Aren/NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
265,883 Commits 606 Branches 0 Tags 3.1 GiB
9fcfb587d6
Commit Graph

33 Commits

Author SHA1 Message Date
christos
fbfb70ad60 merge conflicts 2018-02-06 01:57:23 +00:00
christos
648e71e52f OpenLDAP 2.4.45 Release (2017/06/01) 
Added slapd support for OpenSSL 1.1.0 series (ITS#8353, ITS#8533, ITS#8634)
	Fixed libldap to fail ldap_result if the handle is already bad (ITS#8585)
	Fixed libldap to expose error if user specified CA doesn't exist (ITS#8529)
	Fixed libldap handling of Diffie-Hellman parameters (ITS#7506)
	Fixed libldap GnuTLS use after free (ITS#8385)
	Fixed libldap SASL initialization (ITS#8648)
	Fixed slapd bconfig rDN escape handling (ITS#8574)
	Fixed slapd segfault with invalid hostname (ITS#8631)
	Fixed slapd sasl SEGV rebind in same session (ITS#8568)
	Fixed slapd syncrepl filter handling (ITS#8413)
	Fixed slapd syncrepl infinite looping mods with delta-sync MMR (ITS#8432)
	Fixed slapd callback struct so older modules without writewait should function.
                    Custom modules may need to be updated for sc_writewait callback (ITS#8435)
	Fixed slapd-ldap/meta broken LDAP_TAILQ macro (ITS#8576)
	Fixed slapd-mdb so it passes ITS6794 regression test (ITS#6794)
	Fixed slapd-mdb double free with size zero paged result (ITS#8655)
	Fixed slapd-meta uninitialized diagnostic message (ITS#8442)
	Fixed slapo-accesslog to honor pauses during purge for cn=config update (ITS#8423)
	Fixed slapo-accesslog with multiple modifications to the same attribute (ITS#6545)
	Fixed slapo-relay to correctly initialize sc_writewait (ITS#8428)
	Fixed slapo-sssvlv double free (ITS#8592)
	Fixed slapo-unique with empty modifications (ITS#8266)
	Build Environment
		Added test065 for proxyauthz (ITS#8571)
		Fix test008 to be portable (ITS#8414)
		Fix test064 to wait for slapd to start (ITS#8644)
		Fix its4336 regression test (ITS#8534)
		Fix its4337 regression test (ITS#8535)
		Fix regression tests to execute on all backends (ITS#8539)
	Contrib
		Added slapo-autogroup(5) man page (ITS#8569)
		Added passwd missing conversion scripts for apr1 (ITS#6826)
		Fixed contrib modules where the writewait callback was not correctly initialized (ITS#8435)
		Fixed smbk5pwd to build with newer OpenSSL releases (ITS#8525)
	Documentation
		admin24 fixed tls_cipher_suite bindconf option (ITS#8099)
		admin24 fixed typo cn=config to be slapd.d (ITS#8449)
		admin24 fixed slapo-syncprov information to be curent (ITS#8253)
		admin24 fixed typo in access control docs (ITS#7341, ITS#8391)
		admin24 fixed minor typo in tuning guide (ITS#8499)
		admin24 fixed information about the limits option (ITS#7700)
		admin24 fixed missing options for syncrepl configuration (ITS#7700)
		admin24 fixed accesslog documentation to note it should not be replicated (ITS#8344)
		Fixed ldap.conf(5) missing information on SASL_NOCANON option (ITS#7177)
		Fixed ldapsearch(1) information on the V[V] flag behavior (ITS#7177, ITS#6339)
		Fixed slapd-config(5), slapd.conf(5) clarification on interval keyword for refreshAndPersist (ITS#8538)
		Fixed slapd-config(5), slapd.conf(5) clarify serverID requirements (ITS#8635)
		Fixed slapd-config(5), slapd.conf(5) clarification on loglevel settings (ITS#8123)
		Fixed slapo-ppolicy(5) to clearly note rootdn requirement (ITS#8565)
		Fixed slapo-memberof(5) to note it is not safe to use with replication (ITS#8613)
		Fixed slapo-syncprov(5) documentation to be current (ITS#8253)
		Fixed slapadd(8) manpage to note slapd-mdb (ITS#8215)
		Fixed various minor grammar issues in the man pages (ITS#8544)
		Fixed various typos (ITS#8587)
 2018-02-06 01:53:05 +00:00
christos
e877fc1615 resolve conflict 2017-02-09 02:20:33 +00:00
christos
915bea738c merge conflicts 2017-02-09 01:53:50 +00:00
christos
376af7d777 OpenLDAP 2.4 Change Log 
OpenLDAP 2.4.44 Release (2016/02/05)
	Fixed slapd-bdb/hdb missing olcDbChecksum config attr (ITS#8337)
	Fixed slapd-mdb behavior with long lived read transactions (ITS#8226)
	Fixed slapd-mdb cleanup after failed transaction (ITS#8360)
	Fixed slapd-sql missing id_query/olcSqlIdQuery (ITS#8329)
	Fixed slapo-accesslog callback initialization (ITS#8351)
	Fixed slapo-ppolicy pwdMaxRecordedFailure must never be zero (ITS#8327)
	Fixed slapo-syncprov abandon processing (ITS#8354)
	Fixed slapo-syncprov ctxcsn snapshot on refresh (ITS#8281, ITS#8365)
	Documentation
		admin24 Stop linking to Berkeley DB downloads (ITS#8362)
		admin24 Update documentation for LMDB preference

OpenLDAP 2.4.43 Release (2015/11/30)
	Fixed liblber remove obsolete assert (ITS#8240, ITS#8301)
	Fixed libldap file URLs on windows (ITS#8273)
	Fixed libldap microsecond timer for windows (ITS#8295)
	Fixed slap tools minor one time memory leak (ITS#8082)
	Fixed slapd to avoid redundant processing of abandon ops (ITS#8232)
	Fixed slapd syncrepl segv when present list is NULL (ITS#8231, ITS#8042)
	Fixed slapd segfault with invalid SASL URI (ITS#8218)
	Fixed slapd configuration parser with unbalanced quotes (ITS#8233)
	Fixed slapd syncrepl check with config db on windows (ITS#8277)
	Fixed slapd with mod Increment and inherited attribute type (ITS#8289)
	Fixed slapd-ldap SEGV after failed retry (ITS#8173)
	Fixed slapd-ldap to skip client controls in ldap_back_entry_get (ITS#8244)
	Fixed slapd-null to have an option to return a search entry (ITS#8249)
	Fixed slapd-relay to correctly handle quoted options (ITS#8284)
	Fixed slapo-accesslog delta-sync MMR with interrupted refresh phase (ITS#8281)
	Fixed slapo-dds segfault when using slapo-memberof (ITS#8133)
	Fixed slapo-ppolicy to allow purging of stale pwdFailureTime attributes (ITS#8185)
	Fixed slapo-ppolicy to release entry on failure (ITS#7537)
	Fixed slapo-ppolicy to fall back to default policy if there is a parsing error (ITS#8234)
	Fixed slapo-syncprov with interrupted refresh phase (ITS#8281)
	Fixed slapo-refint with subtree renames (ITS#8220)
	Fixed slapo-rwm missing olcDropUnrequested attribute (ITS#7889)
	Fixed slapo-rwm parsing to avoid double-escaping rewrite rules (ITS#7964)
	Build Environment
		Fixed ldif-filter option parsing (ITS#8292)
		Fixed slapd-tester EOL handling in test output for windows (ITS#8280)
		Fixed slapd-tester executable suffix for windows (ITS#8216)
		Fixed test061 timing issues (ITS#8297)
	Contrib
		Added libnettle support to pw-pbkdf2 (ITS#8198)
		Fixed smbk5pwd compiler warnings with libnettle (ITS#8235)
		Fixed passwd symbol collisions with other crypto libraries (ITS#8294)
	Documentation
		Updated guide to reflect changes to how TLS is handled with syncrepl (ITS#7897)

OpenLDAP 2.4.42 Release (2015/08/14)
	Fixed liblber address length for CLDAP (ITS#8158)
	Fixed libldap dnssrv potential overflow with port number (ITS#7027,ITS#8195)
	Fixed slapd cn=config when updating olcAttributeTypes (ITS#8199)
	Fixed slapd-mdb to correctly update search candidates for scoped searches (ITS#8203)
	Fixed slapo-ppolicy with redundant mod ops on glued trees (ITS#8184)
	Fixed slapo-rwm crash when deleting rewrite rules (ITS#8213)
	Build Environment
		Fixed libdb detection with gcc 5.x (ITS#8056)

OpenLDAP 2.4.41 Release (2015/06/21)
	Fixed ldapsearch to explicitly flush its buffer (ITS#8118)
	Fixed libldap async connections (ITS#8090)
	Fixed libldap double free of request during abandon (ITS#7967)
	Fixed libldap error string for LDAP_X_CONNECTING (ITS#8093)
	Fixed libldap segfault in ldap_sync_initialize (ITS#8001)
	Fixed libldap ldif-wrap off by one error (ITS#8003)
	Fixed libldap handling of TLS in async mode (ITS#8022)
	Fixed libldap null pointer dereference (ITS#8028)
	Fixed libldap mutex handling with LDAP_OPT_SESSION_REFCNT (ITS#8050)
	Fixed slapd slapadd config db import of minimal frontend entry (ITS#8150)
	Fixed slapd slapadd onetime leak with -w (ITS#8014)
	Fixed slapd sasl auxprop crash with invalid config (ITS#8092)
	Fixed slapd syncrepl delta-mmr issue with overlays and slapd.conf (ITS#7976)
	Fixed slapd syncrepl mutex for cookie state (ITS#7968)
	Fixed slapd syncrepl memory leaks (ITS#8035)
	Fixed slapd syncrepl to free presentlist at end of refresh mode (ITS#8038)
	Fixed slapd syncrepl to streamline presentlist (ITS#8042)
	Fixed slapd syncrepl concurrency when CHECK_CSN is enabled (ITS#8120)
	Fixed slapd rootdn checks for hidden backends (ITS#8108)
	Fixed slapd segfault when using matched values control (ITS#8046)
	Fixed slapd-ldap reconnection behavior on remote failure (ITS#8142)
	Fixed slapd-mdb minor case typo (ITS#8049)
	Fixed slapd-mdb one-level search (ITS#7975)
	Fixed slapd-mdb heap corruption (ITS#7965)
	Fixed slapd-mdb crash after deleting in-use schema (ITS#7995)
	Fixed slapd-mdb minor code cleanup (ITS#8011)
	Fixed slapd-mdb to return errors when using incorrect env flags (ITS#8016)
	Fixed slapd-mdb to correctly update search candidates (ITS#8036, ITS#7904)
	Fixed slapd-mdb when there were more than 65535 aliases in scope (ITS#8103)
	Fixed slapd-mdb alias deref when objectClass is not indexed (ITS#8146)
	Fixed slapd-meta TLS initialization with ldaps URIs (ITS#8022)
	Fixed slapd-meta to have better error logging (ITS#8131)
	Fixed slapd-perl conversion to cn=config (ITS#8105)
	Fixed slapd-sql autocommit config variable (ITS#8129,ITS#6613)
	Fixed slapo-collect segfault (ITS#7797)
	Fixed slapo-constraint with 0 count constraint (ITS#7780,ITS#7781)
	Fixed slapo-deref with empty attribute list (ITS#8027)
	Fixed slapo-memberof to correctly reject invalid members (ITS#8107)
	Fixed slapo-sock result parser for CONTINUE (ITS#8048)
	Fixed slapo-syncprov synprov_matchops usage of test_filter (ITS#8013)
	Fixed slapo-syncprov segfault on disconnect/abandon (ITS#5452,ITS#8012)
	Fixed slapo-syncprov memory leak (ITS#8039)
	Fixed slapo-syncprov segfault on disconnect/abandon (ITS#8043)
	Fixed slapo-syncprov deadlock when autogroup is in use (ITS#8063)
	Fixed slapo-syncprov potential loss of changes when under load (ITS#8081)
	Fixed slapo-unique enforcement of uniqueness with manageDSAit control (ITS#8057)
	Build Environment
		Fixed ftello reference for Win32 (ITS#8127)
		Enhanced contrib modules build paths (ITS#7782)
		Fixed contrib/autogroup internal operation identity (ITS#8006)
		Fixed contrib/autogroup to skip internal ops with accesslog (ITS#8065)
		Fixed contrib/passwd/sha2 compiler warning (ITS#8000)
		Fixed contrib/noopsrch compiler warning (ITS#7998)
		Fixed contrib/dupent compiler warnings (ITS#7997)
		Test suite: Added vrFilter test (ITS#8046)
	Contrib
		Added pbkdf2 sha256 and sha512 schemes (ITS#7977)
		Fixed autogroup modification callback responses (ITS#6970)
		Fixed nssov compare with usergroup (ITS#8079)
		Fixed nssov password change behavior (ITS#8080)
		Fixed nssov updated to 0.9.4 (ITS#8097)
	Documentation
		Added ldap_get_option(3) LDAP_FEATURE_INFO_VERSION information (ITS#8032)
		Added ldap_get_option(3) LDAP_OPT_API_INFO_VERSION information (ITS#8032)
		Fixed slapd-config(5), slapd.conf(5) tls_cipher_suite option (ITS#8099)
		Fixed slapd-meta(5), slapd-ldap(5) tls_cipher_suite option (ITS#8099)
		Fixed slapd-meta(5) fix minor typo (ITS#7769)

OpenLDAP 2.4.40 Release (2014/09/20)
	Fixed libldap DNS SRV priority handling (ITS#7027)
	Fixed libldap don't leak libldap err codes (ITS#7676)
	Fixed libldap CR/LF handling (ITS#4635)
	Fixed libldap ldif-wrap length (ITS#7871)
	Fixed libldap GnuTLS ciphersuite parsing (ITS#7500)
	Fixed libldap GnuTLS with newer versions (ITS#7430,ITS#6359)
	Fixed libldif to correctly handle 4096 character lines (ITS#7859)
	Fixed librewrite reference counting (ITS#7723)
	Fixed slapacl with back-mdb reader transactions (ITS#7920)
	Fixed slapd syncrepl to send cookie on fallback (ITS#7849)
	Fixed slapd syncrepl SEGV when abandoning a connection (ITS#7928)
	Fixed slapd slapcat with external schema (ITS#7895)
	Fixed slapd schema RDN normalization (ITS#7935)
	Fixed slapd with repeated language tags (ITS#7941)
	Fixed slapd modrdn crash on naming attr with no matching rule (ITS#7850)
	Fixed slapd memory leak in control handling (ITS#7942)
	Fixed slapd-ldap removed dead code (ITS#7922)
	Fixed slapd-mdb to work concurrently with slapadd (ITS#7798)
	Fixed slapd-mdb with paged results (ITS#7705, ITS#7800)
	Fixed slapd-mdb slapcat with nonexistent indices (ITS#7870)
	Fixed slapd-mdb long lived reader transactions (ITS#7904)
	Fixed slapd-mdb memory leak on matchedDN (ITS#7872)
	Fixed slapd-mdb sorting of attribute values (ITS#7902)
	Fixed slapd-mdb to flag attribute values as sorted (ITS#7903)
	Fixed slapd-mdb index config handling (ITS#7912)
	Fixed slapd-mdb entry release handling (ITS#7915)
	Fixed slapd-mdb with aliases and referrals (ITS#7927)
	Fixed slapd-mdb alias dereferencing (ITS#7702)
	Fixed slapd-sock socket flushing (ITS#7937)
	Fixed slapo-accesslog attribute normalization (ITS#7934)
	Fixed slapo-accesslog internal search logging (ITS#7929)
	Fixed slapo-auditlog connection destroy logic (ITS#7906,ITS#7923)
	Fixed slapo-chain interaction with slapo-rwm (ITS#7930)
	Fixed slapo-constraint connection destroy logic (ITS#7906,ITS#7923)
	Fixed slapo-dds connection destroy logic (ITS#7906,ITS#7923)
	Fixed slapo-dyngroup connection destroy logic (ITS#7906,ITS#7923)
	Fixed slapo-memberof attr count (ITS#7893)
	Fixed slapo-memberof frontendDB handling (ITS#7249)
	Fixed slapo-memberof internal search logging (ITS#7929)
	Fixed slapo-pcache config processing (ITS#7919)
	Fixed slapo-pcache connection destroy logic (ITS#7906,ITS#7923)
	Added slapo-ppolicy ORDERING rules (ITS#7838)
	Fixed slapo-ppolicy timestamp resolution to use microseconds (ITS#7161)
	Fixed slapo-ppolicy connection destroy logic (ITS#7906,ITS#7923)
	Fixed slapo-refint to check for pauses in cn=config (ITS#7873)
	Fixed slapo-refint internal search logging (ITS#7929)
	Fixed slapo-refint connection destroy logic (ITS#7906,ITS#7923)
	Fixed slapo-seqmod connection destroy logic (ITS#7906,ITS#7923)
	Fixed slapo-slapover connection destroy logic (ITS#7906,ITS#7923)
	Fixed slapo-sock db_init (ITS#7868)
	Fixed slapo-sssvlv fix olcSssVlvMaxPerConn (ITS#7908)
	Fixed slapo-translucent double free (ITS#7587)
	Fixed slapo-translucent to work with manageDSAit (ITS#7864)
	Fixed slapo-translucent to use local backend with local entries (ITS#7915)
	Fixed slapo-unique connection destroy logic (ITS#7906,ITS#7923)
	Fixed slapcacl with invalid suffix (ITS#7827)
	Build Environment
		Remove support for gcrypt (ITS#7877)
		BDB 6.0.20 and later is not supported (ITS#7890)
		Fixed ODBC link check (ITS#7891)
		Fixed slapd.ldif frontend config (ITS#7933)
	Contrib
		Added pbkdf2 module (ITS#7742)
		Fixed autogroup double free (ITS#7831)
		Fixed autogroup modification callback responses (ITS#6970)
		Fixed ldapc++ memory leak in Async connection (ITS#7806)
		Fixed nssov install path (ITS#7858)
		Fixed passwd rpath (ITS#7885)
		Fixed apr1 do_phk_hash argument order (ITS#7869)
		Fixed slapd-sha2 buffer overrun (ITS#7851)
	Documentation
		Fixed slapd.ldif man page reference (ITS#7803)
		Fixed slapd.conf(5) man page to reference exattrs (ITS#7847)
		Fixed guide to work with mkrelease (ITS#7887)
		Fixed ldap_get_dn(3) ldap_ava definition (ITS#7860)
 2017-02-09 01:46:41 +00:00
sevan
cc576e1d8e Update supporting files for components which rely on autoconf to allow systems 
introducing since release of software to be recognised. This should hopefully
allow the builds to progress a littles further on systems such as the POWER8
which features a little endian 64-bit PowerPC CPU identified as ppc64le.
 2017-02-01 09:26:39 +00:00
joerg
1d7b126130 Logical negation binds stronger than bitwise and, which doesn't seem to 
be intended here.
 2016-11-02 13:15:53 +00:00
christos
a4efcfa6a1 Apply: http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;\ 
h=c32e74763f77675b9e144126e375977ed6dc562c
The deref overlay in slapd 2.4.13 through 2.4.40 dereferences a NULL
pointer when a search request includes the Deref control with an empty
list of attributes to return (missing input validation). [CVE-2015-1545]

XXX: Pullup-7
 2015-02-07 17:58:23 +00:00
christos
eae2dca513 Apply: http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;\ 
h=2f1a2dd329b91afe561cd06b872d09630d4edb6a

Certain search queries including the Matched Values control can trigger
a double free in slapd 2.4.40 when freeing operation controls. This is a
regression in 2.4.40, no earlier releases are affected. [CVE-1546]

XXX: Pullup-7
 2015-02-07 17:56:59 +00:00
tron
4385776513 Apply patch to fix CVE-2013-4449. This shouldn't be necessary as we don't 
build the server or its plug-ins. But it is better to be safe in case
this changes.
 2014-05-28 10:14:13 +00:00
tron
cb54be06bf Resolve conflicts from last import. 2014-05-28 10:12:43 +00:00
tron
d11b170b90 Import OpenLDAP version 2.4.39. The list of changes since version 2.4.23 
is too long to put here (over 650 lines of changelog).
 2014-05-28 09:58:17 +00:00
christos
5bdc0023c2 Kill CIRCLEQ, nothing uses it and it will not work with gcc-4.8, so avoid 
future accidents.
 2013-11-26 01:31:43 +00:00
joerg
22add3a49f Fix memset usage. 2011-07-01 02:01:21 +00:00
mrg
493d341048 various build fixes for gcc 4.5. from chuq. XXX i'm not sure all of 
these work properly wtf pointer aliasing, but there are no casts at
least...

the lib/libpuffs/puffs_priv.h is definately a real bug fix.

from chuq.
 2011-06-20 09:11:16 +00:00
joerg
fe030aa0ad Fix formatting of time_t 2011-05-24 16:03:15 +00:00
adam
4ecae53ae6 Use conditional WORDS_BIGENDIAN 2010-12-12 16:10:18 +00:00
adam
a8c4d9a88a Merge 2.4.23 2010-12-12 15:46:27 +00:00
adam
ef2f90d39c Imported openldap-2.4.23 2010-12-12 15:17:36 +00:00
mrg
657f450349 add a miss #ifdef HAVE_TLS, that fixes MKCRYPTO=no build in here. 2010-07-11 00:47:36 +00:00
lukem
e6632eb096 Disable HAVE_TLS here; we'll conditionally enable it in the Makefiles. 
Disable HAVE_FETCH; API appears to be incompatible
 2010-03-08 05:07:16 +00:00
lukem
4f33bfd95b fix const warning 2010-03-08 05:00:51 +00:00
lukem
f8fd1d3c37 include <ac/time.h> for timeval. 2010-03-08 04:58:18 +00:00
lukem
60134bf0d1 Merge 2.4.21 2010-03-08 03:47:40 +00:00
lukem
4e6df137e8 OpenLDAP 2.4.21. Numerous fixes, including: 
* properly handle NUL in CN of SSL certs (CVE-2009-3767)
 2010-03-08 02:14:20 +00:00
jnemeth
b006902069 PR/42873 - Henning Petersen -- missing ) 2010-02-23 16:35:06 +00:00
christos
ddb6af4806 catch up with openssl constification 2009-07-20 15:32:33 +00:00
lukem
5e376103b4 resolve conflicts between merge from 2.4.9 to 2.4.11 2008-08-13 04:15:48 +00:00
lukem
bb30016c94 Import OpenLDAP 2.4.11. 
Change from 2.4.9 relevant to our build:
	Fixed liblber ber_get_next length decoding (ITS#5580)
	Added libldap assertion control (ITS#5560)
	Fixed libldap GnuTLS CRL result handling (ITS#5577)
	Fixed libldap GnuTLS SSF computation (ITS#5585)
	Fixed liblutil missing return code (ITS#5615)
	Fixed libldap file descriptor leak with SELinux (ITS#5507)
	Fixed libldap ld_defconn cleanup if it was freed (ITS#5518, ITS#5525)
	Fixed libldap msgid handling (ITS#5318)
	Fixed libldap t61 infinite loop (ITS#5542)
	Fixed libldap_r missing stubs (ITS#5519)
 2008-07-17 04:32:57 +00:00
perry
29ae1ed693 Don't burn the date and time and build userid and build path into the 
ldap executables.

Part of the effort to make bit-identical sources produce bit-identical
binaries.
 2008-07-15 18:38:38 +00:00
lukem
2de962bd80 OpenLDAP 2.4.9 2008-05-22 14:20:36 +00:00
lukem
098ab8e3fa Add a missing cast. 2008-05-22 13:23:48 +00:00
lukem
9f0dc52f94 Don't add the date to the generated file. 2008-05-22 13:21:32 +00:00