Univention Bugzilla – Attachment 9698 Details for
Bug 47974
Failing /etc/ldap/dh_2048.pem renewal - LDAP server fails to start (after update to UCS-4.3)
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch for Bug 38685 dropped in UCS 4.1
ucs4.0-5.diff (text/plain), 4.02 KB, created by
Arvid Requate
on 2018-10-15 13:47:40 CEST
(
hide
)
Description:
Patch for Bug 38685 dropped in UCS 4.1
Filename:
MIME Type:
Creator:
Arvid Requate
Created:
2018-10-15 13:47:40 CEST
Size:
4.02 KB
patch
obsolete
>Index: conffiles/etc/cron.d/univention-ldap >=================================================================== >--- conffiles/etc/cron.d/univention-ldap (Revision 61862) >+++ conffiles/etc/cron.d/univention-ldap (Revision 62244) >@@ -2,10 +2,10 @@ > > PATH=/usr/sbin:/usr/bin:/sbin:/bin > >-# recreate dh paramter files for forward secrecy >+# re-create dh parameter files for forward secrecy on a regular basis > @!@ > script = '/usr/share/univention-ldap/create-dh-parameter-files' >-interval = configRegistry.get('ldap/tls/dh/cron', '30 4 * * *') >+interval = configRegistry.get('ldap/tls/dh/cron') > if interval: > print '%s root %s' % (interval, script) > @!@ >Index: conffiles/etc/ldap/slapd.conf.d/30univention-ldap-server_head >=================================================================== >--- conffiles/etc/ldap/slapd.conf.d/30univention-ldap-server_head (Revision 61862) >+++ conffiles/etc/ldap/slapd.conf.d/30univention-ldap-server_head (Revision 62244) >@@ -15,7 +15,7 @@ > if protocol: > print 'TLSProtocolMin %s' % (protocol,) > from os.path import exists >-filename = configRegistry.get("ldap/tls/dh/paramfile", "/etc/ldap/dh_2048.pem") >+filename = configRegistry.get("ldap/tls/dh/paramfile") > if filename and exists(filename): > print 'TLSDHParamFile %s' % (filename,) > @!@ >Index: debian/changelog >=================================================================== >--- debian/changelog (Revision 61862) >+++ debian/changelog (Revision 62244) >@@ -1,3 +1,15 @@ >+univention-ldap (11.0.12-11) unstable; urgency=low >+ >+ * Bug #38685: Disable DH parameter creation by default >+ >+ -- Philipp Hahn <hahn@univention.de> Mon, 20 Jul 2015 11:58:17 +0200 >+ >+univention-ldap (11.0.12-10) unstable; urgency=low >+ >+ * Bug #38685: Make SSL/TLS ciphers configurable >+ >+ -- Philipp Hahn <hahn@univention.de> Fri, 17 Jul 2015 08:03:11 +0200 >+ > univention-ldap (11.0.12-9) unstable; urgency=low > > * Bug #38584: Remove DHCP policy references >Index: debian/univention-ldap-server.postinst >=================================================================== >--- debian/univention-ldap-server.postinst (Revision 61862) >+++ debian/univention-ldap-server.postinst (Revision 62244) >@@ -84,8 +84,6 @@ > security/packetfilter/package/univention-ldap-server/tcp/7636/all/en="LDAPS" > [ -x "/etc/init.d/univention-firewall" ] && invoke-rc.d univention-firewall restart > >-[ -f /etc/ldap/dh_2048.pem ] || cp /usr/share/univention-ldap/dh_2048.pem /etc/ldap/ >- > ucr set \ > ldap/debug/level?0 \ > slapd/port?"7389,389" \ >@@ -108,6 +106,9 @@ > ldap/tls/dh/paramfile?/etc/ldap/dh_2048.pem \ > ldap/maxopenfiles?8192 # Bug #17705 > >+paramfile="$(ucr get ldap/tls/dh/paramfile)" >+[ -n "$paramfile" ] && [ ! -f "$paramfile" ] && cp /usr/share/univention-ldap/dh_2048.pem "$paramfile" >+ > # UDM Property Attributes > udm_prop_attrs="univentionUDMPropertyVersion,univentionUDMPropertyModule,univentionUDMPropertyShortDescription,univentionUDMPropertyLongDescription,univentionUDMPropertySyntax,univentionUDMPropertyMultivalue,univentionUDMPropertyDefault,univentionUDMPropertyLdapMapping,univentionUDMPropertyObjectClass,univentionUDMPropertyDeleteObjectClass,univentionUDMPropertyValueMayChange,univentionUDMPropertyLayoutTabName,univentionUDMPropertyLayoutOverwriteTab,univentionUDMPropertyLayoutOverwritePosition,univentionUDMPropertyLayoutPosition,univentionUDMPropertyCLIName,univentionUDMPropertyTranslationShortDescription,univentionUDMPropertyTranslationLongDescription,univentionUDMPropertyTranslationTabName,univentionUDMPropertyOptions,univentionUDMPropertyLayoutTabAdvanced,univentionUDMPropertyValueRequired,univentionUDMPropertyHook,univentionUDMPropertyDoNotSearch" > # recommended index settings >Index: scripts/create-dh-parameter-files >=================================================================== >--- scripts/create-dh-parameter-files (Revision 61862) >+++ scripts/create-dh-parameter-files (Revision 62244) >@@ -38,7 +38,7 @@ > tmp=$(mktemp "$paramfile.XXXXXXXXXX") > trap "cat '$log';rm -f '$tmp' '$log'" EXIT > >-openssl gendh -out "$tmp" -2 2048 >+openssl dhparam -out "$tmp" -2 2048 > chmod 644 "$tmp" > mv "$tmp" "$paramfile" >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=9698">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 47974
: 9698