File openldap-ms.changes of Package openldap-ms

Thu Jul 14 14:05:41 UTC 2022 - Michael Ströder <>

- added openldap-ms-rpmlintrc
- removed unused baselibs.conf

Tue Jul 13 16:20:24 UTC 2021 - Michael Ströder <>

- added 0012-openldap-re24-its9608.patch

Fri Jun  4 00:06:15 UTC 2021 - Michael Ströder <>

- updated to 2.4.59

OpenLDAP 2.4.59 Release (2021/06/03)
    Fixed libldap TLSv1.3 cipher suites with OpenSSL 1.1.1 (ITS#9521)
    Fixed libldap double free of LDAP_OPT_DEFBASE (ITS#9530)
    Fixed slapd syncrepl handling of add+delete on single value attr (ITS#9295)
    Fixed slapd-mdb cursor init check (ITS#9526)
    Fixed slapd-mdb deletion of context entry (ITS#9531)
    Fixed slapd-mdb off-by-one affecting search scope (ITS#9557)
    Fixed slapo-pcache locking during expiration (ITS#9529)
        Fixed slapo-autogroup to not thrash thread context (ITS#9494)
        ldap_modify(3) - Delete non-existent mod_next parameter (ITS#9559)

Tue Mar 16 20:15:53 UTC 2021 - Michael Ströder <>

- updated to 2.4.58
- removed obsolete backport patches:
  * 0012-openldap-re24-its9454.patch
  * 0013-openldap-re24-its9458.patch

OpenLDAP 2.4.58 Release (2021/03/16)
    Fixed slapd validity checks for issuerAndThisUpdateCheck (ITS#9454)
    Fixed slapd to alloc new conn struct after freeing old one (ITS#9458)
    Fixed slapd syncrepl to check all contextCSNs (ITS#9282)
    Fixed slapd-bdb lockdetect config (ITS#9449)

Sat Feb 27 08:04:03 UTC 2021 - Michael Ströder <>

- use %configure macro

Mon Feb  8 16:39:13 UTC 2021 - Michael Ströder <>

- removed obsolete Group:
- removed obsolete Provides:

Mon Feb  8 16:32:26 UTC 2021 - Michael Ströder <>

- added 0013-openldap-re24-its9458.patch

Sat Feb  6 23:04:03 UTC 2021 - Michael Ströder <>

- added 0012-openldap-re24-its9454.patch

Mon Jan 18 20:31:58 UTC 2021 - Michael Ströder <>

- updated to 2.4.57
- removed obsolete backport patches:
  * 0012-openldap-its9391.patch
  * 0013-openldap-its9394.patch

OpenLDAP 2.4.57 Release (2021/01/18)
  Fixed ldapexop to use correct return code (ITS#9417)
  Fixed slapd to remove asserts in UUIDNormalize (ITS#9391)
  Fixed slapd to remove assert in csnValidate (ITS#9410)
  Fixed slapd validity checks for issuerAndThisUpdateCheck (ITS#9411, ITS#9427)
  Fixed slapd validity checks for serialNumberAndIssuerCheck (ITS#9404, ITS#9424)
  Fixed slapd AVA sort with invalid RDN (ITS#9412)
  Fixed slapd ldap_X509dn2bv to check for invalid BER after RDN count (ITS#9423, ITS#9425)
  Fixed slapd saslauthz to remove asserts in validation (ITS#9406, ITS#9407)
  Fixed slapd saslauthz to use slap_sl_free on normalized DN (ITS#9409)
  Fixed slapd saslauthz SEGV in slap_parse_user (ITS#9413)
  Fixed slapd modrdn memory leak (ITS#9420)
  Fixed slapd double-free in vrfilter (ITS#9408)
  Fixed slapd cancel operation to correctly terminate (ITS#9428)
  Fixed slapd-ldap fix binds on retry with closed connection (ITS#9400)
  Fixed slapo-syncprov to ignore duplicate sessionlog entries (ITS#9394)

Thu Dec  3 20:02:43 UTC 2020 - Michael Ströder <>

- added 0013-openldap-its9394.patch for fixing ITS#9394

Fri Nov 13 11:06:42 UTC 2020 - Michael Ströder <>

- added 0012-openldap-its9391.patch for fixing ITS#9391
- enabled overlay slapd-pw-argon2 with new dependency on pkgconfig(sodium)
- removed obsolete 0014-ITS-8650-fix-debug-usage.patch

Wed Nov 11 08:15:38 UTC 2020 - Michael Ströder <>

- updated to 2.4.56

OpenLDAP 2.4.56 Release (2020/11/10)
  Fixed slapd to remove assert in certificateListValidate (ITS#9383)
  Fixed slapd to remove assert in csnNormalize23 (ITS#9384)
  Fixed slapd to better parse ldapi listener URIs (ITS#9379)

Mon Oct 26 21:48:45 UTC 2020 - Michael Ströder <>

- updated to 2.4.55

OpenLDAP 2.4.55 Release (2020/10/26)
  Fixed slapd normalization handling with modrdn (ITS#9370)
  Fixed slapd-meta to check ldap_install_tls return code (ITS#9366)
    Fixed nssov misplaced semicolon (ITS#8731, ITS#9368)

LMDB 0.9.27 Release (2020/10/26)
  ITS#9376 fix repeated DUPSORT cursor deletes

Wed Oct 14 12:22:01 UTC 2020 - Michael Ströder <>

- removed unmaintained ppolicy-check-password and its back-port patch
- removed pw-argon2 for backward compability with older SLE releases

Mon Oct 12 20:21:23 UTC 2020 - Michael Ströder <>

- updated to 2.4.54

OpenLDAP 2.4.54 Release (2020/10/12)
  Fixed slapd delta-syncrepl to ignore delete ops on deleted entry (ITS#9342)
  Fixed slapd delta-syncrepl to be fully serialized (ITS#9330)
  Fixed slapd delta-syncrepl MOD on zero-length context entry (ITS#9352)
  Fixed slapd sessionlog to use a TAVL tree (ITS#8486)
  Fixed slapd syncrepl to be fully serialized (ITS#8102)
  Fixed slapd syncrepl to call check_syncprov on fresh consumer (ITS#9345)
  Fixed slapd syncrepl to propagate errors from overlay_entry_get_ov (ITS#9355)
  Fixed slapd syncrepl to not create empty ADD ops (ITS#9359)
  Fixed slapd syncrepl replace usage on single valued attrs (ITS#9295)
  Fixed slapd-monitor fix monitor_back_register_database for empty suffix DB (ITS#9353)
  Fixed slapo-accesslog normalizer for reqStart (ITS#9358)
  Fixed slapo-accesslog to not generate new contextCSN on purge (ITS#9361)
  Fixed slapo-syncprov contextCSN generation with empty suffix (ITS#9015)

Tue Sep 15 10:23:01 UTC 2020 - Michael Ströder <>

- fixed libexecdir when installing ppolicy-check-password

Mon Sep  7 15:58:31 UTC 2020 - Michael Ströder <>

- updated to 2.4.53
- removed 0002-openldap-its9282.patch obsoleted by update

OpenLDAP 2.4.53 (2020/09/07)
  Added slapd syncrepl additional SYNC logging (ITS#9043)
  Fixed slapd syncrepl segfault on NULL cookie on REFRESH (ITS#9282)
  Fixed slapd syncrepl to use fresh connection on REFRESH fallback (ITS#9338)
  Fixed slapo-ppolicy race condition for pwdFailureTime (ITS#9302,ITS#9334)
    Require OpenSSL 1.0.2 or later (ITS#9323)
    Fixed libldap compilation issue with broken C compilers (ITS#9332)

Tue Sep  1 10:42:08 UTC 2020 - Michael Ströder <>

- added 0002-openldap-its9282.patch

Fri Aug 28 22:06:57 UTC 2020 - Michael Ströder <>

- updated to 2.4.52

OpenLDAP 2.4.52 (2020/08/28)
  Added libldap LDAP_OPT_X_TLS_REQUIRE_SAN option (ITS#9318)
  Added libldap OpenSSL support for multiple EECDH curves (ITS#9054)
  Added slapd OpenSSL support for multiple EECDH curves (ITS#9054)
  Fixed librewrite malloc/free corruption (ITS#9249)
  Fixed libldap hang when using UDP and server down (ITS#9328)
  Fixed slapd syncrepl rare deadlock due to network issues (ITS#9324)
  Fixed slapd syncrepl regression that could trigger an assert (ITS#9329)
  Fixed slapd-mdb index error with collapsed range (ITS#9135)

Wed Aug 12 06:16:42 UTC 2020 - Michael Ströder <>

- updated to 2.4.51
- removed obsolete patch 

OpenLDAP 2.4.51 Release (2020/08/11)
  Added slapo-ppolicy implement Netscape password policy controls (ITS#9279)
  Fixed libldap retry loop in ldap_int_tls_connect (ITS#8650)
  Fixed libldap to use getaddrinfo in ldap_pvt_get_fqdn (ITS#9287)
  Fixed slapd to enforce singular existence of some overlays (ITS#9309)
  Fixed slapd syncrepl to not delete non-replicated attrs (ITS#9227)
  Fixed slapd syncrepl to correctly delete entries on resync (ITS#9282)
  Fixed slapd syncrepl to use replace on single valued attrs (ITS#9294, ITS#9295)
  Fixed slapd-perl dynamic config with threaded slapd (ITS#7573)
  Fixed slapo-ppolicy to expose the ppolicy control (ITS#9285)
  Fixed slapo-ppolicy race condition for pwdFailureTime (ITS#9302)
  Fixed slapo-ppolicy so it can only exist once per DB (ITS#9309)
  Fixed slapo-chain to check referral (ITS#9262)
  Build Environment
    Fix test064 so it no longer uses bashisms (ITS#9263)
    Fix default prefix value for pw-argon2, pw-pbkdf2 modules (ITS#9248)
    slapo-allowed - Fix usage of unitialized variable (ITS#9308)
    ldap_parse_result(3) - Document ldap_parse_intermediate (ITS#9271)

Wed Apr 29 08:47:02 UTC 2020 - Michael Ströder <>

- updated to 2.4.50
- removed obsolete back-port patches:
  * 0012-openldap-its9171-fix_pwdAccountLockedTime_crashes.patch
  * 0013_openldap-its9214_super_match_cursor_leak_fix.patch
- added 0014-ITS-8650-fix-debug-usage.patch
- enabled new contrib overlay pw-argon2
- replaced FTP by HTTPS download URL for source

OpenLDAP 2.4.50 Release (2020/04/28)
  Fixed client benign typos (ITS#8890)
  Fixed libldap type cast (ITS#9175)
  Fixed libldap retry loop in ldap_int_tls_connect (ITS#8650)
  Fixed libldap_r race on Windows mutex initialization (ITS#9181)
  Fixed liblunicode memory leak (ITS#9198)
  Fixed slapd benign typos (ITS#8890)
  Fixed slapd to limit depth of nested filters (ITS#9202)
  Fixed slapd-mdb memory leak in dnSuperiorMatch (ITS#9214)
  Fixed slapo-pcache database initialization (ITS#9182)
  Fixed slapo-ppolicy callback (ITS#9171)
    Fix olcDatabaseDummy initialization for windows (ITS#7074)
    Fix detection for ws2tcpip.h for windows (ITS#8383)
    Fix back-mdb types for windows (ITS#7878)
    Update ldapc++ config.guess and config.sub to support newer architectures (ITS#7855)
    Added pw-argon2 module (ITS#9233, ITS#8575, ITS#9203, ITS#9206)
    slapd-ldap(5) - Clarify idassert-authzfrom behavior (ITS#9003)
    slapd-meta(5) - Remove client-pr option (ITS#8683)
    slapdinex(8) - Fix truncate option information for back-mdb (ITS#9230)

Wed Apr 15 10:02:23 UTC 2020 - Michael Ströder <>

- added 0013_openldap-its9214_super_match_cursor_leak_fix.patch

Fri Feb 21 13:29:15 UTC 2020 - Michael Ströder <>

- added back-port fix 0012-openldap-its9171-fix_pwdAccountLockedTime_crashes.patch

Thu Jan 30 20:57:33 UTC 2020 - Michael Ströder <>

- updated to 2.4.49
- removed obsolete back-port patches:
  * 0012-openldap-its9081_do_not_leak_sb.patch
  * 0013_openldap-its9124_fix_crash_with_cancel_exop.patch
  * 0014-openldap-its9164_monitor_mdb_entry_count.patch
- removed obsolete source file DB_CONFIG

OpenLDAP 2.4.49 Release (2020/01/30)
  Added slapd-monitor database entry count for slapd-mdb (ITS#9154)
  Fixed client tools to not add controls on cancel/abandon (ITS#9145)
  Fixed client tools SyncInfo message to be LDIF compliant (ITS#8116)
  Fixed libldap to correctly free sb (ITS#9081, ITS#8755)
  Fixed libldap descriptor leak if ldaps fails (ITS#9147)
  Fixed libldap remove unnecessary global mutex for GnuTLS (ITS#9069)
  Fixed slapd syntax evaluation of preferredDeliveryMethod (ITS#9067)
  Fixed slapd to relax domainScope control check (ITS#9100)
  Fixed slapd to have cleaner error handling during connection setup (ITS#9112)
  Fixed slapd data check when processing cancel exop (ITS#9124)
  Fixed slapd attribute description processing (ITS#9128)
  Fixed slapd-ldap to set oldctrls correctly (ITS#9076)
  Fixed slapd-mdb to honor unchecked limit with alias deref (ITS#7657)
  Fixed slapd-mdb missing final commit with slapindex (ITS#9095)
  Fixed slapd-mdb drop attr mappings added in an aborted txn (ITS#9091)
  Fixed slapd-mdb nosync FLAG configuration handling (ITS#9150)
  Fixed slapd-monitor global operation counter reporting (ITS#9119)
  Fixed slapo-ppolicy when used with slapauth (ITS#8629)
  Fixed slapo-ppolicy to add a missed normalised copy of pwdChangedTime (ITS#9126)
  Fixed slapo-syncprov fix sessionlog init (ITS#9146)
  Fixed slapo-unique loop termination (ITS#9077)
  Build Environment
    Fix mkdep to honor TMPDIR if set (ITS#9062)
    Remove ICU library detection (ITS#9144)
    Update config.guess and config.sub to support newer architectures (ITS#7855)
    Disable ITS8521 regression test as it is no longer valid (ITS#9015)
    admin24 - Fix inconsistent whitespace in replication section (ITS#9153)
    slapd-config(5)/slapd.conf(5) - Fix missing bold tag for keyword (ITS#9063)
    slapd-ldap(5) - Document "tls none" option (ITS#9071)
    slapo-ppolicy(5) - Correctly document pwdGraceAuthnLimit (ITS#9065)

Sat Jan 18 15:36:55 UTC 2020 - Michael Ströder <>

- added back-port patch
  (see OpenLDAP ITS#9164)

Fri Jan 10 13:16:40 UTC 2020 - Michael Ströder <>

- added back-port patch
  to fix OpenLDAP ITS#9124

Sun Dec 22 16:38:19 UTC 2019 - Michael Ströder <>

- use BuildRequires:  pkgconfig(krb5) instead of krb5-devel-mini

Fri Sep 13 12:26:12 UTC 2019 - Michael Ströder <>

- Use FAT LTO objects in order to provide proper static library.

Wed Jul 24 21:23:28 UTC 2019 - Michael Ströder <>

- Update to upstream release 2.4.48 with security fixes:
  * CVE-2019-13057 (ITS#9038):
    rootdn of any db can assert any identity
  * CVE-2019-13565 (ITS#9052):
    Unauthorized access caused by incorrect handling of SASL SSF values
- Removed obsolete patches:
  * 0002-openldap-its8727-plug-ber-leaks.patch
  * 0004-ITS8971-most-ext-op-do-not-have-reqdn.patch
  * 0009-Fix-ldap-host-lookup-ipv6.patch
  * 0012-openldap-its7770_add_mdb_stat_info_to_cn_monitor.patch
  * 0013-openldap-its8990_pickup_SLAP_MOD_SOFT_modops.patch
  * 0018-openldap-its-9038-restrict-rootDN-proxyauthz.patch
  * 0019-openldap-its-9052-zero-out-sasl-ssf.patch

OpenLDAP 2.4.48 (2019/07/24)
  Added libldap OpenSSL Elliptic Curve support (ITS#7595)
  Added libldap Expose OpenLDAP specific interfaces via openldap.h (ITS#8671)
  Added slapd-monitor support for slapd-mdb (ITS#7770)
  Fixed liblber leaks (ITS#8727)
  Fixed liblber with partial flush (ITS#8864)
  Fixed libldap ASYNC TLS so it works (ITS#8957,ITS#8980)
  Fixed libldap ASYNC connections with Solaris 10 (ITS#8968)
  Fixed libldap with SASL_NOCANON=on and ldapi connections (ITS#7585)
  Fixed libldap to be able to unset syncrepl TLS options (ITS#7042)
  Fixed libldap race condition in ldap_int_initialize (ITS#7996, ITS#8450)
  Fixed libldap return code in ldap_create_assertion_control_value (ITS#8674)
  Fixed libldap to correctly disable IPv6 when configured to do so (ITS#8754)
  Fixed libldap to correctly close TLS connection (ITS#8755)
  Fixed libldap with non-blocking TLS and referals (ITS#8167)
  Fixed libldap_r handling of deprecated OpenSSL function (ITS#8353)
  Fixed liblunicode case correspondance (ITS#8508)
  Fixed slapd with an idletimeout of less than four seconds (ITS#8952)
  Fixed slapd config parser variable for Windows64 (ITS#9012)
  Fixed slapd syncrepl fallback handling with delta-syncrepl (ITS#9015)
  Fixed slapd telephoneNumberNormalize, cert DN validation (ITS#8999)
  Fixed slapd syncrepl for relax with delta-syncrepl (ITS#8037)
  Fixed slapd to restrict rootDN proxyauthz to its own databases (ITS#9038)
  Fixed slapd to initialize SASL SSF per connection (ITS#9052)
  Fixed slapo-accesslog with SLAP_MOD_SOFT modifications (ITS#8990)
  Fixed slapd-ldap starttls connections timeout behavior (ITS#8963)
  Fixed slapd-ldap segfault when entry result doesn't match filter (ITS#8997)
  Fixed slapd-meta conversion from slapd.conf to cn=config (ITS#8743)
  Fixed slapd-meta assertion when network interface goes down (ITS#8841)
  Fixed slapd-mdb fix bitshift integer overflow (ITS#8989)
  Fixed slapd-mdb index cleanup with cn=config (ITS#8472)
  Fixed slapd-mdb to improve performance with alias deref (ITS#7657)
  Fixed slapo-accesslog possible assert with exops (ITS#8971)
  Fixed slapo-chain to correctly reject multiple chaining URIs (ITS#8637)
  Fixed slapo-chain conversion from slapd.conf to cn=config (ITS#8799)
  Fixed slapo-memberof conversion from slapd.conf to cn=config (ITS#8663)
  Fixed slapo-memberof for group name change to itself (ITS#9000)
  Fixed slapo-ppolicy behavior when pwdInHistory is changed (ITS#8349)
  Fixed slapo-rwm to not free original filter (ITS#8964)
  Fixed slapo-syncprov contextCSN generation (ITS#9015)
  Build Environment
    Fixed slapd to only link to BDB libraries with static build (ITS#8948)
    Fixed libldap implicit declaration with LDAP_CONNECTIONLESS (ITS#8794)
    Fixed libldap double inclusion of limits.h in cyrus.c (ITS#9041)
    General - Fixed minor typos (ITS#8764, ITS#8761)
    admin24 - Miscellaneous updates promoting mdb and fixing examples (ITS#9031)
    slapd.access(5) - Note MDB is the primary backend (ITS#8881)
    slapd.backends(5) - Note MDB is the recommended backend (ITS#8771)
    slapd-ldap(5) - Document starttls parameter (ITS#8693)
    Added slapo-lastbind capability to forward authTimestamp updates (ITS#7721)

Sun Jul 14 15:32:39 UTC 2019 - Michael Ströder <>

- added back-port patches:
  * 0018-openldap-its-9038-restrict-rootDN-proxyauthz.patch
  * 0019-openldap-its-9052-zero-out-sasl-ssf.patch

Tue Mar 12 09:51:41 UTC 2019 - Michael Ströder <>

- added back-port patch for OpenLDAP ITS#7770:

Wed Mar  6 14:50:59 UTC 2019 - Michael Ströder <>

- initial build
openSUSE Build Service is sponsored by