Commit Graph

443 Commits

Author SHA1 Message Date
Peter Robinson
29e31a847d - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild 2014-08-17 13:55:33 +00:00
Peter Robinson
330a8ceaa7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild 2014-08-17 13:55:22 +00:00
Tom Callaway
c64abcbb2f fix license handling 2014-07-18 19:24:48 -04:00
Tom Callaway
cda7221c9b fix license handling 2014-07-18 19:24:30 -04:00
Jan Synacek
826b3eb9d7 fix: fix typo in generate-server-cert.sh
Resolves: #1117229
2014-07-14 11:36:29 +02:00
Jan Synacek
abc96f87d2 fix: make default service configuration listen on ldaps:/// as well
Resolves: #1105634
2014-06-09 09:37:51 +02:00
Dennis Gilmore
45966edea7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild 2014-06-07 11:42:07 -05:00
Jan Synacek
b15ffab696 fix: remove correct tmp file when generating server cert (#1103102) 2014-05-30 11:12:59 +02:00
Jan Synacek
079ea99963 re-symlink unversioned libraries, so ldconfig is not confused
Resolves: #1028557
2014-03-24 11:41:00 +01:00
Jan Synacek
ca7444dd1a don't automatically convert slapd.conf to slapd-config
It is not possible to convert every possible slapd.conf to slapd-config
and expect it to work. Also, it is bad to force conversion like that.
2014-03-04 10:10:57 +01:00
Jan Synacek
b3805b0a4c alias slapd.service as openldap.service 2014-02-20 08:43:54 +01:00
Jan Synacek
b8fb685084 add documentation reference to service file 2014-02-20 08:41:48 +01:00
Jan Synacek
cb0643e628 remove redundant sysconfig-related stuff 2014-02-20 08:38:44 +01:00
Jan Synacek
8a6f427a71 CVE-2013-4449: segfault on certain queries with rwm overlay
Resolves: #1060851
2014-02-04 09:40:28 +01:00
Jan Synacek
5dba8cc33f new upstream release (2.4.39)
Resolves: #1059186
2014-01-29 13:03:05 +01:00
Jan Synacek
6a944922ab new upstream release (2.4.38)
Resolves: #1031608
2013-11-18 12:52:27 +01:00
Jan Synacek
3589b29979 fix: slaptest incorrectly handles 'include' directives containing a custom file
Resolves: #1028935
2013-11-11 11:14:20 +01:00
Jan Synacek
59d41b9111 fix: missing a linefeed at the end of file /etc/openldap/ldap.conf
Resolves: #1019836
2013-10-30 11:35:50 +01:00
Jan Synacek
f646d734cc new upstream release (2.4.37)
Resolves: #1023916
2013-10-30 11:35:38 +01:00
Jan Synacek
4f8940365c fix: slapd daemon fails to start with segmentation fault on s390x
Resolves: #1020661
2013-10-21 12:40:42 +02:00
Jan Synacek
7bbf8dc1d7 rebuilt for libdb-5.3.28 2013-10-15 15:33:16 +02:00
Jan Synacek
6de15ed197 fix: CLDAP is broken for IPv6
Resolves: #1018688
2013-10-14 10:08:45 +02:00
Jan Synacek
0734516c42 fix: typos in manpages 2013-09-04 12:13:16 +02:00
Jan Synacek
1524b1e957 new upstream release (2.4.36) 2013-08-20 10:35:34 +02:00
Dennis Gilmore
2999a96836 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild 2013-08-03 10:40:12 -05:00
Petr Písař
98466f316a Perl 5.18 rebuild 2013-07-17 23:33:37 +02:00
Jan Vcelak
c86ed52b94 fix typos in previous commit 2013-06-26 20:28:42 +02:00
Jan Vcelak
5265f0d549 move tmpfiles config to correct location
- move from /etc/tmpfiles.d to /usr/lib/tmpfiles.d
  http://fedoraproject.org/wiki/Packaging:Tmpfiles.d
2013-06-24 13:22:37 +02:00
Jan Synacek
19dea679fe fix: using slaptest to convert slapd.conf to LDIF format ignores "loglevel 0" 2013-06-14 14:32:16 +02:00
Jan Synacek
ff5c1adb2a fix: LDAPI with GSSAPI does not work if SASL_NOCANON=on
Resolves: #960222
2013-05-09 09:32:52 +02:00
Jan Synacek
05278cd506 fix: lt_dlopen() with back_perl
Resolves: #960048
2013-05-09 09:29:28 +02:00
Jan Synacek
6e08d10adf do not needlessly run ldconfig after installing openldap-devel 2013-05-09 09:24:02 +02:00
Jan Synacek
7516346478 remove trailing spaces 2013-04-09 13:45:32 +02:00
Jan Synacek
50ba1f03e9 set SASL_NOCANON to on by default
Resolves: #949864
2013-04-09 13:43:45 +02:00
Jan Synacek
a5ba090a01 fix: minor documentation fixes 2013-04-09 13:42:53 +02:00
Jan Synacek
44107bb150 drop the evolution patch 2013-04-05 09:39:17 +02:00
Jan Synacek
2f8c754907 fix: NSS related resource leak
Resolves: #929357
2013-04-02 13:44:32 +02:00
Jan Synacek
645d16ca61 fix: slapd.service should ensure that network is up before starting
Resolves: #946921
2013-04-02 13:39:38 +02:00
Jan Synacek
8e640ac8d6 new upstream release
Resolves: #947235
2013-04-02 13:31:35 +02:00
Jan Synacek
024749b3fb include forgotten specfile changes
Related: #926280
2013-03-25 13:15:42 +01:00
Jan Synacek
4eaab344d9 fix: syncrepl push DELETE operation does not recover
Resolves: #920482
2013-03-18 12:20:21 +01:00
Jan Synacek
311ab5b026 fix bogus dates 2013-03-11 13:48:34 +01:00
Jan Synacek
c5d84d7192 add perl specific BuildRequires 2013-03-11 13:48:29 +01:00
Jan Synacek
b5dda86c35 package ppolicy-check-password
Resolves: #829749
2013-03-11 11:25:12 +01:00
Jan Synacek
3b721d68c7 enable perl backend
Resolves: #820547
2013-03-11 07:52:23 +01:00
Jan Vcelak
51d38be75b use systemd-rpm macros in spec file
Resolves: #850247
2013-03-06 23:09:13 +01:00
Jan Vcelak
705b2a5032 new upstream release (2.4.34)
Resolves: #917603 #872784
2013-03-06 23:09:06 +01:00
Jan Synacek
cbf8229049 rebuild against new cyrus-sasl 2013-01-31 14:26:21 +01:00
Jan Vcelak
4b460cc8c8 fix update: libldap does not load PEM certificate if certdb is used as TLS_CACERTDIR
Resolves: #857455
2012-10-31 12:50:15 +01:00
Jan Vcelak
17508fb68c fix: slapd with rwm overlay segfault following ldapmodify
Resolves: #865685
2012-10-12 08:58:01 +02:00
Jan Vcelak
8dc41a3295 fix: slapd.service should not use /tmp
Resolves: #859019
2012-10-11 11:56:59 +02:00
Jan Vcelak
587944c9e6 new upstream release (2.4.33) 2012-10-11 11:47:24 +02:00
Jan Vcelak
5568103a57 Workaround for bug #858274 in m4 (autoreconf fails on i686) 2012-09-19 10:30:03 +02:00
Jan Vcelak
749896483d fix bug number in recent patch 2012-09-14 16:56:03 +02:00
Jan Vcelak
331465716f fix: libldap does not load PEM certificate if certdb is used as TLS_CACERTDIR
Resolves: #857455
2012-09-14 16:14:43 +02:00
Jan Vcelak
557bf01306 fix: MozNSS certificate database in SQL format cannot be used
Resolves: #857390
2012-09-14 16:14:21 +02:00
Jan Vcelak
060a306e1e fix: not all certificates in OpenSSL compatible CA certificate directory format are loaded
Resolves: #852786
2012-09-14 16:13:59 +02:00
Jan Vcelak
1f24c419dd fix: connection hangs after fallback to second server when certificate hostname verification fails
Resolves: #852476
2012-09-14 16:13:39 +02:00
Jan Vcelak
9627ad75ef fix: some TLS ciphers cannot be enabled
Resolves: #852338
2012-09-14 16:13:12 +02:00
Jan Vcelak
ad070fca8d prefer key from authenticated slot, allow certificate name with token
Resolves TLS failures in replication in 389 Directory Server introduced
by recent Mozilla NSS backend fixes.
2012-08-20 20:34:34 +02:00
Jan Vcelak
6304a48a54 new upstream release (2.4.32) 2012-08-01 13:39:25 +02:00
Jan Vcelak
c736adad77 use tabs consistently 2012-08-01 10:21:44 +02:00
Jan Vcelak
2d64625e78 fix: slapd refuses to set up TLS with self-signed PEM certificate
Resolves: #842022
2012-07-21 17:59:04 +02:00
Jan Vcelak
54e357771f multilib fix: move libslapi from openldap-servers to openldap package 2012-07-20 16:59:28 +02:00
Jan Vcelak
9e7cf6735d fix: smbk5pwd module computes invalid LM hashes
Resolves: #841560
2012-07-19 14:27:10 +02:00
Jan Vcelak
20875f4fb9 fix: querying for IPv6 DNS records when IPv6 is disabled on the host
Resolves: #835013
2012-07-19 11:00:43 +02:00
Jan Vcelak
824671e8d7 clean the package build process 2012-07-18 19:02:28 +02:00
Jan Vcelak
9eda95bba4 fix: remove isa macro from BuildRequires 2012-07-18 09:37:59 +02:00
Jan Vcelak
50ed49760b fix: less influence between individual TLS contexts
Resolves: #795763 (and possibly others)
2012-06-27 14:40:59 +02:00
Jan Vcelak
397ce0c946 fix: default cipher suite is always selected
Resolves: #828790
2012-06-27 14:10:28 +02:00
Jan Vcelak
916cbca281 fix: slapd fails to start on reboot
Resolves: #829272
2012-06-27 14:05:10 +02:00
Jan Vcelak
904778f620 CVE-2012-2668: cipher suite selection by name can be ignored
Resolves: #825875
2012-06-27 13:55:02 +02:00
Jan Vcelak
fe1c1e0eeb fix: reading pin from file can make all TLS connections hang
Resolves: #829317
2012-06-27 13:48:40 +02:00
Jan Vcelak
0cda8087e0 fix: TLS error messages overwriting in tlsm_verify_cert()
Resolves: #810462
2012-06-27 13:36:51 +02:00
Jan Vcelak
ac8a31ed53 fix: invalid order of TLS shutdown operations
Resolves: #808465
2012-06-27 13:31:05 +02:00
Jan Vcelak
5172ff7830 update fix: count constraint broken when using multiple modifications
Resolves: #795766
2012-06-27 13:26:24 +02:00
Jan Vcelak
60d09d71cf fix: MozNSS CA certdir does not work together with PEM CA cert file
Resolves: #819536
2012-05-18 12:47:45 +02:00
Jan Vcelak
61feb71485 changelog: nss-tools has to be required by base package 2012-05-18 12:47:41 +02:00
Jan Vcelak
f8f3a2b33f nss-tools has to be required by base package 2012-05-02 11:25:36 +02:00
Jan Vcelak
05bc41c858 remove upstream merged patches 2012-04-24 10:44:16 +02:00
Jan Vcelak
6e16cb7901 new upstream release (2.4.31) 2012-04-24 10:35:02 +02:00
Jan Vcelak
440b96e85c rebuild due to libdb rebase 2012-04-05 20:41:25 +02:00
Jan Synacek
0992cf19a9 fix: Re-binding to a failed connection can segfault
Resolves: #784989
2012-03-26 13:41:40 +02:00
Jan Vcelak
a4d33565bb new upstream release (2.4.30)
Resolves: #798958
2012-03-01 14:24:19 +01:00
Jan Vcelak
862f73dffa fix: SASL_NOCANON option missing in ldap.conf manual page
Resolves: #732915
2012-02-22 15:46:23 +01:00
Jan Vcelak
c2db986060 fix: missing options in manual pages of client tools
Resolves: #796232
2012-02-22 15:41:53 +01:00
Jan Vcelak
b2b2825914 fix: count constraint broken when using multiple modifications
Resolves: #795766
2012-02-21 15:44:56 +01:00
Jan Vcelak
20125eca06 fix: ldap_result does not succeed for sssd
Resolves: #771484
2012-02-21 15:37:51 +01:00
Jan Vcelak
558f709787 fix update provide ldif2ldbm, not ldib2ldbm
Resolves: #437104
2012-02-20 15:31:58 +01:00
Jan Synacek
f25689a388 unify systemctl binary paths throughout the specfile and make them usrmove compliant
make path to chkconfig binary usrmove compliant
2012-02-20 15:14:53 +01:00
Jan Vcelak
d5cbb774ed fix: check-config.sh get stuck when executing command as a ldap user 2012-02-15 14:26:49 +01:00
Jan Vcelak
dc2b490d64 temporarily disable certificates checking in check-config.sh
MozNSS support is missing yet.
2012-02-15 13:15:07 +01:00
Jan Synacek
b95104a6a1 fix: correct path to check-config.sh in service file 2012-02-15 09:10:16 +01:00
Jan Vcelak
b5e66b7ea2 remove obsoleted slapd.conf 2012-02-14 17:22:53 +01:00
Jan Vcelak
a7572065e5 certificates management improvements
Resolves: #772890
2012-02-14 17:22:50 +01:00
Jan Vcelak
934ba146a8 move maintainance scripts from libexec/slapd to libexec/openldap 2012-02-14 13:42:07 +01:00
Jan Vcelak
78a563b273 openldap-servers: provide ldib2ldbm for migrationtools
References: #437104
2012-02-14 13:40:58 +01:00
Jan Vcelak
5e3dba33db clean requirements: remove explicit versions, add %{_isa} macro 2012-02-14 13:40:42 +01:00
Jan Vcelak
31026088da new upstream release (2.4.29) 2012-02-13 13:07:11 +01:00
Jan Vcelak
65b981d99e fix: slapd segfaults when PEM certificate is used and key is not set
Resolves: #772890
2012-01-31 18:11:36 +01:00
Jan Vcelak
f47de25361 fix: replication (syncrepl) with TLS causes segfault
Resolves: #783431
2012-01-31 18:10:55 +01:00
Dennis Gilmore
328c8e208b - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild 2012-01-13 05:40:42 -06:00
Jan Vcelak
c60a3191a5 fix: reload systemd daemon after installation 2011-11-30 18:58:19 +01:00
Jan Vcelak
8bd37126ac configuration initialization from LDIF file 2011-11-30 18:40:25 +01:00
Jan Vcelak
1cd7d29c02 compile backends as modules (except BDB, HDB, and monitor) 2011-11-30 16:51:14 +01:00
Jan Vcelak
ad3da8cc04 new upstream release (2.4.28)
- upstream changes:
  - server: support for delta-syncrepl in multi master replication
  - server: add experimental backend - MDB
  - server: dynamic configuration for passwd, perl, shell, sock,
    and sql backends
  - server: support passwords in APR1
  - library: support for Wahl (draft)
  - a lot of bugfixes
- remove patches which were merged upstream
2011-11-30 16:51:05 +01:00
Jan Vcelak
0fcc2f2eb2 release bump (2.4.26-6) 2011-11-01 15:25:46 +01:00
Jan Vcelak
356af46ea6 CVE-2011-4079 one-byte buffer overflow in slapd
Resolves: #749324
2011-11-01 15:25:46 +01:00
Jan Vcelak
25e27999de servers: add libdb-utils to Requires 2011-11-01 13:34:30 +01:00
Jan Vcelak
a0c545d1a7 patch slapd to skip empty arguments
This is required by systemd, as variable expansion works there different
than in shell. Empty SLAPD_OPTIONS in environment file would not work.

(The patch is Fedora specific.)
2011-11-01 13:34:30 +01:00
Jan Vcelak
33514c3f00 scriptlet: convert sysconfig/ldap to sysconfig/slapd 2011-11-01 13:34:17 +01:00
Jan Vcelak
62f9c65cff rpmlint warnings: doc in non utf-8 encoding 2011-11-01 13:34:17 +01:00
Jan Vcelak
8f315f552e rpmlint warnings: macro in comment/changelog 2011-11-01 13:34:17 +01:00
Jan Vcelak
b6085c259f specfile: clean %files, drop defattr macros
- %defattr is not needed since Fedora 14
- permissions are taken from installed files
  (removed chmod and added install where possible)
- %attr was left only on places, where non-root owner is needed
- removed slashes between: %{buildroot}%{_somedir}
- files reordered by type
- merged "%dir dir" and "dir/files*"
2011-11-01 13:34:17 +01:00
Jan Vcelak
05cb2507b0 specfile: handle upgrades with new maintainance scripts 2011-11-01 13:34:08 +01:00
Jan Vcelak
2d2d8a4c8a specfile: migrate initscript to systemd service 2011-10-27 17:27:43 +02:00
Jan Vcelak
0a9b211e8c specfile: reorder sources 2011-10-27 17:27:43 +02:00
Jan Vcelak
10e4a847f6 remove old provides/obsoletes 2011-10-27 15:00:20 +02:00
Jan Vcelak
9a8ced65aa hardened build: remove LDFLAGS, enable macro 2011-10-27 14:45:10 +02:00
Jan Vcelak
8d476e4dbd rebuild: openldap does not work after libdb rebase
Resolves: #743824
2011-10-06 10:22:14 +02:00
Jan Vcelak
b4a9bf4dad regression fix: enable TCP wrappers
Resolves: #743213
2011-10-06 10:19:51 +02:00
Jan Vcelak
81680b05fb new feature update: honor priority/weight with ldap_domain2hostlist
There was a typo in the patch. "weight" of the SRV records was not
taken correctly.

Resolves: #733078
2011-09-21 11:05:39 +02:00
Jan Vcelak
9c0ef47ce4 fix: allow unsetting of tls_* syncrepl options
Resolves: #734187
2011-09-12 18:42:53 +02:00
Jan Vcelak
af7e905857 fix: SSL_ForceHandshake function is not thread safe
Resolves: #701678
2011-09-12 15:35:09 +02:00
Jan Vcelak
9ee41aa9a4 manpage fix: wrong ldap_sync_destroy() prototype in ldap_sync(3) manpage
Resolves: #717722
2011-08-24 19:24:49 +02:00
Jan Vcelak
a551ec94d3 new feature: honor priority/weight with ldap_domain2hostlist
Resolves: #733078
2011-08-24 19:17:27 +02:00
Jan Vcelak
3e083e8b93 fix: matching wildcard hostnames in certificate Subject field does not work
Resolves: #733073
2011-08-24 19:12:30 +02:00
Jan Vcelak
482a20080c manpage fix: errors in manual page slapo-unique
Resolves: #733070
2011-08-24 19:05:49 +02:00
Jan Vcelak
c6479d1199 fix: DDS overlay tolerance parametr doesn't function and breakes default TTL
Resolves: #733069
2011-08-24 19:01:05 +02:00
Jan Vcelak
a35a381613 fix: conversion of constraint overlay settings to cn=config is incorrect
Resolves: #733067
2011-08-24 18:58:45 +02:00
Jan Vcelak
8ac21093cd fix: memleak - free the return of tlsm_find_and_verify_cert_key
Resolves: #725818
2011-08-24 18:48:35 +02:00
Jan Vcelak
49f6078a21 incorrect behavior of allow/try options of VerifyCert and TLS_REQCERT
Resolves: #725819
2011-08-24 18:40:37 +02:00
Jan Vcelak
67c9630d50 fix: NSS_Init* functions are not thread safe
Resolves: #731112
2011-08-24 18:18:33 +02:00
Jan Vcelak
924b91284d add partial RELRO support
Resolves: #733071
2011-08-24 18:12:01 +02:00
Rex Dieter
a27bcf4338 Rebuilt for rpm (#728707) 2011-08-14 14:09:44 -05:00
Jan Vcelak
c90fe38088 fix: memleak in tlsm_auth_cert_handler
Resolves: #717730
2011-07-20 16:44:40 +02:00
Jan Vcelak
583cde50ed rebase to 2.4.26
- remove upstream included patches
2011-07-20 16:44:30 +02:00
Jan Vcelak
b35dfa8417 fix typo in patch name 2011-06-28 11:26:47 +02:00
Jan Vcelak
fd3f90103e allow build against DB 5.2
Resolves: #715827
2011-06-27 18:53:29 +02:00
Jan Vcelak
2aeb38e146 fix: segfault when LDIF input is not terminated by newline
Resolves: #716858
2011-06-27 18:53:29 +02:00
Jan Vcelak
4098fcd663 fix: segfault when input line in LDIF file is indented incorrectly
Resolves: #716855
2011-06-27 18:53:29 +02:00
Jan Vcelak
9925959a7d fix: segmentation fault caused by double-free in ldapexop
Resolves: #699683
2011-06-27 18:53:29 +02:00
Jan Vcelak
865ea62898 fix: connection failure if TLS_CACERTDIR doesn't exist but TLS_REQCERT is set to 'never'
Resolves: #716854
2011-06-27 18:53:28 +02:00
Jan Vcelak
cea83df834 openldap-servers scriptlets require initscripts package
Resolves: #716857
2011-06-27 18:53:28 +02:00
Jan Vcelak
2ce75ca315 root user management ACLs on cn=config
Resolves: #712495
2011-06-27 18:53:28 +02:00
Jan Vcelak
356967b885 default database type BDB -> HDB 2011-06-27 18:53:28 +02:00
Jan Vcelak
bf7ea0e4df slapd.conf as separate source, not patch 2011-06-27 18:53:28 +02:00
Jan Vcelak
31a7816a3a add ldif.h interface into -devel subpackage 2011-06-27 18:53:28 +02:00
Jan Vcelak
b2338c38f5 remove obsolete configure options 2011-06-27 18:53:28 +02:00
Jan Vcelak
a40d05ac93 rebase to 2.4.25
- remove upstream included patches
2011-06-27 18:11:38 +02:00