da1f719199
NSS: fix incorrect multi-keyword parsing and support new ones
...
- add multi_mask, negative_mask, and multi_strength
+ some keywords may describe multiple cipher suite parameters at once
- fix masks decision tree
+ all masks have to fit the cipher suite to include it
- correct 'action' evaluation
+ plus sign means ordering (which NSS does not support)
+ no sign presence means adding implicitly
- extend keywords for new future ciphers
Backporting: #1372349
Resolves : #1243517
2017-01-29 19:46:00 +01:00
45704219c4
fix previous commit
...
Related: #1375432
2017-01-23 14:03:38 +01:00
9e30b985ea
Setting olcTLSProtocolMin does not change supported protocols
...
Resolves : #1375432
2017-01-20 14:41:25 +01:00
31ea2073c9
Mandatory Perl build-requires added < https://fedoraproject.org/wiki/Changes/Build_Root_Without_Perl >
2016-06-24 09:22:43 +02:00
0087c276cd
Perl 5.24 rebuild
2016-05-15 06:06:55 +02:00
ebc63b919d
Update to 2.4.44
...
Resolves : #1305191
2016-05-11 18:29:31 +02:00
a0c7cda8b5
Bring back *.la files in %{_libdir}/openldap/
...
Related: #1331484
2016-05-03 19:12:27 +02:00
ace19e3e36
Keep *.so libraries in %{_libdir}/openldap/
...
Resolves : #1331484
2016-04-28 17:43:08 +02:00
8291cbaa23
Include AllOp overlay
...
Resolves : #1319782
2016-04-27 09:58:29 +02:00
eb29790db6
Ensure all libtool archive files are removed (.la)
2016-04-10 23:43:12 +01:00
65a5310ab6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
2016-02-04 11:29:03 +00:00
ab9a93cce4
New upstream release 2.4.43
...
Resolves : #1253871
2016-01-21 16:40:54 +01:00
0f227076e4
New upstream release 2.4.41
...
Resolves : #1238251
2015-07-16 10:51:37 +02:00
58ea27bc6e
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
2015-06-17 23:59:36 +00:00
d22738532e
Perl 5.22 rebuild
2015-06-03 14:49:21 +02:00
443ffdd194
fix: bring back tmpfiles config ( #1215655 )
...
This reverts commit 521bbc2942
2015-04-27 15:20:45 +02:00
6e2cf23fa6
remove spurious ghosted file
2015-03-30 10:35:43 +02:00
592250ebfb
link against moznss again ( #1187742 )
...
Revert "link against openssl by default"
This reverts commit 72da77adb6
2015-02-20 11:06:24 +01:00
1fb41f2a59
fix: Unknown Berkeley DB major version in db.h ( #1191098 )
2015-02-11 10:52:43 +01:00
5a45ad5a72
CVE-2015-1545: slapd crashes on search with deref control ( #1190645 )
2015-02-10 09:33:10 +01:00
b730f13ce0
simplify package even more by removing certificate generation
...
Creating self-signed certificates for localhost is pointless. If anyone
uses TLS, they probably have their own. Testers can generate their own
as well, the package does't have to be plagued by scripts just because
of that.
2015-01-27 15:25:04 +01:00
72da77adb6
link against openssl by default
...
This is not an enhancement, this is a bugfix.
2015-01-27 15:19:00 +01:00
ee4af28583
simplify checking for missing server configuration
2015-01-26 14:24:55 +01:00
e143df31ee
fix invalid ldif introduced in 9a79680
2015-01-26 13:33:14 +01:00
521bbc2942
remove tmpfiles config since it's no longer needed
2015-01-26 13:31:31 +01:00
0fc0a68e34
renumber patches and sources
2015-01-21 14:24:49 +01:00
9a796804cd
remove pid file and args file
...
We have systemd for that.
2015-01-21 14:12:31 +01:00
b724454515
make mdb default after a new installation
2015-01-21 14:10:09 +01:00
7a8ba10b72
remove unneeded configure flags, disable sql backend and aci
...
Both SQL backend and ACI are experimental. SQL is unsupported.
2015-01-19 09:45:07 +01:00
41c84187a9
remove old F17 hack
2015-01-16 12:23:49 +01:00
c3de3dd938
remove openldap-syncrepl-unset-tls-options.patch
...
Unaccepted upstream, not an issue, documented in the man pages.
2015-01-16 10:28:54 +01:00
2594744e83
remove openldap-userconfig-setgid.patch
...
Pointless Fedora specific patch.
2015-01-16 10:27:49 +01:00
c1bd7d8503
remove openldap-ldaprc-currentdir.patch
...
The upstream ITS has been fixed a long time ago and this patch is Fedora
specific and pointless.
2015-01-16 10:08:38 +01:00
f1bc6682b9
remove openldap-fedora-systemd.patch
...
We don't use env variables anymore.
2015-01-16 09:08:08 +01:00
0625d0e501
provide an unversioned symlink to check_password.so.1.1
...
So the users don't have to specify the exact version in their configuration.
2014-12-17 15:32:22 +01:00
4840f8de8e
improve check_password
...
Fix Makefile to accept provided CFLAGS and LDFLAGS. Patch the code a bit.
2014-12-17 15:27:30 +01:00
098f3b5fe6
harden the build
2014-12-17 09:21:38 +01:00
40aff41da5
fix changelog after the revert
2014-12-17 09:21:02 +01:00
48c6d060f6
Revert "enhancement: generate openldap.pc ( #1171493 )"
...
This reverts commit 79a0b58108
2014-12-16 09:52:29 +01:00
79a0b58108
enhancement: generate openldap.pc ( #1171493 )
2014-12-09 12:34:25 +01:00
4b2abac9db
enhancement: support TLSv1 and later ( #1160466 )
2014-11-14 09:54:11 +01:00
90f2044e56
Merge branch 'master' into f21
...
Let's keep the history linear...
Conflicts:
openldap.spec
2014-10-06 10:24:40 +02:00
2c331b7581
new upstream release (2.4.40)
...
Resolves : #1147877
2014-09-30 13:44:19 +02:00
3363e7a6da
Perl 5.20 rebuild
2014-08-27 11:12:00 +02:00
29e31a847d
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
2014-08-17 13:55:33 +00:00
330a8ceaa7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
2014-08-17 13:55:22 +00:00
c64abcbb2f
fix license handling
2014-07-18 19:24:48 -04:00
cda7221c9b
fix license handling
2014-07-18 19:24:30 -04:00
826b3eb9d7
fix: fix typo in generate-server-cert.sh
...
Resolves : #1117229
2014-07-14 11:36:29 +02:00
abc96f87d2
fix: make default service configuration listen on ldaps:/// as well
...
Resolves : #1105634
2014-06-09 09:37:51 +02:00
45966edea7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
2014-06-07 11:42:07 -05:00
b15ffab696
fix: remove correct tmp file when generating server cert ( #1103102 )
2014-05-30 11:12:59 +02:00
079ea99963
re-symlink unversioned libraries, so ldconfig is not confused
...
Resolves : #1028557
2014-03-24 11:41:00 +01:00
ca7444dd1a
don't automatically convert slapd.conf to slapd-config
...
It is not possible to convert every possible slapd.conf to slapd-config
and expect it to work. Also, it is bad to force conversion like that.
2014-03-04 10:10:57 +01:00
b3805b0a4c
alias slapd.service as openldap.service
2014-02-20 08:43:54 +01:00
b8fb685084
add documentation reference to service file
2014-02-20 08:41:48 +01:00
cb0643e628
remove redundant sysconfig-related stuff
2014-02-20 08:38:44 +01:00
8a6f427a71
CVE-2013-4449: segfault on certain queries with rwm overlay
...
Resolves : #1060851
2014-02-04 09:40:28 +01:00
5dba8cc33f
new upstream release (2.4.39)
...
Resolves : #1059186
2014-01-29 13:03:05 +01:00
6a944922ab
new upstream release (2.4.38)
...
Resolves : #1031608
2013-11-18 12:52:27 +01:00
3589b29979
fix: slaptest incorrectly handles 'include' directives containing a custom file
...
Resolves : #1028935
2013-11-11 11:14:20 +01:00
59d41b9111
fix: missing a linefeed at the end of file /etc/openldap/ldap.conf
...
Resolves : #1019836
2013-10-30 11:35:50 +01:00
f646d734cc
new upstream release (2.4.37)
...
Resolves : #1023916
2013-10-30 11:35:38 +01:00
4f8940365c
fix: slapd daemon fails to start with segmentation fault on s390x
...
Resolves : #1020661
2013-10-21 12:40:42 +02:00
7bbf8dc1d7
rebuilt for libdb-5.3.28
2013-10-15 15:33:16 +02:00
6de15ed197
fix: CLDAP is broken for IPv6
...
Resolves : #1018688
2013-10-14 10:08:45 +02:00
0734516c42
fix: typos in manpages
2013-09-04 12:13:16 +02:00
1524b1e957
new upstream release (2.4.36)
2013-08-20 10:35:34 +02:00
2999a96836
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
2013-08-03 10:40:12 -05:00
98466f316a
Perl 5.18 rebuild
2013-07-17 23:33:37 +02:00
c86ed52b94
fix typos in previous commit
2013-06-26 20:28:42 +02:00
5265f0d549
move tmpfiles config to correct location
...
- move from /etc/tmpfiles.d to /usr/lib/tmpfiles.d
http://fedoraproject.org/wiki/Packaging:Tmpfiles.d
2013-06-24 13:22:37 +02:00
19dea679fe
fix: using slaptest to convert slapd.conf to LDIF format ignores "loglevel 0"
2013-06-14 14:32:16 +02:00
ff5c1adb2a
fix: LDAPI with GSSAPI does not work if SASL_NOCANON=on
...
Resolves : #960222
2013-05-09 09:32:52 +02:00
05278cd506
fix: lt_dlopen() with back_perl
...
Resolves : #960048
2013-05-09 09:29:28 +02:00
6e08d10adf
do not needlessly run ldconfig after installing openldap-devel
2013-05-09 09:24:02 +02:00
7516346478
remove trailing spaces
2013-04-09 13:45:32 +02:00
50ba1f03e9
set SASL_NOCANON to on by default
...
Resolves : #949864
2013-04-09 13:43:45 +02:00
a5ba090a01
fix: minor documentation fixes
2013-04-09 13:42:53 +02:00
44107bb150
drop the evolution patch
2013-04-05 09:39:17 +02:00
2f8c754907
fix: NSS related resource leak
...
Resolves : #929357
2013-04-02 13:44:32 +02:00
645d16ca61
fix: slapd.service should ensure that network is up before starting
...
Resolves : #946921
2013-04-02 13:39:38 +02:00
8e640ac8d6
new upstream release
...
Resolves : #947235
2013-04-02 13:31:35 +02:00
024749b3fb
include forgotten specfile changes
...
Related: #926280
2013-03-25 13:15:42 +01:00
4eaab344d9
fix: syncrepl push DELETE operation does not recover
...
Resolves : #920482
2013-03-18 12:20:21 +01:00
311ab5b026
fix bogus dates
2013-03-11 13:48:34 +01:00
c5d84d7192
add perl specific BuildRequires
2013-03-11 13:48:29 +01:00
b5dda86c35
package ppolicy-check-password
...
Resolves : #829749
2013-03-11 11:25:12 +01:00
3b721d68c7
enable perl backend
...
Resolves : #820547
2013-03-11 07:52:23 +01:00
51d38be75b
use systemd-rpm macros in spec file
...
Resolves : #850247
2013-03-06 23:09:13 +01:00
705b2a5032
new upstream release (2.4.34)
...
Resolves : #917603 #872784
2013-03-06 23:09:06 +01:00
cbf8229049
rebuild against new cyrus-sasl
2013-01-31 14:26:21 +01:00
4b460cc8c8
fix update: libldap does not load PEM certificate if certdb is used as TLS_CACERTDIR
...
Resolves : #857455
2012-10-31 12:50:15 +01:00
17508fb68c
fix: slapd with rwm overlay segfault following ldapmodify
...
Resolves : #865685
2012-10-12 08:58:01 +02:00
8dc41a3295
fix: slapd.service should not use /tmp
...
Resolves : #859019
2012-10-11 11:56:59 +02:00
587944c9e6
new upstream release (2.4.33)
2012-10-11 11:47:24 +02:00
5568103a57
Workaround for bug #858274 in m4 (autoreconf fails on i686)
2012-09-19 10:30:03 +02:00
749896483d
fix bug number in recent patch
2012-09-14 16:56:03 +02:00
331465716f
fix: libldap does not load PEM certificate if certdb is used as TLS_CACERTDIR
...
Resolves : #857455
2012-09-14 16:14:43 +02:00
557bf01306
fix: MozNSS certificate database in SQL format cannot be used
...
Resolves : #857390
2012-09-14 16:14:21 +02:00
060a306e1e
fix: not all certificates in OpenSSL compatible CA certificate directory format are loaded
...
Resolves : #852786
2012-09-14 16:13:59 +02:00
1f24c419dd
fix: connection hangs after fallback to second server when certificate hostname verification fails
...
Resolves : #852476
2012-09-14 16:13:39 +02:00
9627ad75ef
fix: some TLS ciphers cannot be enabled
...
Resolves : #852338
2012-09-14 16:13:12 +02:00
ad070fca8d
prefer key from authenticated slot, allow certificate name with token
...
Resolves TLS failures in replication in 389 Directory Server introduced
by recent Mozilla NSS backend fixes.
2012-08-20 20:34:34 +02:00
6304a48a54
new upstream release (2.4.32)
2012-08-01 13:39:25 +02:00
c736adad77
use tabs consistently
2012-08-01 10:21:44 +02:00
2d64625e78
fix: slapd refuses to set up TLS with self-signed PEM certificate
...
Resolves : #842022
2012-07-21 17:59:04 +02:00
54e357771f
multilib fix: move libslapi from openldap-servers to openldap package
2012-07-20 16:59:28 +02:00
9e7cf6735d
fix: smbk5pwd module computes invalid LM hashes
...
Resolves : #841560
2012-07-19 14:27:10 +02:00
20875f4fb9
fix: querying for IPv6 DNS records when IPv6 is disabled on the host
...
Resolves : #835013
2012-07-19 11:00:43 +02:00
824671e8d7
clean the package build process
2012-07-18 19:02:28 +02:00
9eda95bba4
fix: remove isa macro from BuildRequires
2012-07-18 09:37:59 +02:00
50ed49760b
fix: less influence between individual TLS contexts
...
Resolves : #795763 (and possibly others)
2012-06-27 14:40:59 +02:00
397ce0c946
fix: default cipher suite is always selected
...
Resolves : #828790
2012-06-27 14:10:28 +02:00
916cbca281
fix: slapd fails to start on reboot
...
Resolves : #829272
2012-06-27 14:05:10 +02:00
904778f620
CVE-2012-2668: cipher suite selection by name can be ignored
...
Resolves : #825875
2012-06-27 13:55:02 +02:00
fe1c1e0eeb
fix: reading pin from file can make all TLS connections hang
...
Resolves : #829317
2012-06-27 13:48:40 +02:00
0cda8087e0
fix: TLS error messages overwriting in tlsm_verify_cert()
...
Resolves : #810462
2012-06-27 13:36:51 +02:00
ac8a31ed53
fix: invalid order of TLS shutdown operations
...
Resolves : #808465
2012-06-27 13:31:05 +02:00
5172ff7830
update fix: count constraint broken when using multiple modifications
...
Resolves : #795766
2012-06-27 13:26:24 +02:00
60d09d71cf
fix: MozNSS CA certdir does not work together with PEM CA cert file
...
Resolves : #819536
2012-05-18 12:47:45 +02:00
61feb71485
changelog: nss-tools has to be required by base package
2012-05-18 12:47:41 +02:00
f8f3a2b33f
nss-tools has to be required by base package
2012-05-02 11:25:36 +02:00
05bc41c858
remove upstream merged patches
2012-04-24 10:44:16 +02:00
6e16cb7901
new upstream release (2.4.31)
2012-04-24 10:35:02 +02:00
440b96e85c
rebuild due to libdb rebase
2012-04-05 20:41:25 +02:00
0992cf19a9
fix: Re-binding to a failed connection can segfault
...
Resolves : #784989
2012-03-26 13:41:40 +02:00
a4d33565bb
new upstream release (2.4.30)
...
Resolves : #798958
2012-03-01 14:24:19 +01:00
862f73dffa
fix: SASL_NOCANON option missing in ldap.conf manual page
...
Resolves : #732915
2012-02-22 15:46:23 +01:00
c2db986060
fix: missing options in manual pages of client tools
...
Resolves : #796232
2012-02-22 15:41:53 +01:00
b2b2825914
fix: count constraint broken when using multiple modifications
...
Resolves : #795766
2012-02-21 15:44:56 +01:00
20125eca06
fix: ldap_result does not succeed for sssd
...
Resolves : #771484
2012-02-21 15:37:51 +01:00
558f709787
fix update provide ldif2ldbm, not ldib2ldbm
...
Resolves : #437104
2012-02-20 15:31:58 +01:00
f25689a388
unify systemctl binary paths throughout the specfile and make them usrmove compliant
...
make path to chkconfig binary usrmove compliant
2012-02-20 15:14:53 +01:00
d5cbb774ed
fix: check-config.sh get stuck when executing command as a ldap user
2012-02-15 14:26:49 +01:00
dc2b490d64
temporarily disable certificates checking in check-config.sh
...
MozNSS support is missing yet.
2012-02-15 13:15:07 +01:00
b95104a6a1
fix: correct path to check-config.sh in service file
2012-02-15 09:10:16 +01:00
b5e66b7ea2
remove obsoleted slapd.conf
2012-02-14 17:22:53 +01:00
a7572065e5
certificates management improvements
...
Resolves : #772890
2012-02-14 17:22:50 +01:00
934ba146a8
move maintainance scripts from libexec/slapd to libexec/openldap
2012-02-14 13:42:07 +01:00
78a563b273
openldap-servers: provide ldib2ldbm for migrationtools
...
References: #437104
2012-02-14 13:40:58 +01:00
5e3dba33db
clean requirements: remove explicit versions, add %{_isa} macro
2012-02-14 13:40:42 +01:00
31026088da
new upstream release (2.4.29)
2012-02-13 13:07:11 +01:00
65b981d99e
fix: slapd segfaults when PEM certificate is used and key is not set
...
Resolves : #772890
2012-01-31 18:11:36 +01:00
f47de25361
fix: replication (syncrepl) with TLS causes segfault
...
Resolves : #783431
2012-01-31 18:10:55 +01:00
328c8e208b
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
2012-01-13 05:40:42 -06:00
c60a3191a5
fix: reload systemd daemon after installation
2011-11-30 18:58:19 +01:00
8bd37126ac
configuration initialization from LDIF file
2011-11-30 18:40:25 +01:00
1cd7d29c02
compile backends as modules (except BDB, HDB, and monitor)
2011-11-30 16:51:14 +01:00
ad3da8cc04
new upstream release (2.4.28)
...
- upstream changes:
- server: support for delta-syncrepl in multi master replication
- server: add experimental backend - MDB
- server: dynamic configuration for passwd, perl, shell, sock,
and sql backends
- server: support passwords in APR1
- library: support for Wahl (draft)
- a lot of bugfixes
- remove patches which were merged upstream
2011-11-30 16:51:05 +01:00
Matúš Honěk
Petr Písař
Jitka Plesnikova
Peter Robinson
Fedora Release Engineering
Dennis Gilmore
Jan Synacek
Peter Robinson
Tom Callaway
Jan Vcelak
Jan Vcelak