Package: openldap / 2.4.47+dfsg-3+deb10u6

Metadata

Package Version Patches format
openldap 2.4.47+dfsg-3+deb10u6 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
man slapd | (download)

doc/man/man8/slapd.8 | 17 8 + 9 - 0 !
1 file changed, 8 insertions(+), 9 deletions(-)

---
evolution ntlm | (download)

include/ldap.h | 20 20 + 0 - 0 !
libraries/libldap/Makefile.in | 4 2 + 2 - 0 !
libraries/libldap/ntlm.c | 138 138 + 0 - 0 !
libraries/libldap_r/Makefile.in | 4 2 + 2 - 0 !
4 files changed, 162 insertions(+), 4 deletions(-)

---
slapi errorlog file | (download)

servers/slapd/slapi/slapi_overlay.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

---
ldapi socket place | (download)

include/ldap_defaults.h | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

---
wrong database location | (download)

doc/man/man5/slapd-bdb.5 | 2 1 + 1 - 0 !
doc/man/man5/slapd-config.5 | 2 1 + 1 - 0 !
doc/man/man5/slapd-mdb.5 | 2 1 + 1 - 0 !
doc/man/man5/slapd.conf.5 | 2 1 + 1 - 0 !
include/ldap_defaults.h | 2 1 + 1 - 0 !
servers/slapd/Makefile.in | 4 2 + 2 - 0 !
6 files changed, 7 insertions(+), 7 deletions(-)

---
index files created as root | (download)

doc/man/man8/slapindex.8 | 4 4 + 0 - 0 !
servers/slapd/slapindex.c | 2 2 + 0 - 0 !
2 files changed, 6 insertions(+)

---
sasl default path | (download)

include/ldap_defaults.h | 2 2 + 0 - 0 !
servers/slapd/sasl.c | 26 26 + 0 - 0 !
2 files changed, 28 insertions(+)

---
libldap symbol versions | (download)

build/openldap.m4 | 51 51 + 0 - 0 !
build/top.mk | 5 4 + 1 - 0 !
configure.in | 7 7 + 0 - 0 !
libraries/liblber/Makefile.in | 3 3 + 0 - 0 !
libraries/liblber/liblber.map | 8 8 + 0 - 0 !
libraries/libldap/Makefile.in | 3 3 + 0 - 0 !
libraries/libldap/libldap.map | 7 7 + 0 - 0 !
libraries/libldap_r/Makefile.in | 3 3 + 0 - 0 !
8 files changed, 86 insertions(+), 1 deletion(-)

---
getaddrinfo is threadsafe | (download)

libraries/libldap/os-ip.c | 6 0 + 6 - 0 !
libraries/libldap/util-int.c | 2 0 + 2 - 0 !
2 files changed, 8 deletions(-)

---
do not second guess sonames | (download)

libraries/libldap/cyrus.c | 22 0 + 22 - 0 !
servers/slapd/sasl.c | 20 0 + 20 - 0 !
2 files changed, 42 deletions(-)

---
contrib makefiles | (download)

contrib/slapd-modules/autogroup/Makefile | 4 2 + 2 - 0 !
contrib/slapd-modules/lastbind/Makefile | 4 2 + 2 - 0 !
contrib/slapd-modules/passwd/Makefile | 12 6 + 6 - 0 !
contrib/slapd-modules/passwd/pbkdf2/Makefile | 6 3 + 3 - 0 !
contrib/slapd-modules/passwd/sha2/Makefile | 4 2 + 2 - 0 !
contrib/slapd-modules/smbk5pwd/Makefile | 13 7 + 6 - 0 !
6 files changed, 22 insertions(+), 21 deletions(-)

---
smbk5pwd makefile manpage | (download)

contrib/slapd-modules/smbk5pwd/Makefile | 14 13 + 1 - 0 !
contrib/slapd-modules/smbk5pwd/slapo-smbk5pwd.5 | 179 179 + 0 - 0 !
2 files changed, 192 insertions(+), 1 deletion(-)

 [patch] contrib/smbk5pwd: add man page, install it too

Add a manual page slapo-smbk5pwd.5 and update smbk5pwd's Makefile to
install the new manual page.

This patch is derived from the corresponding patch upstreamed in ITS#8205


lastbind makefile manpage | (download)

contrib/slapd-modules/lastbind/Makefile | 14 13 + 1 - 0 !
1 file changed, 13 insertions(+), 1 deletion(-)

---
ldap conf tls cacertdir | (download)

doc/man/man5/ldap.conf.5 | 6 3 + 3 - 0 !
1 file changed, 3 insertions(+), 3 deletions(-)

---
add tlscacert option to ldap conf | (download)

libraries/libldap/ldap.conf | 4 4 + 0 - 0 !
1 file changed, 4 insertions(+)

---
fix build top mk | (download)

build/top.mk | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

---
no AM_INIT_AUTOMAKE | (download)

configure.in | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 don't use am_init_automake macro when we aren't using automake
 Calling AM_INIT_AUTOMAKE() in configure.in serves no purpose if we're not
 using automake, and it confuses autoreconf.  Use AC_INIT() instead.
switch to lt_dlopenadvise to get RTLD_GLOBAL set.diff | (download)

servers/slapd/module.c | 16 15 + 1 - 0 !
1 file changed, 15 insertions(+), 1 deletion(-)

 switch to lt_dlopenadvise() so back_perl can be opened with rtld_global.    
 Open all modules with RTLD_GLOBAL, needed so that back_perl can load
 non-trivial Perl extensions that require symbols from back_perl.so itself.
Bug-Debian: http://bugs.debian.org/327585


no bdb ABI second guessing | (download)

servers/slapd/back-bdb/init.c | 13 1 + 12 - 0 !
1 file changed, 1 insertion(+), 12 deletions(-)

 don't second-guess bdb abi
 OpenLDAP upstream conservatively assumes that any change to the version
 number of libdb can result in an API-breaking change that could impact
 the database.  In Debian, we know that such changes require bumping the
 library soname and changing the package name, and demand such rigor from
 our package maintainers even when upstreams don't deliver; so any such
 check in the source code works against the packaging system by forcing
 database upgrades when we know none are required.  Disable this check
 so we rely on the packaging system to do its job.
Bug-Debian: http://bugs.debian.org/651333
ITS6035 olcauthzregex needs restart.patch | (download)

doc/man/man5/slapd-config.5 | 4 4 + 0 - 0 !
1 file changed, 4 insertions(+)

---
set maintainer name | (download)

build/mkversion | 7 1 + 6 - 0 !
1 file changed, 1 insertion(+), 6 deletions(-)

---
no gnutls_global_set_mutex | (download)

libraries/libldap/tls_g.c | 43 1 + 42 - 0 !
1 file changed, 1 insertion(+), 42 deletions(-)

 do not call gnutls_global_set_mutex()
 Since GnuTLS moved to implicit initialization on library load, calling 
 this function deinitializes GnuTLS and then re-initializes it.
 .
 When GnuTLS uses /dev/urandom as an entropy source (getrandom() not 
 available, or older versions of GnuTLS), and the application closed all 
 file descriptors at startup, this could result in GnuTLS opening 
 /dev/urandom over one of the application's file descriptors when 
 re-initialized.
 .
 Additionally, the custom mutex functions are never reset, so if libldap 
 is unloaded (for example via dlclose()) after calling this, its code 
 may be unmapped and the application could crash when GnuTLS calls the 
 mutex functions.
 .
 The default behaviour of GnuTLS, using pthreads, should be suitable on 
 all Debian systems, and is probably the same as what libldap uses 
 anyway.
ITS 9038 restrict rootDN proxyauthz to its own DBs.patch | (download)

servers/slapd/saslauthz.c | 11 6 + 5 - 0 !
1 file changed, 6 insertions(+), 5 deletions(-)

 [patch] its#9038 restrict rootdn proxyauthz to its own dbs.

Treat as normal user for any other DB.

ITS 9038 Update test028 to test this is enforced.patch | (download)

tests/data/idassert.out | 5 5 + 0 - 0 !
tests/data/slapd-idassert.conf | 1 1 + 0 - 0 !
tests/data/test-idassert1.ldif | 6 6 + 0 - 0 !
tests/scripts/test028-idassert | 24 24 + 0 - 0 !
4 files changed, 36 insertions(+)

 [patch] its#9038 update test028 to test this is enforced


ITS 9038 Fix typo in test script.patch | (download)

tests/scripts/test028-idassert | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 [patch] its#9038 fix typo in test script


ITS 9038 Another test028 typo.patch | (download)

tests/scripts/test028-idassert | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 [patch] its#9038 another test028 typo


ITS 9052 zero out sasl_ssf in connection_init.patch | (download)

servers/slapd/connection.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 [patch] its#9052 zero out sasl_ssf in connection_init


ITS 8964 Do not free original filter.patch | (download)

servers/slapd/overlays/rwm.c | 12 8 + 4 - 0 !
1 file changed, 8 insertions(+), 4 deletions(-)

 [patch] its#8964 do not free original filter


ITS 9202 limit depth of nested filters.patch | (download)

servers/slapd/filter.c | 41 32 + 9 - 0 !
1 file changed, 32 insertions(+), 9 deletions(-)

 [patch] its#9202 limit depth of nested filters

Using a hardcoded limit for now; no reasonable apps
should ever run into it.

ITS 9370 check for equality rule on old_rdn.patch | (download)

servers/slapd/modrdn.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 [patch] its#9370 check for equality rule on old_rdn

Just skip normalization if there's no equality rule. We accept
DNs without equality rules already.

ITS 9383 remove assert in certificateListValidate.patch | (download)

servers/slapd/schema_init.c | 3 1 + 2 - 0 !
1 file changed, 1 insertion(+), 2 deletions(-)

 [patch] its#9383 remove assert in certificatelistvalidate


ITS 9384 remove assert in obsolete csnNormalize23.patch | (download)

servers/slapd/schema_init.c | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 [patch] its#9384 remove assert in obsolete csnnormalize23()


ITS 9404 fix serialNumberAndIssuerCheck.patch | (download)

servers/slapd/schema_init.c | 9 6 + 3 - 0 !
1 file changed, 6 insertions(+), 3 deletions(-)

 [patch] its#9404 fix serialnumberandissuercheck

Tighten validity checks

ITS 9406 9407 remove saslauthz asserts.patch | (download)

servers/slapd/saslauthz.c | 19 13 + 6 - 0 !
1 file changed, 13 insertions(+), 6 deletions(-)

 [patch 1/2] its#9406, #9407 remove saslauthz asserts


ITS 9406 fix debug msg.patch | (download)

servers/slapd/saslauthz.c | 3 2 + 1 - 0 !
1 file changed, 2 insertions(+), 1 deletion(-)

 [patch 2/2] its#9406 fix debug msg


ITS 9408 fix vrfilter double free.patch | (download)

servers/slapd/controls.c | 5 4 + 1 - 0 !
1 file changed, 4 insertions(+), 1 deletion(-)

 [patch] its#9408 fix vrfilter double-free


ITS 9409 saslauthz use ch_free on normalized DN.patch | (download)

servers/slapd/saslauthz.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 [patch 2/2] its#9409 saslauthz: use ch_free on normalized dn


ITS 9409 saslauthz use slap_sl_free in prev commit.patch | (download)

servers/slapd/saslauthz.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 [patch] its#9409 saslauthz: use slap_sl_free in prev commit


ITS 9411 fix thisUpdate check.patch | (download)

servers/slapd/schema_init.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 [patch] its#9411 fix thisupdate check


ITS 9412 fix AVA_Sort on invalid RDN.patch | (download)

servers/slapd/dn.c | 5 3 + 2 - 0 !
1 file changed, 3 insertions(+), 2 deletions(-)

 [patch] its#9412 fix ava_sort on invalid rdn


ITS 9413 fix slap_parse_user.patch | (download)

servers/slapd/saslauthz.c | 8 4 + 4 - 0 !
1 file changed, 4 insertions(+), 4 deletions(-)

 [patch] its#9413 fix slap_parse_user


ITS 9423 ldap_X509dn2bv check for invalid BER after .patch | (download)

libraries/libldap/tls2.c | 12 7 + 5 - 0 !
1 file changed, 7 insertions(+), 5 deletions(-)

 [patch] its#9423 ldap_x509dn2bv: check for invalid ber after rdn
 count


ITS 9424 fix serialNumberAndIssuerSerialCheck.patch | (download)

servers/slapd/schema_init.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 [patch] its#9424 fix serialnumberandissuerserialcheck


ITS 9425 add more checks to ldap_X509dn2bv.patch | (download)

libraries/libldap/tls2.c | 8 7 + 1 - 0 !
1 file changed, 7 insertions(+), 1 deletion(-)

 [patch] its#9425 add more checks to ldap_x509dn2bv


ITS 9427 fix issuerAndThisUpdateCheck.patch | (download)

servers/slapd/schema_init.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 [patch] its#9427 fix issuerandthisupdatecheck


ITS 9428 fix cancel exop.patch | (download)

servers/slapd/cancel.c | 5 5 + 0 - 0 !
1 file changed, 5 insertions(+)

 [patch] its#9428 fix cancel exop


ITS 9454 fix issuerAndThisUpdateCheck.patch | (download)

servers/slapd/schema_init.c | 2 2 + 0 - 0 !
1 file changed, 2 insertions(+)

 [patch] its#9454 fix issuerandthisupdatecheck