Commit Graph

419 Commits

Author SHA1 Message Date
Igor Gnatenko
c358051be4
remove unneeded Requires(post)
Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
2018-02-10 18:51:00 +01:00
Igor Gnatenko
96650fcc56
Switch to %ldconfig_scriptlets
Reference: https://fedoraproject.org/wiki/Changes/Removing_ldconfig_scriptlets
Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
2018-02-10 18:45:53 +01:00
Igor Gnatenko
f08cb7ec48
don't call ldconfig in servers subacpakge
servers subpkg installs everything into private libdir, so no need to
call ldconfig (since there is no ld.so.conf for it).

Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
2018-02-10 18:44:53 +01:00
Igor Gnatenko
7472792967
remove obsolete Group tag
Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
2018-02-10 18:42:09 +01:00
Igor Gnatenko
60f1a0883e
disable TLSMC in F29+
It should not affect any active Fedora branches, but will save time in
future.

Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
2018-02-10 11:18:21 +01:00
Igor Gnatenko
e3677af8bb
Escape macros in %changelog
Reference: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/Y2ZUKK2B7T2IKXPMODNF6HB2O5T5TS6H/
Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
2018-02-09 09:05:20 +01:00
Matúš Honěk
eff4749dd8 Drop TCP wrappers support
Resolves: #1531487
2018-02-07 18:24:53 +01:00
Matúš Honěk
7264811847 MozNSS Compat. Layer: fix incorrect parsing of CACertDir
NSS DB type prefix was not taken into account at all. Due to this the
path might not have been stat-ed. Thus, last part of the path would
have been considered an NSS DB name prefix which would be incorrect.

(cherry picked from commit 7f41b4a1ffe61c03d65896d82fc6b72a2710c492)
(originally #1533955)

Related: #1400570
2018-02-07 18:01:42 +01:00
Matúš Honěk
8c29eeec6a MozNSS Compat. Layer: fix PIN disclaimer not always shown
- ad #1516409#c7 case 1

(cherry picked from commit 6e2bfcadc598ed202cc77e34d5bfdea3d6ed8fbe)
(orginally #1516409)

Related: #1400570
2018-02-07 18:01:16 +01:00
Matúš Honěk
e6c4c72153 MozNSS Compat. Layer: fix recursive directory deletion
- ad #1516409#c7 case 2

(cherry picked from commit c66191c12b1bf372204cf3bf0b31759e7b0bd133)
(originally #1516409)

Related: #1400570
2018-02-07 17:53:30 +01:00
Matúš Honěk
716f3439ac MozNSS Compat. Layer: Ensure consistency of a PEM dir before usage
+ Warn just before use of a PIN about key file extraction

(cherry picked from commit 856ec5d38c45ffe71774a4d86a36177d3c4ca372)
(originally #1516409)

Related: #1400570
2018-02-07 17:36:46 +01:00
Matúš Honěk
68ef0e0238 MozNSS Compat. Layer: Enable usage of NSS DB with PEM cert/key
+ Fix a possible invalid dereference (covscan)

(cherry picked from commit 7abf6fbae6df9bc7cfdd9d28cc52f7676a123d9b)
(originally #1525485)

Related: #1400570
2018-02-07 17:28:16 +01:00
Björn Esser
1a23456530
Rebuilt for switch to libxcrypt 2018-01-20 23:07:22 +01:00
Matúš Honěk
d181b0472d Fix various MozNSS compatibility layer issues
+ Force write file with fsync to avoid race conditions
+ Always filestamp both sql and dbm NSS DB variants to not rely on default DB type prefix
+ Allow missing cert and key which is a valid usecase
+ Create extraction folder only in /tmp to simplify selinux rules
+ Fix Covscan issues

Related: #1400570
2017-12-06 15:13:49 +01:00
Matus Honek
d8e109406e Merge #2 Do not call deleted script from %post section 2017-11-14 14:24:32 +00:00
Matúš Honěk
a33df4e168 Build with OpenSSL with MozNSS compatibility layer
Resolves: #1400570
2017-11-03 20:43:25 +01:00
Guido Aulisi
031e2b95cc Do not call deleted script from %post section
Commit b730f13ce0 deleted certificate
generation scripts, but create_certdb.sh was still called from
%post section.
2017-10-31 23:21:05 +01:00
Fedora Release Engineering
671ba8f100 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild 2017-08-03 04:32:58 +00:00
Fedora Release Engineering
00533e64f8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild 2017-07-27 01:49:08 +00:00
Petr Písař
3a8a7258ab perl dependency renamed to perl-interpreter <https://fedoraproject.org/wiki/Changes/perl_Package_to_Install_Core_Modules> 2017-07-12 14:16:56 +02:00
Matúš Honěk
35246b7090 Merge branch 'f26' to 'master'
- Rebase to version 2.4.45 (#1458081)
  * fixes CVE-2017-9287 (#1456712, #1456713)
- Update the 'sources' file with new SHA512 hashes

Related: #1458081
2017-07-07 17:17:49 +02:00
Matúš Honěk
5c7cdc96e6 Rebase to version 2.4.45
Resolves: #1458081
2017-07-07 16:58:40 +02:00
Matúš Honěk
872ea264fa Change Requires to Recommends for nss-tools
Resolves: #1415086
2017-07-07 13:49:14 +02:00
Jitka Plesnikova
7a68ca8d9c Perl 5.26 rebuild 2017-06-04 14:18:11 +02:00
Matúš Honěk
af30ccf247 Merge branch 'f25' into f26 for linearity
Related: #1435692
2017-03-31 17:22:53 +02:00
Matúš Honěk
32c688fc27 NSS: Maximal TLS protocol version should be equal to NSS default
Related: #1435689
2017-03-31 17:08:11 +02:00
Matúš Honěk
8ba6f5c9b7 Merge branch 'f25' into f26 for linearity
Conflicts:
	openldap.spec

Resolves: #1435692
2017-03-30 14:55:47 +02:00
Matúš Honěk
54f6fd1feb NSS: Enhance OpenLDAP to support TLSv1.3 protocol with NSS
Resolves: #1435689
2017-03-24 20:23:40 +01:00
Matúš Honěk
d0828bee6c NSS: Rearrange ciphers-, parsing-, and protocol-related patches
In addition, remove (or better, do not include anymore) unused
variables *variant* and *range* that were forgotten to be
removed when landing patch openldap-nss-protocol-version-new-api.patch
in commit 9e30b98.

Related: #1435689
2017-03-24 20:02:46 +01:00
Fedora Release Engineering
8575fd0248 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild 2017-02-11 00:53:32 +00:00
Matúš Honěk
0cc5bf7254 NSS: Update list of ciphers
Resolves: #1387868
2017-01-31 15:58:28 +01:00
Matúš Honěk
22dbdbf78a NSS: Use what NSS considers default for DEFAULT cipher string.
Related: #1387868
2017-01-30 16:30:46 +01:00
Matúš Honěk
da1f719199 NSS: fix incorrect multi-keyword parsing and support new ones
- add multi_mask, negative_mask, and multi_strength
  + some keywords may describe multiple cipher suite parameters at once
- fix masks decision tree
  + all masks have to fit the cipher suite to include it
- correct 'action' evaluation
  + plus sign means ordering (which NSS does not support)
  + no sign presence means adding implicitly
- extend keywords for new future ciphers

Backporting: #1372349
Resolves: #1243517
2017-01-29 19:46:00 +01:00
Matúš Honěk
45704219c4 fix previous commit
Related: #1375432
2017-01-23 14:03:38 +01:00
Matúš Honěk
9e30b985ea Setting olcTLSProtocolMin does not change supported protocols
Resolves: #1375432
2017-01-20 14:41:25 +01:00
Petr Písař
31ea2073c9 Mandatory Perl build-requires added <https://fedoraproject.org/wiki/Changes/Build_Root_Without_Perl> 2016-06-24 09:22:43 +02:00
Jitka Plesnikova
0087c276cd Perl 5.24 rebuild 2016-05-15 06:06:55 +02:00
Matúš Honěk
ebc63b919d Update to 2.4.44
Resolves: #1305191
2016-05-11 18:29:31 +02:00
Matúš Honěk
a0c7cda8b5 Bring back *.la files in %{_libdir}/openldap/
Related: #1331484
2016-05-03 19:12:27 +02:00
Matúš Honěk
ace19e3e36 Keep *.so libraries in %{_libdir}/openldap/
Resolves: #1331484
2016-04-28 17:43:08 +02:00
Matúš Honěk
8291cbaa23 Include AllOp overlay
Resolves: #1319782
2016-04-27 09:58:29 +02:00
Peter Robinson
eb29790db6 Ensure all libtool archive files are removed (.la) 2016-04-10 23:43:12 +01:00
Fedora Release Engineering
65a5310ab6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild 2016-02-04 11:29:03 +00:00
Matúš Honěk
ab9a93cce4 New upstream release 2.4.43
Resolves: #1253871
2016-01-21 16:40:54 +01:00
Matúš Honěk
0f227076e4 New upstream release 2.4.41
Resolves: #1238251
2015-07-16 10:51:37 +02:00
Dennis Gilmore
58ea27bc6e - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild 2015-06-17 23:59:36 +00:00
Jitka Plesnikova
d22738532e Perl 5.22 rebuild 2015-06-03 14:49:21 +02:00
Jan Synacek
443ffdd194 fix: bring back tmpfiles config (#1215655)
This reverts commit 521bbc2942.
2015-04-27 15:20:45 +02:00
Jan Synacek
6e2cf23fa6 remove spurious ghosted file 2015-03-30 10:35:43 +02:00
Jan Synacek
592250ebfb link against moznss again (#1187742)
Revert "link against openssl by default"

This reverts commit 72da77adb6.
2015-02-20 11:06:24 +01:00