File openldap-ms.changes of Package openldap-ms
-------------------------------------------------------------------
Wed Dec 14 20:52:25 UTC 2022 - Michael Ströder <michael@stroeder.com>
- removed 0001-openldap-its9924-fix-memleak-in-deref.patch
- update to 2.6.4
OpenLDAP 2.6.4 Engineering
Fixed client tools to remove 'h' and 'p' options (ITS#9917,ITS#8618)
Fixed ldapsearch memory leak with paged results (ITS#9860)
Fixed libldap ldif_open_urlto check for failure (ITS#9904)
Fixed libldap ldap_url_parsehosts check for failure (ITS#9904)
Fixed liblunicode UTF8bvnormalize buffer size (ITS#9955)
Fixed lloadd memory leaks (ITS#9907)
Fixed lloadd shutdown code to protect memory correctly (ITS#9913)
Fixed lloadd race in epoch.c (ITS#9947)
Fixed lloadd potential deadlock with cn=monitor (ITS#9951)
Fixed slapd memory leak with olcAuthIDRewrite (ITS#6035)
Fixed slapd free of redundant cmdline option (ITS#9912)
Fixed slapd transactions extended operations cleanup after write (ITS#9892)
Fixed slapd deadlock with replicated cn=config (ITS#9930)
Fixed slapd bconfig locking of cn=config entries (ITS#9045)
Fixed slapd-mdb max number of index databases to 256 (ITS#9895)
Fixed slapd-mdb to always release entries from ADD operations (ITS#9942)
Fixed slapd-mdb to fully init empty DN in tool_entry_get (ITS#9940)
Fixed slapd-monitor memory leaks with lloadd (ITS#9906)
Fixed slapd-monitor to free remembered cookies (ITS#9339)
Fixed slapo-deref memory leak (ITS#9924)
Fixed slapo-dynlist to ignore irrelevant objectClasses (ITS#9897)
Fixed slapo-dynlist to avoid unnecessary searches (ITS#9929)
Fixed slapo-remoteauth memory leaks (ITS#9438)
Fixed slapo-rwm memory leaks (ITS#9817)
Build Environment
Fixed ancient DOS related ifdef checks (ITS#9925)
Fixed build process to not use gmake specific features (ITS#9894)
Fixed source tree to remove symlinks (ITS#9926)
Fixed slapo-otp testdir creation (ITS#9437)
Fixed slapd-tester memory leak (ITS#9908)
Fixed usage of non-standard C syntax (ITS#9898, ITS#9899, ITS#9901)
Fixed usage of bashism (ITS#9900)
Fixed test suite portability (ITS#9931)
Documentation
Fixed slapo-asyncmeta(5) to clarify scheduling for target connections (ITS#9941)
Fixed slapo-unique(5) to clarify when quoting should be used (ITS#9915)
Minor cleanup
ITS#9935
ITS#9336
ITS#9337
-------------------------------------------------------------------
Wed Dec 14 20:19:02 UTC 2022 - Michael Ströder <michael@stroeder.com>
- build and install LMDB CLI tools
-------------------------------------------------------------------
Wed Nov 16 16:32:05 UTC 2022 - Michael Ströder <michael@stroeder.com>
- added --with-systemd to configure options with new
build dependency systemd-devel
-------------------------------------------------------------------
Thu Sep 29 16:00:47 UTC 2022 - Michael Ströder <michael@stroeder.com>
- added 0001-openldap-its9924-fix-memleak-in-deref.patch
-------------------------------------------------------------------
Thu Jul 14 21:22:41 UTC 2022 - Michael Ströder <michael@stroeder.com>
- update to 2.6.3
- removed obsolete 0017-Resolve-error-handling-in-new-ctx-when-global.patch
OpenLDAP 2.6.3 Release (2022/07/14)
Fixed librewrite declaration of calloc (ITS#9841)
Fixed libldap to check for NULL ld (ITS#9157)
Fixed libldap memory leaks (ITS#9876)
Fixed lloadd to correctly tag Notice of Disconnection (ITS#9856)
Fixed slapd kqueue support (ITS#9847)
Fixed slapd delta-sync DN leak on ADD ops (ITS#9866)
Fixed slapd replication with back-glue (ITS#9868)
Fixed slapd lastbind replication with chaining (ITS#9863)
Fixed slapd-ldap to correctly set authzid (ITS#9863)
Fixed slapd-mdb to check for stale readers on MDB_READERS_FULL (ITS#7165)
Fixed slapd-mdb indexer task with replicated config (ITS#9858)
Fixed slapo-accesslog onetime memory leak (ITS#9864)
Fixed slapo-ppolicy interaction with slapo-rwm (ITS#9871)
Fixed slapo-rwm to handle escaping special characters (ITS#9817)
Fixed slapo-syncprov memory leaks (ITS#9867)
Fixed slapo-syncprov fallback in delta-sync mode (ITS#9823)
Fixed slapo-unique to not release NULL entry (ITS#8245)
Build Environment
Added slapd-watcher -c contextDN option (ITS#9865)
Fixed parallel builds (ITS#9840)
Fixed test020 to skip back-wt (ITS#9859)
Fixed slapd-watcher SID handling with single URI (ITS#9850)
Fixed test043 with workaround for ITS#9878
Contrib
Added slapo-emptyds contrib module (ITS#8882)
Added slapo-ciboolean contrib module (ITS#9855)
Fixed slapo-autogroup backwards compat (ITS#9020)
Update ppm module to the 2.2 release (ITS#9846)
Documentation
Fixed ldap_get_option(3) to clarify ldap_get/set_option restrictions (ITS#9824)
Fixed slapd-ldap(5),slapd-meta(5) missing bold tag on authz parameter (ITS#9872)
-------------------------------------------------------------------
Thu Jul 14 14:05:41 UTC 2022 - Michael Ströder <michael@stroeder.com>
- added openldap-ms-rpmlintrc
-------------------------------------------------------------------
Wed Jun 8 13:48:26 UTC 2022 - Michael Ströder <michael@stroeder.com>
- added slapo-denyop
-------------------------------------------------------------------
Mon May 23 10:59:44 UTC 2022 - Michael Ströder <michael@stroeder.com>
- re-added 0003-LDAPI-socket-location.dif
-------------------------------------------------------------------
Sat May 21 13:04:58 UTC 2022 - Michael Ströder <michael@stroeder.com>
- added 0017-Resolve-error-handling-in-new-ctx-when-global.patch
-------------------------------------------------------------------
Thu Apr 28 16:17:24 UTC 2022 - Michael Ströder <michael@stroeder.com>
- update to 2.6.2
- removed 0003-LDAPI-socket-location.dif
OpenLDAP 2.6.2 Release (2022/05/04)
Added libldap support for OpenSSL 3.0 (ITS#9436)
Added slapd support for OpenSSL 3.0 (ITS#9436)
Fixed ldapdelete to prune LDAP subentries (ITS#9737)
Fixed libldap to drop connection when non-LDAP data is received (ITS#9803)
Fixed libldap to allow newlines at end of included file (ITS#9811)
Fixed slapd slaptest conversion of olcLastBind (ITS#9808)
Fixed slapd to correctly init global_host earlier (ITS#9787)
Fixed slapd bconfig locking for cn=config replication (ITS#9584)
Fixed slapd usage of thread local counters (ITS#9789)
Fixed slapd to clear runqueue task correctly (ITS#9785)
Fixed slapd idletimeout handling (ITS#9820)
Fixed slapd syncrepl handling of new sessions (ITS#9584)
Fixed slapd to clear connections on bind (ITS#9799)
Fixed slapd to correctly advance connections index (ITS#9831)
Fixed slapd syncrepl ODSEE replication of unknown attr (ITS#9801)
Fixed slapd-asyncmeta memory leak in keepalive setting (ITS#9802)
Fixed slapd-ldap memory leak in keepalive setting (ITS#9802)
Fixed slapd-meta SEGV on config rewrite (ITS#9802)
Fixed slapd-meta ordering on config rewrite (ITS#9802)
Fixed slapd-meta memory leak in keepalive setting (ITS#9802)
Fixed slapd-monitor SEGV on shutdown (ITS#9809)
Fixed slapd-monitor crash when hitting sizelimit (ITS#9832)
Added slapo-autoca support for OpenSSL 3.0 (ITS#9436)
Added slapo-otp support for OpenSSL 3.0 (ITS#9436)
Fixed slapo-dynlist dynamic group regression (ITS#9825)
Fixed slapo-pcache SEGV on shutdown (ITS#9809)
Fixed slapo-ppolicy operation handling to be consistent (ITS#9794)
Fixed slapo-translucent to correctly duplicate substring filters (ITS#9818)
Build Environment
Add ability to override default compile time paths (ITS#9675)
Fix compiliation with certain versions of gcc (ITS#9790)
Fix compilation with openssl exclusions (ITS#9791)
Fix warnings from make jobserver (ITS#9788)
Contrib
Update ppm module to the 2.1 release (ITS#9814)
Documentation
admin26 Document new lloadd features (ITS#9780)
Fixed slapd.conf(5)/slapd-config(5) syncrepl sizelimit/timelimit documentation (ITS#9804)
Fixed slapd-sock(5) to clarify "sockresps result" behavior (ITS#8255)
-------------------------------------------------------------------
Thu Jan 20 18:01:33 UTC 2022 - Michael Ströder <michael@stroeder.com>
- update to 2.6.1
- removed obsolete patches:
* 0002-openldap-its9738.patch
* 0004-openldap-its9747.patch
* 0005-openldap-its9753.patch
* 0006-openldap-its9750.patch
OpenLDAP 2.6.1 Release (2022/01/20)
Fixed libldap to init client socket port (ITS#9743)
Fixed libldap with referrals (ITS#9781)
Added slapd config keyword for logfile format (ITS#9745)
Fixed slapd to allow objectClass edits with no net change (ITS#9772)
Fixed slapd configtable population (ITS#9576)
Fixed slapd to only set loglevel in server mode (ITS#9715)
Fixed slapd logfile-rotate use of uninitialized variable (ITS#9730)
Fixed slapd passwd scheme handling with slapd.conf (ITS#9750)
Fixed slapd postread support for modrdn (ITS#7080)
Fixed slapd syncrepl recreation of deleted entries (ITS#9282)
Fixed slapd syncrepl replication with ODSEE (ITS#9707)
Fixed slapd syncrepl to properly replicate glue entries (ITS#9647)
Fixed slapd syncrepl to reject REFRESH for precise resync (ITS#9742)
Fixed slapd syncrepl to avoid busy loop during refresh (ITS#9584)
Fixed slapd syncrepl when X-ORDERED is specified (ITS#9761)
Fixed slapd syncrepl to better handle out of order delete ops (ITS#9751)
Fixed slapd syncrepl to correctly close connections when config is deleted (ITS#9776)
Fixed slapd-mdb to update indices correctly on replace ops (ITS#9753)
Fixed slapd-wt to set correct flags (ITS#9760)
Fixed slapo-accesslog to fix assertion due to deprecated code (ITS#9738)
Fixed slapo-accesslog to fix inconsistently normalized minCSN (ITS#9752)
Fixed slapo-accesslog delete handling of multi-valued config attrs (ITS#9493)
Fixed slapo-autogroup to maintain values in insertion order (ITS#9766)
Fixed slapo-constraint to maintain values in insertion order (ITS#9770)
Fixed slapo-dyngroup to maintain values in insertion order (ITS#9762)
Fixed slapo-dynlist compare operation for static groups (ITS#9747)
Fixed slapo-dynlist static group filter with multiple members (ITS#9779)
Fixed slapo-ppolicy when not built modularly (ITS#9733)
Fixed slapo-refint to maintain values in insertion order (ITS#9763)
Fixed slapo-retcode to honor requested insert position (ITS#9759)
Fixed slapo-sock cn=config support (ITS#9758)
Fixed slapo-syncprov memory leak (ITS#8039)
Fixed slapo-syncprov to generate a more accurate accesslog query (ITS#9756)
Fixed slapo-syncprov to allow empty DB to host persistent syncrepl connections (ITS#9691)
Fixed slapo-syncprov to consider all deletes for sycnInfo messages (ITS#5972)
Fixed slapo-translucent to warn on invalid config (ITS#9768)
Fixed slapo-unique to warn on invalid config (ITS#9767)
Fixed slapo-valsort to maintain values in insertion order (ITS#9764)
Build Environment
Fix test022 to preserve DELAY search output (ITS#9718)
Fix slapd-watcher to allow startup when servers are down (ITS#9727)
Contrib
Fixed slapo-lastbind to work with 2.6 lastbind-precision configuration (ITS#9725)
Documentation
Fixed slapd.conf(5)/slapd-config(5) documentation on lastbind-precision (ITS#9728)
Fixed slapo-accesslog(5) to clarify logoldattr usage (ITS#9749)
-------------------------------------------------------------------
Thu Dec 9 17:54:47 UTC 2021 - Michael Ströder <michael@stroeder.com>
- removed obsolete dependency on libsodium23
- removed obsolete suse_version checks
- fixed download URLs
-------------------------------------------------------------------
Thu Nov 25 21:12:18 UTC 2021 - Michael Ströder <michael@stroeder.com>
- added 0006-openldap-its9750.patch
-------------------------------------------------------------------
Wed Nov 24 07:37:02 UTC 2021 - Michael Ströder <michael@stroeder.com>
- added 0005-openldap-its9753.patch
-------------------------------------------------------------------
Wed Nov 17 16:40:29 UTC 2021 - Michael Ströder <michael@stroeder.com>
- added back-port fix 0004-openldap-its9747.patch
-------------------------------------------------------------------
Mon Nov 8 10:32:41 UTC 2021 - Michael Ströder <michael@stroeder.com>
- added 0002-openldap-its9738.patch
-------------------------------------------------------------------
Tue Oct 26 08:15:43 UTC 2021 - Michael Ströder <michael@stroeder.com>
- added 0001-openldap-its9725.patch
-------------------------------------------------------------------
Mon Oct 25 22:15:24 UTC 2021 - Michael Ströder <michael@stroeder.com>
- update to 2.6.0
+ New LDAP Load Balancer Capabilities
* Additional load balancing strategies
* Additional options to improve coherence with certain controls and extended operations
* Ability to log directly to a file bypassing syslog
+ New OpenLDAP Server Capabilities
* Ability to log directly to a file bypassing syslog
-------------------------------------------------------------------
Mon Oct 25 22:03:53 UTC 2021 - Michael Ströder <michael@stroeder.com>
- update to 2.5.9
OpenLDAP 2.5.9 Release (2021/10/25)
Fixed slapo-accesslog to initialize minCSN on import of 2.4 databases (ITS#9720)
-------------------------------------------------------------------
Wed Oct 13 18:54:25 UTC 2021 - Michael Ströder <michael@stroeder.com>
- removed baselibs.conf
-------------------------------------------------------------------
Mon Oct 11 18:46:13 UTC 2021 - Michael Ströder <michael@stroeder.com>
- update to 2.5.8
- removed obsolete 0001-openldap-its9671-fix-pwdPolicySubentry.patch
OpenLDAP 2.5.8 Release (2021/10/11)
Fixed libldap ldap_int_tls_connect: isdigit() requires unsigned char (ITS#9668)
Fixed libldap memory leak in ldap_get_option LDAP_OPT_X_TLS_PEERCERT (ITS#9696)
Fixed slapd to allow normalized values for namingContexts in cn=monitor (ITS#8341)
Fixed slapd to normalize the suffix in rootDSE (ITS#9664)
Fixed slapd slapadd to avoid destroying configDB prematurely (ITS#9678)
Fixed slapd to not spam logs with lastbind information (ITS#9156)
Fixed slapd slaptest migration to correctly set olcTSLVerifyClient (ITS#9711)
Fixed slapd-mdb multival delete handling (ITS#9712)
Fixed slapd-sql ldap_entry_objectclass table for mariadb/mysql (ITS#9679)
Fixed slapd-wt multiple issues (ITS#9463)
Fixed slapd-wt to close cache db correctly (ITS#9631)
Fixed slapo-ppolicy to restore OpenLDAP 2.4 compatibilty (ITS#9671)
Fixed slapo-syncprov to free uuid list when finished replaying sessionlog (ITS#6467)
Build
Fixed libldap result.c compilation on musl systems (ITS#9648)
Fixed slapd duplicate definition of peerbv (ITS#9659)
Fixed test suite with memberof modular builds (ITS#9464)
Contrib
Added man page for ppm contrib module (ITS#9644)
Fix crash when pwdCheckModuleArg is not defined for ppm (ITS#9656)
Documentation
Fixed guide download link for heimdal (ITS#9669)
Fixed guide documentation for TLSECName (ITS#9687)
Fixed guide documentation missing tags (ITS#9693)
Fixed guide loadbalancer typo (ITS#9699)
Fixed guide synprov-nopresent redundant text (ITS#9689)
Fixed guide various typos and fix config alignment (ITS#9706)
Removed ppolicy.schema from servers/slapd/schema/README (ITS#9156)
Fixed slapd.conf(5)/slapd-config(5) to document default for database monitoring (ITS#9674)
Fixed slapd-meta(5)/slapd-asyncmeta(5) verbiage for try-propagate (ITS#9646)
Fixed slapo-syncprov(5) to note entryCSN indexing is highly recommended (ITS#9688)
-------------------------------------------------------------------
Tue Sep 7 20:23:39 UTC 2021 - Michael Ströder <michael@stroeder.com>
- added 0001-openldap-its9671-fix-pwdPolicySubentry.patch
-------------------------------------------------------------------
Wed Aug 18 19:39:51 UTC 2021 - Michael Ströder <michael@stroeder.com>
- update to 2.5.7
- removed obsolete patches:
* openldap-its-9621.patch
* openldap-its-9625.patch
* openldap-its-8958-allow-25-slapcat-to-read-24-db.patch
OpenLDAP 2.5.7 Release (2021/08/18)
Fixed lloadd client state tracking (ITS#9624)
Fixed slapd bconfig to canonicalize structuralObjectclass (ITS#9611)
Fixed slapd-ldif duplicate controls response (ITS#9497)
Fixed slapd-mdb multival crash when attribute is missing an equality matchingrule (ITS#9621)
Fixed slapd-mdb compatibility with OpenLDAP 2.4 MDB databases (ITS#8958)
Fixed slapd-mdb idlexp maximum size handling (ITS#9637)
Fixed slapd-monitor number of ops executing with asynchronous backends (ITS#9628)
Fixed slapd-sql to add support for ppolicy attributes (ITS#9629)
Fixed slapd-sql to close transactions after bind and search (ITS#9630)
Fixed slapo-accesslog to make reqMod optional (ITS#9569)
Fixed slapo-ppolicy logging when pwdChangedTime attribute is not present (ITS#9625)
Documentation
slapd-mdb(5) note max idlexp size is 30, not 31 (ITS#9637)
slapo-accesslog(5) note that reqMod is optional (ITS#9569)
Add ldapvc(1) man page (ITS#9549)
Add guide section on load balancer (ITS#9443)
Updated guide to document multiprovider as replacement for mirrormode (ITS#9200)
Updated guide to clarify slapd-mdb upgrade requirements (ITS#9200)
Updated guide to document removal of deprecated options from client tools (ITS#9200)
-------------------------------------------------------------------
Sat Aug 7 10:22:14 UTC 2021 - Michael Ströder <michael@stroeder.com>
- added openldap-its-8958-allow-25-slapcat-to-read-24-db.patch
-------------------------------------------------------------------
Thu Aug 5 19:59:39 UTC 2021 - Michael Ströder <michael@stroeder.com>
- added back-port fix openldap-its-9625.patch
-------------------------------------------------------------------
Wed Aug 4 13:40:20 UTC 2021 - Michael Ströder <michael@stroeder.com>
- internal Requires: with %{version}-%{release}
-------------------------------------------------------------------
Tue Aug 3 07:36:03 UTC 2021 - Michael Ströder <michael@stroeder.com>
- added openldap-its-9621.patch
-------------------------------------------------------------------
Thu Jul 29 16:56:15 UTC 2021 - Michael Ströder <michael@stroeder.com>
- correctly package man-pages of contrib modules
-------------------------------------------------------------------
Tue Jul 27 19:06:25 UTC 2021 - Michael Ströder <michael@stroeder.com>
- update to 2.5.6
- removed obsolete 0012-openldap-re25-its9608.patch
OpenLDAP 2.5.6 Release (2021/07/27)
Fixed libldap buffer overflow (ITS#9578)
Fixed libldap missing mutex unlock on connection alloc failure (ITS#9590)
Fixed lloadd cn=config olcBkLloadClientMaxPending setting (ITS#8747)
Fixed slapd multiple config defaults (ITS#9363)
Fixed slapd ipv6 addresses to work with tcp wrappers (ITS#9603)
Fixed slapo-syncprov delete of nonexistent sessionlog (ITS#9608)
Build
Fixed library symbol versioning on Solaris (ITS#9591)
Fixed compile warning in libldap/tpool.c (ITS#9601)
Fixed compile wraning in libldap/tls_o.c (ITS#9602)
Contrib
Fixed ppm module for sysconfdir (ITS#7832)
Documentation
Updated guide to document multival, idlexp, and maxentrysize (ITS#9613, ITS#9614)
-------------------------------------------------------------------
Tue Jul 13 16:24:20 UTC 2021 - Michael Ströder <michael@stroeder.com>
- added 0012-openldap-re25-its9608.patch
-------------------------------------------------------------------
Fri Jun 4 00:13:41 UTC 2021 - Michael Ströder <michael@stroeder.com>
- update to 2.5.5
- removed obsolete patches:
* 0004-openldap-its9542-fix-authz-identity-control-oids.patch
* 0005-openldap-its9548-ensure-pwmods-get-installed.patch
OpenLDAP 2.5.5 Release (2021/06/03)
Added libldap LDAP_OPT_TCP_USER_TIMEOUT support (ITS#9502)
Added lloadd tcp-user-timeout support (ITS#9502)
Added slapd-asyncmeta tcp-user-timeout support (ITS#9502)
Added slapd-ldap tcp-user-timeout support (ITS#9502)
Added slapd-meta tcp-user-timeout support (ITS#9502)
Fixed incorrect control OIDs for AuthZ Identity (ITS#9542)
Fixed libldap typo in util-int.c (ITS#9541)
Fixed libldap double free of LDAP_OPT_DEFBASE (ITS#9530)
Fixed libldap better TLS1.3 cipher suite handling (ITS#9521, ITS#9546)
Fixed lloadd multiple issues (ITS#8747)
Fixed slapd slap_op_time to avoid duplicates across restarts (ITS#9537)
Fixed slapd typo in daemon.c (ITS#9541)
Fixed slapd slapi compilation (ITS#9544)
Fixed slapd to handle empty DN in extended filters (ITS#9551)
Fixed slapd syncrepl searches with empty base (ITS#6467)
Fixed slapd syncrepl refresh on startup (ITS#9324, ITS#9534)
Fixed slapd abort due to typo (ITS#9561)
Fixed slapd-asyncmeta quarantine handling (ITS#8721)
Fixed slapd-asyncmeta to have a default operations timeout (ITS#9555)
Fixed slapd-ldap quarantine handling (ITS#8721)
Fixed slapd-mdb deletion of context entry (ITS#9531)
Fixed slapd-mdb off-by-one affecting search scope (ITS#9557)
Fixed slapd-meta quarantine handling (ITS#8721)
Fixed slapo-accesslog to record reqNewDN for modRDN ops (ITS#9552)
Fixed slapo-pcache locking during expiration (ITS#9529)
Fixed slappw-argon2 module installation (ITS#9548)
Contrib
Update ldapc++/ldaptcl to use configure.ac (ITS#9554)
Documentation
ldap_first_attribute(3) - Document ldap_get_attribute_ber (ITS#8820)
ldap_modify(3) - Delete non-existent mod_next parameter (ITS#9559)
-------------------------------------------------------------------
Mon May 10 19:45:04 UTC 2021 - Michael Ströder <michael@stroeder.com>
- build with --enable-argon2 and --with-argon2=libargon2
- added 0005-openldap-its9548-ensure-pwmods-get-installed.patch
-------------------------------------------------------------------
Sat May 1 12:50:29 UTC 2021 - Michael Ströder <michael@stroeder.com>
- added 0004-openldap-its9542-fix-authz-identity-control-oids.patch
-------------------------------------------------------------------
Thu Apr 29 22:13:35 UTC 2021 - Michael Ströder <michael@stroeder.com>
- update to 2.5.4
- added OpenLDAP project keyring
- set mandir when compiling/installing contrib modules
- libldap_r is now symbolic link pointing to libldap
- changed build configuration:
* --disable-dynacl
* --disable-aci
- removed obsolete patches:
* 0001-ITS-8866-slapo-unique-to-return-filter-used-in-diagn.patch
* 0005-pie-compile.dif
-------------------------------------------------------------------
Tue Mar 16 20:15:53 UTC 2021 - Michael Ströder <michael@stroeder.com>
- updated to 2.4.58
- removed obsolete backport patches:
* 0012-openldap-re24-its9454.patch
* 0013-openldap-re24-its9458.patch
OpenLDAP 2.4.58 Release (2021/03/16)
Fixed slapd validity checks for issuerAndThisUpdateCheck (ITS#9454)
Fixed slapd to alloc new conn struct after freeing old one (ITS#9458)
Fixed slapd syncrepl to check all contextCSNs (ITS#9282)
Fixed slapd-bdb lockdetect config (ITS#9449)
-------------------------------------------------------------------
Sat Feb 27 08:04:03 UTC 2021 - Michael Ströder <michael@stroeder.com>
- use %configure macro
-------------------------------------------------------------------
Mon Feb 8 16:39:13 UTC 2021 - Michael Ströder <michael@stroeder.com>
- removed obsolete Group:
- removed obsolete Provides:
-------------------------------------------------------------------
Mon Feb 8 16:32:26 UTC 2021 - Michael Ströder <michael@stroeder.com>
- added 0013-openldap-re24-its9458.patch
-------------------------------------------------------------------
Sat Feb 6 23:04:03 UTC 2021 - Michael Ströder <michael@stroeder.com>
- added 0012-openldap-re24-its9454.patch
-------------------------------------------------------------------
Mon Jan 18 20:31:58 UTC 2021 - Michael Ströder <michael@stroeder.com>
- updated to 2.4.57
- removed obsolete backport patches:
* 0012-openldap-its9391.patch
* 0013-openldap-its9394.patch
OpenLDAP 2.4.57 Release (2021/01/18)
Fixed ldapexop to use correct return code (ITS#9417)
Fixed slapd to remove asserts in UUIDNormalize (ITS#9391)
Fixed slapd to remove assert in csnValidate (ITS#9410)
Fixed slapd validity checks for issuerAndThisUpdateCheck (ITS#9411, ITS#9427)
Fixed slapd validity checks for serialNumberAndIssuerCheck (ITS#9404, ITS#9424)
Fixed slapd AVA sort with invalid RDN (ITS#9412)
Fixed slapd ldap_X509dn2bv to check for invalid BER after RDN count (ITS#9423, ITS#9425)
Fixed slapd saslauthz to remove asserts in validation (ITS#9406, ITS#9407)
Fixed slapd saslauthz to use slap_sl_free on normalized DN (ITS#9409)
Fixed slapd saslauthz SEGV in slap_parse_user (ITS#9413)
Fixed slapd modrdn memory leak (ITS#9420)
Fixed slapd double-free in vrfilter (ITS#9408)
Fixed slapd cancel operation to correctly terminate (ITS#9428)
Fixed slapd-ldap fix binds on retry with closed connection (ITS#9400)
Fixed slapo-syncprov to ignore duplicate sessionlog entries (ITS#9394)
-------------------------------------------------------------------
Thu Dec 3 20:02:43 UTC 2020 - Michael Ströder <michael@stroeder.com>
- added 0013-openldap-its9394.patch for fixing ITS#9394
-------------------------------------------------------------------
Fri Nov 13 11:06:42 UTC 2020 - Michael Ströder <michael@stroeder.com>
- added 0012-openldap-its9391.patch for fixing ITS#9391
- enabled overlay slapd-pw-argon2 with new dependency on pkgconfig(sodium)
- removed obsolete 0014-ITS-8650-fix-debug-usage.patch
-------------------------------------------------------------------
Wed Nov 11 08:15:38 UTC 2020 - Michael Ströder <michael@stroeder.com>
- updated to 2.4.56
OpenLDAP 2.4.56 Release (2020/11/10)
Fixed slapd to remove assert in certificateListValidate (ITS#9383)
Fixed slapd to remove assert in csnNormalize23 (ITS#9384)
Fixed slapd to better parse ldapi listener URIs (ITS#9379)
-------------------------------------------------------------------
Mon Oct 26 21:48:45 UTC 2020 - Michael Ströder <michael@stroeder.com>
- updated to 2.4.55
OpenLDAP 2.4.55 Release (2020/10/26)
Fixed slapd normalization handling with modrdn (ITS#9370)
Fixed slapd-meta to check ldap_install_tls return code (ITS#9366)
Contrib
Fixed nssov misplaced semicolon (ITS#8731, ITS#9368)
LMDB 0.9.27 Release (2020/10/26)
ITS#9376 fix repeated DUPSORT cursor deletes
-------------------------------------------------------------------
Wed Oct 14 12:22:01 UTC 2020 - Michael Ströder <michael@stroeder.com>
- removed unmaintained ppolicy-check-password and its back-port patch
0200-Fix-incorrect-calculation-of-consecutive-number-of-c.patch
- removed pw-argon2 for backward compability with older SLE releases
-------------------------------------------------------------------
Mon Oct 12 20:21:23 UTC 2020 - Michael Ströder <michael@stroeder.com>
- updated to 2.4.54
OpenLDAP 2.4.54 Release (2020/10/12)
Fixed slapd delta-syncrepl to ignore delete ops on deleted entry (ITS#9342)
Fixed slapd delta-syncrepl to be fully serialized (ITS#9330)
Fixed slapd delta-syncrepl MOD on zero-length context entry (ITS#9352)
Fixed slapd sessionlog to use a TAVL tree (ITS#8486)
Fixed slapd syncrepl to be fully serialized (ITS#8102)
Fixed slapd syncrepl to call check_syncprov on fresh consumer (ITS#9345)
Fixed slapd syncrepl to propagate errors from overlay_entry_get_ov (ITS#9355)
Fixed slapd syncrepl to not create empty ADD ops (ITS#9359)
Fixed slapd syncrepl replace usage on single valued attrs (ITS#9295)
Fixed slapd-monitor fix monitor_back_register_database for empty suffix DB (ITS#9353)
Fixed slapo-accesslog normalizer for reqStart (ITS#9358)
Fixed slapo-accesslog to not generate new contextCSN on purge (ITS#9361)
Fixed slapo-syncprov contextCSN generation with empty suffix (ITS#9015)
-------------------------------------------------------------------
Tue Sep 15 10:23:01 UTC 2020 - Michael Ströder <michael@stroeder.com>
- fixed libexecdir when installing ppolicy-check-password
-------------------------------------------------------------------
Mon Sep 7 15:58:31 UTC 2020 - Michael Ströder <michael@stroeder.com>
- updated to 2.4.53
- removed 0002-openldap-its9282.patch obsoleted by update
OpenLDAP 2.4.53 (2020/09/07)
Added slapd syncrepl additional SYNC logging (ITS#9043)
Fixed slapd syncrepl segfault on NULL cookie on REFRESH (ITS#9282)
Fixed slapd syncrepl to use fresh connection on REFRESH fallback (ITS#9338)
Fixed slapo-ppolicy race condition for pwdFailureTime (ITS#9302,ITS#9334)
Build
Require OpenSSL 1.0.2 or later (ITS#9323)
Fixed libldap compilation issue with broken C compilers (ITS#9332)
-------------------------------------------------------------------
Tue Sep 1 10:42:08 UTC 2020 - Michael Ströder <michael@stroeder.com>
- added 0002-openldap-its9282.patch
-------------------------------------------------------------------
Fri Aug 28 22:06:57 UTC 2020 - Michael Ströder <michael@stroeder.com>
- updated to 2.4.52
OpenLDAP 2.4.52 (2020/08/28)
Added libldap LDAP_OPT_X_TLS_REQUIRE_SAN option (ITS#9318)
Added libldap OpenSSL support for multiple EECDH curves (ITS#9054)
Added slapd OpenSSL support for multiple EECDH curves (ITS#9054)
Fixed librewrite malloc/free corruption (ITS#9249)
Fixed libldap hang when using UDP and server down (ITS#9328)
Fixed slapd syncrepl rare deadlock due to network issues (ITS#9324)
Fixed slapd syncrepl regression that could trigger an assert (ITS#9329)
Fixed slapd-mdb index error with collapsed range (ITS#9135)
-------------------------------------------------------------------
Wed Aug 12 06:16:42 UTC 2020 - Michael Ströder <michael@stroeder.com>
- updated to 2.4.51
- removed obsolete patch
OpenLDAP 2.4.51 Release (2020/08/11)
Added slapo-ppolicy implement Netscape password policy controls (ITS#9279)
Fixed libldap retry loop in ldap_int_tls_connect (ITS#8650)
Fixed libldap to use getaddrinfo in ldap_pvt_get_fqdn (ITS#9287)
Fixed slapd to enforce singular existence of some overlays (ITS#9309)
Fixed slapd syncrepl to not delete non-replicated attrs (ITS#9227)
Fixed slapd syncrepl to correctly delete entries on resync (ITS#9282)
Fixed slapd syncrepl to use replace on single valued attrs (ITS#9294, ITS#9295)
Fixed slapd-perl dynamic config with threaded slapd (ITS#7573)
Fixed slapo-ppolicy to expose the ppolicy control (ITS#9285)
Fixed slapo-ppolicy race condition for pwdFailureTime (ITS#9302)
Fixed slapo-ppolicy so it can only exist once per DB (ITS#9309)
Fixed slapo-chain to check referral (ITS#9262)
Build Environment
Fix test064 so it no longer uses bashisms (ITS#9263)
Contrib
Fix default prefix value for pw-argon2, pw-pbkdf2 modules (ITS#9248)
slapo-allowed - Fix usage of unitialized variable (ITS#9308)
Documentation
ldap_parse_result(3) - Document ldap_parse_intermediate (ITS#9271)
-------------------------------------------------------------------
Wed Apr 29 08:47:02 UTC 2020 - Michael Ströder <michael@stroeder.com>
- updated to 2.4.50
- removed obsolete back-port patches:
* 0012-openldap-its9171-fix_pwdAccountLockedTime_crashes.patch
* 0013_openldap-its9214_super_match_cursor_leak_fix.patch
- added 0014-ITS-8650-fix-debug-usage.patch
- enabled new contrib overlay pw-argon2
- replaced FTP by HTTPS download URL for source
OpenLDAP 2.4.50 Release (2020/04/28)
Fixed client benign typos (ITS#8890)
Fixed libldap type cast (ITS#9175)
Fixed libldap retry loop in ldap_int_tls_connect (ITS#8650)
Fixed libldap_r race on Windows mutex initialization (ITS#9181)
Fixed liblunicode memory leak (ITS#9198)
Fixed slapd benign typos (ITS#8890)
Fixed slapd to limit depth of nested filters (ITS#9202)
Fixed slapd-mdb memory leak in dnSuperiorMatch (ITS#9214)
Fixed slapo-pcache database initialization (ITS#9182)
Fixed slapo-ppolicy callback (ITS#9171)
Build
Fix olcDatabaseDummy initialization for windows (ITS#7074)
Fix detection for ws2tcpip.h for windows (ITS#8383)
Fix back-mdb types for windows (ITS#7878)
Contrib
Update ldapc++ config.guess and config.sub to support newer architectures (ITS#7855)
Added pw-argon2 module (ITS#9233, ITS#8575, ITS#9203, ITS#9206)
Documentation
slapd-ldap(5) - Clarify idassert-authzfrom behavior (ITS#9003)
slapd-meta(5) - Remove client-pr option (ITS#8683)
slapdinex(8) - Fix truncate option information for back-mdb (ITS#9230)
-------------------------------------------------------------------
Wed Apr 15 10:02:23 UTC 2020 - Michael Ströder <michael@stroeder.com>
- added 0013_openldap-its9214_super_match_cursor_leak_fix.patch
-------------------------------------------------------------------
Fri Feb 21 13:29:15 UTC 2020 - Michael Ströder <michael@stroeder.com>
- added back-port fix 0012-openldap-its9171-fix_pwdAccountLockedTime_crashes.patch
-------------------------------------------------------------------
Thu Jan 30 20:57:33 UTC 2020 - Michael Ströder <michael@stroeder.com>
- updated to 2.4.49
- removed obsolete back-port patches:
* 0012-openldap-its9081_do_not_leak_sb.patch
* 0013_openldap-its9124_fix_crash_with_cancel_exop.patch
* 0014-openldap-its9164_monitor_mdb_entry_count.patch
- removed obsolete source file DB_CONFIG
OpenLDAP 2.4.49 Release (2020/01/30)
Added slapd-monitor database entry count for slapd-mdb (ITS#9154)
Fixed client tools to not add controls on cancel/abandon (ITS#9145)
Fixed client tools SyncInfo message to be LDIF compliant (ITS#8116)
Fixed libldap to correctly free sb (ITS#9081, ITS#8755)
Fixed libldap descriptor leak if ldaps fails (ITS#9147)
Fixed libldap remove unnecessary global mutex for GnuTLS (ITS#9069)
Fixed slapd syntax evaluation of preferredDeliveryMethod (ITS#9067)
Fixed slapd to relax domainScope control check (ITS#9100)
Fixed slapd to have cleaner error handling during connection setup (ITS#9112)
Fixed slapd data check when processing cancel exop (ITS#9124)
Fixed slapd attribute description processing (ITS#9128)
Fixed slapd-ldap to set oldctrls correctly (ITS#9076)
Fixed slapd-mdb to honor unchecked limit with alias deref (ITS#7657)
Fixed slapd-mdb missing final commit with slapindex (ITS#9095)
Fixed slapd-mdb drop attr mappings added in an aborted txn (ITS#9091)
Fixed slapd-mdb nosync FLAG configuration handling (ITS#9150)
Fixed slapd-monitor global operation counter reporting (ITS#9119)
Fixed slapo-ppolicy when used with slapauth (ITS#8629)
Fixed slapo-ppolicy to add a missed normalised copy of pwdChangedTime (ITS#9126)
Fixed slapo-syncprov fix sessionlog init (ITS#9146)
Fixed slapo-unique loop termination (ITS#9077)
Build Environment
Fix mkdep to honor TMPDIR if set (ITS#9062)
Remove ICU library detection (ITS#9144)
Update config.guess and config.sub to support newer architectures (ITS#7855)
Disable ITS8521 regression test as it is no longer valid (ITS#9015)
Documentation
admin24 - Fix inconsistent whitespace in replication section (ITS#9153)
slapd-config(5)/slapd.conf(5) - Fix missing bold tag for keyword (ITS#9063)
slapd-ldap(5) - Document "tls none" option (ITS#9071)
slapo-ppolicy(5) - Correctly document pwdGraceAuthnLimit (ITS#9065)
-------------------------------------------------------------------
Sat Jan 18 15:36:55 UTC 2020 - Michael Ströder <michael@stroeder.com>
- added back-port patch
0014-openldap-its9164_monitor_mdb_entry_count.patch
(see OpenLDAP ITS#9164)
-------------------------------------------------------------------
Fri Jan 10 13:16:40 UTC 2020 - Michael Ströder <michael@stroeder.com>
- added back-port patch
0013_openldap-its9124_fix_crash_with_cancel_exop.patch
to fix OpenLDAP ITS#9124
-------------------------------------------------------------------
Sun Dec 22 16:38:19 UTC 2019 - Michael Ströder <michael@stroeder.com>
- use BuildRequires: pkgconfig(krb5) instead of krb5-devel-mini
-------------------------------------------------------------------
Fri Sep 13 12:26:12 UTC 2019 - Michael Ströder <michael@stroeder.com>
- Use FAT LTO objects in order to provide proper static library.
-------------------------------------------------------------------
Wed Jul 24 21:23:28 UTC 2019 - Michael Ströder <michael@stroeder.com>
- Update to upstream release 2.4.48 with security fixes:
* CVE-2019-13057 (ITS#9038):
rootdn of any db can assert any identity
* CVE-2019-13565 (ITS#9052):
Unauthorized access caused by incorrect handling of SASL SSF values
- Removed obsolete patches:
* 0002-openldap-its8727-plug-ber-leaks.patch
* 0004-ITS8971-most-ext-op-do-not-have-reqdn.patch
* 0009-Fix-ldap-host-lookup-ipv6.patch
* 0012-openldap-its7770_add_mdb_stat_info_to_cn_monitor.patch
* 0013-openldap-its8990_pickup_SLAP_MOD_SOFT_modops.patch
* 0018-openldap-its-9038-restrict-rootDN-proxyauthz.patch
* 0019-openldap-its-9052-zero-out-sasl-ssf.patch
OpenLDAP 2.4.48 (2019/07/24)
Added libldap OpenSSL Elliptic Curve support (ITS#7595)
Added libldap Expose OpenLDAP specific interfaces via openldap.h (ITS#8671)
Added slapd-monitor support for slapd-mdb (ITS#7770)
Fixed liblber leaks (ITS#8727)
Fixed liblber with partial flush (ITS#8864)
Fixed libldap ASYNC TLS so it works (ITS#8957,ITS#8980)
Fixed libldap ASYNC connections with Solaris 10 (ITS#8968)
Fixed libldap with SASL_NOCANON=on and ldapi connections (ITS#7585)
Fixed libldap to be able to unset syncrepl TLS options (ITS#7042)
Fixed libldap race condition in ldap_int_initialize (ITS#7996, ITS#8450)
Fixed libldap return code in ldap_create_assertion_control_value (ITS#8674)
Fixed libldap to correctly disable IPv6 when configured to do so (ITS#8754)
Fixed libldap to correctly close TLS connection (ITS#8755)
Fixed libldap with non-blocking TLS and referals (ITS#8167)
Fixed libldap_r handling of deprecated OpenSSL function (ITS#8353)
Fixed liblunicode case correspondance (ITS#8508)
Fixed slapd with an idletimeout of less than four seconds (ITS#8952)
Fixed slapd config parser variable for Windows64 (ITS#9012)
Fixed slapd syncrepl fallback handling with delta-syncrepl (ITS#9015)
Fixed slapd telephoneNumberNormalize, cert DN validation (ITS#8999)
Fixed slapd syncrepl for relax with delta-syncrepl (ITS#8037)
Fixed slapd to restrict rootDN proxyauthz to its own databases (ITS#9038)
Fixed slapd to initialize SASL SSF per connection (ITS#9052)
Fixed slapo-accesslog with SLAP_MOD_SOFT modifications (ITS#8990)
Fixed slapd-ldap starttls connections timeout behavior (ITS#8963)
Fixed slapd-ldap segfault when entry result doesn't match filter (ITS#8997)
Fixed slapd-meta conversion from slapd.conf to cn=config (ITS#8743)
Fixed slapd-meta assertion when network interface goes down (ITS#8841)
Fixed slapd-mdb fix bitshift integer overflow (ITS#8989)
Fixed slapd-mdb index cleanup with cn=config (ITS#8472)
Fixed slapd-mdb to improve performance with alias deref (ITS#7657)
Fixed slapo-accesslog possible assert with exops (ITS#8971)
Fixed slapo-chain to correctly reject multiple chaining URIs (ITS#8637)
Fixed slapo-chain conversion from slapd.conf to cn=config (ITS#8799)
Fixed slapo-memberof conversion from slapd.conf to cn=config (ITS#8663)
Fixed slapo-memberof for group name change to itself (ITS#9000)
Fixed slapo-ppolicy behavior when pwdInHistory is changed (ITS#8349)
Fixed slapo-rwm to not free original filter (ITS#8964)
Fixed slapo-syncprov contextCSN generation (ITS#9015)
Build Environment
Fixed slapd to only link to BDB libraries with static build (ITS#8948)
Fixed libldap implicit declaration with LDAP_CONNECTIONLESS (ITS#8794)
Fixed libldap double inclusion of limits.h in cyrus.c (ITS#9041)
Documentation
General - Fixed minor typos (ITS#8764, ITS#8761)
admin24 - Miscellaneous updates promoting mdb and fixing examples (ITS#9031)
slapd.access(5) - Note MDB is the primary backend (ITS#8881)
slapd.backends(5) - Note MDB is the recommended backend (ITS#8771)
slapd-ldap(5) - Document starttls parameter (ITS#8693)
Contrib
Added slapo-lastbind capability to forward authTimestamp updates (ITS#7721)
-------------------------------------------------------------------
Sun Jul 14 15:32:39 UTC 2019 - Michael Ströder <michael@stroeder.com>
- added back-port patches:
* 0018-openldap-its-9038-restrict-rootDN-proxyauthz.patch
* 0019-openldap-its-9052-zero-out-sasl-ssf.patch
-------------------------------------------------------------------
Tue Mar 12 09:51:41 UTC 2019 - Michael Ströder <michael@stroeder.com>
- added back-port patch for OpenLDAP ITS#7770:
0012-openldap-its7770_add_mdb_stat_info_to_cn_monitor.patch
-------------------------------------------------------------------
Wed Mar 6 14:50:59 UTC 2019 - Michael Ströder <michael@stroeder.com>
- initial build
