0f227076e4 New upstream release 2.4.41 
Resolves: #1238251
 2015-07-16 10:51:37 +02:00
Dennis Gilmore
58ea27bc6e - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild 2015-06-17 23:59:36 +00:00
Jitka Plesnikova
d22738532e Perl 5.22 rebuild 2015-06-03 14:49:21 +02:00
Jan Synacek
443ffdd194 fix: bring back tmpfiles config (#1215655) 
This reverts commit 521bbc2942.
 2015-04-27 15:20:45 +02:00
Jan Synacek
6e2cf23fa6 remove spurious ghosted file 2015-03-30 10:35:43 +02:00
Jan Synacek
592250ebfb link against moznss again (#1187742) 
Revert "link against openssl by default"

This reverts commit 72da77adb6.
 2015-02-20 11:06:24 +01:00
Jan Synacek
1fb41f2a59 fix: Unknown Berkeley DB major version in db.h (#1191098) 2015-02-11 10:52:43 +01:00
Jan Synacek
5a45ad5a72 CVE-2015-1545: slapd crashes on search with deref control (#1190645) 2015-02-10 09:33:10 +01:00
Jan Synacek
b730f13ce0 simplify package even more by removing certificate generation 
Creating self-signed certificates for localhost is pointless. If anyone
uses TLS, they probably have their own. Testers can generate their own
as well, the package does't have to be plagued by scripts just because
of that.
 2015-01-27 15:25:04 +01:00
Jan Synacek
72da77adb6 link against openssl by default 
This is not an enhancement, this is a bugfix.
 2015-01-27 15:19:00 +01:00
Jan Synacek
ee4af28583 simplify checking for missing server configuration 2015-01-26 14:24:55 +01:00
Jan Synacek
e143df31ee fix invalid ldif introduced in 9a79680 2015-01-26 13:33:14 +01:00
Jan Synacek
521bbc2942 remove tmpfiles config since it's no longer needed 2015-01-26 13:31:31 +01:00
Jan Synacek
0fc0a68e34 renumber patches and sources 2015-01-21 14:24:49 +01:00
Jan Synacek
9a796804cd remove pid file and args file 
We have systemd for that.
 2015-01-21 14:12:31 +01:00
Jan Synacek
b724454515 make mdb default after a new installation 2015-01-21 14:10:09 +01:00
Jan Synacek
7a8ba10b72 remove unneeded configure flags, disable sql backend and aci 
Both SQL backend and ACI are experimental. SQL is unsupported.
 2015-01-19 09:45:07 +01:00
Jan Synacek
41c84187a9 remove old F17 hack 2015-01-16 12:23:49 +01:00
Jan Synacek
c3de3dd938 remove openldap-syncrepl-unset-tls-options.patch 
Unaccepted upstream, not an issue, documented in the man pages.
 2015-01-16 10:28:54 +01:00
Jan Synacek
2594744e83 remove openldap-userconfig-setgid.patch 
Pointless Fedora specific patch.
 2015-01-16 10:27:49 +01:00
Jan Synacek
c1bd7d8503 remove openldap-ldaprc-currentdir.patch 
The upstream ITS has been fixed a long time ago and this patch is Fedora
specific and pointless.
 2015-01-16 10:08:38 +01:00
Jan Synacek
f1bc6682b9 remove openldap-fedora-systemd.patch 
We don't use env variables anymore.
 2015-01-16 09:08:08 +01:00
Jan Synacek
0625d0e501 provide an unversioned symlink to check_password.so.1.1 
So the users don't have to specify the exact version in their configuration.
 2014-12-17 15:32:22 +01:00
Jan Synacek
4840f8de8e improve check_password 
Fix Makefile to accept provided CFLAGS and LDFLAGS. Patch the code a bit.
 2014-12-17 15:27:30 +01:00
Jan Synacek
098f3b5fe6 harden the build 2014-12-17 09:21:38 +01:00
Jan Synacek
40aff41da5 fix changelog after the revert 2014-12-17 09:21:02 +01:00
Jan Synacek
48c6d060f6 Revert "enhancement: generate openldap.pc (#1171493)" 
This reverts commit 79a0b58108.
 2014-12-16 09:52:29 +01:00
Jan Synacek
79a0b58108 enhancement: generate openldap.pc (#1171493) 2014-12-09 12:34:25 +01:00
Jan Synacek
4b2abac9db enhancement: support TLSv1 and later (#1160466) 2014-11-14 09:54:11 +01:00
Jan Synacek
90f2044e56 Merge branch 'master' into f21 
Let's keep the history linear...

Conflicts:
	openldap.spec
 2014-10-06 10:24:40 +02:00
Jan Synacek
2c331b7581 new upstream release (2.4.40) 
Resolves: #1147877
 2014-09-30 13:44:19 +02:00
Jitka Plesnikova
3363e7a6da Perl 5.20 rebuild 2014-08-27 11:12:00 +02:00
Peter Robinson
29e31a847d - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild 2014-08-17 13:55:33 +00:00
Peter Robinson
330a8ceaa7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild 2014-08-17 13:55:22 +00:00
Tom Callaway
c64abcbb2f fix license handling 2014-07-18 19:24:48 -04:00
Tom Callaway
cda7221c9b fix license handling 2014-07-18 19:24:30 -04:00
Jan Synacek
826b3eb9d7 fix: fix typo in generate-server-cert.sh 
Resolves: #1117229
 2014-07-14 11:36:29 +02:00
Jan Synacek
abc96f87d2 fix: make default service configuration listen on ldaps:/// as well 
Resolves: #1105634
 2014-06-09 09:37:51 +02:00
Dennis Gilmore
45966edea7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild 2014-06-07 11:42:07 -05:00
Jan Synacek
b15ffab696 fix: remove correct tmp file when generating server cert (#1103102) 2014-05-30 11:12:59 +02:00
Jan Synacek
079ea99963 re-symlink unversioned libraries, so ldconfig is not confused 
Resolves: #1028557
 2014-03-24 11:41:00 +01:00
Jan Synacek
ca7444dd1a don't automatically convert slapd.conf to slapd-config 
It is not possible to convert every possible slapd.conf to slapd-config
and expect it to work. Also, it is bad to force conversion like that.
 2014-03-04 10:10:57 +01:00
Jan Synacek
b3805b0a4c alias slapd.service as openldap.service 2014-02-20 08:43:54 +01:00
Jan Synacek
b8fb685084 add documentation reference to service file 2014-02-20 08:41:48 +01:00
Jan Synacek
cb0643e628 remove redundant sysconfig-related stuff 2014-02-20 08:38:44 +01:00
Jan Synacek
8a6f427a71 CVE-2013-4449: segfault on certain queries with rwm overlay 
Resolves: #1060851
 2014-02-04 09:40:28 +01:00
Jan Synacek
5dba8cc33f new upstream release (2.4.39) 
Resolves: #1059186
 2014-01-29 13:03:05 +01:00
Jan Synacek
6a944922ab new upstream release (2.4.38) 
Resolves: #1031608
 2013-11-18 12:52:27 +01:00
Jan Synacek
3589b29979 fix: slaptest incorrectly handles 'include' directives containing a custom file 
Resolves: #1028935
 2013-11-11 11:14:20 +01:00
Jan Synacek
59d41b9111 fix: missing a linefeed at the end of file /etc/openldap/ldap.conf 
Resolves: #1019836
 2013-10-30 11:35:50 +01:00
Jan Synacek
f646d734cc new upstream release (2.4.37) 
Resolves: #1023916
 2013-10-30 11:35:38 +01:00
Jan Synacek
4f8940365c fix: slapd daemon fails to start with segmentation fault on s390x 
Resolves: #1020661
 2013-10-21 12:40:42 +02:00
Jan Synacek
7bbf8dc1d7 rebuilt for libdb-5.3.28 2013-10-15 15:33:16 +02:00
Jan Synacek
6de15ed197 fix: CLDAP is broken for IPv6 
Resolves: #1018688
 2013-10-14 10:08:45 +02:00
Jan Synacek
0734516c42 fix: typos in manpages 2013-09-04 12:13:16 +02:00
Jan Synacek
1524b1e957 new upstream release (2.4.36) 2013-08-20 10:35:34 +02:00
Dennis Gilmore
2999a96836 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild 2013-08-03 10:40:12 -05:00
Petr Písař
98466f316a Perl 5.18 rebuild 2013-07-17 23:33:37 +02:00
Jan Vcelak
c86ed52b94 fix typos in previous commit 2013-06-26 20:28:42 +02:00
Jan Vcelak
5265f0d549 move tmpfiles config to correct location 
- move from /etc/tmpfiles.d to /usr/lib/tmpfiles.d
  http://fedoraproject.org/wiki/Packaging:Tmpfiles.d
 2013-06-24 13:22:37 +02:00
Jan Synacek
19dea679fe fix: using slaptest to convert slapd.conf to LDIF format ignores "loglevel 0" 2013-06-14 14:32:16 +02:00
Jan Synacek
ff5c1adb2a fix: LDAPI with GSSAPI does not work if SASL_NOCANON=on 
Resolves: #960222
 2013-05-09 09:32:52 +02:00
Jan Synacek
05278cd506 fix: lt_dlopen() with back_perl 
Resolves: #960048
 2013-05-09 09:29:28 +02:00
Jan Synacek
6e08d10adf do not needlessly run ldconfig after installing openldap-devel 2013-05-09 09:24:02 +02:00
Jan Synacek
7516346478 remove trailing spaces 2013-04-09 13:45:32 +02:00
Jan Synacek
50ba1f03e9 set SASL_NOCANON to on by default 
Resolves: #949864
 2013-04-09 13:43:45 +02:00
Jan Synacek
a5ba090a01 fix: minor documentation fixes 2013-04-09 13:42:53 +02:00
Jan Synacek
44107bb150 drop the evolution patch 2013-04-05 09:39:17 +02:00
Jan Synacek
2f8c754907 fix: NSS related resource leak 
Resolves: #929357
 2013-04-02 13:44:32 +02:00
Jan Synacek
645d16ca61 fix: slapd.service should ensure that network is up before starting 
Resolves: #946921
 2013-04-02 13:39:38 +02:00
Jan Synacek
8e640ac8d6 new upstream release 
Resolves: #947235
 2013-04-02 13:31:35 +02:00
Jan Synacek
024749b3fb include forgotten specfile changes 
Related: #926280
 2013-03-25 13:15:42 +01:00
Jan Synacek
4eaab344d9 fix: syncrepl push DELETE operation does not recover 
Resolves: #920482
 2013-03-18 12:20:21 +01:00
Jan Synacek
311ab5b026 fix bogus dates 2013-03-11 13:48:34 +01:00
Jan Synacek
c5d84d7192 add perl specific BuildRequires 2013-03-11 13:48:29 +01:00
Jan Synacek
b5dda86c35 package ppolicy-check-password 
Resolves: #829749
 2013-03-11 11:25:12 +01:00
Jan Synacek
3b721d68c7 enable perl backend 
Resolves: #820547
 2013-03-11 07:52:23 +01:00
Jan Vcelak
51d38be75b use systemd-rpm macros in spec file 
Resolves: #850247
 2013-03-06 23:09:13 +01:00
Jan Vcelak
705b2a5032 new upstream release (2.4.34) 
Resolves: #917603 #872784
 2013-03-06 23:09:06 +01:00
Jan Synacek
cbf8229049 rebuild against new cyrus-sasl 2013-01-31 14:26:21 +01:00
Jan Vcelak
4b460cc8c8 fix update: libldap does not load PEM certificate if certdb is used as TLS_CACERTDIR 
Resolves: #857455
 2012-10-31 12:50:15 +01:00
Jan Vcelak
17508fb68c fix: slapd with rwm overlay segfault following ldapmodify 
Resolves: #865685
 2012-10-12 08:58:01 +02:00
Jan Vcelak
8dc41a3295 fix: slapd.service should not use /tmp 
Resolves: #859019
 2012-10-11 11:56:59 +02:00
Jan Vcelak
587944c9e6 new upstream release (2.4.33) 2012-10-11 11:47:24 +02:00
Jan Vcelak
5568103a57 Workaround for bug #858274 in m4 (autoreconf fails on i686) 2012-09-19 10:30:03 +02:00
Jan Vcelak
749896483d fix bug number in recent patch 2012-09-14 16:56:03 +02:00
Jan Vcelak
331465716f fix: libldap does not load PEM certificate if certdb is used as TLS_CACERTDIR 
Resolves: #857455
 2012-09-14 16:14:43 +02:00
Jan Vcelak
557bf01306 fix: MozNSS certificate database in SQL format cannot be used 
Resolves: #857390
 2012-09-14 16:14:21 +02:00
Jan Vcelak
060a306e1e fix: not all certificates in OpenSSL compatible CA certificate directory format are loaded 
Resolves: #852786
 2012-09-14 16:13:59 +02:00
Jan Vcelak
1f24c419dd fix: connection hangs after fallback to second server when certificate hostname verification fails 
Resolves: #852476
 2012-09-14 16:13:39 +02:00
Jan Vcelak
9627ad75ef fix: some TLS ciphers cannot be enabled 
Resolves: #852338
 2012-09-14 16:13:12 +02:00
Jan Vcelak
ad070fca8d prefer key from authenticated slot, allow certificate name with token 
Resolves TLS failures in replication in 389 Directory Server introduced
by recent Mozilla NSS backend fixes.
 2012-08-20 20:34:34 +02:00
Jan Vcelak
6304a48a54 new upstream release (2.4.32) 2012-08-01 13:39:25 +02:00
Jan Vcelak
c736adad77 use tabs consistently 2012-08-01 10:21:44 +02:00
Jan Vcelak
2d64625e78 fix: slapd refuses to set up TLS with self-signed PEM certificate 
Resolves: #842022
 2012-07-21 17:59:04 +02:00
Jan Vcelak
54e357771f multilib fix: move libslapi from openldap-servers to openldap package 2012-07-20 16:59:28 +02:00
Jan Vcelak
9e7cf6735d fix: smbk5pwd module computes invalid LM hashes 
Resolves: #841560
 2012-07-19 14:27:10 +02:00
Jan Vcelak
20875f4fb9 fix: querying for IPv6 DNS records when IPv6 is disabled on the host 
Resolves: #835013
 2012-07-19 11:00:43 +02:00
Jan Vcelak
824671e8d7 clean the package build process 2012-07-18 19:02:28 +02:00
Jan Vcelak
9eda95bba4 fix: remove isa macro from BuildRequires 2012-07-18 09:37:59 +02:00
Jan Vcelak
50ed49760b fix: less influence between individual TLS contexts 
Resolves: #795763 (and possibly others)
 2012-06-27 14:40:59 +02:00
Jan Vcelak
397ce0c946 fix: default cipher suite is always selected 
Resolves: #828790
 2012-06-27 14:10:28 +02:00
Jan Vcelak
916cbca281 fix: slapd fails to start on reboot 
Resolves: #829272
 2012-06-27 14:05:10 +02:00
Jan Vcelak
904778f620 CVE-2012-2668: cipher suite selection by name can be ignored 
Resolves: #825875
 2012-06-27 13:55:02 +02:00
Jan Vcelak
fe1c1e0eeb fix: reading pin from file can make all TLS connections hang 
Resolves: #829317
 2012-06-27 13:48:40 +02:00
Jan Vcelak
0cda8087e0 fix: TLS error messages overwriting in tlsm_verify_cert() 
Resolves: #810462
 2012-06-27 13:36:51 +02:00
Jan Vcelak
ac8a31ed53 fix: invalid order of TLS shutdown operations 
Resolves: #808465
 2012-06-27 13:31:05 +02:00
Jan Vcelak
5172ff7830 update fix: count constraint broken when using multiple modifications 
Resolves: #795766
 2012-06-27 13:26:24 +02:00
Jan Vcelak
60d09d71cf fix: MozNSS CA certdir does not work together with PEM CA cert file 
Resolves: #819536
 2012-05-18 12:47:45 +02:00
Jan Vcelak
61feb71485 changelog: nss-tools has to be required by base package 2012-05-18 12:47:41 +02:00
Jan Vcelak
f8f3a2b33f nss-tools has to be required by base package 2012-05-02 11:25:36 +02:00
Jan Vcelak
05bc41c858 remove upstream merged patches 2012-04-24 10:44:16 +02:00
Jan Vcelak
6e16cb7901 new upstream release (2.4.31) 2012-04-24 10:35:02 +02:00
Jan Vcelak
440b96e85c rebuild due to libdb rebase 2012-04-05 20:41:25 +02:00
Jan Synacek
0992cf19a9 fix: Re-binding to a failed connection can segfault 
Resolves: #784989
 2012-03-26 13:41:40 +02:00
Jan Vcelak
a4d33565bb new upstream release (2.4.30) 
Resolves: #798958
 2012-03-01 14:24:19 +01:00
Jan Vcelak
862f73dffa fix: SASL_NOCANON option missing in ldap.conf manual page 
Resolves: #732915
 2012-02-22 15:46:23 +01:00
Jan Vcelak
c2db986060 fix: missing options in manual pages of client tools 
Resolves: #796232
 2012-02-22 15:41:53 +01:00
Jan Vcelak
b2b2825914 fix: count constraint broken when using multiple modifications 
Resolves: #795766
 2012-02-21 15:44:56 +01:00
Jan Vcelak
20125eca06 fix: ldap_result does not succeed for sssd 
Resolves: #771484
 2012-02-21 15:37:51 +01:00
Jan Vcelak
558f709787 fix update provide ldif2ldbm, not ldib2ldbm 
Resolves: #437104
 2012-02-20 15:31:58 +01:00
Jan Synacek
f25689a388 unify systemctl binary paths throughout the specfile and make them usrmove compliant 
make path to chkconfig binary usrmove compliant
 2012-02-20 15:14:53 +01:00
Jan Vcelak
d5cbb774ed fix: check-config.sh get stuck when executing command as a ldap user 2012-02-15 14:26:49 +01:00
Jan Vcelak
dc2b490d64 temporarily disable certificates checking in check-config.sh 
MozNSS support is missing yet.
 2012-02-15 13:15:07 +01:00
Jan Synacek
b95104a6a1 fix: correct path to check-config.sh in service file 2012-02-15 09:10:16 +01:00
Jan Vcelak
b5e66b7ea2 remove obsoleted slapd.conf 2012-02-14 17:22:53 +01:00
Jan Vcelak
a7572065e5 certificates management improvements 
Resolves: #772890
 2012-02-14 17:22:50 +01:00
Jan Vcelak
934ba146a8 move maintainance scripts from libexec/slapd to libexec/openldap 2012-02-14 13:42:07 +01:00
Jan Vcelak
78a563b273 openldap-servers: provide ldib2ldbm for migrationtools 
References: #437104
 2012-02-14 13:40:58 +01:00