upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2026-02-18 18:18:06 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
24951 commits 38 branches 313 tags 89 MiB
Commit graph

24951 commits

This branch
This branch
All branches
Author SHA1 Message Date
Quanah Gibson-Mount
d161fa7f8d ITS#10231 2024-06-28 17:02:52 +00:00
Howard Chu
12d105b17b ITS#10231 slapadd: check for NULL suffix in error message 2024-06-28 17:02:46 +00:00
Quanah Gibson-Mount
66117ce8cf ITS#10227 2024-06-28 17:02:41 +00:00
Nadezhda Ivanova
5baa87235d ITS#10227 Asyncmeta will not reset a connection if a bind operation fails with LDAP_OTHER, leaving the connection in invalid state 2024-06-28 16:59:11 +00:00
Quanah Gibson-Mount
910c2be24e ITS#10219 2024-06-28 16:58:36 +00:00
Nadezhda Ivanova
230bd39c07 ITS#10219 Modify of olcDisabled by removing and adding a value invokes db_open twice 
Do not invoke db_open if the database is not actually disabled
 2024-06-28 16:58:05 +00:00
Quanah Gibson-Mount
a85ed5618d ITS#9827 2024-06-28 16:53:20 +00:00
Quanah Gibson-Mount
412d897c17 ITS#9827 - Use 7MB memory/5 iterations as default 
This has the same protections as 19MB/2 iterations, but requires less system memory
 2024-06-28 16:53:05 +00:00
François Kooman
08a78a0224 ITS#9827 update Argon2 defaults 
- switch to argon2id by default (from argon2i)
- use OWASP recommended parameters as defaults

This only affects builds that use libargon2, e.g. Debian, and
not builds that use libsodium as argon2id is already the
default there, and better parameters are used

References: https://bugs.openldap.org/show_bug.cgi?id=9827
Signed-off-by: François Kooman <fkooman@tuxed.net>
 2024-06-28 16:52:53 +00:00
Quanah Gibson-Mount
979eed81e2 ITS#10224 2024-06-28 16:52:36 +00:00
Howard Chu
bee6e76cd9 ITS#10224 libldap: check for OpenSSL EVP_Digest* failure 2024-06-28 16:52:18 +00:00
Quanah Gibson-Mount
07dc2133c9 ITS#10223 2024-06-28 16:52:07 +00:00
Howard Chu
248d740251 ITS#10223 libldap: check for OpenSSL SSL_CTX_set_ciphersuites failure 2024-06-28 16:50:47 +00:00
Quanah Gibson-Mount
9f48f3f3b6 ITS#10221 2024-06-03 15:09:34 +00:00
Quanah Gibson-Mount
1401ff3afb ITS#10221 - Regenerate configure 2024-06-03 15:09:11 +00:00
Quanah Gibson-Mount
7bc97addc8 ITS#10221 - Remove extraneous quote 2024-06-03 15:08:22 +00:00
Quanah Gibson-Mount
e088fb6e6f Return to release engineering 2024-06-03 15:08:01 +00:00
Quanah Gibson-Mount
675b5165aa Prep for release (2.5.18) 2024-05-21 17:19:57 +00:00
Quanah Gibson-Mount
d537918de9 Merge remote-tracking branch 'origin/mdb.RE/0.9' into OPENLDAP_REL_ENG_2_5 2024-05-21 17:16:55 +00:00
Quanah Gibson-Mount
3a29a24777 Prep for release 2024-05-21 17:16:06 +00:00
Quanah Gibson-Mount
1d4e1a9740 ITS#10216 2024-05-21 16:05:47 +00:00
Howard Chu
8bb35fd878 ITS#10216 libldap: fix OpenSSL channel binding digest 
The OBJ_find_ API is undocumented but this is what OpenSSL libcrypto does itself.
 2024-05-21 15:42:09 +00:00
Quanah Gibson-Mount
1e75e3d6a8 ITS#10209 2024-05-09 19:09:42 +00:00
Howard Chu
c3e710dc28 ITS#10209 libldap: only use OPENSSL_INIT_NO_ATEXIT if it's defined 
Fake OpenSSL clones like LibreSSL don't support it.

In general we will make no effort to support fake OpenSSL clones.
 2024-05-09 19:09:29 +00:00
Quanah Gibson-Mount
69dd3f82c8 ITS#10214 2024-05-09 17:13:06 +00:00
Quanah Gibson-Mount
f19193316d ITS#10214 - regenerate configure 2024-05-09 17:12:24 +00:00
HAMANO Tsukasa
f7c76e2daf ITS#10214 Reduce library dependencies 
Currently, slapd links libsystemd to notify service state to systemd.
However, libsystemd link several unnecessary libraries, which increases security risks.
The systemd documentation provides a method to send state notifications to systemd using a simple protocol without the need to link against libsystemd.

https://www.freedesktop.org/software/systemd/man/devel/sd_notify.html
 2024-05-09 17:10:49 +00:00
Quanah Gibson-Mount
3279ce21e7 ITS#9921 2024-05-08 17:56:59 +00:00
Howard Chu
f640d170be ITS#9921 fix vlvResult comment 2024-05-08 15:30:13 +00:00
Quanah Gibson-Mount
6823f11fde Merge remote-tracking branch 'origin/mdb.RE/0.9' into OPENLDAP_REL_ENG_2_5 2024-05-07 17:29:07 +00:00
Quanah Gibson-Mount
7c99799729 ITS#10212 2024-05-07 16:49:34 +00:00
Quanah Gibson-Mount
ccbec37209 ITS#10198 2024-05-07 16:49:00 +00:00
Quanah Gibson-Mount
2b1e7e3d9f ITS#10208 2024-05-07 16:45:46 +00:00
Ondřej Kuzník
f7390ca27c ITS#10084 Switch MECH default away from DIGEST-MD5 2024-05-07 16:43:51 +00:00
Quanah Gibson-Mount
98ae4a9ebd ITS#10211 2024-05-07 16:37:58 +00:00
Nick Porter
9898594888 ITS#10211 slapd: Fix peercred uid and gid format 
uid and gid are unsigned int and so should be formatted as such when
creating the authid string.
 2024-05-07 16:36:46 +00:00
Quanah Gibson-Mount
4c1132dcfa ITS#10206 2024-05-07 16:36:40 +00:00
Ryan Tandy
a29649f5aa ITS#10206 Include <kadm5/private.h> for kadm5_s_init_with_password_ctx 2024-05-07 16:33:53 +00:00
Howard Chu
d83d6b4ebe ITS#10212 LMDB: better fix 2024-05-03 20:44:48 +01:00
Howard Chu
37829ce493 ITS#10212 LMDB: init txnid for read-only DBs 2024-05-02 16:33:14 +01:00
Howard Chu
d3ae7c36e5 ITS#10198 Win32 mdb_strerror - stop passing "ignored" parameter 
The M$ docs say the parameter is ignored, but it actually isn't,
and will cause a SEGV if the pointed memory isn't an init'd va_list.
 2024-04-04 07:17:35 +01:00
Quanah Gibson-Mount
2eadd1524a Happy New Year! 2024-03-26 19:46:02 +00:00
Quanah Gibson-Mount
0c0fe01e6d ITS#10186 2024-03-26 17:03:57 +00:00
Howard Chu
8deecaf30e ITS#10186 overlay response callbacks should ignore op->o_abandon 2024-03-26 17:03:48 +00:00
Quanah Gibson-Mount
25bf646262 ITS#10044 2024-03-26 16:43:21 +00:00
Howard Chu
abd8706e3f ITS#10044 dynlist: check for abandon in search2resp 2024-03-26 16:43:13 +00:00
Quanah Gibson-Mount
7b59a5ad78 ITS#10177 2024-03-26 16:40:38 +00:00
HAMANO Tsukasa
619afaccab ITS#10177 fix back-perl build for clang15 or later 
Remove problematic and unnecessary compile flags.
 2024-03-26 16:40:27 +00:00
Quanah Gibson-Mount
c57688091a ITS#9952 2024-03-26 16:33:40 +00:00
Howard Chu
6dc030a8d5 ITS#9952 TLS/OpenSSL: disable use of atexit() 
This will only have any effect if libldap is the first caller to
initialize OpenSSL, but that should be all that matters when libldap
is part of a dynmically loaded module. It prevents the crash in the
example cases given.
 2024-03-26 16:32:29 +00:00