OpenLDAP 2.3.35 is now available for download as detailed on our download page: http://www.openldap.org/software/download/
and should soon be available on all official mirrors: ftp://ftp.openldap.org/pub/OpenLDAP/MIRRORS
This is a maintenance release and is made available for general use. Users of OpenLDAP Software are encouraged to upgrade.
Significant contributors to this release include: Quanah Gibson-Mount (Stanford) Pierangelo Masarati (SysNet) Howard Chu (Symas)
-- The OpenLDAP Project
OpenLDAP 2.3.35 Release (2007/04/09) Fixed ldapmodify to use correct memory free functions (ITS#4901) Fixed slapd acl set minor typo (ITS#4874) Fixed slapd entry consistency check in str2entry2 (ITS#4852) Fixed slapd ldapi:// credential issue (ITS#4893) Fixed slapd str2anlist handling of undefined attrs/OCs (ITS#4854) Fixed slapd syncrepl delta-sync modlist free (ITS#4904) Added slapd syncrepl retry logging (ITS#4915) Fixed slapd zero-length IA5string handling (ITS#4823) Fixed slapd-bdb/hdb startup with missing shm env (ITS#4851) Fixed slapd-ldap/meta consistency in referral proxying (ITS#4861) Fixed slapd-ldap bind cleanup in case of unauthorized idassert Fixed slapd-meta search cleanup Fixed slapd-meta/slapo-rwm filter mapping Fixed slapd-sql subtree shortcut (ITS#4856) Fixed slapo-dynlist crasher (ITS#4891) Fixed slapo-refint config message (ITS#4853) Fixed libldap time_t signedness (ITS#4872) Fixed libldap_r tpool reset (ITS#4855,#4899) Documentation Misc Doc fixes (ITS#4863, ITS#4877, ITS#4885, ITS#4897)
MD5 (openldap-2.3.35.tgz) = 91ae33b88bce17a48743da35a0aa04fd SHA1 (openldap-2.3.35.tgz) = aec609f4538bc05083d02fce04c3b3338686c1a0
OpenLDAP Project wrote:
OpenLDAP 2.3.35 is now available for download as detailed on our download page: http://www.openldap.org/software/download/
and should soon be available on all official mirrors: ftp://ftp.openldap.org/pub/OpenLDAP/MIRRORS
This is a maintenance release and is made available for general use. Users of OpenLDAP Software are encouraged to upgrade.
Significant contributors to this release include: Quanah Gibson-Mount (Stanford) Pierangelo Masarati (SysNet) Howard Chu (Symas)
-- The OpenLDAP Project
OpenLDAP 2.3.35 Release (2007/04/09) Fixed ldapmodify to use correct memory free functions (ITS#4901) Fixed slapd acl set minor typo (ITS#4874) Fixed slapd entry consistency check in str2entry2 (ITS#4852) Fixed slapd ldapi:// credential issue (ITS#4893)
ITS#4893 addresses security implications on HPUX. If you're using ldapi:// on HPUX 11 it is possible for regular users to bind to the directory with the credentials of Unix root. Similar exploits may be possible on AIX 5.1 and older, and Solaris 2.9 and older. This release disables the insecure credential passing mechanism on these OS versions; if you were relying on SASL/EXTERNAL authentication with ldapi:// on the affected platforms that mechanism will no longer work after you install this release.
We may re-enable these mechanisms in a later update, depending on user demand. In the meantime, if you're using ldapi:// on these platforms, you need to stop or upgrade to this release ASAP. Workarounds are still being tested and will be made available as they become ready.
openldap-announce@openldap.org
-
Howard Chu -
OpenLDAP Project