diff --git a/.fmf/version b/.fmf/version new file mode 100644 index 0000000..d00491f --- /dev/null +++ b/.fmf/version @@ -0,0 +1 @@ +1 diff --git a/.gitignore b/.gitignore index b1b5d27..18ea466 100644 --- a/.gitignore +++ b/.gitignore @@ -1,211 +1,4 @@ *~ -/389-ds-base-1.2.7.2.tar.bz2 -/389-ds-base-1.2.7.3.tar.bz2 -/389-ds-base-1.2.7.4.tar.bz2 -/389-ds-base-1.2.7.5.tar.bz2 -/389-ds-base-1.2.8.a1.tar.bz2 -/389-ds-base-1.2.8.a2.tar.bz2 -/389-ds-base-1.2.8.a3.tar.bz2 -/389-ds-base-1.2.8.rc1.tar.bz2 -/389-ds-base-1.2.8.rc2.tar.bz2 -/389-ds-base-1.2.8.rc4.tar.bz2 -/389-ds-base-1.2.8.rc5.tar.bz2 -/389-ds-base-1.2.8.0.tar.bz2 -/389-ds-base-1.2.8.1.tar.bz2 -/389-ds-base-1.2.8.2.tar.bz2 -/389-ds-base-1.2.8.3.tar.bz2 -/389-ds-base-1.2.9.a1.tar.bz2 -/389-ds-base-1.2.9.a2.tar.bz2 -/389-ds-base-1.2.9.0.tar.bz2 -/389-ds-base-1.2.9.1.tar.bz2 -/389-ds-base-1.2.9.2.tar.bz2 -/389-ds-base-1.2.9.3.tar.bz2 -/389-ds-base-1.2.9.4.tar.bz2 -/389-ds-base-1.2.9.5.tar.bz2 -/389-ds-base-1.2.9.6.tar.bz2 -/389-ds-base-1.2.9.7.tar.bz2 -/389-ds-base-1.2.9.8.tar.bz2 -/389-ds-base-1.2.9.9.tar.bz2 -/389-ds-base-1.2.9.10.tar.bz2 -/389-ds-base-1.2.10.a1.tar.bz2 -/389-ds-base-1.2.10.a2.tar.bz2 -/389-ds-base-1.2.10.a3.tar.bz2 -/389-ds-base-1.2.10.a4.tar.bz2 -/389-ds-base-1.2.10.a5.tar.bz2 -/389-ds-base-1.2.10.a6.tar.bz2 -/389-ds-base-1.2.10.a7.tar.bz2 -/389-ds-base-1.2.10.a8.tar.bz2 -/389-ds-base-1.2.10.rc1.tar.bz2 -/389-ds-base-1.2.10.0.tar.bz2 -/389-ds-base-1.2.10.1.tar.bz2 -/389-ds-base-1.2.10.2.tar.bz2 -/389-ds-base-1.2.10.3.tar.bz2 -/389-ds-base-1.2.10.4.tar.bz2 -/389-ds-base-1.2.11.a1.tar.bz2 -/389-ds-base-1.2.11.1.tar.bz2 -/389-ds-base-1.2.11.2.tar.bz2 -/389-ds-base-1.2.11.3.tar.bz2 -/389-ds-base-1.2.11.4.tar.bz2 -/389-ds-base-1.2.11.5.tar.bz2 -/389-ds-base-1.2.11.6.tar.bz2 -/389-ds-base-1.2.11.7.tar.bz2 -/389-ds-base-1.2.11.8.tar.bz2 -/389-ds-base-1.2.11.9.tar.bz2 -/389-ds-base-1.2.11.10.tar.bz2 -/389-ds-base-1.2.11.11.tar.bz2 -/389-ds-base-1.2.11.12.tar.bz2 -/389-ds-base-1.2.11.13.tar.bz2 -/389-ds-base-1.2.11.14.tar.bz2 -/389-ds-base-1.2.11.15.tar.bz2 -/389-ds-base-1.3.0.a1.tar.bz2 -/389-ds-base-1.3.0.rc1.tar.bz2 -/389-ds-base-1.3.0.rc2.tar.bz2 -/389-ds-base-1.3.0.rc3.tar.bz2 -/389-ds-base-1.3.0.0.tar.bz2 -/389-ds-base-1.3.0.1.tar.bz2 -/389-ds-base-1.3.0.2.tar.bz2 -/389-ds-base-1.3.0.3.tar.bz2 -/389-ds-base-1.3.0.4.tar.bz2 -/389-ds-base-1.3.0.5.tar.bz2 -/389-ds-base-1.3.1.0.tar.bz2 -/389-ds-base-1.3.1.1.tar.bz2 -/389-ds-base-1.3.1.2.tar.bz2 -/389-ds-base-1.3.1.3.tar.bz2 -/389-ds-base-1.3.1.4.tar.bz2 -/389-ds-base-1.3.1.5.tar.bz2 -/389-ds-base-1.3.1.6.tar.bz2 -/389-ds-base-1.3.1.7.tar.bz2 -/389-ds-base-1.3.1.8.tar.bz2 -/389-ds-base-1.3.1.9.tar.bz2 -/389-ds-base-1.3.1.10.tar.bz2 -/389-ds-base-1.3.1.11.tar.bz2 -/389-ds-base-1.3.2.0.tar.bz2 -/389-ds-base-1.3.2.1.tar.bz2 -/389-ds-base-1.3.2.2.tar.bz2 -/389-ds-base-1.3.2.3.tar.bz2 -/389-ds-base-1.3.2.4.tar.bz2 -/389-ds-base-1.3.2.5.tar.bz2 -/389-ds-base-1.3.2.6.tar.bz2 -/389-ds-base-1.3.2.7.tar.bz2 -/389-ds-base-1.3.2.8.tar.bz2 -/389-ds-base-1.3.2.9.tar.bz2 -/389-ds-base-1.3.2.10.tar.bz2 -/389-ds-base-1.3.2.11.tar.bz2 -/389-ds-base-1.3.2.12.tar.bz2 -/389-ds-base-1.3.2.13.tar.bz2 -/389-ds-base-1.3.2.14.tar.bz2 -/389-ds-base-1.3.2.15.tar.bz2 -/389-ds-base-1.3.2.16.tar.bz2 -/389-ds-base-1.3.2.17.tar.bz2 -/389-ds-base-1.3.2.18.tar.bz2 -/389-ds-base-1.3.2.19.tar.bz2 -/389-ds-base-1.3.2.20.tar.bz2 -/389-ds-base-1.3.2.21.tar.bz2 -/389-ds-base-1.3.2.22.tar.bz2 -/389-ds-base-1.3.2.23.tar.bz2 -/389-ds-base-1.3.3.0.tar.bz2 -/389-ds-base-1.3.3.2.tar.bz2 -/389-ds-base-1.3.3.3.tar.bz2 -/389-ds-base-1.3.3.4.tar.bz2 -/389-ds-base-1.3.3.5.tar.bz2 -/389-ds-base-1.3.3.6.tar.bz2 -/389-ds-base-1.3.3.7.tar.bz2 -/389-ds-base-1.3.3.8.tar.bz2 -/389-ds-base-1.3.3.9.tar.bz2 -/389-ds-base-1.3.3.10.tar.bz2 -/389-ds-base-1.3.3.11.tar.bz2 -/389-ds-base-1.3.3.12.tar.bz2 -/389-ds-base-1.3.4.0.tar.bz2 -/nunc-stans-0.1.3.tar.bz2 -/nunc-stans-0.1.4.tar.bz2 -/389-ds-base-1.3.4.1.tar.bz2 -/nunc-stans-0.1.5.tar.bz2 -/389-ds-base-1.3.4.2.tar.bz2 -/389-ds-base-1.3.4.3.tar.bz2 -/389-ds-base-1.3.4.4.tar.bz2 -/389-ds-base-1.3.4.5.tar.bz2 -/389-ds-base-1.3.4.6.tar.bz2 -/389-ds-base-1.3.4.7.tar.bz2 -/389-ds-base-1.3.4.8.tar.bz2 -/389-ds-base-1.3.5.0.tar.bz2 -/nunc-stans-0.1.8.tar.bz2 -/389-ds-base-1.3.5.1.tar.bz2 -/389-ds-base-1.3.5.3.tar.bz2 -/389-ds-base-1.3.5.4.tar.bz2 -/389-ds-base-1.3.5.5.tar.bz2 -/389-ds-base-1.3.5.6.tar.bz2 -/389-ds-base-1.3.5.10.tar.bz2 -/389-ds-base-1.3.5.11.tar.bz2 -/389-ds-base-1.3.5.12.tar.bz2 -/389-ds-base-1.3.5.13.tar.bz2 -/389-ds-base-1.3.5.14.tar.bz2 -/nunc-stans-0.2.0.tar.bz2 -/389-ds-base-1.3.6.1.tar.bz2 -/389-ds-base-1.3.6.2.tar.bz2 -/389-ds-base-1.3.6.3.tar.bz2 -/389-ds-base-1.3.6.4.tar.bz2 -/389-ds-base-1.3.6.5.tar.bz2 -/389-ds-base-1.3.6.6.tar.bz2 -/389-ds-base-1.3.7.1.tar.bz2 -/389-ds-base-1.3.7.2.tar.bz2 -/389-ds-base-1.3.7.3.tar.bz2 -/389-ds-base-1.3.7.4.tar.bz2 -/389-ds-base-1.4.0.0.tar.bz2 -/389-ds-base-1.4.0.1.tar.bz2 -/389-ds-base-1.4.0.2.tar.bz2 -/389-ds-base-1.4.0.3.tar.bz2 -/389-ds-base-1.4.0.4.tar.bz2 -/389-ds-base-1.4.0.5.tar.bz2 -/389-ds-base-1.4.0.6.tar.bz2 -/389-ds-base-1.4.0.7.tar.bz2 -/389-ds-base-1.4.0.8.tar.bz2 -/389-ds-base-1.4.0.9.tar.bz2 -/389-ds-base-1.4.0.10.tar.bz2 -/jemalloc-5.0.1.tar.bz2 -/389-ds-base-1.4.0.11.tar.bz2 -/jemalloc-5.1.0.tar.bz2 -/389-ds-base-1.4.0.12.tar.bz2 -/389-ds-base-1.4.0.13.tar.bz2 -/389-ds-base-1.4.0.14.tar.bz2 -/389-ds-base-1.4.0.15.tar.bz2 -/389-ds-base-1.4.0.16.tar.bz2 -/389-ds-base-1.4.0.17.tar.bz2 -/389-ds-base-1.4.0.18.tar.bz2 -/389-ds-base-1.4.0.19.tar.bz2 -/389-ds-base-1.4.0.20.tar.bz2 -/389-ds-base-1.4.1.1.tar.bz2 -/389-ds-base-1.4.1.2.tar.bz2 -/389-ds-base-1.4.1.3.tar.bz2 -/389-ds-base-1.4.1.4.tar.bz2 -/389-ds-base-1.4.1.5.tar.bz2 -/jemalloc-5.2.0.tar.bz2 -/389-ds-base-1.4.1.6.tar.bz2 -/389-ds-base-1.4.2.1.tar.bz2 -/389-ds-base-1.4.2.2.tar.bz2 -/389-ds-base-1.4.2.3.tar.bz2 -/389-ds-base-1.4.2.4.tar.bz2 -/389-ds-base-1.4.2.5.tar.bz2 -/389-ds-base-1.4.3.1.tar.bz2 -/jemalloc-5.2.1.tar.bz2 -/389-ds-base-1.4.3.2.tar.bz2 -/389-ds-base-1.4.3.3.tar.bz2 -/389-ds-base-1.4.3.4.tar.bz2 -/389-ds-base-1.4.3.5.tar.bz2 -/389-ds-base-1.4.4.0.tar.bz2 -/389-ds-base-1.4.4.1.tar.bz2 -/389-ds-base-1.4.4.2.tar.bz2 -/389-ds-base-1.4.4.3.tar.bz2 -/389-ds-base-1.4.4.4.tar.bz2 -/389-ds-base-1.4.4.5.tar.bz2 -/389-ds-base-1.4.4.6.tar.bz2 -/389-ds-base-1.4.4.7.tar.bz2 -/389-ds-base-1.4.4.8.tar.bz2 -/389-ds-base-1.4.4.9.tar.bz2 -/389-ds-base-1.4.4.10.tar.bz2 -/389-ds-base-1.4.4.11.tar.bz2 -/389-ds-base-1.4.4.12.tar.bz2 -/389-ds-base-1.4.4.13.tar.bz2 -/389-ds-base-1.4.4.14.tar.bz2 -/389-ds-base-1.4.4.15.tar.bz2 -/389-ds-base-1.4.4.16.tar.bz2 -/389-ds-base-1.4.4.17.tar.bz2 +/389-ds-base-*.tar.bz2 +/jemalloc-*.tar.bz2 +/libdb-5.3.28-59.tar.bz2 diff --git a/0001-Issue-7096-During-replication-online-total-init-the-.patch b/0001-Issue-7096-During-replication-online-total-init-the-.patch new file mode 100644 index 0000000..a5792b6 --- /dev/null +++ b/0001-Issue-7096-During-replication-online-total-init-the-.patch @@ -0,0 +1,318 @@ +From 1c9c535888b9a850095794787d67900b04924a76 Mon Sep 17 00:00:00 2001 +From: tbordaz +Date: Wed, 7 Jan 2026 11:21:12 +0100 +Subject: [PATCH] Issue 7096 - During replication online total init the + function idl_id_is_in_idlist is not scaling with large database (#7145) + +Bug description: + During a online total initialization, the supplier sorts + the candidate list of entries so that the parents are sent before + children entries. + With large DB the ID array used for the sorting is not + scaling. It takes so long to build the candidate list that + the connection gets closed + +Fix description: + Instead of using an ID array, uses a list of ID ranges + +fixes: #7096 + +Reviewed by: Mark Reynolds, Pierre Rogier (Thanks !!) +--- + ldap/servers/slapd/back-ldbm/back-ldbm.h | 12 ++ + ldap/servers/slapd/back-ldbm/idl_common.c | 163 ++++++++++++++++++ + ldap/servers/slapd/back-ldbm/idl_new.c | 30 ++-- + .../servers/slapd/back-ldbm/proto-back-ldbm.h | 3 + + 4 files changed, 189 insertions(+), 19 deletions(-) + +diff --git a/ldap/servers/slapd/back-ldbm/back-ldbm.h b/ldap/servers/slapd/back-ldbm/back-ldbm.h +index 1bc36720d..b187c26bc 100644 +--- a/ldap/servers/slapd/back-ldbm/back-ldbm.h ++++ b/ldap/servers/slapd/back-ldbm/back-ldbm.h +@@ -282,6 +282,18 @@ typedef struct _idlist_set + #define INDIRECT_BLOCK(idl) ((idl)->b_nids == INDBLOCK) + #define IDL_NIDS(idl) (idl ? (idl)->b_nids : (NIDS)0) + ++/* ++ * used by the supplier during online total init ++ * it stores the ranges of ID that are already present ++ * in the candidate list ('parentid>=1') ++ */ ++typedef struct IdRange { ++ ID first; ++ ID last; ++ struct IdRange *next; ++} IdRange_t; ++ ++ + typedef size_t idl_iterator; + + /* small hashtable implementation used in the entry cache -- the table +diff --git a/ldap/servers/slapd/back-ldbm/idl_common.c b/ldap/servers/slapd/back-ldbm/idl_common.c +index fcb0ece4b..fdc9b4e67 100644 +--- a/ldap/servers/slapd/back-ldbm/idl_common.c ++++ b/ldap/servers/slapd/back-ldbm/idl_common.c +@@ -172,6 +172,169 @@ idl_min(IDList *a, IDList *b) + return (a->b_nids > b->b_nids ? b : a); + } + ++/* ++ * This is a faster version of idl_id_is_in_idlist. ++ * idl_id_is_in_idlist uses an array of ID so lookup is expensive ++ * idl_id_is_in_idlist_ranges uses a list of ranges of ID lookup is faster ++ * returns ++ * 1: 'id' is present in idrange_list ++ * 0: 'id' is not present in idrange_list ++ */ ++int ++idl_id_is_in_idlist_ranges(IDList *idl, IdRange_t *idrange_list, ID id) ++{ ++ IdRange_t *range = idrange_list; ++ int found = 0; ++ ++ if (NULL == idl || NOID == id) { ++ return 0; /* not in the list */ ++ } ++ if (ALLIDS(idl)) { ++ return 1; /* in the list */ ++ } ++ ++ for(;range; range = range->next) { ++ if (id > range->last) { ++ /* check if it belongs to the next range */ ++ continue; ++ } ++ if (id >= range->first) { ++ /* It belongs to that range [first..last ] */ ++ found = 1; ++ break; ++ } else { ++ /* this range is after id */ ++ break; ++ } ++ } ++ return found; ++} ++ ++/* This function is used during the online total initialisation ++ * (see next function) ++ * It frees all ranges of ID in the list ++ */ ++void idrange_free(IdRange_t **head) ++{ ++ IdRange_t *curr, *sav; ++ ++ if ((head == NULL) || (*head == NULL)) { ++ return; ++ } ++ curr = *head; ++ sav = NULL; ++ for (; curr;) { ++ sav = curr; ++ curr = curr->next; ++ slapi_ch_free((void *) &sav); ++ } ++ if (sav) { ++ slapi_ch_free((void *) &sav); ++ } ++ *head = NULL; ++} ++ ++/* This function is used during the online total initialisation ++ * Because a MODRDN can move entries under a parent that ++ * has a higher ID we need to sort the IDList so that parents ++ * are sent, to the consumer, before the children are sent. ++ * The sorting with a simple IDlist does not scale instead ++ * a list of IDs ranges is much faster. ++ * In that list we only ADD/lookup ID. ++ */ ++IdRange_t *idrange_add_id(IdRange_t **head, ID id) ++{ ++ if (head == NULL) { ++ slapi_log_err(SLAPI_LOG_ERR, "idrange_add_id", ++ "Can not add ID %d in non defined list\n", id); ++ return NULL; ++ } ++ ++ if (*head == NULL) { ++ /* This is the first range */ ++ IdRange_t *new_range = (IdRange_t *)slapi_ch_malloc(sizeof(IdRange_t)); ++ new_range->first = id; ++ new_range->last = id; ++ new_range->next = NULL; ++ *head = new_range; ++ return *head; ++ } ++ ++ IdRange_t *curr = *head, *prev = NULL; ++ ++ /* First, find if id already falls within any existing range, or it is adjacent to any */ ++ while (curr) { ++ if (id >= curr->first && id <= curr->last) { ++ /* inside a range, nothing to do */ ++ return curr; ++ } ++ ++ if (id == curr->last + 1) { ++ /* Extend this range upwards */ ++ curr->last = id; ++ ++ /* Check for possible merge with next range */ ++ IdRange_t *next = curr->next; ++ if (next && curr->last + 1 >= next->first) { ++ slapi_log_err(SLAPI_LOG_REPL, "idrange_add_id", ++ "(id=%d) merge current with next range [%d..%d]\n", id, curr->first, curr->last); ++ curr->last = (next->last > curr->last) ? next->last : curr->last; ++ curr->next = next->next; ++ slapi_ch_free((void*) &next); ++ } else { ++ slapi_log_err(SLAPI_LOG_REPL, "idrange_add_id", ++ "(id=%d) extend forward current range [%d..%d]\n", id, curr->first, curr->last); ++ } ++ return curr; ++ } ++ ++ if (id + 1 == curr->first) { ++ /* Extend this range downwards */ ++ curr->first = id; ++ ++ /* Check for possible merge with previous range */ ++ if (prev && prev->last + 1 >= curr->first) { ++ prev->last = curr->last; ++ prev->next = curr->next; ++ slapi_ch_free((void *) &curr); ++ slapi_log_err(SLAPI_LOG_REPL, "idrange_add_id", ++ "(id=%d) merge current with previous range [%d..%d]\n", id, prev->first, prev->last); ++ return prev; ++ } else { ++ slapi_log_err(SLAPI_LOG_REPL, "idrange_add_id", ++ "(id=%d) extend backward current range [%d..%d]\n", id, curr->first, curr->last); ++ return curr; ++ } ++ } ++ ++ /* If id is before the current range, break so we can insert before */ ++ if (id < curr->first) { ++ break; ++ } ++ ++ prev = curr; ++ curr = curr->next; ++ } ++ /* Need to insert a new standalone IdRange */ ++ IdRange_t *new_range = (IdRange_t *)slapi_ch_malloc(sizeof(IdRange_t)); ++ new_range->first = id; ++ new_range->last = id; ++ new_range->next = curr; ++ ++ if (prev) { ++ slapi_log_err(SLAPI_LOG_REPL, "idrange_add_id", ++ "(id=%d) add new range [%d..%d]\n", id, new_range->first, new_range->last); ++ prev->next = new_range; ++ } else { ++ /* Insert at head */ ++ slapi_log_err(SLAPI_LOG_REPL, "idrange_add_id", ++ "(id=%d) head range [%d..%d]\n", id, new_range->first, new_range->last); ++ *head = new_range; ++ } ++ return *head; ++} ++ ++ + int + idl_id_is_in_idlist(IDList *idl, ID id) + { +diff --git a/ldap/servers/slapd/back-ldbm/idl_new.c b/ldap/servers/slapd/back-ldbm/idl_new.c +index 5fbcaff2e..2d978353f 100644 +--- a/ldap/servers/slapd/back-ldbm/idl_new.c ++++ b/ldap/servers/slapd/back-ldbm/idl_new.c +@@ -417,7 +417,6 @@ idl_new_range_fetch( + { + int ret = 0; + int ret2 = 0; +- int idl_rc = 0; + dbi_cursor_t cursor = {0}; + IDList *idl = NULL; + dbi_val_t cur_key = {0}; +@@ -436,6 +435,7 @@ idl_new_range_fetch( + size_t leftoverlen = 32; + size_t leftovercnt = 0; + char *index_id = get_index_name(be, db, ai); ++ IdRange_t *idrange_list = NULL; + + + if (NULL == flag_err) { +@@ -578,10 +578,12 @@ idl_new_range_fetch( + * found entry is the one from the suffix + */ + suffix = key; +- idl_rc = idl_append_extend(&idl, id); +- } else if ((key == suffix) || idl_id_is_in_idlist(idl, key)) { ++ idl_append_extend(&idl, id); ++ idrange_add_id(&idrange_list, id); ++ } else if ((key == suffix) || idl_id_is_in_idlist_ranges(idl, idrange_list, key)) { + /* the parent is the suffix or already in idl. */ +- idl_rc = idl_append_extend(&idl, id); ++ idl_append_extend(&idl, id); ++ idrange_add_id(&idrange_list, id); + } else { + /* Otherwise, keep the {key,id} in leftover array */ + if (!leftover) { +@@ -596,13 +598,7 @@ idl_new_range_fetch( + leftovercnt++; + } + } else { +- idl_rc = idl_append_extend(&idl, id); +- } +- if (idl_rc) { +- slapi_log_err(SLAPI_LOG_ERR, "idl_new_range_fetch", +- "Unable to extend id list (err=%d)\n", idl_rc); +- idl_free(&idl); +- goto error; ++ idl_append_extend(&idl, id); + } + + count++; +@@ -695,21 +691,17 @@ error: + + while(remaining > 0) { + for (size_t i = 0; i < leftovercnt; i++) { +- if (leftover[i].key > 0 && idl_id_is_in_idlist(idl, leftover[i].key) != 0) { ++ if (leftover[i].key > 0 && idl_id_is_in_idlist_ranges(idl, idrange_list, leftover[i].key) != 0) { + /* if the leftover key has its parent in the idl */ +- idl_rc = idl_append_extend(&idl, leftover[i].id); +- if (idl_rc) { +- slapi_log_err(SLAPI_LOG_ERR, "idl_new_range_fetch", +- "Unable to extend id list (err=%d)\n", idl_rc); +- idl_free(&idl); +- return NULL; +- } ++ idl_append_extend(&idl, leftover[i].id); ++ idrange_add_id(&idrange_list, leftover[i].id); + leftover[i].key = 0; + remaining--; + } + } + } + slapi_ch_free((void **)&leftover); ++ idrange_free(&idrange_list); + } + slapi_log_err(SLAPI_LOG_FILTER, "idl_new_range_fetch", + "Found %d candidates; error code is: %d\n", +diff --git a/ldap/servers/slapd/back-ldbm/proto-back-ldbm.h b/ldap/servers/slapd/back-ldbm/proto-back-ldbm.h +index 91d61098a..30a7aa11f 100644 +--- a/ldap/servers/slapd/back-ldbm/proto-back-ldbm.h ++++ b/ldap/servers/slapd/back-ldbm/proto-back-ldbm.h +@@ -217,6 +217,9 @@ ID idl_firstid(IDList *idl); + ID idl_nextid(IDList *idl, ID id); + int idl_init_private(backend *be, struct attrinfo *a); + int idl_release_private(struct attrinfo *a); ++IdRange_t *idrange_add_id(IdRange_t **head, ID id); ++void idrange_free(IdRange_t **head); ++int idl_id_is_in_idlist_ranges(IDList *idl, IdRange_t *idrange_list, ID id); + int idl_id_is_in_idlist(IDList *idl, ID id); + + idl_iterator idl_iterator_init(const IDList *idl); +-- +2.52.0 + diff --git a/0002-Issue-Revise-paged-result-search-locking.patch b/0002-Issue-Revise-paged-result-search-locking.patch new file mode 100644 index 0000000..e27ced3 --- /dev/null +++ b/0002-Issue-Revise-paged-result-search-locking.patch @@ -0,0 +1,765 @@ +From 446bc42e7b64a8496c2c3fe486f86bba318bed5e Mon Sep 17 00:00:00 2001 +From: Mark Reynolds +Date: Wed, 7 Jan 2026 16:55:27 -0500 +Subject: [PATCH] Issue - Revise paged result search locking + +Description: + +Move to a single lock approach verses having two locks. This will impact +concurrency when multiple async paged result searches are done on the same +connection, but it simplifies the code and avoids race conditions and +deadlocks. + +Relates: https://github.com/389ds/389-ds-base/issues/7118 + +Reviewed by: progier & tbordaz (Thanks!!) +--- + ldap/servers/slapd/abandon.c | 2 +- + ldap/servers/slapd/opshared.c | 60 ++++---- + ldap/servers/slapd/pagedresults.c | 228 +++++++++++++++++++----------- + ldap/servers/slapd/proto-slap.h | 26 ++-- + ldap/servers/slapd/slap.h | 5 +- + 5 files changed, 187 insertions(+), 134 deletions(-) + +diff --git a/ldap/servers/slapd/abandon.c b/ldap/servers/slapd/abandon.c +index 6024fcd31..1f47c531c 100644 +--- a/ldap/servers/slapd/abandon.c ++++ b/ldap/servers/slapd/abandon.c +@@ -179,7 +179,7 @@ do_abandon(Slapi_PBlock *pb) + logpb.tv_sec = -1; + logpb.tv_nsec = -1; + +- if (0 == pagedresults_free_one_msgid(pb_conn, id, pageresult_lock_get_addr(pb_conn))) { ++ if (0 == pagedresults_free_one_msgid(pb_conn, id, PR_NOT_LOCKED)) { + if (log_format != LOG_FORMAT_DEFAULT) { + /* JSON logging */ + logpb.target_op = "Simple Paged Results"; +diff --git a/ldap/servers/slapd/opshared.c b/ldap/servers/slapd/opshared.c +index a5cddfd23..bf800f7dc 100644 +--- a/ldap/servers/slapd/opshared.c ++++ b/ldap/servers/slapd/opshared.c +@@ -572,8 +572,8 @@ op_shared_search(Slapi_PBlock *pb, int send_result) + be = be_list[index]; + } + } +- pr_search_result = pagedresults_get_search_result(pb_conn, operation, 0 /*not locked*/, pr_idx); +- estimate = pagedresults_get_search_result_set_size_estimate(pb_conn, operation, pr_idx); ++ pr_search_result = pagedresults_get_search_result(pb_conn, operation, PR_NOT_LOCKED, pr_idx); ++ estimate = pagedresults_get_search_result_set_size_estimate(pb_conn, operation, PR_NOT_LOCKED, pr_idx); + /* Set operation note flags as required. */ + if (pagedresults_get_unindexed(pb_conn, operation, pr_idx)) { + slapi_pblock_set_flag_operation_notes(pb, SLAPI_OP_NOTE_UNINDEXED); +@@ -619,14 +619,7 @@ op_shared_search(Slapi_PBlock *pb, int send_result) + int32_t tlimit; + slapi_pblock_get(pb, SLAPI_SEARCH_TIMELIMIT, &tlimit); + pagedresults_set_timelimit(pb_conn, operation, (time_t)tlimit, pr_idx); +- /* When using this mutex in conjunction with the main paged +- * result lock, you must do so in this order: +- * +- * --> pagedresults_lock() +- * --> pagedresults_mutex +- * <-- pagedresults_mutex +- * <-- pagedresults_unlock() +- */ ++ /* IMPORTANT: Never acquire pagedresults_mutex when holding c_mutex. */ + pagedresults_mutex = pageresult_lock_get_addr(pb_conn); + } + +@@ -743,17 +736,15 @@ op_shared_search(Slapi_PBlock *pb, int send_result) + if (op_is_pagedresults(operation) && pr_search_result) { + void *sr = NULL; + /* PAGED RESULTS and already have the search results from the prev op */ +- pagedresults_lock(pb_conn, pr_idx); + /* + * In async paged result case, the search result might be released + * by other theads. We need to double check it in the locked region. + */ + pthread_mutex_lock(pagedresults_mutex); +- pr_search_result = pagedresults_get_search_result(pb_conn, operation, 1 /*locked*/, pr_idx); ++ pr_search_result = pagedresults_get_search_result(pb_conn, operation, PR_LOCKED, pr_idx); + if (pr_search_result) { +- if (pagedresults_is_abandoned_or_notavailable(pb_conn, 1 /*locked*/, pr_idx)) { ++ if (pagedresults_is_abandoned_or_notavailable(pb_conn, PR_LOCKED, pr_idx)) { + pthread_mutex_unlock(pagedresults_mutex); +- pagedresults_unlock(pb_conn, pr_idx); + /* Previous operation was abandoned and the simplepaged object is not in use. */ + send_ldap_result(pb, 0, NULL, "Simple Paged Results Search abandoned", 0, NULL); + rc = LDAP_SUCCESS; +@@ -764,14 +755,13 @@ op_shared_search(Slapi_PBlock *pb, int send_result) + + /* search result could be reset in the backend/dse */ + slapi_pblock_get(pb, SLAPI_SEARCH_RESULT_SET, &sr); +- pagedresults_set_search_result(pb_conn, operation, sr, 1 /*locked*/, pr_idx); ++ pagedresults_set_search_result(pb_conn, operation, sr, PR_LOCKED, pr_idx); + } + } else { + pr_stat = PAGEDRESULTS_SEARCH_END; + rc = LDAP_SUCCESS; + } + pthread_mutex_unlock(pagedresults_mutex); +- pagedresults_unlock(pb_conn, pr_idx); + + if ((PAGEDRESULTS_SEARCH_END == pr_stat) || (0 == pnentries)) { + /* no more entries to send in the backend */ +@@ -789,22 +779,22 @@ op_shared_search(Slapi_PBlock *pb, int send_result) + } + pagedresults_set_response_control(pb, 0, estimate, + curr_search_count, pr_idx); +- if (pagedresults_get_with_sort(pb_conn, operation, pr_idx)) { ++ if (pagedresults_get_with_sort(pb_conn, operation, PR_NOT_LOCKED, pr_idx)) { + sort_make_sort_response_control(pb, CONN_GET_SORT_RESULT_CODE, NULL); + } + pagedresults_set_search_result_set_size_estimate(pb_conn, + operation, +- estimate, pr_idx); ++ estimate, PR_NOT_LOCKED, pr_idx); + if (PAGEDRESULTS_SEARCH_END == pr_stat) { +- pagedresults_lock(pb_conn, pr_idx); ++ pthread_mutex_lock(pagedresults_mutex); + slapi_pblock_set(pb, SLAPI_SEARCH_RESULT_SET, NULL); +- if (!pagedresults_is_abandoned_or_notavailable(pb_conn, 0 /*not locked*/, pr_idx)) { +- pagedresults_free_one(pb_conn, operation, pr_idx); ++ if (!pagedresults_is_abandoned_or_notavailable(pb_conn, PR_LOCKED, pr_idx)) { ++ pagedresults_free_one(pb_conn, operation, PR_LOCKED, pr_idx); + } +- pagedresults_unlock(pb_conn, pr_idx); ++ pthread_mutex_unlock(pagedresults_mutex); + if (next_be) { + /* no more entries, but at least another backend */ +- if (pagedresults_set_current_be(pb_conn, next_be, pr_idx, 0) < 0) { ++ if (pagedresults_set_current_be(pb_conn, next_be, pr_idx, PR_NOT_LOCKED) < 0) { + goto free_and_return; + } + } +@@ -915,7 +905,7 @@ op_shared_search(Slapi_PBlock *pb, int send_result) + } + } + pagedresults_set_search_result(pb_conn, operation, NULL, 1, pr_idx); +- rc = pagedresults_set_current_be(pb_conn, NULL, pr_idx, 1); ++ rc = pagedresults_set_current_be(pb_conn, NULL, pr_idx, PR_LOCKED); + pthread_mutex_unlock(pagedresults_mutex); + #pragma GCC diagnostic pop + } +@@ -954,7 +944,7 @@ op_shared_search(Slapi_PBlock *pb, int send_result) + pthread_mutex_lock(pagedresults_mutex); + pagedresults_set_search_result(pb_conn, operation, NULL, 1, pr_idx); + be->be_search_results_release(&sr); +- rc = pagedresults_set_current_be(pb_conn, next_be, pr_idx, 1); ++ rc = pagedresults_set_current_be(pb_conn, next_be, pr_idx, PR_LOCKED); + pthread_mutex_unlock(pagedresults_mutex); + pr_stat = PAGEDRESULTS_SEARCH_END; /* make sure stat is SEARCH_END */ + if (NULL == next_be) { +@@ -967,23 +957,23 @@ op_shared_search(Slapi_PBlock *pb, int send_result) + } else { + curr_search_count = pnentries; + slapi_pblock_get(pb, SLAPI_SEARCH_RESULT_SET_SIZE_ESTIMATE, &estimate); +- pagedresults_lock(pb_conn, pr_idx); +- if ((pagedresults_set_current_be(pb_conn, be, pr_idx, 0) < 0) || +- (pagedresults_set_search_result(pb_conn, operation, sr, 0, pr_idx) < 0) || +- (pagedresults_set_search_result_count(pb_conn, operation, curr_search_count, pr_idx) < 0) || +- (pagedresults_set_search_result_set_size_estimate(pb_conn, operation, estimate, pr_idx) < 0) || +- (pagedresults_set_with_sort(pb_conn, operation, with_sort, pr_idx) < 0)) { +- pagedresults_unlock(pb_conn, pr_idx); ++ pthread_mutex_lock(pagedresults_mutex); ++ if ((pagedresults_set_current_be(pb_conn, be, pr_idx, PR_LOCKED) < 0) || ++ (pagedresults_set_search_result(pb_conn, operation, sr, PR_LOCKED, pr_idx) < 0) || ++ (pagedresults_set_search_result_count(pb_conn, operation, curr_search_count, PR_LOCKED, pr_idx) < 0) || ++ (pagedresults_set_search_result_set_size_estimate(pb_conn, operation, estimate, PR_LOCKED, pr_idx) < 0) || ++ (pagedresults_set_with_sort(pb_conn, operation, with_sort, PR_LOCKED, pr_idx) < 0)) { ++ pthread_mutex_unlock(pagedresults_mutex); + cache_return_target_entry(pb, be, operation); + goto free_and_return; + } +- pagedresults_unlock(pb_conn, pr_idx); ++ pthread_mutex_unlock(pagedresults_mutex); + } + slapi_pblock_set(pb, SLAPI_SEARCH_RESULT_SET, NULL); + next_be = NULL; /* to break the loop */ + if (operation->o_status & SLAPI_OP_STATUS_ABANDONED) { + /* It turned out this search was abandoned. */ +- pagedresults_free_one_msgid(pb_conn, operation->o_msgid, pagedresults_mutex); ++ pagedresults_free_one_msgid(pb_conn, operation->o_msgid, PR_NOT_LOCKED); + /* paged-results-request was abandoned; making an empty cookie. */ + pagedresults_set_response_control(pb, 0, estimate, -1, pr_idx); + send_ldap_result(pb, 0, NULL, "Simple Paged Results Search abandoned", 0, NULL); +@@ -993,7 +983,7 @@ op_shared_search(Slapi_PBlock *pb, int send_result) + } + pagedresults_set_response_control(pb, 0, estimate, curr_search_count, pr_idx); + if (curr_search_count == -1) { +- pagedresults_free_one(pb_conn, operation, pr_idx); ++ pagedresults_free_one(pb_conn, operation, PR_NOT_LOCKED, pr_idx); + } + } + +diff --git a/ldap/servers/slapd/pagedresults.c b/ldap/servers/slapd/pagedresults.c +index 941ab97e3..0d6c4a1aa 100644 +--- a/ldap/servers/slapd/pagedresults.c ++++ b/ldap/servers/slapd/pagedresults.c +@@ -34,9 +34,9 @@ pageresult_lock_cleanup() + slapi_ch_free((void**)&lock_hash); + } + +-/* Beware to the lock order with c_mutex: +- * c_mutex is sometime locked while holding pageresult_lock +- * ==> Do not lock pageresult_lock when holing c_mutex ++/* Lock ordering constraint with c_mutex: ++ * c_mutex is sometimes locked while holding pageresult_lock. ++ * Therefore: DO NOT acquire pageresult_lock when holding c_mutex. + */ + pthread_mutex_t * + pageresult_lock_get_addr(Connection *conn) +@@ -44,7 +44,11 @@ pageresult_lock_get_addr(Connection *conn) + return &lock_hash[(((size_t)conn)/sizeof (Connection))%LOCK_HASH_SIZE]; + } + +-/* helper function to clean up one prp slot */ ++/* helper function to clean up one prp slot ++ * ++ * NOTE: This function must be called while holding the pageresult_lock ++ * (via pageresult_lock_get_addr(conn)) to ensure thread-safe cleanup. ++ */ + static void + _pr_cleanup_one_slot(PagedResults *prp) + { +@@ -56,7 +60,7 @@ _pr_cleanup_one_slot(PagedResults *prp) + prp->pr_current_be->be_search_results_release(&(prp->pr_search_result_set)); + } + +- /* clean up the slot except the mutex */ ++ /* clean up the slot */ + prp->pr_current_be = NULL; + prp->pr_search_result_set = NULL; + prp->pr_search_result_count = 0; +@@ -136,6 +140,8 @@ pagedresults_parse_control_value(Slapi_PBlock *pb, + return LDAP_UNWILLING_TO_PERFORM; + } + ++ /* Acquire hash-based lock for paged results list access ++ * IMPORTANT: Never acquire this lock when holding c_mutex */ + pthread_mutex_lock(pageresult_lock_get_addr(conn)); + /* the ber encoding is no longer needed */ + ber_free(ber, 1); +@@ -184,10 +190,6 @@ pagedresults_parse_control_value(Slapi_PBlock *pb, + goto bail; + } + +- if ((*index > -1) && (*index < conn->c_pagedresults.prl_maxlen) && +- !conn->c_pagedresults.prl_list[*index].pr_mutex) { +- conn->c_pagedresults.prl_list[*index].pr_mutex = PR_NewLock(); +- } + conn->c_pagedresults.prl_count++; + } else { + /* Repeated paged results request. +@@ -327,8 +329,14 @@ bailout: + "<= idx=%d\n", index); + } + ++/* ++ * Free one paged result entry by index. ++ * ++ * Locking: If locked=0, acquires pageresult_lock. If locked=1, assumes ++ * caller already holds pageresult_lock. Never call when holding c_mutex. ++ */ + int +-pagedresults_free_one(Connection *conn, Operation *op, int index) ++pagedresults_free_one(Connection *conn, Operation *op, bool locked, int index) + { + int rc = -1; + +@@ -338,7 +346,9 @@ pagedresults_free_one(Connection *conn, Operation *op, int index) + slapi_log_err(SLAPI_LOG_TRACE, "pagedresults_free_one", + "=> idx=%d\n", index); + if (conn && (index > -1)) { +- pthread_mutex_lock(pageresult_lock_get_addr(conn)); ++ if (!locked) { ++ pthread_mutex_lock(pageresult_lock_get_addr(conn)); ++ } + if (conn->c_pagedresults.prl_count <= 0) { + slapi_log_err(SLAPI_LOG_TRACE, "pagedresults_free_one", + "conn=%" PRIu64 " paged requests list count is %d\n", +@@ -349,7 +359,9 @@ pagedresults_free_one(Connection *conn, Operation *op, int index) + conn->c_pagedresults.prl_count--; + rc = 0; + } +- pthread_mutex_unlock(pageresult_lock_get_addr(conn)); ++ if (!locked) { ++ pthread_mutex_unlock(pageresult_lock_get_addr(conn)); ++ } + } + + slapi_log_err(SLAPI_LOG_TRACE, "pagedresults_free_one", "<= %d\n", rc); +@@ -357,21 +369,28 @@ pagedresults_free_one(Connection *conn, Operation *op, int index) + } + + /* +- * Used for abandoning - pageresult_lock_get_addr(conn) is already locked in do_abandone. ++ * Free one paged result entry by message ID. ++ * ++ * Locking: If locked=0, acquires pageresult_lock. If locked=1, assumes ++ * caller already holds pageresult_lock. Never call when holding c_mutex. + */ + int +-pagedresults_free_one_msgid(Connection *conn, ber_int_t msgid, pthread_mutex_t *mutex) ++pagedresults_free_one_msgid(Connection *conn, ber_int_t msgid, bool locked) + { + int rc = -1; + int i; ++ pthread_mutex_t *lock = NULL; + + if (conn && (msgid > -1)) { + if (conn->c_pagedresults.prl_maxlen <= 0) { + ; /* Not a paged result. */ + } else { + slapi_log_err(SLAPI_LOG_TRACE, +- "pagedresults_free_one_msgid_nolock", "=> msgid=%d\n", msgid); +- pthread_mutex_lock(mutex); ++ "pagedresults_free_one_msgid", "=> msgid=%d\n", msgid); ++ lock = pageresult_lock_get_addr(conn); ++ if (!locked) { ++ pthread_mutex_lock(lock); ++ } + for (i = 0; i < conn->c_pagedresults.prl_maxlen; i++) { + if (conn->c_pagedresults.prl_list[i].pr_msgid == msgid) { + PagedResults *prp = conn->c_pagedresults.prl_list + i; +@@ -390,9 +409,11 @@ pagedresults_free_one_msgid(Connection *conn, ber_int_t msgid, pthread_mutex_t * + break; + } + } +- pthread_mutex_unlock(mutex); ++ if (!locked) { ++ pthread_mutex_unlock(lock); ++ } + slapi_log_err(SLAPI_LOG_TRACE, +- "pagedresults_free_one_msgid_nolock", "<= %d\n", rc); ++ "pagedresults_free_one_msgid", "<= %d\n", rc); + } + } + +@@ -418,29 +439,43 @@ pagedresults_get_current_be(Connection *conn, int index) + return be; + } + ++/* ++ * Set current backend for a paged result entry. ++ * ++ * Locking: If locked=false, acquires pageresult_lock. If locked=true, assumes ++ * caller already holds pageresult_lock. Never call when holding c_mutex. ++ */ + int +-pagedresults_set_current_be(Connection *conn, Slapi_Backend *be, int index, int nolock) ++pagedresults_set_current_be(Connection *conn, Slapi_Backend *be, int index, bool locked) + { + int rc = -1; + slapi_log_err(SLAPI_LOG_TRACE, + "pagedresults_set_current_be", "=> idx=%d\n", index); + if (conn && (index > -1)) { +- if (!nolock) ++ if (!locked) { + pthread_mutex_lock(pageresult_lock_get_addr(conn)); ++ } + if (index < conn->c_pagedresults.prl_maxlen) { + conn->c_pagedresults.prl_list[index].pr_current_be = be; + } + rc = 0; +- if (!nolock) ++ if (!locked) { + pthread_mutex_unlock(pageresult_lock_get_addr(conn)); ++ } + } + slapi_log_err(SLAPI_LOG_TRACE, + "pagedresults_set_current_be", "<= %d\n", rc); + return rc; + } + ++/* ++ * Get search result set for a paged result entry. ++ * ++ * Locking: If locked=0, acquires pageresult_lock. If locked=1, assumes ++ * caller already holds pageresult_lock. Never call when holding c_mutex. ++ */ + void * +-pagedresults_get_search_result(Connection *conn, Operation *op, int locked, int index) ++pagedresults_get_search_result(Connection *conn, Operation *op, bool locked, int index) + { + void *sr = NULL; + if (!op_is_pagedresults(op)) { +@@ -465,8 +500,14 @@ pagedresults_get_search_result(Connection *conn, Operation *op, int locked, int + return sr; + } + ++/* ++ * Set search result set for a paged result entry. ++ * ++ * Locking: If locked=0, acquires pageresult_lock. If locked=1, assumes ++ * caller already holds pageresult_lock. Never call when holding c_mutex. ++ */ + int +-pagedresults_set_search_result(Connection *conn, Operation *op, void *sr, int locked, int index) ++pagedresults_set_search_result(Connection *conn, Operation *op, void *sr, bool locked, int index) + { + int rc = -1; + if (!op_is_pagedresults(op)) { +@@ -494,8 +535,14 @@ pagedresults_set_search_result(Connection *conn, Operation *op, void *sr, int lo + return rc; + } + ++/* ++ * Get search result count for a paged result entry. ++ * ++ * Locking: If locked=0, acquires pageresult_lock. If locked=1, assumes ++ * caller already holds pageresult_lock. Never call when holding c_mutex. ++ */ + int +-pagedresults_get_search_result_count(Connection *conn, Operation *op, int index) ++pagedresults_get_search_result_count(Connection *conn, Operation *op, bool locked, int index) + { + int count = 0; + if (!op_is_pagedresults(op)) { +@@ -504,19 +551,29 @@ pagedresults_get_search_result_count(Connection *conn, Operation *op, int index) + slapi_log_err(SLAPI_LOG_TRACE, + "pagedresults_get_search_result_count", "=> idx=%d\n", index); + if (conn && (index > -1)) { +- pthread_mutex_lock(pageresult_lock_get_addr(conn)); ++ if (!locked) { ++ pthread_mutex_lock(pageresult_lock_get_addr(conn)); ++ } + if (index < conn->c_pagedresults.prl_maxlen) { + count = conn->c_pagedresults.prl_list[index].pr_search_result_count; + } +- pthread_mutex_unlock(pageresult_lock_get_addr(conn)); ++ if (!locked) { ++ pthread_mutex_unlock(pageresult_lock_get_addr(conn)); ++ } + } + slapi_log_err(SLAPI_LOG_TRACE, + "pagedresults_get_search_result_count", "<= %d\n", count); + return count; + } + ++/* ++ * Set search result count for a paged result entry. ++ * ++ * Locking: If locked=0, acquires pageresult_lock. If locked=1, assumes ++ * caller already holds pageresult_lock. Never call when holding c_mutex. ++ */ + int +-pagedresults_set_search_result_count(Connection *conn, Operation *op, int count, int index) ++pagedresults_set_search_result_count(Connection *conn, Operation *op, int count, bool locked, int index) + { + int rc = -1; + if (!op_is_pagedresults(op)) { +@@ -525,11 +582,15 @@ pagedresults_set_search_result_count(Connection *conn, Operation *op, int count, + slapi_log_err(SLAPI_LOG_TRACE, + "pagedresults_set_search_result_count", "=> idx=%d\n", index); + if (conn && (index > -1)) { +- pthread_mutex_lock(pageresult_lock_get_addr(conn)); ++ if (!locked) { ++ pthread_mutex_lock(pageresult_lock_get_addr(conn)); ++ } + if (index < conn->c_pagedresults.prl_maxlen) { + conn->c_pagedresults.prl_list[index].pr_search_result_count = count; + } +- pthread_mutex_unlock(pageresult_lock_get_addr(conn)); ++ if (!locked) { ++ pthread_mutex_unlock(pageresult_lock_get_addr(conn)); ++ } + rc = 0; + } + slapi_log_err(SLAPI_LOG_TRACE, +@@ -537,9 +598,16 @@ pagedresults_set_search_result_count(Connection *conn, Operation *op, int count, + return rc; + } + ++/* ++ * Get search result set size estimate for a paged result entry. ++ * ++ * Locking: If locked=0, acquires pageresult_lock. If locked=1, assumes ++ * caller already holds pageresult_lock. Never call when holding c_mutex. ++ */ + int + pagedresults_get_search_result_set_size_estimate(Connection *conn, + Operation *op, ++ bool locked, + int index) + { + int count = 0; +@@ -550,11 +618,15 @@ pagedresults_get_search_result_set_size_estimate(Connection *conn, + "pagedresults_get_search_result_set_size_estimate", + "=> idx=%d\n", index); + if (conn && (index > -1)) { +- pthread_mutex_lock(pageresult_lock_get_addr(conn)); ++ if (!locked) { ++ pthread_mutex_lock(pageresult_lock_get_addr(conn)); ++ } + if (index < conn->c_pagedresults.prl_maxlen) { + count = conn->c_pagedresults.prl_list[index].pr_search_result_set_size_estimate; + } +- pthread_mutex_unlock(pageresult_lock_get_addr(conn)); ++ if (!locked) { ++ pthread_mutex_unlock(pageresult_lock_get_addr(conn)); ++ } + } + slapi_log_err(SLAPI_LOG_TRACE, + "pagedresults_get_search_result_set_size_estimate", "<= %d\n", +@@ -562,10 +634,17 @@ pagedresults_get_search_result_set_size_estimate(Connection *conn, + return count; + } + ++/* ++ * Set search result set size estimate for a paged result entry. ++ * ++ * Locking: If locked=0, acquires pageresult_lock. If locked=1, assumes ++ * caller already holds pageresult_lock. Never call when holding c_mutex. ++ */ + int + pagedresults_set_search_result_set_size_estimate(Connection *conn, + Operation *op, + int count, ++ bool locked, + int index) + { + int rc = -1; +@@ -576,11 +655,15 @@ pagedresults_set_search_result_set_size_estimate(Connection *conn, + "pagedresults_set_search_result_set_size_estimate", + "=> idx=%d\n", index); + if (conn && (index > -1)) { +- pthread_mutex_lock(pageresult_lock_get_addr(conn)); ++ if (!locked) { ++ pthread_mutex_lock(pageresult_lock_get_addr(conn)); ++ } + if (index < conn->c_pagedresults.prl_maxlen) { + conn->c_pagedresults.prl_list[index].pr_search_result_set_size_estimate = count; + } +- pthread_mutex_unlock(pageresult_lock_get_addr(conn)); ++ if (!locked) { ++ pthread_mutex_unlock(pageresult_lock_get_addr(conn)); ++ } + rc = 0; + } + slapi_log_err(SLAPI_LOG_TRACE, +@@ -589,8 +672,14 @@ pagedresults_set_search_result_set_size_estimate(Connection *conn, + return rc; + } + ++/* ++ * Get with_sort flag for a paged result entry. ++ * ++ * Locking: If locked=0, acquires pageresult_lock. If locked=1, assumes ++ * caller already holds pageresult_lock. Never call when holding c_mutex. ++ */ + int +-pagedresults_get_with_sort(Connection *conn, Operation *op, int index) ++pagedresults_get_with_sort(Connection *conn, Operation *op, bool locked, int index) + { + int flags = 0; + if (!op_is_pagedresults(op)) { +@@ -599,19 +688,29 @@ pagedresults_get_with_sort(Connection *conn, Operation *op, int index) + slapi_log_err(SLAPI_LOG_TRACE, + "pagedresults_get_with_sort", "=> idx=%d\n", index); + if (conn && (index > -1)) { +- pthread_mutex_lock(pageresult_lock_get_addr(conn)); ++ if (!locked) { ++ pthread_mutex_lock(pageresult_lock_get_addr(conn)); ++ } + if (index < conn->c_pagedresults.prl_maxlen) { + flags = conn->c_pagedresults.prl_list[index].pr_flags & CONN_FLAG_PAGEDRESULTS_WITH_SORT; + } +- pthread_mutex_unlock(pageresult_lock_get_addr(conn)); ++ if (!locked) { ++ pthread_mutex_unlock(pageresult_lock_get_addr(conn)); ++ } + } + slapi_log_err(SLAPI_LOG_TRACE, + "pagedresults_get_with_sort", "<= %d\n", flags); + return flags; + } + ++/* ++ * Set with_sort flag for a paged result entry. ++ * ++ * Locking: If locked=0, acquires pageresult_lock. If locked=1, assumes ++ * caller already holds pageresult_lock. Never call when holding c_mutex. ++ */ + int +-pagedresults_set_with_sort(Connection *conn, Operation *op, int flags, int index) ++pagedresults_set_with_sort(Connection *conn, Operation *op, int flags, bool locked, int index) + { + int rc = -1; + if (!op_is_pagedresults(op)) { +@@ -620,14 +719,18 @@ pagedresults_set_with_sort(Connection *conn, Operation *op, int flags, int index + slapi_log_err(SLAPI_LOG_TRACE, + "pagedresults_set_with_sort", "=> idx=%d\n", index); + if (conn && (index > -1)) { +- pthread_mutex_lock(pageresult_lock_get_addr(conn)); ++ if (!locked) { ++ pthread_mutex_lock(pageresult_lock_get_addr(conn)); ++ } + if (index < conn->c_pagedresults.prl_maxlen) { + if (flags & OP_FLAG_SERVER_SIDE_SORTING) { + conn->c_pagedresults.prl_list[index].pr_flags |= + CONN_FLAG_PAGEDRESULTS_WITH_SORT; + } + } +- pthread_mutex_unlock(pageresult_lock_get_addr(conn)); ++ if (!locked) { ++ pthread_mutex_unlock(pageresult_lock_get_addr(conn)); ++ } + rc = 0; + } + slapi_log_err(SLAPI_LOG_TRACE, "pagedresults_set_with_sort", "<= %d\n", rc); +@@ -802,10 +905,6 @@ pagedresults_cleanup(Connection *conn, int needlock) + rc = 1; + } + prp->pr_current_be = NULL; +- if (prp->pr_mutex) { +- PR_DestroyLock(prp->pr_mutex); +- prp->pr_mutex = NULL; +- } + memset(prp, '\0', sizeof(PagedResults)); + } + conn->c_pagedresults.prl_count = 0; +@@ -840,10 +939,6 @@ pagedresults_cleanup_all(Connection *conn, int needlock) + i < conn->c_pagedresults.prl_maxlen; + i++) { + prp = conn->c_pagedresults.prl_list + i; +- if (prp->pr_mutex) { +- PR_DestroyLock(prp->pr_mutex); +- prp->pr_mutex = NULL; +- } + if (prp->pr_current_be && prp->pr_search_result_set && + prp->pr_current_be->be_search_results_release) { + prp->pr_current_be->be_search_results_release(&(prp->pr_search_result_set)); +@@ -1010,43 +1105,8 @@ op_set_pagedresults(Operation *op) + op->o_flags |= OP_FLAG_PAGED_RESULTS; + } + +-/* +- * pagedresults_lock/unlock -- introduced to protect search results for the +- * asynchronous searches. Do not call these functions while the PR conn lock +- * is held (e.g. pageresult_lock_get_addr(conn)) +- */ +-void +-pagedresults_lock(Connection *conn, int index) +-{ +- PagedResults *prp; +- if (!conn || (index < 0) || (index >= conn->c_pagedresults.prl_maxlen)) { +- return; +- } +- pthread_mutex_lock(pageresult_lock_get_addr(conn)); +- prp = conn->c_pagedresults.prl_list + index; +- if (prp->pr_mutex) { +- PR_Lock(prp->pr_mutex); +- } +- pthread_mutex_unlock(pageresult_lock_get_addr(conn)); +-} +- +-void +-pagedresults_unlock(Connection *conn, int index) +-{ +- PagedResults *prp; +- if (!conn || (index < 0) || (index >= conn->c_pagedresults.prl_maxlen)) { +- return; +- } +- pthread_mutex_lock(pageresult_lock_get_addr(conn)); +- prp = conn->c_pagedresults.prl_list + index; +- if (prp->pr_mutex) { +- PR_Unlock(prp->pr_mutex); +- } +- pthread_mutex_unlock(pageresult_lock_get_addr(conn)); +-} +- + int +-pagedresults_is_abandoned_or_notavailable(Connection *conn, int locked, int index) ++pagedresults_is_abandoned_or_notavailable(Connection *conn, bool locked, int index) + { + PagedResults *prp; + int32_t result; +@@ -1066,7 +1126,7 @@ pagedresults_is_abandoned_or_notavailable(Connection *conn, int locked, int inde + } + + int +-pagedresults_set_search_result_pb(Slapi_PBlock *pb, void *sr, int locked) ++pagedresults_set_search_result_pb(Slapi_PBlock *pb, void *sr, bool locked) + { + int rc = -1; + Connection *conn = NULL; +diff --git a/ldap/servers/slapd/proto-slap.h b/ldap/servers/slapd/proto-slap.h +index 765c12bf5..455d6d718 100644 +--- a/ldap/servers/slapd/proto-slap.h ++++ b/ldap/servers/slapd/proto-slap.h +@@ -1614,20 +1614,22 @@ pthread_mutex_t *pageresult_lock_get_addr(Connection *conn); + int pagedresults_parse_control_value(Slapi_PBlock *pb, struct berval *psbvp, ber_int_t *pagesize, int *index, Slapi_Backend *be); + void pagedresults_set_response_control(Slapi_PBlock *pb, int iscritical, ber_int_t estimate, int curr_search_count, int index); + Slapi_Backend *pagedresults_get_current_be(Connection *conn, int index); +-int pagedresults_set_current_be(Connection *conn, Slapi_Backend *be, int index, int nolock); +-void *pagedresults_get_search_result(Connection *conn, Operation *op, int locked, int index); +-int pagedresults_set_search_result(Connection *conn, Operation *op, void *sr, int locked, int index); +-int pagedresults_get_search_result_count(Connection *conn, Operation *op, int index); +-int pagedresults_set_search_result_count(Connection *conn, Operation *op, int cnt, int index); ++int pagedresults_set_current_be(Connection *conn, Slapi_Backend *be, int index, bool locked); ++void *pagedresults_get_search_result(Connection *conn, Operation *op, bool locked, int index); ++int pagedresults_set_search_result(Connection *conn, Operation *op, void *sr, bool locked, int index); ++int pagedresults_get_search_result_count(Connection *conn, Operation *op, bool locked, int index); ++int pagedresults_set_search_result_count(Connection *conn, Operation *op, int cnt, bool locked, int index); + int pagedresults_get_search_result_set_size_estimate(Connection *conn, + Operation *op, ++ bool locked, + int index); + int pagedresults_set_search_result_set_size_estimate(Connection *conn, + Operation *op, + int cnt, ++ bool locked, + int index); +-int pagedresults_get_with_sort(Connection *conn, Operation *op, int index); +-int pagedresults_set_with_sort(Connection *conn, Operation *op, int flags, int index); ++int pagedresults_get_with_sort(Connection *conn, Operation *op, bool locked, int index); ++int pagedresults_set_with_sort(Connection *conn, Operation *op, int flags, bool locked, int index); + int pagedresults_get_unindexed(Connection *conn, Operation *op, int index); + int pagedresults_set_unindexed(Connection *conn, Operation *op, int index); + int pagedresults_get_sort_result_code(Connection *conn, Operation *op, int index); +@@ -1639,15 +1641,13 @@ int pagedresults_cleanup(Connection *conn, int needlock); + int pagedresults_is_timedout_nolock(Connection *conn); + int pagedresults_reset_timedout_nolock(Connection *conn); + int pagedresults_in_use_nolock(Connection *conn); +-int pagedresults_free_one(Connection *conn, Operation *op, int index); +-int pagedresults_free_one_msgid(Connection *conn, ber_int_t msgid, pthread_mutex_t *mutex); ++int pagedresults_free_one(Connection *conn, Operation *op, bool locked, int index); ++int pagedresults_free_one_msgid(Connection *conn, ber_int_t msgid, bool locked); + int op_is_pagedresults(Operation *op); + int pagedresults_cleanup_all(Connection *conn, int needlock); + void op_set_pagedresults(Operation *op); +-void pagedresults_lock(Connection *conn, int index); +-void pagedresults_unlock(Connection *conn, int index); +-int pagedresults_is_abandoned_or_notavailable(Connection *conn, int locked, int index); +-int pagedresults_set_search_result_pb(Slapi_PBlock *pb, void *sr, int locked); ++int pagedresults_is_abandoned_or_notavailable(Connection *conn, bool locked, int index); ++int pagedresults_set_search_result_pb(Slapi_PBlock *pb, void *sr, bool locked); + + /* + * sort.c +diff --git a/ldap/servers/slapd/slap.h b/ldap/servers/slapd/slap.h +index 11c5602e3..d494931c2 100644 +--- a/ldap/servers/slapd/slap.h ++++ b/ldap/servers/slapd/slap.h +@@ -89,6 +89,10 @@ static char ptokPBE[34] = "Internal (Software) Token "; + #include + #include /* For timespec definitions */ + ++/* Macros for paged results lock parameter */ ++#define PR_LOCKED true ++#define PR_NOT_LOCKED false ++ + /* Provides our int types and platform specific requirements. */ + #include + +@@ -1669,7 +1673,6 @@ typedef struct _paged_results + struct timespec pr_timelimit_hr; /* expiry time of this request rel to clock monotonic */ + int pr_flags; + ber_int_t pr_msgid; /* msgid of the request; to abandon */ +- PRLock *pr_mutex; /* protect each conn structure */ + } PagedResults; + + /* array of simple paged structure stashed in connection */ +-- +2.52.0 + diff --git a/0003-Issue-7108-Fix-shutdown-crash-in-entry-cache-destruc.patch b/0003-Issue-7108-Fix-shutdown-crash-in-entry-cache-destruc.patch new file mode 100644 index 0000000..bb2127c --- /dev/null +++ b/0003-Issue-7108-Fix-shutdown-crash-in-entry-cache-destruc.patch @@ -0,0 +1,183 @@ +From 4936f953fa3b0726c2b178f135cd78dcac7463ba Mon Sep 17 00:00:00 2001 +From: Simon Pichugin +Date: Thu, 8 Jan 2026 10:02:39 -0800 +Subject: [PATCH] Issue 7108 - Fix shutdown crash in entry cache destruction + (#7163) + +Description: The entry cache could experience LRU list corruption when +using pinned entries, leading to crashes during cache flush operations. + +In entrycache_add_int(), when returning an existing cached entry, the +code checked the wrong entry's state before calling lru_delete(). It +checked the new entry 'e' but operated on the existing entry 'my_alt', +causing lru_delete() to be called on entries not in the LRU list. This +is fixed by checking my_alt's refcnt and pinned state instead. + +In flush_hash(), pinned_remove() and lru_delete() were both called on +pinned entries. Since pinned entries are in the pinned list, calling +lru_delete() afterwards corrupted the list. This is fixed by calling +either pinned_remove() or lru_delete() based on the entry's state. + +A NULL check is added in entrycache_flush() and dncache_flush() to +gracefully handle corrupted LRU lists and prevent crashes when +traversing backwards through the list encounters an unexpected NULL. + +Entry pointers are now always cleared after lru_delete() removal to +prevent stale pointer issues in non-debug builds. + +Fixes: https://github.com/389ds/389-ds-base/issues/7108 + +Reviewed by: @progier389, @vashirov (Thanks!!) +--- + ldap/servers/slapd/back-ldbm/cache.c | 48 +++++++++++++++++++++++++--- + 1 file changed, 43 insertions(+), 5 deletions(-) + +diff --git a/ldap/servers/slapd/back-ldbm/cache.c b/ldap/servers/slapd/back-ldbm/cache.c +index 2e4126134..a87f30687 100644 +--- a/ldap/servers/slapd/back-ldbm/cache.c ++++ b/ldap/servers/slapd/back-ldbm/cache.c +@@ -458,11 +458,13 @@ static void + lru_delete(struct cache *cache, void *ptr) + { + struct backcommon *e; ++ + if (NULL == ptr) { + LOG("=> lru_delete\n<= lru_delete (null entry)\n"); + return; + } + e = (struct backcommon *)ptr; ++ + #ifdef LDAP_CACHE_DEBUG_LRU + pinned_verify(cache, __LINE__); + lru_verify(cache, e, 1); +@@ -475,8 +477,9 @@ lru_delete(struct cache *cache, void *ptr) + e->ep_lrunext->ep_lruprev = e->ep_lruprev; + else + cache->c_lrutail = e->ep_lruprev; +-#ifdef LDAP_CACHE_DEBUG_LRU ++ /* Always clear pointers after removal to prevent stale pointer issues */ + e->ep_lrunext = e->ep_lruprev = NULL; ++#ifdef LDAP_CACHE_DEBUG_LRU + lru_verify(cache, e, 0); + #endif + } +@@ -633,9 +636,14 @@ flush_hash(struct cache *cache, struct timespec *start_time, int32_t type) + if (entry->ep_refcnt == 0) { + entry->ep_refcnt++; + if (entry->ep_state & ENTRY_STATE_PINNED) { ++ /* Entry is in pinned list, not LRU - remove from pinned only. ++ * pinned_remove clears lru pointers and won't add to LRU since refcnt > 0. ++ */ + pinned_remove(cache, laste); ++ } else { ++ /* Entry is in LRU list - remove from LRU */ ++ lru_delete(cache, laste); + } +- lru_delete(cache, laste); + if (type == ENTRY_CACHE) { + entrycache_remove_int(cache, laste); + entrycache_return(cache, (struct backentry **)&laste, PR_TRUE); +@@ -679,9 +687,14 @@ flush_hash(struct cache *cache, struct timespec *start_time, int32_t type) + if (entry->ep_refcnt == 0) { + entry->ep_refcnt++; + if (entry->ep_state & ENTRY_STATE_PINNED) { ++ /* Entry is in pinned list, not LRU - remove from pinned only. ++ * pinned_remove clears lru pointers and won't add to LRU since refcnt > 0. ++ */ + pinned_remove(cache, laste); ++ } else { ++ /* Entry is in LRU list - remove from LRU */ ++ lru_delete(cache, laste); + } +- lru_delete(cache, laste); + entrycache_remove_int(cache, laste); + entrycache_return(cache, (struct backentry **)&laste, PR_TRUE); + } else { +@@ -772,6 +785,11 @@ entrycache_flush(struct cache *cache) + } else { + e = BACK_LRU_PREV(e, struct backentry *); + } ++ if (e == NULL) { ++ slapi_log_err(SLAPI_LOG_WARNING, "entrycache_flush", ++ "Unexpected NULL entry while flushing cache - LRU list may be corrupted\n"); ++ break; ++ } + ASSERT(e->ep_refcnt == 0); + e->ep_refcnt++; + if (entrycache_remove_int(cache, e) < 0) { +@@ -1160,6 +1178,7 @@ pinned_remove(struct cache *cache, void *ptr) + { + struct backentry *e = (struct backentry *)ptr; + ASSERT(e->ep_state & ENTRY_STATE_PINNED); ++ + cache->c_pinned_ctx->npinned--; + cache->c_pinned_ctx->size -= e->ep_size; + e->ep_state &= ~ENTRY_STATE_PINNED; +@@ -1172,13 +1191,23 @@ pinned_remove(struct cache *cache, void *ptr) + cache->c_pinned_ctx->head = cache->c_pinned_ctx->tail = NULL; + } else { + cache->c_pinned_ctx->head = BACK_LRU_NEXT(e, struct backentry *); ++ /* Update new head's prev pointer to NULL */ ++ if (cache->c_pinned_ctx->head) { ++ cache->c_pinned_ctx->head->ep_lruprev = NULL; ++ } + } + } else if (cache->c_pinned_ctx->tail == e) { + cache->c_pinned_ctx->tail = BACK_LRU_PREV(e, struct backentry *); ++ /* Update new tail's next pointer to NULL */ ++ if (cache->c_pinned_ctx->tail) { ++ cache->c_pinned_ctx->tail->ep_lrunext = NULL; ++ } + } else { ++ /* Middle of list: update both neighbors to point to each other */ + BACK_LRU_PREV(e, struct backentry *)->ep_lrunext = BACK_LRU_NEXT(e, struct backcommon *); + BACK_LRU_NEXT(e, struct backentry *)->ep_lruprev = BACK_LRU_PREV(e, struct backcommon *); + } ++ /* Clear the removed entry's pointers */ + e->ep_lrunext = e->ep_lruprev = NULL; + if (e->ep_refcnt == 0) { + lru_add(cache, ptr); +@@ -1245,6 +1274,7 @@ pinned_add(struct cache *cache, void *ptr) + return false; + } + /* Now it is time to insert the entry in the pinned list */ ++ + cache->c_pinned_ctx->npinned++; + cache->c_pinned_ctx->size += e->ep_size; + e->ep_state |= ENTRY_STATE_PINNED; +@@ -1754,7 +1784,7 @@ entrycache_add_int(struct cache *cache, struct backentry *e, int state, struct b + * 3) ep_state: 0 && state: 0 + * ==> increase the refcnt + */ +- if (e->ep_refcnt == 0) ++ if (e->ep_refcnt == 0 && (e->ep_state & ENTRY_STATE_PINNED) == 0) + lru_delete(cache, (void *)e); + e->ep_refcnt++; + e->ep_state &= ~ENTRY_STATE_UNAVAILABLE; +@@ -1781,7 +1811,7 @@ entrycache_add_int(struct cache *cache, struct backentry *e, int state, struct b + } else { + if (alt) { + *alt = my_alt; +- if (e->ep_refcnt == 0 && (e->ep_state & ENTRY_STATE_PINNED) == 0) ++ if (my_alt->ep_refcnt == 0 && (my_alt->ep_state & ENTRY_STATE_PINNED) == 0) + lru_delete(cache, (void *)*alt); + (*alt)->ep_refcnt++; + LOG("the entry %s already exists. returning existing entry %s (state: 0x%x)\n", +@@ -2379,6 +2409,14 @@ dncache_flush(struct cache *cache) + } else { + dn = BACK_LRU_PREV(dn, struct backdn *); + } ++ if (dn == NULL) { ++ /* Safety check: we should normally exit via the CACHE_LRU_HEAD check. ++ * If we get here, c_lruhead may be NULL or the LRU list is corrupted. ++ */ ++ slapi_log_err(SLAPI_LOG_WARNING, "dncache_flush", ++ "Unexpected NULL entry while flushing cache - LRU list may be corrupted\n"); ++ break; ++ } + ASSERT(dn->ep_refcnt == 0); + dn->ep_refcnt++; + if (dncache_remove_int(cache, dn) < 0) { +-- +2.52.0 + diff --git a/0004-Issue-7172-Index-ordering-mismatch-after-upgrade-717.patch b/0004-Issue-7172-Index-ordering-mismatch-after-upgrade-717.patch new file mode 100644 index 0000000..2ea800b --- /dev/null +++ b/0004-Issue-7172-Index-ordering-mismatch-after-upgrade-717.patch @@ -0,0 +1,215 @@ +From 742c12e0247ab64e87da000a4de2f3e5c99044ab Mon Sep 17 00:00:00 2001 +From: Viktor Ashirov +Date: Fri, 9 Jan 2026 11:39:50 +0100 +Subject: [PATCH] Issue 7172 - Index ordering mismatch after upgrade (#7173) + +Bug Description: +Commit daf731f55071d45eaf403a52b63d35f4e699ff28 introduced a regression. +After upgrading to a version that adds `integerOrderingMatch` matching +rule to `parentid` and `ancestorid` indexes, searches may return empty +or incorrect results. + +This happens because the existing index data was created with +lexicographic ordering, but the new compare function expects integer +ordering. Index lookups fail because the compare function doesn't match +the data ordering. +The root cause is that `ldbm_instance_create_default_indexes()` calls +`attr_index_config()` unconditionally for `parentid` and `ancestorid` +indexes, which triggers `ainfo_dup()` to overwrite `ai_key_cmp_fn` on +existing indexes. This breaks indexes that were created without the +`integerOrderingMatch` matching rule. + +Fix Description: +* Call `attr_index_config()` for `parentid` and `ancestorid` indexes +only if index config doesn't exist. + +* Add `upgrade_check_id_index_matching_rule()` that logs an error on +server startup if `parentid` or `ancestorid` indexes are missing the +integerOrderingMatch matching rule, advising administrators to reindex. + +Fixes: https://github.com/389ds/389-ds-base/issues/7172 + +Reviewed by: @tbordaz, @progier389, @droideck (Thanks!) +--- + ldap/servers/slapd/back-ldbm/instance.c | 25 ++++-- + ldap/servers/slapd/upgrade.c | 107 +++++++++++++++++++++++- + 2 files changed, 123 insertions(+), 9 deletions(-) + +diff --git a/ldap/servers/slapd/back-ldbm/instance.c b/ldap/servers/slapd/back-ldbm/instance.c +index cb002c379..71bf0f6fa 100644 +--- a/ldap/servers/slapd/back-ldbm/instance.c ++++ b/ldap/servers/slapd/back-ldbm/instance.c +@@ -190,6 +190,7 @@ ldbm_instance_create_default_indexes(backend *be) + char *ancestorid_indexes_limit = NULL; + char *parentid_indexes_limit = NULL; + struct attrinfo *ai = NULL; ++ struct attrinfo *index_already_configured = NULL; + struct index_idlistsizeinfo *iter; + int cookie; + int limit; +@@ -248,10 +249,14 @@ ldbm_instance_create_default_indexes(backend *be) + ldbm_instance_config_add_index_entry(inst, e, flags); + slapi_entry_free(e); + +- e = ldbm_instance_init_config_entry(LDBM_PARENTID_STR, "eq", 0, 0, 0, "integerOrderingMatch", parentid_indexes_limit); +- ldbm_instance_config_add_index_entry(inst, e, flags); +- attr_index_config(be, "ldbm index init", 0, e, 1, 0, NULL); +- slapi_entry_free(e); ++ ainfo_get(be, (char *)LDBM_PARENTID_STR, &ai); ++ index_already_configured = ai; ++ if (!index_already_configured) { ++ e = ldbm_instance_init_config_entry(LDBM_PARENTID_STR, "eq", 0, 0, 0, "integerOrderingMatch", parentid_indexes_limit); ++ ldbm_instance_config_add_index_entry(inst, e, flags); ++ attr_index_config(be, "ldbm index init", 0, e, 1, 0, NULL); ++ slapi_entry_free(e); ++ } + + e = ldbm_instance_init_config_entry("objectclass", "eq", 0, 0, 0, 0, 0); + ldbm_instance_config_add_index_entry(inst, e, flags); +@@ -288,10 +293,14 @@ ldbm_instance_create_default_indexes(backend *be) + * ancestorid is special, there is actually no such attr type + * but we still want to use the attr index file APIs. + */ +- e = ldbm_instance_init_config_entry(LDBM_ANCESTORID_STR, "eq", 0, 0, 0, "integerOrderingMatch", ancestorid_indexes_limit); +- ldbm_instance_config_add_index_entry(inst, e, flags); +- attr_index_config(be, "ldbm index init", 0, e, 1, 0, NULL); +- slapi_entry_free(e); ++ ainfo_get(be, (char *)LDBM_ANCESTORID_STR, &ai); ++ index_already_configured = ai; ++ if (!index_already_configured) { ++ e = ldbm_instance_init_config_entry(LDBM_ANCESTORID_STR, "eq", 0, 0, 0, "integerOrderingMatch", ancestorid_indexes_limit); ++ ldbm_instance_config_add_index_entry(inst, e, flags); ++ attr_index_config(be, "ldbm index init", 0, e, 1, 0, NULL); ++ slapi_entry_free(e); ++ } + + slapi_ch_free_string(&ancestorid_indexes_limit); + slapi_ch_free_string(&parentid_indexes_limit); +diff --git a/ldap/servers/slapd/upgrade.c b/ldap/servers/slapd/upgrade.c +index 858392564..b02e37ed6 100644 +--- a/ldap/servers/slapd/upgrade.c ++++ b/ldap/servers/slapd/upgrade.c +@@ -330,6 +330,107 @@ upgrade_remove_subtree_rename(void) + return UPGRADE_SUCCESS; + } + ++/* ++ * Check if parentid/ancestorid indexes are missing the integerOrderingMatch ++ * matching rule. ++ * ++ * This function logs a warning if we detect this condition, advising ++ * the administrator to reindex the affected attributes. ++ */ ++static upgrade_status ++upgrade_check_id_index_matching_rule(void) ++{ ++ struct slapi_pblock *pb = slapi_pblock_new(); ++ Slapi_Entry **backends = NULL; ++ const char *be_base_dn = "cn=ldbm database,cn=plugins,cn=config"; ++ const char *be_filter = "(objectclass=nsBackendInstance)"; ++ const char *attrs_to_check[] = {"parentid", "ancestorid", NULL}; ++ upgrade_status uresult = UPGRADE_SUCCESS; ++ ++ /* Search for all backend instances */ ++ slapi_search_internal_set_pb( ++ pb, be_base_dn, ++ LDAP_SCOPE_ONELEVEL, ++ be_filter, NULL, 0, NULL, NULL, ++ plugin_get_default_component_id(), 0); ++ slapi_search_internal_pb(pb); ++ slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &backends); ++ ++ if (backends) { ++ for (size_t be_idx = 0; backends[be_idx] != NULL; be_idx++) { ++ const char *be_name = slapi_entry_attr_get_ref(backends[be_idx], "cn"); ++ if (!be_name) { ++ continue; ++ } ++ ++ /* Check each attribute that should have integerOrderingMatch */ ++ for (size_t attr_idx = 0; attrs_to_check[attr_idx] != NULL; attr_idx++) { ++ const char *attr_name = attrs_to_check[attr_idx]; ++ struct slapi_pblock *idx_pb = slapi_pblock_new(); ++ Slapi_Entry **idx_entries = NULL; ++ char *idx_dn = slapi_create_dn_string("cn=%s,cn=index,cn=%s,%s", ++ attr_name, be_name, be_base_dn); ++ char *idx_filter = "(objectclass=nsIndex)"; ++ PRBool has_matching_rule = PR_FALSE; ++ ++ if (!idx_dn) { ++ slapi_pblock_destroy(idx_pb); ++ continue; ++ } ++ ++ slapi_search_internal_set_pb( ++ idx_pb, idx_dn, ++ LDAP_SCOPE_BASE, ++ idx_filter, NULL, 0, NULL, NULL, ++ plugin_get_default_component_id(), 0); ++ slapi_search_internal_pb(idx_pb); ++ slapi_pblock_get(idx_pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &idx_entries); ++ ++ if (idx_entries && idx_entries[0]) { ++ /* Index exists, check if it has integerOrderingMatch */ ++ Slapi_Attr *mr_attr = NULL; ++ if (slapi_entry_attr_find(idx_entries[0], "nsMatchingRule", &mr_attr) == 0) { ++ Slapi_Value *sval = NULL; ++ int idx; ++ for (idx = slapi_attr_first_value(mr_attr, &sval); ++ idx != -1; ++ idx = slapi_attr_next_value(mr_attr, idx, &sval)) { ++ const struct berval *bval = slapi_value_get_berval(sval); ++ if (bval && bval->bv_val && ++ strcasecmp(bval->bv_val, "integerOrderingMatch") == 0) { ++ has_matching_rule = PR_TRUE; ++ break; ++ } ++ } ++ } ++ ++ if (!has_matching_rule) { ++ /* Index exists but doesn't have integerOrderingMatch, log a warning */ ++ slapi_log_err(SLAPI_LOG_ERR, "upgrade_check_id_index_matching_rule", ++ "Index '%s' in backend '%s' is missing 'nsMatchingRule: integerOrderingMatch'. " ++ "Incorrectly configured system indexes can lead to poor search performance, replication issues, and other operational problems. " ++ "To fix this, add the matching rule and reindex: " ++ "dsconf backend index set --add-mr integerOrderingMatch --attr %s %s && " ++ "dsconf backend index reindex --attr %s %s. " ++ "WARNING: Reindexing can be resource-intensive and may impact server performance on a live system. " ++ "Consider scheduling reindexing during maintenance windows or periods of low activity.\n", ++ attr_name, be_name, attr_name, be_name, attr_name, be_name); ++ } ++ } ++ ++ slapi_ch_free_string(&idx_dn); ++ slapi_free_search_results_internal(idx_pb); ++ slapi_pblock_destroy(idx_pb); ++ } ++ } ++ } ++ ++ slapi_free_search_results_internal(pb); ++ slapi_pblock_destroy(pb); ++ ++ return uresult; ++} ++ + /* + * Upgrade the base config of the PAM PTA plugin. + * +@@ -547,7 +648,11 @@ upgrade_server(void) + if (upgrade_pam_pta_default_config() != UPGRADE_SUCCESS) { + return UPGRADE_FAILURE; + } +- ++ ++ if (upgrade_check_id_index_matching_rule() != UPGRADE_SUCCESS) { ++ return UPGRADE_FAILURE; ++ } ++ + return UPGRADE_SUCCESS; + } + +-- +2.52.0 + diff --git a/0005-Issue-7172-2nd-Index-ordering-mismatch-after-upgrade.patch b/0005-Issue-7172-2nd-Index-ordering-mismatch-after-upgrade.patch new file mode 100644 index 0000000..591d144 --- /dev/null +++ b/0005-Issue-7172-2nd-Index-ordering-mismatch-after-upgrade.patch @@ -0,0 +1,67 @@ +From f5de84e309d5a4435198c9cc9b31b5722979f1ff Mon Sep 17 00:00:00 2001 +From: Viktor Ashirov +Date: Mon, 12 Jan 2026 10:58:02 +0100 +Subject: [PATCH 5/5] Issue 7172 - (2nd) Index ordering mismatch after upgrade + (#7180) + +Commit 742c12e0247ab64e87da000a4de2f3e5c99044ab introduced a regression +where the check to skip creating parentid/ancestorid indexes if they +already exist was incorrect. +The `ainfo_get()` function falls back to returning +LDBM_PSEUDO_ATTR_DEFAULT attrinfo when the requested attribute is not +found. +Since LDBM_PSEUDO_ATTR_DEFAULT is created before the ancestorid check, +`ainfo_get()` returns LDBM_PSEUDO_ATTR_DEFAULT instead of NULL, causing +the ancestorid index creation to be skipped entirely. + +When operations later try to use the ancestorid index, they fall back to +LDBM_PSEUDO_ATTR_DEFAULT, and attempting to open the .default dbi +mid-transaction fails with MDB_NOTFOUND (-30798). + +Fix Description: +Instead of just checking if `ainfo_get()` returns non-NULL, verify that +the returned attrinfo is actually for the requested attribute. + +Fixes: https://github.com/389ds/389-ds-base/issues/7172 + +Reviewed by: @tbordaz (Thanks!) +--- + ldap/servers/slapd/back-ldbm/instance.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/ldap/servers/slapd/back-ldbm/instance.c b/ldap/servers/slapd/back-ldbm/instance.c +index 71bf0f6fa..2a6e8cbb8 100644 +--- a/ldap/servers/slapd/back-ldbm/instance.c ++++ b/ldap/servers/slapd/back-ldbm/instance.c +@@ -190,7 +190,7 @@ ldbm_instance_create_default_indexes(backend *be) + char *ancestorid_indexes_limit = NULL; + char *parentid_indexes_limit = NULL; + struct attrinfo *ai = NULL; +- struct attrinfo *index_already_configured = NULL; ++ int index_already_configured = 0; + struct index_idlistsizeinfo *iter; + int cookie; + int limit; +@@ -250,7 +250,8 @@ ldbm_instance_create_default_indexes(backend *be) + slapi_entry_free(e); + + ainfo_get(be, (char *)LDBM_PARENTID_STR, &ai); +- index_already_configured = ai; ++ /* Check if the attrinfo is actually for parentid, not a fallback to .default */ ++ index_already_configured = (ai != NULL && strcmp(ai->ai_type, LDBM_PARENTID_STR) == 0); + if (!index_already_configured) { + e = ldbm_instance_init_config_entry(LDBM_PARENTID_STR, "eq", 0, 0, 0, "integerOrderingMatch", parentid_indexes_limit); + ldbm_instance_config_add_index_entry(inst, e, flags); +@@ -294,7 +295,8 @@ ldbm_instance_create_default_indexes(backend *be) + * but we still want to use the attr index file APIs. + */ + ainfo_get(be, (char *)LDBM_ANCESTORID_STR, &ai); +- index_already_configured = ai; ++ /* Check if the attrinfo is actually for ancestorid, not a fallback to .default */ ++ index_already_configured = (ai != NULL && strcmp(ai->ai_type, LDBM_ANCESTORID_STR) == 0); + if (!index_already_configured) { + e = ldbm_instance_init_config_entry(LDBM_ANCESTORID_STR, "eq", 0, 0, 0, "integerOrderingMatch", ancestorid_indexes_limit); + ldbm_instance_config_add_index_entry(inst, e, flags); +-- +2.52.0 + diff --git a/389-ds-base-devel.README b/389-ds-base-devel.README index 190c874..c411a61 100644 --- a/389-ds-base-devel.README +++ b/389-ds-base-devel.README @@ -1,4 +1,4 @@ -For detailed information on developing plugins for -389 Directory Server visit. +For detailed information on developing plugins for 389 Directory Server visit -http://port389/wiki/Plugins +https://www.port389.org/docs/389ds/design/plugins.html +https://github.com/389ds/389-ds-base/blob/main/src/slapi_r_plugin/README.md diff --git a/389-ds-base-git-local.sh b/389-ds-base-git-local.sh deleted file mode 100644 index bc809cb..0000000 --- a/389-ds-base-git-local.sh +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/bash - -DATE=`date +%Y%m%d` -# use a real tag name here -VERSION=1.3.5.14 -PKGNAME=389-ds-base -TAG=${TAG:-$PKGNAME-$VERSION} -#SRCNAME=$PKGNAME-$VERSION-$DATE -SRCNAME=$PKGNAME-$VERSION - -test -d .git || { - echo you must be in the ds git repo to use this - echo bye - exit 1 -} - -if [ -z "$1" ] ; then - dir=. -else - dir="$1" -fi - -git archive --prefix=$SRCNAME/ $TAG | bzip2 > $dir/$SRCNAME.tar.bz2 diff --git a/389-ds-base-git.sh b/389-ds-base-git.sh deleted file mode 100644 index 0043901..0000000 --- a/389-ds-base-git.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/bash - -DATE=`date +%Y%m%d` -# use a real tag name here -VERSION=1.3.5.14 -PKGNAME=389-ds-base -TAG=${TAG:-$PKGNAME-$VERSION} -URL="https://git.fedorahosted.org/git/?p=389/ds.git;a=snapshot;h=$TAG;sf=tgz" -SRCNAME=$PKGNAME-$VERSION - -wget -O $SRCNAME.tar.gz "$URL" - -echo convert tgz format to tar.bz2 format - -gunzip $PKGNAME-$VERSION.tar.gz -bzip2 $PKGNAME-$VERSION.tar diff --git a/389-ds-base.spec b/389-ds-base.spec index 4d74461..e864a88 100644 --- a/389-ds-base.spec +++ b/389-ds-base.spec @@ -1,38 +1,63 @@ - -%global pkgname dirsrv -%global srcname 389-ds-base +%global pkgname dirsrv # Exclude i686 bit arches -ExcludeArch: i686 +ExcludeArch: i686 -# for a pre-release, define the prerel field e.g. .a1 .rc2 - comment out for official release -# also remove the space between % and global - this space is needed because -# fedpkg verrel stupidly ignores comment lines -#% global prerel .rc3 -# also need the relprefix field for a pre-release e.g. .0 - also comment out for official release -#% global relprefix 0. - -# If perl-Socket-2.000 or newer is available, set 0 to use_Socket6. -%global use_Socket6 0 - -%global use_asan 0 -%global use_rust 0 -%global bundle_jemalloc 1 -%if %{use_asan} -%global bundle_jemalloc 0 -%endif - -%if %{bundle_jemalloc} +%bcond bundle_jemalloc 1 +%if %{with bundle_jemalloc} %global jemalloc_name jemalloc -%global jemalloc_ver 5.2.1 +%global jemalloc_ver 5.3.0 %global __provides_exclude ^libjemalloc\\.so.*$ %endif +%bcond bundle_libdb 0 +%if 0%{?rhel} >= 10 +%bcond bundle_libdb 1 +%endif + +%if %{with bundle_libdb} +%global libdb_version 5.3 +%global libdb_base_version db-%{libdb_version}.28 +%global libdb_full_version lib%{libdb_base_version}-59 +%global libdb_bundle_name libdb-%{libdb_version}-389ds.so +%if 0%{?fedora} >= 41 || 0%{?rhel} >= 11 +# RPM 4.20 +%global libdb_base_dir lib%{libdb_base_version}-build/%{libdb_base_version} +%else +%global libdb_base_dir %{libdb_base_version} +%endif +%endif + +%bcond libbdb_ro 0 +%if 0%{?fedora} >= 43 +%bcond libbdb_ro 1 +%endif + +# This is used in certain builds to help us know if it has extra features. +%global variant base +# This enables a sanitized build. +%bcond asan 0 +%bcond msan 0 +%bcond tsan 0 +%bcond ubsan 0 + +%if %{with asan} || %{with msan} || %{with tsan} || %{with ubsan} +%global variant base-xsan +%endif + # Use Clang instead of GCC -%global use_clang 0 +%bcond clang 0 +%if %{with msan} +%bcond clang 1 +%endif + +%if %{with clang} +%global toolchain clang +%global _missing_build_ids_terminate_build 0 +%endif # Build cockpit plugin -%global use_cockpit 1 +%bcond cockpit 1 # fedora 15 and later uses tmpfiles.d # otherwise, comment this out @@ -41,150 +66,370 @@ ExcludeArch: i686 # systemd support %global groupname %{pkgname}.target -# set PIE flag -%global _hardened_build 1 +# Filter argparse-manpage from autogenerated package Requires +%global __requires_exclude ^python.*argparse-manpage -Summary: 389 Directory Server (base) +# Force to require nss version greater or equal as the version available at the build time +# See bz1986327 +%define dirsrv_requires_ge() %(LC_ALL="C" echo '%*' | xargs -r rpm -q --qf 'Requires: %%{name} >= %%{epoch}:%%{version}\\n' | sed -e 's/ (none):/ /' -e 's/ 0:/ /' | grep -v "is not") + +Summary: 389 Directory Server (%{variant}) Name: 389-ds-base -Version: 1.4.4.17 -Release: %{?relprefix}1%{?prerel}%{?dist} -License: GPLv3+ and (ASL 2.0 or MIT) and MIT and (Unlicense or MIT) and MPLv2.0 and BSD and ASL 2.0 and (ASL 2.0 or Boost) and (ASL 2.0 with exceptions or ASL 2.0 or MIT) +Version: 3.2.0 +Release: %{autorelease -n %{?with_asan:-e asan}}%{?dist} +License: GPL-3.0-or-later WITH GPL-3.0-389-ds-base-exception AND (0BSD OR Apache-2.0 OR MIT) AND (Apache-2.0 OR Apache-2.0 WITH LLVM-exception OR MIT) AND (Apache-2.0 OR BSL-1.0) AND (Apache-2.0 OR LGPL-2.1-or-later OR MIT) AND (Apache-2.0 OR MIT OR Zlib) AND (Apache-2.0 OR MIT) AND (CC-BY-4.0 AND MIT) AND (MIT OR Apache-2.0) AND Unicode-3.0 AND (MIT OR CC0-1.0) AND (MIT OR Unlicense) AND 0BSD AND Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND ISC AND MIT AND MIT AND ISC AND MPL-2.0 AND PSF-2.0 AND Zlib URL: https://www.port389.org -Conflicts: selinux-policy-base < 3.9.8 -Conflicts: freeipa-server < 4.0.3 -Obsoletes: %{name} <= 1.4.0.9 Obsoletes: %{name}-legacy-tools < 1.4.4.6 Obsoletes: %{name}-legacy-tools-debuginfo < 1.4.4.6 Provides: ldif2ldbm >= 0 ##### Bundled cargo crates list - START ##### -Provides: bundled(crate(ahash)) = 0.7.2 -Provides: bundled(crate(ansi_term)) = 0.11.0 +Provides: bundled(crate(addr2line)) = 0.24.2 +Provides: bundled(crate(adler2)) = 2.0.1 +Provides: bundled(crate(allocator-api2)) = 0.2.21 Provides: bundled(crate(atty)) = 0.2.14 -Provides: bundled(crate(autocfg)) = 1.0.1 -Provides: bundled(crate(base64)) = 0.13.0 -Provides: bundled(crate(bitflags)) = 1.2.1 -Provides: bundled(crate(byteorder)) = 1.4.3 -Provides: bundled(crate(cbindgen)) = 0.9.1 -Provides: bundled(crate(cc)) = 1.0.67 -Provides: bundled(crate(cfg-if)) = 1.0.0 -Provides: bundled(crate(clap)) = 2.33.3 -Provides: bundled(crate(concread)) = 0.2.8 -Provides: bundled(crate(crossbeam)) = 0.8.0 -Provides: bundled(crate(crossbeam-channel)) = 0.5.0 -Provides: bundled(crate(crossbeam-deque)) = 0.8.0 -Provides: bundled(crate(crossbeam-epoch)) = 0.9.3 -Provides: bundled(crate(crossbeam-queue)) = 0.3.1 -Provides: bundled(crate(crossbeam-utils)) = 0.8.3 -Provides: bundled(crate(entryuuid)) = 0.1.0 -Provides: bundled(crate(entryuuid_syntax)) = 0.1.0 +Provides: bundled(crate(autocfg)) = 1.5.0 +Provides: bundled(crate(backtrace)) = 0.3.75 +Provides: bundled(crate(base64)) = 0.13.1 +Provides: bundled(crate(bitflags)) = 2.9.1 +Provides: bundled(crate(byteorder)) = 1.5.0 +Provides: bundled(crate(cbindgen)) = 0.26.0 +Provides: bundled(crate(cc)) = 1.2.27 +Provides: bundled(crate(cfg-if)) = 1.0.1 +Provides: bundled(crate(clap)) = 3.2.25 +Provides: bundled(crate(clap_lex)) = 0.2.4 +Provides: bundled(crate(concread)) = 0.5.6 +Provides: bundled(crate(crossbeam-epoch)) = 0.9.18 +Provides: bundled(crate(crossbeam-queue)) = 0.3.12 +Provides: bundled(crate(crossbeam-utils)) = 0.8.21 +Provides: bundled(crate(equivalent)) = 1.0.2 +Provides: bundled(crate(errno)) = 0.3.12 +Provides: bundled(crate(fastrand)) = 2.3.0 Provides: bundled(crate(fernet)) = 0.1.4 +Provides: bundled(crate(foldhash)) = 0.1.5 Provides: bundled(crate(foreign-types)) = 0.3.2 Provides: bundled(crate(foreign-types-shared)) = 0.1.1 -Provides: bundled(crate(getrandom)) = 0.2.2 -Provides: bundled(crate(hermit-abi)) = 0.1.18 -Provides: bundled(crate(instant)) = 0.1.9 -Provides: bundled(crate(itoa)) = 0.4.7 -Provides: bundled(crate(jobserver)) = 0.1.21 -Provides: bundled(crate(lazy_static)) = 1.4.0 -Provides: bundled(crate(libc)) = 0.2.92 -Provides: bundled(crate(librnsslapd)) = 0.1.0 -Provides: bundled(crate(librslapd)) = 0.1.0 -Provides: bundled(crate(lock_api)) = 0.4.3 -Provides: bundled(crate(log)) = 0.4.14 -Provides: bundled(crate(memoffset)) = 0.6.3 -Provides: bundled(crate(num)) = 0.3.1 -Provides: bundled(crate(num-bigint)) = 0.3.2 -Provides: bundled(crate(num-complex)) = 0.3.1 -Provides: bundled(crate(num-integer)) = 0.1.44 -Provides: bundled(crate(num-iter)) = 0.1.42 -Provides: bundled(crate(num-rational)) = 0.3.2 -Provides: bundled(crate(num-traits)) = 0.2.14 -Provides: bundled(crate(once_cell)) = 1.7.2 -Provides: bundled(crate(openssl)) = 0.10.33 -Provides: bundled(crate(openssl-sys)) = 0.9.61 -Provides: bundled(crate(parking_lot)) = 0.11.1 -Provides: bundled(crate(parking_lot_core)) = 0.8.3 +Provides: bundled(crate(getrandom)) = 0.3.3 +Provides: bundled(crate(gimli)) = 0.31.1 +Provides: bundled(crate(hashbrown)) = 0.15.4 +Provides: bundled(crate(heck)) = 0.4.1 +Provides: bundled(crate(hermit-abi)) = 0.1.19 +Provides: bundled(crate(indexmap)) = 1.9.3 +Provides: bundled(crate(itoa)) = 1.0.15 +Provides: bundled(crate(jobserver)) = 0.1.33 +Provides: bundled(crate(libc)) = 0.2.174 +Provides: bundled(crate(linux-raw-sys)) = 0.9.4 +Provides: bundled(crate(log)) = 0.4.27 +Provides: bundled(crate(lru)) = 0.13.0 +Provides: bundled(crate(memchr)) = 2.7.5 +Provides: bundled(crate(miniz_oxide)) = 0.8.9 +Provides: bundled(crate(object)) = 0.36.7 +Provides: bundled(crate(once_cell)) = 1.21.3 +Provides: bundled(crate(openssl)) = 0.10.73 +Provides: bundled(crate(openssl-macros)) = 0.1.1 +Provides: bundled(crate(openssl-sys)) = 0.9.109 +Provides: bundled(crate(os_str_bytes)) = 6.6.1 Provides: bundled(crate(paste)) = 0.1.18 Provides: bundled(crate(paste-impl)) = 0.1.18 -Provides: bundled(crate(pkg-config)) = 0.3.19 -Provides: bundled(crate(ppv-lite86)) = 0.2.10 -Provides: bundled(crate(proc-macro-hack)) = 0.5.19 -Provides: bundled(crate(proc-macro2)) = 1.0.26 -Provides: bundled(crate(pwdchan)) = 0.1.0 -Provides: bundled(crate(quote)) = 1.0.9 -Provides: bundled(crate(rand)) = 0.8.3 -Provides: bundled(crate(rand_chacha)) = 0.3.0 -Provides: bundled(crate(rand_core)) = 0.6.2 -Provides: bundled(crate(rand_hc)) = 0.3.0 -Provides: bundled(crate(redox_syscall)) = 0.2.5 -Provides: bundled(crate(remove_dir_all)) = 0.5.3 -Provides: bundled(crate(ryu)) = 1.0.5 -Provides: bundled(crate(scopeguard)) = 1.1.0 -Provides: bundled(crate(serde)) = 1.0.125 -Provides: bundled(crate(serde_derive)) = 1.0.125 -Provides: bundled(crate(serde_json)) = 1.0.64 -Provides: bundled(crate(slapd)) = 0.1.0 -Provides: bundled(crate(slapi_r_plugin)) = 0.1.0 -Provides: bundled(crate(smallvec)) = 1.6.1 -Provides: bundled(crate(strsim)) = 0.8.0 -Provides: bundled(crate(syn)) = 1.0.68 -Provides: bundled(crate(synstructure)) = 0.12.4 -Provides: bundled(crate(tempfile)) = 3.2.0 -Provides: bundled(crate(textwrap)) = 0.11.0 -Provides: bundled(crate(toml)) = 0.5.8 -Provides: bundled(crate(unicode-width)) = 0.1.8 -Provides: bundled(crate(unicode-xid)) = 0.2.1 +Provides: bundled(crate(pin-project-lite)) = 0.2.16 +Provides: bundled(crate(pkg-config)) = 0.3.32 +Provides: bundled(crate(proc-macro-hack)) = 0.5.20+deprecated +Provides: bundled(crate(proc-macro2)) = 1.0.95 +Provides: bundled(crate(quote)) = 1.0.40 +Provides: bundled(crate(r-efi)) = 5.3.0 +Provides: bundled(crate(rustc-demangle)) = 0.1.25 +Provides: bundled(crate(rustix)) = 1.0.7 +Provides: bundled(crate(ryu)) = 1.0.20 +Provides: bundled(crate(serde)) = 1.0.219 +Provides: bundled(crate(serde_derive)) = 1.0.219 +Provides: bundled(crate(serde_json)) = 1.0.140 +Provides: bundled(crate(shlex)) = 1.3.0 +Provides: bundled(crate(smallvec)) = 1.15.1 +Provides: bundled(crate(sptr)) = 0.3.2 +Provides: bundled(crate(strsim)) = 0.10.0 +Provides: bundled(crate(syn)) = 2.0.103 +Provides: bundled(crate(tempfile)) = 3.20.0 +Provides: bundled(crate(termcolor)) = 1.4.1 +Provides: bundled(crate(textwrap)) = 0.16.2 +Provides: bundled(crate(tokio)) = 1.45.1 +Provides: bundled(crate(toml)) = 0.5.11 +Provides: bundled(crate(tracing)) = 0.1.41 +Provides: bundled(crate(tracing-attributes)) = 0.1.30 +Provides: bundled(crate(tracing-core)) = 0.1.34 +Provides: bundled(crate(unicode-ident)) = 1.0.18 Provides: bundled(crate(uuid)) = 0.8.2 -Provides: bundled(crate(vcpkg)) = 0.2.11 -Provides: bundled(crate(vec_map)) = 0.8.2 -Provides: bundled(crate(version_check)) = 0.9.3 -Provides: bundled(crate(wasi)) = 0.10.2+wasi_snapshot_preview1 +Provides: bundled(crate(vcpkg)) = 0.2.15 +Provides: bundled(crate(wasi)) = 0.14.2+wasi_0.2.4 Provides: bundled(crate(winapi)) = 0.3.9 Provides: bundled(crate(winapi-i686-pc-windows-gnu)) = 0.4.0 +Provides: bundled(crate(winapi-util)) = 0.1.9 Provides: bundled(crate(winapi-x86_64-pc-windows-gnu)) = 0.4.0 -Provides: bundled(crate(zeroize)) = 1.2.0 -Provides: bundled(crate(zeroize_derive)) = 1.0.1 +Provides: bundled(crate(windows-sys)) = 0.59.0 +Provides: bundled(crate(windows-targets)) = 0.52.6 +Provides: bundled(crate(windows_aarch64_gnullvm)) = 0.52.6 +Provides: bundled(crate(windows_aarch64_msvc)) = 0.52.6 +Provides: bundled(crate(windows_i686_gnu)) = 0.52.6 +Provides: bundled(crate(windows_i686_gnullvm)) = 0.52.6 +Provides: bundled(crate(windows_i686_msvc)) = 0.52.6 +Provides: bundled(crate(windows_x86_64_gnu)) = 0.52.6 +Provides: bundled(crate(windows_x86_64_gnullvm)) = 0.52.6 +Provides: bundled(crate(windows_x86_64_msvc)) = 0.52.6 +Provides: bundled(crate(wit-bindgen-rt)) = 0.39.0 +Provides: bundled(crate(zeroize)) = 1.8.1 +Provides: bundled(crate(zeroize_derive)) = 1.4.2 +Provides: bundled(npm(@eslint-community/eslint-utils)) = 4.4.1 +Provides: bundled(npm(@eslint-community/regexpp)) = 4.12.1 +Provides: bundled(npm(@eslint/eslintrc)) = 2.1.4 +Provides: bundled(npm(@eslint/js)) = 8.57.1 +Provides: bundled(npm(@fortawesome/fontawesome-common-types)) = 0.2.36 +Provides: bundled(npm(@fortawesome/fontawesome-svg-core)) = 1.2.36 +Provides: bundled(npm(@fortawesome/free-solid-svg-icons)) = 5.15.4 +Provides: bundled(npm(@fortawesome/react-fontawesome)) = 0.1.19 +Provides: bundled(npm(@humanwhocodes/config-array)) = 0.13.0 +Provides: bundled(npm(@humanwhocodes/module-importer)) = 1.0.1 +Provides: bundled(npm(@humanwhocodes/object-schema)) = 2.0.3 +Provides: bundled(npm(@nodelib/fs.scandir)) = 2.1.5 +Provides: bundled(npm(@nodelib/fs.stat)) = 2.0.5 +Provides: bundled(npm(@nodelib/fs.walk)) = 1.2.8 +Provides: bundled(npm(@patternfly/patternfly)) = 5.4.1 +Provides: bundled(npm(@patternfly/react-charts)) = 7.4.3 +Provides: bundled(npm(@patternfly/react-core)) = 5.4.1 +Provides: bundled(npm(@patternfly/react-icons)) = 5.4.0 +Provides: bundled(npm(@patternfly/react-log-viewer)) = 5.3.0 +Provides: bundled(npm(@patternfly/react-styles)) = 5.4.0 +Provides: bundled(npm(@patternfly/react-table)) = 5.4.1 +Provides: bundled(npm(@patternfly/react-tokens)) = 5.4.0 +Provides: bundled(npm(@types/d3-array)) = 3.2.1 +Provides: bundled(npm(@types/d3-color)) = 3.1.3 +Provides: bundled(npm(@types/d3-ease)) = 3.0.2 +Provides: bundled(npm(@types/d3-interpolate)) = 3.0.4 +Provides: bundled(npm(@types/d3-path)) = 3.1.0 +Provides: bundled(npm(@types/d3-scale)) = 4.0.8 +Provides: bundled(npm(@types/d3-shape)) = 3.1.6 +Provides: bundled(npm(@types/d3-time)) = 3.0.3 +Provides: bundled(npm(@types/d3-timer)) = 3.0.2 +Provides: bundled(npm(@ungap/structured-clone)) = 1.2.0 +Provides: bundled(npm(@xterm/addon-canvas)) = 0.7.0 +Provides: bundled(npm(@xterm/xterm)) = 5.5.0 +Provides: bundled(npm(acorn)) = 8.14.0 +Provides: bundled(npm(acorn-jsx)) = 5.3.2 +Provides: bundled(npm(ajv)) = 6.12.6 +Provides: bundled(npm(ansi-regex)) = 5.0.1 +Provides: bundled(npm(ansi-styles)) = 4.3.0 +Provides: bundled(npm(argparse)) = 2.0.1 +Provides: bundled(npm(attr-accept)) = 2.2.4 +Provides: bundled(npm(autolinker)) = 3.16.2 +Provides: bundled(npm(balanced-match)) = 1.0.2 +Provides: bundled(npm(brace-expansion)) = 1.1.12 +Provides: bundled(npm(callsites)) = 3.1.0 +Provides: bundled(npm(chalk)) = 4.1.2 +Provides: bundled(npm(color-convert)) = 2.0.1 +Provides: bundled(npm(color-name)) = 1.1.4 +Provides: bundled(npm(concat-map)) = 0.0.1 +Provides: bundled(npm(core-util-is)) = 1.0.3 +Provides: bundled(npm(cross-spawn)) = 7.0.6 +Provides: bundled(npm(d3-array)) = 3.2.4 +Provides: bundled(npm(d3-color)) = 3.1.0 +Provides: bundled(npm(d3-ease)) = 3.0.1 +Provides: bundled(npm(d3-format)) = 3.1.0 +Provides: bundled(npm(d3-interpolate)) = 3.0.1 +Provides: bundled(npm(d3-path)) = 3.1.0 +Provides: bundled(npm(d3-scale)) = 4.0.2 +Provides: bundled(npm(d3-shape)) = 3.2.0 +Provides: bundled(npm(d3-time)) = 3.1.0 +Provides: bundled(npm(d3-time-format)) = 4.1.0 +Provides: bundled(npm(d3-timer)) = 3.0.1 +Provides: bundled(npm(debug)) = 4.3.7 +Provides: bundled(npm(deep-is)) = 0.1.4 +Provides: bundled(npm(delaunator)) = 4.0.1 +Provides: bundled(npm(delaunay-find)) = 0.0.6 +Provides: bundled(npm(dequal)) = 2.0.3 +Provides: bundled(npm(doctrine)) = 3.0.0 +Provides: bundled(npm(encoding)) = 0.1.13 +Provides: bundled(npm(escape-string-regexp)) = 4.0.0 +Provides: bundled(npm(eslint)) = 8.57.1 +Provides: bundled(npm(eslint-plugin-react-hooks)) = 4.6.2 +Provides: bundled(npm(eslint-scope)) = 7.2.2 +Provides: bundled(npm(eslint-visitor-keys)) = 3.4.3 +Provides: bundled(npm(espree)) = 9.6.1 +Provides: bundled(npm(esquery)) = 1.6.0 +Provides: bundled(npm(esrecurse)) = 4.3.0 +Provides: bundled(npm(estraverse)) = 5.3.0 +Provides: bundled(npm(esutils)) = 2.0.3 +Provides: bundled(npm(fast-deep-equal)) = 3.1.3 +Provides: bundled(npm(fast-json-stable-stringify)) = 2.1.0 +Provides: bundled(npm(fast-levenshtein)) = 2.0.6 +Provides: bundled(npm(fastq)) = 1.17.1 +Provides: bundled(npm(file-entry-cache)) = 6.0.1 +Provides: bundled(npm(file-selector)) = 2.1.0 +Provides: bundled(npm(find-up)) = 5.0.0 +Provides: bundled(npm(flat-cache)) = 3.2.0 +Provides: bundled(npm(flatted)) = 3.3.1 +Provides: bundled(npm(focus-trap)) = 7.5.4 +Provides: bundled(npm(fs.realpath)) = 1.0.0 +Provides: bundled(npm(gettext-parser)) = 2.1.0 +Provides: bundled(npm(glob)) = 7.2.3 +Provides: bundled(npm(glob-parent)) = 6.0.2 +Provides: bundled(npm(globals)) = 13.24.0 +Provides: bundled(npm(graphemer)) = 1.4.0 +Provides: bundled(npm(has-flag)) = 4.0.0 +Provides: bundled(npm(hoist-non-react-statics)) = 3.3.2 +Provides: bundled(npm(iconv-lite)) = 0.6.3 +Provides: bundled(npm(ignore)) = 5.3.2 +Provides: bundled(npm(import-fresh)) = 3.3.0 +Provides: bundled(npm(imurmurhash)) = 0.1.4 +Provides: bundled(npm(inflight)) = 1.0.6 +Provides: bundled(npm(inherits)) = 2.0.4 +Provides: bundled(npm(internmap)) = 2.0.3 +Provides: bundled(npm(is-extglob)) = 2.1.1 +Provides: bundled(npm(is-glob)) = 4.0.3 +Provides: bundled(npm(is-path-inside)) = 3.0.3 +Provides: bundled(npm(isarray)) = 1.0.0 +Provides: bundled(npm(isexe)) = 2.0.0 +Provides: bundled(npm(js-sha1)) = 0.7.0 +Provides: bundled(npm(js-sha256)) = 0.11.0 +Provides: bundled(npm(js-tokens)) = 4.0.0 +Provides: bundled(npm(js-yaml)) = 4.1.1 +Provides: bundled(npm(json-buffer)) = 3.0.1 +Provides: bundled(npm(json-schema-traverse)) = 0.4.1 +Provides: bundled(npm(json-stable-stringify-without-jsonify)) = 1.0.1 +Provides: bundled(npm(json-stringify-safe)) = 5.0.1 +Provides: bundled(npm(keyv)) = 4.5.4 +Provides: bundled(npm(levn)) = 0.4.1 +Provides: bundled(npm(locate-path)) = 6.0.0 +Provides: bundled(npm(lodash)) = 4.17.21 +Provides: bundled(npm(lodash.merge)) = 4.6.2 +Provides: bundled(npm(loose-envify)) = 1.4.0 +Provides: bundled(npm(memoize-one)) = 5.2.1 +Provides: bundled(npm(minimatch)) = 3.1.2 +Provides: bundled(npm(ms)) = 2.1.3 +Provides: bundled(npm(natural-compare)) = 1.4.0 +Provides: bundled(npm(object-assign)) = 4.1.1 +Provides: bundled(npm(once)) = 1.4.0 +Provides: bundled(npm(optionator)) = 0.9.4 +Provides: bundled(npm(p-limit)) = 3.1.0 +Provides: bundled(npm(p-locate)) = 5.0.0 +Provides: bundled(npm(parent-module)) = 1.0.1 +Provides: bundled(npm(path-exists)) = 4.0.0 +Provides: bundled(npm(path-is-absolute)) = 1.0.1 +Provides: bundled(npm(path-key)) = 3.1.1 +Provides: bundled(npm(prelude-ls)) = 1.2.1 +Provides: bundled(npm(prettier)) = 3.3.3 +Provides: bundled(npm(process-nextick-args)) = 2.0.1 +Provides: bundled(npm(prop-types)) = 15.8.1 +Provides: bundled(npm(punycode)) = 2.3.1 +Provides: bundled(npm(queue-microtask)) = 1.2.3 +Provides: bundled(npm(react)) = 18.3.1 +Provides: bundled(npm(react-dom)) = 18.3.1 +Provides: bundled(npm(react-dropzone)) = 14.3.5 +Provides: bundled(npm(react-fast-compare)) = 3.2.2 +Provides: bundled(npm(react-is)) = 16.13.1 +Provides: bundled(npm(readable-stream)) = 2.3.8 +Provides: bundled(npm(remarkable)) = 2.0.1 +Provides: bundled(npm(resolve-from)) = 4.0.0 +Provides: bundled(npm(reusify)) = 1.0.4 +Provides: bundled(npm(rimraf)) = 3.0.2 +Provides: bundled(npm(run-parallel)) = 1.2.0 +Provides: bundled(npm(safe-buffer)) = 5.2.1 +Provides: bundled(npm(safer-buffer)) = 2.1.2 +Provides: bundled(npm(scheduler)) = 0.23.2 +Provides: bundled(npm(shebang-command)) = 2.0.0 +Provides: bundled(npm(shebang-regex)) = 3.0.0 +Provides: bundled(npm(sprintf-js)) = 1.0.3 +Provides: bundled(npm(string_decoder)) = 1.1.1 +Provides: bundled(npm(strip-ansi)) = 6.0.1 +Provides: bundled(npm(strip-json-comments)) = 3.1.1 +Provides: bundled(npm(supports-color)) = 7.2.0 +Provides: bundled(npm(tabbable)) = 6.2.0 +Provides: bundled(npm(text-table)) = 0.2.0 +Provides: bundled(npm(throttle-debounce)) = 5.0.2 +Provides: bundled(npm(tslib)) = 2.8.1 +Provides: bundled(npm(type-check)) = 0.4.0 +Provides: bundled(npm(type-fest)) = 0.20.2 +Provides: bundled(npm(uri-js)) = 4.4.1 +Provides: bundled(npm(util-deprecate)) = 1.0.2 +Provides: bundled(npm(uuid)) = 10.0.0 +Provides: bundled(npm(victory-area)) = 37.3.1 +Provides: bundled(npm(victory-axis)) = 37.3.1 +Provides: bundled(npm(victory-bar)) = 37.3.1 +Provides: bundled(npm(victory-box-plot)) = 37.3.1 +Provides: bundled(npm(victory-brush-container)) = 37.3.1 +Provides: bundled(npm(victory-chart)) = 37.3.1 +Provides: bundled(npm(victory-core)) = 37.3.1 +Provides: bundled(npm(victory-create-container)) = 37.3.1 +Provides: bundled(npm(victory-cursor-container)) = 37.3.1 +Provides: bundled(npm(victory-group)) = 37.3.1 +Provides: bundled(npm(victory-legend)) = 37.3.1 +Provides: bundled(npm(victory-line)) = 37.3.1 +Provides: bundled(npm(victory-pie)) = 37.3.1 +Provides: bundled(npm(victory-polar-axis)) = 37.3.1 +Provides: bundled(npm(victory-scatter)) = 37.3.1 +Provides: bundled(npm(victory-selection-container)) = 37.3.1 +Provides: bundled(npm(victory-shared-events)) = 37.3.1 +Provides: bundled(npm(victory-stack)) = 37.3.1 +Provides: bundled(npm(victory-tooltip)) = 37.3.1 +Provides: bundled(npm(victory-vendor)) = 37.3.1 +Provides: bundled(npm(victory-voronoi-container)) = 37.3.1 +Provides: bundled(npm(victory-zoom-container)) = 37.3.1 +Provides: bundled(npm(which)) = 2.0.2 +Provides: bundled(npm(word-wrap)) = 1.2.5 +Provides: bundled(npm(wrappy)) = 1.0.2 +Provides: bundled(npm(yocto-queue)) = 0.1.0 ##### Bundled cargo crates list - END ##### +# Attach the buildrequires to the top level package: BuildRequires: nspr-devel BuildRequires: nss-devel >= 3.34 +BuildRequires: openldap-clients BuildRequires: openldap-devel -BuildRequires: libdb-devel +BuildRequires: lmdb-devel BuildRequires: cyrus-sasl-devel BuildRequires: icu BuildRequires: libicu-devel -BuildRequires: pcre-devel +BuildRequires: pcre2-devel BuildRequires: cracklib-devel -%if %{use_clang} +BuildRequires: json-c-devel +BuildRequires: libxcrypt-devel +%if %{with clang} BuildRequires: libatomic BuildRequires: clang +BuildRequires: compiler-rt +BuildRequires: lld %else BuildRequires: gcc BuildRequires: gcc-c++ +%if %{with asan} +BuildRequires: libasan %endif +%if %{with tsan} +BuildRequires: libtsan +%endif +%if %{with ubsan} +BuildRequires: libubsan +%endif +%endif +%if %{without libbdb_ro} +%if %{without bundle_libdb} +BuildRequires: libdb-devel +%endif +%endif + # The following are needed to build the snmp ldap-agent BuildRequires: net-snmp-devel -BuildRequires: lm_sensors-devel BuildRequires: bzip2-devel -BuildRequires: zlib-devel BuildRequires: openssl-devel # the following is for the pam passthru auth plug-in BuildRequires: pam-devel BuildRequires: systemd-units BuildRequires: systemd-devel -%if %{use_asan} -BuildRequires: libasan -%endif -# If rust is enabled -%if %{use_rust} -BuildRequires: cargo -BuildRequires: rust -%endif +BuildRequires: systemd-rpm-macros +%{?sysusers_requires_compat} +BuildRequires: cargo +BuildRequires: rust BuildRequires: pkgconfig BuildRequires: pkgconfig(systemd) BuildRequires: pkgconfig(krb5) - +BuildRequires: pkgconfig(libpcre2-8) # Needed to support regeneration of the autotool artifacts. BuildRequires: autoconf BuildRequires: automake @@ -193,102 +438,133 @@ BuildRequires: libtool BuildRequires: doxygen # For tests! BuildRequires: libcmocka-devel -BuildRequires: libevent-devel -# For lib389 and related components +# For lib389 and related components. BuildRequires: python%{python3_pkgversion}-devel -BuildRequires: python%{python3_pkgversion}-setuptools -BuildRequires: python%{python3_pkgversion}-ldap -BuildRequires: python%{python3_pkgversion}-six -BuildRequires: python%{python3_pkgversion}-pyasn1 -BuildRequires: python%{python3_pkgversion}-pyasn1-modules -BuildRequires: python%{python3_pkgversion}-dateutil -BuildRequires: python%{python3_pkgversion}-argcomplete -BuildRequires: python%{python3_pkgversion}-argparse-manpage -BuildRequires: python%{python3_pkgversion}-libselinux -BuildRequires: python%{python3_pkgversion}-policycoreutils # For cockpit -%if %{use_cockpit} +%if %{with cockpit} BuildRequires: rsync +BuildRequires: npm +BuildRequires: nodejs %endif +# For autosetup -S git +BuildRequires: git + Requires: %{name}-libs = %{version}-%{release} Requires: python%{python3_pkgversion}-lib389 = %{version}-%{release} # this is needed for using semanage from our setup scripts Requires: policycoreutils-python-utils -Requires: /usr/sbin/semanage Requires: libsemanage-python%{python3_pkgversion} - -Requires: selinux-policy >= 3.14.1-29 - # the following are needed for some of our scripts Requires: openldap-clients -Requires: /usr/bin/c_rehash -Requires: python%{python3_pkgversion}-ldap - +Requires: acl # this is needed to setup SSL if you are not using the # administration server package Requires: nss-tools -Requires: nss >= 3.34 - +%dirsrv_requires_ge nss # these are not found by the auto-dependency method # they are required to support the mandatory LDAP SASL mechs Requires: cyrus-sasl-gssapi Requires: cyrus-sasl-md5 +# This is optionally supported by us, as we use it in our tests Requires: cyrus-sasl-plain - -# this is needed for verify-db.pl -Requires: libdb-utils - +# this is needed for backldbm +%if %{with libbdb_ro} +Requires: %{name}-robdb-libs = %{version}-%{release} +%else +%if %{without bundle_libdb} +Requires: libdb +%endif +%endif +Requires: lmdb-libs +# Needed by logconv.pl +%if %{without libbdb_ro} +%if %{without bundle_libdb} +Requires: perl-DB_File +%endif +%endif +Requires: perl-Archive-Tar +%if 0%{?fedora} >= 33 || 0%{?rhel} >= 9 +Requires: perl-debugger +Requires: perl-sigtrap +%endif # Needed for password dictionary checks Requires: cracklib-dicts - -# Needed by logconv.pl -Requires: perl-DB_File -Requires: perl-Archive-Tar - +Requires: json-c +# Log compression +Requires: zlib-devel +# logconv.py, MIME type +Requires: python3-file-magic # Picks up our systemd deps. %{?systemd_requires} -Obsoletes: %{name} <= 1.3.5.4 - -Source0: https://releases.pagure.org/389-ds-base/%{name}-%{version}%{?prerel}.tar.bz2 -# 389-ds-git.sh should be used to generate the source tarball from git -Source1: %{name}-git.sh +Source0: https://github.com/389ds/%{name}/releases/download/%{name}-%{version}/%{name}-%{version}.tar.bz2 Source2: %{name}-devel.README -%if %{bundle_jemalloc} +%if %{with bundle_jemalloc} Source3: https://github.com/jemalloc/%{jemalloc_name}/releases/download/%{jemalloc_ver}/%{jemalloc_name}-%{jemalloc_ver}.tar.bz2 +Source6: jemalloc-5.3.0_throw_bad_alloc.patch %endif +Source4: 389-ds-base.sysusers +%if %{with bundle_libdb} +Source5: https://fedorapeople.org/groups/389ds/libdb-5.3.28-59.tar.bz2 +%endif + +Patch: 0001-Issue-7096-During-replication-online-total-init-the-.patch +Patch: 0002-Issue-Revise-paged-result-search-locking.patch +Patch: 0003-Issue-7108-Fix-shutdown-crash-in-entry-cache-destruc.patch +Patch: 0004-Issue-7172-Index-ordering-mismatch-after-upgrade-717.patch +Patch: 0005-Issue-7172-2nd-Index-ordering-mismatch-after-upgrade.patch %description 389 Directory Server is an LDAPv3 compliant server. The base package includes the LDAP server and command line utilities for server administration. -%if %{use_asan} +%if %{with asan} WARNING! This build is linked to Address Sanitisation libraries. This probably isn't what you want. Please contact support immediately. Please see http://seclists.org/oss-sec/2016/q1/363 for more information. %endif +%if %{with libbdb_ro} +%package robdb-libs +Summary: Read-only Berkeley Database Library +License: GPL-2.0-or-later OR LGPL-2.1-or-later + +%description robdb-libs +The %{name}-robdb-lib package contains a library derived from rpm +project (https://github.com/rpm-software-management/rpm) that provides +some basic functions to search and read Berkeley Database records +%endif + + %package libs -Summary: Core libraries for 389 Directory Server -BuildRequires: nspr-devel -BuildRequires: nss-devel >= 3.34 -BuildRequires: openldap-devel -BuildRequires: libdb-devel -BuildRequires: cyrus-sasl-devel -BuildRequires: libicu-devel -BuildRequires: pcre-devel -BuildRequires: libtalloc-devel -BuildRequires: libevent-devel -BuildRequires: libtevent-devel -BuildRequires: make -Requires: krb5-libs -Requires: libevent -BuildRequires: systemd-devel +Summary: Core libraries for 389 Directory Server (%{variant}) Provides: svrcore = 4.1.4 -Conflicts: svrcore Obsoletes: svrcore <= 4.1.3 +Conflicts: svrcore +%dirsrv_requires_ge nss +Requires: nspr +Requires: openldap +Requires: systemd-libs +# Pull in sasl +Requires: cyrus-sasl-lib +# KRB +Requires: krb5-libs +%if %{with clang} +Requires: llvm +Requires: compiler-rt +%else +%if %{with asan} +Requires: libasan +%endif +%if %{with tsan} +Requires: libtsan +%endif +%if %{with ubsan} +Requires: libubsan +%endif +%endif %description libs Core libraries for the 389 Directory Server base package. These libraries @@ -296,19 +572,17 @@ are used by the main package and the -devel package. This allows the -devel package to be installed with just the -libs package and without the main package. %package devel -Summary: Development libraries for 389 Directory Server +Summary: Development libraries for 389 Directory Server (%{variant}) +Provides: svrcore-devel = 4.1.4 +Obsoletes: svrcore-devel <= 4.1.3 +Conflicts: svrcore-devel Requires: %{name}-libs = %{version}-%{release} Requires: pkgconfig Requires: nspr-devel Requires: nss-devel >= 3.34 Requires: openldap-devel -Requires: libtalloc -Requires: libevent -Requires: libtevent +# systemd-libs contains the headers iirc. Requires: systemd-libs -Provides: svrcore-devel = 4.1.4 -Conflicts: svrcore-devel -Obsoletes: svrcore-devel <= 4.1.3 %description devel Development Libraries and headers for the 389 Directory Server base package. @@ -322,76 +596,103 @@ Obsoletes: %{name} <= 1.4.0.0 %description snmp SNMP Agent for the 389 Directory Server base package. +%if %{with bundle_libdb} +%package bdb +Summary: Berkeley Database backend for 389 Directory Server +%description bdb +Berkeley Database backend for 389 Directory Server +Warning! This backend is deprecated in favor of lmdb and its support +may be removed in future versions. + +Requires: %{name} = %{version}-%{release} +# Berkeley DB database libdb was marked as deprecated since F40: +# https://fedoraproject.org/wiki/Changes/389_Directory_Server_3.0.0 +# because libdb was marked as deprecated since F33 +# https://fedoraproject.org/wiki/Changes/Libdb_deprecated +Provides: deprecated() +%endif + + %package -n python%{python3_pkgversion}-lib389 Summary: A library for accessing, testing, and configuring the 389 Directory Server BuildArch: noarch +Requires: %{name} = %{version}-%{release} Requires: openssl +# This is for /usr/bin/c_rehash tool, only needed for openssl < 1.1.0 +Requires: openssl-perl Requires: iproute -Recommends: bash-completion -Requires: python%{python3_pkgversion} -Requires: python%{python3_pkgversion}-distro -Requires: python%{python3_pkgversion}-ldap -Requires: python%{python3_pkgversion}-six -Requires: python%{python3_pkgversion}-pyasn1 -Requires: python%{python3_pkgversion}-pyasn1-modules -Requires: python%{python3_pkgversion}-dateutil -Requires: python%{python3_pkgversion}-argcomplete Requires: python%{python3_pkgversion}-libselinux -Requires: python%{python3_pkgversion}-setuptools -%{?python_provide:%python_provide python%{python3_pkgversion}-lib389} +Recommends: bash-completion %description -n python%{python3_pkgversion}-lib389 This module contains tools and libraries for accessing, testing, and configuring the 389 Directory Server. -%if %{use_cockpit} +%if %{with cockpit} %package -n cockpit-389-ds Summary: Cockpit UI Plugin for configuring and administering the 389 Directory Server BuildArch: noarch Requires: cockpit -Requires: 389-ds-base +Requires: %{name} = %{version}-%{release} Requires: python%{python3_pkgversion} -Requires: python%{python3_pkgversion}-lib389 +Requires: python%{python3_pkgversion}-lib389 = %{version}-%{release} %description -n cockpit-389-ds A cockpit UI Plugin for configuring and administering the 389 Directory Server %endif -%prep -%autosetup -p1 -v -n %{name}-%{version}%{?prerel} +%generate_buildrequires +cd src/lib389 +# Tests do not run in %%check (lib389's tests need to be fixed) +# but test dependencies are needed to check import lib389.topologies +%pyproject_buildrequires -g test -%if %{bundle_jemalloc} -%setup -q -n %{name}-%{version}%{?prerel} -T -D -b 3 +%prep +%autosetup -S git -p1 -n %{name}-%{version} + +%if %{with bundle_jemalloc} +%setup -q -n %{name}-%{version} -T -D -b 3 +%endif + +%if %{with bundle_libdb} +%setup -q -n %{name}-%{version} -T -D -b 5 %endif cp %{SOURCE2} README.devel %build +# Workaround until https://github.com/389ds/389-ds-base/issues/6476 is fixed +export CFLAGS="%{optflags} -std=gnu17" -OPENLDAP_FLAG="--with-openldap" -%{?with_tmpfiles_d: TMPFILES_FLAG="--with-tmpfiles-d=%{with_tmpfiles_d}"} -# hack hack hack https://bugzilla.redhat.com/show_bug.cgi?id=833529 -NSSARGS="--with-nss-lib=%{_libdir} --with-nss-inc=%{_includedir}/nss3" - -%if %{use_asan} -ASAN_FLAGS="--enable-asan --enable-debug" -%endif - -%if %{use_rust} -RUST_FLAGS="--enable-rust" -%endif - -%if !%{use_cockpit} -COCKPIT_FLAGS="--disable-cockpit" -%endif - -%if %{use_clang} -export CC=clang -export CXX=clang++ +%if %{with clang} CLANG_FLAGS="--enable-clang" %endif -%if %{bundle_jemalloc} +%{?with_tmpfiles_d: TMPFILES_FLAG="--with-tmpfiles-d=%{with_tmpfiles_d}"} + +%if %{with asan} +ASAN_FLAGS="--enable-asan --enable-debug" +%endif + +%if %{with msan} +MSAN_FLAGS="--enable-msan --enable-debug" +%endif + +%if %{with tsan} +TSAN_FLAGS="--enable-tsan --enable-debug" +%endif + +%if %{with ubsan} +UBSAN_FLAGS="--enable-ubsan --enable-debug" +%endif + +RUST_FLAGS="--enable-rust --enable-rust-offline" + +%if %{without cockpit} +COCKPIT_FLAGS="--disable-cockpit" +%endif + +%if %{with bundle_jemalloc} # Override page size, bz #1545539 # 4K %ifarch %ix86 %arm x86_64 s390x @@ -411,77 +712,110 @@ CLANG_FLAGS="--enable-clang" # Build jemalloc pushd ../%{jemalloc_name}-%{jemalloc_ver} +patch -p1 -F3 < %{SOURCE6} %configure \ --libdir=%{_libdir}/%{pkgname}/lib \ --bindir=%{_libdir}/%{pkgname}/bin \ - --enable-prof -make %{?_smp_mflags} + --enable-prof %{lg_page} %{lg_hugepage} +%make_build popd %endif -# Enforce strict linking -%define _strict_symbol_defs_build 1 +# Build custom libdb package +%if %{with bundle_libdb} +mkdir -p ../%{libdb_base_version} +pushd ../%{libdb_base_version} +tar -xjf %{_topdir}/SOURCES/%{libdb_full_version}.tar.bz2 +mv %{libdb_full_version} SOURCES +sed -i -e '/^CFLAGS=/s/-fno-strict-aliasing/& -std=gnu99/' %{_builddir}/%{name}-%{version}/rpm/bundle-libdb.spec +rpmbuild --define "_topdir $PWD" -bc %{_builddir}/%{name}-%{version}/rpm/bundle-libdb.spec +popd +%endif # Rebuild the autotool artifacts now. autoreconf -fiv -%configure --enable-autobind --with-selinux $TMPFILES_FLAG \ +%configure \ +%if %{with libbdb_ro} + --with-libbdb-ro \ +%else + --without-libbdb-ro \ +%endif +%if %{with bundle_libdb} + --with-bundle-libdb=%{_builddir}/%{libdb_base_version}/BUILD/%{libdb_base_dir}/dist/dist-tls \ +%endif + --with-selinux $TMPFILES_FLAG \ --with-systemd \ --with-systemdsystemunitdir=%{_unitdir} \ --with-systemdsystemconfdir=%{_sysconfdir}/systemd/system \ - --with-systemdgroupname=%{groupname} \ + --with-systemdgroupname=%{groupname} \ --libexecdir=%{_libexecdir}/%{pkgname} \ - $NSSARGS $ASAN_FLAGS $RUST_FLAGS $CLANG_FLAGS $COCKPIT_FLAGS \ - --enable-cmocka \ - --enable-perl + $ASAN_FLAGS $MSAN_FLAGS $TSAN_FLAGS $UBSAN_FLAGS $RUST_FLAGS $CLANG_FLAGS $COCKPIT_FLAGS \ +%if 0%{?fedora} >= 34 || 0%{?rhel} >= 9 + --with-libldap-r=no \ +%endif + --enable-cmocka +# Avoid "Unknown key name 'XXX' in section 'Service', ignoring." warnings from systemd on older releases +%if 0%{?rhel} && 0%{?rhel} < 9 + sed -r -i '/^(Protect(Home|Hostname|KernelLogs)|PrivateMounts)=/d' %{_builddir}/%{name}-%{version}/wrappers/*.service.in +%endif # lib389 pushd ./src/lib389 -%py3_build +%{python3} validate_version.py --update +%pyproject_wheel popd -# argparse-manpage dynamic man pages have hardcoded man v1 in header, -# need to change it to v8 -sed -i "1s/\"1\"/\"8\"/" %{_builddir}/%{name}-%{version}%{?prerel}/src/lib389/man/dsconf.8 -sed -i "1s/\"1\"/\"8\"/" %{_builddir}/%{name}-%{version}%{?prerel}/src/lib389/man/dsctl.8 -sed -i "1s/\"1\"/\"8\"/" %{_builddir}/%{name}-%{version}%{?prerel}/src/lib389/man/dsidm.8 -sed -i "1s/\"1\"/\"8\"/" %{_builddir}/%{name}-%{version}%{?prerel}/src/lib389/man/dscreate.8 # Generate symbolic info for debuggers export XCFLAGS=$RPM_OPT_FLAGS -#make %{?_smp_mflags} -make +%make_build %install mkdir -p %{buildroot}%{_datadir}/gdb/auto-load%{_sbindir} -%if %{use_cockpit} +%if %{with cockpit} mkdir -p %{buildroot}%{_datadir}/cockpit %endif -make DESTDIR="$RPM_BUILD_ROOT" install +%make_install -%if %{use_cockpit} +%if %{with cockpit} find %{buildroot}%{_datadir}/cockpit/389-console -type d | sed -e "s@%{buildroot}@@" | sed -e 's/^/\%dir /' > cockpit.list find %{buildroot}%{_datadir}/cockpit/389-console -type f | sed -e "s@%{buildroot}@@" >> cockpit.list %endif +find %{buildroot}%{_libdir}/%{pkgname}/plugins/ -type f -iname 'lib*.so' | sed -e "s@%{buildroot}@@" > plugins.list +%if %{with bundle_libdb} +sed -i -e "/libback-bdb/d" plugins.list +%endif + # Copy in our docs from doxygen. -cp -r %{_builddir}/%{name}-%{version}%{?prerel}/man/man3 $RPM_BUILD_ROOT/%{_mandir}/man3 +cp -r %{_builddir}/%{name}-%{version}/man/man3 $RPM_BUILD_ROOT/%{_mandir}/man3 # lib389 pushd src/lib389 -%py3_install +%pyproject_install +%pyproject_save_files -l lib389 popd +# Register CLI tools for bash completion +for clitool in dsconf dsctl dsidm dscreate ds-replcheck +do + register-python-argcomplete "${clitool}" > "${clitool}" + install -p -m 0644 -D -t '%{buildroot}%{bash_completions_dir}' "${clitool}" +done + mkdir -p $RPM_BUILD_ROOT/var/log/%{pkgname} mkdir -p $RPM_BUILD_ROOT/var/lib/%{pkgname} -mkdir -p $RPM_BUILD_ROOT/var/lock/%{pkgname} +mkdir -p $RPM_BUILD_ROOT/var/lock/%{pkgname} \ + && chmod 770 $RPM_BUILD_ROOT/var/lock/%{pkgname} # for systemd mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/systemd/system/%{groupname}.wants +install -p -D -m 0644 %{SOURCE4} %{buildroot}%{_sysusersdir}/389-ds-base.conf -# remove libtool archives and static libs +#remove libtool and static libs rm -f $RPM_BUILD_ROOT%{_libdir}/%{pkgname}/*.a rm -f $RPM_BUILD_ROOT%{_libdir}/%{pkgname}/*.la rm -f $RPM_BUILD_ROOT%{_libdir}/%{pkgname}/plugins/*.a @@ -489,17 +823,52 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/%{pkgname}/plugins/*.la rm -f $RPM_BUILD_ROOT%{_libdir}/libsvrcore.a rm -f $RPM_BUILD_ROOT%{_libdir}/libsvrcore.la -%if %{bundle_jemalloc} +%if %{with bundle_jemalloc} pushd ../%{jemalloc_name}-%{jemalloc_ver} make DESTDIR="$RPM_BUILD_ROOT" install_lib install_bin -cp -pa COPYING ../%{name}-%{version}%{?prerel}/COPYING.jemalloc -cp -pa README ../%{name}-%{version}%{?prerel}/README.jemalloc +cp -pa COPYING ../%{name}-%{version}/COPYING.jemalloc +cp -pa README ../%{name}-%{version}/README.jemalloc +popd +%endif + +%if %{with bundle_libdb} +pushd ../%{libdb_base_version} +libdbbuilddir=$PWD/BUILD/%{libdb_base_dir} +libdbdestdir=$PWD/../%{name}-%{version} +cp -pa $libdbbuilddir/LICENSE $libdbdestdir/LICENSE.libdb +cp -pa $libdbbuilddir/README $libdbdestdir/README.libdb +cp -pa $libdbbuilddir/lgpl-2.1.txt $libdbdestdir/lgpl-2.1.txt.libdb +cp -pa $libdbbuilddir/dist/dist-tls/.libs/%{libdb_bundle_name} $RPM_BUILD_ROOT%{_libdir}/%{pkgname}/%{libdb_bundle_name} +popd +%endif + +%if %{with libbdb_ro} +pushd lib/librobdb +cp -pa COPYING %{_builddir}/%{name}-%{version}/COPYING.librobdb +cp -pa COPYING.RPM %{_builddir}/%{name}-%{version}/COPYING.RPM +install -m 0755 -d %{buildroot}/%{_libdir} +install -m 0755 -d %{buildroot}/%{_docdir}/%{name}-robdb-libs +install -m 0755 -d %{buildroot}/%{_licensedir}/%{name} +install -m 0755 -d %{buildroot}/%{_licensedir}/%{name}-robdb-libs +install -m 0644 $PWD/README.md %{buildroot}/%{_docdir}/%{name}-robdb-libs/README.md +install -m 0644 $PWD/COPYING %{buildroot}/%{_licensedir}/%{name}-robdb-libs/COPYING +install -m 0644 $PWD/COPYING.RPM %{buildroot}/%{_licensedir}/%{name}-robdb-libs/COPYING.RPM +install -m 0644 $PWD/COPYING %{buildroot}/%{_licensedir}/%{name}/COPYING.librobdb +install -m 0644 $PWD/COPYING.RPM %{buildroot}/%{_licensedir}/%{name}/COPYING.RPM popd %endif %check # This checks the code, if it fails it prints why, then re-raises the fail to shortcircuit the rpm build. +%if %{with tsan} +export TSAN_OPTIONS=print_stacktrace=1:second_deadlock_stack=1:history_size=7 +%endif +%if %{without asan} && %{without msan} if ! make DESTDIR="$RPM_BUILD_ROOT" check; then cat ./test-suite.log && false; fi +%endif + +# Check import for lib389 modules +%pyproject_check_import -e '*.test*' %post if [ -n "$DEBUGPOSTTRANS" ] ; then @@ -509,26 +878,10 @@ else output=/dev/null output2=/dev/null fi + # reload to pick up any changes to systemd files /bin/systemctl daemon-reload >$output 2>&1 || : -# https://fedoraproject.org/wiki/Packaging:UsersAndGroups#Soft_static_allocation -# Soft static allocation for UID and GID -USERNAME="dirsrv" -ALLOCATED_UID=389 -GROUPNAME="dirsrv" -ALLOCATED_GID=389 -HOMEDIR="/usr/share/dirsrv" - -getent group $GROUPNAME >/dev/null || /usr/sbin/groupadd -f -g $ALLOCATED_GID -r $GROUPNAME -if ! getent passwd $USERNAME >/dev/null ; then - if ! getent passwd $ALLOCATED_UID >/dev/null ; then - /usr/sbin/useradd -r -u $ALLOCATED_UID -g $GROUPNAME -d $HOMEDIR -s /sbin/nologin -c "user for 389-ds-base" $USERNAME - else - /usr/sbin/useradd -r -g $GROUPNAME -d $HOMEDIR -s /sbin/nologin -c "user for 389-ds-base" $USERNAME - fi -fi - # Reload our sysctl before we restart (if we can) sysctl --system &> $output; true @@ -589,8 +942,8 @@ fi exit 0 -%files -%if %{bundle_jemalloc} +%files -f plugins.list +%if %{with bundle_jemalloc} %doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.jemalloc %license COPYING.jemalloc %else @@ -601,6 +954,7 @@ exit 0 %config(noreplace)%{_sysconfdir}/%{pkgname}/schema/*.ldif %dir %{_sysconfdir}/%{pkgname}/config %dir %{_sysconfdir}/systemd/system/%{groupname}.wants +%{_sysusersdir}/389-ds-base.conf %config(noreplace)%{_sysconfdir}/%{pkgname}/config/slapd-collations.conf %config(noreplace)%{_sysconfdir}/%{pkgname}/config/certmap.conf %{_datadir}/%{pkgname} @@ -610,20 +964,23 @@ exit 0 %{_mandir}/man1/dbscan.1.gz %{_bindir}/ds-replcheck %{_mandir}/man1/ds-replcheck.1.gz +%{bash_completions_dir}/ds-replcheck %{_bindir}/ds-logpipe.py %{_mandir}/man1/ds-logpipe.py.1.gz %{_bindir}/ldclt %{_mandir}/man1/ldclt.1.gz %{_bindir}/logconv.pl %{_mandir}/man1/logconv.pl.1.gz +%{_bindir}/logconv.py +%{_mandir}/man1/logconv.py.1.gz %{_bindir}/pwdhash %{_mandir}/man1/pwdhash.1.gz -#%caps(CAP_NET_BIND_SERVICE=pe) {_sbindir}/ns-slapd %{_sbindir}/ns-slapd %{_mandir}/man8/ns-slapd.8.gz %{_sbindir}/openldap_to_ds %{_mandir}/man8/openldap_to_ds.8.gz %{_libexecdir}/%{pkgname}/ds_systemd_ask_password_acl +%{_libexecdir}/%{pkgname}/ds_selinux_restorecon.sh %{_mandir}/man5/99user.ldif.5.gz %{_mandir}/man5/certmap.conf.5.gz %{_mandir}/man5/slapd-collations.conf.5.gz @@ -631,7 +988,6 @@ exit 0 %{_mandir}/man5/dirsrv.systemd.5.gz %{_libdir}/%{pkgname}/python %dir %{_libdir}/%{pkgname}/plugins -%{_libdir}/%{pkgname}/plugins/*.so # This has to be hardcoded to /lib - $libdir changes between lib/lib64, but # sysctl.d is always in /lib. %{_prefix}/lib/sysctl.d/* @@ -641,7 +997,7 @@ exit 0 %exclude %{_sbindir}/ldap-agent* %exclude %{_mandir}/man1/ldap-agent.1.gz %exclude %{_unitdir}/%{pkgname}-snmp.service -%if %{bundle_jemalloc} +%if %{with bundle_jemalloc} %{_libdir}/%{pkgname}/lib/ %{_libdir}/%{pkgname}/bin/ %exclude %{_libdir}/%{pkgname}/bin/jemalloc-config @@ -651,6 +1007,9 @@ exit 0 %exclude %{_libdir}/%{pkgname}/lib/libjemalloc_pic.a %exclude %{_libdir}/%{pkgname}/lib/pkgconfig %endif +%if %{with libbdb_ro} +%exclude %{_libdir}/%{pkgname}/librobdb.so +%endif %files devel %doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel @@ -669,15 +1028,12 @@ exit 0 %dir %{_libdir}/%{pkgname} %{_libdir}/libsvrcore.so.* %{_libdir}/%{pkgname}/libslapd.so.* -%{_libdir}/%{pkgname}/libns-dshttpd-*.so +%{_libdir}/%{pkgname}/libns-dshttpd.so.* %{_libdir}/%{pkgname}/libldaputil.so.* %{_libdir}/%{pkgname}/librewriters.so* -%if %{bundle_jemalloc} +%if %{with bundle_jemalloc} %{_libdir}/%{pkgname}/lib/libjemalloc.so.2 %endif -%if %{use_rust} -%{_libdir}/%{pkgname}/librsds.so -%endif %files snmp %doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel @@ -686,1796 +1042,52 @@ exit 0 %{_mandir}/man1/ldap-agent.1.gz %{_unitdir}/%{pkgname}-snmp.service -%files -n python%{python3_pkgversion}-lib389 -%doc LICENSE LICENSE.GPLv3+ -%{python3_sitelib}/lib389* -%{_sbindir}/dsconf -%{_mandir}/man8/dsconf.8.gz -%{_sbindir}/dscreate -%{_mandir}/man8/dscreate.8.gz -%{_sbindir}/dsctl -%{_mandir}/man8/dsctl.8.gz -%{_sbindir}/dsidm -%{_mandir}/man8/dsidm.8.gz -%{_libexecdir}/%{pkgname}/dscontainer +%if %{with bundle_libdb} +%files bdb +%doc LICENSE LICENSE.GPLv3+ README.devel LICENSE.libdb README.libdb lgpl-2.1.txt.libdb +%{_libdir}/%{pkgname}/%{libdb_bundle_name} +%{_libdir}/%{pkgname}/plugins/libback-bdb.so +%endif -%if %{use_cockpit} +%files -n python%{python3_pkgversion}-lib389 -f %{pyproject_files} +%doc src/lib389/README.md +%license LICENSE LICENSE.GPLv3+ +# Binaries +%{_bindir}/dsconf +%{_bindir}/dscreate +%{_bindir}/dsctl +%{_bindir}/dsidm +%{_bindir}/openldap_to_ds +%{_libexecdir}/%{pkgname}/dscontainer +# Man pages +%{_mandir}/man8/dsconf.8.gz +%{_mandir}/man8/dscreate.8.gz +%{_mandir}/man8/dsctl.8.gz +%{_mandir}/man8/dsidm.8.gz +%{_mandir}/man8/openldap_to_ds.8.gz +%exclude %{_mandir}/man1 +# Bash completions for scripts provided by python3-lib389 +%{bash_completions_dir}/dsctl +%{bash_completions_dir}/dsconf +%{bash_completions_dir}/dscreate +%{bash_completions_dir}/dsidm + +%if %{with cockpit} %files -n cockpit-389-ds -f cockpit.list %{_datarootdir}/metainfo/389-console/org.port389.cockpit_console.metainfo.xml %doc README.md %endif +%if %{with libbdb_ro} +%files robdb-libs +%license COPYING.librobdb COPYING.RPM +%doc %{_defaultdocdir}/%{name}-robdb-libs/README.md +%{_libdir}/%{pkgname}/librobdb.so +%{_licensedir}/%{name}-robdb-libs/COPYING +%{_licensedir}/%{name}/COPYING.RPM +%{_licensedir}/%{name}/COPYING.librobdb + +%endif + %changelog -* Mon Sep 20 2021 Mark Reynolds - 1.4.4.17-1 -- Bump version to 1.4.4.17 -- Issue 4927 - rebase lib389 and cockpit in 1.4.4 -- Issue 4908 - Updated several dsconf --help entries (typos, wrong descriptions, etc.) -- Issue 4912 - Account Policy plugin does not set the config entry DN -- Issue 4796 - Add support for nsslapd-state to CLI & UI -- Issue 4894 - IPA failure in ipa user-del --preserve (#4907) -- Issue 4169 - backport lib389 cert list fix -- Issue 4912 - dsidm command crashing when account policy plugin is enabled -- Issue 4910 - db reindex corrupts RUV tombstone nsuiqueid index -- Issue 4869 - Fix retro cl trimming misuse of monotonic/realtime clocks -- Issue - 4696 - Password hash upgrade on bind (#4840) -- Issue 4875 - CLI - Add some verbosity to installer -- Issue 4884 - server crashes when dnaInterval attribute is set to zero -- Issue 4877 - RFE - EntryUUID to validate UUIDs on fixup (#4878) -- Issue 4734 - import of entry with no parent warning (#4735) -- Issue 4872 - BUG - entryuuid enabled by default causes replication issues (#4876) -- Issue 4763 - Attribute Uniqueness Plugin uses wrong subtree on ModRDN (#4871) -- Issue 4851 - Typos in "dsconf pwpolicy set --help" (#4867) -- Issue 4736 - lib389 - fix regression in certutil error checking -- Issue 4736 - CLI - Errors from certutil are not propagated -- Issue 4460 - Fix isLocal and TLS paths discovery (#4850) -- Issue 4443 - Internal unindexed searches in syncrepl/retro changelog -- Issue 4817 - BUG - locked crypt accounts on import may allow all passwords (#4819) -- Issue 4656 - (2nd) Remove problematic language from UI/CLI/lib389 -- Issue 4262 - Fix Index out of bound in fractional test (#4828) -- Issue 4822 - Fix CI temporary password: fixture leftover breaks them (#4823) -- Issue 4656 - remove problematic language from ds-replcheck -- Issue 4803 - Improve DB Locks Monitoring Feature Descriptions -- Issue 4803 - Improve DB Locks Monitoring Feature Descriptions (#4810) -- Issue 4788 - CLI should support Temporary Password Rules attributes (#4793) -- Issue 4506 - Improve SASL logging -- Issue 4093 - Fix MEP test case -- Issue 4747 - Remove unstable/unstatus tests (followup) (#4809) -- Issue 4789 - Temporary password rules are not enforce with local password policy (#4790) -- Issue 4797 - ACL IP ADDRESS evaluation may corrupt c_isreplication_session connection flags (#4799) -- Issue 4447 - Crash when the Referential Integrity log is manually edited -- Issue 4773 - Add CI test for DNA interval assignment -- Issue 4750 - Fix compiler warning in retrocl (#4751) - -* Sun May 30 2021 Mark Reynolds - 1.4.4.16-1 -- Bump version to 1.4.4.16 -- Issue 4778 - RFE - Allow setting TOD for db compaction and add task -- Issue 4623 - RFE - Monitor the current DB locks (#4762) -- Issue 4725 - RFE - Update the password policy to support a Temporary Password Rules (#4727) -- Issue 4701 - RFE - Exclude attributes from retro changelog (#4723) -- Issue 4773 - RFE - Enable interval feature of DNA plugin -- Issue 4719 - lib389 - fix dsconf passthrough auth bugs -- Issue 4764 - replicated operation sometime checks ACI (#4783) -- Issue 4781 - There are some typos in man-pages -- Issue 3555 - Fix UI audit issue -- Issue 4747 - Remove unstable/unstatus tests from PRCI (#4748) -- Issue 4725 - Fix compiler warnings -- Issue 4770 - Lower FIPS logging severity -- Issue 4759 - Fix coverity issue (#4760) -- Issue 4742 - UI - should always use LDAPI path when calling CLI -- Issue 4667 - incorrect accounting of readers in vattr rwlock (#4732) -- Issue 4711 - SECURITY FIX - SIGSEV with sync_repl (#4738) -- Issue 4637 - ndn cache leak (#4724) -- Issue 4577 - Fix ASAN flags in specfile - -* Fri May 21 2021 Christian Heimes - 1.4.4.15-4 -- Apply DNA plugin patch - -* Thu May 20 2021 Christian Heimes - 1.4.4.15-3 -- Enable interval feature of DNA plugin (resolves: rhbz#1962671) - -* Fri May 07 2021 Viktor Ashirov - 1.4.4.15-2 -- Rebuilt to fix NVR - -* Fri Apr 09 2021 Simon Pichugin - 1.4.4.15-1.1 -- Add Rust bundled Provides and Update License - -* Tue Apr 06 2021 Thierry Bordaz 1.4.4.15-1 -- Bump version to 1.4.4.15 -- Issue 4700 - Regression in winsync replication agreement (#4712) -- Issue 2736 - https://github.com/389ds/389-ds-base/issues/2736 -- Issue 4706 - negative wtime in access log for CMP operations -* Fri Mar 19 2021 Thierry Bordaz 1.4.4.14-1 -- Bump version to 1.4.4.14 -- Issue 4671 - UI - Fix browser crashes -- Issue 4229 - Fix Rust linking -- Issue 4658 - monitor - connection start date is incorrect -- Issue 4656 - Make replication CLI backwards compatible with role name change -- Issue 4656 - Remove problematic language from UI/CLI/lib389 -- Issue 4459 - lib389 - Default paths should use dse.ldif if the server is down -- Issue 4661 - RFE - allow importing openldap schemas (#4662) -- Issue 4659 - restart after openldap migration to enable plugins (#4660) -- Issue 4663 - CLI - unable to add objectclass/attribute without x-origin -- Issue 4169 - UI - updates on the tuning page are not reflected in the UI -- Issue 4588 - BUG - unable to compile without xcrypt (#4589) -- Issue 4513 - Fix replication CI test failures (#4557) -- Issue 4646 - CLI/UI - revise DNA plugin management -- Issue 4644 - Large updates can reset the CLcache to the beginning of the changelog (#4647) -- Issue 4649 - crash in sync_repl when a MODRDN create a cenotaph (#4652) -- Issue 4513 - CI - make acl ip address tests more robust -- Issue 4619 - remove pytest requirement from lib389 -- Issue 4615 - log message when psearch first exceeds max threads per conn - -* Fri Feb 26 2021 Alexander Bokovoy 1.4.4.13-2 -- Rebuild now that Dogtag is fixed to work with a fix to Issue 4609 - -* Fri Feb 12 2021 Mark Reynolds - 1.4.4.13-1 -- Bump version to 1.4.4.13 -- Update dscontainer (#4564) -- Issue 4591 - RFE - improve openldap_to_ds help and features (#4607) -- Issue 4324 - Some architectures the cache line size file does not exist -- Issue 4593 - RFE - Print help when nsSSLPersonalitySSL is not found (#4614) -- Issue 4609 - CVE - info disclosure when authenticating - -* Tue Feb 2 2021 Mark Reynolds - 1.4.4.12-1 -- Bump version to 1.4.4.12 -- Issue 4579 - libasan detects heap-use-after-free in URP test (#4584) -- Issue 4563 - Failure on s390x: 'Fails to split RDN "o=pki-tomcat-CA" into components' (#4573) -- Issue 4526 - sync_repl: when completing an operation in the pending list, it can select the wrong operation (#4553) -- Issue 4396 - Minor memory leak in backend (#4558) (#4572) -- Issue 4324 - Performance search rate: change entry cache monitor to recursive pthread mutex (#4569) -- Issue 5442 - Search results are different between RHDS10 and RHDS11 - -* Mon Jan 25 2021 Mark Reynolds - 1.4.4.11-1 -- Bump version to 1.4.4.11 -- Issue 4548 - CLI - dsconf needs better root DN access control plugin validation -- Issue 4513 - Fix schema test and lib389 task module (#4514) -- Issue 4535 - lib389 - Fix log function in backends.py -- Issue 4534 - libasan read buffer overflow in filtercmp (#4541) - -* Thu Jan 14 2021 Mark Reynolds - 1.4.4.10-1 -- Bump version to 1.4.4.10 -- Issue 4381 - RFE - LDAPI authentication DN rewritter -- Issue 4539 - BUG - no such file if no overlays in openldap during migration (#4540) -- Issue 4513 - CI Tests - fix test failures -- Issue 4528 - Fix cn=monitor SCOPE_ONE search (#4529) -- Issue 4535 - lib389 - healthcheck throws exception if backend is not replicated -- Issue 4504 - insure that repl_monitor_test use ldapi (for RHEL) - fix merge issue (#4533) -- Issue 4504 - Insure ldapi is enabled in repl_monitor_test.py (Needed on RHEL) (#4527) -- Issue 4506 - BUG - Fix bounds on fd table population (#4520) -- Issue 4521 - DS crash in deref plugin if dereferenced entry exists but is not returned by internal search (#4525) -- Issue 4384 - Separate eventq into REALTIME and MONOTONIC -- Issue 4418 - ldif2db - offline. Warn the user of skipped entries -- Issue 4419 - Warn users of skipped entries during ldif2db online import (#4476) -- Issue 4414 - disk monitoring - prevent division by zero crash -- Issue 4507 - Improve csngen testing task (#4508) -- Issue 4498 - BUG - entryuuid replication may not work (#4503) -- Issue 4504 - Fix pytest test_dsconf_replication_monitor (#4505) -- Issue 4480 - Unexpected info returned to ldap request (#4491) -- Issue 4373 - BUG - one line cleanup, free results in mt if ent 0 (#4502) -- Issue 4500 - Add cockpit enabling to dsctl -- Issue 4272 - RFE - add support for gost-yescrypt for hashing passwords (#4497) -- Issue 1795 - RFE - Enable logging for libldap and libber in error log (#4481) -- Issue 4492 - Changelog cache can upload updates from a wrong starting point (CSN) (#4493) -- Issue 4373 - BUG - calloc of size 0 in MT build (#4496) -- Issue 4483 - heap-use-after-free in slapi_be_getsuffix -- Issue 4224 - cleanup specfile after libsds removal -- Issue 4421 - Unable to build with Rust enabled in closed environment -- Issue 4229 - RFE - Improve rust linking and build performance (#4474) -- Issue 4464 - RFE - clang with ds+asan+rust -- Issue 4224 - openldap can become confused with entryuuid -- Issue 4313 - improve tests and improve readme re refdel -- Issue 4313 - fix potential syncrepl data corruption -- Issue 4315 - performance search rate: nagle triggers high rate of setsocketopt (#4437) -- Issue 4243 - Fix test (4th): SyncRepl plugin provides a wrong (#4475) -- Issue 4446 - RFE - openldap password hashers -- Issue 4403 - RFE - OpenLDAP pw hash migration tests (#4408) -- Issue 4410 -RFE - ndn cache with arc in rust -- Issue 4460 - BUG - add machine name to subject alt names in SSCA (#4472) -- Issue 4243 - Fix test: SyncRepl plugin provides a wrong cookie (#4466) (#4466) - -* Mon Nov 30 2020 Mark Reynolds - 1.4.4.9-1 -- Bump version to 1.4.4.9 -- Issue 4105 - Remove python.six (fix regression) -- Issue 4384 - Use MONOTONIC clock for all timing events and conditions -- Issue 4243 - Fix test: SyncRepl plugin provides a wrong cookie (#4467) -- Issue 4460 - BUG - lib389 should use system tls policy -- Issue 3657 - Add options to dsctl for dsrc file -- Issue 3986 - UI - Handle objectclasses that do not have X-ORIGIN set -- Issue 4297 - 2nd fix for on ADD replication URP issue internal searches with filter containing unescaped chars (#4439) -- Issue 4449 - dsconf replication monitor fails to retrieve database RUV - consumer (Unavailable) (#4451) -- Issue 4105 - Remove python.six from lib389 (#4456) -- Issue 4440 - BUG - ldifgen with --start-idx option fails with unsupported operand (#4444) -- Issue 2054 - do not add referrals for masters with different data generation #2054 (#4427) -- Issue 2058 - Add keep alive entry after on-line initialization - second version (#4399) -- Issue 4373 - BUG - Mapping Tree nodes can be created that are invalid -- Issue 4428 - BUG Paged Results with critical false causes sigsegv in chaining -- Issue 4428 - Paged Results with Chaining Test Case -- Issue 4383 - Do not normalize escaped spaces in a DN -- Issue 4432 - After a failed online import the next imports are very slow -- Issue 4404 - build problems at alpine linux -- Issue 4316 - performance search rate: useless poll on network send callback (#4424) -- Issue 4429 - NULL dereference in revert_cache() -- Issue 4391 - DSE config modify does not call be_postop (#4394) -- Issue 4412 - Fix CLI repl-agmt requirement for parameters (#4422) - -* Sat Nov 7 2020 Mark Reynolds - 1.4.4.8-1 -- Bump version to 1.4.4.8 -- Issue 4415 - unable to query schema if there are extra parenthesis -- Issue 4176 - CL trimming causes high CPU - -* Wed Oct 28 2020 Mark Reynolds - 1.4.4.7-1 -- Bump version to 1.4.4.7 -- Issue 2526 - revert backend validation check -- Issue 4262 - more perl removal cleanup -- Issue 2526 - retrocl backend created out of order - -* Mon Oct 26 2020 Mark Reynolds - 1.4.4.6-1 -- Bump version to 1.4.4.6 -- Issue 4262 - Remove legacy tools subpackage (final cleanup) -- Issue 4262 - Remove legacy tools subpackage (restart instances after rpm install) -- Issue 4262 - Remove legacy tools subpackage -- Issue 2526 - revert API change in slapi_be_getsuffix() -- Issue 4363 - Sync repl: per thread structure was incorrectly initialized (#4395) -- Issue 4392 - Update create_test.py -- Issue 2820 - Fix CI tests (#4365) -- Issue 2526 - suffix management in backends incorrect -- Issue 4389 - errors log with incorrectly formatted message parent_update_on_childchange -- Issue 4295 - Fix a closing quote issue (#4386) -- Issue 1199 - Misleading message in access log for idle timeout (#4385) -- Issue 3600 - RFE - openldap migration tooling (#4318) -- Issue 4176 - import ldif2cl task should not close all changelogs -- Issue 4159 - Healthcheck code DSBLE0002 not returned on disabled suffix -- Issue 4379 - allow more than 1 empty AttributeDescription for ldapsearch, without the risk of denial of service (#4380) -- Issue 4329 - Sync repl - if a serie of updates target the same entry then the cookie get wrong changenumber (#4356) -- Issue 3555 - Fix npm audit issues (#4370) -- Issue 4372 - BUG - Chaining DB did not validate bind mech parameters (#4374) -- Issue 4334 - RFE - Task timeout may cause larger dataset imports to fail (#4359) -- Issue 4361 - RFE - add - dscreate --advanced flag to avoid user confusion -- Issue 4368 - ds-replcheck crashes when processing glue entries -- Issue 4366 - lib389 - Fix account status inactivity checks -- Issue 4265 - UI - Make the secondary plugins read-only (#4364) -- Issue 4360 - password policy max sequence sets is not working as expected -- Issue 4348 - Add tests for dsidm -- Issue 4350 - One line, fix invalid type error in tls_cacertdir check (#4358) - -* Mon Oct 5 2020 Mark Reynolds - 1.4.4.5-1 -- Bump version to 1.4.4.5 -- Issue 4347 - log when server requires a restart for a plugin to become active (#4352) -- Issue 4297 - On ADD replication URP issue internal searches with filter containing unescaped chars (#4355) -- Issue 4350 - dsrc should warn when tls_cacertdir is invalid (#4353) -- Issue 4351 - improve generated sssd.conf output (#4354) -- Issue 4345 - import self sign cert doc comment (#4346) -- Issue 4342 - UI - additional fixes for creation instance modal -- Issue 3996 - Add dsidm rename option (#4338) -- Issue 4258 - Add server version information to UI -- Issue 4326 - entryuuid fixup did not work correctly (#4328) -- Issue 4209 - RFE - add bootstrap credentials to repl agreement (upgrade update) -- Issue 4209 - RFE - add bootstrap credentials to repl agreement (UI update) -- Issue 4209 - RFE - add bootstrap credentials to repl agreement -- Issue 4209 - RFE - add bootstrap credentials to repl agreement -- Issue 4322 - Fix a source link (#4332) -- Issue 4319 - Performance search rate: listener may be erroneously waken up (#4323) -- Issue 4322 - Updates old reference to pagure issue (#4321) -- Issue 4327 - Update issue templates and README.md -- Ticket 51190 - SyncRepl plugin provides a wrong cookie -- Ticket 51121 - Remove hardcoded changelog file name -- Ticket 51253 - dscreate should LDAPI to bootstrap the config -- Ticket 51177 - fix warnings -- Ticket 51228 - Fix lock/unlock wording and lib389 use of methods -- Ticket 51247 - Container Healthcheck failure -- Ticket 51177 - on upgrade configuration handlers -- Ticket 51229 - Server Settings page gets into an unresponsive state -- Ticket 51189 - integrate changelog in main database - update CLI -- Ticket 49562 - integrate changelog database to main database -- Ticket 51165 - Set the operation start time for extended ops -- Ticket 50933 - Fix OID change between 10rfc2307 and 10rfc2307compat -- Ticket 51228 - Clean up dsidm user status command -- Ticket 51233 - ds-replcheck crashes in offline mode -- Ticket 50260 - Fix test according to #51222 fix -- Ticket 50952 - SSCA lacks basicConstraint:CA -- Ticket 50933 - enable 2307compat.ldif by default -- Ticket 50933 - Update 2307compat.ldif -- Ticket 51102 - RFE - ds-replcheck - make online timeout configurable -- Ticket 51222 - It should not be allowed to delete Managed Entry manually -- Ticket 51129 - SSL alert: The value of sslVersionMax "TLS1.3" is higher than the supported version -- Ticket 49487 - Restore function that incorrectly removed by last patch -- Ticket 49481 - remove unused or unnecessary database plugin functions -- Ticket 50746 - Add option to healthcheck to list all the lint reports -- Ticket 49487 - Cleanup unused code -- Ticket 51086 - Fix instance name length for interactive install -- Ticket 51136 - JSON Error output has redundant messages -- Ticket 51059 - If dbhome directory is set online backup fails -- Ticket 51000 - Separate the BDB backend monitors -- Ticket 49300 - entryUSN is duplicated after memberOf operation -- Ticket 50984 - Fix disk_mon_check_diskspace types -- Ticket 50791 - Healthcheck to find notes=F -<<<<<<< HEAD -======= - -* Tue Sep 29 22:52:34 CEST 2020 Zbigniew Jędrzejewski-Szmek - 1.4.4.4-1.4 -- Rebuilt for libevent 2.1.12 (attempt #2) - -* Tue Sep 29 20:25:49 CEST 2020 Zbigniew Jędrzejewski-Szmek - 1.4.4.4-1.3 -- Rebuilt for libevent 2.1.12 ->>>>>>> 1aab708... Bump version to 1.4.4.6 - -* Thu Aug 27 2020 Josef Řídký - 1.4.4.4-1.2 -- Rebuilt for new net-snmp release - -* Mon Jul 27 2020 Fedora Release Engineering - 1.4.4.4-1.1 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild - -* Wed Jul 8 2020 Mark Reynolds - 1.4.4.4-1 -- Bump version to 1.4.4.4 -- Issue 51175 - resolve plugin name leaking -- Issue 51187 - UI - stop importing Cockpit's PF css -- Issue 51192 - Add option to reject internal unindexed searches -- Issue 50840 - Fix test docstrings metadata-1 -- Issue 50840 - Fix test docstrings metadata -- Issue 50980 - fix foo_filter_rewrite -- Issue 51165 - add more logconv stats for the new access log keywords -- Issue 50928 - Unable to create a suffix with countryName either via dscreate or the admin console -- Issue 51188 - db2ldif crashes when LDIF file can't be accessed -- Issue 50545 - Port remaining legacy tools to new python CLI -- Issue 51165 - add new access log keywords for wtime and optime -- Issue 49761 - Fix CI test suite issues ( Port remaning acceptance test suit part 1) -- Issue 51070 - Port Import TET module to python3 part2 -- Issue 51142 - Port manage Entry TET suit to python 3 part 1 -- Issue 50860 - Port Password Policy test cases from TET to python3 final -- Issue 50696 - Fix Allowed and Denied Ciphers lists - WebUI -- Issue 51169 - UI - attr uniqueness - selecting empty subtree crashes cockpit -- Issue 49256 - log warning when thread number is very different from autotuned value -- Issue 51157 - Reindex task may create abandoned index file -- Issue 50873 - Fix issues with healthcheck tool -- Issue 50860 - Port Password Policy test cases from TET to python3 part2 -- Issue 51166 - Log an error when a search is fully unindexed -- Issue 50544 - OpenLDAP syncrepl compatability -- Issue 51161 - fix SLE15.2 install issps -- Issue 49999 - rpm.mk build-cockpit should clean cockpit_dist first -- Issue 51144 - dsctl fails with instance names that contain slapd- -- Issue 51155 - Fix OID for sambaConfig objectclass -- Issue 51159 - dsidm ou delete fails -- Issue 50984 - Memory leaks in disk monitoring -- Issue 51131 - improve mutex alloc in conntable -- Issue 49761 - Fix CI tests -- Issue 49859 - A distinguished value can be missing in an entry -- Issue 50791 - Healthcheck should look for notes=A/F in access log -- Issue 51072 - Set the default minimum worker threads -- Issue 51140 - missing ifdef -- Issue 50912 - pwdReset can be modified by a user -- Issue 50781 - Make building cockpit plugin optional -- Issue 51100 - Correct numSubordinates value for cn=monitor -- Issue 51136 - dsctl and dsidm do not errors correctly when using JSON -- Issue 137 - fix compiler warning -- Issue 50781 - Make building cockpit plugin optional -- Issue 51132 - Winsync setting winSyncWindowsFilter not working as expected -- Issue 51034 - labeledURIObject -- Issue 50545 - Port remaining legacy tools to new python CLI -- Issue 50889 - Extract pem files into a private namespace -- Issue 137 - Implement EntryUUID plugin -- Issue 51072 - improve autotune defaults -- Issue 51115 - enable samba3.ldif by default -- Issue 51118 - UI - improve modal validation when creating an instance -- Issue 50746 - Add option to healthcheck to list all the lint reports - -* Mon Jun 22 2020 Jitka Plesnikova - 1.4.4.3-1.1 -- Perl 5.32 rebuild - -* Fri May 29 2020 Mark Reynolds - 1.4.4.3-1 -- Bump version to 1.4.4.3 -- Issue 50931 - RFE AD filter rewriter for ObjectCategory -- Issue 50860 - Port Password Policy test cases from TET to python3 part1 -- Issue 51113 - Allow using uid for replication manager entry -- Issue 51095 - abort operation if CSN can not be generated -- Issue 51110 - Fix ASAN ODR warnings -- Issue 49850 - ldbm_get_nonleaf_ids() painfully slow for databases with many non-leaf entries -- Issue 51102 - RFE - ds-replcheck - make online timeout configurable -- Issue 51076 - remove unnecessary slapi entry dups -- Issue 51086 - Improve dscreate instance name validation -- Issue:51070 - Port Import TET module to python3 part1 -- Issue 51037 - compiler warning -- Issue 50989 - ignore pid when it is ourself in protect_db -- Issue 51037 - RFE AD filter rewriter for ObjectSID -- Issue 50499 - Fix some npm audit issues -- Issue 51091 - healthcheck json report fails when mapping tree is deleted -- Issue 51079 - container pid start and stop issues -- Issue 49761 - Fix CI tests -- Issue 50610 - Fix return code when it's nothing to free -- Issue 50610 - memory leaks in dbscan and changelog encryption -- Issue 51076 - prevent unnecessarily duplication of the target entry -- Issue 50940 - Permissions of some shipped directories may change over time -- Issue 50873 - Fix issues with healthcheck tool -- Issue 51082 - abort when a empty valueset is freed -- Issue 50201 - nsIndexIDListScanLimit accepts any value - -* Tue May 26 2020 Miro Hrončok - 1.4.4.2-1.2 -- Rebuilt for Python 3.9 - -* Fri May 15 2020 Pete Walter - 1.4.4.2-1.1 -- Rebuild for ICU 67 - -* Fri May 8 2020 Mark Reynolds - 1.4.4.2-1 -- Bump version to 1.4.4.2 -- Issue 51078 - Add nsslapd-enable-upgrade-hash to the schema -- Issue 51054 - Revise ACI target syntax checking -- Issue 51068 - deadlock when updating the schema -- Issue 51042 - try to use both c_rehash and openssl rehash -- Issue 51042 - switch from c_rehash to openssl rehash -- Issue 50992 - Bump jemalloc version and enable profiling -- Issue 51060 - unable to set sslVersionMin to TLS1.0 -- Issue 51064 - Unable to install server where IPv6 is disabled -- Issue 51051 - CLI fix consistency issues with confirmations -- Issue 50655 - etime displayed has an order of magnitude 10 times smaller than it should be -- Issue 49731 - undo db_home_dir under /dev/shm/dirsrv for now -- Issue 51054 - AddressSanitizer: heap-buffer-overflow in ldap_utf8prev -- Issue 49761 - Fix CI tests -- Issue 51047 - React deprecating ComponentWillMount -- Issue 50499 - fix npm audit issues -- Issue 50545 - Port dbgen.pl to dsctl -- Issue 51027 - Test passwordHistory is not rewritten on a fail attempt - -* Wed Apr 22 2020 Mark Reynolds - 1.4.4.1-1 -- Bump version to 1.4.4.1 -- Issue 51024 - syncrepl_entry callback does not contain attributes added by postoperation plugins -- Issue 50877 - task to run tests of csn generator -- Issue 49731 - undo db_home_dir under /dev/shm/dirsrv for now -- Issue 48055 - CI test - automember_plugin(part3) -- Issue 51035 - Heavy StartTLS connection load can randomly fail with err=1 -- Issue 51031 - UI - transition between two instances needs improvement - -* Thu Apr 16 2020 Mark Reynolds - 1.4.4.0-1 -- Bump version to 1.4.4.0 -- Issue 50933 - 10rfc2307compat.ldif is not ready to be used by default -- Issue 50931 - RFE AD filter rewriter for ObjectCategory -- Issue 51016 - Fix memory leaks in changelog5_init and perfctrs_init -- Issue 50980 - RFE extend usability for slapi_compute_add_search_rewriter and slapi_compute_add_evaluator -- Issue 51008 - dbhome in containers -- Issue 50875 - Refactor passwordUserAttributes's and passwordBadWords's code -- Issue 51014 - slapi_pal.c possible static buffer overflow -- Issue 50545 - remove dbmon "incr" option from arg parser -- Issue 50545 - Port dbmon.sh to dsconf -- Issue 51005 - AttributeUniqueness plugin's DN parameter should not have a default value -- Issue 49731 - Fix additional issues with setting db home directory by default -- Issue 50337 - Replace exec() with setattr() -- Issue 50905 - intermittent SSL hang with rhds -- Issue 50952 - SSCA lacks basicConstraint:CA -- Issue 50640 - Database links: get_monitor() takes 1 positional argument but 2 were given -- Issue 50869 - Setting nsslapd-allowed-sasl-mechanisms truncates the value - -* Wed Apr 1 2020 Mark Reynolds - 1.4.3.5-1 -- Bump version to 1.4.3.5 -- Issue 50994 - Fix latest UI bugs found by QE -- Issue 50933 - rfc2307compat.ldif -- Issue 50337 - Replace exec() with setattr() -- Issue 50984 - Memory leaks in disk monitoring -- Issue 50984 - Memory leaks in disk monitoring -- Issue 49731 - dscreate fails in silent mode because of db_home_dir -- Issue 50975 - Revise UI branding with new minimized build -- Issue 49437 - Fix memory leak with indirect COS -- Issue 49731 - Do not add db_home_dir to template-dse.ldif -- Issue 49731 - set and use db_home_directory by default -- Issue 50971 - fix BSD_SOURCE -- Issue 50744 - -n option of dbverify does not work -- Issue 50952 - SSCA lacks basicConstraint:CA -- Issue 50976 - Clean up Web UI source directory from unused files -- Issue 50955 - Fix memory leaks in chaining plugin(part 2) -- Issue 50966 - UI - Database indexes not using typeAhead correctly -- Issue 50974 - UI - wrong title in "Delete Suffix" popup -- Issue 50972 - Fix cockpit plugin build -- Issue 49761 - Fix CI test suite issues -- Issue 50971 - Support building on FreeBSD. -- Issue 50960 - [RFE] Advance options in RHDS Disk Monitoring Framework -- Issue 50800 - wildcards in rootdn-allow-ip attribute are not accepted -- Issue 50963 - We should bundle *.min.js files of Console -- Issue 50860 - Port Password Policy test cases from TET to python3 Password grace limit section. -- Issue 50860 - Port Password Policy test cases from TET to python3 series of bugs Port final -- Issue 50954 - buildnum.py - fix date formatting issue - -* Mon Mar 16 2020 Mark Reynolds - 1.4.3.4-1 -- Bump version to 1.4.3.4 -- Issue 50954 - Port buildnum.pl to python(part 2) -- Issue 50955 - Fix memory leaks in chaining plugin -- Issue 50954 - Port buildnum.pl to python -- Issue 50947 - change 00core.ldif objectClasses for openldap migration -- Issue 50755 - setting nsslapd-db-home-directory is overriding db_directory -- Issue 50937 - Update CLI for new backend split configuration -- Issue 50860 - Port Password Policy test cases from TET to python3 pwp.sh -- Issue 50945 - givenname alias of gn from openldap -- Issue 50935 - systemd override in lib389 for dscontainer -- Issue 50499 - Fix npm audit issues -- Issue 49761 - Fix CI test suite issues -- Issue 50618 - clean compiler warning and log level -- Issue 50889 - fix compiler issues -- Issue 50884 - Health check tool DSEldif check fails -- Issue 50926 - Remove dual spinner and other UI fixes -- Issue 50928 - Unable to create a suffix with countryName -- Issue 50758 - Only Recommend bash-completion, not Require -- Issue 50923 - Fix a test regression -- Issue 50904 - Connect All React Components And Refactor the Main Navigation Tab Code -- Issue 50920 - cl-dump exit code is 0 even if command fails with invalid arguments -- Issue 50923 - Add test - dsctl fails to remove instances with dashes in the name -- Issue 50919 - Backend delete fails using dsconf -- Issue 50872 - dsconf can't create GSSAPI replication agreements -- Issue 50912 - RFE - add password policy attribute pwdReset -- Issue 50914 - No error returned when adding an entry matching filters for a non existing automember group -- Issue 50889 - Extract pem files into a private namespace -- Issue 50909 - nsDS5ReplicaId cant be set to the old value it had before -- Issue 50686 - Port fractional replication test cases from TET to python3 final -- Issue 49845 - Remove pkgconfig check for libasan -- Issue:50860 - Port Password Policy test cases from TET to python3 bug624080 -- Issue:50860 - Port Password Policy test cases from TET to python3 series of bugs -- Issue 50786 - connection table freelist -- Issue 50618 - support cgroupv2 -- Issue 50900 - Fix cargo offline build -- Issue 50898 - ldclt core dumped when run with -e genldif option - -* Mon Feb 17 2020 Matus Honek - 1.4.3.3-3 -- Bring back the necessary c_rehash util (#1803370) - -* Fri Feb 14 2020 Mark Reynolds - 1.4.3.3-2 -- Bump version to 1.4.3.3-2 -- Remove unneeded perl dependencies -- Change bash-completion to "Recommends" instead of "Requires" - -* Thu Feb 13 2020 Mark Reynolds - 1.4.3.3-1 -- Bump version to 1.4.3.3 -- Issue 50855 - remove unused file from UI -- Issue 50855 - UI: Port Server Tab to React -- Issue 49845 - README does not contain complete information on building -- Issue 50686 - Port fractional replication test cases from TET to python3 part 1 -- Issue 49623 - cont cenotaph errors on modrdn operations -- Issue 50882 - Fix healthcheck errors for instances that do not have TLS enabled -- Issue 50886 - Typo in the replication debug message -- Issue 50873 - Fix healthcheck and virtual attr check -- Issue 50873 - Fix issues with healthcheck tool -- Issue 50028 - Add a new CI test case -- Issue 49946 - Add a new CI test case -- Issue 50117 - Add a new CI test case -- Issue 50787 - fix implementation of attr unique -- Issue 50859 - support running only with ldaps socket -- Issue 50823 - dsctl doesn't work with 'slapd-' in the instance name -- Issue 49624 - cont - DB Deadlock on modrdn appears to corrupt database and entry cache -- Issue 50867 - Fix minor buildsys issues -- Issue 50737 - Allow building with rust online without vendoring -- Issue 50831 - add cargo.lock to allow offline builds -- Issue 50694 - import PEM certs on startup -- Issue 50857 - Memory leak in ACI using IP subject -- Issue 49761 - Fix CI test suite issues -- Issue 50853 - Fix NULL pointer deref in config setting -- Issue 50850 - Fix dsctl healthcheck for python36 -- Issue 49990 - Need to enforce a hard maximum limit for file descriptors -- Issue 48707 - ldapssotoken for authentication - -* Tue Jan 28 2020 Fedora Release Engineering - 1.4.3.2-1.1 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild - -* Thu Jan 23 2020 Mark Reynolds - 1.4.3.2-1 -- Bump version to 1.4.3.2 -- Issue 49254 - Fix compiler failures and warnings -- Issue 50741 - cont bdb_start - Detected Disorderly Shutdown -- Issue 50836 - Port Schema UI tab to React -- Issue 50842 - Decrease 389-console Cockpit component size -- Issue 50790 - Add result text when filter is invalid -- Issue 50627 - Add ASAN logs to HTML report -- Issue 50834 - Incorrectly setting the NSS default SSL version max -- Issue 50829 - Disk monitoring rotated log cleanup causes heap-use-after-free -- Issue 50709 - (cont) Several memory leaks reported by Valgrind for 389-ds 1.3.9.1-10 -- Issue 50784 - performance testing scripts -- Issue 50599 - Fix memory leak when removing db region files -- Issue 49395 - Set the default TLS version min to TLS1.2 -- Issue 50818 - dsconf pwdpolicy get error -- Issue 50824 - dsctl remove fails with "name 'ensure_str' is not defined" -- Issue 50599 - Remove db region files prior to db recovery -- Issue 50812 - dscontainer executable should be placed under /usr/libexec/dirsrv/ -- Issue 50816 - dsconf allows the root password to be set to nothing -- Issue 50798 - incorrect bytes in format string(fix import issue) - -* Thu Jan 16 2020 Adam Williamson - 1.4.3.1-3 -- Backport two more import/missing function fixes - -* Wed Jan 15 2020 Adam Williamson - 1.4.3.1-2 -- Backport 828aad0 to fix missing imports from 1.4.3.1 - -* Mon Jan 13 2020 Mark Reynolds - 1.4.3.1-1 -- Bump version to 1.4.3.1 -- Issue 50798 - incorrect bytes in format string -- Issue 50545 - Add the new replication monitor functionality to UI -- Issue 50806 - Fix minor issues in lib389 health checks -- Issue 50690 - Port Password Storage test cases from TET to python3 part 1 -- Issue 49761 - Fix CI test suite issues -- Issue 49761 - Fix CI test suite issues -- Issue 50754 - Add Restore Change Log option to CLI -- Issue 48055 - CI test - automember_plugin(part2) -- Issue 50667 - dsctl -l did not respect PREFIX -- Issue 50780 - More CLI fixes -- Issue 50649 - lib389 without defaults.inf -- Issue 50780 - Fix UI issues -- Issue 50727 - correct mistaken options in filter validation patch -- Issue 50779 - lib389 - conflict compare fails for DN's with spaces -- Set branch version to 1.4.3.0 - -* Mon Dec 9 2019 Matus Honek - 1.4.2.5-3 -- Bump version to 1.4.2.5-3 -- Fix python-argcomplete tinkering (#1781131) - -* Fri Dec 6 2019 Mark Reynolds - 1.4.2.5-2 -- Bump version to 1.4.2.5-2 -- Fix specfile typo (bash-completion) - -* Fri Dec 6 2019 Mark Reynolds - 1.4.2.5-1 -- Bump version to 1.4.2.5 -- Issue 50747 - Port readnsstate to dsctl -- Issue 50758 - Enable CLI arg completion -- Issue 50753 - Dumping the changelog to a file doesn't work -- Issue 50745 - ns-slapd hangs during CleanAllRUV tests -- Issue 50734 - lib389 creates non-SSCA cert DBs with misleading README.txt -- Issue 48851 - investigate and port TET matching rules filter tests(cert) -- Issue 50443 - Create a module in lib389 to Convert a byte sequence to a properly escaped for LDAP -- Issue 50664 - DS can fail to recover if an empty directory exists in db -- Issue 50736 - RetroCL trimming may crash at shutdown if trimming configuration is invalid -- Issue 50741 - bdb_start - Detected Disorderly Shutdown last time Directory Server was running -- Issue 50572 - After running cl-dump dbdir/cldb/*ldif.done are not deleted -- Issue 50701 - Fix type in lint report -- Issue 50729 - add support for gssapi tests on suse -- Issue 50701 - Add additional healthchecks to dsconf -- Issue 50711 - `dsconf security` lacks option for setting nsTLSAllowClientRenegotiation attribute -- Issue 50439 - Update docker integration for Fedora -- Issue 48851 - Investigate and port TET matching rules filter tests(last test cases for match) -- Issue 50499 - Fix npm audit issues -- Issue 50722 - Test IDs are not unique -- Issue 50712 - Version comparison doesn't work correctly on git builds -- Issue 50499 - Fix npm audit issues -- Issue 50706 - Missing lib389 dependency - packaging - -* Fri Nov 15 2019 Mark Reynolds - 1.4.2.4-2 -- Bump version to 1.4.2.4-2 -- Fix dependancy issue - -* Thu Nov 14 2019 Mark Reynolds - 1.4.2.4-1 -- Bump version to 1.4.2.4 -- Issue 50634 - Fix CLI error parsing for non-string values -- Issue 50659 - AddressSanitizer: SEGV ... in bdb_pre_close -- Issue 50716 - CVE-2019-14824 (BZ#1748199) - deref plugin displays restricted attributes -- Issue 50644 - fix regression with creating sample entries -- Issue 50699 - Add Disk Monitor to CLI and UI -- Issue 50716 - CVE-2019-14824 (BZ#1748199) - deref plugin displays restricted attributes -- Issue 50536 - After audit log file is rotated, DS version string is logged after each update -- Issue 50712 - Version comparison doesn't work correctly on git builds -- Issue 50706 - Missing lib389 dependency - packaging -- Issue 49761 - Fix CI test suite issues -- Issue 50683 - Makefile.am contains unused RPM-related targets -- Issue 50696 - Fix various UI bugs -- Issue 50641 - Update default aci to allows users to change their own password -- Issue 50007, 50648 - improve x509 handling in dsctl -- Issue 50689 - Failed db restore task does not report an error -- Issue 50199 - Disable perl by default -- Issue 50633 - Add cargo vendor support for offline builds -- Issue 50499 - Fix npm audit issues - -* Sun Nov 03 2019 Mark Reynolds - 1.4.2.3-1 -- Bump version to 1.4.2.3 -- Issue 50592 - Port Replication Tab to ReactJS -- Issue 50680 - Remove branding from upstream spec file -- Issue 50669 - Remove nunc-stans in favour of reworking current conn code (add.) -- Issue 48055 - CI test - automember_plugin(part1) -- Issue 50677 - Map subtree searches with NULL base to default naming context -- Issue 50669 - Fix RPM build -- Issue 50669 - remove nunc-stans -- Issue 49850 - cont -fix crash in ldbm_non_leaf -- Issue 50634 - Clean up CLI errors output - Fix wrong exception -- Issue 50660 - Build failure on Fedora 31 -- Issue 50634 - Clean up CLI errors output -- Issue 48851 - Investigate and port TET matching rules filter tests(match more test cases) -- Issue 50428 - Log the actual base DN when the search fails with "invalid attribute request" -- Issue 49850 - ldbm_get_nonleaf_ids() slow for databases with many non-leaf entries -- Issue 50655 - access log etime is not properly formatted -- Issue 50653 - objectclass parsing fails to log error message text -- Issue 50646 - Improve task handling during shutdowns -- Issue 50627 - Support platforms without pytest_html -- Issue 49476 - backend refactoring phase1, fix failing tests -- Issue 49476 - refactor ldbm backend to allow replacement of BDB -- Issue 50349 - additional fix: filter schema check must handle subtypes -- Issue 48851 - investigate and port TET matching rules filter tests(indexing more test cases) -- Issue 50638 - RecursionError: maximum recursion depth exceeded while calling a Python object -- Issue 50636 - Crash during sasl bind -- Issue 50632 - Add ensure attr state so that diffs are easier from 389-ds-portal -- Issue 50619 - extend commands to have more modify options -- Issue 50499 - Fix npm audit issues - -* Fri Nov 01 2019 Pete Walter - 1.4.2.2-3.1 -- Rebuild for ICU 65 - -* Fri Sep 27 2019 Mark Reynolds - 1.4.2.2-3 -- Bump version to 1.4.2.2-3 -- Address perl provides and requires filter - -* Wed Sep 25 2019 Mark Reynolds - 1.4.2.2-2 -- Bump version to 1.4.2.2-2 -- Remove perl filter change as it broke legacy tools - -* Wed Sep 25 2019 Mark Reynolds - 1.4.2.2-1 -- Bump version to 1.4.2.2 -- Issue 50627 - Add ASAN logs to HTML report -- Issue 50545 - Port repl-monitor.pl to lib389 CLI -- Issue 50622 - ds_selinux_enabled may crash on suse -- Issue 50595 - remove syslog.target requirement -- Issue 50617 - disable cargo lock -- Issue 50620 - Fix regressions from 50506 (slapi_enry_attr_get_ref) -- Issue 50615 - Log current test name to journald -- Issue 50610 - memory leak in dbscan - -* Wed Sep 25 2019 Mark Reynolds - 1.4.2.1-1 -- Bump version to 1.4.2.1 -- Issue 50581 - ns-slapd crashes during ldapi search -- Issue 50604 - Fix UI validation -- Issue 50510 - etime can contain invalid nanosecond value -- Issue 50593 - Investigate URP handling on standalone instance -- Issue 50506 - Fix regression for relication stripattrs -- Issue 50580 - Perl can't be disabled in configure -- Issue 50584, 49212 - docker healthcheck and configuration -- Issue 50546 - fix more UI issues(part 2) -- Do not use comparision with "is" for empty value -- Issue 50546 - fix more UI issues -- Issue 50586 - lib389 - Fix DSEldif long line processing -- Issue 50173 - Add the validate-syntax task to the dsconf schema -- Issue 50546 - Fix various issues in UI -- Bump version to 1.4.2.0 -- Issue 50576 - Same proc uid/gid maps to rootdn for ldapi sasl -- Issue 50567, 50568 - strict host check disable and display container version -- Issue 50550 - DS installer debug messages leaking to ipa-server-install -- Issue 50545 - Port fixup-memberuid and add the functionality to CLI and UI -- Issue 50572 - After running cl-dump dbdir/cldb/*ldif.done are not deleted -- Issue 50578 - Add SKIP_AUDIT_CI flag for Cockpit builds -- Issue 50349 - filter schema validation -- Issue 48055 - CI test-(Plugin configuration should throw proper error messages if not configured properly) -- Issue 49324 - idl_new fix assert -- Issue 50564 - Fix rust libraries by default and improve docker -- Issue 50206 - Refactor lock, unlock and status of dsidm account/role -- Issue 49324 - idl_new report index name in error conditions -- Issue 49761 - Fix CI test suite issues -- Issue 50506 - Fix regression from slapi_entry_attr_get_ref refactor -- Issue 50499 - Audit fix - Update npm 'eslint-utils' version -- Issue 49624 - modrdn silently fails if DB deadlock occurs -- Issue 50542 - Fix crashes in filter tests -- Issue 49761 - Fix CI test suite issues -- Issue 50542 - Entry cache contention during base search -- Issue 50462 - Fix CI tests -- Issue 50490 - objects and memory leaks -- Issue 50538 - Move CI test to individual file -- Issue 50538 - cleanAllRUV task limit is not enforced for replicated tasks -- Issue 50536 - Audit log heading written to log after every update -- Issue 50525 - nsslapd-defaultnamingcontext does not change when the assigned suffix gets deleted -- Issue 50534 - CLI change schema edit subcommand to replace -- Issue 50506 - cont Fix invalid frees from pointer reference calls -- Issue 50507 - Fix Cockpit UI styling for PF4 -- Issue 48851 - investigate and port TET matching rules filter tests(indexing final) -- Issue 48851 - Add more test cases to the match test suite(mode replace) -- Issue 50530 - Directory Server not RFC 4511 compliant with requested attr "1.1" -- Issue 50529 - LDAP server returning PWP controls in different sequence -- Issue 50506 - Fix invalid frees from pointer reference calls. -- Issue 50506 - Replace slapi_entry_attr_get_charptr() with slapi_entry_attr_get_ref() -- Issue 50521 - Add regressions in CI tests -- Issue 50510 - etime can contain invalid nanosecond value -- Issue 50488 - Create a monitor for disk space usagedisk-space-mon -- Issue 50511 - lib389 PosixGroups type can not handle rdn properly -- Issue 50508 - UI - fix local password policy form - -* Wed Jul 24 2019 Fedora Release Engineering - 1.4.1.6-1.1 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild - -* Fri Jul 19 2019 Mark Reynolds - 1.4.1.6-1 -- Bump version to 1.4.1.6 -- Issue 50355 - SSL version min and max not correctly applied -- Issue 50497 - Port cl-dump.pl tool to Python using lib389 -- Issue 48851 - investigate and port TET matching rules filter tests(Final) -- Issue 50417 - fix regression from previous commit -- Issue 50425 - Add jemalloc LD_PRELOAD to systemd drop-in file -- Issue 50325 - Add Security tab to UI -- Issue 49789 - By default, do not manage unhashed password -- Issue 49421 - Implement password hash upgrade on bind. -- Issue 49421 - on bind password upgrade proof of concept -- Issue 50493 - connection_is_free to trylock -- Issue 50459 - Correct issue with allocation state -- Issue 50499 - Fix audit issues and remove jquery from the whitelist -- Issue 50459 - c_mutex to use pthread_mutex to allow ns sharing -- Issue 50484 - Add a release build dockerfile and dscontainer improvements -- Issue 50486 - Update jemalloc to 5.2.0 - -* Mon Jul 8 2019 Mark Reynolds - 1.4.1.5-1 -- Bump version to 1.4.1.5 -- Issue 50431 - Fix regression from coverity fix (crash in memberOf plugin) -- Issue 49239 - Add a new CI test case -- Issue 49997 - Add a new CI test case -- Issue 50177 - Add a new CI test case, also added fixes in lib389 -- Issue 49761 - Fix CI test suite issues -- Issue 50474 - Unify result codes for add and modify of repl5 config -- Issue 50472 - memory leak with encryption -- Issue 50462 - Fix Root DN access control plugin CI tests -- Issue 50462 - Fix CI tests -- Issue 50217 - Implement dsconf security section -- Issue 48851 - Add more test cases to the match test suite. -- Issue 50378 - ACI's with IPv4 and IPv6 bind rules do not work for IPv6 clients -- Issue 50439 - fix waitpid issue when pid does not exist -- Issue 50454 - Fix Cockpit UI branding -- Issue 48851 - investigate and port TET matching rules filter tests(index) -- Issue 49232 - Truncate the message when buffer capacity is exceeded - -* Tue Jun 18 2019 Mark Reynolds - 1.4.1.4-1 -- Bump version to 1.4.1.4 -- Issue 49361 - Use IPv6 friendly network functions -- Issue 48851 - Investigate and port TET matching rules filter tests(bug772777) -- Issue 50446 - NameError: name 'ds_is_older' is not defined -- Issue 49602 - Revise replication status messages -- Issue 50439 - Update docker integration to work out of source directory -- Issue 50037 - revert path changes as it breaks prefix/rpm builds -- Issue 50431 - Fix regression from coverity fix -- Issue 50370 - CleanAllRUV task crashing during server shutdown -- Issue 48851 - investigate and port TET matching rules filter tests(match) -- Issue 50417 - Fix missing quote in some legacy tools -- Issue 50431 - Fix covscan warnings -- Revert "Issue 49960 - Core schema contains strings instead of numer oids" -- Issue 50426 - nsSSL3Ciphers is limited to 1024 characters -- Issue 50052 - Fix rpm.mk according to audit-ci change -- Issue 50365 - PIDFile= references path below legacy directory /var/run/ -- Issue 50428 - Log the actual base DN when the search fails with "invalid attribute request" -- Issue 50329 - (2nd) Possible Security Issue: DOS due to ioblocktimeout not applying to TLS -- Issue 50417 - Revise legacy tool scripts to work with new systemd changes -- Issue 48851 - Add more search filters to vfilter_simple test suite -- Issue 49761 - Fix CI test suite issues -- Issue 49875 - Move SystemD service config to a drop-in file -- Issue 50413 - ds-replcheck - Always display the Result Summary -- Issue 50052 - Add package-lock.json and use "npm ci" -- Issue 48851 - investigate and port TET matching rules filter tests(vfilter simple) -- Issue 50355 - NSS can change the requested SSL min and max versions -- Issue 48851 - investigate and port TET matching rules filter tests(vfilter_ld) -- Issue 50390 - Add Managed Entries Plug-in Config Entry schema -- Issue 49730 - Remove unused Mozilla ldapsdk variables - -* Fri May 31 2019 Jitka Plesnikova - 1.4.1.3-1.1 -- Perl 5.30 rebuild - -* Fri May 24 2019 Mark Reynolds - 1.4.1.3-1 -- Bump version to 1.4.1.3 -- Issue 49761 - Fix CI test suite issues -- Issue 50041 - Add the rest UI Plugin tabs - Part 2 -- Issue 50340 - 2nd try - structs for diabled plugins will not be freed -- Issue 50403 - Instance creation fails on 1.3.9 using perl utils and latest lib389 -- Issue 50389 - ns-slapd craches while two threads are polling the same connection -- Issue 48851 - investigate and port TET matching rules filter tests(scanlimit) -- Issue 50037 - lib389 fails to install in venv under non-root user -- Issue 50112 - Port ACI test suit from TET to python3(userattr) -- Issue 50393 - maxlogsperdir accepting negative values -- Issue 50112 - Port ACI test suit from TET to python3(roledn) -- Issue 49960 - Core schema contains strings instead of numer oids -- Issue 50396 - Crash in PAM plugin when user does not exist -- Issue 50387 - enable_tls() should label ports with ldap_port_t -- Issue 50390 - Add Managed Entries Plug-in Config Entry schema -- Issue 50306 - Fix regression with maxbersize -- Issue 50384 - Missing dependency: cracklib-dicts -- Issue 49029 - [RFE] improve internal operations logging -- Issue 49761 - Fix CI test suite issues -- Issue 50374 - dsdim posixgroup create fails with ERROR -- Issue 50251 - clear text passwords visable in CLI verbose mode logging -- Issue 50378 - ACI's with IPv4 and IPv6 bind rules do not work for IPv6 clients -- Issue 48851 - investigate and port TET matching rules filter tests -- Issue 50220 - attr_encryption test suite failing -- Issue 50370 - CleanAllRUV task crashing during server shutdown -- Issue 50340 - structs for disabled plugins will not be freed -- Issue 50164 - Add test for dscreate to basic test suite -- Issue 50363 - ds-replcheck incorrectly reports error out of order multi-valued attributes -- Issue 49730 - MozLDAP bindings have been unsupported for a while -- Issue 50353 - Categorize tests by tiers -- Issue 50303 - Add creation date to task data -- Issue 50358 - Create a Bitwise Plugin class in plugins.py -- Remove the nss3 path prefix from the cert.h C preprocessor source file inclusion -- Issue 50329 - revert fix -- Issue 50112 - Port ACI test suit from TET to python3(keyaci) -- Issue 50344 - tidy rpm vs build systemd flag handling -- Issue 50067 - Fix krb5 dependency in a specfile -- Issue 50340 - structs for diabled plugins will not be freed -- Issue 50327 - Add replication conflict support to UI -- Issue 50327 - Add replication conflict entry support to lib389/CLI -- Issue 50329 - improve connection default parameters -- Issue 50313 - Add a NestedRole type to lib389 -- Issue 50112 - Port ACI test suit from TET to python3(Delete and Add) -- Issue 49390, 50019 - support cn=config compare operations -- Issue 50041 - Add the rest UI Plugin tabs - Part 1 -- Issue 50329 - Possible Security Issue: DOS due to ioblocktimeout not applying to TLS -- Issue 49990 - Increase the default FD limits -- Issue 50306 - (cont typo) Move connection config inside struct -- Issue 50291 - Add monitor tab functionality to Cockpit UI -- Issue 50317 - fix ds-backtrace issue on latest gdb -- Issue 50305 - Revise CleanAllRUV task restart process -- Issue 49915 - Fix typo -- Issue 50026 - Audit log does not capture the operation where nsslapd-lookthroughlimit is modified -- Issue 49899 - fix pin.txt and pwdfile permissions -- Issue 49915 - Add regression test -- Issue 50303 - Add task creation date to task data -- Issue 50306 - Move connection config inside struct -- Issue 50240 - Improve task logging -- Issue 50032 - Fix deprecation warnings in tests -- Issue 50310 - fix sasl header include -- Issue 49390 - improve compare and cn=config compare tests - -* Wed Apr 03 2019 Adam Williamson - 1.4.1.2-3 -- Rebuild without changes to be newer than 1.4.1.2-1 (see #1694990) - -* Fri Mar 29 2019 Mark Reynolds - 1.4.1.2-2 -- Bump version to 1.4.1.2-2 -- Fix lib389 python requirement - -* Fri Mar 29 2019 Mark Reynolds - 1.4.1.2-1 -- Bump version to 1.4.1.2-1 -- Ticket 50308 - Revise memory leak fix -- Ticket 50308 - Fix memory leaks for repeat binds and replication -- Ticket 40067 - Use PKG_CHECK_MODULES to detect libraries -- Ticket 49873 - (cont 3rd) cleanup debug log -- Ticket 49873 - (cont 2nd) Contention on virtual attribute lookup -- Ticket 50292 - Fix Plugin CLI and UI issues -- Ticket 50112 - Port ACI test suit from TET to python3(misc and syntax) -- Ticket 50289 - Fix various database UI issues -- Ticket 49463 - After cleanALLruv, replication is looping on keep alive DEL -- Ticket 50300 - Fix memory leak in automember plugin -- Ticket 50265 - the warning about skew time could last forever -- Ticket 50260 - Invalid cache flushing improvements -- Ticket 49561 - MEP plugin, upon direct op failure, will delete twice the same managed entry -- Ticket 50077 - Do not automatically turn automember postop modifies on -- Ticket 50282 - OPERATIONS ERROR when trying to delete a group with automember members -- Ticket 49715 - extend account functionality -- Ticket 49873 - (cont) Contention on virtual attribute lookup -- Ticket 50260 - backend txn plugins can corrupt entry cache -- Ticket 50255 - Port password policy test to use DSLdapObject -- Ticket 49667 - 49668 - remove old spec files -- Ticket 50276 - 389-ds-console is not built on RHEL8 if cockpit_dist is already present -- Ticket 50112 - Port ACI test suit from TET to python3(Search) -- Ticket 50259 - implement dn construction test -- Ticket 50273 - reduce default replicaton agmt timeout -- Ticket 50208 - lib389- Fix issue with list all instances -- Ticket 50112 - Port ACI test suit from TET to python3(Global Group) -- Ticket 50041 - Add CLI functionality for special plugins -- Ticket 50263 - LDAPS port not listening after installation -- Ticket 49575 - Indicate autosize value errors and corrective actions -- Ticket 50137 - create should not check in non-stateful mode for exist -- Ticket 49655 - remove doap file -- Ticket 50197 - Fix dscreate regression -- Ticket 50234 - one level search returns not matching entry -- Ticket 50257 - lib389 - password policy user vs subtree checks are broken -- Ticket 50253 - Making an nsManagedRoleDefinition type in src/lib389/lib389/idm/nsrole.py -- Ticket 49029 - [RFE] improve internal operations logging -- Ticket 50230 - improve ioerror msg when not root/dirsrv -- Ticket 50246 - Fix the regression in old control tools -- Ticket 50197 - Container integration part 2 -- Ticket 50197 - Container init tools -- Ticket 50232 - export creates not importable ldif file -- Ticket 50215 - UI - implement Database Tab in reachJS -- Ticket 50243 - refint modrdn stress test -- Ticket 50238 - Failed modrdn can corrupt entry cache -- Ticket 50236 - memberOf should be more robust -- Ticket 50213 - fix list instance issue -- Ticket 50219 - Add generic filter to DSLdapObjects -- Ticket 50227 - Making an cosClassicDefinition type in src/lib389/lib389/cos.py -- Ticket 50112 - Port ACI test suit from TET to python3(modify) -- Ticket 50224 - warnings on deprecated API usage -- Ticket 50112 - Port ACI test suit from TET to python3(valueaci) -- Ticket 50112 - Port ACI test suit from TET to python3(Aci Atter) -- Ticket 50208 - make instances mark off based on dse.ldif not sysconfig -- Ticket 50170 - composable object types for nsRole in lib389 -- Ticket 50199 - disable perl by default -- Ticket 50211 - Making an actual Anonymous type in lib389/idm/account.py -- Ticket 50155 - password history check has no way to just check the current password -- Ticket 49873 - Contention on virtual attribute lookup -- Ticket 50197 - Container integration improvements -- Ticket 50195 - improve selinux error messages in interactive -- Ticket 49658 - In replicated topology a single-valued attribute can diverge -- Ticket 50111 - Use pkg-config to detect icu -- Ticket 50165 - Fix issues with dscreate -- Ticket 50177 - import task should not be deleted too rapidely after import finishes to be able to query the status -- Ticket 50140 - Use high ports in container installs -- Ticket 50184 - Add cli tool parity to dsconf/dsctl -- Ticket 50159 - sssd and config display - -* Thu Jan 31 2019 Fedora Release Engineering - 1.4.1.1-1.1 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild - -* Wed Jan 30 2019 Mark Reynolds - 1.4.1.1-1 -- Bump version to 1.4.1.1 -- Ticket 50151 - lib389 support cli add/replace/delete on objects -- Ticket 50041 - CLI and WebUI - Add memberOf plugin functionality - -* Wed Jan 23 2019 Pete Walter - 1.4.0.20-1.2 -- Rebuild for ICU 63 - -* Mon Jan 14 2019 Björn Esser - 1.4.0.20-1.1 -- Rebuilt for libcrypt.so.2 (#1666033) - -* Fri Dec 14 2018 Mark Reynolds - 1.4.0.20-1 -- Bump version to 1.4.0.20 -- Ticket 49994 - Add test for backend/suffix CLI functions -- Ticket 50090 - refactor fetch_attr() to slapi_fetch_attr() -- Ticket 50091 - shadowWarning is not generated if passwordWarning is lower than 86400 seconds (1 day) -- Ticket 50056 - Fix CLI/UI bugs -- Ticket 49864 - Revised replication status messages for transient errors -- Ticket 50071 - Set ports in local_simple_allocate function -- Ticket 50065 - lib389 aci parsing is too strict -- Ticket 50061 - Improve schema loading in UI -- Ticket 50063 - Crash after attempting to restore a single backend -- Ticket 50062 - Replace error by warning in the state machine defined in repl5_inc_run -- Ticket 50041 - Set the React dataflow foundation and add basic plugin UI -- Ticket 50028 - Revise ds-replcheck usage -- TIcket 50057 - Pass argument into hashtable_new -- Ticket 50053 - improve testcase -- Ticket 50053 - Subtree password policy overrides a user-defined password policy -- Ticket 49974 - lib389 - List instances with initconfig_dir instead of sysconf_dir -- Ticket 49984 - Add an empty domain creation to the dscreate -- Ticket 49950 - PassSync not setting pwdLastSet attribute in Active Directory after Pw update from LDAP sync for normal user -- Ticket 50046 - Remove irrelevant debug-log messages from CLI tools -- Ticket 50022, 50012, 49956, and 49800: Various dsctl/dscreate fixes -- Ticket 49927 - dsctl db2index does not work -- Ticket 49814 - dscreate should handle selinux ports that are in a range -- Ticket 49543 - fix certmap dn comparison -- Ticket 49994 - comment out dev paths -- Ticket 49994 - Add backend features to CLI -- Ticket 48081 - Add new CI tests for password - -* Thu Nov 1 2018 Mark Reynolds - 1.4.0.19-1 -- Bump version to 1.4.0.19 -- Ticket 50026 - audit logs does not capture the operation where nsslapd-lookthroughlimit is modified -- Ticket 50020 - during MODRDN referential integrity can fail erronously while updating large groups -- Ticket 49999 - Finish up the transfer to React -- Ticket 50004 - lib389 - improve X-ORIGIN schema parsing -- Ticket 50013 - Log warn instead of ERR when aci target does not exist. -- Ticket 49975 - followup for broken prefix deployment -- Ticket 49999 - Add dist-bz2 target for Koji build system -- Ticket 49814 - Add specfile requirements for python3-libselinux -- Ticket 49814 - Add specfile requirements for python3-selinux -- Ticket 49999 - Integrate React structure into cockpit-389-ds -- Ticket 49995 - Fix Tickets with internal op logging -- Ticket 49997 - RFE: ds-replcheck could validate suffix exists and it's replicated -- Ticket 49985 - memberof may silently fails to update a member -- Ticket 49967 - entry cache corruption after failed MODRDN -- Ticket 49975 - Add missing include file to main.c -- Ticket 49814 - skip standard ports for selinux labelling -- Ticket 49814 - dscreate should set the port selinux labels -- Ticket 49856 - Remove backend option from bak2db -- Ticket 49926 - Fix various Tickets with replication UI -- Ticket 49975 - SUSE rpmlint Tickets -- Ticket 49939 - Fix ldapi path in lib389 -- Ticket 49978 - Add CLI logging function for UI -- Ticket 49929 - Modifications required for the Test Case Management System -- Ticket 49979 - Fix regression in last commit -- Ticket 49979 - Remove dirsrv tests subpackage -- Ticket 49928 - Fix various small WebUI schema Tickets -- Ticket 49926 - UI - comment out dev cli patchs -- Ticket 49926 - Add replication functionality to UI - -* Wed Oct 10 2018 Mark Reynolds - 1.4.0.18-1 -- Bump version to 1.4.0.18 -- Ticket 49968 - Confusing CRITICAL message: list_candidates - NULL idl was recieved from filter_candidates_ext -- Ticket 49946 - upgrade of 389-ds-base could remove replication agreements. -- Ticket 49969 - DOS caused by malformed search operation (part 2) - -* Tue Oct 9 2018 Mark Reynolds - 1.4.0.17-2 -- Bump version to 1.4.0.17-2 -- Ticket 49969 - DOS caused by malformed search operation (security fix) -- Ticket 49943 - rfc3673_all_oper_attrs_test is not strict enough -- Ticket 49915 - Master ns-slapd had 100% CPU usage after starting replication and replication cannot finish -- Ticket 49963 - ASAN build fails on F28 -- Ticket 49947 - Coverity Fixes -- Ticket 49958 - extended search fail to match entries -- Ticket 49928 - WebUI schema functionality and improve CLI part -- Ticket 49954 - On s390x arch retrieved DB page size is stored as size_t rather than uint32_t -- Ticket 49928 - Refactor and improve schema CLI/lib389 part to DSLdapObject -- Ticket 49926 - Fix replication tests on 1.3.x -- Ticket 49926 - Add replication functionality to dsconf -- Ticket 49887 - Clean up thread local usage -- Ticket 49937 - Log buffer exceeded emergency logging msg is not thread-safe (security fix) -- Ticket 49866 - fix typo in cos template in pwpolicy subtree create -- Ticket 49930 - Correction of the existing fixture function names to remove test_ prefix -- Ticket 49932 - Crash in delete_passwdPolicy when persistent search connections are terminated unexpectedly -- Ticket 48053 - Add attribute encryption test cases -- Ticket 49866 - Refactor PwPolicy lib389/CLI module -- Ticket 49877 - Add log level functionality to UI - -* Fri Aug 24 2018 Mark Reynolds - 1.4.0.16-1 -- Bump version to 1.4.0.16 -- Revert "Ticket 49372 - filter optimisation improvements for common queries" -- Revert "Ticket 49432 - filter optimise crash" -- Ticket 49887: Fix SASL map creation when --disable-perl -- Ticket 49858 - Add backup/restore and import/export functionality to WebUI/CLI - -* Thu Aug 16 2018 Mark Reynolds - 1.4.0.15-1 -- Bump version to 1.4.0.15 -- Ticket 49029 - Internal logging thread data needs to allocate int pointers -- Ticket 48061 : CI test - config -- Ticket 48377 - Only ship libjemalloc.so.2 -- Ticket 49885 - On some platform fips does not exist - -* Mon Aug 13 2018 Mark Reynolds - 1.4.0.14-2 -- Bump version to 1.4.0.14-2 -- Fix legacy tool scriplet error -- Remove ldconfig calls -- Only provide libjemalloc.so.2 - -* Fri Aug 10 2018 Mark Reynolds - 1.4.0.14-1 -- Bump version to 1.4.0.14 -- Ticket 49891 - Use "__python3" macro for python scripts -- Ticket 49890 - ldapsearch with server side sort crashes the ldap server -- Ticket 49029 - RFE -improve internal operations logging -- Ticket 49893 - disable nunc-stans by default -- Ticket 48377 - Update file name for LD_PRELOAD -- Ticket 49884 - Improve nunc-stans test to detect socket errors sooner -- Ticket 49888 - Use perl filter in rpm specfile -- Ticket 49866 - Add password policy features to CLI/UI -- Ticket 49881 - Missing check for crack.h -- Ticket 48056 - Add more test cases to the basic suite -- Ticket 49761 - Fix replication test suite issues -- Ticket 49381 - Refactor the plugin test suite docstrings -- Ticket 49837 - Add new password policy attributes to UI -- Ticket 49794 - RFE - Add pam_pwquality features to password syntax checking -- Ticket 49867 - Fix CLI tools' double output - -* Thu Jul 19 2018 Mark Reynolds - 1.4.0.13-1 -- Bump version to 1.4.0.13 -- Ticket 49854 - ns-slapd should create run_dir and lock_dir directories at startup -- Ticket 49806 - Add SASL functionality to CLI/UI -- Ticket 49789 - backout original security fix as it caused a regression in FreeIPA -- Ticket 49857 - RPM scriptlet for 389-ds-base-legacy-tools throws an error - -* Tue Jul 17 2018 Mark Reynolds - 1.4.0.12-1 -- Bump version to 1.4.0.12-1 -- Ticket 48377 - Move jemalloc license to /usr/share/licences -- Ticket 49813 - Revised interactive installer -- Ticket 49789 - By default, do not manage unhashed password -- Ticket 49844 - lib389: don't set up logging at module scope -- Ticket 49546 - Fix issues with MIB file -- Ticket 49840 - ds-replcheck command returns traceback errors against ldif files having garbage content when run in offline mode -- Ticket 49640 - Cleanup plugin bootstrap logging -- Ticket 49835 - lib389: fix logging -- Ticket 48818 - For a replica bindDNGroup, should be fetched the first time it is used not when the replica is started -- Ticket 49780 - acl_copyEval_context double free -- Ticket 49830 - Import fails if backend name is "default" -- Ticket 49832 - remove tcmalloc references -- Ticket 49813 - dscreate - add interactive installer -- Ticket 49808 - Add option to add backend to dscreate -- Ticket 49811 - lib389 setup.py should install autogenerated man pages -- Ticket 49795 - UI - add "action" backend funtionality -- Ticket 49588 - Add py3 support for tickets : part-3 -- Ticket 49820 - lib389 requires wrong python ldap library -- Ticket 49791 - Update docker file for new dscreate options -- Ticket 49761 - Fix more CI test issues -- Ticket 49811 - Update man pages -- Ticket 49783 - UI - add server configuration backend -- Ticket 49717 - Add conftest.py for tests -- Ticket 49588 - Add py3 support for tickets -- Ticket 49793 - Updated descriptions in dscreate example INF file -- Ticket 49471 - Rename dscreate options -- Ticket 49751 - passwordMustChange attribute is not honored by a RO consumer if using "Chain on Update" -- Ticket 49734 - Fix various issues with Disk Monitoring -- Update Source0 URL in rpm/389-ds-base.spec.in - - -* Thu Jul 12 2018 Fedora Release Engineering - 1.4.0.11-2.5 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild - -* Tue Jul 10 2018 Pete Walter - 1.4.0.11-2.4 -- Rebuild for ICU 62 - -* Tue Jul 03 2018 Petr Pisar - 1.4.0.11-2.3 -- Perl 5.28 rebuild - -* Mon Jul 02 2018 Miro Hrončok - 1.4.0.11-2.2 -- Rebuilt for Python 3.7 - -* Fri Jun 29 2018 Jitka Plesnikova - 1.4.0.11-2.1 -- Perl 5.28 rebuild - -* Thu Jun 21 2018 Mark Reynolds - 1.4.0.11-2 -- Bump version to 1.4.0.11-2 -- Add python3-lib389 requirement - -* Tue Jun 19 2018 Mark Reynolds - 1.4.0.11-1 -- Bump version to 1.4.0.11 -- Test for issue #49788 -- Fixing 4-byte UTF-8 character validation -- Ticket 49777 - add config subcommand to dsconf -- Ticket 49712 - lib389 CLI tools should return a result code on failures -- Issue 49588 - Add py3 support for tickets : part-2 -- Remove old RHEL/fedora version checking from upstream specfile -- Ticket 48204 - remove python2 from scripts -- Ticket 49576 - ds-replcheck: fix certificate directory verification -- Bug 1591761 - 389-ds-base: Remove jemalloc exports - -* Tue Jun 19 2018 Miro Hrončok - 1.4.0.10-2.1 -- Rebuilt for Python 3.7 - -* Fri Jun 8 2018 Mark Reynolds - 1.4.0.10-2 -- Bump verision to 1.4.0.10-2 -- Remove reference ro stop-dirsrv from legacy tools - -* Fri Jun 8 2018 Mark Reynolds - 1.4.0.10-1 -- Bump verision to 1.4.0.10-1 -- Ticket 49640 - Errors about PBKDF2 password storage plugin at server startup -- Ticket 49571 - perl subpackage and python installer by default -- Ticket 49740 - UI - Replication monitor color coding is not colorblind friendly -- Ticket 49741 - UI - View/Edit replication agreement hangs WebUI -- Ticket 49703 - UI - Set default values in create instance form -- Ticket 49742 - Fine grained password policy can impact search performance -- Ticket 49768 - Under network intensive load persistent search can erronously decrease connection refcnt -- Ticket 49765 - compiler warning -- Ticket 49689 - Cockpit subpackage does not build in PREFIX installations -- Ticket 49765 - Async operations can hang when the server is running nunc-stans -- Ticket 49745 - UI add filter options for error log severity levels -- Ticket 49761 - Fix test suite issues -- Ticket 49754 - instances created with dscreate can not be upgraded with setup-ds.pl -- Ticket 47902 - UI - add continuous refresh log feature -- Ticket 49381 - Add docstrings to plugin test suites - Part 1 -- Ticket 49646 - Improve TLS cert processing in lib389 CLI -- Ticket 49748 - Passthru plugin startTLS option not working -- Ticket 49732 - Optimize resource limit checking for rootdn issued searches -- Ticket 48377 - Bundle jemalloc -- Ticket 49736 - Hardening of active connection list -- Ticket 48184 - clean up and delete connections at shutdown (3rd) -- Ticket 49675 - Revise coverity fix -- Ticket 49333 - Do not remove versioned man pages -- Ticket 49683 - Add support for JSON option in lib389 CLI tools -- Ticket 49704 - Error log from the installer is concatenating all lines into one -- Ticket 49726 - DS only accepts RSA and Fortezza cipher families -- Ticket 49722 - Errors log full of " WARN - keys2idl - recieved NULL idl from index_read_ext_allids, treating as empty set" messages -- Ticket 49582 - Add py3 support to memberof_plugin test suite -- Ticket 49675 - Fix coverity issues -- Ticket 49576 - Add support of ";deletedattribute" in ds-replcheck -- Ticket 49706 - Finish UI patternfly convertions -- Ticket 49684 - AC_PROG_CC clobbers CFLAGS set by --enable-debug -- Ticket 49678 - organiSational vs organiZational spelling in lib389 -- Ticket 49689 - Fix local "make install" after adding cockpit subpackage -- Ticket 49689 - Move Cockpit UI plugin to a subpackage -- Ticket 49679 - Missing nunc-stans documentation and doxygen warnings -- Ticket 49588 - Add py3 support for tickets : part-1 -- Ticket 49576 - Update ds-replcheck for new conflict entries -- Ticket 48184 - clean up and delete connections at shutdown (2nd try) -- Ticket 49698 - Remove unneeded patternfly files from Cockpit package -- Ticket 49581 - Fix dynamic plugins test suite -- Ticket 49665 - remove obsoleted upgrade scripts -- Ticket 49693 - A DB_DEADLOCK while adding a tombstone (RUV) leads to access of an already freed entry -- Ticket 49696 - replicated operations should be serialized -- Ticket 49669 - Invalid cachemem size can crash the server during a restore -- Ticket 49684 - AC_PROG_CC clobbers CFLAGS set by --enable-debug -- Ticket 49685 - make clean fails if cargo is not installed -- Ticket 49106 - Move ds_* scripts to libexec -- Ticket 49657 - Fix cascading replication scenario in lib389 API -- Ticket 49671 - Readonly replicas should not write internal ops to changelog -- Ticket 49673 - nsslapd-cachememsize can't be set to a value bigger than MAX_INT -- Ticket 49519 - Convert Cockpit UI to use strictly patternfly stylesheets -- Ticket 49665 - Upgrade script doesn't enable CRYPT password storage plug-in -- Ticket 49665 - Upgrade script doesn't enable PBKDF2 password storage plug-in - -* Tue May 15 2018 Mark Reynolds - 1.4.0.9-2 -- Bump version to 1.4.0.9-2 -- Add openssl-perl requirement for new python installer - -* Tue May 8 2018 Mark Reynolds - 1.4.0.9-1 -- Bump version to 1.4.0.9 -- Ticket 49661 - CVE-2018-1089 - Crash from long search filter -- Ticket 49652 - DENY aci's are not handled properly -- Ticket 49650 - lib389 enable_tls doesn't work on F28 -- Ticket 49538 - replace cacertdir_rehash with openssl rehash -- Ticket 49406 - Port backend_test.py test to DSLdapObject implementation -- Ticket 49649 - Use reentrant crypt_r() -- Ticket 49642 - lib389 should generate a more complex password -- Ticket 49612 - lib389 remove_ds_instance() does not remove systemd units -- Ticket 49644 - crash in debug build - -* Mon Apr 30 2018 Pete Walter - 1.4.0.8-1.1 -- Rebuild for ICU 61.1 - -* Thu Apr 19 2018 Mark Reynolds - 1.4.0.8-1 -- Bump version to 1.4.0.8-1 -- Ticket 49639 - Crash when failing to read from SASL conn -- Ticket 49109 - nsDS5ReplicaTransportInfo should accept StartTLS as an option -- Ticket 49586 - Add py3 support to plugins test suite -- Ticket 49511 - memory leak in pwdhash - -* Mon Apr 16 2018 Mark Reynolds - 1.4.0.7-2 -- Bump version to 1.4.0.7-2 -- Fix the devel srvcore requirements - -* Fri Apr 13 2018 Mark Reynolds - 1.4.0.7-1 -- Bump version to 1.4.0.7 -- Ticket 49477 - Missing pbkdf python -- Ticket 49552 - Fix the last of the build issues on F28/29 -- Ticket 49522 - Fix build issues on F28 -- Ticket 49631 - same csn generated twice -- Ticket 49585 - Add py3 support to password test suite : part-3 -- Ticket 49585 - Add py3 support to password test suite : part-2 -- Ticket 48184 - revert previous patch around unuc-stans shutdown crash -- Ticket 49585 - Add py3 support to password test suite -- Ticket 46918 - Fix compiler warnings on arm -- Ticket 49601 - Replace HAVE_SYSTEMD define with WITH_SYSTEMD in svrcore -- Ticket 49619 - adjustment of csn_generator can fail so next generated csn can be equal to the most recent one received -- Ticket 49608 - Add support for gcc/clang sanitizers -- Ticket 49606 - Improve lib389 documentation -- Ticket 49552 - Fix build issues on F28 -- Ticket 49603 - 389-ds-base package rebuilt on EPEL can't be installed due to missing dependencies -- Ticket 49593 - NDN cache stats should be under the global stats -- Ticket 49599 - Revise replication total init status messages -- Ticket 49596 - repl-monitor.pl fails to find db tombstone/RUV entry -- Ticket 49589 - merge svrcore into 389-ds-base -- Ticket 49560 - Add a test case for extract-pemfiles -- Ticket 49239 - Add a test suite for ds-replcheck tool RFE -- Ticket 49369 - merge svrcore into 389-ds-base - -* Thu Mar 29 2018 Till Maas - 1.4.0.6-3 -- Remove BR on tcp_wrappers (https://bugzilla.redhat.com/show_bug.cgi?id=1518749) - -* Tue Mar 6 2018 Mark Reynolds - 1.4.0.6-1 -- Bump version to 1.4.0.6 -- Ticket 49545 - final substring extended filter search returns invalid result -- Ticket 49572 - ns_job_wait race on condvar -- Ticket 49584 - Fix Tickets with paged_results test suite -- Ticket 49161 - memberof fails if group is moved into scope -- Ticket 49447 - PBKDF2 on upgrade -- ticket 49551 - correctly handle subordinates and tombstone numsubordinates -- Ticket 49043 - Add replica conflict test suite -- Ticket 49296 - Fix race condition in connection code with anonymous limits -- Ticket 49568 - Fix integer overflow on 32bit platforms -- Ticket 48085 - Add encryption cl5 test suite -- Ticket 49566 - ds-replcheck needs to work with hidden conflict entries -- Ticket 49519 - Add more Cockpit UI content -- Ticket 49551 - fix memory leak found by coverity -- Ticket 49551 - v3 - correct handling of numsubordinates for cenotaphs and tombstone delete -- Ticket 49278 - Add a new CI test case -- Ticket 49560 - nsslapd-extract-pemfiles should be enabled by default as openldap is moving to openssl -- Ticket 49557 - Add config option for checking CRL on outbound SSL Connections -- Ticket 49446 - Add CI test case -- Ticket 35 - Description: Add support for managing automember to dsconf -- Ticket 49544 - cli release preperation -- Ticket 48006 - Add a new CI test case - -* Mon Feb 19 2018 Mark Reynolds - 1.4.0.5-1.7 -- Add cyrus-sasl-plain requirement - -* Thu Feb 15 2018 Mark Reynolds - 1.4.0.5-1.6 -- Fix python requirements for policycoreutils-python-utils - -* Thu Feb 15 2018 Mark Reynolds - 1.4.0.5-1.5 -- Fix package requirements to use Python 3 packages for LDAP and SELinux - -* Thu Feb 15 2018 Mark Reynolds - 1.4.0.5-1.4 -- Only exclude Ix86 arches - -* Thu Feb 15 2018 Adam Williamson - 1.4.0.5-1.3 -- Rebuild for libevent soname bump - -* Fri Feb 09 2018 Igor Gnatenko - 1.4.0.5-1.2 -- Escape macros in %%changelog - -* Wed Feb 07 2018 Fedora Release Engineering - 1.4.0.5-1.1 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild - -* Wed Jan 31 2018 Mark Reynolds - 1.4.0.5-1 -- Bump version to 1.4.0.5 -- CVE-2017-15134 389-ds-base: Remote DoS via search filters in slapi_filter_sprintf -- Ticket 49546 - Fix broken snmp MIB file -- Ticket 49554 - update readme -- Ticket 49554 - Update Makefile for README.md -- Ticket 49400 - Make CLANG configurable -- Ticket 49530 - Add pseudolocalization option for dbgen -- Ticket 49523 - Fixed skipif marker, topology fixture and log message -- Ticket 49544 - Double check pw prompts -- Ticket 49548 - Cockpit UI - installer should also setup Cockpit - -* Fri Jan 26 2018 Mark Reynolds - 1.4.0.4-1 -- Bump version to 1.4.0.4 -- Ticket 49540 - Indexing task is reported finished too early regarding the backend status -- Ticket 49534 - Fix coverity regression -- Ticket 49544 - cli release preperation, group improvements -- Ticket 49542 - Unpackaged files on el7 break rpm build -- Ticket 49541 - repl config should not allow rid 65535 for masters -- Ticket 49370 - Add all the password policy defaults to a new local policy -- Ticket 49425 - improve demo objects for install -- Ticket 49537 - allow asan to build with stable rustc -- Ticket 49526 - Improve create_test.py script -- Ticket 49516 - Add python 3 support for replication suite -- Ticket 49534 - Fix coverity issues and regression -- Ticket 49532 - coverity issues - fix compiler warnings & clang issues -- Ticket 49531 - coverity issues - fix memory leaks -- Ticket 49463 - After cleanALLruv, there is a flow of keep alive DEL -- Ticket 49529 - Fix Coverity warnings: invalid deferences -- Ticket 49509 - Indexing of internationalized matching rules is failing -- Ticket 49527 - Improve ds* cli tool testing -- Ticket 49474 - purge saslmaps before gssapi test -- Ticket 49413 - Changelog trimming ignores disabled replica-agreement -- Ticket 49446 - cleanallruv should ignore cleaned replica Id in processing changelog if in force mode -- Ticket 49278 - GetEffectiveRights gives false-negative -- Ticket 49508 - memory leak in cn=replica plugin setup -- Ticket 48118 - Add CI test case -- Ticket 49520 - Cockpit UI - Add database chaining HTML -- Ticket 49512 - Add ds-cockpit-setup to rpm spec file -- Ticket 49523 - Refactor CI test -- Ticket 49524 - Password policy: minimum token length fails when the token length is equal to attribute length -- Ticket 49517 - Cockpit UI - Add correct png files -- Ticket 49517 - Cockput UI - revise config layout -- Ticket 49523 - memberof: schema violation error message is confusing as memberof will likely repair target entry -- Ticket 49312 - Added a new test case for "-D configdir" -- Ticket 49512 - remove backup directories from cockpit source -- Ticket 49512 - Add initial Cockpit UI Plugin -- Ticket 49515 - cannot link, missing -fPIC -- Ticket 49474 - Improve GSSAPI testing capability -- Ticket 49493 - heap use after free in csn_as_string -- Ticket 49379 - Add Python 3 support to CI test -- Ticket 49431 - Add CI test case -- Ticket 49495 - cos stress test and improvements. -- Ticket 49495 - Fix memory management is vattr. -- Ticket 49494 - python 2 bytes mode. -- Ticket 49471 - heap-buffer-overflow in ss_unescape -- Ticket 48184 - close connections at shutdown cleanly. -- Ticket 49218 - Certmap - support TLS tests -- Ticket 49470 - overflow in pblock_get -- Ticket 49443 - Add CI test case -- Ticket 49484 - Minor cli tool fixes. -- Ticket 49486 - change ns stress core to use absolute int width. -- Ticket 49445 - Improve regression test to detect memory leak. -- Ticket 49445 - Memory leak in ldif2db -- Ticket 49485 - Typo in gccsec_defs -- Ticket 49479 - Remove unused 'batch' argument from lib389 -- Ticket 49480 - Improvements to support IPA install. -- Ticket 49474 - sasl allow mechs does not operate correctly -- Ticket 49449 - Load sysctl values on rpm upgrade. -- Ticket 49374 - Add CI test case -- Ticket 49325 - fix rust linking. -- Ticket 49475 - docker poc improvements. -- Ticket 49461 - Improve db2index handling for test 49290 -- Ticket 47536 - Add Python 3 support and move test case to suites -- Ticket 49444 - huaf in task.c during high load import -- Ticket 49460 - replica_write_ruv log a failure even when it succeeds -- Ticket 49298 - Ticket with test case and remove-ds.pl -- Ticket 49408 - Add a test case for nsds5ReplicaId checks -- Ticket 3 lib389 - python 3 support for subset of pwd cases -- Ticket 35 lib389 - dsconf automember support - -* Sat Jan 20 2018 Björn Esser - 1.4.0.3-1.2 -- Rebuilt for switch to libxcrypt - -* Thu Nov 30 2017 Pete Walter - 1.4.0.3-1.1 -- Rebuild for ICU 60.1 - -* Mon Nov 20 2017 Mark Reynolds - 1.4.0.3-1 -- Bump version to 1.4.0.3 -- Ticket 49457 - Fix spal_meminfo_get function prototype -- Ticket 49455 - Add tests to monitor test suit. -- Ticket 49448 - dynamic default pw scheme based on environment. -- Ticket 49298 - fix complier warn -- Ticket 49298 - Correct error codes with config restore. -- Ticket 49454 - SSL Client Authentication breaks in FIPS mode -- Ticket 49453 - passwd.py to use pwdhash defaults. -- Ticket 49427 - whitespace in fedse.c -- Ticket 49410 - opened connection can remain no longer poll, like hanging -- Ticket 48118 - fix compiler warning for incorrect return type -- Ticket 49451 - Add environment markers to lib389 dependencies -- Ticket 49325 - Proof of concept rust tqueue in sds -- Ticket 49443 - scope one searches in 1.3.7 give incorrect results -- Ticket 48118 - At startup, changelog can be erronously rebuilt after a normal shutdown -- Ticket 49412 - SIGSEV when setting invalid changelog config value -- Ticket 49441 - Import crashes - oneline fix -- Ticket 49377 - Incoming BER too large with TLS on plain port -- Ticket 49441 - Import crashes with large indexed binary attributes -- Ticket 49435 - Fix NS race condition on loaded test systems -- Ticket 77 - lib389 - Refactor docstrings in rST format - part 2 -- Ticket 17 - lib389 - dsremove support -- Ticket 3 - lib389 - python 3 compat for paged results test -- Ticket 3 - lib389 - Python 3 support for memberof plugin test suit -- Ticket 3 - lib389 - config test -- Ticket 3 - lib389 - python 3 support ds_logs tests -- Ticket 3 - lib389 - python 3 support for betxn test - -* Fri Nov 3 2017 Mark Reynolds - 1.4.0.2-2 -- Bump version to 1.4.0.2-2 -- Add python-lib389 build requirements - -* Fri Nov 3 2017 Mark Reynolds - 1.4.0.2-1 -- Bump version to 1.4.0.2-1 -- Ticket 48393 - fix copy and paste error -- Ticket 49439 - cleanallruv is not logging information -- Ticket 48393 - Improve replication config validation -- Ticket lib389 3 - Python 3 support for ACL test suite -- Ticket 103 - sysconfig not found -- Ticket 49436 - double free in COS in some conditions -- Ticket 48007 - CI test to test changelog trimming interval -- Ticket 49424 - Resolve csiphash alignment issues -- Ticket lib389 3 - Python 3 support for pwdPolicy_controls_test.py -- Ticket 3 - python 3 support - filter test -- Ticket 49434 - RPM build errors -- Ticket 49432 - filter optimise crash -- Ticket 49432 - Add complex fliter CI test -- Ticket 48894 - harden valueset_array_to_sorted_quick valueset access -- Ticket 49401 - Fix compiler incompatible-pointer-types warnings -- Ticket 48681 - Use of uninitialized value in string ne at /usr/bin/logconv.pl -- Ticket 49409 - Update lib389 requirements -- Ticket 49401 - improve valueset sorted performance on delete -- Ticket 49374 - server fails to start because maxdisksize is recognized incorrectly -- Ticket 49408 - Server allows to set any nsds5replicaid in the existing replica entry -- Ticket 49407 - status-dirsrv shows ellipsed lines -- Ticket 48681 - Use of uninitialized value in string ne at /usr/bin/logconv.pl -- Ticket 49386 - Memberof should be ignore MODRDN when the pre/post entry are identical -- Ticket 48006 - Missing warning for invalid replica backoff configuration -- Ticket 49064 - testcase hardening -- Ticket 49064 - RFE allow to enable MemberOf plugin in dedicated consumer -- Ticket lib389 3 - python 3 support -- Ticket 49402 - Adding a database entry with the same database name that was deleted hangs server at shutdown -- Ticket 48235 - remove memberof lock (cherry-pick error) -- Ticket 49394 - build warning -- Ticket 49381 - Refactor numerous suite docstrings - Part 2 -- Ticket 49394 - slapi_pblock_get may leave unchanged the provided variable -- Ticket 49403 - tidy ns logging -- Ticket 49381 - Refactor filter test suite docstrings -- Ticket 48235 - Remove memberOf global lock -- Ticket 103 - Make sysconfig where it is expected to exist -- Ticket 49400 - Add clang support to rpm builds -- Ticket 49381 - Refactor ACL test suite docstrings -- Ticket 49363 - Merge lib389 -- Ticket 101 - BaseException.message has been deprecated in Python3 -- Ticket 102 - referral support -- Ticket 99 - Fix typo in create_topology -- Ticket #98 - Fix dbscan output -- Ticket #77 - Fix changelogdb param issue -- Ticket #77 - Refactor docstrings in rST format - part 1 -- Ticket 96 - Change binaries' names -- Ticket 77 - Add sphinx documentation -- Ticket 43 - Add support for Referential Integrity plugin -- Ticket 45 - Add support for Rootdn Access Control plugin -- Ticket 46 - dsconf support for dynamic schema reload -- Ticket 74 - Advice users to set referint-update-delay to 0 -- Ticket 92 - display_attr() should return str not bytes in py3 -- Ticket 93 - Fix test cases in ctl_dbtasks_test.py -- Ticket 88 - python install and remove for tests -- Ticket 85 - Remove legacy replication attribute -- Ticket 91 - Fix replication topology -- Ticket 89 - Fix inconsistency with serverid -- Ticket 79 - Fix replica.py and add tests -- Ticket 86 - add build dir to gitignore -- Ticket 83 - Add an util for generating instance parameters -- Ticket 87 - Update accesslog regec for HR etimes -- Ticket 49 - Add support for whoami plugin -- Ticket 48 - Add support for USN plugin -- Ticket 78 - Add exists() method to DSLdapObject -- Ticket 31 - Allow complete removal of some memberOf attrs -- Ticket31 - Add memberOf fix-up task -- Ticket 67 - Add ensure_int function -- Ticket 59 - lib389 support for index management. -- Ticket 67 - get attr by type -- Ticket 70 - Improve repl tools -- Ticket 50 - typo in db2* in dsctl -- Ticket 31 - Add status command and SkipNested support for MemberOf -- Ticket 31 - Add functional tests for MemberOf plugin -- Ticket 66 - expand healthcheck for Directory Server -- Ticket 69 - add specfile requires -- Ticket 31 - Initial MemberOf plugin support -- Ticket 50 - Add db2* tasks to dsctl -- Ticket 65 - Add m2c2 topology -- Ticket 63 - part 2, agreement test -- Ticket 63 - lib389 python 3 fix -- Ticket 62 - dirsrv offline log -- Ticket 60 - add dsrc to dsconf and dsidm -- Ticket 32 - Add TLS external bind support for testing -- Ticket 27 - Fix get function in tests -- Ticket 28 - userAccount for older versions without nsmemberof -- Ticket 27 - Improve dseldif API -- Ticket 30 - Add initial support for account lock and unlock. -- Ticket 29 - fix incorrect format in tools -- Ticket 28 - Change default objectClasses for users and groups -- Ticket 1 - Fix missing dn / rdn on config. -- Ticket 27 - Add a module for working with dse.ldif file -- Ticket 1 - cn=config comparison -- Ticket 21 - Missing serverid in dirsrv_test due to incorrect allocation -- Ticket 26 - improve lib389 sasl support -- Ticket 24 - Join paths using os.path.join instead of string concatenation -- Ticket 25 - Fix RUV __repr__ function -- Ticket 23 - Use DirSrv.exists() instead of manually checking for instance's existence -- Ticket 1 - cn=config comparison -- Ticket 22 - Specify a basedn parameter for IDM modules -- Ticket 19 - missing readme.md in python3 -- Ticket 20 - Use the DN_DM constant instead of hard coding its value -- Ticket 19 - Missing file and improve make -- Ticket 14 - Remane dsadm to dsctl -- Ticket 16 - Reset InstScriptsEnabled argument during the init -- Ticket 14 - Remane dsadm to dsctl -- Ticket 13 - Add init function to create new domain entries -- Ticket 15 - Improve instance configuration ability -- Ticket 10 - Improve command line tool arguments -- Ticket 9 - Convert readme to MD -- Ticket 7 - Add pause and resume methods to topology fixtures -- Ticket 49172 - Allow lib389 to read system schema and instance -- Ticket 49172 - Allow lib389 to read system schema and instance -- Ticket 6 - Bump lib389 version 1.0.4 -- Ticket 5 - Fix container build on fedora -- Ticket 4 - Cert detection breaks some tests -- Ticket 49137 - Add sasl plain tests, lib389 support -- Ticket 2 - pytest mark with version relies on root -- Ticket 49126 - DIT management tool -- Ticket 49101 - Python 2 generate example entries -- Ticket 49103 - python 2 support for installer -- Ticket 47747 - Add topology_i2 and topology_i3 -- Ticket 49087 - lib389 resolve jenkins issues -- Ticket 48413 - Improvements to lib389 for rest -- Ticket 49083 - Support prefix for discovery of the defaults.inf file. -- Ticket 49055 - Fix debugging mode issue -- Ticket 49060 - Increase number of masters, hubs and consumers in topology -- Ticket 47747 - Add more topology fixtures -- Ticket 47840 - Add InstScriptsEnabled argument -- Ticket 47747 - Add topology fixtures module -- Ticket 48707 - Implement draft-wibrown-ldapssotoken-01 -- Ticket 49022 - Lib389, py3 installer cannot create entries in backend -- Ticket 49024 - Fix paths to the dbdir parent -- Ticket 49024 - Fix db_dir paths -- Ticket 49024 - Fix paths in tools module -- Ticket 48961 - Fix lib389 minor issues shown by 48961 test -- Ticket 49010 - Lib389 fails to start with systemctl changes -- Ticket 49007 - lib389 fixes for paths to use online values -- Ticket 49005 - Update lib389 to work in containers correctly. -- Ticket 48991 - Fix lib389 spec for python2 and python3 -- Ticket 48984 - Add lib389 paths module -- Ticket 48951 - dsadm dsconfig status and plugin -- Ticket 47957 - Update the replication "idle" status string -- Ticket 48951 - dsadm and dsconf base files -- Ticket 48952 - Restart command needs a sleep -- Ticket 48949 - Fix ups for style and correctness -- Ticket 48949 - added copying slapd-collations.conf -- Ticket 48949 - change default file path generation - use os.path.join -- Ticket 48949 - os.makedirs() exist_ok not python2 compatible, added try/except -- Ticket 48949 - configparser fallback not python2 compatible -- Ticket 48946 - openConnection should not fully popluate DirSrv object -- Ticket 48832 - Add DirSrvTools.getLocalhost() function -- Ticket 48382 - Fix serverCmd to get sbin dir properly -- Bug 1347760 - Information disclosure via repeated use of LDAP ADD operation, etc. -- Ticket 48937 - Cleanup valgrind wrapper script -- Ticket 48923 - Fix additional issue with serverCmd -- Ticket 48923 - serverCmd timeout not working as expected -- Ticket 48917 - Attribute presence -- Ticket 48911 - Plugin improvements for lib389 -- Ticket 48911 - Improve plugin support based on new mapped objects -- Ticket 48910 - Fixes for backend tests and lib389 reliability. -- Ticket 48860 - Add replication tools -- Ticket 48888 - Correction to create of dsldapobject -- Ticket 48886 - Fix NSS SSL library in lib389 -- Ticket 48885 - Fix spec file requires -- Ticket 48884 - Bugfixes for mapped object and new connections -- Ticket 48878 - better style for backend in backend_test.py -- Ticket 48878 - pep8 fixes part 2 -- Ticket 48878 - pep8 fixes and fix rpm to build -- Ticket 48853 - Prerelease installer -- Ticket 48820 - Begin to test compatability with py.test3, and the new orm -- Ticket 48434 - Fix for negative tz offsets -- Ticket 48857 - Remove python-krbV from lib389 -- Ticket 48820 - Fix tests to ensure they work with the new object types -- Ticket 48820 - Move Encryption and RSA to the new object types -- Ticket 48820 - Proof of concept of orm style mapping of configs and objects -- Ticket 48820 - Clitool rename -- Ticket 48431 - lib389 integrate ldclt -- Ticket 48434 - lib389 logging tools -- Ticket 48796 - add function to remove logs -- Ticket 48771 - lib389 - get ns-slapd version -- Ticket 48830 - Convert lib389 to ip route tools -- Ticket 48763 - backup should run regardless of existing backups. -- Ticket 48434 - lib389 logging tools -- Ticket 48798 - EL6 compat for lib389 tests for DH params -- Ticket 48798 - lib389 add ability to create nss ca and certificate -- Ticket 48433 - Aci linting tools -- Ticket 48791 - format args in server tools -- Ticket 48399 - Helper makefile is missing mkdir dist -- Ticket 48399 - Helper makefile is missing mkdir dist -- Ticket 48794 - lib389 build requires are on a single line -- Ticket 48660 - Add function to convert binary values in an entry to base64 -- Ticket 48764 - Fix mit krb password to be random. -- Ticket 48765 - Change default ports for standalone topology -- Ticket 48750 - Clean up logging to improve command experience -- Ticket 48751 - Improve lib389 ldapi support -- Ticket 48399 - Add helper makefile to lib389 to build and install -- Ticket 48661 - Agreement test suite fails at the test_changes case -- Ticket 48407 - Add test coverage module for lib389 repo -- Ticket 48357 - clitools should standarise their args -- Ticket 48560 - Make verbose handling consistent -- Ticket 48419 - getadminport() should not a be a static method -- Ticket 48408 - RFE escaped default suffix for tests -- Ticket 48401 - Revert typecheck -- Ticket 48401 - lib389 Entry hasAttr returs dict instead of false -- Ticket 48390 - RFE Improvements to lib389 monitor features for rest389 -- Ticket 48358 - Add new spec file -- Ticket 48371 - weaker host check on localhost.localdomain -- Ticket 58358 - Update spec file with pre-release versioning -- Ticket 48358 - Make Fedora packaging changes to the spec file -- Ticket 48358 - Prepare lib389 for Fedora Packaging -- Ticket 48364 - Fix test failures -- Ticket 48360 - Refactor the delete agreement function -- Ticket 48361 - Expand 389ds monitoring capabilities -- Ticket 48246 - Adding license/copyright to lib389 files -- Ticket 48340 - Add basic monitor support to lib389 https://fedorahosted.org/389/ticket/48340 -- Ticket 48353 - Add Replication REST support to lib389 -- Ticket 47840 - Fix regression -- Ticket 48343 - lib389 krb5 realm management https://fedorahosted.org/389/ticket/48343 -- Ticket 47840 - fix lib389 to use sbin scripts https://fedorahosted.org/389/ticket/47840 -- Ticket 48335 - Add SASL support to lib389 -- Ticket 48329 - Fix case-senstive scyheam comparisions -- Ticket 48303 - Fix lib389 broken tests -- Ticket 48329 - add matching rule functions to schema module -- Ticket 48324 - fix boolean capitalisation (one line) https://fedorahosted.org/389/ticket/48324 -- Ticket 48321 - Improve is_a_dn check to prevent mistakes with lib389 auth https://fedorahosted.org/389/ticket/48321 -- Ticket 48322 - Allow reindex function to reindex all attributes -- Ticket 48319 - Fix ldap.LDAPError exception processing -- Ticket 48318 - Do not delete a changelog while disabling a replication by suffix -- Ticket 48308 - Add __eq__ and __ne__ to Entry to allow fast comparison https://fedorahosted.org/389/ticket/48308 -- Ticket 48303 - Fix lib389 broken tests - backend_test -- Ticket 48309 - Fix lib389 lib imports -- Ticket 48303 - Fix lib389 broken tests - agreement_test -- Ticket 48303 - Fix lib389 broken tests - aci_parse_test -- Ticket 48301 - add tox support -- Ticket 48204 - update lib389 for python3 -- Ticket 48273 - Improve valgrind functions -- Ticket 48271 - Fix for self.prefix being none when SER_DEPLOYED_DIR is none https://fedorahosted.org/389/ticket/48271 -- Ticket 48259 - Add aci parsing utilities to lib389 -- Ticket 48252 - (lib389) adding get_bin_dir and dbscan -- Ticket 48247 - Change the default user to 'dirsrv' -- Ticket 47848 - Add new function to create ldif files -- Ticket 48239 - Fix for prefix allocation of un-initialised dirsrv objects -- Ticket 48237 - Add lib389 helper to enable and disable logging services. -- Ticket 48236 - Add get effective rights helper to lib389 -- Ticket 48238 - Add objectclass and attribute type query mechanisms -- Ticket 48029 - Add missing replication related functions -- Ticket 48028 - add valgrind wrapper for ns-slapd -- Ticket 48028 - lib389 - add valgrind functions -- Ticket 48022 - lib389 - Add all the server tasks -- Ticket 48023 - create function to test replication between servers -- Ticket 48020 - lib389 - need to reset args_instance with every DirSrv init -- Ticket 48000 - Repl agmts need more time to stop -- Ticket 48004 - Fix various issues -- Ticket 48000 - replica agreement pause/resume should have a short sleep -- Ticket 47990 - Add check for ".removed" instances when doing an upgrade -- Ticket 47990 - Add "upgrade" function to lib389 -- Ticket 47691 - using lib389 with RPMs -- Ticket 47848 - Add support for setuptools. -- Ticket 47855 - Add function to clear tmp directory -- Ticket 47851 - Need to retrieve tmp directory path -- Ticket 47845 - add stripcsn option to tombstone fixup task -- Ticket 47851 - Add function to retrieve dirsrvtests data directory -- Ticket 47845 - Add backup/restore/fixup tombstone tasks to lib389 -- Ticket 47819 - Add the new precise tombstone purging config attribute -- Ticket 47695 - Add plugins/tasks/Index -- Ticket 47648 - lib389 - add schema classes, methods -- Ticket 47671 - CI lib389: allow to open a DirSrv without having to create the instance -- Ticket 47600 - Replica/Agreement/Changelog not conform to the design -- Ticket 47652 - replica add fails: MT.list return a list not an entry -- Ticket 47635 - MT/Backend/Suffix to be conform with the design -- Ticket 47625 - CI lib389: DirSrv not conform to the design -- Ticket 47595 - fail to detect/reinit already existing instance/backup -- Ticket 47590 - CI tests: add/split functions around replication -- Ticket 47584 - CI tests: add backup/restore of an instance -- Ticket 47578 - CI tests: removal of 'sudo' and absolute path in lib389 -- Ticket 47568 - Rename DSAdmin class -- Ticket 47566 - Initial import of DSadmin into 389-test repos - -* Mon Oct 16 2017 Mark Reynolds - 1.4.0.1-2 -- Bump version to 1.4.0.1-2 -- Ticket 49400 - Add clang support and libatomic - -* Mon Oct 9 2017 Mark Reynolds - 1.4.0.1-1 -- Bump version to 1.4.0.1-1 -- Ticket 49038 - remove legacy replication - change cleanup script precedence -- Ticket 49392 - memavailable not available -- Ticket 49235 - pbkdf2 by default -- Ticket 49279 - remove dsktune -- Ticket 49372 - filter optimisation improvements for common queries -- Ticket 49320 - Activating already active role returns error 16 -- Ticket 49389 - unable to retrieve specific cosAttribute when subtree password policy is configured -- Ticket 49092 - Add CI test for schema-reload -- Ticket 49388 - repl-monitor - matches null string many times in regex -- Ticket 49387 - pbkdf2 settings were too aggressive -- Ticket 49385 - Fix coverity warnings -- Ticket 49305 - Need to wrap atomic calls -- Ticket 48973 - Indexing a ExactIA5Match attribute with a IgnoreIA5Match matching rule triggers a warning -- Ticket 49378 - server init fails -- Ticket 49305 - Need to wrap atomic calls -- Ticket 49180 - add CI test -- Ticket 49180 - errors log filled with attrlist_replace - attr_replace - -* Fri Sep 22 2017 Mark Reynolds - 1.4.0.0-1 -- Bump version to 1.4.0.0-1 - +%autochangelog diff --git a/389-ds-base.sysusers b/389-ds-base.sysusers new file mode 100644 index 0000000..32a3452 --- /dev/null +++ b/389-ds-base.sysusers @@ -0,0 +1,3 @@ +#Type Name ID GECOS Home directory Shell +g dirsrv 389 +u dirsrv 389:389 "user for 389-ds-base" /usr/share/dirsrv/ /sbin/nologin diff --git a/changelog b/changelog new file mode 100644 index 0000000..4500dfa --- /dev/null +++ b/changelog @@ -0,0 +1,513 @@ +* Tue May 14 2024 James Chapman - 3.1.0-1 +- Bump version to 3.1.0 +- Issue 6142 - Fix CI tests (#6161) +- Issue 6157 - Cockipt crashes when getting replication status if topology contains an old 389ds version (#6158) +- Issue 5105 - lmdb - Cannot create entries with long rdn - fix covscan (#6131) +- Issue 6086 - Ambiguous warning about SELinux in dscreate for non-root user +- Issue 6094 - Add coverity scan workflow +- Issue 5962 - Rearrange includes for 32-bit support logic +- Issue 6046 - Make dscreate to work during kickstart installations +- Issue 6073 - Improve error log when running out of memory (#6084) +- Issue 6071 - Instance creation/removal is slow +- Issue 6010 - 389 ds ignores nsslapd-maxdescriptors (#6027) +- Issue 6075 - Ignore build artifacts (#6076) +- Issue 6068 - Add dscontainer stop function + +* Mon Apr 15 2024 James Chapman - 3.0.2-1 +- Bump version to 3.0.2 +- Issue 6082 - Remove explicit dependencies toward libdb - revert default (#6145) +- Issue 6142 - [RFE] Add LMDB configuration related checks into Healthcheck tool (#6143) +- Issue 6141 - freeipa test_topology_TestCASpecificRUVs is failing (#6144) +- Issue 6136 - failure in freeipa tests (#6137) +- Issue 6119 - Synchronise accept_thread with slapd_daemon (#6120) +- Issue 6105 - lmdb - Cannot create entries with long rdn (#6130) +- Issue 6082 - Remove explicit dependencies toward libdb (#6083) +- Issue i6057 - Fix3 - Fix covscan issues (#6127) +- Issue 6057 - vlv search may result wrong result with lmdb - Fix 2 (#6121) +- Issue 6057 - vlv search may result wrong result with lmdb (#6091) +- Issue 6092 - passwordHistory is not updated with a pre-hashed password (#6093) +- Issue 6133 - Move slapi_pblock_set_flag_operation_notes() to slapi-plugin.h +- Issue 6125 - dscreate interactive fails when chosing mdb backend (#6126) +- Issue 6110 - Typo in Account Policy plugin message +- Issue 6080 - ns-slapd crash in referint_get_config (#6081) +- Issue 6117 - Fix the UTC offset print (#6118) +- Issue 5305 - OpenLDAP version autodetection doesn't work +- Issue 6112 - RFE - add new operation note for MFA authentications +- Issue 5842 - Add log buffering to audit log +- Issue 3527 - Support HAProxy and Instance on the same machine configuration (#6107) +- Issue 6103 - New connection timeout error breaks errormap (#6104) +- Issue 6096 - Improve connection timeout error logging (#6097) +- Issue 6067 - Improve dsidm CLI No Such Entry handling (#6079) +- Issue 6067 - Add hidden -v and -j options to each CLI subcommand (#6088) +- Issue 6061 - Certificate lifetime displayed as NaN + +* Wed Jan 31 2024 Pete Walter - 3.0.1-2 +- Rebuild for ICU 74 + +* Tue Jan 30 2024 Simon Pichugin - 3.0.1-1 +- Bump version to 3.0.1 +- Issue 6043, 6044 - Enhance Rust and JS bundling and add SPDX licenses for both (#6045) +- Issue 3555 - Remove audit-ci from dependencies (#6056) +- Issue 6052 - Paged results test sets hostname to `localhost` on test collection +- Issue 6051 - Drop unused pytest markers +- Issue 6049 - lmdb - changelog is wrongly recreated by reindex task (#6050) +- Issue 6047 - Add a check for tagged commits +- Issue 6041 - dscreate ds-root - accepts relative path (#6042) +- Switch default backend to lmdb and bump version to 3.0 (#6013) +- Issue 6032 - Replication broken after backup restore (#6035) +- Issue 6037 - Server crash at startup in vlvIndex_delete (#6038) +- Issue 6034 - Change replica_id from str to int +- Issue 6028 - vlv index keys inconsistencies (#6031) +- Issue 5989 - RFE support of inChain Matching Rule (#5990) +- Issue 6022 - lmdb inconsistency between vlv index and vlv cache names (#6026) +- Issue 6015 - Fix typo remeber (#6014) +- Issue 6016 - Pin upload/download artifacts action to v3 +- Issue 5939 - During an update, if the target entry is reverted in the entry cache, the server should not retry to lock it (#6007) +- Issue 4673 - Update Rust crates +- Issue 6004 - idletimeout may be ignored (#6005) +- Issue 5954 - Disable Transparent Huge Pages +- Issue 5997 - test_inactivty_and_expiration CI testcase is wrong (#5999) +- Issue 5993 - Fix several race condition around CI tests (#5996) +- Issue 5944 - Reversion of the entry cache should be limited to BETXN plugin failures (#5994) +- Bump openssl from 0.10.55 to 0.10.60 in /src (#5995) +- Issue 5980 - Improve instance startup failure handling (#5991) +- Issue 5976 - Fix freeipa install regression with lmdb (#5977) +- Issue 5984 - Crash when paged result search are abandoned - fix2 (#5987) +- Issue 5984 - Crash when paged result search are abandoned (#5985) +- Issue 5947 - CI test_vlv_recreation_reindex fails on LMDB (#5979) + +* Mon Jan 29 2024 Fedora Release Engineering - 2.4.5-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Mon Jan 22 2024 Fedora Release Engineering - 2.4.5-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Fri Jan 19 2024 Fedora Release Engineering - 2.4.5-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Thu Jan 18 2024 Fedora Release Engineering - 2.4.5-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Thu Jan 18 2024 Viktor Ashirov - 2.4.5-1 +- Bump version to 2.4.5 +- Issue 5989 - RFE support of inChain Matching Rule (#5990) +- Issue 5939 - During an update, if the target entry is reverted in the entry cache, the server should not retry to lock it (#6007) +- Issue 5944 - Reversion of the entry cache should be limited to BETXN plugin failures (#5994) +- Issue 5954 - Disable Transparent Huge Pages +- Issue 5984 - Crash when paged result search are abandoned - fix2 (#5987) +- Issue 5984 - Crash when paged result search are abandoned (#5985) + +* Wed Nov 15 2023 James Chapman - 2.4.4 +- Bump version to 2.4.4 +- Issue 5971 - CLI - Fix password prompt for repl status (#5972) +- Issue 5973 - Fix fedora cop RawHide builds (#5974) +- Revert "Issue 5761 - Worker thread dynamic management (#5796)" (#5970) +- Issue 5966 - CLI - Custom schema object is removed on a failed edit (#5967) +- Issue 5786 - Update permissions for Release workflow +- Issue 5960 - Subpackages should have more strict interdependencies +- Issue 3555 - UI - Fix audit issue with npm - babel/traverse (#5959) +- Issue 4843 - Fix dscreate create-template issue (#5950) +- bugfix for --passwd-file not working on latest version (#5934) +- Issue 5843 - dsconf / dscreate should be able to handle lmdb parameters (#5943) +- Bump postcss from 8.4.24 to 8.4.31 in /src/cockpit/389-console (#5945) +- Issue 5938 - Attribute Names changed to lowercase after adding the Attributes (#5940) +- issue 5924 - ASAN server build crash when looping opening/closing connections (#5926) +- Issue 1925 - Add a CI test (#5936) +- Issue 5732 - Localizing Cockpit's 389ds Plugin using CockpitPoPlugin (#5764) +- Issue 1870 - Add a CI test (#5929) +- Issue 843 - Add a warning to slapi_valueset_add_value_ext (#5925) +- Issue 5761 - Worker thread dynamic management (#5796) +- Issue 1802 - Improve ldclt man page (#5928) +- Issue 1456 - Add a CI test that verifies there is no issue (#5927) +- Issue 1317 - Add a CI test (#5923) +- Issue 1081 - CI - Add more tests for overwriting x-origin issue (#5815) +- Issue 1115 - Add a CI test (#5913) +- Issue 5848 - Fix condition and add a CI test (#5916) +- Issue 5848 - Fix condition and add a CI test (#5916) +- Issue 5914 - UI - server settings page validation improvements and db index fixes +- Issue 5909 - Multi listener hang with 20k connections (#5917) +- Issue 5902 - Fix previous commit regression (#5919) +- pass instance correctly to ds_is_older (#5903) +- Issue 5909 - Multi listener hang with 20k connections (#5910) +- Issue 5722 - improve testcase (#5904) +- Issue 5203 - outdated version in provided metadata for lib389 +- Bug Description: +- issue 5890 part 2 - Need a tester for testing multiple listening thread feature (#5897) +- Issue i5846 - Crash when lmdb import is aborted (#5881) +- Issue 5894 - lmdb import error fails with Could not store the entry (#5895) +- Issue 5890 - Need a tester for testing multiple listening thread feature (#5891) +- Issue 5082 - slugify: ModuleNotFoundError when running test cases +- Issue 4551 - Part 2 - Fix build warning of previous PR (#5888) +- Issue 5834 - AccountPolicyPlugin erroring for some users (#5866) +- Issue 5872 - part 2 - fix is_dbi regression (#5887) +- Issue 4758 - Add tests for WebUI +- Issue 5848 - dsconf should prevent setting the replicaID for hub and consumer roles (#5849) +- Issue 5883 - Remove connection mutex contention risk on autobind (#5886) +- Issue 5872 - `dbscan()` in lib389 can return bytes + +* Thu Aug 3 2023 Mark Reynolds - 2.4.3-1 +- Bump version to 2.4.3-1 +- Issue 5729 - Memory leak in factory_create_extension (#5814) +- Issue 5870 - ns-slapd crashes at startup if a backend has no suffix (#5871) +- Issue 5876 - CI Test random failure - Import (#5879) +- Issue 5877 - test_basic_ldapagent breaks test_setup_ds_as_non_root* tests +- Issue 5867 - lib389 should use filter for tarfile as recommended by PEP 706 (#5868) +- Issue 5853 - Update Cargo.lock and fix minor warning (#5854) +- Issue 5785 - CLI - arg completion is broken +- Issue 5864 - Server fails to start after reboot because it's unable to access nsslapd-rundir +- Issue 5856 - SyntaxWarning: invalid escape sequence '\,' +- Issue 5859 - dbscan fails with AttributeError: 'list' object has no attribute 'extends' +- Issue 3527 - UI - Add nsslapd-haproxy-trusted-ip to server setting (#5839) +- Issue 4551 - Paged search impacts performance (#5838) +- Issue 4758 - Add tests for WebUI +- Issue 4169 - UI - Fix retrochangelog and schema Typeaheads (#5837) +- issue 5833 - dsconf monitor backend fails on lmdb (#5835) +- Issue 3555 - UI - Fix audit issue with npm - stylelint (#5836) + +* Mon Jul 24 2023 Mark Reynolds - 2.4.2-5 +- Bump version to 2.4.2-5 +- Add the bash completion scripts to the appropriate files section + +* Wed Jul 19 2023 Fedora Release Engineering - 2.4.2-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + +* Tue Jul 11 2023 František Zatloukal - 2.4.2-3 +- Rebuilt for ICU 73.2 + +* Mon Jul 10 2023 Mark Reynolds - 2.4.2-2 +- Bump version to 2.4.2-2 +- Issue 5752 - RFE - Provide a history for LastLoginTime (#5807) += Issue 4719 - CI - Add dsconf add a PTA URL test + +* Fri Jul 7 2023 Mark Reynolds - 2.4.2-1 +- Bump version to 2.4.2 +- Issue 5793 - UI - fix suffix selection in export modal +- Issue 5793 - UI - Fix minor crashes (#5827) +- Issue 5825 - healthcheck - password storage scheme warning needs more info +- Issue 5822 - Allow empty export path for db2ldif +- Issue 5755 - Massive memory leaking on update operations (#5824) +- Issue 5701 - CI - Add more tests for referral mode fix (#5810) +- Issue 5551 - Almost empty and not loaded ns-slapd high cpu load +- Issue 5755 - The Massive memory leaking on update operations (#5803) +- Issue 2375 - CLI - Healthcheck - revise and add new checks +- Bump openssl from 0.10.52 to 0.10.55 in /src +- Issue 5793 - UI - movce from webpack to esbuild bundler +- Issue 5752 - CI - Add more tests for lastLoginHistorySize RFE (#5802) +- Issue 3527 - Fix HAProxy x390x compatibility and compiler warnings (#5801) +- Issue 5798 - CLI - Add multi-valued support to dsconf config (#5799) +- Issue 5781 - Bug handling return code of pre-extended operation plugin. +- Issue 5785 - move bash completion to post section of specfile +- Issue 5156 - (cont) RFE slapi_memberof reusing memberof values (#5744) +- Issue 4758 - Add tests for WebUI +- Issue 3527 - Add PROXY protocol support (#5762) +- Issue 5789 - Improve ds-replcheck error handling +- Issue 5786 - CLI - registers tools for bash completion +- Issue 5786 - Set minimal permissions on GitHub Workflows (#5787) +- Issue 5646 - Various memory leaks (#5725) +- Issue 5778 - UI - Remove error message if .dsrc is missing +- Issue 5751 - Cleanallruv task crashes on consumer (#5775) + +* Wed Jun 28 2023 Python Maint - 2.4.1-2 +- Rebuilt for Python 3.12 + +* Thu May 18 2023 Mark Reynolds - 2.4.1-1 +- Bump version to 2.4.1 +- Issue 5770 - RFE - Extend Password Adminstrators to allow skipping password info updates +- Issue 5768 - CLI/UI - cert checks are too strict, and other issues +- Issue 5722 - fix compilation warnings (#5771) +- Issue 5765 - Improve installer selinux handling +- Issue 152 - RFE - Add support for LDAP alias entries +- Issue 5052 - BUG - Custom filters prevented entry deletion (#5060) +- Issue 5752 - RFE - Provide a history for LastLoginTime (#5753) +- Issue 5722 - RFE When a filter contains 'nsrole', improve response time by rewriting the filter (#5723) +- Issue 5704 - crash in sync_refresh_initial_content (#5720) +- Issue 5738 - RFE - UI - Read/write replication monitor info to .dsrc file +- Issue 5156 - build warnings (#5758) +- Issue 5749 - RFE - Allow Account Policy Plugin to handle inactivity and expiration at the same time +- Issue 5743 - Disabling replica crashes the server (#5746) +- Issue 2562 - Copy config files into backup directory +- Issue 5156 - fix build breakage from slapi-memberof commit +- Issue 4758 - Add tests for WebUI + +* Tue Apr 25 2023 Mark Reynolds - 2.4.0-1 +- Bump version to 2.4.0 +- Issue 5156 - RFE that implement slapi_memberof (#5694) +- Issue 5734 - RFE - Exclude pwdFailureTime and ContextCSN (#5735) +- Issue 5726 - ns-slapd crashing in ldbm_back_upgradednformat (#5727) +- Issue 4758 - Add tests for WebUI +- Issue 5718 - Memory leak in connection table (#5719) +- Issue 5705 - Add config parameter to close client conns on failed bind (#5712) +- Issue 4758 - Add tests for WebUI +- Issue 5643 - Memory leak in entryrdn during delete (#5717) +- Issue 5714 - UI - fix typo, db settings, log settings, and LDAP editor paginations +- Issue 5701 - CLI - Fix referral mode setting (#5708) +- Bump openssl from 0.10.45 to 0.10.48 in /src (#5709) +- Issue 5710 - subtree search statistics for index lookup does not report ancestorid/entryrdn lookups (#5711) +- Issue 5697 - Obsolete nsslapd-ldapimaprootdn attribute (#5698) +- Issue 1081 - Stop schema replication from overwriting x-origin +- Issue 4812 - Listener thread does not scale with a high num of established connections (#5706) +- Issue 4812 - Listener thread does not scale with a high num of established connections (#5681) +- Bump webpack from 5.75.0 to 5.76.0 in /src/cockpit/389-console (#5699) +- Issue 5598 - (3rd) In 2.x, SRCH throughput drops by 10% because of handling of referral (#5692) +- Issue 5598 - (2nd) In 2.x, SRCH throughput drops by 10% because of handling of referral (#5691) +- Issue 5687 - UI - sensitive information disclosure +- Issue 5661 - LMDB hangs while Rebuilding the replication changelog RUV (#5676) +- Issue 5554 - Add more tests to security_basic_test suite +- Issue 4583 - Update specfile to skip checks of ASAN builds +- Issue 4758 - Add tests for WebUI +- Issue 3604 - UI - Add support for Subject Alternative Names in CSR +- Issue 5600 - buffer overflow when enabling sync repl plugin when dynamic plugins is enabled +- Issue 5640 - Update logconv for new logging format +- Issue 5162 - CI - fix error message for invalid pem file +- Issue 5598 - In 2.x, SRCH throughput drops by 10% because of handling of referral (#5604) +- Issue 5671 - covscan - clang warning (#5672) +- Issue 5267 - CI - Fix issues with nsslapd-return-original-entrydn +- Issue 5666 - CLI - Add timeout parameter for tasks +- Issue 5567 - CLI - make ldifgen use the same default ldif name for all options +- Issue 5647 - Fix unused variable warning from previous commit (#5670) +- Issue 5162 - Lib389 - verify certificate type before adding +- Issue 5642 - Build fails against setuptools 67.0.0 +- Issue 5630 - CLI - need to add logging filter for stdout +- Issue 5646 - CLI/UI - do not hardcode password storage schemes +- Issue 5640 - Update logconv for new logging format +- issue 5647 - covscan: memory leak in audit log when adding entries (#5650) +- Issue 5658 - CLI - unable to add attribute with matching rule +- Issue 5653 - covscan - fix invalid dereference +- Issue 5652 - Libasan crash in replication/cascading_test (#5659) +- Issue 5628 - Handle graceful timeout in CI tests (#5657) +- Issue 5648 - Covscan - Compiler warnings (#5651) +- Issue 5630 - CLI - error messages should goto stderr +- Issue 2435 - RFE - Raise IDL Scan Limit to INT_MAX (#5639) +- Issue 5632 - CLI - improve error handling with db2ldif +- Issue 5517 - Replication conflict CI test sometime fails (#5518) +- Issue 5634 - Deprecated warning related to github action workflow code (#5635) +- Issue 5637 - Covscan - fix Buffer Overflows (#5638) +- Issue 5624 - RFE - UI - export certificates, and import text base64 encoded certificates +- Bump tokio from 1.24.1 to 1.25.0 in /src (#5629) +- Issue 4577 - Add LMDB pytest github action (#5627) +- Issue 4293 - RFE - CLI - add dsrc options for setting user and group subtrees +- Remove stale libevent(-devel) dependency +- Issue 5578 - dscreate ds-root does not normaile paths (#5613) +- Issue 5497 - boolean attributes should be case insensitive + +* Fri Mar 31 2023 Viktor Ashirov - 2.3.2-3 +- Fix build issue against setuptools 67.0.0 (#2183375) + +* Tue Feb 28 2023 Simon Pichugin - 2.3.2-2 +- Use systemd-sysusers for dirsrv user and group (#2173834) + +* Mon Jan 23 2023 Mark Reynolds - 2.3.2-1 +- Bump version to 2.3.2 +- Issue 5547 - automember plugin improvements +- Issue 5607, 5351, 5611 - UI/CLI - fix various issues +- Issue 5610 - Build failure on Debian +- Issue 5608 - UI - need to replace some "const" with "let" +- Issue 5560 - dscreate run by non superuser set defaults requiring superuser privilege (#5579) +- Issue 3604 - Create a private key/CSR with dsconf/Cockpit (#5584) +- Issue 5605 - Adding a slapi_log_backtrace function in libslapd (#5606) +- Issue 5602 - UI - browser crash when trying to modify read-only variable +- Issue 5581 - UI - Support cockpit dark theme +- Issue 5593 - CLI - dsidm account subtree-status fails with TypeError +- Issue 5591 - BUG - Segfault in cl5configtrim with invalid confi (#5592) +- Fix latest npm audit failures +- Issue 5599 - CI - webui tests randomly fail +- Issue 5348 - RFE - CLI - add functionality to do bulk updates to entries +- Issue 5588 - Fix CI tests +- Issue 5585 - lib389 password policy DN handling is incorrect (#5587) +- Issue 5521 - UI - Update plugins for new split PAM and LDAP pass thru auth +- Bump json5 from 2.2.1 to 2.2.3 in /src/cockpit/389-console +- Issue 5236 - UI add specialized group edit modal +- Issue 5550 - dsconf monitor crashes with Error math domain error (#5553) +- Issue 5278 - CLI - dsidm asks for the old password on password reset +- Issue 5531 - CI - use universal_lines in capture_output +- Issue 5425 - CLI - add confirmation arg when deleting backend +- Issue 5558 - non-root instance fails to start on creation (#5559) +- Issue 5545 - A random crash in import over lmdb (#5546) +- Issue 3615 - CLI - prevent virtual attribute indexing +- Update specfile and rust crates +- Issue 5413 - Allow mutliple MemberOf fixup tasks with different bases/filters +- Issue 5554 - Add more tests to security_basic_test suite (#5555) +- Issue 5561 - Nightly tests are failing +- Issue 5521 - RFE - split pass through auth cli +- Issue 5521 - BUG - Pam PTA multiple issues +- Issue 5544 - Increase default task TTL +- Issue 5526 - RFE - Improve saslauthd migration options (#5528) +- Issue 5539 - Make logger's parameter name unified (#5540) +- Issue 5541 - Fix typo in `lib389.cli_conf.backend._get_backend` (#5542) +- Issue 3729 - (cont) RFE Extend log of operations statistics in access log (#5538) +- Issue 5534 - Fix a rebase typo (#5537) +- Issue 5534 - Add copyright text to the repository files + +* Wed Jan 18 2023 Fedora Release Engineering - 2.3.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + +* Sat Dec 31 2022 Pete Walter - 2.3.1-2 +- Rebuild for ICU 72 + +* Fri Nov 18 2022 Mark Reynolds - 2.3.1-1 +- Bump version to 2.3.1 +- Issue 5532 - Make db compaction TOD day more robust. +- Issue 3729 - RFE Extend log of operations statistics in access log (#5508) +- Issue 5529 - UI - Fix npm vulnerability in loader-utils +- Issue 5490 - tombstone in entryrdn index with lmdb but not with bdb (#5498) +- Issue 5162 - Fix dsctl tls ca-certfiicate add-cert arg requirement +- Issue 5510 - remove twalk_r dependency to build on RHEL8 (#5516) +- Issue 5162 - RFE - CLI allow adding CA certificate bundles +- Issue 5440 - memberof is slow on update/fixup if there are several 'groupattr' (#5455) +- Issue 5512 - BUG - skip pwdPolicyChecker OC in migration (#5513) +- Issue 3555 - UI - fix audit issue with npm loader-utils (#5514) +- Issue 5505 - Fix compiler warning (#5506) +- Issue 5469 - Increase the default value of nsslapd-conntablesize (#5472) +- Issue 5408 - lmdb import is slow (#5481) +- Issue 5429 - healthcheck - add checks for MemberOf group attrs being indexed +- Issue 5502 - RFE - Add option to display entry attributes in audit log +- Issue 5495 - BUG - Minor fix to dds skip, inconsistent attrs caused errors (#5501) +- Issue 5367 - RFE - store full DN in database record +- Issue 5495 - RFE - skip dds during migration. (#5496) +- Issue 5491 - UI - Add rework and finish jpegPhoto functionality (#5492) +- Issue 5368 - Retro Changelog trimming does not work (#5486) +- Issue 5487 - Fix various issues with logconv.pl +- Issue 5476 - RFE - add memberUid read aci by default (#5477) +- Issue 5482 - lib389 - Can not enable replication with a mixed case suffix +- Issue 5478 - Random crash in connection code during server shutdown (#5479) +- Issue 3061 - RFE - Add password policy debug log level +- Issue 5302 - Release tarballs don't contain cockpit webapp +- Issue 5262 - high contention in find_entry_internal_dn on mixed load (#5264) +- Issue 4324 - Revert recursive pthread mutex change (#5463) +- Issue 5462 - RFE - add missing default indexes (#5464) +- Issue 5465 - Fix dbscan linking (#5466) +- Issue 5271 - Serialization of pam_passthrough causing high etimes (#5272) +- Issue 5453 - UI/CLI - Changing Root DN breaks UI +- Issue 5446 - Fix some covscan issues (#5451) +- Issue 4308 - checking if an entry is a referral is expensive +- Issue 5447 - UI - add NDN max cache size to UI +- Issue 5443 - UI - disable save button while saving +- Issue 5413 - Allow only one MemberOf fixup task at a time +- Issue 4592 - dscreate error with custom dir_path (#5434) +- Issue 5158 - entryuuid fixup tasks fails in replicated topology (#5439) + +* Tue Sep 20 2022 Mark Reynolds - 2.3.0-2 +- Bump version to 2.3.0-2 +- Update old pcre-devel requirement to pcre2-devel + +* Thu Sep 1 2022 Mark Reynolds - 2.3.0-1 +- Bump version to 2.3.0 +- Issue 5012 - Migrate pcre to pcre2 - remove match limit +- Issue 5356 - Make Rust non-optional and update default password storage scheme +- Issue 5012 - Migrate pcre to pcre2 +- Issue 5428 - Fix regression with nscpEntryWsi computation +- Fix missing 'not' in description (closes #5423) (#5424) +- Issue 5421 - CI - makes replication/acceptance_test.py::test_modify_entry more robust (#5422) +- Issue 3903 - fix repl keep alive event interval +- Issue 5418 - Sync_repl may crash while managing invalid cookie (#5420) +- Issue 5415 - Hostname when set to localhost causing failures in other tests +- Issue 5412 - lib389 - do not set backend name to lowercase +- Issue 5407 - sync_repl crashes if enabled while dynamic plugin is enabled (#5411) +- Issue 5385 - LMDB - import crash in rdncache_add_elem (#5406) +- Issue 5403 - Memory leak in conntection table mulit list (#5404) +- Issue 3903 - keep alive update event starts too soon +- Issue 5397 - Fix various memory leaks +- Issue 5399 - UI - LDAP Editor is not updated when we switch instances (#5400) +- Issue 3903 - Supplier should do periodic updates +- Issue 5377 - Code cleanup: Fix Covscan invalid reference (#5393) +- Issue 5394 - configure doesn't check for lmdb and json-c +- Issue 5392 - dscreate fails when using alternative ports in the SELinux hi_reserved_port_t label range +- Issue 5386 - BUG - Update sudoers schema to correctly support UTF-8 (#5387) +- Issue 5388 - fix use-after-free and deadcode +- Issue 5383 - UI - Various fixes and RFE's for UI +- Issue 4656 - Remove problematic language from source code +- Issue 5380 - Separate cleanAllRUV code into new file +- Issue 5322 - optime & wtime on rejected connections is not properly set +- Issue 5335 - RFE - Add Security Audit Log +- Issue 5375 - CI - disable TLS hostname checking +- Issue 981 - Managed Entries betxnpreoperation - transaction not aborted on managed entry failure (#5369) +- Issue 5373 - dsidm user get_dn fails with search_ext() argument 1 must be str, not function +- Issue 5371 - Update npm and cargo packages +- Issue 3069 - Support ECDSA private keys for TLS (#5365) +- Issue 5290 - Importing certificate chain files via "import-server-key-cert" no longer works (#5293) + +* Mon Aug 01 2022 Frantisek Zatloukal - 2.2.2-3 +- Rebuilt for ICU 71.1 + +* Wed Jul 20 2022 Fedora Release Engineering - 2.2.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + +* Tue Jul 5 2022 Mark Reynolds - 2.2.2-1 +- Bump version to 2.2.2 +- Issue 5221 - fix covscan (#5359) +- Issue 5294 - Report Portal 5 is not processing an XML file with (#5358) +- Issue 5353 - CLI - dsconf backend export breaks with multiple backends +- Issue 5346 - New connection table fails with ASAN failures (#5350) +- Issue 5345 - BUG - openldap migration fails when ppolicy is active (#5347) +- Issue 5323 - BUG - improve skipping of monitor db (#5340) +- Issue 5329 - Improve replication extended op logging +- Issue 5343 - Various improvements to winsync +- Issue 4932 - CLI - add parser aliases to long arg names +- Issue 5332 - BUG - normalise filter as intended +- Issue 5327 - Validate test metadata +- Issue 4812 - Scalability with high number of connections (#5090) +- Issue 4348 - Add tests for dsidm +- Issue 5333 - 389-ds-base fails to build with Python 3.11 + +* Thu Jun 16 2022 Python Maint - 2.2.1-4 +- Rebuilt for Python 3.11 + +* Wed Jun 15 2022 Mark Reynolds - 2.2.1-3 +- Bump version to 2.2.1-3 +- Issue 5332 - BUG - normalise filter as intended +- Issue 5327 - Validate test metadata +- Issue 4348 - Add tests for dsidm +- Bump crossbeam-utils from 0.8.6 to 0.8.8 in /src +- Issue 5333 - 389-ds-base fails to build with Python 3.11 + +* Mon Jun 13 2022 Python Maint - 2.2.1-2 +- Rebuilt for Python 3.11 + +* Fri Jun 3 2022 Mark Reynolds - 2.2.1-1 +- Bump version to 2.2.1 +- Issue 5323 - BUG - Fix issue in mdb tests with monitor (#5326) +- Issue 5170 - BUG - incorrect behaviour of filter test (#5315) +- Issue 5324 - plugin acceptance test needs hardening +- Issue 5319 - dsctl_tls_test.py fails with openssl-3.x +- Issue 5323 - BUG - migrating database for monitoring interface lead to crash (#5321) +- Issue 5304 - Need a compatibility option about sub suffix handling (#5310) +- Issue 5313 - dbgen test uses deprecated -h HOST and -p PORT options for ldapmodify +- Issue 5311 - Missing Requires for acl in the spec file +- Issue 5305 - OpenLDAP version autodetection doesn't work +- Issue 5307 - VERSION_PREREL is not set correctly in CI builds +- Issue 5302 - Release tarballs don't contain cockpit webapp +- Issue 5170 - RFE - improve filter logging to assist debugging (#5301) +- Issue 5299 - jemalloc 5.3 released +- Issue 5175 - Remove stale zlib-devel dependency declaration (#5173) +- Issue 5294 - Report Portal 5 is not processing test results XML file +- Issue 5170 - BUG - ldapsubentries were incorrectly returned (#5285) +- Issue 5291 - Harden ReplicationManager.wait_for_replication (#5292) +- Issue 379 - RFE - Compress rotated logs (fix linker) +- Issue 379 - RFE - Compress rotated logs +- Issue 5281 - HIGH - basic test does not run +- Issue 5284 - Replication broken after password change (#5286) +- Issue 5279 - dscontainer: TypeError: unsupported operand type(s) for /: 'str' and 'int' +- Issue 5170 - RFE - Filter optimiser (#5171) +- Issue 5276 - CLI - improve task handling +- Issue 5126 - Memory leak in slapi_ldap_get_lderrno (#5153) +- Issue 3 - ansible-ds - Prefix handling fix (#5275) +- Issue 5273 - CLI - add arg completer for instance name +- Issue 2893 - CLI - dscreate - add options for setting up replication +- Issue 4866 - CLI - when enabling replication set changelog trimming by default +- Issue 5241 - UI - Add account locking missing functionality (#5251) +- Issue 5180 - snmp_collator tries to unlock NULL mutex (#5266) +- Issue 4904 - Fix various small issues +- lib389 prerequisite for ansible-ds (#5253) +- Issue 5260 - BUG - OpenLDAP allows multiple names of memberof overlay (#5261) +- Issue 5252 - During DEL, vlv search can erroneously return NULL candidate (#5256) +- Issue 5254 - dscreate create-template regression due to 5a3bdc336 (#5255) +- Issue 5210 - Python undefined names in lib389 +- Issue 5065 - Crash in suite plugins - test_dna_max_value (#5108) +- Issue 5247 - BUG - Missing attributes in samba schema (#5248) +- Issue 5242- Craft message may crash the server (#5243) +- Issue 4775 -plugin entryuuid failing (#5229) +- Issue 5239 - Nightly copr builds are broken +- Issue 5237 - audit-ci: Cannot convert undefined or null to object +- Issue 5234 - UI - rename Users and Groups tab +- Issue 5227 - UI - No way to move back to Get Started step (#5233) +- Issue 5217 - Simplify instance creation and administration by non root user (#5224) diff --git a/gating.yaml b/gating.yaml new file mode 100644 index 0000000..323fbd6 --- /dev/null +++ b/gating.yaml @@ -0,0 +1,15 @@ +--- !Policy +product_versions: + - fedora-* +decision_contexts: [bodhi_update_push_testing] +subject_type: koji_build +rules: + - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional} + +--- !Policy +product_versions: + - fedora-* +decision_contexts: [bodhi_update_push_stable] +subject_type: koji_build +rules: + - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional} diff --git a/jemalloc-5.3.0_throw_bad_alloc.patch b/jemalloc-5.3.0_throw_bad_alloc.patch new file mode 100644 index 0000000..94e4d36 --- /dev/null +++ b/jemalloc-5.3.0_throw_bad_alloc.patch @@ -0,0 +1,41 @@ +#commit 3de0c24859f4413bf03448249078169bb50bda0f +#Author: divanorama +#Date: Thu Sep 29 23:35:59 2022 +0200 +# +# Disable builtin malloc in tests +# +# With `--with-jemalloc-prefix=` and without `-fno-builtin` or `-O1` both clang and gcc may optimize out `malloc` calls +# whose result is unused. Comparing result to NULL also doesn't necessarily count as being used. +# +# This won't be a problem in most client programs as this only concerns really unused pointers, but in +# tests it's important to actually execute allocations. +# `-fno-builtin` should disable this optimization for both gcc and clang, and applying it only to tests code shouldn't hopefully be an issue. +# Another alternative is to force "use" of result but that'd require more changes and may miss some other optimization-related issues. +# +# This should resolve https://github.com/jemalloc/jemalloc/issues/2091 +# +#diff --git a/Makefile.in b/Makefile.in +#index 6809fb29..a964f07e 100644 +#--- a/Makefile.in +#+++ b/Makefile.in +#@@ -458,6 +458,8 @@ $(TESTS_OBJS): $(objroot)test/%.$(O): $(srcroot)test/%.c +# $(TESTS_CPP_OBJS): $(objroot)test/%.$(O): $(srcroot)test/%.cpp +# $(TESTS_OBJS): CPPFLAGS += -I$(srcroot)test/include -I$(objroot)test/include +# $(TESTS_CPP_OBJS): CPPFLAGS += -I$(srcroot)test/include -I$(objroot)test/include +#+$(TESTS_OBJS): CFLAGS += -fno-builtin +#+$(TESTS_CPP_OBJS): CPPFLAGS += -fno-builtin +# ifneq ($(IMPORTLIB),$(SO)) +# $(CPP_OBJS) $(C_SYM_OBJS) $(C_OBJS) $(C_JET_SYM_OBJS) $(C_JET_OBJS): CPPFLAGS += -DDLLEXPORT +# endif +diff --git a/src/jemalloc_cpp.cpp b/src/jemalloc_cpp.cpp +index fffd6aee..5a682991 100644 +--- a/src/jemalloc_cpp.cpp ++++ b/src/jemalloc_cpp.cpp +@@ -93,7 +93,7 @@ handleOOM(std::size_t size, bool nothrow) { + } + + if (ptr == nullptr && !nothrow) +- std::__throw_bad_alloc(); ++ throw std::bad_alloc(); + return ptr; + } diff --git a/main.fmf b/main.fmf new file mode 100644 index 0000000..76d16bf --- /dev/null +++ b/main.fmf @@ -0,0 +1,17 @@ +/plan: + summary: Basic test suite + discover: + how: fmf + execute: + how: tmt + prepare: + - name: install required packages + how: install + package: [389-ds-base, git, pytest] + - name: clone repo + how: shell + script: git clone https://github.com/389ds/389-ds-base /root/ds +/test: + /upstream_basic: + test: pytest -v /root/ds/dirsrvtests/tests/suites/basic/basic_test.py + duration: 30m diff --git a/sources b/sources index 56ab535..7004305 100644 --- a/sources +++ b/sources @@ -1,2 +1,3 @@ -SHA512 (389-ds-base-1.4.4.17.tar.bz2) = ee06ff24c7b0edaea25b286f195b44a70d000aee7ca6f8c4c4b2be9c5e357f000d7c9242863e54f3e01dc4600543c9c00e4d345dbf65539179a2428e94b3287e -SHA512 (jemalloc-5.2.1.tar.bz2) = 0bbb77564d767cef0c6fe1b97b705d368ddb360d55596945aea8c3ba5889fbce10479d85ad492c91d987caacdbbdccc706aa3688e321460069f00c05814fae02 +SHA512 (jemalloc-5.3.0.tar.bz2) = 22907bb052096e2caffb6e4e23548aecc5cc9283dce476896a2b1127eee64170e3562fa2e7db9571298814a7a2c7df6e8d1fbe152bd3f3b0c1abec22a2de34b1 +SHA512 (libdb-5.3.28-59.tar.bz2) = 731a434fa2e6487ebb05c458b0437456eb9f7991284beb08cb3e21931e23bdeddddbc95bfabe3a2f9f029fe69cd33a2d4f0f5ce6a9811e9c3b940cb6fde4bf79 +SHA512 (389-ds-base-3.2.0.tar.bz2) = 9ff6aa56b30863c619f4f324344dca72cc883236bfe8d94520e8469d9e306f54b373ee2504eda18dcb0ecda33f915a3e64a6f3cdaa93a69b74d901caa48545e1 diff --git a/tests/tests.yml b/tests/tests.yml deleted file mode 100644 index 4643f2f..0000000 --- a/tests/tests.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -- hosts: localhost - remote_user: root - vars: - ds_repo_url: https://pagure.io/389-ds-base.git - ds_repo_dir: ds - ds_tests: "{{ ds_repo_dir }}/dirsrvtests/tests" - pytest: py.test-3 - pytest_args: "-v --continue-on-collection-errors" - pytest_tests: "suites/basic" - artifacts: ./artifacts - roles: - - role: standard-test-basic - tags: - - classic - repositories: - - repo: "{{ ds_repo_url }}" - dest: "{{ ds_repo_dir }}" - tests: - - basic: - dir: "{{ ds_tests }}" - run: "{{ pytest }} {{ pytest_args }} {{ pytest_tests }}" - required_packages: - - python3-pytest - - 389-ds-base - - 389-ds-base-snmp - - 389-ds-base-legacy-tools