Package: openldap / 2.4.44+dfsg-5+deb9u3

Metadata

Package Version Patches format
openldap 2.4.44+dfsg-5+deb9u3 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
man slapd | (download)

doc/man/man8/slapd.8 | 17 8 + 9 - 0 !
1 file changed, 8 insertions(+), 9 deletions(-)

---
evolution ntlm | (download)

include/ldap.h | 20 20 + 0 - 0 !
libraries/libldap/Makefile.in | 4 2 + 2 - 0 !
libraries/libldap/ntlm.c | 138 138 + 0 - 0 !
libraries/libldap_r/Makefile.in | 4 2 + 2 - 0 !
4 files changed, 162 insertions(+), 4 deletions(-)

---
slapi errorlog file | (download)

servers/slapd/slapi/slapi_overlay.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

---
ldapi socket place | (download)

include/ldap_defaults.h | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

---
wrong database location | (download)

doc/man/man5/slapd-bdb.5 | 2 1 + 1 - 0 !
doc/man/man5/slapd-config.5 | 2 1 + 1 - 0 !
doc/man/man5/slapd-mdb.5 | 2 1 + 1 - 0 !
doc/man/man5/slapd.conf.5 | 2 1 + 1 - 0 !
include/ldap_defaults.h | 2 1 + 1 - 0 !
servers/slapd/Makefile.in | 4 2 + 2 - 0 !
6 files changed, 7 insertions(+), 7 deletions(-)

---
index files created as root | (download)

doc/man/man8/slapindex.8 | 4 4 + 0 - 0 !
servers/slapd/slapindex.c | 2 2 + 0 - 0 !
2 files changed, 6 insertions(+)

---
sasl default path | (download)

include/ldap_defaults.h | 2 2 + 0 - 0 !
servers/slapd/sasl.c | 26 26 + 0 - 0 !
2 files changed, 28 insertions(+)

---
libldap symbol versions | (download)

build/openldap.m4 | 51 51 + 0 - 0 !
build/top.mk | 5 4 + 1 - 0 !
configure.in | 7 7 + 0 - 0 !
libraries/liblber/Makefile.in | 3 3 + 0 - 0 !
libraries/liblber/liblber.map | 8 8 + 0 - 0 !
libraries/libldap/Makefile.in | 3 3 + 0 - 0 !
libraries/libldap/libldap.map | 7 7 + 0 - 0 !
libraries/libldap_r/Makefile.in | 3 3 + 0 - 0 !
8 files changed, 86 insertions(+), 1 deletion(-)

---
getaddrinfo is threadsafe | (download)

libraries/libldap/os-ip.c | 6 0 + 6 - 0 !
libraries/libldap/util-int.c | 2 0 + 2 - 0 !
2 files changed, 8 deletions(-)

---
do not second guess sonames | (download)

libraries/libldap/cyrus.c | 22 0 + 22 - 0 !
servers/slapd/sasl.c | 20 0 + 20 - 0 !
2 files changed, 42 deletions(-)

---
contrib modules use dpkg buildflags | (download)

contrib/slapd-modules/autogroup/Makefile | 4 2 + 2 - 0 !
contrib/slapd-modules/lastbind/Makefile | 4 2 + 2 - 0 !
contrib/slapd-modules/passwd/sha2/Makefile | 4 2 + 2 - 0 !
contrib/slapd-modules/smbk5pwd/Makefile | 4 2 + 2 - 0 !
4 files changed, 8 insertions(+), 8 deletions(-)

 pass cflags to contrib builds
 $(CFLAGS) is missing from the compiler invocations for autogroup and
 smbk5pwd, which means they're not being hardened.
smbk5pwd makefile | (download)

contrib/slapd-modules/smbk5pwd/Makefile | 25 13 + 12 - 0 !
1 file changed, 13 insertions(+), 12 deletions(-)

---
smbk5pwd makefile manpage | (download)

contrib/slapd-modules/smbk5pwd/Makefile | 14 13 + 1 - 0 !
contrib/slapd-modules/smbk5pwd/slapo-smbk5pwd.5 | 179 179 + 0 - 0 !
2 files changed, 192 insertions(+), 1 deletion(-)

 [patch] contrib/smbk5pwd: add man page, install it too

Add a manual page slapo-smbk5pwd.5 and update smbk5pwd's Makefile to
install the new manual page.

This patch is derived from the corresponding patch upstreamed in ITS#8205


autogroup makefile | (download)

contrib/slapd-modules/autogroup/Makefile | 14 7 + 7 - 0 !
1 file changed, 7 insertions(+), 7 deletions(-)

---
lastbind makefile | (download)

contrib/slapd-modules/lastbind/Makefile | 14 7 + 7 - 0 !
1 file changed, 7 insertions(+), 7 deletions(-)

---
lastbind makefile manpage | (download)

contrib/slapd-modules/lastbind/Makefile | 14 13 + 1 - 0 !
1 file changed, 13 insertions(+), 1 deletion(-)

---
pw sha2 makefile | (download)

contrib/slapd-modules/passwd/sha2/Makefile | 14 7 + 7 - 0 !
1 file changed, 7 insertions(+), 7 deletions(-)

---
ldap conf tls cacertdir | (download)

doc/man/man5/ldap.conf.5 | 6 3 + 3 - 0 !
1 file changed, 3 insertions(+), 3 deletions(-)

---
add tlscacert option to ldap conf | (download)

libraries/libldap/ldap.conf | 4 4 + 0 - 0 !
1 file changed, 4 insertions(+)

---
fix build top mk | (download)

build/top.mk | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

---
no AM_INIT_AUTOMAKE | (download)

configure.in | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 don't use am_init_automake macro when we aren't using automake
 Calling AM_INIT_AUTOMAKE() in configure.in serves no purpose if we're not
 using automake, and it confuses autoreconf.  Use AC_INIT() instead.
switch to lt_dlopenadvise to get RTLD_GLOBAL set.diff | (download)

servers/slapd/module.c | 16 15 + 1 - 0 !
1 file changed, 15 insertions(+), 1 deletion(-)

 switch to lt_dlopenadvise() so back_perl can be opened with rtld_global.    
 Open all modules with RTLD_GLOBAL, needed so that back_perl can load
 non-trivial Perl extensions that require symbols from back_perl.so itself.
Bug-Debian: http://bugs.debian.org/327585


no bdb ABI second guessing | (download)

servers/slapd/back-bdb/init.c | 13 1 + 12 - 0 !
1 file changed, 1 insertion(+), 12 deletions(-)

 don't second-guess bdb abi
 OpenLDAP upstream conservatively assumes that any change to the version
 number of libdb can result in an API-breaking change that could impact
 the database.  In Debian, we know that such changes require bumping the
 library soname and changing the package name, and demand such rigor from
 our package maintainers even when upstreams don't deliver; so any such
 check in the source code works against the packaging system by forcing
 database upgrades when we know none are required.  Disable this check
 so we rely on the packaging system to do its job.
Bug-Debian: http://bugs.debian.org/651333
heimdal fix | (download)

contrib/slapd-modules/smbk5pwd/smbk5pwd.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 adapt parameters of hdb_generate_key_set_password() to heimdal 1.6~git20120311
 .
 With version heimdal 1.6~git20120311 heimdal schanged the number of parameters
 of function hdb_generate_key_set_password(), implementing a fallback to "default"
 values when NULL-values are passed for these parameters.
 .
 This patch does exactly that.
 .
Bug-Debian: 664930
ITS6035 olcauthzregex needs restart.patch | (download)

doc/man/man5/slapd-config.5 | 4 4 + 0 - 0 !
1 file changed, 4 insertions(+)

---
set maintainer name | (download)

build/mkversion | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

---
ITS 8554 kFreeBSD is like BSD.patch | (download)

libraries/liblmdb/mdb.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 [patch] its#8554 kfreebsd is like bsd

Doesn't have POSIX robust mutexes - GNU userland on BSD kernel

ITS 8644 wait for slapd to start in test064.patch | (download)

tests/scripts/test064-constraint | 17 17 + 0 - 0 !
1 file changed, 17 insertions(+)

 [patch] its#8644 wait for slapd to start in test064


ITS 8655 paged results double free.patch | (download)

servers/slapd/back-mdb/search.c | 3 2 + 1 - 0 !
1 file changed, 2 insertions(+), 1 deletion(-)

 [patch] its#8655 fix double free on paged search with pagesize 0

Fixes a double free when a search includes the Paged Results control
with a page size of 0 and the search base matches the filter.

ITS 8385 Fix use after free with GnuTLS.patch | (download)

libraries/libldap/tls_g.c | 18 10 + 8 - 0 !
1 file changed, 10 insertions(+), 8 deletions(-)

 [patch] its#8385 fix use-after-free with gnutls


ITS 8432 fix infinite looping mods in delta mmr.patch | (download)

servers/slapd/syncrepl.c | 32 32 + 0 - 0 !
1 file changed, 32 insertions(+)

 [patch] its#8432 fix infinite looping mods in delta-mmr


ITS 8648 check result of ldap_int_initialize in ldap.patch | (download)

libraries/libldap/options.c | 4 4 + 0 - 0 !
1 file changed, 4 insertions(+)

 [patch] its#8648 check result of ldap_int_initialize in
 ldap_{get,set}_option


ITS 8648 init SASL library in global init.patch | (download)

libraries/libldap/cyrus.c | 17 3 + 14 - 0 !
libraries/libldap/init.c | 6 6 + 0 - 0 !
2 files changed, 9 insertions(+), 14 deletions(-)

 [patch] its#8648 init sasl library in global init


ITS 8444 Do not clear the pending operation when che.patch | (download)

servers/slapd/overlays/syncprov.c | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 [patch] its#8444 do not clear the pending operation when
 checkpointing

When a checkpoint happens, if we remove the CSN from the pending list,
accesslog won't pass it onto the accesslog DB. But in a delta-mmr
scenario, an accesslog entry without a CSN faces a race where it might
be applied twice - that usually fails and causes a full refresh, other
times it can cause a silent desync - both are undesirable.

ITS 9038 restrict rootDN proxyauthz to its own DBs.patch | (download)

servers/slapd/saslauthz.c | 11 6 + 5 - 0 !
1 file changed, 6 insertions(+), 5 deletions(-)

 [patch] its#9038 restrict rootdn proxyauthz to its own dbs.

Treat as normal user for any other DB.

ITS 9038 Update test028 to test this is enforced.patch | (download)

tests/data/idassert.out | 5 5 + 0 - 0 !
tests/data/slapd-idassert.conf | 1 1 + 0 - 0 !
tests/data/test-idassert1.ldif | 6 6 + 0 - 0 !
tests/scripts/test028-idassert | 24 24 + 0 - 0 !
4 files changed, 36 insertions(+)

 [patch] its#9038 update test028 to test this is enforced


ITS 9038 Fix typo in test script.patch | (download)

tests/scripts/test028-idassert | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 [patch] its#9038 fix typo in test script


ITS 9038 Another test028 typo.patch | (download)

tests/scripts/test028-idassert | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 [patch] its#9038 another test028 typo


ITS 9052 zero out sasl_ssf in connection_init.patch | (download)

servers/slapd/connection.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 [patch] its#9052 zero out sasl_ssf in connection_init


ITS 8964 Do not free original filter.patch | (download)

servers/slapd/overlays/rwm.c | 12 8 + 4 - 0 !
1 file changed, 8 insertions(+), 4 deletions(-)

 [patch] its#8964 do not free original filter