* Security fixes:
+ CVE-2025-61911 (GHSA-r7r6-cc7p-4v5m): Enforce str input in
ldap.filter.escape_filter_chars with escape_mode=1; ensure proper
escaping. (bsc#1251912)
+ CVE-2025-61912 (GHSA-p34h-wq7j-h5v6): Correct NUL escaping in
ldap.dn.escape_dn_chars to \00 per RFC 4514. (bsc#1251913)
* Fixes:
+ ReconnectLDAPObject now properly reconnects on UNAVAILABLE,
CONNECT_ERROR and TIMEOUT exceptions (previously only SERVER_DOWN),
fixing reconnection issues especially during server restarts
+ Fixed syncrepl.py to use named constants instead of raw decimal values
for result types
+ Fixed error handling in SearchNoOpMixIn to prevent a undefined variable
error
- Fix filename due to new setuptools.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-ldap?expand=0&rev=141
* Reconnect race condition in ReconnectLDAPObject is now fixed
* Socket ownership is now claimed once we've passed it to
libldap LDAP_set_option string formats are now compatible
with Python 3.12
- use sasl2
- LDAP_FILT_MAXSIZ isn't defined in libldap anymore
- changed for openldap2
- fixed neededforbuild (added ldaplib)
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-ldap?expand=0&rev=135
- skip Python 2 builds
- set PATH when running tests
- update to upstream release 3.4.0
* Security fixes:
- Fix inefficient regular expression which allows denial-of-service attacks
- when parsing specially-crafted LDAP schema.
- (GHSL-2021-117)
* Changes:
- On MacOS, remove option to make LDAP connections from a file descriptor
- when built with the system libldap (which lacks the underlying function,
- ldap_init_fd)
- Attribute values of the post read control are now bytes
- instead of ISO8859-1 decoded str
- LDAPUrl now treats urlscheme as case-insensitive
- Several OpenLDAP options are now supported:
- OPT_X_TLS_REQUIRE_SAN
- OPT_X_SASL_SSF_EXTERNAL
- OPT_X_TLS_PEERCERT
* Fixes:
- The copy() method of cidict was added back. It was unintentionally
- removed in 3.3.0
- Fixed getting/setting SASL options on big endian platforms
- Unknown LDAP result code are now converted to LDAPexception,
- rather than raising a SystemError.
* slapdtest:
- Show stderr of slapd -Ttest
- SlapdObject uses directory-based configuration of slapd
- SlapdObject startup is now faster
OBS-URL: https://build.opensuse.org/request/show/939167
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-ldap?expand=0&rev=126
- update to upstream release 3.3.1:
Highlights:
* ``LDAPError`` now contains additional fields, such as ctrls, result, msgid
* ``passwd_s`` can now extract the newly generated password
* LDAP connections can now be made from a file descriptor
This release is tested on Python 3.8, and the beta of Python 3.9.
The following undocumented functions are deprecated and scheduled for removal:
- ``ldap.cidict.strlist_intersection``
- ``ldap.cidict.strlist_minus``
- ``ldap.cidict.strlist_union``
Modules/
* Ensure ReconnectLDAPObject is not left in an inconsistent state after
a reconnection timeout
* Syncrepl now correctly parses SyncInfoMessage when the message is a syncIdSet
* Release GIL around global get/set option call
* Do not leak serverctrls in result functions
* Don't overallocate memory in attrs_from_List()
* Fix thread support check for Python 3
* With OpenLDAP 2.4.48, use the new header openldap.h
Lib/
* Fix some edge cases regarding quoting in the schema tokenizer
* Fix escaping a single space in ldap.escape_dn_chars
* Fix string formatting in ldap.compare_ext_s
* Prefer iterating dict instead of calling dict.keys()
Doc/
* Clarify the relationship between initialize() and LDAPObject()
* Improve documentation of TLS options
* Update FAQ to include Samba AD-DC error message
"Operation unavailable without authentication"
* Fix several incorrect examples and demos
OBS-URL: https://build.opensuse.org/request/show/838140
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-ldap?expand=0&rev=123
- update to upstream release 2.5.1
Changes since 2.4.45:
Mandatory prerequisites:
- Python 2.7.x
- pyasn1 0.3.7+ and pyasn1_modules 0.1.5+
Modules/
* removed unused code schema.c
Lib/
* ldap.__version__, ldap.__author__ and ldap.__license__ now
imported from new sub-module ldap.pkginfo also to setup.py
* Added safety assertion when importing _ldap:
ldap.pkginfo.__version__ must match _ldap.__version__
* removed stand-alone module dsml
* slapdtest.SlapdObject.restart() just restarts slapd
without cleaning any data
* Compability changes for pyasn1 0.3.x or newer
(thanks to Ilya Etingof and Christian Heimes)
* The methods SSSResponseControl.decodeControlValue() and
VLVResponseControl.decodeControlValue() now follow the coding
convention to use camel-cased ASN.1 name as class attribute name.
The old class names are still set for back-ward compability
but should not be used in new code because they might be removed
in a later release.
* removed SSSRequestControl from ldap.controls.KNOWN_RESPONSE_CONTROLS
Tests/
* added explicit reconnect tests for ReconnectLDAPObject
OBS-URL: https://build.opensuse.org/request/show/541096
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-ldap?expand=0&rev=103
