-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Mon, 26 Jul 2004 18:41:23 +0200 Source: openldap2 Binary: libslapd2-dev slapd libldap2 ldap-utils libldap2-dev Architecture: source i386 all Version: 2.1.30-3 Distribution: unstable Urgency: high Maintainer: Torsten Landschoff <torsten@debian.org> Changed-By: Roland Bauerschmidt <rb@debian.org> Description: ldap-utils - OpenLDAP utilities libldap2 - OpenLDAP libraries libldap2-dev - OpenLDAP development libraries libslapd2-dev - OpenLDAP slapd back-end development headers slapd - OpenLDAP server (slapd) Closes: 244827 Changes: openldap2 (2.1.30-3) unstable; urgency=high . * Urgeny high since previous releases were hardly usable (at least with TLS). * Roland Bauerschmidt <rb@debian.org> + libraries/libldap/gnutls.c, libraries/libldap/tls.c, include/ldap_pvt_gnutls.h: Use callback with gnutls_certificate_set_params_function to generate dh_params and rsa_params (this is also the way, it's done with OpenSSL). We need GNUTLS 1.0.9 for this. With the new version of libgcrypt, we also need to initialize threading explicitly. The previous segmentation faults resulted from the *global* param structure being recreated and freed for every session. Many thanks to Matthias Urlichs who helped debugging a lot and also packaged GNUTLS 1.0.16 very quickly... Closes: #244827. + debian/control: Add build dependency to libgcrypt11-dev (we're initializing it directly now) and change libgnutls10-dev to libgnutls11-dev. + libraries/libldap/gnutls.c: in tls_gnutls_need_{dh,rsa}_params (formerly ldap_gnutls_need_...), create temp files more securely, doing unlink before opening and opening them with O_EXCL. This is necessary because under Linux 2.6 all threads have the same PID. Thanks to Andrew Suffield for pointing this out. + debian/slapd.cron.daily: cron job to remove GNUTLS rsa_export and dh param cache files every day. + debian/slapd.README.Debian: add note that we use GNUTLS rather than OpenSSL. Files: 368c4bee43faba970848f6a43a6a3a19 970 net optional openldap2_2.1.30-3.dsc d43f270c6b7480c5fdcd3f954a1086b0 114367 net optional openldap2_2.1.30-3.diff.gz 497cbd88576c42e89457fa8c1594067f 941934 net optional slapd_2.1.30-3_i386.deb 01c409b7e225facf2056310fd70afdad 114684 net optional ldap-utils_2.1.30-3_i386.deb 9c68cfd009275e21532cd17368dc7705 289878 libs important libldap2_2.1.30-3_i386.deb dcb1079af22407da018332f3260d0bc8 326164 libdevel extra libldap2-dev_2.1.30-3_i386.deb d11e456199673b1f2b0f71ec7a1a6642 71828 libdevel extra libslapd2-dev_2.1.30-3_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBBfLADpXnNan6F/8RArriAJ9B7JcGGUfdf3SpvEE/2o2aLWvyEgCgtjVe GAKgjxJYyCgqBNMvsfBvwRE= =icq2 -----END PGP SIGNATURE----- Accepted: ldap-utils_2.1.30-3_i386.deb to pool/main/o/openldap2/ldap-utils_2.1.30-3_i386.deb libldap2-dev_2.1.30-3_i386.deb to pool/main/o/openldap2/libldap2-dev_2.1.30-3_i386.deb libldap2_2.1.30-3_i386.deb to pool/main/o/openldap2/libldap2_2.1.30-3_i386.deb libslapd2-dev_2.1.30-3_all.deb to pool/main/o/openldap2/libslapd2-dev_2.1.30-3_all.deb openldap2_2.1.30-3.diff.gz to pool/main/o/openldap2/openldap2_2.1.30-3.diff.gz openldap2_2.1.30-3.dsc to pool/main/o/openldap2/openldap2_2.1.30-3.dsc slapd_2.1.30-3_i386.deb to pool/main/o/openldap2/slapd_2.1.30-3_i386.deb -- To UNSUBSCRIBE, email to debian-devel-changes-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
