Jan Vcelak
331465716f
fix: libldap does not load PEM certificate if certdb is used as TLS_CACERTDIR
...
Resolves : #857455
2012-09-14 16:14:43 +02:00
Jan Vcelak
557bf01306
fix: MozNSS certificate database in SQL format cannot be used
...
Resolves : #857390
2012-09-14 16:14:21 +02:00
Jan Vcelak
060a306e1e
fix: not all certificates in OpenSSL compatible CA certificate directory format are loaded
...
Resolves : #852786
2012-09-14 16:13:59 +02:00
Jan Vcelak
1f24c419dd
fix: connection hangs after fallback to second server when certificate hostname verification fails
...
Resolves : #852476
2012-09-14 16:13:39 +02:00
Jan Vcelak
9627ad75ef
fix: some TLS ciphers cannot be enabled
...
Resolves : #852338
2012-09-14 16:13:12 +02:00
Jan Vcelak
ad070fca8d
prefer key from authenticated slot, allow certificate name with token
...
Resolves TLS failures in replication in 389 Directory Server introduced
by recent Mozilla NSS backend fixes.
2012-08-20 20:34:34 +02:00
Jan Vcelak
6304a48a54
new upstream release (2.4.32)
2012-08-01 13:39:25 +02:00
Jan Vcelak
c736adad77
use tabs consistently
2012-08-01 10:21:44 +02:00
Jan Vcelak
2d64625e78
fix: slapd refuses to set up TLS with self-signed PEM certificate
...
Resolves : #842022
2012-07-21 17:59:04 +02:00
Jan Vcelak
54e357771f
multilib fix: move libslapi from openldap-servers to openldap package
2012-07-20 16:59:28 +02:00
Jan Vcelak
9e7cf6735d
fix: smbk5pwd module computes invalid LM hashes
...
Resolves : #841560
2012-07-19 14:27:10 +02:00
Jan Vcelak
20875f4fb9
fix: querying for IPv6 DNS records when IPv6 is disabled on the host
...
Resolves : #835013
2012-07-19 11:00:43 +02:00
Jan Vcelak
824671e8d7
clean the package build process
2012-07-18 19:02:28 +02:00
Jan Vcelak
9eda95bba4
fix: remove isa macro from BuildRequires
2012-07-18 09:37:59 +02:00
Jan Vcelak
50ed49760b
fix: less influence between individual TLS contexts
...
Resolves : #795763 (and possibly others)
2012-06-27 14:40:59 +02:00
Jan Vcelak
397ce0c946
fix: default cipher suite is always selected
...
Resolves : #828790
2012-06-27 14:10:28 +02:00
Jan Vcelak
916cbca281
fix: slapd fails to start on reboot
...
Resolves : #829272
2012-06-27 14:05:10 +02:00
Jan Vcelak
904778f620
CVE-2012-2668: cipher suite selection by name can be ignored
...
Resolves : #825875
2012-06-27 13:55:02 +02:00
Jan Vcelak
fe1c1e0eeb
fix: reading pin from file can make all TLS connections hang
...
Resolves : #829317
2012-06-27 13:48:40 +02:00
Jan Vcelak
0cda8087e0
fix: TLS error messages overwriting in tlsm_verify_cert()
...
Resolves : #810462
2012-06-27 13:36:51 +02:00
Jan Vcelak
ac8a31ed53
fix: invalid order of TLS shutdown operations
...
Resolves : #808465
2012-06-27 13:31:05 +02:00
Jan Vcelak
5172ff7830
update fix: count constraint broken when using multiple modifications
...
Resolves : #795766
2012-06-27 13:26:24 +02:00
Jan Vcelak
60d09d71cf
fix: MozNSS CA certdir does not work together with PEM CA cert file
...
Resolves : #819536
2012-05-18 12:47:45 +02:00
Jan Vcelak
61feb71485
changelog: nss-tools has to be required by base package
2012-05-18 12:47:41 +02:00
Jan Vcelak
f8f3a2b33f
nss-tools has to be required by base package
2012-05-02 11:25:36 +02:00
Jan Vcelak
05bc41c858
remove upstream merged patches
2012-04-24 10:44:16 +02:00
Jan Vcelak
6e16cb7901
new upstream release (2.4.31)
2012-04-24 10:35:02 +02:00
Jan Vcelak
440b96e85c
rebuild due to libdb rebase
2012-04-05 20:41:25 +02:00
Jan Synacek
0992cf19a9
fix: Re-binding to a failed connection can segfault
...
Resolves : #784989
2012-03-26 13:41:40 +02:00
Jan Vcelak
a4d33565bb
new upstream release (2.4.30)
...
Resolves : #798958
2012-03-01 14:24:19 +01:00
Jan Vcelak
862f73dffa
fix: SASL_NOCANON option missing in ldap.conf manual page
...
Resolves : #732915
2012-02-22 15:46:23 +01:00
Jan Vcelak
c2db986060
fix: missing options in manual pages of client tools
...
Resolves : #796232
2012-02-22 15:41:53 +01:00
Jan Vcelak
b2b2825914
fix: count constraint broken when using multiple modifications
...
Resolves : #795766
2012-02-21 15:44:56 +01:00
Jan Vcelak
20125eca06
fix: ldap_result does not succeed for sssd
...
Resolves : #771484
2012-02-21 15:37:51 +01:00
Jan Vcelak
558f709787
fix update provide ldif2ldbm, not ldib2ldbm
...
Resolves : #437104
2012-02-20 15:31:58 +01:00
Jan Synacek
f25689a388
unify systemctl binary paths throughout the specfile and make them usrmove compliant
...
make path to chkconfig binary usrmove compliant
2012-02-20 15:14:53 +01:00
Jan Vcelak
d5cbb774ed
fix: check-config.sh get stuck when executing command as a ldap user
2012-02-15 14:26:49 +01:00
Jan Vcelak
dc2b490d64
temporarily disable certificates checking in check-config.sh
...
MozNSS support is missing yet.
2012-02-15 13:15:07 +01:00
Jan Synacek
b95104a6a1
fix: correct path to check-config.sh in service file
2012-02-15 09:10:16 +01:00
Jan Vcelak
b5e66b7ea2
remove obsoleted slapd.conf
2012-02-14 17:22:53 +01:00
Jan Vcelak
a7572065e5
certificates management improvements
...
Resolves : #772890
2012-02-14 17:22:50 +01:00
Jan Vcelak
934ba146a8
move maintainance scripts from libexec/slapd to libexec/openldap
2012-02-14 13:42:07 +01:00
Jan Vcelak
78a563b273
openldap-servers: provide ldib2ldbm for migrationtools
...
References: #437104
2012-02-14 13:40:58 +01:00
Jan Vcelak
5e3dba33db
clean requirements: remove explicit versions, add %{_isa} macro
2012-02-14 13:40:42 +01:00
Jan Vcelak
31026088da
new upstream release (2.4.29)
2012-02-13 13:07:11 +01:00
Jan Vcelak
65b981d99e
fix: slapd segfaults when PEM certificate is used and key is not set
...
Resolves : #772890
2012-01-31 18:11:36 +01:00
Jan Vcelak
f47de25361
fix: replication (syncrepl) with TLS causes segfault
...
Resolves : #783431
2012-01-31 18:10:55 +01:00
Dennis Gilmore
328c8e208b
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
2012-01-13 05:40:42 -06:00
Jan Vcelak
c60a3191a5
fix: reload systemd daemon after installation
2011-11-30 18:58:19 +01:00
Jan Vcelak
8bd37126ac
configuration initialization from LDIF file
2011-11-30 18:40:25 +01:00
Jan Vcelak
1cd7d29c02
compile backends as modules (except BDB, HDB, and monitor)
2011-11-30 16:51:14 +01:00
Jan Vcelak
ad3da8cc04
new upstream release (2.4.28)
...
- upstream changes:
- server: support for delta-syncrepl in multi master replication
- server: add experimental backend - MDB
- server: dynamic configuration for passwd, perl, shell, sock,
and sql backends
- server: support passwords in APR1
- library: support for Wahl (draft)
- a lot of bugfixes
- remove patches which were merged upstream
2011-11-30 16:51:05 +01:00
Jan Vcelak
0fcc2f2eb2
release bump (2.4.26-6)
2011-11-01 15:25:46 +01:00
Jan Vcelak
356af46ea6
CVE-2011-4079 one-byte buffer overflow in slapd
...
Resolves : #749324
2011-11-01 15:25:46 +01:00
Jan Vcelak
25e27999de
servers: add libdb-utils to Requires
2011-11-01 13:34:30 +01:00
Jan Vcelak
a0c545d1a7
patch slapd to skip empty arguments
...
This is required by systemd, as variable expansion works there different
than in shell. Empty SLAPD_OPTIONS in environment file would not work.
(The patch is Fedora specific.)
2011-11-01 13:34:30 +01:00
Jan Vcelak
33514c3f00
scriptlet: convert sysconfig/ldap to sysconfig/slapd
2011-11-01 13:34:17 +01:00
Jan Vcelak
62f9c65cff
rpmlint warnings: doc in non utf-8 encoding
2011-11-01 13:34:17 +01:00
Jan Vcelak
8f315f552e
rpmlint warnings: macro in comment/changelog
2011-11-01 13:34:17 +01:00
Jan Vcelak
b6085c259f
specfile: clean %files, drop defattr macros
...
- %defattr is not needed since Fedora 14
- permissions are taken from installed files
(removed chmod and added install where possible)
- %attr was left only on places, where non-root owner is needed
- removed slashes between: %{buildroot}%{_somedir}
- files reordered by type
- merged "%dir dir" and "dir/files*"
2011-11-01 13:34:17 +01:00
Jan Vcelak
05cb2507b0
specfile: handle upgrades with new maintainance scripts
2011-11-01 13:34:08 +01:00
Jan Vcelak
2d2d8a4c8a
specfile: migrate initscript to systemd service
2011-10-27 17:27:43 +02:00
Jan Vcelak
0a9b211e8c
specfile: reorder sources
2011-10-27 17:27:43 +02:00
Jan Vcelak
10e4a847f6
remove old provides/obsoletes
2011-10-27 15:00:20 +02:00
Jan Vcelak
9a8ced65aa
hardened build: remove LDFLAGS, enable macro
2011-10-27 14:45:10 +02:00
Jan Vcelak
8d476e4dbd
rebuild: openldap does not work after libdb rebase
...
Resolves : #743824
2011-10-06 10:22:14 +02:00
Jan Vcelak
b4a9bf4dad
regression fix: enable TCP wrappers
...
Resolves : #743213
2011-10-06 10:19:51 +02:00
Jan Vcelak
81680b05fb
new feature update: honor priority/weight with ldap_domain2hostlist
...
There was a typo in the patch. "weight" of the SRV records was not
taken correctly.
Resolves : #733078
2011-09-21 11:05:39 +02:00
Jan Vcelak
9c0ef47ce4
fix: allow unsetting of tls_* syncrepl options
...
Resolves : #734187
2011-09-12 18:42:53 +02:00
Jan Vcelak
af7e905857
fix: SSL_ForceHandshake function is not thread safe
...
Resolves : #701678
2011-09-12 15:35:09 +02:00
Jan Vcelak
9ee41aa9a4
manpage fix: wrong ldap_sync_destroy() prototype in ldap_sync(3) manpage
...
Resolves : #717722
2011-08-24 19:24:49 +02:00
Jan Vcelak
a551ec94d3
new feature: honor priority/weight with ldap_domain2hostlist
...
Resolves : #733078
2011-08-24 19:17:27 +02:00
Jan Vcelak
3e083e8b93
fix: matching wildcard hostnames in certificate Subject field does not work
...
Resolves : #733073
2011-08-24 19:12:30 +02:00
Jan Vcelak
482a20080c
manpage fix: errors in manual page slapo-unique
...
Resolves : #733070
2011-08-24 19:05:49 +02:00
Jan Vcelak
c6479d1199
fix: DDS overlay tolerance parametr doesn't function and breakes default TTL
...
Resolves : #733069
2011-08-24 19:01:05 +02:00
Jan Vcelak
a35a381613
fix: conversion of constraint overlay settings to cn=config is incorrect
...
Resolves : #733067
2011-08-24 18:58:45 +02:00
Jan Vcelak
8ac21093cd
fix: memleak - free the return of tlsm_find_and_verify_cert_key
...
Resolves : #725818
2011-08-24 18:48:35 +02:00
Jan Vcelak
49f6078a21
incorrect behavior of allow/try options of VerifyCert and TLS_REQCERT
...
Resolves : #725819
2011-08-24 18:40:37 +02:00
Jan Vcelak
67c9630d50
fix: NSS_Init* functions are not thread safe
...
Resolves : #731112
2011-08-24 18:18:33 +02:00
Jan Vcelak
924b91284d
add partial RELRO support
...
Resolves : #733071
2011-08-24 18:12:01 +02:00
Rex Dieter
a27bcf4338
Rebuilt for rpm ( #728707 )
2011-08-14 14:09:44 -05:00
Jan Vcelak
c90fe38088
fix: memleak in tlsm_auth_cert_handler
...
Resolves : #717730
2011-07-20 16:44:40 +02:00
Jan Vcelak
583cde50ed
rebase to 2.4.26
...
- remove upstream included patches
2011-07-20 16:44:30 +02:00
Jan Vcelak
b35dfa8417
fix typo in patch name
2011-06-28 11:26:47 +02:00
Jan Vcelak
fd3f90103e
allow build against DB 5.2
...
Resolves : #715827
2011-06-27 18:53:29 +02:00
Jan Vcelak
2aeb38e146
fix: segfault when LDIF input is not terminated by newline
...
Resolves : #716858
2011-06-27 18:53:29 +02:00
Jan Vcelak
4098fcd663
fix: segfault when input line in LDIF file is indented incorrectly
...
Resolves : #716855
2011-06-27 18:53:29 +02:00
Jan Vcelak
9925959a7d
fix: segmentation fault caused by double-free in ldapexop
...
Resolves : #699683
2011-06-27 18:53:29 +02:00
Jan Vcelak
865ea62898
fix: connection failure if TLS_CACERTDIR doesn't exist but TLS_REQCERT is set to 'never'
...
Resolves : #716854
2011-06-27 18:53:28 +02:00
Jan Vcelak
cea83df834
openldap-servers scriptlets require initscripts package
...
Resolves : #716857
2011-06-27 18:53:28 +02:00
Jan Vcelak
2ce75ca315
root user management ACLs on cn=config
...
Resolves : #712495
2011-06-27 18:53:28 +02:00
Jan Vcelak
356967b885
default database type BDB -> HDB
2011-06-27 18:53:28 +02:00
Jan Vcelak
bf7ea0e4df
slapd.conf as separate source, not patch
2011-06-27 18:53:28 +02:00
Jan Vcelak
31a7816a3a
add ldif.h interface into -devel subpackage
2011-06-27 18:53:28 +02:00
Jan Vcelak
b2338c38f5
remove obsolete configure options
2011-06-27 18:53:28 +02:00
Jan Vcelak
a40d05ac93
rebase to 2.4.25
...
- remove upstream included patches
2011-06-27 18:11:38 +02:00
Jan Vcelak
d1578e311f
release bump (2.4.24-2)
2011-03-18 23:15:56 +01:00
Jan Vcelak
1db8d2e348
server upgrade hangs or do not upgrade the database
...
Resolves : #664433
2011-03-18 23:15:49 +01:00
Jan Vcelak
86c082e423
fix: possible null pointer dereference in NSS implementation
...
Resolves : #684035 (RHEL)
2011-03-18 20:09:39 +01:00
Jan Vcelak
1f856268f5
fix update: openldap can't use TLS after fork()
...
Resolves : #636956
2011-03-18 19:50:00 +01:00
Jan Vcelak
89eb4eb56b
version bump (2.4.24-1)
2011-02-14 14:33:45 +01:00
Jan Vcelak
d433ca0255
BDB backend switch from DB4 to DB5
2011-02-14 14:33:18 +01:00
Jan Vcelak
202278bcf4
new sources (2.4.24), remove old patches
2011-02-14 13:06:31 +01:00
Dennis Gilmore
84e21763c3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
2011-02-08 21:15:56 -06:00
Jan Vcelak
8e5df252b6
fix update: restart NSS modules after fork
...
version bump 2.4.23-8
Resolves : #636956
2011-02-02 12:55:23 +01:00
Jan Vcelak
b791235bfc
release bump 2.4.23-7
2011-01-25 14:12:34 +01:00
Jan Vcelak
a56681c41a
fix: upgrade gets stuck when the database is damaged
...
Resolves : #664433
2011-01-25 14:11:40 +01:00
Jan Vcelak
2ace38858b
fix: invalid path to db_recover
2011-01-25 14:10:47 +01:00
Jan Vcelak
2bfd76d18f
fix: restart NSS modules after fork
...
Resolves : #636956
2011-01-25 11:36:54 +01:00
Jan Vcelak
2098ace56c
release bump 2.4.23-6
2011-01-20 17:38:36 +01:00
Jan Vcelak
d70540ff1d
setup tempfiles.d to create runtime directory when using tmpfs
2011-01-20 17:38:36 +01:00
Jan Vcelak
a44fb64495
fix: default encryption strength dropped in switch to using NSS
...
Resolves : #669446
2011-01-20 16:35:38 +01:00
Jan Vcelak
660d07ac75
release bump 2.4.23-5
2011-01-06 21:00:53 +01:00
Jan Vcelak
5ae2484fb8
fix: verification of self issued certificates
...
Resolves : #657984
2011-01-06 20:59:33 +01:00
Jan Vcelak
40bc33f600
fix database upgrade process
...
Resolves : #656257
2010-11-23 17:45:47 +01:00
Jan Vcelak
82b8ccaded
update list of overlays in slapd.conf
...
Resolves : #655899
2010-11-22 18:49:05 +01:00
Jan Vcelak
bff7316e6d
MozNSS - implement full non-blocking semantics
...
fix: ldapsearch -Z hangs server if starttls fails (#652822 )
Resolves : #652822
2010-11-22 18:49:05 +01:00
Jan Vcelak
ce2de9613d
various TLS bugfixes
...
- reject non-file keyfiles in TLS_CACERTDIR (#652315 )
- TLS_CACERTDIR precedence over TLS_CACERT (#652304 )
- accept only files in hash.0 format in TLS_CACERTDIR (#650288 )
- improve SSL/TLS trace messages (#652818 )
- add support for multiple prefixed Mozilla NSS database files in TLS_CACERTDIR
Resolves : #652315 #652304 #650288 #652818
2010-11-18 11:28:30 +01:00
Jan Vcelak
ffc47c51f8
spec: forgot to remove autofs schema from %files
2010-11-01 14:16:53 +01:00
Jan Vcelak
b7ea9f6802
initscript: fix possible infinite loop
...
Resolves : #641946
2010-11-01 13:21:43 +01:00
Jan Vcelak
60cf0d9290
removed outdated autofs.schema and old readmes
...
resolves : #643045
2010-11-01 10:19:07 +01:00
Jan Vcelak
86a180f019
fixed buildrequires for db4
2010-08-27 15:18:09 +02:00
Jan Vcelak
95d8d32fc5
rebase to 2.4.23
...
- package rebased
- removed embeded db4
- removed patches merged by upstream
- removed no longer required patches
- merged patches doing manpage changes
- merged patches exporting ldif API
- reapplied patches and added description to each one
- removed unnecessary BuildRequires
- cleaned %config, %build and %install sections
- updated database upgrade process:
- database is exported (slapcat) and reimported (slapadd) when minor
version of openldap changes (safe and recomended way)
- database is upgraded (db4) when minor version of db4 package changes
(this is not done in %post anymore, as the database is not embeded,
but using triggers)
Resolved : #624616 Bogus links in "SEE ALSO" part of several man-pages
Resolved : #625740 openldap-2.4.23 is available
2010-08-27 14:45:25 +02:00
jvcelak
6468aa6a54
Mozilla NSS - delay token auth until needed ( #616552 )
...
Mozilla NSS - support use of self signed CA certs as server certs (#614545 )
2010-07-22 08:11:30 +00:00
jvcelak
13c47e0e20
CVE-2010-0211 openldap: modrdn processing uninitialized pointer free ( #605448 )
...
CVE-2010-0212 openldap: modrdn processing IA5StringNormalize NULL pointer dereference (#605452 )
obsolete configuration file moved to /usr/share/openldap-servers (#612602 )
2010-07-20 14:58:07 +00:00
Jan Zeleny
2acd98790b
another shot at previous fix
2010-07-01 08:57:32 +00:00
Jan Zeleny
4d56125efa
Rebuild with connectionless support ( #587722 )
...
Updated autofs schema (#584808 )
2010-05-28 12:34:21 +00:00
Jan Zeleny
dee30b1bcb
rebased to 2.4.22, reverted changes in init script from last update
2010-05-04 09:03:13 +00:00
Jan Zeleny
4f47cf029b
moved slapd to start earlier during boot sequence
2010-03-19 09:58:01 +00:00
Jan Zeleny
eae98e4691
minor corrections of init script ( #571235 , #570057 , #573804 )
2010-03-16 14:47:34 +00:00
Jan Zeleny
9afd56665a
fixed SIGSEGV when deleting data using hdb ( #562227 )
2010-02-24 09:15:05 +00:00
Jan Zeleny
db838e465f
fixed broken link (slapschema) #559873
2010-02-01 11:13:07 +00:00
Jan Zeleny
8375d885af
removed some static libraries from openldap-devel
2010-01-19 14:16:46 +00:00
Jan Zeleny
13d1c21d4e
rebased both openldap and bdb
2010-01-11 15:47:11 +00:00
Jan Zeleny
37a7ed74cb
minor corrections of init script
2009-11-23 12:51:49 +00:00
Jan Zeleny
4333efc198
- fixed tls connection accepting when TLSVerifyClient = allow
...
- /etc/openldap/ldap.conf removed from files owned by openldap-servers
- minor changes in spec file to supress warnings
- some changes in init script, so it would be possible to use it when
using old configuration style
2009-11-16 13:06:35 +00:00
Jan Zeleny
e5c21d4af6
rebase of both openldap and bdb
2009-11-06 09:27:11 +00:00
Jan Zeleny
bc5ba6fb26
- updated smbk5pwd patch to be linked with libldap ( #526500 )
...
- the last buffer overflow patch replaced with the one from upstream
- added /etc/openldap/slapd.d and /etc/openldap/slapd.conf.bak
to files owned by openldap-servers
2009-10-07 13:43:58 +00:00
Jan Zeleny
9828bb7d06
Cleanup of previous patch
2009-09-24 13:23:53 +00:00
Jan Zeleny
45f722d160
- new configuration schema - directory instead of file
...
- fixed buffer overflow issue pointed out by new glibc
- fixed behaviour during installation / upgrade caused
by renamed init script
2009-09-24 11:30:24 +00:00
Jan Zeleny
a629500293
Rebase to 2.4.18, minor update of documentation
2009-09-18 10:01:45 +00:00
Jan Zeleny
5dec44106b
updated init script to be LSB-compliant ( #523434 )
2009-09-16 14:06:36 +00:00
Tomáš Mráz
f076e6e7ed
* Thu Aug 27 2009 Tomas Mraz <tmraz@redhat.com> - 2.4.16-5
...
- rebuilt with new openssl
2009-08-27 07:46:45 +00:00
Jan Zeleny
8c235c0be7
Updated spec file - correct installation of openldap group
2009-08-25 08:58:12 +00:00
Tomáš Mráz
a9ea3bd019
- rebuilt with new openssl
2009-08-21 14:54:10 +00:00
Jesse Keating
de0b01f69c
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
2009-07-25 20:49:05 +00:00
Jan Zeleny
aeaf12790e
Rebase to 2.4.16, minor change in spec file
2009-07-01 12:56:24 +00:00
Jan Zeleny
2f397636b2
Added $SLAPD_URLS variable to init script and config file ( #504504 )
2009-06-09 11:43:35 +00:00
Jan Zeleny
da8543f19e
Correction of setugid patch, removed c,M and P options from some client utilities
2009-04-09 14:03:02 +00:00
Jan Zeleny
885dc35884
Removed -f option from help of client applications which didn't support it.
2009-03-26 09:43:22 +00:00