------------------------------------------------------------------- Tue Aug 24 13:04:36 UTC 2021 - Philipp Wagner - Update to upstream version 2.5.7 Fixed lloadd client state tracking (ITS#9624) Fixed slapd bconfig to canonicalize structuralObjectclass (ITS#9611) Fixed slapd-ldif duplicate controls response (ITS#9497) Fixed slapd-mdb multival crash when attribute is missing an equality matchingrule (ITS#9621) Fixed slapd-mdb compatibility with OpenLDAP 2.4 MDB databases (ITS#8958) Fixed slapd-mdb idlexp maximum size handling (ITS#9637) Fixed slapd-monitor number of ops executing with asynchronous backends (ITS#9628) Fixed slapd-sql to add support for ppolicy attributes (ITS#9629) Fixed slapd-sql to close transactions after bind and search (ITS#9630) Fixed slapo-accesslog to make reqMod optional (ITS#9569) Fixed slapo-ppolicy logging when pwdChangedTime attribute is not present (ITS#9625) Documentation slapd-mdb(5) note max idlexp size is 30, not 31 (ITS#9637) slapo-accesslog(5) note that reqMod is optional (ITS#9569) Add ldapvc(1) man page (ITS#9549) Add guide section on load balancer (ITS#9443) Updated guide to document multiprovider as replacement for mirrormode (ITS#9200) Updated guide to clarify slapd-mdb upgrade requirements (ITS#9200) Updated guide to document removal of deprecated options from client tools (ITS#9200) ------------------------------------------------------------------- Fri Jul 30 13:30:05 UTC 2021 - Philipp Wagner - Major version update to 2.5.6 See https://www.openldap.org/software/release/announce.html for a list of changes. - The threaded version of the OpenLDAP libraries, libldap_r, has been merged with libldap with 2.5. Removed all related downstream changes. Introduce a new compatibility symlink in the other direction: libldap_r pointing to libldap. - Removed the ppolicy-check-password module. It is unmaintained and does not build any more. - Removed patch 0001-ITS-8866-slapo-unique-to-return-filter-used-in-diagn.patch Fixed upstream in 2.5 (ITS#8866) - Updated patch 0005-pie-compile.dif Removed the hunks on back-bdb and back-hdb, which are retired backends in 2.5. - Removed patch 0007-Recover-on-DB-version-change.dif The back-bdb backend was retired. - Removed patch 0011-openldap-re24-its7796.patch Fixed upstream in 2.5 (ITS#7796) - Remove non-existant configure arguments: --enable-rewrite, --enable-monitor, --enable-lmpasswd - Add the --enable-dynacl configure option, which is required for --enable-aci - Add the --with-argon2 configure option and remove it from the contrib modules, since it is now official (ITS#9453). - Pass mandir to smbk5pwd to ensure the man page ends up in /usr/share. - Include the new overlays in libdir/openldap in the packages. - Add the pkgconfig files to the devel package. - Remove compat macro for _fillupdir, which was introduced in Nov 2017 and should be widely available now. ------------------------------------------------------------------- Fri Jun 4 00:06:15 UTC 2021 - Michael Ströder - updated to 2.4.59 OpenLDAP 2.4.59 Release (2021/06/03) Fixed libldap TLSv1.3 cipher suites with OpenSSL 1.1.1 (ITS#9521) Fixed libldap double free of LDAP_OPT_DEFBASE (ITS#9530) Fixed slapd syncrepl handling of add+delete on single value attr (ITS#9295) Fixed slapd-mdb cursor init check (ITS#9526) Fixed slapd-mdb deletion of context entry (ITS#9531) Fixed slapd-mdb off-by-one affecting search scope (ITS#9557) Fixed slapo-pcache locking during expiration (ITS#9529) Contrib Fixed slapo-autogroup to not thrash thread context (ITS#9494) Documentation ldap_modify(3) - Delete non-existent mod_next parameter (ITS#9559) ------------------------------------------------------------------- Tue Mar 16 20:15:53 UTC 2021 - Michael Ströder - updated to 2.4.58 OpenLDAP 2.4.58 Release (2021/03/16) Fixed slapd validity checks for issuerAndThisUpdateCheck (ITS#9454) Fixed slapd to alloc new conn struct after freeing old one (ITS#9458) Fixed slapd syncrepl to check all contextCSNs (ITS#9282) Fixed slapd-bdb lockdetect config (ITS#9449) ------------------------------------------------------------------- Mon Jan 18 20:31:58 UTC 2021 - Michael Ströder - updated to 2.4.57 OpenLDAP 2.4.57 Release (2021/01/18) Fixed ldapexop to use correct return code (ITS#9417) Fixed slapd to remove asserts in UUIDNormalize (ITS#9391) Fixed slapd to remove assert in csnValidate (ITS#9410) Fixed slapd validity checks for issuerAndThisUpdateCheck (ITS#9411, ITS#9427) Fixed slapd validity checks for serialNumberAndIssuerCheck (ITS#9404, ITS#9424) Fixed slapd AVA sort with invalid RDN (ITS#9412) Fixed slapd ldap_X509dn2bv to check for invalid BER after RDN count (ITS#9423, ITS#9425) Fixed slapd saslauthz to remove asserts in validation (ITS#9406, ITS#9407) Fixed slapd saslauthz to use slap_sl_free on normalized DN (ITS#9409) Fixed slapd saslauthz SEGV in slap_parse_user (ITS#9413) Fixed slapd modrdn memory leak (ITS#9420) Fixed slapd double-free in vrfilter (ITS#9408) Fixed slapd cancel operation to correctly terminate (ITS#9428) Fixed slapd-ldap fix binds on retry with closed connection (ITS#9400) Fixed slapo-syncprov to ignore duplicate sessionlog entries (ITS#9394) ------------------------------------------------------------------- Thu Dec 17 03:51:47 UTC 2020 - Michael Ströder - added openldap2.keyring and source signature file ------------------------------------------------------------------- Wed Nov 11 12:13:27 UTC 2020 - Michael Ströder - updated to 2.4.56 OpenLDAP 2.4.56 Release (2020/11/10) Fixed slapd to remove assert in certificateListValidate (ITS#9383) Fixed slapd to remove assert in csnNormalize23 (ITS#9384) Fixed slapd to better parse ldapi listener URIs (ITS#9379) ------------------------------------------------------------------- Tue Oct 27 01:01:54 UTC 2020 - William Brown - bsc#1175568 CVE-2020-8027 openldap_update_modules_path.sh has a number of issues in it's design that lead to security issues. This file has been removed, from the package, and the %post execution of the install. The function is replaced by /usr/sbin/slapd-ldif-update-crc and /usr/lib/openldap/fixup-modulepath, through the addition of the source files: * fixup-modulepath.sh * slapd-ldif-update-crc.sh * update-crc.sh ------------------------------------------------------------------- Mon Oct 26 21:48:45 UTC 2020 - Michael Ströder - updated to 2.4.55 OpenLDAP 2.4.55 Release (2020/10/26) Fixed slapd normalization handling with modrdn (ITS#9370) Fixed slapd-meta to check ldap_install_tls return code (ITS#9366) Contrib Fixed nssov misplaced semicolon (ITS#8731, ITS#9368) LMDB 0.9.27 Release (2020/10/26) ITS#9376 fix repeated DUPSORT cursor deletes ------------------------------------------------------------------- Mon Oct 12 20:21:23 UTC 2020 - Michael Ströder - updated to 2.4.54 OpenLDAP 2.4.54 Release (2020/10/12) Fixed slapd delta-syncrepl to ignore delete ops on deleted entry (ITS#9342) Fixed slapd delta-syncrepl to be fully serialized (ITS#9330) Fixed slapd delta-syncrepl MOD on zero-length context entry (ITS#9352) Fixed slapd sessionlog to use a TAVL tree (ITS#8486) Fixed slapd syncrepl to be fully serialized (ITS#8102) Fixed slapd syncrepl to call check_syncprov on fresh consumer (ITS#9345) Fixed slapd syncrepl to propagate errors from overlay_entry_get_ov (ITS#9355) Fixed slapd syncrepl to not create empty ADD ops (ITS#9359) Fixed slapd syncrepl replace usage on single valued attrs (ITS#9295) Fixed slapd-monitor fix monitor_back_register_database for empty suffix DB (ITS#9353) Fixed slapo-accesslog normalizer for reqStart (ITS#9358) Fixed slapo-accesslog to not generate new contextCSN on purge (ITS#9361) Fixed slapo-syncprov contextCSN generation with empty suffix (ITS#9015) ------------------------------------------------------------------- Mon Sep 7 15:58:31 UTC 2020 - Michael Ströder - updated to 2.4.53 OpenLDAP 2.4.53 (2020/09/07) Added slapd syncrepl additional SYNC logging (ITS#9043) Fixed slapd syncrepl segfault on NULL cookie on REFRESH (ITS#9282) Fixed slapd syncrepl to use fresh connection on REFRESH fallback (ITS#9338) Fixed slapo-ppolicy race condition for pwdFailureTime (ITS#9302,ITS#9334) Build Require OpenSSL 1.0.2 or later (ITS#9323) Fixed libldap compilation issue with broken C compilers (ITS#9332) ------------------------------------------------------------------- Fri Aug 28 22:06:57 UTC 2020 - Michael Ströder - updated to 2.4.52 OpenLDAP 2.4.52 (2020/08/28) Added libldap LDAP_OPT_X_TLS_REQUIRE_SAN option (ITS#9318) Added libldap OpenSSL support for multiple EECDH curves (ITS#9054) Added slapd OpenSSL support for multiple EECDH curves (ITS#9054) Fixed librewrite malloc/free corruption (ITS#9249) Fixed libldap hang when using UDP and server down (ITS#9328) Fixed slapd syncrepl rare deadlock due to network issues (ITS#9324) Fixed slapd syncrepl regression that could trigger an assert (ITS#9329) Fixed slapd-mdb index error with collapsed range (ITS#9135) ------------------------------------------------------------------- Thu Aug 20 16:39:54 UTC 2020 - Thorsten Kukuk - Switch from shadow to sysusers to generate ldap account - Remove if's for code older than SLE12 (Even SLE12 builds no longer) - Remove 12 years old sasl2 migration code ------------------------------------------------------------------- Sat Aug 15 06:56:27 UTC 2020 - Thorsten Kukuk - Drop obsolete, not working DB_CONFIG - Remove init.d header from start script, does not work - Use bash for start script as syntax is not POSIX sh supported - Remove UPDATE_NEEDED section in start script, does never match ------------------------------------------------------------------- Sat Aug 15 06:36:43 UTC 2020 - Thorsten Kukuk - Remove remaining rc.status usage in start script ------------------------------------------------------------------- Wed Aug 12 06:16:42 UTC 2020 - Michael Ströder - updated to 2.4.51 - removed obsolete patch 0014-ITS-8650-fix-debug-usage.patch OpenLDAP 2.4.51 Release (2020/08/11) Added slapo-ppolicy implement Netscape password policy controls (ITS#9279) Fixed libldap retry loop in ldap_int_tls_connect (ITS#8650) Fixed libldap to use getaddrinfo in ldap_pvt_get_fqdn (ITS#9287) Fixed slapd to enforce singular existence of some overlays (ITS#9309) Fixed slapd syncrepl to not delete non-replicated attrs (ITS#9227) Fixed slapd syncrepl to correctly delete entries on resync (ITS#9282) Fixed slapd syncrepl to use replace on single valued attrs (ITS#9294, ITS#9295) Fixed slapd-perl dynamic config with threaded slapd (ITS#7573) Fixed slapo-ppolicy to expose the ppolicy control (ITS#9285) Fixed slapo-ppolicy race condition for pwdFailureTime (ITS#9302) Fixed slapo-ppolicy so it can only exist once per DB (ITS#9309) Fixed slapo-chain to check referral (ITS#9262) Build Environment Fix test064 so it no longer uses bashisms (ITS#9263) Contrib Fix default prefix value for pw-argon2, pw-pbkdf2 modules (ITS#9248) slapo-allowed - Fix usage of unitialized variable (ITS#9308) Documentation ldap_parse_result(3) - Document ldap_parse_intermediate (ITS#9271) ------------------------------------------------------------------- Mon Jun 8 12:46:34 UTC 2020 - Callum Farmer - Revert changes to libexecdir ------------------------------------------------------------------- Sun Jun 7 10:20:45 UTC 2020 - Michael Ströder - More .spec cleanups ------------------------------------------------------------------- Fri Jun 5 11:25:16 UTC 2020 - Callum Farmer - Fixes for %_libexecdir changing to /usr/libexec - Spec file cleanups ------------------------------------------------------------------- Wed May 6 17:59:58 UTC 2020 - Michael Ströder - updated to 2.4.50 - added 0014-ITS-8650-fix-debug-usage.patch - enabled new contrib overlay pw-argon2 - replaced FTP by HTTPS download URL for source - removed 0009-Fix-ldap-host-lookup-ipv6.patch (see bsc#1171127) OpenLDAP 2.4.50 Release (2020/04/28) Fixed client benign typos (ITS#8890) Fixed libldap type cast (ITS#9175) Fixed libldap retry loop in ldap_int_tls_connect (ITS#8650) Fixed libldap_r race on Windows mutex initialization (ITS#9181) Fixed liblunicode memory leak (ITS#9198) Fixed slapd benign typos (ITS#8890) Fixed slapd to limit depth of nested filters (ITS#9202) Fixed slapd-mdb memory leak in dnSuperiorMatch (ITS#9214) Fixed slapo-pcache database initialization (ITS#9182) Fixed slapo-ppolicy callback (ITS#9171) Build Fix olcDatabaseDummy initialization for windows (ITS#7074) Fix detection for ws2tcpip.h for windows (ITS#8383) Fix back-mdb types for windows (ITS#7878) Contrib Update ldapc++ config.guess and config.sub to support newer architectures (ITS#7855) Added pw-argon2 module (ITS#9233, ITS#8575, ITS#9203, ITS#9206) Documentation slapd-ldap(5) - Clarify idassert-authzfrom behavior (ITS#9003) slapd-meta(5) - Remove client-pr option (ITS#8683) slapdinex(8) - Fix truncate option information for back-mdb (ITS#9230) ------------------------------------------------------------------- Thu Jan 30 20:57:33 UTC 2020 - Michael Ströder - updated to 2.4.49 - removed obsolete back-port patches: * 0013_openldap-its9124_fix_crash_with_cancel_exop.patch - removed obsolete source file DB_CONFIG OpenLDAP 2.4.49 Release (2020/01/30) Added slapd-monitor database entry count for slapd-mdb (ITS#9154) Fixed client tools to not add controls on cancel/abandon (ITS#9145) Fixed client tools SyncInfo message to be LDIF compliant (ITS#8116) Fixed libldap to correctly free sb (ITS#9081, ITS#8755) Fixed libldap descriptor leak if ldaps fails (ITS#9147) Fixed libldap remove unnecessary global mutex for GnuTLS (ITS#9069) Fixed slapd syntax evaluation of preferredDeliveryMethod (ITS#9067) Fixed slapd to relax domainScope control check (ITS#9100) Fixed slapd to have cleaner error handling during connection setup (ITS#9112) Fixed slapd data check when processing cancel exop (ITS#9124) Fixed slapd attribute description processing (ITS#9128) Fixed slapd-ldap to set oldctrls correctly (ITS#9076) Fixed slapd-mdb to honor unchecked limit with alias deref (ITS#7657) Fixed slapd-mdb missing final commit with slapindex (ITS#9095) Fixed slapd-mdb drop attr mappings added in an aborted txn (ITS#9091) Fixed slapd-mdb nosync FLAG configuration handling (ITS#9150) Fixed slapd-monitor global operation counter reporting (ITS#9119) Fixed slapo-ppolicy when used with slapauth (ITS#8629) Fixed slapo-ppolicy to add a missed normalised copy of pwdChangedTime (ITS#9126) Fixed slapo-syncprov fix sessionlog init (ITS#9146) Fixed slapo-unique loop termination (ITS#9077) Build Environment Fix mkdep to honor TMPDIR if set (ITS#9062) Remove ICU library detection (ITS#9144) Update config.guess and config.sub to support newer architectures (ITS#7855) Disable ITS8521 regression test as it is no longer valid (ITS#9015) Documentation admin24 - Fix inconsistent whitespace in replication section (ITS#9153) slapd-config(5)/slapd.conf(5) - Fix missing bold tag for keyword (ITS#9063) slapd-ldap(5) - Document "tls none" option (ITS#9071) slapo-ppolicy(5) - Correctly document pwdGraceAuthnLimit (ITS#9065) ------------------------------------------------------------------- Fri Jan 10 13:16:40 UTC 2020 - Michael Ströder - added back-port patch 0013_openldap-its9124_fix_crash_with_cancel_exop.patch to fix OpenLDAP ITS#9124 ------------------------------------------------------------------- Sun Dec 22 14:44:19 UTC 2019 - Michael Ströder - use BuildRequires: pkgconfig(krb5) instead of krb5-devel-mini ------------------------------------------------------------------- Fri Aug 2 08:16:46 UTC 2019 - Martin Liška - Use FAT LTO objects in order to provide proper static library. ------------------------------------------------------------------- Thu Jul 25 11:08:46 UTC 2019 - matthias.gerstner@suse.com - removal of SuSEfirewall2 service, since SuSEfirewall2 has been replaced by firewalld, see [1]. [1]: https://lists.opensuse.org/opensuse-factory/2019-01/msg00490.html ------------------------------------------------------------------- Wed Jul 24 21:23:28 UTC 2019 - Michael Ströder - Update to upstream release 2.4.48 with security fixes: * CVE-2019-13057 (ITS#9038): rootdn of any db can assert any identity * CVE-2019-13565 (ITS#9052): Unauthorized access caused by incorrect handling of SASL SSF values - Fix CVE-2017-17740 by disabling nops overlay not maintained by upstream (see also bsc#1073313, comment #36) - Removed obsolete patches: * 0002-openldap-its8727-plug-ber-leaks.patch * 0017-Fix-segfault-in-nops.patch OpenLDAP 2.4.48 (2019/07/24) Added libldap OpenSSL Elliptic Curve support (ITS#7595) Added libldap Expose OpenLDAP specific interfaces via openldap.h (ITS#8671) Added slapd-monitor support for slapd-mdb (ITS#7770) Fixed liblber leaks (ITS#8727) Fixed liblber with partial flush (ITS#8864) Fixed libldap ASYNC TLS so it works (ITS#8957,ITS#8980) Fixed libldap ASYNC connections with Solaris 10 (ITS#8968) Fixed libldap with SASL_NOCANON=on and ldapi connections (ITS#7585) Fixed libldap to be able to unset syncrepl TLS options (ITS#7042) Fixed libldap race condition in ldap_int_initialize (ITS#7996, ITS#8450) Fixed libldap return code in ldap_create_assertion_control_value (ITS#8674) Fixed libldap to correctly disable IPv6 when configured to do so (ITS#8754) Fixed libldap to correctly close TLS connection (ITS#8755) Fixed libldap with non-blocking TLS and referals (ITS#8167) Fixed libldap_r handling of deprecated OpenSSL function (ITS#8353) Fixed liblunicode case correspondance (ITS#8508) Fixed slapd with an idletimeout of less than four seconds (ITS#8952) Fixed slapd config parser variable for Windows64 (ITS#9012) Fixed slapd syncrepl fallback handling with delta-syncrepl (ITS#9015) Fixed slapd telephoneNumberNormalize, cert DN validation (ITS#8999) Fixed slapd syncrepl for relax with delta-syncrepl (ITS#8037) Fixed slapd to restrict rootDN proxyauthz to its own databases (ITS#9038) Fixed slapd to initialize SASL SSF per connection (ITS#9052) Fixed slapo-accesslog with SLAP_MOD_SOFT modifications (ITS#8990) Fixed slapd-ldap starttls connections timeout behavior (ITS#8963) Fixed slapd-ldap segfault when entry result doesn't match filter (ITS#8997) Fixed slapd-meta conversion from slapd.conf to cn=config (ITS#8743) Fixed slapd-meta assertion when network interface goes down (ITS#8841) Fixed slapd-mdb fix bitshift integer overflow (ITS#8989) Fixed slapd-mdb index cleanup with cn=config (ITS#8472) Fixed slapd-mdb to improve performance with alias deref (ITS#7657) Fixed slapo-accesslog possible assert with exops (ITS#8971) Fixed slapo-chain to correctly reject multiple chaining URIs (ITS#8637) Fixed slapo-chain conversion from slapd.conf to cn=config (ITS#8799) Fixed slapo-memberof conversion from slapd.conf to cn=config (ITS#8663) Fixed slapo-memberof for group name change to itself (ITS#9000) Fixed slapo-ppolicy behavior when pwdInHistory is changed (ITS#8349) Fixed slapo-rwm to not free original filter (ITS#8964) Fixed slapo-syncprov contextCSN generation (ITS#9015) Build Environment Fixed slapd to only link to BDB libraries with static build (ITS#8948) Fixed libldap implicit declaration with LDAP_CONNECTIONLESS (ITS#8794) Fixed libldap double inclusion of limits.h in cyrus.c (ITS#9041) Documentation General - Fixed minor typos (ITS#8764, ITS#8761) admin24 - Miscellaneous updates promoting mdb and fixing examples (ITS#9031) slapd.access(5) - Note MDB is the primary backend (ITS#8881) slapd.backends(5) - Note MDB is the recommended backend (ITS#8771) slapd-ldap(5) - Document starttls parameter (ITS#8693) Contrib Added slapo-lastbind capability to forward authTimestamp updates (ITS#7721) ------------------------------------------------------------------- Tue May 14 04:33:38 UTC 2019 - William Brown - bsc#1111388 - incorrect post script call causes tmpfiles create not to be run. ------------------------------------------------------------------- Sun Mar 10 11:45:15 UTC 2019 - Michael Ströder - Corrected moduleload back_mdb.la to get a working configuration right after package installation. ------------------------------------------------------------------- Fri Jan 4 14:13:47 UTC 2019 - Michael Ströder - added back-ported fix for OpenLDAP ITS#8727 (file 0002-openldap-its8727-plug-ber-leaks.patch) ------------------------------------------------------------------- Thu Dec 20 09:35:55 UTC 2018 - Michael Ströder - Update to upstream release 2.4.47 - Removed obsolete patches: * 0006-No-Build-date-and-time-in-binaries.dif (upstream now uses SOURCE_DATE_EPOCH for reproducable builds) * 0012-ITS8051-sockdnpat.patch * 0014-ITS-8714-Send-out-EXTENDED-operation-message-from-back-sock.patch OpenLDAP 2.4.47 Release (2018/12/19) Added slapd-sock DN qualifier for subtrees to be processed (ITS#8051) Added slapd-sock ability to send extended operations to external listeners (ITS#8714) Fixed liblber to avoid incremental access to user-supplied bv in dupbv (ITS#8752) Fixed libldap dn to domain parsing with bad input (ITS#8842) Fixed slapd slapcat to correctly honor -g option (ITS#8667) Fixed slapd to correctly handle NO_SUCH_OBJECT with dynamic groups (ITS#8923) Fixed slapd to check status of rdnNormalize (ITS#8932) Fixed slapd cn=config when modifying slapo-syncprov config (ITS#8616) Fixed slapd sasl authz-policy "all" behavior (ITS#8909) Fixed slapd sasl minor typo (ITS#8918) Fixed slapd to correctly hide hidden DBs in the rootDSE (ITS#8912) Fixed slapd domainScope control to match Microsoft specification (ITS#8840) Fixed slapd-bdb/hdb/mdb to not convert certain IDLs to ranges (ITS#8868) Fixed slapo-accesslog deadlock during cleanup (ITS#8752) Fixed slapo-memberof cn=config modifications (ITS#8663) Fixed slapo-ppolicy with multimaster replication (ITS#8927) Fixed slapo-syncprov with NULL modlist (ITS#8843) Build Environment Added slapd reproducible build support (ITS#8928) Fixed missing includes with OpenSSL 1.0.2 (ITS#8809) Contrib Fixed slapo-pbkdf2 hash generation (ITS#8878) Documentation admin24 fixed minor typo (ITS#8887) ------------------------------------------------------------------- Thu Nov 22 16:03:22 UTC 2018 - Jan Engelhardt - Replace old $RPM_* shell vars ------------------------------------------------------------------- Tue Nov 20 13:32:36 UTC 2018 - ckowalczyk@suse.com - Fix CVE-2017-17740: when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack * patch: 0017-Fix-segfault-in-nops.patch (bsc#1073313) ------------------------------------------------------------------- Mon Nov 12 14:25:52 UTC 2018 - Dominique Leuenberger - Emergency fix: move tmpfiles_create post from the library package to the main package's post script, which ships the tmpfiles.d configuration. Fixes the post script of the library (-p /sbin/ldconfig does not allow more statements in the script). ------------------------------------------------------------------- Thu Nov 8 15:25:08 UTC 2018 - varkoly@suse.com - bsc#1111388 openldap and /var/lib/ldap/DB_CONFIG* (transactional-update) ------------------------------------------------------------------- Fri Oct 26 14:58:41 UTC 2018 - Michael Ströder - Fixed broken memory handling in 0001-ITS-8866-slapo-unique-to-return-filter-used-in-diagn.patch affecting error response of slapo-unique ------------------------------------------------------------------- Fri Aug 17 07:46:47 UTC 2018 - ckowalczyk@suse.com - Fix slapd segfaults in mdb_env_reader_dest + with patch 0016-Clear-shared-key-only-in-close-function.patch + (bsc#1089640) ------------------------------------------------------------------- Fri Jun 29 16:23:22 UTC 2018 - michael@stroeder.com - fixed shee-bang in openldap_update_modules_path.sh (bsc#1099705) ------------------------------------------------------------------- Wed Jun 20 10:04:06 UTC 2018 - michael@stroeder.com - Added a patch to let slapd return the uniqueness check filter used before constraint violation to the client 0001-ITS-8866-slapo-unique-to-return-filter-used-in-diagn.patch ------------------------------------------------------------------- Tue Jun 5 13:24:09 UTC 2018 - varkoly@suse.com - bsc#1095816 libldap package does not contain and provide libldap anymore ------------------------------------------------------------------- Thu May 24 11:59:02 CEST 2018 - kukuk@suse.de - Don't require systemd explicit, spec file can handle both cases correct and in containers we don't have systemd. ------------------------------------------------------------------- Tue Apr 24 16:35:09 UTC 2018 - zsolt.kalmar@suse.com - bsc#1085064 Packaging issues have been discovered around the openldap_update_modules_path.sh which has been corrected: - the spec file was wrongly configured, therefore the script has never been called - the script should create the symlinks first, as slapcat is useless on a system which is already affected. ------------------------------------------------------------------- Fri Apr 6 11:29:22 UTC 2018 - zsolt.kalmar@suse.com - bsc#1085064 Add script "openldap_update_modules_path.sh" which which removes the configuration item olcModulePath in cn=config which is after upgrade from SLE12 to SLE15 holds inappropriate information. If the cn=config is being used on a system, the conflicting items in slapd.conf are ignored, despite of it, the backend DB configuration section has been also commented out in the default slapd.conf. In case of correct cn=config (the olcModulePath has been already removed), the script stops without touching anything. ------------------------------------------------------------------- Fri Mar 23 19:43:23 UTC 2018 - michael@stroeder.com - Upgrade to upstream 2.4.46 release - removed obsolete back-port patches: * 0013-ITS-8692-let-back-sock-generate-increment-line.patch * 0016-ITS-8782-fix-cancel-memleak.patch OpenLDAP 2.4.46 Release (2018/03/22) Fixed libldap connection delete callbacks when TLS fails to start (ITS#8717) Fixed libldap to not reuse tls_session if TLS hostname check fails (ITS#7373) Fixed libldap cross-compiling with OpenSSL 1.1 (ITS#8687) Fixed libldap OpenSSL 1.1.1 compatibility with BIO_method (ITS#8791) Fixed libldap MozNSS CA certificate hash matching (ITS#7374) Fixed libldap MozNSS with PEM certs when also using an NSS cert db (ITS#7389) Fixed libldap MozNSS initialization (ITS#8484) Fixed libldap GnuTLS with GNUTLS_E_AGAIN (ITS#8650) Fixed libldap memory leak with cancel operations (ITS#8782) Fixed slapd Eventlog registry key creation on 64-bit Windows (ITS#8705) Fixed slapd to maintain SSF across SASL binds (ITS#8796) Fixed slapd syncrepl deadlock when updating cookie (ITS#8752) Fixed slapd syncrepl callback to always be last in the stack (ITS#8752) Fixed slapd telephoneNumberNormalize when the value is spaces and hyphens (ITS#8778) Fixed slapd CSN queue processing (ITS#8801) Fixed slapd-ldap TLS connection timeout with high latency connections (ITS#8720) Fixed slapd-ldap to ignore unknown schema when omit-unknown-schema is set (ITS#7520) Fixed slapd-mdb with an optimization for long lived read transactions (ITS#8226) Fixed slapd-meta assert when olcDbRewrite is modified (ITS#8404) Fixed slapd-sock with LDAP_MOD_INCREMENT operations (ITS#8692) Fixed slapo-accesslog cleanup to only occur on failed operations (ITS#8752) Fixed slapo-dds entryTTL to actually decrease as per RFC 2589 (ITS#7100) Fixed slapo-syncprov memory leak with delete operations (ITS#8690) Fixed slapo-syncprov to not clear pending operation when checkpointing (ITS#8444) Fixed slapo-syncprov to correctly record contextCSN values in the accesslog (ITS#8100) Fixed slapo-syncprov not to log checkpoints to accesslog db (ITS#8607) Fixed slapo-syncprov to process changes from this SID on REFRESH (ITS#8800) Fixed slapo-syncprov session log parsing to not block other operations (ITS#8486) Build Environment Fixed Windows build with newer MINGW version (ITS#8697) Fixed compiler warnings and removed unused variables (ITS#8578) Contrib Fixed ldapc++ Control structure (ITS#8583) Documentation Delete stub manpage for back-ldbm (ITS#8713) Fixed ldap_bind(3) to mention the LDAP_SASL_SIMPLE mechanism (ITS#8121) Fixed ldap.conf(5) to note SASL_MECH/SASL_REALM are no longer user-only (ITS#8818) Fixed slapd-config(5) typo for olcTLSCipherSuite (ITS#8715) Fixed slapo-syncprov(5) indexing requirements (ITS#5048) ------------------------------------------------------------------- Thu Feb 22 15:10:42 UTC 2018 - fvogt@suse.com - Use %license (boo#1082318) ------------------------------------------------------------------- Mon Dec 11 22:51:03 UTC 2017 - michael@stroeder.com - added 0016-ITS-8782-fix-cancel-memleak.patch ------------------------------------------------------------------- Thu Nov 23 13:36:52 UTC 2017 - rbrown@suse.com - Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468) ------------------------------------------------------------------- Mon Oct 2 18:15:46 UTC 2017 - jengelh@inai.de - Add openldap-r-only.dif so that openldap2's own tools also link against libldap_r rather than libldap. - Make libldap equivalent to libldap_r (like Debian) to avoid crashes in threaded programs which unknowingly get both libraries inserted into their process image. [rh#1370065, boo#996551] ------------------------------------------------------------------- Mon Oct 2 13:18:54 UTC 2017 - mrueckert@suse.de - use existing groups instead of inventing new ones ------------------------------------------------------------------- Mon Sep 18 20:45:58 UTC 2017 - michael@stroeder.com - added 0012-ITS8051-sockdnpat.patch ------------------------------------------------------------------- Wed Sep 6 07:58:06 UTC 2017 - michael@stroeder.com - updated 0014-ITS-8714-Send-out-EXTENDED-operation-message-from-back-sock.patch ------------------------------------------------------------------- Fri Aug 18 17:00:54 UTC 2017 - michael@stroeder.com - Added OpenLDAP new feature implementing OpenLDAP ITS#8714 0014-ITS-8714-Send-out-EXTENDED-operation-message-from-back-sock.patch ------------------------------------------------------------------- Thu Jul 20 14:19:47 UTC 2017 - michael@stroeder.com - added overlay trace to package openldap2-contrib ------------------------------------------------------------------- Wed Jul 12 18:52:42 UTC 2017 - michael@stroeder.com - Upgrade to upstream 2.4.45 release - removed obsolete 0010-Enforce-minimum-DH-size-of-1024.patch and 0012-use-system-wide-cert-dir-by-default.patch - added 0013-ITS-8692-let-back-sock-generate-increment-line.patch for supporting modify increment operations with back-sock - added overlay addpartial to package openldap2-contrib -------------------------------------------------------------------- Wed Jun 7 09:32:52 UTC 2017 - hguo@suse.com - Remove legacy daemon control that was used to migrate from SLE 11 to 12. (bsc#1038405) -------------------------------------------------------------------- Tue Jun 6 13:47:18 UTC 2017 - hguo@suse.com - There is no change made about the package itself, this is only copying over some changelog texts from SLE package: - bug#976172 owned by hguo@suse.com: openldap2 - missing /usr/share/doc/packages/openldap2/guide/admin/guide.html - bug#916914 owned by varkoly@suse.com: VUL-0: CVE-2015-1546: openldap2: slapd crash in valueReturnFilter cleanup - [fate#319300](https://fate.suse.com/319300) - [CVE-2015-1545](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1545) - bug#905959 owned by hguo@suse.com: L3-Question: Are multiple "Connection 0" in a Multi Master setup normal ? - [CVE-2015-1546](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1546) - bug#916897 owned by varkoly@suse.com: VUL-0: CVE-2015-1545: openldap2: slapd crashes on search with deref control and empty attr list ------------------------------------------------------------------- Fri Apr 7 16:47:24 UTC 2017 - jengelh@inai.de - Drop binutils requirement; the code using /usr/bin/strings has been dropped in openSUSE:Factory/openldap2 revision 112. ------------------------------------------------------------------- Sat Feb 18 22:11:29 UTC 2017 - kukuk@suse.com - Remove superfluous insserv PreReq. ------------------------------------------------------------------- Thu Nov 10 12:55:26 UTC 2016 - hguo@suse.com - Introduce patch 0012-use-system-wide-cert-dir-by-default.patch to let OpenLDAP read system wide certificate directory by default and avoid hiding the error if user specified CA location cannot be read (bsc#1009470). ------------------------------------------------------------------- Fri Oct 14 13:15:23 UTC 2016 - hguo@suse.com - Add more details in the comments of slapd.conf concerning file permission and StartTLS capability. ------------------------------------------------------------------- Thu Jun 23 22:46:29 UTC 2016 - jengelh@inai.de - Test for user/group existence before trying to add them. Summary spello update. ------------------------------------------------------------------- Thu Jun 16 10:10:36 UTC 2016 - hguo@suse.com - Move schema files into tarball addonschema.tar.gz: ldapns.ldif ldapns.schema rfc2307bis.ldif rfc2307bis.schema yast.ldif yast.schema - Package previously missing schema files in LDIF format: amavisd-new.ldif dhcp.ldif dlz.ldif dnszone.ldif samba3.ldif sudo.ldif suse-mailserver.ldif (bsc#984691) - Fix a minor issue in schema2ldif script that led to missing attribute in the generated LDIF. ------------------------------------------------------------------- Tue May 17 08:37:00 UTC 2016 - hguo@suse.com - Enable build flag LDAP_USE_NON_BLOCKING_TLS to fix bsc#978408. ------------------------------------------------------------------- Thu Feb 25 11:06:12 UTC 2016 - hguo@suse.com - Move ldap.conf into libldap-data package, per convention. ------------------------------------------------------------------- Sun Feb 21 23:04:38 UTC 2016 - jengelh@inai.de - Move ldap.conf out of shlib package again, they are not allowed there for obvious reasons (conflict with future package). ------------------------------------------------------------------- Thu Feb 18 14:45:30 UTC 2016 - hguo@suse.com - Build password strength enforcer as an implementation of ppolicy password checker, introducing: ppolicy-check-password-1.2.tar.gz ppolicy-check-password.Makefile ppolicy-check-password.conf ppolicy-check-password.5 0200-Fix-incorrect-calculation-of-consecutive-number-of-c.patch (Implements fate#319461) ------------------------------------------------------------------- Thu Feb 18 12:18:13 UTC 2016 - lmuelle@suse.com - Remove redundant -n openldap2- package name prefix. ------------------------------------------------------------------- Mon Feb 8 14:40:32 UTC 2016 - hguo@suse.com - Remove openldap2-client.spec and openldap2-client.changes openldap2.spec now builds client utilities and libraries. Thus pre_checkin.sh is removed. - Move ldap.conf and its manual page from openldap2-client package to libldap-2_4-2 package, which is more appropriate. - Use RPM_OPT_FLAGS in build flags. - Macros dealing with old/unsupported distributions are removed. - Remove 0002-slapd.conf.dif and install improved slapd.conf from new source file slapd.conf. - Install slapd.conf.olctemplate to assist in preparing slapd.d for OLC. - Be explicit in sysconfig that by default openldap will use static file configuration. - Add the following schemas in LDIF format: * rfc2307bis.ldif * ldapns.ldif * yast.ldif - Other minor clean-ups in the spec file. ------------------------------------------------------------------- Mon Feb 8 13:24:49 UTC 2016 - mpluskal@suse.com - Use optflags when building ------------------------------------------------------------------- Sat Feb 6 12:10:53 UTC 2016 - michael@stroeder.com - Upgrade to upstream 2.4.44 release with accumulated bug fixes. - Specify source with FTP URL - Removed obsolete 0012-openldap-re24-its8336.patch ------------------------------------------------------------------- Mon Jan 25 14:10:12 UTC 2016 - hguo@suse.com - Relabel patch 0011-Enforce-minimum-DH-size-of-1024.patch into 0010-Enforce-minimum-DH-size-of-1024.patch ------------------------------------------------------------------- Tue Dec 8 11:36:16 UTC 2015 - michael@stroeder.com - Upgrade to upstream 2.4.43 release with accumulated bug fixes. - Still build on SLES12 - Loadable backend and overlay modules are now installed into arch-specific path %{_libdir}/openldap - All backends and overlays as modules for smaller memory footprint on memory constrained systems - Added extra package for back-sock - Consequent use of %{_rundir} everywhere - Rely on upstream ./configure script instead of any other macro foo - Dropped linking with libwrap - Dropped 0004-libldap-use-gethostbyname_r.dif because this work-around for nss_ldap is obsolete - New sub-package openldap2-contrib with selected contrib/ overlays - Replaced addonschema.tar.gz with separate schema sources - Updated ldapns.schema from recent slapo-nssov source tree - Added symbolic link to slapd executable in /usr/sbin/ - Added more complex example configuration file /etc/openldap/slapd.conf.example - Set OPENLDAP_START_LDAPI="yes" in /etc/sysconfig/openldap - Set OPENLDAP_REGISTER_SLP="no" in /etc/sysconfig/openldap - Added patch for OpenLDAP ITS#7796 to avoid excessive "not index" logging: 0011-openldap-re24-its7796.patch - Replaced openldap-rc.tgz with single source files - Added soft dependency (Recommends) to cyrus-sasl - Added soft dependency (Recommends) to cyrus-sasl-devel to openldap2-devel - Added patch for OpenLDAP ITS#8336 (assert in liblmdb): 0012-openldap-re24-its8336.patch - Remove obsolete patch 0001-build-adjustments.dif ------------------------------------------------------------------- Wed Dec 2 12:50:47 UTC 2015 - hguo@suse.com - Introduce patch 0010-Revert-Revert-ITS-8240-remove-obsolete-assert.patch to fix CVE-2015-6908. (bsc#945582) - Introduce patch 0011-Enforce-minimum-DH-size-of-1024.patch to address weak DH size vulnerability (bsc#937766) ------------------------------------------------------------------- Mon Nov 30 10:16:57 UTC 2015 - hguo@suse.com - Introduce patch 0009-Fix-ldap-host-lookup-ipv6.patch to fix an issue with unresponsive LDAP host lookups in IPv6 environment. (bsc#955210) ------------------------------------------------------------------- Fri Oct 9 09:19:35 UTC 2015 - hguo@suse.com - Remove OpenLDAP 2.3 code and patches from build source. Compatibility libraries for OpenLDAP 2.3 are built in package: compat-libldap-2_3-0 Removed source files: openldap-2.3.37-liblber-length-decoding.dif openldap-2.3.37-libldap-ntlm.diff openldap-2.3.37-libldap-ssl.dif openldap-2.3.37-libldap-sasl-max-buff-size.dif openldap-2.3.37-libldap-tls_chkhost-its6239.dif openldap-2.3.37-libldap-gethostbyname_r.dif openldap-2.3.37-libldap-suid.diff openldap-2.3.37.dif openldap-2.3.37-libldap-ld_defconn-ldap_free_connection.dif openldap-2.3.37-libldap-ldapi_url.dif openldap-2.3.37.tgz openldap-2.3.37-libldap-utf8-ADcanonical.dif README.update check-build.sh ------------------------------------------------------------------- Thu Oct 1 11:08:41 UTC 2015 - hguo@suse.com - Upgrade to upstream 2.4.42 release with accumulated bug fixes. ------------------------------------------------------------------- Tue Jul 21 08:12:50 UTC 2015 - hguo@suse.com - Upgrade to upstream 2.4.41 release with accumulcated bug fixes and stability improvements. * Add patch 0008-In-monitor-backend-do-not-return-Connection0-entries.patch * Remove already applied patch 0008-ITS-7723-fix-reference-counting.patch * Remove already applied patch 0009-gcc5.patch (Implements fate#319301) ------------------------------------------------------------------- Thu Feb 19 10:03:30 UTC 2015 - rguenther@suse.com - Add 0009-gcc5.patch to pass -P to the preprocessor in configure checks for Berkeley DB version ------------------------------------------------------------------- Wed Nov 26 11:21:34 UTC 2014 - jengelh@inai.de - binutils is required for "strings" utility invocation in %pre [bnc#904028] - Remove SLE10 definitions ------------------------------------------------------------------- Sun Oct 12 11:48:00 UTC 2014 - jengelh@inai.de - Use %_smp_mflags for parallel build ------------------------------------------------------------------- Mon Sep 22 13:41:56 UTC 2014 - tchvatal@suse.com - Add baselibs.conf to sources list ------------------------------------------------------------------- Wed Sep 10 10:26:02 UTC 2014 - varkoly@suse.com - Do not bypass output of useradd and groupadd ------------------------------------------------------------------- Wed Sep 3 01:49:12 CEST 2014 - ro@suse.de - sanitize release line in specfile ------------------------------------------------------------------- Wed Jul 16 15:56:11 UTC 2014 - ckornacker@suse.com - segfault on certain queries with rwm overlay (bnc#846389) 0008-ITS-7723-fix-reference-counting.patch ------------------------------------------------------------------- Fri Jun 6 13:16:24 UTC 2014 - ckornacker@suse.com - enable systemd slapd service if SysV ldap was enabled (bnc#881476) ------------------------------------------------------------------- Tue May 13 15:20:40 UTC 2014 - coolo@suse.com - use %_rundir if available, otherwise /var/run ------------------------------------------------------------------- Wed Apr 23 20:51:14 UTC 2014 - dmueller@suse.com - move systemd requires to server package ------------------------------------------------------------------- Tue Feb 18 14:39:07 UTC 2014 - ckornacker@suse.com - Fix systemd service installation ------------------------------------------------------------------- Sun Feb 16 18:55:40 CET 2014 - ro@suse.de - use configure macro also for building the 2.3.37 version ------------------------------------------------------------------- Wed Feb 12 11:24:08 UTC 2014 - varkoly@suse.com - Remove PidFile from service definition - Update to 2.4.39 * Fixed libldap MozNSS crash (ITS#7783) * Fixed libldap memory leak with SASL (ITS#7757) * Fixed libldap assert in parse_passwdpolicy_control (ITS#7759) * Fixed libldap shortcut NULL RDNs (ITS#7762) * Fixed libldap deref to use correct control * Fixed liblmdb keysizes with mdb_update_key (ITS#7756) * Fixed slapd cn=config olcDbConfig modification (ITS#7750) * Fixed slapd-bdb/hdb to bail out of search if config is paused (ITS#7761) * Fixed slapd-bdb/hdb indexing issue with derived attributes (ITS#7778) * Fixed slapd-mdb to bail out of search if config is paused (ITS#7761) * Fixed slapd-mdb indexing issue with derived attributes (ITS#7778) * Fixed slapd-perl to bail out of search if config is paused (ITS#7761) * Fixed slapd-sql to bail out of search if config is paused (ITS#7761) * Fixed slapo-constraint handling of softadd/softdel (ITS#7773) * Fixed slapo-syncprov assert with findbase (ITS#7749) * Build Environment Test suite: Use $(MAKE) for tests (ITS#7753) * Documentation admin24 fix TLSDHParamFile to be correct (ITS#7684) ------------------------------------------------------------------- Tue Feb 11 08:49:43 UTC 2014 - varkoly@suse.com - Add systemd style service definition - FATE#315028 remove memory limit for slapd - FATE#315415: LDAP compat packages required for older SLES versions For this reson following patches were applied: openldap-2.3.37-libldap-suid.diff openldap-2.3.37-libldap-ldapi_url.dif openldap-2.3.37-libldap-ntlm.diff openldap-2.3.37-libldap-gethostbyname_r.dif openldap-2.3.37-libldap-sasl-max-buff-size.dif openldap-2.3.37-libldap-utf8-ADcanonical.dif openldap-2.3.37-liblber-length-decoding.dif openldap-2.3.37-libldap-ld_defconn-ldap_free_connection.dif openldap-2.3.37-libldap-tls_chkhost-its6239.dif openldap-2.3.37-libldap-ssl.dif ------------------------------------------------------------------- Wed Dec 11 13:29:51 UTC 2013 - matz@suse.de - Make /etc/sasl2 owned by openldap2. ------------------------------------------------------------------- Wed Dec 11 10:44:26 UTC 2013 - varkoly@suse.com - Update to 2.4.38 * Fixed liblmdb nordahead flag (ITS#7734) * Fixed liblmdb to check cursor index before cursor_del (ITS#7733) * Fixed liblmdb wasted space on split (ITS#7589) * Fixed slapd for certs with a NULL issuerDN (ITS#7746) * Fixed slapd cn=config with empty nested includes (ITS#7739) * Fixed slapd syncrepl memory leak with delta-sync MMR (ITS#7735) * Fixed slapd-bdb/hdb to stop processing on dn not found (ITS#7741) * Fixed slapd-bdb/hdb with indexed ANDed filters (ITS#7743) * Fixed slapd-mdb to stop processing on dn not found (ITS#7741) * Fixed slapd-mdb dangling reader (ITS#7662) * Fixed slapd-mdb matching rule for OlcDbEnvFlags (ITS#7737) * Fixed slapd-mdb with indexed ANDed filters (ITS#7743) * Fixed slapd-meta from blocking other threads (ITS#7740) * Fixed slapo-syncprov assert with findbase (ITS#7749) Changes in 2.4.37 * Added liblmdb nordahead environment flag (ITS#7725) * Fixed client tools CLDAP with IPv6 (ITS#7695) * Fixed libldap CLDAP with IPv6 (ITS#7695) * Fixed libldap lock ordering with abandon op (ITS#7712) * Fixed liblmdb segfault with mdb_cursor_del (ITS#7718) * Fixed liblmdb when converting to writemap (ITS#7715) * Fixed liblmdb assert on MDB_NEXT with delete (ITS#7722) * Fixed liblmdb wasted space on split (ITS#7589) * Fixed slapd cn=config with olcTLSProtocolMin (ITS#7685) * Fixed slapd-bdb/hdb optimize index updates (ITS#7329) * Fixed slapd-ldap chaining with cn=config (ITS#7381, ITS#7434) * Fixed slapd-ldap chaning with controls (ITS#7687) * Fixed slapd-mdb optimize index updates (ITS#7329) * Fixed slapd-meta chaining with cn=config (ITS#7381, ITS#7434) * Fixed slapo-constraint to no-op on nonexistent entries (ITS#7692) * Fixed slapo-dds assert on startup (ITS#7699) * Fixed slapo-memberof to not replicate internal ops (ITS#7710) * Fixed slapo-refint to not replicate internal ops (ITS#7710) Changes in 2.4.36 * Added back-meta target filter patterns (ITS#7609) * Added liblmdb mdb_txn_env to API (ITS#7660) * Fixed libldap CLDAP with uninit'd memory (ITS#7582) * Fixed libldap with UDP (ITS#7583) * Fixed libldap OpenSSL TLS versions (ITS#7645) * Fixed liblmdb MDB_PREV behavior (ITS#7556) * Fixed liblmdb transaction issues (ITS#7515) * Fixed liblmdb mdb_drop overflow page return (ITS#7561) * Fixed liblmdb nested split (ITS#7592) * Fixed liblmdb overflow page behavior (ITS#7620) * Fixed liblmdb race condition with read and write txns (ITS#7635) * Fixed liblmdb mdb_del behavior with MDB_DUPSORT and mdb_del (ITS#7658) * Fixed slapd cn=config with unknown schema elements (ITS#7608) * Fixed slapd cn=config with loglevel 0 (ITS#7611) * Fixed slapd slapi filterlist free behavior (ITS#7636) * Fixed slapd slapi control free behavior (ITS#7641) * Fixed slapd schema countryString as directoryString (ITS#7659) * Fixed slapd schema telephoneNumber as directoryString (ITS#7659) * Fixed slapd-bdb/hdb to wait for read locks in tool mode (ITS#6365) * Fixed slapd-mdb behavior with alias dereferencing (ITS#7577 ) * Fixed slapd-mdb modrdn and base-scoped searches (ITS#7604) * Fixed slapd-mdb refcount behavior (ITS#7628) * Fixed slapd-meta binding flag is set (ITS#7524) * Fixed slapd-meta with minimal config (ITS#7581) * Fixed slapd-meta missing results messages (ITS#7591) * Added slapd-meta TCP keepalive support (ITS#7513) * Fixed slapo-sssvlv double free (ITS#7588) * Fixed slaptest to list -Q option (ITS#7568) Changes in 2.4.35 * Fixed liblmdb mdb_cursor_put with MDB_MULTIPLE (ITS#7551) * Fixed liblmdb page rebalance (ITS#7536) * Fixed liblmdb missing parens (ITS#7377) * Fixed liblmdb mdb_cursor_del crash (ITS#7553) * Fixed slapd syncrepl updateCookie status (ITS#7531) * Fixed slapd connection logging (ITS#7543) * Fixed slapd segfault on modify (ITS#7542, ITS#7432) * Fixed slapd-mdb to reject undefined attrs (ITS#7540) * Fixed slapo-pcache with +/- attrsets (ITS#7552) Changes in 2.4.34 * Fixed libldap connections with EINTR (ITS#7476) * Fixed libldap lineno overflow in ldif_read_record (ITS#7497) * Fixed liblmdb mdb_env_open flag handling (ITS#7453) * Fixed liblmdb mdb_midl_sort array optimization (ITS#7432) * Fixed liblmdb freelist with large entries (ITS#7455) * Fixed liblmdb to check for filled dirty page list (ITS#7491) * Fixed liblmdb to validate data limits (ITS#7485) * Fixed liblmdb mdb_update_key for large keys (ITS#7505) * Fixed ldapmodify to not core dump with invalid LDIF (ITS#7477) * Fixed slapd syncrepl for old entries in MMR setup (ITS#7427) * Fixed slapd signedness for index_substr_any_* (ITS#7449) * Fixed slapd enforce SLAPD_MAX_DAEMON_THREADS (ITS#7450) * Fixed slapd mutex in send_ldap_ber (ITS#6164) * Added slapd-ldap onerr option (ITS#7492) * Added slapd-ldap keepalive support (ITS#7501) * Fixed slapd-ldif with empty dir (ITS#7451) * Fixed slapd-mdb to reopen attr DBs after env reopen (ITS#7416) * Fixed slapd-mdb handling of missing entries (ITS#7483,7496) * Fixed slapd-mdb environment flag setting (ITS#7452) * Fixed slapd-mdb with sub db slapcat (ITS#7469) * Fixed slapd-mdb to correctly work with toolthreads > 2 (ITS#7488,ITS#7527) * Fixed slapd-mdb subtree search speed (ITS#7473) * Fixed slapd-meta conversion to cn=config (ITS#7525) * Fixed slapd-meta segfault when modifying olcDbUri (ITS#7526) * Fixed slapd-sql back-config support (ITS#7499) * Fixed slapo-constraint handle uri and restrict correctly (ITS#7418) * Fixed slapo-constraint with multi-master replication (ITS#7426) * Fixed slapo-constraint segfault (ITS#7431) * Fixed slapo-deref control initialization (ITS#7436) * Fixed slapo-deref control exposure (ITS#7445) * Fixed slapo-memberof with internal ops (ITS#7487) * Fixed slapo-pcache matching rules for config db (ITS#7459) * Fixed slapo-rwm modrdn cleanup (ITS#7414) * Fixed slapo-sssvlv maxperconn parameter (ITS#7484) ------------------------------------------------------------------- Mon Jun 17 14:37:45 UTC 2013 - jengelh@inai.de - For now, avoid automatic use of libdb-6_0 by explicitly selecting libdb-4_8 as BuildRequire. ------------------------------------------------------------------- Mon Mar 25 16:08:21 UTC 2013 - jengelh@inai.de - Put static libs into openldap2-devel-static and relieve openldap2-devel of static-only deps ------------------------------------------------------------------- Sat Nov 17 12:06:23 CET 2012 - ro@suse.de - fix check-build.sh for kernel > 3.0 ------------------------------------------------------------------- Fri Nov 16 09:52:42 UTC 2012 - rhafer@suse.com - Fixed initscript to avoid endless loop when no configuration is present in /etc/openldap/slapd.d/ (bnc#767464) - cleaned up SLES10 buildrequires and dependencies - removed support for building on SLES9, didn't work anyway anymore - Don't buildrequire krb5-mini on Distributions where it does not exist ------------------------------------------------------------------- Fri Oct 26 12:38:46 UTC 2012 - rhafer@suse.com - enabled mdb backend - Update to 2.4.33 * Added slapd-meta cn=config support * Fixed slapd alock handling on Windows (ITS#7361) * Fixed slapd acl handling with zero-length values (ITS#7350) * Fixed slapd syncprov to not reference ops inside a lock (ITS#7172) * Fixed slapd delta-syncrepl MMR with large attribute values (ITS#7354) * Fixed slapd slapd_rw_destroy function (ITS#7390) * Fixed slapd-ldap idassert bind handling (ITS#7403) * Fixed slapo-constraint with multiple modifications (ITS#7168) Changes in 2.4.32: * Added slappasswd loadable module support (ITS#7284) * Fixed tools to not clobber SASL_NOCANON (ITS#7271) * Fixed libldap function declarations (ITS#7293) * Fixed libldap double free (ITS#7270) * Fixed libldap debug level setting (ITS#7290) * Fixed libldap gettime() regression (ITS#6262) * Fixed libldap sasl handling (ITS#7118, ITS#7133) * Fixed libldap to correctly free socket with TLS (ITS#7241) * Fixed slapd config index renumbering (ITS#6987) * Fixed slapd duplicate error response (ITS#7076) * Fixed slapd parsing of PermissiveModify control (ITS#7298) * Fixed slapd-bdb/hdb cache hang under high load (ITS#7222) * Fixed slapd-bdb/hdb alias checking (ITS#7303) * Fixed slapd-bdb/hdb olcDbConfig changes work immediately (ITS#7338) * Fixed slapd-ldap to encode user DN during password change (ITS#7319) * Fixed slapd-ldap assertion when proxying to MS AD (ITS#6851) * Fixed slapd-ldap monitoring (ITS#7182, ITS#7225) * Fixed slapd-perl panic (ITS#7325) * Fixed slapo-accesslog memory leaks with sync replication (ITS#7292) * Fixed slapo-syncprov memory leaks with sync replication (ITS#7292) ------------------------------------------------------------------- Fri Oct 26 08:44:23 UTC 2012 - coolo@suse.com - add explicit buildrequire on groff - needed to build manuals ------------------------------------------------------------------- Tue Oct 16 07:38:01 UTC 2012 - coolo@suse.com - buildrequire krb5-mini in openldap2-client to avoid cycle - move Summary out of the %if as prepare_spec is confused about the license otherwise ------------------------------------------------------------------- Thu May 10 09:22:52 UTC 2012 - rhafer@suse.de - update to 2.4.31 * Added slapo-accesslog support for reqEntryUUID (ITS#6656) * Fixed libldap IPv6 URL detection (ITS#7194) * Fixed libldap rebinding on failed connection (ITS#7207) * Fixed slapd listener initialization (ITS#7233) * Fixed slapd cn=config with olcTLSVerifyClient (ITS#7197) * Fixed slapd delta-syncrepl fallback on non-leaf error (ITS#7195) * Fixed slapd to reject MMR setups with bad serverID setting (ITS#7200) * Fixed slapd approxIndexer key generation (ITS#7203) * Fixed slapd modification of olcSuffix (ITS#7205) * Fixed slapd schema validation with missing definitions (ITS#7224) * Fixed slapd syncrepl -c with supplied CSN values (ITS#7245) * Fixed slapd-bdb/hdb idlcache with only one element (ITS#7231) * Fixed slapo-accesslog deadlock with non-logged write ops (ITS#7088) * Fixed slapo-syncprov sessionlog check (ITS#7218) * Fixed slapo-syncprov entry leak (ITS#7234) * Fixed slapo-syncprov startup initialization (ITS#7235) ------------------------------------------------------------------- Mon Apr 23 07:08:13 UTC 2012 - rhafer@suse.de - Disabled testsuite for now. Causes problems in the buildserivce ------------------------------------------------------------------- Tue Mar 6 12:23:35 UTC 2012 - rhafer@suse.de - Update to 2.4.30 * Fixed libldap socket polling for writes (ITS#7167) * Fixed liblutil string modifications (ITS#7174) * Fixed slapd crash when attrsOnly is true (ITS#7143) * Fixed slapd syncrepl delete handling (ITS#7052,ITS#7162) * Fixed slapo-pcache time-to-refesh handling (ITS#7178) * Fixed slapo-syncprov loop detection (ITS#6024) ------------------------------------------------------------------- Mon Feb 27 14:14:23 UTC 2012 - rhafer@suse.de - Update to 2.4.29 * Fixed slapd cn=config modification of first schema element (ITS#7098) * Fixed slapd operation reuse (ITS#7107) * Fixed slapd blocked writers to not interfere with pool pause (ITS#7115) * Fixed slapd connection loop connindex usage (ITS#7131) * Fixed slapd double mutex unlock via connection_done (ITS#7125) * Fixed slapd check order in connection_write (ITS#7113) * Fixed slapd slapadd to exit on failure (ITS#7142) * Fixed slapd syncrepl reference to freed memory (ITS#7127,ITS#7132) * Fixed slapd syncrepl to ignore some errors on delete (ITS#7052) * Fixed slapd syncrepl to handle missing oldRDN (ITS#7144) * Fixed slapd-monitor compare op to update cached entry (ITS#7123) * Fixed slapo-syncprov with already abandoned operation (ITS#7150) - Included patches from RE24 branch: * only poll sockets for write as needed (ITS#7167, bnc#749082) * sycnrepl Fixes (ITS#7162) ------------------------------------------------------------------- Wed Dec 7 11:10:19 UTC 2011 - cfarrell@suse.com - license update: OLDAP-2.8 SPDX format (http://www.spdx.org/licenses) ------------------------------------------------------------------- Fri Dec 2 16:11:01 UTC 2011 - rhafer@suse.de - Update to 2.4.28 * Fixed back-mdb out of order slapadd (ITS#7090) changes in OpenLDAP 2.4.27 Release (2011/11/24): * Added slapd delta-syncrepl MMR (ITS#6734,ITS#7029,ITS#7031) * Fixed ldapmodify crash with LDIF controls (ITS#7039) * Fixed ldapsearch to honor timeout and timelimit (ITS#7009) * Fixed libldap endless looping (ITS#7035) * Fixed libldap TLS to not check hostname when using 'allow' (ITS#7014) * Fixed slapadd common code into slapcommon (ITS#6737) * Fixed slapd backend connection initialization (ITS#6993) * Fixed slapd frontend DB parsing in cn=config (ITS#7016) * Fixed slapd hang with {numbered} overlay insertion (ITS#7030) * Fixed slapd inet_ntop usage (ITS#6925) * Fixed slapd cn=config deletion of bitmasks (ITS#7083) * Fixed slapd cn=config modify replace/delete crash (ITS#7065) * Fixed slapd schema UTF8StringNormalize with 0 length values (ITS#7059) * Fixed slapd with dynamic acls for cn=config (ITS#7066) * Fixed slapd response callbacks (ITS#6059,ITS#7062) * Fixed slapd no_connection warnings with ldapi (ITS#6548,ITS#7092) * Fixed slapd return code processing (ITS#7060) * Fixed slapd sl_malloc various issues (ITS#6437) * Fixed slapd startup behavior (ITS#6848) * Fixed slapd syncrepl crash with non-replicated ops (ITS#6892) * Fixed slapd syncrepl with modrdn (ITS#7000,ITS#6472) * Fixed slapd syncrepl timeout when using refreshAndPersist (ITS#6999) * Fixed slapd syncrepl deletes need a non-empty CSN (ITS#7052) * Fixed slapd syncrepl glue for empty suffix (ITS#7037) * Fixed slapd results cleanup (ITS#6763,ITS#7053) * Fixed slapd validation of args for TLSCertificateFile (ITS#7012) * Fixed slapd-bdb/hdb to build entry DN based on parent DN (ITS#5326) * Fixed slapd-hdb with zero-length entries (ITS#7073) * Fixed slapd-hdb duplicate entries in subtree IDL cache (ITS#6983) * Fixed slapo-pcache response cleanup (ITS#6981) * Fixed slapo-ppolicy pwdAllowUserChange behavior (ITS#7021) * Fixed slapo-sssvlv issue with greaterThanorEqual (ITS#6985) * Fixed slapo-sssvlv to only return requested attrs (ITS#7061) * Fixed slapo-syncprov DSA attribute filtering for Persist mode (ITS#7019) * Fixed slapo-syncprov when consumer has newer state of our SID (ITS#7040) * Fixed slapo-syncprov crash (ITS#7025) * Added missing LDIF form of schema files (ITS#7063) ------------------------------------------------------------------- Fri Nov 25 10:42:39 UTC 2011 - coolo@suse.com - add libtool as buildrequire to avoid implicit dependency ------------------------------------------------------------------- Mon Oct 24 13:57:45 UTC 2011 - rhafer@suse.de - ACL changes to the config database only got active after slapd restart in certain cases (bnc#716895, ITS#7066). - Adjusted default DB_CONFIG to increase max values for locks and lock objects (bnc#719803) - Fix UTF8StringNormalize overrun on zero-length string (bnc#724201, ITS#7059) ------------------------------------------------------------------- Thu Jul 7 14:43:05 UTC 2011 - rhafer@suse.de - Update to 2.4.26 * Added libldap LDAP_OPT_X_TLS_PACKAGE (ITS#6969) * Fixed libldap descriptor leak (ITS#6929) * Fixed libldap socket leak (ITS#6930) * Fixed libldap get option crash (ITS#6931) * Fixed libldap lockup (ITS#6898) * Fixed libldap ASYNC TLS setup (ITS#6828) * Fixed libldap with missing \n terminations (ITS#6947) * Fixed tools double free (ITS#6946) * Fixed tools verbose output (ITS#6977) * Fixed ldapmodify SEGV on invalid LDIF (ITS#6978) * Added slapd extra_attrs database option (ITS#6513) * Fixed slapd asserts (ITS#6932) * Fixed slapd configfile param on windows (ITS#6933) * Fixed slapd config with global chaining (ITS#6843) * Fixed slapd uninitialized variables (ITS#6935) * Fixed slapd config objectclass is readonly (ITS#6963) * Fixed slapd entry response with control (ITS#6899) * Fixed slapd with unknown attrs (ITS#6819) * Fixed slapd normalization of schema RDN (ITS#6967) * Fixed slapd operations cache to 10 op limit (ITS#6944) * Fixed slapd syncrepl crash with non-replicated ops (ITS#6892) * Fixed slapd-bdb/hdb with sparse index ranges (ITS#6961) * Fixed back-ldap ppolicy updates (ITS#6711) * Fixed back-ldap with id-assert (ITS#6817) * Fixed various slapo-pcache issues (ITS#6823, ITS#6950, ITS#6951, ITS#6953, ITS#6954) * Fixed slapo-pcache database corruption (ITS#6831) * Fixed slapo-syncprov with replicated subtrees (ITS#6872) - backported delete support for child entries of overlays from master (bnc#704398) ------------------------------------------------------------------- Tue Mar 29 15:29:38 UTC 2011 - rhafer@suse.de - Updated to 2.4.25, important changes: * Fixed ldapsearch pagedresults loop (ITS#6755) * Fixed tools for incompatible args (ITS#6849) * Fixed libldap MozNSS crash (ITS#6863) * Fixed slapd add objectclasses in order (ITS#6837) * Added slapd ordering for uidNumber and gidNumber (ITS#6852) * Fixed slapd segfault when adding values out of order (ITS#6858) * Fixed slapd sortval handling (ITS#6845) * Fixed slapd-bdb with slapadd/index quick option (ITS#6853) * Fixed slapd-ldap chain cn=config support (ITS#6837) * Fixed slapd-ldap chain with slapd.conf (ITS#6857) * Fixed slapd-meta deadlock (ITS#6846) * Fixed slapo-sssvlv with multiple requests (ITS#6850) * Fixed contrib/lastbind install rules (ITS#6238) * Fixed contrib/cloak install rules (ITS#6877) ------------------------------------------------------------------- Tue Feb 22 09:46:04 UTC 2011 - rhafer@suse.de - Surpress gcc warnings about extra format string arguments for 2.3.x built as well. ------------------------------------------------------------------- Mon Feb 14 11:09:36 UTC 2011 - rhafer@suse.de - Updated to 2.4.24, important changes: * Added libldap_r,libldap formal concurrency API (ITS#6625,ITS#5421) * Added slapadd attribute value checking (ITS#6592) * Added slapcat continue mode for problematic DBs (ITS#6482) * Added slapd syncrepl suffixmassage support (ITS#6781) * Fixed liblber to not close invalid sockets (ITS#6585) * Fixed libldap referral chasing (ITS#6602) * Fixed libldap leak when chasing referrals (ITS#6744) * Fixed slapd acl parsing overflow (ITS#6611) * Fixed slapd acl when resuming parsing (ITS#6804) * Fixed slapd default config acls with overlays (ITS#6822) * Fixed slapd config leak with olcDbDirectory (ITS#6634) * Fixed slapd when first acl is value dependent (ITS#6693) * Fixed slapd-bdb slapadd -q with glued dbs (ITS#6794) * Fixed slapo-ppolicy don't update opattrs on consumers (ITS#6608) * Fixed slapo-ppolicy to allow userPassword deletion (ITS#6620) * Fixed slapo-syncprov to send error if consumer is newer (ITS#6606) * Fixed slapo-syncprov filter race condition (ITS#6708) * Fixed slapo-syncprov active mod race (ITS#6709) * Fixed slapo-syncprov to refresh if context is dirty (ITS#6710) * Fixed slapo-syncprov CSN updates to all replicas (ITS#6718) * Fixed slapo-syncprov sessionlog ordering (ITS#6716) * Fixed slapo-syncprov sessionlog with adds (ITS#6503) * Fixed slapo-syncprov mutex (ITS#6438) * Fixed slapo-syncprov mincsn check with MMR (ITS#6717) * Fixed slapo-syncprov control leak (ITS#6795) * Fixed slapo-syncprov error codes (ITS#6812) * For a comprehensive list of changes please consult the CHANGES file - removed unneeded openSUSE 11.0 specifc patch ------------------------------------------------------------------- Tue Feb 1 10:08:06 UTC 2011 - rhafer@suse.de - slapadd -q could crash for glued bdb/hdb databases ------------------------------------------------------------------- Wed Jan 19 15:05:27 UTC 2011 - rhafer@suse.de - Install the correct schema2ldif script (bnc#665530) ------------------------------------------------------------------- Wed Jan 5 15:48:27 UTC 2011 - rhafer@novell.com - Fixed quotation in init-script to avoid errors when calling it from within /etc/openldap/slapd.d/cn=config/ (bnc#660492). ------------------------------------------------------------------- Fri Nov 12 12:31:57 UTC 2010 - rhafer@novell.com - Surpress gcc warnings about extra format string arguments. - Split-off openldap2-doc (noarch) package (Admin Guide and IDs) - Backported -VVV commandline switch for slapd from HEAD (to list enabled static overlays) - Build all overlays except syncprov and ppolicy as dynamic modules (Fixes bnc#648479, FATE#307837) - Added README.dynamic-overlays to point out some details about dynamic overlays - simplified pie-compile patch and adjusted it to work with dynamic overlays ------------------------------------------------------------------- Tue Oct 5 14:39:46 UTC 2010 - rhafer@novell.com - Handle the libdb-4_5 -> libdb-4_8 Version update by opening the Databases with DB_RECOVER if a version mismatch is detected. ------------------------------------------------------------------- Sun Oct 3 22:55:34 UTC 2010 - cristian.rodriguez@opensuse.org - Do not include Build date and time in binaries, this avoids build-compare failures and unhelpful rebuilds/republishes ------------------------------------------------------------------- Wed Sep 29 09:21:52 UTC 2010 - rhafer@novell.com - Don't build 2.3 slapcat anymore for 11.3 and newer. We switch to 2.4 long ago. - Removed automatic 2.3->2.4 migration in %post - moved back-sql examples to make rpmlint happy ------------------------------------------------------------------- Thu Aug 26 14:04:06 UTC 2010 - rhafer@novell.com - Fix listener URIs in init script to make SLP registration work again (bnc#620389) ------------------------------------------------------------------- Fri Jul 23 07:49:40 UTC 2010 - rhafer@novell.com - Fixed RPM Group and Summary Tags (bnc#624980) ------------------------------------------------------------------- Thu Jul 1 13:02:13 UTC 2010 - rhafer@novell.com - Updated to 2.4.23: * Fixed libldap to return server's error code (ITS#6569) * Fixed libldap memleaks (ITS#6568) * Fixed liblutil off-by-one with delta (ITS#6541) * Fixed slapd acls with glued databases (ITS#6468) * Fixed slapd syncrepl rid logging (ITS#6533) * Fixed slapd modrdn handling of invalid values (bnc#612430, ITS#6570) * Fixed slapd-bdb hasSubordinates computation (ITS#6549) * Fixed slapd-bdb to use memcpy instead for strcpy (ITS#6474) * Fixed slapd-bdb entry cache delete failure (ITS#6577) * Fixed slapd-ldap to return control responses (ITS#6530) * Fixed slapo-ppolicy to use Debug (ITS#6566) * Fixed slapo-refint to zero out freed DN vals (ITS#6572) * Fixed slapo-rwm to use Debug (ITS#6566) * Fixed slapo-sssvlv to use Debug (ITS#6566) * Fixed slapo-syncprov lost deletes in refresh phase (bnc#606294, ITS#6555) * Fixed slapo-valsort to use Debug (ITS#6566) * Fixed contrib/nssov network.c missing patch (ITS#6562) - New subpackage openldap2-back-sql. Contains the SQL backend module plus some documentation (bnc#395719) - generate Patches from git tree (resulted in all patches being renamed) - installing binaries without stripping them is done by setting the STRIP enviroment variable instead for patching the Makefile now - Fixed a bug in the syncprov overlay which could lead to not replicate delete Operations (ITS#6555, bnc#606294) - BuildRequires cleanup ------------------------------------------------------------------- Thu Jul 1 12:48:18 UTC 2010 - rhafer@novell.com - LDAP clients could crash the server by submitting a specially crafted LDAP ModRDN operation. (bnc#612430, ITS#6570) - Delete Operations happening during the "Refresh" phase of "refreshAndPersist" replication failed to replicate under certain circumstances (bnc#606294, ITS#6555) ------------------------------------------------------------------- Mon May 10 13:35:59 UTC 2010 - rhafer@novell.com - Create /var/run/slapd on demand. /var/run might be mounted on tmpfs. ------------------------------------------------------------------- Thu Apr 15 08:18:49 UTC 2010 - adrian@suse.de - fix build dependency cycle for -client package with openslp ------------------------------------------------------------------- Wed Mar 17 13:06:12 UTC 2010 - rhafer@novell.com - Fixed quotation in sed expression to escape ldapi path in init script ------------------------------------------------------------------- Tue Mar 16 10:01:39 UTC 2010 - rhafer@novell.com - Removed obsolete hunk from openldap2.dif - Remove ldap.conf patch to use saner default for Certificate verification (bnc#575146) ------------------------------------------------------------------- Sat Feb 13 23:11:03 CET 2010 - rguenther@suse.de - Add fix for stricter fortification checks of GCC 4.5. ------------------------------------------------------------------- Thu Jan 7 15:47:20 UTC 2010 - rhafer@novell.com - Updated to 2.4.21: * Fixed liblutil for negative microsecond offsets (ITS#6405) * Fixed slapd global settings to work without restart (ITS#6428) * Fixed slapd looping with SSL/TLS connections (ITS#6412) * Fixed slapd syncrepl freeing tasks from queue (ITS#6413) * Fixed slapd syncrepl parsing of tls defaults (ITS#6419) * Fixed slapd syncrepl uninitialized variables (ITS#6425) * Fixed slapd-config Adds with Abstract classes (ITS#6408) * Fixed slapo-dynlist behavior with simple filters (ITS#6421) * Fixed slapd-ldif access outside database directory (ITS#6414) * Fixed slapo-translucent with back-null (ITS#6403) * Fixed slapo-unique criteria checking (ITS#6270) - removed some obsolete RPM dependencies - Added missing tags to init script to silence rpmlint warnings ------------------------------------------------------------------- Thu Dec 10 15:41:11 UTC 2009 - rhafer@novell.com - Fixed an issue in back-config's objectclass inheritence code that could cause the server to fail to start or to spin in an endless loop (bnc#558059,ITS#6408) - default the tls_reqcert parameter of a syncrepl config to "demand" as documented even if other tls_ options are absent (bnc#558397, ITS#6319) - apply changes to the global size and timelimits to all database that don't specify limits themself. (bnc#562184, ITS#6428) ------------------------------------------------------------------- Mon Nov 30 16:09:22 UTC 2009 - rhafer@novell.com - Update to 2.4.20 (fate#306593), most important fixes since 2.4.19 * Fixed liblber embedded NUL values in BerValues (ITS#6353) * Fixed libldap sasl buffer sizing (ITS#6327,ITS#6334) * Fixed libldap uninitialized return value (ITS#6355) * Fixed libldap unlimited timeout (ITS#6388) * Added slapd handling of hex server IDs (ITS#6297) * Fixed slapd checks of str2filter (ITS#6391) * Fixed slapd configArgs initialization (ITS#6363) * Fixed slapd db_open with connection_fake_init (ITS#6381) * Fixed slapd with embedded \0 in bervals (ITS#6378,ITS#6379) * Fixed slapd inclusion of ac/unistd.h (ITS#6342) * Fixed slapd sl_free to better reclaim memory (ITS#6380) * Fixed slapd syncrepl deletes in MirrorMode (ITS#6368) * Fixed slapd syncrepl to use correct SID (ITS#6367) * Fixed slapd tls_accept to retry in certain cases (ITS#6304) * Fixed slapd-bdb/hdb cache corruption (ITS#6341) * Fixed slapd-bdb/hdb entry cache (ITS#6360) * Fixed slapo-syncprov checkpoint conversion (ITS#6370) * Fixed slapo-syncprov deadlock (ITS#6335) * Fixed slapo-syncprov out of order changes (ITS#6346) - Added switch to enable/disable testsuite (%run_test_suite) ------------------------------------------------------------------- Tue Nov 3 19:13:32 UTC 2009 - coolo@novell.com - updated patches to apply with fuzz=0 ------------------------------------------------------------------- Mon Sep 28 13:59:18 UTC 2009 - rhafer@novell.com - Added schema2ldif tool to openldap2-client subpackage (bnc#541819) ------------------------------------------------------------------- Wed Sep 23 15:35:13 UTC 2009 - rhafer@novell.com - Changed permissions on /var/run/slapd to a saner default for ldapi:/// (bnc#536729) ------------------------------------------------------------------- Wed Sep 9 07:48:20 UTC 2009 - rhafer@novell.com - libldap's check of the hostname against the TLS Certificate's CN Attribute did not handle possible NUL bytes in the CN correctly and was vulnerable against attacks with spoofed Certificates. (bnc#537143, ITS#6239) ------------------------------------------------------------------- Tue Jul 14 14:02:11 CEST 2009 - rhafer@novell.com - Update to 2.4.17. Most important changes: * Fixed liblber to use ber_strnlen (ITS#6080) * Fixed libldap openssl digest initialization (ITS#6192) * Fixed libldap tls NULL error messages (ITS#6079) * Added slapd sasl auxprop support (ITS#6147) * Added slapd schema checking tool (ITS#6150) * Added slapd writetimeout keyword (ITS#5836) * Fixed slapd abandon/cancel handling for some ops (ITS#6157) * Fixed slapd access setstyle to expand (ITS#6179) * Fixed slapd assert with closing connections (ITS#6111) * Fixed slapd bind race condition (ITS#6189) * Fixed slapd cert validation (ITS#6098) * Fixed slapd connection_destroy assert (ITS#6089) * Fixed slapd csn normalization (ITS#6195) * Fixed slapd errno handling (ITS#6037) * Fixed slapd hung writers (ITS#5836) * Fixed slapd ldapi issues (ITS#6056) * Fixed slapd normalization of updated schema attributes (ITS#5540) * Fixed slapd olcLimits handling (ITS#6159) * Fixed slapd olcLogLevel with hex levels (ITS#6162) * Fixed slapd sending cancelled operations results (ITS#6103) * Fixed slapd slapi_entry_has_children (ITS#6132) * Fixed slapd sockets usage on windows (ITS#6039) * Fixed slapd some abandon and cancel race conditions (ITS#6104) * Fixed slapd tls context after changes (ITS#6135) * Fixed slapd-bdb/hdb adjust dncachesize if too low (ITS#6176) * Fixed slapd-bdb/hdb crashes during delete (ITS#6177) * Fixed slapd-bdb/hdb multiple olcIndex for same attr (ITS#6196) * Fixed slapd-hdb freeing of already freed entries (ITS#6074) * Fixed slapd-hdb entryinfo cleanup (ITS#6088) * Fixed slapd-hdb dncache lockups (ITS#6095) * Fixed slapd-ldap deadlock with non-responsive TLS URIs (ITS#6167) * Fixed slapo-ppolicy to honor pwdLockout (ITS#6168) * Fixed slapo-ppolicy to return check modules error message (ITS#6082) * Added slapo-rwm rwm-drop-unrequested-attrs config option (ITS#6057) * Fixed slapo-rwm dn passing (ITS#6070) * Fixed slapo-rwm entry free/release (ITS#6058, ITS#6081) * Fixed tools returning ldif errors (ITS#5892) - Backported fix for failing back-monitor test from HEAD - re-enabled some formerly disabled tests from the testsuite ------------------------------------------------------------------- Mon Jun 29 14:24:56 CEST 2009 - rhafer@novell.com - Fixed Summary/Description for -client subpackage ------------------------------------------------------------------- Thu Jun 25 17:29:03 CEST 2009 - rhafer@novell.com - Improved connection check in init script (bnc#510295) ------------------------------------------------------------------- Mon Jun 15 12:12:17 CEST 2009 - rhafer@novell.com - Fixed complilation with newer glibc (2.3.X release needs GNU_SOURCE defined as well in getpeerid.c) ------------------------------------------------------------------- Wed Apr 29 17:07:33 CEST 2009 - rhafer@novell.com - gcc 4.4 fixes ------------------------------------------------------------------- Mon Apr 6 15:41:05 CEST 2009 - rhafer@suse.de - Update to 2.4.16. Most important fixes: * Fixed libldap segfault in checking cert/DN (ITS#5976) * Fixed libldap peer cert double free (ITS#5849) * Fixed libldap referral chasing (ITS#5980) * Fixed slapd backglue with empty DBs (ITS#5986) * Fixed slapd ctxcsn race condition (ITS#6001) * Fixed slapd debug message (ITS#6027) * Fixed slapd redundant module loading (ITS#6030) * Fixed slapd schema_init freed value (ITS#6036) * Fixed slapd syncrepl newCookie sync messages (ITS#5972) * Fixed slapd syncrepl hang during shutdown (ITS#6011) * Fixed slapd syncrepl too many MMR messages (ITS#6020) * Fixed slapd syncrepl skipped entries with MMR (ITS#5988) * Fixed slapd-bdb/hdb cachesize handling (ITS#5860) * Fixed slapd-bdb/hdb with slapcat with empty dn (ITS#6006) * Fixed slapd-bdb/hdb with NULL transactions (ITS#6012) * Fixed slapd-ldap incorrect referral handling (ITS#6003,ITS#5916) * Fixed slapd-ldap/meta with broken AD results (ITS#5977) * Fixed slapd-ldap/meta with invalid attrs again (ITS#5959) * Fixed slapo-accesslog interaction with ppolicy (ITS#5979) * Fixed slapo-dynlist conversion to cn=config (ITS#6002) * Fixed various slapo-syncprov issues (ITS#5972, ITS#6020, ITS#5985, ITS#5999, ITS#5973, ITS#6045, ITS#6024, ITS#5988) - Fix building on older openSUSE releases ------------------------------------------------------------------- Fri Mar 20 14:00:20 CET 2009 - rhafer@suse.de - Update to 2.4.15. Most important changes: * Fixed slapd bconfig conversion again (ITS#5346) * Fixed slapd behavior with superior objectClasses again (ITS#5517) * Fixed slapd RFC4512 behavior with same attr in RDN (ITS#5968) * Fixed slapd corrupt contextCSN (ITS#5947) * Fixed slapd syncrepl order to match on add/delete (ITS#5954) * Fixed slapd adding rdn with other values (ITS#5965) * Fixed slapd-bdb/hdb behavior with unallocatable shm (ITS#5956) * Fixed slapd-ldap/meta with entries with invalid attrs (ITS#5959) * Fixed slapo-pcache caching invalid entries (ITS#5927) * Fixed slapo-syncprov csn updates (ITS#5969) * Added libldap option to disable SASL host canonicalization (ITS#5812) * Fixed libldap chasing multiple referrals (ITS#5853) * Fixed libldap setuid usage with .ldaprc (ITS#4750) * Fixed libldap deref handling (ITS#5768) * Fixed libldap NULL pointer deref (ITS#5934) * Fixed libldap peer cert memory leak (ITS#5849) * Fixed libldap intermediate response behavior (ITS#5896) * Fixed libldap IPv6 address handling (ITS#5937) * Fixed libldap_r deref building (ITS#5768) * Fixed libldap_r slapd lockup when paused during shutdown (ITS#5841) * Fixed slapd acl checks on ADD (ITS#4556,ITS#5723) * Fixed slapd acl application to newly created backends (ITS#5572) * Fixed slapd bconfig to return error codes (ITS#5867) * Fixed slapd bconfig encoding incorrectly (ITS#5897) * Fixed slapd bconfig dangling pointers (ITS#5924) * Fixed slapd epoll handling (ITS#5886) * Fixed slapd glue with MMR (ITS#5925) * Fixed slapd listener comparison (ITS#5613) * Fixed various syncrepl issues (ITS#5809,ITS#5850, ITS#5843, ITS#5866, ITS#5901, ITS#5881, ITS#5935, ITS#5710, ITS#5781, ITS#5809, ITS#5798, ITS#5826) * Fixed slapd-bdb/hdb dncachesize handling (ITS#5860) * Fixed slapd-bdb/hdb trickle task usage (ITS#5864) * Fixed slapd-hdb idlcache with empty suffix (ITS#5859) ------------------------------------------------------------------- Wed Jan 7 12:34:56 CET 2009 - olh@suse.de - obsolete old -XXbit packages (bnc#437293) ------------------------------------------------------------------- Fri Dec 12 14:45:07 CET 2008 - rhafer@suse.de - Fixed openldap2-devel dependencies (bnc#457989) ------------------------------------------------------------------- Tue Dec 9 11:11:38 CET 2008 - rhafer@suse.de - Fixed a bug in the threadpool implementation that could cause slapd to lockup when shutting down while the pool is paused. (bnc#450457, ITS#5841) ------------------------------------------------------------------- Fri Nov 28 14:08:16 CET 2008 - rhafer@suse.de - Disable the slapadd trickle-task it cause performance issues when using libdb-4.5 (bnc#449641) - removed obsolete configure option (ldbm backend does not exist in OpenLDAP 2.4) ------------------------------------------------------------------- Fri Nov 21 16:39:20 CET 2008 - ro@suse.de - update check-build.sh ------------------------------------------------------------------- Wed Nov 5 12:01:57 CET 2008 - rhafer@suse.de - Fixed database shutdown sequence (bnc#441774, ITS#5745) ------------------------------------------------------------------- Tue Nov 4 14:10:24 CET 2008 - rhafer@suse.de - Handle ldbm databases in updates from 2.3 release (bnc#440589) ------------------------------------------------------------------- Thu Oct 23 12:59:08 CEST 2008 - rhafer@suse.de - the helper function to create various LDAP controls returned wrong error codes under certain circumstances (bnc#429064, ITS#5762) - Fixed referral chasing in chain-overlay (bnc#438088, ITS#5742) - Fixed back-config integration of overlays with private instances of databases (translucent, chain, ...) (bnc#438094, ITS#5736) ------------------------------------------------------------------- Mon Oct 13 11:33:57 CEST 2008 - rhafer@suse.de - Added missing #include to slapo-collect ------------------------------------------------------------------- Sun Oct 12 23:51:09 CEST 2008 - rhafer@suse.de - Update to 2.4.12. Most important changes: * Fixed libldap ldap_utf8_strchar arguments (ITS#5720) * Fixed libldap TLS_CRLFILE (ITS#5677) * Fixed librewrite memory handling (ITS#5691) * Fixed slapd attribute leak (ITS#5683) * Fixed slapd config backend with index greater than sibs (ITS#5684) * Fixed slapd custom attribute inheritance (ITS#5642) * Fixed slapd firstComponentMatch normalization (ITS#5634) * Fixed slapd connection events enabled twice (ITS#5725) * Fixed slapd memory handling (ITS#5691) * Fixed slapd objectClass canonicalization (ITS#5681) * Fixed slapd objectClass termination (ITS#5682) * Fixed slapd overlay control registration (ITS#5649) * Fixed slapd runqueue checking (ITS#5726) * Fixed slapd sortvals comparison (ITS#5578) * Fixed slapd syncrepl contextCSN detection (ITS#5675) * Fixed slapd syncrepl error logging (ITS#5618) * Fixed slapd syncrepl runqueue interval (ITS#5719) * Fixed slapd-bdb entry return if attr not present (ITS#5650) * Fixed slapd-bdb/hdb release search entries earlier (ITS#5728,ITS#5730) * Fixed slapd-bdb/hdb subtree search with empty suffix (ITS#5729) * Fixed slapo-memberof internal operations DN (ITS#5622) * Fixed slapo-pcache attrset crash (ITS#5665) * Fixed slapo-pcache caching with invalid schema (ITS#5680) * Fixed slapo-ppolicy control return on password modify exop (ITS#5711) - removed obsolete patches ------------------------------------------------------------------- Mon Oct 6 10:49:23 CEST 2008 - rhafer@suse.de - remove some problematic test-cases, that cause a lot of unreproducable buildfailures - check for exisitence of /etc/openldap/slapd.conf in init-script assume back-config usage if it isn't present (bnc#428168) ------------------------------------------------------------------- Wed Sep 24 10:58:09 CEST 2008 - rhafer@suse.de - Mark Schema and SuSEfirewall files as %config - openldap2-back-perl requires perl - Give more meaningful error messages when index configuration fails (bnc#429150) ------------------------------------------------------------------- Fri Sep 19 17:52:55 CEST 2008 - rhafer@suse.de - Reduced debug-level during "make test" to reduce required disk space and buildtime ------------------------------------------------------------------- Thu Sep 18 13:02:21 CEST 2008 - rhafer@suse.de - Fixed init-script dependencies (bnc#426214) ------------------------------------------------------------------- Fri Sep 12 10:09:28 CEST 2008 - rhafer@suse.de - Backported fix for a crash in back-config when adding entries with a too large index (ITS#5684) - Backported fix for a crash when adding an invalid olcBdbConfig Entry to back-config (ITS#5698) ------------------------------------------------------------------- Tue Sep 9 17:22:18 CEST 2008 - rhafer@suse.de - Removed getaddrinfo workaround. Recent glibc doesn't need it anymore (bnc#288879, ITS#5251) - Server requires libldap of the same version. ------------------------------------------------------------------- Mon Sep 8 16:07:47 CEST 2008 - rhafer@suse.de - Import back-config support for deleting databases from CVS HEAD ------------------------------------------------------------------- Tue Sep 2 09:18:05 CEST 2008 - rhafer@suse.de - Dropped evolution specific ntlm-bind Patch (Fate#303480) ------------------------------------------------------------------- Thu Aug 28 11:46:08 CEST 2008 - rhafer@suse.de - added ldapns.schema , to allow to use pam_ldap's "check_host_attr" and "check_service_attr" features (bnc#419984) - backport overlay_register_control fix from HEAD (bnc#420016, ITS#5649) ------------------------------------------------------------------- Mon Aug 18 18:10:07 CEST 2008 - mrueckert@suse.de - remove outdated options in the fillup_and_insserv call ------------------------------------------------------------------- Mon Aug 18 11:00:13 CEST 2008 - rhafer@suse.de - fixed LSB-Headers in init-script ------------------------------------------------------------------- Wed Aug 13 17:25:25 CEST 2008 - ro@suse.de - try to fix build for buildservice (BUILD_INCARNATION can be empty) ------------------------------------------------------------------- Mon Aug 11 11:06:08 CEST 2008 - rhafer@suse.de - /usr/lib/sasl2/slapd.conf was moved to /etc/sasl2/slapd.conf (bnc#412652) - adjust ownerships of database directories even when using back-config ------------------------------------------------------------------- Thu Jul 31 11:40:35 CEST 2008 - rhafer@suse.de - Enable back-config delete support ------------------------------------------------------------------- Tue Jul 29 15:32:05 CEST 2008 - rhafer@suse.de - Update to Version 2.4.11. Most important changes: * Fixed liblber ber_get_next length decoding (ITS#5580) * Added libldap assertion control (ITS#5560) * Fixed liblutil missing return code (ITS#5615) * Fixed slapd cert serial number parsing (ITS#5588) * Fixed slapd check for structural_class failures (ITS#5540) * Fixed slapd config backend renumbering (ITS#5571) * Fixed slapd configContext OID (ITS#5383) * Fixed slapd crash with no listeners (ITS#5563) * Fixed slapd sets memory leak (ITS#5557) * Fixed slapd sortvals binary search (ITS#5578) * Fixed slapd syncrepl updates with multiple masters (ITS#5597) * Fixed slapd syncrepl superior objectClass delete/add (ITS#5600) * Fixed slapd syncrepl/slapo-syncprov contextCSN updates as internal ops (ITS#5596) * Fixed slapo-memberof replace handling (ITS#5584) * Added slapo-nssov contrib module * Fixed slapo-pcache handling of negative search caches (ITS#5546) * Fixed slapo-ppolicy DNs with whitespaces (ITS#5552) * Fixed slapo-ppolicy modify with internal ops (ITS#5569) * Fixed slapo-syncprov ACL evaluation (ITS#5548) * Fixed slapo-syncprov crash with delcsn (ITS#5589) * Fixed slapo-syncprov full reload (ITS#5564) * Fixed slapo-syncprov missing olcSpReloadHint attr(ITS#5591) * Fixed slapo-unique filter normalization (ITS#5581) ------------------------------------------------------------------- Mon Jun 30 16:32:10 CEST 2008 - rhafer@suse.de - Only apply -fPIE patch to recent Distributions - removed -fPIE from the slapcat-2.3 build - Adjust BuildRequires for older Distributions ------------------------------------------------------------------- Fri Jun 27 10:57:53 CEST 2008 - coolo@suse.de - make sure the subpacks are only in one spec file declared ------------------------------------------------------------------- Tue Jun 24 11:08:00 CEST 2008 - rhafer@suse.de - branched off libldap-2_4-2 package to support the shared library packaging policy ------------------------------------------------------------------- Wed Jun 11 13:03:29 CEST 2008 - rhafer@suse.de - Update to Version 2.4.10. Most important changes: * Fixed libldap ld_defconn cleanup if it was freed (ITS#5518, ITS#5525) * Fixed libldap msgid handling (ITS#5318) * Fixed libldap t61 infinite loop (ITS#5542) * Fixed libldap_r missing stubs (ITS#5519) * Fixed slapd initialization of sr_msgid, rs->sr_tag (ITS#5461) * Fixed slapd missing termination of integerFilter keys (ITS#5503) * Fixed slapd multiple attrs in URI (ITS#5516) * Fixed slapd sasl_ssf retrieval (ITS#5403) * Fixed slapd socket assert (ITS#5489) * Fixed slapd syncrepl cookie (ITS#5536) * Fixed slapd-bdb/hdb MAXPATHLEN (ITS#5531) * Fixed slapd-bdb indexing in single ADD/MOD (ITS#5521) * Fixed slapd-ldap entry_get() op-dependent behavior (ITS#5513) * Fixed slapd-meta quarantine crasher (ITS#5522) * Fixed slapo-refint to allow setting modifiers name (ITS#5505) * Fixed slapo-syncprov contextCSN passing on syncprov consumers (ITS#5488) * Fixed slapo-syncprov csn update with delta-syncrepl (ITS#5493) * Fixed slapo-syncprov op2.o_extra reset (ITS#5501, #5506) * Fixed slapo-syncprov searching wrong backend (ITS#5487) * Fixed slapo-syncprov sending ops without queued CSNs (ITS#5465) * Fixed slapo-syncprov max csn search on startup (ITS#5537) * Fixed slapo-unique config structs (ITS#5526) * Fixed slapo-unique filter terminator (ITS#5511) ------------------------------------------------------------------- Fri May 16 13:24:11 CEST 2008 - rhafer@suse.de - Support update from 2.3 releases (bnc#390247) ------------------------------------------------------------------- Thu May 8 08:55:00 CEST 2008 - rhafer@suse.de - Update to Version 2.4.9. Most important changes: * Fixed libldap to use unsigned port (ITS#5436) * Fixed libldap error message for missing close paren (ITS#5458) * Fixed libldap_r tpool pause checks (ITS#5364, #5407) * Fixed slapcat error checking (ITS#5387) * Fixed slapd abstract objectClass inheritance check (ITS#5474) * Fixed slapd add operations requiring naming attrs (ITS#5412) * Fixed slapd connection handling (ITS#5469) * Fixed slapd frontendDB backend selection (ITS#5419) * Fixed slapd pagedresults stale state (ITS#5409) * Fixed slapd pointer dereference (ITS#5388) * Fixed slapd null argument dereference (ITS#5435) * Fixed slapd REP_ENTRY flags (ITS#5340) * Fixed slapd value list termination (ITS#5450) * Fixed slapd-bdb ID_NOCACHE handling (ITS#5439) * Fixed slapd-bdb entryinfo state if db_lock fails (ITS#5455) * Fixed slapd-bdb referral rewrite (ITS#5339) * Fixed slapd-config overlay stacking (ITS#5346) * Fixed slapd-config attribute publishing (ITS#5383) * Fixed slapd-ldap connection handler (ITS#5404) * Fixed slapd-ldif file name handling & multi-suffix/dir catch (ITS#5408) * Fixed slapd-meta connections on error (ITS#5440) * Fixed slapd-meta crash on search (ITS#5481) * Various syncrepl fixes (ITS#5407, ITS#5413, ITS#5426, ITS#5430, ITS#5432, ITS#5454, ITS#5397, ITS#5470) * Various slapo-syncprov fixes (ITS#5401, ITS#5405, ITS#5418, ITS#5486, ITS#5433, ITS#5434, ITS#5437, ITS#5444, ITS#5445, ITS#5484, ITS#5451) ------------------------------------------------------------------- Fri Apr 25 10:56:18 CEST 2008 - rhafer@suse.de - Adjust ownership of DB_CONFIG to ldap:ldap (bnc#376204) ------------------------------------------------------------------- Thu Apr 10 23:07:30 CEST 2008 - matz@suse.de - Compile with glibc 2.8. ------------------------------------------------------------------- Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de - added baselibs.conf file to build xxbit packages for multilib support ------------------------------------------------------------------- Thu Apr 3 14:26:12 CEST 2008 - rhafer@suse.de - removed apparmor profile ------------------------------------------------------------------- Mon Mar 3 08:50:18 CET 2008 - rhafer@suse.de - revert last change and make libldap_r available again as some packages seem to directly rely on libldap_r. Assume they know of the libldap_r's limitations. ------------------------------------------------------------------- Wed Feb 27 11:21:39 CET 2008 - rhafer@suse.de - Moved libldap_r from -client subpackage to the main server package as it is only meant to be used by slapd. - Removed static libldap_r.a library and libldap_r.so link from -devel subpackage. External programs should only use the "normal" libldap library. ------------------------------------------------------------------- Wed Feb 20 09:49:30 CET 2008 - rhafer@suse.de - Update to Version 2.4.8. Most important changes: * Fixed libldap extended decoding (ITS#5304) * Fixed libldap filter abort (ITS#5300) * Fixed libldap ldap_parse_sasl_bind_result (ITS#5263) * Fixed libldap result codes for open (ITS#5338) * Fixed libldap search timeout crash (ITS#5291) * Fixed libldap paged results crash (ITS#5315) * Fixed slapd support for 2.1 CSN (ITS#5348) * Fixed slapd include handling (ITS#5276) * Fixed slapd modrdn check for valid new DN (ITS#5344) * Fixed slapd multi-step SASL binds (ITS#5298) * Fixed slapd overlay ordering when moving to slapd.d (ITS#5284) * Fixed slapd NULL printf (ITS#5264) * Fixed slapd NULL set values (ITS#5286) * Fixed slapd timestamp race condition (ITS#5370) * Fixed slapd cn=config crash on delete (ITS#5343) * Fixed slapd cn=config global acls (ITS#5352) * Fixed slapd truncated cookie (ITS#5362) * Fixed slapd str2entry with no attrs (ITS#5308) * Fixed slapd TLSVerifyClient default (ITS#5360) * Fixed slapd delta-syncrepl refresh mode (ITS#5376) * Fixed slapd ACL sets URI attrs (ITS#5384) * Fixed slapd invalid entryUUID filter (ITS#5386) * Fixed slapd-bdb idlcache on adds (ITS#5086) * Fixed slapd-bdb crash with modrdn (ITS#5358) * Fixed slapd-bdb modrdn to same dn (ITS#5319) * Fixed slapd-bdb MMR (ITS#5332) * Fixed slapd-meta setting of sm_nvalues (ITS#5375) * Fixed slapd-monitor crash (ITS#5311) * Fixed slapo-ppolicy only password check with policy (ITS#5285) * Fixed slapo-ppolicy del/replace password without new one (ITS#5373) * Fixed slapo-syncprov hang on checkpoint (ITS#5261) ------------------------------------------------------------------- Thu Jan 10 15:06:12 CET 2008 - rhafer@suse.de - Removed bogus debugging output from slapd_getaddrinfo_dupl.dif ------------------------------------------------------------------- Wed Jan 9 13:29:33 CET 2008 - rhafer@suse.de - Fixed allocation for paged results cookie (Bug #352255, ITS#5315) ------------------------------------------------------------------- Fri Dec 14 13:53:33 CET 2007 - rhafer@suse.de - Update to Version 2.4.7. Most important changes: * Added slapd ordered indexing of integer attributes (ITS#5239) * Fixed slapd paged results control handling (ITS#5191) * Fixed slapd sasl-host parsing (ITS#5209) * Fixed slapd filter normalization (ITS#5212) * Fixed slapd multiple suffix checking (ITS#5186) * Fixed slapd paged results handling when using rootdn (ITS#5230) * Fixed slapd syncrepl presentlist handling (ITS#5231) * Fixed slapd core schema 'c' definition for RFC4519 (ITS#5236) * Fixed slapd 3-way Multi-Master Replication (ITS#5238) * Fixed slapd hash collisions in index slots (ITS#5183) * Fixed slapd replication of dSAOperation attributes (ITS#5268) * Fixed slapadd contextCSN updating (ITS#5225) * Fixed slapd-bdb/hdb to report and fail on internal errors (ITS#5232) * Fixed slapd-bdb/hdb dn2entry lock bug (ITS#5257) * Fixed slapd-bdb/hdb dn2id lock bug (ITS#5262) * Fixed slapd-hdb caching on rename ops (ITS#5221) * Fixed slapo-accesslog abandoned op cleanup (ITS#5161) * Fixed slapo-dds deleting from nonexistent db (ITS#5267) * Fixed slapo-memberOf deleted values saving (ITS#5258) * Fixed slapo-pcache op->o_abandon handling (ITS#5187) * Fixed slapo-ppolicy single password check on modify (ITS#5146) * Fixed slapo-ppolicy internal search (ITS#5235) * Fixed slapo-syncprov refresh and persist cookie sending (ITS#5210) * Fixed slapo-syncprov ignore invalid cookies (ITS#5211) * Fixed slapo-translucent interaction with slapo-rwm (ITS#4889) ------------------------------------------------------------------- Thu Nov 29 15:43:11 CET 2007 - rhafer@suse.de - check for duplicates in getaddrinfo results and ignore them. (Bug #288879) ------------------------------------------------------------------- Tue Nov 27 13:51:52 CET 2007 - rhafer@suse.de - The init-script removed directory access on /etc/openldap/slapd.d (Bug #344091) ------------------------------------------------------------------- Mon Nov 26 15:56:28 CET 2007 - rhafer@suse.de - Update to Version 2.4.6. Initial 2.4 release for "general use". New features: * Usability/Manageability: - More complete Documentation (manual pages and Admin Guide) - dynamic configuration and monitoring improvments * More functionality - New overlays (dds, memberof, constraint) - Multimaster syncrepl replication * Performance improvments: - Further optimized frontend - Reduced locking contention in backend - back-config support through new sysconfig option "OPENLDAP_CONFIG_BACKEND" - Install admin guide from the main tarball, to get rid of the admin-guide tarball - New sysconfig options: * OPENLDAP_START_LDAP to allow to disable the ldap:// listener * OPENLDAP_LDAPI_INTERFACES to specify the paths for the ldapi:/// listeners ------------------------------------------------------------------- Mon Oct 29 16:59:18 CET 2007 - rhafer@suse.de - Update to Version 2.3.39. Most important changes: * Fixed slapd database/overlay config conflict (ITS#4848) * Fixed slapd password_hash config order (ITS#5082) * Fixed slapd slap_mods_check bug (ITS#5119) * Fixed slapd ACL sets memory handling (ITS#4860,ITS#4873) * Fixed slapd ordered values add normalization issue (ITS#5136) * Fixed slapd-bdb DB_CONFIG conversion bug (ITS#5118) * Fixed slapd-ldap search control parsing (ITS#5138) * Fixed slapd-ldap SASL idassert w/o authcId * Fixed slapd-ldif directory separators in DN (ITS#5172) * Fixed slapd-meta conn caching on bind failure (ITS#5154) * Fixed slapd-meta bind timeout assertion (ITS#5185) * Fixed slapd-sql concurrency issue (ITS#5095) * Fixed slapo-chain double-free (ITS#5137) * Fixed slapo-pcache and -rwm interaction fix (ITS#4991) * Fixed slapo-pcache non-null terminated array crasher (ITS#5163) * Fixed slapo-rwm modlist handling (ITS#5124) * Fixed slapo-rwm UUID in filter (ITS#5168) * Fixed sasl SASL_SSF_EXTERNAL type (ITS#3864) * Fixed liblber Windows x64 portability (ITS#5105) * Fixed libldap ppolicy control creation (ITS#5103) - Silenced some rpmlint warnings ------------------------------------------------------------------ Wed Aug 22 13:56:25 CEST 2007 - rhafer@suse.de - Call "ldconfig" from %post and %postun in openldap2-client (Bug #298297) ------------------------------------------------------------------- Tue Jul 24 15:19:05 CEST 2007 - rhafer@suse.de - Update to Version 2.3.37. Most important changes: * Fixed slapd-glue/syncprov interaction (ITS#4623) * Fixed slapd-ldap search reference crash (ITS#5025) * Fixed slapd-ldbm crash on Compare op (ITS#5044) * Fixed slapo-rwm searchFilter double free (ITS#5043) - Most important changes in 2.3.36: * Fixed slapd mutex bug after failed startup (ITS#4957) * Fixed slapd sasl failed Bind bug (ITS#4954) * Fixed slapd sasl ssf logging (ITS#5001) * Fixed slapd tool op init (ITS#4911) * Fixed slapd-bdb no-op crasher (ITS#4925) * Fixed slapd-relay crash when no database can be selected (ITS#4958) * Fixed slapo-chain RFC3062 passwd exop handling (ITS#4964) * Fixed slapo-dynlist multiple group/url[/member] config (ITS#4989) * Fixed slapo-pcache handling of abandoned Operations (#5015) * Fixed slapo-pcache and -rwm interaction (ITS#4991) * Fixed slapo-ppolicy pwdReset/pwdMinAge (ITS#4970) * Fixed slapo-ppolicy control cleanup from ITS#4665 * Fixed slapo-syncprov cookie parsing error (ITS#4977) * Fixed slapo-valsort crash on delete op (ITS#4966) * Fixed libldap referral chasing loop (ITS#4955) * Fixed libldap response code handling on rebind (ITS#4924) * Fixed libldap SASL_MAX_BUFF_SIZE (ITS#4935) ------------------------------------------------------------------- Thu Jun 14 00:01:58 CEST 2007 - dmueller@suse.de - remove binutils prereq ------------------------------------------------------------------- Mon May 21 12:19:45 CEST 2007 - dmueller@suse.de - reduce duplicated buildrequires against db42 and db45 ------------------------------------------------------------------- Tue May 15 15:50:11 CEST 2007 - rhafer@suse.de - imported apparmor profile from apparmor (this profile is not enabled by default) ------------------------------------------------------------------- Fri May 4 14:00:39 CEST 2007 - rhafer@suse.de - Update to Version 2.3.35. Most important changes: * Fixed ldapmodify to use correct memory free functions (ITS#4901) * Fixed slapd acl set minor typo (ITS#4874) * Fixed slapd entry consistency check in str2entry2 (ITS#4852) * Fixed slapd ldapi:// credential issue (ITS#4893) * Fixed slapd str2anlist handling of undefined attrs/OCs (ITS#4854) * Fixed slapd syncrepl delta-sync modlist free (ITS#4904) * Added slapd syncrepl retry logging (ITS#4915) * Fixed slapd zero-length IA5string handling (ITS#4823) * Fixed slapd-bdb/hdb startup with missing shm env (ITS#4851) * Fixed slapd-ldap/meta consistency in referral proxying (ITS#4861) * Fixed slapd-ldap bind cleanup in case of unauthorized idassert * Fixed slapd-meta search cleanup * Fixed slapd-meta/slapo-rwm filter mapping * Fixed slapd-sql subtree shortcut (ITS#4856) * Fixed slapo-dynlist crasher (ITS#4891) * Fixed slapo-refint config message (ITS#4853) * Fixed libldap time_t signedness (ITS#4872) * Fixed libldap_r tpool reset (ITS#4855,#4899) ------------------------------------------------------------------- Wed May 2 14:05:05 CEST 2007 - dmueller@suse.de - Fix comparison with string literal ------------------------------------------------------------------- Wed Apr 18 15:16:43 CEST 2007 - schwab@suse.de - Fix generation of debuginfo packages. ------------------------------------------------------------------- Tue Mar 20 17:08:37 CET 2007 - rguenther@suse.de - removed krb5-devel BuildRequires (support via cyrus-sasl) ------------------------------------------------------------------- Thu Mar 15 14:29:22 CET 2007 - rhafer@suse.de - added Service definitions for SuSEfirewall2 (Bug #251654) ------------------------------------------------------------------- Thu Feb 22 16:50:18 CET 2007 - rhafer@suse.de - Updated to Version 2.3.34. Most important changes: * Fixed libldap missing get_option(TLS CipherSuite) (ITS#4815) * Fixed ldapmodify printing error from ldap_result() (ITS#4812) * Fixed slapadd LDIF parsing (ITS#4817) * Fixed slapd libltdl link ordering (ITS#4830) * Fixed slapd syncrepl memory leaks (ITS#4805) * Fixed slapd dynacl/ACI compatibility with 2.1 * Fixed slapd-bdb/hdb be_entry_get with aliases/referrals (ITS#4810) * Fixed slapd-ldap more response handling bugs (ITS#4782) * Fixed slapd-ldap C-API code tests (ITS#4808) * Fixed slapd-monitor NULL printf (ITS#4811) * Fixed slapo-chain spurious additional info in response (ITS#4828) * Fixed slapo-syncprov presence list (ITS#4813) * Fixed slapo-syncprov contextCSN checkpoint again (ITS#4720) * Added slapo-ppolicy cn=config support (ITS#4836) * Added slapo-auditlog cn=config support ------------------------------------------------------------------- Fri Jan 26 14:26:51 CET 2007 - rhafer@suse.de - Updated to Version 2.3.33. Most important changes: * Fixed slapd-ldap chase-referrals switch (ITS#4557) * Fixed slapd-ldap bind behavior when idassert is always used (ITS#4781) * Fixed slapd-ldap response handling bugs (ITS#4782) * Fixed slapd-ldap idassert mode=self anonymous ops (ITS#4798) * Fixed slapd-ldap/meta privileged connections handling (ITS#4791) * Fixed slapd-meta retrying (ITS#4594, 4762) * Fixed slapo-chain referral DN use (ITS#4776) * Fixed slapo-dynlist dangling pointer after entry free (ITS#4801) * Fixed libldap ldap_pvt_put_filter syntax checks (ITS#4648) ------------------------------------------------------------------- Fri Jan 12 11:04:22 CET 2007 - rhafer@suse.de - Updated to Version 2.3.32. Most important changes: * Fixed libldap unchased referral leak (ITS#4545) * Fixed libldap tls callback (ITS#4723) * Fixed slapd memleak on failed bind (ITS#4771) * Fixed slapd connections_shutdown assert * Fixed slapd add redundant duplicate value check (ITS#4600) * Fixed slapd ACL set memleak (ITS#4780) * Fixed slapd syncrepl shutdown hang (ITS#4790) ------------------------------------------------------------------- Fri Nov 17 10:25:44 CET 2006 - rhafer@suse.de - Fix for a flaw in libldap's strval2strlen() function when processing the authcid string of certain Bind Requests, which could allow attackers to cause an affected application to crash (especially the OpenLDAP Server), creating a denial of service condition (Bug#221154,ITS#4740) ------------------------------------------------------------------- Tue Nov 14 16:18:34 CET 2006 - rhafer@suse.de - Additional back-perl fixes from CVS. The first revision of the patch did not fix the problem completely (Bug#207618, ITS#4751) ------------------------------------------------------------------- Fri Oct 27 16:46:43 CEST 2006 - rhafer@suse.de - cyrus-sasl configuration moved from %{_libdir}/sasl2 to /etc/sasl2/ (Bug: #206414) ------------------------------------------------------------------- Wed Oct 4 15:56:11 CEST 2006 - rhafer@suse.de - Add $network to Should-Start/Should-Stop in init scripts (Bug: #206823) - Imported latest back-perl changes from CVS, to fix back-perl initialization (Bug: #207618) ------------------------------------------------------------------- Tue Aug 22 16:27:25 CEST 2006 - rhafer@suse.de - Updated to Version 2.3.27 * Fixed libldap dnssrv bug with "not present" positive statement (ITS#4610) * Fixed libldap dangling pointer issue (ITS#4405) * Fixed slapd incorrect rebuilding of replica URI (ITS#4633) * Fixed slapd DN X.509 normalization crash (ITS#4644) * Fixed slapd-monitor operations order via callbacks (ITS#4631) * Fixed slapo-accesslog purge task during shutdown * Fixed slapo-ppolicy handling of default policy (ITS#4634) * Fixed slapo-ppolicy logging verbosity when using default policy * Fixed slapo-syncprov incomplete sync on restart issues (ITS#4622) ------------------------------------------------------------------- Wed Aug 2 11:08:23 CEST 2006 - rhafer@suse.de - Updated to Version 2.3.25 * Add libldap_r TLS concurrency workaround (ITS#4583) * Fixed slapd acl selfwrite bug (ITS#4587) * Fixed various syncrepl and slapo-syncprov bugs (ITS#4582, 4622, 4534,4613, 4589) * Fixed slapd-bdb/hdb lock bug with virtual root (ITS#4572) * Fixed slapd-bdb/hdb modrdn new entry disappearing bug (ITS#4616) * Fixed slapd-bdb/hdb cache job issue * Fixed slapo-ppolicy password hashing bug (ITS#4575) * Fixed slapo-ppolicy password modify pwdMustChange reset bug (ITS#4576) * Fixed slapo-ppolicy control can be critical (ITS#4596) - Enabled CLDAP (LDAP over UDP) support ------------------------------------------------------------------ Mon Jun 26 16:36:16 CEST 2006 - rhafer@suse.de - Updated to Version 2.3.24 * Fixed slapd syncrepl timestamp bug (delta-sync/cascade) (ITS#4567) * Fixed slapd-bdb/hdb non-root users adding suffix/root entries (ITS#4552) * Re-fixed slapd-ldap improper free bug in exop (ITS#4550) * Fixed slapd-ldif assert bug (ITS#4568) * Fixed slapo-syncprov crash under glued database (ITS#4562) - cleaned up SLES10 update specific stuff - added "chain-return-error" feature from HEAD to chain overlay (ITS#4570) ------------------------------------------------------------------- Thu Jun 22 14:46:58 CEST 2006 - schwab@suse.de - Don't use automake macros without using automake. ------------------------------------------------------------------- Wed May 24 09:52:03 CEST 2006 - rhafer@suse.de - Updated to Version 2.3.23 * obsoletes the patches: libldap_ads-sasl-gssapi.dif, slapd-epollerr.dif * Fixed slapd-ldap improper free bug (ITS#4550) * Fixed libldap referral input destroy issue (ITS#4533) * Fixed libldap ldap_sort_entries tail bug (ITS#4536) * Fixed slapd runqueue use of freed memory (ITS#4517) * Fixed slapd thread pool init issue (ITS#4513) * Fixed slapd-bdb/hdb pre/post-read freeing (ITS#4532) * Fixed slapd-bdb/hdb pre/post-read unavailable issue (ITS#4538) * Fixed slapd-bdb/hdb referral issue (ITS#4548) * Fixed slapo-ppolicy BER tags issue (ITS#4528) * Fixed slapo-ppolicy rebind bug (ITS#4516) * For more details see the CHANGES file - Install CHANGES file to /usr/share/doc/packages/openldap2 ------------------------------------------------------------------- Wed May 10 10:20:16 CEST 2006 - rhafer@suse.de - Really apply the patch for Bug#160566 - slapd could crash while processing queries with pre-/postread controls (Bug#173877, ITS#4532) ------------------------------------------------------------------- Fri Mar 24 13:48:52 CET 2006 - rhafer@suse.de - Backported fix from CVS for occasional crashes in referral chasing code (as used in e.g. back-meta/back-ldap). (Bug: #160566, ITS: #4448) ------------------------------------------------------------------- Mon Mar 13 16:23:32 CET 2006 - rhafer@suse.de - openldap2 must obsolete -back-monitor and -back-ldap to have them removed during update (Bug: #157576) ------------------------------------------------------------------- Fri Feb 17 12:58:13 CET 2006 - rhafer@suse.de - Add "external" to the list of supported SASL mechanisms (Bug: #151771) ------------------------------------------------------------------- Thu Feb 16 11:45:20 CET 2006 - rhafer@suse.de - Error out when conversion from old configfile to config database fails (Bug: #135484,#135490 ITS: #4407) ------------------------------------------------------------------- Mon Feb 13 14:45:43 CET 2006 - rhafer@suse.de - Don't ignore non-read/write epoll events (Bug: #149993, ITS: #4395) - Added update message to /usr/share/update-messages/en/ and enable it, when update did not succeed. ------------------------------------------------------------------- Thu Feb 9 11:43:56 CET 2006 - rhafer@suse.de - OPENLDAP_CHOWN_DIRS honors databases defined in include files (Bug: #135473) - Fixed version numbers in README.update - Fixed GSSAPI binds against Active Directory (Bug: #149390) ------------------------------------------------------------------- Fri Feb 3 11:32:27 CET 2006 - rhafer@suse.de - Cleaned up update procedure - man-pages updates and fixes (Fate: #6365) ------------------------------------------------------------------- Fri Jan 27 09:15:33 CET 2006 - rhafer@suse.de - Updated to 2.3.19 (Bug #144371) ------------------------------------------------------------------- Fri Jan 27 02:16:56 CET 2006 - mls@suse.de - converted neededforbuild to BuildRequires ------------------------------------------------------------------- Wed Jan 25 18:17:51 CET 2006 - rhafer@suse.de - Updated Admin Guide to latest version - build slapcat from openldap-2.2.24 and install it to /usr/sbin/openldap-2.2-slapcat to be able to migrate from OpenLDAP 2.2. - removed slapd-backbdb-dbupgrade which is no longer needed - attempt to dump/reload bdb databases in %{post} - Update notes in README.update ------------------------------------------------------------------- Fri Jan 13 10:36:44 CET 2006 - rhafer@suse.de - New sysconfig variable OPENLDAP_KRB5_KEYTAB - Cleanup in default configuration and init scripts ------------------------------------------------------------------- Wed Jan 11 10:13:52 CET 2006 - rhafer@suse.de - Updated to 2.3.17 - Remove OPENLDAP_RUN_DB_RECOVER from sysconfig file in %post slapd does now automatically recover the database if needed - Removed unneeded README.SuSE - Small adjustments to the default DB_CONFIG file ------------------------------------------------------------------- Mon Jan 9 11:48:10 CET 2006 - rhafer@suse.de - Updated to 2.3.16 ------------------------------------------------------------------- Mon Dec 19 13:55:35 CET 2005 - rhafer@suse.de - Fixed filelist (slapd-hdb man-page was missing) ------------------------------------------------------------------- Fri Dec 9 10:04:28 CET 2005 - rhafer@suse.de - Fixed build on x86_64 ------------------------------------------------------------------- Wed Dec 7 10:48:57 CET 2005 - rhafer@suse.de - Merged -back-ldap and -back-monitor subpackages into the main package and don't build them as dynamic modules anymore. - updated to OpenLDAP 2.3.13 ------------------------------------------------------------------- Mon Nov 28 16:56:21 CET 2005 - rhafer@suse.de - updated to OpenLDAP 2.3.12 ------------------------------------------------------------------- Wed Oct 26 11:34:24 CEST 2005 - rhafer@suse.de - updated to OpenLDAP 2.3.11 - removed the "LDAP_DEPRECATED" workaround ------------------------------------------------------------------- Mon Sep 26 09:51:11 CEST 2005 - rhafer@suse.de - Add "LDAP_DEPRECATED" to ldap.h for now ------------------------------------------------------------------- Fri Sep 23 14:41:14 CEST 2005 - rhafer@suse.de - updated to OpenLDAP 2.3.7 ------------------------------------------------------------------- Tue Aug 16 14:08:49 CEST 2005 - rhafer@suse.de - allow start_tls while chasing referrals (Bug #94355, ITS #3791) ------------------------------------------------------------------- Mon Jul 4 11:42:08 CEST 2005 - rhafer@suse.de - devel-subpackage requires openldap2-client of the same version (Bugzilla: #93579) ------------------------------------------------------------------- Thu Jun 30 17:55:22 CEST 2005 - uli@suse.de - build with -fPIE (not -fpie) to avoid GOT overflow on s390* ------------------------------------------------------------------- Wed Jun 22 16:26:42 CEST 2005 - rhafer@suse.de - build the server packages with -fpie/-pie ------------------------------------------------------------------- Wed Jun 15 16:43:25 CEST 2005 - rhafer@suse.de - updated to 2.2.27 ------------------------------------------------------------------- Wed May 25 13:58:57 CEST 2005 - rhafer@suse.de - libldap-gethostbyname_r.dif: Use gethostbyname_r instead of gethostbyname in libldap. Should fix host lookups through nss_ldap (Bugzilla: #76173) ------------------------------------------------------------------- Fri May 13 12:27:05 CEST 2005 - rhafer@suse.de - Updated to 2.2.26 - made /%{_libdir}]/sasl2/slapd.conf %config(noreplace) ------------------------------------------------------------------- Thu Apr 28 09:42:30 CEST 2005 - rhafer@suse.de - Added /%{_libdir}]/sasl2/slapd.conf to avoid warnings about unconfigured OTP mechanism (Bugzilla: #80588) ------------------------------------------------------------------- Tue Apr 12 15:02:24 CEST 2005 - rhafer@suse.de - added minimal timeout to startproc in init-script to let it report the "failed" status correctly in case of misconfiguration (Bugzilla: #76393) ------------------------------------------------------------------- Mon Apr 4 16:41:32 CEST 2005 - rhafer@suse.de - crl-check.dif: Implements CRL checking on client and server side - use different base ports for differnt values of BUILD_INCARNATION (/.buildenv) to allow parallel runs of the test-suite on a single machine ------------------------------------------------------------------- Mon Apr 4 15:33:19 CEST 2005 - uli@suse.de - force yielding-select test to yes (test occasionally hangs QEMU) ------------------------------------------------------------------- Fri Apr 1 13:16:49 CEST 2005 - uli@suse.de - disable test suite on ARM (hangs QEMU) ------------------------------------------------------------------- Tue Mar 29 14:21:50 CEST 2005 - rhafer@suse.de - updated to 2.2.24 - enabled back-hdb ------------------------------------------------------------------- Wed Mar 2 13:44:23 CET 2005 - rhafer@suse.de - syncrepl.dif: merged latest syncrepl fixes (Bugzilla: #65928) - libldap-reinit-fdset.dif: Re-init fd_sets when select is interupted (Bugzilla #50076, ITS: #3524) ------------------------------------------------------------------- Thu Feb 17 14:28:02 CET 2005 - rhafer@suse.de - checkproc_before_recover.dif: Check if slapd is stopped before running db_recover from the init script. (Bugzilla: #50962) ------------------------------------------------------------------- Tue Feb 1 14:30:13 CET 2005 - rhafer@suse.de - Cleanup back-bdb databases in %post, db-4.3 changed the transaction log format again. - cosmetic fixes in init script ------------------------------------------------------------------- Tue Jan 25 15:57:55 CET 2005 - rhafer@suse.de - updated to 2.2.23 - cleaned up #neededforbuild - package should also build on older SuSE Linux releases now - increased killproc timeout in init-script (Bugzilla: #47227) ------------------------------------------------------------------- Thu Jan 13 15:09:28 CET 2005 - rhafer@suse.de - updated to 2.2.20 - Removed unneeded dependencies ------------------------------------------------------------------- Fri Dec 10 12:58:58 CET 2004 - kukuk@suse.de - don't install *.la files ------------------------------------------------------------------- Wed Nov 10 16:38:10 CET 2004 - rhafer@suse.de - updated to 2.2.18 - use kerberos-devel-packages in neededforbuild ------------------------------------------------------------------- Fri Sep 24 17:55:10 CEST 2004 - ro@suse.de - re-arranged specfile to sequence (header (package/descr)* rest) so the checking parser is not confused ... ------------------------------------------------------------------- Fri Sep 24 13:59:40 CEST 2004 - rhafer@suse.de - Added pre_checkin.sh to generate a separate openldap2-client spec-file from which the openldap2-client and openldap2-devel subpackages are built. Should reduce build time for libldap as the test-suite is only executed in openldap2.spec. ------------------------------------------------------------------- Fri Sep 10 13:24:44 CEST 2004 - rhafer@suse.de - libldap-result.dif: ldapsearch was hanging in select() when retrieving results from eDirectory through a StartTLS protected connection (Bugzilla #44942) ------------------------------------------------------------------- Mon Aug 9 23:43:18 CEST 2004 - dobey@suse.de - added ntlm support ------------------------------------------------------------------- Tue Aug 3 14:48:25 CEST 2004 - rhafer@suse.de - updated to 2.2.16 - Updated ACLs in slapd_conf.dif to disable default read access to the "userPKCS12" Attribute - rc-check-conn.diff: When starting slapd wait until is accepts connections, or 10 seconds at maximum (Bugzilla #41354) - Backported -o slp={on|off} feature from OpenLDAP Head and added new sysconfig variable (OPENLDAP_REGISTER_SLP) to be able to switch SLP registration on and off. (Bugzilla #39865) - removed unneeded README.update ------------------------------------------------------------------- Fri Apr 30 16:46:50 CEST 2004 - rhafer@suse.de - updated to 2.2.11 - remove SLES8 update specific stuff - Bugzilla #39652: Updated slapd_conf.dif to contain basic access control - Bugzilla #39468: Added missing items to yast.schema - fixed strict-aliasing compiler warnings (strict-aliasing.dif) ------------------------------------------------------------------- Thu Apr 29 15:13:31 CEST 2004 - coolo@suse.de - build with several jobs if available ------------------------------------------------------------------- Mon Apr 19 12:13:41 CEST 2004 - rhafer@suse.de - ldapi_url.dif: Fixed paths for LDAPI-socket, pid-file and args-file (Bugzilla #38790) - ldbm_modrdn.dif: Fixed back-ldbm modrdn indexing bug (ITS #3059, Bugzilla #38915) - modify_check_duplicates.dif: check for duplicate attribute values in modify requests (ITS #3066/#3097, Bugzilla #38607) - updated and renamed yast2userconfig.schema to yast.schema as it contains more that only user configuration now - syncrepl.dif: addtional fixes for syncrepl (ITS #3055, #3056) - test_syncrepl_timeout: increased sleep timeout in syncrepl testsuite ------------------------------------------------------------------- Thu Apr 1 15:05:15 CEST 2004 - rhafer@suse.de - added "TLS_REQCERT allow" to /etc/openldap/ldap.conf, to make START_TLS work without access to the CA Certificate. (Bugzilla: #37393) ------------------------------------------------------------------- Fri Mar 26 15:30:12 CET 2004 - rhafer@suse.de - fixed filelist - check-build.sh (build on kernel >= 2.6.4 hosts only) - yast2user.schema / slapd.conf fixed (#37076) - don't check for TLS-options is init-script anymore (#33560) - fixed various typos in README.update ------------------------------------------------------------------- Wed Mar 17 13:21:45 CET 2004 - rhafer@suse.de - fixed build of openldap-2.1-slapcat (using correct db41 include files, build backends as on sles8) - attempt to update bdb database and reindex ldbm database in %{post} - Update notes in README.update - better default configuration (including default DB_CONFIG file) - misc updates for the YaST schema - fixed crasher in syncrepl-code (syncrepl.dif) ------------------------------------------------------------------- Tue Mar 16 16:15:49 CET 2004 - schwab@suse.de - Fix type mismatch. ------------------------------------------------------------------- Tue Mar 2 19:50:18 CET 2004 - rhafer@suse.de - updated to 2.2.6 - build a openldap-2.1-slapcat from 2.1.25 sources to be able to migrate from SLES8 and SL 9.0 ------------------------------------------------------------------- Thu Feb 19 17:25:12 CET 2004 - ro@suse.de - added check-build.sh (build on 2.6 hosts only) ------------------------------------------------------------------- Thu Feb 5 17:38:52 CET 2004 - rhafer@suse.de - updated to 2.2.5 - adjusted rfc2307bis.schema to support UTF-8 values in most attributes - enabled proxycache-overlay (wiht fix to work with back-ldbm) ------------------------------------------------------------------- Tue Jan 13 11:31:03 CET 2004 - rhafer@suse.de - updated to 2.2.4 - updated Admin Guide to most recent version ------------------------------------------------------------------- Sat Jan 10 10:19:26 CET 2004 - adrian@suse.de - add %defattr - fix build as user ------------------------------------------------------------------- Mon Dec 8 16:46:03 CET 2003 - rhafer@suse.de - updated to 2.1.25 - small fixes for the YaST user schema ------------------------------------------------------------------- Tue Nov 11 15:20:05 CET 2003 - rhafer@suse.de - enabled SLP-support ------------------------------------------------------------------- Fri Oct 17 22:14:24 CEST 2003 - kukuk@suse.de - Remove unused des from neededforbuild ------------------------------------------------------------------- Tue Sep 2 16:04:05 CEST 2003 - mt@suse.de - Bugzilla #29859: fixed typo in sysconfig metadata, usage of OPENLDAP_LDAPS_INTERFACES in init script - added /usr/lib/sasl2/slapd.conf permissions handling - added sysconfig variable OPENLDAP_SLAPD_PARAMS="" to support additional slapd start parameters - added sysconfig variable OPENLDAP_START_LDAPI=NO/yes for ldapi:/// (LDAP over IPC) URLs ------------------------------------------------------------------- Thu Aug 14 17:12:35 CEST 2003 - rhafer@suse.de - added activation metadata to sysconfig template (Bugzilla #28911) - removed lint from specfile ------------------------------------------------------------------- Thu Aug 7 18:37:16 CEST 2003 - rhafer@suse.de - added %stop_on_removal and %restart_on_update calls - bdb_addcnt.dif fixes a possible endless loop in id2entry() - addonschema.tar.gz: some extra Schema files (YaST, RFC2307bis) ------------------------------------------------------------------- Wed Jul 16 19:27:39 CEST 2003 - rhafer@suse.de - removed fillup_only and call fillup_and_insserv correctly - new Options in sysconfig.openldap: OPENLDAP_LDAP_INTERFACES, OPENLDAP_LDAPS_INTERFACES and OPENLDAP_RUN_DB_RECOVER ------------------------------------------------------------------- Tue Jul 1 15:42:03 CEST 2003 - rhafer@suse.de - updated to 2.1.22 - updated Admin Guide to most recent version - build librewrite with -fPIC ------------------------------------------------------------------- Mon Jun 16 16:29:03 CEST 2003 - rhafer@suse.de - updated to 2.1.21 ------------------------------------------------------------------- Wed Jun 11 17:08:11 CEST 2003 - ro@suse.de - fixed requires lines ------------------------------------------------------------------- Mon May 26 16:00:43 CEST 2003 - rhafer@suse.de - don't link back-ldap against librewrite.a, it's already linked into slapd (package should build on non-i386 Archs again) ------------------------------------------------------------------- Fri May 23 14:35:49 CEST 2003 - rhafer@suse.de - fixed dynamic build of back-ldap - new subpackage back-ldap ------------------------------------------------------------------- Tue May 20 11:04:50 CEST 2003 - rhafer@suse.de - updated to version 2.1.20 - enabled dynamic backend modules - new subpackages back-perl, back-meta and back-monitor - remove unpacked files from BuildRoot ------------------------------------------------------------------- Fri May 9 14:23:45 CEST 2003 - rhafer@suse.de - updated to version 2.1.19 ------------------------------------------------------------------- Wed Apr 16 00:34:31 CEST 2003 - ro@suse.de - fixed requires for devel-package ... ------------------------------------------------------------------- Tue Apr 15 10:18:11 CEST 2003 - ro@suse.de - fixed neededforbuild ------------------------------------------------------------------- Thu Feb 13 12:13:23 CET 2003 - kukuk@suse.de - Enable IPv6 again ------------------------------------------------------------------- Tue Feb 11 19:02:14 CET 2003 - rhafer@suse.de - added /etc/openldap to filelist ------------------------------------------------------------------- Mon Feb 3 16:42:47 CET 2003 - rhafer@suse.de - switch default backend to ldbm ------------------------------------------------------------------- Sun Feb 2 23:58:34 CET 2003 - ro@suse.de - fixed requires for devel package (cyrus-sasl2-devel) ------------------------------------------------------------------- Fri Jan 31 08:58:39 CET 2003 - rhafer@suse.de - liblber.dif: Fixes two bugs in liblber by which remote attackers could crash the LDAP server (Bugzilla #22469, OpenLDAP ITS #2275 and #2280) ------------------------------------------------------------------- Tue Jan 14 11:53:11 CET 2003 - choeger@suse.de - build using sasl2 ------------------------------------------------------------------- Mon Jan 13 12:23:31 CET 2003 - rhafer@suse.de - updated to version 2.1.12 - added metadata to sysconfig template (Bug: #22666) ------------------------------------------------------------------- Thu Nov 28 14:42:06 CET 2002 - rhafer@suse.de - updated to version 2.1.8 - added additional fix of 64bit archs - added secpatch.dif to fix setuid issues in libldap ------------------------------------------------------------------- Fri Sep 6 11:11:07 CEST 2002 - rhafer@suse.de - fix for Bugzilla ID #18981, chown to OPENLDAP_USER didn't work with multiple database backend directories ------------------------------------------------------------------- Mon Sep 2 18:02:03 CEST 2002 - rhafer@suse.de - removed damoenstart_ipv6.diff and disabled IPv6 support due to massive problems with nss_ldap ------------------------------------------------------------------- Mon Aug 26 19:37:32 CEST 2002 - rhafer@suse.de - ldap_user.dif: slapd is now run a the user/group ldap (Bugzilla ID#17697) ------------------------------------------------------------------- Fri Aug 23 13:54:15 CEST 2002 - rhafer@suse.de - updated to version 2.1.4, which fixes tons of bugs - added damoenstart_ipv6.diff (slapd was not starting when configured to listen on IPv4 and IPv6 interfaces, as done by the start script) - added README.SuSE with some hints about the bdb-backend - updated filelist to include only the man pages of the backends, that were built ------------------------------------------------------------------- Thu Aug 15 15:56:09 CEST 2002 - rhafer@suse.de - removed termcap and readline from neededforbuild ------------------------------------------------------------------- Thu Aug 8 11:21:36 CEST 2002 - rhafer@suse.de - enabled {CRYPT} passwords - update filelist (added new manpages) ------------------------------------------------------------------- Thu Jul 25 15:58:03 CEST 2002 - rhafer@suse.de - patches for 64 bit architectures ------------------------------------------------------------------- Fri Jul 19 11:28:28 CEST 2002 - rhafer@suse.de - update to 2.1.3 ------------------------------------------------------------------- Fri Jul 5 13:26:17 CEST 2002 - kukuk@suse.de - fix openldap2-devel requires ------------------------------------------------------------------- Thu Jul 4 10:29:03 CEST 2002 - rhafer@suse.de - switched back from cyrus-sasl2 to cyrus-sasl ------------------------------------------------------------------- Wed Jul 3 13:30:23 CEST 2002 - rhafer@suse.de - updated to OpenLDAP 2.1.2 - added the OpenLDAP Administration Guide - enabled additional backends (ldap, meta, monitor) ------------------------------------------------------------------- Mon Jun 10 21:59:35 CEST 2002 - olh@suse.de - hack build/ltconfig to build shared libs on ppc64 ------------------------------------------------------------------- Wed Jun 5 18:25:51 CEST 2002 - rhafer@suse.de - created /etc/sysconfig/openldap and OPENLDAP_START_LDAPS variable to enable ldap over ssl support ------------------------------------------------------------------- Thu Mar 7 16:27:15 CET 2002 - rhafer@suse.de - Fix for Bugzilla ID#14569 (added cyrus-sasl-devel openssl-devel to the "Requires" Section of the -devel subpackage) ------------------------------------------------------------------- Mon Feb 18 13:06:10 CET 2002 - rhafer@suse.de - updated to the latest STABLE release (2.0.23) which fixes some nasty bugs see ITS #1562,#1582,#1577,#1578 ------------------------------------------------------------------- Thu Feb 7 14:13:25 CET 2002 - rhafer@suse.de - updated to the latest release (which fixes a index corruption bug) - cleanup in neededforbuild - small fixes for the init-scripts ------------------------------------------------------------------- Thu Jan 17 13:51:28 CET 2002 - rhafer@suse.de - updated to the latest stable release (2.0.21) ------------------------------------------------------------------- Wed Jan 16 18:36:12 CET 2002 - egmont@suselinux.hu - removed periods and colons from startup/shutdown messages ------------------------------------------------------------------- Tue Jan 15 15:31:09 CET 2002 - rhafer@suse.de - updated to v2.0.20 (which fixes a security hole in ACL processing) ------------------------------------------------------------------- Fri Jan 11 15:54:51 CET 2002 - rhafer@suse.de - converted archive to bzip2 - makes use of %{_libdir} now - set CFLAGS to -O0 for archs ia64, s390(x) and alpha otherwise the test suite fails on these archs - changed slapd.conf to store the database under /var/lib/ldap (this patch was missing in the last versions by accident) ------------------------------------------------------------------- Mon Jan 7 16:41:32 CET 2002 - rhafer@suse.de - update to v2.0.19 ------------------------------------------------------------------- Thu Dec 6 14:51:56 CET 2001 - rhafer@suse.de - eliminated START_LDAP, START_SLURPD variables in rc.config - created separate init script for slurpd - moved init scripts from dif to separate source tgz ------------------------------------------------------------------- Fri Oct 26 10:36:06 CEST 2001 - choeger@suse.de - update to v2.0.18 ------------------------------------------------------------------- Mon Oct 15 10:00:06 CEST 2001 - choeger@suse.de - update to v2.0.17 added a sleep to the restart section moved some manpages to the client package ------------------------------------------------------------------- Mon Oct 1 18:38:14 CEST 2001 - choeger@suse.de - update to v2.0.15 ------------------------------------------------------------------- Wed Sep 12 09:53:03 CEST 2001 - choeger@suse.de - backported the full bugfix from openldap-2.0.14 ------------------------------------------------------------------- Tue Sep 11 11:36:20 CEST 2001 - choeger@suse.de - Bugfix for slurpd millionth second bug (ITS#1323) ------------------------------------------------------------------- Mon Sep 10 09:06:40 CEST 2001 - choeger@suse.de - moved ldapfilter.conf ldaptemplates.conf ldapsearchprefs.conf to openldap2-client package ------------------------------------------------------------------- Mon Sep 3 09:31:21 CEST 2001 - choeger@suse.de - update to version 2.0.12 ------------------------------------------------------------------- Mon Jul 2 10:52:22 CEST 2001 - choeger@suse.de - bugfix: init script was not LSB compliant, Bugzilla ID#9072 ------------------------------------------------------------------- Tue Jun 19 16:18:54 CEST 2001 - ro@suse.de - fixed for autoconf again ------------------------------------------------------------------- Fri Jun 15 10:23:24 CEST 2001 - choeger@suse.de - update to 2.0.11 - removed autoconf in specfile, because it doesn't work ------------------------------------------------------------------- Wed May 23 11:43:08 CEST 2001 - choeger@suse.de - update to version 2.0.10 (minor fixes) ------------------------------------------------------------------- Tue May 22 11:33:58 CEST 2001 - choeger@suse.de - update to version 2.0.9 ------------------------------------------------------------------- Mon Apr 23 15:55:32 CEST 2001 - choeger@suse.de - removed kerberos support - added aci support ------------------------------------------------------------------- Fri Apr 20 11:52:14 CEST 2001 - choeger@suse.de - added kerberos support ------------------------------------------------------------------- Thu Apr 5 13:47:51 CEST 2001 - choeger@suse.de - moved section 5 and 8 manpages to the server part of package ------------------------------------------------------------------- Wed Mar 14 18:17:50 CET 2001 - kukuk@suse.de - Move *.so links into -devel package - -devel requires -client ------------------------------------------------------------------- Thu Mar 8 10:51:05 CET 2001 - choeger@suse.de - split up into openldap2-client and -devel ------------------------------------------------------------------- Tue Feb 27 11:20:53 CET 2001 - ro@suse.de - changed neededforbuild to ------------------------------------------------------------------- Fri Feb 23 00:10:25 CET 2001 - ro@suse.de - added readline/readline-devel to neededforbuild (split from bash) ------------------------------------------------------------------- Thu Jan 4 14:03:17 CET 2001 - choeger@suse.de - bugfix: slapd.conf rename /var/lib/openldap-ldbm to /var/lib/ldap init script: use $remote_fs ------------------------------------------------------------------- Tue Jan 2 10:38:20 CET 2001 - olh@suse.de - use script name in %post ------------------------------------------------------------------- Thu Dec 7 15:01:53 CET 2000 - choeger@suse.de - bugfix from Andreas Jaeger: workaround for glibc2.2, detach ------------------------------------------------------------------- Fri Dec 1 15:23:45 CET 2000 - ro@suse.de - hacked configure for apparently broken pthread ------------------------------------------------------------------- Fri Dec 1 02:28:54 CET 2000 - ro@suse.de - fixed spec ------------------------------------------------------------------- Thu Nov 23 11:27:07 CET 2000 - choeger@suse.de - made configs %config(noreplace) (Bug 4112) - fixed neededforbuild ------------------------------------------------------------------- Wed Nov 22 11:37:22 CET 2000 - choeger@suse.de - adopted new init scheme ------------------------------------------------------------------- Wed Nov 15 16:24:48 CET 2000 - choeger@suse.de - fixed neededforbuild ------------------------------------------------------------------- Fri Nov 10 16:32:57 CET 2000 - choeger@suse.de - added buildroot ------------------------------------------------------------------- Tue Nov 7 18:52:54 CET 2000 - choeger@suse.de - long package name - new version, 2.0.7 ------------------------------------------------------------------- Fri Oct 6 11:35:47 CEST 2000 - choeger@suse.de - first package of openldap2 (v2.0.6)