Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

openldap2-ppolicy-check-password-1.2-71.3 RPM for aarch64

From OpenSuSE Ports Tumbleweed for aarch64

Name: openldap2-ppolicy-check-password Distribution: openSUSE Tumbleweed
Version: 1.2 Vendor: openSUSE
Release: 71.3 Build date: Sat Jan 15 10:59:17 2022
Group: Productivity/Networking/LDAP/Servers Build host: obs-arm-11
Size: 80315 Source RPM: openldap2-2.4.59-71.3.src.rpm
Summary: Password quality check module for OpenLDAP
An implementation of password quality check module, based on the original
work done by LDAP Toolbox Project (, that works
together with OpenLDAP password policy overlay (ppolicy), to enforce
password strength policies.






* Fri Jun 04 2021 Michael Ströder <>
  - updated to 2.4.59
    OpenLDAP 2.4.59 Release (2021/06/03)
      Fixed libldap TLSv1.3 cipher suites with OpenSSL 1.1.1 (ITS#9521)
      Fixed libldap double free of LDAP_OPT_DEFBASE (ITS#9530)
      Fixed slapd syncrepl handling of add+delete on single value attr (ITS#9295)
      Fixed slapd-mdb cursor init check (ITS#9526)
      Fixed slapd-mdb deletion of context entry (ITS#9531)
      Fixed slapd-mdb off-by-one affecting search scope (ITS#9557)
      Fixed slapo-pcache locking during expiration (ITS#9529)
      Fixed slapo-autogroup to not thrash thread context (ITS#9494)
      ldap_modify(3) - Delete non-existent mod_next parameter (ITS#9559)
* Tue Mar 16 2021 Michael Ströder <>
  - updated to 2.4.58
    OpenLDAP 2.4.58 Release (2021/03/16)
      Fixed slapd validity checks for issuerAndThisUpdateCheck (ITS#9454)
      Fixed slapd to alloc new conn struct after freeing old one (ITS#9458)
      Fixed slapd syncrepl to check all contextCSNs (ITS#9282)
      Fixed slapd-bdb lockdetect config (ITS#9449)
* Mon Jan 18 2021 Michael Ströder <>
  - updated to 2.4.57
    OpenLDAP 2.4.57 Release (2021/01/18)
    Fixed ldapexop to use correct return code (ITS#9417)
    Fixed slapd to remove asserts in UUIDNormalize (ITS#9391)
    Fixed slapd to remove assert in csnValidate (ITS#9410)
    Fixed slapd validity checks for issuerAndThisUpdateCheck (ITS#9411, ITS#9427)
    Fixed slapd validity checks for serialNumberAndIssuerCheck (ITS#9404, ITS#9424)
    Fixed slapd AVA sort with invalid RDN (ITS#9412)
    Fixed slapd ldap_X509dn2bv to check for invalid BER after RDN count (ITS#9423, ITS#9425)
    Fixed slapd saslauthz to remove asserts in validation (ITS#9406, ITS#9407)
    Fixed slapd saslauthz to use slap_sl_free on normalized DN (ITS#9409)
    Fixed slapd saslauthz SEGV in slap_parse_user (ITS#9413)
    Fixed slapd modrdn memory leak (ITS#9420)
    Fixed slapd double-free in vrfilter (ITS#9408)
    Fixed slapd cancel operation to correctly terminate (ITS#9428)
    Fixed slapd-ldap fix binds on retry with closed connection (ITS#9400)
    Fixed slapo-syncprov to ignore duplicate sessionlog entries (ITS#9394)
* Thu Dec 17 2020 Michael Ströder <>
  - added openldap2.keyring and source signature file
* Wed Nov 11 2020 Michael Ströder <>
  - updated to 2.4.56
    OpenLDAP 2.4.56 Release (2020/11/10)
    Fixed slapd to remove assert in certificateListValidate (ITS#9383)
    Fixed slapd to remove assert in csnNormalize23 (ITS#9384)
    Fixed slapd to better parse ldapi listener URIs (ITS#9379)
* Tue Oct 27 2020 William Brown <>
  - bsc#1175568 CVE-2020-8027 has a number of issues in it's
    design that lead to security issues. This file has been removed,
    from the package, and the %post execution of the install. The
    function is replaced by /usr/sbin/slapd-ldif-update-crc and
    /usr/lib/openldap/fixup-modulepath, through the addition of the
    source files:
* Mon Oct 26 2020 Michael Ströder <>
  - updated to 2.4.55
    OpenLDAP 2.4.55 Release (2020/10/26)
    Fixed slapd normalization handling with modrdn (ITS#9370)
    Fixed slapd-meta to check ldap_install_tls return code (ITS#9366)
      Fixed nssov misplaced semicolon (ITS#8731, ITS#9368)
    LMDB 0.9.27 Release (2020/10/26)
    ITS#9376 fix repeated DUPSORT cursor deletes
* Mon Oct 12 2020 Michael Ströder <>
  - updated to 2.4.54
    OpenLDAP 2.4.54 Release (2020/10/12)
    Fixed slapd delta-syncrepl to ignore delete ops on deleted entry (ITS#9342)
    Fixed slapd delta-syncrepl to be fully serialized (ITS#9330)
    Fixed slapd delta-syncrepl MOD on zero-length context entry (ITS#9352)
    Fixed slapd sessionlog to use a TAVL tree (ITS#8486)
    Fixed slapd syncrepl to be fully serialized (ITS#8102)
    Fixed slapd syncrepl to call check_syncprov on fresh consumer (ITS#9345)
    Fixed slapd syncrepl to propagate errors from overlay_entry_get_ov (ITS#9355)
    Fixed slapd syncrepl to not create empty ADD ops (ITS#9359)
    Fixed slapd syncrepl replace usage on single valued attrs (ITS#9295)
    Fixed slapd-monitor fix monitor_back_register_database for empty suffix DB (ITS#9353)
    Fixed slapo-accesslog normalizer for reqStart (ITS#9358)
    Fixed slapo-accesslog to not generate new contextCSN on purge (ITS#9361)
    Fixed slapo-syncprov contextCSN generation with empty suffix (ITS#9015)
* Mon Sep 07 2020 Michael Ströder <>
  - updated to 2.4.53
    OpenLDAP 2.4.53 (2020/09/07)
    Added slapd syncrepl additional SYNC logging (ITS#9043)
    Fixed slapd syncrepl segfault on NULL cookie on REFRESH (ITS#9282)
    Fixed slapd syncrepl to use fresh connection on REFRESH fallback (ITS#9338)
    Fixed slapo-ppolicy race condition for pwdFailureTime (ITS#9302,ITS#9334)
      Require OpenSSL 1.0.2 or later (ITS#9323)
      Fixed libldap compilation issue with broken C compilers (ITS#9332)
* Fri Aug 28 2020 Michael Ströder <>
  - updated to 2.4.52
    OpenLDAP 2.4.52 (2020/08/28)
    Added libldap LDAP_OPT_X_TLS_REQUIRE_SAN option (ITS#9318)
    Added libldap OpenSSL support for multiple EECDH curves (ITS#9054)
    Added slapd OpenSSL support for multiple EECDH curves (ITS#9054)
    Fixed librewrite malloc/free corruption (ITS#9249)
    Fixed libldap hang when using UDP and server down (ITS#9328)
    Fixed slapd syncrepl rare deadlock due to network issues (ITS#9324)
    Fixed slapd syncrepl regression that could trigger an assert (ITS#9329)
    Fixed slapd-mdb index error with collapsed range (ITS#9135)
* Thu Aug 20 2020 Thorsten Kukuk <>
  - Switch from shadow to sysusers to generate ldap account
  - Remove if's for code older than SLE12 (Even SLE12 builds no longer)
  - Remove 12 years old sasl2 migration code
* Sat Aug 15 2020 Thorsten Kukuk <>
  - Drop obsolete, not working DB_CONFIG
  - Remove init.d header from start script, does not work
  - Use bash for start script as syntax is not POSIX sh supported
  - Remove UPDATE_NEEDED section in start script, does never match
* Sat Aug 15 2020 Thorsten Kukuk <>
  - Remove remaining rc.status usage in start script
* Wed Aug 12 2020 Michael Ströder <>
  - updated to 2.4.51
  - removed obsolete patch 0014-ITS-8650-fix-debug-usage.patch
    OpenLDAP 2.4.51 Release (2020/08/11)
    Added slapo-ppolicy implement Netscape password policy controls (ITS#9279)
    Fixed libldap retry loop in ldap_int_tls_connect (ITS#8650)
    Fixed libldap to use getaddrinfo in ldap_pvt_get_fqdn (ITS#9287)
    Fixed slapd to enforce singular existence of some overlays (ITS#9309)
    Fixed slapd syncrepl to not delete non-replicated attrs (ITS#9227)
    Fixed slapd syncrepl to correctly delete entries on resync (ITS#9282)
    Fixed slapd syncrepl to use replace on single valued attrs (ITS#9294, ITS#9295)
    Fixed slapd-perl dynamic config with threaded slapd (ITS#7573)
    Fixed slapo-ppolicy to expose the ppolicy control (ITS#9285)
    Fixed slapo-ppolicy race condition for pwdFailureTime (ITS#9302)
    Fixed slapo-ppolicy so it can only exist once per DB (ITS#9309)
    Fixed slapo-chain to check referral (ITS#9262)
    Build Environment
      Fix test064 so it no longer uses bashisms (ITS#9263)
      Fix default prefix value for pw-argon2, pw-pbkdf2 modules (ITS#9248)
      slapo-allowed - Fix usage of unitialized variable (ITS#9308)
      ldap_parse_result(3) - Document ldap_parse_intermediate (ITS#9271)
* Mon Jun 08 2020 Callum Farmer <>
  - Revert changes to libexecdir
* Sun Jun 07 2020 Michael Ströder <>
  - More .spec cleanups
* Fri Jun 05 2020 Callum Farmer <>
  - Fixes for %_libexecdir changing to /usr/libexec
  - Spec file cleanups
* Wed May 06 2020 Michael Ströder <>
  - updated to 2.4.50
  - added 0014-ITS-8650-fix-debug-usage.patch
  - enabled new contrib overlay pw-argon2
  - replaced FTP by HTTPS download URL for source
  - removed 0009-Fix-ldap-host-lookup-ipv6.patch (see bsc#1171127)
    OpenLDAP 2.4.50 Release (2020/04/28)
    Fixed client benign typos (ITS#8890)
    Fixed libldap type cast (ITS#9175)
    Fixed libldap retry loop in ldap_int_tls_connect (ITS#8650)
    Fixed libldap_r race on Windows mutex initialization (ITS#9181)
    Fixed liblunicode memory leak (ITS#9198)
    Fixed slapd benign typos (ITS#8890)
    Fixed slapd to limit depth of nested filters (ITS#9202)
    Fixed slapd-mdb memory leak in dnSuperiorMatch (ITS#9214)
    Fixed slapo-pcache database initialization (ITS#9182)
    Fixed slapo-ppolicy callback (ITS#9171)
      Fix olcDatabaseDummy initialization for windows (ITS#7074)
      Fix detection for ws2tcpip.h for windows (ITS#8383)
      Fix back-mdb types for windows (ITS#7878)
      Update ldapc++ config.guess and config.sub to support newer architectures (ITS#7855)
      Added pw-argon2 module (ITS#9233, ITS#8575, ITS#9203, ITS#9206)
      slapd-ldap(5) - Clarify idassert-authzfrom behavior (ITS#9003)
      slapd-meta(5) - Remove client-pr option (ITS#8683)
      slapdinex(8) - Fix truncate option information for back-mdb (ITS#9230)
* Thu Jan 30 2020 Michael Ströder <>
  - updated to 2.4.49
  - removed obsolete back-port patches:
    * 0013_openldap-its9124_fix_crash_with_cancel_exop.patch
  - removed obsolete source file DB_CONFIG
    OpenLDAP 2.4.49 Release (2020/01/30)
    Added slapd-monitor database entry count for slapd-mdb (ITS#9154)
    Fixed client tools to not add controls on cancel/abandon (ITS#9145)
    Fixed client tools SyncInfo message to be LDIF compliant (ITS#8116)
    Fixed libldap to correctly free sb (ITS#9081, ITS#8755)
    Fixed libldap descriptor leak if ldaps fails (ITS#9147)
    Fixed libldap remove unnecessary global mutex for GnuTLS (ITS#9069)
    Fixed slapd syntax evaluation of preferredDeliveryMethod (ITS#9067)
    Fixed slapd to relax domainScope control check (ITS#9100)
    Fixed slapd to have cleaner error handling during connection setup (ITS#9112)
    Fixed slapd data check when processing cancel exop (ITS#9124)
    Fixed slapd attribute description processing (ITS#9128)
    Fixed slapd-ldap to set oldctrls correctly (ITS#9076)
    Fixed slapd-mdb to honor unchecked limit with alias deref (ITS#7657)
    Fixed slapd-mdb missing final commit with slapindex (ITS#9095)
    Fixed slapd-mdb drop attr mappings added in an aborted txn (ITS#9091)
    Fixed slapd-mdb nosync FLAG configuration handling (ITS#9150)
    Fixed slapd-monitor global operation counter reporting (ITS#9119)
    Fixed slapo-ppolicy when used with slapauth (ITS#8629)
    Fixed slapo-ppolicy to add a missed normalised copy of pwdChangedTime (ITS#9126)
    Fixed slapo-syncprov fix sessionlog init (ITS#9146)
    Fixed slapo-unique loop termination (ITS#9077)
    Build Environment
      Fix mkdep to honor TMPDIR if set (ITS#9062)
      Remove ICU library detection (ITS#9144)
      Update config.guess and config.sub to support newer architectures (ITS#7855)
      Disable ITS8521 regression test as it is no longer valid (ITS#9015)
      admin24 - Fix inconsistent whitespace in replication section (ITS#9153)
      slapd-config(5)/slapd.conf(5) - Fix missing bold tag for keyword (ITS#9063)
      slapd-ldap(5) - Document "tls none" option (ITS#9071)
      slapo-ppolicy(5) - Correctly document pwdGraceAuthnLimit (ITS#9065)
* Fri Jan 10 2020 Michael Ströder <>
  - added back-port patch
    to fix OpenLDAP ITS#9124
* Sun Dec 22 2019 Michael Ströder <>
  - use BuildRequires:  pkgconfig(krb5) instead of krb5-devel-mini
* Fri Aug 02 2019 Martin Liška <>
  - Use FAT LTO objects in order to provide proper static library.
* Thu Jul 25 2019
  - removal of SuSEfirewall2 service, since SuSEfirewall2 has been replaced by
    firewalld, see [1].
* Wed Jul 24 2019 Michael Ströder <>
  - Update to upstream release 2.4.48 with security fixes:
    * CVE-2019-13057 (ITS#9038):
      rootdn of any db can assert any identity
    * CVE-2019-13565 (ITS#9052):
      Unauthorized access caused by incorrect handling of SASL SSF values
  - Fix CVE-2017-17740 by disabling nops overlay not maintained by upstream
    (see also bsc#1073313, comment #36)
  - Removed obsolete patches:
    * 0002-openldap-its8727-plug-ber-leaks.patch
    * 0017-Fix-segfault-in-nops.patch
    OpenLDAP 2.4.48 (2019/07/24)
    Added libldap OpenSSL Elliptic Curve support (ITS#7595)
    Added libldap Expose OpenLDAP specific interfaces via openldap.h (ITS#8671)
    Added slapd-monitor support for slapd-mdb (ITS#7770)
    Fixed liblber leaks (ITS#8727)
    Fixed liblber with partial flush (ITS#8864)
    Fixed libldap ASYNC TLS so it works (ITS#8957,ITS#8980)
    Fixed libldap ASYNC connections with Solaris 10 (ITS#8968)
    Fixed libldap with SASL_NOCANON=on and ldapi connections (ITS#7585)
    Fixed libldap to be able to unset syncrepl TLS options (ITS#7042)
    Fixed libldap race condition in ldap_int_initialize (ITS#7996, ITS#8450)
    Fixed libldap return code in ldap_create_assertion_control_value (ITS#8674)
    Fixed libldap to correctly disable IPv6 when configured to do so (ITS#8754)
    Fixed libldap to correctly close TLS connection (ITS#8755)
    Fixed libldap with non-blocking TLS and referals (ITS#8167)
    Fixed libldap_r handling of deprecated OpenSSL function (ITS#8353)
    Fixed liblunicode case correspondance (ITS#8508)
    Fixed slapd with an idletimeout of less than four seconds (ITS#8952)
    Fixed slapd config parser variable for Windows64 (ITS#9012)
    Fixed slapd syncrepl fallback handling with delta-syncrepl (ITS#9015)
    Fixed slapd telephoneNumberNormalize, cert DN validation (ITS#8999)
    Fixed slapd syncrepl for relax with delta-syncrepl (ITS#8037)
    Fixed slapd to restrict rootDN proxyauthz to its own databases (ITS#9038)
    Fixed slapd to initialize SASL SSF per connection (ITS#9052)
    Fixed slapo-accesslog with SLAP_MOD_SOFT modifications (ITS#8990)
    Fixed slapd-ldap starttls connections timeout behavior (ITS#8963)
    Fixed slapd-ldap segfault when entry result doesn't match filter (ITS#8997)
    Fixed slapd-meta conversion from slapd.conf to cn=config (ITS#8743)
    Fixed slapd-meta assertion when network interface goes down (ITS#8841)
    Fixed slapd-mdb fix bitshift integer overflow (ITS#8989)
    Fixed slapd-mdb index cleanup with cn=config (ITS#8472)
    Fixed slapd-mdb to improve performance with alias deref (ITS#7657)
    Fixed slapo-accesslog possible assert with exops (ITS#8971)
    Fixed slapo-chain to correctly reject multiple chaining URIs (ITS#8637)
    Fixed slapo-chain conversion from slapd.conf to cn=config (ITS#8799)
    Fixed slapo-memberof conversion from slapd.conf to cn=config (ITS#8663)
    Fixed slapo-memberof for group name change to itself (ITS#9000)
    Fixed slapo-ppolicy behavior when pwdInHistory is changed (ITS#8349)
    Fixed slapo-rwm to not free original filter (ITS#8964)
    Fixed slapo-syncprov contextCSN generation (ITS#9015)
    Build Environment
      Fixed slapd to only link to BDB libraries with static build (ITS#8948)
      Fixed libldap implicit declaration with LDAP_CONNECTIONLESS (ITS#8794)
      Fixed libldap double inclusion of limits.h in cyrus.c (ITS#9041)
      General - Fixed minor typos (ITS#8764, ITS#8761)
      admin24 - Miscellaneous updates promoting mdb and fixing examples (ITS#9031)
      slapd.access(5) - Note MDB is the primary backend (ITS#8881)
      slapd.backends(5) - Note MDB is the recommended backend (ITS#8771)
      slapd-ldap(5) - Document starttls parameter (ITS#8693)
      Added slapo-lastbind capability to forward authTimestamp updates (ITS#7721)
* Tue May 14 2019 William Brown <>
  - bsc#1111388 - incorrect post script call causes tmpfiles create not to
    be run.
* Sun Mar 10 2019 Michael Ströder <>
  - Corrected moduleload to get a working configuration
    right after package installation.
* Fri Jan 04 2019 Michael Ströder <>
  - added back-ported fix for OpenLDAP ITS#8727
    (file 0002-openldap-its8727-plug-ber-leaks.patch)
* Thu Dec 20 2018 Michael Ströder <>
  - Update to upstream release 2.4.47
  - Removed obsolete patches:
    * 0006-No-Build-date-and-time-in-binaries.dif
      (upstream now uses SOURCE_DATE_EPOCH for reproducable builds)
    * 0012-ITS8051-sockdnpat.patch
    * 0014-ITS-8714-Send-out-EXTENDED-operation-message-from-back-sock.patch
    OpenLDAP 2.4.47 Release (2018/12/19)
      Added slapd-sock DN qualifier for subtrees to be processed (ITS#8051)
      Added slapd-sock ability to send extended operations to external listeners (ITS#8714)
      Fixed liblber to avoid incremental access to user-supplied bv in dupbv (ITS#8752)
      Fixed libldap dn to domain parsing with bad input (ITS#8842)
      Fixed slapd slapcat to correctly honor -g option (ITS#8667)
      Fixed slapd to correctly handle NO_SUCH_OBJECT with dynamic groups (ITS#8923)
      Fixed slapd to check status of rdnNormalize (ITS#8932)
      Fixed slapd cn=config when modifying slapo-syncprov config (ITS#8616)
      Fixed slapd sasl authz-policy "all" behavior (ITS#8909)
      Fixed slapd sasl minor typo (ITS#8918)
      Fixed slapd to correctly hide hidden DBs in the rootDSE (ITS#8912)
      Fixed slapd domainScope control to match Microsoft specification (ITS#8840)
      Fixed slapd-bdb/hdb/mdb to not convert certain IDLs to ranges (ITS#8868)
      Fixed slapo-accesslog deadlock during cleanup (ITS#8752)
      Fixed slapo-memberof cn=config modifications (ITS#8663)
      Fixed slapo-ppolicy with multimaster replication (ITS#8927)
      Fixed slapo-syncprov with NULL modlist (ITS#8843)
      Build Environment
      Added slapd reproducible build support (ITS#8928)
      Fixed missing includes with OpenSSL 1.0.2 (ITS#8809)
      Fixed slapo-pbkdf2 hash generation (ITS#8878)
      admin24 fixed minor typo (ITS#8887)
* Thu Nov 22 2018 Jan Engelhardt <>
  - Replace old $RPM_* shell vars
* Tue Nov 20 2018
  - Fix CVE-2017-17740: when both the nops module and the memberof
    overlay are enabled, attempts to free a buffer that was allocated
    on the stack
    * patch: 0017-Fix-segfault-in-nops.patch
* Mon Nov 12 2018 Dominique Leuenberger <>
  - Emergency fix: move tmpfiles_create post from the library package
    to the main package's post script, which ships the tmpfiles.d
    configuration. Fixes the post script of the library (-p
    /sbin/ldconfig does not allow more statements in the script).
* Thu Nov 08 2018
  - bsc#1111388 openldap and /var/lib/ldap/DB_CONFIG* (transactional-update)
* Fri Oct 26 2018 Michael Ströder <>
  - Fixed broken memory handling in
    affecting error response of slapo-unique
* Fri Aug 17 2018
  - Fix slapd segfaults in mdb_env_reader_dest
    +  with patch 0016-Clear-shared-key-only-in-close-function.patch
    +  (bsc#1089640)
* Fri Jun 29 2018
  - fixed shee-bang in (bsc#1099705)
* Wed Jun 20 2018
  - Added a patch to let slapd return the uniqueness check filter
    used before constraint violation to the client
* Tue Jun 05 2018
  - bsc#1095816 libldap package does not contain and provide libldap anymore
* Thu May 24 2018
  - Don't require systemd explicit, spec file can handle both cases
    correct and in containers we don't have systemd.
* Tue Apr 24 2018
  - bsc#1085064 Packaging issues have been discovered around the which has been corrected:
    - the spec file was wrongly configured, therefore the script has
    never been called
    - the script should create the symlinks first, as slapcat is
    useless on a system which is already affected.
* Fri Apr 06 2018
  - bsc#1085064 Add script "" which
    which removes the configuration item olcModulePath in cn=config
    which is after upgrade from SLE12 to SLE15 holds inappropriate
    information. If the cn=config is being used on a system, the
    conflicting items in slapd.conf are ignored, despite of it, the
    backend DB configuration section has been also commented out in
    the default slapd.conf.
    In case of correct cn=config (the olcModulePath has been already
    removed), the script stops without touching anything.
* Fri Mar 23 2018
  - Upgrade to upstream 2.4.46 release
  - removed obsolete back-port patches:
    * 0013-ITS-8692-let-back-sock-generate-increment-line.patch
    * 0016-ITS-8782-fix-cancel-memleak.patch
    OpenLDAP 2.4.46 Release (2018/03/22)
    Fixed libldap connection delete callbacks when TLS fails to start (ITS#8717)
    Fixed libldap to not reuse tls_session if TLS hostname check fails (ITS#7373)
    Fixed libldap cross-compiling with OpenSSL 1.1 (ITS#8687)
    Fixed libldap OpenSSL 1.1.1 compatibility with BIO_method (ITS#8791)
    Fixed libldap MozNSS CA certificate hash matching (ITS#7374)
    Fixed libldap MozNSS with PEM certs when also using an NSS cert db (ITS#7389)
    Fixed libldap MozNSS initialization (ITS#8484)
    Fixed libldap GnuTLS with GNUTLS_E_AGAIN (ITS#8650)
    Fixed libldap memory leak with cancel operations (ITS#8782)
    Fixed slapd Eventlog registry key creation on 64-bit Windows (ITS#8705)
    Fixed slapd to maintain SSF across SASL binds (ITS#8796)
    Fixed slapd syncrepl deadlock when updating cookie (ITS#8752)
    Fixed slapd syncrepl callback to always be last in the stack (ITS#8752)
    Fixed slapd telephoneNumberNormalize when the value is spaces and hyphens (ITS#8778)
    Fixed slapd CSN queue processing (ITS#8801)
    Fixed slapd-ldap TLS connection timeout with high latency connections (ITS#8720)
    Fixed slapd-ldap to ignore unknown schema when omit-unknown-schema is set (ITS#7520)
    Fixed slapd-mdb with an optimization for long lived read transactions (ITS#8226)
    Fixed slapd-meta assert when olcDbRewrite is modified (ITS#8404)
    Fixed slapd-sock with LDAP_MOD_INCREMENT operations (ITS#8692)
    Fixed slapo-accesslog cleanup to only occur on failed operations (ITS#8752)
    Fixed slapo-dds entryTTL to actually decrease as per RFC 2589 (ITS#7100)
    Fixed slapo-syncprov memory leak with delete operations (ITS#8690)
    Fixed slapo-syncprov to not clear pending operation when checkpointing (ITS#8444)
    Fixed slapo-syncprov to correctly record contextCSN values in the accesslog (ITS#8100)
    Fixed slapo-syncprov not to log checkpoints to accesslog db (ITS#8607)
    Fixed slapo-syncprov to process changes from this SID on REFRESH (ITS#8800)
    Fixed slapo-syncprov session log parsing to not block other operations (ITS#8486)
    Build Environment
    Fixed Windows build with newer MINGW version (ITS#8697)
    Fixed compiler warnings and removed unused variables (ITS#8578)
    Fixed ldapc++ Control structure (ITS#8583)
    Delete stub manpage for back-ldbm (ITS#8713)
    Fixed ldap_bind(3) to mention the LDAP_SASL_SIMPLE mechanism (ITS#8121)
    Fixed ldap.conf(5) to note SASL_MECH/SASL_REALM are no longer user-only (ITS#8818)
    Fixed slapd-config(5) typo for olcTLSCipherSuite (ITS#8715)
    Fixed slapo-syncprov(5) indexing requirements (ITS#5048)
* Thu Feb 22 2018
  - Use %license (boo#1082318)
* Mon Dec 11 2017
  - added 0016-ITS-8782-fix-cancel-memleak.patch
* Thu Nov 23 2017
  - Replace references to /var/adm/fillup-templates with new
    %_fillupdir macro (boo#1069468)
* Mon Oct 02 2017
  - Add openldap-r-only.dif so that openldap2's own tools also
    link against libldap_r rather than libldap.
  - Make libldap equivalent to libldap_r (like Debian) to avoid
    crashes in threaded programs which unknowingly get both
    libraries inserted into their process image.
    [rh#1370065, boo#996551]
* Mon Oct 02 2017
  - use existing groups instead of inventing new ones
* Mon Sep 18 2017
  - added 0012-ITS8051-sockdnpat.patch
* Wed Sep 06 2017
  - updated 0014-ITS-8714-Send-out-EXTENDED-operation-message-from-back-sock.patch
* Fri Aug 18 2017
  - Added OpenLDAP new feature implementing OpenLDAP ITS#8714
* Thu Jul 20 2017
  - added overlay trace to package openldap2-contrib
* Wed Jul 12 2017
  - Upgrade to upstream 2.4.45 release
  - removed obsolete 0010-Enforce-minimum-DH-size-of-1024.patch
    and  0012-use-system-wide-cert-dir-by-default.patch
  - added 0013-ITS-8692-let-back-sock-generate-increment-line.patch
    for supporting modify increment operations with back-sock
  - added overlay addpartial to package openldap2-contrib
* Wed Jun 07 2017
  - Remove legacy daemon control that was used to migrate from SLE 11
    to 12. (bsc#1038405)
* Tue Jun 06 2017
  - There is no change made about the package itself, this is only
    copying over some changelog texts from SLE package:
  - bug#976172 owned by openldap2 - missing
  - bug#916914 owned by VUL-0: CVE-2015-1546:
    openldap2: slapd crash in valueReturnFilter cleanup
  - [fate#319300](
  - [CVE-2015-1545](
  - bug#905959 owned by L3-Question: Are multiple
    "Connection 0" in a Multi Master setup normal ?
  - [CVE-2015-1546](
  - bug#916897 owned by VUL-0: CVE-2015-1545:
    openldap2: slapd crashes on search with deref control and empty attr list
* Fri Apr 07 2017
  - Drop binutils requirement; the code using /usr/bin/strings has
    been dropped in openSUSE:Factory/openldap2 revision 112.
* Sat Feb 18 2017
  - Remove superfluous insserv PreReq.
* Thu Nov 10 2016
  - Introduce patch 0012-use-system-wide-cert-dir-by-default.patch
    to let OpenLDAP read system wide certificate directory by
    default and avoid hiding the error if user specified CA location
    cannot be read (bsc#1009470).
* Fri Oct 14 2016
  - Add more details in the comments of slapd.conf concerning
    file permission and StartTLS capability.
* Thu Jun 23 2016
  - Test for user/group existence before trying to add them.
    Summary spello update.
* Thu Jun 16 2016
  - Move schema files into tarball addonschema.tar.gz:
    ldapns.ldif ldapns.schema rfc2307bis.ldif rfc2307bis.schema
    yast.ldif yast.schema
  - Package previously missing schema files in LDIF format:
    amavisd-new.ldif dhcp.ldif dlz.ldif dnszone.ldif samba3.ldif
    sudo.ldif suse-mailserver.ldif (bsc#984691)
  - Fix a minor issue in schema2ldif script that led to missing
    attribute in the generated LDIF.
* Tue May 17 2016
  - Enable build flag LDAP_USE_NON_BLOCKING_TLS to fix bsc#978408.
* Thu Feb 25 2016
  - Move ldap.conf into libldap-data package, per convention.
* Sun Feb 21 2016
  - Move ldap.conf out of shlib package again, they are not allowed
    there for obvious reasons (conflict with future package).
* Thu Feb 18 2016
  - Build password strength enforcer as an implementation of ppolicy
    password checker, introducing:
    (Implements fate#319461)
* Thu Feb 18 2016
  - Remove redundant -n openldap2- package name prefix.
* Mon Feb 08 2016
  - Remove openldap2-client.spec and openldap2-client.changes
    openldap2.spec now builds client utilities and libraries.
    Thus is removed.
  - Move ldap.conf and its manual page from openldap2-client package
    to libldap-2_4-2 package, which is more appropriate.
  - Use RPM_OPT_FLAGS in build flags.
  - Macros dealing with old/unsupported distributions are removed.
  - Remove 0002-slapd.conf.dif and install improved slapd.conf from
    new source file slapd.conf.
  - Install slapd.conf.olctemplate to assist in preparing slapd.d
    for OLC.
  - Be explicit in sysconfig that by default openldap will use
    static file configuration.
  - Add the following schemas in LDIF format:
    * rfc2307bis.ldif
    * ldapns.ldif
    * yast.ldif
  - Other minor clean-ups in the spec file.
* Mon Feb 08 2016
  - Use optflags when building
* Sat Feb 06 2016
  - Upgrade to upstream 2.4.44 release with accumulated bug fixes.
  - Specify source with FTP URL
  - Removed obsolete 0012-openldap-re24-its8336.patch
* Mon Jan 25 2016
  - Relabel patch 0011-Enforce-minimum-DH-size-of-1024.patch
    into 0010-Enforce-minimum-DH-size-of-1024.patch
* Tue Dec 08 2015
  - Upgrade to upstream 2.4.43 release with accumulated bug fixes.
  - Still build on SLES12
  - Loadable backend and overlay modules are now installed
    into arch-specific path %{_libdir}/openldap
  - All backends and overlays as modules for smaller memory footprint
    on memory constrained systems
  - Added extra package for back-sock
  - Consequent use of %{_rundir} everywhere
  - Rely on upstream ./configure script instead of any other
    macro foo
  - Dropped linking with libwrap
  - Dropped 0004-libldap-use-gethostbyname_r.dif because this
    work-around for nss_ldap is obsolete
  - New sub-package openldap2-contrib with selected contrib/ overlays
  - Replaced addonschema.tar.gz with separate schema sources
  - Updated ldapns.schema from recent slapo-nssov source tree
  - Added symbolic link to slapd executable in /usr/sbin/
  - Added more complex example configuration file
  - Set OPENLDAP_START_LDAPI="yes" in /etc/sysconfig/openldap
  - Set OPENLDAP_REGISTER_SLP="no" in /etc/sysconfig/openldap
  - Added patch for OpenLDAP ITS#7796 to avoid excessive
    "not index" logging:
  - Replaced openldap-rc.tgz with single source files
  - Added soft dependency (Recommends) to cyrus-sasl
  - Added soft dependency (Recommends) to cyrus-sasl-devel
    to openldap2-devel
  - Added patch for OpenLDAP ITS#8336 (assert in liblmdb):
  - Remove obsolete patch 0001-build-adjustments.dif
* Wed Dec 02 2015
  - Introduce patch 0010-Revert-Revert-ITS-8240-remove-obsolete-assert.patch
    to fix CVE-2015-6908. (bsc#945582)
  - Introduce patch 0011-Enforce-minimum-DH-size-of-1024.patch
    to address weak DH size vulnerability (bsc#937766)
* Mon Nov 30 2015
  - Introduce patch 0009-Fix-ldap-host-lookup-ipv6.patch
    to fix an issue with unresponsive LDAP host lookups in IPv6 environment.
* Fri Oct 09 2015
  - Remove OpenLDAP 2.3 code and patches from build source.
    Compatibility libraries for OpenLDAP 2.3 are built in package:
    Removed source files:
* Thu Oct 01 2015
  - Upgrade to upstream 2.4.42 release with accumulated bug fixes.
* Tue Jul 21 2015
  - Upgrade to upstream 2.4.41 release with accumulcated bug fixes and stability improvements.
    * Add patch 0008-In-monitor-backend-do-not-return-Connection0-entries.patch
    * Remove already applied patch 0008-ITS-7723-fix-reference-counting.patch
    * Remove already applied patch 0009-gcc5.patch
    (Implements fate#319301)
* Thu Feb 19 2015
  - Add 0009-gcc5.patch to pass -P to the preprocessor in configure checks
    for Berkeley DB version
* Wed Nov 26 2014
  - binutils is required for "strings" utility invocation in %pre
  - Remove SLE10 definitions
* Sun Oct 12 2014
  - Use %_smp_mflags for parallel build
* Mon Sep 22 2014
  - Add baselibs.conf to sources list
* Wed Sep 10 2014
  - Do not bypass output of useradd and groupadd
* Tue Sep 02 2014
  - sanitize release line in specfile
* Wed Jul 16 2014
  - segfault on certain queries with rwm overlay (bnc#846389)
* Fri Jun 06 2014
  - enable systemd slapd service if SysV ldap was enabled (bnc#881476)
* Tue May 13 2014
  - use %_rundir if available, otherwise /var/run
* Wed Apr 23 2014
  - move systemd requires to server package
* Tue Feb 18 2014
  - Fix systemd service installation
* Sun Feb 16 2014
  - use configure macro also for building the 2.3.37 version
* Wed Feb 12 2014
  - Remove PidFile from service definition
  - Update to 2.4.39
    * Fixed libldap MozNSS crash (ITS#7783)
    * Fixed libldap memory leak with SASL (ITS#7757)
    * Fixed libldap assert in parse_passwdpolicy_control (ITS#7759)
    * Fixed libldap shortcut NULL RDNs (ITS#7762)
    * Fixed libldap deref to use correct control
    * Fixed liblmdb keysizes with mdb_update_key (ITS#7756)
    * Fixed slapd cn=config olcDbConfig modification (ITS#7750)
    * Fixed slapd-bdb/hdb to bail out of search if config is paused (ITS#7761)
    * Fixed slapd-bdb/hdb indexing issue with derived attributes (ITS#7778)
    * Fixed slapd-mdb to bail out of search if config is paused (ITS#7761)
    * Fixed slapd-mdb indexing issue with derived attributes (ITS#7778)
    * Fixed slapd-perl to bail out of search if config is paused (ITS#7761)
    * Fixed slapd-sql to bail out of search if config is paused (ITS#7761)
    * Fixed slapo-constraint handling of softadd/softdel (ITS#7773)
    * Fixed slapo-syncprov assert with findbase (ITS#7749)
    * Build Environment
      Test suite: Use $(MAKE) for tests (ITS#7753)
    * Documentation
      admin24 fix TLSDHParamFile to be correct (ITS#7684)
* Tue Feb 11 2014
  - Add systemd style service definition
  - FATE#315028 remove memory limit for slapd
  - FATE#315415: LDAP compat packages required for older SLES versions
    For this reson following patches were applied:
* Wed Dec 11 2013
  - Make /etc/sasl2 owned by openldap2.
* Wed Dec 11 2013
  - Update to 2.4.38
    * Fixed liblmdb nordahead flag (ITS#7734)
    * Fixed liblmdb to check cursor index before cursor_del (ITS#7733)
    * Fixed liblmdb wasted space on split (ITS#7589)
    * Fixed slapd for certs with a NULL issuerDN (ITS#7746)
    * Fixed slapd cn=config with empty nested includes (ITS#7739)
    * Fixed slapd syncrepl memory leak with delta-sync MMR (ITS#7735)
    * Fixed slapd-bdb/hdb to stop processing on dn not found (ITS#7741)
    * Fixed slapd-bdb/hdb with indexed ANDed filters (ITS#7743)
    * Fixed slapd-mdb to stop processing on dn not found (ITS#7741)
    * Fixed slapd-mdb dangling reader (ITS#7662)
    * Fixed slapd-mdb matching rule for OlcDbEnvFlags (ITS#7737)
    * Fixed slapd-mdb with indexed ANDed filters (ITS#7743)
    * Fixed slapd-meta from blocking other threads (ITS#7740)
    * Fixed slapo-syncprov assert with findbase (ITS#7749)
      Changes in 2.4.37
    * Added liblmdb nordahead environment flag (ITS#7725)
    * Fixed client tools CLDAP with IPv6 (ITS#7695)
    * Fixed libldap CLDAP with IPv6 (ITS#7695)
    * Fixed libldap lock ordering with abandon op (ITS#7712)
    * Fixed liblmdb segfault with mdb_cursor_del (ITS#7718)
    * Fixed liblmdb when converting to writemap (ITS#7715)
    * Fixed liblmdb assert on MDB_NEXT with delete (ITS#7722)
    * Fixed liblmdb wasted space on split (ITS#7589)
    * Fixed slapd cn=config with olcTLSProtocolMin (ITS#7685)
    * Fixed slapd-bdb/hdb optimize index updates (ITS#7329)
    * Fixed slapd-ldap chaining with cn=config (ITS#7381, ITS#7434)
    * Fixed slapd-ldap chaning with controls (ITS#7687)
    * Fixed slapd-mdb optimize index updates (ITS#7329)
    * Fixed slapd-meta chaining with cn=config (ITS#7381, ITS#7434)
    * Fixed slapo-constraint to no-op on nonexistent entries (ITS#7692)
    * Fixed slapo-dds assert on startup (ITS#7699)
    * Fixed slapo-memberof to not replicate internal ops (ITS#7710)
    * Fixed slapo-refint to not replicate internal ops (ITS#7710)
      Changes in 2.4.36
    * Added back-meta target filter patterns (ITS#7609)
    * Added liblmdb mdb_txn_env to API (ITS#7660)
    * Fixed libldap CLDAP with uninit'd memory (ITS#7582)
    * Fixed libldap with UDP (ITS#7583)
    * Fixed libldap OpenSSL TLS versions (ITS#7645)
    * Fixed liblmdb MDB_PREV behavior (ITS#7556)
    * Fixed liblmdb transaction issues (ITS#7515)
    * Fixed liblmdb mdb_drop overflow page return (ITS#7561)
    * Fixed liblmdb nested split (ITS#7592)
    * Fixed liblmdb overflow page behavior (ITS#7620)
    * Fixed liblmdb race condition with read and write txns (ITS#7635)
    * Fixed liblmdb mdb_del behavior with MDB_DUPSORT and mdb_del (ITS#7658)
    * Fixed slapd cn=config with unknown schema elements (ITS#7608)
    * Fixed slapd cn=config with loglevel 0 (ITS#7611)
    * Fixed slapd slapi filterlist free behavior (ITS#7636)
    * Fixed slapd slapi control free behavior (ITS#7641)
    * Fixed slapd schema countryString as directoryString (ITS#7659)
    * Fixed slapd schema telephoneNumber as directoryString (ITS#7659)
    * Fixed slapd-bdb/hdb to wait for read locks in tool mode (ITS#6365)
    * Fixed slapd-mdb behavior with alias dereferencing (ITS#7577 )
    * Fixed slapd-mdb modrdn and base-scoped searches (ITS#7604)
    * Fixed slapd-mdb refcount behavior (ITS#7628)
    * Fixed slapd-meta binding flag is set (ITS#7524)
    * Fixed slapd-meta with minimal config (ITS#7581)
    * Fixed slapd-meta missing results messages (ITS#7591)
    * Added slapd-meta TCP keepalive support (ITS#7513)
    * Fixed slapo-sssvlv double free (ITS#7588)
    * Fixed slaptest to list -Q option (ITS#7568)
      Changes in 2.4.35
    * Fixed liblmdb mdb_cursor_put with MDB_MULTIPLE (ITS#7551)
    * Fixed liblmdb page rebalance (ITS#7536)
    * Fixed liblmdb missing parens (ITS#7377)
    * Fixed liblmdb mdb_cursor_del crash (ITS#7553)
    * Fixed slapd syncrepl updateCookie status (ITS#7531)
    * Fixed slapd connection logging (ITS#7543)
    * Fixed slapd segfault on modify (ITS#7542, ITS#7432)
    * Fixed slapd-mdb to reject undefined attrs (ITS#7540)
    * Fixed slapo-pcache with +/- attrsets (ITS#7552)
      Changes in 2.4.34
    * Fixed libldap connections with EINTR (ITS#7476)
    * Fixed libldap lineno overflow in ldif_read_record (ITS#7497)
    * Fixed liblmdb mdb_env_open flag handling (ITS#7453)
    * Fixed liblmdb mdb_midl_sort array optimization (ITS#7432)
    * Fixed liblmdb freelist with large entries (ITS#7455)
    * Fixed liblmdb to check for filled dirty page list (ITS#7491)
    * Fixed liblmdb to validate data limits (ITS#7485)
    * Fixed liblmdb mdb_update_key for large keys (ITS#7505)
    * Fixed ldapmodify to not core dump with invalid LDIF (ITS#7477)
    * Fixed slapd syncrepl for old entries in MMR setup (ITS#7427)
    * Fixed slapd signedness for index_substr_any_* (ITS#7449)
    * Fixed slapd enforce SLAPD_MAX_DAEMON_THREADS (ITS#7450)
    * Fixed slapd mutex in send_ldap_ber (ITS#6164)
    * Added slapd-ldap onerr option (ITS#7492)
    * Added slapd-ldap keepalive support (ITS#7501)
    * Fixed slapd-ldif with empty dir (ITS#7451)
    * Fixed slapd-mdb to reopen attr DBs after env reopen (ITS#7416)
    * Fixed slapd-mdb handling of missing entries (ITS#7483,7496)
    * Fixed slapd-mdb environment flag setting (ITS#7452)
    * Fixed slapd-mdb with sub db slapcat (ITS#7469)
    * Fixed slapd-mdb to correctly work with toolthreads > 2 (ITS#7488,ITS#7527)
    * Fixed slapd-mdb subtree search speed (ITS#7473)
    * Fixed slapd-meta conversion to cn=config (ITS#7525)
    * Fixed slapd-meta segfault when modifying olcDbUri (ITS#7526)
    * Fixed slapd-sql back-config support (ITS#7499)
    * Fixed slapo-constraint handle uri and restrict correctly (ITS#7418)
    * Fixed slapo-constraint with multi-master replication (ITS#7426)
    * Fixed slapo-constraint segfault (ITS#7431)
    * Fixed slapo-deref control initialization (ITS#7436)
    * Fixed slapo-deref control exposure (ITS#7445)
    * Fixed slapo-memberof with internal ops (ITS#7487)
    * Fixed slapo-pcache matching rules for config db (ITS#7459)
    * Fixed slapo-rwm modrdn cleanup (ITS#7414)
    * Fixed slapo-sssvlv maxperconn parameter (ITS#7484)
* Mon Jun 17 2013
  - For now, avoid automatic use of libdb-6_0 by explicitly selecting
    libdb-4_8 as BuildRequire.
* Mon Mar 25 2013
  - Put static libs into openldap2-devel-static and relieve
    openldap2-devel of static-only deps
* Sat Nov 17 2012
  - fix for kernel > 3.0
* Fri Nov 16 2012
  - Fixed initscript to avoid endless loop when no configuration
    is present in /etc/openldap/slapd.d/ (bnc#767464)
  - cleaned up SLES10 buildrequires and dependencies
  - removed support for building on SLES9, didn't work anyway anymore
  - Don't buildrequire krb5-mini on Distributions where it does not
* Fri Oct 26 2012
  - enabled mdb backend
  - Update to 2.4.33
    * Added slapd-meta cn=config support
    * Fixed slapd alock handling on Windows (ITS#7361)
    * Fixed slapd acl handling with zero-length values (ITS#7350)
    * Fixed slapd syncprov to not reference ops inside a lock (ITS#7172)
    * Fixed slapd delta-syncrepl MMR with large attribute values (ITS#7354)
    * Fixed slapd slapd_rw_destroy function (ITS#7390)
    * Fixed slapd-ldap idassert bind handling (ITS#7403)
    * Fixed slapo-constraint with multiple modifications (ITS#7168)
    Changes in 2.4.32:
    * Added slappasswd loadable module support (ITS#7284)
    * Fixed tools to not clobber SASL_NOCANON (ITS#7271)
    * Fixed libldap function declarations (ITS#7293)
    * Fixed libldap double free (ITS#7270)
    * Fixed libldap debug level setting (ITS#7290)
    * Fixed libldap gettime() regression (ITS#6262)
    * Fixed libldap sasl handling (ITS#7118, ITS#7133)
    * Fixed libldap to correctly free socket with TLS (ITS#7241)
    * Fixed slapd config index renumbering (ITS#6987)
    * Fixed slapd duplicate error response (ITS#7076)
    * Fixed slapd parsing of PermissiveModify control (ITS#7298)
    * Fixed slapd-bdb/hdb cache hang under high load (ITS#7222)
    * Fixed slapd-bdb/hdb alias checking (ITS#7303)
    * Fixed slapd-bdb/hdb olcDbConfig changes work immediately (ITS#7338)
    * Fixed slapd-ldap to encode user DN during password change (ITS#7319)
    * Fixed slapd-ldap assertion when proxying to MS AD (ITS#6851)
    * Fixed slapd-ldap monitoring (ITS#7182, ITS#7225)
    * Fixed slapd-perl panic (ITS#7325)
    * Fixed slapo-accesslog memory leaks with sync replication (ITS#7292)
    * Fixed slapo-syncprov memory leaks with sync replication (ITS#7292)
* Fri Oct 26 2012
  - add explicit buildrequire on groff - needed to build manuals
* Tue Oct 16 2012
  - buildrequire krb5-mini in openldap2-client to avoid cycle
  - move Summary out of the %if as prepare_spec is confused about
    the license otherwise
* Thu May 10 2012
  - update to 2.4.31
    * Added slapo-accesslog support for reqEntryUUID (ITS#6656)
    * Fixed libldap IPv6 URL detection (ITS#7194)
    * Fixed libldap rebinding on failed connection (ITS#7207)
    * Fixed slapd listener initialization (ITS#7233)
    * Fixed slapd cn=config with olcTLSVerifyClient (ITS#7197)
    * Fixed slapd delta-syncrepl fallback on non-leaf error (ITS#7195)
    * Fixed slapd to reject MMR setups with bad serverID setting
    * Fixed slapd approxIndexer key generation (ITS#7203)
    * Fixed slapd modification of olcSuffix (ITS#7205)
    * Fixed slapd schema validation with missing definitions
    * Fixed slapd syncrepl -c with supplied CSN values (ITS#7245)
    * Fixed slapd-bdb/hdb idlcache with only one element (ITS#7231)
    * Fixed slapo-accesslog deadlock with non-logged write ops
    * Fixed slapo-syncprov sessionlog check (ITS#7218)
    * Fixed slapo-syncprov entry leak (ITS#7234)
    * Fixed slapo-syncprov startup initialization (ITS#7235)
* Mon Apr 23 2012
  - Disabled testsuite for now. Causes problems in the buildserivce
* Tue Mar 06 2012
  - Update to 2.4.30
    * Fixed libldap socket polling for writes (ITS#7167)
    * Fixed liblutil string modifications (ITS#7174)
    * Fixed slapd crash when attrsOnly is true (ITS#7143)
    * Fixed slapd syncrepl delete handling (ITS#7052,ITS#7162)
    * Fixed slapo-pcache time-to-refesh handling (ITS#7178)
    * Fixed slapo-syncprov loop detection (ITS#6024)
* Mon Feb 27 2012
  - Update to 2.4.29
    * Fixed slapd cn=config modification of first schema element
    * Fixed slapd operation reuse (ITS#7107)
    * Fixed slapd blocked writers to not interfere with pool pause
    * Fixed slapd connection loop connindex usage (ITS#7131)
    * Fixed slapd double mutex unlock via connection_done (ITS#7125)
    * Fixed slapd check order in connection_write (ITS#7113)
    * Fixed slapd slapadd to exit on failure (ITS#7142)
    * Fixed slapd syncrepl reference to freed memory
    * Fixed slapd syncrepl to ignore some errors on delete
    * Fixed slapd syncrepl to handle missing oldRDN (ITS#7144)
    * Fixed slapd-monitor compare op to update cached entry
    * Fixed slapo-syncprov with already abandoned operation
  - Included patches from RE24 branch:
    * only poll sockets for write as needed (ITS#7167, bnc#749082)
    * sycnrepl Fixes (ITS#7162)
* Wed Dec 07 2011
  - license update: OLDAP-2.8
    SPDX format (
* Fri Dec 02 2011
  - Update to 2.4.28
    * Fixed back-mdb out of order slapadd (ITS#7090)
    changes in OpenLDAP 2.4.27 Release (2011/11/24):
    * Added slapd delta-syncrepl MMR (ITS#6734,ITS#7029,ITS#7031)
    * Fixed ldapmodify crash with LDIF controls (ITS#7039)
    * Fixed ldapsearch to honor timeout and timelimit (ITS#7009)
    * Fixed libldap endless looping (ITS#7035)
    * Fixed libldap TLS to not check hostname when using 'allow'
    * Fixed slapadd common code into slapcommon (ITS#6737)
    * Fixed slapd backend connection initialization (ITS#6993)
    * Fixed slapd frontend DB parsing in cn=config (ITS#7016)
    * Fixed slapd hang with {numbered} overlay insertion (ITS#7030)
    * Fixed slapd inet_ntop usage (ITS#6925)
    * Fixed slapd cn=config deletion of bitmasks (ITS#7083)
    * Fixed slapd cn=config modify replace/delete crash (ITS#7065)
    * Fixed slapd schema UTF8StringNormalize with 0 length values
    * Fixed slapd with dynamic acls for cn=config (ITS#7066)
    * Fixed slapd response callbacks (ITS#6059,ITS#7062)
    * Fixed slapd no_connection warnings with ldapi
    * Fixed slapd return code processing (ITS#7060)
    * Fixed slapd sl_malloc various issues (ITS#6437)
    * Fixed slapd startup behavior (ITS#6848)
    * Fixed slapd syncrepl crash with non-replicated ops (ITS#6892)
    * Fixed slapd syncrepl with modrdn (ITS#7000,ITS#6472)
    * Fixed slapd syncrepl timeout when using refreshAndPersist
    * Fixed slapd syncrepl deletes need a non-empty CSN (ITS#7052)
    * Fixed slapd syncrepl glue for empty suffix (ITS#7037)
    * Fixed slapd results cleanup (ITS#6763,ITS#7053)
    * Fixed slapd validation of args for TLSCertificateFile
    * Fixed slapd-bdb/hdb to build entry DN based on parent DN
    * Fixed slapd-hdb with zero-length entries (ITS#7073)
    * Fixed slapd-hdb duplicate entries in subtree IDL cache
    * Fixed slapo-pcache response cleanup (ITS#6981)
    * Fixed slapo-ppolicy pwdAllowUserChange behavior (ITS#7021)
    * Fixed slapo-sssvlv issue with greaterThanorEqual (ITS#6985)
    * Fixed slapo-sssvlv to only return requested attrs (ITS#7061)
    * Fixed slapo-syncprov DSA attribute filtering for Persist mode
    * Fixed slapo-syncprov when consumer has newer state of our SID
    * Fixed slapo-syncprov crash (ITS#7025)
    * Added missing LDIF form of schema files (ITS#7063)
* Fri Nov 25 2011
  - add libtool as buildrequire to avoid implicit dependency
* Mon Oct 24 2011
  - ACL changes to the config database only got active after slapd
    restart in certain cases (bnc#716895, ITS#7066).
  - Adjusted default DB_CONFIG to increase max values for locks and
    lock objects (bnc#719803)
  - Fix UTF8StringNormalize overrun on zero-length string
    (bnc#724201, ITS#7059)
* Thu Jul 07 2011
  - Update to 2.4.26
    * Added libldap LDAP_OPT_X_TLS_PACKAGE (ITS#6969)
    * Fixed libldap descriptor leak (ITS#6929)
    * Fixed libldap socket leak (ITS#6930)
    * Fixed libldap get option crash (ITS#6931)
    * Fixed libldap lockup (ITS#6898)
    * Fixed libldap ASYNC TLS setup (ITS#6828)
    * Fixed libldap with missing \n terminations (ITS#6947)
    * Fixed tools double free (ITS#6946)
    * Fixed tools verbose output (ITS#6977)
    * Fixed ldapmodify SEGV on invalid LDIF (ITS#6978)
    * Added slapd extra_attrs database option (ITS#6513)
    * Fixed slapd asserts (ITS#6932)
    * Fixed slapd configfile param on windows (ITS#6933)
    * Fixed slapd config with global chaining (ITS#6843)
    * Fixed slapd uninitialized variables (ITS#6935)
    * Fixed slapd config objectclass is readonly (ITS#6963)
    * Fixed slapd entry response with control (ITS#6899)
    * Fixed slapd with unknown attrs (ITS#6819)
    * Fixed slapd normalization of schema RDN (ITS#6967)
    * Fixed slapd operations cache to 10 op limit (ITS#6944)
    * Fixed slapd syncrepl crash with non-replicated ops (ITS#6892)
    * Fixed slapd-bdb/hdb with sparse index ranges (ITS#6961)
    * Fixed back-ldap ppolicy updates (ITS#6711)
    * Fixed back-ldap with id-assert (ITS#6817)
    * Fixed various slapo-pcache issues (ITS#6823, ITS#6950,
      ITS#6951, ITS#6953, ITS#6954)
    * Fixed slapo-pcache database corruption (ITS#6831)
    * Fixed slapo-syncprov with replicated subtrees (ITS#6872)
  - backported delete support for child entries of overlays from
    master (bnc#704398)
* Tue Mar 29 2011
  - Updated to 2.4.25, important changes:
    * Fixed ldapsearch pagedresults loop (ITS#6755)
    * Fixed tools for incompatible args (ITS#6849)
    * Fixed libldap MozNSS crash (ITS#6863)
    * Fixed slapd add objectclasses in order (ITS#6837)
    * Added slapd ordering for uidNumber and gidNumber (ITS#6852)
    * Fixed slapd segfault when adding values out of order (ITS#6858)
    * Fixed slapd sortval handling (ITS#6845)
    * Fixed slapd-bdb with slapadd/index quick option (ITS#6853)
    * Fixed slapd-ldap chain cn=config support (ITS#6837)
    * Fixed slapd-ldap chain with slapd.conf (ITS#6857)
    * Fixed slapd-meta deadlock (ITS#6846)
    * Fixed slapo-sssvlv with multiple requests (ITS#6850)
    * Fixed contrib/lastbind install rules (ITS#6238)
    * Fixed contrib/cloak install rules (ITS#6877)
* Tue Feb 22 2011
  - Surpress gcc warnings about extra format string arguments for 2.3.x
    built as well.
* Mon Feb 14 2011
  - Updated to 2.4.24, important changes:
    * Added libldap_r,libldap formal concurrency API (ITS#6625,ITS#5421)
    * Added slapadd attribute value checking (ITS#6592)
    * Added slapcat continue mode for problematic DBs (ITS#6482)
    * Added slapd syncrepl suffixmassage support (ITS#6781)
    * Fixed liblber to not close invalid sockets (ITS#6585)
    * Fixed libldap referral chasing (ITS#6602)
    * Fixed libldap leak when chasing referrals (ITS#6744)
    * Fixed slapd acl parsing overflow (ITS#6611)
    * Fixed slapd acl when resuming parsing (ITS#6804)
    * Fixed slapd default config acls with overlays (ITS#6822)
    * Fixed slapd config leak with olcDbDirectory (ITS#6634)
    * Fixed slapd when first acl is value dependent (ITS#6693)
    * Fixed slapd-bdb slapadd -q with glued dbs (ITS#6794)
    * Fixed slapo-ppolicy don't update opattrs on consumers (ITS#6608)
    * Fixed slapo-ppolicy to allow userPassword deletion (ITS#6620)
    * Fixed slapo-syncprov to send error if consumer is newer (ITS#6606)
    * Fixed slapo-syncprov filter race condition (ITS#6708)
    * Fixed slapo-syncprov active mod race (ITS#6709)
    * Fixed slapo-syncprov to refresh if context is dirty (ITS#6710)
    * Fixed slapo-syncprov CSN updates to all replicas (ITS#6718)
    * Fixed slapo-syncprov sessionlog ordering (ITS#6716)
    * Fixed slapo-syncprov sessionlog with adds (ITS#6503)
    * Fixed slapo-syncprov mutex (ITS#6438)
    * Fixed slapo-syncprov mincsn check with MMR (ITS#6717)
    * Fixed slapo-syncprov control leak (ITS#6795)
    * Fixed slapo-syncprov error codes (ITS#6812)
    * For a comprehensive list of changes please consult the CHANGES
  - removed unneeded openSUSE 11.0 specifc patch
* Tue Feb 01 2011
  - slapadd -q could crash for glued bdb/hdb databases
* Wed Jan 19 2011
  - Install the correct schema2ldif script (bnc#665530)
* Wed Jan 05 2011
  - Fixed quotation in init-script to avoid errors when calling it
    from within /etc/openldap/slapd.d/cn=config/ (bnc#660492).
* Fri Nov 12 2010
  - Surpress gcc warnings about extra format string arguments.
  - Split-off openldap2-doc (noarch) package (Admin Guide and IDs)
  - Backported -VVV commandline switch for slapd from HEAD
    (to list enabled static overlays)
  - Build all overlays except syncprov and ppolicy as dynamic modules
    (Fixes bnc#648479, FATE#307837)
  - Added README.dynamic-overlays to point out some details about
    dynamic overlays
  - simplified pie-compile patch and adjusted it to work with
    dynamic overlays
* Tue Oct 05 2010
  - Handle the libdb-4_5 -> libdb-4_8 Version update by opening the
    Databases with DB_RECOVER if a version mismatch is detected.
* Sun Oct 03 2010
  - Do not include Build date and time in binaries, this
    avoids build-compare failures and unhelpful rebuilds/republishes
* Wed Sep 29 2010
  - Don't build 2.3 slapcat anymore for 11.3 and newer. We switch to
    2.4 long ago.
  - Removed automatic 2.3->2.4 migration in %post
  - moved back-sql examples to make rpmlint happy
* Thu Aug 26 2010
  - Fix listener URIs in init script to make SLP registration work
    again (bnc#620389)
* Fri Jul 23 2010
  - Fixed RPM Group and Summary Tags (bnc#624980)
* Thu Jul 01 2010
  - Updated to 2.4.23:
    * Fixed libldap to return server's error code (ITS#6569)
    * Fixed libldap memleaks (ITS#6568)
    * Fixed liblutil off-by-one with delta (ITS#6541)
    * Fixed slapd acls with glued databases (ITS#6468)
    * Fixed slapd syncrepl rid logging (ITS#6533)
    * Fixed slapd modrdn handling of invalid values (bnc#612430,
    * Fixed slapd-bdb hasSubordinates computation (ITS#6549)
    * Fixed slapd-bdb to use memcpy instead for strcpy (ITS#6474)
    * Fixed slapd-bdb entry cache delete failure (ITS#6577)
    * Fixed slapd-ldap to return control responses (ITS#6530)
    * Fixed slapo-ppolicy to use Debug (ITS#6566)
    * Fixed slapo-refint to zero out freed DN vals (ITS#6572)
    * Fixed slapo-rwm to use Debug (ITS#6566)
    * Fixed slapo-sssvlv to use Debug (ITS#6566)
    * Fixed slapo-syncprov lost deletes in refresh phase (bnc#606294,
    * Fixed slapo-valsort to use Debug (ITS#6566)
    * Fixed contrib/nssov network.c missing patch (ITS#6562)
  - New subpackage openldap2-back-sql. Contains the SQL backend
    module plus some documentation (bnc#395719)
  - generate Patches from git tree (resulted in all patches being
  - installing binaries without stripping them is done by setting
    the STRIP enviroment variable instead for patching the Makefile
  - Fixed a bug in the syncprov overlay which could lead to not
    replicate delete Operations (ITS#6555, bnc#606294)
  - BuildRequires cleanup
* Thu Jul 01 2010
  - LDAP clients could crash the server by submitting a specially
    crafted LDAP ModRDN operation.  (bnc#612430, ITS#6570)
  - Delete Operations happening during the "Refresh" phase of
    "refreshAndPersist" replication failed to replicate under
    certain circumstances (bnc#606294, ITS#6555)
* Mon May 10 2010
  - Create /var/run/slapd on demand. /var/run might be mounted on
* Thu Apr 15 2010
  - fix build dependency cycle for -client package with openslp
* Wed Mar 17 2010
  - Fixed quotation in sed expression to escape ldapi path in init
* Tue Mar 16 2010
  - Removed obsolete hunk from openldap2.dif
  - Remove ldap.conf patch to use saner default for Certificate
    verification (bnc#575146)
* Sat Feb 13 2010
  - Add fix for stricter fortification checks of GCC 4.5.
* Thu Jan 07 2010
  - Updated to 2.4.21:
    * Fixed liblutil for negative microsecond offsets (ITS#6405)
    * Fixed slapd global settings to work without restart (ITS#6428)
    * Fixed slapd looping with SSL/TLS connections (ITS#6412)
    * Fixed slapd syncrepl freeing tasks from queue (ITS#6413)
    * Fixed slapd syncrepl parsing of tls defaults (ITS#6419)
    * Fixed slapd syncrepl uninitialized variables (ITS#6425)
    * Fixed slapd-config Adds with Abstract classes (ITS#6408)
    * Fixed slapo-dynlist behavior with simple filters (ITS#6421)
    * Fixed slapd-ldif access outside database directory (ITS#6414)
    * Fixed slapo-translucent with back-null (ITS#6403)
    * Fixed slapo-unique criteria checking (ITS#6270)
  - removed some obsolete RPM dependencies
  - Added missing tags to init script to silence rpmlint warnings
* Thu Dec 10 2009
  - Fixed an issue in back-config's objectclass inheritence code that
    could cause the server to fail to start or to spin in an endless
    loop (bnc#558059,ITS#6408)
  - default the tls_reqcert parameter of a syncrepl config to
    "demand" as documented even if other tls_ options are absent
    (bnc#558397, ITS#6319)
  - apply changes to the global size and timelimits to all database
    that don't specify limits themself. (bnc#562184, ITS#6428)
* Mon Nov 30 2009
  - Update to 2.4.20 (fate#306593), most important fixes since 2.4.19
    * Fixed liblber embedded NUL values in BerValues (ITS#6353)
    * Fixed libldap sasl buffer sizing (ITS#6327,ITS#6334)
    * Fixed libldap uninitialized return value (ITS#6355)
    * Fixed libldap unlimited timeout (ITS#6388)
    * Added slapd handling of hex server IDs (ITS#6297)
    * Fixed slapd checks of str2filter (ITS#6391)
    * Fixed slapd configArgs initialization (ITS#6363)
    * Fixed slapd db_open with connection_fake_init (ITS#6381)
    * Fixed slapd with embedded \0 in bervals (ITS#6378,ITS#6379)
    * Fixed slapd inclusion of ac/unistd.h (ITS#6342)
    * Fixed slapd sl_free to better reclaim memory (ITS#6380)
    * Fixed slapd syncrepl deletes in MirrorMode (ITS#6368)
    * Fixed slapd syncrepl to use correct SID (ITS#6367)
    * Fixed slapd tls_accept to retry in certain cases (ITS#6304)
    * Fixed slapd-bdb/hdb cache corruption (ITS#6341)
    * Fixed slapd-bdb/hdb entry cache (ITS#6360)
    * Fixed slapo-syncprov checkpoint conversion (ITS#6370)
    * Fixed slapo-syncprov deadlock (ITS#6335)
    * Fixed slapo-syncprov out of order changes (ITS#6346)
  - Added switch to enable/disable testsuite (%run_test_suite)
* Tue Nov 03 2009
  - updated patches to apply with fuzz=0
* Mon Sep 28 2009
  - Added schema2ldif tool to openldap2-client subpackage
* Wed Sep 23 2009
  - Changed permissions on /var/run/slapd to a saner default for
    ldapi:/// (bnc#536729)
* Wed Sep 09 2009
  - libldap's check of the hostname against the TLS Certificate's CN
    Attribute did not handle possible NUL bytes in the CN correctly
    and was vulnerable against attacks with spoofed Certificates.
    (bnc#537143, ITS#6239)
* Tue Jul 14 2009
  - Update to 2.4.17. Most important changes:
    * Fixed liblber to use ber_strnlen (ITS#6080)
    * Fixed libldap openssl digest initialization (ITS#6192)
    * Fixed libldap tls NULL error messages (ITS#6079)
    * Added slapd sasl auxprop support (ITS#6147)
    * Added slapd schema checking tool (ITS#6150)
    * Added slapd writetimeout keyword (ITS#5836)
    * Fixed slapd abandon/cancel handling for some ops (ITS#6157)
    * Fixed slapd access setstyle to expand (ITS#6179)
    * Fixed slapd assert with closing connections (ITS#6111)
    * Fixed slapd bind race condition (ITS#6189)
    * Fixed slapd cert validation (ITS#6098)
    * Fixed slapd connection_destroy assert (ITS#6089)
    * Fixed slapd csn normalization (ITS#6195)
    * Fixed slapd errno handling (ITS#6037)
    * Fixed slapd hung writers (ITS#5836)
    * Fixed slapd ldapi issues (ITS#6056)
    * Fixed slapd normalization of updated schema attributes (ITS#5540)
    * Fixed slapd olcLimits handling (ITS#6159)
    * Fixed slapd olcLogLevel with hex levels (ITS#6162)
    * Fixed slapd sending cancelled operations results (ITS#6103)
    * Fixed slapd slapi_entry_has_children (ITS#6132)
    * Fixed slapd sockets usage on windows (ITS#6039)
    * Fixed slapd some abandon and cancel race conditions (ITS#6104)
    * Fixed slapd tls context after changes (ITS#6135)
    * Fixed slapd-bdb/hdb adjust dncachesize if too low (ITS#6176)
    * Fixed slapd-bdb/hdb crashes during delete (ITS#6177)
    * Fixed slapd-bdb/hdb multiple olcIndex for same attr (ITS#6196)
    * Fixed slapd-hdb freeing of already freed entries (ITS#6074)
    * Fixed slapd-hdb entryinfo cleanup (ITS#6088)
    * Fixed slapd-hdb dncache lockups (ITS#6095)
    * Fixed slapd-ldap deadlock with non-responsive TLS URIs (ITS#6167)
    * Fixed slapo-ppolicy to honor pwdLockout (ITS#6168)
    * Fixed slapo-ppolicy to return check modules error message (ITS#6082)
    * Added slapo-rwm rwm-drop-unrequested-attrs config option (ITS#6057)
    * Fixed slapo-rwm dn passing (ITS#6070)
    * Fixed slapo-rwm entry free/release (ITS#6058, ITS#6081)
    * Fixed tools returning ldif errors (ITS#5892)
  - Backported fix for failing back-monitor test from HEAD
  - re-enabled some formerly disabled tests from the testsuite
* Mon Jun 29 2009
  - Fixed Summary/Description for -client subpackage
* Thu Jun 25 2009
  - Improved connection check in init script (bnc#510295)
* Mon Jun 15 2009
  - Fixed complilation with newer glibc (2.3.X release needs
    GNU_SOURCE defined as well in getpeerid.c)
* Wed Apr 29 2009
  - gcc 4.4 fixes
* Mon Apr 06 2009
  - Update to 2.4.16. Most important fixes:
    * Fixed libldap segfault in checking cert/DN (ITS#5976)
    * Fixed libldap peer cert double free (ITS#5849)
    * Fixed libldap referral chasing (ITS#5980)
    * Fixed slapd backglue with empty DBs (ITS#5986)
    * Fixed slapd ctxcsn race condition (ITS#6001)
    * Fixed slapd debug message (ITS#6027)
    * Fixed slapd redundant module loading (ITS#6030)
    * Fixed slapd schema_init freed value (ITS#6036)
    * Fixed slapd syncrepl newCookie sync messages (ITS#5972)
    * Fixed slapd syncrepl hang during shutdown (ITS#6011)
    * Fixed slapd syncrepl too many MMR messages (ITS#6020)
    * Fixed slapd syncrepl skipped entries with MMR (ITS#5988)
    * Fixed slapd-bdb/hdb cachesize handling (ITS#5860)
    * Fixed slapd-bdb/hdb with slapcat with empty dn (ITS#6006)
    * Fixed slapd-bdb/hdb with NULL transactions (ITS#6012)
    * Fixed slapd-ldap incorrect referral handling (ITS#6003,ITS#5916)
    * Fixed slapd-ldap/meta with broken AD results (ITS#5977)
    * Fixed slapd-ldap/meta with invalid attrs again (ITS#5959)
    * Fixed slapo-accesslog interaction with ppolicy (ITS#5979)
    * Fixed slapo-dynlist conversion to cn=config (ITS#6002)
    * Fixed various slapo-syncprov issues (ITS#5972, ITS#6020,
      ITS#5985, ITS#5999, ITS#5973, ITS#6045, ITS#6024, ITS#5988)
  - Fix building on older openSUSE releases
* Fri Mar 20 2009
  - Update to 2.4.15. Most important changes:
    * Fixed slapd bconfig conversion again (ITS#5346)
    * Fixed slapd behavior with superior objectClasses again (ITS#5517)
    * Fixed slapd RFC4512 behavior with same attr in RDN (ITS#5968)
    * Fixed slapd corrupt contextCSN (ITS#5947)
    * Fixed slapd syncrepl order to match on add/delete (ITS#5954)
    * Fixed slapd adding rdn with other values (ITS#5965)
    * Fixed slapd-bdb/hdb behavior with unallocatable shm (ITS#5956)
    * Fixed slapd-ldap/meta with entries with invalid attrs (ITS#5959)
    * Fixed slapo-pcache caching invalid entries (ITS#5927)
    * Fixed slapo-syncprov csn updates (ITS#5969)
    * Added libldap option to disable SASL host canonicalization (ITS#5812)
    * Fixed libldap chasing multiple referrals (ITS#5853)
    * Fixed libldap setuid usage with .ldaprc (ITS#4750)
    * Fixed libldap deref handling (ITS#5768)
    * Fixed libldap NULL pointer deref (ITS#5934)
    * Fixed libldap peer cert memory leak (ITS#5849)
    * Fixed libldap intermediate response behavior (ITS#5896)
    * Fixed libldap IPv6 address handling (ITS#5937)
    * Fixed libldap_r deref building (ITS#5768)
    * Fixed libldap_r slapd lockup when paused during shutdown (ITS#5841)
    * Fixed slapd acl checks on ADD (ITS#4556,ITS#5723)
    * Fixed slapd acl application to newly created backends (ITS#5572)
    * Fixed slapd bconfig to return error codes (ITS#5867)
    * Fixed slapd bconfig encoding incorrectly (ITS#5897)
    * Fixed slapd bconfig dangling pointers (ITS#5924)
    * Fixed slapd epoll handling (ITS#5886)
    * Fixed slapd glue with MMR (ITS#5925)
    * Fixed slapd listener comparison (ITS#5613)
    * Fixed various syncrepl issues (ITS#5809,ITS#5850, ITS#5843,
      ITS#5866, ITS#5901, ITS#5881, ITS#5935, ITS#5710,
      ITS#5781, ITS#5809, ITS#5798, ITS#5826)
    * Fixed slapd-bdb/hdb dncachesize handling (ITS#5860)
    * Fixed slapd-bdb/hdb trickle task usage (ITS#5864)
    * Fixed slapd-hdb idlcache with empty suffix (ITS#5859)
* Wed Jan 07 2009
  - obsolete old -XXbit packages (bnc#437293)
* Fri Dec 12 2008
  - Fixed openldap2-devel dependencies (bnc#457989)
* Tue Dec 09 2008
  - Fixed a bug in the threadpool implementation that could cause
    slapd to lockup when shutting down while the pool is paused.
    (bnc#450457, ITS#5841)
* Fri Nov 28 2008
  - Disable the slapadd trickle-task it cause performance issues
    when using libdb-4.5 (bnc#449641)
  - removed obsolete configure option (ldbm backend does not exist
    in OpenLDAP 2.4)
* Fri Nov 21 2008
  - update
* Wed Nov 05 2008
  - Fixed database shutdown sequence (bnc#441774, ITS#5745)
* Tue Nov 04 2008
  - Handle ldbm databases in updates from 2.3 release (bnc#440589)
* Thu Oct 23 2008
  - the helper function to create various LDAP controls returned
    wrong error codes under certain circumstances
    (bnc#429064, ITS#5762)
  - Fixed referral chasing in chain-overlay (bnc#438088, ITS#5742)
  - Fixed back-config integration of overlays with private instances
    of databases (translucent, chain, ...) (bnc#438094, ITS#5736)
* Mon Oct 13 2008
  - Added missing #include to slapo-collect
* Sun Oct 12 2008
  - Update to 2.4.12. Most important changes:
    * Fixed libldap ldap_utf8_strchar arguments (ITS#5720)
    * Fixed libldap TLS_CRLFILE (ITS#5677)
    * Fixed librewrite memory handling (ITS#5691)
    * Fixed slapd attribute leak (ITS#5683)
    * Fixed slapd config backend with index greater than sibs (ITS#5684)
    * Fixed slapd custom attribute inheritance (ITS#5642)
    * Fixed slapd firstComponentMatch normalization (ITS#5634)
    * Fixed slapd connection events enabled twice (ITS#5725)
    * Fixed slapd memory handling (ITS#5691)
    * Fixed slapd objectClass canonicalization (ITS#5681)
    * Fixed slapd objectClass termination (ITS#5682)
    * Fixed slapd overlay control registration (ITS#5649)
    * Fixed slapd runqueue checking (ITS#5726)
    * Fixed slapd sortvals comparison (ITS#5578)
    * Fixed slapd syncrepl contextCSN detection (ITS#5675)
    * Fixed slapd syncrepl error logging (ITS#5618)
    * Fixed slapd syncrepl runqueue interval (ITS#5719)
    * Fixed slapd-bdb entry return if attr not present (ITS#5650)
    * Fixed slapd-bdb/hdb release search entries earlier (ITS#5728,ITS#5730)
    * Fixed slapd-bdb/hdb subtree search with empty suffix (ITS#5729)
    * Fixed slapo-memberof internal operations DN (ITS#5622)
    * Fixed slapo-pcache attrset crash (ITS#5665)
    * Fixed slapo-pcache caching with invalid schema (ITS#5680)
    * Fixed slapo-ppolicy control return on password modify exop (ITS#5711)
  - removed obsolete patches
* Mon Oct 06 2008
  - remove some problematic test-cases, that cause a lot of
    unreproducable buildfailures
  - check for exisitence of /etc/openldap/slapd.conf in init-script
    assume back-config usage if it isn't present (bnc#428168)
* Wed Sep 24 2008
  - Mark Schema and SuSEfirewall files as %config
  - openldap2-back-perl requires perl
  - Give more meaningful error messages when index configuration
    fails (bnc#429150)
* Fri Sep 19 2008
  - Reduced debug-level during "make test" to reduce required disk
    space and buildtime
* Thu Sep 18 2008
  - Fixed init-script dependencies (bnc#426214)
* Fri Sep 12 2008
  - Backported fix for a crash in back-config when adding entries with
    a too large index (ITS#5684)
  - Backported fix for a crash when adding an invalid olcBdbConfig
    Entry to back-config (ITS#5698)
* Tue Sep 09 2008
  - Removed getaddrinfo workaround. Recent glibc doesn't need it
    anymore (bnc#288879, ITS#5251)
  - Server requires libldap of the same version.
* Mon Sep 08 2008
  - Import back-config support for deleting databases from CVS HEAD
* Tue Sep 02 2008
  - Dropped evolution specific ntlm-bind Patch (Fate#303480)
* Thu Aug 28 2008
  - added ldapns.schema , to allow to use pam_ldap's "check_host_attr"
    and "check_service_attr" features (bnc#419984)
  - backport overlay_register_control fix from HEAD (bnc#420016,
* Mon Aug 18 2008
  - remove outdated options in the fillup_and_insserv call
* Mon Aug 18 2008
  - fixed LSB-Headers in init-script
* Wed Aug 13 2008
  - try to fix build for buildservice
    (BUILD_INCARNATION can be empty)
* Mon Aug 11 2008
  - /usr/lib/sasl2/slapd.conf was moved to /etc/sasl2/slapd.conf
  - adjust ownerships of database directories even when using
* Thu Jul 31 2008
  - Enable back-config delete support
* Tue Jul 29 2008
  - Update to Version 2.4.11. Most important changes:
    * Fixed liblber ber_get_next length decoding (ITS#5580)
    * Added libldap assertion control (ITS#5560)
    * Fixed liblutil missing return code (ITS#5615)
    * Fixed slapd cert serial number parsing (ITS#5588)
    * Fixed slapd check for structural_class failures (ITS#5540)
    * Fixed slapd config backend renumbering (ITS#5571)
    * Fixed slapd configContext OID (ITS#5383)
    * Fixed slapd crash with no listeners (ITS#5563)
    * Fixed slapd sets memory leak (ITS#5557)
    * Fixed slapd sortvals binary search (ITS#5578)
    * Fixed slapd syncrepl updates with multiple masters (ITS#5597)
    * Fixed slapd syncrepl superior objectClass delete/add (ITS#5600)
    * Fixed slapd syncrepl/slapo-syncprov contextCSN updates as internal ops (ITS#5596)
    * Fixed slapo-memberof replace handling (ITS#5584)
    * Added slapo-nssov contrib module
    * Fixed slapo-pcache handling of negative search caches (ITS#5546)
    * Fixed slapo-ppolicy DNs with whitespaces (ITS#5552)
    * Fixed slapo-ppolicy modify with internal ops (ITS#5569)
    * Fixed slapo-syncprov ACL evaluation (ITS#5548)
    * Fixed slapo-syncprov crash with delcsn (ITS#5589)
    * Fixed slapo-syncprov full reload (ITS#5564)
    * Fixed slapo-syncprov missing olcSpReloadHint attr(ITS#5591)
    * Fixed slapo-unique filter normalization (ITS#5581)
* Mon Jun 30 2008
  - Only apply -fPIE patch to recent Distributions
  - removed -fPIE from the slapcat-2.3 build
  - Adjust BuildRequires for older Distributions
* Fri Jun 27 2008
  - make sure the subpacks are only in one spec file declared
* Tue Jun 24 2008
  - branched off libldap-2_4-2 package to support the shared library
    packaging policy
* Wed Jun 11 2008
  - Update to Version 2.4.10. Most important changes:
    * Fixed libldap ld_defconn cleanup if it was freed (ITS#5518,
    * Fixed libldap msgid handling (ITS#5318)
    * Fixed libldap t61 infinite loop (ITS#5542)
    * Fixed libldap_r missing stubs (ITS#5519)
    * Fixed slapd initialization of sr_msgid, rs->sr_tag (ITS#5461)
    * Fixed slapd missing termination of integerFilter keys
    * Fixed slapd multiple attrs in URI (ITS#5516)
    * Fixed slapd sasl_ssf retrieval (ITS#5403)
    * Fixed slapd socket assert (ITS#5489)
    * Fixed slapd syncrepl cookie (ITS#5536)
    * Fixed slapd-bdb/hdb MAXPATHLEN (ITS#5531)
    * Fixed slapd-bdb indexing in single ADD/MOD (ITS#5521)
    * Fixed slapd-ldap entry_get() op-dependent behavior (ITS#5513)
    * Fixed slapd-meta quarantine crasher (ITS#5522)
    * Fixed slapo-refint to allow setting modifiers name (ITS#5505)
    * Fixed slapo-syncprov contextCSN passing on syncprov consumers
    * Fixed slapo-syncprov csn update with delta-syncrepl (ITS#5493)
    * Fixed slapo-syncprov op2.o_extra reset (ITS#5501, #5506)
    * Fixed slapo-syncprov searching wrong backend (ITS#5487)
    * Fixed slapo-syncprov sending ops without queued CSNs (ITS#5465)
    * Fixed slapo-syncprov max csn search on startup (ITS#5537)
    * Fixed slapo-unique config structs (ITS#5526)
    * Fixed slapo-unique filter terminator (ITS#5511)
* Fri May 16 2008
  - Support update from 2.3 releases (bnc#390247)
* Thu May 08 2008
  - Update to Version 2.4.9. Most important changes:
    * Fixed libldap to use unsigned port (ITS#5436)
    * Fixed libldap error message for missing close paren (ITS#5458)
    * Fixed libldap_r tpool pause checks (ITS#5364, #5407)
    * Fixed slapcat error checking (ITS#5387)
    * Fixed slapd abstract objectClass inheritance check (ITS#5474)
    * Fixed slapd add operations requiring naming attrs (ITS#5412)
    * Fixed slapd connection handling (ITS#5469)
    * Fixed slapd frontendDB backend selection (ITS#5419)
    * Fixed slapd pagedresults stale state (ITS#5409)
    * Fixed slapd pointer dereference (ITS#5388)
    * Fixed slapd null argument dereference (ITS#5435)
    * Fixed slapd REP_ENTRY flags (ITS#5340)
    * Fixed slapd value list termination (ITS#5450)
    * Fixed slapd-bdb ID_NOCACHE handling (ITS#5439)
    * Fixed slapd-bdb entryinfo state if db_lock fails (ITS#5455)
    * Fixed slapd-bdb referral rewrite (ITS#5339)
    * Fixed slapd-config overlay stacking (ITS#5346)
    * Fixed slapd-config attribute publishing (ITS#5383)
    * Fixed slapd-ldap connection handler (ITS#5404)
    * Fixed slapd-ldif file name handling & multi-suffix/dir catch
    * Fixed slapd-meta connections on error (ITS#5440)
    * Fixed slapd-meta crash on search (ITS#5481)
    * Various syncrepl fixes (ITS#5407, ITS#5413, ITS#5426, ITS#5430,
      ITS#5432, ITS#5454, ITS#5397, ITS#5470)
    * Various slapo-syncprov fixes (ITS#5401, ITS#5405, ITS#5418,
      ITS#5486, ITS#5433, ITS#5434, ITS#5437, ITS#5444, ITS#5445,
      ITS#5484, ITS#5451)
* Fri Apr 25 2008
  - Adjust ownership of DB_CONFIG to ldap:ldap (bnc#376204)
* Thu Apr 10 2008
  - Compile with glibc 2.8.
* Thu Apr 10 2008
  - added baselibs.conf file to build xxbit packages
    for multilib support
* Thu Apr 03 2008
  - removed apparmor profile
* Mon Mar 03 2008
  - revert last change and make libldap_r available again as some
    packages seem to directly rely on libldap_r. Assume they know
    of the libldap_r's limitations.
* Wed Feb 27 2008
  - Moved libldap_r from -client subpackage to the main server
    package as it is only meant to be used by slapd.
  - Removed static libldap_r.a library and link from
    - devel subpackage. External programs should only use the "normal"
    libldap library.
* Wed Feb 20 2008
  - Update to Version 2.4.8. Most important changes:
    * Fixed libldap extended decoding (ITS#5304)
    * Fixed libldap filter abort (ITS#5300)
    * Fixed libldap ldap_parse_sasl_bind_result (ITS#5263)
    * Fixed libldap result codes for open (ITS#5338)
    * Fixed libldap search timeout crash (ITS#5291)
    * Fixed libldap paged results crash (ITS#5315)
    * Fixed slapd support for 2.1 CSN (ITS#5348)
    * Fixed slapd include handling (ITS#5276)
    * Fixed slapd modrdn check for valid new DN (ITS#5344)
    * Fixed slapd multi-step SASL binds (ITS#5298)
    * Fixed slapd overlay ordering when moving to slapd.d (ITS#5284)
    * Fixed slapd NULL printf (ITS#5264)
    * Fixed slapd NULL set values (ITS#5286)
    * Fixed slapd timestamp race condition (ITS#5370)
    * Fixed slapd cn=config crash on delete (ITS#5343)
    * Fixed slapd cn=config global acls (ITS#5352)
    * Fixed slapd truncated cookie (ITS#5362)
    * Fixed slapd str2entry with no attrs (ITS#5308)
    * Fixed slapd TLSVerifyClient default (ITS#5360)
    * Fixed slapd delta-syncrepl refresh mode (ITS#5376)
    * Fixed slapd ACL sets URI attrs (ITS#5384)
    * Fixed slapd invalid entryUUID filter (ITS#5386)
    * Fixed slapd-bdb idlcache on adds (ITS#5086)
    * Fixed slapd-bdb crash with modrdn (ITS#5358)
    * Fixed slapd-bdb modrdn to same dn (ITS#5319)
    * Fixed slapd-bdb MMR (ITS#5332)
    * Fixed slapd-meta setting of sm_nvalues (ITS#5375)
    * Fixed slapd-monitor crash (ITS#5311)
    * Fixed slapo-ppolicy only password check with policy (ITS#5285)
    * Fixed slapo-ppolicy del/replace password without new one (ITS#5373)
    * Fixed slapo-syncprov hang on checkpoint (ITS#5261)
* Thu Jan 10 2008
  - Removed bogus debugging output from slapd_getaddrinfo_dupl.dif
* Wed Jan 09 2008
  - Fixed allocation for paged results cookie (Bug #352255, ITS#5315)
* Fri Dec 14 2007
  - Update to Version 2.4.7. Most important changes:
    * Added slapd ordered indexing of integer attributes (ITS#5239)
    * Fixed slapd paged results control handling (ITS#5191)
    * Fixed slapd sasl-host parsing (ITS#5209)
    * Fixed slapd filter normalization (ITS#5212)
    * Fixed slapd multiple suffix checking (ITS#5186)
    * Fixed slapd paged results handling when using rootdn (ITS#5230)
    * Fixed slapd syncrepl presentlist handling (ITS#5231)
    * Fixed slapd core schema 'c' definition for RFC4519 (ITS#5236)
    * Fixed slapd 3-way Multi-Master Replication (ITS#5238)
    * Fixed slapd hash collisions in index slots (ITS#5183)
    * Fixed slapd replication of dSAOperation attributes (ITS#5268)
    * Fixed slapadd contextCSN updating (ITS#5225)
    * Fixed slapd-bdb/hdb to report and fail on internal errors (ITS#5232)
    * Fixed slapd-bdb/hdb dn2entry lock bug (ITS#5257)
    * Fixed slapd-bdb/hdb dn2id lock bug (ITS#5262)
    * Fixed slapd-hdb caching on rename ops (ITS#5221)
    * Fixed slapo-accesslog abandoned op cleanup (ITS#5161)
    * Fixed slapo-dds deleting from nonexistent db (ITS#5267)
    * Fixed slapo-memberOf deleted values saving (ITS#5258)
    * Fixed slapo-pcache op->o_abandon handling (ITS#5187)
    * Fixed slapo-ppolicy single password check on modify (ITS#5146)
    * Fixed slapo-ppolicy internal search (ITS#5235)
    * Fixed slapo-syncprov refresh and persist cookie sending (ITS#5210)
    * Fixed slapo-syncprov ignore invalid cookies (ITS#5211)
    * Fixed slapo-translucent interaction with slapo-rwm (ITS#4889)
* Thu Nov 29 2007
  - check for duplicates in getaddrinfo results and ignore them.
    (Bug #288879)
* Tue Nov 27 2007
  - The init-script removed directory access on /etc/openldap/slapd.d
    (Bug #344091)
* Mon Nov 26 2007
  - Update to Version 2.4.6. Initial 2.4 release for "general use".
    New features:
    * Usability/Manageability:
    - More complete Documentation (manual pages and Admin Guide)
    - dynamic configuration and monitoring improvments
    * More functionality
    - New overlays (dds, memberof, constraint)
    - Multimaster syncrepl replication
    * Performance improvments:
    - Further optimized frontend
    - Reduced locking contention in backend
  - back-config support through new sysconfig option
  - Install admin guide from the main tarball, to get rid of the
    admin-guide tarball
  - New sysconfig options:
    * OPENLDAP_START_LDAP to allow to disable the ldap:// listener
    * OPENLDAP_LDAPI_INTERFACES to specify the paths for the ldapi:///
* Mon Oct 29 2007
  - Update to Version 2.3.39. Most important changes:
    * Fixed slapd database/overlay config conflict (ITS#4848)
    * Fixed slapd password_hash config order (ITS#5082)
    * Fixed slapd slap_mods_check bug (ITS#5119)
    * Fixed slapd ACL sets memory handling (ITS#4860,ITS#4873)
    * Fixed slapd ordered values add normalization issue (ITS#5136)
    * Fixed slapd-bdb DB_CONFIG conversion bug (ITS#5118)
    * Fixed slapd-ldap search control parsing (ITS#5138)
    * Fixed slapd-ldap SASL idassert w/o authcId
    * Fixed slapd-ldif directory separators in DN (ITS#5172)
    * Fixed slapd-meta conn caching on bind failure (ITS#5154)
    * Fixed slapd-meta bind timeout assertion (ITS#5185)
    * Fixed slapd-sql concurrency issue (ITS#5095)
    * Fixed slapo-chain double-free (ITS#5137)
    * Fixed slapo-pcache and -rwm interaction fix (ITS#4991)
    * Fixed slapo-pcache non-null terminated array crasher (ITS#5163)
    * Fixed slapo-rwm modlist handling (ITS#5124)
    * Fixed slapo-rwm UUID in filter (ITS#5168)
    * Fixed sasl SASL_SSF_EXTERNAL type (ITS#3864)
    * Fixed liblber Windows x64 portability (ITS#5105)
    * Fixed libldap ppolicy control creation (ITS#5103)
  - Silenced some rpmlint warnings
* Wed Aug 22 2007
  - Call "ldconfig" from %post and %postun in openldap2-client
    (Bug #298297)
* Tue Jul 24 2007
  - Update to Version 2.3.37. Most important changes:
    * Fixed slapd-glue/syncprov interaction (ITS#4623)
    * Fixed slapd-ldap search reference crash (ITS#5025)
    * Fixed slapd-ldbm crash on Compare op (ITS#5044)
    * Fixed slapo-rwm searchFilter double free (ITS#5043)
  - Most important changes in 2.3.36:
    * Fixed slapd mutex bug after failed startup (ITS#4957)
    * Fixed slapd sasl failed Bind bug (ITS#4954)
    * Fixed slapd sasl ssf logging (ITS#5001)
    * Fixed slapd tool op init (ITS#4911)
    * Fixed slapd-bdb no-op crasher (ITS#4925)
    * Fixed slapd-relay crash when no database can be selected (ITS#4958)
    * Fixed slapo-chain RFC3062 passwd exop handling (ITS#4964)
    * Fixed slapo-dynlist multiple group/url[/member] config (ITS#4989)
    * Fixed slapo-pcache handling of abandoned Operations (#5015)
    * Fixed slapo-pcache and -rwm interaction (ITS#4991)
    * Fixed slapo-ppolicy pwdReset/pwdMinAge (ITS#4970)
    * Fixed slapo-ppolicy control cleanup from ITS#4665
    * Fixed slapo-syncprov cookie parsing error (ITS#4977)
    * Fixed slapo-valsort crash on delete op (ITS#4966)
    * Fixed libldap referral chasing loop (ITS#4955)
    * Fixed libldap response code handling on rebind (ITS#4924)
    * Fixed libldap SASL_MAX_BUFF_SIZE (ITS#4935)
* Wed Jun 13 2007
  - remove binutils prereq
* Mon May 21 2007
  - reduce duplicated buildrequires against db42 and db45
* Tue May 15 2007
  - imported apparmor profile from apparmor (this profile is not
    enabled by default)
* Fri May 04 2007
  - Update to Version 2.3.35. Most important changes:
    * Fixed ldapmodify to use correct memory free functions (ITS#4901)
    * Fixed slapd acl set minor typo (ITS#4874)
    * Fixed slapd entry consistency check in str2entry2 (ITS#4852)
    * Fixed slapd ldapi:// credential issue (ITS#4893)
    * Fixed slapd str2anlist handling of undefined attrs/OCs (ITS#4854)
    * Fixed slapd syncrepl delta-sync modlist free (ITS#4904)
    * Added slapd syncrepl retry logging (ITS#4915)
    * Fixed slapd zero-length IA5string handling (ITS#4823)
    * Fixed slapd-bdb/hdb startup with missing shm env (ITS#4851)
    * Fixed slapd-ldap/meta consistency in referral proxying (ITS#4861)
    * Fixed slapd-ldap bind cleanup in case of unauthorized idassert
    * Fixed slapd-meta search cleanup
    * Fixed slapd-meta/slapo-rwm filter mapping
    * Fixed slapd-sql subtree shortcut (ITS#4856)
    * Fixed slapo-dynlist crasher (ITS#4891)
    * Fixed slapo-refint config message (ITS#4853)
    * Fixed libldap time_t signedness (ITS#4872)
    * Fixed libldap_r tpool reset (ITS#4855,#4899)
* Wed May 02 2007
  - Fix comparison with string literal
* Wed Apr 18 2007
  - Fix generation of debuginfo packages.
* Tue Mar 20 2007
  - removed krb5-devel BuildRequires (support via cyrus-sasl)
* Thu Mar 15 2007
  - added Service definitions for SuSEfirewall2 (Bug #251654)
* Thu Feb 22 2007
  - Updated to Version 2.3.34. Most important changes:
    * Fixed libldap missing get_option(TLS CipherSuite) (ITS#4815)
    * Fixed ldapmodify printing error from ldap_result() (ITS#4812)
    * Fixed slapadd LDIF parsing (ITS#4817)
    * Fixed slapd libltdl link ordering (ITS#4830)
    * Fixed slapd syncrepl memory leaks (ITS#4805)
    * Fixed slapd dynacl/ACI compatibility with 2.1
    * Fixed slapd-bdb/hdb be_entry_get with aliases/referrals
    * Fixed slapd-ldap more response handling bugs (ITS#4782)
    * Fixed slapd-ldap C-API code tests (ITS#4808)
    * Fixed slapd-monitor NULL printf (ITS#4811)
    * Fixed slapo-chain spurious additional info in response
    * Fixed slapo-syncprov presence list (ITS#4813)
    * Fixed slapo-syncprov contextCSN checkpoint again (ITS#4720)
    * Added slapo-ppolicy cn=config support (ITS#4836)
    * Added slapo-auditlog cn=config support
* Fri Jan 26 2007
  - Updated to Version 2.3.33. Most important changes:
    * Fixed slapd-ldap chase-referrals switch (ITS#4557)
    * Fixed slapd-ldap bind behavior when idassert is always used
    * Fixed slapd-ldap response handling bugs (ITS#4782)
    * Fixed slapd-ldap idassert mode=self anonymous ops (ITS#4798)
    * Fixed slapd-ldap/meta privileged connections handling
    * Fixed slapd-meta retrying (ITS#4594, 4762)
    * Fixed slapo-chain referral DN use (ITS#4776)
    * Fixed slapo-dynlist dangling pointer after entry free
    * Fixed libldap ldap_pvt_put_filter syntax checks (ITS#4648)
* Fri Jan 12 2007
  - Updated to Version 2.3.32. Most important changes:
    * Fixed libldap unchased referral leak (ITS#4545)
    * Fixed libldap tls callback (ITS#4723)
    * Fixed slapd memleak on failed bind (ITS#4771)
    * Fixed slapd connections_shutdown assert
    * Fixed slapd add redundant duplicate value check (ITS#4600)
    * Fixed slapd ACL set memleak (ITS#4780)
    * Fixed slapd syncrepl shutdown hang (ITS#4790)
* Fri Nov 17 2006
  - Fix for a flaw in libldap's strval2strlen() function when processing the
    authcid string of certain Bind Requests, which could allow attackers to
    cause an affected application to crash (especially the OpenLDAP Server),
    creating a denial of service condition (Bug#221154,ITS#4740)
* Tue Nov 14 2006
  - Additional back-perl fixes from CVS. The first revision of the
    patch did not fix the problem completely  (Bug#207618, ITS#4751)
* Fri Oct 27 2006
  - cyrus-sasl configuration moved from %{_libdir}/sasl2 to
    /etc/sasl2/ (Bug: #206414)
* Wed Oct 04 2006
  - Add $network to Should-Start/Should-Stop in init scripts
    (Bug: #206823)
  - Imported latest back-perl changes from CVS, to fix back-perl
    initialization (Bug: #207618)
* Tue Aug 22 2006
  - Updated to Version 2.3.27
    * Fixed libldap dnssrv bug with "not present" positive statement
    * Fixed libldap dangling pointer issue (ITS#4405)
    * Fixed slapd incorrect rebuilding of replica URI (ITS#4633)
    * Fixed slapd DN X.509 normalization crash (ITS#4644)
    * Fixed slapd-monitor operations order via callbacks (ITS#4631)
    * Fixed slapo-accesslog purge task during shutdown
    * Fixed slapo-ppolicy handling of default policy (ITS#4634)
    * Fixed slapo-ppolicy logging verbosity when using default policy
    * Fixed slapo-syncprov incomplete sync on restart issues (ITS#4622)
* Wed Aug 02 2006
  - Updated to Version 2.3.25
    * Add libldap_r TLS concurrency workaround (ITS#4583)
    * Fixed slapd acl selfwrite bug (ITS#4587)
    * Fixed various syncrepl and slapo-syncprov bugs (ITS#4582, 4622,
      4534,4613, 4589)
    * Fixed slapd-bdb/hdb lock bug with virtual root (ITS#4572)
    * Fixed slapd-bdb/hdb modrdn new entry disappearing bug (ITS#4616)
    * Fixed slapd-bdb/hdb cache job issue
    * Fixed slapo-ppolicy password hashing bug (ITS#4575)
    * Fixed slapo-ppolicy password modify pwdMustChange reset bug (ITS#4576)
    * Fixed slapo-ppolicy control can be critical (ITS#4596)
  - Enabled CLDAP (LDAP over UDP) support
* Mon Jun 26 2006
  - Updated to Version 2.3.24
    * Fixed slapd syncrepl timestamp bug (delta-sync/cascade)
    * Fixed slapd-bdb/hdb non-root users adding suffix/root entries
    * Re-fixed slapd-ldap improper free bug in exop (ITS#4550)
    * Fixed slapd-ldif assert bug (ITS#4568)
    * Fixed slapo-syncprov crash under glued database (ITS#4562)
  - cleaned up SLES10 update specific stuff
  - added "chain-return-error" feature from HEAD to chain overlay
* Thu Jun 22 2006
  - Don't use automake macros without using automake.
* Wed May 24 2006
  - Updated to Version 2.3.23
    * obsoletes the patches: libldap_ads-sasl-gssapi.dif,
    * Fixed slapd-ldap improper free bug (ITS#4550)
    * Fixed libldap referral input destroy issue (ITS#4533)
    * Fixed libldap ldap_sort_entries tail bug (ITS#4536)
    * Fixed slapd runqueue use of freed memory (ITS#4517)
    * Fixed slapd thread pool init issue (ITS#4513)
    * Fixed slapd-bdb/hdb pre/post-read freeing (ITS#4532)
    * Fixed slapd-bdb/hdb pre/post-read unavailable issue (ITS#4538)
    * Fixed slapd-bdb/hdb referral issue (ITS#4548)
    * Fixed slapo-ppolicy BER tags issue (ITS#4528)
    * Fixed slapo-ppolicy rebind bug (ITS#4516)
    * For more details see the CHANGES file
  - Install CHANGES file to /usr/share/doc/packages/openldap2
* Wed May 10 2006
  - Really apply the patch for Bug#160566
  - slapd could crash while processing queries with pre-/postread
    controls (Bug#173877, ITS#4532)
* Fri Mar 24 2006
  - Backported fix from CVS for occasional crashes in referral
    chasing code (as used in e.g. back-meta/back-ldap).
    (Bug: #160566, ITS: #4448)
* Mon Mar 13 2006
  - openldap2 must obsolete -back-monitor and -back-ldap to have them
    removed during update (Bug: #157576)
* Fri Feb 17 2006
  - Add "external" to the list of supported SASL mechanisms
    (Bug: #151771)
* Thu Feb 16 2006
  - Error out when conversion from old configfile to config database
    fails (Bug: #135484,#135490 ITS: #4407)
* Mon Feb 13 2006
  - Don't ignore non-read/write epoll events (Bug: #149993,
    ITS: #4395)
  - Added update message to /usr/share/update-messages/en/ and enable
    it, when update did not succeed.
* Thu Feb 09 2006
  - OPENLDAP_CHOWN_DIRS honors databases defined in include files
    (Bug: #135473)
  - Fixed version numbers in README.update
  - Fixed GSSAPI binds against Active Directory (Bug: #149390)
* Fri Feb 03 2006
  - Cleaned up update procedure
  - man-pages updates and fixes (Fate: #6365)
* Fri Jan 27 2006
  - Updated to 2.3.19 (Bug #144371)
* Fri Jan 27 2006
  - converted neededforbuild to BuildRequires
* Wed Jan 25 2006
  - Updated Admin Guide to latest version
  - build slapcat from openldap-2.2.24 and install it to
    /usr/sbin/openldap-2.2-slapcat to be able to migrate from
    OpenLDAP 2.2.
  - removed slapd-backbdb-dbupgrade which is no longer needed
  - attempt to dump/reload bdb databases in %{post}
  - Update notes in README.update
* Fri Jan 13 2006
  - New sysconfig variable OPENLDAP_KRB5_KEYTAB
  - Cleanup in default configuration and init scripts
* Wed Jan 11 2006
  - Updated to 2.3.17
  - Remove OPENLDAP_RUN_DB_RECOVER from sysconfig file in %post
    slapd does now automatically recover the database if needed
  - Removed unneeded README.SuSE
  - Small adjustments to the default DB_CONFIG file
* Mon Jan 09 2006
  - Updated to 2.3.16
* Mon Dec 19 2005
  - Fixed filelist (slapd-hdb man-page was missing)
* Fri Dec 09 2005
  - Fixed build on x86_64
* Wed Dec 07 2005
  - Merged -back-ldap and -back-monitor subpackages into the main
    package and don't build them as dynamic modules anymore.
  - updated to OpenLDAP 2.3.13
* Mon Nov 28 2005
  - updated to OpenLDAP 2.3.12
* Wed Oct 26 2005
  - updated to OpenLDAP 2.3.11
  - removed the "LDAP_DEPRECATED" workaround
* Mon Sep 26 2005
  - Add "LDAP_DEPRECATED" to ldap.h for now
* Fri Sep 23 2005
  - updated to OpenLDAP 2.3.7
* Tue Aug 16 2005
  - allow start_tls while chasing referrals (Bug #94355, ITS #3791)
* Mon Jul 04 2005
  - devel-subpackage requires openldap2-client of the same version
    (Bugzilla: #93579)
* Thu Jun 30 2005
  - build with -fPIE (not -fpie) to avoid GOT overflow on s390*
* Wed Jun 22 2005
  - build the server packages with -fpie/-pie
* Wed Jun 15 2005
  - updated to 2.2.27
* Wed May 25 2005
  - libldap-gethostbyname_r.dif: Use gethostbyname_r instead of
    gethostbyname in libldap. Should fix host lookups through
    nss_ldap (Bugzilla: #76173)
* Fri May 13 2005
  - Updated to 2.2.26
  - made /%{_libdir}]/sasl2/slapd.conf %config(noreplace)
* Thu Apr 28 2005
  - Added /%{_libdir}]/sasl2/slapd.conf to avoid warnings about
    unconfigured OTP mechanism (Bugzilla: #80588)
* Tue Apr 12 2005
  - added minimal timeout to startproc in init-script to let it
    report the "failed" status correctly in case of misconfiguration
    (Bugzilla: #76393)
* Mon Apr 04 2005
  - crl-check.dif: Implements CRL checking on client and server side
  - use different base ports for differnt values of BUILD_INCARNATION
    (/.buildenv) to allow parallel runs of the test-suite on a single
* Mon Apr 04 2005
  - force yielding-select test to yes (test occasionally hangs QEMU)
* Fri Apr 01 2005
  - disable test suite on ARM (hangs QEMU)
* Tue Mar 29 2005
  - updated to 2.2.24
  - enabled back-hdb
* Wed Mar 02 2005
  - syncrepl.dif: merged latest syncrepl fixes (Bugzilla: #65928)
  - libldap-reinit-fdset.dif: Re-init fd_sets when select is
    interupted (Bugzilla #50076, ITS: #3524)
* Thu Feb 17 2005
  - checkproc_before_recover.dif: Check if slapd is stopped before
    running db_recover from the init script. (Bugzilla: #50962)
* Tue Feb 01 2005
  - Cleanup back-bdb databases in %post, db-4.3 changed the
    transaction log format again.
  - cosmetic fixes in init script
* Tue Jan 25 2005
  - updated to 2.2.23
  - cleaned up #neededforbuild
  - package should also build on older SuSE Linux releases now
  - increased killproc timeout in init-script (Bugzilla: #47227)
* Thu Jan 13 2005
  - updated to 2.2.20
  - Removed unneeded dependencies
* Fri Dec 10 2004
  - don't install *.la files
* Wed Nov 10 2004
  - updated to 2.2.18
  - use kerberos-devel-packages in neededforbuild
* Fri Sep 24 2004
  - re-arranged specfile to sequence (header (package/descr)* rest)
    so the checking parser is not confused ...
* Fri Sep 24 2004
  - Added to generate a separate openldap2-client
    spec-file from which the openldap2-client and openldap2-devel
    subpackages are built. Should reduce build time for libldap as
    the test-suite is only executed in openldap2.spec.
* Fri Sep 10 2004
  - libldap-result.dif: ldapsearch was hanging in select() when
    retrieving results from eDirectory through a StartTLS protected
    connection (Bugzilla #44942)
* Mon Aug 09 2004
  - added ntlm support
* Tue Aug 03 2004
  - updated to 2.2.16
  - Updated ACLs in slapd_conf.dif to disable default read access
    to the "userPKCS12" Attribute
  - rc-check-conn.diff: When starting slapd wait until is accepts
    connections, or 10 seconds at maximum (Bugzilla #41354)
  - Backported -o slp={on|off} feature from OpenLDAP Head and added
    new sysconfig variable (OPENLDAP_REGISTER_SLP) to be able
    to switch SLP registration on and off. (Bugzilla #39865)
  - removed unneeded README.update
* Fri Apr 30 2004
  - updated to 2.2.11
  - remove SLES8 update specific stuff
  - Bugzilla #39652: Updated slapd_conf.dif to contain basic access
  - Bugzilla #39468: Added missing items to yast.schema
  - fixed strict-aliasing compiler warnings (strict-aliasing.dif)
* Thu Apr 29 2004
  - build with several jobs if available
* Mon Apr 19 2004
  - ldapi_url.dif: Fixed paths for LDAPI-socket, pid-file and
    args-file (Bugzilla #38790)
  - ldbm_modrdn.dif: Fixed back-ldbm modrdn indexing bug (ITS #3059,
    Bugzilla #38915)
  - modify_check_duplicates.dif: check for duplicate attribute
    values in modify requests (ITS #3066/#3097, Bugzilla #38607)
  - updated and renamed yast2userconfig.schema to yast.schema as it
    contains more that only user configuration now
  - syncrepl.dif: addtional fixes for syncrepl (ITS #3055, #3056)
  - test_syncrepl_timeout: increased sleep timeout in syncrepl
* Thu Apr 01 2004
  - added "TLS_REQCERT allow" to /etc/openldap/ldap.conf, to make
    START_TLS work without access to the CA Certificate.
    (Bugzilla: #37393)
* Fri Mar 26 2004
  - fixed filelist
  - (build on kernel >= 2.6.4 hosts only)
  - yast2user.schema / slapd.conf fixed (#37076)
  - don't check for TLS-options is init-script anymore (#33560)
  - fixed various typos in README.update
* Wed Mar 17 2004
  - fixed build of openldap-2.1-slapcat (using correct db41 include
    files, build backends as on sles8)
  - attempt to update bdb database and reindex ldbm database in %{post}
  - Update notes in README.update
  - better default configuration (including default DB_CONFIG file)
  - misc updates for the YaST schema
  - fixed crasher in syncrepl-code (syncrepl.dif)
* Tue Mar 16 2004
  - Fix type mismatch.
* Tue Mar 02 2004
  - updated to 2.2.6
  - build a openldap-2.1-slapcat from 2.1.25 sources  to be able to
    migrate from SLES8 and SL 9.0
* Thu Feb 19 2004
  - added (build on 2.6 hosts only)
* Thu Feb 05 2004
  - updated to 2.2.5
  - adjusted rfc2307bis.schema to support UTF-8 values in most
  - enabled proxycache-overlay (wiht fix to work with back-ldbm)
* Tue Jan 13 2004
  - updated to 2.2.4
  - updated Admin Guide to most recent version
* Sat Jan 10 2004
  - add %defattr
  - fix build as user
* Mon Dec 08 2003
  - updated to 2.1.25
  - small fixes for the YaST user schema
* Tue Nov 11 2003
  - enabled SLP-support
* Fri Oct 17 2003
  - Remove unused des from neededforbuild
* Tue Sep 02 2003
  - Bugzilla #29859: fixed typo in sysconfig metadata,
    usage of OPENLDAP_LDAPS_INTERFACES in init script
  - added /usr/lib/sasl2/slapd.conf permissions handling
  - added sysconfig variable OPENLDAP_SLAPD_PARAMS=""
    to support additional slapd start parameters
  - added sysconfig variable OPENLDAP_START_LDAPI=NO/yes
    for ldapi:/// (LDAP over IPC) URLs
* Thu Aug 14 2003
  - added activation metadata to sysconfig template (Bugzilla #28911)
  - removed lint from specfile
* Thu Aug 07 2003
  - added %stop_on_removal and %restart_on_update calls
  - bdb_addcnt.dif fixes a possible endless loop in id2entry()
  - addonschema.tar.gz: some extra Schema files (YaST, RFC2307bis)
* Wed Jul 16 2003
  - removed fillup_only and call fillup_and_insserv correctly
  - new Options in sysconfig.openldap: OPENLDAP_LDAP_INTERFACES,
* Tue Jul 01 2003
  - updated to 2.1.22
  - updated Admin Guide to most recent version
  - build librewrite with -fPIC
* Mon Jun 16 2003
  - updated to 2.1.21
* Wed Jun 11 2003
  - fixed requires lines
* Mon May 26 2003
  - don't link back-ldap against librewrite.a, it's already linked
    into slapd (package should build on non-i386 Archs again)
* Fri May 23 2003
  - fixed dynamic build of back-ldap
  - new subpackage back-ldap
* Tue May 20 2003
  - updated to version 2.1.20
  - enabled dynamic backend modules
  - new subpackages back-perl, back-meta and back-monitor
  - remove unpacked files from BuildRoot
* Fri May 09 2003
  - updated to version 2.1.19
* Tue Apr 15 2003
  - fixed requires for devel-package ...
* Tue Apr 15 2003
  - fixed neededforbuild
* Thu Feb 13 2003
  - Enable IPv6 again
* Tue Feb 11 2003
  - added /etc/openldap to filelist
* Mon Feb 03 2003
  - switch default backend to ldbm
* Sun Feb 02 2003
  - fixed requires for devel package (cyrus-sasl2-devel)
* Fri Jan 31 2003
  - liblber.dif: Fixes two bugs in liblber by which remote attackers
    could crash the LDAP server (Bugzilla #22469, OpenLDAP ITS #2275
    and #2280)
* Tue Jan 14 2003
  - build using sasl2
* Mon Jan 13 2003
  - updated to version 2.1.12
  - added metadata to sysconfig template (Bug: #22666)
* Thu Nov 28 2002
  - updated to version 2.1.8
  - added additional fix of 64bit archs
  - added secpatch.dif to fix setuid issues in libldap
* Fri Sep 06 2002
  - fix for Bugzilla ID #18981, chown to OPENLDAP_USER didn't work
    with multiple database backend directories
* Mon Sep 02 2002
  - removed damoenstart_ipv6.diff and disabled IPv6 support due to
    massive problems with nss_ldap
* Mon Aug 26 2002
  - ldap_user.dif: slapd is now run a the user/group ldap (Bugzilla
* Fri Aug 23 2002
  - updated to version 2.1.4, which fixes tons of bugs
  - added damoenstart_ipv6.diff (slapd was not starting when
    configured to listen on IPv4 and IPv6 interfaces, as done by the
    start script)
  - added README.SuSE with some hints about the bdb-backend
  - updated filelist to include only the man pages of the backends,
    that were built
* Thu Aug 15 2002
  - removed termcap and readline from neededforbuild
* Thu Aug 08 2002
  - enabled {CRYPT} passwords
  - update filelist (added new manpages)
* Thu Jul 25 2002
  - patches for 64 bit architectures
* Fri Jul 19 2002
  - update to 2.1.3
* Fri Jul 05 2002
  - fix openldap2-devel requires
* Thu Jul 04 2002
  - switched back from cyrus-sasl2 to cyrus-sasl
* Wed Jul 03 2002
  - updated to OpenLDAP 2.1.2
  - added the OpenLDAP Administration Guide
  - enabled additional backends (ldap, meta, monitor)
* Mon Jun 10 2002
  - hack build/ltconfig to build shared libs on ppc64
* Wed Jun 05 2002
  - created /etc/sysconfig/openldap and OPENLDAP_START_LDAPS variable
    to enable ldap over ssl support
* Thu Mar 07 2002
  - Fix for Bugzilla ID#14569 (added cyrus-sasl-devel openssl-devel
    to the "Requires" Section of the -devel subpackage)
* Mon Feb 18 2002
  - updated to the latest STABLE release (2.0.23) which fixes some
    nasty bugs see ITS #1562,#1582,#1577,#1578
* Thu Feb 07 2002
  - updated to the latest release (which fixes a index corruption
  - cleanup in neededforbuild
  - small fixes for the init-scripts
* Thu Jan 17 2002
  - updated to the latest stable release (2.0.21)
* Wed Jan 16 2002
  - removed periods and colons from startup/shutdown messages
* Tue Jan 15 2002
  - updated to v2.0.20 (which fixes a security hole in ACL
* Fri Jan 11 2002
  - converted archive to bzip2
  - makes use of %{_libdir} now
  - set CFLAGS to -O0 for archs ia64, s390(x) and alpha otherwise
    the test suite fails on these archs
  - changed slapd.conf to store the database under /var/lib/ldap
    (this patch was missing in the last versions by accident)
* Mon Jan 07 2002
  - update to v2.0.19
* Thu Dec 06 2001
  - eliminated START_LDAP, START_SLURPD variables in rc.config
  - created separate init script for slurpd
  - moved init scripts from dif to separate source tgz
* Fri Oct 26 2001
  - update to v2.0.18
* Mon Oct 15 2001
  - update to v2.0.17
    added a sleep to the restart section
    moved some manpages to the client package
* Mon Oct 01 2001
  - update to v2.0.15
* Wed Sep 12 2001
  - backported the full bugfix from openldap-2.0.14
* Tue Sep 11 2001
  - Bugfix for slurpd millionth second bug (ITS#1323)
* Mon Sep 10 2001
  - moved ldapfilter.conf ldaptemplates.conf ldapsearchprefs.conf
    to openldap2-client package
* Mon Sep 03 2001
  - update to version 2.0.12
* Mon Jul 02 2001
  - bugfix: init script was not LSB compliant, Bugzilla ID#9072
* Tue Jun 19 2001
  - fixed for autoconf again
* Fri Jun 15 2001
  - update to 2.0.11
  - removed autoconf in specfile, because it doesn't work
* Wed May 23 2001
  - update to version 2.0.10 (minor fixes)
* Tue May 22 2001
  - update to version 2.0.9
* Mon Apr 23 2001
  - removed kerberos support
  - added aci support
* Fri Apr 20 2001
  - added kerberos support
* Thu Apr 05 2001
  - moved section 5 and 8 manpages to the server part of package
* Wed Mar 14 2001
  - Move *.so links into -devel package
  - -devel requires -client
* Thu Mar 08 2001
  - split up into openldap2-client and -devel
* Tue Feb 27 2001
  - changed neededforbuild <cyrus-sasl> to <cyrus-sasl cyrus-sasl-devel>
* Thu Feb 22 2001
  - added readline/readline-devel to neededforbuild (split from bash)
* Thu Jan 04 2001
  - bugfix: slapd.conf rename /var/lib/openldap-ldbm to
      init script: use $remote_fs
* Tue Jan 02 2001
  - use script name in %post
* Thu Dec 07 2000
  - bugfix from Andreas Jaeger:
    workaround for glibc2.2, detach
* Fri Dec 01 2000
  - hacked configure for apparently broken pthread
* Fri Dec 01 2000
  - fixed spec
* Thu Nov 23 2000
  - made configs %config(noreplace) (Bug 4112)
  - fixed neededforbuild
* Wed Nov 22 2000
  - adopted new init scheme
* Wed Nov 15 2000
  - fixed neededforbuild
* Fri Nov 10 2000
  - added buildroot
* Tue Nov 07 2000
  - long package name
  - new version, 2.0.7
* Fri Oct 06 2000
  - first package of openldap2 (v2.0.6)



Generated by rpm2html 1.8.1

Fabrice Bellet, Sat Apr 2 23:34:54 2022