Release 1.1.43

- 389-admin uses 389-admin-git.sh which uses HTTP to download content from git (should use HTTPS) (DS 48762)
- Resolves: Bug 1334480 - running remove-ds-admin.pl multiple times will make it so you cannot install DS (DS 48429)
- Resolves: Bug 1260445 - RHDS upgrade change Ownership of certificate files upon upgrade. (DS 48409)
- Resolves: Bug 1173249 - register-ds-admin - silent file incorrectly processed (DS 47548)
- Resolves: Bug 1173244 - Configuration Tab does not work with FIPS mode enabled (DS 47493)
- Resolves: Bug 1223845 - register-ds-admin.pl script prints clear text password in the terminal (DS 48186)
- Resolves: Bug 1173249 - register-ds-admin.pl fails to set local bind DN and password (DS 47548)
- Resolves: Bug 966958 - Improve Add CRL/CKL dialog and errors (DS 47467)
- Resolves: Bug 1217015 - remove-ds-admin.pl removes files in the rpm (DS 48171)
- Resolves: Bug 979419 - "Manage certificates" crashes admin server (DS 48153)
- Resolves: Bug 1162417 - repl-monitor invoked from adminserver cgi fails (DS 48024)
- Resolves: Bug 1183152 - CVE-2015-0233 389-admin: multiple /tmp/ file vulnerabilities [directory_server_10] (DS 47995)
- Resolves: Bug 1173252 - Admin Server reconfig breaks SSL config (DS 47901)
- Ticket 47929 - Admin Server - disable SSLv3 by default
- Ticket 201   - nCipher HSM cannot be configured via the console
- Ticket 47493 - Configuration Tab does not work with FIPS mode enabled
- Ticket 47697 - Resource leak in lib/libdsa/dsalib_updown.c
- Ticket 47860 - register-ds-admin.pl problem when following steps to replicate o=netscaperoot
- Ticket 47548 - register-ds-admin does not register into remote config ds
- Ticket 47893 - Admin Server should use Sys::Hostname instead Net::Domain
- Ticket 47891 - Admin Server reconfig breaks SSL config
- Ticket 47300 - Update man page for remove-ds-admin.pl
- Ticket 47850 - "nsslapd-allow-anonymous-access: rootdse" makes login as "admin" fail at the first time
- Ticket 47497 - Admin Express - remove "Security Level"
- Ticket 47495 - admin express: wrong instance creation time
- Ticket 47665 - Create new instance results in setting wrong ACI for the "cn=config" entry
- Ticket 47478 - No groups file? error restarting Admin server
- Ticket 47300 - [RFE] remove-ds-admin.pl: redesign the behaviour
- Ticket 434   - admin-serv logs filling with "admserv_host_ip_check: ap_get_remote_host could not resolve <ip address>"
- Ticket 47563 - cannot restart directory server from console
- Ticket 222   - Admin Express issues "Internal Server Error" when the Config DS is down.
- Ticket 418   - Error with register-ds-admin.pl
- fix for bug 377 - Unchecked use of SELinux command Reviewed by: rmeggins
- Ticket 47498 - Error Message for Failed to create the configuration directory server

.gitignore

@@ -1,2 +1,22 @@
 *~
 /389-admin-1.1.13.tar.bz2
+/389-admin-1.1.14.tar.bz2
+/389-admin-1.1.15.tar.bz2
+/389-admin-1.1.16.tar.bz2
+/389-admin-1.1.17.tar.bz2
+/389-admin-1.1.18.tar.bz2
+/389-admin-1.1.19.tar.bz2
+/389-admin-1.1.20.tar.bz2
+/389-admin-1.1.21.tar.bz2
+/389-admin-1.1.22.tar.bz2
+/389-admin-1.1.23.tar.bz2
+/389-admin-1.1.24.tar.bz2
+/389-admin-1.1.25.tar.bz2
+/389-admin-1.1.26.tar.bz2
+/389-admin-1.1.27.tar.bz2
+/389-admin-1.1.28.tar.bz2
+/389-admin-1.1.29.tar.bz2
+/389-admin-1.1.30.tar.bz2
+/389-admin-1.1.31.tar.bz2
+/389-admin-1.1.35.tar.bz2
+/389-admin-1.1.43.tar.bz2

389-admin-git-local.sh

@@ -1,7 +1,7 @@
 #!/bin/bash
 
 DATE=`date +%Y%m%d`
-VERSION=1.1.13
+VERSION=1.1.35
 PKGNAME=389-admin
 TAG=${TAG:-$PKGNAME-$VERSION}
 SRCNAME=${PKGNAME}-${VERSION}

389-admin-git.sh

@@ -1,7 +1,7 @@
 #!/bin/bash
 
 DATE=`date +%Y%m%d`
-VERSION=1.1.13
+VERSION=1.1.35
 PKGNAME=389-admin
 #SRCNAME=$PKGNAME-$VERSION-$DATE
 SRCNAME=$PKGNAME-$VERSION

389-admin.spec

@@ -1,21 +1,17 @@
 %global pkgname   dirsrv
 # for a pre-release, define the prerel field - comment out for official release
-# % global prerel .a2
+# % global prerel .a1
 # also need the relprefix 0. field for a pre-release - also comment out for official release
 # % global relprefix 0.
 
 Summary:          389 Administration Server (admin)
 Name:             389-admin
-Version:          1.1.13
+Version:          1.1.43
 Release:          %{?relprefix}1%{?prerel}%{?dist}
 License:          GPLv2 and ASL 2.0
-URL:              http://port389.org/
+URL:              https://port389.org/
 Group:            System Environment/Daemons
 BuildRoot:        %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
-Provides:         fedora-ds-admin = %{version}-%{release}
-Obsoletes:        fedora-ds-admin < 1.1.8-1
-Obsoletes:        %{name}-selinux
-Conflicts:        selinux-policy-base < 3.9.8
 
 BuildRequires:    nspr-devel
 BuildRequires:    nss-devel
@@ -48,10 +44,9 @@ Requires(post): /sbin/chkconfig
 Requires(preun): /sbin/chkconfig
 Requires(preun): /sbin/service
 
-Source0:          http://port389.org/sources/%{name}-%{version}%{?prerel}.tar.bz2
+Source0:          https://port389.org/sources/%{name}-%{version}%{?prerel}.tar.bz2
 # 389-admin-git.sh should be used to generate the source tarball from git
 Source1:          %{name}-git.sh
-Patch1:           f11-httpd.patch
 
 %description
 389 Administration Server is an HTTP agent that provides management features
@@ -61,10 +56,9 @@ and CGI utilities used by the console.
 
 %prep
 %setup -q -n %{name}-%{version}%{?prerel}
-%patch1
 
 %build
-%configure --disable-rpath --with-selinux --with-openldap
+%configure --disable-rpath --with-selinux --with-openldap --enable-service
 
 # Generate symbolic info for debuggers
 export XCFLAGS=$RPM_OPT_FLAGS
@@ -100,25 +94,6 @@ rm -rf $RPM_BUILD_ROOT
 -- if these don't exist, the vars will be nil
 %{pkgname}admin_adminserv = posix.stat('%{_sysconfdir}/%{pkgname}/admin-serv')
 %{pkgname}admin_consoleconf = posix.stat('%{_sysconfdir}/%{pkgname}/admin-serv/console.conf')
--- save the run level configuration, if any
-rc = os.execute('rpm --quiet -q fedora-ds-admin')
-if rc == 0 then
-    %{pkgname}admin_exists = true
-    %{pkgname}admin_savelinks = {}
-    for dir in posix.files("%{_sysconfdir}/rc.d") do
-        if string.find(dir, "rc%d.d") then
---          print("looking in %{_sysconfdir}/rc.d/"..dir)
-            for link in posix.files("%{_sysconfdir}/rc.d/"..dir) do
-                if string.find(link, "[SK]%d%d%{pkgname}-admin") then
-                    fullname = "%{_sysconfdir}/rc.d/"..dir.."/"..link
-                    linked = posix.readlink(fullname)
---                  print(fullname.." is linked to "..linked)
-                    %{pkgname}_savelinks[fullname] = linked
-                end
-            end
-        end
-    end
-end
 
 %post -p <lua>
 -- do the usual daemon post setup stuff
@@ -143,20 +118,6 @@ fi
 %postun
 /sbin/ldconfig
 
-%posttrans -p <lua>
--- if we saved the run level configuration in %pre, restore it now
--- we can get rid of this code once Fedora 11 becomes obsolete
-if %{pkgname}admin_savelinks then
-    for fullpath,link in pairs(%{pkgname}admin_savelinks) do
-        posix.symlink(link,fullpath)
---        print("posttrans - restored run level "..fullpath.." to "..link)
-    end
-end
-if %{pkgname}admin_exists then
-    os.execute('/sbin/service %{pkgname}-admin start >/dev/null 2>&1')
-end
-
-
 %files
 %defattr(-,root,root,-)
 %doc LICENSE
@@ -171,15 +132,165 @@ end
 %{_mandir}/man8/*
 
 %changelog
+* Fri Jul 15 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.1.43-1
+- Release 1.1.43
+- 389-admin uses 389-admin-git.sh which uses HTTP to download content from git (should use HTTPS) (DS 48762)
+- Resolves: Bug 1334480 - running remove-ds-admin.pl multiple times will make it so you cannot install DS (DS 48429)
+- Resolves: Bug 1260445 - RHDS upgrade change Ownership of certificate files upon upgrade. (DS 48409)
+- Resolves: Bug 1173249 - register-ds-admin - silent file incorrectly processed (DS 47548)
+- Resolves: Bug 1173244 - Configuration Tab does not work with FIPS mode enabled (DS 47493)
+- Resolves: Bug 1223845 - register-ds-admin.pl script prints clear text password in the terminal (DS 48186)
+- Resolves: Bug 1173249 - register-ds-admin.pl fails to set local bind DN and password (DS 47548)
+- Resolves: Bug 966958 - Improve Add CRL/CKL dialog and errors (DS 47467)
+- Resolves: Bug 1217015 - remove-ds-admin.pl removes files in the rpm (DS 48171)
+- Resolves: Bug 979419 - "Manage certificates" crashes admin server (DS 48153)
+- Resolves: Bug 1162417 - repl-monitor invoked from adminserver cgi fails (DS 48024)
+- Resolves: Bug 1183152 - CVE-2015-0233 389-admin: multiple /tmp/ file vulnerabilities [directory_server_10] (DS 47995)
+- Resolves: Bug 1173252 - Admin Server reconfig breaks SSL config (DS 47901)
+- Ticket 47929 - Admin Server - disable SSLv3 by default
+- Ticket 201   - nCipher HSM cannot be configured via the console
+- Ticket 47493 - Configuration Tab does not work with FIPS mode enabled
+- Ticket 47697 - Resource leak in lib/libdsa/dsalib_updown.c
+- Ticket 47860 - register-ds-admin.pl problem when following steps to replicate o=netscaperoot
+- Ticket 47548 - register-ds-admin does not register into remote config ds
+- Ticket 47893 - Admin Server should use Sys::Hostname instead Net::Domain
+- Ticket 47891 - Admin Server reconfig breaks SSL config
+- Ticket 47300 - Update man page for remove-ds-admin.pl
+- Ticket 47850 - "nsslapd-allow-anonymous-access: rootdse" makes login as "admin" fail at the first time
+- Ticket 47497 - Admin Express - remove "Security Level"
+- Ticket 47495 - admin express: wrong instance creation time
+- Ticket 47665 - Create new instance results in setting wrong ACI for the "cn=config" entry
+- Ticket 47478 - No groups file? error restarting Admin server
+- Ticket 47300 - [RFE] remove-ds-admin.pl: redesign the behaviour
+- Ticket 434   - admin-serv logs filling with "admserv_host_ip_check: ap_get_remote_host could not resolve <ip address>"
+- Ticket 47563 - cannot restart directory server from console
+- Ticket 222   - Admin Express issues "Internal Server Error" when the Config DS is down.
+- Ticket 418   - Error with register-ds-admin.pl
+- fix for bug 377 - Unchecked use of SELinux command Reviewed by: rmeggins
+- Ticket 47498 - Error Message for Failed to create the configuration directory server
+
+
+
+* Tue Aug 20 2013 Rich Megginson <rmeggins@redhat.com> - 1.1.35-1
+- 0417dc7 add Eclipse and patch files
+- f2004ea compiler warning - ldif_read_record lineno type depends on openldap version
+- Ticket #47413 389-admin fails to build with latest httpd
+- 2a67826 add more debugging for SSL connection problems
+- Ticket #47465 problem with 389-adminutil detection in m4/adminutil.m4 in 389-admin and 389-dsgw
+- Ticket #47486 compiler warnings in adminutil, admin, dsgw
+- 14b1bf9 ignore files generated by Eclipse
+- Ticket 47467 - Improve CRL import error messages
+- Ticket 362 - Directory Console generates insufficient key strength
+- Ticket 47466 - Importing CA cert with existing name crashes security CGI
+- Ticket 47468 - Change security password validation error is out of order
+- Ticket #47334 - Avoid quoting all settings in console.conf
+- Ticket #47333 - Relabel lockfile when starting Admin Server
+- Ticket #47298 - remove-ds-admin.pl does not stop the admin server
+- Ticket #567 - Restart of Admin server from console fails on segfault
+
+* Wed Jan 16 2013 Noriko Hosoi <nhosoi@redhat.com> - 1.1.31-1
+- bump version to 1.1.31
+- Ticket #476 - 389 ds do not start on F18 due to missing modules
+- Ticket #293 - remove-ds-admin.pl does not remove everything
+- Ticket 400 - BIND operation result not checked properly in admin server
+- Ticket 401 - Console login fails with anonymous access disabled
+
+* Tue Mar 27 2012 Rich Megginson <rmeggins@redhat.com> - 1.1.29-1
+- 4ec23c0 If htmladmin fails to connect to the server, the cgi could crash.
+
+* Thu Mar 22 2012 Rich Megginson <rmeggins@redhat.com> - 1.1.28-1
+- Ticket #307 - htmladmin keeps segfaulting
+- Ticket #286 - compilation fixes for 'format-security'
+
+* Fri Feb  3 2012 Rich Megginson <rmeggins@redhat.com> - 1.1.27-1
+- Ticket #281 - TLS not working with latest openldap
+- Ticket #161 - Review and address latest Coverity issues
+
+* Wed Jan 25 2012 Rich Megginson <rmeggins@redhat.com> - 1.1.26-1
+- Bug 767823 - selinux: need to allow admin server to connect to ldap port
+
+* Fri Oct 28 2011 Rich Megginson <rmeggins@redhat.com> - 1.1.25-1
+- Bug 740959 - 389-console put CA certificates into wrong database
+
+* Wed Sep 21 2011 Rich Megginson <rmeggins@redhat.com> - 1.1.24-1
+- Bug 695741 - Providing native systemd file
+
+* Thu Aug 11 2011 Rich Megginson <rmeggins@redhat.com> - 1.1.23-1
+- Bug 730079 - Update SELinux policy during upgrades
+
+* Thu Aug 11 2011 Rich Megginson <rmeggins@redhat.com> - 1.1.22-1
+- Bug 724808 - startup CGIs write temp file to /
+- add man pages for ds_removal and ds_unregister
+- fixes for the makeUpgradeTar.sh script
+
+* Tue Aug  2 2011 Rich Megginson <rmeggins@redhat.com> - 1.1.21-1
+- Bug 476925 - Admin Server: Do not allow 8-bit passwords for the admin user
+
+* Tue Jul  5 2011 Rich Megginson <rmeggins@redhat.com> - 1.1.20-1
+- Bug 719056 - migrate-ds-admin.pl needs to update SELinux policy
+- Bug 718285 - AdminServer should use "service" command instead of start/stop/restart scripts
+- Bug 718079 - Perl errors when running migrate-ds-admin.pl
+- Bug 713000 - Migration stops if old admin server cannot be stopped
+- added tests for the security cgi
+- fix typo in NSS_Shutdown warning message
+- better NSS error handling - reduce memory leaks
+- Bug 710372 - Not able to open the Manage Certificate from DS-console
+
+* Tue Jun 28 2011 Rich Megginson <rmeggins@redhat.com> - 1.1.19-1
+- look for separate openldap ldif library
+
+* Tue Jun 21 2011 Rich Megginson <rmeggins@redhat.com> - 1.1.18-1
+- skip rebranding current brand
+- support for skins
+
+* Fri May 13 2011 Rich Megginson <rmeggins@redhat.com> - 1.1.17-1
+- 1.1.17
+- support "in-place" upgrade and rebranding from Red Hat to 389
+- many fixes for coverity issues
+
+* Tue Mar 29 2011 Rich Megginson <rmeggins@redhat.com> - 1.1.16-1
+- 389-admin-1.1.16
+- Bug 476925 - Admin Server: Do not allow 8-bit passwords for the admin user
+- Bug 614690 - Don't use exec to call genrb
+- Bug 158926 - Unable to install CA certificate when using
+-     hardware token ( LunaSA )
+- Bug 211296 - Clean up all HTML pages (Admin Express, Repl Monitor, etc)
+
+* Wed Feb 23 2011 Rich Megginson <rmeggins@redhat.com> - 1.1.15-1
+- 1.1.15 release - git tag 389-admin-1.1.15
+- Bug 493424 - remove unneeded modules for admin server apache config
+- Bug 618897 - Wrong permissions when creating instance from Console
+- Bug 672468 - Don't use empty path elements in LD_LIBRARY_PATH
+- Bug 245278 - Changing to a password with a single quote does not work
+- Bug 604881 - admin server log files have incorrect permissions/ownerships
+- Bug 387981 - plain files can be chosen on the Restore Directory dialog
+- Bug 668950 - Add posix group support to Console
+- Bug 618858 - move start-ds-admin env file into main admin server config path
+- Bug 616260 - libds-admin-serv linking fails due to unresolved link-time depe
+ndencies
+- start-ds-admin.in -- replaced "return 1" with "exit 1"
+- Bug 151705 - Need to update Console Cipher Preferences with new ciphers
+- Bug 470576 - Migration could do addition checks before commiting actions
+
+* Wed Jan  5 2011 Rich Megginson <rmeggins@redhat.com> - 1.1.14-1
+- 1.1.14 release
+- Bug 664671 - Admin server segfault when full SSL access (http+ldap+console) 
+required
+- Bug 638511 - dirsrv-admin crashes at startup with SELinux enabled
+
+* Mon Nov 29 2010 Rich Megginson <rmeggins@redhat.com> - 1.1.13-2
+- fix Conflicts for selinux policy
+
 * Tue Nov 23 2010 Rich Megginson <rmeggins@redhat.com> - 1.1.13-1
 - This is the final 1.1.13 release
 - git tag 389-admin-1.1.13
 - Bug 656441 - Missing library path entry causes LD_PRELOAD error
 - setup-ds-admin.pl -u exits with ServerAdminID and as_uid related error
 
-* Wed Nov 17 2010 Nathan Kinder <nkinder@redhat.com> - 1.1.1.12-2
+* Thu Nov 18 2010 Nathan Kinder <nkinder@redhat.com> - 1.1.12-2
 - This is the final 1.1.12 release
 - git tag 389-admin-1.1.12
+- Corrected conflict version for selinux-policy
 
 * Fri Nov 12 2010 Nathan Kinder <nkinder@redhat.com> - 1.1.1.12-1
 - This is the final 1.1.12 release
@@ -197,27 +308,24 @@ end
 * Thu Aug 26 2010 Rich Megginson <rmeggins@redhat.com> - 1.1.11-1
 - This is the final 1.1.11 release
 
-* Wed Aug  4 2010 Rich Megginson <rmeggins@redhat.com> - 1.1.11-0.7.rc2
+* Wed Aug  4 2010 Rich Megginson <rmeggins@redhat.com> - 1.1.11-0.6.rc2
 - 1.1.11.rc2 release
 - git tag 389-admin-1.1.11.rc2
 - Bug 594745 - Get rid of dirsrv_lib_t label
 
-* Wed Jun  9 2010 Rich Megginson <rmeggins@redhat.com> - 1.1.11-0.6.rc1
+* Wed Jun  9 2010 Rich Megginson <rmeggins@redhat.com> - 1.1.11-0.5.rc1
 - 1.1.11.rc1 release
 
-* Wed May 26 2010 Rich Megginson <rmeggins@redhat.com> - 1.1.11-0.5.a4
+* Wed May 26 2010 Rich Megginson <rmeggins@redhat.com> - 1.1.11-0.4.a4
 - 1.1.11.a4 release
 
-* Tue Apr  7 2010 Nathan Kinder <nkinder@redhat.com> - 1.1.11-0.4.a3
+* Tue Apr  7 2010 Nathan Kinder <nkinder@redhat.com> - 1.1.11-0.3.a3
 - 1.1.11.a3 release
 - Bug 570912 - dirsrv-admin SELinux module fails to install
 - Change parsing of start-slapd for instance name
 - Bug 574233 - Updated requirements for selinux policy
 - Moved selinux subpackage into base package
 
-* Fri Apr 02 2010 Caolán McNamara <caolanm@redhat.com> - 1.1.11.a2-0.3
-- rebuild for icu 4.4
-
 * Fri Feb 26 2010 Rich Megginson <rmeggins@redhat.com> - 1.1.11.a2-0.2
 - the 1.1.11.a2 release
 - Bug 460162 - FedoraDS "with-FHS" installs init.d StartupScript in wrong location

f11-httpd.patch

@@ -1,15 +0,0 @@
---- admserv/cfgstuff/httpd-2.2.conf.in	1 Aug 2007 18:14:53 -0000	1.6
-+++ admserv/cfgstuff/httpd-2.2.conf.in	9 Apr 2009 16:07:53 -0000
-@@ -137,12 +137,10 @@
- LoadModule actions_module @moddir@/mod_actions.so
- LoadModule alias_module @moddir@/mod_alias.so
- LoadModule rewrite_module @moddir@/mod_rewrite.so
- LoadModule cache_module @moddir@/mod_cache.so
- LoadModule disk_cache_module @moddir@/mod_disk_cache.so
--LoadModule file_cache_module @moddir@/mod_file_cache.so
--LoadModule mem_cache_module @moddir@/mod_mem_cache.so
- LoadModule cgi_module @moddir@/mod_cgi.so
- LoadModule restartd_module     @admmoddir@/mod_restartd.so
- LoadModule nss_module         @nssmoddir@/libmodnss.so
- LoadModule admserv_module     @admmoddir@/mod_admserv.so
- 

sources

@@ -1 +1 @@
-0dd329ee4a20a86425e14e3f894e46ae  389-admin-1.1.13.tar.bz2
+322199f1776b96d5910400dd5b9dee2a  389-admin-1.1.43.tar.bz2