|
|
|
|
Changelog for openldap-devel-2.4.46-18.el8.i686.rpm :
* Thu Aug 05 2021 Simon Pichugin - 2.4.46-18- Add TLS_REQSAN option and change the default to TRY (#1814674) * Wed Jun 16 2021 Simon Pichugin - 2.4.46-17- Rebuild without MP_2 support (#1909037) * Thu Sep 10 2020 Simon Pichugin - 2.4.46-16- CLDAP ldap_result hangs if nobody listens on the port (#1875361) * Thu Jun 18 2020 Matus Honek - 2.4.46-15- Fix covscan issues from previous release (#1822737) * Tue Jun 16 2020 Matus Honek - 2.4.46-14- Backport Channel Binding support (#1822904, #1822737) * Wed Jan 15 2020 Matus Honek - 2.4.46-11- Use OpenSSL-1.0.2+ API for host name verification (#1788572) * Sun Aug 18 2019 Matus Honek - 2.4.46-10- Do not fallback to checking CN when no SAN matched (#1740070) * Mon Dec 17 2018 Matus Honek - 2.4.46-9- Reference default system-wide CA certificates in manpages (#1611624) * Tue Oct 16 2018 Matus Honek - 2.4.46-8- Backport upstream fixes for ITS 7595 - add OpenSSL EC support (#1623497) * Fri Jul 13 2018 Fedora Release Engineering - 2.4.46-7- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Fri Jul 06 2018 Matus Honek - 2.4.46-6- Build with LDAP_USE_NON_BLOCKING_TLS (#1594928)- Remove unused leftover MozNSS Compat. Layer references (cont.) (#1557967) * Fri Jul 06 2018 Petr Pisar - 2.4.46-5- Perl 5.28 rebuild * Wed Jul 04 2018 Matus Honek - 2.4.46-4- Remove unused leftover MozNSS Compat. Layer references (#1557967) * Wed Jul 04 2018 Matus Honek - 2.4.46-3- MozNSS Compat. Layer: Make log messages more clear (#1598103)- MozNSS Compat. Layer: Fix memleaks reported by valgrind (#1595203) * Wed Jun 27 2018 Jitka Plesnikova - 2.4.46-2- Perl 5.28 rebuild- MozNSS Compat. Layer: Fix typos, and spelling in the README file header (#1564161) * Tue Mar 27 2018 Matus Honek - 2.4.46-1- Rebase to version OpenLDAP 2.4.46 (#1559652) * Mon Mar 05 2018 Matus Honek - 2.4.45-14- Utilize system-wide crypto-policies (#1483979) * Thu Mar 01 2018 Matus Honek - 2.4.45-13- fix: openldap does not use Fedora build flags + makes use of redhat-rpm-config package- Drop superfluous back-sql linking patch * Wed Feb 28 2018 Matus Honek - 2.4.45-12- MozNSS Compat. Layer: fix: libldap tlsmc continues even after it fails to extract CA certificates (#1550110) * Wed Feb 21 2018 Matus Honek - 2.4.45-11- TLS: Use system trusted CA store by default (#1270678, #1537259) * Sun Feb 11 2018 Matus Honek - 2.4.45-10- Complete change: Disable TLSMC in F29+ * Fri Feb 09 2018 Igor Gnatenko - 2.4.45-9- Escape macros in %changelog- Disable TLSMC in F29+- Remove obsolete Group tag- Don\'t call ldconfig in servers subpackage- Switch to %ldconfig_scriptlets- Remove unneeded Requires(post): systemd-sysv, chkconfig- Switch to %systemd_requires- Change BuildRequires: systemd-units to systemd * Wed Feb 07 2018 Matus Honek - 2.4.45-8- Drop TCP wrappers support (#1531487) * Wed Feb 07 2018 Matus Honek - 2.4.45-7- MozNSS Compat. Layer fixes (#1400570) - fix incorrect parsing of CACertDir (orig. #1533955) - fix PIN disclaimer not always shown (orig. #1516409) - fix recursive directory deletion (orig. #1516409) - Ensure consistency of a PEM dir before usage (orig. #1516409) + Warn just before use of a PIN about key file extraction - Enable usage of NSS DB with PEM cert/key (orig. #1525485) + Fix a possible invalid dereference (covscan) * Sat Jan 20 2018 Björn Esser - 2.4.45-6- Rebuilt for switch to libxcrypt * Wed Dec 06 2017 Matus Honek - 2.4.45-5- Fix issues in MozNSS compatibility layer (#1400570) + Force write file with fsync to avoid race conditions + Always filestamp both sql and dbm NSS DB variants to not rely on default DB type prefix + Allow missing cert and key which is a valid usecase + Create extraction folder only in /tmp to simplify selinux rules + Fix Covscan issues * Fri Nov 03 2017 Matus Honek - 2.4.45-4- Build with OpenSSL with MozNSS compatibility layer (#1400570) * Thu Aug 03 2017 Fedora Release Engineering - 2.4.45-3- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild * Thu Jul 27 2017 Fedora Release Engineering - 2.4.45-2- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild * Fri Jul 07 2017 Matus Honek - 2.4.45-1- Rebase to version 2.4.45 (#1458081) * fixes CVE-2017-9287 (#1456712, #1456713)- Update the \'sources\' file with new SHA512 hashes * Fri Jul 07 2017 Matus Honek - 2.4.44-12- Change Requires to Recommends for nss-tools (#1415086) * Sun Jun 04 2017 Jitka Plesnikova - 2.4.44-11- Perl 5.26 rebuild * Fri Mar 31 2017 Matus Honek - 2.4.44-10- NSS: Maximal TLS protocol version should be equal to NSS default (#1435692) * Thu Mar 30 2017 Matus Honek - 2.4.44-9- NSS: Enhance OpenLDAP to support TLSv1.3 protocol with NSS (#1435692)- NSS: Rearrange ciphers-, parsing-, and protocol-related patches (#1435692) * Sat Feb 11 2017 Fedora Release Engineering - 2.4.44-8- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild * Mon Jan 30 2017 Matus Honek - 2.4.44-7- NSS: Update list of ciphers (#1387868) * Mon Jan 30 2017 Matus Honek - 2.4.44-6- NSS: Use what NSS considers default for DEFAULT cipher string (#1387868) * Thu Jan 26 2017 Matus Honek - 2.4.44-5- NSS: fix: incorrect multi-keyword parsing and support new ones (#1243517) * Mon Jan 23 2017 Matus Honek - 2.4.44-4- fix previous commit (#1375432) * Fri Jan 20 2017 Matus Honek - 2.4.44-3- fix: Setting olcTLSProtocolMin does not change supported protocols (#1375432)- fix: slapd should start after network-online.service (#1336487) * Sun May 15 2016 Jitka Plesnikova - 2.4.44-2- Perl 5.24 rebuild * Wed May 11 2016 Matus Honek - 2.4.44-1- Update to 2.4.44 (#1305191) * Tue May 03 2016 Matus Honek - 2.4.43-5- Bring back *.la files in %{_libdir}/openldap/ (#1331484) * Wed Apr 27 2016 Matus Honek - 2.4.43-4- Keep *.so libraries in %{_libdir}/openldap/ (#1331484)- Include AllOp overlay (#1319782) * Sun Apr 10 2016 Peter Robinson 2.4.43-3- Ensure all libtool archive files are removed (.la) * Thu Feb 04 2016 Fedora Release Engineering - 2.4.43-2- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild * Wed Dec 02 2015 Fedora Release Monitoring - 2.4.43-1- Update to 2.4.43 (#1253871) * Thu Jul 16 2015 Matúš Honěk - 2.4.41-1- New upstream release 2.4.41 (#1238251) * Wed Jun 17 2015 Fedora Release Engineering - 2.4.40-14- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild * Wed Jun 03 2015 Jitka Plesnikova - 2.4.40-13- Perl 5.22 rebuild * Mon Apr 27 2015 Jan Synáček - 2.4.40-12- fix: bring back tmpfiles config (#1215655) * Mon Mar 30 2015 Jan Synáček - 2.4.40-11- remove spurious ghosted file * Fri Feb 20 2015 Jan Synáček - 2.4.40-10- link against moznss again (#1187742) * Wed Feb 11 2015 Jan Synáček - 2.4.40-9- fix: Unknown Berkeley DB major version in db.h (#1191098) * Tue Feb 10 2015 Jan Synáček - 2.4.40-9- CVE-2015-1545: slapd crashes on search with deref control (#1190645) * Tue Jan 27 2015 Jan Synáček - 2.4.40-8- link against openssl by default- simplify package even more by removing certificate generation * Mon Jan 26 2015 Jan Synáček - 2.4.40-7- remove tmpfiles config since it\'s no longer needed- fix invalid ldif- simplify checking for missing server configuration * Fri Jan 16 2015 Jan Synáček - 2.4.40-6- remove openldap-fedora-systemd.patch- remove openldap-ldaprc-currentdir.patch- remove openldap-userconfig-setgid.patch- remove openldap-syncrepl-unset-tls-options.patch- remove unneeded configure flags, disable sql backend and aci- make mdb default after a new installation- remove pid file and args file- renumber patches and sources * Wed Dec 17 2014 Jan Synáček - 2.4.40-5- harden the build- improve check_password- provide an unversioned symlink to check_password.so.1.1 * Tue Dec 16 2014 Jan Synáček - 2.4.40-4- remove openldap.pc * Tue Dec 09 2014 Jan Synáček - 2.4.40-3- enhancement: generate openldap.pc (#1171493) * Fri Nov 14 2014 Jan Synáček - 2.4.40-2- enhancement: support TLSv1 and later (#1160466) * Mon Oct 06 2014 Jan Synáček - 2.4.40-1- new upstream release (#1147877) * Wed Aug 27 2014 Jitka Plesnikova - 2.4.39-12- Perl 5.20 rebuild * Sun Aug 17 2014 Fedora Release Engineering - 2.4.39-11- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Fri Jul 18 2014 Tom Callaway - 2.4.39-10- fix license handling * Mon Jul 14 2014 Jan Synáček - 2.4.39-9- fix: fix typo in generate-server-cert.sh (#1117229) * Mon Jun 09 2014 Jan Synáček - 2.4.39-8- fix: make default service configuration listen on ldaps:/// as well (#1105634) * Sat Jun 07 2014 Fedora Release Engineering - 2.4.39-7- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Fri May 30 2014 Jan Synáček - 2.4.39-6- fix: remove correct tmp file when generating server cert (#1103102) * Mon Mar 24 2014 Jan Synáček - 2.4.39-5- re-symlink unversioned libraries, so ldconfig is not confused (#1028557) * Tue Mar 04 2014 Jan Synáček - 2.4.39-4- don\'t automatically convert slapd.conf to slapd-config * Wed Feb 19 2014 Jan Synáček - 2.4.39-3- remove redundant sysconfig-related stuff- add documentation reference to service file- alias slapd.service as openldap.service * Tue Feb 04 2014 Jan Synáček - 2.4.39-2- CVE-2013-4449: segfault on certain queries with rwm overlay (#1060851) * Wed Jan 29 2014 Jan Synáček - 2.4.39-1- new upstream release (#1059186) * Mon Nov 18 2013 Jan Synáček - 2.4.38-1- new upstream release (#1031608) * Mon Nov 11 2013 Jan Synáček - 2.4.37-2- fix: slaptest incorrectly handles \'include\' directives containing a custom file (#1028935) * Wed Oct 30 2013 Jan Synáček - 2.4.37-1- new upstream release (#1023916)- fix: missing a linefeed at the end of file /etc/openldap/ldap.conf (#1019836) * Mon Oct 21 2013 Jan Synáček - 2.4.36-4- fix: slapd daemon fails to start with segmentation fault on s390x (#1020661) * Tue Oct 15 2013 Jan Synáček - 2.4.36-3- rebuilt for libdb-5.3.28 * Mon Oct 14 2013 Jan Synáček - 2.4.36-2- fix: CLDAP is broken for IPv6 (#1018688) * Wed Sep 04 2013 Jan Synáček - 2.4.36-2- fix: typos in manpages * Tue Aug 20 2013 Jan Synáček - 2.4.36-1- new upstream release + compile-in mdb backend * Sat Aug 03 2013 Fedora Release Engineering - 2.4.35-7- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Wed Jul 17 2013 Petr Pisar - 2.4.35-6- Perl 5.18 rebuild * Fri Jun 14 2013 Jan Synáček - 2.4.35-5- fix: using slaptest to convert slapd.conf to LDIF format ignores \"loglevel 0\" * Thu May 09 2013 Jan Synáček 2.4.35-4- do not needlessly run ldconfig after installing openldap-devel- fix: LDAPI with GSSAPI does not work if SASL_NOCANON=on (#960222)- fix: lt_dlopen() with back_perl (#960048) * Tue Apr 09 2013 Jan Synáček 2.4.35-3- fix: minor documentation fixes- set SASL_NOCANON to on by default (#949864)- remove trailing spaces * Fri Apr 05 2013 Jan Synáček 2.4.35-2- drop the evolution patch * Tue Apr 02 2013 Jan Synáček 2.4.35-1- new upstream release (#947235)- fix: slapd.service should ensure that network is up before starting (#946921)- fix: NSS related resource leak (#929357) * Mon Mar 18 2013 Jan Synáček 2.4.34-2- fix: syncrepl push DELETE operation does not recover (#920482)- run autoreconf every build, drop autoreconf patch (#926280) * Mon Mar 11 2013 Jan Synáček 2.4.34-1- enable perl backend (#820547)- package ppolicy-check-password (#829749)- add perl specific BuildRequires- fix bogus dates * Wed Mar 06 2013 Jan Vcelak 2.4.34-1- new upstream release (#917603)- fix: slapcat segfaults if cn=config.ldif not present (#872784)- use systemd-rpm macros in spec file (#850247) * Thu Jan 31 2013 Jan Synáček 2.4.33-4- rebuild against new cyrus-sasl * Wed Oct 31 2012 Jan Vcelak 2.4.33-3- fix update: libldap does not load PEM certificate if certdb is used as TLS_CACERTDIR (#857455) * Fri Oct 12 2012 Jan Vcelak 2.4.33-2- fix: slapd with rwm overlay segfault following ldapmodify (#865685) * Thu Oct 11 2012 Jan Vcelak 2.4.33-1- new upstream release: + slapd: ACLs, syncrepl + backends: locking and memory management in MDB + manpages: slapo-refint- patch update: MozNSS certificate database in SQL format cannot be used (#860317)- fix: slapd.service should not use /tmp (#859019) * Fri Sep 14 2012 Jan Vcelak 2.4.32-3- fix: some TLS ciphers cannot be enabled (#852338)- fix: connection hangs after fallback to second server when certificate hostname verification fails (#852476)- fix: not all certificates in OpenSSL compatible CA certificate directory format are loaded (#852786)- fix: MozNSS certificate database in SQL format cannot be used (#857373)- fix: libldap does not load PEM certificate if certdb is used as TLS_CACERTDIR (#857455) * Mon Aug 20 2012 Jan Vcelak 2.4.32-2- enhancement: TLS, prefer private keys from authenticated slots- enhancement: TLS, allow certificate specification including token name- resolve TLS failures in replication in 389 Directory Server * Wed Aug 01 2012 Jan Vcelak 2.4.32-1- new upstream release + library: double free, SASL handling + tools: read SASL_NOCANON from config file + slapd: config index renumbering, duplicate error response + backends: various fixes in mdb, bdb/hdb, ldap + accesslog, syncprov: fix memory leaks in with replication + sha2: portability, thread safety, support SSHA256,384,512 + documentation fixes * Sat Jul 21 2012 Jan Vcelak 2.4.31-7- fix: slapd refuses to set up TLS with self-signed PEM certificate (#842022) * Fri Jul 20 2012 Jan Vcelak 2.4.31-6- multilib fix: move libslapi from openldap-servers to openldap package * Thu Jul 19 2012 Jan Vcelak 2.4.31-5- fix: querying for IPv6 DNS records when IPv6 is disabled on the host (#835013)- fix: smbk5pwd module computes invalid LM hashes (#841560) * Wed Jul 18 2012 Jan Vcelak 2.4.31-4- modify the package build process + fix autoconfig files to detect Mozilla NSS library using pkg-config + remove compiler flags which are not needed currently + build server, client and library together + avoid stray dependencies by using --as-needed linker flag + enable SLAPI interface in slapd * Wed Jun 27 2012 Jan Vcelak 2.4.31-3- update fix: count constraint broken when using multiple modifications (#795766)- fix: invalid order of TLS shutdown operations (#808464)- fix: TLS error messages overwriting in tlsm_verify_cert() (#810462)- fix: reading pin from file can make all TLS connections hang (#829317)- CVE-2012-2668: cipher suite selection by name can be ignored (#825875)- fix: slapd fails to start on reboot (#829272)- fix: default cipher suite is always selected (#828790)- fix: less influence between individual TLS contexts: - replication with TLS does not work (#795763) - possibly others * Fri May 18 2012 Jan Vcelak 2.4.31-2- fix: nss-tools package is required by the base package, not the server subpackage- fix: MozNSS CA certdir does not work together with PEM CA cert file (#819536) * Tue Apr 24 2012 Jan Vcelak 2.4.31-1- new upstream release + library: IPv6 url detection + library: rebinding to failed connections + server: various fixes in mdb backend + server: various fixes in replication + server: various fixes in overlays and minor backends + documentation fixes- remove patches which were merged upstream * Thu Apr 05 2012 Jan Vcelak 2.4.30-3- rebuild due to libdb rebase * Mon Mar 26 2012 Jan Synáček 2.4.30-2- fix: Re-binding to a failed connection can segfault (#784989) * Thu Mar 01 2012 Jan Vcelak 2.4.30-1- new upstream release + server: fixes in mdb backend + server: fixes in manual pages + server: fixes in syncprov, syncrepl, and pcache- removed patches which were merged upstream * Wed Feb 22 2012 Jan Vcelak 2.4.29-4- fix: missing options in manual pages of client tools (#796232)- fix: SASL_NOCANON option missing in ldap.conf manual page (#732915) * Tue Feb 21 2012 Jan Vcelak 2.4.29-3- fix: ldap_result does not succeed for sssd (#771484)- Jan Synáček : + fix: count constraint broken when using multiple modifications (#795766) * Mon Feb 20 2012 Jan Vcelak 2.4.29-2- fix update: provide ldif2ldbm, not ldib2ldbm (#437104)- Jan Synáček : + unify systemctl binary paths throughout the specfile and make them usrmove compliant + make path to chkconfig binary usrmove compliant * Wed Feb 15 2012 Jan Vcelak 2.4.29-1- new upstream release + MozNSS fixes + connection handling fixes + server: buxfixes in mdb backend + server: buxfixes in overlays (syncrepl, meta, monitor, perl, sql, dds, rwm)- openldap-servers now provide ldib2ldbm (#437104)- certificates management improvements + create empty Mozilla NSS certificate database during installation + enable builtin Root CA in generated database (#789088) + generate server certificate using Mozilla NSS tools instead of OpenSSL tools + fix: correct path to check-config.sh in service file (Jan Synáček )- temporarily disable certificates checking in check-config.sh script- fix: check-config.sh get stuck when executing command as a ldap user * Tue Jan 31 2012 Jan Vcelak 2.4.28-3- fix: replication (syncrepl) with TLS causes segfault (#783431)- fix: slapd segfaults when PEM certificate is used and key is not set (#772890) * Fri Jan 13 2012 Fedora Release Engineering - 2.4.28-2- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild * Wed Nov 30 2011 Jan Vcelak 2.4.28-1- new upstream release + server: support for delta-syncrepl in multi master replication + server: add experimental backend - MDB + server: dynamic configuration for passwd, perl, shell, sock, and sql backends + server: support passwords in APR1 + library: support for Wahl (draft) + a lot of bugfixes- remove patches which were merged upstream- compile backends as modules (except BDB, HDB, and monitor)- reload systemd daemon after installation * Tue Nov 01 2011 Jan Vcelak 2.4.26-6- package cleanup: + hardened build: switch from LDFLAGS to RPM macros + remove old provides and obsoletes + add new slapd maintainance scripts + drop defattr macros, clean up permissions in specfile + fix rpmlint warnings: macros in comments/changelog + fix rpmlint warnings: non UTF-8 documentation + rename environment file to be more consistent (ldap -> slapd)- replace sysv initscript with systemd service file (#- new format of environment file due to switch to systemd (automatic conversion is performed)- patch OpenLDAP to skip empty command line arguments (arguments expansion in systemd works different than in shell)- CVE-2011-4079: one-byte buffer overflow in slapd (#749324) * Thu Oct 06 2011 Jan Vcelak 2.4.26-5- rebuild: openldap does not work after libdb rebase (#743824)- regression fix: openldap built without tcp_wrappers (#743213) * Wed Sep 21 2011 Jan Vcelak 2.4.26-4- new feature update: honor priority/weight with ldap_domain2hostlist (#733078) * Mon Sep 12 2011 Jan Vcelak 2.4.26-3- fix: SSL_ForceHandshake function is not thread safe (#701678)- fix: allow unsetting of tls_ * syncrepl options (#734187) * Wed Aug 24 2011 Jan Vcelak 2.4.26-2- security hardening: library needs partial RELRO support added (#733071)- fix: NSS_Init * functions are not thread safe (#731112)- fix: incorrect behavior of allow/try options of VerifyCert and TLS_REQCERT (#725819)- fix: memleak - free the return of tlsm_find_and_verify_cert_key (#725818)- fix: conversion of constraint overlay settings to cn=config is incorrect (#733067)- fix: DDS overlay tolerance parametr doesn\'t function and breakes default TTL (#733069)- manpage fix: errors in manual page slapo-unique (#733070)- fix: matching wildcard hostnames in certificate Subject field does not work (#733073)- new feature: honor priority/weight with ldap_domain2hostlist (#733078)- manpage fix: wrong ldap_sync_destroy() prototype in ldap_sync(3) manpage (#717722) * Sun Aug 14 2011 Rex Dieter - 2.4.26-1.1- Rebuilt for rpm (#728707) * Wed Jul 20 2011 Jan Vcelak 2.4.26-1- rebase to new upstream release- fix: memleak in tlsm_auth_cert_handler (#717730) * Mon Jun 27 2011 Jan Vcelak 2.4.25-1- rebase to new upstream release- change default database type from BDB to HDB- enable ldapi:/// interface by default- set cn=config management ACLs for root user, SASL external schema (#712495)- fix: server scriptlets require initscripts package (#716857)- fix: connection fails if TLS_CACERTDIR doesn\'t exist but TLS_REQCERT is set to \'never\' (#716854)- fix: segmentation fault caused by double-free in ldapexop (#699683)- fix: segmentation fault of client tool when input line in LDIF file is splitted but indented incorrectly (#716855)- fix: segmentation fault of client tool when LDIF input file is not terminated by a new line character (#716858) * Fri Mar 18 2011 Jan Vcelak 2.4.24-2- new: system resource limiting for slapd using ulimit- fix update: openldap can\'t use TLS after a fork() (#636956)- fix: possible null pointer dereference in NSS implementation- fix: openldap-servers upgrade hangs or do not upgrade the database (#664433) * Mon Feb 14 2011 Jan Vcelak 2.4.24-1- rebase to 2.4.24- BDB backend switch from DB4 to DB5 * Tue Feb 08 2011 Fedora Release Engineering - 2.4.23-9- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild * Wed Feb 02 2011 Jan Vcelak 2.4.23-8- fix update: openldap can\'t use TLS after a fork() (#636956) * Tue Jan 25 2011 Jan Vcelak 2.4.23-7- fix: openldap can\'t use TLS after a fork() (#636956)- fix: openldap-server upgrade gets stuck when the database is damaged (#664433) * Thu Jan 20 2011 Jan Vcelak 2.4.23-6- fix: some server certificates refused with inadequate type error (#668899)- fix: default encryption strength dropped in switch to using NSS (#669446)- systemd compatibility: add configuration file (#656647, #668223) * Thu Jan 06 2011 Jan Vcelak 2.4.23-5- initscript: slaptest with \'-u\' to skip database opening (#667768)- removed slurpd options from sysconfig/ldap- fix: verification of self issued certificates (#657984) * Mon Nov 22 2010 Jan Vcelak 2.4.23-4- Mozilla NSS - implement full non-blocking semantics ldapsearch -Z hangs server if starttls fails (#652822)- updated list of all overlays in slapd.conf (#655899)- fix database upgrade process (#656257) * Thu Nov 18 2010 Jan Vcelak 2.4.23-3- add support for multiple prefixed Mozilla NSS database files in TLS_CACERTDIR- reject non-file keyfiles in TLS_CACERTDIR (#652315)- TLS_CACERTDIR precedence over TLS_CACERT (#652304)- accept only files in hash.0 format in TLS_CACERTDIR (#650288)- improve SSL/TLS trace messages (#652818) * Mon Nov 01 2010 Jan Vcelak 2.4.23-2- fix possible infinite loop when checking permissions of TLS files (#641946)- removed outdated autofs.schema (#643045)- removed outdated README.upgrade- removed relics of migrationtools * Fri Aug 27 2010 Jan Vcelak 2.4.23-1- rebase to 2.4.23- embeded db4 library removed- removed bogus links in \"SEE ALSO\" in several man-pages (#624616) * Thu Jul 22 2010 Jan Vcelak 2.4.22-7- Mozilla NSS - delay token auth until needed (#616552)- Mozilla NSS - support use of self signed CA certs as server certs (#614545) * Tue Jul 20 2010 Jan Vcelak - 2.4.22-6- CVE-2010-0211 openldap: modrdn processing uninitialized pointer free (#605448)- CVE-2010-0212 openldap: modrdn processing IA5StringNormalize NULL pointer dereference (#605452)- obsolete configuration file moved to /usr/share/openldap-servers (#612602) * Thu Jul 01 2010 Jan Zeleny - 2.4.22-5- another shot at previous fix * Thu Jul 01 2010 Jan Zeleny - 2.4.22-4- fixed issue with owner of /usr/lib/ldap/__db. * (#609523) * Thu Jun 03 2010 Rich Megginson - 2.4.22-3- added ldif.h to the public api in the devel package- added -lldif to the public api- added HAVE_MOZNSS and other flags to use Mozilla NSS for crypto * Tue May 18 2010 Jan Zeleny - 2.4.22-2- rebuild with connectionless support (#587722)- updated autofs schema (#584808) * Tue May 04 2010 Jan Zeleny - 2.4.22-1- rebased to 2.4.22 (mostly bugfixes, added back-ldif, back-null testing support)- due to some possible issues pointed out in last update testing phase, I\'m pulling back the last change (slapd can\'t be moved since it depends on /usr possibly mounted from network) * Fri Mar 19 2010 Jan Zeleny - 2.4.21-6- moved slapd to start earlier during boot sequence * Tue Mar 16 2010 Jan Zeleny - 2.4.21-5- minor corrections of init script (#571235, #570057, #573804) * Wed Feb 24 2010 Jan Zeleny - 2.4.21-4- fixed SIGSEGV when deleting data using hdb (#562227) * Mon Feb 01 2010 Jan Zeleny - 2.4.21-3- fixed broken link /usr/sbin/slapschema (#559873) * Tue Jan 19 2010 Jan Zeleny - 2.4.21-2- removed some static libraries from openldap-devel (#556090) * Mon Jan 11 2010 Jan Zeleny - 2.4.21-1- rebased openldap to 2.4.21- rebased bdb to 4.8.26 * Mon Nov 23 2009 Jan Zeleny - 2.4.19-3- minor corrections in init script * Mon Nov 16 2009 Jan Zeleny - 2.4.19-2- fixed tls connection accepting when TLSVerifyClient = allow- /etc/openldap/ldap.conf removed from files owned by openldap-servers- minor changes in spec file to supress warnings- some changes in init script, so it would be possible to use it when using old configuration style * Fri Nov 06 2009 Jan Zeleny - 2.4.19-1- rebased openldap to 2.4.19- rebased bdb to 4.8.24 * Wed Oct 07 2009 Jan Zeleny 2.4.18-4- updated smbk5pwd patch to be linked with libldap (#526500)- the last buffer overflow patch replaced with the one from upstream- added /etc/openldap/slapd.d and /etc/openldap/slapd.conf.bak to files owned by openldap-servers * Thu Sep 24 2009 Jan Zeleny 2.4.18-3- cleanup of previous patch fixing buffer overflow * Tue Sep 22 2009 Jan Zeleny 2.4.18-2- changed configuration approach. Instead od slapd.conf slapd is using slapd.d directory now- fix of some issues caused by renaming of init script- fix of buffer overflow issue in ldif.c pointed out by new glibc * Fri Sep 18 2009 Jan Zeleny 2.4.18-1- rebase of openldap to 2.4.18 * Wed Sep 16 2009 Jan Zeleny 2.4.16-7- updated documentation (hashing the cacert dir) * Wed Sep 16 2009 Jan Zeleny 2.4.16-6- updated init script to be LSB-compliant (#523434)- init script renamed to slapd * Thu Aug 27 2009 Tomas Mraz - 2.4.16-5- rebuilt with new openssl * Tue Aug 25 2009 Jan Zeleny 2.4.16-4- updated %pre script to correctly install openldap group * Sat Jul 25 2009 Fedora Release Engineering - 2.4.16-2- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild * Wed Jul 01 2009 Jan Zeleny 2.4.16-1- rebase of openldap to 2.4.16- fixed minor issue in spec file (output looking interactive when installing servers) * Tue Jun 09 2009 Jan Zeleny 2.4.15-4- added $SLAPD_URLS variable to init script (#504504) * Thu Apr 09 2009 Jan Zeleny 2.4.15-3- extended previous patch (#481310) to remove options cfMP from some client tools- correction of patch setugid (#494330) * Thu Mar 26 2009 Jan Zeleny 2.4.15-2- removed -f option from some client tools (#481310) * Wed Feb 25 2009 Jan Safranek 2.4.15-1- new upstream release * Tue Feb 17 2009 Jan Safranek 2.4.14-1- new upstream release- upgraded to db-4.7.25 * Sat Jan 17 2009 Tomas Mraz 2.4.12-3- rebuild with new openssl * Mon Dec 15 2008 Caolán McNamara 2.4.12-2- rebuild for libltdl, i.e. copy config.sub|guess from new location * Wed Oct 15 2008 Jan Safranek 2.4.12-1- new upstream release * Mon Oct 13 2008 Jan Safranek 2.4.11-3- add SLAPD_SHUTDOWN_TIMEOUT to /etc/sysconfig/ldap, allowing admins to set non-default slapd shutdown timeout- add checkpoint to default slapd.conf file (#458679) * Mon Sep 01 2008 Jan Safranek 2.4.11-2- provide ldif2ldbm functionality for migrationtools- rediff all patches to get rid of patch fuzz * Mon Jul 21 2008 Jan Safranek 2.4.11-1- new upstream release- apply official bdb-4.6.21 patches * Wed Jul 02 2008 Jan Safranek 2.4.10-2- fix CVE-2008-2952 (#453728) * Thu Jun 12 2008 Jan Safranek 2.4.10-1- new upstream release * Wed May 28 2008 Jan Safranek 2.4.9-5- use /sbin/nologin as shell of ldap user (#447919) * Tue May 13 2008 Jan Safranek 2.4.9-4- new upstream release- removed unnecessary MigrationTools patches * Thu Apr 10 2008 Jan Safranek 2.4.8-4- bdb upgraded to 4.6.21- reworked upgrade logic again to run db_upgrade when bdb version changes * Wed Mar 05 2008 Jan Safranek 2.4.8-3- reworked the upgrade logic, slapcat/slapadd of the whole database is needed only if minor version changes (2.3.x -> 2.4.y)- do not try to save database in LDIF format, if openldap-servers package is being removed (it\'s up to the admin to do so manually) * Thu Feb 28 2008 Jan Safranek 2.4.8-2- migration tools carved out to standalone package \"migrationtools\" (#236697) * Fri Feb 22 2008 Jan Safranek 2.4.8-1- new upstream release * Fri Feb 08 2008 Jan Safranek 2.4.7-7- fix CVE-2008-0658 (#432014) * Mon Jan 28 2008 Jan Safranek 2.4.7-6- init script fixes * Mon Jan 28 2008 Jan Safranek 2.4.7-5- init script made LSB-compliant (#247012) * Fri Jan 25 2008 Jan Safranek 2.4.7-4- fixed rpmlint warnings and errors - /etc/openldap/schema/README moved to /usr/share/doc/openldap * Tue Jan 22 2008 Jan Safranek 2.4.7-3- obsoleting compat-openldap properly again :) * Tue Jan 22 2008 Jan Safranek 2.4.7-2- obsoleting compat-openldap properly (#429591) * Mon Jan 14 2008 Jan Safranek 2.4.7-1- new upstream version (openldap-2.4.7) * Mon Dec 03 2007 Jan Safranek 2.4.6-1- new upstream version (openldap-2.4)- deprecating compat- package * Mon Nov 05 2007 Jan Safranek 2.3.39-1- new upstream release * Tue Oct 23 2007 Jan Safranek 2.3.38-4- fixed multilib issues - all platform independent files have the same content now (#342791) * Thu Oct 04 2007 Jan Safranek 2.3.38-3- BDB downgraded back to 4.4.20 because 4.6.18 is not supported by openldap (#314821) * Mon Sep 17 2007 Jan Safranek 2.3.38-2- skeleton /etc/sysconfig/ldap added- new SLAPD_LDAP option to turn off listening on ldap:/// (#292591)- fixed checking of SSL (#292611)- fixed upgrade with empty database * Thu Sep 06 2007 Jan Safranek 2.3.38-1- new upstream version- added images to the guide.html (#273581) * Wed Aug 22 2007 Jan Safranek 2.3.37-3- just rebuild * Thu Aug 02 2007 Jan Safranek 2.3.37-2- do not use specific automake and autoconf- do not distinguish between NPTL and non-NPTL platforms, we have NPTL everywhere- db-4.6.18 integrated- updated openldap-servers License: field to reference BDB license * Tue Jul 31 2007 Jan Safranek 2.3.37-1- new upstream version * Fri Jul 20 2007 Jan Safranek 2.3.34-7- MigrationTools-47 integrated * Wed Jul 04 2007 Jan Safranek 2.3.34-6- fix compat-slapcat compilation. Now it can be found in /usr/lib/compat-openldap/slapcat, because the tool checks argv[0] (#246581) * Fri Jun 29 2007 Jan Safranek 2.3.34-5- smbk5pwd added (#220895)- correctly distribute modules between servers and servers-sql packages * Mon Jun 25 2007 Jan Safranek 2.3.34-4- Fix initscript return codes (#242667)- Provide overlays (as modules; #246036, #245896)- Add available modules to config file * Tue May 22 2007 Jan Safranek 2.3.34-3- do not create script in /tmp on startup (bz#188298)- add compat-slapcat to openldap-compat (bz#179378)- do not import ddp services with migrate_services.pl (bz#201183)- sort the hosts by adders, preventing duplicities in migrate *nis *.pl (bz#201540)- start slupd for each replicated database (bz#210155)- add ldconfig to devel post/postun (bz#240253)- include misc.schema in default slapd.conf (bz#147805) * Mon Apr 23 2007 Jan Safranek 2.3.34-2- slapadd during package update is now quiet (bz#224581)- use _localstatedir instead of var/ during build (bz#220970)- bind-libbind-devel removed from BuildRequires (bz#216851)- slaptest is now quiet during service ldap start, if there is no error/warning (bz#143697)- libldap_r.so now links with pthread (bz#198226)- do not strip binaries to produce correct .debuginfo packages (bz#152516) * Mon Feb 19 2007 Jay Fenlason 2.3.34-1- New upstream release- Upgrade the scripts for migrating the database so that they might actually work.- change bind-libbind-devel to bind-devel in BuildPreReq * Mon Dec 04 2006 Thomas Woerner 2.3.30-1.1- tcp_wrappers has a new devel and libs sub package, therefore changing build requirement for tcp_wrappers to tcp_wrappers-devel * Wed Nov 15 2006 Jay Fenlason 2.3.30-1- New upstream version * Wed Oct 25 2006 Jay Fenlason 2.3.28-1- New upstream version * Sun Oct 01 2006 Jesse Keating - 2.3.27-4- rebuilt for unwind info generation, broken in gcc-4.1.1-21 * Mon Sep 18 2006 Jay Fenlason 2.3.27-3- Include --enable-multimaster to close bz#185821: adding slapd_multimaster to the configure options- Upgade guide.html to the correct one for openladp-2.3.27, closing bz#190383: openldap 2.3 packages contain the administrator\'s guide for 2.2- Remove the quotes from around the slaptestflags in ldap.init This closes one part of bz#204593: service ldap fails after having added entries to ldap- include __db. * in the list of files to check ownership of in ldap.init, as suggested in bz#199322: RFE: perform cleanup in ldap.init * Fri Aug 25 2006 Jay Fenlason 2.3.27-2- New upstream release- Include the gethostbyname_r patch so that nss_ldap won\'t hang on recursive attemts to ldap_initialize. * Wed Jul 12 2006 Jesse Keating - 2.3.24-2.1- rebuild * Wed Jun 07 2006 Jay Fenlason 2.3.24-2- New upstream version * Thu Apr 27 2006 Jay Fenlason 2.3.21-2- Upgrade to 2.3.21- Add two upstream patches for db-4.4.20 * Mon Feb 13 2006 Jay Fenlason 2.3.19-4- Re-fix ldap.init * Fri Feb 10 2006 Jesse Keating - 2.3.19-3.1- bump again for double-long bug on ppc(64) * Thu Feb 09 2006 Jay Fenlason 2.3.19-3- Modify the ldap.init script to call runuser correctly. * Tue Feb 07 2006 Jesse Keating - 2.3.19-2.1- rebuilt for new gcc4.1 snapshot and glibc changes * Tue Jan 10 2006 Jay Fenlason 2.3.19-2- Upgrade to 2.3.19, which upstream now considers stable- Modify the -config.patch, ldap.init, and this spec file to put the pid file and args file in an ldap-owned openldap subdirectory under /var/run.- Move back_sql * out of _sbindir/openldap , which requires hand-moving slapd and slurpd to _sbindir, and recreating symlinks by hand.- Retire openldap-2.3.11-ads.patch, which went upstream.- Update the ldap.init script to run slaptest as the ldap user rather than as root. This solves bz#150172 Startup failure after database problem- Add to the servers post and preun scriptlets so that on preun, the database is slapcatted to /var/lib/ldap/upgrade.ldif and the database files are saved to /var/lib/ldap/rpmorig. On post, if /var/lib/ldap/upgrade.ldif exists, it is slapadded. This means that on upgrades from 2.3.16-2 to higher versions, the database files may be automatically upgraded. Unfortunatly, because of the changes to the preun scriptlet, users have to do the slapcat, etc by hand when upgrading to 2.3.16-2. Also note that the /var/lib/ldap/rpmorig files need to be removed by hand because automatically removing your emergency fallback files is a bad idea.- Upgrade internal bdb to db-4.4.20. For a clean upgrade, this will require that users slapcat their databases into a temp file, move /var/lib/ldap someplace safe, upgrade the openldap rpms, then slapadd the temp file. * Fri Dec 09 2005 Jesse Keating - rebuilt * Mon Nov 21 2005 Jay Fenlason 2.3.11-3- Remove Requires: cyrus-sasl and cyrus-sasl-md5 from openldap- and compat-openldap- to close bz#173313 Remove exlicit \'Requires: cyrus-sasl\" + \'Requires: cyrus-sasl-md5\' * Thu Nov 10 2005 Jay Fenlason 2.3.11-2- Upgrade to 2.3.11, which upstream now considers stable.- Switch compat-openldap to 2.2.29- remove references to nss_ldap_build from the spec file- remove references to 2.0 and 2.1 from the spec file.- reorganize the build() function slightly in the spec file to limit the number of redundant and conflicting options passedto configure.- Remove the attempt to hardlink ldapmodify and ldapadd together, since the current make install make ldapadd a symlink to ldapmodify.- Include the -ads patches to allow SASL binds to an Active Directory server to work. Nalin wrote the patch, based on my broken first attempt. * Thu Nov 10 2005 Tomas Mraz 2.2.29-3- rebuilt against new openssl * Mon Oct 10 2005 Jay Fenlason 2.2.29-2- New upstream version. * Thu Sep 29 2005 Jay Fenlason 2.2.28-2- Upgrade to nev upstream version. This makes the 2.2. *-hop patch obsolete. * Mon Aug 22 2005 Jay Fenlason 2.2.26-2- Move the slapd.pem file to /etc/pki/tls/certs and edit the -config patch to match to close bz#143393 Creates certificates + keys at an insecure/bad place- also use _sysconfdir instead of hard-coding /etc * Thu Aug 11 2005 Jay Fenlason - Add the tls-fix-connection-test patch to close bz#161991 openldap password disclosure issue- add the hop patches to prevent infinite looping when chasing referrals. OpenLDAP ITS #3578 * Fri Aug 05 2005 Nalin Dahyabhai - fix typo in ldap.init (call $klist instead of klist, from Charles Lopes) * Thu May 19 2005 Nalin Dahyabhai 2.2.26-1- run slaptest with the -u flag if no id2entry db files are found, because you can\'t check for read-write access to a non-existent database (#156787)- add _sysconfdir/openldap/cacerts, which authconfig sets as the TLS_CACERTDIR path in /etc/openldap/ldap.conf now- use a temporary wrapper script to launch slapd, in case we have arguments with embedded whitespace (#158111) * Wed May 04 2005 Nalin Dahyabhai - update to 2.2.26 (stable 20050429)- enable the lmpasswd scheme- print a warning if slaptest fails, slaptest -u succeeds, and one of the directories listed as the storage location for a given suffix in slapd.conf contains a readable file named __db.001 (#118678) * Tue Apr 26 2005 Nalin Dahyabhai 2.2.25-1- update to 2.2.25 (release) * Tue Apr 26 2005 Nalin Dahyabhai 2.2.24-1- update to 2.2.24 (stable 20050318)- export KRB5_KTNAME in the init script, in case it was set in the sysconfig file but not exported * Tue Mar 01 2005 Nalin Dahyabhai 2.2.23-4- prefer libresolv to libbind * Tue Mar 01 2005 Nalin Dahyabhai 2.2.23-3- add bind-libbind-devel and libtool-ltdl-devel buildprereqs * Tue Mar 01 2005 Tomas Mraz 2.2.23-2- rebuild with openssl-0.9.7e * Mon Jan 31 2005 Nalin Dahyabhai 2.2.23-1- update to 2.2.23 (stable-20050125)- update notes on upgrading from earlier versions- drop slapcat variations for 2.0/2.1, which choke on 2.2\'s config files * Tue Jan 04 2005 Nalin Dahyabhai 2.2.20-1- update to 2.2.20 (stable-20050103)- warn about unreadable krb5 keytab files containing \"ldap\" keys- warn about unreadable TLS-related files- own a ref to subdirectories which we create under _libdir/tls * Tue Nov 02 2004 Nalin Dahyabhai 2.2.17-0- rebuild * Thu Sep 30 2004 Nalin Dahyabhai - update to 2.2.17 (stable-20040923) (#135188)- move nptl libraries into arch-specific subdirectories on x86 boxes- require a newer glibc which can provide nptl libpthread on i486/i586 * Tue Aug 24 2004 Nalin Dahyabhai - move slapd startup to earlier in the boot sequence (#103160)- update to 2.2.15 (stable-20040822)- change version number on compat-openldap to include the non-compat version from which it\'s compiled, otherwise would have to start 2.2.15 at release 3 so that it upgrades correctly * Thu Aug 19 2004 Nalin Dahyabhai 2.2.13-2- build a separate, static set of libraries for openldap-devel with the non-standard ntlm bind patch applied, for use by the evolution-connector package (#125579), and installing them under evolution_connector_prefix)- provide openldap-evolution-devel = version-release in openldap-devel so that evolution-connector\'s source package can require a version of openldap-devel which provides what it wants * Mon Jul 26 2004 Nalin Dahyabhai - update administrator guide | |