Log message:
openldap: updated to 2.4.47

OpenLDAP 2.4.47:
Added slapd-sock DN qualifier for subtrees to be processed
Added slapd-sock ability to send extended operations to external listeners
Fixed liblber to avoid incremental access to user-supplied bv in dupbv
Fixed libldap dn to domain parsing with bad input
Fixed slapd slapcat to correctly honor -g option
Fixed slapd to correctly handle NO_SUCH_OBJECT with dynamic groups
Fixed slapd to check status of rdnNormalize
Fixed slapd cn=config when modifying slapo-syncprov config
Fixed slapd sasl authz-policy "all" behavior
Fixed slapd sasl minor typo
Fixed slapd to correctly hide hidden DBs in the rootDSE
Fixed slapd domainScope control to match Microsoft specification
Fixed slapd-bdb/hdb/mdb to not convert certain IDLs to ranges
Fixed slapo-accesslog deadlock during cleanup
Fixed slapo-memberof cn=config modifications
Fixed slapo-ppolicy with multimaster replication
Fixed slapo-syncprov with NULL modlist
Build Environment
	Added slapd reproducible build support
	Fixed missing includes with OpenSSL 1.0.2
Contrib
	Fixed slapo-pbkdf2 hash generation
Documentation
	admin24 fixed minor typo

Log message:
SunOS requires -D_POSIX_PTHREAD_SEMANTICS for sigwait()

Log message:
OpenLDAP 2.4.45 Release (2017/06/01)
	Added slapd support for OpenSSL 1.1.0 series (ITS-8353, ITS-8533, ITS-8634)
	Fixed libldap to fail ldap_result if the handle is already bad (ITS-8585)
	Fixed libldap to expose error if user specified CA doesn't exist (ITS-8529)
	Fixed libldap handling of Diffie-Hellman parameters (ITS-7506)
	Fixed libldap GnuTLS use after free (ITS-8385)
	Fixed libldap SASL initialization (ITS-8648)
	Fixed slapd bconfig rDN escape handling (ITS-8574)
	Fixed slapd segfault with invalid hostname (ITS-8631)
	Fixed slapd sasl SEGV rebind in same session (ITS-8568)
	Fixed slapd syncrepl filter handling (ITS-8413)
	Fixed slapd syncrepl infinite looping mods with delta-sync MMR (ITS-8432)
	Fixed slapd callback struct so older modules without writewait should function.
                    Custom modules may need to be updated for sc_writewait \ 
callback (ITS-8435)
	Fixed slapd-ldap/meta broken LDAP_TAILQ macro (ITS-8576)
	Fixed slapd-mdb so it passes ITS6794 regression test (ITS-6794)
	Fixed slapd-mdb double free with size zero paged result (ITS-8655)
	Fixed slapd-meta uninitialized diagnostic message (ITS-8442)
	Fixed slapo-accesslog to honor pauses during purge for cn=config update (ITS-8423)
	Fixed slapo-accesslog with multiple modifications to the same attribute (ITS-6545)
	Fixed slapo-relay to correctly initialize sc_writewait (ITS-8428)
	Fixed slapo-sssvlv double free (ITS-8592)
	Fixed slapo-unique with empty modifications (ITS-8266)
	Build Environment
		Added test065 for proxyauthz (ITS-8571)
		Fix test008 to be portable (ITS-8414)
		Fix test064 to wait for slapd to start (ITS-8644)
		Fix its4336 regression test (ITS-8534)
		Fix its4337 regression test (ITS-8535)
		Fix regression tests to execute on all backends (ITS-8539)
	Contrib
		Added slapo-autogroup(5) man page (ITS-8569)
		Added passwd missing conversion scripts for apr1 (ITS-6826)
		Fixed contrib modules where the writewait callback was not correctly \ 
initialized (ITS-8435)
		Fixed smbk5pwd to build with newer OpenSSL releases (ITS-8525)
	Documentation
		admin24 fixed tls_cipher_suite bindconf option (ITS-8099)
		admin24 fixed typo cn=config to be slapd.d (ITS-8449)
		admin24 fixed slapo-syncprov information to be curent (ITS-8253)
		admin24 fixed typo in access control docs (ITS-7341, ITS-8391)
		admin24 fixed minor typo in tuning guide (ITS-8499)
		admin24 fixed information about the limits option (ITS-7700)
		admin24 fixed missing options for syncrepl configuration (ITS-7700)
		admin24 fixed accesslog documentation to note it should not be replicated \ 
(ITS-8344)
		Fixed ldap.conf(5) missing information on SASL_NOCANON option (ITS-7177)
		Fixed ldapsearch(1) information on the V[V] flag behavior (ITS-7177, ITS-6339)
		Fixed slapd-config(5), slapd.conf(5) clarification on interval keyword for \ 
refreshAndPersist (ITS-8538)
		Fixed slapd-config(5), slapd.conf(5) clarify serverID requirements (ITS-8635)
		Fixed slapd-config(5), slapd.conf(5) clarification on loglevel settings (ITS-8123)
		Fixed slapo-ppolicy(5) to clearly note rootdn requirement (ITS-8565)
		Fixed slapo-memberof(5) to note it is not safe to use with replication (ITS-8613)
		Fixed slapo-syncprov(5) documentation to be current (ITS-8253)
		Fixed slapadd(8) manpage to note slapd-mdb (ITS-8215)
		Fixed various minor grammar issues in the man pages (ITS-8544)
		Fixed various typos (ITS-8587)

Log message:
Apply fix from https://bugzilla.redhat.com/show_bug.cgi?id=1238322
Incorrect multi-keyword mode cipherstring parsing.
Fixes CVE-2015-3276.
Submitted upstream as ITS#8543, it apparently wasn't already(!)
http://www.openldap.org/its/index.cgi/Incoming?id=8543

Bump PKGREVISION for both openldap, openldap-server and openldap-client
(to be on the safe side...)

Log message:
Expand more variables for SMF manifest.  Bump PKGREVISION.

Log message:
Add SMF manifest.  Move rc.d script to openldap-server files directory
for consistency and avoid redundant FILESDIR shared between packages.

Log message:
Bump PKGREVISION for security/openssl ABI bump.

Log message:
OpenLDAP 2.4.43 Release (2015/11/30)
	Fixed liblber remove obsolete assert (ITS-8240, ITS-8301)
	Fixed libldap file URLs on windows (ITS-8273)
	Fixed libldap microsecond timer for windows (ITS-8295)
	Fixed slap tools minor one time memory leak (ITS-8082)
	Fixed slapd to avoid redundant processing of abandon ops (ITS-8232)
	Fixed slapd syncrepl segv when present list is NULL (ITS-8231, ITS-8042)
	Fixed slapd segfault with invalid SASL URI (ITS-8218)
	Fixed slapd configuration parser with unbalanced quotes (ITS-8233)
	Fixed slapd syncrepl check with config db on windows (ITS-8277)
	Fixed slapd with mod Increment and inherited attribute type (ITS-8289)
	Fixed slapd-ldap SEGV after failed retry (ITS-8173)
	Fixed slapd-ldap to skip client controls in ldap_back_entry_get (ITS-8244)
	Fixed slapd-null to have an option to return a search entry (ITS-8249)
	Fixed slapd-relay to correctly handle quoted options (ITS-8284)
	Fixed slapo-accesslog delta-sync MMR with interrupted refresh phase (ITS-8281)
	Fixed slapo-dds segfault when using slapo-memberof (ITS-8133)
	Fixed slapo-ppolicy to allow purging of stale pwdFailureTime attributes (ITS-8185)
	Fixed slapo-ppolicy to release entry on failure (ITS-7537)
	Fixed slapo-ppolicy to fall back to default policy if there is a parsing error \ 
(ITS-8234)
	Fixed slapo-syncprov with interrupted refresh phase (ITS-8281)
	Fixed slapo-refint with subtree renames (ITS-8220)
	Fixed slapo-rwm missing olcDropUnrequested attribute (ITS-7889)
	Fixed slapo-rwm parsing to avoid double-escaping rewrite rules (ITS-7964)
	Build Environment
		Fixed ldif-filter option parsing (ITS-8292)
		Fixed slapd-tester EOL handling in test output for windows (ITS-8280)
		Fixed slapd-tester executable suffix for windows (ITS-8216)
		Fixed test061 timing issues (ITS-8297)
	Contrib
		Added libnettle support to pw-pbkdf2 (ITS-8198)
		Fixed smbk5pwd compiler warnings with libnettle (ITS-8235)
		Fixed passwd symbol collisions with other crypto libraries (ITS-8294)
	Documentation
		Updated guide to reflect changes to how TLS is handled with syncrepl

Log message:
Add support for ECDH, from upstream

After the recent logjam attack, longer DH parameter size have been advised.
Unfortunately, this comes with a high computational cost. ECDH is a good
alternative to acheive forward secrecy with lower CPU Loads.

This patch is a backport from upstream ECDH umplementation. ECDH is
enabled by speciying a curve name through the TLSECName directive.
Valid curve names can be obtaines by openssl ecparam -list_curves

Advised usage for a forward-secrecy only setup wiht only ECDH:
TLSCipherSuite EECDH:!RC4:!SHA:!MD5:!DES:!aNULL:!eNULL
TLSECName      prime256v1

If backward compatibility with older clients is required:
TLSCipherSuite EECDH:HIGH:!RC4:!SHA:!MD5:!DES:!aNULL:!eNULL
TLSECName      prime256v1

Backward compatible flavor with more forward secrecy, at
the expense of using costly DH. dh2048.pem is obtained using openssl
dhparam 2048 > /etc/openssl/certs/dh2048.pem
TLSCipherSuite EECDH:EDH:HIGH:!RC4:!SHA:!MD5:!DES:!aNULL:!eNULL
TLSDHParamFile /etc/openssl/certs/dh2048.pem
TLSECName      prime256v1

Log message:
Now that _STRIPFLAG_INSTALL is disabled by default on Darwin, remove manual
settings of INSTALL_UNSTRIPPED=yes for Darwin in individual packages.