--On Tuesday, March 21, 2006 11:48 AM -0800 Quanah Gibson-Mount
<[EMAIL PROTECTED]> wrote:
I'm quite aware they backport some bugs fixes. However, I'm also well
aware that I've never seen a member of the RedHat group who maintains the
OpenLDAP packages on the openldap-devel list or tracking the various CVS
commits that come in. Looking at the RedHat changelog for their OpenLDAP
package, shows a total of *2* fixes imported into their 2.2.13 release
from the 2.2 branch, one from 2.2.15, and one from 2.2.16. No
modifications or updates since that time. Given the many bug fixes by
the time 2.2.30 was released, their version is horribly out of date, and
has one or two DOS attacks present in it. I would hardly call that
"updating" their distribution.
sh-3.00# rpm -q --changelog openldap | more
* Tue Apr 19 2005 Nalin Dahyabhai <[EMAIL PROTECTED]> 2.2.13-3
- move nptl libraries into arch-specific subdirectories on %{ix86} boxes,
to match glibc's layout
- update notes on upgrading from previous releases
- pull in fix for ITS #3201 from 2.2.15
- pull in fix for ITS #3326 from 2.2.16
The openldap-servers packages shows one other fix pulled in from the
OpenLDAP release. Again, not any real maintenance/updates happening here.
sh-3.00# rpm -q -p openldap-servers-2.2.13-4.i386.rpm --changelog | more
* Thu Aug 11 2005 Jay Fenlason <[EMAIL PROTECTED]> 2.2.13-3.4E
- Backport the -hop patches to prevent infinite looping when chasing
referrals.
OpenLDAP ITS #3578 as described in
bz#158120 [RHEL3] Need help configuring host as an LDAP client
- Create and own the /etc/openldap/cacerts directory, to close
bz#159151 Authconfig update creates a problem with OpenLDAP server
* Tue Jul 05 2005 Jay Fenlason <[EMAIL PROTECTED]>
- Include fix for
bz#161990 openldap password disclosure issue
--
Quanah Gibson-Mount
Principal Software Developer
ITS/Shared Application Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
