From 5c7cdc96e63a0670382bd32cc5fc68b8d0164c4e Mon Sep 17 00:00:00 2001 From: Matúš Honěk Date: Jul 07 2017 14:58:40 +0000 Subject: Rebase to version 2.4.45 Resolves: #1458081 --- diff --git a/.gitignore b/.gitignore index b208722..26b2e8e 100644 --- a/.gitignore +++ b/.gitignore @@ -14,3 +14,5 @@ /openldap-2.4.40.tgz /openldap-2.4.41.tgz /openldap-2.4.43.tgz +/openldap-2.4.44.tgz +/openldap-2.4.45.tgz diff --git a/openldap-man-sasl-nocanon.patch b/openldap-man-sasl-nocanon.patch deleted file mode 100644 index c4a9e39..0000000 --- a/openldap-man-sasl-nocanon.patch +++ /dev/null @@ -1,23 +0,0 @@ -fix: SASL_NOCANON option missing in ldap.conf manual page - -Author: Jan Vcelak -Upstream ITS: #7177 -Resolves: #732915 - -diff --git a/doc/man/man5/ldap.conf.5 b/doc/man/man5/ldap.conf.5 -index 51f774f..5f17122 100644 ---- a/doc/man/man5/ldap.conf.5 -+++ b/doc/man/man5/ldap.conf.5 -@@ -284,6 +284,9 @@ description). The default is - specifies the maximum security layer receive buffer - size allowed. 0 disables security layers. The default is 65536. - .RE -+.TP -+.B SASL_NOCANON -+Do not perform reverse DNS lookups to canonicalize SASL host names. The default is off. - .SH GSSAPI OPTIONS - If OpenLDAP is built with Generic Security Services Application Programming Interface support, - there are more options you can specify. --- -1.7.6.5 - diff --git a/openldap.spec b/openldap.spec index 2e43160..2635fbd 100644 --- a/openldap.spec +++ b/openldap.spec @@ -4,8 +4,8 @@ %global check_password_version 1.1 Name: openldap -Version: 2.4.44 -Release: 10%{?dist} +Version: 2.4.45 +Release: 1%{?dist} Summary: LDAP support libraries Group: System Environment/Daemons License: OpenLDAP @@ -26,7 +26,6 @@ Patch0: openldap-manpages.patch Patch1: openldap-sql-linking.patch Patch2: openldap-reentrant-gethostby.patch Patch3: openldap-smbk5pwd-overlay.patch -Patch4: openldap-man-sasl-nocanon.patch Patch5: openldap-ai-addrconfig.patch # nss patches, unlikely to ever get upstreamed Patch12: openldap-tls-no-reuse-of-tls_session.patch @@ -140,7 +139,6 @@ AUTOMAKE=%{_bindir}/true autoreconf -fi %patch1 -p1 %patch2 -p1 %patch3 -p1 -%patch4 -p1 %patch5 -p1 %patch12 -p1 %patch13 -p1 @@ -548,6 +546,11 @@ exit 0 %{_mandir}/man3/* %changelog +* Fri Jul 7 2017 Matus Honek - 2.4.45-1 +- Rebase to version 2.4.45 (#1458081) + * fixes CVE-2017-9287 (#1456712, #1456713) +- Update the 'sources' file with new SHA512 hashes + * Fri Mar 31 2017 Matus Honek - 2.4.44-10 - NSS: Maximal TLS protocol version should be equal to NSS default (#1435692) diff --git a/sources b/sources index 98f05bf..0faa962 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -3535b7cd46dcf41c9a9480efa9e64618 ltb-project-openldap-ppolicy-check-password-1.1.tar.gz -693ac26de86231f8dcae2b4e9d768e51 openldap-2.4.44.tgz +SHA512 (ltb-project-openldap-ppolicy-check-password-1.1.tar.gz) = f3384a164ce5db488908cf6380bad8500b800b09d12a8f04e1b6ccb6f6af6ab3971fcdbe4acca7a1b6d16b408a11065c2b1ab2497863fe07d3c28262b0f6776e +SHA512 (openldap-2.4.45.tgz) = 1c9fc84efed8998f107ce6e1c6be3f5466388241afdca0cb3847720c9def0bc263a2dbc15bf0f9112d1b4c391fd01e8531a4fb08c5532c30fb86924c08daedab