SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for openldap2-contrib-2.6.3-5.3.i586.rpm :

* Sat Dec 10 2022 Dirk Müller - add reproducible.patch to avoid using compile-time specific date/time constructs
* Mon Sep 26 2022 William Brown - bsc#1202931 - CVE-2022-31253 - Openldap start script allowed the ldap user to privilege escalate to root due to unbound chown commands.
* Thu Jul 14 2022 Michael Ströder - removed obsolete 0017-Resolve-error-handling-in-new-ctx-when-global.patch- update to 2.6.3
* Fixed librewrite declaration of calloc (ITS#9841)
* Fixed libldap to check for NULL ld (ITS#9157)
* Fixed libldap memory leaks (ITS#9876)
* Fixed lloadd to correctly tag Notice of Disconnection (ITS#9856)
* Fixed slapd delta-sync DN leak on ADD ops (ITS#9866)
* Fixed slapd replication with back-glue (ITS#9868)
* Fixed slapd lastbind replication with chaining (ITS#9863)
* Fixed slapd-ldap to correctly set authzid (ITS#9863)
* Fixed slapd-mdb to check for stale readers on MDB_READERS_FULL (ITS#7165)
* Fixed slapd-mdb indexer task with replicated config (ITS#9858)
* Fixed slapo-accesslog onetime memory leak (ITS#9864)
* Fixed slapo-ppolicy interaction with slapo-rwm (ITS#9871)
* Fixed slapo-rwm to handle escaping special characters (ITS#9817)
* Fixed slapo-syncprov memory leaks (ITS#9867)
* Fixed slapo-syncprov fallback in delta-sync mode (ITS#9823)
* Fixed slapo-unique to not release NULL entry (ITS#8245)
* doc: Fixed ldap_get_option(3) to clarify ldap_get/set_option restrictions (ITS#9824)
* Mon May 23 2022 Michael Ströder - Update to release 2.6.2
* Added support for OpenSSL 3.0 (ITS#9436)
* Fixed ldapdelete to prune LDAP subentries (ITS#9737)
* Fixed libldap to drop connection when non-LDAP data is received (ITS#9803)
* Fixed libldap to allow newlines at end of included file (ITS#9811)
* Fixed slapd slaptest conversion of olcLastBind (ITS#9808)
* Fixed slapd to correctly init global_host earlier (ITS#9787)
* Fixed slapd bconfig locking for cn=config replication (ITS#9584)
* Fixed slapd usage of thread local counters (ITS#9789)
* Fixed slapd to clear runqueue task correctly (ITS#9785)
* Fixed slapd idletimeout handling (ITS#9820)
* Fixed slapd syncrepl handling of new sessions (ITS#9584)
* Fixed slapd to clear connections on bind (ITS#9799)
* Fixed slapd to correctly advance connections index (ITS#9831)
* Fixed slapd syncrepl ODSEE replication of unknown attr (ITS#9801)
* Fixed slapd-asyncmeta memory leak in keepalive setting, slapd-ldap memory leak in keepalive setting, SEGV on config rewrite, ordering on config rewrite, memory leak in keepalive setting (ITS#9802)
* Fixed slapo-pcache SEGV & slapd-monitor SEGV on shutdown (ITS#9809)
* Fixed slapd-monitor crash when hitting sizelimit (ITS#9832)
* Fixed slapd-sql to properly escape filter value (ITS#9815)
* Fixed slapo-dynlist dynamic group regression (ITS#9825)
* Fixed slapo-ppolicy operation handling to be consistent (ITS#9794)
* Fixed slapo-translucent to correctly duplicate substring filters (ITS#9818)
* Contrib:
* Update ppm module to the 2.1 release (ITS#9814)
* Documentation:
* admin26: Document new lloadd features (ITS#9780)
* Fixed slapd.conf(5)/slapd-config(5) syncrepl sizelimit/timelimit documentation (ITS#9804)
* Fixed slapd-sock(5) to clarify \"sockresps result\" behavior (ITS#8255)
* Thu May 12 2022 William Brown - bsc#1199277 - Resolve segfault when calling new ctx with global ctx
* 0017-Resolve-error-handling-in-new-ctx-when-global.patch
* Mon Apr 11 2022 Michael Ströder - Use libargon2 instead of libsodium because it supports p>1- Added new contrib overlays: authzid, datamorph, variant, vc
* Sat Apr 02 2022 Jan Engelhardt - Update to release 2.6.1
* Ability to log directly to a file bypassing syslog
* back-ndb is retired
* back-sql and back-perl are deprecated
* lloadd(8): Additional load balancing strategies.
* lloadd(8): Additional options to improve coherence with certain controls and extended operations.
* Sat Mar 26 2022 Stephan Kulow - Add _multibuild support to integrate the build of libldapcpp-devel to drop the outdated copy
* Mon Oct 25 2021 Michael Ströder - update to 2.5.9 OpenLDAP 2.5.9 Release (2021/10/25) Fixed slapo-accesslog to initialize minCSN on import of 2.4 databases (ITS#9720)
* Mon Oct 11 2021 Michael Ströder - update to 2.5.8 OpenLDAP 2.5.8 Release (2021/10/11) Fixed libldap ldap_int_tls_connect: isdigit() requires unsigned char (ITS#9668) Fixed libldap memory leak in ldap_get_option LDAP_OPT_X_TLS_PEERCERT (ITS#9696) Fixed slapd to allow normalized values for namingContexts in cn=monitor (ITS#8341) Fixed slapd to normalize the suffix in rootDSE (ITS#9664) Fixed slapd slapadd to avoid destroying configDB prematurely (ITS#9678) Fixed slapd to not spam logs with lastbind information (ITS#9156) Fixed slapd slaptest migration to correctly set olcTSLVerifyClient (ITS#9711) Fixed slapd-mdb multival delete handling (ITS#9712) Fixed slapd-sql ldap_entry_objectclass table for mariadb/mysql (ITS#9679) Fixed slapd-wt multiple issues (ITS#9463) Fixed slapd-wt to close cache db correctly (ITS#9631) Fixed slapo-ppolicy to restore OpenLDAP 2.4 compatibilty (ITS#9671) Fixed slapo-syncprov to free uuid list when finished replaying sessionlog (ITS#6467) Build Fixed libldap result.c compilation on musl systems (ITS#9648) Fixed slapd duplicate definition of peerbv (ITS#9659) Fixed test suite with memberof modular builds (ITS#9464) Contrib Added man page for ppm contrib module (ITS#9644) Fix crash when pwdCheckModuleArg is not defined for ppm (ITS#9656) Documentation Fixed guide download link for heimdal (ITS#9669) Fixed guide documentation for TLSECName (ITS#9687) Fixed guide documentation missing tags (ITS#9693) Fixed guide loadbalancer typo (ITS#9699) Fixed guide synprov-nopresent redundant text (ITS#9689) Fixed guide various typos and fix config alignment (ITS#9706) Removed ppolicy.schema from servers/slapd/schema/README (ITS#9156) Fixed slapd.conf(5)/slapd-config(5) to document default for database monitoring (ITS#9674) Fixed slapd-meta(5)/slapd-asyncmeta(5) verbiage for try-propagate (ITS#9646) Fixed slapo-syncprov(5) to note entryCSN indexing is highly recommended (ITS#9688)
* Tue Aug 24 2021 Philipp Wagner - Update to upstream version 2.5.7 Fixed lloadd client state tracking (ITS#9624) Fixed slapd bconfig to canonicalize structuralObjectclass (ITS#9611) Fixed slapd-ldif duplicate controls response (ITS#9497) Fixed slapd-mdb multival crash when attribute is missing an equality matchingrule (ITS#9621) Fixed slapd-mdb compatibility with OpenLDAP 2.4 MDB databases (ITS#8958) Fixed slapd-mdb idlexp maximum size handling (ITS#9637) Fixed slapd-monitor number of ops executing with asynchronous backends (ITS#9628) Fixed slapd-sql to add support for ppolicy attributes (ITS#9629) Fixed slapd-sql to close transactions after bind and search (ITS#9630) Fixed slapo-accesslog to make reqMod optional (ITS#9569) Fixed slapo-ppolicy logging when pwdChangedTime attribute is not present (ITS#9625) Documentation slapd-mdb(5) note max idlexp size is 30, not 31 (ITS#9637) slapo-accesslog(5) note that reqMod is optional (ITS#9569) Add ldapvc(1) man page (ITS#9549) Add guide section on load balancer (ITS#9443) Updated guide to document multiprovider as replacement for mirrormode (ITS#9200) Updated guide to clarify slapd-mdb upgrade requirements (ITS#9200) Updated guide to document removal of deprecated options from client tools (ITS#9200)
* Fri Jul 30 2021 Philipp Wagner - Major version update to 2.5.6 See https://www.openldap.org/software/release/announce.html for a list of changes.- The threaded version of the OpenLDAP libraries, libldap_r, has been merged with libldap with 2.5. Removed all related downstream changes, including the openldap-r-only.dif patch. Introduce a new compatibility symlink in the other direction: libldap_r pointing to libldap.- Removed the ppolicy-check-password module. It is unmaintained and does not build any more. As part of that also remove the patch patch 0200-Fix-incorrect-calculation-of-consecutive-number-of-c.patch, which is applied to this module.- Removed patch 0001-ITS-8866-slapo-unique-to-return-filter-used-in-diagn.patch Fixed upstream in 2.5 (ITS#8866)- Updated patch 0005-pie-compile.dif Removed the hunks on back-bdb and back-hdb, which are retired backends in 2.5.- Removed patch 0007-Recover-on-DB-version-change.dif The back-bdb backend was retired.- Removed patch 0011-openldap-re24-its7796.patch Fixed upstream in 2.5 (ITS#7796)- Remove non-existant configure arguments: - -enable-rewrite, --enable-monitor, --enable-lmpasswd- Add the --enable-dynacl configure option, which is required for --enable-aci- Add the --with-argon2 configure option and remove it from the contrib modules, since it is now official (ITS#9453).- Pass mandir to smbk5pwd to ensure the man page ends up in /usr/share.- Include the new overlays in libdir/openldap in the packages.- Add the pkgconfig files to the devel package.- Remove compat macro for _fillupdir, which was introduced in Nov 2017 and should be widely available now.
* Fri Jun 04 2021 Michael Ströder - updated to 2.4.59 OpenLDAP 2.4.59 Release (2021/06/03) Fixed libldap TLSv1.3 cipher suites with OpenSSL 1.1.1 (ITS#9521) Fixed libldap double free of LDAP_OPT_DEFBASE (ITS#9530) Fixed slapd syncrepl handling of add+delete on single value attr (ITS#9295) Fixed slapd-mdb cursor init check (ITS#9526) Fixed slapd-mdb deletion of context entry (ITS#9531) Fixed slapd-mdb off-by-one affecting search scope (ITS#9557) Fixed slapo-pcache locking during expiration (ITS#9529) Contrib Fixed slapo-autogroup to not thrash thread context (ITS#9494) Documentation ldap_modify(3) - Delete non-existent mod_next parameter (ITS#9559)
* Tue Mar 16 2021 Michael Ströder - updated to 2.4.58 OpenLDAP 2.4.58 Release (2021/03/16) Fixed slapd validity checks for issuerAndThisUpdateCheck (ITS#9454) Fixed slapd to alloc new conn struct after freeing old one (ITS#9458) Fixed slapd syncrepl to check all contextCSNs (ITS#9282) Fixed slapd-bdb lockdetect config (ITS#9449)
* Mon Jan 18 2021 Michael Ströder - updated to 2.4.57 OpenLDAP 2.4.57 Release (2021/01/18) Fixed ldapexop to use correct return code (ITS#9417) Fixed slapd to remove asserts in UUIDNormalize (ITS#9391) Fixed slapd to remove assert in csnValidate (ITS#9410) Fixed slapd validity checks for issuerAndThisUpdateCheck (ITS#9411, ITS#9427) Fixed slapd validity checks for serialNumberAndIssuerCheck (ITS#9404, ITS#9424) Fixed slapd AVA sort with invalid RDN (ITS#9412) Fixed slapd ldap_X509dn2bv to check for invalid BER after RDN count (ITS#9423, ITS#9425) Fixed slapd saslauthz to remove asserts in validation (ITS#9406, ITS#9407) Fixed slapd saslauthz to use slap_sl_free on normalized DN (ITS#9409) Fixed slapd saslauthz SEGV in slap_parse_user (ITS#9413) Fixed slapd modrdn memory leak (ITS#9420) Fixed slapd double-free in vrfilter (ITS#9408) Fixed slapd cancel operation to correctly terminate (ITS#9428) Fixed slapd-ldap fix binds on retry with closed connection (ITS#9400) Fixed slapo-syncprov to ignore duplicate sessionlog entries (ITS#9394)
* Thu Dec 17 2020 Michael Ströder - added openldap2.keyring and source signature file
* Wed Nov 11 2020 Michael Ströder - updated to 2.4.56 OpenLDAP 2.4.56 Release (2020/11/10) Fixed slapd to remove assert in certificateListValidate (ITS#9383) Fixed slapd to remove assert in csnNormalize23 (ITS#9384) Fixed slapd to better parse ldapi listener URIs (ITS#9379)
* Tue Oct 27 2020 William Brown - bsc#1175568 CVE-2020-8027 openldap_update_modules_path.sh has a number of issues in it\'s design that lead to security issues. This file has been removed, from the package, and the %post execution of the install. The function is replaced by /usr/sbin/slapd-ldif-update-crc and /usr/lib/openldap/fixup-modulepath, through the addition of the source files:
* fixup-modulepath.sh
* slapd-ldif-update-crc.sh
* update-crc.sh
* Mon Oct 26 2020 Michael Ströder - updated to 2.4.55 OpenLDAP 2.4.55 Release (2020/10/26) Fixed slapd normalization handling with modrdn (ITS#9370) Fixed slapd-meta to check ldap_install_tls return code (ITS#9366) Contrib Fixed nssov misplaced semicolon (ITS#8731, ITS#9368) LMDB 0.9.27 Release (2020/10/26) ITS#9376 fix repeated DUPSORT cursor deletes
* Mon Oct 12 2020 Michael Ströder - updated to 2.4.54 OpenLDAP 2.4.54 Release (2020/10/12) Fixed slapd delta-syncrepl to ignore delete ops on deleted entry (ITS#9342) Fixed slapd delta-syncrepl to be fully serialized (ITS#9330) Fixed slapd delta-syncrepl MOD on zero-length context entry (ITS#9352) Fixed slapd sessionlog to use a TAVL tree (ITS#8486) Fixed slapd syncrepl to be fully serialized (ITS#8102) Fixed slapd syncrepl to call check_syncprov on fresh consumer (ITS#9345) Fixed slapd syncrepl to propagate errors from overlay_entry_get_ov (ITS#9355) Fixed slapd syncrepl to not create empty ADD ops (ITS#9359) Fixed slapd syncrepl replace usage on single valued attrs (ITS#9295) Fixed slapd-monitor fix monitor_back_register_database for empty suffix DB (ITS#9353) Fixed slapo-accesslog normalizer for reqStart (ITS#9358) Fixed slapo-accesslog to not generate new contextCSN on purge (ITS#9361) Fixed slapo-syncprov contextCSN generation with empty suffix (ITS#9015)
* Mon Sep 07 2020 Michael Ströder - updated to 2.4.53 OpenLDAP 2.4.53 (2020/09/07) Added slapd syncrepl additional SYNC logging (ITS#9043) Fixed slapd syncrepl segfault on NULL cookie on REFRESH (ITS#9282) Fixed slapd syncrepl to use fresh connection on REFRESH fallback (ITS#9338) Fixed slapo-ppolicy race condition for pwdFailureTime (ITS#9302,ITS#9334) Build Require OpenSSL 1.0.2 or later (ITS#9323) Fixed libldap compilation issue with broken C compilers (ITS#9332)
* Fri Aug 28 2020 Michael Ströder - updated to 2.4.52 OpenLDAP 2.4.52 (2020/08/28) Added libldap LDAP_OPT_X_TLS_REQUIRE_SAN option (ITS#9318) Added libldap OpenSSL support for multiple EECDH curves (ITS#9054) Added slapd OpenSSL support for multiple EECDH curves (ITS#9054) Fixed librewrite malloc/free corruption (ITS#9249) Fixed libldap hang when using UDP and server down (ITS#9328) Fixed slapd syncrepl rare deadlock due to network issues (ITS#9324) Fixed slapd syncrepl regression that could trigger an assert (ITS#9329) Fixed slapd-mdb index error with collapsed range (ITS#9135)
* Thu Aug 20 2020 Thorsten Kukuk - Switch from shadow to sysusers to generate ldap account- Remove if\'s for code older than SLE12 (Even SLE12 builds no longer)- Remove 12 years old sasl2 migration code
* Sat Aug 15 2020 Thorsten Kukuk - Drop obsolete, not working DB_CONFIG- Remove init.d header from start script, does not work- Use bash for start script as syntax is not POSIX sh supported- Remove UPDATE_NEEDED section in start script, does never match
* Sat Aug 15 2020 Thorsten Kukuk - Remove remaining rc.status usage in start script
* Wed Aug 12 2020 Michael Ströder - updated to 2.4.51- removed obsolete patch 0014-ITS-8650-fix-debug-usage.patch OpenLDAP 2.4.51 Release (2020/08/11) Added slapo-ppolicy implement Netscape password policy controls (ITS#9279) Fixed libldap retry loop in ldap_int_tls_connect (ITS#8650) Fixed libldap to use getaddrinfo in ldap_pvt_get_fqdn (ITS#9287) Fixed slapd to enforce singular existence of some overlays (ITS#9309) Fixed slapd syncrepl to not delete non-replicated attrs (ITS#9227) Fixed slapd syncrepl to correctly delete entries on resync (ITS#9282) Fixed slapd syncrepl to use replace on single valued attrs (ITS#9294, ITS#9295) Fixed slapd-perl dynamic config with threaded slapd (ITS#7573) Fixed slapo-ppolicy to expose the ppolicy control (ITS#9285) Fixed slapo-ppolicy race condition for pwdFailureTime (ITS#9302) Fixed slapo-ppolicy so it can only exist once per DB (ITS#9309) Fixed slapo-chain to check referral (ITS#9262) Build Environment Fix test064 so it no longer uses bashisms (ITS#9263) Contrib Fix default prefix value for pw-argon2, pw-pbkdf2 modules (ITS#9248) slapo-allowed - Fix usage of unitialized variable (ITS#9308) Documentation ldap_parse_result(3) - Document ldap_parse_intermediate (ITS#9271)
* Mon Jun 08 2020 Callum Farmer - Revert changes to libexecdir
* Sun Jun 07 2020 Michael Ströder - More .spec cleanups
* Fri Jun 05 2020 Callum Farmer - Fixes for %_libexecdir changing to /usr/libexec- Spec file cleanups
* Wed May 06 2020 Michael Ströder - updated to 2.4.50- added 0014-ITS-8650-fix-debug-usage.patch- enabled new contrib overlay pw-argon2- replaced FTP by HTTPS download URL for source- removed 0009-Fix-ldap-host-lookup-ipv6.patch (see bsc#1171127) OpenLDAP 2.4.50 Release (2020/04/28) Fixed client benign typos (ITS#8890) Fixed libldap type cast (ITS#9175) Fixed libldap retry loop in ldap_int_tls_connect (ITS#8650) Fixed libldap_r race on Windows mutex initialization (ITS#9181) Fixed liblunicode memory leak (ITS#9198) Fixed slapd benign typos (ITS#8890) Fixed slapd to limit depth of nested filters (ITS#9202) Fixed slapd-mdb memory leak in dnSuperiorMatch (ITS#9214) Fixed slapo-pcache database initialization (ITS#9182) Fixed slapo-ppolicy callback (ITS#9171) Build Fix olcDatabaseDummy initialization for windows (ITS#7074) Fix detection for ws2tcpip.h for windows (ITS#8383) Fix back-mdb types for windows (ITS#7878) Contrib Update ldapc++ config.guess and config.sub to support newer architectures (ITS#7855) Added pw-argon2 module (ITS#9233, ITS#8575, ITS#9203, ITS#9206) Documentation slapd-ldap(5) - Clarify idassert-authzfrom behavior (ITS#9003) slapd-meta(5) - Remove client-pr option (ITS#8683) slapdinex(8) - Fix truncate option information for back-mdb (ITS#9230)
* Thu Jan 30 2020 Michael Ströder - updated to 2.4.49- removed obsolete back-port patches:
* 0013_openldap-its9124_fix_crash_with_cancel_exop.patch- removed obsolete source file DB_CONFIG OpenLDAP 2.4.49 Release (2020/01/30) Added slapd-monitor database entry count for slapd-mdb (ITS#9154) Fixed client tools to not add controls on cancel/abandon (ITS#9145) Fixed client tools SyncInfo message to be LDIF compliant (ITS#8116) Fixed libldap to correctly free sb (ITS#9081, ITS#8755) Fixed libldap descriptor leak if ldaps fails (ITS#9147) Fixed libldap remove unnecessary global mutex for GnuTLS (ITS#9069) Fixed slapd syntax evaluation of preferredDeliveryMethod (ITS#9067) Fixed slapd to relax domainScope control check (ITS#9100) Fixed slapd to have cleaner error handling during connection setup (ITS#9112) Fixed slapd data check when processing cancel exop (ITS#9124) Fixed slapd attribute description processing (ITS#9128) Fixed slapd-ldap to set oldctrls correctly (ITS#9076) Fixed slapd-mdb to honor unchecked limit with alias deref (ITS#7657) Fixed slapd-mdb missing final commit with slapindex (ITS#9095) Fixed slapd-mdb drop attr mappings added in an aborted txn (ITS#9091) Fixed slapd-mdb nosync FLAG configuration handling (ITS#9150) Fixed slapd-monitor global operation counter reporting (ITS#9119) Fixed slapo-ppolicy when used with slapauth (ITS#8629) Fixed slapo-ppolicy to add a missed normalised copy of pwdChangedTime (ITS#9126) Fixed slapo-syncprov fix sessionlog init (ITS#9146) Fixed slapo-unique loop termination (ITS#9077) Build Environment Fix mkdep to honor TMPDIR if set (ITS#9062) Remove ICU library detection (ITS#9144) Update config.guess and config.sub to support newer architectures (ITS#7855) Disable ITS8521 regression test as it is no longer valid (ITS#9015) Documentation admin24 - Fix inconsistent whitespace in replication section (ITS#9153) slapd-config(5)/slapd.conf(5) - Fix missing bold tag for keyword (ITS#9063) slapd-ldap(5) - Document \"tls none\" option (ITS#9071) slapo-ppolicy(5) - Correctly document pwdGraceAuthnLimit (ITS#9065)
* Fri Jan 10 2020 Michael Ströder - added back-port patch 0013_openldap-its9124_fix_crash_with_cancel_exop.patch to fix OpenLDAP ITS#9124
  
ICM