Changelog for
openldap2-devel-32bit-2.6.6-1.4.x86_64.rpm :
* Fri Nov 03 2023 Jan Engelhardt
- Update to release 2.6.6
* Fixed libldap handling of TCP KEEPALIVE options
* Fixed slapd callback handling with overlays that do extended operations
* Tue Sep 05 2023 Thorsten Kukuk - Disable SLP by default for Factory and ALP (bsc#1214884)
* Sat Apr 15 2023 Dirk Müller - update to 2.6.4:
* Fixed client tools to remove \'h\' and \'p\' options
* Fixed ldapsearch memory leak with paged results (ITS#9860)
* Fixed libldap ldif_open_urlto check for failure (ITS#9904 CVE-2023-2953 boo#1211795)
* Fixed libldap ldap_url_parsehosts check for failure
* Fixed liblunicode UTF8bvnormalize buffer size (ITS#9955)
* Fixed lloadd memory leaks (ITS#9907)
* Fixed lloadd shutdown code to protect memory correctly
* Fixed lloadd race in epoch.c (ITS#9947)
* Fixed lloadd potential deadlock with cn=monitor (ITS#9951)
* Fixed lloadd to keep listener base around when not active
* Fixed lloadd object reclamation sequencing (ITS#9983)
* Fixed slapd memory leak with olcAuthIDRewrite (ITS#6035)
* Fixed slapd free of redundant cmdline option (ITS#9912)
* Fixed slapd transactions extended operations cleanup after
* Fixed slapd deadlock with replicated cn=config
* Fixed slapd connection close logic (ITS#9991)
* Fixed slapd bconfig locking of cn=config entries (ITS#9045)
* Fixed slapd-mdb max number of index databases to 256
* Fixed slapd-mdb to always release entries from ADD operations
* Fixed slapd-mdb to fully init empty DN in tool_entry_get
* Fixed slapd-monitor memory leaks with lloadd (ITS#9906)
* Fixed slapd-monitor to free remembered cookies (ITS#9339)
* Fixed slapo-accesslog reqStart ordering matching rule
* Fixed slapo-deref memory leak (ITS#9924)
* Fixed slapo-dynlist to ignore irrelevant objectClasses
* Fixed slapo-dynlist to avoid unnecessary searches (ITS#9929)
* Fixed slapo-dynlist to mark internal searches as such
* Fixed slapo-pcache crash in consistency_check (ITS#9966)
* Fixed slapo-remoteauth memory leaks (ITS#9438)
* Fixed slapo-rwm memory leaks (ITS#9817)
* Build Environment
* Fixed ancient DOS related ifdef checks (ITS#9925)
* Fixed build process to not use gmake specific features
* Fixed source tree to remove symlinks (ITS#9926)
* Fixed slapo-otp testdir creation (ITS#9437)
* Fixed slapd-tester memory leak (ITS#9908)
* Fixed usage of non-standard C syntax (ITS#9898, ITS#9899, ITS#9901)
* Fixed usage of bashism (ITS#9900)
* Fixed test suite portability (ITS#9931)
* Documentation
* Fixed ldap_bind(3) to document ber_bvfree in ldap_sasl_bind (ITS#9976)
* Fixed slapo-asyncmeta(5) to clarify scheduling for target connections (ITS#9941)
* Fixed slapo-dynlist(5) to clarify configuration settings (ITS#9957)
* Fixed slapo-unique(5) to clarify when quoting should be used (ITS#9915)
* Minor cleanup
* Sat Dec 10 2022 Dirk Müller - add reproducible.patch to avoid using compile-time specific date/time constructs
* Mon Sep 26 2022 William Brown - bsc#1202931 - CVE-2022-31253 - Openldap start script allowed the ldap user to privilege escalate to root due to unbound chown commands.
* Thu Jul 14 2022 Michael Ströder - removed obsolete 0017-Resolve-error-handling-in-new-ctx-when-global.patch- update to 2.6.3
* Fixed librewrite declaration of calloc (ITS#9841)
* Fixed libldap to check for NULL ld (ITS#9157)
* Fixed libldap memory leaks (ITS#9876)
* Fixed lloadd to correctly tag Notice of Disconnection (ITS#9856)
* Fixed slapd delta-sync DN leak on ADD ops (ITS#9866)
* Fixed slapd replication with back-glue (ITS#9868)
* Fixed slapd lastbind replication with chaining (ITS#9863)
* Fixed slapd-ldap to correctly set authzid (ITS#9863)
* Fixed slapd-mdb to check for stale readers on MDB_READERS_FULL (ITS#7165)
* Fixed slapd-mdb indexer task with replicated config (ITS#9858)
* Fixed slapo-accesslog onetime memory leak (ITS#9864)
* Fixed slapo-ppolicy interaction with slapo-rwm (ITS#9871)
* Fixed slapo-rwm to handle escaping special characters (ITS#9817)
* Fixed slapo-syncprov memory leaks (ITS#9867)
* Fixed slapo-syncprov fallback in delta-sync mode (ITS#9823)
* Fixed slapo-unique to not release NULL entry (ITS#8245)
* doc: Fixed ldap_get_option(3) to clarify ldap_get/set_option restrictions (ITS#9824)
* Mon May 23 2022 Michael Ströder - Update to release 2.6.2
* Added support for OpenSSL 3.0 (ITS#9436)
* Fixed ldapdelete to prune LDAP subentries (ITS#9737)
* Fixed libldap to drop connection when non-LDAP data is received (ITS#9803)
* Fixed libldap to allow newlines at end of included file (ITS#9811)
* Fixed slapd slaptest conversion of olcLastBind (ITS#9808)
* Fixed slapd to correctly init global_host earlier (ITS#9787)
* Fixed slapd bconfig locking for cn=config replication (ITS#9584)
* Fixed slapd usage of thread local counters (ITS#9789)
* Fixed slapd to clear runqueue task correctly (ITS#9785)
* Fixed slapd idletimeout handling (ITS#9820)
* Fixed slapd syncrepl handling of new sessions (ITS#9584)
* Fixed slapd to clear connections on bind (ITS#9799)
* Fixed slapd to correctly advance connections index (ITS#9831)
* Fixed slapd syncrepl ODSEE replication of unknown attr (ITS#9801)
* Fixed slapd-asyncmeta memory leak in keepalive setting, slapd-ldap memory leak in keepalive setting, SEGV on config rewrite, ordering on config rewrite, memory leak in keepalive setting (ITS#9802)
* Fixed slapo-pcache SEGV & slapd-monitor SEGV on shutdown (ITS#9809)
* Fixed slapd-monitor crash when hitting sizelimit (ITS#9832)
* Fixed slapd-sql to properly escape filter value (ITS#9815)
* Fixed slapo-dynlist dynamic group regression (ITS#9825)
* Fixed slapo-ppolicy operation handling to be consistent (ITS#9794)
* Fixed slapo-translucent to correctly duplicate substring filters (ITS#9818)
* Contrib:
* Update ppm module to the 2.1 release (ITS#9814)
* Documentation:
* admin26: Document new lloadd features (ITS#9780)
* Fixed slapd.conf(5)/slapd-config(5) syncrepl sizelimit/timelimit documentation (ITS#9804)
* Fixed slapd-sock(5) to clarify \"sockresps result\" behavior (ITS#8255)
* Thu May 12 2022 William Brown - bsc#1199277 - Resolve segfault when calling new ctx with global ctx
* 0017-Resolve-error-handling-in-new-ctx-when-global.patch
* Mon Apr 11 2022 Michael Ströder - Use libargon2 instead of libsodium because it supports p>1- Added new contrib overlays: authzid, datamorph, variant, vc
* Sat Apr 02 2022 Jan Engelhardt - Update to release 2.6.1
* Ability to log directly to a file bypassing syslog
* back-ndb is retired
* back-sql and back-perl are deprecated
* lloadd(8): Additional load balancing strategies.
* lloadd(8): Additional options to improve coherence with certain controls and extended operations.
* Sat Mar 26 2022 Stephan Kulow - Add _multibuild support to integrate the build of libldapcpp-devel to drop the outdated copy
* Mon Oct 25 2021 Michael Ströder - update to 2.5.9 OpenLDAP 2.5.9 Release (2021/10/25) Fixed slapo-accesslog to initialize minCSN on import of 2.4 databases (ITS#9720)
* Mon Oct 11 2021 Michael Ströder - update to 2.5.8 OpenLDAP 2.5.8 Release (2021/10/11) Fixed libldap ldap_int_tls_connect: isdigit() requires unsigned char (ITS#9668) Fixed libldap memory leak in ldap_get_option LDAP_OPT_X_TLS_PEERCERT (ITS#9696) Fixed slapd to allow normalized values for namingContexts in cn=monitor (ITS#8341) Fixed slapd to normalize the suffix in rootDSE (ITS#9664) Fixed slapd slapadd to avoid destroying configDB prematurely (ITS#9678) Fixed slapd to not spam logs with lastbind information (ITS#9156) Fixed slapd slaptest migration to correctly set olcTSLVerifyClient (ITS#9711) Fixed slapd-mdb multival delete handling (ITS#9712) Fixed slapd-sql ldap_entry_objectclass table for mariadb/mysql (ITS#9679) Fixed slapd-wt multiple issues (ITS#9463) Fixed slapd-wt to close cache db correctly (ITS#9631) Fixed slapo-ppolicy to restore OpenLDAP 2.4 compatibilty (ITS#9671) Fixed slapo-syncprov to free uuid list when finished replaying sessionlog (ITS#6467) Build Fixed libldap result.c compilation on musl systems (ITS#9648) Fixed slapd duplicate definition of peerbv (ITS#9659) Fixed test suite with memberof modular builds (ITS#9464) Contrib Added man page for ppm contrib module (ITS#9644) Fix crash when pwdCheckModuleArg is not defined for ppm (ITS#9656) Documentation Fixed guide download link for heimdal (ITS#9669) Fixed guide documentation for TLSECName (ITS#9687) Fixed guide documentation missing tags (ITS#9693) Fixed guide loadbalancer typo (ITS#9699) Fixed guide synprov-nopresent redundant text (ITS#9689) Fixed guide various typos and fix config alignment (ITS#9706) Removed ppolicy.schema from servers/slapd/schema/README (ITS#9156) Fixed slapd.conf(5)/slapd-config(5) to document default for database monitoring (ITS#9674) Fixed slapd-meta(5)/slapd-asyncmeta(5) verbiage for try-propagate (ITS#9646) Fixed slapo-syncprov(5) to note entryCSN indexing is highly recommended (ITS#9688)
* Tue Aug 24 2021 Philipp Wagner - Update to upstream version 2.5.7 Fixed lloadd client state tracking (ITS#9624) Fixed slapd bconfig to canonicalize structuralObjectclass (ITS#9611) Fixed slapd-ldif duplicate controls response (ITS#9497) Fixed slapd-mdb multival crash when attribute is missing an equality matchingrule (ITS#9621) Fixed slapd-mdb compatibility with OpenLDAP 2.4 MDB databases (ITS#8958) Fixed slapd-mdb idlexp maximum size handling (ITS#9637) Fixed slapd-monitor number of ops executing with asynchronous backends (ITS#9628) Fixed slapd-sql to add support for ppolicy attributes (ITS#9629) Fixed slapd-sql to close transactions after bind and search (ITS#9630) Fixed slapo-accesslog to make reqMod optional (ITS#9569) Fixed slapo-ppolicy logging when pwdChangedTime attribute is not present (ITS#9625) Documentation slapd-mdb(5) note max idlexp size is 30, not 31 (ITS#9637) slapo-accesslog(5) note that reqMod is optional (ITS#9569) Add ldapvc(1) man page (ITS#9549) Add guide section on load balancer (ITS#9443) Updated guide to document multiprovider as replacement for mirrormode (ITS#9200) Updated guide to clarify slapd-mdb upgrade requirements (ITS#9200) Updated guide to document removal of deprecated options from client tools (ITS#9200)
* Fri Jul 30 2021 Philipp Wagner - Major version update to 2.5.6 See https://www.openldap.org/software/release/announce.html for a list of changes.- The threaded version of the OpenLDAP libraries, libldap_r, has been merged with libldap with 2.5. Removed all related downstream changes, including the openldap-r-only.dif patch. Introduce a new compatibility symlink in the other direction: libldap_r pointing to libldap.- Removed the ppolicy-check-password module. It is unmaintained and does not build any more. As part of that also remove the patch patch 0200-Fix-incorrect-calculation-of-consecutive-number-of-c.patch, which is applied to this module.- Removed patch 0001-ITS-8866-slapo-unique-to-return-filter-used-in-diagn.patch Fixed upstream in 2.5 (ITS#8866)- Updated patch 0005-pie-compile.dif Removed the hunks on back-bdb and back-hdb, which are retired backends in 2.5.- Removed patch 0007-Recover-on-DB-version-change.dif The back-bdb backend was retired.- Removed patch 0011-openldap-re24-its7796.patch Fixed upstream in 2.5 (ITS#7796)- Remove non-existant configure arguments: - -enable-rewrite, --enable-monitor, --enable-lmpasswd- Add the --enable-dynacl configure option, which is required for --enable-aci- Add the --with-argon2 configure option and remove it from the contrib modules, since it is now official (ITS#9453).- Pass mandir to smbk5pwd to ensure the man page ends up in /usr/share.- Include the new overlays in libdir/openldap in the packages.- Add the pkgconfig files to the devel package.- Remove compat macro for _fillupdir, which was introduced in Nov 2017 and should be widely available now.
* Fri Jun 04 2021 Michael Ströder - updated to 2.4.59 OpenLDAP 2.4.59 Release (2021/06/03) Fixed libldap TLSv1.3 cipher suites with OpenSSL 1.1.1 (ITS#9521) Fixed libldap double free of LDAP_OPT_DEFBASE (ITS#9530) Fixed slapd syncrepl handling of add+delete on single value attr (ITS#9295) Fixed slapd-mdb cursor init check (ITS#9526) Fixed slapd-mdb deletion of context entry (ITS#9531) Fixed slapd-mdb off-by-one affecting search scope (ITS#9557) Fixed slapo-pcache locking during expiration (ITS#9529) Contrib Fixed slapo-autogroup to not thrash thread context (ITS#9494) Documentation ldap_modify(3) - Delete non-existent mod_next parameter (ITS#9559)
* Tue Mar 16 2021 Michael Ströder - updated to 2.4.58 OpenLDAP 2.4.58 Release (2021/03/16) Fixed slapd validity checks for issuerAndThisUpdateCheck (ITS#9454) Fixed slapd to alloc new conn struct after freeing old one (ITS#9458) Fixed slapd syncrepl to check all contextCSNs (ITS#9282) Fixed slapd-bdb lockdetect config (ITS#9449)
* Mon Jan 18 2021 Michael Ströder - updated to 2.4.57 OpenLDAP 2.4.57 Release (2021/01/18) Fixed ldapexop to use correct return code (ITS#9417) Fixed slapd to remove asserts in UUIDNormalize (ITS#9391) Fixed slapd to remove assert in csnValidate (ITS#9410) Fixed slapd validity checks for issuerAndThisUpdateCheck (ITS#9411, ITS#9427) Fixed slapd validity checks for serialNumberAndIssuerCheck (ITS#9404, ITS#9424) Fixed slapd AVA sort with invalid RDN (ITS#9412) Fixed slapd ldap_X509dn2bv to check for invalid BER after RDN count (ITS#9423, ITS#9425) Fixed slapd saslauthz to remove asserts in validation (ITS#9406, ITS#9407) Fixed slapd saslauthz to use slap_sl_free on normalized DN (ITS#9409) Fixed slapd saslauthz SEGV in slap_parse_user (ITS#9413) Fixed slapd modrdn memory leak (ITS#9420) Fixed slapd double-free in vrfilter (ITS#9408) Fixed slapd cancel operation to correctly terminate (ITS#9428) Fixed slapd-ldap fix binds on retry with closed connection (ITS#9400) Fixed slapo-syncprov to ignore duplicate sessionlog entries (ITS#9394)