Commit Graph

336 Commits

Author SHA1 Message Date
Jan Vcelak
356af46ea6 CVE-2011-4079 one-byte buffer overflow in slapd
Resolves: #749324
2011-11-01 15:25:46 +01:00
Jan Vcelak
25e27999de servers: add libdb-utils to Requires 2011-11-01 13:34:30 +01:00
Jan Vcelak
a0c545d1a7 patch slapd to skip empty arguments
This is required by systemd, as variable expansion works there different
than in shell. Empty SLAPD_OPTIONS in environment file would not work.

(The patch is Fedora specific.)
2011-11-01 13:34:30 +01:00
Jan Vcelak
33514c3f00 scriptlet: convert sysconfig/ldap to sysconfig/slapd 2011-11-01 13:34:17 +01:00
Jan Vcelak
62f9c65cff rpmlint warnings: doc in non utf-8 encoding 2011-11-01 13:34:17 +01:00
Jan Vcelak
8f315f552e rpmlint warnings: macro in comment/changelog 2011-11-01 13:34:17 +01:00
Jan Vcelak
b6085c259f specfile: clean %files, drop defattr macros
- %defattr is not needed since Fedora 14
- permissions are taken from installed files
  (removed chmod and added install where possible)
- %attr was left only on places, where non-root owner is needed
- removed slashes between: %{buildroot}%{_somedir}
- files reordered by type
- merged "%dir dir" and "dir/files*"
2011-11-01 13:34:17 +01:00
Jan Vcelak
05cb2507b0 specfile: handle upgrades with new maintainance scripts 2011-11-01 13:34:08 +01:00
Jan Vcelak
2d2d8a4c8a specfile: migrate initscript to systemd service 2011-10-27 17:27:43 +02:00
Jan Vcelak
0a9b211e8c specfile: reorder sources 2011-10-27 17:27:43 +02:00
Jan Vcelak
10e4a847f6 remove old provides/obsoletes 2011-10-27 15:00:20 +02:00
Jan Vcelak
9a8ced65aa hardened build: remove LDFLAGS, enable macro 2011-10-27 14:45:10 +02:00
Jan Vcelak
8d476e4dbd rebuild: openldap does not work after libdb rebase
Resolves: #743824
2011-10-06 10:22:14 +02:00
Jan Vcelak
b4a9bf4dad regression fix: enable TCP wrappers
Resolves: #743213
2011-10-06 10:19:51 +02:00
Jan Vcelak
81680b05fb new feature update: honor priority/weight with ldap_domain2hostlist
There was a typo in the patch. "weight" of the SRV records was not
taken correctly.

Resolves: #733078
2011-09-21 11:05:39 +02:00
Jan Vcelak
9c0ef47ce4 fix: allow unsetting of tls_* syncrepl options
Resolves: #734187
2011-09-12 18:42:53 +02:00
Jan Vcelak
af7e905857 fix: SSL_ForceHandshake function is not thread safe
Resolves: #701678
2011-09-12 15:35:09 +02:00
Jan Vcelak
9ee41aa9a4 manpage fix: wrong ldap_sync_destroy() prototype in ldap_sync(3) manpage
Resolves: #717722
2011-08-24 19:24:49 +02:00
Jan Vcelak
a551ec94d3 new feature: honor priority/weight with ldap_domain2hostlist
Resolves: #733078
2011-08-24 19:17:27 +02:00
Jan Vcelak
3e083e8b93 fix: matching wildcard hostnames in certificate Subject field does not work
Resolves: #733073
2011-08-24 19:12:30 +02:00
Jan Vcelak
482a20080c manpage fix: errors in manual page slapo-unique
Resolves: #733070
2011-08-24 19:05:49 +02:00
Jan Vcelak
c6479d1199 fix: DDS overlay tolerance parametr doesn't function and breakes default TTL
Resolves: #733069
2011-08-24 19:01:05 +02:00
Jan Vcelak
a35a381613 fix: conversion of constraint overlay settings to cn=config is incorrect
Resolves: #733067
2011-08-24 18:58:45 +02:00
Jan Vcelak
8ac21093cd fix: memleak - free the return of tlsm_find_and_verify_cert_key
Resolves: #725818
2011-08-24 18:48:35 +02:00
Jan Vcelak
49f6078a21 incorrect behavior of allow/try options of VerifyCert and TLS_REQCERT
Resolves: #725819
2011-08-24 18:40:37 +02:00
Jan Vcelak
67c9630d50 fix: NSS_Init* functions are not thread safe
Resolves: #731112
2011-08-24 18:18:33 +02:00
Jan Vcelak
924b91284d add partial RELRO support
Resolves: #733071
2011-08-24 18:12:01 +02:00
Rex Dieter
a27bcf4338 Rebuilt for rpm (#728707) 2011-08-14 14:09:44 -05:00
Jan Vcelak
c90fe38088 fix: memleak in tlsm_auth_cert_handler
Resolves: #717730
2011-07-20 16:44:40 +02:00
Jan Vcelak
583cde50ed rebase to 2.4.26
- remove upstream included patches
2011-07-20 16:44:30 +02:00
Jan Vcelak
b35dfa8417 fix typo in patch name 2011-06-28 11:26:47 +02:00
Jan Vcelak
fd3f90103e allow build against DB 5.2
Resolves: #715827
2011-06-27 18:53:29 +02:00
Jan Vcelak
2aeb38e146 fix: segfault when LDIF input is not terminated by newline
Resolves: #716858
2011-06-27 18:53:29 +02:00
Jan Vcelak
4098fcd663 fix: segfault when input line in LDIF file is indented incorrectly
Resolves: #716855
2011-06-27 18:53:29 +02:00
Jan Vcelak
9925959a7d fix: segmentation fault caused by double-free in ldapexop
Resolves: #699683
2011-06-27 18:53:29 +02:00
Jan Vcelak
865ea62898 fix: connection failure if TLS_CACERTDIR doesn't exist but TLS_REQCERT is set to 'never'
Resolves: #716854
2011-06-27 18:53:28 +02:00
Jan Vcelak
cea83df834 openldap-servers scriptlets require initscripts package
Resolves: #716857
2011-06-27 18:53:28 +02:00
Jan Vcelak
2ce75ca315 root user management ACLs on cn=config
Resolves: #712495
2011-06-27 18:53:28 +02:00
Jan Vcelak
356967b885 default database type BDB -> HDB 2011-06-27 18:53:28 +02:00
Jan Vcelak
bf7ea0e4df slapd.conf as separate source, not patch 2011-06-27 18:53:28 +02:00
Jan Vcelak
31a7816a3a add ldif.h interface into -devel subpackage 2011-06-27 18:53:28 +02:00
Jan Vcelak
b2338c38f5 remove obsolete configure options 2011-06-27 18:53:28 +02:00
Jan Vcelak
a40d05ac93 rebase to 2.4.25
- remove upstream included patches
2011-06-27 18:11:38 +02:00
Jan Vcelak
d1578e311f release bump (2.4.24-2) 2011-03-18 23:15:56 +01:00
Jan Vcelak
1db8d2e348 server upgrade hangs or do not upgrade the database
Resolves: #664433
2011-03-18 23:15:49 +01:00
Jan Vcelak
86c082e423 fix: possible null pointer dereference in NSS implementation
Resolves: #684035 (RHEL)
2011-03-18 20:09:39 +01:00
Jan Vcelak
1f856268f5 fix update: openldap can't use TLS after fork()
Resolves: #636956
2011-03-18 19:50:00 +01:00
Jan Vcelak
89eb4eb56b version bump (2.4.24-1) 2011-02-14 14:33:45 +01:00
Jan Vcelak
d433ca0255 BDB backend switch from DB4 to DB5 2011-02-14 14:33:18 +01:00
Jan Vcelak
202278bcf4 new sources (2.4.24), remove old patches 2011-02-14 13:06:31 +01:00
Dennis Gilmore
84e21763c3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild 2011-02-08 21:15:56 -06:00
Jan Vcelak
8e5df252b6 fix update: restart NSS modules after fork
version bump 2.4.23-8

Resolves: #636956
2011-02-02 12:55:23 +01:00
Jan Vcelak
b791235bfc release bump 2.4.23-7 2011-01-25 14:12:34 +01:00
Jan Vcelak
a56681c41a fix: upgrade gets stuck when the database is damaged
Resolves: #664433
2011-01-25 14:11:40 +01:00
Jan Vcelak
2ace38858b fix: invalid path to db_recover 2011-01-25 14:10:47 +01:00
Jan Vcelak
2bfd76d18f fix: restart NSS modules after fork
Resolves: #636956
2011-01-25 11:36:54 +01:00
Jan Vcelak
2098ace56c release bump 2.4.23-6 2011-01-20 17:38:36 +01:00
Jan Vcelak
d70540ff1d setup tempfiles.d to create runtime directory when using tmpfs 2011-01-20 17:38:36 +01:00
Jan Vcelak
a44fb64495 fix: default encryption strength dropped in switch to using NSS
Resolves: #669446
2011-01-20 16:35:38 +01:00
Jan Vcelak
660d07ac75 release bump 2.4.23-5 2011-01-06 21:00:53 +01:00
Jan Vcelak
5ae2484fb8 fix: verification of self issued certificates
Resolves: #657984
2011-01-06 20:59:33 +01:00
Jan Vcelak
40bc33f600 fix database upgrade process
Resolves: #656257
2010-11-23 17:45:47 +01:00
Jan Vcelak
82b8ccaded update list of overlays in slapd.conf
Resolves: #655899
2010-11-22 18:49:05 +01:00
Jan Vcelak
bff7316e6d MozNSS - implement full non-blocking semantics
fix: ldapsearch -Z hangs server if starttls fails (#652822)

Resolves: #652822
2010-11-22 18:49:05 +01:00
Jan Vcelak
ce2de9613d various TLS bugfixes
- reject non-file keyfiles in TLS_CACERTDIR (#652315)
- TLS_CACERTDIR precedence over TLS_CACERT (#652304)
- accept only files in hash.0 format in TLS_CACERTDIR (#650288)
- improve SSL/TLS trace messages (#652818)
- add support for multiple prefixed Mozilla NSS database files in TLS_CACERTDIR

Resolves: #652315 #652304 #650288 #652818
2010-11-18 11:28:30 +01:00
Jan Vcelak
ffc47c51f8 spec: forgot to remove autofs schema from %files 2010-11-01 14:16:53 +01:00
Jan Vcelak
b7ea9f6802 initscript: fix possible infinite loop
Resolves: #641946
2010-11-01 13:21:43 +01:00
Jan Vcelak
60cf0d9290 removed outdated autofs.schema and old readmes
resolves: #643045
2010-11-01 10:19:07 +01:00
Jan Vcelak
86a180f019 fixed buildrequires for db4 2010-08-27 15:18:09 +02:00
Jan Vcelak
95d8d32fc5 rebase to 2.4.23
- package rebased
- removed embeded db4
- removed patches merged by upstream
- removed no longer required patches
- merged patches doing manpage changes
- merged patches exporting ldif API
- reapplied patches and added description to each one
- removed unnecessary BuildRequires
- cleaned %config, %build and %install sections
- updated database upgrade process:
  - database is exported (slapcat) and reimported (slapadd) when minor
	version of openldap changes (safe and recomended way)
  - database is upgraded (db4) when minor version of db4 package changes
	(this is not done in %post anymore, as the database is not embeded,
	but using triggers)

Resolved: #624616 Bogus links in "SEE ALSO" part of several man-pages
Resolved: #625740 openldap-2.4.23 is available
2010-08-27 14:45:25 +02:00
jvcelak
6468aa6a54 Mozilla NSS - delay token auth until needed (#616552)
Mozilla NSS - support use of self signed CA certs as server certs (#614545)
2010-07-22 08:11:30 +00:00
jvcelak
13c47e0e20 CVE-2010-0211 openldap: modrdn processing uninitialized pointer free (#605448)
CVE-2010-0212 openldap: modrdn processing IA5StringNormalize NULL pointer dereference (#605452)
obsolete configuration file moved to /usr/share/openldap-servers (#612602)
2010-07-20 14:58:07 +00:00
Jan Zeleny
2acd98790b another shot at previous fix 2010-07-01 08:57:32 +00:00
Jan Zeleny
4d56125efa Rebuild with connectionless support (#587722)
Updated autofs schema (#584808)
2010-05-28 12:34:21 +00:00
Jan Zeleny
dee30b1bcb rebased to 2.4.22, reverted changes in init script from last update 2010-05-04 09:03:13 +00:00
Jan Zeleny
4f47cf029b moved slapd to start earlier during boot sequence 2010-03-19 09:58:01 +00:00
Jan Zeleny
eae98e4691 minor corrections of init script (#571235, #570057, #573804) 2010-03-16 14:47:34 +00:00
Jan Zeleny
9afd56665a fixed SIGSEGV when deleting data using hdb (#562227) 2010-02-24 09:15:05 +00:00
Jan Zeleny
db838e465f fixed broken link (slapschema) #559873 2010-02-01 11:13:07 +00:00
Jan Zeleny
8375d885af removed some static libraries from openldap-devel 2010-01-19 14:16:46 +00:00
Jan Zeleny
13d1c21d4e rebased both openldap and bdb 2010-01-11 15:47:11 +00:00
Jan Zeleny
37a7ed74cb minor corrections of init script 2009-11-23 12:51:49 +00:00
Jan Zeleny
4333efc198 - fixed tls connection accepting when TLSVerifyClient = allow
- /etc/openldap/ldap.conf removed from files owned by openldap-servers
- minor changes in spec file to supress warnings
- some changes in init script, so it would be possible to use it when
  using old configuration style
2009-11-16 13:06:35 +00:00
Jan Zeleny
e5c21d4af6 rebase of both openldap and bdb 2009-11-06 09:27:11 +00:00
Jan Zeleny
bc5ba6fb26 - updated smbk5pwd patch to be linked with libldap (#526500)
- the last buffer overflow patch replaced with the one from upstream
- added /etc/openldap/slapd.d and /etc/openldap/slapd.conf.bak
  to files owned by openldap-servers
2009-10-07 13:43:58 +00:00
Jan Zeleny
9828bb7d06 Cleanup of previous patch 2009-09-24 13:23:53 +00:00
Jan Zeleny
45f722d160 - new configuration schema - directory instead of file
- fixed buffer overflow issue pointed out by new glibc
- fixed behaviour during installation / upgrade caused
  by renamed init script
2009-09-24 11:30:24 +00:00
Jan Zeleny
a629500293 Rebase to 2.4.18, minor update of documentation 2009-09-18 10:01:45 +00:00
Jan Zeleny
5dec44106b updated init script to be LSB-compliant (#523434) 2009-09-16 14:06:36 +00:00
Tomáš Mráz
f076e6e7ed * Thu Aug 27 2009 Tomas Mraz <tmraz@redhat.com> - 2.4.16-5
- rebuilt with new openssl
2009-08-27 07:46:45 +00:00
Jan Zeleny
8c235c0be7 Updated spec file - correct installation of openldap group 2009-08-25 08:58:12 +00:00
Tomáš Mráz
a9ea3bd019 - rebuilt with new openssl 2009-08-21 14:54:10 +00:00
Jesse Keating
de0b01f69c - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild 2009-07-25 20:49:05 +00:00
Jan Zeleny
aeaf12790e Rebase to 2.4.16, minor change in spec file 2009-07-01 12:56:24 +00:00
Jan Zeleny
2f397636b2 Added $SLAPD_URLS variable to init script and config file (#504504) 2009-06-09 11:43:35 +00:00
Jan Zeleny
da8543f19e Correction of setugid patch, removed c,M and P options from some client utilities 2009-04-09 14:03:02 +00:00
Jan Zeleny
885dc35884 Removed -f option from help of client applications which didn't support it. 2009-03-26 09:43:22 +00:00
Jan Šafránek
4f6f40b34c new upstream release 2009-02-25 08:08:13 +00:00
Jan Šafránek
ac27aa70d7 new upstream release
upgraded to db-4.7.25
2009-02-17 11:20:45 +00:00
Tomáš Mráz
3301d7410a * Sat Jan 17 2009 Tomas Mraz <tmraz@redhat.com> 2.4.11-3
- rebuild with new openssl
2009-01-17 16:19:07 +00:00
Caolan McNamara
8acdfe0fa6 rebuild for libltdl, i.e. copy config.sub|guess from new location 2008-12-15 16:57:17 +00:00
Jan Šafránek
3134f223d5 Update package summaries 2008-11-24 09:29:51 +00:00
Jan Šafránek
381aba6d21 New upstream release 2008-10-15 14:11:35 +00:00
Jan Šafránek
4c8f60bfd0 - add SLAPD_SHUTDOWN_TIMEOUT to /etc/sysconfig/ldap, allowing admins to set non-default slapd shutdown timeout
- add checkpoint to default slapd.conf file
Resolves: #458679
2008-10-13 10:16:30 +00:00
Jan Šafránek
2ba84591e1 rediff all patches 2008-09-01 08:09:50 +00:00
Jan Šafránek
b37b0e9be9 provide ldif2dbm functionality for migrationtools 2008-09-01 07:03:55 +00:00
Jan Šafránek
c283082258 rediff all patches to get rid of fuzz=2 2008-07-25 11:15:20 +00:00
Jan Šafránek
537c3cff38 set patch fuzz to build with new rpm 2008-07-21 08:17:30 +00:00
Jan Šafránek
c3337e2059 new upstream release
apply official bdb-4.6.21 patches
2008-07-21 08:05:44 +00:00
Jan Šafránek
62f1c6f935 fix CVE-2008-2952
Resolves: #453728
2008-07-02 10:04:30 +00:00
Jan Šafránek
eae5b16c69 new upstream release 2008-06-12 07:42:29 +00:00
Jan Šafránek
09dfa0a79a use /sbin/nologin as shell of ldap user
Resolves: #447919
2008-05-28 12:16:03 +00:00
Jan Šafránek
bbf6d2ca84 forgot to reset release number, 2.4.9 will start from release 4 2008-05-13 15:35:50 +00:00
Jan Šafránek
b98d016af3 Use admin guide from source tar.gz 2008-05-13 11:40:32 +00:00
Jan Šafránek
3c0bde55f7 - new upstream release
- removed unnecessary MigrationTools patches
2008-05-13 09:46:54 +00:00
Jan Šafránek
bb50ce36bc - bdb upgraded to 4.6.21
- reworked upgrade logic again to run db_upgrade when bdb version changes
2008-04-23 10:02:32 +00:00
Jan Šafránek
68c2fe40b8 - reworked the upgrade logic, slapcat/slapadd of the whole database is needed only if minor version changes (2.3.x -> 2.4.y)
- do not try to save database in LDIF format, if openldap-servers package is  being removed (it's up to the admin to do so manually)
2008-03-05 12:41:56 +00:00
Jan Šafránek
1c0049626b migration tools carved out to standalone package "migrationtools"
Resolves: #236697
2008-02-29 08:40:16 +00:00
Jan Šafránek
83e55b87c5 new upstream release 2008-02-22 10:59:07 +00:00
Jan Šafránek
cabd0dd26c fix version 2008-02-08 16:04:33 +00:00
Jan Šafránek
0f47a79534 Define _GNU_SOURCE to fix compilation with new glibc/gcc 2008-02-08 16:02:56 +00:00
Jan Šafránek
97ea1d6494 fix CVE-2008-0658
Resolves: #432014
2008-02-08 14:13:27 +00:00
Jan Šafránek
001a81b9f4 init script fixes 2008-01-28 12:12:02 +00:00
Jan Šafránek
1447738ac4 init script made LSB-compliant
Resolves: #247012
2008-01-28 11:45:46 +00:00
Jan Šafránek
c5a2eb938e fixed rpmlint warnings and errors 2008-01-25 14:26:47 +00:00
Jan Šafránek
3ddaa5aaa5 few rpmlint errors fixed 2008-01-24 16:21:26 +00:00
Jan Šafránek
d6a9e79666 obsoleting compat-openldap properly - allowing future compat- packages >= 2.4 2008-01-22 12:09:47 +00:00
Jan Šafránek
2ec6a4381c obsoleting compat-openldap properly
Resolves: #429591
2008-01-22 11:36:39 +00:00
Jan Šafránek
3979dd0e82 new upstream version 2008-01-14 13:21:58 +00:00
Jan Šafránek
01e94086a8 updated date in changelog 2007-12-03 14:33:00 +00:00
Jan Šafránek
1be28ec33a Reverting previous patch, Obsoletes: version should be correct now :) 2007-12-03 08:44:02 +00:00
Jan Šafránek
52aa157adb Obsoletes: version updated 2007-12-03 08:18:06 +00:00
Jan Šafránek
a0fa4fd9e2 version added to Obsoletes: 2007-12-03 08:09:26 +00:00
Jan Šafránek
da308676ae deprecating compat- package 2007-12-03 08:07:08 +00:00
Jan Šafránek
223a8c8dc8 fixed changelog 2007-11-21 12:16:27 +00:00
Jan Šafránek
d5ef856e1c Upgrade to openldap-2.4 2007-11-21 12:12:15 +00:00
Jan Šafránek
a94f82a469 version++ 2007-11-05 09:51:42 +00:00
Jan Šafránek
7631639f35 new upstream release
Resolves: #360091
2007-11-05 09:49:33 +00:00
Jan Šafránek
b1c8583981 fixed multilib issues - all platform independent files have the same content now
Resolves: #342791
2007-10-24 12:21:36 +00:00
Jan Šafránek
fd01cdc8b1 BDB 4.4.20 patched added, 4.6.18 removed 2007-10-04 07:32:36 +00:00
Jan Šafránek
49621d94a5 BDB downgraded back to 4.4.20 because 4.6.18 is not supported byopenldap
Resolves: #314821
2007-10-04 07:16:11 +00:00
Jan Šafránek
15f1bc8699 version++ 2007-09-18 10:41:47 +00:00
Jan Šafránek
05dc6ea44e fixed upgrade with empty database
fixed /etc/sysconfig/ldap handling
2007-09-18 10:41:07 +00:00
Jan Šafránek
ba2e4625b7 skeleton /etc/sysconfig/ldap added
new SLAPD_LDAP option to turn off listening on ldap:///
fixed checking of SSL
Resolves: #292591, #273581
2007-09-17 12:26:02 +00:00
Jan Šafránek
d384c93bc3 new upstream version 2007-09-06 10:19:28 +00:00
Jan Šafránek
517c868cbd added images to the guide.html
Resolves: #273581
2007-09-06 09:38:38 +00:00
Jan Šafránek
a0f3002a12 rebuild with new bunutils and to get new buildid 2007-08-22 07:17:45 +00:00
Jan Šafránek
eab1b48bc4 db 4.6.18 integrated
License: updated
Compilation with new glibc fixed
2007-08-07 07:08:43 +00:00
Jan Šafránek
504c502ae3 db-4.6.18 integrated 2007-08-02 14:08:28 +00:00
Jan Šafránek
8e812e14ad do not distinguish between NPTL and non-NPTL platforms, we have NPTL everywhere 2007-08-02 12:49:45 +00:00