SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for openldap2-2.4.59-lp155.1.4.x86_64.rpm :

* Fri Jun 04 2021 Michael Ströder - updated to 2.4.59 OpenLDAP 2.4.59 Release (2021/06/03) Fixed libldap TLSv1.3 cipher suites with OpenSSL 1.1.1 (ITS#9521) Fixed libldap double free of LDAP_OPT_DEFBASE (ITS#9530) Fixed slapd syncrepl handling of add+delete on single value attr (ITS#9295) Fixed slapd-mdb cursor init check (ITS#9526) Fixed slapd-mdb deletion of context entry (ITS#9531) Fixed slapd-mdb off-by-one affecting search scope (ITS#9557) Fixed slapo-pcache locking during expiration (ITS#9529) Contrib Fixed slapo-autogroup to not thrash thread context (ITS#9494) Documentation ldap_modify(3) - Delete non-existent mod_next parameter (ITS#9559)
* Tue Mar 16 2021 Michael Ströder - updated to 2.4.58 OpenLDAP 2.4.58 Release (2021/03/16) Fixed slapd validity checks for issuerAndThisUpdateCheck (ITS#9454) Fixed slapd to alloc new conn struct after freeing old one (ITS#9458) Fixed slapd syncrepl to check all contextCSNs (ITS#9282) Fixed slapd-bdb lockdetect config (ITS#9449)
* Mon Jan 18 2021 Michael Ströder - updated to 2.4.57 OpenLDAP 2.4.57 Release (2021/01/18) Fixed ldapexop to use correct return code (ITS#9417) Fixed slapd to remove asserts in UUIDNormalize (ITS#9391) Fixed slapd to remove assert in csnValidate (ITS#9410) Fixed slapd validity checks for issuerAndThisUpdateCheck (ITS#9411, ITS#9427) Fixed slapd validity checks for serialNumberAndIssuerCheck (ITS#9404, ITS#9424) Fixed slapd AVA sort with invalid RDN (ITS#9412) Fixed slapd ldap_X509dn2bv to check for invalid BER after RDN count (ITS#9423, ITS#9425) Fixed slapd saslauthz to remove asserts in validation (ITS#9406, ITS#9407) Fixed slapd saslauthz to use slap_sl_free on normalized DN (ITS#9409) Fixed slapd saslauthz SEGV in slap_parse_user (ITS#9413) Fixed slapd modrdn memory leak (ITS#9420) Fixed slapd double-free in vrfilter (ITS#9408) Fixed slapd cancel operation to correctly terminate (ITS#9428) Fixed slapd-ldap fix binds on retry with closed connection (ITS#9400) Fixed slapo-syncprov to ignore duplicate sessionlog entries (ITS#9394)
* Thu Dec 17 2020 Michael Ströder - added openldap2.keyring and source signature file
* Wed Nov 11 2020 Michael Ströder - updated to 2.4.56 OpenLDAP 2.4.56 Release (2020/11/10) Fixed slapd to remove assert in certificateListValidate (ITS#9383) Fixed slapd to remove assert in csnNormalize23 (ITS#9384) Fixed slapd to better parse ldapi listener URIs (ITS#9379)
* Tue Oct 27 2020 William Brown - bsc#1175568 CVE-2020-8027 openldap_update_modules_path.sh has a number of issues in it\'s design that lead to security issues. This file has been removed, from the package, and the %post execution of the install. The function is replaced by /usr/sbin/slapd-ldif-update-crc and /usr/lib/openldap/fixup-modulepath, through the addition of the source files:
* fixup-modulepath.sh
* slapd-ldif-update-crc.sh
* update-crc.sh
* Mon Oct 26 2020 Michael Ströder - updated to 2.4.55 OpenLDAP 2.4.55 Release (2020/10/26) Fixed slapd normalization handling with modrdn (ITS#9370) Fixed slapd-meta to check ldap_install_tls return code (ITS#9366) Contrib Fixed nssov misplaced semicolon (ITS#8731, ITS#9368) LMDB 0.9.27 Release (2020/10/26) ITS#9376 fix repeated DUPSORT cursor deletes
* Mon Oct 12 2020 Michael Ströder - updated to 2.4.54 OpenLDAP 2.4.54 Release (2020/10/12) Fixed slapd delta-syncrepl to ignore delete ops on deleted entry (ITS#9342) Fixed slapd delta-syncrepl to be fully serialized (ITS#9330) Fixed slapd delta-syncrepl MOD on zero-length context entry (ITS#9352) Fixed slapd sessionlog to use a TAVL tree (ITS#8486) Fixed slapd syncrepl to be fully serialized (ITS#8102) Fixed slapd syncrepl to call check_syncprov on fresh consumer (ITS#9345) Fixed slapd syncrepl to propagate errors from overlay_entry_get_ov (ITS#9355) Fixed slapd syncrepl to not create empty ADD ops (ITS#9359) Fixed slapd syncrepl replace usage on single valued attrs (ITS#9295) Fixed slapd-monitor fix monitor_back_register_database for empty suffix DB (ITS#9353) Fixed slapo-accesslog normalizer for reqStart (ITS#9358) Fixed slapo-accesslog to not generate new contextCSN on purge (ITS#9361) Fixed slapo-syncprov contextCSN generation with empty suffix (ITS#9015)
* Mon Sep 07 2020 Michael Ströder - updated to 2.4.53 OpenLDAP 2.4.53 (2020/09/07) Added slapd syncrepl additional SYNC logging (ITS#9043) Fixed slapd syncrepl segfault on NULL cookie on REFRESH (ITS#9282) Fixed slapd syncrepl to use fresh connection on REFRESH fallback (ITS#9338) Fixed slapo-ppolicy race condition for pwdFailureTime (ITS#9302,ITS#9334) Build Require OpenSSL 1.0.2 or later (ITS#9323) Fixed libldap compilation issue with broken C compilers (ITS#9332)
* Fri Aug 28 2020 Michael Ströder - updated to 2.4.52 OpenLDAP 2.4.52 (2020/08/28) Added libldap LDAP_OPT_X_TLS_REQUIRE_SAN option (ITS#9318) Added libldap OpenSSL support for multiple EECDH curves (ITS#9054) Added slapd OpenSSL support for multiple EECDH curves (ITS#9054) Fixed librewrite malloc/free corruption (ITS#9249) Fixed libldap hang when using UDP and server down (ITS#9328) Fixed slapd syncrepl rare deadlock due to network issues (ITS#9324) Fixed slapd syncrepl regression that could trigger an assert (ITS#9329) Fixed slapd-mdb index error with collapsed range (ITS#9135)
* Thu Aug 20 2020 Thorsten Kukuk - Switch from shadow to sysusers to generate ldap account- Remove if\'s for code older than SLE12 (Even SLE12 builds no longer)- Remove 12 years old sasl2 migration code
* Sat Aug 15 2020 Thorsten Kukuk - Drop obsolete, not working DB_CONFIG- Remove init.d header from start script, does not work- Use bash for start script as syntax is not POSIX sh supported- Remove UPDATE_NEEDED section in start script, does never match
* Sat Aug 15 2020 Thorsten Kukuk - Remove remaining rc.status usage in start script
* Wed Aug 12 2020 Michael Ströder - updated to 2.4.51- removed obsolete patch 0014-ITS-8650-fix-debug-usage.patch OpenLDAP 2.4.51 Release (2020/08/11) Added slapo-ppolicy implement Netscape password policy controls (ITS#9279) Fixed libldap retry loop in ldap_int_tls_connect (ITS#8650) Fixed libldap to use getaddrinfo in ldap_pvt_get_fqdn (ITS#9287) Fixed slapd to enforce singular existence of some overlays (ITS#9309) Fixed slapd syncrepl to not delete non-replicated attrs (ITS#9227) Fixed slapd syncrepl to correctly delete entries on resync (ITS#9282) Fixed slapd syncrepl to use replace on single valued attrs (ITS#9294, ITS#9295) Fixed slapd-perl dynamic config with threaded slapd (ITS#7573) Fixed slapo-ppolicy to expose the ppolicy control (ITS#9285) Fixed slapo-ppolicy race condition for pwdFailureTime (ITS#9302) Fixed slapo-ppolicy so it can only exist once per DB (ITS#9309) Fixed slapo-chain to check referral (ITS#9262) Build Environment Fix test064 so it no longer uses bashisms (ITS#9263) Contrib Fix default prefix value for pw-argon2, pw-pbkdf2 modules (ITS#9248) slapo-allowed - Fix usage of unitialized variable (ITS#9308) Documentation ldap_parse_result(3) - Document ldap_parse_intermediate (ITS#9271)
* Mon Jun 08 2020 Callum Farmer - Revert changes to libexecdir
* Sun Jun 07 2020 Michael Ströder - More .spec cleanups
* Fri Jun 05 2020 Callum Farmer - Fixes for %_libexecdir changing to /usr/libexec- Spec file cleanups
* Wed May 06 2020 Michael Ströder - updated to 2.4.50- added 0014-ITS-8650-fix-debug-usage.patch- enabled new contrib overlay pw-argon2- replaced FTP by HTTPS download URL for source- removed 0009-Fix-ldap-host-lookup-ipv6.patch (see bsc#1171127) OpenLDAP 2.4.50 Release (2020/04/28) Fixed client benign typos (ITS#8890) Fixed libldap type cast (ITS#9175) Fixed libldap retry loop in ldap_int_tls_connect (ITS#8650) Fixed libldap_r race on Windows mutex initialization (ITS#9181) Fixed liblunicode memory leak (ITS#9198) Fixed slapd benign typos (ITS#8890) Fixed slapd to limit depth of nested filters (ITS#9202) Fixed slapd-mdb memory leak in dnSuperiorMatch (ITS#9214) Fixed slapo-pcache database initialization (ITS#9182) Fixed slapo-ppolicy callback (ITS#9171) Build Fix olcDatabaseDummy initialization for windows (ITS#7074) Fix detection for ws2tcpip.h for windows (ITS#8383) Fix back-mdb types for windows (ITS#7878) Contrib Update ldapc++ config.guess and config.sub to support newer architectures (ITS#7855) Added pw-argon2 module (ITS#9233, ITS#8575, ITS#9203, ITS#9206) Documentation slapd-ldap(5) - Clarify idassert-authzfrom behavior (ITS#9003) slapd-meta(5) - Remove client-pr option (ITS#8683) slapdinex(8) - Fix truncate option information for back-mdb (ITS#9230)
* Thu Jan 30 2020 Michael Ströder - updated to 2.4.49- removed obsolete back-port patches:
* 0013_openldap-its9124_fix_crash_with_cancel_exop.patch- removed obsolete source file DB_CONFIG OpenLDAP 2.4.49 Release (2020/01/30) Added slapd-monitor database entry count for slapd-mdb (ITS#9154) Fixed client tools to not add controls on cancel/abandon (ITS#9145) Fixed client tools SyncInfo message to be LDIF compliant (ITS#8116) Fixed libldap to correctly free sb (ITS#9081, ITS#8755) Fixed libldap descriptor leak if ldaps fails (ITS#9147) Fixed libldap remove unnecessary global mutex for GnuTLS (ITS#9069) Fixed slapd syntax evaluation of preferredDeliveryMethod (ITS#9067) Fixed slapd to relax domainScope control check (ITS#9100) Fixed slapd to have cleaner error handling during connection setup (ITS#9112) Fixed slapd data check when processing cancel exop (ITS#9124) Fixed slapd attribute description processing (ITS#9128) Fixed slapd-ldap to set oldctrls correctly (ITS#9076) Fixed slapd-mdb to honor unchecked limit with alias deref (ITS#7657) Fixed slapd-mdb missing final commit with slapindex (ITS#9095) Fixed slapd-mdb drop attr mappings added in an aborted txn (ITS#9091) Fixed slapd-mdb nosync FLAG configuration handling (ITS#9150) Fixed slapd-monitor global operation counter reporting (ITS#9119) Fixed slapo-ppolicy when used with slapauth (ITS#8629) Fixed slapo-ppolicy to add a missed normalised copy of pwdChangedTime (ITS#9126) Fixed slapo-syncprov fix sessionlog init (ITS#9146) Fixed slapo-unique loop termination (ITS#9077) Build Environment Fix mkdep to honor TMPDIR if set (ITS#9062) Remove ICU library detection (ITS#9144) Update config.guess and config.sub to support newer architectures (ITS#7855) Disable ITS8521 regression test as it is no longer valid (ITS#9015) Documentation admin24 - Fix inconsistent whitespace in replication section (ITS#9153) slapd-config(5)/slapd.conf(5) - Fix missing bold tag for keyword (ITS#9063) slapd-ldap(5) - Document \"tls none\" option (ITS#9071) slapo-ppolicy(5) - Correctly document pwdGraceAuthnLimit (ITS#9065)
* Fri Jan 10 2020 Michael Ströder - added back-port patch 0013_openldap-its9124_fix_crash_with_cancel_exop.patch to fix OpenLDAP ITS#9124
* Sun Dec 22 2019 Michael Ströder - use BuildRequires: pkgconfig(krb5) instead of krb5-devel-mini
* Fri Aug 02 2019 Martin Liška - Use FAT LTO objects in order to provide proper static library.
* Thu Jul 25 2019 matthias.gerstnerAATTsuse.com- removal of SuSEfirewall2 service, since SuSEfirewall2 has been replaced by firewalld, see [1]. [1]: https://lists.opensuse.org/opensuse-factory/2019-01/msg00490.html
* Wed Jul 24 2019 Michael Ströder - Update to upstream release 2.4.48 with security fixes:
* CVE-2019-13057 (ITS#9038): rootdn of any db can assert any identity
* CVE-2019-13565 (ITS#9052): Unauthorized access caused by incorrect handling of SASL SSF values- Fix CVE-2017-17740 by disabling nops overlay not maintained by upstream (see also bsc#1073313, comment #36)- Removed obsolete patches:
* 0002-openldap-its8727-plug-ber-leaks.patch
* 0017-Fix-segfault-in-nops.patch OpenLDAP 2.4.48 (2019/07/24) Added libldap OpenSSL Elliptic Curve support (ITS#7595) Added libldap Expose OpenLDAP specific interfaces via openldap.h (ITS#8671) Added slapd-monitor support for slapd-mdb (ITS#7770) Fixed liblber leaks (ITS#8727) Fixed liblber with partial flush (ITS#8864) Fixed libldap ASYNC TLS so it works (ITS#8957,ITS#8980) Fixed libldap ASYNC connections with Solaris 10 (ITS#8968) Fixed libldap with SASL_NOCANON=on and ldapi connections (ITS#7585) Fixed libldap to be able to unset syncrepl TLS options (ITS#7042) Fixed libldap race condition in ldap_int_initialize (ITS#7996, ITS#8450) Fixed libldap return code in ldap_create_assertion_control_value (ITS#8674) Fixed libldap to correctly disable IPv6 when configured to do so (ITS#8754) Fixed libldap to correctly close TLS connection (ITS#8755) Fixed libldap with non-blocking TLS and referals (ITS#8167) Fixed libldap_r handling of deprecated OpenSSL function (ITS#8353) Fixed liblunicode case correspondance (ITS#8508) Fixed slapd with an idletimeout of less than four seconds (ITS#8952) Fixed slapd config parser variable for Windows64 (ITS#9012) Fixed slapd syncrepl fallback handling with delta-syncrepl (ITS#9015) Fixed slapd telephoneNumberNormalize, cert DN validation (ITS#8999) Fixed slapd syncrepl for relax with delta-syncrepl (ITS#8037) Fixed slapd to restrict rootDN proxyauthz to its own databases (ITS#9038) Fixed slapd to initialize SASL SSF per connection (ITS#9052) Fixed slapo-accesslog with SLAP_MOD_SOFT modifications (ITS#8990) Fixed slapd-ldap starttls connections timeout behavior (ITS#8963) Fixed slapd-ldap segfault when entry result doesn\'t match filter (ITS#8997) Fixed slapd-meta conversion from slapd.conf to cn=config (ITS#8743) Fixed slapd-meta assertion when network interface goes down (ITS#8841) Fixed slapd-mdb fix bitshift integer overflow (ITS#8989) Fixed slapd-mdb index cleanup with cn=config (ITS#8472) Fixed slapd-mdb to improve performance with alias deref (ITS#7657) Fixed slapo-accesslog possible assert with exops (ITS#8971) Fixed slapo-chain to correctly reject multiple chaining URIs (ITS#8637) Fixed slapo-chain conversion from slapd.conf to cn=config (ITS#8799) Fixed slapo-memberof conversion from slapd.conf to cn=config (ITS#8663) Fixed slapo-memberof for group name change to itself (ITS#9000) Fixed slapo-ppolicy behavior when pwdInHistory is changed (ITS#8349) Fixed slapo-rwm to not free original filter (ITS#8964) Fixed slapo-syncprov contextCSN generation (ITS#9015) Build Environment Fixed slapd to only link to BDB libraries with static build (ITS#8948) Fixed libldap implicit declaration with LDAP_CONNECTIONLESS (ITS#8794) Fixed libldap double inclusion of limits.h in cyrus.c (ITS#9041) Documentation General - Fixed minor typos (ITS#8764, ITS#8761) admin24 - Miscellaneous updates promoting mdb and fixing examples (ITS#9031) slapd.access(5) - Note MDB is the primary backend (ITS#8881) slapd.backends(5) - Note MDB is the recommended backend (ITS#8771) slapd-ldap(5) - Document starttls parameter (ITS#8693) Contrib Added slapo-lastbind capability to forward authTimestamp updates (ITS#7721)
* Tue May 14 2019 William Brown - bsc#1111388 - incorrect post script call causes tmpfiles create not to be run.
* Sun Mar 10 2019 Michael Ströder - Corrected moduleload back_mdb.la to get a working configuration right after package installation.
* Fri Jan 04 2019 Michael Ströder - added back-ported fix for OpenLDAP ITS#8727 (file 0002-openldap-its8727-plug-ber-leaks.patch)
* Thu Dec 20 2018 Michael Ströder - Update to upstream release 2.4.47- Removed obsolete patches:
* 0006-No-Build-date-and-time-in-binaries.dif (upstream now uses SOURCE_DATE_EPOCH for reproducable builds)
* 0012-ITS8051-sockdnpat.patch
* 0014-ITS-8714-Send-out-EXTENDED-operation-message-from-back-sock.patch OpenLDAP 2.4.47 Release (2018/12/19) Added slapd-sock DN qualifier for subtrees to be processed (ITS#8051) Added slapd-sock ability to send extended operations to external listeners (ITS#8714) Fixed liblber to avoid incremental access to user-supplied bv in dupbv (ITS#8752) Fixed libldap dn to domain parsing with bad input (ITS#8842) Fixed slapd slapcat to correctly honor -g option (ITS#8667) Fixed slapd to correctly handle NO_SUCH_OBJECT with dynamic groups (ITS#8923) Fixed slapd to check status of rdnNormalize (ITS#8932) Fixed slapd cn=config when modifying slapo-syncprov config (ITS#8616) Fixed slapd sasl authz-policy \"all\" behavior (ITS#8909) Fixed slapd sasl minor typo (ITS#8918) Fixed slapd to correctly hide hidden DBs in the rootDSE (ITS#8912) Fixed slapd domainScope control to match Microsoft specification (ITS#8840) Fixed slapd-bdb/hdb/mdb to not convert certain IDLs to ranges (ITS#8868) Fixed slapo-accesslog deadlock during cleanup (ITS#8752) Fixed slapo-memberof cn=config modifications (ITS#8663) Fixed slapo-ppolicy with multimaster replication (ITS#8927) Fixed slapo-syncprov with NULL modlist (ITS#8843) Build Environment Added slapd reproducible build support (ITS#8928) Fixed missing includes with OpenSSL 1.0.2 (ITS#8809) Contrib Fixed slapo-pbkdf2 hash generation (ITS#8878) Documentation admin24 fixed minor typo (ITS#8887)
* Thu Nov 22 2018 Jan Engelhardt - Replace old $RPM_
* shell vars
* Tue Nov 20 2018 ckowalczykAATTsuse.com- Fix CVE-2017-17740: when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack
* patch: 0017-Fix-segfault-in-nops.patch (bsc#1073313)
* Mon Nov 12 2018 Dominique Leuenberger - Emergency fix: move tmpfiles_create post from the library package to the main package\'s post script, which ships the tmpfiles.d configuration. Fixes the post script of the library (-p /sbin/ldconfig does not allow more statements in the script).
* Thu Nov 08 2018 varkolyAATTsuse.com- bsc#1111388 openldap and /var/lib/ldap/DB_CONFIG
* (transactional-update)
* Fri Oct 26 2018 Michael Ströder - Fixed broken memory handling in 0001-ITS-8866-slapo-unique-to-return-filter-used-in-diagn.patch affecting error response of slapo-unique
* Fri Aug 17 2018 ckowalczykAATTsuse.com- Fix slapd segfaults in mdb_env_reader_dest + with patch 0016-Clear-shared-key-only-in-close-function.patch + (bsc#1089640)
* Fri Jun 29 2018 michaelAATTstroeder.com- fixed shee-bang in openldap_update_modules_path.sh (bsc#1099705)
* Wed Jun 20 2018 michaelAATTstroeder.com- Added a patch to let slapd return the uniqueness check filter used before constraint violation to the client 0001-ITS-8866-slapo-unique-to-return-filter-used-in-diagn.patch
* Tue Jun 05 2018 varkolyAATTsuse.com- bsc#1095816 libldap package does not contain and provide libldap anymore
* Thu May 24 2018 kukukAATTsuse.de- Don\'t require systemd explicit, spec file can handle both cases correct and in containers we don\'t have systemd.
* Tue Apr 24 2018 zsolt.kalmarAATTsuse.com- bsc#1085064 Packaging issues have been discovered around the openldap_update_modules_path.sh which has been corrected: - the spec file was wrongly configured, therefore the script has never been called - the script should create the symlinks first, as slapcat is useless on a system which is already affected.
* Fri Apr 06 2018 zsolt.kalmarAATTsuse.com- bsc#1085064 Add script \"openldap_update_modules_path.sh\" which which removes the configuration item olcModulePath in cn=config which is after upgrade from SLE12 to SLE15 holds inappropriate information. If the cn=config is being used on a system, the conflicting items in slapd.conf are ignored, despite of it, the backend DB configuration section has been also commented out in the default slapd.conf. In case of correct cn=config (the olcModulePath has been already removed), the script stops without touching anything.
* Fri Mar 23 2018 michaelAATTstroeder.com- Upgrade to upstream 2.4.46 release- removed obsolete back-port patches:
* 0013-ITS-8692-let-back-sock-generate-increment-line.patch
* 0016-ITS-8782-fix-cancel-memleak.patch OpenLDAP 2.4.46 Release (2018/03/22) Fixed libldap connection delete callbacks when TLS fails to start (ITS#8717) Fixed libldap to not reuse tls_session if TLS hostname check fails (ITS#7373) Fixed libldap cross-compiling with OpenSSL 1.1 (ITS#8687) Fixed libldap OpenSSL 1.1.1 compatibility with BIO_method (ITS#8791) Fixed libldap MozNSS CA certificate hash matching (ITS#7374) Fixed libldap MozNSS with PEM certs when also using an NSS cert db (ITS#7389) Fixed libldap MozNSS initialization (ITS#8484) Fixed libldap GnuTLS with GNUTLS_E_AGAIN (ITS#8650) Fixed libldap memory leak with cancel operations (ITS#8782) Fixed slapd Eventlog registry key creation on 64-bit Windows (ITS#8705) Fixed slapd to maintain SSF across SASL binds (ITS#8796) Fixed slapd syncrepl deadlock when updating cookie (ITS#8752) Fixed slapd syncrepl callback to always be last in the stack (ITS#8752) Fixed slapd telephoneNumberNormalize when the value is spaces and hyphens (ITS#8778) Fixed slapd CSN queue processing (ITS#8801) Fixed slapd-ldap TLS connection timeout with high latency connections (ITS#8720) Fixed slapd-ldap to ignore unknown schema when omit-unknown-schema is set (ITS#7520) Fixed slapd-mdb with an optimization for long lived read transactions (ITS#8226) Fixed slapd-meta assert when olcDbRewrite is modified (ITS#8404) Fixed slapd-sock with LDAP_MOD_INCREMENT operations (ITS#8692) Fixed slapo-accesslog cleanup to only occur on failed operations (ITS#8752) Fixed slapo-dds entryTTL to actually decrease as per RFC 2589 (ITS#7100) Fixed slapo-syncprov memory leak with delete operations (ITS#8690) Fixed slapo-syncprov to not clear pending operation when checkpointing (ITS#8444) Fixed slapo-syncprov to correctly record contextCSN values in the accesslog (ITS#8100) Fixed slapo-syncprov not to log checkpoints to accesslog db (ITS#8607) Fixed slapo-syncprov to process changes from this SID on REFRESH (ITS#8800) Fixed slapo-syncprov session log parsing to not block other operations (ITS#8486) Build Environment Fixed Windows build with newer MINGW version (ITS#8697) Fixed compiler warnings and removed unused variables (ITS#8578) Contrib Fixed ldapc++ Control structure (ITS#8583) Documentation Delete stub manpage for back-ldbm (ITS#8713) Fixed ldap_bind(3) to mention the LDAP_SASL_SIMPLE mechanism (ITS#8121) Fixed ldap.conf(5) to note SASL_MECH/SASL_REALM are no longer user-only (ITS#8818) Fixed slapd-config(5) typo for olcTLSCipherSuite (ITS#8715) Fixed slapo-syncprov(5) indexing requirements (ITS#5048)
* Thu Feb 22 2018 fvogtAATTsuse.com- Use %license (boo#1082318)
* Mon Dec 11 2017 michaelAATTstroeder.com- added 0016-ITS-8782-fix-cancel-memleak.patch
* Thu Nov 23 2017 rbrownAATTsuse.com- Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468)
* Mon Oct 02 2017 jengelhAATTinai.de- Add openldap-r-only.dif so that openldap2\'s own tools also link against libldap_r rather than libldap.- Make libldap equivalent to libldap_r (like Debian) to avoid crashes in threaded programs which unknowingly get both libraries inserted into their process image. [rh#1370065, boo#996551]
* Mon Oct 02 2017 mrueckertAATTsuse.de- use existing groups instead of inventing new ones
* Mon Sep 18 2017 michaelAATTstroeder.com- added 0012-ITS8051-sockdnpat.patch
* Wed Sep 06 2017 michaelAATTstroeder.com- updated 0014-ITS-8714-Send-out-EXTENDED-operation-message-from-back-sock.patch
* Fri Aug 18 2017 michaelAATTstroeder.com- Added OpenLDAP new feature implementing OpenLDAP ITS#8714 0014-ITS-8714-Send-out-EXTENDED-operation-message-from-back-sock.patch
* Thu Jul 20 2017 michaelAATTstroeder.com- added overlay trace to package openldap2-contrib
* Wed Jul 12 2017 michaelAATTstroeder.com- Upgrade to upstream 2.4.45 release- removed obsolete 0010-Enforce-minimum-DH-size-of-1024.patch and 0012-use-system-wide-cert-dir-by-default.patch- added 0013-ITS-8692-let-back-sock-generate-increment-line.patch for supporting modify increment operations with back-sock- added overlay addpartial to package openldap2-contrib
* Wed Jun 07 2017 hguoAATTsuse.com- Remove legacy daemon control that was used to migrate from SLE 11 to 12. (bsc#1038405)
* Tue Jun 06 2017 hguoAATTsuse.com- There is no change made about the package itself, this is only copying over some changelog texts from SLE package:- bug#976172 owned by hguoAATTsuse.com: openldap2 - missing /usr/share/doc/packages/openldap2/guide/admin/guide.html- bug#916914 owned by varkolyAATTsuse.com: VUL-0: CVE-2015-1546: openldap2: slapd crash in valueReturnFilter cleanup- [fate#319300](https://fate.suse.com/319300)- [CVE-2015-1545](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1545)- bug#905959 owned by hguoAATTsuse.com: L3-Question: Are multiple \"Connection 0\" in a Multi Master setup normal ?- [CVE-2015-1546](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1546)- bug#916897 owned by varkolyAATTsuse.com: VUL-0: CVE-2015-1545: openldap2: slapd crashes on search with deref control and empty attr list
* Fri Apr 07 2017 jengelhAATTinai.de- Drop binutils requirement; the code using /usr/bin/strings has been dropped in openSUSE:Factory/openldap2 revision 112.
* Sat Feb 18 2017 kukukAATTsuse.com- Remove superfluous insserv PreReq.
* Thu Nov 10 2016 hguoAATTsuse.com- Introduce patch 0012-use-system-wide-cert-dir-by-default.patch to let OpenLDAP read system wide certificate directory by default and avoid hiding the error if user specified CA location cannot be read (bsc#1009470).
* Fri Oct 14 2016 hguoAATTsuse.com- Add more details in the comments of slapd.conf concerning file permission and StartTLS capability.
* Thu Jun 23 2016 jengelhAATTinai.de- Test for user/group existence before trying to add them. Summary spello update.
* Thu Jun 16 2016 hguoAATTsuse.com- Move schema files into tarball addonschema.tar.gz: ldapns.ldif ldapns.schema rfc2307bis.ldif rfc2307bis.schema yast.ldif yast.schema- Package previously missing schema files in LDIF format: amavisd-new.ldif dhcp.ldif dlz.ldif dnszone.ldif samba3.ldif sudo.ldif suse-mailserver.ldif (bsc#984691)- Fix a minor issue in schema2ldif script that led to missing attribute in the generated LDIF.
* Tue May 17 2016 hguoAATTsuse.com- Enable build flag LDAP_USE_NON_BLOCKING_TLS to fix bsc#978408.
* Thu Feb 25 2016 hguoAATTsuse.com- Move ldap.conf into libldap-data package, per convention.
* Sun Feb 21 2016 jengelhAATTinai.de- Move ldap.conf out of shlib package again, they are not allowed there for obvious reasons (conflict with future package).
* Thu Feb 18 2016 hguoAATTsuse.com- Build password strength enforcer as an implementation of ppolicy password checker, introducing: ppolicy-check-password-1.2.tar.gz ppolicy-check-password.Makefile ppolicy-check-password.conf ppolicy-check-password.5 0200-Fix-incorrect-calculation-of-consecutive-number-of-c.patch (Implements fate#319461)
* Thu Feb 18 2016 lmuelleAATTsuse.com- Remove redundant -n openldap2- package name prefix.
* Mon Feb 08 2016 hguoAATTsuse.com- Remove openldap2-client.spec and openldap2-client.changes openldap2.spec now builds client utilities and libraries. Thus pre_checkin.sh is removed.- Move ldap.conf and its manual page from openldap2-client package to libldap-2_4-2 package, which is more appropriate.- Use RPM_OPT_FLAGS in build flags.- Macros dealing with old/unsupported distributions are removed.- Remove 0002-slapd.conf.dif and install improved slapd.conf from new source file slapd.conf.- Install slapd.conf.olctemplate to assist in preparing slapd.d for OLC.- Be explicit in sysconfig that by default openldap will use static file configuration.- Add the following schemas in LDIF format:
* rfc2307bis.ldif
* ldapns.ldif
* yast.ldif- Other minor clean-ups in the spec file.
* Mon Feb 08 2016 mpluskalAATTsuse.com- Use optflags when building
* Sat Feb 06 2016 michaelAATTstroeder.com- Upgrade to upstream 2.4.44 release with accumulated bug fixes.- Specify source with FTP URL- Removed obsolete 0012-openldap-re24-its8336.patch
* Mon Jan 25 2016 hguoAATTsuse.com- Relabel patch 0011-Enforce-minimum-DH-size-of-1024.patch into 0010-Enforce-minimum-DH-size-of-1024.patch
* Tue Dec 08 2015 michaelAATTstroeder.com- Upgrade to upstream 2.4.43 release with accumulated bug fixes.- Still build on SLES12- Loadable backend and overlay modules are now installed into arch-specific path %{_libdir}/openldap- All backends and overlays as modules for smaller memory footprint on memory constrained systems- Added extra package for back-sock- Consequent use of %{_rundir} everywhere- Rely on upstream ./configure script instead of any other macro foo- Dropped linking with libwrap- Dropped 0004-libldap-use-gethostbyname_r.dif because this work-around for nss_ldap is obsolete- New sub-package openldap2-contrib with selected contrib/ overlays- Replaced addonschema.tar.gz with separate schema sources- Updated ldapns.schema from recent slapo-nssov source tree- Added symbolic link to slapd executable in /usr/sbin/- Added more complex example configuration file /etc/openldap/slapd.conf.example- Set OPENLDAP_START_LDAPI=\"yes\" in /etc/sysconfig/openldap- Set OPENLDAP_REGISTER_SLP=\"no\" in /etc/sysconfig/openldap- Added patch for OpenLDAP ITS#7796 to avoid excessive \"not index\" logging: 0011-openldap-re24-its7796.patch- Replaced openldap-rc.tgz with single source files- Added soft dependency (Recommends) to cyrus-sasl- Added soft dependency (Recommends) to cyrus-sasl-devel to openldap2-devel- Added patch for OpenLDAP ITS#8336 (assert in liblmdb): 0012-openldap-re24-its8336.patch- Remove obsolete patch 0001-build-adjustments.dif
* Wed Dec 02 2015 hguoAATTsuse.com- Introduce patch 0010-Revert-Revert-ITS-8240-remove-obsolete-assert.patch to fix CVE-2015-6908. (bsc#945582)- Introduce patch 0011-Enforce-minimum-DH-size-of-1024.patch to address weak DH size vulnerability (bsc#937766)
* Mon Nov 30 2015 hguoAATTsuse.com- Introduce patch 0009-Fix-ldap-host-lookup-ipv6.patch to fix an issue with unresponsive LDAP host lookups in IPv6 environment. (bsc#955210)
* Fri Oct 09 2015 hguoAATTsuse.com- Remove OpenLDAP 2.3 code and patches from build source. Compatibility libraries for OpenLDAP 2.3 are built in package: compat-libldap-2_3-0 Removed source files: openldap-2.3.37-liblber-length-decoding.dif openldap-2.3.37-libldap-ntlm.diff openldap-2.3.37-libldap-ssl.dif openldap-2.3.37-libldap-sasl-max-buff-size.dif openldap-2.3.37-libldap-tls_chkhost-its6239.dif openldap-2.3.37-libldap-gethostbyname_r.dif openldap-2.3.37-libldap-suid.diff openldap-2.3.37.dif openldap-2.3.37-libldap-ld_defconn-ldap_free_connection.dif openldap-2.3.37-libldap-ldapi_url.dif openldap-2.3.37.tgz openldap-2.3.37-libldap-utf8-ADcanonical.dif README.update check-build.sh
* Thu Oct 01 2015 hguoAATTsuse.com- Upgrade to upstream 2.4.42 release with accumulated bug fixes.
* Tue Jul 21 2015 hguoAATTsuse.com- Upgrade to upstream 2.4.41 release with accumulcated bug fixes and stability improvements.
* Add patch 0008-In-monitor-backend-do-not-return-Connection0-entries.patch
* Remove already applied patch 0008-ITS-7723-fix-reference-counting.patch
* Remove already applied patch 0009-gcc5.patch (Implements fate#319301)
* Thu Feb 19 2015 rguentherAATTsuse.com- Add 0009-gcc5.patch to pass -P to the preprocessor in configure checks for Berkeley DB version
* Wed Nov 26 2014 jengelhAATTinai.de- binutils is required for \"strings\" utility invocation in %pre [bnc#904028]- Remove SLE10 definitions
  
ICM