Quanah Gibson-Mount pushed to branch OPENLDAP_REL_ENG_2_6 at openldap / OpenLDAP

Commits: a45e1fc4 by Howard Chu at 2024-06-28T16:46:13+00:00 ITS#10223 libldap: check for OpenSSL SSL_CTX_set_ciphersuites failure

- - - - - 0e7dbc99 by Quanah Gibson-Mount at 2024-06-28T16:47:27+00:00 ITS#10223

- - - - - 1d556f23 by Howard Chu at 2024-06-28T16:47:32+00:00 ITS#10224 libldap: check for OpenSSL EVP_Digest* failure

- - - - - 9d07c21d by Quanah Gibson-Mount at 2024-06-28T16:47:55+00:00 ITS#10224

- - - - - d13a07bf by François Kooman at 2024-06-28T16:48:57+00:00 ITS#9827 update Argon2 defaults

- switch to argon2id by default (from argon2i) - use OWASP recommended parameters as defaults

This only affects builds that use libargon2, e.g. Debian, and not builds that use libsodium as argon2id is already the default there, and better parameters are used

References: https://bugs.openldap.org/show_bug.cgi?id=9827 Signed-off-by: François Kooman <fkooman@tuxed.net>

- - - - - 3516e19b by Quanah Gibson-Mount at 2024-06-28T16:49:04+00:00 ITS#9827 - Use 7MB memory/5 iterations as default

This has the same protections as 19MB/2 iterations, but requires less system memory

- - - - - d0d0470f by Quanah Gibson-Mount at 2024-06-28T16:50:21+00:00 ITS#9827

- - - - - dc358cbc by Nadezhda Ivanova at 2024-06-28T16:56:38+00:00 ITS#10218 Disabling and re-enabling an asyncmeta database via cn=config leaks memory

Make sure asyncmeta frees the pending operations structures, resets all connections, frees connection structures and stops the timeout-loop.

- - - - - 8f05e9ed by Quanah Gibson-Mount at 2024-06-28T16:57:22+00:00 ITS#10218

- - - - - 532b2e60 by Nadezhda Ivanova at 2024-06-28T16:58:12+00:00 ITS#10219 Modify of olcDisabled by removing and adding a value invokes db_open twice

Do not invoke db_open if the database is not actually disabled

- - - - - f30d23a9 by Quanah Gibson-Mount at 2024-06-28T16:58:22+00:00 ITS#10219

- - - - - 1ea9880a by Nadezhda Ivanova at 2024-06-28T16:59:06+00:00 ITS#10227 Asyncmeta will not reset a connection if a bind operation fails with LDAP_OTHER, leaving the connection in invalid state

- - - - - c8e2fbf3 by Quanah Gibson-Mount at 2024-06-28T17:00:39+00:00 ITS#10227

- - - - - 5cd67e37 by Quanah Gibson-Mount at 2024-06-28T17:01:22+00:00 ITS#10230

- - - - - 8350e24c by Howard Chu at 2024-06-28T17:01:55+00:00 ITS#10231 slapadd: check for NULL suffix in error message

- - - - - 9937d5b9 by Quanah Gibson-Mount at 2024-06-28T17:02:02+00:00 ITS#10231

- - - - - 74f0e83e by Howard Chu at 2024-06-28T17:03:29+00:00 ITS#10235 slapo-nestgroup: silence extraneous register_at message

- - - - - 743ece89 by Quanah Gibson-Mount at 2024-06-28T17:03:55+00:00 ITS#10235

- - - - -

10 changed files:

- CHANGES - libraries/libldap/tls_o.c - servers/slapd/back-asyncmeta/back-asyncmeta.h - servers/slapd/back-asyncmeta/bind.c - servers/slapd/back-asyncmeta/init.c - servers/slapd/back-asyncmeta/meta_result.c - servers/slapd/bconfig.c - servers/slapd/overlays/nestgroup.c - servers/slapd/pwmods/argon2.c - servers/slapd/slapadd.c

View it on GitLab: https://git.openldap.org/openldap/openldap/-/compare/d24499a93aede6b22e440a3...