Fedora 17 Update: openldap-2.4.33-2.fc17

updates at fedoraproject.org updates at fedoraproject.org
Sun Oct 28 00:52:09 UTC 2012 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-15978
2012-10-12 02:23:19
--------------------------------------------------------------------------------

Name        : openldap
Product     : Fedora 17
Version     : 2.4.33
Release     : 2.fc17
URL         : http://www.openldap.org/
Summary     : LDAP support libraries
Description :
OpenLDAP is an open source suite of LDAP (Lightweight Directory Access
Protocol) applications and development tools. LDAP is a set of
protocols for accessing directory services (usually phone book style
information, but other information is possible) over the Internet,
similar to the way DNS (Domain Name System) information is propagated
over the Internet. The openldap package contains configuration files,
libraries, and documentation for OpenLDAP.

--------------------------------------------------------------------------------
Update Information:

new upstream release:
- slapd: ACLs, syncrepl
- backends: locking and memory management in MDB
- manpages: slapo-refint

bug fixes:
- patch update: MozNSS certificate database in SQL format cannot be used (#860317)
- fix: slapd.service should not use /tmp (#859019)
- fix: slapd with rwm overlay segfault following ldapmodify (#865685)
--------------------------------------------------------------------------------
ChangeLog:

* Fri Oct 12 2012 Jan Vcelak <jvcelak at redhat.com> 2.4.33-2
- fix: slapd with rwm overlay segfault following ldapmodify (#865685)
* Thu Oct 11 2012 Jan Vcelak <jvcelak at redhat.com> 2.4.33-1
- new upstream release:
  + slapd: ACLs, syncrepl
  + backends: locking and memory management in MDB
  + manpages: slapo-refint
- patch update: MozNSS certificate database in SQL format cannot be used (#860317)
- fix: slapd.service should not use /tmp (#859019)
* Fri Sep 14 2012 Jan Vcelak <jvcelak at redhat.com> 2.4.32-3
- fix: some TLS ciphers cannot be enabled (#852338)
- fix: connection hangs after fallback to second server when certificate hostname verification fails (#852476)
- fix: not all certificates in OpenSSL compatible CA certificate directory format are loaded (#852786)
- fix: MozNSS certificate database in SQL format cannot be used (#857373)
- fix: libldap does not load PEM certificate if certdb is used as TLS_CACERTDIR (#857455)
* Mon Aug 20 2012 Jan Vcelak <jvcelak at redhat.com> 2.4.32-2
- enhancement: TLS, prefer private keys from authenticated slots
- enhancement: TLS, allow certificate specification including token name
- resolve TLS failures in replication in 389 Directory Server
* Wed Aug  1 2012 Jan Vcelak <jvcelak at redhat.com> 2.4.32-1
- new upstream release
  + library: double free, SASL handling
  + tools: read SASL_NOCANON from config file
  + slapd: config index renumbering, duplicate error response
  + backends: various fixes in mdb, bdb/hdb, ldap
  + accesslog, syncprov: fix memory leaks in with replication
  + sha2: portability, thread safety, support SSHA256,384,512
  + documentation fixes
* Sat Jul 21 2012 Jan Vcelak <jvcelak at redhat.com> 2.4.31-7
- fix: slapd refuses to set up TLS with self-signed PEM certificate (#842022)
* Fri Jul 20 2012 Jan Vcelak <jvcelak at redhat.com> 2.4.31-6
- multilib fix: move libslapi from openldap-servers to openldap package
* Thu Jul 19 2012 Jan Vcelak <jvcelak at redhat.com> 2.4.31-5
- fix: querying for IPv6 DNS records when IPv6 is disabled on the host (#835013)
- fix: smbk5pwd module computes invalid LM hashes (#841560)
* Wed Jul 18 2012 Jan Vcelak <jvcelak at redhat.com> 2.4.31-4
- modify the package build process
  + fix autoconfig files to detect Mozilla NSS library using pkg-config
  + remove compiler flags which are not needed currently
  + build server, client and library together
  + avoid stray dependencies by using --as-needed linker flag
  + enable SLAPI interface in slapd
* Wed Jun 27 2012 Jan Vcelak <jvcelak at redhat.com> 2.4.31-3
- update fix: count constraint broken when using multiple modifications (#795766)
- fix: invalid order of TLS shutdown operations (#808464)
- fix: TLS error messages overwriting in tlsm_verify_cert() (#810462)
- fix: reading pin from file can make all TLS connections hang (#829317)
- CVE-2012-2668: cipher suite selection by name can be ignored (#825875)
- fix: slapd fails to start on reboot (#829272)
- fix: default cipher suite is always selected (#828790)
- fix: less influence between individual TLS contexts:
  - replication with TLS does not work (#795763)
  - possibly others
* Fri May 18 2012 Jan Vcelak <jvcelak at redhat.com> 2.4.31-2
- fix: nss-tools package is required by the base package, not the server subpackage
- fix: MozNSS CA certdir does not work together with PEM CA cert file (#819536)
* Tue Apr 24 2012 Jan Vcelak <jvcelak at redhat.com> 2.4.31-1
- new upstream release
  + library: IPv6 url detection
  + library: rebinding to failed connections
  + server: various fixes in mdb backend
  + server: various fixes in replication
  + server: various fixes in overlays and minor backends
  + documentation fixes
- remove patches which were merged upstream
* Thu Apr  5 2012 Jan Vcelak <jvcelak at redhat.com> 2.4.30-3
- rebuild due to libdb rebase
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #860317 - patch update: MozNSS certificate database in SQL format cannot be used
        https://bugzilla.redhat.com/show_bug.cgi?id=860317
  [ 2 ] Bug #859019 - slapd.service should not use /tmp
        https://bugzilla.redhat.com/show_bug.cgi?id=859019
  [ 3 ] Bug #865685 - slapd with rwm overlay segfault following ldapmodify
        https://bugzilla.redhat.com/show_bug.cgi?id=865685
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update openldap' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the package-announce mailing list