OpenLDAP 2.4.49:
Added slapd-monitor database entry count for slapd-mdb
Fixed client tools to not add controls on cancel/abandon
Fixed client tools SyncInfo message to be LDIF compliant
Fixed libldap to correctly free sb
Fixed libldap descriptor leak if ldaps fails
Fixed libldap remove unnecessary global mutex for GnuTLS
Fixed slapd syntax evaluation of preferredDeliveryMethod
Fixed slapd to relax domainScope control check
Fixed slapd to have cleaner error handling during connection setup
Fixed slapd data check when processing cancel exop
Fixed slapd attribute description processing
Fixed slapd-ldap to set oldctrls correctly
Fixed slapd-mdb to honor unchecked limit with alias deref
Fixed slapd-mdb missing final commit with slapindex
Fixed slapd-mdb drop attr mappings added in an aborted txn
Fixed slapd-mdb nosync FLAG configuration handling
Fixed slapd-monitor global operation counter reporting
Fixed slapo-ppolicy when used with slapauth
Fixed slapo-ppolicy to add a missed normalised copy of pwdChangedTime
Fixed slapo-syncprov fix sessionlog init
Fixed slapo-unique loop termination
Build Environment
Fix mkdep to honor TMPDIR if set
Remove ICU library detection
Update config.guess and config.sub to support newer architectures
Disable ITS8521 regression test as it is no longer valid
Documentation
admin24 - Fix inconsistent whitespace in replication section
slapd-config(5)/slapd.conf(5) - Fix missing bold tag for keyword
slapd-ldap(5) - Document "tls none" option
slapo-ppolicy(5) - Correctly document pwdGraceAuthnLimit
OpenLDAP 2.4.48
Added libldap OpenSSL Elliptic Curve support
Added libldap Expose OpenLDAP specific interfaces via openldap.h
Added slapd-monitor support for slapd-mdb
Fixed liblber leaks
Fixed liblber with partial flush
Fixed libldap ASYNC TLS so it works
Fixed libldap ASYNC connections with Solaris 10
Fixed libldap with SASL_NOCANON=on and ldapi connections
Fixed libldap to be able to unset syncrepl TLS options
Fixed libldap race condition in ldap_int_initialize
Fixed libldap return code in ldap_create_assertion_control_value
Fixed libldap to correctly disable IPv6 when configured to do so
Fixed libldap to correctly close TLS connection
Fixed libldap_r handling of deprecated OpenSSL function
Fixed liblunicode case correspondance
Fixed slapd with an idletimeout of less than four seconds
Fixed slapd config parser variable for Windows64
Fixed slapd syncrepl fallback handling with delta-syncrepl
Fixed slapd telephoneNumberNormalize, cert DN validation
Fixed slapd syncrepl for relax with delta-syncrepl
Fixed slapd to restrict rootDN proxyauthz to its own databases
Fixed slapd to initialize SASL SSF per connection
Fixed slapo-accesslog with SLAP_MOD_SOFT modifications
Fixed slapd-ldap starttls connections timeout behavior
Fixed slapd-ldap segfault when entry result doesn't match filter
Fixed slapd-meta conversion from slapd.conf to cn=config
Fixed slapd-meta assertion when network interface goes down
Fixed slapd-mdb fix bitshift integer overflow
Fixed slapd-mdb index cleanup with cn=config
Fixed slapd-mdb to improve performance with alias deref
Fixed slapo-accesslog possible assert with exops
Fixed slapo-chain to correctly reject multiple chaining URIs
Fixed slapo-chain conversion from slapd.conf to cn=config
Fixed slapo-memberof conversion from slapd.conf to cn=config
Fixed slapo-memberof for group name change to itself
Fixed slapo-ppolicy behavior when pwdInHistory is changed
Fixed slapo-rwm to not free original filter
Fixed slapo-syncprov contextCSN generation
Build Environment
Fixed slapd to only link to BDB libraries with static build
Fixed libldap implicit declaration with LDAP_CONNECTIONLESS
Fixed libldap double inclusion of limits.h in cyrus.c
Documentation
General - Fixed minor typos
admin24 - Miscellaneous updates promoting mdb and fixing examples
slapd.access(5) - Note MDB is the primary backend
slapd.backends(5) - Note MDB is the recommended backend
slapd-ldap(5) - Document starttls parameter
Contrib
Added slapo-lastbind capability to forward authTimestamp updates
OpenLDAP 2.4.47:
Added slapd-sock DN qualifier for subtrees to be processed
Added slapd-sock ability to send extended operations to external listeners
Fixed liblber to avoid incremental access to user-supplied bv in dupbv
Fixed libldap dn to domain parsing with bad input
Fixed slapd slapcat to correctly honor -g option
Fixed slapd to correctly handle NO_SUCH_OBJECT with dynamic groups
Fixed slapd to check status of rdnNormalize
Fixed slapd cn=config when modifying slapo-syncprov config
Fixed slapd sasl authz-policy "all" behavior
Fixed slapd sasl minor typo
Fixed slapd to correctly hide hidden DBs in the rootDSE
Fixed slapd domainScope control to match Microsoft specification
Fixed slapd-bdb/hdb/mdb to not convert certain IDLs to ranges
Fixed slapo-accesslog deadlock during cleanup
Fixed slapo-memberof cn=config modifications
Fixed slapo-ppolicy with multimaster replication
Fixed slapo-syncprov with NULL modlist
Build Environment
Added slapd reproducible build support
Fixed missing includes with OpenSSL 1.0.2
Contrib
Fixed slapo-pbkdf2 hash generation
Documentation
admin24 fixed minor typo
OpenLDAP 2.4.46 Release (2018/03/22)
Fixed libldap connection delete callbacks when TLS fails to start
Fixed libldap to not reuse tls_session if TLS hostname check fails
Fixed libldap cross-compiling with OpenSSL 1.1
Fixed libldap OpenSSL 1.1.1 compatibility with BIO_method
Fixed libldap MozNSS CA certificate hash matching
Fixed libldap MozNSS with PEM certs when also using an NSS cert db
Fixed libldap MozNSS initialization
Fixed libldap GnuTLS with GNUTLS_E_AGAIN
Fixed libldap memory leak with cancel operations
Fixed slapd Eventlog registry key creation on 64-bit Windows
Fixed slapd to maintain SSF across SASL binds
Fixed slapd syncrepl deadlock when updating cookie
Fixed slapd syncrepl callback to always be last in the stack
Fixed slapd telephoneNumberNormalize when the value is spaces and hyphens
Fixed slapd CSN queue processing
Fixed slapd-ldap TLS connection timeout with high latency connections
Fixed slapd-ldap to ignore unknown schema when omit-unknown-schema is set
Fixed slapd-mdb with an optimization for long lived read transactions
Fixed slapd-meta assert when olcDbRewrite is modified
Fixed slapd-sock with LDAP_MOD_INCREMENT operations
Fixed slapo-accesslog cleanup to only occur on failed operations
Fixed slapo-dds entryTTL to actually decrease as per RFC 2589
Fixed slapo-syncprov memory leak with delete operations
Fixed slapo-syncprov to not clear pending operation when checkpointing
Fixed slapo-syncprov to correctly record contextCSN values in the accesslog
Fixed slapo-syncprov not to log checkpoints to accesslog db
Fixed slapo-syncprov to process changes from this SID on REFRESH
Fixed slapo-syncprov session log parsing to not block other operations
Build Environment
Fixed Windows build with newer MINGW version
Fixed compiler warnings and removed unused variables
Contrib
Fixed ldapc++ Control structure
Documentation
Delete stub manpage for back-ldbm
Fixed ldap_bind(3) to mention the LDAP_SASL_SIMPLE mechanism
Fixed ldap.conf(5) to note SASL_MECH/SASL_REALM are no longer user-only
Fixed slapd-config(5) typo for olcTLSCipherSuite
Fixed slapo-syncprov(5) indexing requirements
Added slapd support for OpenSSL 1.1.0 series (ITS-8353, ITS-8533, ITS-8634)
Fixed libldap to fail ldap_result if the handle is already bad (ITS-8585)
Fixed libldap to expose error if user specified CA doesn't exist (ITS-8529)
Fixed libldap handling of Diffie-Hellman parameters (ITS-7506)
Fixed libldap GnuTLS use after free (ITS-8385)
Fixed libldap SASL initialization (ITS-8648)
Fixed slapd bconfig rDN escape handling (ITS-8574)
Fixed slapd segfault with invalid hostname (ITS-8631)
Fixed slapd sasl SEGV rebind in same session (ITS-8568)
Fixed slapd syncrepl filter handling (ITS-8413)
Fixed slapd syncrepl infinite looping mods with delta-sync MMR (ITS-8432)
Fixed slapd callback struct so older modules without writewait should function.
Custom modules may need to be updated for sc_writewait callback (ITS-8435)
Fixed slapd-ldap/meta broken LDAP_TAILQ macro (ITS-8576)
Fixed slapd-mdb so it passes ITS6794 regression test (ITS-6794)
Fixed slapd-mdb double free with size zero paged result (ITS-8655)
Fixed slapd-meta uninitialized diagnostic message (ITS-8442)
Fixed slapo-accesslog to honor pauses during purge for cn=config update (ITS-8423)
Fixed slapo-accesslog with multiple modifications to the same attribute (ITS-6545)
Fixed slapo-relay to correctly initialize sc_writewait (ITS-8428)
Fixed slapo-sssvlv double free (ITS-8592)
Fixed slapo-unique with empty modifications (ITS-8266)
Build Environment
Added test065 for proxyauthz (ITS-8571)
Fix test008 to be portable (ITS-8414)
Fix test064 to wait for slapd to start (ITS-8644)
Fix its4336 regression test (ITS-8534)
Fix its4337 regression test (ITS-8535)
Fix regression tests to execute on all backends (ITS-8539)
Contrib
Added slapo-autogroup(5) man page (ITS-8569)
Added passwd missing conversion scripts for apr1 (ITS-6826)
Fixed contrib modules where the writewait callback was not correctly initialized (ITS-8435)
Fixed smbk5pwd to build with newer OpenSSL releases (ITS-8525)
Documentation
admin24 fixed tls_cipher_suite bindconf option (ITS-8099)
admin24 fixed typo cn=config to be slapd.d (ITS-8449)
admin24 fixed slapo-syncprov information to be curent (ITS-8253)
admin24 fixed typo in access control docs (ITS-7341, ITS-8391)
admin24 fixed minor typo in tuning guide (ITS-8499)
admin24 fixed information about the limits option (ITS-7700)
admin24 fixed missing options for syncrepl configuration (ITS-7700)
admin24 fixed accesslog documentation to note it should not be replicated (ITS-8344)
Fixed ldap.conf(5) missing information on SASL_NOCANON option (ITS-7177)
Fixed ldapsearch(1) information on the V[V] flag behavior (ITS-7177, ITS-6339)
Fixed slapd-config(5), slapd.conf(5) clarification on interval keyword for refreshAndPersist (ITS-8538)
Fixed slapd-config(5), slapd.conf(5) clarify serverID requirements (ITS-8635)
Fixed slapd-config(5), slapd.conf(5) clarification on loglevel settings (ITS-8123)
Fixed slapo-ppolicy(5) to clearly note rootdn requirement (ITS-8565)
Fixed slapo-memberof(5) to note it is not safe to use with replication (ITS-8613)
Fixed slapo-syncprov(5) documentation to be current (ITS-8253)
Fixed slapadd(8) manpage to note slapd-mdb (ITS-8215)
Fixed various minor grammar issues in the man pages (ITS-8544)
Fixed various typos (ITS-8587)
Fixed liblber remove obsolete assert (ITS-8240, ITS-8301)
Fixed libldap file URLs on windows (ITS-8273)
Fixed libldap microsecond timer for windows (ITS-8295)
Fixed slap tools minor one time memory leak (ITS-8082)
Fixed slapd to avoid redundant processing of abandon ops (ITS-8232)
Fixed slapd syncrepl segv when present list is NULL (ITS-8231, ITS-8042)
Fixed slapd segfault with invalid SASL URI (ITS-8218)
Fixed slapd configuration parser with unbalanced quotes (ITS-8233)
Fixed slapd syncrepl check with config db on windows (ITS-8277)
Fixed slapd with mod Increment and inherited attribute type (ITS-8289)
Fixed slapd-ldap SEGV after failed retry (ITS-8173)
Fixed slapd-ldap to skip client controls in ldap_back_entry_get (ITS-8244)
Fixed slapd-null to have an option to return a search entry (ITS-8249)
Fixed slapd-relay to correctly handle quoted options (ITS-8284)
Fixed slapo-accesslog delta-sync MMR with interrupted refresh phase (ITS-8281)
Fixed slapo-dds segfault when using slapo-memberof (ITS-8133)
Fixed slapo-ppolicy to allow purging of stale pwdFailureTime attributes (ITS-8185)
Fixed slapo-ppolicy to release entry on failure (ITS-7537)
Fixed slapo-ppolicy to fall back to default policy if there is a parsing error (ITS-8234)
Fixed slapo-syncprov with interrupted refresh phase (ITS-8281)
Fixed slapo-refint with subtree renames (ITS-8220)
Fixed slapo-rwm missing olcDropUnrequested attribute (ITS-7889)
Fixed slapo-rwm parsing to avoid double-escaping rewrite rules (ITS-7964)
Build Environment
Fixed ldif-filter option parsing (ITS-8292)
Fixed slapd-tester EOL handling in test output for windows (ITS-8280)
Fixed slapd-tester executable suffix for windows (ITS-8216)
Fixed test061 timing issues (ITS-8297)
Contrib
Added libnettle support to pw-pbkdf2 (ITS-8198)
Fixed smbk5pwd compiler warnings with libnettle (ITS-8235)
Fixed passwd symbol collisions with other crypto libraries (ITS-8294)
Documentation
Updated guide to reflect changes to how TLS is handled with syncrepl
Problems found with existing distfiles:
distfiles/D6.data.ros.gz
distfiles/cstore0.2.tar.gz
distfiles/data4.tar.gz
distfiles/sphinx-2.2.7-release.tar.gz
No changes made to the cstore or mariadb55-client distinfo files.
Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden). All existing
SHA1 digests retained for now as an audit trail.
Fixed libldap MozNSS crash
Fixed libldap memory leak with SASL
Fixed libldap assert in parse_passwdpolicy_control
Fixed libldap shortcut NULL RDNs
Fixed libldap deref to use correct control
Fixed liblmdb keysizes with mdb_update_key
Fixed slapd cn=config olcDbConfig modification
Fixed slapd-bdb/hdb to bail out of search if config is paused
Fixed slapd-bdb/hdb indexing issue with derived attributes
Fixed slapd-mdb to bail out of search if config is paused
Fixed slapd-mdb indexing issue with derived attributes
Fixed slapd-perl to bail out of search if config is paused
Fixed slapd-sql to bail out of search if config is paused
Fixed slapo-constraint handling of softadd/softdel
Fixed slapo-syncprov assert with findbase
Build Environment
Test suite: Use $(MAKE) for tests
Documentation
admin24 fix TLSDHParamFile to be correct
Fixed liblmdb nordahead flag
Fixed liblmdb to check cursor index before cursor_del
Fixed liblmdb wasted space on split
Fixed slapd for certs with a NULL issuerDN
Fixed slapd cn=config with empty nested includes
Fixed slapd syncrepl memory leak with delta-sync MMR
Fixed slapd-bdb/hdb to stop processing on dn not found
Fixed slapd-bdb/hdb with indexed ANDed filters
Fixed slapd-mdb to stop processing on dn not found
Fixed slapd-mdb dangling reader
Fixed slapd-mdb matching rule for OlcDbEnvFlags
Fixed slapd-mdb with indexed ANDed filters
Fixed slapd-meta from blocking other threads
Fixed slapo-syncprov assert with findbase
Added liblmdb nordahead environment flag
Fixed client tools CLDAP with IPv6
Fixed libldap CLDAP with IPv6
Fixed libldap lock ordering with abandon op
Fixed liblmdb segfault with mdb_cursor_del
Fixed liblmdb when converting to writemap
Fixed liblmdb assert on MDB_NEXT with delete
Fixed liblmdb wasted space on split
Fixed slapd cn=config with olcTLSProtocolMin
Fixed slapd-bdb/hdb optimize index updates
Fixed slapd-ldap chaining with cn=config
Fixed slapd-ldap chaning with controls
Fixed slapd-mdb optimize index updates
Fixed slapd-meta chaining with cn=config
Fixed slapo-constraint to no-op on nonexistent entries
Fixed slapo-dds assert on startup
Fixed slapo-memberof to not replicate internal ops
Fixed slapo-refint to not replicate internal ops
Build Environment
Fixed slapd-mdb ptr arithmetic on void *s
Documentation
ldapsearch(1) minor typo fix
slapd-passwd(5) minor typo fix
Added slapd-meta cn=config support
Fixed libldap MozNSS slot picking
Fixed libldap MozNSS with tokenname:certnickname format
Fixed libmdb POSIX semaphore cleanup on environment close
Fixed libmdb mdb_page_split
Fixed slapd alock handling on Windows
Fixed slapd acl handling with zero-length values
Fixed slapd syncprov to not reference ops inside a lock
Fixed slapd delta-syncrepl MMR with large attribute values
Fixed slapd slapd_rw_destroy function
Fixed slapd-ldap idassert bind handling
Fixed slapd-mdb slapadd -q -w double free
Fixed slapd-mdb to close read txn in reindex commit
Fixed slapo-constraint with multiple modifications
Build Environment
Fixed build with Visual Studio
Fixed libmdb posix semaphore use on BSD system
Add slapo-constraint test suite
Contrib
Updated radius passwd module for NAS-Identifier
Documentation
slapo-refint(5) Note that refint is not replicated
