Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
Name: openldap2 | Distribution: SUSE Linux Framework One |
Version: 2.6.4 | Vendor: SUSE LLC <https://www.suse.com/> |
Release: slfo.1.1.10 | Build date: Tue Sep 5 13:52:49 2023 |
Group: Productivity/Networking/LDAP/Servers | Build host: reproducible |
Size: 3785644 | Source RPM: openldap2-2.6.4-slfo.1.1.10.src.rpm |
Packager: https://www.suse.com/ | |
Url: https://www.openldap.org | |
Summary: An open source implementation of the Lightweight Directory Access Protocol |
OpenLDAP is a client and server reference implementation of the Lightweight Directory Access Protocol v3 (LDAPv3). The server provides several database backends and overlays.
OLDAP-2.8
* Tue Sep 05 2023 [email protected] - Disable SLP by default for Factory and ALP (bsc#1214884) * Sat Apr 15 2023 [email protected] - update to 2.6.4: * Fixed client tools to remove 'h' and 'p' options * Fixed ldapsearch memory leak with paged results (ITS#9860) * Fixed libldap ldif_open_urlto check for failure (ITS#9904 CVE-2023-2953 boo#1211795) * Fixed libldap ldap_url_parsehosts check for failure * Fixed liblunicode UTF8bvnormalize buffer size (ITS#9955) * Fixed lloadd memory leaks (ITS#9907) * Fixed lloadd shutdown code to protect memory correctly * Fixed lloadd race in epoch.c (ITS#9947) * Fixed lloadd potential deadlock with cn=monitor (ITS#9951) * Fixed lloadd to keep listener base around when not active * Fixed lloadd object reclamation sequencing (ITS#9983) * Fixed slapd memory leak with olcAuthIDRewrite (ITS#6035) * Fixed slapd free of redundant cmdline option (ITS#9912) * Fixed slapd transactions extended operations cleanup after * Fixed slapd deadlock with replicated cn=config * Fixed slapd connection close logic (ITS#9991) * Fixed slapd bconfig locking of cn=config entries (ITS#9045) * Fixed slapd-mdb max number of index databases to 256 * Fixed slapd-mdb to always release entries from ADD operations * Fixed slapd-mdb to fully init empty DN in tool_entry_get * Fixed slapd-monitor memory leaks with lloadd (ITS#9906) * Fixed slapd-monitor to free remembered cookies (ITS#9339) * Fixed slapo-accesslog reqStart ordering matching rule * Fixed slapo-deref memory leak (ITS#9924) * Fixed slapo-dynlist to ignore irrelevant objectClasses * Fixed slapo-dynlist to avoid unnecessary searches (ITS#9929) * Fixed slapo-dynlist to mark internal searches as such * Fixed slapo-pcache crash in consistency_check (ITS#9966) * Fixed slapo-remoteauth memory leaks (ITS#9438) * Fixed slapo-rwm memory leaks (ITS#9817) * Build Environment * Fixed ancient DOS related ifdef checks (ITS#9925) * Fixed build process to not use gmake specific features * Fixed source tree to remove symlinks (ITS#9926) * Fixed slapo-otp testdir creation (ITS#9437) * Fixed slapd-tester memory leak (ITS#9908) * Fixed usage of non-standard C syntax (ITS#9898, ITS#9899, ITS#9901) * Fixed usage of bashism (ITS#9900) * Fixed test suite portability (ITS#9931) * Documentation * Fixed ldap_bind(3) to document ber_bvfree in ldap_sasl_bind (ITS#9976) * Fixed slapo-asyncmeta(5) to clarify scheduling for target connections (ITS#9941) * Fixed slapo-dynlist(5) to clarify configuration settings (ITS#9957) * Fixed slapo-unique(5) to clarify when quoting should be used (ITS#9915) * Minor cleanup * Sat Dec 10 2022 [email protected] - add reproducible.patch to avoid using compile-time specific date/time constructs * Mon Sep 26 2022 [email protected] - bsc#1202931 - CVE-2022-31253 - Openldap start script allowed the ldap user to privilege escalate to root due to unbound chown commands. * Thu Jul 14 2022 [email protected] - removed obsolete 0017-Resolve-error-handling-in-new-ctx-when-global.patch - update to 2.6.3 * Fixed librewrite declaration of calloc (ITS#9841) * Fixed libldap to check for NULL ld (ITS#9157) * Fixed libldap memory leaks (ITS#9876) * Fixed lloadd to correctly tag Notice of Disconnection (ITS#9856) * Fixed slapd delta-sync DN leak on ADD ops (ITS#9866) * Fixed slapd replication with back-glue (ITS#9868) * Fixed slapd lastbind replication with chaining (ITS#9863) * Fixed slapd-ldap to correctly set authzid (ITS#9863) * Fixed slapd-mdb to check for stale readers on MDB_READERS_FULL (ITS#7165) * Fixed slapd-mdb indexer task with replicated config (ITS#9858) * Fixed slapo-accesslog onetime memory leak (ITS#9864) * Fixed slapo-ppolicy interaction with slapo-rwm (ITS#9871) * Fixed slapo-rwm to handle escaping special characters (ITS#9817) * Fixed slapo-syncprov memory leaks (ITS#9867) * Fixed slapo-syncprov fallback in delta-sync mode (ITS#9823) * Fixed slapo-unique to not release NULL entry (ITS#8245) * doc: Fixed ldap_get_option(3) to clarify ldap_get/set_option restrictions (ITS#9824) * Mon May 23 2022 [email protected] - Update to release 2.6.2 * Added support for OpenSSL 3.0 (ITS#9436) * Fixed ldapdelete to prune LDAP subentries (ITS#9737) * Fixed libldap to drop connection when non-LDAP data is received (ITS#9803) * Fixed libldap to allow newlines at end of included file (ITS#9811) * Fixed slapd slaptest conversion of olcLastBind (ITS#9808) * Fixed slapd to correctly init global_host earlier (ITS#9787) * Fixed slapd bconfig locking for cn=config replication (ITS#9584) * Fixed slapd usage of thread local counters (ITS#9789) * Fixed slapd to clear runqueue task correctly (ITS#9785) * Fixed slapd idletimeout handling (ITS#9820) * Fixed slapd syncrepl handling of new sessions (ITS#9584) * Fixed slapd to clear connections on bind (ITS#9799) * Fixed slapd to correctly advance connections index (ITS#9831) * Fixed slapd syncrepl ODSEE replication of unknown attr (ITS#9801) * Fixed slapd-asyncmeta memory leak in keepalive setting, slapd-ldap memory leak in keepalive setting, SEGV on config rewrite, ordering on config rewrite, memory leak in keepalive setting (ITS#9802) * Fixed slapo-pcache SEGV & slapd-monitor SEGV on shutdown (ITS#9809) * Fixed slapd-monitor crash when hitting sizelimit (ITS#9832) * Fixed slapd-sql to properly escape filter value (ITS#9815) * Fixed slapo-dynlist dynamic group regression (ITS#9825) * Fixed slapo-ppolicy operation handling to be consistent (ITS#9794) * Fixed slapo-translucent to correctly duplicate substring filters (ITS#9818) * Contrib: * Update ppm module to the 2.1 release (ITS#9814) * Documentation: * admin26: Document new lloadd features (ITS#9780) * Fixed slapd.conf(5)/slapd-config(5) syncrepl sizelimit/timelimit documentation (ITS#9804) * Fixed slapd-sock(5) to clarify "sockresps result" behavior (ITS#8255) * Thu May 12 2022 [email protected] - bsc#1199277 - Resolve segfault when calling new ctx with global ctx * 0017-Resolve-error-handling-in-new-ctx-when-global.patch * Mon Apr 11 2022 [email protected] - Use libargon2 instead of libsodium because it supports p>1 - Added new contrib overlays: authzid, datamorph, variant, vc * Sat Apr 02 2022 [email protected] - Update to release 2.6.1 * Ability to log directly to a file bypassing syslog * back-ndb is retired * back-sql and back-perl are deprecated * lloadd(8): Additional load balancing strategies. * lloadd(8): Additional options to improve coherence with certain controls and extended operations. * Sat Mar 26 2022 [email protected] - Add _multibuild support to integrate the build of libldapcpp-devel to drop the outdated copy * Mon Oct 25 2021 [email protected] - update to 2.5.9 OpenLDAP 2.5.9 Release (2021/10/25) Fixed slapo-accesslog to initialize minCSN on import of 2.4 databases (ITS#9720) * Mon Oct 11 2021 [email protected] - update to 2.5.8 OpenLDAP 2.5.8 Release (2021/10/11) Fixed libldap ldap_int_tls_connect: isdigit() requires unsigned char (ITS#9668) Fixed libldap memory leak in ldap_get_option LDAP_OPT_X_TLS_PEERCERT (ITS#9696) Fixed slapd to allow normalized values for namingContexts in cn=monitor (ITS#8341) Fixed slapd to normalize the suffix in rootDSE (ITS#9664) Fixed slapd slapadd to avoid destroying configDB prematurely (ITS#9678) Fixed slapd to not spam logs with lastbind information (ITS#9156) Fixed slapd slaptest migration to correctly set olcTSLVerifyClient (ITS#9711) Fixed slapd-mdb multival delete handling (ITS#9712) Fixed slapd-sql ldap_entry_objectclass table for mariadb/mysql (ITS#9679) Fixed slapd-wt multiple issues (ITS#9463) Fixed slapd-wt to close cache db correctly (ITS#9631) Fixed slapo-ppolicy to restore OpenLDAP 2.4 compatibilty (ITS#9671) Fixed slapo-syncprov to free uuid list when finished replaying sessionlog (ITS#6467) Build Fixed libldap result.c compilation on musl systems (ITS#9648) Fixed slapd duplicate definition of peerbv (ITS#9659) Fixed test suite with memberof modular builds (ITS#9464) Contrib Added man page for ppm contrib module (ITS#9644) Fix crash when pwdCheckModuleArg is not defined for ppm (ITS#9656) Documentation Fixed guide download link for heimdal (ITS#9669) Fixed guide documentation for TLSECName (ITS#9687) Fixed guide documentation missing tags (ITS#9693) Fixed guide loadbalancer typo (ITS#9699) Fixed guide synprov-nopresent redundant text (ITS#9689) Fixed guide various typos and fix config alignment (ITS#9706) Removed ppolicy.schema from servers/slapd/schema/README (ITS#9156) Fixed slapd.conf(5)/slapd-config(5) to document default for database monitoring (ITS#9674) Fixed slapd-meta(5)/slapd-asyncmeta(5) verbiage for try-propagate (ITS#9646) Fixed slapo-syncprov(5) to note entryCSN indexing is highly recommended (ITS#9688) * Tue Aug 24 2021 [email protected] - Update to upstream version 2.5.7 Fixed lloadd client state tracking (ITS#9624) Fixed slapd bconfig to canonicalize structuralObjectclass (ITS#9611) Fixed slapd-ldif duplicate controls response (ITS#9497) Fixed slapd-mdb multival crash when attribute is missing an equality matchingrule (ITS#9621) Fixed slapd-mdb compatibility with OpenLDAP 2.4 MDB databases (ITS#8958) Fixed slapd-mdb idlexp maximum size handling (ITS#9637) Fixed slapd-monitor number of ops executing with asynchronous backends (ITS#9628) Fixed slapd-sql to add support for ppolicy attributes (ITS#9629) Fixed slapd-sql to close transactions after bind and search (ITS#9630) Fixed slapo-accesslog to make reqMod optional (ITS#9569) Fixed slapo-ppolicy logging when pwdChangedTime attribute is not present (ITS#9625) Documentation slapd-mdb(5) note max idlexp size is 30, not 31 (ITS#9637) slapo-accesslog(5) note that reqMod is optional (ITS#9569) Add ldapvc(1) man page (ITS#9549) Add guide section on load balancer (ITS#9443) Updated guide to document multiprovider as replacement for mirrormode (ITS#9200) Updated guide to clarify slapd-mdb upgrade requirements (ITS#9200) Updated guide to document removal of deprecated options from client tools (ITS#9200) * Fri Jul 30 2021 [email protected] - Major version update to 2.5.6 See https://www.openldap.org/software/release/announce.html for a list of changes. - The threaded version of the OpenLDAP libraries, libldap_r, has been merged with libldap with 2.5. Removed all related downstream changes, including the openldap-r-only.dif patch. Introduce a new compatibility symlink in the other direction: libldap_r pointing to libldap. - Removed the ppolicy-check-password module. It is unmaintained and does not build any more. As part of that also remove the patch patch 0200-Fix-incorrect-calculation-of-consecutive-number-of-c.patch, which is applied to this module. - Removed patch 0001-ITS-8866-slapo-unique-to-return-filter-used-in-diagn.patch Fixed upstream in 2.5 (ITS#8866) - Updated patch 0005-pie-compile.dif Removed the hunks on back-bdb and back-hdb, which are retired backends in 2.5. - Removed patch 0007-Recover-on-DB-version-change.dif The back-bdb backend was retired. - Removed patch 0011-openldap-re24-its7796.patch Fixed upstream in 2.5 (ITS#7796) - Remove non-existant configure arguments: - -enable-rewrite, --enable-monitor, --enable-lmpasswd - Add the --enable-dynacl configure option, which is required for --enable-aci - Add the --with-argon2 configure option and remove it from the contrib modules, since it is now official (ITS#9453). - Pass mandir to smbk5pwd to ensure the man page ends up in /usr/share. - Include the new overlays in libdir/openldap in the packages. - Add the pkgconfig files to the devel package. - Remove compat macro for _fillupdir, which was introduced in Nov 2017 and should be widely available now. * Fri Jun 04 2021 [email protected] - updated to 2.4.59 OpenLDAP 2.4.59 Release (2021/06/03) Fixed libldap TLSv1.3 cipher suites with OpenSSL 1.1.1 (ITS#9521) Fixed libldap double free of LDAP_OPT_DEFBASE (ITS#9530) Fixed slapd syncrepl handling of add+delete on single value attr (ITS#9295) Fixed slapd-mdb cursor init check (ITS#9526) Fixed slapd-mdb deletion of context entry (ITS#9531) Fixed slapd-mdb off-by-one affecting search scope (ITS#9557) Fixed slapo-pcache locking during expiration (ITS#9529) Contrib Fixed slapo-autogroup to not thrash thread context (ITS#9494) Documentation ldap_modify(3) - Delete non-existent mod_next parameter (ITS#9559) * Tue Mar 16 2021 [email protected] - updated to 2.4.58 OpenLDAP 2.4.58 Release (2021/03/16) Fixed slapd validity checks for issuerAndThisUpdateCheck (ITS#9454) Fixed slapd to alloc new conn struct after freeing old one (ITS#9458) Fixed slapd syncrepl to check all contextCSNs (ITS#9282) Fixed slapd-bdb lockdetect config (ITS#9449) * Mon Jan 18 2021 [email protected] - updated to 2.4.57 OpenLDAP 2.4.57 Release (2021/01/18) Fixed ldapexop to use correct return code (ITS#9417) Fixed slapd to remove asserts in UUIDNormalize (ITS#9391) Fixed slapd to remove assert in csnValidate (ITS#9410) Fixed slapd validity checks for issuerAndThisUpdateCheck (ITS#9411, ITS#9427) Fixed slapd validity checks for serialNumberAndIssuerCheck (ITS#9404, ITS#9424) Fixed slapd AVA sort with invalid RDN (ITS#9412) Fixed slapd ldap_X509dn2bv to check for invalid BER after RDN count (ITS#9423, ITS#9425) Fixed slapd saslauthz to remove asserts in validation (ITS#9406, ITS#9407) Fixed slapd saslauthz to use slap_sl_free on normalized DN (ITS#9409) Fixed slapd saslauthz SEGV in slap_parse_user (ITS#9413) Fixed slapd modrdn memory leak (ITS#9420) Fixed slapd double-free in vrfilter (ITS#9408) Fixed slapd cancel operation to correctly terminate (ITS#9428) Fixed slapd-ldap fix binds on retry with closed connection (ITS#9400) Fixed slapo-syncprov to ignore duplicate sessionlog entries (ITS#9394) * Thu Dec 17 2020 [email protected] - added openldap2.keyring and source signature file * Wed Nov 11 2020 [email protected] - updated to 2.4.56 OpenLDAP 2.4.56 Release (2020/11/10) Fixed slapd to remove assert in certificateListValidate (ITS#9383) Fixed slapd to remove assert in csnNormalize23 (ITS#9384) Fixed slapd to better parse ldapi listener URIs (ITS#9379) * Tue Oct 27 2020 [email protected] - bsc#1175568 CVE-2020-8027 openldap_update_modules_path.sh has a number of issues in it's design that lead to security issues. This file has been removed, from the package, and the %post execution of the install. The function is replaced by /usr/sbin/slapd-ldif-update-crc and /usr/lib/openldap/fixup-modulepath, through the addition of the source files: * fixup-modulepath.sh * slapd-ldif-update-crc.sh * update-crc.sh * Mon Oct 26 2020 [email protected] - updated to 2.4.55 OpenLDAP 2.4.55 Release (2020/10/26) Fixed slapd normalization handling with modrdn (ITS#9370) Fixed slapd-meta to check ldap_install_tls return code (ITS#9366) Contrib Fixed nssov misplaced semicolon (ITS#8731, ITS#9368) LMDB 0.9.27 Release (2020/10/26) ITS#9376 fix repeated DUPSORT cursor deletes * Mon Oct 12 2020 [email protected] - updated to 2.4.54 OpenLDAP 2.4.54 Release (2020/10/12) Fixed slapd delta-syncrepl to ignore delete ops on deleted entry (ITS#9342) Fixed slapd delta-syncrepl to be fully serialized (ITS#9330) Fixed slapd delta-syncrepl MOD on zero-length context entry (ITS#9352) Fixed slapd sessionlog to use a TAVL tree (ITS#8486) Fixed slapd syncrepl to be fully serialized (ITS#8102) Fixed slapd syncrepl to call check_syncprov on fresh consumer (ITS#9345) Fixed slapd syncrepl to propagate errors from overlay_entry_get_ov (ITS#9355) Fixed slapd syncrepl to not create empty ADD ops (ITS#9359) Fixed slapd syncrepl replace usage on single valued attrs (ITS#9295) Fixed slapd-monitor fix monitor_back_register_database for empty suffix DB (ITS#9353) Fixed slapo-accesslog normalizer for reqStart (ITS#9358) Fixed slapo-accesslog to not generate new contextCSN on purge (ITS#9361) Fixed slapo-syncprov contextCSN generation with empty suffix (ITS#9015) * Mon Sep 07 2020 [email protected] - updated to 2.4.53 OpenLDAP 2.4.53 (2020/09/07) Added slapd syncrepl additional SYNC logging (ITS#9043) Fixed slapd syncrepl segfault on NULL cookie on REFRESH (ITS#9282) Fixed slapd syncrepl to use fresh connection on REFRESH fallback (ITS#9338) Fixed slapo-ppolicy race condition for pwdFailureTime (ITS#9302,ITS#9334) Build Require OpenSSL 1.0.2 or later (ITS#9323) Fixed libldap compilation issue with broken C compilers (ITS#9332) * Fri Aug 28 2020 [email protected] - updated to 2.4.52 OpenLDAP 2.4.52 (2020/08/28) Added libldap LDAP_OPT_X_TLS_REQUIRE_SAN option (ITS#9318) Added libldap OpenSSL support for multiple EECDH curves (ITS#9054) Added slapd OpenSSL support for multiple EECDH curves (ITS#9054) Fixed librewrite malloc/free corruption (ITS#9249) Fixed libldap hang when using UDP and server down (ITS#9328) Fixed slapd syncrepl rare deadlock due to network issues (ITS#9324) Fixed slapd syncrepl regression that could trigger an assert (ITS#9329) Fixed slapd-mdb index error with collapsed range (ITS#9135) * Thu Aug 20 2020 [email protected] - Switch from shadow to sysusers to generate ldap account - Remove if's for code older than SLE12 (Even SLE12 builds no longer) - Remove 12 years old sasl2 migration code * Sat Aug 15 2020 [email protected] - Drop obsolete, not working DB_CONFIG - Remove init.d header from start script, does not work - Use bash for start script as syntax is not POSIX sh supported - Remove UPDATE_NEEDED section in start script, does never match * Sat Aug 15 2020 [email protected] - Remove remaining rc.status usage in start script * Wed Aug 12 2020 [email protected] - updated to 2.4.51 - removed obsolete patch 0014-ITS-8650-fix-debug-usage.patch OpenLDAP 2.4.51 Release (2020/08/11) Added slapo-ppolicy implement Netscape password policy controls (ITS#9279) Fixed libldap retry loop in ldap_int_tls_connect (ITS#8650) Fixed libldap to use getaddrinfo in ldap_pvt_get_fqdn (ITS#9287) Fixed slapd to enforce singular existence of some overlays (ITS#9309) Fixed slapd syncrepl to not delete non-replicated attrs (ITS#9227) Fixed slapd syncrepl to correctly delete entries on resync (ITS#9282) Fixed slapd syncrepl to use replace on single valued attrs (ITS#9294, ITS#9295) Fixed slapd-perl dynamic config with threaded slapd (ITS#7573) Fixed slapo-ppolicy to expose the ppolicy control (ITS#9285) Fixed slapo-ppolicy race condition for pwdFailureTime (ITS#9302) Fixed slapo-ppolicy so it can only exist once per DB (ITS#9309) Fixed slapo-chain to check referral (ITS#9262) Build Environment Fix test064 so it no longer uses bashisms (ITS#9263) Contrib Fix default prefix value for pw-argon2, pw-pbkdf2 modules (ITS#9248) slapo-allowed - Fix usage of unitialized variable (ITS#9308) Documentation ldap_parse_result(3) - Document ldap_parse_intermediate (ITS#9271) * Mon Jun 08 2020 [email protected] - Revert changes to libexecdir * Sun Jun 07 2020 [email protected] - More .spec cleanups * Fri Jun 05 2020 [email protected] - Fixes for %_libexecdir changing to /usr/libexec - Spec file cleanups * Wed May 06 2020 [email protected] - updated to 2.4.50 - added 0014-ITS-8650-fix-debug-usage.patch - enabled new contrib overlay pw-argon2 - replaced FTP by HTTPS download URL for source - removed 0009-Fix-ldap-host-lookup-ipv6.patch (see bsc#1171127) OpenLDAP 2.4.50 Release (2020/04/28) Fixed client benign typos (ITS#8890) Fixed libldap type cast (ITS#9175) Fixed libldap retry loop in ldap_int_tls_connect (ITS#8650) Fixed libldap_r race on Windows mutex initialization (ITS#9181) Fixed liblunicode memory leak (ITS#9198) Fixed slapd benign typos (ITS#8890) Fixed slapd to limit depth of nested filters (ITS#9202) Fixed slapd-mdb memory leak in dnSuperiorMatch (ITS#9214) Fixed slapo-pcache database initialization (ITS#9182) Fixed slapo-ppolicy callback (ITS#9171) Build Fix olcDatabaseDummy initialization for windows (ITS#7074) Fix detection for ws2tcpip.h for windows (ITS#8383) Fix back-mdb types for windows (ITS#7878) Contrib Update ldapc++ config.guess and config.sub to support newer architectures (ITS#7855) Added pw-argon2 module (ITS#9233, ITS#8575, ITS#9203, ITS#9206) Documentation slapd-ldap(5) - Clarify idassert-authzfrom behavior (ITS#9003) slapd-meta(5) - Remove client-pr option (ITS#8683) slapdinex(8) - Fix truncate option information for back-mdb (ITS#9230) * Thu Jan 30 2020 [email protected] - updated to 2.4.49 - removed obsolete back-port patches: * 0013_openldap-its9124_fix_crash_with_cancel_exop.patch - removed obsolete source file DB_CONFIG OpenLDAP 2.4.49 Release (2020/01/30) Added slapd-monitor database entry count for slapd-mdb (ITS#9154) Fixed client tools to not add controls on cancel/abandon (ITS#9145) Fixed client tools SyncInfo message to be LDIF compliant (ITS#8116) Fixed libldap to correctly free sb (ITS#9081, ITS#8755) Fixed libldap descriptor leak if ldaps fails (ITS#9147) Fixed libldap remove unnecessary global mutex for GnuTLS (ITS#9069) Fixed slapd syntax evaluation of preferredDeliveryMethod (ITS#9067) Fixed slapd to relax domainScope control check (ITS#9100) Fixed slapd to have cleaner error handling during connection setup (ITS#9112) Fixed slapd data check when processing cancel exop (ITS#9124) Fixed slapd attribute description processing (ITS#9128) Fixed slapd-ldap to set oldctrls correctly (ITS#9076) Fixed slapd-mdb to honor unchecked limit with alias deref (ITS#7657) Fixed slapd-mdb missing final commit with slapindex (ITS#9095) Fixed slapd-mdb drop attr mappings added in an aborted txn (ITS#9091) Fixed slapd-mdb nosync FLAG configuration handling (ITS#9150) Fixed slapd-monitor global operation counter reporting (ITS#9119) Fixed slapo-ppolicy when used with slapauth (ITS#8629) Fixed slapo-ppolicy to add a missed normalised copy of pwdChangedTime (ITS#9126) Fixed slapo-syncprov fix sessionlog init (ITS#9146) Fixed slapo-unique loop termination (ITS#9077) Build Environment Fix mkdep to honor TMPDIR if set (ITS#9062) Remove ICU library detection (ITS#9144) Update config.guess and config.sub to support newer architectures (ITS#7855) Disable ITS8521 regression test as it is no longer valid (ITS#9015) Documentation admin24 - Fix inconsistent whitespace in replication section (ITS#9153) slapd-config(5)/slapd.conf(5) - Fix missing bold tag for keyword (ITS#9063) slapd-ldap(5) - Document "tls none" option (ITS#9071) slapo-ppolicy(5) - Correctly document pwdGraceAuthnLimit (ITS#9065) * Fri Jan 10 2020 [email protected] - added back-port patch 0013_openldap-its9124_fix_crash_with_cancel_exop.patch to fix OpenLDAP ITS#9124 * Sun Dec 22 2019 [email protected] - use BuildRequires: pkgconfig(krb5) instead of krb5-devel-mini * Fri Aug 02 2019 [email protected] - Use FAT LTO objects in order to provide proper static library. * Thu Jul 25 2019 [email protected] - removal of SuSEfirewall2 service, since SuSEfirewall2 has been replaced by firewalld, see [1]. [1]: https://lists.opensuse.org/opensuse-factory/2019-01/msg00490.html * Wed Jul 24 2019 [email protected] - Update to upstream release 2.4.48 with security fixes: * CVE-2019-13057 (ITS#9038): rootdn of any db can assert any identity * CVE-2019-13565 (ITS#9052): Unauthorized access caused by incorrect handling of SASL SSF values - Fix CVE-2017-17740 by disabling nops overlay not maintained by upstream (see also bsc#1073313, comment #36) - Removed obsolete patches: * 0002-openldap-its8727-plug-ber-leaks.patch * 0017-Fix-segfault-in-nops.patch OpenLDAP 2.4.48 (2019/07/24) Added libldap OpenSSL Elliptic Curve support (ITS#7595) Added libldap Expose OpenLDAP specific interfaces via openldap.h (ITS#8671) Added slapd-monitor support for slapd-mdb (ITS#7770) Fixed liblber leaks (ITS#8727) Fixed liblber with partial flush (ITS#8864) Fixed libldap ASYNC TLS so it works (ITS#8957,ITS#8980) Fixed libldap ASYNC connections with Solaris 10 (ITS#8968) Fixed libldap with SASL_NOCANON=on and ldapi connections (ITS#7585) Fixed libldap to be able to unset syncrepl TLS options (ITS#7042) Fixed libldap race condition in ldap_int_initialize (ITS#7996, ITS#8450) Fixed libldap return code in ldap_create_assertion_control_value (ITS#8674) Fixed libldap to correctly disable IPv6 when configured to do so (ITS#8754) Fixed libldap to correctly close TLS connection (ITS#8755) Fixed libldap with non-blocking TLS and referals (ITS#8167) Fixed libldap_r handling of deprecated OpenSSL function (ITS#8353) Fixed liblunicode case correspondance (ITS#8508) Fixed slapd with an idletimeout of less than four seconds (ITS#8952) Fixed slapd config parser variable for Windows64 (ITS#9012) Fixed slapd syncrepl fallback handling with delta-syncrepl (ITS#9015) Fixed slapd telephoneNumberNormalize, cert DN validation (ITS#8999) Fixed slapd syncrepl for relax with delta-syncrepl (ITS#8037) Fixed slapd to restrict rootDN proxyauthz to its own databases (ITS#9038) Fixed slapd to initialize SASL SSF per connection (ITS#9052) Fixed slapo-accesslog with SLAP_MOD_SOFT modifications (ITS#8990) Fixed slapd-ldap starttls connections timeout behavior (ITS#8963) Fixed slapd-ldap segfault when entry result doesn't match filter (ITS#8997) Fixed slapd-meta conversion from slapd.conf to cn=config (ITS#8743) Fixed slapd-meta assertion when network interface goes down (ITS#8841) Fixed slapd-mdb fix bitshift integer overflow (ITS#8989) Fixed slapd-mdb index cleanup with cn=config (ITS#8472) Fixed slapd-mdb to improve performance with alias deref (ITS#7657) Fixed slapo-accesslog possible assert with exops (ITS#8971) Fixed slapo-chain to correctly reject multiple chaining URIs (ITS#8637) Fixed slapo-chain conversion from slapd.conf to cn=config (ITS#8799) Fixed slapo-memberof conversion from slapd.conf to cn=config (ITS#8663) Fixed slapo-memberof for group name change to itself (ITS#9000) Fixed slapo-ppolicy behavior when pwdInHistory is changed (ITS#8349) Fixed slapo-rwm to not free original filter (ITS#8964) Fixed slapo-syncprov contextCSN generation (ITS#9015) Build Environment Fixed slapd to only link to BDB libraries with static build (ITS#8948) Fixed libldap implicit declaration with LDAP_CONNECTIONLESS (ITS#8794) Fixed libldap double inclusion of limits.h in cyrus.c (ITS#9041) Documentation General - Fixed minor typos (ITS#8764, ITS#8761) admin24 - Miscellaneous updates promoting mdb and fixing examples (ITS#9031) slapd.access(5) - Note MDB is the primary backend (ITS#8881) slapd.backends(5) - Note MDB is the recommended backend (ITS#8771) slapd-ldap(5) - Document starttls parameter (ITS#8693) Contrib Added slapo-lastbind capability to forward authTimestamp updates (ITS#7721) * Tue May 14 2019 [email protected] - bsc#1111388 - incorrect post script call causes tmpfiles create not to be run. * Sun Mar 10 2019 [email protected] - Corrected moduleload back_mdb.la to get a working configuration right after package installation. * Fri Jan 04 2019 [email protected] - added back-ported fix for OpenLDAP ITS#8727 (file 0002-openldap-its8727-plug-ber-leaks.patch) * Thu Dec 20 2018 [email protected] - Update to upstream release 2.4.47 - Removed obsolete patches: * 0006-No-Build-date-and-time-in-binaries.dif (upstream now uses SOURCE_DATE_EPOCH for reproducable builds) * 0012-ITS8051-sockdnpat.patch * 0014-ITS-8714-Send-out-EXTENDED-operation-message-from-back-sock.patch OpenLDAP 2.4.47 Release (2018/12/19) Added slapd-sock DN qualifier for subtrees to be processed (ITS#8051) Added slapd-sock ability to send extended operations to external listeners (ITS#8714) Fixed liblber to avoid incremental access to user-supplied bv in dupbv (ITS#8752) Fixed libldap dn to domain parsing with bad input (ITS#8842) Fixed slapd slapcat to correctly honor -g option (ITS#8667) Fixed slapd to correctly handle NO_SUCH_OBJECT with dynamic groups (ITS#8923) Fixed slapd to check status of rdnNormalize (ITS#8932) Fixed slapd cn=config when modifying slapo-syncprov config (ITS#8616) Fixed slapd sasl authz-policy "all" behavior (ITS#8909) Fixed slapd sasl minor typo (ITS#8918) Fixed slapd to correctly hide hidden DBs in the rootDSE (ITS#8912) Fixed slapd domainScope control to match Microsoft specification (ITS#8840) Fixed slapd-bdb/hdb/mdb to not convert certain IDLs to ranges (ITS#8868) Fixed slapo-accesslog deadlock during cleanup (ITS#8752) Fixed slapo-memberof cn=config modifications (ITS#8663) Fixed slapo-ppolicy with multimaster replication (ITS#8927) Fixed slapo-syncprov with NULL modlist (ITS#8843) Build Environment Added slapd reproducible build support (ITS#8928) Fixed missing includes with OpenSSL 1.0.2 (ITS#8809) Contrib Fixed slapo-pbkdf2 hash generation (ITS#8878) Documentation admin24 fixed minor typo (ITS#8887) * Thu Nov 22 2018 [email protected] - Replace old $RPM_* shell vars * Tue Nov 20 2018 [email protected] - Fix CVE-2017-17740: when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack * patch: 0017-Fix-segfault-in-nops.patch (bsc#1073313) * Mon Nov 12 2018 [email protected] - Emergency fix: move tmpfiles_create post from the library package to the main package's post script, which ships the tmpfiles.d configuration. Fixes the post script of the library (-p /sbin/ldconfig does not allow more statements in the script). * Thu Nov 08 2018 [email protected] - bsc#1111388 openldap and /var/lib/ldap/DB_CONFIG* (transactional-update) * Fri Oct 26 2018 [email protected] - Fixed broken memory handling in 0001-ITS-8866-slapo-unique-to-return-filter-used-in-diagn.patch affecting error response of slapo-unique * Fri Aug 17 2018 [email protected] - Fix slapd segfaults in mdb_env_reader_dest + with patch 0016-Clear-shared-key-only-in-close-function.patch + (bsc#1089640) * Fri Jun 29 2018 [email protected] - fixed shee-bang in openldap_update_modules_path.sh (bsc#1099705) * Wed Jun 20 2018 [email protected] - Added a patch to let slapd return the uniqueness check filter used before constraint violation to the client 0001-ITS-8866-slapo-unique-to-return-filter-used-in-diagn.patch * Tue Jun 05 2018 [email protected] - bsc#1095816 libldap package does not contain and provide libldap anymore * Thu May 24 2018 [email protected] - Don't require systemd explicit, spec file can handle both cases correct and in containers we don't have systemd. * Tue Apr 24 2018 [email protected] - bsc#1085064 Packaging issues have been discovered around the openldap_update_modules_path.sh which has been corrected: - the spec file was wrongly configured, therefore the script has never been called - the script should create the symlinks first, as slapcat is useless on a system which is already affected. * Fri Apr 06 2018 [email protected] - bsc#1085064 Add script "openldap_update_modules_path.sh" which which removes the configuration item olcModulePath in cn=config which is after upgrade from SLE12 to SLE15 holds inappropriate information. If the cn=config is being used on a system, the conflicting items in slapd.conf are ignored, despite of it, the backend DB configuration section has been also commented out in the default slapd.conf. In case of correct cn=config (the olcModulePath has been already removed), the script stops without touching anything. * Fri Mar 23 2018 [email protected] - Upgrade to upstream 2.4.46 release - removed obsolete back-port patches: * 0013-ITS-8692-let-back-sock-generate-increment-line.patch * 0016-ITS-8782-fix-cancel-memleak.patch OpenLDAP 2.4.46 Release (2018/03/22) Fixed libldap connection delete callbacks when TLS fails to start (ITS#8717) Fixed libldap to not reuse tls_session if TLS hostname check fails (ITS#7373) Fixed libldap cross-compiling with OpenSSL 1.1 (ITS#8687) Fixed libldap OpenSSL 1.1.1 compatibility with BIO_method (ITS#8791) Fixed libldap MozNSS CA certificate hash matching (ITS#7374) Fixed libldap MozNSS with PEM certs when also using an NSS cert db (ITS#7389) Fixed libldap MozNSS initialization (ITS#8484) Fixed libldap GnuTLS with GNUTLS_E_AGAIN (ITS#8650) Fixed libldap memory leak with cancel operations (ITS#8782) Fixed slapd Eventlog registry key creation on 64-bit Windows (ITS#8705) Fixed slapd to maintain SSF across SASL binds (ITS#8796) Fixed slapd syncrepl deadlock when updating cookie (ITS#8752) Fixed slapd syncrepl callback to always be last in the stack (ITS#8752) Fixed slapd telephoneNumberNormalize when the value is spaces and hyphens (ITS#8778) Fixed slapd CSN queue processing (ITS#8801) Fixed slapd-ldap TLS connection timeout with high latency connections (ITS#8720) Fixed slapd-ldap to ignore unknown schema when omit-unknown-schema is set (ITS#7520) Fixed slapd-mdb with an optimization for long lived read transactions (ITS#8226) Fixed slapd-meta assert when olcDbRewrite is modified (ITS#8404) Fixed slapd-sock with LDAP_MOD_INCREMENT operations (ITS#8692) Fixed slapo-accesslog cleanup to only occur on failed operations (ITS#8752) Fixed slapo-dds entryTTL to actually decrease as per RFC 2589 (ITS#7100) Fixed slapo-syncprov memory leak with delete operations (ITS#8690) Fixed slapo-syncprov to not clear pending operation when checkpointing (ITS#8444) Fixed slapo-syncprov to correctly record contextCSN values in the accesslog (ITS#8100) Fixed slapo-syncprov not to log checkpoints to accesslog db (ITS#8607) Fixed slapo-syncprov to process changes from this SID on REFRESH (ITS#8800) Fixed slapo-syncprov session log parsing to not block other operations (ITS#8486) Build Environment Fixed Windows build with newer MINGW version (ITS#8697) Fixed compiler warnings and removed unused variables (ITS#8578) Contrib Fixed ldapc++ Control structure (ITS#8583) Documentation Delete stub manpage for back-ldbm (ITS#8713) Fixed ldap_bind(3) to mention the LDAP_SASL_SIMPLE mechanism (ITS#8121) Fixed ldap.conf(5) to note SASL_MECH/SASL_REALM are no longer user-only (ITS#8818) Fixed slapd-config(5) typo for olcTLSCipherSuite (ITS#8715) Fixed slapo-syncprov(5) indexing requirements (ITS#5048) * Thu Feb 22 2018 [email protected] - Use %license (boo#1082318) * Mon Dec 11 2017 [email protected] - added 0016-ITS-8782-fix-cancel-memleak.patch * Thu Nov 23 2017 [email protected] - Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468) * Mon Oct 02 2017 [email protected] - Add openldap-r-only.dif so that openldap2's own tools also link against libldap_r rather than libldap. - Make libldap equivalent to libldap_r (like Debian) to avoid crashes in threaded programs which unknowingly get both libraries inserted into their process image. [rh#1370065, boo#996551] * Mon Oct 02 2017 [email protected] - use existing groups instead of inventing new ones * Mon Sep 18 2017 [email protected] - added 0012-ITS8051-sockdnpat.patch * Wed Sep 06 2017 [email protected] - updated 0014-ITS-8714-Send-out-EXTENDED-operation-message-from-back-sock.patch * Fri Aug 18 2017 [email protected] - Added OpenLDAP new feature implementing OpenLDAP ITS#8714 0014-ITS-8714-Send-out-EXTENDED-operation-message-from-back-sock.patch * Thu Jul 20 2017 [email protected] - added overlay trace to package openldap2-contrib * Wed Jul 12 2017 [email protected] - Upgrade to upstream 2.4.45 release - removed obsolete 0010-Enforce-minimum-DH-size-of-1024.patch and 0012-use-system-wide-cert-dir-by-default.patch - added 0013-ITS-8692-let-back-sock-generate-increment-line.patch for supporting modify increment operations with back-sock - added overlay addpartial to package openldap2-contrib * Wed Jun 07 2017 [email protected] - Remove legacy daemon control that was used to migrate from SLE 11 to 12. (bsc#1038405) * Tue Jun 06 2017 [email protected] - There is no change made about the package itself, this is only copying over some changelog texts from SLE package: - bug#976172 owned by [email protected]: openldap2 - missing /usr/share/doc/packages/openldap2/guide/admin/guide.html - bug#916914 owned by [email protected]: VUL-0: CVE-2015-1546: openldap2: slapd crash in valueReturnFilter cleanup - [fate#319300](https://fate.suse.com/319300) - [CVE-2015-1545](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1545) - bug#905959 owned by [email protected]: L3-Question: Are multiple "Connection 0" in a Multi Master setup normal ? - [CVE-2015-1546](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1546) - bug#916897 owned by [email protected]: VUL-0: CVE-2015-1545: openldap2: slapd crashes on search with deref control and empty attr list * Fri Apr 07 2017 [email protected] - Drop binutils requirement; the code using /usr/bin/strings has been dropped in openSUSE:Factory/openldap2 revision 112. * Sat Feb 18 2017 [email protected] - Remove superfluous insserv PreReq. * Thu Nov 10 2016 [email protected] - Introduce patch 0012-use-system-wide-cert-dir-by-default.patch to let OpenLDAP read system wide certificate directory by default and avoid hiding the error if user specified CA location cannot be read (bsc#1009470). * Fri Oct 14 2016 [email protected] - Add more details in the comments of slapd.conf concerning file permission and StartTLS capability. * Thu Jun 23 2016 [email protected] - Test for user/group existence before trying to add them. Summary spello update. * Thu Jun 16 2016 [email protected] - Move schema files into tarball addonschema.tar.gz: ldapns.ldif ldapns.schema rfc2307bis.ldif rfc2307bis.schema yast.ldif yast.schema - Package previously missing schema files in LDIF format: amavisd-new.ldif dhcp.ldif dlz.ldif dnszone.ldif samba3.ldif sudo.ldif suse-mailserver.ldif (bsc#984691) - Fix a minor issue in schema2ldif script that led to missing attribute in the generated LDIF. * Tue May 17 2016 [email protected] - Enable build flag LDAP_USE_NON_BLOCKING_TLS to fix bsc#978408. * Thu Feb 25 2016 [email protected] - Move ldap.conf into libldap-data package, per convention. * Sun Feb 21 2016 [email protected] - Move ldap.conf out of shlib package again, they are not allowed there for obvious reasons (conflict with future package). * Thu Feb 18 2016 [email protected] - Build password strength enforcer as an implementation of ppolicy password checker, introducing: ppolicy-check-password-1.2.tar.gz ppolicy-check-password.Makefile ppolicy-check-password.conf ppolicy-check-password.5 0200-Fix-incorrect-calculation-of-consecutive-number-of-c.patch (Implements fate#319461) * Thu Feb 18 2016 [email protected] - Remove redundant -n openldap2- package name prefix. * Mon Feb 08 2016 [email protected] - Remove openldap2-client.spec and openldap2-client.changes openldap2.spec now builds client utilities and libraries. Thus pre_checkin.sh is removed. - Move ldap.conf and its manual page from openldap2-client package to libldap-2_4-2 package, which is more appropriate. - Use RPM_OPT_FLAGS in build flags. - Macros dealing with old/unsupported distributions are removed. - Remove 0002-slapd.conf.dif and install improved slapd.conf from new source file slapd.conf. - Install slapd.conf.olctemplate to assist in preparing slapd.d for OLC. - Be explicit in sysconfig that by default openldap will use static file configuration. - Add the following schemas in LDIF format: * rfc2307bis.ldif * ldapns.ldif * yast.ldif - Other minor clean-ups in the spec file. * Mon Feb 08 2016 [email protected] - Use optflags when building * Sat Feb 06 2016 [email protected] - Upgrade to upstream 2.4.44 release with accumulated bug fixes. - Specify source with FTP URL - Removed obsolete 0012-openldap-re24-its8336.patch * Mon Jan 25 2016 [email protected] - Relabel patch 0011-Enforce-minimum-DH-size-of-1024.patch into 0010-Enforce-minimum-DH-size-of-1024.patch * Tue Dec 08 2015 [email protected] - Upgrade to upstream 2.4.43 release with accumulated bug fixes. - Still build on SLES12 - Loadable backend and overlay modules are now installed into arch-specific path %{_libdir}/openldap - All backends and overlays as modules for smaller memory footprint on memory constrained systems - Added extra package for back-sock - Consequent use of %{_rundir} everywhere - Rely on upstream ./configure script instead of any other macro foo - Dropped linking with libwrap - Dropped 0004-libldap-use-gethostbyname_r.dif because this work-around for nss_ldap is obsolete - New sub-package openldap2-contrib with selected contrib/ overlays - Replaced addonschema.tar.gz with separate schema sources - Updated ldapns.schema from recent slapo-nssov source tree - Added symbolic link to slapd executable in /usr/sbin/ - Added more complex example configuration file /etc/openldap/slapd.conf.example - Set OPENLDAP_START_LDAPI="yes" in /etc/sysconfig/openldap - Set OPENLDAP_REGISTER_SLP="no" in /etc/sysconfig/openldap - Added patch for OpenLDAP ITS#7796 to avoid excessive "not index" logging: 0011-openldap-re24-its7796.patch - Replaced openldap-rc.tgz with single source files - Added soft dependency (Recommends) to cyrus-sasl - Added soft dependency (Recommends) to cyrus-sasl-devel to openldap2-devel - Added patch for OpenLDAP ITS#8336 (assert in liblmdb): 0012-openldap-re24-its8336.patch - Remove obsolete patch 0001-build-adjustments.dif * Wed Dec 02 2015 [email protected] - Introduce patch 0010-Revert-Revert-ITS-8240-remove-obsolete-assert.patch to fix CVE-2015-6908. (bsc#945582) - Introduce patch 0011-Enforce-minimum-DH-size-of-1024.patch to address weak DH size vulnerability (bsc#937766) * Mon Nov 30 2015 [email protected] - Introduce patch 0009-Fix-ldap-host-lookup-ipv6.patch to fix an issue with unresponsive LDAP host lookups in IPv6 environment. (bsc#955210) * Fri Oct 09 2015 [email protected] - Remove OpenLDAP 2.3 code and patches from build source. Compatibility libraries for OpenLDAP 2.3 are built in package: compat-libldap-2_3-0 Removed source files: openldap-2.3.37-liblber-length-decoding.dif openldap-2.3.37-libldap-ntlm.diff openldap-2.3.37-libldap-ssl.dif openldap-2.3.37-libldap-sasl-max-buff-size.dif openldap-2.3.37-libldap-tls_chkhost-its6239.dif openldap-2.3.37-libldap-gethostbyname_r.dif openldap-2.3.37-libldap-suid.diff openldap-2.3.37.dif openldap-2.3.37-libldap-ld_defconn-ldap_free_connection.dif openldap-2.3.37-libldap-ldapi_url.dif openldap-2.3.37.tgz openldap-2.3.37-libldap-utf8-ADcanonical.dif README.update check-build.sh * Thu Oct 01 2015 [email protected] - Upgrade to upstream 2.4.42 release with accumulated bug fixes. * Tue Jul 21 2015 [email protected] - Upgrade to upstream 2.4.41 release with accumulcated bug fixes and stability improvements. * Add patch 0008-In-monitor-backend-do-not-return-Connection0-entries.patch * Remove already applied patch 0008-ITS-7723-fix-reference-counting.patch * Remove already applied patch 0009-gcc5.patch (Implements fate#319301) * Thu Feb 19 2015 [email protected] - Add 0009-gcc5.patch to pass -P to the preprocessor in configure checks for Berkeley DB version * Wed Nov 26 2014 [email protected] - binutils is required for "strings" utility invocation in %pre [bnc#904028] - Remove SLE10 definitions * Sun Oct 12 2014 [email protected] - Use %_smp_mflags for parallel build * Mon Sep 22 2014 [email protected] - Add baselibs.conf to sources list * Wed Sep 10 2014 [email protected] - Do not bypass output of useradd and groupadd * Tue Sep 02 2014 [email protected] - sanitize release line in specfile * Wed Jul 16 2014 [email protected] - segfault on certain queries with rwm overlay (bnc#846389) 0008-ITS-7723-fix-reference-counting.patch * Fri Jun 06 2014 [email protected] - enable systemd slapd service if SysV ldap was enabled (bnc#881476) * Tue May 13 2014 [email protected] - use %_rundir if available, otherwise /var/run * Wed Apr 23 2014 [email protected] - move systemd requires to server package * Tue Feb 18 2014 [email protected] - Fix systemd service installation * Sun Feb 16 2014 [email protected] - use configure macro also for building the 2.3.37 version * Wed Feb 12 2014 [email protected] - Remove PidFile from service definition - Update to 2.4.39 * Fixed libldap MozNSS crash (ITS#7783) * Fixed libldap memory leak with SASL (ITS#7757) * Fixed libldap assert in parse_passwdpolicy_control (ITS#7759) * Fixed libldap shortcut NULL RDNs (ITS#7762) * Fixed libldap deref to use correct control * Fixed liblmdb keysizes with mdb_update_key (ITS#7756) * Fixed slapd cn=config olcDbConfig modification (ITS#7750) * Fixed slapd-bdb/hdb to bail out of search if config is paused (ITS#7761) * Fixed slapd-bdb/hdb indexing issue with derived attributes (ITS#7778) * Fixed slapd-mdb to bail out of search if config is paused (ITS#7761) * Fixed slapd-mdb indexing issue with derived attributes (ITS#7778) * Fixed slapd-perl to bail out of search if config is paused (ITS#7761) * Fixed slapd-sql to bail out of search if config is paused (ITS#7761) * Fixed slapo-constraint handling of softadd/softdel (ITS#7773) * Fixed slapo-syncprov assert with findbase (ITS#7749) * Build Environment Test suite: Use $(MAKE) for tests (ITS#7753) * Documentation admin24 fix TLSDHParamFile to be correct (ITS#7684) * Tue Feb 11 2014 [email protected] - Add systemd style service definition - FATE#315028 remove memory limit for slapd - FATE#315415: LDAP compat packages required for older SLES versions For this reson following patches were applied: openldap-2.3.37-libldap-suid.diff openldap-2.3.37-libldap-ldapi_url.dif openldap-2.3.37-libldap-ntlm.diff openldap-2.3.37-libldap-gethostbyname_r.dif openldap-2.3.37-libldap-sasl-max-buff-size.dif openldap-2.3.37-libldap-utf8-ADcanonical.dif openldap-2.3.37-liblber-length-decoding.dif openldap-2.3.37-libldap-ld_defconn-ldap_free_connection.dif openldap-2.3.37-libldap-tls_chkhost-its6239.dif openldap-2.3.37-libldap-ssl.dif * Wed Dec 11 2013 [email protected] - Make /etc/sasl2 owned by openldap2. * Wed Dec 11 2013 [email protected] - Update to 2.4.38 * Fixed liblmdb nordahead flag (ITS#7734) * Fixed liblmdb to check cursor index before cursor_del (ITS#7733) * Fixed liblmdb wasted space on split (ITS#7589) * Fixed slapd for certs with a NULL issuerDN (ITS#7746) * Fixed slapd cn=config with empty nested includes (ITS#7739) * Fixed slapd syncrepl memory leak with delta-sync MMR (ITS#7735) * Fixed slapd-bdb/hdb to stop processing on dn not found (ITS#7741) * Fixed slapd-bdb/hdb with indexed ANDed filters (ITS#7743) * Fixed slapd-mdb to stop processing on dn not found (ITS#7741) * Fixed slapd-mdb dangling reader (ITS#7662) * Fixed slapd-mdb matching rule for OlcDbEnvFlags (ITS#7737) * Fixed slapd-mdb with indexed ANDed filters (ITS#7743) * Fixed slapd-meta from blocking other threads (ITS#7740) * Fixed slapo-syncprov assert with findbase (ITS#7749) Changes in 2.4.37 * Added liblmdb nordahead environment flag (ITS#7725) * Fixed client tools CLDAP with IPv6 (ITS#7695) * Fixed libldap CLDAP with IPv6 (ITS#7695) * Fixed libldap lock ordering with abandon op (ITS#7712) * Fixed liblmdb segfault with mdb_cursor_del (ITS#7718) * Fixed liblmdb when converting to writemap (ITS#7715) * Fixed liblmdb assert on MDB_NEXT with delete (ITS#7722) * Fixed liblmdb wasted space on split (ITS#7589) * Fixed slapd cn=config with olcTLSProtocolMin (ITS#7685) * Fixed slapd-bdb/hdb optimize index updates (ITS#7329) * Fixed slapd-ldap chaining with cn=config (ITS#7381, ITS#7434) * Fixed slapd-ldap chaning with controls (ITS#7687) * Fixed slapd-mdb optimize index updates (ITS#7329) * Fixed slapd-meta chaining with cn=config (ITS#7381, ITS#7434) * Fixed slapo-constraint to no-op on nonexistent entries (ITS#7692) * Fixed slapo-dds assert on startup (ITS#7699) * Fixed slapo-memberof to not replicate internal ops (ITS#7710) * Fixed slapo-refint to not replicate internal ops (ITS#7710) Changes in 2.4.36 * Added back-meta target filter patterns (ITS#7609) * Added liblmdb mdb_txn_env to API (ITS#7660) * Fixed libldap CLDAP with uninit'd memory (ITS#7582) * Fixed libldap with UDP (ITS#7583) * Fixed libldap OpenSSL TLS versions (ITS#7645) * Fixed liblmdb MDB_PREV behavior (ITS#7556) * Fixed liblmdb transaction issues (ITS#7515) * Fixed liblmdb mdb_drop overflow page return (ITS#7561) * Fixed liblmdb nested split (ITS#7592) * Fixed liblmdb overflow page behavior (ITS#7620) * Fixed liblmdb race condition with read and write txns (ITS#7635) * Fixed liblmdb mdb_del behavior with MDB_DUPSORT and mdb_del (ITS#7658) * Fixed slapd cn=config with unknown schema elements (ITS#7608) * Fixed slapd cn=config with loglevel 0 (ITS#7611) * Fixed slapd slapi filterlist free behavior (ITS#7636) * Fixed slapd slapi control free behavior (ITS#7641) * Fixed slapd schema countryString as directoryString (ITS#7659) * Fixed slapd schema telephoneNumber as directoryString (ITS#7659) * Fixed slapd-bdb/hdb to wait for read locks in tool mode (ITS#6365) * Fixed slapd-mdb behavior with alias dereferencing (ITS#7577 ) * Fixed slapd-mdb modrdn and base-scoped searches (ITS#7604) * Fixed slapd-mdb refcount behavior (ITS#7628) * Fixed slapd-meta binding flag is set (ITS#7524) * Fixed slapd-meta with minimal config (ITS#7581) * Fixed slapd-meta missing results messages (ITS#7591) * Added slapd-meta TCP keepalive support (ITS#7513) * Fixed slapo-sssvlv double free (ITS#7588) * Fixed slaptest to list -Q option (ITS#7568) Changes in 2.4.35 * Fixed liblmdb mdb_cursor_put with MDB_MULTIPLE (ITS#7551) * Fixed liblmdb page rebalance (ITS#7536) * Fixed liblmdb missing parens (ITS#7377) * Fixed liblmdb mdb_cursor_del crash (ITS#7553) * Fixed slapd syncrepl updateCookie status (ITS#7531) * Fixed slapd connection logging (ITS#7543) * Fixed slapd segfault on modify (ITS#7542, ITS#7432) * Fixed slapd-mdb to reject undefined attrs (ITS#7540) * Fixed slapo-pcache with +/- attrsets (ITS#7552) Changes in 2.4.34 * Fixed libldap connections with EINTR (ITS#7476) * Fixed libldap lineno overflow in ldif_read_record (ITS#7497) * Fixed liblmdb mdb_env_open flag handling (ITS#7453) * Fixed liblmdb mdb_midl_sort array optimization (ITS#7432) * Fixed liblmdb freelist with large entries (ITS#7455) * Fixed liblmdb to check for filled dirty page list (ITS#7491) * Fixed liblmdb to validate data limits (ITS#7485) * Fixed liblmdb mdb_update_key for large keys (ITS#7505) * Fixed ldapmodify to not core dump with invalid LDIF (ITS#7477) * Fixed slapd syncrepl for old entries in MMR setup (ITS#7427) * Fixed slapd signedness for index_substr_any_* (ITS#7449) * Fixed slapd enforce SLAPD_MAX_DAEMON_THREADS (ITS#7450) * Fixed slapd mutex in send_ldap_ber (ITS#6164) * Added slapd-ldap onerr option (ITS#7492) * Added slapd-ldap keepalive support (ITS#7501) * Fixed slapd-ldif with empty dir (ITS#7451) * Fixed slapd-mdb to reopen attr DBs after env reopen (ITS#7416) * Fixed slapd-mdb handling of missing entries (ITS#7483,7496) * Fixed slapd-mdb environment flag setting (ITS#7452) * Fixed slapd-mdb with sub db slapcat (ITS#7469) * Fixed slapd-mdb to correctly work with toolthreads > 2 (ITS#7488,ITS#7527) * Fixed slapd-mdb subtree search speed (ITS#7473) * Fixed slapd-meta conversion to cn=config (ITS#7525) * Fixed slapd-meta segfault when modifying olcDbUri (ITS#7526) * Fixed slapd-sql back-config support (ITS#7499) * Fixed slapo-constraint handle uri and restrict correctly (ITS#7418) * Fixed slapo-constraint with multi-master replication (ITS#7426) * Fixed slapo-constraint segfault (ITS#7431) * Fixed slapo-deref control initialization (ITS#7436) * Fixed slapo-deref control exposure (ITS#7445) * Fixed slapo-memberof with internal ops (ITS#7487) * Fixed slapo-pcache matching rules for config db (ITS#7459) * Fixed slapo-rwm modrdn cleanup (ITS#7414) * Fixed slapo-sssvlv maxperconn parameter (ITS#7484) * Mon Jun 17 2013 [email protected] - For now, avoid automatic use of libdb-6_0 by explicitly selecting libdb-4_8 as BuildRequire. * Mon Mar 25 2013 [email protected] - Put static libs into openldap2-devel-static and relieve openldap2-devel of static-only deps * Sat Nov 17 2012 [email protected] - fix check-build.sh for kernel > 3.0 * Fri Nov 16 2012 [email protected] - Fixed initscript to avoid endless loop when no configuration is present in /etc/openldap/slapd.d/ (bnc#767464) - cleaned up SLES10 buildrequires and dependencies - removed support for building on SLES9, didn't work anyway anymore - Don't buildrequire krb5-mini on Distributions where it does not exist * Fri Oct 26 2012 [email protected] - enabled mdb backend - Update to 2.4.33 * Added slapd-meta cn=config support * Fixed slapd alock handling on Windows (ITS#7361) * Fixed slapd acl handling with zero-length values (ITS#7350) * Fixed slapd syncprov to not reference ops inside a lock (ITS#7172) * Fixed slapd delta-syncrepl MMR with large attribute values (ITS#7354) * Fixed slapd slapd_rw_destroy function (ITS#7390) * Fixed slapd-ldap idassert bind handling (ITS#7403) * Fixed slapo-constraint with multiple modifications (ITS#7168) Changes in 2.4.32: * Added slappasswd loadable module support (ITS#7284) * Fixed tools to not clobber SASL_NOCANON (ITS#7271) * Fixed libldap function declarations (ITS#7293) * Fixed libldap double free (ITS#7270) * Fixed libldap debug level setting (ITS#7290) * Fixed libldap gettime() regression (ITS#6262) * Fixed libldap sasl handling (ITS#7118, ITS#7133) * Fixed libldap to correctly free socket with TLS (ITS#7241) * Fixed slapd config index renumbering (ITS#6987) * Fixed slapd duplicate error response (ITS#7076) * Fixed slapd parsing of PermissiveModify control (ITS#7298) * Fixed slapd-bdb/hdb cache hang under high load (ITS#7222) * Fixed slapd-bdb/hdb alias checking (ITS#7303) * Fixed slapd-bdb/hdb olcDbConfig changes work immediately (ITS#7338) * Fixed slapd-ldap to encode user DN during password change (ITS#7319) * Fixed slapd-ldap assertion when proxying to MS AD (ITS#6851) * Fixed slapd-ldap monitoring (ITS#7182, ITS#7225) * Fixed slapd-perl panic (ITS#7325) * Fixed slapo-accesslog memory leaks with sync replication (ITS#7292) * Fixed slapo-syncprov memory leaks with sync replication (ITS#7292) * Fri Oct 26 2012 [email protected] - add explicit buildrequire on groff - needed to build manuals * Tue Oct 16 2012 [email protected] - buildrequire krb5-mini in openldap2-client to avoid cycle - move Summary out of the %if as prepare_spec is confused about the license otherwise * Thu May 10 2012 [email protected] - update to 2.4.31 * Added slapo-accesslog support for reqEntryUUID (ITS#6656) * Fixed libldap IPv6 URL detection (ITS#7194) * Fixed libldap rebinding on failed connection (ITS#7207) * Fixed slapd listener initialization (ITS#7233) * Fixed slapd cn=config with olcTLSVerifyClient (ITS#7197) * Fixed slapd delta-syncrepl fallback on non-leaf error (ITS#7195) * Fixed slapd to reject MMR setups with bad serverID setting (ITS#7200) * Fixed slapd approxIndexer key generation (ITS#7203) * Fixed slapd modification of olcSuffix (ITS#7205) * Fixed slapd schema validation with missing definitions (ITS#7224) * Fixed slapd syncrepl -c with supplied CSN values (ITS#7245) * Fixed slapd-bdb/hdb idlcache with only one element (ITS#7231) * Fixed slapo-accesslog deadlock with non-logged write ops (ITS#7088) * Fixed slapo-syncprov sessionlog check (ITS#7218) * Fixed slapo-syncprov entry leak (ITS#7234) * Fixed slapo-syncprov startup initialization (ITS#7235) * Mon Apr 23 2012 [email protected] - Disabled testsuite for now. Causes problems in the buildserivce * Tue Mar 06 2012 [email protected] - Update to 2.4.30 * Fixed libldap socket polling for writes (ITS#7167) * Fixed liblutil string modifications (ITS#7174) * Fixed slapd crash when attrsOnly is true (ITS#7143) * Fixed slapd syncrepl delete handling (ITS#7052,ITS#7162) * Fixed slapo-pcache time-to-refesh handling (ITS#7178) * Fixed slapo-syncprov loop detection (ITS#6024) * Mon Feb 27 2012 [email protected] - Update to 2.4.29 * Fixed slapd cn=config modification of first schema element (ITS#7098) * Fixed slapd operation reuse (ITS#7107) * Fixed slapd blocked writers to not interfere with pool pause (ITS#7115) * Fixed slapd connection loop connindex usage (ITS#7131) * Fixed slapd double mutex unlock via connection_done (ITS#7125) * Fixed slapd check order in connection_write (ITS#7113) * Fixed slapd slapadd to exit on failure (ITS#7142) * Fixed slapd syncrepl reference to freed memory (ITS#7127,ITS#7132) * Fixed slapd syncrepl to ignore some errors on delete (ITS#7052) * Fixed slapd syncrepl to handle missing oldRDN (ITS#7144) * Fixed slapd-monitor compare op to update cached entry (ITS#7123) * Fixed slapo-syncprov with already abandoned operation (ITS#7150) - Included patches from RE24 branch: * only poll sockets for write as needed (ITS#7167, bnc#749082) * sycnrepl Fixes (ITS#7162) * Wed Dec 07 2011 [email protected] - license update: OLDAP-2.8 SPDX format (http://www.spdx.org/licenses) * Fri Dec 02 2011 [email protected] - Update to 2.4.28 * Fixed back-mdb out of order slapadd (ITS#7090) changes in OpenLDAP 2.4.27 Release (2011/11/24): * Added slapd delta-syncrepl MMR (ITS#6734,ITS#7029,ITS#7031) * Fixed ldapmodify crash with LDIF controls (ITS#7039) * Fixed ldapsearch to honor timeout and timelimit (ITS#7009) * Fixed libldap endless looping (ITS#7035) * Fixed libldap TLS to not check hostname when using 'allow' (ITS#7014) * Fixed slapadd common code into slapcommon (ITS#6737) * Fixed slapd backend connection initialization (ITS#6993) * Fixed slapd frontend DB parsing in cn=config (ITS#7016) * Fixed slapd hang with {numbered} overlay insertion (ITS#7030) * Fixed slapd inet_ntop usage (ITS#6925) * Fixed slapd cn=config deletion of bitmasks (ITS#7083) * Fixed slapd cn=config modify replace/delete crash (ITS#7065) * Fixed slapd schema UTF8StringNormalize with 0 length values (ITS#7059) * Fixed slapd with dynamic acls for cn=config (ITS#7066) * Fixed slapd response callbacks (ITS#6059,ITS#7062) * Fixed slapd no_connection warnings with ldapi (ITS#6548,ITS#7092) * Fixed slapd return code processing (ITS#7060) * Fixed slapd sl_malloc various issues (ITS#6437) * Fixed slapd startup behavior (ITS#6848) * Fixed slapd syncrepl crash with non-replicated ops (ITS#6892) * Fixed slapd syncrepl with modrdn (ITS#7000,ITS#6472) * Fixed slapd syncrepl timeout when using refreshAndPersist (ITS#6999) * Fixed slapd syncrepl deletes need a non-empty CSN (ITS#7052) * Fixed slapd syncrepl glue for empty suffix (ITS#7037) * Fixed slapd results cleanup (ITS#6763,ITS#7053) * Fixed slapd validation of args for TLSCertificateFile (ITS#7012) * Fixed slapd-bdb/hdb to build entry DN based on parent DN (ITS#5326) * Fixed slapd-hdb with zero-length entries (ITS#7073) * Fixed slapd-hdb duplicate entries in subtree IDL cache (ITS#6983) * Fixed slapo-pcache response cleanup (ITS#6981) * Fixed slapo-ppolicy pwdAllowUserChange behavior (ITS#7021) * Fixed slapo-sssvlv issue with greaterThanorEqual (ITS#6985) * Fixed slapo-sssvlv to only return requested attrs (ITS#7061) * Fixed slapo-syncprov DSA attribute filtering for Persist mode (ITS#7019) * Fixed slapo-syncprov when consumer has newer state of our SID (ITS#7040) * Fixed slapo-syncprov crash (ITS#7025) * Added missing LDIF form of schema files (ITS#7063) * Fri Nov 25 2011 [email protected] - add libtool as buildrequire to avoid implicit dependency * Mon Oct 24 2011 [email protected] - ACL changes to the config database only got active after slapd restart in certain cases (bnc#716895, ITS#7066). - Adjusted default DB_CONFIG to increase max values for locks and lock objects (bnc#719803) - Fix UTF8StringNormalize overrun on zero-length string (bnc#724201, ITS#7059) * Thu Jul 07 2011 [email protected] - Update to 2.4.26 * Added libldap LDAP_OPT_X_TLS_PACKAGE (ITS#6969) * Fixed libldap descriptor leak (ITS#6929) * Fixed libldap socket leak (ITS#6930) * Fixed libldap get option crash (ITS#6931) * Fixed libldap lockup (ITS#6898) * Fixed libldap ASYNC TLS setup (ITS#6828) * Fixed libldap with missing \n terminations (ITS#6947) * Fixed tools double free (ITS#6946) * Fixed tools verbose output (ITS#6977) * Fixed ldapmodify SEGV on invalid LDIF (ITS#6978) * Added slapd extra_attrs database option (ITS#6513) * Fixed slapd asserts (ITS#6932) * Fixed slapd configfile param on windows (ITS#6933) * Fixed slapd config with global chaining (ITS#6843) * Fixed slapd uninitialized variables (ITS#6935) * Fixed slapd config objectclass is readonly (ITS#6963) * Fixed slapd entry response with control (ITS#6899) * Fixed slapd with unknown attrs (ITS#6819) * Fixed slapd normalization of schema RDN (ITS#6967) * Fixed slapd operations cache to 10 op limit (ITS#6944) * Fixed slapd syncrepl crash with non-replicated ops (ITS#6892) * Fixed slapd-bdb/hdb with sparse index ranges (ITS#6961) * Fixed back-ldap ppolicy updates (ITS#6711) * Fixed back-ldap with id-assert (ITS#6817) * Fixed various slapo-pcache issues (ITS#6823, ITS#6950, ITS#6951, ITS#6953, ITS#6954) * Fixed slapo-pcache database corruption (ITS#6831) * Fixed slapo-syncprov with replicated subtrees (ITS#6872) - backported delete support for child entries of overlays from master (bnc#704398) * Tue Mar 29 2011 [email protected] - Updated to 2.4.25, important changes: * Fixed ldapsearch pagedresults loop (ITS#6755) * Fixed tools for incompatible args (ITS#6849) * Fixed libldap MozNSS crash (ITS#6863) * Fixed slapd add objectclasses in order (ITS#6837) * Added slapd ordering for uidNumber and gidNumber (ITS#6852) * Fixed slapd segfault when adding values out of order (ITS#6858) * Fixed slapd sortval handling (ITS#6845) * Fixed slapd-bdb with slapadd/index quick option (ITS#6853) * Fixed slapd-ldap chain cn=config support (ITS#6837) * Fixed slapd-ldap chain with slapd.conf (ITS#6857) * Fixed slapd-meta deadlock (ITS#6846) * Fixed slapo-sssvlv with multiple requests (ITS#6850) * Fixed contrib/lastbind install rules (ITS#6238) * Fixed contrib/cloak install rules (ITS#6877) * Tue Feb 22 2011 [email protected] - Surpress gcc warnings about extra format string arguments for 2.3.x built as well. * Mon Feb 14 2011 [email protected] - Updated to 2.4.24, important changes: * Added libldap_r,libldap formal concurrency API (ITS#6625,ITS#5421) * Added slapadd attribute value checking (ITS#6592) * Added slapcat continue mode for problematic DBs (ITS#6482) * Added slapd syncrepl suffixmassage support (ITS#6781) * Fixed liblber to not close invalid sockets (ITS#6585) * Fixed libldap referral chasing (ITS#6602) * Fixed libldap leak when chasing referrals (ITS#6744) * Fixed slapd acl parsing overflow (ITS#6611) * Fixed slapd acl when resuming parsing (ITS#6804) * Fixed slapd default config acls with overlays (ITS#6822) * Fixed slapd config leak with olcDbDirectory (ITS#6634) * Fixed slapd when first acl is value dependent (ITS#6693) * Fixed slapd-bdb slapadd -q with glued dbs (ITS#6794) * Fixed slapo-ppolicy don't update opattrs on consumers (ITS#6608) * Fixed slapo-ppolicy to allow userPassword deletion (ITS#6620) * Fixed slapo-syncprov to send error if consumer is newer (ITS#6606) * Fixed slapo-syncprov filter race condition (ITS#6708) * Fixed slapo-syncprov active mod race (ITS#6709) * Fixed slapo-syncprov to refresh if context is dirty (ITS#6710) * Fixed slapo-syncprov CSN updates to all replicas (ITS#6718) * Fixed slapo-syncprov sessionlog ordering (ITS#6716) * Fixed slapo-syncprov sessionlog with adds (ITS#6503) * Fixed slapo-syncprov mutex (ITS#6438) * Fixed slapo-syncprov mincsn check with MMR (ITS#6717) * Fixed slapo-syncprov control leak (ITS#6795) * Fixed slapo-syncprov error codes (ITS#6812) * For a comprehensive list of changes please consult the CHANGES file - removed unneeded openSUSE 11.0 specifc patch * Tue Feb 01 2011 [email protected] - slapadd -q could crash for glued bdb/hdb databases * Wed Jan 19 2011 [email protected] - Install the correct schema2ldif script (bnc#665530) * Wed Jan 05 2011 [email protected] - Fixed quotation in init-script to avoid errors when calling it from within /etc/openldap/slapd.d/cn=config/ (bnc#660492). * Fri Nov 12 2010 [email protected] - Surpress gcc warnings about extra format string arguments. - Split-off openldap2-doc (noarch) package (Admin Guide and IDs) - Backported -VVV commandline switch for slapd from HEAD (to list enabled static overlays) - Build all overlays except syncprov and ppolicy as dynamic modules (Fixes bnc#648479, FATE#307837) - Added README.dynamic-overlays to point out some details about dynamic overlays - simplified pie-compile patch and adjusted it to work with dynamic overlays * Tue Oct 05 2010 [email protected] - Handle the libdb-4_5 -> libdb-4_8 Version update by opening the Databases with DB_RECOVER if a version mismatch is detected. * Sun Oct 03 2010 [email protected] - Do not include Build date and time in binaries, this avoids build-compare failures and unhelpful rebuilds/republishes * Wed Sep 29 2010 [email protected] - Don't build 2.3 slapcat anymore for 11.3 and newer. We switch to 2.4 long ago. - Removed automatic 2.3->2.4 migration in %post - moved back-sql examples to make rpmlint happy * Thu Aug 26 2010 [email protected] - Fix listener URIs in init script to make SLP registration work again (bnc#620389) * Fri Jul 23 2010 [email protected] - Fixed RPM Group and Summary Tags (bnc#624980) * Thu Jul 01 2010 [email protected] - Updated to 2.4.23: * Fixed libldap to return server's error code (ITS#6569) * Fixed libldap memleaks (ITS#6568) * Fixed liblutil off-by-one with delta (ITS#6541) * Fixed slapd acls with glued databases (ITS#6468) * Fixed slapd syncrepl rid logging (ITS#6533) * Fixed slapd modrdn handling of invalid values (bnc#612430, ITS#6570) * Fixed slapd-bdb hasSubordinates computation (ITS#6549) * Fixed slapd-bdb to use memcpy instead for strcpy (ITS#6474) * Fixed slapd-bdb entry cache delete failure (ITS#6577) * Fixed slapd-ldap to return control responses (ITS#6530) * Fixed slapo-ppolicy to use Debug (ITS#6566) * Fixed slapo-refint to zero out freed DN vals (ITS#6572) * Fixed slapo-rwm to use Debug (ITS#6566) * Fixed slapo-sssvlv to use Debug (ITS#6566) * Fixed slapo-syncprov lost deletes in refresh phase (bnc#606294, ITS#6555) * Fixed slapo-valsort to use Debug (ITS#6566) * Fixed contrib/nssov network.c missing patch (ITS#6562) - New subpackage openldap2-back-sql. Contains the SQL backend module plus some documentation (bnc#395719) - generate Patches from git tree (resulted in all patches being renamed) - installing binaries without stripping them is done by setting the STRIP enviroment variable instead for patching the Makefile now - Fixed a bug in the syncprov overlay which could lead to not replicate delete Operations (ITS#6555, bnc#606294) - BuildRequires cleanup * Thu Jul 01 2010 [email protected] - LDAP clients could crash the server by submitting a specially crafted LDAP ModRDN operation. (bnc#612430, ITS#6570) - Delete Operations happening during the "Refresh" phase of "refreshAndPersist" replication failed to replicate under certain circumstances (bnc#606294, ITS#6555) * Mon May 10 2010 [email protected] - Create /var/run/slapd on demand. /var/run might be mounted on tmpfs. * Thu Apr 15 2010 [email protected] - fix build dependency cycle for -client package with openslp * Wed Mar 17 2010 [email protected] - Fixed quotation in sed expression to escape ldapi path in init script * Tue Mar 16 2010 [email protected] - Removed obsolete hunk from openldap2.dif - Remove ldap.conf patch to use saner default for Certificate verification (bnc#575146) * Sat Feb 13 2010 [email protected] - Add fix for stricter fortification checks of GCC 4.5. * Thu Jan 07 2010 [email protected] - Updated to 2.4.21: * Fixed liblutil for negative microsecond offsets (ITS#6405) * Fixed slapd global settings to work without restart (ITS#6428) * Fixed slapd looping with SSL/TLS connections (ITS#6412) * Fixed slapd syncrepl freeing tasks from queue (ITS#6413) * Fixed slapd syncrepl parsing of tls defaults (ITS#6419) * Fixed slapd syncrepl uninitialized variables (ITS#6425) * Fixed slapd-config Adds with Abstract classes (ITS#6408) * Fixed slapo-dynlist behavior with simple filters (ITS#6421) * Fixed slapd-ldif access outside database directory (ITS#6414) * Fixed slapo-translucent with back-null (ITS#6403) * Fixed slapo-unique criteria checking (ITS#6270) - removed some obsolete RPM dependencies - Added missing tags to init script to silence rpmlint warnings * Thu Dec 10 2009 [email protected] - Fixed an issue in back-config's objectclass inheritence code that could cause the server to fail to start or to spin in an endless loop (bnc#558059,ITS#6408) - default the tls_reqcert parameter of a syncrepl config to "demand" as documented even if other tls_ options are absent (bnc#558397, ITS#6319) - apply changes to the global size and timelimits to all database that don't specify limits themself. (bnc#562184, ITS#6428) * Mon Nov 30 2009 [email protected] - Update to 2.4.20 (fate#306593), most important fixes since 2.4.19 * Fixed liblber embedded NUL values in BerValues (ITS#6353) * Fixed libldap sasl buffer sizing (ITS#6327,ITS#6334) * Fixed libldap uninitialized return value (ITS#6355) * Fixed libldap unlimited timeout (ITS#6388) * Added slapd handling of hex server IDs (ITS#6297) * Fixed slapd checks of str2filter (ITS#6391) * Fixed slapd configArgs initialization (ITS#6363) * Fixed slapd db_open with connection_fake_init (ITS#6381) * Fixed slapd with embedded \0 in bervals (ITS#6378,ITS#6379) * Fixed slapd inclusion of ac/unistd.h (ITS#6342) * Fixed slapd sl_free to better reclaim memory (ITS#6380) * Fixed slapd syncrepl deletes in MirrorMode (ITS#6368) * Fixed slapd syncrepl to use correct SID (ITS#6367) * Fixed slapd tls_accept to retry in certain cases (ITS#6304) * Fixed slapd-bdb/hdb cache corruption (ITS#6341) * Fixed slapd-bdb/hdb entry cache (ITS#6360) * Fixed slapo-syncprov checkpoint conversion (ITS#6370) * Fixed slapo-syncprov deadlock (ITS#6335) * Fixed slapo-syncprov out of order changes (ITS#6346) - Added switch to enable/disable testsuite (%run_test_suite) * Tue Nov 03 2009 [email protected] - updated patches to apply with fuzz=0 * Mon Sep 28 2009 [email protected] - Added schema2ldif tool to openldap2-client subpackage (bnc#541819) * Wed Sep 23 2009 [email protected] - Changed permissions on /var/run/slapd to a saner default for ldapi:/// (bnc#536729) * Wed Sep 09 2009 [email protected] - libldap's check of the hostname against the TLS Certificate's CN Attribute did not handle possible NUL bytes in the CN correctly and was vulnerable against attacks with spoofed Certificates. (bnc#537143, ITS#6239) * Tue Jul 14 2009 [email protected] - Update to 2.4.17. Most important changes: * Fixed liblber to use ber_strnlen (ITS#6080) * Fixed libldap openssl digest initialization (ITS#6192) * Fixed libldap tls NULL error messages (ITS#6079) * Added slapd sasl auxprop support (ITS#6147) * Added slapd schema checking tool (ITS#6150) * Added slapd writetimeout keyword (ITS#5836) * Fixed slapd abandon/cancel handling for some ops (ITS#6157) * Fixed slapd access setstyle to expand (ITS#6179) * Fixed slapd assert with closing connections (ITS#6111) * Fixed slapd bind race condition (ITS#6189) * Fixed slapd cert validation (ITS#6098) * Fixed slapd connection_destroy assert (ITS#6089) * Fixed slapd csn normalization (ITS#6195) * Fixed slapd errno handling (ITS#6037) * Fixed slapd hung writers (ITS#5836) * Fixed slapd ldapi issues (ITS#6056) * Fixed slapd normalization of updated schema attributes (ITS#5540) * Fixed slapd olcLimits handling (ITS#6159) * Fixed slapd olcLogLevel with hex levels (ITS#6162) * Fixed slapd sending cancelled operations results (ITS#6103) * Fixed slapd slapi_entry_has_children (ITS#6132) * Fixed slapd sockets usage on windows (ITS#6039) * Fixed slapd some abandon and cancel race conditions (ITS#6104) * Fixed slapd tls context after changes (ITS#6135) * Fixed slapd-bdb/hdb adjust dncachesize if too low (ITS#6176) * Fixed slapd-bdb/hdb crashes during delete (ITS#6177) * Fixed slapd-bdb/hdb multiple olcIndex for same attr (ITS#6196) * Fixed slapd-hdb freeing of already freed entries (ITS#6074) * Fixed slapd-hdb entryinfo cleanup (ITS#6088) * Fixed slapd-hdb dncache lockups (ITS#6095) * Fixed slapd-ldap deadlock with non-responsive TLS URIs (ITS#6167) * Fixed slapo-ppolicy to honor pwdLockout (ITS#6168) * Fixed slapo-ppolicy to return check modules error message (ITS#6082) * Added slapo-rwm rwm-drop-unrequested-attrs config option (ITS#6057) * Fixed slapo-rwm dn passing (ITS#6070) * Fixed slapo-rwm entry free/release (ITS#6058, ITS#6081) * Fixed tools returning ldif errors (ITS#5892) - Backported fix for failing back-monitor test from HEAD - re-enabled some formerly disabled tests from the testsuite * Mon Jun 29 2009 [email protected] - Fixed Summary/Description for -client subpackage * Thu Jun 25 2009 [email protected] - Improved connection check in init script (bnc#510295) * Mon Jun 15 2009 [email protected] - Fixed complilation with newer glibc (2.3.X release needs GNU_SOURCE defined as well in getpeerid.c) * Wed Apr 29 2009 [email protected] - gcc 4.4 fixes * Mon Apr 06 2009 [email protected] - Update to 2.4.16. Most important fixes: * Fixed libldap segfault in checking cert/DN (ITS#5976) * Fixed libldap peer cert double free (ITS#5849) * Fixed libldap referral chasing (ITS#5980) * Fixed slapd backglue with empty DBs (ITS#5986) * Fixed slapd ctxcsn race condition (ITS#6001) * Fixed slapd debug message (ITS#6027) * Fixed slapd redundant module loading (ITS#6030) * Fixed slapd schema_init freed value (ITS#6036) * Fixed slapd syncrepl newCookie sync messages (ITS#5972) * Fixed slapd syncrepl hang during shutdown (ITS#6011) * Fixed slapd syncrepl too many MMR messages (ITS#6020) * Fixed slapd syncrepl skipped entries with MMR (ITS#5988) * Fixed slapd-bdb/hdb cachesize handling (ITS#5860) * Fixed slapd-bdb/hdb with slapcat with empty dn (ITS#6006) * Fixed slapd-bdb/hdb with NULL transactions (ITS#6012) * Fixed slapd-ldap incorrect referral handling (ITS#6003,ITS#5916) * Fixed slapd-ldap/meta with broken AD results (ITS#5977) * Fixed slapd-ldap/meta with invalid attrs again (ITS#5959) * Fixed slapo-accesslog interaction with ppolicy (ITS#5979) * Fixed slapo-dynlist conversion to cn=config (ITS#6002) * Fixed various slapo-syncprov issues (ITS#5972, ITS#6020, ITS#5985, ITS#5999, ITS#5973, ITS#6045, ITS#6024, ITS#5988) - Fix building on older openSUSE releases * Fri Mar 20 2009 [email protected] - Update to 2.4.15. Most important changes: * Fixed slapd bconfig conversion again (ITS#5346) * Fixed slapd behavior with superior objectClasses again (ITS#5517) * Fixed slapd RFC4512 behavior with same attr in RDN (ITS#5968) * Fixed slapd corrupt contextCSN (ITS#5947) * Fixed slapd syncrepl order to match on add/delete (ITS#5954) * Fixed slapd adding rdn with other values (ITS#5965) * Fixed slapd-bdb/hdb behavior with unallocatable shm (ITS#5956) * Fixed slapd-ldap/meta with entries with invalid attrs (ITS#5959) * Fixed slapo-pcache caching invalid entries (ITS#5927) * Fixed slapo-syncprov csn updates (ITS#5969) * Added libldap option to disable SASL host canonicalization (ITS#5812) * Fixed libldap chasing multiple referrals (ITS#5853) * Fixed libldap setuid usage with .ldaprc (ITS#4750) * Fixed libldap deref handling (ITS#5768) * Fixed libldap NULL pointer deref (ITS#5934) * Fixed libldap peer cert memory leak (ITS#5849) * Fixed libldap intermediate response behavior (ITS#5896) * Fixed libldap IPv6 address handling (ITS#5937) * Fixed libldap_r deref building (ITS#5768) * Fixed libldap_r slapd lockup when paused during shutdown (ITS#5841) * Fixed slapd acl checks on ADD (ITS#4556,ITS#5723) * Fixed slapd acl application to newly created backends (ITS#5572) * Fixed slapd bconfig to return error codes (ITS#5867) * Fixed slapd bconfig encoding incorrectly (ITS#5897) * Fixed slapd bconfig dangling pointers (ITS#5924) * Fixed slapd epoll handling (ITS#5886) * Fixed slapd glue with MMR (ITS#5925) * Fixed slapd listener comparison (ITS#5613) * Fixed various syncrepl issues (ITS#5809,ITS#5850, ITS#5843, ITS#5866, ITS#5901, ITS#5881, ITS#5935, ITS#5710, ITS#5781, ITS#5809, ITS#5798, ITS#5826) * Fixed slapd-bdb/hdb dncachesize handling (ITS#5860) * Fixed slapd-bdb/hdb trickle task usage (ITS#5864) * Fixed slapd-hdb idlcache with empty suffix (ITS#5859) * Wed Jan 07 2009 [email protected] - obsolete old -XXbit packages (bnc#437293) * Fri Dec 12 2008 [email protected] - Fixed openldap2-devel dependencies (bnc#457989) * Tue Dec 09 2008 [email protected] - Fixed a bug in the threadpool implementation that could cause slapd to lockup when shutting down while the pool is paused. (bnc#450457, ITS#5841) * Fri Nov 28 2008 [email protected] - Disable the slapadd trickle-task it cause performance issues when using libdb-4.5 (bnc#449641) - removed obsolete configure option (ldbm backend does not exist in OpenLDAP 2.4) * Fri Nov 21 2008 [email protected] - update check-build.sh * Wed Nov 05 2008 [email protected] - Fixed database shutdown sequence (bnc#441774, ITS#5745) * Tue Nov 04 2008 [email protected] - Handle ldbm databases in updates from 2.3 release (bnc#440589) * Thu Oct 23 2008 [email protected] - the helper function to create various LDAP controls returned wrong error codes under certain circumstances (bnc#429064, ITS#5762) - Fixed referral chasing in chain-overlay (bnc#438088, ITS#5742) - Fixed back-config integration of overlays with private instances of databases (translucent, chain, ...) (bnc#438094, ITS#5736) * Mon Oct 13 2008 [email protected] - Added missing #include to slapo-collect * Sun Oct 12 2008 [email protected] - Update to 2.4.12. Most important changes: * Fixed libldap ldap_utf8_strchar arguments (ITS#5720) * Fixed libldap TLS_CRLFILE (ITS#5677) * Fixed librewrite memory handling (ITS#5691) * Fixed slapd attribute leak (ITS#5683) * Fixed slapd config backend with index greater than sibs (ITS#5684) * Fixed slapd custom attribute inheritance (ITS#5642) * Fixed slapd firstComponentMatch normalization (ITS#5634) * Fixed slapd connection events enabled twice (ITS#5725) * Fixed slapd memory handling (ITS#5691) * Fixed slapd objectClass canonicalization (ITS#5681) * Fixed slapd objectClass termination (ITS#5682) * Fixed slapd overlay control registration (ITS#5649) * Fixed slapd runqueue checking (ITS#5726) * Fixed slapd sortvals comparison (ITS#5578) * Fixed slapd syncrepl contextCSN detection (ITS#5675) * Fixed slapd syncrepl error logging (ITS#5618) * Fixed slapd syncrepl runqueue interval (ITS#5719) * Fixed slapd-bdb entry return if attr not present (ITS#5650) * Fixed slapd-bdb/hdb release search entries earlier (ITS#5728,ITS#5730) * Fixed slapd-bdb/hdb subtree search with empty suffix (ITS#5729) * Fixed slapo-memberof internal operations DN (ITS#5622) * Fixed slapo-pcache attrset crash (ITS#5665) * Fixed slapo-pcache caching with invalid schema (ITS#5680) * Fixed slapo-ppolicy control return on password modify exop (ITS#5711) - removed obsolete patches * Mon Oct 06 2008 [email protected] - remove some problematic test-cases, that cause a lot of unreproducable buildfailures - check for exisitence of /etc/openldap/slapd.conf in init-script assume back-config usage if it isn't present (bnc#428168) * Wed Sep 24 2008 [email protected] - Mark Schema and SuSEfirewall files as %config - openldap2-back-perl requires perl - Give more meaningful error messages when index configuration fails (bnc#429150) * Fri Sep 19 2008 [email protected] - Reduced debug-level during "make test" to reduce required disk space and buildtime * Thu Sep 18 2008 [email protected] - Fixed init-script dependencies (bnc#426214) * Fri Sep 12 2008 [email protected] - Backported fix for a crash in back-config when adding entries with a too large index (ITS#5684) - Backported fix for a crash when adding an invalid olcBdbConfig Entry to back-config (ITS#5698) * Tue Sep 09 2008 [email protected] - Removed getaddrinfo workaround. Recent glibc doesn't need it anymore (bnc#288879, ITS#5251) - Server requires libldap of the same version. * Mon Sep 08 2008 [email protected] - Import back-config support for deleting databases from CVS HEAD * Tue Sep 02 2008 [email protected] - Dropped evolution specific ntlm-bind Patch (Fate#303480) * Thu Aug 28 2008 [email protected] - added ldapns.schema , to allow to use pam_ldap's "check_host_attr" and "check_service_attr" features (bnc#419984) - backport overlay_register_control fix from HEAD (bnc#420016, ITS#5649) * Mon Aug 18 2008 [email protected] - remove outdated options in the fillup_and_insserv call * Mon Aug 18 2008 [email protected] - fixed LSB-Headers in init-script * Wed Aug 13 2008 [email protected] - try to fix build for buildservice (BUILD_INCARNATION can be empty) * Mon Aug 11 2008 [email protected] - /usr/lib/sasl2/slapd.conf was moved to /etc/sasl2/slapd.conf (bnc#412652) - adjust ownerships of database directories even when using back-config * Thu Jul 31 2008 [email protected] - Enable back-config delete support * Tue Jul 29 2008 [email protected] - Update to Version 2.4.11. Most important changes: * Fixed liblber ber_get_next length decoding (ITS#5580) * Added libldap assertion control (ITS#5560) * Fixed liblutil missing return code (ITS#5615) * Fixed slapd cert serial number parsing (ITS#5588) * Fixed slapd check for structural_class failures (ITS#5540) * Fixed slapd config backend renumbering (ITS#5571) * Fixed slapd configContext OID (ITS#5383) * Fixed slapd crash with no listeners (ITS#5563) * Fixed slapd sets memory leak (ITS#5557) * Fixed slapd sortvals binary search (ITS#5578) * Fixed slapd syncrepl updates with multiple masters (ITS#5597) * Fixed slapd syncrepl superior objectClass delete/add (ITS#5600) * Fixed slapd syncrepl/slapo-syncprov contextCSN updates as internal ops (ITS#5596) * Fixed slapo-memberof replace handling (ITS#5584) * Added slapo-nssov contrib module * Fixed slapo-pcache handling of negative search caches (ITS#5546) * Fixed slapo-ppolicy DNs with whitespaces (ITS#5552) * Fixed slapo-ppolicy modify with internal ops (ITS#5569) * Fixed slapo-syncprov ACL evaluation (ITS#5548) * Fixed slapo-syncprov crash with delcsn (ITS#5589) * Fixed slapo-syncprov full reload (ITS#5564) * Fixed slapo-syncprov missing olcSpReloadHint attr(ITS#5591) * Fixed slapo-unique filter normalization (ITS#5581) * Mon Jun 30 2008 [email protected] - Only apply -fPIE patch to recent Distributions - removed -fPIE from the slapcat-2.3 build - Adjust BuildRequires for older Distributions * Fri Jun 27 2008 [email protected] - make sure the subpacks are only in one spec file declared * Tue Jun 24 2008 [email protected] - branched off libldap-2_4-2 package to support the shared library packaging policy * Wed Jun 11 2008 [email protected] - Update to Version 2.4.10. Most important changes: * Fixed libldap ld_defconn cleanup if it was freed (ITS#5518, ITS#5525) * Fixed libldap msgid handling (ITS#5318) * Fixed libldap t61 infinite loop (ITS#5542) * Fixed libldap_r missing stubs (ITS#5519) * Fixed slapd initialization of sr_msgid, rs->sr_tag (ITS#5461) * Fixed slapd missing termination of integerFilter keys (ITS#5503) * Fixed slapd multiple attrs in URI (ITS#5516) * Fixed slapd sasl_ssf retrieval (ITS#5403) * Fixed slapd socket assert (ITS#5489) * Fixed slapd syncrepl cookie (ITS#5536) * Fixed slapd-bdb/hdb MAXPATHLEN (ITS#5531) * Fixed slapd-bdb indexing in single ADD/MOD (ITS#5521) * Fixed slapd-ldap entry_get() op-dependent behavior (ITS#5513) * Fixed slapd-meta quarantine crasher (ITS#5522) * Fixed slapo-refint to allow setting modifiers name (ITS#5505) * Fixed slapo-syncprov contextCSN passing on syncprov consumers (ITS#5488) * Fixed slapo-syncprov csn update with delta-syncrepl (ITS#5493) * Fixed slapo-syncprov op2.o_extra reset (ITS#5501, #5506) * Fixed slapo-syncprov searching wrong backend (ITS#5487) * Fixed slapo-syncprov sending ops without queued CSNs (ITS#5465) * Fixed slapo-syncprov max csn search on startup (ITS#5537) * Fixed slapo-unique config structs (ITS#5526) * Fixed slapo-unique filter terminator (ITS#5511) * Fri May 16 2008 [email protected] - Support update from 2.3 releases (bnc#390247) * Thu May 08 2008 [email protected] - Update to Version 2.4.9. Most important changes: * Fixed libldap to use unsigned port (ITS#5436) * Fixed libldap error message for missing close paren (ITS#5458) * Fixed libldap_r tpool pause checks (ITS#5364, #5407) * Fixed slapcat error checking (ITS#5387) * Fixed slapd abstract objectClass inheritance check (ITS#5474) * Fixed slapd add operations requiring naming attrs (ITS#5412) * Fixed slapd connection handling (ITS#5469) * Fixed slapd frontendDB backend selection (ITS#5419) * Fixed slapd pagedresults stale state (ITS#5409) * Fixed slapd pointer dereference (ITS#5388) * Fixed slapd null argument dereference (ITS#5435) * Fixed slapd REP_ENTRY flags (ITS#5340) * Fixed slapd value list termination (ITS#5450) * Fixed slapd-bdb ID_NOCACHE handling (ITS#5439) * Fixed slapd-bdb entryinfo state if db_lock fails (ITS#5455) * Fixed slapd-bdb referral rewrite (ITS#5339) * Fixed slapd-config overlay stacking (ITS#5346) * Fixed slapd-config attribute publishing (ITS#5383) * Fixed slapd-ldap connection handler (ITS#5404) * Fixed slapd-ldif file name handling & multi-suffix/dir catch (ITS#5408) * Fixed slapd-meta connections on error (ITS#5440) * Fixed slapd-meta crash on search (ITS#5481) * Various syncrepl fixes (ITS#5407, ITS#5413, ITS#5426, ITS#5430, ITS#5432, ITS#5454, ITS#5397, ITS#5470) * Various slapo-syncprov fixes (ITS#5401, ITS#5405, ITS#5418, ITS#5486, ITS#5433, ITS#5434, ITS#5437, ITS#5444, ITS#5445, ITS#5484, ITS#5451) * Fri Apr 25 2008 [email protected] - Adjust ownership of DB_CONFIG to ldap:ldap (bnc#376204) * Thu Apr 10 2008 [email protected] - Compile with glibc 2.8. * Thu Apr 10 2008 [email protected] - added baselibs.conf file to build xxbit packages for multilib support * Thu Apr 03 2008 [email protected] - removed apparmor profile * Mon Mar 03 2008 [email protected] - revert last change and make libldap_r available again as some packages seem to directly rely on libldap_r. Assume they know of the libldap_r's limitations. * Wed Feb 27 2008 [email protected] - Moved libldap_r from -client subpackage to the main server package as it is only meant to be used by slapd. - Removed static libldap_r.a library and libldap_r.so link from - devel subpackage. External programs should only use the "normal" libldap library. * Wed Feb 20 2008 [email protected] - Update to Version 2.4.8. Most important changes: * Fixed libldap extended decoding (ITS#5304) * Fixed libldap filter abort (ITS#5300) * Fixed libldap ldap_parse_sasl_bind_result (ITS#5263) * Fixed libldap result codes for open (ITS#5338) * Fixed libldap search timeout crash (ITS#5291) * Fixed libldap paged results crash (ITS#5315) * Fixed slapd support for 2.1 CSN (ITS#5348) * Fixed slapd include handling (ITS#5276) * Fixed slapd modrdn check for valid new DN (ITS#5344) * Fixed slapd multi-step SASL binds (ITS#5298) * Fixed slapd overlay ordering when moving to slapd.d (ITS#5284) * Fixed slapd NULL printf (ITS#5264) * Fixed slapd NULL set values (ITS#5286) * Fixed slapd timestamp race condition (ITS#5370) * Fixed slapd cn=config crash on delete (ITS#5343) * Fixed slapd cn=config global acls (ITS#5352) * Fixed slapd truncated cookie (ITS#5362) * Fixed slapd str2entry with no attrs (ITS#5308) * Fixed slapd TLSVerifyClient default (ITS#5360) * Fixed slapd delta-syncrepl refresh mode (ITS#5376) * Fixed slapd ACL sets URI attrs (ITS#5384) * Fixed slapd invalid entryUUID filter (ITS#5386) * Fixed slapd-bdb idlcache on adds (ITS#5086) * Fixed slapd-bdb crash with modrdn (ITS#5358) * Fixed slapd-bdb modrdn to same dn (ITS#5319) * Fixed slapd-bdb MMR (ITS#5332) * Fixed slapd-meta setting of sm_nvalues (ITS#5375) * Fixed slapd-monitor crash (ITS#5311) * Fixed slapo-ppolicy only password check with policy (ITS#5285) * Fixed slapo-ppolicy del/replace password without new one (ITS#5373) * Fixed slapo-syncprov hang on checkpoint (ITS#5261) * Thu Jan 10 2008 [email protected] - Removed bogus debugging output from slapd_getaddrinfo_dupl.dif * Wed Jan 09 2008 [email protected] - Fixed allocation for paged results cookie (Bug #352255, ITS#5315) * Fri Dec 14 2007 [email protected] - Update to Version 2.4.7. Most important changes: * Added slapd ordered indexing of integer attributes (ITS#5239) * Fixed slapd paged results control handling (ITS#5191) * Fixed slapd sasl-host parsing (ITS#5209) * Fixed slapd filter normalization (ITS#5212) * Fixed slapd multiple suffix checking (ITS#5186) * Fixed slapd paged results handling when using rootdn (ITS#5230) * Fixed slapd syncrepl presentlist handling (ITS#5231) * Fixed slapd core schema 'c' definition for RFC4519 (ITS#5236) * Fixed slapd 3-way Multi-Master Replication (ITS#5238) * Fixed slapd hash collisions in index slots (ITS#5183) * Fixed slapd replication of dSAOperation attributes (ITS#5268) * Fixed slapadd contextCSN updating (ITS#5225) * Fixed slapd-bdb/hdb to report and fail on internal errors (ITS#5232) * Fixed slapd-bdb/hdb dn2entry lock bug (ITS#5257) * Fixed slapd-bdb/hdb dn2id lock bug (ITS#5262) * Fixed slapd-hdb caching on rename ops (ITS#5221) * Fixed slapo-accesslog abandoned op cleanup (ITS#5161) * Fixed slapo-dds deleting from nonexistent db (ITS#5267) * Fixed slapo-memberOf deleted values saving (ITS#5258) * Fixed slapo-pcache op->o_abandon handling (ITS#5187) * Fixed slapo-ppolicy single password check on modify (ITS#5146) * Fixed slapo-ppolicy internal search (ITS#5235) * Fixed slapo-syncprov refresh and persist cookie sending (ITS#5210) * Fixed slapo-syncprov ignore invalid cookies (ITS#5211) * Fixed slapo-translucent interaction with slapo-rwm (ITS#4889) * Thu Nov 29 2007 [email protected] - check for duplicates in getaddrinfo results and ignore them. (Bug #288879) * Tue Nov 27 2007 [email protected] - The init-script removed directory access on /etc/openldap/slapd.d (Bug #344091) * Mon Nov 26 2007 [email protected] - Update to Version 2.4.6. Initial 2.4 release for "general use". New features: * Usability/Manageability: - More complete Documentation (manual pages and Admin Guide) - dynamic configuration and monitoring improvments * More functionality - New overlays (dds, memberof, constraint) - Multimaster syncrepl replication * Performance improvments: - Further optimized frontend - Reduced locking contention in backend - back-config support through new sysconfig option "OPENLDAP_CONFIG_BACKEND" - Install admin guide from the main tarball, to get rid of the admin-guide tarball - New sysconfig options: * OPENLDAP_START_LDAP to allow to disable the ldap:// listener * OPENLDAP_LDAPI_INTERFACES to specify the paths for the ldapi:/// listeners * Mon Oct 29 2007 [email protected] - Update to Version 2.3.39. Most important changes: * Fixed slapd database/overlay config conflict (ITS#4848) * Fixed slapd password_hash config order (ITS#5082) * Fixed slapd slap_mods_check bug (ITS#5119) * Fixed slapd ACL sets memory handling (ITS#4860,ITS#4873) * Fixed slapd ordered values add normalization issue (ITS#5136) * Fixed slapd-bdb DB_CONFIG conversion bug (ITS#5118) * Fixed slapd-ldap search control parsing (ITS#5138) * Fixed slapd-ldap SASL idassert w/o authcId * Fixed slapd-ldif directory separators in DN (ITS#5172) * Fixed slapd-meta conn caching on bind failure (ITS#5154) * Fixed slapd-meta bind timeout assertion (ITS#5185) * Fixed slapd-sql concurrency issue (ITS#5095) * Fixed slapo-chain double-free (ITS#5137) * Fixed slapo-pcache and -rwm interaction fix (ITS#4991) * Fixed slapo-pcache non-null terminated array crasher (ITS#5163) * Fixed slapo-rwm modlist handling (ITS#5124) * Fixed slapo-rwm UUID in filter (ITS#5168) * Fixed sasl SASL_SSF_EXTERNAL type (ITS#3864) * Fixed liblber Windows x64 portability (ITS#5105) * Fixed libldap ppolicy control creation (ITS#5103) - Silenced some rpmlint warnings * Wed Aug 22 2007 [email protected] - Call "ldconfig" from %post and %postun in openldap2-client (Bug #298297) * Tue Jul 24 2007 [email protected] - Update to Version 2.3.37. Most important changes: * Fixed slapd-glue/syncprov interaction (ITS#4623) * Fixed slapd-ldap search reference crash (ITS#5025) * Fixed slapd-ldbm crash on Compare op (ITS#5044) * Fixed slapo-rwm searchFilter double free (ITS#5043) - Most important changes in 2.3.36: * Fixed slapd mutex bug after failed startup (ITS#4957) * Fixed slapd sasl failed Bind bug (ITS#4954) * Fixed slapd sasl ssf logging (ITS#5001) * Fixed slapd tool op init (ITS#4911) * Fixed slapd-bdb no-op crasher (ITS#4925) * Fixed slapd-relay crash when no database can be selected (ITS#4958) * Fixed slapo-chain RFC3062 passwd exop handling (ITS#4964) * Fixed slapo-dynlist multiple group/url[/member] config (ITS#4989) * Fixed slapo-pcache handling of abandoned Operations (#5015) * Fixed slapo-pcache and -rwm interaction (ITS#4991) * Fixed slapo-ppolicy pwdReset/pwdMinAge (ITS#4970) * Fixed slapo-ppolicy control cleanup from ITS#4665 * Fixed slapo-syncprov cookie parsing error (ITS#4977) * Fixed slapo-valsort crash on delete op (ITS#4966) * Fixed libldap referral chasing loop (ITS#4955) * Fixed libldap response code handling on rebind (ITS#4924) * Fixed libldap SASL_MAX_BUFF_SIZE (ITS#4935) * Wed Jun 13 2007 [email protected] - remove binutils prereq * Mon May 21 2007 [email protected] - reduce duplicated buildrequires against db42 and db45 * Tue May 15 2007 [email protected] - imported apparmor profile from apparmor (this profile is not enabled by default) * Fri May 04 2007 [email protected] - Update to Version 2.3.35. Most important changes: * Fixed ldapmodify to use correct memory free functions (ITS#4901) * Fixed slapd acl set minor typo (ITS#4874) * Fixed slapd entry consistency check in str2entry2 (ITS#4852) * Fixed slapd ldapi:// credential issue (ITS#4893) * Fixed slapd str2anlist handling of undefined attrs/OCs (ITS#4854) * Fixed slapd syncrepl delta-sync modlist free (ITS#4904) * Added slapd syncrepl retry logging (ITS#4915) * Fixed slapd zero-length IA5string handling (ITS#4823) * Fixed slapd-bdb/hdb startup with missing shm env (ITS#4851) * Fixed slapd-ldap/meta consistency in referral proxying (ITS#4861) * Fixed slapd-ldap bind cleanup in case of unauthorized idassert * Fixed slapd-meta search cleanup * Fixed slapd-meta/slapo-rwm filter mapping * Fixed slapd-sql subtree shortcut (ITS#4856) * Fixed slapo-dynlist crasher (ITS#4891) * Fixed slapo-refint config message (ITS#4853) * Fixed libldap time_t signedness (ITS#4872) * Fixed libldap_r tpool reset (ITS#4855,#4899) * Wed May 02 2007 [email protected] - Fix comparison with string literal * Wed Apr 18 2007 [email protected] - Fix generation of debuginfo packages. * Tue Mar 20 2007 [email protected] - removed krb5-devel BuildRequires (support via cyrus-sasl) * Thu Mar 15 2007 [email protected] - added Service definitions for SuSEfirewall2 (Bug #251654) * Thu Feb 22 2007 [email protected] - Updated to Version 2.3.34. Most important changes: * Fixed libldap missing get_option(TLS CipherSuite) (ITS#4815) * Fixed ldapmodify printing error from ldap_result() (ITS#4812) * Fixed slapadd LDIF parsing (ITS#4817) * Fixed slapd libltdl link ordering (ITS#4830) * Fixed slapd syncrepl memory leaks (ITS#4805) * Fixed slapd dynacl/ACI compatibility with 2.1 * Fixed slapd-bdb/hdb be_entry_get with aliases/referrals (ITS#4810) * Fixed slapd-ldap more response handling bugs (ITS#4782) * Fixed slapd-ldap C-API code tests (ITS#4808) * Fixed slapd-monitor NULL printf (ITS#4811) * Fixed slapo-chain spurious additional info in response (ITS#4828) * Fixed slapo-syncprov presence list (ITS#4813) * Fixed slapo-syncprov contextCSN checkpoint again (ITS#4720) * Added slapo-ppolicy cn=config support (ITS#4836) * Added slapo-auditlog cn=config support * Fri Jan 26 2007 [email protected] - Updated to Version 2.3.33. Most important changes: * Fixed slapd-ldap chase-referrals switch (ITS#4557) * Fixed slapd-ldap bind behavior when idassert is always used (ITS#4781) * Fixed slapd-ldap response handling bugs (ITS#4782) * Fixed slapd-ldap idassert mode=self anonymous ops (ITS#4798) * Fixed slapd-ldap/meta privileged connections handling (ITS#4791) * Fixed slapd-meta retrying (ITS#4594, 4762) * Fixed slapo-chain referral DN use (ITS#4776) * Fixed slapo-dynlist dangling pointer after entry free (ITS#4801) * Fixed libldap ldap_pvt_put_filter syntax checks (ITS#4648) * Fri Jan 12 2007 [email protected] - Updated to Version 2.3.32. Most important changes: * Fixed libldap unchased referral leak (ITS#4545) * Fixed libldap tls callback (ITS#4723) * Fixed slapd memleak on failed bind (ITS#4771) * Fixed slapd connections_shutdown assert * Fixed slapd add redundant duplicate value check (ITS#4600) * Fixed slapd ACL set memleak (ITS#4780) * Fixed slapd syncrepl shutdown hang (ITS#4790) * Fri Nov 17 2006 [email protected] - Fix for a flaw in libldap's strval2strlen() function when processing the authcid string of certain Bind Requests, which could allow attackers to cause an affected application to crash (especially the OpenLDAP Server), creating a denial of service condition (Bug#221154,ITS#4740) * Tue Nov 14 2006 [email protected] - Additional back-perl fixes from CVS. The first revision of the patch did not fix the problem completely (Bug#207618, ITS#4751) * Fri Oct 27 2006 [email protected] - cyrus-sasl configuration moved from %{_libdir}/sasl2 to /etc/sasl2/ (Bug: #206414) * Wed Oct 04 2006 [email protected] - Add $network to Should-Start/Should-Stop in init scripts (Bug: #206823) - Imported latest back-perl changes from CVS, to fix back-perl initialization (Bug: #207618) * Tue Aug 22 2006 [email protected] - Updated to Version 2.3.27 * Fixed libldap dnssrv bug with "not present" positive statement (ITS#4610) * Fixed libldap dangling pointer issue (ITS#4405) * Fixed slapd incorrect rebuilding of replica URI (ITS#4633) * Fixed slapd DN X.509 normalization crash (ITS#4644) * Fixed slapd-monitor operations order via callbacks (ITS#4631) * Fixed slapo-accesslog purge task during shutdown * Fixed slapo-ppolicy handling of default policy (ITS#4634) * Fixed slapo-ppolicy logging verbosity when using default policy * Fixed slapo-syncprov incomplete sync on restart issues (ITS#4622) * Wed Aug 02 2006 [email protected] - Updated to Version 2.3.25 * Add libldap_r TLS concurrency workaround (ITS#4583) * Fixed slapd acl selfwrite bug (ITS#4587) * Fixed various syncrepl and slapo-syncprov bugs (ITS#4582, 4622, 4534,4613, 4589) * Fixed slapd-bdb/hdb lock bug with virtual root (ITS#4572) * Fixed slapd-bdb/hdb modrdn new entry disappearing bug (ITS#4616) * Fixed slapd-bdb/hdb cache job issue * Fixed slapo-ppolicy password hashing bug (ITS#4575) * Fixed slapo-ppolicy password modify pwdMustChange reset bug (ITS#4576) * Fixed slapo-ppolicy control can be critical (ITS#4596) - Enabled CLDAP (LDAP over UDP) support * Mon Jun 26 2006 [email protected] - Updated to Version 2.3.24 * Fixed slapd syncrepl timestamp bug (delta-sync/cascade) (ITS#4567) * Fixed slapd-bdb/hdb non-root users adding suffix/root entries (ITS#4552) * Re-fixed slapd-ldap improper free bug in exop (ITS#4550) * Fixed slapd-ldif assert bug (ITS#4568) * Fixed slapo-syncprov crash under glued database (ITS#4562) - cleaned up SLES10 update specific stuff - added "chain-return-error" feature from HEAD to chain overlay (ITS#4570) * Thu Jun 22 2006 [email protected] - Don't use automake macros without using automake. * Wed May 24 2006 [email protected] - Updated to Version 2.3.23 * obsoletes the patches: libldap_ads-sasl-gssapi.dif, slapd-epollerr.dif * Fixed slapd-ldap improper free bug (ITS#4550) * Fixed libldap referral input destroy issue (ITS#4533) * Fixed libldap ldap_sort_entries tail bug (ITS#4536) * Fixed slapd runqueue use of freed memory (ITS#4517) * Fixed slapd thread pool init issue (ITS#4513) * Fixed slapd-bdb/hdb pre/post-read freeing (ITS#4532) * Fixed slapd-bdb/hdb pre/post-read unavailable issue (ITS#4538) * Fixed slapd-bdb/hdb referral issue (ITS#4548) * Fixed slapo-ppolicy BER tags issue (ITS#4528) * Fixed slapo-ppolicy rebind bug (ITS#4516) * For more details see the CHANGES file - Install CHANGES file to /usr/share/doc/packages/openldap2 * Wed May 10 2006 [email protected] - Really apply the patch for Bug#160566 - slapd could crash while processing queries with pre-/postread controls (Bug#173877, ITS#4532) * Fri Mar 24 2006 [email protected] - Backported fix from CVS for occasional crashes in referral chasing code (as used in e.g. back-meta/back-ldap). (Bug: #160566, ITS: #4448) * Mon Mar 13 2006 [email protected] - openldap2 must obsolete -back-monitor and -back-ldap to have them removed during update (Bug: #157576) * Fri Feb 17 2006 [email protected] - Add "external" to the list of supported SASL mechanisms (Bug: #151771) * Thu Feb 16 2006 [email protected] - Error out when conversion from old configfile to config database fails (Bug: #135484,#135490 ITS: #4407) * Mon Feb 13 2006 [email protected] - Don't ignore non-read/write epoll events (Bug: #149993, ITS: #4395) - Added update message to /usr/share/update-messages/en/ and enable it, when update did not succeed. * Thu Feb 09 2006 [email protected] - OPENLDAP_CHOWN_DIRS honors databases defined in include files (Bug: #135473) - Fixed version numbers in README.update - Fixed GSSAPI binds against Active Directory (Bug: #149390) * Fri Feb 03 2006 [email protected] - Cleaned up update procedure - man-pages updates and fixes (Fate: #6365) * Fri Jan 27 2006 [email protected] - Updated to 2.3.19 (Bug #144371) * Fri Jan 27 2006 [email protected] - converted neededforbuild to BuildRequires * Wed Jan 25 2006 [email protected] - Updated Admin Guide to latest version - build slapcat from openldap-2.2.24 and install it to /usr/sbin/openldap-2.2-slapcat to be able to migrate from OpenLDAP 2.2. - removed slapd-backbdb-dbupgrade which is no longer needed - attempt to dump/reload bdb databases in %{post} - Update notes in README.update * Fri Jan 13 2006 [email protected] - New sysconfig variable OPENLDAP_KRB5_KEYTAB - Cleanup in default configuration and init scripts * Wed Jan 11 2006 [email protected] - Updated to 2.3.17 - Remove OPENLDAP_RUN_DB_RECOVER from sysconfig file in %post slapd does now automatically recover the database if needed - Removed unneeded README.SuSE - Small adjustments to the default DB_CONFIG file * Mon Jan 09 2006 [email protected] - Updated to 2.3.16 * Mon Dec 19 2005 [email protected] - Fixed filelist (slapd-hdb man-page was missing) * Fri Dec 09 2005 [email protected] - Fixed build on x86_64 * Wed Dec 07 2005 [email protected] - Merged -back-ldap and -back-monitor subpackages into the main package and don't build them as dynamic modules anymore. - updated to OpenLDAP 2.3.13 * Mon Nov 28 2005 [email protected] - updated to OpenLDAP 2.3.12 * Wed Oct 26 2005 [email protected] - updated to OpenLDAP 2.3.11 - removed the "LDAP_DEPRECATED" workaround * Mon Sep 26 2005 [email protected] - Add "LDAP_DEPRECATED" to ldap.h for now * Fri Sep 23 2005 [email protected] - updated to OpenLDAP 2.3.7 * Tue Aug 16 2005 [email protected] - allow start_tls while chasing referrals (Bug #94355, ITS #3791) * Mon Jul 04 2005 [email protected] - devel-subpackage requires openldap2-client of the same version (Bugzilla: #93579) * Thu Jun 30 2005 [email protected] - build with -fPIE (not -fpie) to avoid GOT overflow on s390* * Wed Jun 22 2005 [email protected] - build the server packages with -fpie/-pie * Wed Jun 15 2005 [email protected] - updated to 2.2.27 * Wed May 25 2005 [email protected] - libldap-gethostbyname_r.dif: Use gethostbyname_r instead of gethostbyname in libldap. Should fix host lookups through nss_ldap (Bugzilla: #76173) * Fri May 13 2005 [email protected] - Updated to 2.2.26 - made /%{_libdir}]/sasl2/slapd.conf %config(noreplace) * Thu Apr 28 2005 [email protected] - Added /%{_libdir}]/sasl2/slapd.conf to avoid warnings about unconfigured OTP mechanism (Bugzilla: #80588) * Tue Apr 12 2005 [email protected] - added minimal timeout to startproc in init-script to let it report the "failed" status correctly in case of misconfiguration (Bugzilla: #76393) * Mon Apr 04 2005 [email protected] - crl-check.dif: Implements CRL checking on client and server side - use different base ports for differnt values of BUILD_INCARNATION (/.buildenv) to allow parallel runs of the test-suite on a single machine * Mon Apr 04 2005 [email protected] - force yielding-select test to yes (test occasionally hangs QEMU) * Fri Apr 01 2005 [email protected] - disable test suite on ARM (hangs QEMU) * Tue Mar 29 2005 [email protected] - updated to 2.2.24 - enabled back-hdb * Wed Mar 02 2005 [email protected] - syncrepl.dif: merged latest syncrepl fixes (Bugzilla: #65928) - libldap-reinit-fdset.dif: Re-init fd_sets when select is interupted (Bugzilla #50076, ITS: #3524) * Thu Feb 17 2005 [email protected] - checkproc_before_recover.dif: Check if slapd is stopped before running db_recover from the init script. (Bugzilla: #50962) * Tue Feb 01 2005 [email protected] - Cleanup back-bdb databases in %post, db-4.3 changed the transaction log format again. - cosmetic fixes in init script * Tue Jan 25 2005 [email protected] - updated to 2.2.23 - cleaned up #neededforbuild - package should also build on older SuSE Linux releases now - increased killproc timeout in init-script (Bugzilla: #47227) * Thu Jan 13 2005 [email protected] - updated to 2.2.20 - Removed unneeded dependencies * Fri Dec 10 2004 [email protected] - don't install *.la files * Wed Nov 10 2004 [email protected] - updated to 2.2.18 - use kerberos-devel-packages in neededforbuild * Fri Sep 24 2004 [email protected] - re-arranged specfile to sequence (header (package/descr)* rest) so the checking parser is not confused ... * Fri Sep 24 2004 [email protected] - Added pre_checkin.sh to generate a separate openldap2-client spec-file from which the openldap2-client and openldap2-devel subpackages are built. Should reduce build time for libldap as the test-suite is only executed in openldap2.spec. * Fri Sep 10 2004 [email protected] - libldap-result.dif: ldapsearch was hanging in select() when retrieving results from eDirectory through a StartTLS protected connection (Bugzilla #44942) * Mon Aug 09 2004 [email protected] - added ntlm support * Tue Aug 03 2004 [email protected] - updated to 2.2.16 - Updated ACLs in slapd_conf.dif to disable default read access to the "userPKCS12" Attribute - rc-check-conn.diff: When starting slapd wait until is accepts connections, or 10 seconds at maximum (Bugzilla #41354) - Backported -o slp={on|off} feature from OpenLDAP Head and added new sysconfig variable (OPENLDAP_REGISTER_SLP) to be able to switch SLP registration on and off. (Bugzilla #39865) - removed unneeded README.update * Fri Apr 30 2004 [email protected] - updated to 2.2.11 - remove SLES8 update specific stuff - Bugzilla #39652: Updated slapd_conf.dif to contain basic access control - Bugzilla #39468: Added missing items to yast.schema - fixed strict-aliasing compiler warnings (strict-aliasing.dif) * Thu Apr 29 2004 [email protected] - build with several jobs if available * Mon Apr 19 2004 [email protected] - ldapi_url.dif: Fixed paths for LDAPI-socket, pid-file and args-file (Bugzilla #38790) - ldbm_modrdn.dif: Fixed back-ldbm modrdn indexing bug (ITS #3059, Bugzilla #38915) - modify_check_duplicates.dif: check for duplicate attribute values in modify requests (ITS #3066/#3097, Bugzilla #38607) - updated and renamed yast2userconfig.schema to yast.schema as it contains more that only user configuration now - syncrepl.dif: addtional fixes for syncrepl (ITS #3055, #3056) - test_syncrepl_timeout: increased sleep timeout in syncrepl testsuite * Thu Apr 01 2004 [email protected] - added "TLS_REQCERT allow" to /etc/openldap/ldap.conf, to make START_TLS work without access to the CA Certificate. (Bugzilla: #37393) * Fri Mar 26 2004 [email protected] - fixed filelist - check-build.sh (build on kernel >= 2.6.4 hosts only) - yast2user.schema / slapd.conf fixed (#37076) - don't check for TLS-options is init-script anymore (#33560) - fixed various typos in README.update * Wed Mar 17 2004 [email protected] - fixed build of openldap-2.1-slapcat (using correct db41 include files, build backends as on sles8) - attempt to update bdb database and reindex ldbm database in %{post} - Update notes in README.update - better default configuration (including default DB_CONFIG file) - misc updates for the YaST schema - fixed crasher in syncrepl-code (syncrepl.dif) * Tue Mar 16 2004 [email protected] - Fix type mismatch. * Tue Mar 02 2004 [email protected] - updated to 2.2.6 - build a openldap-2.1-slapcat from 2.1.25 sources to be able to migrate from SLES8 and SL 9.0 * Thu Feb 19 2004 [email protected] - added check-build.sh (build on 2.6 hosts only) * Thu Feb 05 2004 [email protected] - updated to 2.2.5 - adjusted rfc2307bis.schema to support UTF-8 values in most attributes - enabled proxycache-overlay (wiht fix to work with back-ldbm) * Tue Jan 13 2004 [email protected] - updated to 2.2.4 - updated Admin Guide to most recent version * Sat Jan 10 2004 [email protected] - add %defattr - fix build as user * Mon Dec 08 2003 [email protected] - updated to 2.1.25 - small fixes for the YaST user schema * Tue Nov 11 2003 [email protected] - enabled SLP-support * Fri Oct 17 2003 [email protected] - Remove unused des from neededforbuild * Tue Sep 02 2003 [email protected] - Bugzilla #29859: fixed typo in sysconfig metadata, usage of OPENLDAP_LDAPS_INTERFACES in init script - added /usr/lib/sasl2/slapd.conf permissions handling - added sysconfig variable OPENLDAP_SLAPD_PARAMS="" to support additional slapd start parameters - added sysconfig variable OPENLDAP_START_LDAPI=NO/yes for ldapi:/// (LDAP over IPC) URLs * Thu Aug 14 2003 [email protected] - added activation metadata to sysconfig template (Bugzilla #28911) - removed lint from specfile * Thu Aug 07 2003 [email protected] - added %stop_on_removal and %restart_on_update calls - bdb_addcnt.dif fixes a possible endless loop in id2entry() - addonschema.tar.gz: some extra Schema files (YaST, RFC2307bis) * Wed Jul 16 2003 [email protected] - removed fillup_only and call fillup_and_insserv correctly - new Options in sysconfig.openldap: OPENLDAP_LDAP_INTERFACES, OPENLDAP_LDAPS_INTERFACES and OPENLDAP_RUN_DB_RECOVER * Tue Jul 01 2003 [email protected] - updated to 2.1.22 - updated Admin Guide to most recent version - build librewrite with -fPIC * Mon Jun 16 2003 [email protected] - updated to 2.1.21 * Wed Jun 11 2003 [email protected] - fixed requires lines * Mon May 26 2003 [email protected] - don't link back-ldap against librewrite.a, it's already linked into slapd (package should build on non-i386 Archs again) * Fri May 23 2003 [email protected] - fixed dynamic build of back-ldap - new subpackage back-ldap * Tue May 20 2003 [email protected] - updated to version 2.1.20 - enabled dynamic backend modules - new subpackages back-perl, back-meta and back-monitor - remove unpacked files from BuildRoot * Fri May 09 2003 [email protected] - updated to version 2.1.19 * Tue Apr 15 2003 [email protected] - fixed requires for devel-package ... * Tue Apr 15 2003 [email protected] - fixed neededforbuild * Thu Feb 13 2003 [email protected] - Enable IPv6 again * Tue Feb 11 2003 [email protected] - added /etc/openldap to filelist * Mon Feb 03 2003 [email protected] - switch default backend to ldbm * Sun Feb 02 2003 [email protected] - fixed requires for devel package (cyrus-sasl2-devel) * Fri Jan 31 2003 [email protected] - liblber.dif: Fixes two bugs in liblber by which remote attackers could crash the LDAP server (Bugzilla #22469, OpenLDAP ITS #2275 and #2280) * Tue Jan 14 2003 [email protected] - build using sasl2 * Mon Jan 13 2003 [email protected] - updated to version 2.1.12 - added metadata to sysconfig template (Bug: #22666) * Thu Nov 28 2002 [email protected] - updated to version 2.1.8 - added additional fix of 64bit archs - added secpatch.dif to fix setuid issues in libldap * Fri Sep 06 2002 [email protected] - fix for Bugzilla ID #18981, chown to OPENLDAP_USER didn't work with multiple database backend directories * Mon Sep 02 2002 [email protected] - removed damoenstart_ipv6.diff and disabled IPv6 support due to massive problems with nss_ldap * Mon Aug 26 2002 [email protected] - ldap_user.dif: slapd is now run a the user/group ldap (Bugzilla ID#17697) * Fri Aug 23 2002 [email protected] - updated to version 2.1.4, which fixes tons of bugs - added damoenstart_ipv6.diff (slapd was not starting when configured to listen on IPv4 and IPv6 interfaces, as done by the start script) - added README.SuSE with some hints about the bdb-backend - updated filelist to include only the man pages of the backends, that were built * Thu Aug 15 2002 [email protected] - removed termcap and readline from neededforbuild * Thu Aug 08 2002 [email protected] - enabled {CRYPT} passwords - update filelist (added new manpages) * Thu Jul 25 2002 [email protected] - patches for 64 bit architectures * Fri Jul 19 2002 [email protected] - update to 2.1.3 * Fri Jul 05 2002 [email protected] - fix openldap2-devel requires * Thu Jul 04 2002 [email protected] - switched back from cyrus-sasl2 to cyrus-sasl * Wed Jul 03 2002 [email protected] - updated to OpenLDAP 2.1.2 - added the OpenLDAP Administration Guide - enabled additional backends (ldap, meta, monitor) * Mon Jun 10 2002 [email protected] - hack build/ltconfig to build shared libs on ppc64 * Wed Jun 05 2002 [email protected] - created /etc/sysconfig/openldap and OPENLDAP_START_LDAPS variable to enable ldap over ssl support * Thu Mar 07 2002 [email protected] - Fix for Bugzilla ID#14569 (added cyrus-sasl-devel openssl-devel to the "Requires" Section of the -devel subpackage) * Mon Feb 18 2002 [email protected] - updated to the latest STABLE release (2.0.23) which fixes some nasty bugs see ITS #1562,#1582,#1577,#1578 * Thu Feb 07 2002 [email protected] - updated to the latest release (which fixes a index corruption bug) - cleanup in neededforbuild - small fixes for the init-scripts * Thu Jan 17 2002 [email protected] - updated to the latest stable release (2.0.21) * Wed Jan 16 2002 [email protected] - removed periods and colons from startup/shutdown messages * Tue Jan 15 2002 [email protected] - updated to v2.0.20 (which fixes a security hole in ACL processing) * Fri Jan 11 2002 [email protected] - converted archive to bzip2 - makes use of %{_libdir} now - set CFLAGS to -O0 for archs ia64, s390(x) and alpha otherwise the test suite fails on these archs - changed slapd.conf to store the database under /var/lib/ldap (this patch was missing in the last versions by accident) * Mon Jan 07 2002 [email protected] - update to v2.0.19 * Thu Dec 06 2001 [email protected] - eliminated START_LDAP, START_SLURPD variables in rc.config - created separate init script for slurpd - moved init scripts from dif to separate source tgz * Fri Oct 26 2001 [email protected] - update to v2.0.18 * Mon Oct 15 2001 [email protected] - update to v2.0.17 added a sleep to the restart section moved some manpages to the client package * Mon Oct 01 2001 [email protected] - update to v2.0.15 * Wed Sep 12 2001 [email protected] - backported the full bugfix from openldap-2.0.14 * Tue Sep 11 2001 [email protected] - Bugfix for slurpd millionth second bug (ITS#1323) * Mon Sep 10 2001 [email protected] - moved ldapfilter.conf ldaptemplates.conf ldapsearchprefs.conf to openldap2-client package * Mon Sep 03 2001 [email protected] - update to version 2.0.12 * Mon Jul 02 2001 [email protected] - bugfix: init script was not LSB compliant, Bugzilla ID#9072 * Tue Jun 19 2001 [email protected] - fixed for autoconf again * Fri Jun 15 2001 [email protected] - update to 2.0.11 - removed autoconf in specfile, because it doesn't work * Wed May 23 2001 [email protected] - update to version 2.0.10 (minor fixes) * Tue May 22 2001 [email protected] - update to version 2.0.9 * Mon Apr 23 2001 [email protected] - removed kerberos support - added aci support * Fri Apr 20 2001 [email protected] - added kerberos support * Thu Apr 05 2001 [email protected] - moved section 5 and 8 manpages to the server part of package * Wed Mar 14 2001 [email protected] - Move *.so links into -devel package - -devel requires -client * Thu Mar 08 2001 [email protected] - split up into openldap2-client and -devel * Tue Feb 27 2001 [email protected] - changed neededforbuild <cyrus-sasl> to <cyrus-sasl cyrus-sasl-devel> * Thu Feb 22 2001 [email protected] - added readline/readline-devel to neededforbuild (split from bash) * Thu Jan 04 2001 [email protected] - bugfix: slapd.conf rename /var/lib/openldap-ldbm to /var/lib/ldap init script: use $remote_fs * Tue Jan 02 2001 [email protected] - use script name in %post * Thu Dec 07 2000 [email protected] - bugfix from Andreas Jaeger: workaround for glibc2.2, detach * Fri Dec 01 2000 [email protected] - hacked configure for apparently broken pthread * Fri Dec 01 2000 [email protected] - fixed spec * Thu Nov 23 2000 [email protected] - made configs %config(noreplace) (Bug 4112) - fixed neededforbuild * Wed Nov 22 2000 [email protected] - adopted new init scheme * Wed Nov 15 2000 [email protected] - fixed neededforbuild * Fri Nov 10 2000 [email protected] - added buildroot * Tue Nov 07 2000 [email protected] - long package name - new version, 2.0.7 * Fri Oct 06 2000 [email protected] - first package of openldap2 (v2.0.6)
/etc/openldap /etc/openldap/schema /etc/openldap/schema/amavisd-new.ldif /etc/openldap/schema/collective.ldif /etc/openldap/schema/collective.schema /etc/openldap/schema/corba.ldif /etc/openldap/schema/corba.schema /etc/openldap/schema/core.ldif /etc/openldap/schema/core.schema /etc/openldap/schema/cosine.ldif /etc/openldap/schema/cosine.schema /etc/openldap/schema/dhcp.ldif /etc/openldap/schema/dlz.ldif /etc/openldap/schema/dnszone.ldif /etc/openldap/schema/dsee.ldif /etc/openldap/schema/dsee.schema /etc/openldap/schema/duaconf.ldif /etc/openldap/schema/duaconf.schema /etc/openldap/schema/dyngroup.ldif /etc/openldap/schema/dyngroup.schema /etc/openldap/schema/inetorgperson.ldif /etc/openldap/schema/inetorgperson.schema /etc/openldap/schema/java.ldif /etc/openldap/schema/java.schema /etc/openldap/schema/ldapns.ldif /etc/openldap/schema/ldapns.schema /etc/openldap/schema/misc.ldif /etc/openldap/schema/misc.schema /etc/openldap/schema/msuser.ldif /etc/openldap/schema/msuser.schema /etc/openldap/schema/namedobject.ldif /etc/openldap/schema/namedobject.schema /etc/openldap/schema/nis.ldif /etc/openldap/schema/nis.schema /etc/openldap/schema/openldap.ldif /etc/openldap/schema/openldap.schema /etc/openldap/schema/pmi.ldif /etc/openldap/schema/pmi.schema /etc/openldap/schema/rfc2307bis.ldif /etc/openldap/schema/rfc2307bis.schema /etc/openldap/schema/samba3.ldif /etc/openldap/schema/sudo.ldif /etc/openldap/schema/suse-mailserver.ldif /etc/openldap/schema/yast.ldif /etc/openldap/schema/yast.schema /etc/openldap/slapd.conf /etc/openldap/slapd.conf.default /etc/openldap/slapd.conf.example /etc/openldap/slapd.conf.olctemplate /etc/openldap/slapd.d /etc/sasl2 /etc/sasl2/slapd.conf /run/slapd /run/slapd/run /usr/lib/openldap /usr/lib/openldap/fixup-modulepath /usr/lib/openldap/start /usr/lib/openldap/update-crc /usr/lib/systemd/system/slapd.service /usr/lib/sysusers.d/ldap-user.conf /usr/lib/tmpfiles.d/openldap2.conf /usr/lib64/openldap /usr/lib64/openldap/accesslog.la /usr/lib64/openldap/accesslog.so /usr/lib64/openldap/accesslog.so.2 /usr/lib64/openldap/accesslog.so.2.0.200 /usr/lib64/openldap/auditlog.la /usr/lib64/openldap/auditlog.so /usr/lib64/openldap/auditlog.so.2 /usr/lib64/openldap/auditlog.so.2.0.200 /usr/lib64/openldap/autoca.la /usr/lib64/openldap/autoca.so /usr/lib64/openldap/autoca.so.2 /usr/lib64/openldap/autoca.so.2.0.200 /usr/lib64/openldap/back_ldap.la /usr/lib64/openldap/back_ldap.so /usr/lib64/openldap/back_ldap.so.2 /usr/lib64/openldap/back_ldap.so.2.0.200 /usr/lib64/openldap/back_mdb.la /usr/lib64/openldap/back_mdb.so /usr/lib64/openldap/back_mdb.so.2 /usr/lib64/openldap/back_mdb.so.2.0.200 /usr/lib64/openldap/back_relay.la /usr/lib64/openldap/back_relay.so /usr/lib64/openldap/back_relay.so.2 /usr/lib64/openldap/back_relay.so.2.0.200 /usr/lib64/openldap/collect.la /usr/lib64/openldap/collect.so /usr/lib64/openldap/collect.so.2 /usr/lib64/openldap/collect.so.2.0.200 /usr/lib64/openldap/constraint.la /usr/lib64/openldap/constraint.so /usr/lib64/openldap/constraint.so.2 /usr/lib64/openldap/constraint.so.2.0.200 /usr/lib64/openldap/dds.la /usr/lib64/openldap/dds.so /usr/lib64/openldap/dds.so.2 /usr/lib64/openldap/dds.so.2.0.200 /usr/lib64/openldap/deref.la /usr/lib64/openldap/deref.so /usr/lib64/openldap/deref.so.2 /usr/lib64/openldap/deref.so.2.0.200 /usr/lib64/openldap/dyngroup.la /usr/lib64/openldap/dyngroup.so /usr/lib64/openldap/dyngroup.so.2 /usr/lib64/openldap/dyngroup.so.2.0.200 /usr/lib64/openldap/dynlist.la /usr/lib64/openldap/dynlist.so /usr/lib64/openldap/dynlist.so.2 /usr/lib64/openldap/dynlist.so.2.0.200 /usr/lib64/openldap/homedir.la /usr/lib64/openldap/homedir.so /usr/lib64/openldap/homedir.so.2 /usr/lib64/openldap/homedir.so.2.0.200 /usr/lib64/openldap/memberof.la /usr/lib64/openldap/memberof.so /usr/lib64/openldap/memberof.so.2 /usr/lib64/openldap/memberof.so.2.0.200 /usr/lib64/openldap/otp.la /usr/lib64/openldap/otp.so /usr/lib64/openldap/otp.so.2 /usr/lib64/openldap/otp.so.2.0.200 /usr/lib64/openldap/pcache.la /usr/lib64/openldap/pcache.so /usr/lib64/openldap/pcache.so.2 /usr/lib64/openldap/pcache.so.2.0.200 /usr/lib64/openldap/ppolicy.la /usr/lib64/openldap/ppolicy.so /usr/lib64/openldap/ppolicy.so.2 /usr/lib64/openldap/ppolicy.so.2.0.200 /usr/lib64/openldap/refint.la /usr/lib64/openldap/refint.so /usr/lib64/openldap/refint.so.2 /usr/lib64/openldap/refint.so.2.0.200 /usr/lib64/openldap/remoteauth.la /usr/lib64/openldap/remoteauth.so /usr/lib64/openldap/remoteauth.so.2 /usr/lib64/openldap/remoteauth.so.2.0.200 /usr/lib64/openldap/retcode.la /usr/lib64/openldap/retcode.so /usr/lib64/openldap/retcode.so.2 /usr/lib64/openldap/retcode.so.2.0.200 /usr/lib64/openldap/rwm.la /usr/lib64/openldap/rwm.so /usr/lib64/openldap/rwm.so.2 /usr/lib64/openldap/rwm.so.2.0.200 /usr/lib64/openldap/seqmod.la /usr/lib64/openldap/seqmod.so /usr/lib64/openldap/seqmod.so.2 /usr/lib64/openldap/seqmod.so.2.0.200 /usr/lib64/openldap/sssvlv.la /usr/lib64/openldap/sssvlv.so /usr/lib64/openldap/sssvlv.so.2 /usr/lib64/openldap/sssvlv.so.2.0.200 /usr/lib64/openldap/syncprov.la /usr/lib64/openldap/syncprov.so /usr/lib64/openldap/syncprov.so.2 /usr/lib64/openldap/syncprov.so.2.0.200 /usr/lib64/openldap/translucent.la /usr/lib64/openldap/translucent.so /usr/lib64/openldap/translucent.so.2 /usr/lib64/openldap/translucent.so.2.0.200 /usr/lib64/openldap/unique.la /usr/lib64/openldap/unique.so /usr/lib64/openldap/unique.so.2 /usr/lib64/openldap/unique.so.2.0.200 /usr/lib64/openldap/valsort.la /usr/lib64/openldap/valsort.so /usr/lib64/openldap/valsort.so.2 /usr/lib64/openldap/valsort.so.2.0.200 /usr/lib64/slapd /usr/sbin/rcslapd /usr/sbin/slapacl /usr/sbin/slapadd /usr/sbin/slapauth /usr/sbin/slapcat /usr/sbin/slapd /usr/sbin/slapd-ldif-update-crc /usr/sbin/slapdn /usr/sbin/slapindex /usr/sbin/slapmodify /usr/sbin/slappasswd /usr/sbin/slapschema /usr/sbin/slaptest /usr/share/doc/packages/openldap2 /usr/share/doc/packages/openldap2/ANNOUNCEMENT /usr/share/doc/packages/openldap2/CHANGES /usr/share/doc/packages/openldap2/COPYRIGHT /usr/share/doc/packages/openldap2/README /usr/share/doc/packages/openldap2/README.module-loading /usr/share/doc/packages/openldap2/slapd.ldif.default /usr/share/fillup-templates/sysconfig.openldap /usr/share/licenses/openldap2 /usr/share/licenses/openldap2/LICENSE /usr/share/man/man5/lloadd.conf.5.gz /usr/share/man/man5/slapd-asyncmeta.5.gz /usr/share/man/man5/slapd-config.5.gz /usr/share/man/man5/slapd-ldap.5.gz /usr/share/man/man5/slapd-ldif.5.gz /usr/share/man/man5/slapd-mdb.5.gz /usr/share/man/man5/slapd-monitor.5.gz /usr/share/man/man5/slapd-pw-pbkdf2.5.gz /usr/share/man/man5/slapd-pw-sha2.5.gz /usr/share/man/man5/slapd-relay.5.gz /usr/share/man/man5/slapd-wt.5.gz /usr/share/man/man5/slapd.access.5.gz /usr/share/man/man5/slapd.backends.5.gz /usr/share/man/man5/slapd.conf.5.gz /usr/share/man/man5/slapd.overlays.5.gz /usr/share/man/man5/slapd.plugin.5.gz /usr/share/man/man5/slapo-accesslog.5.gz /usr/share/man/man5/slapo-allop.5.gz /usr/share/man/man5/slapo-auditlog.5.gz /usr/share/man/man5/slapo-autoca.5.gz /usr/share/man/man5/slapo-chain.5.gz /usr/share/man/man5/slapo-cloak.5.gz /usr/share/man/man5/slapo-collect.5.gz /usr/share/man/man5/slapo-constraint.5.gz /usr/share/man/man5/slapo-datamorph.5.gz /usr/share/man/man5/slapo-dds.5.gz /usr/share/man/man5/slapo-deref.5.gz /usr/share/man/man5/slapo-dyngroup.5.gz /usr/share/man/man5/slapo-dynlist.5.gz /usr/share/man/man5/slapo-homedir.5.gz /usr/share/man/man5/slapo-lastbind.5.gz /usr/share/man/man5/slapo-memberof.5.gz /usr/share/man/man5/slapo-otp.5.gz /usr/share/man/man5/slapo-pbind.5.gz /usr/share/man/man5/slapo-pcache.5.gz /usr/share/man/man5/slapo-ppolicy.5.gz /usr/share/man/man5/slapo-refint.5.gz /usr/share/man/man5/slapo-remoteauth.5.gz /usr/share/man/man5/slapo-retcode.5.gz /usr/share/man/man5/slapo-rwm.5.gz /usr/share/man/man5/slapo-smbk5pwd.5.gz /usr/share/man/man5/slapo-sock.5.gz /usr/share/man/man5/slapo-sssvlv.5.gz /usr/share/man/man5/slapo-syncprov.5.gz /usr/share/man/man5/slapo-translucent.5.gz /usr/share/man/man5/slapo-unique.5.gz /usr/share/man/man5/slapo-valsort.5.gz /usr/share/man/man5/slapo-variant.5.gz /usr/share/man/man5/slappw-argon2.5.gz /usr/share/man/man8/lloadd.8.gz /usr/share/man/man8/slapacl.8.gz /usr/share/man/man8/slapadd.8.gz /usr/share/man/man8/slapauth.8.gz /usr/share/man/man8/slapcat.8.gz /usr/share/man/man8/slapd.8.gz /usr/share/man/man8/slapdn.8.gz /usr/share/man/man8/slapindex.8.gz /usr/share/man/man8/slapmodify.8.gz /usr/share/man/man8/slappasswd.8.gz /usr/share/man/man8/slapschema.8.gz /usr/share/man/man8/slaptest.8.gz /var/lib/ldap
Generated by rpm2html 1.8.1
Fabrice Bellet, Mon Dec 2 23:27:45 2024