File openldap-ms.changes of Package openldap-ms
-------------------------------------------------------------------
Thu Jul 14 14:05:41 UTC 2022 - Michael Ströder <michael@stroeder.com>
- added openldap-ms-rpmlintrc
- removed unused baselibs.conf
-------------------------------------------------------------------
Tue Jul 13 16:20:24 UTC 2021 - Michael Ströder <michael@stroeder.com>
- added 0012-openldap-re24-its9608.patch
-------------------------------------------------------------------
Fri Jun 4 00:06:15 UTC 2021 - Michael Ströder <michael@stroeder.com>
- updated to 2.4.59
OpenLDAP 2.4.59 Release (2021/06/03)
Fixed libldap TLSv1.3 cipher suites with OpenSSL 1.1.1 (ITS#9521)
Fixed libldap double free of LDAP_OPT_DEFBASE (ITS#9530)
Fixed slapd syncrepl handling of add+delete on single value attr (ITS#9295)
Fixed slapd-mdb cursor init check (ITS#9526)
Fixed slapd-mdb deletion of context entry (ITS#9531)
Fixed slapd-mdb off-by-one affecting search scope (ITS#9557)
Fixed slapo-pcache locking during expiration (ITS#9529)
Contrib
Fixed slapo-autogroup to not thrash thread context (ITS#9494)
Documentation
ldap_modify(3) - Delete non-existent mod_next parameter (ITS#9559)
-------------------------------------------------------------------
Tue Mar 16 20:15:53 UTC 2021 - Michael Ströder <michael@stroeder.com>
- updated to 2.4.58
- removed obsolete backport patches:
* 0012-openldap-re24-its9454.patch
* 0013-openldap-re24-its9458.patch
OpenLDAP 2.4.58 Release (2021/03/16)
Fixed slapd validity checks for issuerAndThisUpdateCheck (ITS#9454)
Fixed slapd to alloc new conn struct after freeing old one (ITS#9458)
Fixed slapd syncrepl to check all contextCSNs (ITS#9282)
Fixed slapd-bdb lockdetect config (ITS#9449)
-------------------------------------------------------------------
Sat Feb 27 08:04:03 UTC 2021 - Michael Ströder <michael@stroeder.com>
- use %configure macro
-------------------------------------------------------------------
Mon Feb 8 16:39:13 UTC 2021 - Michael Ströder <michael@stroeder.com>
- removed obsolete Group:
- removed obsolete Provides:
-------------------------------------------------------------------
Mon Feb 8 16:32:26 UTC 2021 - Michael Ströder <michael@stroeder.com>
- added 0013-openldap-re24-its9458.patch
-------------------------------------------------------------------
Sat Feb 6 23:04:03 UTC 2021 - Michael Ströder <michael@stroeder.com>
- added 0012-openldap-re24-its9454.patch
-------------------------------------------------------------------
Mon Jan 18 20:31:58 UTC 2021 - Michael Ströder <michael@stroeder.com>
- updated to 2.4.57
- removed obsolete backport patches:
* 0012-openldap-its9391.patch
* 0013-openldap-its9394.patch
OpenLDAP 2.4.57 Release (2021/01/18)
Fixed ldapexop to use correct return code (ITS#9417)
Fixed slapd to remove asserts in UUIDNormalize (ITS#9391)
Fixed slapd to remove assert in csnValidate (ITS#9410)
Fixed slapd validity checks for issuerAndThisUpdateCheck (ITS#9411, ITS#9427)
Fixed slapd validity checks for serialNumberAndIssuerCheck (ITS#9404, ITS#9424)
Fixed slapd AVA sort with invalid RDN (ITS#9412)
Fixed slapd ldap_X509dn2bv to check for invalid BER after RDN count (ITS#9423, ITS#9425)
Fixed slapd saslauthz to remove asserts in validation (ITS#9406, ITS#9407)
Fixed slapd saslauthz to use slap_sl_free on normalized DN (ITS#9409)
Fixed slapd saslauthz SEGV in slap_parse_user (ITS#9413)
Fixed slapd modrdn memory leak (ITS#9420)
Fixed slapd double-free in vrfilter (ITS#9408)
Fixed slapd cancel operation to correctly terminate (ITS#9428)
Fixed slapd-ldap fix binds on retry with closed connection (ITS#9400)
Fixed slapo-syncprov to ignore duplicate sessionlog entries (ITS#9394)
-------------------------------------------------------------------
Thu Dec 3 20:02:43 UTC 2020 - Michael Ströder <michael@stroeder.com>
- added 0013-openldap-its9394.patch for fixing ITS#9394
-------------------------------------------------------------------
Fri Nov 13 11:06:42 UTC 2020 - Michael Ströder <michael@stroeder.com>
- added 0012-openldap-its9391.patch for fixing ITS#9391
- enabled overlay slapd-pw-argon2 with new dependency on pkgconfig(sodium)
- removed obsolete 0014-ITS-8650-fix-debug-usage.patch
-------------------------------------------------------------------
Wed Nov 11 08:15:38 UTC 2020 - Michael Ströder <michael@stroeder.com>
- updated to 2.4.56
OpenLDAP 2.4.56 Release (2020/11/10)
Fixed slapd to remove assert in certificateListValidate (ITS#9383)
Fixed slapd to remove assert in csnNormalize23 (ITS#9384)
Fixed slapd to better parse ldapi listener URIs (ITS#9379)
-------------------------------------------------------------------
Mon Oct 26 21:48:45 UTC 2020 - Michael Ströder <michael@stroeder.com>
- updated to 2.4.55
OpenLDAP 2.4.55 Release (2020/10/26)
Fixed slapd normalization handling with modrdn (ITS#9370)
Fixed slapd-meta to check ldap_install_tls return code (ITS#9366)
Contrib
Fixed nssov misplaced semicolon (ITS#8731, ITS#9368)
LMDB 0.9.27 Release (2020/10/26)
ITS#9376 fix repeated DUPSORT cursor deletes
-------------------------------------------------------------------
Wed Oct 14 12:22:01 UTC 2020 - Michael Ströder <michael@stroeder.com>
- removed unmaintained ppolicy-check-password and its back-port patch
0200-Fix-incorrect-calculation-of-consecutive-number-of-c.patch
- removed pw-argon2 for backward compability with older SLE releases
-------------------------------------------------------------------
Mon Oct 12 20:21:23 UTC 2020 - Michael Ströder <michael@stroeder.com>
- updated to 2.4.54
OpenLDAP 2.4.54 Release (2020/10/12)
Fixed slapd delta-syncrepl to ignore delete ops on deleted entry (ITS#9342)
Fixed slapd delta-syncrepl to be fully serialized (ITS#9330)
Fixed slapd delta-syncrepl MOD on zero-length context entry (ITS#9352)
Fixed slapd sessionlog to use a TAVL tree (ITS#8486)
Fixed slapd syncrepl to be fully serialized (ITS#8102)
Fixed slapd syncrepl to call check_syncprov on fresh consumer (ITS#9345)
Fixed slapd syncrepl to propagate errors from overlay_entry_get_ov (ITS#9355)
Fixed slapd syncrepl to not create empty ADD ops (ITS#9359)
Fixed slapd syncrepl replace usage on single valued attrs (ITS#9295)
Fixed slapd-monitor fix monitor_back_register_database for empty suffix DB (ITS#9353)
Fixed slapo-accesslog normalizer for reqStart (ITS#9358)
Fixed slapo-accesslog to not generate new contextCSN on purge (ITS#9361)
Fixed slapo-syncprov contextCSN generation with empty suffix (ITS#9015)
-------------------------------------------------------------------
Tue Sep 15 10:23:01 UTC 2020 - Michael Ströder <michael@stroeder.com>
- fixed libexecdir when installing ppolicy-check-password
-------------------------------------------------------------------
Mon Sep 7 15:58:31 UTC 2020 - Michael Ströder <michael@stroeder.com>
- updated to 2.4.53
- removed 0002-openldap-its9282.patch obsoleted by update
OpenLDAP 2.4.53 (2020/09/07)
Added slapd syncrepl additional SYNC logging (ITS#9043)
Fixed slapd syncrepl segfault on NULL cookie on REFRESH (ITS#9282)
Fixed slapd syncrepl to use fresh connection on REFRESH fallback (ITS#9338)
Fixed slapo-ppolicy race condition for pwdFailureTime (ITS#9302,ITS#9334)
Build
Require OpenSSL 1.0.2 or later (ITS#9323)
Fixed libldap compilation issue with broken C compilers (ITS#9332)
-------------------------------------------------------------------
Tue Sep 1 10:42:08 UTC 2020 - Michael Ströder <michael@stroeder.com>
- added 0002-openldap-its9282.patch
-------------------------------------------------------------------
Fri Aug 28 22:06:57 UTC 2020 - Michael Ströder <michael@stroeder.com>
- updated to 2.4.52
OpenLDAP 2.4.52 (2020/08/28)
Added libldap LDAP_OPT_X_TLS_REQUIRE_SAN option (ITS#9318)
Added libldap OpenSSL support for multiple EECDH curves (ITS#9054)
Added slapd OpenSSL support for multiple EECDH curves (ITS#9054)
Fixed librewrite malloc/free corruption (ITS#9249)
Fixed libldap hang when using UDP and server down (ITS#9328)
Fixed slapd syncrepl rare deadlock due to network issues (ITS#9324)
Fixed slapd syncrepl regression that could trigger an assert (ITS#9329)
Fixed slapd-mdb index error with collapsed range (ITS#9135)
-------------------------------------------------------------------
Wed Aug 12 06:16:42 UTC 2020 - Michael Ströder <michael@stroeder.com>
- updated to 2.4.51
- removed obsolete patch
OpenLDAP 2.4.51 Release (2020/08/11)
Added slapo-ppolicy implement Netscape password policy controls (ITS#9279)
Fixed libldap retry loop in ldap_int_tls_connect (ITS#8650)
Fixed libldap to use getaddrinfo in ldap_pvt_get_fqdn (ITS#9287)
Fixed slapd to enforce singular existence of some overlays (ITS#9309)
Fixed slapd syncrepl to not delete non-replicated attrs (ITS#9227)
Fixed slapd syncrepl to correctly delete entries on resync (ITS#9282)
Fixed slapd syncrepl to use replace on single valued attrs (ITS#9294, ITS#9295)
Fixed slapd-perl dynamic config with threaded slapd (ITS#7573)
Fixed slapo-ppolicy to expose the ppolicy control (ITS#9285)
Fixed slapo-ppolicy race condition for pwdFailureTime (ITS#9302)
Fixed slapo-ppolicy so it can only exist once per DB (ITS#9309)
Fixed slapo-chain to check referral (ITS#9262)
Build Environment
Fix test064 so it no longer uses bashisms (ITS#9263)
Contrib
Fix default prefix value for pw-argon2, pw-pbkdf2 modules (ITS#9248)
slapo-allowed - Fix usage of unitialized variable (ITS#9308)
Documentation
ldap_parse_result(3) - Document ldap_parse_intermediate (ITS#9271)
-------------------------------------------------------------------
Wed Apr 29 08:47:02 UTC 2020 - Michael Ströder <michael@stroeder.com>
- updated to 2.4.50
- removed obsolete back-port patches:
* 0012-openldap-its9171-fix_pwdAccountLockedTime_crashes.patch
* 0013_openldap-its9214_super_match_cursor_leak_fix.patch
- added 0014-ITS-8650-fix-debug-usage.patch
- enabled new contrib overlay pw-argon2
- replaced FTP by HTTPS download URL for source
OpenLDAP 2.4.50 Release (2020/04/28)
Fixed client benign typos (ITS#8890)
Fixed libldap type cast (ITS#9175)
Fixed libldap retry loop in ldap_int_tls_connect (ITS#8650)
Fixed libldap_r race on Windows mutex initialization (ITS#9181)
Fixed liblunicode memory leak (ITS#9198)
Fixed slapd benign typos (ITS#8890)
Fixed slapd to limit depth of nested filters (ITS#9202)
Fixed slapd-mdb memory leak in dnSuperiorMatch (ITS#9214)
Fixed slapo-pcache database initialization (ITS#9182)
Fixed slapo-ppolicy callback (ITS#9171)
Build
Fix olcDatabaseDummy initialization for windows (ITS#7074)
Fix detection for ws2tcpip.h for windows (ITS#8383)
Fix back-mdb types for windows (ITS#7878)
Contrib
Update ldapc++ config.guess and config.sub to support newer architectures (ITS#7855)
Added pw-argon2 module (ITS#9233, ITS#8575, ITS#9203, ITS#9206)
Documentation
slapd-ldap(5) - Clarify idassert-authzfrom behavior (ITS#9003)
slapd-meta(5) - Remove client-pr option (ITS#8683)
slapdinex(8) - Fix truncate option information for back-mdb (ITS#9230)
-------------------------------------------------------------------
Wed Apr 15 10:02:23 UTC 2020 - Michael Ströder <michael@stroeder.com>
- added 0013_openldap-its9214_super_match_cursor_leak_fix.patch
-------------------------------------------------------------------
Fri Feb 21 13:29:15 UTC 2020 - Michael Ströder <michael@stroeder.com>
- added back-port fix 0012-openldap-its9171-fix_pwdAccountLockedTime_crashes.patch
-------------------------------------------------------------------
Thu Jan 30 20:57:33 UTC 2020 - Michael Ströder <michael@stroeder.com>
- updated to 2.4.49
- removed obsolete back-port patches:
* 0012-openldap-its9081_do_not_leak_sb.patch
* 0013_openldap-its9124_fix_crash_with_cancel_exop.patch
* 0014-openldap-its9164_monitor_mdb_entry_count.patch
- removed obsolete source file DB_CONFIG
OpenLDAP 2.4.49 Release (2020/01/30)
Added slapd-monitor database entry count for slapd-mdb (ITS#9154)
Fixed client tools to not add controls on cancel/abandon (ITS#9145)
Fixed client tools SyncInfo message to be LDIF compliant (ITS#8116)
Fixed libldap to correctly free sb (ITS#9081, ITS#8755)
Fixed libldap descriptor leak if ldaps fails (ITS#9147)
Fixed libldap remove unnecessary global mutex for GnuTLS (ITS#9069)
Fixed slapd syntax evaluation of preferredDeliveryMethod (ITS#9067)
Fixed slapd to relax domainScope control check (ITS#9100)
Fixed slapd to have cleaner error handling during connection setup (ITS#9112)
Fixed slapd data check when processing cancel exop (ITS#9124)
Fixed slapd attribute description processing (ITS#9128)
Fixed slapd-ldap to set oldctrls correctly (ITS#9076)
Fixed slapd-mdb to honor unchecked limit with alias deref (ITS#7657)
Fixed slapd-mdb missing final commit with slapindex (ITS#9095)
Fixed slapd-mdb drop attr mappings added in an aborted txn (ITS#9091)
Fixed slapd-mdb nosync FLAG configuration handling (ITS#9150)
Fixed slapd-monitor global operation counter reporting (ITS#9119)
Fixed slapo-ppolicy when used with slapauth (ITS#8629)
Fixed slapo-ppolicy to add a missed normalised copy of pwdChangedTime (ITS#9126)
Fixed slapo-syncprov fix sessionlog init (ITS#9146)
Fixed slapo-unique loop termination (ITS#9077)
Build Environment
Fix mkdep to honor TMPDIR if set (ITS#9062)
Remove ICU library detection (ITS#9144)
Update config.guess and config.sub to support newer architectures (ITS#7855)
Disable ITS8521 regression test as it is no longer valid (ITS#9015)
Documentation
admin24 - Fix inconsistent whitespace in replication section (ITS#9153)
slapd-config(5)/slapd.conf(5) - Fix missing bold tag for keyword (ITS#9063)
slapd-ldap(5) - Document "tls none" option (ITS#9071)
slapo-ppolicy(5) - Correctly document pwdGraceAuthnLimit (ITS#9065)
-------------------------------------------------------------------
Sat Jan 18 15:36:55 UTC 2020 - Michael Ströder <michael@stroeder.com>
- added back-port patch
0014-openldap-its9164_monitor_mdb_entry_count.patch
(see OpenLDAP ITS#9164)
-------------------------------------------------------------------
Fri Jan 10 13:16:40 UTC 2020 - Michael Ströder <michael@stroeder.com>
- added back-port patch
0013_openldap-its9124_fix_crash_with_cancel_exop.patch
to fix OpenLDAP ITS#9124
-------------------------------------------------------------------
Sun Dec 22 16:38:19 UTC 2019 - Michael Ströder <michael@stroeder.com>
- use BuildRequires: pkgconfig(krb5) instead of krb5-devel-mini
-------------------------------------------------------------------
Fri Sep 13 12:26:12 UTC 2019 - Michael Ströder <michael@stroeder.com>
- Use FAT LTO objects in order to provide proper static library.
-------------------------------------------------------------------
Wed Jul 24 21:23:28 UTC 2019 - Michael Ströder <michael@stroeder.com>
- Update to upstream release 2.4.48 with security fixes:
* CVE-2019-13057 (ITS#9038):
rootdn of any db can assert any identity
* CVE-2019-13565 (ITS#9052):
Unauthorized access caused by incorrect handling of SASL SSF values
- Removed obsolete patches:
* 0002-openldap-its8727-plug-ber-leaks.patch
* 0004-ITS8971-most-ext-op-do-not-have-reqdn.patch
* 0009-Fix-ldap-host-lookup-ipv6.patch
* 0012-openldap-its7770_add_mdb_stat_info_to_cn_monitor.patch
* 0013-openldap-its8990_pickup_SLAP_MOD_SOFT_modops.patch
* 0018-openldap-its-9038-restrict-rootDN-proxyauthz.patch
* 0019-openldap-its-9052-zero-out-sasl-ssf.patch
OpenLDAP 2.4.48 (2019/07/24)
Added libldap OpenSSL Elliptic Curve support (ITS#7595)
Added libldap Expose OpenLDAP specific interfaces via openldap.h (ITS#8671)
Added slapd-monitor support for slapd-mdb (ITS#7770)
Fixed liblber leaks (ITS#8727)
Fixed liblber with partial flush (ITS#8864)
Fixed libldap ASYNC TLS so it works (ITS#8957,ITS#8980)
Fixed libldap ASYNC connections with Solaris 10 (ITS#8968)
Fixed libldap with SASL_NOCANON=on and ldapi connections (ITS#7585)
Fixed libldap to be able to unset syncrepl TLS options (ITS#7042)
Fixed libldap race condition in ldap_int_initialize (ITS#7996, ITS#8450)
Fixed libldap return code in ldap_create_assertion_control_value (ITS#8674)
Fixed libldap to correctly disable IPv6 when configured to do so (ITS#8754)
Fixed libldap to correctly close TLS connection (ITS#8755)
Fixed libldap with non-blocking TLS and referals (ITS#8167)
Fixed libldap_r handling of deprecated OpenSSL function (ITS#8353)
Fixed liblunicode case correspondance (ITS#8508)
Fixed slapd with an idletimeout of less than four seconds (ITS#8952)
Fixed slapd config parser variable for Windows64 (ITS#9012)
Fixed slapd syncrepl fallback handling with delta-syncrepl (ITS#9015)
Fixed slapd telephoneNumberNormalize, cert DN validation (ITS#8999)
Fixed slapd syncrepl for relax with delta-syncrepl (ITS#8037)
Fixed slapd to restrict rootDN proxyauthz to its own databases (ITS#9038)
Fixed slapd to initialize SASL SSF per connection (ITS#9052)
Fixed slapo-accesslog with SLAP_MOD_SOFT modifications (ITS#8990)
Fixed slapd-ldap starttls connections timeout behavior (ITS#8963)
Fixed slapd-ldap segfault when entry result doesn't match filter (ITS#8997)
Fixed slapd-meta conversion from slapd.conf to cn=config (ITS#8743)
Fixed slapd-meta assertion when network interface goes down (ITS#8841)
Fixed slapd-mdb fix bitshift integer overflow (ITS#8989)
Fixed slapd-mdb index cleanup with cn=config (ITS#8472)
Fixed slapd-mdb to improve performance with alias deref (ITS#7657)
Fixed slapo-accesslog possible assert with exops (ITS#8971)
Fixed slapo-chain to correctly reject multiple chaining URIs (ITS#8637)
Fixed slapo-chain conversion from slapd.conf to cn=config (ITS#8799)
Fixed slapo-memberof conversion from slapd.conf to cn=config (ITS#8663)
Fixed slapo-memberof for group name change to itself (ITS#9000)
Fixed slapo-ppolicy behavior when pwdInHistory is changed (ITS#8349)
Fixed slapo-rwm to not free original filter (ITS#8964)
Fixed slapo-syncprov contextCSN generation (ITS#9015)
Build Environment
Fixed slapd to only link to BDB libraries with static build (ITS#8948)
Fixed libldap implicit declaration with LDAP_CONNECTIONLESS (ITS#8794)
Fixed libldap double inclusion of limits.h in cyrus.c (ITS#9041)
Documentation
General - Fixed minor typos (ITS#8764, ITS#8761)
admin24 - Miscellaneous updates promoting mdb and fixing examples (ITS#9031)
slapd.access(5) - Note MDB is the primary backend (ITS#8881)
slapd.backends(5) - Note MDB is the recommended backend (ITS#8771)
slapd-ldap(5) - Document starttls parameter (ITS#8693)
Contrib
Added slapo-lastbind capability to forward authTimestamp updates (ITS#7721)
-------------------------------------------------------------------
Sun Jul 14 15:32:39 UTC 2019 - Michael Ströder <michael@stroeder.com>
- added back-port patches:
* 0018-openldap-its-9038-restrict-rootDN-proxyauthz.patch
* 0019-openldap-its-9052-zero-out-sasl-ssf.patch
-------------------------------------------------------------------
Tue Mar 12 09:51:41 UTC 2019 - Michael Ströder <michael@stroeder.com>
- added back-port patch for OpenLDAP ITS#7770:
0012-openldap-its7770_add_mdb_stat_info_to_cn_monitor.patch
-------------------------------------------------------------------
Wed Mar 6 14:50:59 UTC 2019 - Michael Ströder <michael@stroeder.com>
- initial build
