| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
From upstream ITS #8885
Add a configure test for hdb_generate_key_set_password() prototype
contrib/slapd-modules/smbk5pwd uses hdb_generate_key_set_password() from
Heimdal, which was shortly turned from a 5 arguments function to a 7 arguments
function before the prototype change was rolled back to address API
incompatibility.
Unfortunately, the 7 arguments hdb_generate_key_set_password() made it into
released NetBSD 8.0, causing a build break in contrib/slapd-modules/smbk5pwd.
This change adds a configure test for 7 arguments prototype so that
contrib/slapd-modules/smbk5pwd build again on NetBSD 8.0, and other OS that
would include the 7 arguments hdb_generate_key_set_password().
|
|
Performing substitutions during post-patch breaks tools such as mkpatches,
making it very difficult to regenerate correct patches after making changes,
and often leading to substituted string replacements being committed.
|
|
|
|
OpenLDAP 2.4.46 Release (2018/03/22)
Fixed libldap connection delete callbacks when TLS fails to start
Fixed libldap to not reuse tls_session if TLS hostname check fails
Fixed libldap cross-compiling with OpenSSL 1.1
Fixed libldap OpenSSL 1.1.1 compatibility with BIO_method
Fixed libldap MozNSS CA certificate hash matching
Fixed libldap MozNSS with PEM certs when also using an NSS cert db
Fixed libldap MozNSS initialization
Fixed libldap GnuTLS with GNUTLS_E_AGAIN
Fixed libldap memory leak with cancel operations
Fixed slapd Eventlog registry key creation on 64-bit Windows
Fixed slapd to maintain SSF across SASL binds
Fixed slapd syncrepl deadlock when updating cookie
Fixed slapd syncrepl callback to always be last in the stack
Fixed slapd telephoneNumberNormalize when the value is spaces and hyphens
Fixed slapd CSN queue processing
Fixed slapd-ldap TLS connection timeout with high latency connections
Fixed slapd-ldap to ignore unknown schema when omit-unknown-schema is set
Fixed slapd-mdb with an optimization for long lived read transactions
Fixed slapd-meta assert when olcDbRewrite is modified
Fixed slapd-sock with LDAP_MOD_INCREMENT operations
Fixed slapo-accesslog cleanup to only occur on failed operations
Fixed slapo-dds entryTTL to actually decrease as per RFC 2589
Fixed slapo-syncprov memory leak with delete operations
Fixed slapo-syncprov to not clear pending operation when checkpointing
Fixed slapo-syncprov to correctly record contextCSN values in the accesslog
Fixed slapo-syncprov not to log checkpoints to accesslog db
Fixed slapo-syncprov to process changes from this SID on REFRESH
Fixed slapo-syncprov session log parsing to not block other operations
Build Environment
Fixed Windows build with newer MINGW version
Fixed compiler warnings and removed unused variables
Contrib
Fixed ldapc++ Control structure
Documentation
Delete stub manpage for back-ldbm
Fixed ldap_bind(3) to mention the LDAP_SASL_SIMPLE mechanism
Fixed ldap.conf(5) to note SASL_MECH/SASL_REALM are no longer user-only
Fixed slapd-config(5) typo for olcTLSCipherSuite
Fixed slapo-syncprov(5) indexing requirements
|
|
Added slapd support for OpenSSL 1.1.0 series (ITS-8353, ITS-8533, ITS-8634)
Fixed libldap to fail ldap_result if the handle is already bad (ITS-8585)
Fixed libldap to expose error if user specified CA doesn't exist (ITS-8529)
Fixed libldap handling of Diffie-Hellman parameters (ITS-7506)
Fixed libldap GnuTLS use after free (ITS-8385)
Fixed libldap SASL initialization (ITS-8648)
Fixed slapd bconfig rDN escape handling (ITS-8574)
Fixed slapd segfault with invalid hostname (ITS-8631)
Fixed slapd sasl SEGV rebind in same session (ITS-8568)
Fixed slapd syncrepl filter handling (ITS-8413)
Fixed slapd syncrepl infinite looping mods with delta-sync MMR (ITS-8432)
Fixed slapd callback struct so older modules without writewait should function.
Custom modules may need to be updated for sc_writewait callback (ITS-8435)
Fixed slapd-ldap/meta broken LDAP_TAILQ macro (ITS-8576)
Fixed slapd-mdb so it passes ITS6794 regression test (ITS-6794)
Fixed slapd-mdb double free with size zero paged result (ITS-8655)
Fixed slapd-meta uninitialized diagnostic message (ITS-8442)
Fixed slapo-accesslog to honor pauses during purge for cn=config update (ITS-8423)
Fixed slapo-accesslog with multiple modifications to the same attribute (ITS-6545)
Fixed slapo-relay to correctly initialize sc_writewait (ITS-8428)
Fixed slapo-sssvlv double free (ITS-8592)
Fixed slapo-unique with empty modifications (ITS-8266)
Build Environment
Added test065 for proxyauthz (ITS-8571)
Fix test008 to be portable (ITS-8414)
Fix test064 to wait for slapd to start (ITS-8644)
Fix its4336 regression test (ITS-8534)
Fix its4337 regression test (ITS-8535)
Fix regression tests to execute on all backends (ITS-8539)
Contrib
Added slapo-autogroup(5) man page (ITS-8569)
Added passwd missing conversion scripts for apr1 (ITS-6826)
Fixed contrib modules where the writewait callback was not correctly initialized (ITS-8435)
Fixed smbk5pwd to build with newer OpenSSL releases (ITS-8525)
Documentation
admin24 fixed tls_cipher_suite bindconf option (ITS-8099)
admin24 fixed typo cn=config to be slapd.d (ITS-8449)
admin24 fixed slapo-syncprov information to be curent (ITS-8253)
admin24 fixed typo in access control docs (ITS-7341, ITS-8391)
admin24 fixed minor typo in tuning guide (ITS-8499)
admin24 fixed information about the limits option (ITS-7700)
admin24 fixed missing options for syncrepl configuration (ITS-7700)
admin24 fixed accesslog documentation to note it should not be replicated (ITS-8344)
Fixed ldap.conf(5) missing information on SASL_NOCANON option (ITS-7177)
Fixed ldapsearch(1) information on the V[V] flag behavior (ITS-7177, ITS-6339)
Fixed slapd-config(5), slapd.conf(5) clarification on interval keyword for refreshAndPersist (ITS-8538)
Fixed slapd-config(5), slapd.conf(5) clarify serverID requirements (ITS-8635)
Fixed slapd-config(5), slapd.conf(5) clarification on loglevel settings (ITS-8123)
Fixed slapo-ppolicy(5) to clearly note rootdn requirement (ITS-8565)
Fixed slapo-memberof(5) to note it is not safe to use with replication (ITS-8613)
Fixed slapo-syncprov(5) documentation to be current (ITS-8253)
Fixed slapadd(8) manpage to note slapd-mdb (ITS-8215)
Fixed various minor grammar issues in the man pages (ITS-8544)
Fixed various typos (ITS-8587)
|
|
MASTER_SITES= site1 \
site2
style continuation lines to be simple repeated
MASTER_SITES+= site1
MASTER_SITES+= site2
lines. As previewed on tech-pkg. With thanks to rillig for fixing pkglint
accordingly.
|
|
Incorrect multi-keyword mode cipherstring parsing.
Fixes CVE-2015-3276.
Submitted upstream as ITS#8543, it apparently wasn't already(!)
http://www.openldap.org/its/index.cgi/Incoming?id=8543
Bump PKGREVISION for both openldap, openldap-server and openldap-client
(to be on the safe side...)
|
|
OpenSSL removed old DES API which used des_* functions.
https://github.com/openssl/openssl/commit/24956ca00f014a917fb181a8abc39b349f3f316f
In order to link with libcrypto from recent OpenSSL releases, we need
to replace the older API des_* functions by the newer API DES_* functions.
Submitted upstream as ITS#8525
http://www.openldap.org/its/index.cgi/Incoming?id=8525
|
|
PKGREVISION for client and server.
|
|
for consistency and avoid redundant FILESDIR shared between packages.
|
|
|
|
|
|
Fixed slapd-bdb/hdb missing olcDbChecksum config attr (ITS-8337)
Fixed slapd-mdb behavior with long lived read transactions (ITS-8226)
Fixed slapd-mdb cleanup after failed transaction (ITS-8360)
Fixed slapd-sql missing id_query/olcSqlIdQuery (ITS-8329)
Fixed slapo-accesslog callback initialization (ITS-8351)
Fixed slapo-ppolicy pwdMaxRecordedFailure must never be zero (ITS-8327)
Fixed slapo-syncprov abandon processing (ITS-8354)
Fixed slapo-syncprov ctxcsn snapshot on refresh (ITS-8281, ITS-8365)
Documentation
admin24 Stop linking to Berkeley DB downloads (ITS-8362)
admin24 Update documentation for LMDB preference
|
|
Fixed liblber remove obsolete assert (ITS-8240, ITS-8301)
Fixed libldap file URLs on windows (ITS-8273)
Fixed libldap microsecond timer for windows (ITS-8295)
Fixed slap tools minor one time memory leak (ITS-8082)
Fixed slapd to avoid redundant processing of abandon ops (ITS-8232)
Fixed slapd syncrepl segv when present list is NULL (ITS-8231, ITS-8042)
Fixed slapd segfault with invalid SASL URI (ITS-8218)
Fixed slapd configuration parser with unbalanced quotes (ITS-8233)
Fixed slapd syncrepl check with config db on windows (ITS-8277)
Fixed slapd with mod Increment and inherited attribute type (ITS-8289)
Fixed slapd-ldap SEGV after failed retry (ITS-8173)
Fixed slapd-ldap to skip client controls in ldap_back_entry_get (ITS-8244)
Fixed slapd-null to have an option to return a search entry (ITS-8249)
Fixed slapd-relay to correctly handle quoted options (ITS-8284)
Fixed slapo-accesslog delta-sync MMR with interrupted refresh phase (ITS-8281)
Fixed slapo-dds segfault when using slapo-memberof (ITS-8133)
Fixed slapo-ppolicy to allow purging of stale pwdFailureTime attributes (ITS-8185)
Fixed slapo-ppolicy to release entry on failure (ITS-7537)
Fixed slapo-ppolicy to fall back to default policy if there is a parsing error (ITS-8234)
Fixed slapo-syncprov with interrupted refresh phase (ITS-8281)
Fixed slapo-refint with subtree renames (ITS-8220)
Fixed slapo-rwm missing olcDropUnrequested attribute (ITS-7889)
Fixed slapo-rwm parsing to avoid double-escaping rewrite rules (ITS-7964)
Build Environment
Fixed ldif-filter option parsing (ITS-8292)
Fixed slapd-tester EOL handling in test output for windows (ITS-8280)
Fixed slapd-tester executable suffix for windows (ITS-8216)
Fixed test061 timing issues (ITS-8297)
Contrib
Added libnettle support to pw-pbkdf2 (ITS-8198)
Fixed smbk5pwd compiler warnings with libnettle (ITS-8235)
Fixed passwd symbol collisions with other crypto libraries (ITS-8294)
Documentation
Updated guide to reflect changes to how TLS is handled with syncrepl
|
|
Problems found with existing distfiles:
distfiles/D6.data.ros.gz
distfiles/cstore0.2.tar.gz
distfiles/data4.tar.gz
distfiles/sphinx-2.2.7-release.tar.gz
No changes made to the cstore or mariadb55-client distinfo files.
Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden). All existing
SHA1 digests retained for now as an audit trail.
|
|
After the recent logjam attack, longer DH parameter size have been advised.
Unfortunately, this comes with a high computational cost. ECDH is a good
alternative to acheive forward secrecy with lower CPU Loads.
This patch is a backport from upstream ECDH umplementation. ECDH is
enabled by speciying a curve name through the TLSECName directive.
Valid curve names can be obtaines by openssl ecparam -list_curves
Advised usage for a forward-secrecy only setup wiht only ECDH:
TLSCipherSuite EECDH:!RC4:!SHA:!MD5:!DES:!aNULL:!eNULL
TLSECName prime256v1
If backward compatibility with older clients is required:
TLSCipherSuite EECDH:HIGH:!RC4:!SHA:!MD5:!DES:!aNULL:!eNULL
TLSECName prime256v1
Backward compatible flavor with more forward secrecy, at
the expense of using costly DH. dh2048.pem is obtained using openssl
dhparam 2048 > /etc/openssl/certs/dh2048.pem
TLSCipherSuite EECDH:EDH:HIGH:!RC4:!SHA:!MD5:!DES:!aNULL:!eNULL
TLSDHParamFile /etc/openssl/certs/dh2048.pem
TLSECName prime256v1
|
|
Fixed liblber address length for CLDAP (ITS 8158)
Fixed libldap dnssrv potential overflow with port number (ITS 7027,ITS 8195)
Fixed slapd cn=config when updating olcAttributeTypes (ITS 8199)
Fixed slapd-mdb to correctly update search candidates for scoped searches (ITS 8203)
Fixed slapo-ppolicy with redundant mod ops on glued trees (ITS 8184)
Fixed slapo-rwm crash when deleting rewrite rules (ITS 8213)
Build Environment
Fixed libdb detection with gcc 5.x (ITS 8056)
|
|
All recent NetBSD releases now have an OpenSSL recent enough so
that the DES symbols required by slapo-smbk5pwd can be found in
OpenSSL's libcrypto. We therefore do not need to link with -ldes
anymore, especialy since it now causes a build failure.
|
|
Fixed ldapsearch to explicitly flush its buffer (ITS-8118)
Fixed libldap async connections (ITS-8090)
Fixed libldap double free of request during abandon (ITS-7967)
Fixed libldap error string for LDAP_X_CONNECTING (ITS-8093)
Fixed libldap segfault in ldap_sync_initialize (ITS-8001)
Fixed libldap ldif-wrap off by one error (ITS-8003)
Fixed libldap handling of TLS in async mode (ITS-8022)
Fixed libldap null pointer dereference (ITS-8028)
Fixed libldap mutex handling with LDAP_OPT_SESSION_REFCNT (ITS-8050)
Fixed slapd slapadd config db import of minimal frontend entry (ITS-8150)
Fixed slapd slapadd onetime leak with -w (ITS-8014)
Fixed slapd sasl auxprop crash with invalid config (ITS-8092)
Fixed slapd syncrepl delta-mmr issue with overlays and slapd.conf (ITS-7976)
Fixed slapd syncrepl mutex for cookie state (ITS-7968)
Fixed slapd syncrepl memory leaks (ITS-8035)
Fixed slapd syncrepl to free presentlist at end of refresh mode (ITS-8038)
Fixed slapd syncrepl to streamline presentlist (ITS-8042)
Fixed slapd syncrepl concurrency when CHECK_CSN is enabled (ITS-8120)
Fixed slapd rootdn checks for hidden backends (ITS-8108)
Fixed slapd segfault when using matched values control (ITS-8046)
Fixed slapd-ldap reconnection behavior on remote failure (ITS-8142)
Fixed slapd-mdb minor case typo (ITS-8049)
Fixed slapd-mdb one-level search (ITS-7975)
Fixed slapd-mdb heap corruption (ITS-7965)
Fixed slapd-mdb crash after deleting in-use schema (ITS-7995)
Fixed slapd-mdb minor code cleanup (ITS-8011)
Fixed slapd-mdb to return errors when using incorrect env flags (ITS-8016)
Fixed slapd-mdb to correctly update search candidates (ITS-8036, ITS-7904)
Fixed slapd-mdb when there were more than 65535 aliases in scope (ITS-8103)
Fixed slapd-mdb alias deref when objectClass is not indexed (ITS-8146)
Fixed slapd-meta TLS initialization with ldaps URIs (ITS-8022)
Fixed slapd-meta to have better error logging (ITS-8131)
Fixed slapd-perl conversion to cn=config (ITS-8105)
Fixed slapd-sql autocommit config variable (ITS-8129,ITS-6613)
Fixed slapo-collect segfault (ITS-7797)
Fixed slapo-constraint with 0 count constraint (ITS-7780,ITS-7781)
Fixed slapo-deref with empty attribute list (ITS-8027)
Fixed slapo-memberof to correctly reject invalid members (ITS-8107)
Fixed slapo-sock result parser for CONTINUE (ITS-8048)
Fixed slapo-syncprov synprov_matchops usage of test_filter (ITS-8013)
Fixed slapo-syncprov segfault on disconnect/abandon (ITS-5452,ITS-8012)
Fixed slapo-syncprov memory leak (ITS-8039)
Fixed slapo-syncprov segfault on disconnect/abandon (ITS-8043)
Fixed slapo-syncprov deadlock when autogroup is in use (ITS-8063)
Fixed slapo-syncprov potential loss of changes when under load (ITS-8081)
Fixed slapo-unique enforcement of uniqueness with manageDSAit control (ITS-8057)
Build Environment
Fixed libdb detection with gcc 5.x (ITS-8056)
Fixed ftello reference for Win32 (ITS-8127)
Enhanced contrib modules build paths (ITS-7782)
Fixed contrib/autogroup internal operation identity (ITS-8006)
Fixed contrib/autogroup to skip internal ops with accesslog (ITS-8065)
Fixed contrib/passwd/sha2 compiler warning (ITS-8000)
Fixed contrib/noopsrch compiler warning (ITS-7998)
Fixed contrib/dupent compiler warnings (ITS-7997)
Test suite: Added vrFilter test (ITS-8046)
Contrib
Added pbkdf2 sha256 and sha512 schemes (ITS-7977)
Fixed autogroup modification callback responses (ITS-6970)
Fixed nssov compare with usergroup (ITS-8079)
Fixed nssov password change behavior (ITS-8080)
Fixed nssov updated to 0.9.4 (ITS-8097)
Documentation
Added ldap_get_option(3) LDAP_FEATURE_INFO_VERSION information (ITS-8032)
Added ldap_get_option(3) LDAP_OPT_API_INFO_VERSION information (ITS-8032)
Fixed slapd-config(5), slapd.conf(5) tls_cipher_suite option (ITS-8099)
Fixed slapd-meta(5), slapd-ldap(5) tls_cipher_suite option (ITS-8099)
Fixed slapd-meta(5) fix minor typo (ITS-7769)
|
|
From 6f120920d359d3b880c5c56bde4c1b91c3bedb01 Mon Sep 17 00:00:00 2001
From: Ben Jencks <ben@bjencks.net>
Date: Sun, 27 Jan 2013 18:27:03 -0500
Subject: [PATCH] ITS#7506 tls_o.c: Fix Diffie-Hellman parameter usage.
If a DHParamFile or olcDHParamFile is specified, then it will be used,
otherwise a hardcoded 1024 bit parameter will be used. This allows the use of
larger parameters; previously only 512 or 1024 bit parameters would ever be
used.
From cfeb28412c28ce9feeea6e6c055286f201bd0a34 Mon Sep 17 00:00:00 2001
From: Howard Chu <hyc@openldap.org>
Date: Sat, 7 Sep 2013 06:39:53 -0700
Subject: [PATCH] ITS#7506 fix prev commit
The patch unconditionally enabled DHparams, which is a significant
change of behavior. Reverting to previous behavior, which only enables
DH use if a DHparam file was configured.
|
|
Fixed libldap DNS SRV priority handling (ITS-7027)
Fixed libldap don't leak libldap err codes (ITS-7676)
Fixed libldap CR/LF handling (ITS-4635)
Fixed libldap ldif-wrap length (ITS-7871)
Fixed libldap GnuTLS ciphersuite parsing (ITS-7500)
Fixed libldap GnuTLS with newer versions (ITS-7430,ITS-6359)
Fixed libldif to correctly handle 4096 character lines (ITS-7859)
Fixed librewrite reference counting (ITS-7723)
Fixed slapacl with back-mdb reader transactions (ITS-7920)
Fixed slapd syncrepl to send cookie on fallback (ITS-7849)
Fixed slapd syncrepl SEGV when abandoning a connection (ITS-7928)
Fixed slapd slapcat with external schema (ITS-7895)
Fixed slapd schema RDN normalization (ITS-7935)
Fixed slapd with repeated language tags (ITS-7941)
Fixed slapd modrdn crash on naming attr with no matching rule (ITS-7850)
Fixed slapd memory leak in control handling (ITS-7942)
Fixed slapd-ldap removed dead code (ITS-7922)
Fixed slapd-mdb to work concurrently with slapadd (ITS-7798)
Fixed slapd-mdb with paged results (ITS-7705, ITS-7800)
Fixed slapd-mdb slapcat with nonexistent indices (ITS-7870)
Fixed slapd-mdb long lived reader transactions (ITS-7904)
Fixed slapd-mdb memory leak on matchedDN (ITS-7872)
Fixed slapd-mdb sorting of attribute values (ITS-7902)
Fixed slapd-mdb to flag attribute values as sorted (ITS-7903)
Fixed slapd-mdb index config handling (ITS-7912)
Fixed slapd-mdb entry release handling (ITS-7915)
Fixed slapd-mdb with aliases and referrals (ITS-7927)
Fixed slapd-mdb alias dereferencing (ITS-7702)
Fixed slapd-sock socket flushing (ITS-7937)
Fixed slapo-accesslog attribute normalization (ITS-7934)
Fixed slapo-accesslog internal search logging (ITS-7929)
Fixed slapo-auditlog connection destroy logic (ITS-7906,ITS-7923)
Fixed slapo-chain interaction with slapo-rwm (ITS-7930)
Fixed slapo-constraint connection destroy logic (ITS-7906,ITS-7923)
Fixed slapo-dds connection destroy logic (ITS-7906,ITS-7923)
Fixed slapo-dyngroup connection destroy logic (ITS-7906,ITS-7923)
Fixed slapo-memberof attr count (ITS-7893)
Fixed slapo-memberof frontendDB handling (ITS-7249)
Fixed slapo-memberof internal search logging (ITS-7929)
Fixed slapo-pcache config processing (ITS-7919)
Fixed slapo-pcache connection destroy logic (ITS-7906,ITS-7923)
Added slapo-ppolicy ORDERING rules (ITS-7838)
Fixed slapo-ppolicy timestamp resolution to use microseconds (ITS-7161)
Fixed slapo-ppolicy connection destroy logic (ITS-7906,ITS-7923)
Fixed slapo-refint to check for pauses in cn=config (ITS-7873)
Fixed slapo-refint internal search logging (ITS-7929)
Fixed slapo-refint connection destroy logic (ITS-7906,ITS-7923)
Fixed slapo-seqmod connection destroy logic (ITS-7906,ITS-7923)
Fixed slapo-slapover connection destroy logic (ITS-7906,ITS-7923)
Fixed slapo-sock db_init (ITS-7868)
Fixed slapo-sssvlv fix olcSssVlvMaxPerConn (ITS-7908)
Fixed slapo-translucent double free (ITS-7587)
Fixed slapo-translucent to work with manageDSAit (ITS-7864)
Fixed slapo-translucent to use local backend with local entries (ITS-7915)
Fixed slapo-unique connection destroy logic (ITS-7906,ITS-7923)
Fixed slapcacl with invalid suffix
|
|
|
|
|
|
|
|
Fixed libldap MozNSS crash
Fixed libldap memory leak with SASL
Fixed libldap assert in parse_passwdpolicy_control
Fixed libldap shortcut NULL RDNs
Fixed libldap deref to use correct control
Fixed liblmdb keysizes with mdb_update_key
Fixed slapd cn=config olcDbConfig modification
Fixed slapd-bdb/hdb to bail out of search if config is paused
Fixed slapd-bdb/hdb indexing issue with derived attributes
Fixed slapd-mdb to bail out of search if config is paused
Fixed slapd-mdb indexing issue with derived attributes
Fixed slapd-perl to bail out of search if config is paused
Fixed slapd-sql to bail out of search if config is paused
Fixed slapo-constraint handling of softadd/softdel
Fixed slapo-syncprov assert with findbase
Build Environment
Test suite: Use $(MAKE) for tests
Documentation
admin24 fix TLSDHParamFile to be correct
|
|
Fixed liblmdb nordahead flag
Fixed liblmdb to check cursor index before cursor_del
Fixed liblmdb wasted space on split
Fixed slapd for certs with a NULL issuerDN
Fixed slapd cn=config with empty nested includes
Fixed slapd syncrepl memory leak with delta-sync MMR
Fixed slapd-bdb/hdb to stop processing on dn not found
Fixed slapd-bdb/hdb with indexed ANDed filters
Fixed slapd-mdb to stop processing on dn not found
Fixed slapd-mdb dangling reader
Fixed slapd-mdb matching rule for OlcDbEnvFlags
Fixed slapd-mdb with indexed ANDed filters
Fixed slapd-meta from blocking other threads
Fixed slapo-syncprov assert with findbase
|
|
Added liblmdb nordahead environment flag
Fixed client tools CLDAP with IPv6
Fixed libldap CLDAP with IPv6
Fixed libldap lock ordering with abandon op
Fixed liblmdb segfault with mdb_cursor_del
Fixed liblmdb when converting to writemap
Fixed liblmdb assert on MDB_NEXT with delete
Fixed liblmdb wasted space on split
Fixed slapd cn=config with olcTLSProtocolMin
Fixed slapd-bdb/hdb optimize index updates
Fixed slapd-ldap chaining with cn=config
Fixed slapd-ldap chaning with controls
Fixed slapd-mdb optimize index updates
Fixed slapd-meta chaining with cn=config
Fixed slapo-constraint to no-op on nonexistent entries
Fixed slapo-dds assert on startup
Fixed slapo-memberof to not replicate internal ops
Fixed slapo-refint to not replicate internal ops
Build Environment
Fixed slapd-mdb ptr arithmetic on void *s
Documentation
ldapsearch(1) minor typo fix
slapd-passwd(5) minor typo fix
|
|
Added back-meta target filter patterns (ITS 7609)
Added liblmdb mdb_txn_env to API (ITS 7660)
Fixed libldap CLDAP with uninit'd memory (ITS 7582)
Fixed libldap with UDP (ITS 7583)
Fixed libldap OpenSSL TLS versions (ITS 7645)
Fixed liblmdb MDB_PREV behavior (ITS 7556)
Fixed liblmdb transaction issues (ITS 7515)
Fixed liblmdb mdb_drop overflow page return (ITS 7561)
Fixed liblmdb nested split (ITS 7592)
Fixed liblmdb overflow page behavior (ITS 7620)
Fixed liblmdb race condition with read and write txns (ITS 7635)
Fixed liblmdb mdb_del behavior with MDB_DUPSORT and mdb_del (ITS 7658)
Fixed slapd cn=config with unknown schema elements (ITS 7608)
Fixed slapd cn=config with loglevel 0 (ITS 7611)
Fixed slapd slapi filterlist free behavior (ITS 7636)
Fixed slapd slapi control free behavior (ITS 7641)
Fixed slapd schema countryString as directoryString (ITS 7659)
Fixed slapd schema telephoneNumber as directoryString (ITS 7659)
Fixed slapd-bdb/hdb to wait for read locks in tool mode (ITS 6365)
Fixed slapd-mdb behavior with alias dereferencing (ITS 7577)
Fixed slapd-mdb modrdn and base-scoped searches (ITS 7604)
Fixed slapd-mdb refcount behavior (ITS 7628)
Fixed slapd-meta binding flag is set (ITS 7524)
Fixed slapd-meta with minimal config (ITS 7581)
Fixed slapd-meta missing results messages (ITS 7591)
Added slapd-meta TCP keepalive support (ITS 7513)
Fixed slapo-sssvlv double free (ITS 7588)
Fixed slaptest to list -Q option (ITS 7568)
Build Environment
Fixed slapd-meta declaration warnings (ITS 7654)
Contrib
Fixed nssov group enumeration bug (ITS 7569)
Fixed autogroup when URI has no attrs (ITS 7580)
Documentation
admin24 Update database backend notes (ITS 7590)
ldap.conf(5) fixed typos (ITS 7568)
ldapmodify(1) remove replog reference (ITS 7562)
ldif(5) remove replog reference (ITS 7562)
slapd-config(5) remove replog reference (ITS 7562)
slapd.conf(5) remove replog reference (ITS 7562)
slapd-config(5) document TLSProtocolMin (ITS 5655,ITS 7645)
slapd.conf(5) document TLSProtocolMin
|
|
|
|
Fixed liblmdb mdb_cursor_put with MDB_MULTIPLE
Fixed liblmdb page rebalance
Fixed liblmdb missing parens
Fixed liblmdb mdb_cursor_del crash
Fixed slapd syncrepl updateCookie status
Fixed slapd connection logging
Fixed slapd segfault on modify
Fixed slapd-mdb to reject undefined attrs
Fixed slapo-pcache with +/- attrsets
Build Environment
don't install DB_CONFIG if no BDB backends
Documentation
slapschema(8) fix tool name
admin24 fixed pcache example
admin24 fixed config examples
|
|
Fixed libldap connections with EINTR (ITS7476)
Fixed libldap lineno overflow in ldif_read_record (ITS7497)
Fixed liblmdb mdb_env_open flag handling (ITS7453)
Fixed liblmdb mdb_midl_sort array optimization (ITS7432)
Fixed liblmdb freelist with large entries (ITS7455)
Fixed liblmdb to check for filled dirty page list (ITS7491)
Fixed liblmdb to validate data limits (ITS7485)
Fixed liblmdb mdb_update_key for large keys (ITS7505)
Fixed ldapmodify to not core dump with invalid LDIF (ITS7477)
Fixed slapd syncrepl for old entries in MMR setup (ITS7427)
Fixed slapd signedness for index_substr_any_* (ITS7449)
Fixed slapd enforce SLAPD_MAX_DAEMON_THREADS (ITS7450)
Fixed slapd mutex in send_ldap_ber (ITS6164)
Added slapd-ldap onerr option (ITS7492)
Added slapd-ldap keepalive support (ITS7501)
Fixed slapd-ldif with empty dir (ITS7451)
Fixed slapd-mdb to reopen attr DBs after env reopen (ITS7416)
Fixed slapd-mdb handling of missing entries (ITS7483,7496)
Fixed slapd-mdb environment flag setting (ITS7452)
Fixed slapd-mdb with sub db slapcat (ITS7469)
Fixed slapd-mdb to correctly work with toolthreads > 2 (ITS7488,ITS7527)
Fixed slapd-mdb subtree search speed (ITS7473)
Fixed slapd-meta conversion to cn=config (ITS7525)
Fixed slapd-meta segfault when modifying olcDbUri (ITS7526)
Fixed slapd-sql back-config support (ITS7499)
Fixed slapo-constraint handle uri and restrict correctly (ITS7418)
Fixed slapo-constraint with multi-master replication (ITS7426)
Fixed slapo-constraint segfault (ITS7431)
Fixed slapo-deref control initialization (ITS7436)
Fixed slapo-deref control exposure (ITS7445)
Fixed slapo-memberof with internal ops (ITS7487)
Fixed slapo-pcache matching rules for config db (ITS7459)
Fixed slapo-rwm modrdn cleanup (ITS7414)
Fixed slapo-sssvlv maxperconn parameter (ITS7484)
Build Environment
Fixed slapo-constraint test suite (ITS7423)
Contrib
Added nssov nssov_config support (ITS7518)
Added nssov password_prohibit_message (ITS7518)
Fixed ldapc++ with gcc-4.7 (ITS7281,ITS7304)
Fixed nssov olcNssPamSession handling (ITS7481)
Fixed nssov connection DN (ITS7518)
Add missing Makefile for various modules (ITS7308)
Unify Makefile structure for modules (ITS7309)
Fixed slapo-allowed attribute replication (ITS7493)
Fixed slapo-passwd SHA2 to correctly zero buffer (ITS7490)
Documentation
ldapurl(1) fix example usage (ITS7454)
ldap_get_option(3) fixed trailing whitespace (ITS7411)
slapd-config(5) olcExtraAttrs is per db (ITS7421)
slapd-overlays(5) update manpage index (ITS7489)
slapo-dynlist(5) Search behavior notes (ITS7486)
slapo-valsort(5) Document valsort control syntax (ITS7523)
|
|
|
|
|
|
|
|
Added slapd-meta cn=config support
Fixed libldap MozNSS slot picking
Fixed libldap MozNSS with tokenname:certnickname format
Fixed libmdb POSIX semaphore cleanup on environment close
Fixed libmdb mdb_page_split
Fixed slapd alock handling on Windows
Fixed slapd acl handling with zero-length values
Fixed slapd syncprov to not reference ops inside a lock
Fixed slapd delta-syncrepl MMR with large attribute values
Fixed slapd slapd_rw_destroy function
Fixed slapd-ldap idassert bind handling
Fixed slapd-mdb slapadd -q -w double free
Fixed slapd-mdb to close read txn in reindex commit
Fixed slapo-constraint with multiple modifications
Build Environment
Fixed build with Visual Studio
Fixed libmdb posix semaphore use on BSD system
Add slapo-constraint test suite
Contrib
Updated radius passwd module for NAS-Identifier
Documentation
slapo-refint(5) Note that refint is not replicated
|
|
(otherwise Undefined PLT symbol "des_set_odd_parity")
- make sure OpenLDAP links with pkgsrc's libfetch as base libfetch
may be linked with a different OpenSSL than OpenLDAP.
|
|
Added slappasswd loadable module support
Fixed tools to not clobber SASL_NOCANON
Fixed libldap function declarations
Fixed libldap double free
Fixed libldap debug level setting
Fixed libldap MozNSS PEM/certdb handling
Fixed libldap MozNSS cipher suite selection
Fixed libldap MozNSS error handling
Fixed libldap MozNSS cipher suite being ignored
Fixed libldap MozNSS infinite loop
Fixed libldap MozNSS context token for certdb
Fixed libldap MozNSS store certificate object
Fixed libldap MozNSS fix init and cleanup
Fixed libldap MozNSS slot and pin usage
Fixed libldap MozNSS to avoid infinite loop
Fixed libldap MozNSS untrusted issuer error
Fixed libldap gettime() regression
Fixed libldap sasl handling
Fixed libldap to correctly free socket with TLS
Fixed libmdb leaf node handling
Fixed libmdb mutexes on Apple/Windows
Fixed slapd config index renumbering
Fixed slapd duplicate error response
Fixed slapd parsing of PermissiveModify control
Fixed slapd-bdb/hdb cache hang under high load
Fixed slapd-bdb/hdb alias checking
Fixed slapd-bdb/hdb olcDbConfig changes work immediately
Fixed slapd-ldap to encode user DN during password change
Fixed slapd-ldap assertion when proxying to MS AD
Fixed slapd-ldap monitoring
Fixed slapd-mdb with tool mode
Fixed slapd-mdb with approx indexing
Fixed slapd-mdb dn2id delete
Fixed slapd-mdb memory leak in online indexer
Fixed slapd-mdb db corruption when hitting maxsize
Fixed slapd-mdb aborts with online indexing
Fixed slapd-perl panic
Fixed slapo-accesslog memory leaks with sync replication
Fixed slapo-syncprov memory leaks with sync replication
Fixed contrib/smbk5pwd to not compile with MozNSS
Fixed contrib/sha2 portability
Fixed contrib/sha2 thread safety
Added contrib/sha2 {SSHA256}, {SSHA384}, {SSHA512} support
Build Environment
Fixed test057 timing issues
Fixed compilation with MS Visual Studio
Contrib
Added slapi_[get|free]_client_ip()
Documentation
slapo-sssvlv Added note about criticality
admin24 Fix peername.regex typo
Fixed slapd-config file include example
slapd-ldap(5) Reference RFC4526
slapd-meta(5) Reference RFC4526
|
|
Added slapo-accesslog support for reqEntryUUID
Fixed libldap IPv6 URL detection
Fixed libldap rebinding on failed connection
Fixed libmdb alignment of MDB_db members
Fixed libmdb branch page merging on deletes
Fixed libmdb page split with MDB_APPEND
Fixed libmdb free page usage with entry deletion
Fixed libmdb to use IOV_MAX if it is defined and small
Fixed libmdb key alignment
Fixed libmdb mdb_page_split
Fixed libmdb with zero length IDLs
Fixed slapd listener initialization
Fixed slapd cn=config with olcTLSVerifyClient
Fixed slapd delta-syncrepl fallback on non-leaf error
Fixed slapd to reject MMR setups with bad serverID setting
Fixed slapd approxIndexer key generation
Fixed slapd modification of olcSuffix
Fixed slapd schema validation with missing definitions
Fixed slapd syncrepl -c with supplied CSN values
Fixed slapd-bdb/hdb idlcache with only one element
Fixed slapd-perl modify with binary values
Fixed slapd-shell cn=config support
Fixed slapd-shell modify with binary values
Fixed slapo-accesslog deadlock with non-logged write ops
Fixed slapo-syncprov sessionlog check
Fixed slapo-syncprov entry leak
Fixed slapo-syncprov startup initialization
Build Environment
Fixed test022 to check ldapsearch results
Fixed test044 when back-monitor is disabled
Documentation
Fixed slapschema(8) formatting
Fixed limdb functionality documentation
Fixed ldap_get_option(3) note inheritance behavior
|
|
Fixed libldap socket polling for writes
Fixed liblutil string modifications
Fixed slapd crash when attrsOnly is true
Fixed slapd syncrepl delete handling
Fixed slapd-mdb slapadd with -q
Fixed slapd-mdb slapadd with -w
Fixed slapd-mdb slapindex with -q and -t
Fixed slapo-pcache time-to-refesh handling
Fixed slapo-syncprov loop detection
Build Environment
Fixed POSIX make support
Fixed slapd-mdb build on POSIX
Documentation
Added option "-o" to ldap*(1) pages
Fixed ldap*(1) page cleanup
Fixed ldap_modify(3) prototypes
|
|
|
|
remote attackers to cause a denial of service (slapd crash) via a
zero-length string that triggers a heap-based buffer overflow
bump PKGREV
|
|
|
|
|
|
-Added LDIF line wrapping setting
-Added libldap cert x500UniqueIdentifier handling
-Added libldap_r,libldap formal concurrency API
-Added slapadd attribute value checking
-Added slapcat continue mode for problematic DBs
-Added slapd syncrepl suffixmassage support
-Added slapd multiple listener threads
-Added slapd extensible match for ordering rules
-Added slapd-meta paged results control forwarding
-Added slapd-meta subtree-include support
-Added slapd-null back-config support
-Added slapd-sql autocommit support
-Added slapd-sql support for long long keys
-Added slapo-sssvlv multiple sorts per connection
-many bugfixes
-documentation improvements
|
|
changes:
-Added LDIF line wrapping setting
-Added libldap cert x500UniqueIdentifier handling
-Added libldap_r,libldap formal concurrency API
-Added slapadd attribute value checking
-Added slapcat continue mode for problematic DBs
-Added slapd syncrepl suffixmassage support
-Added slapd multiple listener threads
-Added slapd extensible match for ordering rules
-Added slapd-meta paged results control forwarding
-Added slapd-meta subtree-include support
-Added slapd-null back-config support
-Added slapd-sql autocommit support
-Added slapd-sql support for long long keys
-Added slapo-sssvlv multiple sorts per connection
-many bugfixes
-documentation improvements
approved by Geert Hendrickx (the MAINTAINER)
|
|
kerberos if Heimdal not found (only Samba support).
|
|
OpenLDAP 2.4.23 Release (2010/06/30)
Fixed libldap to return server's error code (ITS#6569)
Fixed libldap memleaks (ITS#6568)
Fixed liblutil off-by-one with delta (ITS#6541)
Fixed slapd acls with glued databases (ITS#6468)
Fixed slapd syncrepl rid logging (ITS#6533)
Fixed slapd modrdn handling of invalid values (ITS#6570)
Fixed slapd-bdb hasSubordinates computation (ITS#6549)
Fixed slapd-bdb to use memcpy instead for strcpy (ITS#6474)
Fixed slapd-bdb entry cache delete failure (ITS#6577)
Fixed slapd-ldap to return control responses (ITS#6530)
Fixed slapo-ppolicy to use Debug (ITS#6566)
Fixed slapo-refint to zero out freed DN vals (ITS#6572)
Fixed slapo-rwm to use Debug (ITS#6566)
Fixed slapo-sssvlv to use Debug (ITS#6566)
Fixed slapo-syncprov lost deletes in refresh phase (ITS#6555)
Fixed slapo-valsort to use Debug (ITS#6566)
Fixed contrib/nssov network.c missing patch (ITS#6562)
Build Environment
Fixed test043 attribute sorting (ITS#6553)
Documentation
slapd-config(5) note default rootdn (ITS#6546)
OpenLDAP 2.4.22 Release (2010/04/24)
Added slapd SLAP_SCHEMA_EXPOSE flag for hidden schema elements (ITS#6435)
Added slapd tools selective iterations (ITS#6442)
Added slapd syncrepl TCP keepalive (ITS#6389)
Added slapo-ldap idassert-passthru (ITS#6456)
Added slapo-pbind
Fixed libldap gmtime re-entrancy (ITS#6262)
Fixed libldap gssapi off by one error (ITS#6223)
Fixed libldap GnuTLS serial length (ITS#6460)
Fixed libldap MozNSS context and PEM support (ITS#6432)
Fixed libldap referral on bind behavior(ITS#6510)
Fixed slapd acl non-entry internal searches (ITS#6481)
Fixed slapd acl attrval style initialization (ITS#6520)
Fixed slapd certificateListValidate (ITS#6466)
Fixed slapd empty URI parsing (ITS#6465)
Fixed slapd glued misplaced entries (ITS#6506)
Fixed slapd glued paged cookies (ITS#6507)
Fixed slapd glued paged results (ITS#6504)
Fixed slapd gmtime re-entrancy (ITS#6262)
Fixed slapd to ignore controls with unrecognized flags (ITS#6480)
Fixed slapd entry ownership (ITS#5340)
Fixed slapd sasl auxprop_lookup (ITS#6441)
Fixed slapd sasl auxprop ssf (ITS#5195)
Fixed slapd syncrepl for attributes with no matching rule (ITS#6458)
Fixed slapd syncrepl for unknown attrs and delta-sync (ITS#6473)
Fixed slapd syncrepl loop with moddn (ITS#6472)
Fixed slapo-accesslog to not replicate internal purges (ITS#6519)
Fixed slapd-bdb contextCSN updates from updatedn (ITS#6469)
Fixed slapd-bdb lockobj zeroing (ITS#6501)
Fixed slapd-ldap/meta control criticality (ITS#6523)
Fixed slapd-ldap/meta with ordered values (ITS#6516)
Fixed slapo-collect entry ownership (ITS#5340,ITS#6423)
Fixed slapo-dds with NULL backend (ITS#6490)
Fixed slapo-dynlist entry ownership (ITS#5340,ITS#6423)
Fixed slapo-memberof attr count (ITS#6508)
Fixed slapo-pcache to release its own entries (ITS#6484)
Fixed slapo-pcache with NULL backend (ITS#6490)
Fixed slapo-rwm entry release handling (ITS#6484)
Fixed slapo-rwm memory handling with rewrites (ITS#6526)
Fixed slapo-rwm olcRwmMap handling (ITS#6436)
Fixed slapo-rwm entry ownership (ITS#5340,ITS#6423)
Fixed slapo-syncprov memory leak (ITS#6459)
Fixed slapo-translucent counter increment (ITS#6497)
Fixed slapo-valsort entry ownership (ITS#5340,ITS#6423)
Fixed contrib/sha2 adds mechs for more hashes (ITS#6433)
Fixed contrib/nssov to use nss-pam-ldapd (ITS#6488)
Build Environment
Added back-ldif, back-null test support (ITS#5810)
Documentation
admin24 avoid explicit moduleload statements (ITS#6486)
admin24 broken link fixes (ITS#6493,ITS#6515)
slapd.access(5) val.regex explanation (ITS#5804)
|
|
OpenLDAP 2.4.21 Release (2009/12/20)
Fixed liblutil for negative microsecond offsets (ITS#6405)
Fixed slapd global settings to work without restart (ITS#6428)
Fixed slapd looping with SSL/TLS connections (ITS#6412)
Fixed slapd syncrepl freeing tasks from queue (ITS#6413)
Fixed slapd syncrepl parsing of tls defaults (ITS#6419)
Fixed slapd syncrepl uninitialized variables (ITS#6425)
Fixed slapd-config Adds with Abstract classes (ITS#6408)
Fixed slapo-dynlist behavior with simple filters (ITS#6421)
Fixed slapd-ldif access outside database directory (ITS#6414)
Fixed slapd-null extraneous assert (ITS#6403)
Fixed slapo-translucent with back-null (ITS#6403)
Fixed slapo-unique criteria checking (ITS#6270)
Build Environment
Deleted broken LBER_INVALID macro (ITS#6402)
Fixed test058 kill usage (ITS#6420)
Fixed meta regression test (ITS#6418)
Documentation
slapd-meta(5) Note deprecated functions (ITS#6424)
admin24 fix set example for group of groups (ITS#6382)
admin24 fix dynamic group documentation (ITS#6290)
OpenLDAP 2.4.20 Release (2009/11/27)
Fixed client tools with LDAP options (ITS#6283)
Fixed liblber embedded NUL values in BerValues (ITS#6353)
Fixed liblber inverted LBER_USE_DER test (ITS#6348)
Fixed liblber to return failure on certain failures (ITS#6344)
Fixed libldap connection initialization (ITS#6386)
Fixed libldap sasl buffer sizing (ITS#6327,ITS#6334)
Fixed libldap uninitialized return value (ITS#6355)
Fixed libldap unlimited timeout (ITS#6388)
Added slapd handling of hex server IDs (ITS#6297)
Added slapd syncrepl contextCSN storing in subentry (ITS#6373)
Fixed slapd asserts in minimal environment (ITS#6361)
Fixed slapd authid-rewrite parsing (ITS#6392)
Fixed slapd checks of str2filter (ITS#6391)
Fixed slapd configArgs initialization (ITS#6363)
Fixed slapd debug handling of LDAP_DEBUG_ANY (ITS#6324)
Fixed slapd db_open with connection_fake_init (ITS#6381)
Fixed slapd with embedded \0 in bervals (ITS#6378,ITS#6379)
Fixed slapd inclusion of ac/unistd.h (ITS#6342)
Fixed slapd invalid dn log message (ITS#6309)
Fixed slapd lockup on shutdown (ITS#6372)
Fixed slapd onetime leak (ITS#6398)
Fixed slapd RID range to be decimal only (ITS#6394)
Fixed slapd sl_free to better reclaim memory (ITS#6380)
Fixed slapd syncrepl deletes in MirrorMode (ITS#6368)
Fixed slapd syncrepl to use correct SID (ITS#6367)
Fixed slapd termination for one level DNs (ITS#6338)
Fixed slapd tls_accept to retry in certain cases (ITS#6304)
Fixed slapd-bdb/hdb cache corruption (ITS#6341)
Fixed slapd-bdb/hdb entry cache (ITS#6360)
Fixed slapd-ldap leak (ITS#6326)
Fixed slapd-relay bind segfault (ITS#6337)
Fixed slapo-accesslog ensure CSNs are normalized (ITS#6400)
Fixed slapo-memberof operational attr updates (ITS#6329)
Fixed slapo-pcache entry dupe (ITS#6310)
Fixed slapo-syncprov checkpoint conversion (ITS#6370)
Fixed slapo-syncprov deadlock (ITS#6335)
Fixed slapo-syncprov memory leak (ITS#6376)
Fixed slapo-syncprov out of order changes (ITS#6346)
Fixed slapo-syncprov psearch with stale cookie (ITS#6397)
Build Environment
Added additional operations for ITS#6332
Fixed memrchr define (ITS#6351)
Fixed slapd MAXPATHLEN handling (ITS#6342)
Added test050 rapid add/mod/del sequence (ITS#6368)
Fixed test057 handling of memberof/refint (ITS#6343)
Fixed slapd test error ignoring (ITS#6345)
Fixed liblutil constant (ITS#5909)
Documentation
admin24 fix RFC4511 and other references (ITS#6399)
ldap_get_dn(3) typos (ITS#5366)
ldap.conf(5) clarify comment usage (ITS#6384)
slapd.conf(5) note hex server IDs (ITS#6297)
slapd-config(5) note hex server IDs (ITS#6297)
|
|
|
|
|
