Accepting request 500558 from home:stroeder:branches:network:ldap

update to 2.4.45 OBS-URL: https://build.opensuse.org/request/show/500558 OBS-URL: https://build.opensuse.org/package/show/network:ldap/openldap2?expand=0&rev=176
2017-06-02 09:23:02 +00:00 · 2017-06-02 09:23:02 +00:00 · 31fe523df6
commit 31fe523df6
parent 787c8bf6cf
6 changed files with 11 additions and 65 deletions
--- a/0010-Enforce-minimum-DH-size-of-1024.patch
+++ b/0010-Enforce-minimum-DH-size-of-1024.patch
@ -1,24 +0,0 @@
-The patch was authored by Marcus Meissner <meissner@suse.com> on 2015-07-13
-to address weak DH size vulnerability.
-
--- openldap-2.4.26.orig/libraries/libldap/tls_o.c
-+++ openldap-2.4.26/libraries/libldap/tls_o.c
-@@ -1190,7 +1190,6 @@ jT6sx7RUr0CNTxzLI7muV2/a4tGmj0PSdXQdsZ7t
- -----END DH PARAMETERS-----\n";
- 
- static const struct dhinfo tlso_dhpem[] = {
-	{ 512, tlso_dhpem512, sizeof(tlso_dhpem512) },
-	{ 1024, tlso_dhpem1024, sizeof(tlso_dhpem1024) },
-	{ 2048, tlso_dhpem2048, sizeof(tlso_dhpem2048) },
-	{ 4096, tlso_dhpem4096, sizeof(tlso_dhpem4096) },
-@@ -1205,6 +1204,9 @@ tlso_tmp_dh_cb( SSL *ssl, int is_export,
-	DH *dh = NULL;
-	int i;
- 
-+	/* for Logjam, rev up the minimum DH group size to 1024 bit */
-+	if (key_length < 1024) key_length = 1024;
-+
-	/* Do we have params of this length already? */
-	LDAP_MUTEX_LOCK( &tlso_dh_mutex );
-	for ( p = tlso_dhparams; p; p=p->next ) {
-
--- a/0012-use-system-wide-cert-dir-by-default.patch
+++ b/0012-use-system-wide-cert-dir-by-default.patch
@ -1,33 +0,0 @@
-The TLS configuration deliberately hid the error in case that user specified CA locations
-cannot be read, by loading CAs from default locations; and when user does not specify CA
-locations, the CAs from default locations are not read at all.
-
-This patch corrects the behaviour so that CAs from default location are used if user does
-not specify a CA location, and user is informed of the error if CAs cannot be loaded from
-the user specified location.
-
-Howard Guo <hguo@suse.com> 2016-11-10
-
-diff -rupN openldap-2.4.41/libraries/libldap/tls_o.c openldap-2.4.41-patched/libraries/libldap/tls_o.c
--- openldap-2.4.41/libraries/libldap/tls_o.c	2015-06-21 02:19:58.000000000 +0200
-+++ openldap-2.4.41-patched/libraries/libldap/tls_o.c	2016-11-10 15:10:32.784147041 +0100
-@@ -253,10 +253,16 @@ tlso_ctx_init( struct ldapoptions *lo, s
- 		return -1;
- 	}
- 
-	if (lo->ldo_tls_cacertfile != NULL || lo->ldo_tls_cacertdir != NULL) {
-+	if ( lo->ldo_tls_cacertfile == NULL && lo->ldo_tls_cacertdir == NULL ) {
-+		if ( !SSL_CTX_set_default_verify_paths( ctx ) ) {
-+			Debug( LDAP_DEBUG_ANY, "TLS: "
-+				"could not use default certificate paths", 0, 0, 0 );
-+			tlso_report_error();
-+			return -1;
-+		}
-+	} else {
- 		if ( !SSL_CTX_load_verify_locations( ctx,
-				lt->lt_cacertfile, lt->lt_cacertdir ) ||
-			!SSL_CTX_set_default_verify_paths( ctx ) )
-+				lt->lt_cacertfile, lt->lt_cacertdir ) )
- 		{
- 			Debug( LDAP_DEBUG_ANY, "TLS: "
- 				"could not load verify locations (file:`%s',dir:`%s').\n",
--- a/openldap-2.4.44.tgz
+++ b/openldap-2.4.44.tgz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:d7de6bf3c67009c95525dde3a0212cc110d0a70b92af2af8e3ee800e81b88400
-size 5658830
--- a/openldap-2.4.45.tgz
+++ b/openldap-2.4.45.tgz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:cdd6cffdebcd95161a73305ec13fc7a78e9707b46ca9f84fb897cd5626df3824
+size 5672845
--- a/openldap2.changes
+++ b/openldap2.changes
@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Fri Jun  2 07:26:42 UTC 2017 - michael@stroeder.com
+
+- Upgrade to upstream 2.4.45 release
+- removed obsolete 0010-Enforce-minimum-DH-size-of-1024.patch
+  and  0012-use-system-wide-cert-dir-by-default.patch
+
 -------------------------------------------------------------------
 Thu Apr 27 10:08:31 UTC 2017 - michael@stroeder.com

--- a/openldap2.spec
+++ b/openldap2.spec
@ -17,7 +17,7 @@


 %define run_test_suite 0
-%define version_main 2.4.44
+%define version_main 2.4.45

 %if %{suse_version} >= 1310 && %{suse_version} != 1315
 %define  _rundir /run/slapd
@ -56,9 +56,7 @@ Patch6:         0006-No-Build-date-and-time-in-binaries.dif
 Patch7:         0007-Recover-on-DB-version-change.dif
 Patch8:         0008-In-monitor-backend-do-not-return-Connection0-entries.patch
 Patch9:         0009-Fix-ldap-host-lookup-ipv6.patch
-Patch10:        0010-Enforce-minimum-DH-size-of-1024.patch
 Patch11:        0011-openldap-re24-its7796.patch
-Patch12:        0012-use-system-wide-cert-dir-by-default.patch
 Source200:      %{name_ppolicy_check_module}-%{version_ppolicy_check_module}.tar.gz
 Source201:      %{name_ppolicy_check_module}.Makefile
 Source202:      %{name_ppolicy_check_module}.conf
@ -254,9 +252,7 @@ gzip -k %{S:203}
 %patch7 -p1
 %patch8 -p1
 %patch9 -p1
-%patch10 -p1
 %patch11 -p1
-%patch12 -p1
 cp %{SOURCE5} .

 # Move ppolicy check module and its Makefile into openldap-2.4/contrib/slapd-modules/