rpms/openldap
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
481 Commits 36 Branches 164 Tags 2.3 MiB
b7ad18970b
Commit Graph

481 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jitka Plesnikova
b7ad18970b Perl 5.28 rebuild 2018-06-27 21:43:08 +02:00
Matúš Honěk
44ef9ba558 MozNSS Compat. Layer: Fix typos, and spelling in the README file header 
Resolves: #1564161
 2018-04-05 16:09:24 +02:00
Matúš Honěk
7150aca353 Rebase to version OpenLDAP 2.4.46 
Resolves: #1559652
 2018-03-27 18:46:56 +02:00
Matúš Honěk
81afb5768a Utilize system-wide crypto-policies 
Resolves: #1483979
 2018-03-05 09:48:07 +01:00
Matúš Honěk
6f8a4c6436 Drop superfluous back-sql linking patch 
This patch is not needed any more as we do not build with back-sql at
all.

Related: #1548676
 2018-03-01 10:18:33 +01:00
Matúš Honěk
cd7bdcf821 fix: openldap does not use Fedora build flags 
- %configure introduces the correct flags, however we need* to set our
  custom CFLAGS before the actual run of ./configure, thus we request
  the flags explicitly using %set_build_flags
- dropping %{optflags} which is just a legacy version of
  %{build_cflags} which is already included in $set_build_flags set

* ./configure plays with the flags, hence customizing the CFLAGS after
  %configure does not have a desired effect

Resolves: #1548676
 2018-03-01 10:13:54 +01:00
Matúš Honěk
54acca337f MozNSS Compat. Layer: CA certs extraction fail should be fatal 
Resolves: #1550110
 2018-02-28 19:24:21 +01:00
Matúš Honěk
cd6ded4588 Bump release number 
Related: #1270678, #1537259
 2018-02-21 17:36:13 +01:00
Matúš Honěk
bdec46fdaf TLS: Use system trusted CA store by default 
Resolves: #1270678, #1537259
 2018-02-21 17:10:28 +01:00
Matúš Honěk
44d9f0fe1b Complete change: Disable TLSMC in F29+ 
- completes commit 60f1a08
 2018-02-14 14:09:27 +01:00
Igor Gnatenko
ed8fb8d19b
systemd-units → systemd 
Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
 2018-02-10 18:52:08 +01:00
Igor Gnatenko
4d3fac9347
switch to %systemd_requires 
Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
 2018-02-10 18:51:55 +01:00
Igor Gnatenko
c358051be4
remove unneeded Requires(post) 
Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
 2018-02-10 18:51:00 +01:00
Igor Gnatenko
96650fcc56
Switch to %ldconfig_scriptlets 
Reference: https://fedoraproject.org/wiki/Changes/Removing_ldconfig_scriptlets
Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
 2018-02-10 18:45:53 +01:00
Igor Gnatenko
f08cb7ec48
don't call ldconfig in servers subacpakge 
servers subpkg installs everything into private libdir, so no need to
call ldconfig (since there is no ld.so.conf for it).

Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
 2018-02-10 18:44:53 +01:00
Igor Gnatenko
7472792967
remove obsolete Group tag 
Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
 2018-02-10 18:42:09 +01:00
Igor Gnatenko
60f1a0883e
disable TLSMC in F29+ 
It should not affect any active Fedora branches, but will save time in
future.

Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
 2018-02-10 11:18:21 +01:00
Igor Gnatenko
e3677af8bb
Escape macros in %changelog 
Reference: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/Y2ZUKK2B7T2IKXPMODNF6HB2O5T5TS6H/
Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
 2018-02-09 09:05:20 +01:00
Matúš Honěk
eff4749dd8 Drop TCP wrappers support 
Resolves: #1531487
 2018-02-07 18:24:53 +01:00
Matúš Honěk
7264811847 MozNSS Compat. Layer: fix incorrect parsing of CACertDir 
NSS DB type prefix was not taken into account at all. Due to this the
path might not have been stat-ed. Thus, last part of the path would
have been considered an NSS DB name prefix which would be incorrect.

(cherry picked from commit 7f41b4a1ffe61c03d65896d82fc6b72a2710c492)
(originally #1533955)

Related: #1400570
 2018-02-07 18:01:42 +01:00
Matúš Honěk
8c29eeec6a MozNSS Compat. Layer: fix PIN disclaimer not always shown 
- ad #1516409#c7 case 1

(cherry picked from commit 6e2bfcadc598ed202cc77e34d5bfdea3d6ed8fbe)
(orginally #1516409)

Related: #1400570
 2018-02-07 18:01:16 +01:00
Matúš Honěk
e6c4c72153 MozNSS Compat. Layer: fix recursive directory deletion 
- ad #1516409#c7 case 2

(cherry picked from commit c66191c12b1bf372204cf3bf0b31759e7b0bd133)
(originally #1516409)

Related: #1400570
 2018-02-07 17:53:30 +01:00
Matúš Honěk
716f3439ac MozNSS Compat. Layer: Ensure consistency of a PEM dir before usage 
+ Warn just before use of a PIN about key file extraction

(cherry picked from commit 856ec5d38c45ffe71774a4d86a36177d3c4ca372)
(originally #1516409)

Related: #1400570
 2018-02-07 17:36:46 +01:00
Matúš Honěk
68ef0e0238 MozNSS Compat. Layer: Enable usage of NSS DB with PEM cert/key 
+ Fix a possible invalid dereference (covscan)

(cherry picked from commit 7abf6fbae6df9bc7cfdd9d28cc52f7676a123d9b)
(originally #1525485)

Related: #1400570
 2018-02-07 17:28:16 +01:00
Björn Esser
1a23456530
Rebuilt for switch to libxcrypt 2018-01-20 23:07:22 +01:00
Matúš Honěk
60ece3dfc8 [tests] Add CI tests using the standard test interface 
- runs upstream test cases
 2018-01-03 13:37:25 +01:00
Matúš Honěk
d181b0472d Fix various MozNSS compatibility layer issues 
+ Force write file with fsync to avoid race conditions
+ Always filestamp both sql and dbm NSS DB variants to not rely on default DB type prefix
+ Allow missing cert and key which is a valid usecase
+ Create extraction folder only in /tmp to simplify selinux rules
+ Fix Covscan issues

Related: #1400570
 2017-12-06 15:13:49 +01:00
Matus Honek
d8e109406e Merge #2 Do not call deleted script from %post section 2017-11-14 14:24:32 +00:00
Matúš Honěk
a33df4e168 Build with OpenSSL with MozNSS compatibility layer 
Resolves: #1400570
 2017-11-03 20:43:25 +01:00
Guido Aulisi
031e2b95cc Do not call deleted script from %post section 
Commit b730f13ce0 deleted certificate
generation scripts, but create_certdb.sh was still called from
%post section.
 2017-10-31 23:21:05 +01:00
Bruno Goncalves
50d73564a7 Add CI tests using the standard test interface 2017-10-16 10:49:32 +02:00
Fedora Release Engineering
671ba8f100 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild 2017-08-03 04:32:58 +00:00
Fedora Release Engineering
00533e64f8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild 2017-07-27 01:49:08 +00:00
Petr Písař
3a8a7258ab perl dependency renamed to perl-interpreter <https://fedoraproject.org/wiki/Changes/perl_Package_to_Install_Core_Modules> 2017-07-12 14:16:56 +02:00
Matúš Honěk
35246b7090 Merge branch 'f26' to 'master' 
- Rebase to version 2.4.45 (#1458081)
  * fixes CVE-2017-9287 (#1456712, #1456713)
- Update the 'sources' file with new SHA512 hashes

Related: #1458081
 2017-07-07 17:17:49 +02:00
Matúš Honěk
5c7cdc96e6 Rebase to version 2.4.45 
Resolves: #1458081
 2017-07-07 16:58:40 +02:00
Matúš Honěk
872ea264fa Change Requires to Recommends for nss-tools 
Resolves: #1415086
 2017-07-07 13:49:14 +02:00
Jitka Plesnikova
7a68ca8d9c Perl 5.26 rebuild 2017-06-04 14:18:11 +02:00
Matúš Honěk
af30ccf247 Merge branch 'f25' into f26 for linearity 
Related: #1435692
 2017-03-31 17:22:53 +02:00
Matúš Honěk
32c688fc27 NSS: Maximal TLS protocol version should be equal to NSS default 
Related: #1435689
 2017-03-31 17:08:11 +02:00
Matúš Honěk
8ba6f5c9b7 Merge branch 'f25' into f26 for linearity 
Conflicts:
	openldap.spec

Resolves: #1435692
 2017-03-30 14:55:47 +02:00
Matúš Honěk
54f6fd1feb NSS: Enhance OpenLDAP to support TLSv1.3 protocol with NSS 
Resolves: #1435689
 2017-03-24 20:23:40 +01:00
Matúš Honěk
d0828bee6c NSS: Rearrange ciphers-, parsing-, and protocol-related patches 
In addition, remove (or better, do not include anymore) unused
variables *variant* and *range* that were forgotten to be
removed when landing patch openldap-nss-protocol-version-new-api.patch
in commit 9e30b98.

Related: #1435689
 2017-03-24 20:02:46 +01:00
Fedora Release Engineering
8575fd0248 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild 2017-02-11 00:53:32 +00:00
Matúš Honěk
0cc5bf7254 NSS: Update list of ciphers 
Resolves: #1387868
 2017-01-31 15:58:28 +01:00
Matúš Honěk
22dbdbf78a NSS: Use what NSS considers default for DEFAULT cipher string. 
Related: #1387868
 2017-01-30 16:30:46 +01:00
Matúš Honěk
da1f719199 NSS: fix incorrect multi-keyword parsing and support new ones 
- add multi_mask, negative_mask, and multi_strength
  + some keywords may describe multiple cipher suite parameters at once
- fix masks decision tree
  + all masks have to fit the cipher suite to include it
- correct 'action' evaluation
  + plus sign means ordering (which NSS does not support)
  + no sign presence means adding implicitly
- extend keywords for new future ciphers

Backporting: #1372349
Resolves: #1243517
 2017-01-29 19:46:00 +01:00
Matúš Honěk
45704219c4 fix previous commit 
Related: #1375432
 2017-01-23 14:03:38 +01:00
Matúš Honěk
9e30b985ea Setting olcTLSProtocolMin does not change supported protocols 
Resolves: #1375432
 2017-01-20 14:41:25 +01:00
Matúš Honěk
17f248ddeb slapd should start after network-online.service 
Resolves: #1336487
 2016-10-14 18:44:55 +02:00