Matúš Honěk
716f3439ac
MozNSS Compat. Layer: Ensure consistency of a PEM dir before usage
...
+ Warn just before use of a PIN about key file extraction
(cherry picked from commit 856ec5d38c45ffe71774a4d86a36177d3c4ca372)
(originally #1516409 )
Related: #1400570
2018-02-07 17:36:46 +01:00
Matúš Honěk
68ef0e0238
MozNSS Compat. Layer: Enable usage of NSS DB with PEM cert/key
...
+ Fix a possible invalid dereference (covscan)
(cherry picked from commit 7abf6fbae6df9bc7cfdd9d28cc52f7676a123d9b)
(originally #1525485 )
Related: #1400570
2018-02-07 17:28:16 +01:00
Björn Esser
1a23456530
Rebuilt for switch to libxcrypt
2018-01-20 23:07:22 +01:00
Matúš Honěk
d181b0472d
Fix various MozNSS compatibility layer issues
...
+ Force write file with fsync to avoid race conditions
+ Always filestamp both sql and dbm NSS DB variants to not rely on default DB type prefix
+ Allow missing cert and key which is a valid usecase
+ Create extraction folder only in /tmp to simplify selinux rules
+ Fix Covscan issues
Related: #1400570
2017-12-06 15:13:49 +01:00
Matus Honek
d8e109406e
Merge #2 Do not call deleted script from %post section
2017-11-14 14:24:32 +00:00
Matúš Honěk
a33df4e168
Build with OpenSSL with MozNSS compatibility layer
...
Resolves : #1400570
2017-11-03 20:43:25 +01:00
Guido Aulisi
031e2b95cc
Do not call deleted script from %post section
...
Commit b730f13ce0
deleted certificate
generation scripts, but create_certdb.sh was still called from
%post section.
2017-10-31 23:21:05 +01:00
Fedora Release Engineering
671ba8f100
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
2017-08-03 04:32:58 +00:00
Fedora Release Engineering
00533e64f8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
2017-07-27 01:49:08 +00:00
Petr Písař
3a8a7258ab
perl dependency renamed to perl-interpreter < https://fedoraproject.org/wiki/Changes/perl_Package_to_Install_Core_Modules >
2017-07-12 14:16:56 +02:00
Matúš Honěk
35246b7090
Merge branch 'f26' to 'master'
...
- Rebase to version 2.4.45 (#1458081 )
* fixes CVE-2017-9287 (#1456712 , #1456713 )
- Update the 'sources' file with new SHA512 hashes
Related: #1458081
2017-07-07 17:17:49 +02:00
Matúš Honěk
5c7cdc96e6
Rebase to version 2.4.45
...
Resolves : #1458081
2017-07-07 16:58:40 +02:00
Matúš Honěk
872ea264fa
Change Requires to Recommends for nss-tools
...
Resolves : #1415086
2017-07-07 13:49:14 +02:00
Jitka Plesnikova
7a68ca8d9c
Perl 5.26 rebuild
2017-06-04 14:18:11 +02:00
Matúš Honěk
af30ccf247
Merge branch 'f25' into f26 for linearity
...
Related: #1435692
2017-03-31 17:22:53 +02:00
Matúš Honěk
32c688fc27
NSS: Maximal TLS protocol version should be equal to NSS default
...
Related: #1435689
2017-03-31 17:08:11 +02:00
Matúš Honěk
8ba6f5c9b7
Merge branch 'f25' into f26 for linearity
...
Conflicts:
openldap.spec
Resolves : #1435692
2017-03-30 14:55:47 +02:00
Matúš Honěk
54f6fd1feb
NSS: Enhance OpenLDAP to support TLSv1.3 protocol with NSS
...
Resolves : #1435689
2017-03-24 20:23:40 +01:00
Matúš Honěk
d0828bee6c
NSS: Rearrange ciphers-, parsing-, and protocol-related patches
...
In addition, remove (or better, do not include anymore) unused
variables *variant* and *range* that were forgotten to be
removed when landing patch openldap-nss-protocol-version-new-api.patch
in commit 9e30b98
.
Related: #1435689
2017-03-24 20:02:46 +01:00
Fedora Release Engineering
8575fd0248
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
2017-02-11 00:53:32 +00:00
Matúš Honěk
0cc5bf7254
NSS: Update list of ciphers
...
Resolves : #1387868
2017-01-31 15:58:28 +01:00
Matúš Honěk
22dbdbf78a
NSS: Use what NSS considers default for DEFAULT cipher string.
...
Related: #1387868
2017-01-30 16:30:46 +01:00
Matúš Honěk
da1f719199
NSS: fix incorrect multi-keyword parsing and support new ones
...
- add multi_mask, negative_mask, and multi_strength
+ some keywords may describe multiple cipher suite parameters at once
- fix masks decision tree
+ all masks have to fit the cipher suite to include it
- correct 'action' evaluation
+ plus sign means ordering (which NSS does not support)
+ no sign presence means adding implicitly
- extend keywords for new future ciphers
Backporting: #1372349
Resolves : #1243517
2017-01-29 19:46:00 +01:00
Matúš Honěk
45704219c4
fix previous commit
...
Related: #1375432
2017-01-23 14:03:38 +01:00
Matúš Honěk
9e30b985ea
Setting olcTLSProtocolMin does not change supported protocols
...
Resolves : #1375432
2017-01-20 14:41:25 +01:00
Petr Písař
31ea2073c9
Mandatory Perl build-requires added < https://fedoraproject.org/wiki/Changes/Build_Root_Without_Perl >
2016-06-24 09:22:43 +02:00
Jitka Plesnikova
0087c276cd
Perl 5.24 rebuild
2016-05-15 06:06:55 +02:00
Matúš Honěk
ebc63b919d
Update to 2.4.44
...
Resolves : #1305191
2016-05-11 18:29:31 +02:00
Matúš Honěk
a0c7cda8b5
Bring back *.la files in %{_libdir}/openldap/
...
Related: #1331484
2016-05-03 19:12:27 +02:00
Matúš Honěk
ace19e3e36
Keep *.so libraries in %{_libdir}/openldap/
...
Resolves : #1331484
2016-04-28 17:43:08 +02:00
Matúš Honěk
8291cbaa23
Include AllOp overlay
...
Resolves : #1319782
2016-04-27 09:58:29 +02:00
Peter Robinson
eb29790db6
Ensure all libtool archive files are removed (.la)
2016-04-10 23:43:12 +01:00
Fedora Release Engineering
65a5310ab6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
2016-02-04 11:29:03 +00:00
Matúš Honěk
ab9a93cce4
New upstream release 2.4.43
...
Resolves : #1253871
2016-01-21 16:40:54 +01:00
Matúš Honěk
0f227076e4
New upstream release 2.4.41
...
Resolves : #1238251
2015-07-16 10:51:37 +02:00
Dennis Gilmore
58ea27bc6e
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
2015-06-17 23:59:36 +00:00
Jitka Plesnikova
d22738532e
Perl 5.22 rebuild
2015-06-03 14:49:21 +02:00
Jan Synacek
443ffdd194
fix: bring back tmpfiles config ( #1215655 )
...
This reverts commit 521bbc2942
.
2015-04-27 15:20:45 +02:00
Jan Synacek
6e2cf23fa6
remove spurious ghosted file
2015-03-30 10:35:43 +02:00
Jan Synacek
592250ebfb
link against moznss again ( #1187742 )
...
Revert "link against openssl by default"
This reverts commit 72da77adb6
.
2015-02-20 11:06:24 +01:00
Jan Synacek
1fb41f2a59
fix: Unknown Berkeley DB major version in db.h ( #1191098 )
2015-02-11 10:52:43 +01:00
Jan Synacek
5a45ad5a72
CVE-2015-1545: slapd crashes on search with deref control ( #1190645 )
2015-02-10 09:33:10 +01:00
Jan Synacek
b730f13ce0
simplify package even more by removing certificate generation
...
Creating self-signed certificates for localhost is pointless. If anyone
uses TLS, they probably have their own. Testers can generate their own
as well, the package does't have to be plagued by scripts just because
of that.
2015-01-27 15:25:04 +01:00
Jan Synacek
72da77adb6
link against openssl by default
...
This is not an enhancement, this is a bugfix.
2015-01-27 15:19:00 +01:00
Jan Synacek
ee4af28583
simplify checking for missing server configuration
2015-01-26 14:24:55 +01:00
Jan Synacek
e143df31ee
fix invalid ldif introduced in 9a79680
2015-01-26 13:33:14 +01:00
Jan Synacek
521bbc2942
remove tmpfiles config since it's no longer needed
2015-01-26 13:31:31 +01:00
Jan Synacek
0fc0a68e34
renumber patches and sources
2015-01-21 14:24:49 +01:00
Jan Synacek
9a796804cd
remove pid file and args file
...
We have systemd for that.
2015-01-21 14:12:31 +01:00
Jan Synacek
b724454515
make mdb default after a new installation
2015-01-21 14:10:09 +01:00