Age | Commit message (Collapse) | Author |
|
This updated patch also sets the date and time strings to the SOURCE_DATE_EPOCH.
The WHOWHERE string will now be set to simply "openldap"
in the case that a SOURCE_DATE_EPOCH is set.
Upstream-Status: Submitted [https://www.openldap.org/its/index.cgi/Incoming?id=8928]
Signed-off-by: Douglas Royds <douglas.royds@taitradio.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Upstream-Status: Pending
Signed-off-by: Douglas Royds <douglas.royds@taitradio.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
1) Upgrade openldap from 2.4.44 to 2.4.45
2) Delete openldap-CVE-2017-9287.patch, since it is integrated upstream.
3) License checksum changed, since the copyright years were updated.
Signed-off-by: Huang Qiyu <huangqy.fnst@cn.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is
prone to a double free vulnerability. A user with access to
search the directory can crash slapd by issuing a search including the
Paged Results control with a page size of 0.
Patch reference:
http://www.openldap.org/its/?findid=8655
Signed-off-by: Fan Xin <fan.xin@jp.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
the patch comes from:
https://bugzilla.redhat.com/show_bug.cgi?id=1238322
https://bugzilla.redhat.com/attachment.cgi?id=1055640
The nss_parse_ciphers function in libraries/libldap/tls_m.c in
OpenLDAP does not properly parse OpenSSL-style multi-keyword mode
cipher strings, which might cause a weaker than intended cipher to
be used and allow remote attackers to have unspecified impact via
unknown vectors.
Signed-off-by: Li Wang <li.wang@windriver.com>
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
1. Upgrade openldap from 2.4.42 to 2.4.43
2. Delete patch file openldap-fix-CVE-2015-6908.patch
because the bug(ITS#8240) has been fixed in OpenLDAP 2.4.43
http://www.openldap.org/software/release/changes.html
Signed-off-by: Fan Xin <fan.xin@jp.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Upgrade phpmyadmin from 2.4.41 to 2.4.42. And backport patch from
http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=6fe51a9
to fix CVE-2015-6908.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
1) Dropped backported patches(commit-id):
-0001-ITS-8027-require-non-empty-AttributeList.patch(c32e747)
-0001-ITS-8046-fix-vrFilter_free.patch(2f1a2dd)
2) Update the checksum of COPYRIGHT,since the date in it has been changed,
but the LICENSE has not been changed.
Signed-off-by: Li Xin <lixin.fnst@cn.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|