Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.netbsd.org", Issuer "Postmaster NetBSD.org" (verified OK)) by mollari.NetBSD.org (Postfix) with ESMTPS id 26C287A1FF for ; Fri, 2 Jun 2017 08:30:00 +0000 (UTC) Received: by mail.netbsd.org (Postfix, from userid 605) id 848F784DA3; Fri, 2 Jun 2017 08:29:59 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 0FC0784D95 for ; Fri, 2 Jun 2017 08:29:59 +0000 (UTC) X-Virus-Scanned: amavisd-new at netbsd.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.netbsd.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id JZ5icda83xrS for ; Fri, 2 Jun 2017 08:29:57 +0000 (UTC) Received: from cvs.NetBSD.org (ivanova.netbsd.org [199.233.217.197]) by mail.netbsd.org (Postfix) with ESMTP id 8C55584CE0 for ; Fri, 2 Jun 2017 08:29:57 +0000 (UTC) Received: by cvs.NetBSD.org (Postfix, from userid 500) id 865DAFBEE; Fri, 2 Jun 2017 08:29:57 +0000 (UTC) Content-Transfer-Encoding: 7bit Content-Type: multipart/mixed; boundary="_----------=_1496392197195430" MIME-Version: 1.0 Date: Fri, 2 Jun 2017 08:29:57 +0000 From: "Adam Ciarcinski" Subject: CVS commit: pkgsrc/databases To: pkgsrc-changes@NetBSD.org Reply-To: adam@netbsd.org X-Mailer: log_accum Message-Id: <20170602082957.865DAFBEE@cvs.NetBSD.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: pkgsrc-changes.NetBSD.org Precedence: bulk List-Unsubscribe: This is a multi-part message in MIME format. --_----------=_1496392197195430 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" Module Name: pkgsrc Committed By: adam Date: Fri Jun 2 08:29:57 UTC 2017 Modified Files: pkgsrc/databases/openldap: Makefile Makefile.version distinfo pkgsrc/databases/openldap-client: Makefile pkgsrc/databases/openldap-cloak: Makefile pkgsrc/databases/openldap-doc: distinfo pkgsrc/databases/openldap-nops: Makefile pkgsrc/databases/openldap-server: Makefile pkgsrc/databases/openldap-smbk5pwd: Makefile pkgsrc/databases/openldap/patches: patch-ag patch-its7595 Removed Files: pkgsrc/databases/openldap/patches: patch-contrib_modules_smbk5pwd-smbk5pwd.c patch-its7506 patch-libraries_liblmdb_mdb.c Log Message: OpenLDAP 2.4.45 Release (2017/06/01) Added slapd support for OpenSSL 1.1.0 series (ITS-8353, ITS-8533, ITS-8634) Fixed libldap to fail ldap_result if the handle is already bad (ITS-8585) Fixed libldap to expose error if user specified CA doesn't exist (ITS-8529) Fixed libldap handling of Diffie-Hellman parameters (ITS-7506) Fixed libldap GnuTLS use after free (ITS-8385) Fixed libldap SASL initialization (ITS-8648) Fixed slapd bconfig rDN escape handling (ITS-8574) Fixed slapd segfault with invalid hostname (ITS-8631) Fixed slapd sasl SEGV rebind in same session (ITS-8568) Fixed slapd syncrepl filter handling (ITS-8413) Fixed slapd syncrepl infinite looping mods with delta-sync MMR (ITS-8432) Fixed slapd callback struct so older modules without writewait should function. Custom modules may need to be updated for sc_writewait callback (ITS-8435) Fixed slapd-ldap/meta broken LDAP_TAILQ macro (ITS-8576) Fixed slapd-mdb so it passes ITS6794 regression test (ITS-6794) Fixed slapd-mdb double free with size zero paged result (ITS-8655) Fixed slapd-meta uninitialized diagnostic message (ITS-8442) Fixed slapo-accesslog to honor pauses during purge for cn=config update (ITS-8423) Fixed slapo-accesslog with multiple modifications to the same attribute (ITS-6545) Fixed slapo-relay to correctly initialize sc_writewait (ITS-8428) Fixed slapo-sssvlv double free (ITS-8592) Fixed slapo-unique with empty modifications (ITS-8266) Build Environment Added test065 for proxyauthz (ITS-8571) Fix test008 to be portable (ITS-8414) Fix test064 to wait for slapd to start (ITS-8644) Fix its4336 regression test (ITS-8534) Fix its4337 regression test (ITS-8535) Fix regression tests to execute on all backends (ITS-8539) Contrib Added slapo-autogroup(5) man page (ITS-8569) Added passwd missing conversion scripts for apr1 (ITS-6826) Fixed contrib modules where the writewait callback was not correctly initialized (ITS-8435) Fixed smbk5pwd to build with newer OpenSSL releases (ITS-8525) Documentation admin24 fixed tls_cipher_suite bindconf option (ITS-8099) admin24 fixed typo cn=config to be slapd.d (ITS-8449) admin24 fixed slapo-syncprov information to be curent (ITS-8253) admin24 fixed typo in access control docs (ITS-7341, ITS-8391) admin24 fixed minor typo in tuning guide (ITS-8499) admin24 fixed information about the limits option (ITS-7700) admin24 fixed missing options for syncrepl configuration (ITS-7700) admin24 fixed accesslog documentation to note it should not be replicated (ITS-8344) Fixed ldap.conf(5) missing information on SASL_NOCANON option (ITS-7177) Fixed ldapsearch(1) information on the V[V] flag behavior (ITS-7177, ITS-6339) Fixed slapd-config(5), slapd.conf(5) clarification on interval keyword for refreshAndPersist (ITS-8538) Fixed slapd-config(5), slapd.conf(5) clarify serverID requirements (ITS-8635) Fixed slapd-config(5), slapd.conf(5) clarification on loglevel settings (ITS-8123) Fixed slapo-ppolicy(5) to clearly note rootdn requirement (ITS-8565) Fixed slapo-memberof(5) to note it is not safe to use with replication (ITS-8613) Fixed slapo-syncprov(5) documentation to be current (ITS-8253) Fixed slapadd(8) manpage to note slapd-mdb (ITS-8215) Fixed various minor grammar issues in the man pages (ITS-8544) Fixed various typos (ITS-8587) To generate a diff of this commit: cvs rdiff -u -r1.146 -r1.147 pkgsrc/databases/openldap/Makefile cvs rdiff -u -r1.13 -r1.14 pkgsrc/databases/openldap/Makefile.version cvs rdiff -u -r1.108 -r1.109 pkgsrc/databases/openldap/distinfo cvs rdiff -u -r1.25 -r1.26 pkgsrc/databases/openldap-client/Makefile cvs rdiff -u -r1.16 -r1.17 pkgsrc/databases/openldap-cloak/Makefile cvs rdiff -u -r1.16 -r1.17 pkgsrc/databases/openldap-doc/distinfo cvs rdiff -u -r1.19 -r1.20 pkgsrc/databases/openldap-nops/Makefile cvs rdiff -u -r1.50 -r1.51 pkgsrc/databases/openldap-server/Makefile cvs rdiff -u -r1.22 -r1.23 pkgsrc/databases/openldap-smbk5pwd/Makefile cvs rdiff -u -r1.7 -r1.8 pkgsrc/databases/openldap/patches/patch-ag cvs rdiff -u -r1.1 -r0 \ pkgsrc/databases/openldap/patches/patch-contrib_modules_smbk5pwd-smbk5pwd.c \ pkgsrc/databases/openldap/patches/patch-its7506 \ pkgsrc/databases/openldap/patches/patch-libraries_liblmdb_mdb.c cvs rdiff -u -r1.1 -r1.2 pkgsrc/databases/openldap/patches/patch-its7595 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. --_----------=_1496392197195430 Content-Disposition: inline Content-Length: 17757 Content-Transfer-Encoding: binary Content-Type: text/x-diff; charset=us-ascii Modified files: Index: pkgsrc/databases/openldap/Makefile diff -u pkgsrc/databases/openldap/Makefile:1.146 pkgsrc/databases/openldap/Makefile:1.147 --- pkgsrc/databases/openldap/Makefile:1.146 Tue Dec 13 10:38:06 2016 +++ pkgsrc/databases/openldap/Makefile Fri Jun 2 08:29:56 2017 @@ -1,6 +1,5 @@ -# $NetBSD: Makefile,v 1.146 2016/12/13 10:38:06 he Exp $ +# $NetBSD: Makefile,v 1.147 2017/06/02 08:29:56 adam Exp $ -PKGREVISION= 2 .include "../../databases/openldap/Makefile.version" DISTNAME= openldap-${OPENLDAP_VERSION} Index: pkgsrc/databases/openldap/Makefile.version diff -u pkgsrc/databases/openldap/Makefile.version:1.13 pkgsrc/databases/openldap/Makefile.version:1.14 --- pkgsrc/databases/openldap/Makefile.version:1.13 Sun Feb 7 08:42:59 2016 +++ pkgsrc/databases/openldap/Makefile.version Fri Jun 2 08:29:56 2017 @@ -1,6 +1,6 @@ -# $NetBSD: Makefile.version,v 1.13 2016/02/07 08:42:59 adam Exp $ +# $NetBSD: Makefile.version,v 1.14 2017/06/02 08:29:56 adam Exp $ # used by databases/openldap/Makefile # used by databases/openldap/Makefile.common # used by databases/openldap-docs/Makefile -OPENLDAP_VERSION= 2.4.44 +OPENLDAP_VERSION= 2.4.45 Index: pkgsrc/databases/openldap/distinfo diff -u pkgsrc/databases/openldap/distinfo:1.108 pkgsrc/databases/openldap/distinfo:1.109 --- pkgsrc/databases/openldap/distinfo:1.108 Tue Dec 13 10:38:06 2016 +++ pkgsrc/databases/openldap/distinfo Fri Jun 2 08:29:56 2017 @@ -1,26 +1,23 @@ -$NetBSD: distinfo,v 1.108 2016/12/13 10:38:06 he Exp $ +$NetBSD: distinfo,v 1.109 2017/06/02 08:29:56 adam Exp $ -SHA1 (openldap-2.4.44.tgz) = 016a738d050a68d388602a74b5e991035cdba149 -RMD160 (openldap-2.4.44.tgz) = 6ea3139f630e93c6e0af60638672d88d6c535a6a -SHA512 (openldap-2.4.44.tgz) = 132eb81798f59a364c9246d08697e1c7ebb6c2c3b983f786b14ec0233df09696cbad33a1f35f3076348b5efb77665a076ab854a24122c31e8b58310b7c7fd136 -Size (openldap-2.4.44.tgz) = 5658830 bytes +SHA1 (openldap-2.4.45.tgz) = c98437385d3eaee80c9e2c09f3f0d4b7c140233d +RMD160 (openldap-2.4.45.tgz) = a2f4483ffb958cc103a2aa0fb13c1f78e7951263 +SHA512 (openldap-2.4.45.tgz) = 1c9fc84efed8998f107ce6e1c6be3f5466388241afdca0cb3847720c9def0bc263a2dbc15bf0f9112d1b4c391fd01e8531a4fb08c5532c30fb86924c08daedab +Size (openldap-2.4.45.tgz) = 5672845 bytes SHA1 (patch-ac) = 2995c518278b363bf9657e181c2340d3024d5980 SHA1 (patch-ad) = 24e7ec27d592dd76bdec1e4805801c5304951daf SHA1 (patch-af) = 2e00b01bd813e73bdc1fb764a02e98d7755703de -SHA1 (patch-ag) = ec8581f7145ba47712be65f97051ffd2d7299896 +SHA1 (patch-ag) = 380336d8b50dd6b3a277f2ea6a03eb88cc5919b8 SHA1 (patch-ah) = 7b5a9d042df36f17bcb503372e301a0c6554af68 SHA1 (patch-aj) = 857bbf14855d7d2a2911457bc6373d8beb69b751 SHA1 (patch-am) = fb8f3e7699f8b2ef55c066cdc6216522c101c7f3 SHA1 (patch-an) = 3e904d05a3e69930259329ca821d3bbf7dd54eb2 SHA1 (patch-ao) = 4fcbbfd4d6be792392e3646123022aeaf25923e3 -SHA1 (patch-contrib_modules_smbk5pwd-smbk5pwd.c) = c31fc75f94778c93dfb20e7b7fc6ab8c74212942 SHA1 (patch-contrib_slapd-modules_cloak_Makefile) = 47c81def0c013a360acb549ed69e9042f0bc1be3 SHA1 (patch-contrib_slapd-modules_nops_Makefile) = c51bccf34c3f3112232a134038622d31b6315628 SHA1 (patch-contrib_slapd-modules_nops_slapo-nops.5) = f32352f19361b7e9aa5b038ae8578def7c08fa47 SHA1 (patch-da) = 75e26bd08c6e66b69192ebfbb36db974d391ec3e SHA1 (patch-dd) = 9c74118ff0b2232bda729c9917082fceef41dd16 -SHA1 (patch-its7506) = a50f9428d6d7dd28f71d21e11ae3f8b0f1372f75 -SHA1 (patch-its7595) = 9ea396adb7f2fd572d60190534caa80a01ef79d2 +SHA1 (patch-its7595) = 941b055bb5ac1f963b9d39384d3627a32f531cf1 SHA1 (patch-libraries_libldap_os-local.c) = 7cd4f8638456fae12499de0d36d7802e47d3d688 SHA1 (patch-libraries_libldap_tls__m.c) = 91dab1dcfa6560c30093094586ea9eabf2e977b8 -SHA1 (patch-libraries_liblmdb_mdb.c) = 590a059d784687f678ac44a577770551b11a2be5 Index: pkgsrc/databases/openldap-client/Makefile diff -u pkgsrc/databases/openldap-client/Makefile:1.25 pkgsrc/databases/openldap-client/Makefile:1.26 --- pkgsrc/databases/openldap-client/Makefile:1.25 Tue Dec 13 10:38:06 2016 +++ pkgsrc/databases/openldap-client/Makefile Fri Jun 2 08:29:56 2017 @@ -1,7 +1,6 @@ -# $NetBSD: Makefile,v 1.25 2016/12/13 10:38:06 he Exp $ +# $NetBSD: Makefile,v 1.26 2017/06/02 08:29:56 adam Exp $ PKGNAME= ${DISTNAME:S/-/-client-/} -PKGREVISION= 3 COMMENT= Lightweight Directory Access Protocol libraries and client programs CONFLICTS+= openldap<2.3.23nb1 Index: pkgsrc/databases/openldap-cloak/Makefile diff -u pkgsrc/databases/openldap-cloak/Makefile:1.16 pkgsrc/databases/openldap-cloak/Makefile:1.17 --- pkgsrc/databases/openldap-cloak/Makefile:1.16 Sat Mar 5 11:28:12 2016 +++ pkgsrc/databases/openldap-cloak/Makefile Fri Jun 2 08:29:56 2017 @@ -1,7 +1,6 @@ -# $NetBSD: Makefile,v 1.16 2016/03/05 11:28:12 jperkin Exp $ +# $NetBSD: Makefile,v 1.17 2017/06/02 08:29:56 adam Exp $ PKGNAME= ${DISTNAME:S/-/-cloak-/} -PKGREVISION= 1 COMMENT= Hide specific attributes unless explicitely requested for OpenLDAP CONFLICTS+= openldap<2.3.23nb1 Index: pkgsrc/databases/openldap-doc/distinfo diff -u pkgsrc/databases/openldap-doc/distinfo:1.16 pkgsrc/databases/openldap-doc/distinfo:1.17 --- pkgsrc/databases/openldap-doc/distinfo:1.16 Sun Feb 7 08:42:59 2016 +++ pkgsrc/databases/openldap-doc/distinfo Fri Jun 2 08:29:57 2017 @@ -1,6 +1,6 @@ -$NetBSD: distinfo,v 1.16 2016/02/07 08:42:59 adam Exp $ +$NetBSD: distinfo,v 1.17 2017/06/02 08:29:57 adam Exp $ -SHA1 (openldap-2.4.44.tgz) = 016a738d050a68d388602a74b5e991035cdba149 -RMD160 (openldap-2.4.44.tgz) = 6ea3139f630e93c6e0af60638672d88d6c535a6a -SHA512 (openldap-2.4.44.tgz) = 132eb81798f59a364c9246d08697e1c7ebb6c2c3b983f786b14ec0233df09696cbad33a1f35f3076348b5efb77665a076ab854a24122c31e8b58310b7c7fd136 -Size (openldap-2.4.44.tgz) = 5658830 bytes +SHA1 (openldap-2.4.45.tgz) = c98437385d3eaee80c9e2c09f3f0d4b7c140233d +RMD160 (openldap-2.4.45.tgz) = a2f4483ffb958cc103a2aa0fb13c1f78e7951263 +SHA512 (openldap-2.4.45.tgz) = 1c9fc84efed8998f107ce6e1c6be3f5466388241afdca0cb3847720c9def0bc263a2dbc15bf0f9112d1b4c391fd01e8531a4fb08c5532c30fb86924c08daedab +Size (openldap-2.4.45.tgz) = 5672845 bytes Index: pkgsrc/databases/openldap-nops/Makefile diff -u pkgsrc/databases/openldap-nops/Makefile:1.19 pkgsrc/databases/openldap-nops/Makefile:1.20 --- pkgsrc/databases/openldap-nops/Makefile:1.19 Sat Mar 5 11:28:12 2016 +++ pkgsrc/databases/openldap-nops/Makefile Fri Jun 2 08:29:57 2017 @@ -1,7 +1,6 @@ -# $NetBSD: Makefile,v 1.19 2016/03/05 11:28:12 jperkin Exp $ +# $NetBSD: Makefile,v 1.20 2017/06/02 08:29:57 adam Exp $ PKGNAME= ${DISTNAME:S/-/-nops-/} -PKGREVISION= 1 COMMENT= Remove null-ops for OpenLDAP CONFLICTS+= openldap<2.3.23nb1 Index: pkgsrc/databases/openldap-server/Makefile diff -u pkgsrc/databases/openldap-server/Makefile:1.50 pkgsrc/databases/openldap-server/Makefile:1.51 --- pkgsrc/databases/openldap-server/Makefile:1.50 Tue Dec 13 10:38:06 2016 +++ pkgsrc/databases/openldap-server/Makefile Fri Jun 2 08:29:57 2017 @@ -1,7 +1,6 @@ -# $NetBSD: Makefile,v 1.50 2016/12/13 10:38:06 he Exp $ +# $NetBSD: Makefile,v 1.51 2017/06/02 08:29:57 adam Exp $ PKGNAME= ${DISTNAME:S/-/-server-/} -PKGREVISION= 4 COMMENT= Lightweight Directory Access Protocol server suite CONFLICTS+= openldap<2.3.23nb1 Index: pkgsrc/databases/openldap-smbk5pwd/Makefile diff -u pkgsrc/databases/openldap-smbk5pwd/Makefile:1.22 pkgsrc/databases/openldap-smbk5pwd/Makefile:1.23 --- pkgsrc/databases/openldap-smbk5pwd/Makefile:1.22 Mon Dec 12 14:22:02 2016 +++ pkgsrc/databases/openldap-smbk5pwd/Makefile Fri Jun 2 08:29:57 2017 @@ -1,7 +1,6 @@ -# $NetBSD: Makefile,v 1.22 2016/12/12 14:22:02 wiz Exp $ +# $NetBSD: Makefile,v 1.23 2017/06/02 08:29:57 adam Exp $ PKGNAME= ${DISTNAME:S/-/-smbk5pwd-/} -PKGREVISION= 2 COMMENT= Samba and Kerberos password sync for OpenLDAP CONFLICTS+= openldap<2.3.23nb1 @@ -30,6 +29,7 @@ LIBS+= -lkrb5 -lkadm5srv CPPFLAGS+= -DDO_SAMBA .endif +LIBS+= -L${BUILDLINK_PREFIX.openssl}/lib MAKE_ENV+= EXTRA_LIBS=${LIBS:M*:Q} .include "../../databases/openldap/Makefile.common" Index: pkgsrc/databases/openldap/patches/patch-ag diff -u pkgsrc/databases/openldap/patches/patch-ag:1.7 pkgsrc/databases/openldap/patches/patch-ag:1.8 --- pkgsrc/databases/openldap/patches/patch-ag:1.7 Tue Mar 13 19:57:11 2012 +++ pkgsrc/databases/openldap/patches/patch-ag Fri Jun 2 08:29:56 2017 @@ -1,6 +1,9 @@ -$NetBSD: patch-ag,v 1.7 2012/03/13 19:57:11 adam Exp $ +$NetBSD: patch-ag,v 1.8 2017/06/02 08:29:56 adam Exp $ ---- servers/slapd/Makefile.in.orig 2007-02-14 16:59:43.000000000 +0100 +slapd must be installed unstripped: on some platorms (Darwin) tcp_wrappers' + variable called "allow_severity" must not be stripped away. + +--- servers/slapd/Makefile.in.orig 2016-02-05 23:57:45.000000000 +0000 +++ servers/slapd/Makefile.in @@ -76,6 +76,10 @@ XLIBS = $(SLAPD_STATIC_DEPENDS) $(SLAPD_ XXLIBS = $(SLAPD_LIBS) $(SECURITY_LIBS) $(LUTIL_LIBS) @@ -13,7 +16,16 @@ $NetBSD: patch-ag,v 1.7 2012/03/13 19:57 BUILD_OPT = "--enable-slapd" BUILD_SRV = @BUILD_SLAPD@ -@@ -441,9 +445,7 @@ install-db-config: FORCE +@@ -378,7 +382,7 @@ install-local-srv: install-slapd install + install-slapd: FORCE + -$(MKDIR) $(DESTDIR)$(libexecdir) + -$(MKDIR) $(DESTDIR)$(localstatedir)/run +- $(LTINSTALL) $(INSTALLFLAGS) $(STRIP) -m 755 \ ++ $(LTINSTALL) $(INSTALLFLAGS) -m 755 \ + slapd$(EXEEXT) $(DESTDIR)$(libexecdir) + @for i in $(SUBDIRS); do \ + if test -d $$i && test -f $$i/Makefile ; then \ +@@ -447,9 +451,7 @@ install-db-config: FORCE @-$(MKDIR) $(DESTDIR)$(localstatedir) $(DESTDIR)$(sysconfdir) @-$(INSTALL) -m 700 -d $(DESTDIR)$(localstatedir)/openldap-data $(INSTALL) $(INSTALLFLAGS) -m 600 $(srcdir)/DB_CONFIG \ Index: pkgsrc/databases/openldap/patches/patch-its7595 diff -u pkgsrc/databases/openldap/patches/patch-its7595:1.1 pkgsrc/databases/openldap/patches/patch-its7595:1.2 --- pkgsrc/databases/openldap/patches/patch-its7595:1.1 Mon Sep 14 16:32:26 2015 +++ pkgsrc/databases/openldap/patches/patch-its7595 Fri Jun 2 08:29:56 2017 @@ -1,4 +1,4 @@ -$NetBSD: patch-its7595,v 1.1 2015/09/14 16:32:26 manu Exp $ +$NetBSD: patch-its7595,v 1.2 2017/06/02 08:29:56 adam Exp $ ECDH support from upstream @@ -19,10 +19,9 @@ Subject: [PATCH] ITS#7595 don't try to u --- doc/guide/admin/tls.sdf.orig +++ doc/guide/admin/tls.sdf -@@ -200,8 +200,20 @@ - > openssl dhparam [-dsaparam] -out +@@ -203,6 +203,18 @@ - This directive is ignored with GnuTLS and Mozilla NSS. + This directive is ignored with Mozilla NSS. +H4: TLSECName + @@ -39,12 +38,10 @@ Subject: [PATCH] ITS#7595 don't try to u H4: TLSVerifyClient { never | allow | try | demand } This directive specifies what checks to perform on client certificates - in an incoming TLS session, if any. This option is set to {{EX:never}} --- doc/man/man5/slapd-config.5.orig +++ doc/man/man5/slapd-config.5 -@@ -917,8 +917,15 @@ - from the default, otherwise no certificate exchanges or verification will - be done. When using GnuTLS or Mozilla NSS these parameters are always generated randomly +@@ -922,6 +922,13 @@ + When using Mozilla NSS these parameters are always generated randomly so this directive is ignored. .TP +.B olcTLSECName: @@ -57,13 +54,11 @@ Subject: [PATCH] ITS#7595 don't try to u .B olcTLSProtocolMin: [.] Specifies minimum SSL/TLS protocol version that will be negotiated. If the server doesn't support at least that version, - the SSL handshake will fail. --- doc/man/man5/slapd.conf.5.orig +++ doc/man/man5/slapd.conf.5 -@@ -1148,8 +1148,15 @@ - from the default, otherwise no certificate exchanges or verification will - be done. When using GnuTLS these parameters are always generated randomly so - this directive is ignored. This directive is ignored when using Mozilla NSS. +@@ -1153,6 +1153,13 @@ + When using Mozilla NSS these parameters are always generated randomly + so this directive is ignored. .TP +.B TLSECName +Specify the name of a curve to use for Elliptic curve Diffie-Hellman @@ -75,11 +70,9 @@ Subject: [PATCH] ITS#7595 don't try to u .B TLSProtocolMin [.] Specifies minimum SSL/TLS protocol version that will be negotiated. If the server doesn't support at least that version, - the SSL handshake will fail. --- include/ldap.h.orig +++ include/ldap.h -@@ -157,8 +157,9 @@ - #define LDAP_OPT_X_TLS_DHFILE 0x600e +@@ -158,6 +158,7 @@ #define LDAP_OPT_X_TLS_NEWCTX 0x600f #define LDAP_OPT_X_TLS_CRLFILE 0x6010 /* GNUtls only */ #define LDAP_OPT_X_TLS_PACKAGE 0x6011 @@ -87,11 +80,9 @@ Subject: [PATCH] ITS#7595 don't try to u #define LDAP_OPT_X_TLS_NEVER 0 #define LDAP_OPT_X_TLS_HARD 1 - #define LDAP_OPT_X_TLS_DEMAND 2 --- libraries/libldap/ldap-int.h.orig +++ libraries/libldap/ldap-int.h -@@ -164,8 +164,9 @@ - char *lt_cacertdir; +@@ -165,6 +165,7 @@ char *lt_ciphersuite; char *lt_crlfile; char *lt_randfile; /* OpenSSL only */ @@ -99,9 +90,7 @@ Subject: [PATCH] ITS#7595 don't try to u int lt_protocol_min; }; #endif - -@@ -249,8 +250,9 @@ - struct ldaptls ldo_tls_info; +@@ -250,6 +251,7 @@ #define ldo_tls_certfile ldo_tls_info.lt_certfile #define ldo_tls_keyfile ldo_tls_info.lt_keyfile #define ldo_tls_dhfile ldo_tls_info.lt_dhfile @@ -109,11 +98,9 @@ Subject: [PATCH] ITS#7595 don't try to u #define ldo_tls_cacertfile ldo_tls_info.lt_cacertfile #define ldo_tls_cacertdir ldo_tls_info.lt_cacertdir #define ldo_tls_ciphersuite ldo_tls_info.lt_ciphersuite - #define ldo_tls_protocol_min ldo_tls_info.lt_protocol_min --- libraries/libldap/tls2.c.orig +++ libraries/libldap/tls2.c -@@ -117,8 +117,12 @@ - if ( lo->ldo_tls_dhfile ) { +@@ -118,6 +118,10 @@ LDAP_FREE( lo->ldo_tls_dhfile ); lo->ldo_tls_dhfile = NULL; } @@ -124,9 +111,7 @@ Subject: [PATCH] ITS#7595 don't try to u if ( lo->ldo_tls_cacertfile ) { LDAP_FREE( lo->ldo_tls_cacertfile ); lo->ldo_tls_cacertfile = NULL; - } -@@ -231,8 +235,12 @@ - if ( lts.lt_dhfile ) { +@@ -232,6 +236,10 @@ lts.lt_dhfile = LDAP_STRDUP( lts.lt_dhfile ); __atoe( lts.lt_dhfile ); } @@ -137,9 +122,7 @@ Subject: [PATCH] ITS#7595 don't try to u #endif lo->ldo_tls_ctx = ti->ti_ctx_new( lo ); if ( lo->ldo_tls_ctx == NULL ) { - Debug( LDAP_DEBUG_ANY, -@@ -256,8 +264,9 @@ - LDAP_FREE( lts.lt_keyfile ); +@@ -257,6 +265,7 @@ LDAP_FREE( lts.lt_crlfile ); LDAP_FREE( lts.lt_cacertdir ); LDAP_FREE( lts.lt_dhfile ); @@ -147,9 +130,7 @@ Subject: [PATCH] ITS#7595 don't try to u #endif return rc; } - -@@ -633,8 +642,12 @@ - case LDAP_OPT_X_TLS_DHFILE: +@@ -634,6 +643,10 @@ *(char **)arg = lo->ldo_tls_dhfile ? LDAP_STRDUP( lo->ldo_tls_dhfile ) : NULL; break; @@ -160,9 +141,7 @@ Subject: [PATCH] ITS#7595 don't try to u case LDAP_OPT_X_TLS_CRLFILE: /* GnuTLS only */ *(char **)arg = lo->ldo_tls_crlfile ? LDAP_STRDUP( lo->ldo_tls_crlfile ) : NULL; - break; -@@ -752,8 +765,12 @@ - case LDAP_OPT_X_TLS_DHFILE: +@@ -753,6 +766,10 @@ if ( lo->ldo_tls_dhfile ) LDAP_FREE( lo->ldo_tls_dhfile ); lo->ldo_tls_dhfile = arg ? LDAP_STRDUP( (char *) arg ) : NULL; return 0; @@ -173,11 +152,9 @@ Subject: [PATCH] ITS#7595 don't try to u case LDAP_OPT_X_TLS_CRLFILE: /* GnuTLS only */ if ( lo->ldo_tls_crlfile ) LDAP_FREE( lo->ldo_tls_crlfile ); lo->ldo_tls_crlfile = arg ? LDAP_STRDUP( (char *) arg ) : NULL; - return 0; --- libraries/libldap/tls_o.c.orig +++ libraries/libldap/tls_o.c -@@ -295,12 +295,11 @@ - tlso_report_error(); +@@ -327,10 +327,9 @@ return -1; } @@ -190,9 +167,7 @@ Subject: [PATCH] ITS#7595 don't try to u if (( bio=BIO_new_file( lt->lt_dhfile,"r" )) == NULL ) { Debug( LDAP_DEBUG_ANY, - "TLS: could not use DH parameters file `%s'.\n", -@@ -317,8 +316,40 @@ - return -1; +@@ -349,6 +348,38 @@ } BIO_free( bio ); SSL_CTX_set_tmp_dh( ctx, dh ); @@ -231,11 +206,9 @@ Subject: [PATCH] ITS#7595 don't try to u } if ( tlso_opt_trace ) { - SSL_CTX_set_info_callback( ctx, tlso_info_cb ); --- servers/slapd/bconfig.c.orig +++ servers/slapd/bconfig.c -@@ -193,8 +193,9 @@ - CFG_SYNTAX, +@@ -194,6 +194,7 @@ CFG_ACL_ADD, CFG_SYNC_SUBENTRY, CFG_LTHREADS, @@ -243,9 +216,7 @@ Subject: [PATCH] ITS#7595 don't try to u CFG_LAST }; - -@@ -737,8 +738,16 @@ - ARG_IGNORED, NULL, +@@ -738,6 +739,14 @@ #endif "( OLcfgGlAt:77 NAME 'olcTLSDHParamFile' " "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL }, @@ -260,9 +231,7 @@ Subject: [PATCH] ITS#7595 don't try to u { "TLSProtocolMin", NULL, 2, 2, 0, #ifdef HAVE_TLS CFG_TLS_PROTOCOL_MIN|ARG_STRING|ARG_MAGIC, &config_tls_config, - #else -@@ -818,9 +827,9 @@ - "olcTCPBuffer $ " +@@ -819,7 +828,7 @@ "olcThreads $ olcTimeLimit $ olcTLSCACertificateFile $ " "olcTLSCACertificatePath $ olcTLSCertificateFile $ " "olcTLSCertificateKeyFile $ olcTLSCipherSuite $ olcTLSCRLCheck $ " @@ -271,9 +240,7 @@ Subject: [PATCH] ITS#7595 don't try to u "olcTLSCRLFile $ olcTLSProtocolMin $ olcToolThreads $ olcWriteTimeout $ " "olcObjectIdentifier $ olcAttributeTypes $ olcObjectClasses $ " "olcDitContentRules $ olcLdapSyntaxes ) )", Cft_Global }, - { "( OLcfgGlOc:2 " -@@ -3823,8 +3832,9 @@ - case CFG_TLS_CERT_KEY: flag = LDAP_OPT_X_TLS_KEYFILE; break; +@@ -3824,6 +3833,7 @@ case CFG_TLS_CA_PATH: flag = LDAP_OPT_X_TLS_CACERTDIR; break; case CFG_TLS_CA_FILE: flag = LDAP_OPT_X_TLS_CACERTFILE; break; case CFG_TLS_DH_FILE: flag = LDAP_OPT_X_TLS_DHFILE; break; @@ -281,4 +248,3 @@ Subject: [PATCH] ITS#7595 don't try to u #ifdef HAVE_GNUTLS case CFG_TLS_CRL_FILE: flag = LDAP_OPT_X_TLS_CRLFILE; break; #endif - default: Debug(LDAP_DEBUG_ANY, "%s: " --_----------=_1496392197195430--