v1.1.10 2018-09-26, Golden Bull

Golden Bull

On the Golden Bull of Sicily day.

Briefly:

1. Prevention mdb-backend database corruption.

   Corresponding rebalance bug inheritred from LMDB/OpenLDAP.
   Now it completely fixed in the devel branch and future ReOpenLDAP 1.2.x versions,
   where the new libmdbx version is used.

   Unfortunately these fixes cannot be backported into the legacy libmdbx version,
   which used in the master branch and 1.1.x versions.
   On the other hand, the conditions prerequisite for DB corruption are extremely rare and
   maybe cannot be reproduced by LDAP use cases.

   Therefore 1.1.10 and later 1.1.x releases (the stable/1.1 branch) will not contain the complete fix,
   but only the minimal changes for prevention such corruption,
   i.e. will return error and abort transaction instead of DB corruption.

2. Improvements for configure, building. Cleanup and reformatting the source code.

3. Other minor bugs were fixed.

New features and Compatibility breaking: none

Documentation:

• mdbx: mdb_cursor_del don't invalidate the cursor (ITS#8857).
• mdbx: GET_MULTIPLE don't return the key (ITS#8908).
• doc: update README.md

Major and Security bugs:

• mdbx: prevent DB corruption due rebalance bugs.

Minor bugs:

• libreldap: fix "retry gnutls_handshake after GNUTLS_E_AGAIN" (ITS#8650).
• slapd: omit hidden DBs from rootDse (ITS#8912).
• slapd: fix authz-policy all condition (ITS#8909).
• backend-mdb, backend-bdb: fix index delete.

Performance: none

Build:

• reopenldap: fix GCC-8.x warnings.
• libreldap: add missing includes (ITS#8809).
• configure: rework search NdbClient headers and libraries.
• configure: add OSSP-UUID search for modern Fedora/RHEL.
• configure: fix EXTRA_CFLAGS typo.
• configure: explicit separation of experimental backends.
• configure: refine error-msg for mysql_cluster's mysql_config.

Cosmetics:

• reopenldap: fix typo with ITS#8843 description.
• reopenldap: reformat source code by clang-format-6.0.
• reopenldap: remove LDAP_P macro.
• reopenldap: drop LDAP_CONST macro.

Other:

• mdbx: drop inherited broken audit.
• tests: export LC_ALL=C as workaround as Fedora's diff utility bugs.
• ci: add LIBTOOL_SUPPRESS_DEFAULT=no into scripts.
• ci: add ci/fedora.sh script.
• ci: update ci/debian.sh script.

v1.1.9 2018-08-02, Airborne Positive

Airborne Positive

On the Airborne Day, on the day of Foundation and the 16-year anniversary of Positive Technologies.

Briefly:

1. Fixed TLS/SSL major bugs (deadlocks and segfaults).
2. Other minor bugs were fixed.
3. Added TLS/SSL test into test suite.

New features and Compatibility breaking: none

Documentation:

• fix quoting example in man-pages.
• add DN qualifier and regexp for sock backend (ITS#8051).
• update libmdbx Project Status.

Major and Security bugs:

• libreldap: fix init/shutdown races/segfaults with modern OpenSSL.
• libreldap: fix deadlock/recursion inside tls_init() internals.

Minor bugs:

• libreldap: add printability checks on the dc RDN (ITS#8842).
• overlay-memberof: Improve memberof cn=config handling (ITS#8663).
• backend-glue: don't finish initialisation in tool mode unless requested (ITS#8667).
• backend-mdb, backend-bdb: don't convert IDL to range needlessly (ITS#8868).
• backend-sock: use a regexp (ITS#8051).
• backend-sock: add DN qualifier (ITS#8051).
• libreldap: fix unlock in error-case inside thread-pool handle_pause().
• libreldap: fix ber_realloc after a partial ber_flush (ITS#8864).
• slapd: fix wrong/duplicate listening if bind failed.
• slapd: fix ldif-wrap errmsg typo.

Performance:

• slapd: minor refine suspend/refine listeners.

Build:

• configure: update for modern libtool.
• configure: fix quoting for empty variable.
• configure: add TLS-tests.
• configure: add checking for libnsspem.

Cosmetics:

• libreldap: message-hint to check libnsspem.so for TLS by MozNSS.
• slapd: cleanup-drop SLAP_FD2SOCK/SLAP_SOCK2FD/SLAP_SOCKNEW.

Other:

• tests: don't ignore its8667 regression while CI/buzz-testing.
• tests: fix $MONITORDB usage.
• tests: add regression test for ITS#8616.
• tests: add TLS-tests.
• ci: migrate to Circle-CI 2.0

v1.1.8 2018-06-04

Briefly:

1. Fixed MDBX major bug (DB corruption).
2. Fixed slapd memory corruption and other segfaults.
3. Fixed build for Elbrus architecture.

New features and Compatibility breaking: none

Documentation:

• SASL_MECH/SASL_REALM are not user-only (ITS#8818).
• fix SIGHUB typo.

Major and Security bugs:

• fix wrong freeDB search.
• fix memory corruption in connection-handling code.
• fix op_response() segfault.

Minor bugs:

• syncprov: don't check for existing value when deleting values (ITS#8616).
• slapd: fix domainScope control to ensure the control value is absent (ITS#8840).
• mdbx: can't use fakepage mp_ptrs directly (ITS#8819).
• mdbx: fix regression in 0.9.19 (ITS#8760).
• mdbx: fix FIRST_DUP/LAST_DUP cursor bounds check (ITS#8722).

Performance:

• mdbx: XCURSOR_REFRESH() fixups/cleanup.
• syncprov, syncrepl, accesslog: reduce unnecessary writes of contextCSN entry (ITS#8789).

Build:

• mdbx: fix check make target (minor).
• reopenldap: refine bootstrap.sh.
• automake: fix -fno-lto for .symver memcpy_compat, memcpy@@@GLIBC_2.2.5
• liblutil: fix warning variable hex set but not used (minor).
• libreldap, slapd: avoid trigraphs in comments (minor).
• ldaptools: fix 'uninit' warnigs form lcc (minor).
• libreldap: fix callbacks for NSPR.
• libreldap: #ifdef for SSL_LIBRARY_VERSION_TLS_1_3.

Cosmetics:

• mdbx: minor fixup comments and warnings.

Other:

• tests: fix copypasta in its8444 regression script.
• ci: drop support for old/legacy versions.
• slapd: add backtrace support for Elbrus.
• reopenldap: update reldap.h and ldap_cdefs.h for Elbrus.
• libmdbx: update defs.h for Elbrus.
• tests: Ensure there are no differences due to different checkpoints (ITS#8800).

1.1.7 "Red Army Soldier"

Briefly:

1. Added more Russian man-pages (thanks to Egor Levintsa, http://pro-ldap.ru).
2. The ldap dirs bug fixed.
   A @variables@ macros were not replaced with actual configured paths (thanks to Dmitrii Zolotov).
3. Fixed enough other bugs and warnings.

New features and Compatibility breaking:

• Public key pinning support (ITS#8753).
• Allow to recognize title-case characters even if they do not have lower-case equivalents (ITS#8508).
• Legacy ldap_pvt_thread_rmutex removed.
• POSIX recursive mutex for libevent (ITS#8638).
• New ldap_connect() function (ITS#7532).

For more information please see NEWS and Changelog.

ReOpenLDAP-1.1.6

Briefly:

1. A lot of bug fixing.
2. Support for musl-libc, fixes related to build and dependencies.
3. Continuous Integration by Travis-CI
   and Circle-CI.

---

New features and Compatibility breaking:

• libreldap, mdbx: musl support.
• contrib: argon2 password hashing module (ITS#8575).
• libreldap: more for LibreSSL and OpenSSL 1.1.0c (ITS#8533, ITS#8353).
• overlays: backport - add AutoCA overlay.
• mdbx: support glibc < 2.18 for TLS cleanup on thread termination.
• libreldap: adds ldif_open_mem() (ITS#8603).
• slapd: backport - Add config support for binary values.
• libreldap: backport - Add options to use DER format cert+keys directly.
• proxy-cache, all: use LDAP_DEBUG_CACHE/Cache.
• mdbx: don't ignore data arg in mdb_del() for libfpta.
• mdbx: rework mdbx_replace() for libfpta.
• mdbx: add mdbx_dbi_open_ex() for libfpta.
• mdbx: add mdbx_is_dirty() for libfpta.
• mdbx: add MDBX_RESULT_FALSE and MDBX_RESULT_TRUE for libfpta.
• mdbx: zero-length key is not an error for MDBX.
• mdbx: MDBX_EMULTIVAL errcode for libfpta.
• mdbx: allows cursors to be free/reuse explicitly, regardless of transaction wr/ro type.
• mdbx: adds mdbx_get_ex() for libfpta.
• mdbx: adds mdbx_replace() for libfpta.
• mdbx: allows zero-length keys for libfpta.
• mdbx: rework MDB_CURRENT handling for libfpta.
• mdbx: adds mdbx_cursor_eof() for libfpta.
• mdbx: explicit overwrite support for mdbx_put().
• mdbx: add 'canary' support for libfpta.
• mdbx: 'attributes' support for Nexenta.

Documentation:

• man: Fix wording to match examples (ITS#8123).
• man-contib: add man-pages for contrib overlays (ITS#8205).
• man: Note that non-zero serverID's are required for MMR, and that serverID 0 is specific to single master replication only (ITS#8635).
• man: Note that slapo-memberOf should not be used in a replicated environment (ITS#8613).
• doc: cleanup tabs in CHANGES.OpenLDAP
• doc: backport - Catalog of assigned OID arcs.
• man: backport - Fix VV option information (ITS#7177, ITS#6339).
• man: Further clarification around replication information (ITS#8253).
• Update CONTRIBUTING.md
• mdbx: notes about free/reuse cursors.
• slapd: refine note for Cyrus-SASL memleak.
• contrib: minor Update TOTP README (ITS#8513).
• man: backport - Add a manpage for slapo-autogroup (ITS#8569).
• man: backport - Grammar and escaping fixes (ITS#8544).
• man: backport - Clearly document rootdn requirement for the ppolicy overlay (ITS#8565).
• mdbx: rework README.

Major and Security bugs:

• mdbx: backport - don't madvise(MADV_REMOVE).
• backend-mdb: fix double free on paged search with pagesize 0 (ITS#8655).
• reldap: retry gnutls_handshake after GNUTLS_E_AGAIN (ITS#8650).
• slapo-sssvlv: Cleanup double-free fix in sssvlv overlay (ITS#8592).
• libreldap: fix races around tls_init().
• libreldap: use pthread_once() for SASL init (fix Debian Bug #860947).
• mdbx: fix snap-state bug (backport).
• slapd: fix segfault (ITS#8631)
• libreldap: backport - Fixup cacert/cert/key options.
• libreldap: fix hipagut for ARM/ARM64 (and other where alignment is required).
• overlay-sssvlv: try to fix double-free in server side sort (ITS#8592, ITS#8368).
• libreldap: backport - Avoid hiding the error if user specified CA does not load (ITS#8529).
• syncrepl: fix refer to freed mem.
• slapd: backport - fix sasl SEGV rebind in same session (ITS#8568).
• mdbx: CHANGES for glibc bugs #21031 and #21032.

Minor bugs:

• mdbx: backport - ITS#8699 more for cursor_del ITS#8622.
• slapd: avoid hang/crash the backtrace_sigaction().
• reopenldap: avoid deadlock/recursion in debug-output.
• syncrepl: LDAP_PROTOCOL_ERROR if entryCSN missing in 'IDCLIP' mode.
• mdbx: backport - fix mdbx_set_attr().
• mdbx: fix mdbx_txn_straggler() for write-txn (backport from devel).
• mdbx: fix crash on twice txn-end (backport from devel).
• reldap: check result of ldap_int_initialize in ldap_{get,set}_option (ITS#8648).
• slapd: backport - fix LDAP_TAILQ macro, nice bug since 2002 (ITS#8576).
• slapd, autoca-overlay: backport - Move privateKey schema into slapd.
• slapd: backport - Update accesslog format and syncrepl consumer (ITS#6545).
• libreldap: backport - Ensure that the deprecated API is not used when using OpenSSL 1.1 or later (ITS#8353, ITS#8533).
• unique-overlay: backport - Allow empty mods (ITS#8266).
• libutil, slapd: backport - Separate Avlnode and TAvlnode types (ITS#8625).
• libreldap, slapd: backport - Fixes for multiple threadpool queues.
• mdbx: backport - ITS#8622 fix xcursor after cursor_del.
• slapd: backport - Deal with rDN correctly (ITS#8574).
• syncprov: fix possibility of use freed pivot_csn.
• mdbx: fix cursor-untrack bug.
• slapd: fix memleaks from mask_to_verbstring().
• slapd: fix minor config-value_string memleak.
• libreldap: fix minor PL_strdup(noforkenvvar) memleak.
• slapd: workaround for Cyrus memleak.
• backend-mdb: fix cursor leaks (follow libmdbx API changes).
• libreldap: backport - Fail ldap_result if handle is already bad (ITS#8585).
• mdbx: fix losing a zero-length value of sorted-dups (for libfpta).
• slapd: fix slap_tls_get_config().
• slapd: fix mr_index_cmp() for match-rules.
• ci: fix static/dymanic for backends.
• mdbx: fix MDB_CURRENT for MDB_DUPSORT in mdbx_cursor_put() for libfpta.
• mdbx: fix LEAF2-pages handling in mdb_cursor_count().
• slapd: fix LDAP_OPT_X_TLS_CRLFILE.
• slapd: temporary fix for issue#120 (its8444).
• syncprov: bypass refresh for refrech-and-persist requests when no local cookies.
• syncprov: minor fix rid/sid debug output.
• slapd: don't treat an empty cookie string as the protocol violation.
• syncrepl: pull cookies before fallback to refresh from delta-mmr.
• mdbx: fix xflags inside mdb_cursor_put().
• mdbx: fix cursor EOF tricks.
• syncrepl: immediately schedule retry for LDAP_SYNC_REFRESH_REQUIRED.
• syncprov: LDAP_BUG() in op-responce if op-tag missing.
• accesslog: fix missing op-tag.
• syncrepl: allow empty sync-cookie for delta-mmr (accesslog).
• mdbx: fix mdb_cursor_last (ITS#8557).
• mdbx: backport - ITS#8558 fix mdb_load with escaped plaintext.
• mdbx: fix cursor_count() for libfpta.
• mdbx: mdb_chk - don't close dbi-handles, set_maxdbs() instead.
• mdbx: fix MDB_GET_CURRENT for dupsort's subcursor.

Performance:

• mdbx: 'unlikely' for DB_STALE.
• mdbx: check OPTIMIZE for __hot/__cold/__flatten.

Build:

• configure: fix subst for VALGRIND_SUPPRESSIONS_FILES.
• configure: add '--enable-ci' option for Continuous Integration.
• bootstrap: add patch for old ltmain.sh versions.
• configure: check for pkg_config.
• configure: use CPPFLAGS while check headers.
• configure: use OPENSSL_CFLAGS and GNUTLS_CFLAG while check headers.
• build: add workaround for libtool -no-suppress.
• build: add common.mk (placeholder for now).
• build: add support for EXTRA_CFLAGS.
• slapd: fix gcc -Ofast warnings.
• build: check libsodium >= 1.0.9 for argon2.
• dist: use expr instead of bc.
• reopenldap: update automake's stuff for libmdbx changes.
• contrib: -Wno-address for nssov.
• slapd: checks and HAVE_ENOUGH4BACKTRACE for backtrace feature (compatibility).
• configure: add missing ldap_dir.h.in (oops).
• configure: libuuid by pkg-config.
• reopenldap: initial for cross-compilation.
• mdbx: adds -ffunction-sections for CFLAGS.
• mdbx: enable C99.

Cosmetics:

• configure: fix message alignment (cosmetics).
• reopenldap: update links after move the repo.
• mdbx: update links after move the repo.
• ci: add Travis-CI status to README.md
• reopenldap: add TODO.md
• libreldap: backport - Fix minor typo (ITS#8643).
• back-monitor: fix monitoredInfo.
• reopenldap: fix 'emtpy' typos (ITS#8587).
• syncprov: refine 'syncprov-sessionlog' config.
• syncprov: minor renames (cosmetics).
• syncprov: refine add_slog (cosmetics).
• slapd: refine SlapdVersionStr.
• mdbx: remote extra LNs (cosmetics).
• mdbx: mdb_chk - cosmetics (no extra \n).

Other:

• libreldap: rename ber_error_print() to ber_debug_print().
• reopenldap: rename ldap-time functions.
• libreldap: drop -ber_pvt_log_output().
• reopenldap: rework ldap-time functions.
• slapd: refine daemon event loop (still historically madness).
• reldap: add ldap_debug_flush(), refine debug-locking.
• syncrepl: clarity debug error-string.
• ci: add SLAPD_TESTING_DIR and SLAPD_TESTING_TIMEOUT.
• slapd: add slap_setup_ci() with engaged by '--enable-ci'.
• test: add regression test for ITS#8667.
• libreldap: move ldap_init_fd() definition to ldap.h
• slapo-valsort: fix 'unused result' warnings around strtol().
• slapd: log 'active_threads' on TRACE-level from daemon.
• autoca-overlay: tweaks length of keys.
• autoca-overlay: backport - Tweaks for OpenSSL 1.1 API deprecations.
• libreldap: add MAY_UNUSED to avoid warnings from Clang.
• libreldap: remove needless conds.
• test: add temporary workaround for issue#121.
• test: add dbnosync flag for its4448.
• slapd: backport - Tweak privateKeyValidate for PKCS#8.
• libreldap: backport - Add GnuTLS support for direct DER config of cacert/cert/key.
• autoca-overlay: squashed fixups.
• libreldap: backport - Add ldap_pvt_thread_pool_queues decl.
• slapd: backport - Fixup for binary config attrs.
• slapd: minor fixup pause handling in config-backend.
• slapd: backport - Support setting cacert/cert/key directly in cn=config entry.
• libreldap: fix debug-log warning.
• mdbx: don't close/lost DBI-handles on ro-txn renew/reset.
• mdbx: don't close DBI-handles from R/O txn_abort().
• slapd: use ARG_BAD_CONF for config().
• ...

ReOpenLDAP-1.1.5

Briefly:

1. Set of fixes for MDBX and mdb-backend.
2. Several fixes related to testing.
3. Few fixes related to build and dependencies.

The Future will Positive. Всё будет хорошо.
HNY2017!

---

New features and Compatibility breaking:

• ci: scripts from ps/build branch.
• configure: adds check-news option.
• build: add its-regressions to make test target.

Documentation:

• mdbx: set of LMDB-0.9.19 updates (doxygen and comments).
• man: interval keyword info (ITS#8538).

Major and Security bugs: none

Minor bugs:

• mdbx: more for cursor tracking after deletion (ITS#8406).
• mdbx: mdb_env_copyfd2(): Don't abort on SIGPIPE (ITS#8504).
• mdbx: fix ov-pages copying in cursor_put().
• mdbx: catch mdb_cursor_sibling() error (ITS#7377).
• mdbx: mdb_dbi_open(): Protect mainDB cursors (ITS#8542).
• backend-mdb: fix mdb_indexer() segfault after cursor closing.
• backend-mdb: refine mdb_tool_xxx() cursor closing.
• backend-mdb: fix mdb_idl_fetch_key() segfault after cursor closing.
• backend-mdb: fix mdb_online_index() cursor leak.
• backend-mdb: simplify mdb_attr_index_config() AttrInfo init.
• backend-mdb: fix mdb_add() cursor leak.
• backend-mdb: fix cursor leak.

Performance: none

Build:

• configure: checking for libperl.
• reopenldap: fix unused warnings for --disable-debug.
• build: add its-regressions to make test target.
• reopenldap: fix GCC 6.x warnings (misleading indentation).
• tests: refine ITS's regression tests.
• build: fix automake xxx_DEPENDENCIES.
• ci: scripts from ps/build branch.
• configure: adds check-news option.

Cosmetics:

• tests: uses tput for change output color/contrast.
• reopenldap: changelog note for ITS#8525.
• reopenldap: fix typos in NEWS/ChangeLog.
• mdbx: fix typo.

Other:

• backend-mdb: Fix its6794 test.
• tests: refine running its-cases.
• tests: Specifically test for error 32 on the consumer.
• mdbx: Pass cursor to mdb_page_get(), mdb_node_read().
• mdbx: Cleanup: Add flag DB_DUPDATA, drop DB_DIRTY hack.
• tests: fix its8521 config data.
• slapd: fix build legacy backends after str2entry() changes.
• tests: fix regression test for its8521.
• slapd: return error from str2entry().
• backend-mdb: mdb_tool_terminate_txn().
• tests: split-put run_testset().
• tests: testcase for ITS#8521 regression.
• mdbx: minor simplify mc_signature.
• mdbx: factor out refreshing sub-page pointers.
• tests: Fix regression test for ITS#4337 (ITS#8535).
• tests: Fix regression test to correctly load back-ldap if it is built as a module (ITS#8534).

ReOpenLDAP-1.1.4

Briefly:

1. Return to the original OpenLDAP Foundation license.
2. More fixed for OpenSSL 1.1, LibreSSL 2.5 and Mozilla NSS.
3. Minor fixes for configure/build and so forth.

This is koo release from Kin-dza-dza!

New features and Compatibility breaking:

• reopenldap: support for OpenSSL-1.1.x and LibreSSL-2.5.x (#115, #116).
• contrib: added mr_passthru module.
• configure --with-buildid=SUFFIX.
• return to the original OpenLDAP Foundation license.
• moznss: support for <nspr4/nspr.h> and <nss3/nss.h>

Documentation:

• man: fix typo (ITS#8185).

Major and Security bugs: none

Minor bugs:

• mdbx: avoid large '.data' section in mdbx_chk.
• mdbx: fix cursor tracking after mdb_cursor_del (ITS#8406).
• reopenldap: fix LDAPI_SOCK, adds LDAP_VARDIR.
• mdbx: use O_CLOEXEC/FD_CLOEXEC for me_fd,env_copy as well (ITS#8505).
• mdbx: reset cursor EOF flag in cursor_set (ITS#8489).
• slapd: return error on invalid syntax filter-present (#108).

Performance: none

Build:

• ppolicy: fix libltdl's includes for ppolicy overlay.
• libltdl: move build/libltdl to the start of SUBDURS.
• mdbx: don't enable tracing for MDBX by --enable-debug.
• reopenldap: fix missing space in bootstrap.sh

Cosmetics:

• slapd: adds RELEASE_DATE/STAMP to slapd -V output.
• mdbx: clarify fork's caveat (ITS#8505).

Other:

• cleanup/refine AUTHORS file.

ReOpenLDAP-1.1.3

Briefly:

1. Imported all relevant patches from RedHat, ALT Linux and Debian/Ubuntu.
2. More fixes especially for TLS and Mozilla NSS.
3. Checked with PVS-Studio static analyser (first 10 defects were shown and fixed).
   Checking with Coverity static analyser also was started, but unfortunately it is
   a lot of false-positives (pending fixing).

---

New features and Compatibility breaking:

• (+) configure --with-gssapi=auto/yes/no.
• (*) slapi: use /var/log/slapi-errors instead of /var/errors.
• (!) slapd: move the ldapi socket to /var/run/slapd from /var/run.
• (!) reopenldap LICENSE note.
• (+) configure --enable-debug=extra.
• (+) libreldap: NTLM bind support.
• (+) contrib: added check_password module.
• (+) contrib: allow build smbk5pwd without heimdal-kerberos.
• (!) libreldap: Disables opening of ldaprc file in current directory (RHEL#38402).
• (+) libreldap: Support TLSv1.3 and later.

Documentation:

• (+) man: added page for contrib/smbk5pwd.
• (*) man: note for ldap.conf that on Debian is linked against GnuTLS.
• (+) doc: added preamble to devel/README.
• (-) man: remove refer to <ldap_log.h>
• (*) man: note olcAuthzRegex needs restart (ITS6035).
• (*) doc: fixed readme's module-names for contrib (.so -> .la)
• (*) mdbx: comment MDB_page, rename mp_ksize.
• (*) mdbx: VALID_FLAGS, mm_last_pg, mt_loose_count.
• (+) man: fixed SASL_NOCANON option missing in ldap.conf manual page.

Major and Security bugs:

• (*) slapd: fixed #104, check for writers while close the connection.
• (*) slapd: fixed #103, stop glue-search on errors.
• (*) libreldap: MozNSS fixed CVE-2015-3276 (RHEL#1238322).
• (*) libreldap: TLS do not reuse tls_session if hostname check fails (RHEL#852476).
• (*) slapd: Switch to lt_dlopenadvise() to get RTLD_GLOBAL set (RHEL#960048, Dedian#327585).
• (*) libreldap: reentrant gethostby() (RHEL#179730).
• (*) libreldap: MozNSS ignore certdb database type prefix when checking existence of the directory (RHEL#857373).

Minor bugs:

• (*) slapd: fixed compare pointer with '\0' in syn_add().
• (*) slapd: fixed indereferenced pointer in fe_acl_group().
• (*) libreldap: fixed overwriting a parameter in tlso_session_errmsg().
• (*) slapd: fixed recurring check in register_matching_rule().
• (+) syncprov/syncrepl: more for #105, two workarounds.
• (*) mdbx: fixed mdb_dump tool and other issues detected by PVS-Studio.
• (*) mdbx: fixed assertions when debug enabled for various open/sync modes.
• (*) slapd: fixed use-after-free in debug/syslog message on module unloaded.
• (*) monitor-backend: fixed cache-release on errors.
• (-) slapd: don't create pid-file for config-check mode.
• (+) libreldap: "tls_reqcert never" by default for ldap.conf
• (-) libreldap: Disables opening of ldaprc file in current directory (RHEL#38402).
• (*) libreldap: MozNSS update list of supported cipher suites.
• (*) libreldap: MozNSS better file name matching for hashed CA certificate directory (RHEL#852786).
• (*) libreldap: MozNSS free PK11 slot (RHEL#929357).
• (*) libreldap: MozNSS load certificates from certdb, fallback to PEM (RHEL#857455).
• (*) slapd: fixed loglevel2bvarray() for config-backend.
• (*) libreldap: LDAPI SASL fix (RHEL#960222).
• (*) libreldap: use AI_ADDRCONFIG if defined in the environment (RHEL#835013).
• (*) libreldap: fixed false-positive ASAN-trap when Valgrind also enabled.

Performance:

• (-) libreldap: remove resolv-mutex around getnameinfo() and getnameinfo() (Debian#340601).
• (*) slapd: fixed major typo in rurw_r_unlock() which could cause performance degradation.

Build:

• (+) configure: added --with-gssapi=auto/yes/no.
• (*) mdbx: fixed CC and XCFLAGS in 'ci' make-target rules.
• (*) mdbx: fixed 'clean' make-target typo.
• (*) mdbx: fixed Makefile deps from mdbx.c
• (*) tests: fixed lt-exe-name for coredump collection.
• (+) backend-mdb: enable debug for libmdbx if --enable-debug.
• (*) mdbx: make ci-target without NDEBUG and with MDB_DEBUG=2.
• (+) mdbx: allow CC=xyz for ci-target rules.
• (*) configure: fixed cases when corresponding to --with-tls=xyz package not available.
• (+) configure: take in account --enable-lmpasswd for TLS choice.
• (*) configure: workaround for --enable-lmpasswd with GnuTLS (ITS#6232).
• (*) liblutils: fixed build with --enable-lmpasswd.
• (*) libreldap: fixed warnings when Mozilla NSS used.
• (*) configure: rework TLS detection (Mozilla NSS, GnuTLS, OpenSSL).
• (*) libreldap: fixed build --with-tls=gnutls.
• (-) contrib: don't build passwd/totp, passwd/pbkdf2 and smbk5pwd with --with-tls=moznss.
• (+) automake: install lber_types.h and ldap_features.h
• (*) automake: fixed $(DESTDIR) for install/uninstall hooks.
• (*) automake: fixed ldapadd tool uninstall.
• (*) configure: Check whether ucred is defined without _GNU_SOURCE.
• (*) slapd: don't link with BerkeleyDB, but bdb/hdb backends only.
• (*) configure: checking for krb5-gssapi for contrib-gssacl.
• (*) configure: Use pkg-config for Mozilla NSS library detection.
• (*) libreldap: fixed build in case --with-tls=moznss.

Cosmetics:

• (+) slapindex: print a warning if it's run as root.
• (*) fixed printf format in mdb-backend and liblunicode.
• (*) fixed minor typo in print_vlv() for ldif-output.
• (*) mdbx: minor fix mdb_page_list() message
• (*) fixed 'experimantal' typo ;)
• (*) slap-tools: fixed set debug-level.

Other:

• (+) reopenldap AUTHORS and CONTRIBUTION.
• (*) reopenldap: fix copyright timestamps.
• (*) libreldap: fixed deprecated ldap_search_s() in case --with-gssapi=yes.
• (-) libreldap, slapd: don't second-guess SASL ABI (Debian#546885).
• (+) slapd: added LDAP_SYSCONFDIR/sasl2 to the SASL configuration search path.
• (-) backend-bdb: don't second-guess BDB ABI (Debian#651333).
• (+) libreldap: added /etc/ssl/certs/ca-certificates.crt for ldap.conf
• (+) reopenldap: added Coverity scan build status.
• (*) mdbx: fix usage of attribute((format(gnu_printf, ...)) for clang.
• (+) backend-mdb: turn MDBX's debugging depending on --enable-debug=xyz.
• (*) reopenldap: use LDAP_DEBUG instead of !NDEBUG.
• (-) reopenldap: remove obsolete OLD_DEBUG.
• (*) tests: more for #92 (mtread).
• (*) tests: added biglock to test048-syncrepl-multiproxy.
• (*) slapd: refine biglock for passwd_extop().
• (*) tests: fixed #105, adds biglock to test054-syncrepl-parallel-load.
• (*) libreldap: more worarounds for #104.
• (*) slapd: show 'glue' like a static overlay.
• (*) mdbx: fixed copyright timestamps.
• (*) mdbx: check assertions depending on NDEBUG.
• (*) contrib/check_password: fixed default values usage.
• (*) tests: support RANDOM_ORDER for load balancing.
• (*) libreldap: TLS fixed unused warnings.
• (*) slapd: backtrace for CLM-166490.
• (*) tests: use Valgrind from configure.

ReOpenLDAP-1.1.2

Briefly:

1. Fixed few build bugs which were introduced by previous changes.
2. Fixed the one replication related bug which was introduced in ReOpenLDAP-1.0
   So there is no even a rare related to replication test failures.
3. Added a set of configure options.

New:

• configure --enable-contrib for build contributes modules and plugins.
• configure --enable-experimental for experimental and developing features.
• configure --enable-valgrind for testing with Valgrind Memory Debugger.
• configure --enable-check --enable-hipagut for builtin runtime checking.
• Now --enable-debug and --enable-syslog are completely independent of each other.

Documentation:

• man: minor cleanup 'deprecated' libreldap functions.

Major bugs:

• syncprov: fix find-csn error handling.

Minor bugs:

• slapd: accept module/plugin name with hyphen.
• syncprov: fix RS_ASSERT failure inside mdb-search.
• slapd: result-asserts (RS_ASSERT) now controlled by mode 'check/idkfa'.
• pcache: fix RS_ASSERT failure.
• mdbx: backport - ITS#8209 fix MDB_CP_COMPACT.

Performance: none

Build:

• slapd: fix old gcc's double typedef error.
• slapd: fix bdb/hdb backends build distinction.
• contrib: fix out-of-source build.
• configure: build contrib-modiles conditionaly if 'heimdal' package not available.
• slapd: fix warning with --enable-experimental.
• pcache: fix build with --enable-experimental.
• slapd: fix dynamic module support.
• configure: refine libtool patch for LTO.
• build: fixup banner-versioning for tools and libs.
• slapd: fix build with --enable-wrappers.
• all: fixup 'unused' vars, in case assert-checking disabled.
• build: silencing make by default.
• build: mbdx-tools within mdb-backend.

Cosmetics: none

Other:

• libreldap, slapd: add and use ldap_debug_perror().
• slapd: support ARM and MIPS for backtrace.
• mdbx: backport - Refactor mdb_page_get().
• mdbx: backport - Fix MDB_INTEGERKEY doc of integer types.
  ! all: rework debug & logging.
• slapd: LDAP_EXPERIMENTAL instead of LDAP_DEVEL.
• slapd, libreldap: drop LDAP_TEST, introduce LDAP_CHECK.
• slapd, libreldap: always checking if LDAP_CHECK > 2.
• reopenldap: little bit cleanup of EBCDIC.

Issues:

• #101
• #92

ReOpenLDAP-1.1.1

Briefly:

1. Few replication (syncprov) bugs are fixed.
2. Additions to russian man-pages were translated to english.
3. A lot of segfault and minor bugs were fixed.
4. Done a lot of work on the transition to actual versions of autoconf and automake.

New:

• reopenldap: use automake-1.15 and autoconf-2.69.
• slapd: upgradable recursive read/write lock.
• slapd: rurw-locking for config-backend.

Documentation:

• doc: english man-page for 'syncprov-showstatus none/running/all'.
• doc: syncrepl's 'requirecheckpresent' option.
• man: note about 'ServerID 0' in multi-master mode.
• man: man-pages for global 'keepalive idle:probes:interval' option.

Major bugs:

• slapd: rurw-locking for config-backend.
• syncprov: fix syncprov_findbase() race with backover's hacks.
• syncprov: bypass 'dead' items in syncprov_playback_locked().
• syncprov: fix syncprov_playback_locked() segfault.
• syncprov: fix syncprov_matchops() race with backover's hacks.
• syncprov: fix rare syncprov_unlink_syncop() deadlock with abandon.
• slapd: fix deadlock in connections_shutdown().
• overlays: fix a lot of segfaults (callback initialization).

Minor bugs:

• install: hotfix slaptools install, sbin instead of libexec.
• contrib-modules: hotfix - remove obsolete ad-hoc of copy register_at().
• syncrepl: backport - ITS#8432 fix infinite looping mods in delta-mmr.
• reopenldap: hotfix 'derived from' copy-paste error.
• mdbx: backport - mdb_env_setup_locks() Plug mutexattr leak on error.
• mdbx: backport - ITS#8339 Solaris 10/11 robust mutex fixes.
• libreldap: fix PR_GetUniqueIdentity() for ReOpenLDAP.
• liblber: don't trap ber_memcpy_safe() when dst == src.
• syncprov: kicks the connection from syncprov_unlink_syncop().
• slapd: reschedule from connection_closing().
• slapd: connections_socket_troube() and EPOLLERR|EPOLLHUP.
• slapd: 2-stage for connection_abandon().
• syncprov: rework cancellation path in syncprov_matchops().
• syncprov: fix invalid status ContextCSN.
• slapd: fix handling idle/write timeouts.
• accesslog: backport - ITS#8423 check for pause in accesslog_purge.
• mdbx: backport - ITS#8424 init cursor in mdb_env_cwalk.

Performance: none

Build:

• contrib-modules: fix build, contrib-mod.mk
• configure: fix 'pointers aliasing' for libltdl.
• configure: check for libbfd and libelf for backtrace.
• configure: check for 'soelim' and 'soelim -r'.
• configure: build librewrite only if rwm-overlay or meta-backed is enabled.
• configure: PERL_LDFLAGS and PERL_RDIR (rpath) for perl-backend.
• configure: NDB_LDFLAGS and NDB_RDIR (rpath) for ndb-backend.
• reopenldap: fix build parts by C++ (back-ndb).
• mdbx: fix build by clang (missing-field-initializers).
• slapd: fix build ASAN + dynamic + visibility=hidden.
• libreldap: fix 'msgid' may be used uninitialized in ldap_modify_*().
• configure: error if libuuid is missing.
• libreldap: fix build by clang.
• shell-backends: fix passwd-shell tool building.
• contrib/acl: checking for --enable-dynacl.
• slapd: fix keepalive-related typo in slap_listener().
• libldap: fix typo ';' in ldap_pvt_tcpkeepalive().
• libldap: fix build with GnuTLS (error at @wanna_steady_or_not).

Cosmetics:

• syncrepl: cleanup rebus-like error codes.
• slapd: rename reopenldap's modes.
• slapd: debug-locking for backtrace.
• slapd, libreldap: closing conn/fd debug.

Other:

• slapd: rework dynamic modules.
• libreldap: rework 'deprecated' interfaces.
• libreldap: rename to lber_strerror().
• libreldap: refine memory.c, drop littery LDAP_MEMORY_ASSERT.
• reopenldap: remove obsolete EBCDIC support.
• reopenldap: autotools bootstrap.
• reopenldap: ban the compilers older than GCC 4.2 or incompatible with it.
• reopenldap: clarify LDAP_API_FEATURE_X_OPENLDAP_THREAD_SAFE.
• slapd: cleanup Windows support.
• reopenldap: rename libslapi -> libreslapi.
• reopenldap: rename liblmdb -> libmdbx.
• reopenldap: remove obsolete & unsupported parts.
• reopenldap: liblber+libldap -> libreldap (big-bang).
• mdbx: cleanup tools from Windows.
• syncrepl: more LDAP_PROTOCOL_ERROR.
• slapd: remove unusable zn-malloc.
• slapd: refine connection_client_stop() for robustness.
• slapd: adds slap_backtrace_debug_ex(), etc.
• mdbx: clarify ov-pages copying in cursor_put().