./databases/openldap, Lightweight Directory Access Protocol meta-package

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 2.4.44, Package name: openldap-2.4.44, Maintainer: adam

OpenLDAP is an open source implementation of the Lightweight Directory Access
Protocol. This package includes:

* slapd - stand-alone LDAP daemon (server)
* libraries implementing the LDAP protocol
* utilities, tools, and sample clients
* administration guide


Required to run:
[databases/openldap-client] [databases/openldap-server] [databases/openldap-doc]

Version history: (Expand)


CVS history: (Expand)


   2016-02-07 09:43:00 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
OpenLDAP 2.4.44 Release (2016/02/05)
Fixed slapd-bdb/hdb missing olcDbChecksum config attr (ITS-8337)
Fixed slapd-mdb behavior with long lived read transactions (ITS-8226)
Fixed slapd-mdb cleanup after failed transaction (ITS-8360)
Fixed slapd-sql missing id_query/olcSqlIdQuery (ITS-8329)
Fixed slapo-accesslog callback initialization (ITS-8351)
Fixed slapo-ppolicy pwdMaxRecordedFailure must never be zero (ITS-8327)
Fixed slapo-syncprov abandon processing (ITS-8354)
Fixed slapo-syncprov ctxcsn snapshot on refresh (ITS-8281, ITS-8365)
Documentation
	admin24 Stop linking to Berkeley DB downloads (ITS-8362)
	admin24 Update documentation for LMDB preference
   2015-12-02 18:04:57 by Adam Ciarcinski | Files touched by this commit (5) | Package updated
Log message:
OpenLDAP 2.4.43 Release (2015/11/30)
	Fixed liblber remove obsolete assert (ITS-8240, ITS-8301)
	Fixed libldap file URLs on windows (ITS-8273)
	Fixed libldap microsecond timer for windows (ITS-8295)
	Fixed slap tools minor one time memory leak (ITS-8082)
	Fixed slapd to avoid redundant processing of abandon ops (ITS-8232)
	Fixed slapd syncrepl segv when present list is NULL (ITS-8231, ITS-8042)
	Fixed slapd segfault with invalid SASL URI (ITS-8218)
	Fixed slapd configuration parser with unbalanced quotes (ITS-8233)
	Fixed slapd syncrepl check with config db on windows (ITS-8277)
	Fixed slapd with mod Increment and inherited attribute type (ITS-8289)
	Fixed slapd-ldap SEGV after failed retry (ITS-8173)
	Fixed slapd-ldap to skip client controls in ldap_back_entry_get (ITS-8244)
	Fixed slapd-null to have an option to return a search entry (ITS-8249)
	Fixed slapd-relay to correctly handle quoted options (ITS-8284)
	Fixed slapo-accesslog delta-sync MMR with interrupted refresh phase (ITS-8281)
	Fixed slapo-dds segfault when using slapo-memberof (ITS-8133)
	Fixed slapo-ppolicy to allow purging of stale pwdFailureTime attributes (ITS-8185)
	Fixed slapo-ppolicy to release entry on failure (ITS-7537)
	Fixed slapo-ppolicy to fall back to default policy if there is a parsing error \ 
(ITS-8234)
	Fixed slapo-syncprov with interrupted refresh phase (ITS-8281)
	Fixed slapo-refint with subtree renames (ITS-8220)
	Fixed slapo-rwm missing olcDropUnrequested attribute (ITS-7889)
	Fixed slapo-rwm parsing to avoid double-escaping rewrite rules (ITS-7964)
	Build Environment
		Fixed ldif-filter option parsing (ITS-8292)
		Fixed slapd-tester EOL handling in test output for windows (ITS-8280)
		Fixed slapd-tester executable suffix for windows (ITS-8216)
		Fixed test061 timing issues (ITS-8297)
	Contrib
		Added libnettle support to pw-pbkdf2 (ITS-8198)
		Fixed smbk5pwd compiler warnings with libnettle (ITS-8235)
		Fixed passwd symbol collisions with other crypto libraries (ITS-8294)
	Documentation
		Updated guide to reflect changes to how TLS is handled with syncrepl
   2015-11-03 02:56:36 by Alistair G. Crooks | Files touched by this commit (368)
Log message:
Add SHA512 digests for distfiles for databases category

Problems found with existing distfiles:
	distfiles/D6.data.ros.gz
	distfiles/cstore0.2.tar.gz
	distfiles/data4.tar.gz
	distfiles/sphinx-2.2.7-release.tar.gz
No changes made to the cstore or mariadb55-client distinfo files.

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.
   2015-09-14 18:32:27 by Emmanuel Dreyfus | Files touched by this commit (4)
Log message:
Add support for ECDH, from upstream

After the recent logjam attack, longer DH parameter size have been advised.
Unfortunately, this comes with a high computational cost. ECDH is a good
alternative to acheive forward secrecy with lower CPU Loads.

This patch is a backport from upstream ECDH umplementation. ECDH is
enabled by speciying a curve name through the TLSECName directive.
Valid curve names can be obtaines by openssl ecparam -list_curves

Advised usage for a forward-secrecy only setup wiht only ECDH:
TLSCipherSuite EECDH:!RC4:!SHA:!MD5:!DES:!aNULL:!eNULL
TLSECName      prime256v1

If backward compatibility with older clients is required:
TLSCipherSuite EECDH:HIGH:!RC4:!SHA:!MD5:!DES:!aNULL:!eNULL
TLSECName      prime256v1

Backward compatible flavor with more forward secrecy, at
the expense of using costly DH. dh2048.pem is obtained using openssl
dhparam 2048 > /etc/openssl/certs/dh2048.pem
TLSCipherSuite EECDH:EDH:HIGH:!RC4:!SHA:!MD5:!DES:!aNULL:!eNULL
TLSDHParamFile /etc/openssl/certs/dh2048.pem
TLSECName      prime256v1
   2015-08-25 00:35:50 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
OpenLDAP 2.4.42 Release (2015/08/14)
	Fixed liblber address length for CLDAP (ITS 8158)
	Fixed libldap dnssrv potential overflow with port number (ITS 7027,ITS 8195)
	Fixed slapd cn=config when updating olcAttributeTypes (ITS 8199)
	Fixed slapd-mdb to correctly update search candidates for scoped searches (ITS 8203)
	Fixed slapo-ppolicy with redundant mod ops on glued trees (ITS 8184)
	Fixed slapo-rwm crash when deleting rewrite rules (ITS 8213)
	Build Environment
		Fixed libdb detection with gcc 5.x (ITS 8056)
   2015-08-10 14:47:51 by Emmanuel Dreyfus | Files touched by this commit (3)
Log message:
Use OpenSSL libcrypto instead of libdes on NetBSD

All recent NetBSD releases now have an OpenSSL recent enough so
that the DES symbols required by slapo-smbk5pwd can be found in
OpenSSL's libcrypto. We therefore do not need to link with -ldes
anymore, especialy since it now causes a build failure.
   2015-07-17 16:49:06 by Adam Ciarcinski | Files touched by this commit (8) | Package updated
Log message:
OpenLDAP 2.4.41 Release (2015/06/21)
	Fixed ldapsearch to explicitly flush its buffer (ITS-8118)
	Fixed libldap async connections (ITS-8090)
	Fixed libldap double free of request during abandon (ITS-7967)
	Fixed libldap error string for LDAP_X_CONNECTING (ITS-8093)
	Fixed libldap segfault in ldap_sync_initialize (ITS-8001)
	Fixed libldap ldif-wrap off by one error (ITS-8003)
	Fixed libldap handling of TLS in async mode (ITS-8022)
	Fixed libldap null pointer dereference (ITS-8028)
	Fixed libldap mutex handling with LDAP_OPT_SESSION_REFCNT (ITS-8050)
	Fixed slapd slapadd config db import of minimal frontend entry (ITS-8150)
	Fixed slapd slapadd onetime leak with -w (ITS-8014)
	Fixed slapd sasl auxprop crash with invalid config (ITS-8092)
	Fixed slapd syncrepl delta-mmr issue with overlays and slapd.conf (ITS-7976)
	Fixed slapd syncrepl mutex for cookie state (ITS-7968)
	Fixed slapd syncrepl memory leaks (ITS-8035)
	Fixed slapd syncrepl to free presentlist at end of refresh mode (ITS-8038)
	Fixed slapd syncrepl to streamline presentlist (ITS-8042)
	Fixed slapd syncrepl concurrency when CHECK_CSN is enabled (ITS-8120)
	Fixed slapd rootdn checks for hidden backends (ITS-8108)
	Fixed slapd segfault when using matched values control (ITS-8046)
	Fixed slapd-ldap reconnection behavior on remote failure (ITS-8142)
	Fixed slapd-mdb minor case typo (ITS-8049)
	Fixed slapd-mdb one-level search (ITS-7975)
	Fixed slapd-mdb heap corruption (ITS-7965)
	Fixed slapd-mdb crash after deleting in-use schema (ITS-7995)
	Fixed slapd-mdb minor code cleanup (ITS-8011)
	Fixed slapd-mdb to return errors when using incorrect env flags (ITS-8016)
	Fixed slapd-mdb to correctly update search candidates (ITS-8036, ITS-7904)
	Fixed slapd-mdb when there were more than 65535 aliases in scope (ITS-8103)
	Fixed slapd-mdb alias deref when objectClass is not indexed (ITS-8146)
	Fixed slapd-meta TLS initialization with ldaps URIs (ITS-8022)
	Fixed slapd-meta to have better error logging (ITS-8131)
	Fixed slapd-perl conversion to cn=config (ITS-8105)
	Fixed slapd-sql autocommit config variable (ITS-8129,ITS-6613)
	Fixed slapo-collect segfault (ITS-7797)
	Fixed slapo-constraint with 0 count constraint (ITS-7780,ITS-7781)
	Fixed slapo-deref with empty attribute list (ITS-8027)
	Fixed slapo-memberof to correctly reject invalid members (ITS-8107)
	Fixed slapo-sock result parser for CONTINUE (ITS-8048)
	Fixed slapo-syncprov synprov_matchops usage of test_filter (ITS-8013)
	Fixed slapo-syncprov segfault on disconnect/abandon (ITS-5452,ITS-8012)
	Fixed slapo-syncprov memory leak (ITS-8039)
	Fixed slapo-syncprov segfault on disconnect/abandon (ITS-8043)
	Fixed slapo-syncprov deadlock when autogroup is in use (ITS-8063)
	Fixed slapo-syncprov potential loss of changes when under load (ITS-8081)
	Fixed slapo-unique enforcement of uniqueness with manageDSAit control (ITS-8057)
	Build Environment
		Fixed libdb detection with gcc 5.x (ITS-8056)
		Fixed ftello reference for Win32 (ITS-8127)
		Enhanced contrib modules build paths (ITS-7782)
		Fixed contrib/autogroup internal operation identity (ITS-8006)
		Fixed contrib/autogroup to skip internal ops with accesslog (ITS-8065)
		Fixed contrib/passwd/sha2 compiler warning (ITS-8000)
		Fixed contrib/noopsrch compiler warning (ITS-7998)
		Fixed contrib/dupent compiler warnings (ITS-7997)
		Test suite: Added vrFilter test (ITS-8046)
	Contrib
		Added pbkdf2 sha256 and sha512 schemes (ITS-7977)
		Fixed autogroup modification callback responses (ITS-6970)
		Fixed nssov compare with usergroup (ITS-8079)
		Fixed nssov password change behavior (ITS-8080)
		Fixed nssov updated to 0.9.4 (ITS-8097)
	Documentation
		Added ldap_get_option(3) LDAP_FEATURE_INFO_VERSION information (ITS-8032)
		Added ldap_get_option(3) LDAP_OPT_API_INFO_VERSION information (ITS-8032)
		Fixed slapd-config(5), slapd.conf(5) tls_cipher_suite option (ITS-8099)
		Fixed slapd-meta(5), slapd-ldap(5) tls_cipher_suite option (ITS-8099)
		Fixed slapd-meta(5) fix minor typo (ITS-7769)
   2015-07-15 18:33:57 by Emmanuel Dreyfus | Files touched by this commit (3)
Log message:
Upstream fix for ignored TLSDHParamFile option

From 6f120920d359d3b880c5c56bde4c1b91c3bedb01 Mon Sep 17 00:00:00 2001
From: Ben Jencks <ben@bjencks.net>
Date: Sun, 27 Jan 2013 18:27:03 -0500
Subject: [PATCH] ITS#7506 tls_o.c: Fix Diffie-Hellman parameter usage.

If a DHParamFile or olcDHParamFile is specified, then it will be used,
otherwise a hardcoded 1024 bit parameter will be used. This allows the use of
larger parameters; previously only 512 or 1024 bit parameters would ever be
used.

From cfeb28412c28ce9feeea6e6c055286f201bd0a34 Mon Sep 17 00:00:00 2001
From: Howard Chu <hyc@openldap.org>
Date: Sat, 7 Sep 2013 06:39:53 -0700
Subject: [PATCH] ITS#7506 fix prev commit

The patch unconditionally enabled DHparams, which is a significant
change of behavior. Reverting to previous behavior, which only enables
DH use if a DHparam file was configured.