./databases/openldap, Lightweight Directory Access Protocol meta-package

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 2.4.42, Package name: openldap-2.4.42, Maintainer: adam

OpenLDAP is an open source implementation of the Lightweight Directory Access
Protocol. This package includes:

* slapd - stand-alone LDAP daemon (server)
* libraries implementing the LDAP protocol
* utilities, tools, and sample clients
* administration guide

Required to run:
[databases/openldap-client] [databases/openldap-server] [databases/openldap-doc]

Version history: (Expand)

CVS history: (Expand)

   2015-11-03 02:56:36 by Alistair G. Crooks | Files touched by this commit (368)
Log message:
Add SHA512 digests for distfiles for databases category

Problems found with existing distfiles:
No changes made to the cstore or mariadb55-client distinfo files.

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.
   2015-09-14 18:32:27 by Emmanuel Dreyfus | Files touched by this commit (4)
Log message:
Add support for ECDH, from upstream

After the recent logjam attack, longer DH parameter size have been advised.
Unfortunately, this comes with a high computational cost. ECDH is a good
alternative to acheive forward secrecy with lower CPU Loads.

This patch is a backport from upstream ECDH umplementation. ECDH is
enabled by speciying a curve name through the TLSECName directive.
Valid curve names can be obtaines by openssl ecparam -list_curves

Advised usage for a forward-secrecy only setup wiht only ECDH:
TLSECName      prime256v1

If backward compatibility with older clients is required:
TLSECName      prime256v1

Backward compatible flavor with more forward secrecy, at
the expense of using costly DH. dh2048.pem is obtained using openssl
dhparam 2048 > /etc/openssl/certs/dh2048.pem
TLSDHParamFile /etc/openssl/certs/dh2048.pem
TLSECName      prime256v1
   2015-08-25 00:35:50 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
OpenLDAP 2.4.42 Release (2015/08/14)
	Fixed liblber address length for CLDAP (ITS 8158)
	Fixed libldap dnssrv potential overflow with port number (ITS 7027,ITS 8195)
	Fixed slapd cn=config when updating olcAttributeTypes (ITS 8199)
	Fixed slapd-mdb to correctly update search candidates for scoped searches (ITS 8203)
	Fixed slapo-ppolicy with redundant mod ops on glued trees (ITS 8184)
	Fixed slapo-rwm crash when deleting rewrite rules (ITS 8213)
	Build Environment
		Fixed libdb detection with gcc 5.x (ITS 8056)
   2015-08-10 14:47:51 by Emmanuel Dreyfus | Files touched by this commit (3)
Log message:
Use OpenSSL libcrypto instead of libdes on NetBSD

All recent NetBSD releases now have an OpenSSL recent enough so
that the DES symbols required by slapo-smbk5pwd can be found in
OpenSSL's libcrypto. We therefore do not need to link with -ldes
anymore, especialy since it now causes a build failure.
   2015-07-17 16:49:06 by Adam Ciarcinski | Files touched by this commit (8) | Package updated
Log message:
OpenLDAP 2.4.41 Release (2015/06/21)
	Fixed ldapsearch to explicitly flush its buffer (ITS-8118)
	Fixed libldap async connections (ITS-8090)
	Fixed libldap double free of request during abandon (ITS-7967)
	Fixed libldap error string for LDAP_X_CONNECTING (ITS-8093)
	Fixed libldap segfault in ldap_sync_initialize (ITS-8001)
	Fixed libldap ldif-wrap off by one error (ITS-8003)
	Fixed libldap handling of TLS in async mode (ITS-8022)
	Fixed libldap null pointer dereference (ITS-8028)
	Fixed libldap mutex handling with LDAP_OPT_SESSION_REFCNT (ITS-8050)
	Fixed slapd slapadd config db import of minimal frontend entry (ITS-8150)
	Fixed slapd slapadd onetime leak with -w (ITS-8014)
	Fixed slapd sasl auxprop crash with invalid config (ITS-8092)
	Fixed slapd syncrepl delta-mmr issue with overlays and slapd.conf (ITS-7976)
	Fixed slapd syncrepl mutex for cookie state (ITS-7968)
	Fixed slapd syncrepl memory leaks (ITS-8035)
	Fixed slapd syncrepl to free presentlist at end of refresh mode (ITS-8038)
	Fixed slapd syncrepl to streamline presentlist (ITS-8042)
	Fixed slapd syncrepl concurrency when CHECK_CSN is enabled (ITS-8120)
	Fixed slapd rootdn checks for hidden backends (ITS-8108)
	Fixed slapd segfault when using matched values control (ITS-8046)
	Fixed slapd-ldap reconnection behavior on remote failure (ITS-8142)
	Fixed slapd-mdb minor case typo (ITS-8049)
	Fixed slapd-mdb one-level search (ITS-7975)
	Fixed slapd-mdb heap corruption (ITS-7965)
	Fixed slapd-mdb crash after deleting in-use schema (ITS-7995)
	Fixed slapd-mdb minor code cleanup (ITS-8011)
	Fixed slapd-mdb to return errors when using incorrect env flags (ITS-8016)
	Fixed slapd-mdb to correctly update search candidates (ITS-8036, ITS-7904)
	Fixed slapd-mdb when there were more than 65535 aliases in scope (ITS-8103)
	Fixed slapd-mdb alias deref when objectClass is not indexed (ITS-8146)
	Fixed slapd-meta TLS initialization with ldaps URIs (ITS-8022)
	Fixed slapd-meta to have better error logging (ITS-8131)
	Fixed slapd-perl conversion to cn=config (ITS-8105)
	Fixed slapd-sql autocommit config variable (ITS-8129,ITS-6613)
	Fixed slapo-collect segfault (ITS-7797)
	Fixed slapo-constraint with 0 count constraint (ITS-7780,ITS-7781)
	Fixed slapo-deref with empty attribute list (ITS-8027)
	Fixed slapo-memberof to correctly reject invalid members (ITS-8107)
	Fixed slapo-sock result parser for CONTINUE (ITS-8048)
	Fixed slapo-syncprov synprov_matchops usage of test_filter (ITS-8013)
	Fixed slapo-syncprov segfault on disconnect/abandon (ITS-5452,ITS-8012)
	Fixed slapo-syncprov memory leak (ITS-8039)
	Fixed slapo-syncprov segfault on disconnect/abandon (ITS-8043)
	Fixed slapo-syncprov deadlock when autogroup is in use (ITS-8063)
	Fixed slapo-syncprov potential loss of changes when under load (ITS-8081)
	Fixed slapo-unique enforcement of uniqueness with manageDSAit control (ITS-8057)
	Build Environment
		Fixed libdb detection with gcc 5.x (ITS-8056)
		Fixed ftello reference for Win32 (ITS-8127)
		Enhanced contrib modules build paths (ITS-7782)
		Fixed contrib/autogroup internal operation identity (ITS-8006)
		Fixed contrib/autogroup to skip internal ops with accesslog (ITS-8065)
		Fixed contrib/passwd/sha2 compiler warning (ITS-8000)
		Fixed contrib/noopsrch compiler warning (ITS-7998)
		Fixed contrib/dupent compiler warnings (ITS-7997)
		Test suite: Added vrFilter test (ITS-8046)
		Added pbkdf2 sha256 and sha512 schemes (ITS-7977)
		Fixed autogroup modification callback responses (ITS-6970)
		Fixed nssov compare with usergroup (ITS-8079)
		Fixed nssov password change behavior (ITS-8080)
		Fixed nssov updated to 0.9.4 (ITS-8097)
		Added ldap_get_option(3) LDAP_FEATURE_INFO_VERSION information (ITS-8032)
		Added ldap_get_option(3) LDAP_OPT_API_INFO_VERSION information (ITS-8032)
		Fixed slapd-config(5), slapd.conf(5) tls_cipher_suite option (ITS-8099)
		Fixed slapd-meta(5), slapd-ldap(5) tls_cipher_suite option (ITS-8099)
		Fixed slapd-meta(5) fix minor typo (ITS-7769)
   2015-07-15 18:33:57 by Emmanuel Dreyfus | Files touched by this commit (3)
Log message:
Upstream fix for ignored TLSDHParamFile option

From 6f120920d359d3b880c5c56bde4c1b91c3bedb01 Mon Sep 17 00:00:00 2001
From: Ben Jencks <ben@bjencks.net>
Date: Sun, 27 Jan 2013 18:27:03 -0500
Subject: [PATCH] ITS#7506 tls_o.c: Fix Diffie-Hellman parameter usage.

If a DHParamFile or olcDHParamFile is specified, then it will be used,
otherwise a hardcoded 1024 bit parameter will be used. This allows the use of
larger parameters; previously only 512 or 1024 bit parameters would ever be

From cfeb28412c28ce9feeea6e6c055286f201bd0a34 Mon Sep 17 00:00:00 2001
From: Howard Chu <hyc@openldap.org>
Date: Sat, 7 Sep 2013 06:39:53 -0700
Subject: [PATCH] ITS#7506 fix prev commit

The patch unconditionally enabled DHparams, which is a significant
change of behavior. Reverting to previous behavior, which only enables
DH use if a DHparam file was configured.
   2014-10-01 10:32:32 by Adam Ciarcinski | Files touched by this commit (11)
Log message:
Changes 2.4.40:
Fixed libldap DNS SRV priority handling (ITS-7027)
Fixed libldap don't leak libldap err codes (ITS-7676)
Fixed libldap CR/LF handling (ITS-4635)
Fixed libldap ldif-wrap length (ITS-7871)
Fixed libldap GnuTLS ciphersuite parsing (ITS-7500)
Fixed libldap GnuTLS with newer versions (ITS-7430,ITS-6359)
Fixed libldif to correctly handle 4096 character lines (ITS-7859)
Fixed librewrite reference counting (ITS-7723)
Fixed slapacl with back-mdb reader transactions (ITS-7920)
Fixed slapd syncrepl to send cookie on fallback (ITS-7849)
Fixed slapd syncrepl SEGV when abandoning a connection (ITS-7928)
Fixed slapd slapcat with external schema (ITS-7895)
Fixed slapd schema RDN normalization (ITS-7935)
Fixed slapd with repeated language tags (ITS-7941)
Fixed slapd modrdn crash on naming attr with no matching rule (ITS-7850)
Fixed slapd memory leak in control handling (ITS-7942)
Fixed slapd-ldap removed dead code (ITS-7922)
Fixed slapd-mdb to work concurrently with slapadd (ITS-7798)
Fixed slapd-mdb with paged results (ITS-7705, ITS-7800)
Fixed slapd-mdb slapcat with nonexistent indices (ITS-7870)
Fixed slapd-mdb long lived reader transactions (ITS-7904)
Fixed slapd-mdb memory leak on matchedDN (ITS-7872)
Fixed slapd-mdb sorting of attribute values (ITS-7902)
Fixed slapd-mdb to flag attribute values as sorted (ITS-7903)
Fixed slapd-mdb index config handling (ITS-7912)
Fixed slapd-mdb entry release handling (ITS-7915)
Fixed slapd-mdb with aliases and referrals (ITS-7927)
Fixed slapd-mdb alias dereferencing (ITS-7702)
Fixed slapd-sock socket flushing (ITS-7937)
Fixed slapo-accesslog attribute normalization (ITS-7934)
Fixed slapo-accesslog internal search logging (ITS-7929)
Fixed slapo-auditlog connection destroy logic (ITS-7906,ITS-7923)
Fixed slapo-chain interaction with slapo-rwm (ITS-7930)
Fixed slapo-constraint connection destroy logic (ITS-7906,ITS-7923)
Fixed slapo-dds connection destroy logic (ITS-7906,ITS-7923)
Fixed slapo-dyngroup connection destroy logic (ITS-7906,ITS-7923)
Fixed slapo-memberof attr count (ITS-7893)
Fixed slapo-memberof frontendDB handling (ITS-7249)
Fixed slapo-memberof internal search logging (ITS-7929)
Fixed slapo-pcache config processing (ITS-7919)
Fixed slapo-pcache connection destroy logic (ITS-7906,ITS-7923)
Added slapo-ppolicy ORDERING rules (ITS-7838)
Fixed slapo-ppolicy timestamp resolution to use microseconds (ITS-7161)
Fixed slapo-ppolicy connection destroy logic (ITS-7906,ITS-7923)
Fixed slapo-refint to check for pauses in cn=config (ITS-7873)
Fixed slapo-refint internal search logging (ITS-7929)
Fixed slapo-refint connection destroy logic (ITS-7906,ITS-7923)
Fixed slapo-seqmod connection destroy logic (ITS-7906,ITS-7923)
Fixed slapo-slapover connection destroy logic (ITS-7906,ITS-7923)
Fixed slapo-sock db_init (ITS-7868)
Fixed slapo-sssvlv fix olcSssVlvMaxPerConn (ITS-7908)
Fixed slapo-translucent double free (ITS-7587)
Fixed slapo-translucent to work with manageDSAit (ITS-7864)
Fixed slapo-translucent to use local backend with local entries (ITS-7915)
Fixed slapo-unique connection destroy logic (ITS-7906,ITS-7923)
Fixed slapcacl with invalid suffix
   2014-07-18 13:31:25 by Ryo ONODERA | Files touched by this commit (3)
Log message:
Fix SCO OpenServer 5.0.7/3.2 build.