./databases/openldap-client, Lightweight Directory Access Protocol libraries and client programs

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 2.4.46, Package name: openldap-client-2.4.46, Maintainer: adam

OpenLDAP is an open source implementation of the Lightweight Directory Access
Protocol. This package includes:

* libraries implementing the LDAP protocol
* utilities, tools, and sample clients


Required to build:
[pkgtools/cwrappers]

Package options: inet6

Master sites: (Expand)

SHA1: a9ae2273eb9bdd70090dafe0d018a3132606bef6
RMD160: d7038355b1c13a0b2d5104a0c75735b63e9c4148
Filesize: 5566.605 KB

Version history: (Expand)


CVS history: (Expand)


   2018-04-02 15:40:45 by Adam Ciarcinski | Files touched by this commit (5) | Package updated
Log message:
openldap: updated to 2.4.46

OpenLDAP 2.4.46 Release (2018/03/22)
	Fixed libldap connection delete callbacks when TLS fails to start
	Fixed libldap to not reuse tls_session if TLS hostname check fails
	Fixed libldap cross-compiling with OpenSSL 1.1
	Fixed libldap OpenSSL 1.1.1 compatibility with BIO_method
	Fixed libldap MozNSS CA certificate hash matching
	Fixed libldap MozNSS with PEM certs when also using an NSS cert db
	Fixed libldap MozNSS initialization
	Fixed libldap GnuTLS with GNUTLS_E_AGAIN
	Fixed libldap memory leak with cancel operations
	Fixed slapd Eventlog registry key creation on 64-bit Windows
	Fixed slapd to maintain SSF across SASL binds
	Fixed slapd syncrepl deadlock when updating cookie
	Fixed slapd syncrepl callback to always be last in the stack
	Fixed slapd telephoneNumberNormalize when the value is spaces and hyphens
	Fixed slapd CSN queue processing
	Fixed slapd-ldap TLS connection timeout with high latency connections
	Fixed slapd-ldap to ignore unknown schema when omit-unknown-schema is set
	Fixed slapd-mdb with an optimization for long lived read transactions
	Fixed slapd-meta assert when olcDbRewrite is modified
	Fixed slapd-sock with LDAP_MOD_INCREMENT operations
	Fixed slapo-accesslog cleanup to only occur on failed operations
	Fixed slapo-dds entryTTL to actually decrease as per RFC 2589
	Fixed slapo-syncprov memory leak with delete operations
	Fixed slapo-syncprov to not clear pending operation when checkpointing
	Fixed slapo-syncprov to correctly record contextCSN values in the accesslog
	Fixed slapo-syncprov not to log checkpoints to accesslog db
	Fixed slapo-syncprov to process changes from this SID on REFRESH
	Fixed slapo-syncprov session log parsing to not block other operations
	Build Environment
		Fixed Windows build with newer MINGW version
		Fixed compiler warnings and removed unused variables
	Contrib
		Fixed ldapc++ Control structure
	Documentation
		Delete stub manpage for back-ldbm
		Fixed ldap_bind(3) to mention the LDAP_SASL_SIMPLE mechanism
		Fixed ldap.conf(5) to note SASL_MECH/SASL_REALM are no longer user-only
		Fixed slapd-config(5) typo for olcTLSCipherSuite
		Fixed slapo-syncprov(5) indexing requirements
   2018-01-07 14:04:44 by Roland Illig | Files touched by this commit (583)
Log message:
Fix indentation in buildlink3.mk files.

The actual fix as been done by "pkglint -F */*/buildlink3.mk", and was
reviewed manually.

There are some .include lines that still are indented with zero spaces
although the surrounding .if is indented. This is existing practice.
   2017-06-02 10:29:57 by Adam Ciarcinski | Files touched by this commit (14) | Package updated
Log message:
OpenLDAP 2.4.45 Release (2017/06/01)
	Added slapd support for OpenSSL 1.1.0 series (ITS-8353, ITS-8533, ITS-8634)
	Fixed libldap to fail ldap_result if the handle is already bad (ITS-8585)
	Fixed libldap to expose error if user specified CA doesn't exist (ITS-8529)
	Fixed libldap handling of Diffie-Hellman parameters (ITS-7506)
	Fixed libldap GnuTLS use after free (ITS-8385)
	Fixed libldap SASL initialization (ITS-8648)
	Fixed slapd bconfig rDN escape handling (ITS-8574)
	Fixed slapd segfault with invalid hostname (ITS-8631)
	Fixed slapd sasl SEGV rebind in same session (ITS-8568)
	Fixed slapd syncrepl filter handling (ITS-8413)
	Fixed slapd syncrepl infinite looping mods with delta-sync MMR (ITS-8432)
	Fixed slapd callback struct so older modules without writewait should function.
                    Custom modules may need to be updated for sc_writewait \ 
callback (ITS-8435)
	Fixed slapd-ldap/meta broken LDAP_TAILQ macro (ITS-8576)
	Fixed slapd-mdb so it passes ITS6794 regression test (ITS-6794)
	Fixed slapd-mdb double free with size zero paged result (ITS-8655)
	Fixed slapd-meta uninitialized diagnostic message (ITS-8442)
	Fixed slapo-accesslog to honor pauses during purge for cn=config update (ITS-8423)
	Fixed slapo-accesslog with multiple modifications to the same attribute (ITS-6545)
	Fixed slapo-relay to correctly initialize sc_writewait (ITS-8428)
	Fixed slapo-sssvlv double free (ITS-8592)
	Fixed slapo-unique with empty modifications (ITS-8266)
	Build Environment
		Added test065 for proxyauthz (ITS-8571)
		Fix test008 to be portable (ITS-8414)
		Fix test064 to wait for slapd to start (ITS-8644)
		Fix its4336 regression test (ITS-8534)
		Fix its4337 regression test (ITS-8535)
		Fix regression tests to execute on all backends (ITS-8539)
	Contrib
		Added slapo-autogroup(5) man page (ITS-8569)
		Added passwd missing conversion scripts for apr1 (ITS-6826)
		Fixed contrib modules where the writewait callback was not correctly \ 
initialized (ITS-8435)
		Fixed smbk5pwd to build with newer OpenSSL releases (ITS-8525)
	Documentation
		admin24 fixed tls_cipher_suite bindconf option (ITS-8099)
		admin24 fixed typo cn=config to be slapd.d (ITS-8449)
		admin24 fixed slapo-syncprov information to be curent (ITS-8253)
		admin24 fixed typo in access control docs (ITS-7341, ITS-8391)
		admin24 fixed minor typo in tuning guide (ITS-8499)
		admin24 fixed information about the limits option (ITS-7700)
		admin24 fixed missing options for syncrepl configuration (ITS-7700)
		admin24 fixed accesslog documentation to note it should not be replicated \ 
(ITS-8344)
		Fixed ldap.conf(5) missing information on SASL_NOCANON option (ITS-7177)
		Fixed ldapsearch(1) information on the V[V] flag behavior (ITS-7177, ITS-6339)
		Fixed slapd-config(5), slapd.conf(5) clarification on interval keyword for \ 
refreshAndPersist (ITS-8538)
		Fixed slapd-config(5), slapd.conf(5) clarify serverID requirements (ITS-8635)
		Fixed slapd-config(5), slapd.conf(5) clarification on loglevel settings (ITS-8123)
		Fixed slapo-ppolicy(5) to clearly note rootdn requirement (ITS-8565)
		Fixed slapo-memberof(5) to note it is not safe to use with replication (ITS-8613)
		Fixed slapo-syncprov(5) documentation to be current (ITS-8253)
		Fixed slapadd(8) manpage to note slapd-mdb (ITS-8215)
		Fixed various minor grammar issues in the man pages (ITS-8544)
		Fixed various typos (ITS-8587)
   2016-12-13 11:38:06 by Havard Eidnes | Files touched by this commit (5) | Package updated
Log message:
Apply fix from https://bugzilla.redhat.com/show_bug.cgi?id=1238322
Incorrect multi-keyword mode cipherstring parsing.
Fixes CVE-2015-3276.
Submitted upstream as ITS#8543, it apparently wasn't already(!)
http://www.openldap.org/its/index.cgi/Incoming?id=8543

Bump PKGREVISION for both openldap, openldap-server and openldap-client
(to be on the safe side...)
   2016-03-05 12:29:49 by Jonathan Perkin | Files touched by this commit (1813) | Package updated
Log message:
Bump PKGREVISION for security/openssl ABI bump.
   2015-12-02 18:04:57 by Adam Ciarcinski | Files touched by this commit (5) | Package updated
Log message:
OpenLDAP 2.4.43 Release (2015/11/30)
	Fixed liblber remove obsolete assert (ITS-8240, ITS-8301)
	Fixed libldap file URLs on windows (ITS-8273)
	Fixed libldap microsecond timer for windows (ITS-8295)
	Fixed slap tools minor one time memory leak (ITS-8082)
	Fixed slapd to avoid redundant processing of abandon ops (ITS-8232)
	Fixed slapd syncrepl segv when present list is NULL (ITS-8231, ITS-8042)
	Fixed slapd segfault with invalid SASL URI (ITS-8218)
	Fixed slapd configuration parser with unbalanced quotes (ITS-8233)
	Fixed slapd syncrepl check with config db on windows (ITS-8277)
	Fixed slapd with mod Increment and inherited attribute type (ITS-8289)
	Fixed slapd-ldap SEGV after failed retry (ITS-8173)
	Fixed slapd-ldap to skip client controls in ldap_back_entry_get (ITS-8244)
	Fixed slapd-null to have an option to return a search entry (ITS-8249)
	Fixed slapd-relay to correctly handle quoted options (ITS-8284)
	Fixed slapo-accesslog delta-sync MMR with interrupted refresh phase (ITS-8281)
	Fixed slapo-dds segfault when using slapo-memberof (ITS-8133)
	Fixed slapo-ppolicy to allow purging of stale pwdFailureTime attributes (ITS-8185)
	Fixed slapo-ppolicy to release entry on failure (ITS-7537)
	Fixed slapo-ppolicy to fall back to default policy if there is a parsing error \ 
(ITS-8234)
	Fixed slapo-syncprov with interrupted refresh phase (ITS-8281)
	Fixed slapo-refint with subtree renames (ITS-8220)
	Fixed slapo-rwm missing olcDropUnrequested attribute (ITS-7889)
	Fixed slapo-rwm parsing to avoid double-escaping rewrite rules (ITS-7964)
	Build Environment
		Fixed ldif-filter option parsing (ITS-8292)
		Fixed slapd-tester EOL handling in test output for windows (ITS-8280)
		Fixed slapd-tester executable suffix for windows (ITS-8216)
		Fixed test061 timing issues (ITS-8297)
	Contrib
		Added libnettle support to pw-pbkdf2 (ITS-8198)
		Fixed smbk5pwd compiler warnings with libnettle (ITS-8235)
		Fixed passwd symbol collisions with other crypto libraries (ITS-8294)
	Documentation
		Updated guide to reflect changes to how TLS is handled with syncrepl
   2015-09-14 18:32:27 by Emmanuel Dreyfus | Files touched by this commit (4)
Log message:
Add support for ECDH, from upstream

After the recent logjam attack, longer DH parameter size have been advised.
Unfortunately, this comes with a high computational cost. ECDH is a good
alternative to acheive forward secrecy with lower CPU Loads.

This patch is a backport from upstream ECDH umplementation. ECDH is
enabled by speciying a curve name through the TLSECName directive.
Valid curve names can be obtaines by openssl ecparam -list_curves

Advised usage for a forward-secrecy only setup wiht only ECDH:
TLSCipherSuite EECDH:!RC4:!SHA:!MD5:!DES:!aNULL:!eNULL
TLSECName      prime256v1

If backward compatibility with older clients is required:
TLSCipherSuite EECDH:HIGH:!RC4:!SHA:!MD5:!DES:!aNULL:!eNULL
TLSECName      prime256v1

Backward compatible flavor with more forward secrecy, at
the expense of using costly DH. dh2048.pem is obtained using openssl
dhparam 2048 > /etc/openssl/certs/dh2048.pem
TLSCipherSuite EECDH:EDH:HIGH:!RC4:!SHA:!MD5:!DES:!aNULL:!eNULL
TLSDHParamFile /etc/openssl/certs/dh2048.pem
TLSECName      prime256v1
   2015-07-17 16:49:06 by Adam Ciarcinski | Files touched by this commit (8) | Package updated
Log message:
OpenLDAP 2.4.41 Release (2015/06/21)
	Fixed ldapsearch to explicitly flush its buffer (ITS-8118)
	Fixed libldap async connections (ITS-8090)
	Fixed libldap double free of request during abandon (ITS-7967)
	Fixed libldap error string for LDAP_X_CONNECTING (ITS-8093)
	Fixed libldap segfault in ldap_sync_initialize (ITS-8001)
	Fixed libldap ldif-wrap off by one error (ITS-8003)
	Fixed libldap handling of TLS in async mode (ITS-8022)
	Fixed libldap null pointer dereference (ITS-8028)
	Fixed libldap mutex handling with LDAP_OPT_SESSION_REFCNT (ITS-8050)
	Fixed slapd slapadd config db import of minimal frontend entry (ITS-8150)
	Fixed slapd slapadd onetime leak with -w (ITS-8014)
	Fixed slapd sasl auxprop crash with invalid config (ITS-8092)
	Fixed slapd syncrepl delta-mmr issue with overlays and slapd.conf (ITS-7976)
	Fixed slapd syncrepl mutex for cookie state (ITS-7968)
	Fixed slapd syncrepl memory leaks (ITS-8035)
	Fixed slapd syncrepl to free presentlist at end of refresh mode (ITS-8038)
	Fixed slapd syncrepl to streamline presentlist (ITS-8042)
	Fixed slapd syncrepl concurrency when CHECK_CSN is enabled (ITS-8120)
	Fixed slapd rootdn checks for hidden backends (ITS-8108)
	Fixed slapd segfault when using matched values control (ITS-8046)
	Fixed slapd-ldap reconnection behavior on remote failure (ITS-8142)
	Fixed slapd-mdb minor case typo (ITS-8049)
	Fixed slapd-mdb one-level search (ITS-7975)
	Fixed slapd-mdb heap corruption (ITS-7965)
	Fixed slapd-mdb crash after deleting in-use schema (ITS-7995)
	Fixed slapd-mdb minor code cleanup (ITS-8011)
	Fixed slapd-mdb to return errors when using incorrect env flags (ITS-8016)
	Fixed slapd-mdb to correctly update search candidates (ITS-8036, ITS-7904)
	Fixed slapd-mdb when there were more than 65535 aliases in scope (ITS-8103)
	Fixed slapd-mdb alias deref when objectClass is not indexed (ITS-8146)
	Fixed slapd-meta TLS initialization with ldaps URIs (ITS-8022)
	Fixed slapd-meta to have better error logging (ITS-8131)
	Fixed slapd-perl conversion to cn=config (ITS-8105)
	Fixed slapd-sql autocommit config variable (ITS-8129,ITS-6613)
	Fixed slapo-collect segfault (ITS-7797)
	Fixed slapo-constraint with 0 count constraint (ITS-7780,ITS-7781)
	Fixed slapo-deref with empty attribute list (ITS-8027)
	Fixed slapo-memberof to correctly reject invalid members (ITS-8107)
	Fixed slapo-sock result parser for CONTINUE (ITS-8048)
	Fixed slapo-syncprov synprov_matchops usage of test_filter (ITS-8013)
	Fixed slapo-syncprov segfault on disconnect/abandon (ITS-5452,ITS-8012)
	Fixed slapo-syncprov memory leak (ITS-8039)
	Fixed slapo-syncprov segfault on disconnect/abandon (ITS-8043)
	Fixed slapo-syncprov deadlock when autogroup is in use (ITS-8063)
	Fixed slapo-syncprov potential loss of changes when under load (ITS-8081)
	Fixed slapo-unique enforcement of uniqueness with manageDSAit control (ITS-8057)
	Build Environment
		Fixed libdb detection with gcc 5.x (ITS-8056)
		Fixed ftello reference for Win32 (ITS-8127)
		Enhanced contrib modules build paths (ITS-7782)
		Fixed contrib/autogroup internal operation identity (ITS-8006)
		Fixed contrib/autogroup to skip internal ops with accesslog (ITS-8065)
		Fixed contrib/passwd/sha2 compiler warning (ITS-8000)
		Fixed contrib/noopsrch compiler warning (ITS-7998)
		Fixed contrib/dupent compiler warnings (ITS-7997)
		Test suite: Added vrFilter test (ITS-8046)
	Contrib
		Added pbkdf2 sha256 and sha512 schemes (ITS-7977)
		Fixed autogroup modification callback responses (ITS-6970)
		Fixed nssov compare with usergroup (ITS-8079)
		Fixed nssov password change behavior (ITS-8080)
		Fixed nssov updated to 0.9.4 (ITS-8097)
	Documentation
		Added ldap_get_option(3) LDAP_FEATURE_INFO_VERSION information (ITS-8032)
		Added ldap_get_option(3) LDAP_OPT_API_INFO_VERSION information (ITS-8032)
		Fixed slapd-config(5), slapd.conf(5) tls_cipher_suite option (ITS-8099)
		Fixed slapd-meta(5), slapd-ldap(5) tls_cipher_suite option (ITS-8099)
		Fixed slapd-meta(5) fix minor typo (ITS-7769)