1
0
forked from jengelh/openldap2
openldap2/openldap2.changes

3208 lines
131 KiB
Plaintext

-------------------------------------------------------------------
Thu Dec 17 03:51:47 UTC 2020 - Michael Ströder <michael@stroeder.com>
- added openldap2.keyring and source signature file
-------------------------------------------------------------------
Wed Nov 11 12:13:27 UTC 2020 - Michael Ströder <michael@stroeder.com>
- updated to 2.4.56
OpenLDAP 2.4.56 Release (2020/11/10)
Fixed slapd to remove assert in certificateListValidate (ITS#9383)
Fixed slapd to remove assert in csnNormalize23 (ITS#9384)
Fixed slapd to better parse ldapi listener URIs (ITS#9379)
-------------------------------------------------------------------
Tue Oct 27 01:01:54 UTC 2020 - William Brown <william.brown@suse.com>
- bsc#1175568 CVE-2020-8027
openldap_update_modules_path.sh has a number of issues in it's
design that lead to security issues. This file has been removed,
from the package, and the %post execution of the install. The
function is replaced by /usr/sbin/slapd-ldif-update-crc and
/usr/lib/openldap/fixup-modulepath, through the addition of the
source files:
* fixup-modulepath.sh
* slapd-ldif-update-crc.sh
* update-crc.sh
-------------------------------------------------------------------
Mon Oct 26 21:48:45 UTC 2020 - Michael Ströder <michael@stroeder.com>
- updated to 2.4.55
OpenLDAP 2.4.55 Release (2020/10/26)
Fixed slapd normalization handling with modrdn (ITS#9370)
Fixed slapd-meta to check ldap_install_tls return code (ITS#9366)
Contrib
Fixed nssov misplaced semicolon (ITS#8731, ITS#9368)
LMDB 0.9.27 Release (2020/10/26)
ITS#9376 fix repeated DUPSORT cursor deletes
-------------------------------------------------------------------
Mon Oct 12 20:21:23 UTC 2020 - Michael Ströder <michael@stroeder.com>
- updated to 2.4.54
OpenLDAP 2.4.54 Release (2020/10/12)
Fixed slapd delta-syncrepl to ignore delete ops on deleted entry (ITS#9342)
Fixed slapd delta-syncrepl to be fully serialized (ITS#9330)
Fixed slapd delta-syncrepl MOD on zero-length context entry (ITS#9352)
Fixed slapd sessionlog to use a TAVL tree (ITS#8486)
Fixed slapd syncrepl to be fully serialized (ITS#8102)
Fixed slapd syncrepl to call check_syncprov on fresh consumer (ITS#9345)
Fixed slapd syncrepl to propagate errors from overlay_entry_get_ov (ITS#9355)
Fixed slapd syncrepl to not create empty ADD ops (ITS#9359)
Fixed slapd syncrepl replace usage on single valued attrs (ITS#9295)
Fixed slapd-monitor fix monitor_back_register_database for empty suffix DB (ITS#9353)
Fixed slapo-accesslog normalizer for reqStart (ITS#9358)
Fixed slapo-accesslog to not generate new contextCSN on purge (ITS#9361)
Fixed slapo-syncprov contextCSN generation with empty suffix (ITS#9015)
-------------------------------------------------------------------
Mon Sep 7 15:58:31 UTC 2020 - Michael Ströder <michael@stroeder.com>
- updated to 2.4.53
OpenLDAP 2.4.53 (2020/09/07)
Added slapd syncrepl additional SYNC logging (ITS#9043)
Fixed slapd syncrepl segfault on NULL cookie on REFRESH (ITS#9282)
Fixed slapd syncrepl to use fresh connection on REFRESH fallback (ITS#9338)
Fixed slapo-ppolicy race condition for pwdFailureTime (ITS#9302,ITS#9334)
Build
Require OpenSSL 1.0.2 or later (ITS#9323)
Fixed libldap compilation issue with broken C compilers (ITS#9332)
-------------------------------------------------------------------
Fri Aug 28 22:06:57 UTC 2020 - Michael Ströder <michael@stroeder.com>
- updated to 2.4.52
OpenLDAP 2.4.52 (2020/08/28)
Added libldap LDAP_OPT_X_TLS_REQUIRE_SAN option (ITS#9318)
Added libldap OpenSSL support for multiple EECDH curves (ITS#9054)
Added slapd OpenSSL support for multiple EECDH curves (ITS#9054)
Fixed librewrite malloc/free corruption (ITS#9249)
Fixed libldap hang when using UDP and server down (ITS#9328)
Fixed slapd syncrepl rare deadlock due to network issues (ITS#9324)
Fixed slapd syncrepl regression that could trigger an assert (ITS#9329)
Fixed slapd-mdb index error with collapsed range (ITS#9135)
-------------------------------------------------------------------
Thu Aug 20 16:39:54 UTC 2020 - Thorsten Kukuk <kukuk@suse.com>
- Switch from shadow to sysusers to generate ldap account
- Remove if's for code older than SLE12 (Even SLE12 builds no longer)
- Remove 12 years old sasl2 migration code
-------------------------------------------------------------------
Sat Aug 15 06:56:27 UTC 2020 - Thorsten Kukuk <kukuk@suse.com>
- Drop obsolete, not working DB_CONFIG
- Remove init.d header from start script, does not work
- Use bash for start script as syntax is not POSIX sh supported
- Remove UPDATE_NEEDED section in start script, does never match
-------------------------------------------------------------------
Sat Aug 15 06:36:43 UTC 2020 - Thorsten Kukuk <kukuk@suse.com>
- Remove remaining rc.status usage in start script
-------------------------------------------------------------------
Wed Aug 12 06:16:42 UTC 2020 - Michael Ströder <michael@stroeder.com>
- updated to 2.4.51
- removed obsolete patch 0014-ITS-8650-fix-debug-usage.patch
OpenLDAP 2.4.51 Release (2020/08/11)
Added slapo-ppolicy implement Netscape password policy controls (ITS#9279)
Fixed libldap retry loop in ldap_int_tls_connect (ITS#8650)
Fixed libldap to use getaddrinfo in ldap_pvt_get_fqdn (ITS#9287)
Fixed slapd to enforce singular existence of some overlays (ITS#9309)
Fixed slapd syncrepl to not delete non-replicated attrs (ITS#9227)
Fixed slapd syncrepl to correctly delete entries on resync (ITS#9282)
Fixed slapd syncrepl to use replace on single valued attrs (ITS#9294, ITS#9295)
Fixed slapd-perl dynamic config with threaded slapd (ITS#7573)
Fixed slapo-ppolicy to expose the ppolicy control (ITS#9285)
Fixed slapo-ppolicy race condition for pwdFailureTime (ITS#9302)
Fixed slapo-ppolicy so it can only exist once per DB (ITS#9309)
Fixed slapo-chain to check referral (ITS#9262)
Build Environment
Fix test064 so it no longer uses bashisms (ITS#9263)
Contrib
Fix default prefix value for pw-argon2, pw-pbkdf2 modules (ITS#9248)
slapo-allowed - Fix usage of unitialized variable (ITS#9308)
Documentation
ldap_parse_result(3) - Document ldap_parse_intermediate (ITS#9271)
-------------------------------------------------------------------
Mon Jun 8 12:46:34 UTC 2020 - Callum Farmer <callumjfarmer13@gmail.com>
- Revert changes to libexecdir
-------------------------------------------------------------------
Sun Jun 7 10:20:45 UTC 2020 - Michael Ströder <michael@stroeder.com>
- More .spec cleanups
-------------------------------------------------------------------
Fri Jun 5 11:25:16 UTC 2020 - Callum Farmer <callumjfarmer13@gmail.com>
- Fixes for %_libexecdir changing to /usr/libexec
- Spec file cleanups
-------------------------------------------------------------------
Wed May 6 17:59:58 UTC 2020 - Michael Ströder <michael@stroeder.com>
- updated to 2.4.50
- added 0014-ITS-8650-fix-debug-usage.patch
- enabled new contrib overlay pw-argon2
- replaced FTP by HTTPS download URL for source
- removed 0009-Fix-ldap-host-lookup-ipv6.patch (see bsc#1171127)
OpenLDAP 2.4.50 Release (2020/04/28)
Fixed client benign typos (ITS#8890)
Fixed libldap type cast (ITS#9175)
Fixed libldap retry loop in ldap_int_tls_connect (ITS#8650)
Fixed libldap_r race on Windows mutex initialization (ITS#9181)
Fixed liblunicode memory leak (ITS#9198)
Fixed slapd benign typos (ITS#8890)
Fixed slapd to limit depth of nested filters (ITS#9202)
Fixed slapd-mdb memory leak in dnSuperiorMatch (ITS#9214)
Fixed slapo-pcache database initialization (ITS#9182)
Fixed slapo-ppolicy callback (ITS#9171)
Build
Fix olcDatabaseDummy initialization for windows (ITS#7074)
Fix detection for ws2tcpip.h for windows (ITS#8383)
Fix back-mdb types for windows (ITS#7878)
Contrib
Update ldapc++ config.guess and config.sub to support newer architectures (ITS#7855)
Added pw-argon2 module (ITS#9233, ITS#8575, ITS#9203, ITS#9206)
Documentation
slapd-ldap(5) - Clarify idassert-authzfrom behavior (ITS#9003)
slapd-meta(5) - Remove client-pr option (ITS#8683)
slapdinex(8) - Fix truncate option information for back-mdb (ITS#9230)
-------------------------------------------------------------------
Thu Jan 30 20:57:33 UTC 2020 - Michael Ströder <michael@stroeder.com>
- updated to 2.4.49
- removed obsolete back-port patches:
* 0013_openldap-its9124_fix_crash_with_cancel_exop.patch
- removed obsolete source file DB_CONFIG
OpenLDAP 2.4.49 Release (2020/01/30)
Added slapd-monitor database entry count for slapd-mdb (ITS#9154)
Fixed client tools to not add controls on cancel/abandon (ITS#9145)
Fixed client tools SyncInfo message to be LDIF compliant (ITS#8116)
Fixed libldap to correctly free sb (ITS#9081, ITS#8755)
Fixed libldap descriptor leak if ldaps fails (ITS#9147)
Fixed libldap remove unnecessary global mutex for GnuTLS (ITS#9069)
Fixed slapd syntax evaluation of preferredDeliveryMethod (ITS#9067)
Fixed slapd to relax domainScope control check (ITS#9100)
Fixed slapd to have cleaner error handling during connection setup (ITS#9112)
Fixed slapd data check when processing cancel exop (ITS#9124)
Fixed slapd attribute description processing (ITS#9128)
Fixed slapd-ldap to set oldctrls correctly (ITS#9076)
Fixed slapd-mdb to honor unchecked limit with alias deref (ITS#7657)
Fixed slapd-mdb missing final commit with slapindex (ITS#9095)
Fixed slapd-mdb drop attr mappings added in an aborted txn (ITS#9091)
Fixed slapd-mdb nosync FLAG configuration handling (ITS#9150)
Fixed slapd-monitor global operation counter reporting (ITS#9119)
Fixed slapo-ppolicy when used with slapauth (ITS#8629)
Fixed slapo-ppolicy to add a missed normalised copy of pwdChangedTime (ITS#9126)
Fixed slapo-syncprov fix sessionlog init (ITS#9146)
Fixed slapo-unique loop termination (ITS#9077)
Build Environment
Fix mkdep to honor TMPDIR if set (ITS#9062)
Remove ICU library detection (ITS#9144)
Update config.guess and config.sub to support newer architectures (ITS#7855)
Disable ITS8521 regression test as it is no longer valid (ITS#9015)
Documentation
admin24 - Fix inconsistent whitespace in replication section (ITS#9153)
slapd-config(5)/slapd.conf(5) - Fix missing bold tag for keyword (ITS#9063)
slapd-ldap(5) - Document "tls none" option (ITS#9071)
slapo-ppolicy(5) - Correctly document pwdGraceAuthnLimit (ITS#9065)
-------------------------------------------------------------------
Fri Jan 10 13:16:40 UTC 2020 - Michael Ströder <michael@stroeder.com>
- added back-port patch
0013_openldap-its9124_fix_crash_with_cancel_exop.patch
to fix OpenLDAP ITS#9124
-------------------------------------------------------------------
Sun Dec 22 14:44:19 UTC 2019 - Michael Ströder <michael@stroeder.com>
- use BuildRequires: pkgconfig(krb5) instead of krb5-devel-mini
-------------------------------------------------------------------
Fri Aug 2 08:16:46 UTC 2019 - Martin Liška <mliska@suse.cz>
- Use FAT LTO objects in order to provide proper static library.
-------------------------------------------------------------------
Thu Jul 25 11:08:46 UTC 2019 - matthias.gerstner@suse.com
- removal of SuSEfirewall2 service, since SuSEfirewall2 has been replaced by
firewalld, see [1].
[1]: https://lists.opensuse.org/opensuse-factory/2019-01/msg00490.html
-------------------------------------------------------------------
Wed Jul 24 21:23:28 UTC 2019 - Michael Ströder <michael@stroeder.com>
- Update to upstream release 2.4.48 with security fixes:
* CVE-2019-13057 (ITS#9038):
rootdn of any db can assert any identity
* CVE-2019-13565 (ITS#9052):
Unauthorized access caused by incorrect handling of SASL SSF values
- Fix CVE-2017-17740 by disabling nops overlay not maintained by upstream
(see also bsc#1073313, comment #36)
- Removed obsolete patches:
* 0002-openldap-its8727-plug-ber-leaks.patch
* 0017-Fix-segfault-in-nops.patch
OpenLDAP 2.4.48 (2019/07/24)
Added libldap OpenSSL Elliptic Curve support (ITS#7595)
Added libldap Expose OpenLDAP specific interfaces via openldap.h (ITS#8671)
Added slapd-monitor support for slapd-mdb (ITS#7770)
Fixed liblber leaks (ITS#8727)
Fixed liblber with partial flush (ITS#8864)
Fixed libldap ASYNC TLS so it works (ITS#8957,ITS#8980)
Fixed libldap ASYNC connections with Solaris 10 (ITS#8968)
Fixed libldap with SASL_NOCANON=on and ldapi connections (ITS#7585)
Fixed libldap to be able to unset syncrepl TLS options (ITS#7042)
Fixed libldap race condition in ldap_int_initialize (ITS#7996, ITS#8450)
Fixed libldap return code in ldap_create_assertion_control_value (ITS#8674)
Fixed libldap to correctly disable IPv6 when configured to do so (ITS#8754)
Fixed libldap to correctly close TLS connection (ITS#8755)
Fixed libldap with non-blocking TLS and referals (ITS#8167)
Fixed libldap_r handling of deprecated OpenSSL function (ITS#8353)
Fixed liblunicode case correspondance (ITS#8508)
Fixed slapd with an idletimeout of less than four seconds (ITS#8952)
Fixed slapd config parser variable for Windows64 (ITS#9012)
Fixed slapd syncrepl fallback handling with delta-syncrepl (ITS#9015)
Fixed slapd telephoneNumberNormalize, cert DN validation (ITS#8999)
Fixed slapd syncrepl for relax with delta-syncrepl (ITS#8037)
Fixed slapd to restrict rootDN proxyauthz to its own databases (ITS#9038)
Fixed slapd to initialize SASL SSF per connection (ITS#9052)
Fixed slapo-accesslog with SLAP_MOD_SOFT modifications (ITS#8990)
Fixed slapd-ldap starttls connections timeout behavior (ITS#8963)
Fixed slapd-ldap segfault when entry result doesn't match filter (ITS#8997)
Fixed slapd-meta conversion from slapd.conf to cn=config (ITS#8743)
Fixed slapd-meta assertion when network interface goes down (ITS#8841)
Fixed slapd-mdb fix bitshift integer overflow (ITS#8989)
Fixed slapd-mdb index cleanup with cn=config (ITS#8472)
Fixed slapd-mdb to improve performance with alias deref (ITS#7657)
Fixed slapo-accesslog possible assert with exops (ITS#8971)
Fixed slapo-chain to correctly reject multiple chaining URIs (ITS#8637)
Fixed slapo-chain conversion from slapd.conf to cn=config (ITS#8799)
Fixed slapo-memberof conversion from slapd.conf to cn=config (ITS#8663)
Fixed slapo-memberof for group name change to itself (ITS#9000)
Fixed slapo-ppolicy behavior when pwdInHistory is changed (ITS#8349)
Fixed slapo-rwm to not free original filter (ITS#8964)
Fixed slapo-syncprov contextCSN generation (ITS#9015)
Build Environment
Fixed slapd to only link to BDB libraries with static build (ITS#8948)
Fixed libldap implicit declaration with LDAP_CONNECTIONLESS (ITS#8794)
Fixed libldap double inclusion of limits.h in cyrus.c (ITS#9041)
Documentation
General - Fixed minor typos (ITS#8764, ITS#8761)
admin24 - Miscellaneous updates promoting mdb and fixing examples (ITS#9031)
slapd.access(5) - Note MDB is the primary backend (ITS#8881)
slapd.backends(5) - Note MDB is the recommended backend (ITS#8771)
slapd-ldap(5) - Document starttls parameter (ITS#8693)
Contrib
Added slapo-lastbind capability to forward authTimestamp updates (ITS#7721)
-------------------------------------------------------------------
Tue May 14 04:33:38 UTC 2019 - William Brown <william.brown@suse.com>
- bsc#1111388 - incorrect post script call causes tmpfiles create not to
be run.
-------------------------------------------------------------------
Sun Mar 10 11:45:15 UTC 2019 - Michael Ströder <michael@stroeder.com>
- Corrected moduleload back_mdb.la to get a working configuration
right after package installation.
-------------------------------------------------------------------
Fri Jan 4 14:13:47 UTC 2019 - Michael Ströder <michael@stroeder.com>
- added back-ported fix for OpenLDAP ITS#8727
(file 0002-openldap-its8727-plug-ber-leaks.patch)
-------------------------------------------------------------------
Thu Dec 20 09:35:55 UTC 2018 - Michael Ströder <michael@stroeder.com>
- Update to upstream release 2.4.47
- Removed obsolete patches:
* 0006-No-Build-date-and-time-in-binaries.dif
(upstream now uses SOURCE_DATE_EPOCH for reproducable builds)
* 0012-ITS8051-sockdnpat.patch
* 0014-ITS-8714-Send-out-EXTENDED-operation-message-from-back-sock.patch
OpenLDAP 2.4.47 Release (2018/12/19)
Added slapd-sock DN qualifier for subtrees to be processed (ITS#8051)
Added slapd-sock ability to send extended operations to external listeners (ITS#8714)
Fixed liblber to avoid incremental access to user-supplied bv in dupbv (ITS#8752)
Fixed libldap dn to domain parsing with bad input (ITS#8842)
Fixed slapd slapcat to correctly honor -g option (ITS#8667)
Fixed slapd to correctly handle NO_SUCH_OBJECT with dynamic groups (ITS#8923)
Fixed slapd to check status of rdnNormalize (ITS#8932)
Fixed slapd cn=config when modifying slapo-syncprov config (ITS#8616)
Fixed slapd sasl authz-policy "all" behavior (ITS#8909)
Fixed slapd sasl minor typo (ITS#8918)
Fixed slapd to correctly hide hidden DBs in the rootDSE (ITS#8912)
Fixed slapd domainScope control to match Microsoft specification (ITS#8840)
Fixed slapd-bdb/hdb/mdb to not convert certain IDLs to ranges (ITS#8868)
Fixed slapo-accesslog deadlock during cleanup (ITS#8752)
Fixed slapo-memberof cn=config modifications (ITS#8663)
Fixed slapo-ppolicy with multimaster replication (ITS#8927)
Fixed slapo-syncprov with NULL modlist (ITS#8843)
Build Environment
Added slapd reproducible build support (ITS#8928)
Fixed missing includes with OpenSSL 1.0.2 (ITS#8809)
Contrib
Fixed slapo-pbkdf2 hash generation (ITS#8878)
Documentation
admin24 fixed minor typo (ITS#8887)
-------------------------------------------------------------------
Thu Nov 22 16:03:22 UTC 2018 - Jan Engelhardt <jengelh@inai.de>
- Replace old $RPM_* shell vars
-------------------------------------------------------------------
Tue Nov 20 13:32:36 UTC 2018 - ckowalczyk@suse.com
- Fix CVE-2017-17740: when both the nops module and the memberof
overlay are enabled, attempts to free a buffer that was allocated
on the stack
* patch: 0017-Fix-segfault-in-nops.patch
(bsc#1073313)
-------------------------------------------------------------------
Mon Nov 12 14:25:52 UTC 2018 - Dominique Leuenberger <dleuenberger@suse.com>
- Emergency fix: move tmpfiles_create post from the library package
to the main package's post script, which ships the tmpfiles.d
configuration. Fixes the post script of the library (-p
/sbin/ldconfig does not allow more statements in the script).
-------------------------------------------------------------------
Thu Nov 8 15:25:08 UTC 2018 - varkoly@suse.com
- bsc#1111388 openldap and /var/lib/ldap/DB_CONFIG* (transactional-update)
-------------------------------------------------------------------
Fri Oct 26 14:58:41 UTC 2018 - Michael Ströder <michael@stroeder.com>
- Fixed broken memory handling in
0001-ITS-8866-slapo-unique-to-return-filter-used-in-diagn.patch
affecting error response of slapo-unique
-------------------------------------------------------------------
Fri Aug 17 07:46:47 UTC 2018 - ckowalczyk@suse.com
- Fix slapd segfaults in mdb_env_reader_dest
+ with patch 0016-Clear-shared-key-only-in-close-function.patch
+ (bsc#1089640)
-------------------------------------------------------------------
Fri Jun 29 16:23:22 UTC 2018 - michael@stroeder.com
- fixed shee-bang in openldap_update_modules_path.sh (bsc#1099705)
-------------------------------------------------------------------
Wed Jun 20 10:04:06 UTC 2018 - michael@stroeder.com
- Added a patch to let slapd return the uniqueness check filter
used before constraint violation to the client
0001-ITS-8866-slapo-unique-to-return-filter-used-in-diagn.patch
-------------------------------------------------------------------
Tue Jun 5 13:24:09 UTC 2018 - varkoly@suse.com
- bsc#1095816 libldap package does not contain and provide libldap anymore
-------------------------------------------------------------------
Thu May 24 11:59:02 CEST 2018 - kukuk@suse.de
- Don't require systemd explicit, spec file can handle both cases
correct and in containers we don't have systemd.
-------------------------------------------------------------------
Tue Apr 24 16:35:09 UTC 2018 - zsolt.kalmar@suse.com
- bsc#1085064 Packaging issues have been discovered around the
openldap_update_modules_path.sh which has been corrected:
- the spec file was wrongly configured, therefore the script has
never been called
- the script should create the symlinks first, as slapcat is
useless on a system which is already affected.
-------------------------------------------------------------------
Fri Apr 6 11:29:22 UTC 2018 - zsolt.kalmar@suse.com
- bsc#1085064 Add script "openldap_update_modules_path.sh" which
which removes the configuration item olcModulePath in cn=config
which is after upgrade from SLE12 to SLE15 holds inappropriate
information. If the cn=config is being used on a system, the
conflicting items in slapd.conf are ignored, despite of it, the
backend DB configuration section has been also commented out in
the default slapd.conf.
In case of correct cn=config (the olcModulePath has been already
removed), the script stops without touching anything.
-------------------------------------------------------------------
Fri Mar 23 19:43:23 UTC 2018 - michael@stroeder.com
- Upgrade to upstream 2.4.46 release
- removed obsolete back-port patches:
* 0013-ITS-8692-let-back-sock-generate-increment-line.patch
* 0016-ITS-8782-fix-cancel-memleak.patch
OpenLDAP 2.4.46 Release (2018/03/22)
Fixed libldap connection delete callbacks when TLS fails to start (ITS#8717)
Fixed libldap to not reuse tls_session if TLS hostname check fails (ITS#7373)
Fixed libldap cross-compiling with OpenSSL 1.1 (ITS#8687)
Fixed libldap OpenSSL 1.1.1 compatibility with BIO_method (ITS#8791)
Fixed libldap MozNSS CA certificate hash matching (ITS#7374)
Fixed libldap MozNSS with PEM certs when also using an NSS cert db (ITS#7389)
Fixed libldap MozNSS initialization (ITS#8484)
Fixed libldap GnuTLS with GNUTLS_E_AGAIN (ITS#8650)
Fixed libldap memory leak with cancel operations (ITS#8782)
Fixed slapd Eventlog registry key creation on 64-bit Windows (ITS#8705)
Fixed slapd to maintain SSF across SASL binds (ITS#8796)
Fixed slapd syncrepl deadlock when updating cookie (ITS#8752)
Fixed slapd syncrepl callback to always be last in the stack (ITS#8752)
Fixed slapd telephoneNumberNormalize when the value is spaces and hyphens (ITS#8778)
Fixed slapd CSN queue processing (ITS#8801)
Fixed slapd-ldap TLS connection timeout with high latency connections (ITS#8720)
Fixed slapd-ldap to ignore unknown schema when omit-unknown-schema is set (ITS#7520)
Fixed slapd-mdb with an optimization for long lived read transactions (ITS#8226)
Fixed slapd-meta assert when olcDbRewrite is modified (ITS#8404)
Fixed slapd-sock with LDAP_MOD_INCREMENT operations (ITS#8692)
Fixed slapo-accesslog cleanup to only occur on failed operations (ITS#8752)
Fixed slapo-dds entryTTL to actually decrease as per RFC 2589 (ITS#7100)
Fixed slapo-syncprov memory leak with delete operations (ITS#8690)
Fixed slapo-syncprov to not clear pending operation when checkpointing (ITS#8444)
Fixed slapo-syncprov to correctly record contextCSN values in the accesslog (ITS#8100)
Fixed slapo-syncprov not to log checkpoints to accesslog db (ITS#8607)
Fixed slapo-syncprov to process changes from this SID on REFRESH (ITS#8800)
Fixed slapo-syncprov session log parsing to not block other operations (ITS#8486)
Build Environment
Fixed Windows build with newer MINGW version (ITS#8697)
Fixed compiler warnings and removed unused variables (ITS#8578)
Contrib
Fixed ldapc++ Control structure (ITS#8583)
Documentation
Delete stub manpage for back-ldbm (ITS#8713)
Fixed ldap_bind(3) to mention the LDAP_SASL_SIMPLE mechanism (ITS#8121)
Fixed ldap.conf(5) to note SASL_MECH/SASL_REALM are no longer user-only (ITS#8818)
Fixed slapd-config(5) typo for olcTLSCipherSuite (ITS#8715)
Fixed slapo-syncprov(5) indexing requirements (ITS#5048)
-------------------------------------------------------------------
Thu Feb 22 15:10:42 UTC 2018 - fvogt@suse.com
- Use %license (boo#1082318)
-------------------------------------------------------------------
Mon Dec 11 22:51:03 UTC 2017 - michael@stroeder.com
- added 0016-ITS-8782-fix-cancel-memleak.patch
-------------------------------------------------------------------
Thu Nov 23 13:36:52 UTC 2017 - rbrown@suse.com
- Replace references to /var/adm/fillup-templates with new
%_fillupdir macro (boo#1069468)
-------------------------------------------------------------------
Mon Oct 2 18:15:46 UTC 2017 - jengelh@inai.de
- Add openldap-r-only.dif so that openldap2's own tools also
link against libldap_r rather than libldap.
- Make libldap equivalent to libldap_r (like Debian) to avoid
crashes in threaded programs which unknowingly get both
libraries inserted into their process image.
[rh#1370065, boo#996551]
-------------------------------------------------------------------
Mon Oct 2 13:18:54 UTC 2017 - mrueckert@suse.de
- use existing groups instead of inventing new ones
-------------------------------------------------------------------
Mon Sep 18 20:45:58 UTC 2017 - michael@stroeder.com
- added 0012-ITS8051-sockdnpat.patch
-------------------------------------------------------------------
Wed Sep 6 07:58:06 UTC 2017 - michael@stroeder.com
- updated 0014-ITS-8714-Send-out-EXTENDED-operation-message-from-back-sock.patch
-------------------------------------------------------------------
Fri Aug 18 17:00:54 UTC 2017 - michael@stroeder.com
- Added OpenLDAP new feature implementing OpenLDAP ITS#8714
0014-ITS-8714-Send-out-EXTENDED-operation-message-from-back-sock.patch
-------------------------------------------------------------------
Thu Jul 20 14:19:47 UTC 2017 - michael@stroeder.com
- added overlay trace to package openldap2-contrib
-------------------------------------------------------------------
Wed Jul 12 18:52:42 UTC 2017 - michael@stroeder.com
- Upgrade to upstream 2.4.45 release
- removed obsolete 0010-Enforce-minimum-DH-size-of-1024.patch
and 0012-use-system-wide-cert-dir-by-default.patch
- added 0013-ITS-8692-let-back-sock-generate-increment-line.patch
for supporting modify increment operations with back-sock
- added overlay addpartial to package openldap2-contrib
--------------------------------------------------------------------
Wed Jun 7 09:32:52 UTC 2017 - hguo@suse.com
- Remove legacy daemon control that was used to migrate from SLE 11
to 12. (bsc#1038405)
--------------------------------------------------------------------
Tue Jun 6 13:47:18 UTC 2017 - hguo@suse.com
- There is no change made about the package itself, this is only
copying over some changelog texts from SLE package:
- bug#976172 owned by hguo@suse.com: openldap2 - missing
/usr/share/doc/packages/openldap2/guide/admin/guide.html
- bug#916914 owned by varkoly@suse.com: VUL-0: CVE-2015-1546:
openldap2: slapd crash in valueReturnFilter cleanup
- [fate#319300](https://fate.suse.com/319300)
- [CVE-2015-1545](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1545)
- bug#905959 owned by hguo@suse.com: L3-Question: Are multiple
"Connection 0" in a Multi Master setup normal ?
- [CVE-2015-1546](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1546)
- bug#916897 owned by varkoly@suse.com: VUL-0: CVE-2015-1545:
openldap2: slapd crashes on search with deref control and empty attr list
-------------------------------------------------------------------
Fri Apr 7 16:47:24 UTC 2017 - jengelh@inai.de
- Drop binutils requirement; the code using /usr/bin/strings has
been dropped in openSUSE:Factory/openldap2 revision 112.
-------------------------------------------------------------------
Sat Feb 18 22:11:29 UTC 2017 - kukuk@suse.com
- Remove superfluous insserv PreReq.
-------------------------------------------------------------------
Thu Nov 10 12:55:26 UTC 2016 - hguo@suse.com
- Introduce patch 0012-use-system-wide-cert-dir-by-default.patch
to let OpenLDAP read system wide certificate directory by
default and avoid hiding the error if user specified CA location
cannot be read (bsc#1009470).
-------------------------------------------------------------------
Fri Oct 14 13:15:23 UTC 2016 - hguo@suse.com
- Add more details in the comments of slapd.conf concerning
file permission and StartTLS capability.
-------------------------------------------------------------------
Thu Jun 23 22:46:29 UTC 2016 - jengelh@inai.de
- Test for user/group existence before trying to add them.
Summary spello update.
-------------------------------------------------------------------
Thu Jun 16 10:10:36 UTC 2016 - hguo@suse.com
- Move schema files into tarball addonschema.tar.gz:
ldapns.ldif ldapns.schema rfc2307bis.ldif rfc2307bis.schema
yast.ldif yast.schema
- Package previously missing schema files in LDIF format:
amavisd-new.ldif dhcp.ldif dlz.ldif dnszone.ldif samba3.ldif
sudo.ldif suse-mailserver.ldif (bsc#984691)
- Fix a minor issue in schema2ldif script that led to missing
attribute in the generated LDIF.
-------------------------------------------------------------------
Tue May 17 08:37:00 UTC 2016 - hguo@suse.com
- Enable build flag LDAP_USE_NON_BLOCKING_TLS to fix bsc#978408.
-------------------------------------------------------------------
Thu Feb 25 11:06:12 UTC 2016 - hguo@suse.com
- Move ldap.conf into libldap-data package, per convention.
-------------------------------------------------------------------
Sun Feb 21 23:04:38 UTC 2016 - jengelh@inai.de
- Move ldap.conf out of shlib package again, they are not allowed
there for obvious reasons (conflict with future package).
-------------------------------------------------------------------
Thu Feb 18 14:45:30 UTC 2016 - hguo@suse.com
- Build password strength enforcer as an implementation of ppolicy
password checker, introducing:
ppolicy-check-password-1.2.tar.gz
ppolicy-check-password.Makefile
ppolicy-check-password.conf
ppolicy-check-password.5
0200-Fix-incorrect-calculation-of-consecutive-number-of-c.patch
(Implements fate#319461)
-------------------------------------------------------------------
Thu Feb 18 12:18:13 UTC 2016 - lmuelle@suse.com
- Remove redundant -n openldap2- package name prefix.
-------------------------------------------------------------------
Mon Feb 8 14:40:32 UTC 2016 - hguo@suse.com
- Remove openldap2-client.spec and openldap2-client.changes
openldap2.spec now builds client utilities and libraries.
Thus pre_checkin.sh is removed.
- Move ldap.conf and its manual page from openldap2-client package
to libldap-2_4-2 package, which is more appropriate.
- Use RPM_OPT_FLAGS in build flags.
- Macros dealing with old/unsupported distributions are removed.
- Remove 0002-slapd.conf.dif and install improved slapd.conf from
new source file slapd.conf.
- Install slapd.conf.olctemplate to assist in preparing slapd.d
for OLC.
- Be explicit in sysconfig that by default openldap will use
static file configuration.
- Add the following schemas in LDIF format:
* rfc2307bis.ldif
* ldapns.ldif
* yast.ldif
- Other minor clean-ups in the spec file.
-------------------------------------------------------------------
Mon Feb 8 13:24:49 UTC 2016 - mpluskal@suse.com
- Use optflags when building
-------------------------------------------------------------------
Sat Feb 6 12:10:53 UTC 2016 - michael@stroeder.com
- Upgrade to upstream 2.4.44 release with accumulated bug fixes.
- Specify source with FTP URL
- Removed obsolete 0012-openldap-re24-its8336.patch
-------------------------------------------------------------------
Mon Jan 25 14:10:12 UTC 2016 - hguo@suse.com
- Relabel patch 0011-Enforce-minimum-DH-size-of-1024.patch
into 0010-Enforce-minimum-DH-size-of-1024.patch
-------------------------------------------------------------------
Tue Dec 8 11:36:16 UTC 2015 - michael@stroeder.com
- Upgrade to upstream 2.4.43 release with accumulated bug fixes.
- Still build on SLES12
- Loadable backend and overlay modules are now installed
into arch-specific path %{_libdir}/openldap
- All backends and overlays as modules for smaller memory footprint
on memory constrained systems
- Added extra package for back-sock
- Consequent use of %{_rundir} everywhere
- Rely on upstream ./configure script instead of any other
macro foo
- Dropped linking with libwrap
- Dropped 0004-libldap-use-gethostbyname_r.dif because this
work-around for nss_ldap is obsolete
- New sub-package openldap2-contrib with selected contrib/ overlays
- Replaced addonschema.tar.gz with separate schema sources
- Updated ldapns.schema from recent slapo-nssov source tree
- Added symbolic link to slapd executable in /usr/sbin/
- Added more complex example configuration file
/etc/openldap/slapd.conf.example
- Set OPENLDAP_START_LDAPI="yes" in /etc/sysconfig/openldap
- Set OPENLDAP_REGISTER_SLP="no" in /etc/sysconfig/openldap
- Added patch for OpenLDAP ITS#7796 to avoid excessive
"not index" logging:
0011-openldap-re24-its7796.patch
- Replaced openldap-rc.tgz with single source files
- Added soft dependency (Recommends) to cyrus-sasl
- Added soft dependency (Recommends) to cyrus-sasl-devel
to openldap2-devel
- Added patch for OpenLDAP ITS#8336 (assert in liblmdb):
0012-openldap-re24-its8336.patch
- Remove obsolete patch 0001-build-adjustments.dif
-------------------------------------------------------------------
Wed Dec 2 12:50:47 UTC 2015 - hguo@suse.com
- Introduce patch 0010-Revert-Revert-ITS-8240-remove-obsolete-assert.patch
to fix CVE-2015-6908. (bsc#945582)
- Introduce patch 0011-Enforce-minimum-DH-size-of-1024.patch
to address weak DH size vulnerability (bsc#937766)
-------------------------------------------------------------------
Mon Nov 30 10:16:57 UTC 2015 - hguo@suse.com
- Introduce patch 0009-Fix-ldap-host-lookup-ipv6.patch
to fix an issue with unresponsive LDAP host lookups in IPv6 environment.
(bsc#955210)
-------------------------------------------------------------------
Fri Oct 9 09:19:35 UTC 2015 - hguo@suse.com
- Remove OpenLDAP 2.3 code and patches from build source.
Compatibility libraries for OpenLDAP 2.3 are built in package:
compat-libldap-2_3-0
Removed source files:
openldap-2.3.37-liblber-length-decoding.dif
openldap-2.3.37-libldap-ntlm.diff
openldap-2.3.37-libldap-ssl.dif
openldap-2.3.37-libldap-sasl-max-buff-size.dif
openldap-2.3.37-libldap-tls_chkhost-its6239.dif
openldap-2.3.37-libldap-gethostbyname_r.dif
openldap-2.3.37-libldap-suid.diff
openldap-2.3.37.dif
openldap-2.3.37-libldap-ld_defconn-ldap_free_connection.dif
openldap-2.3.37-libldap-ldapi_url.dif
openldap-2.3.37.tgz
openldap-2.3.37-libldap-utf8-ADcanonical.dif
README.update
check-build.sh
-------------------------------------------------------------------
Thu Oct 1 11:08:41 UTC 2015 - hguo@suse.com
- Upgrade to upstream 2.4.42 release with accumulated bug fixes.
-------------------------------------------------------------------
Tue Jul 21 08:12:50 UTC 2015 - hguo@suse.com
- Upgrade to upstream 2.4.41 release with accumulcated bug fixes and stability improvements.
* Add patch 0008-In-monitor-backend-do-not-return-Connection0-entries.patch
* Remove already applied patch 0008-ITS-7723-fix-reference-counting.patch
* Remove already applied patch 0009-gcc5.patch
(Implements fate#319301)
-------------------------------------------------------------------
Thu Feb 19 10:03:30 UTC 2015 - rguenther@suse.com
- Add 0009-gcc5.patch to pass -P to the preprocessor in configure checks
for Berkeley DB version
-------------------------------------------------------------------
Wed Nov 26 11:21:34 UTC 2014 - jengelh@inai.de
- binutils is required for "strings" utility invocation in %pre
[bnc#904028]
- Remove SLE10 definitions
-------------------------------------------------------------------
Sun Oct 12 11:48:00 UTC 2014 - jengelh@inai.de
- Use %_smp_mflags for parallel build
-------------------------------------------------------------------
Mon Sep 22 13:41:56 UTC 2014 - tchvatal@suse.com
- Add baselibs.conf to sources list
-------------------------------------------------------------------
Wed Sep 10 10:26:02 UTC 2014 - varkoly@suse.com
- Do not bypass output of useradd and groupadd
-------------------------------------------------------------------
Wed Sep 3 01:49:12 CEST 2014 - ro@suse.de
- sanitize release line in specfile
-------------------------------------------------------------------
Wed Jul 16 15:56:11 UTC 2014 - ckornacker@suse.com
- segfault on certain queries with rwm overlay (bnc#846389)
0008-ITS-7723-fix-reference-counting.patch
-------------------------------------------------------------------
Fri Jun 6 13:16:24 UTC 2014 - ckornacker@suse.com
- enable systemd slapd service if SysV ldap was enabled (bnc#881476)
-------------------------------------------------------------------
Tue May 13 15:20:40 UTC 2014 - coolo@suse.com
- use %_rundir if available, otherwise /var/run
-------------------------------------------------------------------
Wed Apr 23 20:51:14 UTC 2014 - dmueller@suse.com
- move systemd requires to server package
-------------------------------------------------------------------
Tue Feb 18 14:39:07 UTC 2014 - ckornacker@suse.com
- Fix systemd service installation
-------------------------------------------------------------------
Sun Feb 16 18:55:40 CET 2014 - ro@suse.de
- use configure macro also for building the 2.3.37 version
-------------------------------------------------------------------
Wed Feb 12 11:24:08 UTC 2014 - varkoly@suse.com
- Remove PidFile from service definition
- Update to 2.4.39
* Fixed libldap MozNSS crash (ITS#7783)
* Fixed libldap memory leak with SASL (ITS#7757)
* Fixed libldap assert in parse_passwdpolicy_control (ITS#7759)
* Fixed libldap shortcut NULL RDNs (ITS#7762)
* Fixed libldap deref to use correct control
* Fixed liblmdb keysizes with mdb_update_key (ITS#7756)
* Fixed slapd cn=config olcDbConfig modification (ITS#7750)
* Fixed slapd-bdb/hdb to bail out of search if config is paused (ITS#7761)
* Fixed slapd-bdb/hdb indexing issue with derived attributes (ITS#7778)
* Fixed slapd-mdb to bail out of search if config is paused (ITS#7761)
* Fixed slapd-mdb indexing issue with derived attributes (ITS#7778)
* Fixed slapd-perl to bail out of search if config is paused (ITS#7761)
* Fixed slapd-sql to bail out of search if config is paused (ITS#7761)
* Fixed slapo-constraint handling of softadd/softdel (ITS#7773)
* Fixed slapo-syncprov assert with findbase (ITS#7749)
* Build Environment
Test suite: Use $(MAKE) for tests (ITS#7753)
* Documentation
admin24 fix TLSDHParamFile to be correct (ITS#7684)
-------------------------------------------------------------------
Tue Feb 11 08:49:43 UTC 2014 - varkoly@suse.com
- Add systemd style service definition
- FATE#315028 remove memory limit for slapd
- FATE#315415: LDAP compat packages required for older SLES versions
For this reson following patches were applied:
openldap-2.3.37-libldap-suid.diff
openldap-2.3.37-libldap-ldapi_url.dif
openldap-2.3.37-libldap-ntlm.diff
openldap-2.3.37-libldap-gethostbyname_r.dif
openldap-2.3.37-libldap-sasl-max-buff-size.dif
openldap-2.3.37-libldap-utf8-ADcanonical.dif
openldap-2.3.37-liblber-length-decoding.dif
openldap-2.3.37-libldap-ld_defconn-ldap_free_connection.dif
openldap-2.3.37-libldap-tls_chkhost-its6239.dif
openldap-2.3.37-libldap-ssl.dif
-------------------------------------------------------------------
Wed Dec 11 13:29:51 UTC 2013 - matz@suse.de
- Make /etc/sasl2 owned by openldap2.
-------------------------------------------------------------------
Wed Dec 11 10:44:26 UTC 2013 - varkoly@suse.com
- Update to 2.4.38
* Fixed liblmdb nordahead flag (ITS#7734)
* Fixed liblmdb to check cursor index before cursor_del (ITS#7733)
* Fixed liblmdb wasted space on split (ITS#7589)
* Fixed slapd for certs with a NULL issuerDN (ITS#7746)
* Fixed slapd cn=config with empty nested includes (ITS#7739)
* Fixed slapd syncrepl memory leak with delta-sync MMR (ITS#7735)
* Fixed slapd-bdb/hdb to stop processing on dn not found (ITS#7741)
* Fixed slapd-bdb/hdb with indexed ANDed filters (ITS#7743)
* Fixed slapd-mdb to stop processing on dn not found (ITS#7741)
* Fixed slapd-mdb dangling reader (ITS#7662)
* Fixed slapd-mdb matching rule for OlcDbEnvFlags (ITS#7737)
* Fixed slapd-mdb with indexed ANDed filters (ITS#7743)
* Fixed slapd-meta from blocking other threads (ITS#7740)
* Fixed slapo-syncprov assert with findbase (ITS#7749)
Changes in 2.4.37
* Added liblmdb nordahead environment flag (ITS#7725)
* Fixed client tools CLDAP with IPv6 (ITS#7695)
* Fixed libldap CLDAP with IPv6 (ITS#7695)
* Fixed libldap lock ordering with abandon op (ITS#7712)
* Fixed liblmdb segfault with mdb_cursor_del (ITS#7718)
* Fixed liblmdb when converting to writemap (ITS#7715)
* Fixed liblmdb assert on MDB_NEXT with delete (ITS#7722)
* Fixed liblmdb wasted space on split (ITS#7589)
* Fixed slapd cn=config with olcTLSProtocolMin (ITS#7685)
* Fixed slapd-bdb/hdb optimize index updates (ITS#7329)
* Fixed slapd-ldap chaining with cn=config (ITS#7381, ITS#7434)
* Fixed slapd-ldap chaning with controls (ITS#7687)
* Fixed slapd-mdb optimize index updates (ITS#7329)
* Fixed slapd-meta chaining with cn=config (ITS#7381, ITS#7434)
* Fixed slapo-constraint to no-op on nonexistent entries (ITS#7692)
* Fixed slapo-dds assert on startup (ITS#7699)
* Fixed slapo-memberof to not replicate internal ops (ITS#7710)
* Fixed slapo-refint to not replicate internal ops (ITS#7710)
Changes in 2.4.36
* Added back-meta target filter patterns (ITS#7609)
* Added liblmdb mdb_txn_env to API (ITS#7660)
* Fixed libldap CLDAP with uninit'd memory (ITS#7582)
* Fixed libldap with UDP (ITS#7583)
* Fixed libldap OpenSSL TLS versions (ITS#7645)
* Fixed liblmdb MDB_PREV behavior (ITS#7556)
* Fixed liblmdb transaction issues (ITS#7515)
* Fixed liblmdb mdb_drop overflow page return (ITS#7561)
* Fixed liblmdb nested split (ITS#7592)
* Fixed liblmdb overflow page behavior (ITS#7620)
* Fixed liblmdb race condition with read and write txns (ITS#7635)
* Fixed liblmdb mdb_del behavior with MDB_DUPSORT and mdb_del (ITS#7658)
* Fixed slapd cn=config with unknown schema elements (ITS#7608)
* Fixed slapd cn=config with loglevel 0 (ITS#7611)
* Fixed slapd slapi filterlist free behavior (ITS#7636)
* Fixed slapd slapi control free behavior (ITS#7641)
* Fixed slapd schema countryString as directoryString (ITS#7659)
* Fixed slapd schema telephoneNumber as directoryString (ITS#7659)
* Fixed slapd-bdb/hdb to wait for read locks in tool mode (ITS#6365)
* Fixed slapd-mdb behavior with alias dereferencing (ITS#7577 )
* Fixed slapd-mdb modrdn and base-scoped searches (ITS#7604)
* Fixed slapd-mdb refcount behavior (ITS#7628)
* Fixed slapd-meta binding flag is set (ITS#7524)
* Fixed slapd-meta with minimal config (ITS#7581)
* Fixed slapd-meta missing results messages (ITS#7591)
* Added slapd-meta TCP keepalive support (ITS#7513)
* Fixed slapo-sssvlv double free (ITS#7588)
* Fixed slaptest to list -Q option (ITS#7568)
Changes in 2.4.35
* Fixed liblmdb mdb_cursor_put with MDB_MULTIPLE (ITS#7551)
* Fixed liblmdb page rebalance (ITS#7536)
* Fixed liblmdb missing parens (ITS#7377)
* Fixed liblmdb mdb_cursor_del crash (ITS#7553)
* Fixed slapd syncrepl updateCookie status (ITS#7531)
* Fixed slapd connection logging (ITS#7543)
* Fixed slapd segfault on modify (ITS#7542, ITS#7432)
* Fixed slapd-mdb to reject undefined attrs (ITS#7540)
* Fixed slapo-pcache with +/- attrsets (ITS#7552)
Changes in 2.4.34
* Fixed libldap connections with EINTR (ITS#7476)
* Fixed libldap lineno overflow in ldif_read_record (ITS#7497)
* Fixed liblmdb mdb_env_open flag handling (ITS#7453)
* Fixed liblmdb mdb_midl_sort array optimization (ITS#7432)
* Fixed liblmdb freelist with large entries (ITS#7455)
* Fixed liblmdb to check for filled dirty page list (ITS#7491)
* Fixed liblmdb to validate data limits (ITS#7485)
* Fixed liblmdb mdb_update_key for large keys (ITS#7505)
* Fixed ldapmodify to not core dump with invalid LDIF (ITS#7477)
* Fixed slapd syncrepl for old entries in MMR setup (ITS#7427)
* Fixed slapd signedness for index_substr_any_* (ITS#7449)
* Fixed slapd enforce SLAPD_MAX_DAEMON_THREADS (ITS#7450)
* Fixed slapd mutex in send_ldap_ber (ITS#6164)
* Added slapd-ldap onerr option (ITS#7492)
* Added slapd-ldap keepalive support (ITS#7501)
* Fixed slapd-ldif with empty dir (ITS#7451)
* Fixed slapd-mdb to reopen attr DBs after env reopen (ITS#7416)
* Fixed slapd-mdb handling of missing entries (ITS#7483,7496)
* Fixed slapd-mdb environment flag setting (ITS#7452)
* Fixed slapd-mdb with sub db slapcat (ITS#7469)
* Fixed slapd-mdb to correctly work with toolthreads > 2 (ITS#7488,ITS#7527)
* Fixed slapd-mdb subtree search speed (ITS#7473)
* Fixed slapd-meta conversion to cn=config (ITS#7525)
* Fixed slapd-meta segfault when modifying olcDbUri (ITS#7526)
* Fixed slapd-sql back-config support (ITS#7499)
* Fixed slapo-constraint handle uri and restrict correctly (ITS#7418)
* Fixed slapo-constraint with multi-master replication (ITS#7426)
* Fixed slapo-constraint segfault (ITS#7431)
* Fixed slapo-deref control initialization (ITS#7436)
* Fixed slapo-deref control exposure (ITS#7445)
* Fixed slapo-memberof with internal ops (ITS#7487)
* Fixed slapo-pcache matching rules for config db (ITS#7459)
* Fixed slapo-rwm modrdn cleanup (ITS#7414)
* Fixed slapo-sssvlv maxperconn parameter (ITS#7484)
-------------------------------------------------------------------
Mon Jun 17 14:37:45 UTC 2013 - jengelh@inai.de
- For now, avoid automatic use of libdb-6_0 by explicitly selecting
libdb-4_8 as BuildRequire.
-------------------------------------------------------------------
Mon Mar 25 16:08:21 UTC 2013 - jengelh@inai.de
- Put static libs into openldap2-devel-static and relieve
openldap2-devel of static-only deps
-------------------------------------------------------------------
Sat Nov 17 12:06:23 CET 2012 - ro@suse.de
- fix check-build.sh for kernel > 3.0
-------------------------------------------------------------------
Fri Nov 16 09:52:42 UTC 2012 - rhafer@suse.com
- Fixed initscript to avoid endless loop when no configuration
is present in /etc/openldap/slapd.d/ (bnc#767464)
- cleaned up SLES10 buildrequires and dependencies
- removed support for building on SLES9, didn't work anyway anymore
- Don't buildrequire krb5-mini on Distributions where it does not
exist
-------------------------------------------------------------------
Fri Oct 26 12:38:46 UTC 2012 - rhafer@suse.com
- enabled mdb backend
- Update to 2.4.33
* Added slapd-meta cn=config support
* Fixed slapd alock handling on Windows (ITS#7361)
* Fixed slapd acl handling with zero-length values (ITS#7350)
* Fixed slapd syncprov to not reference ops inside a lock (ITS#7172)
* Fixed slapd delta-syncrepl MMR with large attribute values (ITS#7354)
* Fixed slapd slapd_rw_destroy function (ITS#7390)
* Fixed slapd-ldap idassert bind handling (ITS#7403)
* Fixed slapo-constraint with multiple modifications (ITS#7168)
Changes in 2.4.32:
* Added slappasswd loadable module support (ITS#7284)
* Fixed tools to not clobber SASL_NOCANON (ITS#7271)
* Fixed libldap function declarations (ITS#7293)
* Fixed libldap double free (ITS#7270)
* Fixed libldap debug level setting (ITS#7290)
* Fixed libldap gettime() regression (ITS#6262)
* Fixed libldap sasl handling (ITS#7118, ITS#7133)
* Fixed libldap to correctly free socket with TLS (ITS#7241)
* Fixed slapd config index renumbering (ITS#6987)
* Fixed slapd duplicate error response (ITS#7076)
* Fixed slapd parsing of PermissiveModify control (ITS#7298)
* Fixed slapd-bdb/hdb cache hang under high load (ITS#7222)
* Fixed slapd-bdb/hdb alias checking (ITS#7303)
* Fixed slapd-bdb/hdb olcDbConfig changes work immediately (ITS#7338)
* Fixed slapd-ldap to encode user DN during password change (ITS#7319)
* Fixed slapd-ldap assertion when proxying to MS AD (ITS#6851)
* Fixed slapd-ldap monitoring (ITS#7182, ITS#7225)
* Fixed slapd-perl panic (ITS#7325)
* Fixed slapo-accesslog memory leaks with sync replication (ITS#7292)
* Fixed slapo-syncprov memory leaks with sync replication (ITS#7292)
-------------------------------------------------------------------
Fri Oct 26 08:44:23 UTC 2012 - coolo@suse.com
- add explicit buildrequire on groff - needed to build manuals
-------------------------------------------------------------------
Tue Oct 16 07:38:01 UTC 2012 - coolo@suse.com
- buildrequire krb5-mini in openldap2-client to avoid cycle
- move Summary out of the %if as prepare_spec is confused about
the license otherwise
-------------------------------------------------------------------
Thu May 10 09:22:52 UTC 2012 - rhafer@suse.de
- update to 2.4.31
* Added slapo-accesslog support for reqEntryUUID (ITS#6656)
* Fixed libldap IPv6 URL detection (ITS#7194)
* Fixed libldap rebinding on failed connection (ITS#7207)
* Fixed slapd listener initialization (ITS#7233)
* Fixed slapd cn=config with olcTLSVerifyClient (ITS#7197)
* Fixed slapd delta-syncrepl fallback on non-leaf error (ITS#7195)
* Fixed slapd to reject MMR setups with bad serverID setting
(ITS#7200)
* Fixed slapd approxIndexer key generation (ITS#7203)
* Fixed slapd modification of olcSuffix (ITS#7205)
* Fixed slapd schema validation with missing definitions
(ITS#7224)
* Fixed slapd syncrepl -c with supplied CSN values (ITS#7245)
* Fixed slapd-bdb/hdb idlcache with only one element (ITS#7231)
* Fixed slapo-accesslog deadlock with non-logged write ops
(ITS#7088)
* Fixed slapo-syncprov sessionlog check (ITS#7218)
* Fixed slapo-syncprov entry leak (ITS#7234)
* Fixed slapo-syncprov startup initialization (ITS#7235)
-------------------------------------------------------------------
Mon Apr 23 07:08:13 UTC 2012 - rhafer@suse.de
- Disabled testsuite for now. Causes problems in the buildserivce
-------------------------------------------------------------------
Tue Mar 6 12:23:35 UTC 2012 - rhafer@suse.de
- Update to 2.4.30
* Fixed libldap socket polling for writes (ITS#7167)
* Fixed liblutil string modifications (ITS#7174)
* Fixed slapd crash when attrsOnly is true (ITS#7143)
* Fixed slapd syncrepl delete handling (ITS#7052,ITS#7162)
* Fixed slapo-pcache time-to-refesh handling (ITS#7178)
* Fixed slapo-syncprov loop detection (ITS#6024)
-------------------------------------------------------------------
Mon Feb 27 14:14:23 UTC 2012 - rhafer@suse.de
- Update to 2.4.29
* Fixed slapd cn=config modification of first schema element
(ITS#7098)
* Fixed slapd operation reuse (ITS#7107)
* Fixed slapd blocked writers to not interfere with pool pause
(ITS#7115)
* Fixed slapd connection loop connindex usage (ITS#7131)
* Fixed slapd double mutex unlock via connection_done (ITS#7125)
* Fixed slapd check order in connection_write (ITS#7113)
* Fixed slapd slapadd to exit on failure (ITS#7142)
* Fixed slapd syncrepl reference to freed memory
(ITS#7127,ITS#7132)
* Fixed slapd syncrepl to ignore some errors on delete
(ITS#7052)
* Fixed slapd syncrepl to handle missing oldRDN (ITS#7144)
* Fixed slapd-monitor compare op to update cached entry
(ITS#7123)
* Fixed slapo-syncprov with already abandoned operation
(ITS#7150)
- Included patches from RE24 branch:
* only poll sockets for write as needed (ITS#7167, bnc#749082)
* sycnrepl Fixes (ITS#7162)
-------------------------------------------------------------------
Wed Dec 7 11:10:19 UTC 2011 - cfarrell@suse.com
- license update: OLDAP-2.8
SPDX format (http://www.spdx.org/licenses)
-------------------------------------------------------------------
Fri Dec 2 16:11:01 UTC 2011 - rhafer@suse.de
- Update to 2.4.28
* Fixed back-mdb out of order slapadd (ITS#7090)
changes in OpenLDAP 2.4.27 Release (2011/11/24):
* Added slapd delta-syncrepl MMR (ITS#6734,ITS#7029,ITS#7031)
* Fixed ldapmodify crash with LDIF controls (ITS#7039)
* Fixed ldapsearch to honor timeout and timelimit (ITS#7009)
* Fixed libldap endless looping (ITS#7035)
* Fixed libldap TLS to not check hostname when using 'allow'
(ITS#7014)
* Fixed slapadd common code into slapcommon (ITS#6737)
* Fixed slapd backend connection initialization (ITS#6993)
* Fixed slapd frontend DB parsing in cn=config (ITS#7016)
* Fixed slapd hang with {numbered} overlay insertion (ITS#7030)
* Fixed slapd inet_ntop usage (ITS#6925)
* Fixed slapd cn=config deletion of bitmasks (ITS#7083)
* Fixed slapd cn=config modify replace/delete crash (ITS#7065)
* Fixed slapd schema UTF8StringNormalize with 0 length values
(ITS#7059)
* Fixed slapd with dynamic acls for cn=config (ITS#7066)
* Fixed slapd response callbacks (ITS#6059,ITS#7062)
* Fixed slapd no_connection warnings with ldapi
(ITS#6548,ITS#7092)
* Fixed slapd return code processing (ITS#7060)
* Fixed slapd sl_malloc various issues (ITS#6437)
* Fixed slapd startup behavior (ITS#6848)
* Fixed slapd syncrepl crash with non-replicated ops (ITS#6892)
* Fixed slapd syncrepl with modrdn (ITS#7000,ITS#6472)
* Fixed slapd syncrepl timeout when using refreshAndPersist
(ITS#6999)
* Fixed slapd syncrepl deletes need a non-empty CSN (ITS#7052)
* Fixed slapd syncrepl glue for empty suffix (ITS#7037)
* Fixed slapd results cleanup (ITS#6763,ITS#7053)
* Fixed slapd validation of args for TLSCertificateFile
(ITS#7012)
* Fixed slapd-bdb/hdb to build entry DN based on parent DN
(ITS#5326)
* Fixed slapd-hdb with zero-length entries (ITS#7073)
* Fixed slapd-hdb duplicate entries in subtree IDL cache
(ITS#6983)
* Fixed slapo-pcache response cleanup (ITS#6981)
* Fixed slapo-ppolicy pwdAllowUserChange behavior (ITS#7021)
* Fixed slapo-sssvlv issue with greaterThanorEqual (ITS#6985)
* Fixed slapo-sssvlv to only return requested attrs (ITS#7061)
* Fixed slapo-syncprov DSA attribute filtering for Persist mode
(ITS#7019)
* Fixed slapo-syncprov when consumer has newer state of our SID
(ITS#7040)
* Fixed slapo-syncprov crash (ITS#7025)
* Added missing LDIF form of schema files (ITS#7063)
-------------------------------------------------------------------
Fri Nov 25 10:42:39 UTC 2011 - coolo@suse.com
- add libtool as buildrequire to avoid implicit dependency
-------------------------------------------------------------------
Mon Oct 24 13:57:45 UTC 2011 - rhafer@suse.de
- ACL changes to the config database only got active after slapd
restart in certain cases (bnc#716895, ITS#7066).
- Adjusted default DB_CONFIG to increase max values for locks and
lock objects (bnc#719803)
- Fix UTF8StringNormalize overrun on zero-length string
(bnc#724201, ITS#7059)
-------------------------------------------------------------------
Thu Jul 7 14:43:05 UTC 2011 - rhafer@suse.de
- Update to 2.4.26
* Added libldap LDAP_OPT_X_TLS_PACKAGE (ITS#6969)
* Fixed libldap descriptor leak (ITS#6929)
* Fixed libldap socket leak (ITS#6930)
* Fixed libldap get option crash (ITS#6931)
* Fixed libldap lockup (ITS#6898)
* Fixed libldap ASYNC TLS setup (ITS#6828)
* Fixed libldap with missing \n terminations (ITS#6947)
* Fixed tools double free (ITS#6946)
* Fixed tools verbose output (ITS#6977)
* Fixed ldapmodify SEGV on invalid LDIF (ITS#6978)
* Added slapd extra_attrs database option (ITS#6513)
* Fixed slapd asserts (ITS#6932)
* Fixed slapd configfile param on windows (ITS#6933)
* Fixed slapd config with global chaining (ITS#6843)
* Fixed slapd uninitialized variables (ITS#6935)
* Fixed slapd config objectclass is readonly (ITS#6963)
* Fixed slapd entry response with control (ITS#6899)
* Fixed slapd with unknown attrs (ITS#6819)
* Fixed slapd normalization of schema RDN (ITS#6967)
* Fixed slapd operations cache to 10 op limit (ITS#6944)
* Fixed slapd syncrepl crash with non-replicated ops (ITS#6892)
* Fixed slapd-bdb/hdb with sparse index ranges (ITS#6961)
* Fixed back-ldap ppolicy updates (ITS#6711)
* Fixed back-ldap with id-assert (ITS#6817)
* Fixed various slapo-pcache issues (ITS#6823, ITS#6950,
ITS#6951, ITS#6953, ITS#6954)
* Fixed slapo-pcache database corruption (ITS#6831)
* Fixed slapo-syncprov with replicated subtrees (ITS#6872)
- backported delete support for child entries of overlays from
master (bnc#704398)
-------------------------------------------------------------------
Tue Mar 29 15:29:38 UTC 2011 - rhafer@suse.de
- Updated to 2.4.25, important changes:
* Fixed ldapsearch pagedresults loop (ITS#6755)
* Fixed tools for incompatible args (ITS#6849)
* Fixed libldap MozNSS crash (ITS#6863)
* Fixed slapd add objectclasses in order (ITS#6837)
* Added slapd ordering for uidNumber and gidNumber (ITS#6852)
* Fixed slapd segfault when adding values out of order (ITS#6858)
* Fixed slapd sortval handling (ITS#6845)
* Fixed slapd-bdb with slapadd/index quick option (ITS#6853)
* Fixed slapd-ldap chain cn=config support (ITS#6837)
* Fixed slapd-ldap chain with slapd.conf (ITS#6857)
* Fixed slapd-meta deadlock (ITS#6846)
* Fixed slapo-sssvlv with multiple requests (ITS#6850)
* Fixed contrib/lastbind install rules (ITS#6238)
* Fixed contrib/cloak install rules (ITS#6877)
-------------------------------------------------------------------
Tue Feb 22 09:46:04 UTC 2011 - rhafer@suse.de
- Surpress gcc warnings about extra format string arguments for 2.3.x
built as well.
-------------------------------------------------------------------
Mon Feb 14 11:09:36 UTC 2011 - rhafer@suse.de
- Updated to 2.4.24, important changes:
* Added libldap_r,libldap formal concurrency API (ITS#6625,ITS#5421)
* Added slapadd attribute value checking (ITS#6592)
* Added slapcat continue mode for problematic DBs (ITS#6482)
* Added slapd syncrepl suffixmassage support (ITS#6781)
* Fixed liblber to not close invalid sockets (ITS#6585)
* Fixed libldap referral chasing (ITS#6602)
* Fixed libldap leak when chasing referrals (ITS#6744)
* Fixed slapd acl parsing overflow (ITS#6611)
* Fixed slapd acl when resuming parsing (ITS#6804)
* Fixed slapd default config acls with overlays (ITS#6822)
* Fixed slapd config leak with olcDbDirectory (ITS#6634)
* Fixed slapd when first acl is value dependent (ITS#6693)
* Fixed slapd-bdb slapadd -q with glued dbs (ITS#6794)
* Fixed slapo-ppolicy don't update opattrs on consumers (ITS#6608)
* Fixed slapo-ppolicy to allow userPassword deletion (ITS#6620)
* Fixed slapo-syncprov to send error if consumer is newer (ITS#6606)
* Fixed slapo-syncprov filter race condition (ITS#6708)
* Fixed slapo-syncprov active mod race (ITS#6709)
* Fixed slapo-syncprov to refresh if context is dirty (ITS#6710)
* Fixed slapo-syncprov CSN updates to all replicas (ITS#6718)
* Fixed slapo-syncprov sessionlog ordering (ITS#6716)
* Fixed slapo-syncprov sessionlog with adds (ITS#6503)
* Fixed slapo-syncprov mutex (ITS#6438)
* Fixed slapo-syncprov mincsn check with MMR (ITS#6717)
* Fixed slapo-syncprov control leak (ITS#6795)
* Fixed slapo-syncprov error codes (ITS#6812)
* For a comprehensive list of changes please consult the CHANGES
file
- removed unneeded openSUSE 11.0 specifc patch
-------------------------------------------------------------------
Tue Feb 1 10:08:06 UTC 2011 - rhafer@suse.de
- slapadd -q could crash for glued bdb/hdb databases
-------------------------------------------------------------------
Wed Jan 19 15:05:27 UTC 2011 - rhafer@suse.de
- Install the correct schema2ldif script (bnc#665530)
-------------------------------------------------------------------
Wed Jan 5 15:48:27 UTC 2011 - rhafer@novell.com
- Fixed quotation in init-script to avoid errors when calling it
from within /etc/openldap/slapd.d/cn=config/ (bnc#660492).
-------------------------------------------------------------------
Fri Nov 12 12:31:57 UTC 2010 - rhafer@novell.com
- Surpress gcc warnings about extra format string arguments.
- Split-off openldap2-doc (noarch) package (Admin Guide and IDs)
- Backported -VVV commandline switch for slapd from HEAD
(to list enabled static overlays)
- Build all overlays except syncprov and ppolicy as dynamic modules
(Fixes bnc#648479, FATE#307837)
- Added README.dynamic-overlays to point out some details about
dynamic overlays
- simplified pie-compile patch and adjusted it to work with
dynamic overlays
-------------------------------------------------------------------
Tue Oct 5 14:39:46 UTC 2010 - rhafer@novell.com
- Handle the libdb-4_5 -> libdb-4_8 Version update by opening the
Databases with DB_RECOVER if a version mismatch is detected.
-------------------------------------------------------------------
Sun Oct 3 22:55:34 UTC 2010 - cristian.rodriguez@opensuse.org
- Do not include Build date and time in binaries, this
avoids build-compare failures and unhelpful rebuilds/republishes
-------------------------------------------------------------------
Wed Sep 29 09:21:52 UTC 2010 - rhafer@novell.com
- Don't build 2.3 slapcat anymore for 11.3 and newer. We switch to
2.4 long ago.
- Removed automatic 2.3->2.4 migration in %post
- moved back-sql examples to make rpmlint happy
-------------------------------------------------------------------
Thu Aug 26 14:04:06 UTC 2010 - rhafer@novell.com
- Fix listener URIs in init script to make SLP registration work
again (bnc#620389)
-------------------------------------------------------------------
Fri Jul 23 07:49:40 UTC 2010 - rhafer@novell.com
- Fixed RPM Group and Summary Tags (bnc#624980)
-------------------------------------------------------------------
Thu Jul 1 13:02:13 UTC 2010 - rhafer@novell.com
- Updated to 2.4.23:
* Fixed libldap to return server's error code (ITS#6569)
* Fixed libldap memleaks (ITS#6568)
* Fixed liblutil off-by-one with delta (ITS#6541)
* Fixed slapd acls with glued databases (ITS#6468)
* Fixed slapd syncrepl rid logging (ITS#6533)
* Fixed slapd modrdn handling of invalid values (bnc#612430,
ITS#6570)
* Fixed slapd-bdb hasSubordinates computation (ITS#6549)
* Fixed slapd-bdb to use memcpy instead for strcpy (ITS#6474)
* Fixed slapd-bdb entry cache delete failure (ITS#6577)
* Fixed slapd-ldap to return control responses (ITS#6530)
* Fixed slapo-ppolicy to use Debug (ITS#6566)
* Fixed slapo-refint to zero out freed DN vals (ITS#6572)
* Fixed slapo-rwm to use Debug (ITS#6566)
* Fixed slapo-sssvlv to use Debug (ITS#6566)
* Fixed slapo-syncprov lost deletes in refresh phase (bnc#606294,
ITS#6555)
* Fixed slapo-valsort to use Debug (ITS#6566)
* Fixed contrib/nssov network.c missing patch (ITS#6562)
- New subpackage openldap2-back-sql. Contains the SQL backend
module plus some documentation (bnc#395719)
- generate Patches from git tree (resulted in all patches being
renamed)
- installing binaries without stripping them is done by setting
the STRIP enviroment variable instead for patching the Makefile
now
- Fixed a bug in the syncprov overlay which could lead to not
replicate delete Operations (ITS#6555, bnc#606294)
- BuildRequires cleanup
-------------------------------------------------------------------
Thu Jul 1 12:48:18 UTC 2010 - rhafer@novell.com
- LDAP clients could crash the server by submitting a specially
crafted LDAP ModRDN operation. (bnc#612430, ITS#6570)
- Delete Operations happening during the "Refresh" phase of
"refreshAndPersist" replication failed to replicate under
certain circumstances (bnc#606294, ITS#6555)
-------------------------------------------------------------------
Mon May 10 13:35:59 UTC 2010 - rhafer@novell.com
- Create /var/run/slapd on demand. /var/run might be mounted on
tmpfs.
-------------------------------------------------------------------
Thu Apr 15 08:18:49 UTC 2010 - adrian@suse.de
- fix build dependency cycle for -client package with openslp
-------------------------------------------------------------------
Wed Mar 17 13:06:12 UTC 2010 - rhafer@novell.com
- Fixed quotation in sed expression to escape ldapi path in init
script
-------------------------------------------------------------------
Tue Mar 16 10:01:39 UTC 2010 - rhafer@novell.com
- Removed obsolete hunk from openldap2.dif
- Remove ldap.conf patch to use saner default for Certificate
verification (bnc#575146)
-------------------------------------------------------------------
Sat Feb 13 23:11:03 CET 2010 - rguenther@suse.de
- Add fix for stricter fortification checks of GCC 4.5.
-------------------------------------------------------------------
Thu Jan 7 15:47:20 UTC 2010 - rhafer@novell.com
- Updated to 2.4.21:
* Fixed liblutil for negative microsecond offsets (ITS#6405)
* Fixed slapd global settings to work without restart (ITS#6428)
* Fixed slapd looping with SSL/TLS connections (ITS#6412)
* Fixed slapd syncrepl freeing tasks from queue (ITS#6413)
* Fixed slapd syncrepl parsing of tls defaults (ITS#6419)
* Fixed slapd syncrepl uninitialized variables (ITS#6425)
* Fixed slapd-config Adds with Abstract classes (ITS#6408)
* Fixed slapo-dynlist behavior with simple filters (ITS#6421)
* Fixed slapd-ldif access outside database directory (ITS#6414)
* Fixed slapo-translucent with back-null (ITS#6403)
* Fixed slapo-unique criteria checking (ITS#6270)
- removed some obsolete RPM dependencies
- Added missing tags to init script to silence rpmlint warnings
-------------------------------------------------------------------
Thu Dec 10 15:41:11 UTC 2009 - rhafer@novell.com
- Fixed an issue in back-config's objectclass inheritence code that
could cause the server to fail to start or to spin in an endless
loop (bnc#558059,ITS#6408)
- default the tls_reqcert parameter of a syncrepl config to
"demand" as documented even if other tls_ options are absent
(bnc#558397, ITS#6319)
- apply changes to the global size and timelimits to all database
that don't specify limits themself. (bnc#562184, ITS#6428)
-------------------------------------------------------------------
Mon Nov 30 16:09:22 UTC 2009 - rhafer@novell.com
- Update to 2.4.20 (fate#306593), most important fixes since 2.4.19
* Fixed liblber embedded NUL values in BerValues (ITS#6353)
* Fixed libldap sasl buffer sizing (ITS#6327,ITS#6334)
* Fixed libldap uninitialized return value (ITS#6355)
* Fixed libldap unlimited timeout (ITS#6388)
* Added slapd handling of hex server IDs (ITS#6297)
* Fixed slapd checks of str2filter (ITS#6391)
* Fixed slapd configArgs initialization (ITS#6363)
* Fixed slapd db_open with connection_fake_init (ITS#6381)
* Fixed slapd with embedded \0 in bervals (ITS#6378,ITS#6379)
* Fixed slapd inclusion of ac/unistd.h (ITS#6342)
* Fixed slapd sl_free to better reclaim memory (ITS#6380)
* Fixed slapd syncrepl deletes in MirrorMode (ITS#6368)
* Fixed slapd syncrepl to use correct SID (ITS#6367)
* Fixed slapd tls_accept to retry in certain cases (ITS#6304)
* Fixed slapd-bdb/hdb cache corruption (ITS#6341)
* Fixed slapd-bdb/hdb entry cache (ITS#6360)
* Fixed slapo-syncprov checkpoint conversion (ITS#6370)
* Fixed slapo-syncprov deadlock (ITS#6335)
* Fixed slapo-syncprov out of order changes (ITS#6346)
- Added switch to enable/disable testsuite (%run_test_suite)
-------------------------------------------------------------------
Tue Nov 3 19:13:32 UTC 2009 - coolo@novell.com
- updated patches to apply with fuzz=0
-------------------------------------------------------------------
Mon Sep 28 13:59:18 UTC 2009 - rhafer@novell.com
- Added schema2ldif tool to openldap2-client subpackage
(bnc#541819)
-------------------------------------------------------------------
Wed Sep 23 15:35:13 UTC 2009 - rhafer@novell.com
- Changed permissions on /var/run/slapd to a saner default for
ldapi:/// (bnc#536729)
-------------------------------------------------------------------
Wed Sep 9 07:48:20 UTC 2009 - rhafer@novell.com
- libldap's check of the hostname against the TLS Certificate's CN
Attribute did not handle possible NUL bytes in the CN correctly
and was vulnerable against attacks with spoofed Certificates.
(bnc#537143, ITS#6239)
-------------------------------------------------------------------
Tue Jul 14 14:02:11 CEST 2009 - rhafer@novell.com
- Update to 2.4.17. Most important changes:
* Fixed liblber to use ber_strnlen (ITS#6080)
* Fixed libldap openssl digest initialization (ITS#6192)
* Fixed libldap tls NULL error messages (ITS#6079)
* Added slapd sasl auxprop support (ITS#6147)
* Added slapd schema checking tool (ITS#6150)
* Added slapd writetimeout keyword (ITS#5836)
* Fixed slapd abandon/cancel handling for some ops (ITS#6157)
* Fixed slapd access setstyle to expand (ITS#6179)
* Fixed slapd assert with closing connections (ITS#6111)
* Fixed slapd bind race condition (ITS#6189)
* Fixed slapd cert validation (ITS#6098)
* Fixed slapd connection_destroy assert (ITS#6089)
* Fixed slapd csn normalization (ITS#6195)
* Fixed slapd errno handling (ITS#6037)
* Fixed slapd hung writers (ITS#5836)
* Fixed slapd ldapi issues (ITS#6056)
* Fixed slapd normalization of updated schema attributes (ITS#5540)
* Fixed slapd olcLimits handling (ITS#6159)
* Fixed slapd olcLogLevel with hex levels (ITS#6162)
* Fixed slapd sending cancelled operations results (ITS#6103)
* Fixed slapd slapi_entry_has_children (ITS#6132)
* Fixed slapd sockets usage on windows (ITS#6039)
* Fixed slapd some abandon and cancel race conditions (ITS#6104)
* Fixed slapd tls context after changes (ITS#6135)
* Fixed slapd-bdb/hdb adjust dncachesize if too low (ITS#6176)
* Fixed slapd-bdb/hdb crashes during delete (ITS#6177)
* Fixed slapd-bdb/hdb multiple olcIndex for same attr (ITS#6196)
* Fixed slapd-hdb freeing of already freed entries (ITS#6074)
* Fixed slapd-hdb entryinfo cleanup (ITS#6088)
* Fixed slapd-hdb dncache lockups (ITS#6095)
* Fixed slapd-ldap deadlock with non-responsive TLS URIs (ITS#6167)
* Fixed slapo-ppolicy to honor pwdLockout (ITS#6168)
* Fixed slapo-ppolicy to return check modules error message (ITS#6082)
* Added slapo-rwm rwm-drop-unrequested-attrs config option (ITS#6057)
* Fixed slapo-rwm dn passing (ITS#6070)
* Fixed slapo-rwm entry free/release (ITS#6058, ITS#6081)
* Fixed tools returning ldif errors (ITS#5892)
- Backported fix for failing back-monitor test from HEAD
- re-enabled some formerly disabled tests from the testsuite
-------------------------------------------------------------------
Mon Jun 29 14:24:56 CEST 2009 - rhafer@novell.com
- Fixed Summary/Description for -client subpackage
-------------------------------------------------------------------
Thu Jun 25 17:29:03 CEST 2009 - rhafer@novell.com
- Improved connection check in init script (bnc#510295)
-------------------------------------------------------------------
Mon Jun 15 12:12:17 CEST 2009 - rhafer@novell.com
- Fixed complilation with newer glibc (2.3.X release needs
GNU_SOURCE defined as well in getpeerid.c)
-------------------------------------------------------------------
Wed Apr 29 17:07:33 CEST 2009 - rhafer@novell.com
- gcc 4.4 fixes
-------------------------------------------------------------------
Mon Apr 6 15:41:05 CEST 2009 - rhafer@suse.de
- Update to 2.4.16. Most important fixes:
* Fixed libldap segfault in checking cert/DN (ITS#5976)
* Fixed libldap peer cert double free (ITS#5849)
* Fixed libldap referral chasing (ITS#5980)
* Fixed slapd backglue with empty DBs (ITS#5986)
* Fixed slapd ctxcsn race condition (ITS#6001)
* Fixed slapd debug message (ITS#6027)
* Fixed slapd redundant module loading (ITS#6030)
* Fixed slapd schema_init freed value (ITS#6036)
* Fixed slapd syncrepl newCookie sync messages (ITS#5972)
* Fixed slapd syncrepl hang during shutdown (ITS#6011)
* Fixed slapd syncrepl too many MMR messages (ITS#6020)
* Fixed slapd syncrepl skipped entries with MMR (ITS#5988)
* Fixed slapd-bdb/hdb cachesize handling (ITS#5860)
* Fixed slapd-bdb/hdb with slapcat with empty dn (ITS#6006)
* Fixed slapd-bdb/hdb with NULL transactions (ITS#6012)
* Fixed slapd-ldap incorrect referral handling (ITS#6003,ITS#5916)
* Fixed slapd-ldap/meta with broken AD results (ITS#5977)
* Fixed slapd-ldap/meta with invalid attrs again (ITS#5959)
* Fixed slapo-accesslog interaction with ppolicy (ITS#5979)
* Fixed slapo-dynlist conversion to cn=config (ITS#6002)
* Fixed various slapo-syncprov issues (ITS#5972, ITS#6020,
ITS#5985, ITS#5999, ITS#5973, ITS#6045, ITS#6024, ITS#5988)
- Fix building on older openSUSE releases
-------------------------------------------------------------------
Fri Mar 20 14:00:20 CET 2009 - rhafer@suse.de
- Update to 2.4.15. Most important changes:
* Fixed slapd bconfig conversion again (ITS#5346)
* Fixed slapd behavior with superior objectClasses again (ITS#5517)
* Fixed slapd RFC4512 behavior with same attr in RDN (ITS#5968)
* Fixed slapd corrupt contextCSN (ITS#5947)
* Fixed slapd syncrepl order to match on add/delete (ITS#5954)
* Fixed slapd adding rdn with other values (ITS#5965)
* Fixed slapd-bdb/hdb behavior with unallocatable shm (ITS#5956)
* Fixed slapd-ldap/meta with entries with invalid attrs (ITS#5959)
* Fixed slapo-pcache caching invalid entries (ITS#5927)
* Fixed slapo-syncprov csn updates (ITS#5969)
* Added libldap option to disable SASL host canonicalization (ITS#5812)
* Fixed libldap chasing multiple referrals (ITS#5853)
* Fixed libldap setuid usage with .ldaprc (ITS#4750)
* Fixed libldap deref handling (ITS#5768)
* Fixed libldap NULL pointer deref (ITS#5934)
* Fixed libldap peer cert memory leak (ITS#5849)
* Fixed libldap intermediate response behavior (ITS#5896)
* Fixed libldap IPv6 address handling (ITS#5937)
* Fixed libldap_r deref building (ITS#5768)
* Fixed libldap_r slapd lockup when paused during shutdown (ITS#5841)
* Fixed slapd acl checks on ADD (ITS#4556,ITS#5723)
* Fixed slapd acl application to newly created backends (ITS#5572)
* Fixed slapd bconfig to return error codes (ITS#5867)
* Fixed slapd bconfig encoding incorrectly (ITS#5897)
* Fixed slapd bconfig dangling pointers (ITS#5924)
* Fixed slapd epoll handling (ITS#5886)
* Fixed slapd glue with MMR (ITS#5925)
* Fixed slapd listener comparison (ITS#5613)
* Fixed various syncrepl issues (ITS#5809,ITS#5850, ITS#5843,
ITS#5866, ITS#5901, ITS#5881, ITS#5935, ITS#5710,
ITS#5781, ITS#5809, ITS#5798, ITS#5826)
* Fixed slapd-bdb/hdb dncachesize handling (ITS#5860)
* Fixed slapd-bdb/hdb trickle task usage (ITS#5864)
* Fixed slapd-hdb idlcache with empty suffix (ITS#5859)
-------------------------------------------------------------------
Wed Jan 7 12:34:56 CET 2009 - olh@suse.de
- obsolete old -XXbit packages (bnc#437293)
-------------------------------------------------------------------
Fri Dec 12 14:45:07 CET 2008 - rhafer@suse.de
- Fixed openldap2-devel dependencies (bnc#457989)
-------------------------------------------------------------------
Tue Dec 9 11:11:38 CET 2008 - rhafer@suse.de
- Fixed a bug in the threadpool implementation that could cause
slapd to lockup when shutting down while the pool is paused.
(bnc#450457, ITS#5841)
-------------------------------------------------------------------
Fri Nov 28 14:08:16 CET 2008 - rhafer@suse.de
- Disable the slapadd trickle-task it cause performance issues
when using libdb-4.5 (bnc#449641)
- removed obsolete configure option (ldbm backend does not exist
in OpenLDAP 2.4)
-------------------------------------------------------------------
Fri Nov 21 16:39:20 CET 2008 - ro@suse.de
- update check-build.sh
-------------------------------------------------------------------
Wed Nov 5 12:01:57 CET 2008 - rhafer@suse.de
- Fixed database shutdown sequence (bnc#441774, ITS#5745)
-------------------------------------------------------------------
Tue Nov 4 14:10:24 CET 2008 - rhafer@suse.de
- Handle ldbm databases in updates from 2.3 release (bnc#440589)
-------------------------------------------------------------------
Thu Oct 23 12:59:08 CEST 2008 - rhafer@suse.de
- the helper function to create various LDAP controls returned
wrong error codes under certain circumstances
(bnc#429064, ITS#5762)
- Fixed referral chasing in chain-overlay (bnc#438088, ITS#5742)
- Fixed back-config integration of overlays with private instances
of databases (translucent, chain, ...) (bnc#438094, ITS#5736)
-------------------------------------------------------------------
Mon Oct 13 11:33:57 CEST 2008 - rhafer@suse.de
- Added missing #include to slapo-collect
-------------------------------------------------------------------
Sun Oct 12 23:51:09 CEST 2008 - rhafer@suse.de
- Update to 2.4.12. Most important changes:
* Fixed libldap ldap_utf8_strchar arguments (ITS#5720)
* Fixed libldap TLS_CRLFILE (ITS#5677)
* Fixed librewrite memory handling (ITS#5691)
* Fixed slapd attribute leak (ITS#5683)
* Fixed slapd config backend with index greater than sibs (ITS#5684)
* Fixed slapd custom attribute inheritance (ITS#5642)
* Fixed slapd firstComponentMatch normalization (ITS#5634)
* Fixed slapd connection events enabled twice (ITS#5725)
* Fixed slapd memory handling (ITS#5691)
* Fixed slapd objectClass canonicalization (ITS#5681)
* Fixed slapd objectClass termination (ITS#5682)
* Fixed slapd overlay control registration (ITS#5649)
* Fixed slapd runqueue checking (ITS#5726)
* Fixed slapd sortvals comparison (ITS#5578)
* Fixed slapd syncrepl contextCSN detection (ITS#5675)
* Fixed slapd syncrepl error logging (ITS#5618)
* Fixed slapd syncrepl runqueue interval (ITS#5719)
* Fixed slapd-bdb entry return if attr not present (ITS#5650)
* Fixed slapd-bdb/hdb release search entries earlier (ITS#5728,ITS#5730)
* Fixed slapd-bdb/hdb subtree search with empty suffix (ITS#5729)
* Fixed slapo-memberof internal operations DN (ITS#5622)
* Fixed slapo-pcache attrset crash (ITS#5665)
* Fixed slapo-pcache caching with invalid schema (ITS#5680)
* Fixed slapo-ppolicy control return on password modify exop (ITS#5711)
- removed obsolete patches
-------------------------------------------------------------------
Mon Oct 6 10:49:23 CEST 2008 - rhafer@suse.de
- remove some problematic test-cases, that cause a lot of
unreproducable buildfailures
- check for exisitence of /etc/openldap/slapd.conf in init-script
assume back-config usage if it isn't present (bnc#428168)
-------------------------------------------------------------------
Wed Sep 24 10:58:09 CEST 2008 - rhafer@suse.de
- Mark Schema and SuSEfirewall files as %config
- openldap2-back-perl requires perl
- Give more meaningful error messages when index configuration
fails (bnc#429150)
-------------------------------------------------------------------
Fri Sep 19 17:52:55 CEST 2008 - rhafer@suse.de
- Reduced debug-level during "make test" to reduce required disk
space and buildtime
-------------------------------------------------------------------
Thu Sep 18 13:02:21 CEST 2008 - rhafer@suse.de
- Fixed init-script dependencies (bnc#426214)
-------------------------------------------------------------------
Fri Sep 12 10:09:28 CEST 2008 - rhafer@suse.de
- Backported fix for a crash in back-config when adding entries with
a too large index (ITS#5684)
- Backported fix for a crash when adding an invalid olcBdbConfig
Entry to back-config (ITS#5698)
-------------------------------------------------------------------
Tue Sep 9 17:22:18 CEST 2008 - rhafer@suse.de
- Removed getaddrinfo workaround. Recent glibc doesn't need it
anymore (bnc#288879, ITS#5251)
- Server requires libldap of the same version.
-------------------------------------------------------------------
Mon Sep 8 16:07:47 CEST 2008 - rhafer@suse.de
- Import back-config support for deleting databases from CVS HEAD
-------------------------------------------------------------------
Tue Sep 2 09:18:05 CEST 2008 - rhafer@suse.de
- Dropped evolution specific ntlm-bind Patch (Fate#303480)
-------------------------------------------------------------------
Thu Aug 28 11:46:08 CEST 2008 - rhafer@suse.de
- added ldapns.schema , to allow to use pam_ldap's "check_host_attr"
and "check_service_attr" features (bnc#419984)
- backport overlay_register_control fix from HEAD (bnc#420016,
ITS#5649)
-------------------------------------------------------------------
Mon Aug 18 18:10:07 CEST 2008 - mrueckert@suse.de
- remove outdated options in the fillup_and_insserv call
-------------------------------------------------------------------
Mon Aug 18 11:00:13 CEST 2008 - rhafer@suse.de
- fixed LSB-Headers in init-script
-------------------------------------------------------------------
Wed Aug 13 17:25:25 CEST 2008 - ro@suse.de
- try to fix build for buildservice
(BUILD_INCARNATION can be empty)
-------------------------------------------------------------------
Mon Aug 11 11:06:08 CEST 2008 - rhafer@suse.de
- /usr/lib/sasl2/slapd.conf was moved to /etc/sasl2/slapd.conf
(bnc#412652)
- adjust ownerships of database directories even when using
back-config
-------------------------------------------------------------------
Thu Jul 31 11:40:35 CEST 2008 - rhafer@suse.de
- Enable back-config delete support
-------------------------------------------------------------------
Tue Jul 29 15:32:05 CEST 2008 - rhafer@suse.de
- Update to Version 2.4.11. Most important changes:
* Fixed liblber ber_get_next length decoding (ITS#5580)
* Added libldap assertion control (ITS#5560)
* Fixed liblutil missing return code (ITS#5615)
* Fixed slapd cert serial number parsing (ITS#5588)
* Fixed slapd check for structural_class failures (ITS#5540)
* Fixed slapd config backend renumbering (ITS#5571)
* Fixed slapd configContext OID (ITS#5383)
* Fixed slapd crash with no listeners (ITS#5563)
* Fixed slapd sets memory leak (ITS#5557)
* Fixed slapd sortvals binary search (ITS#5578)
* Fixed slapd syncrepl updates with multiple masters (ITS#5597)
* Fixed slapd syncrepl superior objectClass delete/add (ITS#5600)
* Fixed slapd syncrepl/slapo-syncprov contextCSN updates as internal ops (ITS#5596)
* Fixed slapo-memberof replace handling (ITS#5584)
* Added slapo-nssov contrib module
* Fixed slapo-pcache handling of negative search caches (ITS#5546)
* Fixed slapo-ppolicy DNs with whitespaces (ITS#5552)
* Fixed slapo-ppolicy modify with internal ops (ITS#5569)
* Fixed slapo-syncprov ACL evaluation (ITS#5548)
* Fixed slapo-syncprov crash with delcsn (ITS#5589)
* Fixed slapo-syncprov full reload (ITS#5564)
* Fixed slapo-syncprov missing olcSpReloadHint attr(ITS#5591)
* Fixed slapo-unique filter normalization (ITS#5581)
-------------------------------------------------------------------
Mon Jun 30 16:32:10 CEST 2008 - rhafer@suse.de
- Only apply -fPIE patch to recent Distributions
- removed -fPIE from the slapcat-2.3 build
- Adjust BuildRequires for older Distributions
-------------------------------------------------------------------
Fri Jun 27 10:57:53 CEST 2008 - coolo@suse.de
- make sure the subpacks are only in one spec file declared
-------------------------------------------------------------------
Tue Jun 24 11:08:00 CEST 2008 - rhafer@suse.de
- branched off libldap-2_4-2 package to support the shared library
packaging policy
-------------------------------------------------------------------
Wed Jun 11 13:03:29 CEST 2008 - rhafer@suse.de
- Update to Version 2.4.10. Most important changes:
* Fixed libldap ld_defconn cleanup if it was freed (ITS#5518,
ITS#5525)
* Fixed libldap msgid handling (ITS#5318)
* Fixed libldap t61 infinite loop (ITS#5542)
* Fixed libldap_r missing stubs (ITS#5519)
* Fixed slapd initialization of sr_msgid, rs->sr_tag (ITS#5461)
* Fixed slapd missing termination of integerFilter keys
(ITS#5503)
* Fixed slapd multiple attrs in URI (ITS#5516)
* Fixed slapd sasl_ssf retrieval (ITS#5403)
* Fixed slapd socket assert (ITS#5489)
* Fixed slapd syncrepl cookie (ITS#5536)
* Fixed slapd-bdb/hdb MAXPATHLEN (ITS#5531)
* Fixed slapd-bdb indexing in single ADD/MOD (ITS#5521)
* Fixed slapd-ldap entry_get() op-dependent behavior (ITS#5513)
* Fixed slapd-meta quarantine crasher (ITS#5522)
* Fixed slapo-refint to allow setting modifiers name (ITS#5505)
* Fixed slapo-syncprov contextCSN passing on syncprov consumers
(ITS#5488)
* Fixed slapo-syncprov csn update with delta-syncrepl (ITS#5493)
* Fixed slapo-syncprov op2.o_extra reset (ITS#5501, #5506)
* Fixed slapo-syncprov searching wrong backend (ITS#5487)
* Fixed slapo-syncprov sending ops without queued CSNs (ITS#5465)
* Fixed slapo-syncprov max csn search on startup (ITS#5537)
* Fixed slapo-unique config structs (ITS#5526)
* Fixed slapo-unique filter terminator (ITS#5511)
-------------------------------------------------------------------
Fri May 16 13:24:11 CEST 2008 - rhafer@suse.de
- Support update from 2.3 releases (bnc#390247)
-------------------------------------------------------------------
Thu May 8 08:55:00 CEST 2008 - rhafer@suse.de
- Update to Version 2.4.9. Most important changes:
* Fixed libldap to use unsigned port (ITS#5436)
* Fixed libldap error message for missing close paren (ITS#5458)
* Fixed libldap_r tpool pause checks (ITS#5364, #5407)
* Fixed slapcat error checking (ITS#5387)
* Fixed slapd abstract objectClass inheritance check (ITS#5474)
* Fixed slapd add operations requiring naming attrs (ITS#5412)
* Fixed slapd connection handling (ITS#5469)
* Fixed slapd frontendDB backend selection (ITS#5419)
* Fixed slapd pagedresults stale state (ITS#5409)
* Fixed slapd pointer dereference (ITS#5388)
* Fixed slapd null argument dereference (ITS#5435)
* Fixed slapd REP_ENTRY flags (ITS#5340)
* Fixed slapd value list termination (ITS#5450)
* Fixed slapd-bdb ID_NOCACHE handling (ITS#5439)
* Fixed slapd-bdb entryinfo state if db_lock fails (ITS#5455)
* Fixed slapd-bdb referral rewrite (ITS#5339)
* Fixed slapd-config overlay stacking (ITS#5346)
* Fixed slapd-config attribute publishing (ITS#5383)
* Fixed slapd-ldap connection handler (ITS#5404)
* Fixed slapd-ldif file name handling & multi-suffix/dir catch
(ITS#5408)
* Fixed slapd-meta connections on error (ITS#5440)
* Fixed slapd-meta crash on search (ITS#5481)
* Various syncrepl fixes (ITS#5407, ITS#5413, ITS#5426, ITS#5430,
ITS#5432, ITS#5454, ITS#5397, ITS#5470)
* Various slapo-syncprov fixes (ITS#5401, ITS#5405, ITS#5418,
ITS#5486, ITS#5433, ITS#5434, ITS#5437, ITS#5444, ITS#5445,
ITS#5484, ITS#5451)
-------------------------------------------------------------------
Fri Apr 25 10:56:18 CEST 2008 - rhafer@suse.de
- Adjust ownership of DB_CONFIG to ldap:ldap (bnc#376204)
-------------------------------------------------------------------
Thu Apr 10 23:07:30 CEST 2008 - matz@suse.de
- Compile with glibc 2.8.
-------------------------------------------------------------------
Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de
- added baselibs.conf file to build xxbit packages
for multilib support
-------------------------------------------------------------------
Thu Apr 3 14:26:12 CEST 2008 - rhafer@suse.de
- removed apparmor profile
-------------------------------------------------------------------
Mon Mar 3 08:50:18 CET 2008 - rhafer@suse.de
- revert last change and make libldap_r available again as some
packages seem to directly rely on libldap_r. Assume they know
of the libldap_r's limitations.
-------------------------------------------------------------------
Wed Feb 27 11:21:39 CET 2008 - rhafer@suse.de
- Moved libldap_r from -client subpackage to the main server
package as it is only meant to be used by slapd.
- Removed static libldap_r.a library and libldap_r.so link from
-devel subpackage. External programs should only use the "normal"
libldap library.
-------------------------------------------------------------------
Wed Feb 20 09:49:30 CET 2008 - rhafer@suse.de
- Update to Version 2.4.8. Most important changes:
* Fixed libldap extended decoding (ITS#5304)
* Fixed libldap filter abort (ITS#5300)
* Fixed libldap ldap_parse_sasl_bind_result (ITS#5263)
* Fixed libldap result codes for open (ITS#5338)
* Fixed libldap search timeout crash (ITS#5291)
* Fixed libldap paged results crash (ITS#5315)
* Fixed slapd support for 2.1 CSN (ITS#5348)
* Fixed slapd include handling (ITS#5276)
* Fixed slapd modrdn check for valid new DN (ITS#5344)
* Fixed slapd multi-step SASL binds (ITS#5298)
* Fixed slapd overlay ordering when moving to slapd.d (ITS#5284)
* Fixed slapd NULL printf (ITS#5264)
* Fixed slapd NULL set values (ITS#5286)
* Fixed slapd timestamp race condition (ITS#5370)
* Fixed slapd cn=config crash on delete (ITS#5343)
* Fixed slapd cn=config global acls (ITS#5352)
* Fixed slapd truncated cookie (ITS#5362)
* Fixed slapd str2entry with no attrs (ITS#5308)
* Fixed slapd TLSVerifyClient default (ITS#5360)
* Fixed slapd delta-syncrepl refresh mode (ITS#5376)
* Fixed slapd ACL sets URI attrs (ITS#5384)
* Fixed slapd invalid entryUUID filter (ITS#5386)
* Fixed slapd-bdb idlcache on adds (ITS#5086)
* Fixed slapd-bdb crash with modrdn (ITS#5358)
* Fixed slapd-bdb modrdn to same dn (ITS#5319)
* Fixed slapd-bdb MMR (ITS#5332)
* Fixed slapd-meta setting of sm_nvalues (ITS#5375)
* Fixed slapd-monitor crash (ITS#5311)
* Fixed slapo-ppolicy only password check with policy (ITS#5285)
* Fixed slapo-ppolicy del/replace password without new one (ITS#5373)
* Fixed slapo-syncprov hang on checkpoint (ITS#5261)
-------------------------------------------------------------------
Thu Jan 10 15:06:12 CET 2008 - rhafer@suse.de
- Removed bogus debugging output from slapd_getaddrinfo_dupl.dif
-------------------------------------------------------------------
Wed Jan 9 13:29:33 CET 2008 - rhafer@suse.de
- Fixed allocation for paged results cookie (Bug #352255, ITS#5315)
-------------------------------------------------------------------
Fri Dec 14 13:53:33 CET 2007 - rhafer@suse.de
- Update to Version 2.4.7. Most important changes:
* Added slapd ordered indexing of integer attributes (ITS#5239)
* Fixed slapd paged results control handling (ITS#5191)
* Fixed slapd sasl-host parsing (ITS#5209)
* Fixed slapd filter normalization (ITS#5212)
* Fixed slapd multiple suffix checking (ITS#5186)
* Fixed slapd paged results handling when using rootdn (ITS#5230)
* Fixed slapd syncrepl presentlist handling (ITS#5231)
* Fixed slapd core schema 'c' definition for RFC4519 (ITS#5236)
* Fixed slapd 3-way Multi-Master Replication (ITS#5238)
* Fixed slapd hash collisions in index slots (ITS#5183)
* Fixed slapd replication of dSAOperation attributes (ITS#5268)
* Fixed slapadd contextCSN updating (ITS#5225)
* Fixed slapd-bdb/hdb to report and fail on internal errors (ITS#5232)
* Fixed slapd-bdb/hdb dn2entry lock bug (ITS#5257)
* Fixed slapd-bdb/hdb dn2id lock bug (ITS#5262)
* Fixed slapd-hdb caching on rename ops (ITS#5221)
* Fixed slapo-accesslog abandoned op cleanup (ITS#5161)
* Fixed slapo-dds deleting from nonexistent db (ITS#5267)
* Fixed slapo-memberOf deleted values saving (ITS#5258)
* Fixed slapo-pcache op->o_abandon handling (ITS#5187)
* Fixed slapo-ppolicy single password check on modify (ITS#5146)
* Fixed slapo-ppolicy internal search (ITS#5235)
* Fixed slapo-syncprov refresh and persist cookie sending (ITS#5210)
* Fixed slapo-syncprov ignore invalid cookies (ITS#5211)
* Fixed slapo-translucent interaction with slapo-rwm (ITS#4889)
-------------------------------------------------------------------
Thu Nov 29 15:43:11 CET 2007 - rhafer@suse.de
- check for duplicates in getaddrinfo results and ignore them.
(Bug #288879)
-------------------------------------------------------------------
Tue Nov 27 13:51:52 CET 2007 - rhafer@suse.de
- The init-script removed directory access on /etc/openldap/slapd.d
(Bug #344091)
-------------------------------------------------------------------
Mon Nov 26 15:56:28 CET 2007 - rhafer@suse.de
- Update to Version 2.4.6. Initial 2.4 release for "general use".
New features:
* Usability/Manageability:
- More complete Documentation (manual pages and Admin Guide)
- dynamic configuration and monitoring improvments
* More functionality
- New overlays (dds, memberof, constraint)
- Multimaster syncrepl replication
* Performance improvments:
- Further optimized frontend
- Reduced locking contention in backend
- back-config support through new sysconfig option
"OPENLDAP_CONFIG_BACKEND"
- Install admin guide from the main tarball, to get rid of the
admin-guide tarball
- New sysconfig options:
* OPENLDAP_START_LDAP to allow to disable the ldap:// listener
* OPENLDAP_LDAPI_INTERFACES to specify the paths for the ldapi:///
listeners
-------------------------------------------------------------------
Mon Oct 29 16:59:18 CET 2007 - rhafer@suse.de
- Update to Version 2.3.39. Most important changes:
* Fixed slapd database/overlay config conflict (ITS#4848)
* Fixed slapd password_hash config order (ITS#5082)
* Fixed slapd slap_mods_check bug (ITS#5119)
* Fixed slapd ACL sets memory handling (ITS#4860,ITS#4873)
* Fixed slapd ordered values add normalization issue (ITS#5136)
* Fixed slapd-bdb DB_CONFIG conversion bug (ITS#5118)
* Fixed slapd-ldap search control parsing (ITS#5138)
* Fixed slapd-ldap SASL idassert w/o authcId
* Fixed slapd-ldif directory separators in DN (ITS#5172)
* Fixed slapd-meta conn caching on bind failure (ITS#5154)
* Fixed slapd-meta bind timeout assertion (ITS#5185)
* Fixed slapd-sql concurrency issue (ITS#5095)
* Fixed slapo-chain double-free (ITS#5137)
* Fixed slapo-pcache and -rwm interaction fix (ITS#4991)
* Fixed slapo-pcache non-null terminated array crasher (ITS#5163)
* Fixed slapo-rwm modlist handling (ITS#5124)
* Fixed slapo-rwm UUID in filter (ITS#5168)
* Fixed sasl SASL_SSF_EXTERNAL type (ITS#3864)
* Fixed liblber Windows x64 portability (ITS#5105)
* Fixed libldap ppolicy control creation (ITS#5103)
- Silenced some rpmlint warnings
------------------------------------------------------------------
Wed Aug 22 13:56:25 CEST 2007 - rhafer@suse.de
- Call "ldconfig" from %post and %postun in openldap2-client
(Bug #298297)
-------------------------------------------------------------------
Tue Jul 24 15:19:05 CEST 2007 - rhafer@suse.de
- Update to Version 2.3.37. Most important changes:
* Fixed slapd-glue/syncprov interaction (ITS#4623)
* Fixed slapd-ldap search reference crash (ITS#5025)
* Fixed slapd-ldbm crash on Compare op (ITS#5044)
* Fixed slapo-rwm searchFilter double free (ITS#5043)
- Most important changes in 2.3.36:
* Fixed slapd mutex bug after failed startup (ITS#4957)
* Fixed slapd sasl failed Bind bug (ITS#4954)
* Fixed slapd sasl ssf logging (ITS#5001)
* Fixed slapd tool op init (ITS#4911)
* Fixed slapd-bdb no-op crasher (ITS#4925)
* Fixed slapd-relay crash when no database can be selected (ITS#4958)
* Fixed slapo-chain RFC3062 passwd exop handling (ITS#4964)
* Fixed slapo-dynlist multiple group/url[/member] config (ITS#4989)
* Fixed slapo-pcache handling of abandoned Operations (#5015)
* Fixed slapo-pcache and -rwm interaction (ITS#4991)
* Fixed slapo-ppolicy pwdReset/pwdMinAge (ITS#4970)
* Fixed slapo-ppolicy control cleanup from ITS#4665
* Fixed slapo-syncprov cookie parsing error (ITS#4977)
* Fixed slapo-valsort crash on delete op (ITS#4966)
* Fixed libldap referral chasing loop (ITS#4955)
* Fixed libldap response code handling on rebind (ITS#4924)
* Fixed libldap SASL_MAX_BUFF_SIZE (ITS#4935)
-------------------------------------------------------------------
Thu Jun 14 00:01:58 CEST 2007 - dmueller@suse.de
- remove binutils prereq
-------------------------------------------------------------------
Mon May 21 12:19:45 CEST 2007 - dmueller@suse.de
- reduce duplicated buildrequires against db42 and db45
-------------------------------------------------------------------
Tue May 15 15:50:11 CEST 2007 - rhafer@suse.de
- imported apparmor profile from apparmor (this profile is not
enabled by default)
-------------------------------------------------------------------
Fri May 4 14:00:39 CEST 2007 - rhafer@suse.de
- Update to Version 2.3.35. Most important changes:
* Fixed ldapmodify to use correct memory free functions (ITS#4901)
* Fixed slapd acl set minor typo (ITS#4874)
* Fixed slapd entry consistency check in str2entry2 (ITS#4852)
* Fixed slapd ldapi:// credential issue (ITS#4893)
* Fixed slapd str2anlist handling of undefined attrs/OCs (ITS#4854)
* Fixed slapd syncrepl delta-sync modlist free (ITS#4904)
* Added slapd syncrepl retry logging (ITS#4915)
* Fixed slapd zero-length IA5string handling (ITS#4823)
* Fixed slapd-bdb/hdb startup with missing shm env (ITS#4851)
* Fixed slapd-ldap/meta consistency in referral proxying (ITS#4861)
* Fixed slapd-ldap bind cleanup in case of unauthorized idassert
* Fixed slapd-meta search cleanup
* Fixed slapd-meta/slapo-rwm filter mapping
* Fixed slapd-sql subtree shortcut (ITS#4856)
* Fixed slapo-dynlist crasher (ITS#4891)
* Fixed slapo-refint config message (ITS#4853)
* Fixed libldap time_t signedness (ITS#4872)
* Fixed libldap_r tpool reset (ITS#4855,#4899)
-------------------------------------------------------------------
Wed May 2 14:05:05 CEST 2007 - dmueller@suse.de
- Fix comparison with string literal
-------------------------------------------------------------------
Wed Apr 18 15:16:43 CEST 2007 - schwab@suse.de
- Fix generation of debuginfo packages.
-------------------------------------------------------------------
Tue Mar 20 17:08:37 CET 2007 - rguenther@suse.de
- removed krb5-devel BuildRequires (support via cyrus-sasl)
-------------------------------------------------------------------
Thu Mar 15 14:29:22 CET 2007 - rhafer@suse.de
- added Service definitions for SuSEfirewall2 (Bug #251654)
-------------------------------------------------------------------
Thu Feb 22 16:50:18 CET 2007 - rhafer@suse.de
- Updated to Version 2.3.34. Most important changes:
* Fixed libldap missing get_option(TLS CipherSuite) (ITS#4815)
* Fixed ldapmodify printing error from ldap_result() (ITS#4812)
* Fixed slapadd LDIF parsing (ITS#4817)
* Fixed slapd libltdl link ordering (ITS#4830)
* Fixed slapd syncrepl memory leaks (ITS#4805)
* Fixed slapd dynacl/ACI compatibility with 2.1
* Fixed slapd-bdb/hdb be_entry_get with aliases/referrals
(ITS#4810)
* Fixed slapd-ldap more response handling bugs (ITS#4782)
* Fixed slapd-ldap C-API code tests (ITS#4808)
* Fixed slapd-monitor NULL printf (ITS#4811)
* Fixed slapo-chain spurious additional info in response
(ITS#4828)
* Fixed slapo-syncprov presence list (ITS#4813)
* Fixed slapo-syncprov contextCSN checkpoint again (ITS#4720)
* Added slapo-ppolicy cn=config support (ITS#4836)
* Added slapo-auditlog cn=config support
-------------------------------------------------------------------
Fri Jan 26 14:26:51 CET 2007 - rhafer@suse.de
- Updated to Version 2.3.33. Most important changes:
* Fixed slapd-ldap chase-referrals switch (ITS#4557)
* Fixed slapd-ldap bind behavior when idassert is always used
(ITS#4781)
* Fixed slapd-ldap response handling bugs (ITS#4782)
* Fixed slapd-ldap idassert mode=self anonymous ops (ITS#4798)
* Fixed slapd-ldap/meta privileged connections handling
(ITS#4791)
* Fixed slapd-meta retrying (ITS#4594, 4762)
* Fixed slapo-chain referral DN use (ITS#4776)
* Fixed slapo-dynlist dangling pointer after entry free
(ITS#4801)
* Fixed libldap ldap_pvt_put_filter syntax checks (ITS#4648)
-------------------------------------------------------------------
Fri Jan 12 11:04:22 CET 2007 - rhafer@suse.de
- Updated to Version 2.3.32. Most important changes:
* Fixed libldap unchased referral leak (ITS#4545)
* Fixed libldap tls callback (ITS#4723)
* Fixed slapd memleak on failed bind (ITS#4771)
* Fixed slapd connections_shutdown assert
* Fixed slapd add redundant duplicate value check (ITS#4600)
* Fixed slapd ACL set memleak (ITS#4780)
* Fixed slapd syncrepl shutdown hang (ITS#4790)
-------------------------------------------------------------------
Fri Nov 17 10:25:44 CET 2006 - rhafer@suse.de
- Fix for a flaw in libldap's strval2strlen() function when processing the
authcid string of certain Bind Requests, which could allow attackers to
cause an affected application to crash (especially the OpenLDAP Server),
creating a denial of service condition (Bug#221154,ITS#4740)
-------------------------------------------------------------------
Tue Nov 14 16:18:34 CET 2006 - rhafer@suse.de
- Additional back-perl fixes from CVS. The first revision of the
patch did not fix the problem completely (Bug#207618, ITS#4751)
-------------------------------------------------------------------
Fri Oct 27 16:46:43 CEST 2006 - rhafer@suse.de
- cyrus-sasl configuration moved from %{_libdir}/sasl2 to
/etc/sasl2/ (Bug: #206414)
-------------------------------------------------------------------
Wed Oct 4 15:56:11 CEST 2006 - rhafer@suse.de
- Add $network to Should-Start/Should-Stop in init scripts
(Bug: #206823)
- Imported latest back-perl changes from CVS, to fix back-perl
initialization (Bug: #207618)
-------------------------------------------------------------------
Tue Aug 22 16:27:25 CEST 2006 - rhafer@suse.de
- Updated to Version 2.3.27
* Fixed libldap dnssrv bug with "not present" positive statement
(ITS#4610)
* Fixed libldap dangling pointer issue (ITS#4405)
* Fixed slapd incorrect rebuilding of replica URI (ITS#4633)
* Fixed slapd DN X.509 normalization crash (ITS#4644)
* Fixed slapd-monitor operations order via callbacks (ITS#4631)
* Fixed slapo-accesslog purge task during shutdown
* Fixed slapo-ppolicy handling of default policy (ITS#4634)
* Fixed slapo-ppolicy logging verbosity when using default policy
* Fixed slapo-syncprov incomplete sync on restart issues (ITS#4622)
-------------------------------------------------------------------
Wed Aug 2 11:08:23 CEST 2006 - rhafer@suse.de
- Updated to Version 2.3.25
* Add libldap_r TLS concurrency workaround (ITS#4583)
* Fixed slapd acl selfwrite bug (ITS#4587)
* Fixed various syncrepl and slapo-syncprov bugs (ITS#4582, 4622,
4534,4613, 4589)
* Fixed slapd-bdb/hdb lock bug with virtual root (ITS#4572)
* Fixed slapd-bdb/hdb modrdn new entry disappearing bug (ITS#4616)
* Fixed slapd-bdb/hdb cache job issue
* Fixed slapo-ppolicy password hashing bug (ITS#4575)
* Fixed slapo-ppolicy password modify pwdMustChange reset bug (ITS#4576)
* Fixed slapo-ppolicy control can be critical (ITS#4596)
- Enabled CLDAP (LDAP over UDP) support
------------------------------------------------------------------
Mon Jun 26 16:36:16 CEST 2006 - rhafer@suse.de
- Updated to Version 2.3.24
* Fixed slapd syncrepl timestamp bug (delta-sync/cascade)
(ITS#4567)
* Fixed slapd-bdb/hdb non-root users adding suffix/root entries
(ITS#4552)
* Re-fixed slapd-ldap improper free bug in exop (ITS#4550)
* Fixed slapd-ldif assert bug (ITS#4568)
* Fixed slapo-syncprov crash under glued database (ITS#4562)
- cleaned up SLES10 update specific stuff
- added "chain-return-error" feature from HEAD to chain overlay
(ITS#4570)
-------------------------------------------------------------------
Thu Jun 22 14:46:58 CEST 2006 - schwab@suse.de
- Don't use automake macros without using automake.
-------------------------------------------------------------------
Wed May 24 09:52:03 CEST 2006 - rhafer@suse.de
- Updated to Version 2.3.23
* obsoletes the patches: libldap_ads-sasl-gssapi.dif,
slapd-epollerr.dif
* Fixed slapd-ldap improper free bug (ITS#4550)
* Fixed libldap referral input destroy issue (ITS#4533)
* Fixed libldap ldap_sort_entries tail bug (ITS#4536)
* Fixed slapd runqueue use of freed memory (ITS#4517)
* Fixed slapd thread pool init issue (ITS#4513)
* Fixed slapd-bdb/hdb pre/post-read freeing (ITS#4532)
* Fixed slapd-bdb/hdb pre/post-read unavailable issue (ITS#4538)
* Fixed slapd-bdb/hdb referral issue (ITS#4548)
* Fixed slapo-ppolicy BER tags issue (ITS#4528)
* Fixed slapo-ppolicy rebind bug (ITS#4516)
* For more details see the CHANGES file
- Install CHANGES file to /usr/share/doc/packages/openldap2
-------------------------------------------------------------------
Wed May 10 10:20:16 CEST 2006 - rhafer@suse.de
- Really apply the patch for Bug#160566
- slapd could crash while processing queries with pre-/postread
controls (Bug#173877, ITS#4532)
-------------------------------------------------------------------
Fri Mar 24 13:48:52 CET 2006 - rhafer@suse.de
- Backported fix from CVS for occasional crashes in referral
chasing code (as used in e.g. back-meta/back-ldap).
(Bug: #160566, ITS: #4448)
-------------------------------------------------------------------
Mon Mar 13 16:23:32 CET 2006 - rhafer@suse.de
- openldap2 must obsolete -back-monitor and -back-ldap to have them
removed during update (Bug: #157576)
-------------------------------------------------------------------
Fri Feb 17 12:58:13 CET 2006 - rhafer@suse.de
- Add "external" to the list of supported SASL mechanisms
(Bug: #151771)
-------------------------------------------------------------------
Thu Feb 16 11:45:20 CET 2006 - rhafer@suse.de
- Error out when conversion from old configfile to config database
fails (Bug: #135484,#135490 ITS: #4407)
-------------------------------------------------------------------
Mon Feb 13 14:45:43 CET 2006 - rhafer@suse.de
- Don't ignore non-read/write epoll events (Bug: #149993,
ITS: #4395)
- Added update message to /usr/share/update-messages/en/ and enable
it, when update did not succeed.
-------------------------------------------------------------------
Thu Feb 9 11:43:56 CET 2006 - rhafer@suse.de
- OPENLDAP_CHOWN_DIRS honors databases defined in include files
(Bug: #135473)
- Fixed version numbers in README.update
- Fixed GSSAPI binds against Active Directory (Bug: #149390)
-------------------------------------------------------------------
Fri Feb 3 11:32:27 CET 2006 - rhafer@suse.de
- Cleaned up update procedure
- man-pages updates and fixes (Fate: #6365)
-------------------------------------------------------------------
Fri Jan 27 09:15:33 CET 2006 - rhafer@suse.de
- Updated to 2.3.19 (Bug #144371)
-------------------------------------------------------------------
Fri Jan 27 02:16:56 CET 2006 - mls@suse.de
- converted neededforbuild to BuildRequires
-------------------------------------------------------------------
Wed Jan 25 18:17:51 CET 2006 - rhafer@suse.de
- Updated Admin Guide to latest version
- build slapcat from openldap-2.2.24 and install it to
/usr/sbin/openldap-2.2-slapcat to be able to migrate from
OpenLDAP 2.2.
- removed slapd-backbdb-dbupgrade which is no longer needed
- attempt to dump/reload bdb databases in %{post}
- Update notes in README.update
-------------------------------------------------------------------
Fri Jan 13 10:36:44 CET 2006 - rhafer@suse.de
- New sysconfig variable OPENLDAP_KRB5_KEYTAB
- Cleanup in default configuration and init scripts
-------------------------------------------------------------------
Wed Jan 11 10:13:52 CET 2006 - rhafer@suse.de
- Updated to 2.3.17
- Remove OPENLDAP_RUN_DB_RECOVER from sysconfig file in %post
slapd does now automatically recover the database if needed
- Removed unneeded README.SuSE
- Small adjustments to the default DB_CONFIG file
-------------------------------------------------------------------
Mon Jan 9 11:48:10 CET 2006 - rhafer@suse.de
- Updated to 2.3.16
-------------------------------------------------------------------
Mon Dec 19 13:55:35 CET 2005 - rhafer@suse.de
- Fixed filelist (slapd-hdb man-page was missing)
-------------------------------------------------------------------
Fri Dec 9 10:04:28 CET 2005 - rhafer@suse.de
- Fixed build on x86_64
-------------------------------------------------------------------
Wed Dec 7 10:48:57 CET 2005 - rhafer@suse.de
- Merged -back-ldap and -back-monitor subpackages into the main
package and don't build them as dynamic modules anymore.
- updated to OpenLDAP 2.3.13
-------------------------------------------------------------------
Mon Nov 28 16:56:21 CET 2005 - rhafer@suse.de
- updated to OpenLDAP 2.3.12
-------------------------------------------------------------------
Wed Oct 26 11:34:24 CEST 2005 - rhafer@suse.de
- updated to OpenLDAP 2.3.11
- removed the "LDAP_DEPRECATED" workaround
-------------------------------------------------------------------
Mon Sep 26 09:51:11 CEST 2005 - rhafer@suse.de
- Add "LDAP_DEPRECATED" to ldap.h for now
-------------------------------------------------------------------
Fri Sep 23 14:41:14 CEST 2005 - rhafer@suse.de
- updated to OpenLDAP 2.3.7
-------------------------------------------------------------------
Tue Aug 16 14:08:49 CEST 2005 - rhafer@suse.de
- allow start_tls while chasing referrals (Bug #94355, ITS #3791)
-------------------------------------------------------------------
Mon Jul 4 11:42:08 CEST 2005 - rhafer@suse.de
- devel-subpackage requires openldap2-client of the same version
(Bugzilla: #93579)
-------------------------------------------------------------------
Thu Jun 30 17:55:22 CEST 2005 - uli@suse.de
- build with -fPIE (not -fpie) to avoid GOT overflow on s390*
-------------------------------------------------------------------
Wed Jun 22 16:26:42 CEST 2005 - rhafer@suse.de
- build the server packages with -fpie/-pie
-------------------------------------------------------------------
Wed Jun 15 16:43:25 CEST 2005 - rhafer@suse.de
- updated to 2.2.27
-------------------------------------------------------------------
Wed May 25 13:58:57 CEST 2005 - rhafer@suse.de
- libldap-gethostbyname_r.dif: Use gethostbyname_r instead of
gethostbyname in libldap. Should fix host lookups through
nss_ldap (Bugzilla: #76173)
-------------------------------------------------------------------
Fri May 13 12:27:05 CEST 2005 - rhafer@suse.de
- Updated to 2.2.26
- made /%{_libdir}]/sasl2/slapd.conf %config(noreplace)
-------------------------------------------------------------------
Thu Apr 28 09:42:30 CEST 2005 - rhafer@suse.de
- Added /%{_libdir}]/sasl2/slapd.conf to avoid warnings about
unconfigured OTP mechanism (Bugzilla: #80588)
-------------------------------------------------------------------
Tue Apr 12 15:02:24 CEST 2005 - rhafer@suse.de
- added minimal timeout to startproc in init-script to let it
report the "failed" status correctly in case of misconfiguration
(Bugzilla: #76393)
-------------------------------------------------------------------
Mon Apr 4 16:41:32 CEST 2005 - rhafer@suse.de
- crl-check.dif: Implements CRL checking on client and server side
- use different base ports for differnt values of BUILD_INCARNATION
(/.buildenv) to allow parallel runs of the test-suite on a single
machine
-------------------------------------------------------------------
Mon Apr 4 15:33:19 CEST 2005 - uli@suse.de
- force yielding-select test to yes (test occasionally hangs QEMU)
-------------------------------------------------------------------
Fri Apr 1 13:16:49 CEST 2005 - uli@suse.de
- disable test suite on ARM (hangs QEMU)
-------------------------------------------------------------------
Tue Mar 29 14:21:50 CEST 2005 - rhafer@suse.de
- updated to 2.2.24
- enabled back-hdb
-------------------------------------------------------------------
Wed Mar 2 13:44:23 CET 2005 - rhafer@suse.de
- syncrepl.dif: merged latest syncrepl fixes (Bugzilla: #65928)
- libldap-reinit-fdset.dif: Re-init fd_sets when select is
interupted (Bugzilla #50076, ITS: #3524)
-------------------------------------------------------------------
Thu Feb 17 14:28:02 CET 2005 - rhafer@suse.de
- checkproc_before_recover.dif: Check if slapd is stopped before
running db_recover from the init script. (Bugzilla: #50962)
-------------------------------------------------------------------
Tue Feb 1 14:30:13 CET 2005 - rhafer@suse.de
- Cleanup back-bdb databases in %post, db-4.3 changed the
transaction log format again.
- cosmetic fixes in init script
-------------------------------------------------------------------
Tue Jan 25 15:57:55 CET 2005 - rhafer@suse.de
- updated to 2.2.23
- cleaned up #neededforbuild
- package should also build on older SuSE Linux releases now
- increased killproc timeout in init-script (Bugzilla: #47227)
-------------------------------------------------------------------
Thu Jan 13 15:09:28 CET 2005 - rhafer@suse.de
- updated to 2.2.20
- Removed unneeded dependencies
-------------------------------------------------------------------
Fri Dec 10 12:58:58 CET 2004 - kukuk@suse.de
- don't install *.la files
-------------------------------------------------------------------
Wed Nov 10 16:38:10 CET 2004 - rhafer@suse.de
- updated to 2.2.18
- use kerberos-devel-packages in neededforbuild
-------------------------------------------------------------------
Fri Sep 24 17:55:10 CEST 2004 - ro@suse.de
- re-arranged specfile to sequence (header (package/descr)* rest)
so the checking parser is not confused ...
-------------------------------------------------------------------
Fri Sep 24 13:59:40 CEST 2004 - rhafer@suse.de
- Added pre_checkin.sh to generate a separate openldap2-client
spec-file from which the openldap2-client and openldap2-devel
subpackages are built. Should reduce build time for libldap as
the test-suite is only executed in openldap2.spec.
-------------------------------------------------------------------
Fri Sep 10 13:24:44 CEST 2004 - rhafer@suse.de
- libldap-result.dif: ldapsearch was hanging in select() when
retrieving results from eDirectory through a StartTLS protected
connection (Bugzilla #44942)
-------------------------------------------------------------------
Mon Aug 9 23:43:18 CEST 2004 - dobey@suse.de
- added ntlm support
-------------------------------------------------------------------
Tue Aug 3 14:48:25 CEST 2004 - rhafer@suse.de
- updated to 2.2.16
- Updated ACLs in slapd_conf.dif to disable default read access
to the "userPKCS12" Attribute
- rc-check-conn.diff: When starting slapd wait until is accepts
connections, or 10 seconds at maximum (Bugzilla #41354)
- Backported -o slp={on|off} feature from OpenLDAP Head and added
new sysconfig variable (OPENLDAP_REGISTER_SLP) to be able
to switch SLP registration on and off. (Bugzilla #39865)
- removed unneeded README.update
-------------------------------------------------------------------
Fri Apr 30 16:46:50 CEST 2004 - rhafer@suse.de
- updated to 2.2.11
- remove SLES8 update specific stuff
- Bugzilla #39652: Updated slapd_conf.dif to contain basic access
control
- Bugzilla #39468: Added missing items to yast.schema
- fixed strict-aliasing compiler warnings (strict-aliasing.dif)
-------------------------------------------------------------------
Thu Apr 29 15:13:31 CEST 2004 - coolo@suse.de
- build with several jobs if available
-------------------------------------------------------------------
Mon Apr 19 12:13:41 CEST 2004 - rhafer@suse.de
- ldapi_url.dif: Fixed paths for LDAPI-socket, pid-file and
args-file (Bugzilla #38790)
- ldbm_modrdn.dif: Fixed back-ldbm modrdn indexing bug (ITS #3059,
Bugzilla #38915)
- modify_check_duplicates.dif: check for duplicate attribute
values in modify requests (ITS #3066/#3097, Bugzilla #38607)
- updated and renamed yast2userconfig.schema to yast.schema as it
contains more that only user configuration now
- syncrepl.dif: addtional fixes for syncrepl (ITS #3055, #3056)
- test_syncrepl_timeout: increased sleep timeout in syncrepl
testsuite
-------------------------------------------------------------------
Thu Apr 1 15:05:15 CEST 2004 - rhafer@suse.de
- added "TLS_REQCERT allow" to /etc/openldap/ldap.conf, to make
START_TLS work without access to the CA Certificate.
(Bugzilla: #37393)
-------------------------------------------------------------------
Fri Mar 26 15:30:12 CET 2004 - rhafer@suse.de
- fixed filelist
- check-build.sh (build on kernel >= 2.6.4 hosts only)
- yast2user.schema / slapd.conf fixed (#37076)
- don't check for TLS-options is init-script anymore (#33560)
- fixed various typos in README.update
-------------------------------------------------------------------
Wed Mar 17 13:21:45 CET 2004 - rhafer@suse.de
- fixed build of openldap-2.1-slapcat (using correct db41 include
files, build backends as on sles8)
- attempt to update bdb database and reindex ldbm database in %{post}
- Update notes in README.update
- better default configuration (including default DB_CONFIG file)
- misc updates for the YaST schema
- fixed crasher in syncrepl-code (syncrepl.dif)
-------------------------------------------------------------------
Tue Mar 16 16:15:49 CET 2004 - schwab@suse.de
- Fix type mismatch.
-------------------------------------------------------------------
Tue Mar 2 19:50:18 CET 2004 - rhafer@suse.de
- updated to 2.2.6
- build a openldap-2.1-slapcat from 2.1.25 sources to be able to
migrate from SLES8 and SL 9.0
-------------------------------------------------------------------
Thu Feb 19 17:25:12 CET 2004 - ro@suse.de
- added check-build.sh (build on 2.6 hosts only)
-------------------------------------------------------------------
Thu Feb 5 17:38:52 CET 2004 - rhafer@suse.de
- updated to 2.2.5
- adjusted rfc2307bis.schema to support UTF-8 values in most
attributes
- enabled proxycache-overlay (wiht fix to work with back-ldbm)
-------------------------------------------------------------------
Tue Jan 13 11:31:03 CET 2004 - rhafer@suse.de
- updated to 2.2.4
- updated Admin Guide to most recent version
-------------------------------------------------------------------
Sat Jan 10 10:19:26 CET 2004 - adrian@suse.de
- add %defattr
- fix build as user
-------------------------------------------------------------------
Mon Dec 8 16:46:03 CET 2003 - rhafer@suse.de
- updated to 2.1.25
- small fixes for the YaST user schema
-------------------------------------------------------------------
Tue Nov 11 15:20:05 CET 2003 - rhafer@suse.de
- enabled SLP-support
-------------------------------------------------------------------
Fri Oct 17 22:14:24 CEST 2003 - kukuk@suse.de
- Remove unused des from neededforbuild
-------------------------------------------------------------------
Tue Sep 2 16:04:05 CEST 2003 - mt@suse.de
- Bugzilla #29859: fixed typo in sysconfig metadata,
usage of OPENLDAP_LDAPS_INTERFACES in init script
- added /usr/lib/sasl2/slapd.conf permissions handling
- added sysconfig variable OPENLDAP_SLAPD_PARAMS=""
to support additional slapd start parameters
- added sysconfig variable OPENLDAP_START_LDAPI=NO/yes
for ldapi:/// (LDAP over IPC) URLs
-------------------------------------------------------------------
Thu Aug 14 17:12:35 CEST 2003 - rhafer@suse.de
- added activation metadata to sysconfig template (Bugzilla #28911)
- removed lint from specfile
-------------------------------------------------------------------
Thu Aug 7 18:37:16 CEST 2003 - rhafer@suse.de
- added %stop_on_removal and %restart_on_update calls
- bdb_addcnt.dif fixes a possible endless loop in id2entry()
- addonschema.tar.gz: some extra Schema files (YaST, RFC2307bis)
-------------------------------------------------------------------
Wed Jul 16 19:27:39 CEST 2003 - rhafer@suse.de
- removed fillup_only and call fillup_and_insserv correctly
- new Options in sysconfig.openldap: OPENLDAP_LDAP_INTERFACES,
OPENLDAP_LDAPS_INTERFACES and OPENLDAP_RUN_DB_RECOVER
-------------------------------------------------------------------
Tue Jul 1 15:42:03 CEST 2003 - rhafer@suse.de
- updated to 2.1.22
- updated Admin Guide to most recent version
- build librewrite with -fPIC
-------------------------------------------------------------------
Mon Jun 16 16:29:03 CEST 2003 - rhafer@suse.de
- updated to 2.1.21
-------------------------------------------------------------------
Wed Jun 11 17:08:11 CEST 2003 - ro@suse.de
- fixed requires lines
-------------------------------------------------------------------
Mon May 26 16:00:43 CEST 2003 - rhafer@suse.de
- don't link back-ldap against librewrite.a, it's already linked
into slapd (package should build on non-i386 Archs again)
-------------------------------------------------------------------
Fri May 23 14:35:49 CEST 2003 - rhafer@suse.de
- fixed dynamic build of back-ldap
- new subpackage back-ldap
-------------------------------------------------------------------
Tue May 20 11:04:50 CEST 2003 - rhafer@suse.de
- updated to version 2.1.20
- enabled dynamic backend modules
- new subpackages back-perl, back-meta and back-monitor
- remove unpacked files from BuildRoot
-------------------------------------------------------------------
Fri May 9 14:23:45 CEST 2003 - rhafer@suse.de
- updated to version 2.1.19
-------------------------------------------------------------------
Wed Apr 16 00:34:31 CEST 2003 - ro@suse.de
- fixed requires for devel-package ...
-------------------------------------------------------------------
Tue Apr 15 10:18:11 CEST 2003 - ro@suse.de
- fixed neededforbuild
-------------------------------------------------------------------
Thu Feb 13 12:13:23 CET 2003 - kukuk@suse.de
- Enable IPv6 again
-------------------------------------------------------------------
Tue Feb 11 19:02:14 CET 2003 - rhafer@suse.de
- added /etc/openldap to filelist
-------------------------------------------------------------------
Mon Feb 3 16:42:47 CET 2003 - rhafer@suse.de
- switch default backend to ldbm
-------------------------------------------------------------------
Sun Feb 2 23:58:34 CET 2003 - ro@suse.de
- fixed requires for devel package (cyrus-sasl2-devel)
-------------------------------------------------------------------
Fri Jan 31 08:58:39 CET 2003 - rhafer@suse.de
- liblber.dif: Fixes two bugs in liblber by which remote attackers
could crash the LDAP server (Bugzilla #22469, OpenLDAP ITS #2275
and #2280)
-------------------------------------------------------------------
Tue Jan 14 11:53:11 CET 2003 - choeger@suse.de
- build using sasl2
-------------------------------------------------------------------
Mon Jan 13 12:23:31 CET 2003 - rhafer@suse.de
- updated to version 2.1.12
- added metadata to sysconfig template (Bug: #22666)
-------------------------------------------------------------------
Thu Nov 28 14:42:06 CET 2002 - rhafer@suse.de
- updated to version 2.1.8
- added additional fix of 64bit archs
- added secpatch.dif to fix setuid issues in libldap
-------------------------------------------------------------------
Fri Sep 6 11:11:07 CEST 2002 - rhafer@suse.de
- fix for Bugzilla ID #18981, chown to OPENLDAP_USER didn't work
with multiple database backend directories
-------------------------------------------------------------------
Mon Sep 2 18:02:03 CEST 2002 - rhafer@suse.de
- removed damoenstart_ipv6.diff and disabled IPv6 support due to
massive problems with nss_ldap
-------------------------------------------------------------------
Mon Aug 26 19:37:32 CEST 2002 - rhafer@suse.de
- ldap_user.dif: slapd is now run a the user/group ldap (Bugzilla
ID#17697)
-------------------------------------------------------------------
Fri Aug 23 13:54:15 CEST 2002 - rhafer@suse.de
- updated to version 2.1.4, which fixes tons of bugs
- added damoenstart_ipv6.diff (slapd was not starting when
configured to listen on IPv4 and IPv6 interfaces, as done by the
start script)
- added README.SuSE with some hints about the bdb-backend
- updated filelist to include only the man pages of the backends,
that were built
-------------------------------------------------------------------
Thu Aug 15 15:56:09 CEST 2002 - rhafer@suse.de
- removed termcap and readline from neededforbuild
-------------------------------------------------------------------
Thu Aug 8 11:21:36 CEST 2002 - rhafer@suse.de
- enabled {CRYPT} passwords
- update filelist (added new manpages)
-------------------------------------------------------------------
Thu Jul 25 15:58:03 CEST 2002 - rhafer@suse.de
- patches for 64 bit architectures
-------------------------------------------------------------------
Fri Jul 19 11:28:28 CEST 2002 - rhafer@suse.de
- update to 2.1.3
-------------------------------------------------------------------
Fri Jul 5 13:26:17 CEST 2002 - kukuk@suse.de
- fix openldap2-devel requires
-------------------------------------------------------------------
Thu Jul 4 10:29:03 CEST 2002 - rhafer@suse.de
- switched back from cyrus-sasl2 to cyrus-sasl
-------------------------------------------------------------------
Wed Jul 3 13:30:23 CEST 2002 - rhafer@suse.de
- updated to OpenLDAP 2.1.2
- added the OpenLDAP Administration Guide
- enabled additional backends (ldap, meta, monitor)
-------------------------------------------------------------------
Mon Jun 10 21:59:35 CEST 2002 - olh@suse.de
- hack build/ltconfig to build shared libs on ppc64
-------------------------------------------------------------------
Wed Jun 5 18:25:51 CEST 2002 - rhafer@suse.de
- created /etc/sysconfig/openldap and OPENLDAP_START_LDAPS variable
to enable ldap over ssl support
-------------------------------------------------------------------
Thu Mar 7 16:27:15 CET 2002 - rhafer@suse.de
- Fix for Bugzilla ID#14569 (added cyrus-sasl-devel openssl-devel
to the "Requires" Section of the -devel subpackage)
-------------------------------------------------------------------
Mon Feb 18 13:06:10 CET 2002 - rhafer@suse.de
- updated to the latest STABLE release (2.0.23) which fixes some
nasty bugs see ITS #1562,#1582,#1577,#1578
-------------------------------------------------------------------
Thu Feb 7 14:13:25 CET 2002 - rhafer@suse.de
- updated to the latest release (which fixes a index corruption
bug)
- cleanup in neededforbuild
- small fixes for the init-scripts
-------------------------------------------------------------------
Thu Jan 17 13:51:28 CET 2002 - rhafer@suse.de
- updated to the latest stable release (2.0.21)
-------------------------------------------------------------------
Wed Jan 16 18:36:12 CET 2002 - egmont@suselinux.hu
- removed periods and colons from startup/shutdown messages
-------------------------------------------------------------------
Tue Jan 15 15:31:09 CET 2002 - rhafer@suse.de
- updated to v2.0.20 (which fixes a security hole in ACL
processing)
-------------------------------------------------------------------
Fri Jan 11 15:54:51 CET 2002 - rhafer@suse.de
- converted archive to bzip2
- makes use of %{_libdir} now
- set CFLAGS to -O0 for archs ia64, s390(x) and alpha otherwise
the test suite fails on these archs
- changed slapd.conf to store the database under /var/lib/ldap
(this patch was missing in the last versions by accident)
-------------------------------------------------------------------
Mon Jan 7 16:41:32 CET 2002 - rhafer@suse.de
- update to v2.0.19
-------------------------------------------------------------------
Thu Dec 6 14:51:56 CET 2001 - rhafer@suse.de
- eliminated START_LDAP, START_SLURPD variables in rc.config
- created separate init script for slurpd
- moved init scripts from dif to separate source tgz
-------------------------------------------------------------------
Fri Oct 26 10:36:06 CEST 2001 - choeger@suse.de
- update to v2.0.18
-------------------------------------------------------------------
Mon Oct 15 10:00:06 CEST 2001 - choeger@suse.de
- update to v2.0.17
added a sleep to the restart section
moved some manpages to the client package
-------------------------------------------------------------------
Mon Oct 1 18:38:14 CEST 2001 - choeger@suse.de
- update to v2.0.15
-------------------------------------------------------------------
Wed Sep 12 09:53:03 CEST 2001 - choeger@suse.de
- backported the full bugfix from openldap-2.0.14
-------------------------------------------------------------------
Tue Sep 11 11:36:20 CEST 2001 - choeger@suse.de
- Bugfix for slurpd millionth second bug (ITS#1323)
-------------------------------------------------------------------
Mon Sep 10 09:06:40 CEST 2001 - choeger@suse.de
- moved ldapfilter.conf ldaptemplates.conf ldapsearchprefs.conf
to openldap2-client package
-------------------------------------------------------------------
Mon Sep 3 09:31:21 CEST 2001 - choeger@suse.de
- update to version 2.0.12
-------------------------------------------------------------------
Mon Jul 2 10:52:22 CEST 2001 - choeger@suse.de
- bugfix: init script was not LSB compliant, Bugzilla ID#9072
-------------------------------------------------------------------
Tue Jun 19 16:18:54 CEST 2001 - ro@suse.de
- fixed for autoconf again
-------------------------------------------------------------------
Fri Jun 15 10:23:24 CEST 2001 - choeger@suse.de
- update to 2.0.11
- removed autoconf in specfile, because it doesn't work
-------------------------------------------------------------------
Wed May 23 11:43:08 CEST 2001 - choeger@suse.de
- update to version 2.0.10 (minor fixes)
-------------------------------------------------------------------
Tue May 22 11:33:58 CEST 2001 - choeger@suse.de
- update to version 2.0.9
-------------------------------------------------------------------
Mon Apr 23 15:55:32 CEST 2001 - choeger@suse.de
- removed kerberos support
- added aci support
-------------------------------------------------------------------
Fri Apr 20 11:52:14 CEST 2001 - choeger@suse.de
- added kerberos support
-------------------------------------------------------------------
Thu Apr 5 13:47:51 CEST 2001 - choeger@suse.de
- moved section 5 and 8 manpages to the server part of package
-------------------------------------------------------------------
Wed Mar 14 18:17:50 CET 2001 - kukuk@suse.de
- Move *.so links into -devel package
- -devel requires -client
-------------------------------------------------------------------
Thu Mar 8 10:51:05 CET 2001 - choeger@suse.de
- split up into openldap2-client and -devel
-------------------------------------------------------------------
Tue Feb 27 11:20:53 CET 2001 - ro@suse.de
- changed neededforbuild <cyrus-sasl> to <cyrus-sasl cyrus-sasl-devel>
-------------------------------------------------------------------
Fri Feb 23 00:10:25 CET 2001 - ro@suse.de
- added readline/readline-devel to neededforbuild (split from bash)
-------------------------------------------------------------------
Thu Jan 4 14:03:17 CET 2001 - choeger@suse.de
- bugfix: slapd.conf rename /var/lib/openldap-ldbm to
/var/lib/ldap
init script: use $remote_fs
-------------------------------------------------------------------
Tue Jan 2 10:38:20 CET 2001 - olh@suse.de
- use script name in %post
-------------------------------------------------------------------
Thu Dec 7 15:01:53 CET 2000 - choeger@suse.de
- bugfix from Andreas Jaeger:
workaround for glibc2.2, detach
-------------------------------------------------------------------
Fri Dec 1 15:23:45 CET 2000 - ro@suse.de
- hacked configure for apparently broken pthread
-------------------------------------------------------------------
Fri Dec 1 02:28:54 CET 2000 - ro@suse.de
- fixed spec
-------------------------------------------------------------------
Thu Nov 23 11:27:07 CET 2000 - choeger@suse.de
- made configs %config(noreplace) (Bug 4112)
- fixed neededforbuild
-------------------------------------------------------------------
Wed Nov 22 11:37:22 CET 2000 - choeger@suse.de
- adopted new init scheme
-------------------------------------------------------------------
Wed Nov 15 16:24:48 CET 2000 - choeger@suse.de
- fixed neededforbuild
-------------------------------------------------------------------
Fri Nov 10 16:32:57 CET 2000 - choeger@suse.de
- added buildroot
-------------------------------------------------------------------
Tue Nov 7 18:52:54 CET 2000 - choeger@suse.de
- long package name
- new version, 2.0.7
-------------------------------------------------------------------
Fri Oct 6 11:35:47 CEST 2000 - choeger@suse.de
- first package of openldap2 (v2.0.6)