v1.1.7 2018-02-23, Red Army Soldier

Briefly:

Added more Russian man-pages (thanks to Egor Levintsa, http://pro-ldap.ru).
The ldap dirs bug fixed. A @variables@ macros were not replaced with actual configured paths (thanks to Dmitrii Zolotov).
Fixed enough other bugs and warnings.

New features and Compatibility breaking:

Public key pinning support (ITS#8753).
Allow to recognize title-case characters even if they do not have lower-case equivalents (ITS#8508).
Legacy ldap_pvt_thread_rmutex removed.
POSIX recursive mutex for libevent (ITS#8638).
New ldap_connect() function (ITS#7532).

Documentation:

man: Docs for reqEntryUUID (ITS#6656).
man: Added Russian man-pages.
contrib-moduled: remove obsolete notes about LDAP_SRC.
man: Note ldap_sasl_bind() can be used to make simple binds via the LDAP_SASL_SIMPLE mechanism (ITS#8121).
man: Index on entryCSN is mandatory note (ITS#5048).
configure: Note about EXTRA_CFLAGS variable.
man: Fix typo with olcTLSCipherSuite (ITS#8715).

Major and Security bugs:

back-ldap: Fix search double-free and/or memory corruption.
overlay-sss: Fix server-side-sort overlay segfault.
build: Fix ldap_dirs.h issue (@variables@ are not replaced with paths on).

Minor bugs:

libmdbx: Fix cursor ops (squashed ITS#8722).
overlay-dds: Fix callbacks (invalid results or bug-check).
slapd-schema: Don't strip pretty-trailing zeros while normalize time.
syncprov: Try other CSNs as pivot if consumer's and provider's sets are the same.
syncrepl: Add SYNC_NEED_RESTART code and handling.
syncrepl: Fix resched-interval.
syncrepl: return LDAP_UNWILLING_TO_PERFORM in case no any CSN's.
libmdbx: Fix regression in 0.9.19 (ITS#8760).
accesslog: Fix CSN queue processing (ITS#8801).
syncprov: Don't replicate checkpoints (ITS#8607).
syncprov: Fixes for delta-syncrepl with empty accesslog (ITS#8100).
slapd: Fix SASL SSF reset (ITS#8796).
libreldap: Fix MozNSS initialization (ITS#8484).
libreldap: Plug memleaks in cancel (ITS#8782).
slapd: Fix telephoneNumberNormalize (ITS#8778).
syncprov: Use cookie and thread_pool_retract() when overlay deleting.
accesslog: Fix recursive locking.
slapd: olcTimeLimit should be Single Value (ITS#8153).
overlay-lastbind: Allow authTimestamp updates to be forwarded via updateref (ITS#7721).
libreldap: Non-blocking TLS is not compatible with MOZNSS (ITS#7428).
slapd: Fix additional compile for /dev/poll support.
slapd: Fix calls to SLAP_DEVPOLL_SOCK_LX for multi-listener support.
slapd: Always remove listener descriptors from daemon on shutdown.
slapd: Avoid listener thread startup race (ITS#8725).
libreldap: Plug ber leaks (ITS#8727).
backend-sock: Send out EXTENDED operation message from back-sock (ITS#8714).
backendl-ldap: TLS connection timeout with high latency connections (ITS#8270).
overlay-constraint: Fix comparison between pointer and zero character constant.
backend-mdb: Fix "warning: '%s' directive output may be truncated..."
syncrepl: Fix "syncrepl_process: rid=NNN (-45) Unknown API error".
slapd: Fix 'ptrace: Operation not permitted' from backtrace feature.

Performance:

slapd: isolate tsan-mutexes under #ifdef SANITIZE_THREAD.
syncprov: Don't keep sl_mutex locked when playing the sessionlog (ITS#8486).
accesslog: Fix CSNs for purge logs.
backend-mdb: Optimize restart search txn (ITS#8226).

Build:

libreldap, slapd, contrib-modules: Fix RELDAP_TLS/RELDAP_TLS_FALLBACK.
libreldap: Fix uninit warning for GNUTLS.
libreldap: Fix compilation with older versions of OpenSSL (ITS#8753, ITS#8774).
libreldap: Fix HAVE_OPENSSL_CRL and HAVE_GNUTLS usage.
libreldap: Move base64 decoding to separate file (ITS#8753).
reopenldap: Refine reopenldap's macros definitions.
slapd: Add LDAP_GCCATTR for compat.
configure: Fix EXTRA_CFLAGS substitution magic.
contrib-modules: Refine totp for OpenSSL 1.1.0 compatibility.
slapd: Add crypt_r() support (ITS#8719).
build: Patch libltdl to avoid clang > 3.x warnings.
travis-ci: Allow build in forks
configure: Note about EXTRA_CFLAGS.

Cosmetics:

tests: Update its8800 to be less different from openldap.
tests: Enumerate its-ignore messages.
reopenldap: Sync CHANGES.OpenLDAP.
syncrepl: Refine loging, rename SYNCLOG_LOGBASED (cosmetics).
libmdbx: Sync CHANGES with LMDB.
reopenldap: Remove kqueue from project list (ITS#6300).
reopenldap: Rename MAY_UNUSED/__maybe_unused.
reopenldap: Spelling fixes (ITS#8605).
syncprov: Minor refine loging when the consumer has a newer cookie than the provider (ITS#8527).
contrib: move 'docker' dir into contrib.
reopenldap: HNY!

Other:

tests: Skip its4336 and its4326 regressions for ldap-backend.
slapd-schema: Use slap_csn_verify_full() for CSN validation.
syncprov: Rework contextCSN/si_cookie/maxcsn inside syncprov_op_response().
libutil: Add const to lutil_parsetime().
tests: Ignore its8800 failures due known issue.
tests: Move ignore-note to its number (cosmetics).
tests: Regression test for ITS8800.
tests: Refine its8752.
tests: Enable its4448 for CI.
tests: More DBNOSYNC=YES to speedup.
tests: Add timeout and inter-pause parametrs for wait_syncrepl.
libreldap: Refine ldap_now_steady_ns().
slapd: Simplify csn's queue internals.
tests: Ignore its8444 failures while buzz-testing.
tests: Fix use-after-free in slapd_bind.
tests: Fix swapped arguments (ITS#8798).
tests: Do not insert delays on a successful bind (ITS#8798).
tests: Add SASL support to tools (ITS#8798).
tests: Enable retry/delay in slapd-bind (ITS#8798).
tests: Use lrand48() instead of legacy rand().
tests: Unify tools setup (ITS#8798).
tests: Fix description to match the actual issue that was fixed (ITS#8444).
slapd: Add slap_sl_mark() and slap_sl_release().
syncrepl: Add support for relax control to delta-syncrepl (ITS#8037).
libreldap: Allow a raw integer to be decoded from a berval (ITS#8733).
libreldap: Allow extraction of the complete ber element (ITS#8733).
reopenldap: Extend CIRCLEQ macros (ITS#8732).
libreldap: Koging mismatching of SASL-version.
backend-mdb: Temporary hack/workaround for hash collisions (ITS#8678).
libreldap: Call ldap_int_sasl_init() from ldap_int_initialize().
tests: Fix 'warning: comparison between pointer and zero character constant'.
slapd: Check prctl(PR_SET_PTRACER) result while backtracing.
reopenldap: Add Dmitrii Zolotov into AUTHORS.

v1.1.6 2017-08-12

Briefly:

A lot of bug fixing.
Support for musl-libc, fixes related to build and dependencies.
Continuous Integration by Travis-CI and Circle-CI.

New features and Compatibility breaking:

libreldap, mdbx: musl support.
contrib: argon2 password hashing module (ITS#8575).
libreldap: more for LibreSSL and OpenSSL 1.1.0c (ITS#8533, ITS#8353).
overlays: backport - add AutoCA overlay.
mdbx: support glibc < 2.18 for TLS cleanup on thread termination.
libreldap: adds ldif_open_mem() (ITS#8603).
slapd: backport - Add config support for binary values.
libreldap: backport - Add options to use DER format cert+keys directly.
proxy-cache, all: use LDAP_DEBUG_CACHE/Cache.
mdbx: don't ignore data arg in mdb_del() for libfpta.
mdbx: rework mdbx_replace() for libfpta.
mdbx: add mdbx_dbi_open_ex() for libfpta.
mdbx: add mdbx_is_dirty() for libfpta.
mdbx: add MDBX_RESULT_FALSE and MDBX_RESULT_TRUE for libfpta.
mdbx: zero-length key is not an error for MDBX.
mdbx: MDBX_EMULTIVAL errcode for libfpta.
mdbx: allows cursors to be free/reuse explicitly, regardless of transaction wr/ro type.
mdbx: adds mdbx_get_ex() for libfpta.
mdbx: adds mdbx_replace() for libfpta.
mdbx: allows zero-length keys for libfpta.
mdbx: rework MDB_CURRENT handling for libfpta.
mdbx: adds mdbx_cursor_eof() for libfpta.
mdbx: explicit overwrite support for mdbx_put().
mdbx: add 'canary' support for libfpta.
mdbx: 'attributes' support for Nexenta.

Documentation:

man: Fix wording to match examples (ITS#8123).
man-contib: add man-pages for contrib overlays (ITS#8205).
man: Note that non-zero serverID's are required for MMR, and that serverID 0 is specific to single master replication only (ITS#8635).
man: Note that slapo-memberOf should not be used in a replicated environment (ITS#8613).
doc: cleanup tabs in CHANGES.OpenLDAP
doc: backport - Catalog of assigned OID arcs.
man: backport - Fix VV option information (ITS#7177, ITS#6339).
man: Further clarification around replication information (ITS#8253).
Update CONTRIBUTING.md
mdbx: notes about free/reuse cursors.
slapd: refine note for Cyrus-SASL memleak.
contrib: minor Update TOTP README (ITS#8513).
man: backport - Add a manpage for slapo-autogroup (ITS#8569).
man: backport - Grammar and escaping fixes (ITS#8544).
man: backport - Clearly document rootdn requirement for the ppolicy overlay (ITS#8565).
mdbx: rework README.

Major and Security bugs:

mdbx: backport - don't madvise(MADV_REMOVE).
backend-mdb: fix double free on paged search with pagesize 0 (ITS#8655).
reldap: retry gnutls_handshake after GNUTLS_E_AGAIN (ITS#8650).
slapo-sssvlv: Cleanup double-free fix in sssvlv overlay (ITS#8592).
libreldap: fix races around tls_init().
libreldap: use pthread_once() for SASL init (fix Debian Bug #860947).
mdbx: fix snap-state bug (backport).
slapd: fix segfault (ITS#8631)
libreldap: backport - Fixup cacert/cert/key options.
libreldap: fix hipagut for ARM/ARM64 (and other where alignment is required).
overlay-sssvlv: try to fix double-free in server side sort (ITS#8592, ITS#8368).
libreldap: backport - Avoid hiding the error if user specified CA does not load (ITS#8529).
syncrepl: fix refer to freed mem.
slapd: backport - fix sasl SEGV rebind in same session (ITS#8568).
mdbx: CHANGES for glibc bugs #21031 and #21032.

Minor bugs:

mdbx: backport - ITS#8699 more for cursor_del ITS#8622.
slapd: avoid hang/crash the backtrace_sigaction().
reopenldap: avoid deadlock/recursion in debug-output.
syncrepl: LDAP_PROTOCOL_ERROR if entryCSN missing in 'IDCLIP' mode.
mdbx: backport - fix mdbx_set_attr().
mdbx: fix mdbx_txn_straggler() for write-txn (backport from devel).
mdbx: fix crash on twice txn-end (backport from devel).
reldap: check result of ldap_int_initialize in ldap_{get,set}_option (ITS#8648).
slapd: backport - fix LDAP_TAILQ macro, nice bug since 2002 (ITS#8576).
slapd, autoca-overlay: backport - Move privateKey schema into slapd.
slapd: backport - Update accesslog format and syncrepl consumer (ITS#6545).
libreldap: backport - Ensure that the deprecated API is not used when using OpenSSL 1.1 or later (ITS#8353, ITS#8533).
unique-overlay: backport - Allow empty mods (ITS#8266).
libutil, slapd: backport - Separate Avlnode and TAvlnode types (ITS#8625).
libreldap, slapd: backport - Fixes for multiple threadpool queues.
mdbx: backport - ITS#8622 fix xcursor after cursor_del.
slapd: backport - Deal with rDN correctly (ITS#8574).
syncprov: fix possibility of use freed pivot_csn.
mdbx: fix cursor-untrack bug.
slapd: fix memleaks from mask_to_verbstring().
slapd: fix minor config-value_string memleak.
libreldap: fix minor PL_strdup(noforkenvvar) memleak.
slapd: workaround for Cyrus memleak.
backend-mdb: fix cursor leaks (follow libmdbx API changes).
libreldap: backport - Fail ldap_result if handle is already bad (ITS#8585).
mdbx: fix losing a zero-length value of sorted-dups (for libfpta).
slapd: fix slap_tls_get_config().
slapd: fix mr_index_cmp() for match-rules.
ci: fix static/dymanic for backends.
mdbx: fix MDB_CURRENT for MDB_DUPSORT in mdbx_cursor_put() for libfpta.
mdbx: fix LEAF2-pages handling in mdb_cursor_count().
slapd: fix LDAP_OPT_X_TLS_CRLFILE.
slapd: temporary fix for issue#120 (its8444).
syncprov: bypass refresh for refrech-and-persist requests when no local cookies.
syncprov: minor fix rid/sid debug output.
slapd: don't treat an empty cookie string as the protocol violation.
syncrepl: pull cookies before fallback to refresh from delta-mmr.
mdbx: fix xflags inside mdb_cursor_put().
mdbx: fix cursor EOF tricks.
syncrepl: immediately schedule retry for LDAP_SYNC_REFRESH_REQUIRED.
syncprov: LDAP_BUG() in op-responce if op-tag missing.
accesslog: fix missing op-tag.
syncrepl: allow empty sync-cookie for delta-mmr (accesslog).
mdbx: fix mdb_cursor_last (ITS#8557).
mdbx: backport - ITS#8558 fix mdb_load with escaped plaintext.
mdbx: fix cursor_count() for libfpta.
mdbx: mdb_chk - don't close dbi-handles, set_maxdbs() instead.
mdbx: fix MDB_GET_CURRENT for dupsort's subcursor.

Performance:

mdbx: unlikely for DB_STALE.
mdbx: check __OPTIMIZE__ for __hot/__cold/__flatten.

Build:

configure: fix subst for VALGRIND_SUPPRESSIONS_FILES.
configure: add '--enable-ci' option for Continuous Integration.
bootstrap: add patch for old ltmain.sh versions.
configure: check for pkg_config.
configure: use CPPFLAGS while check headers.
configure: use OPENSSL_CFLAGS and GNUTLS_CFLAG while check headers.
build: add workaround for libtool -no-suppress.
build: add common.mk (placeholder for now).
build: add support for EXTRA_CFLAGS.
slapd: fix gcc -Ofast warnings.
build: check libsodium >= 1.0.9 for argon2.
dist: use expr instead of bc.
reopenldap: update automake's stuff for libmdbx changes.
contrib: -Wno-address for nssov.
slapd: checks and HAVE_ENOUGH4BACKTRACE for backtrace feature (compatibility).
configure: add missing ldap_dir.h.in (oops).
configure: libuuid by pkg-config.
reopenldap: initial for cross-compilation.
mdbx: adds -ffunction-sections for CFLAGS.
mdbx: enable C99.

Cosmetics:

configure: fix message alignment (cosmetics).
reopenldap: update links after move the repo.
mdbx: update links after move the repo.
ci: add Travis-CI status to README.md
reopenldap: add TODO.md
libreldap: backport - Fix minor typo (ITS#8643).
back-monitor: fix monitoredInfo.
reopenldap: fix 'emtpy' typos (ITS#8587).
syncprov: refine 'syncprov-sessionlog' config.
syncprov: minor renames (cosmetics).
syncprov: refine add_slog (cosmetics).
slapd: refine SlapdVersionStr.
mdbx: remote extra LNs (cosmetics).
mdbx: mdb_chk - cosmetics (no extra \n).

Other:

libreldap: rename ber_error_print() to ber_debug_print().
reopenldap: rename ldap-time functions.
libreldap: drop -ber_pvt_log_output().
reopenldap: rework ldap-time functions.
slapd: refine daemon event loop (still historically madness).
reldap: add ldap_debug_flush(), refine debug-locking.
syncrepl: clarity debug error-string.
ci: add SLAPD_TESTING_DIR and SLAPD_TESTING_TIMEOUT.
slapd: add slap_setup_ci() with engaged by '--enable-ci'.
test: add regression test for ITS#8667.
libreldap: move ldap_init_fd() definition to ldap.h
slapo-valsort: fix 'unused result' warnings around strtol().
slapd: log 'active_threads' on TRACE-level from daemon.
autoca-overlay: tweaks length of keys.
autoca-overlay: backport - Tweaks for OpenSSL 1.1 API deprecations.
libreldap: add MAY_UNUSED to avoid warnings from Clang.
libreldap: remove needless conds.
test: add temporary workaround for issue#121.
test: add dbnosync flag for its4448.
slapd: backport - Tweak privateKeyValidate for PKCS#8.
libreldap: backport - Add GnuTLS support for direct DER config of cacert/cert/key.
autoca-overlay: squashed fixups.
libreldap: backport - Add ldap_pvt_thread_pool_queues decl.
slapd: backport - Fixup for binary config attrs.
slapd: minor fixup pause handling in config-backend.
slapd: backport - Support setting cacert/cert/key directly in cn=config entry.
libreldap: fix debug-log warning.
mdbx: don't close/lost DBI-handles on ro-txn renew/reset.
mdbx: don't close DBI-handles from R/O txn_abort().
slapd: use ARG_BAD_CONF for config().
backend-mdb: use ARG_BAD_CONF for config().
mdbx: more for robustness free/reuse of cursors.
mdbx: minor simplify mdb_del0().
mdbx: use MDB_SET_KEY inside mdbx_replace() for libfpta.
mdbx: fix MDB_CURRENT for mdb_cursor_put() with MDB_DUPSORT.
mdbx: refine mdbx_cursor_eof().
mdbx: backport - Tweak cursor_next C_EOF check.
mdbx: rework TLS cleanup on thread termination.
mdbx: assert_fail() when INDXSIZE(key) > nodemax.

v1.1.5 2016-12-30

Briefly:

Set of fixes for MDBX and mdb-backend.
Several fixes related to testing.
Few fixes related to build and dependencies.

New features and Compatibility breaking:

ci: scripts from ps/build branch.
configure: adds check-news option.
build: add its-regressions to make test target.

Documentation:

mdbx: set of LMDB-0.9.19 updates (doxygen and comments).
man: interval keyword info (ITS#8538).

Major and Security bugs: none

Minor bugs:

mdbx: more for cursor tracking after deletion (ITS#8406).
mdbx: mdb_env_copyfd2(): Don't abort on SIGPIPE (ITS#8504).
mdbx: fix ov-pages copying in cursor_put().
mdbx: catch mdb_cursor_sibling() error (ITS#7377).
mdbx: mdb_dbi_open(): Protect mainDB cursors (ITS#8542).
backend-mdb: fix mdb_indexer() segfault after cursor closing.
backend-mdb: refine mdb_tool_xxx() cursor closing.
backend-mdb: fix mdb_idl_fetch_key() segfault after cursor closing.
backend-mdb: fix mdb_online_index() cursor leak.
backend-mdb: simplify mdb_attr_index_config() AttrInfo init.
backend-mdb: fix mdb_add() cursor leak.
backend-mdb: fix cursor leak.

Performance: none

Build:

configure: checking for libperl.
reopenldap: fix unused warnings for --disable-debug.
build: add its-regressions to make test target.
reopenldap: fix GCC 6.x warnings (misleading indentation).
tests: refine ITS's regression tests.
build: fix automake xxx_DEPENDENCIES.
ci: scripts from ps/build branch.
configure: adds check-news option.

Cosmetics:

tests: uses tput for change output color/contrast.
reopenldap: changelog note for ITS#8525.
reopenldap: fix typos in NEWS/ChangeLog.
mdbx: fix typo.

Other:

backend-mdb: Fix its6794 test.
tests: refine running its-cases.
tests: Specifically test for error 32 on the consumer.
mdbx: Pass cursor to mdb_page_get(), mdb_node_read().
mdbx: Cleanup: Add flag DB_DUPDATA, drop DB_DIRTY hack.
tests: fix its8521 config data.
slapd: fix build legacy backends after str2entry() changes.
tests: fix regression test for its8521.
slapd: return error from str2entry().
backend-mdb: mdb_tool_terminate_txn().
tests: split-put run_testset().
tests: testcase for ITS#8521 regression.
mdbx: minor simplify mc_signature.
mdbx: factor out refreshing sub-page pointers.
tests: Fix regression test for ITS#4337 (ITS#8535).
tests: Fix regression test to correctly load back-ldap if it is built as a module (ITS#8534).

v1.1.4 2016-11-30

Briefly:

Return to the original OpenLDAP Foundation license.
More fixed for OpenSSL 1.1, LibreSSL 2.5 and Mozilla NSS.
Minor fixes for configure/build and so forth.

New features and Compatibility breaking:

reopenldap: support for OpenSSL-1.1.x and LibreSSL-2.5.x (#115, #116).
contrib: added mr_passthru module.
configure --with-buildid=SUFFIX.
return to the original OpenLDAP Foundation license.
moznss: support for <nspr4/nspr.h> and <nss3/nss.h>

Documentation:

man: fix typo (ITS#8185).

Major and Security bugs: none

Minor bugs:

mdbx: avoid large '.data' section in mdbx_chk.
mdbx: fix cursor tracking after mdb_cursor_del (ITS#8406).
reopenldap: fix LDAPI_SOCK, adds LDAP_VARDIR.
mdbx: use O_CLOEXEC/FD_CLOEXEC for me_fd,env_copy as well (ITS#8505).
mdbx: reset cursor EOF flag in cursor_set (ITS#8489).
slapd: return error on invalid syntax filter-present (#108).

Performance: none

Build:

ppolicy: fix libltdl's includes for ppolicy overlay.
libltdl: move build/libltdl to the start of SUBDURS.
mdbx: don't enable tracing for MDBX by --enable-debug.
reopenldap: fix missing space in bootstrap.sh

Cosmetics:

slapd: adds RELEASE_DATE/STAMP to slapd -V output.
mdbx: clarify fork's caveat (ITS#8505).

Other:

cleanup/refine AUTHORS file.

v1.1.3, 2016-08-30

Briefly:

Imported all relevant patches from RedHat, ALT Linux and Debian/Ubuntu.
More fixes especially for TLS and Mozilla NSS.
Checked with PVS-Studio static analyser (first 10 defects were shown and fixed). Checking with Coverity static analyser also was started, but unfortunately it is a lot of false-positives (pending fixing).

New features and Compatibility breaking:

configure --with-gssapi=auto/yes/no.
slapi: use /var/log/slapi-errors instead of /var/errors.
slapd: move the ldapi socket to /var/run/slapd from /var/run.
reopenldap LICENSE note.
configure --enable-debug=extra.
libreldap: NTLM bind support.
contrib: added check_password module.
contrib: allow build smbk5pwd without heimdal-kerberos.
libreldap: Disables opening of ldaprc file in current directory (RHEL#38402).
libreldap: Support TLSv1.3 and later.

Documentation:

man: added page for contrib/smbk5pwd.
man: note for ldap.conf that on Debian is linked against GnuTLS.
doc: added preamble to devel/README.
man: remove refer to <ldap_log.h>
man: note olcAuthzRegex needs restart (ITS6035).
doc: fixed readme's module-names for contrib (.so -> .la)
mdbx: comment MDB_page, rename mp_ksize.
mdbx: VALID_FLAGS, mm_last_pg, mt_loose_count.
man: fixed SASL_NOCANON option missing in ldap.conf manual page.

Major and Security bugs:

slapd: fixed #104, check for writers while close the connection.
slapd: fixed #103, stop glue-search on errors.
libreldap: MozNSS fixed CVE-2015-3276 (RHEL#1238322).
libreldap: TLS do not reuse tls_session if hostname check fails (RHEL#852476).
slapd: Switch to lt_dlopenadvise() to get RTLD_GLOBAL set (RHEL#960048, Debian#327585).
libreldap: reentrant gethostby() (RHEL#179730).
libreldap: MozNSS ignore certdb database type prefix when checking existence of the directory (RHEL#857373).

Minor bugs:

slapd: fixed compare pointer with '\0' in syn_add().
slapd: fixed indereferenced pointer in fe_acl_group().
libreldap: fixed overwriting a parameter in tlso_session_errmsg().
slapd: fixed recurring check in register_matching_rule().
syncprov/syncrepl: more for #105, two workarounds.
mdbx: fixed mdb_dump tool and other issues detected by PVS-Studio.
mdbx: fixed assertions when debug enabled for various open/sync modes.
slapd: fixed use-after-free in debug/syslog message on module unloaded.
monitor-backend: fixed cache-release on errors.
slapd: don't create pid-file for config-check mode.
libreldap: "tls_reqcert never" by default for ldap.conf
libreldap: Disables opening of ldaprc file in current directory (RHEL#38402).
libreldap: MozNSS update list of supported cipher suites.
libreldap: MozNSS better file name matching for hashed CA certificate directory (RHEL#852786).
libreldap: MozNSS free PK11 slot (RHEL#929357).
libreldap: MozNSS load certificates from certdb, fallback to PEM (RHEL#857455).
slapd: fixed loglevel2bvarray() for config-backend.
libreldap: LDAPI SASL fix (RHEL#960222).
libreldap: use AI_ADDRCONFIG if defined in the environment (RHEL#835013).
libreldap: fixed false-positive ASAN-trap when Valgrind also enabled.

Performance:

libreldap: remove resolv-mutex around getnameinfo() and getnameinfo() (Debian#340601).
slapd: fixed major typo in rurw_r_unlock() which could cause performance degradation.

Build:

configure: added --with-gssapi=auto/yes/no.
mdbx: fixed CC and XCFLAGS in 'ci' make-target rules.
mdbx: fixed 'clean' make-target typo.
mdbx: fixed Makefile deps from mdbx.c
tests: fixed lt-exe-name for coredump collection.
backend-mdb: enable debug for libmdbx if --enable-debug.
mdbx: make ci-target without NDEBUG and with MDB_DEBUG=2.
mdbx: allow CC=xyz for ci-target rules.
configure: fixed cases when corresponding to --with-tls=xyz package not available.
configure: take in account --enable-lmpasswd for TLS choice.
configure: workaround for --enable-lmpasswd with GnuTLS (ITS#6232).
liblutils: fixed build with --enable-lmpasswd.
libreldap: fixed warnings when Mozilla NSS used.
configure: rework TLS detection (Mozilla NSS, GnuTLS, OpenSSL).
libreldap: fixed build --with-tls=gnutls.
contrib: don't build passwd/totp, passwd/pbkdf2 and smbk5pwd with --with-tls=moznss.
automake: install lber_types.h and ldap_features.h
automake: fixed $(DESTDIR) for install/uninstall hooks.
automake: fixed ldapadd tool uninstall.
configure: Check whether ucred is defined without _GNU_SOURCE.
slapd: don't link with BerkeleyDB, but bdb/hdb backends only.
configure: checking for krb5-gssapi for contrib-gssacl.
configure: Use pkg-config for Mozilla NSS library detection.
libreldap: fixed build in case --with-tls=moznss.

Cosmetics:

slapindex: print a warning if it's run as root.
fixed printf format in mdb-backend and liblunicode.
fixed minor typo in print_vlv() for ldif-output.
mdbx: minor fix mdb_page_list() message
fixed 'experimantal' typo ;)
slap-tools: fixed set debug-level.

Other:

reopenldap AUTHORS and CONTRIBUTION.
reopenldap: fix copyright timestamps.
libreldap: fixed deprecated ldap_search_s() in case --with-gssapi=yes.
libreldap, slapd: don't second-guess SASL ABI (Debian#546885).
slapd: added LDAP_SYSCONFDIR/sasl2 to the SASL configuration search path.
backend-bdb: don't second-guess BDB ABI (Debian#651333).
libreldap: added /etc/ssl/certs/ca-certificates.crt for ldap.conf
reopenldap: added Coverity scan build status.
mdbx: fix usage of attribute((format(gnu_printf, ...)) for clang.
backend-mdb: turn MDBX's debugging depending on --enable-debug=xyz.
reopenldap: use LDAP_DEBUG instead of !NDEBUG.
reopenldap: remove obsolete OLD_DEBUG.
tests: more for #92 (mtread).
tests: added biglock to test048-syncrepl-multiproxy.
slapd: refine biglock for passwd_extop().
tests: fixed #105, adds biglock to test054-syncrepl-parallel-load.
libreldap: more worarounds for #104.
slapd: show 'glue' like a static overlay.
mdbx: fixed copyright timestamps.
mdbx: check assertions depending on NDEBUG.
contrib/check_password: fixed default values usage.
tests: support RANDOM_ORDER for load balancing.
libreldap: TLS fixed unused warnings.
slapd: backtrace for CLM-166490.
tests: use Valgrind from configure.

v1.1.2, 2016-07-30

Briefly:

Fixed few build bugs which were introduced by previous changes.
Fixed the one replication related bug which was introduced in ReOpenLDAP-1.0 So there is no even a rare related to replication test failures.
Added a set of configure options.

New:

configure --enable-contrib for build contributes modules and plugins.
configure --enable-experimental for experimental and developing features.
'configure --enable-valgrind' for testing with Valgrind Memory Debugger.
configure --enable-check --enable-hipagut for builtin runtime checking.
Now '--enable-debug' and '--enable-syslog' are completely independent of each other.

Documentation:

man: minor cleanup 'deprecated' libreldap functions.

Major bugs:

syncprov: fixed find-csn error handling.

Minor bugs:

slapd: accept module/plugin name with hyphen.
syncprov: fixed RS_ASSERT failure inside mdb-search.
slapd: result-asserts (RS_ASSERT) now controlled by mode 'check/idkfa'.
pcache: fixed RS_ASSERT failure.
mdbx: backport - ITS#8209 fixed MDB_CP_COMPACT.

Performance: none

Build:

slapd: fixed old gcc's double typedef error.
slapd: fixed bdb/hdb backends build distinction.
contrib: fixed out-of-source build.
configure: build contrib-modiles conditionaly if 'heimdal' package not available.
slapd: fixed warning with --enable-experimental.
pcache: fixed build with --enable-experimental.
slapd: fixed dynamic module support.
configure: refine libtool patch for LTO.
build: fixup banner-versioning for tools and libs.
slapd: fixed build with --enable-wrappers.
all: fixup 'unused' vars, in case assert-checking disabled.
build: silencing make by default.
build: mbdx-tools within mdb-backend.

Cosmetics: none

Other:

libreldap, slapd: add and use ldap_debug_perror().
slapd: support ARM and MIPS for backtrace.
mdbx: backport - Refactor mdb_page_get().
mdbx: backport - Fix MDB_INTEGERKEY doc of integer types.
all: rework debug & logging.
slapd: LDAP_EXPERIMENTAL instead of LDAP_DEVEL.
slapd, libreldap: drop LDAP_TEST, introduce LDAP_CHECK.
slapd, libreldap: always checking if LDAP_CHECK > 2.
reopenldap: little bit cleanup of EBCDIC.

v1.1.1, 2016-07-12

Briefly:

Few replication (syncprov) bugs are fixed.
Additions to russian man-pages were translated to english.
A lot of segfault and minor bugs were fixed.
Done a lot of work on the transition to actual versions of autoconf and automake.

New:

reopenldap: use automake-1.15 and autoconf-2.69.
slapd: upgradable recursive read/write lock.
slapd: rurw-locking for config-backend.

Documentation:

doc: english man-page for 'syncprov-showstatus none/running/all'.
doc: syncrepl's 'requirecheckpresent' option.
man: note about 'ServerID 0' in multi-master mode.
man: man-pages for global 'keepalive idle:probes:interval' option.

Major bugs:

slapd: rurw-locking for config-backend.
syncprov: fixed syncprov_findbase() race with backover's hacks.
syncprov: bypass 'dead' items in syncprov_playback_locked().
syncprov: fixed syncprov_playback_locked() segfault.
syncprov: fixed syncprov_matchops() race with backover's hacks.
syncprov: fixed rare syncprov_unlink_syncop() deadlock with abandon.
slapd: fixed deadlock in connections_shutdown().
overlays: fixed a lot of segfaults (callback initialization).

Minor bugs:

install: hotfix slaptools install, sbin instead of libexec.
contrib-modules: hotfix - remove obsolete ad-hoc of copy register_at().
syncrepl: backport - ITS#8432 fix infinite looping mods in delta-mmr.
reopenldap: hotfix 'derived from' copy-paste error.
mdbx: backport - mdb_env_setup_locks() Plug mutexattr leak on error.
mdbx: backport - ITS#8339 Solaris 10/11 robust mutex fixes.
libreldap: fixed PR_GetUniqueIdentity() for ReOpenLDAP.
liblber: don't trap ber_memcpy_safe() when dst == src.
syncprov: kicks the connection from syncprov_unlink_syncop().
slapd: reschedule from connection_closing().
slapd: connections_socket_troube() and EPOLLERR|EPOLLHUP.
slapd: 2-stage for connection_abandon().
syncprov: rework cancellation path in syncprov_matchops().
syncprov: fixed invalid status ContextCSN.
slapd: fixed handling idle/write timeouts.
accesslog: backport - ITS#8423 check for pause in accesslog_purge.
mdbx: backport - ITS#8424 init cursor in mdb_env_cwalk.

Performance: none

Build:

contrib-modules: fixed build, contrib-mod.mk
configure: fixed 'pointers aliasing' for libltdl.
configure: check for libbfd and libelf for backtrace.
configure: check for 'soelim' and 'soelim -r'.
configure: build librewrite only if rwm-overlay or meta-backed is enabled.
configure: PERL_LDFLAGS and PERL_RDIR (rpath) for perl-backend.
configure: NDB_LDFLAGS and NDB_RDIR (rpath) for ndb-backend.
reopenldap: fixed build parts by C++ (back-ndb).
mdbx: fixed build by clang (missing-field-initializers).
slapd: fixed build ASAN + dynamic + visibility=hidden.
libreldap: fixed 'msgid' may be used uninitialized in ldap_modify_*().
configure: error if libuuid is missing.
libreldap: fixed build by clang.
shell-backends: fixed passwd-shell tool building.
contrib/acl: checking for --enable-dynacl.
slapd: fixed keepalive-related typo in slap_listener().
libldap: fixed typo ';' in ldap_pvt_tcpkeepalive().
libldap: fixed build with GnuTLS (error at @wanna_steady_or_not).

Cosmetics:

syncrepl: cleanup rebus-like error codes.
slapd: rename reopenldap's modes.
slapd: debug-locking for backtrace.
slapd, libreldap: closing conn/fd debug.

Other:

slapd: rework dynamic modules.
libreldap: rework 'deprecated' interfaces.
libreldap: rename to lber_strerror().
libreldap: refine memory.c, drop littery LDAP_MEMORY_ASSERT.
reopenldap: remove obsolete EBCDIC support.
reopenldap: autotools bootstrap.
reopenldap: ban the compilers older than GCC 4.2 or incompatible with it.
reopenldap: clarify LDAP_API_FEATURE_X_OPENLDAP_THREAD_SAFE.
slapd: cleanup Windows support.
reopenldap: rename libslapi -> libreslapi.
reopenldap: rename liblmdb -> libmdbx.
reopenldap: remove obsolete & unsupported parts.
reopenldap: liblber+libldap -> libreldap (big-bang).
mdbx: cleanup tools from Windows.
syncrepl: more LDAP_PROTOCOL_ERROR.
slapd: remove unusable zn-malloc.
slapd: refine connection_client_stop() for robustness.
slapd: adds slap_backtrace_debug_ex(), etc.
mdbx: clarify ov-pages copying in cursor_put().

ReOpenLDAP-1.0, 2016-05-09

Briefly:

The first stable release ReOpenLDAP on Great Victory Day!
Fixed huge number of bugs. Made large number of improvements.
On-line replication works robustly in the mode multi-master.

Currently ReOpenLDAP operates in telco industry throughout Russia:

few 2x2 multi-master clusters with online replication.
up to ~100 millions records, up to ~100 Gb data.
up to ~10K updates per second, up to ~25K searches.

Seems no anyone other LDAP-server that could provide this (replication fails, not reaches required performance, or just crashes).

New:

slapd: 'keepalive' config option.
slapd: adds biglock's latency tracer (-DSLAPD_BIGLOCK_TRACELATENCY=deep).
mdbx: lifo-reclaimig for weak-to-steady conversion.
contrib: backport - ITS#6826 conversion scripts.
mdbx: simple ioarena-based benchmark.
syncrepl: 'require-present' config option.
syncprov: 'syncprov-showstatus' config option.

Documentation:

man-ru: 'syncprov-showstatus none/running/all' feature.
man: libreldap ITS#7506 Properly support DHParamFile (backport).

Major bugs:

syncrepl: fix RETARD_ALTER when no-cookie but incomming entryCSN is newer.
mdbx: backport - ITS#8412 fix NEXT_DUP after cursor_del.
mdbx: backport - ITS#8406 fix xcursors after cursor_del.
backend-mdb: fix 'forgotten txn' bug.
syncprov: fix error handling when syncprov_findcsn() fails.
syncprov: fix rare segfault in search_cleanup().
backend-bdb/hdb: fix cache segfault.
syncprov: fix possibility of loss changes.
syncprov: fix error handling in find-max/csn/present.
syncprov: fix 'missing present-list' bug.
syncprov: avoid lock-order-reversal/deadlock (search under si-ops mutex).
slapd: fix segfault in connection_write().
mdbx: backport - ITS#8363 Fix off-by-one in mdb_midl_shrink().
mdbx: backport - ITS#8355 fix subcursors.
syncprov: avoid deadlock with biglock and/or threadpool pausing.

Minor bugs:

syncrepl: refine status-nofify for dead/dirty cases.
syncrepl: more o_dont_replicate for syncprov's mock status.
syncrepl: don't notify QS_DIRTY before obtain connection.
syncprov: refine matchops() for search-cleanup case.
slapd: fix valgrind-checks for sl-malloc.
liblber: fix hipagut support for realloc.
backend-ldap: fix/remove gentle-kick.
mdbx: workaround for pthread_setspecific's memleak.
mdbx: clarify mdbx_oomkick() for LMDB-mode.
syncrepl: backport - ITS#8413 don't use str2filter on precomputable filters.
mdbx: always copy the rest of page (MDB_RESERVE case).
mdbx: fix nasty/stupid mistake in cmp-functions.
mdbx: backport - ITS#8393 fix MDB_GET_BOTH on non-dup record.
slapd: request thread-pool pause only for SLAP_SERVER_MODE.
slapd: fix backover bug (since 532929a0776d47753377461dcf89ff38aba61779).
syncrepl: enforce csn/cookie while recovering lost-delete(s).
syncrepl: fix 'quorum' for mad configurations.
backend-mdb: fix mdb_opinfo_get() error handling.
syncrepl: fix 'limit-concurrent-refresh' feature.
slapd: ignore EBADF in epoll_ctl(DEL).
syncprov: fix rare assert-failure on race with abandon.
mdbx: fix mdb_kill_page() for MDB_PAGEPERTURB.
libldap: backport - ITS#8385 Fix use-after-free with GnuTLS.
syncprov: fix minor op-memleak.
syncrepl: don't skipping retarded DELETE-notification with UUID.
syncrepl: don't replicate glue-ancestors, but not an entry.
syncrepl: del_nonpresent() - filtering glue entries as usual.
syncrepl: consider notifications with the same CSN as an 'echo'.
syncrepl: checking for present-list before delete-nonpresent.
syncrepl: accepts extra refresh-present in multi-master.
syncprov: send cookie even if entryCSN available.
syncprov: oversight refresh-present for multi-master.
syncprov: fix persistent-search - rework cleanup and release.
syncprov: don't skips sending DELETE-notify to the originator.
syncprov: don't filter refresh-resp just by originator.
slapd: stop scan on self-committed in slap_get_commit_csn().
syncrepl: enumerates operations to distinguish from each other.
backend-mdb: fix mistake backport ITS#8226.
syncrepl: fix & rework compare_cookies().
syncrepl: fix pre-condition for delete-nonpresent.
mdbx: mdbx_chk - empty freedb record isn't an error.
backend-mdb: fix infinite loop in callback removal.
mdbx: fix percent in mdbx_txn_straggler().
slapd: fix and make optional ordering of pending-csn queue.
mdbx: fix madvise() flags, it is not a bitmask.
mdbx: cleanup inherited errno's bug.
syncrepl: accept empty incoming cookies if iddqd/idclip is off.
syncprov: don't skip 1900-sub csn in SS_CHANGED case.
syncprov: backport - ITS#8365 partially revert ITS#8281.
backend-mdb: more to avoid races on mi_numads.
backend-mdb: backport - ITS#8360 fix ad info after failed txn.
backend-mdb: backport - ITS#8226 limit size of read txns in searches.
slapd: cleanup bullshit around op->o_csn.
syncprov: wake waiting mod-ops when handle loop-pause.
syncprov: don't block mod-ops by waiting fetch-ops when pool-pause pending.
accesslog: backport - ITS#8351 fix callback init.
syncprov: mutual fetch/modify - wakes opposite if waiting was broken.
syncrepl: fix race on cookieState->cs_ref.

Performance:

mdbx: more likely/unlikely for mdb_node_add.
slapd: remove crutch-locks from config-backend.
mdbx: don't memcpy when src eq dest.
backend-mdb: logs begin/end of OOM, but not an iteration.
mdbx: refine find_oldest() and oom_kick().
mdbx: refine/speedup mdb_cmp_memn().
mdbx: MADV_REMOVE for unallocated space.
mdbx: extra backlog's page for MDB_LIFORECLAIM.
mdbx: rework backlog for freeDB deletion.
mdbx: refine mdb_env_sync0().
mdbx: refine mdbx_cmp2int().
mdbx: backport - mdb_drop optimization.
slapd: remove unused scoped-locks.
syncrepl: non-modal del_nonpresent().
syncprov: less locking for mock ContextCSN.
syncrepl: less debug/logging.
slapd: less debug/logging for biglock.
mdbx: more __inline/__hot.
backend-mdb: less debug/logging for dreamcatcher.
mdbx: refine mdb_meta_head_r().
mdbx: refine mdb_env_sync().
syncrepl: simplify biglock usage in msg-loop.
slapd: kill bconfig's crutch mutex.
syncrepl: minor speedup check_for_retard().
mdbx: msync only used part instead of entire db.

Build:

backend-mdb: ability to use old/origin liblmdb.
libldap: ITS#8353 more for OpenSSL 1.1.x compat.
libldap: ITS#8353 partial fixes (openssl 1.1.x).

Cosmetics:

mdbx: reporting 'Unallocated' instead of 'Free pages'.
mdbx: reporting 'detaited' instead of 'reading'.

Other:

mdbx: be a bit more precise that mdb_get retrieves data (ITS#8386).
mdbx: adds MDBX_ALLOC_KICK for freelist backlog.
check MDB_RESERVE against MDB_DUPSORT.
syncrepl: dead/dirty/refresh/process/ready for quorum-status.
syncrepl: idclip-resync when present-list leftover after del_nonpresent().
syncrepl: fix missing strict-refresh in config-unparse.
syncprov: tracking for refresh-stage of sync-psearches.
syncprov: jammed & robust sync.
mdbx: adds MDB_PAGEPERTURB.

Files

NEWS.md

Latest commit

History

NEWS.md

File metadata and controls

v1.1.7 2018-02-23, Red Army Soldier

Briefly:

New features and Compatibility breaking:

Documentation:

Major and Security bugs:

Minor bugs:

Performance:

Build:

Cosmetics:

Other:

v1.1.6 2017-08-12

Briefly:

New features and Compatibility breaking:

Documentation:

Major and Security bugs:

Minor bugs:

Performance:

Build:

Cosmetics:

Other:

v1.1.5 2016-12-30

Briefly:

New features and Compatibility breaking:

Documentation:

Major and Security bugs: none

Minor bugs:

Performance: none

Build:

Cosmetics:

Other:

v1.1.4 2016-11-30

Briefly:

New features and Compatibility breaking:

Documentation:

Major and Security bugs: none

Minor bugs:

Performance: none

Build:

Cosmetics:

Other:

v1.1.3, 2016-08-30

Briefly:

New features and Compatibility breaking:

Documentation:

Major and Security bugs:

Minor bugs:

Performance:

Build:

Cosmetics:

Other:

v1.1.2, 2016-07-30

Briefly:

New:

Documentation:

Major bugs:

Minor bugs:

Performance: none

Build:

Cosmetics: none

Other:

v1.1.1, 2016-07-12

Briefly:

New:

Documentation:

Major bugs:

Minor bugs:

Performance: none

Build:

Cosmetics:

Other:

ReOpenLDAP-1.0, 2016-05-09

Briefly:

Currently ReOpenLDAP operates in telco industry throughout Russia:

New: