Commit Graph

487 Commits

Author SHA1 Message Date
Matúš Honěk da1f719199 NSS: fix incorrect multi-keyword parsing and support new ones
- add multi_mask, negative_mask, and multi_strength
  + some keywords may describe multiple cipher suite parameters at once
- fix masks decision tree
  + all masks have to fit the cipher suite to include it
- correct 'action' evaluation
  + plus sign means ordering (which NSS does not support)
  + no sign presence means adding implicitly
- extend keywords for new future ciphers

Backporting: #1372349
Resolves: #1243517
2017-01-29 19:46:00 +01:00
Matúš Honěk 45704219c4 fix previous commit
Related: #1375432
2017-01-23 14:03:38 +01:00
Matúš Honěk 9e30b985ea Setting olcTLSProtocolMin does not change supported protocols
Resolves: #1375432
2017-01-20 14:41:25 +01:00
Petr Písař 31ea2073c9 Mandatory Perl build-requires added <https://fedoraproject.org/wiki/Changes/Build_Root_Without_Perl> 2016-06-24 09:22:43 +02:00
Jitka Plesnikova 0087c276cd Perl 5.24 rebuild 2016-05-15 06:06:55 +02:00
Matúš Honěk ebc63b919d Update to 2.4.44
Resolves: #1305191
2016-05-11 18:29:31 +02:00
Matúš Honěk a0c7cda8b5 Bring back *.la files in %{_libdir}/openldap/
Related: #1331484
2016-05-03 19:12:27 +02:00
Matúš Honěk ace19e3e36 Keep *.so libraries in %{_libdir}/openldap/
Resolves: #1331484
2016-04-28 17:43:08 +02:00
Matúš Honěk 8291cbaa23 Include AllOp overlay
Resolves: #1319782
2016-04-27 09:58:29 +02:00
Peter Robinson eb29790db6 Ensure all libtool archive files are removed (.la) 2016-04-10 23:43:12 +01:00
Fedora Release Engineering 65a5310ab6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild 2016-02-04 11:29:03 +00:00
Matúš Honěk ab9a93cce4 New upstream release 2.4.43
Resolves: #1253871
2016-01-21 16:40:54 +01:00
Matúš Honěk 0f227076e4 New upstream release 2.4.41
Resolves: #1238251
2015-07-16 10:51:37 +02:00
Dennis Gilmore 58ea27bc6e - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild 2015-06-17 23:59:36 +00:00
Jitka Plesnikova d22738532e Perl 5.22 rebuild 2015-06-03 14:49:21 +02:00
Jan Synacek 443ffdd194 fix: bring back tmpfiles config (#1215655)
This reverts commit 521bbc2942.
2015-04-27 15:20:45 +02:00
Jan Synacek 6e2cf23fa6 remove spurious ghosted file 2015-03-30 10:35:43 +02:00
Jan Synacek 592250ebfb link against moznss again (#1187742)
Revert "link against openssl by default"

This reverts commit 72da77adb6.
2015-02-20 11:06:24 +01:00
Jan Synacek 1fb41f2a59 fix: Unknown Berkeley DB major version in db.h (#1191098) 2015-02-11 10:52:43 +01:00
Jan Synacek 5a45ad5a72 CVE-2015-1545: slapd crashes on search with deref control (#1190645) 2015-02-10 09:33:10 +01:00
Jan Synacek b730f13ce0 simplify package even more by removing certificate generation
Creating self-signed certificates for localhost is pointless. If anyone
uses TLS, they probably have their own. Testers can generate their own
as well, the package does't have to be plagued by scripts just because
of that.
2015-01-27 15:25:04 +01:00
Jan Synacek 72da77adb6 link against openssl by default
This is not an enhancement, this is a bugfix.
2015-01-27 15:19:00 +01:00
Jan Synacek ee4af28583 simplify checking for missing server configuration 2015-01-26 14:24:55 +01:00
Jan Synacek e143df31ee fix invalid ldif introduced in 9a79680 2015-01-26 13:33:14 +01:00
Jan Synacek 521bbc2942 remove tmpfiles config since it's no longer needed 2015-01-26 13:31:31 +01:00
Jan Synacek 0fc0a68e34 renumber patches and sources 2015-01-21 14:24:49 +01:00
Jan Synacek 9a796804cd remove pid file and args file
We have systemd for that.
2015-01-21 14:12:31 +01:00
Jan Synacek b724454515 make mdb default after a new installation 2015-01-21 14:10:09 +01:00
Jan Synacek 7a8ba10b72 remove unneeded configure flags, disable sql backend and aci
Both SQL backend and ACI are experimental. SQL is unsupported.
2015-01-19 09:45:07 +01:00
Jan Synacek 41c84187a9 remove old F17 hack 2015-01-16 12:23:49 +01:00
Jan Synacek c3de3dd938 remove openldap-syncrepl-unset-tls-options.patch
Unaccepted upstream, not an issue, documented in the man pages.
2015-01-16 10:28:54 +01:00
Jan Synacek 2594744e83 remove openldap-userconfig-setgid.patch
Pointless Fedora specific patch.
2015-01-16 10:27:49 +01:00
Jan Synacek c1bd7d8503 remove openldap-ldaprc-currentdir.patch
The upstream ITS has been fixed a long time ago and this patch is Fedora
specific and pointless.
2015-01-16 10:08:38 +01:00
Jan Synacek f1bc6682b9 remove openldap-fedora-systemd.patch
We don't use env variables anymore.
2015-01-16 09:08:08 +01:00
Jan Synacek 0625d0e501 provide an unversioned symlink to check_password.so.1.1
So the users don't have to specify the exact version in their configuration.
2014-12-17 15:32:22 +01:00
Jan Synacek 4840f8de8e improve check_password
Fix Makefile to accept provided CFLAGS and LDFLAGS. Patch the code a bit.
2014-12-17 15:27:30 +01:00
Jan Synacek 098f3b5fe6 harden the build 2014-12-17 09:21:38 +01:00
Jan Synacek 40aff41da5 fix changelog after the revert 2014-12-17 09:21:02 +01:00
Jan Synacek 48c6d060f6 Revert "enhancement: generate openldap.pc (#1171493)"
This reverts commit 79a0b58108.
2014-12-16 09:52:29 +01:00
Jan Synacek 79a0b58108 enhancement: generate openldap.pc (#1171493) 2014-12-09 12:34:25 +01:00
Jan Synacek 4b2abac9db enhancement: support TLSv1 and later (#1160466) 2014-11-14 09:54:11 +01:00
Jan Synacek 90f2044e56 Merge branch 'master' into f21
Let's keep the history linear...

Conflicts:
	openldap.spec
2014-10-06 10:24:40 +02:00
Jan Synacek 2c331b7581 new upstream release (2.4.40)
Resolves: #1147877
2014-09-30 13:44:19 +02:00
Jitka Plesnikova 3363e7a6da Perl 5.20 rebuild 2014-08-27 11:12:00 +02:00
Peter Robinson 29e31a847d - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild 2014-08-17 13:55:33 +00:00
Peter Robinson 330a8ceaa7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild 2014-08-17 13:55:22 +00:00
Tom Callaway c64abcbb2f fix license handling 2014-07-18 19:24:48 -04:00
Tom Callaway cda7221c9b fix license handling 2014-07-18 19:24:30 -04:00
Jan Synacek 826b3eb9d7 fix: fix typo in generate-server-cert.sh
Resolves: #1117229
2014-07-14 11:36:29 +02:00
Jan Synacek abc96f87d2 fix: make default service configuration listen on ldaps:/// as well
Resolves: #1105634
2014-06-09 09:37:51 +02:00
Dennis Gilmore 45966edea7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild 2014-06-07 11:42:07 -05:00
Jan Synacek b15ffab696 fix: remove correct tmp file when generating server cert (#1103102) 2014-05-30 11:12:59 +02:00
Jan Synacek 079ea99963 re-symlink unversioned libraries, so ldconfig is not confused
Resolves: #1028557
2014-03-24 11:41:00 +01:00
Jan Synacek ca7444dd1a don't automatically convert slapd.conf to slapd-config
It is not possible to convert every possible slapd.conf to slapd-config
and expect it to work. Also, it is bad to force conversion like that.
2014-03-04 10:10:57 +01:00
Jan Synacek b3805b0a4c alias slapd.service as openldap.service 2014-02-20 08:43:54 +01:00
Jan Synacek b8fb685084 add documentation reference to service file 2014-02-20 08:41:48 +01:00
Jan Synacek cb0643e628 remove redundant sysconfig-related stuff 2014-02-20 08:38:44 +01:00
Jan Synacek 8a6f427a71 CVE-2013-4449: segfault on certain queries with rwm overlay
Resolves: #1060851
2014-02-04 09:40:28 +01:00
Jan Synacek 5dba8cc33f new upstream release (2.4.39)
Resolves: #1059186
2014-01-29 13:03:05 +01:00
Jan Synacek 6a944922ab new upstream release (2.4.38)
Resolves: #1031608
2013-11-18 12:52:27 +01:00
Jan Synacek 3589b29979 fix: slaptest incorrectly handles 'include' directives containing a custom file
Resolves: #1028935
2013-11-11 11:14:20 +01:00
Jan Synacek 59d41b9111 fix: missing a linefeed at the end of file /etc/openldap/ldap.conf
Resolves: #1019836
2013-10-30 11:35:50 +01:00
Jan Synacek f646d734cc new upstream release (2.4.37)
Resolves: #1023916
2013-10-30 11:35:38 +01:00
Jan Synacek 4f8940365c fix: slapd daemon fails to start with segmentation fault on s390x
Resolves: #1020661
2013-10-21 12:40:42 +02:00
Jan Synacek 7bbf8dc1d7 rebuilt for libdb-5.3.28 2013-10-15 15:33:16 +02:00
Jan Synacek 6de15ed197 fix: CLDAP is broken for IPv6
Resolves: #1018688
2013-10-14 10:08:45 +02:00
Jan Synacek 0734516c42 fix: typos in manpages 2013-09-04 12:13:16 +02:00
Jan Synacek 1524b1e957 new upstream release (2.4.36) 2013-08-20 10:35:34 +02:00
Dennis Gilmore 2999a96836 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild 2013-08-03 10:40:12 -05:00
Petr Písař 98466f316a Perl 5.18 rebuild 2013-07-17 23:33:37 +02:00
Jan Vcelak c86ed52b94 fix typos in previous commit 2013-06-26 20:28:42 +02:00
Jan Vcelak 5265f0d549 move tmpfiles config to correct location
- move from /etc/tmpfiles.d to /usr/lib/tmpfiles.d
  http://fedoraproject.org/wiki/Packaging:Tmpfiles.d
2013-06-24 13:22:37 +02:00
Jan Synacek 19dea679fe fix: using slaptest to convert slapd.conf to LDIF format ignores "loglevel 0" 2013-06-14 14:32:16 +02:00
Jan Synacek ff5c1adb2a fix: LDAPI with GSSAPI does not work if SASL_NOCANON=on
Resolves: #960222
2013-05-09 09:32:52 +02:00
Jan Synacek 05278cd506 fix: lt_dlopen() with back_perl
Resolves: #960048
2013-05-09 09:29:28 +02:00
Jan Synacek 6e08d10adf do not needlessly run ldconfig after installing openldap-devel 2013-05-09 09:24:02 +02:00
Jan Synacek 7516346478 remove trailing spaces 2013-04-09 13:45:32 +02:00
Jan Synacek 50ba1f03e9 set SASL_NOCANON to on by default
Resolves: #949864
2013-04-09 13:43:45 +02:00
Jan Synacek a5ba090a01 fix: minor documentation fixes 2013-04-09 13:42:53 +02:00
Jan Synacek 44107bb150 drop the evolution patch 2013-04-05 09:39:17 +02:00
Jan Synacek 2f8c754907 fix: NSS related resource leak
Resolves: #929357
2013-04-02 13:44:32 +02:00
Jan Synacek 645d16ca61 fix: slapd.service should ensure that network is up before starting
Resolves: #946921
2013-04-02 13:39:38 +02:00
Jan Synacek 8e640ac8d6 new upstream release
Resolves: #947235
2013-04-02 13:31:35 +02:00
Jan Synacek 024749b3fb include forgotten specfile changes
Related: #926280
2013-03-25 13:15:42 +01:00
Jan Synacek 4eaab344d9 fix: syncrepl push DELETE operation does not recover
Resolves: #920482
2013-03-18 12:20:21 +01:00
Jan Synacek 311ab5b026 fix bogus dates 2013-03-11 13:48:34 +01:00
Jan Synacek c5d84d7192 add perl specific BuildRequires 2013-03-11 13:48:29 +01:00
Jan Synacek b5dda86c35 package ppolicy-check-password
Resolves: #829749
2013-03-11 11:25:12 +01:00
Jan Synacek 3b721d68c7 enable perl backend
Resolves: #820547
2013-03-11 07:52:23 +01:00
Jan Vcelak 51d38be75b use systemd-rpm macros in spec file
Resolves: #850247
2013-03-06 23:09:13 +01:00
Jan Vcelak 705b2a5032 new upstream release (2.4.34)
Resolves: #917603 #872784
2013-03-06 23:09:06 +01:00
Jan Synacek cbf8229049 rebuild against new cyrus-sasl 2013-01-31 14:26:21 +01:00
Jan Vcelak 4b460cc8c8 fix update: libldap does not load PEM certificate if certdb is used as TLS_CACERTDIR
Resolves: #857455
2012-10-31 12:50:15 +01:00
Jan Vcelak 17508fb68c fix: slapd with rwm overlay segfault following ldapmodify
Resolves: #865685
2012-10-12 08:58:01 +02:00
Jan Vcelak 8dc41a3295 fix: slapd.service should not use /tmp
Resolves: #859019
2012-10-11 11:56:59 +02:00
Jan Vcelak 587944c9e6 new upstream release (2.4.33) 2012-10-11 11:47:24 +02:00
Jan Vcelak 5568103a57 Workaround for bug #858274 in m4 (autoreconf fails on i686) 2012-09-19 10:30:03 +02:00
Jan Vcelak 749896483d fix bug number in recent patch 2012-09-14 16:56:03 +02:00
Jan Vcelak 331465716f fix: libldap does not load PEM certificate if certdb is used as TLS_CACERTDIR
Resolves: #857455
2012-09-14 16:14:43 +02:00
Jan Vcelak 557bf01306 fix: MozNSS certificate database in SQL format cannot be used
Resolves: #857390
2012-09-14 16:14:21 +02:00
Jan Vcelak 060a306e1e fix: not all certificates in OpenSSL compatible CA certificate directory format are loaded
Resolves: #852786
2012-09-14 16:13:59 +02:00
Jan Vcelak 1f24c419dd fix: connection hangs after fallback to second server when certificate hostname verification fails
Resolves: #852476
2012-09-14 16:13:39 +02:00
Jan Vcelak 9627ad75ef fix: some TLS ciphers cannot be enabled
Resolves: #852338
2012-09-14 16:13:12 +02:00
Jan Vcelak ad070fca8d prefer key from authenticated slot, allow certificate name with token
Resolves TLS failures in replication in 389 Directory Server introduced
by recent Mozilla NSS backend fixes.
2012-08-20 20:34:34 +02:00
Jan Vcelak 6304a48a54 new upstream release (2.4.32) 2012-08-01 13:39:25 +02:00
Jan Vcelak c736adad77 use tabs consistently 2012-08-01 10:21:44 +02:00
Jan Vcelak 2d64625e78 fix: slapd refuses to set up TLS with self-signed PEM certificate
Resolves: #842022
2012-07-21 17:59:04 +02:00
Jan Vcelak 54e357771f multilib fix: move libslapi from openldap-servers to openldap package 2012-07-20 16:59:28 +02:00
Jan Vcelak 9e7cf6735d fix: smbk5pwd module computes invalid LM hashes
Resolves: #841560
2012-07-19 14:27:10 +02:00
Jan Vcelak 20875f4fb9 fix: querying for IPv6 DNS records when IPv6 is disabled on the host
Resolves: #835013
2012-07-19 11:00:43 +02:00
Jan Vcelak 824671e8d7 clean the package build process 2012-07-18 19:02:28 +02:00
Jan Vcelak 9eda95bba4 fix: remove isa macro from BuildRequires 2012-07-18 09:37:59 +02:00
Jan Vcelak 50ed49760b fix: less influence between individual TLS contexts
Resolves: #795763 (and possibly others)
2012-06-27 14:40:59 +02:00
Jan Vcelak 397ce0c946 fix: default cipher suite is always selected
Resolves: #828790
2012-06-27 14:10:28 +02:00
Jan Vcelak 916cbca281 fix: slapd fails to start on reboot
Resolves: #829272
2012-06-27 14:05:10 +02:00
Jan Vcelak 904778f620 CVE-2012-2668: cipher suite selection by name can be ignored
Resolves: #825875
2012-06-27 13:55:02 +02:00
Jan Vcelak fe1c1e0eeb fix: reading pin from file can make all TLS connections hang
Resolves: #829317
2012-06-27 13:48:40 +02:00
Jan Vcelak 0cda8087e0 fix: TLS error messages overwriting in tlsm_verify_cert()
Resolves: #810462
2012-06-27 13:36:51 +02:00
Jan Vcelak ac8a31ed53 fix: invalid order of TLS shutdown operations
Resolves: #808465
2012-06-27 13:31:05 +02:00
Jan Vcelak 5172ff7830 update fix: count constraint broken when using multiple modifications
Resolves: #795766
2012-06-27 13:26:24 +02:00
Jan Vcelak 60d09d71cf fix: MozNSS CA certdir does not work together with PEM CA cert file
Resolves: #819536
2012-05-18 12:47:45 +02:00
Jan Vcelak 61feb71485 changelog: nss-tools has to be required by base package 2012-05-18 12:47:41 +02:00
Jan Vcelak f8f3a2b33f nss-tools has to be required by base package 2012-05-02 11:25:36 +02:00
Jan Vcelak 05bc41c858 remove upstream merged patches 2012-04-24 10:44:16 +02:00
Jan Vcelak 6e16cb7901 new upstream release (2.4.31) 2012-04-24 10:35:02 +02:00
Jan Vcelak 440b96e85c rebuild due to libdb rebase 2012-04-05 20:41:25 +02:00
Jan Synacek 0992cf19a9 fix: Re-binding to a failed connection can segfault
Resolves: #784989
2012-03-26 13:41:40 +02:00
Jan Vcelak a4d33565bb new upstream release (2.4.30)
Resolves: #798958
2012-03-01 14:24:19 +01:00
Jan Vcelak 862f73dffa fix: SASL_NOCANON option missing in ldap.conf manual page
Resolves: #732915
2012-02-22 15:46:23 +01:00
Jan Vcelak c2db986060 fix: missing options in manual pages of client tools
Resolves: #796232
2012-02-22 15:41:53 +01:00
Jan Vcelak b2b2825914 fix: count constraint broken when using multiple modifications
Resolves: #795766
2012-02-21 15:44:56 +01:00
Jan Vcelak 20125eca06 fix: ldap_result does not succeed for sssd
Resolves: #771484
2012-02-21 15:37:51 +01:00
Jan Vcelak 558f709787 fix update provide ldif2ldbm, not ldib2ldbm
Resolves: #437104
2012-02-20 15:31:58 +01:00
Jan Synacek f25689a388 unify systemctl binary paths throughout the specfile and make them usrmove compliant
make path to chkconfig binary usrmove compliant
2012-02-20 15:14:53 +01:00
Jan Vcelak d5cbb774ed fix: check-config.sh get stuck when executing command as a ldap user 2012-02-15 14:26:49 +01:00
Jan Vcelak dc2b490d64 temporarily disable certificates checking in check-config.sh
MozNSS support is missing yet.
2012-02-15 13:15:07 +01:00
Jan Synacek b95104a6a1 fix: correct path to check-config.sh in service file 2012-02-15 09:10:16 +01:00
Jan Vcelak b5e66b7ea2 remove obsoleted slapd.conf 2012-02-14 17:22:53 +01:00
Jan Vcelak a7572065e5 certificates management improvements
Resolves: #772890
2012-02-14 17:22:50 +01:00
Jan Vcelak 934ba146a8 move maintainance scripts from libexec/slapd to libexec/openldap 2012-02-14 13:42:07 +01:00
Jan Vcelak 78a563b273 openldap-servers: provide ldib2ldbm for migrationtools
References: #437104
2012-02-14 13:40:58 +01:00
Jan Vcelak 5e3dba33db clean requirements: remove explicit versions, add %{_isa} macro 2012-02-14 13:40:42 +01:00
Jan Vcelak 31026088da new upstream release (2.4.29) 2012-02-13 13:07:11 +01:00
Jan Vcelak 65b981d99e fix: slapd segfaults when PEM certificate is used and key is not set
Resolves: #772890
2012-01-31 18:11:36 +01:00
Jan Vcelak f47de25361 fix: replication (syncrepl) with TLS causes segfault
Resolves: #783431
2012-01-31 18:10:55 +01:00
Dennis Gilmore 328c8e208b - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild 2012-01-13 05:40:42 -06:00
Jan Vcelak c60a3191a5 fix: reload systemd daemon after installation 2011-11-30 18:58:19 +01:00
Jan Vcelak 8bd37126ac configuration initialization from LDIF file 2011-11-30 18:40:25 +01:00
Jan Vcelak 1cd7d29c02 compile backends as modules (except BDB, HDB, and monitor) 2011-11-30 16:51:14 +01:00
Jan Vcelak ad3da8cc04 new upstream release (2.4.28)
- upstream changes:
  - server: support for delta-syncrepl in multi master replication
  - server: add experimental backend - MDB
  - server: dynamic configuration for passwd, perl, shell, sock,
    and sql backends
  - server: support passwords in APR1
  - library: support for Wahl (draft)
  - a lot of bugfixes
- remove patches which were merged upstream
2011-11-30 16:51:05 +01:00