openldap2-back-sql-2.4.46-150200.14.11.2<>,bʯp9|Odz;Tfyr\*?{ pC܊He=}NB;2fē&I+NWP-3GN-SmS@VOV&rB4Uq< o&/>%>|?|d + A>H ^CC >C C C C CCC.XCd   (8 @9 @:@FlGl(CHm4CIn@CXnYn\nC]oC^s bvcvdwFewKfwNlwPuwdCvxp wyCxzCy|z| |0|4|:||Copenldap2-back-sql2.4.46150200.14.11.2OpenLDAP SQL Back-EndThe primary purpose of this OpenLDAP backend is to present information stored in a Relational (SQL) Database as an LDAP subtree without the need to do any programming.bʯibs-power9-10 SUSE Linux Enterprise 15SUSE LLC OLDAP-2.8https://www.suse.com/Productivity/Networking/LDAP/Servershttp://www.openldap.orglinuxppc64le( nemm&@#B!qn` -pw0ZIU0G!mS`mD%qA큤A큤A큤A큤A큤A큤A큤A큤A큤큤bebʡbebebʬZ[Z[Z[Z[Z[Z[Z[Z[Z[Z[Z[Z[Z[Z[Z[Z[Z[Z[Z[Z[Z[Z[Z[Z[Z[Z[Z[Z[Z[Z[Z[Z[Z[Z[Z[Z[Z[Z[Z[Z[Z[Z[Z[Z[Z[Z[Z[Z[Z[Z[Z[Z[Z[Z[Z[Z[Z[Z[Z[Z[Z[bʖe55c358a34cf9a450a09230f2a3606d635ed41249e9495be0f6aa6fe161971c7341ab2ba2a3a6e15c8fe0e11ae92252616a7ce54a9fbd707e8268269823044aac83dc244825269e391855595f09bd30a5d87d930a6b33428a7399ae8676b4a7b69599f2e3e46e386207d289ae3968febddeb73d0ebb222c39be4df0dd37fb652120d714e89ca5f2a0fb2011be6d215b33dd74633f22f8d760e2fdc03261efec6c15eec03a5c3e3223eeba22e096f1ed5532c55f21cdc42c11a0be2348c5a8f51a7da928a027c430875ed2acd9b26b2fb02eb3e7978aaa81631856a66163740734641165486ff26910aebc92c0386065eb4f3ac0c0aed1e3617f8086c943acb3607186033919fbf3f707942a037a6be78267a45762d353789282407c24c29380e110723edc618b7f43b7daa8ab6659239a1cd23634f0cc9cedb107d2aea7461c814fc0189df0a4e0a618edb3f77bd32068a9d3eb2ca4bd7c42ce10e22c7e426cd5131989c539225510e33c7d229e06ef19725b37e99388bc28414f7e0ff94a4d81441c8d0bf25896fa74069648416d8af0d87da855135b07e89afab0c326c6dd93413cf74ec0aadd207d1119399b2dcb20a7b3e869dda978b023a45331be9abf4df960d8ad464bb90a87ab2331d38100e99f5ba902a0c7b7585c861983836a862d44987078542763b5e477999adb5444ff77923a78e5873a6a163ea12950bfdac408d5d128264cd7e450344e5d56b76ccbbf74fa9868807e9ebe38cede7101fed4a27c9369e1bc495cf6783b445031e36a0f381874e8ba380582d44086cb17d8367f3d27c295ef1c5a31d0d78c970aa5663d00d5eaffe4c3760c943f818f081d44f90922bed269f48ac66e9805312c99e0a5a6d73a51b58b413700ed7fd1d913789a44abc4d59d8c1fc7ddf56f766d2aaf048d829964bc3c79ee731287d2eb7d9a929da2daac5d154c768ee4e175e365eaad25b5e8f87e377c41e54b47c5a8520f5b0a3ba47ec115715d517925d151c3d8d58706b62c355fa57495a20d98ded53e40b2c76b7bcd22f9029db89bef5856777f600da507738c22adfd65bdc3f3918fe239ff9d1a69a0a0b46f4f08a7d7fdcefabbddb8322a01a5e87fce43a60f0f43a4d449deb182364abb7f04421785a89149f4dcdac319d11f6073ea2df53c8e76ccb55422720542367e80472c1c44fcc0b2622aef4e7a08bc4b57e3b46f4605359c0fdebc8392531ff631c1f91885105cb44941ed95c20a2784b22a3ae0b96357941ac74546298a443153ef619ec8d9aed527d1cd52c6e5fadf8be79a1771ee18d088136526201a17c2e116b8cae94cedc895fbac4b17f3588a2fd486337d2b015cf2430987848717040a3c7391a194d7e551d0d10b47bd4d77b406db5e4a0e2bdbf88928954065912bcbdb7b5e6160e80fba73dac406e99b679ab7aa26a7073037428938edc91e94f8f8f1567e42947fbe5f2469100b5ae7a24d1be2513ec66b91c308e3d16bddc1b96097ab209c6cdac64a9df7851b4b8a5ab0d4a1665c5dcc6c9d254efbd3a3a8bba4f4be0337401dd27d887f64d0e5664448f1a6dd9bd066f746461a49cb7b966e43b0ab10a163fe6464cd3d78f002021f7220ca5960c59792e938b367087a3f83682f8fffc4a6d4d13ece4eba24bcc7d6e8acf1eaa9a472e047e3949d6471376c52a11f1a25a3dc706ed532bba96195d41d774d29567ab24e2868805c104d7cb2bbcb701aed6fcdf9752ce1095dd5c1c7aa8d87a72d2b74cfb89d19a1e6c9561183914d96968b29e8e73838de09e2f7f2d1cb19ef9b54fc864d31bb42220ba7654ce133ce79139d80effbed05a66e146917a040d5d7ca8efafc3ada4dabfd111d61daca3215625666ac65f12ae7f453db8b19a493489a42361cf7a66de52087ed6023fbdedf908d187f85dc241d3fe0e419dc167d8f165345b52d183dcdd6ccee6efd28af55d579e1df57bbe235b6e853171a92b28ebac84f0a9a5fc720b98390b6534bc128c1d64be7a36a951aae34fc616ebcbbd3b9c265a1535c526c70bc346e6266b68ffb9ec5848b7161043172374a242997df9483546b6059c61b41050500e38e0fc182437be0f07331f6b7eec4e8e3f56839b6d110723edc618b7f43b7daa8ab6659239a1cd23634f0cc9cedb107d2aea7461c81312880bb67e1c15045a61f34a7885c004521b9e8587517041945dc2b0567015dc6951296bd475901df2b1e7f724140ff2cc57dbdd1c4916269120097a70c4c935c867bd3d4feab04c3d8f6e820aca04bb271b338265b6b3bd642641f68706cd673f1f7a12bc71dc017812d2fdce9b63fb59e72ff4daae65d14c6a6e71fd2f31110723edc618b7f43b7daa8ab6659239a1cd23634f0cc9cedb107d2aea7461c85e20e821ca3f6fcb86a1e453860d32f861f70dd576110af06c6812a9b93a408d74b35982a754ad7b92769b6597653eb5072ec18578c491b974932c082c00fa39b08cc0d0e45ced5d61ddb4e1b15301013a997d1866cb0557c0ffc3e38dd207e5back_sql-2.4.so.2.10.9back_sql-2.4.so.2.10.9rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootopenldap2-2.4.46-150200.14.11.2.src.rpmlibtool(/usr/lib64/openldap/back_sql.la)openldap2-back-sqlopenldap2-back-sql(ppc-64)@@@@@    libc.so.6()(64bit)libc.so.6(GLIBC_2.17)(64bit)liblber-2.4.so.2()(64bit)libldap_r-2.4.so.2()(64bit)libodbc.so.2()(64bit)openldap2rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)2.4.46-150200.14.11.23.0.4-14.6.0-14.0-15.2-14.14.1bx@bu bX b; b; b4t@b/.@b[@``KW`/@`+_@_@_/@_FN_?@^^^*@]B@\ڭ\r@[H[@[vZ@Za@Z@ZZ.s@Z@Y*@Y*@Y@Y@YYp@Yf@Y7Y6@X@X7@X$a@XWk@WbW;VVɦVŲ@VŲ@V@V@V@V@Vf@V^@V\:@V@V @U4@T@Tuwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comwilliam.brown@suse.comvarkoly@suse.comvarkoly@suse.comckowalczyk@suse.comckowalczyk@suse.comzsolt.kalmar@suse.comzsolt.kalmar@suse.commichael@stroeder.comfvogt@suse.commichael@stroeder.comrbrown@suse.comjengelh@inai.demrueckert@suse.demichael@stroeder.commichael@stroeder.commichael@stroeder.commichael@stroeder.commichael@stroeder.comhguo@suse.comhguo@suse.comjengelh@inai.dekukuk@suse.comhguo@suse.comhguo@suse.comjengelh@inai.dehguo@suse.comhguo@suse.comhguo@suse.comjengelh@inai.dehguo@suse.comlmuelle@suse.comhguo@suse.commpluskal@suse.commichael@stroeder.comhguo@suse.commichael@stroeder.comhguo@suse.comhguo@suse.comhguo@suse.comhguo@suse.comhguo@suse.comrguenther@suse.comjengelh@inai.de- bsc#1198341 - Prevent memory reuse which may lead to instability * 0243-Change-malloc-to-use-calloc-to-prevent-memory-reuse-.patch- bsc#1199240 - CVE-2022-29155 - Resolve sql injection in back-sql * 0242-ITS-9815-slapd-sql-escape-filter-values.patch- bsc#1191157 - Correct version specification in ppolicy to allow submission to SP3 for TLS1.3- bsc#1191157 - allow specification of max/min TLS version with TLS1.3 * 0239-ITS-9422-Update-for-TLS-v1.3.patch * 0240-ITS-9518-add-LDAP_OPT_X_TLS_PROTOCOL_MAX-option.patch * 0241-TLS-set-protocol-version.patch- bsc#1197004 - libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol resolution failures. openldap2 and libldap now are locked to their related release versions.- jsc#PM-3288 - restore CLDAP functionality in CLI tools- Revert jsc#PM-3288 - CLDAP ( -DLDAP_CONNECTIONLESS ) due to regression reporting is bsc#1197004 causing SSSD to have faults.- jsc#PM-3288 - restore CLDAP functionality in CLI tools- bsc#1187210 - Resolve bug in the idle / connection TTL timeout implementation in OpenLDAP. * 0231-ITS-9468-Added-test-case-for-proxy-re-binding-anonym.patch * 0232-ITS-9468-back-ldap-Return-disconect-if-rebind-cannot.patch * 0233-ITS-9468-removed-accidental-unicode-characters.patch * 0234-ITS-9468-documented-that-re-connecting-does-not-happ.patch * 0235-ITS-9468-summarize-discussion-about-rebind-as-user.patch * 0236-ITS-9468-fixed-typos.patch * 0237-ITS-9468-always-init-lc_time-and-lc_create_time.patch * 0238-ITS-9468-do-not-arm-expire-timer-for-connections-tha.patch- bsc#1182791 - improve proxy connection timout options to correctly prune connections. * 0225-ITS-8625-Separate-Avlnode-and-TAvlnode-types.patch * 0226-ITS-9197-back-ldap-added-task-that-prunes-expired-co.patch * 0227-ITS-9197-Increase-timeouts-in-test-case-due-to-spora.patch * 0228-ITS-9197-fix-typo-in-prev-commit.patch * 0229-ITS-9197-Fix-test-script.patch * 0230-ITS-9197-fix-info-msg-for-slapd-check.patch- bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. * 0220-ITS-9423-ldap_X509dn2bv-check-for-invalid-BER-after-.patch - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. * 0222-ITS-9425-add-more-checks-to-ldap_X509dn2bv.patch - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resulting in denial of service. * 0223-ITS-9427-fix-issuerAndThisUpdateCheck.patch - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. * 0224-ITS-9428-fix-cancel-exop.patch - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. * 0218-ITS-9412-fix-AVA_Sort-on-invalid-RDN.patch - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. * 0217-ITS-9409-saslauthz-use-slap_sl_free-in-prev-commit.patch * 0216-ITS-9409-saslauthz-use-ch_free-on-normalized-DN.patch - bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. * 0219-ITS-9413-fix-slap_parse_user.patch - bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. * 0213-ITS-9406-9407-remove-saslauthz-asserts.patch * 0214-ITS-9406-fix-debug-msg.patch - bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). * 0212-ITS-9404-fix-serialNumberAndIssuerCheck.patch * 0221-ITS-9424-fix-serialNumberAndIssuerSerialCheck.patch - bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). * 0215-ITS-9408-fix-vrfilter-double-free.patch- bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. * patch: 0211-ITS-9454-fix-issuerAndThisUpdateCheck.patch- bsc#1178909 CVE-2020-25709 CVE-2020-25710 - Resolves two issues where openldap would crash due to malformed inputs. * patch: 0209-ITS-9383-remove-assert-in-certificateListValidate.patch * patch: 0210-ITS-9384-remove-assert-in-obsolete-csnNormalize23.patch- bsc#1179503 - fix proxy retry binds to a remote server * patch: 0208-ITS-9400-back-ldap-fix-retry-binds.patch- bsc#1178387 (CVE-2020-25692) - unauthenticated remote denial of service due to incorrect validation of modrdn equality rules. * patch: 0207-ITS-9370-check-for-equality-rule-on-old_rdn.patch- bsc#1175568 CVE-2020-8027 openldap_update_modules_path.sh has a number of issues in it's design that lead to security issues. This file has been removed, from the package, and the %post execution of the install. The function is replaced by /usr/sbin/slapd-ldif-update-crc and /usr/lib/openldap/fixup-modulepath, through the addition of the source files: * fixup-modulepath.sh * slapd-ldif-update-crc.sh * update-crc.sh- bsc#1174154 - CVE-2020-15719 - This resolves an issue with x509 SAN's falling back to CN validation in violation of rfc6125. * 0206-openldap-tlso-use-openssl-api-to-verify-host.patch- bsc#1172704 - Change DB_CONFIG to root:ldap permissions. - bsc#1172698 (CVE-2020-8023) - local priv esc via start script chown -R on olcdbdirectory path. Remove chown -R on start to resolve.- bsc#1170771 (CVE-2020-12243) - recursive filters may crash server * patch: 0205-bsc-1170771-limit-depth-of-nested-filters.patch- bsc#1158921 libldap-data should be requires, not recommends to help prevent user confusion around configuration ownership.- bsc#1143194 (CVE-2019-13565) - ssf memory reuse leads to incorrect authorisation of another connection, granting excess connection rights (ssf). * patch: 0201-ITS-9052-zero-out-sasl_ssf-in-connection_init.patch - bsc#1143273 (CVE-2019-13057) - rootDN of a backend may proxyauth incorrectly to another backend, violating multi-tenant isolation. * patch: 0202-ITS-9038-restrict-rootDN-proxyauthz-to-its-own-DBs.patch * patch: 0203-ITS-9038-Update-test028-to-test-this-is-enforced.patch * patch: 0204-ITS-9038-Another-test028-typo.patch- bsc#1111388 - incorrect post script call causes tmpfiles create not to be run.- bsc#1114845 - broken shebang line in openldap_update_modules_path.sh - fix the script- Emergency fix: move tmpfiles_create post from the library package to the main package's post script, which ships the tmpfiles.d configuration. Fixes the post script of the library (-p /sbin/ldconfig does not allow more statements in the script). - bsc#1111388 openldap and /var/lib/ldap/DB_CONFIG* (transactional-update) * source: openldap2.conf - Added a patch to let slapd return the uniqueness check filter used before constraint violation to the client. Fixed broken memory handling in affecting error response of slapo-unique ITS#8866 slapo-unique to return filter used in diagnostic message * patch: 0001-ITS-8866-slapo-unique-to-return-filter-used-in-diagn.patch - Don't require systemd explicit, spec file can handle both cases correct and in containers we don't have systemd.- Fix CVE-2017-17740: when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack * patch: 0017-Fix-segfault-in-nops.patch (bsc#1073313)- Fix slapd segfaults in mdb_env_reader_dest with patch 0016-Clear-shared-key-only-in-close-function.patch (bsc#1089640)- bsc#1085064 Packaging issues have been discovered around the openldap_update_modules_path.sh which has been corrected: - the spec file was wrongly configured, therefore the script has never been called - the script should create the symlinks first, as slapcat is useless on a system which is already affected.- bsc#1085064 Add script "openldap_update_modules_path.sh" which which removes the configuration item olcModulePath in cn=config which is after upgrade from SLE12 to SLE15 holds inappropriate information. If the cn=config is being used on a system, the conflicting items in slapd.conf are ignored, despite of it, the backend DB configuration section has been also commented out in the default slapd.conf. In case of correct cn=config (the olcModulePath has been already removed), the script stops without touching anything.- Upgrade to upstream 2.4.46 release - removed obsolete back-port patches: * 0013-ITS-8692-let-back-sock-generate-increment-line.patch * 0016-ITS-8782-fix-cancel-memleak.patch OpenLDAP 2.4.46 Release (2018/03/22) Fixed libldap connection delete callbacks when TLS fails to start (ITS#8717) Fixed libldap to not reuse tls_session if TLS hostname check fails (ITS#7373) Fixed libldap cross-compiling with OpenSSL 1.1 (ITS#8687) Fixed libldap OpenSSL 1.1.1 compatibility with BIO_method (ITS#8791) Fixed libldap MozNSS CA certificate hash matching (ITS#7374) Fixed libldap MozNSS with PEM certs when also using an NSS cert db (ITS#7389) Fixed libldap MozNSS initialization (ITS#8484) Fixed libldap GnuTLS with GNUTLS_E_AGAIN (ITS#8650) Fixed libldap memory leak with cancel operations (ITS#8782) Fixed slapd Eventlog registry key creation on 64-bit Windows (ITS#8705) Fixed slapd to maintain SSF across SASL binds (ITS#8796) Fixed slapd syncrepl deadlock when updating cookie (ITS#8752) Fixed slapd syncrepl callback to always be last in the stack (ITS#8752) Fixed slapd telephoneNumberNormalize when the value is spaces and hyphens (ITS#8778) Fixed slapd CSN queue processing (ITS#8801) Fixed slapd-ldap TLS connection timeout with high latency connections (ITS#8720) Fixed slapd-ldap to ignore unknown schema when omit-unknown-schema is set (ITS#7520) Fixed slapd-mdb with an optimization for long lived read transactions (ITS#8226) Fixed slapd-meta assert when olcDbRewrite is modified (ITS#8404) Fixed slapd-sock with LDAP_MOD_INCREMENT operations (ITS#8692) Fixed slapo-accesslog cleanup to only occur on failed operations (ITS#8752) Fixed slapo-dds entryTTL to actually decrease as per RFC 2589 (ITS#7100) Fixed slapo-syncprov memory leak with delete operations (ITS#8690) Fixed slapo-syncprov to not clear pending operation when checkpointing (ITS#8444) Fixed slapo-syncprov to correctly record contextCSN values in the accesslog (ITS#8100) Fixed slapo-syncprov not to log checkpoints to accesslog db (ITS#8607) Fixed slapo-syncprov to process changes from this SID on REFRESH (ITS#8800) Fixed slapo-syncprov session log parsing to not block other operations (ITS#8486) Build Environment Fixed Windows build with newer MINGW version (ITS#8697) Fixed compiler warnings and removed unused variables (ITS#8578) Contrib Fixed ldapc++ Control structure (ITS#8583) Documentation Delete stub manpage for back-ldbm (ITS#8713) Fixed ldap_bind(3) to mention the LDAP_SASL_SIMPLE mechanism (ITS#8121) Fixed ldap.conf(5) to note SASL_MECH/SASL_REALM are no longer user-only (ITS#8818) Fixed slapd-config(5) typo for olcTLSCipherSuite (ITS#8715) Fixed slapo-syncprov(5) indexing requirements (ITS#5048)- Use %license (boo#1082318)- added 0016-ITS-8782-fix-cancel-memleak.patch- Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468)- Add openldap-r-only.dif so that openldap2's own tools also link against libldap_r rather than libldap. - Make libldap equivalent to libldap_r (like Debian) to avoid crashes in threaded programs which unknowingly get both libraries inserted into their process image. [rh#1370065, boo#996551]- use existing groups instead of inventing new ones- added 0012-ITS8051-sockdnpat.patch- updated 0014-ITS-8714-Send-out-EXTENDED-operation-message-from-back-sock.patch- Added OpenLDAP new feature implementing OpenLDAP ITS#8714 0014-ITS-8714-Send-out-EXTENDED-operation-message-from-back-sock.patch- added overlay trace to package openldap2-contrib- Upgrade to upstream 2.4.45 release - removed obsolete 0010-Enforce-minimum-DH-size-of-1024.patch and 0012-use-system-wide-cert-dir-by-default.patch - added 0013-ITS-8692-let-back-sock-generate-increment-line.patch for supporting modify increment operations with back-sock - added overlay addpartial to package openldap2-contrib- Remove legacy daemon control that was used to migrate from SLE 11 to 12. (bsc#1038405)- There is no change made about the package itself, this is only copying over some changelog texts from SLE package: - bug#976172 owned by hguo@suse.com: openldap2 - missing /usr/share/doc/packages/openldap2/guide/admin/guide.html - bug#916914 owned by varkoly@suse.com: VUL-0: CVE-2015-1546: openldap2: slapd crash in valueReturnFilter cleanup - [fate#319300](https://fate.suse.com/319300) - [CVE-2015-1545](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1545) - bug#905959 owned by hguo@suse.com: L3-Question: Are multiple "Connection 0" in a Multi Master setup normal ? - [CVE-2015-1546](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1546) - bug#916897 owned by varkoly@suse.com: VUL-0: CVE-2015-1545: openldap2: slapd crashes on search with deref control and empty attr list- Drop binutils requirement; the code using /usr/bin/strings has been dropped in openSUSE:Factory/openldap2 revision 112.- Remove superfluous insserv PreReq.- Introduce patch 0012-use-system-wide-cert-dir-by-default.patch to let OpenLDAP read system wide certificate directory by default and avoid hiding the error if user specified CA location cannot be read (bsc#1009470).- Add more details in the comments of slapd.conf concerning file permission and StartTLS capability.- Test for user/group existence before trying to add them. Summary spello update.- Move schema files into tarball addonschema.tar.gz: ldapns.ldif ldapns.schema rfc2307bis.ldif rfc2307bis.schema yast.ldif yast.schema - Package previously missing schema files in LDIF format: amavisd-new.ldif dhcp.ldif dlz.ldif dnszone.ldif samba3.ldif sudo.ldif suse-mailserver.ldif (bsc#984691) - Fix a minor issue in schema2ldif script that led to missing attribute in the generated LDIF.- Enable build flag LDAP_USE_NON_BLOCKING_TLS to fix bsc#978408.- Move ldap.conf into libldap-data package, per convention.- Move ldap.conf out of shlib package again, they are not allowed there for obvious reasons (conflict with future package).- Build password strength enforcer as an implementation of ppolicy password checker, introducing: ppolicy-check-password-1.2.tar.gz ppolicy-check-password.Makefile ppolicy-check-password.conf ppolicy-check-password.5 0200-Fix-incorrect-calculation-of-consecutive-number-of-c.patch (Implements fate#319461)- Remove redundant -n openldap2- package name prefix.- Remove openldap2-client.spec and openldap2-client.changes openldap2.spec now builds client utilities and libraries. Thus pre_checkin.sh is removed. - Move ldap.conf and its manual page from openldap2-client package to libldap-2_4-2 package, which is more appropriate. - Use RPM_OPT_FLAGS in build flags. - Macros dealing with old/unsupported distributions are removed. - Remove 0002-slapd.conf.dif and install improved slapd.conf from new source file slapd.conf. - Install slapd.conf.olctemplate to assist in preparing slapd.d for OLC. - Be explicit in sysconfig that by default openldap will use static file configuration. - Add the following schemas in LDIF format: * rfc2307bis.ldif * ldapns.ldif * yast.ldif - Other minor clean-ups in the spec file.- Use optflags when building- Upgrade to upstream 2.4.44 release with accumulated bug fixes. - Specify source with FTP URL - Removed obsolete 0012-openldap-re24-its8336.patch- Relabel patch 0011-Enforce-minimum-DH-size-of-1024.patch into 0010-Enforce-minimum-DH-size-of-1024.patch- Upgrade to upstream 2.4.43 release with accumulated bug fixes. - Still build on SLES12 - Loadable backend and overlay modules are now installed into arch-specific path %{_libdir}/openldap - All backends and overlays as modules for smaller memory footprint on memory constrained systems - Added extra package for back-sock - Consequent use of %{_rundir} everywhere - Rely on upstream ./configure script instead of any other macro foo - Dropped linking with libwrap - Dropped 0004-libldap-use-gethostbyname_r.dif because this work-around for nss_ldap is obsolete - New sub-package openldap2-contrib with selected contrib/ overlays - Replaced addonschema.tar.gz with separate schema sources - Updated ldapns.schema from recent slapo-nssov source tree - Added symbolic link to slapd executable in /usr/sbin/ - Added more complex example configuration file /etc/openldap/slapd.conf.example - Set OPENLDAP_START_LDAPI="yes" in /etc/sysconfig/openldap - Set OPENLDAP_REGISTER_SLP="no" in /etc/sysconfig/openldap - Added patch for OpenLDAP ITS#7796 to avoid excessive "not index" logging: 0011-openldap-re24-its7796.patch - Replaced openldap-rc.tgz with single source files - Added soft dependency (Recommends) to cyrus-sasl - Added soft dependency (Recommends) to cyrus-sasl-devel to openldap2-devel - Added patch for OpenLDAP ITS#8336 (assert in liblmdb): 0012-openldap-re24-its8336.patch - Remove obsolete patch 0001-build-adjustments.dif- Introduce patch 0010-Revert-Revert-ITS-8240-remove-obsolete-assert.patch to fix CVE-2015-6908. (bsc#945582) - Introduce patch 0011-Enforce-minimum-DH-size-of-1024.patch to address weak DH size vulnerability (bsc#937766)- Introduce patch 0009-Fix-ldap-host-lookup-ipv6.patch to fix an issue with unresponsive LDAP host lookups in IPv6 environment. (bsc#955210)- Remove OpenLDAP 2.3 code and patches from build source. Compatibility libraries for OpenLDAP 2.3 are built in package: compat-libldap-2_3-0 Removed source files: openldap-2.3.37-liblber-length-decoding.dif openldap-2.3.37-libldap-ntlm.diff openldap-2.3.37-libldap-ssl.dif openldap-2.3.37-libldap-sasl-max-buff-size.dif openldap-2.3.37-libldap-tls_chkhost-its6239.dif openldap-2.3.37-libldap-gethostbyname_r.dif openldap-2.3.37-libldap-suid.diff openldap-2.3.37.dif openldap-2.3.37-libldap-ld_defconn-ldap_free_connection.dif openldap-2.3.37-libldap-ldapi_url.dif openldap-2.3.37.tgz openldap-2.3.37-libldap-utf8-ADcanonical.dif README.update check-build.sh- Upgrade to upstream 2.4.42 release with accumulated bug fixes.- Upgrade to upstream 2.4.41 release with accumulcated bug fixes and stability improvements. * Add patch 0008-In-monitor-backend-do-not-return-Connection0-entries.patch * Remove already applied patch 0008-ITS-7723-fix-reference-counting.patch * Remove already applied patch 0009-gcc5.patch (Implements fate#319301)- Add 0009-gcc5.patch to pass -P to the preprocessor in configure checks for Berkeley DB version- binutils is required for "strings" utility invocation in %pre [bnc#904028] - Remove SLE10 definitionsibs-power9-10 1658374831  !"#$%&'()*+,-./0123456789:;<=>?@ABC2.4.46-150200.14.11.22.4.46-150200.14.11.2  back_sql-2.4.so.2back_sql-2.4.so.2.10.9back_sql.laback_sql.soopenldap2-back-sqlbugsexamplesREADMEibmdb2backsql_create.sqlbacksql_drop.sqlslapd.conftestdb_create.sqltestdb_data.sqltestdb_drop.sqltestdb_metadata.sqlmssqlbacksql_create.sqlbacksql_drop.sqlslapd.conftestdb_create.sqltestdb_data.sqltestdb_drop.sqltestdb_metadata.sqlmysqlbacksql_create.sqlbacksql_drop.sqlslapd.conftestdb_create.sqltestdb_data.sqltestdb_drop.sqltestdb_metadata.sqloraclebacksql_create.sqlbacksql_drop.sqlslapd.conftestdb_create.sqltestdb_data.sqltestdb_drop.sqltestdb_metadata.sqlpgsqlbacksql_create.sqlbacksql_drop.sqlslapd.conftestdb_create.sqltestdb_data.sqltestdb_drop.sqltestdb_metadata.sqltimestenbacksql_create.sqlbacksql_drop.sqlcreate_schema.shdnreverseMakefilednreverse.cppslapd.conftestdb_create.sqltestdb_data.sqltestdb_drop.sqltestdb_metadata.sqlttcreate_schema.shtttestdb_create.sqltttestdb_data.sqltttestdb_drop.sqltttestdb_metadata.sqlinstallslapd-sql.5.gz/usr/lib64/openldap//usr/share/doc/packages//usr/share/doc/packages/openldap2-back-sql//usr/share/doc/packages/openldap2-back-sql/examples//usr/share/doc/packages/openldap2-back-sql/examples/ibmdb2//usr/share/doc/packages/openldap2-back-sql/examples/mssql//usr/share/doc/packages/openldap2-back-sql/examples/mysql//usr/share/doc/packages/openldap2-back-sql/examples/oracle//usr/share/doc/packages/openldap2-back-sql/examples/pgsql//usr/share/doc/packages/openldap2-back-sql/examples/timesten//usr/share/doc/packages/openldap2-back-sql/examples/timesten/dnreverse//usr/share/man/man5/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:Maintenance:24987/SUSE_SLE-15-SP2_Update/343a9c43b17f3fdc042a8f3ea98c7d12-openldap2.SUSE_SLE-15-SP2_Updatedrpmxz5ppc64le-suse-linuxELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, BuildID[sha1]=9e12e5afbb0efcdc928d64bd68d6585dbeea4b5f, strippedlibtool library filedirectoryASCII textASCII text, with very long linesmakefile script, ASCII textC++ source, ASCII texttroff or preprocessor input, ASCII text (gzip compressed data, max compression, from Unix)RRRRRP }z zjutf-82a57d8093fd7343ec45d1d764402b12552633a041590733f314d03f72d50ff94? 7zXZ !t/M2-6]"k% .:!w*[`m䂒WjGmϐ4 {zl9_&@j@2YrGl$>6C6 P`i;QN|M ],wzHl]H7[J_Ζ- 5@D;wIyau Q>̵f]/y`)e!K>ĿnЦ[$98G &dJE%*T.,Pܨcc]ǵ_Y`-CO V& IcӦ7f2l"BϘy5I`۳?KsLFJTKF+~*0ikAЈAe-KESEG(' *ra+~rx{ՂN,_5]@3rDu65Nhh\VSNRg~gߙ[I%jM7sһR$i˂IY-euF3#jܵDŘ߶Q|qigؒE^j H4p FkJ0eLوaH:M\sjHT3v(%]w=GW;\i ס)Iùh)cKF7=}JOQ5*v b:vbgL~-Md$o5z%6e42cwF',Cm_.7I lJ}!̂ϑτnMFпF,?f!h_3/j\<bFhM.xw!1v : d;`T4tL֮E\ؗ-Дu1`fwYf,ûN7I+Jx<C2?~c~zC1o \ðu,"Ia$LJpTT x2֥YeŪ^ҙsmX>'~V}\) ?-9ĸK~T\Qd0|IYӤݿ(~̤܂Y2\w$zT*LJ.;"rr ~"_{9{kk0vTSx][P `^`Le3wG~K17TN"RcD p ۸OН?֨L@reS"^0zzNHl8 e5I"2z\ߍa^4zB~j@n(9[. Ǔ~?E 3cz">GSuGphX5V`P[)nqۓ;bSt ]FzȉA/E!(@0ns,R<ޯf=re3QqjZ>/}qO(TtdWoc .ƀ.W 㰋B߹|{b7;0 WWTx% 󘟿]V{n`>kg5qozcno"iP~W;SP q?G,ב yj|ͅaƋC֧J=rіXX /3e}Q'+O|2or ^g~bX-%lfSƹCz4 ID⼲81] Rڈ0E]G}`Hu3s(RwW!$ڛ F>rŸB yeX]~쒰{GXRKeDaqb ,4VwK]ܠ 2tVWr K5)a;"*R~ 5|l\~ 8"27l܇@?{SB#%ɭ  ԅ]V3i,^wUt&U G1>R;j T O"j-fQg*T~X1j_{ rh? .gɿSխآ%RvpO7.aSߏ&mIgOn4nɆU[c熪Z|hz;O"0;}iA L}hUw\}8goM:Z`)y.[fOz{TWP%g|)B޾ɚ[Xn\F c!kÕ RJ1Zl͵jN-_rLAvRhO3U&Ir .`-8c"1]YA2g " 9+j@d}+A|qY >&cB~!O aYW!ٖm^gihטyJoC~P[63!ZF ],!5b`x!U3ͅV(Da 1ͺܓPN[/<_ome^2d1BK'y\T{KOWD„;izX6o5g.ϱ#~^vjZssuĕwRFO1LD㡑$*xKLz s\仫2dw/Xq\˒5"|%ҏy>RDzAK\=KoJP_ͪNڕDw= (AV 'Diqz!L,+R[ 0.dzQNbNwAx'3n+ѱBOhM* 6A2&bBUw˔Qd#jw-(8$|[T 2\ۚb'WxLA2HM9PgN$[ 0Q\I?̷A#)lq" KgusE^Y]KMnAFA} uZoŒ6xLg K*xp9UVaI)e}$+ ~mXoQQ4-;*\Ɔ 7^5{ђS[hۄEe'[$ Q^~^G⛷ ;G[ڇ1H2!P8̦֦?5mgtHѤukR$z(s?dt'. E7sQl\e.[EM:wM6 CÊ%CG E!7)K@'rA&%!LA);B DkgĆpZ$}ѣ!=|~n_wx "G)ifP bQ ihvZSiL<4W#oZ\}tR m0S3`T£ *$XBjxi;BɪNI騣\1u7b=@Yć|Xo]^TL5̝+f/1)O3o۝XSZHj*>꓁4s݂~9),`z4AY>[\'POYiGߠ1KM|0jkS_=]l?|SNzL_Ps8(Ы|tL0jt˅E i'Z?"/㇥%$,6W|s# ؇ #0N+V#FRKy -5[6+;}( 0@?Rg~{ \%>s6vxw踄$Wb1tI^в/P4B|w 5@F\sv~ 9;C1Z "XxUXmrv{ Ydr5][Β{QjOzˬep-"}Po 싥`7{;-Y'yC  _mq (3Vw%(;K'+L\Ċ8G5 :]?C,]ٰ=T8ΫI_6Yi tKmS|ȇ>Sד4غ퀅s,]?O~'GLC Ƌ*]+5U ަ5HuA5rEN[z\2˗ !A_\K,;)H"Á["Zʏ) XյUY>=9k#žAźc0.Z̯o0ͮD-|8XbnF^ⲇeeHBz H\Phm.ߒTf}A>5 /spEtY_h~RDҼ F(#Tݡ*S~`BJd*yv4M+&͕ !5ХA1T9}Vz+A#Š^vbxv 3qGz\X>TkgNjٓSPG8"VD P"jj>%x@(+\sw؍Mq }gi$>J6Ep\6\P.*'iXkF$0 E,p'5}ŽP n놵:?WR:<* l[sBƞ4/MFf#`.ՂPʥѐf6sZH_*tdOMd~ιQ8P&~5B0\џ849|J:Yu-ܔlHi} &ֿ *ȹziTg#&$[h L.h>E,![A[?~ŮJ:9`~ $G51 ^9RYː?Ɋ"R/gz!5F40e:Uqc;tmϑ^16Fp:߬ ZN@t.[ fbV7]>>[ 6&4>02; Mۥ* $Lɩ=Y!,:8Z6i_WpW|:j)O=Nv1ʸo{als9 0iJɷdH) &=6q:`yb  m j5r 7Dt~| z)ӚdN(@O$Vz LpVMx1b#1w,4\-FIs <Ds._$>d/΅NN#n]NuQ[8= 5Mh':rd!#wGT3〜+/U)V(+3/ӎZIpS$3e, ZLKg=YMIMs,anݵWۣPO}2/PQ q~JHB筌ra~h*3| 1X}PqCfTkߘGK}OEWyHqxC!4t?FO)ч0Tja׆!oR$T2YMHrh7CKxl 2#C͋&0T"p{n&&avST1?Y4z#/;`HMw`~́E`5H9<_\`H NŴ>WO$iuA@W{FC-jjw\7KZb ={LL #9\ qE:4?T9~qxjRa^ãFIe:3 ;epzylXr/O|JY4$OB(nUHǝW7Ѕ},"e44qs(aO%ǝ,Jԏa<*Nfba blCa&ghH;LblvE7eD)Q Ѹkf ۡr]2o_@ysb1s?)]/1k.JUyƟKx8ehx&͙[(.c@fpLǟ 鏫f?30Ynf)7Eq6GFiuX*}^FwЙp%^_),>&\/XԑQڬ|Vtϛ_{}y!r_Oe=Faw[ Ǚv䉈ň8aL&'bj-3 fq*dQyan .c[ &UG]YHRsWD#c׆[p yxxvbyx/Q`Au^Lׁʊ#v l!˵XN/^bjKk)tBjP_9ݾO[RwC ^ceu/[E0?34Q[$)PAQ{[{>gё#a{pDN֭*>FFi}JZ,d^&q3mBD-D4zuC :so{x,̮ K]ƅsiWZ,g~ 'hM 4ai$cy.ՑJg3wht;tt˪<])թP鄮 D(bF5yk—nve~T 2r݃Cg2&뫼)qGRTk䃪H1Mv8C^lKx-59,Gcj+~`ذѯ )ਗ਼tgE6f"R) kjGY0 {A+2g֐ʒO;`\S禽M8g,. ?{2,-H|o|yn8aUce -aG\ Q Ԯ98Ami3)$8̾ tiV,>vMbP.ASjManȊ-5"mrq I!v|\baP; q[W>B"Ui=>bFV7Jj|O" tx(8pA E?b4?(ƻ xT-̩PRiĈF96r;j}"UY@%LdI !p0K#y[aJENwg`#nj{\Ʌ.#ZQ\S^ uCMM UjN(򻶮o*퉜g_iW%<OGI̋Ä5("7U7֖x9巜"un6ت^8O&.>ĦW)؆B\vZR.+IjN癏*wt}RJ(q6fyႛT rݧ$H|HA!HJ?J|Y%" 2u$?fMbkX!'Z'O8 >I .3S~]5Y7ffe)~^!ػ9qs16i:"ztb_x| Wn!{$ "yƵ^FJC^ՁWD EK@Nb!Z(< :1IgQ!q BXXćS=oRgO[2EH,"z'Q@s.:ȯNcZ.b˛LRM: ms)BAАCIJt.z_TaU**H@h\DǺf1ۧQ͈aGA;n݁ wk)uJC A5UxNy j+OCH+;@2M Zv 1!G_&mA Ӣs(lKhWʛ29QLk߻n 8_#iBW.dЀnMBHf9݈cM'#'%bdAѦL{W>rqVeWhD#[zl3->Ͻ/14y;wWP'4mhDX#'P:Rm~8 haDWN[5/4RI# e)v XdD=eU]ҶE:%3e!x ݢ@6 EscQn]xw%prJOmOՃטܜ-_(Ddn*~Ѥum6mm6~2K=GytU!`===8!amC菧r "m`G}䓏1cv`L͖Mh ֈ}6wğnk>`&zLS;JƷ:kYL|u78ĈE ęE!€(o4\` d:oSO0H5/[|n?ӭq'$')O ~Wre*a܄߯)'w (xJ+$0UN= ieO0?tbrWCkvU8v!:T ox~ EcioX&m&(2ڱDUfX\GzP- F0+# ex2nYSKWg8w ,,&3,U,Jb4w)p~Ac"*P0)KUVؑ;گy*Dcga-fik?N4$Y{Ud}`pQP)o-uAW=e=Em2a-mU$ Z'a?גt( ~*Z/ ݴ_LUO\]F/;ց޽6,Z@q YZ