rpms/openldap
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'f26' to 'master'

Browse Source 
- Rebase to version 2.4.45 (#1458081)
  * fixes CVE-2017-9287 (#1456712, #1456713)
- Update the 'sources' file with new SHA512 hashes

Related: #1458081
This commit is contained in:
Matúš Honěk 2017-07-07 17:17:49 +02:00
commit 35246b7090
4 changed files with 11 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -14,3 +14,5 @@
/openldap-2.4.40.tgz /openldap-2.4.40.tgz
/openldap-2.4.41.tgz /openldap-2.4.41.tgz
/openldap-2.4.43.tgz /openldap-2.4.43.tgz
/openldap-2.4.44.tgz
/openldap-2.4.45.tgz

23
openldap-man-sasl-nocanon.patch
View File

@ -1,23 +0,0 @@
fix: SASL_NOCANON option missing in ldap.conf manual page
Author: Jan Vcelak <jvcelak@redhat.com>
Upstream ITS: #7177
Resolves: #732915
diff --git a/doc/man/man5/ldap.conf.5 b/doc/man/man5/ldap.conf.5
index 51f774f..5f17122 100644
--- a/doc/man/man5/ldap.conf.5
+++ b/doc/man/man5/ldap.conf.5
@@ -284,6 +284,9 @@ description). The default is
specifies the maximum security layer receive buffer
size allowed. 0 disables security layers. The default is 65536.
.RE
+.TP
+.B SASL_NOCANON <on/true/yes/off/false/no>
+Do not perform reverse DNS lookups to canonicalize SASL host names. The default is off.
.SH GSSAPI OPTIONS
If OpenLDAP is built with Generic Security Services Application Programming Interface support,
there are more options you can specify.
--
1.7.6.5

11
openldap.spec
View File

@ -4,8 +4,8 @@
%global check_password_version 1.1 %global check_password_version 1.1
Name: openldap Name: openldap
Version: 2.4.44 Version: 2.4.45
Release: 12%{?dist} Release: 1%{?dist}
Summary: LDAP support libraries Summary: LDAP support libraries
Group: System Environment/Daemons Group: System Environment/Daemons
License: OpenLDAP License: OpenLDAP
@ -26,7 +26,6 @@ Patch0: openldap-manpages.patch
Patch1: openldap-sql-linking.patch Patch1: openldap-sql-linking.patch
Patch2: openldap-reentrant-gethostby.patch Patch2: openldap-reentrant-gethostby.patch
Patch3: openldap-smbk5pwd-overlay.patch Patch3: openldap-smbk5pwd-overlay.patch
Patch4: openldap-man-sasl-nocanon.patch
Patch5: openldap-ai-addrconfig.patch Patch5: openldap-ai-addrconfig.patch
# nss patches, unlikely to ever get upstreamed # nss patches, unlikely to ever get upstreamed
Patch12: openldap-tls-no-reuse-of-tls_session.patch Patch12: openldap-tls-no-reuse-of-tls_session.patch
@ -140,7 +139,6 @@ AUTOMAKE=%{_bindir}/true autoreconf -fi
%patch1 -p1 %patch1 -p1
%patch2 -p1 %patch2 -p1
%patch3 -p1 %patch3 -p1
%patch4 -p1
%patch5 -p1 %patch5 -p1
%patch12 -p1 %patch12 -p1
%patch13 -p1 %patch13 -p1
@ -548,6 +546,11 @@ exit 0
%{_mandir}/man3/* %{_mandir}/man3/*
%changelog %changelog
* Fri Jul 7 2017 Matus Honek <mhonek@redhat.com> - 2.4.45-1
- Rebase to version 2.4.45 (#1458081)
* fixes CVE-2017-9287 (#1456712, #1456713)
- Update the 'sources' file with new SHA512 hashes
* Fri Jul 7 2017 Matus Honek <mhonek@redhat.com> - 2.4.44-12 * Fri Jul 7 2017 Matus Honek <mhonek@redhat.com> - 2.4.44-12
- Change Requires to Recommends for nss-tools (#1415086) - Change Requires to Recommends for nss-tools (#1415086)

4
sources
View File

@ -1,2 +1,2 @@
3535b7cd46dcf41c9a9480efa9e64618 ltb-project-openldap-ppolicy-check-password-1.1.tar.gz SHA512 (ltb-project-openldap-ppolicy-check-password-1.1.tar.gz) = f3384a164ce5db488908cf6380bad8500b800b09d12a8f04e1b6ccb6f6af6ab3971fcdbe4acca7a1b6d16b408a11065c2b1ab2497863fe07d3c28262b0f6776e
693ac26de86231f8dcae2b4e9d768e51 openldap-2.4.44.tgz SHA512 (openldap-2.4.45.tgz) = 1c9fc84efed8998f107ce6e1c6be3f5466388241afdca0cb3847720c9def0bc263a2dbc15bf0f9112d1b4c391fd01e8531a4fb08c5532c30fb86924c08daedab