./databases/openldap, Lightweight Directory Access Protocol meta-package

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 2.4.42, Package name: openldap-2.4.42, Maintainer: adam

OpenLDAP is an open source implementation of the Lightweight Directory Access
Protocol. This package includes:

* slapd - stand-alone LDAP daemon (server)
* libraries implementing the LDAP protocol
* utilities, tools, and sample clients
* administration guide

Required to run:
[databases/openldap-client] [databases/openldap-server] [databases/openldap-doc]

Version history: (Expand)

CVS history: (Expand)

   2015-09-14 18:32:27 by Emmanuel Dreyfus | Files touched by this commit (4)
Log message:
Add support for ECDH, from upstream

After the recent logjam attack, longer DH parameter size have been advised.
Unfortunately, this comes with a high computational cost. ECDH is a good
alternative to acheive forward secrecy with lower CPU Loads.

This patch is a backport from upstream ECDH umplementation. ECDH is
enabled by speciying a curve name through the TLSECName directive.
Valid curve names can be obtaines by openssl ecparam -list_curves

Advised usage for a forward-secrecy only setup wiht only ECDH:
TLSECName      prime256v1

If backward compatibility with older clients is required:
TLSECName      prime256v1

Backward compatible flavor with more forward secrecy, at
the expense of using costly DH. dh2048.pem is obtained using openssl
dhparam 2048 > /etc/openssl/certs/dh2048.pem
TLSDHParamFile /etc/openssl/certs/dh2048.pem
TLSECName      prime256v1
   2015-08-25 00:35:50 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
OpenLDAP 2.4.42 Release (2015/08/14)
	Fixed liblber address length for CLDAP (ITS 8158)
	Fixed libldap dnssrv potential overflow with port number (ITS 7027,ITS 8195)
	Fixed slapd cn=config when updating olcAttributeTypes (ITS 8199)
	Fixed slapd-mdb to correctly update search candidates for scoped searches (ITS 8203)
	Fixed slapo-ppolicy with redundant mod ops on glued trees (ITS 8184)
	Fixed slapo-rwm crash when deleting rewrite rules (ITS 8213)
	Build Environment
		Fixed libdb detection with gcc 5.x (ITS 8056)
   2015-08-10 14:47:51 by Emmanuel Dreyfus | Files touched by this commit (3)
Log message:
Use OpenSSL libcrypto instead of libdes on NetBSD

All recent NetBSD releases now have an OpenSSL recent enough so
that the DES symbols required by slapo-smbk5pwd can be found in
OpenSSL's libcrypto. We therefore do not need to link with -ldes
anymore, especialy since it now causes a build failure.
   2015-07-17 16:49:06 by Adam Ciarcinski | Files touched by this commit (8) | Package updated
Log message:
OpenLDAP 2.4.41 Release (2015/06/21)
	Fixed ldapsearch to explicitly flush its buffer (ITS-8118)
	Fixed libldap async connections (ITS-8090)
	Fixed libldap double free of request during abandon (ITS-7967)
	Fixed libldap error string for LDAP_X_CONNECTING (ITS-8093)
	Fixed libldap segfault in ldap_sync_initialize (ITS-8001)
	Fixed libldap ldif-wrap off by one error (ITS-8003)
	Fixed libldap handling of TLS in async mode (ITS-8022)
	Fixed libldap null pointer dereference (ITS-8028)
	Fixed libldap mutex handling with LDAP_OPT_SESSION_REFCNT (ITS-8050)
	Fixed slapd slapadd config db import of minimal frontend entry (ITS-8150)
	Fixed slapd slapadd onetime leak with -w (ITS-8014)
	Fixed slapd sasl auxprop crash with invalid config (ITS-8092)
	Fixed slapd syncrepl delta-mmr issue with overlays and slapd.conf (ITS-7976)
	Fixed slapd syncrepl mutex for cookie state (ITS-7968)
	Fixed slapd syncrepl memory leaks (ITS-8035)
	Fixed slapd syncrepl to free presentlist at end of refresh mode (ITS-8038)
	Fixed slapd syncrepl to streamline presentlist (ITS-8042)
	Fixed slapd syncrepl concurrency when CHECK_CSN is enabled (ITS-8120)
	Fixed slapd rootdn checks for hidden backends (ITS-8108)
	Fixed slapd segfault when using matched values control (ITS-8046)
	Fixed slapd-ldap reconnection behavior on remote failure (ITS-8142)
	Fixed slapd-mdb minor case typo (ITS-8049)
	Fixed slapd-mdb one-level search (ITS-7975)
	Fixed slapd-mdb heap corruption (ITS-7965)
	Fixed slapd-mdb crash after deleting in-use schema (ITS-7995)
	Fixed slapd-mdb minor code cleanup (ITS-8011)
	Fixed slapd-mdb to return errors when using incorrect env flags (ITS-8016)
	Fixed slapd-mdb to correctly update search candidates (ITS-8036, ITS-7904)
	Fixed slapd-mdb when there were more than 65535 aliases in scope (ITS-8103)
	Fixed slapd-mdb alias deref when objectClass is not indexed (ITS-8146)
	Fixed slapd-meta TLS initialization with ldaps URIs (ITS-8022)
	Fixed slapd-meta to have better error logging (ITS-8131)
	Fixed slapd-perl conversion to cn=config (ITS-8105)
	Fixed slapd-sql autocommit config variable (ITS-8129,ITS-6613)
	Fixed slapo-collect segfault (ITS-7797)
	Fixed slapo-constraint with 0 count constraint (ITS-7780,ITS-7781)
	Fixed slapo-deref with empty attribute list (ITS-8027)
	Fixed slapo-memberof to correctly reject invalid members (ITS-8107)
	Fixed slapo-sock result parser for CONTINUE (ITS-8048)
	Fixed slapo-syncprov synprov_matchops usage of test_filter (ITS-8013)
	Fixed slapo-syncprov segfault on disconnect/abandon (ITS-5452,ITS-8012)
	Fixed slapo-syncprov memory leak (ITS-8039)
	Fixed slapo-syncprov segfault on disconnect/abandon (ITS-8043)
	Fixed slapo-syncprov deadlock when autogroup is in use (ITS-8063)
	Fixed slapo-syncprov potential loss of changes when under load (ITS-8081)
	Fixed slapo-unique enforcement of uniqueness with manageDSAit control (ITS-8057)
	Build Environment
		Fixed libdb detection with gcc 5.x (ITS-8056)
		Fixed ftello reference for Win32 (ITS-8127)
		Enhanced contrib modules build paths (ITS-7782)
		Fixed contrib/autogroup internal operation identity (ITS-8006)
		Fixed contrib/autogroup to skip internal ops with accesslog (ITS-8065)
		Fixed contrib/passwd/sha2 compiler warning (ITS-8000)
		Fixed contrib/noopsrch compiler warning (ITS-7998)
		Fixed contrib/dupent compiler warnings (ITS-7997)
		Test suite: Added vrFilter test (ITS-8046)
		Added pbkdf2 sha256 and sha512 schemes (ITS-7977)
		Fixed autogroup modification callback responses (ITS-6970)
		Fixed nssov compare with usergroup (ITS-8079)
		Fixed nssov password change behavior (ITS-8080)
		Fixed nssov updated to 0.9.4 (ITS-8097)
		Added ldap_get_option(3) LDAP_FEATURE_INFO_VERSION information (ITS-8032)
		Added ldap_get_option(3) LDAP_OPT_API_INFO_VERSION information (ITS-8032)
		Fixed slapd-config(5), slapd.conf(5) tls_cipher_suite option (ITS-8099)
		Fixed slapd-meta(5), slapd-ldap(5) tls_cipher_suite option (ITS-8099)
		Fixed slapd-meta(5) fix minor typo (ITS-7769)
   2015-07-15 18:33:57 by Emmanuel Dreyfus | Files touched by this commit (3)
Log message:
Upstream fix for ignored TLSDHParamFile option

From 6f120920d359d3b880c5c56bde4c1b91c3bedb01 Mon Sep 17 00:00:00 2001
From: Ben Jencks <ben@bjencks.net>
Date: Sun, 27 Jan 2013 18:27:03 -0500
Subject: [PATCH] ITS#7506 tls_o.c: Fix Diffie-Hellman parameter usage.

If a DHParamFile or olcDHParamFile is specified, then it will be used,
otherwise a hardcoded 1024 bit parameter will be used. This allows the use of
larger parameters; previously only 512 or 1024 bit parameters would ever be

From cfeb28412c28ce9feeea6e6c055286f201bd0a34 Mon Sep 17 00:00:00 2001
From: Howard Chu <hyc@openldap.org>
Date: Sat, 7 Sep 2013 06:39:53 -0700
Subject: [PATCH] ITS#7506 fix prev commit

The patch unconditionally enabled DHparams, which is a significant
change of behavior. Reverting to previous behavior, which only enables
DH use if a DHparam file was configured.
   2014-10-01 10:32:32 by Adam Ciarcinski | Files touched by this commit (11)
Log message:
Changes 2.4.40:
Fixed libldap DNS SRV priority handling (ITS-7027)
Fixed libldap don't leak libldap err codes (ITS-7676)
Fixed libldap CR/LF handling (ITS-4635)
Fixed libldap ldif-wrap length (ITS-7871)
Fixed libldap GnuTLS ciphersuite parsing (ITS-7500)
Fixed libldap GnuTLS with newer versions (ITS-7430,ITS-6359)
Fixed libldif to correctly handle 4096 character lines (ITS-7859)
Fixed librewrite reference counting (ITS-7723)
Fixed slapacl with back-mdb reader transactions (ITS-7920)
Fixed slapd syncrepl to send cookie on fallback (ITS-7849)
Fixed slapd syncrepl SEGV when abandoning a connection (ITS-7928)
Fixed slapd slapcat with external schema (ITS-7895)
Fixed slapd schema RDN normalization (ITS-7935)
Fixed slapd with repeated language tags (ITS-7941)
Fixed slapd modrdn crash on naming attr with no matching rule (ITS-7850)
Fixed slapd memory leak in control handling (ITS-7942)
Fixed slapd-ldap removed dead code (ITS-7922)
Fixed slapd-mdb to work concurrently with slapadd (ITS-7798)
Fixed slapd-mdb with paged results (ITS-7705, ITS-7800)
Fixed slapd-mdb slapcat with nonexistent indices (ITS-7870)
Fixed slapd-mdb long lived reader transactions (ITS-7904)
Fixed slapd-mdb memory leak on matchedDN (ITS-7872)
Fixed slapd-mdb sorting of attribute values (ITS-7902)
Fixed slapd-mdb to flag attribute values as sorted (ITS-7903)
Fixed slapd-mdb index config handling (ITS-7912)
Fixed slapd-mdb entry release handling (ITS-7915)
Fixed slapd-mdb with aliases and referrals (ITS-7927)
Fixed slapd-mdb alias dereferencing (ITS-7702)
Fixed slapd-sock socket flushing (ITS-7937)
Fixed slapo-accesslog attribute normalization (ITS-7934)
Fixed slapo-accesslog internal search logging (ITS-7929)
Fixed slapo-auditlog connection destroy logic (ITS-7906,ITS-7923)
Fixed slapo-chain interaction with slapo-rwm (ITS-7930)
Fixed slapo-constraint connection destroy logic (ITS-7906,ITS-7923)
Fixed slapo-dds connection destroy logic (ITS-7906,ITS-7923)
Fixed slapo-dyngroup connection destroy logic (ITS-7906,ITS-7923)
Fixed slapo-memberof attr count (ITS-7893)
Fixed slapo-memberof frontendDB handling (ITS-7249)
Fixed slapo-memberof internal search logging (ITS-7929)
Fixed slapo-pcache config processing (ITS-7919)
Fixed slapo-pcache connection destroy logic (ITS-7906,ITS-7923)
Added slapo-ppolicy ORDERING rules (ITS-7838)
Fixed slapo-ppolicy timestamp resolution to use microseconds (ITS-7161)
Fixed slapo-ppolicy connection destroy logic (ITS-7906,ITS-7923)
Fixed slapo-refint to check for pauses in cn=config (ITS-7873)
Fixed slapo-refint internal search logging (ITS-7929)
Fixed slapo-refint connection destroy logic (ITS-7906,ITS-7923)
Fixed slapo-seqmod connection destroy logic (ITS-7906,ITS-7923)
Fixed slapo-slapover connection destroy logic (ITS-7906,ITS-7923)
Fixed slapo-sock db_init (ITS-7868)
Fixed slapo-sssvlv fix olcSssVlvMaxPerConn (ITS-7908)
Fixed slapo-translucent double free (ITS-7587)
Fixed slapo-translucent to work with manageDSAit (ITS-7864)
Fixed slapo-translucent to use local backend with local entries (ITS-7915)
Fixed slapo-unique connection destroy logic (ITS-7906,ITS-7923)
Fixed slapcacl with invalid suffix
   2014-07-18 13:31:25 by Ryo ONODERA | Files touched by this commit (3)
Log message:
Fix SCO OpenServer 5.0.7/3.2 build.
   2014-05-09 10:12:00 by Matthias Scheler | Files touched by this commit (3)
Log message:
Add patch from OpenLDAP GIT repository to fix CVE-2013-4449 (SA55238).