Hello community, here is the log from the commit of package openldap2 for openSUSE:Factory checked in at 2017-07-21 22:43:54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openldap2 (Old) and /work/SRC/openSUSE:Factory/.openldap2.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "openldap2" Fri Jul 21 22:43:54 2017 rev:124 rq:511674 version:unknown Changes: -------- --- /work/SRC/openSUSE:Factory/openldap2/openldap2.changes 2017-02-21 13:34:18.720035991 +0100 +++ /work/SRC/openSUSE:Factory/.openldap2.new/openldap2.changes 2017-07-21 22:44:03.277963940 +0200 @@ -1,0 +2,44 @@ +Thu Jul 20 14:19:47 UTC 2017 - michael@stroeder.com + +- added overlay trace to package openldap2-contrib + +------------------------------------------------------------------- +Wed Jul 12 18:52:42 UTC 2017 - michael@stroeder.com + +- Upgrade to upstream 2.4.45 release +- removed obsolete 0010-Enforce-minimum-DH-size-of-1024.patch + and 0012-use-system-wide-cert-dir-by-default.patch +- added 0013-ITS-8692-let-back-sock-generate-increment-line.patch + for supporting modify increment operations with back-sock +- added overlay addpartial to package openldap2-contrib + +-------------------------------------------------------------------- +Wed Jun 7 09:32:52 UTC 2017 - hguo@suse.com + +- Remove legacy daemon control that was used to migrate from SLE 11 + to 12. (bsc#1038405) + +-------------------------------------------------------------------- +Tue Jun 6 13:47:18 UTC 2017 - hguo@suse.com + +- There is no change made about the package itself, this is only + copying over some changelog texts from SLE package: +- bug#976172 owned by hguo@suse.com: openldap2 - missing + /usr/share/doc/packages/openldap2/guide/admin/guide.html +- bug#916914 owned by varkoly@suse.com: VUL-0: CVE-2015-1546: + openldap2: slapd crash in valueReturnFilter cleanup +- [fate#319300](https://fate.suse.com/319300) +- [CVE-2015-1545](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1545) +- bug#905959 owned by hguo@suse.com: L3-Question: Are multiple + "Connection 0" in a Multi Master setup normal ? +- [CVE-2015-1546](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1546) +- bug#916897 owned by varkoly@suse.com: VUL-0: CVE-2015-1545: + openldap2: slapd crashes on search with deref control and empty attr list + +------------------------------------------------------------------- +Fri Apr 7 16:47:24 UTC 2017 - jengelh@inai.de + +- Drop binutils requirement; the code using /usr/bin/strings has + been dropped in openSUSE:Factory/openldap2 revision 112. + +------------------------------------------------------------------- Old: ---- 0010-Enforce-minimum-DH-size-of-1024.patch 0012-use-system-wide-cert-dir-by-default.patch openldap-2.4.44.tgz New: ---- 0013-ITS-8692-let-back-sock-generate-increment-line.patch openldap-2.4.45.tgz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openldap2.spec ++++++ --- /var/tmp/diff_new_pack.CthvGz/_old 2017-07-21 22:44:04.461796944 +0200 +++ /var/tmp/diff_new_pack.CthvGz/_new 2017-07-21 22:44:04.465796380 +0200 @@ -17,7 +17,7 @@ %define run_test_suite 0 -%define version_main 2.4.44 +%define version_main 2.4.45 %if %{suse_version} >= 1310 && %{suse_version} != 1315 %define _rundir /run/slapd @@ -56,9 +56,8 @@ Patch7: 0007-Recover-on-DB-version-change.dif Patch8: 0008-In-monitor-backend-do-not-return-Connection0-entries.patch Patch9: 0009-Fix-ldap-host-lookup-ipv6.patch -Patch10: 0010-Enforce-minimum-DH-size-of-1024.patch Patch11: 0011-openldap-re24-its7796.patch -Patch12: 0012-use-system-wide-cert-dir-by-default.patch +Patch13: 0013-ITS-8692-let-back-sock-generate-increment-line.patch Source200: %{name_ppolicy_check_module}-%{version_ppolicy_check_module}.tar.gz Source201: %{name_ppolicy_check_module}.Makefile Source202: %{name_ppolicy_check_module}.conf @@ -83,8 +82,6 @@ Recommends: cyrus-sasl Conflicts: openldap PreReq: %fillup_prereq /usr/sbin/useradd /usr/sbin/groupadd /usr/bin/grep -# For /usr/bin/strings -Requires(pre): binutils %description OpenLDAP is a client and server reference implementation of the @@ -152,6 +149,7 @@ %description contrib Various overlays found in contrib/: +addpartial Intercepts ADD requests, applies changes to existing entries allop allowed Generates attributes indicating access rights autogroup @@ -163,6 +161,7 @@ pw-sha2 generates/validates SHA-2 password hashes pw-pbkdf2 generates/validates PBKDF2 password hashes smbk5pwd generates Samba3 password hashes (heimdal krb disabled) +trace traces overlay invocation %package doc Summary: OpenLDAP Documentation @@ -250,9 +249,8 @@ %patch7 -p1 %patch8 -p1 %patch9 -p1 -%patch10 -p1 %patch11 -p1 -%patch12 -p1 +%patch13 -p1 cp %{SOURCE5} . # Move ppolicy check module and its Makefile into openldap-2.4/contrib/slapd-modules/ @@ -299,11 +297,10 @@ make depend make %{?_smp_mflags} # Build selected contrib overlays -for SLAPO_NAME in allowed allop autogroup lastbind nops denyop cloak noopsrch passwd/sha2 passwd/pbkdf2 +for SLAPO_NAME in addpartial allowed allop autogroup lastbind nops denyop cloak noopsrch passwd/sha2 passwd/pbkdf2 trace do make -C contrib/slapd-modules/${SLAPO_NAME} %{?_smp_mflags} "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libdir}" done -# One more level up needed because of passwd/sha2 # slapo-smbk5pwd only for Samba password hashes make -C contrib/slapd-modules/smbk5pwd %{?_smp_mflags} "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libdir}" DEFS="-DDO_SAMBA" HEIMDAL_LIB="" @@ -344,7 +341,7 @@ # Additional symbolic link to slapd executable in /usr/sbin/ ln -s %{_libdir}/slapd ${RPM_BUILD_ROOT}/usr/sbin/slapd # Install selected contrib overlays -for SLAPO_NAME in allowed allop autogroup lastbind nops denyop cloak noopsrch passwd/sha2 passwd/pbkdf2 +for SLAPO_NAME in addpartial allowed allop autogroup lastbind nops denyop cloak noopsrch passwd/sha2 passwd/pbkdf2 trace do make -C contrib/slapd-modules/${SLAPO_NAME} STRIP="" "DESTDIR=${RPM_BUILD_ROOT}" "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libdir}" install done @@ -386,7 +383,7 @@ install -m 644 ${RPM_BUILD_ROOT}/etc/openldap/DB_CONFIG.example ${RPM_BUILD_ROOT}/var/lib/ldap/DB_CONFIG.example install -d ${RPM_BUILD_ROOT}/etc/sysconfig/SuSEfirewall2.d/services/ install -m 644 %{SOURCE15} ${RPM_BUILD_ROOT}/etc/sysconfig/SuSEfirewall2.d/services/openldap -rm -f `find doc/guide ! -name *.html -a ! -name *.gif -a ! -name *.png -a ! -type d` +find doc/guide '(' ! -name *.html -a ! -name *.gif -a ! -name *.png -a ! -type d ')' -delete rm -rf doc/guide/release %define DOCDIR %{_defaultdocdir}/%{name} @@ -424,11 +421,8 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/lib*.la %pre -getent group ldap >/dev/null || /usr/sbin/groupadd -g 70 -o -r ldap || : -getent passwd ldap >/dev/null || /usr/sbin/useradd -r -o -g ldap -u 76 -s /bin/false -c "User for OpenLDAP" -d /var/lib/ldap ldap || : -if /usr/bin/chkconfig ldap 2>&1 | grep -q on; then - touch %{_rundir}/enable_slapd_service -fi +getent group ldap >/dev/null || /usr/sbin/groupadd -g 70 -o -r ldap +getent passwd ldap >/dev/null || /usr/sbin/useradd -r -o -g ldap -u 76 -s /bin/false -c "User for OpenLDAP" -d /var/lib/ldap ldap %service_add_pre slapd.service %post @@ -437,11 +431,7 @@ cp %{_libdir}/sasl2/slapd.conf /etc/sasl2/slapd.conf fi %{fillup_only -n openldap ldap} -%{remove_and_set -n openldap OPENLDAP_RUN_DB_RECOVER} %service_add_post slapd.service -if [ -f %{_rundir}/enable_slapd_service ]; then - /usr/bin/systemctl --quiet enable slapd -fi %post -n libldap-2_4-2 -p /sbin/ldconfig @@ -564,6 +554,7 @@ %files contrib %defattr(-,root,root) +%{_libdir}/openldap/addpartial.* %{_libdir}/openldap/allowed.* %{_libdir}/openldap/allop.* %{_libdir}/openldap/autogroup.* @@ -575,6 +566,7 @@ %{_libdir}/openldap/denyop.* %{_libdir}/openldap/cloak.* %{_libdir}/openldap/smbk5pwd.* +%{_libdir}/openldap/trace.* %files client %defattr(-,root,root) ++++++ 0013-ITS-8692-let-back-sock-generate-increment-line.patch ++++++
From 6c37844c5c52b95aff5e4e547cda8a7258e92a35 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20Str=C3=B6der?=
Date: Wed, 12 Jul 2017 20:18:22 +0200 Subject: [PATCH] ITS#8692 let back-sock generate increment: line in case of LDAP_MOD_INCREMENT (see RFC 4525, section 3)
--- servers/slapd/back-sock/modify.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/servers/slapd/back-sock/modify.c b/servers/slapd/back-sock/modify.c index c35d31bc6..9342d2702 100644 --- a/servers/slapd/back-sock/modify.c +++ b/servers/slapd/back-sock/modify.c @@ -85,6 +85,10 @@ sock_back_modify( case LDAP_MOD_REPLACE: fprintf( fp, "replace: %s\n", mod->sm_desc->ad_cname.bv_val ); break; + + case LDAP_MOD_INCREMENT: + fprintf( fp, "increment: %s\n", mod->sm_desc->ad_cname.bv_val ); + break; } if( mod->sm_values != NULL ) { -- 2.13.2 ++++++ openldap-2.4.44.tgz -> openldap-2.4.45.tgz ++++++ ++++ 20584 lines of diff (skipped)