OpenLDAP 2.5.7 Release (2021/08/18)
Fixed lloadd client state tracking
Fixed slapd bconfig to canonicalize structuralObjectclass
Fixed slapd-ldif duplicate controls response
Fixed slapd-mdb multival crash when attribute is missing an equality matchingrule
Fixed slapd-mdb compatibility with OpenLDAP 2.4 MDB databases
Fixed slapd-mdb idlexp maximum size handling
Fixed slapd-monitor number of ops executing with asynchronous backends
Fixed slapd-sql to add support for ppolicy attributes
Fixed slapd-sql to close transactions after bind and search
Fixed slapo-accesslog to make reqMod optional
Fixed slapo-ppolicy logging when pwdChangedTime attribute is not present
Documentation
slapd-mdb(5) note max idlexp size is 30, not 31
slapo-accesslog(5) note that reqMod is optional
Add ldapvc(1) man page
Add guide section on load balancer
Updated guide to document multiprovider as replacement for mirrormode
Updated guide to clarify slapd-mdb upgrade requirements
Updated guide to document removal of deprecated options from client tools
OpenLDAP 2.5.6 Release (2021/07/27)
Fixed libldap buffer overflow
Fixed libldap missing mutex unlock on connection alloc failure
Fixed lloadd cn=config olcBkLloadClientMaxPending setting
Fixed slapd multiple config defaults
Fixed slapd ipv6 addresses to work with tcp wrappers
Fixed slapo-syncprov delete of nonexistent sessionlog
Build
Fixed library symbol versioning on Solaris
Fixed compile warning in libldap/tpool.c
Fixed compile warning in libldap/tls_o.c
Contrib
Fixed ppm module for sysconfdir
Documentation
Updated guide to document multival, idlexp, and maxentrysize
OpenLDAP 2.5.5 Release (2021/06/03)
Added libldap LDAP_OPT_TCP_USER_TIMEOUT support
Added lloadd tcp-user-timeout support
Added slapd-asyncmeta tcp-user-timeout support
Added slapd-ldap tcp-user-timeout support
Added slapd-meta tcp-user-timeout support
Fixed incorrect control OIDs for AuthZ Identity
Fixed libldap typo in util-int.c
Fixed libldap double free of LDAP_OPT_DEFBASE
Fixed libldap better TLS1.3 cipher suite handling
Fixed lloadd multiple issues
Fixed slapd slap_op_time to avoid duplicates across restarts
Fixed slapd typo in daemon.c
Fixed slapd slapi compilation
Fixed slapd to handle empty DN in extended filters
Fixed slapd syncrepl searches with empty base
Fixed slapd syncrepl refresh on startup
Fixed slapd abort due to typo
Fixed slapd-asyncmeta quarantine handling
Fixed slapd-asyncmeta to have a default operations timeout
Fixed slapd-ldap quarantine handling
Fixed slapd-mdb deletion of context entry
Fixed slapd-mdb off-by-one affecting search scope
Fixed slapd-meta quarantine handling
Fixed slapo-accesslog to record reqNewDN for modRDN ops
Fixed slapo-pcache locking during expiration
Build
Fixed slappw-argon2 module installation
Contrib
Update ldapc++/ldaptcl to use configure.ac
Documentation
ldap_first_attribute(3) - Document ldap_get_attribute_ber
ldap_modify(3) - Delete non-existent mod_next parameter
OpenLDAP 2.5.4 Release (2021/04/29)
Initial release for "general use".
OpenLDAP 2.4.49:
Added slapd-monitor database entry count for slapd-mdb
Fixed client tools to not add controls on cancel/abandon
Fixed client tools SyncInfo message to be LDIF compliant
Fixed libldap to correctly free sb
Fixed libldap descriptor leak if ldaps fails
Fixed libldap remove unnecessary global mutex for GnuTLS
Fixed slapd syntax evaluation of preferredDeliveryMethod
Fixed slapd to relax domainScope control check
Fixed slapd to have cleaner error handling during connection setup
Fixed slapd data check when processing cancel exop
Fixed slapd attribute description processing
Fixed slapd-ldap to set oldctrls correctly
Fixed slapd-mdb to honor unchecked limit with alias deref
Fixed slapd-mdb missing final commit with slapindex
Fixed slapd-mdb drop attr mappings added in an aborted txn
Fixed slapd-mdb nosync FLAG configuration handling
Fixed slapd-monitor global operation counter reporting
Fixed slapo-ppolicy when used with slapauth
Fixed slapo-ppolicy to add a missed normalised copy of pwdChangedTime
Fixed slapo-syncprov fix sessionlog init
Fixed slapo-unique loop termination
Build Environment
Fix mkdep to honor TMPDIR if set
Remove ICU library detection
Update config.guess and config.sub to support newer architectures
Disable ITS8521 regression test as it is no longer valid
Documentation
admin24 - Fix inconsistent whitespace in replication section
slapd-config(5)/slapd.conf(5) - Fix missing bold tag for keyword
slapd-ldap(5) - Document "tls none" option
slapo-ppolicy(5) - Correctly document pwdGraceAuthnLimit
Added slapd support for OpenSSL 1.1.0 series (ITS-8353, ITS-8533, ITS-8634)
Fixed libldap to fail ldap_result if the handle is already bad (ITS-8585)
Fixed libldap to expose error if user specified CA doesn't exist (ITS-8529)
Fixed libldap handling of Diffie-Hellman parameters (ITS-7506)
Fixed libldap GnuTLS use after free (ITS-8385)
Fixed libldap SASL initialization (ITS-8648)
Fixed slapd bconfig rDN escape handling (ITS-8574)
Fixed slapd segfault with invalid hostname (ITS-8631)
Fixed slapd sasl SEGV rebind in same session (ITS-8568)
Fixed slapd syncrepl filter handling (ITS-8413)
Fixed slapd syncrepl infinite looping mods with delta-sync MMR (ITS-8432)
Fixed slapd callback struct so older modules without writewait should function.
Custom modules may need to be updated for sc_writewait callback (ITS-8435)
Fixed slapd-ldap/meta broken LDAP_TAILQ macro (ITS-8576)
Fixed slapd-mdb so it passes ITS6794 regression test (ITS-6794)
Fixed slapd-mdb double free with size zero paged result (ITS-8655)
Fixed slapd-meta uninitialized diagnostic message (ITS-8442)
Fixed slapo-accesslog to honor pauses during purge for cn=config update (ITS-8423)
Fixed slapo-accesslog with multiple modifications to the same attribute (ITS-6545)
Fixed slapo-relay to correctly initialize sc_writewait (ITS-8428)
Fixed slapo-sssvlv double free (ITS-8592)
Fixed slapo-unique with empty modifications (ITS-8266)
Build Environment
Added test065 for proxyauthz (ITS-8571)
Fix test008 to be portable (ITS-8414)
Fix test064 to wait for slapd to start (ITS-8644)
Fix its4336 regression test (ITS-8534)
Fix its4337 regression test (ITS-8535)
Fix regression tests to execute on all backends (ITS-8539)
Contrib
Added slapo-autogroup(5) man page (ITS-8569)
Added passwd missing conversion scripts for apr1 (ITS-6826)
Fixed contrib modules where the writewait callback was not correctly initialized (ITS-8435)
Fixed smbk5pwd to build with newer OpenSSL releases (ITS-8525)
Documentation
admin24 fixed tls_cipher_suite bindconf option (ITS-8099)
admin24 fixed typo cn=config to be slapd.d (ITS-8449)
admin24 fixed slapo-syncprov information to be curent (ITS-8253)
admin24 fixed typo in access control docs (ITS-7341, ITS-8391)
admin24 fixed minor typo in tuning guide (ITS-8499)
admin24 fixed information about the limits option (ITS-7700)
admin24 fixed missing options for syncrepl configuration (ITS-7700)
admin24 fixed accesslog documentation to note it should not be replicated (ITS-8344)
Fixed ldap.conf(5) missing information on SASL_NOCANON option (ITS-7177)
Fixed ldapsearch(1) information on the V[V] flag behavior (ITS-7177, ITS-6339)
Fixed slapd-config(5), slapd.conf(5) clarification on interval keyword for refreshAndPersist (ITS-8538)
Fixed slapd-config(5), slapd.conf(5) clarify serverID requirements (ITS-8635)
Fixed slapd-config(5), slapd.conf(5) clarification on loglevel settings (ITS-8123)
Fixed slapo-ppolicy(5) to clearly note rootdn requirement (ITS-8565)
Fixed slapo-memberof(5) to note it is not safe to use with replication (ITS-8613)
Fixed slapo-syncprov(5) documentation to be current (ITS-8253)
Fixed slapadd(8) manpage to note slapd-mdb (ITS-8215)
Fixed various minor grammar issues in the man pages (ITS-8544)
Fixed various typos (ITS-8587)
Many of these definitely do not depend on readline.
So there must be a different underlying problem, and that
should be tracked down instead of papering over it.
Solves:
/usr/libexec/binutils225/elf/ld.gold: error: cannot find -lreadline
The missing specification is obvious on DragonFly because there's
no publically accessible version of readline in base.
OpenSSL removed old DES API which used des_* functions.
24956ca00f
In order to link with libcrypto from recent OpenSSL releases, we need
to replace the older API des_* functions by the newer API DES_* functions.
Submitted upstream as ITS#8525
http://www.openldap.org/its/index.cgi/Incoming?id=8525
All recent NetBSD releases now have an OpenSSL recent enough so
that the DES symbols required by slapo-smbk5pwd can be found in
OpenSSL's libcrypto. We therefore do not need to link with -ldes
anymore, especialy since it now causes a build failure.
(otherwise Undefined PLT symbol "des_set_odd_parity")
- make sure OpenLDAP links with pkgsrc's libfetch as base libfetch
may be linked with a different OpenSSL than OpenLDAP.
Otherwise, with non-native kerberos, bdb.buildlink3.mk is included by
heimdal's bl3.mk before BDB_ACCEPTED is set, we get the wrong answer out,
and the package fails to build.
It's a good thing heimdal doesn't also need to set BDB_ACCEPTED I guess...
