[Git][openldap-team/openldap][upstream] 52 commits: Return to RE
Ryan Tandy
gitlab at salsa.debian.org
Tue Apr 28 22:48:06 BST 2020
Ryan Tandy pushed to branch upstream at Debian OpenLDAP Maintainers / openldap
Commits:
a88a908b by Quanah Gibson-Mount at 2020-01-30T18:12:35+00:00
Return to RE
- - - - -
826e5580 by Quanah Gibson-Mount at 2020-02-03T19:13:43+00:00
ITS#7855 - Update config.guess and config.sub for ldapc++ contrib module
Update config.guess and config.sub from official upstream project at https://savannah.gnu.org/projects/config/
Specifically in this case, commit 5256817ace8493502ec88501a19e4051c2e220b0 for the date Wed Jan 1 19:36:58 2020 +1100
- - - - -
33760eec by Quanah Gibson-Mount at 2020-02-03T19:17:38+00:00
ITS#7855 for ldapc++ contrib
- - - - -
e22c4b64 by Thorsten Glaser at 2020-02-06T20:23:53+00:00
ITS#8890 fix benign typos
No functional impact
- - - - -
1f1c2401 by Quanah Gibson-Mount at 2020-02-06T20:25:03+00:00
ITS#8890
- - - - -
a97f5e85 by Quanah Gibson-Mount at 2020-02-19T18:25:33+00:00
Minor fix to CHANGES to fix order
- - - - -
0f106b55 by Ondřej Kuzník at 2020-02-21T20:38:12+00:00
ITS#9171 Insert callback in the right place
- - - - -
e7d22377 by Ondřej Kuzník at 2020-02-21T20:38:27+00:00
Correct cyrus-sasl version verison check
- - - - -
ef537fdf by Quanah Gibson-Mount at 2020-02-21T20:39:00+00:00
ITS#9171
- - - - -
f8b92e8e by Quanah Gibson-Mount at 2020-02-21T21:11:49+00:00
ITS#9175 - Fix argument cast
Fixes potential segfault in ldapsearch
- - - - -
28adb72d by Quanah Gibson-Mount at 2020-02-21T21:12:07+00:00
ITS#9175
- - - - -
71d4e47e by Quanah Gibson-Mount at 2020-03-24T17:03:29+00:00
ITS#8683 - Delete client-pr information from slapd-meta(5) for RE24
- - - - -
8617e66f by Quanah Gibson-Mount at 2020-03-24T19:40:43+00:00
ITS#8683
- - - - -
5f8cd023 by Howard Chu at 2020-04-02T16:46:11+00:00
ITS#9198 - Plug unlikely memleak in liblunicode
- - - - -
619ab049 by Quanah Gibson-Mount at 2020-04-02T19:47:43+00:00
ITS#9198
- - - - -
9b8cd201 by Emily Backes at 2020-04-02T20:43:03+00:00
ITS#7074 - change olcDatabaseDummy initialization for windows
- - - - -
8ab59cc4 by Quanah Gibson-Mount at 2020-04-02T20:48:52+00:00
ITS#7074
- - - - -
468c8ee2 by Quanah Gibson-Mount at 2020-04-02T21:18:24+00:00
ITS#9003
Note that with slapd-ldap, the special character "*" actually allows anonymous rather than denies, as is the case with authz-policy
- - - - -
4d590c95 by Quanah Gibson-Mount at 2020-04-02T21:26:18+00:00
ITS#9003
- - - - -
61bdf0e6 by Howard Chu at 2020-04-02T21:28:37+00:00
ITS#9181 Fix race on Windows mutex init
- - - - -
cc666818 by Quanah Gibson-Mount at 2020-04-02T21:30:32+00:00
ITS#9181
- - - - -
727c1a3b by Howard Chu at 2020-04-02T21:30:51+00:00
ITS#9182 pcache: fix private DB init
- - - - -
4bfec018 by Quanah Gibson-Mount at 2020-04-02T21:32:07+00:00
ITS#9182
- - - - -
3894d747 by Ondřej Kuzník at 2020-04-06T18:35:22+00:00
ITS#6207 Add GitLab CI
- - - - -
c385351a by Quanah Gibson-Mount at 2020-04-06T18:36:54+00:00
Drop wired tiger dev
Add BDB dev package
- - - - -
7cf7aa31 by Howard Chu at 2020-04-13T16:32:35+00:00
ITS#8650 loop on incomplete TLS handshake
Always retry ldap_int_tls_connect() if it didn't complete,
regardless of blocking or non-blocking socket. Code from
ITS#7428 was wrong to only retry for async.
- - - - -
7631dcea by Quanah Gibson-Mount at 2020-04-13T16:33:26+00:00
ITS#8650
- - - - -
c8b5c691 by grapvar at 2020-04-15T00:10:52+00:00
ITS#9214 slapd-mdb: plug cursor leak in dnSuperiorMatch filter
- - - - -
3347905d by Quanah Gibson-Mount at 2020-04-15T00:11:18+00:00
ITS#9214
- - - - -
6fe9b0c6 by Ryan Tandy at 2020-04-16T16:48:50+00:00
ITS#8383 Look for socklen_t in <ws2tcpip.h> too
MinGW targets do not have the <sys/socket.h> header. The configure check
would conclude that there is no socklen_t type, resulting in portable.h
containing its own definition of socklen_t, which would later conflict
with the actual definition in <ws2tcpip.h>.
Add <ws2tcpip.h> to the configure check for socklen_t, so that the
defined type is correctly detected.
- - - - -
f5143f99 by Ryan Tandy at 2020-04-16T16:52:18+00:00
ITS#7878 Replace uint32_t with unsigned in back-mdb
init.c: align mi_dbenv_flags and flags with mdb_dbi_open, which declares
flags as unsigned int.
search.c: align mi_rtxn_size with ARG_UINT; adjust ww_ctx.nentries to
silence a warning about signed/unsigned comparison.
config.c: parse checkpoint config more carefully. Reject negative or
unreasonably large values for kbytes and minutes. Ensure both values are
parsed successfully before making any changes.
Fixes a compilation failure under MinGW, where stdint.h types are not
implicitly pulled in by other headers.
- - - - -
c90b667f by Quanah Gibson-Mount at 2020-04-16T16:54:27+00:00
ITS#8383 - regenerate configure
- - - - -
304ec18c by Quanah Gibson-Mount at 2020-04-16T16:55:05+00:00
ITS#8383
- - - - -
2022e7be by Quanah Gibson-Mount at 2020-04-16T16:55:43+00:00
ITS#7878
- - - - -
0daf8012 by Ryan Tandy at 2020-04-16T21:05:16+00:00
ITS#9181 fix ldap_pvt_thread_mutex_t used before its definition
- - - - -
2210a3bd by Simon Levermann at 2020-04-21T19:40:16+00:00
ITS#8575 Implement argon2 password hashing as a module
This change implements argon2, which won the Password Hashing
Competition (https://password-hashing.net/) as a contrib-module in order
to provide a modern password hashing alternative in openldap. The
currently available password hashing algorithms are relatively old, and
modern hardware, especially GPUs can compute quite a few (ranging from
tens of thousands to millions) of hashes per second. Argon2 was designed
to withstand such attacks.
This implementation uses the default work factors used in the argon2
command line client, but the resulting hashes are stored in a way that
would allow retroactive changes to these values, or even exposing them
as configuration in the module.
- - - - -
793f6ecd by Ondřej Kuzník at 2020-04-21T19:40:21+00:00
ITS#8575 Add a libsodium based implementation
- - - - -
b643f7fc by Ondřej Kuzník at 2020-04-21T19:40:24+00:00
ITS#8575 Accept parameters for hashing new passwords
- - - - -
997ff449 by Peter Marschall at 2020-04-21T19:40:30+00:00
ITS#9203 contrib/passwd/argon2: add manual page
Add manual page slapd-pw-argon2.5 and make sure it gets installed.
Signed-off-by: Peter Marschall <peter at adpm.de>
- - - - -
0ff54ddf by Ryan Tandy at 2020-04-21T19:40:33+00:00
ITS#9203 slapd-argon2 -> pw-argon2
Based on initial patch by Peter Marschall.
- - - - -
8ff81631 by Peter Marschall at 2020-04-21T19:40:38+00:00
ITS#9206 contrib/passwd/argon2: consolidate libsodium implementation
* use 'crypto_pwhash_str_alg(..., crypto_pwhash_ALG_ARGON2ID13)' to set
the algorithm to Argon2.
According to libsodium's documentation, the original 'crypto_pwhash_str()'
only guarantees a "memory-hard, CPU-intensive hash function", but not
necessarily Argon2. Although in released versions of libsodium Argon2 is
the only implemented backend, this may chane in the future.
* multiply the 'memory' parameter by 1024 to align it with the libargon2
implementation. The objective is to have consistent configuration in
OpenLDAP's pw-argon2 module no matter what backend implementation is used.
Signed-off-by: Peter Marschall <peter at adpm.de>
- - - - -
511ad098 by Ryan Tandy at 2020-04-21T19:40:42+00:00
ITS#9206 Initialize libsodium before calling its functions
- - - - -
07405636 by Ryan Tandy at 2020-04-21T19:40:45+00:00
ITS#9206 Convert libsodium default memlimit to KiB
- - - - -
59bed7e6 by Ryan Tandy at 2020-04-21T19:40:49+00:00
ITS#9206 Use argon2id default values explicitly
- - - - -
ba50189b by Ryan Tandy at 2020-04-21T19:40:55+00:00
ITS#9203 Remove default values from slapd-pw-argon2.5
The defaults vary by crypto library and possibly even version, so it's
not worth trying to keep them accurate.
- - - - -
38412073 by Quanah Gibson-Mount at 2020-04-21T23:40:12+00:00
ITS#9233, ITS#8575, ITS#9203, ITS#9206
- - - - -
784dc863 by Quanah Gibson-Mount at 2020-04-22T00:37:09+00:00
ITS#9230 - Update man page information on the truncate option for RE24.
- - - - -
9ab0dfdb by Quanah Gibson-Mount at 2020-04-22T14:26:24+00:00
ITS#9230
- - - - -
98464c11 by Howard Chu at 2020-04-28T13:59:57+00:00
ITS#9202 limit depth of nested filters
Using a hardcoded limit for now; no reasonable apps
should ever run into it.
- - - - -
226626d4 by Quanah Gibson-Mount at 2020-04-28T14:00:57+00:00
ITS#9202
- - - - -
733124b3 by Quanah Gibson-Mount at 2020-04-28T14:05:54+00:00
Set 2.4.50 release
- - - - -
9806277e by Ryan Tandy at 2020-04-28T16:46:54+00:00
New upstream version 2.4.50+dfsg
- - - - -
8 changed files:
- CHANGES
- build/version.var
- clients/tools/common.c
- configure
- configure.in
- contrib/ldapc++/config.guess
- contrib/ldapc++/config.sub
- + contrib/slapd-modules/passwd/argon2/Makefile
View it on GitLab: https://salsa.debian.org/openldap-team/openldap/-/compare/bf5cbf1bc038c762010b702a09c7bdb3d9e7a3cf...9806277ed20cc9fe78cd7b8af83064852a87f68f
--
View it on GitLab: https://salsa.debian.org/openldap-team/openldap/-/compare/bf5cbf1bc038c762010b702a09c7bdb3d9e7a3cf...9806277ed20cc9fe78cd7b8af83064852a87f68f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-openldap-devel/attachments/20200428/b93b50b7/attachment-0001.html>
More information about the Pkg-openldap-devel
mailing list